OpenSUSE Linux Rants

OpenSUSE Linux Tips, tricks, how-tos, opinions, and news

My Resume  -  My LinkedIn Profile

January 28, 2008

Want the new Linux 2.6.24 Kernel? Easy Upgrade Tutorial

by @ 7:11 am. Filed under General Linux, General SUSE, How-To, kernel, Linux tips, SUSE Tips & Tricks

INTRODUCTION

Now and then, you will likely need to familiarize yourself with a technically scientific process called “Fiddling With the Kernel.” There is quite a bit of documentation on this topic. I don’t want to go too far into the specifics of which options to set and how to tweak everything.

What I hope to do here is introduce you to a general overview of the steps involved with upgrading your kernel. I can hear it now, “You mean I can upgrade my kernel without knowing what CONFIG_INIT_ENV_ARG_LIMIT or CONFIG_USB_EHCI_ROOT_HUB_TT or CONFIG_SOUND_TRACEINIT means?” Why yes, yes, you can. I did this very process only yesterday, and I realized that I had done this process a number of times successfully. Thus, it seemed only fair to release it into the wild in hopes that someone else may benefit from it.

What on earth would possess someone to do something like upgrade a kernel? Well, let’s say you are using an RPM-based distro, such as OpenSUSE 10.x. You need the kernel source header files so that you can install the Nvidia driver for your new ultra-sick Nvidia card. You may need to compile the ndiswrapper kernel module. You may need to install VMware, which compiles a kernel module. Easy, right? Just install the kernel-source package that matches the kernel version you are running.

K, what if you have a newer kernel installed that the newest kernel-source package available? Or, what if you were anxiously awaiting some feature of the kernel that was just released, and you don’t want to wait for it to be available from a repository? There could be a host of reasons why you’d want to upgrade your kernel. This is a gentle introduction to one way of doing this.

Please be aware, though. You will usually not want to put a brand new kernel onto a production box, unless you have an exact reason in mind. Also, understand that you are doing this stuff at your own risk. Like I said, I did this yesterday, and have done it many times before. If you do it and your computer turns into radioactive hazardous waste (which it really shouldn’t do), don’t come crying to me.

All that disclaimer-ish junk out of the way, let’s get on to the cool stuff.

What will we be doing?

Step 1. – Download and unarchive the kernel source code
Step 2. – Prep and compile the kernel
Step 3. – Install the new kernel
Step 4. – Set up Grub
Step 5. – Reboot into the new kernel

GET THE KERNEL SOURCE

First things first. We’ll need the latest release of the kernel source code, available from none other than http://www.kernel.org/. On this page, you are looking for where it says, “The latest stable version of the Linux kernel is:”. Just to the right of the date on that line, there is a hyperlinked “F”. That is the Full source to the kernel. Right-click, copy the link.

Then, open a terminal and switch to root (with ‘su’). Change over to the /usr/src/ directory. Then, download the source using ‘wget’. When you’re done, unarchive it. This process should look something like this:

[1314][scott@linux:~]$ su
Password:
linux:/home/scott # cd /usr/src
linux:/usr/src # wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2
--13:14:20--  http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.tar.bz2
           => `linux-2.6.24.tar.bz2'
Resolving www.kernel.org... 204.152.191.5, 204.152.191.37
Connecting to www.kernel.org|204.152.191.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46,737,783 (45M) [application/x-bzip2]

100%[=============================================>] 46,737,783   578.56K/s    ETA 00:00

13:15:36 (604.56 KB/s) - `linux-2.6.24.tar.bz2' saved [46737783/46737783]

linux:/usr/src # tar -xvf linux-2.6.24.tar.bz2

Then you hang for awhile until the source decompresses.

PREP AND COMPILE THE KERNEL

Next, we need to make sure we have everything installed as necessary. Depending on the machine and what you already have installed, you may need to install one or more packages. Here are a few of the packages I have had to install to make things work properly:

gcc – this is the compiler – you won’t get far without this
nfs-kernel-server – on pre-OpenSUSE 10.3 boxes, use nfs-utils
oprofileabout this package
ncurses-devel

An easy way to see if they are installed or which need to be installed is with the rpm command. Install missing packages with yast. Recheck to make sure everything is there:

linux:/usr/src # rpm -qa gcc nfs-kernel-server oprofile ncurses-devel
gcc-4.2-24
linux:/usr/src # yast -i nfs-kernel-server oprofile ncurses-devel
linux:/usr/src # rpm -qa gcc nfs-kernel-server oprofile ncurses-devel
gcc-4.2-24
nfs-kernel-server-1.1.0-8
ncurses-devel-5.6-41
oprofile-0.9.3-25
linux:/usr/src # 

If one of the packages doesn’t show up, go ahead and use YAST to install it. Also, note that the one package is nfs-utils on OpenSUSE 10.2 and older, and nfs-kernel-server on OpenSUSE 10.3.

Next, we need to compile the kernel. Put away the defibrillation paddles. Contrary to popular belief, this step does not cause cardiac arrest (at least it didn’t in the lab rats we trained on kernel upgrades).

In your terminal, make sure you are in the directory with the kernel source code, something like /usr/src/linux-2.6.24/. Make sure you are working with a clean directory. Then, we are going to grab the configuration of the kernel that is currently running. This is as simple as:

linux:/usr/src # cd linux-2.6.24/
linux:/usr/src/linux-2.6.24 # make mrproper
linux:/usr/src/linux-2.6.24 # zcat /proc/config.gz > .config
linux:/usr/src/linux-2.6.24 #

Just about every time a new kernel comes out, new configuration options appear in it. If we were to just jump right in and start compiling the kernel now, it would stop when it reaches each new option and ask us what we want to do with it. Fortunately, there is a simple way around this. Unfortunately, the cost of simplicity is that you are accepting the default values for these options. But again, the object here is to keep it simple. If you’re feeling leet and hardcore, you can always go back and fiddle.

To get around this problem, we run make menuconfig just like if we were going to go in and hand-tweak the kernel. Instead of doing a thing, however, we tab over to EXIT and hit ENTER. We make sure to save the configuration.

We are ready to compile the kernel and all the modules, done by running this commandline:

linux:/usr/src/linux-2.6.24 # make ; make modules ; make modules_install

Because we have left everything with default settings, we will be compiling here for a long time. Actual time spent depends on your hardware specs.

INSTALL THE NEW KERNEL

When all the compiling finishes, you need to do two more things. You have to install the new kernel and configure grub to use it upon restart.

Next, we have to get our new kernel installed. We just copy a few files and create an initial ramdisk. We will copy the kernel image and System.map to /boot. We can then generate an initial ramdisk from that kernel and System.map file. Finally, I also like to back up .config to /boot as well, just so everything is in the same place. To accomplish all of this, these are the commands you will execute:

linux:/usr/src/linux-2.6.24 # cp arch/`uname -i`/boot/bzImage /boot/vmlinuz-2.6.24
linux:/usr/src/linux-2.6.24 # cp System.map /boot/System.map-2.6.24
linux:/usr/src/linux-2.6.24 # cp System.map /boot/System.map
linux:/usr/src/linux-2.6.24 # cp .config /boot/config-2.6.24
linux:/usr/src/linux-2.6.24 # mkinitrd -k vmlinuz-2.6.24 -i initrd-2.6.24

Kernel image:   /boot/vmlinuz-2.6.24
Initrd image:   /boot/initrd-2.6.24
Root device:    /dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 (/dev/sda2) (mounted on / as ext3)
Resume device:  /dev/sda1
Kernel Modules: processor thermal scsi_mod libata ahci pata_atiixp fan jbd mbcache ext3 edd sd_mod usbcore ohci-hcd uhci-hcd ehci-hcd ff-memless hid usbhid
Features:       block usb resume.userspace resume.kernel
Bootsplash:     SuSE (800x600)
36561 blocks
linux:/usr/src/linux-2.6.24 #

Because I don’t really care to type all of that out every time, I have created a script that will do all of this for me:

#!/bin/sh

# EDIT THE KERNEL VERSION AS NECESSARY
KERNEL_VERSION=2.6.24

# REMOVE THESE FILES IF THEY ALREADY EXIST (I.E., IF WE ARE DOING THIS AGAIN
# FROM A PREVIOUS ATTEMPT)
# THE -f IS SO WE DON'T GET ALERTS IF THE FILES AREN'T THERE
rm -f /boot/bzImage-$KERNEL_VERSION
rm -f /boot/System.map-$KERNEL_VERSION
rm -f /boot/config-$KERNEL_VERSION

# COPY THE KERNEL OVER TO /BOOT AND BACK UP THE SYSTEM.MAP AND .CONFIG FILES
cp /usr/src/linux-"$KERNEL_VERSION"/arch/`uname -i`/boot/bzImage /boot/vmlinuz-$KERNEL_VERSION
cp /usr/src/linux-"$KERNEL_VERSION"/System.map /boot/System.map-$KERNEL_VERSION
cp /usr/src/linux-"$KERNEL_VERSION"/.config /boot/config-$KERNEL_VERSION

rm -f /boot/System.map
cp /usr/src/linux-"$KERNEL_VERSION"/System.map /boot/System.map

#MAKE THE INITIAL RAM DISK FOR THE NEW KERNEL
mkinitrd -k vmlinuz-$KERNEL_VERSION -i initrd-$KERNEL_VERSION
rm -f /boot/System.map

You should now have a kernel compiled very closely to the one your system is currently running, but with the newest kernel source. The compiled kernel image should now be in /boot, along with an initial ramdisk to go with it. All we have left is to set up grub to see the new kernel. Then, we can reboot into it.

SET UP GRUB

This is one of the easiest steps. We are going to open up a text file, copy and paste a few lines, change just a bit, and save the file back out. So go ahead and edit /boot/grub/menu.lst in your favorite text editor. You will see something like this:

# Modified by YaST2. Last modification on Sun Dec 30 21:00:56 MST 2007
default 0
timeout 8
gfxmenu (hd0,1)/boot/message
##YaST - activate

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=0x314 resume=/dev/sda1 splash=silent showopts
    initrd /boot/initrd-2.6.22.13-0.3-default

###Don't change this comment - YaST2 identifier: Original name: failsafe###
title Failsafe -- openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=normal showopts ide=nodma apm=off acpi=off noresume nosmp noapic maxcpus=0 edd=off 3
    initrd /boot/initrd-2.6.22.13-0.3-default

Copy the section that begins with the line “####Don’t change this comment – YaST2 identifier: Original name: linux###” and ends at the line “initrd /boot/initrd-2.6.22.12-0.1-default”. Your version number may be different. We are just duplicating the original kernel entry. We are not going to edit that one directly, because we want to use it to get back into the system in case things go south.

You should now have something that looks like this (the green is what I pasted as a new entry):

# Modified by YaST2. Last modification on Sun Dec 30 21:00:56 MST 2007
default 0
timeout 8
gfxmenu (hd0,1)/boot/message
##YaST - activate

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=0x314 resume=/dev/sda1 splash=silent showopts
    initrd /boot/initrd-2.6.22.13-0.3-default

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=0x314 resume=/dev/sda1 splash=silent showopts
    initrd /boot/initrd-2.6.22.13-0.3-default

###Don't change this comment - YaST2 identifier: Original name: failsafe###
title Failsafe -- openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=normal showopts ide=nodma apm=off acpi=off noresume nosmp noapic maxcpus=0 edd=off 3
    initrd /boot/initrd-2.6.22.13-0.3-default

Now, for the edits. Go to the ‘title’ line of that section you pasted. Change the title to reflect the new kernel, maybe something like this: “title openSUSE 10.3 – 2.6.24 [TEST]”. Then, we’re looking for the line that starts with “kernel”. Change the version on the end of “vmlinuz” to the correct version. In this case, it is 2.6.24. Then, change the line that starts with “initrd” the same way. These two paths are pointing to your new kernel image and your new initial ram disk image, respectively.

If you want to make sure that you have the paths correct, you can use file. If you have the correct files, this is what you will see:

linux:/usr/src/linux-2.6.24 # file /boot/vmlinuz-2.6.24
/boot/vmlinuz-2.6.24: Linux/x86 Kernel, Setup Version 0x207, bzImage, Version 2.6.24, RO-rootFS, root_dev 0x802, swap_dev 0x1, Normal VGA
linux:/usr/src/linux-2.6.24 # file /boot/initrd-2.6.24
/boot/initrd-2.6.24: gzip compressed data, from Unix, last modified: Sat Jan 26 19:44:58 2008, max compression
linux:/usr/src/linux-2.6.24 # 

If the files do not exist, you will see this:

linux:/usr/src/linux-2.6.24 # file /boot/vmlinuz-2.6.24
/boot/vmlinuz-2.6.24: cannot open `/boot/vmlinuz-2.6.24' (No such file or directory)
linux:/usr/src/linux-2.6.24 # file /boot/initrd-2.6.24
/boot/initrd-2.6.24: cannot open `/boot/initrd-2.6.24' (No such file or directory)
linux:/usr/src/linux-2.6.24 # 

At this point, you should have the right paths to these two files and that you have them in your menu.lst file correctly. It might look something like this (the green bits are what I have changed):

# Modified by YaST2. Last modification on Sun Dec 30 21:00:56 MST 2007
default 0
timeout 8
gfxmenu (hd0,1)/boot/message
##YaST - activate

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 - 2.6.24 [TEST]
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.24 root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=0x314 resume=/dev/sda1 splash=silent showopts
    initrd /boot/initrd-2.6.24

###Don't change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=0x314 resume=/dev/sda1 splash=silent showopts
    initrd /boot/initrd-2.6.22.13-0.3-default

###Don't change this comment - YaST2 identifier: Original name: failsafe###
title Failsafe -- openSUSE 10.3 - 2.6.22.13-0.3
    root (hd0,1)
    kernel /boot/vmlinuz-2.6.22.13-0.3-default root=/dev/disk/by-id/scsi-SATA_WDC_WD1200BEVS-_WD-WXEX07392815-part2 vga=normal showopts ide=nodma apm=off acpi=off noresume nosmp noapic maxcpus=0 edd=off 3
    initrd /boot/initrd-2.6.22.13-0.3-default

With this step, we’ve opened the grub configuration file and made a copy of the entry running the current kernel. Then, we’ve changed it to give it a new title, and pointed it to the new kernel and initial ramdisk. Save the file and exit.

REBOOT INTO YOUR NEW KERNEL

All that we really have left now is to reboot into the new kernel. We still have the original installed and working. The grub configuration for the original is still intact. Because of this, if we have any problems whatsoever, we can just reboot and use that kernel instead. So, we can reboot with this command:

linux:/usr/src/linux-2.6.24 # shutdown -r now

Broadcast message from root (pts/2) (Sat Jan 26 20:32:20 2008):

The system is going down for reboot NOW!
linux:/usr/src/linux-2.6.24 # 

When the grub menu comes up, make sure you select the entry called “title openSUSE 10.3 – 2.6.24 [TEST]” (or whatever you called the new one). You should be able to boot just fine off this kernel (this process has always worked for me). If not, reboot and select the original one when the grub menu appears. This will get you back into your original kernel.

January 10, 2008

$306.1 M financial group bets it all on Linux security

by @ 9:55 pm. Filed under General Linux, kernel, Linux migrations, M$ Exposed, War

The evidence is undeniable : Linux is more secure than its proprietary alternative. This should be clear enough with even the briefest review of system security news revolving around M$ and its OS in the past week. 396 stories found. For Linux? 26.

“But if you consider the install base of each one, that will account for the difference in the number of stories and the number of vulnerabilities and exploits.” That’s one I hear from a lot of Micro$ofties. What’s funny is that this isn’t even true, and it’s very easily disproven. Very easily.

It’s as simple as comparing the number of flaws that exist per thousand lines of code in each of the kernels. Coverity did a study (albeit just over 3 years ago) of the number of vulnerabilities found in the Linux kernel per thousand lines of code. That number came out to be about 0.17 flaws per 1,000 lines of code, down considerably from about 8 times that only four years previous. Imagine how much it has improved since the study was done.

On the other hand, a study of proprietary software revealed that the average number of flaws per thousand lines of code is roughly between 10 and 20. This is not a good number for the M$ camp. 0.17 for Linux versus between 10 and 20 for proprietary software on average. Since M$ won’t let anyone see their source code, it is not possible to make a definite determination. But if they were certain it was even in the same ballpark as the Linux figure, you’d bet that they would be making a huge deal about the fact. I have heard nothing from them concerning the matter. Draw your own conclusions.

A very large number of entities are noticing this same thing. Not only is Linux much cheaper to run and maintain, it is also apparently around 100 times more secure (if you take a number between 10 and 20, like say 17, and you divide it by 0.17, you get 100) than what you might have on your desktop at this very moment. There are a lot of companies who are seeing this.

You know it must be fairly accurate if even financial institutions are switching over. Today, I saw an article illustrating this point. Entitled, “Financial group trusts Linux platform to protect customers’ assets,” the company’s experience thus far has had a familiar ring. Here are a couple of excerpts:

“Western & Southern reports an 80% decrease in batch cycle times on the new database servers running Linux, as well as a 60% reduction in the number of servers needed, which further reduced both hardware and software license costs.”

“Jackson’s experience with Linux has been so good that the company is now looking at other areas in which it could use the open source operating system.”

Now… This is not one isolated instance. I have personally documented over 150 cases of major Linux migrations. Entities described in this research include all of the branches of the U.S. Military, various national governments around the world, other world-wide financial institutions, large international companies and corporations, and educational institutions.

If you would like to have this research, I have made it available as part of my “Intro to Linux” course, available from the right nav on my OpenSUSE Linux blog. It’s free and makes for an interesting read, and you can send it out to whomever you may wish to share it with. That particular part of the course is in class number 4.

In any case, for situations where you need rock-solid security, Linux is truly a viable solution.

OpenSUSE Linux Rants
Official OpenSUSE Linux Site

internal links:

categories:

SUSE Resources

search blog:

archives:

August 2018
S M T W T F S
« Feb    
 1234
567891011
12131415161718
19202122232425
262728293031  

59 queries. 1.860 seconds