Patched kernel with official vermagic and kmod installation

Hi,

I would like to create a custom build, but retain the ability to install kmod packages from the official repository.

On most custom builds installing kmods fails with an error like this:


Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-sched-ctinfo:
 * 	kernel (= 5.10.x-XXXXXXXXXX) * 
 * opkg_install_cmd: Cannot install package  kmod-sched-ctinfo.

This is because OpenWRT has a system called “vermagic” that ensures you can only install kmod packages with the same settings as the build config settings of the kernel you are running.

But OpenWRT publishes the build settings for all official builds. So it’s possible to download them and build a custom image with exactly the same kernel build settings.

This results in a custom image that has the same vermagic as the official image, which makes it possible to install kmod packages from the official opkg repository.

And since the vermagic hash is calculated only based on the kernel build config, it’s possible to also apply additional patches to the kernel and still get a custom image that has the same vermagic and allows kmod installs.

My question is… Can a patched kernel with an official vermagic value create issues or instabilities when you use kernel module packages from the official repo?

What I mean is… just because it’s possible to do something, it doesn’t necessarily mean that it’s a good idea.

I want to understand what exactly is the vermagic system trying to achieve and protect the user from?

Is it…

A) Only ensuring that the build settings of kmods and the kernel match, because them not matching can cause problems. But the underlying code or deftrees of the kernel are not important.

Or…

B) Ensure that the kmods are used with EXACTLY the same kernel they were built with.

In that case the vermagic system does not fully protect against this and is easily circumvented, because it only hashes the build settings, but not the actual kernel code.

Thank you in advance for your help!

tl;dr: don't do it.

The vermagic is not arbitrary set to annoy you, it's a very intentional dependency set to prevent installing modules expecting a different kernel ABI, which would crash the kernel while loading or later during normal operations.

If you can build your own kernel, just include all kernel modules you might need in the predictable future (at least as runtime installable packages). There won't even be much of a build time impact, as the 'reasonable' set of additional kernel modules isn't that large - and the more you disable, the more likely you will get hard ABI changes anyways.

3 Likes

Exactly, I tested it today too. it's not worth it. Some kmods are fine and others crash the system.

1 Like

Thank you, @slh. I have abandoned the idea.

Fortunately, @anaelorlinski came up with a fantastic solution: Build all kmods with custom firmware and bundle them into a local package feed.

You can see how he did it in this commit:

So far it is working very well for me and perhaps this could be a solution for you too @Ricrdsson.

It's using "only" 14mb in storage space. For my router use-case it's fine.

An alternative, for routers that have very little storage, would be to upload the feed to some webserver.