Monday, July 8, 2013

yum error

I just got the following error while trying to update the system:
# yum update
Loaded plugins: langpacks, refresh-packagekit
adobe-linux-x86_64                             |  951 B  00:00:00
fedora/19/x86_64/metalink                      |  25 kB  00:00:00
Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=fedora-19&arch=x86_64 error was
No repomd file
Error: File /var/cache/yum/x86_64/19/fedora/metalink.xml does not exist
As seen from the output, the problem is with some Fedora mirror. After googling for a solution and trying different fixes, none of which worked for me, I finally edited /etc/yum.repos.d/fedora.repo, commented out the line mirrorlist and uncommented baseurl line. After that, everything worked.

To conclude this post, the problem is with some mirror picked by yum.

Thursday, July 4, 2013

Replacing self-signed expired certificates using OpenSSL tool

I just realized that one of the certificates I use was expired and OpenVPN didn't want to connect to a server for that reason. So, it was time to generate new certificate/key pair. That's easy, using CA.pl script, part of openssl-perl package. Just do the following sequence of steps:
./CA.pl -newreq-nodes./CA.pl -sign
But the second command didn't work and I was getting the following error messsage:
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
Signed certificate is in newcert.pem
Quick search revealed that I'm trying to issue new certificate that has the same name as the existing one, even though the existing one was expired. There are multiple solutions to this, as documented in the comment of the blog post I found. But the real solution is to revoke expired certificate, and then to sign a new one (note that you don't have to generate another CSR):
ca -config openssl.cnf -revoke oldcert.crt -keyfile cakey.pem -cert cacert.pem
Note that the revocation doesn't mean you have to have OCSP or CSR. Now, old certificate is revoked and you can sign a new one.

Upgrading to Fedora 19

I just managed to install Fedora 19 and that was harder than it should be. Here are some remarks.

One thing to note. Every system is different and when I managed to fix something, it could be that I changed something else also, at first glance unrelated, to the problem itself. Yet, I don't have time to double check each fix I did. So, treat this as hints what could you do in case you have similar problems.

Failed attempt

First, I tried to uprade using FedUp tool. But that failed. Upgrade process requires certain amount of free space on root partition. Well, I have relatively small root partition and it is isolated from /home where there is a lot of space. For this reason I had to move FedUp working directories (/var/tmp/fedora-upgrade and /var/lib/fedora-upgrade) to home partition and create symlinks. After reboot into fedup, it briefly showed exception and then rebooted again into Fedora 18. The exception was:
[     0.421] (II) fedup.sysprep:remove_cache() removing /var/tmp/fedora-upgrade
[     0.424] (II) fedup:() Exception:
Traceback (most recent call last):
  File "/usr/bin/fedup-cli", line 181, in
    main(args)
  File "/usr/bin/fedup-cli", line 82, in main
    do_cleanup(args)
  File "/usr/lib/python2.7/site-packages/fedup/commandline.py", line 183, in do_cleanup
    remove_cache()
  File "/usr/lib/python2.7/site-packages/fedup/sysprep.py", line 195, in remove_cache
    rm_rf(d)
  File "/usr/lib/python2.7/site-packages/fedup/util.py", line 51, in rm_rf
    rm_f(d, rm=rmtree)
  File "/usr/lib/python2.7/site-packages/fedup/util.py", line 48, in rm_f
    log.warn("failed to remove %s: %s", f, str(e))
NameError: global name 'log' is not defined
At first, I thought that the problem was the inability to remove a directory, but then I realised that the problem is undefined log module/class! So, I opened file /usr/lib/python2.7/site-packages/fedup/util.py and replaced line 48 with a simple pass statement.

Reinstall

Then, I decided to reinstall Fedora from scratch. But, I didn't want to burn CD nor I wanted to go again through the network boot/install process again. So, I booted from USB stick. In essence, you need to download boot.iso file and using livecd-usb-to-disk tool write it on USB stick. Then, boot from this stick and off you go.

Luckily, installation process is much improved from Fedora 18.

Problems

During a boot process, I was dropped into a single user mode. Looking into logs (as suggested by the message just before the root password prompt) I found that dbus isn't working, i.e. there was the following message:
Cannot boot - no /var/lib/dbus directory. Created the directory and disabled SELinux.
It turned out that this directory, for some reason, wasn't created when dbus package was installed. So, I created that directory and disabled SELinux in /etc/sysconfig/selinux.

Next problem was that Firefox didn't want to start for some unknown reason. I have several different profiles and firefox would stuck at profile selection dialog box. But, this was something transient because after several tries it continued to work without any problems.

VMWare

First, I'm using VMWare Workstation 9.0.1. So, this text applies to that version. VMWare couldn't compile kernel modules, so I applied this patch. Simply unpack it to some temporary directory and run bash script. During the compilation process, there are a lot of warnings like this one:
/tmp/modconfig-ZB7ihE/vsock-only/linux/vsockPacket.h:113:4: note: in expansion of macro ‘ASSERT_ON_COMPILE’
    ASSERT_ON_COMPILE(sizeof (VSockPacket) == 56);
    ^
/tmp/modconfig-ZB7ihE/vsock-only/./shared/vmci_iocontrols.h: In function ‘VMCIVA64ToPtr’:
/tmp/modconfig-ZB7ihE/vsock-only/./shared/vm_assert.h:320:20: warning: typedef ‘AssertOnCompileFailed’ locally defined but not used [-Wunused-local-typedefs]
But, despite those warnings, modules compiled and I managed to start VMWare.

Then, I had a problem with entering serial key. When I pressed button Enter key... nothing happened. I entered it via a command line, like this:
/usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXXXXXXXXXXXXXXXXXXXXX
After that, everything seemed to work. By the way, here is a very good page I used to get VMWare working.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)