[OpenAFS-devel] Linux Kernel Module build question

Derek Atkins warlord@MIT.EDU
12 Jul 2001 17:15:18 -0400 

Jeremy Katz <katzj@linuxpower.org> writes:

> > it as root.
> 
> I think Elliot covered this one pretty well... 

The infrastructure is in place to use the proposed workaround, so this
will no longer be an issue.

> If you're building for a general audience, then you definitely want them
> to be able to easily build for the kernel they're running.  For the

openafs-kernel-source.  Been there.  Done that.

However, I want to provide binary modules so that anyone running a
_distributed_ kernel can just install AFS and go.  If they recompiled
their kernel, then yes, they should have to recompile AFS for
themselves.  But if they just installed a kernel RPM, then I want them
to be able to just install the AFS RPM.

> other case, again, why are you expecting that people are going to be
> regularly upgrading their OpenAFS and not their kernel when there are
> known security issues for older kernels.  You should be able to build
> for the following three strata (for Red Hat Linux releases) and have
> things work -- Red Hat Linux 6.x, Red Hat Linux 7.0, Red Hat Linux 7.1.
> You're not going to get away with any less binary packages than that,
> but if you make it so that it's EASY to rebuild the kernel module for
> your specific machine, then the question of requiring every single
> kernel build ever to work becomes less of an issue.

You're assuming that someone is actually going to be upgrading
OpenAFS.  What about someone who is just installing it for the first
time?  I have no idea which particular distribution kernel they're
running.

Also, just because someone _should_ update their kernel doesn't mean
they did.  Perhaps the pain of upgrading a kernel isn't worth the
security fix.  For example, I don't care about local root exploits on
my laptop -- nobody else uses it but me.  I certainly care about
remote access exploits, but generally those aren't kernel bugs.

I cannot assume that someone running RH 6.2 is using any particular
kernel.  I __HAVE__ to assume that they could be using ANY of the RH
distributed kernels, starting with 2.2.14-5.0 all the way up to
2.2.19-6.2.1.  Similarly, for RH 7.1 I can't assume whether they're
running 2.4.2-x or 2.4.3-y.

At the same time, as I said, I don't want someone to have to build a
module if they didn't rebuild their kernel.  I want it to just work.
Therefore, I have to ship modules for every shipped kernel.

> No, this is the normal way to build packages for multiple architectures.
> OpenAFS doesn't exist in a vacuum and if it doesn't play nice with
> others (in this case, the host machine and distribution), then its
> chances of seeing more support are slim.

Eh.  I don't consider i386/586/686/athlon to be different
architectures.  The fact that Red Hat does is, IMHO, a bug.  Just
compile for 386 and be done with it.  The speed gain is negligible,
and if someone cares they can recompile for themselves.

> Jeremy

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available