Opkg allows installing too new kernel modules when an update is pending

Aargh, got caught again by this… It always takes me some while until I figure out what’s rotten here.

I was just playing with some config of the router, figured out I need to install a kernel module, so opkg update && opkg install kmod-... && reboot. And nothing. WAN connection broken, many services spitting swear words in the logs… Schnapps saved me and allowed me to go back to working state, so thanks for it :wink:

And what was the culprit, you ask? There was an updated kernel pushed to the packages lists while I was playing (probably the fix of SADDNS). But my updater didn’t even have time to figure that out. So my system got kernel 4.14.202-1, but after running the opkg update and install, the newly installed module was for kernel 4.14.206-1. And therefore the problems after reboot.

This might seem like a corner case, but another case when it could happen is if I have update approvals on and don’t yet want to approve an update, but I want to install a kernel package in the meantime. The same would happen.

Would it be possible to e.g. create a versioned kernel metapackage and have all modules depend on it and reject working with any other version (or at least with older versions, which would cover both mentioned cases). Or print a big bold warning that you’re about to install a package compiled for a different kernel version?