April 2014 - devel - Fedora Mailing-Lists

upgrading RH 9 system->Fedora with iso files and apt only

by Didier Casse

I have the yarrow's iso files on my HD in a RH9 system. Let's say I want to upgrade selected packages using an "apt-get install" pointing to my iso-mounted files, how do I do it? i.e I mount the iso into some /mnt/yarrow1, /mnt/yarrow 2 etc.. Then what is the complete procedure to make my apt look into my own HD to upgrade packages. Can anybody redirect me to the correct resource or some literature hanging on the web? Thanks. Assume also that I do not wish to burn CDs! I do not want to use apt-cdrom. Thanks. With kind regards, Didier. --- PhD student Singapore Synchrotron Light Source (SSLS) 5 Research Link, Singapore 117603 Email: slsbdfc at nus dot edu dot sg \or\ didierbe at sps dot nus dot edu dot sg Website: http://ssls.nus.edu.sg

1 year, 4 months

6
9
0 / 0

pdftk retired?

by Michael J Gruber

I just git a "broken dependencies" notice for a package that I maintain. The reason is that "pdftk" got retired just the other day. I may have missed a corresponding post on fedora-devel, but I think a heads up notice to maintainers of depending packages may be in order before you retire a package, as a general idea. You see, unretiring a package is so much more work than changing maintainership. As for pdftk: I see 2 failed builds for version 1.45 and none for the current version 2.02 (which probably breaks the api anyways). What are the plans? Retire pdftk completely? Start fresh with pdftk2? pdflabs, the maker of pdftk, provide binary as well as source rpms for pdftk 2.02, by the way. I might even look into packaging it but don't want to duplicate any existing efforts. Michael

1 year, 9 months

17
26
0 / 0

git push permission denied

by Neal Becker

I just had to setup a new machine, and new ssh keys. I visited https://admin.fedoraproject.org/accounts/user/edit/xxxx I chose my new id_rsa.pub to upload. But I get: git push --verbose Pushing to ssh://nbecker@pkgs.fedoraproject.org/mercurial Permission denied (publickey). fatal: The remote end hung up unexpectedly Hints?

2 years, 3 months

4
5
2 / 0

F21 Self Contained Change: Replace Bacula with Bareos

by Jaroslav Reznik

= Proposed Self Contained Change: Replace Bacula with Bareos = https://fedoraproject.org/wiki/Changes/Bareos Change Owner(s): Simone Caronni <negativo17 at gmail.com> The powerful Bacula network backup solution has switched from being Open Source friendly to being almost closed source. Originally the project was conceived totally as Open Source, but since the creation of Bacula Systems and its proprietary Bacula Enterprise Edition product, the Open Source (now called "Community Edition") has received less and less updates and is mostly abandoned. == Detailed description == The most important points that are left "abandoned" are the following: * Installation scripts and updates to makefiles are not updated anymore. * New plugins and functionalities are not added anymore, except those in the "core" daemons. * Gaphical (and buggy) console has not received any update in almost two years. * Patches and bugs opened in the bug tracker are mostly left abandoned. Even trivial fixes are not imported in the source. * Windows binaries are no longer provided, nor the source for the clients has been updated. Even if compiled with difficulties, there is no support for recent Windows versions. A former Bacula developer, frustrated by the situation created the fork Bareos a long time ago from Bacula 5.2.x (the current Fedora and RHEL 7 version). This version has now received '''a lot of bugfixes''' compared to the original Bacula source. This makes compilation and installation a lot easier than it was with Bacula. On top of this, a '''lot of new features''' have been added; some unique to Bareos but many available only in the closed source Bacula Enterprise. Here is the list of new features compared to the current Bacula 5.2.13: * http://www.bareos.org/en/whats_new.html Some highlights include NDMP support for enterprise class storage (NetApp, etc.), support for enterprise class tape libraries and Windows support (including Windows Server 2012) with Bareos generated binaries. For further details on why a Bacula fork was created please look at the following links: * http://www.bareos.org/en/faq/items/why_fork.html Bareos can also be '''fully compatible with Bacula''' by setting a specific configuration directive in the Daemon configuration files; thus providing the option for RHEL 6/7 users to interoperate with Fedora systems. * http://www.bareos.org/en/faq/items/bareos_bacula_compatibility.html == Scope == To accomplish the goal, the following Bacula packages need to be replaced with Bareos equivalents: bacula bacula-docs Currently, the same Fedora packages can be rebuilt as they are, to work also on CentOS/RHEL 5 and 6, upgrading the EPEL or official Bacula packages in the distributions. This is to have a consistent backup infrastructure across all the Fedora/CentOS/RHEL ecosystem. To ease installation, a repository for installing those packages on a CentOS/RHEL system do exist: http://repos.fedorapeople.org/repos/slaanesh/bacula/README.txt The idea is the same for Bareos: import into Fedora 21 packages that can be rebuilt for all supported Fedora/RHEL/CentOS releases and provide a repository that can upgrade any Bacula release currently installed in the system with the new one. In detail; the upgrade scenarios supported when going from Bacula to Bareos would be: From Bacula 2.4: * RHEL/CentOS 5 with EPEL repository From Bacula 5.0: * RHEL/CentOS 6 From Bacula 5.2.13: * Fedora 18+ * RHEL/CentOS 5 * RHEL/CentOS 6 As written before, the change is impacting only Fedora 21, the list of upgrades supported are only for users who want a consistent backup solution across the enterprise. === External activities === Proposal owners: I'm the current Bacula mantainer in Fedora and will complete the transition in time for the release. Other developers: N/A (not a System Wide Change) Release engineering: the release engineering team should make sure the new Bareos packages are in place instead of the current Bacula packages for the new release. Policies and guidelines: N/A (not a System Wide Change) _______________________________________________ devel-announce mailing list devel-announce(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce

8 years, 2 months

6
8
0 / 0

Configurable version of suexec in Debian but not Fedora?!

by Neal Gompa

So a friend of mine has been wrangling with suexec trying to configure it for his needs, and he has become quite furious over the fact that suexec isn't configurable. Then he finds out that Debian actually has a version of suexec[1] that lets you use a conf file to configure suexec. My question is, why the heck isn't this in Fedora? How is it that Debian can offer both versions[1][2], but Fedora cannot? I'm honestly surprised that Fedora doesn't offer this little piece of flexibility. I would think that this would be in Fedora and RHEL, because of how useful this would be. So what's going on here? [1]: https://packages.debian.org/sid/apache2-suexec-custom [2]: https://packages.debian.org/sid/apache2-suexec-pristine -- 真実はいつも一つ！/ Always, there's only one truth!

8 years, 3 months

3
3
0 / 0

Firefox Gtk3 test package

by Martin Stransky

Hi guys, first $SUBJ is available at: http://stransky.fedorapeople.org/FirefoxGtk3/ It's just a src.spm and plugin support it not finished (don't browse youtube ;-)) but may work as a preview. I'll provide Fedora builds and repo later. ma.

8 years, 7 months

18
58
0 / 0

Expanding the list of "Hardened Packages"

by Dhiru Kholia

Hi, This proposal was originally at https://fedorahosted.org/fesco/ticket/1104 (mitr asked me to move the discussion to fedora-devel to get more attention and feedback) ... http://fedoraproject.org/wiki/Hardened_Packages page mentions that "FESCo requires some packages to use PIE and relro hardening by default." It would be great if this list could be expanded to include even more packages which are at comparatively more risk of being exploited (locally or remotely). Such packages will typically include various system daemons, network daemons and network enabled applications. Lot of network daemons are already using PIE and RELRO (e.g. httpd, MariaDB). So a natural question is why packages in same "network daemons" class like PostgreSQL, Dovecot and MongoDB aren't being hardened? Some of the ways to implement this proposal are, 1. Hardening flags should be turned on (by default) for all packages which are at comparatively more risk of being exploited or which meet some well-defined criteria (suggestions welcome). "Packaging Guidelines" say that "Other packages may enable the flags at the maintainer's discretion." Thinking from a security perspective, I find "Hardening flags can only be disabled for other packages at the maintainer's discretion provided enough justification is given to FESCo" to be more appropriate. 2. An alternate approach is to come up with an expanded list of packages which should be hardened. Any feedback is welcome! -- Dhiru

8 years, 10 months

39
140
0 / 0

default local DNS caching name server

by Chuck Anderson

Back in 2012 there was a discussion about having Fedora default to using a local DNS caching name server [1]: [1] http://comments.gmane.org/gmane.linux.redhat.fedora.devel/166018 I think this needs to be revisited. While DNSSEC support has historically been a driving factor for implementing this, there is an even more fundamental need due to the poor performance of the system in case the first listed nameserver in /etc/resolv.conf fails for some reason. It is shameful that Linux systems and applications in general still, after 20+ years, can't perform adequately after a primary DNS server failure. The stub resolver in glibc which uses /etc/resolv.conf can decide that the first listed nameserver entry is down, but this decision has to be made over and over in every single process on the system that is doing DNS resolution, resulting in repeated long application hangs/delays. We need an independent, system-wide DNS cache, and always point resolv.conf to 127.0.0.1 to solve this fundamental design problem with how name resolution works on a Linux system. Windows has had a default system-wide DNS cache for over a decade. It is about time that Linux catches up. Yesterday, a new version of dnsmasq was released [2] that adds full DNSSEC support and provides an alternative to unbound which dnssec-trigger requires. There has also been great work done to solve the NTP/DNSSEC bootstrap problem [3]. What options are currently available in e.g. NetworkManager for using a local DNS cache and what is the current status of this integration? Is it ready yet for turning on by default in all Fedora products? [2] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q2/008416.html [3] http://comments.gmane.org/gmane.comp.embedded.cerowrt.devel/2244

8 years, 10 months

23
129
0 / 0

Package reviev : tayga

by William

Hi, I am looking to have the following package reviewed for inclusion into fedora. Tayga is a NAT64 implementation in userland. With the help of DNS64 (BIND), it allows an ipv6 only client to communicate with the ipv4 internet. http://www.litech.org/tayga/ I have attached the SRPM of what I have created. There are a few things that could change. First, I had thought that I would need more selinux policy than I did. At the moment the policy just provides a filecontext. Is there a better way to do this? The ifup / ifdown script read their variables from the /etc/tayga configuration file. In most scenarios, a system will run only one instance of this. However I would like feedback on: Should I enable it so that the ifup/down can accept a tayga.conf parameter to read OR Should the ifup/ifdown script generate the tayga.conf on the fly to say /var/run/tmp somewhere from values provided in the ifup / ifdown? Additionally, what I have in these scripts should really be reviewed, as I have never written them before. Finally, tayga is a long running process, as such, I have enabled the hardened build. It is possible to run as an alternate user and in a chroot of it's DB dir. What is the best way to go about adding a user for this package for the daemon to run as? Looking forwards to comments and advice, -- Sincerely, William Brown http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xEFC416D781A8099A

8 years, 11 months

2
5
0 / 0

libgcrypt soname bump in rawhide

by Tomas Mraz

I'm rebasing libgcrypt in rawhide to libgcrypt-1.6.1. The new upstream release contains many improvements over the old one especially in terms of new crypto algorithm support and performance improvements. Unfortunately the rebase bumps soname to libgcrypt.so.20 due to dropping some long-ago deprecated API calls. This should not break builds of any reasonably current software. I've included the temporary old shared library so the buildroots are not broken. I will try to rebuild the dependencies eventually. Regards, -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) _______________________________________________ devel-announce mailing list devel-announce(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce

8 years, 11 months

11
21
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

devel April 2014