Re: Changes to Bugzilla API key requirements
by Kevin Kofler
Ben Cotton wrote:
> Red Hat Bugzilla has introduced a 12 month lifetimes for API keys. You
> must replace your API keys at least once a year. Additionally, any API
> key that is not used for 30 days will be suspended but can be
> re-enabled on the account's preferences tab.
So Red Hat Bugzilla API use again got unfriendlier.
The previous change was already unacceptable IMHO (going as far as
invalidating any passwords accidentally attempted to be used through the
API!), this makes it even worse.
IMHO, Fedora really needs its own bug tracker that is not driven by this
kind of enterprise-grade security requirements.
Kevin Kofler
1 year, 2 months
c++ packaging of contour terminal and libunicode
by Felix Wang
spec file URL of libunicode: https://gist.githubusercontent.com/topazus/e30b83d669600756894a77b5258c94...
spec file URL of contour: https://gist.githubusercontent.com/topazus/f81005cb85762ce2cf6e138f0b1ced...
Descriptions about problems:
I first build libunicode dependency using my spec file and install it on my machine.
Then I try build contour terminal. It failed with the following errors:
```
[ 10%] Linking CXX static library libtext_shaper.a
cd /home/ruby/rpmbuild/BUILD/contour-98c8c0d0e96dc7c56ee06b4e8bfd71a23ae4f4d6/redhat-linux-build/src/text_shaper && /usr/bin/cmake -P CMakeFiles/text_shaper.dir/cmake_clean_target.cmake
cd /home/ruby/rpmbuild/BUILD/contour-98c8c0d0e96dc7c56ee06b4e8bfd71a23ae4f4d6/redhat-linux-build/src/text_shaper && /usr/bin/cmake -E cmake_link_script CMakeFiles/text_shaper.dir/link.txt --verbose=1
/usr/bin/ar qc libtext_shaper.a CMakeFiles/text_shaper.dir/font.cpp.o CMakeFiles/text_shaper.dir/font_locator_provider.cpp.o CMakeFiles/text_shaper.dir/fontconfig_locator.cpp.o CMakeFiles/text_shaper.dir/mock_font_locator.cpp.o CMakeFiles/text_shaper.dir/open_shaper.cpp.o CMakeFiles/text_shaper.dir/shaper.cpp.o
/usr/bin/ranlib libtext_shaper.a
gmake[2]: Leaving directory '/home/ruby/rpmbuild/BUILD/contour-98c8c0d0e96dc7c56ee06b4e8bfd71a23ae4f4d6/redhat-linux-build'
[ 10%] Built target text_shaper
/usr/bin/ld: /tmp/ccW09Umc.ltrans0.ltrans.o: warning: relocation against `_ZGVZN8logstore4Sink7consoleEvE8instance' in read-only section `.text.startup'
/usr/bin/ld: /tmp/ccW09Umc.ltrans0.ltrans.o: relocation R_X86_64_PC32 against symbol `_ZTIZN8logstore4SinkC4EbRSoEUlSt17basic_string_viewIcSt11char_traitsIcEEE_' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
gmake[2]: *** [src/crispy/CMakeFiles/crispy-core.dir/build.make:148: src/crispy/libcrispy-core.so] Error 1
gmake[2]: Leaving directory '/home/ruby/rpmbuild/BUILD/contour-98c8c0d0e96dc7c56ee06b4e8bfd71a23ae4f4d6/redhat-linux-build'
gmake[1]: *** [CMakeFiles/Makefile2:267: src/crispy/CMakeFiles/crispy-core.dir/all] Error 2
gmake[1]: Leaving directory '/home/ruby/rpmbuild/BUILD/contour-98c8c0d0e96dc7c56ee06b4e8bfd71a23ae4f4d6/redhat-linux-build'
gmake: *** [Makefile:159: all] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.Eo3xWu (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.Eo3xWu (%build)
```
I also try to build contour from the SOURCE file of contour .spec file, which is
cmake . -DCONTOUR_BUILD_WITH_QT6=ON && make -j6, the above build cmd worked fine. So I doubt the error that appeared in the build process with .spec file is related with the setting build flags with %cmake macros, but I do not know how to modify it? Or the error is relevant with build options in CMakeLists.txt from the upstream repo code?
1 year, 2 months
Update of catch to Catch2 v3
by Tom Hughes
As discussed a few weeks ago the Catch testing framework has
a slightly weird naming scheme, namely:
* Catch (v1.x, actually a branch in Catch2 repository)
* Catch2 v2.x
* Catch2 v3.x
Since Catch2 was released we have had catch1 and catch packages
to support both v1.x and v2.x users.
I have now added catch2 (for Catch2 v2.x) and upgraded the catch
package to Catch2 v3.x in rawhide and f38.
What this means is that if your package uses catch-devel to build
that you probably need to update your BuildRequire to catch2-devel
when you next build it - unless your upstream supports v3.x of
course.
Tom
--
Tom Hughes (tom(a)compton.nu)
http://compton.nu/
1 year, 2 months
Fedora 38 compose report: 20230301.n.0 changes
by Fedora Rawhide Report
OLD: Fedora-38-20230228.n.0
NEW: Fedora-38-20230301.n.0
===== SUMMARY =====
Added images: 0
Dropped images: 2
Added packages: 3
Dropped packages: 0
Upgraded packages: 10
Downgraded packages: 0
Size of added packages: 6.97 MiB
Size of dropped packages: 0 B
Size of upgraded packages: 13.77 MiB
Size of downgraded packages: 0 B
Size change of upgraded packages: 81.23 KiB
Size change of downgraded packages: 0 B
===== ADDED IMAGES =====
===== DROPPED IMAGES =====
Image: Kinoite dvd-ostree ppc64le
Path: Kinoite/ppc64le/iso/Fedora-Kinoite-ostree-ppc64le-38-20230228.n.0.iso
Image: Silverblue dvd-ostree x86_64
Path: Silverblue/x86_64/iso/Fedora-Silverblue-ostree-x86_64-38-20230228.n.0.iso
===== ADDED PACKAGES =====
Package: python-rapidfuzz-2.13.7-1.fc38
Summary: Rapid fuzzy string matching in Python and C++ using the Levenshtein Distance
RPMs: python3-rapidfuzz python3-rapidfuzz+full python3-rapidfuzz-devel
Size: 6.79 MiB
Package: python-scikit-build-0.16.7-1.fc38
Summary: Improved build system generator for Python C/C++/Fortran/Cython extensions
RPMs: python3-scikit-build
Size: 151.66 KiB
Package: python-trove-classifiers-2023.2.20-1.fc38
Summary: Canonical source for classifiers on PyPI (pypi.org)
RPMs: python3-trove-classifiers
Size: 25.34 KiB
===== DROPPED PACKAGES =====
===== UPGRADED PACKAGES =====
Package: gnome-software-44~beta-2.fc38
Old package: gnome-software-44~beta-1.fc38
Summary: A software center for GNOME
RPMs: gnome-software gnome-software-devel gnome-software-rpm-ostree
Size: 10.36 MiB
Size change: 334 B
Changelog:
* Thu Feb 23 2023 Adam Williamson <awilliam(a)redhat.com> - 44~beta-2
- Backport MR #1635 to fix update notifications
Package: kf5-kidletime-5.103.0-2.fc38
Old package: kf5-kidletime-5.103.0-1.fc38
Summary: KDE Frameworks 5 Tier 1 integration module for idle time detection
RPMs: kf5-kidletime kf5-kidletime-devel
Size: 442.01 KiB
Size change: 57.10 KiB
Changelog:
* Thu Feb 23 2023 Marc Deop i Argem�� <marcdeop(a)fedoraproject.org> - 5.103.0-2
- Add missing BuildRequires.
- Add KF5IdleTimeWaylandPlugin.so file.
Package: pkgconf-1.8.0-6.fc38
Old package: pkgconf-1.8.0-5.fc38
Summary: Package compiler and linker metadata toolkit
RPMs: libpkgconf libpkgconf-devel pkgconf pkgconf-m4 pkgconf-pkg-config
Size: 521.22 KiB
Size change: -1.11 KiB
Changelog:
* Wed Feb 22 2023 Neal Gompa <ngompa(a)fedoraproject.org> - 1.8.0-6
- Drop dependency on system-rpm-config (#2172406)
Package: poetry-1.3.2-2.fc38
Old package: poetry-1.2.2-4.fc38
Summary: Python dependency management and packaging made easy
RPMs: poetry python3-poetry
Size: 603.47 KiB
Size change: 13.44 KiB
Changelog:
* Mon Feb 20 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 1.3.2-1
- Update to 1.3.2
* Mon Feb 20 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 1.3.2-2
- Update to 1.3.2 - disable bootstrap
Package: python-cleo-2.0.1-1.fc38
Old package: python-cleo-1.0.0~a5-2.fc38
Summary: Create beautiful and testable command-line interfaces
RPMs: python3-cleo
Size: 235.26 KiB
Size change: -409 B
Changelog:
* Tue Feb 21 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 2.0.1-1
- Update to 2.0.1
Package: python-crashtest-0.4.1-1.fc38
Old package: python-crashtest-0.3.1-9.fc38
Summary: Manage Python errors with ease
RPMs: python3-crashtest
Size: 33.08 KiB
Size change: 274 B
Changelog:
* Tue Feb 21 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 0.4.1-1
- Update to 0.4.1
Package: python-poetry-core-1.4.0-1.fc38
Old package: python-poetry-core-1.3.2-2.fc38
Summary: Poetry PEP 517 Build Backend
RPMs: python3-poetry-core
Size: 1.21 MiB
Size change: 25.80 KiB
Changelog:
* Mon Feb 20 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 1.4.0-1
- Update to 1.4.0
Package: python-poetry-plugin-export-1.3.0-2.fc38
Old package: python-poetry-plugin-export-1.1.2-2.fc38
Summary: Poetry plugin to export the dependencies to various formats
RPMs: python3-poetry-plugin-export
Size: 34.74 KiB
Size change: -41 B
Changelog:
* Mon Feb 20 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 1.3.0-1
- Update to 1.3.0
* Mon Feb 20 2023 Tom���� Hrn��iar <thrnciar(a)redhat.com> - 1.3.0-2
- Update to 1.3.0 - without bootstrap
Package: rust-gio-0.16.7-2.fc38
Old package: rust-gio-0.16.7-1.fc38
Summary: Rust bindings for the Gio library
RPMs: rust-gio+default-devel rust-gio+dox-devel rust-gio+v2_58-devel rust-gio+v2_60-devel rust-gio+v2_62-devel rust-gio+v2_64-devel rust-gio+v2_66-devel rust-gio+v2_68-devel rust-gio+v2_70-devel rust-gio+v2_72-devel rust-gio+v2_74-devel rust-gio-devel
Size: 312.34 KiB
Size change: 1.14 KiB
Changelog:
* Tue Feb 21 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.16.7-2
- Bump serial_test dev-dependency from 0.9 to 1
Package: rust-serial_test-1.0.0-2.fc38
Old package: rust-serial_test-1.0.0-1.fc38
Summary: Allows for the creation of serialised Rust tests
RPMs: rust-serial_test+async-devel rust-serial_test+default-devel rust-serial_test+file_locks-devel rust-serial_test+fslock-devel rust-serial_test+futures-devel rust-serial_test+log-devel rust-serial_test+logging-devel rust-serial_test-devel
Dropped RPMs: rust-serial_test+docsrs-devel rust-serial_test+document-features-devel
Size: 73.98 KiB
Size change: -15.31 KiB
Changelog:
* Tue Feb 21 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.0-2
- Re-apply accidentally dropped patch
===== DOWNGRADED PACKAGES =====
1 year, 2 months
New default behaviour at %prep section spec-file
by Vascom
Hi all.
As I noticed Fedora change default behaviour at %prep section of spec-file.
Now by default executed %{set_build_flags} and added "-p1" parameter
to %autosetup for applying patches.
Is it really?
Are there other changes?
When will these changes be included in the Packaging Guidelines?
1 year, 2 months
Feedback wanted for a proposed improvement to RPM's ELF dependency
generator
by Gordon Messmer
Following a recent thread discussing a reproducible failure caused by
mismatched library interfaces, I proposed a change to the RPM ELF
dependency generator. After discussion in the PR, I've provided an
implementation suggested by keszybz@ which would use libtool-style
versions collected from library filenames to provide versioned library
requirements. Before merging that feature, RPM's maintainers are
interested in feedback from a wider audience.
Links to the earlier thread and to the PR, as well as details in the
form of a mostly-complete change proposal in wiki format follow:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
https://github.com/rpm-software-management/rpm/pull/2372
= Enable RPM's fallback version generator for ELF dependencies =
{{Change_Proposal_Banner}}
== Summary ==
This change will, over the course of two releases, enable a new feature
in RPM's dependency generator which provides a version number for ELF
shared objects which provide a libtool-style version, but don't provide
versioned symbols. This additional information may cause dependencies
to update when a package that depends on them is installed or updated.
== Detailed Description ==
The current ELF dependency generator examines ELF binaries and prints a
list of virtual packages that represent the libraries required in order
to run the binary. For libraries that use versioned symbols, the
dependency generator provides information about the symbol versions
required, ensuring that all of the required interfaces are present in
dependencies during package installation. However, for libraries that
do not provide versioned symbols, the resulting dependencies express
effectively only the major version of the interface. That limitation
can result in rpm installing a package set that meets all of the rpm
dependencies of each package, but attempts to run the installed binaries
will fail.
For example, Fedora 37 was released with libnghttp2-1.49.0, and later
updated to libnghttp2-1.51.0. The latter release introduced a new
interface and increased its libtool version appropriately. After that
update, libsoup3 was rebuilt, and gained a dependency on the new
interface. However, because the soname was the same, rpm had no way to
represent the new dependency, so both the old and new build of libsoup3
required "libnghttp2.so.14()(64bit)". One way this could cause a
reproducible failure is to construct a system from the Fedora 37 release
media (or start a Fedora 37 container). libnghttp2 is installed by
default, as a dependency of curl, but libsoup3 is not. If you then
install any package that uses libsoup3 (e.g. chezdav), the binaries
provided by that package will fail to start, because the runtime linker
cannot resolve all symbols.
The curl package appears to have had this problem more than once, and
addresses it by querying the package version of selected dependencies
and creating additional dependency statements based on their package
version. However, the versioned dependency on libnghttp2 was added
after the release of Fedora 37.
Another failure case, and one that affected real users, was to install
Fedora 37 Workstation and enable the node14 modular repo. That repo
provided a build of libnghttp2 of its own which wasn't updated when
Fedora updated its primary libnghttp2 package to 1.51.0. Because
modular repos filter their package sets out of other repos, updating the
system as a whole would not update libnghttp2, but would update
libsoup3. That update would break gdm, leaving users unable to log in
to the graphical interface.
This change would make manual, selected versioned dependencies
unnecessary by generating them automatically for any package that
provides libtool-style versioned shared objects. (Though, again,
objects that provide versioned symbols are excluded, because versioned
symbols are already handled properly, and are the preferred mechanism.)
== Feedback ==
== Benefit to Fedora ==
This change will make package updates and installation more reliable,
reducing the risk that selectively installing an update (as in the case
of users who use "dnf update --security") or installing a single new
package will result in binaries that do not work. It will also make the
use of modular repos more reliable, by preventing packages from updating
if one of their dependencies is likely to lack symbols needed by
packages which are not provided by a modular repo.
== Scope ==
* Proposal owners:
In order to complete this change, the "_elf_provide_fallback_versions"
macro must be enabled, and all packages must be rebuilt in order to
"provide" versioned libraries. In a subsequent release, the
"_elf_require_fallback_versions" macro must be enabled, and all packages
must be rebuilt in order to "require" versioned libraries.
* Other developers:
Other developers are not expected to make any specific changes, though
if any package is manually creating versioned dependencies (as the curl
package is), they can remove those and rely on the internal dependency
generator when the change is complete.
A mass rebuild is required for this feature.
== Upgrade/compatibility impact ==
Packages built on a system where the _elf_require_fallback_versions
macro was enabled would not be usable on a system that was built without
the _elf_provide_fallback_versions macro enabled.
Packages built on a system without the _elf_provide_fallback_versions
could not be used on Fedora as replacements or alternatives to Fedora
dependencies, after the _elf_require_fallback_versions macro was enabled
in Fedora.
== How To Test ==
Ensure that system installations work as expected. Ensure that new
packages can be installed. Ensure that updates can be applied.
Test that there are no unexpected old packages, which might have been
skipped in an update due to unsatisfied dependencies.
== User Experience ==
Most users will not notice this change, though they may see a dependency
resolution error if they attempt to install a package whose binary
dependencies aren't met.
== Dependencies ==
Because this change may affect compatibility with third party repos,
Fedora should notify any known repos of this change, so that they can
enable those macros in the same release as Fedora. Repos that provide
only leaf packages or leaf packages and their own dependencies would not
be affected, but any repo that provides a package meant to serve as an
alternative to a Fedora package would be affected. In particular,
rpmfusion would need to enable the _elf_provide_fallback_versions macro
in order to provide packages that would be usable on a Fedora system.
== Contingency Plan ==
* Contingency mechanism: Reverting the change would require disabling
the macro and a mass rebuild.
* Contingency deadline: Beta freeze.
* Blocks release? Yes
== Documentation ==
Some documentation regarding the feature is included in the
docs/manual/more_dependencies.md file in the PR.
== Release Notes ==
Fedora has begun to improve rpm dependency information to make it more
detailed. Libraries that make use of versioned symbols are already well
supported in rpm, and reliably ensure that a library offers the
interfaces that packages that depend on it actually require in order to
run. For the large body of libraries that do not provide versioned
symbols, rpm will begin making use of the libtool-style version encoded
in the filename to ensure that packages that provide ELF binaries
indicate a minimum version of their library dependencies which matches
the versions present in its build environment.
1 year, 2 months
