[Pkg-gridengine-devel] Bug#693722: gridengine: use recent version and updated packaging
Dave Love
d.love at liverpool.ac.uk
Sun Nov 18 23:02:49 UTC 2012
Source: gridengine
Severity: wishlist
Tags: security
I've worked on packaging for SGE to address problems with the current
version and to support (pre-release) SGE 8.1.3, though it will work with
the 8.1.2 with minor changes. The sge source
<https://arc.liv.ac.uk/trac/SGE/browser/sge> now has simple packaging
for installing into /opt/sge, but this is different.
There's a separate packaging repo at
<https://arc.liv.ac.uk/trac/SGE/browser/gridengine.debian> based on the
current Debian version, which will work with the latest snapshot
<http://arc.liv.ac.uk/downloads/SGE/snapshots/>. There are git and hg
repos in http://arc.liv.ac.uk/repos/{git,hg}/gridengine.debian.
I'm sure there are problems with it -- let me know and I'll try to look
into them. I don't properly understand current Debian packaging and the
specifics of the gridengine stuff, and I simplified it by punting to dh
defaults. I also may not have got conflicts/breaks right for the bits I
moved around. It solves real problems with the current packaging (such
as not shipping important parts), and there are hundreds of improvements
over 6.2u5 in the base.
I've tagged this security as this version:
* allows installing in CSP mode;
* changes the default configuration to avoid remote root without CSP,
assuming a separate qmaster <http://arc.liv.ac.uk/SGE/howto/sge-security.html>;
* fixes problems with sgepasswd (now included) which weren't addressed by
6.2u5-7.1 changes;
* avoids the remote startup part of the CVE that the bogus 6.2u5-7.1
change didn't get right.
The major incompatibility is that the remote startup is changed to the
default (builtin) so that tight integration (control and accounting)
works. If you really want to use ssh by default, the configuration
should install the PAM module in a suitable way on execution hosts.
It's possible to upgrade in place from 6.2u5, but there's no mechanism
in the packaging for supervising that by shutting down execds and
ensuring everything starts back up on a consistent version.
HTH.
More information about the Pkg-gridengine-devel
mailing list