subject:"\[CentOS\] Boot failed on latest CentOS 7 update"

On Sun, Aug 2, 2020 at 7:14 PM Chris Adams  wrote:

> Once upon a time, Jonathan Billings  said:
> > On Aug 2, 2020, at 14:43, Pete Biggs  wrote:
> > > You don't have to use UEFI secure booting - most machines can fall back
> > > to legacy booting using BIOS settings. If you do that, you won't use
> > > any Microsoft signed code.
> >
> > Back in 2017, Intel said that it was going to deprecate the “Legacy” CSM
> by 2020. They might have changed their schedule but I suspect we’ll start
> seeing hardware without anything but UEFI.
>
> I believe that is still Intel's plan.
>
> However, as happens often, people are confusing UEFI and Secure Boot.
> UEFI is a replacement for the ages-old BIOS - Secure Boot is an
> extension to UEFI to create a "trusted" (for whatever that may mean)
> boot chain to get to the OS.  You can have UEFI without having Secure
> Boot enabled (that's what I do on my systems).
>

Legacy BIOS has its own set of issues, like no GPT support, MBR disks are
max 2TB.



-- 
-john r pierce
  recycling used bits in santa cruz
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Chris Adams

Once upon a time, Jonathan Billings  said:
> On Aug 2, 2020, at 14:43, Pete Biggs  wrote:
> > You don't have to use UEFI secure booting - most machines can fall back
> > to legacy booting using BIOS settings. If you do that, you won't use
> > any Microsoft signed code.
> 
> Back in 2017, Intel said that it was going to deprecate the “Legacy” CSM by 
> 2020. They might have changed their schedule but I suspect we’ll start seeing 
> hardware without anything but UEFI. 

I believe that is still Intel's plan.

However, as happens often, people are confusing UEFI and Secure Boot.
UEFI is a replacement for the ages-old BIOS - Secure Boot is an
extension to UEFI to create a "trusted" (for whatever that may mean)
boot chain to get to the OS.  You can have UEFI without having Secure
Boot enabled (that's what I do on my systems).
-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Gordon Messmer


On 8/2/20 4:11 PM, John Pierce wrote:

isn't it more that they simply won't work with newer boots that were signed
by the new keys?  and the updated BIOS's won't boot older OS versions that
weren't signed by the new keys?



I don't know if the Secure Boot PKI has a publicly documented 
contingency plan for a compromised CA, but my understanding is that 
there are multiple slots for signatures:


http://dreamhack.it/linux/2015/12/03/secure-boot-signed-modules-and-signed-elf-binaries.html

So, I would guess that clients would receive a new trust DB that did not 
contain the old root CA, and new bootloaders signed by both the old root 
CA and the new CA.  The new bootloaders would work on both new and old 
systems, having signatures from both. Old bootloaders would not work on 
new clients.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Leon Fauster via CentOS


Am 02.08.20 um 04:15 schrieb Kay Schenk:

Questions re this statement in the ZDNET article --

"In all cases, users reported that downgrading systems to a previous
release to reverse the BootHole patches usually fixed their problems."

  A previous release of what? GRUB2

So that's my first question.



There are some canonical packages - the combination/grouping is important.

https://lists.centos.org/pipermail/centos-announce/2020-July/035779.html


Furthermore the corresponding shim and kernel rpms should be installed 
together (or the kernel should be reinstalled)


https://lists.centos.org/pipermail/centos/2020-August/351180.html





Second. I'm assuming the the muti-screen UEFI settings I see are standard
for more recent BIOS -- not sure of version. Do we have any guidance for
that?

If it is the case that a downgrade to previous grub2 can fix the problem --
and not latest kernel? Does this matter? -- maybe booting from your chosen
"rescue" option AND reinstalling older grub (somehow) can get us further
along.




--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Jonathan Billings

On Aug 2, 2020, at 14:43, Pete Biggs  wrote:
> You don't have to use UEFI secure booting - most machines can fall back
> to legacy booting using BIOS settings. If you do that, you won't use
> any Microsoft signed code.

Back in 2017, Intel said that it was going to deprecate the “Legacy” CSM by 
2020. They might have changed their schedule but I suspect we’ll start seeing 
hardware without anything but UEFI. 

--
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

On Sun, Aug 2, 2020 at 3:54 PM Gordon Messmer 
wrote:

> On 8/2/20 1:19 PM, John Pierce wrote:
> > One of the things that bugs me about PKI trust chains like this, what
> > happens if the unthinkable happens, and Microsoft's RootCA gets
> compromised
> > and has to be revoked... does that mean every single piece of UEFI
> > hardware  out there needs a BIOS upgrade?
>
>
> Yes.  They'll be vulnerable to malware signed by the old CA until
> they're updated.
>
> That's better than systems without a PKI trust chain, which are
> vulnerable all of the time.

isn't it more that they simply won't work with newer boots that were signed
by the new keys?  and the updated BIOS's won't boot older OS versions that
weren't signed by the new keys?

BIOS updates are often not available for sligthly older hardware, once it
goes out of production most vendors lose all interest.

>
>

-- 
-john r pierce
  recycling used bits in santa cruz
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Gordon Messmer


On 8/2/20 1:19 PM, John Pierce wrote:

One of the things that bugs me about PKI trust chains like this, what
happens if the unthinkable happens, and Microsoft's RootCA gets compromised
and has to be revoked... does that mean every single piece of UEFI
hardware  out there needs a BIOS upgrade?



Yes.  They'll be vulnerable to malware signed by the old CA until 
they're updated.


That's better than systems without a PKI trust chain, which are 
vulnerable all of the time.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

On Sun, Aug 2, 2020 at 1:01 PM Phil Perry  wrote:

> I believe Microsoft signs the shim which then becomes the trusted
> authority and embeds RH (or CentOS) signing cert, so (I believe) every
> release of the shim needs to be signed by Microsoft. So it's not quite
> as efficient as MS signing a RH/CentOS CA key, but is not far off.
>

One of the things that bugs me about PKI trust chains like this, what
happens if the unthinkable happens, and Microsoft's RootCA gets compromised
and has to be revoked... does that mean every single piece of UEFI
hardware  out there needs a BIOS upgrade?  and don't UEFI bios updates
have to be signed too?

-- 
-john r pierce
  recycling used bits in santa cruz
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Phil Perry


On 02/08/2020 19:54, John Pierce wrote:

On Sun, Aug 2, 2020 at 11:45 AM Phil Perry  wrote:


On 02/08/2020 16:26, Valeri Galtsev wrote:


On the side note: it is Microsoft that signs one of Linux packages now.

We seem to have made one more step away from “our” computers being _our
computers_. Am I wrong?


Valeri



Microsoft are the Certificate Authority for SecureBoot and most
SB-enabled hardware (most x86 hardware) comes with a copy of the
Microsoft key preinstalled allowing binaries that are signed by
Microsoft to work. In the case of linux, that is the shim which becomes
the root of trust to load everything else. If you are not happy with
that you can always become your own certificate authority by generating
your own keys, install your signing keys in the hardware's firmware (MOK
list) and sign stuff yourself to use on your own machine(s).

However if you wish to distribute stuff to others and have it work
seamlessly on hardware outside of your direct control and without the
need for every user to import your CA SecureBoot signing key into the
MOK list on every device, you would rely on Microsoft to sign SB related
content.



now, does Microsoft have to sign each released module themselves, or will
they issue a CA  cert to an authorized OS creator, like RH, then let RH
sign their own modules?

EG,Microsoft RootCA -> Signed Package
vs,  Microsoft RootCA -> RH Child CA -> Signed Package 




I believe Microsoft signs the shim which then becomes the trusted 
authority and embeds RH (or CentOS) signing cert, so (I believe) every 
release of the shim needs to be signed by Microsoft. So it's not quite 
as efficient as MS signing a RH/CentOS CA key, but is not far off.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

On Sun, Aug 2, 2020 at 11:45 AM Phil Perry  wrote:

> On 02/08/2020 16:26, Valeri Galtsev wrote:
> >
> > On the side note: it is Microsoft that signs one of Linux packages now.
> We seem to have made one more step away from “our” computers being _our
> computers_. Am I wrong?
> >
> > Valeri
> >
>
> Microsoft are the Certificate Authority for SecureBoot and most
> SB-enabled hardware (most x86 hardware) comes with a copy of the
> Microsoft key preinstalled allowing binaries that are signed by
> Microsoft to work. In the case of linux, that is the shim which becomes
> the root of trust to load everything else. If you are not happy with
> that you can always become your own certificate authority by generating
> your own keys, install your signing keys in the hardware's firmware (MOK
> list) and sign stuff yourself to use on your own machine(s).
>
> However if you wish to distribute stuff to others and have it work
> seamlessly on hardware outside of your direct control and without the
> need for every user to import your CA SecureBoot signing key into the
> MOK list on every device, you would rely on Microsoft to sign SB related
> content.
>
>
now, does Microsoft have to sign each released module themselves, or will
they issue a CA  cert to an authorized OS creator, like RH, then let RH
sign their own modules?

EG,Microsoft RootCA -> Signed Package
vs,  Microsoft RootCA -> RH Child CA -> Signed Package 





-- 
-john r pierce
  recycling used bits in santa cruz
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Phil Perry


On 02/08/2020 16:26, Valeri Galtsev wrote:


On the side note: it is Microsoft that signs one of Linux packages now. We seem 
to have made one more step away from “our” computers being _our computers_. Am 
I wrong?

Valeri



Microsoft are the Certificate Authority for SecureBoot and most 
SB-enabled hardware (most x86 hardware) comes with a copy of the 
Microsoft key preinstalled allowing binaries that are signed by 
Microsoft to work. In the case of linux, that is the shim which becomes 
the root of trust to load everything else. If you are not happy with 
that you can always become your own certificate authority by generating 
your own keys, install your signing keys in the hardware's firmware (MOK 
list) and sign stuff yourself to use on your own machine(s).


However if you wish to distribute stuff to others and have it work 
seamlessly on hardware outside of your direct control and without the 
need for every user to import your CA SecureBoot signing key into the 
MOK list on every device, you would rely on Microsoft to sign SB related 
content.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Pete Biggs


> On the side note: it is Microsoft that signs one of Linux packages
> now. We seem to have made one more step away from “our” computers
> being _our computers_. Am I wrong?
> 

Secure booting using UEFI requires that the code is signed - that is
the "secure" bit.  Microsoft are the CA for that signing. There's
nothing sinister about it, they aren't signing the RPM package just one
of the bits of code in the package. I seem to remember that Microsoft
were the most vocal advocates for secure booting to get around boot
sector viruses and in order to facilitate a more universal uptake they
committed to signing any UEFI boot code from other OSes so long as it
came from a bona fide source.

You don't have to use UEFI secure booting - most machines can fall back
to legacy booting using BIOS settings. If you do that, you won't use
any Microsoft signed code.

I haven't looked in detail at the bug this all was supposed to fix, but
I think it had the capability of by-passing the UEFI security checking,
hence why the release of the advisory was delayed until the OSes were
patched and why there was a scramble to get everything out in time.
It's a nasty bug and was difficult to fix from what I've heard.

P.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Stephen John Smoogen

On Sun, 2 Aug 2020 at 13:35, Alessandro Baggi
 wrote:
>
>
> Il 02/08/20 19:09, Alessandro Baggi ha scritto:
> >
> > Il 02/08/20 18:54, Stephen John Smoogen ha scritto:
> >> On a side note, you keep emphasizing you aren't expecting an SLA.. but
> >> all your questions are what someone asks to have in a defined SLA. I
> >> have done the same thing in the past when things have gone badly, but
> >> couching it in 'I am not asking' just makes the people being asked
> >> grumpy. Better to be open and say 'Look I would like to know what my
> >> expectations should be for CentOS' and be done with it.
>
> I press send wrongly.
>
> Sorry, but you are wrong about this.
>

My apologies. I should have asked for clarification.
-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update




Il 02/08/20 19:22, Valeri Galtsev ha scritto:



On 8/2/20 12:09 PM, Alessandro Baggi wrote:


Il 02/08/20 18:54, Stephen John Smoogen ha scritto:

On a side note, you keep emphasizing you aren't expecting an SLA.. but
all your questions are what someone asks to have in a defined SLA. I
have done the same thing in the past when things have gone badly, but
couching it in 'I am not asking' just makes the people being asked
grumpy. Better to be open and say 'Look I would like to know what my
expectations should be for CentOS' and be done with it.


Sorry, but you are wrong about this.

If I want SLA and QA I will use RHEL.

Now permit me to say one thing: the update on my machines, failed in 
a so bad way that my first thought was "WTF? they tested this fix?" 
and I'm not the only one that




And this complaint has to fall onto RedHat. Slightly underestimating 
the job CentOS team is doing, one could say: CentOS in just a binary 
replica of RedHat Enterprise.



Hi Valeri,

Yes you are right.

And again, we use distributions for what benefit they give us, and any 
trouble we may encounter, we have just ourselves to blame for the 
choice we had made. And I here am not restricting the choices we could 
have made to variety of Linux flavors, but include in general anything 
one could use: a bunch of BSD descendants, MacOS (which server 
administration wise I excluded from chain BSD --> Darwin --> MacOS 10, 
or rather ignore that to be a chain), MS Windows (no, I am not asking 
for shots at me, I for one use FreeBSD for servers, not MS Windows), etc.


I use CentOS on workstation (except for my own_ and numbercrunchers. 
And once again, thanks a lot to the whole CentOS team for the great 
job, you, guys are doing!


Just my abstract view of this.

Valeri


the previous message was sent incomplete.

I appreciate very much the great job done by the CentOS team with so low 
resource.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update




Il 02/08/20 19:09, Alessandro Baggi ha scritto:


Il 02/08/20 18:54, Stephen John Smoogen ha scritto:

On a side note, you keep emphasizing you aren't expecting an SLA.. but
all your questions are what someone asks to have in a defined SLA. I
have done the same thing in the past when things have gone badly, but
couching it in 'I am not asking' just makes the people being asked
grumpy. Better to be open and say 'Look I would like to know what my
expectations should be for CentOS' and be done with it.


I press send wrongly.

Sorry, but you are wrong about this.

If I want SLA and QA I will use RHEL.

Now permit me to say one thing: the update on my machines, failed in a 
so BAD way that my first thought was "WTF? they tested this fix?" and 
I'm not the only one that who thought about this. I expect that a 
package is tested to not break a machine/service like for other distro 
like debian, opensuse, ubuntu and this is DIFFERENT than expect a 
defined SLA or QA level. How I can expect SLA from CentOS for personal 
usage and free?  But if this happen on CentOS I read "Eh, you want SLA 
and you should use RHEL", ifthis  happen on Ubuntu "Ah, don't use 
Ubuntu, I abondoned it for this type of problems"... I need only that 
the update does not destroy the entire installation. Now, if expect that 
a distro, with a strong reputation like centos,  make test on a package 
that could break the boot process of a system,  for a good number of 
usage case is not requiring SLA or QA, is only expect a good practice 
like I would expect for other distro.


When I release a patch/fix to a script or an RPM package or php page or 
python script, before I apply the change I ensure that this change does 
not break anything. I'm not sure about this? Good I'll wait to push it 
and test it again ( this not imply that bugs are not present) but this 
is not a SLA request man because I know that centos can't offer it.


Probably this is a my misconception, but hey I'm really and very 
surprised that this happend in a bad way (specially on the upstream). As 
I said, I will use again centos and won't expect any type of SLA, QA, 
fast release in a different way like for the previous version, I can 
only send a thank you to the CentOS team.


As Johnny explained this happened and will happen in the future, this 
problem is not related to CentOS directly and the great job that Johnny 
done today is amazing.


My 2 cent.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Valeri Galtsev





On 8/2/20 12:09 PM, Alessandro Baggi wrote:


Il 02/08/20 18:54, Stephen John Smoogen ha scritto:

On a side note, you keep emphasizing you aren't expecting an SLA.. but
all your questions are what someone asks to have in a defined SLA. I
have done the same thing in the past when things have gone badly, but
couching it in 'I am not asking' just makes the people being asked
grumpy. Better to be open and say 'Look I would like to know what my
expectations should be for CentOS' and be done with it.


Sorry, but you are wrong about this.

If I want SLA and QA I will use RHEL.

Now permit me to say one thing: the update on my machines, failed in a 
so bad way that my first thought was "WTF? they tested this fix?" and 
I'm not the only one that




And this complaint has to fall onto RedHat. Slightly underestimating the 
job CentOS team is doing, one could say: CentOS in just a binary replica 
of RedHat Enterprise.


And again, we use distributions for what benefit they give us, and any 
trouble we may encounter, we have just ourselves to blame for the choice 
we had made. And I here am not restricting the choices we could have 
made to variety of Linux flavors, but include in general anything one 
could use: a bunch of BSD descendants, MacOS (which server 
administration wise I excluded from chain BSD --> Darwin --> MacOS 10, 
or rather ignore that to be a chain), MS Windows (no, I am not asking 
for shots at me, I for one use FreeBSD for servers, not MS Windows), etc.


I use CentOS on workstation (except for my own_ and numbercrunchers. And 
once again, thanks a lot to the whole CentOS team for the great job, 
you, guys are doing!


Just my abstract view of this.

Valeri


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


--

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update




Il 02/08/20 18:54, Stephen John Smoogen ha scritto:

On a side note, you keep emphasizing you aren't expecting an SLA.. but
all your questions are what someone asks to have in a defined SLA. I
have done the same thing in the past when things have gone badly, but
couching it in 'I am not asking' just makes the people being asked
grumpy. Better to be open and say 'Look I would like to know what my
expectations should be for CentOS' and be done with it.


Sorry, but you are wrong about this.

If I want SLA and QA I will use RHEL.

Now permit me to say one thing: the update on my machines, failed in a 
so bad way that my first thought was "WTF? they tested this fix?" and 
I'm not the only one that


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Stephen John Smoogen

On Sun, 2 Aug 2020 at 12:08, Alessandro Baggi
 wrote:
>
> Hi Johnny,
> thank you for your answer. I always accepted release cycle of CentOS
> without any problem (maybe with EL8 but it is ok).
>
> I don't need SLA and I don't blame anyone for this, errors can occour. For
> example in this story, I applied blindly updates without check what and how
> so really I ran the command that brake my installation...and as I said no
> problem for this.
>
> You said:" We TRY to
> validate all fixes, but if something is broken in the source code, it
> will likely be borken in CentOS Linux as well". This means that if a rhel
> package break something, the centos team releases it with the bug anyway
> also if the bug is already known? The update cannot be delayed until the
> correct version is released if the package bug is already known? Is it not
> possible by policy or other? Validate is equal to "test if nothing get
> breakage"?
>

For CentOS-4, CentOS-5 and CentOS-6, the motto was "Bug for bug
compatible with RHEL." If things failed for RHEL, they would fail in
the same way for CentOS as much as possible. Many users of CentOS were
exceedingly proud of it and expected it to be the case for when they
needed justifications and such. The problem is that no one likes it
when a major problem comes out from RHEL. THis happens probably once
every 3 to 5 years and then everyone starts wanting to know why CentOS
doesn't ship things when people find something wrong. People usually
get motivated and start testing things more.. but after about 6 months
of no other problems.. can justify that bugs aren't common so why do
it.

On a side note, you keep emphasizing you aren't expecting an SLA.. but
all your questions are what someone asks to have in a defined SLA. I
have done the same thing in the past when things have gone badly, but
couching it in 'I am not asking' just makes the people being asked
grumpy. Better to be open and say 'Look I would like to know what my
expectations should be for CentOS' and be done with it.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Hi Johnny,
thank you for your answer. I always accepted release cycle of CentOS
without any problem (maybe with EL8 but it is ok).

I don't need SLA and I don't blame anyone for this, errors can occour. For
example in this story, I applied blindly updates without check what and how
so really I ran the command that brake my installation...and as I said no
problem for this.

You said:" We TRY to
validate all fixes, but if something is broken in the source code, it
will likely be borken in CentOS Linux as well". This means that if a rhel
package break something, the centos team releases it with the bug anyway
also if the bug is already known? The update cannot be delayed until the
correct version is released if the package bug is already known? Is it not
possible by policy or other? Validate is equal to "test if nothing get
breakage"?

I repeat, I don't need SLA or QA or faster update/release. What sound
strange to me is that the testing procedure for a released update to see if
all works has failed and has not revealed the problem  when the bug showed
up right away to me on a workstation and on a fresh install with minimal
and on a personal "server" with mdadm raid devices? In all my cases, when
updating shim I got several and clear messages of failed update without the
need to perform a reboot and see that grub was broken.

I have another question. I know that the gear that provides notification
for el8 updates does not work due to koji. How is the current status for
notification of updates for centos 8? We can see update notifications soon
re-enabled?

Thank you for your time. I appreciate your work.

Il Dom 2 Ago 2020, 14:42 Johnny Hughes  ha scritto:

> On 8/2/20 2:47 AM, Alessandro Baggi wrote:
> >
> > Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:
> >> It appears that it is affecting multiple distributions including Debian
> >> and Ubuntu so it looks like the grub2 team messed up. See
> >>
> >>
> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
> >>
> >>
> >> Mike
> >>
> >> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> >>>
>  Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS
>  :
> 
>  Am 01.08.20 um 23:41 schrieb Kay Schenk:
> > Well misery loves company but still...just truly unfathomable!
> > Time for a change.
> 
>  I can only express my incomprehension for such statements!
> 
>  Stay and help. Instead running away or should I say out of the
>  frying pan and into the fire? :-)
> >>> The thing, RHEL and CentOS not properly testing updates, cost me at
> >>> minimum 3-4 full working days, plus losses at customer sites.
> >>>
> >>> This is really a huge failure of RHEL and CentOS.
> >>>
> >>> A lot of trust has been destroyed.
> >
> > Hi Mike,
> >
> > I'm not interested that the issue is present on Debian, Ubuntu and the
> > others. Currently I'm using CentOS, I'm a CentOS user and currently I'm
> > interested what is happening on CentOS because I have machines that runs
> > CentOS. If the "wrong" patch was not pushed as update so fast (maybe
> > waiting more time before release with more testing to get all cases [yes
> > because when you update grub and depending on the fix you can break a
> > system easily]) there would have been no problem, by the way I prefer
> > wait some days (consider that I can accept the release delay of
> > minor/major release) then break my systems...and without messages on ML
> > announces about this type of problem does not help. Sorry I can't know
> > what and when a packages is updated, why it is updated, what type of
> > problem (CVE) it suffers and do my reasoning for an update process. This
> > is a missing for me but I still use centos and I should not need a RHEL
> > account to access to get advisories and see what applies on CentOS
> > (6,7,8 and Stream).
> >
> > Many of us, choose CentOS due to its stability and enteprise-ready
> > feature (and because is partially/enterely backed by RH). Due to actual
> > problem, many server and workstation died and it's normal that some user
> > said "A lot of trust has been destroyed." because they placed a lot of
> > trust on the pro-redhat support. On the other side, all of us can fall
> > in error and this is the case (like me that I updated blindy, so its
> > also my fault not only the broken update).
> >
> > Only one error in many years could not destroy a distro and its
> > stability reputation (I think and correct me if I'm wrong) and I hope it
> > won't happen again.
>
> Well, I am sorry to tell you, but it most likely WILL happen again at
> some point.
>
> CentOS Linux is a rebuild of RHEL source code, nothing more.  We TRY to
> validate all fixes, but if something is broken in the source code, it
> will likely be borken in CentOS Linux as well.  If you need software
> with Service Level Agreement type stability and timing .. that is
> absolutely NOT CentOS.
>
> We have 3 people who build updates as fast as

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Valeri Galtsev



> On Aug 2, 2020, at 9:14 AM, Gregory P. Ennis  wrote:
> 
> On 8/2/20 2:47 AM, Alessandro Baggi wrote:
>> 
>> Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:
>>> It appears that it is affecting multiple distributions including Debian
>>> and Ubuntu so it looks like the grub2 team messed up. See
>>> 
>>> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>>> 
>>> 
>>> Mike
>>> 
>>> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
 
> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS
> :
> 
> Am 01.08.20 um 23:41 schrieb Kay Schenk:
>> Well misery loves company but still...just truly unfathomable!
>> Time for a change.
> 
> I can only express my incomprehension for such statements!
> 
> Stay and help. Instead running away or should I say out of the
> frying pan and into the fire? :-)
 
 The thing, RHEL and CentOS not properly testing updates, cost me at
 minimum 3-4 full working days, plus losses at customer sites.
 
 This is really a huge failure of RHEL and CentOS.
 
 A lot of trust has been destroyed.
>> 
>> Hi Mike,
>> 
>> I'm not interested that the issue is present on Debian, Ubuntu and the
>> others. Currently I'm using CentOS, I'm a CentOS user and currently I'm
>> interested what is happening on CentOS because I have machines that runs
>> CentOS. If the "wrong" patch was not pushed as update so fast (maybe
>> waiting more time before release with more testing to get all cases [yes
>> because when you update grub and depending on the fix you can break a
>> system easily]) there would have been no problem, by the way I prefer
>> wait some days (consider that I can accept the release delay of
>> minor/major release) then break my systems...and without messages on ML
>> announces about this type of problem does not help. Sorry I can't know
>> what and when a packages is updated, why it is updated, what type of
>> problem (CVE) it suffers and do my reasoning for an update process. This
>> is a missing for me but I still use centos and I should not need a RHEL
>> account to access to get advisories and see what applies on CentOS
>> (6,7,8 and Stream).
>> 
>> Many of us, choose CentOS due to its stability and enteprise-ready
>> feature (and because is partially/enterely backed by RH). Due to actual
>> problem, many server and workstation died and it's normal that some user
>> said "A lot of trust has been destroyed." because they placed a lot of
>> trust on the pro-redhat support. On the other side, all of us can fall
>> in error and this is the case (like me that I updated blindy, so its
>> also my fault not only the broken update).
>> 
>> Only one error in many years could not destroy a distro and its
>> stability reputation (I think and correct me if I'm wrong) and I hope it
>> won't happen again.
> 
> Well, I am sorry to tell you, but it most likely WILL happen again at
> some point.
> 
> CentOS Linux is a rebuild of RHEL source code, nothing more.  We TRY to
> validate all fixes, but if something is broken in the source code, it
> will likely be borken in CentOS Linux as well.  If you need software
> with Service Level Agreement type stability and timing .. that is
> absolutely NOT CentOS.
> 

Gregory, Johnny, and everybody on CentOS team: Thanks a lot for great job you 
are doing!

And yes, we, humble users, do realize what you just said, Gregory. We know 
about “no guarantee” clause, and go with RedHat's reputation which through the 
great job you are doing translates into CentOS reliability level. My reading of 
many comments on this issue is, basically, the RedHat just lost a notch in the 
reputation level. Hopefully, it is not new lower level now, which hopefully 
again will be confirmed over long trouble-free period in a future.

On the side note: it is Microsoft that signs one of Linux packages now. We seem 
to have made one more step away from “our” computers being _our computers_. Am 
I wrong?

Valeri

> We have 3 people who build updates as fast as we can and this sofware is
> free and unvalidated.  We don't do any security testing .. we build and
> release RHEL source code.  RHEL is what you want if you want software
> assurance or the fastest release cycle or an SLA grade software release.
> 
> 
> I have released the new shim update for el7 that should fix this issue.
> -
> 
> Johnny,
> 
> Is the latest update :
> shim-x64   x86_64   15-7.el7_9  
> 
> Greg
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Marc Balmer via CentOS

> Is the latest update :
> shim-x64   x86_64   15-7.el7_9  

No. 15-8 is.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Gregory P. Ennis

On 8/2/20 2:47 AM, Alessandro Baggi wrote:
> 
> Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:
> > It appears that it is affecting multiple distributions including Debian
> > and Ubuntu so it looks like the grub2 team messed up. See
> > 
> > https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
> > 
> > 
> > Mike
> > 
> > On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> > > 
> > > > Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS
> > > > :
> > > > 
> > > > Am 01.08.20 um 23:41 schrieb Kay Schenk:
> > > > > Well misery loves company but still...just truly unfathomable!
> > > > > Time for a change.
> > > > 
> > > > I can only express my incomprehension for such statements!
> > > > 
> > > > Stay and help. Instead running away or should I say out of the
> > > > frying pan and into the fire? :-)
> > > 
> > > The thing, RHEL and CentOS not properly testing updates, cost me at
> > > minimum 3-4 full working days, plus losses at customer sites.
> > > 
> > > This is really a huge failure of RHEL and CentOS.
> > > 
> > > A lot of trust has been destroyed.
> 
> Hi Mike,
> 
> I'm not interested that the issue is present on Debian, Ubuntu and the
> others. Currently I'm using CentOS, I'm a CentOS user and currently I'm
> interested what is happening on CentOS because I have machines that runs
> CentOS. If the "wrong" patch was not pushed as update so fast (maybe
> waiting more time before release with more testing to get all cases [yes
> because when you update grub and depending on the fix you can break a
> system easily]) there would have been no problem, by the way I prefer
> wait some days (consider that I can accept the release delay of
> minor/major release) then break my systems...and without messages on ML
> announces about this type of problem does not help. Sorry I can't know
> what and when a packages is updated, why it is updated, what type of
> problem (CVE) it suffers and do my reasoning for an update process. This
> is a missing for me but I still use centos and I should not need a RHEL
> account to access to get advisories and see what applies on CentOS
> (6,7,8 and Stream).
> 
> Many of us, choose CentOS due to its stability and enteprise-ready
> feature (and because is partially/enterely backed by RH). Due to actual
> problem, many server and workstation died and it's normal that some user
> said "A lot of trust has been destroyed." because they placed a lot of
> trust on the pro-redhat support. On the other side, all of us can fall
> in error and this is the case (like me that I updated blindy, so its
> also my fault not only the broken update).
> 
> Only one error in many years could not destroy a distro and its
> stability reputation (I think and correct me if I'm wrong) and I hope it
> won't happen again.

Well, I am sorry to tell you, but it most likely WILL happen again at
some point.

CentOS Linux is a rebuild of RHEL source code, nothing more.  We TRY to
validate all fixes, but if something is broken in the source code, it
will likely be borken in CentOS Linux as well.  If you need software
with Service Level Agreement type stability and timing .. that is
absolutely NOT CentOS.

We have 3 people who build updates as fast as we can and this sofware is
free and unvalidated.  We don't do any security testing .. we build and
release RHEL source code.  RHEL is what you want if you want software
assurance or the fastest release cycle or an SLA grade software release.


I have released the new shim update for el7 that should fix this issue.
-

Johnny,

Is the latest update :
shim-x64   x86_64   15-7.el7_9  

Greg


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Johnny Hughes

On 8/2/20 2:47 AM, Alessandro Baggi wrote:
> 
> Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:
>> It appears that it is affecting multiple distributions including Debian
>> and Ubuntu so it looks like the grub2 team messed up. See
>>
>> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>>
>>
>> Mike
>>
>> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
>>>
 Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS
 :

 Am 01.08.20 um 23:41 schrieb Kay Schenk:
> Well misery loves company but still...just truly unfathomable!
> Time for a change.

 I can only express my incomprehension for such statements!

 Stay and help. Instead running away or should I say out of the
 frying pan and into the fire? :-)
>>> The thing, RHEL and CentOS not properly testing updates, cost me at
>>> minimum 3-4 full working days, plus losses at customer sites.
>>>
>>> This is really a huge failure of RHEL and CentOS.
>>>
>>> A lot of trust has been destroyed.
> 
> Hi Mike,
> 
> I'm not interested that the issue is present on Debian, Ubuntu and the
> others. Currently I'm using CentOS, I'm a CentOS user and currently I'm
> interested what is happening on CentOS because I have machines that runs
> CentOS. If the "wrong" patch was not pushed as update so fast (maybe
> waiting more time before release with more testing to get all cases [yes
> because when you update grub and depending on the fix you can break a
> system easily]) there would have been no problem, by the way I prefer
> wait some days (consider that I can accept the release delay of
> minor/major release) then break my systems...and without messages on ML
> announces about this type of problem does not help. Sorry I can't know
> what and when a packages is updated, why it is updated, what type of
> problem (CVE) it suffers and do my reasoning for an update process. This
> is a missing for me but I still use centos and I should not need a RHEL
> account to access to get advisories and see what applies on CentOS
> (6,7,8 and Stream).
> 
> Many of us, choose CentOS due to its stability and enteprise-ready
> feature (and because is partially/enterely backed by RH). Due to actual
> problem, many server and workstation died and it's normal that some user
> said "A lot of trust has been destroyed." because they placed a lot of
> trust on the pro-redhat support. On the other side, all of us can fall
> in error and this is the case (like me that I updated blindy, so its
> also my fault not only the broken update).
> 
> Only one error in many years could not destroy a distro and its
> stability reputation (I think and correct me if I'm wrong) and I hope it
> won't happen again.

Well, I am sorry to tell you, but it most likely WILL happen again at
some point.

CentOS Linux is a rebuild of RHEL source code, nothing more.  We TRY to
validate all fixes, but if something is broken in the source code, it
will likely be borken in CentOS Linux as well.  If you need software
with Service Level Agreement type stability and timing .. that is
absolutely NOT CentOS.

We have 3 people who build updates as fast as we can and this sofware is
free and unvalidated.  We don't do any security testing .. we build and
release RHEL source code.  RHEL is what you want if you want software
assurance or the fastest release cycle or an SLA grade software release.


I have released the new shim update for el7 that should fix this issue.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-02 Thread Patrick Bégou

Le 02/08/2020 à 09:47, Alessandro Baggi a écrit :
>
> Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:
>> It appears that it is affecting multiple distributions including Debian
>> and Ubuntu so it looks like the grub2 team messed up. See
>>
>> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>>
>>
>> Mike
>>
>> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
>>>
 Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS
 :

 Am 01.08.20 um 23:41 schrieb Kay Schenk:
> Well misery loves company but still...just truly unfathomable!
> Time for a change.

 I can only express my incomprehension for such statements!

 Stay and help. Instead running away or should I say out of the
 frying pan and into the fire? :-)
>>> The thing, RHEL and CentOS not properly testing updates, cost me at
>>> minimum 3-4 full working days, plus losses at customer sites.
>>>
>>> This is really a huge failure of RHEL and CentOS.
>>>
>>> A lot of trust has been destroyed.
>
> Hi Mike,
>
> I'm not interested that the issue is present on Debian, Ubuntu and the
> others. Currently I'm using CentOS, I'm a CentOS user and currently
> I'm interested what is happening on CentOS because I have machines
> that runs CentOS. If the "wrong" patch was not pushed as update so
> fast (maybe waiting more time before release with more testing to get
> all cases [yes because when you update grub and depending on the fix
> you can break a system easily]) there would have been no problem, by
> the way I prefer wait some days (consider that I can accept the
> release delay of minor/major release) then break my systems...and
> without messages on ML announces about this type of problem does not
> help. Sorry I can't know what and when a packages is updated, why it
> is updated, what type of problem (CVE) it suffers and do my reasoning
> for an update process. This is a missing for me but I still use centos
> and I should not need a RHEL account to access to get advisories and
> see what applies on CentOS (6,7,8 and Stream).
>
> Many of us, choose CentOS due to its stability and enteprise-ready
> feature (and because is partially/enterely backed by RH). Due to
> actual problem, many server and workstation died and it's normal that
> some user said "A lot of trust has been destroyed." because they
> placed a lot of trust on the pro-redhat support. On the other side,
> all of us can fall in error and this is the case (like me that I
> updated blindy, so its also my fault not only the broken update).
>
> Only one error in many years could not destroy a distro and its
> stability reputation (I think and correct me if I'm wrong) and I hope
> it won't happen again.
>
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

I am an "old unix admin" and I remember that many years ago (let say
1990), on my unix systems, I was creating a backup before each update.
All updates were not successful

Today, we run "yum update" blindly, sometime daily,  as it is "always"
running fine, have rollback commands even on critical servers. But
not sure that "always" exist really.

Patrick

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Hi Paride,

I also have a debian 10 on a workstation and some VMs for test purpose.
Probably you updated after the grub-regression update but I noticed
several stories about debian breakage.

Il 02/08/20 01:13, paride desimone ha scritto:

I use debian buster on my old notebook, an asus f3ja and I have not grub
throuble. I try a virtual mschine with testing and unstable, and both boot
regularly

Il dom 2 ago 2020, 00:42 Mike McCarthy, W1NR ha scritto:

It appears that it is affecting multiple distributions including Debian
and Ubuntu so it looks like the grub2 team messed up. See

https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/

Mike

On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:

Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <

centos@centos.org>:

Am 01.08.20 um 23:41 schrieb Kay Schenk:

Well misery loves company but still...just truly unfathomable!
Time for a change.

I can only express my incomprehension for such statements!

Stay and help. Instead running away or should I say out of the
frying pan and into the fire? :-)

The thing, RHEL and CentOS not properly testing updates, cost me at

minimum 3-4 full working days, plus losses at customer sites.

This is really a huge failure of RHEL and CentOS.

A lot of trust has been destroyed.

--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Il 02/08/20 00:42, Mike McCarthy, W1NR ha scritto:

It appears that it is affecting multiple distributions including Debian
and Ubuntu so it looks like the grub2 team messed up. See

https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/

Mike

On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:

Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS :

Am 01.08.20 um 23:41 schrieb Kay Schenk:

Well misery loves company but still...just truly unfathomable!
Time for a change.

I can only express my incomprehension for such statements!

Stay and help. Instead running away or should I say out of the
frying pan and into the fire? :-)

The thing, RHEL and CentOS not properly testing updates, cost me at minimum 3-4
full working days, plus losses at customer sites.

This is really a huge failure of RHEL and CentOS.

A lot of trust has been destroyed.

Hi Mike,

I'm not interested that the issue is present on Debian, Ubuntu and the
others. Currently I'm using CentOS, I'm a CentOS user and currently I'm
interested what is happening on CentOS because I have machines that runs
CentOS. If the "wrong" patch was not pushed as update so fast (maybe
waiting more time before release with more testing to get all cases [yes
because when you update grub and depending on the fix you can break a
system easily]) there would have been no problem, by the way I prefer
wait some days (consider that I can accept the release delay of
minor/major release) then break my systems...and without messages on ML
announces about this type of problem does not help. Sorry I can't know
what and when a packages is updated, why it is updated, what type of
problem (CVE) it suffers and do my reasoning for an update process. This
is a missing for me but I still use centos and I should not need a RHEL
account to access to get advisories and see what applies on CentOS
(6,7,8 and Stream).

Many of us, choose CentOS due to its stability and enteprise-ready
feature (and because is partially/enterely backed by RH). Due to actual
problem, many server and workstation died and it's normal that some user
said "A lot of trust has been destroyed." because they placed a lot of
trust on the pro-redhat support. On the other side, all of us can fall
in error and this is the case (like me that I updated blindy, so its
also my fault not only the broken update).

Only one error in many years could not destroy a distro and its
stability reputation (I think and correct me if I'm wrong) and I hope it
won't happen again.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Questions re this statement in the ZDNET article --

"In all cases, users reported that downgrading systems to a previous
release to reverse the BootHole patches usually fixed their problems."

 A previous release of what? GRUB2

So that's my first question.

Second. I'm assuming the the muti-screen UEFI settings I see are standard
for more recent BIOS -- not sure of version. Do we have any guidance for
that?

If it is the case that a downgrade to previous grub2 can fix the problem --
and not latest kernel? Does this matter? -- maybe booting from your chosen
"rescue" option AND reinstalling older grub (somehow) can get us further
along.

___
Sent from MzK's phone.

On Sat, Aug 1, 2020, 15:42 Mike McCarthy, W1NR  wrote:

> It appears that it is affecting multiple distributions including Debian
> and Ubuntu so it looks like the grub2 team messed up. See
>
>
> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>
> Mike
>
> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> >
> >
> >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <
> centos@centos.org>:
> >>
> >> Am 01.08.20 um 23:41 schrieb Kay Schenk:
> >>> Well misery loves company but still...just truly unfathomable!
> >>> Time for a change.
> >>
> >>
> >> I can only express my incomprehension for such statements!
> >>
> >> Stay and help. Instead running away or should I say out of the
> >> frying pan and into the fire? :-)
> >
> > The thing, RHEL and CentOS not properly testing updates, cost me at
> minimum 3-4 full working days, plus losses at customer sites.
> >
> > This is really a huge failure of RHEL and CentOS.
> >
> > A lot of trust has been destroyed.
> >>
> >> --
> >> Leon
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

My system was happy UNTIL I rebooted. ThenBZZT!!!



On Sat, Aug 1, 2020, 17:02 Schatzi Olsen  wrote:

> And for whatever reason, both my centos 7 and 8 survived this apparently
> with flying colors.  Actually, this is out of character for how fate has
> been dealing the cards recently.
>
> I'm very leary about rebooting either, now, though.
>
>
>
> On Sat, Aug 1, 2020 at 12:50 PM Kay Schenk  wrote:
>
> > Totally and completely on my HP microfiber. Wouldn't get past anything to
> > even get me into the grub menu. NOT AMUSED!
> >
> > ___
> > Kay Schenk
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Schatzi Olsen

And for whatever reason, both my centos 7 and 8 survived this apparently
with flying colors.  Actually, this is out of character for how fate has
been dealing the cards recently.

I'm very leary about rebooting either, now, though.

On Sat, Aug 1, 2020 at 12:50 PM Kay Schenk  wrote:

> Totally and completely on my HP microfiber. Wouldn't get past anything to
> even get me into the grub menu. NOT AMUSED!
>
> ___
> Kay Schenk
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Mike --

Thanks for the clarification and more information.

___
Sent from MzK's phone.

On Sat, Aug 1, 2020, 15:42 Mike McCarthy, W1NR  wrote:

> It appears that it is affecting multiple distributions including Debian
> and Ubuntu so it looks like the grub2 team messed up. See
>
>
> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>
> Mike
>
> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> >
> >
> >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <
> centos@centos.org>:
> >>
> >> Am 01.08.20 um 23:41 schrieb Kay Schenk:
> >>> Well misery loves company but still...just truly unfathomable!
> >>> Time for a change.
> >>
> >>
> >> I can only express my incomprehension for such statements!
> >>
> >> Stay and help. Instead running away or should I say out of the
> >> frying pan and into the fire? :-)
> >
> > The thing, RHEL and CentOS not properly testing updates, cost me at
> minimum 3-4 full working days, plus losses at customer sites.
> >
> > This is really a huge failure of RHEL and CentOS.
> >
> > A lot of trust has been destroyed.
> >>
> >> --
> >> Leon
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread paride desimone

I use debian buster on my old notebook, an asus f3ja and I have not grub
throuble. I try a virtual mschine with testing and unstable, and both boot
regularly

Il dom 2 ago 2020, 00:42 Mike McCarthy, W1NR  ha scritto:

> It appears that it is affecting multiple distributions including Debian
> and Ubuntu so it looks like the grub2 team messed up. See
>
>
> https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
>
> Mike
>
> On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> >
> >
> >> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS <
> centos@centos.org>:
> >>
> >> Am 01.08.20 um 23:41 schrieb Kay Schenk:
> >>> Well misery loves company but still...just truly unfathomable!
> >>> Time for a change.
> >>
> >>
> >> I can only express my incomprehension for such statements!
> >>
> >> Stay and help. Instead running away or should I say out of the
> >> frying pan and into the fire? :-)
> >
> > The thing, RHEL and CentOS not properly testing updates, cost me at
> minimum 3-4 full working days, plus losses at customer sites.
> >
> > This is really a huge failure of RHEL and CentOS.
> >
> > A lot of trust has been destroyed.
> >>
> >> --
> >> Leon
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Kenneth Porter


Another ZDNet story on the issue:

https://www.zdnet.com/article/red-hat-enterprise-linux-runs-into-boothole-patch-trouble/


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Laack, Andrea P

" UEFI-related updates have had a history of making devices unusable, and 
vendors will need to be very cautious."

https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/

The fix for this vulnerability is complex and the fix will have different 
results on different machines.  The volunteers that support CentOS do the very 
best they can to test patches, but they can't possibly test for everything.  
If people have problems with the way patches are tested, maybe they should step 
up to the plate and become part of the solution.

We should be offering our thanks to those who donate their time and energy to 
supporting the CentOS project.

Andrea

-Original Message-
From: CentOS  On Behalf Of Mike McCarthy, W1NR
Sent: Saturday, August 1, 2020 5:42 PM
To: centos@centos.org
Subject: {EXTERNAL} Re: [CentOS] Boot failed on latest CentOS 7 update

CAUTION:  This email originated outside of BSWH; avoid action unless you know 
the content is safe. Send suspicious emails as attachments to 
badem...@bswhealth.org.

It appears that it is affecting multiple distributions including Debian and 
Ubuntu so it looks like the grub2 team messed up. See

https://urldefense.com/v3/__https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0b7TaqLKl4zP1mQ_QRA$

Mike

On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> 
> 
>> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS :
>>
>> Am 01.08.20 um 23:41 schrieb Kay Schenk:
>>> Well misery loves company but still...just truly unfathomable!
>>> Time for a change.
>>
>>
>> I can only express my incomprehension for such statements!
>>
>> Stay and help. Instead running away or should I say out of the frying 
>> pan and into the fire? :-)
> 
> The thing, RHEL and CentOS not properly testing updates, cost me at minimum 
> 3-4 full working days, plus losses at customer sites.
> 
> This is really a huge failure of RHEL and CentOS.
> 
> A lot of trust has been destroyed.
>>
>> --
>> Leon
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo
>> /centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB
>> _0b7TaqLKl4zPsGV6qgw$
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/
> centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0
> b7TaqLKl4zPsGV6qgw$
> 
___
CentOS mailing list
CentOS@centos.org
https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos__;!!JA_k2roV-A!Qbogq3YCBtqgCyV83UWwK0fOy32CkVABRN-pzz0HoElpMB_0b7TaqLKl4zPsGV6qgw$

**
The information contained in this e-mail may be privileged and/or confidential, 
and protected from disclosure, and no waiver of any attorney-client, work 
product, or other privilege is intended.  If you are the intended recipient, 
further disclosures are prohibited without proper authorization. If you are not 
the intended recipient (or have received this e-mail in error) please notify 
the sender immediately and destroy this e-mail. Any unauthorized copying, 
disclosure or distribution of the material in this e-mail is strictly forbidden 
and possibly a violation of federal or state law and regulations. The sender 
and Baylor Scott & White Health, and its affiliated entities, hereby expressly 
reserve all privileges and confidentiality that might otherwise be waived as a 
result of an erroneous or misdirected e-mail transmission. No employee or agent 
is authorized to conclude any binding agreement on behalf of Baylor Scott & 
White Health, or any affiliated entity, by e-mail without express written 
confirmation by the CEO, the Senior Vice President of Supply Chain Services or 
other duly authorized representative of Baylor Scott & White Health.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Mike McCarthy, W1NR

It appears that it is affecting multiple distributions including Debian
and Ubuntu so it looks like the grub2 team messed up. See

https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/

Mike

On 8/1/2020 6:11 PM, Marc Balmer via CentOS wrote:
> 
> 
>> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS :
>>
>> Am 01.08.20 um 23:41 schrieb Kay Schenk:
>>> Well misery loves company but still...just truly unfathomable!
>>> Time for a change.
>>
>>
>> I can only express my incomprehension for such statements!
>>
>> Stay and help. Instead running away or should I say out of the
>> frying pan and into the fire? :-)
> 
> The thing, RHEL and CentOS not properly testing updates, cost me at minimum 
> 3-4 full working days, plus losses at customer sites.
> 
> This is really a huge failure of RHEL and CentOS.
> 
> A lot of trust has been destroyed.
>>
>> --
>> Leon
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Marc Balmer via CentOS



> Am 01.08.2020 um 23:52 schrieb Leon Fauster via CentOS :
> 
> Am 01.08.20 um 23:41 schrieb Kay Schenk:
>> Well misery loves company but still...just truly unfathomable!
>> Time for a change.
> 
> 
> I can only express my incomprehension for such statements!
> 
> Stay and help. Instead running away or should I say out of the
> frying pan and into the fire? :-)

The thing, RHEL and CentOS not properly testing updates, cost me at minimum 3-4 
full working days, plus losses at customer sites.

This is really a huge failure of RHEL and CentOS.

A lot of trust has been destroyed.
> 
> --
> Leon
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread Leon Fauster via CentOS


Am 01.08.20 um 23:41 schrieb Kay Schenk:

Well misery loves company but still...just truly unfathomable!
Time for a change.



I can only express my incomprehension for such statements!

Stay and help. Instead running away or should I say out of the
frying pan and into the fire? :-)

--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

Well misery loves company but still...just truly unfathomable!
Time for a change.

___
Sent from MzK's phone.

On Sat, Aug 1, 2020, 13:04 david  wrote:

> At 12:50 PM 8/1/2020, Kay Schenk wrote:
> >Totally and completely on my HP microfiber. Wouldn't get past anything to
> >even get me into the grub menu. NOT AMUSED!
> >
> >___
> >Kay Schenk
>
>
> I was going to confirm the same, but the system that became
> unbootable was my mail system :-(
>
> Apparently, the SHIM/GRUB bug has hit both Centos 7 and 8.
>
> Too bad Ubuntu is enough different that makes it hard to switch.
>
> David
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Boot failed on latest CentOS 7 update

2020-08-01 Thread david


At 12:50 PM 8/1/2020, Kay Schenk wrote:

Totally and completely on my HP microfiber. Wouldn't get past anything to
even get me into the grub menu. NOT AMUSED!

___
Kay Schenk



I was going to confirm the same, but the system that became 
unbootable was my mail system :-(


Apparently, the SHIM/GRUB bug has hit both Centos 7 and 8.

Too bad Ubuntu is enough different that makes it hard to switch.

David 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Boot failed on latest CentOS 7 update