Re: [ANNOUNCE] RPM Fusion infra is back for contributors
On Tue, Jun 21, 2016 at 05:45:57PM +0200, Nicolas Chauvet wrote: > Good question, all branches are open for work, but el7 first needs to > be bootstrapped (any volunteer for that ?) What needs to be bootstrapped? Can't CentOS and EPEL 7 just be used as as a package source like Fedora is used for the Fedora branches? Kind regards Till
Re: [ANNOUNCE] New infra has rised up (finally)
Hi, On Mon, May 16, 2016 at 11:48:53AM +0200, Nicolas Chauvet wrote: > http://pkgs.rpmfusion.org (even with let's encrypt certificate). this is awesome. > Also to mention is that the new infra is ansible managed (old services > are still using puppet), the public part is located here: > https://github.com/rpmfusion-infra/ansible-rpmfusion > That's for thoses who wondered how to help, here what you "could" have > done. Reviewing is welcomed. I submitted a pull request to make proper use of the certificate btw: https://github.com/rpmfusion-infra/ansible-rpmfusion/pull/1 Kind regards Till
Re: Packaging 3-rd party repositories in rpmfusion
On Mon, Feb 03, 2014 at 11:30:42AM +1100, Ankur Sinha wrote: One concern is that some of the rpms that third parties provide do ship their own repo files. So, after the user installs a package, he might end up with two repo files? We'll have to use proper conflicts in the specs. What about GPG keys? (The adobe-release package ships a repo file and a GPG key.) If RPMFusion ships configuration for other repos, the package should also include the GPG key, set gpgcheck=1 and include only the intended packages with includepkgs to minimise security problems. Regards Till
Re: replacement builder needed
On Sun, Oct 23, 2011 at 01:02:39PM -0500, Richard Shaw wrote: Since no one has stepped up yet I have a proposal but I don't know how easy it will be to accomplish. I asked at the local university whether they could provide a builder. They are currently looking for a possible machine, therefore something might be possible there. I'm willing to offer up my desktop machine with the following requirements: 1. At least 5 to 10 others in total do the same 2. Building packages would be assigned to all machines in a round robin approach. 3. I can shut down the builds by window or manually. I do occasionally use my machine for gaming. I would provide a virtual machine on my desktop if nobody will require shell access on it. And I do not care about point 1 or 2, but it will not be available 24/7. Regards Till
Re: replacement builder needed
On Wed, Oct 19, 2011 at 03:15:07PM -0500, Richard Shaw wrote: On Wed, Oct 19, 2011 at 3:04 PM, Itamar Reis Peixoto ita...@ispbrasil.com.br wrote: fdc have cheap machines, arround $39 / month fdcservers.net The only plan I saw for $39/mo was for a dual core Atom... not a good choice for a build server. In Germany you would get at least a AMD Athlon 64 3700+ with 1 GB RAM and 160 GB disk space on RAID 1 for this amount of money: http://www.hetzner.de/en/hosting/produkte_rootserver/x2 Kind regards Till
Re: replacement builder needed
Hi, On Wed, Oct 19, 2011 at 03:17:21PM -0400, Jarod Wilson wrote: fact that the one and only active rpm fusion build system sits on that pipe. I'd like to see another system (or systems) elsewhere brought up sooner than later, so builds can be migrated to them, at which point, I can retire the box at my house, and not drop the extra money every month for the pipe and the power to keep the box running. what are the required minimum specs? I guess it needs to be a 64 Bit system. But how much RAM and disk space is required? Who will need to have which kind of shell access? Kind regards Till
Re: How are Fedora RPM packagess verified in RPMFusion buildsys?
Hiyas, On Wed, Jan 13, 2010 at 02:42:26PM +0100, Till Maas wrote: I just wondered how the RPM packages from Fedora used in RPMFusion buildroots are verfied on the RPMFusion builders. Fedora uses direct access to the RPM packages via a secure channel afaik, but since RPMFusion does not use Fedora infrastructure, this seems not to be possible. Also I did not found the typical RPM message about importing the GPG key that is usually displayed on my local mock builds in the RPMFusion build roots. Therefore I fear that the RPMs are not verified at all, but please don't let this be true. except for a answer about the default mock config, there was no reply to this within two weeks. So I conclude that they are very likely not verified and nobody cares, thats bad. :-( Regards Till pgpgSdSMdGhYI.pgp Description: PGP signature
How are Fedora RPM packagess verified in RPMFusion buildsys?
Hiyas, I just wondered how the RPM packages from Fedora used in RPMFusion buildroots are verfied on the RPMFusion builders. Fedora uses direct access to the RPM packages via a secure channel afaik, but since RPMFusion does not use Fedora infrastructure, this seems not to be possible. Also I did not found the typical RPM message about importing the GPG key that is usually displayed on my local mock builds in the RPMFusion build roots. Therefore I fear that the RPMs are not verified at all, but please don't let this be true. Regards Till pgpYoeVNflzN3.pgp Description: PGP signature
Re: How are Fedora RPM packagess verified in RPMFusion buildsys?
On Wed, Jan 13, 2010 at 08:19:21AM -0600, Rex Dieter wrote: mock typically does not verify keys (making the assumption that the repos used internally are generally trusted implicitly). Afaik, the default configuration of mock is to use it only on machines very trustworthy people have access (i.e. anyone can acquire root) and use it only to build throw-away or test packages, that are not intended to be used on systems with security sensitive data. The default configuration does not use any internal repos, but the default Fedora repositories. Regards Till pgpWU0TMj68Du.pgp Description: PGP signature
Re: Question about licensing of kmods
On Tue, Nov 03, 2009 at 07:18:26PM +0100, Jochen Schmitt wrote: Am 03.11.2009 19:07, schrieb Orcan Ogetbil: As far as I know, GPL has an exception for linking against system components (i.e. kernel). So free repo should be fine. Please correct me if I'm wrong. Yes, but I'm talking about a kernel module which is licensed under the IBM Public License. This means, that non-GPL code will be called from GPL-code. If this is a problem, then it cannot go into any RPMFusion repository, because packages in RPMFusion still need to be legally distributable, even if they are in the nonfree repository. Since the IBM Public License is FSF free according to the Fedora Licensing Wikipage, the package should go into the free repo. Regards Till pgp9K5F9izttW.pgp Description: PGP signature
Re: build targets
On Wed, Aug 26, 2009 at 09:12:40AM +0200, Andrea Musuruane wrote: Therefore, to achieve the wanted result you should do something like this: %if 0%{?fedora} = 12 ExclusiveArch: i686 %endif %if 0%{?fedora} = 11 ExclusiveArch: i586 %else ExclusiveArch: i386 %endif This will afaics add ExclusiveArch: i686 and ExclusiveArch: i586 in all cases where %fedora is higher or equal to 12. Maybe the F11 line could be the following to work. The second %if should probably be in an %else section of the first %if. Regards Till pgp4llssKPNbR.pgp Description: PGP signature
Re: Fwd: CVS key
On Fri, Aug 21, 2009 at 10:44:12PM +0800, solarflow99 wrote: well, I downloaded the plague-client, and created the 3 certs, I see a variable has to be set to tell it to use them. then im at a loss as what to do next, where are we supposed to type make build? if only I had an example of a setup and build request to go on.. make build needs to be run in the CVS directory where the spec is, you want to build. Which package do you want to build? So if you imported a package named foo and checked it out from CVS, you need to be in a directory like foo/devel that contains a foo.spec file. There you need to run make build to create a build of the package. If you want to update a package, there is a howto on the Fedora wiki btw.: https://fedoraproject.org/wiki/Package_update_HOWTO Regards Till pgpOJj2boUmoQ.pgp Description: PGP signature
Re: website corrections
On Thu, Aug 20, 2009 at 02:21:44PM +0800, solarflow99 wrote: hi, I just wondered who I can send corrections about the website to? There is a Infrastructure Product in Bugzilla: https://bugzilla.rpmfusion.org/enter_bug.cgi?product=Infrastructure Regards Till pgpsfbh9Bi3y7.pgp Description: PGP signature
Re: Fwd: CVS key
On Fri, Aug 21, 2009 at 03:11:54AM +0800, solarflow99 wrote: I've made some additions, now I got as far as plague-client and got stuck again. http://rpmfusion.org/Buildsystem/PlagueUsage I'll be happy to include some examples in the wiki if someone can show me how its done, please? What did you do and what did not work as expected or what is it, what you don't know how to do? Regards Till
Re: Fwd: CVS key
On Wed, Aug 19, 2009 at 09:20:10PM +0800, solarflow99 wrote: BTW, I can think of some changes and additions to make to http://rpmfusion.org/Contributors avoid someone else having these problems, Luckily it is a wiki, so you can easily edit the page: http://rpmfusion.org/Contributors?action=edit Regards Till pgpV2J6aIIEWr.pgp Description: PGP signature
Re: RFC regarding rpmfusion-{non,}free-release and F11
On Do Mai 14 2009, Thorsten Leemhuis wrote: Hmmm, not completely sure yet, but that might work. Care to send a patch? Ideally one that * makes sure we don't need to do similar things for F12 and later This is my suggestion: http://till.fedorapeople.org/rpmfusion/ * also makes the user aware that he has to merge the rpmnewfiles if he still uses the hardcoded mirror list (e.g things like mirrorlist=http://download1.rpmfusion.org/free/fedora/.mirrorlist-free-fedo ra-releases ). How about using a %post scriptlet that changes only this URL in *.repo files if they exist? This is not a very intrusive change and would be imho ok. Is there a list about which old URLs should be mapped to which new ones? Regards Till signature.asc Description: This is a digitally signed message part.
Re: RFC regarding rpmfusion-{non,}free-release and F11
On Di Mai 12 2009, Thorsten Leemhuis wrote: - mark the repo files for the initial rpmfusion-{non,}free-release-11 package as %config instead of %config(noreplace). That way we make sure the new repo files get into the right place and actually used by yum; if the old repo files had been modified then they get saved as .rpmsave files and users would need to merge those changes into the new files (but they would have to do that anyway, even if the files would be marked as %config(noreplace)) Does that sound like a plan? Yes, I'm well aware that it has some downsides, but afaics it's the one that works painlessly for most people. Or am I missing a better way? Imho repo config files must not be marked as %config without noreplace, because they may contain vital options that may mess up the whole system if they are overwritten, e.g. if options like excludepkgs, priority or protect are removed. In the fedora.repo file from F10, there is $basearch used in the URL of the gpgkey, maybe it is also possible to use $releasever there, so that it is possible to use the same gpgkey URL for several Fedora Releases, e.g. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-$releasever Regards Till signature.asc Description: This is a digitally signed message part.
Re: make mockbuild does not work
On Thu December 18 2008, Nicolas Chauvet wrote: Can you rewrite your patch according with the fact that rpmfusion mock cfg files will be : fedora-10-i386-rpmfusion_nonfree.cfg and fedora-10-i386-rpmfusion_free.cfg ?etc Why do you want to use a different naming scheme than all the other mock config files, which use this scheme: name-release-arch.cfg Regards, Till signature.asc Description: This is a digitally signed message part.
Re: VirtualBox for RPM Fusion
On Saturday 13 December 2008 11:25:06 Xavier Lamien wrote: Kmods are really easy specifically for virtualbox ;) I'll push all eta of packages set the next week if people don't mind. Btw. there is already a review request for kBuild, which you can probably take over: https://bugzilla.redhat.com/show_bug.cgi?id=kBuild-review Regards, Till signature.asc Description: This is a digitally signed message part.
Re: Blog for rpmfusion.org
On Wed November 12 2008, Chris Nolan wrote: Following this discussion [1] I have put together a Wordpress blog for rpmfusion.org [2]. You can log in with your FAS username and password: it uses a simple plugin to securely authenticate users against FAS and maps users to a Wordpress role based on which approved memberships they have in FAS. [2] http://rpmfusion.cenolan.com/ ^ http://rpmfusion.cenolan.com/wordpress/wp-login.php | form name=loginform id=loginform | action=http://rpmfusion.cenolan.com/wordpress/wp-login.php; method=post ^ Everyone who logins in here for testing will send the used FAS username and password unencrypted through the internet. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: News page in the Wiki
On Sun November 9 2008, Chris Nolan wrote: Till Maas wrote: With using the FAS credentials, that allow to produce major damage in the wrong hands, within an application that is considered not very secure make my security concerns grow a lot more. I know that they are already used for OpenID and Mediawiki in Fedora, so there are a lot of attack vectors there, but maybe RPMFusion could be more secure. This is a fair concern - wordpress has a poor history. However, the potential for an exploit being harmful would be minimal because WP would never store the FAS password and a validated WP session has no control over FAS. All authentication with FAS would be done over SSL: at no point is the password sent over a non-encrypted connection and it is never stored anywhere within wordpress or logged anywhere on the client machine/within the session/on the wordpress server. One pretty common vulnerability would be a cross site scripting, especiall a persistent one, where all the described security measures would not help. An attacker would simply modify the login prompt that is shown if someone opens the wordpress homepage and instead of sending the credentials directly to FAS, they are also sent to the attacker. Here SSL or not storing the credentials on the worpress server would not help. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: News page in the Wiki
On Sun November 9 2008, Chris Nolan wrote: I'd also be happy to help host/setup a blog for rpmfusion. I have good experience with wordpress - PHP is more my realm than packaging! If FAS allows some kind of API for login/group verification then I'm fairly confident I can hack together a wordpress plugin that uses this to authenticate users. Anyone else have thoughts on this? With using the FAS credentials, that allow to produce major damage in the wrong hands, within an application that is considered not very secure make my security concerns grow a lot more. I know that they are already used for OpenID and Mediawiki in Fedora, so there are a lot of attack vectors there, but maybe RPMFusion could be more secure. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: New bugzilla.rpmfusion.org https certificate
On Sun November 2 2008, Chris Nolan wrote: I'm not too sure why I would trust a CAcert signed certificate over a self-signed? With the CAcert signed certificate, you can at least verify it somehow, because the CAcert root certificate / fingerprints can be obtained by several ways. A self-signed certificate does not allow this. Btw. if you don't trust CAcert, you can still validate the signed certificate manually. I like the change very much btw. Thank you Matthias. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: Hosting the live cd
On Wed October 8 2008, Rahul Sundaram wrote: I would like to start hosting omega as part of rpmfusion infrastructure. A subdomain like omega.rpmfusion.org would be a good space. Thoughts? Anyone testing the rawhide snapshots? I suggest to use spins.rpmfusion.org or rpmfusion.org/spins. This allows to host several different spins, e.g. a game live medium. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: Hosting the live cd
On Sat October 11 2008, Thorsten Leemhuis wrote: On 09.10.2008 07:07, Rahul Sundaram wrote: We have already been discussing the details including the name for a while in this list. Please point me to that discussion. As far as I remember and from searching omega site:lists.rpmfusion.org it was you who came up with the name; there was not even a proper discussion (and thus no consensus). How do you want to enforce such a discussion? It was mentioned here now several times and I did not remember any objections except from you and no alternative naming ideas. I guess the majority does not care about the name or agree to it. I think it's a nice name, but I also do not care much. Regards, Till signature.asc Description: This is a digitally signed message part.
Re: open-vm-tools status?
On Fri March 7 2008, Ray Van Dolson wrote: And what is preferred: dkms or kmod? Afaik kmod, somehow then akmod is supported which is something like dkms (I do not know more about akmod than this). Regards, Till signature.asc Description: This is a digitally signed message part.