How does one update the kernel on FatDog64 721?

[TTFOSS]

First of all Fatdog64 721 is the cleanest Puppy-inspired release I have seen since 2008.
It's so easy to create a new user and then surf as that user.


Something to bring to the attention of FatDog64 users and the developers.

RE spectre flaws - According to

linuxtoday.com/developer/linux-4.15-released.html

lkml.iu.edu/hypermail/linux/kernel/1801.3/02794.html

"to actually get the biggest fix for the indirect branch mitigations, you need not just the kernel updates, you need to have a compiler with support for the "retpoline" indirect branch model."

The package
distro.ibiblio.org/fatdog/packages/720/gcc-full-4.8.3-x86_64-1.txz
was last updated 2016-8-24.

There is no way that the required retpoline modifications could have been added to that package back in 2016.

So the kernel code may have been updated but if the compiler has not been then you will not be getting the fixes you think should be there.

At least one other distro (AntiX) has the same problem.

Testing Fatdog64 721 with the script
https://github.com/speed47/spectre-meltdown-checker
reveals that only the meltdown flaw has been taken care of.


Question for the developers: Is there a straightforward way to update the kernel on a regular basis, preferably without compiling a new kernel each time?

It is doubtful that the FatDog developers have the time for a weekly rolling distro like Slitaz
mirror1.slitaz.org/iso/rolling/
So what options do concerned users have?

Once details of the recently discovered skyfall and solace flaws have been released then the kernels will have to be updated again.

2018 might be a tough year for kernel modifications. People might have to update the kernel on a weekly basis to protect themselves.


How was the FatDog64 721 kernel prepared? From source or from another distribution?

Now a few distributions like slackware, ubuntu, antiX and maybe others release binary packages on a regular basis.
Are any of these distros compatible with FatDog64 721 as far as the kernel/firmware is concerned?
Were any special modifications made to the FatDog kernel?

Can you provide some general instructions on how someone might incorporate one of these updated kernels into FatDog64?

I would be happy to test such a process/procedure and then expand any provided documentation which I would make available to all (provided I could get it to work). [I can document unpacking/modification/repacking the iso, initrd and sfs files]

Such a procedure might be very useful before the next release of FatDog64 and might also reduce the time developers have to spend on interim releases.


I do not wish to reopen discussions on whether spectre/meltdown flaws are any real concern.
Let's just note that some people are more concerned than others.


Thanks

[drunkjedi]

Hi, first of all this section of forum is for posting detailed howtos.

@Flash could you please move this to appropriate section?

@OP maybe following thread be of any use to you...
http://www.murga-linux.com/puppy/viewtopic.php?t=97273

[kirk]

distro.ibiblio.org/fatdog/packages/720/gcc-full-4.8.3-x86_64-1.txz
was last updated 2016-8-24.

That will not be updated until Fatdog64-800, work has started on that but it will be quite a while. When we replace gcc/libc everything is recompiled with it.

Question for the developers: Is there a straightforward way to update the kernel on a regular basis, preferably without compiling a new kernel each time?

If we post an updated kernel at http://distro.ibiblio.org/fatdog/kernels/ then you can install it using the directions at http://distro.ibiblio.org/fatdog/web/faqs/kernel.html But we don't post updates that often.

2018 might be a tough year for kernel modifications. People might have to update the kernel on a weekly basis to protect themselves.

Not for most users. If you have multiple untrusted users on your computer then yes, but for a single user home system, not so much. To exploit a kernel vulnerability an attacker first has to be able to execute arbitrary code on your system. For a "normal" Fatdog64 user there's basically two ways to achieve this:

1) Trick you into installing a program that has some malicious code. In this case you're pretty much done before you start.

2) Javascript in a web browser. This is the real place for the "normal" single user system user to be concerned about. The latest Firefox and Google-Chrome has mitigations for spectre. If you want to be very cautious, create a new user and only use that user for things like banking etc. Also, only have one tab/browser open at a time. There's also javascript blocking addons you can install.

How was the FatDog64 721 kernel prepared? From source or from another distribution?

We build it. It's not based on any other distro. You can compile your own if you like. The config is in /proc/config.gz, and the only patches are AUFS. We also download git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-regdb.git and replace <kernel source>/net/wireless/db.tx with that one.

Can you provide some general instructions on how someone might incorporate one of these updated kernels into FatDog64?

No, it's very doubtful that their kernels would be compatible.

[TTFOSS]

@Kirk

Thank you for your detailed response. The information you provided will save me from heading down many dead-end paths.

So it might seem that if one wanted all of the new features of the most updated kernel fixes then one should focus on getting a new compilier & glibc (which would not be a trivial task)?

I will check for updates to the fatdog packages, esp for gcc.

Building a compiler from source code can be a tricky process [using the older version to build the latest version] . As a temporary short-term work around would I be able to copy (say) Slackware's binary version and use that [latest version of gcc] to start building other packages just to get an overall build process started?

Thanks again

[kirk]

So it might seem that if one wanted all of the new features of the most updated kernel fixes then one should focus on getting a new compilier & glibc (which would not be a trivial task)?

This will happen with Fatdog64-800. Updating gcc/libc is not a trivial thing to do. Many packages have to be rebuilt because the new libc/libstdc++ will cause breakage. Sometimes unexpected breakage, so we only update gcc when we do a full rebuild. Not to say it's not possible, just problematic. This situation is supposed to be better when upgrading from gcc 5.x or newer.