How-to apply kernel upgrades for security fixes

Post Reply
DidierSpaier
Posts: 518
Joined: 20. Jun 2016, 20:15

How-to apply kernel upgrades for security fixes

Post by DidierSpaier »

The Linux kernel packages are sometimes upgraded for Slackware version 14.2 to provide security fixes.

This last happened on Wed Feb 7 04:28:48 UTC 2018as announced in this ChangeLog

Slint version 14.2 onward should be upgraded accordingly, but kernel packages are blacklisted in /etc/slapt-get/slapt-getrc. For this reason you will know that an upgrade is available as gslapt or slapt-get --upgrade will mention these packages as EXCLUDED.

Here are instructions for upgrading. Type all commands in a terminal as root:
  • Update the packages database, then make a regular upgrade:

    Code: Select all

    slapt-get -u
    slapt-get --upgrade
    
    The upgrade command will also list the blacklisted kernel-* packages. If you didn't remove any package, the list will be like this for Slint64-14.2 or Slint64-14.2.1 (64-bit):

    Code: Select all

    kernel-firmware kernel-generic kernel-modules kernel-huge kernel-headers kernel-source
    And like that for Slint-14.2 (32-bit):

    Code: Select all

    kernel-firmware kernel-generic-smp kernel-generic kernel-huge kernel-headers kernel-modules kernel-huge-smp kernel-modules-smp kernel-source
  • If that seems OK upgrade all these packages with this command:

    Code: Select all

    slapt-get -i <list>
    where <list> is the list of packages to be upgraded like: kernel-firmware kernel-generic kernel-modules ...
  • If you are using a generic kernel with an initrd you should now rebuild the initrd. If it is not named /boot/initrd.gz, /boot/initrd.gz should be a symlink to it.
  • Check that /boot/vmlinuz be a symbolic link to the kernel you want to use.
  • Then, you must upgrade your bootloader, else Slint won't boot anymore! So do this:
    • lilo users, be sure that the correct kernel and initrd be referred to in lilo.conf, then check the output of this command:

      Code: Select all

      lilo -t -v #  then if all goes well:
      lilo
    • elilo users, to copy the kernel and case occurring the initrd to the EFI System Partition type:

      Code: Select all

      eliloconfig
  • After a successful reboot you can remove the old packages.
User avatar
laprjns
Salix Warrior
Posts: 1105
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Re: How-to apply kernel upgrades for security fixes

Post by laprjns »

Just realized this in the last week or so. In addition to copying the kernel and initrd over the ESP partitions, eliloconfig also writes a new elilo.conf to the ESP. If there has been any customization of the this file, like using persistant block device naming (ex. root=UUID=1b671a64-40d5-491e-99b0-da01ff1f3341) they will be overwritten. Instead of running eliloconfig, I now just copy the new kernel (and initrd if i use one) over to the ESP.

Code: Select all

$sudo  cp /boot/vmlinuz /boot/efi/EFI/Slint
This is of coourse also applicable to Salix and Slackware.
“Don’t you see that the whole aim of Newspeak is to narrow the range of thought?"
DidierSpaier
Posts: 518
Joined: 20. Jun 2016, 20:15

Re: How-to apply kernel upgrades for security fixes

Post by DidierSpaier »

Just wondering: wouldn't it be better to use grubconfig (possibly enhanced) in future versions? What do you think?

I am also considering installing (instead of upgrading) the new kernel, as do other distributions like Debian.

However this would also stand in Slint for kernel-source, which is huge...
djemos
Salix Warrior
Posts: 1433
Joined: 29. Dec 2009, 13:45
Location: Greece

Re: How-to apply kernel upgrades for security fixes

Post by djemos »

Even if e(lilo) exists in Slackel installation script and front gui, i use grub as default. Grub finds any operating system appears on machine, include initrd and add all these in uefi also. Grubconfig is very good tool. I think it is time slackware also use only grub as default boot manager.
As for upgrading the new kernel i also have this thought in mind to make a tool to install the new kernel so always system will be bootable using the old kernel.
DidierSpaier
Posts: 518
Joined: 20. Jun 2016, 20:15

Re: How-to apply kernel upgrades for security fixes

Post by DidierSpaier »

djemos wrote: 15. Apr 2018, 16:03 Even if e(lilo) exists in Slackel installation script and front gui, i use grub as default. Grub finds any operating system appears on machine, include initrd and add all these in uefi also. Grubconfig is very good tool. I think it is time slackware also use only grub as default boot manager.
As for upgrading the new kernel i also have this thought in mind to make a tool to install the new kernel so always system will be bootable using the old kernel.
I agree, my friend!
https://www.linuxquestions.org/question ... ost5841977
https://www.linuxquestions.org/question ... ost5842665
https://www.linuxquestions.org/question ... ost5842671
User avatar
laprjns
Salix Warrior
Posts: 1105
Joined: 28. Aug 2009, 01:30
Location: Connecticut USA

Re: How-to apply kernel upgrades for security fixes

Post by laprjns »

DidierSpaier wrote: 14. Apr 2018, 16:38 Just wondering: wouldn't it be better to use grubconfig (possibly enhanced) in future versions? What do you think?
By grubconfig I assume you mean moving to GRUB2 and using grubconfig to configure it.

If one wants to multiboot, especially when multibooting with Windows, then yes in my opinion grub2 is a better choice than elilo/lilo. I would think that adding gurb2 as an option at installation would be good. I suspect that the hardcore Slackware users and those not looking to multiboot would preferred elilo/lilo and therefore I think they should be kept as the default.

I have been using grub2 for the last few days and it works* without problems and does detect and boots all the operating systems on my computers, including Windows 10, however I really don't understand what functionality that grubconfig brings to it. Both grubconfig and grub-mkconfig produce that exact same grub.cfg file on the initial runs of each. I think, but I am not certain that for updating grub, grubconfig appends existing grub.cfg file where grub-mkconfig overwrites the file. I find this as an advantage for grubconfig since any manual changes to the grub.cfg file will be lost when updating using grub-mkconfig. However I don't thing it justifies a complete separate script.

After playing with grub over the last few days, I feel that my current setup using rEFInd as my boot manager works best for me, so I would continue to choose elilo for Salix/Slint/Slackware installs.

*this referes to the grub package in the Slint repo. I was not able to get the Salix package to work as installed. The boot loader, grubx64.efi, that is installed in EFI/Salix-Xfce-14.2/ fails before it gets to loading the grub menu.
DidierSpaier wrote: 14. Apr 2018, 16:38 I am also considering installing (instead of upgrading) the new kernel, as do other distributions like Debian.

However this would also stand in Slint for kernel-source, which is huge...
I don't roll my own kernels nor do I use anything but the default kernel-huge so I never really had a boot problem when updating kernels. On occasion I have forgotten to copy over the kernel to the ESP or installing the new kernel modules, which does result in a failed reboot but in these instances, I don't think having the old kernel around would have save me any time to correct these problems.
“Don’t you see that the whole aim of Newspeak is to narrow the range of thought?"
djemos
Salix Warrior
Posts: 1433
Joined: 29. Dec 2009, 13:45
Location: Greece

Re: How-to apply kernel upgrades for security fixes

Post by djemos »

laprjns wrote: I am not certain that for updating grub, grubconfig appends existing grub.cfg file where grub-mkconfig overwrites the file.
grubconfig in the end run update-grub which run this line "grub-mkconfig -o /boot/grub/grub.cfg "$@"
So update-grub overwrites old grub.cfg file. Do the same work. As, for the new users, i found grubconfig more easy to use, running just one script to boot any existing OS in user machine. This is the functionality that grubconfig brings, easy to use, to create grub.cfg for users.
Of course this is my opinion and other users will prefer e(lilo) or other boot manager.
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: How-to apply kernel upgrades for security fixes

Post by mimosa »

The trouble with grub is it tends to create lots of junk entries. Less experienced users (and I feel this is the group we should feel especially concerned about) won't know how to tidy it up, and will be most inclined to dislike the clutter. For those who wish to multi-boot, I think the better path is (e)lilo, which will get them booting into Salix, and then they can tweak other boot options. For EFI the best option for that in my view is rEFInd. For legacy BIOS users, I'm not sure how well lilosetup works these days, and I can't easily test it myself. I wonder how many such users will be left by the next release?
Post Reply