Mailinglist Archive: opensuse-features (244 mails)

< Previous Next >
[openFATE 306907] Add support for Ksplice
  • From: fate_noreply@xxxxxxx
  • Date: Tue, 12 Oct 2010 13:48:44 +0200 (CEST)
  • Message-id: <feature-306907-31@xxxxxxxxxxxxxx>
Feature changed by: Thomas Schmidt (digitaltomm)
Feature #306907, revision 31
Title: Add support for Ksplice

openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-08-12 10:52:21
reject reason: Let's evaluate for 11.3.
Priority
Requester: Important

- openSUSE-11.3: Rejected by Andreas Jaeger (jbenc)
+ openSUSE-11.3: Rejected by Jiri Benc (jbenc)
reject date: 2010-03-24 12:07:28
reject reason: Not enough resources in the kernel teams to provide
updates as ksplice patches.
Priority
Requester: Important

openSUSE-11.4: Evaluation
Priority
Requester: Important

Requested by: Stephan Kleine (bitshuffler)

Description:
KSplice allows it currently to apply most but not all kernel updates
without the need to reboot which is especially great for servers. It's
backed by a newly founded corporation that continually tries to improve
it so hopefully sometime in the future a reboot wont be necessary for
any kernel update.
Fedora as well as Ubuntu already support it so openSUSE shouldn't stay
behind.
URL: http://www.ksplice.com/

Discussion:
#1: Harald Milz (suse2miha) (2009-08-04 21:16:55)
Ksplice will be THE reason for many webserver admins to choose Ubuntu
and not openSUSE. Don't lose any ground on the server market, make use
of Ksplice too.

#2: (bmwiedemann) (2009-10-09 11:37:37)
A presentation at LinuxTag 2009 from the ksplice guys as well as
http://en.wikipedia.org/wiki/Ksplice says, that all security patches
can be made rebootless. Only 12% of 64 studied patches needed manual
extra code (e.g. for updating structure data).
The proper way of distribution would of course also update /lib/modules
and /boot/vmlinuz/initrd but possibly patch the running kernel via a
rpm post-inst script.
I have noted that in the past, openSUSE kernel-updates happened later
than those for Debian and Ubuntu, but often contained several fixes at
a time. I guess, part of this is due to the reboot needed after a
kernel-update, so with Ksplice critical security fixes could reach
users faster.

#3: John Sheehy (jesheehy) (2010-02-10 03:36:17)
Ksplice or similar functionality is critical for production servers,
especially those exposed in the DMZ.
In the future there should never be an excuse that a security patch
didn't get applied since it required a reboot and a maintenance window
wasn't available right away.

#4: Jiri Benc (jbenc) (2010-03-24 12:06:24)
This is really two requests:
1. Add the ksplice kernel module into the distribution.
2. Provide the kernel updates as ksplice patches (most likely as an
alternative to the normal updates).
While 1. is easy, I don't see the kernel teams having enough resources
for 2. It will require the community to step in; anybody who's
interested in doing the work is welcome.
That said, 1. does not make sense without 2. If we find somebody who
does the work (please speak up if you are interested!), the module can
be distributed as a KMP and/or this feature can be reopened.

#5: Michel Veltman (gwayne) (2010-04-12 09:08:39)
Just for the record I would add the functionaly to the kernel anyway so
people can play with it. Even when the kernelteam does not yet deliver
the paches in ksplice format.
Because If we later decide to offer the ksplice patches it can be done.


#6: Michal Marek (michal-m) (2010-04-12 13:55:24) (reply to #5)
Are there any kernel modifications needed on our side? From a short
look at http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz, it's a
set of userspace programs and a kernel module template that gets
compiled when you apply a ksplice patch.

#7: John Shand (jshand2008) (2010-04-12 21:54:10)
From what i can tell from their website, this is a non-free software
package.....

#8: Bernhard Wiedemann (bmwiedemann) (2010-04-13 09:32:17) (reply to
#7)
The website is mostly about the commercial services offered.Nevertheless
http://www.ksplice.com/dist/ksplice-0.9.9-src.tar.gz contains in its
"COPYING: file                     GNU GENERAL PUBLIC
LICENSE                        Version 2, June 1991
and .c and .pl files state in their head
 *  This program is free software; you can redistribute it and/or
modify  *  it under the terms of the GNU General Public License,
version 2.
only those in kmodsrc/x86/libudis86/ have a different, more liberal
license (BSD-License)
So this is simply free software.
@Michel & @Michal: ksplice should be working on vanilla kernels, so no
kernel patch needed.

#9: Michal Marek (michal-m) (2010-04-13 14:13:28) (reply to #8)
OK, in that case all we need to get basic ksplice enablement is to
package the ksplice scripts and submit them to Factory. This can be
done by anyone.
As for providing ksplice kernel patches, see comment #4.



--
openSUSE Feature:
https://features.opensuse.org/306907

< Previous Next >
This Thread
  • No further messages