[Miyo] Kernel questions

Ron · 2018-04-30 16:04:41

First, I'm assuming that everything I see in Synaptic comes from the Devuan repos; is that correct? My main question is what is the newest available kernel? The newest one I see is 3.16.0-5. Is that right? The number seems kind of low to me. Is this kernel patched for the Meltdown/Spectre flaws?

Another question I have is that I have both 3.16.0-4 and 3.16.0-5 installed. Does Miyo automatically boot into the newest kernel? I don't get any prompt on boot-up asking me which kernel I want to boot into. uname -r shows 3.16.0-5 so I assume that's the case. If I ever needed to boot into an older kernel, how would I go about that?

Thanks!

MiyoLinux · 2018-04-30 16:28:05

Yes, everything is Devuan repos.

The 3.16 kernel is older, but it's the LTS kernel...so it's tried, tested, and stable...and will continue being supported for two more years.

If you enable the backports repository, you can install a newer kernel from backports.

If you ever need to boot an older kernel...

When you turn on the computer and reach the grub screen, use your "down arrow" key to highlight "Advanced options for...", then use the arrow key again to highlight an older kernel and hit Enter on your keyboard.

To my knowledge, there have been no patches for meltdown and spectre in kernel 3.16, because it's believed that 3.16 isn't affected...

https://wiki.debian.org/DebianSecurity/SpectreMeltdown

Ron · 2018-04-30 18:08:20

Thanks MiyoLinux. I did some research and found this below on debian's site. Is this what I need to do on Miyo/Devuan to get the backports? Also I'm a bit confused, would it go in the file sources.list found in /etc/apt or would it go in the file devuan.list in /etc/apt/sources.list.d? Thanks for your help.

 1.   For jessie add this line

    deb http://ftp.debian.org/debian jessie-backports main

    to your sources.list (or add a new file with the ".list" extension to /etc/apt/sources.list.d/)

   2.    Run apt-get update

golinux · 2018-04-30 18:28:24

No, never use Debian repos directly. The backports repo is available via devuan at:

http://pkgmaster.devuan.org/merged/ jessie-backports main contrib non-free

or

http://auto.devuan.org/merged/ jessie-backports main contrib non-free

siva · 2018-04-30 18:33:11

MiyoLinux wrote:

To my knowledge, there have been no patches for meltdown and spectre in kernel 3.16, because it's believed that 3.16 isn't affected...
https://wiki.debian.org/DebianSecurity/SpectreMeltdown

Are you joking?

Also, processor architecture matters just as much as kernel version. Not only will i386 probably never be patched, but anything before 4.14.14 (on amd64) is just a backport, criticized for nebulous integrity.
http://forums.debian.net/viewtopic.php?f=3&t=135775

Last edited by siva (2018-04-30 18:42:59)

MiyoLinux · 2018-04-30 18:38:46

Ron, I'm on my phone, so I can't check...but I believe I included the backports repo already but have it commented out. To check, open your terminal and issue this command...

sudo leafpad /etc/apt/sources.list

When the file opens, look at the bottom for the jessie-backports repo. If it's there, remove the # from in front of it. Then save and close the file.

Next, run this command in the terminal...

sudo apt-get update

Don't run an upgrade...close the terminal.

Now open Synaptic and search for...

linux image

Find the newer kernel and install it.

Then I'd recommend putting the # back on the backports repo.

siva · 2018-04-30 18:44:53

Then I'd recommend putting the # back on the backports repo.

You can also specify backported packages with the "-t [repo]" option (eg, "-t jessie-backports"). Then you can keep the bpo repo uncommented and use only when needed.

Ron · 2018-04-30 20:04:22

I successfully added the backports, but when I mark the kernel for installation I get this error message:

linux-image-4.9.0-0.bpo.6-amd64:
  Depends: linux-base (>=4.3~) but 3.5 is to be installed

If I have the backport enabled, why am I not being offered an updated linux-base version?

MiyoLinux · 2018-04-30 20:23:24

Oh dear...yes, I forgot that you will need to install the linux-base from backports too. I'm sorry. Try this from your terminal...

sudo apt-get -t jessie-backports install linux-base linux-image-4.9.0-0.bpo.6-amd64

Ron · 2018-04-30 21:20:22

Thanks MiyoLinux. That worked!

MiyoLinux · 2018-04-30 22:28:15

HOORAY!!!

golinux · 2018-04-30 23:22:34

HOORAY to the one and only MIYO!!

MiyoLinux · 2018-05-01 00:23:49

golinux wrote:

HOORAY to the one and only MIYO!!

Well...I'm not one to brag or anything, but I am pretty awesome and deserve all of the accolades and prominence that I'm given...'n stuff.

LOLOLOLOLOLOL!!!

MiyoLinux · 2018-05-01 21:59:01

siva wrote:

MiyoLinux wrote:
To my knowledge, there have been no patches for meltdown and spectre in kernel 3.16, because it's believed that 3.16 isn't affected...
https://wiki.debian.org/DebianSecurity/SpectreMeltdown
Are you joking?
Also, processor architecture matters just as much as kernel version. Not only will i386 probably never be patched, but anything before 4.14.14 (on amd64) is just a backport, criticized for nebulous integrity.
http://forums.debian.net/viewtopic.php?f=3&t=135775

Sorry siva...I wasn't ignoring your post. I just saw it now for the first time...not sure how I missed it yesterday.

No, I wasn't joking. In trying not to muddy the waters, I was simply giving the "official" reason as to why 3.16 won't be patched as stated by Debian (in the link I provided)...since Devuan's kernel comes from Debian.

siva · 2018-05-01 22:43:49

I wasn't offended lol.

I'm wondering where you found that statement from Debian. It is my understanding that jessie-security solved this issue with a patched kernel, according to the CVE tracker. Would you mind sharing?

Again, however, all i386/i686 kernels are still vulnerable, and the kpti patch developers have no intent to fix them in the near future.

MiyoLinux · 2018-05-01 23:39:59

siva wrote:

I wasn't offended lol.
I'm wondering where you found that statement from Debian. It is my understanding that jessie-security solved this issue with a patched kernel, according to the CVE tracker. Would you mind sharing?
Again, however, all i386/i686 kernels are still vulnerable, and the kpti patch developers have no intent to fix them in the near future.

I shared it in the link that I provided; however, that link no longer says what it said when I first posted it. The caveat from the link is...

This article will be updated periodically with new information as it becomes available, until the issues have been resolved.

In looking at the article today, it no longer says what I said that it said yesterday. Strange.

siva · 2018-05-02 00:31:14

It's probably the reptile overlords updating the reality simulator again. Not your fault.

The CVE tracker has outlined the vulnerable and patched versions for a few months, and it looks like it hasn't changed.
https://security-tracker.debian.org/tra … -2017-5754

The only claims for invulnerability I've heard are hardware-level exceptions.

Ron · 2018-05-03 00:16:38

MiyoLinux wrote:
Then I'd recommend putting the # back on the backports repo.

I can't remember if I put them back. Should it look like this:

# jessie-backports
#deb http://auto.mirror.devuan.org/merged jessie-backports main
#deb-src http://auto.mirror.devuan.org/merged jessie-backports main

or just this:

# jessie-backports
deb http://auto.mirror.devuan.org/merged jessie-backports main
deb-src http://auto.mirror.devuan.org/merged jessie-backports main

Another question, if I disable the backports then won't I not be offered an update on the new kernel when one is released?

Last edited by Ron (2018-05-03 00:17:04)

golinux · 2018-05-03 00:39:04

The first option disables backports. I have always put a space after the # but don't know whether that's necessary. The second example enables them.

MiyoLinux · 2018-05-03 00:44:07

Ron wrote:

MiyoLinux wrote:
Then I'd recommend putting the # back on the backports repo.
I can't remember if I put them back. Should it look like this:
# jessie-backports
#deb http://auto.mirror.devuan.org/merged jessie-backports main
#deb-src http://auto.mirror.devuan.org/merged jessie-backports main
or just this:
# jessie-backports
deb http://auto.mirror.devuan.org/merged jessie-backports main
deb-src http://auto.mirror.devuan.org/merged jessie-backports main
Another question, if I disable the backports then won't I not be offered an update on the new kernel when one is released?

Hi Ron! You can just leave the "deb" line uncommented (without the #). Unless you're planning on building something from source, you can put the # in front of the "deb-src" repos.

Sometimes I forget and give advice about my personal preferences. I never use backports myself, so I always leave them commented out.

As I said, unless you plan to build something from source, this is my recommendation for how it should look...

# jessie-backports
deb http://auto.mirror.devuan.org/merged jessie-backports main
#deb-src http://auto.mirror.devuan.org/merged jessie-backports main

If you plan to build from source, then leave it as...

# jessie-backports
deb http://auto.mirror.devuan.org/merged jessie-backports main
deb-src http://auto.mirror.devuan.org/merged jessie-backports main

Hope that helps!

The officially official Devuan Forum!

#1 2018-04-30 16:04:41

[Miyo] Kernel questions

#2 2018-04-30 16:28:05

Re: [Miyo] Kernel questions

#3 2018-04-30 18:08:20

Re: [Miyo] Kernel questions

#4 2018-04-30 18:28:24

Re: [Miyo] Kernel questions

#5 2018-04-30 18:33:11

Re: [Miyo] Kernel questions

#6 2018-04-30 18:38:46

Re: [Miyo] Kernel questions

#7 2018-04-30 18:44:53

Re: [Miyo] Kernel questions

#8 2018-04-30 20:04:22

Re: [Miyo] Kernel questions

#9 2018-04-30 20:23:24

Re: [Miyo] Kernel questions

#10 2018-04-30 21:20:22

Re: [Miyo] Kernel questions

#11 2018-04-30 22:28:15

Re: [Miyo] Kernel questions

HOORAY!!!

#12 2018-04-30 23:22:34

Re: [Miyo] Kernel questions

#13 2018-05-01 00:23:49

Re: [Miyo] Kernel questions

#14 2018-05-01 21:59:01

Re: [Miyo] Kernel questions

#15 2018-05-01 22:43:49

Re: [Miyo] Kernel questions

#16 2018-05-01 23:39:59

Re: [Miyo] Kernel questions

#17 2018-05-02 00:31:14

Re: [Miyo] Kernel questions

#18 2018-05-03 00:16:38

Re: [Miyo] Kernel questions

#19 2018-05-03 00:39:04

Re: [Miyo] Kernel questions

#20 2018-05-03 00:44:07

Re: [Miyo] Kernel questions

Board footer