From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2] Core Update 183: Perform housekeeping to keep file lists aligned
Date: Tue, 09 Jan 2024 11:39:27 +0000 [thread overview]
Message-ID: <254AC305-C5F9-4D24-A363-7EFE60D19F0B@ipfire.org> (raw)
In-Reply-To: <c21b6fed-28cd-47ce-8a99-b36b37672a15@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 7931 bytes --]
Hello,
I am somewhat concerned about this patch when it comes to the libraries.
Please make sure that literally nothing is linked against any of those and that we definitely shipped any binary that might have linked against those libraries.
Secondly, we do have a script that should take care of this. Why did the script not cleanup those files? Could you please investigate on your system why they did not get deleted?
-Michael
> On 8 Jan 2024, at 21:48, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
> By comparing the filelist present on a fresh installation of the latest
> Core Update 183 nightly build with various IPFire installations in the
> fields, a number of differences surfaced, of which most are caused by
> erroneous additions or exclusions of certain files while shipping Core
> Updates, first and foremost related to linux-firmware.
>
> In addition, libcap was also updated to 2.69, but never shipped on
> existing installations.
>
> This patch corrects all differences, and aligns the files present and
> absent on existing installations with those freshly shipped with Core
> Update 183.
>
> The second version of this patch does not delete the
> "/etc/rc.d/rc3.d/off" directory, if present (it is used for storing
> initscripts of disabled services), is more explicit about removing
> /usr/lib/grub/x86_64-efi/verify.* (dot omitted in the first version),
> and includes additional files surfacing on yet another IPFire
> installation in the fields.
>
> The changes are cross-checked against linked libraries on the affected
> systems to rule out any instances of binaries being present that are
> still linked against the old libraries.
>
> Cc: Arne Fitzenreiter <arne_f(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/rootfiles/core/183/filelists/files | 45 +++++++++++++++++++
> config/rootfiles/core/183/filelists/libcap | 1 +
> config/rootfiles/core/183/update.sh | 52 +++++++++++++++++++++-
> 3 files changed, 97 insertions(+), 1 deletion(-)
> create mode 120000 config/rootfiles/core/183/filelists/libcap
>
> diff --git a/config/rootfiles/core/183/filelists/files b/config/rootfiles/core/183/filelists/files
> index 949b1b2dc..259fc7c37 100644
> --- a/config/rootfiles/core/183/filelists/files
> +++ b/config/rootfiles/core/183/filelists/files
> @@ -1,3 +1,48 @@
> +etc/sudoers.d/logwatch-mdadm
> +lib/firmware/brcm/BCM-0a5c-6410.hcd
> +lib/firmware/brcm/brcmfmac43012-sdio.bin
> +lib/firmware/brcm/brcmfmac43012-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.txt
> +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-plus.txt
> +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-ultra.txt
> +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m2-zero.txt
> +lib/firmware/brcm/brcmfmac43430-sdio.sinovoip,bpi-m3.txt
> +lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,3-model-a-plus.txt
> +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry_Pi_Foundation-Raspberry_Pi_4_Model_B.txt
> +lib/firmware/brcm/brcmfmac43455-sdio.Raspberry_Pi_Foundation-Raspberry_Pi_Compute_Module_4.txt
> +lib/firmware/brcm/brcmfmac4354-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac4356-pcie.clm_blob
> +lib/firmware/brcm/brcmfmac4356-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac4356-sdio.khadas,vim2.txt
> +lib/firmware/brcm/brcmfmac43570-pcie.clm_blob
> +lib/firmware/brcm/brcmfmac4373-sdio.clm_blob
> +lib/firmware/brcm/brcmfmac54591-pcie.bin
> +lib/firmware/brcm/brcmfmac54591-pcie.clm_blob
> +lib/firmware/cxgb4/t4-config.txt
> +lib/firmware/cxgb4/t5-config.txt
> +lib/firmware/cxgb4/t6-config.txt
> +lib/firmware/intel/ice/ddp/ice.pkg
> +lib/firmware/netronome/flower/nic_AMDA0058-0011_1x100.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0011_2x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0011_4x10_1x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0011_8x10.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0012_1x100.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0012_2x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0012_4x10_1x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0058-0012_8x10.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0011_1x100.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0011_2x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0011_4x10_1x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0011_8x10.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0012_1x100.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0012_2x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0012_4x10_1x40.nffw
> +lib/firmware/netronome/flower/nic_AMDA0078-0012_8x10.nffw
> +lib/firmware/nvidia/tegra124/vic.bin
> +lib/firmware/nvidia/tegra186/vic.bin
> +lib/firmware/nvidia/tegra210/vic.bin
> srv/web/ipfire/cgi-bin/dhcp.cgi
> srv/web/ipfire/cgi-bin/proxy.cgi
> srv/web/ipfire/cgi-bin/logs.cgi/firewalllog.dat
> diff --git a/config/rootfiles/core/183/filelists/libcap b/config/rootfiles/core/183/filelists/libcap
> new file mode 120000
> index 000000000..ed67d950a
> --- /dev/null
> +++ b/config/rootfiles/core/183/filelists/libcap
> @@ -0,0 +1 @@
> +../../../common/libcap
> \ No newline at end of file
> diff --git a/config/rootfiles/core/183/update.sh b/config/rootfiles/core/183/update.sh
> index 6ff84387f..db807c5df 100644
> --- a/config/rootfiles/core/183/update.sh
> +++ b/config/rootfiles/core/183/update.sh
> @@ -92,15 +92,65 @@ extract_files
>
> # Remove files
> rm -rvf \
> + /etc/fb.modes \
> + /etc/pango \
> /etc/fonts/conf.d/10-sub-pixel-rgb.conf \
> + /etc/rc.d/init.d/snort \
> + /lib/libBrokenLocale-2.33.so \
> + /lib/libcap.so.2.66 \
> + /lib/libpsx.so.2.66 \
> + /lib/firmware/ath10k/WCN3990/hw1.0/notice.txt_wlanmdsp \
> + /lib/firmware/ath11k/IPQ6018/hw1.0/Notice.txt \
> + /lib/firmware/ath11k/IPQ8074/hw2.0/Notice.txt \
> + /lib/firmware/ath11k/QCA6390/hw2.0/Notice.txt \
> + /lib/firmware/ath11k/QCN9074/hw1.0/Notice.txt \
> + /lib/firmware/ath11k/WCN6855/hw2.0/Notice.txt \
> + /lib/firmware/intel-ucode/06-86-04 \
> + /lib/firmware/intel-ucode/06-86-05 \
> + /lib/xtables/libebt_802_3.so \
> + /lib/xtables/libebt_ip.so \
> + /lib/xtables/libebt_log.so \
> + /lib/xtables/libebt_mark_m.so \
> + /lib/xtables/libxt_mangle.so \
> + /sbin/xtables-multi \
> + /srv/web/ipfire/html/themes/ipfire-rounded \
> + /usr/lib/crda/pubkeys/linville.key.pub.pem \
> + /usr/lib/libasan.so.{4,6}* \
> + /usr/lib/libbfd-2.3* \
> + /usr/lib/libbfd-2.40.so \
> /usr/lib/libbind9-9.16.44.so \
> + /usr/lib/libcilkrts.so* \
> /usr/lib/libdns-9.16.44.so \
> + /usr/lib/libdnssec.so.6* \
> + /usr/lib/libhogweed.so.4* \
> + /usr/lib/libipset.so.11* \
> /usr/lib/libirs-9.16.44.so \
> /usr/lib/libisc-9.16.44.so \
> /usr/lib/libisccc-9.16.44.so \
> /usr/lib/libisccfg-9.16.44.so \
> + /usr/lib/libknot.so.8* \
> + /usr/lib/libknot.so.12* \
> + /usr/lib/libnettle.so.6* \
> /usr/lib/libns-9.16.44.so \
> - /usr/lib/libxml2.so.2.11*
> + /usr/lib/libopcodes-2.3* \
> + /usr/lib/libopcodes-2.40.so \
> + /usr/lib/libubsan.so.0* \
> + /usr/lib/libxml2.so.2.11* \
> + /usr/lib/libzscanner.so* \
> + /usr/lib/grub/i386-pc/efiemu{32,64}.o \
> + /usr/lib/grub/i386-pc/verifiers.* \
> + /usr/lib/grub/i386-pc/verify.* \
> + /usr/lib/grub/x86_64-efi/shim_lock.* \
> + /usr/lib/grub/x86_64-efi/verifiers.* \
> + /usr/lib/grub/x86_64-efi/verify.* \
> + /usr/lib/snort_dynamic* \
> + /usr/local/bin/snortctrl \
> + /usr/share/usb_modeswitch/1033:0035 \
> + /usr/share/vim/vim7* \
> + /var/ipfire/geoip-functions.pl \
> + /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \
> + /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \
> + /var/lib/location/tmp*
>
> # update linker config
> ldconfig
> --
> 2.35.3
next prev parent reply other threads:[~2024-01-09 11:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-08 21:48 Peter Müller
2024-01-09 11:39 ` Michael Tremer [this message]
2024-01-11 16:33 ` Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=254AC305-C5F9-4D24-A363-7EFE60D19F0B@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox