Update On Scientific Linux

Slides:



Advertisements
Similar presentations
ATLAS Tier-3 in Geneva Szymon Gadomski, Uni GE at CSCS, November 2009 S. Gadomski, ”ATLAS T3 in Geneva", CSCS meeting, Nov 091 the Geneva ATLAS Tier-3.
Advertisements

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Low level CASE: Source Code Management. Source Code Management  Also known as Configuration Management  Source Code Managers are tools that: –Archive.
Source Code Management Or Configuration Management: How I learned to Stop Worrying and Hate My Co-workers Less.
Regression testing Tor Stållhane. What is regression testing – 1 Regression testing is testing done to check that a system update does not re- introduce.
Downloading & Installing Software Chapter 13. Maintaining the System Yum Pirut BitTiorrent Rpm Keeping Software Up To Date Up2date Red Hat Network Wget.
Linux Operations and Administration
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
University of Maryland Bug Driven Bug Finding Chadd Williams.
October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.
1 Lecture 19 Configuration Management Software Engineering.
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
Usability Issues Documentation J. Apostolakis for Geant4 16 January 2009.
FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.
Washington WASHINGTON UNIVERSITY IN ST LOUIS January 7, MSR Tutorial John DeHart Washington University, Applied Research Lab
Scientific Linux Infrastructure Changes Connie Sieh Pat Riehecky Hepix Fall 2012 Oct 15, 2012.
Selenium and Selenium on Rails. Agenda  Overview of Selenium Simple Selenium Tests Selenium IDE  Overview of Selenium on Rails  Problems with Selenium.
Security monitoring boxes Andrew McNab University of Manchester.
What is a port The Ports Collection is essentially a set of Makefiles, patches, and description files placed in /usr/ports. The port includes instructions.
Update On Scientific Linux Connie Sieh Pat Riehecky Hepix Spring 2013.
CS116 COMPILER ERRORS George Koutsogiannakis 1. How to work with compiler Errors The Compiler provide error messages to help you debug your code. The.
Version Control and SVN ECE 297. Why Do We Need Version Control?
SCD Monthly Projects Meeting 2014 Scientific Linux Update Rennie Scott January 14, 2014.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Scientific Linux Connie Sieh CSAM Meeting May 2, 2006.

COMMUNITY TO COMMERCE: The Red Hat/Fedora/FOSS Model Paul W. Frields Fedora Project Leader, Red Hat October 9, 2009.
PARTICIPATING IN THE FEDORA / RED HAT / FOSS MODEL Paul W. Frields Fedora Project Leader, Red Hat June 24, 2010.
FermiLinux STS Scientific Linux 6 Connie Sieh HEPIX Spring 2009 May 25, 2009.
GIT Version control. Version Control Sharing code via a centralized DB Also provides for Backtracking (going back to a previous version of code), Branching.
Update On Scientific Linux Troy Dawson HEPIX Spring 2010 April 21, 2010.
NB UML takeover by community Sergey B. Petrov Former NetBeans UML Developer Jiří Kovalský NetBeans Community Manager August 16 th, 2010.
Update On Scientific Linux Connie Sieh Hepix Spring 2012 April 25, 2012.
1 April 2, Software Packaging and Releasing Best Practices William Cohen NCSU CSC 591W April 2, 2008.
Update On Scientific Linux Connie Sieh Hepix Fall 2011 October 24, 2011.
Customizing Fedora Jeroen van Meeuwen Fedora Project.
New Tools Used by the Scientific Linux Team
Node.js Modules Header Mastering Node.js, Part 2 Eric W. Greene
SE-1021 Software Engineering II
Muen Policy & Toolchain
Protecting Memory What is there to protect in memory?
Selenium and Selenium on Rails
Installation of MySQL Objectives Contents Practical Summary
Update On Scientific Linux
Dag Toppe Larsen UiB/CERN CERN,
Protecting Memory What is there to protect in memory?
Data-Basics Training & Support
Dag Toppe Larsen UiB/CERN CERN,
Protecting Memory What is there to protect in memory?
Chapter 18 Maintaining Information Systems
BIF713 Managing Disk Space.
Multiprocessor Cache Coherency
Spacewalk and Koji at Fermilab
Journaling File Systems
Jama Options for Complex Testing variations
Gary R. Cocozzoli Lawrence Technological University
More Scripting & Chapter 11
Top 5 Issues of Mozilla Firefox Browser in Problem 1: Firefox Not Responding, Slow  Feb 2018 Firefox is not working properly. It is slow to load,
slides borrowed and adapted from Alex Mariakis and CSE 390a
CNA Processes CVE Team.
Git CS Fall 2018.
Regression testing Tor Stållhane.
Chapter 8 Software Evolution.
CSC-682 Advanced Computer Security
FreeBSD ports & packages
Perl in RPM-Land Dave Cross Magnum Solutions Ltd YAPC::Europe
CS703 - Advanced Operating Systems
Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
PyWBEM Python WBEM Client: Overview #2
Presentation transcript:

Update On Scientific Linux Connie Sieh csieh@fnal.gov Pat Riehecky riehecky@fnal.gov Hepix Fall 2012 Oct 16, 2012

Scientific Linux Presentation Overview The last six months What we are currently working on What we see in the future Topics for conversation

Scientific Linux The Past Six Months The following statistics were gathered from ftp.scientificlinux.org log files These numbers are a minimum. We know that the real numbers are higher. The values we have are based on yum downloads of security errata We currently have 80 public mirrors. These statistics do not represent any of the mirror sites.

Scientific Linux The Past Seven Months

Scientific Linux The Past Six Months S.L. 6.3 released – Aug 2012 For i386 and x86_64 Programs changed since SL 6.2 Openafs, yum-autoupdate livecd-tools, liveusb-creator Programs added with SL 6.3 Repositories: rpmfusion

Scientific Linux The Past Six Months SL Live 6.3 released – Aug 2012 Web site is at www.livecd.ethz.ch For i386 and x86_64 CD, DVD, mini-CD Uses anaconda to install to a hard drive Liveusb-creator makes it trivial to create a LiveUSB from the CD/DVD images. LiveCD-tools makes it easier for people to create their own LiveCD

Scientific Linux The Past Six Months SL 4.9 End of Life February 2012 ftp.scientificlinux.org 4.x tree's are in the “obsolete” area as of April 2012 There are known, un-patched security problems

Scientific Linux The Past Six Months Security updates continually released for all supported versions Fastbugs updates consistently released weekly for latest versions of SL5 and SL6

Scientific Linux Present Challenges Errata dependencies aren't so simple Upstream packaging inconsistencies Xorg security update for SL6 ABI changed, but the rpm didn't note this! Out of date packages from previous point releases libproxy-mozjs requires firefox-3.6 from 6.2 or earlier repoclosure found this for 6.3 libvirt-qpid requires qpid-0.12 from 6.2 or earlier Complex inter-dependencies virt-viewer requires qpid-xxx, which requires libvirt-yyy, which requires spice-zzz repoclosure finds these and problems can be resolved before public release

Scientific Linux Present Challenges More complex problems exist There is no way repoclosure can help with 'conflicts'. There isn't a predefined solution for most conflicts. RPM 'provides' sometimes change in unexpected ways. Old packages then prevent the installation of new ones. You have qpid-0.12 and libvirt-qpid-0.2 but there is a new version of qpid with different provides. There is no new version of libvirt-qpid looking for the new provides. What is the right response? Don't patch? Remove libvirt-qpid? qpid-0.12 qpid-0.14 libvirt-qpid-0.2

Scientific Linux Present Challenges spice-glib-0.11-11.el6_3.1.i686.rpm spice-glib-0.11-11.el6_3.1.x86_64.rpm spice-gtk-0.11-11.el6_3.1.i686.rpm spice-gtk-0.11-11.el6_3.1.x86_64.rpm spice-glib-devel-0.11-11.el6_3.1.i686.rpm spice-glib-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-devel-0.11-11.el6_3.1.i686.rpm spice-gtk-devel-0.11-11.el6_3.1.x86_64.rpm spice-gtk-tools-0.11-11.el6_3.1.x86_64.rpm Dependencies: gtk2-2.18.9-10.el6.i686.rpm gtk2-2.18.9-10.el6.x86_64.rpm gtk2-devel-2.18.9-10.el6.i686.rpm gtk2-devel-2.18.9-10.el6.x86_64.rpm gtk2-immodules-2.18.9-10.el6.i686.rpm gtk2-immodules-2.18.9-10.el6.x86_64.rpm gtk2-immodule-xim-2.18.9-10.el6.i686.rpm gtk2-immodule-xim-2.18.9-10.el6.x86_64.rpm libcacard-0.15.0-2.el6.x86_64.rpm libcacard-devel-0.15.0-2.el6.x86_64.rpm libcacard-tools-0.15.0-2.el6.x86_64.rpm libusb1-1.0.9-0.5.rc1.el6.i686.rpm libusb1-1.0.9-0.5.rc1.el6.x86_64.rpm libusb1-devel-1.0.9-0.5.rc1.el6.i686.rpm libusb1-devel-1.0.9-0.5.rc1.el6.x86_64.rpm libusb1-static-1.0.9-0.5.rc1.el6.x86_64.rpm spice-protocol-0.10.1-5.el6.noarch.rpm virt-viewer-0.5.2-9.el6.i686.rpm Surprise for 6.1 and 6.2 But not required for 6.0

Scientific Linux Present Challenges OpenAFS and SL6.3 There is an issue with the AFS cache Read/Write may fail, hang, or be very slow. If your cache is on EXT4 and was in use on a previous kernel (before 2.6.32-279.el6) and your system is 32-bit. If you update to a kernel >= 2.6.32-279.el6 you may be affected.

Scientific Linux Present Challenges OpenAFS and SL6.3 On SL6 OpenAFS is implemented with a kmod The goal was to avoid rebuilding OpenAFS with each new kernel (see SL5) Signatures are generated from the kernel functions to help identify when they have changed Not so helpful when the internal logic changes but the function call/return values didn't

Scientific Linux Present Challenges OpenAFS and SL6.3 Current theories With 6.3, upstream has switched the inodes to 64bit for all arches, rather than just x86_64 The OpenAFS cache seems to be caching by inode, not filename This means searches never return a valid inode on the filesystem because the 32bit value is not a 64bit value Rebuilding the OpenAFS cache in /var/cache/afs always fixes this

Scientific Linux Future OpenAFS and SL6.3 Current plans: The SL OpenAFS packager (Stephan Wiesand) is at the European AFS and Kerberos Conference. One proposal is a more restrictive use of kmods Having them require >= a specified kernel version might help.

Scientific Linux What we see in the future SL updateinfo.xml is in ALPHA right now This provides metadata for yum-plugin-security Provides for easy CVE search Provides a description of the update, typically with reasons for applying the update Allows filtering based on severity It is currently in 6rolling Currently only security errata See example on next slide Roll out plan still a ways off, testing is not completed

Scientific Linux What we see in the future ]# yum info-sec ============================================== Security ERRATA Important: openjpeg on SL6.x i386/x86_64 Update ID : SLSA-2012:1283-01 Release : Scientific Linux Type : security Status : final Issued : 2012-09-17 Bugs : 842918 - openjpeg: heap-based buffer overflow CVEs : CVE-2012-3535 Description : OpenJPEG is an open source library for reading and writing image : files in JPEG 2000 format. It was found that OpenJPEG failed to : sanity-check an image header field before using it. A remote attacker : could provide a specially-crafted image file that could cause an : application linked against OpenJPEG to crash or, possibly, execute : arbitrary code. (CVE-2012-3535). All running applications : using OpenJPEG must be restarted for the update to take effect. Severity : important

Scientific Linux What we see in the future Continue to have security updates for all releases of SL 5 and 6. Continue to have fastbug updates for only the latest releases of SL 5 and 6. Note TUV extension of Lifetime from 7 to 10 years Scientific Linux plans to follow this too

Scientific Linux What we see in the future Red Hat Developer Toolset Newer compilers Can be installed in parallel with existing compilers Power users can have the latest gcc/g++ if they want to use it Existing compilers will function as normal Invoked via 'scl' (software collections) Alpha planned for the future. Watch scientific-linux-devel

Scientific Linux Discussion topics RHEL 5.9 is in Private Beta (Sept 21, 2012) Should we treat it more like SL6? Don't automatically integrate fastbugs or security errata into the main tree Packages would be available as always, but in the security/fastbugs repo where they belong Original reasoning no longer applies, anaconda can do this for us now.

Scientific Linux Discussion topics SL 5.9 and 6.4 Should the default repos point to 5x and 6x instead of the point releases? Pros: You are much less likely to experience errata install problems. Cons: If you expect to remain at a point release you must do something extra.

Scientific Linux Discussion topics SL 7? Coming perhaps in 2013? Default to 7x rather than 7.0, 7.1, et al. ? Point releases? Yes contains lots of long term maintenance concerns, and possible errata issues No is different than we've done things before Discuss on scientific-linux-devel And not right now so I can have a record of ideas and Connie can see them.

Scientific Linux Discussion / Questions Other Questions?

Scientific Linux References http://www.scientificlinux.org/ http://www.scientificlinux.org/download/mirrors http://www.livecd.ethz.ch/ https://www.redhat.com/licenses/ https://www.redhat.com/licenses/rhel_us_appendix1.pdf https://access.redhat.com/knowledge/docs/en-US/ Red_Hat_Developer_Toolset/1/pdf/User_Guide/ Red_Hat_Developer_Toolset-1-User_Guide-en-US.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.