[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd

On Mon, 28 Aug 2006 10:07:42 +0200, Sven Luther <sven.luther@wanadoo.fr> said: 
> On Mon, Aug 28, 2006 at 12:59:53AM +0200, Michael Biebl wrote:
>> severity 383600 serious thanks
>> I'm raising the severity to serious, because as already outlined,
>> packages that call update-initramfs -u in postinst (such as udev)
>> won't update all installed initrds anymore. These means that
>> security fixes of these packages aren't applied to all installed
>> kernels anymore keeping a system potentially vulnerable (the latest
>> kernel is not necessarily the default boot kernel!)  I'm filing
>> these bug against initramfs-tools itself, because you missed to
>> inform other maintainers in advance, giving them time to change
>> their postinst scripts, that you intend to change the default
>> behaviour of update-initramfs -u.  If you want to keep the current
>> behaviour, you should file bug reports against all affected
>> packages and add them as blocking bugs against this one.

> Maks, Manoj, rest of the kernel team, ...

> Would not the right solution to this be to have a system wide
> configuration option managed by debconf or something, but eventually
> also in the /etc/kernel-img.conf, which would allow to set the
> behaviour of this ?

        This is a good idea, but I think perhaps does not go far
 enough: why conflate the configuration of multiple independent
 packages into one file? I think we have enough here to justify
 /etc/initramfs-tools/update.conf (or just put it into
 /etc/initramfs-tools/ where ever you think is right).

> It affects other packages too, like mkvmlinuz and maybe bootloader
> installer, which are called after the ramdisk generators, and it is
> clear from this thread that diverse people expect diverse behaviour
> on this.

        I guess it does affect things  of the family lilo/silo etc
 which encode disk blocks.

        If it is going to be something that multiple packages look at,
 which may need to be expanded at times, perhaps we should design a
 new configuration file, with agreed upon syntax, to deal with the
 issue of initramfs updates.

        /etc/initramfs.conf; with just the update=yes/no option to
 start with -- and anythin else the initramfs handling would require
 when updating.

> It could even be done to handle the prefered choice kernel in a
> debconf dialog also this way, in case multiple kernels are present,
> with a medium priority question when a new choice is available or
> the default choice is removed, and a low priority question in the
> other cases. At high priority it would default to the last installed
> kernel, as is done right now. (but which has a flip-flop
> undeterministic behaviour in case 2.6.17 and 2.6.16 are both
> installed and upgraded since both are present in the archive right
> now).

        Sounds good.

Government's Law: There is an exception to all laws.
Manoj Srivastava     <srivasta@acm.org>    <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: