Scientific Linux Fermi LTS 4.6 RELEASE CANDIDATE 2 x86_64 March 24, 2008 Please send bug reports to dawson@fnal.gov,csieh@fnal.gov Please read the Release Notes for Scientific Linux. It is located at SL.releasenote Also read the Upstream Vendor release notes . They are located in *Upstream.vendor.U6.releasenote and the older releasenotes in SL.documentation/ All of the info in the SL.releasenote is valid unless this document states otherwise. This document only contains info that is specific to the Fermi site. Any reference to SL.releasenote is done to emphasis that it contains important information. All of these release notes, as well as earlier ones, can be found at http://www-oss.fnal.gov/projects/fermilinux/lts4x/release.notes.html ---------------------------------------------------------------------------- This is based on the rebuilding of RPMS out of SRPMS's that form Scientific Linux. Please read this entire document before installing. Table of contents HARDWARE REQUIREMENTS INSTALLATION INFO * ADDED compared to Scientific Linux 4.6 * UPDATED compared to Scientific Linux 4.6 Installer modifications /contrib /docs /notsupported MISC Notes HARDWARE SPECIFIC ISSUES SOFTWARE ISSUES/BUGS SUPPORT INFO vendor ERRATA Each has a "---" line above and below it. _____________________________________________________________________________ HARDWARE REQUIREMENTS _____________________________________________________________________________ - See SL.releasenotes - Common "Fermi Generic Desktop" Installation : 5GB _____________________________________________________________________________ INSTALLATION INFO _____________________________________________________________________________ Installation Locations Via NFS linux.fnal.gov:/export/linux/lts4rolling/x86_64/ with floppy There is no floppy install as the kernel is too big to fit on a floppy. with cdrom There is a boot.iso which is small iso image which includes all the drivers. After download you can use cdrecord to create a cdr with this image on it. ftp://linux.fnal.gov/download/lts4rolling/network.install.x86_64/boot.iso Via CDROM Download and then burn cdrom iso images from ftp://linux.fnal.gov/download/lts4rolling/cd.install.x86_64/ ----------------------------------------------------------------------------- ADDED compared to Scientific Linux ----------------------------------------------------------------------------- **Fermi-release-4.6-1.noarch.rpm Made change so that /etc/issue and /etc/issue.net showed Fermi Linux instead of RedHat. Clam Anti Virus Clam Anti-Virus. Obtained from the DAG repository and rebuilt from src.rpm. http://www.clamav.net clamav-0.87.1-1.rf.x86_64.rpm clamav-db-0.87.1-1.rf.x86_64.rpm clamav-devel-0.87.1-1.rf.x86_64.rpm clamav-milter-0.87.1-1.rf.x86_64.rpm clamd-0.87.1-1.rf.x86_64.rpm clamtk-2.13-1.rf.x86_64.rpm flpr I am installing the flpr rpm by default. I got the latest version from Randy. This does NOT require ups/upd. The flpr binary will reside in /usr/local/bin/ . This should just make using flpr easier for all. flpr-2.4-4f.9x.i386.rpm Java See SL.releasenote Kerberos -- Fermi version The fixes in these new kerberos packages should fix the kerberos - afs problem. The configuration rpm's set ignore_afs = true, this get's rid of the long wait as pam decides what to do. The libs rpm, which has the /etc/pam.d/z_krb5* scripts, now checks to see if you have AFS, then if you have a keberos ticket, and if you do, then it does an aklog -setpag for you. The end result is a quicker login, with the benifit of cutting down on afs token stealing if multiple people log in as the same user. krb5-fermi-krb5.conf will ONLY put on a /etc/krb5.conf that points to the fermi domain. If you have krb5-fermi-config you DO NOT need this. This is intended for use with the Redhat provided kerberos. Many offsite users will find this of use. krb5-fermi-config-1.9-4 and later has a seperate script that only adds or removes aklog from your krb5.conf. This script now get's run (via triggers) whenever openafs get's added or removed. krb5-fermi-config-2.7-1.noarch.rpm krb5-fermi-krb5.conf-2.7-1.noarch.rpm krb5-libs-fermi-1.8a-LTS4.4.i386.rpm krb5-workstation-fermi-1.8a-LTS4.4.i386.rpm OpenAFS See SL.releasenote Installing OpenAFS using Yum Yum 2.4, which is found in Scientific Linux 4.x, is not as good at figuring out which kernel-modules need to be installed with openafs. Because of this, sometime's it tries to install the wrong kernel-module when you are installing openafs by hand. Here is the procedure for installing openafs, using yum yum install openafs-client openafs-thiscell kernel-module-openafs-`uname -r` redhat-logos-1.1.25-1.LTS.4.noarch.rpm This version of redhat-logo's has all of the generic changes that were made with Scientific Linux. It has also changed all of the Scientific Linux specific logo's, as well as anything that was in the old zz_fermi-logos SLIP Scientific Linux Inventory Project client and dependencies ocsinventory-client-0.9.9-7.noarch.rpm perl-XML-Simple-2.14-2.rf.noarch.rpm SL_... See SL.releasenote. These are similar to zz_... . The only difference is that the SL_... were deemed more generic and thus should be included in the Full SL release and not only in Fermi site version. upsupdbootstrap Not installed by default anymore for "Fermi Generic Desktop. Does NOT create symbolic links from /usr/local/bin to ups areas. Can select during install if needed. upsupdbootstrap-4.1-1.i386.rpm upsupdbootstrap-fnal-4.0-4.i386.rpm Installs ups/upd to /fnal/ups Was upsupdbootstrap-generic, changed to make the name clearer upsupdbootstrap-local-4.0-4.i386.rpm Installs ups/upd to /local/ups vnc Issue with vnc allowing more than just localhost to connect by default. The starting point was the latest Fedora Core SRPM of vnc, back-ported to use the XFree86-4.3.0-78.EL sources instead of x.org and javac instead of the (too-old) gcc-java, and patched to set the "localhostOnly" parameter to true by default. Note that it is still possible to return to RISKY behavior by invoking: vncserver -localhost="no" (or 0, or "off") Note that vncviewer has the new option "-via", meaning that the command line: vncviewer -via .fnal.gov localhost:1 will set up an SSH tunnel and use it to access the local vncserver running on .fnal.gov, all in one step. NOTE that vnc is ONLY allowed if used with a kerberized SSH tunnel i onsite at Fermi and visible only to localhost . See the above info. Thanks to Chris Green for this patched vnc. vnc-4.0-13f2.x86_64.rpm vnc-server-4.0-13f2.x86_64.rpm **yum-conf-46-1.LTS.noarch.rpm Modified to give Fermi's rpm's a priority, as well as point to Fermi's linux distribution servers instead of scientific linux's. Also excludes the generic SL openssh rpm's. Now has a testing repository Added http://linux1.fnal.gov/ and made it the default repository *yum-conf-4x-2-4.LTS.noarch.rpm Added http://linux1.fnal.gov/ and made it the default repository Will keep you at 4x which is the current 4x release. So when we release the next 4 release yum will automatically yum install it , except for the kernel. yum install yum-conf-4x This is NOT installed by default. zz_a2ps_stdout-1.0-3.noarch.rpm Change the output of a2ps to go to stdout vs the printer. zz_dhcp_resolv-3.0.1-2.noarch.rpm This rpm fixes that so that when your network starts, as it checks your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in your /etc/resolv.conf file. zz_emacs_link-1.1-5.noarch.rpm Make a symbolic link from "emacs" to "xemacs" when xemacs is installed and emacs is not installed. This version uses triggers to make or remove the link when emacs, or xemacs is added or removed. zz_firstboot_fix-1.0-3.noarch.rpm Make changes to firstboot. zz_lang_collate-1.0-2.noarch.rpm Changes LANG so that sorting is done the same as 6.1 and earlier. (ABCabc instead of AaBbCc). This is not installed by default except for a few workgroups. Can be added later with a "yum install zz_lang_collate" . zz_ntp_configure-4.2.0-6.noarch.rpm Configure ntp for Fermi site network. Startup script now pokes hole in the firewall for itself zz_pine_user_domain-1.0-1.noarch.rpm By default when a user sends mail from pine their email address is myname@mycomputer.fnal.gov. This rpm changes it so that the default is myname@fnal.gov by modifying the /etc/pine.conf config file. zz_sendmail_accept-2.0-1.noarch.rpm Changes Sendmail config so that it allows incomming mail. This the same as the SL_sendmail_accept except that the sendmail startup script pokes holes for fermilab on startup, and closes them on shutdown zz_sendmail_fermi_gateway-2.0-1.noarch.rpm This rpm is designed to send outbound sendmail e-mail through the fermilab e-mail gateway(smtp.fnal.gov). zz_sshd_aklog-3.9-5.noarch.rpm As of Fermi's version openssh-3.9p1-8.SLF.4.17 aklog was taken out of the sshd_config due to it not working and causing an error. This script removes aklog from sshd_config . The aklog function is built in openssh-3.9p1-8.SLF.4.* . zz_sshd_nonkerberized-3.9-1.noarch.rpm Fermi's openssh is normally kerberized out of the box. This rpm will make it non-kerberized. Should only be used offsite. version 3.9 was changed to work with the configurations of openssh 3.9 zz_sshd_pam-3.9-3.noarch.rpm This changes the setting in sshd_config from "UsePAM = no" to "UsePAM = yes" When used with the new pam_krb5 (version 2.2.8-2) this allows your ssh deamon to do cryptocard prompting. zz_tcp_wrappers_change-3.0-3.noarch.rpm Disable all offsite access to common network services. Also puts in the "DOE required login banners". If it determines that you have already modified /etc/hosts.allow or host.deny it leaves them alone. zz_tex_tweaks-1.0-1.noarch.rpm Changes the default paper size to 8.5 x 11 vs A3 apt-get Scientific Linux Fermi is not aptable. We do NOT provide any config files for this. If you want to use apt YOU will need to add /etc/apt/ entries to point to Scientific Linux Fermi. We only support yum handling the daily "auto update" function. Note that yum can handle the "auto update" function with apt still able to do "installs". Apt does not work well with dual arch distos. Since this version of SLF is dual arch apt does NOT work with it. Apt-rpm development has been stopped. Only YUM is installed by default and ONLY YUM is SUPPORTED at Fermi. So why am i mentioning this if apt does not work and is dead. Because it is still in the release and did not want it to be used. Workgroup tag files These are used to specify which workgroup you belong to. Astro-tag-3.0-7.noarch.rpm BooNEDataServer-tag-3.0-7.noarch.rpm BooNE-LANL-tag-3.0-8.noarch.rpm BooNE-tag-3.0-7.noarch.rpm CDFCAFworker-tag-3.0-7.noarch.rpm CDFlevel3-tag-3.0-7.noarch.rpm CDFoffsite-tag-3.0-7.noarch.rpm CDFonline-tag-3.0-7.noarch.rpm CDF-tag-3.0-7.noarch.rpm ClueD0Workstation-tag-3.0-7.noarch.rpm CMSdesktop-tag-3.0-7.noarch.rpm CMSfarm-tag-3.0-7.noarch.rpm CMSserver-tag-3.0-7.noarch.rpm ConsoleServer-tag-3.0-7.noarch.rpm CPDserver-tag-3.0-7.noarch.rpm CPD-tag-3.0-7.noarch.rpm CSS-tag-3.0-7.noarch.rpm D0online-tag-3.0-8.noarch.rpm DcacheServer-tag-3.0-10.noarch.rpm EAG-tag-3.0-8.noarch.rpm FarmsConsole-tag-3.0-7.noarch.rpm Farms-tag-3.0-7.noarch.rpm FermiGenericDesktopOffsite-tag-3.0-7.noarch.rpm Fermigrid-tag-4.0-3.noarch.rpm FermiStandAlone-tag-3.0-7.noarch.rpm FermiVeryGeneric-tag-3.0-7.noarch.rpm FnaluBatch-tag-3.0-7.noarch.rpm FnaluInteractive-tag-3.0-7.noarch.rpm FOCUS-tag-3.0-7.noarch.rpm GenericFarm-tag-3.0-7.noarch.rpm GenericServer-tag-3.0-9.noarch.rpm ILCDesktop-tag-4.0-4.noarch.rpm ILCServer-tag-4.0-5.noarch.rpm ILCta-tag-4.0-5.noarch.rpm LHCroc-tag-4.0-5.noarch.rpm * Minerva-tag-4.0-6.noarch.rpm Minos-tag-3.0-7.noarch.rpm OAA-tag-3.0-7.noarch.rpm RIP-tag-3.0-7.noarch.rpm SciBooNE-tag-4.0-4.noarch.rpm SDSS-tag-3.0-7.noarch.rpm Sidet-tag-3.0-7.noarch.rpm Theory-tag-3.0-7.noarch.rpm --------------------------------------------------------------------------- UPDATED compared to 3 ---------------------------------------------------------------------------- authconfig Authconfig needed to be tweeked because it was putting a line into the /etc/pam.d/system-auth that would not allow you to log into root or a group account if there was a .k5login file in the accounts home area. This is the same change that was done in LTS 3.0.x authconfig-4.6.10-LTS4x.3.x86_64.rpm authconfig-gtk-4.6.10-LTS4x.3.x86_64.rpm font-xorg-* Missing a install dependency on "which" . This caused the post script to fail and not run mkfontdir for each font directory fonts-xorg-100dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-75dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-base-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-cyrillic-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-14-100dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-14-75dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-15-100dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-15-75dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-2-100dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-2-75dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-9-100dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-ISO8859-9-75dpi-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-syriac-6.8.2-1.EL.SL.noarch.rpm fonts-xorg-truetype-6.8.2-1.EL.SL.noarch.rpm OpenSSH This is the openssh from S.L. 4.x with some patches and modifications. It does kerberos with both fermi's old openssh(old gssapi), as well as generic new openssh's(new gssapi) for both the server and the client. So end users won't need a special openssh. It works with multiple IP address's (if you are behind a load balancer) It has the "High Performance Networking" patch (a command line option) http://www.psc.edu/networking/projects/hpn-ssh/ It does 'kerberos only' by default It does not do cryptocard. Users needing this need to install the modified pam module (pam_krb5-2.2.8-2) and then either change the sshd_config to say "UsePAM = yes" or install the zz_sshd_pam rpm. If a workgroup wants to install openssh-server then they just need to add the entry from their "comps" file as it is NOT installed by default. openssh-3.9p1-8.SLF.4.22.x86_64.rpm openssh-askpass-3.9p1-8.SLF.4.22.x86_64.rpm openssh-askpass-gnome-3.9p1-8.SLF.4.22.x86_64.rpm openssh-clients-3.9p1-8.SLF.4.22.x86_64.rpm openssh-server-3.9p1-8.SLF.4.22.x86_64.rpm pam_krb5 This pam module is a newer version. It works with cryptocard. It also works with Fermilab's new and old kdc's. This has been compiled with static libraries so it doesn't matter which kerberos you have installed. pam_krb5-2.2.11-5.slf4.x86_64.rpm SL_enable_serialconsole-3.1-4.noarch.rpm The serial console was changed from mingetting to agetty ---------------------------------------------------------------------------- Installer modifications --------------------------------------------------------------------------- Anaconda (installer) Changes to "defaults" from vendor installer. Firewall is on by default. Hole poked for ntp. US/Central is default timezone. vendor default was New York. Kerberos is on by default with a realm of FNAL.GOV . vendor default was off. Default install is via ftp, can still select nfs by typing nfs at isolinux prompt rhgb(RedHat Graphical Boot) is not turned on by default. If a workgroup wants it on they need to include "rhgb" in their comps.xml file Workgroup "Fermi Generic Desktop" For the network install all security errata that are available in our network tree will be installed at the end of the install. --------------------------------------------------------------------------- /contrib/ --------------------------------------------------------------------------- The packages in this section have been contributed by various people. They are presented AS IS and there is no guarantee of them working. These packages are NOT supported by us. They will only get security updates if the contributor provides them. If you have questions about them then ask the contributor. To use with yum: For one time only (prefered method) yum --enablerepo=Fermi-contrib install To enable for all yum updates/install (including autoyum) edit the file /etc/yum.repos.d/fermi-contrib.repo and change the line enabled=0 to enabled=1 See README's in the RPMS/ directorys for specific package info. /sites/Fermi/contrib/RPMS/ --------------------------------------------------------------------------- MISC NOTES --------------------------------------------------------------------------- Upgrades from prior versions. UPDATES are only supported via the installer for upgrading from Scientific Linux LTS 3.0.x to Scientific Linux LTS 40rolling. YUM will NOT work, do not use it. Vendor seems to really want users to start from scratch. --------------------------------------------------------------------------- SOFTWARE ISSUES/BUGS --------------------------------------------------------------------------- ATI x700 video cards are NOT supported in the version of X included here. --------------------------------------------------------------------------- SUPPORT INFO --------------------------------------------------------------------------- Fermi site users should start with the "Fermi" specific support areas and use the Scientific Linux next. Fermi Linux web pages http://www.fnal.gov/cd/unix/linux Fermi Linux Community support mailing list linux-users@fnal.gov Which is archived at http://listserv.fnal.gov/archives/linux-users.html Scientific Linux web page http://www.scientificlinux.org ---------------------------------------------------------------------------- ERRATA released after SL 4.6 ------------------------------------------------------------------------------ * apr-0.9.4-24.9.sl4.i386.rpm * apr-devel-0.9.4-24.9.sl4.x86_64.rpm * ccs-1.0.11-1.el4_6.1.x86_64.rpm * ccs-devel-1.0.11-1.el4_6.1.x86_64.rpm * cman-1.0.17-0.el4_6.5.x86_64.rpm * cman-devel-1.0.17-0.el4_6.5.x86_64.rpm * cman-kernel-2.6.9-53.9.x86_64.rpm * cman-kernel-largesmp-2.6.9-53.9.x86_64.rpm * cman-kernel-smp-2.6.9-53.9.x86_64.rpm * cman-kernel-xenU-2.6.9-53.9.x86_64.rpm * cman-kernheaders-2.6.9-53.9.x86_64.rpm * cmirror-kernel-2.6.9-38.8.x86_64.rpm * cmirror-kernel-largesmp-2.6.9-38.8.x86_64.rpm * cmirror-kernel-smp-2.6.9-38.8.x86_64.rpm * cmirror-kernel-xenU-2.6.9-38.8.x86_64.rpm * dlm-kernel-2.6.9-52.5.x86_64.rpm * dlm-kernel-largesmp-2.6.9-52.5.x86_64.rpm * dlm-kernel-smp-2.6.9-52.5.x86_64.rpm * dlm-kernel-xenU-2.6.9-52.5.x86_64.rpm * dlm-kernheaders-2.6.9-52.5.x86_64.rpm * GFS-kernel-2.6.9-75.12.x86_64.rpm * GFS-kernel-largesmp-2.6.9-75.12.x86_64.rpm * GFS-kernel-smp-2.6.9-75.12.x86_64.rpm * GFS-kernel-xenU-2.6.9-75.12.x86_64.rpm * GFS-kernheaders-2.6.9-75.12.x86_64.rpm * gnbd-kernel-2.6.9-10.32.x86_64.rpm * gnbd-kernel-largesmp-2.6.9-10.32.x86_64.rpm * gnbd-kernel-smp-2.6.9-10.32.x86_64.rpm * gnbd-kernel-xenU-2.6.9-10.32.x86_64.rpm * gnbd-kernheaders-2.6.9-10.32.x86_64.rpm * kernel-2.6.9-67.0.7.EL.x86_64.rpm * kernel-devel-2.6.9-67.0.7.EL.x86_64.rpm * kernel-doc-2.6.9-67.0.7.EL.noarch.rpm * kernel-largesmp-2.6.9-67.0.7.EL.x86_64.rpm * kernel-largesmp-devel-2.6.9-67.0.7.EL.x86_64.rpm * kernel-module-fuse-2.6.9-67.0.7.EL-2.5.3-1.SL.x86_64.rpm * kernel-module-fuse-2.6.9-67.0.7.ELlargesmp-2.5.3-1.SL.x86_64.rpm * kernel-module-fuse-2.6.9-67.0.7.ELsmp-2.5.3-1.SL.x86_64.rpm * kernel-module-fuse-2.6.9-67.0.7.ELxenU-2.5.3-1.SL.x86_64.rpm * kernel-module-ipw3945-2.6.9-67.0.7.EL-1.1.0-1.SL4.x86_64.rpm * kernel-module-ipw3945-2.6.9-67.0.7.ELlargesmp-1.1.0-1.SL4.x86_64.rpm * kernel-module-ipw3945-2.6.9-67.0.7.ELsmp-1.1.0-1.SL4.x86_64.rpm * kernel-module-ipw3945-2.6.9-67.0.7.ELxenU-1.1.0-1.SL4.x86_64.rpm * kernel-module-madwifi-2.6.9-67.0.7.EL-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-madwifi-2.6.9-67.0.7.ELlargesmp-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-madwifi-2.6.9-67.0.7.ELsmp-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-madwifi-hal-2.6.9-67.0.7.EL-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-madwifi-hal-2.6.9-67.0.7.ELlargesmp-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-madwifi-hal-2.6.9-67.0.7.ELsmp-0.9.3.3-10.sl4.x86_64.rpm * kernel-module-ndiswrapper-2.6.9-67.0.7.EL-1.41-1.SL.x86_64.rpm * kernel-module-ndiswrapper-2.6.9-67.0.7.ELlargesmp-1.41-1.SL.x86_64.rpm * kernel-module-ndiswrapper-2.6.9-67.0.7.ELsmp-1.41-1.SL.x86_64.rpm * kernel-module-ndiswrapper-2.6.9-67.0.7.ELxenU-1.41-1.SL.x86_64.rpm * kernel-module-openafs-2.6.9-67.0.7.EL-1.4.6-58.SL4.x86_64.rpm * kernel-module-openafs-2.6.9-67.0.7.ELlargesmp-1.4.6-58.SL4.x86_64.rpm * kernel-module-openafs-2.6.9-67.0.7.ELsmp-1.4.6-58.SL4.x86_64.rpm * kernel-module-openafs-2.6.9-67.0.7.ELxenU-1.4.6-58.SL4.x86_64.rpm * kernel-module-r1000-2.6.9-67.0.7.EL-2.2-2.SL4x.x86_64.rpm * kernel-module-r1000-2.6.9-67.0.7.ELlargesmp-2.2-2.SL4x.x86_64.rpm * kernel-module-r1000-2.6.9-67.0.7.ELsmp-2.2-2.SL4x.x86_64.rpm * kernel-module-r1000-2.6.9-67.0.7.ELxenU-2.2-2.SL4x.x86_64.rpm * kernel-smp-2.6.9-67.0.7.EL.x86_64.rpm * kernel-smp-devel-2.6.9-67.0.7.EL.x86_64.rpm * kernel-xenU-2.6.9-67.0.7.EL.x86_64.rpm * kernel-xenU-devel-2.6.9-67.0.7.EL.x86_64.rpm * krb5-devel-1.3.4-54.el4_6.1.x86_64.rpm * krb5-libs-1.3.4-54.el4_6.1.i386.rpm * krb5-server-1.3.4-54.el4_6.1.x86_64.rpm * krb5-workstation-1.3.4-54.el4_6.1.x86_64.rpm * tzdata-2007k-2.el4.noarch.rpm