How do I get a warm fuzzy feeling about kernel upgrade?
I have reaffirmed that I'm clueless this morning. I found this security
bulletin:
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html
this morning. This worried me since I just installed debian last week on
a server directly connected to the internet. I'm confused because it says
in the text that the update is "version 2.4.18-14 of the i386 kernel
images" but in the list of upgraded packages all of them seem to have just
a -12, for example:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb
This completely confused me. I ran the "apt-get update; apt-get upgrade"
but all it update was "rsync". The highest packages listed in dselect are
2.4.18-12.
So I looked back through the e-mails from earlier this week to see if I
could find some more information and found an e-mail from bob@proulx.com
(Bob Proulx) that said:
> The installer bootstraps the system with a bootstrapping kernel which
> is not installed with the package manager. You need a system running
> before you can run applications like the package manager. And you
> need the package manager before you can install packages. A chicken
> or the egg problem. So the initial kernel is not known by the package
> manager.
>
> This means that the initial kernel will never be offered to users as
> an upgrade even if security updates exist for it such as the 2.4.18
> kernel. APT does not know it is there. The fact that the initial
> installer leaves the system without a kernel installed by the package
> manager is a disservice. It would be better if the initial installer
> installed the same kernel again overwriting the bootstrapping kernel
> using the package manager so that it is now known and updates would be
> offered and it could then also be removed in the future.
Now I feel really stupid! I've been installing debian for several years
and I had no idea that the kernel was never getting updated. I have
installed the 2.4.18-12 kernel now, but I have no idea of this is correct.
I did a "strings" on the new vzimage and found "2.4.18-1-k7
(herbert@gondolin) #3 Sat Nov 29 10:23:13 EST 2003" which is strange
because the date on the file itself is Nov 28 16:42. Is there a 2.4.18-14
kernel that I need? If so what do I have to do to install it?
Are there md5sums somewhere of the vzimages that I could check to verify
that I have the correct kernel running?
Thanks
-Scott
Reply to: