The officially official Devuan Forum!

You are not logged in.

#1 2018-04-14 04:05:50

garyk
Member
Registered: 2018-04-14
Posts: 40  

AMD microcode update

Does anyone have any idea when/if Devuan will release the new microcode patch for Spectre/Meltdown vulnerabilities?  Will this rely solely on Debian's timetable?

I just switched this week from Debian to Devuan and am not familiar with how the security updating process works in Devuan, thus the question.  I have a Dell laptop and Dell has the patch available but it's only available for Windows users.  There's an exe file available but I'd be really afraid to run something this serious under Wine. 

Also, anyone have any idea if/when Devuan will add the 4.15/4.16 kernel with all the patches for specture/meltdown to the ascii depositories?  Or will that have to wait for a release beyond ascii?

Offline

#2 2018-04-14 13:38:52

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,409  

Re: AMD microcode update

Devuan uses Debian's kernels unchanged. Same for the intel microcode package. If you're using pkgmaster.devuan.org or deb.devuan.org in your sources, you'll get the changes within a couple hours of debian making them available. If you're using auto.mirror.devuan.org or packages.devuan.org, you'll get them within a day.

According to this, 4.15 has been patched (at least once) -
https://security-tracker.debian.org/tra … -2017-5754

Latest update on amd64-microcode is December 5 version.
https://tracker.debian.org/pkg/amd64-microcode

intel-microcode  is March 12 version, in stretch/ascii backports
https://tracker.debian.org/pkg/intel-microcode

I don't know how many patches there have been or if we have the latest.

Offline

#3 2018-04-14 15:06:31

garyk
Member
Registered: 2018-04-14
Posts: 40  

Re: AMD microcode update

Thanks for your reply.

I ran testing in Debian for years.  As such I had been running 4.15 for quite a while, and it had been fully patched.  Running 4.9.0-6 out of the Devuan repos gives me different results when running the spectre-meltdown-checker script than I got running it on the latest version of the 4.15 kernel found in Debian testing. 

I'm using us.mirror.devuan.org in my sources.list file.  Is this repo not always kept up to date, or is 4.15 not available in ascii?  I'm just sort of confused as to the differences in release as to me they don't seem to be exactly the same.  Or, maybe it's just because I ran testing for so many years I was always used to having pretty much the latest of packages in Debian and I'm not sure what is available in each specific release as with the rolling release of testing specific version names were pretty much irrelevant to me.

Offline

#4 2018-04-14 17:54:33

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,409  

Re: AMD microcode update

Ascii is still in testing, but it pulls packages from stretch, which is stable. Current debian testing is being tracked by devuan beowulf, but not a lot of work has been done on that yet. I've heard from a couple people that beowulf is running well. I did one upgrade from ascii to beowulf, and it was pretty smooth, but I didn't keep that installation.

linux-image-4.15 can be found in ascii-backports. Add the backports repo, update, then install the kernel, then comment out backports and update again. (or pin backports to a priority lower than 500. This isn't strictly necessary, but it protects you against any mishaps with the priorities set in the repos. I got burned once.)

apt-get -t ascii-backports install linux-base linux-image-4.15-<whatever>

auto.mirror, us.mirror, XX.mirror are all mirroring packages.devuan.org, which uses the first incarnation of amprolla to merge the debian and devuan repos. It updates once a day.
pkgmaster.devuan.org uses amprolla3, which updates every couple of hours and is mirrored by deb.devuan.org.

deb http://pkgmaster.devuan.org/merged/ ascii main
deb http://pkgmaster.devuan.org/merged ascii-updates main
deb http://pkgmaster.devuan.org/merged ascii-security main

deb http://pkgmaster.devuan.org/merged/ ascii-backports main

Offline

#5 2018-04-14 22:35:11

MiyoLinux
Member
Registered: 2016-12-05
Posts: 1,323  

Re: AMD microcode update

Hey fsr...

Any idea as to why the pkgmaster repo takes longer to run updates than say...the us.mirror repo?

pkgmaster takes about 2 minutes to run updates for me; whereas, us.mirror takes only 30 seconds at most. Of course...I'm in the US, so... tongue


I have been Devuanated, and my practice in the art of Devuanism shall continue until my Devuanization is complete. Until then, I will strive to continue in my understanding of Devuanchology, Devuanprocity, and Devuanivity.

Veni, vidi, vici vdevuaned. I came, I saw, I Devuaned. wink

Offline

#6 2018-04-14 23:10:25

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,409  

Re: AMD microcode update

Miyo,

I don't know. There could be differences in the server hardware, the network paths or the current load on the server. Try running a traceroute on the different repos to compare times. And also notice that us.mirror takes you out of the US. (Boston to Chicago to Canada to France for me.)

Offline

#7 2018-04-14 23:34:12

garyk
Member
Registered: 2018-04-14
Posts: 40  

Re: AMD microcode update

fsr,

Thanks.  That devuan is a release behind is what was confusing me.  I'll add the backports repo to my sources.list and get 4.15 from there.

Offline

#8 2018-04-14 23:40:19

garyk
Member
Registered: 2018-04-14
Posts: 40  

Re: AMD microcode update

fsmithred wrote:

Miyo,

I don't know. There could be differences in the server hardware, the network paths or the current load on the server. Try running a traceroute on the different repos to compare times. And also notice that us.mirror takes you out of the US. (Boston to Chicago to Canada to France for me.)

That routing through France pretty much answers why I am getting a "waiting for headers" message between files when installing packages, and some pretty slow download speeds.   I'll have to change mirrors. 

Thanks again, fsr.

Offline

Board footer