From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rob Brewer To: development@lists.ipfire.org Subject: Re: Feedback on problems with Core Update 168 Testing Date: Thu, 12 May 2022 11:43:52 +0100 Message-ID: In-Reply-To: <1AF45C97-405B-4065-8A4F-40262DEBB6BA@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5687325051275827453==" List-Id: --===============5687325051275827453== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit On Thursday 12 May 2022 10:13 Michael Tremer wrote: > Hello, > > Thanks for spending so much time on this. We definitely need to improve > the general update experience since we sometimes seem to break people’s > systems and it is not nice to re-install a firewall from scratch. It will > take a while. > > So what I can say is that the kernel module issues come from when the > running kernel is changed and the kernel is trying to load any modules > that now have changed. This fails by design, because we sign our kernel > modules. The key is randomly generated at build time and used to sign all > modules and it then thrown away. For each build, we are using a different, > unique key that is not preserved. > > This means that although the kernel modules are of the same version, they > cannot be loaded because the signature check fails. That might also > explain why you are seeing so many ipset errors, because the kernel cannot > load that module any more. However, we use so much ipset now, why isn’t > the module loaded from before the update was started? > > The same goes for any network drivers. I assume you are using virtio or a > generic e1000 network adapter which will have been initialised at boot > time. The kernel should never unload the kernel module for that interface > and load it again later. I have no idea what could have triggered that. > > No matter what though; after you reboot, the new kernel should be booted > being able to load all modules it wants and the system should run > absolutely fine. Can you confirm that that is at least the case? > My Pakfire upgrade to 168 on my development APU2 board failed during upgrade and I lost ethernet communication with the PC. The APU2 now fails after the grub prompt with the error: *IPFire 2.27 (x86_64) - core166 Development Build: master/8f696f60 GNU/Linu Loading Linux 5.15.23-ipfire ... error: file `/vmlinuz-5.15.23-ipfire' not found. Loading initial ramdisk ... error: you need to load the kernel first. so it looks like update-initramfs didn't run after the upgrade. I'll try to boot the box from a usbstick and see if I can access the disk. Rob --===============5687325051275827453==--