Re: Do appdata files installed by a package do anything?

right? I suspect that's what causes testing challenges. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Granting a capability to a service

on in the systemd service and do everything capablity-related within the program. What am I missing? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraprojec

Re: Granting a capability to a service

specific use cases. It also interferes with built-in restarts of the service daemon (the restart would have to be performed by systemd). Ignoring the file copy overhead, (c) looks most promising. Thoughts? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedor

Re: Granting a capability to a service

On 07/20/2015 02:34 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Sat, Jul 18, 2015 at 10:42:43AM +0200, Florian Weimer wrote: >> Let's assume I want to start a service as an ordinary user, but allow to >> bind it to a privileged port. The program implementing the service do

Re: Granting a capability to a service

On 07/20/2015 04:21 PM, Steve Grubb wrote: > On Saturday, July 18, 2015 10:42:43 AM Florian Weimer wrote: >> Let's assume I want to start a service as an ordinary user, but allow to >> bind it to a privileged port. The program implementing the service does >> not mani

Re: Granting a capability to a service

t; code. Ugh, not really. Not if code creates threads before (the equivalent of) the main() function is called. glibc has code to deal with that (the setxid business). It is rather scary, but it does not cover capabilities (we could change that), and does not help with binaries which do not li

Re: Granting a capability to a service

libraries such as OpenSSL. (See nss_ldap vs nss_ldapd for reasons for this kind of process separation.) -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Granting a capability to a service

is causes the capability to end up in the P set, not the E set, which means that the application still needs to be capability to enable it. So it really doesn't help that much in the Go case, sadly. Although it is fairly close. -- Florian Weimer / Red Hat Product Securi

Re: Packaging with hidden strings

am but can't be shipped in the code because > everyone could then use these codes to look as this application. No, this is not possible. May be you could create a tool which simplifies obtaining suitable API keys and ship that instead? -- Florian Weimer / Red Hat Product Security -- deve

Re: About making noarch package arch specific, when contents differ.

to change that, called “reproducible builds”. The hard part is any reproducibility at all, identical noarch builds across architectures are likely just some additional work on top of it. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org ht

Re: [HEADS UP] rpm-4.12.90 in rawhide

ses single-character operators. Cross-distro consistency and > less confusion for people working on both Fedora and Debian is a plus. 1) and 2) contradict each other. In practice, “|“ in dependencies is not commutative due to virtual packages and buildd installation choices. --

Re: About making noarch package arch specific, when contents differ.

kages which do not comply to this rule are broken. Can you provide a citation in the guidelines? As far as I can tell, javadoc hasn't been patched not to put the build date into the resulting HTML documentation, so a lot of Java packages are not compliant with the above. -- Florian Weimer / R

Re: How to make .spec Requires for libXXX.so.VER

o.3 by specific BuildRequires and Requires to the .spec file. > > libXXX is librpm here but that is just a coincidence, it could be libz for > example. Why do you use dlopen for such essential system libraries? Why not link to them directly? -- Florian Weimer / Red Hat Product Security --

Re: How to make .spec Requires for libXXX.so.VER

anyway. If that's the only reason, going with DT_NEEDED seems fine. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Is it time to allow Chromium in Fedora?

cted in a user > writeable location as *no binary* whenever possible should have > permissions allowing a ordinary user to change them This is simply not the way how end users install original Mozilla Firefox binaries. -- Florian Weimer / Red Hat Product Security -- devel mailing list deve

Re: when DEP-3 compliant patches in Fedora?

I'm not sure if it's all that more helpful, to be honest. It does not follow DEP-3, sure, but neither do many other Debian packages. Even some critical server packages still do not have any broken-out patches at all. (In general, if there is no upstream to contribute such fixes

Re: when DEP-3 compliant patches in Fedora?

etely declarative patching. (I know it wont happen.) -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Symbol `SSL_ImplementedCiphers' has different size in shared object, consider re-linking

part of the ABI, but the symbol is. ELF keeps track of data here which is completely pointless. There is no way to obtain the actual size of the array from C, so I think the warning could be suppressed using a symbol alias with a constant size. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Symbol `SSL_ImplementedCiphers' has different size in shared object, consider re-linking

size), it will read past the end of the allocated portion? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Symbol `SSL_ImplementedCiphers' has different size in shared object, consider re-linking

On 09/04/2015 04:11 PM, Jakub Jelinek wrote: > On Fri, Sep 04, 2015 at 03:58:12PM +0200, Florian Weimer wrote: >> On 09/04/2015 03:49 PM, Jakub Jelinek wrote: >> >>> Clearly it is used by some programs, so it should be considered part of the >>> public API. If i

Re: Proposal to reduce anti-bundling requirements

ng libraries whose exported symbols have not been mangled in some way. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Proposal to reduce anti-bundling requirements

to compile the bundled library into a DSO (either by itself, or as part of a larger sub-component) will likely leak colliding symbols, unless special care is taken not to. If we expect more bundling, then we need an alternative to the current ELF linking model, IMHO. -- Florian Weimer /

Re: Proposal to reduce anti-bundling requirements

On 09/10/2015 05:40 PM, Daniel P. Berrange wrote: > Even if the problems did occur, the user is going to see it whether > they get the app from Fedora or from a 3rd party repo. Not necessarily. Even more bundling (everything except glibc) tends to fix it. -- Florian Weimer / Red Hat P

Re: rpmbuild - change sysconfdir

On 09/14/2015 09:52 AM, arnaud gaboury wrote: > For some practical reason, I want sysconfdir to be /etc/R, and not the > default /etc This will break quite a few RPM macros. Why, exactly, do you want to do this? -- Florian Weimer / Red Hat Product Security -- devel mailing list

Re: rpmbuild - change sysconfdir

On 09/14/2015 02:20 PM, arnaud gaboury wrote: > On Mon, Sep 14, 2015 at 2:03 PM, arnaud gaboury > wrote: >> On Mon, Sep 14, 2015 at 1:48 PM, Florian Weimer wrote: >>> On 09/14/2015 09:52 AM, arnaud gaboury wrote: >>>> For some practical reason, I want sys

Re: Proposal to reduce anti-bundling requirements

espaces first, and use that data to guide further evolution of dynamic linking. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Proposal to reduce anti-bundling requirements

, shared global state, and the locking works. The same issue will arise with any other library which implements sane locking semantics on top of POSIX fcntl locks. Such libraries will break if there are multiple copies in the same process and the same file is opened multiple times (even unlocked

Re: Proposal to reduce anti-bundling requirements

<https://github.com/fweimer/symboldb/blob/master/doc/examples/library-symbol-collisions.txt> (This query needs to check the symbol binding, LOCAL/LOCAL is okay.) Based on past experiment, I think that if we want to take collisions seriously, we need to define symbol namespaces, at least

Re: Freeimage 3.10 -> 3.17 upgrade, dealing with library incompatibility

unsigned for various size related parameters. The > soname was not changed, so this is an upstream error. Why doesn't abi_compliance_checker report this? Doesn't such a modification change the list of exported symbols due to C++ name mangling? -- Florian Weimer / Red Hat Product Securi

Re: [Fedora-packaging] RFC mass bug reporting: checksec failures

s must not overlap with a page that is read-write. checksec cannot check most of this, unfortunately. I don't know how .cmxs files are used. They seem similar to .so files, so the same rules apply. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproj

Re: Why packages sources are NOT mirrored?

ting a SRPM or source tarball from a CDN will likely trigger a local cache miss and a sluggish CDN-internal download. For my needs and my network location, the Fedora (and CentOS and Debian) mirror infrastructure offers significantly better performance than cdn.redhat.com. -- Florian Weimer / R

Re: [Fedora-packaging] RFC mass bug reporting: checksec failures

show that it is missing. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Proposal to reduce anti-bundling requirements

) and DSOs or between different DSOs. LD_PRELOAD is quite explicit in what it wants to do. What I'm really interested in is a use case where something pulls in a library with DT_NEEDED and relies on predictable linking order to override a specific symbol. We have cases where this happens, but

Re: Proposal to reduce anti-bundling requirements

On 09/15/2015 08:16 PM, Simo Sorce wrote: > On Tue, 2015-09-15 at 19:59 +0200, Florian Weimer wrote: >> On 09/15/2015 03:58 PM, Simo Sorce wrote: >> >>>> I'm not sure how difficult this would be because I'm not sure how many >>>> symbols rely

Re: python: dropping the .py files [was Re: Fedora 23 cloud image (and, for that matter, minimal anything)] bloat

* Matthew Miller: > On Thu, Sep 24, 2015 at 10:10:40AM +0200, Vít Ondruch wrote: >> Also, you might consider to ship the precompiled bytecode just >> optionally, using recommends. >> >> On contrary, if you insist on shipping the bytecode, why you don't drop >> the .py files? I see a lot of duplic

Re: bugzilla search missing fields; can't find if F21 dracut bug filed lately

On 10/01/2015 09:38 AM, Felix Miata wrote: > Is anybody else bothered by the latest BZ changes? Where does one select the > Fedora release to limit search results to? Under Custom Search: https://bugzilla.redhat.com/buglist.cgi?classification=Fedora&component=dracut&f1=version&list_id=3919791&o1=

Re: unsigned char vs. signed char

ough that I went digging in the gcc source to find the answer for all platforms: http://ajax.fedorapeople.org/is-char-signed-or-not.txt Any idea why aarch64 and ppc64le got this wrong? (Signed chars were at the top of my list of proposed ABI fixes for ppc64le. *sigh*) -- Florian Weimer

Re: unsigned char vs. signed char

On 07/16/2014 11:00 AM, Jakub Jelinek wrote: On Wed, Jul 16, 2014 at 10:55:57AM +0200, Florian Weimer wrote: On 07/15/2014 07:22 PM, Adam Jackson wrote: On Tue, 2014-07-15 at 10:40 -0600, Orion Poplawski wrote: Did you know that "char" defaults to "signed char" on x86 bu

Re: Expanding the list of "Hardened Packages"

On 04/04/2013 11:16 AM, Jakub Jelinek wrote: On Thu, Apr 04, 2013 at 10:59:41AM +0200, Florian Weimer wrote: On 04/04/2013 10:42 AM, Jakub Jelinek wrote: I think a similar optimization would be possible for access to global variables because ld could compute the final layout of all global

Re: BerkeleyDB 6 symbol versioning and associated problems

quot;” <https://blogs.oracle.com/berkeleydb/entry/berkeley_db_12cr1_12_1> -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: HEADSUP: json-c SONAME BUMP

nsson. The json-c/json-glib collisions actually materialize in existing binaries. Removing some symbols seems kind of unavoidable, but it is obviously best to bundle all this into a single soname bump. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraprojec

Re: Problems with Ghostscript license switched to AGPL?

to legal@. I think the interpretation in Fedora land is that the AGPL does not affect Fedora users who run Fedora software without making any changes because the special restriction on top of the GPLv3 only applies to licensees who make modifications to the software. -- Florian Weimer / Red Hat

Re: The GNU C Library will be rebased in F21 to match glibc 2.20.

minimal concern and it turns out they were wrong. And we couldn't have avoided that if we used only released glibc versions in rawhide because the 2.19 release had the ABI change, too. It wasn't just in the git master branch. -- Florian Weimer / Red Hat Product Security --

Contacting the Ocaml maintainers

What is the recommended way to contact the Ocaml maintainers? There is a systematic packaging bug which introduces unusable i686 packages into the x86_64 compose, and despite repeated messages to ocaml-devel, I did not receive a response:

Re: How to decode/debug this TeXLive error message?

27;s only a warning, “No file version.tex.” in the build log, the build doesn't stop with an error at this point. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Finding all the source packages that include a copy of valgrind.h

pendencies already installed. :-( -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Request for testers: glibc update to work around Intel TSX errata microcode_ctl problems.

x27;t know. Maybe even Intel doesn't know. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Go packaging

with complete impunity. And some of those guidelines fall far short of what's being demanded from Go packages. Go is held to absurdly high standards, and there's no clear reason for that. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedorapr

Re: Go packaging

On 09/30/2014 10:53 AM, Pierre-Yves Chibon wrote: On Tue, Sep 30, 2014 at 10:37:46AM +0200, Florian Weimer wrote: On 09/29/2014 08:54 PM, Haïkel wrote: Currently, there is *no* golang packaging guidelines approved, so we shouldn't have accepted golang packages in the first place. I

Re: Dash as default shell

t likely to work. If we are not satisfied with bash, I think we are all better off with improving bash. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Dash as default shell

, e.g. arguments to “rm -f”. We could patch rpmbuild to run them using bash instead, but this example makes it very doubtful to me that Ubuntu and Debian have already done all the hard work for us. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org

Re: Dash as default shell

Move don't have /usr/bin/bash. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Dash as default shell

On 10/04/2014 06:03 PM, Zdenek Kabelac wrote: We still have universal: #/usr/bin/env bash Sadly, some systems have /bin/env, but not /usr/bin/env. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo

Re: fedora-review: 'Illegal return' warnings

needs exported functions, the function definitions are sourced as needed, so they don't have to be in the environment. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduc

Re: fedora-review: 'Illegal return' warnings

On 10/05/2014 05:15 PM, Florian Weimer wrote: On 10/04/2014 10:18 PM, Alec Leamas wrote: Hm seems that recent bash patch to fix the shellshock problem introduces this. Fedora-review relies on exported shell functions (export -f) and the bash fix changes the syntax for exported functions in

Re: Go packaging

On 10/03/2014 04:20 PM, Vincent Batts wrote: Are you saying that upstream or fedora is holding absurdly high standards? Fedora. Upstream doesn't address these issues at all. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org

Re: mock-1.2 released (new features)

. for browsing/searching/indexing, or preparing a patch to be added to the spec file). -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Join to Mozilla Location Service in Fedora

ation. I think if you opt not to use this data to determine your own location, it is still reported to Google to improve accuracy for those who use Google's location services. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject

Re: Spec file - build requires systemd

he definition of systemd-related RPM macros: <https://fedoraproject.org/wiki/Packaging:Systemd#Filesystem_locations> -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: some differences between "doc" stuff and "license" stuff

e queried from the RPM database. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Why -mtune=atom?

=generic” or the GCC default, shouldn't GCC be fixed? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Why -mtune=atom?

On 03/12/2015 04:56 PM, Stephen John Smoogen wrote: > On 12 March 2015 at 07:02, Florian Weimer wrote: > >> The default CFLAGS set by RPM include “-mtune-atom”. >> >> Why? I doubt Atom CPUs are Fedora's primary target. It's not even a >> documented GCC

Re: Harden_all_packages_with_position-independent_code + guile modules

ave to consult this page, so I tried to explain what the specs files do in some detail. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Harden_all_packages_with_position-independent_code + guile modules

ame thing, and I was told, no, PIE itself alters symbol resolution. Is this true or not? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Harden_all_packages_with_position-independent_code + guile modules

nfo.flags |= (bfd_vma) DF_BIND_NOW; link_info.flags_1 |= (bfd_vma) DF_1_NOW; } else if (strcmp (optarg, "lazy") == 0) { link_info.flags &= ~(bfd_vma) DF_BIND_NOW; link_info.flags_1 &= ~(bfd_vma) DF_1_NOW; } -- Florian Weimer / R

Re: Harden_all_packages_with_position-independent_code + guile modules

On 03/18/2015 02:54 PM, Nikos Mavrogiannopoulos wrote: > Any advise from the change owners? How should applications that use > modules with undefined systems should handle that? What semantics do you expect from the undefined symbol? -- Florian Weimer / Red Hat Product Security --

Re: hardening breaks X.org

makes bind now override RTLD_LAZY options, and the X server relies > on the RTLD_LAZY on its drivers being lazy. Why is that? (I'm just collecting corner cases for ld.so oddities.) -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fed

Re: F22 Self Contained Change: Disabled Repositories Support

f security (eventually making Android-style locked bootloaders). -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Texlive packaging

* Matthew Miller: > On Fri, Mar 27, 2015 at 08:28:21PM +0100, drago01 wrote: >> Actually "machine generated" isn't per se bad ... it saves a lot of >> effort and should be done more (for other packages too where >> possible). >> Why waste man power for something that can be automated? >> >> As f

Re: Roaming, and libresolv being stuck in the 1980's mindset

time to live, > then it would be doing it wrong. There is a widespread belief that web browsers have to do that to counter certain vulnerabilities (the exploit technique is sometimes called “DNS rebinding”). -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists

Re: nettle, gnutls: soname version bump in rawhide

BI compat package for this if >> you agree it makes sense? > > From my point of view, this is a great idea. Without a compat package > we can expect weeks of pain. Nettle doesn't use symbol versions, so having two versions of that library in the same process could have inter

Re: why does -flto remove stack-protector

On 04/27/2015 09:28 PM, Reindl Harald wrote: > why are shared libraries with -flto no longer have stack protection? You need to provide details how you perform the final link, otherwise this question is impossible to answer. -- Florian Weimer / Red Hat Product Security -- devel mailing l

Re: Orphaning 'nss_compat_ossl'

verification. On top of that, you get all the NSS problems: The public NSS API makes supporting STARTTLS rather difficult. NSS has even more global state than OpenSSL, and as a result is quite problematic as an internal dependency. Please do not use nss_compat_ossl. Seriously. -- Florian Weimer

Re: Including tlp in Fedora Workstation by default

ow us to set certain features differently > on Workstation compared to Server/Cloud or non-product. (This would > still probably mean shipping things like the USB autosuspend disabled, > due to the other effects it can have). Doesn't tuned already do something similar to this? --

Re: F23 System Wide Change: Default Local DNS Resolver

lver, >> this Just Works (tm). With the status quo, it requires restarting >> everything > > WHAT - the opposite is true, Andrew is right, glibc caches the name server *settings* (/etc/resolv.conf contents), but not the responses received. The recommended workaround is to use n

Re: F23 System Wide Change: Default Local DNS Resolver

acheable DNS query may be non-negligable for some use cases. A local > caching resolver fixes that, too. Right, and it isolates resolvers from the impact of buggy application which enter an infinite loop if a service becomes unavailable (i.e., they do a new DNS lookup for each refused TCP con

Re: F23 System Wide Change: Default Local DNS Resolver

ies are, in fact, a problem which should be solved at the client side. But Firefox certainly has some caching mechanisms intended to help against that (but I'm not sure how reliable they are in preventing the issue, e.g. if you use a web proxy). -- Florian Weimer / Red Hat P

Build-essential packages (was: Re: [Guidelines change] Changes to the packaging guidelines)

also give us a central place where we can fix breakage due to missing packages in build roots because a significant fraction of packages got a build-required package through an indirect dependency. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org ht

Re: Unison in Fedora

s we're stuck with the old branches in separate packages as > now. Another option would be to press upstream to support Unison across trust boundaries, which would imply fixing the serialization protocol first (it is currently horribly unsafe). -- Florian Weimer / Red Hat Pr

Re: Unison in Fedora

use years. lvm2 uses it as well, so we can assume this functionality is actually pretty well-tested. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: DNSSEC/unbound -> boingboing.net failures

or which a secure answer is expected with a constant source port. -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Has something changed with RPMS?

* Panu Matilainen: > Lets start with the basics: > - is sqlite even involved - it will only be used on rawhide builds if > mock bootstrap is used > - does it make a difference if you override _db_backend to bdb/sqlite > from mock config / cli define > - a reproducer please (eg, what package is con

Re: Fedora 33 System-Wide Change proposal: CompilerPolicy Change

* Igor Raits: > From what I see, GCC supports it on x86, x86_64, s390x, riscv64, > ppc64le. So this just does not include ARM / AArch64 from Fedora > architectures. GCC has aarch64 support for stack-clash-protection, but it only works well with 64K pages (otherwise detection is not reliable). Th

Re: Fedora 33 System-Wide Change proposal: CompilerPolicy Change

* Jeff Law: > I'm not suggesting switching the default. I'm suggesting the compiler > choice be made by the upstream projects. Some prefer LLVM, others > prefer GCC. Fedora should get out of the way and use the same tools > that the upstream projects are using. Do we know how many upstream pro

Re: Fedora 33 System-Wide Change proposal: CompilerPolicy Change

* Ben Cotton: > https://fedoraproject.org/wiki/Changes/CompilerPolicy > > == Summary == > Fedora has historically forced packages to build with GCC unless the > upstream project for the package only supported Clang/LLVM. This > change proposal replaces that policy with one where compiler selectio

Re: devel Digest, Vol 196, Issue 58

* Jeff Law: > As we both know, GCC has had ABI bugs as well. Both compilers strive > to be ABI compatible with each other and we should continue to work > together to find and address such issues. SImilarly both compilers > are going to have codegen issues, or rejects-valid-code bugs. > Ultimate

Re: Is there an official Fedora for WSL?

* Iñaki Ucar: > On Mon, 8 Jun 2020 at 07:12, Gordon Messmer wrote: >> >> > - I found that [1] does a pretty good job replacing /usr/bin/systemctl >> > [1] https://github.com/gdraheim/docker-systemctl-replacement >> >> I only use WSL for an interactive shell, so I haven't needed to do much >> of a

Re: Announcement: Aim to remove libdb-java from Fedora-rawhide

* Ondrej Dubaj: > we are aiming to remove libdb-java package from Fedora-rawhide, as we > are currently preparing for jdk update from jdk-1.8 to jdk-11 in > Fedora rawhide. The problem is that we are unable to rebuild this > package with jdk-11. It is still possible to "hack" it and rebuild it > w

Re: Announcement: Aim to remove libdb-java from Fedora-rawhide

* Ondrej Dubaj: > The problem is unknown runtime behaviour of libdb-java (build with > jdk-1.8, as it is unable to build with jdk-11) with JVM-11. Are you an > active user of libdb java ? I am not. Upon second thought, it doesn't seem to make sense to preserve libdb-java (although I expect that

Re: [fedora-java] Re: Announcement: Aim to remove libdb-java from Fedora-rawhide

* Jiri Vanek: > Is there some replacemnt for this subpackage? At least theoretical? For the JDBC connector to SQLite, there's sqlite-jdbc and javasqlite. But the on-disk format will be different. For the key-value store, there is the je package, but again the on-disk format is different. Thanks

Re: undefined symbol: pthread_getattr_np, version GLIBC_2.32

* Igor Raits: > I built gitui in koji (f33) yesterday and tried to run it on my laptop > with Fedora Rawhide today and it does not work: > > gitui: symbol lookup error: gitui: undefined symbol: > pthread_getattr_np, version GLIBC_2.32 > > Did anybody see something similar in other applications? An

Re: undefined symbol: pthread_getattr_np, version GLIBC_2.32

* Igor Raits: > On Tue, 2020-06-16 at 18:39 +0800, 西木野羰基 wrote: >> Could please check what version of glibc has been installed during >> mock build? I can;t find the logs or the build artifacts. >> But by checking other build yesterday I can found that glibc in koji >> build is newer than the one

Re: Packaging firmwares

* Robert-André Mauchin: > I have a review request for a firmware: Boot firmware (ATF, UEFI...) for > Mellanox BlueField: > > https://bugzilla.redhat.com/show_bug.cgi?id=1846139 > > I would like some opinions on whether this is acceptable firmware. The > binary contains open source code for which

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

* Josef Bacik: > As for your ENOSPC issue, I've made improvements on that area. I > see this in production as well, I have monitoring in place to deal > with the machine before it gets to this point. That being said if > you run the box out of metadata space things get tricky to fix. > I've been

Re: Packaging firmwares

* Richard Hughes: > On Fri, 26 Jun 2020, 22:21 Florian Weimer, wrote: > > Is FirmwareUpdate.efi really firmware in Fedora's sense? Won't it run > on the host CPU? > > This is flashed hardware!? Can't mellanox just use the LVFS to > distribute firmware rat

Re: User experience issue on btrfs

* Chris Adams: > Once upon a time, John M. Harris Jr said: >> XFS proved to be troublesome, and still is up to the latest of RHEL7. It's >> not >> uncommon to have to run xfs_repair on smaller XFS partitions, especially / >> boot. I'm not sure if btrfs has the same issue there? > > [citation ne

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

* Josef Bacik: > That being said I can make btrfs look really stupid on some workloads. > There's going to be cases where Btrfs isn't awesome. We still use xfs > for all our storage related tiers (think databases). Performance is > always going to be workload dependent, and Btrfs has built in ov

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

* Solomon Peachy: > On Mon, Jun 29, 2020 at 11:33:40AM +0200, Florian Weimer wrote: >> Just to be clear here, the choice of XFS here is purely based on >> performance, not on the reliability of the file systems, right? >> (So it's not “all the really important data

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

* Steven Whitehouse: > On 27/06/2020 11:00, Florian Weimer wrote: >> * Josef Bacik: >> >>> As for your ENOSPC issue, I've made improvements on that area. I >>> see this in production as well, I have monitoring in place to deal >>> with the machine

Re: The future of legacy BIOS support in Fedora.

* Jóhann B. Guðmundsson: > Given Hans proposal [1] introduced systemd/grub2/Gnome upstream > changes it beg the question if now would not be the time to stop > supporting booting in legacy bios mode and move to uefi only supported > boot which has been available on any common intel based x86 platf

  1   2   3   4   5   6   7   8   9   10   >