check_cpanel_rpms - p0f Missing

rpvw

Well-Known Member
Jul 18, 2013
1,101
472
113
UK
cPanel Access Level
Root Administrator
Is it worth considering the implications of using an 'exclude' for one or more packages (which leaves epel with the potential to overwrite loads of packages, even though they may not cause issues now - perhaps they might at some future time) ..... or 'includes 'to JUST update specific packages from the epel repo ?
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
I agree, this is just a short term fix.

Ideally you would only include the updates for packages you have installed from EPEL.

So for me "blacklisting" everything apart from redis/fail2ban would suit me.

Perhaps it could be something cPanel/WHM could build into the control panel to manage better than command line? (Just an idea) though it's a conflict issue with repos and not really cPanels fault.

I'll shut up now.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
472
113
UK
cPanel Access Level
Root Administrator
In that case, I would have thought that the line (in the epel.repo file)
Code:
includepkgs=redis fail2ban
would have done the trick. That should ONLY update redis and fail2ban from the epel repo AND NOTHING ELSE
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Correct, it solves it for my case. However for other users facing the same issue then it needs to be addressed.

Otherwise cPanel Users need to disable the EPEL repo. Which isn't really an option depending on each users case and their circumstances.

Anyway, cPanel have spoken and it seems it's a known issue and is being addressed.
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Simply running that command will only fix the issue until the next time the cPanel Update job runs (~24 hours). At which time, it will remove the rpm again and replace it with the one in the EPEL repo.

You need to tell the EPEL repo to not update the p0f rpm that cPanel provides.

In Centos 7, I edited the /etc/yum.repos.d/epel.repo and within the enabled block I added:
exclude=p0f*.el7.*

So the complete block looks like:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
failovermethod=priority
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
enabled=1
disabled=True
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
gpgcheck=1
exclude=p0f*.el7.*
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch

I then save and re run the following script:
/usr/local/cpanel/scripts/check_cpanel_rpms --fix command

Then, next time the cPanel Update scripts run, it will not get overwritten/removed.
 
  • Like
Reactions: Dradden45

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello,

To update, internal case CPANEL-8634 will address this issue in cPanel version 60 by ensuring the EPEL repository is disabled when invoking YUM from within cPanel. Note that EPEL is currently not a supported repository, and can cause unforeseen issues when enabled.

Thank you.
 

tommyxv

Well-Known Member
Jun 15, 2006
45
7
158
To correct this, you should added p0f*.el7.* to the excludes line in /etc/yum.conf
I can confirm that this method also works too. No errors this morning like the last few days.

Thanks again.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello,

To update, internal case CPANEL-8634 will address this issue in cPanel version 60 by ensuring the EPEL repository is disabled when invoking YUM from within cPanel. Note that EPEL is currently not a supported repository, and can cause unforeseen issues when enabled.

Thank you.
We're also including CPANEL-8634 with cPanel version 58. A new build is tentatively scheduled for publication today, and I'll update this thread once it's released.

Thank you.
 

twhiting9275

Well-Known Member
Sep 26, 2002
560
28
178
cPanel Access Level
Root Administrator
Twitter
EPEL is a very valid repository. Instead of trying to discredit them and blame them, perhaps you should be fixing the core issue here... There are conflicts between the two versions and they should be resolved, not just blamed on someone else.

I understand it's easier to blame someone else for your conflicts, but, that's about as unprofessional as it gets.

I've been dealing with EPEL for years now. There are absolutely no 'unforeseen issues', except with your software. Seems the problem isn't with EPEL, but with your software version.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello @twhiting9275,

Thank you for the valued feedback. To clarify, the resolution associated with CPANEL-8634 won't permanently disable the EPEL YUM repo on a server. Instead, the change will only temporarily disable the EPEL repo when invoking YUM from within cPanel. This addresses the issue, while also allowing for the continued use of the custom repo. There's also discussion in this case of officially supporting EPEL, but that's not something we'd be able to implement right away due to the testing required to determine all of the existing incompatibilities.

Currently, the issue is addressed in cPanel version 59 (development build for cPanel version 60):

Fixed case CPANEL-8634: Perform cPanel YUM calls with EPEL disabled.

I'll update this thread again once the resolution is published to cPanel version 58.

Thank you.
 

Tsafarog

Member
Oct 23, 2009
15
1
53
Hello @twhiting9275,

Thank you for the valued feedback. To clarify, the resolution associated with CPANEL-8634 won't permanently disable the EPEL YUM repo on a server. Instead, the change will only temporarily disable the EPEL repo when invoking YUM from within cPanel. This addresses the issue, while also allowing for the continued use of the custom repo. There's also discussion in this case of officially supporting EPEL, but that's not something we'd be able to implement right away due to the testing required to determine all of the existing incompatibilities.

Currently, the issue is addressed in cPanel version 59 (development build for cPanel version 60):

Fixed case CPANEL-8634: Perform cPanel YUM calls with EPEL disabled.

I'll update this thread again once the resolution is published to cPanel version 58.

Thank you.
So any news on the release?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
So any news on the release?
Hello,

Yes, the resolution was published to cPanel version 58.0.31 about an hour ago:

Fixed case CPANEL-8756: Perform cPanel YUM calls with EPEL disabled.

58.0.31 is tentatively scheduled for publication to the "RELEASE" build tier on Monday.

Thank you.
 

Morphis

Registered
Sep 25, 2016
1
0
1
Australia
cPanel Access Level
Root Administrator
Hello ex300,

this will fix your Problem only until next update.

Add the line:

exclude=p0f

to /etc/yum.repos.d/epel.repo like this:


[epel]

name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
exclude=p0f

This fixed it for me.

This fix it !!

Beens bugging me for a few weeks now.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Do I need to undo this previous fix now?
Yes, you should revert that manual workaround, as it's no longer required once you system is using cPanel version 58.0.31 or newer.

58.0.31 is now available on the "RELEASE" build tier.

Thank you.
 
  • Like
Reactions: tommyxv