Re: Verifying a Fedora-33 Image

[Todd Zullinger]

Matthew Miller wrote:
> GPG's concept of trust is ... well-meaning, but not user friendly. You can
> trust the key you just imported because you just downloaded it from the
> official Fedora website via https. GPG, however, does not know that. So, it
> gives this error. You can use the `gpg --edit-key` command to tell it to
> trust this key, if you wanto to not get that warning.

It's a shame that gpgv doesn't support ascii-armored
keyrings¹, or we could save a step and suggest:

$ curl -O https://getfedora.org/static/fedora.gpg
$ gpgv --keyring ./fedora.gpg CHECKSUM

As it is, we'd need to either suggest de-armoring the
keyring first or switch to provide a non-armored fedora gpg
keyring on the website.  Doing the latter would seem like an
easy win in terms of making the verification steps simpler.
And we could always keep the ascii-armored content as
fedora.asc if we wanted.

I don't know why we name the keyring fedora.gpg and not
fedora.asc since it's ascii-armored, to be honest.

(I contributed to the website code surrounding the
verification steps many years ago, and I still don't recall
why that's the case.  It appears that I had the --armor
option in the initial version of the update-gpg-keys script
I contributed.  That might have just been keeping the
status-quo, as the fedora.gpg file existed prior to the
script, it was simply managed much more manually.)

If fedora.gpg was not ascii-armored, the above gpgv command
looks like this:

$ gpgv --keyring ./fedora.gpg Fedora-Spins-33-1.2-x86_64-CHECKSUM 
gpgv: Signature made Fri Oct 23 15:09:07 2020 UTC
gpgv:using RSA key 963A2BEB02009608FE67EA4249FD77499570FF31
gpgv: Good signature from "Fedora (33) 
"

Alternately, we _could_ suggest adding `--trust-model
always` to the gpg command, though that still prints a
warning:

$ gpg --trust-model always --verify-files 
Fedora-Spins-33-1.2-x86_64-CHECKSUM 
gpg: Signature made Fri Oct 23 15:09:07 2020 UTC
gpg:using RSA key 963A2BEB02009608FE67EA4249FD77499570FF31
gpg: Good signature from "Fedora (33) 
" [unknown]
gpg: WARNING: Using untrusted key!

¹ https://dev.gnupg.org/T2290 has been around for years and
  was just lowered in priority yesterday -- in case anyone
  feels like submitting a patch. ;)

-- 
Todd


signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Verifying a Fedora-33 Image

[George N. White III]

On Thu, 11 Feb 2021 at 15:31, Matthew Miller 
wrote:

> On Thu, Feb 11, 2021 at 08:52:51AM -0800, Jonathan Ryshpan wrote:
> > The verification fails with this message:
> > $ gpg --verify-files *-CHECKSUM
> > gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
> > gpg:using RSA key
> > 963A2BEB02009608FE67EA4249FD77499570FF31
> > gpg: Good signature from "Fedora (33)
> > " [unknown]
> > gpg: WARNING: This key is not certified with a trusted signature!
> > gpg:  There is no indication that the signature belongs to the
> > owner.
> > Primary key fingerprint: 963A 2BEB 0200 9608 FE67  EA42 49FD 7749 9570
> > FF31
> > This doesn't look good.  How can I verify the CHECKSUM file?
>
> GPG's concept of trust is ... well-meaning, but not user friendly. You can
> trust the key you just imported because you just downloaded it from the
> official Fedora website via https. GPG, however, does not know that. So, it
> gives this error. You can use the `gpg --edit-key` command to tell it to
> trust this key, if you wanto to not get that warning.
>

You don't use the key that often, and there is the small possibility that a
compromise is discovered and the key is no longer trusted.  Being a bit
more careful/paranoid, check that the signature still matches the
current official Fedora website via https.

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Verifying a Fedora-33 Image

[Matthew Miller]

On Thu, Feb 11, 2021 at 08:52:51AM -0800, Jonathan Ryshpan wrote:
> The verification fails with this message:
> $ gpg --verify-files *-CHECKSUM
> gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
> gpg:    using RSA key
> 963A2BEB02009608FE67EA4249FD77499570FF31
> gpg: Good signature from "Fedora (33)
> " [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 963A 2BEB 0200 9608 FE67  EA42 49FD 7749 9570
> FF31
> This doesn't look good.  How can I verify the CHECKSUM file?

GPG's concept of trust is ... well-meaning, but not user friendly. You can
trust the key you just imported because you just downloaded it from the
official Fedora website via https. GPG, however, does not know that. So, it
gives this error. You can use the `gpg --edit-key` command to tell it to
trust this key, if you wanto to not get that warning.


-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Verifying a Fedora-33 Image

[George N. White III]

On Thu, 11 Feb 2021 at 12:54, Jonathan Ryshpan  wrote:

> I have downloaded the Fedora-33 KDE spin and am attempting to verify it.
> Following the instructions (appended below for convenience) I have:
>
>- Imported the keys using curl (where do they go?) and
>- Verified the CHECKSUM file using gpg
>
>
> The verification fails with this message:
> $ gpg --verify-files *-CHECKSUM
> gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
> gpg:using RSA key 963A2BEB02009608FE67EA4249FD77499570FF31
> gpg: Good signature from "Fedora (33) "
> [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:  There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 963A 2BEB 0200 9608 FE67  EA42 49FD 7749 9570 FF31
> This doesn't look good.  How can I verify the CHECKSUM file?
>

Check the fingerprint against fingerprints of Fedora current keys at the
bottom of the
https://getfedora.org/security/ page.
Fedora 33  id: 4096R/9570FF31 2020-01-28 Fingerprint: 963A 2BEB 0200 9608
FE67 EA42 49FD 7749 9570 FF31


>
> *Verification instructions from https://spins.fedoraproject.org/en/verify
>  follow:*
> Next, import Fedora's GPG key(s):
>
> $ curl https://getfedora.org/static/fedora.gpg | gpg --import
>
> You can verify the details of the GPG key(s) here
> .
> Now, verify that the CHECKSUM file is valid:
>
> $ gpg --verify-files *-CHECKSUM
>
> The CHECKSUM file should have a good signature from one of the following
> keys:
>
>- 12C944D0 - Fedora 32
>   - 3C3359C4 - Fedora 31
>   - CFC659B9 - Fedora 30
>   - DBBDCF7C - IOT 2019
>
> Finally, now that the CHECKSUM file has been verified, check that the
> image's checksum matches:
>
> $ sha256sum -c *-CHECKSUM
>
> If the output states that the file is valid, then it's ready to use!
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>


-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Pipewire-pulseaudio does not detect microphone

[Paul Smith]

On Thu, Feb 11, 2021 at 5:57 PM Ed Greshko  wrote:
>
> >> You may want to ask on the "test" list as well as adding a comment to
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1906086
> >>
> > Slight correction: please don't comment on that bug. It would be
> > better to file a new bug that blocks 1906086.

Thanks, Ben. Done:

https://bugzilla.redhat.com/show_bug.cgi?id=1927891

Paul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Pipewire-pulseaudio does not detect microphone

[Ed Greshko]

On 11/02/2021 22:54, Ben Cotton wrote:

On Thu, Feb 11, 2021 at 8:59 AM Ed Greshko  wrote:

You may want to ask on the "test" list as well as adding a comment to
https://bugzilla.redhat.com/show_bug.cgi?id=1906086


Slight correction: please don't comment on that bug. It would be
better to file a new bug that blocks 1906086.



Thanks for that.  I misunderstood the process.

--
People who believe they don't make mistakes have already made one.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Announcing 389 Directory Server 1.4.3.19

[thierry bordaz]

   389 Directory Server 1.4.3.19

The 389 Directory Server team is proud to announce 389-ds-base version 
1.4.3.19


Fedora packages are available on Fedora 32.

https://koji.fedoraproject.org/koji/taskinfo?taskID=61767145 
 - Fedora 32


https://bodhi.fedoraproject.org/updates/FEDORA-2021-e55a8d7545 
 - Bodhi


The new packages and versions are:

 * 389-ds-base-1.4.3.19-1

Source tarballs are available for download at Download 
389-ds-base Source 




 Highlights in 1.4.3.19

 * Bug and Security fixes


 Installation and Upgrade

See Download  for 
information about setting up your yum repositories.


To install the server use *dnf install 389-ds-base*

To install the Cockpit UI plugin use *dnf install cockpit-389-ds*

After rpm install completes, run *dscreate interactive*

For upgrades, simply install the package. There are no further 
steps required.


There are no upgrade steps besides installing the new rpms

See Install_Guide 
 for 
more information about the initial installation and setup


See Source  
for information about source tarballs and SCM (git) access.



 New UI Progress (Cockpit plugin)

The new UI is complete and QE tested.


 Feedback

We are very interested in your feedback!

Please provide feedback and comments to the 389-users mailing list: 
https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.org


If you find a bug, or would like to see a new feature, file it in our 
GitHub project: https://github.com/389ds/389-ds-base


 * bump version to 1.4.3.19
 * Issue 4609 - CVE - info disclosure when authenticating
 * Issue 4581 - A failed re-indexing leaves the database in broken
   state (#4582)
 * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
 * Issue 4563 - Failure on s390x: ‘Fails to split RDN “o=pki-tomcat-CA”
   into components’ (#4573)
 * Issue 4526 - sync_repl: when completing an operation in the pending
   list, it can select the wrong operation (#4553)
 * Issue 4324 - Performance search rate: change entry cache monitor to
   recursive pthread mutex (#4569)
 * Issue 5442 - Search results are different between RHDS10 and RHDS11
 * Issue 4548 - CLI - dsconf needs better root DN access control
   plugin validation
 * Issue 4513 - Fix schema test and lib389 task module (#4514)
 * Issue 4534 - libasan read buffer overflow in filtercmp (#4541)

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Verifying a Fedora-33 Image

[Jonathan Ryshpan]

I have downloaded the Fedora-33 KDE spin and am attempting to verify
it.  Following the instructions (appended below for convenience) I
have:
 * Imported the keys using curl (where do they go?) and
 * Verified the CHECKSUM file using gpg

The verification fails with this message:
$ gpg --verify-files *-CHECKSUM
gpg: Signature made Fri 23 Oct 2020 08:09:07 AM PDT
gpg:    using RSA key
963A2BEB02009608FE67EA4249FD77499570FF31
gpg: Good signature from "Fedora (33)
" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 963A 2BEB 0200 9608 FE67  EA42 49FD 7749 9570
FF31
This doesn't look good.  How can I verify the CHECKSUM file?

Verification instructions
from https://spins.fedoraproject.org/en/verify follow:
   Next, import Fedora's GPG key(s):
   $ curl https://getfedora.org/static/fedora.gpg | gpg --import
   You can verify the details of the GPG key(s) here.
   Now, verify that the CHECKSUM file is valid:
   $ gpg --verify-files *-CHECKSUM
   The CHECKSUM file should have a good signature from one of the
   following keys:
- 12C944D0 - Fedora 32
- 3C3359C4 - Fedora 31
- CFC659B9 - Fedora 30
- DBBDCF7C - IOT 2019
   Finally, now that the CHECKSUM file has been verified, check that the
   image's checksum matches:
   $ sha256sum -c *-CHECKSUM
   If the output states that the file is valid, then it's ready to use!
   
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Pipewire-pulseaudio does not detect microphone

[Ben Cotton]

On Thu, Feb 11, 2021 at 8:59 AM Ed Greshko  wrote:
>
> You may want to ask on the "test" list as well as adding a comment to
> https://bugzilla.redhat.com/show_bug.cgi?id=1906086
>
Slight correction: please don't comment on that bug. It would be
better to file a new bug that blocks 1906086.

-- 
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Pipewire-pulseaudio does not detect microphone

[Ed Greshko]

On 11/02/2021 21:36, Paul Smith wrote:

Dear All,

I have installed pipewire-pulseaudio with:

dnf --allowerasing install  pipewire-pulseaudio

And now, the microphone is not detected. Any ideas? Is pipewire
already at an usable stage of development?


My understanding is that the target release is F34.

You may want to ask on the "test" list as well as adding a comment to
https://bugzilla.redhat.com/show_bug.cgi?id=1906086


--
People who believe they don't make mistakes have already made one.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Pipewire-pulseaudio does not detect microphone

[Paul Smith]

Dear All,

I have installed pipewire-pulseaudio with:

dnf --allowerasing install  pipewire-pulseaudio

And now, the microphone is not detected. Any ideas? Is pipewire
already at an usable stage of development?

Thanks in advance,

Paul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure