[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-22 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #36 from Simone Caronni  ---
I've tested with a few wallets and everything is fine, no conversion needed.

Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-7.fc32.src.rpm

* Wed Jul 22 2020 Simone Caronni  - 0.20.0-7
- Use libdb 5.x instead of deprecated 4.x. Fixes build on RHEL/CentOS 8.

Room for improvements:
- Rework SELinux policy


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-21 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #35 from Simone Caronni  ---
Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-6.fc32.src.rpm

* Tue Jul 21 2020 Simone Caronni  - 0.20.0-6
- Update systemd unit.
- Update configuration options.
- Declared bundled libraries/forks.

Room for improvements:
- Rework SELinux policy
- Check about bundling libdb4 (deprecated everywhere in Fedora, not available
in EPEL), upstream accepts any libdb versions for building but wallets are not
compatible across different libdb versions and need to be converted. Debian
builds with the latest libdb:
https://salsa.debian.org/cryptocoin-team/bitcoin/-/blob/master/debian/rules#L31

I've run out of procrastination items for the SELinux policy :D


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-21 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #34 from Simone Caronni  ---
I'll be away from the 25th of July for holidays until the 17th of August.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-21 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #33 from Simone Caronni  ---
(In reply to Björn Persson from comment #32)
> Thank you for adding the signature verification, but you're still using HTTP
> instead of HTTPS in URL and Source20 for no reason I can see.

Just forgot it to change it in %url which get expanded in the Source20 line.

Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-5.fc32.src.rpm

More cleanups:

* Tue Jul 21 2020 Simone Caronni  - 0.20.0-5
- Use HTTPS for url tag.
- Reorganize sources. Add cleaned files from the packaging repository directly;
  bash completion snippets are now supported in the main sources.
- Move check section after install and include desktop file validating in
  there.

Room for improvements:
- Check hardening measures for the systemd unit (differences between the
various distributions).
  Ex.:
https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service#L53-L74
- Rework SELinux policy
- Check about bundling libdb4 (deprecated everywhere in Fedora, not available
in EPEL), upstream accepts any libdb versions for building but wallets are not
compatible across different libdb versions and need to be converted. Debian
builds with the latest libdb:
https://salsa.debian.org/cryptocoin-team/bitcoin/-/blob/master/debian/rules#L31


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-19 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #32 from Björn Persson  ---
Thank you for adding the signature verification, but you're still using HTTP
instead of HTTPS in URL and Source20 for no reason I can see.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-19 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #31 from Simone Caronni  ---
Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-4.fc32.src.rpm

* Sun Jul 19 2020 Simone Caronni  - 0.20.0-4
- Fix tests on RHEL/CentOS 7.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-18 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #30 from Simone Caronni  ---
Thanks, I've added signature verification which is a bit from all comments
above.
The packaging guidelines are pretty clear about signatures, so:

- Key is downloaded from the keyserver (as also suggested by upstream) and
instructions are in the SPEC file.
- Key is added to the Fedora SCM (aka it's in git).
- Detached signed checksum is in the lookaside cache (aka it's in the sources
file).
- Since /usr/lib/rpm/redhat/gpgverify (aka %gpgverify) does not support signed
sums files I've replaced it with gpgv2/sha256sum commands.

I will also add the SHA256UM.asc file in the .gitignore file once approved so
there is no chance that the hashed checksum gets into SCM and can only go into
the lookaside cache.

Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-3.fc32.src.rpm

* Sat Jul 18 2020 Simone Caronni  - 0.20.0-3
- Add signature verification.
- Trim changelog.
- Fix typo in the libs description.

I will start working on the SELinux part hopefully soon (terribly busy in real
life).


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-10 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #29 from Oleg Girko  ---
(In reply to Björn Persson from comment #28)
> (In reply to Oleg Girko from comment #27)
> > I think, the main PGP public key's checksum should be embedded into spec
> > file and checked against to make sure all re-downloaded sources are correct.
> 
> That wouldn't hurt. You would want a GnuPG command – or a series of commands
> – to verify that the given keyring contains a key with the given
> fingerprint, and also that it doesn't contain any other keys. Can you
> propose such a command? Don't forget to ensure that GnuPG will look only in
> the specified keyring even if the user has a default keyring.

Something like this in %prep section:

echo 123456789abcdef... %{SOURCE12} | sha256sum -c


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-10 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #28 from Björn Persson  ---
(In reply to Oleg Girko from comment #27)
> What about those who want to re-build the package from the spec file

I would recommend rebuilding from the source RPM package. Rebuilding from only
a spec isn't possible in the general case. Many packages have patches, and
sometimes there is no working URL to a source. Those will be missing if you try
to rebuild from only the spec.

> I think, the main PGP public key's checksum should be embedded into spec
> file and checked against to make sure all re-downloaded sources are correct.

That wouldn't hurt. You would want a GnuPG command – or a series of commands –
to verify that the given keyring contains a key with the given fingerprint, and
also that it doesn't contain any other keys. Can you propose such a command?
Don't forget to ensure that GnuPG will look only in the specified keyring even
if the user has a default keyring.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-08 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #27 from Oleg Girko  ---
(In reply to Björn Persson from comment #26)
> (In reply to marco from comment #25)
> > Source12 simply downloads the key from
> > https://bitcoin.org/laanwj-releases.asc without checking the hash or
> > fingerprint, so there is no way to detect changes. What am I missing?
> 
> You're missing the fact that RPMbuild doesn't download anything and the Koji
> builders are isolated from Internet access. All sources and patches are
> taken from the Fedora Project's Git repository and lookaside cache, and
> change only when a package maintainer uploads a new file. Our source file
> verification policy says that the keyring shall be committed to Git:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/
> #_source_file_verification
> 
> The URL is there to document where the keyring came from, so that anyone can
> download it and verify that it's identical to the one in Git.

This looks too dependent on Fedora infrastructure.
What about those who want to re-build the package from the spec file on their
computer (and download all necessary sources using spectool)?
What about those who want to re-build the package using OBS and download_files
source service?
I think, the main PGP public key's checksum should be embedded into spec file
and checked against to make sure all re-downloaded sources are correct.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-08 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #26 from Björn Persson  ---
(In reply to marco from comment #25)
> Source12 simply downloads the key from
> https://bitcoin.org/laanwj-releases.asc without checking the hash or
> fingerprint, so there is no way to detect changes. What am I missing?

You're missing the fact that RPMbuild doesn't download anything and the Koji
builders are isolated from Internet access. All sources and patches are taken
from the Fedora Project's Git repository and lookaside cache, and change only
when a package maintainer uploads a new file. Our source file verification
policy says that the keyring shall be committed to Git:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification

The URL is there to document where the keyring came from, so that anyone can
download it and verify that it's identical to the one in Git.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-08 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #25 from marco  ---
> packagers must be very careful when a release-signing key changes

Source12 simply downloads the key from https://bitcoin.org/laanwj-releases.asc
without checking the hash or fingerprint, so there is no way to detect changes.
What am I missing?

> To my slight surprise I found that the tarball from Github is identical to 
> the one on bitcoin.org (and on bitcoincore.org)

I think this is only a coincidence for the 0.20.0 release. All other releases
should not match, which is why I assumed the download sources are identical.

> I don't see any statement that Hockeypuck has a solution to the spam attack

Good point, personally I can recommend
https://keys.openpgp.org/vks/v1/by-fingerprint/01EA5486DE18A882D4C2684590C8019E36C2E964,
which claim to be resistant to those attacks (
https://keys.openpgp.org/about/faq#sks-pool )

Not sure, but keyserver.ubuntu.com might have solved the attack by disabling
key updates, which could lead to problems should the key ever be revoked.

Though generally, as long as the fingerprint matches, it should be possible to
download the key from any source with reliable uptime.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-08 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #24 from Björn Persson  ---
(In reply to marco from comment #23)
> If you fetch the key from the same website the binaries are taken from,
> there is no security. Anyone replacing the binaries can trivially replace
> the key.

That would be true if the upstream project would generate a new key for every
release, and also wouldn't sign their keys.

When a new release is signed with the same key that the developers have been
using for years, then that increases our confidence that it is from the same
source as all the previous releases. When a key needs replacing, then the
project can maintain continuity by signing the new key with the old key. We
packagers must be very careful when a release-signing key changes, and not
blindly replace the key like we replace a tarball.

In this particular case you're also off the mark because my patched spec
*doesn't* fetch the key from the same website as the binaries. To my slight
surprise I found that the tarball from Github is identical to the one on
bitcoin.org (and on bitcoincore.org). If that's reliable, then we can improve
security by fetching the tarball from Github and the signed checksum file from
bitcoin.org or bitcoincore.org, and verifying them with the key we already
have. An attacker will then have to acquire the secret key and compromise
*both* websites before they can sneak malicious changes past the verification
step.

> Also, bitcoincore.org is the official download site (bitcoin.org is a mirror
> site unrelated to the Bitcoin Core project).

In that case the URL field in the package should also point to
https://bitcoincore.org/en/about/.

> The instructions recommend to fetch the key based on its fingerprint
> (01EA5486DE18A882D4C2684590C8019E36C2E964).

Hmm, they refer to keyserver.ubuntu.com, which runs Hockeypuck. I don't see any
statement that Hockeypuck has a solution to the spam attack
(https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f) that led to
keys.fedoraproject.org being turned off
(https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/message/COEYWJBQDAWRSYNQW7Y7TD2EKEGBWOAY/)
in February this year. If it doesn't then you expose yourself to a denial of
service when you fetch from the keyserver.

In case somebody thinks that fetching a key from a keyserver is more secure
than fetching it from the project's website: It's not, because anyone can write
somebody else's name on a key and upload it to a keyserver. Only the
fingerprint ensures that you get the right key, and someone who can replace
files on the project's website can replace the fingerprint too.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-08 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #23 from marco  ---
If you fetch the key from the same website the binaries are taken from, there
is no security. Anyone replacing the binaries can trivially replace the key.

Also, bitcoincore.org is the official download site (bitcoin.org is a mirror
site unrelated to the Bitcoin Core project). So I recommend to use the steps to
verify from their download page: https://bitcoincore.org/en/download/

The instructions recommend to fetch the key based on its fingerprint
(01EA5486DE18A882D4C2684590C8019E36C2E964).


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-06 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Björn Persson  changed:

   What|Removed |Added

 CC||bj...@xn--rombobjrn-67a.se



--- Comment #22 from Björn Persson  ---
Cryptocurrency wallets are very juicy targets for criminals, so it's paramount
that you do everything you can to prevent and detect attempts to inject malware
into the package.

First, never use insecure HTTP if HTTPS is available.

Second, verify upstream's signature before unpacking the tarball. Unfortunately
they sign it in an indirect way that our handy verifier script doesn't expect.
That makes the verification code a bit tricky, so I have written it for you.

These are the changes you need to make:

--- bitcoin.spec.old2020-06-30 12:57:18.0 +0200
+++ bitcoin.spec2020-07-06 15:48:51.656323998 +0200
@@ -7,9 +7,9 @@
 Release:2%{?dist}
 Summary:Peer to Peer Cryptographic Currency
 License:MIT
-URL:http://bitcoin.org/
+URL:https://bitcoin.org/

-Source0:   
http://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0:   
https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:%{name}-tmpfiles.conf
 Source2:%{name}.sysconfig
 Source3:%{name}.service
@@ -20,12 +20,16 @@
 Source8:README.server.redhat
 Source9:README.utils.redhat
 Source10:   README.gui.redhat
+Source11:   https://bitcoin.org/bin/bitcoin-core-%{version}/SHA256SUMS.asc
+Source12:   https://bitcoin.org/laanwj-releases.asc

 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  boost-devel
 BuildRequires:  checkpolicy
 BuildRequires:  desktop-file-utils
+BuildRequires:  gnupg2
+BuildRequires:  grep
 BuildRequires:  java
 BuildRequires:  libdb4-cxx-devel
 BuildRequires:  libevent-devel
@@ -76,7 +80,7 @@
 may be used by third party software to provide consensus verification
 functionality.

-Unless you know need this package, you probably do not.
+Unless you know you need this package, you probably do not.

 %package devel
 Summary:Peer-to-peer digital currency
@@ -126,6 +130,15 @@
 need this package.

 %prep
+gpgworkdir="$(mktemp --directory)"
+# Decode the ASCII armor on the keyring.
+gpg2 --homedir="${gpgworkdir}" --yes --output="${gpgworkdir}/keyring.gpg"
--dearmor '%{SOURCE12}'
+# Verify the signature on the checksums file using the decoded keyring.
+gpgv2 --homedir="${gpgworkdir}" --keyring="${gpgworkdir}/keyring.gpg"
'%{SOURCE11}'
+# Verify the tarball using the checksums file minus the signature.
+( cd '%{_sourcedir}' && grep bitcoin '%{SOURCE11}' | sha256sum --check
--ignore-missing - )
+rm --recursive --force ${gpgworkdir}
+
 %autosetup -a 4 -p1
 mv packaging-*/debian/* contrib/debian/


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-01 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #21 from Daniel Walsh  ---
Don't think you have to build multiple different SELinux policies, one should
work on all variants.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-01 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #20 from Simone Caronni  ---
(In reply to marco from comment #17)
> * In the spec file, what exactly is `Source4` used for?

Contains some things related to packaging (icon, desktop menu, etc.). I might
remove it entirely at some point.
It's unpacked in the %autosetup macro:

%autosetup -a 4 -p1

> * Is the package going to be made available in CentOS? If yes, on what
> schedule is CentOS/RHEL going to update the package? Is there a chance that
> EOL version are offered in the package manager? See
> https://bitcoincore.org/en/lifecycle/

I'm planning to build it also on CentOS/RHEL 7+ (stuff is already in the spec
file).
I just plan to build the latest version. Maintaining minor releases of previous
version in EPEL might be an option (ex. 0.20.1 in EPEL when 0.21 gets released
in Fedora), but I don't really see the point honestly. Might be that at one
point due to dependencies it's not possible to build the latest for EPEL, so in
that case a maintained old release or bundling of some libraries could be an
option.

Regarding EOL releases, no, no plan to keep EOL releases alive.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-07-01 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #19 from Simone Caronni  ---
(In reply to Eugene A. Pivnev from comment #16)
> (In reply to Simone Caronni from comment #10)
> > (In reply to Robert-André Mauchin from comment #7)
> > > Also create a logrotate file for the log:
> > > https://docs.fedoraproject.org/en-US/packaging-guidelines/
> > > #_logrotate_config_file
> > 
> > A couple of notes here:
> > 
> > - The log file after months of a running daemon is only 9.7 Mb, so I'm not
> > sure there is really any benefit here.
> 
> I think it is not matter how big is log file.
> Let user to decide switch it off on demand.

Exactly, but -shrinkdebugfile set to 1 automatically when in debug mode, the
user will get truncated logs at restart. So in my opinion is better to disable
the default shrinkdebugfile when turning on debug if we want to use logrotate.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #18 from Eugene A. Pivnev  ---
(In reply to marco from comment #17)
> * Why is the Bitcoin Core package called `bitcoin` and not `bitcoin-core`
> like in other package managers. E.g. https://snapcraft.io/bitcoin-core or
> https://flathub.org/apps/details/org.bitcoincore.bitcoin-qt

I can try to answer this.
* "bitcoin-core" includes bitcoind (bitcoin-server, but it is "client" of
bitcoin network), bitcoin-utils (pure "client" as client) and bitcoin-qt
("server" as client + partially "client" as client all-in-one :-)
* all of them are absolutely indepent from each another on runtime.
So, this "-core" is not "core" and not includes runtime core (and this is big
problem - it's impossible to select "-lib" from these tonns of code).
And as for me I think current packaging (bitcoin => -server + -utils + -qt) is
very logical.
PS. in addition some of docs say "..then run bitcoin-core (they mean bitcoin-qt
binary) and..."


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #17 from marco  ---
Some questions.

* In the spec file, what exactly is `Source4` used for?

* Why is the Bitcoin Core package called `bitcoin` and not `bitcoin-core` like
in other package managers. E.g. https://snapcraft.io/bitcoin-core or
https://flathub.org/apps/details/org.bitcoincore.bitcoin-qt

* Is the package going to be made available in CentOS? If yes, on what schedule
is CentOS/RHEL going to update the package? Is there a chance that EOL version
are offered in the package manager? See https://bitcoincore.org/en/lifecycle/


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #16 from Eugene A. Pivnev  ---
(In reply to Simone Caronni from comment #10)
> (In reply to Robert-André Mauchin from comment #7)
> > Also create a logrotate file for the log:
> > https://docs.fedoraproject.org/en-US/packaging-guidelines/
> > #_logrotate_config_file
> 
> A couple of notes here:
> 
> - The log file after months of a running daemon is only 9.7 Mb, so I'm not
> sure there is really any benefit here.

I think it is not matter how big is log file.
Let user to decide switch it off on demand.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #15 from Simone Caronni  ---
(In reply to Vit  Mojzis from comment #14)
> The Independent policy guide
> (https://fedoraproject.org/wiki/SELinux/IndependentPolicy) should cover all
> you need in terms of packaging the policy.
> As for the policy itself, please try to follow
> https://github.com/SELinuxProject/refpolicy/wiki/StyleGuide. Also, using
> "permissive bitcoin_t;" disables the SELinux confinement on the domain (AVC
> denials are logged, but not enforced) and should therefore only be used for
> debugging/testing.

Ok, thanks for the info!


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Vit  Mojzis  changed:

   What|Removed |Added

 CC||vmoj...@redhat.com



--- Comment #14 from Vit  Mojzis  ---
The Independent policy guide
(https://fedoraproject.org/wiki/SELinux/IndependentPolicy) should cover all you
need in terms of packaging the policy.
As for the policy itself, please try to follow
https://github.com/SELinuxProject/refpolicy/wiki/StyleGuide. Also, using
"permissive bitcoin_t;" disables the SELinux confinement on the domain (AVC
denials are logged, but not enforced) and should therefore only be used for
debugging/testing.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #13 from Simone Caronni  ---
(In reply to Robert-André Mauchin from comment #12)
>  - Could you follow the rules specified at
> https://fedoraproject.org/wiki/SELinux/IndependentPolicy and use the
> %pre/%post macros documented there?
> 
>  - See the post by DWalsh on the -devel ML:
> https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/
> message/GK3KPEDHX5NLDW32X7RIAP2IVEYHIAX3/

Ah, I was not aware of it. I will check, thanks!


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #12 from Robert-André Mauchin  ---
 - Could you follow the rules specified at
https://fedoraproject.org/wiki/SELinux/IndependentPolicy and use the %pre/%post
macros documented there?

 - See the post by DWalsh on the -devel ML:
https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/message/GK3KPEDHX5NLDW32X7RIAP2IVEYHIAX3/


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #11 from Simone Caronni  ---
In the meanwhile, before changing anything for the logging:

Spec URL: https://slaanesh.fedorapeople.org/bitcoin.spec
SRPM URL: https://slaanesh.fedorapeople.org/bitcoin-0.20.0-2.fc32.src.rpm

* Tue Jun 30 2020 Simone Caronni  - 0.20.0-2
- Update Source0 URL.
- Do not obsolete "bitcoin", just leave the provider for it.
- Let the build install the man pages.
- Make sure old post scriptlets run only on RHEL/CentOS 7.
- Do not install static library and archive.
- Be explicit with share object versions.
- Use macros for more directories.
- Use GCC 9 and not 7 to build on RHEL/CentOS 7.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #10 from Simone Caronni  ---
(In reply to Robert-André Mauchin from comment #7)
> Also create a logrotate file for the log:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/
> #_logrotate_config_file

A couple of notes here:

- The log file after months of a running daemon is only 9.7 Mb, so I'm not sure
there is really any benefit here.
- When enabling -debug on the daemon, the -shrinkdebugfile is automatically set
to 1, so the log file is trimmed at startup.

So I see two options:

1. Add -shrinkdebugfile=1 to the systemd unit, so the log file is also trimmed
when NOT starting in debug mode
2. Add -shrinkdebugfile=0 to the systemd unit so the log file is never trimmed
even when debugging and then add the logrotate file.

I think solution 1 is better.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #9 from Simone Caronni  ---
(In reply to Robert-André Mauchin from comment #6)
> Source0:   
> http://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.
> gz

Updated.

>  - Why does the core subpackage obsoletes the main package? Also for a
> rename the Obsolete part must be fixed, to the release above the last
> release of the obsoleted package.

Long old gone thing, removed the Obsoletes.

>  - GZipping the man pages is handled by rpm, do not do it yourself:
> 
> gzip %{buildroot}%{_mandir}/man1/$i.1

Missed it. Actually man pages are now installed automatically, so I removed the
section entirely.

>  - This is only needed in EPEL7:
> 
> %post core
> /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
> 
> %postun core
> if [ $1 -eq 0 ] ; then
> /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
> /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
> fi
> 
> %posttrans core
> /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
> 
>  Please put it behind a condition.

Missed it, fixed.

>  - Do not package libtool archive. Static library are generally not
> packaged, and, if really needed, must have their own static subpackage:
> 
> %{_libdir}/libbitcoinconsensus.a
> %{_libdir}/libbitcoinconsensus.la

Disabled static library building and removed the local archive.

>  - In order to avoid unintentional soname bump, we recommend not globbing
> the major SONAME version from shared library. Be more specific instead:
> 
> %{_libdir}/libbitcoinconsensus.so.*

Fixed.

>  - /var/lib/, {_localstatedir}/lib → use %{_sharedstatedir}
>  - /var/, %{_var} → use %{_localstatedir}
>  - /run → %{_rundir}

Missed, all fixed.

>  - I know nothing about SELinux, I need to find another reviewer for this

I will not separate the selinux policies from the main package. Many packages
in the distribution require SELinux (ex. FreeIPA). It's not something that
should be disabled, pretty much like the firewall.


Testing now the above changes with 0.20, will post the updated src.rpm after
all functional tests have run.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-30 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #8 from Simone Caronni  ---
Thanks for the feedback, updating the package now.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-26 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #7 from Robert-André Mauchin  ---
Also create a logrotate file for the log:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_logrotate_config_file


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-26 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Robert-André Mauchin  changed:

   What|Removed |Added

 CC||zebo...@gmail.com



--- Comment #6 from Robert-André Mauchin  ---
 - 
Source0:   
http://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

→

Source0:   
http://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz

 - Why does the core subpackage obsoletes the main package? Also for a rename
the Obsolete part must be fixed, to the release above the last release of the
obsoleted package.

%package core
Summary:Peer to Peer Cryptographic Currency
Obsoletes:  %{name} < %{version}-%{release}
Provides:   %{name} = %{version}-%{release}

 - GZipping the man pages is handled by rpm, do not do it yourself:

gzip %{buildroot}%{_mandir}/man1/$i.1

 - This is only needed in EPEL7:

%post core
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :

%postun core
if [ $1 -eq 0 ] ; then
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
fi

%posttrans core
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :

 Please put it behind a condition.

 - Do not package libtool archive. Static library are generally not packaged,
and, if really needed, must have their own static subpackage:

%{_libdir}/libbitcoinconsensus.a
%{_libdir}/libbitcoinconsensus.la


 - In order to avoid unintentional soname bump, we recommend not globbing the
major SONAME version from shared library. Be more specific instead:

%{_libdir}/libbitcoinconsensus.so.*

 - /var/lib/, {_localstatedir}/lib → use %{_sharedstatedir}

 - /var/, %{_var} → use %{_localstatedir}

 - /run → %{_rundir}

 - I know nothing about SELinux, I need to find another reviewer for this


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-06-07 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Eugene A. Pivnev  changed:

   What|Removed |Added

 CC||ti.eug...@gmail.com



--- Comment #5 from Eugene A. Pivnev  ---
Selinux* things must be optional.
If user set "selinux=disabled" than he can remove most of *selinux* rpms from
host.
But your packages require to reinstall them again.

Summary good job, I use this for last month ok (f30 x32, f32 x64).


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-05-14 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #4 from Simone Caronni  ---
Thanks I will look at it.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-05-13 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731



--- Comment #3 from Oleg Girko  ---
I was packaging a Dash client for Fedora for quite some time. Dash was
originally a fork of Bitcoin, and now it still synchronises its codebase with
newer versions of Bitcoin. Hence, Dash is not different than Bitcoin from
packaging point of view, only some file names and TCP port numbers are
different.
You can take a look at spec and other files I use to build Dash here:
https://obs.infoserver.lv/package/show/cryptocurrency/dash-core
If you find any ideas from this useful, feel free to use them. :-)

My spec file was originally based on spec file that was in Bitcoin source's
contrib subdirectory (it was removed from there since then), but significantly
evolved.

It has provisions for building with depends system, making deterministic build
closer to the one used for binary distribution by vendor (but not exactly the
same: still using compiler and some system libraries from Fedora). In order to
be suitable for building in isolated environment without network connectivity,
all sources needed for building are added as "SourceN:" directives in
autogenerated section of spec file, and "update-sources.sh" script has to be
run to update these sources every time you change the version number. This
feature is not suitable for official Fedora package because it essentially
bundles various libraries, so it's disabled by default.

Also, functional tests in "%check" section are run in parallel, and temporary
directory is placed in "/var/tmp" for them, because "/tmp" is sometimes tmpfs
in isolated build environment. and some tests require 8 gigabytes of space in
tmpdir.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-05-12 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Simone Caronni  changed:

   What|Removed |Added

   Doc Type|--- |If docs needed, set a value



--- Comment #2 from Simone Caronni  ---
SPEC file contains the necessary information to build on CentOS / RHEL 7 as
well.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org


[Bug 1834731] Review Request: bitcoin - Peer to Peer Cryptographic Currency

2020-05-12 Thread bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1834731

Simone Caronni  changed:

   What|Removed |Added

 CC||j.orti.alca...@gmail.com



--- Comment #1 from Simone Caronni  ---
*** Bug 1020292 has been marked as a duplicate of this bug. ***


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org