WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)

from [brooks] [Permanent Link][Original]
To: Andrew Wells <agwells0714@xxxxxxxxx>
Subject: Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)
From: brooks@xxxxxxxxxxx
Date: Wed, 26 Oct 2011 18:20:21 -0700 (PDT)
Cc: mike.mcclurg@xxxxxxxxxx, xen-users <Xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 26 Oct 2011 18:22:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAP3iW_SXRGcj7m1q9-JZ+yvwk94P9KdVwi_zg_jXBcDwJ-48tw@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CAK5Eu=uRLu17+FTBZdqSUgbKUo4p1QHj1YFBWhy0f5F7Xb_9sg@xxxxxxxxxxxxxx> <602C5EB92F9AFB4D89D11B9F5B7F1355160FF2F3@xxxxxxxxxxxxxxxxxxxxxxxxx> <CAK5Eu=uH8xG52nRJVO7MaBH9sjzzMRNNQVX0Wc4bCHORj9BqPQ@xxxxxxxxxxxxxx> <4EA6CB8B.2020709@xxxxxxxxx> <CAGnmK4ybB8tbyyyhxXZ6dvBmGpVbQvCZ4KTHhJbMSU9i+JuAMQ@xxxxxxxxxxxxxx> <4EA7C679.4030804@xxxxxxxxx> <CAGnmK4zUcWddW9n03PVzcWmtLmA0=-JWM6Uo5nVz5EgXma-DHw@xxxxxxxxxxxxxx> <CAP3iW_TSVC70nWsAiDGBW2Gsu7u6s_=TkupWC-H1JU9rZmNv5w@xxxxxxxxxxxxxx> <CAP3iW_SXRGcj7m1q9-JZ+yvwk94P9KdVwi_zg_jXBcDwJ-48tw@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Alpine 2.02 (LRH 1266 2009-07-14)
Great points from everyone concerning the topic of XCP security updates. To summarize: 

    1. The XCP project currently provides no update repo.

    2. Protect your management network via an non-public routable address
       space and you greatly reduce your dom0 attack surface to the kernel
       and open vSwitch.  While that's true, I don't think that hiding
       from security problems is the answer.

    3. Do not use the CentOS 5 repo to update XCP dom0.

       Some packages (lvm2, etc.) have been modified to work with
       Xenserver/XCP.  The XCP 1.1 source iso lists the following packages
       under the "guest-packages-dom0" directory:

       biosdevname-0.2.4-1.xs651.src.rpm
       device-mapper-multipath-0.4.7-34.xs651.src.rpm
       dhcp-3.0.5-23.el5.xs651.src.rpm
       directfb-1.0.1-xs651.src.rpm
       e2fsprogs-1.39-23.xs651.src.rpm
       ethtool-6+20090306-651.src.rpm
       fbi-1.31-xs651.src.rpm
       firmware-651-1.src.rpm
       kexec-tools-2.0.0-651.49.src.rpm
       lvm2-2.02.56-8.xs651.src.rpm
       md3000-rdac-09.03.0C00.0437-651.src.rpm
       md3000-rdac-tools-09.03.0C00.0437-651.src.rpm
       mercurial-0.9-0.src.rpm
       mkinitrd-5.1.19.6-61.xs651.src.rpm
       net-snmp-5.3.2.2-9.xs651.src.rpm
       open-iscsi-2.0.871-0.20.3.xs651.src.rpm
       pam-0.99.6.2-6.xs651.src.rpm
       PyPAM-0.4.2-3.xs651.src.rpm
       python-simplejson-2.0.9-3.1.xs651.src.rpm
       SDL-1.2.10-8.xs651.src.rpm
       splashy-0.3.9-xs651.src.rpm
       ssmtp-2.61-8.fc6.src.rpm
       stunnel-4.15-2.el5.1.xs651.src.rpm
       udhcp-r15050-651.src.rpm
       vastsky-2.1-3.src.rpm
       vhostmd-0.4-xs651.src.rpm
       vncsnapshot-1.2a-xs651.src.rpm
       xenserver-logos-1.0-xs651.src.rpm
       xenserver-lsb-3.1-12.3.EL.xs.src.rpm

       That's not a perfect list.  I compared that list with a base
       CentOS 5.7 repo and found these to be unique to the above list:

       PyPAM
       biosdevname
       directfb
       fbi
       firmware
       md3000-rdac
       md3000-rdac-tools
       mercurial
       open-iscsi
       splashy
       ssmtp
       udhcp-r15050
       vastsky
       vhostmd
       vncsnapshot
       xenserver-logos
       xenserver-lsb

       For completness here's the list of packages that appear to have
       been modified since they are list in both the CentOS and XCP lists:

       SDL
       device-mapper-multipath
       dhcp
       e2fsprogs
       ethtool
       kexec-tools
       lvm2
       mkinitrd
       net-snmp
       pam
       python-simplejson
       stunnel

       Add in the kernel, hypervisor, vswitch, and assorted utilities and
       you should be able to come up with a list of packages unique to XCP
       that could be used to build an exclude list if you wanted to pull
       updates from a CentOS 5 repo.
It's a great topic and I'd like to keep the discussion alive. I'd also like to hear from Mike given his insight and understanding of the project. Ideally I think we would all like to see a Citrix sponsored XCP updates repository. 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [xen-users] mailing list., Andrew Eross
Next by Date:  Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown), Grant McWilliams
Previous by Thread:  Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown), Andrew Wells
Next by Thread:  Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown), Grant McWilliams
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy