Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6255

Re: Upcoming changes to Debian Linux kernel packages

From Andreas Beckmann <anbe@debian.org>
Newsgroups linux.debian.kernel, linux.debian.maint.boot, linux.debian.devel.release, linux.debian.security
Subject Re: Upcoming changes to Debian Linux kernel packages
Date 2023-09-24 23:20 +0200
Message-ID <HhEGe-biII-1@gated-at.bofh.it> (permalink)
References <Hhx21-be81-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Cross-posted to 4 groups.

Show all headers | View raw

On 24/09/2023 15.01, Bastian Blank wrote:
> ## Kernel modules will be signed with an ephemeral key
> 
> The modules will not longer be signed using the Secure Boot CA like the
> EFI kernel image itself.  Instead a key will be created during the build
> and thrown away after.

Do I correctly assume that change only affects the modules shipped by 
the linux-image packages and not third-party modules built with dkms?

> ## Header and tool packages will not longer contain version

> This means that only headers of one single version can be available on
> the system at one time.  This might be a bit inconvinient for dkms, as
> it can't longer build modules for multiple versions.

That sounds problematic in case of third party modules. If it is 
possible to have multiple linux-image-* packages installed, but only 
headers for one of them, the third-party modules will only be available 
for one of the kernel versions for sure (maybe there are still old 
module builds available, but no guarantee especially after the 
third-party module got updated). This will make switching between 
different kernel versions difficult to impossible, e.g. it may be hard 
to go back to a working older kernel version in case the new one does 
not work properly (or the third-party module cannot be built or does not 
work for the new version).


Regarding getting the correct linux-header-* packages installed for the 
installed linux-image-* packages:
Maybe linux-image-* could have
   Recommends: linux-headers-* | no-linux-headers
s.t. the correct linux-headers-* are installed by default (installation 
of recommends is enabled by default) for all installed linux-image-* 
packages. no-linux-headers would be an opt-out package that can be 
installed manually if someone does not want to get linux-headers-* 
installed at all. It should never be installed automatically.

For dkms it is hard recommend the correct linux-header-* package, right 
now we have
   Recommends: linux-headers-generic | linux-headers-686-pae | 
linux-headers-amd64 | linux-headers
which does not really work for the non-default kernel flavor, e.g. the 
-cloud or -i386 kernel. So some improvement on the kernel side would be 
nice here.


Andreas

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-09-24 15:10 +0200
  Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-09-24 23:20 +0200
    Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-09-25 01:10 +0200
      Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-09-25 04:40 +0200
        Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-01 12:10 +0200
          Re: Upcoming changes to Debian Linux kernel packages Michel Verdier <mv524@free.fr> - 2023-10-01 12:20 +0200
            Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-01 13:50 +0200
              Re: Upcoming changes to Debian Linux kernel packages Michel Verdier <mv524@free.fr> - 2023-10-01 16:40 +0200
          Re: Upcoming changes to Debian Linux kernel packages Sam Hartman <hartmans@debian.org> - 2023-10-03 16:40 +0200
            Re: Upcoming changes to Debian Linux kernel packages herve <herve@couvelard.com> - 2023-10-03 17:30 +0200
              Re: Upcoming changes to Debian Linux kernel packages Bjørn Mork <bjorn@mork.no> - 2023-10-03 19:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages herve <herve@couvelard.com> - 2023-10-03 20:40 +0200
            Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-03 19:50 +0200
              Re: Upcoming changes to Debian Linux kernel packages Adrian Bunk <bunk@debian.org> - 2023-10-03 22:00 +0200
                Re: Upcoming changes to Debian Linux kernel packages Robert Nelson <robertcnelson@gmail.com> - 2023-10-03 22:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 08:30 +0200
                Re: Upcoming changes to Debian Linux kernel packages Sam Hartman <hartmans@debian.org> - 2023-10-05 16:10 +0200
                Re: Upcoming changes to Debian Linux kernel packages Russ Allbery <rra@debian.org> - 2023-10-05 17:30 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-26 14:00 +0200
              Re: Upcoming changes to Debian Linux kernel packages Andreas Beckmann <anbe@debian.org> - 2023-10-04 00:00 +0200
                Re: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 08:10 +0200
  Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-05 21:30 +0200
  Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-07 17:00 +0200
    Bug#1040901: Upcoming changes to Debian Linux kernel packages Bastian Blank <waldi@debian.org> - 2023-10-27 11:00 +0200

csiph-web