Messinet Secure Services

Messinet Secure Services is an ever-changing virtual classroom in which I learn about the GNU/Linux platform and all the services it can deliver. These services are the technological incarnation of an idea centered around keeping my family in touch with each other and technology.

Fedora 26 Upgrades Complete

With even more SELinux & systemd challenges, we’ve upgraded Messinet Secure Services from Fedora 25 to Fedora 26. This same lack of attention to SELinux and systemd integration occurred with the Fedora 24 to Fedora 25 upgrade and it is abundantly clear that upstream Fedora doesn’t value SELinux support for systemd daemons.

Another continuing disappointment is that SELinux still doesn’t really have functional policy support for machinectl, systemd-nspawn and full OS containers.

Even so, the Messinet Secure Services upgrades are complete and I’m no longer building for Fedora 25, which will soon be removed from the Fedora Linux RPM Repository. Of special note, I’ll only be building RPMs for x86_64, as i686 has been downgraded to a secondary arch in Fedora upstream.

Goodbye Fedora 24 & Hello Fedora 25

With some SELinux & systemd challenges, we’ve upgraded Messinet Secure Services from Fedora 24 to Fedora 25. It is clear that upstream Fedora is not getting enough testing for systemd daemons and SELinux 1398854, 1398856. In addition, it’s a bit disappointing that SELinux doesn’t really have policy support for systemd-nspawn and full OS containers.

Fedora 25’s systemd contains a regression 1398886 where CPUQuota= values greater than 100% are invalid. This was fixed upstream in August 2016, but didn’t get backported.

Kerberized NFS support via rpc.gssd is broken due to 1264556, now fixed as described in 1398370. This can be temporarily resolved by running rpc.gssd in the foreground by updating /usr/lib/systemd/system/rpc-gssd.service as shown below, though you’ll run into 1398857.

Description=RPC security service for NFS client and server





#ExecStart=/usr/sbin/rpc.gssd $RPCSVCGSSDARGS
ExecStart=/usr/sbin/rpc.gssd -f $RPCSVCGSSDARGS

All that aside, the upgrades are complete and I’m no longer building for Fedora 24, which is removed from the Fedora Linux RPM Repository.

Welcome Fedora 24!

We’ve completed our upgrades from Fedora 23 to Fedora 24 throughout Messinet Secure Services. In general, Fedora 24 has brought us a number of systemd improvements, though there are several SELinux issues when using systemd’s native tools such as systemd-networkd, systemd-resolved, systemd-timesyncd, etc. Many issues: 1317927, 1341829, 1351378, 1355593 generate

SELinux AVC avc: denied { mounton } ...

Even so, the upgrades are complete and I’ll be removing Fedora 23 from the Fedora Linux RPM Repository.

Comcast static IPv6 trial ending

Comcast’s Business Class internet service static IPv6 trial ended as of yesterday. Comcast anticipates the nationwide launch of static IPv6 to begin in early July 2016.

With the unfortunate gap in reliable IPv6 business class service from Comcast, Messinet Secure Services is preparing alternate IPv6 service arrangements. There will likely be intermittent service and network interruptions along the way as DNS and routing changes propagate throughout the internet.

When Comcast does finally roll out static IPv6, we hope that they have addressed the significant hardware issues detailed in this summary of Comcast’s support of IPv6 on their CPE for their copper cable network.

Removal of Enterprise Linux RPM Repository

Wow, it’s been quite a while!

I have a new job that takes up much more of my time and as Messinet Secure Services has moved to Fedora 23, I’ve had to drop packaging support for Enterprise Linux. I don’t operate Enterprise Linux systems here so as the packaging differences between Fedora and Enterprise Linux became more complex, it became harder for me to produce and properly test packages.

So I’m sorry to say that I’m no longer building Enterprise Linux packages. Perhaps someone with more time can take up the task. The spec files, patches and tools are always available in the now renamed Fedora Linux RPM Repository.

Fedora 22 Coming Soon!

Fedora 22 is set to be released on 2015-05-26 and Messinet Secure Services has been preparing our own RPMs for the upgrade. Most of the work is complete and available in our Fedora & Enterprise Linux RPM Repository.

In order to work toward the Fedora 22 release, I have had to drop support for Fedora 20 and Enterprise Linux 6 RPMs. After Messinet Secure Services completes the migration to Fedora 22, support for Fedora 21 will also be dropped.

Asterisk 13.0.0-beta1, DAHDI 2.10.0, Kamailio 4.2.0-dev, & PJSIP 2.2 RPMs

Today was a big day for Telephony & VoIP related RPM builds!

Fedora 20 & 21 RPMs for Asterisk 13.0.0-beta1 as well as Fedora 20, 21, & EL 7 RPMs for Kamailio 4.2.0-dev are availabile in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository.

In preparation for building Asterisk for Fedora 21 & EL 7, there are also PJSIP 2.2 (pjproject) RPMs in the mss-testing channel.

Fedora 20, 21 & EL 6, 7 RPMs for DAHDI-Linux & DAHDI-Tools 2.10.0 are also available in the main mss channel.

Moving forward, I hope to be able to provide near-development RPMs for the following:

  • Fedora 20
    • Asterisk
    • DAHDI-Linux & DAHDI-Tools
    • Kamailio
    • PJSIP
  • Fedora 21
    • Asterisk
    • DAHDI-Linux & DAHDI-Tools
    • Kamailio
    • PJSIP
  • Enterprise Linux 6
    • DAHDI-Linux & DAHDI-Tools
  • Enterprise Linux 7
    • Asterisk (coming soon)
    • DAHDI-Linux & DAHDI-Tools
    • Kamailio
    • PJSIP