Scientific Linux Fermi 5.0 i386 September 10, 2007 Please send bug reports to dawson@fnal.gov,csieh@fnal.gov Please read the Release Notes for Scientific Linux. It is located at SL.releasenote Also read the Upstream Vendor release notes . They are located in Upstream.vendor.releasenote All of the info in the SL.releasenote is valid unless this document states otherwise. This document only contains info that is specific to the Fermi site. Any reference to SL.releasenote is done to emphasis that it contains important information. ---------------------------------------------------------------------------- This is based on the rebuilding of RPMS out of SRPMS's that form Scientific Linux. Please read this entire document before installing. Table of contents INSTALLATION INFO ADDED compared to Scientific Linux 5.0 UPDATED compared to Scientific Linux 5.0 Installer modifications /contrib /docs /notsupported MISC Notes HARDWARE SPECIFIC ISSUES SOFTWARE ISSUES/BUGS SUPPORT INFO vendor ERRATA Each has a "---" line above and below it. _____________________________________________________________________________ INSTALLATION INFO _____________________________________________________________________________ Installation Locations Via NETWORK: nfs: linux.fnal.gov:/export/linux/slf50/i386/ ftp: linux.fnal.gov /linux/slf50/i386 http: linux1.fnal.gov /linux/slf50/i386 network install with floppy There is no floppy install as the kernel is too big to fit on a floppy. network install with cdrom There is a boot.iso which is small iso image which includes all the drivers. After download you can use cdrecord to create a cdr with this image on it. ftp://linux.fnal.gov/linux/slf50/i386/images/sites/Fermi/boot.iso Via CDROM: There are no cdrom images at this time. Download and then burn cdrom iso images from ftp://linux.fnal.gov/linux/iso/slf50/i386/ Installing a Xen Paravirtualized Guest When installing a Xen Paravirtualized Guest, the location is http://linux01.fnal.gov/linux/slf50/i386/sites/Fermi ----------------------------------------------------------------------------- ADDED compared to Scientific Linux 50 i386 ----------------------------------------------------------------------------- Fermi-release Fermi-release-notes Made change so that /etc/redhat-release, /etc/issue and /etc/issue.net show Scientific Linux Fermi instead of just Scientific Linux. Clam Anti Virus Clam Anti-Virus. Obtained from the DAG repository and rebuilt from src.rpm. http://www.clamav.net clamav-0.91.2-1.rf.x86_64.rpm clamav-db-0.91.2-1.rf.x86_64.rpm clamav-devel-0.91.2-1.rf.x86_64.rpm clamav-milter-0.91.2-1.rf.x86_64.rpm clamd-0.91.2-1.rf.x86_64.rpm clamtk-2.32-1.rf.x86_64.rpm flpr Installed by default. This does NOT require ups/upd. The flpr binary will reside in /usr/local/bin/ flpr-2.4-4f.9x.i386.rpm Kerberos For SLF 5, we no longer need Fermi's kerberos. We are only including packages for configuring krb5.conf, as well as some utilities. krb5-fermi-config-2.7-1.noarch.rpm krb5-getcert-1.9-5.slf5.noarch.rpm OpenAFS See SL.releasenote Here is the procedure for installing openafs, using yum yum install openafs-client openafs-thiscell kernel-module-openafs-`uname -r` openafs-thiscell-FNAL-5.noarch.rpm redhat-logos-1.1.25-1.LTS.6.noarch.rpm This version of redhat-logo's has all of the generic changes that were made with Scientific Linux as well as changes to make it look like SLF. redhat-logos-4.9.16-1.SLF.4.noarch.rpm SLIP Scientific Linux Inventory Project client ocsinventory-client-0.9.9-9.noarch.rpm upsupdbootstrap Not installed by default. Links from /usr/local/bin are NOT made anymore. upsupdbootstrap-5.0-0.i386.rpm upsupdbootstrap-fnal-5.0-0.i386.rpm conflicts with upsupdbootstrap-local Installs ups/upd to /fnal/ups upsupdbootstrap-local-5.0-0.i386.rpm conflicts with upsupdbootstrap-fnal Installs ups/upd to /local/ups yum-conf Modified to give Fermi's rpm's a priority, as well as point to Fermi's linux distribution servers instead of scientific linux's. yum-conf-1.SLF.noarch.rpm yum-conf-5x-2-1.SLF.noarch.rpm Will keep you at 5x which is the current stable 5x release. So when we release the next 5 release yum will automatically yum install it except for the kernel. yum install yum-conf-5x yum-autoupdate-1-1.SLF.noarch.rpm yum-autoupdate has the nightly yum cron job in it. The nightly cron job has been modified to check the add-ons directory. zz_dhcp_resolv-3.0.5-1.noarch.rpm This rpm fixes that so that when your network starts, as it checks your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in your /etc/resolv.conf file. zz_logwatch_df-1.1-2.noarch.rpm By default logwatch does a df -h when looking at disk usage. This can be unwanted if you have alot of NFS mounted disks. This rpm changes that command to be df -lP -h, which looks at local disks only, and the output is in the POSIX output format. zz_ntp_configure-4.2.0-6.noarch.rpm Configure ntp for Fermi site network. Startup script now pokes hole in the firewall for itself One can manually change the script by editing the file /etc/sysconfig/ntpd.fermi zz_pine_user_domain-1.0-2.noarch.rpm By default when a user sends mail from pine their email address is myname@mycomputer.fnal.gov. This rpm changes it so that the default is myname@fnal.gov by modifying the /etc/pine.conf config file. zz_sendmail_fermi_gateway-2.0-1.noarch.rpm This rpm is designed to send outbound sendmail e-mail through the fermilab e-mail gateway(smtp.fnal.gov). zz_sshd_pam-3.9-3.noarch.rpm This changes the setting in sshd_config from "UsePAM = no" to "UsePAM = yes" When used with the new pam_krb5 (version 2.2.8-2) this allows your ssh deamon to do cryptocard prompting. zz_tcp_wrappers_change-3.0-3.noarch.rpm Disable all offsite access to common network services. Also puts in the "DOE required login banners". If it determines that you have already modified /etc/hosts.allow or host.deny it leaves them alone. zz_tex_tweaks-1.0-1.noarch.rpm Changes the default paper size to 8.5 x 11 vs A3 --------------------------------------------------------------------------- UPDATED compared to Scientific Linux 50 i386 ---------------------------------------------------------------------------- OpenSSH This is the openssh from S.L. 5.x with some patches and modifications. The client does kerberos with both fermi's old openssh(old gssapi), as well as generic new openssh's(new gssapi) The server only does the kerberos with the newer versions of openssh It does 'kerberos only' by default It does not do cryptocard. It is NOT installed by default. openssh-4.3p2-18.slf5.i386.rpm openssh-askpass-4.3p2-18.slf5.i386.rpm openssh-clients-4.3p2-18.slf5.i386.rpm openssh-server-4.3p2-18.slf5.i386.rpm ---------------------------------------------------------------------------- Installer modifications --------------------------------------------------------------------------- Anaconda (installer) Changes to "defaults" from vendor installer. Firewall is on by default. The zz_ntp_configure-4.2.0-6 rpm pokes a hole for inbound ntp. US/Central is default timezone. vendor default was New York. Kerberos is on by default with a realm of FNAL.GOV . vendor default was off. Default install is via http. If one wishes to use nfs then type nfs at the isolinux prompt. If one wishes to use ftp then type ftp at the isolinux prompt. Added support for "sites" --------------------------------------------------------------------------- /contrib/ --------------------------------------------------------------------------- The packages in this section have been contributed by various people. They are presented AS IS and there is no guarantee of them working. These packages are NOT supported by us. They will only get security updates if the contributor provides them. If you have questions about them then ask the contributor. To use with yum: For one time only (prefered method) yum --enablerepo=Fermi-contrib install To enable for all yum updates/install (including autoyum) edit the file /etc/yum.repos.d/fermi-contrib.repo and change the line enabled=0 to enabled=1 See README's in the RPMS/ directorys for specific package info. /sites/Fermi/contrib/RPMS/ --------------------------------------------------------------------------- KNOWN LIMITATIONS/BUGS --------------------------------------------------------------------------- This will only do an install. It will not do an upgrade The estimated time to install is not even close. The only workgroup is "Fermi Generic Desktop" We expect to have workgroup support in the next release. There is no cryptocard support --------------------------------------------------------------------------- MISC NOTES --------------------------------------------------------------------------- If you select "linux text" or you might want to type "linux text noipv6" because the install trys to do ipv6 and since there is no support at FNAL for ipv6 it takes a long time to timeout kickstart users might want to add the "noipv6" option to their ks.cfg file --------------------------------------------------------------------------- SUPPORT INFO --------------------------------------------------------------------------- Fermi site users should start with the "Fermi" specific support areas and use the Scientific Linux next. Scientific Linux Fermi web pages http://www.fnal.gov/cd/unix/linux Fermi Linux Community support mailing list linux-users@fnal.gov Which is archived at http://listserv.fnal.gov/archives/linux-users.html Scientific Linux web page http://www.scientificlinux.org ------------------------------------------------------------------------------ SECURITY ERRATA RELEASED AFTER SL5 was released ------------------------------------------------------------------------------ bind-9.3.3-9.0.1.el5.i386.rpm bind-chroot-9.3.3-9.0.1.el5.i386.rpm bind-devel-9.3.3-9.0.1.el5.i386.rpm bind-libbind-devel-9.3.3-9.0.1.el5.i386.rpm bind-libs-9.3.3-9.0.1.el5.i386.rpm bind-sdb-9.3.3-9.0.1.el5.i386.rpm bind-utils-9.3.3-9.0.1.el5.i386.rpm caching-nameserver-9.3.3-9.0.1.el5.i386.rpm cups-1.2.4-11.5.3.el5.i386.rpm cups-devel-1.2.4-11.5.3.el5.i386.rpm cups-libs-1.2.4-11.5.3.el5.i386.rpm cups-lpd-1.2.4-11.5.3.el5.i386.rpm gdm-2.16.0-31.0.1.sl.2.i386.rpm kdegraphics-3.5.4-2.el5.i386.rpm kdegraphics-devel-3.5.4-2.el5.i386.rpm poppler-0.5.4-4.1.el5.i386.rpm poppler-devel-0.5.4-4.1.el5.i386.rpm poppler-utils-0.5.4-4.1.el5.i386.rpm qt-3.3.6-21.el5.i386.rpm qt-config-3.3.6-21.el5.i386.rpm qt-designer-3.3.6-21.el5.i386.rpm qt-devel-3.3.6-21.el5.i386.rpm qt-devel-docs-3.3.6-21.el5.i386.rpm qt-MySQL-3.3.6-21.el5.i386.rpm qt-ODBC-3.3.6-21.el5.i386.rpm qt-PostgreSQL-3.3.6-21.el5.i386.rpm tetex-3.0-33.1.el5.i386.rpm tetex-afm-3.0-33.1.el5.i386.rpm tetex-doc-3.0-33.1.el5.i386.rpm tetex-dvips-3.0-33.1.el5.i386.rpm tetex-fonts-3.0-33.1.el5.i386.rpm tetex-latex-3.0-33.1.el5.i386.rpm tetex-xdvi-3.0-33.1.el5.i386.rpm firefox-1.5.0.12-3.el5.i386.rpm firefox-devel-1.5.0.12-3.el5.i386.rpm thunderbird-1.5.0.12-3.el5.i386.rpm devhelp-0.12-11.el5.i386.rpm devhelp-devel-0.12-11.el5.i386.rpm evolution-data-server-1.8.0-15.0.4.1.sl5.i386.rpm evolution-data-server-devel-1.8.0-15.0.4.1.sl5.i386.rpm fetchmail-6.3.6-1.0.1.el5.i386.rpm file-4.17-9.0.1.el5.i386.rpm firefox-1.5.0.12-1.el5.i386.rpm firefox-devel-1.5.0.12-1.el5.i386.rpm freeradius-1.1.3-1.2.el5.i386.rpm freeradius-mysql-1.1.3-1.2.el5.i386.rpm freeradius-postgresql-1.1.3-1.2.el5.i386.rpm freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm freetype-2.2.1-19.el5.i386.rpm freetype-demos-2.2.1-19.el5.i386.rpm freetype-devel-2.2.1-19.el5.i386.rpm gimp-2.2.13-2.el5.i386.rpm gimp-devel-2.2.13-2.el5.i386.rpm gimp-libs-2.2.13-2.el5.i386.rpm httpd-2.2.3-7.sl5.i386.rpm httpd-devel-2.2.3-7.sl5.i386.rpm httpd-manual-2.2.3-7.sl5.i386.rpm ipsec-tools-0.6.5-8.el5.i386.rpm iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm kdebase-3.5.4-13.6.el5.i386.rpm kdebase-devel-3.5.4-13.6.el5.i386.rpm kmod-gfs-0.1.16-5.2.6.18_8.1.8.el5.i686.rpm kmod-gfs-PAE-0.1.16-5.2.6.18_8.1.8.el5.i686.rpm kmod-gfs-xen-0.1.16-5.2.6.18_8.1.8.el5.i686.rpm kmod-gnbd-0.1.3-4.2.6.18_8.1.8.el5.i686.rpm kmod-gnbd-xen-0.1.3-4.2.6.18_8.1.8.el5.i686.rpm kmod-gnbd-PAE-0.1.3-4.2.6.18_8.1.8.el5.i686.rpm krb5-devel-1.5-26.i386.rpm krb5-libs-1.5-26.i386.rpm krb5-server-1.5-26.i386.rpm krb5-workstation-1.5-26.i386.rpm libexif-0.6.13-4.0.2.el5.i386.rpm libexif-devel-0.6.13-4.0.2.el5.i386.rpm libpng-1.2.10-7.0.2.i386.rpm libpng-devel-1.2.10-7.0.2.i386.rpm madwifi-0.9.3.1-11.sl5.i686.rpm mod_perl-2.0.2-6.3.el5.i386.rpm mod_perl-devel-2.0.2-6.3.el5.i386.rpm mod_ssl-2.2.3-7.sl5.i386.rpm mutt-1.4.2.2-3.0.2.el5.i386.rpm perl-Net-DNS-0.59-3.el5.i386.rpm php-5.1.6-12.el5.i386.rpm php-bcmath-5.1.6-12.el5.i386.rpm php-cli-5.1.6-12.el5.i386.rpm php-common-5.1.6-12.el5.i386.rpm php-dba-5.1.6-12.el5.i386.rpm php-devel-5.1.6-12.el5.i386.rpm php-gd-5.1.6-12.el5.i386.rpm php-imap-5.1.6-12.el5.i386.rpm php-ldap-5.1.6-12.el5.i386.rpm php-mbstring-5.1.6-12.el5.i386.rpm php-mysql-5.1.6-12.el5.i386.rpm php-ncurses-5.1.6-12.el5.i386.rpm php-odbc-5.1.6-12.el5.i386.rpm php-pdo-5.1.6-12.el5.i386.rpm php-pgsql-5.1.6-12.el5.i386.rpm php-snmp-5.1.6-12.el5.i386.rpm php-soap-5.1.6-12.el5.i386.rpm php-xml-5.1.6-12.el5.i386.rpm php-xmlrpc-5.1.6-12.el5.i386.rpm postgresql-8.1.9-1.el5.i386.rpm postgresql-contrib-8.1.9-1.el5.i386.rpm postgresql-devel-8.1.9-1.el5.i386.rpm postgresql-docs-8.1.9-1.el5.i386.rpm postgresql-libs-8.1.9-1.el5.i386.rpm postgresql-pl-8.1.9-1.el5.i386.rpm postgresql-python-8.1.9-1.el5.i386.rpm postgresql-server-8.1.9-1.el5.i386.rpm postgresql-tcl-8.1.9-1.el5.i386.rpm postgresql-test-8.1.9-1.el5.i386.rpm quagga-0.98.6-2.1.0.1.el5.i386.rpm quagga-contrib-0.98.6-2.1.0.1.el5.i386.rpm quagga-devel-0.98.6-2.1.0.1.el5.i386.rpm samba-3.0.23c-2.el5.2.0.2.i386.rpm samba-client-3.0.23c-2.el5.2.0.2.i386.rpm samba-common-3.0.23c-2.el5.2.0.2.i386.rpm samba-swat-3.0.23c-2.el5.2.0.2.i386.rpm SL_desktop_tweaks-5-7.noarch.rpm spamassassin-3.1.9-1.el5.i386.rpm squirrelmail-1.4.8-4.0.1.el5.noarch.rpm thunderbird-1.5.0.12-1.el5.i386.rpm vim-common-7.0.109-3.el5.3.i386.rpm vim-enhanced-7.0.109-3.el5.3.i386.rpm vim-minimal-7.0.109-3.el5.3.i386.rpm vim-X11-7.0.109-3.el5.3.i386.rpm vixie-cron-4.1-70.el5.i386.rpm xorg-x11-xfs-1.0.2-4.i386.rpm xorg-x11-xfs-utils-1.0.2-4.i386.rpm yelp-2.16.0-15.el5.i386.rpm