search

keks24 / raspberry-pi-luks

[mirror] encrypt the "root" partition of the raspberry pi stock image "raspberry pi os lite"
Apache License 2.0
28 stars 2 forks source link

Suggestion — section on how to handle kernel updates #8

Closed xanoni closed 3 years ago

xanoni commented 3 years ago

Hey Keks, I was just greeted by apt like this:

image

A "how to update the kernel" section in the guide would be helpful. I know it's hidden somewhere inbetween the lines, but it could be more explicit given the first update will be quite intimidating ;-)

xanoni commented 3 years ago

You wrote:

Note, that the custom hook script /etc/kernel/preinst.d/01-rpi-initramfs-tools silently fails, if working on a different system in a chroot environment, since it uses uname to determine the current kernel version and compares its suffix with the suffix of the package kernel version in order to copy the post-install and post-remove hook scripts into their respective directories. If one is using a Raspberry Pi for this setup, make sure, that the kernel version of the Raspberry Pi and within the chroot environment are identical.

So how would I best upgrade it from within the same machine,? When I create the initramfs, uname -a will obviously still be the previous kernel version, given I can't reboot.

xanoni commented 3 years ago

(I just did the below and praying that it still boots, haha.)

cp -a /etc/kernel/postinst.d/5.10.17-v7l+/ /etc/kernel/postinst.d/5.10.17-v8+
cp -a /etc/kernel/postrm.d/5.10.17-v7l+/ /etc/kernel/postrm.d/5.10.17-v8+
apt install raspberrypi-kernel --reinstall
xanoni commented 3 years ago

@keks24 do you think it will reboot? Have been too scared to try, given there's production stuff on there and I can't risk extended downtime.

xanoni commented 3 years ago

OMG I now understand what happened ... I installed docker-compose from apt and somehow that tricked my Pi into thinking it was a -v8+ ... I guess that's 64bit Raspbian? Good that I didn't reboot haha.

keks24 commented 3 years ago

I was just greeted by apt like this

If you are unaware of this: This dialog window is executed by needrestart, which is always executed by apt as post-install step. You can find it somewhere in /etc/apt/:

$ grep -rF "needrestart" /etc/apt

-v8+ ... I guess that's 64bit Raspbian?

Yes, the suffix -v8+ indicates, that you are using a 64 bit kernel. Raspbian still bases on 32 bit, but there is a 64 bit beta version to try out.

So how would I best upgrade it from within the same machine,? When I create the initramfs, uname -a will obviously still be the previous kernel version, given I can't reboot.

Have a look at the preinst script.

uname is used to get the current kernel version only. The new kernel version comes from the package raspberrypi-kernel, which executes run-parts as pre-install step. run-parts executes the script /etc/kernel/preinst.d/01-rpi-initramfs-tools, where the first parameter (${1}) contains the new kernel version.

You should be fine with every upgrade.

-Ramon

xanoni commented 3 years ago

Yes this is what I did for the recent upgrade.... but I was sweating a bit, given I don't have a monitor and need to fix everything blind.

And no, I don't have a 64-bit kernel. That was the weird thing. There's something broken in the docker-compose package. It renders the Pi unbootable (a friend reproduced this).