LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (https://www.linuxquestions.org/questions/debian-26/)
-   -   Security updates custom kernel? (https://www.linuxquestions.org/questions/debian-26/security-updates-custom-kernel-785982/)

kja_007700 01-31-2010 08:38 AM
Security updates custom kernel?
 
A couple of days ago i downloaded the linux-source-2.6.26 package from the repository, and afterwards spent two days going through every single configuration option to the kernel so i could disable every function or driver that was not needed by my server. I compiled the kernel with make-kpkg so the the result was a deb package that i transfered to my server and installed. Everything is running smoothly and working perfectly. I have not reduced the memory footprint very much because i did choose to compile som elements directly into the kernel to avoid a RAM disk, so the footprint is 8 MB now and it was 9 MB before with a standard minimal Debian Lenney installation, but this is fine.

In a standard Debian Lenny installation with a standard kernel, "aptitude update" will notify about security updates to the kernel so it kan be updated with aptitude safe-upgrade. I have used the --append-to-version option so aptitude should not try to upgrade my kernel as far as i know.

How do i handle and get notified about security updates when running my own custom kernel? I have read the "Debian Linux Kernel Handbook" but i did not find anything clear on this subject, so maybe someone with first hand expirence could give a hint?

ozanbaba 01-31-2010 08:43 AM
maybe this mail list will help you http://lists.debian.org/debian-security-announce/

evo2 01-31-2010 12:00 PM
If you have the linux-source package installed it will be upgraded with the security fixes. So, if a new linux-source package gets install in your daily "aptitude update && aptitude upgrade", you can simply rebuild your binary kernel package (make sure to reuse your painstakingly customized config).

Evo2.

kja_007700 01-31-2010 02:52 PM
Quote:
Originally Posted by evo2 (Post 3847270)
If you have the linux-source package installed it will be upgraded with the security fixes. So, if a new linux-source package gets install in your daily "aptitude update && aptitude upgrade", you can simply rebuild your binary kernel package (make sure to reuse your painstakingly customized config).

Evo2.
Great, when i am reading what you are writing it now seem obvious that the source would be updated like any other package in the repository. I keep the source in an virtual instance of Debian Lenny this way the compile time is reduced many times because the server is a Pentium III (Coppermine).

While i was configuring the kernel i compiled it many times to check the changes i was making. At one time after spending the whole first day configuring i dediced to try "make mrproper" before reading the man pages, when it was done i realized that my .config was replaced with a standard one, NOOOOOOO :cry:. Luckily at a earlier configuration stage i marked the option "Kernel .config support" and "Enable access to .config through /proc/config.gz because it sounded like a good idea. :D

evo2 01-31-2010 03:05 PM
Quote:
Originally Posted by kja_007700 (Post 3847453)
Luckily at a earlier configuration stage i marked the option "Kernel .config support" and "Enable access to .config through /proc/config.gz because it sounded like a good idea. :D
Also, after installing the linux-image deb you created it will be in /boot/config-2.x.y-foo

Cheers,

Evo2.


All times are GMT -5. The time now is 01:19 PM.