linuxsysconfig

As it turned out firefox 20 available from the Remi repository doesn’t install on earlier releases of RHEL6 (such as RHEL6.3), it is only compatible with RHEL 6.4 as its dependency xulrunner-last was compiled against newer versions of zlib and libjpeg-turbo. If you have an active RHEL 6.subscription you have to update zlib and install libjpeg-turbo (which obsoletes libjpeg) and then firefox 20 will install fine.

If you don’t have an active subscription (i.e. RHN access) you can still get the RPMs. You can either download the updated versions of the 2 RPMs from one of the CentOS 6 repository mirrors, or you can download the source RPMs (src.rpm) from Red Hat and rebuild them. Note that this is not the recommended way of updating a production system, this is just to show there are alternatives to the official way of getting RHEL updates. Basically CentOS, Scientific Linux and other RHEL clones are doing the same thing: rebuild source RPMs.

I used a RHEL 6.3 minimal installation for this tutorial, my goal was to recompile more recent versions of zlib and libjpeg-turbo to allow the installation of firefox 20, here’s what I did:

 

1. install the required tools to build RPMs

Since I already had a local RHEL 6.3 repository configured, I could easily install everything with yum:

yum groupinstall "Development tools"
yum install rpm-build rpmdevtools
yum install nasm

Note: The last command was needed to install a dependency required for building libjpeg-turbo.

 

2. create the rpmbuild directory structure

rpmdev-setuptree

This will create a folder structure in the user’s home directory (it is advised to build RPMs as a non-root user):

ls ~/rpmbuild
BUILD BUILDROOT RPMS SOURCES SPECS SRPMS

 

3. download the source RPMs

wget ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/zlib-1.2.3-29.el6.src.rpm
wget ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/libjpeg-turbo-1.2.1-1.el6.src.rpm

 

4. rebuild the source RPMs

rpmbuild --rebuild zlib-1.2.3-29.el6.src.rpm
rpmbuild --rebuild libjpeg-turbo-1.2.1-1.el6.src.rpm

 

5. install the newly built RPMs

That’s it, the packages were successfully recompiled, so the new RPMs should be available under ~/rpmbuild/RPMS/x86_64.

yum localupdate ~/rpmbuild/RPMS/x86_64/zlib-1.2.3-29.el6.x86_64.rpm
yum localinstall ~/rpmbuild/RPMS/x86_64/libjpeg-turbo-1.2.1-1.el6.x86_64.rpm

 

After installing the 2 new packages I was able to install firefox 20 without issues.

 

Notes:

• again, this is not the recommended way to update your system. If you want a Red Hat-compatible OS, choose one of its clones (CentOS, Scientific Linux, Oracle Linux)
• in theory, you can use this approach and rebuild all updates published by Red Hat, however that is not always easy. Some source RPMs don’t include a spec file, others need extra dependencies for the build process which are not explicitly defined in the spec file, you can read some of the issues faced by the team behind Scientific Linux
• all source RPMs published by Red Hat for RHEL6 are available here

 

Hope this helps. Cheers.

Remote logging is a feature supported by rsyslog, the default syslog daemon in RHEL6 / CentOS 6. Having the local log files stored on a remote system is good practice, as it protects the logs integrity in case of a local attack.

With the default rsyslog RHEL6 configuration it is really easy to enable remote logging, most configuration options are already in place, they just need to be uncommented. Here’s how I did it with 2 hosts:

• the client hostname is rhel6 (192.168.0.101) running RHEL 6.3 –> this host will be configured to send the logs remotely to the server
• the server hostname is centos6 (192.168.0.105) running CentOS 6.4 –> this host will be configured to receive the logs from the client

 

Client configuration

Open up /etc/rsyslog.conf with your preferred text editor and scroll to the bottom section starting with “begin forwarding rule”. You will see something similar to this:

#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514

While it is enough to uncomment and configure the last line to define the remote IP address, it is recommended to uncomment all statements to enable additional features:

$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 2g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
*.* @@192.168.0.105:514

These features are particularly useful when the remote host is not reachable. By enabling them, rsyslog will create a spool queue on the local system (in /var/lib/rsyslog) and will keep trying to access the remote host until it becomes responsive, at which point it will send out the entire queue. You can alter the configuration above to choose a different path or the maximum disk space to use.

After modifying the file, save it and restart the daemon:

/sbin/service rsyslog restart

 

Server configuration

Again, open /etc/rsyslog.conf on the receiving host and search for these lines:

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

To enable listening to remote hosts, simply uncomment the 2 lines. I also recommend specifying a separate log file for the client host as it is easier to maintain and troubleshoot.

$ModLoad imtcp
$InputTCPServerRun 514
:FROMHOST-IP, isequal, "192.168.0.101" /var/log/rhel6.log
& ~

The above lines will configure the host to listen for remote logs coming in through port 514 TCP. In addition, all remote logs coming from 192.168.0.101 (which is the client rhel6) will be stored in a separate file (the default is to store all logs, both local and remote, to /var/log/messages).

After modifying the configuration file, save it and restart the daemon as shown above. If there’s a firewall configured on the remote server, modify it to allow incoming TCP connections on port 514 e.g.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT

That’s it, hope it helps. Cheers.

 

If you want to distribute RPMs to multiple machines that use yum (e.g. Red Hat / CentOS, Fedora) it is easier to create your own yum repository and populate it with packages. You can include any rpm you want provided that the package license allows distribution (I initially wanted to include jre in this guide, but I wasn’t sure whether Oracle allowed its (re)distribution so I chose LibreOffice instead).

This guide shows how to create a custom yum repo on CentOS 6, but it should work fairly similar on other yum based Linux distros. As said above I only included the LibreOffice suite which consists of 51 packages, I’ll call this repo office and its root folder will be /opt/office. Most operations will be performed as linuxsysconfig which is a user account defined with sudo privileges.

 

Create the repo path

 

sudo mkdir -p -m 775 /opt/office
sudo chown -R linuxsysconfig /opt/office

 

Add packages

 

Assuming you downloaded the LibreOffice tarball in ~/Downloads:

cd ~/Downloads
tar zxvf LibreOffice_4.0.2_Linux_x86-64_rpm.tar.gz
find ./LibreOffice_4.0.2.2_Linux_x86-64_rpm/ -maxdepth 2 -name "*.rpm" -exec cp {} /opt/office \;
rm -f LibreOffice_4.0.2_Linux_x86-64_rpm.tar.gz

At this point all required RPMs are copied to the root path. Now the repository is almost ready, but first there’s one more important step:

 

GPG-sign the RPMs

 

• create ~/.gnupg if it doesn’t exist (my CentOS 6.4 installation doesn’t automatically create this folder for all users)

[[ -d ~/.gnupg ]] || mkdir -p -m 700 ~/.gnupg

 

• start the gpg-agent daemon which is needed by gpg2 (RHEL6 no longer supports gpg1)

gpg-agent --daemon --use-standard-socket --pinentry-program /usr/bin/pinentry-curses

Note: you can replace pinentry-curses with pinentry-gtk if you prefer GUIs but that will require pinentry-gtk to be installed.

 

• generate a GPG key (you can use the defaults, select a name and an email address)

gpg --gen-key

 

• [optional] confirm the GPG key was created successfully

gpg --list-keys

That should return the key details e.g.

pub   2048R/519BAE20 2013-04-25
uid                  linuxsysconfig <contact@localhost>
sub   2048R/103A8066 2013-04-25

 

• export the key

gpg --export -a linuxsysconfig > RPM-GPG-KEY-linuxsysconfig

 

• copy the key to the default path

sudo cp RPM-GPG-KEY-linuxsysconfig /etc/pki/rpm-gpg/

 

• import the key into the RPM database

sudo rpm --import RPM-GPG-KEY-linuxsysconfig

 

• [optional] confirm the key was successfully imported

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

This should return your key details alongside with other  keys e.g.:

gpg-pubkey-c105b9de-4e0fd3a3    gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
gpg-pubkey-00f97f56-467e318a    gpg(Remi Collet <RPMS@FamilleCollet.com>)
gpg-pubkey-0608b895-4bd22942    gpg(EPEL (6) <epel@fedoraproject.org>)
gpg-pubkey-6b8d79e6-3f49313d    gpg(Dag Wieers (Dag Apt Repository v1.0) <dag@wieers.com>)
gpg-pubkey-41a40948-4ce19266    gpg(PUIAS Linux Distribution (RPM Integrity Signature) <puias@math.princeton.edu>)
gpg-pubkey-519bae20-517946ed    gpg(linuxsysconfig <contact@localhost>)

 

Add the GPG signing details to your rpm environment

echo "%_signature gpg" > ~/.rpmmacros
echo "%_gpg_name linuxsysconfig" >> ~/.rpmmacros

 Now the user linuxsysconfig is configured to sign RPMs with the GPG key

cd /opt/office
rpm --resign *.rpm

If everything goes well (and it should) all packages will be successfully signed. You can confirm that with randomly querying the packages or do a block query to return the singature line for each:

rpm -qpi *.rpm | awk '/Signature/'

 

Finally create the repository

 

• generate repository configuration

sudo yum install createrepo
cd /opt/office
createrepo .

 

Local repo

cat /etc/yum.repos.d/office.repo

[office]
name=Libre Office repository
baseurl=file:///opt/office/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-linuxsysconfig
enabled=1

 

FTP repo

 

• copy /opt/office to the FTP path (e.g. /var/ftp/)
• copy the RPM GPG key from /etc/pki/rpm-gpg/RPM-GPG-KEY-linuxsysconfig to the remote FTP path (e.g. /var/ftp/office)
• create the repository file (e.g. office-ftp.repo)

cat /etc/yum.repos.d/office-ftp.repo

[office-ftp]
name=Libre Office FTP repository
baseurl=ftp://192.168.0.100/office/
gpgcheck=1
gpgkey=ftp://192.168.0.100/office/RPM-GPG-KEY-linuxsysconfig
enabled=1

Running sudo yum repolist should return the 2 new repositories. You can modify them at your will (to add or delete packages), but remember to re-run the createrepo command to save the changes.

As of today the Steam client for Linux is only offered in 32-bit format. It can be easily installed on 64-bit distributions such as Fedora 18 by the help of the 32-bit dependencies which are available in the OS package repositories, but to fully support Steam on 64-bit Linux you also need to configure the 32-bit version of the Adobe flash plugin which is used by Steam to display flash content within the application.

I’ve found several online guides to manually download the 32-bit version of flash and sym-link it to the firefox plugin folder (which is read by Steam apparently), but I prefer the yum way which is more elegant and it has one important feature: it takes care of (security) updates automatically.

Here’s how to setup the 32-bit Adobe flash plugin on Fedora 18 64-bit:

 

Install the 32-bit Adobe repository

sudo yum install linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm

 

Install the 32-bit flash plugin

sudo yum install flash-plugin.i386

 

Create a symbolic link in the Steam user path:

mkdir -p ~/.local/share/Steam/ubuntu12_32/plugins/
ln -s /usr/lib/flash-plugin/libflashplayer.so ~/.local/share/Steam/ubuntu12_32/plugins/

That’s it. Steam will now always load and use the latest version of the 32-bit flash plugin provided that you update the OS.

Note that having both the 32-bit and the 64-bit packages installed won’t create any conflicts, there are files shared by both variants (such as the icons) but they can easily co-exist on the same machine as long as both rpm packages have the same version number. As of now I have these packages installed:

$ rpm -qa | egrep 'flash-plugin|adobe'
flash-plugin-11.2.202.280-release.x86_64
flash-plugin-11.2.202.280-release.i386
adobe-release-i386-1.0-1.noarch
adobe-release-x86_64-1.0-1.noarch

via slaanesh.fedorapeople.org