[redhat-lspp] LSPP kickstart config v0.16 released
James W. Hoeft
Jim at MagitekLtd.com
Thu Jan 4 07:24:18 UTC 2007
Has anyone loaded this (or previous version) using 6 CD set of rhel5b2
client (kernel 2747, downloaded mid-December)? I can't login when I've
tried it - screen flashes and returns to the login prompt. (all cd's
passed media test and I did not encounter any issues using them for
"default" install).
Here's a detailed description of what I've done, so hopefully I've just
missed/messed up a step that someone might be able to point out to me
(this is for kickstart and lspp/new kernel rpm's located on a local
network server, although the machine has a cd and dvd drive, so I tried
it with files on a cd in second drive with the same results):
Target machine is an HP Pavilion 734n.
boot from cd1, at prompt: "linux ip=192.168.137.69 netmask=255.255.255.0
gateway=192.168.137.1 dns=206.13.28.12
ks=http://192.168.137.50/lsppks/ks-i386-WS.cfg" (for cd, "linux
cdrom:ks-i386-WS.cfg")
Select CDROM (for installation method)
For ks script prompts, accept cdrom and hda defaults, set hostname to
lspprhel5b2, accept defaults for network interface, ip, netmask,
gateway, nameserver, and partition edit. 'y' to proceed and it goes on
it's merry way.
Using the script unmodified, the "key --skip" uncommented, an error
prompt is displayed for each of the "-devel" packages (i.e.,
selinux-policy-devel, audit-libs-devel, expect-devel, zlib-devel, etc.)
and a few others (i.e., autoconf, bison, ...), with the option to abort
the install or continue. If continue is selected for each one, the
install proceeds, less those packages (total of 360). However, if "key
--skip" is commented out", and the key is entered, the error prompts do
not appear and the package count is 398.
In the postinstall, I keep missing the beginning statuses as they scroll
off the screen, but there is an error that "/usr/share/rhn/RPM-GPG-KEY
import failed" (the file does not exist) and it prompts for the location
of the lspp package (which is either "http://192.168.137.50/lsppks" or !
to enter the shell, mount the cd and specify the directory). There is a
warning that there isn't a valid signature; install anyway. Package is
installed and setfiles is run - with "matchpathcon_filespec_add:
conflicting specifications for /usr/libexec/postfix/lmtp and
/usr/libexec/postfix/smtp, using
system_U:object_r:postfix_smtp_exec_t:s0" and some other status messages
that look reasonable, then it prompts for the new root password and
admin account/password.
The install finishes, system reboots, setfiles is run again - there are
a few "permission denied" statuses on the init sequence, but they scroll
by too fast to read before the screen refreshes - and a command line
login prompt appears (they do not appear on subsequent reboots, although
"operation not permitted reading kernel-cap.bound" does re-occur).
I can boot into single user mode and verify the lspp package is loaded
(but the new kernel isn't). I can mount the cd drive, but can't read any
of the files on it (permission denied), even though the mount point and
the files are all world readable. (ls -Z shows s0 for level of mount
point - "permission denied" beyond that)
If you've read this far, I certainly appreciate the effort - although
I'd appreciate it even more if you can point out what I'm screwing up...
Thanks,
Jim
Klaus Weidner wrote:
> Hello,
>
> an update to go with snapshot 5, which appears to work with no issues so
> far (knock on wood) :-) :-) :-)
>
> Changes:
>
> Remove requirements for packages that are current in snapshot5
> (pam, selinux-policy)
>
> activate MLS sshd on port 2222 via xinetd
>
> Activate MLS level selection for local console login
>
> Add 'retry' option when post-install rpm upgrade fails
> (Thanks to Klaus Kiwi for the patch)
>
> This works for me without updates.img, and installs a correct grub config
> (yay!). According to the README I think the bug the updates.img fixes
> isn't applicable to this ks script.
>
> I added the following updated packages for i386, but it should also work
> to update those later:
>
> http://people.redhat.com/sgrubb/files/lspp/kernel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
> http://people.redhat.com/sgrubb/files/lspp/kernel-devel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
>
> Since these appeare older than the snapshot5 kernel, you need to install
> them with:
>
> rpm -Uvh --oldpackage kernel-*
> rm kernel-*
>
> If you want ssh-via-xinetd on port 2222 to work, you'll need the patch
> from this bug, and recompile openssh:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220487
>
> rpm -i ~kw/openssh-4.3p2-14.el5.src.rpm
> cd /usr/src/redhat
> rpmbuild -bc --nodeps SPECS/openssh.spec
> cd BUILD/openssh-*
> patch -p2 < ~kw/openssh-xinetd-MLS.diff
> make sshd
> mv /usr/sbin/sshd /usr/sbin/sshd.old
> cp sshd /usr/sbin/sshd
> restorecon /usr/sbin/sshd
>
> Known issues:
>
> - if you upgrade PAM packages on biarch systems (not needed this time),
> always update both the 32bit and 64bit PAM packages together
>
> RPM download:
>
> http://klaus.vh.swiftco.net/lspp/SRPMS/
> http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
>
> Git repository:
>
> http://klaus.vh.swiftco.net/lspp/git/
>
> -Klaus
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>
>
>
More information about the redhat-lspp
mailing list