BLUF:
I want to install AIDE via package manager but yum is not able to find the rpm
SYSTEM SETUP:
Docker image/container of RHEL UBI8.6-FIPS running on Ubuntu 20.04 DISA-STIG compliant FIPS enabled HOST. AppStream repo is enabled.
DISCLAIMER:
I am an everyday Ubuntu user - not RHEL - so please feel free to call me an idiot for missing something.
STEPS I PERFORMED:
I am following the RHEL Security Hardening Manual and DISA-STIG checklist. I verified that AIDE is supposed to be in the AppStream by checking the manifest.
Verified AppStream is enabled:
[root#a1100622ac26 aide-0.17.4]# yum repolist
repo id repo name
ubi-8-appstream-rpms Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos-rpms Red Hat Universal Base Image 8 (RPMs) - BaseOS
ubi-8-codeready-builder-rpms Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder
Checked the yum repo to ensure the URI is correct:
[root#a1100622ac26 scripts]# cat /etc/yum.repos.d/ubi.repo
[ubi-8-baseos-rpms]
name = Red Hat Universal Base Image 8 (RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-baseos-debug-rpms]
name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-baseos-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-appstream-rpms]
name = Red Hat Universal Base Image 8 (RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-appstream-debug-rpms]
name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-appstream-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-codeready-builder-rpms]
name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-codeready-builder]
name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-codeready-builder-debug-rpms]
name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
[ubi-8-codeready-builder-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1
Updated yum:
[root#a1100622ac26 scripts]# yum update
Red Hat Universal Base Image 8 (RPMs) - BaseOS 4.9 kB/s | 3.8 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStream 2.2 MB/s | 3.2 MB 00:01
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder 5.6 kB/s | 3.8 kB 00:00
Dependencies resolved.
Nothing to do.
Complete!
Attempted to install AIDE:
[root#a1100622ac26 aide-0.17.4]# yum install aide
Last metadata expiration check: 0:48:42 ago on Wed Jan 25 08:01:40 2023.
No match for argument: aide
Error: Unable to find a match: aide
Traveled to the AppStream URI to manually search for the aide rpm using my browser. The aide rpm was not present.
Traveled to the AIDE GitHub Pages and they claim the proper way to install is via AppStream using yum.
I'm not trying to perform a manual install of AIDE because of dependencies and installation will be performed within a Dockerfile so package manager is preferred. Any rpms obtained online will have to be from a trusted source and one of the STIG requirements require the developer to maintain and provide updates (pretty much requiring a package manager for updates). Any help or advice would be greatly appreciated.
Related
When trying to install tidyverse package on R4.1.1 and Redhat 7 from our company Artifactory. I am getting the error:
checking whether the ICU data library can be downloaded... downloading
the ICU data library (icudt) output path:
icu69/data/icu4c-69_1-data-bin-l.zip trying URL
'https://raw.githubusercontent.com/gagolews/stringi/master/src/icu69/data/icu4c-69_1-data-bin-l.zip'
Error in download.file(paste(href, fname, sep = ""), icudtzipfname,
mode = "wb"): cannot open URL
'https://raw.githubusercontent.com/gagolews/stringi/master/src/icu69/data/icu4c-69_1-data-bin-l.zip'
trying URL
'http://raw.githubusercontent.com/gagolews/stringi/master/src/icu69/data/icu4c-69_1-data-bin-l.zip'
Error in download.file(paste(href, fname, sep = ""), icudtzipfname,
mode = "wb"): cannot open URL
'http://raw.githubusercontent.com/gagolews/stringi/master/src/icu69/data/icu4c-69_1-data-bin-l.zip'
Its like the system is trying to download icudt which is weird.
Knowing the the command i use is as follow:
install.packages("tidyverse", repos = https://jfrog.aaw.cloud.mycompanyName.ca/artifactory/dev-cran-remote/, method = "curl", extra = "-k", dependencies=TRUE)
I was expecting that tidyverse will install from our artifactory and not getting message that its trying to install icudt from ttps://raw.githubusercontent.com/gagolews/stringi/master/src/icu69/data/icu4c-69_1-data-bin-l.zip'
I am trying to upgrade Sonatype Nexus 2.14 to latest 3.41.
Current Directory Structure /opt/nexus2/nexus2.14, sonatype-work.
My question is if i want to extract the latest version 3.41 should i do it in /opt/nexus2 ( its will then not create new sonatype-work as its already there) or should i make a new directory for it.
If not then it will look like this /opt/nexus2/nexus2.14, nexsu3.41, sonatype-work,
If yes then it will look like this /op/nexus2/nexus2.14 sonatype-work &
/opt/nexus3/nexus3.41 sonatype-work
..
after installing nexus3.41 i will migrate all the work form nexus 2 to nexus 3 using GUI.
It isn’t an “upgrade”, it is a migration. See here:
https://help.sonatype.com/display/NXRM3/Upgrade+Procedures
The procedure outlined in that help document will import all the configuration and data from Nexus Repo 2 into a new Nexus Repo 3 instance. When finished, your original Nexus Repo 2 will still be intact, and you’ll have a new Nexus Repo 3 instance. Nexus Repo 2 and 3 should not be sharing the same work directory, make a new install location for the Nexus Repo 3 install and its work directory.
I have the following elasticache resource:
resource "aws_elasticache_subnet_group" "main" {
name = "${var.identifier}-sng"
subnet_ids = var.subnet_ids
}
resource "aws_elasticache_cluster" "main" {
cluster_id = var.identifier
engine = "redis"
node_type = var.node_type
num_cache_nodes = var.nodes_count
parameter_group_name = var.parameter_group_name
engine_version = var.engine_version
port = 6379
security_group_ids = var.security_group_ids
subnet_group_name = aws_elasticache_subnet_group.main.name
tags = {
"redis" = "Auto managed by TF"
}
}
I run with aws elasticache Redis 6.0.5 and my var.engine_version is set with 6.0.5 too. It worked quite well until I've upgraded from terraform 1.3 to 1.4 I received the following error:
engine_version: Redis versions must match <major>.x when using version 6 or higher,
or <major>.<minor>.<bug-fix>
Is there anyone experiencing this issue after upgrading? what would be a solution to work around this problem?
Just ran into this problem and I was able to fix by setting parameter_group_name family to 6.x and engine_version to 6.0. When I set the engine version to 6.0.5 it threw the error you listed above. The 6.0 engine version defaults to 6.0.5
I was using elasticache redis 6.2.6 and 7.0.4 for 2 different projects.
To make it work I had to set the engine_versions 6.2 and 7.0 respectively.
I am not being able to get my recipe to copy some files into my target device.
Currently the layers of my yocto project looks like this:
layer path priority
==========================================================================
meta /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta 5
meta-tegra /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-tegra 5
contrib /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-tegra/contrib 4
meta-oe /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-oe 6
meta-python /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-python 7
meta-networking /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-networking 5
meta-filesystems /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-filesystems 6
meta-virtualization /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-virtualization 8
meta-tegra-community /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-tegra-community 20
meta-tegra-support /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-tegra-support 40
meta-demo-ci /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-demo-ci 40
meta-tegrademo /home/juanpablo/work/yocto/tegra-demo-distro/layers/meta-tegrademo 50
workspace /home/juanpablo/work/yocto/tegra-demo-distro/build/workspace 99
meta-mine /home/juanpablo/work/yocto/meta-kwali 6
The meta-mine layer is the layer I created with a recipe to copy files inside the image I am then flashing to the sd card of a jetson-nano-devkit.
The recipe log-generators_0.1.bb has the following content:
DESCRIPTON = "A template recipe to copy files from host directory to target. \
The example is written with docker-compose files"
LICENSE = "CLOSED"
SRC_URI = "file://.env \
file://docker-compose.yml \
"
FILES_${PN} += "/test"
inherit allarch
do_install() {
install -d ${D}/test
install -m 0755 ${WORKDIR}/.env ${D}/test/
install -m 0755 ${WORKDIR}/docker-compose.yml ${D}/test/
}
I have tried following the wiki's cookbook recipe and also 2 or 3 answers for similar questions posted in SO (e.g also defining ${S} = ${WORKDIR}, not using inherit allaarch, etc).
Any suggestions or help is welcome.
I tried your exact recipe on my setup and it seems to work correctly.
bitbake log-generators produces log-generators{,-dbg,-dev}_0.1-r0_all.ipk (I happen to use ipk) packages within build/tmp/deploy/ipk/all/ directory.
While inspecting log-generators_0.1-r0_all.ipk, I can see the correct files in /test inside.
If you don't see the files in your target image, my best guess is that you need to reference the package in the image's install list. The simplest way is to add this to your local.conf:
IMAGE_INSTALL_append = " log-generators "
I have a Yocto BSP with my own layer that includes an autotools 3rdy part library (libcoap).
My application ".bb" file has the following lines, telling libcoap is needed:
DEPENDS += "libcoap"
RDEPENDDS_${PN} += " libcoap libcoap-dev libcoap-devstatic"
I can see the library files are being copied to sysroot:
$ ls -l /projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/coap-playground/1.0-r0/recipe-sysroot/usr/lib/libcoap*
-rw-r--r-- 2 udev udev 286430 Ago 21 13:53 /projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/coap-playground/1.0-r0/recipe-sysroot/usr/lib/libcoap.a
lrwxrwxrwx 1 udev udev 173 Ago 29 14:33 /projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/coap-playground/1.0-r0/recipe-sysroot/usr/lib/libcoap.so -> ../../projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/libcoap/4.1.2+gitAUTOINC+d48ab449fd-r0/image/usr/lib/libcoap.so.4.1.2
-rwxr-xr-x 2 udev udev 38444 Ago 21 13:53 /projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/coap-playground/1.0-r0/recipe-sysroot/usr/lib/libcoap.so.4.1.2
It is not hard to noticed that the symlink is kind of weird:
/projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/coap-playground/1.0-r0/recipe-sysroot/usr/lib/libcoap.so -> ../../projects/oe-core/build/tmp-glibc/work/armv7at2hf-neon-angstrom-linux-gnueabi/libcoap/4.1.2+gitAUTOINC+d48ab449fd-r0/image/usr/lib/libcoap.so.4.1.2
My libcoap.bb contains inherit relative_symlinks (otherwise an absolute link to "/projects" is created and bitbake fails) but the symlink created simply prepends "../../" to the original link.
So... the questions are:
Why do I need inherit relative_symlinks? Shouldn't make install create a symlink relative to sysroot out of the box?
Generated Makefile contains:
librootdir = $(DESTDIR)$(prefix)/lib
# ...
ln -s $(librootdir)/$(LIBSO).4.1.2 $(librootdir)/$(LIBSO)
And I thought $(DESTDIR) would already point to the correct place during bitbake's installation...
What is the right way to fix it? Could it be something wrong at the other side (the application trying to link against libcoap)?
Thanks in advance.
Resources
libcoap.bb is based on Internet and quite simple:
SUMMARY = "A C implementation of IETF Constrained Application Protocol (RFC 7252)"
DESCRIPTION = "Libcoap provides an implementation of the IETF CoAP protocol"
HOMEPAGE = "http://sourceforge.net/projects/libcoap/"
SECTION = "libs/network"
PROVIDES = "libcoap"
SRCREV = "d48ab449fd05801e574e4966023589ed7dac500b"
# Lookout for PV bump too when SRCREV is changed
PV = "4.1.2+git${SRCPV}"
LICENSE = "GPLv2 | BSD"
LIC_FILES_CHKSUM = "file://${S}/LICENSE.BSD;md5=1164f52f9c4db2c13f681b201010d518 \
file://${S}/LICENSE.GPL;md5=4641e94ec96f98fabc56ff9cc48be14b"
S = "${WORKDIR}/git"
SRC_URI = "git://git.code.sf.net/p/libcoap/code"
inherit autotools-brokensep relative_symlinks
EXTRA_OECONF += "--with-shared"
EXTRA_OEMAKE += "all"
INSANE_SKIP_${PN} = "ldflags"
BBCLASSEXTEND = "native nativesdk"