Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update On Scientific Linux

Published bySheena Doyle Modified over 6 years ago

Similar presentations

Presentation on theme: "Update On Scientific Linux"— Presentation transcript:

1 Update On Scientific Linux
Connie Sieh Pat Riehecky Hepix Fall 2012 Oct 16, 2012

2 Scientific Linux Presentation Overview The last six months
What we are currently working on What we see in the future Topics for conversation

3 Scientific Linux The Past Six Months
The following statistics were gathered from ftp.scientificlinux.org log files These numbers are a minimum. We know that the real numbers are higher. The values we have are based on yum downloads of security errata We currently have 80 public mirrors. These statistics do not represent any of the mirror sites.

4 Scientific Linux The Past Seven Months

5 Scientific Linux The Past Six Months
S.L. 6.3 released – Aug 2012 For i386 and x86_64 Programs changed since SL 6.2 Openafs, yum-autoupdate livecd-tools, liveusb-creator Programs added with SL 6.3 Repositories: rpmfusion

6 Scientific Linux The Past Six Months
SL Live 6.3 released – Aug 2012 Web site is at For i386 and x86_64 CD, DVD, mini-CD Uses anaconda to install to a hard drive Liveusb-creator makes it trivial to create a LiveUSB from the CD/DVD images. LiveCD-tools makes it easier for people to create their own LiveCD

7 Scientific Linux The Past Six Months
SL 4.9 End of Life February 2012 ftp.scientificlinux.org 4.x tree's are in the “obsolete” area as of April 2012 There are known, un-patched security problems

8 Scientific Linux The Past Six Months
Security updates continually released for all supported versions Fastbugs updates consistently released weekly for latest versions of SL5 and SL6

9 Scientific Linux Present Challenges
Errata dependencies aren't so simple Upstream packaging inconsistencies Xorg security update for SL6 ABI changed, but the rpm didn't note this! Out of date packages from previous point releases libproxy-mozjs requires firefox-3.6 from 6.2 or earlier repoclosure found this for 6.3 libvirt-qpid requires qpid-0.12 from 6.2 or earlier Complex inter-dependencies virt-viewer requires qpid-xxx, which requires libvirt-yyy, which requires spice-zzz repoclosure finds these and problems can be resolved before public release

10 Scientific Linux Present Challenges
More complex problems exist There is no way repoclosure can help with 'conflicts'. There isn't a predefined solution for most conflicts. RPM 'provides' sometimes change in unexpected ways. Old packages then prevent the installation of new ones. You have qpid-0.12 and libvirt-qpid-0.2 but there is a new version of qpid with different provides. There is no new version of libvirt-qpid looking for the new provides. What is the right response? Don't patch? Remove libvirt-qpid? qpid-0.12 qpid-0.14 libvirt-qpid-0.2

11 Scientific Linux Present Challenges
spice-glib el6_3.1.i686.rpm spice-glib el6_3.1.x86_64.rpm spice-gtk el6_3.1.i686.rpm spice-gtk el6_3.1.x86_64.rpm spice-glib-devel el6_3.1.i686.rpm spice-glib-devel el6_3.1.x86_64.rpm spice-gtk-devel el6_3.1.i686.rpm spice-gtk-devel el6_3.1.x86_64.rpm spice-gtk-tools el6_3.1.x86_64.rpm Dependencies: gtk el6.i686.rpm gtk el6.x86_64.rpm gtk2-devel el6.i686.rpm gtk2-devel el6.x86_64.rpm gtk2-immodules el6.i686.rpm gtk2-immodules el6.x86_64.rpm gtk2-immodule-xim el6.i686.rpm gtk2-immodule-xim el6.x86_64.rpm libcacard el6.x86_64.rpm libcacard-devel el6.x86_64.rpm libcacard-tools el6.x86_64.rpm libusb rc1.el6.i686.rpm libusb rc1.el6.x86_64.rpm libusb1-devel rc1.el6.i686.rpm libusb1-devel rc1.el6.x86_64.rpm libusb1-static rc1.el6.x86_64.rpm spice-protocol el6.noarch.rpm virt-viewer el6.i686.rpm Surprise for 6.1 and 6.2 But not required for 6.0

12 Scientific Linux Present Challenges
OpenAFS and SL6.3 There is an issue with the AFS cache Read/Write may fail, hang, or be very slow. If your cache is on EXT4 and was in use on a previous kernel (before el6) and your system is 32-bit. If you update to a kernel >= el6 you may be affected.

13 Scientific Linux Present Challenges
OpenAFS and SL6.3 On SL6 OpenAFS is implemented with a kmod The goal was to avoid rebuilding OpenAFS with each new kernel (see SL5) Signatures are generated from the kernel functions to help identify when they have changed Not so helpful when the internal logic changes but the function call/return values didn't

14 Scientific Linux Present Challenges
OpenAFS and SL6.3 Current theories With 6.3, upstream has switched the inodes to 64bit for all arches, rather than just x86_64 The OpenAFS cache seems to be caching by inode, not filename This means searches never return a valid inode on the filesystem because the 32bit value is not a 64bit value Rebuilding the OpenAFS cache in /var/cache/afs always fixes this

15 Scientific Linux Future
OpenAFS and SL6.3 Current plans: The SL OpenAFS packager (Stephan Wiesand) is at the European AFS and Kerberos Conference. One proposal is a more restrictive use of kmods Having them require >= a specified kernel version might help.

16 Scientific Linux What we see in the future
SL updateinfo.xml is in ALPHA right now This provides metadata for yum-plugin-security Provides for easy CVE search Provides a description of the update, typically with reasons for applying the update Allows filtering based on severity It is currently in 6rolling Currently only security errata See example on next slide Roll out plan still a ways off, testing is not completed

17 Scientific Linux What we see in the future
]# yum info-sec ============================================== Security ERRATA Important: openjpeg on SL6.x i386/x86_64 Update ID : SLSA-2012: Release : Scientific Linux Type : security Status : final Issued : Bugs : openjpeg: heap-based buffer overflow CVEs : CVE Description : OpenJPEG is an open source library for reading and writing image : files in JPEG 2000 format. It was found that OpenJPEG failed to : sanity-check an image header field before using it. A remote attacker : could provide a specially-crafted image file that could cause an : application linked against OpenJPEG to crash or, possibly, execute : arbitrary code. (CVE ). All running applications : using OpenJPEG must be restarted for the update to take effect. Severity : important

18 Scientific Linux What we see in the future
Continue to have security updates for all releases of SL 5 and 6. Continue to have fastbug updates for only the latest releases of SL 5 and 6. Note TUV extension of Lifetime from 7 to 10 years Scientific Linux plans to follow this too

19 Scientific Linux What we see in the future
Red Hat Developer Toolset Newer compilers Can be installed in parallel with existing compilers Power users can have the latest gcc/g++ if they want to use it Existing compilers will function as normal Invoked via 'scl' (software collections) Alpha planned for the future. Watch scientific-linux-devel

20 Scientific Linux Discussion topics
RHEL 5.9 is in Private Beta (Sept 21, 2012) Should we treat it more like SL6? Don't automatically integrate fastbugs or security errata into the main tree Packages would be available as always, but in the security/fastbugs repo where they belong Original reasoning no longer applies, anaconda can do this for us now.

21 Scientific Linux Discussion topics
SL 5.9 and 6.4 Should the default repos point to 5x and 6x instead of the point releases? Pros: You are much less likely to experience errata install problems. Cons: If you expect to remain at a point release you must do something extra.

22 Scientific Linux Discussion topics
SL 7? Coming perhaps in 2013? Default to 7x rather than 7.0, 7.1, et al. ? Point releases? Yes contains lots of long term maintenance concerns, and possible errata issues No is different than we've done things before Discuss on scientific-linux-devel And not right now so I can have a record of ideas and Connie can see them.

23 Scientific Linux Discussion / Questions
Other Questions?

24 Scientific Linux References
Red_Hat_Developer_Toolset/1/pdf/User_Guide/ Red_Hat_Developer_Toolset-1-User_Guide-en-US.pdf

Download ppt "Update On Scientific Linux"

Similar presentations

ATLAS Tier-3 in Geneva Szymon Gadomski, Uni GE at CSCS, November 2009 S. Gadomski, ”ATLAS T3 in Geneva, CSCS meeting, Nov 091 the Geneva ATLAS Tier-3.

ATLAS Tier-3 in Geneva Szymon Gadomski, Uni GE at CSCS, November 2009 S. Gadomski, ”ATLAS T3 in Geneva", CSCS meeting, Nov 091 the Geneva ATLAS Tier-3.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Low level CASE: Source Code Management. Source Code Management  Also known as Configuration Management  Source Code Managers are tools that: –Archive.

Low level CASE: Source Code Management. Source Code Management  Also known as Configuration Management  Source Code Managers are tools that: –Archive.
Source Code Management Or Configuration Management: How I learned to Stop Worrying and Hate My Co-workers Less.

Source Code Management Or Configuration Management: How I learned to Stop Worrying and Hate My Co-workers Less.
Regression testing Tor Stållhane. What is regression testing – 1 Regression testing is testing done to check that a system update does not re- introduce.

Regression testing Tor Stållhane. What is regression testing – 1 Regression testing is testing done to check that a system update does not re- introduce.
Downloading & Installing Software Chapter 13. Maintaining the System Yum Pirut BitTiorrent Rpm Keeping Software Up To Date Up2date Red Hat Network Wget.

Downloading & Installing Software Chapter 13. Maintaining the System Yum Pirut BitTiorrent Rpm Keeping Software Up To Date Up2date Red Hat Network Wget.
Linux Operations and Administration

Linux Operations and Administration
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
University of Maryland Bug Driven Bug Finding Chadd Williams.

University of Maryland Bug Driven Bug Finding Chadd Williams.
October,18-22 2004 Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.

October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.
1 Lecture 19 Configuration Management Software Engineering.

1 Lecture 19 Configuration Management Software Engineering.
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.

 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
Usability Issues Documentation J. Apostolakis for Geant4 16 January 2009.

Usability Issues Documentation J. Apostolakis for Geant4 16 January 2009.
FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.
Washington WASHINGTON UNIVERSITY IN ST LOUIS January 7,8 2002 MSR Tutorial John DeHart Washington University, Applied Research Lab

Washington WASHINGTON UNIVERSITY IN ST LOUIS January 7, MSR Tutorial John DeHart Washington University, Applied Research Lab
Scientific Linux Infrastructure Changes Connie Sieh Pat Riehecky Hepix Fall 2012 Oct 15, 2012.

Scientific Linux Infrastructure Changes Connie Sieh Pat Riehecky Hepix Fall 2012 Oct 15, 2012.
Selenium and Selenium on Rails. Agenda  Overview of Selenium Simple Selenium Tests Selenium IDE  Overview of Selenium on Rails  Problems with Selenium.

Selenium and Selenium on Rails. Agenda  Overview of Selenium Simple Selenium Tests Selenium IDE  Overview of Selenium on Rails  Problems with Selenium.
Security monitoring boxes Andrew McNab University of Manchester.

Security monitoring boxes Andrew McNab University of Manchester.
What is a port The Ports Collection is essentially a set of Makefiles, patches, and description files placed in /usr/ports. The port includes instructions.

What is a port The Ports Collection is essentially a set of Makefiles, patches, and description files placed in /usr/ports. The port includes instructions.
Update On Scientific Linux Connie Sieh Pat Riehecky Hepix Spring 2013.

Update On Scientific Linux Connie Sieh Pat Riehecky Hepix Spring 2013.

Similar presentations

Ads by Google