February 2022 - devel - Fedora Mailing-Lists

Re: Next Open NeuroFedora Meeting: 1300 UTC on Monday, 28 February (Today)

by Ankur Sinha

Hello everyone, Please join us at the next Open NeuroFedora team meeting on Monday 28th February (today!) at 1300UTC in #fedora-neuro on IRC (Libera.chat) or Matrix. The meeting is a public meeting, and open for everyone to attend. You can join us over: Matrix: https://matrix.to/#/#neuro:fedoraproject.org IRC: https://webchat.libera.chat/?channels=#fedora-neuro You can convert the meeting time to your local time using this command in a terminal: $ date --date='TZ="UTC" 1300 today' or you can use this link: https://www.timeanddate.com/worldclock/fixedtime.html?msg=Open+NeuroFedor... The meeting will be chaired by @hardeborlaa. The agenda for the meeting is: - New introductions and roll call. - Tasks from last meeting: https://meetbot.fedoraproject.org/teams/neurofedora/neurofedora.2022-02-1... - Open Pagure tickets: https://pagure.io/neuro-sig/NeuroFedora/issues?status=Open&tags=S%3A+Next... - Package health check: https://packager-dashboard.fedoraproject.org/neuro-sig - Open package reviews check: https://bugzilla.redhat.com/show_bug.cgi?id=fedora-neuro - Koschei packages check: https://koschei.fedoraproject.org/groups/neuro-sig - CompNeuro lab compose status check for F36: https://koji.fedoraproject.org/koji/packageinfo?packageID=30691 - Neuroscience query of the week - Next meeting day, and chair. - Open floor. We hope to see you there! You can learn more about NeuroFedora here: https://neuro.fedoraproject.org -- Thanks, Regards, Ankur Sinha "FranciscoD" (He / Him / His) | https://fedoraproject.org/wiki/User:Ankursinha Time zone: Europe/London

2 years, 1 month

1
1
0 / 0

unsafe systemd setup in Fedora

by Marius Schwarz

Hi Guys, running a hardening tool I stumpled about systemd own security analysis, which doesn't look good: $ systemd-analyze security UNIT EXPOSURE PREDICATE HAPPY NetworkManager.service 7.8 EXPOSED 🙁 abrt-journal-core.service 9.6 UNSAFE 😨 abrt-oops.service 9.6 UNSAFE 😨 abrt-xorg.service 9.6 UNSAFE 😨 abrtd.service 9.6 UNSAFE 😨 accounts-daemon.service 9.6 UNSAFE 😨 alsa-state.service 9.6 UNSAFE 😨 atd.service 9.6 UNSAFE 😨 auditd.service 8.7 EXPOSED 🙁 avahi-daemon.service 9.6 UNSAFE 😨 chronyd.service 8.9 EXPOSED 🙁 colord.service 8.8 EXPOSED 🙁 crond.service 9.6 UNSAFE 😨 cups.service 9.6 UNSAFE 😨 dbus-:1.8-org.freedesktop.problems@0.service 9.6 UNSAFE 😨 dbus-broker.service 8.7 EXPOSED 🙁 dm-event.service 9.5 UNSAFE 😨 emergency.service 9.5 UNSAFE 😨 fail2ban.service 9.6 UNSAFE 😨 fcoe.service 9.6 UNSAFE 😨 flatpak-system-helper.service 9.6 UNSAFE 😨 gdm.service 9.8 UNSAFE 😨 getty(a)tty1.service 9.6 UNSAFE 😨 irqbalance.service 6.2 MEDIUM 😐 iscsid.service 9.5 UNSAFE 😨 iscsiuio.service 9.5 UNSAFE 😨 libvirtd.service 9.6 UNSAFE 😨 lvm2-lvmpolld.service 9.5 UNSAFE 😨 mdmonitor.service 9.6 UNSAFE 😨 multipathd.service 9.5 UNSAFE 😨 network.service 9.6 UNSAFE 😨 nmb.service 9.6 UNSAFE 😨 nscd.service 9.6 UNSAFE 😨 ntpd.service 9.2 UNSAFE 😨 lines 1-35...skipping... UNIT EXPOSURE PREDICATE HAPPY NetworkManager.service 7.8 EXPOSED 🙁 abrt-journal-core.service 9.6 UNSAFE 😨 abrt-oops.service 9.6 UNSAFE 😨 abrt-xorg.service 9.6 UNSAFE 😨 abrtd.service 9.6 UNSAFE 😨 accounts-daemon.service 9.6 UNSAFE 😨 alsa-state.service 9.6 UNSAFE 😨 atd.service 9.6 UNSAFE 😨 auditd.service 8.7 EXPOSED 🙁 avahi-daemon.service 9.6 UNSAFE 😨 chronyd.service 8.9 EXPOSED 🙁 colord.service 8.8 EXPOSED 🙁 crond.service 9.6 UNSAFE 😨 cups.service 9.6 UNSAFE 😨 dbus-:1.8-org.freedesktop.problems@0.service 9.6 UNSAFE 😨 dbus-broker.service 8.7 EXPOSED 🙁 dm-event.service 9.5 UNSAFE 😨 emergency.service 9.5 UNSAFE 😨 fail2ban.service 9.6 UNSAFE 😨 fcoe.service 9.6 UNSAFE 😨 flatpak-system-helper.service 9.6 UNSAFE 😨 gdm.service 9.8 UNSAFE 😨 getty(a)tty1.service 9.6 UNSAFE 😨 irqbalance.service 6.2 MEDIUM 😐 iscsid.service 9.5 UNSAFE 😨 iscsiuio.service 9.5 UNSAFE 😨 libvirtd.service 9.6 UNSAFE 😨 lvm2-lvmpolld.service 9.5 UNSAFE 😨 mdmonitor.service 9.6 UNSAFE 😨 multipathd.service 9.5 UNSAFE 😨 network.service 9.6 UNSAFE 😨 nmb.service 9.6 UNSAFE 😨 nscd.service 9.6 UNSAFE 😨 ntpd.service 9.2 UNSAFE 😨 nvidia-powerd.service 9.6 UNSAFE 😨 plymouth-start.service 9.5 UNSAFE 😨 polkit.service $ systemd-analyze security UNIT EXPOSURE PREDICATE HAPPY NetworkManager.service 7.8 EXPOSED 🙁 abrt-journal-core.service 9.6 UNSAFE 😨 abrt-oops.service 9.6 UNSAFE 😨 abrt-xorg.service 9.6 UNSAFE 😨 abrtd.service 9.6 UNSAFE 😨 accounts-daemon.service 9.6 UNSAFE 😨 alsa-state.service 9.6 UNSAFE 😨 atd.service 9.6 UNSAFE 😨 auditd.service 8.7 EXPOSED 🙁 avahi-daemon.service 9.6 UNSAFE 😨 chronyd.service 8.9 EXPOSED 🙁 colord.service 8.8 EXPOSED 🙁 crond.service 9.6 UNSAFE 😨 cups.service 9.6 UNSAFE 😨 dbus-:1.8-org.freedesktop.problems@0.service 9.6 UNSAFE 😨 dbus-broker.service 8.7 EXPOSED 🙁 dm-event.service 9.5 UNSAFE 😨 emergency.service 9.5 UNSAFE 😨 fail2ban.service 9.6 UNSAFE 😨 fcoe.service 9.6 UNSAFE 😨 flatpak-system-helper.service 9.6 UNSAFE 😨 gdm.service 9.8 UNSAFE 😨 getty(a)tty1.service 9.6 UNSAFE 😨 irqbalance.service 6.2 MEDIUM 😐 iscsid.service 9.5 UNSAFE 😨 iscsiuio.service 9.5 UNSAFE 😨 libvirtd.service 9.6 UNSAFE 😨 lvm2-lvmpolld.service 9.5 UNSAFE 😨 mdmonitor.service 9.6 UNSAFE 😨 multipathd.service 9.5 UNSAFE 😨 network.service 9.6 UNSAFE 😨 nmb.service 9.6 UNSAFE 😨 nscd.service 9.6 UNSAFE 😨 ntpd.service 9.2 UNSAFE 😨 lines 1-35...skipping... UNIT EXPOSURE PREDICATE HAPPY NetworkManager.service 7.8 EXPOSED 🙁 abrt-journal-core.service 9.6 UNSAFE 😨 abrt-oops.service 9.6 UNSAFE 😨 abrt-xorg.service 9.6 UNSAFE 😨 abrtd.service 9.6 UNSAFE 😨 accounts-daemon.service 9.6 UNSAFE 😨 alsa-state.service 9.6 UNSAFE 😨 atd.service 9.6 UNSAFE 😨 auditd.service 8.7 EXPOSED 🙁 avahi-daemon.service 9.6 UNSAFE 😨 chronyd.service 8.9 EXPOSED 🙁 colord.service 8.8 EXPOSED 🙁 crond.service 9.6 UNSAFE 😨 cups.service 9.6 UNSAFE 😨 dbus-:1.8-org.freedesktop.problems@0.service 9.6 UNSAFE 😨 dbus-broker.service 8.7 EXPOSED 🙁 dm-event.service 9.5 UNSAFE 😨 emergency.service 9.5 UNSAFE 😨 fail2ban.service 9.6 UNSAFE 😨 fcoe.service 9.6 UNSAFE 😨 flatpak-system-helper.service 9.6 UNSAFE 😨 gdm.service 9.8 UNSAFE 😨 getty(a)tty1.service 9.6 UNSAFE 😨 irqbalance.service 6.2 MEDIUM 😐 iscsid.service 9.5 UNSAFE 😨 iscsiuio.service 9.5 UNSAFE 😨 libvirtd.service 9.6 UNSAFE 😨 lvm2-lvmpolld.service 9.5 UNSAFE 😨 mdmonitor.service 9.6 UNSAFE 😨 multipathd.service 9.5 UNSAFE 😨 network.service 9.6 UNSAFE 😨 nmb.service 9.6 UNSAFE 😨 nscd.service 9.6 UNSAFE 😨 ntpd.service 9.2 UNSAFE 😨 nvidia-powerd.service 9.6 UNSAFE 😨 plymouth-start.service 9.5 UNSAFE 😨 polkit.service 9.6 UNSAFE 😨 rasdaemon.service 9.6 UNSAFE 😨 rc-local.service 9.6 UNSAFE 😨 rescue.service 9.5 UNSAFE 😨 restorecond.service 9.6 UNSAFE 😨 rngd.service 9.6 UNSAFE 😨 rpcbind.service 9.5 UNSAFE 😨 rsyslog.service 9.6 UNSAFE 😨 rtkit-daemon.service 7.1 MEDIUM 😐 smb.service 9.6 UNSAFE 😨 sshd.service 9.6 UNSAFE 😨 switcheroo-control.service 7.6 EXPOSED 🙁 systemd-ask-password-console.service 9.4 UNSAFE 😨 systemd-ask-password-plymouth.service 9.5 UNSAFE 😨 systemd-ask-password-wall.service 9.4 UNSAFE 😨 systemd-initctl.service 9.4 UNSAFE 😨 systemd-journald.service 4.3 OK 🙂 systemd-logind.service 2.8 OK 🙂 systemd-machined.service 6.2 MEDIUM 😐 systemd-oomd.service 1.8 OK 🙂 systemd-rfkill.service 9.4 UNSAFE 😨 systemd-timesyncd.service 2.1 OK 🙂 systemd-udevd.service 6.7 MEDIUM 😐 udisks2.service 9.6 UNSAFE 😨 upower.service 2.4 OK 🙂 user(a)1000.service 9.4 UNSAFE 😨 virtlockd.service 9.6 UNSAFE 😨 virtlogd.service 9.6 UNSAFE 😨 winbind.service 9.6 UNSAFE 😨 wpa_supplicant.service 9.6 UNSAFE 😨 9.6 UNSAFE 😨 rasdaemon.service 9.6 UNSAFE 😨 rc-local.service 9.6 UNSAFE 😨 rescue.service 9.5 UNSAFE 😨 restorecond.service 9.6 UNSAFE 😨 rngd.service 9.6 UNSAFE 😨 rpcbind.service 9.5 UNSAFE 😨 rsyslog.service 9.6 UNSAFE 😨 rtkit-daemon.service 7.1 MEDIUM 😐 smb.service 9.6 UNSAFE 😨 sshd.service 9.6 UNSAFE 😨 switcheroo-control.service 7.6 EXPOSED 🙁 systemd-ask-password-console.service 9.4 UNSAFE 😨 systemd-ask-password-plymouth.service 9.5 UNSAFE 😨 systemd-ask-password-wall.service 9.4 UNSAFE 😨 systemd-initctl.service 9.4 UNSAFE 😨 systemd-journald.service 4.3 OK 🙂 systemd-logind.service 2.8 OK 🙂 systemd-machined.service 6.2 MEDIUM 😐 systemd-oomd.service 1.8 OK 🙂 systemd-rfkill.service 9.4 UNSAFE 😨 systemd-timesyncd.service 2.1 OK 🙂 systemd-udevd.service 6.7 MEDIUM 😐 udisks2.service 9.6 UNSAFE 😨 upower.service 2.4 OK 🙂 user(a)1000.service 9.4 UNSAFE 😨 virtlockd.service 9.6 UNSAFE 😨 virtlogd.service 9.6 UNSAFE 😨 winbind.service 9.6 UNSAFE 😨 wpa_supplicant.service 9.6 UNSAFE 😨 As an example: -rw-r--r--. 1 root root 994 19. Aug 2021 upower.service -rw-r--r--. 1 root root 177 29. Jan 2021 udisks.service upower has severall restrictions set, udisks not even one of them. Do those "insecure" units come from upstream projects, or is Fedora lagging behind some patches? Is there a way to find out, if missing restrictions options are a problem for the service and if not, any way to tell that analyse tool about it? best regrads, Marius

2 years, 1 month

9
20
0 / 0

Why I get some random notifications from discourse?

by Vít Ondruch

Is that intentional that i get some random notifications from Discourse or what is going on? In past month, I was notified about following topics: * Join us for the EPEL office hours every month [Fedora] epel * Self-intro glaringgibbon [Fedora] introductions * It's #FedoraShareYourScreen week [Fedora] events * Tempted to switch full-time to Fedora, but I got some noob questions [Fedora] introductions And I wonder why? Does Discourse want to be completely muted or what? Vít

2 years, 1 month

5
8
0 / 0

Possibly unexpcted soname change: liblept.so.5 -> libleptonica.so.5.4.0

by Mamoru TASAKA

Hello, all: On f37 / f36 leptonica made some packaging change: https://src.fedoraproject.org/rpms/leptonica/c/e2486ca5bc2578ee629457b854... This caused soname change: liblept.so.5 -> libleptonica.so.5.4.0 , which I guess is unexpected. $ dnf repoquery --quiet --repo=koji-36 --qf '%{sourcerpm}' --whatrequires "liblept.so.5()(64bit)" | cat -n 1 leptonica-1.82.0-2.fc36.src.rpm 2 mupdf-1.19.0-5.fc36.src.rpm 3 python-PyMuPDF-1.19.4-2.fc36.src.rpm 4 tesseract-5.0.1-2.fc36.src.rpm 5 zathura-pdf-mupdf-0.3.7-5.fc36.src.rpm $ dnf repoquery --quiet --repo=koji-37 --qf '%{sourcerpm}' --whatrequires "liblept.so.5()(64bit)" | cat -n 1 mupdf-1.19.0-5.fc36.src.rpm 2 python-PyMuPDF-1.19.5-1.fc37.src.rpm 3 zathura-pdf-mupdf-0.3.7-5.fc36.src.rpm (Some of the package were rebuilt on f37 due to another reason, so depending packages' number differs here) Currently I am not sure if we can just revert the above change. Regards, Mamoru

2 years, 1 month

7
11
0 / 0

Is NetworkManager-wait-online.service necessary by default?

by Chris Murphy

Do any of Fedora desktop spins and Workstation edition need NetworkManager-wait-online.service enabled by default? Fedora 35 Workstation (updated, default "preset-all" service units) $ systemd-analyze Startup finished in 1.330s (kernel) + 1.284s (initrd) + 12.256s (userspace) = 14.871s graphical.target reached after 12.232s in userspace Fedora 35 Workstation, same as above except NetworkManager-wait-online.service is disabled $ systemd-analyze Startup finished in 1.294s (kernel) + 1.243s (initrd) + 5.704s (userspace) = 8.242s graphical.target reached after 5.670s in userspace 6.6s longer to wait for what? Is this service enabled just in case someone adds an NFS or Samba mount to fstab? I'm not sure why this service unit is enabled by default; and if we can either go without it on the desktop, or if there's some other way to make it better, because nearly doubling the boot time doesn't seem reasonable. -- Chris Murphy

2 years, 1 month

12
32
0 / 0

Self Introduction: Yunmei Li

by Yunmei LI

Hi All: I am Yunmei Li and I am working at Zilliz as a DevOps engineer. I am an active contributor to the Milvus Vector Database project. Zilliz is an open-source software company dedicated to unstruc

2 years, 1 month

4
6
0 / 0

Orphaning a set of packages

by Fabian Deutsch

Hey, due to the lack of time I'm orphaning the following set of packages: augeas-vala clpeak gimp-fourier-plugin gocl python-uinput Feel free to step up and take them. Greetings - fabian

2 years, 1 month

2
1
0 / 0

List of long term FTBFS packages to be retired tomorrow

by Miro Hrončok

Dear maintainers. Based on the current fail to build from source policy, the following packages should be retired from Fedora 36 approximately one week before branching. However, 5 weekly reminders are required and I forgot to start this sooner, hence the retirement will happen tomorrow, i.e. March 1st 2022. Since this is after the Beta Freeze, I will skip retiring components with depending packages. Such components (if any) will be retired during the next release cycle, and are included in this report for completeness. Policy: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... The packages in rawhide were not successfully built at least since Fedora 33. This report is based on dist tags. Packages collected via: https://github.com/hroncok/fedora-report-ftbfs-retirements/blob/master/ft... If you see a package that was built, please let me know. If you see a package that should be exempted from the process, please let me know and we can work together to get a FESCo approval for that. If you see a package that can be rebuilt, please do so. Package (co)maintainers ========================================================================== libicu65 pwalter rubygem-cucumber-rails orphan rubygem-sup dcallagh, jaruga, ruby-packagers-sig, shreyankg tmux-top ttomecek All listed packages are leaf packages, nothing depends on them. Affected (co)maintainers dcallagh: rubygem-sup jaruga: rubygem-sup pwalter: libicu65 ruby-packagers-sig: rubygem-sup shreyankg: rubygem-sup ttomecek: tmux-top -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

2 years, 1 month

2
3
0 / 0

GNOME only: KeepassXC quirks

by Germano Massullo

KeepassXC comaintainer here. There are many Fedora GNOME Wayland users experiencing quirks in using KeepassXC. Textboxes not showing text that is being written, other quirks with GNOME, etc. Upstream developers said many times that this only happen with Fedora users. Myself I do use KDE Spin and I do not experience these issues (tested on Wayland too) I don't paste bugs titles since they are misleading https://bugzilla.redhat.com/show_bug.cgi?id=1925130 https://bugzilla.redhat.com/show_bug.cgi?id=1941731 (CentOS 8) https://bugzilla.redhat.com/show_bug.cgi?id=1954742 https://github.com/keepassxreboot/keepassxc/issues/5608 plus others that I cannot find again at the moment I would like to ask if you have any idea about why this happens on GNOME only (and not on other distros too) Thank you

2 years, 1 month

10
30
1 / 0

Release criteria proposal: networking requirements

by Adam Williamson

Hi folks! So at this week's blocker review meeting, the fact that we don't have explicit networking requirements in the release criteria really started to bite us. In the past we have squeezed networking-related issues in under other criteria, but for some issues that's really difficult, notably VPN issues. So, we agreed we should draft some explicit networking criteria. This turns out to be a big area and quite hard to cover (who'd've thought!), but here is at least a first draft for us to start from. My proposal would be to add this to the Basic criteria. I have left out some wikitext stuff from the proposal for clarity; I'd add it back in on actually applying the proposed changes. It's just formatting stuff, nothing that'd change the meaning. Anyone have thoughts, complaints, alternative approaches, supplements? Thanks! === Network requirements === Each of these requirements apply to both installer and installed system environments. For any given installer environment, the 'default network configuration tools' are considered to be those the installer documents as supported ways to configure networking (e.g. for anaconda-based environments, configuration via kernel command line options, a kickstart, or interactively in anaconda itself are included). ==== Basic networking ==== It must be possible to establish both IPv4 and IPv6 network connections using DHCP and static addressing. The default network configuration tools for the console and for release-blocking desktops must work well enough to allow typical network connection configuration operations without major workarounds. Standard network functions such as address resolution and connections with common protocols such as ping, HTTP and ssh must work as expected. Footnote titled "Supported hardware": Supported network hardware is hardware for which the Fedora kernel includes drivers and, where necessary, for which a firmware package is available. If support for a commonly-used piece or type of network hardware that would usually be present is omitted, that may constitute a violation of this criterion, after consideration of the [[Blocker_Bug_FAQ|hardware-dependent- issues|normal factors for hardware-dependent issues]]. Similarly, violations of this criteria that are hardware or configuration dependent are, as usual, subject to consideration of those factors when determining whether they are release-blocking ==== VPN connections ==== Using the default network configuration tools for the console and for release-blocking desktops, it must be possible to establish a working connection to common OpenVPN, openconnect-supported and vpnc-supported VNC servers with typical configurations. Footnote title "Supported servers and configurations": As there are many different VPN server applications and configurations, blocker reviewers must use their best judgment in determining whether violations of this criterion are likely to be encountered commonly enough to block a release, and if so, at which milestone. As a general principle, the more people are likely to use affected servers and the less complicated the configuration required to hit the bug, the more likely it is to be a blocker. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net

2 years, 1 month

9
22
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

devel February 2022