Kernel patching/recompiling for newbies

Kernel patching/recompiling for newbies

Post by Paul Schmeh » Thu, 26 Jun 2003 09:18:05



I'm a fairly knowledgeable user on a lot of different platforms, but one
thing that I've never done is patch or rebuild a kernel.  I'm running snort
on a FreeBSD (4.7 - RELEASE) box at work (I wanted the fastest OS at the
networking level so packet loss would be minimal), and since I installed
there's been a kernel patch released.  (I'm not overly worried about
security problems because this box is extremely locked down - no initd
running, no services except ssh through tcpwrappers, ipfw prevents access
from outside one VLAN, for example - but I do like to stay current with
patches because you just never know.)

I'm running cvsup through cron every night, so the sources are updated
regularly, but despite all the reading I've done, I'm still uncertain about
the kernel sources.  Are those updated through cvsup as well?  If they are,
then do I need to patch?  Or is the patch already "in" the new source?  Or
am I just totally confused? :-)

I also find myself a bit hesitant to update the kernel because I don't want
to*up a production box.  I've had no problem updating snort and other
software on this box through the ports collection (I prefer compiling to
using packages), and I suspect doing a kernel will be just as easy, but
there's a part of me that's a bit hesitant, never having done this before.

What's my gotchas?  What do I need to watch out for?  Or is it really as
easy as the docs make it sound?  Am I just being too cautious?

--
Paul Schmehl

http://www.veryComputer.com/~pauls/

 
 
 

Kernel patching/recompiling for newbies

Post by Magnu » Thu, 26 Jun 2003 10:08:18




Quote:> I'm a fairly knowledgeable user on a lot of different platforms, but one
> thing that I've never done is patch or rebuild a kernel.  I'm running
snort
> on a FreeBSD (4.7 - RELEASE) box at work (I wanted the fastest OS at the
> networking level so packet loss would be minimal), and since I installed
> there's been a kernel patch released.  (I'm not overly worried about
> security problems because this box is extremely locked down - no initd
> running, no services except ssh through tcpwrappers, ipfw prevents access
> from outside one VLAN, for example - but I do like to stay current with
> patches because you just never know.)

> I'm running cvsup through cron every night, so the sources are updated
> regularly, but despite all the reading I've done, I'm still uncertain
about
> the kernel sources.  Are those updated through cvsup as well?  If they
are,
> then do I need to patch?  Or is the patch already "in" the new source?  Or
> am I just totally confused? :-)

> I also find myself a bit hesitant to update the kernel because I don't
want
> to*up a production box.  I've had no problem updating snort and
other
> software on this box through the ports collection (I prefer compiling to
> using packages), and I suspect doing a kernel will be just as easy, but
> there's a part of me that's a bit hesitant, never having done this before.

> What's my gotchas?  What do I need to watch out for?  Or is it really as
> easy as the docs make it sound?  Am I just being too cautious?

Well.. the doc's also tells you to backup, and you should do that, not just
because of a kernel upgrade.

If the kernel fails, you have a backup. Previous kernel is renamed to
kernel.old, and you also have kernel.GENERIC that you can revert to if
things goes astray (you can choose wich kernel at bootup, default is
"kernel" naturally). Besides from configuring the config file for the
kernel, the process is suspiciously trivial, and as easy as it seems from
the manual.

- Magnus

 
 
 

Kernel patching/recompiling for newbies

Post by Dariusz Kulinski / TaKeD » Thu, 26 Jun 2003 11:28:57



> I'm running cvsup through cron every night, so the sources are updated
> regularly, but despite all the reading I've done, I'm still uncertain
> about the kernel sources.  Are those updated through cvsup as well?  If
> they are, then do I need to patch?  Or is the patch already "in" the new
> source?  Or am I just totally confused? :-)

If you have cvsup configured properly, then your kernel files should be
updated.
(kernel is in /usr/src/sys)
I don't know wchich patches you use if they're third party, you need to
apply them
before compiling kernel, because every time you run cvsup sources are
synchronized to those on server so all other changes are lost.

--

UIN# 15827691, GG# 113344
SCSA, SCNA, LPIC, CCNA, MCP

 
 
 

Kernel patching/recompiling for newbies

Post by Paul Schmeh » Thu, 26 Jun 2003 12:51:34




Quote:

> If you have cvsup configured properly, then your kernel files should be
> updated.
> (kernel is in /usr/src/sys)

Here's my /etc/cvsupfile
*default  host=cvsup15.FreeBSD.org
*default  base=/usr
*default  prefix=/usr
*default  release=cvs
*default  tag=.
*default  delete use-rel-suffix

src-all
*default tag=.
ports-all
doc-all

So, my kernel files should be updated, right?

Quote:> I don't know wchich patches you use if they're third party, you need to
> apply them
> before compiling kernel, because every time you run cvsup sources are
> synchronized to those on server so all other changes are lost.

I'm not using any third party patches.

--
Paul Schmehl

http://www.utdallas.edu/~pauls/

 
 
 

Kernel patching/recompiling for newbies

Post by Timothy J. L » Thu, 26 Jun 2003 14:01:47




>I also find myself a bit hesitant to update the kernel because I don't want
>to*up a production box.

If you have a spare computer, you can install FreeBSD on it and
try some kernel patches and builds (of GENERIC and custom kernels)
on it to get an idea of what is involved.

--
------------------------------------------------------------------------
Timothy J. Lee
Unsolicited bulk or commercial email is not welcome.
No warranty of any kind is provided with this message.

 
 
 

Kernel patching/recompiling for newbies

Post by Ted Spradle » Fri, 27 Jun 2003 01:51:20


On Wed, 25 Jun 2003 03:51:34 GMT




> > If you have cvsup configured properly, then your kernel files should
> > be updated.
> > (kernel is in /usr/src/sys)

> Here's my /etc/cvsupfile
> *default  host=cvsup15.FreeBSD.org
> *default  base=/usr
> *default  prefix=/usr
> *default  release=cvs
> *default  tag=.
> *default  delete use-rel-suffix

> src-all
> *default tag=.
> ports-all
> doc-all

> So, my kernel files should be updated, right?

Uh, if I read this right, you're getting *current* sources for the full
system (and for ports and docs as well).  But that's just sources -- if
you don't compile and install 'em you're still running the same old 4.7
release you think you are.

The key is in the two "*default tag=." lines above.  For your purposes,
you probably want the one above the "src-all" line to be "*default
tag=RELENG_4" to get production-quality rather than bleeding-edge system
sources.  Take a real close look at Chapter 21 of the handbook,
particularly
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-sta...
but also "21.4 Using make world" and the rest of Chapter 21.

In another post Timothy J. Lee suggested finding a scratch box to
test all this stuff on, before changing anything on your production box.
 That's excellent advice.

 
 
 

Kernel patching/recompiling for newbies

Post by Paul Schmeh » Fri, 27 Jun 2003 09:15:49


Thanks Ted.  I hadn't caught that.  Back to the handbook I go. :-)

--
Paul Schmehl

http://www.utdallas.edu/~pauls/


> On Wed, 25 Jun 2003 03:51:34 GMT



> Uh, if I read this right, you're getting *current* sources for the full
> system (and for ports and docs as well).  But that's just sources -- if
> you don't compile and install 'em you're still running the same old 4.7
> release you think you are.

> The key is in the two "*default tag=." lines above.  For your purposes,
> you probably want the one above the "src-all" line to be "*default
> tag=RELENG_4" to get production-quality rather than bleeding-edge system
> sources.  Take a real close look at Chapter 21 of the handbook,
> particularly

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-sta...

- Show quoted text -

Quote:> but also "21.4 Using make world" and the rest of Chapter 21.

 
 
 

Kernel patching/recompiling for newbies

Post by Paul Schmeh » Fri, 27 Jun 2003 09:15:48


Great suggestion.  I think I can dig one up.  Thanks.

--
Paul Schmehl

http://www.veryComputer.com/~pauls/





> >I also find myself a bit hesitant to update the kernel because I don't
want
> >to*up a production box.

> If you have a spare computer, you can install FreeBSD on it and
> try some kernel patches and builds (of GENERIC and custom kernels)
> on it to get an idea of what is involved.

 
 
 

Kernel patching/recompiling for newbies

Post by Paul Schmeh » Fri, 27 Jun 2003 13:10:53


When I set this box up, I didn't have time to learn a lot about FreeBSD.  I
just needed to get it going, and so I used an install doc written by a
contributor to the snort site.  After your suggestion, I read the man page
for cvsup as well as the handbook.  Now that I have a grasp of how cvsup
really works, I think things will go a lot better.

I *do* have a question, however.

Here's my cvsup file now:
*default  host=cvsup15.FreeBSD.org
*default  tag=RELENG_4
*default  base=/usr
*default  prefix=/usr
*default  release=cvs delete use-rel-suffix

src-all
ports-all tag=.
doc-all tag=.

Now my question.  I created a refuse file and added the ports and docs stuff
I didn't want.  Then I ran cvsup to see how everything was working, and I
decided to add some stuff from src to the refuse file.  I added alpha, ia64,
pc98, powerpc and sparc.  I made the *assumption* that it would be OK to
leave those out since I'm running on an i386 box.

Was my assumption correct?

--
Paul Schmehl

http://www.utdallas.edu/~pauls/



> > On Wed, 25 Jun 2003 03:51:34 GMT

> > Uh, if I read this right, you're getting *current* sources for the full
> > system (and for ports and docs as well).  But that's just sources -- if
> > you don't compile and install 'em you're still running the same old 4.7
> > release you think you are.

 
 
 

1. Kernel recompile: Patch or Full Source?

What is the Linux/Un*x definition of install by patching, and install by
full source.  I just changed my /usr/src/linux/drivers/scsi/aha1542.c
file to add the option of a base address of 0x230 for my scsi host.  I
am now ready to compile.  I would believe that this is considered a
stall from patch, but I would like to be sure before I do any serious
damage to my files/kernel.

r.s.v.p.
abeeku

2. Serial Port in FreeBSD 4.1

3. Does recompiling kernel looses patches applied?

4. Adobe FrameMaker beta - getting serial number

5. need to recompile ftape: recompile kernel too?

6. Secure access to pop3: handbook precision needed

7. Newbie Problem: LILO and kernel recompiles

8. setenv command ?

9. Newbie needs a nudge in the right direction for recompiling the kernel with new drivers

10. help newbie with recompiling kernel in RedHat 7.0

11. Newbie question: Recompile kernel?

12. Linux newbie lost mouse in Xfree86 after recompiling kernel, need help to help himOne

13. (newbie) Recompile the Kernel?