aufs2-util-2.1-alt3.git0f0cf3f.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libau.so but just /usr/lib64/libau.so.2.5. According to SharedLibs Policy Draft, symlink /usr/lib64/libau.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libau.so to \%files of aufs2-util-2.1-alt3.git0f0cf3f.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; aufs2-util-ng-2.1-alt2.git0f0cf3f.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libau.so but just /usr/lib64/libau.so.2.5. According to SharedLibs Policy Draft, symlink /usr/lib64/libau.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libau.so to \%files of aufs2-util-ng-2.1-alt2.git0f0cf3f.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; cfengine-3.1.1-alt3.x86_64 altlinux-policy-shared-lib-contains-devel-so info SharedLibs Policy Draft violation: Shared Lib package should not contain symlink /usr/lib64/libpromises.so but just /usr/lib64/libpromises.so.1.0.0. According to SharedLibs Policy Draft, symlink /usr/lib64/libpromises.so should be placed in a special subpackage named lib-devel. If you have already packaged this symlink in lib-devel, just append \%exclude /usr/lib64/libpromises.so to \%files of cfengine-3.1.1-alt3.x86_64. Otherwise, move the symlink into the subpackage lib-devel. There is a known exception for case the .so file is not a shared lib but a plugin that is never directly linked with. Please report such a case to repocop test.; cfengine-3.1.1-alt3.x86_64 init-lsb warn /etc/rc.d/init.d//cf-execd: lsb init header missing. /etc/rc.d/init.d//cf-monitord: lsb init header missing. /etc/rc.d/init.d//cf-serverd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; conserver-8.1.16-alt1.1.x86_64 init-lsb warn /etc/rc.d/init.d//conserver: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; gtkterm-0.99.5-alt1.qa2.x86_64 freedesktop-desktop warn desktop-file-validate utility exited abnormally with the following message(s): /usr/share/applications/gtkterm.desktop: error: (will be fatal in the future): value "GNOME" in key "Categories" in group "Desktop Entry" requires another category to be present among the following categories: GTK; isomd5sum-1.0.4-alt0.20080218.1.x86_64 missing-url info Missing Url: in a package.; isomd5sum-devel-1.0.4-alt0.20080218.1.x86_64 missing-url info Missing Url: in a package.; krb5-ticket-watcher-1.0.2-alt3.qa1.x86_64 altlinux-find-lang-mo warn Language specific files in /usr/share/locale should be marked, for example, using %find_lang. See http://www.altlinux.org/FindLangPolicy for details.; krb5-ticket-watcher-1.0.2-alt3.qa1.x86_64 freedesktop-desktop info desktop-file-validate utility printed the following message(s): /usr/share/applications/krb5-ticket-watcher.desktop: warning: value "" for key "Path" in group "Desktop Entry" does not look like an absolute path; krb5-ticket-watcher-1.0.2-alt3.qa1.x86_64 iconsdir experimental Please, move pixmaps from /usr/share/pixmaps to %_liconsdir, %_niconsdir, %_miconsdir according to their size. See http://www.altlinux.org/IconPathsPolicy.; livecd-fstab-0.1-alt3.noarch init-lsb warn /etc/rc.d/init.d//livecd-fstab: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; livecd-fstab-0.1-alt3.noarch missing-url info Missing Url: in a package.; livecd-hostname-0.4-alt1.noarch init-lsb warn /etc/rc.d/init.d//livecd-hostname: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; livecd-hostname-0.4-alt1.noarch missing-url info Missing Url: in a package.; livecd-install-0.6-alt7.noarch freedesktop-categories warn Menu-related Additional Categories (http://standards.freedesktop.org/menu-spec/latest/apa.html) not found in /usr/share/applications/livecd-install.desktop. Please add it or report a bug against this test if you already have registered one (not including menu unrelated ones as Core or Qt).; livecd-install-0.6-alt7.noarch missing-url info Missing Url: in a package.; mandvd-2.5-alt1.qa1.x86_64 freedesktop-desktop warn desktop-file-validate utility exited abnormally with the following message(s): /usr/share/applications/mandvd.desktop: warning: key "Encoding" in group "Desktop Entry" is deprecated; /usr/share/applications/mandvd.desktop: error: (will be fatal in the future): value "KDE" in key "Categories" in group "Desktop Entry" requires another category to be present among the following categories: Qt; /usr/share/applications/mandvd.desktop: warning: value "KDE;Application;AudioVideo;DiscBurning;" for key "Categories" in group "Desktop Entry" contains a deprecated value "Application"; mstflint-1.4-alt2.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/bin/hca_self_test.ofed: $ grep -A5 -B5 /tmp/ /usr/bin/hca_self_test.ofed fi # Check host driver initialization HOST_DRIVER_INIT=0 if [ $NUM_HCAS -ne 0 ] && [ $RPM_CHECK_FAIL -eq 0 ]; then MODPROBE_OUT_FILE="/tmp/hca_self_test_modprobe.output" # Save the output of modprobe ib_ipoib in a tmp file modprobe ib_ipoib &> $MODPROBE_OUT_FILE let RET_CODE=$? if [ $RET_CODE -eq 0 ]; then echo -e "Host Driver Initialization ............. ${green}PASS" -- # Kernel syslog check # Save the output of dmesg in a tmp file if [ $HOST_DRIVER_INIT -eq 1 ]; then dmesg > /tmp/hca_self_test_dmesg.output VAPI_ERROR_COUNT=`egrep oom-\|"Out of Memory"\|tsIb\|VAPI\|THH_\|THHUL\|KERNEL_IB\|IB_NET\|MOD_LNX_SDP /tmp/hca_self_test_dmesg.output 2> /dev/null | grep -v 'SOCK: GETSOCKOPT unimplemented option <2>' | wc -l` OOPS_COUNT=`grep Oops /tmp/hca_self_test_dmesg.output 2> /dev/null | wc -l` KERNEL_PANIC_COUNT=`grep "Kernel panic" /tmp/hca_self_test_dmesg.output 2> /dev/null | wc -l` if [ $VAPI_ERROR_COUNT -eq 0 ] && [ $OOPS_COUNT -eq 0 ] && [ $KERNEL_PANIC_COUNT -eq 0 ]; then echo -e "Kernel Syslog Check .................... ${green}PASS" tput sgr0 else echo -e "Kernel Syslog Check .................... ${red}FAIL" tput sgr0 EXIT_CODE=1 if [ $OOPS_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Oops " grep Oops /tmp/hca_self_test_dmesg.output | uniq | awk -F'\n' '{print " " $1 }' fi if [ $KERNEL_PANIC_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Kernel panic " grep "Kernel panic" /tmp/hca_self_test_dmesg.output | uniq | awk -F'\n' '{print " " $1 }' fi if [ $VAPI_ERROR_COUNT -ne 0 ]; then echo " REASON: Kernel syslog reported: Driver messages " egrep oom-\|"Out of Memory"\|tsIb\|VAPI\|THH_\|THHUL\|KERNEL_IB\|IB_NET\|MOD_LNX_SDP /tmp/hca_self_test_dmesg.output | grep -v 'SOCK: GETSOCKOPT unimplemented option <2>' | uniq | awk -F'\n' '{print " " $1 }' fi fi else echo "Kernel Syslog Check .................... NA" fi -- done fi echo "------------------ DONE ---------------------" echo #rm -f /tmp/hca_self_test_modprobe.output rm -f /tmp/hca_self_test_dmesg.output exit $EXIT_CODE; openct-0.6.20-alt1.x86_64 init-lsb warn /etc/rc.d/init.d//openct: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; openct-0.6.20-alt1.x86_64 subdir-in-var-run info Found a subdir in /var/run or /var/lock. /var/run and /var/lock may be mounted as temporary filesystems, so the init.d scripts must handle this correctly. This will typically amount to creating any required subdirectories dynamically when the init.d script is run, rather than including them in the package and relying on rpm to create them.; perl-xCAT-2.5.1-alt0.4.2.noarch uncompressed-manpages info Package contains uncompressed manual pages.; remount_rw-0.6-alt1.noarch altlinux-find-lang-mo warn Language specific files in /usr/share/locale should be marked, for example, using %find_lang. See http://www.altlinux.org/FindLangPolicy for details.; remount_rw-0.6-alt1.noarch init-condrestart warn /etc/rc.d/init.d/remount_rw: missing condrestart target. Note: alt-specific script %_sbindir/post_service (used in %post_service macro) depends on condrestart. It is wise to add condrestart anyway./etc/rc.d/init.d/remount_rw: missing condstop target. Note: alt-specific script %_sbindir/preun_service (used in %preun_service macro) depends on condstop. It is wise to add condstop anyway.; remount_rw-0.6-alt1.noarch init-lsb warn /etc/rc.d/init.d//livecd-save-state: lsb init header missing. /etc/rc.d/init.d//remount_rw: strange executable: neither lsb header nor chkconfig header aren't found. See http://www.altlinux.org/Services_Policy for details.; remount_rw-0.6-alt1.noarch missing-url info Missing Url: in a package.; rnfs-utils-1.1.5-alt2.x86_64 missing-url info Missing Url: in a package.; xCAT-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-2.5.1-alt0.4.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /var/lib/xcat/postscripts/xcatinstallpost: $ grep -A5 -B5 /tmp/ /var/lib/xcat/postscripts/xcatinstallpost PATH=/xcatpost:$PATH export PATH chmod +x /xcatpost/*; if [ -x /usr/bin/openssl ]; then SIP=`grep "^MASTER=" /tmp/mypostscript.post |cut -d= -f2` XCATSERVER="$SIP:3001" export XCATSERVER USEOPENSSLFORXCAT=1 #Though this is the only method going forward, flag to allow backward compatibility with 2.2 generated netboot images export USEOPENSSLFORXCAT fi DHCP_TMP=`sed 's/\(DHCPINTERFACES=\)\(.*\)$/\1"\2"/' /tmp/mypostscript.post` echo "$DHCP_TMP" > /tmp/mypostscript.post echo "updateflag.awk \$MASTER 3002 \"installstatus booted\"" >> /tmp/mypostscript.post chmod +x /tmp/mypostscript.post if [ -x /tmp/mypostscript.post ];then /tmp/mypostscript.post fi Found error in /var/lib/xcat/postscripts/xcatdsklspost.aix: $ grep -A5 -B5 /tmp/ /var/lib/xcat/postscripts/xcatdsklspost.aix } # check & run the postscript my $scriptname = "/xcatpost/".$shorthost; if ($osname eq "Linux") { $scriptname = "/tmp/mypostscript"; } if (-f $scriptname) { my $rc = system("$scriptname"); if ($rc >> 8) -- print $stunconf "verify=0\n"; print $stunconf "[xcatd]\n"; print $stunconf "accept=400\n"; print $stunconf "connect=$ip:3001\n"; close($stunconf); my $getcmd = "stunnel; sleep 1; mkdir -p /xcatpost; cd /xcatpost; wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$ip/install/postscripts; mv $ip/install/postscripts/* .; chmod +x /xcatpost/*; /xcatpost/getpostscript.awk | sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript; chmod +x /tmp/mypostscript"; if (&runcmd($getcmd) != 0) { print $::LOG_FILE "$::sdate xcatdsklspost: Could not get xcatpost.tar.gz.\n"; return 1; Found error in /var/lib/xcat/postscripts/xcatdsklspost: $ grep -A5 -B5 /tmp/ /var/lib/xcat/postscripts/xcatdsklspost max_retries=5 retry=0 rc=1 while [ 0 -eq 0 ]; do wget -l inf -nH -N -r --waitretry=10 --random-wait -T 60 ftp://$server/postscripts -P /xcatpost --cut-dirs=1 2> /tmp/wget.log rc=$? if [ $rc -eq 0 ]; then return 0; fi -- if [ ! -d /xcatpost ]; then mkdir -p /xcatpost; fi if [ ! -d /tmp/postage ]; then mkdir -p /tmp/postage fi rm -R -f /xcatpost/* rm -R -f /tmp/postage/* #here we get all the postscripts. Please do not change this behaviour because some scripts depend on others cd /tmp/postage if [ "$MODE" == "4" ]; then # for statelite mode # We have written the xCATSERVER info into the kernel command line!! for i in `cat /proc/cmdline`; do -- export XCATSERVER USEOPENSSLFORXCAT=1 #Though this is the only method going forward, flag to allow backward compatibility with 2.2 generated netboot images export USEOPENSSLFORXCAT fi /xcatpost/getpostscript.awk | sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript; MYCONT=`grep MASTER /tmp/mypostscript` #echo "MYCONT=$MYCONT" #if getpostscript.awk fails, the postscript will fall into infinit loop #so one retry_number is added to avoid sunc a condition MAX_RETRIES=10 RETRY=0 -- let SLI=$RANDOM%10 let SLI=10+$SLI sleep $SLI /xcatpost/getpostscript.awk | sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript; MYCONT=`grep MASTER /tmp/mypostscript` if [ ! -z "$MYCONT" ]; then break; fi done #save the MASTER into the xcatinfo file for node deployment case, #for updatenode case, only save it when -M is specified if [ $NODE_DEPLOYMENT -eq 1 ] || [ "$MODE" == "4" ]; then new_ms=`grep '^MASTER' /tmp/mypostscript |cut -d= -f2` fi if [ -n "$new_ms" ]; then if [ ! -f /opt/xcat/xcatinfo ]; then mkdir -p /opt/xcat touch /opt/xcat/xcatinfo -- # when called by the updatenode command #modify the UPDATENODE flag to 1 if [ "$MODE" == "1" ] || [ "$MODE" == "2" ]; then TMP=`sed -e 's/UPDATENODE=0/UPDATENODE=1/g' /tmp/mypostscript`; echo "$TMP" > /tmp/mypostscript; fi if [ "$MODE" == "5" ]; then TMP=`sed -e 's/UPDATENODE=0/UPDATENODE=1\nUPDATESECURITY=1\nexport UPDATESECURITY/g' /tmp/mypostscript`; echo "$TMP" > /tmp/mypostscript; fi # postscript name is specified with the updatenode if [ "XX$POSTSCRIPTS" != "XX" ]; then #remove all the postbootscripts TMP=`sed "/postbootscripts-start-here/,/postbootscripts-end-here/ d" /tmp/mypostscript` echo "$TMP" > /tmp/mypostscript #remove all the postscripts TMP=`sed "/postscripts-start-here/,/postscripts-end-here/ d" /tmp/mypostscript` echo "$TMP" > /tmp/mypostscript echo "# postscripts-start-here\n" >> /tmp/mypostscript #add requested postscripts in echo "$POSTSCRIPTS" | tr "," "\n" >> /tmp/mypostscript echo "# postscripts-end-here\n" >> /tmp/mypostscript fi #ADDSITEYUM is set by post.rh and post.rh.iscsi for full installtion #if [[ "$ADDSITEYUM" = "1" ]]; then # TMP=`sed "/postscripts-start-here/ a addsiteyum" /tmp/mypostscript` # echo "$TMP" > /tmp/mypostscript #fi #MYCONT=`cat /tmp/mypostscript` #echo "$MYCONT" # use the run_ps subroutine to run the postscripts TMP=`sed "/postscripts-start-here/,/postscripts-end-here/ s/\(.*\)/run_ps \1/;s/run_ps\s*#/#/;s/run_ps\s*$//" /tmp/mypostscript` echo " # subroutine used to run postscripts run_ps () { local os= local script="\$1" -- echo \"Postscript \$script does NOT exist.\" | tee -a \$logfile fi } # subroutine end " > /tmp/mypostscript echo "$TMP" >> /tmp/mypostscript TMP=`sed "/postbootscripts-start-here/,/postbootscripts-end-here/ s/\(.*\)/run_ps \1/;s/run_ps\s*#/#/;s/run_ps\s*$//" /tmp/mypostscript` echo "$TMP" > /tmp/mypostscript if [ $NODE_DEPLOYMENT -eq 1 ] || [ "$MODE" == "4" ]; then #notify the server that we are done with netbooting CNS=`grep NODESTATUS= /tmp/mypostscript |awk -F = '{print $2}'` if [ -z "$CNS" ] || [ "$CNS" != "'0'" -a "$CNS" != "'N'" -a "$CNS" != "'n'" ]; then echo "updateflag.awk \$MASTER 3002 \"installstatus booted\"" >> /tmp/mypostscript fi fi DHCP_TMP=`sed 's/\(DHCPINTERFACES=\)\(.*\)$/\1"\2"/' /tmp/mypostscript` echo "$DHCP_TMP" > /tmp/mypostscript chmod +x /tmp/mypostscript if [ -x /tmp/mypostscript ];then /tmp/mypostscript fi #rm -f /tmp/mypostscript #tell user it is done when this is called by updatenode command if [ "$MODE" == "1" ] || [ "$MODE" == "2" ] || [ "$MODE" == "5" ]; then echo "returned from postscript" fi Found error in /var/lib/xcat/postscripts/setupesx: $ grep -A5 -B5 /tmp/ /var/lib/xcat/postscripts/setupesx fi # create a script that will launch the first time ESX does and configure # the network cat >/tmp/esxcfg.sh <>/etc/rc.d/rc.local <|' | sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_dsa_hostkey #check the message is an error or not grep -E '' /tmp/ssh_dsa_hostkey if [ $? -ne 0 ]; then #the message received is the data cat /tmp/ssh_dsa_hostkey | grep -E -v '||' >$SSHDIR/ssh_host_dsa_key logger -t xCAT ssh_dsa_hostkey MYCONT=`cat $SSHDIR/ssh_host_dsa_key` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 -- if ! grep "PRIVATE KEY" $SSHDIR/ssh_host_dsa_key > /dev/null 2>&1 ; then rm $SSHDIR/ssh_host_dsa_key fi else #the message received is an error, so parse it ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_dsa_hostkey` logger -t xCAT Error: $ERR_MSG fi rm /tmp/ssh_dsa_hostkey getcredentials.awk ssh_rsa_hostkey | grep -E -v '|' | sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_rsa_hostkey #check whether the message is an error or not grep -E '' /tmp/ssh_rsa_hostkey if [ $? -ne 0 ]; then #the message received is the data we request cat /tmp/ssh_rsa_hostkey | grep -E -v '||' >$SSHDIR/ssh_host_rsa_key logger -t xCAT ssh_rsa_hostkey MYCONT=`cat $SSHDIR/ssh_host_rsa_key` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 -- if ! grep "PRIVATE KEY" $SSHDIR/ssh_host_rsa_key > /dev/null 2>&1 ; then rm $SSHDIR/ssh_host_rsa_key fi else #This is an error message ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_rsa_hostkey` logger -t xCAT Error: $ERR_MSG fi rm /tmp/ssh_rsa_hostkey if [ -r /etc/xCATSN ] ; then mkdir -p /etc/xcat/hostkeys cp $SSHDIR/ssh* /etc/xcat/hostkeys/. fi -- mkdir -p /root/.ssh/ sleep 1 if [ $ENABLESSHBETWEENNODES = "YES" ]; then getcredentials.awk ssh_root_key | grep -E -v '|'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/ssh_root_key #check whether the message is an error or not grep -E '' /tmp/ssh_root_key if [ $? -ne 0 ]; then #The message contains the data we request cat /tmp/ssh_root_key | grep -E -v '||' > /root/.ssh/id_rsa logger -t xCAT ssh_root_key MYCONT=`cat /root/.ssh/id_rsa` while [ -z "$MYCONT" ]; do let SLI=$RANDOM%10 let SLI=SLI+10 -- getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa MYCONT=`cat /root/.ssh/id_rsa` done else #This is an error message ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/ssh_root_key` logger -t xCAT ssh_root_key Error: $ERR_MSG fi rm /tmp/ssh_root_key if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then rm /root/.ssh/id_rsa fi if [ -r /root/.ssh/id_rsa ]; then Found error in /var/lib/xcat/postscripts/otherpkgs: $ grep -A5 -B5 /tmp/ /var/lib/xcat/postscripts/otherpkgs if [ "$plain_pkgs" != "" ]; then if [ $mounted -eq 0 ]; then dir_no_ftproot=${OTHERPKGDIR#$INSTALLDIR/} mkdir -p /xcatpost/$dir_no_ftproot rm -f -R /xcatpost/$dir_no_ftproot/* mkdir -p /tmp/postage/ rm -f -R /tmp/postage/* cd /tmp/postage for x in `echo "$plain_pkgs" | tr " " "\n"` do wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$OTHERPKGDIR/$x 2> /tmp/wget.log done mv $dir_no_ftproot/* /xcatpost/$dir_no_ftproot; rm -rf $NFSSERVER cd /xcatpost/$dir_no_ftproot; xCAT-client-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-client-2.5.1-alt0.4.noarch rpm-filesystem-conflict-file-file warn There are file conflicts with the package pssh-1.3.1-alt3.1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; There are file conflicts with the package putty-0.60-alt4.x86_64. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; xCAT-client-2.5.1-alt0.4.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/rvid/rvid.xen: $ grep -A5 -B5 /tmp/ /usr/share/xcat/rvid/rvid.xen ( flock 200 vncviewer :$myport -via $rvid_server AutoSelect=0 FullColor=1 >& /dev/null & sleep 0.2 flock -u 200 ) 200> /tmp/xcat/virtvnclock Found error in /usr/share/xcat/rvid/rvid.kvm: $ grep -A5 -B5 /tmp/ /usr/share/xcat/rvid/rvid.kvm ( flock 200 vncviewer :$myport -via $rvid_server AutoSelect=0 FullColor=1 >& /dev/null & sleep 0.2 flock -u 200 ) 200> /tmp/xcat/virtvnclock Found error in /usr/share/xcat/rvid/rvid.imm: $ grep -A5 -B5 /tmp/ /usr/share/xcat/rvid/rvid.imm #!/bin/bash # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html mkdir -p /tmp/xcat JAVADETECTED=`which javaws 2> /dev/null` if [ -z "$JAVADETECTED" ]; then echo "Error: javaws not in path, unable to execute remote video" exit 1 fi echo $rvid_jnlp > /tmp/xcat/wvid_imm_$$.jnlp javaws /tmp/xcat/wvid_imm_$$.jnlp >& /dev/null if [ ! -z "$rvid_mediajnlp" ]; then echo $rvid_mediajnlp > /tmp/xcat/wvid_imm_media_$$.jnlp javaws /tmp/xcat/wvid_imm_media_$$.jnlp >& /dev/null rm /tmp/xcat/wvid_imm_media_$$.jnlp >& /dev/null fi rm /tmp/xcat/wvid_imm_$$.jnlp >& /dev/null Found error in /usr/sbin/tabedit: $ grep -A5 -B5 /tmp/ /usr/sbin/tabedit # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html # Opens the specified table in the users editor;writes changes back to the db function cexit { if [ -d /tmp/tabedit.$$ ]; then rm -rf /tmp/tabedit.$$; fi exit } trap cexit 2 15 -- echo " tabedit [-? | -h | --help]"; exit 1 fi # Dump the table to a temporary file mkdir -p /tmp/tabedit.$$/ $XCATROOT/bin/xcatclientnnr tabdump $TABLE > /tmp/tabedit.$$/$TABLE.csv # Save the checksum to see if it actually changes.. if [ `uname` = "AIX" ]; then SUMPROGRAM=sum else SUMPROGRAM=md5sum fi SUM=`$SUMPROGRAM /tmp/tabedit.$$/$TABLE.csv` # Edit the file, then check it EXIT=0 while [ $EXIT -eq 0 ]; do cd /tmp/tabedit.$$ $TABEDITOR $TABLE.csv cd - >/dev/null NEWSUM=`$SUMPROGRAM /tmp/tabedit.$$/$TABLE.csv` if [ "$NEWSUM" == "$SUM" ]; then echo "No file modifications detected, not restoring." break; fi if `dirname $0`/tabrestore /tmp/tabedit.$$/$TABLE.csv; then break; else echo "Above errors occured, hit enter to edit, or ctrl-c to abort" read JNK fi; xCAT-nbroot-core-ppc64-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-nbroot-core-ppc64-2.5.1-alt0.4.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/ppc64/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/ppc64/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/ppc64/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done; xCAT-nbroot-core-x86-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-nbroot-core-x86-2.5.1-alt0.4.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/x86/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/x86/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/x86/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done; xCAT-nbroot-core-x86_64-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-nbroot-core-x86_64-2.5.1-alt0.4.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/x86_64/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/x86_64/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/x86_64/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done; xCAT-netboot-alt-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.; xCAT-server-2.5.1-alt0.4.2.noarch init-lsb warn /etc/rc.d/init.d//xcatd: lsb init header missing. See http://www.altlinux.org/Services_Policy for details.; xCAT-server-2.5.1-alt0.4.2.noarch missing-url info Missing Url: in a package.; xCAT-server-2.5.1-alt0.4.2.noarch unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/add-on/autogpfs/autogpfsd.pl: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/add-on/autogpfs/autogpfsd.pl openlog('autogpfsd','','local0'); syslog($type,$msg); closelog(); #no syslog hack system("(date;echo : $type $msg) >>/tmp/autogpfsd.log"); } END { unlink PIDFILE if $$ == $pid; }; xCATsn-2.5.1-alt0.4.noarch missing-url info Missing Url: in a package.;