Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
On Mon, Feb 26, 2024 at 02:20:41PM +0100, Julian Andres Klode wrote: > After we had discussed the new proposal a couple months ago and were > left with severe open questions and concerns it seems that these have > been ignored and the packages uploaded anyway, breaking APT's algorithm > that ensures the currently booted kernel is not offered for removal, as > well as possibly others. The change for that is not even in. Where do you see it? | $ dpkg -l linux-image-$(uname -r) | Desired=Unknown/Install/Remove/Purge/Hold | | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend | |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) | ||/ NameVersion Architecture Description | +++-===---=== | ii linux-image-6.7-cloud-amd64 6.7.4-1~exp1 amd64Linux 6.7 for x86-64 cloud (signed) Also #1060109 is still unanswered. > In addition, this means that the ABI changes within the same package > names, causing different ABIs to no longer be co-installable, which can > have drastic effect on thef function of systems: I asked you several times now: please show a problem. And I also told you this does not work within the confines of Debian. And neither did the kernel team provide this guarantee in the past. So I only see a way forward by preserving modules outside of the normal package lifecycle. Something that is ephemeral and so cleaned up automatically on shutdown. Bastian -- Spock: The odds of surviving another attack are 13562190123 to 1, Captain.
Bug#1064839: Consider not using an ephemeral key or document its security model
On Mon, 26 Feb 2024 14:45:19 +0100 Julian Andres Klode wrote: > Source: linux > Severity: normal > X-Debbugs-Cc: j...@debian.org > > In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040901 I asked you > to switch to an ephemeral key which was a misunderstanding from a > discussion with xnox, which we still need to sort out fully. > > Please either document how the buildds ensure that > > - private key generation has enough, and high quality enough, entropy > - private keys are safely erased after not being needed anymore > > or revert to signing modules with the CA key and use MODVERSIONS > and co to ensure that modules built for one ABI cannot be used > with another. > > I need to update the question in shim-review accordingly, I think > I never reverted it or adjusted it, but it will likely take the > form of the previous three paragraphs. > > I sincerely apologize for causing this misunderstanding. Are those really that hard of a problem to solve? Running any modern kernel entropy shouldn't be an issue, certainly not on controlled environment like the buildds - if an attacker has complete control of the buildds environment, then we can pack up and go home, given the kernel build is not reproducible. And likewise key handling could be done in a non-swappable tmpfs tied to the lifetime of the build process via a namespace, that ought to be enough for peace of mind? Using an ephemeral key makes things so much simpler and nicer and quicker at signing time, and so much simpler to reason about. One kernel, one set of modules, and that's it. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
reassign 1064838 to linux
reassign 1064838 linux thanks Christoph
Processed: Re: Processed: Re: Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
Processing control commands: > reassign -1 linux Bug #1064838 [linux] New package names break APT safety features, ability to co-install different ABIs Ignoring request to reassign bug #1064838 to the same package -- 1064838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064838 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1064838 to linux
Processing commands for cont...@bugs.debian.org: > reassign 1064838 linux Bug #1064838 [tech-ctte] New package names break APT safety features, ability to co-install different ABIs Bug reassigned from package 'tech-ctte' to 'linux'. Ignoring request to alter found versions of bug #1064838 to the same values previously set Ignoring request to alter fixed versions of bug #1064838 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1064838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064838 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Processed: Re: Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
Control: reassign -1 linux Re: Debian Bug Tracking System > Processing control commands: > > > reassign -1 tech-ctte > Bug #1064838 [src:linux] New package names break APT safety features, ability > to co-install different ABIs Please only reassign to tech-ctte after the actual discussion has finished with an open dispute. I see you have open questions to Julian in the bug. Christoph
Processed: Re: Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
Processing control commands: > reassign -1 tech-ctte Bug #1064838 [src:linux] New package names break APT safety features, ability to co-install different ABIs Bug reassigned from package 'src:linux' to 'tech-ctte'. Ignoring request to alter found versions of bug #1064838 to the same values previously set Ignoring request to alter fixed versions of bug #1064838 to the same values previously set > severity -1 normal Bug #1064838 [tech-ctte] New package names break APT safety features, ability to co-install different ABIs Severity set to 'normal' from 'serious' -- 1064838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064838 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
Control: reassign -1 tech-ctte Control: severity -1 normal On Mon, Feb 26, 2024 at 02:20:41PM +0100, Julian Andres Klode wrote: > In addition, this means that the ABI changes within the same package > names, causing different ABIs to no longer be co-installable, which can > have drastic effect on thef function of systems: This is documented. Unstable and experimental don't need hand holding. > - modules will fail to load until you reboot Yes. That's why I wanted to rename the ABI of the kernel away from the package name. > - modules needed to reboot will fail to load until you reboot (if any) Please provide an example. Sorry. Bastian -- The man on tops walks a lonely street; the "chain" of command is often a noose.
linux_6.6.13-1~bpo12+1_source.changes ACCEPTED into stable-backports
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 16 Feb 2024 00:12:17 +0100 Source: linux Architecture: source Version: 6.6.13-1~bpo12+1 Distribution: bookworm-backports Urgency: medium Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Closes: 950324 1011986 1032104 1032604 1035587 1037938 1040901 1050353 1050782 1051365 1052304 1053187 1053503 1053764 1055021 1055069 1055244 1055649 1057619 1057790 1058576 1058758 1058887 1059431 1059607 1059624 Changes: linux (6.6.13-1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports . linux (6.6.13-1) unstable; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.12 https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.13 - f2fs: explicitly null-terminate the xattr list - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro - mptcp: fix uninit-value in mptcp_incoming_options - wifi: cfg80211: lock wiphy mutex for rfkill poll - wifi: avoid offset calculation on NULL pointer - wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap - debugfs: fix automount d_fsdata usage - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format - nvme-core: fix a memory leak in nvme_ns_info_from_identify() - io_uring: use fget/fput consistently - block: warn once for each partition in bio_check_ro() - drm/amdgpu: Do not issue gpu reset from nbio v7_9 bif interrupt - drm/amd/display: update dcn315 lpddr pstate latency - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer - drm/amdgpu: Use another offset for GC 9.4.3 remap - Revert "drm/prime: Unexport helpers for fd/handle conversion" - blk-mq: don't count completed flush data request as inflight in case of quiesce - nvme-core: check for too small lba shift - [x86] ASoC: amd: yc: Add HP 255 G10 into quirk table - [x86] ASoC: Intel: Skylake: Fix mem leak in few functions - [x86] ASoC: SOF: topology: Fix mem leak in sof_dai_load() - [x86] ASoC: Intel: Skylake: mem leak in skl register function - ASoC: rt5650: add mutex to avoid the jack detection failure - [x86] ASoC: Intel: skl_hda_dsp_generic: Drop HDMI routes when HDMI is not available - [x86] ASoC: SOF: ipc4-topology: Add core_mask in struct snd_sof_pipeline - [x86] ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores - nouveau/tu102: flush all pdbs on vmm flush - [x86] ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 - [x86] ASoC: hdac_hda: Conditionally register dais for HDMI and Analog - [x86] ASoC: SOF: ipc4-topology: Correct data structures for the SRC module - [x86] ASoC: SOF: ipc4-topology: Correct data structures for the GAIN module - net/tg3: fix race condition in tg3_reset_task() - ASoC: da7219: Support low DC impedance headset - nvme: introduce helper function to get ctrl state - nvme: ensure reset state check ordering - nvme-ioctl: move capable() admin check to the end - nvme: prevent potential spectre v1 gadget - nvme: fix deadlock between reset and scan - [arm64] dts: rockchip: Fix PCI node addresses on rk3399-gru - drm/amd/display: Add monitor patch for specific eDP - drm/amdgpu: Add NULL checks for function pointers - [armhf] drm/exynos: fix a potential error pointer dereference - [armhf] drm/exynos: fix a wrong error checking - ALSA: pcmtest: stop timer before buffer is released - [x86] hwmon: (corsair-psu) Fix probe when built-in - [arm64] clk: rockchip: rk3568: Add PLL rate for 292.5MHz - [arm64] clk: rockchip: rk3128: Fix HCLK_OTG gate register - soundwire: intel_ace2x: fix AC timing setting for ACE2.x - jbd2: correct the printing of write_flags in jbd2_write_superblock() - jbd2: increase the journal IO's priority - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc - neighbour: Don't let neigh_forced_gc() disable preemption for long - [x86] platform/x86: intel-vbtn: Fix missing tablet-mode-switch events - jbd2: fix soft lockup in journal_finish_inode_data_buffers() - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing - tracing: Add size check when printing trace_marker output - tracing: Fix uaf issue when open the hist or hist_debug file - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI - Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1 - [arm64] reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning - Input: atkbd - skip ATKBD_CMD_GETID in translated mode - Input: i8042 - add nomux quirk for Acer P459-G2-M - pinctrl: amd: Mask non-wake source pins
Bug#1064839: Consider not using an ephemeral key or document its security model
Source: linux Severity: normal X-Debbugs-Cc: j...@debian.org In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040901 I asked you to switch to an ephemeral key which was a misunderstanding from a discussion with xnox, which we still need to sort out fully. Please either document how the buildds ensure that - private key generation has enough, and high quality enough, entropy - private keys are safely erased after not being needed anymore or revert to signing modules with the CA key and use MODVERSIONS and co to ensure that modules built for one ABI cannot be used with another. I need to update the question in shim-review accordingly, I think I never reverted it or adjusted it, but it will likely take the form of the previous three paragraphs. I sincerely apologize for causing this misunderstanding. -- System Information: Debian Release: trixie/sid APT prefers noble APT policy: (500, 'noble'), (500, 'mantic-security') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-11-generic (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#1064579: marked as done (new git url for non-free firmware)
Your message dated Mon, 26 Feb 2024 14:26:05 +0100 with message-id <854480273.uh4nTMncRx@bagend> and subject line Re: Bug#1064579: new git url for non-free firmware has caused the Debian Bug report #1064579, regarding new git url for non-free firmware to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: firmware-iwlwifi Version: 20230625-2 The source URL mentioned in the copyright file doesn't work anymore. It seems to be https://kernel.googlesource.com/pub/scm/linux/kernel/git/firmware/linux-firmware now. Same goes for other packages. Regards Harri --- End Message --- --- Begin Message --- On Monday, 26 February 2024 11:31:41 CET Harald Dunkel wrote: > It didn't work when I tried, sorry. Seems to be OK now. Closing the bug then signature.asc Description: This is a digitally signed message part. --- End Message ---
Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
On Mon, Feb 26, 2024 at 02:20:41PM +0100, Julian Andres Klode wrote: > Source: linux > Severity: serious > X-Debbugs-Cc: j...@debian.org > > After we had discussed the new proposal a couple months ago and were > left with severe open questions and concerns it seems that these have > been ignored and the packages uploaded anyway, breaking APT's algorithm > that ensures the currently booted kernel is not offered for removal, as > well as possibly others. > > In addition, this means that the ABI changes within the same package > names, causing different ABIs to no longer be co-installable, which can > have drastic effect on thef function of systems: > > - modules will fail to load until you reboot > - modules needed to reboot will fail to load until you reboot (if any) > > I do not believe fucking up our users for convenience of the maintainers > and lacking of tools on the ftpmaster side to automatically approve new > ABI renames is the right call here. > > As such if this change is not reverted, I intend to reassign this to > the technical committee for deliberation. This is a followup to the discussion in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040901 which we discussed all this in October all these concerns were already raised in, and lots of open questions remained that we were nowhere near ready to do this even if we all agreed that was the right move. -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Bug#1064838: New package names break APT safety features, ability to co-install different ABIs
Source: linux Severity: serious X-Debbugs-Cc: j...@debian.org After we had discussed the new proposal a couple months ago and were left with severe open questions and concerns it seems that these have been ignored and the packages uploaded anyway, breaking APT's algorithm that ensures the currently booted kernel is not offered for removal, as well as possibly others. In addition, this means that the ABI changes within the same package names, causing different ABIs to no longer be co-installable, which can have drastic effect on thef function of systems: - modules will fail to load until you reboot - modules needed to reboot will fail to load until you reboot (if any) I do not believe fucking up our users for convenience of the maintainers and lacking of tools on the ftpmaster side to automatically approve new ABI renames is the right call here. As such if this change is not reverted, I intend to reassign this to the technical committee for deliberation. -- System Information: Debian Release: trixie/sid APT prefers noble APT policy: (500, 'noble'), (500, 'mantic-security') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-11-generic (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
Re: Bug#1064579: new git url for non-free firmware
It didn't work when I tried, sorry. Seems to be OK now.
Bug#1027304: linux-kbuild-6.0: missing `resolve_btfids` and some scripts
Hi, I also encountered the exact same scenario and the issue is reproducible also on linux-kbuild-6.1. It seems that Debian Linux packages are lacking things necessary to build BTF for kernel modules, like vmlinux in /lib/modules/`uname -r`/build, as well as many eBPF tools included in the kernel source. Are there any updates, or is there reasons why Debian doesn't ship those files? Cheers, Eric
