bmon license corrected
Hi, While doing the SPDX change, I noticed that the former bmon license was specified as "BSD and GPLv2" which is not correct. The only files in the source mentioning GPL are generated by autoconf. Everything else is licensed under BSD and MIT, which translates to "BSD-2-Clause and MIT"... Please correct me, if I am wrong. ps. Update is in progress With best regards, b. signature.asc Description: This is a digitally signed message part ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Need advice on NET_ADMIN capability on a binary (iotop-c)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Dan, Thanks for the suggestion - I like that way because it gives full control to the admin together with the responsibility and does not implicitly do unexpected things. It is also a clean approach both from user experience and packaging point of view, so I will go for that way. With best regards, b. On Sun, 2022-02-20 at 07:51 +, Dan Čermák wrote: > Hi Boian, > > On February 20, 2022 12:49:53 AM UTC, Boian Bonev wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > Hello, > > > > I have got a pull request [1] that implements installing iotop-c with the > > NET_ADMIN capability by default and I am trying to evaluate if that is OK > > or > > not. > > > > Currently iotop-c will only allow to be run as root. In case it is run as > > some > > other user, it will advise to use sudo, or alternatively add the NET_ADMIN > > capability to the binary: > > > > sudo setcap 'cap_net_admin+eip' /iotop > > > > Obviously that will have to be redone after each update, adding some > > inconvenience for admins who decide to allow that for non-root users. > > This is not really an answer to the security question, but if that remains > unresolved, you could also introduce a sub package to iotop-c, that would > contain a transaction file trigger on the binary and add the capability. Thus > user would be able to opt into having iotop-c with the added capability even > after upgrades, as long as the sub package is installed. > > -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmIVGf0ACgkQE2VyCRPS 8i2DqBAAmmcZD3AxQg6h0U1Me0FjtNzNb2d4Rkb3WcOT5CRO4OKH3TIgtrppPm5E dAX3KoyO7gU4etQ0drYYOp8t1RfOlw/HkjKQh2efxMNx8SSsNi5YK7SM9jPFftiK 26bU97niLb1Pozh3T5hLcAl7GDRR30/OVR8ZjxF3aEOcgxRn0f2kDS7/jboGO3we r/bxg34f6Bg0vVN5tMvLbNbZzG60wfOWN9RHG9DEBms+dIy2f5i1BVsvWdUZ6bsM 3+yX/cuDZeUg4DwEIDtG955gjx9OfjvvvHt+uM5vCv1DSQjuLEzQ1HTHjIcJQzux NsgpMeHZ54DokGxvFXeqDXv+I+hA0t/jjPSaHlDTmzXVRrqEhi+k0FMMGPMCE8bK Br70cn0C07qKp2hCCAdDXbowVhGBF/5ZtirxJV/EWO5IauOjZCe09OAAUfXllgif 1CkEnSsT3aVHW5IIheHthRZev77SsDsmHzi3kFcmtn6PG1GYSfMGW2dRfftglHCy uyU73JpRKB+DJ9ngB44+RhnIarbRDV9V7T+5omJWfZ5V0smTN6l1fHntPW+kjykr PFk6YAlWKCIWEctwfF5JMdDERAl4908x19MeiGvtN8/aImizO6ssmebjQpqNvPFs NuUEVvTdZD2EBua+JJcNr0CVPIjnsPcuMuoc1YNtEIYmdht3DrM= =vTJr -END PGP SIGNATURE- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Need advice on NET_ADMIN capability on a binary (iotop-c)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, I have got a pull request [1] that implements installing iotop-c with the NET_ADMIN capability by default and I am trying to evaluate if that is OK or not. Currently iotop-c will only allow to be run as root. In case it is run as some other user, it will advise to use sudo, or alternatively add the NET_ADMIN capability to the binary: sudo setcap 'cap_net_admin+eip' /iotop Obviously that will have to be redone after each update, adding some inconvenience for admins who decide to allow that for non-root users. I have never considered installing it suid - that would be an overkill and may introduce security problems. I always use it as root and have never given that too much thought, also never before did deep analyses of the consequences of the above setcap. Here is a brief list of the consequences of allowing non-root users to run it by the setcap: - - Process IO usage will be exposed [maybe OK] - - Process list and command lines will be exposed (same as other tops) [safe] - - Re-nicing own processes to rt/* will not work [safe] - - Re-nicing non-own processes will not work [safe] - - task_delayacct sysctl toggle (Ctrl-T) will not work [safe] - - There are no other networking operations besides TASKSTATS from NETLINK_GENERIC that would allow the unprivileged user do privileged tasks via the higher capped binary [safe] As a summary it seems that accepting the PR is 99% OK, but I'd prefer to get more opinions before doing so. With best regards, b. [1] https://src.fedoraproject.org/rpms/iotop-c/pull-request/1 -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmIRkDEACgkQE2VyCRPS 8i32ww//dRzxVtff8+8qQ2ujLwf49ZigGdawkgdnJRuE+0oBDV30yycENblSLNWB 8FlidJcA+ZkoWf9WyoRvXydPcnuEhsr7y9UxyS/XA6l4iHHpUn7SJ/i79KAmVb8J uuyWDBa23fZ4P22fy8/EklCzACWDeiYwS/jv+fwr8oLjEZ6nG+kjmMDIx5I2oA8J vAfhCRLSTBXTQnWRs9MMxMIjQ9dcTvzOdv8ZPq+lVJuG6xrinLrH00XWLmDC7Dgh /Ie2hvuHFCmId8BBAN5I47bh57ly4aZH0QKVpQL7x5bOYJDF1R27NHW660MxFZay 4xCZwYkLBcUtcm9R9SG8cZCd0nDptMRwmpvxu26QgFFl5hJgngdq4xmp3xsS/W2Y JmQ7eTB+ypCVzd0QiQNHIfP1I+6NQbbakA+YIfiT9Uk1Z610IsO3cGW3tr2mSiBW 5/2fb2kU/vK4f2QPFwXJU8PYdJO/c9/zTFoRHomWG/MQx0zhNM8h0sK1tdxLp4V2 wuU/8wihpJx+rAofbmf2FrLowRYshiKqKeGYEWiWHLUAqWWKlBXkBiV5PY8l/YNx Ta8Kd9aK00aezFmYa3TOHQyJYBuChdp/zqYfhRfRveXKj3TJMRW9MlgDtvuXXfUu ukpSZWgR8twIhh+1QlS5rWZILIyVcdd0lNOSUYb2/i41bSREXkA= =EJ2s -END PGP SIGNATURE- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Donate 1 minute of your time to test upgrades from F34 to F35
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 LGTM :) Install 22 Packages Upgrade 427 Packages Remove 3 Packages Total download size: 451 M Is this ok [y/N]: On Tue, 2021-09-07 at 18:14 +0200, Miroslav Suchý wrote: > Do you want to make Fedora 35 better? Please spend 1 minute of your > time and try to run: > > # Run this only if you use default Fedora modules > # next time you run any DNF command default modules will be enabled > again > sudo dnf module reset '*' > > sudo dnf --releasever=35 --setopt=module_platform_id=platform:f35 \ > --enablerepo=updates-testing --enablerepo=updates-testing-modular \ > distro-sync -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmE3qMQACgkQE2VyCRPS 8i3nXRAAhjup1xIRh1nESbMWpOxKq3iMkLOaoThllr6DAZcZlRy0pAgcgZSh5S1I bUWc3z9h9fIZgiSLLormSphezaO9YScWQVUgpA6OtMKdE89VGxV+t+Qbly7JBdpQ CE3zih2AsD2OhVVWuhLc//U1LL4nc57bY7FWnZuun0ynQ0LJI6qdR++wjvNSNczz +Huo7fdYLaijtmnJtOBU5RrUs/iDIP0Ph0iOI4upMyRTGmMESd8DflZ0wVTMsMam DBW0fgRIQFC32SlZsJmdVr2TZVkNuK0bK5YkS7x5eE1S6ClZsVApvWtd7IpuLx0G nzGb8BMx44/H/vJGjbggOLKBAdf0c3Z6DaJ+USrMPPfK5IlUDflF3CsECm+vk2ne XITZLwf8fCzkJkQWo4Bcu3M/pmt6igiNkKdsf+zGRUk2uMux/D4jEjujeB0U2Ki9 yP2Xj3tYBO1+d1roC24gJiWaVFrRbWSAKTb6xb0bs8nLCQDSYHxRKDfRt8eE9F7D v4V1dTosuA1h44BtxxPN6yRv5x7IQwrGwwKmLljVgP3h7PVBK1A6nVSz7aghvbyG Q6NxFqAkPeNs9Deq/xgWr9SCpYD4Zv/X7oVJsF2+QH1zd2rRu4mXa40XMR/J6xKy sal1WSzVssi9cHmvzE05cl+iSzsY9QuRWiemUjhqxeseexUOIn0= =rL+v -END PGP SIGNATURE- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Test failures
Hi, I just did a build (new upstream release of iotop-c) and saw a couple of test errors; they look like segfaults or post errors, so I suppose that I didn't do some stupid mistake. Posting the result here, to keep the relevant team informed; in case these are known, sorry for the noise :) https://osci-jenkins-1.ci.fedoraproject.org/job/fedora-ci/job/rpminspect-pipeline/job/master/8520/testReport/(root)/tests/ With best regards, b. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Orphaned packages looking for new maintainers
Hi, On Mon, 2020-11-30 at 12:12 +0100, Miro Hrončok wrote: > The following packages are orphaned and will be retired when they > are orphaned for six weeks, unless someone adopts them. If you know > for sure > that the package should be retired, please do so now with a proper > reason: > https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life > Package (co)maintainers > Status Change > = > === > bmon orphan 1 > weeks ago I will take bmon. With best regards, b. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Self Introduction: Boian Bonev
Hi Rahul, On Fri, 2020-10-02 at 17:30 -0400, Rahul Sundaram wrote: > Hi > > On Fri, Oct 2, 2020 at 4:57 PM Boian Bonev wrote: > > I didn't start that project, just improved it, and somehow changing > > the > > > > name does not seem right to me :) Here I mean the project name, which is iotop-c. I see no problem in renaming the binary. > This isn't a minor change and the current name is a bit awkward and > because of a shared name, you have to deal with Conflicts or > alternatives neither of help with ease of use ex: I want to install > them both to compare them side by side. I would agree with Matthew > that a name change is warranted here. At the minimum, rename the > binary. Here is a parallel for that Thanks for your advise, I will wait to see if something else is proposed and will most probably go with renaming the binary. What would be the best choice (iotop-c, iotop_c or iotopc)? As long as this is a tool only for root (or a capped user), alternatives still seem better to me - it wouldn't at all concern unprivileged users, while allowing to run e.g. program-c or program-go and still have program symlinked to the preferred one, but of course I may miss something and be wrong here. > https://github.com/rpm-software-management/createrepo_c >From what I see, this have completely replaced the other project. I do not have that goal. My selfish desire is some day to be able to dnf install and use it, without compiling from source or copying a binary. With best regards, b. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Self Introduction: Boian Bonev
Hi Matthew, On Fri, 2020-10-02 at 16:09 -0400, Matthew Miller wrote: > ... > > For start I have prepared iotop-c: > > https://bugzilla.redhat.com/show_bug.cgi?id=1878529 > > Looks pretty straightforward. One thing worth noting is that we > discourage > using "Conflicts:" > https://docs.fedoraproject.org/en-US/packaging-guidelines/Conflicts/ True, with my user hat on, I'd prefer both programs installed simulaneously. But implementing alternatives requires coordination from all involved project's maintainers and I just skipped that part; also both programs are not identical in terms of command line options and will most probably diverge more with time; on the other hand for non- interactive use the compatibility is there... My feeling is that implementing alternatives is better for interactive use, and as a second option, installing it under its current name is also an option (and removing the conflicts). I need advise for this; its OK for me to prepare a PR implementing alternatives for iotop. > I know it's a pretty descriptive name, but: I notice your program has > other > improvements rather than just being written in C. I wonder if finding > a new > name that isn't based on the language implementation might be the > best > long-term approach? I didn't start that project, just improved it, and somehow changing the name does not seem right to me :) With best regards, b. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Self Introduction: Boian Bonev
Hello, I am involved with couple of open source projects and plan to package and maintain them for Fedora. My packaging skills are far from perfect, but on the other hand, since I am doing the upstream development+release it is convenient to do both. It would be better if someone is interested in co-maintaining with me. For start I have prepared iotop-c: https://bugzilla.redhat.com/show_bug.cgi?id=1878529 With best regards, b. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org