Contributed by pitrh on from the KARL kranks kernel kode krunch dept.
The commit message reads:
CVSROOT: /cvs Module name: src Changes by: ajacoutot@cvs.openbsd.org 2017/08/21 02:45:38 Modified files: distrib/syspatch: bsd.syspatch.mk Log message: Kernel syspatches will now only contain the differing object files. The syspatch(8) utility will be modified accordingly to relink the kernel at the end of its run (not done yet, still WIP). That will give us KARL and much smaller patches. Idea from deraadt@ OK robert@
The kernel relinking as part of syspatch is still a work in progress, but we really look forward to seeing this in action!
(Comments are closed)
By Anonymous Coward (2620:149:4:302:286b:599b:616a:f67b) on
Comments
By Paul 'WEiRD' de Weerd (weerd) weerd@weirdnet.nl on https://beta.undeadly.org
That's interesting. Why would you want to opt out? But more importantly: how did you opt out?
To install a syspatch kernel update, you need to install a new kernel, which syspatch will build for you (in a random order). So, I guess, it depends on how you opted out.
Comments
By Anonymous Coward (82.68.199.128) on
It will need relinking to get the syspatch update, but wouldn't specifically need relink at every boot. Because boot-time relinking is part of the standard os distribution, whatever you do to disable it will need to handle this.
By Anonymous Coward (2620:149:4:302:3186:6868:b9ee:4e72) on
quoting to Theo's email [1]:
This mechanism is incompatible with the current workings of unhibernate,
but I working on a solution for that, so if you use -current, don't expect
unhibernate to work. You can disable the mechanism using
echo no > /usr/share/compile/GENER*/SHA256
but we all love security so why would you do that.
Although I am not 100% certain this is still supported
1: https://marc.info/?l=openbsd-tech&m=149732026405941
By Zimmie (63.241.252.2) on
Excellent! The batch of updates in early August was kind of goofy. My system downloaded the kernel eleven times, when I'm pretty sure only the most recent was strictly needed.
By d.c. (109.107.215.223) on
Is there a way to tell syspatch which sets are needed? I don't like to have x* installed on my servers, so that syspatch always tries to offer me "007_freetype" (and to skip it then).
KARL looks interesting :)