On 1/14/22 08:30, Johnny Hughes wrote: > On 1/14/22 07:57, Gionatan Danti wrote: >> Il 2022-01-14 13:17 Josh Boyer ha scritto: >>> RHEL's kernel live patching uses upstream open source kpatch. The >>> sources to the kpatches are delivered in customer facing CDN repos at >>> the same time as the kpatch itself. We do not use proprietary code to >>> produce or apply the kpatches. >>> >>> I can only speculate on whether RHEL kpatches would work on a CentOS >>> kernel, but my assumption is that they would not due to how they are >>> signed. >> >> Is (well, was) the CentOS kernel identical at binary level to the RHEL >> one? >> If so, the same kpatch should be applicable to both RHEL and CentOS >> (the old one). >> >> But I seem to understand that the two kernels are *not* bytewise >> identical, so a binary kpatch can not be applied the CentOS. Is this >> true? >> >> Anyway, RH kpatches are surely not compatible with CentOS stream. So I >> asked if some project was started to provide live kernel patching to >> the new CentOS project. If I don't miss something, this is not the case. >> >> Regards. >> > > No .. none of the CentOS Kernels were EVER binary compatible with any > RHEL kernel. > > CentOS Linux has always been (now also including CentOS Stream 8 and 9) > a completely separate 'closed' build system. > > We use the SAME source code to build things, modified to remove > branding. But CentOS has NEVER been (nor is any other rebuild > distribution now) Binary Compatible. > > Want to see how .. just extract two rpms with the same name from two > different distributions into separate directories and run a sha256sum on > all the files in the different directories with find command. Some > files may be identical (most text files that are copied), others will > not be. > > It is virtually impossible for all produced packages to be 'binary > compatible' UNLESS they are built with exact the same files (not files > BUILT fromt he same sources .. the exact same files) in the build root > AND with exactly the same software doing the building. Any group that > claims 'binary compatibility' is either lying or they do not understand > compiling and linking. > > CentOS never had that. Neither does any rebuild. > > This is why the CentOS Project 'CHANGED' our term from binary compatible > to 'Functionally Compatible' a long time ago. (Using same source code, > we produce DIFFERENT software .. that works the same way but has > different SHASUM values. Don't be fooled by key words like 'binary > compatible' .. check it out for yourself. > > If you build kpatches to kernels, to make them work you need to build > the kpatch for the specific kernel (CentOS would need to build against > CentOS kernels, etc). Also, there are the certificate signing issues > and keys that you would need to take into account. You need to have the > CA Trust to be able to create signatures that the system will allow. > _______________________________________________ As a bit of a helper .. we used to use this script to find differences: https://vault.centos.org/4.9/build/distro/tmverifyrpms Way back in the CentOS Linux 4 days.