[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Best practices for kernel modules

Hello all,

I'm one of the maintainers of OpenAFS, a distributed file system whose
client involves a kernel module.  Currently, the OpenAFS package builds an
openafs-modules-source package but doesn't build any binary module
packages, so each user has to build their own kernel modules with
make-kpkg, module-assistant, or some other tool.

There are two bugs against the OpenAFS package, one requesting prebuilt
modules (Bug#224527) and one requesting that modules be automatically
rebuilt when the kernel is upgraded (Bug#168852).  I'm not sure how to
deal with these issues.  I'd love to get some feedback on what the current
best practices are for packaging kernel modules.

My understanding from recent discussion is that building kernel modules
separately from the source package is a very bad idea for security reasons
(it means that the security team can't easily rebuild all the derived
packages starting from the source package).  Presumably that means that if
we wanted to include pre-built kernel module packages in Debian, the
openafs source package would need to build-depend on the appropriate
kernel build machinery and build binary module packages as part of its
normal build process.  I can do this, but it also seems like a great way
to generate new package names with nearly every upload (thus resulting in
a lot of ftp-master work) and I have no idea how to handle all the
different kernel varients, particularly on non-x86 architectures.

The request for automatic builds of new modules when the kernel is
upgraded doesn't really sound like it should be the responsbility of each
separate kernel module provider, but instead should be handled by some
sort of general infrastructure and hook system.  I think this is basically
the thrust of Bug#303636 and Bug#299727 against module-assistant.

I don't really want to just leave these bugs open against OpenAFS without
some idea of how they might be resolved.  My inclination at the moment is
to close the second bug on the grounds that the openafs package isn't
where this problem should be solved and refer the reporter to the
module-assistant wishlist bugs.  For the request for pre-build modules in
Debian, I'd love to have a best practices justification for taking some
specific approach with it (even if that approach is to document that
pre-build modules will not be provided and close the bug pointing to that

Any advice, suggestions, or pointers to best practices would be greatly

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Reply to: