[arch-dev-public] Signoff report for [testing]
=== Signoff report for [testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 14 new packages in last 24 hours * 0 known bad packages * 0 packages not accepting signoffs * 8 fully signed off packages * 39 packages missing signoffs * 11 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [testing] in last 24 hours (14 total) == * netctl-1.7-1 (any) * zd1211-firmware-1.5-1 (any) * libgpg-error-1.13-1 (i686) * linux-3.14.3-1 (i686) * linux-lts-3.10.39-1 (i686) * libgpg-error-1.13-1 (x86_64) * linux-3.14.3-1 (x86_64) * linux-lts-3.10.39-1 (x86_64) * gdb-7.7.1-1 (i686) * nspr-4.10.5-1 (i686) * ntp-4.2.7.p441-1 (i686) * gdb-7.7.1-1 (x86_64) * nspr-4.10.5-1 (x86_64) * ntp-4.2.7.p441-1 (x86_64) == Incomplete signoffs for [core] (12 total) == * netctl-1.7-1 (any) 0/2 signoffs * zd1211-firmware-1.5-1 (any) 0/2 signoffs * grub-1:2.02.beta2-3 (i686) 0/1 signoffs * libgpg-error-1.13-1 (i686) 0/1 signoffs * linux-3.14.3-1 (i686) 0/1 signoffs * linux-lts-3.10.39-1 (i686) 0/1 signoffs * openvpn-2.3.4-1 (i686) 0/1 signoffs * grub-1:2.02.beta2-3 (x86_64) 1/2 signoffs * libgpg-error-1.13-1 (x86_64) 0/2 signoffs * linux-3.14.3-1 (x86_64) 0/2 signoffs * linux-lts-3.10.39-1 (x86_64) 0/2 signoffs * syslinux-6.03pre11-1 (x86_64) 1/2 signoffs == Incomplete signoffs for [extra] (27 total) == * flickrnet-3.10.0-1 (any) 0/2 signoffs * calligra-2.8.2-2 (i686) 0/1 signoffs * cups-filters-1.0.53-2 (i686) 0/1 signoffs * evas_generic_loaders-1.9.0-2 (i686) 0/1 signoffs * gdb-7.7.1-1 (i686) 0/1 signoffs * inkscape-0.48.4-15 (i686) 0/1 signoffs * libreoffice-4.2.4-0.4 (i686) 0/1 signoffs * mariadb-10.0.10-2 (i686) 0/1 signoffs * nspr-4.10.5-1 (i686) 0/1 signoffs * ntp-4.2.7.p441-1 (i686) 0/1 signoffs * poppler-0.26.0-1 (i686) 0/1 signoffs * qemu-2.0.0-2 (i686) 0/1 signoffs * refind-efi-0.7.9-1 (i686) 0/1 signoffs * texlive-bin-2013.30973-10 (i686) 0/1 signoffs * calligra-2.8.2-2 (x86_64) 0/2 signoffs * cups-filters-1.0.53-2 (x86_64) 0/2 signoffs * evas_generic_loaders-1.9.0-2 (x86_64) 0/2 signoffs * gdb-7.7.1-1 (x86_64) 0/2 signoffs * inkscape-0.48.4-15 (x86_64) 0/2 signoffs * libreoffice-4.2.4-0.4 (x86_64) 0/2 signoffs * mariadb-10.0.10-2 (x86_64) 0/2 signoffs * nspr-4.10.5-1 (x86_64) 0/2 signoffs * ntp-4.2.7.p441-1 (x86_64) 0/2 signoffs * poppler-0.26.0-1 (x86_64) 0/2 signoffs * qemu-2.0.0-2 (x86_64) 0/2 signoffs * refind-efi-0.7.9-1 (x86_64) 0/2 signoffs * texlive-bin-2013.30973-10 (x86_64) 0/2 signoffs == Completed signoffs (8 total) == * gawk-4.1.1-1 (i686) * pacman-4.1.2-6 (i686) * syslinux-6.03pre11-1 (i686) * util-linux-2.24.2-1 (i686) * gawk-4.1.1-1 (x86_64) * openvpn-2.3.4-1 (x86_64) * pacman-4.1.2-6 (x86_64) * util-linux-2.24.2-1 (x86_64) == All packages in [testing] for more than 14 days (11 total) == * grub-1:2.02.beta2-3 (i686), since 2014-04-07 * grub-1:2.02.beta2-3 (x86_64), since 2014-04-07 * flickrnet-3.10.0-1 (any), since 2014-04-10 * gawk-4.1.1-1 (i686), since 2014-04-18 * gawk-4.1.1-1 (x86_64), since 2014-04-18 * qemu-2.0.0-2 (i686), since 2014-04-19 * qemu-2.0.0-2 (x86_64), since 2014-04-19 * refind-efi-0.7.9-1 (i686), since 2014-04-21 * refind-efi-0.7.9-1 (x86_64), since 2014-04-21 * syslinux-6.03pre11-1 (i686), since 2014-04-21 * syslinux-6.03pre11-1 (x86_64), since 2014-04-21 == Top five in signoffs in last 24 hours == 1. dan - 2 signoffs
Re: [arch-dev-public] perf-trace missing due to a dependency on libaudit
On 07/05/14 01:07 AM, Daniel Micay wrote: > Sadly, the `perf trace` command has a dependency on libaudit for a few > convenience functions. I'm curious about what people feel the best > approach would be here... adding back audit to [community] is ugly since > it's not going to work, but building it and statically linking it in the > linux-tools package is overly complex. > > The lesser evil seems to be adding only a libaudit package... but it's > still not going to work if someone tries to use it for what it's > intended to do. I'll probably go with this if there's no saner idea. Why not enable audit in your linux-grsec package? Then you can make linux-grsec an optional dependency of the audit userspace tools for people who want to use more than just the convenience functions. I still have an occasional use for audit and the overhead it adds to the kernel is negligible compared to grsecurity itself. signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] perf-trace missing due to a dependency on libaudit
On 07/05/14 05:28 AM, Connor Behan wrote: > On 07/05/14 01:07 AM, Daniel Micay wrote: >> Sadly, the `perf trace` command has a dependency on libaudit for a few >> convenience functions. I'm curious about what people feel the best >> approach would be here... adding back audit to [community] is ugly since >> it's not going to work, but building it and statically linking it in the >> linux-tools package is overly complex. >> >> The lesser evil seems to be adding only a libaudit package... but it's >> still not going to work if someone tries to use it for what it's >> intended to do. I'll probably go with this if there's no saner idea. > Why not enable audit in your linux-grsec package? Then you can make > linux-grsec an optional dependency of the audit userspace tools for > people who want to use more than just the convenience functions. I still > have an occasional use for audit and the overhead it adds to the kernel > is negligible compared to grsecurity itself. I don't really want to deviate from the [core] kernel on any of the non-grsecurity-related options, and CONFIG_AUDIT is only tangentially related. It's also not required for perf-trace (only libaudit is). I'll consider it and might change my mind though. The grsecurity auditing has sysctl switches to turn it all off, so it doesn't cause the log "spam" problem people dislike. The only default logging is when policies are actually violated and processes get killed. signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] perf-trace missing due to a dependency on libaudit
On 07/05/14 05:28 AM, Connor Behan wrote: > On 07/05/14 01:07 AM, Daniel Micay wrote: >> Sadly, the `perf trace` command has a dependency on libaudit for a few >> convenience functions. I'm curious about what people feel the best >> approach would be here... adding back audit to [community] is ugly since >> it's not going to work, but building it and statically linking it in the >> linux-tools package is overly complex. >> >> The lesser evil seems to be adding only a libaudit package... but it's >> still not going to work if someone tries to use it for what it's >> intended to do. I'll probably go with this if there's no saner idea. > Why not enable audit in your linux-grsec package? Then you can make > linux-grsec an optional dependency of the audit userspace tools for > people who want to use more than just the convenience functions. I still > have an occasional use for audit and the overhead it adds to the kernel > is negligible compared to grsecurity itself. RBAC also allows quite a bit of auditing with the grsecurity audit infrastructure. You can audit attempts to make use of a certain path, capability, IP protocol, etc. Of course, this assumes you have a basic working RBAC policy for tacking on allowed + audited policies or disallowed + audited policies. So CONFIG_AUDIT=Y is a lot less useful. signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] perf-trace missing due to a dependency on libaudit
On 05/05/2014 00:56, Daniel Micay wrote: > The lesser evil seems to be adding only a libaudit package... but it's > still not going to work if someone tries to use it for what it's > intended to do. I'll probably go with this if there's no saner idea. I think it's a good thing to restore "perf trace" functionality. Don't care if you add audit or libaudit. Nevertheless, I think we could have discuss that inside a perf bug report. -- Sébastien "Seblu" Luttringer https://seblu.net | Twitter: @seblu42 GPG: 0x2072D77A signature.asc Description: OpenPGP digital signature