Re, On 04/23/2014 02:25 AM, Paul Wise wrote: > On Tue, 2014-04-22 at 13:21 +0200, Thomas Liske wrote: > >> I've no idea how to detect outdated kernels in a generic way. In >> apt-dater-host I'd tried to implement such detection... but it is only >> a fragile heuristic. It is distri specific (needrestart should work on >> anyGNU/Linux). > > I wasn't able to find where that heuristic is located in apt-dater-host, > could you point it out?
there is the do_kernel sub around line 342: https://github.com/DE-IBH/apt-dater-host/blob/master/debian/apt-dater-host > The result line has the following format: > > KERNELINFO: ${Code} ${Release} > > The following codes are supported: > 0 - The running kernel is the latest distri kernel. No reboot required. > 1 - The running kernel is an distri kernel but it's older then the latest > installed. A reboot is recommended. > 2 - No distri kernel is running. > 9 - Unknown. But this is very fragile. >> On Debian based system you could install update-notifier-common. This >> ships /etc/kernel/postinst.d/update-notifier which creates >> /var/run/reboot-required after kernel installation. This is Debian's way >> for kernel-package based kernel installations... but no generic solution. > > That is probably the best way for Debian. I would suggest not depending > on update-notifier-common though because that is going to go away, so it > would be best if needrestart installed its own kernel update hook. > > https://packages.debian.org/unstable/update-notifier-common > >> Looking for ideas/comments. > > There is another implementation of this idea here, no idea how generic > it is but it was written by the Debian sysadmins for their use. > > http://sources.debian.net/src/nagios-plugins-contrib/9.20140106/dsa/checks/dsa-check-running-kernel After pondering about the problem I decided to try a different approach: https://github.com/liske/needrestart/blob/master/perl/lib/NeedRestart/Kernel.pm Heuristic: - Search for kernel images in /boot and try to extract there version string using `strings` and regex magic (ugly). The result should be a line like: 3.13-1-amd64 (debian-ker...@lists.debian.org) #1 SMP Debian 3.13.10-1 (2014-04-15) - If the first token is equal to the current major version (taken from /proc/version) we are running an ABI compatible kernel. But it might be obsolete since we did only check the version number => split the extracted string at spaces and check that every token is found in /proc/version - if one token is missing, we are running an obsolete ABI compatible kernel => reboot required - If there is any kernel with a high version number a reboot is required, too. This might be a more generic approach and should work with self compiled kernels (w/o kernel-package), too. The current git HEAD already uses the heuristic. HTH, Thomas -- :: WWW: http://fiasko-nw.net/~thomas/ :: ::: Jabber: xmpp:tho...@jabber.fiasko-nw.net ::: :: flickr: http://www.flickr.com/photos/laugufe/ :: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
