0. 상황
CentOS 6.2 의 커널(kernel-2.6.32-220.el6.x86_64)의 Intel 82574L NIC 칩셋 드라이버 버그로 인해 해결된 kernel-2.6.32-358.6.2.el6.x86_64 커널로 업데이트하려 하자 충돌메시지와 함께 진행이 안된다. 해결을 위해 yum 메타데이터를 비운 후 진행하면 된다.
또한 해당 업데이트 커널(kernel-2.6.32-358.6.2.el6)은 2.6.37 ~ 3.8.9 커널의 perf_swevent_init function 에서 발견된 취약점으로 인한 root 권한을 획득할 수 있는 공격코드를 방어할 수 있도록 패치되었다.
CentOS 6.0 ~ 6.4 까지의 모든 버젼에서 취약점이 내포된 커널을 사용하므로 업데이트가 필수임.
1. 충돌 메시지
아래와 같이 bfa-firmware와 커널이 충돌이 난다고 에러가 발생하며 update가 안됨.
[root@Sample-local ~]# yum update kernel
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: ftp.yz.yamagata-u.ac.jp
* extras: centos.mirror.cdnetworks.com
* updates: centos.mirror.cdnetworks.com
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:2.6.32-358.6.2.el6 will be installed
--> Processing Dependency: kernel-firmware >= 2.6.32-358.6.2.el6 for package: kernel-2.6.32-358.6.2.el6.x86_64
--> Running transaction check
---> Package kernel-firmware.noarch 0:2.6.32-220.el6 will be updated
---> Package kernel-firmware.noarch 0:2.6.32-358.6.2.el6 will be an update
--> Processing Conflict: kernel-2.6.32-358.6.2.el6.x86_64 conflicts bfa-firmware < 3.0.3.1
--> Finished Dependency Resolution
Error: kernel conflicts with bfa-firmware
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
2. 강제 진행
문제되는 부분을 skip 하고 진행. 그래도 안된다.
[root@Sample-local ~]# yum update kernel kernel-firmware bfa-firmware --skip-broken --disablerepo=* --enablerepo=updates
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* updates: centos.mirror.cdnetworks.com
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:2.6.32-358.6.2.el6 will be installed
---> Package kernel-firmware.noarch 0:2.6.32-220.el6 will be updated
---> Package kernel-firmware.noarch 0:2.6.32-358.6.2.el6 will be an update
--> Processing Conflict: kernel-2.6.32-358.6.2.el6.x86_64 conflicts bfa-firmware < 3.0.3.1
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel.x86_64 0:2.6.32-358.6.2.el6 will be installed
--> Finished Dependency Resolution
--> Running transaction check
---> Package kernel-firmware.noarch 0:2.6.32-220.el6 will be updated
---> Package kernel-firmware.noarch 0:2.6.32-358.6.2.el6 will be an update
--> Finished Dependency Resolution
Packages skipped because of dependency problems:
kernel-2.6.32-358.6.2.el6.x86_64 from updates
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Updating:
kernel-firmware noarch 2.6.32-358.6.2.el6 updates 11 M
Skipped (dependency problems):
kernel x86_64 2.6.32-358.6.2.el6 updates 26 M
Transaction Summary
=============================================================================================================================================================================================================================================
Upgrade 1 Package(s)
Total download size: 11 M
Is this ok [y/N]:
3. yum 메타데이터 지우고 진행
1) 메터데이터 비우기
[root@Sample-local ~]# yum clean metadata
Loaded plugins: fastestmirror, presto
Cleaning repos: base extras updates
9 metadata files removed
3 sqlite files removed
0 metadata files removed
2) 업데이트 진행
[root@Sample-local ~]# yum update kernel
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: centos.mirror.cdnetworks.com
* extras: centos.mirror.cdnetworks.com
* updates: centos.mirror.cdnetworks.com
base | 3.7 kB 00:00
base/primary_db | 4.4 MB 00:00
extras | 3.5 kB 00:00
extras/primary_db | 19 kB 00:00
updates | 3.5 kB 00:00
updates/primary_db | 2.5 MB 00:00
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:2.6.32-358.6.2.el6 will be installed
--> Processing Dependency: kernel-firmware >= 2.6.32-358.6.2.el6 for package: kernel-2.6.32-358.6.2.el6.x86_64
--> Running transaction check
---> Package kernel-firmware.noarch 0:2.6.32-220.el6 will be updated
---> Package kernel-firmware.noarch 0:2.6.32-358.6.2.el6 will be an update
--> Processing Conflict: kernel-2.6.32-358.6.2.el6.x86_64 conflicts bfa-firmware < 3.0.3.1
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package bfa-firmware.noarch 0:3.0.0.0-1.el6 will be updated
---> Package bfa-firmware.noarch 0:3.0.3.1-1.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
kernel x86_64 2.6.32-358.6.2.el6 updates 26 M
Updating:
bfa-firmware noarch 3.0.3.1-1.el6 base 723 k
Updating for dependencies:
kernel-firmware noarch 2.6.32-358.6.2.el6 updates 11 M
Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package(s)
Upgrade 2 Package(s)
Total download size: 38 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
updates/prestodelta | 420 kB 00:00
Processing delta metadata
Download delta size: 5.3 M
kernel-firmware-2.6.32-220.el6_2.6.32-358.6.2.el6.noarch.drpm | 5.3 MB 00:00
Finishing rebuild of rpms, from deltarpms
<delta rebuild> | 11 MB 00:04
Presto reduced the update size by 52% (from 11 M to 5.3 M).
Package(s) data still to download: 27 M
(1/2): bfa-firmware-3.0.3.1-1.el6.noarch.rpm | 723 kB 00:00
(2/2): kernel-2.6.32-358.6.2.el6.x86_64.rpm | 26 MB 00:02
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 10 MB/s | 27 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Updating : kernel-firmware-2.6.32-358.6.2.el6.noarch 1/5
Installing : kernel-2.6.32-358.6.2.el6.x86_64 2/5
Updating : bfa-firmware-3.0.3.1-1.el6.noarch 3/5
Cleanup : bfa-firmware-3.0.0.0-1.el6.noarch 4/5
Cleanup : kernel-firmware-2.6.32-220.el6.noarch 5/5
Installed:
kernel.x86_64 0:2.6.32-358.6.2.el6
Updated:
bfa-firmware.noarch 0:3.0.3.1-1.el6
Dependency Updated:
kernel-firmware.noarch 0:2.6.32-358.6.2.el6
Complete!