WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)

from [brooks] [Permanent Link][Original]
To: Andrew Wells <agwells0714@xxxxxxxxx>
Subject: Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown)
From: brooks@xxxxxxxxxxx
Date: 2011年10月26日 18:20:21 -0700 (PDT)
Cc: mike.mcclurg@xxxxxxxxxx, xen-users <Xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: 2011年10月26日 18:22:36 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAP3iW_SXRGcj7m1q9-JZ+yvwk94P9KdVwi_zg_jXBcDwJ-48tw@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CAK5Eu=uRLu17+FTBZdqSUgbKUo4p1QHj1YFBWhy0f5F7Xb_9sg@xxxxxxxxxxxxxx> <602C5EB92F9AFB4D89D11B9F5B7F1355160FF2F3@xxxxxxxxxxxxxxxxxxxxxxxxx> <CAK5Eu=uH8xG52nRJVO7MaBH9sjzzMRNNQVX0Wc4bCHORj9BqPQ@xxxxxxxxxxxxxx> <4EA6CB8B.2020709@xxxxxxxxx> <CAGnmK4ybB8tbyyyhxXZ6dvBmGpVbQvCZ4KTHhJbMSU9i+JuAMQ@xxxxxxxxxxxxxx> <4EA7C679.4030804@xxxxxxxxx> <CAGnmK4zUcWddW9n03PVzcWmtLmA0=-JWM6Uo5nVz5EgXma-DHw@xxxxxxxxxxxxxx> <CAP3iW_TSVC70nWsAiDGBW2Gsu7u6s_=TkupWC-H1JU9rZmNv5w@xxxxxxxxxxxxxx> <CAP3iW_SXRGcj7m1q9-JZ+yvwk94P9KdVwi_zg_jXBcDwJ-48tw@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Alpine 2.02 (LRH 1266 2009年07月14日)
Great points from everyone concerning the topic of XCP security updates. To summarize: 
 1. The XCP project currently provides no update repo.
 2. Protect your management network via an non-public routable address
 space and you greatly reduce your dom0 attack surface to the kernel
 and open vSwitch. While that's true, I don't think that hiding
 from security problems is the answer.
 3. Do not use the CentOS 5 repo to update XCP dom0.
 Some packages (lvm2, etc.) have been modified to work with
 Xenserver/XCP. The XCP 1.1 source iso lists the following packages
 under the "guest-packages-dom0" directory:
 biosdevname-0.2.4-1.xs651.src.rpm
 device-mapper-multipath-0.4.7-34.xs651.src.rpm
 dhcp-3.0.5-23.el5.xs651.src.rpm
 directfb-1.0.1-xs651.src.rpm
 e2fsprogs-1.39-23.xs651.src.rpm
 ethtool-6+20090306-651.src.rpm
 fbi-1.31-xs651.src.rpm
 firmware-651-1.src.rpm
 kexec-tools-2.0.0-651.49.src.rpm
 lvm2-2.02.56-8.xs651.src.rpm
 md3000-rdac-09.03.0C00.0437-651.src.rpm
 md3000-rdac-tools-09.03.0C00.0437-651.src.rpm
 mercurial-0.9-0.src.rpm
 mkinitrd-5.1.19.6-61.xs651.src.rpm
 net-snmp-5.3.2.2-9.xs651.src.rpm
 open-iscsi-2.0.871-0.20.3.xs651.src.rpm
 pam-0.99.6.2-6.xs651.src.rpm
 PyPAM-0.4.2-3.xs651.src.rpm
 python-simplejson-2.0.9-3.1.xs651.src.rpm
 SDL-1.2.10-8.xs651.src.rpm
 splashy-0.3.9-xs651.src.rpm
 ssmtp-2.61-8.fc6.src.rpm
 stunnel-4.15-2.el5.1.xs651.src.rpm
 udhcp-r15050-651.src.rpm
 vastsky-2.1-3.src.rpm
 vhostmd-0.4-xs651.src.rpm
 vncsnapshot-1.2a-xs651.src.rpm
 xenserver-logos-1.0-xs651.src.rpm
 xenserver-lsb-3.1-12.3.EL.xs.src.rpm
 That's not a perfect list. I compared that list with a base
 CentOS 5.7 repo and found these to be unique to the above list:
 PyPAM
 biosdevname
 directfb
 fbi
 firmware
 md3000-rdac
 md3000-rdac-tools
 mercurial
 open-iscsi
 splashy
 ssmtp
 udhcp-r15050
 vastsky
 vhostmd
 vncsnapshot
 xenserver-logos
 xenserver-lsb
 For completness here's the list of packages that appear to have
 been modified since they are list in both the CentOS and XCP lists:
 SDL
 device-mapper-multipath
 dhcp
 e2fsprogs
 ethtool
 kexec-tools
 lvm2
 mkinitrd
 net-snmp
 pam
 python-simplejson
 stunnel
 Add in the kernel, hypervisor, vswitch, and assorted utilities and
 you should be able to come up with a list of packages unique to XCP
 that could be used to build an exclude list if you wanted to pull
 updates from a CentOS 5 repo.
It's a great topic and I'd like to keep the discussion alive. I'd also like to hear from Mike given his insight and understanding of the project. Ideally I think we would all like to see a Citrix sponsored XCP updates repository. 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: Re: [xen-users] mailing list. , Andrew Eross
Next by Date: Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown) , Grant McWilliams
Previous by Thread: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown) , Andrew Wells
Next by Thread: Re: Fwd: [Xen-users] Yum repo for XCP (ex: XCP acpi shutdown) , Grant McWilliams
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /