Bugzilla – Attachment 702 Details for
Bug 4742
40c4ab1da4a30dc1ca40e543f6385e1336d8810c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c
leapp-report.txt (text/plain), 18.72 KB, created by
liuxiaolong
on 2023-04-08 13:12:48 UTC
(
hide
)
Description:
Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c
Filename:
MIME Type:
Creator:
liuxiaolong
Created:
2023-04-08 13:12:48 UTC
Size:
18.72 KB
patch
obsolete
>Risk Factor: high (inhibitor) >Title: Unsupported vsftpd configuration >Summary: tcp_wrappers support has been removed in BCLinux8. Some configuration files set the tcp_wrappers option to true and there is some vsftpd-related configuration in /etc/hosts.deny or /etc/hosts.allow. Please migrate it manually. Firewalld can be used as a firewall level replacement for TCP Wrappers.The list of problematic configuration files: > - /etc/vsftpd/vsftpd.conf >Key: 0edde684a9fc7731f765c7aad1acdbfc0b8078a8 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high (inhibitor) >Title: The pam_tally2 pam module(s) no longer available >Summary: The services system-auth-ac using PAM are configured to use pam_tally2 module(s), which is no longer available in Red Hat Enterprise Linux 8. >Remediation: [hint] If you depend on its functionality, it is recommended to migrate to pam_faillock. Otherwise please remove the pam module(s) from all the files under /etc/pam.d/. >Key: ce6abfb001da076686ffdd4ab61d28eb12d12569 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high (inhibitor) >Title: TCP Wrappers configuration affects some installed packages >Summary: tcp_wrappers support has been removed in BCLinux 8. There is some configuration affecting installed packages (namely audit, rpcbind, quota, nfs-utils) in /etc/hosts.deny or /etc/hosts.allow, which is no longer going to be effective after update. Firewalld can be used as a firewall level replacement for TCP Wrappers.Please migrate it manually. >Key: 80bfa2b5a317cdd7a88a8742f7447b8cb65d0848 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: Found some active modules not signed by bclinux, redhat or centos >Summary: The following active modules are not signed by bclinux, redhat or centos, please make sure they can be compat with new kernel: >- binfmt_misc >- iptable_filter >- vmw_vsock_vmci_transport >- vsock >- sb_edac >- iosf_mbi >- crc32_pclmul >- ghash_clmulni_intel >- aesni_intel >- lrw >- gf128mul >- glue_helper >- ppdev >- ablk_helper >- cryptd >- vmw_balloon >- joydev >- pcspkr >- sg >- parport_pc >- parport >- i2c_piix4 >- vmw_vmci >- ip_tables >- xfs >- libcrc32c >- sr_mod >- cdrom >- sd_mod >- crc_t10dif >- crct10dif_generic >- ata_generic >- pata_acpi >- crct10dif_pclmul >- crct10dif_common >- crc32c_intel >- vmwgfx >- serio_raw >- drm_kms_helper >- syscopyarea >- ahci >- sysfillrect >- sysimgblt >- fb_sys_fops >- ttm >- libahci >- vmw_pvscsi >- vmxnet3 >- drm >- ata_piix >- libata >- drm_panel_orientation_quirks >- nfit >- libnvdimm >- dm_mirror >- dm_region_hash >- dm_log >- dm_mod >Key: 0ff561a602a6fa300e3e5014e0287020394ccddf >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: systemd related configs have importand changes in new version >Summary: /etc/systemd/journal.conf import two options: SystemMaxFiles and RuntimeMaxFiles. These two options are used to limit the count of journal files, default is 100. So in BCLinux8, the default journal files will be 100, and the journal files olderthan 100 will be removed, thus system logs will be lost when os has large number of logs. >/etc/systemd/journal.conf move option ForwordToSyslog from yes to no by default, this means that logs recevied by journal are no longer forwarded to syslog by default, BCLinux8 use rsyslog by default and rsyslog reads directly journal data. >/etc/systemd/system.conf rename CrashChVT to CrashChangeVT, the old options are still compatible, but the valut meaning of CrashChangeVT has changed. BCLinux7 accepts int type parameters, where a positive number represents the virtual terminal corresponding to this number when systemd crashes, such as /dev/tty1, and a zero or negative number indicates that systemd does not switch virtual terminals when systemd crashes. In bclinux8, it accepts positive or bool type parameters, but it is still compatible with the old parameter types. A positive number means that systemd will switch to the virtual terminal corresponding to this number when a crash occurs. A negative number /0/no/n/false/f/off means that systemd will not switch the virtual terminal when a crash occurs. The yes/y/true/t/on parameter represents the virtual terminal that switches to the kernel log printing when systemd crashes. The value of this parameter changes from 1 to no before and after the switch, indicating that the terminal will not be switched when systemd crashes. >/etc/systemd/system.conf configuration option DefaultTasksMax changes: There is no limit by default in bclinux7. In bclinux8.2, the number of threads that each service can have is min (kernel.pid_max, kernel.threads-max, pids.max of root-cgroup) * 80% by default. > >Key: f77a08e99af1a1b39188c31c3763c635135d8dbb >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: Some important changes about glibc >Summary: The GLIBC version of BCLinux8 is 2.28. This version no longer supports nss related modules, no longer providing libnss_nis.so, libnss_nisplus.so. >/etc/nsswitch.conf deletes all configurations related to nis. The fast cache mechanism provided by the sssd can enhance the parsing performance of user and groups, /etc/nsswitch.conf defaults to set the preferences for passwd and group for sss. >All code that relies and uses the nis module requires rectification, you can use tirpc instead. >Key: 4a827ef2a5b9e218369ef2ce0f383ff05f8ffb86 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: GRUB core will be updated during upgrade >Summary: On legacy (BIOS) systems, GRUB core (located in the gap between the MBR and the first partition) does not get automatically updated when GRUB is upgraded. >Key: baa75fad370c42fd037481909201cde9495dacf4 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: Difference in Python versions and support in BCLinux 8 >Summary: In BCLinux 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. >Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade >Key: a279aa0fd9e4504734717fdaa9df48a5e739697d >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: Packages not signed by Red Hat found on the system >Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them: >- nmon >- openssh >- openssh-clients >- openssh-server >Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: high >Title: openssl ciphers have import changes between 1.0.2 and 1.1.1 >Summary: BCLinux8 will introduce openssl 1.1.1, openssl-1.1.1 remove some ciphers which are default enabled on openssl-1.0.2, these ciphers are: >DH-DSS-AES256-GCM-SHA384 >DH-RSA-AES256-GCM-SHA384 >DH-RSA-AES256-SHA256 >DH-DSS-AES256-SHA256 >DH-RSA-AES256-SHA >DH-DSS-AES256-SHA >DH-RSA-CAMELLIA256-SHA >DH-DSS-CAMELLIA256-SHA >ECDH-RSA-AES256-GCM-SHA384 >ECDH-ECDSA-AES256-GCM-SHA384 >ECDH-RSA-AES256-SHA384 >ECDH-ECDSA-AES256-SHA384 >ECDH-RSA-AES256-SHA >ECDH-ECDSA-AES256-SHA >DH-DSS-AES128-GCM-SHA256 >DH-RSA-AES128-GCM-SHA256 >DH-RSA-AES128-SHA256 >DH-DSS-AES128-SHA256 >DH-RSA-AES128-SHA >DH-DSS-AES128-SHA >DH-RSA-SEED-SHA >DH-DSS-SEED-SHA >DH-RSA-CAMELLIA128-SHA >DH-DSS-CAMELLIA128-SHA >ECDH-RSA-AES128-GCM-SHA256 >ECDH-ECDSA-AES128-GCM-SHA256 >ECDH-RSA-AES128-SHA256 >ECDH-ECDSA-AES128-SHA256 >ECDH-RSA-AES128-SHA >ECDH-ECDSA-AES128-SHA >EDH-RSA-DES-CBC3-SHA >EDH-DSS-DES-CBC3-SHA >DH-RSA-DES-CBC3-SHA >DH-DSS-DES-CBC3-SHA >ECDH-RSA-DES-CBC3-SHA >ECDH-ECDSA-DES-CBC3-SHA >KRB5-IDEA-CBC-SHA >KRB5-DES-CBC3-SHA >KRB5-IDEA-CBC-MD5 >KRB5-DES-CBC3-MD5 >ECDH-RSA-RC4-SHA >ECDH-ECDSA-RC4-SHA >RC4-MD5 >KRB5-RC4-SHA >KRB5-RC4-MD5 >Remediation: [hint] Please make sure your application do not use these ciphers and modify to use other ciphers. >Key: bf75fb7983c69074993888215d35600da270353b >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: medium >Title: Module pam_pkcs11 will be removed from PAM configuration >Summary: Module pam_pkcs11 was surpassed by SSSD and therefore it was removed from BCLinux-8. Keeping it in PAM configuration may lock out the system thus it will be automatically removed from PAM configuration before upgrading to BCLinux-8. Please switch to SSSD to recover the functionality of pam_pkcs11. >Remediation: [hint] Configure SSSD to replace pam_pkcs11 >Key: bf47e7305d6805e8bbeaa7593cf01e38030c23f3 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: medium >Title: chrony using default configuration >Summary: default chrony configuration in BCLinux8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives >Key: c4222ebd18730a76f6bc7b3b66df898b106e6554 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: Grep has incompatible changes in the next major version >Summary: If a file contains data improperly encoded for the current locale, and this is discovered before any of the file's contents are output, grep now treats the file as binary. >The 'grep -P' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching. >In locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving. >When searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly. >The 'grep -z' no longer automatically treats the byte '\200' as binary data. >Context no longer excludes selected lines omitted because of -m. For example, 'grep "^" -m1 -A1' now outputs the first two input lines, not just the first line. > >Remediation: [hint] Please update your scripts to be compatible with the changes. >Key: 94665a499e2eeee35eca3e7093a7abe183384b16 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: man-db.cron is not enabled by default >Summary: BCLinux8 move /etc/cron.d/man-db.cron from man-db to man-db-cron, man-db.cron is used to periodic update of man-db cache, if you need this feature, please instal man-db-cron. >Key: b17537db9c42ff141519da3d12da11af02270a98 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: sysvinit-tools is replaced by util-linux and procps-ng >Summary: In BCLinux 8, sysvinit-tools is removed, sysvinit-tools contains the following commands: last, lastb, mesg, wall, pidof and killall5. In BCLinux 8 system, last, lastb, mesg and wall are provided by util-linux, pidof is provided by procps-ng. >Killall5 is a systemV command, the BCLinux 7 / BCLinux 8 are now based on systemd. In addition, pidof provided by sysvinit-tools is actually a soft link to killall5. In BCLinux 8, pidof is provided by procps-ng instead. So, sysvinit-tools in BCLinux 8 is replaced by util-linux and procps-ng. >Key: a1e45711615f14f4df19143de10b2208a5f0b9a3 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: Postfix has incompatible changes in the next major version >Summary: Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net. >The backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8. >It can be turned on by running: "postconf -e compatibility_level=0 >It can be turned off by running: "postconf -e compatibility_level=2 > >In the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string. > >The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment. > >Postfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated. > >The "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified. > >The "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses. > >The "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost. > >The "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork. > >Postfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed. > >Key: 5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: audispd is moved from audit to audispd-plugins >Summary: In BCLinux8, audispd related files is moved to audispd-plugins package, and audispd-plugins is not installed by default, if you want to use audispd, please install audispd-plugins. >Key: 644c880c9bb477a6df0d9a175d23d9f575248d05 >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: low >Title: Some enabled RPM repositories are unknown to Leapp >Summary: The following repositories with Red Hat-signed packages are unknown to Leapp: >- sys >- redhat7.6 >And the following packages installed from those repositories may not be upgraded: >- python-chardet >- keyutils >- pcre-devel >- python2-libcomps >- libcomps >- tcp_wrappers >- dnf-data >- libtirpc >- libmpc >- rpcbind >- mtools >- libyaml >- libmodulemd >- python-enum34 >- glibc-devel >- gcc >- dnf >- libref_array >- gssproxy >- libnfsidmap >- checkpolicy >- openssl-devel >- policycoreutils-python >- libselinux-devel >- quota-nls >- libcgroup >- python3 >- python3-pip >- libsepol-devel >- libverto-libevent >- tcpdump >- python-IPy >- python2-dnf >- kernel-headers >- setools-libs >- unzip >- traceroute >- bc >- python-deltarpm >- createrepo >- quota >- python3-libs >- libdnf >- python-urllib3 >- libverto-devel >- syslinux >- telnet >- nfs-utils >- libreport-filesystem >- libevent >- libbasicobjects >- wget >- librepo >- glibc-headers >- libcom_err-devel >- rear >- attr >- zlib-devel >- krb5-devel >- audit-libs-python >- libsolv >- python2-hawkey >- deltarpm >- libusal >- libpath_utils >- python-requests >- python2-libdnf >- libkadm5 >- genisoimage >- vsftpd >- libpcap >- keyutils-libs-devel >- cpp >- python3-setuptools >- mpfr >- libcollection >- libsemanage-python >- pam-devel >- libini_config >Remediation: [hint] You can file a request to add this repository to the scope of in-place upgrades by filing a support ticket >Key: 8e89e20c645cea600b240156071d81c64daab7ad >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: info >Title: SElinux disabled >Summary: SElinux disabled, continuing... >Key: 4f25fea9b15b9d1d07d52cc1de02073f295dac3d >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >---------------------------------------- >Risk Factor: info >Title: Current PAM and nsswitch.conf configuration will be kept. >Summary: There is a new tool called authselect in BCLinux8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact. >Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c >ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag >----------------------------------------
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=702">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4742
: 702