Solar Designer | 21 Sep 08:39 2009

Owl updates and new ISOs

Hi,

There are fresh ISO images of Owl-current (for x86 and x86-64) available
on our FTP mirrors:

http://www.openwall.com/Owl/DOWNLOAD.shtml

Additionally, as an experiment, now there are direct download links to
these ISOs off of Owl homepage:

http://www.openwall.com/Owl/

(these point to some selected mirrors).

The ISOs were generated on September 17, and they contain the package
updates and build environment enhancements that we made lately:

http://www.openwall.com/Owl/CHANGES-current.shtml

Specifically, since the last set of ISOs announced in here, we've
updated Owl to new versions of m4, Linux-PAM, bison, ed, Postfix,
ELinks, GnuPG, and JtR.

Speaking of the build environment, we've introduced a new tri-state
setting into buildworld.conf to control whether the testsuites are to be
run during Owl build.  The default is to run most tests, other possible
settings are to run all of the tests (including extremely slow ones) or
to disable all tests.  This involved updates to lots of individual RPM
spec files, too.  The effect is that we're able to run more tests when
needed (including the slow tests that we don't dare to enable by
(Continue reading)

Radosław Michalski | 22 Sep 08:39 2009
Picon

RE: Owl updates and new ISOs

> As usual, feedback is welcome (on owl-users, please).
>
> Alexander

Hi,

That's good that recently new ISOs are published more often. The reason why
it's important from my point of view is that not all of my colleague are
familiar with Owl rebuild/reinstallation process (they don't get the point
simply). That's why when they download ISO image sometimes they don't do
nothing to have the system upgraded to the latest possible level. More
frequent updates of Owl ISO will make the gap smaller.

Greetings
Radek

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.

croco | 28 Sep 22:32 2009

contrib php & apache-php

Colleagues,

I'm trying to setup a machine based on the recent Owl-current, and I'm
facing a trouble with dependencies; namely, trying to install apache-php
and php-* from the contrib/ section of the ftp site, I get failed
dependencies such as 

        libreadline.so.4 is needed by apache-php-4.4.4-owl_add1

which seems to be obsolete, as there's libreadline.so.5 in the system.

Definitely I can rebuild everything from sources; however, may be someone
already has the appropriate packages?  Or may be there's a package with
older libs (they can coexist, afaik)?  If so, then please publish them, if
possible.  Anyway, I strongly believe that packages distributed via the 
site (even contributed) should at least install, or not to be distributed 
at all.

Thanks!
--
Croco

--

-- 
To unsubscribe, e-mail owl-users-unsubscribe <at> lists.openwall.com and reply
to the automated confirmation request that will be sent to you.

Solar Designer | 28 Sep 22:57 2009

Re: contrib php & apache-php

On Tue, Sep 29, 2009 at 12:32:05AM +0400, croco <at> openwall.com wrote:
> I'm trying to setup a machine based on the recent Owl-current, and I'm
> facing a trouble with dependencies; namely, trying to install apache-php
> and php-* from the contrib/ section of the ftp site, I get failed
> dependencies such as 
> 
>         libreadline.so.4 is needed by apache-php-4.4.4-owl_add1
> 
> which seems to be obsolete, as there's libreadline.so.5 in the system.

As you mentioned, you're trying to install these on Owl-current.  The
contrib packages are for 2.0-stable.  If you want to use them, then you
could consider, say, installing a 2.0-stable userland into an OpenVZ
container.  Frankly, these contribs are also outdated, which is highly
undesirable for things such as PHP.

> Definitely I can rebuild everything from sources; however, may be someone
> already has the appropriate packages?

You can try CentOS 4 packages.  I'd be curious to know if they install
and work on Owl-current.  We're not using mod_php ourselves (instead we
run PHP via our customized suEXEC wrapper when we need that, optionally
also with FastCGI), so we have not had the opportunity to test.  There
are proper links here:

http://openwall.info/wiki/Owl/packages

Unlike our contribs, CentOS 4 packages are actually maintained/updated.

> Or may be there's a package with older libs (they can coexist, afaik)?
(Continue reading)

croco | 29 Sep 12:26 2009

Re: contrib php & apache-php

On Tue, Sep 29, 2009 at 12:57:57AM +0400, Solar Designer wrote:
> 
> As you mentioned, you're trying to install these on Owl-current.  The
> contrib packages are for 2.0-stable.  If you want to use them, then you
> could consider, say, installing a 2.0-stable userland into an OpenVZ
> container.

Understood.  Then, may be the directory structure on the ftp should be
reworked somehow.  Currently the 'contrib' directory lies outside of the
dirs devoted to the branches such as 2.0-stable or 2.0-current or whatever
(actually, on the same level as they do) thus making an impression that
inside one could find packages good for any release.  Inside the 'contrib'
directory, there's only one directory, named just '2.0' (without any
-contrib, -current etc).  It is therefore a kind of 'odd knowledge' to
understand that the packages aren't good for the Owl installed from a
recent CD.

>  Frankly, these contribs are also outdated, which is highly
> undesirable for things such as PHP.

Agreed.  However, what is the, hmm, intended use for the present contents
of the 'contrib' directory?

> > Definitely I can rebuild everything from sources; however, may be someone
> > already has the appropriate packages?
> 
> You can try CentOS 4 packages.  I'd be curious to know if they install
> and work on Owl-current.  We're not using mod_php ourselves (instead we
> run PHP via our customized suEXEC wrapper when we need that, optionally
> also with FastCGI), so we have not had the opportunity to test.
(Continue reading)

croco | 29 Sep 15:58 2009

CentOS packages (was: Re: [owl-users] contrib...)

On Tue, Sep 29, 2009 at 12:57:57AM +0400, Solar Designer wrote:
> 
> You can try CentOS 4 packages.  I'd be curious to know if they install
> and work on Owl-current. 

JFYI, it seems to be impossible to install their httpd package in Owl.
Trying to meet the dependencies (downloading the appropriate RPMs, guessing
what's where etc) I ended up with the following command:

rpm -Uvh httpd-2.0.52-41.ent.4.centos4.i386.rpm
httpd-suexec-2.0.52-41.ent.4.centos4.i386.rpm db4-4.2.52-7.3.el4.i386.rpm
expat-1.95.7-4.i386.rpm apr-0.9.4-24.9.i386.rpm
apr-util-0.9.4-22.el4.i386.rpm libgssapi-0.8-1.i386.rpm
krb5-libs-1.3.4-62.el4.i386.rpm openldap-2.2.13-12.el4.i386.rpm
cyrus-sasl-2.1.19-14.i386.rpm cyrus-sasl-md5-2.1.19-14.i386.rpm

As such it says:

error: Failed dependencies:
        /etc/mime.types is needed by httpd-2.0.52-41.ent.4.centos4
        libdb-4.3.so is needed by (installed) db4-utils-4.3.29-owl5
        libdb-4.3.so is needed by (installed) pam-1.1.0-owl1
        libdb-4.3.so is needed by (installed) perl-5.8.8-owl5
        libdb-4.3.so is needed by (installed) postfix-2.4.13-owl1
        db4 = 4.3.29-owl5 is needed by (installed) db4-devel-4.3.29-owl5
        db4 = 4.3.29-owl5 is needed by (installed) db4-utils-4.3.29-owl5

If I replace -U with -i, it still complains about /etc/mime.types, which
I've got no idea where's packed (certainly it doesn't help just to place
mime.types in /etc, it needs to come from a package), and if I try -ivh
(Continue reading)

croco | 29 Sep 21:53 2009

can't create users under openvz container

Colleagues,

I've just run into another issue.  I'm using Owl from the recent -current
ISO both for the HN and for the VPS; the O.S. template have been created
following the instructions found on this list's archives (thanks Galaxy!),
here: http://www.openwall.com/lists/owl-users/2007/05/08/2
Unfortunately I'm using a kernel taken right from openvz.org, not the
Openwall one, because I couln't find the OpenVZ kernel at the Openwall ftp
site.

The VPS runs, procesess seem Okay, it pings and can be accessed by ssh,
but simple useradd command fails like this:

varan101!root:~# useradd -u 1000 crocodil
useradd: cannot lock shadow password file
varan101!root:~# 

Using strace I see the following:

open("/etc/tcb/crocodil/shadow.lock",
O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES
(Permission denied)

The kernel version is this:

Linux XXXXXXXXXXXXXXXXX 2.6.18-ovz028stab056.1 #1 Mon Aug 18 13:00:29 MSD
2008 i686 GNU/Linux

May be this is a known iissue?  What am I doing wrong?

(Continue reading)

Dmitry V. Levin | 29 Sep 22:01 2009

Re: can't create users under openvz container

On Tue, Sep 29, 2009 at 11:53:41PM +0400, croco <at> openwall.com wrote:
[...]
> Using strace I see the following:
> 
> open("/etc/tcb/crocodil/shadow.lock",
> O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES
> (Permission denied)

Looks like something odd happened with permissions, either with
/etc/tcb/crocodil or one of its parents.

/etc/tcb/crocodil should be owned by crocodil:auth and have access mode 02710.
/etc/tcb -- root:shadow and 0710.
/etc and / should have access mode a+x.

--

-- 
ldv
Solar Designer | 30 Sep 00:59 2009

Re: can't create users under openvz container

On Tue, Sep 29, 2009 at 11:53:41PM +0400, croco <at> openwall.com wrote:
> The VPS runs, procesess seem Okay, it pings and can be accessed by ssh,
> but simple useradd command fails like this:
> 
> varan101!root:~# useradd -u 1000 crocodil
> useradd: cannot lock shadow password file
> varan101!root:~# 
> 
> Using strace I see the following:
> 
> open("/etc/tcb/crocodil/shadow.lock",
> O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW, 0600) = -1 EACCES
> (Permission denied)

This is typically caused by improper permissions on "/" (the fs root
directory), which in turn may have been caused by "/" or "." missing
from your OpenVZ template.  "chmod 755 /" run from within the container
should fix this for the container.  Adding "." with mode 755 to the
template tarball should fix it for other containers created from the
template (as far as I recall).

> The kernel version is this:
> 
> Linux XXXXXXXXXXXXXXXXX 2.6.18-ovz028stab056.1 #1 Mon Aug 18 13:00:29 MSD
> 2008 i686 GNU/Linux

This is unrelated to the problem at hand, but the above is an outdated
kernel version.  I understand that you picked a pre-built OpenVZ kernel,
but they have newer versions pre-built as well - in fact, they do it for
each new version they release on the "rhel5" branch.  The current stable
(Continue reading)

Solar Designer | 30 Sep 01:49 2009

Re: contrib php & apache-php

On Tue, Sep 29, 2009 at 02:26:23PM +0400, croco <at> openwall.com wrote:
> Understood.  Then, may be the directory structure on the ftp should be
> reworked somehow.  Currently the 'contrib' directory lies outside of the
> dirs devoted to the branches such as 2.0-stable or 2.0-current or whatever
> (actually, on the same level as they do) thus making an impression that
> inside one could find packages good for any release.  Inside the 'contrib'
> directory, there's only one directory, named just '2.0' (without any
> -contrib, -current etc).  It is therefore a kind of 'odd knowledge' to
> understand that the packages aren't good for the Owl installed from a
> recent CD.

The "2.0" directory name was meant to suggest that the packages were for
2.0-release and/or 2.0-stable.  There's no "2.0-current", you imagined
this name. ;-)  There's just current (the directory name) or Owl-current
(the name we sometimes use, such as in ISO filenames on the development
aka current branch), which is newer than 2.0 and no longer fully
package-compatible with 2.0, but not yet 2.1.

The alternative would be to place the contrib directory under
2.0-release and symlink it from under 2.0-stable, or vice versa.  Maybe
that would have been cleaner, maybe not.  Opinions are welcome.

Based on your feedback and the confusion you've identified (thanks!),
I've just created a README file under /pub/Owl/contrib/2.0.

> > Frankly, these contribs are also outdated, which is highly
> > undesirable for things such as PHP.
> 
> Agreed.  However, what is the, hmm, intended use for the present contents
> of the 'contrib' directory?
(Continue reading)


Gmane