[ATrpms-devel] Re: DKMS
Gary Lerhaupt
gary at lerhaupt.com
Sat May 22 23:32:13 CEST 2004
On Sat, 2004-05-22 at 15:43, Jarod C. Wilson wrote:
> So are you saying you don't respin when, say, a major security flaw is found
> in an older kernel? Dell isn't still shipping RHEL3 boxes w/that old kernel,
> are you? ;-)
>
> I understand saving money, but at the cost of sending systems out to customers
> that already have flaws... Ah well, my employer is an all-Dell shop, and we
> just install everything ourselves anyhow. Now for that one remaining issue I
> mentioned -- how does this all work if, say, the customer upgrades the kernel
> on their box w/up2date? How do they know they need to rebuild their kernel
> modules, or is that done automatically? I think I need to re-read the dkms
> docs in detail (I was rushed the first time through =)...
>
No, actually, we more or less stick with factory installing the gold
kernel for the life of that version of Red Hat. While certainly flaws
will inevitably be found and do exist, it is the customers
responsibility to upgrade once their system arrives (via up2date) and to
ensure the security of their box. The one thing we ensure is that we
won't pigeon-hole you into using a certain kernel and this brings us
back to DKMS.
Fundamentally, Dell supports all Red Hat kernels and by providing
modules through DKMS, we make it very easy on the customer. By general
policy, if we are delivering kernel module updates to modules which
already exist natively in the kernel tree, we do not set
AUTOINSTALL="yes" in that module's dkms.conf. This is because we cannot
be sure that the kernel they are moving to doesn't already contain a
version of the module later than the one we have delivered via DKMS.
However, with Rusty Russell's 2.6 module versioning stuff, this is
likely to change in the future. Since we'll absolutely know the version
of the module in the new kernel, we'll know whether or not to upgrade to
the version in the dkms tree.
If the kernel module does not natively exist in the kernel, we do set
AUTOINSTALL="yes" for that kernel module and then as the user boots into
the new kernel, dkms_autoinstaller automatically builds and installs
that module.
Also, dkms has anoter separate thing called match were you can say dkms
match -k newkernelver --templatekernel oldkernelver where you tell DKMS
that I want all the module versions which are installed on oldkernelver
to be installed on newkernelver.
Gary
More information about the atrpms-devel
mailing list