Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
maks suggests you may want to set all for update_initramfs in /etc/initramfs-tools/update-initramfs.conf I think this means update_initramfs=all . Is that correct? Neither the comments in that file nor the man page list all as a legal option. It would be good to update them if it is. I too noticed this issue when updating udev while running an older kernel than the most recent one installed. I find the current behavior surprising, and it doesn't strike me as necessarily more conservative. It's safer if update-initramfs or something else makes the initramfs broken. But it's less safe if it fails to apply a security fix or a necessary component (e.g., if you install evms any initramfs from before the installation will not work; evms uses update-initramfs -u in its postinst). As long as there's some way to change the default, I guess everyone can have their own opinions :) Ross Boylan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
On Mon, Aug 28, 2006 at 12:59:53AM +0200, Michael Biebl wrote: severity 383600 serious thanks Sven Luther wrote: On Fri, Aug 18, 2006 at 07:03:52PM +0200, Michael Biebl wrote: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. I get uswsusp, cryptsetup, mdadm and udev on my machine. They all simply call update-initramfs -u. This means that security updates of these packages are not automatically applied to all installed kernels which is a major security issue imho. If you insist that update-initramfs -u only updates the latest kernel, you should file bug reports against all packages using update-initramfs -u. I'm raising the severity to serious, because as already outlined, packages that call update-initramfs -u in postinst (such as udev) won't update all installed initrds anymore. These means that security fixes of these packages aren't applied to all installed kernels anymore keeping a system potentially vulnerable (the latest kernel is not necessarily the default boot kernel!) I'm filing these bug against initramfs-tools itself, because you missed to inform other maintainers in advance, giving them time to change their postinst scripts, that you intend to change the default behaviour of update-initramfs -u. If you want to keep the current behaviour, you should file bug reports against all affected packages and add them as blocking bugs against this one. Maks, Manoj, rest of the kernel team, ... Would not the right solution to this be to have a system wide configuration option managed by debconf or something, but eventually also in the /etc/kernel-img.conf, which would allow to set the behaviour of this ? It affects other packages too, like mkvmlinuz and maybe bootloader installer, which are called after the ramdisk generators, and it is clear from this thread that diverse people expect diverse behaviour on this. It could even be done to handle the prefered choice kernel in a debconf dialog also this way, in case multiple kernels are present, with a medium priority question when a new choice is available or the default choice is removed, and a low priority question in the other cases. At high priority it would default to the last installed kernel, as is done right now. (but which has a flip-flop undeterministic behaviour in case 2.6.17 and 2.6.16 are both installed and upgraded since both are present in the archive right now). Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
first of all this not serious, update-initramfs -u doesn't update _all_ initramfs and it never did. so this bug report is bogus. On Mon, Aug 28, 2006 at 10:07:42AM +0200, Sven Luther wrote: On Mon, Aug 28, 2006 at 12:59:53AM +0200, Michael Biebl wrote: I'm raising the severity to serious, because as already outlined, packages that call update-initramfs -u in postinst (such as udev) won't update all installed initrds anymore. These means that security fixes of these packages aren't applied to all installed kernels anymore keeping a system potentially vulnerable (the latest kernel is not necessarily the default boot kernel!) you are expected to run the latest and greatest linux-image, we don't support old uname! I'm filing these bug against initramfs-tools itself, because you missed to inform other maintainers in advance, giving them time to change their postinst scripts, that you intend to change the default behaviour of update-initramfs -u. no, again it is an intended behaviour. and the recommended action. If you want to keep the current behaviour, you should file bug reports against all affected packages and add them as blocking bugs against this one. Maks, Manoj, rest of the kernel team, ... Would not the right solution to this be to have a system wide configuration option managed by debconf or something, but eventually also in the /etc/kernel-img.conf, which would allow to set the behaviour of this ? i'd like to have a better /etc/kernel-img.conf, but Manoj doesn't want to update that config file at all so you have to stop installation to add obvious things there like do_initrd=yes. even if you add this you get prompted anyway on kernel upgrades.. nor does Manoj want to add the do_bootloader response to aboves config file. It affects other packages too, like mkvmlinuz and maybe bootloader installer, which are called after the ramdisk generators, and it is clear from this thread that diverse people expect diverse behaviour on this. It could even be done to handle the prefered choice kernel in a debconf dialog also this way, in case multiple kernels are present, with a medium priority question when a new choice is available or the default choice is removed, and a low priority question in the other cases. At high priority it would default to the last installed kernel, as is done right now. (but which has a flip-flop undeterministic behaviour in case 2.6.17 and 2.6.16 are both installed and upgraded since both are present in the archive right now). first of all i'm against useless propagation of debconf dialog, when you can't do the obvious. the obvious is to be conservative and not touch all initrd, due to potential boot trouble, but still propagate the fixes to the newest initramfs. regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
maximilian attems wrote: first of all this not serious, update-initramfs -u doesn't update _all_ initramfs and it never did. so this bug report is bogus. Mea culpa! You are right, update-initramfs -u never updated all initramfs (only your last email made this clear to me). I'm not quite sure anymore how I came to this conclusion. It probably happened, because I use two initrd enabled kernels, a 2.6.18-rc testing kernel and a stable 2.6.17 kernel, which I use as default. I was experimenting with uswsusp some time ago and after an upgrade of initramfs-tools, I noticed that upon calling update-initramfs -u it didn't update my 2.6.17 (which I was running) initrd anymore but the 2.6.18-rc initrd. Now that I think of it (and I hope I'm not wrong again this time) you changed the behaviour from updating the running initrd to updating the latest initrd, and from this I somehow drew the wrong conclusion that before this change, all initrds were updated. I can only remember that from one day to the other things were behaving differently regarding update-initramfs. Sorry for the noise. Though I think my point is still valid. IMHO it would be correct to apply (security) updates of packages like udev to all installed kernels, because you can't know which kernel actually is the default kernel on a system. Your standpoint is that people are supposed to only run the latest kernel. But what if someone installs linux-image-486 and linux-image-686 kernel? Both are supported by Debian (your argument that old unames are not supported does not hold here) but you can't know for sure that 686 is the kernel that the user runs. It surely is not such a common use case, still it happened to me. So my bug report was indeed meant serious. I'm only sorry that I phrased my problem poorly. I'd find it pretty handy if update-initramfs -u, given that it detects that more than one kernel is installed, would give me the choice which initrd is updated. Could be a low prio question and only shown if currently running kernel != latest installed kernel. Guess this qualifies for a wishlist bug then, I'll leave that up to you. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
severity 383600 serious thanks Sven Luther wrote: On Fri, Aug 18, 2006 at 07:03:52PM +0200, Michael Biebl wrote: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. I get uswsusp, cryptsetup, mdadm and udev on my machine. They all simply call update-initramfs -u. This means that security updates of these packages are not automatically applied to all installed kernels which is a major security issue imho. If you insist that update-initramfs -u only updates the latest kernel, you should file bug reports against all packages using update-initramfs -u. I'm raising the severity to serious, because as already outlined, packages that call update-initramfs -u in postinst (such as udev) won't update all installed initrds anymore. These means that security fixes of these packages aren't applied to all installed kernels anymore keeping a system potentially vulnerable (the latest kernel is not necessarily the default boot kernel!) I'm filing these bug against initramfs-tools itself, because you missed to inform other maintainers in advance, giving them time to change their postinst scripts, that you intend to change the default behaviour of update-initramfs -u. If you want to keep the current behaviour, you should file bug reports against all affected packages and add them as blocking bugs against this one. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
#include hallo.h * Michael Biebl [Fri, Aug 18 2006, 07:03:52PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. I get uswsusp, cryptsetup, mdadm and udev on my machine. They all simply call update-initramfs -u. Okay, I admit beeing confused about the -u option. Though, those package should make the intird-update explicitely for all images while for other uses (from regular postinst files of kernel-image packages) the command should be less invasive. Eduard. -- Salz jjFux: Ted hieß ja früher auch Walther Salz winkiller: hm... es sind 8... die 7 kandidaten und NOTA Madkiss Ist der jetzt eigentlich eine gespaltene Persönlichkeit, bei der aber beide Teile bekloppt sind?
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
Package: initramfs-tools Version: 0.74 Severity: important I can't pinpoint the exact release but the behaviour of update-initramfs -u has changed recently. update-initramsfs -u is used in several postinst scripts and formerly updated the initrd of all installed kernels. The new behaviour is, to only update the initrd of the latest instlled kernel, which is wrong imho. E.g. you have kernel 2.6.16 and 2.6.17 installed and you are currently running 2.6.16, update-initramfs -u will only update the 2.6.17 initrd. I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Cheers, Michael -- Package-specific info: -- /proc/cmdline root=/dev/hda6 ro quiet SELINUX_INIT=NO vga=791 -- /proc/filesystems reiserfs ext3 ext2 vfat ntfs -- lsmod Module Size Used by ppp_synctty 7168 1 ppp_generic22996 5 ppp_synctty slhc6208 1 ppp_generic nls_utf81664 1 ntfs 221652 1 radeon113312 1 drm62164 2 radeon binfmt_misc 8712 1 cpufreq_ondemand5344 1 cpufreq_performance 1664 0 cpufreq_powersave 1472 0 speedstep_centrino 6032 1 rfcomm 31000 0 l2cap 18180 5 rfcomm bluetooth 40484 4 rfcomm,l2cap ipv6 229280 12 ppdev 7364 0 parport_pc 24868 1 lp 8324 0 parport19840 3 ppdev,parport_pc,lp thermal10120 0 fan 3076 0 button 4816 0 processor 17216 2 speedstep_centrino,thermal ac 3332 0 battery 7300 0 nls_iso8859_1 3840 1 nls_cp437 5504 1 vfat 10304 1 fat45532 1 vfat dm_mod 46264 0 usbhid 36960 0 fcusb2653336 1 capi 13568 6 capifs 3912 2 capi kernelcapi 35232 2 fcusb2,capi pcmcia 23968 0 snd_intel8x0 28252 4 snd_ac97_codec 92064 1 snd_intel8x0 snd_ac97_bus1856 1 snd_ac97_codec snd_pcm_oss34592 0 snd_mixer_oss 15616 1 snd_pcm_oss ipw210066800 0 ieee80211 29640 1 ipw2100 ieee80211_crypt 4288 1 ieee80211 snd_pcm65864 4 snd_intel8x0,snd_ac97_codec,snd_pcm_oss snd_timer 18244 2 snd_pcm intel_agp 20764 1 firmware_class 7488 2 pcmcia,ipw2100 joydev 8000 0 tsdev 6080 0 evdev 7872 2 yenta_socket 23628 1 rsrc_nonstatic 11136 1 yenta_socket pcmcia_core32848 3 pcmcia,yenta_socket,rsrc_nonstatic agpgart26160 2 drm,intel_agp 8139cp 16512 0 mii 4800 1 8139cp ehci_hcd 26568 0 snd43108 12 snd_intel8x0,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer soundcore 6944 1 snd snd_page_alloc 7688 2 snd_intel8x0,snd_pcm uhci_hcd 19464 0 usbcore 109568 5 usbhid,fcusb2,ehci_hcd,uhci_hcd -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.8 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages initramfs-tools depends on: ii busybox 1:1.1.3-2 Tiny utilities for small and embed ii cpio 2.6-17 GNU cpio -- a program to manage ar ii klibc-utils 1.4.11-3 small statically-linked utilities ii module-init-tools 3.2.2-3tools for managing Linux kernel mo ii udev 0.097-1/dev/ and hotplug management daemo initramfs-tools recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
#include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? This also increases the risk for breaking ALL WORKING initramfs images in the case where a new bug in initramfs-tools appears. I recommend closing this bug report unless you provide a good explanation. Eduard. -- Rhonda Hah! Ich hab das Monster php gebändigt! * Joey . o O ( Rhonda is now known as Siegfried )
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. the uswsusp package (which has to update the initrd because it has to install a resume binary there) I'd expect the package to work with all kernels I have installed not only a single one. In addition only the newest kernel installed is updated, which is very confusing imho. If it all, it should update the initrd of the currently running kernel. This also increases the risk for breaking ALL WORKING initramfs images in the case where a new bug in initramfs-tools appears. As you already said, if it's a bug in initramfs-tools, it should be fixed there and not prevent update-initramfs from doing the right thing. It won't help you anyways if you have only one kernel installed. And your argument can actually be held against you: what if an update of initramfs-tools fixes a (grave/security related) bug. Wouldn't you expect that all installed kernels are updated accordingly. I don't think normal users will know that they have to run update-initramfs -u -k 1.2.3 for all installed kernel versions. We can't expect that more unexperienced users will have to do that manually. So this is even a security related issue. I recommend closing this bug report unless you provide a good explanation. I strongly oppose. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
hello michael, thanks your request made my day. indeed in ubuntu all initrd.img gets updated. On Fri, Aug 18, 2006 at 12:12:28PM +0200, Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. well for debian we prefer the conservative default to ship the newest and greatest only in the newest one. and even this is sometimes questioned see #358397 or #382808 Why should one update _all_ initramfs images when beeing interested in only single one? This also increases the risk for breaking ALL WORKING initramfs images in the case where a new bug in initramfs-tools appears. if the user wants to do it, he can do it by hand: update-initramfs -u -k all that will update all the initramfs that initramfs-tools generated. although i would not recommed that for udev 0.097-1 best regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
On Fri, Aug 18, 2006 at 01:07:34PM +0200, Michael Biebl wrote: snipp answered stuff In addition only the newest kernel installed is updated, which is very confusing imho. If it all, it should update the initrd of the currently running kernel. this for upgrade reasons. if you install from sarge you want that the hooks work for the new one. the wrong order of the update-initramfs was a big upgrade trouble from breezy to dapper, that got solved quite late in the game. not eager to repeat that here. best regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
#include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? the uswsusp package (which has to update the initrd because it has to install a resume binary there) I'd expect the package to work with all kernels I have installed not only a single one. That's orthogonal to the regular usage of mkinitramfs. uswsusp package is the right one to add a call to update ALL initrds. In addition only the newest kernel installed is updated, which is very confusing imho. If it all, it should update the initrd of the currently running kernel. Does not confuse me at all. The package beeing installed cares about its own setup. Not more, not less. No need to touch non-involved packges. This also increases the risk for breaking ALL WORKING initramfs images in the case where a new bug in initramfs-tools appears. As you already said, if it's a bug in initramfs-tools, it should be Don't reintepret my statements to something you like. Risk for a fact != known fact. If there is a known bug in initramfs-tools which is fixed with an upgraded version, then it could and should be executed for all initrds. Eduard. -- Joey umh... zwischen gestern und heute haette eigentlich auch locker noch ein Tag reingepasst... youam Joey: diesen tag nennt man nacht und kennzeichnet ihn durch das fehlen des gelben balls im blauen raum
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
On Fri, Aug 18, 2006 at 12:12:28PM +0200, Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? This also increases the risk for breaking ALL WORKING initramfs images in the case where a new bug in initramfs-tools appears. Well, if you are interested in only 1, you don't use the -u option ? Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. I get uswsusp, cryptsetup, mdadm and udev on my machine. They all simply call update-initramfs -u. This means that security updates of these packages are not automatically applied to all installed kernels which is a major security issue imho. If you insist that update-initramfs -u only updates the latest kernel, you should file bug reports against all packages using update-initramfs -u. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#383600: behaviour of update-initramfs -u has changed, only updates latest kernel initrd
On Fri, Aug 18, 2006 at 07:03:52PM +0200, Michael Biebl wrote: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 01:07:34PM]: Eduard Bloch wrote: #include hallo.h * Michael Biebl [Fri, Aug 18 2006, 10:26:53AM]: I suggest to revert to the old behaviour and make -u update all installed kernels. Atm I have to specify each kernel separately vi -k to update them all. Why should one update _all_ initramfs images when beeing interested in only single one? Why should I be only interested in only a single one? If I install e.g. Because usualy it gets executed when you install a kernel-image package? Just grep for update-initramfs in /var/lib/dpkg/info/*.postinst. I get uswsusp, cryptsetup, mdadm and udev on my machine. They all simply call update-initramfs -u. This means that security updates of these packages are not automatically applied to all installed kernels which is a major security issue imho. If you insist that update-initramfs -u only updates the latest kernel, you should file bug reports against all packages using update-initramfs -u. or better yet, make the behaviour configurable, in a system wide debconf setting for example :) Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
