Help with packaging
by Conrad Meyer
Hi list,
I'm experiencing trouble trying to get one of my packages (sdcc) to build for
Fedora 12. It builds on Fedora 11 and older (just double-checked in mock). It
seems to be some sort of change in how RPM uses __os_install_post or how brp-
strip-static-archive works between F11 and F12. Anyone familiar with any such
changes?
http://linux.dell.com/files/fedora/FixBuildRequires/mock-
results/x86_64/sdcc-2.9.0-4.fc12.src.rpm/result/build.log
Some background info for those unfamiliar with sdcc: sdcc is a compiler
targeting embedded devices. It bundles some archives that contain object code
for these other architectures -- chmodded 644, in %{_datadir} -- I don't even
know why brp-strip* dives into %{_datadir} anyway.
Thanks,
--
Conrad Meyer <cemeyer(a)u.washington.edu>
14 years, 4 months
Kernel-2.6.31.6-134 seems to have a bug on R600 DRM
by Liang Suilong
After updating the package, compiz crashed and glxgears can not run.
However, KMS and plymouth can still run well.
Here is dmesg message that I grabbed:
[drm:r600_cs_packet_next_reloc_mm] *ERROR* No packet3 for relocation for
packet at 47.
[drm:r600_packet3_check] *ERROR* bad SET_CONTEXT_REG 0x28014
[drm:radeon_cs_ioctl] *ERROR* Invalid command stream !
But I reboot with kernel-2.6.31.5-127. All the thing return to normal. My
desktop is running on Fedora 12 x86_64. My graphic card is HD3650.
ATi display drivers: xorg-x11-drv-ati-6.13.0-0.11.20091119git437113124.fc12
Kernel: 2.6.31.6-134.fc12.x86_64
Mesa: 7.6-0.15.fc12
Does any guy meet the same situation?
--
<url>http://www.liangsuilong.info</url>
Fight for freedom!!!!(3F)
Ask not what your Linux distro can do for you!
Ask what you can do for your Linux distro!
14 years, 4 months
Head-up - new firefox in rawhide
by Martin Stransky
Hi,
a new firefox (3.6 beta 2) just hit rawhide (a.k.a f13). There are some
changes which affect everyone who builds with xulrunner-devel-unstable
package.
Mozilla decided to merge all include directories to one (mozbz#398573)
and stop shipping stable/unstable packages. So all headers/libraries are
merged to one big xulrunner-devel package (with respective pkgconfig
files) and xulrunner-devel-unstable has been removed.
What does it mean for you?
1) Change xulrunner-devel-unstable to xulrunner-devel in spec. file
BuildRequires.
2) Switch libxul-embedding-unstable.pc to libxul-embedding.pc or
libxul-unstable.pc to libxul.pc in make/configure scripts.
3) Rebuild the package and report any problem to BZ.
ma.
14 years, 4 months
Final F-10 updates push
by Josh Boyer
Hi All,
Fedora 10 will go EOL on December 17th. The final day for
updates to be submitted will be December 14th. Please make
sure any final updates you want pushed to the F10 repos are
submitted by this date.
Thanks,
josh
_______________________________________________
Fedora-devel-announce mailing list
Fedora-devel-announce(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-announce
14 years, 4 months
livecds in the future
by Ben Williams
If release engineering would like to release liveusb.iso for people to
use to install or just to look at the new features, that is fine But
from the #fedora channel the # of people installing off of the livecd
images are very high (if you want to search the logs i am sure they can
be provided, and yes the # installing useing the livecd.iso on usb is
high as well.)
the current livecd isos need to continue (yes i know the size sux, but
not everyone has highspeed internet thats why they are downloading the
livecd and not the dvd)
I say if you want to offer more choice, that is great, but do not shoot
yourself in the foot yet, for f13 we can always try a liveusb image as
well as the livecd iso if someone is willing to help release engineering
make this happen so much the better for all of us
if the people wanting a localized spin step up and do and maintain one
for your locale.
--
Ben Williams
Windows-Linux Specialist
460 McBryde Hall
Blacksburg VA 24061-0123
540 231-2739
14 years, 4 months
Security testing: need for a security policy, and a security-critical package process
by Adam Williamson
Hi, everyone. I'm sending this email as a result of a discussion in the
Fedora QA meeting this morning. You can find a log of the meeting here:
http://meetbot.fedoraproject.org/fedora-meeting/2009-11-23/fedora-meeting...
the discussion takes place from 16:14:09 onwards.
We discussed the recent PackageKit kerfuffle from a QA perspective,
which means we talked about how we could have meaningful security
testing. We came to some basic conclusions about this which require
co-ordination with the security and development groups.
We can't do any meaningful security testing without knowing exactly what
we should be testing for, in which packages. I believe Seth Vidal's
upcoming proposal for covering 'major changes' may touch on this, but I
doubt they'll cover exactly the same ground.
So, if we are to have meaningful security testing in future releases -
which QA believes would be a good thing - we need the project to define
a security policy. We believe there's a genuine need for this anyway, as
the introduction and widespread adoption of PolicyKit will likely lead
to much more complex and significant potential changes in security
posture than any previous change.
It's not QA's role to define exactly what the security policy should
look like or what it should cover, but from the point of view of
testing, what we really need are concrete requirements. The policy does
not have to be immediately comprehensive - try and cover every possible
security-related issue - to be valuable. Something as simple as spot's
proposed list of things an unprivileged user must not be able to do -
http://spot.livejournal.com/312216.html - would serve a valuable purpose
here.
The second thing QA would require, aside from a policy with concrete and
testable requirements, is a list of security-sensitive components to
test. Obviously we couldn't test every package in the entire
distribution for compliance with even such a simple list as spot's, and
it would be a waste of time to try.
Focussing on the relatively simple issues for now, we believe it would
be reasonably simple to generate a list of all packages in the
distribution that attempt privilege escalation. We believe this would be
a list of packages that contain suid binaries, that invoke su, sudo or
consolehelper, or that contain PolicyKit policies. This list of packages
would be what the QA team would test with regard to the security policy.
We also believe there ought to be a process for maintaining this list,
and additions to the packaging guidelines for any new package which
would be on this list or any existing package for which a proposed
change would add it to this list. We could also hook AutoQA into this
process, to run additional tests on security-sensitive packages or alert
us when a package change was submitted which added security-sensitive
elements to an existing package.
Will Woods has indicated he is prepared to help work on the tools
necessary to generate the security-sensitive package list. The QA group
as a whole is happy to contribute what input we can to any discussion of
a general security policy. Mostly, we wanted to make it clear that we
believe security testing would be of benefit to the distribution, but
these things need to be in place before any meaningful such testing
could be done.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
14 years, 4 months
What questions would you like to ask the Candidates for the Fedora Board, FESCo, and FAMSCO?
by Thorsten Leemhuis
Hi!
As you may have heard already, several seats of the Fedora Board, FESCo,
and FAMSCO are up for election soon(¹). Right now we are in the
nomination period, which will be followed by a "Candidate
Questionnaire." That means we'll give candidates a list of questions to
answer by private mail within one week after the nomination period
closed; the results will be publish soon after that to make sure they
are available to the public before the Town Hall meetings on IRC happen.
Candidates may choose to answer (or not) those questions as they see
fit. Voters can use the answers to get an impression of what the
candidate think or plan to do while serving for the committees they are
nominated for. That should help to get a interesting discussion running
during the IRC Town Hall meetings; furthermore, those people that can't
or don't want to participate in the IRC meetings can use the answers to
make a more informed vote.
Hence we need to prepare a few good questions that we can send to the
candidates once the nomination period ends. And that's where I need
*your help* now:
If you have one or more questions you'd like to send to the candidates
simply go and add them to:
https://fedoraproject.org/wiki/Elections/F13_Questionnaire
It just takes a minute or two, so best to do it right now -- otherwise
you might get distracted and forget about it. ;-)
I'll take care of the remaining work to review, sort, and clean up the
questions(²); after that I'll send them to the candidates soon after the
nomination period ended. Hence, I need your question suggestions by
around the 15th November 17:00 UTC latest to get a chance to prepare
everything in time.
So please go to the wiki now and add at least one hard question! The
answers will help Fedora contributors to chose whom to vote for! Thanks
in advance for your help .
CU
knurd
(¹) If you haven't read about it yet see
https://fedoraproject.org/wiki/Elections for details.
(²) If you want to get involved or review the questions before I send
them please drop me a line and I'll try to get that arranged; maybe we
can arrange a quick, informal IRC meeting on Sunday evening if there is
interest
14 years, 4 months
Notification of uploads to the lookaside cache
by Jon Stanley
As part of our ever vigilant stance towards security around our
packaging process, we have added a new feature to upload.cgi (which
accepts file uploads into the lookaside cache) which will email the
package owner (<package>-owner(a)fedoraproject.org, specifically) and
fedora-extras-commits(a)redhat.com whenever a file is uploaded to the
lookaside cache. Previously this was a big black box and an area of
concern.
The message will contain the name of the file, the package concerned,
the md5sum, and the user that uploaded it. An example is below:
File upload.cgi for package sportrop-fonts has been uploaded to the
lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by
jstanley
Please let me know if you have any questions, comments, or room for improvement!
Thanks!
-Jon
14 years, 4 months
Re: [RFA] Your [PACKAGE_NAME] did not pass QA
by Jerry James
On Mon, Nov 23, 2009 at 12:01 AM, repo-font-audit
<nicolas.mailhot(a)gmail.com> wrote:
> Dear packager,
[snip]
> To stop receiving this message, you need to:
> 1. drop the font files or fix their packaging;
> 2. relay the fonts issues to the fonts upstream to get them revised;
> 3. work with the code upstream to improve the way it accesses font
> files (usually by making it use fontconfig through a higher-level
> text library such as pango, pango-cairo, harfbuzz, or QT)
I maintain multiple packages that use core fonts. I do not have the
expertise to migrate those packages, all of which are large and
complex, to a new font system. I have neither the time nor the
interest to gain that expertise. The upstreams, save one, have
expressed 0 interest in doing that work themselves. The one that has
expressed interest, XEmacs, currently has a half-baked fontconfig/Xft
implementation that is stalled because the programmers that started it
went on to other things without finishing it. So it appears to me
that this message is really saying:
1) I'm going to nag you forever about a problem you can't fix.
2) There is no way to make me stop nagging you.
I want a switch that says, "Yes, I know this application uses core
fonts. It isn't going to change. Shut up, please."
--
Jerry James, who thought he was doing the Fedora community a favor
when he rescued gcl from the bit bin
http://www.jamezone.org/
14 years, 4 months
Fedora 12: Emacs is not for software development
by Sam Varshavchik
I just did a new install on a spare laptop. I chose the "Software
Development" option.
Emacs did not get installed.
Also, although neither mysql-devel, nor postgresql-devel, nor even
libtool-ltdl-devel got installed, I ended up with a huge number of -devel
packages, many of whom, from my viewpoint would like have an audience much
smaller than emacs' potential audience.
Although an argument could be made about mysql and postgresql, I suppose,
leaving emacs off is rather depressing, if that accurately represents the
contemporary general opinions.
14 years, 4 months