From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-user+bounces-184910-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C0220138239 for <garchives@archives.gentoo.org>; Wed, 12 Sep 2018 07:59:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E5820E0A91; Wed, 12 Sep 2018 07:59:07 +0000 (UTC) Received: from oc.oops.co.at (oc.oops.co.at [IPv6:2a01:7e01::f03c:91ff:fe89:8118]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 59DB3E099C for <gentoo-user@lists.gentoo.org>; Wed, 12 Sep 2018 07:59:06 +0000 (UTC) Received: from ivy.lan.oops.co.at (h062040171237.moe.cm.kabsi.at [62.40.171.237]) by oc.oops.co.at (Postfix) with ESMTPSA id 43162880C2 for <gentoo-user@lists.gentoo.org>; Wed, 12 Sep 2018 09:59:05 +0200 (CEST) Subject: Re: [gentoo-user] Rebuilding a kernel on a hardened gentoo To: gentoo-user@lists.gentoo.org References: <8ca0a958-6604-d4b7-3555-4cd7daf92fbd@xunil.at> <3209777.eMyIDFXlM3@dell_xps> From: "Stefan G. Weichinger" <lists@xunil.at> Message-ID: <933c0adb-45cb-f64a-cf76-745b38fdcd6e@xunil.at> Date: Wed, 12 Sep 2018 09:59:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <3209777.eMyIDFXlM3@dell_xps> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=xunil.at; s=key1-201808-2048-1808081619; t=1536739145; h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=i2eA6ISPc1VEZBceF4NLW+OwFXSSLxTusiXcsOE8a7k=; b=0day+GywlLyHQTNCJor6o8t0C8eWs1EOjklDvQ0t6+jDKNIwtd4aHSwUT7tfRXckRArFVv DRRhlr0vZP3R+p1AO3Sgx/kBYj9EVt2EzdtSIadWOF/3ehbxBEdTVF+ITLsNuHpHZzDpR2 cCvbtjMH2mG86ll3mzSNTbBUEr4n+YdisdlY/t+vN3V+37IMXlIm15LI6WW91Vr0ys6iQ2 ObP7e10PK1ytCKrh1EurKAxq7S7jDp97Any6JP1mhujMcFsAyzkcM+lI24nH63zVbVP2my 7S2nU0RZxhZDaZR4WW5fiJIvixsrykLucpzxXUVCGBcNffnDeZpHpkHetF2BfQ== ARC-Seal: i=1; s=key1-201808-2048-1808081619; d=xunil.at; t=1536739145; a=rsa-sha256; cv=none; b=PaZ/0f18rrJgHxW73txuuBaIfnIZIFNw/s6YYZBCqJBpSY9QJPWWTgRZIPXCxa173GDP4CVcpVTyoiGLVkJIRP2tc/UKr0IbFLx31mIWxJh8j67H5Xx58r0ZHqxVIY8e/uoyGBVTulhJXVqZgWlqLKFHzCRUlAmGEUjYsZH4wAO2y0bhcH2WZ1HFwLTIzJ2GPDQ3G6nvz0Xtnl1lGhHj3UmCdSc4grlxi515y6kXyhuRdhliVh2Q3OOmaP9SF81lGckLgoAOxo/aHPEtNHChod2ltjWTjszRoux/0jpsL2fbAR1vCRcgcjO6Q16YnuutJmwhv2ctSPA0e/LkXUnVxA== ARC-Authentication-Results: i=1; auth=pass smtp.auth=oc@oc.oops.co.at smtp.mailfrom=lists@xunil.at Authentication-Results: auth=pass smtp.auth=oc@oc.oops.co.at smtp.mailfrom=lists@xunil.at DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xunil.at; s=key1-201808-2048-1808081619; t=1536739145; h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=i2eA6ISPc1VEZBceF4NLW+OwFXSSLxTusiXcsOE8a7k=; b=Y6p2XN6pPz5UZRftY86q6k0XUuRNi1qDEVaFXHRastj8YMB2oF0OEk5kYWO7QlwK5tn4Cl YF5NaeUGXyQ58bdKnuiIWv+PGKrsgL1F35opd3Wr7OhDu9PTVMu/uomcTeCG+xCohX711y FHfDW6jEG29+CxSPxtPiNrvDCuRDjRLWYkww+sI7CseOluGHo3OxrC/HiDOcqFSbqGuorR SE1lsJnkwgpxNQn1fqCgMk5u/sHOxKCHqSTfl3vfC6GL2dnHexZV5tAyHWUNG5ZA7Vf0dP 0F14aUKULMx33OMZ4655bqDUConIZp6kK3LN3v+uVMVXr5KoDZrKqcIkACbu1A== X-Archives-Salt: cee14e80-3b02-4260-a7be-f73d641ad28f X-Archives-Hash: 5c5650442f87fd61651edaffacfa2c0f Am 11.09.18 um 12:54 schrieb Mick: > Probably because you need a later version of gcc to compile the newer kernel > with. I already installed gcc-6.4.0 and 7.3.0 some times ago. These should be modern enough? >> CONFIG_EXT4_FS_SECURITY=y >> CONFIG_EXT4_FS_POSIX_ACL=y >> >> in my kernel ;-) > > Have you tried to enable these in the current kernel version and while running > with the same gcc configuration? Yes, yesterday that failed as well. But I was able to compile 4.9.95 with the ext4 flags after a "make localmodconfig". Maybe this intermediary step does not "break" lpfc behavior. A reboot test will happen on friday or so. > LONG WINDED APPROACH > ==================== > > 1. Update your system: > > emerge -uaNDv system > > Assuming there are no major blockers which you will need to resolve one at a > time, update your profile, switch your gcc to a newer version and continue > with building a newer kernel. > > 2. Copy the current kernel's .config file to the latest stable. Change the / > usr/src/linux/ symlink to point to the latest linux kernel source. Run 'make > oldconfig' and go through all the changes as required. Then 'make clean, && > make && make modules_install' and copy over the bzImage, .config and System > files of the new kernel to /boot. Leave the old files in /boot intact. > Update grub config and reboot. > > 3. Assuming all went fine, update your @world. > > WARNING: I would NOT try anything like this on a production system, but use a > cloned fs to do all this work offline. Once I get something booting > successfully I would then copy over binary packages and update the production > system with them. > > > SHORTER AND RECOMMENDED WAY > =========================== > > There have been many changes with gcc and gentoo profiles since kernel-4.1.15- > gentoo-r1. This is why I would recommend you reinstall using a stage 3 for an > easier life. Keep your /etc, kernel .config and /var/lib/portage/world files > from the existing installation, so you have minimal configuration changes to > perform, following reinstallation. Also keep the old kernel image in /boot in > case you struggle getting a newer kernel to boot immediately. Thanks for your suggestions, I will consider preparing a new stage3-based VM somewhere. I went through @world-updates some months ago when I started maintaining that server. Most of the system is updated already but you are right, there are always hidden issues ... and I should keep downtime and effort/costs low --- as always As soon as I can update that IPMI module it gets easier to test things ;-) thanks, Stefan