Re: [CentOS] how to use an own ks.cfg booting from a usb-device (centos 8 & 9)
Am 05.01.24 um 21:26 schrieb Christer M. Fekjan: On Thursday 04 January 2024 11:02:27 Ralf Prengel wrote: Zitat von "Christer M. Fekjan" : Hello Ralf, Does your kickstart file contain all obligatory settings? Like e.g. language. Otherwise the installation will prompt for these, at least it did in previous CentOS versions. In my kickstart file I have these settings for an old CentOS 5 version (used ks a lot then): # use whatever fits you # System keyboard keyboard no # System language lang nb_NO From a running CentOS 7 system's kickstart files (generated from the installation): - /root/anaconda-ks.cfg and/or - /root/initial-setup-ks.cfg # Keyboard layouts keyboard --vckeymap=no --xlayouts='no' # System language lang en_US.UTF-8 As you see, the directives for v5 and v7 differs slightly. I don't know whether v5 directives would work on v7 or the other way around. Anyway, if you install a system manually, copying the necessary configuration directives from the then generated /root/*ks.cfg-files should give you a working ks-file. Also check that the path to the ks-file is correct. If possible host it on a webserver or any other way you can check, by logs or other means, that the ks- file is requested and correctly retrieved. Good luck, hope it helps! Kind regards, Christer M. Fekjan Hallo, thanks for the hints. In which file do you refere to the ks.cfg and which syntax are you using? Is it isolinux.cg? Ralf Short version: I guess you can use a network (or local) install media, enter "Edit boot command line" (or something similar) and add something like: ks=http://example.local/kickstart ksdevice=eth0 I remember fiddling with a ks-file on a USB stick, but had no luck with that. IIRC - the kernel parameters must be namespaced: inst.ks= and inst.ks.device= -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Current RHEL fragmentation landscape
Am 26.07.23 um 00:52 schrieb Gordon Messmer: On 2023-07-25 12:18, Chris Adams wrote: Once upon a time, Gordon Messmer said: If Red Hat were doing development in RHEL minor releases that wasn't published elsewhere, I would probably have a different view of thing, but they aren't. There's nothing there that isn't published elsewhere. This will not be the case for the second half of a RHEL major release life cycle, because the corresponding Stream will be EOL and no longer updated. As best I understand Red Hat's "upstream first" policy: every patch applied to RHEL X.10 will either be a patch that they import from an upstream project, or (for patches that Red Hat develops) will be offered to the upstream project. They're not held in reserve for RHEL customers exclusively. So, they may not appear in the Stream git repo, but the patches are still publicly available through other channels. If anyone has examples of this not happening, then we can talk about whether the process is working as intended, and what that means. Honestly, you are mixing unrelated, or not relevant topics and arguments, and even misconceptions and forget to understand the problem at all. When done intentionally, its just a flashbang approach and this doesn't contribute to clarify the actual new reality. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How will fragmentation help Red Hat
Am 13.07.23 um 14:42 schrieb Tom Bishop: I think I finally need to remove myself from the centos mail list but coming from @redhat worker trying to explain what their company has done, is pretty disingenuous to say the least. It's pretty clear what they are trying to do and it's all driven by greed, have seen it over and over in the opensource world, and lets be clear thats what it always comes down to is greed. Bottom line its a d*ck move by Redhat, but technically still meets the letter of the GPL so it is what it is. IMHO they basically became another Oracle and we know how most feel about them, but hey someone has this great idea to make more money they have the right based on the GPL to do it..I moved a few servers to Rocky when they killed Centos but this is it for me, I will migrate my remaining servers over to anything but Redhat, they are dead to me. I had been using Centos for many years, when Karanbir Singh was running things and they would go to meet ups and you could get t-shirts etc..Was a great run but Redhat has ruined all that and now I just could care less what Redhat does from here on out. I'm nobody, but where I do work we have options for which linux distro that we want to run, I can assure you I will not be spinning up an Redhat instances...fool me once, fool me twice... Well, as RH's announcement is quite some day ago, I had time to reflect this jumble. The whole thing is much more complex than people want to admit and I will not decompose this all here now. Honestly I see the open source ecosystem like a hardware store. You have everything that you need to build your own home, thats all. So, some entity is needed to build it - a worker, consultant, hobby crafts(wo)man, agency, midsize firm, corporation et cetera, and that is the truth the we all should face it. To make it clear, what product do you get when a loosy community build a distribution, with components of projects that are under financed? You need to put energy into something to keep it alive, this does not a happen magically. The how can be discussed. IMO, it should not be about the content (code, its already open) its should be about the structure ... something that balances the input with the output to stay sustainable. It should also be recognized that RH has contributed and continues to contribute much. I say this without any affiliation to RH - just have a large window of time available to oversee it all. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mediainfo crashes after latest update (CentOS 7)
Am 02.05.23 um 08:51 schrieb wwp: Hello, after mediainfo packages have been updated from 22.12-3.el7.x86_64 to 23.03-1.el7.x86_64, I observe reproducible crashes here, mostly by using it with mkv files. I couldn't find a mirror of the EPEL repository where 22.12 is still available (only found an old 20.08-1). Does anybody reproduces issues w/ mediainfo? Any hint how to find the 22.12-3 rpms? https://koji.fedoraproject.org/koji/buildinfo?buildID=2103636 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where is glib-devl x86-64?
Am 21.03.23 um 23:10 schrieb Fred: that's what I thought at first, but there is no gimp-devel either installed, or available. I think you will get more trouble because this plugin uses python2 code and I am not sure if this is supported under EL9. You could try the flatpak version of this plugin ... $ flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo $ flatpak --user install Resynthesizer org.gimp.GIMP -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel updates do not boot - always boots oldest kernel
Am 14.03.23 um 12:30 schrieb Rob Kampen: OK, found out the problem as to why it doesn't boot any kernel except 36.2 the system reports that it cannot find vmlinuz-3.10.0-1160.88.1.el7.x86_64 or any one of the others, except for vmlinuz-3.10.0-1160.36.2.el7.x86_64 hence a manual selection from the grub menu when in front of the machine will only load the 36.2 kernel I found that under /boot/grub2 there were two .rpmnew files that mucked up the symbolic link to the grubenv file - so fixed that and did a reinstall of the latest kernel. Now all the grub and efi files appear to update correctly - progress. Now just need to work out why the efi boot process can see the old (original) kernel (36.2) but none of the later ones. Any ideas of where to look for this? seems a much more fundamental problem related to kernel install and efi booting Whats the _complete_ output of cat /etc/default/grub ? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ImageMagick dependencies - Stream 8 vs Stream 9
Am 31.01.23 um 18:14 schrieb Ryan Brothers: I was hoping someone could help trace this: I am building a docker container with ImageMagick, and I noticed that the install size is much larger in Stream 9 vs Stream 8 because of many more dependencies. Some of the new dependencies that don't seem to belong include: ModemManager-glib fuse llvm-libs upower vulkan-loader wireplumber Can someone please confirm if this is correct to have these extra dependencies? I can't say for sure, but I don't think it was always like this in Stream 9, so it might be from a recent change. It might be related to gtk2 depending on gtk3, and gtk3 having the above dependencies, but gtk3 doesn't have those dependencies in Stream 8. In Stream 8: # docker run --rm -ti quay.io/centos/centos:stream8 bash dnf -y install epel-release dnf install ImageMagick ... Install 95 Packages Total download size: 35 M Installed size: 116 M In Stream 9: # docker run --rm -ti quay.io/centos/centos:stream9 bash dnf -y install epel-release dnf install ImageMagick ... Install 247 Packages Total download size: 187 M Installed size: 679 M $ grep weak /etc/dnf/dnf.conf install_weak_deps=false Does this help? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream 9 virt-install via loop-mounted ISO fails
Am 17.01.23 um 17:34 schrieb Jos Vos: Hi, I've loop-mounted the latest CentOS Stream 9 DVD ISO and try to do a virt-install (2.0.x for some reason) as non-root user (libvirt group member) using --location with the mount path, but then I come across the problem decribed here: https://bugzilla.redhat.com/show_bug.cgi?id=2022630 That is, I see on the console "Starting dracut initqueue hook...", then it stalls for a while, and then I get all the timeouts described in the bug report. Any suggestions for a workaround (with virt-install 2.0.x and as non-root user)? Background: Dor some reason I need to use virt-install 2.0.x as non-root to install CentOS Stream 9. The "normal" way, specifying a URL with --location, does not work because it fails with permission denied for losetup. It looks like virt-install 3.2.x does not have this problem anymore. Does the same happen when using the ISO file directly as location argument? -l /.../CentOS.iso -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream 8 sssd.service failing part of sssd-common-2.8.1-1.el8.x86_64 baseos package
Am 13.01.23 um 05:34 schrieb Orion Poplawski: On 12/30/22 04:06, Jelle de Jong wrote: On 12/27/22 22:55, Gordon Messmer wrote: On 2022-12-25 07:44, Jelle de Jong wrote: A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is causing sssd.service systemctl failures all over my CentosOS machines. ... [sssd] [confdb_expand_app_domains] (0x0010): No domains configured, fatal error! Were you previously using sssd? Or is the problem merely that it is now reporting an error starting a service that you don't use? Are there any files in /etc/sssd/conf.d, or does /etc/sssd/sssd.conf exist? If so, what are the contents of those files? What are the contents of /usr/lib/systemd/system/sssd.service? If you run "journalctl -u sssd.service", are there any log entries older than the package update? I got a monitoring system for failing services and I sudenly started getting dozens of notifications for all my CentOS systems that sssd was failing. This is after the sssd package updates, causing this regression. SSSD services where not really in use but some of the common libraries are used. # systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2022-12-24 06:14:10 UTC; 6 days ago Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s ago ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met Main PID: 3953157 (code=exited, status=4) Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. # ls -halt /etc/sssd/conf.d/ total 8.0K drwx--x--x. 2 sssd sssd 4.0K Dec 8 13:08 . drwx--. 4 sssd sssd 4.0K Dec 8 13:08 .. # ls -halZ /etc/sssd/conf.d/ total 8.0K drwx--x--x. 2 sssd sssd system_u:object_r:sssd_conf_t:s0 4.0K Dec 8 13:08 . drwx--. 4 sssd sssd system_u:object_r:sssd_conf_t:s0 4.0K Dec 8 13:08 .. # ls -halZ /etc/sssd/sssd.conf ls: cannot access '/etc/sssd/sssd.conf': No such file or directory # journalctl -u sssd.service --lines 10 -- Logs begin at Mon 2022-12-26 22:15:31 UTC, end at Fri 2022-12-30 11:05:26 UTC. -- -- No entries -- Kind regards, Jelle de Jong I don't quite understand where this: Main PID: 3953157 (code=exited, status=4) came from. As it seems like sssd was started at some point and failed. But that shouldn't have happened because: Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s ago ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met It's telling you that because /etc/sssd/sssd.conf does not exist and /etc/sssd/sssd.conf.d is not empty, the service was not started because the conditions were not met. This is as expected in your case. If you don't want it to even check, just disable the service: systemctl disable sssd.service Before doing this; @OP: what's the output of: # authselect current ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dnf-makecache.service failing every few days and dnf-automatic.service samba freeipa issues (again).
Am 09.01.23 um 17:16 schrieb Jelle de Jong: Hello everybody, What is the status of the freeipa/sssd and samba conflicts in the repositories? I can not wrap my mind around that two big packages are not getting security updates anymore, because they are conflicting. I will go to FOSDEM in Belgium this year to figure out more, but I am considering moving my centos systems to rockylinux. Kind regards, Jelle de Jong CentOS Stream is an upstream project now. Distro composes will have a state that does not addresses the expectations of the old CentOS project. Further more if security is a concern, then a different OS should be chosen. Some general details about updates here: https://lists.centos.org/pipermail/centos-devel/2021-July/119645.html https://blog.centos.org/2022/09/how-updates-work-in-centos/ and more useful links in the list archives. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] EPEL future model
JFI: https://discussion.fedoraproject.org/t/epel-10-proposal/44304 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] set default permission to deployuser:deployuser for nfs common mount point /mnt/test
Am 09.11.22 um 10:56 schrieb Simon Matter: On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan wrote: #ls -l image15.png -rw-rw-r--+ 1 nginx nginx 387071 Nov 9 08:27 image15.png and use getfacl instead ls -l -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] set default permission to deployuser:deployuser for nfs common mount point /mnt/test
Am 09.11.22 um 10:41 schrieb Kaushal Shriyan: On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan wrote: #setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files #setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files #ls -l image15.png -rw-rw-r--+ 1 nginx nginx 387071 Nov 9 08:27 image15.png Try: setfacl -R -m g:deployuser:rwX,d:g:deployuser:rwX,u:nginx:rwX,d:u:nginx:rwX /data/ -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel-5.14.0-171.el9.x86_64 / Not bootable (EFI) after Firmware update
Am 08.10.22 um 16:24 schrieb Leon Fauster: Hey folks, I wonder if anyone also suffers from the following: I updated the BIOS/Firmware of a DELL notebook from 1.8 to 1.9. and after this the latest C9S kernel-5.14.0-171.el9.x86_64 can't be booted anymore (secure boot on) but the two older ones do boot: kernel-5.14.0-165.el9.x86_64 kernel-5.14.0-168.el9.x86_64 The grub error message when trying to boot kernel-5.14.0-171.el9.x86_64 looks like: error: ../../grub-core/kern/efi/sb.c:183:bad shim signature. error: ../../grub-core/loader/i386/efi/linux.c:259:you need to load the kernel first. I wonder how this happens. The firmware is classified as bug-fix update. Not sure if DBX list was update. fwupdmgr shows "Current version: 83" If so, it does not make sense that older kernels can be used to boot the system. So, a big question mark how to solve this issue? Any hints ...? # sha256sum /boot/efi/EFI/BOOT/BOOTX64.EFI 3ae459e79408b5287ce70c5b86ddcc92c243c7442d6769a330390598b7a351b1 /boot/efi/EFI/BOOT/BOOTX64.EFI It seems that the kernel-5.14.0 of the release 17X-series do not get signed with the CentOS key anymore! https://bugzilla.redhat.com/show_bug.cgi?id=2138019 TLDR: /boot/vmlinuz-5.14.0-16* versus /boot/vmlinuz-5.14.0-17* shows The signer's common name is CentOS Secure Boot Signing 201 versus The signer's common name is Red Hat Test Certificate Is this issue already receiving the right attention? -- Thanks Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyone using odpdown?
Am 21.10.22 um 17:42 schrieb H: On 10/20/2022 02:52 PM, H wrote: Is anyone using odpdown to convert markdown files to OpenOffice Impress slide presentations under CentOS 7? It is not available in the CentOS repositories I have searched. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos I got it to work. It requires python 2.7 and older versions of python modules reflecting that it was written around 2015. I find this utility extremely useful and wish it was still maintained. If anyone knows of another markdown -> Impress converter, it would be great to know. pandoc -t pptx -s Readme.md > output.pptx pptx is supported be LibreOffice Impress. As you are on EL7 I'm not sure if this works for you but it does on a recent EL version ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] kernel-5.14.0-171.el9.x86_64 / Not bootable (EFI) after Firmware update
Hey folks, I wonder if anyone also suffers from the following: I updated the BIOS/Firmware of a DELL notebook from 1.8 to 1.9. and after this the latest C9S kernel-5.14.0-171.el9.x86_64 can't be booted anymore (secure boot on) but the two older ones do boot: kernel-5.14.0-165.el9.x86_64 kernel-5.14.0-168.el9.x86_64 The grub error message when trying to boot kernel-5.14.0-171.el9.x86_64 looks like: error: ../../grub-core/kern/efi/sb.c:183:bad shim signature. error: ../../grub-core/loader/i386/efi/linux.c:259:you need to load the kernel first. I wonder how this happens. The firmware is classified as bug-fix update. Not sure if DBX list was update. fwupdmgr shows "Current version: 83" If so, it does not make sense that older kernels can be used to boot the system. So, a big question mark how to solve this issue? Any hints ...? # sha256sum /boot/efi/EFI/BOOT/BOOTX64.EFI 3ae459e79408b5287ce70c5b86ddcc92c243c7442d6769a330390598b7a351b1 /boot/efi/EFI/BOOT/BOOTX64.EFI -- Thanks Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9 Stream on Workstation with Ver. 1 x86_64 cpu
Am 05.09.22 um 17:18 schrieb Mike: Thanks very much for the link and your reply. Yes, glibc and other core parts set with specific cpu flags is precisely what I feared. I suppose it's over to debian or prep the old box for recycling. Give Fedora Linux a try ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Time-tracking software
Am 11.08.22 um 16:36 schrieb cen...@niob.at:
Am 11.08.22 um 06:20 schrieb Timotheus Pokorra:
"Kimai is a free, open source and online time-tracking software
designed for small businesses and freelancers. It is built with modern
technologies such as Symfony, Bootstrap, RESTful API, Doctrine,
AdminLTE, Webpack, ES6 and many more."
So at least it's buzzword compliant! I keep wondering why simple tasks
require that much of infrastructure ("and many more")!
https://gtimelog.org/
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modules maintenance
Am 09.08.22 um 17:03 schrieb Valere Binet: Hi, Are the default modules receiving security update? Security tools (Tenable) want me to update PHP to 7.4 claiming 7.2.24-1.module_el8.2.0+313+b04d0a66 has several vulnerabilities per CESA-2021:4213, CESA-2022:1935. Same with containers-common. Tenable wants 1.2.4-1.module_el8.6.0 rather than 1-23.module_el8.7.0+1106+45480ee0 even though both have the same 2022-03-16 date in the repo. (CESA-2022:1793, CESA-2022:2143). I don't find any centos-announce email mentioning the above CESA. Are the updates for the modules published separately? Where can I find them? JFI: https://lists.centos.org/pipermail/centos-devel/2020-October/117840.html If your security tool is looking for a NAME-VERSION-RELEASE of a RHEL package that is part of a module, this will always fail on a CentOS system. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to relay mail through gmail anymore
Am 05.08.22 um 16:39 schrieb Frank Bures: Hi, I have my CentOS7 sendmail configured to relay outgoing system e-mail through my gmail account. The setup recently stopped working. Gmail SMTP keeps returning "service unavailable". I think it has something to do with the recent changes in Gmail authentication procedures. Does anyone know how to make the relaying work again? I could not find anything on the Net. https://developers.google.com/gmail/imap/xoauth2-protocol -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] oddjob service / selinux denied
Hey,
anyone familiar with the oddjob service?
I have configured the dbus and oddjobd and wanted to test it.
While calling it with (as root):
dbus-send --system --dest=local.domain.oddjob_csc --print-reply /admin
local.domain.shee.oddjob_csc.test string:test
I get:
Error com.redhat.oddjob.Error.Exec: Child signalled exec() error:
Permission denied.
and
type=SYSCALL msg=audit(1659709637.271:196): arch=c03e syscall=59
success=no exit=-13 a0=55c9f28763d0 a1=55c9f286e0d0 a2=55c9f2870ee0 a3=0
items=0 ppid=4981 pid=6024 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="oddjobd"
exe="/usr/sbin/oddjobd" subj=system_u:system_r:oddjob_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1659709637.271:196): avc: denied { transition } for
pid=6024 comm="oddjobd" path="/usr/libexec/oddjob/sanity.sh"
dev="dm-1" ino=15768 scontext=system_u:system_r:oddjob_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process permissive=0
the configured test script is from the oddjob package:
As the AVC above shows, its a context transition that is not allowed?
How is this service supposed to be used? I suspect that the method call
must be in a context by itself, but which one?
Any idea?
Thanks,
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[CentOS] selinux / duplicate subject to a custom named one
Hey everyone, I wonder if I could copy an selinux subject (processes / httpd) to a local named one. So that it gets the same configuration as the source e.g.: httpd_exec_t -> httpd_microservice_exec_t The problem here: Some http microservices written in golang do get the same label as apache httpd (this is intentional for having a confined service): # ls -laZ /usr/libexec/myservice -rwxr-xr-x. 1 root root system_u:object_r:httpd_exec_t:s0 5168952 22. Jul 17:11 /usr/libexec/myservice Unfortunately, these webservices need access to /proc (e.g. for enumerating the sending queue via /proc/sys/net/core/somaxconn). Instead installing a module that allows this for all "httpd_t" allow httpd_t sysctl_net_t:file read; I would like to have a custom configuration thats a duplication of the http_t one. The module would then only allow read access for applications that really need it. Is that possible? Any other straight approach available? -- Thanks Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 7.4 from the Appstream repo
Am 07.07.22 um 17:28 schrieb Valere Binet: Hi, Tenable is complaining that our CentOS Stream release 8 system is vulnerable because it has php 7.2.24-1.module_el8.2... and it should have php 7.4.19-1.module_el8.5 On the mirror, I can see the PHP 7.4.19-1 and 7.4.19-2 in /centos/8-stream/Appstream/x86_64/os/packages However, dnf list is stuck at 7.2.24-1 dnf clean all didn't help. How do I get my systems to "see" the 7.4 packages? The remi repo is not a good option for my company, we'd rather use the Appstream package since it is there. Are there reasons not to upgrade? If yes, does RedHat plan to apply the security updates to 7.2? Thank you in advance for any feedback https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_managing_and_removing_user-space_components/finding-rhel-8-content_using-appstream -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS Server Centos7
Am 28.05.22 um 18:40 schrieb Frank Cox: On Sat, 28 May 2022 15:43:12 +0200 Erik Frangež via CentOS wrote: we are setting NFS server on CentOS7 system. Everything working OK except speed, speed over NFS very drop... if we run dd command directly on server we are getting speed around 1,4Gbps, if we run from client connected to NFS is 200Mbps. Do you have maybe some advice what we need to check? Speed of network card in the server. Speed of network card in the client. Speed of any and all routers and switches between the server and the client. and what config is in place ? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Raspberry Pi 4 and C++ 17
Am 25.04.22 um 23:30 schrieb Will: Hi, I think things are different because I'm on a Raspberry PI using armv7hl instead of x86_64. Ups, u are right. My fingers typed faster then my brain :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Raspberry Pi 4 and C++ 17
Am 25.04.22 um 23:07 schrieb Kenneth Porter: --On Monday, April 25, 2022 4:30 PM -0400 Will wrote: I sure did try that. I also tried to install devtools (no luck there). [root@localhost source]# yum list installed binutils* gcc-c++* libc-devel* I'd suggest checking Software Collections or COPR for newer devtools built for CentOS 7. They'd install to /opt and you'd use the scripts to set your path to use the alternate tools. yum --enablerepo=extras install centos-release-scl centos-release-scl-rh # yum list all |egrep "d.*gcc-c++"|column -t devtoolset-10-gcc-c++.x86_64 10.2.1-11.2.el7 centos-sclo-rh devtoolset-11-gcc-c++.x86_64 11.2.1-1.2.el7 centos-sclo-rh devtoolset-3-gcc-c++.x86_64 4.9.2-6.el7 centos-vault-sclo-rh devtoolset-4-gcc-c++.x86_64 5.3.1-6.1.el7centos-vault-sclo-rh devtoolset-6-gcc-c++.x86_64 6.3.1-3.1.el7centos-vault-sclo-rh devtoolset-7-gcc-c++.x86_64 7.3.1-5.16.el7 centos-sclo-rh devtoolset-8-gcc-c++.x86_64 8.3.1-3.2.el7centos-sclo-rh devtoolset-9-gcc-c++.x86_64 9.3.1-2.2.el7centos-sclo-rh -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart storage configuration hangs
Am 05.04.22 um 23:01 schrieb Chris Adams:
Once upon a time, Leon Fauster said:
I guess anaconda is not ready? Because even the ks file
from the manually installed system does not work ...
I installed a 9-stream VM from kickstart today, so I don't think it is a
general issue. Did you look at the logs to see what is happening?
Also here, installing a couple CS9 VMs with the same ks file works
flawless.
For the sake of extending the view field I tested this ks with
F35 and F36 images. The same result on this hardware.
Speak, "Checking storage configuration" forever.
Also a "wipe -a /dev/nvme0n1" beforehand didn't help.
So, it must be a low-level issue specifically to this hardware (dell
notebook). Its just strange that a graphical installation done manually
works without such issue.
Someone with any idea?
Last lines of anacondas storage log:
$ tail -40 storage.log
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_location(nvme0n1p1)
returning True
WARNING:anaconda.modules.storage.bootloader.base:nvme0n1p1 not bootable
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_format(nvme0n1p1)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:is_valid_stage1_device(nvme0n1p1)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:Is nvme0n1p2 a valid
stage2 target device?
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_disklabel(nvme0n1p2)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_size(nvme0n1p2)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_partition(nvme0n1p2)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:_is_valid_format(nvme0n1p2)
returning True
DEBUG:anaconda.modules.storage.bootloader.base:is_valid_stage2_device(nvme0n1p2)
returning True
DEBUG:anaconda.modules.storage.checker.utils:Available memory: 6,56 GiB
DEBUG:blivet: DeviceTree.get_device_by_path: path:
/dev/nvme0n1p1 ; incomplete: False ; hidden: False ;
DEBUG:blivet: DeviceTree.get_device_by_path returned
non-existent 512 MiB partition nvme0n1p1 (80) with non-existent efi
filesystem mounted at /boot/efi
DEBUG:blivet: DeviceTree.get_device_by_path: path:
/dev/nvme0n1p2 ; incomplete: False ; hidden: False ;
DEBUG:blivet: DeviceTree.get_device_by_path returned
non-existent 1024 MiB partition nvme0n1p2 (87) with non-existent ext4
filesystem mounted at /boot
DEBUG:blivet: DeviceTree.get_device_by_path: path:
/dev/nvme0n1p3 ; incomplete: False ; hidden: False ;
DEBUG:blivet: DeviceTree.get_device_by_path returned
non-existent 475,44 GiB partition nvme0n1p3 (73) with non-existent lvmpv
DEBUG:anaconda.modules.storage.partitioning.validate:Storage check
started with constraints {'min_ram': Size (320 MiB),
'root_device_types': set(), 'min_partition_sizes': {'/': Size (250 MiB),
'/usr': Size (250 MiB), '/tmp': Size (50 MiB), '/var': Size (384 MiB),
'/home': Size (100 MiB), '/boot': Size (512 MiB)},
'req_partition_sizes': {}, 'must_be_on_linuxfs': {'/', '/usr', '/home',
'/usr/lib', '/usr/share', '/var', '/tmp'}, 'must_be_on_root': {'/mnt',
'/sbin', '/proc', 'lost+found', '/lib', '/root', '/etc', '/bin',
'/dev'}, 'must_not_be_on_root': set(), 'reformat_allowlist': {'/boot',
'/usr', '/var', '/tmp'}, 'reformat_blocklist': {'/usr/local',
'/var/www', '/opt', '/home'}, 'swap_is_recommended': False,
'luks2_min_ram': Size (128 MiB)}.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_root.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_s390_constraints.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_partition_formatting.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_partition_sizes.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_partition_format_sizes.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_bootloader.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_gpt_biosboot.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_opal_compatibility.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_swap.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_swap_uuid.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_mountpoints_on_linuxfs.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_mountpoints_on_root.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_mountpoints_not_on_root.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_unlocked_devices_have_key.
DEBUG:anaconda.modules.storage.partitioning.validate:Run sanity check
verify_luks_devices_have_key.
DEBUG:anaconda.modules.storage.partitioning.valid
[CentOS] kickstart storage configuration hangs
While playing with some CS9 kickstart installation attempts (manually/graphical works) I noticed following: What ever I provide as ks file "anaconda" outputs (text mode): Saving storage configuration ... Checking storage configuration ... . . .. The ks file has nothing special, the storage related lines are: ignoredisk --only-use=nvme0n1 zerombr clearpart --all --initlabel --drives=nvme0n1 and then the part/volgroup/logvol lines. Does someone have the same issue? I guess anaconda is not ready? Because even the ks file from the manually installed system does not work ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
Am 03.12.21 um 17:15 schrieb Leon Fauster: Am 03.12.21 um 17:08 schrieb Johnny Hughes: On 12/3/21 10:01, Leon Fauster via CentOS wrote: Am 03.12.21 um 16:22 schrieb Johnny Hughes: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ Thanks Johnny. One thing that stands out compared to the CL8/CS8 iso directory, are the signed checksum files. For CS9 these are not available! Intentional? That is the case for now .. but I will put a note on our team chat to see if we can get that added. That would be great. Thanks! Hi Johnny, I wonder if there is any progress in planing? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux relabeling for a diffeerernt mount point
Am 01.04.22 um 04:03 schrieb Kenneth Porter: I'm preparing a disk mounted at /mnt/tmp to later be mounted at /var/lib/BackupPC. Is there some magic invocation to get the selinux labels for the structure I create to assume the final mount point, so that I don't have to relabel it when it's finally mounted at its target location? Or is there an argument to restorecon that will do the equivalent of chroot so that restorecon assumes the final location? Check $ man semanage-fcontext for the "equal" switch. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ansible upgrade
Am 21.02.22 um 16:24 schrieb Fabian Arrotin: On 21/02/2022 15:49, Leon Fauster via CentOS wrote: Hey all, back from vacation and seeing ansible 2.12 in the repos now. Anything to be aware of when upgrading from 2.9 to 2.12 in CS8? You'd be lucky if it works directly , as there were some semantic changes in ansible, so you'll probably have to review all the changes, and if ansible-core just has the modules (it's a stripped down version of ansible, as you're supposed to download the collections yourself) , and use FQCN (Fully Qualified Collection Names) for modules ... FWIW, CentOS Infra still on ansible 2.9.27 from our own configuration management SIG and ansible-core excluded in yum/dnf to ensure that our automation still runs fine (until we have time to test/convert all our roles/tasks/playbooks to run on ansible 5 - aka ansible-core 2.12.x) Thanks Fabian for the insights. I was planning such tests for May but that seems to be to late now. I remember that someone wanted to provide a meta package that pull additional ansible collections to give a similar experience like 2.9? Maybe more an EPEL question ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ansible upgrade
Hey all, back from vacation and seeing ansible 2.12 in the repos now. Anything to be aware of when upgrading from 2.9 to 2.12 in CS8? -- Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migrating / upgrading CentOS Linux 8 to CentOS Stream release 8
Am 04.02.22 um 14:25 schrieb Götz Reinicke: Hi, is it still possible to migrating / upgrading CentOS Linux 8 to CentOS Stream release 8 ? Any hint is welcome! Right now I do get errors: dnf install centos-release-stream CentOS Linux 8 - AppStream 111 B/s | 38 B 00:00 Fehler: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist The repos are empty now. Try dnf --disablerepo '*' --enablerepo extras swap centos-linux-repos centos-stream-repos dnf distro-sync -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] repoview alternative
With the move of yum/dnf forward to python3, tools like repoview for building browsable repos do not work anymore. Any ideas of other tools for that? Do not need to be streams/modules aware ... https://src.fedoraproject.org/rpms/repoview https://koji.fedoraproject.org/koji/packageinfo?packageID=3731 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
Am 21.01.22 um 15:23 schrieb Johnny Hughes: On 1/21/22 07:53, Johnny Hughes wrote: On 1/21/22 07:17, Johnny Hughes wrote: On 1/21/22 05:01, Leon Fauster via CentOS wrote: Am 20.01.22 um 23:14 schrieb Johnny Hughes: On 1/20/22 15:07, Johnny Hughes wrote: On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. OK .. to fix this issue until we get a build that fixes it: Edit /usr/lib/sysctl.d/50-default.conf take out the minus sign (-) in this line: -net.ipv4.ping_group_range = 0 2147483647 Is this "minus" a typo? I guess ... While yum update i get: Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected. It is the only option in that file with a dash. OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed. Or live with suod/root only for ping Yes, I was also on the same way this morning to find find the same out. Some backports are need for systemd support this "-" prefix. https://github.com/systemd/systemd/pull/13191/commits/dec02d6e1993d420a0a94c7fec294605df55e88e -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
Am 20.01.22 um 23:14 schrieb Johnny Hughes: On 1/20/22 15:07, Johnny Hughes wrote: On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. OK .. to fix this issue until we get a build that fixes it: Edit /usr/lib/sysctl.d/50-default.conf take out the minus sign (-) in this line: -net.ipv4.ping_group_range = 0 2147483647 Is this "minus" a typo? I guess ... While yum update i get: Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
Am 20.01.22 um 22:07 schrieb Johnny Hughes: On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. The change was intentional. So, this will stay ...? https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e13a?branch=c8s I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. Thanks, Johnny Hughes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
Am 19.01.22 um 15:44 schrieb Brian Stinson: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... I also noticed this "change". Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. Is this a regression of the last systemd update? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is CentOS-Stream-9-20211222.0 suitable for building for RHEL9
Am 05.01.22 um 11:02 schrieb Simon Matter: Hi, I have to port/build quite a number of packages for upcoming RHEL9. I thought about starting to do so now on CentOS-Stream-9-20211222.0 in the hope that I don't have to redo a lot of the work again later for the released RHEL9. Does it sound like a good idea to start now or should I better wait a bit? I'm already doing that. Do just expect everything that also happened in EL8. Missing devel or sub packages. Striped down s/rpm macros that blocks building fedora packages directly. So, business as usual. BTW, some packages are not in streams anymore. This makes custom overlay repos a bit easier ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] issue with virt-install and CS9 boot iso
Am 29.12.21 um 18:35 schrieb Gordon Messmer: On 12/29/21 07:29, Leon Fauster via CentOS wrote: virt-install -l CentOS-Stream-9-20211222.0-x86_64-boot.iso I don't have CS8 host handy to check... The man page for "virt-install -l" notes that this should work if virt-install is run as root. Is it run as root? The man page also suggests that you should be able to mount the ISO to a local directory and then use that path as the argument to "-l". Have you tried that to verify that the structure of the ISO filesystem is as expected? Current state here is right now: -l CentOS-Stream-9-20211222.0-x86_64-dvd1.iso works, but -l CentOS-Stream-9-20211222.0-x86_64-boot.iso NOT. A quick test with -l CentOS-Stream-9-20211222.0-x86_64-boot.iso,kernel=isolinux/vmlinuz,initrd=isolinux/initrd.img booted but hangs forever in the middle of the anaconda process. I assume that some metadata is missing in the boot.iso file. Like the .treeinfo file (its included in the dvd.iso file). Example: https://mirror1.hs-esslingen.de/pub/Mirrors/centos-stream/9-stream/BaseOS/x86_64/os/.treeinfo -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] issue with virt-install and CS9 boot iso
I wanted quickly spin up a CS9 system with an virt-install command line
that in the past worked with fedora34 and C8 but I am getting following
error:
ERRORError validating install location: Could not find an
installable distribution at URL '{trimmed
path}CentOS-Stream-9-20211222.0-x86_64-boot.iso'
Some search engines found some sites that are giving examples
to pass locations of kernel and initrd. Are the iso files
"wrongly" created or are such parameters required now?
Host: CS8
virt-install
-n c9x86-parttest -r 3072
--disk path=parttest.img,size=18,format=qcow2
-l CentOS-Stream-9-20211222.0-x86_64-boot.iso
--os-variant rhel9.0 --noautoconsole
-x "inst.ks=https://example/parttest.cfg;
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Add Custom Application to Panel causes Mate panel to crash
Am 17.12.21 um 06:08 schrieb Frank Cox: As with most people who are using Mate on Centos 8, I am using Mate 1.26.0 from https://copr.fedorainfracloud.org/coprs/stenstorp/MATE/ Right-click on the panel, "add to panel" "custom application" The panel crashes. AFAIK a better place to report would be https://discussion.fedoraproject.org/t/stenstorp-mate/7406 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9-stream "CRB" repo
Am 15.12.21 um 00:24 schrieb Chris Adams: I'm starting to look at CentOS 9-stream... what is the CRB repo? It appears to be a lot of development libraries and such, but I didn't see a definition or "CRB" anywhere. https://developers.redhat.com/blog/2018/11/15/introducing-codeready-linux-builder -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Roundcube 1.4.12 on CentOS 8
Am 10.12.21 um 22:15 schrieb Gionatan Danti: Hi all, I recently updated a CentOS 8 machine to roundcubemail-1.4.12 (from 1.4.11) using remi's repo. I needed to explictly exclude the 1.5.0 packages because it was "shadowing" the latest 1.4.12 release. But now I can not see the 1.4.12 packages anymore - only 1.5.x are provided. Does anyone know why the previous stable package disappeared from remi's repo? Thanks. https://blog.remirepo.net/pages/English-FAQ#archive -> "Can I get an old version of a package ?" -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] selinux modules compat
Hey, after some time not touching any selinux config, I wonder about the bin format of selinux modules. Theoretically question: When I compile some selinux modules on my workstation (el8). Are these modules (forward/backward) compatible for usage on other EL major releases? EL8 mod --deploy2--> EL6, EL7, EL9 -- Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
Am 03.12.21 um 17:25 schrieb Johnny Hughes: On 12/3/21 10:15, Leon Fauster via CentOS wrote: Am 03.12.21 um 17:08 schrieb Johnny Hughes: On 12/3/21 10:01, Leon Fauster via CentOS wrote: Am 03.12.21 um 16:22 schrieb Johnny Hughes: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ Thanks Johnny. One thing that stands out compared to the CL8/CS8 iso directory, are the signed checksum files. For CS9 these are not available! Intentional? That is the case for now .. but I will put a note on our team chat to see if we can get that added. That would be great. Thanks! Leon, Can you file a bug here? https://wiki.centos.org/ReportBugs (for the stream 9 link). We would like documentation of community feedback :) I was unsure what "component" to select. Hope thats the right one: https://bugzilla.redhat.com/show_bug.cgi?id=2028929 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
Am 03.12.21 um 17:08 schrieb Johnny Hughes: On 12/3/21 10:01, Leon Fauster via CentOS wrote: Am 03.12.21 um 16:22 schrieb Johnny Hughes: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ Thanks Johnny. One thing that stands out compared to the CL8/CS8 iso directory, are the signed checksum files. For CS9 these are not available! Intentional? That is the case for now .. but I will put a note on our team chat to see if we can get that added. That would be great. Thanks! -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
Am 03.12.21 um 16:22 schrieb Johnny Hughes: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ Thanks Johnny. One thing that stands out compared to the CL8/CS8 iso directory, are the signed checksum files. For CS9 these are not available! Intentional? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd gives false "Too many authentication failures"
Am 21.11.21 um 20:07 schrieb Andreas Fournier: On Sat, 2021-11-20 at 11:46 +0100, Andreas Fournier wrote: On Sat, 2021-11-20 at 15:33 +0530, Thomas Stephen Lee wrote: On Sat, Nov 20, 2021 at 2:32 PM Andreas Fournier wrote: I just came across something strange with my fully updated Centos7 server. When I try to ssh into it the same way I've always done I get "Too many authentication failures". This just came out of the blue. I'm using the root account and a password. But in my sshd_config it still reads #MaxAuthTries 6 Which I think is the default. From the console I can log in fine and when I look in the logs for sshd I can just see the the attempts I just made, that are less than six and no previous denied attemps. Any clues what's going on? I got the same error once. In my case the problem was ssh tried to log in with ssh keys before giving a password prompt. Thanks, same for me. I had added a new key for a different server to the ssh client machine that got it over the limit. This got me wondering what is the best practice for a situation where you have a machine with more than five keys on file in able to ssh to different servers. But you would also like to ssh with password to an other set of servers. I would suggest to configure your needs in .ssh/config Check man ssh_config. Example: #.ssh/config Host myhost.example PubkeyAuthentication yes User myuser.example IdentityFile ~/.ssh/mysecretkey.example Host * PubkeyAuthentication no Just to get the idea. Top-down, first entry win, last is the default. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/dnf time constraints
Am 15.11.21 um 22:08 schrieb Phil Perry:
On 15/11/2021 11:49, Leon Fauster via CentOS wrote:
Am 14.11.21 um 14:59 schrieb Phil Perry:
On 14/11/2021 13:08, Leon Fauster via CentOS wrote:
Hey,
i wonder if its possible to use dnf and dictate it to not install
packages that are younger then $((today - 7 )) for example.
If not directly possible, any other ways to accomplishing it?
Sure, building repos with snapshots would work here but I am
looking for additional ways ...
A couple ideas:
1. You could run weekly from a scrpt:
yum --assumeno update
which will create the transaction (but not install it) and save it to
/tmp/ and then rerun that transaction week later:
yum --assumeyes load-transaction
/tmp/yum_save_tx.2021-11-14.13-54.FhQii3.yumtx
That's an interesting approach. Not sure if this is still valid for EL8?
Some tests doesn't show any transaction artifact. Maybe I need to dive
deeper ...
Yes, you are correct, 'yum load-transaction' is not available in dnf on
RHEL8
I am experimenting with following now ...
# echo "recent=7" >> /etc/dnf/dnf.conf
# export DNFARGS=$(for e in $(dnf repoquery --recent) ; do echo -n
"--exclude ${e} " ;done)
# dnf update ${DNFARGS}
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos and ModemManager
Am 18.11.21 um 16:00 schrieb Jay Hart: Any answers here? Jay For a hard wired only server, does ModemManger need to be enabled? The only thing that ever might be hooked up to this server would be an external USB DVD drive. I checked some nodes here. The only package that is installed is ModemManager-glib (for dependencies reasons). So, I would vote with - no. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum/dnf time constraints
Am 14.11.21 um 14:59 schrieb Phil Perry: On 14/11/2021 13:08, Leon Fauster via CentOS wrote: Hey, i wonder if its possible to use dnf and dictate it to not install packages that are younger then $((today - 7 )) for example. If not directly possible, any other ways to accomplishing it? Sure, building repos with snapshots would work here but I am looking for additional ways ... A couple ideas: 1. You could run weekly from a scrpt: yum --assumeno update which will create the transaction (but not install it) and save it to /tmp/ and then rerun that transaction week later: yum --assumeyes load-transaction /tmp/yum_save_tx.2021-11-14.13-54.FhQii3.yumtx That's an interesting approach. Not sure if this is still valid for EL8? Some tests doesn't show any transaction artifact. Maybe I need to dive deeper ... 2. Write a yum plugin to mask packages from the transaction sack that are less than 7 days old. How are your python skills? That seems to be the cleanest solution. Lets see if I find time for that. A quick look into repodata xml files shows that the build time is also there exposed ... Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] yum/dnf time constraints
Hey, i wonder if its possible to use dnf and dictate it to not install packages that are younger then $((today - 7 )) for example. If not directly possible, any other ways to accomplishing it? Sure, building repos with snapshots would work here but I am looking for additional ways ... -- Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] your thoughts on dnf-makecache
Am 08.11.21 um 09:59 schrieb Götz Reinicke: Hi, From time to time I see different errors for dnf-makecache in the logs. e.g. „Errors during downloading metadata“, „Couldn't connect to server for“, „Timeout was reached“, „Couldn't resolve host name " or „Operation too slow“. In all cases, a restart of the service solves the „problem“ and in other cases the next run dose it. Beside having the errors, our current service monitoring triggers in most cases a warning message, and depending on the solution recovers too, which makes me wonder what would be the best practice for such situation. a) do I need dnf-makecache? Will it speed up things so much and makes package management much more easy, so having some errors is o.k.? b) adjust the config for dnf-makecache, so it will trigger less errors? c) adjust our monitoring to ignore some errors or be more soft with triggering warnings? C is the least preferred option right now. What do you think, how do you handle dnf-makecache? It depends on your needs. We are okay with; stopping and disabling dnf-makecache.timer for prod systems. We have dnf-automatic enabled. So, the cache is rebuilded anyway ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot time in wtmp is not correct [FIXED]
On 13.10.21 09:44, Hooton, Gerard wrote: Not a dual boot. timedatectl Local time: Wed 2021-10-13 08:37:56 IST Universal time: Wed 2021-10-13 07:37:56 UTC RTC time: Wed 2021-10-13 08:37:56 Time zone: Europe/Dublin (IST, +0100) System clock synchronized: yes NTP service: active RTC in local TZ: yes Warning: The system is configured to read the RTC time in the local time zone. This mode cannot be fully supported. It will create various problems with time zone changes and daylight saving time adjustments. The RTC time is never updated, it relies on external facilities to maintain it. If at all possible, use RTC in UTC by calling 'timedatectl set-local-rtc 0'. I use the command 'timedatectl set-local-rtc 0' as suggested above and that fixed the problem. hwclock is maybe also of interest. Check $ man hwclock -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] systemd | Requires statement with an instantiated service
Maybe the work day is already to long. I can not find a solution for following requirement. How to apply a "Requires" with an instantiated service. Example: a@.service b.service a@.service is started as a@host1.service and b.service must be started after a@host1.service but the unit will be differently parameterized (depended of the region). So I want to generalize the requires statement. My dropin file in ./b.service.d/dep.conf looks like [Unit] Requires="a@*.service" This just produces following error: 'Failed to add dependency on "a@*.service", ignoring: Invalid argument' I use also a Before=b.service statement for a@.service but that is not enough. Any hints? -- Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Minimising a CentOS installation
On 21.08.21 19:02, Steven Rosenberg wrote: On Fri, 2021-08-20 at 22:10 -0600, James Szinger wrote: My typical approach is to run `package-cleanup --leaves --all` or `yum leaves` (might need software not on CentOS 8) and justify everything that is there. I have about 85 leaf packages on a CentOS 7 web server, so a minimal package set should be smaller. Experiment with a disposable VM so it is easy to recover from mistakes. Thanks for this. I did a little searching and found this page: https://linuxconfig.org/how-to-remove-orphaned-packages-on-centos-linux It worked for me: Get a list of orphaned packages: $ package-cleanup --leaves Remove them: # yum remove `package-cleanup --leaves` That's only if you're OK removing all of them. Not sure why but at least on two C8S systems (not all) the kernel rpms are listed as leaves, also the running one. So, better don't execute the above command ... Investigating why other C8S systems do not show the kernel rpms ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel command line
On 05.08.21 19:56, Jerry Geis wrote: On Thu, Aug 5, 2021 at 11:40 AM Jerry Geis wrote: I am trying to install on a NUC7C with 32G of eMMC showing up as /dev/sdb Is there a way I can tell the kernel boot line or command line to MASK /dev/sdb ? Make it look like it does not exist ? It has windows pre-installed - I dont want to mistake it. Thanks Jerry I think I stumbled into : echo 1 > /sys/block/sdb/device/delete will get rid of - so I'm trying to run this before first thing in kickstart. Anyone know of anything else - let me know. for ks I use: ignoredisk --only-use=sda -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hosts.deny, fail2ban etc.
On 28.07.21 14:44, Jonathan Billings wrote: On Jul 27, 2021, at 16:43, H wrote: |Running CentOS 7. I was under the impression - seemingly mistaken - that by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* would ban all attempts from that network segment to connect to the server, ie before fail2ban would (eventually) ban connection attempts. This, however, does not seem correct and I could use a pointer to correct my misunderstanding. How is hosts.deny used and what have I missed? Is it necessary to run: iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP to drop incoming connection attempts from that subnet? Upstream openssh dropped support for tcp wrappers (hosts.deny) a while ago but RHEL had patched support back in for a while, but I believe it isn’t supported anymore. For what it’s worth, if you use the fail2ban-firewalld package, it uses ipset rather than iptables, which is more efficient. TCP wrappers (hosts.allow/deny) are deprecated now. Its still supported in EL7 (sshd example) ldd /usr/sbin/sshd |grep wrap libwrap.so.0 => /lib64/libwrap.so.0 (0x7fcc483ee000) but not in EL8 anymore. EL8 is based on F28/29 -> https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers For the question above (for EL7): only services that are compiled against libwrap uses hosts.deny everything else will be reachable (if iptables does not drop it). For EL8, as depicted in the above URI: systemd provide a similar functionality ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] heads up: stream8 cloud-init rebase 20 to 21
FYI and everyone on C8S: cloud-init does run on deployed cloud vm's anymore succesfully after update (it was rebased from 20. to 21.). Fix: before rebooting run "cloud-init clean" -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microsoft Teams on CentOS 7. Does the latest version work?
On 16.07.21 13:28, Simon Matter wrote: On 16.07.21 12:39, Simon Matter wrote: On 16/07/21 10:19 pm, Simon Matter wrote: I think you missed from a different post where the package was created by a different 3rd-party, not google. So how else would you expect the 3rd-party package to satisfy the dependency? I didn't say the chrome packages came from google. But, the TO has some chrome RPM installed which "provides" the libstdc++ version required by teams, but doesn't really provide this libstdc++ version to the whole system. That's why the RPM is broken, it claims to provide a libstdc++ version which it doesn't really provide. And I ask again, how else would you expect the package to satisfy the dependency in chrome for the newer libstdc++? The package was explicitly created to allow chrome to run on an older system that doesn't have the newer libstdc++, by rights it should work with other programs that need a newer libstdc++ as well provided that they set LD_LIBRARY_PATH appropriately. So it does, in fact, provide the stated dependency for the entire system, you just have to tell programs that need it where to find it. And that's where it breaks the rules! It "provides" something that it doesn't really provide. That's NOT allowed with RPM because it breaks other applications. It breaks the whole meaning of dependency tracking of the RPM system. That's why the mentioned chrome package has to be considered broken. $ LANG=C rpm -qp --provides https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm warning: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY google-chrome = 91.0.4472.164 google-chrome-stable = 91.0.4472.164-1 google-chrome-stable(x86-64) = 91.0.4472.164-1 $ Hi Leon, The problem package is not from google but seems to be 'chrome-deps-stable' from wherever it comes. That's why teams fails here, Microsoft is NOT the culprit in this case :-) Well, I see a lot of such customer/user behavior: "Doing _everything_ just to get to the goal". For example installing things that just do not fit and then wondering about the implications. Imagine a bakery that uses blue wall colour instead blueberrys. Just to get the cup cakes with a blue touch. Actually it is a naturally approach to getting things to work. So, not sure whom to blame. For the OP: as someone has already suggested, flatpaks do provide a coherent environment to execute proprietary software. Not sure how mature flatpak is under C7 but teams works here under C8/flatpak well. Alternatively a teams session do also work with the chromium browser directly. https://flatpak.org/setup/CentOS/ https://flathub.org/apps/search/teams BTW: @OP Maybe its time to clean up your repository setup and the above mentioned obscure package ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microsoft Teams on CentOS 7. Does the latest version work?
On 16.07.21 12:39, Simon Matter wrote: On 16/07/21 10:19 pm, Simon Matter wrote: I think you missed from a different post where the package was created by a different 3rd-party, not google. So how else would you expect the 3rd-party package to satisfy the dependency? I didn't say the chrome packages came from google. But, the TO has some chrome RPM installed which "provides" the libstdc++ version required by teams, but doesn't really provide this libstdc++ version to the whole system. That's why the RPM is broken, it claims to provide a libstdc++ version which it doesn't really provide. And I ask again, how else would you expect the package to satisfy the dependency in chrome for the newer libstdc++? The package was explicitly created to allow chrome to run on an older system that doesn't have the newer libstdc++, by rights it should work with other programs that need a newer libstdc++ as well provided that they set LD_LIBRARY_PATH appropriately. So it does, in fact, provide the stated dependency for the entire system, you just have to tell programs that need it where to find it. And that's where it breaks the rules! It "provides" something that it doesn't really provide. That's NOT allowed with RPM because it breaks other applications. It breaks the whole meaning of dependency tracking of the RPM system. That's why the mentioned chrome package has to be considered broken. $ LANG=C rpm -qp --provides https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm warning: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY google-chrome = 91.0.4472.164 google-chrome-stable = 91.0.4472.164-1 google-chrome-stable(x86-64) = 91.0.4472.164-1 $ -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 08.07.21 19:53, Gionatan Danti wrote: Il 2021-07-08 16:46 Leon Fauster via CentOS ha scritto: Maybe "we" could fill this gap? Describe this state of EPEL? Did you requested such missing packages? From the early on (EL8.0) I requested such EPEL packages, some fedora maintainers branched there packages into EPEL8. Even a request for a devel package was honored and the rpm was included by RH later in 8.1. This is a community, so communicate! Everything else is a product in ready state that must be paid. For what it is worth, I opened various RH bugzilla enhancement request in the 10+ years of using CentOS. One of the last: https://bugzilla.redhat.com/show_bug.cgi?id=1902781 That said, lets face in: current CentOS is not really a community, at least in the sense that a community can steer the project direction. Nobody polled for Stream or asked about it. Stream simply happened due to an unilateral Red Hat decision. *Which is PERFECTLY fine*, unless trying to masking it behind the "community" word. My view is that RH/CentOS would be relatively inadequate for many roles without the outstanding work done by EPEL and the rest of the CentOS community, unless you are an hyperscaler who can do its own internal package additions. Red Hat failing to recognize the enormous value of EPEL and former CentOS model really baffles me. Good phrased. I see it exactly like this but let me take a dialectic position just for the sake of insights. CentOS Linux (or Rocky Linux) is a downstream rebuild, right? So, the fences are already set. Right now, I am seeing a lot of requests in the Rocky forum, to add new shiny stuff to the distribution and the answer to most of this is (more or less); "we (Rocky) are a 1:1 rebuild of upstream and we can not add new stuff in an arbitrary way". So, when talking about a community then we have different concepts behind it. A RH ecosystem community is not the same as a Debian community. It was never and it will never be the same. I see the RH ecosystem as a hybrid opportunity (perspective from the outside), so not all "directions" can be influenced but there is enough room to contribute to directions especially with Stream now. PS: Do not get me wrong; the whole communication from RH about this "CentOS Change" is catastrophically. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 08.07.21 14:38, Gionatan Danti wrote: Il 2021-07-08 13:22 Nikolaos Milas ha scritto: If some people want to leave the RHEL ecosystem for Debian or FreeBSD, that's OK. But for those who want to stay in the RHEL world, Rocky Linux stands as a rock-solid solution. This opinion does not reject other CentOS clones, but emphasizes the fact that Rocky Linux appears to be a solid option for now and the years to come. While true, I also feel that RH is trying to actively shape its distribution away from small enterprise needs. For example, common packages are deprecated and/or removed (eg: virt-manager, screen, kernel-side DRBD, pam_mysql, etc) and EPEL 8 (which is fundamental to my CentOS/Rocky installations) is in a bad state. Maybe "we" could fill this gap? Describe this state of EPEL? Did you requested such missing packages? From the early on (EL8.0) I requested such EPEL packages, some fedora maintainers branched there packages into EPEL8. Even a request for a devel package was honored and the rpm was included by RH later in 8.1. This is a community, so communicate! Everything else is a product in ready state that must be paid. My impression is that RH is following cloud vendors & hyperscale needs - with Stream as a clear example. This is not an inherently bad thing, but it quite different from what the small and medium businesses I service need. So, while closely watching RH/CentOS/Rocky, I am going to steer new deployments on Ubuntu LTS or Debian. Regards. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 07.07.21 18:04, Jon Pruente wrote: On Wed, Jul 7, 2021 at 7:41 AM Leon Fauster via CentOS mailto:centos@centos.org>> wrote: Here is another one: https://navylinux.org/ <https://navylinux.org/> Navy Linux has a bad taste already, for me. They are aiming too big, even trying to replicate EPEL for themselves. And their attitude isn't good. They had a tweet disparaging "new unstable vendors" of EL distros that they only deleted after being called out for it, despite being one of those themselves. Deleted tweet link: https://twitter.com/NavyLinux/status/1408429562472677381 <https://twitter.com/NavyLinux/status/1408429562472677381> They used to say they were founded by "Unixlab". Which Unixlab? We don't know. Now they say they are a non-profit Foundation that founded the project. https://webcache.googleusercontent.com/search?q=cache:kZLBFcdLyrYJ:https://navylinux.org/about/+=1=en=clnk=us <https://webcache.googleusercontent.com/search?q=cache:kZLBFcdLyrYJ:https://navylinux.org/about/+=1=en=clnk=us> +1 The Division of Corporations in DELAWARE shows: Formation Date: 6/14/2021 (mm/dd/) Anyway, in the context of ongoing attacks to the supply chain. This situation where CentOS is running EOL will motivate new black hats to step into the place. Imagine a massive deployed OS that is trojanized?! So trust is here king and despite all adversity (that also hits me hard) we should thinks twice before running away into foreign arms. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 07.07.21 14:31, J Martin Rushton via CentOS wrote: Fashion, and Oracle's past practices. I evaluated Alma Linux Fedora Mint Open SuSE Oracle Linux Springdale Linux and settled on Alma. Rocky was still vapourware when Alma was stable. I've seen how Oracle promise no change in the long term, then change their charging model in the past. We got badly burned at work when they took over DEC RDB. I like Alma's independence built on Cloud's experience over many years building RHEL clones. Here is another one: https://navylinux.org/ -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 07.07.21 12:07, Nikolaos Milas wrote: On 7/7/2021 12:47 μ.μ., J Martin Rushton via CentOS wrote: There's also Alma, which is where I've gone after being with CentOS since 5.3 AlmaLinux is a great project too, IMHO, but things show that the new industry standard (replacing CentOS) will probably be Rocky Linux. (Yes, RHEL **AND** CentOS have indeed been industry standards - the point of reference -, IMHO, and this is what IBM/RHEL have failed to realize: You don't alter a point of reference.) It should not be forgotten that Rocky Linux will be a 1:1 rebuild, also in the future. So, to shape this future everyone is invited to participate at CentOS Stream. This is a great future or not? It is interesting to see what Service Providers will do with their (huge numbers of) CentOS installations, when they migrate... From the users/admins' perspective it is to their interest to have robust and healthy alternatives. In our org, I am now using Rocky Linux on new installations (without issues) and will be migrating several CentOS 8 boxes to Rocky Linux as well. Cheers, Nick ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RSS usage on centos8.4 is higher for user-application compared to centos7.9
On 06.07.21 15:02, Anand Babu wrote:
Hi Centos Community,
This is my first time here and I apologize in advance if I made a mistake
here and hope you will correct me , if i made any.
With that said,
This is a native example that was written to narrow down the higher RAM
usage that we see when we are using Centos8 as opposed to Centos7.
The c-code is very small and looks like this :
#include
#include
int main()
{
pause();
return 0;
}
I compile and run the binary on centos7 and memory backed section of pmap
output looks like below:
pmap -X $(pidof sleep) | head -n -2 | awk '{ if (NR > 2 && $5 > 0 )
printf "%12s %8s %8s %4s %s\n", $1, $6, $7, $2,$13}'
004044 r-xp sleep
006044 r--p sleep
0060100044 rw-p sleep*7f54514f9000 1808
204 r-xp libc-2.17.so
*7f54516bd000 20440 ---p libc-2.17.so
7f54518bc000 16 16 r--p libc-2.17.so
7f54518c88 rw-p libc-2.17.so
7f54518c7000 136 108 r-xp ld-2.17.so
7f5451ae800044 r--p ld-2.17.so
7f5451ae900044 rw-p ld-2.17.so
and ps says the following:
** ps -o rss= pidof sleep 352**
Running the same binary on centos8 leads to
** ps -o rss= pidof pause 784 **
and the pmap output looks like below:
004044 r-xp pause
006044 r--p pause
0060100044 rw-p pause* 7f24029a8000 1776
788 r-xp libc-2.28.so *
7f2402b64000 20440 ---p libc-2.28.so
7f2402d63000 16 16 r--p libc-2.28.so
7f2402d6700088 rw-p libc-2.28.so
7f2402d6d000 176 176 r-xp ld-2.28.so
7f2402f9900044 r--p ld-2.28.so
7f2402f9a00088 rw-p ld-2.28.so
For running the same executable, the libc.so takes 788KB(204KB on centos7).
Note:
1.
This is not the only library that is showing this behavior, but we see
the same behavior for other shared-library as well as executables that were
compiled on centos7. Running the same executables/shared objects take a
higher amount of pages on centos8 than on centos7.
2.
Since the glibc version on Centos8 was 2.28 , i have compiled 2.17
version and then used patchelf to patch the centos7 built binary to make
use of 2.17 glibc on centos8 host like patchelf --set-interpreter
/home/babu/RSS_measurement/2_17_downloaded/glibc_home/lib/ld-linux-x86-64.so.2
--set-rpath /home/babu/RSS_measurement/2_17_downloaded/glibc_home/lib
/tmp/pause
and then run it under LD_DEBUG=libs and verified the 2.17 version of libc
libraries were used and still the memory usage on centos8 was higher than
on centos7 (about the same numbers as above).
What could be the reason for the higher RAM usage on centos8 vs centos7? I
can imagine some defaults have changed on centos8 and that has meant this
impact and i could change this default and could reproduce the same RSS
numbers on centos8 as well?
How does the results look like after doing:
echo never > /sys/kernel/mm/transparent_hugepage/enabled
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libvoikko-devel not available on Centos8?
On 23.06.21 11:49, Myyrä, Timo wrote: Hi, Any ideas why CentOS 8 doesn't include the libvoikko-devel package? The libvoikko package is present but it doesn't have the development headers in it. The Fedora RPM SPEC seems to have separate package for the headers: https://src.fedoraproject.org/rpms/libvoikko/blob/rawhide/f/libvoikko.spec I'm looking at using a postgresql extension using libvoikko but it needs those header files. This is intentionally https://wiki.centos.org/FAQ/CentOS8/UnshippedPackages Its possible to download such artifacts (now, thanks). Albeit not signed: https://koji.mbox.centos.org/koji/buildinfo?buildID=14867 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] EL8: openldap-servers migration to 389
Hey all, in preparation to migrate an EL7 server I noticed that the openldap-servers package is not shipped in EL8 anymore. Is it possible to operate 389-ds as standalone ldap server? I am asking this for the context of CentOS Linux because I read somewhere that 389-ds is mainly used for RHDS only and unsure now about the possibilities to substitute openldap-servers/slapd ... -- Thanks Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
On 07.06.21 12:02, Simon Matter wrote: On 31.05.21 12:57, cen...@niob.at wrote: Am 22/05/2021 um 06:15 schrieb Kenneth Porter: Forwarded Message Subject: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021 Date: Fri, 21 May 2021 11:44:19 -0800 From: Michael McNally To: dhcp-annou...@lists.isc.org Hello, dhcp-announce list subscribers, It has been a while since our last post to this list. Since the last time we posted news of a new release of ISC DHCP, Internet Systems Consortium has adopted a practice of pre-announcing expected security disclosures in order to give operators who use our products a little advance warning and planning time. For that reason, I am writing you today to let you know that a vulnerability in ISC DHCP will be publicly announced next week on Wednesday, 26 May 2021. Further details about that vulnerability will be publicly disclosed next week, and new releases of ISC DHCP that correct the vulnerability will be made available at that time. It is our hope that this pre-announcement will aid DHCP operators in preparing for that disclosure when it occurs. The released announcement: https://kb.isc.org/docs/cve-2021-25217 Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update. Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough... https://access.redhat.com/security/cve/cve-2021-25217 I'm wondering why this bug is still unfixed in EL[6-8] for more than a week now while it is mentioned as being a security issue? Since the fixing patch is just a view lines I'm surprised why it's delayed? Maybe because it depends on more the one other ticket ... https://bugzilla.redhat.com/show_bug.cgi?id=1963258 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade to 8.4 .2105 Problems
On 05.06.21 11:32, Simon Matter wrote: On Sat, Jun 05, 2021 at 04:32:30PM +1200, Alan McRae via CentOS wrote: I noticed in journalctl that gnome-shell was core dumping. yum reinstall gnome-shell fixed my displays problem. So I am back to my first premise that the 'yum update' did not complete properly for some reason. Is there any way I can check the integrity of the packages installed? rpm, but not to my knowledge, has a "verify" command. rpm -Va Additionally checks can be done with (its in yum-utils package): package-cleanup --problems package-cleanup --dupes # dnf remove --duplicates -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
On 31.05.21 12:57, cen...@niob.at wrote: Am 22/05/2021 um 06:15 schrieb Kenneth Porter: Forwarded Message Subject: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021 Date: Fri, 21 May 2021 11:44:19 -0800 From: Michael McNally To: dhcp-annou...@lists.isc.org Hello, dhcp-announce list subscribers, It has been a while since our last post to this list. Since the last time we posted news of a new release of ISC DHCP, Internet Systems Consortium has adopted a practice of pre-announcing expected security disclosures in order to give operators who use our products a little advance warning and planning time. For that reason, I am writing you today to let you know that a vulnerability in ISC DHCP will be publicly announced next week on Wednesday, 26 May 2021. Further details about that vulnerability will be publicly disclosed next week, and new releases of ISC DHCP that correct the vulnerability will be made available at that time. It is our hope that this pre-announcement will aid DHCP operators in preparing for that disclosure when it occurs. The released announcement: https://kb.isc.org/docs/cve-2021-25217 Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update. Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough... https://access.redhat.com/security/cve/cve-2021-25217 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to get reliable/open source license manager
On 29.05.21 05:32, qw wrote: I have developped one python application. I need open source license server to manage the app via local network. Where can I get this kind of open source project? It's not really clear (to me, anyway) what you're asking for. What would the application you're looking for *do*? Are you looking for something like flexlm? Are you licensing your python application on a per-seat basis? I'm looking for some software like flexlm, which has the function like floating license. My python app will be installed in several PCs in local network, and I want to manage which python app can be used. So I need one license manager to control the usage of python app. One python app will be installed in one PC. Not sure if this is the right tool for your use case: https://www.candlepinproject.org/ -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Weird localectl behavior under CentOS 7
On 15.05.21 12:48, Nicolas Kovacs wrote: Hi, On a fresh CentOS 7 installation using Français/France as regional parameters in the installer, here's what localectl looks like: [microlinux@linuxbox ~]$ localectl System Locale: LANG=fr_FR.UTF-8 VC Keymap: ch-fr X11 Layout: ch X11 Variant: fr Now I'd like to have my system messages in english. So I set the system language accordingly: $ sudo localectl set-locale LANG=en_US.utf8 Things seem to look OK now: [microlinux@linuxbox ~]$ localectl System Locale: LANG=en_US.utf8 VC Keymap: ch-fr X11 Layout: ch X11 Variant: fr Except when I display my LANG variable, it's still fr_FR.UTF-8 for normal users... but en_US.utf8 for root. This looks like inconsistent or buggy behavior to me. Any suggestions on how to change the default system locale LANG so that it's en_US.utf8 for everybody *without* having to jump through burning loops and putting it in everybody's ~/.bashrc ? echo LANG=en_US.UTF-8 > /etc/locale.conf -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipforwarding between interfaces and firewall rules
On 01.05.21 06:27, R C wrote: from what I heard, nftables doesn't support forward rules yet, until RHEL/Centos 8.5 at If true does it means that its already in CentOS Stream 8? Just guessing ... this time it can be "resolved" using iptables as the firewall backend, but not nftables (which is not ideal, but ... ) . -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 29.04.21 18:26, Johnny Hughes wrote: On 4/29/21 11:15 AM, Leon Fauster via CentOS wrote: On 29.04.21 17:34, Johnny Hughes wrote: On 4/27/21 11:45 AM, Valeri Galtsev wrote: As was stated at Red hat summit though .. while Stream will not be a copy of the downstream RHEL code anymore .. it WILL BE extreamly similar to RHEL + a couple months. ... Maybe I am miss reading this sentence. Could you rephrase the "while Stream will not ... anymore" please? Did something changed recently? Stream as compared to CentOS Linux is not RHEL source code downstream is what I should have said .. so what is released as CentOS (Steam now) will no longer be a downstream build. It will be released packages and very close to 8.4 content and right now. Ah, okay. Thanks to clarifying it. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 29.04.21 18:27, Valeri Galtsev wrote: On 4/29/21 11:15 AM, Leon Fauster via CentOS wrote: On 29.04.21 17:34, Johnny Hughes wrote: On 4/27/21 11:45 AM, Valeri Galtsev wrote: As was stated at Red hat summit though .. while Stream will not be a copy of the downstream RHEL code anymore .. it WILL BE extreamly similar to RHEL + a couple months. ... Maybe I am miss reading this sentence. Could you rephrase the "while Stream will not ... anymore" please? Did something changed recently? I believe you are citing Johnny's write-up, not mine, so your question should be directed to Johnny. Your mailer somehow messed the citation depth to appear what Johnny said as if it was I who said it. You are right, my hand coordination is not so good anymore. it cutted one line too few :-) -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 29.04.21 17:34, Johnny Hughes wrote: On 4/27/21 11:45 AM, Valeri Galtsev wrote: As was stated at Red hat summit though .. while Stream will not be a copy of the downstream RHEL code anymore .. it WILL BE extreamly similar to RHEL + a couple months. ... Maybe I am miss reading this sentence. Could you rephrase the "while Stream will not ... anymore" please? Did something changed recently? Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On 27.04.21 16:04, Carlos Oliva wrote: Thank you for your response Pete. I prefer to avoid working under the unbrela of propriatory companies. That is a conflicting statement. What would you then use these days without having a "entity" to back the service up? Anyway its OT ... Maybe this is of interest: https://arstechnica.com/gadgets/2021/01/centos-is-gone-but-rhel-is-now-free-for-up-to-16-production-servers/ Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] password algorithm with authconfig vs authselect
On 21.04.21 22:56, Chris Adams wrote: Once upon a time, Leon Fauster said: How does the new "way" looks like (>=EL8), to switch the password algorithm? It looks like authselect doesn't support that. While authconfig tried to be a super-multi-tool that knew how to configure all the things, I think it got to a point where it was too difficult to maintain (keeping track of which options were required, conflicted with each other, etc.). So authselect instead ships a pre-set group of config files that have been tested, with some options in them. Right now, the password algorithm is always sha512. I think that could be turned into what authselect calls a "feature", but I'm not sure (that'd be a good request for the project, using their project page at https://github.com/authselect/authselect). It looks like features might support only enable/disable, not custom string values. The "officially correct" way to do that today seems to be to create a custom profile (which can be based on an existing profile), change the values, then apply the custom profile. This seems like a lot to just set the algorithm, but I'm guessing that at this point, there aren't many requests to do that (so it isn't a well-supported thing to change). It looks like something like this might do it: authselect create-profile sha256 --base-on=sssd sed -i 's/sha512/sha256/g' /etc/authselect/custom/sha256/* authselect select custom/sha256 Chris, this seems to be a very reasonable approach! Nevertheless I noticed while testing that these config files also need to be managed # grep 512 /etc/libuser.conf /etc/login.defs /etc/libuser.conf:crypt_style = sha512 /etc/login.defs:ENCRYPT_METHOD SHA512 At least authselect's profile mechanism is a good starting point to adapt my workflow. Thanks! Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] password algorithm with authconfig vs authselect
In the old days I could do
# authconfig --passalgo=sha256 --update
With EL8 comes authselect now (replacement of authconfig).
authselect --passalgo=sha512 --update does not work and
seems to be unsupported.
# grep -R passalgo /usr/lib/python3.6/site-packages/authselect/
/usr/lib/python3.6/site-packages/authselect/authcompat_Options.py:
Option.UnsupportedValued ("passalgo",
_("")),
How does the new "way" looks like (>=EL8), to switch the password
algorithm?
Any hints would be great ...
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] qemu-system-x86_64 in EL8
On 19.04.21 10:35, Ondrej Budai wrote: I believe that only qemu-kvm is available on Centos 8 and it's installed in /usr/libexec/qemu-kvm. I'm not 100% sure but using qemu directly is not supported on RHEL 8, you might want to try libvirt. Ondřej ne 18. 4. 2021 v 1:01 odesílatel Leon Fauster via CentOS mailto:centos@centos.org>> napsal: I am planning to migrate a EL7 host to CS8 and noticed that an "application" runs via /usr/bin/qemu-system-x86_64 . Its seems its from EPEL. Stock C8 does not ship it. Any SIG repository with "qemu-system-x86_64"? Thanks for the insight. Seems that the app devs must then check that now. It was not clear to me that qemu is completely stripped out of RHEL8. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] qemu-system-x86_64 in EL8
I am planning to migrate a EL7 host to CS8 and noticed that an "application" runs via /usr/bin/qemu-system-x86_64 . Its seems its from EPEL. Stock C8 does not ship it. Any SIG repository with "qemu-system-x86_64"? Thanks, Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync over ssh stalls after completing the job
On 14.04.21 06:40, Frank Cox wrote: This doesn't work: Host * ForwardX11 yes host jeff ForwardX11 no IMHO - first win. It should be Host jeff ForwardX11 no Host * ForwardX11 yes -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Proxmox Backup Server equivalent for the RHEL/CentOS world ?
On 13.04.21 12:33, Simon Matter wrote: Once upon a time, Nicolas Kovacs said: Both PVE and PBS are based on Debian, and now I wonder if RHEL-based systems have something similar to offer. I believe Red Hat Virtualization, and its open upstream oVirt, are comparable to Proxmox. I have used oVirt for a number of years. oVirt itself doesn't include backup software (it supports VM snapshots and clones), but there are several third-party backup tools (both free and commercial) compatible with oVirt/RHV, like Storeware's vProtect (I haven't used it but seen others mention it). I haven't followed oVirt/RHV but I'm wondering how free it is? Is it as "free" as RHEL or as CentOS/Alma/Rocky/Navy/Oracle Linux? Upstream -> Product Fedora -> RHEL oVirt -> RHV -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resize a VM: any risk involved ?
On 08.04.21 17:43, Nicolas Kovacs wrote: Hi, I'm currently fiddling with KVM, Proxmox and various VMs. I setup a very basic VM with a manual (fdisk) partitioning scheme: one /boot partition, one swap partition, and one root partition, the latter being the last partition and thus expandable). I'm starting with a reduced disk size (6 GB in total) and a minimal installation. The idea behind this approach is that I can clone this minimal VM and then eventually expand it to fit my needs. Here's how I expand the available disk size. First I increase the virtual disk in the hypervisor. Then I fire up the VM and do the following: # yum install cloud-utils-growpart # lsblk # growpart -v /dev/sda 3 # resize2fs /dev/sda3 Now here's my question (finally): is there any risk involved in this sort of operation? Or can it be performed on a production system without having to worry about data loss? Just a hint - man virt-resize -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Booting from an ISO file in a XFS /boot partition
On 08.04.21 11:16, Gestió Servidors wrote:
Hi,
I want to boot with a customized iPXE iso boot file from my GRUB2 menu. My
system is running CentOS-7, with /boot formated as XFS filesystem. After
copying my iPXE.iso into /boot, I have created a custom GRUB2 file in
/etc/grub.d/40_custom like this:
menuentry "iPXE" {
set isofile="/ipxe.iso"
loopback loop (hd0,1)$isofile
linux16 (loop)/ipxe.lkrn
}
After regenerating grub2.cfg with "grub2-mkconfig -o /etc/grub2.cfg , I have rebooted my
system, I have chosen "iPXE" entry, but system doesn't boot. I receive this error:
error: file '/ipxe.iso' not found.
Starting /ipxe.iso...
error: no server is specified.
Press any key to continue...
However, in another similar system that runs /boot in EXT4 filesystem, that ISO
file boots perfectly with the same configuration, so it seems the problem is
with XFS.
Could you help me?
Just guessing - loading the grub module for xfs is missing?
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with chromium 89.0.4389.82
On 04.04.21 16:19, H wrote: I am running CentOS 7 and just updated chromium to version 89.0.4389.82 from EPEL. Did you tested the .90 release? yum update --enablerepo=epel-testing "chrom*" -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with chromium 89.0.4389.82
On 04.04.21 18:29, H wrote: On 04/04/2021 11:24 AM, Richard wrote: Date: Sunday, April 04, 2021 10:19:34 -0400 From: H I am running CentOS 7 and just updated chromium to version 89.0.4389.82 from EPEL. Although this version was released a few weeks ago, I had had the previous version of chromium (88.0.4324.150) running for several weeks but it crashed and the new version was then loaded. The older version worked fine but this new one refuses to load certain, ie most, websites that the old version did not have a problem with - it is jus stuck waiting for the domain in question. Further, the version of Firefox I also have installed loads all of them without any problems which suggests there is not a problem with those sites, the DNS resolution, nor with my system apart from chromium. Rpm does not allow me to downgrade to the previous version and cannot find the previous version. I remember having a similar problem loading websites at least a year ago which, if I remember correctly, was due to some bug in chromium. Do you have firefox set to use DoH? That could change the perspective of whether there is a DNS issue. With centos-7 you can use chrome, you don't have to use chromium. I use the rpms for chrome, for both the stable and beta releases -- currently at 89.0.4389.114 and 90.0.4430.51 respectively, from google's repository without any issues. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Understood. I checked and I cannot see that I am using DoH (DNS over https?) in Firefox. Since I have a vague memory of having had a similar problem with chromium in the past, I highly suspect it is a bug in the browser. Where can I find the older release, ie 88.0.4324.150 of chromium? It is no longer in EPEL. Did you have the same issues with a new test account? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't upgrade sssd-*
On 02.04.21 16:46, Johnny Hughes wrote: On 4/1/21 12:32 PM, Warren Young wrote: On Mar 26, 2021, at 7:08 AM, Warren Young wrote: Is anyone else getting this on dnf upgrade? [MIRROR] sssd-proxy-2.3.0-9.el8.x86_64.rpm: Interrupted by header callback: Server reports Content-Length: 9937 but expected size is: 143980 The short reply size made me think to try a packet capture, and it turned out to be a message from the site’s “transparent” HTTP proxy, telling me that content’s blocked. Rather than fight with site IT over the block list, I have a new question: is there any plan for getting HTTPS-only updates in CentOS? Changing all “http” to “https” in my repo conf files just made the update stall, so I assume there are mirrors that are still HTTP-only. No .. we host things on donated servers, we therefore are not putting private keys on there. That (and external mirrors) is why we SIGN repodata.xml. We just can't risk putting private keys for centos.org on machines that are donated. We had such a discussion in the past on the list. I assume there are no plans for improvements? Would a change from dnf's "mirrorlist" to "metalink" be a starting point? Albeit mirrorlist.centos.org would be still on http only. metalink would allow to configure https-only mirrors. Like: $ curl "https://mirrors.fedoraproject.org/metalink?protocol=https=epel-8=x86_64; But to be honest the mirrorlist.centos.org element in the chain must have also a secure solution. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM vs. incremental remote backups
On 31.03.21 14:41, Nicolas Kovacs wrote: Hi, Up until recently I've hosted all my stuff (web & mail) on a handful of bare metal servers. Web applications (WordPress, OwnCloud, Dolibarr, GEPI, Roundcube) as well as mail and a few other things were hosted mostly on one big machine. Backups for this setup were done using Rsnapshot, a nifty utility that combines Rsync over SSH and hard links to make incremental backups. This approach has become problematic, for several reasons. First, web applications have increasingly specific and sometimes mutually exclusive requirements. And second, last month I had a server crash, and even though I had backups for everything, this meant quite some offline time. So I've opted to go for KVM-based solutions, with everything split up over a series of KVM guests. I wrapped my head around KVM, played around with it (a lot) and now I'm more or less ready to go. One detail is nagging me though: backups. Let's say I have one VM that handles only DNS (base installation + BIND) and one other VM that handles mail (base installation + Postfix + Dovecot). Under the hood that's two QCOW2 images stored in /var/lib/libvirt/images. With the old "bare metal" approach I could perform remote backups using Rsync, so only the difference between two backups would get transferred over the network. Now with KVM images it looks like every day I have to transfer the whole image again. As soon as some images have lots of data on them (say, 100 GB for a small OwnCloud server), this quickly becomes unmanageable. I googled around quite some time for "KVM backup best practices" and was a bit puzzled to find many folks asking the same question and no real answer, at least not without having to jump through burning loops. Any suggestions ? As others pointed out - LVM would be a smart solution and BTW rsnapshot supports LVM snapshot backups. If you want a raw approach against the image file, then use a deduplication backup tool (block based backups). -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Prevent Anaconda from switching root and swap partition
On 31.03.21 11:30, Simon Matter wrote: Hi, More often than not, when installing CentOS, I choose manual partitioning and then apply the KISS principle, with a very simple partitioning scheme that looks more or less like this: * /boot partition: 500 MB, ext2 * swap partition: equivalent to amount of RAM * root partition: available space, ext4 Now when I do this, Anaconda insists on switching my swap and root partitions, so instead of this: * /dev/sda1: boot partition * /dev/sda2: swap partition * /dev/sda3: root partition ... I get this: * /dev/sda1: boot partition * /dev/sda2: root partition * /dev/sda3: swap partition Up until now this hasn't bothered me much. But for my needs right now it does, because I need my root partition to be at the end of the disk, so it can be expanded later on. Anyone knows how I can prevent Anaconda from switching my root and swap partitions? What I'm doing right now is switching to a text console with Ctrl-Alt-F5, manually partition using fdisk, switch back to Anaconda and then rescan the disk, but it's quite a PITA. That's exactly what I wanted to suggest you :-) I never found a better way... I never have done that but is %pre script section not exactly the place for that ? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Festival for Centos 8
On 21.03.21 20:04, Frank Cox wrote: Johnny Hughes has compiled festival (the speech synthesis thing) for Centos 8. https://koji.mbox.centos.org/koji/buildinfo?buildID=2246 I could download it directly from that webpage, but I'm wondering what repo it's in. I don't see any repo listed there, and dnf search festival returns no results on my computer. I guess that its one of those "devel" packages that are not in the compose of the distribution. -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XML parsing in shell script
Am 19.03.21 um 17:40 schrieb Fabian Arrotin:
On 18/03/2021 22:08, H wrote:
On 03/18/2021 04:30 PM, Paul Heinlein wrote:
On Thu, 18 Mar 2021, H wrote:
I have a challenge I am interested in getting feedback on.
I will on a regular basis download a series of data files from the web where the data is
in XML-format. The format is known in advance but is different between the various data
files. I then plan to extract the various data items ("elements?") from each
data file, do some light formatting and then save desired parts of each original data
file as a formatted CSV-file for later importing into a database.
As the plan is to use a bash shell script using curl to get the files, I have
begun looking at external XML parsers that I can call from my script, perhaps
specify which elements I want, get the data back in some kind of bash data
structure and finally format and save as CSV-files.
There seems to be a number of XML parsers available but perhaps someone on the
list has a recommendation for which one might suit my needs best? I should add
that I am running CentOS 7.
Will you be using an XSLT stylesheet to do the work? There's a somewhat steep
learning curve, but in my experience it's the most reliable method for parsing
XML except in the very simplest of cases.
In that case, the libxslt stuff may be what you want:
http://xmlsoft.org/libxslt/
The command-line tool is xsltproc.
Again, it's not easy to use, but once you've built a toolchain, it will be
reliable and fairly easy to modify if the source XML schema change.
I just checked and I cannot see that the organization publishing these data
files offer any XSLT stylesheet. IOW, I am, perhaps incorrectly, assuming that
the publisher of the data would be one with said stylesheet. (Although perhaps
that is something an end-user could put together as well??)
Although the data format of each data series is unique, it is simple and could
conceivably be parsed using grep but I am looking for a more "forward-looking"
solution for other applications in the future.
If XSLT stylesheets are not available - would you suggest another tool? Or,
would you suggest I design sheets, presumably one for for each data series?
I used in the past xmlstarlet (available in epel) for quick parsing from
within bash scripts.
For something more robust, maybe switch to python ? (ymmv)
just for a value grep use xmllint (its in libxml2 package):
Example:
XML input:
?>OK
bash var:
STATUS=$(echo ${RESPONSE} | xmllint --format --xpath
"//methodResponse/params/param/value/string/text()" - 2>/dev/null)
--
Leon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Bare metal vs. virtualization: Proxmox + Ceph + CentOS ?
Am 14.03.21 um 07:13 schrieb Nicolas Kovacs: Now here’s the problem: it took me three and a half days of intense work to restore everything and get everything running again. Three and a half days of downtime is quite a stretch. What was the real problem? Why did you need days to restore from backups? Maybe the new solution is attached here? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] qemu-kvm images of old Windows XP SP3
Am 13.03.21 um 16:03 schrieb David McGuffey: I have a Nikon slide scanner (very high quality) for which the software has not been updated. It last ran on WinXP SP3 and I was not able to get it to run under Win 7 and certainly not Win 10. Anyone know where I can obtain images of this old OS to run in CentOS 7 under kvm? Its not FOSS but checkout VueScan. Maybe just changing the software instead the OS is more hassle free ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] remote disk decryption on centos?
Am 12.03.21 um 22:51 schrieb ept8e...@secmail.pro: Hi I was reading about how unlock encrypted root partition from remote (unattended). I'd like asking what is compatible way for this in centos and commonly used by administrators? I think most simple is install dropbear in initramfs for allow remote SSH and manual enter passphrase. I find many HOWTO for that on debian/ubuntu, but nothing for centos. Is there any help, recommend or HOWTO available for centos? https://github.com/gsauthof/dracut-sshd -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R730xd & SD card identfication
Am 07.03.21 um 20:58 schrieb Gregory P. Ennis: On Sun, 07 Mar 2021 11:17:19 -0600 Gregory P. Ennis wrote: I have used lsblk, fdisk -l, and 'dmesg | tail' none of which demonstrate that the Centos 8 host is recognizing the SD card. Is the card formatted? Can you format it on that computer? --- Frank, I wondered the same thing? I used a usb sd card reader adapter and put attached it to a usb port on the same machine and used gparted to format an xfs partition on it. Unfortunately, when I inserted the SD card in the SD adapter in the back of the machine I could still not get Centos 8 to recognize it. Any logs (journalctl -f) while inserting? Such slots should be handled by the sdhci kernel module ... -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Koji packages
Am 03.03.21 um 18:48 schrieb Stephen John Smoogen: On Wed, 3 Mar 2021 at 12:40, Frederick wrote: Thank you! I am specifically looking for the dlm package that seems to be missing from the repos in 8. I went to https://git.centos.org/rpms/dlm but I cannot find the source. Is there anywhere I can get the source to build this package? Without it I cannot set up a gfs2 cluster on centos8. I've seen many discussions about RedHat having it but its not available for centos, so I just need the source so I can move forward. Any help would be greatly appreciated! I followed the directions in https://wiki.centos.org/Sources ``` $ mkdir centos-sources; cd centos-sources $ git clone https://git.centos.org/centos-git-common.git $ git clone https://git.centos.org/rpms/dlm.git -b c8 $ cd dlm $ ../centos-git-common/get_sources.sh Retrieving https://git.centos.org/sources/dlm/c8/3655865fa215e6b50e6b82ba66cb13f2d8005f67 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 124k 100 124k0 0 443k 0 --:--:-- --:--:-- --:--:-- 443k $ ls SOURCES/ SPECS/ $ ls SOURCES/ dlm-4.0.9.tar.gz $ ls SPECS/ dlm.spec ``` or https://vault.centos.org/centos/8/BaseOS/Source/SPackages/dlm-4.0.9-3.el8.src.rpm -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
