Re: [CentOS] Supermicro CentOS 7 install failure
On 20/12/15 11:13 PM, dsav...@peaknet.net wrote: > My workhorse server is a SuperMicro with their H8DM8-2 motherboard. For > many years it ran CentOS 5.x and 6.x until the boot drive failed last > year. I installed a 1TB SSD as /dev/sda and planned to install CentOS 7 on > it, replacing CentOS 6.5 on the failed drive. Unfortunately every CentOS 7 > media I tried, either optical disk or USB thumb drive, breaks down just a > few seconds after selecting "Install..." > > The H8DM8-2 motherboard is based on the nVidia MPC55 Pro and NEC uPD720400 > chipsets. It has an on-board Adaptec AIC-7902W dual-channel SCSI > controller and companion Zero-Channel RAID card. It has twin AMD Opteron > HE processors and 32GB of registered ECC DDR2 memory. The RAID array is > populated with ten Fujitsu 300GB 15K SCSI3 drives. > > I took it into a friendly Linux shop where they reviewed / verified all of > my work and confirmed the boot-time problem. Two hours into the effort, my > friend plugged in a bootable Windows 10 thumb drive and to our amazement, > it came up very normally. So did another thumb drive with a Fedora 23 > installation image. So there's nothing wrong with my hardware. > > We believe the problem is due to Red Hat compiling RHEL7 without at least > one old device driver that I still need. My friend thinks we should build > an installation disk from a modified CentOS 7 live CD kickstart file and a > CentOS-Plus kernel. While that may work, I think there may be a simpler > boot-time kernel option I could use to successfully install from a stock > ISO. > > Does anyone have any suggestions for boot-time options I could try? Try 'nomodeset'. It might not be detecting the video card properly. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Supermicro CentOS 7 install failure
My workhorse server is a SuperMicro with their H8DM8-2 motherboard. For many years it ran CentOS 5.x and 6.x until the boot drive failed last year. I installed a 1TB SSD as /dev/sda and planned to install CentOS 7 on it, replacing CentOS 6.5 on the failed drive. Unfortunately every CentOS 7 media I tried, either optical disk or USB thumb drive, breaks down just a few seconds after selecting "Install..." The H8DM8-2 motherboard is based on the nVidia MPC55 Pro and NEC uPD720400 chipsets. It has an on-board Adaptec AIC-7902W dual-channel SCSI controller and companion Zero-Channel RAID card. It has twin AMD Opteron HE processors and 32GB of registered ECC DDR2 memory. The RAID array is populated with ten Fujitsu 300GB 15K SCSI3 drives. I took it into a friendly Linux shop where they reviewed / verified all of my work and confirmed the boot-time problem. Two hours into the effort, my friend plugged in a bootable Windows 10 thumb drive and to our amazement, it came up very normally. So did another thumb drive with a Fedora 23 installation image. So there's nothing wrong with my hardware. We believe the problem is due to Red Hat compiling RHEL7 without at least one old device driver that I still need. My friend thinks we should build an installation disk from a modified CentOS 7 live CD kickstart file and a CentOS-Plus kernel. While that may work, I think there may be a simpler boot-time kernel option I could use to successfully install from a stock ISO. Does anyone have any suggestions for boot-time options I could try? --Doc Savage Fairview Heights, IL ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 02:28 PM, Gordon Messmer wrote: On 12/20/2015 10:10 AM, Alice Wonder wrote: Yes, but I've run into instance where curl does not work for https - for example I believe if ECDSA TLS certificate is being used on the server, curl doesn't work. Not sure about wget. Why do you think the solution is to make yum behave well when there's malicious data in /etc, rather than updating rpm/curl to properly support https so that it doesn't get there? ___ It's a validation step. Even with https - fraudulently signed certificates are still a problem, as well as the issue of there not being any RFC stating what certificate authorities must be trusted. So if a server serves an RPM over https - it has to be with a certificate signed by an authority trusted by client. There's no way to guarantee that. DNSSEC validation doesn't have that issue. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 01:28 PM, Always Learning wrote: On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote: RPM has ability to install a package over the network. rpm -i ftp://example.org/foo-2.2.noarch.rpm Thanks for the new knowledge. The point I'm trying to make though is that yum could benefit from the ability to verify the fingerprint in a key it is importing matches a DNS query for the user and domain the key claims to be for. Regardless of how the package was retrieved, this could prevent dishonest trojan keys from being imported, especially if DNSSEC validated the DNS query. How widespread is the problem of unknowingly importing compromised software ? -- For me, I prefer to be pro-active rather than reactive. DNSSEC gives us a some validation options we did not formerly have, I like to use it where it takes away potential vectors whether they currently are popular attack vectors or not. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] does centos have this grub2 issue?
On Thu, Dec 17, 2015 at 1:41 PM, Wes James wrote: > > > On Dec 17, 2015, at 11:29 AM, Mike - st257 > wrote: > > > > On Thu, Dec 17, 2015 at 1:19 PM, Wes James wrote: > > > >> I saw this today: > >> > >> > >> > http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux > >> > >> I installed a grub2 update in 7.2 yesterday. Did the update fix this? > >> > > > > From the changelog, I'd say yes. > > > > ~]# yum changelog 1 grub2 > > <...snipped..> > > > > Listing 1 changelog > > > > Installed Packages > > 1:grub2-2.02-0.33.el7.centos.1.x86_64installed > > * Wed Dec 16 07:00:00 2015 Karanbir Singh > > 2.02-0.33.el7.centos.1 > > - Add patch to fix grub password path ( hughesjr ) > > > > changelog stats. 1 pkg, 1 source pkg, 1 changelog > > > > > OK. Thanks. I’ll use that command next time to check. > Be sure to install yum-plugin-changelog (it's in the base repo) first. > > -wes > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 12:44 PM, Alice Wonder wrote: The point I'm trying to make though is that yum could benefit from the ability to verify the fingerprint in a key it is importing matches a DNS query for the user and domain the key claims to be for. I think we understand your point. The solution that you're proposing guards the system against compromise from data that's already in /etc. In my mind, that's too late. An attacker that can put data in /etc can overcome any protections you put in place. I agree with you that packages should never be installed by rpm over http/ftp, because there's no signature verification in that case. But yum isn't involved in that, so I can't see a rational case for modifying yum to protect the system after you install an untrusted rpm. It sounds like you're trying to close the barn door after the horses have already left. In any case, development of yum has ended. It's been replaced by dnf. And this is the wrong place to discuss improvements to either. CentOS is a rebuild of Red Hat and nothing more. Improvements need to happen further upstream. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 10:10 AM, Alice Wonder wrote: Yes, but I've run into instance where curl does not work for https - for example I believe if ECDSA TLS certificate is being used on the server, curl doesn't work. Not sure about wget. Why do you think the solution is to make yum behave well when there's malicious data in /etc, rather than updating rpm/curl to properly support https so that it doesn't get there? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Power Management
> Date: Sunday, December 20, 2015 22:15:49 + > From: Nux! >> From: "Chris Olson" >> Sent: Sunday, 20 December, 2015 21:05:53 > >> Recent power management discussions plugged into one of our >> current frustrations, namely the interaction of the screen >> lock and power-save features on Intel/CentOS 6 platforms. >> We certainly would not have guessed that locking the screen >> would inhibit going into the power-save mode, but it sure >> seems to do exactly that on some of our test platforms. >> >> If one leaves the desktop idle for the timeout period, the >> computer sleeps. If one locks the screen and then leaves >> the machine idle, the computer does not sleep. We were >> hoping that this "feature" was isolated to just our older >> Dell desktop machine hardware and firmware, but it appears >> elsewhere as well. >> >> Possibly more interesting is that most of our systems were >> loaded with CentOS 6.X almost two years ago and have been >> updated at least weekly ever since. This new power-save >> scenario has appeared just within the last three weeks,and our >> investigations have not discovered the cause ora solution. > I assume you have double-checked Gnome's power management > preferences and they are what you'd expect, right? Power management is controlled by the window manager (which you didn't indicate). So, assuming gnome, you should look for recent updates to "gnome-power-manager" - check your yum.log for updates in the timeframe where this issue started. Make certain that you have the most recent (2.28.3-7.el6_4) installed. You might try a "yum downgrade" on that package to see if that fixes things. [I currently only have servers on centos-6, so no power managers, so can't look at things easily.] For the record, on centos-7 -- both mate and gnome -- the power manager acts as expected (shutting down/suspending) the machine on the idle timer when the screen is locked. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Power Management
I assume you have double-checked Gnome's power management preferences and they are what you'd expect, right? -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Chris Olson" > To: "CentOS Mailing List" > Sent: Sunday, 20 December, 2015 21:05:53 > Subject: [CentOS] Power Management > Recent power management discussions plugged into one of our > current frustrations, namely the interaction of the screen > lock and power-save features on Intel/CentOS 6 platforms. > We certainly would not have guessed that locking the screen > would inhibit going into the power-save mode, but it sure > seems to do exactly that on some of our test platforms. > > If one leaves the desktop idle for the timeout period, the > computer sleeps. If one locks the screen and then leaves > the machine idle, the computer does not sleep. We were > hoping that this "feature" was isolated to just our older > Dell desktop machine hardware and firmware, but it appears > elsewhere as well. > > Possibly more interesting is that most of our systems were > loaded with CentOS 6.X almost two years ago and have been > updated at least weekly ever since. This new power-save > scenario has appeared just within the last three weeks,and our investigations > have not discovered the cause ora solution. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote: > RPM has ability to install a package over the network. > > rpm -i ftp://example.org/foo-2.2.noarch.rpm Thanks for the new knowledge. > The point I'm trying to make though is that yum could benefit from > the ability to verify the fingerprint in a key it is importing > matches a DNS query for the user and domain the key claims to be for. > > Regardless of how the package was retrieved, this could prevent > dishonest trojan keys from being imported, especially if DNSSEC > validated the DNS query. How widespread is the problem of unknowingly importing compromised software ? -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Power Management
Recent power management discussions plugged into one of our current frustrations, namely the interaction of the screen lock and power-save features on Intel/CentOS 6 platforms. We certainly would not have guessed that locking the screen would inhibit going into the power-save mode, but it sure seems to do exactly that on some of our test platforms. If one leaves the desktop idle for the timeout period, the computer sleeps. If one locks the screen and then leaves the machine idle, the computer does not sleep. We were hoping that this "feature" was isolated to just our older Dell desktop machine hardware and firmware, but it appears elsewhere as well. Possibly more interesting is that most of our systems were loaded with CentOS 6.X almost two years ago and have been updated at least weekly ever since. This new power-save scenario has appeared just within the last three weeks,and our investigations have not discovered the cause ora solution. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /bin/nmcli and connection names
On 21 December 2015 at 03:37, Eugene Vilensky wrote: > On Wed, Dec 16, 2015 at 4:47 PM, Earl A Ramirez > wrote: > > > I don't see 'System' in any of the CentOS 7.2.1511 boxes or VMs that were > > recently upgraded: > > > > Hi Earl, > > Have you tried a new install? I agree, upgraded installations do not seem > to be affected. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Hi Eugene, I just did a clean install and I don't see 'System' under the name: $ cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) $ yum history list Loaded plugins: fastestmirror ID | Login user | Date and time| Action(s) | Altered --- 1 | System| 2015-12-20 15:17 | Install| 297 $ nmcli con NAME UUID TYPE DEVICE Team connection 1 c179d7da-8f12-4a80-8ce8-1621ba108d8b team team0 team0 slave 2 449506ad-bdc5-49ec-8bb9-5f31a9dbe4e7 802-3-ethernet ens8 team0 slave 1 25d843c0-8835-442e-a126-226dcfa89fe5 802-3-ethernet eth0 eth0 73bda044-f940-40d0-a871-8cf388f65695 802-3-ethernet -- -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 12:16 PM, John R Pierce wrote: On 12/20/2015 4:26 AM, Ned Slider wrote: Unless I'm mistaken RPM in el5 does not support the https protocol. did you mean Yum ? rpm is just a file format for packages, and a package installer program, its yum that does the network operations to fetch the packages, and as far as I understand it uses libcurl, so it should be able to support https RPM has ability to install a package over the network. rpm -i ftp://example.org/foo-2.2.noarch.rpm could be used to install that package, which may contain the key and yum configuration for a third party package. The point I'm trying to make though is that yum could benefit from the ability to verify the fingerprint in a key it is importing matches a DNS query for the user and domain the key claims to be for. Regardless of how the package was retrieved, this could prevent dishonest trojan keys from being imported, especially if DNSSEC validated the DNS query. -- -=- Sent my from my laptop, may not be able to respond timely ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 4:26 AM, Ned Slider wrote: Unless I'm mistaken RPM in el5 does not support the https protocol. did you mean Yum ? rpm is just a file format for packages, and a package installer program, its yum that does the network operations to fetch the packages, and as far as I understand it uses libcurl, so it should be able to support https -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical problem with power management CentOS 7.2
On 12/20/2015 11:05 AM, Fred Smith wrote: On Sun, Dec 20, 2015 at 04:23:07PM +, Richard wrote: Date: Sunday, December 20, 2015 07:52:25 -0800 From: Alice Wonder Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is too demanding on video capabilities for this hardware) Under CentOS 7.1 - the laptop would sleep when I closed the lid. It no longer does. I can tell because the laptop remains warm when I close the lid now, mail filters in Thunderbird run when the lid is closed, and it doesn't need to re-establish wifi when opening. This is dangerous because thinkpads cool through the keyboard. The battery usage monitor also no longer works. It shows 99% battery even as the laptop starts giving its warning beep that the battery is exhausted and it is about to shut down. Anyone know what broke with the update to 7.2 and how to fix it? No 3rd party kernel modules are involved. Do you have the latest mate power manager (mate-power-manager-1.10.2-3) installed? There was a discussion of this issue on the list about 10 days ago, when that was still in epel-testing, but it now appears to in their production repo. Installing it seemed to have resolved the issue for the OP. With Yes, that woulda been me. and yes it solved the problem on my netbook. that installed my laptop suspends on lid-close. The update seems to have resolved all my issues as well. -- -=- Sent my from my laptop, may not be able to respond timely ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical problem with power management CentOS 7.2
On Sun, Dec 20, 2015 at 04:23:07PM +, Richard wrote: > > > > Date: Sunday, December 20, 2015 07:52:25 -0800 > > From: Alice Wonder > > > > Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is > > too demanding on video capabilities for this hardware) > > > > Under CentOS 7.1 - the laptop would sleep when I closed the lid. > > > > It no longer does. I can tell because the laptop remains warm when > > I close the lid now, mail filters in Thunderbird run when the lid > > is closed, and it doesn't need to re-establish wifi when opening. > > > > This is dangerous because thinkpads cool through the keyboard. > > > > The battery usage monitor also no longer works. It shows 99% > > battery even as the laptop starts giving its warning beep that the > > battery is exhausted and it is about to shut down. > > > > Anyone know what broke with the update to 7.2 and how to fix it? > > > > No 3rd party kernel modules are involved. > > Do you have the latest mate power manager > (mate-power-manager-1.10.2-3) installed? There was a discussion of > this issue on the list about 10 days ago, when that was still in > epel-testing, but it now appears to in their production repo. > Installing it seemed to have resolved the issue for the OP. With Yes, that woulda been me. and yes it solved the problem on my netbook. > that installed my laptop suspends on lid-close. -- Fred Smith -- fre...@fcshome.stoneham.ma.us Do you not know? Have you not heard? The LORD is the everlasting God, the Creator of the ends of the earth. He will not grow tired or weary, and his understanding no one can fathom. - Isaiah 40:28 (niv) - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /bin/nmcli and connection names
On Wed, Dec 16, 2015 at 4:47 PM, Earl A Ramirez wrote: > I don't see 'System' in any of the CentOS 7.2.1511 boxes or VMs that were > recently upgraded: > Hi Earl, Have you tried a new install? I agree, upgraded installations do not seem to be affected. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 10:05 AM, Gordon Messmer wrote: On 12/20/2015 04:26 AM, Ned Slider wrote: Unless I'm mistaken RPM in el5 does not support the https protocol. In that case, users should use curl or wget to retrieve the rpm over https before installing it. Yes, but I've run into instance where curl does not work for https - for example I believe if ECDSA TLS certificate is being used on the server, curl doesn't work. Not sure about wget. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/20/2015 04:26 AM, Ned Slider wrote: Unless I'm mistaken RPM in el5 does not support the https protocol. In that case, users should use curl or wget to retrieve the rpm over https before installing it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical problem with power management CentOS 7.2
On 12/20/2015 08:44 AM, Alice Wonder wrote: On 12/20/2015 08:23 AM, Richard wrote: Do you have the latest mate power manager (mate-power-manager-1.10.2-3) installed? There was a discussion of this issue on the list about 10 days ago, when that was still in epel-testing, but it now appears to in their production repo. Installing it seemed to have resolved the issue for the OP. With that installed my laptop suspends on lid-close. I was at 1.10.2-2 Updating now. Weird because I ran yum-update before I left for holidays, guess the repo it used from the mirror-list wasn't freshest. I'll see what happens. It is sleeping now. Once the battery is fully charged, I'll unplug and see if battery status updates as it is used. Thank you. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical problem with power management CentOS 7.2
On 12/20/2015 08:23 AM, Richard wrote: Do you have the latest mate power manager (mate-power-manager-1.10.2-3) installed? There was a discussion of this issue on the list about 10 days ago, when that was still in epel-testing, but it now appears to in their production repo. Installing it seemed to have resolved the issue for the OP. With that installed my laptop suspends on lid-close. I was at 1.10.2-2 Updating now. Weird because I ran yum-update before I left for holidays, guess the repo it used from the mirror-list wasn't freshest. I'll see what happens. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fail2ban problem new installation
On Sat, 19 Dec 2015, Günther J. Niederwimmer wrote: Hello, I have a big problem with fail2ban and firewalld on my new system. I have a server running (CentOS 7.1) and run a Update to 7.2 on this system all is working ? BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't work anymore. I have this error or more, in the firewalld 2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban- sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables v1.4.21: Set fail2ban-sshd doesn't exist. Things to check: * the output of "ipset -l -n" to see if you have any ip sets defined * that the fail2ban-firewalld rpm is installed * that firewalld.service and fail2ban.service are both enabled and running -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Critical problem with power management CentOS 7.2
> Date: Sunday, December 20, 2015 07:52:25 -0800 > From: Alice Wonder > > Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is > too demanding on video capabilities for this hardware) > > Under CentOS 7.1 - the laptop would sleep when I closed the lid. > > It no longer does. I can tell because the laptop remains warm when > I close the lid now, mail filters in Thunderbird run when the lid > is closed, and it doesn't need to re-establish wifi when opening. > > This is dangerous because thinkpads cool through the keyboard. > > The battery usage monitor also no longer works. It shows 99% > battery even as the laptop starts giving its warning beep that the > battery is exhausted and it is about to shut down. > > Anyone know what broke with the update to 7.2 and how to fix it? > > No 3rd party kernel modules are involved. Do you have the latest mate power manager (mate-power-manager-1.10.2-3) installed? There was a discussion of this issue on the list about 10 days ago, when that was still in epel-testing, but it now appears to in their production repo. Installing it seemed to have resolved the issue for the OP. With that installed my laptop suspends on lid-close. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP create home directories
On 20/12/2015 12:05 AM, Tim Dunphy wrote: Check /var/log/secure for why the directory is not able to be created. Might be selinux, is that enabled? (sestatus) Good catch! It was indeed SELinux preventing the directory from being created. Disabling it allows that to happen. For instance I just created a new test user in LDAP: #ssh odun...@ops2.example.com odun...@ops2.example.com's password: Creating directory '/home/odunphy'. Hello, in RHEL/CentOS7 you need oddjob-mkhomedir - check this https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_Authentication.html#idp27104864 Regards, ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Critical problem with power management CentOS 7.2
Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is too demanding on video capabilities for this hardware) Under CentOS 7.1 - the laptop would sleep when I closed the lid. It no longer does. I can tell because the laptop remains warm when I close the lid now, mail filters in Thunderbird run when the lid is closed, and it doesn't need to re-establish wifi when opening. This is dangerous because thinkpads cool through the keyboard. The battery usage monitor also no longer works. It shows 99% battery even as the laptop starts giving its warning beep that the battery is exhausted and it is about to shut down. Anyone know what broke with the update to 7.2 and how to fix it? No 3rd party kernel modules are involved. -- -=- Sent my from my laptop, may not be able to respond timely ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] playing DVDs on C7
On 12/19/2015 06:01 PM, Fred Smith wrote: On Fri, Dec 18, 2015 at 12:29:05PM -0500, Fred Smith wrote: On Fri, Dec 18, 2015 at 09:32:53AM -0500, Lamar Owen wrote: On 12/17/2015 08:33 PM, Fred Smith wrote: Hi all! I'm trying to finish setting up my newly upgraded C7 system. It's on the same hardware I ran C6 on for several years. on C6 I had no trouble playing DVDs (after installing tons of packages and libdvdcss). I have found that whether VLC will play a DVD is somewhat dependent on the DVD. I have played DVD's through VLC successfully on my CentOS 7 system using the nux package stack, incidentally, but there are several DVD's in my collection that will not play with the VLC in nux dextop. But I also purchased (the very first version a number of years ago) and keep support updated for the Fluendo OnePlay DVD player (fully legal, licensed, DVD playback) and it both works perfectly on CentOS 7 and plays those titles that VLC has trouble with (like the DVD copy included in the Bluray edition of Titanic). I don't play a LOT of DVDs, but on, e.g., C6 on the same hardware I don't recall ever having onefail to play with VLC. In looking at the source package for libdvdcss, last night, I see there are 3 different ways of cracking the encryption that it supports. The default one is to try to crack each file's encryption, with the down-side that it may fail entirely. there is also an option to crack the DISC's key which can then be used to decrypt each file. from the description it sounds as if the disc option might be better even though it isn't the default. If all else fails I will try hacking around with that option. OK, I haven't gotten very far, but there is one interesting observation: vlc plays my homemade NON-encrypted DVDs just fine (except for the DVD menus, on which for some reason it errors). This kinda hints that VLC is not finding/opening libdvdcss even though I'm using the one from the nux repos, same as the source of the VLC RPM I have. One would think that nux's VLC would work with nux's libdvdcss, but this evidence makes me wonder... If nux is here, or if anyone here uses nux's vlc and libdvdcss with SUCCESS, I'd appreciate hearing from them. Fred PS: I'm not having any luck compiling libdvdcss from source... using rpmbuild to create a RPM I keep getting errors about "unpackaged files found", and can't figure out why or how to solve it (yes I've googled for solutions). Try this src.rpm http://awel.domblogger.net/7/media/src/repoview/libdvdcss.html That builds for me on EL7 in mock -- -=- Sent my from my laptop, may not be able to respond timely ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 20/12/15 10:28, Gordon Messmer wrote: > On 12/19/2015 09:49 AM, Alice Wonder wrote: >> >> With third party repositories the key and configuration file is often >> distributed separately. That's the potential attack vector for trojan >> keys. > > Examples? > > All of the notable repositories that I'm aware of publish an > x-release.rpm that installs their key and yum repo file. But if your > concern is that users might manually install a repo file and public key, > then I don't see how modifying yum would change that. The attacker would > probably include a key that contains an address they control and > validates properly against it. > > In other words, I think the solution to the problem is simply to make > sure that the repositories publish their "release" rpm over https and > that documentation reflects the secure URL. I notice now that EPEL > links directly to the https URL for their release rpm, but their FAQ > still provides a command-line example for installation using an http URL. > > The FAQ should be updated. That method is a potential security problem > because it doesn't use https and doesn't check the package signature. > But the solution is simply to replace http with https in the FAQ. yum > isn't used to install the release package, and I think the solution is > to make sure that malicious release packages don't get installed, not to > try to behave well on a system where an attacker already installed > malicious data. > Unless I'm mistaken RPM in el5 does not support the https protocol. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/RPM and Trust on First Use
On 12/19/2015 09:49 AM, Alice Wonder wrote: With third party repositories the key and configuration file is often distributed separately. That's the potential attack vector for trojan keys. Examples? All of the notable repositories that I'm aware of publish an x-release.rpm that installs their key and yum repo file. But if your concern is that users might manually install a repo file and public key, then I don't see how modifying yum would change that. The attacker would probably include a key that contains an address they control and validates properly against it. In other words, I think the solution to the problem is simply to make sure that the repositories publish their "release" rpm over https and that documentation reflects the secure URL. I notice now that EPEL links directly to the https URL for their release rpm, but their FAQ still provides a command-line example for installation using an http URL. The FAQ should be updated. That method is a potential security problem because it doesn't use https and doesn't check the package signature. But the solution is simply to replace http with https in the FAQ. yum isn't used to install the release package, and I think the solution is to make sure that malicious release packages don't get installed, not to try to behave well on a system where an attacker already installed malicious data. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
