CentOS 6.0 is out

Posted by: mstauber Category: Development

CentOS 6.0 is finally out. A closer look at things and a status update on the BlueOnyx 5107R development.

Last Friday I noticed that the CentOS developer team had indeed finally started syncing their internal mirror to the external mirrors, populating it with the CentOS 6.0 release. Sometime last Saturday a helpful soul pointed me to one of the CentOS mirrors which already had been updated with the ISO images. From there I downloaded the 32bit DVD of CentOS 6.0. The download speed was a cheesy 200kb/sec, so it took a while.

In the meantime I checked out the YUM repositories and compared the version numbers of the released RPMs with those of the Scientific Linux 6 YUM repositories. I really hated what I saw, because it is obvious that the CentOS developer team had chosen to release a debranded carbon copy of RHEL6 as it was at the time of the initial release seven months ago.

This leaves us with a CentOS 6.0 which has seven months of missing security updates and a whole set of fully documented security issues.

Just one example how much behind the CentOS6 release is compared to another RHEL6 clone (namely Scientific Linux 6):

Bind (CentOS6):          bind-9.7.0-5.P2.el6_0.1.i686.rpm
Bind (SL6):              bind-9.7.3-2.el6_1.P1.1.i686


The version of Bind that CentOS6 ships with, is from May 2010 and is 11 releases behind the Bind that Scientific Linux 6 ships with. The CentOS6 version is also vulnerable to CVE-2011-1910 and CVE-2011-0414, which are of course fixed in SL6 <sigh>.

Oh, don't get me wrong: I'm happy that CentOS 6.0 is finally there and I'm sure that the CentOS developers will catch up on the missing security patches in due course. However, as security minded as I am, I think it would be unwise, stupid and foolhardy (if not entirely nuts!) to directly jump onto CentOS 6.0 and to put it into production somewhere. It is simply not yet ready for that.

Well, Scientific Linux 6.0 is ready in all regards. So that will be what BlueOnyx will use for the first Beta ISO of BlueOnyx 5107R, which I am currently working on.

Lately I finished wrapping up the last couple of loose ends and the "to do list" that needs to be worked out for a tentative release of the next BlueOnyx got shortened by a few items:

  • CMU: done
  • shell-tools: done
  • base-phpsysinfo.mod: done
  • Java/Tomcat: more or less done
  • PAM_ABL integration: done

With these things out of the way we could basically try to roll up an ISO and see what other issues away us during the or after installation and during first beta-tests. There sure will be a couple of follow up issues, but that's why we do beta-testing: To find and to fix those.

So right now I'm struggling with the build procedure for rolling up ISO images. The method that we used so far is based on a set of makefiles and scripts which Brian N. Smith once developed for building BlueQuartz ISO images. I developed the method a bit further to increase the level of automation a bit further (adding procedures for signing and releasing the ISO's). But still: Fundamentally the method is rather work intensive, as one has to manually go through the list of RPMs and has to manually replace any outdated RPMs with newer version. If new dependencies arise and extra RPMs need to be added which weren't present before, then the comps.xml file also needs to be edited by hand.

All in all it's a procedure that works, but the amount of manually required work is quite intensive and tedious.

So with SL6 I'm now trying my hands on "revisor". This has allowed me to create a 400MB "minimal" install ISO with just the bare metal OS on it. From there I'm looking at adding all the RPMs that BlueOnyx needs in order to run. I'm still trying to figure out some of the more advanced options of revisor to see if I can get it to do what I need it to do:

Building a BlueOnyx-5107R-SL-6.0.iso with a kickstart as we want it, which directly installs all the required OS related and BlueOnyx related RPMs and which then allows us to boot into BlueOnyx-5107R the way it used to be on BlueOnyx-5106R.

All in all revisor looks quite promising and I think it may be possible to get it to do what I want. If that's the case, buidling new and updated ISO's every now and then will be made much, much easier.

Update:

Yes! I just fell in love with revisor. CD-building made easy! OK, I played with it before on CentOS5 and FC12/FC13, but never could really get it to work - or to do what I wanted it to do. But on SL6 it just flies - more or less - out of the box.

I had to fiddle a bit with the YUM repositories. The 5107R YUM repository now has a group called "BlueOnyx", so that you can do a "yum groupinstall BlueOnyx", which will install everything and the kitchen sink. Additionally I had to create a local YUM repository on the build box that contains the "blueonyx-cd-installer" RPM, because that shound never, never be available via YUM, as we do not want this to be reinstalled during its frequent updates.

After editing the revisor configs and one kickstart script building fully updated CDs is just a one liner. Sure, it takes a while to finish, as it pulls all the package information and tries to satisfy dependencies. But it's pretty much smooth sailin' from there on.

I could even set up a cronjob now that creates daily rebuilds of the CDs if needed, but that won't really be necessary. :o)


Return
General
Jul 12, 2011 Category: Development Posted by: mstauber