from:"Miroslav Suchý"

Re: New Fedora Planet

2024-05-17 Thread Miroslav Suchý


Dne 16. 05. 24 v 10:16 odp. Pedro Moura napsal(a):

To add blog posts in Fedora Planet you basically need to update RSS URL field 
at https://accounts.fedoraproject.org/


How can I add more feeds? Under my account I had feeds to two Packit blogs, one 
ABRT and my personal.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

2024-05-13 Thread Miroslav Suchý


Dne 13. 05. 24 v 5:38 odp. Fabio Valentini napsal(a):

Can we at least still recommend to use the AND / OR / WITH
capitalization for Fedora license tags, even if the lower-case ones
are technically considered valid now?


The other way round. We will not encourage using lower case and all our 
examples use upper case.

And I will stop correcting such errors - I made dozens such PRs.

BTW

GfDl-1.1-oR-lAtEr AND cC-bY-Sa-3.0

is valid SPDX expression. And was even valid with SPDX v2.x specification. But 
please dont say that to anyone :)

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

2024-05-11 Thread Miroslav Suchý


Dne 10. 05. 24 v 11:47 odp. Gary Buhrmaster napsal(a):

Unless the BZs force a package to be
updated you may very well end up with
~20% of the Fedora packages nearly
forever not being updated with proper
SPDX licenses as they are as likely or
not going to be forever be on re-build
auto-pilot (thanks to the mass rebuild(s)).


My intentions, is that from that moment going forward, we can assume that all 
packages will have license in SPDX format.

And we can build a tooling that will work with SPDX only. If the package license tag was not in SPDX format (It is bug, 
we have plenty of them already across whole Fedora Linux) then it will be harder for you to work with the tooling. I.e.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[rpms/perl-Exporter-Tidy] PR #1: Correct SPDX license

2024-05-11 Thread Miroslav Suchý


msuchy opened a new pull-request against the project: `perl-Exporter-Tidy` that 
you are following:
``
Correct SPDX license
``

To reply, visit the link below
https://src.fedoraproject.org/rpms/perl-Exporter-Tidy/pull-request/1
--
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

2024-05-10 Thread Miroslav Suchý


Dne 10. 05. 24 v 11:29 dop. Miro Hrončok napsal(a):


So we can now have packages with uppercase AND/ORs and packages with lowercase and/ors and we can no longer quickly 
recognize SPDX expression by observing uppercase AND/ORs?


That does not sound like improvement to me :/


This is very very frequent mistake. Mistake for people that does not have time to study the specification and thinks 
that the case variant does not matter.


Recognizing if something is SPDX expression using uppercase operators is IMHO bad idea. What is wrong with 
`license-validate`?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Hulk edition

2024-05-10 Thread Miroslav Suchý


Hot news:

   SPDX v3 has been published. The biggest change for us is that license expression allows lowercase operators (and, 
or, with). This got into the specification because of your (Fedora maintainers) feedback!

   And there is new terminal AdditionRef-* which can be used for custom 
exceptions. We have no use for this now.
   It will take some time untill a tooling will accomodate this change. For fedora-license-data you can track it in 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/514


Two weeks ago we had:


* 23943spec files in Fedora

* 30600license tags in all spec files

* 10639 tags have not been converted to SPDX yet

* 4689 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,23% ░░ 100%

ELN subset:

94 out of 2394 packages are not converted yet (progress 96.07%)



Today we have:

* 23990spec files in Fedora

* 30640license tags in all spec files

* 10589 tags have not been converted to SPDX yet

* 4656 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,44% ░░ 100%

ELN subset:

90 out of 2394 packages are not converted yet (progress 96.23%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

No license has been added to fedora-license-data. Therefore no release and no 
update of documentation.


New projection when we will be finished is 2025-04-25 (+19 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Hulk? On today's date at 1962 Marvel published first comics about The Hulk. Stan Lee (the writer) stated that the 
Hulk's creation was inspired by a combination of Frankenstein and Dr. Jekyll and Mr. Hyde.


https://en.wikipedia.org/wiki/Hulk
http://tonsoffacts.com/32-fun-interesting-facts-hulk/

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Mass Package Change: Turn deprecated %patchN syntax into %patch -PN

2024-05-06 Thread Miroslav Suchý


Dne 06. 05. 24 v 1:56 odp. Florian Festi napsal(a):

RPM has deprecated the %patchN syntax in favor of %patch -PN where N is
the patch number for a year now. See the RPM documentation for more
information [1]. In current RPM versions, this syntax only emits a
deprecation warning, but support for this syntax has been removed
completely in the upcoming RPM 4.20 release. As it will be added in
Fedora soon [2] it is time to switch over to the new syntax now.


Packages maintained by Tito will be affected by this. But only builds that uses DistributionBuilder or UpstreamBuilder 
builder. Afaik no packages that goes to Fedora uses this so it should not affect any Fedora maintainer.


Adding link to issue I just created for reference: 
https://github.com/rpm-software-management/tito/issues/499

And thank you for doing this change.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

2024-05-03 Thread Miroslav Suchý


Dne 03. 05. 24 v 10:44 dop. Tim Landscheidt napsal(a):

Maybe I misunderstood the original post, but I did not per-
ceive the intent of the data's publication to be informative
and useful, but to motivate (converting the licenses).


This.

And to provide at least some estimates. When we started with this, there were people estimating the work for few months. 
Others to decades.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

2024-05-03 Thread Miroslav Suchý

Dne 03. 05. 24 v 1:59 dop. Gary Buhrmaster napsal(a):

Joking aside, I do agree the non-trivial conversions are
likely to be the hard ones, and there will be a very long
tail (many years more) for 100% as the work to deal with
some of those hard ones may require expertise that is
in limited or even unavailable supply, and when they
require new (legal) license reviews and SPDX definitions
they can take quite some time. Alternatively, it is possible
that there is a target (say, 95%) after which the SPDX
conversion project will be stated to be "essentially"
complete and is ended even if not 100%.

The current change

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

is planned to be the last one. At the end of this phase - scheduled to 2024-08-06 - we plan to mark this conversion as
"done". My estimation is that by that time 80% tags will be migrated. Everything remaining will treated as a bug. I will
open BZ for every remaining package.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

Re: Files missing in RPM database

2024-05-01 Thread Miroslav Suchý

Dne 01. 05. 24 v 7:20 odp. Christoph Karl via devel napsal(a):
*) Removal or Upgrade of RPMs/distribution should not left files behind.

Two cases where files are intentionaly left behind:

1) configuration files

This can be handled by:

rpmconf --all --conf

2) %ghost files - usually log files. You surely want to keep them and on disk. But not all spec files mark them as ghost
- usually owns only the directory and not the files. And if they own the file itself, then rotated files are not owned
for sure.

I have no solution for this.

find/usr-exec/usr/bin/bash-c'rpm -qf

Ouch you are looking for files in /usr only. So you do not consider the two
cases above at all.

In my case it found BTW:

/usr/bin/anime-games-launcher

I am not sure how others appear there, but I know this one. It comes from

https://copr.fedorainfracloud.org/coprs/retrozinndev/anime-games-launcher

and the spec file has:

https://download.copr.fedorainfracloud.org/results/retrozinndev/anime-games-launcher/fedora-40-x86_64/07270437-anime-games-launcher/anime-games-launcher-pt.spec

%post
# create link of binary
ln -sf %{install_dir}/%{name} %{_bindir}/%{name}
# apply exec permision to binary
chmod +x %{install_dir}/%{name}

Not sure if this can be handled on distribution level. For packages from 3rd
party repos.

Re: Non-responsive maintainer check for lkundrak

2024-04-30 Thread Miroslav Suchý


Dne 30. 04. 24 v 12:25 odp. Tomi Lähteenmäki napsal(a):

Hi,

I'm trying to reach the maintainer of phosh [1] and phoc [2]. Allan has tried to reach out for him without success [3] 
so I created bug [4] for this non-responsive maintainer check.


If someone knows how to contact him, please let me know.


https://metalhead.club/@lkundrak

plus work related email (added to cc)

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - L'Aigle meteorite edition

2024-04-26 Thread Miroslav Suchý


Hot news:

   Automated migration of "trivial" conversions is in process. I migrated bunch of licenses that are only seldomly 
used. The bigger group (GPL*) are waiting at the starting line, but Jilayne asked me to wait a moment as she wants to 
check few things. I expect that the progress resumes after Red Hat summit (May 6-9).


Two weeks ago we had:


* 23901spec files in Fedora

* 30551license tags in all spec files

* 10964 tags have not been converted to SPDX yet

* 4964 tags can be trivially converted using `license-fedora2spdx`

* Progress: 64,11% ░░ 100%

ELN subset:

100 out of 2397 packages are not converted yet (progress 95.83%)



Today we have:

* 23943spec files in Fedora

* 30600license tags in all spec files

* 10639 tags have not been converted to SPDX yet

* 4689 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,23% ░░ 100%

ELN subset:

94 out of 2394 packages are not converted yet (progress 96.07%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    7 new licenses (plus two public domain declarations).
    10 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-04-06 (+5 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why L'Aigle meteorite? On today's date at 1803 meteorite fell upon the town L'Aigle in France. More than 3000 fragments 
reached ground. Previously scientists believed that meteorites were terrestrial. But this event brought first evidence 
that meteorites are extraterrestrial.


https://en.wikipedia.org/wiki/L%27Aigle_(meteorite)#

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change ASL 1.0 to Apache-1.0

2024-04-21 Thread Miroslav Suchý


Dne 14. 04. 24 v 4:53 odp. Miroslav Suchý napsal(a):

I am going to do the mass change of the license from ASL 1.0 to Apache-1.0


Done

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change AGPLv3+ to AGPL-3.0-or-later

2024-04-21 Thread Miroslav Suchý


Dne 12. 04. 24 v 11:22 dop. Miroslav Suchý napsal(a):

I am going to do the mass change of the license from AGPLv3+ to 
AGPL-3.0-or-later


Done

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change Artistic 2.0 to Artistic-2.0

2024-04-21 Thread Miroslav Suchý


Dne 11. 04. 24 v 1:04 odp. Miroslav Suchý napsal(a):

I am going to do the mass change of the license from Artistic 2.0 to 
Artistic-2.0


Done

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Miroslav Suchý


Dne 17. 04. 24 v 9:20 dop. Zbigniew Jędrzejewski-Szmek napsal(a):

By adding this functionality to Mock itself. It can be optional 
(--add-determinism). And then Mock can call

   add-determinism $chroot/%buildroot/

I don't think we should make this particular functionality special.
We have a bunch of brps:


It depends... if you want to have this check/sanitization part of rpmbuild. When it is small,and does not inflate 
buildroot, then fine.


Over the years, I learn that people have different view where each component 
should go. :) I will not argue.

If you package add-determinism I can help you to add it to Mock. Likely as 
plugin:

https://rpm-software-management.github.io/mock/#plugins

that is called in `postbuild`

https://rpm-software-management.github.io/mock/Plugin-Hooks

And by helping I mean that I will create the initial PR and you (and others) 
will test the functionality. Deal?

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-17 Thread Miroslav Suchý


Dne 16. 04. 24 v 10:04 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

Hmm, how would that work? We call mock, which calls systemd-nspawn,
which runs rpmbuild, and the build env is completely isolated from the
host.


By adding this functionality to Mock itself. It can be optional 
(--add-determinism). And then Mock can call

  add-determinism $chroot/%buildroot/


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F41 Change Proposal - Reproducible Package Builds (System-Wide)

2024-04-15 Thread Miroslav Suchý


Dne 13. 04. 24 v 1:16 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

The proposal explicitly states that we don't want Perl in all buildroots.


How many seconds we save by NOT pulling Perl? Per each build? In total for 
whole release cycle?

How many seconds we loose (lost) by refactoring the code? And syncing with Debian? Or even worse finding issues that 
Debian will find and we not?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change OSL 2.0, ERPL, EU Datagrid, SPL

2024-04-15 Thread Miroslav Suchý


Dne 08. 04. 24 v 8:23 dop. Miroslav Suchý napsal(a):


Hi.

I am going to do the mass change of the license from OSL 2.0 to OSL-2.0

The proposed diff is in attachment.

Affected package:

dirvish

Change from ERPL to ErlPL-1.1

Affected packages:

erlang-gen_leader
erlang-p1_pgsql

Change from EU Datagrid to EUDatagrid

Affected package:

edg-gridftp-client

Change from SPL to SPL-1.0

Affected package:

brazil



All done.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SPDX] Mass license change ASL 1.0 to Apache-1.0

2024-04-14 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from ASL 1.0 to Apache-1.0

The proposed diff is in attachment.

Affected packages:

cronolog
mod_authnz_external
ocspd
pg_auto_failover (this one is not in diff as my tooling fails on this spec)

Unless somebody stop me, I will do this change directly in dist-git after a 
week.

--

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/cronolog.spec rpm-specs/cronolog.spec
--- rpm-specs.orig/cronolog.spec	2024-04-13 04:03:27.0 +0200
+++ rpm-specs/cronolog.spec	2024-04-14 16:50:29.157125850 +0200
@@ -1,9 +1,9 @@
 Name:cronolog
 Version: 1.6.2
-Release: 39%{?dist}
+Release: 40%{?dist}
 Summary: Web log rotation program for Apache
 
-License: ASL 1.0
+License: Apache-1.0
 URL: http://cronolog.org/
 Source0: http://cronolog.org/download/%{name}-%{version}.tar.gz
 BuildRequires:  gcc
@@ -46,6 +46,9 @@
 %{_infodir}/*
 
 %changelog
+* Sun Apr 14 2024 Miroslav Suchý  - 1.6.2-40
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 1.6.2-39
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/mod_authnz_external.spec rpm-specs/mod_authnz_external.spec
--- rpm-specs.orig/mod_authnz_external.spec	2024-04-13 04:20:19.0 +0200
+++ rpm-specs/mod_authnz_external.spec	2024-04-14 16:50:29.533130461 +0200
@@ -7,8 +7,8 @@
 Summary: An Apache module used for authentication
 Name: mod_%{modsuffix}
 Version: 3.3.3
-Release: 9%{?dist}
-License: ASL 1.0
+Release: 10%{?dist}
+License: Apache-1.0
 URL: https://github.com/phokz/mod-auth-external/
 Source: https://github.com/phokz/mod-auth-external/archive/%{name}-%{version}.tar.gz
 Source1: %{conffile}
@@ -51,6 +51,9 @@
 
 
 %changelog
+* Sun Apr 14 2024 Miroslav Suchý  - 3.3.3-10
+- convert license to SPDX
+
 * Thu Jan 25 2024 Fedora Release Engineering  - 3.3.3-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/ocspd.spec rpm-specs/ocspd.spec
--- rpm-specs.orig/ocspd.spec	2024-04-13 04:23:39.0 +0200
+++ rpm-specs/ocspd.spec	2024-04-14 16:50:29.925135268 +0200
@@ -4,9 +4,9 @@
 
 Name:		ocspd
 Version:	1.9.0
-Release:	29%{?alphatag:.}%{?alphatag}%{?dist}
+Release:	30%{?dist}
 Summary:	OpenCA OCSP Daemon
-License:	ASL 1.0
+License:	Apache-1.0
 Source:		http://downloads.sourceforge.net/openca/openca-ocspd-%{version}%{revision}.tar.gz
 Source1:	ocspd.service
 Patch1:		ocspd-1.7.0-bufresponse.patch
@@ -157,6 +157,9 @@
 
 #---
 %changelog
+* Sun Apr 14 2024 Miroslav Suchý  - 1.9.0-30
+- convert license to SPDX
+
 * Thu Jan 25 2024 Fedora Release Engineering  - 1.9.0-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change ZPLv2.1 to ZPL-2.1

2024-04-14 Thread Miroslav Suchý


Dne 06. 04. 24 v 10:00 odp. Miroslav Suchý napsal(a):


Hi.

I am going to do the mass change of the license from ZPLv2.1 to ZPL-2.1


Done

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change MPLv2.0 to MPL-2.0

2024-04-13 Thread Miroslav Suchý


Dne 06. 04. 24 v 10:14 dop. Miroslav Suchý napsal(a):
I am going to do the mass change of the license from MPLv2.0 to MPL-2.0 


Done.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SPDX] Mass license change AGPLv3+ to AGPL-3.0-or-later

2024-04-12 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from AGPLv3+ to 
AGPL-3.0-or-later

The proposed diff is in attachment.

Affected packages:

conspy
fastx_toolkit
fondo
libgtextutils
libquvi-scripts
netstat-monitor
pyhoca-cli
pyhoca-gui
python-x2go
python-surt
simarrange

Unless somebody stop me, I will do this change directly in dist-git after a 
week.

--

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/conspy.spec rpm-specs/conspy.spec
--- rpm-specs.orig/conspy.spec	2024-04-11 04:03:22.0 +0200
+++ rpm-specs/conspy.spec	2024-04-12 11:18:22.429455246 +0200
@@ -1,9 +1,9 @@
 Name:   conspy
 Version:1.14
-Release:13%{?dist}
+Release:14%{?dist}
 Summary:Remote control for text mode virtual consoles
 
-License:AGPLv3+
+License:AGPL-3.0-or-later
 URL:https://sourceforge.net/projects/conspy/
 Source0:https://sourceforge.net/projects/conspy/files/%{name}-%{version}-1/%{name}-%{version}.tar.gz
 
@@ -40,6 +40,9 @@
 %{_bindir}/%{name}
 
 %changelog
+* Fri Apr 12 2024 Miroslav Suchý  - 1.14-14
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 1.14-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/fastx_toolkit.spec rpm-specs/fastx_toolkit.spec
--- rpm-specs.orig/fastx_toolkit.spec	2024-01-25 03:06:58.0 +0100
+++ rpm-specs/fastx_toolkit.spec	2024-04-12 11:18:22.799458578 +0200
@@ -1,9 +1,9 @@
 Name:		fastx_toolkit
 Version:	0.0.14
-Release:	34%{?dist}
+Release:	35%{?dist}
 Summary:	Tools to process short-reads FASTA/FASTQ files
 
-License:	AGPLv3+
+License:	AGPL-3.0-or-later
 URL:		http://hannonlab.cshl.edu/%{name}/index.html
 Source0:	http://hannonlab.cshl.edu/%{name}/%{name}-%{version}.tar.bz2
 Patch0:		%{name}-gcc47.patch
@@ -83,6 +83,9 @@
 %{_datadir}/%{name}
 
 %changelog
+* Fri Apr 12 2024 Miroslav Suchý  - 0.0.14-35
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 0.0.14-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/fondo.spec rpm-specs/fondo.spec
--- rpm-specs.orig/fondo.spec	2024-01-25 03:07:40.0 +0100
+++ rpm-specs/fondo.spec	2024-04-12 11:18:23.260462729 +0200
@@ -2,10 +2,10 @@
 
 Name:   fondo
 Version:1.6.1
-Release:7%{?dist}
+Release:8%{?dist}
 Summary:Find the most beautiful wallpapers
 
-License:AGPLv3+
+License:AGPL-3.0-or-later
 URL:https://github.com/calo001/fondo
 Source0:%{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
@@ -68,6 +68,9 @@
 
 
 %changelog
+* Fri Apr  12 2024 Miroslav Suchý  - 1.6.1-8
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 1.6.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/libgtextutils.spec rpm-specs/libgtextutils.spec
--- rpm-specs.orig/libgtextutils.spec	2024-01-26 03:18:30.0 +0100
+++ rpm-specs/libgtextutils.spec	2024-04-12 11:18:23.631466070 +0200
@@ -1,9 +1,9 @@
 Name:		libgtextutils
 Version:	0.7
-Release:	34%{?dist}
+Release:	35%{?dist}
 Summary:	Assaf Gordon text utilities
 
-License:	AGPLv3+
+License:	AGPL-3.0-or-later
 URL:		http://hannonlab.cshl.edu/fastx_toolkit/
 Source0:	https://github.com/agordon/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0:		libgtextutils-GCC6-iostream.patch
@@ -58,6 +58,9 @@
 %{_libdir}/pkgconfig/gtextutils.pc
 
 %changelog
+* Fri Apr 12 2024 Miroslav Suchý  - 0.7-35
+- convert license to SPDX
+
 * Thu Jan 25 2024 Fedora Release Engineering  - 0.7-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/libquvi-scripts.spec rpm-specs/libquvi-scripts.spec
--- rpm-specs.orig/libquvi-scripts.spec	2024-01-26 03:19:21.0 +0100
+++ rpm-specs/libquvi-scripts.spec	2024-04-12 11:18:23.998469375 +0200
@@ -2,9 +2,9 @@
 
 Name:   libquvi-scripts
 Version:0.9.20131130
-Release:22%{?dist}
+Release:23%{?dist}
 Summary:Embedded lua scripts for parsing the media details
-License:AGPLv3+
+License:AGPL-3.0-or-later
 URL:http://quvi.sourceforge.net
 Source0:http://downloads.sourceforge.net/project/quvi/0.9/%{name}/%{name}-%{version}.tar.xz
 BuildArch:  noarch
@@ -41,6 +41,9 @@
 %{_mandir}/man7/quvi-modules*.7*
 
 %changelog
+* Fri Apr 12 2024 Miroslav Suchý  - 0.9.20131130-23
+- convert license to SPDX
+
 * Thu Jan 25 2024 Fedora Release Engineering  - 0.9.20131130-22
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/netstat-monitor.spec rpm-specs/netstat-monitor.spec
--- rpm-specs.orig/netstat-monitor.spec	2024-04-11 04:21:28.0 +0200
+++ rpm-specs/netstat-monitor.spec	2024-04-12 11:18:24.519474067 +0200
@@ -1,9 +1,9 @@
 Name:   netstat-monitor
 Version

Re: [SPDX] Mass license change EUPL 1.2 to EUPL-1.2

2024-04-12 Thread Miroslav Suchý


Dne 05. 04. 24 v 10:49 dop. Miroslav Suchý napsal(a):


Hi.

I am going to do the mass change of the license from EUPL 1.2 to EUPL-1.2.

The proposed diff is in attachment.

Affected packages:

AusweisApp2
rust-tpm2-policy
dbus-parsec

Unless somebody stop me, I will do this change directly in dist-git after a 
week.


Done.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Human Space Flight edition

2024-04-12 Thread Miroslav Suchý


Hot news:

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ contains usage column for licenses that are allowed for 
something (documentation, firmware...)


   Automated migration of "trivial" conversions have started (see other threads 
in this mailing list).

Two weeks ago we had:


* 23849spec files in Fedora

* 30493license tags in all spec files

* 11026 tags have not been converted to SPDX yet

* 5004 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,84% ░░ 100%

ELN subset:

100 out of 2395 packages are not converted yet (progress 95.82%)



Today we have:

* 23901spec files in Fedora

* 30551license tags in all spec files

* 10964 tags have not been converted to SPDX yet

* 4964 tags can be trivially converted using `license-fedora2spdx`

* Progress: 64,11% ░░ 100%

ELN subset:

100 out of 2397 packages are not converted yet (progress 95.83%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    1 new license (plus two public domain declarations).
    14 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-04-01 (+20 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Human Space Flight edition? On today's date at 1961 Yuri Gagarin flew to the space in Vostok 1. Since 1963 this day 
is celebrated as International Day of Human Space Flight. Also on this day at 1981 the first Space Shuttle (Columbia) 
was lunched.


https://en.wikipedia.org/wiki/International_Day_of_Human_Space_Flight

https://en.wikipedia.org/wiki/Vostok_1

And you may also learn about Oleg Ivanovsky 
https://www.telegraph.co.uk/news/obituaries/1713/Oleg-Ivanovsky-obituary.html#disqus_thread



Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SPDX] Mass license change Artistic 2.0 to Artistic-2.0

2024-04-11 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from Artistic 2.0 to 
Artistic-2.0

The proposed diff is in attachment.

Affected packages:

chordpro
cleanfeed
libkdtree++
R-AnnotationDbi
perl-Data-IEEE754
mingw-ftplib
nicstat
perl-Test-Bits
perl-MaxMind-DB-Common
perl-MaxMind-DB-Reader-XS
perl-SQL-Abstract-Pg
R-MatrixGenerics
perl-Applify
perl-App-SVN-Bisect
perl-App-SVN-Bisect
perl-Business-ISSN
perl-Crypt-PWSafe3
perl-Dancer-Plugin-Database-Core
perl-Dist-Zilla-Plugin-Config-Git
perl-File-Next
perl-Flickr-API
perl-Ham-Reference-QRZ
perl-HTML-FormatText-WithLinks-AndTables
perl-HTTP-Tiny-Multipart
perl-Inline-CPP
perl-IPTables-ChainMgr
perl-IPTables-Parse
perl-JSON-Validator
perl-Log-Agent
perl-Mango
perl-Minion-Backend-SQLite
perl-Mojolicious-Plugin-AssetPack
perl-Mojolicious-Plugin-CHI
perl-Mojolicious-Plugin-I18N
perl-Mojolicious-Plugin-OAuth2
perl-Mojolicious-Plugin-OpenAPI
perl-Mojo-Pg
perl-Mojo-SQLite
perl-MojoX-JSON-RPC
perl-MooseX-ClassAttribute
perl-MooseX-SemiAffordanceAccessor
perl-Parse-CPAN-Distributions
perl-Perl-Critic-Bangs
perl-Razor-Agent
perl-Set-Object
perl-STD
perl-Test-PostgreSQL
perl-Test-YAML-Meta
perl-Text-Context-EitherSide
perl-Text-SimpleTable
perl-Tie-Cycle
perl-Unix-Groups-FFI
perl-Unix-Groups-FFI
perl-WWW-Shorten
pv
R-restfulr
R-KEGGREST
qstat
R-Biobase
R-BiocGenerics
R-biomaRt
R-Biostrings
R-BSgenome
R-DelayedArray
R-DynDoc
remoot
renrot
R-GenomeInfoDbData
R-GenomeInfoDb
R-GenomicAlignments
R-GenomicRanges
R-matrixStats
rpmgrill
R-Rsamtools
R-Rsolid
R-S4Vectors
R-SummarizedExperiment
R-tkWidgets
R-BiocIO
R-XVector
smaclient
xxkb
R-BiocFileCache

perl-Test-Snapshot


Unless somebody stop me, I will do this change directly in dist-git after a 
week.
--

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/cleanfeed.spec rpm-specs/cleanfeed.spec
--- rpm-specs.orig/cleanfeed.spec	2024-01-25 03:03:00.0 +0100
+++ rpm-specs/cleanfeed.spec	2024-04-11 13:01:04.933821114 +0200
@@ -1,9 +1,9 @@
 Summary: A spam filter for Usenet news servers
 Name: cleanfeed
 Version: 20020501
-Release: 31%{?dist}
+Release: 32%{?dist}
 # Confirmed with upstream, website
-License: Artistic 2.0
+License: Artistic-2.0
 URL: http://www.bofh.it/~md/cleanfeed/
 Source0: http://www.bofh.it/~md/cleanfeed/cleanfeed-20020501.tgz
 Patch0: cleanfeed-20020501-redhat.patch
@@ -56,6 +56,9 @@
 %attr(-,news,news) %{_datadir}/news/bin/filter/filter_innd.pl
 
 %changelog
+* Thu Apr 11 2024 Miroslav Suchý  - 20020501-32
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 20020501-31
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/chordpro.spec rpm-specs/chordpro.spec
--- rpm-specs.orig/chordpro.spec	2024-02-15 03:02:20.0 +0100
+++ rpm-specs/chordpro.spec	2024-04-11 13:01:04.568817373 +0200
@@ -7,9 +7,9 @@
 
 Name: chordpro
 Summary: Print songbooks (lyrics + chords)
-License: Artistic 2.0
+License: Artistic-2.0
 Version: 6.050
-Release: 2%{?dist}
+Release: 3%{?dist}
 Source: https://cpan.metacpan.org/authors/id/J/JV/JV/%{FullName}-%{version}.tar.gz
 Source1: README.ABC
 Source2: README.LilyPond
@@ -250,6 +250,9 @@
 gtk-update-icon-cache %{_datadir}/icons/hicolor
 
 %changelog
+* Thu Apr 11 2024 Miroslav Suchý  - 6.050-3
+- convert license to SPDX
+
 * Wed Feb 14 2024 Johan Vromans  - 6.050-2
 - Repackage ABC support (abc2svg 1.22.13).
 
diff -Naur rpm-specs.orig/libkdtree++.spec rpm-specs/libkdtree++.spec
--- rpm-specs.orig/libkdtree++.spec	2024-04-10 04:19:33.0 +0200
+++ rpm-specs/libkdtree++.spec	2024-04-11 13:01:05.481826731 +0200
@@ -1,9 +1,9 @@
 Name:   libkdtree++
 Version:0.7.0
-Release:38%{?dist}
+Release:39%{?dist}
 Summary:C++ template container implementation of kd-tree sorting
 URL:http://libkdtree.alioth.debian.org/
-License:Artistic 2.0
+License:Artistic-2.0
 BuildRequires:  gcc-c++
 BuildRequires:  autoconf automake python3-devel swig
 BuildRequires: make
@@ -113,6 +113,9 @@
 %doc examples/test*.cpp
 
 %changelog
+* Thu Apr 11 2024 Miroslav Suchý  - 0.7.0-39
+- convert license to SPDX
+
 * Thu Jan 25 2024 Fedora Release Engineering  - 0.7.0-38
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/mingw-ftplib.spec rpm-specs/mingw-ftplib.spec
--- rpm-specs.orig/mingw-ftplib.spec	2024-01-26 03:21:59.0 +0100
+++ rpm-specs/mingw-ftplib.spec	2024-04-11 13:01:06.768839922 +0200
@@ -2,10 +2,10 @@
 
 Name:   mingw-ftplib
 Version:4.0
-Release:19%{?dist}
+Release:20%{?dist}
 Summary:MinGW Library of FTP routines
 
-License:Artistic 2.0
+License:Artistic-2.0
 URL:http://nbpfaus.net/~pfau/ftplib/
 Source0:http://nbpfaus.net/~pfau/ftplib/ftplib-%{version}.tar.gz
 Source1:ftplib-rc.rc
@@ -115,6 +115,9 @@
 
 
 %changelog
+* Thu Apr 11 2024 Miroslav Suchý  - 4.0-20

Re: convert everything to rpmautospec?

2024-04-08 Thread Miroslav Suchý


Dne 08. 04. 24 v 2:55 odp. Emmanuel Seyman napsal(a):

FTR, I have no idea what "salami tactics" is.


https://en.wikipedia.org/wiki/Salami_slicing_tactics

Something that would be unacceptable to be done in one step is possible when 
you do that in tiny steps.
You cannot eat whole salami, but you can eat one slice of salami. And repeat 
until whole salami is gone.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: convert everything to rpmautospec?

2024-04-07 Thread Miroslav Suchý


Dne 07. 04. 24 v 5:15 odp. Zbigniew Jędrzejewski-Szmek napsal(a):

I think it's time to switch to rpmautospec completely.


-1 from me.

While I enjoy simplicity of rpmautospec in some of my packages.

I have bunch of packages where the spec is present also in upstream and the package is build for epel7 too. And I build 
the package locally (outside of dist-git) often. The enforcement would complicate my life.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SPDX] Mass license change ZPLv2.1 to ZPL-2.1

2024-04-06 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from ZPLv2.1 to ZPL-2.1

The proposed diff is in attachment.

Affected packages:

python3-zope-fixers
python-transaction
python-zc-customdoctests
python-zc-lockfile
python-zdaemon
python-zope-component
python-zope-deprecation
python-zope-interface
python-zope-schema
python-zope-sqlalchemy
python-zope-testing
python-nagiosplugin

Unless somebody stop me, I will do this change directly in dist-git after a 
week.

--

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/python-nagiosplugin.spec rpm-specs/python-nagiosplugin.spec
--- rpm-specs.orig/python-nagiosplugin.spec	2024-04-05 04:35:02.0 +0200
+++ rpm-specs/python-nagiosplugin.spec	2024-04-06 21:58:26.520652642 +0200
@@ -2,8 +2,8 @@
 
 Name:   python-%{srcname}
 Version:1.3.3
-Release:6%{?dist}
-License:ZPLv2.1
+Release:7%{?dist}
+License:ZPL-2.1
 Summary:Library for writing Nagios (Icinga) plugins
 
 URL:https://nagiosplugin.readthedocs.io
@@ -57,6 +57,9 @@
 %{python3_sitelib}/nagiosplugin/
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 1.3.3-7
+- convert license to SPDX
+
 * Fri Jan 26 2024 Fedora Release Engineering  - 1.3.3-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/python-transaction.spec rpm-specs/python-transaction.spec
--- rpm-specs.orig/python-transaction.spec	2024-04-05 04:37:19.0 +0200
+++ rpm-specs/python-transaction.spec	2024-04-06 21:58:07.052454899 +0200
@@ -1,9 +1,9 @@
 Name:   python-transaction
 Version:4.0
-Release:3%{?dist}
+Release:4%{?dist}
 Summary:Transaction management for Python
 
-License:ZPLv2.1
+License:ZPL-2.1
 URL:https://pypi.io/project/transaction
 Source0:%pypi_source transaction
 
@@ -56,6 +56,9 @@
 
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 4.0-4
+- convert license to SPDX
+
 * Fri Jan 26 2024 Fedora Release Engineering  - 4.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/python-zc-customdoctests.spec rpm-specs/python-zc-customdoctests.spec
--- rpm-specs.orig/python-zc-customdoctests.spec	2024-01-27 03:40:15.0 +0100
+++ rpm-specs/python-zc-customdoctests.spec	2024-04-06 21:58:08.795472603 +0200
@@ -3,9 +3,9 @@
 
 Name:   python-zc-customdoctests
 Version:1.0.1
-Release:36%{?dist}
+Release:37%{?dist}
 Summary:Use doctest with other languages
-License:ZPLv2.1
+License:ZPL-2.1
 URL:http://pypi.python.org/pypi/zc.customdoctests
 Source0:http://pypi.python.org/packages/source/z/%{modname}/%{modname}-%{version}.zip
 
@@ -72,6 +72,9 @@
 %{python3_sitelib}/%{modname}-%{version}-*
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 1.0.1-37
+- convert license to SPDX
+
 * Fri Jan 26 2024 Fedora Release Engineering  - 1.0.1-36
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/python-zc-lockfile.spec rpm-specs/python-zc-lockfile.spec
--- rpm-specs.orig/python-zc-lockfile.spec	2024-04-05 04:37:56.0 +0200
+++ rpm-specs/python-zc-lockfile.spec	2024-04-06 21:58:10.946494452 +0200
@@ -1,8 +1,8 @@
 Name:   python-zc-lockfile
 Version:3.0.post1
-Release:5%{?dist}
+Release:6%{?dist}
 Summary:Basic Inter-Process Locks
-License:ZPLv2.1
+License:ZPL-2.1
 URL:https://pypi.io/project/zc.lockfile/
 Source0:https://pypi.io/packages/source/z/zc.lockfile/zc.lockfile-%{version}.tar.gz
 
@@ -58,6 +58,9 @@
 %dir %{python3_sitelib}/zc/
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 3.0.post1-6
+- convert license to SPDX
+
 * Fri Jan 26 2024 Fedora Release Engineering  - 3.0.post1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/python-zdaemon.spec rpm-specs/python-zdaemon.spec
--- rpm-specs.orig/python-zdaemon.spec	2024-01-27 03:40:16.0 +0100
+++ rpm-specs/python-zdaemon.spec	2024-04-06 21:58:13.434519723 +0200
@@ -1,8 +1,8 @@
 Name:   python-zdaemon
 Version:4.2.0
-Release:26%{?dist}
+Release:27%{?dist}
 Summary:Python Daemon Process Control Library
-License:ZPLv2.1
+License:ZPL-2.1
 URL:https://pypi.io/project/zdaemon/
 Source0:https://pypi.io/packages/source/z/zdaemon/zdaemon-%{version}.tar.gz
 
@@ -57,6 +57,9 @@
 
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 4.2.0-27
+- convert license to SPDX
+
 * Fri Jan 26 2024 Fedora Release Engineering  - 4.2.0-26
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/python-zope-component.spec rpm-specs/python-zope-component.spec
--- rpm-specs.orig/python-zope-component.spec	2024-04-05 04:37

[SPDX] Mass license change MPLv2.0 to MPL-2.0

2024-04-06 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from MPLv2.0 to MPL-2.0

The proposed diff is in attachment.

Affected packages:

czmq
erlang-exometer_core
git-fame
golang-github-armon-consul-api
golang-github-hashicorp-cleanhttp
golang-github-hashicorp-consul-migrate
golang-github-hashicorp-errwrap
golang-github-hashicorp-logutils
golang-github-hashicorp-raft
golang-github-hashicorp-raft-mdb
golang-github-hashicorp-rootcerts
golang-github-hashicorp-sockaddr
golang-github-mitchellh-cli
golang-github-nrdcg-auroradns
golang-github-nrdcg-namesilo
golang-github-revel-config
golang-github-letsencrypt-pebble
golang-layeh-gopher-luar
libreoffice
libreoffice
libretro-mgba
libxc
python-prefixed
open62541
php-williamdes-mariadb-mysql-kbs
python-cornice
golang-github-nrdcg-porkbun
python-dictdumper
python-enlighten
python-hypothesis
python-mozilla-django-oidc
python-pluginlib
python-pypcapkit
python-txzmq
python-webthing
python-zmq
python-zmq
R-data.table
R-pbdRPC
rubygem-hashicorp-checkpoint
rubygem-vault
golang-github-letsencrypt-challtestsrv
seamonkey
libjwt
vagrant-hostmanager
xcfun
socialscan
golang-github-projectdiscovery-retryablehttp
ini2toml
golang-github-nrdcg-desec
python-fqdn
golang-github-c4milo-unpackit
golang-github-hooklift-assert
golang-github-hashicorp-envparse

Unless somebody stop me, I will do this change directly in dist-git after a 
week.

--

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/czmq.spec rpm-specs/czmq.spec
--- rpm-specs.orig/czmq.spec	2024-04-05 04:03:34.0 +0200
+++ rpm-specs/czmq.spec	2024-04-06 10:08:21.451334277 +0200
@@ -3,7 +3,7 @@
 Release:%autorelease
 Summary:High-level C binding for 0MQ (ZeroMQ)
 
-License:MPLv2.0
+License:MPL-2.0
 URL:http://czmq.zeromq.org
 Source0:https://github.com/zeromq/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
diff -Naur rpm-specs.orig/erlang-exometer_core.spec rpm-specs/erlang-exometer_core.spec
--- rpm-specs.orig/erlang-exometer_core.spec	2024-01-25 03:06:30.0 +0100
+++ rpm-specs/erlang-exometer_core.spec	2024-04-06 10:08:22.440342841 +0200
@@ -4,10 +4,10 @@
 
 Name:		erlang-%{realname}
 Version:	1.6.1
-Release:	7%{?dist}
+Release:	8%{?dist}
 BuildArch:	noarch
 Summary:	Easy and efficient instrumentation of Erlang code
-License:	MPLv2.0
+License:	MPL-2.0
 URL:		https://github.com/%{upstream}/%{realname}
 VCS:		scm:git:https://github.com/%{upstream}/%{realname}.git
 Source0:	https://github.com/%{upstream}/%{realname}/archive/%{version}/%{realname}-%{version}.tar.gz
@@ -59,6 +59,9 @@
 
 
 %changelog
+* Sat Apr  6 2024 Miroslav Suchý  - 1.6.1-8
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 1.6.1-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/git-fame.spec rpm-specs/git-fame.spec
--- rpm-specs.orig/git-fame.spec	2024-01-25 03:10:03.0 +0100
+++ rpm-specs/git-fame.spec	2024-04-06 10:08:24.050356784 +0200
@@ -1,9 +1,9 @@
 Name:   git-fame
 Version:2.0.1
-Release:5%{?dist}
+Release:6%{?dist}
 Summary:Pretty-print git repository collaborators sorted by contributions
 
-License:MPLv2.0
+License:MPL-2.0
 URL:https://pypi.python.org/pypi/git-fame
 Source0:%{pypi_source}
 
@@ -48,6 +48,9 @@
 %{python3_sitelib}/gitfame/
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 2.0.1-6
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 2.0.1-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/golang-github-armon-consul-api.spec rpm-specs/golang-github-armon-consul-api.spec
--- rpm-specs.orig/golang-github-armon-consul-api.spec	2024-01-25 03:11:24.0 +0100
+++ rpm-specs/golang-github-armon-consul-api.spec	2024-04-06 10:08:26.418377291 +0200
@@ -19,11 +19,11 @@
 
 Name:   %{goname}
 Version:0
-Release:0.14%{?dist}
+Release:0.15%{?dist}
 Summary:Golang API client for Consul
 
 # Upstream license specification: MPL-2.0
-License:MPLv2.0
+License:MPL-2.0
 URL:%{gourl}
 Source0:%{gosource}
 
@@ -46,6 +46,9 @@
 %gopkgfiles
 
 %changelog
+* Sat Apr 06 2024 Miroslav Suchý  - 0-0.15
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 0-0.14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/golang-github-c4milo-unpackit.spec rpm-specs/golang-github-c4milo-unpackit.spec
--- rpm-specs.orig/golang-github-c4milo-unpackit.spec	2021-09-21 04:05:31.0 +0200
+++ rpm-specs/golang-github-c4milo-unpackit.spec	2024-04-06 10:10:11.390290696 +0200
@@ -19,7 +19,7 @@
 Summary:Go package to natively decompress and unarchive tar.gz, tar.bzip2, tar.xz, zip and tar files
 
 # Upstream license specification: MPL-2.0
-License:MPLv2.0

[SPDX] Mass license change EUPL 1.2 to EUPL-1.2

2024-04-05 Thread Miroslav Suchý


Hi.

I am going to do the mass change of the license from EUPL 1.2 to EUPL-1.2.

The proposed diff is in attachment.

Affected packages:

AusweisApp2
rust-tpm2-policy
dbus-parsec

Unless somebody stop me, I will do this change directly in dist-git after a 
week.

I have the tooling in place. Very likely, I will announce more licenses for 
migration next time.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/AusweisApp2.spec rpm-specs/AusweisApp2.spec
--- rpm-specs.orig/AusweisApp2.spec	2024-04-04 04:01:05.0 +0200
+++ rpm-specs/AusweisApp2.spec	2024-04-05 10:37:43.494615583 +0200
@@ -45,7 +45,7 @@
 Release:  %autorelease
 Summary:  %{pkg_sum}
 
-License:  EUPL 1.2
+License:  EUPL-1.2
 URL:  https://www.ausweisapp.bund.de/en
 
 # Url to releases on github.
diff -Naur rpm-specs.orig/dbus-parsec.spec rpm-specs/dbus-parsec.spec
--- rpm-specs.orig/dbus-parsec.spec	2024-01-25 03:04:22.0 +0100
+++ rpm-specs/dbus-parsec.spec	2024-04-05 10:37:45.781631426 +0200
@@ -5,10 +5,10 @@
 
 Name:  dbus-parsec
 Version:   0.4.0
-Release:   7%{?dist}
+Release:   8%{?dist}
 Summary:   DBus PARSEC interface
 
-License:   EUPL 1.2
+License:   EUPL-1.2
 URL:   https://github.com/fedora-iot/dbus-parsec
 Source:%{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 
@@ -59,6 +59,9 @@
 %{_unitdir}/dbus-parsec.service
 
 %changelog
+* Fri Apr 05 2024 Miroslav Suchý  - 0.4.0-8
+- convert license to SPDX
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 0.4.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/rust-tpm2-policy.spec rpm-specs/rust-tpm2-policy.spec
--- rpm-specs.orig/rust-tpm2-policy.spec	2024-01-31 03:47:10.0 +0100
+++ rpm-specs/rust-tpm2-policy.spec	2024-04-05 10:37:44.749624277 +0200
@@ -5,11 +5,11 @@
 
 Name:   rust-%{crate}
 Version:0.6.0
-Release:7%{?dist}
+Release:8%{?dist}
 Summary:Specify and send TPM2 policies to satisfy object authorization
 
 # Upstream license specification: EUPL-1.2
-License:EUPL 1.2
+License:EUPL-1.2
 URL:https://crates.io/crates/tpm2-policy
 Source: %{crates_source}
 Patch0: tpm2-policy-fix-metadata.diff
@@ -67,6 +67,9 @@
 %endif
 
 %changelog
+* Fri Apr 05 2024 Miroslav Suchý  - 0.6.0-8
+- convert license to SPDX
+
 * Tue Jan 30 2024 Peter Robinson  - 0.6.0-7
 - Fix build
 
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change: Intro and change of "Bitstream Vera" to "Bitstream-Vera"

2024-04-05 Thread Miroslav Suchý


Dne 28. 03. 24 v 12:40 odp. Miroslav Suchý napsal(a):


I will do the change only for:

./bitstream-vera-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./R-fontBitstreamVera.spec:License:  Bitstream Vera


This has been done. Full diff of the change is in the attachment.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
diff -Naur rpm-specs.orig/bitstream-vera-fonts.spec rpm-specs/bitstream-vera-fonts.spec
--- rpm-specs.orig/bitstream-vera-fonts.spec	2024-04-04 04:01:29.0 +0200
+++ rpm-specs/bitstream-vera-fonts.spec	2024-04-05 09:09:25.602039908 +0200
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: MIT
 Version: 1.10
-Release: 50%{?dist}
-License: Bitstream Vera
+Release: 51%{?dist}
+License: Bitstream-Vera
 URL: http://www.gnome.org/fonts/
 
 BuildArch: noarch
@@ -88,6 +88,9 @@
 %fontfiles -a
 
 %changelog
+* Fri Apr 05 2024 Miroslav Suchý  - 1.10-51
+- convert license to SPDX
+
 * Tue Jan 23 2024 Fedora Release Engineering  - 1.10-50
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/bpg-fonts.spec rpm-specs/bpg-fonts.spec
--- rpm-specs.orig/bpg-fonts.spec	2024-02-21 03:02:00.0 +0100
+++ rpm-specs/bpg-fonts.spec	2024-04-05 09:09:27.174053011 +0200
@@ -7,7 +7,7 @@
 Name:		%{fontname}-fonts
 Summary: 	Georgian Unicode fonts
 Version:	%{common_ver}
-Release:	25%{?dist}
+Release:	26%{?dist}
 # Font exception
 # See: http://groups.google.com/group/bpg-fonts/web/gpl-gnu-license
 # No version of the GPL is specified.
@@ -196,7 +196,7 @@
 %package -n %{fontname}-dejavu-sans-fonts
 Summary:	DejaVu Sans with BPG Georgian changes
 Version:	2017.2.005
-License:	Bitstream Vera
+License:	Bitstream-Vera
 Requires:	%{name}-common = %{common_ver}-%{release}
 
 %description -n %{fontname}-dejavu-sans-fonts
@@ -211,7 +211,7 @@
 %package -n %{fontname}-dejavu-sans-mono-fonts
 Summary:	DejaVu Sans Mono with BPG Georgian changes
 Version:	2017.3.003
-License:	Bitstream Vera
+License:	Bitstream-Vera
 Requires:	%{name}-common = %{common_ver}-%{release}
 
 %description -n %{fontname}-dejavu-sans-mono-fonts
@@ -226,7 +226,7 @@
 %package -n %{fontname}-dejavu-serif-fonts
 Summary:	DejaVu Serif with BPG Georgian changes
 Version:	2017.2.37
-License:	Bitstream Vera
+License:	Bitstream-Vera
 Requires:	%{name}-common = %{common_ver}-%{release}
 
 %description -n %{fontname}-dejavu-serif-fonts
@@ -256,7 +256,7 @@
 Summary:	Excelsior family of BPG Georgian fonts
 Version:	2.03
 Requires:	%{name}-common = %{common_ver}-%{release}
-License:	Bitstream Vera
+License:	Bitstream-Vera
 
 %description -n %{fontname}-excelsior-fonts
 %common_desc
@@ -270,7 +270,7 @@
 Summary:	Excelsior Caps family of BPG Georgian fonts
 Version:	2.003
 Requires:	%{name}-common = %{common_ver}-%{release}
-License:	Bitstream Vera
+License:	Bitstream-Vera
 
 %description -n %{fontname}-excelsior-caps-fonts
 %common_desc
@@ -284,7 +284,7 @@
 Summary:	Excelsior Condenced family of BPG Georgian fonts
 Version:	2.003
 Requires:	%{name}-common = %{common_ver}-%{release}
-License:	Bitstream Vera
+License:	Bitstream-Vera
 
 %description -n %{fontname}-excelsior-condenced-fonts
 %common_desc
@@ -489,7 +489,7 @@
 %package -n %{fontname}-sans-modern-fonts
 Summary:	Sans Modern family of BPG Georgian fonts
 Version:	2.025
-License:	Bitstream Vera
+License:	Bitstream-Vera
 Requires:	%{name}-common = %{common_ver}-%{release}
 
 %description -n	%{fontname}-sans-modern-fonts
@@ -529,7 +529,7 @@
 %package -n %{fontname}-serif-modern-fonts
 Summary:	Serif Modern family of BPG Georgian fonts
 Version:	2.028
-License:	Bitstream Vera
+License:	Bitstream-Vera
 Requires:	%{name}-common = %{common_ver}-%{release}
 
 %description -n %{fontname}-serif-modern-fonts
@@ -708,6 +708,9 @@
 %doc Docs/*
 
 %changelog
+* Fri Apr  5 2024 Miroslav Suchý  - 3.300-26
+- convert license to SPDX
+
 * Tue Jan 23 2024 Fedora Release Engineering  - 20120413-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff -Naur rpm-specs.orig/R-fontBitstreamVera.spec rpm-specs/R-fontBitstreamVera.spec
--- rpm-specs.orig/R-fontBitstreamVera.spec	2024-01-23 03:39:54.0 +0100
+++ rpm-specs/R-fontBitstreamVera.spec	2024-04-05 09:09:28.162061246 +0200
@@ -4,10 +4,10 @@
 
 Name: R-%{packname}
 Version:  0.1.1
-Release:  20%{?dist}
+Release:  21%{?dist}
 Summary:  Fonts with 'Bitstream Vera Fonts' License
 
-License:  Bitstream Vera
+License:  Bitstream-Vera
 URL:  https://CRAN.R-project.org/package=%{packname}
 Source0:  https://cran.r-project.org/src

Re: Three steps we could take to make supply chain attacks a bit harder

2024-04-01 Thread Miroslav Suchý


Dne 01. 04. 24 v 3:16 dop. Kilian Hanich via devel napsal(a):

Also, I have seen build setups which encode the status of tests in the
eventual binary and as such info page or integrated bug report
generators. Often because some distros sometimes turned them off or
ships software even with failed tests and thus pushing that headache to
upstream. 


Can you point me to such case, please? Just being curious.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Three steps we could take to make supply chain attacks a bit harder

2024-03-31 Thread Miroslav Suchý


Dne 31. 03. 24 v 10:58 dop. Adam Williamson napsal(a):

1. Westill don't have compulsory 2FA for Fedora packagers. We *still
don't have compulsory 2FA for Fedora packagers*. *WE STILL DON'T HAVE
COMPULSORY 2FA FOR FEDORA PACKAGERS*.


Fair enough.

Let's do something about it: https://pagure.io/fesco/issue/3186


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Three steps we could take to make supply chain attacks a bit harder

2024-03-30 Thread Miroslav Suchý


Dne 30. 03. 24 v 10:37 dop. Richard W.M. Jones napsal(a):

I'm not pretending these will solve everything, but they should make
attacks a little harder in future.


4) Fetch build artifacts before executing tests

https://github.com/rpm-software-management/mock/issues/1352


(3) We should have a "security path", like "critical path".

Generally good idea. But several packages that JiaT75 GH-starred were:

* doxygen - when you infect this, you have open path to 700 Fedora packages, 
including gcc.

* squashfs-tools - when you infect this, you have open path to all images (just example, not sure if our toolchain use 
this or -ng version).


So the security patch should be much wider.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Three steps we could take to make supply chain attacks a bit harder

2024-03-30 Thread Miroslav Suchý


Dne 30. 03. 24 v 1:25 odp. Chris Adams napsal(a):

Using a signed tarball is ideally better than a git tag (it's an extra
level of author attestation).


In this case signed tarball would not help at all. And git-tag would prevent 
this attack.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Comenius edition

2024-03-28 Thread Miroslav Suchý


Hot news:

    The last phase https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 
has been approved with FESCO.

Two weeks ago we had:


* 23821spec files in Fedora

* 30463license tags in all spec files

* 11091 tags have not been converted to SPDX yet

* 4996 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,59% ░░ 100%

ELN subset:

105 out of 2411 packages are not converted yet (progress 95.64%)



Today we have:

* 23849spec files in Fedora

* 30493license tags in all spec files

* 11026 tags have not been converted to SPDX yet

* 5004 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,84% ░░ 100%

ELN subset:

100 out of 2395 packages are not converted yet (progress 95.82%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    3 new licenses (plus two public domain declarations).
    14 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-03-11 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Comenius edition? On today's date at 1592 Jan Amos Komensky was born. He was Moravian philosopher and pedagogue who 
is considered the father of modern education. He was first to define school year, school week, school leave. What are 
the requirements for a classroom. He set up school organization - from kindergarten to academia (university). Most of 
his principles are still valid. And some principles are still not yet achieved by some schools: Put everything into 
practice. Teaching should be fun. The pupil should be the teacher at the same time...


https://en.wikipedia.org/wiki/John_Amos_Comenius

https://en.wikipedia.org/wiki/Great_Didactic

https://en.wikipedia.org/wiki/Orbis_Pictus

https://en.wikipedia.org/wiki/Janua_linguarum_reserata


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change: Intro and change of "Bitstream Vera" to "Bitstream-Vera"

2024-03-28 Thread Miroslav Suchý


Dne 28. 03. 24 v 10:59 dop. Zbigniew Jędrzejewski-Szmek napsal(a):

I also think the conversion should only be done if the full License string can 
be converted. Partial conversion is confusing, and there is not much value, 
since trivial conversion is, well, trivial, and whoever will eventually need to 
take a look at the nontrivial parts can easily handle it then.

I'd add a "me too": I think if we have mixed spdx and callaways strings,
this will make later automatic processing even harder.
I that is possible, I think you should just do the full conversion for
those packages, even if that requires some manual introspection.


Ack. There is clear winner - not to mix the spdx and callaway.

I will do the change only for:

./bitstream-vera-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./bpg-fonts.spec:License:   Bitstream Vera
./R-fontBitstreamVera.spec:License:  Bitstream Vera

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [SPDX] Mass license change: Intro and change of "Bitstream Vera" to "Bitstream-Vera"

2024-03-27 Thread Miroslav Suchý


Dne 26. 03. 24 v 6:00 odp. Artur Frenszek-Iwicki napsal(a):

If we're going to introduce any kind of (semi-)automatic
conversion of existing license tags, I think it'd be good
to make "convert «and» and «or» to upper-case"
part of the process.

A.FI.

[0]https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/#d2-case-sensitivity


*nod*

BTW based of the feedback of all of you and because it is very common error in writing SPDX formula in SPDXv3 it will 
likely be allowed to use "and", "or".


https://github.com/spdx/spdx-spec/pull/892

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[SPDX] Mass license change: Intro and change of "Bitstream Vera" to "Bitstream-Vera"

2024-03-26 Thread Miroslav Suchý

Hi.

The last phase of SPDX migration has been approved

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

Part of this change is automatic changes of "trivial" changes.

Let's do a step back and state loudly what is and what is not trivial change: By trivial we understand change where id
in Callaway has only one *known* counterpart in SPDX system. E.g. CC0 in Callaway has CC0-1.0 counterpart in SPDX. And
it is unlikely that CC0 can refer to something else.

On the other hand, BSD can refer to BSD-2-Clause or to BSD-3-Clause. Without analysis the conversion cannot be done
automatically.

But even when there is only one know counterpart it may not be safe to automatically convert the license. That is case
of e.g., "Free Art". Although we have in our DB only one known couterpart "LAL-1.3" it is not safe to automate this
conversion, because there are multiple versions of this license in the wild. We just do not have them in our DB.

I also put "trivial" in quotes. Because what we very often encoutered is that the license tag is e.g. "GPLv2+". But if
you run the license analysis of sources you discover several files under different license. The automatic conversion is
unable to catch such case. :( In future we plan to introduce a tool that will analyse every new source and warns you
about suspicious used licenses that were not in previous source. For now we have only this analysis that I run in
one-shot mode in January: http://miroslav.suchy.cz/fedora/spdx-reports/

Now, what we are going to change: I plan to start with licenses that are used in just few occurrences and get feedback,
experience, rosolve issues and progress toward to behemoths like GPL* strings.

I want to start with "Bitstream Vera" license that can be translated to
"Bitstream-Vera".

It is used in these packages:

./bitstream-vera-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./bpg-fonts.spec:License: Bitstream Vera
./godot.spec:License: MIT and CC-BY and ASL 2.0 and BSD and zlib and OFL
and Bitstream Vera and ISC and MPLv2.0
./godot3.spec:License: MIT and CC-BY and ASL 2.0 and BSD and zlib and
OFL and Bitstream Vera and ISC and MPLv2.0
./pymol.spec:License: MIT and BSD and Bitstream Vera and OFL
./R-fontBitstreamVera.spec:License: Bitstream Vera
./vdrsymbol-fonts.spec:License: Bitstream Vera and Public Domain
./arx-libertatis.spec:License: GPLv3+ and Bitstream Vera and OFL and
BSL-1.0 and MIT and zlib

I have no strong opinion how to process with the case of "MIT and BSD and Bitstream Vera and OFL". I think that
converting it to " MIT and BSD and Bitstream-Vera and OFL" is probably best option. I.e. the License tag will become
mixture of Callaway and SPDX. It will not make it valid SPDX formula so it will still pop up as package to be fixed, but
at least some work will be done. It seems better to me than skipping such packages altogether. I am open to better
suggestions.

I plan to wait 7 days from each announce and then do the migration. I will use my provenpackage power to do the change
directly in dist-git. I will bump up release and add changelog entry, but I do not plan to build the package. This can
wait for mass rebuild. And of course the change will be only in rawhide.

Obsoleted packages in F40

2024-03-24 Thread Miroslav Suchý


I just upgraded my workstation to F40 and it surprised how many packages were 
reported by `remove-retired-packages`.
There was lots of orphaned packages - there is nothing to do about them. But there was lot of packages that were removed 
intentionally. See the list at the end of my email.


I want to highlight that we have policy for removing policy
   
https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#complete_removal
which at the end mention adding the package to
   https://src.fedoraproject.org/rpms/fedora-obsolete-packages

Doing this will improve the experience of users upgrading to the next Fedora 
version.


For the list below I will submit PR.


List of removed packages in F40:

Removing ldc1.32-libs: LLVM D Compiler libraries
Reason of retirement: Compat package no longer needed

Removing ldc1.30-libs: LLVM D Compiler libraries
Reason of retirement: Compat package no longer needed

Removing clang14-libs: Runtime library for clang
Reason of retirement: This compat package is no longer used: 
https://fedoraproject.org/wiki/Changes/LLVM-18

Removing clang11-resource-filesystem: Filesystem package that owns the clang 
resource directory
Reason of retirement: Orphaned for 6+ weeks

Removing clang11-libs: Runtime library for clang
Reason of retirement: Orphaned for 6+ weeks

Removing anaconda-user-help: Content for the Anaconda built-in help system
Reason of retirement: Retired due to the build-in help system in the Anaconda 
GTK UI being removed

Removing libicu72: International Components for Unicode
Reason of retirement: libicu72 isn't required by anything in fc40, was solely a 
compat package for icu 73 rebase

Removing libvpx7: Compat package with libvpx libraries
Reason of retirement: Retire old compat package in F40+

Removing llvm7.0-libs: LLVM shared libraries
Reason of retirement: obsolete and no longer used (#2258890)

Removing pcmciautils: PCMCIA utilities and initialization programs
Reason of retirement: These are only used for 16 bit (basically ISA) PCMCIA cards which are being actively removed from 
the kernel


Removing python3.7: Version 3.7 of the Python interpreter
Reason of retirement: https://fedoraproject.org/wiki/Changes/RetirePython3.7


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Introduction and package submission question

2024-03-24 Thread Miroslav Suchý


Dne 24. 03. 24 v 12:32 dop. None via devel napsal(a):
Hello everyone! My name is Jonathon Hyde, and I want to become a packager for Fedora. I'm excited to contribute back 
something to a project that I have been using for so long. I haven't made my first package submission yet, but I 
wanted kloak to be among the first packages I submit. I had a question first though, what is the tolerance for 
buggy/beta software in Fedora? The project has a couple of notable open issues on Github, mainly 
https://github.com/vmonaco/kloak/issues/12 and https://github.com/vmonaco/kloak/issues/72. I have already successfully 
built with mock and weeded out the issues that showed up in rpmlint, I'm just not sure what state upstream needs to be 
in before a package submission can be accepted in Fedora. I had quite a few submissions I wanted to make and maintain, 
so a generalized answer/explanation is preferred, because I can't find any documentation to answer this particular 
question.


I look forward to learning and contributing back what little I can offer to the 
Fedora community.


Closest to your question is:

https://docs.fedoraproject.org/en-US/fesco/Package_maintainer_responsibilities/#_manage_security_issues

You should work on security bugs in timely manner. And you should co-operate with upstream on solving bugs. Somehow. In 
very elemental meaning that means you forward the bug to upstream.


And BTW every project has bugs. If therewa condition to include only packages without bug then Fedora would have no 
package at all. :)


Feel free to submit your package for Package Review.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

2024-03-21 Thread Miroslav Suchý

Dne 21. 03. 24 v 19:47 kloc...@fedoraproject.org napsal(a):

Those trivial substs probably would cover +90% of all packages in time in my
estimation.

See

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0

The "trivial" conversion is possible for 4996 license tags (you do not want to count packages, you need to count License
tags). Out of 11k. That is 45%. For the remaining 55% you have to actually check the text of the license. Or use
license scanner.

Currently in Fedora is 23ish k packages so to review with greater care ~2.5k
lets say 30-50/day as afk/warming-up task each day should take for single
person top few weeks .. not years. And because it would be done by single
person I'm sure that he/she will be improving that task during that applying
better and better methodology ans sometimes tools. In that approach I'm 100%
sure that quality of that review will far greater than with spreading that task
to all possible maintainers.
Issue only is that this can be done OLNY by proven packager because submission
PRs/discussing/etc will eat order of magnitude more time to someone without
such permission.

Do I understand it correctly that you are willing to help? I will help you get the proven packager status and onboard
you to current state and availale tooling.

Re: SPDX Statistics - Book Smugglers edition

2024-03-20 Thread Miroslav Suchý

Dne 20. 03. 24 v 15:20 Fabio Valentini napsal(a):

Migrating the License tag from Callaway to SPDX identifiers is only
the "easy" part of the transition.
Re-reviewing package contents and re-classifying licenses is the
non-trivial part, and that definitely can't be scripted.

*nod*

1) Trivial example: how would you convert "BSD" string?

2) During past few months I have seen lots of packages that changed their license to something else and only scancode
reports revealed that to them.

3) Lots of license had long discussion if they should be allowed and how. E.g KDE uses LicenseRef-KDE-Accepted-LGPL
which is valide SPDX id, but is not allowed in Fedora and you have to use "|LGPL-2.1-only OR LGPL-3.0-only"|

|4) And you probably missed that every 14 days I include something like "5-10 new license were identified and added (to
SPDX list and to fedora-license-data). For lots of months. That is huge work that AFAIK no one before ever done. Across
whole IT world.

SPDX Statistics - Book Smugglers edition

2024-03-16 Thread Miroslav Suchý


Hot news:

    The last phase has been announce https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will proceed 
when approved with FESCO.


RC2 of SPDX  v.3 specification has been published. 
https://spdx.github.io/spdx-spec/v3.0/ .


Two weeks ago we had:


* 23786spec files in Fedora

* 30396license tags in all spec files

* 11182 tags have not been converted to SPDX yet

* 5044 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,21% ░░ 100%

ELN subset:

112 out of 2411 packages are not converted yet (progress 95.35%)



Today we have:

* 23821spec files in Fedora

* 30463license tags in all spec files

* 11091 tags have not been converted to SPDX yet

* 4996 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,59% ░░ 100%

ELN subset:

105 out of 2411 packages are not converted yet (progress 95.64%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    1 new license (plus two public domain declarations).
    16 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-02-22 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Book Smugglers? On this date, at 1846 was born Jurgis Bielinis who become successful book smugglers and even founded 
Garšviai Book Smuggling Society at the time of Lithuanian press ban. Bielinis is informally referred to as the King of 
Book Smugglers. Bielinis's birthday is commemorated as the Day of Book Smugglers.

More reading about Lithuanian book smugglers:
https://www.atlasobscura.com/articles/lithuanian-book-smugglers
https://en.wikipedia.org/wiki/Jurgis_Bielinis
(my favourite part is when he hid from police under his wife's skirt)
Does it inspired you? You can become book smuggler even nowadays: 
https://wordsrated.com/global-book-banning-statistics/


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [Fedora-legal-list] Trivy for licenses

2024-03-03 Thread Miroslav Suchý

Dne 03. 03. 24 v 20:22 Philippe Ombredanne napsal(a):

It is mostly based on google/licenseclassifier which had a single
commit in the last 17 months, and this means this is not more
maintained than askalono (and frankly both are fairly lightweight
tools for license detection). Trivy adds SPDX expression parsing on
top of the google/licenseclassifier and that's it. I would not rely on
these for anything serious and certainly not to scan code for license
prior to its inclusion in Fedora.

On the other hand, you can have custom config

https://aquasecurity.github.io/trivy/v0.49/docs/scanner/license/#custom-classification

and we can easily generate config for trivy from fedora-license-data. So you will have clacification specifically for
Fedora.

If you want robust license detection, consider using ScanCode [2] and
Scancode.io [3] for more complex pipelines. Both are tools that I
co-maintain and are considered as better tools for this. Do not
hesitate to reach out for help!

*nod*

It would welcome if anyone can help Robert here:
https://bugzilla.redhat.com/show_bug.cgi?id=2235055

Re: Trivy for licenses

2024-03-03 Thread Miroslav Suchý


Dne 03. 03. 24 v 7:35 Maxwell G napsal(a):


Has anyone every used trivy [1] to scan for licenses? It appears more robust and better maintained than askalono-cli 
and can detect files with multiple licenses and licenses embedded in file headers.  I have been running it with "trivy 
fs --scanners license --license-full ."


[1] https://github.com/aquasecurity/trivy


This is new to me.

Looks good. I will add it to 
https://docs.fedoraproject.org/en-US/legal/license-audit-tools/

It has more verbose output than askalono or licensecheck, but less detailed 
than scancode-toolkit.

And the upstream provides rpm. Static build, but better than nothing.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Beginning of the year edition

2024-03-01 Thread Miroslav Suchý


Hot news:

    fedora-license-data has Copr project https://copr.fedorainfracloud.org/coprs/g/osci/fedora-license-data where new 
package is built whenever new PR is merged


    The last phase is ready for wrangler https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will 
proceed when approved with FESCO.


    I corrected lots of SPDX formula where you used lowercase "and", "or". The specification allows only "AND", "OR". 
This will likely change in specification version 3, but now the operator has to be upper case.


Two weeks ago we had:


* 23737spec files in Fedora

* 30335license tags in all spec files

* 11314 tags have not been converted to SPDX yet

* 5105 tags can be trivially converted using `license-fedora2spdx`

* Progress: 62,70% ░░ 100%

ELN subset:

128 out of 2412 packages are not converted yet (progress 94.69%)


Today we have:

* 23786spec files in Fedora

* 30396license tags in all spec files

* 11182 tags have not been converted to SPDX yet

* 5044 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,21% ░░ 100%

ELN subset:

112 out of 2411 packages are not converted yet (progress 95.35%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    7 new licenses (plus some public domain declarations).
    17 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-02-01 (+17 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Beggining of the year? That should be January 1st, right? Before the advent of the Gregorian calendar, March 1st was 
considered the beginning of the year. Hence Septemeber as the "seventh month" despite the fact it is 9th now. But in the 
Republic of Venice, for example, March was considered the beginning of the year until 1797. So in Venice, March 1790 < 
January 1790. For more interesting facts about time (and time zones) see this legendary video 
https://www.youtube.com/watch?v=-5wpm-gesOY



Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

2024-02-27 Thread Miroslav Suchý


Dne 26. 02. 24 v 15:51 Richard Hughes napsal(a):

If the SPDX listing isn't using src.fedoraproject.org and instead
using something like bugzilla please yell. Being listed as maintaining
all those also makes the packager-dashboard basically useless for me
too. 


I am using a script:

https://pagure.io/fedora-misc-package-utilities/blob/master/f/find-package-maintainers

And as you already found, it is using data from src.fedoraproject.org.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: mock: ImportError: /lib64/libdnf.so.2: undefined symbol: g_once_init_enter_pointer

2024-02-21 Thread Miroslav Suchý

Dne 21. 02. 24 v 18:34 Jun Aruga (he / him) napsal(a):

But I am afraid I am customizing the file
/etc/mock/fedora-rawhide-x86_64.cfg . It's not the original one from
the RPM any more.

I should use the original one and it's better to manage my own custom
setting in the `~/.config/mock.cfg`?

Yes. Mock allows you several layers of customization. So you do not need to touch the original configs and avoid such
problems.

See
https://rpm-software-management.github.io/mock/configuration#order-of-loading-the-files

The alternation for all configs should go to:

|~/.config/mock.cfg|

If you need to alter one config you can create

~/.config/mock/foo.cfg

with:

include('/etc/mock/fedora-rawhide-x86_64.cfg')

your alternation

and then

mock -r foo bar.src.rpm

Which config option is related to the DNF 3 or DNF 5?

Below is my setting about the dnf.

```
config_opts['package_manager'] = 'dnf'
```

For rawhide it should be:

config_opts['package_manager'] = 'dnf5'

Re: mock: ImportError: /lib64/libdnf.so.2: undefined symbol: g_once_init_enter_pointer

2024-02-21 Thread Miroslav Suchý


Dne 21. 02. 24 v 17:38 Jun Aruga (he / him) napsal(a):

$ mock -r fedora-rawhide-x86_64 --shell



--setenv=LC_MESSAGES=C.UTF-8 --resolv-conf=off /usr/bin/dnf-3
--disableplugin=versionlock install @buildsys-build


This is suspicious. It should use DNF5 now.

What is

rpm-qf/etc/mock/fedora-rawhide-x86_64.cfg

Since mock-core-configs-40.2-1it should use DNF5.

That said, DNF3 should work too. But instead of hunting this bug it may be easier to update configs and use DNF5 that 
should be used anyway.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Donate 1 minute of your time to test upgrades from F39 to F40

2024-02-20 Thread Miroslav Suchý


Do you want to make Fedora 40 better? Please spend 1 minute of your time and 
try to run:

# Run this only if you use default Fedora modules
# next time you run any DNF command default modules will be enabled again
# This is last time we should do that :)

sudo dnf module reset '*'

dnf --releasever=40 --setopt=module_platform_id=platform:f40 \
--enablerepo=updates-testing \
$(rpm -q fedora-repos-modular >/dev/null && echo 
--enablerepo=updates-testing-modular) \
--assumeno distro-sync


This command does not replace `dnf system-upgrade`, but it will reveal 
potential problems.

You may also run `dnf upgrade` before running this command.


The `--assumeno` will just test the transaction, but does not make the actual 
upgrade.


In case you hit dependency issues, please report it against the appropriate 
package.

Or against fedora-obsolete-packages if that package should be removed in Fedora 40. Please check existing reports 
against fedora-obsolete-packages first:


https://red.ht/2kuBDPu

and also there is already bunch of "Fails to install" (F40FailsToInstall) 
reports:

https://bugzilla.redhat.com/buglist.cgi?bug_id=2231790_id_type=anddependson=tvp_id=13416789


Two notes:

* you may want to run the same command with dnf5 to help test new dnf. Do not forget to add --best otherwise DNF5 hides 
all problems.


* this command found several issues on my workstation. One was issue with teamd 
that you will likely hit too:

https://bugzilla.redhat.com/show_bug.cgi?id=2263334

and there was few other with missing provides/obsoletes that I reported. For convenience here is the relevant part of 
Fedora Guidelines:


https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-replacing-existing-packages


Thank you

Miroslav--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Feedback wanted - pruning old rawhide chroots in Copr

2024-02-19 Thread Miroslav Suchý

Dne 19. 02. 24 v 14:59 Kevin Kofler via devel napsal(a):

Instead of coming up with new aggressive pruning schemes, Copr really needs
to come up with a reasonable amount of storage to satisfy user demands. HDDs
in the multi-TB-range are available for fairly low budgets (extremely low by
the standards of a company like IBM), and it just takes 2 of them to build a
RAID 1 that is safe against data loss. Of course, that means that Copr needs
to stop locking itself into third-party cloud providers that charge
ridiculously high prices for storage.

1) Fedora and Copr are using AWS. We are not locked there as Fedora infrastructure has Ansible playbooks for everything
and we can migrate somewhere else in few days. The cost of AWS is very competitive - it costs Fedora $0. Zero dollars!
Amazon is sponsoring Fedora this way. And I am really grateful for that.

2) While we still try to optimize the "cost", the maintainability is equally
important now.

We already use RAID. This is RAID configuration of copr-backend:

# cat /proc/mdstat
Personalities : [raid1] [raid10]
md126 : active raid10 nvme5n1p1[1] nvme0n1p1[2] nvme4n1p1[0] nvme2n1p1[3]
25769536512 blocks super 1.2 512K chunks 2 near-copies [4/4] []
bitmap: 22/192 pages [88KB], 65536KB chunk

md127 : active raid1 nvme1n1p1[1] nvme6n1p1[0]
16777081856 blocks super 1.2 [2/2] [UU]
bitmap: 11/125 pages [44KB], 65536KB chunk

Raid check takes more than week. Backup takes days. We did the training exercise of restore from backup and it took
several weeks. We identified places for improvements and get it down to a week. Traversing all repositories to delete
old build takes almost a day (and we several times had to work on speed improvements there). Some improvements found the
way back to basic tools like createrepo_c.

We can easily create 100TB volume using a RAID. Or even 1PB. But the maintenance would be a hell. And several parts of
Copr would be painfully slow. It is like a things in a house. From certain size, moving to bigger house does not improve
a situation and makes certain things harder: finding things, cleaning house...

If anyone think that the maintenance of Copr can be done better (I am sure, it can!) - then I want you to invite to join
our group.

Feedback wanted - pruning old rawhide chroots in Copr

2024-02-18 Thread Miroslav Suchý

In Copr build system, we noticed that Fedora rawhide chroots can became large and they stay forever as rawhide is never
EOLed.
We plan to work on this soon, but we are not sure what is best approach. I want to ask you - the users of Copr - what
will be convenient for you?

The problem is described here https://github.com/fedora-copr/copr/issues/2933

tl;dr version is:

* when you build into fedora-39 chroot then the chroot is one day declared as EOLed and if you did not act, then the
chroot from the project is deleted and we reclaim the storage space.

* when you build into rawhide chroot, then we keep last builds. Even if you do not submit to this project anything for
years, we still keep this chroot. And such chroots can occupy gigabytes of storage.

The problem is that builds in the rawhide can be packaged configs, and they can be still usable despite the fact that no
one rebuilds the RPM for years. Or it can be forgotten build that is not even installable in current chroot. We do not
know. And testing installability of package regularly will be expensive task.

What **you** would find as acceptable policy for pruning rawhide chroots?

SPDX Statistics - Please Please Me edition

2024-02-16 Thread Miroslav Suchý


Hot news:

    SPDX did a new release of license list with 43 new licenses. Most of them 
were added thank to Fedora maintainers
https://github.com/spdx/license-list-XML/releases

Two weeks ago we had:


* 23711spec files in Fedora

* 30306license tags in all spec files

* 11542 tags have not been converted to SPDX yet

* 5193 tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,92% ░░ 100%

ELN subset:

217 out of 2766 packages are not converted yet (progress 92.15%)



Today we have:

* 23737spec files in Fedora

* 30335license tags in all spec files

* 11314 tags have not been converted to SPDX yet

* 5105 tags can be trivially converted using `license-fedora2spdx`

* Progress: 62,70% ░░ 100%

ELN subset:

128 out of 2412 packages are not converted yet (progress 94.69%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    14 new licenses (plus some public domain declarations).
    20 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-01-17 (+12 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Please Please Me edition? On this day, in 1963 Beatles got the first place in UK music chart for the first time. It 
was their first album. They decided to record it after a success of their single. So they recorded 10 additional songs 
(in one day) and album Please Please Me was born. It stayed in the chart for almost a year until Beatles recorded next 
album. This was surprising as before this album the charts were occupied by movie songs and easy listening song for 
adults and not for teenagers. Follow the rabbit hole:


https://en.wikipedia.org/wiki/Please_Please_Me

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Why branched config pointed to rolling config?

2024-02-14 Thread Miroslav Suchý


Dne 15. 02. 24 v 6:38 Mikhail Gavrilov napsal(a):

I think that getting the f41 package with fedora-40 config looks at
least odd. And one of the solutions is making rolling config pointed
to branch config rather than the other way around.


Than you will get f40 packages with rawhide config. There is no clean winner in 
this race.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Why branched config pointed to rolling config?

2024-02-14 Thread Miroslav Suchý


Dne 14. 02. 24 v 14:56 Michael J Gruber napsal(a):

Why branched config pointed to rolling config?
# ls -ln | grep fedora-40
lrwxrwxrwx. 1 0 135   26 Jan 11 20:46 fedora-40-aarch64.cfg -> 
fedora-rawhide-aarch64.cfg
lrwxrwxrwx. 1 0 135   23 Jan 11 20:46 fedora-40-i386.cfg -> 
fedora-rawhide-i386.cfg
lrwxrwxrwx. 1 0 135   26 Jan 11 20:46 fedora-40-ppc64le.cfg -> 
fedora-rawhide-ppc64le.cfg
lrwxrwxrwx. 1 0 135   24 Jan 11 20:46 fedora-40-s390x.cfg -> 
fedora-rawhide-s390x.cfg
lrwxrwxrwx. 1 0 135   25 Jan 11 20:46 fedora-40-x86_64.cfg -> 
fedora-rawhide-x86_64.cfg

... because on Jan 25th, f40 was rawhide.

We branched yesterday. So, either you wait for updated mock-config to
land in f40, or you roll it yourself. It's no mock science 


And if you check Bodhi, it is sitting there and waiting for you guys :)

https://bodhi.fedoraproject.org/updates/?search=mock-core-configs

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Does ccache ever help with kernel mock build?

2024-02-13 Thread Miroslav Suchý


Dne 13. 02. 24 v 9:08 Julian Sikorski napsal(a):
Could this be the reason for ccache not working? 


I wonder whether it is Mock problem, Ccache issue or problem in packaging? Does the ccache speadup the build when you 
run it with plain rpmbuild and ccache on host?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Does ccache ever help with kernel mock build?

2024-02-13 Thread Miroslav Suchý


Dne 12. 02. 24 v 23:01 Julian Sikorski napsal(a):

Do I need to install ccache on the host as well?


No. Mock installs the ccache into buildroot. It is injected as additional Build 
requires

https://github.com/rpm-software-management/mock/blob/main/mock/py/mockbuild/plugins/ccache.py#L35

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Does ccache ever help with kernel mock build?

2024-02-12 Thread Miroslav Suchý

Dne 12. 02. 24 v 19:29 Julian Sikorski napsal(a):

Hello,

has anyone successfully managed to get ccache to speed up kernel mockbuilds, be it SRPMS from kernel-ark or from
dist-git? I gave it a brief shot but saw no difference, if anything the build was slower.
The machine I am building on has 32 GB RAM which is not quite enough to fit everything on a ramdisk, and the drive I
am building to is an NVME SSD, "only" PCI Express 3.0. CPU is a Ryzen 5 5600x. A baseonly builds takes about 25
minutes, which is somewhat annoying when one has to bisect something.
If ccache can speed this up, how big does it need to be? I understand the default 4 GB is nowhere near enough but what
would be needed to actually help? Thanks!

Just to be sure - did you configured Mock to use it?

https://rpm-software-management.github.io/mock/Plugin-CCache

the build from build container cannot see host ccache, so Mock must specially
configure it.

This is by default off, because in multi user environment you can easily poison the cache and affect different build.
This should be enabled only on VM where you trust all users that can run Mock. E.g. your personal developer workstation.

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

Re: dnf-4.19.0 without filelists in Rawhide soon

2024-02-09 Thread Miroslav Suchý


Dne 09. 02. 24 v 16:29 Florian Weimer napsal(a):

What's the impact on mock and older chroots?  Just use bootstrap chroot?


Yes, in rawhide if you build package for older chroot, you will have to use bootstrap chroot. It is enabled by default. 
You will have problems if you disabled it manually.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Selkirk edition

2024-02-02 Thread Miroslav Suchý


Hot news:

Richard and I had several days PTOs, so the progress of MR in 
fedora-license-data was affected by this.

Now lets dive into numbers:

Two weeks ago we had:


* 23681 spec files in Fedora

* 30232license tags in all spec files

* 11697 tags have not been converted to SPDX yet

* 5264tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,31% ░░ 100%

ELN subset:

250 out of 2439 packages are not converted yet (progress 89.75%)



Today we have:

* 23711spec files in Fedora

* 30306license tags in all spec files

* 11542 tags have not been converted to SPDX yet

* 5193 tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,92% ░░ 100%

ELN subset:

217 out of 2766 packages are not converted yet (progress 92.15%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 3 new licenses (plus some public domain declarations). 28 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-01-05 (+15 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Selkirk edition? On this day, in 1709 Alexander Selkirk was rescued after living as a castaway for four years and 
four months. His story heavily inspired Daniel Defoe to write Robinson Crusoe.


https://en.wikipedia.org/wiki/Alexander_Selkirk

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Mass change of LicenseRef-KDE-Accepted-* licenses

2024-01-29 Thread Miroslav Suchý

Dne 29. 01. 24 v 13:58 Ben Beasley napsal(a):

Could you please double-check this change? I noticed that in spacebar, LicenseRef-KDE-Accepted-GPL was the actual name
of a license file in the %files section; this was replaced with (GPL-2.0-only OR GPL-3.0-only), which causes the
package to FTBFS.

Looking at the grep output you originally posted, it seems like plasma-phonebook has a similar problem, and
kf6-kglobalaccel, kf6-kjobwidgets, and kf6-kservice had filenames in comments replaced, which won’t break their builds
but isn’t correct either.

Indeed. This possibility did not cross my mind. I fixed all of them and fixed my grep'o'foo script and find only the
cases you reported. Nothing else.

I checked scratch and it was mass rebuilt before my change, so it was build
sucessfully. So I did not rebuilt it.

I still appreciate that you are cleaning this up!

And I appreciate you understand human mistake. Still - I am sorry for this.

Staled PRs at https://src.fedoraproject.org/rpms/

2024-01-24 Thread Miroslav Suchý

During my work on SPDX migration I filed hundreds of pull request and as part of that work I always check if there is 
already open PRs for a package.


It surprised me how many packages has open PR. I understand when there is open PR with blocker or ongoing discussion. 
But I have seen PRs that are open for year+ without any comment from anyone.


I understood that it may happen that you miss the notification. Or postponed the work because you were busy and later 
forget about it... Lots of valid reasons.


I want to point to nice feature of Pagure - it can show you PR where you can 
act on:

https://src.fedoraproject.org/user/msuchy/requests?type=actionable=open

(your account icon -> My Pull Request -> PR I can act on)

Please check it, maybe you will discover some PR that is waiting on your 
feedback and you are not aware of it.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Interesting difference between Koji and COPR (_isa macro)

2024-01-24 Thread Miroslav Suchý


Dne 24. 01. 24 v 18:02 Dan Horák napsal(a):

It seems like %{?_isa} is not defined for noarch packages in Koji but it
is in COPR. Is that a known problem/feature?

it could be because COPR always does an archful build (like plain mock
builds do), while koji knows noarch is a separate arch


Mock does not understand "noarch" build. It always run on machine with an arch. Just the 
result can be name "noarch".

This is first time I hear about this problem.

When you hit something like this, it is always good start to reproduce it 
localy with mock.

Config from Koji can be retrieved using:

   fedpkg mock-config

in specific branch of dist-git.

Config from Copr can be retrieved using:

copr-cli mock-config myproject fedora-rawhide-x86_64

and you can test it as

  mock -f ./config.cfg foo.src.rpm

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Fedora 40 Mass Rebuild finish delayed

2024-01-24 Thread Miroslav Suchý


Dne 24. 01. 24 v 10:51 Aoife Moloney napsal(a):


All other milestones remain the same at this time and the published schedule[4] 
has been updated to reflect these changes.


https://fedorapeople.org/groups/schedule/f-40/f-40-key-tasks.html

Branching is set to 2024-02-06 while mass rebuilds are supposed to finish by 2024-02-20. That means we will branch 
during mass rebuilds?


Historically we always branched *after* the mass rebuilds finishes.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Mass change of LicenseRef-KDE-Accepted-* licenses

2024-01-23 Thread Miroslav Suchý

Lots of packages in Fedora use license LicenseRef-KDE-Accepted-GPL and LicenseRef-KDE-Accepted-LGPL. These licenses were 
never approved. It took lots of time to discuss it and document it. We finally come with:


https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_licenseref_kde_accepted

(copy for your convience)

> KDE project uses LicenseRef-KDE-Accepted-* licenses. This was discussed here and here. The consensus is that upstream 
license LicenseRef-KDE-Accepted-GPL should be replaced in Fedora by GPL-2.0-only OR GPL-3.0-only. And upstream license 
LicenseRef-KDE-Accepted-LGPL should be replaced by LGPL-2.1-only OR LGPL-3.0-only.


It is used 123 times in our spec files (full list at the bottom of this email). I am willing to do the mass change (with 
my proven package hat on). I welcome your feedback. If no one stops me with a reason by end of this month, I will do the 
change early next month.


$ grepLicenseRef-KDE-Accepted *
akonadiconsole.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef-KDE-Accepted-GPL
akonadi-mime.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND 
LGPL-2.1-or-later AND LGPL-3.0-only AND LicenseRef-KDE-Accepted-LGPL
akonadi-search.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only

AND LicenseRef-KDE-Accepted-GPL AND LicenseRef-KDE-Accepted-LGPL AND (MIT OR 
Apache-2.0) AND MIT
calendarsupport.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LicenseRef-KDE-Accepted-GPL
incidenceeditor.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LicenseRef-KDE-Accepted-GPL
kactivitymanagerd.spec:License: CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.1-only AND 
LGPL-3.0-only AND LicenseRef-KDE-Accepted-GPL AND LicenseRef-KDE-Accepte

d-LGPL
kalendar.spec:License:    BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND 
GPL-3.0-only AND GPL-3.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-only A
ND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-KDE-Accepted-GPL AND 
LicenseRef-KDE-Accepted-LGPL
kdepim-addons.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-3.0-only AND LicenseRef-KDE-Acce

pted-GPL AND LicenseRef-KDE-Accepted-LGPL
kdepim-runtime.spec:License: AGPL-3.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND 
GPL-2.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LGPL-2.0-only AN
D LGPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-KDE-Accepted-GPL AND 
LicenseRef-KDE-Accepted-LGPL
kdeplasma-addons.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
GPL-3.0-or-later AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only
AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-KDE-Accepted-GPL AND 
LicenseRef-KDE-Accepted-LGPL AND MIT
kf5-akonadi-mime.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND 
LGPL-2.1-or-later AND LGPL-3.0-only AND LicenseRef-KDE-Accepted-LGPL
kf5-akonadi-search.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-o

nly AND LicenseRef-KDE-Accepted-GPL AND LicenseRef-KDE-Accepted-LGPL
kf5-akonadi-server.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef

-KDE-Accepted-GPL AND MIT
kf5-attica.spec:License: CC0-1.0 AND LGPL-2.0-or-later AND LGPL-2.1-only AND 
LGPL-3.0-only AND LicenseRef-KDE-Accepted-LGPL
kf5-bluez-qt.spec:License:    CC0-1.0, LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND 
LicenseRef-KDE-Accepted-LGPL
kf5-calendarsupport.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LicenseRef-KDE-Accepted-GPL
kf5-frameworkintegration.spec:License: CC0-1.0 AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-3.0-only AND 
LicenseRef-KDE-Accepted-LGPL
kf5-incidenceeditor.spec:License: BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND 
LGPL-2.0-or-later AND LicenseRef-KDE-Accepted-GPL
kf5-kactivities.spec:License: CC0-1.0 AND GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-3.0-only AND 
LicenseRef-KDE-Accepted-LGPL AND MIT
kf5-kactivities-stats.spec:License: CC0-1.0 AND GPL-2.0-only AND

SPDX Statistics - Lisa edition

2024-01-19 Thread Miroslav Suchý


Hot news:

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3 was approved.

I generated license analysis using scancode-toolkit for all remaining packages 
http://miroslav.suchy.cz/fedora/spdx-reports/

Now lets dive into numbers:

Two weeks ago we had:


* 23542 spec files in Fedora

* 30058license tags in all spec files

* 11715 tags have not been converted to SPDX yet

* 5266tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,03% ░░ 100%

ELN subset:

290 out of 2457 packages are not converted yet (progress 88.20%)



Today we have:

* 23681 spec files in Fedora

* 30232license tags in all spec files

* 11697 tags have not been converted to SPDX yet

* 5264tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,31% ░░ 100%

ELN subset:

250 out of 2439 packages are not converted yet (progress 89.75%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 9 new licenses (plus some public domain declarations). 22 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-12-21 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Lisa edition? On this day, in 1983 Apple released Apple Lisa - first personal computer with a GUI. Read about it on 
https://en.wikipedia.org/wiki/Apple_Lisa It is reminder that Apple was not always successful. And that revolutionary 
products does not mean economical success and can be obsoleted by products that are "good-enough".


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Eight-hour day edition

2024-01-12 Thread Miroslav Suchý


Dne 05. 01. 24 v 8:14 Miroslav Suchý napsal(a):


To ease the migration I created a scantool-tookit reports for remaining 
packages. It is available here

http://miroslav.suchy.cz/fedora/spdx-reports/

Right now there are missing packages from ELN set and all other missing Fedora packages from A to L. The script 
generating the reports is still running - It has been running whole Chrismas.


If your package is missing wait few more days. Or you can install 
scancode-toolkit and run:
~/.local/bin/scancode --license --html /tmp/spdx.html --license-references  . 


I am adding more and more reports. Now all packages from A* to Q* are available.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Fedora Linux 37 is EOL

2024-01-07 Thread Miroslav Suchý


Dne 07. 01. 24 v 6:15 Jens-Ulrik Petersen napsal(a):

(Replying to devel list)

Can someone please update 
https://docs.fedoraproject.org/en-US/releases/eol/#_unsupported_fedora_linux_releases
to correct the EOL date for F37 to 5th Dec?

Or should I open a releng ticket for that?


PR is enough (in the upper right corner is edit button). And there is already 
one

https://pagure.io/fedora-pgm/pgm_docs/pull-request/62

Someone just need to merge this.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Eight-hour day edition

2024-01-04 Thread Miroslav Suchý


Dne 05. 01. 24 v 7:38 Miroslav Suchý napsal(a):


Hot news:


I forgot to mention one thing:

To ease the migration I created a scantool-tookit reports for remaining 
packages. It is available here

http://miroslav.suchy.cz/fedora/spdx-reports/

Right now there are missing packages from ELN set and all other missing Fedora packages from A to L. The script 
generating the reports is still running - It has been running whole Chrismas.


If your package is missing wait few more days. Or you can install 
scancode-toolkit and run:
~/.local/bin/scancode --license --html /tmp/spdx.html --license-references  .


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Eight-hour day edition

2024-01-04 Thread Miroslav Suchý


Hot news:

The process of adding licenses is back on track.

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3 has been submitted.

Now lets dive into numbers:

Two weeks ago we had:


* 23562 spec files in Fedora

* 30067license tags in all spec files

* 11907 tags have not been converted to SPDX yet

* 5370tags can be trivially converted using `license-fedora2spdx`

* Progress: 60,04% ░░ 100%

ELN subset:

507 out of 3734 packages are not converted yet (progress 86.42%)



Today we have:

* 23542 spec files in Fedora

* 30058license tags in all spec files

* 11715 tags have not been converted to SPDX yet

* 5266tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,03% ░░ 100%

ELN subset:

290 out of 2457 packages are not converted yet (progress 88.20%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 6 new licenses (plus some public domain declarations). 17 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-11-30 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Eight-hour day? It is reference to working hours per day. Until early of 20th century it was common that working day 
ranged from 10 to 16 hours. There were numerous strikes and fights to lower it to 12 and 10. And later to 8. Until 5 
January 1914 when the Ford Motor Company took the radical step of doubling pay to $5 a day (equivalent to $150) and 
cutting shifts from nine hours to eight. When their profit margin doubled next year, other companies started to follow.


https://en.wikipedia.org/wiki/Eight-hour_day

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: ARM PAC on koji vs COPR

2024-01-03 Thread Miroslav Suchý


Dne 03. 01. 24 v 14:46 Jarek Prokop napsal(a):
4. Why do koji and copr have CPU flag set that differs so much? Is our koji infra OK? 


For convenience of readers:

Koji:
Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid 
asimdrdm lrcpc dcpop asimddp ssbs

Copr:
Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid 
asimdrdm jscvt fcma lrcpc dcpop sha3 sm3 sm4 asimddp sha512 sve asimdfhm dit 
uscat ilrcpc flagm ssbs paca pacg dcpodp svei8mm svebf16 i8mm bf16 dgh rng

In Copr we use c7g.xlarge type from AWS as ARM builders. So if you spawn this 
machine in AWS you should be able to reproduce.

Side note - hopefully in next release Copr will have functionality that will 
allow you to SSH to host with the failed 
buildhttps://github.com/fedora-copr/copr/pull/2977  But that will take few 
weeks. :(

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Public Christmas Tree edition

2023-12-21 Thread Miroslav Suchý

Hot news:

We added new license LicenseRef-Fedora-Firmware that we use for firmware that does not have clear license declarations
and only "Redistributable..."-like declarations.

https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/460/diffs

The process of adding the licenses on list is still very slow.

We come to conclusion how to handle LicenseRef-KDE-Accepted-* licenses
https://gitlab.com/fedora/legal/fedora-legal-docs/-/merge_requests/265/diffs

We are working on phase 3 and phase 4 proposals. But they are not yet ready.
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

Now lets dive into numbers:

Two weeks ago we had:

* 23479 spec files in Fedora

* 29970license tags in all spec files

* 11999 tags have not been converted to SPDX yet

* 6587tags can be trivially converted using `license-fedora2spdx`

This was error, that was: 5412 tags can be trivially converted using
`license-fedora2spdx`

* Progress: 59.96% ░█ 100%

ELN subset:

327 out of 2444 packages are not converted yet (progress 86.62%)

Today we have:

* 23562 spec files in Fedora

* 30067license tags in all spec files

* 11907 tags have not been converted to SPDX yet

* 5370tags can be trivially converted using `license-fedora2spdx`

* Progress: 60,04% ░░ 100%

ELN subset:

507 out of 3734 packages are not converted yet (progress 86.42%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 4 new licenses (plus some public domain declarations). 20
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data)
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too. And the table there was simplified.

New projection when we will be finished is 2024-11-14 (+20 days from last
report). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license
tag matches SPDX formula, you can put your package on ignore list

https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Why Public Christmas Tree? On today's date at 1919 Czech writer and poet Rudolf Těsnohlídek discovered abandoned girl,
aged seventeen months, in danger of freezing. They rescued the girl and give her name Liduška. I was unable to find the
published information in English so I translated what Těsnohlídek wrote (translation with the help of DeepL)"

"We found it last year on Christmas Eve under a lone spruce tree in the forests of Bílovy," the writer recalls. "We went
looking for a Christmas tree, a tiny little fir. The lights were already on in the village, as everywhere was being
busily cleaned up for the holidays. We fell into a valley through which thousands of hikers pass on summer Sundays. No
one was passing through today. The only one returning was the gamekeeper, who had lingered behind to procure a crib for
the church. We set off, so as not to get quite dark in the woods, to the nearest coppice on the steep hillside. We
laboured our way over the frosty ground to the middle of the hillside, where it was flatter and where we could have
taken a more vigorous step, but here the cry of the forest arrested the steps of the three of us. It was a few crows,
which, cawing a warning to the others, had fallen on the opposite hillside. They swooped down to await death as always.
We stood in human, unsparing curiosity, and then the wind blew a faint moan towards us. It was a poignant wail, a
defenceless, dying, farewell to the world. So the deer one wails when mortally wounded. We wanted to shorten her agony
and headed across the undergrowth to the supposed doe. How many small suitable Christmas trees there were, but we didn't
spot a single one. All we could see in front of us at that moment was a sprawling spruce tree. Approaching it, we
realized that the groan was the fading cry of a child. We froze in surprise. We imagined her standing there in her
flimsy rags, wearing a thin skirt, waiting. Perhaps the mother had placed it here in the lee of the thicket to wait
until it had gathered the brushwood, and it was afraid of the dark and the coming night, and therefore

Re: Building the boot.iso with dnf5

2023-12-09 Thread Miroslav Suchý


Dne 09. 12. 23 v 12:57 Peter Robinson napsal(a):

It was my understanding the switch to dnf5 was delayed until F-41 so I
don't think we should be using it for this either until it's the
default in Fedora as well.


It was delayed because it was not ready for general usage. E.g. some functionality were missing. But most of the 
functionality is there for lng time. One of the missing piece is 'system-upgrade' command. Do you need it for 
creating iso image? No. Are you missing something else? If not then I encourage to try using DNF5 for your workflow. You 
may discover some issue that stops you. But sooner you discover it, sooner the DNF will fix it.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Freeze 'Em All edition

2023-12-07 Thread Miroslav Suchý


Hot news:

We added new license LicenseRef-Not-Copyrightable that should be used for packages like foo-filesystem that e.g., create 
just directories and does not have copyrightable code nor content.


The process of adding the licenses on list is still very slow recently.

I made an error when added packages to ignore list (those that does not need any change) and my script ignored more 
packages than it should. It is fixed now. So about two dozen packages show up in list.


Now lets dive into numbers:

Two weeks ago we had:


* 23426 spec files in Fedora

* 29916license tags in all spec files

* 12081 tags have not been converted to SPDX yet

* 5482tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.62% ░█ 100%

ELN subset:

655 out of 3798 packages are not converted yet (progress 82.75%)



Today we have:

* 23479 spec files in Fedora

* 29970license tags in all spec files

* 11999 tags have not been converted to SPDX yet

* 6587tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.96% ░█ 100%

ELN subset:

327 out of 2444 packages are not converted yet (progress 86.62%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 4 new licenses (plus some public domain declarations). 17 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too. And the table there was simplified.


New projection when we will be finished is 2024-10-25 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Freeze 'Em All edition? On today's date at 2013 Metallica played a concert named Freeze 'Em All on Antartica station 
Base Carlini and become the first band that performed live concert on all seven continents.


https://en.wikipedia.org/wiki/Freeze_%27Em_All

https://www.youtube.com/watch?v=2Hi2u98VKxc


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Copr builds are stuck at package signing

2023-12-06 Thread Miroslav Suchý


Dne 06. 12. 23 v 12:52 František Šumšal napsal(a):

Hey,

Thanks to Packit I noticed that a lot of our jobs are running longer than usual, and a quick glance at the Copr task 
queue[0] tells me there's something fishy going on. I opened a couple of jobs[1][2][3] and all of

...
Looks like the last 20s sleep takes _way_ longer than 20s. Is this a known issue? 


Yes. Pavel, Jakub and Jirka was working on this most of today's date.

The culprit was that gpg key was not created for a project. We found that 'gpg2 --list-secret-keys` took 35 seconds to 
finish, but the client had a timeout 24 seconds. We solved it temporarily by spawning a beefier VM for sign server. Now 
gpg2 returns in 4 secs. It gives us time to look at how to solve it properly. In the meantime, your builds should build 
without a problem and the current queue is slowly processing.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Network rules to use mock on RHEL8

2023-12-03 Thread Miroslav Suchý

Dne 03. 12. 23 v 20:46 Emmanuel Seyman napsal(a):

Hello, all.

Wanting to promote RPM packages, I'm trying to use mock on an RHEL8 VM
that does not have unrestricted access to the internet. This fails
miserably, as you would expect it to.

I've already established that I need access to:
* registry.access.redhat.com on port 443
* cdn.redhat.com on port 443

Is there anything else I need to ask? Opening ports on internal VMs is a
lengthy process and I would really appreciate any help here.

It depends what you want to build. You have to check configs you want to use. E.g. Building Fedoras may requires access
to registry.fedoraproject.org

https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/fedora-rawhide.tpl#L15C35-L15C62

If you want to build in rhel chroots you may need to add hostnames from this KB:
https://access.redhat.com/solutions/65300

If you are building on top of Alma you may want to add

https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/almalinux-9.tpl#L6

https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/almalinux-9.tpl#L32 or
rather use specific mirror.

And similarly for EPEL

https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/epel-9.tpl#L7

Beside that, that should be all.

Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Origin of Species edition

2023-11-23 Thread Miroslav Suchý


Hot news:

I have started looking at Cavil - tool that audit the licensing info after each 
commit.

The process of adding the licenses on list is still very slow recently.

Now lets dive into numbers:

Two weeks ago we had:


* 23365 spec files in Fedora

* 29583license tags in all spec files

* 12255 tags have not been converted to SPDX yet

* 5577tags can be trivially converted using `license-fedora2spdx`

* Progress: 58.95% ░█ 100%

ELN subset:

623 out of 3969 packages are not converted yet (progress 84%)


Today we have:

* 23426 spec files in Fedora

* 29916license tags in all spec files

* 12081 tags have not been converted to SPDX yet

* 5482tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.62% ░█ 100%

ELN subset:

655 out of 3798 packages are not converted yet (progress 82.75%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 5 new licenses (plus some public domain declarations). 16 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-10-05 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Origin of Species edition? On today's date at 1859 was published Charles Darwin's book On the Origin of Species - 
first scientific work that species evolves over generations through natural selection. It took Darwin 20 years to write 
this book and he delayed it because he wanted finish his book about coral reefs first. The book had several edition and 
sixth edition was the first one that used the word "evolution".


https://en.wikipedia.org/wiki/On_the_Origin_of_Species


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How can I delete a rawhide Bodhi update?

2023-11-23 Thread Miroslav Suchý

Dne 23. 11. 23 v 17:04 Petr Pisar napsal(a):

That's the glory automation which creates updates after finishing a build on
behalf of the user wihout ownership by the user.

Once there is such update created, you only can file a ticket against relengs
(or infra) to delete the update. Without admins intervening, your only option
is to bump a release and do new build. The old, stuck update will get
superseded by the new update.

This is unfair. I remember times when there was no bodhi updates for rawhide - when you build something in rawhide it
went to next compose and there was nothing to do about it (beside writing admins).

And the rawhide bodhi update **is** owned by the user. You just cannot edit it. But that was not possible previously as
well.

Now the update has tests and can get karma points. That was previously not possible. So what we have now is better than
what we had in past.

I am sure it can be improved. I am looking forward for future improvements.

Re: Why I won't run for FESCo

2023-11-22 Thread Miroslav Suchý


Dne 22. 11. 23 v 20:40 Miro Hrončok napsal(a):
*I am tired.* When I joined FESCo 5 years ago, I had the enthusiasm and energy. 


Enthusiasm - I think this is most important part. For anyone considering 
running for FESCO.

If anyone from the audience is considering running for FESCO, but you hesitate that you are not experienced enough... 
you will get experience over time, but you rarely get enthusiasm over time - that it is most precious thing. If you are 
enthusiastic about Fedora, please, please, nominate yourself here:


https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations#Candidate_Nominations

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Kristallnacht edition

2023-11-09 Thread Miroslav Suchý


Hot news:

Robert-Andre Mauchin packaged python-spdx-tools for Fedora. For scancode-toolkit - all dependencies are finally reviewed 
and present in Fedora, scancode-toolkit is in the middle of review. Big thanks to Robert and everybody who did the 
package reviews.


The process of adding the licenses on list is very slow recently as the lawyers does not have too much free time before 
the end of the year.


Now lets dive into numbers:

Two weeks ago we had:


* 23282 spec files in Fedora

* 29750license tags in all spec files

* 12512 tags have not been converted to SPDX yet

* 5677tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.94% ░█ 100%

ELN subset:

437 out of 3013 packages are not converted yet (progress 85%)



Today we have:

* 23365 spec files in Fedora

* 29583license tags in all spec files

* 12255 tags have not been converted to SPDX yet

* 5577tags can be trivially converted using `license-fedora2spdx`

* Progress: 58.95% ░█ 100%

ELN subset:

623 out of 3969 packages are not converted yet (progress 84%)

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 2 new licenses (plus bunch of public domain declarations). 19 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-09-19.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Very impractical tip of the day:

   A compendium of absurd, funny, and downright bad licenses: 
https://github.com/ErikMcClure/bad-licenses/


Why Kristallnachte edition? On today's date at 1938, was i Kristallnacht (Night of Broken Glass) - a pogrom against Jews 
in Germany. It was first step where every other step was worse than the previous one. It was basicaly a first step that 
lead to holocaust.


https://en.wikipedia.org/wiki/Kristallnacht#Kristallnacht_as_a_turning_point

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OK to have same license file in multiple sub-packages?

2023-11-01 Thread Miroslav Suchý

Dne 31. 10. 23 v 18:21 Kalev Lember napsal(a):

On Tue, Oct 31, 2023 at 5:47 PM Miroslav Suchý wrote:

How it conflicts?

%files

%license LICENSE

%files doc

%license LICENSE

should not create any conflicts. And this is recomended way to do it.

I guess the conflicts happen when the LICENSE file changes between builds and individual subpackages that ship it
aren't updated in lock step. Often there is a full NVR version requirement that locks individual subpackages together,
but not in this case. If people for example download just one of the subpackages from koji (and not the other), it can
lead to only one of them getting updated.

License from subpackage goes to different directory. See:

$ rpm -qf /usr/share/licenses/llvm/LICENSE.TXT
llvm-17.0.2-1.fc39.x86_64
$ rpm -qf /usr/share/licenses/llvm-libs/LICENSE.TXT
llvm-libs-17.0.2-1.fc39.x86_64

llvm-libs-17.0.2-1.fc39.i686

so license from llvm and llvm-libs should not never conflicts because the file
goes to different directory.

What can conflict is multilib packages in different version with different
content of the file.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

Re: OK to have same license file in multiple sub-packages?

2023-10-31 Thread Miroslav Suchý


Dne 31. 10. 23 v 16:10 Tom Stellard napsal(a):

Hi,

I've run into a problem with the cmake package, and I'm trying to figure out how
to solve it.  This issue is that the cmake license files are included in both
the cmake and cmake-doc packages.  This creates a conflict when up trying to
update cmake while an older version of cmake-doc is installed on the system.

What's the best way to fix this?  Should I remove the license file from 
cmake-doc
or should I have cmake-doc Require (or Conflict?) with the cmake package? 


How it conflicts?

%files

%license LICENSE

%files doc

%license LICENSE

should not create any conflicts. And this is recomended way to do it.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Wichterle edition

2023-10-27 Thread Miroslav Suchý


Hot news:

fedora-license data now includes machine readable field with known exceptions 
to use otherwise not-allowed exception

https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/422

This  field is already exported to JSON and license-validate understand it:

$ license-validate--packagefedora-logos  LicenseRef-Fedora-Logos
 Uses not-allowed license, but package is known to be exception.
 Run with -v option to see more information.
 $ license-validate LicenseRef-Fedora-Logos
 Uses not-allowed license.
 Run with -v option to see more information.
 [exit code 1]

rpminspect feature is tracked under 
https://github.com/rpminspect/rpminspect/issues/1286

If you have a package that uses not-allowed license and you are using exception, please open issue at 
https://gitlab.com/fedora/legal/fedora-license-data


Now lets dive into numbers:

Two weeks ago we had:


* 23188 spec files in Fedora

* 29635license tags in all spec files

* 12724 tags have not been converted to SPDX yet

* 5742tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.06% ░█ 100%

ELN subset:

490 out of 3139 packages are not converted yet



Today we have:

* 23282 spec files in Fedora

* 29750license tags in all spec files

* 12512 tags have not been converted to SPDX yet

* 5677tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.94% ░█ 100%

ELN subset:

437 out of 3013 packages are not converted yet (progress 85%)

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 1 new license (plus bunch of public domain declarations). 20 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-09-07.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

   Do you know there is a standard to describe license of project that consist of different files with different 
licenses? https://reuse.software/



Why Wichterle edition? On today's date at 1913, the inventor of soft contact lens was born. His story is full of 
surprises: he used kids toy set to construct first Spin Casting Machine; Czech regime sold the patent to US company for 
couple of bucks because they did not want to allow traveling of this scientist to US to defend the patent. And Otto 
Wichterle spent most of his life as regular scientist without any glory because he signed petition against a regime.


https://en.wikipedia.org/wiki/Otto_Wichterle

https://web.archive.org/web/20150129033858/http://www.andrewgasson.co.uk/opioneers_wichterle.htm

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to deal with COPR and RPMAutoSpec

2023-10-18 Thread Miroslav Suchý


Dne 18. 10. 23 v 16:12 Diego Herrera napsal(a):

What I usually do when I need for COPR to handle rpmautospec is to set
the source type to "Custom", and use the following script:

#! /bin/sh -x
git clone  
cd 
spectool -g 
rpmautospec process-distgit  

Set the Buildroot dependencies to "git rpmdevtools rpmautospec" and
the Result directory to the same  string used in the
script.


This is great. I added this to our FAQ

https://github.com/fedora-copr/copr/pull/2958


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Execute RPM dependency generators on the .spec file which ships them

2023-10-16 Thread Miroslav Suchý


Dne 16. 10. 23 v 16:16 Vít Ondruch napsal(a):

Can somebody help me please with a package review? The package can't be simpler.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2244428

Thx in advance 


Done.

You are welcome.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Miracle of the Sun edition

2023-10-13 Thread Miroslav Suchý


Hot news:

There was new release of SPDX License list. If you want to see impact of Fedora work you can check number of new 
licenses in recent releases and compare


https://github.com/spdx/license-list-XML/releases

and compare it with content of the releases before we started migrating 
packages (~ Nov 2022) i.e. version 3.19.

Reviewers wanted: Package review of scancode-toolkit still need 3 dependencies to be review 
https://bugzilla.redhat.com/show_bug.cgi?id=2235055


Now lets dive into numbers:

Two weeks ago we had:


* 23100 spec files in Fedora

* 29479license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░█ 100%

ELN subset:

913 out of 3957 packages are not converted yet



Today we have:

* 23188 spec files in Fedora

* 29635license tags in all spec files

* 12724 tags have not been converted to SPDX yet

* 5742tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.06% ░█ 100%

ELN subset:

490 out of 3139 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 15 new licenses (plus bunch of public domain declarations). 
15 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-23.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

Scancode-toolkit is not yet in Fedora, but you can instal it form PyPI:

    $ pip install scancode-toolkit
    $  ~/.local/bin/scancode --license --html /tmp/spdx.html .

This will produce nice report of all files in current directory. Beware that 
the scan takes looong time.

Why Miracle of the Sun edition? On today's date at 1917, was last event from series of events also known as Miracle of 
Fatima. Thousands people watched extraodinary solar activity. This was the biggest miracle of 20th century.


https://en.wikipedia.org/wiki/Miracle_of_the_Sun


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Specify koji build machine mem req via. spec file

2023-10-05 Thread Miroslav Suchý


Dne 04. 10. 23 v 11:43 Martin Stransky napsal(a):

Hello guys,

Is there's a way how to set requested amount of ram for koji builders?

I'd like to use it as Firefox builds fail recently due low memory, like 
https://bugzilla.redhat.com/show_bug.cgi?id=2241690


Thanks,
Martin


Related - rpm has tunables that allows you to tune the build according the 
available resources. However memory is not there:

https://github.com/rpm-software-management/rpm/pull/2418

https://rpm-software-management.github.io/rpm/manual/buildprocess.html

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Munich Agreement edition

2023-10-03 Thread Miroslav Suchý


Dne 03. 10. 23 v 9:31 John Reiser napsal(a):


Especially because texlive was such an outlier, then any linear estimate
should state the starting and ending dates that were used for the projection. 


https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0

See the formula in cell A53

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Munich Agreement edition

2023-09-29 Thread Miroslav Suchý


Hot news: we are over 50 %!!! With almost 4k license tags converted in past 2 
weeks. How it was possible?

First - it is because you rocks and really lots of work has been done. Both on our (Change owners) side and on you as 
package maintainers.


But the biggest impact was migration of texlive package. Texlive is huge package and it has 6558 subpackages and 4010 
License tags. Texlive package was converted to SPDX format long time ago. But it is not sufficient to use SPDX formula. 
The license has to be approved for usage in Fedora too. I.e. SPDX IDs added to fedora-license-data collection. It took 
some time and the licenses ware review few days ago. This resulted in 3700 license tags being suddenly marked as 
migrated. That is good, because it was result of several months of work. There will be additional work because there is 
still 339 tags that does not conform our guidelines and one license has been found as not-allowed. Richard and Than is 
working on it and I applaud to them.


I must highlight that we added 25 license to fedora-license-data in past 2 weeks. That is almost 2 licenses per day 
(including weekends). When you realize that it requires legal audit, comparing to existing licenses, diving into 
history, sometimes communicating with stewards of the licenses. Submitting them to SPDX where we discuss it and add 
markup that allow to have template for several similar licenses... This is simply amazing pace.


Can I ask for additional help? Robert-André packaged scancode-toolkit for Fedora. This is license-check on steroids. 
Very useful and powerful tool. But it has lots of dependencies. Robert packaged them too. He "just" need reviewers to 
get this in Fedora. If you can check "Depends on" of https://bugzilla.redhat.com/show_bug.cgi?id=2235055 and do review 
of one of these dependecies that will be awesome.


Now lets dive into numbers:

Two weeks ago we had:


* 23143 spec files in Fedora

* 29600license tags in all spec files

* 16169 tags have not been converted to SPDX yet

* 5903tags can be trivially converted using `license-fedora2spdx`

* Progress: 45.35% ██ 100%

ELN subset:

603 out of 2986 packages are not converted yet



Today we have:

* 23100 spec files in Fedora

* 29479license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░█ 100%

ELN subset:

913 out of 3957 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 25 new licenses (plus bunch of public domain declarations). 
18 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-06.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Munich Agreement edition? On today's date [*] at 1938, four biggest European countries agreed that Germany can annex 
border parts of Czechoslovakia where ethnics German lived. It was done in hope that it will stop the low-intensity war 
and to keep the peace in Europe. But it was actually prelude to World War II.


https://en.wikipedia.org/wiki/Munich_Agreement

[*] the pact was signed shortly after midnight, so some resources use tomorrows 
date.


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Intention to tighten RPM crypto-policy back

2023-09-19 Thread Miroslav Suchý


Dne 19. 09. 23 v 11:19 Alexander Sosedkin napsal(a):
Because of that, I'd like to revert that RPM policy relaxation 
https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/a12f7b20638be8f872ad1995c7d2edce41c227b5 in (f39) 
rawhide and align RPM security with the rest of the policy. Thoughts / feedback?


You can try to load the keys from this collection under the tightened policy:

https://github.com/xsuchy/distribution-gpg-keys/

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Automate your Fedora package maintenance using Packit

2023-09-15 Thread Miroslav Suchý


Dne 15. 09. 23 v 13:18 Ankur Sinha napsal(a):

I guess it should be possible to make packit (or the-new-hotness?) run
licensecheck on the new sources and include that in the PR comment too,
perhaps also with a list of packages that depend on the one being
updated as an "impact check"?


It is almost impossible to do the check with old Callaway system. This is actually why I joined the group working on 
SPDX migration - I wanted automatically determine in Copr if the license is allowed. I found that it is actually easier 
and faster to migrate all the Fedora packages to SPDX and then use standard SPDX tooling rather than write NIH tool that 
would work with Callaway system.


When we finish the migration of Fedora to SPDX we plan to adapt tooling that will warn maintainer when new source has 
suspicious text that may be license that is not mention in License tag. But this circa two years ahead. If somebody 
wants to contribute let me know.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Marco Polo edition

2023-09-15 Thread Miroslav Suchý


I forgot to add one important piece of news about rust packages:

Because Fabio reported that all crates (rust-*) has been migrated. I added all rust-* packages that has "valid as SPDX 
but no changelog entry" to ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt#_72

And remove the the wide rust-* regexp from ignore list.

That revealed remaining issues with crates, rust itself and coreos-installer 
that were previously hidden. See

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt#_11221

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Marco Polo edition

2023-09-14 Thread Miroslav Suchý


Two weeks ago we had:


* 23128 spec files in Fedora

* 29572license tags in all spec files

* 16519 tags have not been converted to SPDX yet

* 6059tags can be trivially converted using `license-fedora2spdx`

* Progress: 44.14% ██ 100%

ELN subset:

825 out of 2479 packages are not converted yet



Today we have:

* 23143 spec files in Fedora

* 29600license tags in all spec files

* 16169 tags have not been converted to SPDX yet

* 5903tags can be trivially converted using `license-fedora2spdx`

* Progress: 45.35% ██ 100%

ELN subset:

603 out of 2986 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 17 new licenses (plus bunch of public domain declarations). 
31 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-30 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Marco Polo edition? On today's date at 1254, an Italian merchant Marco Polo was born. He traveled to Asia (today's 
China). It took him 4 years to get there, 3 years to get back. And he stayed 17 years there. He wrote a book Millione 
about this travel. That made him famous and even nowadays is great insight about Asia of that time.


https://en.wikipedia.org/wiki/Marco_Polo
https://en.wikipedia.org/wiki/The_Travels_of_Marco_Polo

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Access superseded Fedora RPMs

2023-09-09 Thread Miroslav Suchý


Dne 08. 09. 23 v 21:58 Kai A. Hiller napsal(a):
I’m trying to recreate – on the level of RPMs – a Fedora system as resolved by DNF at an earlier moment in time (think 
lockfile). Collecting a list of the installed RPMs and their versions for a given system is easily done via `dnf list 
installed`; though, afaict these RPMs in their exact versions may no longer be available at Fedora mirrors at a later 
point in time. This leads to my question: Is there a Fedora-canonical way of finding and attaining these superseded RPMs?


(Alternatively, I was thinking about hosting a private, modified mirror that serves all versions of an RPM. Does that 
sound like a good idea?) 


https://github.com/Katello/katello

It can do this and much more. It is also very huge project and resource 
intensive.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX MIT license , what todo ?

2023-09-09 Thread Miroslav Suchý


Dne 08. 09. 23 v 22:42 Sandro napsal(a):


I believe, and Miroslav will correct me if I'm wrong, the script looks at the changelog and searches for SPDX. As long 
as there's a changelog entry, the package is considered migrated.


However, if the License: tag value changes, it is recommended to rebuild, so the new license makes it into the 
package. Of course, this can also be done with the next update or mass rebuild. 


Right.

I cannot say it better :)

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX MIT license , what todo ?

2023-09-08 Thread Miroslav Suchý


Dne 08. 09. 23 v 2:39 Neal Gompa napsal(a):

xdg-utils is a MIT License [1] what SPDX license have [2] ? if it is
already a valid SPDX formula , what I should write on changelog ?


Do nothing. This transition is a no-op for you.


Nope. If he does nothing I will still report it in statistics as:

xdg-utils warning: valid as old and new and no changelong entry, please check

To record that you checked it and it is ok do one of this:

1) add entry to %changelog "license migrated to SPDX" - this is more suitable when you are doing a rebase or change 
together with the check


2) add empty git commit: git commit --allow-empty -m "license migrated to SPDX"

3) report it to me and I will add it on ignore list. Or you can submit PR 
directly. I have just done it for you

https://pagure.io/copr/license-validate/c/a1bb78fdbe191ffc8dd31bd847e2e3299c42cc87?branch=main

So **now** you can do nothing and next time your package will be counted as 
migrated.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Passenger pigeon edition

2023-09-02 Thread Miroslav Suchý


Dne 02. 09. 23 v 13:07 Zbigniew Jędrzejewski-Szmek napsal(a):

"python-lit warning: valid as old and new and no changelong entry, please check"

The License string is valid as both the old-style Fedora license and a SPDX
expression, and the tooling did not match anything in the changelog that would
indicate the license was converted to SPDX.


Typical example is

MIT

this is valid string in old system. And also in the SPDX format. But the old MIT represented whole family. It can be 
actually anything from


$ license-fedora2spdx'MIT'
Warning: more options on how to interpret MIT. Possible options: ['mpich2', 'libtiff', 'Xfig', 'UnixCrypt', 'SMLNJ', 
'SGI-B-2.0', 'NTP', 'MIT', 'MIT-open-group', 'MIT-feh', 'MIT-enna', 'MIT-Modern-Variant', 'MIT-F

estival', 'MIT-CMU', 'ICU', 'HPND', 'HPND-sell-variant', 'HP-1986', 'Boehm-GC', 
'BSL-1.0', 'Adobe-Glyph']
{{pick MIT choice}}

It can be converted to MIT, but also to ICU or HPND... and without any indication in the changelog there is no way to 
know if you check it or not.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Passenger pigeon edition

2023-09-01 Thread Miroslav Suchý


Two weeks ago we had:


* 23030 spec files in Fedora

* 29469license tags in all spec files

* 16716 tags have not been converted to SPDX yet

* 6149tags can be trivially converted using `license-fedora2spdx`

* Progress: 43.28% ██ 100%

ELN subset:

895 out of 2492 packages are not converted yet



Today we have:

* 23128 spec files in Fedora

* 29572license tags in all spec files

* 16519 tags have not been converted to SPDX yet

* 6059tags can be trivially converted using `license-fedora2spdx`

* Progress: 44.14% ██ 100%

ELN subset:

825 out of 2479 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 9 new licenses. 33 licenses have been submitted to SPDX.org 
and are waiting to be review (and then added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-22 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

    You can use Chrome or Firefox plugin to find what is the license and how 
much it differ from nearest SPDX match.
https://github.com/spdx/spdx-license-diff#installation


Why Passenger pigeon edition? Passenger pigeon is extinct species. On today's date at 1914, last known one died at 
Cincinnati Zoo.


https://en.wikipedia.org/wiki/Passenger_pigeon

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

1 2 3 4 5 6 7 8 9 10 >

1 - 100 of 1017 matches

Mail list logo