[Pkg-ltsp-devel] Bug#771470: ltsp-client-core: Kernel version sorting may result in booting obsolete kernel
Vagrant Cascadian
vagrant at debian.org
Sat Nov 29 22:29:56 UTC 2014
Package: ltsp-client-core
Version: 5.5.4-1
Severity: serious
Tags: patch
When upgrading an LTSP environment from Wheezy, LTSP's kernel sorting
rules generate a pxelinux.cfg/ltsp file that defaults to the -486
Wheezy kernel variant, instead of the -586 variant present in Jessie.
This results in clients booting an old kernel and quite possibly
missing security updates.
Additionally, if the configures IFCPU64=true in
/etc/ltsp/update-kernels.conf which should set up pxelinux entries to
boot the appropriate kernel based 32-bit, PAE or 64-bit machines, the
rules always pick the lowest common denominator for all the kernels
(and adding insult to injury, the lowest possible version).
I plan to upload a fixed version shortly...
The following patches were committed upstream, and should resolve this
issue:
From: Alkis Georgopoulos <alkisg at gmail.com>
Date: Sat, 29 Nov 2014 17:51:04 +0200
Subject: [PATCH 15/17] Correctly sort kernel FLAVOR in increasing order and
VERSION in decreasing.
---
client/Debian/etc/ltsp/update-kernels.conf | 2 +-
client/Debian/share/ltsp/cleanup.d/50-vmlinuz | 2 +-
client/Ubuntu/etc/ltsp/update-kernels.conf | 2 +-
client/share/ltsp/update-kernels | 4 ++--
server/ltsp-update-kernels | 2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/client/Debian/etc/ltsp/update-kernels.conf b/client/Debian/etc/ltsp/update-kernels.conf
index b22e0a6..97131b5 100644
--- a/client/Debian/etc/ltsp/update-kernels.conf
+++ b/client/Debian/etc/ltsp/update-kernels.conf
@@ -28,7 +28,7 @@ CMDLINE_NBD="root=/dev/nbd0"
CMDLINE_AOE="root=/dev/etherd/e0.0"
# A sed expression that matches all kernels and returns $FILE $NAME $VERSION $FLAVOR
-# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3
+# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV
KERNEL_NAMES='s/\(vmlinu[xz]-\)\([^-]*-[^-]*-\)\(.*\)/& \1 \2 \3/p'
# A sed expression that maps from a kernel name to an initrd name
diff --git a/client/Debian/share/ltsp/cleanup.d/50-vmlinuz b/client/Debian/share/ltsp/cleanup.d/50-vmlinuz
index 3a88d30..82fb818 100644
--- a/client/Debian/share/ltsp/cleanup.d/50-vmlinuz
+++ b/client/Debian/share/ltsp/cleanup.d/50-vmlinuz
@@ -14,7 +14,7 @@ INITRD_NAME=${INITRD_NAME:-'s/vmlinu[xz]/initrd.img/p'}
read file name version flavor <<EOF
$(find "/boot/" -mindepth 1 -maxdepth 1 -type f -printf "%f\n" |
- sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3)
+ sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV)
EOF
initrd=$(echo "$file" | sed -n "$INITRD_NAME")
diff --git a/client/Ubuntu/etc/ltsp/update-kernels.conf b/client/Ubuntu/etc/ltsp/update-kernels.conf
index 059cd68..6e3d2f8 100644
--- a/client/Ubuntu/etc/ltsp/update-kernels.conf
+++ b/client/Ubuntu/etc/ltsp/update-kernels.conf
@@ -28,7 +28,7 @@ CMDLINE_NBD="root=/dev/nbd0"
CMDLINE_AOE="root=/dev/etherd/e0.0"
# A sed expression that matches all kernels and returns $FILE $NAME $VERSION $FLAVOR
-# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3
+# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV
KERNEL_NAMES='s/\(vmlinu[xz]-\)\([^-]*-[^-]*-\)\(.*\)/& \1 \2 \3/p'
# A sed expression that maps from a kernel name to an initrd name
diff --git a/client/share/ltsp/update-kernels b/client/share/ltsp/update-kernels
index 61e7eae..96310fb 100755
--- a/client/share/ltsp/update-kernels
+++ b/client/share/ltsp/update-kernels
@@ -67,7 +67,7 @@ kernel_split() {
;;
esac
done
- done | sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3
+ done | sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV
eval "$orig_flags"
}
@@ -102,7 +102,7 @@ cmdline_method_default=$(eval echo '$CMDLINE_'$boot_method_default)
BOOTPROMPT_OPTS="$CMDLINE_LINUX_DEFAULTS $cmdline_method_default"
# A sed expression that matches all kernels and returns $FILE $NAME $VERSION $FLAVOR
-# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3
+# Example: ls /boot | sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV
KERNEL_NAMES=${KERNEL_NAMES:-'s/\(vmlinu[xz]-\)\([^-]*-[^-]*-\)\(.*\)/& \1 \2 \3/p'}
if [ -f /usr/lib/yaboot/yaboot ]; then
diff --git a/server/ltsp-update-kernels b/server/ltsp-update-kernels
index 4a71b2b..3e08149 100755
--- a/server/ltsp-update-kernels
+++ b/server/ltsp-update-kernels
@@ -151,7 +151,7 @@ link_kernel_flavors() {
last_flavor=
find "$tftpname" -mindepth 1 -maxdepth 1 -type f -printf "%f\n" \
- | sed -n "$KERNEL_NAMES" | sort -V -k 4,4 | sort -r -k 3,3 \
+ | sed -n "$KERNEL_NAMES" | sort -k 4,4V -k 3,3rV \
| while read file name version flavor; do
if [ "$flavor" != "$last_flavor" ]; then
initrd=$(echo "$file" | sed -n "$INITRD_NAME")
--
2.1.3
From: Vagrant Cascadian <vagrant at debian.org>
Date: Sat, 29 Nov 2014 10:57:26 -0800
Subject: [PATCH 16/17] update-kernels: Fix issues with kernel version variant
sorting by first looping on the preferred variants, and using the keyword
"ALL" instead of "*" to avoid shell globbing issues.
---
client/share/ltsp/update-kernels | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/client/share/ltsp/update-kernels b/client/share/ltsp/update-kernels
index 96310fb..5e079be 100755
--- a/client/share/ltsp/update-kernels
+++ b/client/share/ltsp/update-kernels
@@ -59,6 +59,9 @@ kernel_split() {
set -f
for kernel in $(find "/boot/" -type f -name "$KERNEL_PREFIX$KERNEL_SUFFIX" -printf "%f\n"); do
# Validate the "arch"
+ if [ "${LIST_KERNELS}" = "ALL" ]; then
+ LIST_KERNELS="*"
+ fi
for arch in ${LIST_KERNELS:-*}; do
case "$kernel" in
$KERNEL_PREFIX$arch$KERNEL_SUFFIX)
@@ -73,7 +76,9 @@ kernel_split() {
}
kernel_versions(){
- kernel_split | awk '{print $3$4}'
+ for arch in ${LIST_KERNELS:-"ALL"} ; do
+ LIST_KERNELS="$arch" kernel_split | awk '{print $3$4}'
+ done
}
kernel_variants(){
@@ -205,7 +210,7 @@ EOF
pxelinux_include_files="$pxelinux_include_files ltsp-$method"
# Get the preferred default kernel, preferred 32-bit kernel, or any
# kernel.
- version=$(LIST_KERNELS="$LIST_KERNELS_DEFAULT $LIST_KERNELS_32 *" kernel_versions | head -n 1)
+ version=$(LIST_KERNELS="$LIST_KERNELS_DEFAULT $LIST_KERNELS_32 ALL" kernel_versions | head -n 1)
cat > $PXECFG/ltsp-$method <<EOF
# This file is regenerated when update-kernels runs.
# Do not edit, see /etc/ltsp/update-kernels.conf instead.
@@ -250,7 +255,7 @@ EOF
32) list_kernels="$LIST_KERNELS_32" ;;
esac
# only return the newest kernel of appropriate type.
- version=$(LIST_KERNELS="$list_kernels *" kernel_versions | head -n 1)
+ version=$(LIST_KERNELS="$list_kernels ALL" kernel_versions | head -n 1)
cat >> $PXECFG/ltsp-ifcpu64-$method <<EOF
label ltsp-$method-$type
@@ -313,7 +318,7 @@ if [ "$(detect_arch)" = "armhf" ] || [ "$(detect_arch)" = "armel" ]; then
if which mkimage >/dev/null; then
# Generate a boot script for use with versions of u-boot
# supporting bootz.
- version=$(LIST_KERNELS="$LIST_KERNELS_DEFAULT $LIST_KERNELS_ARM *" kernel_versions | head -n 1)
+ version=$(LIST_KERNELS="$LIST_KERNELS_DEFAULT $LIST_KERNELS_ARM ALL" kernel_versions | head -n 1)
kernel_file="/ltsp/${CHROOT_NAME}/vmlinuz-${version}"
initrd_file="/ltsp/${CHROOT_NAME}/initrd.img-${version}"
fdt_dir="/ltsp/${CHROOT_NAME}/dtbs-${version}/"
--
2.1.3
From: Vagrant Cascadian <vagrant at debian.org>
Date: Sat, 29 Nov 2014 11:08:02 -0800
Subject: [PATCH 17/17] Debian: update-kernels.conf: Prefer 586 over 486 in for
32 bit systems, as 486 is no longer shipped in Jessie.
---
client/Debian/etc/ltsp/update-kernels.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: ltsp/client/Debian/etc/ltsp/update-kernels.conf
===================================================================
--- ltsp.orig/client/Debian/etc/ltsp/update-kernels.conf
+++ ltsp/client/Debian/etc/ltsp/update-kernels.conf
@@ -44,7 +44,7 @@ LIST_KERNELS_64="amd64"
# Variants that are supported by PAE capable CPUs
LIST_KERNELS_PAE="686-pae 686-bigmem 686"
# Variants that are widely supported (i.e. 32-bit CPUs)
-LIST_KERNELS_32="486 686"
+LIST_KERNELS_32="586 486 686"
# Preferred default kernel order
#LIST_KERNELS_DEFAULT="486-custom 686-custom"
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ltsp-devel/attachments/20141129/c711117a/attachment.sig>
More information about the Pkg-ltsp-devel
mailing list