Re: [CentOS] Reduce existing CentOS 7 installation to "Minimal install" - services?
On Wed, May 11, 2016 at 2:49 PM, Fred Smith wrote: > > not that I'm wanting to strip down my C7, I'm wondering how that > works if one has installed the Mate desktop from epel ? > You can try it with a VBox VM and share your experience just the way Nicolas has done. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Official Docker images and security updates
Hello, It seems the official Docker images are missing some important security updates [1][2]. Does anyone have any insight in how these packages get built and when? Their Dockerfile seems to come from here: https://github.com/docker-library/official-images/blob/master/library/centos (commit for "latest" says "update CentOS-7 - 20160331 - monthly build"). In the official Docker documentation [2] they suggest not running `apt-get upgrade` which I understood as don't run `yum -y upgrade` for CentOS. Any advice on whether it's best practice to always update packages or not? Thank you, Giovanni 1 - http://pastie.org/pastes/10833370/text 2 - https://blog.docker.com/2016/05/docker-security-scanning/ 3 - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reduce existing CentOS 7 installation to "Minimal install" - services?
On Wed, May 11, 2016 at 09:08:03PM +0200, Nicolas Kovacs wrote: > Le 06/05/2016 18:31, Johnny Hughes a écrit : > > There actually are a couple more things than core in a minimal install > > .. here is the current minimal list: > > > > https://git.centos.org/blob/sig-core!comps.git/220ef7b59c95531d3752d4074ce673aa09792c67/c7-minimal-x86_64-RPMS.lst > > > > some of those might not get installed every time (ie, disk encrypt may > > not be on non-encrypted drives, etc.) > > > > But it is a good starting point. > > After some more fiddling, my problem is solved. Here's my little script: > > https://github.com/kikinovak/centos/blob/master/7.x/scripts/00-elaguer-paquets.sh > > Any existing CentOS installation (GNOME, KDE, Web Server, etc.) can be > stripped down to a minimal install by simply running it. I've tried this > with different scenarios, and it works perfectly. > > Thank you everybody for your input. > > Niki not that I'm wanting to strip down my C7, I'm wondering how that works if one has installed the Mate desktop from epel ? -- Fred Smith -- fre...@fcshome.stoneham.ma.us - God made him who had no sin to be sin for us, so that in him we might become the righteousness of God." --- Corinthians 5:21 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
Johnny Hughes wrote: > On 05/11/2016 11:44 AM, Patrick Rael wrote: >> On 05/11/2016 09:45 AM, Steve Snyder wrote: >>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" >>> said: Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! >>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless >>> CentOS does a special back-port we'll have to wait for CentOS v6.8 to >>> get the OpenSSL update. >> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) >> I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. >> I thought security updates would be available on 6.7 for many more >> years. > > Because Red Hat built that against 6.8 and not 6.7, I have to do the same. > > I expect that the CR rpms for os/ and that openssl update will be > released in the next 2-3 days. > > Thanks, No, thank *you*, Johnny, for all the work you do... and, as I've offered before, if we're ever in the same metro area, I'd be happy to buy you a drink for it all. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On 05/11/2016 11:44 AM, Patrick Rael wrote: > On 05/11/2016 09:45 AM, Steve Snyder wrote: >> >> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" >> said: >> >>> Hi, >>> Is there an ETA on the openssl security update >>> (CVE-2016-0799) for >>> CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly >>> awaiting >>> the same for 6.7. >>> >>> Thanks! >> Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless >> CentOS does a special back-port we'll have to wait for CentOS v6.8 to >> get the OpenSSL update. > Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) > I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. > I thought security updates would be available on 6.7 for many more years. > Because Red Hat built that against 6.8 and not 6.7, I have to do the same. I expect that the CR rpms for os/ and that openssl update will be released in the next 2-3 days. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reduce existing CentOS 7 installation to "Minimal install" - services?
Le 06/05/2016 18:31, Johnny Hughes a écrit : > There actually are a couple more things than core in a minimal install > .. here is the current minimal list: > > https://git.centos.org/blob/sig-core!comps.git/220ef7b59c95531d3752d4074ce673aa09792c67/c7-minimal-x86_64-RPMS.lst > > some of those might not get installed every time (ie, disk encrypt may > not be on non-encrypted drives, etc.) > > But it is a good starting point. After some more fiddling, my problem is solved. Here's my little script: https://github.com/kikinovak/centos/blob/master/7.x/scripts/00-elaguer-paquets.sh Any existing CentOS installation (GNOME, KDE, Web Server, etc.) can be stripped down to a minimal install by simply running it. I've tried this with different scenarios, and it works perfectly. Thank you everybody for your input. Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On 05/11/2016 11:24 AM, m.r...@5-cent.us wrote: Patrick Rael wrote: On 05/11/2016 09:45 AM, Steve Snyder wrote: On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years. Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again. At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks. PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?! Give them some bloody time, children. It's a job of work, as the old saying goes. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Thanks! You developers do a mountain of work, it's really appreciated greatly! -->Pat -- -- Patrick Rael Contractor, Lumeta Corporation Network Situational Awareness Phone: 703-298-3276 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
> Date: Wednesday, May 11, 2016 13:24:43 -0400 > From: m.r...@5-cent.us > > Patrick Rael wrote: >> On 05/11/2016 09:45 AM, Steve Snyder wrote: >>> >>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" >>> said: >>> Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. >>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday. >>> Unless CentOS does a special back-port we'll have to wait for >>> CentOS v6.8 to get the OpenSSL update. > >> Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) >> I just need to predict when CVE-2016-0799 will be fixed for CentOS >> 6.7. I thought security updates would be available on 6.7 for many >> more years. >> > Please - it was *just* released, and the build team is presumably > already on it. Hopefully, upstream hasn't screwed with their build > environment again. > > At any rate, when upstream did, it took our build team about a > month to get builds working again; if they haven't, then I'd hope > for a few weeks. > > PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts > a day arguing over whether the build team is lazy, or 75% of them > "ANYTHING NEW?! HOW SOON?! > > Give them some bloody time, children. It's a job of work, as the old > saying goes. > Security updates will be available for rhel/centos 6 for many years (november 2020 I believe). 6.7 is simply a point-in-time snapshot which is not explicitly supported once the next point release has come out. > I thought security updates would be available > on 6.7 for many more years. When there are cusp security issues like this the security update sometimes comes out ahead of the rest of the new point release via the fasttrack or CR repositories. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
Patrick Rael wrote: > On 05/11/2016 09:45 AM, Steve Snyder wrote: >> >> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" >> said: >> >>> Hi, >>> Is there an ETA on the openssl security update (CVE-2016-0799) for >>> CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly >>> awaiting the same for 6.7. >>> >> Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless >> CentOS does a special back-port we'll have to wait for CentOS v6.8 to >> get the OpenSSL update. > Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) > I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. > I thought security updates would be available on 6.7 for many more years. > Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again. At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks. PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?! Give them some bloody time, children. It's a job of work, as the old saying goes. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
Nothing here. I responded to him on this offlist. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On 05/11/2016 09:45 AM, Steve Snyder wrote: On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years. Best regards! -- Patrick Rael Contractor, Lumeta Corporation Network Situational Awareness Phone: 703-298-3276 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linksys router misbehaviour
On May 11, 2016 11:27 AM, "Gordon Messmer" wrote: > > On 05/11/2016 03:05 AM, Timothy Murphy wrote: >> >> does anyone with such a router know of a way >> to wake the router up in such a case through the computer? > > > > Enable ssh? > > ssh root@dd-wrt reboot > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Very OT, but I haven't run a commercial based FW for many moons. Figure out your Fw distro of choice and run to that, my firewalls have uptimes in the year time frames. Lots of choices then use your linksys as an AP. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
On Wed, May 11, 2016 11:10 am, Warren Young wrote: > On May 11, 2016, at 9:38 AM, m.r...@5-cent.us wrote: >> >> Warren Young wrote: >>> This isnât just about RHEL vs Debian and >>> derivatives of same. Several major non-Linux OSes also manage to do >>> automatic upgrades between major releases: Windows, OS X, FreeBSD... >> >> I was under the impression that all the releases of OS X were more like >> what we call subreleases (6.6->6.7). > > You canât transfer meaning between different version number systems. > There is no global standard for the meaning of version numbers. The only > thing that matters is that there is internal consistency. > > (Which is why Windows version numbering is a joke.) And there was a joke about them. When RedHat started pacing fast with their CD version releases: 7.3 --> 8 --> 9 in very short time, someone said: they try to catch up with others in major version number. And someone else pointed: they cant: MS already has Windows 2000 ;-) > > OS X treats changes to the âxâ component of their OS X 10.x.y version > numbering system about the same way as EL does in its x.y system. The > only difference is that major OS X versions have been coming out yearly in > recent years, so that there is less cumulative difference between major > versions than in CentOS major versions. But thereâs probably at least > as much change every 3 major OS X versions, as youâd expect since CentOS > major versions are also about 3 years apart. > > And, in fact, OS X will allow itself to be upgraded across major OS > versions. It doesnât demand that you upgrade to each intermediate > version separately. MacOS 10 server (sorry about using Arabic number, I hate using Roman numbers written with Latin letters, makes any search useless) breaks things between 10.x versions consistently. They change the way authentication is done, add, then drop Apache modules, and so on. No, I do not run any of my servers under MacOS (FreeBSD is current choice, hopefully for long time to come). But some of Professors I work for do it, and I have to help them by doing dirty part that comes with it. So: nobody is perfect (meaning MacOS 10 here ;-) Valeri > > Calling OS X major releases âsubversionsâ is just as fallacious as the > opposite problem we see here in the CentOS world, where some people > believe that CentOS 7.1 is incompatible with CentOS 7.2. A change to y in > these two x.y system means something very different, yet both are correct > because both systems are internally consistent. > >>> Your point about the 10 year support cycle for RHEL is also invalid. >>> The >>> time spacing between major releases is only about every 3 years, and >>> that >>> is the period that matters here. >> >> No, it's not invalid, nor is it what matters. For example, here at work, >> we have clusters, and a small supercomputer, all running 6.x (in the >> case >> of the supercomputer, it's an SGI-modified RHEL 6.x), and they'll go to >> 7 >> probably when they're surplused replaced. > > Yes, andâ¦? Just because you have one use case where a major version > upgrade does not make sense does not mean that major version upgrades > donât make sense everywhere. > > I already covered that case in my previous post, and the counterargument > remains the same: not all OS upgrades can be coupled with hardware > upgrades. VMs are only one reason, though a big one. > > As for all the rest of your post, yes, I get it: nothing should ever > change, nothing should ever break. You just go and live live that dream. > Meanwhile, in my world, change happens. Your unwillingness to cope with > it does not prevent me from doing so. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linksys router misbehaviour
On 05/11/2016 03:05 AM, Timothy Murphy wrote: does anyone with such a router know of a way to wake the router up in such a case through the computer? Enable ssh? ssh root@dd-wrt reboot ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On Wed, 11 May 2016 09:20:54 -0600 Patrick Rael wrote: > Hi, > Is there an ETA on the openssl security update > (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for > CentOS 7 on 5/9, eagerly awaiting > the same for 6.7. The fix/RHSA is here: https://rhn.redhat.com/errata/RHSA-2016-0996.html But as Steve pointed out it's part of 6.8 (hence the current unavailability). /Peter K ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
On May 11, 2016, at 9:38 AM, m.r...@5-cent.us wrote: > > Warren Young wrote: >> This isn’t just about RHEL vs Debian and >> derivatives of same. Several major non-Linux OSes also manage to do >> automatic upgrades between major releases: Windows, OS X, FreeBSD... > > I was under the impression that all the releases of OS X were more like > what we call subreleases (6.6->6.7). You can’t transfer meaning between different version number systems. There is no global standard for the meaning of version numbers. The only thing that matters is that there is internal consistency. (Which is why Windows version numbering is a joke.) OS X treats changes to the ‘x’ component of their OS X 10.x.y version numbering system about the same way as EL does in its x.y system. The only difference is that major OS X versions have been coming out yearly in recent years, so that there is less cumulative difference between major versions than in CentOS major versions. But there’s probably at least as much change every 3 major OS X versions, as you’d expect since CentOS major versions are also about 3 years apart. And, in fact, OS X will allow itself to be upgraded across major OS versions. It doesn’t demand that you upgrade to each intermediate version separately. Calling OS X major releases “subversions” is just as fallacious as the opposite problem we see here in the CentOS world, where some people believe that CentOS 7.1 is incompatible with CentOS 7.2. A change to y in these two x.y system means something very different, yet both are correct because both systems are internally consistent. >> Your point about the 10 year support cycle for RHEL is also invalid. The >> time spacing between major releases is only about every 3 years, and that >> is the period that matters here. > > No, it's not invalid, nor is it what matters. For example, here at work, > we have clusters, and a small supercomputer, all running 6.x (in the case > of the supercomputer, it's an SGI-modified RHEL 6.x), and they'll go to 7 > probably when they're surplused replaced. Yes, and…? Just because you have one use case where a major version upgrade does not make sense does not mean that major version upgrades don’t make sense everywhere. I already covered that case in my previous post, and the counterargument remains the same: not all OS upgrades can be coupled with hardware upgrades. VMs are only one reason, though a big one. As for all the rest of your post, yes, I get it: nothing should ever change, nothing should ever break. You just go and live live that dream. Meanwhile, in my world, change happens. Your unwillingness to cope with it does not prevent me from doing so. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On Wed, 11 May 2016, Steve Snyder wrote: On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. Or, if you have the CR repo installed, you should get it a lot quicker. Gilbert *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: > Hi, > Is there an ETA on the openssl security update (CVE-2016-0799) for > CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly > awaiting > the same for 6.7. > > Thanks! Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Cannot figure out what this segfault message means. Please help!
Hello all I installed MySQL 5.7 using the Mysql community YUM repository and I also installed Tomcat 8 from tomcat.apache.org. The installations went fine but ive been noticing that the VM,which is running CentOS 7.2, has been freezing periodically. This morning when I checked the VM i saw the following segfault message: kernel:systemd[1]: segfault at ip sp 7ffde89aa040 error 15 and kernel:systemd[1]: segfault at fe0f ip 7f96bdd021ad sp 7ffde89a8370 error 5 in systemd[7f96bdc2a000+146000] how do I interpret these error messages and are there any bug fixes out there for these errors? I am using kernel: 3.10.0-327.13.1.el7.x86_64. The VM is running on Hyper-V 2012. Thank you for all of your help! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
Warren Young wrote: > On May 10, 2016, at 4:12 PM, Valeri Galtsev > wrote: >> On Tue, May 10, 2016 3:57 pm, Liam O'Toole wrote: >>> On 2016-05-10, Valeri Galtsev >>> wrote: >> Yes, LTS, thanks Liam. Only LTS has life cycle of mere 2 years, whereas >> RHEL (hence CentOS) is what, 10 years? > And in fact, more than two. This isn’t just about RHEL vs Debian and > derivatives of same. Several major non-Linux OSes also manage to do > automatic upgrades between major releases: Windows, OS X, FreeBSD... I was under the impression that all the releases of OS X were more like what we call subreleases (6.6->6.7). But I don't know, and don't really care - I don't do WinDoze, I don't do (or like) Macs. > Your point about the 10 year support cycle for RHEL is also invalid. The > time spacing between major releases is only about every 3 years, and that > is the period that matters here. No, it's not invalid, nor is it what matters. For example, here at work, we have clusters, and a small supercomputer, all running 6.x (in the case of the supercomputer, it's an SGI-modified RHEL 6.x), and they'll go to 7 probably when they're surplused replaced. Or take me, personally, at home - I dislike systemd, and have zero intention of going up until I have to, and that won't come for a good number of years yet, when support for 6.x stops. And, btw, no, you cannot tell me I'm "wrong" to dislike it, that I should "Embrace Change!!!", because a) I don't need anyone's opinion to justify how I feel about how I deal with something, and b) just because you *can* do something doesn't mean you *should*. For one example, I do *not* embrace change in the form of, say, Web-enabled thermostats (and they do security updates exactly *when*?, or Web-connected cars (are you out of your friggin' alleged mind?). So, why should I go to something NEW! SHINY! when what I have works well, and is comfortable? And automatic upgrades are *NOT* always a Good Idea. For example, just last year, EPEL just upgraded the torque packages that we use to run our clusters... from 2.5 to 4.2(?!?!?!), which broke the test cluster instantly, and took a lot of research and work to make work on the test system by the admin I work with, and on our two big clusters, we're not upgrading - our users would be down for a while... and these are several folks running jobs on the (24, 25) node clusters whose jobs can run a week or two straight. mark, down in the trenches, not in a hosting environment ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] openssl Security Update for CentOS 6.7 ETA
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! -->Pat ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
On May 10, 2016, at 4:12 PM, Valeri Galtsev wrote: > > On Tue, May 10, 2016 3:57 pm, Liam O'Toole wrote: >> On 2016-05-10, Valeri Galtsev >> wrote: >>> >>> 1. Debian (and clones): you keep the components of the system pretty >>> much on the level of latest release of each of components. Therefore >>> "upgrade" to new release of the system is pretty close to just a >>> regular routine update. >> >> You are describing Debian sid/unstable, which is contunuously updated, >> and where there are no releases in the usual sense of the word. Debian >> stable releases are a different matter, and correspond very closely to >> major releases of RHEL/CentOS. There is always an upgrade path between >> consecutive releases of Debian stable. > > Yes, LTS, thanks Liam. Only LTS has life cycle of mere 2 years, whereas > RHEL (hence CentOS) is what, 10 years? “LTS” is an Ubuntu term, not a Debian term. Debian and Ubuntu are very much not the same thing. I point this out not to be pedantic but instead because there are *two* OSes here that both manage to have straightforward automatic upgrades between major releases. And in fact, more than two. This isn’t just about RHEL vs Debian and derivatives of same. Several major non-Linux OSes also manage to do automatic upgrades between major releases: Windows, OS X, FreeBSD... Take FreeBSD for example. Its freebsd-update tool will do this, and it’s mostly automatic, even in the face of changes to core OS files. (e.g. /etc/services) It can even merge changes to a core OS configuration file with your local version in certain cases. Or, it can just open both versions in a text editor and wait for you to merge them manually. Why can’t there be a rhel-update tool that does the same? Your point about the 10 year support cycle for RHEL is also invalid. The time spacing between major releases is only about every 3 years, and that is the period that matters here. That is to say, I would not expect an automatic major upgrade tool for RHEL to let me jump straight from version 5 to version 7 just because RHEL 5 is still receiving security updates. The tool only has to be able to upgrade from the prior major release. This is a solvable problem. Red Hat just doesn’t want to solve it. Why? The upgrade doesn’t have to be perfect. It could break everything except the filesystem and SSH and still allow manual recovery. Even in that extreme, you’re still no worse off than today, where you have to migrate everything by hand. It is actually an uncommonly good time to make such a tool, with the shift to systemd behind us. Unit files are far less likely to cause problems in an automatic upgrade than Bourne shell scripts that source piles of other Bourne shell scripts. An automatic upgrade from RHEL 7 to RHEL 8 should be much safer than RHEL 5 to RHEL 6. Another big shift also plays into this: VMs everywhere. In the past, an automatic major OS version upgrade wasn’t as useful because by the time you wanted to do a major OS upgrade, the hardware was ready to be replaced, too. RHEL’s policy of keeping the past two major versions under support helped, a lot: if the hardware is still doing what you need it to, you could skip a major version, after which the hardware is probably about ready to fall over, if only because the CPU fan is about to seize up. In that world, you could do the OS upgrade and the hardware upgrade together, since you need to migrate the data and services over manually anyway. VMs are changing that. The longer that shift continues, the bigger a problem this missing feature will cause for EL shops. And that probably takes us to the real reason Red Hat doesn’t want to solve this problem: the requirement to support automatic major version migration wouldn’t have allowed them to throw Xen into RHEL 6 and then pull it right back out for RHEL 7. I think Red Hat *wants* the freedom to break core OS facilities between major versions. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 as DNS-Server
how can I influence the time between the .jnl file is created/updated and the zone file is updated? more than 10 minutes is quite a bit long ... AFAIK rndc freeze/thaw will do that but you may try other rndc commands too. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 135, Issue 5
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2016:1008 CentOS 5 sos BugFix Update (Johnny Hughes) 2. CEBA-2016:1009 CentOS 5 firefox BugFix Update (Johnny Hughes) -- Message: 1 Date: Wed, 11 May 2016 05:00:22 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2016:1008 CentOS 5 sos BugFix Update Message-ID: <20160511050022.ga13...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2016:1008 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1008.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a475b5d668e11fdedb198fce3b0c7acb44fc6792cfe2b476582827c10235bfde sos-1.7-9.74.el5.centos.noarch.rpm x86_64: a475b5d668e11fdedb198fce3b0c7acb44fc6792cfe2b476582827c10235bfde sos-1.7-9.74.el5.centos.noarch.rpm Source: a241963fe6488483dc6c0f6bd811a1a6e7eb9ab44683430341aa439855fa52be sos-1.7-9.74.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: JohnnyCentOS -- Message: 2 Date: Wed, 11 May 2016 05:08:38 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2016:1009 CentOS 5 firefox BugFix Update Message-ID: <20160511050838.ga14...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2016:1009 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1009.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8a1b5a12cc396b85b2bb8022acc81358366d4a24b6d819ad887478f4b3aad972 firefox-45.1.1-1.el5.centos.i386.rpm x86_64: 8a1b5a12cc396b85b2bb8022acc81358366d4a24b6d819ad887478f4b3aad972 firefox-45.1.1-1.el5.centos.i386.rpm 7cc5b5f1ba36683f7f8b2c04ffaf7151aec3212356d708a852c531b42b6dcf3a firefox-45.1.1-1.el5.centos.x86_64.rpm Source: 2d374e8d6925993a0c43346ab99b73ab7265e334326237318249adacbdade2c4 firefox-45.1.1-1.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: JohnnyCentOS -- ___ CentOS-announce mailing list centos-annou...@centos.org https://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 135, Issue 5 *** ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Badlock bad luck
On 05/11/2016 11:39 AM, Philippe BOURDEU d'AGUERRE wrote: Workaround with smb.conf parameters given here seems to work but it works only for accounts already existing in the domain. New accounts get a "There are currently no logon servers available to service the logon" message. I have downgraded :-( So have I. Mogens -- Mogens Kjaer, m...@lemo.dk http://www.lemo.dk ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Linksys router misbehaviour
I'm running a Linksys WRT54GL router from my CentOS-7 home server. Every now and then (maybe once every 2 days) the router's WiFi cuts out, and I've found no way to solve this except to disconnect the power from the router, wait 10 seconds and then re-connect. This always works. The router is running under dd-wrt. My question is - which makes it a tiny bit CentOS-related - does anyone with such a router know of a way to wake the router up in such a case through the computer? I wouldn't have dared to ask this question here or anywhere until recently, as I assumed my ancient Linksys routers were obsolete. But I've been reading posts recently saying that there hasn't really been a Linux router to replace the WRT54GL, and in particular Linksys's recent 11n replacement is not as good as the old model in many ways. Anyway, if anyone has an answer to my query I would be very grateful. I have a couple of IP cameras working by WiFi on the computer, which I can look at remotely. I've connected one by TP-Link through the router, and this doesn't cut out, but it is not wholly satisfactory. -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Badlock bad luck
Another follow up. I have a Centos 6 server running as a Samba NT4/PDC Domain controller and have seen the regression with 3.6.23-30 release. Client is a Windows 2008R2 server. Workaround with smb.conf parameters given here seems to work but it works only for accounts already existing in the domain. New accounts get a "There are currently no logon servers available to service the logon" message. I have downgraded :-( Le 19/04/2016 16:20, Bill Baird a écrit : Just to follow up, the fix for us was to add "client ipc signing = auto" to our smb.conf configuration file. -- Philippe BOURDEU d'AGUERRE AIME - Campus de l'INSA http://www.aime-toulouse.fr/ 135 av. de Rangueil Tél +33 561 559 885 31077 TOULOUSE Cedex 4 - FRANCE Fax +33 561 559 870 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] test builds on mesa
Correct my self: libdrm version is 2.6.8 mesa 11.2 needs libdrm < 2.6.6, can be compile with the centos private-llvm 3.6.1 mesa 11.1 libdrm < 2.6.1 mesa 10.6.9 can build without external upgrades. Rebuild mesa, only needs cms4all-drivers. If you are use wine, you need it twice x86_64 and i686 Sincerely Andy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unexpected behavior of 'yum group list' and 'yum group install'
Le 11/05/2016 09:37, Nicolas Kovacs a écrit : > 9. As you can guess, the expected behavior was for Yum to *not* display > the "Core" and "Base" groups as "Installed Groups" as soon as there was > some stuff (if not downright all packages from the group) missing. > > Any suggestions on this? I'll answer this myself, since I just found the solution. # yum group mark remove "Core" # yum group mark remove "Base" Follow-up question on this. Is there a way to 'group mark remove' all package groups in one go? I checked for wildcards, but couldn't find anything. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade path from CentOS 7 to future versions
On 2016-05-10, Valeri Galtsev wrote: > > On Tue, May 10, 2016 3:57 pm, Liam O'Toole wrote: >> On 2016-05-10, Valeri Galtsev >> wrote: >>> >>> 1. Debian (and clones): you keep the components of the system pretty >>> much on the level of latest release of each of components. Therefore >>> "upgrade" to new release of the system is pretty close to just a >>> regular routine update. >> >> You are describing Debian sid/unstable, which is contunuously >> updated, and where there are no releases in the usual sense of the >> word. Debian stable releases are a different matter, and correspond >> very closely to major releases of RHEL/CentOS. There is always an >> upgrade path between consecutive releases of Debian stable. >> > > Yes, LTS, thanks Liam. Only LTS has life cycle of mere 2 years, > whereas RHEL (hence CentOS) is what, 10 years? I was pretty sure > Debian does not backport patches (of Linuxes no one except RH, as far > as I know). How do they do it with LTS? Do they just freeze major > version, no matter what (it is only 2 years the need)? Others have complained that this is not the place for an extended discussion on Debian, so I'll just direct you here: https://wiki.debian.org/LTS/ If you have any questions, I suggest you post them to debian-user. I am subscribed to that list, and will be happy to resume the conversation there. -- Liam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Unexpected behavior of 'yum group list' and 'yum group install'
Hi, I'm currently experimenting with Yum on a fresh CentOS 7 minimal install, and I'm getting some puzzling results. Here's what I did. 1. Install CentOS 7 from the Minimal CD. 2. Install 'deltarpm' and update all packages. 3. Install the "Core" package group: 'yum group install "Core"' 4. Install the "Base" package group: 'yum group install "Base"' 5. As expected, 'yum group list hidden | less' shows this: ... Installed Groups: Base Core ... 6. Now I remove manually all packages that were not present in the initial installation. I'm doing this using a script, which is supposed to get the system back to its pristine state. Various tests with 'rpm -qa --queryformat '%{NAME}\n' | sort > packagelist.txt' show me that this worked. 7. For mysterious reasons, 'yum group list hidden | less' still shows: ... Installed Groups: Base Core ... 8. When I try to reinstall the "Core" and/or the "Base" groups using 'yum group install "", I get the following result: # yum group install "Core" Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: ftp.pasteur.fr * extras: mir01.syntis.net * updates: ftp.pasteur.fr Maybe run: yum groups mark install (see man yum) No packages in any requested group available to install or update 9. As you can guess, the expected behavior was for Yum to *not* display the "Core" and "Base" groups as "Installed Groups" as soon as there was some stuff (if not downright all packages from the group) missing. Any suggestions on this? Cheers from the rainy South of France, Niki PS: you may wonder why I'm doing this. I may have to manage a situation where I have to deal with CentOS 7 installations that would first have to be pruned down without reinstalling everything. -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos