Univention Bugzilla – Bug 38873
Preview Linux Kernel 4.1 for UCS 4.1
Last modified: 2015-11-17 12:11:57 CET
Milestone 1 for UCS 4.1 should include a preview of the Linux Kernel 4.1.
$ repo_admin.py -U -p linux -d sid -r 4.1-0-0 # 4.1.6-1 r15198 | linux/4.1-0-0-ucs/4.1.6-1/ r15199 | linux/4.1-0-0-ucs/4.1.6-1/ r15200 | linux/4.1-0-0-ucs/4.1.6-1/ $ build-package-ng -r 4.1-0-0 -P ucs -p linux --force-arch --no-pbuilder-update Package: linux Version: 4.1.6-1.142.201508311244 Branch: ucs_4.1-0 $ build-package-architecture-ng -r 4.1-0-0 -P ucs -p linux --no-pbuilder-update r63389 | Bug #38873 kernel: Copyright 2015 r63388 | Bug #38873 kernel: modernize build r63387 | Bug #38873 kernel: Copyright 2015 TODO: Breaks udev (< 208-8~)
(In reply to Philipp Hahn from comment #1) > TODO: Breaks udev (< 208-8~) This was added due to <https://bugs.debian.org/752742> and <https://bugs.debian.org/756312> (CONFIG_UEVENT_HELPER=n) r15229 | Re-enable CONFIG_UEVENT_HELPER=y
Package: linux Version: 4.1.6-1.143.201509021231 Branch: ucs_4.1-0 omar is using a too old apt-ftparchive: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774893>. Patch at <https://lists.debian.org/deity/2015/01/msg00015.html> Worked around by hand: cd /var/univention/buildsystem2/apt/ucs_4.1-0 sed -i.bak -re '/-4\.1\.0-ucs[0-9]+-([0-9]86|amd64)/n;/-4\.1\.0-ucs[0-9]+-.*deb /d' source/linux_4.1.6-1.143.201509021231.dsc set -i.bak -re ' s!^ [0-9a-f]{40} [0-9]+ (linux_[0-9.-]+.dsc)!echo " `sha1sum source/\1|cut -d\\ -f1` `stat -c %s source/\1` \1"!e s!^ [0-9a-f]{64} [0-9]+ (linux_[0-9.-]+.dsc)!echo " `sha256sum source/\1|cut -d\\ -f1` `stat -c %s source/\1` \1"!e s!^ [0-9a-f]{32} [0-9]+ (\w+) (\w+) (linux_[0-9.-]+.dsc)!echo " `md5sum source/\3|cut -d\\ -f1` `stat -c %s source/\3` \1 \2 \3"!e ' source/linux_4.1.6-1.143.201509021231_i386.changes repo-apt-ftparchive --release ucs_4.1-0 OK: amd64 @ kvm OK: i386 @ kvm OK: amd64 @ xen12 OK: pgrep -l udevd r63421 | Bug #38873: linux-4.1.6 signed r63420 | Bug #38873: linux-4.1.6 Package: univention-kernel-image Version: 9.0.0-1.78.201509031018 Branch: ucs_4.1-0 r63422 | Bug #38873 doc: linux-4.1.6 changelog-4.1-0.xml TODO: sign kernel for Secure Boot, add to univention-kernel-image-signed, build, ...
Running "signtool.exe sign /v /debug /fd SHA256 vmlinuz-4.1.0-ucs143-amd64" returns error 0x800700C1, which <https://markcz.wordpress.com/2013/01/26/signtool-exe-returned-error-0x800700c1/> indicates, that the Linux-4.1 kernel might be signed already: $ cmp -l -b /boot/vmlinuz-3.16.0-ucs135-amd64 /boot/vmlinuz-3.16.0-ucs135-amd64.efi.signed 219 0 ^@ 14 ^L 220 0 ^@ 106 F 221 0 ^@ 77 ? 299 0 ^@ 200 M-^@ 300 0 ^@ 63 3 301 0 ^@ 77 ? 303 0 ^@ 120 P 304 0 ^@ 17 ^O $ hte /boot/vmlinuz-3.16.0-ucs135-amd64.efi.signed * PE header at offset 0x00000082 [-] optional header: NT fields checksum 003f460c [-] optional header: directories security directory (rva/size) 003f3380 00000f50 raw But running "hte vmlinuz-4.1.0-ucs143-amd64" shows both fiels to be zero. TBC...
# diff <(pedump /boot/vmlinuz-3.16.0-ucs135-amd64) <(pedump /boot/vmlinuz-4.1.0-ucs143-amd64) < SectionAlignment: 32 0x20 --- > SectionAlignment: 2097152 0x200000 $ git show aeffc4928ea21aab3c7be72f00e257799b661c29 commit aeffc4928ea21aab3c7be72f00e257799b661c29 Author: Michael Brown <mbrown@fensystems.co.uk> Date: Thu Jul 10 16:59:23 2014 +0100 x86/efi: Request desired alignment via the PE/COFF headers The EFI boot stub goes to great pains to relocate the kernel image to an appropriately aligned address, as indicated by the ->kernel_alignment field in the bzImage header. However, for the PE stub entry case, we can request that the EFI PE/COFF loader do the work for us. Fix by exposing the desired alignment via the SectionAlignment field in the PE/COFF headers. Despite its name, this field provides an overall alignment requirement for the loaded file. (Naturally, the FileAlignment field describes the alignment for individual sections.) There is no way in the PE/COFF headers to express the concept of min_alignment; we therefore do not expose the minimum (as opposed to preferred) alignment. Signed-off-by: Michael Brown <mbrown@fensystems.co.uk> Signed-off-by: Matt Fleming <matt.fleming@intel.com> diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S index 84c2234..1fdb350 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -155,7 +155,7 @@ extra_header_fields: #else .quad 0 # ImageBase #endif - .long 0x20 # SectionAlignment + .long CONFIG_PHYSICAL_ALIGN # SectionAlignment .long 0x20 # FileAlignment .word 0 # MajorOperatingSystemVersion .word 0 # MinorOperatingSystemVersion Reverting that commit make the kernel image acceptable for signtool.exe. The patch is scheduled for revert: <http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/patch/?id=fa5c35011a8d5f3d0c597a6336107eafd1b6046c> r15297 | signtool revert r15298 | dpkg-parsechangelog is too old: > dpkg-parsechangelog: unknown option `-SDistribution' > dpkg-parsechangelog: unknown option `-SDate' Package: linux Version: 4.1.6-1.149.201509211611 Branch: ucs_4.1-0 r63869 | Bug #38873: linux-4.1.6 Package: univention-kernel-image Version: 9.0.0-1.80.201509220835 Branch: ucs_4.1-0 r63870 | Bug #38873: linux-4.1.6 Package: univention-kernel-image-signed Version: 2.0.0-1.8.201509220909 Branch: ucs_4.1-0 OK: amd64 @ kvm OK: i386 @ kvm OK: amd64 @ xen12 FAIL: amd64 @ OVMF: Grub refuses to load the kernel: "Invalid signature" FYI: There are two tools to sign the Linux kernel using Linux tools <https://en.opensuse.org/openSUSE:UEFI_Image_File_Sign_Tools>: - <git://kernel.ubuntu.com/jk/sbsigntool> - <https://github.com/rhinstaller/pesign>
Created attachment 7194 [details] installer-kernel.png
(In reply to Stefan Gohmann from comment #6) > Created attachment 7194 [details] > installer-kernel.png During the installation, the installer asks which kernel should be installed.
(In reply to Stefan Gohmann from comment #7) > During the installation, the installer asks which kernel should be installed. Not a bug of the Kernel. Fixed otherwise. Works-for-me with isotests/ucs_4.1-0-20151001-141500-dvd-amd64.iso
(In reply to Philipp Hahn from comment #8) > Not a bug of the Kernel. > Fixed otherwise. > Works-for-me with isotests/ucs_4.1-0-20151001-141500-dvd-amd64.iso It looks like you or someone else build the debian-installer for this DVD. This seems to fix the issue. Good to know. Upgrade: OK (small adjustment r64132) Installation in KVM: OK Installation on hardware: OK The rest will be tested via Bug #38872.
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".