| gabriel rosenkoetter on Mon, 15 Apr 2002 18:58:00 -0400 |
|
Fair warning: the last time I dealt with RedHat systems (RH 6.2)
problems similar to those I'm having now pissed me off so extremely
that I swore I'd never use RH again. But now it's the mandate at my
workplace, so there's not a whole lot I can do about it. (So, "just
use Debian and apt!" is not an answer I need to hear, because I'm
already saying that without effect.)
I was handed a machine on which I was assured that RedHat's up2date
had already been run (I cannot re-run up2date, as I don't have
access to the account with RH which is used to update it; long
story... in the long run, this machine will use up2date, but it's
not right now).
One of the first things I do when I'm responsible for a new machine
is make sure that security-scary things are up to date. Since
OpenSSH has been having root holes about every two weeks lately,
it's high on the list:
# ssh -V
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
Whoops, that's no good. Hey, I thought they said this machine was
updated...
# rpm -qa | grep openssh
openssh-askpass-gnome-2.9p2-12
openssh-clients-2.9p2-12
openssh-2.9p2-12
openssh-server-2.9p2-12
openssh-askpass-2.9p2-12
Curious. Well, how 'bout we find upgrades for those:
# rpmfind --upgrade openssh
Resource openssh : no need to upgrade
Hrm. Weird. You sure?
# rpmfind -v -v --upgrade openssh
Host : foo.bar.dom, Country: 840, Zones 0 0 0, Continent 1
Arch : i386, Os : Linux
Default distribution : Red Hat, Inc.(Red Hat Linux)
owning 1099 of 1105 installed packages
findResource openssh
Resource openssh is provided by: openssh-2.9p2-7
lookupRemoteResource openssh
Get http://speakeasy.rpmfind.net//resources/openssh.rdf
Fetching : http://speakeasy.rpmfind.net//resources/openssh.rdf to /root/.rpmfinddir/fetch9383
HTTPRequest returned : -1
Failed !
Get rpmfind.net/resources/openssh.rdf
Fetching : rpmfind.net/resources/openssh.rdf to /root/.rpmfinddir/fetch886
Failed !
Error fetching openssh metadata
Resource openssh : no need to upgrade
Oh, I see you're just hiding error messages from me. That's just
swell. But what does this mean? That I need to upgrade rpmfind? As
near as I can tell from rpmfind's web interface, rpmfind-1.7-2 is
the current version. So which version am I running? Well, there's
some dispute about that:
# rpm -q rpmfind
rpmfind-1.7-2
# rpmfind --version
rpmfind: unknown option --version
rpmfind 1.6 : RPM packages search engine
[...]
Huh?
In any case, I can grab the openssh packages one by one, rpm -e the
old packages, then rpm -i the new ones, only but that doesn't
actually work:
# rpm -i ftp://speakeasy.rpmfind.net/linux/redhat/updates/7.2/en/os/i386/openssh-server-3.1p1-2.i386.rpm
error: unpacking of archive failed on file
/usr/libexec/openssh/sftp-server;3cbc105e: cpio: read
[root@mta1 root]# which sshd
/usr/bin/which: no sshd in (/usr/kerberos/sbin:/usr/kerberos/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin)
ARGH!
What the hell am I supposed to do now? (Or, what the hell should I
have done before?)
I'm throwing up my hands and just installing OpenSSH in the sane way
I know will work (from source), but I don't want to be scurrying
around upgrading every one of our Linux machines every two weeks
when OpenBSD realizes they've reintroduced another bug from the
'80s...
--
gabriel rosenkoetter
gr@eclipsed.net
Attachment:
pgpSlo9I0sWtb.pgp
|
|