linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-17 Thread Phil Roche 
@elad.ga...@wiz.io

Kernel headers, modules and modules-extras for GKE kernel versions
5.15.0.1027, 5.15.0.1028 and 5.15.0.1030 have now restored to the archive.

There has also been an exception to any archive pruning/deleting made for
future gke
and gkeop (Anthos on VMware) kernel header and module packages due to the
GKE deployments being long-lived and often having older kernels installed.

See https://lists.ubuntu.com/archives/ubuntu-devel/2023-May/042571.html for
context

Phil (Canonical Public Cloud Team)



>   1.  Now, instaed of "apt install -y linux-headers-$(uname -r)", I do
> """
> KERNEL_VERSION="$(uname -r | sed 's,-gke,,g')"
> pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' 
> linux-headers-${KERNEL_VERSION}-gke -s all
> pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' 
> linux-gke-headers-${KERNEL_VERSION} -s all
> apt install -y ./*.deb
>
>  """
>  and it looks OK.
>
>
>   1.  I use the latest GKE version, seems like they didn't update the kernel 
> versions in them..
>
> Thanks!
> 
> From: Dimitri John Ledkov  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> Sent: Monday, May 15, 2023 12:46
> To: Elad Gabay  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> Cc: ubuntu-devel-discuss at lists.ubuntu.com 
> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss> 
>  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
>
> Caution - External Sender
>
>
> 1) did you try pull-lp-debs as suggested in the first email, and is
> that not sufficient to find/download header debs and install them?
>
> 2) I have to point out that linux-gke 5.15.0-1028.33 was superseded on
> 2023-01-06 (more than 4 months ago) by linux-gke - 5.15.0-1024.29
>
> The kernel gke abi you are using is 4 months obsolete and likely
> contains multiple publicly known security vulnerabilities. GKE
> provides multiple update mechanisms (cluster/image based, or
> apt/unattended-upgrades based) , which one should be using to receive
> kernel security updates for your cluster. Please contact your GKE
> support to investigate why your clusters are not receiving security
> updates.
>
> Given your post, and other posts from other GKE users, I am deeply
> concerned that many GKE deployments are not receiving updates, which
> Ubuntu is publishing for GKE. Note that Ubuntu has no callhome
> capability to explain why particular Ubuntu installations are not
> downloading and applying security updates.
>
> On Sun, 14 May 2023 at 12:26, Elad Gabay  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>> wrote:
> >>* Hi,
> *>* I don't have access to do full host bind mount therefore I can't use 
> headers from the node, I need to be able to fetch the headers from a 
> container\other machine.
> *>* Now I see the same for linux-headers-5.15.0-1030-gke version.
> *>* Thanks
> *>* 
> *>* From: Dimitri John Ledkov  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> *>* Sent: Saturday, May 13, 2023 03:03
> *>* To: Elad Gabay  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> *>* Cc: ubuntu-devel-discuss at lists.ubuntu.com 
> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss> 
>  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>>
> *>* Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
> *>>* Caution - External Sender
> *>>>* Please see this discussion over here
> *>* https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html 
> <https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html> and
> *>* the emails before/later in the thread.
> *>>* tl;dr Note you have access to headers on the host that you can bind
> *>* mount in the container, you are using obsolete out-of-date kernel ABI.
> *>* You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
> *>* fetch desired packages for Jammy ABI directly from launchpad.
> *>>* On Sat, 13 May 2023 at 00:51, Elad Gabay  <https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss>> wrote:
> *>* >
> *>* > Hello,
> *>* > Is there a reason that "linux-headers-5.15.0-1028-gke" published only 
> for Ubuntu 20.04 but not for 22.04?
> *>* > https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke 
> <https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-

Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-16 Thread Elad Gabay 
  1.  Now, instaed of "apt install -y linux-headers-$(uname -r)", I do
"""
KERNEL_VERSION="$(uname -r | sed 's,-gke,,g')"
pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' 
linux-headers-${KERNEL_VERSION}-gke -s all
pull-lp-debs -p debs -D ppa --ppa 'canonical-kernel-team/ppa' 
linux-gke-headers-${KERNEL_VERSION} -s all
apt install -y ./*.deb

 """
 and it looks OK.


  1.  I use the latest GKE version, seems like they didn't update the kernel 
versions in them..

Thanks!

From: Dimitri John Ledkov 
Sent: Monday, May 15, 2023 12:46
To: Elad Gabay 
Cc: ubuntu-devel-discuss@lists.ubuntu.com 

Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

Caution - External Sender


1) did you try pull-lp-debs as suggested in the first email, and is
that not sufficient to find/download header debs and install them?

2) I have to point out that linux-gke 5.15.0-1028.33 was superseded on
2023-01-06 (more than 4 months ago) by linux-gke - 5.15.0-1024.29

The kernel gke abi you are using is 4 months obsolete and likely
contains multiple publicly known security vulnerabilities. GKE
provides multiple update mechanisms (cluster/image based, or
apt/unattended-upgrades based) , which one should be using to receive
kernel security updates for your cluster. Please contact your GKE
support to investigate why your clusters are not receiving security
updates.

Given your post, and other posts from other GKE users, I am deeply
concerned that many GKE deployments are not receiving updates, which
Ubuntu is publishing for GKE. Note that Ubuntu has no callhome
capability to explain why particular Ubuntu installations are not
downloading and applying security updates.

On Sun, 14 May 2023 at 12:26, Elad Gabay  wrote:
>
> Hi,
> I don't have access to do full host bind mount therefore I can't use headers 
> from the node, I need to be able to fetch the headers from a container\other 
> machine.
> Now I see the same for linux-headers-5.15.0-1030-gke version.
> Thanks
> 
> From: Dimitri John Ledkov 
> Sent: Saturday, May 13, 2023 03:03
> To: Elad Gabay 
> Cc: ubuntu-devel-discuss@lists.ubuntu.com 
> 
> Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
>
> Caution - External Sender
>
>
> Please see this discussion over here
> https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html and
> the emails before/later in the thread.
>
> tl;dr Note you have access to headers on the host that you can bind
> mount in the container, you are using obsolete out-of-date kernel ABI.
> You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
> fetch desired packages for Jammy ABI directly from launchpad.
>
> On Sat, 13 May 2023 at 00:51, Elad Gabay  wrote:
> >
> > Hello,
> > Is there a reason that "linux-headers-5.15.0-1028-gke" published only for 
> > Ubuntu 20.04 but not for 22.04?
> > https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
> > Ubuntu – Details of package linux-headers-5.15.0-1028-gke in focal
> > Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
> > packages.ubuntu.com
> >
> >
> > Thanks
> > Elad
> > --
> > Ubuntu-devel-discuss mailing list
> > Ubuntu-devel-discuss@lists.ubuntu.com
> > Modify settings or unsubscribe at: 
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> okurrr,
>
> Dimitri



--
okurrr,

Dimitri
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-16 Thread Elad Gabay 
Hi,
I don't have access to do full host bind mount therefore I can't use headers 
from the node, I need to be able to fetch the headers from a container\other 
machine.
Now I see the same for linux-headers-5.15.0-1030-gke version.
Thanks

From: Dimitri John Ledkov 
Sent: Saturday, May 13, 2023 03:03
To: Elad Gabay 
Cc: ubuntu-devel-discuss@lists.ubuntu.com 

Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

Caution - External Sender


Please see this discussion over here
https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html and
the emails before/later in the thread.

tl;dr Note you have access to headers on the host that you can bind
mount in the container, you are using obsolete out-of-date kernel ABI.
You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
fetch desired packages for Jammy ABI directly from launchpad.

On Sat, 13 May 2023 at 00:51, Elad Gabay  wrote:
>
> Hello,
> Is there a reason that "linux-headers-5.15.0-1028-gke" published only for 
> Ubuntu 20.04 but not for 22.04?
> https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
> Ubuntu – Details of package linux-headers-5.15.0-1028-gke in focal
> Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
> packages.ubuntu.com
>
>
> Thanks
> Elad
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss



--
okurrr,

Dimitri
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-15 Thread Dimitri John Ledkov 
1) did you try pull-lp-debs as suggested in the first email, and is
that not sufficient to find/download header debs and install them?

2) I have to point out that linux-gke 5.15.0-1028.33 was superseded on
2023-01-06 (more than 4 months ago) by linux-gke - 5.15.0-1024.29

The kernel gke abi you are using is 4 months obsolete and likely
contains multiple publicly known security vulnerabilities. GKE
provides multiple update mechanisms (cluster/image based, or
apt/unattended-upgrades based) , which one should be using to receive
kernel security updates for your cluster. Please contact your GKE
support to investigate why your clusters are not receiving security
updates.

Given your post, and other posts from other GKE users, I am deeply
concerned that many GKE deployments are not receiving updates, which
Ubuntu is publishing for GKE. Note that Ubuntu has no callhome
capability to explain why particular Ubuntu installations are not
downloading and applying security updates.

On Sun, 14 May 2023 at 12:26, Elad Gabay  wrote:
>
> Hi,
> I don't have access to do full host bind mount therefore I can't use headers 
> from the node, I need to be able to fetch the headers from a container\other 
> machine.
> Now I see the same for linux-headers-5.15.0-1030-gke version.
> Thanks
> 
> From: Dimitri John Ledkov 
> Sent: Saturday, May 13, 2023 03:03
> To: Elad Gabay 
> Cc: ubuntu-devel-discuss@lists.ubuntu.com 
> 
> Subject: Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04
>
> Caution - External Sender
>
>
> Please see this discussion over here
> https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html and
> the emails before/later in the thread.
>
> tl;dr Note you have access to headers on the host that you can bind
> mount in the container, you are using obsolete out-of-date kernel ABI.
> You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
> fetch desired packages for Jammy ABI directly from launchpad.
>
> On Sat, 13 May 2023 at 00:51, Elad Gabay  wrote:
> >
> > Hello,
> > Is there a reason that "linux-headers-5.15.0-1028-gke" published only for 
> > Ubuntu 20.04 but not for 22.04?
> > https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
> > Ubuntu – Details of package linux-headers-5.15.0-1028-gke in focal
> > Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
> > packages.ubuntu.com
> >
> >
> > Thanks
> > Elad
> > --
> > Ubuntu-devel-discuss mailing list
> > Ubuntu-devel-discuss@lists.ubuntu.com
> > Modify settings or unsubscribe at: 
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
> --
> okurrr,
>
> Dimitri



-- 
okurrr,

Dimitri

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-12 Thread Dimitri John Ledkov 
Please see this discussion over here
https://lists.ubuntu.com/archives/kernel-team/2023-May/139336.html and
the emails before/later in the thread.

tl;dr Note you have access to headers on the host that you can bind
mount in the container, you are using obsolete out-of-date kernel ABI.
You can use `pull-pkg / pull-lp-debs / pull-lp-ddebs` as needed to
fetch desired packages for Jammy ABI directly from launchpad.

On Sat, 13 May 2023 at 00:51, Elad Gabay  wrote:
>
> Hello,
> Is there a reason that "linux-headers-5.15.0-1028-gke" published only for 
> Ubuntu 20.04 but not for 22.04?
> https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
> Ubuntu – Details of package linux-headers-5.15.0-1028-gke in focal
> Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
> packages.ubuntu.com
>
>
> Thanks
> Elad
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss



-- 
okurrr,

Dimitri

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

linux-headers-5.15.0-1028-gke for Ubuntu 22.04

2023-05-12 Thread Elad Gabay 
Hello,
Is there a reason that "linux-headers-5.15.0-1028-gke" published only for 
Ubuntu 20.04 but not for 22.04?
https://packages.ubuntu.com/uk/focal/main/linux-headers-5.15.0-1028-gke
Ubuntu – Details of package linux-headers-5.15.0-1028-gke in 
focal
Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
packages.ubuntu.com


Thanks
Elad
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss