Roll back aborted dnf update, 2019 edition

I had to fix an aborted dnf update. My previous post on this topic

sudo dnf remove $( sudo dnf list installed --showduplicates $( sudo dnf list installed --showduplicates | sort | uniq -w35 -D | awk '/^[a-zA-Z]/{print $1}' | sort | uniq | grep -vE 'kernel|saned' ) | awk '$0 !~ /Packages/{split($1,b,".");if($2 > a[b[1]]){a[b[1]]=$2"."b[2]}} END {for (key in a) {print key"-"a[key]} }' )

Walkthrough of the commands

sudo dnf list installed --showduplicates | sort | uniq -w35 -D | awk '/^[a-zA-Z]/{print $1}' | sort | uniq | grep -vE 'kernel|saned'

Show all installed packages, and then show only the duplicates (up to the first 35 characters; having to take a guess here), and remove any saned and kernel packages. I don’t know why I had to exclude saned: Perhaps I wanted both x86_64 and i386 packages for saned.

sudo dnf list installed --showduplicates $ABOVEVALUES | awk '$0 !~ /Packages/{split($1,b,".");if($2 > a[b[1]]){a[b[1]]=$2"."b[2]}} END {for (key in a) {print key"-"a[key]} }'

So, list the output from the previous statement including duplicates, and then use awk to find the highest version number of each named package and store it to a buffer. Then display that whole buffer at the end. So this now shows only the exact name and version (NEVRA, partially) of what to remove.
So this whole process is here to roll back the partially-updated changes.

sudo dnf remove $ABOVEVALUES

And now remove those packages. This should reset, so that we can then perform a regular upgrade at some later point.

references

  1. awk array in END https://unix.stackexchange.com/questions/183279/how-to-view-all-the-content-in-an-awk-array/183280#183280
  2. Prior use of associative arrays in awk https://bgstack15.wordpress.com/2017/04/11/remove-only-certain-duplicate-lines-with-awk/
  3. prior use of dnf –showduplicates but that didn’t work this time https://bgstack15.wordpress.com/2018/04/03/fedora-remove-duplicate-packages-from-partially-completed-dnf-update/
  4. discussion on NEVRA https://slashterix.wordpress.com/2016/08/06/rpm-version-comparison/
Advertisements

Notes for Powershell credentials

Here are some dirty ways to store user credentials in powershell.

Get-Credential | Export-Clixml C:\path\to\output\file.xml

The same user, on the same machine, that generates that file can retrieve the contents with

$credential = Import-Clixml C:\path\to\output\file.xml

References

https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/
https://bgstack15.wordpress.com/2019/04/15/install-powershell-and-powercli-on-centos-7-linux/

Assigning permissions for Linux service account to add machines to AD

Create service account.

On the domain where the machines will be joined:
Open Active Directory Users and Computers. Enable Advanced Features on the “View” menu.

View the properties of the entire domain.

Select the Security tab, and select Advanced.

  • For this object and all descendant objects: Grant Create/Delete Computer objects
  • For descendant computer objects: Grant Reset password
  • For descendant computer objects: Read/write account restrictions
  • For descendant computer objects: Write all properties, Write all validated writes

Nfs export works but showmount -e does not

Symptom

An nfs client runs this command with no output.

showmount -e 10.10.15.55

But the mount itself actually works. What gives?

Resolution

You have to make sure all the ports are open on the server.

firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-port=2049/tcp
firewall-cmd --permanent --add-port=2049/udp
firewall-cmd --reload

That’s ports 111, 2049, and 20048 on both tcp and udp.

Ripped off from RPC: Port mapper failure – Unable to receive: errno 113 (No route to host) [unix.stackexchange.com]

Thoughts about yum repo server and defined repositories

The internal server used as a yum repository runs EL6, and it servers EL6 and EL7 (read: CentOS) yum repos. An admin tried installing mkisofs, which wanted to come by default from the c7-base repository. It also wanted to upgrade bash and glibc. Well, installing a post-usrmerge bash (CentOS 7+) on CentOS6 caused all sorts of havoc. I had to load a rescue iso, boot, and copy /usr/bin/bash and /usr/bin/sh to the correct locations. Then my system would actually boot again.

I was getting an interesting error:

init: Failed to spawn rcS pre-start process: unable to execute: No such file or directory
init: Failed to spawn rcS post-stop process: unable to execute: No such file or directory

Also, kernel options rghb and quiet are really annoying and I always disable them.

So, the moral of the story is: always be very careful running yum on a yum repo server. Double-check what repos your package will pull in.

Gedit then and now

This is a rant post, and not a how-to.

Gedit is a simple text editor for the GNOME stack. I remember reading somewhere about the old and new gedit interfaces. The GNOME team has this plan to reduce and hide functionality, and gedit shows some of the changes.
Gedit used to have a toolbar, and the regular titlebar and menus.
Gedit 2
But Gedit after GNOME has changed their thinking has hidden its functions.
Gedit 3
I don’t really use gedit, because my text editing is more console driven, or else I use scite.

Backtracking my activities for the references

Web search gedit then and now which led to
Slashdot comment #54946443 on article GNOME’s Text Editor gedit ‘No Longer Maintained’, Needs New Developers which quotes
Slashdot comment #48503821 on article Ask Slashdot: Non-Coders, Why Aren’t You Contributing To Open Source? which includes links to two images
Gedit_3.11.92.png [wikipedia.org]
Gedit2261.png [wikipedia.org]

reposync fails: “No more mirrors to try.”

Symptom

The following message occurs, when running a yum reposync.

# time /usr/bin/reposync --source --repoid=EL7 -m --download-metadata --download_path="/var/www/html/yum/EL/EL7_Mirror"
Repository hosting is listed more than once in the configuration
firefox-60.6.0-3.0.1.el7_6.src FAILED
firefox-60.6.0-3.0.1.el7_6.src: [Errno 256] No more mirrors to try.                            ]  0.0 B/s |    0 B  --:--:-- ETA<[pre>

This could occur during an ansible play.

TASK [sync preprod EL7 to prod] ******************************************************************************************************************
fatal: [yumserver01]: FAILED! => {"changed": true, "cmd": "/usr/bin/reposync --source --repoid=EL7 -m --download-metadata --download_path=\"/var/www/html/yum/EL/EL7_Mirror\"", "delta": "0:04:35.805969", "end": "2019-04-17 08:27:22.119744", "msg": "non-zero return code", "rc": 1, "start": "2019-04-17 08:22:46.313775", "stderr": "", "stderr_lines": [], "stdout": "Repository hosting is listed more than once in the configuration\n\rfirefox-60.6.1-1.0.1.el7_6.src FAILED                                          \n\r(1/34): firefox-60.6.0-3.0 0% [                 ]  0.0 B/s |    0 B   --:-- ETA \r\rfirefox-60.6.0-3.0.1.el7_6.src FAILED                                          \n\r(1/34): firefox-60.6.0-3.0 0% [                 ]  0.0 B/s |    0 B   --:-- ETA \r\r(1/34): freerdp-1.0.2-15.e 0% [                 ]  0.0 B/s | 2.5 MB   --:-- ETA \r\rfreerdp-1.0.2-15.el7_6.1.src.r FAILED                                          \n\r(1/34): freerdp-1.0.2-15.e 0% [                 ]  0.0 B/s | 2.5 MB   --:-- ETA \r\rfreerdp-1.0.2-15.el7_6.1.src.r FAILED                                          \n\r(1/34): freerdp-1.0.2-15.e 0% [                 ]  0.0 B/s | 2.5 MB   --:-- ETA \r\rfreerdp-1.0.2-15.el7_6.1.src.r FAILED                                          \n\r(1/34): freerdp-1.0.2-15.e 0% [                 ]  0.0 B/s | 2.5 MB   --:-- ETA \r\rfreerdp-1
.............................. TRUNCATED ..............................
 0.0 B/s | 2.5 MB   --:-- ETA ", "", "tzdata-java-2019a-1.el7.noarch FAILED                                          ", "", "(1/34): tzdata-java-2019a- 0% [                 ]  0.0 B/s | 2.5 MB   --:-- ETA ", "libwsman1-2.6.3-6.git4391e5c.el7_6.i686: [Errno 256] No more mirrors to try.", "openwsman-client-2.6.3-6.git4391e5c.el7_6.i686: [Errno 256] No more mirrors to try.", "tuned-utils-2.10.0-6.0.1.el7_6.3.noarch: [Errno 256] No more mirrors to try.", "openwsman-server-2.6.3-6.git4391e5c.el7_6.x86_64: [Errno 256] No more mirrors to try.", "sbd-1.3.1-8.2.el7_6.1.x86_64: [Errno 256] No more mirrors to try.", "libwsman1-2.6.3-6.git4391e5c.el7_6.x86_64: [Errno 256] No more mirrors to try.", "sbd-1.3.1-8.2.el7_6.1.src: [Errno 256] No more mirrors to try.", "freerdp-1.0.2-15.el7_6.1.x86_64: [Errno 256] No more mirrors to try.", "freerdp-plugins-1.0.2-15.el7_6.1.x86_64: [Errno 256] No more mirrors to try.", "openwsman-client-2.6.3-6.git4391e5c.el7_6.x86_64: [Errno 256] No more mirrors to try.", "ocfs2-tools-1.8.6-11.el7.x86_64: [Errno 256] No more mirrors to try.", "python-2.7.5-77.0.1.el7_6.src: [Errno 256] No more mirrors to try.", "tuned-2.10.0-6.0.1.el7_6.3.noarch: [Errno 256] No more mirrors to try.", "firefox-60.6.0-3.0.1.el7_6.src: [Errno 256] No more mirrors to try.", "freerdp-libs-1.0.2-15.el7_6.1.i686: [Errno 256] No more mirrors to try.", "freerdp-1.0.2-15.el7_6.1.src: [Errno 256] No more mirrors to try.", "freerdp-libs-1.0.2-15.el7_6.1.x86_64: [Errno 256] No more mirrors to try.", "ghostscript-9.07-31.el7_6.10.i686: [Errno 256] No more mirrors to try.", "ocfs2-tools-1.8.6-11.el7.src: [Errno 256] No more mirrors to try.", "tzdata-java-2019a-1.el7.noarch: [Errno 256] No more mirrors to try.", "ghostscript-9.07-31.el7_6.10.x86_64: [Errno 256] No more mirrors to try.", "openwsman-2.6.3-6.git4391e5c.el7_6.src: [Errno 256] No more mirrors to try.", "tuned-profiles-cpu-partitioning-2.10.0-6.0.1.el7_6.3.noarch: [Errno 256] No more mirrors to try.", "firefox-60.6.1-1.0.1.el7_6.src: [Errno 256] No more mirrors to try.", "thunderbird-60.6.1-1.0.1.el7_6.src: [Errno 256] No more mirrors to try.", "openwsman-server-2.6.3-6.git4391e5c.el7_6.i686: [Errno 256] No more mirrors to try.", "libssh2-1.4.3-12.el7_6.2.src: [Errno 256] No more mirrors to try.", "pcs-0.9.165-6.0.3.el7_6.1.x86_64: [Errno 256] No more mirrors to try.", "openwsman-python-2.6.3-6.git4391e5c.el7_6.x86_64: [Errno 256] No more mirrors to try.", "pcs-0.9.165-6.0.3.el7_6.1.src: [Errno 256] No more mirrors to try.", "tuned-2.10.0-6.0.1.el7_6.3.src: [Errno 256] No more mirrors to try.", "tzdata-2019a-1.el7.src: [Errno 256] No more mirrors to try.", "ghostscript-9.07-31.el7_6.10.src: [Errno 256] No more mirrors to try."]}
        to retry, use: --limit @/etc/ansible/retries/reposync-prod.retry
PLAY RECAP **********************************************************************************************************************************************
yumserver01               : ok=1    changed=0    unreachable=0    failed=1

Possible causes

The original rpm files could be malformed, so even though the reposync client is successfully downloading whatever the server provided, the rpm does not match the checksum in the yum metadata files.

Fix #1

  1. Run the command manually to learn the whole list. Save it down to a file.
    # time /usr/bin/reposync --source --repoid=EL7 -m --download-metadata --download_path="/var/www/html/yum/EL/EL7_Mirror"
    Repository hosting is listed more than once in the configuration
    firefox-60.6.0-3.0.1.el7_6.src FAILED
    firefox-60.6.0-3.0.1.el7_6.src: [Errno 256] No more mirrors to try.                            ]  0.0 B/s |    0 B  --:--:-- ETA

    The file used in the documented example consisted of about 30 packages.
    file: bad.in

    firefox-60.6.0-3.0.1.el7_6.src
    firefox-60.6.1-1.0.1.el7_6.src
    freerdp-1.0.2-15.el7_6.1.src
    freerdp-1.0.2-15.el7_6.1.x86_64
    freerdp-libs-1.0.2-15.el7_6.1.i686
    freerdp-libs-1.0.2-15.el7_6.1.x86_64
    freerdp-plugins-1.0.2-15.el7_6.1.x86_64
    ghostscript-9.07-31.el7_6.10.i686
    ghostscript-9.07-31.el7_6.10.src
  2. On the reposync client delete or move to a temp directory the failed files. You could use a shell script similar to the following.
    #!/bin/sh
    INFILE=/root/bad.in
    INDIR=/var/www/html/yum/EL/EL7_Mirror/EL7
    OUTDIR=/root/orig/
    mkdir -p "${OUTDIR}"
    find $(
    for word in $( cat "${INFILE}" ) ;
    do
       find "${INDIR}" -name "${word}*rpm"
    done
    ) -print -exec mv {} "${OUTDIR}" \;
    
  3. On the repo server, manually download the files. You could modify the input file to have the upstream URLs.
    bad.in.url

    http://upstream.example.com/repo/EL/EL7/latest/x86_64/getPackage/tuned-utils-2.10.0-6.0.1.el7_6.3.noarch.rpm
    http://upstream.example.com/repo/EL/EL7/latest/x86_64/getPackage/tzdata-java-2019a-1.el7.noarch.rpm
    http://upstream.example.com/repo/EL/EL7/latest/x86_64/getPackageSource/firefox-60.6.0-3.0.1.el7_6.src.rpm
    http://upstream.example.com/repo/EL/EL7/latest/x86_64/getPackageSource/firefox-60.6.1-1.0.1.el7_6.src.rpm
    http://upstream.example.com/repo/EL/EL7/latest/x86_64/getPackageSource/freerdp-1.0.2-15.el7_6.1.src.rpm
    .... TRUNCATED .....                                                                                                                                                     
    

    You could use a shell script similar to the following.

    #!/bin/sh
    INFILE=/root/bad.in.url
    INDIR=/var/www/html/yum/EL/EL7_Mirror/EL7/getPackage/
    INDIRSRC=/var/www/html/yum/EL/EL7_Mirror/EL7/getPackageSource/
     
    for word in $( cat "${INFILE}" ) ;
    do
       if echo "${word}" | grep -q getPackageSource ;
       then
          cd "${INDIRSRC}"
       else
          cd "${INDIR}"
       fi
       #echo "$( pwd ) --> ${word}"
       wget "${word}"
    done
  4. Rerun the reposync manually and make sure it works.

yum: curl error #63: callback aborted

Symptom

The following message occurs.

http://yum01.ad.example.com/yum/mirror/kernel/getPackage/kernel-doc-4.0.5-124.16.4.el7.noarch.rpm: [Errno 14] curl#63 - "Callback aborted"
Trying other mirror.
 
 
Error downloading packages:
  kernel-doc-4.1.12-124.16.4.el7.noarch: [Errno 256] No more mirrors to try.

Possible causes

When yum fails to download a file due to “curl error #63: Callback aborted,” that means that reposync downloaded the rpm file incorrectly. It doesn’t match the expected checksum in the metadata file.

Fix #1

  1. On the mirror server (probably yum01), delete the offending files and download them manually from upstream.
    #!/bin/sh
    urldir=http://yum.upstream.example.com/repo/EL7/Mirror/x86_64/getPackage/
    outdir=/var/www/html/yum/repo/EL7_Mirror/Mirror/getPackage
    cd "${outdir}"
    
    for word in kernel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-debug-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-debug-devel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-devel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-doc-4.0.5-124.16.4.el7.noarch.rpm 
    kernel-firmware-4.0.5-124.16.4.el7.noarch.rpm;
    do
       /bin/rm -f "${word}"
       wget "${urldir}${word}"
    done
  2. On the squid proxy server (probably proxy01), purge the cached files.
    #!/bin/sh
    # reference:
    #time squidclient -h localhost -r -p 3128 -m PURGE http://yum01.ad.example.com/yum/Mirror/EL7/getPackage/kernel-4.0.5-124.16.4.el7.x86_64.rpm
    
    urldir=http://yum.upstream.example.com/repo/EL7/Mirror/x86_64/getPackage/
    outdir=/var/www/html/yum/repo/EL7_Mirror/Mirror/getPackage
    
    for word in kernel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-debug-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-debug-devel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-devel-4.0.5-124.16.4.el7.x86_64.rpm 
    kernel-doc-4.0.5-124.16.4.el7.noarch.rpm 
    kernel-firmware-4.0.5-124.16.4.el7.noarch.rpm;
    do
       squidclient -h localhost -r -p 3128 -m PURGE "${urldir}${word}"
    done

Play Beyond the Titanic on GNU/Linux

The story

Ship iconOne game I played in the past was Beyond the Titanic. It was a shareware game for MS-DOS, in the genre of text adventure (now known as interactive fiction).
In 2009 its source code was released under the GPL (reference 2). An enterprising individual (not this author) modified it and made it possible to build with the Free Pascal Compiler (probably known as fpc in your distro packages).
The game has an interesting quirk in that it really, really depends on having a terminal with size 80×24 and not anything else.
And of course, my Fedora COPR was having trouble building the package, but I promise you the rpm spec works on Fedora 28 (reference 4) and the dpkg spec works on Devuan 2.0 beowulf/ceres.
Although you could of course just run the BEYOND.COM version in Dosbox. I did observe the savegame files are not compatible between builds. Loading the fpc-version savegames into the DOS version of the game caused some funny and tragic endings where the monster killed me while I was standing on the deck of the Titanic.
Happy typing!

Credits

The icon I used for my project is linkware, so by linking to the author’s requested page at https://malagatravelguide.net/, I can use the icon.

References

Weblinks

  1. gitlab: beyond-the-titanic/History/History.txt
  2. Original release of source ftp://ftp.3drealms.com/freeware/tit_free.zip
  3. Gamespot walkthrough for Beyond the Titanic
  4. rpm and dpkg specs on my gitlab

run “pip install” behind proxy

Even when you trust the MITM proxy devices’ self-signed certificates, pip can still fail.

# cat ~/.config/pip/pip.conf
[global]
cert = /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

Even with telling the server names to be explicitly trusted.

# pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org google-auth
Collecting google-auth
  HTTP error 403 while getting https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl#sha256=20705f6803fd2c4d1cc2dcb0df09d4dfcb9a7d51fd59e94a3a28231fd93119ed (from https://pypi.org/simple/google-auth/)
  Could not install requirement google-auth from https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl#sha256=20705f6803fd2c4d1cc2dcb0df09d4dfcb9a7d51fd59e94a3a28231fd93119ed because of error 403 Client Error: Forbidden for url: https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl
Could not install requirement google-auth from https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl#sha256=20705f6803fd2c4d1cc2dcb0df09d4dfcb9a7d51fd59e94a3a28231fd93119ed because of HTTP error 403 Client Error: Forbidden for url: https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl for URL https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl#sha256=20705f6803fd2c4d1cc2dcb0df09d4dfcb9a7d51fd59e94a3a28231fd93119ed (from https://pypi.org/simple/google-auth/)

Solution

I had to use a squid proxy to make it happen.

# export https_proxy=http://10.123.456.5:3128
# pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org google-auth
Collecting google-auth
  Downloading https://files.pythonhosted.org/packages/c5/9b/ed0516cc1f7609fb0217e3057ff4f0f9f3e3ce79a369c6af4a6c5ca25664/google_auth-1.6.3-py2.py3-none-any.whl (73kB)
    100% |████████████████████████████████| 81kB 3.0MB/s
Collecting pyasn1-modules>=0.2.1 (from google-auth)
  Downloading https://files.pythonhosted.org/packages/da/98/8ddd9fa4d84065926832bcf2255a2b69f1d03330aa4d1c49cc7317ac888e/pyasn1_modules-0.2.4-py2.py3-none-any.whl (66kB)
    100% |████████████████████████████████| 71kB 5.4MB/s
Collecting cachetools>=2.0.0 (from google-auth)
  Downloading https://files.pythonhosted.org/packages/39/2b/d87fc2369242bd743883232c463f28205902b8579cb68dcf5b11eee1652f/cachetools-3.1.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): six>=1.9.0 in /usr/lib/python2.7/site-packages (from google-auth)
Collecting rsa>=3.1.4 (from google-auth)
  Downloading https://files.pythonhosted.org/packages/02/e5/38518af393f7c214357079ce67a317307936896e961e35450b70fad2a9cf/rsa-4.0-py2.py3-none-any.whl
Collecting pyasn1<0.5.0,>=0.4.1 (from pyasn1-modules>=0.2.1->google-auth)
  Downloading https://files.pythonhosted.org/packages/7b/7c/c9386b82a25115cccf1903441bba3cbadcfae7b678a20167347fa8ded34c/pyasn1-0.4.5-py2.py3-none-any.whl (73kB)
    100% |████████████████████████████████| 81kB 37.5MB/s
Installing collected packages: pyasn1, pyasn1-modules, cachetools, rsa, google-auth
  Found existing installation: pyasn1 0.1.9
    Uninstalling pyasn1-0.1.9:
      Successfully uninstalled pyasn1-0.1.9
  Found existing installation: pyasn1-modules 0.0.8
    Uninstalling pyasn1-modules-0.0.8:
      Successfully uninstalled pyasn1-modules-0.0.8
Successfully installed cachetools-3.1.0 google-auth-1.6.3 pyasn1-0.4.5 pyasn1-modules-0.2.4 rsa-4.0