Debian : using stock kernel

Hello,

I sucessfully run Debian 8 on my Dockstar using bodhi's rootfs from this thread. My U-Boot is latest (2016.05), and I'm currently starting the kernel by passing the dtb file to U-Boot (fw_setenv load_dtb 'ext2load usb 0:1 0x1c00000 /boot/dts/kirkwood-dockstar.dtb').

As my dockstar is used in a "set it and forget it" way, I'm willing to switch to mainline Debian's kernel, benefitting from security patches.
I've read here that it should be doable by simply installing flash-kernel.
However, I'm concerned about compatibility with my current setup (the article is from 2012), as I couldn't really understand what flash-kernel does.
- Does it automatically append the dtb file to the kernel ?
- Does it really write to the dockstar's internal flash (mtd0 ? mtd1 ?). I do not wish to lose my rescue system from mtd1...
- Does it messes up with the envs ?

Sorry if this is not the good place to ask for this, but as said, I couldn't find much info/help about flash-kernel.

unrelated P.S. : bodhi, if you ever read this, thanks a bunch for your work, and the various safeties (uEnv.txt...) you put in place. It already saved my dockstar once !

> - Does it automatically append the dtb file to the
> kernel ?

No, it does not.

> - Does it really write to the dockstar's internal
> flash (mtd0 ? mtd1 ?). I do not wish to lose my
> rescue system from mtd1...
> - Does it messes up with the envs ?

Nothing like that, flash-kernel will only generate new uImage and uInitrd for you (in /boot) when the mainline kernel is upgraded.

FYI, you could have a set/forget system by setting unattended upgrade, while running a custom kernel such one I provided too. With apt source list set to Debian update security, you don't miss any such update. Just pointing out this fact for the forum readers, I am not trying to convince you to keep my custom kernel.

Whether using mainline or custom kernel, I would not recommend to do dist-upgrade unattended (this is when flash-kernel come in to play, i.e when the kernel changed).

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)

Wow, thanks for the fast answer !

Quote

> - Does it automatically append the dtb file to the
> kernel ?
No, it does not.

I'm not sure I perfectly understood that, but I took the plunge anyway, and everything seems to be working.
For anyone stumbling upon this here's what I did, starting from bodhi's Debian 4.4 rootfs:

#aptitude install flash-kernel
#aptitude install linux-headers-kirkwood linux-image-kirkwood linux-modules-3.16.0-4-kirkwood linux-latest-modules-3.16.0-4-kirkwood firmware-linux-free libc6-dev
#/usr/bin/mkimage -A arm -O linux -T kernel -C none -a 0x00008000 -e 0x00008000 -n Linux-3.16.0-4 -d /boot/vmlinuz-3.16.0-4-kirkwood /boot/uImage
#/usr/bin/mkimage -A arm -O linux -T ramdisk -C gzip -a 0x00000000 -e 0x00000000 -n initramfs -d /boot/initrd.img-3.16.0-4-kirkwood /boot/uInitrd
#reboot

Here, somehow, the dockstar properly rebooted in 3.16 (confirmed with uname), but uboot seems to still be loading the old dtb file. Indeed, after purging the 4.4 kernel (and properly triggering flash-kernel), my dockstar wouldn't boot, trying to load a non-existing (or non-necessary ?) dtb. You have to clear the dtb_file env :

#aptitude purge linux-image-4.4 linux-image-4.4.0-kirkwood-tld-1 linux-modules-4.4
(...)
Processing triggers for flash-kernel (3.35+deb8u3) ...
Installing kirkwood-dockstar.dtb into /boot/dtb-3.16.0-4-kirkwood
Installing new dtb-3.16.0-4-kirkwood.
flash-kernel: installing version 3.16.0-4-kirkwood
(...)
#fw_setenv dtb_file

Quote

With apt source list set to Debian update security, you don't miss any such update.

I get security updates for all Debian's packages, but not the kernel, since it's your custom version, ain't I ?

Quote

I would not recommend to do dist-upgrade unattended

I'm well aware of the risks, but I'd rather have a broken system (hopefully not bricked, hence my concerns about mtd1), than an insecure one :)

> I'm well aware of the risks, but I'd rather have a
> broken system (hopefully not bricked, hence my
> concerns about mtd1), than an insecure one :)

I think you are overly cautious. Usually, when you run an embedded Linux box automomously, and have Debian security updates unattended, then it is pretty safe just leaving it running. IOW, you are going to only run some specific services on the box when you do this, right? This is not a general purpose computer. So you only need to ssh in once in a while to actually see the update log. It is rare that the Debian security for those service packages will also require linux package update.

However, whatever satisfies your needs and not keeping you awake at night is good to do.

-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)