[Arm-dev] testing updated kernels - feedback wanted !

Fabian Arrotin arrfab at centos.org
Mon Jan 25 16:29:16 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

With the recent CVE-2016-0728, I was quickly having a look at updating
the different kernels we ship through the official images.
Actually we only have two kernels :
- - what I'd call the "generic" one (that can be used on multiple boards
directly, and following the Fedora upstream kernel)
- - the raspberrypi2 variant (built from sources located at
https://github.com/raspberrypi/linux)

I've built (and tested locally those myself) the following updated
kernels (including patches for CVE-2016-0728) :
- - kernel-4.3.3-200.el7.armv7hl.rpm (updating
kernel-4.2.3-200.el7.armv7hl.rpm)
- - raspberrypi2-kernel-4.1.16-v7+.1.20160125gitab2b2e0.el7.armv7hl.rpm
(for rpi2, obviously, updating
raspberrypi2-kernel-4.1.11-v7+.1.20151021git4047fe2.el7.armv7hl.rpm)

One important thing is that actually we still lack an automatic update
process, something I'd like to work (with you ?) in the following
days/weeks.
But you can already test the updated/unsigned kernels (feedback wanted !)

- - create the /etc/yum.repos.d/ .repo file pointing to corresponding
repo, depending on your board :
  - http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/
  - http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
as an example, here is how it would look like :

[kernel-generic]
name=armhfp kernel generic
baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-generic/
gpgcheck=0
enabled=1

or

[kernel-rpi2]
name=armhfp rpi2 kernel
baseurl=http://dev.centos.org/centos/7/kernel/armhfp/kernel-rpi2/
gpgcheck=0
enabled=1

- - now "yum clean all ; yum update"

- - as the current call to "/bin/kernel-install add" (from systemd
shipped with CentOS 7) doesn't cover - in the whole chain- armhfp, one
then needs to build the initramfs + modify boot config

  rpi2 :
   - dracut /boot/initramfs-4.1.16-v7+.1.20160125gitab2b2e0.el7.img
4.1.16-v7+.1.20160125gitab2b2e0.el7
   - systemctl reboot

  generic :
   - dracut /boot/initramfs-4.3.3-200.el7.armv7hl.img
4.3.3-200.el7.armv7hl
   - edit /boot/extlinux.conf to modify the kernel/initrd
   - systemctl reboot

Thanks for the testers, and after we can edit the wiki page, and start
working on a script that would automate all that.

Cheers,
- -- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlamTVwACgkQnVkHo1a+xU60wwCeNi/0UdslauJp0w3DB9tEqkZp
BJ4An1G0YthIhoOKUqly8ndb6aMNCtNe
=31Zc
-----END PGP SIGNATURE-----

More information about the Arm-dev mailing list