Re: rawhide - glibc/pthreads/... - broken pending mass rebuild?

* Alex Scheel: > Is Fedora Rawhide unstable at the moment, pending a mass rebuild? > > I've seen a lot of random problems related to pthreads at the > moment, such as: > > 16/78 Test #12: JSS_DER_Encoding_of_Enumeration_regression_test ...Child > aborted***Exception: 0.99 sec > FINE: CryptoMana

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

* Konstantin Kharlamov: > FWIW, I was just thinking about it, and I came up with example you > may like which shows exactly why BTRFS is bad for HDD. Consider > development process. It includes rewriting source files over and > over: you do `git checkout foo` and files are overwritten, you > chang

Re: [Fedora-packaging] RPM-level auto release and changelog bumping - Fedora 33 System-Wide Change proposal

* Nicolas Mailhot via devel: >> How do I let rpm generate the changelog automatically? > > This feature is not changelog generation, just changelog bumping on > build events. You still need some other method to put non-build events > in the changelog. What is “changelog bumping”? Why is it neede

Re: [Fedora-packaging] RPM-level auto release and changelog bumping - Fedora 33 System-Wide Change proposal

* Nicolas Mailhot: > Le 2020-07-02 09:52, Florian Weimer a écrit : >> * Nicolas Mailhot via devel: >> >>>> How do I let rpm generate the changelog automatically? >>> >>> This feature is not changelog generation, just changelog bumping on >>>

Re: rawhide - glibc/pthreads/... - broken pending mass rebuild?

* Vít Ondruch: > I just met something which might be of similar nature. Recent FF > 78.0-1.fc33.x86_64 fails to start with older glibc: > > > ~~~ > > $ firefox > XPCOMGlueLoad error for file /usr/lib64/firefox/libxul.so: > /usr/lib64/firefox/libxul.so: undefined symbol: pthread_getattr_np, > versi

Re: [Fedora-packaging] RPM-level auto release and changelog bumping - Fedora 33 System-Wide Change proposal

* Nicolas Mailhot via devel: > Le 2020-07-02 09:59, Vitaly Zaitsev via devel a écrit : >> On 02.07.2020 07:35, Nicolas Mailhot via devel wrote: >>> The detached changelog is just one more file in SRPM sources, which is >>> modified by rpmbuild at `%build` time with other files rpmbuild >>> modifie

Re: Can we do away with release and changelog bumping?

* Björn Persson: > The macro could be defined like this for example: > > %buildtag .%(date +%%s) Using time for synchronization is always a bit iffy. > It would be used in each spec like this: > > Release: 1%{?dist}%{?buildtag} We could put the Koji task ID directly into the %dist tag. We

Re: Dropping elfutils-libelf-devel-static and elfutils-devel-static subpackages

* Mark Wielaard: > BTW. Can Obsoletes ever be removed? We have an Obsoletes: libelf <= > 0.8.2-2 on elfutils-libelf since the original cvsdist import of 2004 > because there used to be a different libelf implementation (with a dead > upstream these days). Can I remove that? Or is it better to keep

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

* Michael Catanzaro: > On Sun, Jul 26, 2020 at 6:15 pm, John M. Harris Jr > wrote: >> Please do not disable reading from /etc/resolv.conf. If you do so, >> please >> limit that to the Spins that it won't affect people on, such as >> Workstation, >> if you believe people there don't set their own

Re: How do Fedora developers get access to devtoolset for testing.

* Jonathan Wakely: > It's not about devtoolset. Installing CentOS 7 RPMs on Fedora rawhide > is outlandish. It won't work in general, because the CentOS RPMs have > dependencies on CentOS packages, and Fedora has different versions. Steven has a point, though. For software not built by Red Hat,

Re: Can we use emulation of other architectures to run integration tests?

* Daniel P. Berrangé: > I'm not familiar with what COPR is doing for s39x0 ? Is it using the > simple QEMU linux-user syscall emulation, or is it running a proper > QEMU s390x VM. > > I'm guessing probably the former. The linux-user syscall emulation is > truely amazing, but it is certainly not f

Re: Can we use emulation of other architectures to run integration tests?

* Daniel P. Berrangé: >> For emulating 32-bit targets, we have a broken readdir/telldir/seekdir >> implementation in glibc on 64 bit host kernels because we try to use >> d_ino directly, which is 64 bit and does not fit into the long value recte: d_off >> that POSIX requires. A kernel patch wit

What is bundling?

rams and .so files out of the build root, etc. Are these post-SRPM copying mechanism in scope for the "no bundled libraries" page, or should they be covered in other places? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org htt

Re: advertisement in packaged software

artup screen, but I find it less invasive. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: advertisement in packaged software

this is a result of your local configuration. I have not customized vim on either system, and for me the startup screen looks pretty much the same. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo

Re: advertisement in packaged software (e.g. Firefox)

ms in a FAQ that log data is "retained only for a period of weeks", although notably they don't say this in the actual privacy policy (which has been subsumed into the Chrome browser privacy policy). If they don't track users, why do they set a cookie that expires in two years?

Re: Out of virtual memory on ARM builder

ted so far, it could also be an ARM-specific GCC bug, so no amount of memory would be sufficient there. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://

Re: unsure for which package report a bug

man * this happens only after LANG=C It's not a bug. This behavior is expected if your input locale is multi-byte and the input is process by a console application assuming it's in a single-byte locale. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lis

Re: pdftk retired?

(We really want to get rid of GCJ.) -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Maybe it's time to get rid of tcpwrappers/tcpd?

* Stephen John Smoogen: > Actually they are used quite a bit in various service worlds. Mainly for > ssh and email for dealing with scanners. [DenyHosts is a boon in this > area.] I believe DenyHosts is unmaintained as well: > At the enter

Re: Maybe it's time to get rid of tcpwrappers/tcpd?

* Lennart Poettering: >> From my POV, it is kind of neat that you can grant access to *.enyo.de >> and deny every thing else. > > Binding access control to DNS sounds insecure like hell.. Additional restrictions are fine, for this purpose: >> This is quite helpful against scanners and worms,

Re: Maybe it's time to get rid of tcpwrappers/tcpd?

* Lennart Poettering: >> So offer something with equivalent functionality (and config file >> syntax compatibility), with a nice modern clean API and then systemd >> and others can be moved over to that 1 by 1, and once we've no more >> users left we can kill of the old beast ? > > Nope. In system

Re: ostree/fedora atomic and impact on the mirror network

verhead. zsync (rsync algorithm with a dumb server) might work, though. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Maybe it's time to get rid of tcpwrappers/tcpd?

oaded files under a different user account. Some SFTP clients set restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/ma

Re: Maybe it's time to get rid of tcpwrappers/tcpd?

loads]$ cat /etc/ssh/sshd_config | grep internal-sftp Subsystem sftp internal-sftp -u 006 umask doesn't apply to explicit chmod. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedo

Re: repo XML file schemas

unique strings, you are not supposed to use these URIs to fetch data. See this discussion of the similar problem with DTD URIs: <http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/> If you find any software that fetches these resources by default, please report it. -

Re: Packaging of libdb-6+

2), but distinct from it. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: F21 System Wide Change: BerkeleyDB 6

incorrectly, but this was fixed in Fedora 20. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: F21 System Wide Change: BerkeleyDB 6

sources. It is not ELF symbol versioning, but it might help. The conflict between development packages remains, though. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of

Re: F21 Self Contained Change: Playground repository

repositories and these playground repositories, (undeclared) file conflicts, paths that can be touched, or restrictions on RPM scripts? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora

Re: F21 Self Contained Change: Playground repository

bundled by Chromium has already been bundled by something else in Fedora. :-) So it can't be just bundling that blocks Chromium. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora

Re: When a yum update sets up an MTA ...

er scripts. I can add additional columns with more information, but the text file will become a bit unwieldy. -- Florian Weimer / Red Hat Product Security Team name |

Re: F21 Self Contained Change: Remote Journal Logging

bad interaction with other design considerations (like the need for DLLs with parsers for the log blobs). Does anybody know what the current Windows experience is like, especially related to the pull model? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lis

Re: When a yum update sets up an MTA ...

On 04/24/2014 01:57 AM, Andrew Lutomirski wrote: On Mon, Apr 21, 2014 at 12:17 AM, Florian Weimer wrote: On 04/21/2014 03:44 AM, Andrew Lutomirski wrote: Would it make sense to audit all spec files to look for instances of 'systemctl.*enable'? I'm attaching the hits for

Automatically generated configuration files

into /etc/pki/certs and /etc/pki/tls/private, without marking them as ghost files or configuration files. (I'm not even sure if you can mark something for which no content is provided in the RPM as a configuration file.) I wonder what an ideal RPM package would do in this case? -- Flor

Re: Automatically generated configuration files

On 04/24/2014 04:20 PM, Paul Wouters wrote: On Thu, 24 Apr 2014, Florian Weimer wrote: I'm working on advice on automated X.509 certificate generation during package installation. I would strongly recommend doing it on first service start. I've lived through the FreeS/WAN ti

Re: Automatically generated configuration files

On 04/24/2014 05:39 PM, Paul Wouters wrote: On Thu, 24 Apr 2014, Florian Weimer wrote: I don't think "openssl genrsa 2048" has this issue on today's machines. (I know I saw it with GNUTLS.) I was sceptical, so I tried this on a freshly booted VM: root@bofh:~# virsh star

Re: The Forgotten "F": A Tale of Fedora's Foundations

On 04/22/2014 12:15 PM, Nikos Roussos wrote: There is also a third group, somewhere in between, who believe that's ok to ship Free Software that connects and interops with proprietary services (gtalk, aws, etc), but it's not ok to ship proprietary software, metadata about proprietary software or

Re: Spec files in Rawhide using ExclusiveArch: %{ocaml_arches}

the compile in the source distribution. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Deprecate setjmp/longjmp? [was Re: Maybe it's time to get rid of tcpwrappers/tcpd?]

I'm pretty sure it's one of the misuse scenarios. As specified, these functions cannot be used for unrestricted stack switching. Performance of setjmp/longjmp is also extremely poor because these functions save and restore much more context than needed. -- Florian Weimer / Red Hat P

Re: Deprecate setjmp/longjmp? [was Re: Maybe it's time to get rid of tcpwrappers/tcpd?]

ELF symbols (of 7154 source packages that define any ELF symbols). -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

ious ports, e.g. while running test suites? Will it be as straightforward as with firewalld? An explicit failure on bind() might actually give us better error reporting (especially if the EPERM details idea is implemented). I like the SELinux idea. -- Florian Weimer / Red Hat Product Securi

Re: Orphaning java-1.5.0-gcj

obsolescence, it might be good enough, but it's still a bit disappointing. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: F21 Self Contained Change: Remote Journal Logging

ments/service-names-port-numbers/service-names-port-numbers.txt>. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: F21 Self Contained Change: Remote Journal Logging

, and tools like tcpdump (including third-party software we do not control) are more likely to label the traffic as related to systemd logging. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/d

Re: fedora-atomic discussion point: /usr/lib/passwd

had this, we could apply policy checks, such as ensuring that the user does not already exist as a non-system account. (This applies to many other current uses of %post, such as enabling services or running ldconfig.) Indeed. -- Florian Weimer / Red Hat Product Security Team -- devel mailing

Mass-bug filing for removed OpenJDK 9 internal APIs

public API. This does not affect features like the support for pointer arithmetic and arbitrary memory access, at least not until they are removed upstream. Comments? -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https

Re: BerkeleyDB 6 symbol versioning and associated problems

symbol mangling mechanism? <https://lists.fedoraproject.org/pipermail/devel/2014-April/198161.html> -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct

Re: [fedora-java] Mass-bug filing for removed OpenJDK 9 internal APIs

On 05/06/2014 02:15 PM, Mikolaj Izdebski wrote: On 05/06/2014 02:00 PM, Florian Weimer wrote: I plan to file bugs against packages which contain hard (i.e. not reflection-based) references to internal OpenJDK classes and methods which have been removed from OpenJDK 9. The total number of

Re: log4j update in f21

On 05/15/2014 06:14 PM, Michael Simacek wrote: I've updated log4j in rawhide today. The packages that are known to be broken by this update are: Have you rebuilt axis and slf4j? They take classes from log4j and copy them into their RPMs. -- Florian Weimer / Red Hat Product Security

Re: log4j update in f21

On 05/16/2014 07:16 AM, Mikolaj Izdebski wrote: On 05/15/2014 06:30 PM, Florian Weimer wrote: On 05/15/2014 06:14 PM, Michael Simacek wrote: I've updated log4j in rawhide today. The packages that are known to be broken by this update are: Have you rebuilt axis and slf4j? They take cl

Re: F21 System Wide Change: BerkeleyDB 6

.net/index.php/Libbitcoin/License>, I wonder if that changes our stance on the impact libraries licensed under the AGPL. -- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code

Re: PostgreSQL systemd config scheme change

nd running multiple versions in parallel, just as with the Debian packaging. Just saying. :-) -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: dnf even allows to uninstall RPM and systemd without warnings

lists a hostile place. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Patches for trivial bugs sitting in bugzilla -> trivial patch policy?

edora also cares about sustainable solutions. These two goals sometimes conflict. They have to be weighed against each other, but there is no general rule which goal is more important. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject

Re: Patches for trivial bugs sitting in bugzilla -> trivial patch policy?

s any other package? This way, package maintainers could gradually reduce the need for provenpackager privileges (similar to what Debian did with the introduction of the Debian Maintainer role, which is also governed by package ACLs). -- Florian Weimer / Red Hat Product Security -- devel mailing

Corrupted ELF file in edelib-2.1-4.fc21.i686 in rawhide

t the package isn't even installable because an unfulfilled self-dependency. I don't see anything obviously wrong going wrong in the build log. Any ideas what's happening? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://adm

Re: delta rpms - can we turn them off

hat it couldn't be gpg checked. The signature is on the RPM header, not the payload. The RPM header only lists digests of individual files (after decompression). So this shouldn't make a difference. -- Florian Weimer / Red Hat Product Security -- devel mailing

Re: delta rpms - can we turn them off

sses). In the meantime, we could try to reduce the compression level to 0 unconditionally in applydeltarpm. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fe

Re: Cc: on dead packages

/show_activity.cgi?id=1114180 It was originally filed against "synaptics", which has been dead since 2009, so filing bugs doesn't even have to be enabled for supporting older releases. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedorapr

Re: Half-OT: Secure boot and thirdy party kernel modules

perating system instance after execution of unauthenticated code"—the wording is rather unclear. If Microsoft clarifies that this is forbidden, a future Fedora update will remove this functionality, so you will be forced to disable Secure Boot at this point anyway if you want to continue to use

Re: Half-OT: Secure boot and thirdy party kernel modules

On 07/08/2014 10:19 AM, Petr Pisar wrote: On 2014-07-07, Florian Weimer wrote: Note that Microsoft's current policy may not allow unrestricted virtualization (KVM or Virtualbox—does not matter) because that "permits launch of another operating system instance after execution of unaut

Re: WARNING: malicious code

atch submission procedures by showing that it's risky to accept contributions. I'm not saying that this is what has happened, but we have to be prepared for silliness like that (and academics submitting patches with intentional defects as part of their research studies etc.). --

Self Introduction: Florian Weimer

I recently joined the Red Hat tools team, to work on glibc with Carlos O'Donell. As a result, I will co-maintain glibc in Fedora. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-con

Re: Testing chrony seccomp support

On 10/05/2015 05:27 PM, Miroslav Lichvar wrote: > I guess glibc and getaddrinfo() will be the most problematic part in > the chrony seccomp support. Is there a precedent in Fedora of a > package using a seccomp filter and getaddrinfo() by default? getaddrinfo uses NSS under the cover, which loads

Re: ansible in Fedora 23+ (python3)

On 10/19/2015 11:37 AM, Fabio Alessandro Locati wrote: > 2015-10-19 2:33 GMT+02:00 Kevin Kofler : >> Dusty Mabe wrote: >>> Does anyone have a good solution for this? Obviously it would be nice >>> if ansible went to python3 but I think they have stated clearly that >>> they are sticking with python

Re: configure: error: POSIX thread library is required

On 11/03/2015 02:35 PM, Reindl Harald wrote: > how is "configure: error: POSIX thread library is required" possible > when things like MariaDB and even libevent are building fine? What does config.log contain around the failing test? Florian -- devel mailing list devel@lists.fedoraproject.org ht

Re: configure: error: POSIX thread library is required

On 11/03/2015 02:58 PM, Reindl Harald wrote: > > > Am 03.11.2015 um 14:44 schrieb Florian Weimer: >> On 11/03/2015 02:35 PM, Reindl Harald wrote: >>> how is "configure: error: POSIX thread library is required" possible >>> when things like MariaDB and

Re: On running gui applications as root

On 10/30/2015 10:48 PM, Adam Jackson wrote: > Anyone running any X (or wayland) application as root in their desktop > session is completely bonkers and deserves every consequence of their > poor decision. Doesn't most proprietary software come with GUI installers? Florian -- devel mailing list

Re: Package review skipped and straight to repos?

On 11/28/2015 11:53 PM, Alexander Ploumistos wrote: > On Sun, Nov 29, 2015 at 12:21 AM, Till Maas wrote: >> On Sun, Nov 29, 2015 at 12:10:07AM +0200, Alexander Ploumistos wrote: >>> How come datagrepper lists FAF reports for the package from 2015-07-20, >>> when it hadn't been included yet? >> >>

Re: F24 System Wide Change: Default Local DNS Resolver

On 11/30/2015 05:14 PM, Jan Kurik wrote: > We want to have Unbound server installed and running on localhost by > default on Fedora systems. Where necessary, have also dnssec-trigger > installed and running by default Would someone please clarify the proposal if Unbound would run as a forwarder, o

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/04/2015 09:46 PM, Dan Williams wrote: > On Fri, 2015-12-04 at 16:09 +0100, Timotheus Pokorra wrote: >>> is deployed in probably half of the homes in Germany... Also I am >>> pretty sure other routers form other manufacturers do the same >>> thing. Now, if we default to DNSSEC validation soon,

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/07/2015 08:31 PM, Lennart Poettering wrote: > Hmm? If I work for a company "Foo Corp" that defined .foocorp as its > private TLD, then I won't be able to access servers in that local > network until I added .foocorp to a local whitelist, is that what you > are saying? Or do you want to ship

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/07/2015 07:21 PM, Paul Wouters wrote: > Well, there is going to be a very interesting lawsuit about damage then > because in a few months .box will be live run by a Hong Kong company > called "NS1 Limited" > > https://www.icann.org/resources/agreement/box-2015-11-12-en > > .box Regi

Re: F24 System Wide Change: Default Local DNS Resolver

On 12/07/2015 09:40 PM, Paul Wouters wrote: > On Mon, 7 Dec 2015, Florian Weimer wrote: > >>> Clearly, fedora cannot be changed to hijack a real domain, so >>> Fritzbox better >>> solve this quickly with an update, even if no one actually will >>> update

%post RPM scriptlets and dependencies

When a %post scriptlet runs, is it guaranteed that the Requires: dependencies have been unpacked? I understand that for cycle-breaking purposes, it may not be true that the scriptlets for dependencies have run. But are the files already there? (I'm interested in plain Requires, not Requires(post

Re: %post RPM scriptlets and dependencies

On 12/10/2015 12:53 PM, Rex Dieter wrote: > Florian Weimer wrote: > >> When a %post scriptlet runs, is it guaranteed that the Requires: >> dependencies have been unpacked? I understand that for cycle-breaking >> purposes, it may not be true that the scriptlets for depend

Re: %post RPM scriptlets and dependencies

On 12/10/2015 01:32 PM, Panu Matilainen wrote: > On 12/10/2015 11:41 AM, Florian Weimer wrote: >> When a %post scriptlet runs, is it guaranteed that the Requires: >> dependencies have been unpacked? I understand that for cycle-breaking >> purposes, it may not be true th

Re: -fstack-protector-strong vs -fstack-protector-all

On 12/15/2015 12:18 PM, Antonio Trande wrote: > Since i started to rebuild my packages for hardened builds issue, I > discovered (until now) a couple of libraries that result without > "Canary protection" according to output of 'checksec' tool. checksec is very unreliable, unfortunately. Most of

Re: [INPUT REQUESTED] Fedora Policy on generated code

On 12/18/2015 08:13 PM, Stephen Gallagher wrote: > * Code that was pre-generated by upstream may have been done with > build flags that differ from Fedora's own set of hardened and > optimized flags, resulting in a poorer experience (or less secure It might also be interesting to talk to people i

Re: Specs using %define

On 12/24/2015 10:01 PM, Jason L Tibbitts III wrote: > To satisfy my curiosity, I grepped the convenient tarball of specfiles > (http://pkgs.fedoraproject.org/repo/rpm-specs-latest.tar.xz) for lines > matching "(? there were more than 1900 hits. Your message would have benefited from a link to the

Re: Rules regarding whitespace inside .spec files

On 01/13/2016 08:24 AM, Luya Tshimbalanga wrote: > In general, leading whitespace is only allowed when making conditional > statement or using backslash like these following examples: > > --- Example #1 --- > %if (0%{?fedora} && 0%{?fedora} < 19) || (0%{?rhel} && 0%{?rhel} < 7) > --vendor="fe

Re: F24 System Wide Change: Golang 1.6

On 01/13/2016 12:56 AM, Peter Robinson wrote: > On Tue, Jan 12, 2016 at 5:30 PM, Matthew Miller > wrote: >> On Tue, Jan 12, 2016 at 01:31:30AM +, Peter Robinson wrote: >>> Will there be an ABI guaranteed beta or RC so that this can be >>> complete before branching as per the schedule [1]? All

Re: Debugging practices and hardened packages

On 01/14/2016 07:37 AM, Roman Tsisyk wrote: > Hi, > > Fedora enables hardened builds [1] by default. > This implies -fomit-frame-pointer -fstack-protector and -fPIE. > > [1]: https://fedoraproject.org/wiki/Packaging:Guidelines#PIE > > How it is supposed to be debugged by upstream developers? W

Re: ZFS on linux

On 01/14/2016 03:26 PM, Zach Villers wrote: > Now that Debian has added zfs support to their experimental branch; > https://ftp-master.debian.org/new/zfs-linux_0.6.4.2-1.html I don't know where you got this information. If a package is in NEW, it is not yet part of Debian. In fact, it means that

Re: Testing chrony seccomp support

On 01/18/2016 11:02 AM, Nikos Mavrogiannopoulos wrote: > As Florian suggested it makes more sense to compartmentalize chrony so > that only a small controlled part of it needs to run with seccomp. My > recommendation, if you want to use libraries in the filtered code, make > their authors aware of

Re: Testing chrony seccomp support

On 01/20/2016 01:12 PM, Nikos Mavrogiannopoulos wrote: > If you have complex structures to be transfered you may want to rely on > something automated to serialize/deserialize requests. That will > increase the code, but reduce the complexity. I've used protocol > buffers over unix sockets for tha

Re: nss_myhostname as default in Fedora

On 01/21/2016 11:18 PM, Orion Poplawski wrote: > PS - There is some other discussion around "mymachines" which seems much more > problematic. I'd like to just focus on myhostname for now. The glibc > maintainer has indicated that he wants to wait for mymachines to be resolved, > but it's almost

Re: nss_myhostname as default in Fedora

On 01/22/2016 10:45 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Fri, Jan 22, 2016 at 07:06:26PM +0100, Florian Weimer wrote: >> On 01/21/2016 11:18 PM, Orion Poplawski wrote: >> >>> PS - There is some other discussion around "mymachines" which seems much >

Re: nss_myhostname as default in Fedora

On 01/25/2016 03:23 PM, Lennart Poettering wrote: > On Mon, 25.01.16 09:08, Florian Weimer (fwei...@redhat.com) wrote: > >>> It is intended as a convenient fallback mechanism, and is only supposed >>> to have an effect if 'gateway' is not defined in the loca

Re: nss_myhostname as default in Fedora

On 01/26/2016 08:58 AM, Petr Spacek wrote: > So, please, do not push "gateway." or any other single-label name forward. It > will cause trouble sooner or later. I think “_gateway” or “gateway_” would work, despite being a single label. We could give this one priority over DNS, even. Florian -- d

Re: nss_myhostname as default in Fedora

On 01/26/2016 12:45 PM, Lennart Poettering wrote: > On Tue, 26.01.16 08:58, Petr Spacek (pspa...@redhat.com) wrote: > >> I disagree with your disagreement. We have only 1 shared namespace for this >> world, and like it or not, the root zone (and thus all single-label names in >> it) is managed by

Re: Crash caused by hardening flags

On 01/27/2016 05:44 AM, Michael Catanzaro wrote: > Hi, > > GNOME Chess in F23 has been crashing when promoting pawns. This is easy > to reproduce by turning off the computer player in Preferences, > starting a new game, and just moving pawns across the board. It turns > out to be due to our new ha

Re: IceCat-38.6 and GCC-6.0

On 01/29/2016 02:28 PM, Antonio Trande wrote: >> /usr/include/c++/6.0.0/cmath:615:11: error: '::isinf' has not >> been declared using ::isinf; ^ >> /usr/include/c++/6.0.0/cmath:640:11: error: '::isnan' has not >> been declared using ::isnan; ^ >> /builddir/build/BUILD/icecat-38.6.0/conf

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 01/29/2016 04:35 PM, Florian Festi wrote: > On 01/14/2016 01:08 PM, Richard W.M. Jones wrote: >> Yup - I'm curious about this as well. Using sqlite [for example] >> would solve the libguestfs issues I outlined in this thread, as well >> as using a format which is robust and proven rather than s

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 02/01/2016 10:59 AM, Richard W.M. Jones wrote: > Even if the RPM database is only accessed via librpm, it's still > important that the most central database present on every Fedora > system is reliable, well-tested and flexible. Sqlite is a highly > regarded piece of software, which runs on bi

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 02/01/2016 11:26 AM, Richard W.M. Jones wrote: > On Mon, Feb 01, 2016 at 11:13:08AM +0100, Florian Weimer wrote: >> On 02/01/2016 10:59 AM, Richard W.M. Jones wrote: >> >>> Even if the RPM database is only accessed via librpm, it's still >>> important tha

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 02/01/2016 11:43 AM, Richard W.M. Jones wrote: > On Mon, Feb 01, 2016 at 11:39:33AM +0100, Florian Weimer wrote: >> On 02/01/2016 11:26 AM, Richard W.M. Jones wrote: >>> On Mon, Feb 01, 2016 at 11:13:08AM +0100, Florian Weimer wrote: >>>> On 02/01/2016 10:5

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 01/31/2016 04:17 PM, Jonathan Underwood wrote: > On 29 Jan 2016 10:03 pm, "Richard W.M. Jones" wrote: >> >> >> FWIW I found the new database backend (not mentioned anywhere in the >> original submission). It is here: >> >> http://rpm.org/gitweb?p=rpm.git;a=tree;f=lib/backend/ndb >> >> Since

Re: F24 System Wide Change: Change Proposal Name NewRpmDBFormat

On 02/01/2016 02:55 PM, Petr Spacek wrote: > For the wider audience, some more information about LMDB backend for RPM can > be found in: > https://bugzilla.redhat.com/show_bug.cgi?id=1086784 > > In short: > - Maximum database size is just "sanity limit" set by application. It can be > hunderds of

<    1   2   3   4   5   6   7   8   9   10   >