Re: [CentOS] Update RPM GPG key for EL9
On 02/06/2022 00:22, Orion Poplawski wrote: On 6/1/22 13:43, Fabian Arrotin wrote: On 01/06/2022 19:51, Orion Poplawski wrote: Looks like the GPG key we use to sign our RPMs is not longer good with EL9: # rpm --import RPM-GPG-KEY-nwra error: RPM-GPG-KEY-nwra: key 1 import failed gpg key info: sec rsa2048/35DDB0B86218AC2F created: 2017-08-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa2048/6A7FBC1E9DB22E8E created: 2017-08-16 expires: never usage: E Can someone explain what I need to do to make things compatible with EL9? Thank you! Just ensure that it's not using SHA1, which was deprecated, reason why the CentOS keys had to be re-signed with newer algo too See this thread : https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html Thanks - but I don't know how to check if it is using SHA1 or how to regenerate it with SHA512. You can always check the digest algo on existing public keys with --list-packets Example for the older Cloud SIG pub key (but same for other keys) : curl --silent https://git.centos.org/centos/centos.org/raw/26a8f19095de699769b00109a1d69b37474ec388/f/keys/RPM-GPG-KEY-CentOS-SIG-Cloud|gpg --list-packets|grep "digest algo" digest algo 2, begin of digest 01 35 digest algo 2 is the problem , as it's SHA1, which is now deprecated So you don't need to create new key, but just re-sign with better algo Just ensure that you have 'cert-digest-algo SHA512' in ~/.gnupg/gpg.conf and re-signing existing gpg key[s] would work The easiest way to have these re-signed is to 'gpg --edit-key ` , then edit both primary and sub, setting different expiration date (even if already set to never), save and then export with 'gpg --export --armor' again You can see the difference on the public key: curl --silent https://git.centos.org/centos/centos.org/raw/main/f/keys/RPM-GPG-KEY-CentOS-SIG-Cloud|gpg --list-packets|grep "digest algo" digest algo 10, begin of digest 73 02 Which shows a better signature algo and it can be imported now on RHEL9/Stream9 and others -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab OpenPGP_signature Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update RPM GPG key for EL9
On 6/1/22 13:43, Fabian Arrotin wrote: > On 01/06/2022 19:51, Orion Poplawski wrote: >> Looks like the GPG key we use to sign our RPMs is not longer good with EL9: >> >> # rpm --import RPM-GPG-KEY-nwra >> error: RPM-GPG-KEY-nwra: key 1 import failed >> >> gpg key info: >> >> sec rsa2048/35DDB0B86218AC2F >> created: 2017-08-16 expires: never usage: SC >> trust: ultimate validity: ultimate >> ssb rsa2048/6A7FBC1E9DB22E8E >> created: 2017-08-16 expires: never usage: E >> >> Can someone explain what I need to do to make things compatible with EL9? >> >> Thank you! >> > > Just ensure that it's not using SHA1, which was deprecated, reason why the > CentOS keys had to be re-signed with newer algo too > > See this thread : > https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html Thanks - but I don't know how to check if it is using SHA1 or how to regenerate it with SHA512. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update RPM GPG key for EL9
On 01/06/2022 19:51, Orion Poplawski wrote: Looks like the GPG key we use to sign our RPMs is not longer good with EL9: # rpm --import RPM-GPG-KEY-nwra error: RPM-GPG-KEY-nwra: key 1 import failed gpg key info: sec rsa2048/35DDB0B86218AC2F created: 2017-08-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa2048/6A7FBC1E9DB22E8E created: 2017-08-16 expires: never usage: E Can someone explain what I need to do to make things compatible with EL9? Thank you! Just ensure that it's not using SHA1, which was deprecated, reason why the CentOS keys had to be re-signed with newer algo too See this thread : https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab OpenPGP_signature Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] centos 7 sendmail on AWS
I am trying to get email out of AWS image to google on port 587. When I use telnet it connects - so 587 is a valid path... telnet smtp-relay.gmail.com 587 Trying 142.250.112.28... Connected to smtp-relay.gmail.com. Escape character is '^]'. 220 smtp-relay.gmail.com ESMTP l15-20020a17090a150f00b001dfac278995sm682651pja.12 - gsmtp ^]quit When I run interactive session: sendmail -Am -v -t To: X@Y From: X@Y Subject: test X@Y... Connecting to aspmx.l.google.com. port 587 via esmtp... sendmail.mc has define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl define(`RELAY_MAILER', `esmtp')dnl define(`null_client', `smtp-relay.gmail.com.') I dont understand why 587 is not connecting. It connects on the manual telnet. It does not connect otherwise. What might I be missing? Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] FW: NFS Server Centos7
Any news? On 29/05/2022, 17:33, "CentOS on behalf of Erik Frangež via CentOS" wrote: Hi guys, Thank you all for replys and sorry I was having enabled digest mode and I did not get all messages in time. Here are answers: Message 2: Client and server are virtual machines inside vmware environment which is connected to 10gbps. Network is devided between virtual machines. Physical servers are connected to Nexus switch with 10gbps. Message 3: We have try speeds with iperf, they are between 1 and 6 gbps, sometimes goes to 8gbps - depends of the load of networks. All checks was done with sync mode (NFS will be used for important data and we do not want to lose something). Message 4: Config is default, just installed and tested with NFSv3 NFSv4. Message 5: We did not enable jumbo frames on network. For all: We are testing speed with this script (PHP7.4): 1, 'over' => 1.25, 'fail' => BENCHFAIL_SLOWHARDDRIVE); ?> On 29/05/2022, 14:00, "centos-boun...@centos.org on behalf of centos-requ...@centos.org" wrote: -- Message: 1 Date: Sat, 28 May 2022 15:43:12 +0200 From: Erik Frange? To: centos@centos.org Subject: [CentOS] NFS Server Centos7 Message-ID: <6dfea2b2-1a90-059c-8ffe-f8f7f0775...@frangez.net> Content-Type: text/plain; charset=UTF-8; format=flowed Hi guys, we are setting NFS server on CentOS7 system. Everything working OK except speed, speed over NFS very drop... if we run dd command directly on server we are getting speed around 1,4Gbps, if we run from client connected to NFS is 200Mbps. Do you have maybe some advice what we need to check? Thank you! Best, Erik -- Message: 2 Date: Sat, 28 May 2022 10:40:10 -0600 From: Frank Cox To: centos@centos.org Subject: Re: [CentOS] NFS Server Centos7 Message-ID: <20220528104010.b28a86a9d8ac9186f2fc3...@sasktel.net> Content-Type: text/plain; charset=UTF-8 On Sat, 28 May 2022 15:43:12 +0200 Erik Frange? via CentOS wrote: > we are setting NFS server on CentOS7 system. Everything working OK > except speed, speed over NFS very drop... if we run dd command directly > on server we are getting speed around 1,4Gbps, if we run from client > connected to NFS is 200Mbps. > > Do you have maybe some advice what we need to check? Speed of network card in the server. Speed of network card in the client. Speed of any and all routers and switches between the server and the client. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com -- Message: 3 Date: Sat, 28 May 2022 12:07:17 -0700 From: Skylar Thompson To: centos@centos.org Subject: Re: [CentOS] NFS Server Centos7 Message-ID: <20220528190717.ibbohtdtx4bzkl2w@hithlum> Content-Type: text/plain; charset=utf-8 I would start with something like iperf to measure the actual network throughput b/w the client and server. Once you have a baseline for that, we'd have to know things like read and write buffer sizes, and sync vs async mode. On Sat, May 28, 2022 at 03:43:12PM +0200, Erik Frange? via CentOS wrote: > Hi guys, > > we are setting NFS server on CentOS7 system. Everything working OK except > speed, speed over NFS very drop... if we run dd command directly on server > we are getting speed around 1,4Gbps, if we run from client connected to NFS > is 200Mbps. > > Do you have maybe some advice what we need to check? > > Thank you! > > Best, Erik -- -- Skylar Thompson (skyl...@u.washington.edu) -- Genome Sciences Department (UW Medicine), System Administrator -- Foege Building S046, (206)-685-7354 -- Pronouns: He/Him/His -- Message: 4 Date: Sat, 28 May 2022 21:08:14 +0200 From: Leon Fauster To: centos@centos.org Subject: Re: [CentOS] NFS Server Centos7 Message-ID: <9f619570-23b6-eb0a-c68a-dfd744fbd...@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Am 28.05.22 um 18:40 schrieb Frank Cox: > On Sat, 28 May 2022 15:43:12 +0200 > Erik Frange? via CentOS wrote: > >> we are setting NFS server on CentOS7 system. Everything working OK >> except speed, speed over NFS
Re: [CentOS] USB 2.5GbE NIC
Hi, Can anyone please help. I have an Intel NUC11i7 running CentOS 8.4 successfully. I have a Plugable USB 3.0 to 2.5GbE adapter to be used with the NUC. This works at 1GbE but the standard CentOS 8.4 driver will not allow me to change the speed. Can anyone please point me in the right direction for the driver and driver installation instructions. Advise would be appreciated for anyone who has done this. Mark Woolfson -- This email has been checked for viruses by AVG. https://www.avg.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Update RPM GPG key for EL9
Looks like the GPG key we use to sign our RPMs is not longer good with EL9: # rpm --import RPM-GPG-KEY-nwra error: RPM-GPG-KEY-nwra: key 1 import failed gpg key info: sec rsa2048/35DDB0B86218AC2F created: 2017-08-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa2048/6A7FBC1E9DB22E8E created: 2017-08-16 expires: never usage: E Can someone explain what I need to do to make things compatible with EL9? Thank you! -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos