| 1 |
On Tuesday, 11 September 2018 10:48:59 BST Stefan G. Weichinger wrote: |
| 2 |
> I got the job to admin a gentoo server that was configured and setup by |
| 3 |
> a former admin. |
| 4 |
> |
| 5 |
> No surprise that it is outdated ... |
| 6 |
> |
| 7 |
> It runs with profile "hardened/linux/amd64" and kernel 4.1.15-gentoo-r1 |
| 8 |
|
| 9 |
This is a rather old kernel. |
| 10 |
|
| 11 |
|
| 12 |
> That kernel does not have the necessary flags enabled to support EXT4 |
| 13 |
> ACLs ... |
| 14 |
|
| 15 |
Among many other changes that have taken place since that kernel version. |
| 16 |
|
| 17 |
|
| 18 |
> At first I emerged latest stable gentoo-sources, enabled these flags and |
| 19 |
> compiled ... but the lpfc module didn't detect the SAN devices |
| 20 |
> correctly, so I switched back to 4.1.15 (mark this as another todo here |
| 21 |
> ... sooner or later I want a more recent kernel working with lpfc ... I |
| 22 |
> have no clue about multipath so far) |
| 23 |
> |
| 24 |
> - |
| 25 |
> |
| 26 |
> Right now I always get this when I run "make bzImage" ( |
| 27 |
> |
| 28 |
> # make bzImage |
| 29 |
> CHK include/config/kernel.release |
| 30 |
> CHK include/generated/uapi/linux/version.h |
| 31 |
> CHK include/generated/utsrelease.h |
| 32 |
> CC kernel/bounds.s |
| 33 |
> kernel/bounds.c:1:0: error: code model kernel does not support PIC mode |
| 34 |
> /* |
| 35 |
> |
| 36 |
> make[1]: *** [Kbuild:44: kernel/bounds.s] Error 1 |
| 37 |
> make: *** [Makefile:990: prepare0] Error 2 |
| 38 |
> |
| 39 |
> Why? |
| 40 |
> Because the gcc has flags enabled? |
| 41 |
|
| 42 |
Probably because you need a later version of gcc to compile the newer kernel |
| 43 |
with. |
| 44 |
|
| 45 |
|
| 46 |
> I am not insisting on hardened profile but want to avoid bigger issues |
| 47 |
> when switching profiles without thinking ... |
| 48 |
> |
| 49 |
> - |
| 50 |
> |
| 51 |
> Basically I only need: |
| 52 |
> |
| 53 |
> CONFIG_EXT4_FS_SECURITY=y |
| 54 |
> CONFIG_EXT4_FS_POSIX_ACL=y |
| 55 |
> |
| 56 |
> in my kernel ;-) |
| 57 |
|
| 58 |
Have you tried to enable these in the current kernel version and while running |
| 59 |
with the same gcc configuration? |
| 60 |
|
| 61 |
|
| 62 |
> But this leads into these new areas of learning ... |
| 63 |
> |
| 64 |
> greets, Stefan |
| 65 |
|
| 66 |
This is how I would approach this task, but it's not a 5 minute effort. |
| 67 |
|
| 68 |
LONG WINDED APPROACH |
| 69 |
==================== |
| 70 |
|
| 71 |
1. Update your system: |
| 72 |
|
| 73 |
emerge -uaNDv system |
| 74 |
|
| 75 |
Assuming there are no major blockers which you will need to resolve one at a |
| 76 |
time, update your profile, switch your gcc to a newer version and continue |
| 77 |
with building a newer kernel. |
| 78 |
|
| 79 |
2. Copy the current kernel's .config file to the latest stable. Change the / |
| 80 |
usr/src/linux/ symlink to point to the latest linux kernel source. Run 'make |
| 81 |
oldconfig' and go through all the changes as required. Then 'make clean, && |
| 82 |
make && make modules_install' and copy over the bzImage, .config and System |
| 83 |
files of the new kernel to /boot. Leave the old files in /boot intact. |
| 84 |
Update grub config and reboot. |
| 85 |
|
| 86 |
3. Assuming all went fine, update your @world. |
| 87 |
|
| 88 |
WARNING: I would NOT try anything like this on a production system, but use a |
| 89 |
cloned fs to do all this work offline. Once I get something booting |
| 90 |
successfully I would then copy over binary packages and update the production |
| 91 |
system with them. |
| 92 |
|
| 93 |
|
| 94 |
SHORTER AND RECOMMENDED WAY |
| 95 |
=========================== |
| 96 |
|
| 97 |
There have been many changes with gcc and gentoo profiles since kernel-4.1.15- |
| 98 |
gentoo-r1. This is why I would recommend you reinstall using a stage 3 for an |
| 99 |
easier life. Keep your /etc, kernel .config and /var/lib/portage/world files |
| 100 |
from the existing installation, so you have minimal configuration changes to |
| 101 |
perform, following reinstallation. Also keep the old kernel image in /boot in |
| 102 |
case you struggle getting a newer kernel to boot immediately. |
| 103 |
|
| 104 |
-- |
| 105 |
Regards, |
| 106 |
Mick |
Archives