mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-23 18:07:03 +00:00
283e8ba2df
The sign-file.c program actually uses CMS rather than PKCS#7 to sign a file since that allows the target X.509 certificate to be specified by subjectKeyId rather than by issuer + serialNumber. However, older versions of the OpenSSL crypto library (such as may be found in CentOS 5.11) don't support CMS. Assume everything prior to OpenSSL-1.0.0 doesn't support CMS and switch to using PKCS#7 in that case. Further, the pre-1.0.0 OpenSSL only supports PKCS#7 signing with SHA1, so give an error from the sign-file script if the caller requests anything other than SHA1. The compiler gives the following error with an OpenSSL crypto library that's too old: HOSTCC scripts/sign-file scripts/sign-file.c:23:25: fatal error: openssl/cms.h: No such file or directory #include <openssl/cms.h> Reported-by: Vinson Lee <vlee@twopensource.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: David Woodhouse <David.Woodhouse@intel.com>
411 lines
12 KiB
Plaintext
411 lines
12 KiB
Plaintext
Intro
|
|
=====
|
|
|
|
This document is designed to provide a list of the minimum levels of
|
|
software necessary to run the 3.0 kernels.
|
|
|
|
This document is originally based on my "Changes" file for 2.0.x kernels
|
|
and therefore owes credit to the same people as that file (Jared Mauch,
|
|
Axel Boldt, Alessandro Sigala, and countless other users all over the
|
|
'net).
|
|
|
|
Current Minimal Requirements
|
|
============================
|
|
|
|
Upgrade to at *least* these software revisions before thinking you've
|
|
encountered a bug! If you're unsure what version you're currently
|
|
running, the suggested command should tell you.
|
|
|
|
Again, keep in mind that this list assumes you are already functionally
|
|
running a Linux kernel. Also, not all tools are necessary on all
|
|
systems; obviously, if you don't have any ISDN hardware, for example,
|
|
you probably needn't concern yourself with isdn4k-utils.
|
|
|
|
o GNU C 3.2 # gcc --version
|
|
o GNU make 3.80 # make --version
|
|
o binutils 2.12 # ld -v
|
|
o util-linux 2.10o # fdformat --version
|
|
o module-init-tools 0.9.10 # depmod -V
|
|
o e2fsprogs 1.41.4 # e2fsck -V
|
|
o jfsutils 1.1.3 # fsck.jfs -V
|
|
o reiserfsprogs 3.6.3 # reiserfsck -V
|
|
o xfsprogs 2.6.0 # xfs_db -V
|
|
o squashfs-tools 4.0 # mksquashfs -version
|
|
o btrfs-progs 0.18 # btrfsck
|
|
o pcmciautils 004 # pccardctl -V
|
|
o quota-tools 3.09 # quota -V
|
|
o PPP 2.4.0 # pppd --version
|
|
o isdn4k-utils 3.1pre1 # isdnctrl 2>&1|grep version
|
|
o nfs-utils 1.0.5 # showmount --version
|
|
o procps 3.2.0 # ps --version
|
|
o oprofile 0.9 # oprofiled --version
|
|
o udev 081 # udevd --version
|
|
o grub 0.93 # grub --version || grub-install --version
|
|
o mcelog 0.6 # mcelog --version
|
|
o iptables 1.4.2 # iptables -V
|
|
o openssl & libcrypto 1.0.0 # openssl version
|
|
|
|
|
|
Kernel compilation
|
|
==================
|
|
|
|
GCC
|
|
---
|
|
|
|
The gcc version requirements may vary depending on the type of CPU in your
|
|
computer.
|
|
|
|
Make
|
|
----
|
|
|
|
You will need GNU make 3.80 or later to build the kernel.
|
|
|
|
Binutils
|
|
--------
|
|
|
|
Linux on IA-32 has recently switched from using as86 to using gas for
|
|
assembling the 16-bit boot code, removing the need for as86 to compile
|
|
your kernel. This change does, however, mean that you need a recent
|
|
release of binutils.
|
|
|
|
Perl
|
|
----
|
|
|
|
You will need perl 5 and the following modules: Getopt::Long, Getopt::Std,
|
|
File::Basename, and File::Find to build the kernel.
|
|
|
|
BC
|
|
--
|
|
|
|
You will need bc to build kernels 3.10 and higher
|
|
|
|
|
|
OpenSSL
|
|
-------
|
|
|
|
Module signing and external certificate handling use the OpenSSL program and
|
|
crypto library to do key creation and signature generation.
|
|
|
|
You will need openssl to build kernels 3.7 and higher if module signing is
|
|
enabled. You will also need openssl development packages to build kernels 4.3
|
|
and higher.
|
|
|
|
|
|
System utilities
|
|
================
|
|
|
|
Architectural changes
|
|
---------------------
|
|
|
|
DevFS has been obsoleted in favour of udev
|
|
(http://www.kernel.org/pub/linux/utils/kernel/hotplug/)
|
|
|
|
32-bit UID support is now in place. Have fun!
|
|
|
|
Linux documentation for functions is transitioning to inline
|
|
documentation via specially-formatted comments near their
|
|
definitions in the source. These comments can be combined with the
|
|
SGML templates in the Documentation/DocBook directory to make DocBook
|
|
files, which can then be converted by DocBook stylesheets to PostScript,
|
|
HTML, PDF files, and several other formats. In order to convert from
|
|
DocBook format to a format of your choice, you'll need to install Jade as
|
|
well as the desired DocBook stylesheets.
|
|
|
|
Util-linux
|
|
----------
|
|
|
|
New versions of util-linux provide *fdisk support for larger disks,
|
|
support new options to mount, recognize more supported partition
|
|
types, have a fdformat which works with 2.4 kernels, and similar goodies.
|
|
You'll probably want to upgrade.
|
|
|
|
Ksymoops
|
|
--------
|
|
|
|
If the unthinkable happens and your kernel oopses, you may need the
|
|
ksymoops tool to decode it, but in most cases you don't.
|
|
It is generally preferred to build the kernel with CONFIG_KALLSYMS so
|
|
that it produces readable dumps that can be used as-is (this also
|
|
produces better output than ksymoops). If for some reason your kernel
|
|
is not build with CONFIG_KALLSYMS and you have no way to rebuild and
|
|
reproduce the Oops with that option, then you can still decode that Oops
|
|
with ksymoops.
|
|
|
|
Module-Init-Tools
|
|
-----------------
|
|
|
|
A new module loader is now in the kernel that requires module-init-tools
|
|
to use. It is backward compatible with the 2.4.x series kernels.
|
|
|
|
Mkinitrd
|
|
--------
|
|
|
|
These changes to the /lib/modules file tree layout also require that
|
|
mkinitrd be upgraded.
|
|
|
|
E2fsprogs
|
|
---------
|
|
|
|
The latest version of e2fsprogs fixes several bugs in fsck and
|
|
debugfs. Obviously, it's a good idea to upgrade.
|
|
|
|
JFSutils
|
|
--------
|
|
|
|
The jfsutils package contains the utilities for the file system.
|
|
The following utilities are available:
|
|
o fsck.jfs - initiate replay of the transaction log, and check
|
|
and repair a JFS formatted partition.
|
|
o mkfs.jfs - create a JFS formatted partition.
|
|
o other file system utilities are also available in this package.
|
|
|
|
Reiserfsprogs
|
|
-------------
|
|
|
|
The reiserfsprogs package should be used for reiserfs-3.6.x
|
|
(Linux kernels 2.4.x). It is a combined package and contains working
|
|
versions of mkreiserfs, resize_reiserfs, debugreiserfs and
|
|
reiserfsck. These utils work on both i386 and alpha platforms.
|
|
|
|
Xfsprogs
|
|
--------
|
|
|
|
The latest version of xfsprogs contains mkfs.xfs, xfs_db, and the
|
|
xfs_repair utilities, among others, for the XFS filesystem. It is
|
|
architecture independent and any version from 2.0.0 onward should
|
|
work correctly with this version of the XFS kernel code (2.6.0 or
|
|
later is recommended, due to some significant improvements).
|
|
|
|
PCMCIAutils
|
|
-----------
|
|
|
|
PCMCIAutils replaces pcmcia-cs. It properly sets up
|
|
PCMCIA sockets at system startup and loads the appropriate modules
|
|
for 16-bit PCMCIA devices if the kernel is modularized and the hotplug
|
|
subsystem is used.
|
|
|
|
Quota-tools
|
|
-----------
|
|
|
|
Support for 32 bit uid's and gid's is required if you want to use
|
|
the newer version 2 quota format. Quota-tools version 3.07 and
|
|
newer has this support. Use the recommended version or newer
|
|
from the table above.
|
|
|
|
Intel IA32 microcode
|
|
--------------------
|
|
|
|
A driver has been added to allow updating of Intel IA32 microcode,
|
|
accessible as a normal (misc) character device. If you are not using
|
|
udev you may need to:
|
|
|
|
mkdir /dev/cpu
|
|
mknod /dev/cpu/microcode c 10 184
|
|
chmod 0644 /dev/cpu/microcode
|
|
|
|
as root before you can use this. You'll probably also want to
|
|
get the user-space microcode_ctl utility to use with this.
|
|
|
|
udev
|
|
----
|
|
udev is a userspace application for populating /dev dynamically with
|
|
only entries for devices actually present. udev replaces the basic
|
|
functionality of devfs, while allowing persistent device naming for
|
|
devices.
|
|
|
|
FUSE
|
|
----
|
|
|
|
Needs libfuse 2.4.0 or later. Absolute minimum is 2.3.0 but mount
|
|
options 'direct_io' and 'kernel_cache' won't work.
|
|
|
|
Networking
|
|
==========
|
|
|
|
General changes
|
|
---------------
|
|
|
|
If you have advanced network configuration needs, you should probably
|
|
consider using the network tools from ip-route2.
|
|
|
|
Packet Filter / NAT
|
|
-------------------
|
|
The packet filtering and NAT code uses the same tools like the previous 2.4.x
|
|
kernel series (iptables). It still includes backwards-compatibility modules
|
|
for 2.2.x-style ipchains and 2.0.x-style ipfwadm.
|
|
|
|
PPP
|
|
---
|
|
|
|
The PPP driver has been restructured to support multilink and to
|
|
enable it to operate over diverse media layers. If you use PPP,
|
|
upgrade pppd to at least 2.4.0.
|
|
|
|
If you are not using udev, you must have the device file /dev/ppp
|
|
which can be made by:
|
|
|
|
mknod /dev/ppp c 108 0
|
|
|
|
as root.
|
|
|
|
Isdn4k-utils
|
|
------------
|
|
|
|
Due to changes in the length of the phone number field, isdn4k-utils
|
|
needs to be recompiled or (preferably) upgraded.
|
|
|
|
NFS-utils
|
|
---------
|
|
|
|
In ancient (2.4 and earlier) kernels, the nfs server needed to know
|
|
about any client that expected to be able to access files via NFS. This
|
|
information would be given to the kernel by "mountd" when the client
|
|
mounted the filesystem, or by "exportfs" at system startup. exportfs
|
|
would take information about active clients from /var/lib/nfs/rmtab.
|
|
|
|
This approach is quite fragile as it depends on rmtab being correct
|
|
which is not always easy, particularly when trying to implement
|
|
fail-over. Even when the system is working well, rmtab suffers from
|
|
getting lots of old entries that never get removed.
|
|
|
|
With modern kernels we have the option of having the kernel tell mountd
|
|
when it gets a request from an unknown host, and mountd can give
|
|
appropriate export information to the kernel. This removes the
|
|
dependency on rmtab and means that the kernel only needs to know about
|
|
currently active clients.
|
|
|
|
To enable this new functionality, you need to:
|
|
|
|
mount -t nfsd nfsd /proc/fs/nfsd
|
|
|
|
before running exportfs or mountd. It is recommended that all NFS
|
|
services be protected from the internet-at-large by a firewall where
|
|
that is possible.
|
|
|
|
mcelog
|
|
------
|
|
|
|
On x86 kernels the mcelog utility is needed to process and log machine check
|
|
events when CONFIG_X86_MCE is enabled. Machine check events are errors reported
|
|
by the CPU. Processing them is strongly encouraged.
|
|
|
|
Getting updated software
|
|
========================
|
|
|
|
Kernel compilation
|
|
******************
|
|
|
|
gcc
|
|
---
|
|
o <ftp://ftp.gnu.org/gnu/gcc/>
|
|
|
|
Make
|
|
----
|
|
o <ftp://ftp.gnu.org/gnu/make/>
|
|
|
|
Binutils
|
|
--------
|
|
o <ftp://ftp.kernel.org/pub/linux/devel/binutils/>
|
|
|
|
OpenSSL
|
|
-------
|
|
o <https://www.openssl.org/>
|
|
|
|
System utilities
|
|
****************
|
|
|
|
Util-linux
|
|
----------
|
|
o <ftp://ftp.kernel.org/pub/linux/utils/util-linux/>
|
|
|
|
Ksymoops
|
|
--------
|
|
o <ftp://ftp.kernel.org/pub/linux/utils/kernel/ksymoops/v2.4/>
|
|
|
|
Module-Init-Tools
|
|
-----------------
|
|
o <ftp://ftp.kernel.org/pub/linux/kernel/people/rusty/modules/>
|
|
|
|
Mkinitrd
|
|
--------
|
|
o <https://code.launchpad.net/initrd-tools/main>
|
|
|
|
E2fsprogs
|
|
---------
|
|
o <http://prdownloads.sourceforge.net/e2fsprogs/e2fsprogs-1.29.tar.gz>
|
|
|
|
JFSutils
|
|
--------
|
|
o <http://jfs.sourceforge.net/>
|
|
|
|
Reiserfsprogs
|
|
-------------
|
|
o <http://www.kernel.org/pub/linux/utils/fs/reiserfs/>
|
|
|
|
Xfsprogs
|
|
--------
|
|
o <ftp://oss.sgi.com/projects/xfs/>
|
|
|
|
Pcmciautils
|
|
-----------
|
|
o <ftp://ftp.kernel.org/pub/linux/utils/kernel/pcmcia/>
|
|
|
|
Quota-tools
|
|
----------
|
|
o <http://sourceforge.net/projects/linuxquota/>
|
|
|
|
DocBook Stylesheets
|
|
-------------------
|
|
o <http://sourceforge.net/projects/docbook/files/docbook-dsssl/>
|
|
|
|
XMLTO XSLT Frontend
|
|
-------------------
|
|
o <http://cyberelk.net/tim/xmlto/>
|
|
|
|
Intel P6 microcode
|
|
------------------
|
|
o <https://downloadcenter.intel.com/>
|
|
|
|
udev
|
|
----
|
|
o <http://www.freedesktop.org/software/systemd/man/udev.html>
|
|
|
|
FUSE
|
|
----
|
|
o <http://sourceforge.net/projects/fuse>
|
|
|
|
mcelog
|
|
------
|
|
o <http://www.mcelog.org/>
|
|
|
|
Networking
|
|
**********
|
|
|
|
PPP
|
|
---
|
|
o <ftp://ftp.samba.org/pub/ppp/>
|
|
|
|
Isdn4k-utils
|
|
------------
|
|
o <ftp://ftp.isdn4linux.de/pub/isdn4linux/utils/>
|
|
|
|
NFS-utils
|
|
---------
|
|
o <http://sourceforge.net/project/showfiles.php?group_id=14>
|
|
|
|
Iptables
|
|
--------
|
|
o <http://www.iptables.org/downloads.html>
|
|
|
|
Ip-route2
|
|
---------
|
|
o <https://www.kernel.org/pub/linux/utils/net/iproute2/>
|
|
|
|
OProfile
|
|
--------
|
|
o <http://oprofile.sf.net/download/>
|
|
|
|
NFS-Utils
|
|
---------
|
|
o <http://nfs.sourceforge.net/>
|