On Fri, 01 Feb 2013 11:34:40 +0100
Harald Hoyer wrote:
> The "rescue" initramfs carries just more kernel drivers to cope with
> different HW and will also have more debug tools, if you really
> really screwed up your real root. Nothing security fancy here,
> besides that you might want to passwor
On Tue, Jan 29, 2013 at 6:22 PM, Dennis Gilmore wrote:
> that are built at kernel build time? the issue with building it at
> build time was making sure we knew exactly what sourcs we needed to
> ship to match all the binaries in the initramfs. the initramfs's we
> build and ship as part of teh in
Am 04.02.2013 15:47, schrieb John Reiser:
>> = Features/DracutHostOnly =
>> https://fedoraproject.org/wiki/Features/DracutHostOnly
>
>> ... This results in a very big initramfs, which takes a long time to
>> load on system start and a long time to create on kernel updates.
>
> For speed in cre
> = Features/DracutHostOnly =
> https://fedoraproject.org/wiki/Features/DracutHostOnly
> ... This results in a very big initramfs, which takes a long time to
> load on system start and a long time to create on kernel updates.
For speed in creating an initramfs, please consider Requiring
the pack
Am 01.02.2013 18:22, schrieb Adam Williamson:
> On Fri, 2013-02-01 at 11:46 +0100, Reindl Harald wrote:
>
>> in this case you have already the following because on
>> virtual machines it is very unlikely that hardware
>> fundenemtally changes
>
> Porting machines from one virt system to another
On Fri, 2013-02-01 at 11:46 +0100, Reindl Harald wrote:
> in this case you have already the following because on
> virtual machines it is very unlikely that hardware
> fundenemtally changes
Porting machines from one virt system to another isn't that unusual, and
that can cause the hardware to cha
Am 01.02.2013 11:37, schrieb Harald Hoyer:
> Am 29.01.2013 16:53, schrieb Dennis Gilmore:
>> as legal has said we cannot pregenerate initramfses i think this should
>> be a non-starter. even loading a 20mb initramfs from a sdcard on a slow
>> arm box doesnt take that long, and id personally much
Am 30.01.2013 00:22, schrieb Dennis Gilmore:
> On Tue, 29 Jan 2013 16:32:12 +
> Matthew Garrett wrote:
>
>> On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
>>> as legal has said we cannot pregenerate initramfses i think this
>>> should be a non-starter.
>>
>> We already ship s
Am 29.01.2013 16:53, schrieb Dennis Gilmore:
> El Tue, 29 Jan 2013 14:45:34 +
> Jaroslav Reznik escribió:
>> = Features/DracutHostOnly =
>> https://fedoraproject.org/wiki/Features/DracutHostOnly
>
>> Feature owner(s): Harald Hoyer
>
>> Only create "host-only" initramfs images. A generic fal
Am 29.01.2013 19:28, schrieb Daniel J Walsh:
> On 01/29/2013 11:20 AM, John Reiser wrote:
> A generic fallback image should be installed by anaconda on
> installation/update and never ever be removed.
>
>>> Also, fallback has interesting security properties…
>
>
>> "Rescue mode" forces a
Am 29.01.2013 17:20, schrieb John Reiser:
A generic fallback image should be
installed by anaconda on installation/update and never ever be
removed.
>
>> Also, fallback has interesting security properties…
>
>
> "Rescue mode" forces a SELinux relabel at the next boot, and relabel
Hi Jaroslav,
I would like to raise a caution about implementing this change. Several other
non-Linux systems are able to handle a variety of hardware changes after
installation, and still boot afterwards. I think it would be unfortunate if,
after changing hardware, it were not possible to boot
On 01/30/2013 02:07 PM, Bill Nottingham wrote:
> Miloslav Trmač (m...@volny.cz) said:
>> Teach grub to preload the kernel and initrd while waiting for the
>> timeout. That gives us _even better_ speedup, and doesn't sacrifice
>> the generic usability of the initrd.
> Well, if the plan is to not
Miloslav Trmač (m...@volny.cz) said:
> On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore wrote:
> > even loading a 20mb initramfs from a sdcard on a slow
> > arm box doesnt take that long, and id personally much rather be able to
> > change hardware or yank the drive and put it into a different bo
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore wrote:
> even loading a 20mb initramfs from a sdcard on a slow
> arm box doesnt take that long, and id personally much rather be able to
> change hardware or yank the drive and put it into a different box
> without worrying about making sure i have
On Wed, Jan 30, 2013 at 1:25 AM, Matthew Garrett wrote:
> On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote:
>> On Tue, 29 Jan 2013 16:32:12 +
>> Matthew Garrett wrote:
>> > On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
>> > > as legal has said we cannot pregene
On Tue, 29.01.13 14:17, Adam Williamson (awill...@redhat.com) wrote:
> On Tue, 2013-01-29 at 14:06 -0700, Chris Murphy wrote:
> > Am 29.01.2013 16:55, schrieb Bryn M. Reeves:
> > > Again, unless you have very different storage controllers this will not
> > > break.
> > >
> > > I really don't wan
On Tue, Jan 29, 2013 at 7:43 PM, Matthew Miller
wrote:
> On Tue, Jan 29, 2013 at 06:57:29PM -0500, Josh Boyer wrote:
>> >> that are built at kernel build time? the issue with building it at
>> >> build time was making sure we knew exactly what sourcs we needed to
>> >> ship to match all the binari
On Tue, Jan 29, 2013 at 06:57:29PM -0500, Josh Boyer wrote:
> >> that are built at kernel build time? the issue with building it at
> >> build time was making sure we knew exactly what sourcs we needed to
> >> ship to match all the binaries in the initramfs. the initramfs's we
> >> build and ship a
On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote:
> On Tue, 29 Jan 2013 16:32:12 +
> Matthew Garrett wrote:
> > On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
> > > as legal has said we cannot pregenerate initramfses i think this
> > > should be a non-starter.
>
On Tue, 29 Jan 2013 18:53:00 -0500
Matthew Miller wrote:
> On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote:
> > > We already ship several pre-generated initramfses.
> > that are built at kernel build time? the issue with building it at
> > build time was making sure we knew exactly
On Tue, Jan 29, 2013 at 6:53 PM, Matthew Miller
wrote:
> On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote:
>> > We already ship several pre-generated initramfses.
>> that are built at kernel build time? the issue with building it at
>> build time was making sure we knew exactly what
On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote:
> > We already ship several pre-generated initramfses.
> that are built at kernel build time? the issue with building it at
> build time was making sure we knew exactly what sourcs we needed to
> ship to match all the binaries in the i
On Tue, 29 Jan 2013 16:32:12 +
Matthew Garrett wrote:
> On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
> > as legal has said we cannot pregenerate initramfses i think this
> > should be a non-starter.
>
> We already ship several pre-generated initramfses.
>
that are built
On Tue, 2013-01-29 at 14:06 -0700, Chris Murphy wrote:
> Am 29.01.2013 16:55, schrieb Bryn M. Reeves:
> > Again, unless you have very different storage controllers this will not
> > break.
> >
> > I really don't want or need every FC HBA kernel module, firmware bin file
> > or other junk in my l
On Jan 29, 2013, at 2:29 PM, Lennart Poettering wrote:
> Much of the time is saved in the bootloader, since the initrd imager is
> now much shorter the boot loader will require muss less time to read it
> into memory. systemd-analyze won't show you this data (unless you run a
> git version and
On Tue, 29.01.13 14:06, Chris Murphy (li...@colorremedies.com) wrote:
> Am 29.01.2013 16:55, schrieb Bryn M. Reeves:
> > Again, unless you have very different storage controllers this will not
> > break.
> >
> > I really don't want or need every FC HBA kernel module, firmware bin file
> > or ot
Am 29.01.2013 20:47, schrieb Chris Murphy:
>
> On Jan 29, 2013, at 12:34 PM, Reindl Harald wrote:
>
>>
>>
>> Am 29.01.2013 20:30, schrieb Chris Murphy:
>>>
>>> On Jan 29, 2013, at 11:56 AM, Reindl Harald wrote:
grub2 in fedora is simply broken in this case
https://bugzilla.redh
Am 29.01.2013 16:55, schrieb Bryn M. Reeves:
> Again, unless you have very different storage controllers this will not break.
>
> I really don't want or need every FC HBA kernel module, firmware bin file or
> other junk in my laptop initramfs
> "just in case" I happen to swap the disk to a laptop
Am 29.01.2013 20:30, schrieb Chris Murphy:
>
> On Jan 29, 2013, at 11:56 AM, Reindl Harald wrote:
>>
>> grub2 in fedora is simply broken in this case
>> https://bugzilla.redhat.com/show_bug.cgi?id=882721
>
> So you've built grub2 from recent gnu.org source (Bazaar), and password
> protection
Am 29.01.2013 19:48, schrieb Chris Murphy:
>
> On Jan 29, 2013, at 9:44 AM, Matthew Miller wrote:
>
>> (I'm not sure if the new installer
>> even has an option for password-protecting grub2, offhand.)
>
> It doesn't. And this seems to be an area of confusion on the two grub lists
> for users
On Jan 29, 2013, at 12:34 PM, Reindl Harald wrote:
>
>
> Am 29.01.2013 20:30, schrieb Chris Murphy:
>>
>> On Jan 29, 2013, at 11:56 AM, Reindl Harald wrote:
>>>
>>> grub2 in fedora is simply broken in this case
>>> https://bugzilla.redhat.com/show_bug.cgi?id=882721
>>
>> So you've built gr
Jaroslav Reznik (jrez...@redhat.com) said:
> = Features/DracutHostOnly =
> https://fedoraproject.org/wiki/Features/DracutHostOnly
>
> Feature owner(s): Harald Hoyer
>
> Only create "host-only" initramfs images. A generic fallback image should be
> installed by anaconda on installation/update a
On Jan 29, 2013, at 11:56 AM, Reindl Harald wrote:
>
> grub2 in fedora is simply broken in this case
> https://bugzilla.redhat.com/show_bug.cgi?id=882721
So you've built grub2 from recent gnu.org source (Bazaar), and password
protection works? Just the Fedora version is broken?
Chris Murphy
-
On Tue, 2013-01-29 at 09:53 -0600, Dennis Gilmore wrote:
> as legal has said we cannot pregenerate initramfses
Really? Why?
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Tue, 29 Jan 2013 11:48:01 -0700
Chris Murphy wrote:
>
> On Jan 29, 2013, at 9:44 AM, Matthew Miller
> wrote:
>
> > (I'm not sure if the new installer
> > even has an option for password-protecting grub2, offhand.)
>
> It doesn't. And this seems to be an area of confusion on the two grub
>
On Tue, 2013-01-29 at 13:45 -0500, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/29/2013 01:34 PM, Simo Sorce wrote:
> > On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote:
> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> >>
> >> On 01/29/2013 11:20 AM
On Jan 29, 2013, at 9:44 AM, Matthew Miller wrote:
> (I'm not sure if the new installer
> even has an option for password-protecting grub2, offhand.)
It doesn't. And this seems to be an area of confusion on the two grub lists for
users and distro developers alike, looking to implement it. So I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/29/2013 01:34 PM, Simo Sorce wrote:
> On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/29/2013 11:20 AM, John Reiser wrote:
>> A generic fallback image should be installed
On Jan 29, 2013, at 6:09 AM, Jaroslav Reznik wrote:
> A generic fallback image should be
> installed by anaconda on installation/update and never ever be removed.
FYI, this will require change/supplementing grub2, possibly with a 4x_custom
file, or rescue specific, in /etc/grub.d. Without s
On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/29/2013 11:20 AM, John Reiser wrote:
> A generic fallback image should be installed by anaconda on
> installation/update and never ever be removed.
> >
> >> Also, fallbac
drago01 wrote:
> Why should this be the case?
> The initrd is generated on kernel install just generate one as
> "fallback" image and one host only for the main boot target.
+1
Grub2 is already smart enough to handle an additional boot line for a
"recovery mode". Then we can have our cake an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/29/2013 11:20 AM, John Reiser wrote:
A generic fallback image should be installed by anaconda on
installation/update and never ever be removed.
>
>> Also, fallback has interesting security properties…
>
>
> "Rescue mode" forces a SEL
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> El Tue, 29 Jan 2013 14:45:34 +
> Jaroslav Reznik escribió:
>> = Features/DracutHostOnly =
>> https://fedoraproject.org/wiki/Features/DracutHostOnly
>>
>> Feature owner(s): Harald Hoyer
On Tue, Jan 29, 2013 at 5:40 PM, Nicolas Mailhot
wrote:
>
> Le Mar 29 janvier 2013 17:09, drago01 a écrit :
>> On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot
>> wrote:
>>>
>>> Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit :
On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wr
On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
> as legal has said we cannot pregenerate initramfses i think this should
> be a non-starter.
Intriguing .. what is the objection to pre-generating an initramfs?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.r
On Tue, Jan 29, 2013 at 05:40:04PM +0100, Nicolas Mailhot wrote:
> bios and glue usb ports). Will fallback perform the security checks of
> the main boot path? When I see 'never ever be removed' does that mean this
> will make sure any Fedora box will have a boot entry to an old kernel,
> with kno
On 01/29/2013 04:32 PM, Nicolas Mailhot wrote:
In a Fedora context, when you do this it's because the old motherboard
failed unexpectedly, you bought a new one. It's a great relief to see
plugging the old drive on the new mobo just works. There is no prep in
advance and old and new mobo have seve
Le Mar 29 janvier 2013 17:09, drago01 a écrit :
> On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot
> wrote:
>>
>> Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit :
>>> On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote:
On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Rezn
On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote:
> as legal has said we cannot pregenerate initramfses i think this should
> be a non-starter.
We already ship several pre-generated initramfses.
--
Matthew Garrett | mj...@srcf.ucam.org
--
devel mailing list
devel@lists.fedoraproje
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> El Tue, 29 Jan 2013 14:45:34 +
> Jaroslav Reznik escribió:
>> = Features/DracutHostOnly =
>> https://fedoraproject.org/wiki/Features/DracutHostOnly
>>
>> Feature owner(s): Harald Hoyer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
El Tue, 29 Jan 2013 14:45:34 +
Jaroslav Reznik escribió:
> = Features/DracutHostOnly =
> https://fedoraproject.org/wiki/Features/DracutHostOnly
>
> Feature owner(s): Harald Hoyer
>
> Only create "host-only" initramfs images. A generic fallback
>>> A generic fallback image should be
>>> installed by anaconda on installation/update and never ever be
>>> removed.
> Also, fallback has interesting security properties…
"Rescue mode" forces a SELinux relabel at the next boot, and relabel
can take a very long time.
How does "fallback mode" h
On Tue, Jan 29, 2013 at 4:59 PM, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/29/2013 10:55 AM, Bryn M. Reeves wrote:
>> On 01/29/2013 03:45 PM, Simo Sorce wrote:
>>> I guess it was in the short while I switched to Ubuntu, because
>>> from my memory I used t
On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot
wrote:
>
> Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit :
>> On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote:
>>> On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote:
>>> > Only create "host-only" initramfs images.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/29/2013 10:55 AM, Bryn M. Reeves wrote:
> On 01/29/2013 03:45 PM, Simo Sorce wrote:
>> I guess it was in the short while I switched to Ubuntu, because
>> from my memory I used to change hardware on my machines and
>> always be extremely happy a
Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit :
> On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote:
>> On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote:
>> > Only create "host-only" initramfs images. A generic fallback image
>> should be
>> > installed by anacon
On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote:
> On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote:
> > Only create "host-only" initramfs images. A generic fallback image should
> > be
> > installed by anaconda on installation/update and never ever be removed.
> W
On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote:
> Only create "host-only" initramfs images. A generic fallback image should be
> installed by anaconda on installation/update and never ever be removed.
Will there be a way to opt out of this? The fallback image will consume
space
On 01/29/2013 02:45 PM, Jaroslav Reznik wrote:
= Features/DracutHostOnly =
https://fedoraproject.org/wiki/Features/DracutHostOnly
Feature owner(s): Harald Hoyer
Only create "host-only" initramfs images. A generic fallback image should be
installed by anaconda on installation/update and never e
= Features/DracutHostOnly =
https://fedoraproject.org/wiki/Features/DracutHostOnly
Feature owner(s): Harald Hoyer
Only create "host-only" initramfs images. A generic fallback image should be
installed by anaconda on installation/update and never ever be removed.
== Detailed description ==
Cu
61 matches
Mail list logo
