Fedora 25 dnf poops on glibc
by Bill Shirley
On 2017-06-20 I did a 'dnf update' on my server. The update threw some errors and
when I did a 'reboot' with the new kernel (vmlinuz-4.11.5-200.fc25.x86_64) it failed without
giving me a command prompt. So, I booted my previous kernel (4.10.17-200.fc25.x86_64).
I got a login prompt and logged in. Most commands crashed and sent be back to the
login prompt. I was able to look in /var/log/messages and find:
Jun 20 09:16:10 yoda kernel: traps: cpp[2655] trap invalid opcode ip:7f08a64762a4 sp:7ffd14da8df0 error:0
Jun 20 09:16:10 yoda kernel: in libc-2.24.so[7f08a6443000+1bd000]
and:
Jun 20 09:16:28 yoda kernel: traps: groupadd[2707] trap invalid opcode ip:7fe7cf40b2a4 sp:7ffdca8072f0 error:0
Jun 20 09:16:28 yoda kernel: in libc-2.24.so[7fe7cf3d8000+1bd000]
lots of the above errors. I couldn't even start the network.
Here is what I did to fix it:
# USB stick is Fedora 25 Server install
#
# unplug 2nd drive of mirror then boot usb stick
# at first install screen, get to console command prompt:
# (alt is the LEFT alt key)
ctrl+alt+F2 <-- might be F3, don't remember
# assemble raid with only one disk, this is /
mdadm -A -R /dev/md2 /dev/sda2
mkdir /mnt/ROOT
mount /dev/md2 /mnt/ROOT
# symlink to repros directory
ln -s /mnt/ROOT/etc/yum.repos.d /etc/yum.repos.d
dnf --config=/mnt/ROOT/etc/dnf/dnf.conf --installroot=/mnt/ROOT reinstall glibc\* cpp\*
#reboot without usb stick
#if above reboot works, reboot with both raid drives and sync them:
mdadm /dev/md2 --re-add /dev/sdb2
If you don't have RAID, skip those parts. You'll need to know which partition is your /
I don't have a /boot partition so there was no need to mount that.
I broke the raid mirror so that if this didn't work, I would have a known place to go
back to and try something else.
All is well now. I'm just putting this out there in hope that it will help someone.
Bill
PS. Note that the newest kernel (vmlinuz-4.11.5-200.fc25.x86_64) still does not boot
to a login or command prompt.
6 years, 10 months
Firefox launches at max constantly
by Lawrence E Graves
Is there anyone experiencing this problem. I am running Fedora 26 Beta
and every time I launch firefox, it launches full screen. Is there a way
to stop this or is this a new feature I have to live with. Please advise.
--
All things are workable but don't all things work.
Prov. 3:5 & 6
6 years, 10 months
remote ssh awk!
by bruce
Hey...
Curious as to how to get the following to work remotely over SSH. The
cmd is used to remove redundant lines, while maintaining order in the
output file.
The following works if I insert it in the remote term.
cat /dog/aaa.dat | awk '!a[$0]++' > /dog/aaa.dat_tmp
However I'm unable to get the cmd to work via SSH from the local to
the remote. I've tried the following...
ssh crawl_user(a)67.205.11.111 cat /dog/aaa.dat | awk '!a[$0]++' >
/dog/aaa.dat_tmp
ssh crawl_user(a)67.205.11.111 ' cat /dog/aaa.dat | awk '!a[$0]++' >
/dog/aaa.dat_tmp '
ssh crawl_user(a)67.205.11.111 " cat /dog/aaa.dat | awk '!a[$0]++' >
/dog/aaa.dat_tmp "
ssh crawl_user(a)67.205.11.111 ' cat /dog/aaa.dat | awk '\!a[$0]++' >
/dog/aaa.dat_tmp '
ssh crawl_user(a)67.205.11.111 " cat /dog/aaa.dat | awk '\!a[$0]++' >
/dog/aaa.dat_tmp "
ssh crawl_user(a)67.205.11.111 ' cat /dog/aaa.dat | awk '"\!"a[$0]++' >
/dog/aaa.dat_tmp '
ssh crawl_user(a)67.205.11.111 " cat /dog/aaa.dat | awk '"\!"a[$0]++' >
/dog/aaa.dat_tmp "
In some cases, the cmd returns -- bash: !a[$0]++: event not found
In the case
ssh crawl_user(a)67.205.11.111 " cat /dog/aaa.dat | awk '\!a[$0]++' >
/dog/aaa.dat_tmp "
the return is:
awk: \!a[bash]++
awk: ^ backslash not last character on line
The escapsed cmds seem to work, but in reality, only generates the 1st
line in the file!
ssh crawl_user(a)67.205.11.111 " cat /dog/aaa.dat | awk '"\!"a[$0]++'
> /dog/aaa.dat_tmp "
Thoughts/comments???
Thanks
6 years, 10 months
gtk warning
by François Patte
Bonjour,
Every time I launch evince, I get this gtk warning:
(evince:3823): Gtk-WARNING **: Allocating size to EvSidebar
0x562ac0fa7520 without calling gtk_widget_get_preferred_width/height().
How does the code know the size to allocate?
and for emacs, this one:
(emacs:4011): Gtk-WARNING **: gtk_window_parse_geometry() called on a
window with no visible children; the window should be set up before
gtk_window_parse_geometry() is called.
What do they mean and how to get rid of them?
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patt
6 years, 10 months
Fw: Stack clash and Fedora, new kernel vulnerability, from kernel
list
by stan
I haven't seen anyone else post about this, so this message is
forwarded from the kernel list, about a new kernel vulnerability. The
vulnerability is severe as it leads to root authority, but so far only
local logins have been demonstrated to have the ability to exploit it.
So, for most Fedora users, it means they aren't at risk. I'm running
the kernel with the fix, and it is working fine so far. The link
explains the risk, it has to do with the interaction between user
stacks and kernel stacks, and one gaining access to the other with bad
things happening thereafter.
Begin forwarded message:
Date: Mon, 19 Jun 2017 16:30:28 -0700
From: Laura Abbott <labbott(a)redhat.com>
To: Kernel Fedora <kernel(a)lists.fedoraproject.org>
Subject: Stack clash and Fedora
Hi,
If you haven't seen it, a new kernel vulnerability was announced
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Updates have been filed in bodhi with the fix
https://bodhi.fedoraproject.org/updates/FEDORA-2017-1225995344
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b93e6de389
https://bodhi.fedoraproject.org/updates/FEDORA-2017-79f099cbba
Please test and leave karma if this update works for you. This
is especially important for F24 which has seen a falloff in
karma recently.
Thanks,
Laura
6 years, 10 months
cannot ssh to localhost: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
by Frédéric Bron
I have installed the sshd service but cannot do
ssh localhost
because I get the following error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Same error from another computer targeting this one.
The strange thing is that I have exactly the same sshd_config file and
.ssh directory (with all file permissions 600, copied id_rsa.pub into
authorized_keys...) on another machine with the same F25 and it works.
sshd_config is:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
I tried to compare the logs of ssh -vvv targetting the machine where
it fails and targetting the machin where it works and here is where it
becomes different on the machine where it fails:
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
What was before is similar and can be found below.
Frédéric
ebug2: key: .ssh/id_rsa (0x55d3b2a1fa30), explicit, agent
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list
publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred:
gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
6 years, 10 months
Is default umask of 022 still reasonable for Fedora?
by stan
I recently became aware that the default umask for Fedora is 022 when
it caused problems for me that I had a different umask. This seems like
an anachronism, a relic of a kinder, gentler time, when the computing
atmosphere was more collegiate. Is it really appropriate that new
files be created for a user with permissions of rwxr-xr-x in today's
security atmosphere?
I set my umask to 077, so that no one can access anything.
I'm interested in other people's opinions, especially those arguing in
favor of continuing to have a umask of 022. Am I overlooking something?
6 years, 10 months
Postfix bug ...
by Walter H.
Hello,
Jun 19 20:18:01 fedorabox postfix/smtp[4723]: error: unsupported
dictionary type: pcre
what is this?
header_checks tells this and I'm used to use pcre with postfix ...
/etc/postfix/main.cf:
smtp_header_checks = pcre:/etc/postfix/smtp_hdr_chks.pcre
smtp_mime_header_checks =
smtp_nested_header_checks =
/etc/postfix/smtp_hdr_chks.pcre:
# remove 'Precedence: bulk'
/^precedence:[[:cntrl:][:space:]](.*)$/
IGNORE
Thanks,
Walter
6 years, 10 months
Firefox
by Lawrence E Graves
Not able to control the maximize control on my firefox web browser. If I
unmaximize the browser and close it out. When I log back on, it
automatically goes to maximize. Can anybody help with this matter? Am I
reporting to the list?
--
All things are workable but don't all things work.
Prov. 3:5 & 6
6 years, 10 months
Video editing disaster
by Wade Hampton
I am trying out multiple video editors on Fedora, with very poor results
and a ton of crashes.
Anyone have recommendations on how to stablize one of these or can you
recommend a
video editor that just works (like kdenlive used to when I used it last a
year ago)?
I am having the same results on two Fedora 25, 64-bit systems, fully
updated. The packages
are from rpmfusion and on one of the two systems from unitedrpms. My main
system is an
older 6-core AMD with 8G of RAM so it should handle it.
The files I am testing with are:
JPG images from a DSLR
Quicktime from my DSLR (MVI_xxx.MOV),
Movie from my Android phone xxxxxxxxx.m2ts
Movie from a DVD xxx.mpg
Movie from a digital camcorder (Sony AVCHD): xxxx.MTS
KDENLIVE:
My goto editor was Kdenlive, but it won't open files. I keep getting "clip
is invalid".
The terminal outputs:
mlt_repository_init: failed to dlopen /usr/lib64/mlt/libmltavformat.so
(/lib64/libavdevice.so.57: symbol av_buffersink_get_sample_aspect_ratio,
version LIBAVFILTER_6 not defined in file libavfilter.so.6 with link time
reference)
I think there is a lib miss-match.
PITIVI:
Pitivi is nice, but I can't keep it running. Multiple core dumps.
OPENSHOT:
I really love OpenShot. I tried the one from rpmfusion and it crashed all
the time,
for example when trying transitions. I also tried the latest version via
AppImage:
OpenShot-v2.3.3-x86_64.AppImage
This seemed much more stable, but I could still crash it with transitions,
adding
an MP3 file for audio, etc.
Anyone have a good, stable video editor or have suggestions on how to run
one of these
in a stable platform?
Note, I am filing bug reports on many of these crashes....
Thanks,
--
Wade Hampton
6 years, 10 months