Bug 18083

Summary: Seems shorewall blocks urpmi in fresh MGA6D1 installation
Product: Mageia Reporter: Rolf Pedersen <rolfpedersen>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact:
Severity: normal    
Priority: Normal CC: lists.jjorge, marja11, mrmazda, nic, sysadmin-bugs
Version: CauldronKeywords: 6dev1
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: shorewall CVE:
Status comment:
Attachments: journalctl snippet
mga6d1 x86_64 report.bug.gz

Description Rolf Pedersen 2016-03-28 16:14:53 CEST 
Just got the iso by torrent yesterday and verified md5sum.
Wrote to 8G usb key with recent version of Rosa Image Writer.
Installation proceeded, installed to test partition, chose 'Custom' to have the 'Development' group and selected plasma desktop.  In Security, I left the level at the Standard level displayed there and left Firewall at disabled or similar, did not touch Security.

I added the dhcp connection and chose to get updates, about 600 packages.

At first boot, I'm dropped to a text mode with reports concerning an X failure, which I configured during install to use the proprietary nvidia driver for NVIDIA GM206 [GeForce GTX 960]; I believe this uses something like '420 and later' which is pre-selected in XFdrake.

One strategy I followed was to update packages with 'urpmi -v --auto-update'
That finds about 200 packages and I OK.
Right away, there are many lines of shorewall messages that include 'reject' and urpmi tells me of a downloader failure to retrieve the first package.  This repeats with the next package if I choose to continue.

I stopped shorewall, with 'systemctl stop shorewall' iirc, and urpmi was successful.
Comment 1 Marja Van Waes 2016-03-28 20:24:04 CEST 
From bug 18084 I understood that you used a Classical iso to install from (because you chose "Custom" in the desktop selection screen)

Which iso you used to install from, is always welcome information ;-)

Could you please attach journalctl.txt that is the result of running, as root,

 journalctl -a --since="2016-03-27" --until="2016-03-28 hh:mm" > journalctl.txt

(date + time for --until should be set to shortly after seeing, after you stopped shorewall, that urpmi worked fine)

Keywords: (none) => 6dev1, NEEDINFO
CC: (none) => marja11

Comment 2 Rolf Pedersen 2016-03-29 04:50:37 CEST 
(In reply to Marja van Waes from comment #1)
> From bug 18084 I understood that you used a Classical iso to install from
> (because you chose "Custom" in the desktop selection screen)
> 
> Which iso you used to install from, is always welcome information ;-)
> 
Sorry, classic iso is all that was available when I read the announcement from Anne.  I got Mageia-6-dev1-x86_64-DVD.iso

> Could you please attach journalctl.txt that is the result of running, as
> root,
> 
>  journalctl -a --since="2016-03-27" --until="2016-03-28 hh:mm" >
> journalctl.txt
> 
> (date + time for --until should be set to shortly after seeing, after you
> stopped shorewall, that urpmi worked fine)

Ok.  FWIW,

Mar 27 21:03:31 urpmi called with "-v --auto-update"

Mar 27 21:06:36 Shorewall Stopped

Mar 27 21:13:03 RPM exits 0

Thanks.
Comment 3 Rolf Pedersen 2016-03-29 04:54:47 CEST 
Created attachment 7607 [details]
journalctl snippet

journalctl -a --since="2016-03-27" --until="2016-03-27 21:14" > journalctl.txt
Comment 4 Marja Van Waes 2016-04-01 21:14:07 CEST 
There are indeed a lot of such lines, when you run urpmi:

kernel: Shorewall:OUTPUT:REJECT:IN= OUT=enp16s0 SRC=192.168.1.101 DST=192.168.1.1 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=47147 DF PROTO=UDP SPT=45070 DPT=53 LEN=44 

Assigning to all packagers collectively, since shorewall has no maintainer.

However, no one else reported this issue, so maybe something happened to your shorewall setting while installing, after all?

Could you please also attach /root/drakx/report.bug.xz

Source RPM: (none) => shorewall
Assignee: bugsquad => pkg-bugs
Component: Release (media or process) => RPM Packages

Comment 5 Nic Baxter 2016-04-02 04:21:44 CEST 
There have been similar reports but no agreement on the cause.
One of them https://bugs.mageia.org/show_bug.cgi?id=17683

CC: (none) => nic

Comment 6 Rolf Pedersen 2016-04-02 05:53:47 CEST 
Created attachment 7615 [details]
mga6d1 x86_64 report.bug.gz

My recollection is that I didn't change security level from default Standard and didn't touch Security at all, except to click and view.  Firewall was disabled by default, according to this recollection.  Of course, something else might have happened.  

Since early 2000, when Mandrake set my uid to 501, I have used the same username and configured my user to 501.501, as I did for this installation and all the others on the lan, thinking of simplifying ssh or nomachine operations, for example.

That practice seems to be falling increasingly out of favor, I've been having to run userdrake to even see my user at login, and I'm preparing myself to go with the flow, before long.  I mention in case that move might have upset the apple cart, somehow. ;p  After initial problems with booting to X, I've changed my uid to 1000 on this installation.

[root@p8z68 rolf]# ll /mnt/disk/home/
total 1
drwxr-xr-x 20 1000 nx 856 Mar 30 09:11 rolf/
Comment 7 Nic Baxter 2016-04-02 05:58:10 CEST 
Yes the installer does indicate that the firewall is disabled but that is an incorrect message. Shorewall can't be disabled during installation.
Comment 8 José Jorge 2016-04-02 08:58:40 CEST 
I had the same problem. And fixed it reconfiguring the firewall. Then I added an USB WiFi dongle, and it didn't work either. And fixed it reconfiguring the firewall.

I must say I only used Live media for some years, but this "Shorewall can't be disabled during installation" sounds very end user annoying for me...

CC: (none) => lists.jjorge

Comment 9 Felix Miata 2016-04-27 06:08:37 CEST 
(In reply to Nic Baxter from comment #7)
> Yes the installer does indicate that the firewall is disabled but that is an
> incorrect message. Shorewall can't be disabled during installation.

I see no existing bug about doing something about this. It's annoying to uncheck the Shorewall box during installation, expecting the unneeded service to not be started on first boot, only to find the installation unusable because, X purposely not having been installed, all the vttys are constantly bombarded with  "Shorewall:OUTPUT:REJECT:" messages.

CC: (none) => mrmazda

Comment 10 Marja Van Waes 2021-03-06 22:17:24 CET 
No comments since almost 5 years ago, assuming this is no longer an issue and closing as OLD

Please reopen if you still hit this problem after installing Mageia 8

Please (In reply to Felix Miata from comment #9)
> (In reply to Nic Baxter from comment #7)
> > Yes the installer does indicate that the firewall is disabled but that is an
> > incorrect message. Shorewall can't be disabled during installation.
> 
> I see no existing bug about doing something about this.

There is, now: bug 23928

Resolution: (none) => OLD
Keywords: NEEDINFO => (none)
Status: NEW => RESOLVED