LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 01-31-2010, 09:38 AM   #1
kja_007700
LQ Newbie
 
Registered: Jan 2010
Posts: 25

Rep: Reputation: 0
Security updates custom kernel?


A couple of days ago i downloaded the linux-source-2.6.26 package from the repository, and afterwards spent two days going through every single configuration option to the kernel so i could disable every function or driver that was not needed by my server. I compiled the kernel with make-kpkg so the the result was a deb package that i transfered to my server and installed. Everything is running smoothly and working perfectly. I have not reduced the memory footprint very much because i did choose to compile som elements directly into the kernel to avoid a RAM disk, so the footprint is 8 MB now and it was 9 MB before with a standard minimal Debian Lenney installation, but this is fine.

In a standard Debian Lenny installation with a standard kernel, "aptitude update" will notify about security updates to the kernel so it kan be updated with aptitude safe-upgrade. I have used the --append-to-version option so aptitude should not try to upgrade my kernel as far as i know.

How do i handle and get notified about security updates when running my own custom kernel? I have read the "Debian Linux Kernel Handbook" but i did not find anything clear on this subject, so maybe someone with first hand expirence could give a hint?
 
Old 01-31-2010, 09:43 AM   #2
ozanbaba
Member
 
Registered: May 2003
Location: Tengiz
Distribution: Slackware64 14.1
Posts: 671

Rep: Reputation: 94
maybe this mail list will help you http://lists.debian.org/debian-security-announce/
 
Old 01-31-2010, 01:00 PM   #3
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,528

Rep: Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218
If you have the linux-source package installed it will be upgraded with the security fixes. So, if a new linux-source package gets install in your daily "aptitude update && aptitude upgrade", you can simply rebuild your binary kernel package (make sure to reuse your painstakingly customized config).

Evo2.
 
Old 01-31-2010, 03:52 PM   #4
kja_007700
LQ Newbie
 
Registered: Jan 2010
Posts: 25

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by evo2 View Post
If you have the linux-source package installed it will be upgraded with the security fixes. So, if a new linux-source package gets install in your daily "aptitude update && aptitude upgrade", you can simply rebuild your binary kernel package (make sure to reuse your painstakingly customized config).

Evo2.
Great, when i am reading what you are writing it now seem obvious that the source would be updated like any other package in the repository. I keep the source in an virtual instance of Debian Lenny this way the compile time is reduced many times because the server is a Pentium III (Coppermine).

While i was configuring the kernel i compiled it many times to check the changes i was making. At one time after spending the whole first day configuring i dediced to try "make mrproper" before reading the man pages, when it was done i realized that my .config was replaced with a standard one, NOOOOOOO . Luckily at a earlier configuration stage i marked the option "Kernel .config support" and "Enable access to .config through /proc/config.gz because it sounded like a good idea.
 
Old 01-31-2010, 04:05 PM   #5
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,528

Rep: Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218Reputation: 1218
Quote:
Originally Posted by kja_007700 View Post
Luckily at a earlier configuration stage i marked the option "Kernel .config support" and "Enable access to .config through /proc/config.gz because it sounded like a good idea.
Also, after installing the linux-image deb you created it will be in /boot/config-2.x.y-foo

Cheers,

Evo2.
 
  


Reply

Tags
debian, kernel, lenny, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ksplice, Rebootless Linux Kernel Security Updates LXer Syndicated Linux News 0 04-26-2008 01:12 AM
Kernel security updates? Galaxy66 Slackware 5 02-21-2008 05:50 PM
Creating custom headers to match a custom kernel utanja Debian 2 06-08-2007 04:15 PM
Custom kernel image on custom slack build using CUSS nykey Slackware 2 07-15-2006 04:05 AM
Red Hat Update Agent for kernel updates and custom kernels SparceMatrix Linux - General 5 09-03-2002 05:58 PM


All times are GMT -5. The time now is 07:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration