Important new kernel, microcode, and firmware packages available for testing. (June 1, 2018)

ben79 · June 1, 2018, 6:15pm

Today in Main-testing repo our busy developers have released new kernel, kernel-firmware, microcode-intel, and radeon-firmware packages. These are important security updates as well as adding new features.

# urpmi --auto-update
...
(medium "MAIN-TESTING")
 busybox-static                      1.28.4       1             omv   2015.0 x86_64 
 cpupower                            4.16.13      1             omv   2015.0 x86_64 
 iwlwifi-agn-ucode                   20180531     1             omv   2015.0 noarch 
 kernel-firmware                     20180531     1             omv   2015.0 noarch 
 kernel-firmware-extra               20180531     1             omv   2015.0 noarch 
 kernel-release-desktop-4.16.13-1omv 1            1             omv   2015.0 x86_64 
 kernel-release-desktop-latest       4.16.13      1             omv   2015.0 x86_64 
 microcode-intel                     20180425     1             omv   2015.0 noarch 
 radeon-firmware                     20180531     1             omv   2015.0 noarch

We need to get these tested and published to Main-updates repo as soon as possible for benefit of all of our users.

If interested more on kernel 4.16.x here.

ben79 · June 1, 2018, 7:33pm

Edit: Tested in both VBox and on hardware.

There appears to be an issue with kernel 4.16.13 booting. On every boot I get this:

A start job is running for firewalld - dynamic firewall daemon ( / X min XX sec)

I put the X’s for the time because that timeout time is different on every boot (which seems very odd itself). But this is adding a minimum of 1 and 1/2 minutes to every single boot with this kernel version. Booting with previous kernel 4.15.18 results in no delay or issue.

Otherwise so far the kernel 4.16.13 appears working but it is early in the testing process.

ben79 · June 1, 2018, 11:38pm

All-right lets get the Linux monkey to gather some logs for developers:

dmesg.txt (46.3 KB)

firewalld-status.txt (809 Bytes)

ben79 · June 1, 2018, 11:42pm

journalctl-b.txt (110.0 KB)

ben79 · June 1, 2018, 11:44pm

So firewalld was not started (timed out):

$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: failed (Result: timeout) since Fri 2018-06-01 18:31:25 CDT; 10min ago
     Docs: man:firewalld(1)
  Process: 2160 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=killed, signal=TERM)
 Main PID: 2160 (code=killed, signal=TERM)

Jun 01 18:29:55 ben79-pc systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 01 18:31:25 ben79-pc systemd[1]: firewalld.service: Start operation timed out. Terminating.
Jun 01 18:31:25 ben79-pc systemd[1]: firewalld.service: Failed with result 'timeout'.
Jun 01 18:31:25 ben79-pc systemd[1]: Failed to start firewalld - dynamic firewall daemon.

But then firewalld does start manually after boot:

$ systemctl start firewalld.service

$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-06-01 18:43:29 CDT; 5s ago
     Docs: man:firewalld(1)
 Main PID: 3513 (firewalld)
    Tasks: 2 (limit: 4654)
   Memory: 29.1M
   CGroup: /system.slice/firewalld.service
           └─3513 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jun 01 18:43:29 ben79-pc systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 01 18:43:29 ben79-pc systemd[1]: Started firewalld - dynamic firewall daemon.

ben79 · June 1, 2018, 11:55pm

Output of ‘systemctl show start firewalld.service’:

show-start-firewalld.txt (19.5 KB)

ben79 · June 2, 2018, 5:24pm

Working with crazy at #open-mandriva (that is where the action is) we have found that:

man-db.service is broken
ip6tables.service is broken
either firewall.d.service needs to be changer OR something in networking needs to be changed.

ALSO:

smb.service = started by default in OM Lx 3, probably should not be
and
nmb.service = started by default in OM Lx 3, probably should not be
and

ben79 · June 2, 2018, 5:29pm

A patch/workaround for firewalld.service 1 and 1/2 minute or longer boot delay:

Edit ‘/lib/systemd/system/firewalld.service’ thus:

[Unit]
Description=firewalld - dynamic firewall daemon
# Before=network-pre.target
# Wants=network-pre.target
After=dbus.service
After=polkit.service
After=NetworkManager.service
Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
Documentation=man:firewalld(1)

[Service]
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
BusName=org.fedoraproject.FirewallD1
KillMode=mixed

[Install]
WantedBy=multi-user.target
Alias=dbus-org.fedoraproject.FirewallD1.service

These changes are made to the first section of the file under ‘[Unit]’. What we have changed is to comment out these 2 lines:

# Before=network-pre.target
# Wants=network-pre.target

and adding one line after the line ‘After=polkit.service’ like this:

After=polkit.service
After=NetworkManager.service

The end result should be like the file posted above.