[redhat-lspp] LSPP kickstart config v0.16 released

James W. Hoeft Jim at MagitekLtd.com
Thu Jan 4 07:24:18 UTC 2007 

Has anyone loaded this (or previous version) using 6 CD set of rhel5b2 
client (kernel 2747, downloaded mid-December)? I can't login when I've 
tried it - screen flashes and returns to the login prompt. (all cd's 
passed media test and I did not encounter any issues using them for 
"default" install).

Here's a detailed description of what I've done, so hopefully I've just 
missed/messed up a step that someone might be able to point out to me 
(this is for kickstart and lspp/new kernel rpm's located on a local 
network server, although the machine has a cd and dvd drive, so I tried 
it with files on a cd in second drive with the same results):

Target machine is an HP Pavilion 734n.

boot from cd1, at prompt: "linux ip=192.168.137.69 netmask=255.255.255.0 
gateway=192.168.137.1 dns=206.13.28.12 
ks=http://192.168.137.50/lsppks/ks-i386-WS.cfg" (for cd, "linux 
cdrom:ks-i386-WS.cfg")

Select CDROM (for installation method)
For ks script prompts, accept cdrom and hda defaults, set hostname to 
lspprhel5b2, accept defaults for network interface, ip, netmask, 
gateway, nameserver, and partition edit. 'y' to proceed and it goes on 
it's merry way.

Using the script unmodified, the "key --skip" uncommented, an error 
prompt is displayed for each of the "-devel" packages (i.e., 
selinux-policy-devel, audit-libs-devel, expect-devel, zlib-devel, etc.) 
and a few others (i.e., autoconf, bison, ...), with the option to abort 
the install or continue. If continue is selected for each one, the 
install proceeds, less those packages (total of 360). However, if "key 
--skip" is commented out", and the key is entered, the error prompts do 
not appear and the package count is 398.

In the postinstall, I keep missing the beginning statuses as they scroll 
off the screen, but there is an error that "/usr/share/rhn/RPM-GPG-KEY 
import failed" (the file does not exist) and it prompts for the location 
of the lspp package (which is either "http://192.168.137.50/lsppks" or ! 
to enter the shell, mount the cd and specify the directory). There is a 
warning that there isn't a valid signature; install anyway. Package is 
installed and setfiles is run - with "matchpathcon_filespec_add: 
conflicting specifications for /usr/libexec/postfix/lmtp  and 
/usr/libexec/postfix/smtp, using 
system_U:object_r:postfix_smtp_exec_t:s0" and some other status messages 
that look reasonable, then it prompts for the new root password and 
admin account/password.

The install finishes, system reboots, setfiles is run again - there are 
a few "permission denied" statuses on the init sequence, but they scroll 
by too fast to read before the screen refreshes - and a command line 
login prompt appears (they do not appear on subsequent reboots, although 
"operation not permitted reading kernel-cap.bound" does re-occur).

I can boot into single user mode and verify the lspp package is loaded 
(but the new kernel isn't). I can mount the cd drive, but can't read any 
of the files on it (permission denied), even though the mount point and 
the files are all world readable. (ls -Z shows s0 for level of mount 
point - "permission denied" beyond that)

If you've read this far, I certainly appreciate the effort - although 
I'd appreciate it even more if you can point out what I'm screwing up...

Thanks,
Jim

Klaus Weidner wrote:
> Hello,
> 
> an update to go with snapshot 5, which appears to work with no issues so
> far (knock on wood) :-) :-) :-)
> 
> Changes:
> 
>     Remove requirements for packages that are current in snapshot5
>     (pam, selinux-policy)
> 
>     activate MLS sshd on port 2222 via xinetd
> 
>     Activate MLS level selection for local console login
> 
>     Add 'retry' option when post-install rpm upgrade fails
>     (Thanks to Klaus Kiwi for the patch)
> 
> This works for me without updates.img, and installs a correct grub config
> (yay!). According to the README I think the bug the updates.img fixes
> isn't applicable to this ks script.
> 
> I added the following updated packages for i386, but it should also work
> to update those later:
> 
>  http://people.redhat.com/sgrubb/files/lspp/kernel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
>  http://people.redhat.com/sgrubb/files/lspp/kernel-devel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
> 
> Since these appeare older than the snapshot5 kernel, you need to install
> them with:
> 
>  rpm -Uvh --oldpackage kernel-*
>  rm kernel-*
> 
> If you want ssh-via-xinetd on port 2222 to work, you'll need the patch
> from this bug, and recompile openssh:
> 
>  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220487
> 
> 	rpm -i ~kw/openssh-4.3p2-14.el5.src.rpm
> 	cd /usr/src/redhat
> 	rpmbuild -bc --nodeps SPECS/openssh.spec
> 	cd BUILD/openssh-*
> 	patch -p2 < ~kw/openssh-xinetd-MLS.diff 
> 	make sshd
> 	mv /usr/sbin/sshd /usr/sbin/sshd.old
> 	cp sshd /usr/sbin/sshd
> 	restorecon /usr/sbin/sshd
> 
> Known issues:
> 
> - if you upgrade PAM packages on biarch systems (not needed this time),
>   always update both the 32bit and 64bit PAM packages together
> 
> RPM download:
> 
>    http://klaus.vh.swiftco.net/lspp/SRPMS/
>    http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
> 
> Git repository:
> 
>    http://klaus.vh.swiftco.net/lspp/git/
> 
> -Klaus
> 
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
> 
> 
>

More information about the redhat-lspp mailing list