Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Lennart Poettering 
On Mi, 24.02.21 22:08, Alexander Bokovoy (aboko...@redhat.com) wrote:

> I think one of the issues reported in the discussion you mention was
> that systemd-resolved considered invalid a DNS= line where addresses
> were separated by a comma rather than space. Can systemd-resolved be
> improved to allow common separators like both space and comma?

I am not a fan of such needless ambiguity, and it's not going to
retroactively fix the original reporter's configuration that has now
been fixed anyway... Moreover, across the systemd codebase in
configuration files we so far stuck to using mostly whitespace for
separating multiple values on the same config option line.

The thing is: separator characters end up being used for various other
purposes sooner or later. For example the DNS= lines in resolved.conf
already uses:

1. Dots (".") for separating IPV4 address bytes
2. Colons (":") for separating IPv6 address parts, as well as separating
   port numbers from the IP addres
3. Brackets ("[]") for separating ipv6 addresses from the rest of the
   construct
4. Percent ("%") characters to separate interface info from the rest
5. Hash ("#") characters to separate SNI host name specifications

Now, we currently don't use "," and ";" for separators here, but as
these things keep growing we might need them for something soon too.

Lennart

--
Lennart Poettering, Berlin
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Miroslav Suchý 

Dne 25. 02. 21 v 18:19 Miro Hrončok napsal(a):

What I do is use "rpmspec -q --srpm" to do queries on packages for dependencies.

For example, you can do something like:

rpmspec --target x86_64 -q --srpm --buildrequires package.spec

That gets you a list of BRs for x86_64.


I suppose this doesn't support %generate_buildrequires, so it's not always possible. (But I have not verified this 
assumption.)


Neal is correct that you only need to **query** on different architecture.

> However, I agree that keeping 6 SRPM files with identical *content*
> and only different *metadata* is incredibly wasteful.

The SPEC file is always the same. On all arches. [*] So the different metadata you mentioned are result of **query** of 
that SRPM on that architecture. Even dynamic buildrequires.


Therefore I propose to:
  * still generate only one SRPM like we do now.
  * only generate list of builddeps on that architecture.

I.e., even in your case with "Qt5WebEngine on ppc64le and s390x" if you 
generate SRPM on s390x and then run
  mock --installdeps foo.src.rpm
on x86_64, then Mock should install Qt5WebEngine. Because it evaluates the SPEC 
file on x86_64 architecture.

Browsing through code of Koji - I see no use of `--installdeps`. Therefore I think the Builrequires used are **always** 
correct and relevant on that architecture. There is only one issue - it is hardly visible. It can be seen only in 
root.log, which is pretty verbose.

And the "(info)" page on Koji, e.g.:
  https://koji.fedoraproject.org/koji/buildinfo?buildID=1715542
  -> src - > info ->
  https://koji.fedoraproject.org/koji/rpminfo?rpmID=25390046
lies, because its Requires section (which is in case of SRC.RPM actually BuildRequires of RPM) contains the 
BuildRequires from just one architecture.


There what we actually needs:
  * move the src.rpm on info page to each architecture (but still keep only one 
src.rpm)
  * query for install deps on each architecture
  * have separate (info) page for each architecture

Query the deps can be tricky as Mock does not support it. There is only --installdeps, but not --querydeps. But I can 
add it.




[*] the exception is
%ifarch FOO
   SourceX: bar
but as you mentioned **that** is forbidden in Fedora.

--
Miroslav Suchy, RHCA
Red Hat, Associate Manager, Community Packaging Tools, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora-Cloud-33-20210226.0 compose check report

2021-02-25 Thread Fedora compose checker 
No missing expected images.

Soft failed openQA tests: 1/7 (x86_64), 1/7 (aarch64)
(Tests completed, but using a workaround for a known bug)

Old soft failures (same test soft failed in Fedora-Cloud-33-20210225.0):

ID: 790239  Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL: https://openqa.fedoraproject.org/tests/790239
ID: 790246  Test: aarch64 Cloud_Base-qcow2-qcow2 cloud_autocloud@uefi
URL: https://openqa.fedoraproject.org/tests/790246

Passed openQA tests: 6/7 (x86_64), 6/7 (aarch64)
-- 
Mail generated by check-compose:
https://pagure.io/fedora-qa/check-compose
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Meaning of Size Directories

2021-02-25 Thread Tomasz Torcz 
Dnia Thu, Feb 25, 2021 at 06:20:34PM -0300, Sergio Belkin napisał(a):
> Hi,
> Tools such as ls or stat report the size of a directory. Of course it is
> not the content size.

 It depends on the filesystem. For Cephfs, directory size _is_ the content
size:

% ls -lh
drwxrwxr-x.  3 zdzichu  zdzichu   90G 11-06 16:37 'Collection 1'
drwxr-xr-x. 17 root root  11M 09-23 15:45  postfix
drwxr-xr-x.  2 cherokee cherokee  15M 11-24 00:02  var_log_cherokee

  I do not know what btrfs reports as directory size.

-- 
Tomasz Torcz   “(…) today's high-end is tomorrow's embedded processor.”
to...@pipebreaker.pl  — Mitchell Blank on LKML
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Meaning of Size Directories

2021-02-25 Thread Eric Sandeen 
On 2/25/21 6:56 PM, John Reiser wrote:
>> Tools such as ls or stat report the size of a directory. Of course it is not 
>> the content size.
>> stat -c %s  /home/sergio/.config
>> 6550
>>
>> What does 6550 mean in btrfs context?
> 
> Regardless of filesystem type, the size of a directory is the sum of the sizes
> of the struct linux_dirent (or linux_dirent64) for the filenames of the 
> contained files.
> See the manual page "man 2 getdents".

That's not correct; dirents are in-memory structures, unrelated
to what the [fl]stat(2) interface used by ls returns for a directory.

The size returned by stat(2) (aka ls) of a directory inode is
filesystem implementation dependent, and AFAIK has no well-defined
meaning. stat(2) refers to st_size only for files and symlinks,
not for directories.  Same w/ POSIX:

off_t st_sizeFor regular files, the file size in bytes. 
 For symbolic links, the length in bytes of the 
 pathname contained in the symbolic link. 


So, as one example on ext4 - directories never shrink.

# mkdir dir
# ls -ld dir
drwxr-xr-x. 2 root root 4096 Feb 26 00:48 dir

# touch dir/123456789
# ls -ld dir
drwxr-xr-x. 2 root root 4096 Feb 26 01:00 dir

# for I in `seq 1 2000`; do touch dir/longfilename$I; done
# ls -ld dir
drwxr-xr-x. 2 root root 69632 Feb 26 00:49 dir

# rm -f dir/*
# ls -ld dir
drwxr-xr-x. 2 root root 69632 Feb 26 00:49 dir

69632 byte directory with no files in it, wh.

xfs is different:

# mkdir dir
# ls -ld dir
drwxr-xr-x. 2 root root 6 Feb 26 00:58 dir

# touch dir/123456789
# ls -ld dir
drwxr-xr-x. 2 root root 23 Feb 26 00:59 dir

# for I in `seq 1 2000`; do touch dir/longfilename$I; done
# ls -ld dir
drwxr-xr-x. 2 root root 65536 Feb 26 00:59 dir

# rm -f dir/*
# ls -ld dir
drwxr-xr-x. 2 root root 6 Feb 26 00:59 dir

btrfs is still different:

# mkdir dir
# ls -ld dir
drwxr-xr-x. 1 root root 0 Feb 26 01:05 dir

# touch dir/123456789
# ls -ld dir
drwxr-xr-x. 1 root root 18 Feb 26 01:06 dir

# for I in `seq 1 2000`; do touch dir/longfilename$I; done
# ls -ld dir
drwxr-xr-x. 1 root root 61804 Feb 26 01:06 dir

# rm -f dir/*
# ls -ld dir
drwxr-xr-x. 1 root root 0 Feb 26 01:06 dir



In short, "size" of a dir doesn't tell you much.

-Eric
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-devel] 389 DS nightly 2021-02-26 - 95% PASS

2021-02-25 Thread vashirov 
https://fedorapeople.org/groups/389ds/ci/nightly/2021/02/26/report-389-ds-base-2.0.3-20210226git60e35aac5.fc33.x86_64.html
___
389-devel mailing list -- 389-devel@lists.fedoraproject.org
To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Meaning of Size Directories

2021-02-25 Thread Sergio Belkin 
El jue, 25 feb 2021 a las 21:58, John Reiser ()
escribió:

> > Tools such as ls or stat report the size of a directory. Of course it is
> not the content size.
> > stat -c %s  /home/sergio/.config
> > 6550
> >
> > What does 6550 mean in btrfs context?
>
> Regardless of filesystem type, the size of a directory is the sum of the
> sizes
> of the struct linux_dirent (or linux_dirent64) for the filenames of the
> contained files.
> See the manual page "man 2 getdents".
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>

Thanks everyone, I thought that it had a special meaning for btrfs
-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Meaning of Size Directories

2021-02-25 Thread John Reiser 

Tools such as ls or stat report the size of a directory. Of course it is not 
the content size.
stat -c %s  /home/sergio/.config
6550

What does 6550 mean in btrfs context?


Regardless of filesystem type, the size of a directory is the sum of the sizes
of the struct linux_dirent (or linux_dirent64) for the filenames of the 
contained files.
See the manual page "man 2 getdents".
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

CPE Weekly Report: 2021-02-26

2021-02-25 Thread Aoife Moloney 
Hi Everyone,


If you would like to see this report and toggle to the section you are
most interested in, I would suggest visiting this link
https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view and use the header bar
on your left to skip to where you want to go!

## Initiative FYI Links
Initiatives repo here: https://pagure.io/cpe/initiatives-proposal
2021 Quarterly Planning timetable here:
https://docs.fedoraproject.org/en-US/cpe/time_tables/ so you know when
I need it in by to review it.
Details on initiative requesting/how to work with us on new projects
here: https://docs.fedoraproject.org/en-US/cpe/initiatives/


### Misc
I hope you all enjoyed DevConf.cz last week! There were some great
talks and I am looking forward to catching up on the ones I
unfortunately missed when they are posted in a few weeks!
Also if you missed the CentOS Dojo at FOSDEM, you can watch all talks
on the CentOS YouTube channel here
https://www.youtube.com/playlist?list=PLuRtbOXpVDjC7RkMYSy-gk47s5vZyKPbt



## Project Updates
*The below updates are pulled directly from our CPE team call we have
every week.*

### Fedora
* We are now in F34 freeze! All changes to frozen hosts take 2 +1s
* Bodhi updates-testing activated for F34
* Fedscm-admin work started on default branches
* Openh264 repos are hosted on Cisco CDN

### Noggin/AAA
* User migration script has been successfully re-run
* Lots of docs updates - check out the docs section for more
information https://noggin-aaa.readthedocs.io/en/latest/
* PR opened for changes to docs to add pkinit to docs to allow
applicable certs be shipped for packages but it seems fedora-packager
Fedora package has to be built with the change applied
https://pagure.io/fedora-packager/pull-request/166
* If you are experiencing any issues with your application
authenticating with Noggin, please reach out to the team on IRC
channel #fedora-aaa
* The work tracker for this project can be found here
https://github.com/orgs/fedora-infra/projects/6
* And please report any issues you find in the repo
https://github.com/fedora-infra/noggin



## CentOS Updates

### CentOS
* CentOS CI updated OCP to 4.6.17
* Rolled out security fixes to ci.centos.org Jenkins and cert update


### CentOS Stream
* Documentation updated on the shortened CentOS Linux -> CentOS Stream
conversion, see the demo here https://asciinema.org/a/393875
* CentOS Extras is now separately delivered for Stream and Linux
* CentOS Stream 8 container images are published now to quay.io


## Team Info
### Background:
The Community Platform Engineering group, or CPE for short, is the Red
Hat team combining IT and release engineering from Fedora and CentOS.
Our goal is to keep core servers and services running and maintained,
build releases, and other strategic tasks that need more dedicated
time than volunteers can give.


See our wiki page here for more
information:https://docs.fedoraproject.org/en-US/cpe/



As always, feedback is welcome, and we will continue to look at ways
to improve the delivery and readability of this weekly report.


Have a great weekend!

Aoife


Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view

-- 

Aoife Moloney
Product Owner
Community Platform Engineering Team
Red Hat EMEA
Communications House
Cork Road
Waterford
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora-34-20210225.n.1 compose check report

2021-02-25 Thread Fedora compose checker 
No missing expected images.

Failed openQA tests: 26/187 (x86_64), 17/126 (aarch64)

New failures (same test not failed in Fedora-34-20210222.n.0):

ID: 789727  Test: x86_64 Server-dvd-iso server_role_deploy_database_server
URL: https://openqa.fedoraproject.org/tests/789727
ID: 789735  Test: x86_64 Server-dvd-iso server_database_client
URL: https://openqa.fedoraproject.org/tests/789735
ID: 789754  Test: x86_64 Workstation-live-iso desktop_background
URL: https://openqa.fedoraproject.org/tests/789754
ID: 789755  Test: x86_64 Workstation-live-iso desktop_browser
URL: https://openqa.fedoraproject.org/tests/789755
ID: 789760  Test: x86_64 Workstation-live-iso desktop_login
URL: https://openqa.fedoraproject.org/tests/789760
ID: 789779  Test: x86_64 KDE-live-iso desktop_update_graphical
URL: https://openqa.fedoraproject.org/tests/789779
ID: 789788  Test: x86_64 Silverblue-dvd_ostree-iso desktop_background
URL: https://openqa.fedoraproject.org/tests/789788
ID: 789789  Test: x86_64 Silverblue-dvd_ostree-iso desktop_browser
URL: https://openqa.fedoraproject.org/tests/789789
ID: 789867  Test: aarch64 Workstation-raw_xz-raw.xz desktop_browser@uefi
URL: https://openqa.fedoraproject.org/tests/789867
ID: 789882  Test: x86_64 universal install_arabic_language
URL: https://openqa.fedoraproject.org/tests/789882
ID: 789896  Test: x86_64 universal install_cyrillic_language
URL: https://openqa.fedoraproject.org/tests/789896
ID: 789915  Test: x86_64 universal install_multi_empty@uefi
URL: https://openqa.fedoraproject.org/tests/789915
ID: 789959  Test: aarch64 universal install_arabic_language@uefi
URL: https://openqa.fedoraproject.org/tests/789959
ID: 789967  Test: aarch64 universal install_cyrillic_language@uefi
URL: https://openqa.fedoraproject.org/tests/789967

Old failures (same test failed in Fedora-34-20210222.n.0):

ID: 789724  Test: x86_64 Server-dvd-iso server_freeipa_replication_master
URL: https://openqa.fedoraproject.org/tests/789724
ID: 789725  Test: x86_64 Server-dvd-iso server_freeipa_replication_replica
URL: https://openqa.fedoraproject.org/tests/789725
ID: 789728  Test: x86_64 Server-dvd-iso server_role_deploy_domain_controller
URL: https://openqa.fedoraproject.org/tests/789728
ID: 789731  Test: x86_64 Server-dvd-iso realmd_join_cockpit
URL: https://openqa.fedoraproject.org/tests/789731
ID: 789732  Test: x86_64 Server-dvd-iso realmd_join_sssd
URL: https://openqa.fedoraproject.org/tests/789732
ID: 789736  Test: x86_64 Server-dvd-iso server_freeipa_replication_client
URL: https://openqa.fedoraproject.org/tests/789736
ID: 789737  Test: x86_64 Server-dvd-iso server_realmd_join_kickstart
URL: https://openqa.fedoraproject.org/tests/789737
ID: 789747  Test: x86_64 Workstation-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/789747
ID: 789756  Test: x86_64 Workstation-live-iso 
desktop_notifications_postinstall
URL: https://openqa.fedoraproject.org/tests/789756
ID: 789765  Test: x86_64 KDE-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/789765
ID: 789774  Test: x86_64 KDE-live-iso desktop_login
URL: https://openqa.fedoraproject.org/tests/789774
ID: 789775  Test: x86_64 KDE-live-iso desktop_browser
URL: https://openqa.fedoraproject.org/tests/789775
ID: 789776  Test: x86_64 KDE-live-iso desktop_notifications_postinstall
URL: https://openqa.fedoraproject.org/tests/789776
ID: 789777  Test: x86_64 KDE-live-iso desktop_printing
URL: https://openqa.fedoraproject.org/tests/789777
ID: 789816  Test: aarch64 Server-dvd-iso install_lvm_ext4@uefi
URL: https://openqa.fedoraproject.org/tests/789816
ID: 789834  Test: aarch64 Server-dvd-iso 
server_freeipa_replication_master@uefi
URL: https://openqa.fedoraproject.org/tests/789834
ID: 789835  Test: aarch64 Server-dvd-iso 
server_freeipa_replication_replica@uefi
URL: https://openqa.fedoraproject.org/tests/789835
ID: 789838  Test: aarch64 Server-dvd-iso 
server_role_deploy_domain_controller@uefi
URL: https://openqa.fedoraproject.org/tests/789838
ID: 789841  Test: aarch64 Server-dvd-iso realmd_join_cockpit@uefi
URL: https://openqa.fedoraproject.org/tests/789841
ID: 789842  Test: aarch64 Server-dvd-iso realmd_join_sssd@uefi
URL: https://openqa.fedoraproject.org/tests/789842
ID: 789847  Test: aarch64 Server-dvd-iso 
server_freeipa_replication_client@uefi
URL: https://openqa.fedoraproject.org/tests/789847
ID: 789848  Test: aarch64 Server-dvd-iso server_realmd_join_kickstart@uefi
URL: https://openqa.fedoraproject.org/tests/789848
ID: 789883  Test: x86_64 universal install_asian_language
URL: https://openqa.fedoraproject.org/tests/789883
ID: 789960  Test: aarch64 universal install_asian_language@uefi
URL: https://openqa.fedoraproject.org/tests/789960
ID: 789976  Test: aarch64 universal install_kickstart_user_creation@uefi
URL: https://openqa.fedoraproject.org/tests/789976
ID: 789994  Test: aarch64

Re: Meaning of Size Directories

2021-02-25 Thread Chris Murphy 
On Thu, Feb 25, 2021 at 2:21 PM Sergio Belkin  wrote:
>
> Hi,
> Tools such as ls or stat report the size of a directory. Of course it is not 
> the content size.
> stat -c %s  /home/sergio/.config
> 6550
>
> What does 6550 mean in btrfs context?


stat -c %s  reports the st_size of the directory inode, and the
value is 2x the characters in all filenames in that directory. I'm not
sure if the names of directories are included in the count, or just
filenames.

-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1932390] perl-CPAN-FindDependencies-3.05 is available

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1932390

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #3 from Fedora Update System  ---
FEDORA-2021-5a096a1b32 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing
--advisory=FEDORA-2021-5a096a1b32`
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5a096a1b32

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information
on how to test updates.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: [dns-sig] split-DNS, resolvconf on Fedora

2021-02-25 Thread Petr Menšík 
On 2/25/21 9:06 AM, Peter Boy wrote:
> 
>> Am 24.02.2021 um 18:18 schrieb Paul Wouters :
>> There is no technical reason why this is not in its own package. There
>> has been some focussing on reducing minimal installs, and this is a
>> prime candidate for that. I'm fine with the workstation or desktop
>> installs bringing this package in by default. But I see only potential
>> harm from installing it on servers, containers and most virtual machines.
> 
> 
> You may be right. See https://github.com/systemd/systemd/issues/18761 
> 
> and/or
> 
> https://lists.fedoraproject.org/archives/list/ser...@lists.fedoraproject.org/thread/HOWYMPWHLBB5FDFD5VWLCC5Z73IQWA66/

systemd-resolved has some cool features, but I haven't found a way to
configure domain forwarding to selected IP address without a device.
Which would match your use-case. Every classic dns cache, dnsmasq used
by libvirt included, can forward subdomain queries to selected IPs. I
think systemd-resolved is able to configure it only per connection.

But it should be possible to use virbr0 device for it inside resolved.
resolvectl dns virbr0 192.168.122.1
resolvectl dns virbr0 example.lan

I don't know any permanent way to store this information to NM or
systemd-resolved, so it would configure it itself next boot. Maybe
systemd guys would know a way.
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB



OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora 34 compose report: 20210225.n.1 changes

2021-02-25 Thread Fedora Rawhide Report 
OLD: Fedora-34-20210222.n.0
NEW: Fedora-34-20210225.n.1

= SUMMARY =
Added images:19
Dropped images:  2
Added packages:  12
Dropped packages:37
Upgraded packages:   168
Downgraded packages: 0

Size of added packages:  10.50 MiB
Size of dropped packages:584.67 MiB
Size of upgraded packages:   3.28 GiB
Size of downgraded packages: 0 B

Size change of upgraded packages:   4.07 MiB
Size change of downgraded packages: 0 B

= ADDED IMAGES =
Image: Cloud_Base qcow2 s390x
Path: Cloud/s390x/images/Fedora-Cloud-Base-34-20210225.n.1.s390x.qcow2
Image: Security live x86_64
Path: Labs/x86_64/iso/Fedora-Security-Live-x86_64-34-20210225.n.1.iso
Image: Server dvd ppc64le
Path: Server/ppc64le/iso/Fedora-Server-dvd-ppc64le-34-20210225.n.1.iso
Image: Container_Base docker s390x
Path: Container/s390x/images/Fedora-Container-Base-34-20210225.n.1.s390x.tar.xz
Image: Everything boot ppc64le
Path: 
Everything/ppc64le/iso/Fedora-Everything-netinst-ppc64le-34-20210225.n.1.iso
Image: Cloud_Base raw-xz ppc64le
Path: Cloud/ppc64le/images/Fedora-Cloud-Base-34-20210225.n.1.ppc64le.raw.xz
Image: LXQt live x86_64
Path: Spins/x86_64/iso/Fedora-LXQt-Live-x86_64-34-20210225.n.1.iso
Image: Server dvd s390x
Path: Server/s390x/iso/Fedora-Server-dvd-s390x-34-20210225.n.1.iso
Image: Cinnamon live x86_64
Path: Spins/x86_64/iso/Fedora-Cinnamon-Live-x86_64-34-20210225.n.1.iso
Image: Everything boot s390x
Path: Everything/s390x/iso/Fedora-Everything-netinst-s390x-34-20210225.n.1.iso
Image: Cloud_Base raw-xz s390x
Path: Cloud/s390x/images/Fedora-Cloud-Base-34-20210225.n.1.s390x.raw.xz
Image: Server boot ppc64le
Path: Server/ppc64le/iso/Fedora-Server-netinst-ppc64le-34-20210225.n.1.iso
Image: Mate live x86_64
Path: Spins/x86_64/iso/Fedora-MATE_Compiz-Live-x86_64-34-20210225.n.1.iso
Image: Container_Minimal_Base docker ppc64le
Path: 
Container/ppc64le/images/Fedora-Container-Minimal-Base-34-20210225.n.1.ppc64le.tar.xz
Image: Cloud_Base qcow2 ppc64le
Path: Cloud/ppc64le/images/Fedora-Cloud-Base-34-20210225.n.1.ppc64le.qcow2
Image: Silverblue dvd-ostree ppc64le
Path: 
Silverblue/ppc64le/iso/Fedora-Silverblue-ostree-ppc64le-34-20210225.n.1.iso
Image: Container_Base docker ppc64le
Path: 
Container/ppc64le/images/Fedora-Container-Base-34-20210225.n.1.ppc64le.tar.xz
Image: Container_Minimal_Base docker s390x
Path: 
Container/s390x/images/Fedora-Container-Minimal-Base-34-20210225.n.1.s390x.tar.xz
Image: Server boot s390x
Path: Server/s390x/iso/Fedora-Server-netinst-s390x-34-20210225.n.1.iso

= DROPPED IMAGES =
Image: Scientific vagrant-libvirt x86_64
Path: 
Labs/x86_64/images/Fedora-Scientific-Vagrant-34-20210222.n.0.x86_64.vagrant-libvirt.box
Image: Scientific vagrant-virtualbox x86_64
Path: 
Labs/x86_64/images/Fedora-Scientific-Vagrant-34-20210222.n.0.x86_64.vagrant-virtualbox.box

= ADDED PACKAGES =
Package: avocado-vt-82.0-2.module_f34+11469+a0cf4ea8
Summary: Avocado Virt Test Plugin
RPMs:python3-avocado-vt
Size:8.16 MiB

Package: jni-inchi-0.8-1.fc34
Summary: International Chemical Identifiers for Java
RPMs:jni-inchi jni-inchi-javadoc
Size:1.79 MiB

Package: ksc-1.7-1.git5955c6b.fc34
Summary: Kernel source code checker
RPMs:ksc
Size:60.31 KiB

Package: python-bracex-2.1.1-2.fc34
Summary: Bash style brace expander
RPMs:python3-bracex
Size:23.06 KiB

Package: rust-codespan-reporting-0.9.5-2.fc34
Summary: Beautiful diagnostic reporting for text-based programming languages
RPMs:rust-codespan-reporting+default-devel 
rust-codespan-reporting+serde-devel rust-codespan-reporting+serialization-devel 
rust-codespan-reporting-devel
Size:77.75 KiB

Package: rust-cxx-0.5.10-2.fc34
Summary: Safe interop between Rust and C++
RPMs:rust-cxx+c++14-devel rust-cxx+c++17-devel rust-cxx+c++20-devel 
rust-cxx+default-devel rust-cxx-devel
Size:89.77 KiB

Package: rust-cxx-build-0.5.10-2.fc34
Summary: C++ code generator for integrating `cxx` crate into a Cargo build
RPMs:rust-cxx-build+default-devel rust-cxx-build-devel
Size:72.95 KiB

Package: rust-cxx-gen-0.6.7-2.fc34
Summary: C++ code generator for integrating `cxx` crate into higher level tools
RPMs:rust-cxx-gen+default-devel rust-cxx-gen-devel
Size:63.49 KiB

Package: rust-cxxbridge-flags-0.5.10-1.fc34
Summary: Compiler configuration of the `cxx` crate (implementation detail)
RPMs:rust-cxxbridge-flags+c++14-devel rust-cxxbridge-flags+c++17-devel 
rust-cxxbridge-flags+c++20-devel rust-cxxbridge-flags+default-devel 
rust-cxxbridge-flags-devel
Size:37.79 KiB

Package: rust-cxxbridge-macro-0.5.10-2.fc34
Summary: Implementation detail of the `cxx` crate
RPMs:rust-cxxbridge-macro+default-devel rust-cxxbridge-macro-devel
Size:49.84 KiB

Package: rust-link-cplusplus-1.0.5-2.fc34
Summary: Link libstdc++ or libc++ automatically or manually
RPMs:rust-link-cplusplus+default-devel rust-link-cplusplus+libc++-devel 
rust-link-cplusplus+libcxx-devel rust-link-cplusplus+libstdc++-devel 
rust-link

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Petr Menšík 
I disagree and do more below :)

On 2/23/21 2:49 PM, Lennart Poettering wrote:
> On Mo, 22.02.21 09:45, Michael Catanzaro (mcatanz...@gnome.org) wrote:
> 65;6201;1c
>> On Mon, Feb 22, 2021 at 12:05 pm, Tomasz Torcz  wrote:
>>> 3) Configure DNS resolvers if you want to use DNS.
>>> Or dig deeper: why cloud-init disabled DNS on your installation?
>>
>> I'm pretty sure cloud-init just doesn't know how to configure
>> systemd-resolved at all. So I suspect this is a cloud-init bug. See:
>> https://pagure.io/fedora-server/issue/10.
>>
>> I have no strong opinion on whether the fallback should have been removed or
>> not. The fallback was only hiding the real problem, after all.
> 
> BTW, just to say this clearly. I think this argument is bogus and very
> user unfriendly. I think it's generally better to complain to the logs
> and still make things work automatically with a fallback than to just
> say "Nope, I was given invalid configuration and now I refuse to
> work". Because originally this is what resolved did: we had a
> last-resort fallback to provide DNS via a bunch of public DNS servers
> if nothing else is available, and we log if we are given invalid
> config. We use the fallback only as ultimate fallback, when the other
> option is to not work at all.
No, this was already discussed and consensus were reached. last-resort
fallbacks MUST NOT cover bugs and they did it here. Good fallback would
be extracting addresses from configuration, even when delimited by a
garbage. User provided configuration must be followed. If wrong, it must
say so in way user will notice. All daemons I manage do that nice and
friendly way: print line number and file, where the mistake is. And
print in red: FAILED to run. It is up to user to fix it, comment it out
or disable non-obeying service. But has to be his decision.
> 
> The thing is that if DNS is fucked, then this is a pretty nasty
> problem: you need an extremely high level of understanding computers
> to be able to fix this. And you can't even get help, because, well,
> your DNS is down, you are not getting online.
No, I don't think so. Anyone who manages the system should have basic
understanding how to configure it. If not obvious, needs good
documentation at hand. Extremely high level is not writing lines into
configuration file in documented format. I think we switched to nano
editor to make it friendly. Sure, he won't be able to google help from
the machine. Fortunately, most of us have got smartphone able to google
almost anything.
> 
> Hence, it's inherently a *good* thing to have a fallback in place, and
> I think it's a disserve to users to turn this off, as it makes systems
> much harder to fix.
> 
> And yeah, call me a hypocrite, but if I have the choice between having
> no Internet at all or using some public DNS servers for DNS, and
> leaking a tiny bit of information to those DNS server providers then I
> am definitely preferring to have Internet, thank you very much.
But you forgot some decision were made for the user without his
knowledge or his approval. That is wrong. If user needs easy way to
working internet, offer him simple solution. Like:
systemctl start systemd-resolved-fallback
or
resolvectl use-fallback

Print this command in red on last line in sytemctl status
systemd-resolved. If he cannot find where the error is, he should ask
someone to manage his machine. To protect himself. Or have to dig into
system a bit and learn, where it is wrong.
> 
> One could even go further: the privacy level using those public DNS
> servers might actually be higher than using the DHCP-provided ones in
> many cases, simple because we can use DoT on the former (admittedly
> not yet the default in resolved though, but hopefully soon), but
> almost never can on the latter, and what's worse the latter are
> usually provided by crappy edge networks like Internet Cafés and such
> where the fact we send stuff unencrypted is just awful.
Problem is you usually have some agreement with the network you are
connecting to. You usually know who provides it, you can ask under which
rules they do. Not for hidden service somewhere as fallback.

DoT is often just fake sense of privacy. Most TLS sessions still send
unencrypted host in SNI headers, making DNS encryption not effective in
hiding their real target. Target IPs can often tell a lot too. If you
need real privacy, use VPN. Or better, choose a connection provider you
trust.

> 
> Now, Fedora made its choice here, and I'll accept that, but I still
> think it's a bad one, that trades a misunderstood concept of privacy
> against a major step forward in userfriendliness. i.e. I am not sure
> it's a good choice to limit Fedora's userspace needlessly to people
> who can fix their DNS configuration. It's a pretty tiny elite group of
> people to be in after all...
Hiding configuration errors just into logs is unfriendly. Ever since
Windows 95, very basic network configuration required two steps.
Configuring IP address, netmask

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Kevin Kofler via devel 
Michael Catanzaro wrote:
> Servers don't need split DNS. Desktops do. Without a DNS cache, your
> DNS will be slower. Without split DNS, your DNS may not work properly
> at all.

Not all desktops need split DNS. Most desktop users don't even have anything 
to split the DNS over. (It needs either at least 2 active physical 
connections (multihoming, very uncommon on desktops) or at least 1 VPN (more 
common, but only for tech-savvy users).)

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Petr Menšík 
No, this is not true. DNS servers had for ages ability to forward
selected domains to specified list of addresses. All DNS caches have the
ability to do it for no reason.

Servers do not have automatic configuration of split DNS only, because
often do not have multiple connections. But I think VPNs could be also
used to interconnect networks and selected DNS forwarding might still be
benefical for it.

However, servers need a proper DNS service. Very often they depend on
DNSSEC for mail filtering. They should protect their precious caches
with signatures. DNSSEC disabled by default, even when upstream service
provides perfectly working DNS, is just failure on our side.
Especially on servers, when DNSSEC readines would be much more common
than on crappy cheap home routers.

Remote DNS does not have to be much slower. If you have dedicated
resolver on the same LAN as you, your own cache might not help you much.
Depends a lot on specific applications usage.

On 2/25/21 4:42 PM, Michael Catanzaro wrote:
> On Thu, Feb 25, 2021 at 10:51 am, Florian Weimer 
> wrote:
>> Why do you think that?
> 
> Servers don't need split DNS. Desktops do. Without a DNS cache, your DNS
> will be slower. Without split DNS, your DNS may not work properly at all.

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB



OpenPGP_signature
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Test-Announce] Fedora 34 Branched 20210225.n.1 nightly compose nominated for testing

2021-02-25 Thread rawhide 
Announcing the creation of a new nightly release validation test event
for Fedora 34 Branched 20210225.n.1. Please help run some tests for this
nightly compose if you have time. For more information on nightly
release validation testing, see:
https://fedoraproject.org/wiki/QA:Release_validation_test_plan

Notable package version changes:
anaconda - 20210219.n.0: anaconda-34.24.4-1.fc34.src, 20210225.n.1: 
anaconda-34.24.5-1.fc34.src

Test coverage information for the current release can be seen at:
https://openqa.fedoraproject.org/testcase_stats/34

You can see all results, find testing instructions and image download
locations, and enter results on the Summary page:

https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Summary

The individual test result pages are:

https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Installation
https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Base
https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Server
https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Cloud
https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Desktop
https://fedoraproject.org/wiki/Test_Results:Fedora_34_Branched_20210225.n.1_Security_Lab

Thank you for testing!
-- 
Mail generated by relvalconsumer: https://pagure.io/fedora-qa/relvalconsumer
___
test-announce mailing list -- test-annou...@lists.fedoraproject.org
To unsubscribe send an email to test-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/test-annou...@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Meaning of Size Directories

2021-02-25 Thread Artur Frenszek-Iwicki 
I know next to nothing about btrfs, but on ext family of filesystems, 
directories are technically just special files. Those files contain a simple 
list of directory entries (i.e. filename <-> inode number pairs). So I guess in 
the case of ext, stat reports the size of this list.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Meaning of Size Directories

2021-02-25 Thread Sergio Belkin 
Hi,
Tools such as ls or stat report the size of a directory. Of course it is
not the content size.
stat -c %s  /home/sergio/.config


6550

What does 6550 mean in btrfs context?

Thanks in advance!

-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: split-DNS, resolvconf on Fedora (OpenVPN related issues)

2021-02-25 Thread David Sommerseth 

On 25/02/2021 16:02, Dan Williams wrote:


On Thu, 2021-02-25 at 11:57 +0100, David Sommerseth wrote:

[...snip...]

* NetworkManger and OpenVPN

Outside of that, OpenVPN via NetworkManager will be a different beast
to
tackle which we have not yet dug into from the OpenVPN project side.
  From the OpenVPN side, we are not too happy about the current
NetworkManager plug-in from a general point of view.

It is good with the graphical interface, but NetworkManager does not
too much in several areas (like killing the OpenVPN process if the
main
link disappears; OpenVPN is capable of recovering quite nicely when
network recovers).  And we have more OpenVPN specific features
planned
as well, where the NetworkManager can cause more damage - as it does
not
(and should not) understand how OpenVPN operates.


I'm pretty sure the NM team would be receptive to improvements
especially given new OpenVPN capabilities.


We do have on our todo-list to provide a nm-openvpn3 plugin; I hope we 
will be able to allocate resources to work on that in the next 4-6 
months.  We cannot re-use the existing nm-openvpn implementation as it 
is a completely different client.  OpenVPN 3 Linux is fully managed via 
D-Bus.


Hopefully the new architecture will make it easier to add NM 
integration, as OpenVPN 3 Linux already takes care of the privilege 
separations and OpenVPN configuration management.  There are APIs to 
import and retrieve available configurations, start/stop/pause/resume 
VPN sessions and as well as retrieving VPN session statistics and 
log/status updates.  So an nm-openvpn3 plug-in just needs to behave like 
a user interface towards the user.


That said, if there are other aspects where NM would like to integrate 
more tightly with OpenVPN 3 on the networking integration, we are 
equally open to look into improvements here.  We have briefly started to 
investigate NM online status tracking - to hold back starting of VPN 
connections until the host is fully online, and equally pause sessions 
when the connection disappears.  Mostly to put the network silent when a 
connection is impossible but being able to recover quickly when the 
network is back.



But NM has supported a feature that allows VPN connections to persist
across link changes (the VPN service returns the "can-persist" key in
its IP config response if it knows the underlying service can handle
it). I don't see that exposed/utilized by nm-openvpn, but perhaps it
should be if the connection properties will allow it (eg, if --
keepalive/ping*/whatever is enabled?).

I'm sure they'd accept patches to that effect...
This is great news and a considerable improvement.  Last time I was in 
contact with the NM developers, this was being discussed but got the 
impression it had not materialized yet.  But this is something which 
would be great to explore further.


Another challenge, which is more a bureaucratic/management one, is the 
collaboration platform between the nm-openvpn project/development and 
the upstream OpenVPN project.


Currently OpenVPN Inc people working in the community focuses on OpenVPN 
3 and, server side aspects of OpenVPN 2 and the OpenVPN kernel module 
under development.  While the community itself mostly focuses on the 
whole breath OpenVPN 2.


But it is hard to motivate people to work on the NM integrations from 
our side.  And to be honest, it's not too easy to get people involved in 
the Windows GUI either - but we do have at least some progress there 
with a very dedicated upstream maintainer.  Somehow it seems the GUI 
aspects are not that intriguing to work on.


That said, if there are people wanting to dive into the NM-OpenVPN 
integration, OpenVPN will be supportive to such efforts and will help as 
much as possible.  Just keep me in the loop and I will ensure that the 
right people gets in touch.



--
kind regards,

David Sommerseth
OpenVPN Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Fedora 35 Change: Autoconf-2.71 (Self-Contained Change proposal)

2021-02-25 Thread Ondrej Dubaj 
I understand, thanks for the explanation. We will wait to see what other
maintainers and upstreams will say.

This explanation is exactly what we need to have as much information as we
can. Hopefully other maintainers will soonly present their opinions as well.

Thanks.

Ondrej

On Thu, Feb 25, 2021 at 5:51 PM Brian C. Lane  wrote:

> On Thu, Feb 25, 2021 at 07:55:09AM +0100, Ondrej Dubaj wrote:
> > Brian,
> >
> > I understand, but as I already said, compat package can lead to
> > unwillingness to move forward to autoconf-2.71. For example, we can have
> a
> > compat package for f35 to have time to deal with the problems, but
> > certainly not for f36 or f37. After release of autoconf-2.71, I expect
> most
> > of the upstream packages moving to autoconf-2.71 in one year time, so
> > hopefully no compat package will be needed.
>
> I think you are optimistic :)
>
> >
> > Why are you not thinking of moving parted to autoconf-2.71 ? Are there
> any
> > special reasons for not doing this?
>
> Nobody else is using it yet. Ubuntu, Debian, Alpine, and FreeBSD (and I'm
> pretty sure the other *BSD flavors) are still using 2.69. The Gentoo has
> it available, as does the Debian experimental branch but it doesn't look
> like they are ready for general use yet.
>
> We (the parted maintainers) need to make sure that parted remains
> buildable for all the users of it, not just Fedora, so it can't switch
> until 2.71 is widely available and is well tested. I have a big patch
> that seems to work, but that's going to make patching difficult for me
> until upstream is ready to switch so I'd rather just stick with 2.69
>
> There needs to be a period of overlap to allow upstreams to experiment
> with the new version.
>
> Brian
>
> --
> Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart
>
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora-IoT-35-20210225.0 compose check report

2021-02-25 Thread Fedora compose checker 
Missing expected images:

Iot dvd x86_64
Iot dvd aarch64

Failed openQA tests: 1/16 (x86_64), 5/15 (aarch64)

Old failures (same test failed in Fedora-IoT-35-20210224.0):

ID: 789572  Test: x86_64 IoT-dvd_ostree-iso base_services_start
URL: https://openqa.fedoraproject.org/tests/789572
ID: 789581  Test: aarch64 IoT-dvd_ostree-iso iot_clevis@uefi
URL: https://openqa.fedoraproject.org/tests/789581
ID: 789583  Test: aarch64 IoT-dvd_ostree-iso iot_rpmostree_overlay@uefi
URL: https://openqa.fedoraproject.org/tests/789583
ID: 789588  Test: aarch64 IoT-dvd_ostree-iso base_services_start@uefi
URL: https://openqa.fedoraproject.org/tests/789588
ID: 789591  Test: aarch64 IoT-dvd_ostree-iso podman@uefi
URL: https://openqa.fedoraproject.org/tests/789591
ID: 789592  Test: aarch64 IoT-dvd_ostree-iso podman_client@uefi
URL: https://openqa.fedoraproject.org/tests/789592

Soft failed openQA tests: 3/16 (x86_64), 1/15 (aarch64)
(Tests completed, but using a workaround for a known bug)

Old soft failures (same test soft failed in Fedora-IoT-35-20210224.0):

ID: 789564  Test: x86_64 IoT-dvd_ostree-iso install_default@uefi
URL: https://openqa.fedoraproject.org/tests/789564
ID: 789565  Test: x86_64 IoT-dvd_ostree-iso install_default_upload
URL: https://openqa.fedoraproject.org/tests/789565
ID: 789566  Test: x86_64 IoT-dvd_ostree-iso iot_clevis
URL: https://openqa.fedoraproject.org/tests/789566
ID: 789580  Test: aarch64 IoT-dvd_ostree-iso install_default_upload@uefi
URL: https://openqa.fedoraproject.org/tests/789580

Passed openQA tests: 12/16 (x86_64), 9/15 (aarch64)
-- 
Mail generated by check-compose:
https://pagure.io/fedora-qa/check-compose
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora 34 Beta blocker review email #3

2021-02-25 Thread Ben Cotton 
Action summary


Accepted blockers
-
1. dogtag-pki — FreeIPA server deployment fails in current F34 and
Rawhide composes  — NEW
ACTION: dogtag-pki maintainers to fix package to work with updated 389-ds-base.

2. mesa — gnome-shell: nouveau_fence_signalled(): gnome-shell killed
by SIGSEGV — NEW
ACTION: mesa maintainers to diagnose and fix issue

Proposed blockers
-

1. mesa — sddm crashes with mesa-21 on VMware — ON_QA
ACTION: QA to verify FEDORA-2021-25de318629

2. xorg-x11-server — xorg-x11-server-Xorg: System(): Xorg killed by
SIGABRT — NEW
ACTION: pwhalen to determine if this is a duplicate of RHBZ 1930977



Bug-by-bug detail
=

Accepted blockers
-
1. dogtag-pki — https://bugzilla.redhat.com/show_bug.cgi?id=1929940 — NEW
FreeIPA server deployment fails in current F34 and Rawhide composes

A CVE fix in 389-ds-base requires a fix in dogtag. The error changed
from 'NO_SUCH_USER' in to 'INVALID_PASSWORD' in dogtag.

2. mesa — https://bugzilla.redhat.com/show_bug.cgi?id=1930977 — NEW
gnome-shell: nouveau_fence_signalled(): gnome-shell killed by SIGSEGV

gnome-shell crashes on the NVIDIA Jetson Nano. gnome-shell developers
believe it is a Mesa issue.

Proposed blockers
-

1. mesa — https://bugzilla.redhat.com/show_bug.cgi?id=1931070 — ON_QA
sddm crashes with mesa-21 on VMware

sddm-greeter crashes with mesa 20.3 and newer when virtualized on
VMWare products. Update FEDORA-2021-25de318629 contains a candidate
fix.

2. xorg-x11-server — https://bugzilla.redhat.com/show_bug.cgi?id=1930978 — NEW
xorg-x11-server-Xorg: System(): Xorg killed by SIGABRT

From the backtrace, it appears the crash occurs in the driver code.
This may be a duplicate of #1930977, which pwhalen is going to
investigate.

-- 
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: ELN SIG Launch

2021-02-25 Thread Stephen Gallagher 
On Mon, Feb 22, 2021 at 4:16 PM Stephen Gallagher  wrote:
>
> On Fri, Feb 12, 2021 at 10:25 AM Stephen Gallagher  
> wrote:
> >
> > ELN Special Interest Group (SIG)
> ...
> > A weekly meeting time will be reserved for the ELN SIG to meet. However, it 
> > will be canceled if there are no issues tagged with the meeting label. The 
> > meeting time will be selected by a public poll to determine the best 
> > available hour-long slot.
>
> At the ELN SIG Meet-Up at Devconf.cz over the weekend, I promised to
> send out a WhenIsGood request to allow us to schedule our first
> meeting, so here it is:
>
> https://whenisgood.net/elnkickoff
>
>
> The main goal for the first meeting will be to establish our initial
> membership and start to create a formal charter. We'll also leave some
> time open to discuss people's goals for ELN. We'll hold this kickoff
> meeting on IRC in one of the Fedora meeting channels (with the exact
> location to be determined based on the selected meeting time).
>
> If you are interested in participating, please reply to the WhenIsGood
> above by Sunday, Feb. 28th and I will send out a follow-up
> announcement with more information next week.

Just a reminder, this WhenIsGood request remains open until Sunday. If
you are interested, please respond to it.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-devel] Re: Were you unexpectedly subscribed to this list?

2021-02-25 Thread Whitney Dupnik 
I didn't subscribe either, please remove me.

From: Casey Mulholland 
Sent: Thursday, February 25, 2021 11:43 AM
To: 389 Directory server developer discussion. 
<389-devel@lists.fedoraproject.org>
Subject: [389-devel] Re: Were you unexpectedly subscribed to this list?

I didn't subscribe, please remove me.

Thanks!

From: Andrew Small mailto:c09asm...@gmail.com>>
Sent: Thursday, February 25, 2021 9:41 AM
To: 389 Directory server developer discussion. 
<389-devel@lists.fedoraproject.org>
Subject: [389-devel] Re: Were you unexpectedly subscribed to this list?

I didn't subscribe, please remove me.

Thanks!

On Wed, Feb 24, 2021 at 8:58 AM Mark Reynolds 
mailto:mreyno...@redhat.com>> wrote:
We've had a very large inflow of subscriptions requests recently, and
there are concerns something malicious might be going on.  If you are
getting these emails, but you have not subscribed to this 389-devel
mailing list please respond to me: 
mreyno...@redhat.com and I will get
you removed asap.

Sincerely,

--

389 Directory Server Development Team
___
389-devel mailing list -- 
389-devel@lists.fedoraproject.org
To unsubscribe send an email to 
389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure
___
389-devel mailing list -- 389-devel@lists.fedoraproject.org
To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-devel] Re: Were you unexpectedly subscribed to this list?

2021-02-25 Thread Casey Mulholland 
I didn't subscribe, please remove me.

Thanks!

From: Andrew Small 
Sent: Thursday, February 25, 2021 9:41 AM
To: 389 Directory server developer discussion. 
<389-devel@lists.fedoraproject.org>
Subject: [389-devel] Re: Were you unexpectedly subscribed to this list?

I didn't subscribe, please remove me.

Thanks!

On Wed, Feb 24, 2021 at 8:58 AM Mark Reynolds 
mailto:mreyno...@redhat.com>> wrote:
We've had a very large inflow of subscriptions requests recently, and
there are concerns something malicious might be going on.  If you are
getting these emails, but you have not subscribed to this 389-devel
mailing list please respond to me: 
mreyno...@redhat.com and I will get
you removed asap.

Sincerely,

--

389 Directory Server Development Team
___
389-devel mailing list -- 
389-devel@lists.fedoraproject.org
To unsubscribe send an email to 
389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure
___
389-devel mailing list -- 389-devel@lists.fedoraproject.org
To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Donate 1 minute of your time to test upgrades from F33 to F34

2021-02-25 Thread Kevin Fenzi 
On Thu, Feb 25, 2021 at 08:17:20AM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Feb 24, 2021 at 07:06:47PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > On Wed, Feb 24, 2021 at 12:08:56PM -0600, Dennis Gilmore wrote:
> > >  yum distro-sync --releasever 34
> > > Last metadata expiration check: 0:10:11 ago on Wed 24 Feb 2021 11:55:46 
> > > AM CST.
> > > Error:
> > >  Problem: package gnome-tour-40~beta-3.fc34.x86_64 obsoletes
> > > gnome-getting-started-docs < 3.38.1-2 provided by
> > > gnome-getting-started-docs-3.38.0-2.fc34.noarch
> > >   - package gnome-getting-started-docs-es-3.38.0-2.fc34.noarch
> > > requires gnome-getting-started-docs = 3.38.0-2.fc34, but none of the
> > > providers can be installed
> > >   - problem with installed package gnome-tour-3.38.0-2.fc33.x86_64
> > >   - problem with installed package
> > > gnome-getting-started-docs-es-3.38.0-1.fc33.noarch
> > >   - gnome-tour-3.38.0-2.fc33.x86_64 does not belong to a distupgrade 
> > > repository
> > >   - gnome-getting-started-docs-es-3.38.0-1.fc33.noarch does not belong
> > > to a distupgrade repository
> > > (try to add '--skip-broken' to skip uninstallable packages)
> > 
> > This is fixed by gnome-tour-40~beta-4.fc34, which is tagged into f34.
> > I think there was no compose yesterday, so it hasn't been pushed out.
> 
> I still don't see it today. I don't understand why.

The next compose failed due to grub2: 

https://bugzilla.redhat.com/show_bug.cgi?id=1933085

we are untagging that and refiring it. 

kevin


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Neal Gompa 
On Thu, Feb 25, 2021 at 12:19 PM Miro Hrončok  wrote:
>
> On 25. 02. 21 17:39, Neal Gompa wrote:
> > On Thu, Feb 25, 2021 at 10:44 AM Miro Hrončok  wrote:
> >>
> >> On 25. 02. 21 16:34, Fabio Valentini wrote:
> >>> But I'd argue that it's definitely not good that there's currently *no
> >>> way* to query BuildRequires*correctly*  and*reproducibly*  (other than
> >>> possibly rebuilding all fedora SRPM files for each target
> >>> architecture, but I do not have the resources - nor the desire - to do
> >>> that, just to get correct dependency information).
> >>
> >> BTW I think https://tiny.distro.builders/ does exactly this. Maybe Adam can
> >> share more info and maybe Content resolver can expose this information?
> >>
> >
> > What I do is use "rpmspec -q --srpm" to do queries on packages for 
> > dependencies.
> >
> > For example, you can do something like:
> >
> > rpmspec --target x86_64 -q --srpm --buildrequires package.spec
> >
> > That gets you a list of BRs for x86_64.
>
> I suppose this doesn't support %generate_buildrequires, so it's not always
> possible. (But I have not verified this assumption.)

Hmm, it might not. I haven't tried with anything like that yet...



-- 
真実はいつも一つ!/ Always, there's only one truth!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Miro Hrončok 

On 25. 02. 21 17:39, Neal Gompa wrote:

On Thu, Feb 25, 2021 at 10:44 AM Miro Hrončok  wrote:


On 25. 02. 21 16:34, Fabio Valentini wrote:

But I'd argue that it's definitely not good that there's currently *no
way* to query BuildRequires*correctly*  and*reproducibly*  (other than
possibly rebuilding all fedora SRPM files for each target
architecture, but I do not have the resources - nor the desire - to do
that, just to get correct dependency information).


BTW I think https://tiny.distro.builders/ does exactly this. Maybe Adam can
share more info and maybe Content resolver can expose this information?



What I do is use "rpmspec -q --srpm" to do queries on packages for dependencies.

For example, you can do something like:

rpmspec --target x86_64 -q --srpm --buildrequires package.spec

That gets you a list of BRs for x86_64.


I suppose this doesn't support %generate_buildrequires, so it's not always 
possible. (But I have not verified this assumption.)


--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[EPEL-devel] [Fedocal] Reminder meeting : EPEL Steering Committee

2021-02-25 Thread tdawson 
Dear all,

You are kindly invited to the meeting:
   EPEL Steering Committee on 2021-02-26 from 17:00:00 to 18:00:00 US/Eastern
   At fedora-meet...@irc.freenode.net

The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.

A general agenda is the following:

#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-7
#topic EPEL-8
#topic Openfloor
#endmeeting




Source: https://apps.fedoraproject.org/calendar/meeting/9854/

___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Fedora 35 Change: Autoconf-2.71 (Self-Contained Change proposal)

2021-02-25 Thread Brian C. Lane 
On Thu, Feb 25, 2021 at 07:55:09AM +0100, Ondrej Dubaj wrote:
> Brian,
> 
> I understand, but as I already said, compat package can lead to
> unwillingness to move forward to autoconf-2.71. For example, we can have a
> compat package for f35 to have time to deal with the problems, but
> certainly not for f36 or f37. After release of autoconf-2.71, I expect most
> of the upstream packages moving to autoconf-2.71 in one year time, so
> hopefully no compat package will be needed.

I think you are optimistic :)

> 
> Why are you not thinking of moving parted to autoconf-2.71 ? Are there any
> special reasons for not doing this?

Nobody else is using it yet. Ubuntu, Debian, Alpine, and FreeBSD (and I'm
pretty sure the other *BSD flavors) are still using 2.69. The Gentoo has
it available, as does the Debian experimental branch but it doesn't look
like they are ready for general use yet.

We (the parted maintainers) need to make sure that parted remains
buildable for all the users of it, not just Fedora, so it can't switch
until 2.71 is widely available and is well tested. I have a big patch
that seems to work, but that's going to make patching difficult for me
until upstream is ready to switch so I'd rather just stick with 2.69

There needs to be a period of overlap to allow upstreams to experiment
with the new version.

Brian

-- 
Brian C. Lane (PST8PDT) - weldr.io - lorax - parted - pykickstart
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1837988] CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1837988

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

 Depends On||1933099




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1837975] CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1837975

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

 Depends On||1933100




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1838000] CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1838000

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

 Depends On||1933098




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-devel] Re: Were you unexpectedly subscribed to this list?

2021-02-25 Thread Andrew Small 
I didn't subscribe, please remove me.

Thanks!

On Wed, Feb 24, 2021 at 8:58 AM Mark Reynolds  wrote:

> We've had a very large inflow of subscriptions requests recently, and
> there are concerns something malicious might be going on.  If you are
> getting these emails, but you have not subscribed to this 389-devel
> mailing list please respond to me: mreyno...@redhat.com and I will get
> you removed asap.
>
> Sincerely,
>
> --
>
> 389 Directory Server Development Team
> ___
> 389-devel mailing list -- 389-devel@lists.fedoraproject.org
> To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
389-devel mailing list -- 389-devel@lists.fedoraproject.org
To unsubscribe send an email to 389-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Neal Gompa 
On Thu, Feb 25, 2021 at 10:44 AM Miro Hrončok  wrote:
>
> On 25. 02. 21 16:34, Fabio Valentini wrote:
> > But I'd argue that it's definitely not good that there's currently *no
> > way* to query BuildRequires*correctly*  and*reproducibly*  (other than
> > possibly rebuilding all fedora SRPM files for each target
> > architecture, but I do not have the resources - nor the desire - to do
> > that, just to get correct dependency information).
>
> BTW I think https://tiny.distro.builders/ does exactly this. Maybe Adam can
> share more info and maybe Content resolver can expose this information?
>

What I do is use "rpmspec -q --srpm" to do queries on packages for dependencies.

For example, you can do something like:

rpmspec --target x86_64 -q --srpm --buildrequires package.spec

That gets you a list of BRs for x86_64.

I've used this to create a simple ordered build process using the DNF API. :)



--
真実はいつも一つ!/ Always, there's only one truth!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Donate 1 minute of your time to test upgrades from F33 to F34

2021-02-25 Thread David Kaufmann 
Another dot on the map:

Issues:
- rdma-core (known problem)
- jami (third party repo, does not have f34 yet)
- mpd (requires libupnp.so.16, but there seems to be only libupnp.so.17
  in f34 available)

Error:
 Problem 1: package jami-daemon-20210219.1.9530a07-1.fc33.x86_64 requires 
libupnp.so.16()(64bit), but none of the providers can be installed
  - libupnp-1.12.1-2.fc33.x86_64 does not belong to a distupgrade repository
  - problem with installed package jami-daemon-20210219.1.9530a07-1.fc33.x86_64
 Problem 2: rdma-core-33.0-2.fc33.i686 has inferior architecture
  - rdma-core-33.0-2.fc33.x86_64 does not belong to a distupgrade repository
  - problem with installed package rdma-core-33.0-2.fc33.i686
 Problem 3: cannot install both libupnp-1.14.1-1.fc34.x86_64 and 
libupnp-1.12.1-2.fc33.x86_64
  - package vlc-core-1:3.0.12.1-6.fc34.x86_64 requires libupnp.so.17()(64bit), 
but none of the providers can be installed
  - package jami-daemon-20210219.1.9530a07-1.fc33.x86_64 requires 
libupnp.so.16()(64bit), but none of the providers can be installed
  - problem with installed package vlc-core-1:3.0.12-1.fc33.x86_64
  - package jami-20210219.1.9530a07-1.fc33.x86_64 requires jami-daemon = 
20210219.1.9530a07, but none of the providers can be installed
  - vlc-core-1:3.0.12-1.fc33.x86_64 does not belong to a distupgrade repository
  - problem with installed package jami-20210219.1.9530a07-1.fc33.x86_64
 Problem 4: package vlc-core-1:3.0.12.1-6.fc34.x86_64 requires 
libupnp.so.17()(64bit), but none of the providers can be installed
  - cannot install both libupnp-1.14.1-1.fc34.x86_64 and 
libupnp-1.12.1-2.fc33.x86_64
  - package vlc-1:3.0.12.1-6.fc34.x86_64 requires libvlccore.so.9()(64bit), but 
none of the providers can be installed
  - package mpd-1:0.22.4-2.fc34.x86_64 requires libupnp.so.16()(64bit), but 
none of the providers can be installed
  - problem with installed package vlc-1:3.0.12-1.fc33.x86_64
  - problem with installed package mpd-1:0.22.6-1.fc33.x86_64
  - package vlc-core-1:3.0.12-1.fc33.x86_64 requires libdav1d.so.4()(64bit), 
but none of the providers can be installed
  - vlc-1:3.0.12-1.fc33.x86_64 does not belong to a distupgrade repository
  - mpd-1:0.22.6-1.fc33.x86_64 does not belong to a distupgrade repository
  - libdav1d-0.7.1-2.fc33.x86_64 does not belong to a distupgrade repository

All the best,
Astra


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora-Rawhide-20210225.n.0 compose check report

2021-02-25 Thread Fedora compose checker 
No missing expected images.

Compose FAILS proposed Rawhide gating check!
2 of 43 required tests failed
openQA tests matching unsatisfied gating requirements shown with **GATING** 
below

Failed openQA tests: 20/126 (aarch64), 22/187 (x86_64)

New failures (same test not failed in Fedora-Rawhide-20210223.n.1):

ID: 789220  Test: aarch64 Minimal-raw_xz-raw.xz base_services_start@uefi
URL: https://openqa.fedoraproject.org/tests/789220
ID: 789221  Test: aarch64 Minimal-raw_xz-raw.xz base_selinux@uefi
URL: https://openqa.fedoraproject.org/tests/789221
ID: 789222  Test: aarch64 Minimal-raw_xz-raw.xz 
base_service_manipulation@uefi
URL: https://openqa.fedoraproject.org/tests/789222
ID: 789223  Test: aarch64 Minimal-raw_xz-raw.xz release_identification@uefi
URL: https://openqa.fedoraproject.org/tests/789223
ID: 789225  Test: aarch64 Server-dvd-iso support_server@uefi
URL: https://openqa.fedoraproject.org/tests/789225
ID: 789241  Test: aarch64 Server-dvd-iso 
install_repository_nfsiso_variation@uefi
URL: https://openqa.fedoraproject.org/tests/789241
ID: 789259  Test: aarch64 Server-dvd-iso realmd_join_cockpit@uefi
URL: https://openqa.fedoraproject.org/tests/789259

Old failures (same test failed in Fedora-Rawhide-20210223.n.1):

ID: 789148  Test: x86_64 Server-dvd-iso modularity_tests
URL: https://openqa.fedoraproject.org/tests/789148
ID: 789165  Test: x86_64 Workstation-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/789165
ID: 789173  Test: x86_64 Workstation-live-iso desktop_browser **GATING**
URL: https://openqa.fedoraproject.org/tests/789173
ID: 789174  Test: x86_64 Workstation-live-iso 
desktop_notifications_postinstall
URL: https://openqa.fedoraproject.org/tests/789174
ID: 789178  Test: x86_64 Workstation-live-iso desktop_login
URL: https://openqa.fedoraproject.org/tests/789178
ID: 789183  Test: x86_64 KDE-live-iso apps_startstop
URL: https://openqa.fedoraproject.org/tests/789183
ID: 789192  Test: x86_64 KDE-live-iso desktop_login
URL: https://openqa.fedoraproject.org/tests/789192
ID: 789193  Test: x86_64 KDE-live-iso desktop_browser **GATING**
URL: https://openqa.fedoraproject.org/tests/789193
ID: 789194  Test: x86_64 KDE-live-iso desktop_notifications_postinstall
URL: https://openqa.fedoraproject.org/tests/789194
ID: 789197  Test: x86_64 KDE-live-iso desktop_update_graphical
URL: https://openqa.fedoraproject.org/tests/789197
ID: 789207  Test: x86_64 Silverblue-dvd_ostree-iso desktop_browser
URL: https://openqa.fedoraproject.org/tests/789207
ID: 789234  Test: aarch64 Server-dvd-iso install_lvm_ext4@uefi
URL: https://openqa.fedoraproject.org/tests/789234
ID: 789258  Test: aarch64 Server-dvd-iso modularity_tests@uefi
URL: https://openqa.fedoraproject.org/tests/789258
ID: 789285  Test: aarch64 Workstation-raw_xz-raw.xz desktop_browser@uefi
URL: https://openqa.fedoraproject.org/tests/789285
ID: 789300  Test: x86_64 universal install_arabic_language
URL: https://openqa.fedoraproject.org/tests/789300
ID: 789301  Test: x86_64 universal install_asian_language
URL: https://openqa.fedoraproject.org/tests/789301
ID: 789314  Test: x86_64 universal install_cyrillic_language
URL: https://openqa.fedoraproject.org/tests/789314
ID: 789362  Test: x86_64 universal upgrade_desktop_64bit
URL: https://openqa.fedoraproject.org/tests/789362
ID: 789363  Test: x86_64 universal upgrade_desktop_encrypted_64bit
URL: https://openqa.fedoraproject.org/tests/789363
ID: 789364  Test: x86_64 universal upgrade_kde_64bit
URL: https://openqa.fedoraproject.org/tests/789364
ID: 789365  Test: x86_64 universal upgrade_minimal_64bit
URL: https://openqa.fedoraproject.org/tests/789365
ID: 789366  Test: x86_64 universal upgrade_minimal_uefi@uefi
URL: https://openqa.fedoraproject.org/tests/789366
ID: 789367  Test: x86_64 universal upgrade_server_64bit
URL: https://openqa.fedoraproject.org/tests/789367
ID: 789368  Test: x86_64 universal upgrade_server_domain_controller
URL: https://openqa.fedoraproject.org/tests/789368
ID: 789372  Test: x86_64 universal upgrade_realmd_client
URL: https://openqa.fedoraproject.org/tests/789372
ID: 789377  Test: aarch64 universal install_arabic_language@uefi
URL: https://openqa.fedoraproject.org/tests/789377
ID: 789378  Test: aarch64 universal install_asian_language@uefi
URL: https://openqa.fedoraproject.org/tests/789378
ID: 789385  Test: aarch64 universal install_cyrillic_language@uefi
URL: https://openqa.fedoraproject.org/tests/789385
ID: 789397  Test: aarch64 universal install_with_swap@uefi
URL: https://openqa.fedoraproject.org/tests/789397
ID: 789412  Test: aarch64 universal upgrade_2_server_domain_controller@uefi
URL: https://openqa.fedoraproject.org/tests/789412
ID: 789413  Test: aarch64 universal upgrade_minimal_64bit@uefi
URL: https://openqa.fedoraproject.org/tests/789413
ID: 789414  Test: aarch64 universal upgrade_server_64bit@uefi
URL:

Re: split-DNS, resolvconf on Fedora (OpenVPN related issues)

2021-02-25 Thread David Sommerseth 

Hi!

On 25/02/2021 14:39, Petr Menšík wrote:
[..snip...]

It is not optimal yet, but we plan to provide full support for split-DNS
(only pushed domains will be resolved via the DNS server requested by
the VPN server) and exclusive DNS (use only the DNS server pushed by VPN
server).

>

This case is exactly what I am trying to prevent. There is multiple
implementations of dns cache, most of them can support split-DNS by some
configuration. If openvpn supports systemd-resolved natively, does that
mean it would not be able to support split-DNS on dnsmasq or unbound?
What is motivation to support specific implementation instead of generic
interface? I don't want to ask openvpn to support also dnsmasq or
unbound natively, because I think there should be middle layer support.
I am trying to use resolvconf as such layer.


systemd-resolved is already enabled in Ubuntu 18.04 (but not fully) and 
now in Fedora 33 (which goes a long way of integration into the system).


It also provides a D-Bus interface which is reasonable to integrate with.

This solved use cases we have for customers connecting Ubuntu machines 
to OpenVPN Cloud, where DNS is a big part of the Cloud solution.



I am dnsmasq, unbound and bind (co)maintainer. I want them to stay first
class citizens in Fedora, even when they are not installed by default.
Of course, also knot-resolver and pdns-recursor should be supported, if
they are (willing and) able to.


dnsmasq and unbound are great packages as well, but they are not really 
designed for system integration in the same level as systemd-resolved 
when considering today's ever changing network topology.  Just take an 
average laptop user today - how many various networks might that user 
connect during a day, especially when travelling?


Since we have the impression systemd-resolved is becoming more and more 
used by default, we figured that would be a reasonable service to 
integrate with.  It also seems to handle the various use cases of 
roadwarriors pretty well as well as virtualised servers.  Plus it 
provides a reasonable D-Bus API to work with (more on that below).


OpenVPN 3 Linux aims to run with as least privileges as possible.  And 
tt tries to integrate with the basic existing network components on the 
system.  But running with least privileges is a challenge with lots of 
the network stack, as it requires some elevated privileges.  So

OpenVPN 3 Linux is split up into several components doing a dedicated task.

== Some OpenVPN 3 Linux architecture details ==

The most privileged service running is the openvpn3-service-netcfg 
(net.openvpn.v3.netcfg).  This is responsible for creating and configure 
TUN interfaces (with or without kernel acceleration), setting up routes 
and DNS.  But it runs as the openvpn:openvpn user with CAP_NETADMIN.  If 
using the resolv.conf approach (currently the default, which edits 
/etc/resolv.conf directly - which IS nasty), it also adds CAP_DAC_OVERRIDE.


But we generally try to avoid exec() any external code and depend on 
available APIs on the host, whether it is Kernel Netlink, libc related 
interfaces or D-Bus.  In fact, the script-hooks found in OpenVPN 2.x is 
non-existing in OpenVPN 3 Linux.


You can however achieve similar features (but with some more work 
currently) by subscribing to various D-Bus signals OpenVPN 3 services 
sends.  The openvpn3-addon-aws is such a service, which propagates 
pushed VPN routes to a AWS VPC setup and removes them again when the VPN 
connection is taken down.


In regards to network configuration and DNS resolvers.  The 
openvpn3-service-netcfg module is written in a way so it should be 
possible to extend it with more "resolver setting backends".


A new backend needs to implement this interface:


Each running VPN session provides the DNS resolver settings via 
ResolverSettings objects, which are gathered via the Apply() method. 
And once all settings are provided, the Commit() method is called which 
makes sure the settings are happening on the host.


The ResolverSettings class is defined here:




The current implementation will query all DNS servers on all interfaces.
  This hybrid mode will also be supported.

At the moment I'm not yet decided what should be the default mode, but
I'm leaning towards split-DNS - as that provides the least risk for DNS
leakage either way.  But for some any DNS lookups to the main link is
considered a DNS leak as well, so this is highly usage dependent.  We
are also considering how far the server can go to push for a certain
profile - as the use cases for VPN provider side are also very diverse
with different requirements.

>

I think it should be configurable from server side with ability to
override it on client side. The VPN owner should be able to do specify,
whether all

Re: Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Miro Hrončok 

On 25. 02. 21 16:34, Fabio Valentini wrote:

But I'd argue that it's definitely not good that there's currently *no
way* to query BuildRequires*correctly*  and*reproducibly*  (other than
possibly rebuilding all fedora SRPM files for each target
architecture, but I do not have the resources - nor the desire - to do
that, just to get correct dependency information).


BTW I think https://tiny.distro.builders/ does exactly this. Maybe Adam can 
share more info and maybe Content resolver can expose this information?


--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Michael Catanzaro 
On Thu, Feb 25, 2021 at 10:51 am, Florian Weimer  
wrote:

Why do you think that?


Servers don't need split DNS. Desktops do. Without a DNS cache, your 
DNS will be slower. Without split DNS, your DNS may not work properly 
at all.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Dilemma: -source repository data randomized by koji builder arch

2021-02-25 Thread Fabio Valentini 
Hello everybody,

There's a problem that's been puzzling me for months, since I started
writing the repochecker service (which provides the backend FTI/FTBFS
data for the new packager-dashboard):

There is no correct "source of truth" for BuildRequires / complete
package dependency graphs.

While SRPM *contents* are forbidden from being dependent on their
environment (e.g. Sources or Patches guarded by %ifarch / %if
%fedora), their metadata (RPM headers) will still potentially be
architecture-dependent.

For example: The most frequent case of this is packages disabling
support for Qt5WebEngine on ppc64le and s390x, because it's not
available on those architectures. That means %ifarch conditionals
wrapping the BuildRequires for Qt5WebEngine. But that leads to the
interesting problem of the SRPM file having architecture-dependent RPM
headers.

However, because koji only keeps *one* SRPM file from each build (even
though they have potentially different metadata on different
architectures), and the architecture that one SRPM is generated on is
basically random, the contents of the -source repositories are,
basically, randomized, and unreliable.

The architecture-dependent nature of SRPM files in -source
repositories affects at least those tools and Fedora services:

- dnf builddep (errors when encountering foreign-arch dependencies,
even if they are guarded by %ifarch in the .spec file)
- dnf repoquery and repoclosure produce wrong results
- koschei gets confused by architecture-dependent BuildRequires and
claims "failed dependency resolution" for foreign-arch dependencies

I file an issue with koji asking for a way to get correct metadata for SRPMs:
https://pagure.io/koji/issue/2726

However, I agree that keeping 6 SRPM files with identical *content*
and only different *metadata* is incredibly wasteful. But koji is the
only place in the build pipeline at which the entire and correct
dependency information is available, and it's lost afterwards, because
the rebuilt SRPM files produced by mock on each architecture are
discarded. I don't know if there could be a way to expose an
"srpmdiff" between the SRPM files on different architectures ...

But I'd argue that it's definitely not good that there's currently *no
way* to query BuildRequires *correctly* and *reproducibly* (other than
possibly rebuilding all fedora SRPM files for each target
architecture, but I do not have the resources - nor the desire - to do
that, just to get correct dependency information).

For the repository data that's processed by repochecker (for the
packager-dashboard data), I needed to add hard-coded overrides for
those "false positives", which is definitely not scalable for the
hundreds of different architecture-dependent BuildRequires that exist
in Fedora, but I also don't have a way to find them other than "look
at the .spec file":

https://pagure.io/ironthree/repochecker/blob/master/f/overrides.json

So, if anybody has an idea how we can solve this issue and actually
provide correct repository data, that would be great :(

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: split-DNS, resolvconf on Fedora (OpenVPN related issues)

2021-02-25 Thread Dan Williams 
On Thu, 2021-02-25 at 11:57 +0100, David Sommerseth wrote:
> On 22/02/2021 16:29, Petr Menšík wrote:
> > Why? I thought about common interface to various DNS cache
> > implementations for workstations and different VPN providers
> > available.
> > While I think the best place to direct, which interface resolvers
> > should
> > handle given domains. resolvconf handles conflicting requests from
> > different interfaces, when multiple DNS resolver providers are
> > configured by connection.
> 
> Just providing some input from the OpenVPN perspective.
> 
> * OpenVPN 3 Linux
> 
> OpenVPN 3 Linux [0] since the v10 release provides native
> systemd-resolved support.
> 
> It is not optimal yet, but we plan to provide full support for split-
> DNS 
> the VPN server) and exclusive DNS (use only the DNS server pushed by
> VPN 
> server).
> 
> The current implementation will query all DNS servers on all
> interfaces. 
>   This hybrid mode will also be supported.
> 
> At the moment I'm not yet decided what should be the default mode,
> but 
> I'm leaning towards split-DNS - as that provides the least risk for
> DNS 
> are also considering how far the server can go to push for a certain 
> profile - as the use cases for VPN provider side are also very
> diverse 
> with different requirements.
> 
> For the v10+ releases you need to do a little configuration step [1]
> to 
> Fedora 33+.  Ubuntu 20.04 will probably also be updated to use it by 
> default.  This will most likely happen from the v14 release.
> 
> 
> * OpenVPN 2.x
> 
> We are also considering to fully embrace the update-systemd-resolved
> [2] 
> script for the OpenVPN 2.x versions.  And will work together with
> this 
> project to ensure OpenVPN 3 Linux and OpenVPN 2.x will behave a
> similar 
> as possible.
> 
> 
> * NetworkManger and OpenVPN
> 
> Outside of that, OpenVPN via NetworkManager will be a different beast
> to 
> tackle which we have not yet dug into from the OpenVPN project side. 
>  From the OpenVPN side, we are not too happy about the current 
> NetworkManager plug-in from a general point of view.
> 
> It is good with the graphical interface, but NetworkManager does not 
> too much in several areas (like killing the OpenVPN process if the
> main 
> link disappears; OpenVPN is capable of recovering quite nicely when 
> network recovers).  And we have more OpenVPN specific features
> planned 
> as well, where the NetworkManager can cause more damage - as it does
> not 
> (and should not) understand how OpenVPN operates.

I'm pretty sure the NM team would be receptive to improvements
especially given new OpenVPN capabilities.

But NM has supported a feature that allows VPN connections to persist
across link changes (the VPN service returns the "can-persist" key in
its IP config response if it knows the underlying service can handle
it). I don't see that exposed/utilized by nm-openvpn, but perhaps it
should be if the connection properties will allow it (eg, if --
keepalive/ping*/whatever is enabled?).

I'm sure they'd accept patches to that effect...

Dan

> * DNS updates
> 
> If NetworkManager is capable of fully integrating with a unified DNS 
> resolver management which OpenVPN and other updateresolve
> alternatives 
> could work with would definitely be the best for all of this.
> 
> OpenVPN 3 Linux and OpenVPN 2.x can be extended and taught to
> integrate 
> with various DNS management approaches.  systemd-resolved is already
> on 
> the way, but does not need to be restricted here.  But we are very
> much 
> interested in being involved in such discussions.
> 
> 
> [0] 
> [1] 
> <
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20607.html
> >
> [2] 
> 
> 
> -- 
> kind regards,
> 
> David Sommerseth
> OpenVPN Inc
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: 
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Fedora rawhide compose report: 20210225.n.0 changes

2021-02-25 Thread Miro Hrončok 

On 25. 02. 21 15:32, Fabio Valentini wrote:

On Thu, Feb 25, 2021 at 3:13 PM Fedora Rawhide Report
 wrote:

Package:  buildah-define.Version-0.10.dev.giteb42398.fc35
Old package:  buildah-define.Version-0.8.dev.gita5e80a5.fc35
Summary:  A command line tool used for creating OCI Images
RPMs: buildah buildah-tests
Size: 72.89 MiB
Size change:  132.30 KiB
Changelog:
   * Tue Feb 23 2021 RH Container Bot  - 
define.Version-0.9.dev.gitd5c503c
   - autobuilt d5c503c

   * Wed Feb 24 2021 RH Container Bot  - 
define.Version-0.10.dev.giteb42398
   - autobuilt eb42398


What's going on here? Bad bot? Template screw-up?


Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1933039


(This is also the reason why I think bots should not be allowed to
push "official" builds unsupervised ...)


Indeed.

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Fedora rawhide compose report: 20210225.n.0 changes

2021-02-25 Thread Fabio Valentini 
On Thu, Feb 25, 2021 at 3:13 PM Fedora Rawhide Report
 wrote:
> Package:  buildah-define.Version-0.10.dev.giteb42398.fc35
> Old package:  buildah-define.Version-0.8.dev.gita5e80a5.fc35
> Summary:  A command line tool used for creating OCI Images
> RPMs: buildah buildah-tests
> Size: 72.89 MiB
> Size change:  132.30 KiB
> Changelog:
>   * Tue Feb 23 2021 RH Container Bot  - 
> define.Version-0.9.dev.gitd5c503c
>   - autobuilt d5c503c
>
>   * Wed Feb 24 2021 RH Container Bot  - 
> define.Version-0.10.dev.giteb42398
>   - autobuilt eb42398

What's going on here? Bad bot? Template screw-up?

(This is also the reason why I think bots should not be allowed to
push "official" builds unsupervised ...)

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: sssd: No %post/%preun/%postun?!?

2021-02-25 Thread Tom Hughes via devel 

On 25/02/2021 13:58, Richard Shaw wrote:
On Thu, Feb 25, 2021 at 7:39 AM Tom Hughes > wrote:


On 25/02/2021 13:13, Richard Shaw wrote:
 > Per the packaging guidelines these don't seem to be optional:
 >
 >

https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd



 >

>

Indeed they're not optional, but they're also not missing as a glance
a the spec file confirms:

https://src.fedoraproject.org/rpms/sssd/blob/rawhide/f/sssd.spec#_931 



Ahh, I never thought to look past %files :)

Separate package, but I got a similar daemon-reload warning for 
unbound-libs, but it was for a timer unit, which are not mentioned in 
the packaging guidelines.


Warning: The unit file, source configuration file or drop-ins of 
unbound-anchor.timer changed on disk. Run 'systemctl daemon-reload' to 
reload units.


You'll get it for literally everything that uses the macros
to try and restart itself if the update has changed the unit
definition in any way because the restart is done before the
reload so the new unit definition is not loaded yet.

Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora rawhide compose report: 20210225.n.0 changes

2021-02-25 Thread Fedora Rawhide Report 
OLD: Fedora-Rawhide-20210223.n.1
NEW: Fedora-Rawhide-20210225.n.0

= SUMMARY =
Added images:5
Dropped images:  0
Added packages:  5
Dropped packages:1
Upgraded packages:   132
Downgraded packages: 0

Size of added packages:  6.81 MiB
Size of dropped packages:2.43 MiB
Size of upgraded packages:   10.53 GiB
Size of downgraded packages: 0 B

Size change of upgraded packages:   160.55 MiB
Size change of downgraded packages: 0 B

= ADDED IMAGES =
Image: Scientific vagrant-libvirt x86_64
Path: 
Labs/x86_64/images/Fedora-Scientific-Vagrant-Rawhide-20210225.n.0.x86_64.vagrant-libvirt.box
Image: Python_Classroom live x86_64
Path: 
Labs/x86_64/iso/Fedora-Python-Classroom-Live-x86_64-Rawhide-20210225.n.0.iso
Image: Scientific vagrant-virtualbox x86_64
Path: 
Labs/x86_64/images/Fedora-Scientific-Vagrant-Rawhide-20210225.n.0.x86_64.vagrant-virtualbox.box
Image: Scientific_KDE live x86_64
Path: Labs/x86_64/iso/Fedora-Scientific_KDE-Live-x86_64-Rawhide-20210225.n.0.iso
Image: Astronomy_KDE live x86_64
Path: Labs/x86_64/iso/Fedora-Astronomy_KDE-Live-x86_64-Rawhide-20210225.n.0.iso

= DROPPED IMAGES =

= ADDED PACKAGES =
Package: c-ares-1.17.1-2.module_f35+11499+8a432ff1
Summary: A library that performs asynchronous DNS operations
RPMs:c-ares c-ares-devel
Size:999.06 KiB

Package: fcitx5-anthy-5.0.3-1.fc35
Summary: Anthy Wrapper for Fcitx5
RPMs:fcitx5-anthy
Size:994.10 KiB

Package: libuv-1:1.41.0-1.module_f35+11499+8a432ff1
Summary: Platform layer for node.js
RPMs:libuv libuv-devel libuv-static
Size:1.45 MiB

Package: nghttp2-1.43.0-1.module_f35+11499+8a432ff1
Summary: Experimental HTTP/2 client, server and proxy
RPMs:libnghttp2 libnghttp2-devel nghttp2
Size:3.39 MiB

Package: nodejs-packaging-2021.01-3.module_f35+11499+8a432ff1
Summary: RPM Macros and Utilities for Node.js Packaging
RPMs:nodejs-packaging nodejs-packaging-bundler
Size:29.91 KiB


= DROPPED PACKAGES =
Package: libmypaint2-2.0.0-0.9.beta.1.fc34
Summary: MyPaint brush engine library
RPMs:libmypaint2 libmypaint2-devel
Size:2.43 MiB


= UPGRADED PACKAGES =
Package:  Lmod-8.4.24-1.fc35
Old package:  Lmod-8.4.23-1.fc35
Summary:  Environmental Modules System in Lua
RPMs: Lmod
Size: 1.07 MiB
Size change:  185 B
Changelog:
  * Thu Feb 25 2021 Orion Poplawski  - 8.4.24-1
  - Update to 8.4.24


Package:  ProDy-2.0-1.fc35
Old package:  ProDy-1.11-2.fc34
Summary:  Application for protein structure, dynamics and sequence analysis
RPMs: python3-ProDy
Size: 21.76 MiB
Size change:  12.24 MiB
Changelog:
  * Wed Feb 24 2021 Antonio Trande  - 2.0-1
  - Release 2.0


Package:  R-RPostgres-1.3.1-1.fc35
Old package:  R-RPostgres-1.3.0-3.fc34
Summary:  Rcpp Interface to PostgreSQL
RPMs: R-RPostgres
Size: 1.82 MiB
Size change:  2.22 KiB
Changelog:
  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
1.3.1-1
  - Update to latest version (#1913646)


Package:  R-broom-0.7.5-1.fc35
Old package:  R-broom-0.7.3-2.fc34
Summary:  Convert Statistical Objects into Tidy Tibbles
RPMs: R-broom
Size: 1.73 MiB
Size change:  60.63 KiB
Changelog:
  * Sun Feb 07 2021 Elliott Sales de Andrade  - 
0.7.4-1
  - Update to latest version (#1922307)

  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
0.7.5-1
  - Update to latest version (#1922307)


Package:  R-cli-2.3.1-1.fc35
Old package:  R-cli-2.3.0-1.fc35
Summary:  Helpers for Developing Command Line Interfaces
RPMs: R-cli
Size: 494.68 KiB
Size change:  80 B
Changelog:
  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
2.3.1-1
  - Update to latest version (#1932004)


Package:  R-crosstalk-1.1.1-1.fc35
Old package:  R-crosstalk-1.1.0.1-2.fc34
Summary:  Inter-Widget Interactivity for HTML Widgets
RPMs: R-crosstalk
Size: 596.54 KiB
Size change:  155.42 KiB
Changelog:
  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
1.1.1-1
  - Update to latest version (#1915291)
  - Re-bundle jQuery


Package:  R-data.table-1.14.0-1.fc35
Old package:  R-data.table-1.13.6-2.fc34
Summary:  Extension of `data.frame`
RPMs: R-data.table R-data.table-devel
Size: 11.36 MiB
Size change:  3.25 KiB
Changelog:
  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
1.14.0-1
  - Update to latest version (#1931171)


Package:  R-dplyr-1.0.4-1.fc35
Old package:  R-dplyr-1.0.2-2.fc34
Summary:  A Grammar of Data Manipulation
RPMs: R-dplyr
Size: 5.45 MiB
Size change:  86.62 KiB
Changelog:
  * Sun Feb 07 2021 Elliott Sales de Andrade  - 
1.0.4-1
  - Update to latest version (#1916807)


Package:  R-dtplyr-1.1.0-1.fc35
Old package:  R-dtplyr-1.0.1-4.fc34
Summary:  Data Table Back-End for 'dplyr'
RPMs: R-dtplyr
Size: 252.95 KiB
Size change:  144.86 KiB
Changelog:
  * Tue Feb 23 2021 Elliott Sales de Andrade  - 
1.1.0-1
  - Update to latest version (#1930999)


Package

Re: sssd: No %post/%preun/%postun?!?

2021-02-25 Thread Richard Shaw 
On Thu, Feb 25, 2021 at 7:39 AM Tom Hughes  wrote:

> On 25/02/2021 13:13, Richard Shaw wrote:
> > Per the packaging guidelines these don't seem to be optional:
> >
> >
> https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
> > <
> https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
> >
>
> Indeed they're not optional, but they're also not missing as a glance
> a the spec file confirms:
>
> https://src.fedoraproject.org/rpms/sssd/blob/rawhide/f/sssd.spec#_931


Ahh, I never thought to look past %files :)

Separate package, but I got a similar daemon-reload warning for
unbound-libs, but it was for a timer unit, which are not mentioned in the
packaging guidelines.

Warning: The unit file, source configuration file or drop-ins of
unbound-anchor.timer changed on disk. Run 'systemctl daemon-reload' to
reload units.

Should they be?

Thanks,
Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: sssd: No %post/%preun/%postun?!?

2021-02-25 Thread Tom Hughes via devel 

On 25/02/2021 13:13, Richard Shaw wrote:

Per the packaging guidelines these don't seem to be optional:

https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd 



Indeed they're not optional, but they're also not missing as a glance
a the spec file confirms:

https://src.fedoraproject.org/rpms/sssd/blob/rawhide/f/sssd.spec#_931

Additionally, at a minimum systemctl daemon-reload should be run. It 
looks like there is some sort of default behavior but it's not correct.


Warning: The unit file, source configuration file or drop-ins of 
sssd-kcm.socket changed on disk. Run 'systemctl daemon-reload' to reload 
units.
Warning: The unit file, source configuration file or drop-ins of 
sssd-kcm.service changed on disk. Run 'systemctl daemon-reload' to 
reload units.


What you are seeing there is RHBZ#1614751 in action.

Looking at my dnf rpm log, this seems to have been going on for quite 
some time and I can't believe I'm the first to notice...


You're not, and after 2.5 years it is finally about to be fixed.

Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: split-DNS, resolvconf on Fedora (OpenVPN related issues)

2021-02-25 Thread Petr Menšík 
Hi David,
more below.

On 2/25/21 11:57 AM, David Sommerseth wrote:
> On 22/02/2021 16:29, Petr Menšík wrote:
>> Why? I thought about common interface to various DNS cache
>> implementations for workstations and different VPN providers available.
>> While I think the best place to direct, which interface resolvers should
>> handle given domains. resolvconf handles conflicting requests from
>> different interfaces, when multiple DNS resolver providers are
>> configured by connection.
> 
> Just providing some input from the OpenVPN perspective.
> 
> * OpenVPN 3 Linux
> 
> OpenVPN 3 Linux [0] since the v10 release provides native
> systemd-resolved support
> 
> It is not optimal yet, but we plan to provide full support for split-DNS
> (only pushed domains will be resolved via the DNS server requested by
> the VPN server) and exclusive DNS (use only the DNS server pushed by VPN
> server).
This case is exactly what I am trying to prevent. There is multiple
implementations of dns cache, most of them can support split-DNS by some
configuration. If openvpn supports systemd-resolved natively, does that
mean it would not be able to support split-DNS on dnsmasq or unbound?
What is motivation to support specific implementation instead of generic
interface? I don't want to ask openvpn to support also dnsmasq or
unbound natively, because I think there should be middle layer support.
I am trying to use resolvconf as such layer.

I am dnsmasq, unbound and bind (co)maintainer. I want them to stay first
class citizens in Fedora, even when they are not installed by default.
Of course, also knot-resolver and pdns-recursor should be supported, if
they are (willing and) able to.

> 
> The current implementation will query all DNS servers on all interfaces.
>  This hybrid mode will also be supported.
> 
> At the moment I'm not yet decided what should be the default mode, but
> I'm leaning towards split-DNS - as that provides the least risk for DNS
> leakage either way.  But for some any DNS lookups to the main link is
> considered a DNS leak as well, so this is highly usage dependent.  We
> are also considering how far the server can go to push for a certain
> profile - as the use cases for VPN provider side are also very diverse
> with different requirements.
I think it should be configurable from server side with ability to
override it on client side. The VPN owner should be able to do specify,
whether all queries or only domain-selected queries should go over the
VPN. Is it already possible to choose the variant from server side? The
default should matter only in case VPN administrator does not care.
> 
> For the v10+ releases you need to do a little configuration step [1] to
> enable this support, but we are planning to enable this by default on
> Fedora 33+.  Ubuntu 20.04 will probably also be updated to use it by
> default.  This will most likely happen from the v14 release.
> 
> 
> * OpenVPN 2.x
> 
> We are also considering to fully embrace the update-systemd-resolved [2]
> script for the OpenVPN 2.x versions.  And will work together with this
> project to ensure OpenVPN 3 Linux and OpenVPN 2.x will behave a similar
> as possible.
Is there a reason, why systemd-resolved's resolvconf does not work for
you? Does update-systemd-resolved need more functionality than
resolvconf is able to provide? Was the reason missing resolvconf on
Ubuntu/Debian?

For example, resolvconf -p -a  
> 
> * NetworkManger and OpenVPN
> 
> Outside of that, OpenVPN via NetworkManager will be a different beast to
> tackle which we have not yet dug into from the OpenVPN project side.
> From the OpenVPN side, we are not too happy about the current
> NetworkManager plug-in from a general point of view.
> 
> It is good with the graphical interface, but NetworkManager does not
> fully consider what OpenVPN is capable and restricts its capabilities
> too much in several areas (like killing the OpenVPN process if the main
> link disappears; OpenVPN is capable of recovering quite nicely when
> network recovers).  And we have more OpenVPN specific features planned
> as well, where the NetworkManager can cause more damage - as it does not
> (and should not) understand how OpenVPN operates.
> 
> * DNS updates
> 
> If NetworkManager is capable of fully integrating with a unified DNS
> resolver management which OpenVPN and other updateresolve alternatives
> could work with would definitely be the best for all of this.
NM can set ipv4.dns-search and ipv4.dns, with ipv6 having this too. My
ethernet nmcli shows values from DHCP as IP4.DNS[*] and IP4.DOMAIN[*]. I
think that is almost all we need. Set of DNS IPs and list of domains
handled by them. Then just a signal of preference, whether to forward
all unspecific queries to this connection by default. NM has also
ipv4.dns-priority number, I guess it is for similar thing.

Problem is as you already noted, NM limits some feature uses. I think NM
can store only values per connection only when it manages such

Re: Please remove "-i" from "%forgemeta" templates on wiki

2021-02-25 Thread Stephen John Smoogen 
On Wed, 24 Feb 2021 at 18:54, Kevin Kofler via devel <
devel@lists.fedoraproject.org> wrote:

> Matthew Miller wrote:
> > I don't think "documentation is harder to keep up to date there" is
> right,
>
> Well, I guess it does not apply that much to the pages which were already
> in
> an ACL-locked namespace, in particular, the packaging guidelines that can
> only be edited by FPC. I cannot speak for the FPC whether it is easier,
> harder, or the same difficulty to do the edits now vs. on the wiki.
>
> But as far as I can tell, the move also affects wiki contents that were
> not
> previously ACL-locked, and for those, it makes a big difference whether
> anyone with a FAS account can just edit them on the wiki or whether one
> has
> to dig up the source code in some Git repository and send a pull request
> (and not get any instant feedback whether the changes even compile without
> also installing some documentation processing toolchain). I guess most
> people can only try to get someone else to do the editing work, or will
> just
> shrug it off as "it's wrong and I cannot edit it".
>
>
Actually the wiki is ACL locked where you need more than a FAS account to
edit it (and has been for several years). That is because we spent too much
time cleaning up neo-nazi scribbles, various pill scams, and get-rich ads
from continual organized groups who look for low barrier of entry wikis to
use for this. We have several tens of thousand fas accounts all opened by
these groups continually even after we stopped allowing the wiki edits to
anyone with a FAS account. The groups are still there, still opening
accounts and every now and then find some group to get added to where they
start up again.

[Some of the groups are robots doing this, but a large number are people
paid to do the 'pose as a real person' so our robot can take over and spam
edit. Most of them are very intelligent people who see it as more of a
continual puzzle to solve with the sites as the puzzle-master.]

Using the 'needs to be viewed before accepted' causes problems because the
malware that all these things use can just look at the edit tag and display
the crap on people's screens and websites anyway. And the general website
goes down regularly because millions of browsers from other websites are
tricked into getting stuff from our servers.

The second problem that 'needs to be accepted before published' plugins is
that it requires active people to check their sections. Almost no one is
doing that for the wiki and that has been the case for over a decade. A
well structured wiki requires active work from people wanting to do this in
and out. The people who did this initially in Fedora left years ago, and no
one has ever stepped up to replace them. Most people seem to assume that
instead someone else will do that work for them later. New people who have
been interested usually look at the mess and say 'I would say nuke it and
start over' or 'you know moving this to a newer technology is better'. Then
they deal with the community for a while and realize that as much as people
complain about how horrible it is, they will fight any change because it
would mean learning something new.

The wiki has been a 'trashcan' since before we moved from moin to
mediawiki. This is in part because many groups expected the wiki to be
'their' wiki and they got to do whatever was inside their section. It then
became an afterthought where you stick some things up so you can checkmark
'documentation done' in whatever checklist.

In the end, the wiki is most useful when people care for it and you have
people who are either paid (even in the mediawiki) or volunteer to be
'librarians' and curate and clean up things. No one has done that in Fedora
since at least 2010, and without an empowered community to clean things up
and keep litter down.. the wiki turns into what it is. [This isn't the only
wiki like this.. most ones end up this way because people think they
magically take care of themselves without realizing the army of people that
sit at the Mediawiki wikipedias to do that work.]




-- 
Stephen J Smoogen.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

sssd: No %post/%preun/%postun?!?

2021-02-25 Thread Richard Shaw 
Per the packaging guidelines these don't seem to be optional:

https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd

Additionally, at a minimum systemctl daemon-reload should be run. It looks
like there is some sort of default behavior but it's not correct.

Warning: The unit file, source configuration file or drop-ins of
sssd-kcm.socket changed on disk. Run 'systemctl daemon-reload' to reload
units.
Warning: The unit file, source configuration file or drop-ins of
sssd-kcm.service changed on disk. Run 'systemctl daemon-reload' to reload
units.

Even the base sssd service seems to be missing daemon-reload:

Warning: The unit file, source configuration file or drop-ins of
sssd.service changed on disk. Run 'systemctl daemon-reload' to reload units.

For the other services provided the default behavior seems to be of the
try-restart variety but all (most?) of these are indirectly started by
socket activation so should be using %systemd_postun and not
%systemd_postun_with_restart:

Failed to try-restart sssd-autofs.service: Operation refused, unit
sssd-autofs.service may be requested by dependency only (it is configured
to refuse manual start/stop).
See system logs and 'systemctl status sssd-autofs.service' for details.
Failed to try-restart sssd-nss.service: Operation refused, unit
sssd-nss.service may be requested by dependency only (it is configured to
refuse manual start/stop).
See system logs and 'systemctl status sssd-nss.service' for details.
Failed to try-restart sssd-pac.service: Operation refused, unit
sssd-pac.service may be requested by dependency only (it is configured to
refuse manual start/stop).
See system logs and 'systemctl status sssd-pac.service' for details.
Failed to try-restart sssd-pam.service: Operation refused, unit
sssd-pam.service may be requested by dependency only (it is configured to
refuse manual start/stop).
See system logs and 'systemctl status sssd-pam.service' for details.
Failed to try-restart sssd-ssh.service: Operation refused, unit
sssd-ssh.service may be requested by dependency only (it is configured to
refuse manual start/stop).
See system logs and 'systemctl status sssd-ssh.service' for details.
Failed to try-restart sssd-sudo.service: Operation refused, unit
sssd-sudo.service may be requested by dependency only (it is configured to
refuse manual start/stop).
See system logs and 'systemctl status sssd-sudo.service' for details.

Looking at my dnf rpm log, this seems to have been going on for quite some
time and I can't believe I'm the first to notice...

Thanks,
Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1932390] perl-CPAN-FindDependencies-3.05 is available

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1932390



--- Comment #2 from Fedora Update System  ---
FEDORA-2021-5a096a1b32 has been submitted as an update to Fedora 34.
https://bodhi.fedoraproject.org/updates/FEDORA-2021-5a096a1b32


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: glibc redefines SIGSTKSZ and MINSTKSZ (Re: pagure pushed to stress-ng (rawhide). "Fix build with glibc 2.34 (..more)")

2021-02-25 Thread Florian Weimer 
* Tomasz Kłoczko:

> Is it not kind of a mistake in case of glibc to introduce such
> changes? (just asking to only have confirmation that it was not actual
> mistake and not to start another flame)

We don't have a choice.  The old interfaces are simply incompatible with
modern hardware.  CPUs have massive register files nowadays.
Applications using minimal signal stacks need to adapt in some way.

This is fallout from a hardware change.  I expect that related bugs will
be quite visible as Tiger Lake devices become more common.

Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1932390] perl-CPAN-FindDependencies-3.05 is available

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1932390

Petr Pisar  changed:

   What|Removed |Added

 Status|ASSIGNED|MODIFIED
   Fixed In Version||perl-CPAN-FindDependencies-
   ||3.05-1.fc35



--- Comment #1 from Petr Pisar  ---
A bug-fix release suitable for Fedora ≥ 34.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[rpms/perl-CPAN-FindDependencies] PR #1: Tests

2021-02-25 Thread Petr Pisar 

ppisar closed without merging a pull-request against the project: 
`perl-CPAN-FindDependencies` that you
are following.

Closed pull-request:

``
Tests
``

https://src.fedoraproject.org/rpms/perl-CPAN-FindDependencies/pull-request/1
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

glibc redefines SIGSTKSZ and MINSTKSZ (Re: pagure pushed to stress-ng (rawhide). "Fix build with glibc 2.34 (..more)")

2021-02-25 Thread Tomasz Kłoczko 
On Thu, 25 Feb 2021 at 10:52,  wrote:

> Notification time stamped 2021-02-25 10:17:40 UTC
>
> From a9bc8b5947d10f13996e6e5d7280e5860473bbd4 Mon Sep 17 00:00:00 2001
> From: Yaakov Selkowitz 
> Date: Feb 25 2021 03:05:37 +
> Subject: Fix build with glibc 2.34
>
>
> https://github.com/ColinIanKing/stress-ng/issues/107
>
> ---
>
> diff --git a/stress-ng-0.12.03-sigstksz.patch
> b/stress-ng-0.12.03-sigstksz.patch
> new file mode 100644
> index 000..b05c935
> --- /dev/null
> +++ b/stress-ng-0.12.03-sigstksz.patch
> @@ -0,0 +1,661 @@
> +From 7c4f74761089177127c2cfe6685b7886aa231885 Mon Sep 17 00:00:00 2001
> +From: Colin Ian King 
> +Date: Thu, 25 Feb 2021 00:33:17 +
> +Subject: [PATCH] stack handling: use _SC_SIGSTKSZ and _SC_MINSIGSTKSZ
> +
> +New versions of glibc will define SIGSTKSZ and MINSTKSZ
> +on the sysconf values for _SC_SIGSTKSZ and _SC_MINSIGSTKSZ
> +respectively.  Define two helper functions to determine the
> +stack sizes by trying to use cached sysconf values, fetching
> +and caching the sysconf values or falling back to the
> +traditional SIGSTKSZ or MINSTKSZ defined values, or hard
> +coded 8K limits if all else fails.
> +
> +Define STRESS_SIGSTKSZ and STRESS_MINSTKSZ that call the
> +helper functions and hide the details.  Since these sizes
> +are dynamic, replace all statically allocated and stack
> +allocated alternative stacks with mmap'd versions and add
> +in allocation failure error handling.
> +
> +Finally remove the MLOCKED_DATA macros now that the mlocked
> +alt stacks are no longer used.
> +
> +Signed-off-by: Colin Ian King 
> +---
> + core-helper.c | 85 +--
> + stress-bad-altstack.c | 39 ++--
> + stress-context.c  | 19 +++---
> + stress-ng.c   |  3 --
> + stress-ng.h   | 10 -
> + stress-rlimit.c   | 15 +++-
> + stress-stack.c| 18 -
> + stress-stackmmap.c| 70 ---
> + stress-vforkmany.c| 14 +--
> + 9 files changed, 180 insertions(+), 93 deletions(-)
>

Hmm .. looks like there will probably be mny packages affected by this
issue because of the recent glibc changes.
The same is with ocaml https://github.com/ocaml/ocaml/issues/10250

Is it not kind of a mistake in case of glibc to introduce such changes?
(just asking to only have confirmation that it was not actual mistake and
not to start another flame)

kloczek
-- 
Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: split-DNS, resolvconf on Fedora (OpenVPN related issues)

2021-02-25 Thread David Sommerseth 

On 22/02/2021 16:29, Petr Menšík wrote:

Why? I thought about common interface to various DNS cache
implementations for workstations and different VPN providers available.
While I think the best place to direct, which interface resolvers should
handle given domains. resolvconf handles conflicting requests from
different interfaces, when multiple DNS resolver providers are
configured by connection.


Just providing some input from the OpenVPN perspective.

* OpenVPN 3 Linux

OpenVPN 3 Linux [0] since the v10 release provides native
systemd-resolved support.

It is not optimal yet, but we plan to provide full support for split-DNS 
(only pushed domains will be resolved via the DNS server requested by 
the VPN server) and exclusive DNS (use only the DNS server pushed by VPN 
server).


The current implementation will query all DNS servers on all interfaces. 
 This hybrid mode will also be supported.


At the moment I'm not yet decided what should be the default mode, but 
I'm leaning towards split-DNS - as that provides the least risk for DNS 
leakage either way.  But for some any DNS lookups to the main link is 
considered a DNS leak as well, so this is highly usage dependent.  We 
are also considering how far the server can go to push for a certain 
profile - as the use cases for VPN provider side are also very diverse 
with different requirements.


For the v10+ releases you need to do a little configuration step [1] to 
enable this support, but we are planning to enable this by default on 
Fedora 33+.  Ubuntu 20.04 will probably also be updated to use it by 
default.  This will most likely happen from the v14 release.



* OpenVPN 2.x

We are also considering to fully embrace the update-systemd-resolved [2] 
script for the OpenVPN 2.x versions.  And will work together with this 
project to ensure OpenVPN 3 Linux and OpenVPN 2.x will behave a similar 
as possible.



* NetworkManger and OpenVPN

Outside of that, OpenVPN via NetworkManager will be a different beast to 
tackle which we have not yet dug into from the OpenVPN project side. 
From the OpenVPN side, we are not too happy about the current 
NetworkManager plug-in from a general point of view.


It is good with the graphical interface, but NetworkManager does not 
fully consider what OpenVPN is capable and restricts its capabilities 
too much in several areas (like killing the OpenVPN process if the main 
link disappears; OpenVPN is capable of recovering quite nicely when 
network recovers).  And we have more OpenVPN specific features planned 
as well, where the NetworkManager can cause more damage - as it does not 
(and should not) understand how OpenVPN operates.


* DNS updates

If NetworkManager is capable of fully integrating with a unified DNS 
resolver management which OpenVPN and other updateresolve alternatives 
could work with would definitely be the best for all of this.


OpenVPN 3 Linux and OpenVPN 2.x can be extended and taught to integrate 
with various DNS management approaches.  systemd-resolved is already on 
the way, but does not need to be restricted here.  But we are very much 
interested in being involved in such discussions.



[0] 
[1] 


[2] 


--
kind regards,

David Sommerseth
OpenVPN Inc
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[rpms/perl-CPAN-FindDependencies] PR #1: Tests

2021-02-25 Thread Petr Pisar 

ppisar opened a new pull-request against the project: 
`perl-CPAN-FindDependencies` that you are following:
``
Tests
``

To reply, visit the link below
https://src.fedoraproject.org/rpms/perl-CPAN-FindDependencies/pull-request/1
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Florian Weimer 
* Michael Catanzaro:

> FWIW I agree that systemd-resolved is *much* less important for
> servers and containers than it is on desktops.

Why do you think that?

Caching DNS server availability is a commonly requested feature even in
data center deployments.  The way Fedora currently implements its DNS
client, it more or less defeats the built-in high availability mechanism
of DNS, and complex network-based mitigations are needed (like using
anycast DNS resolvers).

Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Fedora-Cloud-32-20210225.0 compose check report

2021-02-25 Thread Fedora compose checker 
No missing expected images.

Soft failed openQA tests: 1/7 (x86_64), 1/7 (aarch64)
(Tests completed, but using a workaround for a known bug)

Old soft failures (same test soft failed in Fedora-Cloud-32-20210224.0):

ID: 788994  Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud
URL: https://openqa.fedoraproject.org/tests/788994
ID: 789001  Test: aarch64 Cloud_Base-qcow2-qcow2 cloud_autocloud@uefi
URL: https://openqa.fedoraproject.org/tests/789001

Passed openQA tests: 6/7 (x86_64), 6/7 (aarch64)
-- 
Mail generated by check-compose:
https://pagure.io/fedora-qa/check-compose
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1932390] perl-CPAN-FindDependencies-3.05 is available

2021-02-25 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1932390

Petr Pisar  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC|jples...@redhat.com |ppi...@redhat.com
   Assignee|jples...@redhat.com |ppi...@redhat.com
   Doc Type|--- |If docs needed, set a value




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: systemd-resolved fallback DNS servers: usability vs. GDPR

2021-02-25 Thread Peter Boy 


> Am 24.02.2021 um 20:19 schrieb Lennart Poettering :
> 
> On Mi, 24.02.21 12:49, Paul Wouters (p...@nohats.ca) wrote:
> 
> 
> I think the caching and DoT stuff that resolved provides is useful on
> any system, and that includes servers, and I think it would be good to
> minimize the difference in the APIs (and that includes D-Bus APIs)
> when we can. So I'd recommend doing resolved on server images too.

You have a good point about caching. And I like the emphasis on usability (in 
an earlier post. That may be one reason for the wide acceptance of systemd, 
despite all the criticism). 

But for Fedora Server, I definitely want an unmissable indication of a 
configuration error (and log entries are too easy to miss, especially when I 
don't see a problem). So instead of (more or less silent) fallback, a fail. 

For Fedora Workstation, I see resolved as a real step forward. 

But for Fedora Server it would need a tighter integration of / cooperation with 
libvirt virtualisation and also NetworkManager in the medium term. 


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: [dns-sig] Re: split-DNS, resolvconf on Fedora

2021-02-25 Thread Florian Weimer 
* Paul Wouters:

> On Mon, 22 Feb 2021, Petr Menšík wrote:
>
>> Wouldn't it be much simpler, if I could just dnf remove systemd-resolved
>> in case I don't want it?
>
> In the past I also mentioned this. The overwhelming majority of installs
> do not gain any benefit from te systemd-resolved service. Most servers,
> containers and even workstations are installed and given DNS
> configurations via DHCP, manager by a network administrator.

I think a local cache is very beneficial to most users.

The novel DNS request routing is problematic.  Ideally Fedora would have
a local cache by default, but keep the old way of routing DNS requests.

In my opinion, just getting rid of systemd-resolved is not the right way
forward.  We should really keep the local cache aspect of it.  So an
outright removal of the service is not an answer, we'd need a
replacement for the cache part.  (A separate subpackage probably makes
sense for other reasons.)

Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Donate 1 minute of your time to test upgrades from F33 to F34

2021-02-25 Thread Zbigniew Jędrzejewski-Szmek 
On Wed, Feb 24, 2021 at 07:06:47PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Feb 24, 2021 at 12:08:56PM -0600, Dennis Gilmore wrote:
> >  yum distro-sync --releasever 34
> > Last metadata expiration check: 0:10:11 ago on Wed 24 Feb 2021 11:55:46 AM 
> > CST.
> > Error:
> >  Problem: package gnome-tour-40~beta-3.fc34.x86_64 obsoletes
> > gnome-getting-started-docs < 3.38.1-2 provided by
> > gnome-getting-started-docs-3.38.0-2.fc34.noarch
> >   - package gnome-getting-started-docs-es-3.38.0-2.fc34.noarch
> > requires gnome-getting-started-docs = 3.38.0-2.fc34, but none of the
> > providers can be installed
> >   - problem with installed package gnome-tour-3.38.0-2.fc33.x86_64
> >   - problem with installed package
> > gnome-getting-started-docs-es-3.38.0-1.fc33.noarch
> >   - gnome-tour-3.38.0-2.fc33.x86_64 does not belong to a distupgrade 
> > repository
> >   - gnome-getting-started-docs-es-3.38.0-1.fc33.noarch does not belong
> > to a distupgrade repository
> > (try to add '--skip-broken' to skip uninstallable packages)
> 
> This is fixed by gnome-tour-40~beta-4.fc34, which is tagged into f34.
> I think there was no compose yesterday, so it hasn't been pushed out.

I still don't see it today. I don't understand why.

Zbyszek
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: [dns-sig] split-DNS, resolvconf on Fedora

2021-02-25 Thread Peter Boy 


> Am 24.02.2021 um 18:18 schrieb Paul Wouters :
> 
> On Mon, 22 Feb 2021, Petr Menšík wrote:
> 
>> Wouldn't it be much simpler, if I could just dnf remove systemd-resolved
>> in case I don't want it?
> 
> ….

> There is no technical reason why this is not in its own package. There
> has been some focussing on reducing minimal installs, and this is a
> prime candidate for that. I'm fine with the workstation or desktop
> installs bringing this package in by default. But I see only potential
> harm from installing it on servers, containers and most virtual machines.


You may be right. See https://github.com/systemd/systemd/issues/18761 

and/or

https://lists.fedoraproject.org/archives/list/ser...@lists.fedoraproject.org/thread/HOWYMPWHLBB5FDFD5VWLCC5Z73IQWA66/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure