Re: [CentOS] CentOS advisories for 8 release
Hi Olivier, this question got several answers. Since C8 was release updates on announces ML are not available because the tool that provides notification does not work with the new tool that is used to build packages. Actually I use RHEL advisory, but this require a RH account (not subscription). I asked some days ago and I got this answer: Start Quote: As I understand some kind of mapping must be implemented for indexcode+gitcommitid beetween CentOS and RH ... https://lists.centos.org/pipermail/centos/2020-August/351263.html End Quote: So seems that something boils in the pot. We must only wait. My 2 Cents Hello Alessandro, Thanks for your answer. Actually my question was about more 8-Stream. Sorry. I think my message was not clear. I knew that for CentOS 8, we have to wait but it was before the transition between 8 and stream. So I'm now actually worried for the future. I think it's important to have security advisories for a distribution. All the main distributions have a security team and I always found that it was a lack for CentOS even if of course we could use the RedHat advisories. CentOS Stream is a big change and something very different so I would love to know if advisoires publications will be part of that new project. Thanks for your answers Regards, Olivier ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS advisories for 8 release
Hello dear CentOS community, I'm writing on this mailing list because I'm discovering CentOS 8 after several years of practice on CentOS 7. One of my main concern about a distribution is Bug Fixes and Security Fixes. For CentOS 7, all fixes where identified on CentOS-Announces lists with CESA, CEBA and CEEA which is a good thing in order to identify how a distribution can be broken, vulnerable. However, I didn't find any announcement for CentOS 8. I tried to investigate about any changes about announcement policies but I didn't find anything reliable. So I'm asking here what is exactly the status about announcements for CentOS 8 ? Is it a thing who totally disappeared replaced by Red Hat advisories or is it something different ? Or maybe it is just not planned yet ? Explanations would be very welcomed. Thanks for your answer Regards, Olivier Bonhomme ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS ISO Build process
Hello the list, For a personal use, I would be intersted in creating my own custom CentOS ISO. For that, I would love to use the build process used for the the official ISOs generation. Is the documentation about this release process and the relative tools and configuration files are available and public for CentOS 7 ? If yes, where is it possible to find them ? I found data on seven.centos.org and livecd-tools but I'm not sure if it is the real used process. Thanks for your answers Regards, Olivier Bonhomme ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLSv1.2 support for lftp on CentOS 6.x
On Tue, Aug 02, 2016 at 03:29:07PM +, Olivier BONHOMME wrote: > On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote: > So the question is: Is that behaviour can be considered as an lftp bug or not > ? Hello again, Just answering to myself and the list for a conclusion. lftp in CentOS uses the default priority provided by gnutls and it's not possible to override it in lftp 4.0.9 provided in CentOS 6. Howerver, the ssl:priority feature has been implemented in lftp 4.6.2 (https://github.com/lavv17/lftp/commit/b406805d2b3d4c9a88e24363980e5717e61d0948) and there is also a backport RHEL/CentOS for CentOS 7 (https://git.centos.org/blob/rpms!lftp/373a02466b773fe2dbbfde702aec1848e006ba70/SOURCES!lftp-4.4.8-ssl-tls-restrict.patch) I think it could be nice if that feature could be backported into the CentOS 6 lftp version. Regards, Olivier ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLSv1.2 support for lftp on CentOS 6.x
On Tue, Aug 02, 2016 at 02:56:26PM +, Olivier BONHOMME wrote:
> Hello Tom,
>
> It's indeed an interesting way. I didn't think about something just disabled.
> I
> browsed, gnutls rpm changelog and I saw this :
>
> * Thu May 3 2012 Tomas Mraz 2.8.5-7
> - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default)
>
> So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it
> because it can't force it.
>
> I tried browsing the code and RPM patches but I was unable to find where this
> disable thing is.
>
> Does anybody have an idea ?
Hello guy,
I think i found something. If we look into the upstream source provided in the
GNUTLS SRPM, we have on the file lib/gnutls_priority.c:
static const int protocol_priority[] = {
/* GNUTLS_TLS1_2, -- not finalized yet! */
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
GNUTLS_SSL3,
0
};
So I guess that if even if TLS1.2 is implemented in the CentOS version, the
default priority doesn't allow to use TLS1.2.
And I think that lftp doesn't allow to force this priority, that's why I can't
use TLS1.2 and only at least TLS1.1.
So the question is: Is that behaviour can be considered as an lftp bug or not ?
Regards,
Olivier
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLSv1.2 support for lftp on CentOS 6.x
On Tue, Aug 02, 2016 at 02:13:31PM +0100, Tom Grace wrote: > On 02/08/2016 12:11, Olivier BONHOMME wrote: > > So my question is : Can lftp provided by CentOS (of course last version in > > the > > 6.x branch), do TLSv1.2 connection ? > It may not be related, but in the past I have needed to rebuild libNSS > and Curl in CentOS 6 due to an upstream patch the explicitly disabled > TLSv1.2 in the default list of supported versions. > As I recall, this was done to maintain support for servers that could > not work when the negotiation of SSL/TLS was longer than X bytes. > Unfortunately, I can't find the bug I referenced at the time. > > If it's like Curl, you might be able to explicitly enable TLSv1.2 on the > command line, else I suspect you could recompile the source RPM, > removing patches if required. Hello Tom, It's indeed an interesting way. I didn't think about something just disabled. I browsed, gnutls rpm changelog and I saw this : * Thu May 3 2012 Tomas Mraz 2.8.5-7 - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default) So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it because it can't force it. I tried browsing the code and RPM patches but I was unable to find where this disable thing is. Does anybody have an idea ? Regards, Olivier ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] TLSv1.2 support for lftp on CentOS 6.x
On Tue, Aug 02, 2016 at 07:36:02AM -0500, Johnny Hughes wrote: > The latest lftp in CentOS-6.8 is version: lftp-4.0.9-6.el6_8.2. It was > built on July 12, 2016. > > That was built with nss-3.21.0-8.el6 in the build root. > > If you have the latest installed, it would seem that it should be able > to work. > Hello Johnny, Thanks for your answer. On my system, I'm up-to-date for lftp version. It's also the same for gnutls. However, I feel about confused : You mentioned that lftp has been built with nss. But for me, lftp uses GNUTLS for crypto operation and not NSS. Did I miss something ? Regards, Olivier ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] TLSv1.2 support for lftp on CentOS 6.x
Hello everybody, I am writing on that mailing list because I have an issue using lftp and I would love to have more infos about features available on the LFTP version provided by CentOS 6. I try to connect to a ftp server in secured mode using FTPS explicit and I would love to use TLSv1.2. After several tries, I understood that the TLS negociation was not possible using TLSv1.2 (It works only with TLSv1.1) but my issue is I don't understand why : - The GNU TLS Library provided by CentOS is TLSv1.2 compliant. I can use gnutls-cli in order to make a TLSv1.2 connection - It also works pefectly with an openssl client, so it's not a server side issue. - I don't see anything in the lftp changelog or features list saying that lftp is not compliant with TLSv1.2. So my question is : Can lftp provided by CentOS (of course last version in the 6.x branch), do TLSv1.2 connection ? If it is not possible, I can deal with it but I'm curious to know if it is a feature or a bug. Indeed if it's a bug it could be interesting to submit an issue for a potential resolution. Thanks for your answers Regards, Olivier Bonhomme ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [YUM] - Issue on package removal order on CentOS 5
Le 05/11/2011 17:52, Ned Slider a écrit : > Yes, the script content. Unfortunately, the script is a big perl script so it's difficult to integrate it. But thanks for the idea. I will note for a next time :) > >>> This is better than simply testing the script exists before running it >>> as if it doesn't then it doesn't get run and presumably that is not the >>> desired outcome. >> >> In my case, it's not a big deal because, if the binary is not here, that >> means the main app package is not here anymore and in that case it >> doesn't make sense to execute the script. >> > > Well that depends on what the script does I guess. In your case it may > well be fine. Yes I think it's ok. Regards, Olivier BONHOMME ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [YUM] - Issue on package removal order on CentOS 5
Le 05/11/2011 17:14, Ned Slider a écrit : > Quite possibly, I don't know. > > In which case, if such a bug does exist and is affecting you, I would > place the script within %postun of each package that needs it rather > than calling the script as a file that might have already been removed. Hello Ned, Sorry but I am a little bit confused. Now, it's the case : the script is in the %postun block for each RPM which needs it. But maybe, there is a misunderstanding. Are you talking about the script content ? > This is better than simply testing the script exists before running it > as if it doesn't then it doesn't get run and presumably that is not the > desired outcome. In my case, it's not a big deal because, if the binary is not here, that means the main app package is not here anymore and in that case it doesn't make sense to execute the script. There are many ways of working around such a bug. I thought the test way the best in that case. Of course it works, but it is a bit ugly and i don't think there is pretty solution for that. Regards, Olivier BONHOMME ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [YUM] - Issue on package removal order on CentOS 5
Le 05/11/2011 16:19, Ned Slider a écrit :
> On 05/11/11 14:40, Olivier BONHOMME wrote:
>> Le 05/11/2011 15:29, Ned Slider a écrit :
>>> Please post your spec file to a pastebin for us to see.
>>>
>>
>> Hello,
>>
>> Here it is : http://ares.ptitoliv.net/~ptitoliv/fusiondirectory.spec
>>
>
> Rather than making the Requires specific to a package:
>
> Requires(postun): fusiondirectory>= %{version}
>
> try making it specific to the script that needs to be run. For example:
>
> Requires(postun): /full/path/to/script.sh
>
Hello,
Thanks for you answer
Already tested and it is the same behaviour :(
After googling a little bit, I found this :
https://bugzilla.redhat.com/show_bug.cgi?id=448153
Could that explaing such an issue ?
Regards,
Olivier BONHOMME
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [YUM] - Issue on package removal order on CentOS 5
Le 05/11/2011 15:29, Ned Slider a écrit : > Please post your spec file to a pastebin for us to see. > Hello, Here it is : http://ares.ptitoliv.net/~ptitoliv/fusiondirectory.spec Regards, Olivier BONHOMME ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [YUM] - Issue on package removal order on CentOS 5
Hello,
I post here because I have an embarassing issue considering the yum
version provided with CentOS 5.
I am trying to package an application for CentOS. So I wrote my own
specfile which is composed of declaration of various packages (main
application and plugins for this applications).
In that the configuration, the plugins RPM depends on the main
application RPM because. Moreover, in all %postun blocks I execute a
script which is provided my the main app RPM.
My issue is that when I try to remove the packages with the yum remove
command, the main app RPM is erased before the plugin RPM and in that
case the postun scriptlets for the plugin fails because my script is not
available anymore.
As I read on the RPM and YUM doc, I used in the SPEC file the following
instructions :
Requires(post): mainapp >= %{version}
Requires(postun): mainapp >= %{version}
But even with this declaration, yum removes the RPM in bad order :
Erasing: mainapp 1/2
Erasing: mainapp-plugin 2/2
/var/tmp/rpm-tmp.48257: line 1: /usr/sbin/mainapp-setup: No such file or
directory
As a note, I say that I use a unique specfile for all my application.
So is there a bug with yum or do I something wrong ?
For now, I use an ugly workaround which tests the availability of the
script in the postun block but I don't like it.
Thanks in advance for your answers.
Regards,
Olivier BONHOMME
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
