At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
David
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
At 01:03 PM 8/1/2020, you wrote:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
This is a good idea, if I knew how to "downgrade...". But in any event, I had decided to rebuild from scratch, which of course failed as soon as I did an yum update. So, I'm installing 7.8.2003 with no updates until I see the "all clear -- updates will no longer make your system unbootable" message from the Centos team.
In my many years of blindly updating my installations, starting from the free Redhat distributions, through Whitehat and onto Centos, this is the first disaster, and luckily, it didn't hit all my systems. Let's hope there aren't many more.
David
Don't forget that EL 7 (non-UEFI systems) & 8 support booting from LVM snapshot (a.k.a BOOM Boot Manager) , so revert is 2 steps away: - boot from the snapshot (grub menu) - revert from the lvm snapshot - reboot and wait for the revert to complete
Best Regards, Strahil Nikolov
На 1 август 2020 г. 23:58:27 GMT+03:00, david david@daku.org написа:
At 01:03 PM 8/1/2020, you wrote:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the
problem.
What are the conditions that permit the breakage? There is a
particular
configuration (hw/sw) case that match always the problem or it is
random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
This is a good idea, if I knew how to "downgrade...". But in any event, I had decided to rebuild from scratch, which of course failed as soon as I did an yum update. So, I'm installing 7.8.2003 with no updates until I see the "all clear -- updates will no longer make your system unbootable" message from the Centos team.
In my many years of blindly updating my installations, starting from the free Redhat distributions, through Whitehat and onto Centos, this is the first disaster, and luckily, it didn't hit all my systems. Let's hope there aren't many more.
David
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
On 8/2/20 2:04 AM, Alessandro Baggi wrote:
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
Ok .. We are running through some final testing now for CentOS Linux 8 and CentOS Stream .. updates later today for EL8.
For CentOS Linux 7 .. I just pushed the latest shim packages (we had to get these signed by Microsoft .. as do all distros that do shim. Microsoft is the official CA for secureboot.
So in the next few hours, after the mirrors sync up .. you should be able to fix any EL7 machines.
I'll post here again once we have pushed the EL8 and CentOS Stream updates.
At Sun, 2 Aug 2020 06:59:06 -0500 CentOS mailing list centos@centos.org wrote:
On 8/2/20 2:04 AM, Alessandro Baggi wrote:
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server).ÃÂ They both failed to reboot a few days ago.ÃÂ So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7.ÃÂ I can't tell what version got updated since the system simply fails to boot.ÃÂ I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
Ok .. We are running through some final testing now for CentOS Linux 8 and CentOS Stream .. updates later today for EL8.
For CentOS Linux 7 .. I just pushed the latest shim packages (we had to get these signed by Microsoft .. as do all distros that do shim. Microsoft is the official CA for secureboot.
So in the next few hours, after the mirrors sync up .. you should be able to fix any EL7 machines.
Question: is this only a problem for bare metal w/EFI or are VMs affected? I have a VPS running CentOS 7:
sharky4.deepsoft.com% uname -a Linux sharky4.deepsoft.com 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux sharky4.deepsoft.com% rpm -qa grub* shim* grub2-tools-extra-2.02-0.81.el7.centos.x86_64 grub2-pc-modules-2.02-0.81.el7.centos.noarch grub2-tools-minimal-2.02-0.81.el7.centos.x86_64 grub2-2.02-0.81.el7.centos.x86_64 grub2-tools-2.02-0.81.el7.centos.x86_64 grubby-8.28-26.el7.x86_64 grub2-common-2.02-0.81.el7.centos.noarch grub2-pc-2.02-0.81.el7.centos.x86_64 sharky4.deepsoft.com%
I have these (pending) updates:
sharky4.deepsoft.com% sudo /usr/bin/yum check-update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.es.its.nyu.edu * epel: mirror.math.princeton.edu * extras: mirror.facebook.net * updates: mirror.atlanticmetro.net
fail2ban.noarch 0.11.1-9.el7.2 epel fail2ban-firewalld.noarch 0.11.1-9.el7.2 epel fail2ban-sendmail.noarch 0.11.1-9.el7.2 epel fail2ban-server.noarch 0.11.1-9.el7.2 epel fail2ban-systemd.noarch 0.11.1-9.el7.2 epel grub2.x86_64 1:2.02-0.86.el7.centos updates grub2-common.noarch 1:2.02-0.86.el7.centos updates grub2-pc.x86_64 1:2.02-0.86.el7.centos updates grub2-pc-modules.noarch 1:2.02-0.86.el7.centos updates grub2-tools.x86_64 1:2.02-0.86.el7.centos updates grub2-tools-extra.x86_64 1:2.02-0.86.el7.centos updates grub2-tools-minimal.x86_64 1:2.02-0.86.el7.centos updates kernel.x86_64 3.10.0-1127.18.2.el7 updates kernel-headers.x86_64 3.10.0-1127.18.2.el7 updates kernel-tools.x86_64 3.10.0-1127.18.2.el7 updates kernel-tools-libs.x86_64 3.10.0-1127.18.2.el7 updates python-perf.x86_64 3.10.0-1127.18.2.el7 updates
Is it "safe" for me to to do a yum update or should I wait?
I'll post here again once we have pushed the EL8 and CentOS Stream updates.
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTn6goIPoKGmzXde4tMqQyCasFjswUCXyaqigAKCRBMqQyCasFj swMtAKCIljOaB6o0mxnvIUqA0pP2l16hUwCgnmSj3aPKOym7s58ismQ0mDKfwus= =S/HK -----END PGP SIGNATURE-----
MIME-Version: 1.0
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 8/2/20 7:06 AM, Robert Heller wrote:
At Sun, 2 Aug 2020 06:59:06 -0500 CentOS mailing list centos@centos.org wrote:
On 8/2/20 2:04 AM, Alessandro Baggi wrote:
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
Ok .. We are running through some final testing now for CentOS Linux 8 and CentOS Stream .. updates later today for EL8.
For CentOS Linux 7 .. I just pushed the latest shim packages (we had to get these signed by Microsoft .. as do all distros that do shim. Microsoft is the official CA for secureboot.
So in the next few hours, after the mirrors sync up .. you should be able to fix any EL7 machines.
Question: is this only a problem for bare metal w/EFI or are VMs affected? I have a VPS running CentOS 7:
sharky4.deepsoft.com% uname -a Linux sharky4.deepsoft.com 3.10.0-1127.13.1.el7.x86_64 #1 SMP Tue Jun 23 15:46:38 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux sharky4.deepsoft.com% rpm -qa grub* shim* grub2-tools-extra-2.02-0.81.el7.centos.x86_64 grub2-pc-modules-2.02-0.81.el7.centos.noarch grub2-tools-minimal-2.02-0.81.el7.centos.x86_64 grub2-2.02-0.81.el7.centos.x86_64 grub2-tools-2.02-0.81.el7.centos.x86_64 grubby-8.28-26.el7.x86_64 grub2-common-2.02-0.81.el7.centos.noarch grub2-pc-2.02-0.81.el7.centos.x86_64 sharky4.deepsoft.com%
I have these (pending) updates:
sharky4.deepsoft.com% sudo /usr/bin/yum check-update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
- base: mirror.es.its.nyu.edu
- epel: mirror.math.princeton.edu
- extras: mirror.facebook.net
- updates: mirror.atlanticmetro.net
fail2ban.noarch 0.11.1-9.el7.2 epel fail2ban-firewalld.noarch 0.11.1-9.el7.2 epel fail2ban-sendmail.noarch 0.11.1-9.el7.2 epel fail2ban-server.noarch 0.11.1-9.el7.2 epel fail2ban-systemd.noarch 0.11.1-9.el7.2 epel grub2.x86_64 1:2.02-0.86.el7.centos updates grub2-common.noarch 1:2.02-0.86.el7.centos updates grub2-pc.x86_64 1:2.02-0.86.el7.centos updates grub2-pc-modules.noarch 1:2.02-0.86.el7.centos updates grub2-tools.x86_64 1:2.02-0.86.el7.centos updates grub2-tools-extra.x86_64 1:2.02-0.86.el7.centos updates grub2-tools-minimal.x86_64 1:2.02-0.86.el7.centos updates kernel.x86_64 3.10.0-1127.18.2.el7 updates kernel-headers.x86_64 3.10.0-1127.18.2.el7 updates kernel-tools.x86_64 3.10.0-1127.18.2.el7 updates kernel-tools-libs.x86_64 3.10.0-1127.18.2.el7 updates python-perf.x86_64 3.10.0-1127.18.2.el7 updates
Is it "safe" for me to to do a yum update or should I wait?
This shim issue should only impact cold iron machines with secureboot enabled.
On 8/2/20 6:59 AM, Johnny Hughes wrote:
On 8/2/20 2:04 AM, Alessandro Baggi wrote:
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
Ok .. We are running through some final testing now for CentOS Linux 8 and CentOS Stream .. updates later today for EL8.
For CentOS Linux 7 .. I just pushed the latest shim packages (we had to get these signed by Microsoft .. as do all distros that do shim. Microsoft is the official CA for secureboot.
So in the next few hours, after the mirrors sync up .. you should be able to fix any EL7 machines.
I'll post here again once we have pushed the EL8 and CentOS Stream updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you should see an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
Am 02.08.2020 um 14:34 schrieb Johnny Hughes johnny@centos.org:
On 8/2/20 6:59 AM, Johnny Hughes wrote:
On 8/2/20 2:04 AM, Alessandro Baggi wrote:
Il 01/08/20 22:03, Greg Bailey ha scritto:
On 8/1/20 6:56 AM, david wrote:
At 02:54 AM 8/1/2020, Alessandro Baggi wrote:
Hi Johnny, thank you very much for clarification.
You said that in the centos infrastructure only one server got the problem. What are the conditions that permit the breakage? There is a particular configuration (hw/sw) case that match always the problem or it is random?
Thank you
I have two servers running Centos 7 on apple hardware (one mac-mini and one mac server). They both failed to reboot a few days ago. So perhaps whatever anti-boot bug hit Centos 8, also hit Centos 7. I can't tell what version got updated since the system simply fails to boot. I don't even get a grub screen. I'll have to rebuild the systems from scratch.
You should be able to boot off of installation media into rescue mode, and downgrade the grub2* and/or shim* RPMs.
-Greg
I did the downgrade on a fresh install of c8.2 but yum said that all selected packages (grub2,shim...) are already to the lowest version and the downgrade is not possibile, ending with "nothing to do".
Ok .. We are running through some final testing now for CentOS Linux 8 and CentOS Stream .. updates later today for EL8.
For CentOS Linux 7 .. I just pushed the latest shim packages (we had to get these signed by Microsoft .. as do all distros that do shim. Microsoft is the official CA for secureboot.
So in the next few hours, after the mirrors sync up .. you should be able to fix any EL7 machines.
I'll post here again once we have pushed the EL8 and CentOS Stream updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you should see an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
A previously afftected Aures nino POS-terminal boots just fine with CentOS 7 and shim 15.8.
Now I will test an affected machine (Aures Twist POS terminal) that runs CentOS 8 (well, usually runs CentOS 8, but not now, since it does not boot ... :=>
Thanks, Johnny Hughes
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Please report both positive and negative results.
A previously afftected Aures nino POS-terminal boots just fine with CentOS 7 and shim 15.8.
Now I will test an affected machine (Aures Twist POS terminal) that runs CentOS 8 (well, usually runs CentOS 8, but not now, since it does not boot ... :=>
The affected machine running CentOS 8 boots fine after upgrading to shim 15.15
Thanks for acting quickly, especially on a weekend.
On 8/2/20 8:10 AM, Marc Balmer via CentOS wrote:
Please report both positive and negative results.
A previously afftected Aures nino POS-terminal boots just fine with CentOS 7 and shim 15.8.
Now I will test an affected machine (Aures Twist POS terminal) that runs CentOS 8 (well, usually runs CentOS 8, but not now, since it does not boot ... :=>
The affected machine running CentOS 8 boots fine after upgrading to shim 15.15
Thanks for acting quickly, especially on a weekend.
Thanks for the reports .. it is not the first weekend spent on this issue .. not even the first in a row :)
The CentOS Stream update should be release in a few minutes unless we hit a snag in testing.
Thanks, Johnny Hughes
On 8/2/20 8:12 AM, Johnny Hughes wrote:
On 8/2/20 8:10 AM, Marc Balmer via CentOS wrote:
Please report both positive and negative results.
A previously afftected Aures nino POS-terminal boots just fine with CentOS 7 and shim 15.8.
Now I will test an affected machine (Aures Twist POS terminal) that runs CentOS 8 (well, usually runs CentOS 8, but not now, since it does not boot ... :=>
The affected machine running CentOS 8 boots fine after upgrading to shim 15.15
Thanks for acting quickly, especially on a weekend.
Thanks for the reports .. it is not the first weekend spent on this issue .. not even the first in a row :)
The CentOS Stream update should be release in a few minutes unless we hit a snag in testing.
OK .. CentOS Stream update is also now pushed. Same packages as CentOS Linux 8.
<snip>
I'll post here again once we have pushed the EL8 and CentOS Stream updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you should see an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot. The version of shim says 15-7, which I presume is the bad one.
What do I need to do? Obviously, a reboot will encounter the failure. Or, should I perform "yum update" periodically and wait for shim 15-8 to appear, and only after that do the reboot? Or is there some other remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided. You guys work wonders.
David
On 8/2/20 8:04 AM, david wrote:
<snip>
I'll post here again once we have pushed the EL8 and CentOS Stream
updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you should see an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot. The version of shim says 15-7, which I presume is the bad one.
What do I need to do? Obviously, a reboot will encounter the failure. Or, should I perform "yum update" periodically and wait for shim 15-8 to appear, and only after that do the reboot? Or is there some other remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided. You guys work wonders.
David
It would be best IF the kernel and shim get installed at the same time if possible .. so I would install the kernel again (since it is not running yet) with the new shim.
BTW .. it does not fail on every install .. so it might work w/o the new update. However, no need to chance it at this point. Wait until the new shim is there and install it and reinstall the kernel is my advise.
At 06:10 AM 8/2/2020, you wrote:
On 8/2/20 8:04 AM, david wrote:
<snip>
I'll post here again once we have pushed the EL8 and CentOS Stream
updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you should see an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot. The version of shim says 15-7, which I presume is the bad one.
What do I need to do? Obviously, a reboot will encounter the failure. Or, should I perform "yum update" periodically and wait for shim 15-8 to appear, and only after that do the reboot? Or is there some other remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided. You guys work wonders.
David
It would be best IF the kernel and shim get installed at the same time if possible .. so I would install the kernel again (since it is not running yet) with the new shim.
BTW .. it does not fail on every install .. so it might work w/o the new update. However, no need to chance it at this point. Wait until the new shim is there and install it and reinstall the kernel is my advise.
Here's what I get...
rpm -qa | grep shim shim-x64-15-7.el7_9.x86_64
yum update Loaded plugins: fastestmirror, langpacks, priorities Loading mirror speeds from cached hostfile * base: mirror.fileplanet.com * epel: mirror.prgmr.com * extras: mirror.shastacoe.net * remi-php73: mirror.sjc02.svwh.net * remi-safe: mirror.sjc02.svwh.net * updates: centos-distro.1gservers.com 373 packages excluded due to repository priority protections No packages marked for update
Should I just wait for 15-8 to appear?
David
On 8/2/20 8:30 AM, david wrote:
At 06:10 AM 8/2/2020, you wrote:
On 8/2/20 8:04 AM, david wrote:
<snip>
I'll post here again once we have pushed the EL8 and CentOS Stream
updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you
should see
an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot. The version of
shim
says 15-7, which I presume is the bad one.
What do I need to do? Obviously, a reboot will encounter the
failure.Â
Or, should I perform "yum update" periodically and wait for shim
15-8 to
appear, and only after that do the reboot? Or is there some other
remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided. You guys work wonders.
David
It would be best IF the kernel and shim get installed at the same time if possible .. so I would install the kernel again (since it is not running yet) with the new shim.
BTW .. it does not fail on every install .. so it might work w/o the new update. However, no need to chance it at this point. Wait until the new shim is there and install it and reinstall the kernel is my advise.
Here's what I get...
rpm -qa | grep shim shim-x64-15-7.el7_9.x86_64
yum update Loaded plugins: fastestmirror, langpacks, priorities Loading mirror speeds from cached hostfile * base: mirror.fileplanet.com * epel: mirror.prgmr.com * extras: mirror.shastacoe.net * remi-php73: mirror.sjc02.svwh.net * remi-safe: mirror.sjc02.svwh.net * updates: centos-distro.1gservers.com 373 packages excluded due to repository priority protections No packages marked for update
Should I just wait for 15-8 to appear?
David
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
At 06:37 AM 8/2/2020, Johnny Hughes wrote:
On 8/2/20 8:30 AM, david wrote:
At 06:10 AM 8/2/2020, you wrote:
On 8/2/20 8:04 AM, david wrote:
<snip>
I'll post here again once we have pushed the EL8 and CentOS Stream
updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you
should see
an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot.ÃÂ The version of
shim
says 15-7, which I presume is the bad one.
What do I need to do?ÃÂ Obviously, a reboot will encounter the
failure.Ã
Or, should I perform "yum update" periodically and wait for shim
15-8 to
appear, and only after that do the reboot?ÃÂ Or is there some other
remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided.ÃÂ You guys work wonders.
David
It would be best IF the kernel and shim get installed at the same time if possible .. so I would install the kernel again (since it is not running yet) with the new shim.
BTW .. it does not fail on every install .. so it might work w/o the new update. However, no need to chance it at this point. Wait until the new shim is there and install it and reinstall the kernel is my advise.
Here's what I get...
rpm -qa | grep shim shim-x64-15-7.el7_9.x86_64
yum update Loaded plugins: fastestmirror, langpacks, priorities Loading mirror speeds from cached hostfile  * base: mirror.fileplanet.com  * epel: mirror.prgmr.com  * extras: mirror.shastacoe.net  * remi-php73: mirror.sjc02.svwh.net  * remi-safe: mirror.sjc02.svwh.net  * updates: centos-distro.1gservers.com 373 packages excluded due to repository priority protections No packages marked for update
Should I just wait for 15-8 to appear?
David
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
I just did yum clean all yum update
and 15-8 showed up. Maybe the 'clean all' did it, or maybe just showed up.
I applied the update (yum update), rebooted and... no boot. Just a blank screen.
Hardware is a Mac-Mini :-(
This is not an essential machine, so I could re-install (from netinstall) if you think it's worth the effort.
Or what?
David
On 8/2/20 8:47 AM, david wrote:
At 06:37 AM 8/2/2020, Johnny Hughes wrote:
On 8/2/20 8:30 AM, david wrote:
At 06:10 AM 8/2/2020, you wrote:
On 8/2/20 8:04 AM, david wrote:
<snip>
> I'll post here again once we have pushed the EL8 and CentOS
Stream
updates.
OK .. I have also now pushed the CentOS Linux 8 update .. you
should see
an update to SHIM .. the new versions are:
PowerTools/x86_64/os/Packages/shim-unsigned-x64-15-8.el8.x86_64.rpm BaseOS/x86_64/os/Packages/shim-ia32-15-15.el8_2.x86_64.rpm BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
For CentOS Linux 7 .. the new files are:
x86_64/Packages/mokutil-15-8.el7.x86_64.rpm x86_64/Packages/shim-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-ia32-15-8.el7.x86_64.rpm x86_64/Packages/shim-unsigned-x64-15-8.el7.x86_64.rpm x86_64/Packages/shim-x64-15-8.el7.x86_64.rpm
You need only replace the files you currently have installed, not install every file.
Please report both positive and negative results.
Thanks, Johnny Hughes
I updated my Centos 7, and it's awaiting a reboot. The
version of
shim
says 15-7, which I presume is the bad one.
What do I need to do? Obviously, a reboot will encounter the
failure.Â
Or, should I perform "yum update" periodically and wait for shim
15-8 to
appear, and only after that do the reboot? Or is there some
other
remedy?
And by the way, I'm amazed at the speed with which this problem was addressed and a fix provided. You guys work wonders.
David
It would be best IF the kernel and shim get installed at the same time if possible .. so I would install the kernel again (since it is not running yet) with the new shim.
BTW .. it does not fail on every install .. so it might work w/o
the new
update. However, no need to chance it at this point. Wait until
the
new shim is there and install it and reinstall the kernel is my
advise.
Here's what I get...
rpm -qa | grep shim shim-x64-15-7.el7_9.x86_64
yum update Loaded plugins: fastestmirror, langpacks, priorities Loading mirror speeds from cached hostfile  * base: mirror.fileplanet.com  * epel: mirror.prgmr.com  * extras: mirror.shastacoe.net  * remi-php73: mirror.sjc02.svwh.net  * remi-safe: mirror.sjc02.svwh.net  * updates: centos-distro.1gservers.com 373 packages excluded due to repository priority protections No packages marked for update
Should I just wait for 15-8 to appear?
David
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
I just did yum clean all yum update
and 15-8 showed up. Maybe the 'clean all' did it, or maybe just showed up.
I applied the update (yum update), rebooted and... no boot. Just a blank screen.
Hardware is a Mac-Mini :-(
This is not an essential machine, so I could re-install (from netinstall) if you think it's worth the effort.
Or what?
David
You just need to reinstall the kernel and it should work.
<snip>
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
I just did yum clean all yum update
and 15-8 showed up. Maybe the 'clean all'
did it, or maybe just showed up.
I applied the update (yum update), rebooted and... no boot. Just a blank screen.
Hardware is a Mac-Mini :-(
This is not an essential machine, so I could re-install (from netinstall) if you think it's worth the effort.
Or what?
David
You just need to reinstall the kernel and it should work.
Sorry for being so ignorant, but I don't understand "just reinstall the kernel". I don't know how to translate that into a specific yum or rpm command.
However, since this is a crash-and-burn system, I'm going back to a virgin install with netinstall of 7 2003. I'll let you know what the results are.
David
On Sun, 2 Aug 2020 at 10:20, david david@daku.org wrote:
<snip>
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
I just did yum clean all yum update
and 15-8 showed up. Maybe the 'clean all'
did it, or maybe just showed up.
I applied the update (yum update), rebooted and... no boot. Just a blank screen.
Hardware is a Mac-Mini :-(
This is not an essential machine, so I could re-install (from netinstall) if you think it's worth the effort.
Or what?
David
You just need to reinstall the kernel and it should work.
Sorry for being so ignorant, but I don't understand "just reinstall the kernel". I don't know how to translate that into a specific yum or rpm command.
I agree it is a lot of shorthand because of expectations. In the end we (the list) don't know what you have on your system or what state it is in. In order to get that information to help we would need you to try the following:
1. boot using a working USB/cdrom/netboot path and installer 2. choose the rescue mode 3. have the rescue mount the disks as local and chroot into the system. << if possible have the system also bring up networking >>
Then yum list kernel shim grub2 mokutil
It would also help to know which kind of Mac Mini it is (year, model, firmware versions). Apple changes the internal hardware of these things and how they boot so if there it may be that a particular model is more affected than others.
However, since this is a crash-and-burn system, I'm going back to a virgin install with netinstall of 7 2003. I'll let you know what the results are.
David
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: Stephen John Smoogen smooge@gmail.com Reply-To: CentOS mailing list centos@centos.org To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] 8.2.2004 Latest yum update renders machine unbootable Date: Sun, 2 Aug 2020 10:57:49 -0400
On Sun, 2 Aug 2020 at 10:20, david david@daku.org wrote:
<snip>
I agree it is a lot of shorthand because of expectations. In the endwe (the list) don't know what you have on your system or what state itis in. In order to get that information to help we would need you totry the following: 1. boot using a working USB/cdrom/netboot path and installer2. choose the rescue mode3. have the rescue mount the disks as local and chroot into thesystem. << if possible have the system also bring up networking >> Thenyum list kernel shim grub2 mokutil John,
I have a CentOS 8.2.2004 system running on an EPYC-equipped SuperMicro motherboard. I assume it uses EFI boot. I have it set to auto-update with cron.daily, so it almost certainly has the buggy package(s) installed. I'm loath to try rebooting it just to see.
When I run "yum list kernel shim grub2 mokutil" all I get back are the three installed kernel packages. Reverting to the old fashioned "rpm -qa | grep kernel-4 ; rpm -qa | grep shim ; rpm -qa | grep grub2 ; rpm -qa | grep mokutil" I get:
kernel-4.18.0-147.8.1.el8_1.x86_64 kernel-4.18.0-193.14.2.el8_2.x86_64 kernel-4.18.0-193.6.3.el8_2.x86_64 grub2-tools-2.02-87.el8_2.x86_64 grub2-pc-2.02-87.el8_2.x86_64 grub2-pc-modules-2.02-87.el8_2.noarch grub2-common-2.02-87.el8_2.noarch grub2-tools-efi-2.02-87.el8_2.x86_64 grub2-tools-minimal-2.02-87.el8_2.x86_64 grub2-tools-extra-2.02-87.el8_2.x86_64
I apparently do not have either shim or mokutil packages installed. I'm not sure what this means. Am I not using EFI boot?
I have local copies of the earlier v2.02-81 grub2 packages. Would it be worthwhile to replace my v2.02-87 grub2 packages, then add this line to /etc/dnf/dnf.conf:
exclude=grub shim mokutil
as previously advised?
Or should I just leave well enough alone and wait for tonight's auto-update to fix things?
--Doc Savage Fairview Heights, IL
On Sun, 2 Aug 2020 at 18:13, Robert G (Doc) Savage via CentOS centos@centos.org wrote:
-----Original Message----- From: Stephen John Smoogen smooge@gmail.com Reply-To: CentOS mailing list centos@centos.org To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] 8.2.2004 Latest yum update renders machine unbootable Date: Sun, 2 Aug 2020 10:57:49 -0400
On Sun, 2 Aug 2020 at 10:20, david david@daku.org wrote:
<snip>
I agree it is a lot of shorthand because of expectations. In the endwe (the list) don't know what you have on your system or what state itis in. In order to get that information to help we would need you totry the following:
- boot using a working USB/cdrom/netboot path and installer2. choose the rescue mode3. have the rescue mount the disks as local and chroot into thesystem. << if possible have the system also bring up networking >>
Thenyum list kernel shim grub2 mokutil John,
I have a CentOS 8.2.2004 system running on an EPYC-equipped SuperMicro motherboard. I assume it uses EFI boot. I have it set to auto-update with cron.daily, so it almost certainly has the buggy package(s) installed. I'm loath to try rebooting it just to see.
The buggy package is the shim package. If you don't have it on your system then you should not be affected.
When I run "yum list kernel shim grub2 mokutil" all I get back are the three installed kernel packages. Reverting to the old fashioned "rpm -qa | grep kernel-4 ; rpm -qa | grep shim ; rpm -qa | grep grub2 ; rpm -qa | grep mokutil" I get:
kernel-4.18.0-147.8.1.el8_1.x86_64 kernel-4.18.0-193.14.2.el8_2.x86_64 kernel-4.18.0-193.6.3.el8_2.x86_64 grub2-tools-2.02-87.el8_2.x86_64 grub2-pc-2.02-87.el8_2.x86_64 grub2-pc-modules-2.02-87.el8_2.noarch grub2-common-2.02-87.el8_2.noarch grub2-tools-efi-2.02-87.el8_2.x86_64 grub2-tools-minimal-2.02-87.el8_2.x86_64 grub2-tools-extra-2.02-87.el8_2.x86_64
I apparently do not have either shim or mokutil packages installed. I'm not sure what this means. Am I not using EFI boot?
use the df command. If you are using EFI then it will report /boot/EFI as a partition. If it doesn't then I would assume you are using BIOS.
I have local copies of the earlier v2.02-81 grub2 packages. Would it be worthwhile to replace my v2.02-87 grub2 packages, then add this line to /etc/dnf/dnf.conf:
exclude=grub shim mokutil
as previously advised?
Since the problem is the shim package and you don't seem to have it.. I would say exclusion is not needed.
Or should I just leave well enough alone and wait for tonight's auto-update to fix things?
--Doc Savage Fairview Heights, IL
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
From: david Sent: Sunday, August 2, 2020 10:16 AM
Yes .. it should be on mirror.centos.org now .. you could change the repo where your updates come from. OR .. wait for that mirror to get updated.
I just did yum clean all yum update
and 15-8 showed up. Maybe the 'clean all'
did it, or maybe just showed up.
I applied the update (yum update), rebooted and... no boot. Just a blank screen.
Hardware is a Mac-Mini :-(
This is not an essential machine, so I could re-install (from netinstall) if you think it's worth the effort.
Or what?
David
You just need to reinstall the kernel and it should work.
Sorry for being so ignorant, but I don't understand "just reinstall the kernel". I don't know how to translate that into a specific yum or rpm command.
A quick google - https://ma.ttias.be/reinstall-the-linux-kernel-on-centos-or-rhel/
But I think this is easier:
yum install --downloadonly --downloaddir=~/ kernel - OR - wget your kernel version...
then
rpm -Uvh kernel-*.rpm --replacepkgs
On Sun, Aug 02, 2020 at 07:16:25AM -0700, david wrote:
<snip>
...
You just need to reinstall the kernel and it should work.
Sorry for being so ignorant, but I don't understand "just reinstall the kernel". I don't know how to translate that into a specific yum or rpm command.
However, since this is a crash-and-burn system, I'm going back to a virgin install with netinstall of 7 2003. I'll let you know what the results are.
Using dnf instead I would get my latest installed kernel version number:
$ dnf list installed kernel Installed Packages kernel.x86_64 3.10.0-1127.el7 @base kernel.x86_64 3.10.0-1127.8.2.el7 @updates kernel.x86_64 3.10.0-1127.10.1.el7 @updates kernel.x86_64 3.10.0-1127.13.1.el7 @updates kernel.x86_64 3.10.0-1127.18.2.el7 @updates
Then do:
$ sudo dnf reinstall kernel*3.10.0-1127.18.2*
HTH jon
You just need to reinstall the kernel and it should work.
Is it possible to bump the kernel version number to make sure the kernel gets re-installed on automated installs? Or would this break the compatibility with RHEL?
P.
On 8/2/20 7:51 PM, Pete Biggs wrote:
You just need to reinstall the kernel and it should work.
Is it possible to bump the kernel version number to make sure the kernel gets re-installed on automated installs? Or would this break the compatibility with RHEL?
Well .. It would break ENVR with RHEL, right?
RHEL is not bumping up their kernel version and they had the same issue.