Installation image layout

tps://reproducible-builds.org/specs/source-date-epoch/ -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? signature.asc Description: PGP signat

Re: Installation image layout

On Fri, Oct 12, 2018 at 03:44:38PM -0600, Chris Murphy wrote: > On Fri, Oct 12, 2018 at 4:30 AM, Marek Marczykowski-Górecki > wrote: > > On Thu, Oct 11, 2018 at 09:24:08PM -0600, Chris Murphy wrote: > >> Why does efiboot.img have a 32MiB limit? > > > > Because &qu

Re: Installation image layout

On Thu, Oct 11, 2018 at 09:24:08PM -0600, Chris Murphy wrote: > On Thu, Oct 11, 2018 at 6:37 PM, Marek Marczykowski-Górecki > wrote: > > Hi all! > > > > I'm new on this list. I work on Qubes OS, where Fedora is used as a base > > distribution. > > > > Wh

Re: Installation image layout

em Wide" Change, or what should specifically be listed in "Scope". If IRC would be more appropriate for such discussion, that's fine for me too. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in w

Re: CVE-2018-14665 : Xorg X Server Vulnerabilities

> named Xwayland running as well. This CVE affects the X server named > Xorg. If I understand this CVE correctly, it doesn't matter what X server is running (if any at all). Do matter what setuid-root Xorg binary is installed (or not). -- Best Regards, Marek Marczykowski-Górecki Invisible Things

Re: Unretire osslsigncode

On Tue, Jun 04, 2019 at 08:20:50AM -0400, Neal Gompa wrote: > On Tue, Jun 4, 2019 at 8:16 AM Florian Weimer wrote: > > > > * Marek Marczykowski-Górecki: > > > > > I'd like to request unretire osslsigncode[1]. Originally it was retired > > > becau

Unretire osslsigncode

] https://github.com/mtrojnar/osslsigncode [3] https://bugzilla.redhat.com/show_bug.cgi?id=1424037#c9 [4] https://koji.fedoraproject.org/koji/taskinfo?taskID=35260552 -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text

Re: Repository metadata signing?

re any dnf command similar to `rpm --import`, to preemptively import the key, or the only option is to accept the prompt? I can't find anything about it in dnf's man page... -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally

Repository metadata signing?

reduce damage in case of metalink-hosting server compromise. I don't know much about Fedora infrastructure, but perhaps there is still something I could help with? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1868639 -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because

Fedora Security Team

system. [1] https://oss-security.openwall.org/wiki/mailing-lists/distros#linux-distribution-security-contacts-list -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing

Re: Fedora Security Team

i?bug_status=__open__=Fedora=Fedora_format=advanced_desc=CVE_desc_type=allwordssubstr -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? signature.as

Re: Repository metadata signing?

On Tue, Nov 03, 2020 at 12:24:45AM -0500, Neal Gompa wrote: > On Tue, Nov 3, 2020 at 12:16 AM Marek Marczykowski-Górecki > wrote: > > Is it possible to enable the first one, but leave the second to the > > user, until DNF is adjusted for better UX around the keys? That would >

Re: Repository metadata signing?

and pungi developers (links to the issues on those in the > infra ticket). I'll look into it. I am vaguely familiar with pungi code, but not so much with robosignatory. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read

Re: Reproducible builds

e in a binary RPM - a build output. In fact, Archlinux does exactly that (in their package format). If it would be in an SRPM, then you'd need to rebuild/modify SRPM _after_ building binary RPMs, which feels wrong... Does it make sense? -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab si

Re: Reproducible builds

On Thu, Feb 04, 2021 at 10:56:43PM -0500, Neal Gompa wrote: > On Thu, Feb 4, 2021 at 9:23 PM Kevin Fenzi wrote: > > > > On Fri, Feb 05, 2021 at 12:17:28AM +0100, Marek Marczykowski-Górecki wrote: > > > > > > Does it make sense? > > > > That d

Grub2 patches in Fedora

ust nobody had time to do it? If the latter, can I help with this somehow? -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubs

Re: Xen support dead?

> > One would hope that filed bugs would get addressed, then. > But, not here. Fair enuf. Actually, the buggy file (/etc/grub.d/20_linux_xen) belongs to the grub2 package, so the bug is assigned to a wrong package. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab signatur

Re: Fedora 34 Change: DNF/RPM Copy on Write enablement for all variants (System-Wide Change)

e "oh, we've found a bug in an update system, so you need to execute this very part that is vulnerable to get it fixed". -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab signature.asc Description: PGP signature ___ devel mailing lis

Re: Reproducible builds

ckages for different archs). Alternatively, -debuginfo repo, but that feels weird. > But all this is getting a bit ahead. Someone needs to come up with the > contents and tools to make/read/do cool things with them first. :) There is one in progress already: https://git

deltarpm usefulness?

of the [HTTPS connection to] mirrors.fedoraproject.org server (or any of CAs trusted by the system) - a rather fragile single point of failure. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab signature.asc Description: PGP signature

Re: deltarpm usefulness?

whole DigiCert (or other single CA), but personally I think the downsides overweights the benefits And this is just about the connection part, not about integrity of the server itself... BTW, I do hope that signing keys are stored somewhere else. -- Best Regards, Marek Marczykowski-G

Re: Suggestion: Use a unified kernel image by default in the future.

ed safe kernel cmdline (perhaps even hardcoded into kernel binary), while still being able to instruct initrd where to look for the root fs. Of course, initrd would need to be careful about parsing this piece of information (probably having some allowlist of options allowed in this case), but that's

Re: F38 proposal: Reproducible builds: Clamp build mtimes to $SOURCE_DATE_EPOCH (System-Wide Change proposal)

> > > We've discussed an RPM-specific format upstream. Debian and Arch both > have their own formats that are tailored to their package systems, and > RPM may have one too, eventually. For context, the discussion is here: https://github.com/rpm-software

Re: DNF5: Checking signatures of packages installed out of a repository?

ect by authenticating the source of the > > package, but they also verify the package integrity to protect against > > file corruption. > > > > Whatever inconvenience there is for users who build their own RPMs to > > add an explicit --nogpgcheck to a command-line, I th

Re: Possible deprecation/removal of Initial Setup from Fedora

t daemon and few others) and it's very annoying and fragile to do that from inside chroot. So, we do have a use case for Initial Setup. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab signature.asc Description: PGP signature -- ___ de