I'm trying to build a bugfixed anaconda package for 5.3 x84_64, but there
are some fairly basic failures, like pkg-config .pc files not being found.
When I modify the spec file accordingly, linking fails because installed
libraries are not found.
$ rpmbuild -ba anaconda.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.25019
+ umask 022
+ cd /usr/src/redhat/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /usr/src/redhat/BUILD
+ rm -rf anaconda-11.1.2.168
+ /usr/bin/bzip2 -dc /usr/src/…
[View More]redhat/SOURCES/anaconda-11.1.2.168.tar.bz2
+ tar -xf -
...
for d in isys wlite stubs loader2 po textw utils scripts bootdisk installclasses iw pixmaps isomd5sum command-stubs ui fonts; do make -C $d depend; done
make[1]: Entering directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/isys'
grep NFS_MOUNT_VERSION /usr/include/linux/nfs_mount.h | sed -e 's/NFS/KERNEL_NFS/' > nfs_mountversion.h
Package libdhcp6client was not found in the pkg-config search path.
Perhaps you should add the directory containing `libdhcp6client.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libdhcp6client', required by 'libdhcp', not found
cc -E -M -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall -Werror -D_GNU_SOURCE
=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE=1 -D_LARGEFILE64_SOURCE=1 -DUSESELINUX=1 -I/usr/include/python2.4 -I.. -DHAVE_NFS nfsmount.c nfsmount_clnt.c
nfsmount_xdr.c imount.c smp.c devnodes.c cpio.c uncpio.c dasd.c lang.c isofs.c dns.c linkdetect.c vio.c ethtool.c wireless.c eddsupport.c nl.c str.c auditd.
c isys.c > .depend
In file included from isys.c:55:
/usr/include/libdhcp/pump.h:78:22: error: dhcp_nic.h: No such file or directory
make[1]: *** [depend] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/isys'
make[1]: Entering directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/wlite'
make[1]: *** No rule to make target `depend'. Stop.
make[1]: Leaving directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/wlite'
make[1]: Entering directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/stubs'
make[1]: Nothing to be done for `depend'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/anaconda-11.1.2.168/stubs'
Package libdhcp6client was not found in the pkg-config search path.
Perhaps you should add the directory containing `libdhcp6client.pc'
to the PKG_CONFIG_PATH environment variable
Package 'libdhcp6client', required by 'libdhcp', not found
...
etc. Any ideas how to fix this? The same package builds find under i386.
---------------------------------------------------------------
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---------------------------------------------------------------
[View Less]
> From: Jerry Geis <geisj(a)pagestation.com>
> To: CentOS ML <centos(a)centos.org>
> Sent: Monday, 24 August, 2009 14:32:00
> Subject: [CentOS] self signing certificates
>
> hi all,
>
> I have gone through the process of self signing certificates.
> Aside from the pop-ups about not trusted etc... everything
> appears to work.
>
> For "internal" applications what do people/places do?
> It would be nice to be seamless and have the "your not …
[View More]trusted"
> window pop-up.
>
As someone else previously detailed, you really need to have a root
signing CA that only signs certs for your issuing CAs and then use
the issuing CAs to sign end use certificates of whatever types you
deem appropriate. It is considered required practice that root CA
and issuing CAs must be physically isolated from all network
connections and that floppy or sneaker net must be used to handle
incoming CSR and outgoing CERTS. If you are simply using certs for
encryption and not for authentication then this practice probably
can be safely dispensed with. If you ARE using certs for
authentication then this provision is absolutely required.
The arrangement of self-signed root CA <--CSR--- Issuing CA
<--CSR--- end-user is now critical for Firefox users. Releases in
the 3.x series will no longer trust any self-signed CA certificate.
So, to avoid the warning box in Firefox you must have the end use
certificates signed by an intermediate CA whose own certificate may
however be signed by a self-signed root.
> Yet this is not a public web site either. Just internal use.
> The server might be on the internet but people from the internet
> are not using it.
>
Well, the available software has no way of figuring that out for
itself, so it makes no difference. And, to be precise, "people from
the internet should not be using it", which is rather a different
thing.
> I presume there is no way to by-pass the certificate signing
> process - even for internal apps.
> Is there?
>
Not unless you can live with the warning boxes.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
[View Less]
Hello,
is there a known problem with the new kernel for CentOS 5.3?
Till today, my server works without any problems. But after updating to
the new kernel 2.6.18-128.7.1.el5 the system freezes completely with no
more access by keyboard or over network. The last message
in /var/log/messages is 'Aug 25 14:07:41 weidenwinde kernel: hdg:
dma_timer_expiry: dma status == 0x21'.
I have not change my hardware, have not change configuration and till
this new kernel the system was running without any …
[View More]problems. The
harddisks are younger than a year.
Is someone else this seeing?
regards
Olaf
[View Less]
hi all,
I have gone through the process of self signing certificates.
Aside from the pop-ups about not trusted etc... everything appears to work.
For "internal" applications what do people/places do?
It would be nice to be seamless and have the "your not trusted" window
pop-up.
Yet this is not a public web site either. Just internal use.
The server might be on the internet but people from the internet are not
using it.
I presume there is no way to by-pass the certificate signing process -
…
[View More]even for internal apps.
Is there?
Thanks,
Jerry
[View Less]
Hi
I am not saying that this is the solution but I am saying that it
might be worth a short, even if it works for you I would still fine
tune it depending on your configs, a lot of the time fine tuning samba
is a pain and most of the time it actually comes down to crappy
network performance I.E the nic seems to be working but it actually
has a fault.
Regards
Per Qvindesland
--- Original message follows ---
SUBJECT: Re: [CentOS] Samba "use sendfile" configuration option set
do disabled as …
[View More]default - why?
FROM: Christoph Maser
TO: "CentOS mailing list"
DATE: 24-08-2009 13:27
Am Montag, den 24.08.2009, 13:24 +0200 schrieb Per Qvindesland:
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
These options are often found if you search for samba tuning. Did
someone actaully benchmark the results? Shouldn't tuning buffers
manuall
be oboslete nowadays? I somewhat doubt this is THE solution for slow
sambas.
Chris
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939
München | Germany
Frankfurt branch office/Niederlassung Frankfurt: Messeturm |
Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany
Management board/Vorstand: Dr. Steffen Boehnert (CEO/Vorsitzender) |
Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach
Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden
(chairman/Vorsitzender)
Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID
number/St.Nr.: DE205 370 553
_______________________________________________
CentOS mailing list
CentOS(a)centos.org
http://lists.centos.org/mailman/listinfo/centos
[View Less]
Does anyone have access to the xorg-x11-server-1.1.1-48.53.el5 (or
later) SRPM - which may be part of 5.4 beta?
It's mentioned as having a fix for Bugzilla #448586
<https://bugzilla.redhat.com/show_bug.cgi?id=448586>
I what to see if it fixes a X11 crash we're having.
Thanks
James Pearson
Keith Keller <kkeller(a)speakeasy.net> wrote:
>>
If you're going to go through that much trouble
<<
Although I didn't quote the entire process here (copyright, time, etc.)
it's only one command, the adding of one line to the Apache httpd.conf,
(probably) scp'ing the files onto the server and providing a link on a page
somewhere. Oh, and reloading Apache. 5 mins, tops. If you're a slow typist.
But I must admit, I've not bothered to do it myself. One of these days. . .
Best,
…
[View More]
--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
[View Less]
Jerry Geis <geisj(a)pagestation.com> wrote:
>>
Was just trying to find a way so that users that "dont know" what this
box is that is poping up wont even see the box.
<<
Can't you install your own root certificate into the internal client
browsers? The book "Network Security Hacks" (Andrew Lockhart, O'Reilly)
gives a procedure for doing this (p. 112). You generate a .der file from
the cacert.pem file, add a new mime type in the Apache config and then make
the pem and der …
[View More]files available on your server. The users can now install
the new root cert by just clicking on a link.
(Sorry if this has already been covered - I wasn't paying attention to the
earlier discussion).
Best,
--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
[View Less]
Hi,
# uname -a Linux obfuscated.example.com 2.6.18-128.4.1.el5 #1 SMP Tue
Aug 4 20:23:34 EDT 2009 i686 i686 i386 GNU/Linux
I noticed a few days ago that I'm not getting my logwatch emails to the
root account any longer, and while I've definitely been applying updates
from base, no other changes have happened on this box.
I ran logwatch at the command line:
logwatch --detail medium --mailto root(a)fqdn.example.com
but still no email.
As expected, /etc/cron.daily has the following entry:
…
[View More]lrwxrwxrwx 1 root root 39 Jul 30 2008 0logwatch ->
/usr/share/logwatch/scripts/logwatch.pl
Where should I start looking to figure out why logwatch seems not to be
doing its thing?
Thanks in advance,
-Ray
[View Less]
Everyone,
This morning I received a notice from PayPal that one of our sites got
hacked and was spoofing a PayPal web site.
When I checked the the site, I was surprised to find they were correct.
About 5 days a go we had a server that got hacked and somehow the file
paypal.com.tar got uploaded to our server and then stored in a a
subdirectory of /var/www/.
I had previously started a mysqld server and planned on using it for web
authorizations. I had not been able to work on it, but left it …
[View More]in
place. I looked like the hacker downloaded his paypal spoof files into
a subdirectory of /var/www/phpmyadmin.
I am running 5.3 with all current updates.
I do not have telnet or ftp active on this server, and have password
authentication of sshd turned off.
I have tried to obtain dialog with PayPal about this but they have not
responded to my queries. If any of you have had some experience with
this I would be interested in knowing how this may have happened. I
have shutdown the mysqld server as well as removed access in httpd.conf
of the /var/www/phpmyadmin directory in order to shutdown the spoofing
site.
If any of you have a leg up on this I would appreciate your help.
Greg Ennis
P.S. I found the following entry in my error_log of /var/log/httpd/ :
[Sun Aug 16 04:26:19 2009] [info] Server built: Jul 14 2009 06:02:39
--00:21:14-- http://code.go.ro/paypal.com.tar
Resolving code.go.ro... 81.196.20.134
Connecting to code.go.ro|81.196.20.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 645120 (630K) [application/x-tar]
Saving to: `paypal.com.tar'
0K .......... .......... .......... .......... .......... 7% 70.0K 8s
50K .......... .......... .......... .......... .......... 15% 265K 5s
100K .......... .......... .......... .......... .......... 23% 284K 3s
150K .......... .......... .......... .......... .......... 31% 1.81M 2s
200K .......... .......... .......... .......... .......... 39% 1.79M 2s
250K .......... .......... .......... .......... .......... 47% 323K 1s
300K .......... .......... .......... .......... .......... 55% 1.80M 1s
350K .......... .......... .......... .......... .......... 63% 1.76M 1s
400K .......... .......... .......... .......... .......... 71% 431K 1s
450K .......... .......... .......... .......... .......... 79% 1.77M 0s
500K .......... .......... .......... .......... .......... 87% 1.75M 0s
550K .......... .......... .......... .......... .......... 95% 1.82M 0s
600K .......... .......... .......... 100%
1.87M=1.6s
00:21:16 (405 KB/s) - `paypal.com.tar' saved [645120/645120]
sh: line 0: cd: pma: Not a directory
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error exit delayed from previous errors
[View Less]