Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always force the use latest kernel by default #3857

Merged
merged 1 commit into from
Oct 11, 2018
Merged

Always force the use latest kernel by default #3857

merged 1 commit into from
Oct 11, 2018

Conversation

emkll
Copy link
Contributor

@emkll emkll commented Oct 9, 2018
edited
Loading

Status

Ready for review

Description of Changes

Fixes #3842.

  • Bumps kernel metapackage version to 4.4.144-1 so that the version is higher than currently installed version
  • Change postinst to force latest kernel to boot by default

Testing

  • Install 0.9.0 on virtual machines or hardware
  • roll back to 3.14.79 per instructions here: https://docs.securedrop.org/en/release-0.9/kernel_troubleshooting.html
  • checkout this branch and make build-debs and use securedrop-grsec-4.4.144-1-amd64.deb
  • install securedrop-grsec-4.4.144-1-amd64.deb on machines that have been rolled back
  • sudo apt-get autoremove (necessary for local testing only: when using apt servers, this will be done by cron-apt)

Confirm that:

  • The app and mon servers boot into kernel 4.4.144-grsec (uname -r)
  • apt list --installed | grep grsec still includes 3.14.79
  • /etc/default/grub contains GRUB_DEFAULT=0

Deployment

All changes will be deployed as part with the securedrop-grsec package.
Setting the version string to 4.4.144-1 (because we are not shipping a kernel as part of 0.10.0, see #3838 ). We will be removing 3.14.79 kernel at a later date, see #3643

Checklist

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

@emkll emkll requested review from conorsch and msheiny as code owners October 9, 2018 20:32
@emkll emkll added this to the 0.10.0 milestone Oct 9, 2018
@emkll emkll force-pushed the always-use-latest-kernel branch from d4772e0 to b4871b6 Compare October 9, 2018 20:36
@redshiftzero
Copy link
Contributor

hey @zenmonkeykstop, putting this one on your QA list - let's try to get this one in today/tomorrow so we can backport into the release branch

@emkll emkll force-pushed the always-use-latest-kernel branch from b4871b6 to 4105f10 Compare October 10, 2018 18:10
@emkll
Copy link
Contributor Author

emkll commented Oct 10, 2018

Rebased on latest develop. The reason the full kernel string is due to the build logic around the Jinja templating of files: postinst requires executable permissions, but the templates produce files with non-executable permissions.

I see 2 ways to approach this:

@zenmonkeykstop
Copy link
Contributor

zenmonkeykstop commented Oct 10, 2018
edited
Loading

Tested as follows:

sudo dpkg -i securedrop-grsec-4.4.144-1-amd64.deb
sudo apt-get autoremove
sudo reboot

Confirmed that:

[x] The app and mon servers boot into kernel 4.4.144-grsec (uname -r)
[x] apt list --installed | grep grsec still includes 3.14.79
[x] /etc/default/grub contains GRUB_DEFAULT=0

So 👍 for this change on VMs.

@emkll
Always use latest kernel
b37ebb2 
Until now, the postinst action for the securedrop-grsec metapackage
would preserve preferences for a rolled back kernel. This will now
remove this preference, by setting GRUB_DEFAUT=0, which will instruct
grub to use the highest kernel version available on the system.
@emkll emkll force-pushed the always-use-latest-kernel branch from 4105f10 to b37ebb2 Compare October 10, 2018 21:42
redshiftzero
redshiftzero approved these changes Oct 11, 2018
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @emkll and thanks for the QA @zenmonkeykstop - merging so we can backport into the release branch

@redshiftzero redshiftzero merged commit c2db2a1 into develop Oct 11, 2018
@redshiftzero redshiftzero deleted the always-use-latest-kernel branch October 11, 2018 00:01
@redshiftzero redshiftzero mentioned this pull request Oct 11, 2018
Merged
@zenmonkeykstop zenmonkeykstop mentioned this pull request Oct 16, 2018
Closed
24 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@conorsch conorsch Awaiting requested review from conorsch

@msheiny msheiny Awaiting requested review from msheiny

@zenmonkeykstop zenmonkeykstop Awaiting requested review from zenmonkeykstop

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.0
Development

Successfully merging this pull request may close these issues.
3 participants
@emkll @redshiftzero @zenmonkeykstop