Bug 454462 - Review Request: ksplice - Patching a Linux kernel without reboot
Review Request: ksplice - Patching a Linux kernel without reboot
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Moschny
Fedora Extras Quality Assurance
:
Depends On: 463101
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-08 12:42 EDT by Jochen Schmitt
Modified: 2009-09-16 17:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-20 16:26:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
thomas.moschny: fedora‑review+
tibbs: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Jochen Schmitt 2008-07-08 12:42:47 EDT
Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-1.fc9.src.rpm

Description:
Ksplice allows system administrators to apply security patches to the 
Linux kernel without having to reboot. Ksplice takes as input a source 
code change in unified diff format and the kernel source code to be 
patched, and it applies the patch to the corresponding running kernel. 
The running kernel does not need to have been prepared in advance in 
any way.
Comment 1 Jochen Schmitt 2008-07-21 15:28:53 EDT
Fix minor issue in the package:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-2.fc9.src.rpm
Comment 2 Thomas Moschny 2008-07-22 11:57:33 EDT
- Please add perl as BR. Albeit brought in as a dependency, it is not contained
in the list of exceptions (unlike patch). Strictly speaking, configure also
tests for perl(Cwd), perl(File::Temp) and perl(Pod::Usage), which currently are
all satisfied by perl itself.

- Please add patch, gcc and rsync as a runtime requirement.

- The perl(ksplice) provides/requires should be filtered, seems to be bogus as
ksplice.pm is not installed in the standard perl path (and probably not to be
used by any other tool).

- Not sure about _datadir/ksplice/kmodsrc. Shouldn't that be moved to
_usrsrc/kmodsrc?
Comment 3 Thomas Moschny 2008-07-22 12:28:35 EDT
Also, you need to set "ExclusiveArch: i386 x86_64", as far as I understand,
ksplice will currently work on that archs.
Comment 4 Jochen Schmitt 2008-07-23 10:24:47 EDT
thank you for your helpful repsones.

For Topic #3 of comment #2 I want to aks, how I can do it?

For the last point of comment #2 if have dicied to amek no changes.

The current package you may find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-3.fc9.src.rpm

Comment 5 Thomas Moschny 2008-07-24 03:16:55 EDT
(In reply to comment #4)
> For Topic #3 of comment #2 I want to aks, how I can do it?

See http://fedoraproject.org/wiki/Packaging/Perl#In_.25prep_.28preferred.29 :

cat << \EOF > %{name}-prov
#!/bin/sh
%{__perl_provides} $* |\
sed -e '/perl(ksplice)/d'
EOF

%define __perl_provides %{_builddir}/%{name}-%{version}/%{name}-prov
chmod +x %{__perl_provides}

cat << \EOF > %{name}-req
#!/bin/sh
%{__perl_requires} $* |\
sed -e '/perl(ksplice)/d'
EOF

%define __perl_requires %{_builddir}/%{name}-%{version}/%{name}-req
chmod +x %{__perl_requires}

> For the last point of comment #2 if have decided to make no changes.

Ok. Other packages seem to have sourcefiles in %_datadir as well.

> ExclusiveArch:	%{x86} x86_64

Typo: should be %{ix86}. However, I was told on #fedora-devel that in such
cases, when it isn't unlikely at all that the package will be ported to other
architectures, we should use excludearch instead. Only packages that will
*never* be built on anything else should use exclusivearch. So, please use
"ExcludeArch: ppc ppc64".
Comment 6 Jochen Schmitt 2008-07-24 11:58:32 EDT
Thank you for your hints. I have modified the package as suggested.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-5.fc9.src.rpm
Comment 7 Thomas Moschny 2008-07-30 16:13:17 EDT
Still missing some runtime dependencies, I think. At least

- module-init-tools (for lsmod/insmod/rmmod)
- util-linux-ng (for dmesg)
- tar and gzip
- coreutils (for cp, mv, mkdir, etc...)
- findutils (find)
- binutils (ld)
- make
- diffutils (cmp)

and likely some more, as a complete kernel build is performed by ksplice-create.
Have a look at the kernel.spec's BuildRequirements list, could be (partly)
re-used here.

Besides, I tried to use ksplice on f9/x_86_64, with the printk example from the
tutorial and it didn't work, but maybe I did something wrong. Did you actually
try using ksplice on a fedora kernel?
Comment 8 Thomas Moschny 2008-07-31 08:34:26 EDT
(In reply to comment #7)
> Besides, I tried to use ksplice on f9/x_86_64, with the printk example from the
> tutorial and it didn't work, but maybe I did something wrong.

Taking that back. It works, iff you use the right kernel tree.
Comment 9 Jochen Schmitt 2008-07-31 09:47:03 EDT
Thank you for your testing. It may be nice, if you can more specific about 'the 
right kerne tree'. Perhaps we need a special README.Fedora, if there any Fedora 
specific cases which are to be consider.
Comment 10 Thomas Moschny 2008-07-31 10:40:50 EDT
Unfortunately, there are no kernel-source rpms anymore. So, basically, the
procedure is as follows:

- download the proper source rpm for the running kernel:
  "yumdownloader --source kernel-`uname -r`"
- install it: rpm -ivh kernel-*.src.rpm
- prep it: cd `rpm --eval '%{_specdir}'` && 
  rpmbuild --with baseonly -bp --target=`uname -m` kernel.spec

In %{_builddir}/kernel-2.6.25/linux-2.6.25.`uname -m` there is an almost usable
tree after that, and one could proceed with the ksplice tutorial (i.e. make a
ksplice subdir, copy the right System.map and .config from /boot there, modify
some files, or get the desired patch, and finally call ksplice-create). 

There's one gotcha though: that kernel tree's EXTRAVERSION is empty, (it is
being set in %build, not in %prep), and thus the generated ksplice modules can
only forcefully be loaded into the running kernel because of a version magic
mismatch.

So if you've got enough time, use -bc instead of -bp. That actually builds the
complete kernel, but then you can be quite sure that the resulting tree matches
that of the running kernel.
Comment 11 Jochen Schmitt 2008-07-31 12:38:29 EDT
Thank you for your hint. I have created an updated release of the package.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-6.fc9.src.rpm
Comment 12 Jochen Schmitt 2008-07-31 14:35:30 EDT
I think I have found a solution to fix your EXTRAVERSION issue without the need
of compiling the kernel package which 'rpmbuild -bc'.

It may be nice, if you have a look on the script kspliceprep in the
ksplice-extras sub package.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-7.fc9.src.rpm

Comment 13 Jochen Schmitt 2008-07-31 15:44:31 EDT
Changes:

- Added copyright notice in the header of kspliceprep.
- kspliceprep create ksplice dir in kernel sources and copy
  config and System.map rom /boot into this directory.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-8.fc9.src.rpm
Comment 14 Jochen Schmitt 2008-08-03 14:40:36 EDT
I have add some enhancements to the kspliceprep schript which I have renamed to fedora-ksplice-prepare. The ksplace-extras subpackage is renamed into fedora-ksplice to signal that the content is fedora specific.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-8.fc9.src.rpm
Comment 15 Thomas Moschny 2008-08-04 11:06:18 EDT
There are some rpmlint issues:

ksplice.src:93: E: files-attr-not-set
ksplice.src: W: mixed-use-of-spaces-and-tabs (spaces: line 36, tab: line 1)
ksplice.src: W: strange-permission fedora-ksplice-prepare 0775


Minor (non-blocking issues) regarding the fedora-ksplice-prepare script:

- There are some typos:

# fedora-ksplice-prepare fetches the source rpm of the currently installed kernel
# from the repository an tries to prepare it for ksplice.
...
echo "Kernel rpm will be prepared"

- The tmpdir is not removed if something fails (use trap).
- Not sure whether deleting the downloaded src.rpm is a good idea, the user might want to rerun the script if something breaks.
Comment 16 Jochen Schmitt 2008-08-04 11:44:52 EDT
Should be fixed.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-8.fc9.src.rpm
Comment 17 Thomas Moschny 2008-08-24 04:47:13 EDT
First of all, sorry for the delay.

Second, I guess you meant
http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-11.fc9.src.rpm,
used that for the following review.

[x] = ok, [~] = ok - see note, [!] = not ok, [-] = not applicable

[x] package meets naming guidelines
[x] specfile is encoded in ascii or utf-8
[x] specfile matches base package name
[x] specfile uses macros consistently
[x] specfile is written cleanly
[x] specfile is written in AE
[x] changelog is present and has correct format
[x] license matches actual license
[x] license is open source-compatible
[x] license text is included in package
[x] source tag has correct url
[x] source files match upstream

    md5sum: 4e42c5a72f4734256db8b50290f1b7a1

[x] latest version is packaged
[x] summary is concise
[x] dist tag is present
[x] buildroot is correct
[x] buildroot is prepped
[x] %clean is present
[x] proper build requirements
[x] proper requirements
[x] uses %{?_smp_mflags}
[x] uses %{optflags}
[x] doesn't use %makeinstall
[x] package builds at least on one architecture

    tested on: f9/x86_64

[!] packages installs and runs at least on one architecture
    
    - Upon installation:
    error: Failed dependencies:
           rpmbuild is needed by fedora-ksplice-0.8.7-11.fc9.x86_64

    - More problems running fedora-ksplice-prepare, see later.

[!] rpmlint is quiet

    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/helper.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/helper.c
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/primary.c
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/modcommon.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/jumps.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/modcommon.c
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/primary.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/nops.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/allcommon.h
    ksplice.x86_64: W: devel-file-in-non-devel-package /usr/share/ksplice/kmodsrc/allcommon.c

    -> This has been discussed before.

    ksplice.src:95: E: files-attr-not-set
    ksplice.src: W: mixed-use-of-spaces-and-tabs (spaces: line 37, tab: line 1)
    ksplice.src: W: strange-permission fedora-ksplice-create 0775
    ksplice.src: W: strange-permission fedora-ksplice-prepare 0775

    -> Please fix these.

[!] final provides/requires look sane

    - ksplice misses a dependency on util-linux-ng (for /bin/dmesg)
    - for fedora-ksplice, 'rpmbuild' cannot be satisfied

[-] ldconfig called in %post and %postun if required
[x] code, not content
[x] file permissions are appropriate
[x] debuginfo package looks usable
[-] config files marked as %config(noreplace)
[x] owns all the directories it creates
[-] static libraries in -devel subpackage
[-] header files in -devel subpackage
[-] development .so files in -devel subpackage
[-] pkgconfig files in -devel subpackage, requires pkgconfig
[x] no .la files
[x] doesn't need a -docs subpackage
[x] relevant docs are included
[x] doc files are not needed at runtime
[-] provides a .desktop file, build-requires desktop-file-utils
[-] uses %find_lang, build-requires gettext


Problems running fedora-ksplice-prepare:

- /usr/bin/fedora-ksplice-prepare: line 73: trap: -: invalid signal
  specification

- fedora-ksplice-prepare tries to cd into
  BUILD/kernel-2.6/linux-2.6.x86_64 here, correct dir would be
  BUILD/kernel-2.6.25/linux-2.6.25.x86_64.

- fedora-ksplice-prepare always re-downloads the (40MB)
  kernel.src.rpm, should probably be cached.


In my opinion, these (and probably more) problems of the scripts can
unnecessarily block approval of the ksplice package.

One solution would be to move them to another package (maybe creating
a tiny fedorhosted project) instead of a subpackage and adding a small
README instead, that describes how ksplice can be used in fedora. This
way (after fixing the minor problems shown in the review) ksplice
itself could be approved.
Comment 18 Jochen Schmitt 2008-09-09 11:29:14 EDT
I have followed your adive and have created a request for hosting fedora-ksplice as a seperate project.

So I have remove the shell script from the package.

The uploaded stuff may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.8.7-12.fc9.src.rpm
Comment 19 Thomas Moschny 2008-09-19 04:01:46 EDT
Sorry again for the delay.

There's a new version upstream, 0.9.0, would you like to update your package?
The runtime dependency on rsync has been dropped in the new version.
Comment 20 Thomas Moschny 2008-09-19 07:34:08 EDT
Just an additional note:

There is a patent application by MS that could be related, see http://article.gmane.org/gmane.linux.kernel/670282, and author's reply http://article.gmane.org/gmane.linux.kernel/673351.

But as it is only an application (yet), it shouldn't affect us, I guess.
Comment 21 Jochen Schmitt 2008-09-21 15:11:27 EDT
Unfortunately, I'm blocked by BZ #463101T.

On F-9 the build works fine, but not on rawhide.

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.9.0-1.fc9.src.rpm
Comment 22 Jochen Schmitt 2008-09-22 11:36:26 EDT
I have added the ksplice-zlib-configure patch.

New packages may be find at:

Spec URL: http://www.herr-schmitt.de/pub/ksplice/ksplice.spec
SRPM URL: http://www.herr-schmitt.de/pub/ksplice/ksplice-0.9.0-2.fc9.src.rpm
Comment 23 Thomas Moschny 2008-09-24 11:17:31 EDT
In addition to the review done earlier:

[x] latest version is packaged (0.9.0)

[x] source files match upstream
    md5sum: 33934d125cdc050cd68f8ea34f1f4f23

[x] package builds at least on one architecture
    tested on: f9/i386, f9/x86_64, f10/all

[!] final provides/requires look sane
    - the rsync dependency can be dropped
    - the perl module has been renamed (capitalized), please filter
      perl(Ksplice) now

[!] patches should have a comment about upstream status
    - did you sent the zlib patch upstream? please add a note
      explaining the status

The package is APPROVED, iff you fix these three (minor) issues.
Comment 24 Jochen Schmitt 2008-09-24 14:12:50 EDT
New Package CVS Request
=======================
Package Name:ksplice
Short Description:Patching a Linux kernel without reboot
Owners:s4504kr
Branches:F-8, F-9
InitialCC
Comment 25 Kevin Fenzi 2008-09-28 14:57:51 EDT
cvs done.
Comment 26 Fedora Update System 2008-09-28 15:47:54 EDT
ksplice-0.9.0-3.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ksplice-0.9.0-3.fc8
Comment 27 Fedora Update System 2008-10-01 02:39:03 EDT
ksplice-0.9.0-3.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ksplice'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8479
Comment 28 Fedora Update System 2008-10-01 02:40:52 EDT
ksplice-0.9.0-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ksplice'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-8492
Comment 29 Anders Kaseorg 2008-10-03 14:30:27 EDT
Ksplice 0.9.1 was released on 2008-09-26.  It includes the zlib patch, and other important fixes.
Comment 30 Fedora Update System 2008-10-06 12:21:52 EDT
ksplice-0.9.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/ksplice-0.9.1-1.fc9
Comment 31 Fedora Update System 2008-10-06 12:29:14 EDT
ksplice-0.9.1-1.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ksplice-0.9.1-1.fc8
Comment 32 Fedora Update System 2008-10-07 05:46:57 EDT
ksplice-0.9.1-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ksplice'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8641
Comment 33 Fedora Update System 2008-10-07 05:47:23 EDT
ksplice-0.9.1-1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ksplice'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-8647
Comment 34 Fedora Update System 2008-10-20 16:26:34 EDT
ksplice-0.9.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 35 Anders Kaseorg 2008-10-20 17:56:50 EDT
Ksplice 0.9.2 was released on 2008-10-17.  This is the first version to support Fedora kernels >= 2.6.26 (because of CONFIG_DEBUG_RODATA), so it would be good to get the package updated again.
Comment 36 Fedora Update System 2008-10-20 18:06:17 EDT
ksplice-0.9.1-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 37 Jochen Schmitt 2009-09-15 12:46:08 EDT
Package Change Request
======================
Package Name: ksplice
New Branches: F-12
Comment 38 Jason Tibbitts 2009-09-16 17:30:10 EDT
CVS done.

Note You need to log in before you can comment on or make changes to this bug.