Setup the Official SGUG Repo & upgrade OpenSSH

massiverobot

irix detailer
Feb 8, 2019
121
108
43
Philly
twitter.com
I'm happy to announce that the official SGUG YUM repo is now up and active and ready to use. It currently contains a large amount of additional packages that were not available at the time of 007 (Moneypenny) release. These packages have been ported, built and tested on systems with the base RSE 007 installed. If you have RSE 007 installed I'll go over how to add the new repo and start installing some packages.

In conjunction with this YUM repo launch there is another critical update with the RSE OpenSSH packages. Thanks to the work of Vlad (vladv on discord) (https://github.com/vvuk) we have an updated openssh-server package that properly installs the startup and shutdown scripts for IRIX so that you can easily install and use this much more up-to-date and secure version of openssh!

I will go over upgrading my octane with the new openssh-server to show how to setup and use the new repo and packages.

Since we are updating ssh itself I'm going to telnet into my octane as root in order to do this update. For most of the other installs of RSE you can do them as your own user using sudo (which is a part of the RSE base system).


First I'll show you the update in terms of a ssh client. Below is a ssh into the octane before and after the openssh update:


Code:
Before:
$ ssh -v octane
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: Authenticating to octane:22 as 'dillera'


After:
$ ssh -v octane
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: Authenticating to octane:22 as 'dillera'

Ok, lets upgrade openssh and git rid of the old nekoware sshd.


Telnet into your system as root, run the bash shell in rse

Code:
dillera@trashcan ~ $ telnet octane
Connected to octane.diller.org.
Escape character is '^]'.

IRIX (octane.diller.org)

login: root

octane 103# /usr/sgug/bin/bash
bash-5.0#

Paste this block - it will create the new SGI.SH YUM repo file for you:

Code:
cat <<EOF > /usr/sgug/etc/yum.repos.d/ports.sgi.sh-007.repo
[ports.sgi.sh-007]
name=SGI.SH SGUG RSE 0.0.7 Moneypenny MIPS3
baseurl=http://ports.sgi.sh/repo/0.0.7
enabled=1
metadata_expire=3d
type=rpm
skip_if_unavailable=False
gpgcheck=0
repo_gpgcheck=0
# don't use this now, but packages are signed and tdnf will be fixed soon to use them
# gpgkey=file:///usr/sgug/etc/pki/rpm-gpg/RPM-GPG-KEY-sgugrse-primary
EOF

Now update your local RPM db with the new repo:
Code:
bash-5.0# /usr/sgug/bin/tdnf updateinfo


0 updates.
No data available
Note: that output is perfectly normal.


Stop the current nekoware ssh:

Code:
bash-5.0# /etc/init.d/neko_sshd stop

Upgrade openssh (I had an older version of openssh-client and openssh from RSE installed - not server)

Code:
bash-5.0# /usr/sgug/bin/tdnf upgrade openssh

Upgrading:
openssh-clients          mips         8.1p1-12.sgug.1  ports.sgi.sh-007   2.53M 2655597
openssh                  mips         8.1p1-12.sgug.1  ports.sgi.sh-007   3.22M 3377041

Total installed size:   5.75M 6032638
Is this ok [y/N]: y

Downloading:
openssh-clients                         650981   100%
openssh                                 926300   100%
Testing transaction
Running transaction
Installing/Updating: openssh-8.1p1-12.sgug.1.mips
Installing/Updating: openssh-clients-8.1p1-12.sgug.1.mips
Removing: openssh-clients-8.1p1-11.sgug.1.mips
Removing: openssh-8.1p1-11.sgug.1.mips

Complete!

Now install the new openssh that includes the proper setup for starting and stopping at boot/shutdown

Code:
bash-5.0# /usr/sgug/bin/tdnf install openssh-server

Installing:
openssh-server               mips           8.1p1-12.sgug.1     ports.sgi.sh-007   1.10M 1154029

Total installed size:   1.10M 1154029
Is this ok [y/N]: y

Downloading:
openssh-server                          464361   100%
Testing transaction
Running transaction
Installing/Updating: openssh-server-8.1p1-12.sgug.1.mips
Starting sshd:/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_ecdsa_key: : inaccessible or not found
/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_rsa_key: : inaccessible or not found
/etc/init.d/sgug-sshd[100]: Generating /usr/sgug/etc/ssh/ssh_host_ed25519_key: : inaccessible or not found
.

Complete!
Check that it is running:
Code:
bash-5.0# ps -ef |grep ssh
    root       1099          1  0 12:47:03 ?       0:00 /usr/sgug/sbin/sshd
Remove the old necoware hooks:
Code:
rm /etc/init.d/neko_sshd
rm /etc/rc2.d/S98neko_sshd
rm /etc/rc0.d/K02neko_sshd
And we are done.

Use tdnf (tiny dnf) to explore and manage your rpm package on your RSE IRIX. Enjoy all 2916 of the additonal packages available!

Code:
dillera@octane ~ $ sudo tdnf list | grep ports.sgi.sh-007 | wc -l
2916
[ICODE]
 
Last edited:

massiverobot

irix detailer
Feb 8, 2019
121
108
43
Philly
twitter.com
I fixed up the /usr/sgug/etc/yum.repos.d/ports.sgi.sh-007.repo so it's correct and working.

tdnf will be fixed soon I think and allow full gpg checking of packages! Check back in a week.
 
  • Like
Reactions: Elf

stormy

Active member
Jun 23, 2019
133
55
28
Amazing! Can't wait to do this, thanks for all the hard work with everyone involved.
 

stormy

Active member
Jun 23, 2019
133
55
28
@massiverobot
When doing step: "Now update your local RPM db with the new repo:"
Code:
root@OCTANEM /usr/sgug/bin $ ./tdnf updateinfo
Refreshing metadata for: 'Sgugrse Local 0.0.7beta - mips'
Refreshing metadata for: 'Simple Sgugrse -'604   100%
curl#6: Couldn't resolve host name
Error(1207) : Unknown error
Error: Failed to synchronize cache for repo 'Simple Sgugrse -' from 'http://dandyum2.irix.fun/repos/007'
Error(1207) : Unknown error
I've got some sort of issue... any ideas? thx
 

jenna64bit

Administrator
Apr 18, 2020
86
23
8
Weird, could you paste what your DNF config looks like? I assume this wasn't a transient issue.
 

Laurent

New member
Nov 20, 2021
11
2
3
It's not working great for me either.

Code:
[sgugshell root@octane ~]# /usr/sgug/bin/tdnf upgrade openssh

Upgrading:
openssh-clients                                 mips                    8.1p1-12.sgug.1                 ports.sgi.sh-007          2.53M 2655597
openssh                                         mips                    8.1p1-12.sgug.1                 ports.sgi.sh-007          3.22M 3377041

Total installed size:   5.75M 6032638
Is this ok [y/N]: y

Downloading:
Segmentation fault
and for good measure:
Code:
[sgugshell root@octane ~]# tdnf distro-sync
warning: rpmdb: BDB2053 Freeing read locks for locker 0x47: 2028/65536
warning: rpmdb: BDB2053 Freeing read locks for locker 0x49: 2028/65536

Upgrading:
sgug-rpm-config                                 noarch                  3-3.sgug                        ports.sgi.sh-007           63.84k 65374
rpm-libs                                        mips                    4.15.0-20.sgug                  ports.sgi.sh-007         777.96k 796632
rpm                                             mips                    4.15.0-20.sgug                  ports.sgi.sh-007          3.57M 3743057
openssh-clients                                 mips                    8.1p1-12.sgug.1                 ports.sgi.sh-007          2.53M 2655597
openssh                                         mips                    8.1p1-12.sgug.1                 ports.sgi.sh-007          3.22M 3377041
desktop-file-utils                              mips                    0.24-4.sgug                     ports.sgi.sh-007         247.83k 253779

Total installed size:  10.39M 10891480
Is this ok [y/N]: y

Downloading:
sgug-rpm-config                          31586   100%
Segmentation fault
I need to have a look at tdnf for another problem, so I'll look into this as well when I can.
 

Laurent

New member
Nov 20, 2021
11
2
3
I had a quick look through gdb, it looks like a GPG problem:

Program received signal SIGSEGV, Segmentation fault.
0x0403e100 in TDNFGetGPGSignatureCheck () from /usr/sgug/lib32/libtdnf.so.3
 

Laurent

New member
Nov 20, 2021
11
2
3
The workaround is simple, while the PGP functionality is worked on. If GPG checking is actively turned off, the problem goes away.
Code:
echo "gpgcheck=0" >> /usr/sgug/etc/yum.repos.d/ports.sgi.sh-007.repo
 
  • Like
Reactions: mgtremaine

massiverobot

irix detailer
Feb 8, 2019
121
108
43
Philly
twitter.com
Right - you cannot use GPG to check the signed RPMS at this time. It looks like a tndf with llvm may be more promising, but it's still in the works.

if you don't trust me, or the team working on these do not install them! (You are welcome to build from src) :)

I have updated my original post to refect a better config for ports.sgi.sh-007.repo using the suggested setting from Laurent. Instead of just commenting out gpgcheck=1, set it to gpgcheck=0. I hope this helps people.
 
  • Like
Reactions: Elf and Laurent

stormy

Active member
Jun 23, 2019
133
55
28
Weird, could you paste what your DNF config looks like? I assume this wasn't a transient issue.
It's ok now, since this was added to the repo config:
Code:
gpgcheck=0
repo_gpgcheck=0
It's all working now thanks :)
 

massiverobot

irix detailer
Feb 8, 2019
121
108
43
Philly
twitter.com
updated to change HTTPS to HTTP.

Cert issues in RSE. HTTP works just as well, and I'm pretty certain no one is MITM'ing your IRIX binaries! I don't work for CIA however, YRMV!
 

About us

  • Silicon Graphics User Group (SGUG) is a community for users, developers, and admirers of Silicon Graphics (SGI) products. We aim to be a friendly hobbyist community for discussing all aspects of SGIs, including use, software development, the IRIX Operating System, and troubleshooting, as well as facilitating hardware exchange.

User Menu