logs archiveIRC Archive / Freenode / #centos / 2015 / August / 13 / 1
Flotho66
eneving folks,
I would like to configure a ss certifcate with a CA flag set to true, I found a great resource here : http://jeyg.info/des-certificats-signes-par-votre-autorite-de-certification-avec-openssl/ but I have a question
I already have 2 folders in /etc/pki
one is CA, the oher one is ca-trust
is anybody could explain me the purpose of those?
potato_farmer
ca-trust contains CA certs chosen by Mozilla for use with the Internet PKI
CA is part of the OpenSSL package for cert management
Flotho66
potato_farmer, thanks, Ok, this one is intended to be customed? Is it the right place fro creating CA and storing personal certs?
Zerberus
Flotho66: check /etc/pki/tls/misc/ and /etc/pki/tls/openssl.cnf which you may want to adjust
Flotho66
Zerberus: thanks, anyway, very difficult to find a tuto that works all the long
profit1
hey there. stupid question, but is there a sane way to convince yum to install with an older rpmdb version? (e.g. bootstrap a centos 6 image to a folder from a centos 7 box?) un-cpio'ing the yum/rpm binaries and calling that still leads to db corruption because a different version of RPMDB will.. well, not work.
wolfy
profit1: Similar to what mock does ?
profit1
Yeah, I know mock has a way of doing that
maybe mock --init or something..
phy1729
just to be sure I didn't miss something obvious, JBoss is not packaged for CentOS 6 right?
         

pj
profit1: I haven't had any issues of compatibility between CentOS 5 and 6 irt rpmdb.
profit1: and I have used yum on a CentOS 6 host to do a CentOS 7 install, so I can say it works.
profit1: you just use yum with an alternate config file (specify --config) and an alternate root (--installroot)
profit1
well yeah
but i'm going the OPPOSITE way :)
i do yum --config=USE_THIS_OVER_HERE and --instalroot=THIS_DIRECTORY_OVER_HERE and --releasever=6 from c67
pj
installing 6 on a 7 host? Shouldn't be an issue.
profit1
shouldn't be, but I get uggo db corruption errors
like "can't read this format" from the c6 box
pj
yeah, I don't bother with --releasever, I just make sure to specify the full baseurl paths in my config.
profit1
it's possible my yum config isn't quite right
pj
profit1: can you show in a pastebin, please?
profit1
what specifically am i looking for in the yum config to force centos 6?
pj
@pastebin
centbot
Do _NOT_ paste more than 1 line of text in the channel; please be so kind as to use http://pastebin.centos.org or another pastebin and then paste the complete url, including http/https, to your content here. Please note that pastebins that require javascript or other active content technologies are likely to be ignored by channel regulars.
profit1
sure, just a moment while i retrieve the gross dead docker image
http://pastebin.centos.org/32006/ is the pastebin of angry rpmdb
TrevorH
el7 has a much newer libdb package than el6 so you would presumably need to use the older el6 libs
profit1
i figured it's a 'berkeleydb whyyyy' problem
pj
that has a lot mroe problems than just rpmdb
profit1
unfortunately, trying to be clever and rpm2cpio -e (yum|rpm).rpm into a chroot does... does not work.
because lol no libraries, how do i even execute that
pj
you're trying to use both configs together from what I can tell, and also your yum command doesn't pass any of the options that either you or I mentioned.
profit1
oh fair
pj
yeah, no, don't do rpm2cpio for that.
profit1
i thought you were just looking for the rpmdb fail
pj
anyways show a pastebin of you attempting it properly.
         

profit1
so oddly enough, rpm -qa totally shows all of the packages *installed*
wait wtf
i did a 'yum clean all' and 'rpm --rebuilddb' and suddenly yum's happier
i smell aliens. i don't like intergalactic space creatures invading my life.
pj
hahaha
TrevorH
rpm rebuild from within the chroot?
pj
yeah, newer versions of RPM should / will be backwards compatible with older, so what you're trying to do should be easily possible
profit1
within the chroot
yes.
pj
even outside the chroot
TrevorH
which then links against the older db4 stuff presumably
profit1
interesting.
TrevorH
pj: on el7 it will use db4 5.x, el6 uses 4.7
I doubt if db4 4.7 can read 5.x db files
profit1
http://pastebin.centos.org/32011/ is what I was doing
/etc/yum.conf being stock
pj
TrevorH: ahhh, yep, I see, so he installed 6 on a 7 box, the initial install worked, but when he chrooted the rpmdb stuff was not bc, but he can/did clean and rebuild the rpmdb and it fixes it fine.
profit1: the way that mock works is it doesn't try to use rpm inside the chroot so it avoids the issue fully.
if you were to go into a mock chroot for CentOS 6 that you created on a CentOS 7 box and try to use the rpm command you would have the same issue.
profit1
interesting.
(this is the one time i envy debian/apt because debootstrap is pretty nice. unlike the rest of the ecosystem.)
pj
well, as you discovered the issue is easily fixed just by rebuilding the rpmdb inside the chroot.
profit1
looks like i need to 'yum clean all' before rpmdb rebuild
pj
profit1: also things to keep in mind for this type of install, in order for selinux to work you will need to reindex the first time you boot to it.
profit1
fair
if i'm installing with selinux=permissive in my host... hm
wonder if selinux would be enabled in this chroot
pj
yeah, you need to set it to permissive, reindex, then change it to enforcing
profit1
i'm actually not looking for selinux at this point
pj
well, not applicable to a chroot, only if you're going to actually boot to it (as a VM or similar)
profit1
yeah, not so much
i'm begrudgingly building docker base images
(also derp c6's rpm is /bin/rpm rather than /usr/bin/rpm)
TrevorH
el7 has done away with /bin and /sbin (now symlinks)
profit1
interesting
Ruffus
Hello! Running centos 6.4 (don't judge please) and I have a very weird problem: whatever I type in shell, the first letter get's copied on a new line, and so on, until I dont add anything after the copied letter, and then it executes the command you can read vertically. Any suggestions how can I fix that?
https://www.dropbox.com/s/1x85o7xhny9dqt1/bash_weird.PNG?dl=0 represents the behavious
Dan0maN_lt
type reset
see if that clears it
(that isn't a joke. it just resets the vty)
Ruffus
did, same thing
TrevorH
via ssh or locally connected?
@current
centbot
Current releases are 5.11, 6.7, and 7.1 (1503). You can determine your current release by running 'rpm -q centos-release'. Please understand that this channel is only able to support what is current. If you need support for past releases we urge you to get paid support for such from Red Hat.
Ruffus
did numerous reboots, deleted .bashrc and .bash_profile
I can connect via a console
TrevorH
6.4 has so many holes in it you could drive a truck through them, update ASAP
Ruffus
TrevorH that's my intent
however, as it is now, it's shell is unusable
*its
TrevorH
that was unclear if this is via ssh or console
Ruffus
console
same console works perfectly on other servers
TrevorH
so try ssh and see if it does it there
Ruffus
can't ssh, can't edit ifcfg file
TrevorH
so it has no network connection?
Ruffus
not how it is now, no
it's a kvm box, I console it via proxmo
« prev 1 2 3 4 5 next »