[CentOS] Supermicro CentOS 7 install failure

[dsavage]

My workhorse server is a SuperMicro with their H8DM8-2 motherboard. For
many years it ran CentOS 5.x and 6.x until the boot drive failed last
year. I installed a 1TB SSD as /dev/sda and planned to install CentOS 7 on
it, replacing CentOS 6.5 on the failed drive. Unfortunately every CentOS 7
media I tried, either optical disk or USB thumb drive, breaks down just a
few seconds after selecting "Install..."

The H8DM8-2 motherboard is based on the nVidia MPC55 Pro and NEC uPD720400
chipsets. It has an on-board Adaptec AIC-7902W dual-channel SCSI
controller and companion Zero-Channel RAID card. It has twin AMD Opteron
HE processors and 32GB of registered ECC DDR2 memory. The RAID array is
populated with ten Fujitsu 300GB 15K SCSI3 drives.

I took it into a friendly Linux shop where they reviewed / verified all of
my work and confirmed the boot-time problem. Two hours into the effort, my
friend plugged in a bootable Windows 10 thumb drive and to our amazement,
it came up very normally. So did another thumb drive with a Fedora 23
installation image. So there's nothing wrong with my hardware.

We believe the problem is due to Red Hat compiling RHEL7 without at least
one old device driver that I still need. My friend thinks we should build
an installation disk from a modified CentOS 7 live CD kickstart file and a
CentOS-Plus kernel. While that may work, I think there may be a simpler
boot-time kernel option I could use to successfully install from a stock
ISO.

Does anyone have any suggestions for boot-time options I could try?

--Doc Savage
  Fairview Heights, IL
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Supermicro CentOS 7 install failure

[Digimer]

On 20/12/15 11:13 PM, dsav...@peaknet.net wrote:
> My workhorse server is a SuperMicro with their H8DM8-2 motherboard. For
> many years it ran CentOS 5.x and 6.x until the boot drive failed last
> year. I installed a 1TB SSD as /dev/sda and planned to install CentOS 7 on
> it, replacing CentOS 6.5 on the failed drive. Unfortunately every CentOS 7
> media I tried, either optical disk or USB thumb drive, breaks down just a
> few seconds after selecting "Install..."
> 
> The H8DM8-2 motherboard is based on the nVidia MPC55 Pro and NEC uPD720400
> chipsets. It has an on-board Adaptec AIC-7902W dual-channel SCSI
> controller and companion Zero-Channel RAID card. It has twin AMD Opteron
> HE processors and 32GB of registered ECC DDR2 memory. The RAID array is
> populated with ten Fujitsu 300GB 15K SCSI3 drives.
> 
> I took it into a friendly Linux shop where they reviewed / verified all of
> my work and confirmed the boot-time problem. Two hours into the effort, my
> friend plugged in a bootable Windows 10 thumb drive and to our amazement,
> it came up very normally. So did another thumb drive with a Fedora 23
> installation image. So there's nothing wrong with my hardware.
> 
> We believe the problem is due to Red Hat compiling RHEL7 without at least
> one old device driver that I still need. My friend thinks we should build
> an installation disk from a modified CentOS 7 live CD kickstart file and a
> CentOS-Plus kernel. While that may work, I think there may be a simpler
> boot-time kernel option I could use to successfully install from a stock
> ISO.
> 
> Does anyone have any suggestions for boot-time options I could try?

Try 'nomodeset'. It might not be detecting the video card properly.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] does centos have this grub2 issue?

[Mike - st257]

On Thu, Dec 17, 2015 at 1:41 PM, Wes James  wrote:

>
> > On Dec 17, 2015, at 11:29 AM, Mike - st257 
> wrote:
> >
> > On Thu, Dec 17, 2015 at 1:19 PM, Wes James  wrote:
> >
> >> I saw this today:
> >>
> >>
> >>
> http://linux.slashdot.org/story/15/12/16/040223/0-day-grub2-authentication-bypass-hits-linux
> >>
> >> I installed a grub2 update in 7.2 yesterday. Did the update fix this?
> >>
> >
> > From the changelog, I'd say yes.
> >
> > ~]# yum changelog 1 grub2
> > <...snipped..>
> >
> > Listing 1 changelog
> >
> >  Installed Packages 
> > 1:grub2-2.02-0.33.el7.centos.1.x86_64installed
> > * Wed Dec 16 07:00:00 2015 Karanbir Singh 
> > 2.02-0.33.el7.centos.1
> > - Add patch to fix grub password path ( hughesjr )
> >
> > changelog stats. 1 pkg, 1 source pkg, 1 changelog
> >
>
>
> OK. Thanks.  I’ll use that command next time to check.
>

Be sure to install yum-plugin-changelog (it's in the base repo) first.


>
> -wes
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Alice Wonder]

On 12/20/2015 01:28 PM, Always Learning wrote:


On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote:



RPM has ability to install a package over the network.

rpm -i ftp://example.org/foo-2.2.noarch.rpm



Thanks for the new knowledge.


The point I'm trying to make though is that yum could benefit from
the ability to verify the fingerprint in a key it is importing
matches a DNS query for the user and domain the key claims to be for.

Regardless of how the package was retrieved, this could prevent
dishonest trojan keys from being imported, especially if DNSSEC
validated the DNS query.


How widespread is the problem of unknowingly importing compromised
software ?



--

For me, I prefer to be pro-active rather than reactive.

DNSSEC gives us a some validation options we did not formerly have, I 
like to use it where it takes away potential vectors whether they 
currently are popular attack vectors or not.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Gordon Messmer]

On 12/20/2015 12:44 PM, Alice Wonder wrote:

The point I'm trying to make though is that yum could benefit from the
ability to verify the fingerprint in a key it is importing matches a
DNS query for the user and domain the key claims to be for.


I think we understand your point.  The solution that you're proposing 
guards the system against compromise from data that's already in /etc. 
In my mind, that's too late.  An attacker that can put data in /etc can 
overcome any protections you put in place.  I agree with you that 
packages should never be installed by rpm over http/ftp, because there's 
no signature verification in that case. But yum isn't involved in that, 
so I can't see a rational case for modifying yum to protect the system 
after you install an untrusted rpm.  It sounds like you're trying to 
close the barn door after the horses have already left.


In any case, development of yum has ended.  It's been replaced by dnf. 
And this is the wrong place to discuss improvements to either.  CentOS 
is a rebuild of Red Hat and nothing more. Improvements need to happen 
further upstream.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Alice Wonder]

On 12/20/2015 02:28 PM, Gordon Messmer wrote:

On 12/20/2015 10:10 AM, Alice Wonder wrote:

Yes, but I've run into instance where curl does not work for https -
for example I believe if ECDSA TLS certificate is being used on the
server, curl doesn't work. Not sure about wget.


Why do you think the solution is to make yum behave well when there's
malicious data in /etc, rather than updating rpm/curl to properly
support https so that it doesn't get there?
___


It's a validation step.

Even with https - fraudulently signed certificates are still a problem, 
as well as the issue of there not being any RFC stating what certificate 
authorities must be trusted.


So if a server serves an RPM over https - it has to be with a 
certificate signed by an authority trusted by client. There's no way to 
guarantee that.


DNSSEC validation doesn't have that issue.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Power Management

[Chris Olson]

Recent power management discussions plugged into one of our
current frustrations, namely the interaction of the screen
lock and power-save features on Intel/CentOS 6 platforms.
We certainly would not have guessed that locking the screen
would inhibit going into the power-save mode, but it sure
seems to do exactly that on some of our test platforms.

If one leaves the desktop idle for the timeout period, the
computer sleeps.  If one locks the screen and then leaves
the machine idle, the computer does not sleep.  We were
hoping that this "feature" was isolated to just our older
Dell desktop machine hardware and firmware, but it appears
elsewhere as well.

Possibly more interesting is that most of our systems were
loaded with CentOS 6.X almost two years ago and have been
updated at least weekly ever since.  This new power-save
scenario has appeared just within the last three weeks,and our investigations 
have not discovered the cause ora solution.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Always Learning]

On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote:


> RPM has ability to install a package over the network.
> 
> rpm -i ftp://example.org/foo-2.2.noarch.rpm


Thanks for the new knowledge.

> The point I'm trying to make though is that yum could benefit from
> the ability to verify the fingerprint in a key it is importing
> matches a DNS query for the user and domain the key claims to be for.
>
> Regardless of how the package was retrieved, this could prevent 
> dishonest trojan keys from being imported, especially if DNSSEC 
> validated the DNS query.

How widespread is the problem of unknowingly importing compromised
software ?

-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Power Management

[Nux!]

I assume you have double-checked Gnome's power management preferences and they 
are what you'd expect, right?

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Chris Olson" 
> To: "CentOS Mailing List" 
> Sent: Sunday, 20 December, 2015 21:05:53
> Subject: [CentOS] Power Management

> Recent power management discussions plugged into one of our
> current frustrations, namely the interaction of the screen
> lock and power-save features on Intel/CentOS 6 platforms.
> We certainly would not have guessed that locking the screen
> would inhibit going into the power-save mode, but it sure
> seems to do exactly that on some of our test platforms.
> 
> If one leaves the desktop idle for the timeout period, the
> computer sleeps.  If one locks the screen and then leaves
> the machine idle, the computer does not sleep.  We were
> hoping that this "feature" was isolated to just our older
> Dell desktop machine hardware and firmware, but it appears
> elsewhere as well.
> 
> Possibly more interesting is that most of our systems were
> loaded with CentOS 6.X almost two years ago and have been
> updated at least weekly ever since.  This new power-save
> scenario has appeared just within the last three weeks,and our investigations
> have not discovered the cause ora solution.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Power Management

[Richard]

> Date: Sunday, December 20, 2015 22:15:49 +
> From: Nux! 

>> From: "Chris Olson" 
>> Sent: Sunday, 20 December, 2015 21:05:53
> 
>> Recent power management discussions plugged into one of our
>> current frustrations, namely the interaction of the screen
>> lock and power-save features on Intel/CentOS 6 platforms.
>> We certainly would not have guessed that locking the screen
>> would inhibit going into the power-save mode, but it sure
>> seems to do exactly that on some of our test platforms.
>> 
>> If one leaves the desktop idle for the timeout period, the
>> computer sleeps.  If one locks the screen and then leaves
>> the machine idle, the computer does not sleep.  We were
>> hoping that this "feature" was isolated to just our older
>> Dell desktop machine hardware and firmware, but it appears
>> elsewhere as well.
>> 
>> Possibly more interesting is that most of our systems were
>> loaded with CentOS 6.X almost two years ago and have been
>> updated at least weekly ever since.  This new power-save
>> scenario has appeared just within the last three weeks,and our
>> investigations have not discovered the cause ora solution.

> I assume you have double-checked Gnome's power management
> preferences and they are what you'd expect, right?

Power management is controlled by the window manager (which you
didn't indicate). So, assuming gnome, you should look for recent
updates to "gnome-power-manager" - check your yum.log for updates in
the timeframe where this issue started. Make certain that you have
the most recent (2.28.3-7.el6_4) installed. You might try a "yum
downgrade" on that package to see if that fixes things. [I currently
only have servers on centos-6, so no power managers, so can't look
at things easily.]

For the record, on centos-7 -- both mate and gnome -- the power
manager acts as expected (shutting down/suspending) the machine on
the idle timer when the screen is locked.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Gordon Messmer]

On 12/20/2015 10:10 AM, Alice Wonder wrote:

Yes, but I've run into instance where curl does not work for https -
for example I believe if ECDSA TLS certificate is being used on the
server, curl doesn't work. Not sure about wget.


Why do you think the solution is to make yum behave well when there's 
malicious data in /etc, rather than updating rpm/curl to properly 
support https so that it doesn't get there?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Missing module grub entry in xen-4.4.3-9 & boot issues

[Phill Bandelow]

HI,

We've started to see several issues with the Xen releases. Going back to
basics I've used this guide
https://wiki.centos.org/HowTos/Xen/Xen4QuickStart

Once the install process is complete the grub.conf looks like this:

default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (3.18.21-17.el6.x86_64)
root (hd0,0)
kernel /boot/xen.gz dom0_mem=1024M,max:1024M cpuinfo
com1=115200,8n1 console=com1,tty loglvl=all guest_loglvl=all
module /boot/vmlinuz-3.18.21-17.el6.x86_64 ro root=/dev/vda1
rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16
crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
title CentOS (2.6.32-573.12.1.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-573.12.1.el6.x86_64 ro root=/dev/vda1
rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16
crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /boot/initramfs-2.6.32-573.12.1.el6.x86_64.img
title CentOS (2.6.32-358.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-358.el6.x86_64 ro
root=UUID=71b203ab-36ea-4aa8-9ba3-78e4109f0ca4 rd_NO_LUKS rd_NO_LVM
LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto
KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /boot/initramfs-2.6.32-358.el6.x86_64.img

As you can see the missing module line. If i manually run grub-bootxen.sh
nothing changes.

Manually adding the missing module entry:

module /boot/initramfs-3.18.21-17.el6.x86_64.img

Causes the following:

https://www.dropbox.com/s/ley5nj29ubwqogc/Screenshot%202015-12-20%2011.10.11.png?dl=0

Disabling APIC gives the following console output:

https://www.dropbox.com/s/a6zgioxl9xpg20y/Screenshot%202015-12-20%2011.15.29.png?dl=0

Now i know this is inside a KVM virtual machine, however we are starting to
see this issue on at least 7 standard dedicated servers.

[root@test ~]# rpm -qa | grep xen
xen-libs-4.4.3-9.el6.x86_64
xen-hypervisor-4.4.3-9.el6.x86_64
xen-4.4.3-9.el6.x86_64
centos-release-xen-7-11.el6.x86_64
xen-licenses-4.4.3-9.el6.x86_64
xen-runtime-4.4.3-9.el6.x86_64

[root@test ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@test ~]#

[root@test ~]# cat /proc/cpuinfo
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Core(TM)2 Quad CPUQ9400  @ 2.66GHz
stepping: 10
microcode   : 1
cpu MHz : 2666.352
cache size  : 4096 KB
physical id : 0
siblings: 1
core id : 0
cpu cores   : 1
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 13
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx lm constant_tsc
arch_perfmon unfair_spinlock pni ssse3 cx16 sse4_1 x2apic xsave hypervisor
lahf_lm
bogomips: 5332.70

-- 
Regards,
Phill
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] yum/RPM and Trust on First Use

[Alice Wonder]

On 12/20/2015 10:05 AM, Gordon Messmer wrote:

On 12/20/2015 04:26 AM, Ned Slider wrote:

Unless I'm mistaken RPM in el5 does not support the https protocol.


In that case, users should use curl or wget to retrieve the rpm over
https before installing it.


Yes, but I've run into instance where curl does not work for https - for 
example I believe if ECDSA TLS certificate is being used on the server, 
curl doesn't work. Not sure about wget.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /bin/nmcli and connection names

[Eugene Vilensky]

On Wed, Dec 16, 2015 at 4:47 PM, Earl A Ramirez 
wrote:

> I don't see 'System' in any of the CentOS 7.2.1511 boxes or VMs that were
> recently upgraded:
>

​Hi Earl,

Have you tried a new install?​ I agree, upgraded installations do not seem
to be affected.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical problem with power management CentOS 7.2

[Fred Smith]

On Sun, Dec 20, 2015 at 04:23:07PM +, Richard wrote:
> 
> 
> > Date: Sunday, December 20, 2015 07:52:25 -0800
> > From: Alice Wonder 
> >
> > Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is
> > too demanding on video capabilities for this hardware)
> > 
> > Under CentOS 7.1 - the laptop would sleep when I closed the lid.
> > 
> > It no longer does. I can tell because the laptop remains warm when
> > I close the lid now, mail filters in Thunderbird run when the lid
> > is closed, and it doesn't need to re-establish wifi when opening.
> > 
> > This is dangerous because thinkpads cool through the keyboard.
> > 
> > The battery usage monitor also no longer works. It shows 99%
> > battery even as the laptop starts giving its warning beep that the
> > battery is exhausted and it is about to shut down.
> > 
> > Anyone know what broke with the update to 7.2 and how to fix it?
> > 
> > No 3rd party kernel modules are involved.
> 
> Do you have the latest mate power manager
> (mate-power-manager-1.10.2-3) installed? There was a discussion of
> this issue on the list about 10 days ago, when that was still in
> epel-testing, but it now appears to in their production repo.
> Installing it seemed to have resolved the issue for the OP. With
Yes, that woulda been me. and yes it solved the problem on my netbook.
> that installed my laptop suspends on lid-close.

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us 
Do you not know? Have you not heard? 
The LORD is the everlasting God, the Creator of the ends of the earth. 
  He will not grow tired or weary, and his understanding no one can fathom.
- Isaiah 40:28 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical problem with power management CentOS 7.2

[Alice Wonder]

On 12/20/2015 11:05 AM, Fred Smith wrote:

On Sun, Dec 20, 2015 at 04:23:07PM +, Richard wrote:




Date: Sunday, December 20, 2015 07:52:25 -0800
From: Alice Wonder 

Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is
too demanding on video capabilities for this hardware)

Under CentOS 7.1 - the laptop would sleep when I closed the lid.

It no longer does. I can tell because the laptop remains warm when
I close the lid now, mail filters in Thunderbird run when the lid
is closed, and it doesn't need to re-establish wifi when opening.

This is dangerous because thinkpads cool through the keyboard.

The battery usage monitor also no longer works. It shows 99%
battery even as the laptop starts giving its warning beep that the
battery is exhausted and it is about to shut down.

Anyone know what broke with the update to 7.2 and how to fix it?

No 3rd party kernel modules are involved.


Do you have the latest mate power manager
(mate-power-manager-1.10.2-3) installed? There was a discussion of
this issue on the list about 10 days ago, when that was still in
epel-testing, but it now appears to in their production repo.
Installing it seemed to have resolved the issue for the OP. With

Yes, that woulda been me. and yes it solved the problem on my netbook.

that installed my laptop suspends on lid-close.




The update seems to have resolved all my issues as well.

--
-=-
Sent my from my laptop, may not be able to respond timely
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Gordon Messmer]

On 12/19/2015 09:49 AM, Alice Wonder wrote:


With third party repositories the key and configuration file is often 
distributed separately. That's the potential attack vector for trojan 
keys.


Examples?

All of the notable repositories that I'm aware of publish an 
x-release.rpm that installs their key and yum repo file.  But if your 
concern is that users might manually install a repo file and public key, 
then I don't see how modifying yum would change that. The attacker would 
probably include a key that contains an address they control and 
validates properly against it.


In other words, I think the solution to the problem is simply to make 
sure that the repositories publish their "release" rpm over https and 
that documentation reflects the secure URL.  I notice now that EPEL 
links directly to the https URL for their release rpm, but their FAQ 
still provides a command-line example for installation using an http URL.


The FAQ should be updated.  That method is a potential security problem 
because it doesn't use https and doesn't check the package signature.  
But the solution is simply to replace http with https in the FAQ.  yum 
isn't used to install the release package, and I think the solution is 
to make sure that malicious release packages don't get installed, not to 
try to behave well on a system where an attacker already installed 
malicious data.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Ned Slider]

On 20/12/15 10:28, Gordon Messmer wrote:
> On 12/19/2015 09:49 AM, Alice Wonder wrote:
>>
>> With third party repositories the key and configuration file is often
>> distributed separately. That's the potential attack vector for trojan
>> keys.
> 
> Examples?
> 
> All of the notable repositories that I'm aware of publish an
> x-release.rpm that installs their key and yum repo file.  But if your
> concern is that users might manually install a repo file and public key,
> then I don't see how modifying yum would change that. The attacker would
> probably include a key that contains an address they control and
> validates properly against it.
> 
> In other words, I think the solution to the problem is simply to make
> sure that the repositories publish their "release" rpm over https and
> that documentation reflects the secure URL.  I notice now that EPEL
> links directly to the https URL for their release rpm, but their FAQ
> still provides a command-line example for installation using an http URL.
> 
> The FAQ should be updated.  That method is a potential security problem
> because it doesn't use https and doesn't check the package signature. 
> But the solution is simply to replace http with https in the FAQ.  yum
> isn't used to install the release package, and I think the solution is
> to make sure that malicious release packages don't get installed, not to
> try to behave well on a system where an attacker already installed
> malicious data.
> 

Unless I'm mistaken RPM in el5 does not support the https protocol.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] playing DVDs on C7

[Alice Wonder]

On 12/19/2015 06:01 PM, Fred Smith wrote:

On Fri, Dec 18, 2015 at 12:29:05PM -0500, Fred Smith wrote:

On Fri, Dec 18, 2015 at 09:32:53AM -0500, Lamar Owen wrote:

On 12/17/2015 08:33 PM, Fred Smith wrote:

Hi all!

I'm trying to finish setting up my newly upgraded C7 system.

It's on the same hardware I ran C6 on for several years. on C6 I had no
trouble playing DVDs (after installing tons of packages and libdvdcss).


I have found that whether VLC will play a DVD is somewhat dependent
on the DVD.  I have played DVD's through VLC successfully on my
CentOS 7 system using the nux package stack, incidentally, but there
are several DVD's in my collection that will not play with the VLC
in nux dextop.  But I also purchased (the very first version a
number of years ago) and keep support updated for the Fluendo
OnePlay DVD player (fully legal, licensed, DVD playback) and it both
works perfectly on CentOS 7 and plays those titles that VLC has
trouble with (like the DVD copy included in the Bluray edition of
Titanic).


I don't play a LOT of DVDs, but on, e.g., C6 on the same hardware
I don't recall ever having onefail to play with VLC.

In looking at the source package for libdvdcss, last night, I see there
are 3 different ways of cracking the encryption that it supports. The
default one is to try to crack each file's encryption, with the down-side
that it may fail entirely. there is also an option to crack the DISC's
key which can then be used to decrypt each file. from the description
it sounds as if the disc option might be better even though it isn't
the default.

If all else fails I will try hacking around with that option.


OK, I haven't gotten very far, but there is one interesting observation:
vlc plays my homemade NON-encrypted DVDs just fine (except for the
DVD menus, on which for some reason it errors). This kinda hints that
VLC is not finding/opening libdvdcss even though I'm using the one
from the nux repos, same as the source of the VLC RPM I have.

One would think that nux's VLC would work with nux's libdvdcss, but
this evidence makes me wonder...

If nux is here, or if anyone here uses nux's vlc and libdvdcss with
SUCCESS, I'd appreciate hearing from them.

Fred

PS:
I'm not having any luck compiling libdvdcss from source... using
rpmbuild to create a RPM I keep getting errors about "unpackaged files
found", and can't figure out why or how to solve it (yes I've googled
for solutions).



Try this src.rpm

http://awel.domblogger.net/7/media/src/repoview/libdvdcss.html

That builds for me on EL7 in mock

--
-=-
Sent my from my laptop, may not be able to respond timely
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP create home directories

[Todor Petkov]

On 20/12/2015 12:05 AM, Tim Dunphy wrote:


Check /var/log/secure for why the directory is not able to be created.
Might be selinux, is that enabled? (sestatus)



Good catch! It was indeed SELinux preventing the directory from being
created. Disabling it allows that to happen. For instance I just 
created a

new test user in LDAP:

 #ssh odun...@ops2.example.com

odun...@ops2.example.com's password:

Creating directory '/home/odunphy'.


Hello,

in RHEL/CentOS7 you need oddjob-mkhomedir - check this 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_Authentication.html#idp27104864


Regards,
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical problem with power management CentOS 7.2

[Richard]

> Date: Sunday, December 20, 2015 07:52:25 -0800
> From: Alice Wonder 
>
> Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is
> too demanding on video capabilities for this hardware)
> 
> Under CentOS 7.1 - the laptop would sleep when I closed the lid.
> 
> It no longer does. I can tell because the laptop remains warm when
> I close the lid now, mail filters in Thunderbird run when the lid
> is closed, and it doesn't need to re-establish wifi when opening.
> 
> This is dangerous because thinkpads cool through the keyboard.
> 
> The battery usage monitor also no longer works. It shows 99%
> battery even as the laptop starts giving its warning beep that the
> battery is exhausted and it is about to shut down.
> 
> Anyone know what broke with the update to 7.2 and how to fix it?
> 
> No 3rd party kernel modules are involved.

Do you have the latest mate power manager
(mate-power-manager-1.10.2-3) installed? There was a discussion of
this issue on the list about 10 days ago, when that was still in
epel-testing, but it now appears to in their production repo.
Installing it seemed to have resolved the issue for the OP. With
that installed my laptop suspends on lid-close.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban problem new installation

[Paul Heinlein]

On Sat, 19 Dec 2015, Günther J. Niederwimmer wrote:


Hello,

I have a big problem with fail2ban and firewalld on my new system.

I have a server running (CentOS 7.1) and run a Update to 7.2 on this system
all is working ?

BUT I install a new system with CentOS 7 1511 on this systems fail2ban don't
work anymore. I have this error  or more, in the firewalld

2015-12-19 08:39:55 ERROR: COMMAND_FAILED: '/sbin/iptables -w2 -t filter -I
INPUT_direct 1 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-
sshd src -j REJECT --reject-with icmp-port-unreachable' failed: iptables
v1.4.21: Set fail2ban-sshd doesn't exist.


Things to check:

* the output of "ipset -l -n" to see if you have any ip sets
  defined

* that the fail2ban-firewalld rpm is installed

* that firewalld.service and fail2ban.service are both enabled
  and running

--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical problem with power management CentOS 7.2

[Alice Wonder]

On 12/20/2015 08:44 AM, Alice Wonder wrote:



On 12/20/2015 08:23 AM, Richard wrote:



Do you have the latest mate power manager
(mate-power-manager-1.10.2-3) installed? There was a discussion of
this issue on the list about 10 days ago, when that was still in
epel-testing, but it now appears to in their production repo.
Installing it seemed to have resolved the issue for the OP. With
that installed my laptop suspends on lid-close.




I was at 1.10.2-2

Updating now. Weird because I ran yum-update before I left for holidays,
guess the repo it used from the mirror-list wasn't freshest.

I'll see what happens.


It is sleeping now. Once the battery is fully charged, I'll unplug and 
see if battery status updates as it is used.


Thank you.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Missing module grub entry in xen-4.4.3-9 & boot issues

[PJ Welsh]

I've also had a few Xen systems grub entry issues. I'm not yet sure what
triggers the events, but I do think there *may* be a correlation to the
"/boot" part. I've found the Xen servers that have "/boot" before any of
the the lines like "/boot/xen.gz" ended up missing complete grub entries.
Not sure it's 100% true. Anyone else comment?

Thanks
PJ

On Sun, Dec 20, 2015 at 5:31 AM, Phill Bandelow  wrote:

> HI,
>
> We've started to see several issues with the Xen releases. Going back to
> basics I've used this guide
> https://wiki.centos.org/HowTos/Xen/Xen4QuickStart
>
> Once the install process is complete the grub.conf looks like this:
>
> default=0
> timeout=5
> splashimage=(hd0,0)/boot/grub/splash.xpm.gz
> hiddenmenu
> title CentOS (3.18.21-17.el6.x86_64)
> root (hd0,0)
> kernel /boot/xen.gz dom0_mem=1024M,max:1024M cpuinfo
> com1=115200,8n1 console=com1,tty loglvl=all guest_loglvl=all
> module /boot/vmlinuz-3.18.21-17.el6.x86_64 ro root=/dev/vda1
> rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16
> crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
> title CentOS (2.6.32-573.12.1.el6.x86_64)
> root (hd0,0)
> kernel /boot/vmlinuz-2.6.32-573.12.1.el6.x86_64 ro root=/dev/vda1
> rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16
> crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
> initrd /boot/initramfs-2.6.32-573.12.1.el6.x86_64.img
> title CentOS (2.6.32-358.el6.x86_64)
> root (hd0,0)
> kernel /boot/vmlinuz-2.6.32-358.el6.x86_64 ro
> root=UUID=71b203ab-36ea-4aa8-9ba3-78e4109f0ca4 rd_NO_LUKS rd_NO_LVM
> LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto
> KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
> initrd /boot/initramfs-2.6.32-358.el6.x86_64.img
>
> As you can see the missing module line. If i manually run grub-bootxen.sh
> nothing changes.
>
> Manually adding the missing module entry:
>
> module /boot/initramfs-3.18.21-17.el6.x86_64.img
>
> Causes the following:
>
>
> https://www.dropbox.com/s/ley5nj29ubwqogc/Screenshot%202015-12-20%2011.10.11.png?dl=0
>
> Disabling APIC gives the following console output:
>
>
> https://www.dropbox.com/s/a6zgioxl9xpg20y/Screenshot%202015-12-20%2011.15.29.png?dl=0
>
> Now i know this is inside a KVM virtual machine, however we are starting
> to see this issue on at least 7 standard dedicated servers.
>
> [root@test ~]# rpm -qa | grep xen
> xen-libs-4.4.3-9.el6.x86_64
> xen-hypervisor-4.4.3-9.el6.x86_64
> xen-4.4.3-9.el6.x86_64
> centos-release-xen-7-11.el6.x86_64
> xen-licenses-4.4.3-9.el6.x86_64
> xen-runtime-4.4.3-9.el6.x86_64
>
> [root@test ~]# cat /etc/redhat-release
> CentOS release 6.7 (Final)
> [root@test ~]#
>
> [root@test ~]# cat /proc/cpuinfo
> processor   : 0
> vendor_id   : GenuineIntel
> cpu family  : 6
> model   : 23
> model name  : Intel(R) Core(TM)2 Quad CPUQ9400  @ 2.66GHz
> stepping: 10
> microcode   : 1
> cpu MHz : 2666.352
> cache size  : 4096 KB
> physical id : 0
> siblings: 1
> core id : 0
> cpu cores   : 1
> apicid  : 0
> initial apicid  : 0
> fpu : yes
> fpu_exception   : yes
> cpuid level : 13
> wp  : yes
> flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
> cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx lm constant_tsc
> arch_perfmon unfair_spinlock pni ssse3 cx16 sse4_1 x2apic xsave hypervisor
> lahf_lm
> bogomips: 5332.70
>
> --
> Regards,
> Phill
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt
>
>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-announce] CEBA-2015:2668 CentOS 6 watchdog FASTTRACK BugFix Update

[Johnny Hughes]

CentOS Errata and Bugfix Advisory 2015:2668 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-2668.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d7a9fb01a178a2dbb1a93d5e5ca7d8744e26ade820da1e95c8250d4a88d7acd2  
watchdog-5.6-5.el6.i686.rpm

x86_64:
9a8101cf52bba32ec1e6c653683ec5468aeb81ec972785136023c2a2f19923ec  
watchdog-5.6-5.el6.x86_64.rpm

Source:
d5a4e034185b85e189da7bdf77fad1bf1fea5ff8bf41e18da4f214966b075792  
watchdog-5.6-5.el6.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS

___
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Re: [CentOS] yum/RPM and Trust on First Use

[Gordon Messmer]

On 12/20/2015 04:26 AM, Ned Slider wrote:

Unless I'm mistaken RPM in el5 does not support the https protocol.


In that case, users should use curl or wget to retrieve the rpm over 
https before installing it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Critical problem with power management CentOS 7.2

[Alice Wonder]

Thinkpad T410 running CentOS 7 with the Mate desktop (Gnome 3 is too 
demanding on video capabilities for this hardware)


Under CentOS 7.1 - the laptop would sleep when I closed the lid.

It no longer does. I can tell because the laptop remains warm when I 
close the lid now, mail filters in Thunderbird run when the lid is 
closed, and it doesn't need to re-establish wifi when opening.


This is dangerous because thinkpads cool through the keyboard.

The battery usage monitor also no longer works. It shows 99% battery 
even as the laptop starts giving its warning beep that the battery is 
exhausted and it is about to shut down.


Anyone know what broke with the update to 7.2 and how to fix it?

No 3rd party kernel modules are involved.



--
-=-
Sent my from my laptop, may not be able to respond timely
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Critical problem with power management CentOS 7.2

[Alice Wonder]

On 12/20/2015 08:23 AM, Richard wrote:



Do you have the latest mate power manager
(mate-power-manager-1.10.2-3) installed? There was a discussion of
this issue on the list about 10 days ago, when that was still in
epel-testing, but it now appears to in their production repo.
Installing it seemed to have resolved the issue for the OP. With
that installed my laptop suspends on lid-close.




I was at 1.10.2-2

Updating now. Weird because I ran yum-update before I left for holidays, 
guess the repo it used from the mirror-list wasn't freshest.


I'll see what happens.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[Alice Wonder]

On 12/20/2015 12:16 PM, John R Pierce wrote:

On 12/20/2015 4:26 AM, Ned Slider wrote:

Unless I'm mistaken RPM in el5 does not support the https protocol.


did you mean Yum ?   rpm is just a file format for packages, and a
package installer program, its yum that does the network operations to
fetch the packages, and as far as I understand it uses libcurl, so it
should be able to support https




RPM has ability to install a package over the network.

rpm -i ftp://example.org/foo-2.2.noarch.rpm

could be used to install that package, which may contain the key and yum 
configuration for a third party package.


The point I'm trying to make though is that yum could benefit from the 
ability to verify the fingerprint in a key it is importing matches a DNS 
query for the user and domain the key claims to be for.


Regardless of how the package was retrieved, this could prevent 
dishonest trojan keys from being imported, especially if DNSSEC 
validated the DNS query.


--
-=-
Sent my from my laptop, may not be able to respond timely
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum/RPM and Trust on First Use

[John R Pierce]

On 12/20/2015 4:26 AM, Ned Slider wrote:

Unless I'm mistaken RPM in el5 does not support the https protocol.


did you mean Yum ?   rpm is just a file format for packages, and a 
package installer program, its yum that does the network operations to 
fetch the packages, and as far as I understand it uses libcurl, so it 
should be able to support https



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /bin/nmcli and connection names

[Earl A Ramirez]

On 21 December 2015 at 03:37, Eugene Vilensky  wrote:

> On Wed, Dec 16, 2015 at 4:47 PM, Earl A Ramirez 
> wrote:
>
> > I don't see 'System' in any of the CentOS 7.2.1511 boxes or VMs that were
> > recently upgraded:
> >
>
> ​Hi Earl,
>
> Have you tried a new install?​ I agree, upgraded installations do not seem
> to be affected.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

Hi Eugene,

I just did a clean install and I don't see 'System' under the name:

$ cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)

$ yum history list
Loaded plugins: fastestmirror
ID | Login user   | Date and time| Action(s)  |
Altered
---
 1 | System| 2015-12-20 15:17 | Install|
 297

$ nmcli con
NAME   UUID  TYPE
 DEVICE
Team connection 1  c179d7da-8f12-4a80-8ce8-1621ba108d8b  team
 team0
team0 slave 2  449506ad-bdc5-49ec-8bb9-5f31a9dbe4e7  802-3-ethernet
 ens8
team0 slave 1  25d843c0-8835-442e-a126-226dcfa89fe5  802-3-ethernet
 eth0
eth0   73bda044-f940-40d0-a871-8cf388f65695  802-3-ethernet  --


-- 
Kind Regards
Earl Ramirez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos