Scientific Linux Fermi LTS 4.4 x86_64 October 26, 2006
Please send bug reports to dawson@fnal.gov,csieh@fnal.gov
Please read the Release Notes for Scientific Linux. It is located at
SL.releasenote
Also read the Upstream Vendor release notes . They are located in
*Upstream.vendor.U3.releasenote and Upstream.vendor.U4.releasenote
and the older releasenotes in SL.documentation/
All of the info in the SL.releasenote is valid unless this document
states otherwise. This document only contains info that is specific
to the Fermi site. Any reference to SL.releasenote is done to emphasis
that it contains important information.
All of these release notes, as well as earlier ones, can be found at
http://www-oss.fnal.gov/projects/fermilinux/lts4x/release.notes.html
----------------------------------------------------------------------------
This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux. Please read this entire document before installing.
Table of contents
HARDWARE REQUIREMENTS
INSTALLATION INFO
* ADDED compared to Scientific Linux 4.4
* UPDATED compared to Scientific Linux 4.4
Installer modifications
/contrib
/docs
/notsupported
MISC Notes
HARDWARE SPECIFIC ISSUES
SOFTWARE ISSUES/BUGS
SUPPORT INFO
vendor ERRATA
Each has a "---" line above and below it.
_____________________________________________________________________________
HARDWARE REQUIREMENTS
_____________________________________________________________________________
- See SL.releasenotes
- Common "Fermi Generic Desktop" Installation : 5GB
_____________________________________________________________________________
INSTALLATION INFO
_____________________________________________________________________________
Installation Locations
Via NFS
linux.fnal.gov:/export/linux/lts44/x86_64/
with floppy
There is no floppy install as the kernel is too big to fit on a floppy.
with cdrom
There is a boot.iso which is small iso image which includes all the
drivers. After download you can use cdrecord to create a cdr with this
image on it.
ftp://linux.fnal.gov/linux/lts44/x86_64/images/Fermi/boot.iso
Via CDROM
Download and then burn cdrom iso images from
ftp://linux.fnal.gov/linux/lts44/x86_64/sites/Fermi/iso/
-----------------------------------------------------------------------------
ADDED compared to Scientific Linux
-----------------------------------------------------------------------------
Fermi-release
Made change so that /etc/issue and /etc/issue.net showed Fermi
Linux instead of RedHat.
Clam Anti Virus
Clam Anti-Virus. Obtained from the DAG repository and rebuilt from
src.rpm. http://www.clamav.net
clamav-0.87.1-1.rf.x86_64.rpm
clamav-db-0.87.1-1.rf.x86_64.rpm
clamav-devel-0.87.1-1.rf.x86_64.rpm
clamav-milter-0.87.1-1.rf.x86_64.rpm
clamd-0.87.1-1.rf.x86_64.rpm
clamtk-2.13-1.rf.x86_64.rpm
flpr
I am installing the flpr rpm by default. I got the latest version
from Randy. This does NOT require ups/upd. The flpr binary will
reside in /usr/local/bin/ . This should just make using flpr
easier for all.
flpr-2.4-4f.9x.i386.rpm
Java
See SL.releasenote
Kerberos -- Fermi version
The fixes in these new kerberos packages should fix the
kerberos - afs problem.
The configuration rpm's set ignore_afs = true, this get's rid of the
long wait as pam decides what to do.
The libs rpm, which has the /etc/pam.d/z_krb5* scripts, now checks
to see if you have AFS, then if you have a keberos ticket, and if
you do, then it does an aklog -setpag for you.
The end result is a quicker login, with the benifit of cutting down
on afs token stealing if multiple people log in as the same user.
krb5-fermi-krb5.conf will ONLY put on a /etc/krb5.conf that points
to the fermi domain. If you have krb5-fermi-config you DO NOT
need this. This is intended for use with the Redhat provided
kerberos. Many offsite users will find this of use.
krb5-fermi-config-1.9-4 and later has a seperate script that only
adds or removes aklog from your krb5.conf. This script now get's
run (via triggers) whenever openafs get's added or removed.
* krb5-fermi-config-1.15-1.LTS4.noarch.rpm
* krb5-fermi-krb5.conf-1.15-1.LTS4.noarch.rpm
krb5-libs-fermi-1.8a-LTS4.4.i386.rpm
krb5-workstation-fermi-1.8a-LTS4.4.i386.rpm
OpenAFS
See SL.releasenote
* Installing OpenAFS using Yum
* Yum 2.4, which is found in Scientific Linux 4.x, is not as good at
* figuring out which kernel-modules need to be installed with openafs.
* Because of this, sometime's it tries to install the wrong kernel-module
* when you are installing openafs by hand.
* Here is the procedure for installing openafs, using yum
*
* yum install openafs-client openafs-thiscell kernel-module-openafs-`uname -r`
*
redhat-logos-1.1.25-1.LTS.4.noarch.rpm
This version of redhat-logo's has all of the generic changes
that were made with Scientific Linux. It has also changed all
of the Scientific Linux specific logo's, as well as anything
that was in the old zz_fermi-logos
*SLIP
* Scientific Linux Inventory Project client and dependencies
*
* ocsinventory-client-0.9.9-7.noarch.rpm
* perl-XML-Simple-2.14-2.rf.noarch.rpm
SL_...
See SL.releasenote. These are similar to zz_... . The only
difference is that the SL_... were deemed more generic and thus
should be included in the Full SL release and not only in Fermi
site version.
upsupdbootstrap
Not installed by default anymore for "Fermi Generic Desktop.
Does NOT create symbolic links from /usr/local/bin to ups areas.
Can select during install if needed.
upsupdbootstrap-4.1-1.i386.rpm
upsupdbootstrap-fnal-4.0-4.i386.rpm
Installs ups/upd to /fnal/ups
Was upsupdbootstrap-generic, changed to make the name clearer
upsupdbootstrap-local-4.0-4.i386.rpm
Installs ups/upd to /local/ups
*vnc
* Issue with vnc allowing more than just localhost to connect by
* default.
* The starting point was the latest Fedora Core SRPM of vnc,
* back-ported to use the XFree86-4.3.0-78.EL sources instead of x.org
* and javac instead of the (too-old) gcc-java, and patched to set the
* "localhostOnly" parameter to true by default. Note that it is still
* possible to return to RISKY behavior by invoking:
* vncserver -localhost="no" (or 0, or "off")
* Note that vncviewer has the new option "-via", meaning that the
* command line:
* vncviewer -via <host>.fnal.gov localhost:1
* will set up an SSH tunnel and use it to access the local vncserver
* running on <host>.fnal.gov, all in one step.
* NOTE that vnc is ONLY allowed if used with a kerberized SSH tunnel i
* onsite at Fermi and visible only to localhost . See the above info.
* Thanks to Chris Green for this patched vnc.
* vnc-4.0-13f1.x86_64.rpm
* vnc-server-4.0-13f1.x86_64.rpm
*yum-conf-44-1.LTS.noarch.rpm
Modified to give Fermi's rpm's a priority, as well as point to
Fermi's linux distribution servers instead of scientific linux's.
Also excludes the generic SL openssh rpm's.
Now has a testing repository
Added configuration for default yumex config file
*yum-conf-4x-2-2.LTS.noarch.rpm
* Will keep you at 4x which is the current 4x release. So when
* we release the next 4 release yum will automatically yum install it
* , except for the kernel.
*
* yum install yum-conf-4x
*
* This is NOT installed by default.
zz_a2ps_stdout-1.0-3.noarch.rpm
Change the output of a2ps to go to stdout vs the printer.
zz_dhcp_resolv-3.0.1-2.noarch.rpm
This rpm fixes that so that when your network starts, as it checks
your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will
put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in
your /etc/resolv.conf file.
zz_emacs_link-1.1-5.noarch.rpm
Make a symbolic link from "emacs" to "xemacs" when xemacs is installed
and emacs is not installed. This version uses triggers to make or
remove the link when emacs, or xemacs is added or removed.
zz_firstboot_fix-1.0-3.noarch.rpm
Make changes to firstboot.
zz_lang_collate-1.0-2.noarch.rpm
Changes LANG so that sorting is done the same as 6.1 and
earlier. (ABCabc instead of AaBbCc). This is not installed by
default except for a few workgroups. Can be added later with
a "yum install zz_lang_collate" .
zz_ntp_configure-4.2.0-6.noarch.rpm
Configure ntp for Fermi site network.
Startup script now pokes hole in the firewall for itself
zz_pine_user_domain-1.0-1.noarch.rpm
By default when a user sends mail from pine their email address
is myname@mycomputer.fnal.gov. This rpm changes it so that the
default is myname@fnal.gov by modifying the /etc/pine.conf config file.
zz_sendmail_accept-2.0-1.noarch.rpm
Changes Sendmail config so that it allows incomming mail.
This the same as the SL_sendmail_accept except that the sendmail
startup script pokes holes for fermilab on startup, and closes them
on shutdown
zz_sendmail_fermi_gateway-2.0-1.noarch.rpm
This rpm is designed to send outbound sendmail e-mail through
the fermilab e-mail gateway(smtp.fnal.gov).
*zz_sshd_aklog-3.9-4.noarch.rpm
* Turns the KerberosGetAFSToken setting on in your sshd_config
* As of Fermi's version 4penssh-3.9p1-8.SLF.4.17 this option was
taken out of the sshd_config due to it not working and causing
an error. This rpm currently does nothing.
This script is 'trigger'able, so that when you update your
openssh-server or your afs client, it will re-run to keep the
sshd_config file up to date.
*zz_sshd_nonkerberized-3.9-1.noarch.rpm
Fermi's openssh is normally kerberized out of the box. This rpm
will make it non-kerberized. Should only be used offsite.
* version 3.9 was changed to work with the configurations of openssh 3.9
*zz_sshd_pam-3.9-3.noarch.rpm
*
* This changes the setting in sshd_config from "UsePAM = no" to
* "UsePAM = yes"
* When used with the new pam_krb5 (version 2.2.8-2) this allows your
* ssh deamon to do cryptocard prompting.
zz_tcp_wrappers_change-3.0-3.noarch.rpm
Disable all offsite access to common network services. Also
puts in the "DOE required login banners". If it determines that
you have already modified /etc/hosts.allow or host.deny it leaves
them alone.
zz_tex_tweaks-1.0-1.noarch.rpm
Changes the default paper size to 8.5 x 11 vs A3
apt-get
Scientific Linux Fermi is not aptable. We do NOT provide any
config files for this. If you want to use apt YOU will need
to add /etc/apt/ entries to point to Scientific Linux Fermi.
We only support yum handling the daily "auto update" function.
Note that yum can handle the "auto update" function with
apt still able to do "installs".
Apt does not work well with dual arch distos. Since this version
of SLF is dual arch apt does NOT work with it. Apt-rpm development
has been stopped.
Only YUM is installed by default and ONLY YUM is SUPPORTED at Fermi.
So why am i mentioning this if apt does not work and is dead. Because
it is still in the release and did not want it to be used.
Workgroup tag files
These are used to specify which workgroup you belong to.
Astro-tag-3.0-4.noarch.rpm
BooNE-tag-3.0-4.noarch.rpm
BooNEDataServer-tag-3.0-5.noarch.rpm
BTeV-tag-3.0-5.noarch.rpm
BTeVTrigger-tag-3.0-5.noarch.rpm
BTeVSimulation-tag-3.0-7.noarch.rpm
BTeVWorker-tag-3.0-7.noarch.rpm
CDFCAFworker-tag-3.0-4.noarch.rpm
CDFlevel3-tag-3.0-4.noarch.rpm
CDFoffsite-tag-3.0-4.noarch.rpm
CDFonline-tag-3.0-4.noarch.rpm
CDF-tag-3.0-4.noarch.rpm
ClueD0Workstation-tag-3.0-4.noarch.rpm
CMSdesktop-tag-3.0-4.noarch.rpm
CMSfarm-tag-3.0-4.noarch.rpm
CMSserver-tag-3.0-4.noarch.rpm
ConsoleServer-tag-3.0-4.noarch.rpm
CPD-tag-3.0-4.noarch.rpm
CPDserver-tag-3.0-5.noarch.rpm
CSS-tag-3.0-4.noarch.rpm
FarmsConsole-tag-3.0-4.noarch.rpm
Farms-tag-3.0-4.noarch.rpm
FermiStandAlone-tag-3.0-4.noarch.rpm
FermiVeryGeneric-tag-3.0-4.noarch.rpm
FnaluBatch-tag-3.0-4.noarch.rpm
FnaluInteractive-tag-3.0-4.noarch.rpm
FOCUS-tag-3.0-4.noarch.rpm
GenericFarm-tag-3.0-4.noarch.rpm
Minos-tag-3.0-4.noarch.rpm
OAA-tag-3.0-4.noarch.rpm
RIP-tag-3.0-4.noarch.rpm
SDSS-tag-3.0-4.noarch.rpm
Sidet-tag-3.0-4.noarch.rpm
Theory-tag-3.0-4.noarch.rpm
FermiGenericDesktopOffsite-tag-3.0-6.noarch.rpm
D0online-tag-3.0-8.noarch.rpm
EAG-tag-3.0-8.noarch.rpm
* GenericServer-tag-3.0-9.noarch.rpm
* DcacheServer-tag-3.0-10.noarch.rpm
* Fermigrid-tag-4.0-3.noarch.rpm
---------------------------------------------------------------------------
UPDATED compared to 3
----------------------------------------------------------------------------
authconfig
Authconfig needed to be tweeked because it was putting a line into
the /etc/pam.d/system-auth that would not allow you to log into
root or a group account if there was a .k5login file in the accounts
home area. This is the same change that was done in LTS 3.0.x
authconfig-4.6.10-LTS4x.3.x86_64.rpm
authconfig-gtk-4.6.10-LTS4x.3.x86_64.rpm
*OpenSSH
*
* This is the openssh from S.L. 4.x with some patches and modifications.
*
* It does kerberos with both fermi's old openssh(old gssapi), as well as
* generic new openssh's(new gssapi) for both the server and the client.
* So end users won't need a special openssh.
*
* It works with multiple IP address's (if you are behind a load balancer)
*
* It has the "High Performance Networking" patch (a command line option)
* http://www.psc.edu/networking/projects/hpn-ssh/
*
* It does 'kerberos only' by default
*
* It does not do cryptocard. Users needing this need to install
* the modified pam module (pam_krb5-2.2.8-2) and then either change
* the sshd_config to say "UsePAM = yes" or install the
* zz_sshd_pam rpm.
*
If a workgroup wants to install openssh-server then they just need
to add the entry from their "comps" file as it is NOT installed by
default.
* openssh-3.9p1-8.SLF.4.20.x86_64.rpm
* openssh-askpass-3.9p1-8.SLF.4.20.x86_64.rpm
* openssh-askpass-gnome-3.9p1-8.SLF.4.20.x86_64.rpm
* openssh-clients-3.9p1-8.SLF.4.20.x86_64.rpm
* openssh-server-3.9p1-8.SLF.4.20.x86_64.rpm
*pam_krb5
*
* This pam module is the same as the old one, but it adds cryptocard
* authentication.
* This has been compiled with static libraries so it doesn't matter which
* kerberos you have installed.
*
* pam_krb5-2.2.8-2.x86_64.rpm
SELinux
policycoreutils-1.18.1-4.9.x86_64.rpm
selinux-policy-targeted-1.17.30-2.120.noarch.rpm
selinux-policy-targeted-sources-1.17.30-2.120.noarch.rpm
These packages fix up various problems found with
the selinux settings in Scientific Linux 4.2.
Problems include:
GFS does not start
USB drives will not mount
CD-ROM and DVD's will not automount
* This change is not needed anymore as the "original" are now
* fixed.
SL_enable_serialconsole-3.1-4.noarch.rpm
The serial console was changed from mingetting to agetty
----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------
Anaconda (installer)
* anaconda-10.1.1.46-2SL.x86_64.rpm
* anaconda-runtime-10.1.1.46-2SL.x86_64.rpm
Changes to "defaults" from vendor installer.
Firewall is on by default. Hole poked for ntp.
US/Central is default timezone. vendor default was New York.
Kerberos is on by default with a realm of FNAL.GOV . vendor default
was off.
Default install is via ftp, can still select nfs by typing nfs
at isolinux prompt
* rhgb(RedHat Graphical Boot) is not turned on by default.
* If a workgroup wants it on they need to include "rhgb" in their
* comps.xml file
---------------------------------------------------------------------------
/contrib/
---------------------------------------------------------------------------
The packages in this section have been contributed by various people. They
are presented AS IS and there is no guarantee of them working. These packages
are NOT supported by us. They will only get security updates if the
contributor provides them. If you have questions about them then ask the
contributor.
To use with yum:
For one time only (prefered method)
yum --enablerepo=Fermi-contrib install <package>
To enable for all yum updates/install (including autoyum)
edit the file /etc/yum.repos.d/fermi-contrib.repo
and change the line
enabled=0
to
enabled=1
See README's in the RPMS/ directorys for specific package info.
/sites/Fermi/contrib/RPMS/
---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
Upgrades from prior versions.
UPDATES are only supported via the installer for upgrading from
Scientific Linux LTS 3.0.x to Scientific Linux LTS 40rolling.
YUM will NOT work, do not use it.
Vendor seems to really want users to start from scratch.
---------------------------------------------------------------------------
SOFTWARE ISSUES/BUGS
---------------------------------------------------------------------------
*ATI x700 video cards are NOT supported in the version of X included here.
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Fermi site users should start with the "Fermi" specific support areas and
use the Scientific Linux next.
Fermi Linux web pages
http://www.fnal.gov/cd/unix/linux
Fermi Linux Community support mailing list
linux-users@fnal.gov
Which is archived at
http://listserv.fnal.gov/archives/linux-users.html
Scientific Linux web page
http://www.scientificlinux.org
----------------------------------------------------------------------------
ERRATA released after SL 4.4
------------------------------------------------------------------------------
* gnupg-1.2.6-8.x86_64.rpm
* mod_auth_kerb-5.0-1.3.x86_64.rpm
* devhelp-0.10-0.5.el4.x86_64.rpm
* devhelp-devel-0.10-0.5.el4.x86_64.rpm
* elinks-0.9.2-3.3.x86_64.rpm
* firefox-1.5.0.8-0.1.el4.i386.rpm
* firefox-1.5.0.8-0.1.el4.x86_64.rpm
* info-4.7-5.el4.2.x86_64.rpm
* irb-1.8.1-7.EL4.8.x86_64.rpm
* nss_ldap-226-17.i386.rpm
* nss_ldap-226-17.x86_64.rpm
* php-4.3.9-3.22.x86_64.rpm
* php-devel-4.3.9-3.22.x86_64.rpm
* php-domxml-4.3.9-3.22.x86_64.rpm
* php-gd-4.3.9-3.22.x86_64.rpm
* php-imap-4.3.9-3.22.x86_64.rpm
* php-ldap-4.3.9-3.22.x86_64.rpm
* php-mbstring-4.3.9-3.22.x86_64.rpm
* php-mysql-4.3.9-3.22.x86_64.rpm
* php-ncurses-4.3.9-3.22.x86_64.rpm
* php-odbc-4.3.9-3.22.x86_64.rpm
* php-pear-4.3.9-3.22.x86_64.rpm
* php-pgsql-4.3.9-3.22.x86_64.rpm
* php-snmp-4.3.9-3.22.x86_64.rpm
* php-xmlrpc-4.3.9-3.22.x86_64.rpm
* qt-3.3.3-10.RHEL4.i386.rpm
* qt-3.3.3-10.RHEL4.x86_64.rpm
* qt-config-3.3.3-10.RHEL4.x86_64.rpm
* qt-designer-3.3.3-10.RHEL4.x86_64.rpm
* qt-devel-3.3.3-10.RHEL4.x86_64.rpm
* qt-MySQL-3.3.3-10.RHEL4.x86_64.rpm
* qt-ODBC-3.3.3-10.RHEL4.x86_64.rpm
* qt-PostgreSQL-3.3.3-10.RHEL4.x86_64.rpm
* ruby-1.8.1-7.EL4.8.x86_64.rpm
* ruby-devel-1.8.1-7.EL4.8.x86_64.rpm
* ruby-docs-1.8.1-7.EL4.8.x86_64.rpm
* ruby-libs-1.8.1-7.EL4.8.i386.rpm
* ruby-libs-1.8.1-7.EL4.8.x86_64.rpm
* ruby-mode-1.8.1-7.EL4.8.x86_64.rpm
* ruby-tcltk-1.8.1-7.EL4.8.x86_64.rpm
* seamonkey-1.0.6-0.1.el4.i386.rpm
* seamonkey-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-chat-1.0.6-0.1.el4.i386.rpm
* seamonkey-chat-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-devel-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-dom-inspector-1.0.6-0.1.el4.i386.rpm
* seamonkey-dom-inspector-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-js-debugger-1.0.6-0.1.el4.i386.rpm
* seamonkey-js-debugger-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-mail-1.0.6-0.1.el4.i386.rpm
* seamonkey-mail-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-nspr-1.0.6-0.1.el4.i386.rpm
* seamonkey-nspr-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-nspr-devel-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-nss-1.0.6-0.1.el4.i386.rpm
* seamonkey-nss-1.0.6-0.1.el4.x86_64.rpm
* seamonkey-nss-devel-1.0.6-0.1.el4.x86_64.rpm
* texinfo-4.7-5.el4.2.x86_64.rpm
* thunderbird-1.5.0.8-0.1.el4.i386.rpm
* thunderbird-1.5.0.8-0.1.el4.x86_64.rpm
* wireshark-0.99.4-EL4.1.x86_64.rpm
* wireshark-gnome-0.99.4-EL4.1.x86_64.rpm