https://bugzilla.redhat.com/show_bug.cgi?id=1901486
Bug ID: 1901486
Summary: Release notes should mention fixes for older systems
impacted by security tightening in F33
Product: Fedora Documentation
Version: devel
Status: NEW
Component: release-notes
Assignee: pbokoc(a)redhat.com
Reporter: russ+bugzilla-redhat(a)gloomytrousers.co.uk
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: relnotes(a)fedoraproject.org, wb8rcr(a)arrl.net,
zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Description of problem:
On booting my system after upgrade from F31 to F33, neither httpd nor dovecot
would start. This system is quite an old one that's been upgraded through many
versions of Fedora. This appears to be a result of "Strong Crypto Settings -
Phase 2" mentioned on
https://docs.fedoraproject.org/en-US/fedora/f33/release-notes/sysadmin/Secu…
The relevant errors were:
* Apache (/var/log/httpd/error_log):
[Mon Nov 23 11:44:11.517501 2020] [ssl:emerg] [pid 13680:tid 13680] AH02562:
Failed to configure certificate gigalith.gloomytrousers.co.uk:443:0 (with
chain), check /etc/pki/tls/certs/localhost.crt
[Mon Nov 23 11:44:11.517525 2020] [ssl:emerg] [pid 13680:tid 13680] SSL Library
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
This cert was 1024 bit, first generated in 2010. The fix was to remove
/etc/pki/tls/certs/localhost.crt and /etc/pki/tls/private/localhost.key then
run /usr/libexec/httpd-ssl-gencerts.
* Dovecot (journal):
Nov 23 12:35:27 gigalith.gloomytrousers.co.uk dovecot[31160]: config: Warning:
please set ssl_dh=</etc/dovecot/dh.pem
Nov 23 12:35:27 gigalith.gloomytrousers.co.uk dovecot[31160]: config: Warning:
You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1
skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
/etc/dovecot/dh.pem was present, dating from from 2013. The recommended fix did
NOT work (I recall having run this in the past) - it just generated an
identical file. The actual fix (stumbled across in bug 1882939) was to
regenerate the DH params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
(this took 32 mins on my machine!)
I suspect Exim might also have similar problems for some people, although I
didn't have a problem (my cert was 2048 bit from 2010, although I think I
generated this in a non-default way at the time). The fix in this case would be
to remove /etc/pki/tls/certs/exim.pem and /etc/pki/tls/private/exim.pem then
run /usr/libexec/exim-gen-cert.
I suggest these workarounds which might be required for older systems be
documented on
https://docs.fedoraproject.org/en-US/fedora/f33/release-notes/sysadmin/Secu…
- along with anything else that might suffer from similar issues.
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1951400
Bug ID: 1951400
Summary: feature request: dnf-system-upgrade website
instructions for upgrade from previous to beta then to
final release
Product: Fedora Documentation
Version: devel
OS: Linux
Status: NEW
Component: install-guide
Severity: low
Assignee: pbokoc(a)redhat.com
Reporter: william.garber(a)att.net
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: pbokoc(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Description of problem:
feature request
https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/
would like to see edit to above web page of yours:
instructions for how to upgrade
first from fedora 33 to 34 beta
next from fedora 34 beta to 34.
Additional info:
the instructions were found on the below website
and are copied below:
https://fedoramagazine.org/announcing-fedora-34-beta/
the name is simply 34.
And, it’s enough that you upgrade your system just once.
F34 Beta will evolve into F34 on (?)April 27–
all you should do is a regular update of packages
while no rebasing of the system is necessary.
sudo dnf upgrade –refresh
sudo dnf install dnf-plugin-system-upgrade
sudo dnf system-upgrade download –refresh –releasever=34
sudo dnf system-upgrade reboot
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1956227
Bug ID: 1956227
Summary: DNF System Upgrade page links to non-existent
component=dnf-plugin-system-upgrade
Product: Fedora Documentation
Version: devel
OS: Linux
Status: NEW
Component: install-guide
Severity: high
Assignee: pbokoc(a)redhat.com
Reporter: info(a)skierpage.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: pbokoc(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
(there's no Fedora Documentation component for Upgrading to a new release, or
Quick Docs)
Description of problem:
I followed https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/,
it went smoothly, well done!
But under "Frequently Asked Questions - How do I report issues with the
upgrade?", the step
Search Bugzilla for an existing bug report.
is a link to
https://bugzilla.redhat.com/buglist.cgi?component=dnf-plugin-system-upgrade…
The bug list currently has one open bug 1767781 for the component
dnf-plugin-system-upgrade, but this doesn't seem to be a valid component any
more; it's not in the pop-up list when you enter a new bug. I'm not sure what
the correct component is for dnf system-upgrade bugs: some bugs are filed
against dnf, and others against dnf-plugins-extras.
Version-Release number of selected component (if applicable):
Not applicable.
How reproducible:
Every time.
Steps to Reproduce:
1. Read https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/
2. Follow the link in "Search _Bugzilla for an existing bug report_."3
3. Try to file a bug.
Actual results:
Only one open bug for dnf-plugin-system-upgrade, and you can't choose this
Fedora component to enter a new bug.
Expected results:
Link should show a list of bugs with current system-update.
Additional info:
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1952656
Bug ID: 1952656
Summary: F33+ "DNF System Upgrade" needs changes.
Product: Fedora Documentation
Version: devel
Hardware: x86_64
OS: Linux
Status: NEW
Component: install-guide
Severity: medium
Assignee: pbokoc(a)redhat.com
Reporter: mattison.computer(a)yahoo.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: pbokoc(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Description of problem:
The F33 (and newer) "DNF System Upgrade" instructions document has a couple of
minor issues, and one more serious problem.
Version-Release number of selected component (if applicable):
Fedora-33, and probably newer.
How reproducible:
not applicable.
Steps to Reproduce:
1. not applicable.
2. not applicable.
3. not applicable.
Actual results:
not applicable.
Expected results:
not applicable.
Additional info:
I. The "Clean-Up Old Packages" Section (2 minor issues).
In the "Clean-Up Old Packages" section, the instructions first say to do "sudo
dnf repoquery --unsatisfied", and then to do "sudo dnf repoquery --duplicates".
After that, there is a "NOTE" box saying to first do "sudo dnf update". After
the "NOTE" box, the instructions say to do "sudo dnf list extras", and so on.
A. Assuming that the "NOTE" box is saying to do the "sudo dnf update" before
doing the "sudo dnf repoquery --unsatisfied" and the "sudo dnf repoquery
--duplicates", the box should be moved to between
* the "Clean-Up Old Packages" section title, and
* the instruction to do "sudo dnf repoquery --unsatisfied".
So it should be:
1. The section title "Clean_Up Old Packages";
2. The "NOTE" box for sudo dnf update";
3. instruction to run "sudo dnf repoquery --unsatisfied";
4. instruction to run "sudo dnf repoquery --duplicates"; and
5. instructions to run "sudo dnf list extras", and so on.
B. According to the dnf man page, the "update" command is deprecated. It is now
"upgrade". So the dnf command in the "NOTE" box discussed above should be
"sudo dnf upgrade", not "sudo dnf update".
II. The "Clean-Up Old Symlinks" Section (more serious problem).
In the Fedora users list, in the thread "invisible application after upgrade",
one member said that the "sudo symlinks -r -d /usr"
step isn't necessarily a good idea. He provided an example. There was a
little more discussion in the Fedora users list thread "dangling symlinks and
upgrades (was "invisible application after upgrade").". This section needs to
be either redone or deleted. I do not have the expertise to be more specific.
I am a home user with no training as a sys.admin. I have a stand-alone home
work station. I do my own systems administration. So I rely on the Fedora
"DNF System Upgrade" document to guide me through semi-annual upgrades. I ask
that this section be researched and either improved or deleted as appropriate.
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1957968
Bug ID: 1957968
Summary: WIFI connection with WPS-PBC not working
Product: Fedora Documentation
Version: devel
Hardware: x86_64
OS: Linux
Status: NEW
Component: wireless-guide
Assignee: pbokoc(a)redhat.com
Reporter: hk(a)hsyn.de
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: sradvan(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Description of problem:
WiFi Connection can't be established with the Fedora 34 via WPS-PBC.
Version-Release number of selected component (if applicable):
OS: Fedora 34 live USB stick.
Rooter: Fritz!Box 7590 v7.27
Notebook: ThinkPad w520
How reproducible:
Start Fedora 34 from USB stick. Try to connect to a WPA&WPA2 Secured WiFi.
Steps to Reproduce:
1.
2.
3.
Actual results:
Connection can't established.
Expected results:
Authentication without manual key enter
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1893428
Bug ID: 1893428
Summary: netinstall image requirement for using kickstart could
be made clearer
Product: Fedora Documentation
Version: devel
Status: NEW
Component: install-guide
Severity: low
Assignee: pbokoc(a)redhat.com
Reporter: glaebhoerl(a)gmail.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: pbokoc(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Based on the
https://docs.fedoraproject.org/en-US/fedora/f33/install-guide/advanced/Kick…
page, I attempted to add an inst.ks= boot option to my Fedora Workstation
installation image (after copying its contents to a FAT32 filesystem). This
resulted, when beginning the installation, in the message:
"Kickstart is not supported on live installs. This installation will continue
interactively."
Googling for this message found single-digit hits, almost all of which were for
the several-years-old commit which originally added the message.
It was very unclear to me what I should have been doing instead, and spent most
of a day fruitlessly googling to try to find out. Every page only ever said
that I needed to add a boot option to the kernel command line of the installer
(which is what I believed myself to be doing), and went from there. The root of
the issue is that it was not apparent to me what the alternative to a "live
install" was, or how to activate it. (Maybe I needed to pass different boot
options so that it would boot directly into the installer?? I spent a while
trying different ways to achieve this.)
"Kickstart is not supported on live installs" may have been sufficient
information back in the day when live and non-live installation images were
provided side by side, but these days, at least for the Workstation version,
live is the only download option prominently visible, and it is not even called
out as being such.
Finally, after trying the twentieth combination of search terms, I found that
the page
https://docs.fedoraproject.org/en-US/fedora/f33/install-guide/install/Prepa…
mentions that "Kickstart installation requires the netinstall media type, or a
direct installation booting method such as PXE; kickstarts are not supported
with live images". I admit that if I had read all of the instructions linearly
from beginning to end, then I would probably not have had this problem.
Nonetheless, I humbly suggest that if the "Automating the Installation with
Kickstart" page also made some mention of this requirement, it would be a
helpful thing. In addition, it might be helpful to extend the "kickstart is not
supported on live installs" error message with some mention of the suggested
alternatives as well.
Thank you for your work and attention.
--
You are receiving this mail because:
You are the QA Contact for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1176580
gm11 <bpxhq(a)s.gnet.hu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bpxhq(a)s.gnet.hu
--- Comment #4 from gm11 <bpxhq(a)s.gnet.hu> ---
what is the option to rescue mode?
--
You are receiving this mail because:
You are the QA Contact for the bug.