[CentOS] yum-plugin-security
Hi all, I have difficulties to understand the output of yum-plugin-security. I am on a X86_64 machine and when I query for security updates, yum lists i686 packages, that I don't have installed. # yum check-update --security Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk Limiting package lists to security relevant ones No packages needed for security; 34 packages available cyrus-sasl-devel.i686 2.1.23-15.el6_6.1 updates cyrus-sasl-lib.i6862.1.23-15.el6_6.1 updates device-mapper-multipath-libs.i686 0.4.9-80.el6_6.1 updates libXfont.i686 1.4.5-4.el6_6 updates nss-softokn.i686 3.14.3-18.el6_6 updates nss-softokn-freebl.i6863.14.3-18.el6_6 updates perl-libs.i686 4:5.10.1-136.el6_6.1 updates I would have expected, that it will list no packages, as it's statement is No packages needed for security When I run the query with no filtering on security relevant packages, it shows the X86_64 versions of the above listed packages. Do we have a problem of inconsistent data in the repo? Are only the i686 packages marked with security-update flag? # yum check-update Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk cyrus-sasl.x86_64 2.1.23-15.el6_6.1 updates cyrus-sasl-devel.x86_642.1.23-15.el6_6.1 updates cyrus-sasl-lib.x86_64 2.1.23-15.el6_6.1 updates .. device-mapper-multipath-libs.x86_640.4.9-80.el6_6.1 updates .. libXfont.x86_641.4.5-4.el6_6 updates .. nss-softokn.x86_64 3.14.3-18.el6_6 updates nss-softokn-freebl.x86_64 3.14.3-18.el6_6 updates .. perl-libs.x86_64 4:5.10.1-136.el6_6.1 updates Cheers and thanks for your explanation / instruction Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 117, Issue 13
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEBA-2014:1875 CentOS 6 device-mapper-multipath BugFix Update (Johnny Hughes) -- Message: 1 Date: Fri, 21 Nov 2014 19:11:41 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2014:1875 CentOS 6 device-mapper-multipath BugFix Update Message-ID: 20141121191141.ga63...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:1875 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1875.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ef3bcf6048d486915858d17be655b0d01fe0fdfaddf22138927bcf36848063b1 device-mapper-multipath-0.4.9-80.el6_6.1.i686.rpm 1fd13400aba65388aa17becc57aadd3f35ce1f5a8d7306173991cb2eeefd1782 device-mapper-multipath-libs-0.4.9-80.el6_6.1.i686.rpm bff4d661f1d81714151b307a7b8049c7591fd8744e34fd5b6b257e90f43b70fe kpartx-0.4.9-80.el6_6.1.i686.rpm x86_64: 1b9dfbefe69d7261167dc6fcf968caada46c64ddd470728a404e2df488d7dc66 device-mapper-multipath-0.4.9-80.el6_6.1.x86_64.rpm 1fd13400aba65388aa17becc57aadd3f35ce1f5a8d7306173991cb2eeefd1782 device-mapper-multipath-libs-0.4.9-80.el6_6.1.i686.rpm baf30b46571fa283f7e339879eb1dfb77972d4ad3e346ec3b85d8b72fa0bd48e device-mapper-multipath-libs-0.4.9-80.el6_6.1.x86_64.rpm 64d5c3f2c864e16c3cf9df04b40f3e44531270e0511f56ceffa80ecd0e1942cb kpartx-0.4.9-80.el6_6.1.x86_64.rpm Source: 5529089f6c9dd2083a5f87215290efcb37fe91fdd7f3cb64c83c188662eb7f09 device-mapper-multipath-0.4.9-80.el6_6.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 117, Issue 13 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html HTH -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: Gabriele Pohl g...@dipohl.de To: CentOS mailing list centos@centos.org Sent: Saturday, 22 November, 2014 11:49:19 Subject: [CentOS] yum-plugin-security Hi all, I have difficulties to understand the output of yum-plugin-security. I am on a X86_64 machine and when I query for security updates, yum lists i686 packages, that I don't have installed. # yum check-update --security Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk Limiting package lists to security relevant ones No packages needed for security; 34 packages available cyrus-sasl-devel.i686 2.1.23-15.el6_6.1 updates cyrus-sasl-lib.i6862.1.23-15.el6_6.1 updates device-mapper-multipath-libs.i686 0.4.9-80.el6_6.1 updates libXfont.i686 1.4.5-4.el6_6 updates nss-softokn.i686 3.14.3-18.el6_6 updates nss-softokn-freebl.i6863.14.3-18.el6_6 updates perl-libs.i686 4:5.10.1-136.el6_6.1 updates I would have expected, that it will list no packages, as it's statement is No packages needed for security When I run the query with no filtering on security relevant packages, it shows the X86_64 versions of the above listed packages. Do we have a problem of inconsistent data in the repo? Are only the i686 packages marked with security-update flag? # yum check-update Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk cyrus-sasl.x86_64 2.1.23-15.el6_6.1 updates cyrus-sasl-devel.x86_642.1.23-15.el6_6.1 updates cyrus-sasl-lib.x86_64 2.1.23-15.el6_6.1 updates .. device-mapper-multipath-libs.x86_640.4.9-80.el6_6.1 updates .. libXfont.x86_641.4.5-4.el6_6 updates .. nss-softokn.x86_64 3.14.3-18.el6_6 updates nss-softokn-freebl.x86_64 3.14.3-18.el6_6 updates .. perl-libs.x86_64 4:5.10.1-136.el6_6.1 updates Cheers and thanks for your explanation / instruction Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On 11/22/2014 05:49 AM, Gabriele Pohl wrote: Hi all, I have difficulties to understand the output of yum-plugin-security. I am on a X86_64 machine and when I query for security updates, yum lists i686 packages, that I don't have installed. # yum check-update --security Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk Limiting package lists to security relevant ones No packages needed for security; 34 packages available cyrus-sasl-devel.i686 2.1.23-15.el6_6.1 updates cyrus-sasl-lib.i6862.1.23-15.el6_6.1 updates device-mapper-multipath-libs.i686 0.4.9-80.el6_6.1 updates libXfont.i686 1.4.5-4.el6_6 updates nss-softokn.i686 3.14.3-18.el6_6 updates nss-softokn-freebl.i6863.14.3-18.el6_6 updates perl-libs.i686 4:5.10.1-136.el6_6.1 updates I would have expected, that it will list no packages, as it's statement is No packages needed for security When I run the query with no filtering on security relevant packages, it shows the X86_64 versions of the above listed packages. Do we have a problem of inconsistent data in the repo? Are only the i686 packages marked with security-update flag? # yum check-update Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel: mirrors.n-ix.net * extras: centos.mirror.sharkservers.co.uk * updates: centos.mirror.sharkservers.co.uk cyrus-sasl.x86_64 2.1.23-15.el6_6.1 updates cyrus-sasl-devel.x86_642.1.23-15.el6_6.1 updates cyrus-sasl-lib.x86_64 2.1.23-15.el6_6.1 updates .. device-mapper-multipath-libs.x86_640.4.9-80.el6_6.1 updates .. libXfont.x86_641.4.5-4.el6_6 updates .. nss-softokn.x86_64 3.14.3-18.el6_6 updates nss-softokn-freebl.x86_64 3.14.3-18.el6_6 updates .. perl-libs.x86_64 4:5.10.1-136.el6_6.1 updates CentOS only tests that things work when doing all updates ... it does not test any other grouping of packages. In reality that is also true for upstream support as well ... see the first line in any upstream update in the solutions section. Here is an example: https://rhn.redhat.com/errata/RHSA-2014-1870.html First line in Solution Section: Before applying this update, make sure all previously released errata relevant to your system have been applied. That does not say pick and choose errata or only install security errata. In reality, one should only NOT install an update if that update causes problems. That is any Errata update, not just security updates. The reason, all updates are built on a staged system. Any updates built today are built on / linked against the updates from yesterday. If you use a perl package (that is an example name, could be any package) built against today's update set on 6.3 .. it may or may not work at all, or work correctly. It also could possibly introduce security issues never tested for because that combination is unique to your install. I might work fine, it might be horrible. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 12:44:57 + (GMT) Nux! n...@li.nux.ro wrote: This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html HTH yes it helped thanks! Although the state of the thing itself is not very helpful :( My intention was to automatically get warned, when there are pending security updates. I therefore reworked the yum plugin of Munin [1] But as I see now, this will not work for CentOS as long as the data (a working updateinfo.xml) is not existent in the repos.. I will add a note in the Munin yum plugin to inform other CentOS users about this #fail. It would be good to add such a hint also in the CentOS package of the yum-plugin-security. Until now there is no info about the no-op nor in the man page neither under /usr/share/doc. Shall I create a bug report addressing the missing doc? Or will it get answered with won't fix as the fix would need to fork an own CentOS version of the plugin, so no longer simply copy the package from upstream (rh) # rpm -ql yum-plugin-security /etc/yum/pluginconf.d/security.conf /usr/lib/yum-plugins/security.py /usr/lib/yum-plugins/security.pyc /usr/lib/yum-plugins/security.pyo /usr/share/doc/yum-plugin-security-1.1.30 /usr/share/doc/yum-plugin-security-1.1.30/COPYING /usr/share/man/man8/yum-security.8.gz Cheers, Gabriele [1] https://github.com/munin-monitoring/munin/commits/devel/plugins/node.d.linux/yum.in ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 08:00:50 -0600 Johnny Hughes joh...@centos.org wrote: On 11/22/2014 05:49 AM, Gabriele Pohl wrote: I have difficulties to understand the output of yum-plugin-security. # yum check-update --security CentOS only tests that things work when doing all updates ... it does not test any other grouping of packages. when I install the updates I usually install all pending updates btw. As written in my other mail, the intention is to get triggered when security updates are pending. fyi and cheers, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 15:32:32 +0100 Gabriele Pohl wrote: As written in my other mail, the intention is to get triggered when security updates are pending. If you just want to be notified (or start a job, or whatever) then why not set up something to watch the centos-announce list, parse the subject lines for Security, and then do whatever you need to do after that. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, Nov 22, 2014 at 12:07:00PM -0600, Frank Cox wrote: If you just want to be notified (or start a job, or whatever) then why not set up something to watch the centos-announce list, parse the subject lines for Security, and then do whatever you need to do after that. You're actually going to want to look for 'CESA' which indicates a security update announcement. John -- One man's ways may be as good as another's, but we all like our own best. -- Jane Austen (16 December 1775 - 18 July 1817), English novelist, Persuasion (posthumous, 1818) pgppXE7Afo9L1.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 12:07:00 -0600 Frank Cox thea...@melvilletheatre.com wrote: On Sat, 22 Nov 2014 15:32:32 +0100 Gabriele Pohl wrote: As written in my other mail, the intention is to get triggered when security updates are pending. why not set up something to watch the centos-announce list, parse the subject lines for Security, and then do whatever you need to do after that. because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) As said in my earlier mail I use Munin for system monitoring and want the raven to croak when a node has pending security updates: http://gallery.munin-monitoring.org/distro/plugins/node.d.linux/yum.html But thanks for sharing your idea ~ Cheers, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 19:52:30 +0100 Gabriele Pohl wrote: because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) You still can do that without expending too much effort. One way would be to monitor centos-announce, parse the subject lines, copy the security update filenames to a text or database file. (sqlite is made for this kind of thing.) You can either keep a list on each machine or have a central data repository, whichever suits you best. Then all you need to do is have each machine run yum check-update on whatever timed basis you wish. Capture the list of pending updates, compare it against your database, and then do your thing. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 13:17:59 -0600 Frank Cox thea...@melvilletheatre.com wrote: On Sat, 22 Nov 2014 19:52:30 +0100 Gabriele Pohl wrote: because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) You still can do that without expending too much effort. Although the proposal you made is /possible/ to implement, I will not do it, because I think that this is the wrong way to solve the issue. One way would be to monitor centos-announce, parse the subject lines, copy the security update filenames to a text or database file. (sqlite is made for this kind of thing.) You can either keep a list on each machine or have a central data repository, whichever suits you best. Pardon me, but I think it is madness to maintain the info outside of yum. And your method is not suitable to use within Munin monitoring. And a Munin capable solution is what I am looking for with highest priority. Then all you need to do is have each machine run yum check-update on whatever timed basis you wish. Capture the list of pending updates, compare it against your database, and then do your thing. I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. All the best and thanks again, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, Nov 22, 2014 at 11:41:17PM +0100, Gabriele Pohl wrote: I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. It's not that simple. Please have a look at the list archives in the past couple months where this was addressed. The threads were either here or on the centos-devel mailing list. http://lists.centos.org/pipermail/centos http://lists.centos.org/pipermail/centos-devel If memory serves the primary factor that is holding this up is a space requirements issue; the threads can shed more light on it, however. John -- Which is more believable: In the beginning there was God, who created the universe, or in the beginning there was nothing, which exploded? -- nog pgpAGgEr4VswM.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
On Sat, 22 Nov 2014 17:10:40 -0600 John R. Dennison j...@gerdesas.com wrote: On Sat, Nov 22, 2014 at 11:41:17PM +0100, Gabriele Pohl wrote: I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. It's not that simple. Please have a look at the list archives in the past couple months where this was addressed. The threads were either here or on the centos-devel mailing list. thanks to Nux! who posted the following link in the first reply of this thread: Begin forwarded message: Date: Sat, 22 Nov 2014 12:44:57 + (GMT) From: Nux! n...@li.nux.ro To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] yum-plugin-security This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html I read this thread and also another, which is refered to therein: http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html If memory serves the primary factor that is holding this up is a space requirements issue; the threads can shed more light on it, however. To tell the truth, as a person who is not familiar with the internal structures and procedures of tree building and maintenance of the repositories, I don't really understand why it should be so difficult to handle a security-update flag for the update packages, but I have to believe the experts, who make statements on this topic. Here is what I picked up when reading the thread from devel list: 1. For a valid approach data for all packages over the complete history of the major version is needed. 2. At the time the data is only sent to the announce mailing list and it will need a big effort with also manual work to collect all the data back from there. 3. it would add significantly to the size required to mirror CentOS and require a redesign of how we do trees completely (we currently only push the latest tree for each live major version). (Johnny Hughes) 4. The developers fear that the yum-plugin-security functions may seduce people to only install the security relevant packages, which can cause problems. 5. The tools used by scientific linux repo maintainers, who support a security classification, are availabe under free software license. https://cdcvs.fnal.gov/redmine/projects/python-updateinfo My personal view is represented by the mails of Kevin Stange in this thread. And I still hope that the issue will be solved by integrating the security update flag into the CentOS repositories in the future. so far and thanks for your replies to all contributors in this thread, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum-plugin-security
We have an alert for CentOS packages with security updates, and I was curious how it works. Turns out that what it does is do a search engine search for [$package $version site:https://rhn.redhat.com/errata/] {yeah, doesn't even put $version in quotes!} And then fetches the top result looking for the string /Security Advisory/ We update all packages to tip whenever we update. This not-completely-accurate method turns the ordinary you have some updates, to the occasional you have security updates! zomg! Amusing. Keeps people awake. Anyway, if we did have such a tool, we should definitely build it such that the only thing it does is look at your current machine and say, you're not at tip, and some of your packages have security problems. update to tip. That would not increase the size of the tree nor encourage people to unsafely do partial updates. And it wouldn't require a huge historical analysis. -- greg On Sun, Nov 23, 2014 at 01:54:49AM +0100, Gabriele Pohl wrote: On Sat, 22 Nov 2014 17:10:40 -0600 John R. Dennison j...@gerdesas.com wrote: On Sat, Nov 22, 2014 at 11:41:17PM +0100, Gabriele Pohl wrote: I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. It's not that simple. Please have a look at the list archives in the past couple months where this was addressed. The threads were either here or on the centos-devel mailing list. thanks to Nux! who posted the following link in the first reply of this thread: Begin forwarded message: Date: Sat, 22 Nov 2014 12:44:57 + (GMT) From: Nux! n...@li.nux.ro To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] yum-plugin-security This plugin does not work on CentOS, at least not yet, there were previous discussions. e.g. http://centos-devel.1051824.n5.nabble.com/CentOS-devel-yum-plugin-security-and-shellshock-td5710031.html I read this thread and also another, which is refered to therein: http://lists.centos.org/pipermail/centos-devel/2014-September/011893.html If memory serves the primary factor that is holding this up is a space requirements issue; the threads can shed more light on it, however. To tell the truth, as a person who is not familiar with the internal structures and procedures of tree building and maintenance of the repositories, I don't really understand why it should be so difficult to handle a security-update flag for the update packages, but I have to believe the experts, who make statements on this topic. Here is what I picked up when reading the thread from devel list: 1. For a valid approach data for all packages over the complete history of the major version is needed. 2. At the time the data is only sent to the announce mailing list and it will need a big effort with also manual work to collect all the data back from there. 3. it would add significantly to the size required to mirror CentOS and require a redesign of how we do trees completely (we currently only push the latest tree for each live major version). (Johnny Hughes) 4. The developers fear that the yum-plugin-security functions may seduce people to only install the security relevant packages, which can cause problems. 5. The tools used by scientific linux repo maintainers, who support a security classification, are availabe under free software license. https://cdcvs.fnal.gov/redmine/projects/python-updateinfo My personal view is represented by the mails of Kevin Stange in this thread. And I still hope that the issue will be solved by integrating the security update flag into the CentOS repositories in the future. so far and thanks for your replies to all contributors in this thread, Gabriele ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 not installable using KVM-over-IP System
On Wed, Nov 19, 2014 at 9:51 PM, Dennis Jacobfeuerborn wrote: Hi, I just tried to install CentOS 7 using a Lantronix Spider KVM-over-IP System and its virtual media feature and to my surprise this did not work. The installation using the netinstall iso seems to work for a while (I see some dracut boot messages) but when the first stage of the boot is finished I get dropped into an emergency shell with the error message that /dev/root does not exist. I tried this on a Supermicro system and a gen-8 HP ProLiant Server both with the same result. Your iso must be corrupt. I've installed EL7 over iLo with no issues ... ~f ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos