Re: [DNG] unsigned kernels - strange behaviour

2021-02-21 Thread Olaf Meeuwissen via Dng 
Hi Erich,

Erich Minderlein via Dng writes:

> Hi
>
> tonight my ansible stopped execution with the message
>
> TASK [Reboot the box if kernel updated] 
> 
> fatal: [*$Hostname*]: FAILED! => {"changed": false, "elapsed": 0, "msg": 
> "Running reboot with local connection would reboot the control node.", 
> "rebooted": false}
>
> Now there are no new kernels to install, because the system is up to date.
> Last kernel install was Feb  7 06:49
>
> [...]

FYI, kernel upgrades are *not* the only trigger for reboots.  Other
packages may requests reboots as well.  Some that I (vaguely) recall
from the top of my head include initramfs-tools and libc-bin.

You may find a /var/run/needs-reboot (or similar, don't remember the
exact name, nor location below /var) that is used as the trigger and
contains the packages that want to trigger.  A reboot will remove the
file.

# find /var -name '*reboot*' should list the file, if it still exists.

Hope this helps,
--
Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Softwarehttps://my.fsf.org/donate
 Join the Free Software Foundation  https://my.fsf.org/join
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] unsigned kernels - strange behaviour

2021-02-20 Thread aitor 

Hi Erich,

On 20/2/21 10:59, Erich Minderlein via Dng wrote:

What are these unsigned packages for ?
I'm not pretty sure at this point, but they appear to be packages for 
the internal use by Debian Kernel Team  
during their test builds.
They do not usually provide mini-packages for debian-installer. Read the 
lines nº568-580 in debian/rules.real (see below [*]):


|install-udeb_$(ARCH): # Logically we should check for %-di here, but 
that would break test builds ifneq (,$(filter 
linux-image-%,$(packages_enabled))) dh_testdir dh_prep kernel-wedge 
install-files $(ABINAME) kernel-wedge check $(PACKAGE_NAMES) dh_fixperms 
ifeq ($(UDEB_UNSIGNED_TEST_BUILD),False) dh_gencontrol dh_builddeb endif 
endif # enabled This is because kernel-wedge doesn't expect any 
-unsigned suffix. Unsigned templates are signed by an additional 
rules.real: 
https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/signing_templates/rules.real 
 
|


|In gnuinos, i use the following workaround (||completely unorthodox):|

    dh_testdir
    dh_prep
    while read flavour; do \
        rm -f debian/linux-image-$(ABINAME)-$$flavour; \
        ln -s linux-image-$(ABINAME)-$$flavour-unsigned \
            debian/linux-image-$(ABINAME)-$$flavour; \
    done < <(awk '!/^#/ { print $$3 }' $(KW_CONFIG_DIR)/kernel-versions)
    kernel-wedge install-files $(ABINAME)
    kernel-wedge check $(PACKAGE_NAMES)
    dh_fixperms
    dh_gencontrol
    dh_builddeb

Cheers,

Aitor.

[*] 
https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/rules.real 



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] unsigned kernels - strange behaviour

2021-02-20 Thread Erich Minderlein via Dng 

Hi

tonight my ansible stopped execution with the message

TASK [Reboot the box if kernel updated] 
fatal: [*$Hostname*]: FAILED! => {"changed": false, "elapsed": 0, "msg": "Running reboot with 
local connection would reboot the control node.", "rebooted": false}

Now there are no new kernels to install, because the system is up to date.
Last kernel install was Feb  7 06:49

/ ls -tlah vmlinuz*
lrwxrwxrwx 1 root root 28 Feb  7 06:49 vmlinuz -> boot/vmlinuz-4.19.0-14-amd64
lrwxrwxrwx 1 root root 28 Feb  7 06:49 vmlinuz.old -> 
boot/vmlinuz-4.19.0-13-amd64
/boot # ls -tlah vmlinuz*
-rw-r--r-- 1 root root 5.1M Jan 30 10:35 vmlinuz-4.19.0-14-amd64
-rw-r--r-- 1 root root 5.1M Nov 28 08:47 vmlinuz-4.19.0-13-amd64

looking at the kernels I find this
dpkg -l 'linux-image-*-unsigned'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version  Architecture Description
+++----=
un  linux-image-4.19.0-13-amd64-unsigned   (no 
description available)
un  linux-image-4.19.0-14-amd64-unsigned   (no 
description available)

aptitude shows
 Actions  Undo  Package  Resolver  Search  Options  Views  Help
C-T: Menu  ?: Help  q: Quit  u: Update  g: Preview/Download/Install/Remove Pkgs
aptitude 0.8.11 @ hostname
--\ Not Installed Packages (7)
...
  --\ kernel Kernel and kernel modules (6)
--\ main   The main Debian archive (6)
p linux-image-4.19.0-13-amd64-unsigned
4.19.160-2
p linux-image-4.19.0-13-cloud-amd64-unsigned  
4.19.160-2
p linux-image-4.19.0-13-rt-amd64-unsigned 
4.19.160-2
p linux-image-4.19.0-14-amd64-unsigned
4.19.171-2
p linux-image-4.19.0-14-cloud-amd64-unsigned  
4.19.171-2
p linux-image-4.19.0-14-rt-amd64-unsigned 
4.19.171-2
   
┌─┐
   │Really quit 
Aptitude?│
   │  [ Yes ][ No ] 
 │
   
└─┘
These packages are not installed on your computer.
This group contains 7 packages.

What are these unsigned packages for ?

Why does the system want install some unknown kernels as the actual signed 
package is already installed ?

Three month ago I had a strange collapse of my debian,
as the directory /usr was empty over night.
System was unusable and I made a fresh install of devuan instad of debian.
I planned this anyhow.
Is there something spooky going on ?
Is something compromised on this system ?

--
mit freundlichen Grüßen
with the best(e) regards

cordialement

Erich |\/|inderlei|\|

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng