On 08/01/15 20:30, Greg Bailey wrote:
On 01/08/2015 11:18 AM, James Bishop wrote:
I apologise if this is not the appropriate list for the following
issue, but...
Is it possible to upgrade the Linux kernel on a kickstart CD?
I've changed the vmlinuz and initrd.img files in the isolinux
directory from the distro's ISO image; so kernel
2.6.32-504.3.3.el6.i686 now boots from a DVD, and loads the
appropriate modules and firmware from the stage 1 initrd.img.
However, anaconda (13.21.229) exits abnormally with a DBusException
(org.freedesktop.DBus.Error.NoReply); possibly because NetworkManager
is unable to launch the wpa_supplicant.
Anaconda appears to be choking during initialisation:
anaconda.id = instClass.installDataClass(anaconda, extraModules,
opts.display_mode, anaconda.backend)
File "/usr/lib/anaconda/instdata.py", line 324, in __init__
self.reset()
File "/usr/lib/anaconda/instdata.py", line 64, in reset
self.network = network.Network()
File "/usr/lib/anaconda/network.py", line 308, in __init__
self.update()
File "/usr/lib/anaconda/network.py", line 326, in update
devhash = isys.getDeviceProperties(dev=none)
File "/usr/lib/anaconda/isys.py", line 375, in getDeviceProperties
bus = dbus.SystemBus()
File "/usr/lib/python2.6/site-packages/dbus/_dbus.py", line 202, in
__new__
private=private()
File "/usr/lib/python2.6/site-packages/dbus/_dbus.py", line 108, in
__new__
bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)
File "/usr/lib/python2.6/site-packages/dbus/bus.py", line 125, in
__new__
bus = cls._new_for_bus(address_or_type, mainloop=mainloop)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did
not receive a reply. Possible causes include: the remote application
did not send a reply, the message bus security policy blocked the
reply, the reply timeout expired, or the network connection was broken.
install exited abnormally [1/1]
The system will be rebooted when you press Ctrl-C or Ctrl-Alt-Delete.
The shell prompt is available on tty2; and so I can see the syslog,
which has repeated messages at its tail end:
INFO NetworkManager: <info> Trying to start the supplicant
So, something needs to be changed somewhere (kernel recompilation?
missing module? wpa_supplicant / NM upgrade? stage 2 install.img?)
which is where I'm stuck. Do I need to hack Wifi NIC related lines out
of anaconda?
The reason that I'd like the final kernel version to be running during
the install, is that it's needed to compile the low-level driver for a
FIPS-140 crypto coprocessor. The target system will be an off-line
certification authority system, and will certainly not need Wifi (in
fact the hardening procedure foresees removal of most network hardware
drivers).
I know I could do everything in three stages (initial install -
software upgrade - crypto driver install); but being able to do
everything in one go would simplify business continuity / bare metal
recovery.
In the meantime, I'm very happy to have learned something about
anaconda / kickstart and so on, which will be very useful in future.
If there's a quick fix to the above issues, I'd be happy to hear it.
Thanks in advance
James Bishop
Sounds like the "Rolling media" announced in:
http://lists.centos.org/pipermail/centos-announce/2014-December/020807.html
could be useful to you, although judging by the kernel version you
mentioned, it looks like you're looking for CentOS 6 updates.
Unfortunately, it appears the rolling media is only available for CentOS
7 at the moment.
Did you update modules.dep and modules.alias in the stage1 image?
-Greg
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Thanks Greg,
I think so: I used depmod in the attached bash script
(update_initrd.sh); on my system, the command expands to:
/sbin/depmod -b /tmp/initrd -F
/tmp/root/boot/System-map-2.6.32-504.3.3.el6.i686 2.6.32-504.3.3.el6.i686
where /tmp/initrd is the working directory for preparing the initrd file
system; /tmp/root is where the kernel and kernel-firmware packages have
been extracted.
The script is my attempt at copying only the kernel modules already
present in the original initrd. It also looks for RPMs required by the
latest kernel version (it identified kernel-firmware, initscripts and
iproute), and copies changed executables (only the ip command).
Thankyou for suggesting the Rolling media; I'll take a look at that.
I'm using CentOS 6 because I based my hardening process on the DISA STIG
for RHEL6; I haven't checked to see if there is now an equivalent for
CentOS 7.
James
--
_____________________________________________
James Bishop
European Commission - Joint Research Centre
IPSC Unit G.5 (TP.723)
Via E.Fermi, 2749
I - 21027 Ispra (VA)
Italy
Tel.: +39 0332 786225
Fax.: +39 0332 786280
e-mail: james.bishop@xxxxxxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
