Multiple account problem

Hello, I have run into an issue on F39 that I wanted to ask about. I decided that I wanted to develop an application on github from another account to simplify which keys are being used. I created the user acct and used "su - myacct" to login to it. I then tried to import gpg keys and got

Re: What we mean when we talk about "supply chains" [was Re: Three steps we could take to make supply chain attacks a bit harder]

Hello, I have been deleting most of these emails, but I feel like this is a bit myopic. On Tuesday, April 2, 2024 6:25:56 PM EDT Kevin Kofler via devel wrote: > Gary Buhrmaster wrote: > > > And, more importantly, the industry has agreed > > to use the term supply chain. Is the term > >

Re: rpmbuild problem with rust code

Hello, On Monday, February 26, 2024 4:38:35 PM EST Fabio Valentini wrote: > > I've run across a strange problem building a package that has some rust > > files in it. The build goes fine until the end when it starts to check for > > shebangs. It ends like this: > > > > > >

rpmbuild problem with rust code

Hello, I've run across a strange problem building a package that has some rust files in it. The build goes fine until the end when it starts to check for shebangs. It ends like this: /usr/src/debug/suricata-7.0.3-1.fc41.x86_64/rust/vendor/alloc-no-stdlib/src/ lib.rs has shebang which doesn't

auditd systemd preset

Hello, I have a procedural question. Auditd-4.0 is ready for release. One of the major changes is splitting rule loading from logging in the service. IOW, it was one service doing both and now would be two services. Auditd would depend on the rule loader, but the rule loader would not depend

Re: libcap-ng upcoming change

On Monday, December 18, 2023 1:40:55 PM EST Tomasz Kłoczko wrote: > On Mon, 18 Dec 2023 at 18:18, Steve Grubb wrote: > > Hello, > > > > I wanted to ask about the right tactic to make a change in Fedora 40. > > Libcap- > > ng is ready for a new release. I w

libcap-ng upcoming change

Hello, I wanted to ask about the right tactic to make a change in Fedora 40. Libcap- ng is ready for a new release. I want to remove a Fedora only patch that allows an errant call to capng_apply to succeed. Back in Oct 2020, a bug was reported upstream where the user needed to know that a call

Re: Help packaging PyTorch dependencies for Fedora

On Monday, December 11, 2023 4:59:45 AM EST Tim Flink wrote: > On 12/8/23 08:34, Steve Grubb wrote: > > On Friday, December 8, 2023 12:41:59 AM EST Jun Aruga (he / him) wrote: > > > >> Congratulations for the PyTorch package! > >> https://src.fedoraproject.org/r

Re: goal: booting with an empty /etc

On Friday, December 8, 2023 11:57:55 AM EST Adam Williamson wrote: > On Fri, 2023-12-08 at 11:49 -0500, Steve Grubb wrote: > > On Friday, December 8, 2023 11:23:29 AM EST Zbigniew Jędrzejewski-Szmek > > wrote: > > > > > But yeah, there'll always be a few &q

Re: goal: booting with an empty /etc

On Friday, December 8, 2023 11:23:29 AM EST Zbigniew Jędrzejewski-Szmek wrote: > But yeah, there'll always be a few "special" files. But that's fine, > we have mechanisms to handle those. For the other 99%, we should > move them out of /etc. The problem is that there would need to be a standard

Re: Help packaging PyTorch dependencies for Fedora

On Friday, December 8, 2023 12:41:59 AM EST Jun Aruga (he / him) wrote: > Congratulations for the PyTorch package! > https://src.fedoraproject.org/rpms/python-torch > > I hope someone will announce this great achievement to the Fedora > community too, and update the following page too. >

Re: Ancient compilation flags in my pkg - still needed ?

On Thursday, November 30, 2023 5:47:57 AM EST Michal Schorm wrote: > I have this line in the SPECfile of 'mariadb' package: > > CFLAGS="$CFLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" > > I read through these macros explanations: > >

Re: DNF5: Checking signatures of packages installed out of a repository?

Hello all, On Tuesday, November 14, 2023 8:16:39 AM EST Christopher wrote: > On Tue, Nov 14, 2023 at 8:03 AM Jaroslav Mracek > wrote: > > > > I believe that one of the strong complains was related to not signed > > packages. The use case is that when I build RPMs locally and then I > > install

Re: Manual step in upgrade process for a FSWC

On Wednesday, August 30, 2023 5:59:18 AM EDT Iker Pedrosa wrote: > Hi, > > I intend to switch pam_userdb's database provider from BerkeleyDB to GDBM > and I'm writing a Fedora System-Wide Change > for Fedora 40. > The upgrade process

Re: Fedora CoreOS Meeting Minutes 2023-08-23

Hello, On Wednesday, August 23, 2023 2:27:40 PM EDT Steven Presti wrote: > * New Package Request: audit (spresti, 17:04:16) > * LINK: https://github.com/coreos/fedora-coreos-tracker/issues/1362 > (spresti, 17:04:29) > * LINK: >

Re: Dropping of sshd.socket unit

On Friday, August 4, 2023 8:42:18 AM EDT Chris Adams wrote: > Once upon a time, Richard W.M. Jones said: > > > The DoS attack is described here: > > > > https://bugs.archlinux.org/task/62248 > > > > ... and it sounds like a bug in systemd. Surely this same attack > > applies to any

Re: Restricting automounting of uncommon filesystems?

On Saturday, July 22, 2023 2:01:34 AM EDT Matthew Garrett wrote: > A discussion within Debian again brought up the problem that: > > 1) Automounting of removable media exposes the kernel to a lot of > untrusted input > 2) Kernel upstream are not terribly concerned with ensuring that kernel >

Re: Towards enabling rpm sysusers integration

On Wednesday, June 28, 2023 10:15:48 AM EDT Lennart Poettering wrote: > On Di, 27.06.23 12:04, Panu Matilainen (pmati...@redhat.com) wrote: > > On 6/22/23 19:55, Steve Grubb wrote: > > > > https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format > > >

Re: F39 Change Proposal: LibuserDeprecation (System Wide)

On Monday, June 26, 2023 2:47:01 PM EDT Peter Robinson wrote: > On Thu, Jun 22, 2023 at 5:15 PM Aoife Moloney wrote: > > > > > > https://fedoraproject.org/wiki/Changes/LibuserDeprecation > > > > > > > > > > This document represents a proposed Change. As part of the Changes > > process, proposals

Re: Changes to build environment

On Thursday, June 22, 2023 2:11:45 PM EDT Dmitry Belyavskiy wrote: > I usually use smth like > RPM_ARCH=1 RPM_PACKAGE_RELEASE=2 RPM_PACKAGE_VERSION=3 RPM_PACKAGE_NAME=4 > make in this situation and have never got any problem yet. Dmitry, you are a saint. :-) I cannot accept this as the new

Re: Changes to build environment

On Thursday, June 22, 2023 2:14:22 PM EDT Fabio Valentini wrote: > On Thu, Jun 22, 2023 at 7:57 PM Steve Grubb wrote: > > I have switched to F38 and find a couple items annoying. I have a > > workflow that checks things I develop out of github, rolls it up into > > an rpm

Changes to build environment

Hello, I have switched to F38 and find a couple items annoying. I have a workflow that checks things I develop out of github, rolls it up into an rpm, builds it, and runs the results through annocheck. If there is a warning I'd like to investigate, I cd into the build directory. But oops, now

Re: F39 Change Proposal: LibuserDeprecation (System Wide)

On Thursday, June 22, 2023 12:14:28 PM EDT Aoife Moloney wrote: > https://fedoraproject.org/wiki/Changes/LibuserDeprecation > > > This document represents a proposed Change. As part of the Changes > process, proposals are publicly announced in order to receive > community feedback. This proposal

Re: Towards enabling rpm sysusers integration

Hello, On Thursday, June 22, 2023 11:01:28 AM EDT Zbigniew Jędrzejewski-Szmek wrote: > > 2. systemd provides users and groups that are actually owned by the setup > > package. As rpm is now turning non-root file ownership into dependencies, > > systemd could end up pulled in where setup is needed

Re: LibreOffice packages

On Monday, June 5, 2023 1:37:24 PM EDT Stephen Smoogen wrote: > On Mon, 5 Jun 2023 at 13:32, Michael Catanzaro > > wrote: > > On Mon, Jun 5 2023 at 01:13:50 PM -0400, Demi Marie Obenour > > > > wrote: > > > zlib should be added to the standard freedesktop.org runtime if it is > > > not > > >

Re: SecureBoot certificates

On Tuesday, May 30, 2023 10:00:53 PM EDT Chris Murphy wrote: > On Fri, May 26, 2023, at 10:20 AM, Steve Grubb wrote: > > sbattach --detach signature /boot/efi/EFI/BOOT/BOOTX64.EFI > > openssl pkcs7 -inform DER -in signature -text -print_certs > > > shim-certs.txt> &

Re: SecureBoot certificates

On Friday, May 26, 2023 11:18:32 AM EDT Gary Buhrmaster wrote: > On Fri, May 26, 2023 at 2:20 PM Steve Grubb wrote: > > I was poking around a F38 system to look over the Secure Boot > > certificates and found something that may warrant attention. > > I *suspect

SecureBoot certificates

Hello, I was poking around a F38 system to look over the Secure Boot certificates and found something that may warrant attention. sbattach --detach signature /boot/efi/EFI/BOOT/fbx64.efi openssl pkcs7 -inform DER -in signature -text -print_certs > grub-certs.txt Issuer: CN=Fedora

Re: F38 DNF/RPM install errors due to header signatures

On Monday, April 10, 2023 4:01:45 PM EDT Daniel Alley wrote: > >and in 1-2 years, SHA256 > > I've not seen any speculation much less evidence about sha256 being > insecure. Is this a post-quantum-crypto thing? Yes. There are a set of requirements called CNSA 1.0 that is being driven into all

Re: static USERMODEHELPER_PATH

Hello, On Friday, January 6, 2023 10:10:21 AM EST Steve Grubb wrote: > One approach to solving this is to use selinux policy. I was informed > overnight that policy 38.2-1 should now enforce kernel transitions to > specific helper applications. So, maybe this is solved well enough? I c

Re: static USERMODEHELPER_PATH

Hello, On Friday, January 6, 2023 9:33:12 AM EST Lennart Poettering wrote: > On Do, 05.01.23 20:17, Steve Grubb (sgr...@redhat.com) wrote: > > I work on RHEL security problems. I have been looking into a number of > > exploits and I think we have a problem that has

Re: static USERMODEHELPER_PATH

Hello, I want to add some missing information... On Thursday, January 5, 2023 8:43:34 PM EST Ian Kent wrote: > On 6/1/23 09:17, Steve Grubb wrote: > > I work on RHEL security problems. I have been looking into a number of > > exploits and I think we have a problem that has an eas

static USERMODEHELPER_PATH

Hello, I work on RHEL security problems. I have been looking into a number of exploits and I think we have a problem that has an easy fix. We are not using the CONFIG_STATIC_USERMODEHELPER_PATH kernel config option. There are a number of exploits that overwrite the path to modprobe and then

Re: F38 proposal: Shorter Shutdown Timer (System-Wide Change proposal)

On Friday, December 23, 2022 1:34:48 PM EST Alexander Ploumistos wrote: > On Fri, Dec 23, 2022 at 7:21 PM Steve Grubb wrote: > > This is nice, but all I ever seen is a black screen and a spinning > > circle. No text of any kind. If something were written to the console, >

Re: F38 proposal: Shorter Shutdown Timer (System-Wide Change proposal)

Hello, On Friday, December 23, 2022 9:48:22 AM EST Zbigniew Jędrzejewski-Szmek wrote: > On Fri, Dec 23, 2022 at 08:09:56AM +0100, Tomasz Torcz wrote: > > On Thu, Dec 22, 2022 at 05:22:09PM -0500, Steve Grubb wrote: > > > On Thursday, December 22, 2022 1:29:29 PM EST Ada

Re: F38 proposal: Shorter Shutdown Timer (System-Wide Change proposal)

Hello, On Friday, December 23, 2022 6:52:02 AM EST Tom Hughes via devel wrote: > On 23/12/2022 11:45, Naheem Zaffar wrote: > > On Fri, 23 Dec 2022 at 08:26, Vitaly Zaitsev via devel > > mailto:devel@lists.fedoraproject.org>> > > wrote: > > On 23/12/2022 09:20, Mattia Verga via devel wrote:

Re: F38 proposal: Shorter Shutdown Timer (System-Wide Change proposal)

On Thursday, December 22, 2022 1:29:29 PM EST Adam Williamson wrote: > On Thu, 2022-12-22 at 18:44 +0100, Tomasz Torcz wrote: > > > On Thu, Dec 22, 2022 at 12:35:54PM -0500, Ben Cotton wrote: > > > > > https://fedoraproject.org/wiki/Changes/Shorter_Shutdown_Timer > > > > > > This document

Re: Fedora 37: Add kernel parameters that help prevent local exploits

Hello, On Wednesday, May 18, 2022 11:15:16 PM EDT Hellosway Here via devel wrote: > Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 > pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel > command line arguments. This can help prevent local exploits by making

Re: Uninitialized variables and F37

On Monday, May 9, 2022 5:10:07 AM EDT Daniel P. Berrangé wrote: > On Fri, Jan 21, 2022 at 01:04:51PM -0500, Steve Grubb wrote: > > This is a continuation of the discussion from F36 Change: GNU Toolchain > > Update. > > snip. > > > He talks about -ftrivial

Re: Uninitialized variables and F37

Hello, On Monday, May 9, 2022 5:10:07 AM EDT Daniel P. Berrangé wrote: > On Fri, Jan 21, 2022 at 01:04:51PM -0500, Steve Grubb wrote: > > This is a continuation of the discussion from F36 Change: GNU Toolchain > > Update. > > snip. > > > He talks about -ftrivial

Re: Documentation for F15's "Remove SETUID" Change?

Hello, On Tuesday, March 1, 2022 6:43:57 PM EST Michel Alexandre Salim wrote: > The subject of setuid came up in a private conversation recently, and to my > surprise we don't seem to have it documented in the packaging guidelines: > > https://docs.fedoraproject.org/en-US/packaging-guidelines/ >

Re: Gcc-12 and SWIG problem

On Monday, February 21, 2022 2:58:43 PM EST Richard W.M. Jones wrote: > > if (arg2) { > > arg1->bar = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const > > char *)(arg2), sizeof(char)*(size)); > > } else { > > arg1->bar = 0; > > } > > > > which results in > > > > error: cast specifies

Gcc-12 and SWIG problem

Hello, I have a FTBFS package, audit, that has a strange problem that I'd like to run by the devel list. It is a common idiom in the kernel to do something like: struct foo{ unsigned int barlen; char bar[]; }; There are about 80 instances of this in the kernel headers. When

Re: CVE-2021-4034: why is pkexec still a thing?

Hello Mirek, This is the most constructive reply I've seen in this thread. On Monday, January 31, 2022 1:12:50 PM EST Miloslav Trmac wrote: > > But doesn't satisfy our security requirements. If the kernel dbus project > > had been successful, then Linux would have had a rock solid basis to > >

Re: CVE-2021-4034: why is pkexec still a thing?

On Monday, January 31, 2022 5:36:24 AM EST Lennart Poettering wrote: > On Fr, 28.01.22 18:16, Sam Varshavchik (mr...@courier-mta.com) wrote: > > Having said all of that: the suid bit itself is irrelevant. It is nothing > > more than a convenient scapegoat to blame other bugs on. The same bug > >

Re: Uninitialized variables and F37

>> Of course gcc -fsanitize=undefined cannot be used on production code. > > Why not? Will it find too many errors? This discussion is at least 5 years old: https://seclists.org/oss-sec/2016/q1/363 I don't know if the problems have been addressed or if new problems have popped up. The short

Re: Uninitialized variables and F37

Hello Mark, On Thursday, January 27, 2022 5:37:29 AM EST Mark Wielaard wrote: > On Thu, Jan 27, 2022 at 10:41:36AM +0100, Roberto Ragusa wrote: > > On 1/22/22 10:05 PM, Mark Wielaard wrote: > > > So I would give valgrind a 6/6 (100%) score :) > > > > But if the compiler starts copying zeros on

Re: Uninitialized variables and F37

Hello Dave, On Tuesday, January 25, 2022 9:29:53 AM EST David Malcolm wrote: > Steve, thanks for putting together these cases. > > I've filed: > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104224 > against the gcc analyzer upstream to help me track improving the > analyzer on this. > > OK if

Re: Uninitialized variables and F37

On Saturday, January 22, 2022 6:36:01 AM EST Vitaly Zaitsev via devel wrote: > On 21/01/2022 19:04, Steve Grubb wrote: > > Uninitialized variables are a big problem. > > Yes, but as a package maintainer, I don't want to deal with dozens of > crashes after this change. As mu

Re: Uninitialized variables and F37

On Friday, January 21, 2022 11:26:00 PM EST John Reiser wrote: > > It might be worthwhile to have a CFLAG that can tell glibc (or other > > allocators) to substitute something like calloc for malloc. > > The environment variable MALLOC_PERTURB_ has been used by glibc malloc > for over 15 years.

Uninitialized variables and F37

Hello, This is a continuation of the discussion from F36 Change: GNU Toolchain Update. Uninitialized variables are a big problem. They can be sources of information exposure if parts of a buffer are not initialized. They can also cause unexpected execution paths if the attacker can groom the

Re: F36 Change: GNU Toolchain Update (gcc 12, glibc 2.35) (late System-Wide Change proposal)

Hello, On Thursday, January 20, 2022 5:56:04 PM EST Marek Polacek wrote: > > > Are there plans to enable this flag so that all applications, but more > > > importantly the kernel, are hardened against uninitialized stack > > > variables? This is one of the major classes of security bugs that > >

Re: New top-level dir: /state [WAS: Re: F36 Change: Relocate RPM database to /usr (System-Wide Change] proposal)

On Sunday, January 16, 2022 11:16:57 PM EST Chris Murphy wrote: > On Sun, Jan 16, 2022 at 3:59 PM Peter Boy wrote: > > > Am 14.01.2022 um 23:51 schrieb Fabio Valentini : > > > > > > > > > Wait, I thought this change was about making the path consistent > > > within Fedora variants? > > > > The

Re: F36 Change: GNU Toolchain Update (gcc 12, glibc 2.35) (late System-Wide Change proposal)

Hello, On Wednesday, January 5, 2022 5:05:26 PM EST Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/GNUToolchainF36 > > == Summary == > Update the Fedora 36 GNU Toolchain to gcc 12 and glibc 2.35. > > The gcc 12 is currently under development and will be included in > Fedora 36 upon

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

Hello, On Thursday, January 6, 2022 5:20:04 PM EST Demi Marie Obenour wrote: > > It would be better if there was a systemctl solution. Any solution I > > implement will be met with you need to migrate to systemctl. There have > > been multiple bz opened and closed on this. > > What would you

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

Hello, On Thursday, January 6, 2022 3:23:15 PM EST Simo Sorce wrote: > > > There actually is magic in the kernel that records who sent a signal to > > > the audit daemon and the necessary atributes. This functionality has > > > been there since at least 2005. It's not new. > > > > Right, so is

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

Hello, On Thursday, January 6, 2022 1:02:36 PM EST Zbigniew Jędrzejewski-Szmek wrote: > On Thu, Jan 06, 2022 at 08:48:52AM -0800, Adam Williamson wrote: > > On Thu, 2022-01-06 at 16:16 +, Zbigniew Jędrzejewski-Szmek wrote: > > > I know that you said that the scripts are needed because of

Re: F36 Change proposal: No ifcfg by default (Self-Contained Change)

On Wednesday, January 5, 2022 3:17:43 PM EST Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Jan 05, 2022 at 11:37:48AM -0800, Adam Williamson wrote: > > On Wed, 2022-01-05 at 20:19 +0100, Xose Vazquez Perez wrote: > > > Neal Gompa wrote: > > > > > On Wed, Jan 5, 2022 at 9:43 AM Sérgio Basto > > > >

Re: F36 Change: Relocate RPM database to /usr (System-Wide Change proposal)

On Wednesday, December 29, 2021 12:47:43 PM EST Gordon Messmer wrote: > On 12/29/21 07:26, Vitaly Zaitsev via devel wrote: > > On 29/12/2021 16:01, Ben Cotton wrote: > >> Currently, the RPM databases is located in `/var`. Let's move it to > >> `/usr`. The move is already under way in

Re: Unowned system directories

On Wednesday, November 24, 2021 10:42:13 AM EST Rob Crittenden wrote: > What's strange is that /etc/ipa is owned by freeipa-client-common and > freeipa-server-common so I'm not sure how it became orphaned. Is it > possible some of these are leftovers after package install/uninstall? I thought

Re: Unowned system directories

On Wednesday, November 24, 2021 4:51:36 AM EST Miro Hrončok wrote: > >> Should there be a gating or other test that catches this? > > > > I've also noticed this problem, but with old python directories > > lingering after upgrades. > > For example, on my upgraded-from-ages-ago Fedora 35

Re: Unowned system directories

On Tuesday, November 23, 2021 7:11:31 PM EST Maxwell G wrote: > Hi, > > On Tuesday, November 23, 2021 1:37:36 PM CST Steve Grubb wrote: > > Hello, > > > > I am preparing to migate a F35 system to new hardware and was sanity > > checking th

Unowned system directories

Hello, I am preparing to migate a F35 system to new hardware and was sanity checking the whole system. One thing I found was that there are a number of system directories that that are not owned by the package that uses them: /var/cache/ibus /var/cache/PackageKit /var/cache/cups

Re: Firefox Hardware acceleration & VA-API how-to

Hello, On Monday, November 15, 2021 11:02:08 AM EST Nicolas Chauvet wrote: > Le lun. 15 nov. 2021 à 16:06, Steve Grubb a écrit : > ... > > > I use the negativio repository only because I need the whole cuda stack > > including cudnn. > > Totally undeeded, you ca

Re: Firefox Hardware acceleration & VA-API how-to

On Monday, November 15, 2021 8:23:59 AM EST Dominik 'Rathann' Mierzejewski wrote: > Well, nVidia refuses to support VA-API like Intel and AMD do and the > VA-API-to-VDPAU won't help because dmabuf support is still required. > So... tough luck: I can confirm that nvidia acceleration works fine on

Re: F36 Change: Package information on ELF objects (System-Wide Change proposal)

Hello, On Wednesday, November 3, 2021 10:00:05 AM EDT David Sastre wrote: > I assume that the people who worked on it looked into various different > possibilities for its implementation and decide on the current one, but I > have a few questions: > >- Since there are people concerned about

Re: F36 Change: Package information on ELF objects (System-Wide Change proposal)

On Wednesday, October 27, 2021 12:44:27 PM EDT Frank Ch. Eigler wrote: > sgrubb wrote: > > This brings up an interesting tangent (sorry), which I've asked on the > > KDE > > list with no answer. When kontact segfaults, and it does a lot, it starts > > Dr. Konqi and asks if you want to file a

Re: F36 Change: Package information on ELF objects (System-Wide Change proposal)

On Wednesday, October 27, 2021 8:12:43 AM EDT Kevin Kofler via devel wrote: > Daniel P. Berrangé wrote: > > Furthermore as someone dealing with bug reports I don't have access > > to the RPM database. That is on the end user's machine. Often all I > > get is a core dump attached to a bug report,

Re: libcurl-minimal

Hello, On Thursday, October 14, 2021 6:51:54 AM EDT Kamil Dudka wrote: > > what is the plan with introduction of libcurl-minimal in Fedora? > > I proposed to use libcurl-minimal and curl-minimal in minimal base images > half a year ago but there has been no reply so far: > >

Re: Mangling shebangs in text files: How to detect them, bug in the current implementation and possible solutions

On Wednesday, September 22, 2021 5:34:17 PM EDT Miro Hrončok wrote: > > From all the scan that we've done on fullish installs in the past, > > there's > > only 2 others that you might run across: application/x-elc (lisp) and > > application/x-java-applet. > > > > Maybe you just build in logic to

Re: Mangling shebangs in text files: How to detect them, bug in the current implementation and possible solutions

On Wednesday, September 22, 2021 4:26:49 PM EDT Miro Hrončok wrote: > > By chance do you have a pointer to one of those javascript files that is > > misidentified? (Or any other for that matter). I'd like to see what's > > going on and get a fix in place. > > yarnpkg package, %prepped > > $ file

Re: Mangling shebangs in text files: How to detect them, bug in the current implementation and possible solutions

On Wednesday, September 22, 2021 1:46:11 PM EDT Miro Hrončok wrote: > > 4) maybe fapolicyd-cli has better detection? Or at least, its more > > closely > > maintained. It also has it's own ELF detection so that it's stable from > > release to release. > > Not checked whether it has better

Re: Mangling shebangs in text files: How to detect them, bug in the current implementation and possible solutions

Hello, On Wednesday, September 22, 2021 7:21:42 AM EDT Miro Hrončok wrote: > for many releases, Fedora has the brp-mangle-sehbangs BuildRoot Policy > Script that does the following: > > 1) Gets all executable files in the buildroot > 2) Gets all "text" files from those > 3a) Mangles

Re: List of long term FTBFS packages to be retired in August

On Wednesday, June 30, 2021 5:43:10 AM EDT Zbigniew Jędrzejewski-Szmek wrote: > > >radamsa huzaifas, mrniranjan > > >Fedora 32> > > Has no bugzillas, the mass rebuilds builds never finished (they hang for > > days) > > It'd be sad to lose radamsa from the

libcap-ng API problem testing

Hello, Previously I tried to update Fedora to the latest upstream libcap-ng which has better error detection for some problems. Because it caused issues in well known programs, it was patched to not return errors like its previous behavior. I had some time to revisit this over the weekend. I

Re: libcap-ng update coming to rawhide

On Thursday, November 19, 2020 8:32:38 PM EST Adam Williamson wrote: > On Wed, 2020-11-18 at 14:32 -0500, Steve Grubb wrote: > > On Thursday, November 12, 2020 2:45:41 PM EST Steve Grubb wrote: > > The new libcap-ng has been built into rawhide. > > ...and it does break gnome

Re: libcap-ng update coming to rawhide

Hello, The new libcap-ng has been built into rawhide. Cheers, -Steve On Thursday, November 12, 2020 2:45:41 PM EST Steve Grubb wrote: > A new version of libcap-ng is going to be released next week. Normally this > isn't newsworthy, nor is this a soname version bump. But it is imp

Re: Orphaned packages looking for new maintainers (see note about xinetd)

On Wednesday, November 11, 2020 4:51:47 AM EST Petr Pisar wrote: > I believe it's unlikely that somobody will adopt xinetd. It was orphaned > because its maintainer orphaned all his packages. Xinetd is needed because it does the poly-instantiated network connection when Linux is used for MLS

libcap-ng update coming to rawhide

Hello, A new version of libcap-ng is going to be released next week. Normally this isn't newsworthy, nor is this a soname version bump. But it is important to let the broader community know something about it. The behaviour of capng_apply is changing slightly. In the past, capng_apply would

Re: Donate 1 minute of your time to test upgrades from F32 to F33

On Friday, October 2, 2020 3:50:19 AM EDT Miroslav Suchý wrote: > dnf --releasever=33 --setopt=module_platform_id=platform:f33 \ > --enablerepo=updates-testing --enablerepo=updates-testing-modular \ > distro-sync Error: Problem: problem with installed package

readelf seems broken in F33

Hello, I was doing some binary analysis of files in F33 and have run across something odd. readelf -s /usr/sbin/auditd | grep GLIBC produces a lot of output like: 182: 0 FUNCGLOBAL DEFAULT UND [...]@GLIBC_2.2.5 (3) 184: 0 FUNCGLOBAL

Re: Automatic logout due to quota

On Monday, August 3, 2020 12:42:13 PM EDT Robbie Harwood wrote: > > On Saturday, August 1, 2020 1:27:07 PM EDT Steven Grubb wrote: > >> I was using my desktop system when I got logged out. After logging back > >> in, I found this message in my logs: > >> > >> Aug 1 13:08:22 x2 journal[1751]: UID

Re: Automatic logout due to quota

Hello, On Saturday, August 1, 2020 1:27:07 PM EDT Steven Grubb wrote: > I was using my desktop system when I got logged out. After logging back in, > I found this message in my logs: > > Aug 1 13:08:22 x2 journal[1751]: UID 1000 exceeded its 'bytes' quota on > UID 1000. I wrote a script that

Building kernel rpms with KASAN enabled

Hello, What is the best way to build an official Fedora kernel SRPM with KASAN=y? TIA, -Steve ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct:

Re: Is allowed in certain cases to override default Fedora compiler flags?

On Wednesday, July 1, 2020 4:47:51 PM EDT Sergio Belkin wrote: > The line in the code is : > > if(upLogPerror) ::write(2,logbuf,n); \ > > Regarding to " format not a string literal and no format arguments > [-Werror=format-security]" message. > Afaik instructions of kind

Re: Fedora 33 System-Wide Change proposal: CompilerPolicy Change

On Friday, June 5, 2020 5:42:36 AM EDT Vít Ondruch wrote: > Dne 05. 06. 20 v 9:52 Kevin Kofler napsal(a): > > > Ben Cotton wrote: > > > >> == Summary == > >> Fedora has historically forced packages to build with GCC unless the > >> upstream project for the package only supported Clang/LLVM.

Re: Location of executable code

Hello, On Friday, May 22, 2020 6:38:55 PM EDT Kevin Kofler wrote: > > But what I'm finding in practice is that cinnamon places its javascript > > there, there are libexec dirs that contain executable code, there are > > python and byte compiled python over there. In short, the system doesn't > >

Re: Location of executable code

On Friday, May 22, 2020 3:19:20 PM EDT David Malcolm wrote: > Your email talks about "application whitelisting" and "executables", > and this thread seems to be getting in to the weeds about things like > the distinction between scripts vs machine code, and modules vs > scripts; code vs data. But

Re: Location of executable code

On Friday, May 22, 2020 4:23:50 PM EDT Przemek Klosowski via devel wrote: > On 5/22/20 1:24 PM, Nico Kadel-Garcia wrote: > > > On Fri, May 22, 2020 at 10:31 AM Steve Grubb wrote: > > > >> I am working on our application whitelisting daemon. > > Interesting con

Re: Location of executable code

On Friday, May 22, 2020 10:39:43 AM EDT Petr Viktorin wrote: > On 2020-05-22 16:30, Steve Grubb wrote: > > Hello, > > > > I am working on our application whitelisting daemon. It uses the rpmdb to > > derive trust in what's on disk. If we use the whole rpmdb, then the &

Location of executable code

Hello, I am working on our application whitelisting daemon. It uses the rpmdb to derive trust in what's on disk. If we use the whole rpmdb, then the number of files is large. So, to prune the amount of entries in the trust db down to a reasonable number, I thought we could jettison anything in

Re: F32 ELF file analysis

On Saturday, April 11, 2020 8:58:48 AM EDT John Reiser wrote: > On 4/11/20 4:38 AM, Kevin Kofler wrote: > > Steve Grubb wrote: > >> readelf -s $f 2>/dev/null | grep FUNC | egrep > >> 'seccomp_rule_add|seccomp' > > > > Since seccomp is a substring of sec

Re: F32 ELF file analysis

On Wednesday, April 8, 2020 11:11:36 AM EDT David Cantrell wrote: > >Just wanted to share with everyone the results of a data collection on > >various metrics of ELF files when installing just @Core group. > > > >http://people.redhat.com/sgrubb/analysis/f32-analysis.slides.html#/ > > > >I

Re: @core install picking up desktop packages

On Tuesday, April 7, 2020 11:24:28 AM EDT Adam Williamson wrote: > On Sat, 2020-04-04 at 06:55 +0200, Jan Pazdziora wrote: > > On Fri, Apr 03, 2020 at 03:12:35PM +0200, Petr Pisar wrote: > > > Maybe libsecret spec could provide an empty libsecret-never-fail > > > subpackage that would hard-require

Re: F32 ELF file analysis

0 v 18:03 Steve Grubb napsal(a): > > Just wanted to share with everyone the results of a data collection on > > various metrics of ELF files when installing just @Core group. > > > > > > > > http://people.redhat.com/sgrubb/analysis/f32-analysis.slides.html#/ > &g

F32 ELF file analysis

Hello, Just wanted to share with everyone the results of a data collection on various metrics of ELF files when installing just @Core group. http://people.redhat.com/sgrubb/analysis/f32-analysis.slides.html#/ I recommend clicking on the "pop out" link and then you have more room to see the

Re: @core install picking up desktop packages

On Thursday, April 2, 2020 2:59:33 PM EDT Stephen Gallagher wrote: > On Thu, Apr 2, 2020 at 2:50 PM Steve Grubb wrote: > > On Thursday, April 2, 2020 1:55:10 PM EDT Adam Jackson wrote: > > > On Thu, 2020-04-02 at 13:24 -0400, Steve Grubb wrote: > > > > I've

Re: @core install picking up desktop packages

On Thursday, April 2, 2020 1:55:10 PM EDT Adam Jackson wrote: > On Thu, 2020-04-02 at 13:24 -0400, Steve Grubb wrote: > > > Hello, > > > > I've been doing some testing of F32 and was curious about something. I > > have a kickstart file that just installs @core to

@core install picking up desktop packages

Hello, I've been doing some testing of F32 and was curious about something. I have a kickstart file that just installs @core to be a minimal system. While looking over the resulting system, there are fonts, wayland, gtk3 and others. Is this intentional? The system probably doesn't have

Re: __pycache__ in /usr/share

On Tuesday, March 3, 2020 12:45:08 PM EST Robbie Harwood wrote: > Steve Grubb writes: > > Hello, > > > > We are working on Application Whitelisting. For this to work, we need > > to have a list of things that we trust. At the moment, that list is > > well over

  1   2   3   >