[prev in list] [next in list] [prev in thread] [next in thread]
List: centos
Subject: Re: [CentOS] mismatch in openssh latest rpm available at centos
From: Ross Walker <rswwalker () gmail ! com>
Date: 2012-03-30 0:42:50
Message-ID: C064FA3F-EF5A-4421-8B21-09BAF6CD2900 () gmail ! com
[Download RAW message or body]
On Mar 29, 2012, at 11:39 AM, Johnny Hughes <johnny@centos.org> wrote:
> On 03/29/2012 09:56 AM, m.roth@5-cent.us wrote:
> > Johnny Hughes wrote:
> > > On 03/28/2012 08:05 PM, Vinay Nagrik wrote:
> > > > The latest rpm in openssh is 5.8, however, the corresponding latest rpm
> > > > available in centos 5.7 is only
> > > > openssh-4.3p2-72.el5_6.3.x86_64.rpm
> > > > and in 6.0 centos is
> > > > openssh-5.3p1-20.el6.x86_64.rpm
> > > >
> > > > I have following questions.
> > > >
> > > > 1. I want to start from src.rpm and where can I get the src.rpm for
> > > > openssh-5.3p1-20.el6.x86_64.rpm.
> > > >
> > > > 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
> > > > without causing any problems.
> > > If you rebuild it, if it rebuilds, and if you rebuild anything that
> > > depends on the old one, then yes. It may not build without newer
> > > "buildrequires" being met though. And now, every time there is an
> > > upgrade, you have to remember to get the new one and rebuild again. You
> > > also have to track any changes of the new "buildrequires" that you had
> > > to build.
> > > > 3. Which of these two rpms will be most compatible with latest openssh
> > > > rpm version 5.8.
> > <snip>
> > > If you rebuild a new ssh, you will also have to rebuild any packages
> > > that are built against the old openssh against the new openssh.
> > >
> > > If you are concerned about security ... that is the whole purpose of
> > > enterprise linux ... it backports security patches for 10 years while
> > > maintaining consistent APIs/ABIs.
> > >
> > > If you want the latest packages on your machine, then you want Fedora
> > > and not CentOS.
> > Well... I can see it. We had to build a newer package for 5.x, because we
> > *had* to have PIV-II/pkcs11 support. That's *just* come in with 6.2, to be
> > able to log in with a smart card. Even so, there's a bug/enhancement (and
> > my manager has this in w/ Redhat, and it's been escalated) needed, that it
> > insists on showing the userlist of recent logins.
>
> And this can be the case ... they will roll back security items, but
> there will be some new functionality that is not rolled back.
>
> If you really need some new function, then yes, a rebuild is in order.
>
> That entails all the things I outlined above though ... figuring out
> "what else" you need to build first to use as a "BuildRequires", figure
> out what you have to build after because they depend on the built Share
> libraries of the package (or one they depend on one of your Newer
> BuildRequires that you needed). Then you need to set up a method to
> track all the "out of band" packages that you are adding so you keep
> them up2date.
>
> This can sometimes just be the package in question ... but sometimes it
> can be a whole bunch of other packages too ... for example, if you built
> a newer openssl, you would also need to rebuild all of these afterwards
> (which build against openssl):
>
> [hughesjr@localhost SRPMS]$ for srpms in $(ls *.src.rpm); do
> is_openssl=$(rpm -qp --requires $srpms | grep openssl); if [
> "$is_openssl" != "" ]; then echo $srpms; fi; done
> authd-1.4.3-14.src.rpm
> autofs-5.0.1-0.rc2.163.el5.src.rpm
> bind-9.3.6-20.P1.el5.src.rpm
> bind97-9.7.0-6.P2.el5_7.4.src.rpm
> certmonger-0.50-3.el5.src.rpm
> clustermon-0.12.1-7.el5.centos.src.rpm
> conga-0.12.2-51.el5.centos.src.rpm
> crypto-utils-2.3-2.el5.src.rpm
> curl-7.15.5-15.el5.src.rpm
> cyrus-imapd-2.3.7-12.el5_7.2.src.rpm
> cyrus-sasl-2.1.22-5.el5_4.3.src.rpm
> desktop-printing-0.19-20.2.el5.src.rpm
> distcache-1.4.5-14.1.src.rpm
> dovecot-1.0.7-7.el5_7.1.src.rpm
> ecryptfs-utils-75-8.el5.src.rpm
> elinks-0.11.1-6.el5_4.1.src.rpm
> epic-2.4-1.src.rpm
> evolution-connector-2.12.3-11.el5.src.rpm
> evolution-data-server-1.12.3-18.el5.src.rpm
> exim-4.63-10.el5.src.rpm
> fetchmail-6.3.6-4.el5.src.rpm
> fipscheck-1.2.0-1.el5.src.rpm
> freeradius-1.1.3-1.6.el5.src.rpm
> freeradius2-2.1.12-3.el5.src.rpm
> gftp-2.0.18-3.2.2.src.rpm
> gnome-vfs2-2.16.2-8.el5.src.rpm
> hplip-1.6.7-6.el5_6.1.src.rpm
> hplip3-3.9.8-11.el5_6.1.src.rpm
> htdig-3.2.0b6-11.el5.src.rpm
> httpd-2.2.3-63.el5.centos.src.rpm
> ipsec-tools-0.6.5-14.el5_5.5.src.rpm
> iscsi-initiator-utils-6.2.0.872-13.el5.src.rpm
> isns-utils-0.93-1.0.el5.src.rpm
> java-1.6.0-openjdk-1.6.0.0-1.24.1.10.4.el5.src.rpm
> kdelibs-3.5.4-26.el5.centos.1.src.rpm
> kdenetwork-3.5.4-13.el5_6.1.src.rpm
> libc-client-2004g-2.2.1.src.rpm
> libdbi-drivers-0.8.1a-1.2.2.src.rpm
> libgnomeprint22-2.12.1-10.el5.src.rpm
> libwvstreams-4.2.2-2.1.src.rpm
> lynx-2.8.5-28.1.el5_2.1.src.rpm
> m2crypto-0.16-8.el5.src.rpm
> mod_authz_ldap-0.26-11.el5.src.rpm
> mutt-1.4.2.2-3.0.2.el5.src.rpm
> mysql-5.0.77-4.el5_6.6.src.rpm
> neon-0.25.5-10.el5_4.1.src.rpm
> net-snmp-5.3.2.2-17.el5.src.rpm
> NetworkManager-0.7.0-13.el5.src.rpm
> nmap-4.11-2.src.rpm
> nss_ldap-253-49.el5.src.rpm
> ntp-4.2.2p1-15.el5.centos.1.src.rpm
> openCryptoki-2.2.4-25.el5.src.rpm
> openhpi-2.14.0-5.el5.src.rpm
> OpenIPMI-2.0.16-12.el5.src.rpm
> openldap-2.3.43-25.el5.src.rpm
> openldap24-libs-2.4.23-5.el5.src.rpm
> openssh-4.3p2-82.el5.src.rpm
> pam_ccreds-3-5.src.rpm
> perl-Crypt-SSLeay-0.51-11.el5.src.rpm
> perl-Net-SSLeay-1.30-4.fc6.src.rpm
> php-5.1.6-32.el5.src.rpm
> php53-5.3.3-5.el5.src.rpm
> postfix-2.3.3-2.3.el5_6.src.rpm
> postgresql-8.1.23-1.el5_7.3.src.rpm
> postgresql84-8.4.9-1.el5_7.1.src.rpm
> postgresql-odbc64-09.00.0200-1.el5.src.rpm
> pwlib-1.10.1-7.0.1.el5.src.rpm
> pyOpenSSL-0.6-2.el5.src.rpm
> python-2.4.3-46.el5.src.rpm
> python-ldap-2.2.0-2.1.src.rpm
> qspice-0.3.0-54.el5_5.2.src.rpm
> quota-3.13-5.el5.src.rpm
> rdesktop-1.6.0-7.src.rpm
> ruby-1.8.5-24.el5.src.rpm
> samba-3.0.33-3.37.el5.src.rpm
> samba3x-3.5.10-0.107.el5.src.rpm
> sblim-1-49.el5.src.rpm
> scribus-1.3.3.2-3.el5.src.rpm
> sendmail-8.13.8-8.1.el5_7.src.rpm
> slrn-0.9.8.1pl1-1.2.2.src.rpm
> spamassassin-3.3.1-2.el5.src.rpm
> spice-client-0.8.1-6.el5.src.rpm
> squid-2.6.STABLE21-6.el5.src.rpm
> stunnel-4.15-2.el5.1.src.rpm
> tcpdump-3.9.4-15.el5.src.rpm
> tn5250-0.17.3-6.src.rpm
> tog-pegasus-2.11.0-3.el5.src.rpm
> tpm-tools-1.3.1-1.el5.src.rpm
> trousers-0.3.1-4.el5.src.rpm
> vsftpd-2.0.5-24.el5.src.rpm
> w3m-0.5.1-18.el5.src.rpm
> wget-1.11.4-2.el5_4.1.src.rpm
> wireshark-1.0.15-1.el5_6.4.src.rpm
> wpa_supplicant-0.5.10-9.el5.src.rpm
> wvdial-1.54.0-5.2.2.1.src.rpm
> x3270-3.3.4p7-3.el5.4.src.rpm
> xchat-2.6.6-8.el5.src.rpm
> xmlsec1-1.2.9-8.1.2.src.rpm
>
> So, this can be very challenging.
I think when substituting core packages it's better to root the substitutes in \
/usr/local, use tagged init scripts and employ the 'alternatives' feature instead of \
trying to replace the core packages, their dependencies and dependents.
Then both can be installed and the operator can switch from one to the other as \
necessary.
-Ross
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic