Re: [gentoo-user] old kernels are installed during the upgrade

[Alan McKinnon]

On 04/01/2018 08:40, Wols Lists wrote:
> On 03/01/18 22:09, Alan McKinnon wrote:
>> On 04/01/2018 00:02, Stroller wrote:
>>>
 On 3 Jan 2018, at 21:55, Wols Lists  wrote:
  
 What would be nice, would be if "emerge --depclean" had the smarts to
 recognise that /usr/src/linux pointed to the current active kernel, and
 didn't wipe that when it cleaned out everything else :-) That way, at
 most you could have the current and latest kernel sources available
 pretty easily.
>>>
>>> You've jogged a long-hibernating memory - the accidental removal of the 
>>> current sources tree in an accident like this may be the exact reason why I 
>>> refuse to allow kernel versions to be actively emerged.
>>
>> I think that's a mountain and a molehill. You still have the image in
>> /boot, config in /boot or in the running kernel, libs in /lib/modules
>> and the bootloader is intact.
>>
>> Delete the sources?
>> - Re-emerge them. 90 seconds.
>> - Re-compile using existing config. 20 minutes
>>
>> So deleting the sources for the running kernel is a doh! moment. But no
>> biggie, and certainly not cause for changing your routine (all in my own
>> not at all humble opinion, of course)
>>
> But it's a royal pain, especially if you don't realise that's what's
> happened, because a general emerge is likely to have a lot of grief.

Yes there is that

> 
> Dunno how many ebuilds actually refer to /usr/src/linux for some of
> their header files, but I doubt it's negligible. It's certainly caused
> me grief in the past.

It's a decidedly non-trivial number of ebuilds.

On Gentoo /usr/src is a symlink to the *configured* kernel sources, on
binary distros the same dir usually contains headers for the running kernel

> (Yes I think they're not supposed to, but what's that saying about
> theory and practice?)

I don't know of any documentation in Gentoo that says ebuilds shouldn't
do that but I can't think of any realistic alternatives. Gentoo needs
access to the kernel config not just the sources and we can't rely on a
config being present in /boot like binary distros can

> 
> I don't like it when well-known problems cause general breakage that is
> likely to cause havoc for unsuspecting users...

Gentoo has always had a fallback excuse position for devs:

By running Gentoo you give up all right to claiming to be an
"unsuspecting user"

Harsh I know, and sucky when it hits you, but it is what it is.
Gentoo is not for the faint-hearted



-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] old kernels are installed during the upgrade

[Wols Lists]

On 03/01/18 22:09, Alan McKinnon wrote:
> On 04/01/2018 00:02, Stroller wrote:
>>
>>> On 3 Jan 2018, at 21:55, Wols Lists  wrote:
>>>  
>>> What would be nice, would be if "emerge --depclean" had the smarts to
>>> recognise that /usr/src/linux pointed to the current active kernel, and
>>> didn't wipe that when it cleaned out everything else :-) That way, at
>>> most you could have the current and latest kernel sources available
>>> pretty easily.
>>
>> You've jogged a long-hibernating memory - the accidental removal of the 
>> current sources tree in an accident like this may be the exact reason why I 
>> refuse to allow kernel versions to be actively emerged.
> 
> I think that's a mountain and a molehill. You still have the image in
> /boot, config in /boot or in the running kernel, libs in /lib/modules
> and the bootloader is intact.
> 
> Delete the sources?
> - Re-emerge them. 90 seconds.
> - Re-compile using existing config. 20 minutes
> 
> So deleting the sources for the running kernel is a doh! moment. But no
> biggie, and certainly not cause for changing your routine (all in my own
> not at all humble opinion, of course)
> 
But it's a royal pain, especially if you don't realise that's what's
happened, because a general emerge is likely to have a lot of grief.

Dunno how many ebuilds actually refer to /usr/src/linux for some of
their header files, but I doubt it's negligible. It's certainly caused
me grief in the past.

(Yes I think they're not supposed to, but what's that saying about
theory and practice?)

I don't like it when well-known problems cause general breakage that is
likely to cause havoc for unsuspecting users...

Cheers,
Wol

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 23:41, Neil Bothwick  wrote:
> 
> On Wed, 3 Jan 2018 22:07:22 +, Stroller wrote:
> 
>>> If you do want to use versions, I'd recommend using ~ rather than = to
>>> pick up patch-level updates.  
>> 
>> What do you mean by this exactly, please?
> 
> If you have =foo-1.0 matches only foo-1.0, if a patched version is
> released as foo-1.0-r1, you won't get it. With ~foo-1.0 you will.
> 
> Neither will match foo-1.1

I would have guessed "~" means "approximate", but this is what I don't want.

If I want to recompile my kernel I'll choose the latest version and download 
the full sources.

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 22:47, Alan McKinnon  wrote:
> 
 
 What do you mean by this exactly, please?
>>> 
>>> =4.9.34 selects that exact version and only that specific version
>>> ~4.9.34 select that version and also 4.9.34-r1. There might need to be a
>>> * on the end of ~4.9.34, I don;t quite recall. Answer in portage's man pages
>> 
>> I thought it was something like that, but searched `man portage` for "~" 
>> more than one way, and didn't find reference to this. Am I blind?
> 
> man 5 ebuild
> 
> Section "Extended Atom Prefixes", it is near the top, probably first
> page on most screen sizes.
> 
> The location is very non-obvious, I only know of it because I refr to it
> often once I found it

The ability to block atoms looks interesting, although I can't think when I'd 
use it.

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Neil Bothwick]

On Wed, 3 Jan 2018 22:02:37 +, Stroller wrote:

> You've jogged a long-hibernating memory - the accidental removal of the
> current sources tree in an accident like this may be the exact reason
> why I refuse to allow kernel versions to be actively emerged.

It's not a big deal, as Alan explained, but I use a set to prevent any
kernel sources being depcleaned.


-- 
Neil Bothwick

Grow your own dope, plant a politician!


pgp4fxAKJiGEB.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] old kernels are installed during the upgrade

[Neil Bothwick]

On Wed, 3 Jan 2018 22:07:22 +, Stroller wrote:

> > If you do want to use versions, I'd recommend using ~ rather than = to
> > pick up patch-level updates.  
> 
> What do you mean by this exactly, please?

If you have =foo-1.0 matches only foo-1.0, if a patched version is
released as foo-1.0-r1, you won't get it. With ~foo-1.0 you will.

Neither will match foo-1.1

It's all in man portage.


-- 
Neil Bothwick

Only an idiot actually READS taglines.


pgpgOFx33buMo.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] old kernels are installed during the upgrade

[Alan McKinnon]

On 04/01/2018 00:41, Stroller wrote:
> 
>> On 3 Jan 2018, at 22:11, Alan McKinnon  wrote:
>>
>
> $ grep -e source /var/lib/portage/world
> sys-kernel/gentoo-sources:4.9.34
 ...
>>>
>>> I guess this risks that emerge will try to install 4.9.34-r1 during a 
>>> future update, but I don't believe I've ever experienced that.
>>
>> Only if the highest-versioned emerged sources are <4.9.34-r1
> 
> Yes, in the quoted example above I grepped my world file for sources and 
> 4.9.34 is currently installed. 
> 
>>>
 If you do want to use versions, I'd recommend using ~ rather than = to
 pick up patch-level updates.
>>>
>>> What do you mean by this exactly, please?
>>
>> =4.9.34 selects that exact version and only that specific version
>> ~4.9.34 select that version and also 4.9.34-r1. There might need to be a
>> * on the end of ~4.9.34, I don;t quite recall. Answer in portage's man pages
> 
> I thought it was something like that, but searched `man portage` for "~" more 
> than one way, and didn't find reference to this. Am I blind?

man 5 ebuild

Section "Extended Atom Prefixes", it is near the top, probably first
page on most screen sizes.

The location is very non-obvious, I only know of it because I refr to it
often once I found it


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] old kernels are installed during the upgrade

[Herminio Hernandez, Jr.]

I found this helpful in managing kernel versions

https://www.youtube.com/watch?v=UwvV2wf-Gk0

On Wed, Jan 3, 2018 at 3:41 PM, Stroller 
wrote:

>
> > On 3 Jan 2018, at 22:11, Alan McKinnon  wrote:
> >
> 
>  $ grep -e source /var/lib/portage/world
>  sys-kernel/gentoo-sources:4.9.34
> >>> ...
> >>
> >> I guess this risks that emerge will try to install 4.9.34-r1 during a
> future update, but I don't believe I've ever experienced that.
> >
> > Only if the highest-versioned emerged sources are <4.9.34-r1
>
> Yes, in the quoted example above I grepped my world file for sources and
> 4.9.34 is currently installed.
>
> >>
> >>> If you do want to use versions, I'd recommend using ~ rather than = to
> >>> pick up patch-level updates.
> >>
> >> What do you mean by this exactly, please?
> >
> > =4.9.34 selects that exact version and only that specific version
> > ~4.9.34 select that version and also 4.9.34-r1. There might need to be a
> > * on the end of ~4.9.34, I don;t quite recall. Answer in portage's man
> pages
>
> I thought it was something like that, but searched `man portage` for "~"
> more than one way, and didn't find reference to this. Am I blind?
>
> Stroller.
>
>
>

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 22:11, Alan McKinnon  wrote:
> 
 
 $ grep -e source /var/lib/portage/world
 sys-kernel/gentoo-sources:4.9.34
>>> ...
>> 
>> I guess this risks that emerge will try to install 4.9.34-r1 during a future 
>> update, but I don't believe I've ever experienced that.
> 
> Only if the highest-versioned emerged sources are <4.9.34-r1

Yes, in the quoted example above I grepped my world file for sources and 4.9.34 
is currently installed. 

>> 
>>> If you do want to use versions, I'd recommend using ~ rather than = to
>>> pick up patch-level updates.
>> 
>> What do you mean by this exactly, please?
> 
> =4.9.34 selects that exact version and only that specific version
> ~4.9.34 select that version and also 4.9.34-r1. There might need to be a
> * on the end of ~4.9.34, I don;t quite recall. Answer in portage's man pages

I thought it was something like that, but searched `man portage` for "~" more 
than one way, and didn't find reference to this. Am I blind?

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Alan McKinnon]

On 04/01/2018 00:07, Stroller wrote:
> 
>> On 3 Jan 2018, at 21:53, Neil Bothwick  wrote:
>>>
>>> It installs exactly that version, and that exact version is recorded in
>>> the world file.
>>>
>>> $ grep -e source /var/lib/portage/world
>>> sys-kernel/gentoo-sources:4.9.34
>>
>> That's not a version, it's a slot. Whilst kernels are currently slotted
>> with the version number, nothing else is and there is no guarantee that
>> this will also hold for kernels.
> 
> Fair enough, but there's nothing else I need to treat this way.
> 
> I guess this risks that emerge will try to install 4.9.34-r1 during a future 
> update, but I don't believe I've ever experienced that.

Only if the highest-versioned emerged sources are <4.9.34-r1
> 
>> If you do want to use versions, I'd recommend using ~ rather than = to
>> pick up patch-level updates.
> 
> What do you mean by this exactly, please?

=4.9.34 selects that exact version and only that specific version
~4.9.34 select that version and also 4.9.34-r1. There might need to be a
* on the end of ~4.9.34, I don;t quite recall. Answer in portage's man pages


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] old kernels are installed during the upgrade

[Alan McKinnon]

On 04/01/2018 00:02, Stroller wrote:
> 
>> On 3 Jan 2018, at 21:55, Wols Lists  wrote:
>>  
>> What would be nice, would be if "emerge --depclean" had the smarts to
>> recognise that /usr/src/linux pointed to the current active kernel, and
>> didn't wipe that when it cleaned out everything else :-) That way, at
>> most you could have the current and latest kernel sources available
>> pretty easily.
> 
> You've jogged a long-hibernating memory - the accidental removal of the 
> current sources tree in an accident like this may be the exact reason why I 
> refuse to allow kernel versions to be actively emerged.

I think that's a mountain and a molehill. You still have the image in
/boot, config in /boot or in the running kernel, libs in /lib/modules
and the bootloader is intact.

Delete the sources?
- Re-emerge them. 90 seconds.
- Re-compile using existing config. 20 minutes

So deleting the sources for the running kernel is a doh! moment. But no
biggie, and certainly not cause for changing your routine (all in my own
not at all humble opinion, of course)

-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 21:53, Neil Bothwick  wrote:
>> 
>> It installs exactly that version, and that exact version is recorded in
>> the world file.
>> 
>> $ grep -e source /var/lib/portage/world
>> sys-kernel/gentoo-sources:4.9.34
> 
> That's not a version, it's a slot. Whilst kernels are currently slotted
> with the version number, nothing else is and there is no guarantee that
> this will also hold for kernels.

Fair enough, but there's nothing else I need to treat this way.

I guess this risks that emerge will try to install 4.9.34-r1 during a future 
update, but I don't believe I've ever experienced that.

> If you do want to use versions, I'd recommend using ~ rather than = to
> pick up patch-level updates.

What do you mean by this exactly, please?

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 21:55, Wols Lists  wrote:
>  
> What would be nice, would be if "emerge --depclean" had the smarts to
> recognise that /usr/src/linux pointed to the current active kernel, and
> didn't wipe that when it cleaned out everything else :-) That way, at
> most you could have the current and latest kernel sources available
> pretty easily.

You've jogged a long-hibernating memory - the accidental removal of the current 
sources tree in an accident like this may be the exact reason why I refuse to 
allow kernel versions to be actively emerged.

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Wols Lists]

On 03/01/18 21:39, Stroller wrote:
>> What this completely misses, is that gentoo-sources merely DOWNLOADS THE
>> > LATEST KERNEL SOURCE. So updating gentoo-sources every time does nothing
>> > to change the kernel you are running.

> I don't know why you think I missed that.

Because you're banging on like downloading the source is the same thing
as installing a new kernel - which it's not.
> 
> If you `emerge gentoo-sources` then updates of them will appear every time 
> you --pretend update world until you allow them to be emerged, hence my use 
> of the word "nagged".
> 
Which is why I just let them appear and clutter up /usr/src :-)

> If you want to install them, that's your prerogative, but just allowing them 
> to be automatically emerged fills up your system with unwanted uncompressed 
> kernel sources, consuming huge amounts of space.
> 
I take your point - you're paying for storage by the meg, and a quick du
-sh tells me a kernel is approx 1G - ouch.

But is the OP like you, or like me - about to upgrade from a home system
that already has 6TB of storage ...

> 20GB should be ample space for an operating system IMO, but between /usr/src 
> and /usr/portage it's pretty easy to consume a quarter of that.

I remember when it fitted on an 8" floppy :-) It was bad enough
installing Slack from a 30-floppy set ...

What would be nice, would be if "emerge --depclean" had the smarts to
recognise that /usr/src/linux pointed to the current active kernel, and
didn't wipe that when it cleaned out everything else :-) That way, at
most you could have the current and latest kernel sources available
pretty easily.

Cheers,
Wol

Re: [gentoo-user] old kernels are installed during the upgrade

[Neil Bothwick]

On Wed, 3 Jan 2018 21:21:30 +, Stroller wrote:

> >> This pins your kernel version at 4.14.8-r1 and you can update when,
> >> in future, you decide it's time to update your kernel, without being
> >> nagged about it every time a new version is release or you emerge
> >> world.  
> > 
> > The equal sign doesn't pin versions, at least not that I remember. 
> > Package are pinned by slot in the world file. Coincidence may be that
> > the version you selected happens to be exclusively the only slot,
> > too.  
> 
> It installs exactly that version, and that exact version is recorded in
> the world file.
> 
> $ grep -e source /var/lib/portage/world
> sys-kernel/gentoo-sources:4.9.34

That's not a version, it's a slot. Whilst kernels are currently slotted
with the version number, nothing else is and there is no guarantee that
this will also hold for kernels.

If you do want to use versions, I'd recommend using ~ rather than = to
pick up patch-level updates.


-- 
Neil Bothwick

I backed up my hard drive and ran into a bus.


pgpCzHVwWyyLH.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] old kernels are installed during the upgrade

[Dale]

Wols Lists wrote:
> On 03/01/18 21:21, Stroller wrote:
>> Meanwhile, I've seen security vulnerabilities go unfixed for literally weeks 
>> in the bug tracker, so I don't see the significance of a vulnerability an 
>> attacker is unlikely to be able to reach. The sites I visit do not make me 
>> fear my kernel being attacked via the browser.
>>
>> This thread is not for arguing about security, which is an old discussion 
>> and which has been done to death. Everyone has their own opinions, and I'm 
>> not going to add any more.
>>
>> This thread is about how to fix OP's problem, and that's what I addressed. 
>> If you install kernels by specific version, as I suggest, then you're free 
>> to update them manually as often as you wish.
> And heaven help you if you think emerging a specific version of
> gentoo-sources will update the kernel you're running. Because Linux
> certainly won't.
>
> Hint: changing the current version of gentoo-sources does ABSOLUTELY
> NOTHING to your running system, so why not emerge them all?
>
> Cheers,
> Wol
>
>

My question would be the opposite.  Why emerge kernels you are not going
to build anyway?  The only kernels I have installed here are the ones I
have emerged, built and installed for either current or future use. 
There is no reason to have sources for kernels that I know I will never
use.  The same could apply to others as well. 

Dale

:-)  :-) 

Re: [gentoo-user] old kernels are installed during the upgrade

[Rich Freeman]

On Wed, Jan 3, 2018 at 4:21 PM, Stroller  wrote:
>
> If the kernel devs cared to announce when they were patching exploits then we 
> could take each
> one under consideration individually. But the kernel devs are secretive about 
> kernel exploits, because
> they know there are literally millions of systems out there on the internet 
> with kernels months and years old.
>

I'm skeptical of that claim.  I think it is more that they don't want
to try to track which commits are associated with CVEs.  I believe
they've said as much publicly.  They're not particularly secretive
about exploits except when they're under embargo (such as at the
present moment).

-- 
Rich

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 3 Jan 2018, at 21:31, Wols Lists  wrote:
> 
> And heaven help you if you think emerging a specific version of
> gentoo-sources will update the kernel you're running. Because Linux
> certainly won't.

Heaven help me?

Could you possibly clarify, please?

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 2 Jan 2018, at 19:47, Wols Lists  wrote:
> 
> You should also check the CVEs every time there's a new kernel!

Who the heck's got time for that? Really?

I have a life, mate. And that means I have better things to do with my time.

Translation of what you just said: you should buy a Mac, because Linux is so 
much work you have to check security bulletins all the time.

> What this completely misses, is that gentoo-sources merely DOWNLOADS THE
> LATEST KERNEL SOURCE. So updating gentoo-sources every time does nothing
> to change the kernel you are running.

I don't know why you think I missed that.

If you `emerge gentoo-sources` then updates of them will appear every time you 
--pretend update world until you allow them to be emerged, hence my use of the 
word "nagged".

If you want to install them, that's your prerogative, but just allowing them to 
be automatically emerged fills up your system with unwanted uncompressed kernel 
sources, consuming huge amounts of space.

20GB should be ample space for an operating system IMO, but between /usr/src 
and /usr/portage it's pretty easy to consume a quarter of that.

I'm happy to do things your way if you're contributing to my hosting bill, but 
from the sounds of it this is about the way YOU choose to administer YOUR 
systems, and that you think I should be deferential to that.

Do you not think, in my nearly 20 years of using *nix systems and reading *nix 
related mailing lists, I've never heard someone advocate these kind of security 
principles before?

These kind of arguments are theoretical. In the real world, there are millions 
of people still running Windows XP and now-obsolete versions of Android on 
their phones. A kernel that's a few months old is hardly likely to hurt me.

Stroller.
D

Re: [gentoo-user] old kernels are installed during the upgrade

[Wols Lists]

On 03/01/18 21:21, Stroller wrote:
> Meanwhile, I've seen security vulnerabilities go unfixed for literally weeks 
> in the bug tracker, so I don't see the significance of a vulnerability an 
> attacker is unlikely to be able to reach. The sites I visit do not make me 
> fear my kernel being attacked via the browser.
> 
> This thread is not for arguing about security, which is an old discussion and 
> which has been done to death. Everyone has their own opinions, and I'm not 
> going to add any more.
> 
> This thread is about how to fix OP's problem, and that's what I addressed. If 
> you install kernels by specific version, as I suggest, then you're free to 
> update them manually as often as you wish.

And heaven help you if you think emerging a specific version of
gentoo-sources will update the kernel you're running. Because Linux
certainly won't.

Hint: changing the current version of gentoo-sources does ABSOLUTELY
NOTHING to your running system, so why not emerge them all?

Cheers,
Wol

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 2 Jan 2018, at 20:20, Kai Krakow  wrote:
> 
> 
>> Now `emerge -n =sys-kernel/gentoo-sources-4.14.8-r1` - "This option can
>> be used to update the world file without  rebuilding the packages."
> 
> I don't think this is how it works. While technically correct, the 
> outcome is different to what you're trying to achieve.
> 
> 
>> This pins your kernel version at 4.14.8-r1 and you can update when, in
>> future, you decide it's time to update your kernel, without being nagged
>> about it every time a new version is release or you emerge world.
> 
> The equal sign doesn't pin versions, at least not that I remember. 
> Package are pinned by slot in the world file. Coincidence may be that the 
> version you selected happens to be exclusively the only slot, too.

It installs exactly that version, and that exact version is recorded in the 
world file.

$ grep -e source /var/lib/portage/world
sys-kernel/gentoo-sources:4.9.34
$ 

> It's adequate to update your software when a security hole was fixed - on 
> the point. Not two or three months later...
> 
> It gives a false impression of safety if you recommend such things.

We could spend every day updating our systems - IDK about you, but I have 
better things to do.

If the kernel devs cared to announce when they were patching exploits then we 
could take each one under consideration individually. But the kernel devs are 
secretive about kernel exploits, because they know there are literally millions 
of systems out there on the internet with kernels months and years old.

You're right about the attack vectors, which is why I prioritise the apps and 
servers I run - an attacker has to get past those before it can exploit those. 
I updated OpenSSH and openssl the day I leaned of the HeartBleed attack for 
example.

Meanwhile, I've seen security vulnerabilities go unfixed for literally weeks in 
the bug tracker, so I don't see the significance of a vulnerability an attacker 
is unlikely to be able to reach. The sites I visit do not make me fear my 
kernel being attacked via the browser.

This thread is not for arguing about security, which is an old discussion and 
which has been done to death. Everyone has their own opinions, and I'm not 
going to add any more.

This thread is about how to fix OP's problem, and that's what I addressed. If 
you install kernels by specific version, as I suggest, then you're free to 
update them manually as often as you wish.

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Wols Lists]

On 02/01/18 19:26, Stroller wrote:
> 
>> On 2 Jan 2018, at 11:54, Kruglov Sergey  wrote:
>>
>> Now I have  gentoo-sources-4.14.8-r1 installed.
>> After  "emerge --ask --update --deep --with-bdeps=y --newuse @world" command 
>> emerge installs old kernel in NS (after first update 4.12.12, after second 
>> update 4.9.49-r1).
>> How can I fix it?
>> There is sys-kernel/gentoo-sources in my world set.
> 
> Remove sys-kernel/gentoo-sources from your world file - I believe you can do 
> this using the emerge command, but am unsure of the right syntax; you can 
> just edit /var/lib/portage/world and delete the appropriate line.D
> 
> Now `emerge -n =sys-kernel/gentoo-sources-4.14.8-r1` - "This option can be 
> used to update the world file without  rebuilding the packages."
> 
> This pins your kernel version at 4.14.8-r1 and you can update when, in 
> future, you decide it's time to update your kernel, without being nagged 
> about it every time a new version is release or you emerge world.
> 
> For this reason it's always best to emerge kernels with an equals sign, 
> pinning them at some specific version, IMO.
> 
Why???

> This suggestion may provoke responses that the kernel is important and you 
> should update it to ensure you get security updates - look at the attack 
> vectors, you're probably sitting behind a NAT router, with very few ports 
> exposed to the internet.
> 
> It's adequate to update your kernel every 3 months.
> 
You should also check the CVEs every time there's a new kernel!

What this completely misses, is that gentoo-sources merely DOWNLOADS THE
LATEST KERNEL SOURCE. So updating gentoo-sources every time does nothing
to change the kernel you are running.

Just leave gentoo-sources in your world file, and don't necessarily
compile and update your running kernel just because gentoo-sources has
had an update.

I normally do not clean out kernels from my grub.conf until I've built
up enough to be annoying, so downgrading a broken kernel is just a quick
edit away ...

Cheers,
Wol

Re: [gentoo-user] old kernels are installed during the upgrade

[Neil Bothwick]

On Tue, 2 Jan 2018 11:54:50 +, Kruglov Sergey wrote:

> Now I have  gentoo-sources-4.14.8-r1 installed.
> 
> After  "emerge --ask --update --deep --with-bdeps=y --newuse @world"
> command emerge installs old kernel in NS (after first update 4.12.12,
> after second update 4.9.49-r1). How can I fix it? There is
> sys-kernel/gentoo-sources in my world set.

It's been keyworded because of issues discussed previously. Simply add 
"=sys-kernel/gentoo-sources-4.14.8-r1" (or .10-r1)
to /etc/portage/package.accept_keywords.


-- 
Neil Bothwick

Plagarism prohibited. Derive carefully.


pgpMMvAMxruiC.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] old kernels are installed during the upgrade

[Stroller]

> On 2 Jan 2018, at 11:54, Kruglov Sergey  wrote:
> 
> Now I have  gentoo-sources-4.14.8-r1 installed.
> After  "emerge --ask --update --deep --with-bdeps=y --newuse @world" command 
> emerge installs old kernel in NS (after first update 4.12.12, after second 
> update 4.9.49-r1).
> How can I fix it?
> There is sys-kernel/gentoo-sources in my world set.

Remove sys-kernel/gentoo-sources from your world file - I believe you can do 
this using the emerge command, but am unsure of the right syntax; you can just 
edit /var/lib/portage/world and delete the appropriate line.D

Now `emerge -n =sys-kernel/gentoo-sources-4.14.8-r1` - "This option can be used 
to update the world file without  rebuilding the packages."

This pins your kernel version at 4.14.8-r1 and you can update when, in future, 
you decide it's time to update your kernel, without being nagged about it every 
time a new version is release or you emerge world.

For this reason it's always best to emerge kernels with an equals sign, pinning 
them at some specific version, IMO.

This suggestion may provoke responses that the kernel is important and you 
should update it to ensure you get security updates - look at the attack 
vectors, you're probably sitting behind a NAT router, with very few ports 
exposed to the internet.

It's adequate to update your kernel every 3 months.

Stroller.

Re: [gentoo-user] old kernels are installed during the upgrade

[Mick]

On Tuesday, 2 January 2018 12:03:24 GMT Alexander Kapshuk wrote:
> On Tue, Jan 2, 2018 at 1:54 PM, Kruglov Sergey  wrote:
> > Hello, All!
> > 
> > 
> > Now I have  gentoo-sources-4.14.8-r1 installed.
> > 
> > After  "emerge --ask --update --deep --with-bdeps=y --newuse @world"
> > command emerge installs old kernel in NS (after first update 4.12.12,
> > after second update 4.9.49-r1).
> > How can I fix it?
> > There is sys-kernel/gentoo-sources in my world set.
> 
> There was a discussion about this on the gentoo-dev mailing list. See
> the link below for details:
> https://archives.gentoo.org/gentoo-dev/message/1d2f3f98c2485fa53ed602bc82850
> 54c

Alan copied a message from the devs list a few days ago, explaining that 
kernel 4.14 release has caused a lot of breakage and was keyworded for this 
reason.  Reverting to earlier releases is meant to address this.

That said, I've been running gentoo-sources-4.14.8-r1 here too, on 3 different 
boxen and thought it was doing fine, thanks.  Then I discovered KVM images 
failed to boot with this error:

kernel: kvm [5499]: vcpu0, guest rIP: 0xbbe67be4 disabled perfctr 
wrmsr: 0xc2 data 0x

:-/

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] old kernels are installed during the upgrade

[Alexander Kapshuk]

On Tue, Jan 2, 2018 at 1:54 PM, Kruglov Sergey  wrote:
> Hello, All!
>
>
> Now I have  gentoo-sources-4.14.8-r1 installed.
>
> After  "emerge --ask --update --deep --with-bdeps=y --newuse @world" command
> emerge installs old kernel in NS (after first update 4.12.12, after second
> update 4.9.49-r1).
> How can I fix it?
> There is sys-kernel/gentoo-sources in my world set.
>
>

There was a discussion about this on the gentoo-dev mailing list. See
the link below for details:
https://archives.gentoo.org/gentoo-dev/message/1d2f3f98c2485fa53ed602bc8285054c

[gentoo-user] old kernels are installed during the upgrade

[Kruglov Sergey]

Hello, All!


Now I have  gentoo-sources-4.14.8-r1 installed.

After  "emerge --ask --update --deep --with-bdeps=y --newuse @world" command 
emerge installs old kernel in NS (after first update 4.12.12, after second 
update 4.9.49-r1).
How can I fix it?
There is sys-kernel/gentoo-sources in my world set.