I realize that the @everything packages option is now gone in CentOS 5.0 (ix86 and x86_64), but my experiments to date don't show how to practically simulate the same effect (and I have a good reason for doing so). I want all packages, all languages. If one installs from CD, and selects all packages and options, the resulting anaconda-ks.cfg file does not have a complete package list. For example:
- performing a kickstart install using the package list from the full-install-from-CD anaconda-ks.cfg results in a system with only about a third of the available packages, missing some notables such as openssl.
- A kickstart install with a wild-card glob in the packages list does not work either; one gets a minimal install. Wild cards evidently not supported.
- A kickstart install with a full listing of every rpm (not packages) in the %packages section does work, but it takes _two days_ of 100% CPU to resolve dependencies.
So, how do I determine the proper full package list to use in the %packages section for a kickstart install? Do I have to go grubbing around in comps.xml to find the proper package list? TIA,
Steve
On 5/1/07, Steve Thompson smt@vgersoft.com wrote:
I realize that the @everything packages option is now gone in CentOS 5.0 (ix86 and x86_64), but my experiments to date don't show how to practically simulate the same effect (and I have a good reason for doing so). I want all packages, all languages. If one installs from CD, and selects all packages and options, the resulting anaconda-ks.cfg file does not have a complete package list.
Since you can now add additional repositories at install time, how do you define 'everything' install?
- performing a kickstart install using the package list from the
full-install-from-CD anaconda-ks.cfg results in a system with only about a third of the available packages, missing some notables such as openssl.
That should be pulled in as a dependency to just about everything.
So, how do I determine the proper full package list to use in the %packages section for a kickstart install? Do I have to go grubbing around in comps.xml to find the proper package list? TIA,
Probably.
A little birdy told me that Jim Perrin said:
] On 5/1/07, Steve Thompson smt@vgersoft.com wrote: ] > I realize that the @everything packages option is now gone in CentOS 5.0 ] > (ix86 and x86_64), but my experiments to date don't show how to ] > practically simulate the same effect (and I have a good reason for doing ] > so). I want all packages, all languages. If one installs from CD, and ] > selects all packages and options, the resulting anaconda-ks.cfg file does ] > not have a complete package list. ] ] Since you can now add additional repositories at install time, how do ] you define 'everything' install?
i, for one, would have been satisfied with an: "everything from the Base respository" option... which would have included all the packages from the Base repo... basically, the what i wanted fulfilled was something approaching the same "final product" as "Everything" from the 4.x series installer...
B. Karhan simon@pop.psu.edu PRI/SSRI Unix Administrator
On Tue, 1 May 2007, Benjamin Karhan wrote:
i, for one, would have been satisfied with an: "everything from the Base respository" option... which would have included all the packages from the Base repo... basically, the what i wanted fulfilled was something approaching the same "final product" as "Everything" from the 4.x series installer...
Go to a C4 box with an @Everything install and run rpm -qa --queryformat='%{name}\n' > everything.txt
stuff that in %packages on C5 kickstart, install, clean up errors..etc
------------------------------------------------------------------------ Jim Wildman, CISSP, RHCE jim@rossberry.com http://www.rossberry.com "Society in every state is a blessing, but Government, even in its best state, is a necessary evil; in its worst state, an intolerable one." Thomas Paine
On 5/1/07, Jim Wildman jim@rossberry.com wrote:
On Tue, 1 May 2007, Benjamin Karhan wrote:
i, for one, would have been satisfied with an: "everything from the Base respository" option... which would have included all the packages from the Base repo... basically, the what i wanted fulfilled was something approaching the same "final product" as "Everything" from the 4.x series installer...
Go to a C4 box with an @Everything install and run rpm -qa --queryformat='%{name}\n' > everything.txt
stuff that in %packages on C5 kickstart, install, clean up errors..etc
or go into the RPM directory on the dvd and do a
(for x in $(ls -1 *rpm); do rpm --qf='%{name}\n' -qf $x done) | sort | uniq > everything.txt
add that to the kickstart and punt.
A little birdy told me that Stephen John Smoogen said:
] On 5/1/07, Jim Wildman jim@rossberry.com wrote: ] > On Tue, 1 May 2007, Benjamin Karhan wrote: ] > ] > > i, for one, would have been satisfied with an: ] > > "everything from the Base respository" ] > > option... which would have included all the packages from the Base ] > repo... ] > > basically, the what i wanted fulfilled was something approaching ] > > the same "final product" as "Everything" from the 4.x series installer... ] > ] > Go to a C4 box with an @Everything install and run ] > rpm -qa --queryformat='%{name}\n' > everything.txt ] > ] > stuff that in %packages on C5 kickstart, install, clean up errors..etc ] > ] ] or go into the RPM directory on the dvd and do a ] ] (for x in $(ls -1 *rpm); do ] rpm --qf='%{name}\n' -qf $x ] done) | sort | uniq > everything.txt ] ] add that to the kickstart and punt.
that IS the kind of solution that i would have to advocate... under the current scenario... the only point i was making was that there were zero extra steps to accomplish the same thing previously...
B. Karhan simon@pop.psu.edu PRI/SSRI Unix Administrator
On Tue, 2007-05-01 at 17:34 -0400, Steve Thompson wrote:
On Tue, 1 May 2007, Jim Perrin wrote:
Since you can now add additional repositories at install time, how do you define 'everything' install?
How clever of me to omit that. I meant 'everything from the base repository'.
Steve
OK Guys ...
While this may or may not be a valid thing to do ... the upstream people (startinf in FC5 (and now fc6 and fc7) have removed this option for RHEL5, fc5, fc6, fc7.
They did it for several reasons ... not the least of which is ... you _DO_NOT_NEED_ to install all packages on any machine unless you are doing something _VERY_SPECIAL.
In that case ... you can just do this after install:
yum install *
It will install everything.
_HOWEVER_ ... don't do it unless you need everything !!!!
If you think you need everything ... you probably don't ... if you really, really, really need everything then OK, install it.
:D
Thanks, Johnny Hughes
Johnny Hughes wrote:
In that case ... you can just do this after install:
yum install *
It will install everything.
_HOWEVER_ ... don't do it unless you need everything !!!!
If you think you need everything ... you probably don't ... if you really, really, really need everything then OK, install it.
How do you know if you need something unless you install and try it?
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
On 5/2/07, Les Mikesell lesmikesell@gmail.com wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
There seem to be two mindsets when it comes to stuff like this. The folks who want everything there in case they might need it down the road, and the folks who want only what they need immediately, and if something else is required they'll install it later.
I believe the latter to be the safest approach, given the ease of installing software with yum. The only reason I could possibly see for an everything install would be for a beginning user who has know idea what the package names are or what things do.
They're not providing it because they think you'll need it. They're providing it because they think SOMEONE using the distribution might need it. For example, you don't need sendmail AND exim AND postfix, you only need one of them.
Jim Perrin wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
There seem to be two mindsets when it comes to stuff like this. The folks who want everything there in case they might need it down the road, and the folks who want only what they need immediately, and if something else is required they'll install it later.
The folks who don't want everything probably wouldn't choose the 'everything' option during the install...
I believe the latter to be the safest approach, given the ease of installing software with yum. The only reason I could possibly see for an everything install would be for a beginning user who has know idea what the package names are or what things do.
Nobody knows what the packages are or what they do when installing a new system. I'd rather waste a dollar's worth of disk space and 5 minutes time during the install and have everything than the hours it can take later when something you need or want to try isn't there and you can't even read it's man page.
They're not providing it because they think you'll need it. They're providing it because they think SOMEONE using the distribution might need it.
OK - so what if you are installing a multiuser computer and you want to provide things because SOMEONE using the computer might need it? You want it to provide services and be a workstation, possibly for development, and everything else it can usefully do.
For example, you don't need sendmail AND exim AND postfix, you only need one of them.
That was never an issue back when an "everything" group was a choice. Conflicts could be more of a problem if you have to pick things you don't understand yourself, though.
Les Mikesell spake the following on 5/2/2007 12:52 PM:
Johnny Hughes wrote:
In that case ... you can just do this after install:
yum install *
It will install everything.
_HOWEVER_ ... don't do it unless you need everything !!!!
If you think you need everything ... you probably don't ... if you really, really, really need everything then OK, install it.
How do you know if you need something unless you install and try it?
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
If the distribution packager wanted you to install everything, there would not be any options of what to install. It would always be an "everything" install.
Scott Silva wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
If the distribution packager wanted you to install everything, there would not be any options of what to install. It would always be an "everything" install.
Not true. There was a time when distributions included "everything" as one among several more specialized and limited choices. Now you only get the limited versions.
Les Mikesell spake the following on 5/2/2007 2:37 PM:
Scott Silva wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
If the distribution packager wanted you to install everything, there would not be any options of what to install. It would always be an "everything" install.
Not true. There was a time when distributions included "everything" as one among several more specialized and limited choices. Now you only get the limited versions.
I have been guilty of an "everything" install in the past. It is much harder to remove things that you are not sure you need than it is to just install something you do need. If you are doing something that requires a new bit of fluff, you just need to "yum install fluff" and now you have it. I think you learn much more by knowing what and why you install something.
On Wed, 2007-05-02 at 14:58 -0700, Scott Silva wrote:
Les Mikesell spake the following on 5/2/2007 2:37 PM:
Scott Silva wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
If the distribution packager wanted you to install everything, there would not be any options of what to install. It would always be an "everything" install.
Not true. There was a time when distributions included "everything" as one among several more specialized and limited choices. Now you only get the limited versions.
I have been guilty of an "everything" install in the past. It is much harder to remove things that you are not sure you need than it is to just install something you do need. If you are doing something that requires a new bit of fluff, you just need to "yum install fluff" and now you have it. I think you learn much more by knowing what and why you install something.
Look at the RedHat security report in the thread entitled:
"security report from RHEL's Mark Cox"
You will see a 20x increase (from 3 to 60) of non-browser "Critical" security issues if you move from a "Default Install" to full install.
Note: That is not moving from a minimal install (with many fewer issues) ... but the default install (with GUI, Gnome, etc.) to a full install.
Not only are you GREATLY increasing your risk by doing a full install ... the riskiest items are the ones that you don't use (or even know what they do) that are enabled in their default setup conditions as part of the everything install. If you turn off items that you don't need that enable listening ports it will mitigate this issue somewhat.
It is not just a little bit of extra hard drive space ... it is a potential way to get your machine taken over and root kitted.
But then again, what do I know Linux or CentOS.
Thanks, Johnny Hughes
Johnny Hughes wrote:
You will see a 20x increase (from 3 to 60) of non-browser "Critical" security issues if you move from a "Default Install" to full install.
Ermm, no. That is *with* browser bugs. There were only 5 non-browser critical bugs.
See Tables 3 and 4.
Cheers,
Ralph
On Fri, 2007-05-04 at 11:02 +0200, Ralph Angenendt wrote:
Johnny Hughes wrote:
You will see a 20x increase (from 3 to 60) of non-browser "Critical" security issues if you move from a "Default Install" to full install.
Ermm, no. That is *with* browser bugs. There were only 5 non-browser critical bugs.
See Tables 3 and 4.
Ralph .. I was specifically talking about table 2 ... where critical bugs go from 3 to 60.
You are correct that the everything install (60 critical) also includes the 44 from mozilla products.
The bottom line ... more stuff means more risk :P
Thanks, Johnny Hughes
Johnny Hughes wrote:
The thing I always wanted from an 'everything' install was the expertise of the distribution packager as to whether something would likely be useful to have installed. Someone, somewhere must have known enough about the packages to decide what was worth including in the distribution. I'd take their word for whether it should be on my hard disk or not.
If the distribution packager wanted you to install everything, there would not be any options of what to install. It would always be an "everything" install.
Not true. There was a time when distributions included "everything" as one among several more specialized and limited choices. Now you only get the limited versions.
I have been guilty of an "everything" install in the past. It is much harder to remove things that you are not sure you need than it is to just install something you do need. If you are doing something that requires a new bit of fluff, you just need to "yum install fluff" and now you have it. I think you learn much more by knowing what and why you install something.
Look at the RedHat security report in the thread entitled:
"security report from RHEL's Mark Cox"
You will see a 20x increase (from 3 to 60) of non-browser "Critical" security issues if you move from a "Default Install" to full install.
Note: That is not moving from a minimal install (with many fewer issues) ... but the default install (with GUI, Gnome, etc.) to a full install.
That's not the way I read it. The 3 is for a default AS install. A default WS install is 53 with the bulk of the difference coming from the mozilla family that you absolutely would want to have on a desktop/development/general purpose box.
Not only are you GREATLY increasing your risk by doing a full install ... the riskiest items are the ones that you don't use (or even know what they do) that are enabled in their default setup conditions as part of the everything install. If you turn off items that you don't need that enable listening ports it will mitigate this issue somewhat.
It is not just a little bit of extra hard drive space ... it is a potential way to get your machine taken over and root kitted.
Agreed for single-purpose machines, and tolerable for machines where all users are allowed to become root and install things as needed. No one has posted a solution for a multiuser, general purpose box yet.
But then again, what do I know Linux or CentOS.
You have added yet another reason why it should be the experts familiar with all the packages that pick a complete general-purpose list instead of end users guessing at it. Checking all of the choices sort-of works but it's not clear that it gives the best selection.
-
Benjamin Karhan -
Jim Perrin -
Jim Wildman -
Johnny Hughes -
Les Mikesell -
Ralph Angenendt -
Scott Silva -
Stephen John Smoogen -
Steve Thompson