[build system] patching post-mortem: back to normal!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[build system] patching post-mortem: back to normal!

shane knapp
all systems were updated fully, as it had been over a year since i'd
last done it.  risky, i know but...

things that went right:
* a lot of vulnerabilities in the systems were patched.  short list:
  - CVE-2017-1000364 (stack guard)
  - CVE-2017-1000363 (stack overflow)
  - CVE-2017-1000366 (gnu C libs)
  - CVE-2017-1000369  (exim, stack overflow)
  - CVE-2017-1000367 (sudo)

* applying the updates for the workers was easy, and all rebooted w/o issue

* this should hopefully be the last time i update these centos boxes,
as the ubuntu staging workers are much more solid and easier to deal
with (as well as being completely ansible-ized)

things that went wrong:
* update to system pypy package overwrote the symlink /usr/bin/pypy
and changed it to point back to pypy-2.0.2.  i had to delete the
symlink and create a new one pointing at

* all of the R-3.1.1 packages i installed manually via yum were
updated, causing the PRB to hang.  after uninstalling the updated
RPMs, reinstalling the original ones and rebuilding the CRAN packages
PRB builds went green

things are looking good right now, but please don't hesitate to ping
me here (or on github:  @shaneknapp) if something looks amiss.

thanks again, and sorry about the inconvenience!


To unsubscribe e-mail: [hidden email]