Re: rpm bug for multiple README.md or LICENSE.md in EPEL 8 and Fedora
On Sun, Dec 5, 2021 at 1:49 AM Otto Urpelainen wrote:
>
> Nico Kadel-Garcia kirjoitti 5.12.2021 klo 5.07:
> > I've been trying to bundle the current ansible-5.0.1 release as an RPM
> > for Fedora and EPEL use. Leaving aside the peculiar decisions to
> > replace the pypi.org "ansible" tarball with a tarball of roughly 150
> > modules from the "ansiblee-collections" repos, and moving the actual
> > ansible software to a distinct python tarball called "ansible-core"
> > without changing the source repo or the actual critical installed
> > python modules, the new "ansible" has more than 300 files called
> > "README.md" and more than 100 files called "LICENSE.md".
> >
> > This breaks building RPMs for EPEL 8 or Fedora, because the '%doc' and
> > '%license' macros strip off the subdirectories of the files and
> > install them directly at the top of the docdir.
> >
> > Basicely these only generate one file:
> >
> > %doc README.md
> > %doc dir1/README.md
> > %doc dir2/README.md
> >
> > %license LICENSE.md
> > %license dir1/LICENSE
> > %license dir2/LICENSE.md
> >
> > When compiled, these would only produce:
> >
> >/usr/share/doc/package-%{fersion}/README.md
> >/usr/share/doc/package-%{fersion}/LICENSE.md
>
> Path stripping only happens if you list relative paths with %doc or
> %license, which which case rpm looks for them from the build directory.
> If you specify absolute paths, rpm looks for them in the buildroot like
> it does for any other files. See section %doc and %license at rpm spec
> file format reference [1].
>
> So something like this should work:
>
> %install
> cp README.md
> %{buildroot}/%{_datadir}/doc/%{package}-%{version}/README.md
> cp dir1/README.md
> %{buildroot}/%{_datadir}/doc/%{package}-%{version}/dir1/README.md
> # ...
>
> %files
> %doc %{_datadir}/doc/%{package}-%{version}/README.md
> %doc %{_datadir}/doc/%{package}-%{version}/dir1/README.md
> # ...
>
> [1]: https://rpm-software-management.github.io/rpm/manual/spec.html
>
> Otto
I'm reading that documentation. It says *nothing* about path
stripping, a behavior which has apparently changed sometime since RHEL
7 or its ancestorFedora 12. So if this is expected behavior, I'd like
to see it documented.
Does anyone know how to turn it off for '%doc' and ''%license'? It
doesn't seem to be in the macros, and diving into the C code to get
this change reverted for a future release of rpm seems like a very
long term goal. It seems to me to be unwelcome and undesirable
behavior for precisely the kind of situation of 'ansible tarball has
more than 300 README.md files'. And given my previous concerns about
that very large bundle, I suspect I'll not have good success getting
the authors to discard it and use a more typical factored python
submodule distribution.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: rust: Request for packaging rust-html-escape and rust-smallbitvec
On Friday, 3 December 2021 18:40:12 CET Aleksei Bavshin wrote: > On 12/3/21 03:15, Andreas Schneider wrote: > > > On Thursday, December 2, 2021 9:07:06 PM CET Aleksei Bavshin wrote: > > > >> `smallbitvec` deps are only needed for benchmark, so the test suite is > >> actually passing without these. Should be safe to drop with metadata > >> patch. >> > >> > >> > >> rust-tiny_http 0.8.2 also has a benchmark-only dependency `fdlimit` > >> which we can drop. > >> > >> > >> > >> The situation with tree-sitter-cli testsuite is complicated: it requires > >> a few other github repos with a grammar definitions and who knows what > >> else. I haven't succeeded in running it so far, so we can keep it turned > >> off. And that would make `rust-spin` update unnecessary. > >> > >> > >> > >> The draft packages are available from > >> https://copr.fedorainfracloud.org/coprs/alebastr/rust-tree-sitter-cli/; > >> seems working with available grammar files (with exception of > >> `build-wasm` and `playground` subcommands which require emscripten). > > > > > > This is great work, thank you very much. I didn't know that the > > tree-sitter- cli needs it own package and can't be built in the current > > tree-sitter package. So I will just continue to take care of tree-sitter > > and just build the lib. > > > > So having tree-sitter-cli in the next fedora version would be awesome. > > > Reviews (and PR for rust-tiny_http update) are sent. > > Upstream issue for missing license file: > https://github.com/tree-sitter/tree-sitter/issues/1520 > > Andreas, do you want to have comaintainer access to the tree-sitter-cli > packages? I can do the co-maintainer if you're interested :-) Andreas ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: rpm bug for multiple README.md or LICENSE.md in EPEL 8 and Fedora
Nico Kadel-Garcia kirjoitti 5.12.2021 klo 5.07:
I've been trying to bundle the current ansible-5.0.1 release as an RPM
for Fedora and EPEL use. Leaving aside the peculiar decisions to
replace the pypi.org "ansible" tarball with a tarball of roughly 150
modules from the "ansiblee-collections" repos, and moving the actual
ansible software to a distinct python tarball called "ansible-core"
without changing the source repo or the actual critical installed
python modules, the new "ansible" has more than 300 files called
"README.md" and more than 100 files called "LICENSE.md".
This breaks building RPMs for EPEL 8 or Fedora, because the '%doc' and
'%license' macros strip off the subdirectories of the files and
install them directly at the top of the docdir.
Basicely these only generate one file:
%doc README.md
%doc dir1/README.md
%doc dir2/README.md
%license LICENSE.md
%license dir1/LICENSE
%license dir2/LICENSE.md
When compiled, these would only produce:
/usr/share/doc/package-%{fersion}/README.md
/usr/share/doc/package-%{fersion}/LICENSE.md
Path stripping only happens if you list relative paths with %doc or
%license, which which case rpm looks for them from the build directory.
If you specify absolute paths, rpm looks for them in the buildroot like
it does for any other files. See section %doc and %license at rpm spec
file format reference [1].
So something like this should work:
%install
cp README.md
%{buildroot}/%{_datadir}/doc/%{package}-%{version}/README.md
cp dir1/README.md
%{buildroot}/%{_datadir}/doc/%{package}-%{version}/dir1/README.md
# ...
%files
%doc %{_datadir}/doc/%{package}-%{version}/README.md
%doc %{_datadir}/doc/%{package}-%{version}/dir1/README.md
# ...
[1]: https://rpm-software-management.github.io/rpm/manual/spec.html
Otto
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: EPEL 9 branch?
On Sun, Dec 05, 2021 at 03:27:49AM +, Gary Buhrmaster wrote: > Now that CentOS Stream 9 is announced as > available, is there a schedule for when EPEL-9 > branches can be made, and when one can > (start to) ask others to build for EPEL-9 yes, yesterday. See the announcement: https://lists.fedoraproject.org/archives/list/epel-annou...@lists.fedoraproject.org/thread/5UJSW3FBGQMLXWWV7BGHWZTOFLH4NH3G/ > (it would be nice if a number of the EPEL-9 > packages were preliminarily ready at the time > of the EL-9 formal release (just, perhaps, > needing a (mass) rebuild to be sure)). There's no longer any plans to mass rebuild, those packages that need a rebuild for some reason can be rebuilt by their maintainer(s). kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: rpm bug for multiple README.md or LICENSE.md in EPEL 8 and Fedora
Aarggh, I had a cat attacking my hands at one moment. I meant:
/usr/share/doc/%}package}-%{version}/README.md
/usr/share/doc/%{package}-%{version}/LICENSE.md
On Sat, Dec 4, 2021 at 10:07 PM Nico Kadel-Garcia wrote:
>
> I've been trying to bundle the current ansible-5.0.1 release as an RPM
> for Fedora and EPEL use. Leaving aside the peculiar decisions to
> replace the pypi.org "ansible" tarball with a tarball of roughly 150
> modules from the "ansiblee-collections" repos, and moving the actual
> ansible software to a distinct python tarball called "ansible-core"
> without changing the source repo or the actual critical installed
> python modules, the new "ansible" has more than 300 files called
> "README.md" and more than 100 files called "LICENSE.md".
>
> This breaks building RPMs for EPEL 8 or Fedora, because the '%doc' and
> '%license' macros strip off the subdirectories of the files and
> install them directly at the top of the docdir.
>
> Basicely these only generate one file:
>
>%doc README.md
>%doc dir1/README.md
>%doc dir2/README.md
>
>%license LICENSE.md
> %license dir1/LICENSE
> %license dir2/LICENSE.md
>
> When compiled, these would only produce:
>
> /usr/share/doc/package-%{fersion}/README.md
> /usr/share/doc/package-%{fersion}/LICENSE.md
>
> RHEL 7 didn't have this problem. I'm not sure if other folks have
> noticed this for tools that are built with multiple internal tarballs.
> The new "ansible" tarball is fairly unique ints authors insistance on
> putting more than one hundred distinct third party packages in the
> same master tarball. But for now, this is going to cause a license and
> documentation problem in packaging it due to an "optimization" of
> stripping out the directory names of document files and licenses.
>
> Does anyone know a decent workaround, or a specfile setting to disable
> this filename stripping and restore the RHEL 7 behavior?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Fedora-Rawhide-20211204.n.1 compose check report
No missing expected images. Compose PASSES proposed Rawhide gating check! All required tests passed Failed openQA tests: 6/208 (x86_64), 14/142 (aarch64) New failures (same test not failed in Fedora-Rawhide-20211203.n.0): ID: 1077002 Test: x86_64 Server-dvd-iso anaconda_help URL: https://openqa.fedoraproject.org/tests/1077002 ID: 1077007 Test: x86_64 Server-dvd-iso support_server URL: https://openqa.fedoraproject.org/tests/1077007 ID: 1077018 Test: x86_64 Server-dvd-iso install_updates_nfs URL: https://openqa.fedoraproject.org/tests/1077018 ID: 1077141 Test: aarch64 Server-dvd-iso anaconda_help@uefi URL: https://openqa.fedoraproject.org/tests/1077141 ID: 1077152 Test: aarch64 Server-dvd-iso install_vncconnect_client@uefi URL: https://openqa.fedoraproject.org/tests/1077152 ID: 1077153 Test: aarch64 Server-dvd-iso install_vncconnect_server@uefi URL: https://openqa.fedoraproject.org/tests/1077153 ID: 1077174 Test: aarch64 Server-dvd-iso base_selinux@uefi URL: https://openqa.fedoraproject.org/tests/1077174 ID: 1077180 Test: aarch64 Server-dvd-iso realmd_join_cockpit@uefi URL: https://openqa.fedoraproject.org/tests/1077180 ID: 1077184 Test: aarch64 Server-dvd-iso realmd_join_sssd@uefi URL: https://openqa.fedoraproject.org/tests/1077184 ID: 1077221 Test: aarch64 Cloud_Base-qcow2-qcow2 base_service_manipulation@uefi URL: https://openqa.fedoraproject.org/tests/1077221 ID: 1077237 Test: x86_64 universal install_blivet_software_raid@uefi URL: https://openqa.fedoraproject.org/tests/1077237 ID: 1077313 Test: aarch64 universal install_cyrillic_language@uefi URL: https://openqa.fedoraproject.org/tests/1077313 ID: 1077321 Test: aarch64 universal support_server@uefi URL: https://openqa.fedoraproject.org/tests/1077321 ID: 1077325 Test: aarch64 universal install_iscsi@uefi URL: https://openqa.fedoraproject.org/tests/1077325 Old failures (same test failed in Fedora-Rawhide-20211203.n.0): ID: 1077095 Test: x86_64 KDE-live-iso apps_startstop URL: https://openqa.fedoraproject.org/tests/1077095 ID: 1077115 Test: x86_64 Silverblue-dvd_ostree-iso release_identification URL: https://openqa.fedoraproject.org/tests/1077115 ID: 1077179 Test: aarch64 Server-dvd-iso server_cockpit_basic@uefi URL: https://openqa.fedoraproject.org/tests/1077179 ID: 1077208 Test: aarch64 Workstation-raw_xz-raw.xz gedit@uefi URL: https://openqa.fedoraproject.org/tests/1077208 ID: 1077213 Test: aarch64 Workstation-raw_xz-raw.xz eog@uefi URL: https://openqa.fedoraproject.org/tests/1077213 ID: 1077303 Test: aarch64 universal install_asian_language@uefi URL: https://openqa.fedoraproject.org/tests/1077303 Soft failed openQA tests: 3/142 (aarch64), 7/208 (x86_64) (Tests completed, but using a workaround for a known bug) New soft failures (same test not soft failed in Fedora-Rawhide-20211203.n.0): ID: 1077197 Test: aarch64 Workstation-raw_xz-raw.xz install_arm_image_deployment_upload@uefi URL: https://openqa.fedoraproject.org/tests/1077197 Old soft failures (same test soft failed in Fedora-Rawhide-20211203.n.0): ID: 1077069 Test: x86_64 Workstation-live-iso eog URL: https://openqa.fedoraproject.org/tests/1077069 ID: 1077084 Test: x86_64 Workstation-live-iso gedit URL: https://openqa.fedoraproject.org/tests/1077084 ID: 1077118 Test: x86_64 Silverblue-dvd_ostree-iso evince URL: https://openqa.fedoraproject.org/tests/1077118 ID: 1077119 Test: x86_64 Silverblue-dvd_ostree-iso gedit URL: https://openqa.fedoraproject.org/tests/1077119 ID: 1077120 Test: x86_64 Silverblue-dvd_ostree-iso eog URL: https://openqa.fedoraproject.org/tests/1077120 ID: 1077130 Test: x86_64 Cloud_Base-qcow2-qcow2 cloud_autocloud@uefi URL: https://openqa.fedoraproject.org/tests/1077130 ID: 1077222 Test: aarch64 Cloud_Base-qcow2-qcow2 cloud_autocloud@uefi URL: https://openqa.fedoraproject.org/tests/1077222 ID: 1077269 Test: x86_64 universal upgrade_server_domain_controller URL: https://openqa.fedoraproject.org/tests/1077269 ID: 1077318 Test: aarch64 universal upgrade_server_domain_controller@uefi URL: https://openqa.fedoraproject.org/tests/1077318 Passed openQA tests: 195/208 (x86_64), 125/142 (aarch64) New passes (same test not passed in Fedora-Rawhide-20211203.n.0): ID: 1077079 Test: x86_64 Workstation-live-iso desktop_login URL: https://openqa.fedoraproject.org/tests/1077079 ID: 1077199 Test: aarch64 Workstation-raw_xz-raw.xz desktop_printing@uefi URL: https://openqa.fedoraproject.org/tests/1077199 ID: 1077207 Test: aarch64 Workstation-raw_xz-raw.xz evince@uefi URL: https://openqa.fedoraproject.org/tests/1077207 ID: 1077214 Test: aarch64 Workstation-raw_xz-raw.xz desktop_update_graphical@uefi URL: https://openqa.fedoraproject.org/tests/1077214 ID: 1077331 Test: aarch64 universal install_european_language@uefi URL: https://openqa.fedoraproject.org/tests/1077331 ID: 1077332 Test: aarch64 universal install_blivet_lvmthin@uefi URL: https://o
EPEL 9 branch?
Now that CentOS Stream 9 is announced as available, is there a schedule for when EPEL-9 branches can be made, and when one can (start to) ask others to build for EPEL-9 (it would be nice if a number of the EPEL-9 packages were preliminarily ready at the time of the EL-9 formal release (just, perhaps, needing a (mass) rebuild to be sure)). Thanks. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
rpm bug for multiple README.md or LICENSE.md in EPEL 8 and Fedora
I've been trying to bundle the current ansible-5.0.1 release as an RPM
for Fedora and EPEL use. Leaving aside the peculiar decisions to
replace the pypi.org "ansible" tarball with a tarball of roughly 150
modules from the "ansiblee-collections" repos, and moving the actual
ansible software to a distinct python tarball called "ansible-core"
without changing the source repo or the actual critical installed
python modules, the new "ansible" has more than 300 files called
"README.md" and more than 100 files called "LICENSE.md".
This breaks building RPMs for EPEL 8 or Fedora, because the '%doc' and
'%license' macros strip off the subdirectories of the files and
install them directly at the top of the docdir.
Basicely these only generate one file:
%doc README.md
%doc dir1/README.md
%doc dir2/README.md
%license LICENSE.md
%license dir1/LICENSE
%license dir2/LICENSE.md
When compiled, these would only produce:
/usr/share/doc/package-%{fersion}/README.md
/usr/share/doc/package-%{fersion}/LICENSE.md
RHEL 7 didn't have this problem. I'm not sure if other folks have
noticed this for tools that are built with multiple internal tarballs.
The new "ansible" tarball is fairly unique ints authors insistance on
putting more than one hundred distinct third party packages in the
same master tarball. But for now, this is going to cause a license and
documentation problem in packaging it due to an "optimization" of
stripping out the directory names of document files and licenses.
Does anyone know a decent workaround, or a specfile setting to disable
this filename stripping and restore the RHEL 7 behavior?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
Re: I'm assuming this is a temporary build failure?
On Sat, Dec 04, 2021 at 04:53:09PM -0500, Neal Becker wrote: > https://koji.fedoraproject.org/koji/taskinfo?taskID=79571245 Yes. I am not sure whats causing it. I updated and rebooted the kojipkgs01/02 vm's (to pick up new kernel and also new host qemu). if you see it again or more often, feel free to file a infrastructure ticket. kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Fedora rawhide compose report: 20211204.n.1 changes
OLD: Fedora-Rawhide-20211203.n.0 NEW: Fedora-Rawhide-20211204.n.1 = SUMMARY = Added images:0 Dropped images: 0 Added packages: 6 Dropped packages:0 Upgraded packages: 96 Downgraded packages: 0 Size of added packages: 282.40 MiB Size of dropped packages:0 B Size of upgraded packages: 6.48 GiB Size of downgraded packages: 0 B Size change of upgraded packages: -78.71 MiB Size change of downgraded packages: 0 B = ADDED IMAGES = = DROPPED IMAGES = = ADDED PACKAGES = Package: galera-26.4.9-3.module_f36+13475+c5e36fc8 Summary: Synchronous multi-master wsrep provider (replication engine) RPMs:galera Size:5.32 MiB Package: mariadb-3:10.6.5-1.module_f36+13475+c5e36fc8 Summary: A very fast and robust SQL database server RPMs:mariadb mariadb-backup mariadb-common mariadb-connect-engine mariadb-cracklib-password-check mariadb-devel mariadb-embedded mariadb-embedded-devel mariadb-errmsg mariadb-gssapi-server mariadb-oqgraph-engine mariadb-pam mariadb-rocksdb-engine mariadb-s3-engine mariadb-server mariadb-server-galera mariadb-server-utils mariadb-sphinx-engine mariadb-test Size:275.83 MiB Package: public-inbox-1.7.0-1.fc36 Summary: An archives-first approach to mailing lists RPMs:lei perl-PublicInbox public-inbox public-inbox-server Size:667.41 KiB Package: rust-io-extras-0.12.2-2.fc36 Summary: File/socket handle/descriptor utilities RPMs:rust-io-extras+async-std-devel rust-io-extras+default-devel rust-io-extras+mio-devel rust-io-extras+os_pipe-devel rust-io-extras+socket2-devel rust-io-extras+tokio-devel rust-io-extras+use_async_std-devel rust-io-extras+use_mio_net-devel rust-io-extras+use_mio_os_ext-devel rust-io-extras+use_os_pipe-devel rust-io-extras+use_socket2-devel rust-io-extras+use_tokio-devel rust-io-extras-devel Size:124.54 KiB Package: rust-linux-raw-sys-0.0.36-1.fc36 Summary: Generated bindings for Linux's userspace API RPMs:rust-linux-raw-sys+default-devel rust-linux-raw-sys+errno-devel rust-linux-raw-sys+general-devel rust-linux-raw-sys+netlink-devel rust-linux-raw-sys+no_std-devel rust-linux-raw-sys+std-devel rust-linux-raw-sys+v2_6_32-devel rust-linux-raw-sys+v3_10-devel rust-linux-raw-sys+v3_2-devel rust-linux-raw-sys+v4_2-devel rust-linux-raw-sys+v4_20-devel rust-linux-raw-sys+v4_4-devel rust-linux-raw-sys+v5_11-devel rust-linux-raw-sys+v5_4-devel rust-linux-raw-sys-devel Size:220.29 KiB Package: rust-rustix-0.29.1-1.fc36 Summary: Safe Rust bindings to POSIX/Unix/Linux syscalls RPMs:rust-rustix+async-std-devel rust-rustix+default-devel rust-rustix+io-lifetimes-devel rust-rustix+itoa-devel rust-rustix+mio-devel rust-rustix+once_cell-devel rust-rustix+os_pipe-devel rust-rustix+procfs-devel rust-rustix+socket2-devel rust-rustix+std-devel rust-rustix+tokio-devel rust-rustix-devel Size:272.17 KiB = DROPPED PACKAGES = = UPGRADED PACKAGES = Package: NetworkManager-openvpn-1:1.8.16-1.fc36 Old package: NetworkManager-openvpn-1:1.8.14-1.fc35.1 Summary: NetworkManager VPN plugin for OpenVPN RPMs: NetworkManager-openvpn NetworkManager-openvpn-gnome Size: 1.57 MiB Size change: 9.80 KiB Changelog: * Tue Sep 28 2021 Beniamino Galvani - 1:1.8.16-1 - Update to 1.8.16 release - Fix detection of OpenVPN 2.5.0 - Allow the connection to persist across network failures when the VPN profile has 'vpn.persistent=yes'. - Fix parsing of incomplete IPv6 configurations pushed by server Package: R-littler-0.3.15-1.fc36 Old package: R-littler-0.3.14-1.fc36 Summary: littler: R at the Command-Line via 'r' RPMs: R-littler R-littler-examples Size: 479.29 KiB Size change: -17.77 KiB Changelog: * Sat Dec 04 2021 Mattias Ellert - 0.3.15-1 - New upstream release 0.3.15 Package: ansible-collection-community-kubernetes-2.0.1-1.fc36 Old package: ansible-collection-community-kubernetes-1.1.1-5.fc35 Summary: Kubernetes Collection for Ansible RPMs: ansible-collection-community-kubernetes Size: 34.80 KiB Size change: -60.12 KiB Changelog: * Fri Dec 03 2021 Kevin Fenzi - 2.0.1-1 - Update to 2.0.1. Fixes rhbz#2028314 Package: ansible-collection-google-cloud-1.0.2-1.fc36 Old package: ansible-collection-google-cloud-1.0.1-5.fc35 Summary: Google Cloud Platform collection RPMs: ansible-collection-google-cloud Size: 281.62 KiB Size change: 4.99 KiB Changelog: * Fri Dec 03 2021 Kevin Fenzi - 1.0.2-1 - Update to 1.0.2. Fixes rhbz#2028315 Package: ansible-collection-netbox-netbox-3.4.0-1.fc36 Old package: ansible-collection-netbox-netbox-2.0.0-2.fc35 Summary: Netbox modules for Ansible RPMs: ansible-collection-netbox-netbox Size: 604.42 KiB Size change: 23.09 KiB Changelog: * Fri Dec 03 2021 Kevin Fenzi - 3.4.0-1 - Update to 3.4.0. Fixes rhbz#2028317 Package: awscli-1.22.20-1.
Re: F36 Change: Enable fs-verity in RPM (System-Wide Change proposal)
Davide Cavalca via devel wrote: > To clarify: RPM does support files validation, but fs-verity is more > than just that. With RPM, the validation only happens on install time, > and when one runs rpm -V manually. With fs-verity, the validation > happens on-demand whenever a block of a file that originated from an > RPM is accessed. This means, for example, that if an attacker replaces > /bin/ls on disk with a compromised one, the next time it's read from > disk (e.g. because you ran it) you will see a validation failure and > the syscall will be blocked, preventing the compromised code from being > executed. This means that there is a performance cost in addition to the disk space cost (because something has to compute those checksums each time the file is acessed). It also means that it is harder for users to exercise their right to modify the Free Software (because replacing or patching RPM-installed binaries will lead to them failing to execute). > About filesystem usage: unless you install rpm-plugin-fsverity (which > is not and will not be installed by default), there is no disk space > increase for verity-signed RPM packages. If you do install rpm-plugin- > fsverity, some disk space will be used for the Merkle tree as described > in the Change. Since the change also adds to the metadata in the RPM, that means that it also increases the size of the RPMs. With keepcache=1, this also translates to increased disk space use. But even if the user does not keep cached RPMs, the download sizes will increase, which can cost time and for some users even money. Kevin Kofler ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Enable fs-verity in RPM (System-Wide Change proposal)
Vitaly Zaitsev via devel wrote: > -1. RPM already supports files validation and this feature will waste > file system space. I agree with you. This is yet another "feature" that increases both the size of RPMs and, if enabled by default, the size of default installations. We need to stop tolerating creeping bloat! So -1 to the Change proposal. Kevin Kofler ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
I'm assuming this is a temporary build failure?
https://koji.fedoraproject.org/koji/taskinfo?taskID=79571245 Thanks, Neal ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
License change in rust-tiny_http: from ASL 2.0 to (MIT or ASL 2.0)
Hi all, The rust-tiny_http package will have a different license after the update from version 0.6.2 (ASL 2.0 only) to version 0.8.2 (MIT or ASL 2.0). Since the old License remains as an option, I do not expect this to cause any effects in Fedora. Fabio ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Enable fs-verity in RPM (System-Wide Change proposal)
On Fri, 3 Dec 2021 at 17:09, Richard W.M. Jones wrote: > > On Fri, Dec 03, 2021 at 06:08:49PM +, Davide Cavalca via devel wrote: > > Broadly speaking, fs-verity makes it possible to ensure that files that > > were installed via an RPM have not been modified. It is useful in > > environments where an attacker might be able to modify system files > > (say, replace /bin/ls with a compromised version) and you want to > > protect against that. For example, consider an appliance-like system > > placed in an untrusted location where you may not be able to control > > who has physical access (this could be a server, but it could also be a > > kiosk in an internet point or a school). In this scenario, fs-verity > > can be one of the building blocks to ensure and maintain system trust. > > I'm unclear about the threat model - this is an attacker who is > someone able to overwrite single files (eg. /bin/ls) but cannot turn > off the fs-verity system as a whole? > > Also if RPM can update /bin/ls then surely an attacker who can widely > compromise system files must also be able to update /bin/ls in the > same way? > Or just pad /usr/bin/rpm with some null characters at the end to break its signature and also stop updates from happening. [Or the fs-verity daemon which will report that these problems are occuring. ] -- Stephen J Smoogen. Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Enable fs-verity in RPM (System-Wide Change proposal)
On Friday, 03 December 2021 at 18:49, Davide Cavalca via devel wrote: [...] > About filesystem usage: unless you install rpm-plugin-fsverity (which > is not and will not be installed by default), there is no disk space > increase for verity-signed RPM packages. If you do install rpm-plugin- > fsverity, some disk space will be used for the Merkle tree as described > in the Change. How do I reclaim that space after removing rpm-plugin-fsverity? Regards, Dominik -- Fedora https://getfedora.org | RPM Fusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Enable fs-verity in RPM (System-Wide Change proposal)
> * at build time, we compute the Merkle tree for the files within a > package, then sign it and ship it as part of the rpm metadata; [...] > Note that the Merkle tree > is ''not'' shipped with the RPM itself (only its signature is) In that case, "ship it" above should be changed to "ship the signature", unless this is some distinction between "the RPM metadata" and "the RPM itself". If I enable FS-verity and later find that I need to patch a file to fix some problem, how do I as the sysadmin tell Linux that this change is authorized? Do I disable FS-verity for that specific file? Disable FS-verity globally? Add my own key to the kernel's keyring? Build and sign my own RPM package? What prevents an attacker from doing the same? Will files under /etc be covered, or will local configuration still be possible? Björn Persson pgpbMIhTbl4rJ.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36 Change: Switch GnuTLS to allowlisting (System-Wide Change proposal)
On Thu, Dec 02, 2021 at 02:36:52PM -0500, Ben Cotton wrote: > An alternative allowlisting-based configuration method and a matching > GnuTLS API extension to control it currently under development: > https://gitlab.com/gnutls/gnutls/-/merge_requests/1427. The change > will turn the interface upside-down, explicitly allowlisting trusted > algorithms: Thanks for working on this. It solves a real problem in an elegant way. Zbyszek ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
