[CentOS] Panic on boot with 7.3 kernels when decrypting hard drive

[Christopher St. Louis]

I was excited to update my system to CentOS 7.3/1611 yesterday when
the release announcement came through, but since then I've been
running into some serious kernel issues.

I've been successfully running 7.2 on a Thinkpad X301 for about 6
months now, with an encrypted disk that unlocks with a password at
boot time. I think that's LUKS on LVM? I didn't tinker with the
default encryption options so it's nothing too exotic: unencrypted
/boot on sda1, encrypted system/home on sda2. I've used both the
standard 3.10 kernels and 4.4 kernels from the kernel-lt package from
ELrepo with no problems so far.

When performing the update to 7.3 yesterday, the packages
kernel-lt-4.4.38-1.el7.elrepo.x86_64 and
kernel-3.10.0-514.2.2.el7.x86_64 were installed. With both of those,
my system comes to a complete, frozen halt on boot, after I've entered
my disk decryption key and before I see a login screen. The little
progress spinner freezes, and the caps lock light on my keyboard
starts blinking, which I've been told indicates a kernel panic. Any
manner of key combinations, even the "magic SysRq" combinations do
nothing to recover the system--the only way out is to cut the power. I
was able to fall back to the still-installed
4.4.36-1.el7.elrepo.x86_64 kernel with no problems. On a whim, I tried
installing the latest mainline kernel from ELrepo as well
(kernel-ml-4.9.0-1.el7.elrepo.x86_64) and encountered a similar hard
lock, minus the blinkenlight in the caps lock key.

Has anyone else had a similar issue? Is there anything in what I've
described that sounds obvious to what the solution is? It really just
seems like the problems are with kernels that have come through
following the 7.3 release. I'm still somewhat new at getting into the
inner workings of Linux, but is there a log that might shed some light
on what went wrong?

Thanks in advance,

--C
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Phil Wyett]

On Wed, 2016-12-14 at 00:25 +, Phil Wyett wrote:
> On Tue, 2016-12-13 at 16:14 -0800, Alice Wonder wrote:
> > On 12/13/2016 03:57 PM, Phil Wyett wrote:
> > > On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote:
> > >> On 12/13/2016 03:34 PM, Phil Wyett wrote:
> > >>> On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:
> >  I'm getting spec files from centos git which is really convenient when
> >  the related source is easy to find. But some things - e.g. from a spec 
> >  file
> > 
> >  # How to create the source tarball:
> >  #
> >  # git clone git://git.fedorahosted.org/git/python-rhsm.git/
> >  # cd client/python-rhsm
> >  # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz
> > 
> >  Never used tito before, so I install it and try, and rather than giving
> >  me the source package I need - it gives me a python traceback
> >  complaining that I haven't configured some things properly.
> > 
> >  Seems a lot of the software distribution world is getting overly 
> >  complex
> >  with an expectation that the end user who needs to exercise his FLOSS
> >  rights has to use git or nodejs or for php composer or whatever just to
> >  get what use to be available with no more complexity than choosing
> >  tar.gz or tar.bz2 or .zip if the dev was Windows.
> > 
> >  Whatever happened to KISS and why can't source tarballs be distributed
> >  as source tarballs?
> > 
> >  Back when I was a Fedora packager - the packaging guidelines would
> >  reject a package of the Source tarball wasn't a URL and if the 
> >  timestamp
> >  on the tarball in the src.rpm didn't match upstream even if the 
> >  checksum
> >  was identical.
> > 
> >  Guess those days are gone.
> > 
> >  /rant
> > >>>
> > >>> Hi,
> > >>>
> > >>> Not seen this one before, but don't play with much python. The SPEC
> > >>> really should just refer too a URL too a compressed archive as the
> > >>> packages home site supplies them.
> > >>>
> > >>> https://github.com/candlepin/python-rhsm/releases
> > >>>
> > >>> Regards
> > >>>
> > >>> Phil
> > >>
> > >> I went to the github and it doesn't have a packaged release that matches
> > >> the version. I managed to find it in the build system logs, but its just
> > >> weird.
> > >>
> > >> If I recall, formerly for a tarball to be different than what was on
> > >> upstream, it had to have a legal reason (e.g. patents) and a script in
> > >> the sources that could turn upstream tarball into the version used.
> > >>
> > >
> > > Hi,
> > >
> > > Out of interest, which version do you refer to?
> > >
> > > Regards
> > >
> > > Phil
> > >
> > >
> > 
> > 1.17.9 is the version in CentOS 7.3 and what I needed (and found on a 
> > build server)
> 
> Hi,
> 
> To get source for a package in CentOS, you follow the get_sources.sh'
> section and 'Example workflow' section in:
> 
> https://wiki.centos.org/Sources
> 
> For your package...
> 
> * Setup 'centos-git-common' i.e. clone it to your system.
> 
> * Do the clone and checkout for your package.
> 
> git clone https://git.centos.org/summary/rpms!python-rhsm.git
> cd python-rhsm
> git checkout c7
> sh /get_sources.sh
> 
> You should then have the spec, any patches and tarball(s).
> 
> Regards
> 
> Phil
> 

Sorry rushed that.

Should be:

git clone https://git.centos.org/git/rpms/python-rhsm.git

Regards

Phil

-- 

Google+: https://plus.google.com/+PhilWyett
Blog: https://philwyett-hemi.blogspot.co.uk/
GitLab: https://gitlab.com/philwyett_hemi/





signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Phil Wyett]

On Tue, 2016-12-13 at 16:14 -0800, Alice Wonder wrote:
> On 12/13/2016 03:57 PM, Phil Wyett wrote:
> > On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote:
> >> On 12/13/2016 03:34 PM, Phil Wyett wrote:
> >>> On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:
>  I'm getting spec files from centos git which is really convenient when
>  the related source is easy to find. But some things - e.g. from a spec 
>  file
> 
>  # How to create the source tarball:
>  #
>  # git clone git://git.fedorahosted.org/git/python-rhsm.git/
>  # cd client/python-rhsm
>  # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz
> 
>  Never used tito before, so I install it and try, and rather than giving
>  me the source package I need - it gives me a python traceback
>  complaining that I haven't configured some things properly.
> 
>  Seems a lot of the software distribution world is getting overly complex
>  with an expectation that the end user who needs to exercise his FLOSS
>  rights has to use git or nodejs or for php composer or whatever just to
>  get what use to be available with no more complexity than choosing
>  tar.gz or tar.bz2 or .zip if the dev was Windows.
> 
>  Whatever happened to KISS and why can't source tarballs be distributed
>  as source tarballs?
> 
>  Back when I was a Fedora packager - the packaging guidelines would
>  reject a package of the Source tarball wasn't a URL and if the timestamp
>  on the tarball in the src.rpm didn't match upstream even if the checksum
>  was identical.
> 
>  Guess those days are gone.
> 
>  /rant
> >>>
> >>> Hi,
> >>>
> >>> Not seen this one before, but don't play with much python. The SPEC
> >>> really should just refer too a URL too a compressed archive as the
> >>> packages home site supplies them.
> >>>
> >>> https://github.com/candlepin/python-rhsm/releases
> >>>
> >>> Regards
> >>>
> >>> Phil
> >>
> >> I went to the github and it doesn't have a packaged release that matches
> >> the version. I managed to find it in the build system logs, but its just
> >> weird.
> >>
> >> If I recall, formerly for a tarball to be different than what was on
> >> upstream, it had to have a legal reason (e.g. patents) and a script in
> >> the sources that could turn upstream tarball into the version used.
> >>
> >
> > Hi,
> >
> > Out of interest, which version do you refer to?
> >
> > Regards
> >
> > Phil
> >
> >
> 
> 1.17.9 is the version in CentOS 7.3 and what I needed (and found on a 
> build server)

Hi,

To get source for a package in CentOS, you follow the get_sources.sh'
section and 'Example workflow' section in:

https://wiki.centos.org/Sources

For your package...

* Setup 'centos-git-common' i.e. clone it to your system.

* Do the clone and checkout for your package.

git clone https://git.centos.org/summary/rpms!python-rhsm.git
cd python-rhsm
git checkout c7
sh /get_sources.sh

You should then have the spec, any patches and tarball(s).

Regards

Phil

-- 

Google+: https://plus.google.com/+PhilWyett
Blog: https://philwyett-hemi.blogspot.co.uk/
GitLab: https://gitlab.com/philwyett_hemi/





signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Alice Wonder]

On 12/13/2016 03:57 PM, Phil Wyett wrote:

On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote:

On 12/13/2016 03:34 PM, Phil Wyett wrote:

On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:

I'm getting spec files from centos git which is really convenient when
the related source is easy to find. But some things - e.g. from a spec file

# How to create the source tarball:
#
# git clone git://git.fedorahosted.org/git/python-rhsm.git/
# cd client/python-rhsm
# tito build --tag python-rhsm-$VERSION-$RELEASE --tgz

Never used tito before, so I install it and try, and rather than giving
me the source package I need - it gives me a python traceback
complaining that I haven't configured some things properly.

Seems a lot of the software distribution world is getting overly complex
with an expectation that the end user who needs to exercise his FLOSS
rights has to use git or nodejs or for php composer or whatever just to
get what use to be available with no more complexity than choosing
tar.gz or tar.bz2 or .zip if the dev was Windows.

Whatever happened to KISS and why can't source tarballs be distributed
as source tarballs?

Back when I was a Fedora packager - the packaging guidelines would
reject a package of the Source tarball wasn't a URL and if the timestamp
on the tarball in the src.rpm didn't match upstream even if the checksum
was identical.

Guess those days are gone.

/rant


Hi,

Not seen this one before, but don't play with much python. The SPEC
really should just refer too a URL too a compressed archive as the
packages home site supplies them.

https://github.com/candlepin/python-rhsm/releases

Regards

Phil


I went to the github and it doesn't have a packaged release that matches
the version. I managed to find it in the build system logs, but its just
weird.

If I recall, formerly for a tarball to be different than what was on
upstream, it had to have a legal reason (e.g. patents) and a script in
the sources that could turn upstream tarball into the version used.



Hi,

Out of interest, which version do you refer to?

Regards

Phil




1.17.9 is the version in CentOS 7.3 and what I needed (and found on a 
build server)


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Phil Wyett]

On Tue, 2016-12-13 at 15:39 -0800, Alice Wonder wrote:
> On 12/13/2016 03:34 PM, Phil Wyett wrote:
> > On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:
> >> I'm getting spec files from centos git which is really convenient when
> >> the related source is easy to find. But some things - e.g. from a spec file
> >>
> >> # How to create the source tarball:
> >> #
> >> # git clone git://git.fedorahosted.org/git/python-rhsm.git/
> >> # cd client/python-rhsm
> >> # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz
> >>
> >> Never used tito before, so I install it and try, and rather than giving
> >> me the source package I need - it gives me a python traceback
> >> complaining that I haven't configured some things properly.
> >>
> >> Seems a lot of the software distribution world is getting overly complex
> >> with an expectation that the end user who needs to exercise his FLOSS
> >> rights has to use git or nodejs or for php composer or whatever just to
> >> get what use to be available with no more complexity than choosing
> >> tar.gz or tar.bz2 or .zip if the dev was Windows.
> >>
> >> Whatever happened to KISS and why can't source tarballs be distributed
> >> as source tarballs?
> >>
> >> Back when I was a Fedora packager - the packaging guidelines would
> >> reject a package of the Source tarball wasn't a URL and if the timestamp
> >> on the tarball in the src.rpm didn't match upstream even if the checksum
> >> was identical.
> >>
> >> Guess those days are gone.
> >>
> >> /rant
> >
> > Hi,
> >
> > Not seen this one before, but don't play with much python. The SPEC
> > really should just refer too a URL too a compressed archive as the
> > packages home site supplies them.
> >
> > https://github.com/candlepin/python-rhsm/releases
> >
> > Regards
> >
> > Phil
> 
> I went to the github and it doesn't have a packaged release that matches 
> the version. I managed to find it in the build system logs, but its just 
> weird.
> 
> If I recall, formerly for a tarball to be different than what was on 
> upstream, it had to have a legal reason (e.g. patents) and a script in 
> the sources that could turn upstream tarball into the version used.
> 

Hi,

Out of interest, which version do you refer to?

Regards

Phil

-- 

Google+: https://plus.google.com/+PhilWyett
Blog: https://philwyett-hemi.blogspot.co.uk/
GitLab: https://gitlab.com/philwyett_hemi/





signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Alice Wonder]

On 12/13/2016 03:34 PM, Phil Wyett wrote:

On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:

I'm getting spec files from centos git which is really convenient when
the related source is easy to find. But some things - e.g. from a spec file

# How to create the source tarball:
#
# git clone git://git.fedorahosted.org/git/python-rhsm.git/
# cd client/python-rhsm
# tito build --tag python-rhsm-$VERSION-$RELEASE --tgz

Never used tito before, so I install it and try, and rather than giving
me the source package I need - it gives me a python traceback
complaining that I haven't configured some things properly.

Seems a lot of the software distribution world is getting overly complex
with an expectation that the end user who needs to exercise his FLOSS
rights has to use git or nodejs or for php composer or whatever just to
get what use to be available with no more complexity than choosing
tar.gz or tar.bz2 or .zip if the dev was Windows.

Whatever happened to KISS and why can't source tarballs be distributed
as source tarballs?

Back when I was a Fedora packager - the packaging guidelines would
reject a package of the Source tarball wasn't a URL and if the timestamp
on the tarball in the src.rpm didn't match upstream even if the checksum
was identical.

Guess those days are gone.

/rant


Hi,

Not seen this one before, but don't play with much python. The SPEC
really should just refer too a URL too a compressed archive as the
packages home site supplies them.

https://github.com/candlepin/python-rhsm/releases

Regards

Phil


I went to the github and it doesn't have a packaged release that matches 
the version. I managed to find it in the build system logs, but its just 
weird.


If I recall, formerly for a tarball to be different than what was on 
upstream, it had to have a legal reason (e.g. patents) and a script in 
the sources that could turn upstream tarball into the version used.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Phil Wyett]

On Tue, 2016-12-13 at 14:16 -0800, Alice Wonder wrote:
> I'm getting spec files from centos git which is really convenient when 
> the related source is easy to find. But some things - e.g. from a spec file
> 
> # How to create the source tarball:
> #
> # git clone git://git.fedorahosted.org/git/python-rhsm.git/
> # cd client/python-rhsm
> # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz
> 
> Never used tito before, so I install it and try, and rather than giving 
> me the source package I need - it gives me a python traceback 
> complaining that I haven't configured some things properly.
> 
> Seems a lot of the software distribution world is getting overly complex 
> with an expectation that the end user who needs to exercise his FLOSS 
> rights has to use git or nodejs or for php composer or whatever just to 
> get what use to be available with no more complexity than choosing 
> tar.gz or tar.bz2 or .zip if the dev was Windows.
> 
> Whatever happened to KISS and why can't source tarballs be distributed 
> as source tarballs?
> 
> Back when I was a Fedora packager - the packaging guidelines would 
> reject a package of the Source tarball wasn't a URL and if the timestamp 
> on the tarball in the src.rpm didn't match upstream even if the checksum 
> was identical.
> 
> Guess those days are gone.
> 
> /rant

Hi,

Not seen this one before, but don't play with much python. The SPEC
really should just refer too a URL too a compressed archive as the
packages home site supplies them.

https://github.com/candlepin/python-rhsm/releases

Regards

Phil

-- 

Google+: https://plus.google.com/+PhilWyett
Blog: https://philwyett-hemi.blogspot.co.uk/
GitLab: https://gitlab.com/philwyett_hemi/





signature.asc
Description: This is a digitally signed message part
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Alice Wonder]

On 12/13/2016 03:21 PM, Valeri Galtsev wrote:



Another thing is: when building of the project (libraries, binaries, etc)
requires sophisticated infrastructure that is not necessary after you
built it.


Yes, that's why I mentioned nodejs. A rather cool JavaScript project 
didn't do quite what I wanted, but to modify it I had to install some 
nodejs environment that was used to "build" the JavaScript and had to be 
re-run for any tweak to the components and always built a rather large 
JavaScript file even minified.


I ended up just scrapping it any writing my own even though its not as 
flexible, and I'm still trying to figure out how requiring a node setup 
is a good idea to require for generating a static file.


But that's the trend.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Valeri Galtsev]

On Tue, December 13, 2016 5:09 pm, John R Pierce wrote:
> On 12/13/2016 2:35 PM, Nicolas Kovacs wrote:
>> That's why I'm running Slackware on most of my systems.
>
> that doesn't solve the issue of various FOSS projects using all kinda
> whacky build toolkits and requirements.
>
> one tool I wanted to build a few weeks ago depended on common lisp.
>
> another package I wanted to play with required this whole complex python
> infrastructure which I'd never seen or heard of before (Im not a python
> dev although I can follow bits of code, and even make minor changes),
> and the build commands in that infrastructure were pulling in source
> packages from various servers all over the world, which kinda scared me
> from a security standpoint.

That is inevitable: some of the tools/projects to work may require you to
bring a huge external infrastructure if you want to use them. This has no
way around.

Another thing is: when building of the project (libraries, binaries, etc)
requires sophisticated infrastructure that is not necessary after you
built it. This and only this is what I meant when mentioned FreeBSD pkg
and poudriere for building custom configured packages - you only need that
infrastructure when building (on build box in build jail...).

But in general, yes, the world seems to have gone the way "why simple,
when you can do it complex way".

I guess I should have added rant tags...

Valeri

>
>
>
> --
> john r pierce, recycling bits in santa cruz
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[John R Pierce]

On 12/13/2016 2:35 PM, Nicolas Kovacs wrote:

That's why I'm running Slackware on most of my systems.


that doesn't solve the issue of various FOSS projects using all kinda 
whacky build toolkits and requirements.


one tool I wanted to build a few weeks ago depended on common lisp.

another package I wanted to play with required this whole complex python 
infrastructure which I'd never seen or heard of before (Im not a python 
dev although I can follow bits of code, and even make minor changes), 
and the build commands in that infrastructure were pulling in source 
packages from various servers all over the world, which kinda scared me 
from a security standpoint.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Nicolas Kovacs]

Le 13/12/2016 à 23:16, Alice Wonder a écrit :
> Seems a lot of the software distribution world is getting overly complex
> with an expectation that the end user who needs to exercise his FLOSS
> rights has to use git or nodejs or for php composer or whatever just to
> get what use to be available with no more complexity than choosing
> tar.gz or tar.bz2 or .zip if the dev was Windows.
> 
> Whatever happened to KISS



That's why I'm running Slackware on most of my systems.



-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] spec file frustration (rant)

[Valeri Galtsev]

On Tue, December 13, 2016 4:16 pm, Alice Wonder wrote:
> I'm getting spec files from centos git which is really convenient when
> the related source is easy to find. But some things - e.g. from a spec
> file
>
> # How to create the source tarball:
> #
> # git clone git://git.fedorahosted.org/git/python-rhsm.git/
> # cd client/python-rhsm
> # tito build --tag python-rhsm-$VERSION-$RELEASE --tgz
>
> Never used tito before, so I install it and try, and rather than giving
> me the source package I need - it gives me a python traceback
> complaining that I haven't configured some things properly.
>
> Seems a lot of the software distribution world is getting overly complex
> with an expectation that the end user who needs to exercise his FLOSS
> rights has to use git or nodejs or for php composer or whatever just to
> get what use to be available with no more complexity than choosing
> tar.gz or tar.bz2 or .zip if the dev was Windows.
>
> Whatever happened to KISS and why can't source tarballs be distributed
> as source tarballs?
>
> Back when I was a Fedora packager - the packaging guidelines would
> reject a package of the Source tarball wasn't a URL and if the timestamp
> on the tarball in the src.rpm didn't match upstream even if the checksum
> was identical.
>
> Guess those days are gone.


Not exactly. I'm pretty happy with FreeBSD pkg system, and with poudriere
whenever I need custom configs different from what package maintainers
choice. No unneeded complication crap.

Of course, this is only rant from point of view of mentioning our rival:
FreeBSD on our list ;-)


Valeri

>
> /rant
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] spec file frustration (rant)

[Alice Wonder]

I'm getting spec files from centos git which is really convenient when 
the related source is easy to find. But some things - e.g. from a spec file


# How to create the source tarball:
#
# git clone git://git.fedorahosted.org/git/python-rhsm.git/
# cd client/python-rhsm
# tito build --tag python-rhsm-$VERSION-$RELEASE --tgz

Never used tito before, so I install it and try, and rather than giving 
me the source package I need - it gives me a python traceback 
complaining that I haven't configured some things properly.


Seems a lot of the software distribution world is getting overly complex 
with an expectation that the end user who needs to exercise his FLOSS 
rights has to use git or nodejs or for php composer or whatever just to 
get what use to be available with no more complexity than choosing 
tar.gz or tar.bz2 or .zip if the dev was Windows.


Whatever happened to KISS and why can't source tarballs be distributed 
as source tarballs?


Back when I was a Fedora packager - the packaging guidelines would 
reject a package of the Source tarball wasn't a URL and if the timestamp 
on the tarball in the src.rpm didn't match upstream even if the checksum 
was identical.


Guess those days are gone.

/rant
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bottom panel on new C7.3

[Liam O'Toole]

On 2016-12-13, Jerry Geis
 wrote:
> Hi All,
>
> I run these commands for previous 7.2 to hide the bottom panel.
> gconftool-2 -t int  --list-type int  --set
> /apps/panel/toplevels/bottom_panel/auto_hide_size 0 gconftool-2 -t
> bool --list-type bool --set
> /apps/panel/toplevels/bottom_panel/auto_hide true
>
> It does not seem to be working any more... I am seeing the panel.
>
> Thoughts?
>
> Jerry

Those commands are for the GNOME 2 (and possibly MATE) desktop
environments. In GNOME 3 you use gnome-tweak-tool to disable the "Window
list" extension. Assuming you are running GNOME 3, of course.

-- 

Liam

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disable gnome-initial-setup

[Liam O'Toole]

On 2016-12-13, Gordon Messmer
 wrote:
> Prior to 7.3, I could disable the post-first-boot GNOME initial setup
> window by turning off the "initial-setup-graphical" systemd service.
> That service no longer exists, so I no longer know how to disable the
> setup window.  I know that I can remove the "gnome-initial-setup"
> package, but I expect that at some point, it'll be brought in by
> dependencies or group membership, so I'd like to find a way to turn it
> off regardless of that package's presence.  Does anyone know how, in
> the new version?

The package puts some files in /etc/xdg/autostart/. You could edit those
to prevent autostart.[1]

Another option is to place the file .config/gnome-initial-setup-done in
the user's home directory, containing the text "yes".

1:
https://standards.freedesktop.org/autostart-spec/autostart-spec-latest.html

-- 

Liam

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] libreoffice 5 slow after 7.3 update

[José María Terry Jiménez]

El 13/12/16 a las 20:01, Alexandru Chiscan escribió:

Hello all,

After the update to 7.3 libreoffice (5.0.6.2-3.el7.x86_64) became 
unusable slow.
For an excel file with 250 rows even a simple scroll takes a few 
seconds, during that time the Xorg server is 100% working and the GPU 
utilization is at about 77% (from NVIDIA server settings).


I have tried disabling the hardware acceleration (options->view) and 
OpenCL (options) but the problem and the high usage for Xorg and GPU 
persisted.


I have seen the the same bug (probably) was present in Fedora 23 
(libreoffice version 5.0.5.2-1.fc23.x86_64 
https://bugzilla.redhat.com/show_bug.cgi?id=1308700)


Does anyone had the same problem and if yes what was the fix?
Does RedHat 7.3 has the same problem?
I have searched the bugzilla database and found only the Fedora bug.

System info: Intel I3-6098P, 8GB ram, NVIDIA GT 240 with all the 
packages updated.

libreoffice-ure-5.0.6.2-3.el7.x86_64
libreoffice-opensymbol-fonts-5.0.6.2-3.el7.noarch
libreoffice-core-5.0.6.2-3.el7.x86_64
libreoffice-pyuno-5.0.6.2-3.el7.x86_64
libreoffice-calc-5.0.6.2-3.el7.x86_64
libreoffice-writer-5.0.6.2-3.el7.x86_64
libreoffice-emailmerge-5.0.6.2-3.el7.x86_64
libreoffice-base-5.0.6.2-3.el7.x86_64
libreoffice-math-5.0.6.2-3.el7.x86_64
libreoffice-impress-5.0.6.2-3.el7.x86_64
libreoffice-graphicfilter-5.0.6.2-3.el7.x86_64
libreoffice-pdfimport-5.0.6.2-3.el7.x86_64
libreoffice-draw-5.0.6.2-3.el7.x86_64
libreoffice-5.0.6.2-3.el7.x86_64
libreoffice-langpack-ro-5.0.6.2-3.el7.x86_64
libreoffice-langpack-en-5.0.6.2-3.el7.x86_64
nvidia-x11-drv-340xx-32bit-340.98-1.el7.elrepo.x86_64
nvidia-x11-drv-340xx-340.98-1.el7.elrepo.x86_64
kmod-nvidia-340xx-340.98-1.el7.elrepo.x86_64

OpenGL version string: 3.3.0 NVIDIA 340.98
server glx version string: 1.4

Best regards,
Alexandru Chiscan


Hello

I had this problem in Fedora 22/23? and the solution was install 
LibreOffice 5.1 from the LibreOffice site.


Best

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] libreoffice 5 slow after 7.3 update

[Alexandru Chiscan]

Hello all,

After the update to 7.3 libreoffice (5.0.6.2-3.el7.x86_64) became 
unusable slow.
For an excel file with 250 rows even a simple scroll takes a few 
seconds, during that time the Xorg server is 100% working and the GPU 
utilization is at about 77% (from NVIDIA server settings).


I have tried disabling the hardware acceleration (options->view) and 
OpenCL (options) but the problem and the high usage for Xorg and GPU 
persisted.


I have seen the the same bug (probably) was present in Fedora 23 
(libreoffice version 5.0.5.2-1.fc23.x86_64 
https://bugzilla.redhat.com/show_bug.cgi?id=1308700)


Does anyone had the same problem and if yes what was the fix?
Does RedHat 7.3 has the same problem?
I have searched the bugzilla database and found only the Fedora bug.

System info: Intel I3-6098P, 8GB ram, NVIDIA GT 240 with all the 
packages updated.

libreoffice-ure-5.0.6.2-3.el7.x86_64
libreoffice-opensymbol-fonts-5.0.6.2-3.el7.noarch
libreoffice-core-5.0.6.2-3.el7.x86_64
libreoffice-pyuno-5.0.6.2-3.el7.x86_64
libreoffice-calc-5.0.6.2-3.el7.x86_64
libreoffice-writer-5.0.6.2-3.el7.x86_64
libreoffice-emailmerge-5.0.6.2-3.el7.x86_64
libreoffice-base-5.0.6.2-3.el7.x86_64
libreoffice-math-5.0.6.2-3.el7.x86_64
libreoffice-impress-5.0.6.2-3.el7.x86_64
libreoffice-graphicfilter-5.0.6.2-3.el7.x86_64
libreoffice-pdfimport-5.0.6.2-3.el7.x86_64
libreoffice-draw-5.0.6.2-3.el7.x86_64
libreoffice-5.0.6.2-3.el7.x86_64
libreoffice-langpack-ro-5.0.6.2-3.el7.x86_64
libreoffice-langpack-en-5.0.6.2-3.el7.x86_64
nvidia-x11-drv-340xx-32bit-340.98-1.el7.elrepo.x86_64
nvidia-x11-drv-340xx-340.98-1.el7.elrepo.x86_64
kmod-nvidia-340xx-340.98-1.el7.elrepo.x86_64

OpenGL version string: 3.3.0 NVIDIA 340.98
server glx version string: 1.4

Best regards,
Alexandru Chiscan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Namespace en postfix / dovecot

[Ernesto Pérez Estévez]

On 12/13/2016 12:39 PM, Alex ( Servtelecom ) wrote:
> Me aconsejas que pase el clamav en todo el servidor?
> descarto mala configuración de dovecot o postfix?

ya apareció el correo.

podrías usar clamav, también hay scripts que permiten ver si hay
contenido malicioso alojado en tus sitios (hay muchas variantes)





signature.asc
Description: OpenPGP digital signature
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Ernesto Pérez Estévez]

On 12/13/2016 12:49 PM, Alex ( Servtelecom ) wrote:
> Esta claro que esto solo puede venir por aplicaciones web instaladas en
> mi servidor no? del exterior no porque lo vería en mis log's de mail.log
> pero allí no veo nada inusual. Me centro exclusivamente en las web's y
> solo en ellas no?

Digamos que alguien se hace pasar por ti desde un servidor de un
tercero... quizá los rebotes te llegarían a tí o te bloquearían
injustamente. Es una posibilidad.. quizá en este caso lo que debes hacer
es configurar SPF y _dmarc en cada dominio. SPF para que le permita a
los demás conocer que es una farsa el intento de un tercero, y el _dmarc
para que te ayude a recibir reportes y conocer quién envía cosas a tu
nombre... no sé, se me ocurre.

Pero me oriento a que sea algo interno, en las web, un script.

Podría ser un script levantado de otra forma (entraron por ssh por
ejemplo)... podría ser... no se puede descartar.

> 
> Igualmente lo de que solo direcciones validas puedan enviar y
> direcciones que no estén creadas en mi sistema de postfix no puedan, hay
> algún manual para que lo pueda aplicar a mi configuración actual? me
> interesa por si roban un password de alguien no me utilicen para enviar
> spam que alguna vez me ha pasado...
Eso no me convence tanto, porque el atacante está usando un script, no
se apoya en el postfix, sino que el script accede directo al puerto
25/tcp de un servidor remoto...

saludos
epe



> 
> Gracias por tu ayuda!!
> 
> Firma Alexandre Andreu Cases - Servtelecom
> El 13/12/16 a las 18:44, Miguel González escribió:
>> On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote:
>>> On 13/12/16 07:09, Ernesto Pérez Estévez wrote:
 On 13/12/16 07:00, Ernesto Pérez Estévez wrote:
> En mi caso cuando lo he tenido lo he logrado controlar a través del
> uso
> de iptables, pero te cuento luego porque no es tan fácil.
>
>>> Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena
>>> idea que lo tengas para evitar que te hagan el mismo tipo de ataques de
>>> diccionario al servidor, busca y activa las jaulas para el servidor de
>>> pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y
>>> para otros tipos de ataques que buscan claves débiles, etc.
>>>
>>> Pero eso no evita que un script ya estè siendo activamente explotado en
>>> tu servidor.
>>>
>>>
>>>
>>>
>>
>> Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y
>> hagas una escaneo de tu Wordpress. Además te sirven para securizarlo.
>>
>> Saludos
>>
>> Miguel
>> ___
>> CentOS-es mailing list
>> CentOS-es@centos.org
>> https://lists.centos.org/mailman/listinfo/centos-es
> 
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es


-- 
CEDIA
La principal herramienta de Investigación en el Ecuador.

Calle La Condamine 12-109 "Casa Rivera".
Cuenca -  Ecuador
Telf: (593) 7405 1000 Ext. 4220/4223
i...@cedia.org.ec
www.cedia.org.ec



signature.asc
Description: OpenPGP digital signature
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] Disable gnome-initial-setup

[Gordon Messmer]

Prior to 7.3, I could disable the post-first-boot GNOME initial setup 
window by turning off the "initial-setup-graphical" systemd service.  
That service no longer exists, so I no longer know how to disable the 
setup window.  I know that I can remove the "gnome-initial-setup" 
package, but I expect that at some point, it'll be brought in by 
dependencies or group membership, so I'd like to find a way to turn it 
off regardless of that package's presence.  Does anyone know how, in the 
new version?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ipa rpm conflicts

[Tru Huynh]

On Tue, Dec 13, 2016 at 04:44:06PM +, lejeczek wrote:
> does anybody see this:
> 
> unning transaction
> Warning: RPMDB altered outside of yum.
> ** Found 8 pre-existing rpmdb problem(s), 'yum check' output
> follows:
> ipa-admintools-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-admintools: ipa-admintools-4.4.0-14.el7.centos.noarch
> ipa-client-4.4.0-14.el7.centos.x86_64 has installed conflicts
> freeipa-client: ipa-client-4.4.0-14.el7.centos.x86_64
> ipa-client-common-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-client-common: ipa-client-common-4.4.0-14.el7.centos.noarch
> ipa-common-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-common: ipa-common-4.4.0-14.el7.centos.noarch
> ipa-python-compat-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-python-compat: ipa-python-compat-4.4.0-14.el7.centos.noarch
> ipa-server-4.4.0-14.el7.centos.x86_64 has installed conflicts
> freeipa-server: ipa-server-4.4.0-14.el7.centos.x86_64
> ipa-server-common-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-server-common: ipa-server-common-4.4.0-14.el7.centos.noarch
> ipa-server-dns-4.4.0-14.el7.centos.noarch has installed conflicts
> freeipa-server-dns: ipa-server-dns-4.4.0-14.el7.centos.noarch
> 
> this in .rpm I guess and started appearing after upg to 7.3.
> *freeipa* is naming convention Fedora uses, right? Some remnants
> rebase did not take care of?

upstream issue https://bugzilla.redhat.com/show_bug.cgi?id=1370134

Cheers

Tru

-- 
Tru Huynh 
http://pgp.mit.edu:11371/pks/lookup?op=get=0xBEFA581B


pgp2avCdTOVv7.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Namespace en postfix / dovecot

[Alex ( Servtelecom )]

Esta claro que esto solo puede venir por aplicaciones web instaladas en 
mi servidor no? del exterior no porque lo vería en mis log's de mail.log 
pero allí no veo nada inusual. Me centro exclusivamente en las web's y 
solo en ellas no?


Igualmente lo de que solo direcciones validas puedan enviar y 
direcciones que no estén creadas en mi sistema de postfix no puedan, hay 
algún manual para que lo pueda aplicar a mi configuración actual? me 
interesa por si roban un password de alguien no me utilicen para enviar 
spam que alguna vez me ha pasado...


Gracias por tu ayuda!!

Firma Alexandre Andreu Cases - Servtelecom
El 13/12/16 a las 18:44, Miguel González escribió:

On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote:

On 13/12/16 07:09, Ernesto Pérez Estévez wrote:

On 13/12/16 07:00, Ernesto Pérez Estévez wrote:

En mi caso cuando lo he tenido lo he logrado controlar a través del uso
de iptables, pero te cuento luego porque no es tan fácil.


Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena
idea que lo tengas para evitar que te hagan el mismo tipo de ataques de
diccionario al servidor, busca y activa las jaulas para el servidor de
pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y
para otros tipos de ataques que buscan claves débiles, etc.

Pero eso no evita que un script ya estè siendo activamente explotado en
tu servidor.






Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y
hagas una escaneo de tu Wordpress. Además te sirven para securizarlo.

Saludos

Miguel
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es


___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Miguel González]

On 12/13/16 6:34 PM, Ernesto Pérez Estévez wrote:
> On 13/12/16 07:09, Ernesto Pérez Estévez wrote:
>> On 13/12/16 07:00, Ernesto Pérez Estévez wrote:
>>> En mi caso cuando lo he tenido lo he logrado controlar a través del uso
>>> de iptables, pero te cuento luego porque no es tan fácil.
>>>
> 
> Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena
> idea que lo tengas para evitar que te hagan el mismo tipo de ataques de
> diccionario al servidor, busca y activa las jaulas para el servidor de
> pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y
> para otros tipos de ataques que buscan claves débiles, etc.
> 
> Pero eso no evita que un script ya estè siendo activamente explotado en
> tu servidor.
> 
> 
> 
> 


Si tienes Wordpress, te recomiendo que instales Wordfence y/o Sucuri y
hagas una escaneo de tu Wordpress. Además te sirven para securizarlo.

Saludos

Miguel
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Alex ( Servtelecom )]

Me aconsejas que pase el clamav en todo el servidor?
descarto mala configuración de dovecot o postfix?

he mirado el erro exacto, os lo pongo aquí:

550 SC-002 - Correo rechazado por Outlook.com en virtud de sus 
directivas. La IP del servidor de correo que está conectando con 
Outlook.com ha mostrado un comportamiento de minería de espacio de 
nombres. Si no eres administrador de correo o de red, ponte en contacto 
con tu proveedor de acceso a correo o Internet para obtener ayuda.


Existe alguna web o algún aplicativo para ver si ya no persiste mi 
problema? por más que miro con el antivirus no me detecta nada y 
necesito que hotmail me vuelva a admitir


También te he preguntado en que parte de la configuración fuerzas a 
postfix y dovecot que solo los usuarios y dominios que existan puedan 
mandar correo, solo direcciones reales , no se puedan mandar desde 
direcciones inexistentes por mucho que la validación sea correcta ( se 
suele utilizar en web's que tienes un usuario pero la dirección de 
salida de la web pones w...@dominio.com )



Firma Alexandre Andreu Cases - Servtelecom
El 13/12/16 a las 18:34, Ernesto Pérez Estévez escribió:

On 13/12/16 07:09, Ernesto Pérez Estévez wrote:

On 13/12/16 07:00, Ernesto Pérez Estévez wrote:

En mi caso cuando lo he tenido lo he logrado controlar a través del uso
de iptables, pero te cuento luego porque no es tan fácil.


Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena
idea que lo tengas para evitar que te hagan el mismo tipo de ataques de
diccionario al servidor, busca y activa las jaulas para el servidor de
pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y
para otros tipos de ataques que buscan claves débiles, etc.

Pero eso no evita que un script ya estè siendo activamente explotado en
tu servidor.






___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Ernesto Pérez Estévez]

On 13/12/16 07:09, Ernesto Pérez Estévez wrote:
> On 13/12/16 07:00, Ernesto Pérez Estévez wrote:
>> En mi caso cuando lo he tenido lo he logrado controlar a través del uso
>> de iptables, pero te cuento luego porque no es tan fácil.
>>

Se me perdió tu mensaje con la pregunta: respecto al fail2ban, es buena
idea que lo tengas para evitar que te hagan el mismo tipo de ataques de
diccionario al servidor, busca y activa las jaulas para el servidor de
pop3, de imap y de smtp que tengas.. también hay jaulas para wordpress y
para otros tipos de ataques que buscan claves débiles, etc.

Pero eso no evita que un script ya estè siendo activamente explotado en
tu servidor.




-- 
CEDIA
La principal herramienta de Investigación en el Ecuador.

Calle La Condamine 12-109 "Casa Rivera".
Cuenca -  Ecuador
Telf: (593) 7405 1000 Ext. 4220/4223
i...@cedia.org.ec
www.cedia.org.ec

Email secured by Check Point
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-announce] CEBA-2016:2929 CentOS 7 resource-agents BugFix Update

[Johnny Hughes]

CentOS Errata and Bugfix Advisory 2016:2929 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2929.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
b62de7ea7fce3c77d95f138d093130a7dba978b11eca69ea807857f6c8027a96  
resource-agents-3.9.5-82.el7_3.3.x86_64.rpm




-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2016:2930 CentOS 7 fence-agents BugFix Update

[Johnny Hughes]

CentOS Errata and Bugfix Advisory 2016:2930 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2930.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
6cd757278013ee4a4727be81533a94cdc9bdbb4b426896353c643bf503135b8a  
fence-agents-all-4.0.11-47.el7_3.2.x86_64.rpm
07decfab5c58f519814878a2bbe0d1fae2b4beb913fc785775ae123574fb864d  
fence-agents-apc-4.0.11-47.el7_3.2.x86_64.rpm
e1e70e7f5dc67dafd7f86bd50842a5a13facb6e0bf06ea1651e36f5ad09cc7b7  
fence-agents-apc-snmp-4.0.11-47.el7_3.2.x86_64.rpm
52cdf41a2c9e9f27b3972ea7347b2dd3b9076215ef7f6e4418ae6e932c542b1a  
fence-agents-bladecenter-4.0.11-47.el7_3.2.x86_64.rpm
30aeabcbb84b4de310664c5b9624dc12da326109435e47c83d5f2dfa207cae02  
fence-agents-brocade-4.0.11-47.el7_3.2.x86_64.rpm
e2495a379c5d69e80f1c48f40243d482baba464438e32c1755aba6b55ee773b0  
fence-agents-cisco-mds-4.0.11-47.el7_3.2.x86_64.rpm
ac2230747fafc587f6131c26c14235916faea13124c1074cec14a9ea607679b8  
fence-agents-cisco-ucs-4.0.11-47.el7_3.2.x86_64.rpm
d67df7ef3cfc1cadd2f796d593ed9114221c42ae227806deb4e41b66c8925ed1  
fence-agents-common-4.0.11-47.el7_3.2.x86_64.rpm
5536079c8975e0d032ffa408e055720e884372c2f7875ae6cd1d18802d73eaed  
fence-agents-compute-4.0.11-47.el7_3.2.x86_64.rpm
29ebd0e0e76e99eb5b5e04ba05562c30cb72bc49308a269260c15c17da06b35c  
fence-agents-drac5-4.0.11-47.el7_3.2.x86_64.rpm
ba0987513ed143c267f6627620f635f6cce5b15e6f4e7d97b78a15fc613d0b7c  
fence-agents-eaton-snmp-4.0.11-47.el7_3.2.x86_64.rpm
4342cd2d93b835b66a98721a6ac177fd19959c494f0ffed15276b05bfa0f95e7  
fence-agents-emerson-4.0.11-47.el7_3.2.x86_64.rpm
b18398cf3655f79df0a8ff0ce22003bd31fa99ad99f92b7711e1f5fce79d0c4b  
fence-agents-eps-4.0.11-47.el7_3.2.x86_64.rpm
c954731caad2b3635caea48404d0c49c6bf6ea7e883ee4e348198d14142295b2  
fence-agents-hpblade-4.0.11-47.el7_3.2.x86_64.rpm
6a953e0ba0e1693a649e0e90bf707cc9def496ad8cf33cc1fc2e36d3701a487c  
fence-agents-ibmblade-4.0.11-47.el7_3.2.x86_64.rpm
ec6b2d7259a33a1c0b07869ecf290559cb4ef164af82efda99ffdd465713cc3c  
fence-agents-ifmib-4.0.11-47.el7_3.2.x86_64.rpm
dbb07b8690ad182d08545b4ffc377ee63f33bcd5f62105894d3841126cd83243  
fence-agents-ilo2-4.0.11-47.el7_3.2.x86_64.rpm
46ef3ca55f4e0362ee5b1acba0a58e851124bba683bbb1bbc740e6b1589b3f21  
fence-agents-ilo-moonshot-4.0.11-47.el7_3.2.x86_64.rpm
833aaf098d2785fb0931f1bd8a24231c788d77fed53296bf94cb67381cbdbfb3  
fence-agents-ilo-mp-4.0.11-47.el7_3.2.x86_64.rpm
340de23651940ee26bbd73c4238734edd3cc652e64cce9590ff23282d7779d29  
fence-agents-ilo-ssh-4.0.11-47.el7_3.2.x86_64.rpm
f66ddafdabb279f729e7fb93d07feadbcf488a123bb980ac8a45f22b44a99615  
fence-agents-intelmodular-4.0.11-47.el7_3.2.x86_64.rpm
ecdc91a83e9f64061ffe66ef4163d638685d86ac253dd419243301dd63cae254  
fence-agents-ipdu-4.0.11-47.el7_3.2.x86_64.rpm
79f2604ff6e61b55d9569259fb87220ec05d49624995b076fa087db0cab573a2  
fence-agents-ipmilan-4.0.11-47.el7_3.2.x86_64.rpm
2a365bcf0309c7d703325d5cad06b91549e407dff18159fc56ff602060721cfc  
fence-agents-kdump-4.0.11-47.el7_3.2.x86_64.rpm
54bde3daf5a9f94fb73c2779e8545eb31b3a9eaf652e3234da0486b0275a1a57  
fence-agents-mpath-4.0.11-47.el7_3.2.x86_64.rpm
f377095a1653bec746717aac73800d595b6ad92275989bf86020aeb98e99c1b8  
fence-agents-rhevm-4.0.11-47.el7_3.2.x86_64.rpm
9f63f2e4561638c58d8d6d93fcdac48637d86824b6bbd24426d4422c0f5a10c5  
fence-agents-rsa-4.0.11-47.el7_3.2.x86_64.rpm
5d3976d715102a7486758240eed747e561a7101757ce76f5f4d682a9ff6cef04  
fence-agents-rsb-4.0.11-47.el7_3.2.x86_64.rpm
3f299f88cf209abec7f7ccc93aa3f537653348d0ab9b764b4de5d6f15d42548c  
fence-agents-scsi-4.0.11-47.el7_3.2.x86_64.rpm
0bd93f4c83e5e683c75959c3105896a4f28780620ab6ad30af22ac9d4b72197d  
fence-agents-virsh-4.0.11-47.el7_3.2.x86_64.rpm
8e0e2358904fd842c913742e2db671dba7ad305946dcc45e1b7bcabd389a98e0  
fence-agents-vmware-soap-4.0.11-47.el7_3.2.x86_64.rpm
8b41dbc7e1d57e3008f2ef67ca12fffe0b67d74c3ade626875b1a67301a53c10  
fence-agents-wti-4.0.11-47.el7_3.2.x86_64.rpm




-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS] disk selection with ks file in 7.3

[Joseph L. Casale]

My existing ks files leave the disk selection unset in 7.3. Checking the manual,
I do not see changes in that area so performing a manual installation and 
comparing
the resulting config to mine yields little difference. Taking the anaconda 
generated
disk config section and deploying a new ks with this halts at disk selection 
unset still?

Anyone seeing this?

jlc
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] ipa rpm conflicts

[lejeczek]

does anybody see this:

unning transaction
Warning: RPMDB altered outside of yum.
** Found 8 pre-existing rpmdb problem(s), 'yum check' output 
follows:
ipa-admintools-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-admintools: 
ipa-admintools-4.4.0-14.el7.centos.noarch
ipa-client-4.4.0-14.el7.centos.x86_64 has installed 
conflicts freeipa-client: ipa-client-4.4.0-14.el7.centos.x86_64
ipa-client-common-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-client-common: 
ipa-client-common-4.4.0-14.el7.centos.noarch
ipa-common-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-common: ipa-common-4.4.0-14.el7.centos.noarch
ipa-python-compat-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-python-compat: 
ipa-python-compat-4.4.0-14.el7.centos.noarch
ipa-server-4.4.0-14.el7.centos.x86_64 has installed 
conflicts freeipa-server: ipa-server-4.4.0-14.el7.centos.x86_64
ipa-server-common-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-server-common: 
ipa-server-common-4.4.0-14.el7.centos.noarch
ipa-server-dns-4.4.0-14.el7.centos.noarch has installed 
conflicts freeipa-server-dns: 
ipa-server-dns-4.4.0-14.el7.centos.noarch


this in .rpm I guess and started appearing after upg to 7.3.
*freeipa* is naming convention Fedora uses, right? Some 
remnants rebase did not take care of?


regards,
L.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-announce] CEBA-2016:2944 CentOS 6 chrony BugFix Update

[Johnny Hughes]

CentOS Errata and Bugfix Advisory 2016:2944 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-2944.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
6f4d532fc7a8ab23f587710326aece921b51145ed01fd3c9e865969d86291d32  
chrony-2.1.1-2.el6_8.i686.rpm

x86_64:
62e49cb71efcfd7e0a542208fb217514ee1bb31dcc6d2b1332b4dccdfffca1d0  
chrony-2.1.1-2.el6_8.x86_64.rpm

Source:
5c43a53158f77ad26650688c9fbf1f569d4a220edbff6a56101ef2c98c875d8e  
chrony-2.1.1-2.el6_8.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] yum update pulls in lvm-cluster on 7.3

[Gianluca Cecchi]

On Tue, Dec 13, 2016 at 2:16 PM,  wrote:

> Hi,
>
> I ran "yum update" this morning on a 7.2 machine with all of the cr updates
> applied to it and yum wants to install lvm-cluster and a bunch of deps.
>
> Dependencies Resolved
>
> ==
>  Package   Arch  VersionRepository   Size
> ==
> Installing for group upgrade "Resilient Storage":
>  lvm2-cluster  x86_647:2.02.166-1.el7_3.1updates  663 k
>

Hello,
which command did you execute, exactly?
I have only experience with RHEL and not CentOS for what regards
lvm2-cluster; in my opinion it is correct that it is included in "Resilient
Storage" group.
So that if you already had this group installed but not lvm2-cluster rpm
package, it was a problem before, not now

Eg, in a CentOS 7.2 vm of mine I have:

[root@manageiq ~]# rpm -q lvm2-cluster
package lvm2-cluster is not installed
[root@manageiq ~]#

[root@manageiq ~]# rpm -q lvm2
lvm2-2.02.130-5.el7.x86_64
[root@manageiq ~]#

[root@manageiq ~]# yum update
. . .
centos-releasex86_64 7-3.1611.el7.centos
  base 23 k
. . .
lvm2  x86_64 7:2.02.166-1.el7_3.1
 updates 1.1 M
. . .
but no lvm2-cluster package proposed

but correctly if I run

[root@manageiq ~]# yum groupinstall "Resilient Storage"
...
Dependencies Resolved


 Package Arch Version
Repository Size

Installing for group install "Resilient Storage":
 dlm x86_64   4.0.6-1.el7
base   89 k
 gfs2-utils  x86_64   3.1.9-3.el7
base  302 k
 lvm2-clusterx86_64   7:2.02.166-1.el7_3.1
 updates   663 k
Installing for dependencies:
 corosyncx86_64   2.4.0-4.el7
base  213 k
 corosynclib x86_64   2.4.0-4.el7
base  125 k
 dlm-lib x86_64   4.0.6-1.el7
base   24 k
 libqb   x86_64   1.0-1.el7
base   92 k
 resource-agents x86_64   3.9.5-82.el7_3.1
 updates   360 k
Updating for dependencies:
 device-mapper   x86_64   7:1.02.135-1.el7_3.1
 updates   269 k
 device-mapper-event x86_64   7:1.02.135-1.el7_3.1
 updates   177 k
 device-mapper-event-libsx86_64   7:1.02.135-1.el7_3.1
 updates   177 k
 device-mapper-libs  x86_64   7:1.02.135-1.el7_3.1
 updates   333 k
 device-mapper-persistent-data   x86_64   0.6.3-1.el7
base  368 k
 lvm2x86_64   7:2.02.166-1.el7_3.1
 updates   1.1 M
 lvm2-libs   x86_64   7:2.02.166-1.el7_3.1
 updates   984 k

Transaction Summary

Install  3 Packages (+5 Dependent packages)
Upgrade ( 7 Dependent packages)

So it seems ok to me. It pulls the update of lvm2 package itself and also
the lvm2-cluster package (correctly pulled from the "updates" repo)

HIH,
Gianluca
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.3 sources ???

[Valeri Galtsev]

On Mon, December 12, 2016 9:03 pm, Alice Wonder wrote:
> On 12/12/2016 06:49 PM, Frank Cox wrote:
>> On Mon, 12 Dec 2016 18:36:03 -0800
>> Alice Wonder wrote:
>>
>>> Looking at http://vault.centos.org/ and not seeing them.
>>
>> 7.3 is current, so check your friendly local mirror.  The same place you
>> download your updated from.
>>
>
> Sources aren't in kernel.org mirror, I think most mirrors don't have
> them because of the size but vault traditionally has them.

If one is going to pull a lot from vault, it would be nicer to not go to
central place, but use one of vault mirrors instead. I forgot how one can
pull the list of vault mirrors (thanks for reminding me - if anyone
does!). I know my mirror server has centos vault:
http://bay.uchicago.edu/centos-vault/

Valeri


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Namespace en postfix / dovecot

[Alex ( Servtelecom )]

Hola

todo es comprado y actualizado, no suelo utilizar cosas no originales

Igualmente estoy pasando el clamav a ver que encuentra y actualizado 
todos los wordpress a la ultima. Como puedo saber si mi problema se ha 
solucionado


Quedo pendiente de respuestas del correo anterior


Firma Alexandre Andreu Cases - Servtelecom
El 13/12/16 a las 16:17, Wilmer Arambula escribió:

Si solo usas WordPress,  has instalado una plantilla no original o algún
modulo no original, por allí creo que debes empezar,

Saludos,

Wilmer.

El 13/12/2016 9:50, "Alex ( Servtelecom )" 
escribió:


Acabo de aplicar esta regla en mi iptables a ver que pasa, en este
servidor solo tengo wordpress instalado y actualizado a la ultima,
igualmente lo revisare por si acaso.

Me aconsejas que pase el clamav en todo el servidor?
descarto mala configuración de dovecot o postfix?

he mirado el erro exacto, os lo pongo aquí:

550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas.
La IP del servidor de correo que está conectando con Outlook.com ha
mostrado un comportamiento de minería de espacio de nombres. Si no eres
administrador de correo o de red, ponte en contacto con tu proveedor de
acceso a correo o Internet para obtener ayuda.

Utilizo fail2ban como complemento, crees que se puede aplicar algun extra
para que lo detecte y lo frene fail2ban?

También he visto que se puede proteger para que solo los dominios que hay
registrados en postfix y los usuarios validos puedan mandar correos, si
estas autentificado pero tratas de que se envie con una dirección que no es
la que hay registradas en postfix entonces no lo enviá. (ejemplo, tienes
dominio.com y quieres que se envie, desde una web como dominio2.com).
Esto como se puede hacer ya que creo que en mi configuración no lo he visto
y si que alguna vez he tenido problemas de este tipo.


Gracias por tu ayuda!

---


Firma Alexandre Andreu Cases - Servtelecom
El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió:


On 13/12/16 07:00, Ernesto Pérez Estévez wrote:


En mi caso cuando lo he tenido lo he logrado controlar a través del uso
de iptables, pero te cuento luego porque no es tan fácil.

Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la

opción de bloquear el acceso a los scripts al puerto 25/tcp saliente.

Esto es en caso de que tus aplicaciones web corran bajo otro usuario que
no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente,
entonces puedes aplicar reglas de iptables para que, excepto tu servidor
de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp
saliente.

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j
ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with
icmp-port-unreachable

Claro, con esto no encontrarás al script malicioso, simplemente le
bloquearás cualquier intento. Quizá debas usar LOG para guardar los
intentos fallidos y tratar de encontrar el uid que está haciendo el
intento.



___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es


___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es


___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Wilmer Arambula]

Si solo usas WordPress,  has instalado una plantilla no original o algún
modulo no original, por allí creo que debes empezar,

Saludos,

Wilmer.

El 13/12/2016 9:50, "Alex ( Servtelecom )" 
escribió:

> Acabo de aplicar esta regla en mi iptables a ver que pasa, en este
> servidor solo tengo wordpress instalado y actualizado a la ultima,
> igualmente lo revisare por si acaso.
>
> Me aconsejas que pase el clamav en todo el servidor?
> descarto mala configuración de dovecot o postfix?
>
> he mirado el erro exacto, os lo pongo aquí:
>
> 550 SC-002 - Correo rechazado por Outlook.com en virtud de sus directivas.
> La IP del servidor de correo que está conectando con Outlook.com ha
> mostrado un comportamiento de minería de espacio de nombres. Si no eres
> administrador de correo o de red, ponte en contacto con tu proveedor de
> acceso a correo o Internet para obtener ayuda.
>
> Utilizo fail2ban como complemento, crees que se puede aplicar algun extra
> para que lo detecte y lo frene fail2ban?
>
> También he visto que se puede proteger para que solo los dominios que hay
> registrados en postfix y los usuarios validos puedan mandar correos, si
> estas autentificado pero tratas de que se envie con una dirección que no es
> la que hay registradas en postfix entonces no lo enviá. (ejemplo, tienes
> dominio.com y quieres que se envie, desde una web como dominio2.com).
> Esto como se puede hacer ya que creo que en mi configuración no lo he visto
> y si que alguna vez he tenido problemas de este tipo.
>
>
> Gracias por tu ayuda!
>
> ---
>
>
> Firma Alexandre Andreu Cases - Servtelecom
> El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió:
>
>> On 13/12/16 07:00, Ernesto Pérez Estévez wrote:
>>
>>> En mi caso cuando lo he tenido lo he logrado controlar a través del uso
>>> de iptables, pero te cuento luego porque no es tan fácil.
>>>
>>> Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la
>> opción de bloquear el acceso a los scripts al puerto 25/tcp saliente.
>>
>> Esto es en caso de que tus aplicaciones web corran bajo otro usuario que
>> no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente,
>> entonces puedes aplicar reglas de iptables para que, excepto tu servidor
>> de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp
>> saliente.
>>
>> iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
>> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix
>> -j ACCEPT
>> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman
>> -j ACCEPT
>> iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j
>> ACCEPT
>> iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with
>> icmp-port-unreachable
>>
>> Claro, con esto no encontrarás al script malicioso, simplemente le
>> bloquearás cualquier intento. Quizá debas usar LOG para guardar los
>> intentos fallidos y tratar de encontrar el uid que está haciendo el
>> intento.
>>
>>
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] Bottom panel on new C7.3

[Jerry Geis]

Hi All,

I run these commands for previous 7.2 to hide the bottom panel.
gconftool-2 -t int  --list-type int  --set
/apps/panel/toplevels/bottom_panel/auto_hide_size 0
gconftool-2 -t bool --list-type bool --set
/apps/panel/toplevels/bottom_panel/auto_hide true

It does not seem to be working any more... I am seeing the panel.

Thoughts?

Jerry
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Namespace en postfix / dovecot

[Alex ( Servtelecom )]

Acabo de aplicar esta regla en mi iptables a ver que pasa, en este 
servidor solo tengo wordpress instalado y actualizado a la ultima, 
igualmente lo revisare por si acaso.


Me aconsejas que pase el clamav en todo el servidor?
descarto mala configuración de dovecot o postfix?

he mirado el erro exacto, os lo pongo aquí:

550 SC-002 - Correo rechazado por Outlook.com en virtud de sus 
directivas. La IP del servidor de correo que está conectando con 
Outlook.com ha mostrado un comportamiento de minería de espacio de 
nombres. Si no eres administrador de correo o de red, ponte en contacto 
con tu proveedor de acceso a correo o Internet para obtener ayuda.


Utilizo fail2ban como complemento, crees que se puede aplicar algun 
extra para que lo detecte y lo frene fail2ban?


También he visto que se puede proteger para que solo los dominios que 
hay registrados en postfix y los usuarios validos puedan mandar correos, 
si estas autentificado pero tratas de que se envie con una dirección que 
no es la que hay registradas en postfix entonces no lo enviá. (ejemplo, 
tienes dominio.com y quieres que se envie, desde una web como 
dominio2.com). Esto como se puede hacer ya que creo que en mi 
configuración no lo he visto y si que alguna vez he tenido problemas de 
este tipo.



Gracias por tu ayuda!

---


Firma Alexandre Andreu Cases - Servtelecom
El 13/12/16 a las 13:09, Ernesto Pérez Estévez escribió:

On 13/12/16 07:00, Ernesto Pérez Estévez wrote:

En mi caso cuando lo he tenido lo he logrado controlar a través del uso
de iptables, pero te cuento luego porque no es tan fácil.


Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la
opción de bloquear el acceso a los scripts al puerto 25/tcp saliente.

Esto es en caso de que tus aplicaciones web corran bajo otro usuario que
no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente,
entonces puedes aplicar reglas de iptables para que, excepto tu servidor
de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp
saliente.

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j
ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with
icmp-port-unreachable

Claro, con esto no encontrarás al script malicioso, simplemente le
bloquearás cualquier intento. Quizá debas usar LOG para guardar los
intentos fallidos y tratar de encontrar el uid que está haciendo el intento.



___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] Namespace en postfix / dovecot

[Roberto Bermúdez]

Estimados listeros, yo también les agradecería una ayuda al respecto,
porque tampoco puedo mandar correos a esos dominios, al principio pensé que
era porque mi proxi tenía su IP en listas negras (aunque la IP de mi
servidor de correo no estaba en listas negras) ahora ya tengo dos meses que
todas mis IP están limpias pero aun no se puede mandar correos a dichos
dominios, muchas gracias

El dic 13, 2016 6:49 AM, "Alex ( Servtelecom )" 
escribió:

> Hola compañeros, hotmail y outlook.com me frenan mis correos y después de
> mucho indagar me sueltan que mi servidor esta configurado para que se
> puedan generar Namespace y no se como evitar esto, hasta ahora no me había
> pasado nunca pero me gustaría saber por donde empiezo?
> que información necesitáis para que me podáis ayudar?
>
> ___
> CentOS-es mailing list
> CentOS-es@centos.org
> https://lists.centos.org/mailman/listinfo/centos-es
>
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] yum update pulls in lvm-cluster on 7.3

[me]

Hi,

I ran "yum update" this morning on a 7.2 machine with all of the cr updates
applied to it and yum wants to install lvm-cluster and a bunch of deps.

Dependencies Resolved

==
 Package   Arch  VersionRepository   Size
==
Installing for group upgrade "Resilient Storage":
 lvm2-cluster  x86_647:2.02.166-1.el7_3.1updates  663 k
Updating:
 centos-release   x86_64 7-3.1611.el7.centos base 23 k
Installing for dependencies:
 corosync x86_64 2.4.0-4.el7 base 213 k
 corosynclib  x86_64 2.4.0-4.el7 base 125 k
 dlm  x86_64 4.0.6-1.el7 base 89 k
 dlm-lib  x86_64 4.0.6-1.el7 base 24 k
 libqbx86_64 1.0-1.el7   base 92 k
 resource-agents  x86_64 3.9.5-82.el7_3.1updates  360 k

Transaction Summary
=
Install  1 Package (+6 Dependent packages)
Upgrade  1 Package

Total download size: 1.6 M
Is this ok [y/d/N]:
Exiting on user command
Your transaction was saved, rerun it with:
 yum load-transaction /tmp/yum_save_tx.2016-12-13.07-45.PcXumI.yumtx
(shadow pts3) #


I understand why the centos-release wants to be updated but can someone tell
me why it wants to pull in lvm-cluster and friends? This machine is not part
of a cluster.

Regards,

--
Tom m...@tdiehl.org Spamtrap address
me...@tdiehl.org
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.3 srpms

[Johnny Hughes]

On 12/13/2016 06:50 AM, m...@tdiehl.org wrote:
> On 12/13/2016 joh...@centos.org wrote:
> 
>> On 12/13/2016 06:25 AM, m...@tdiehl.org wrote:
>>> Hi,
>>>
>>> Can someone tell me when the 7.3 srpms will be available?
>>>
>>> They are usually in vault but I do not see them at this time.
>>>
>>> I need the centos-release srpm ASAP.
>>
>> All the SRPMS are available from buildlogs.  For centos-release
>> specifically, look here:
>>
>> http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/
>>
> 
> Ok. Thanks Johnny.
> 
> Does this mean that the SRPMS will no longer be put on vault.centos.org or
> they just not there yet?
> 
> Regards,
> 

I am gathering them up to put them on vault now .. should be there
sometime today.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.3 srpms

[me]

On 12/13/2016 joh...@centos.org wrote:


On 12/13/2016 06:25 AM, m...@tdiehl.org wrote:

Hi,

Can someone tell me when the 7.3 srpms will be available?

They are usually in vault but I do not see them at this time.

I need the centos-release srpm ASAP.


All the SRPMS are available from buildlogs.  For centos-release
specifically, look here:

http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/


Ok. Thanks Johnny.

Does this mean that the SRPMS will no longer be put on vault.centos.org or
they just not there yet?

Regards,

--
Tom m...@tdiehl.org Spamtrap address
me...@tdiehl.org
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] firefox 45.5.1

[Johnny Hughes]

On 12/08/2016 09:47 AM, geo.inbox.ignored wrote:
> 
> 
> On 12/08/2016 08:04 AM, Jonathan Billings wrote:
>> On Wed, Dec 07, 2016 at 12:46:43PM -0600, geo.inbox.ignored wrote:
   2- where might i find earlier releases of 40.x?

   3- if i install 40.x in path /var/lib/yum/plugins/local/,
  will i be able to roll back.
>>>
>>> any offers for questions 2 & 3?
>>
>> Short answer: Don't.
>>
>> Long answer:  You're trying to install arbitrary versions of firefox
>> with known vulnerabilities.  You're also using something that isn't
>> supported in CentOS and possibly built against a distro that doesn't
>> have the same build environment and base libraries.  It sounds like
>> you've already got a bunch of local customizations that could possibly
>> be preventing a working web browser.  
>>
> }}
> 
> understood and accepted in relation of firefox.
> 
> was not asking for just 40.x, which used as above.
> 
> to be more exacting, if should have need for some other package,
> is there a site which archives centos packages?
> 
> for example, in attempting to get vivaldi browser working, even with
> latest of releases, there are early *.so files showing as missing.
> 
> tried a web search, no hits.
> 
> with moz devs futzing around with firefox as they have been lately,
> it would be nice to have another browser handy for sites that
> firefox does not handle.
> 
> 
All old centos packages are in vault.centos.org:

http://vault.centos.org/

However, running packages with known security issues is not recommended.

Thanks,
Johnny Hughes



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.3 srpms

[Johnny Hughes]

On 12/13/2016 06:25 AM, m...@tdiehl.org wrote:
> Hi,
> 
> Can someone tell me when the 7.3 srpms will be available?
> 
> They are usually in vault but I do not see them at this time.
> 
> I need the centos-release srpm ASAP.
> 
> Regards,
> 

All the SRPMS are available from buildlogs.  For centos-release
specifically, look here:

http://buildlogs.centos.org/c7.1611.01/centos-release/20161129181015/7-3.1611.el7.centos.x86_64/



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] 7.3 srpms

[me]

Hi,

Can someone tell me when the 7.3 srpms will be available?

They are usually in vault but I do not see them at this time.

I need the centos-release srpm ASAP.

Regards,

--
Tom m...@tdiehl.org Spamtrap address
me...@tdiehl.org
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-es] Namespace en postfix / dovecot

[Ernesto Pérez Estévez]

On 13/12/16 07:00, Ernesto Pérez Estévez wrote:
> En mi caso cuando lo he tenido lo he logrado controlar a través del uso
> de iptables, pero te cuento luego porque no es tan fácil.
> 

Si el problema ocurre DESDE tu servidor, posiblemente debes buscar la
opción de bloquear el acceso a los scripts al puerto 25/tcp saliente.

Esto es en caso de que tus aplicaciones web corran bajo otro usuario que
no sea root. Ejemplo: si cada sitio virtual corre bajo un UID diferente,
entonces puedes aplicar reglas de iptables para que, excepto tu servidor
de smtp y el usuario root, nadie más pueda acceder al puerto 25/tcp
saliente.

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner postfix
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman
-j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j
ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with
icmp-port-unreachable

Claro, con esto no encontrarás al script malicioso, simplemente le
bloquearás cualquier intento. Quizá debas usar LOG para guardar los
intentos fallidos y tratar de encontrar el uid que está haciendo el intento.

-- 
CEDIA
La principal herramienta de Investigación en el Ecuador.

Calle La Condamine 12-109 "Casa Rivera".
Cuenca -  Ecuador
Telf: (593) 7405 1000 Ext. 4220/4223
i...@cedia.org.ec
www.cedia.org.ec

Email secured by Check Point
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] CentOS-announce Digest, Vol 142, Issue 4

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. Release for CentOS Linux 7 (1611) on x86_64 (Karanbir Singh)


--

Message: 1
Date: Mon, 12 Dec 2016 17:42:53 +
From: Karanbir Singh 
To: CentOS Announcements List 
Subject: [CentOS-announce] Release for CentOS Linux 7 (1611) on x86_64
Message-ID: <57a573d2-7a27-9472-79d9-1733117c8...@centos.org>
Content-Type: text/plain; charset=utf-8

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am pleased to announce the general availability of CentOS Linux 7
(1611) for 64 bit x86 compatible machines.

Effectively immediately, this is the current release for CentOS Linux
7 and is tagged as 1611, derived from Red Hat Enterprise Linux 7.3

As always, read through the Release Notes at :
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes
contain important information about the release and details about some
of the content inside the release from the CentOS QA team. These notes
are updated constantly to include issues and incorporate feedback from
the users.

- --
Updates, Sources, and DebugInfos

Updates released since we froze the iso and install media content are
posted in the updates repo along with the release. This will include
content from late November 2016 and December 2016, therefore anyone
running a new install is highly encouraged to run a 'yum update'
operation immediate on install completion.  You can apply all updates,
including the content released today, on your existing CentOS Linux
7/x86_64 machine by just running 'yum update'.

As with all CentOS Linux 7 components, this release was built from
sources hosted at git.centos.org. In addition, SRPMs that are a
byproduct of the build (and also considered critical in the code and
buildsys process) are being published to match every binary RPM we
release. Sources will be available from vault.centos.org in their own
dedicated directories to match the corresponding binary RPMs. Since
there is far less traffic to the CentOS source RPMs compared with the
binary RPMs, we are not putting this content on the main mirror
network. If users wish to mirror this content they can do so using the
reposync command available in the yum-utils package. All CentOS source
RPMs are signed with the same key used to sign their binary
counterparts. Developers and end users looking at inspecting and
contributing patches to the CentOS Linux distro will find the code
hosted at git.centos.org far simpler to work against. Details on how
to best consume those are documented along with a quick start at :
http://wiki.centos.org/Sources

Debuginfo packages are also being signed and pushed. Yum configs
shipped in the new release file will have all the context required for
debuginfo to be available on every CentOS Linux install.

This release supersedes all previously released content for CentOS
Linux 7, and therefore we highly encourage all users to upgrade their
machines. Information on different upgrade strategies and how to
handle stale content is included in the Release Notes.

- --
Download

In order to conserve donor bandwidth, and to make it possible to get
the mirror content sync'd out as soon as possible, we recommend using
torrents to get your initial installer images:

Details on the images are available on the mirrors at
http://mirror.centos.org/centos/7/isos/x86_64/0_README.txt - that file
clearly highlights the difference in the images, and when one might be
more suitable than the others.

The sizes, sha256 sums and torrents for the ISO files:

==
* CentOS-7-x86_64-Minimal-1611.iso
  Size: 713031680
  Torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-16
11.torrent
  Sha256Sum:
27bd866242ee058b7a5754e83d8ee8403e216b93d130d800852a96f41c34d86a

* CentOS-7-x86_64-NetInstall-1611.iso
  Size: 395313152
  Torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall
- -1611.iso.torrent
  Sha256Sum:
f2f7367deb90a25822947660c71638333ca0eceeabecc2d631be6cd508c24494

* CentOS-7-x86_64-DVD-1611.iso
  Size: 4379901952
  Torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1611.i
so.torrent
  Sha256Sum:
c455ee948e872ad2194b39045b83634e8613249182b88f549bb2319d97eb

* CentOS-7-x86_64-Everything-1611.iso
  Size: 8280604672
  Torrent:

Re: [CentOS-es] Namespace en postfix / dovecot

[Ernesto Pérez Estévez]

On 13/12/16 06:49, Alex ( Servtelecom ) wrote:
> Hola compañeros, hotmail y outlook.com me frenan mis correos y después
> de mucho indagar me sueltan que mi servidor esta configurado para que se
> puedan generar Namespace y no se como evitar esto, hasta ahora no me
> había pasado nunca pero me gustaría saber por donde empiezo?
> que información necesitáis para que me podáis ayudar?
> 

Busquemos info sobre el namespace mining primero y enterémonos de lo que
es:

El problema es al revés, tu servidor está corriendo un script o malware
intentando averiguar direcciones de correo válidas donde ellos.

Eso es namespace mining. Es una técnica que tiene su edad y que ahora
tratan de dispersar mandando a servidores comprometidos a realizar esta
acción, cargando estos servidores con la culpa del ataque, quedando el
atacante limpio de polvo y paja en sus propios servidores.

http://serverfault.com/questions/625853/prevent-stop-namespace-mining

Ahora sí, te toca buscar el script malicioso. Claro, esto se dice fácil
pero posiblemente incluso no lo encuentres en el servidor pues el
atacante puede mandarlo a descargar a través de un sistema
desactualizado (típicamente joomla o wordpress o un módulo de ellos) o
de un sistema que utiliza claves débiles..  y entonces ejecuta al script
y luego de ejecutarlo un tiempo lo manda a borrar y luego de unas horas
o días vuelve a hacer el mismo procedimiento. Inteligente verdad?

Es una patada el encontrar el sistema con problemas.. esos son los días
en que quieres echar todo a la basura y dedicarte a la ornitología o al
cuidado de elefantes... te lo juro.

En mi caso cuando lo he tenido lo he logrado controlar a través del uso
de iptables, pero te cuento luego porque no es tan fácil.

-- 
CEDIA
La principal herramienta de Investigación en el Ecuador.

Calle La Condamine 12-109 "Casa Rivera".
Cuenca -  Ecuador
Telf: (593) 7405 1000 Ext. 4220/4223
i...@cedia.org.ec
www.cedia.org.ec

Email secured by Check Point
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS-es] Namespace en postfix / dovecot

[Alex ( Servtelecom )]

Hola compañeros, hotmail y outlook.com me frenan mis correos y después 
de mucho indagar me sueltan que mi servidor esta configurado para que se 
puedan generar Namespace y no se como evitar esto, hasta ahora no me 
había pasado nunca pero me gustaría saber por donde empiezo?

que información necesitáis para que me podáis ayudar?

___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

[CentOS] Network Manager - force activation of multiple connections

[Gary Stainburn]

For each of my sites I have set up a server to act as AirPrint server.  This 
requires the LAN connection that the servers have always had, plus a WIFI 
connection to give it a presence on the WIFI  (The WIFI and LAN are on 
separate VLANS)

I have finally dragged myself into the 21st century and used NetworkManager 
for the connection, using nmtui to do the work.

The problem I have is that on most of these servers, thw WIFI connection 
doesn't always activate on bootup and I have to go into nmtui -> activate -> 
WIFI etc. to get it working again.

Is there a way to force NetworkManager to always activate all interfaces on 
bootup?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] test builds on private server against 1611

[Andreas Benzler]

Hello Guys,

I only wanna you know that my private server builds
works against centos version 1611.


The messa private llmv on centos was never
as mine. That’s all

I also removed my old 12.04 mesa stuff, because of this
behavior.

Sincerely

Andy


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos