Official SGUG YUM Repo - upgrade OpenSSH

massiverobot

irix detailer
Feb 8, 2019
106
83
28
Philly
twitter.com
I'm happy to announce that the official SGUG YUM repo is now up and active and ready to use. It currently contains a large amount of additional packages that were not available at the time of 007 (Moneypenny) release. These packages have been ported, built and tested on systems with the base RSE 007 installed. If you have RSE 007 installed I'll go over how to add the new repo and start installing some packages.

In conjunction with this YUM repo launch there is another critical update with the RSE OpenSSH packages. Thanks to the work of Vlad (vladv on discord) (https://github.com/vvuk) we have an updated openssh-server package that properly installs the startup and shutdown scripts for IRIX so that you can easily install and use this much more up-to-date and secure version of openssh!

I will go over upgrading my octane with the new openssh-server to show how to setup and use the new repo and packages.

Since we are updating ssh itself I'm going to telnet into my octane as root in order to do this update. For most of the other installs of RSE you can do them as your own user using sudo (which is a part of the RSE base system).


First I'll show you the update in terms of a ssh client. Below is a ssh into the octane before and after the openssh update:


Code:
Before:
$ ssh -v octane
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: Authenticating to octane:22 as 'dillera'


After:
$ ssh -v octane
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: Authenticating to octane:22 as 'dillera'

Ok, lets upgrade openssh and git rid of the old nekoware sshd.


Telnet into your system as root, run the bash shell in rse

Code:
dillera@trashcan ~ $ telnet octane
Connected to octane.diller.org.
Escape character is '^]'.

IRIX (octane.diller.org)

login: root

octane 103# /usr/sgug/bin/bash
bash-5.0#

Paste this block - it will create the new SGI.SH YUM repo file for you:

Code:
cat <<EOF > /usr/sgug/etc/yum.repos.d/ports.sgi.sh-007.repo
[ports.sgi.sh-007]
name=SGI.SH SGUG RSE 0.0.7 Moneypenny MIPS3
baseurl=https://ports.sgi.sh/repo/0.0.7
enabled=1
metadata_expire=3d
type=rpm
skip_if_unavailable=False
# don't use this now, but packages are signed and tdnf will be fixed soon to use them
# gpgcheck=1
# gpgkey=file:///usr/sgug/etc/pki/rpm-gpg/RPM-GPG-KEY-sgugrse-primary
# repo_gpgcheck=1
EOF

Now update your local RPM db with the new repo:
Code:
bash-5.0# /usr/sgug/bin/tdnf updateinfo


0 updates.
No data available
Note: that output is perfectly normal.


Stop the current nekoware ssh:

Code:
bash-5.0# /etc/init.d/neko_sshd stop

Upgrade openssh (I had an older version of openssh-client and openssh from RSE installed - not server)

Code:
bash-5.0# /usr/sgug/bin/tdnf upgrade openssh

Upgrading:
openssh-clients          mips         8.1p1-12.sgug.1  ports.sgi.sh-007   2.53M 2655597
openssh                  mips         8.1p1-12.sgug.1  ports.sgi.sh-007   3.22M 3377041

Total installed size:   5.75M 6032638
Is this ok [y/N]: y

Downloading:
openssh-clients                         650981   100%
openssh                                 926300   100%
Testing transaction
Running transaction
Installing/Updating: openssh-8.1p1-12.sgug.1.mips
Installing/Updating: openssh-clients-8.1p1-12.sgug.1.mips
Removing: openssh-clients-8.1p1-11.sgug.1.mips
Removing: openssh-8.1p1-11.sgug.1.mips

Complete!

Now install the new openssh that includes the proper setup for starting and stopping at boot/shutdown

Code:
bash-5.0# /usr/sgug/bin/tdnf install openssh-server

Installing:
openssh-server               mips           8.1p1-12.sgug.1     ports.sgi.sh-007   1.10M 1154029

Total installed size:   1.10M 1154029
Is this ok [y/N]: y

Downloading:
openssh-server                          464361   100%
Testing transaction
Running transaction
Installing/Updating: openssh-server-8.1p1-12.sgug.1.mips
Starting sshd:/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_ecdsa_key: : inaccessible or not found
/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_rsa_key: : inaccessible or not found
/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_ed25519_key: : inaccessible or not found
.

Complete!
Check that it is running:
Code:
bash-5.0# ps -ef |grep ssh
    root       1099          1  0 12:47:03 ?       0:00 /usr/sgug/sbin/sshd
Remove the old necoware hooks:
Code:
rm /etc/init.d/neko_sshd
rm /etc/rc2.d/S98neko_sshd
rm /etc/rc0.d/K02neko_sshd
And we are done.

Use tdnf (tiny dnf) to explore and manage your rpm package on your RSE IRIX. Enjoy all 2916 of the additonal packages available!

Code:
dillera@octane ~ $ sudo tdnf list | grep ports.sgi.sh-007 | wc -l
2916
[ICODE]
 
Last edited:

massiverobot

irix detailer
Feb 8, 2019
106
83
28
Philly
twitter.com
I fixed up the /usr/sgug/etc/yum.repos.d/ports.sgi.sh-007.repo so it's correct and working.

tdnf will be fixed soon I think and allow full gpg checking of packages! Check back in a week.
 
  • Like
Reactions: Elf

stormy

Member
Jun 23, 2019
86
35
18
Amazing! Can't wait to do this, thanks for all the hard work with everyone involved.
 

stormy

Member
Jun 23, 2019
86
35
18
@massiverobot
When doing step: "Now update your local RPM db with the new repo:"
Code:
root@OCTANEM /usr/sgug/bin $ ./tdnf updateinfo
Refreshing metadata for: 'Sgugrse Local 0.0.7beta - mips'
Refreshing metadata for: 'Simple Sgugrse -'604   100%
curl#6: Couldn't resolve host name
Error(1207) : Unknown error
Error: Failed to synchronize cache for repo 'Simple Sgugrse -' from 'http://dandyum2.irix.fun/repos/007'
Error(1207) : Unknown error
I've got some sort of issue... any ideas? thx
 

About us

  • Silicon Graphics User Group (SGUG) is a community for users, developers, and admirers of Silicon Graphics (SGI) products. We aim to be a friendly hobbyist community for discussing all aspects of SGIs, including use, software development, the IRIX Operating System, and troubleshooting, as well as facilitating hardware exchange.

User Menu