Re: Koji update to Kerberos problem

2016-12-12 Thread Michal Schorm 
Yes, I am still stuck with the same error.

"kinit: Client 'msch...@fedoraproject.org' not found in Kerberos database
while getting initial credentials"



On Mon, Dec 12, 2016 at 5:48 AM, Kevin Fenzi  wrote:

> On Sun, 11 Dec 2016 22:41:19 +0100
> Michal Schorm  wrote:
>
> > > You have two accounts? Or you mean you tested with someone elses
> > > account and got a Password prompt, but not your own?
> >
> > I have only one account.
> > I used someone else's username to prove, I got right configuration.
> >
> > > In any case, you need to login to fas
> > > ( https://admin.fedoraproject.org/accounts ) with your account and
> > > then try again. Logging in there should sync your information to
> > > ipa.
> >
> > I logged in and ... waitinig?
> > Nothing happens...
>
> There is no visual indicator, but when you login fas syncs your
> information to ipa. So, after loging into fas, try the kinit again.
>
> > I logged there before, when I encountered this, in belief, that I
> > need to update some configuration in FAS or sign myself up to
> > Kerberos credentials DB.
>
> So, you still see the same issue with kinit?
>
> kevin
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>
>


-- 



Michal Schorm
Core Services - Databases Team
mail: msch...@redhat.com
Brno-IRC: mschorm
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Summary/Minutes from today's FESCo Meeting (2016-12-09)

2016-12-12 Thread Pierre-Yves Chibon 
On Sun, Dec 11, 2016 at 10:56:55PM +0100, Kevin Kofler wrote:
> Chris Adams wrote:
> > I read email in mutt, a terminal-based mail client.  I have it
> > configured so I can open up URLs in lynx easily.  Recently though, I
> > can't open the agenda or logs from meetings in lynx.  I don't know when
> > this happened (I don't try to pull them up all the time, just when I see
> > something that interests me).
> 
> It happened when they switched to that JavaScript-infected møte mess rather 
> than just using plain static HTML that worked just fine.
> 
> The whole log is retrieved through JavaScript for some stupid reason I 
> cannot fathom. This cannot possibly work in a non-JavaScript browser like 
> lynx.

I wonder how you would react if someone was to speak of your work like this.

So please, watch your tone and keep the discussion constructive (which you did
later in the email). If you have constructive criticisms they are welcome, if
you just want to insult people or their work, you can do it behind closed door
where it won't bother anyone.


Thank you,

Pierre
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Two more concrete ideas for what a once-yearly+update schedule would look like

2016-12-12 Thread Pierre-Yves Chibon 
On Fri, Dec 09, 2016 at 12:54:29PM -0800, Adam Williamson wrote:
> On Fri, 2016-12-09 at 21:29 +0100, Michael Schwendt wrote:
> > Of course, the developers of bodhi would need to be convinced of such a
> > feature, too, and it could be that there is no big kahuna to do exactly
> > that. Oh well.
> 
> Well, no, you could just send a patch. Bodhi is a rather nice codebase
> and quite easy to work on. I've had several things merged into it.

Or even... you know... open a ticket? Bring the discussion to them? It's not
like they are going to say no and close the ticket as wontfix without a
discussion, and if they do, then you can come here to rant about it, with a good
reason :)


Pierre
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: HEADS UP: eigen-3.3.0 update

2016-12-12 Thread Sandro Mani 



On 11.12.2016 22:44, Kevin Kofler wrote:
Hmmm, what will that do to Kalzium, which currently uses both Avogadro 
and

Eigen3? I think that will have to move back to Eigen2 as well, which might
require actually reverting upstream porting patches.
Uhm, or I could add a compat-eigen32 subpackage to the eigen3 package 
which ships the previous 3.2.x stable release, and then patch avogadro, 
kalzium & co to use the headers in /usr/include/eigen32 resp eigen32.pc. 
At least for avogadro, eigen2 support is still there, so eigen2 is a bit 
cleaner since merely switching the BR does the job, but I'm ok with 
either approach. Or the ideal solution would be if some with knowledge 
of avogadro manages to fix debians 3.3.0 patch [1].


Sandro

[1] https://github.com/cryos/avogadro/pull/38
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Jaroslav Skarvada 


- Original Message -
> Greetings.
> 
> As previously announced, releng has made a number of changes as part of
> it's 2016 "flag day".
> 
> All package maintainers will want to make sure they have updated to
> the
> following package versions (some may be in testing as of this email):
> 
>  python-cccolutils-1.4-1
>  fedpkg-1.26-2
>  fedora-packager-0.6.0.0-1
>  pyrpkg-1.47-3
>  koji-1.11.0-1
> 
> Please also see the following links for up to date information:
> 
> https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016
> 
> The following changes were made:
> 
> * koji and the source lookaside were changed to use kerberos
> authentication
> instead of ssl certificates. All maintainers will need to:
> 
> kinit your-fas-accountn...@fedoraaproject.org
> 
> to get a valid kerberos TGT and be able to authenticate to koji and
> the lookaside upload cgi.
> 
> See the general kerberos information at:
> https://fedoraproject.org/wiki/Infrastructure_kerberos_authentication
> for more details.
> 
> Additionally, via GSSAPI many browsers allow you to seamlessly login
> to any of our ipsilon using applications simply by clicking on the
> login
> button ( bodhi, fedorahosted trac, elections, fedocal, mailman3, etc)
> 
> * koji now uses a well known cert for https.
> 
> * pkgs.fedoraproject.org now redirects to https://src.fedoraproject.org
>  and
> that uses a well known cert. Please correct any links you use to use
> https://src.fedoraproject.org for packages spec and patch files.
> 
> * rawhide builds now land in the f26-pending tag, where they are signed
> and then
> added to the f26 tag for compose in the next rawhide compose. This
> allows
> rawhide packages to be fully signed as well as a point where automated
> QA
> can take place in the future.
> 
> * packages "sources" files now use sha512 by default instead of md5.
> You will need the fedpkg update in order to create and use these new
> checksums.
> 
> Questions or concerns as always welcome at #fedora-admin on
> irc.freenode.net
> or tickets at https://pagure.io/fedora-infrastructure.
> ___
> devel-announce mailing list -- devel-annou...@lists.fedoraproject.org
> To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
>

It still doesn't work for me:

$ fedpkg scratch-build 
Could not execute scratch_build: (-1765328370, 'KDC has no support for 
encryption type')

$ klist
Default principal: jskar...@fedoraproject.org

Valid starting   Expires  Service principal
12.12.2016 10:21:53  13.12.2016 10:21:48  
krbtgt/fedoraproject@fedoraproject.org
renew until 19.12.2016 10:21:48

fedora-cert.noarch 0.6.0.0-1.fc24fedora-packager.noarch 0.6.0.0-1.fc24   
fedpkg.noarch 1.26-2.fc24koji.noarch 1.11.0-1.fc24   
pyrpkg.noarch 1.47-3.fc24python2-cccolutils.x86_64 1.4-1.fc24

Not counting that the packages are available only through updates-testing
in f24

thanks & regards

Jaroslav
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Vít Ondruch 
So several questions:

1) When I have 2 domains I login to with kerberos, how to really make it
work. I don't want to kswitch all the time. I am using Kerberos to
authenticate my email client, so I want to keep it working all the time.

2) I needed to update a certificate every 6 months, now I need to kinit
every day. This is regression. How to make it work without kinit at all.
I am using SSSD for company kerberos and I don't need to kinit at all,
how to make this work for Fedora?


Vít

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread gil 



Il 12/12/2016 10:53, Vít Ondruch ha scritto:

So several questions:

1) When I have 2 domains I login to with kerberos, how to really make it
work. I don't want to kswitch all the time. I am using Kerberos to
authenticate my email client, so I want to keep it working all the time.

2) I needed to update a certificate every 6 months, now I need to kinit
every day. This is regression. How to make it work without kinit at all.
I am using SSSD for company kerberos and I don't need to kinit at all,
how to make this work for Fedora?
I agree, is a regression's crap, and it gets really annoying (useless) 
to use this approach

regards
.g


Vít

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Start packaging/maintaining in Fedora

2016-12-12 Thread Ms Sanchez 



On 11/12/16 15:50, Igor Gnatenko wrote:
On Dec 11, 2016 3:46 PM, "Ms Sanchez" > wrote:



Hello everyone!

I want to start packaging and maintaining packages in Fedora, but
I'm a bit lost. What should I do first? How can I start
maintaining a package?  Is there anyone who can guide me a bit,
please?

https://fedoraproject.org/wiki/Join_the_package_collection_maintainers

I know Python and C languages.

Thanks in advance!  Sylvia




Great!  Thank you very much!

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: future of official optical media support in Fedora

2016-12-12 Thread Ms Sanchez 



On 11/12/16 19:21, Chris Murphy wrote:

On Sun, Dec 11, 2016 at 7:48 AM, Ms Sanchez  wrote:


On 07/12/16 15:05, Matthew Miller wrote:

On Wed, Dec 07, 2016 at 02:05:20PM +0100, Ralf Corsepius wrote:

It's still a good test to do.  For example, Server and netinst ISO
images are used a lot for VMs, but not for bare metal.

Well, your view - I have been using netinst-ISOs only, in recently years ;)

Do you burn them to actual physical spinning optical media?


I do that. Last time I tried to make a bootable USB I destroyed my pendrive
and it's not like a have them for tons.  And it's not the first time this
happens.

OK being an expert in hyperbole... I recognize this as such. There's
no way making a bootable USB stick destroys it. What you're probably
experiencing is confusing elsewhere as a result of the whacky hybrid
partition scheme that's used on Fedora ISOs. To clean it up you have
to wipe the first 3 sectors to remove all three partition schemes; but
you're maybe better off just zeroing the first 1MiB.

dd if=/dev/zero of=/dev/ bs=1M count=1

The new Fedora Media Writer will recognize this hybrid partition
scheme on a USB stick and offer to reset it for you.





No, impossible, now it's read only. I tried to format but there's 
problem with block sizes. If I try to format Gparted shows a warning  
"Block sizes are of xx bytes but Linux says they are xx bytes"  and 
fails.  For some reason, Media Writer failed middle way in the process 
of making it bootable.  And it's not the first time it happens.  The 
previous one I fixed it running a programme, but I don't remember which 
one.
So, I know it's not physically destroyed but to me it's almost the same, 
I lost the only USB stick I had for this purpose. The other one is for 
backups.



Cheers,
Sylvia





___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Zdenek Dohnal 
Hi,

I am stuck with same error like Michal. I logged into FAS and waited for
long time (cca 1 hour), but still I get same error:

kinit: Client 'zdoh...@fedoraproject.org' not found in Kerberos database
while getting initial credentials

There is my debug output (same as gil and Dmitrij):

http://paste.fedoraproject.org/505248/48153744/


My set of packages:

fedpkg-1.26-2.fc25.noarch
koji-1.11.0-1.fc25.noarch
python2-cccolutils-1.4-1.fc25.x86_64
fedora-packager-0.6.0.0-1.fc25.noarch
pyrpkg-1.47-3.fc25.noarch

I changed /etc/krb5.conf.d/fedoraproject_org file into this:

[realms]
  FEDORAPROJECT.ORG = {
 kdc = https://id.fedoraproject.org/KdcProxy
 }
 [domain_realm]
  .fedoraproject.org = FEDORAPROJECT.ORG
  fedoraproject.org = FEDORAPROJECT.ORG


and my /etc/krb5.conf file has line with includedir. I talked about it
on IRC channel #fedora-admin, where they told me it is some sync
problem. Any advice how to solve it? For me as package maintainer is
this issue really critical.

On 12/12/2016 09:12 AM, Michal Schorm wrote:
> Yes, I am still stuck with the same error.
>
> "kinit: Client 'msch...@fedoraproject.org
> ' not found in Kerberos database
> while getting initial credentials"
>
>
>
> On Mon, Dec 12, 2016 at 5:48 AM, Kevin Fenzi  > wrote:
>
> On Sun, 11 Dec 2016 22:41:19 +0100
> Michal Schorm mailto:msch...@redhat.com>> wrote:
>
> > > You have two accounts? Or you mean you tested with someone elses
> > > account and got a Password prompt, but not your own?
> >
> > I have only one account.
> > I used someone else's username to prove, I got right configuration.
> >
> > > In any case, you need to login to fas
> > > ( https://admin.fedoraproject.org/accounts
>  ) with your account and
> > > then try again. Logging in there should sync your information to
> > > ipa.
> >
> > I logged in and ... waitinig?
> > Nothing happens...
>
> There is no visual indicator, but when you login fas syncs your
> information to ipa. So, after loging into fas, try the kinit again.
>
> > I logged there before, when I encountered this, in belief, that I
> > need to update some configuration in FAS or sign myself up to
> > Kerberos credentials DB.
>
> So, you still see the same issue with kinit?
>
> kevin
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> 
> To unsubscribe send an email to
> devel-le...@lists.fedoraproject.org
> 
>
>
>
>
> -- 
>
>
>
> Michal Schorm
> Core Services - Databases Team
> mail: msch...@redhat.com 
> Brno-IRC: mschorm
>
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org

-- 
Zdenek Dohnal
Associate Software Engineer
Brno, Purkyňova 99, Czech Republic
RED HAT | TRIED. TESTED. TRUSTED.

Every telecommunications Company in the Fortune Global 500 relies on Red Hat.

Find out why at Trusted | Red Hat



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Hans de Goede 

Hi,

Jaroslav wrote:
> It still doesn't work for me:
>
> $ fedpkg scratch-build
> Could not execute scratch_build: (-1765328370, 'KDC has no support for 
encryption
> type')
>
> $ klist
> Default principal: jskarvad(a)FEDORAPROJECT.ORG
>
> Valid starting   Expires  Service principal
> 12.12.2016 10:21:53  13.12.2016 10:21:48  
krbtgt/FEDORAPROJECT.ORG(a)FEDORAPROJECT.ORG
>renew until 19.12.2016 10:21:48
>
> fedora-cert.noarch 0.6.0.0-1.fc24fedora-packager.noarch 0.6.0.0-1.fc24
> fedpkg.noarch 1.26-2.fc24koji.noarch 1.11.0-1.fc24
> pyrpkg.noarch 1.47-3.fc24python2-cccolutils.x86_64 1.4-1.fc24
>
> Not counting that the packages are available only through updates-testing
> in f24

I was getting the same error, I managed to fix it by creating a:

/etc/krb5.conf.d/redhat_com

With the following:

[realms]
 REDHAT.COM = {
  kdc = $redhat_kdc
  admin_server = $redhat_admin_server
  default_domain = redhat.com
 }

[domain_realm]
 .redhat.com = REDHAT.COM
 redhat.com = REDHAT.COM

In there, with $redhat_kdc / $redhat_admin_server replaced with what
you've for these in your krb5.conf now.

And then replacing /etc/krb5.conf with the default one from the krb5-libs
package. After this you will need to redo kinit for both accounts, but then
it works.

Regards,

Hans
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Hans de Goede 

Hi,

On 12-12-16 11:44, Zdenek Dohnal wrote:

Hi,

I am stuck with same error like Michal. I logged into FAS and waited for long 
time (cca 1 hour), but still I get same error:

kinit: Client 'zdoh...@fedoraproject.org' not found in Kerberos database while 
getting initial credentials

There is my debug output (same as gil and Dmitrij):

http://paste.fedoraproject.org/505248/48153744/


From:

https://fedoraproject.org/wiki/Infrastructure/Kerberos#Questions_and_Answers

Question: When I run kinit I get: Client 'yourname(a)FEDORAPROJECT.ORG'
not found in Kerberos database while getting initial credentials

Answer: Login to fas ( https://admin.fedoraproject.org/accounts ) and
then retry. Your information needs to be synced from fas to the ipa
server. Logging into fas does so.

Regards,

Hans
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Hans de Goede 

Hi,

On 12-12-16 11:58, Hans de Goede wrote:

Hi,

On 12-12-16 11:44, Zdenek Dohnal wrote:

Hi,

I am stuck with same error like Michal. I logged into FAS and waited for long 
time (cca 1 hour), but still I get same error:

kinit: Client 'zdoh...@fedoraproject.org' not found in Kerberos database while 
getting initial credentials

There is my debug output (same as gil and Dmitrij):

http://paste.fedoraproject.org/505248/48153744/


From:

https://fedoraproject.org/wiki/Infrastructure/Kerberos#Questions_and_Answers

Question: When I run kinit I get: Client 'yourname(a)FEDORAPROJECT.ORG'
not found in Kerberos database while getting initial credentials

Answer: Login to fas ( https://admin.fedoraproject.org/accounts ) and
then retry. Your information needs to be synced from fas to the ipa
server. Logging into fas does so.


Nevermind, I did not read your mail properly, I see now that you've
already done this, sorry.

Maybe this helps ? I was getting a different error, but who knows ? :

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/6352NZ7K3REWAL76ABQDRIIO5B2Z7P2Q/

Regards,

Hans
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: trying to install dictd-server and...

2016-12-12 Thread Vít Ondruch 
I'm not sure what dictd-server is, but I'd say if there is some issue
with SELinux, it should be considered packaging bug and you should
report it into bugzilla against the package (or alternatively against
selinux-polixy). The INSTALL file typically comes from upstream, so it
might not cover some Fedora specific issues ...


Vít



Dne 10.12.2016 v 06:36 stevefoley12...@gmail.com napsal(a):
> Well, I must say, Fedora is not making it easy! I've used Debian for a few 
> years and I really expect to install something and have it work.
>
> But...there are selinux issues, I guess. I really don't know about 
> selinux...now I'm learning a lot. There is a folder labeled "selinux" in 
> /usr/share/doc/selinux but, no instructions on how to install. The INSTALL 
> file doesn't mention any of this.
>
> Now, I would suggest a better idea would to have dnf install dictd-server 
> just install the thing and then have a few dict files that dnf install could 
> also install...that would save me like five or so hours of work!!!
>
> Thanks :-) 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread David Howells 
Mike McLean  wrote:

> 1) make sure your krb5.conf has:
> includedir /etc/krb5.conf.d/

Should there be something in there other than a crypto-policies symlink?

David
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Jaroslav Skarvada 


- Original Message -
> Hi,
> 
> Jaroslav wrote:
>  > It still doesn't work for me:
>  >
>  > $ fedpkg scratch-build
>  > Could not execute scratch_build: (-1765328370, 'KDC has no support for
>  > encryption
>  > type')
>  >
>  > $ klist
>  > Default principal: jskarvad(a)FEDORAPROJECT.ORG
>  >
>  > Valid starting   Expires  Service principal
>  > 12.12.2016 10:21:53  13.12.2016 10:21:48
>  > krbtgt/FEDORAPROJECT.ORG(a)FEDORAPROJECT.ORG
>  >renew until 19.12.2016 10:21:48
>  >
>  > fedora-cert.noarch 0.6.0.0-1.fc24fedora-packager.noarch 0.6.0.0-1.fc24
>  > fedpkg.noarch 1.26-2.fc24koji.noarch 1.11.0-1.fc24
>  > pyrpkg.noarch 1.47-3.fc24python2-cccolutils.x86_64 1.4-1.fc24
>  >
>  > Not counting that the packages are available only through updates-testing
>  > in f24
> 
> I was getting the same error, I managed to fix it by creating a:
> 
> /etc/krb5.conf.d/redhat_com
> 
> With the following:
> 
> [realms]
>   REDHAT.COM = {
>kdc = $redhat_kdc
>admin_server = $redhat_admin_server
>default_domain = redhat.com
>   }
> 
> [domain_realm]
>   .redhat.com = REDHAT.COM
>   redhat.com = REDHAT.COM
> 
> In there, with $redhat_kdc / $redhat_admin_server replaced with what
> you've for these in your krb5.conf now.
> 
> And then replacing /etc/krb5.conf with the default one from the krb5-libs
> package. After this you will need to redo kinit for both accounts, but then
> it works.
> 
> Regards,
> 
> Hans

Hi Hans,

thanks for info, but it didn't help. Still the same error, even after
removing /etc/krb5.conf.d/redhat_com

Jaroslav
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Jaroslav Skarvada 


- Original Message -
> Mike McLean  wrote:
> 
> > 1) make sure your krb5.conf has:
> > includedir /etc/krb5.conf.d/
> 
> Should there be something in there other than a crypto-policies symlink?
> 
> David
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> 

Yes, it's there, I got the ticket OK, it's fedpkg which is failing for
me, the following:

$ koji build --scratch f26 $(fedpkg giturl)

works, but:

$ fedpkg scratch-build

doesn't. I commented to:
https://pagure.io/fedora-infrastructure/issue/5614

Jaroslav
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Zdenek Dohnal 
Unfortunately, no change, still getting error.


On 12/12/2016 11:59 AM, Hans de Goede wrote:
> Hi,
>
> On 12-12-16 11:58, Hans de Goede wrote:
>> Hi,
>>
>> On 12-12-16 11:44, Zdenek Dohnal wrote:
>>> Hi,
>>>
>>> I am stuck with same error like Michal. I logged into FAS and waited
>>> for long time (cca 1 hour), but still I get same error:
>>>
>>> kinit: Client 'zdoh...@fedoraproject.org' not found in Kerberos
>>> database while getting initial credentials
>>>
>>> There is my debug output (same as gil and Dmitrij):
>>>
>>> http://paste.fedoraproject.org/505248/48153744/
>>
>> From:
>>
>> https://fedoraproject.org/wiki/Infrastructure/Kerberos#Questions_and_Answers
>>
>>
>> Question: When I run kinit I get: Client
>> 'yourname(a)FEDORAPROJECT.ORG'
>> not found in Kerberos database while getting initial credentials
>>
>> Answer: Login to fas ( https://admin.fedoraproject.org/accounts ) and
>> then retry. Your information needs to be synced from fas to the ipa
>> server. Logging into fas does so.
>
> Nevermind, I did not read your mail properly, I see now that you've
> already done this, sorry.
>
> Maybe this helps ? I was getting a different error, but who knows ? :
>
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/6352NZ7K3REWAL76ABQDRIIO5B2Z7P2Q/
>
>
> Regards,
>
> Hans
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org

-- 
Zdenek Dohnal
Associate Software Engineer
Brno, Purkyňova 99, Czech Republic
RED HAT | TRIED. TESTED. TRUSTED.

Every telecommunications Company in the Fortune Global 500 relies on Red Hat.

Find out why at Trusted | Red Hat




signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

F26 System Wide Change: Golang 1.8

2016-12-12 Thread Jan Kurik 
= Proposed System Wide Change: Golang 1.8 =
https://fedoraproject.org/wiki/Changes/golang1.8

Change owner(s):
* Jakub Čajka 

Rebase of Golang package to upcoming version 1.8 in Fedora 26,
including rebuild of all dependent packages.


== Detailed Description ==
Rebase of Golang package to upcoming version 1.8 in Fedora 26. Golang
1.8 is schedule to be released in Feb. Due to current nature of Go
packages, rebuild of dependent package will be required to pick up the
changes.


== Scope ==
* Proposal owners:
Rebase golang package in f26, help with resolving possible issues
found during package rebuilds.

* Other developers:
fix possible issues

* Release engineering:
As there is scheduled mass-rebuild, nothing should be required.

* List of deliverables: N/A

* Policies and guidelines: N/A

* Trademark approval: N/A
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

F26 Self Contained Change: Golang buildmode PIE

2016-12-12 Thread Jan Kurik 
= Proposed Self Contained Change: Golang buildmode PIE =
https://fedoraproject.org/wiki/Changes/golang-buildmode-pie

Change owner(s):
* Jakub Čajka 

Change default build mode of golang in Fedora packaging macros to
buildmode=pie, which results in packages using them to produce
Position Independent Executables. Another part of the change is to
pass the Fedora hardened linker flags to the external linker(regular
system linker). In result reducing exploit-ability of binaries.


== Detailed Description ==
Change default build mode of golang in Fedora packaging macros to
buildmode=pie, which results in packages using them to produce
Position Independent Executables. Another part of the change is to
pass the Fedora hardened linker flags to the external linker(regular
system linker). This will only affect packages that depend on golang
packaging macros for their build. This should be first step towards
mandating this on all packages that provide binaries based on golang
in whole distribution via Go packaging guidelines(which is out of
scope for this change proposal).


== Scope ==
* Proposal owners:
change the Go packaging macros, resolve possible issue encountered

* Other developers:
help with resolving any issues encountered

* Release engineering:
none as mass-rebuild is scheduled

* List of deliverables:
N/A (not a System Wide Change)

* Policies and guidelines:
none

* Trademark approval:
N/A (not needed for this Change)
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Ralf Corsepius 

On 12/12/2016 01:34 AM, Dennis Gilmore wrote:

Greetings.

As previously announced, releng has made a number of changes as part of
it's 2016 "flag day".



https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016


For me, builds now are failing with weird errors:

cf. https://koji.fedoraproject.org/koji/taskinfo?taskID=16851705

Ralf
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

F26 System Wide Change: Ruby 2.4

2016-12-12 Thread Jan Kurik 
= Proposed System Wide Change: Ruby 2.4 =
https://fedoraproject.org/wiki/Changes/Ruby_2.4

Change owner(s):
* Vít Ondruch 

Ruby 2.4 is the latest stable version of Ruby. Many new features and
improvements are included for the increasingly diverse and expanding
demands for Ruby. With this major update from Ruby 2.3 in Fedora 24 to
Ruby 2.4 in Fedora 26, Fedora becomes the superior Ruby development
platform.


== Detailed Description ==
Ruby 2.4 is upstream's new major release of Ruby. Many new features
and improvements are included.

* Introduce hash table improvement (by Vladimir Makarov)
Improve the internal structure of hash table (st_table) by introducing
open addressing and an inclusion order array. This improvement has
been discussed with many people, especially with Yura Sokolov.

* Binding#irb: Start a REPL session similar to binding.pry
While you are debugging, you may often use p to see the value of
variables. With pry you can use binding.pry in your application to
launch a REPL and run any Ruby code. r56624 introduces binding.irb
which behaves like that with irb.

* Unify Fixnum and Bignum into Integer
Though ISO/IEC 30170:2012 doesn’t specify details of the Integer
class, Ruby had two visible Integer classes: Fixnum and Bignum. Ruby
2.4 unifies them into Integer. All C extensions which touch the Fixnum
or Bignum class need to be fixed.

* String supports Unicode case mappings
String/Symbol#upcase/downcase/swapcase/capitalize(!) now handle
Unicode case mappings instead of only ASCII case mappings.

* Performance improvements
Ruby 2.4 also contains the following performance improvements
including language changes:
-- Array#max, Array#min [x, y].max and [x, y].min are optimized to not
create a temporary array under certain conditions.
-- Regexp#match? Added Regexp#match?, which executes a regexp match
without creating a back reference object and changing $~ to reduce
object allocation.
-- Speed up instance variable access

* Debugging
Thread#report_on_exception and Thread.report_on_exception Ruby ignores
exceptions in threads unless another thread explicitly joins them.
With report_on_exception = true, you can notice if a thread has died
due to an unhandled exception.
Thread deadlock detection now shows threads with their backtrace and
dependency Ruby has deadlock detection around waiting threads, but its
report doesn’t include enough information for debugging. Ruby 2.4’s
deadlock detection shows threads with their backtrace and dependent
threads.


== Scope ==
* Proposal owners:
- Finish packaging of Ruby 2.4. Current changes available in
private-ruby-2.4 branch of ruby package in dist-git.
- Rebuilding of Ruby packages providing native extensions (i.e.
packages which depends on libruby).

* Other developers:
Rebuild of packages with binary extensions (i.e. packages which
depends on libruby) will be handled automatically, but some packages
might need fixes/updates to support Ruby 2.4 properly.

* Release engineering:

* Separate Koji tag for package rebuild will be needed.

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Paul Howarth 

On 2016-12-12 00:34, Dennis Gilmore wrote:

Greetings. 

As previously announced, releng has made a number of changes as part of
it's 2016 "flag day". 

All package maintainers will want to make sure they have updated to
the 
following package versions (some may be in testing as of this email):

 python-cccolutils-1.4-1
 fedpkg-1.26-2
 fedora-packager-0.6.0.0-1
 pyrpkg-1.47-3
 koji-1.11.0-1

Please also see the following links for up to date information: 

https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016

The following changes were made:

* koji and the source lookaside were changed to use kerberos
authentication
instead of ssl certificates. All maintainers will need to:

kinit your-fas-accountn...@fedoraaproject.org


There's an extra "A" in there.

Anyway, it's not working for me and it's a different error than others 
are seeing:


$ KRB5_TRACE=/dev/stdout kinit pghm...@fedoraproject.org
[27827] 1481545109.731971: Getting initial credentials for 
pghm...@fedoraproject.org
[27827] 1481545109.732034: Sending request (198 bytes) to 
FEDORAPROJECT.ORG

[27827] 1481545109.732115: Resolving hostname id.fedoraproject.org
[27827] 1481545109.822525: TLS certificate name matched 
"id.fedoraproject.org"
[27827] 1481545109.854766: Sending HTTPS request to https 
2001:4178:2:1269::fed2:443
[27827] 1481545110.569521: Received answer (192 bytes) from https 
2001:4178:2:1269::fed2:443
[27827] 1481545110.569530: Terminating TCP connection to https 
2001:4178:2:1269::fed2:443

[27827] 1481545110.570113: Response was not from master KDC
[27827] 1481545110.570138: Received error from KDC: -1765328361/Password 
has expired

[27827] 1481545110.570145: Retrying AS request with master KDC
[27827] 1481545110.570148: Getting initial credentials for 
pghm...@fedoraproject.org
[27827] 1481545110.570190: Sending request (198 bytes) to 
FEDORAPROJECT.ORG (master)

[27827] 1481545110.570781: Principal expired; getting changepw ticket
[27827] 1481545110.570788: Getting initial credentials for 
pghm...@fedoraproject.org
[27827] 1481545110.570807: Setting initial creds service to 
kadmin/changepw
[27827] 1481545110.570821: Sending request (170 bytes) to 
FEDORAPROJECT.ORG

[27827] 1481545110.570832: Resolving hostname id.fedoraproject.org
[27827] 1481545110.664742: TLS certificate name matched 
"id.fedoraproject.org"
[27827] 1481545110.697029: Sending HTTPS request to https 
2001:4178:2:1269::fed2:443
[27827] 1481545111.424567: Received answer (265 bytes) from https 
2001:4178:2:1269::fed2:443
[27827] 1481545111.424576: Terminating TCP connection to https 
2001:4178:2:1269::fed2:443

[27827] 1481545111.425176: Response was not from master KDC
[27827] 1481545111.425191: Received error from KDC: 
-1765328359/Additional pre-authentication required

[27827] 1481545111.425237: Processing preauth types: 136, 19, 2, 133
[27827] 1481545111.425240: Selected etype info: etype aes256-cts, salt 
"-8?z9]S;Kc ?!en@", params ""

[27827] 1481545111.425243: Received cookie: MIT
Password for pghm...@fedoraproject.org:
[27827] 1481545118.11305: AS key obtained for encrypted timestamp: 
aes256-cts/08C0
[27827] 1481545118.11332: Encrypted timestamp (for 1481545117.893053): 
plain 301AA011180F32303136313231323132313833375AA105020
30DA07D, encrypted 
E16FD65250AA2EFF0BD08D498BC6BA6B914C548CB3D4CC87581D4DF6BAC457734C5B918FE2ED255C4408112F35118B7752C9A95C3EF

BDC70
[27827] 1481545118.11343: Preauth module encrypted_timestamp (2) (real) 
returned: 0/Success

[27827] 1481545118.11345: Produced preauth for next request: 133, 2
[27827] 1481545118.11357: Sending request (265 bytes) to 
FEDORAPROJECT.ORG

[27827] 1481545118.11380: Resolving hostname id.fedoraproject.org
[27827] 1481545118.103859: TLS certificate name matched 
"id.fedoraproject.org"
[27827] 1481545118.136932: Sending HTTPS request to https 
2001:4178:2:1269::fed2:443
[27827] 1481545118.895882: Received answer (748 bytes) from https 
2001:4178:2:1269::fed2:443
[27827] 1481545118.895890: Terminating TCP connection to https 
2001:4178:2:1269::fed2:443

[27827] 1481545118.896445: Response was not from master KDC
[27827] 1481545118.896469: Processing preauth types: 19
[27827] 1481545118.896474: Selected etype info: etype aes256-cts, salt 
"-8?z9]S;Kc ?!en@", params ""

[27827] 1481545118.896478: Produced preauth for next request: (empty)
[27827] 1481545118.896483: AS key determined by preauth: aes256-cts/08C0
[27827] 1481545118.896501: Decrypted AS reply; session key is: 
aes256-cts/0DA7

[27827] 1481545118.896507: FAST negotiation: available
[27827] 1481545118.896523: Attempting password change; 3 tries remaining
Password expired.  You must change it now.
Enter new password:
Enter it again:
[27827] 1481545129.754725: Creating authenticator for 
pghm...@fedoraproject.org -> kadmin/chang...@fedoraproject.org, seqnum 0

, subkey aes256-cts/D9E0, session key aes256-cts/0DA7
kinit: Cannot find KDC for realm "FEDORAPROJECT.ORG" while getting 
initial credentials

$

I tried log

Re: Start packaging/maintaining in Fedora

2016-12-12 Thread Vít Ondruch 
Hi Sylvia,

Just wondering, what were the places you were looking at to find the
information how to start maintaining package in Fedora. Or what is the
reason you want to package something into Fedora.

I am asking, since there are various ongoing activities to make the
process easier to newcomers [1], but unfortunately, they are not always
successful. So would it be for example helpful, if gnome-software shown
some link with help how to package the missing software, e.g.

1) Open Gnome Software

2) Sear for "myfavoriteapp"

3) The link [2] is provided instead of "Application was not found" message.

Would this help or just make you confused? Would the similar approach
for Fedora packages [3] helped? Is there some other place you were
looking at which long time Fedora package does not visit, but newcomer does?


Vít



[1] https://fedoraproject.org/wiki/Fedora_Join_SIG

[2] https://fedoraproject.org/wiki/Join_the_package_collection_maintainers

[3] https://apps.fedoraproject.org/packages


Dne 11.12.2016 v 15:45 Ms Sanchez napsal(a):
>
>
> Hello everyone!
>
> I want to start packaging and maintaining packages in Fedora, but I'm
> a bit lost. What should I do first? How can I start maintaining a
> package?  Is there anyone who can guide me a bit, please?
>
> I know Python and C languages.
>
> Thanks in advance!  Sylvia
>
>
>
>
>
>
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Ralf Corsepius 

On 12/12/2016 12:35 PM, Ralf Corsepius wrote:

On 12/12/2016 01:34 AM, Dennis Gilmore wrote:

Greetings.

As previously announced, releng has made a number of changes as part of
it's 2016 "flag day".



https://fedoraproject.org/wiki/ReleaseEngineering/FlagDay2016


For me, builds now are failing with weird errors:

cf. https://koji.fedoraproject.org/koji/taskinfo?taskID=16851705


A subsequent build, a couple of minutes later seems to have succeeded.


But the next build-breakdown followed:
https://koji.fedoraproject.org/koji/taskinfo?taskID=16852752


From 
https://kojipkgs.fedoraproject.org//work/tasks/2753/16852753/mock_output.log

...
Parallel-Scoreboard-0.08.tar.gz: FAILED
sha512sum: WARNING: 1 computed checksum did NOT match
...

Seems to me, as if the f25 builders can't properly grok the new 
sources/sha512sums.


Ralf
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Louis Lagendijk 
On Sun, 2016-12-11 at 18:34 -0600, Dennis Gilmore wrote:
> Greetings. 
> 
> As previously announced, releng has made a number of changes as part
> of
> it's 2016 "flag day". 
> 
> All package maintainers will want to make sure they have updated to
> the 
> following package versions (some may be in testing as of this email):
> 
>  python-cccolutils-1.4-1
>  fedpkg-1.26-2
>  fedora-packager-0.6.0.0-1
>  pyrpkg-1.47-3
>  koji-1.11.0-1
> 
With these updates I can kinit to my username. This almost works:

kinit llagend...@fedoraproject.org
Password for llagend...@fedoraproject.org: 
Password expired.  You must change it now.
Enter new password: 
Enter it again: 
kinit: Cannot find KDC for realm "FEDORAPROJECT.ORG" while getting
initial credentials

After changing the password in FAS I can login. But it is strange that
we use kerberos, but we cannot update the password
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: FESCo and Council elections - December 2016/January 2017

2016-12-12 Thread Jan Kurik 
Today is the last day you can apply for a seat in FESCo or Fedora
Council. The nomination period is open till 23:59 UTC. If anyone is
interested to take a role in FESCo or in Fedora Council, please apply
[1][2].

[1] https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
[2] https://fedoraproject.org/wiki/Council/Nominations

Thanks and Regards,
Jan

On Fri, Dec 9, 2016 at 11:10 AM, Jan Kurik  wrote:
> Hi,
>
> I would like to remind people about the Nomination period we have open
> for FESCo and Council elections. Anyone who is interested in a seat in
> FESCo and/or Council, please apply [1][2].
>
> Let me also share some news about the upcoming FAmSCo elections: The
> current FAmSCo has asked for new elections to refresh [3]. As we
> already have running Nomination period for FESCo and Council, we will
> start with the FAmSCo elections on the next Tuesday, December 13th and
> then we will align with FESCo and Council elections. More information
> about the FAmSCo elections will be in the announcement.
>
> [1] https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
> [2] https://fedoraproject.org/wiki/Council/Nominations
> [3] 
> https://lists.fedoraproject.org/archives/list/ambassad...@lists.fedoraproject.org/thread/L3QD7D3R5RIBRL6ECWWG77I23KJ6XW7C/
>
> Thanks and Regards,
> Jan
>
> On Tue, Dec 6, 2016 at 1:00 AM, Jan Kurik  wrote:
>> Greetings,
>>
>> FESCo and Council elections are now open and we're looking for new
>> candidates: https://fedoraproject.org/wiki/Elections
>>
>> For FESCo we have opened five seats:
>> https://fedoraproject.org/wiki/Development/SteeringCommittee/Nominations
>>
>> For Council we have opened one seat:
>> https://fedoraproject.org/wiki/Council/Nominations
>>
>> The Elections schedule is as follows:
>> * December 06 - December 12: Nomination period open (closes promptly
>> at 23:59 UTC on December 12th)
>> * December 13 - January 09: Campaign period. Individual blog posts,
>> etc. encouraged. We will also have an interview with answers published
>> on the Fedora Community Blog.
>> * January 10 - January 16: Voting open (closes promptly at 23:59 UTC
>> on January 16th)
>> * January 17: Results announcement
>>
>> The Campaign period has been prolonged, in these Elections, as it is
>> expected to have people in many countries away from keyboards during
>> the Christmas period.
>>
>> Elections Questionnaire needs more questions for email/Community blog
>> interviews! If you have anything you would like to ask candidates to
>> FESCo or to Council, please add it to the wiki.
>> http://fedoraproject.org/wiki/Elections/Questionnaire
>>
>> Read more about the FESCo at:
>> http://fedoraproject.org/wiki/Development/SteeringCommittee
>> and about the Council at: http://fedoraproject.org/wiki/Council
>>
>> Thanks for your support,
>> Jan
>> --
>> Jan Kuřík
>> Platform & Fedora Program Manager
>> Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
>
>
>
> --
> Jan Kuřík
> Platform & Fedora Program Manager
> Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic



-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: future of official optical media support in Fedora

2016-12-12 Thread Kamil Paral 
> Admittedly, I have not gone through the whole thread, but I'd like to
> point out that I *do* use the DVD and netinstall ISOs for optical
> media boot on real hardware, though in a somewhat indirect manner.
> Many of the servers I use have IPMI, which allows me to have it boot a
> remote DVD device with an ISO or a real DVD drive. Due to certain

This is interesting. Does IPMI also allow you boot from a "remote USB device"?

> bugs[1], I've increasingly relied on the DVD vs netinstall. From the
> system's perspective, it's a regular DVD startup, just like with VMs.

Well, unfortunately DVD boot on bare metal is different from DVD boot in VMs. 
The former is proposed to be less tested, the latter would remain fully tested. 
The question is what form of boot IPMI uses, and that information is probably 
difficult to find out.

I wonder, why do you prefer remote DVD boot over something like PXE boot, 
boot.fedoraproject.org or booting the iso directly from grub?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 06:27 AM, Jan Kurik wrote:
> = Proposed System Wide Change: Golang 1.8 =
> https://fedoraproject.org/wiki/Changes/golang1.8
> 
> Change owner(s):
> * Jakub Čajka 
> 
> Rebase of Golang package to upcoming version 1.8 in Fedora 26,
> including rebuild of all dependent packages.
> 
> 
> == Detailed Description ==
> Rebase of Golang package to upcoming version 1.8 in Fedora 26. Golang
> 1.8 is schedule to be released in Feb. Due to current nature of Go
> packages, rebuild of dependent package will be required to pick up the
> changes.


The mass-rebuild is currently scheduled to begin on February 1st. Will there be
a release-candidate available for Golang 1.8 by that time? If it is not, how
will the contingency plan work?





signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Unofficial review MUST items

2016-12-12 Thread Guido Aulisi 
Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:

1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?

2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?

3) Package is not known to require an ExcludeArch tag: I think I need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?

4) Package complies to the Packaging Guidelines: this seems to me like
a catch all question, it summarizes all other items, doesn't it?

Ciao
Guido
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 09:35 AM, Guido Aulisi wrote:
> Hi,
> I'm trying to complete an unofficial review
> (https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
> review skills :-), and I have some problems filling some MUST items
> which fedora-review leaves blanks.
> The items are:
> 
> 1) Sources contain only permissible code or content: this is very hard
> to check if source code is big enough; I'm quite sure that it doesn't
> contain content, but checking all source code would be a very long
> work. Can we rely on the license (GPLv3+)?
> 

This one is more of a best reasonable effort requirement. As long as you scan
through things and don't see any evidence that something would be impermissible,
it should be fine. Mostly this is a catch-all for things that humans are better
at discovering than a computer (like someone submitting a program called "Last
Fantasy" which is a complete replica of a famous video game).


> 2) Package does not generate any conflict: do I have to install all
> Fedora packeges to check this or is there a better way to check that
> (maybe a query to the package database)?
> 


Mostly this one is just to ensure that we don't have a whole bunch of packages
trying to own /usr/bin/commonword or something.



> 3) Package is not known to require an ExcludeArch tag: I think I need
> a scratch koji build to check this, but it was not done. Can I do a
> scratch build myself?
> 


This is a MAY, not a MUST, I think. It basically means that the package isn't
known not to work properly on specific architectures. (Which is subtly different
from ExclusiveArch, which means that it's only supported on certain 
architectures).


> 4) Package complies to the Packaging Guidelines: this seems to me like
> a catch all question, it summarizes all other items, doesn't it?
> 


Yes.





signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread gil 



Il 12/12/2016 15:35, Guido Aulisi ha scritto:

Hi,
I'm trying to complete an unofficial review
(https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
review skills :-), and I have some problems filling some MUST items
which fedora-review leaves blanks.
The items are:

1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?

Se i sorgenti sono listati in licensecheck.txt come "Unknown or generated"
devi lo stesso controllarli tutti, perchè alcuni potrebbero riportare 
licenze non vailde per Fedora
ad esempio il pacchetto nom-tam-fits tutti i suoi file sono catalogati 
come "Unknown or generated"

pero contengono, tutti, questa intestazione:
 /*
 * #%L
 * nom.tam FITS library
 * %%
 * Copyright (C) 2004 - 2015 nom-tam-fits
 * %%
 * This is free and unencumbered software released into the public domain.
 *
 * Anyone is free to copy, modify, publish, use, compile, sell, or
 * distribute this software, either in source code form or as a compiled
 * binary, for any purpose, commercial or non-commercial, and by any
 * means.
 *
 * In jurisdictions that recognize copyright laws, the author or authors
 * of this software dedicate any and all copyright interest in the
 * software to the public domain. We make this dedication for the benefit
 * of the public at large and to the detriment of our heirs and
 * successors. We intend this dedication to be an overt act of
 * relinquishment in perpetuity of all present and future rights to this
 * software under copyright law.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 * OTHER DEALINGS IN THE SOFTWARE.
 * #L%
 */
che definisce la licenza (BSD)**

2) Package does not generate any conflict: do I have to install all
Fedora packeges to check this or is there a better way to check that
(maybe a query to the package database)?
non credo si dovrebbe tenere presente  che i pacchetti dovrebbero 
contenere librerie o file eseguibili

non disonibili in altri

3) Package is not known to require an ExcludeArch tag: I think I need
a scratch koji build to check this, but it was not done. Can I do a
scratch build myself?
koji build rawhide --scratch /[PERCORSO 
SRPM]/[NOME][VERSIONE][RELEASE].src.rpm

oppure
koji build --scratch --arch-override x86_64 rawhide /[PERCORSO 
SRPM]/[NOME][VERSIONE][RELEASE].src.rpm

4) Package complies to the Packaging Guidelines: this seems to me like
a catch all question, it summarizes all other items, doesn't it?
Questo dipende dal tipo di paccetto (C/C++, Python, fonts, Java, 
SugarActivity, Ocaml, Perl, Haskell, R, PHP, Ruby)

Ciao
Guido
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

ciao
.g
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread gil 



Il 12/12/2016 15:50, Stephen Gallagher ha scritto:

1) Sources contain only permissible code or content: this is very hard
to check if source code is big enough; I'm quite sure that it doesn't
contain content, but checking all source code would be a very long
work. Can we rely on the license (GPLv3+)?


This one is more of a best reasonable effort requirement. As long as you scan
through things and don't see any evidence that something would be impermissible,
it should be fine. Mostly this is a catch-all for things that humans are better
at discovering than a computer (like someone submitting a program called "Last
Fantasy" which is a complete replica of a famous video game).



If the sources are listed in licensecheck.txt as "Unknown or generated"
you must check them all, because some of this, may return a/some not 
valid licenses for Fedora
for example Package nom-tam-fits all of it files are listed as "unknown 
or generated"

but all contain this header:

 /*
 * #%L
 * nom.tam FITS library
 * %%
 * Copyright (C) 2004 - 2015 nom-tam-fits
 * %%
 * This is free and unencumbered software released into the public domain.
 *
 * Anyone is free to copy, modify, publish, use, compile, sell, or
 * distribute this software, either in source code form or as a compiled
 * binary, for any purpose, commercial or non-commercial, and by any
 * means.
 *
 * In jurisdictions that recognize copyright laws, the author or authors
 * of this software dedicate any and all copyright interest in the
 * software to the public domain. We make this dedication for the benefit
 * of the public at large and to the detriment of our heirs and
 * successors. We intend this dedication to be an overt act of
 * relinquishment in perpetuity of all present and future rights to this
 * software under copyright law.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 * OTHER DEALINGS IN THE SOFTWARE.
 * #L%
 */
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread Jakub Cajka 




- Original Message -
> From: "Stephen Gallagher" 
> To: devel@lists.fedoraproject.org
> Sent: Monday, December 12, 2016 3:29:09 PM
> Subject: Re: F26 System Wide Change: Golang 1.8
> 
> On 12/12/2016 06:27 AM, Jan Kurik wrote:
> > = Proposed System Wide Change: Golang 1.8 =
> > https://fedoraproject.org/wiki/Changes/golang1.8
> > 
> > Change owner(s):
> > * Jakub Čajka 
> > 
> > Rebase of Golang package to upcoming version 1.8 in Fedora 26,
> > including rebuild of all dependent packages.
> > 
> > 
> > == Detailed Description ==
> > Rebase of Golang package to upcoming version 1.8 in Fedora 26. Golang
> > 1.8 is schedule to be released in Feb. Due to current nature of Go
> > packages, rebuild of dependent package will be required to pick up the
> > changes.
> 
> 
> The mass-rebuild is currently scheduled to begin on February 1st. Will there
> be
> a release-candidate available for Golang 1.8 by that time? If it is not, how
> will the contingency plan work?

There should be, if there would be serious issues(which I believe are highly 
unlikely as even with current beta release I haven't hit any considerate issue 
while rebuilding Fedora locally), I assume we will stick to the previous 
version of Go as stated in contingency plan. Should I expand that section in 
any direction?

JC

> 
> 
> 
> 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 04:53 AM, Vít Ondruch wrote:
> So several questions:
> 
> 1) When I have 2 domains I login to with kerberos, how to really make it
> work. I don't want to kswitch all the time. I am using Kerberos to
> authenticate my email client, so I want to keep it working all the time.
> 

There are patches still coming that will switch the fedora packaging tools to
use GSSAPI rather than Kerberos directly, which will handle auto-selecting the
right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk (CCed)
was looking into it.


> 2) I needed to update a certificate every 6 months, now I need to kinit
> every day. This is regression. How to make it work without kinit at all.
> I am using SSSD for company kerberos and I don't need to kinit at all,
> how to make this work for Fedora?
> 

If you're using GNOME, it will be possible to have it save your TGT password in
GNOME Keyring and use GNOME Online Accounts to sign you in automatically when
you log into your main account. However, there is currently a bug in it:
https://bugzilla.redhat.com/show_bug.cgi?id=1401605

I'm running with the patch proposed in that ticket and it has fixed the issue
for me, so I know it works.


Another (not recommended) option would be to put:

echo "" | kinit usern...@fedoraproject.org

somewhere into your session-start scripts (but of course, this would require
your password in plaintext somewhere).



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 10:03 AM, Jakub Cajka wrote:
>> 
>> The mass-rebuild is currently scheduled to begin on February 1st. Will
>> there be a release-candidate available for Golang 1.8 by that time? If it
>> is not, how will the contingency plan work?
> 
> There should be, if there would be serious issues(which I believe are highly
> unlikely as even with current beta release I haven't hit any considerate
> issue while rebuilding Fedora locally), I assume we will stick to the
> previous version of Go as stated in contingency plan. Should I expand that
> section in any direction?
> 

Mostly I'm just concerned that any issue discovered during the mass-rebuild that
would require a downgrade to Go 1.7 would require another mass-rebuild to
accomplish it. Which really means that once this process starts, we're committed
to finishing it (and fixing whatever comes up). Thus, it seems like there isn't
a realistic contingency strategy (and we should make that clear in the proposal
for FESCo to judge the risk).



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Guido Aulisi 
2016-12-12 15:50 GMT+01:00 Stephen Gallagher :
>> 3) Package is not known to require an ExcludeArch tag: I think I need
>> a scratch koji build to check this, but it was not done. Can I do a
>> scratch build myself?
>>
>
>
> This is a MAY, not a MUST, I think. It basically means that the package isn't
> known not to work properly on specific architectures. (Which is subtly 
> different
> from ExclusiveArch, which means that it's only supported on certain 
> architectures).

Yes, sorry I didn't notice that.
Thank you very much for your answer.

Guido
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Patrick マルタインアンドレアス Uiterwijk 
> On 12/12/2016 04:53 AM, Vít Ondruch wrote:
> 
> There are patches still coming that will switch the fedora packaging tools to
> use GSSAPI rather than Kerberos directly, which will handle auto-selecting the
> right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk 
> (CCed)
> was looking into it.

This is live in production, and the code is in koji-1.11.0, so updating to that 
will make
automatic selection work.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread Jakub Cajka 




- Original Message -
> From: "Stephen Gallagher" 
> To: devel@lists.fedoraproject.org
> Sent: Monday, December 12, 2016 4:09:41 PM
> Subject: Re: F26 System Wide Change: Golang 1.8
> 
> On 12/12/2016 10:03 AM, Jakub Cajka wrote:
> >> 
> >> The mass-rebuild is currently scheduled to begin on February 1st. Will
> >> there be a release-candidate available for Golang 1.8 by that time? If it
> >> is not, how will the contingency plan work?
> > 
> > There should be, if there would be serious issues(which I believe are
> > highly
> > unlikely as even with current beta release I haven't hit any considerate
> > issue while rebuilding Fedora locally), I assume we will stick to the
> > previous version of Go as stated in contingency plan. Should I expand that
> > section in any direction?
> > 
> 
> Mostly I'm just concerned that any issue discovered during the mass-rebuild
> that
> would require a downgrade to Go 1.7 would require another mass-rebuild to
> accomplish it. Which really means that once this process starts, we're
> committed
> to finishing it (and fixing whatever comes up). Thus, it seems like there
> isn't
> a realistic contingency strategy (and we should make that clear in the
> proposal
> for FESCo to judge the risk).

I believe it is the same as in other issues found at the mass-rebuild time, 
backing the change and rebuilding affected packages. Or am I missing something?

As the Betas and RC of golang are coming out I do my local "scratch rebuilds" 
and I'm confident even at current moment with Beta1 mass re-buld would be 
successful(from Go side).

JC

> 
> 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 10:18 AM, Jakub Cajka wrote:
> 
> 
> 
> 
> - Original Message -
>> From: "Stephen Gallagher"  To:
>> devel@lists.fedoraproject.org Sent: Monday, December 12, 2016 4:09:41 PM 
>> Subject: Re: F26 System Wide Change: Golang 1.8
>> 
>> On 12/12/2016 10:03 AM, Jakub Cajka wrote:
 
 The mass-rebuild is currently scheduled to begin on February 1st. Will 
 there be a release-candidate available for Golang 1.8 by that time? If
 it is not, how will the contingency plan work?
>>> 
>>> There should be, if there would be serious issues(which I believe are 
>>> highly unlikely as even with current beta release I haven't hit any
>>> considerate issue while rebuilding Fedora locally), I assume we will
>>> stick to the previous version of Go as stated in contingency plan. Should
>>> I expand that section in any direction?
>>> 
>> 
>> Mostly I'm just concerned that any issue discovered during the
>> mass-rebuild that would require a downgrade to Go 1.7 would require another
>> mass-rebuild to accomplish it. Which really means that once this process
>> starts, we're committed to finishing it (and fixing whatever comes up).
>> Thus, it seems like there isn't a realistic contingency strategy (and we
>> should make that clear in the proposal for FESCo to judge the risk).
> 
> I believe it is the same as in other issues found at the mass-rebuild time,
> backing the change and rebuilding affected packages. Or am I missing
> something?
> 
> As the Betas and RC of golang are coming out I do my local "scratch rebuilds"
> and I'm confident even at current moment with Beta1 mass re-buld would be
> successful(from Go side).
> 

To be clear, I'm not saying this situation is a problem. I'm mostly saying that
the "contingency plan" is likely unrealistic. Meaning if FESCo gives the
go-ahead, it means this is happening, period. I figured it makes sense to adjust
the contingency plan to make this clear.



signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Richard W.M. Jones 
On Mon, Dec 12, 2016 at 11:44:21AM +0100, Zdenek Dohnal wrote:
> kinit: Client 'zdoh...@fedoraproject.org' not found in Kerberos database
> while getting initial credentials

FWIW I got this error when I had a capitalization problem
(using rjo...@fedoraproject.org).

So it might be happening if your FAS username isn't exactly "zdohnal".

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

[POC-change] Fedora packages point of contact updates

2016-12-12 Thread nobody 
Change in package status over the last 168 hours


12 packages were orphaned
-
diodon [f23, master, f25, f24] was orphaned by raphgro
 Clipboard manager for GNOME, Cinnamon and other Gtk desktops
 https://admin.fedoraproject.org/pkgdb/package/diodon
egtk [f23, master, f25, epel7, f24] was orphaned by raphgro
 The eGTK (elementary GTK) themes for GTK+2, GTK+3, Metacity and Xfwm4
 https://admin.fedoraproject.org/pkgdb/package/egtk
farstream [f23, master, f25, f24] was orphaned by amigadave
 Libraries for videoconferencing
 https://admin.fedoraproject.org/pkgdb/package/farstream
freetalk [f23, master, f25, f24] was orphaned by raphgro
 A console based Jabber client
 https://admin.fedoraproject.org/pkgdb/package/freetalk
php-pear-HTML-Common [master] was orphaned by remi
 Base class for other HTML classes
 https://admin.fedoraproject.org/pkgdb/package/php-pear-HTML-Common
php-pear-HTML-QuickForm [master] was orphaned by remi
 Class for creating, validating, processing HTML forms
 https://admin.fedoraproject.org/pkgdb/package/php-pear-HTML-QuickForm
python-ladon [f23, master, el6, f25, f24] was orphaned by mrunge
 Multiprotocol approach to creating a webservice
 https://admin.fedoraproject.org/pkgdb/package/python-ladon
qr_mumps [f25, f24] was orphaned by sagitter
 A multithreaded multifrontal QR solver
 https://admin.fedoraproject.org/pkgdb/package/qr_mumps
tint2 [f23, el6] was orphaned by leigh123linux
 A lightweight X11 desktop panel and task manager
 https://admin.fedoraproject.org/pkgdb/package/tint2
uispec4j [f23, master, f25, epel7, f24] was orphaned by raphgro
 Java/Swing GUI testing made simple
 https://admin.fedoraproject.org/pkgdb/package/uispec4j
xfce-bluetooth [master, f25, epel7, f24] was orphaned by raphgro
 A simple bluetooth manager for Xfce
 https://admin.fedoraproject.org/pkgdb/package/xfce-bluetooth
zukitwo [epel7] was orphaned by leigh123linux
 Themes for GTK+2, GTK+3 and Metacity
 https://admin.fedoraproject.org/pkgdb/package/zukitwo

22 packages were retired
-
ascend [master] was retired by till
 ASCEND modelling environment
 https://admin.fedoraproject.org/pkgdb/package/ascend
canl-c++ [master] was retired by ellert
 EMI Common Authentication library - bindings for C++
 https://admin.fedoraproject.org/pkgdb/package/canl-c++
firehol [master, el6, epel7] was retired by till
 Simple and powerful firewall and traffic shaping languages
 https://admin.fedoraproject.org/pkgdb/package/firehol
gnome-web-photo [master] was retired by till
 HTML pages thumbnailer
 https://admin.fedoraproject.org/pkgdb/package/gnome-web-photo
jboss-classpool-scoped [master] was retired by till
 A custom class pool for several JBoss products
 https://admin.fedoraproject.org/pkgdb/package/jboss-classpool-scoped
jboss-reflect [master] was retired by till
 JBoss Reflection
 https://admin.fedoraproject.org/pkgdb/package/jboss-reflect
jbossxb [master] was retired by till
 JBoss XML Binding
 https://admin.fedoraproject.org/pkgdb/package/jbossxb
jdf-stacks-client [master] was retired by till
 JBoss Stacks Parser
 https://admin.fedoraproject.org/pkgdb/package/jdf-stacks-client
js-jquery [el5] was retired by till
 JavaScript DOM manipulation, event handling, and AJAX library
 https://admin.fedoraproject.org/pkgdb/package/js-jquery
js-jquery1 [el5] was retired by till
 JavaScript DOM manipulation, event handling, and AJAX library
 https://admin.fedoraproject.org/pkgdb/package/js-jquery1
librfm [master] was retired by till
 Rodent file manager basic library functionality
 https://admin.fedoraproject.org/pkgdb/package/librfm
maven-pmd-plugin [master] was retired by mbooth
 Maven PMD Plugin
 https://admin.fedoraproject.org/pkgdb/package/maven-pmd-plugin
php-phpseclib-math-biginteger [master] was retired by siwinski
 Pure-PHP arbitrary precision integer arithmetic library
 https://admin.fedoraproject.org/pkgdb/package/php-phpseclib-math-biginteger
pmd [master] was retired by mizdebsk
 Scans Java source code and looks for potential problems
 https://admin.fedoraproject.org/pkgdb/package/pmd
pmd-build-tools [master] was retired by mizdebsk
 PMD Build Plugin
 https://admin.fedoraproject.org/pkgdb/package/pmd-build-tools
qr_mumps [master, el6, epel7] was retired by sagitter
 A multithreaded multifrontal QR solver
 https://admin.fedoraproject.org/pkgdb/package/qr_mumps
rodent-icon-theme [master] was retired by till
 SVG scalable icon theme by Rodent
 https://admin.fedoraproject.org/pkgdb/package/rodent-icon-theme
smooks [master] was retired by till
 Smooks Framework
 https://admin.fedoraproject.org/pkgdb/package/smooks
snappy-player [master] was retired by till
 A Gnome media player
 https://admin.

Reviews Weekly

2016-12-12 Thread nobody 
Start Date: 2016-12-05 10:08:02.299778
End Date: 2016-12-12 10:08:02.299778

gil cattaneo : 3

https://bugzilla.redhat.com/show_bug.cgi?id=1403082 nom-tam-fits
https://bugzilla.redhat.com/show_bug.cgi?id=1398369 python-idstools
https://bugzilla.redhat.com/show_bug.cgi?id=1324020 cassandra


Antonio Trande : 2

https://bugzilla.redhat.com/show_bug.cgi?id=1398400 superlu_dist
https://bugzilla.redhat.com/show_bug.cgi?id=1399365 gap-pkg-xmod


Jakub Hrozek : 2

https://bugzilla.redhat.com/show_bug.cgi?id=1394789 neovim
https://bugzilla.redhat.com/show_bug.cgi?id=1401414 python-neovim


Randy Barlow : 2

https://bugzilla.redhat.com/show_bug.cgi?id=1395244 
python3-zope-event
https://bugzilla.redhat.com/show_bug.cgi?id=1395255 
python3-zope-interface


Adam Miller : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1401596 python-yamllint


Dennis Chen : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1393796 
golang-github-go-errors-error


Igor Gnatenko : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1402540 git-fame


Jeremy Newton : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1359914 lollypop


Jitka Plesnikova : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1403235 
perl-Net-LDAP-SID


MartinKG : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1379765 dolphin-emu


Petr Pisar : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1371158 ebtree


Tim Orling : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1402456 python3-idna


Tomas Orsava : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1401337 python-zeroconf


Wolfgang Ulbrich : 1

https://bugzilla.redhat.com/show_bug.cgi?id=1401961 madplay



Completed Review Requests: 19
This report was generated by bz-review-report.py.
The original source is available at: 
https://git.fedorahosted.org/cgit/triage.git/tree/scripts/bzReviewReport.py
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Zbigniew Jędrzejewski-Szmek 
On Mon, Dec 12, 2016 at 03:35:36PM +0100, Guido Aulisi wrote:
> Hi,
> I'm trying to complete an unofficial review
> (https://bugzilla.redhat.com/show_bug.cgi?id=1401450) to check my
> review skills :-), and I have some problems filling some MUST items
> which fedora-review leaves blanks.
> The items are:
> 
> 1) Sources contain only permissible code or content: this is very hard
> to check if source code is big enough; I'm quite sure that it doesn't
> contain content, but checking all source code would be a very long
> work. Can we rely on the license (GPLv3+)?

Like others mentioned, licensecheck helps a lot.

You cannot check every file of course, but files in a source tree
usually fall into a few groups, e.g. all .c/.h files that have the
same header, a few scripts in tools/ which have a different one, etc.
Also, it is quite common to embed other projects or parts of other
projects with a different license. So what I do is: try to get
a sense of what groups of files there are in the project, and look
at a sample from each group.

There's a caveat: the License tag specifies the license of the binary
package [1], so for example build scripts, configuration macros, tests
that are only used during build, makefiles, are all things which can a
stricter (or different) license than what License specifies.  They
have to be redistributable, but have no direct effect on the License
tag.

[1] 
https://fedoraproject.org/wiki/Licensing:FAQ?rd=Licensing/FAQ#What_is_.22effective_license.22_and_do_I_need_to_know_that_for_the_License:_tag.3F

> 
> 2) Package does not generate any conflict: do I have to install all
> Fedora packeges to check this or is there a better way to check that
> (maybe a query to the package database)?

fedora-review checks this for you. No need to do this by hand.

> 3) Package is not known to require an ExcludeArch tag: I think I need
> a scratch koji build to check this, but it was not done. Can I do a
> scratch build myself?

For noarch packages, you don't need to bother.
Every fedora packager can do a scratch build:
koji build  --scratch rawhide package.src.rpm
For compiled packages, it's good to do this check, although most of
the time it's fine if you skip it: after all, if the package does not
compile on some architecture, the maintainer of that package will not
be able to build it, so they'll have either fix that or add
ExcludeArch/ExclusiveArch anyway.

> 4) Package complies to the Packaging Guidelines: this seems to me like
> a catch all question, it summarizes all other items, doesn't it?

Yeah. The checklist in fedora-review requires contains a few strange
items. That is one. For others, the wording is rather strange:
"Package is not known to require an ExcludeArch tag",
"Package contains systemd file(s) if in need." ?
Take them with a grain of salt.

Zbyszek
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Jaroslav Skarvada 


- Original Message -
> 
> 
> - Original Message -
> > Hi,
> > 
> > Jaroslav wrote:
> >  > It still doesn't work for me:
> >  >
> >  > $ fedpkg scratch-build
> >  > Could not execute scratch_build: (-1765328370, 'KDC has no support for
> >  > encryption
> >  > type')
> >  >
> >  > $ klist
> >  > Default principal: jskarvad(a)FEDORAPROJECT.ORG
> >  >
> >  > Valid starting   Expires  Service principal
> >  > 12.12.2016 10:21:53  13.12.2016 10:21:48
> >  > krbtgt/FEDORAPROJECT.ORG(a)FEDORAPROJECT.ORG
> >  >  renew until 19.12.2016 10:21:48
> >  >
> >  > fedora-cert.noarch 0.6.0.0-1.fc24fedora-packager.noarch
> >  > 0.6.0.0-1.fc24
> >  > fedpkg.noarch 1.26-2.fc24koji.noarch 1.11.0-1.fc24
> >  > pyrpkg.noarch 1.47-3.fc24python2-cccolutils.x86_64
> >  > 1.4-1.fc24
> >  >
> >  > Not counting that the packages are available only through
> >  > updates-testing
> >  > in f24
> > 
> > I was getting the same error, I managed to fix it by creating a:
> > 
> > /etc/krb5.conf.d/redhat_com
> > 
> > With the following:
> > 
> > [realms]
> >   REDHAT.COM = {
> >kdc = $redhat_kdc
> >admin_server = $redhat_admin_server
> >default_domain = redhat.com
> >   }
> > 
> > [domain_realm]
> >   .redhat.com = REDHAT.COM
> >   redhat.com = REDHAT.COM
> > 
> > In there, with $redhat_kdc / $redhat_admin_server replaced with what
> > you've for these in your krb5.conf now.
> > 
> > And then replacing /etc/krb5.conf with the default one from the krb5-libs
> > package. After this you will need to redo kinit for both accounts, but then
> > it works.
> > 
> > Regards,
> > 
> > Hans
> 
> Hi Hans,
> 
> thanks for info, but it didn't help. Still the same error, even after
> removing /etc/krb5.conf.d/redhat_com
> 
> Jaroslav
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> 

I had custom ~/.k5identity, problem resolved by upgrade to
pyrpkg-1.47-4.fc24.noarch

thanks & regards

Jaroslav
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Michael Schwendt 
On Mon, 12 Dec 2016 15:56:33 +, Zbigniew Jędrzejewski-Szmek wrote:

> > 4) Package complies to the Packaging Guidelines: this seems to me like
> > a catch all question, it summarizes all other items, doesn't it?  
> 
> Yeah. The checklist in fedora-review requires contains a few strange
> items. That is one.

Funny you would say that. It's one of the items copied from the official
Review Guidelines: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Dave Love 
Dennis Gilmore  writes:

> Greetings. 
>
> As previously announced, releng has made a number of changes as part of
> it's 2016 "flag day". 
>
> All package maintainers will want to make sure they have updated to
> the 
> following package versions (some may be in testing as of this email):
>
>  python-cccolutils-1.4-1

"No package python-cccolutils available." from epel-testing (6 and 7).

>  fedpkg-1.26-2

That version isn't available, at least on RHEL6.  I haven't checked
further.

I was happy originally to be assured that this would work for those of
us who don't use Fedora.  Can we have an announcement if/when things
work on RHEL6, please.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Zbigniew Jędrzejewski-Szmek 
On Mon, Dec 12, 2016 at 03:56:33PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > 2) Package does not generate any conflict: do I have to install all
> > Fedora packeges to check this or is there a better way to check that
> > (maybe a query to the package database)?
> 
> fedora-review checks this for you. No need to do this by hand.

Actually it doesn't. But our tooling should support that and do it
automatically.

For now, I filed https://bugzilla.redhat.com/show_bug.cgi?id=1403934,
so that we can do 'dnf repoquery -f $(rpm -qpl package-under-review.rpm)'

Zbyszek
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Zbigniew Jędrzejewski-Szmek 
On Mon, Dec 12, 2016 at 05:09:58PM +0100, Michael Schwendt wrote:
> On Mon, 12 Dec 2016 15:56:33 +, Zbigniew Jędrzejewski-Szmek wrote:
> 
> > > 4) Package complies to the Packaging Guidelines: this seems to me like
> > > a catch all question, it summarizes all other items, doesn't it?  
> > 
> > Yeah. The checklist in fedora-review requires contains a few strange
> > items. That is one.
> 
> Funny you would say that. It's one of the items copied from the official
> Review Guidelines: https://fedoraproject.org/wiki/Packaging:ReviewGuidelines

It's like the OP said: there's a long list of checks for the
guidelines, and somewhere in the middle we have a question that
encompasses most of the others. This is not useful: the whole point of
a checklist is that it contains items which are small enough to be
checked. This question would be like an airplane pilot's checklist
saying "Are you flying the plane correctly?".

Zbyszek
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Jerry James 
On Mon, Dec 12, 2016 at 9:22 AM, Dave Love  wrote:
>> All package maintainers will want to make sure they have updated to
>> the
>> following package versions (some may be in testing as of this email):
>>
>>  python-cccolutils-1.4-1
>
> "No package python-cccolutils available." from epel-testing (6 and 7).
>
>>  fedpkg-1.26-2
>
> That version isn't available, at least on RHEL6.  I haven't checked
> further.
>
> I was happy originally to be assured that this would work for those of
> us who don't use Fedora.  Can we have an announcement if/when things
> work on RHEL6, please.

On F-26, I got python-cccolutils, and the new fedpkg and pyrpkg from
updates-testing, but:

# rpm -q fedora-packager
fedora-packager-0.5.10.7-3.fc25.noarch
# rpm -q koji
koji-1.10.1-13.fc25.noarch
# dnf --enablerepo=updates-testing upgrade fedora-packager koji
Last metadata expiration check: 0:16:39 ago on Mon Dec 12 09:13:41 2016.
Dependencies resolved.
Nothing to do.
Complete!
# dnf --enablerepo=updates-testing repoquery fedora-packager koji
Last metadata expiration check: 0:16:52 ago on Mon Dec 12 09:13:41 2016.
fedora-packager-0:0.5.10.7-3.fc25.noarch
koji-0:1.10.1-13.fc25.noarch

It looks like those 2 packages are in some kind of limbo, where
they've been yanked out of the updates-testing repository but haven't
yet made it into the stable repository.  Perhaps for future flag days
we could wait until all of the client side bits land in the stable
repository before flipping the switch on the server side to require
them?
-- 
Jerry James
http://www.jamezone.org/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Dave Love 
Dennis Gilmore  writes:

> See the general kerberos information at: 
> https://fedoraproject.org/wiki/Infrastructure_kerberos_authentication
> for more details.

I was going to try to authenticate, even if the tools won't work, but
that's missing the fundamental information about how to configure the
realm for clients.  What are the kdc(s) and admin_server (if
admin_server is relevant)?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: future of official optical media support in Fedora

2016-12-12 Thread Chris Murphy 
On Mon, Dec 12, 2016 at 3:35 AM, Ms Sanchez  wrote:

> No, impossible, now it's read only.

This is one way flash drives die. It could also be a firmware bug. But
in any case it's not due to writing Fedora installation media or we'd
have a thousand complaints like this if it were happening even 1% of
the time.

> I tried to format but there's problem
> with block sizes. If I try to format Gparted shows a warning  "Block sizes
> are of xx bytes but Linux says they are xx bytes"  and fails.

This is an expected side effect of the unusual partitioning being used
for ISOs. ISO 9660 defines a block size of 2048 bytes, where the USB
stick is 512 bytes, and sometimes the disconnect causes confusion.
Wiping the first 1M should fix it, or use the feature in FMW for this
purpose.

>  For some
> reason, Media Writer failed middle way in the process of making it bootable.

*shrug* without kernel messages it's kinda hard to say what went wrong
but in the absence of evidence I'll blame bad or dying media just
because it's so common.


> And it's not the first time it happens.  The previous one I fixed it running
> a programme, but I don't remember which one.
> So, I know it's not physically destroyed but to me it's almost the same, I
> lost the only USB stick I had for this purpose. The other one is for
> backups.

Use the f3 package to see if it's fake flash. It's pretty common, as
are transient problems.

-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Unofficial review MUST items

2016-12-12 Thread Michael Schwendt 
On Mon, 12 Dec 2016 16:29:39 +, Zbigniew Jędrzejewski-Szmek wrote:

> On Mon, Dec 12, 2016 at 05:09:58PM +0100, Michael Schwendt wrote:
> > On Mon, 12 Dec 2016 15:56:33 +, Zbigniew Jędrzejewski-Szmek wrote:
> >   
> > > > 4) Package complies to the Packaging Guidelines: this seems to me like
> > > > a catch all question, it summarizes all other items, doesn't it?
> > > 
> > > Yeah. The checklist in fedora-review requires contains a few strange
> > > items. That is one.  
> > 
> > Funny you would say that. It's one of the items copied from the official
> > Review Guidelines: 
> > https://fedoraproject.org/wiki/Packaging:ReviewGuidelines  
> 
> It's like the OP said: there's a long list of checks for the
> guidelines, and somewhere in the middle we have a question that
> encompasses most of the others. This is not useful: the whole point of
> a checklist is that it contains items which are small enough to be
> checked. This question would be like an airplane pilot's checklist
> saying "Are you flying the plane correctly?".

It has been pointed out several times before that it's a catch-all and
quite demanding as such. The entire checklist could be reduced to that
single MUST item. Hundreds of package review approvals have incorrectly
answered that checklist item as [X].

Don't blame fedora-review. Try to get the Review Guidelines changed first.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Petr Mensik 
Sure, I am really missing this information written on the wiki page. The secret 
is, they are in the DNS record. If you try 
$ host -t URI _kerberos.fedoraproject.org

you might get it. But some DNS servers seem to have trouble with this record. 
As Red Hat defaults have dns_lookup_realm = false, we need manual 
configuration. I think there are more people like us. I think this should be 
mentioned on https://fedoraproject.org/wiki/Infrastructure/Kerberos:

[realms]
 FEDORAPROJECT.ORG = {
   kdc = https://id.fedoraproject.org/KdcProxy
 }
[domain_realm]
 fedoraproject.org = FEDORAPROJECT.ORG
 .fedoraproject.org = FEDORAPROJECT.ORG


--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com  PGP: 65C6C973


- Original Message -
From: "Dave Love" 
To: devel@lists.fedoraproject.org
Sent: Monday, December 12, 2016 5:36:24 PM
Subject: Re: Packagers - Flag day 2016 Important changes

Dennis Gilmore  writes:

> See the general kerberos information at: 
> https://fedoraproject.org/wiki/Infrastructure_kerberos_authentication
> for more details.

I was going to try to authenticate, even if the tools won't work, but
that's missing the fundamental information about how to configure the
realm for clients.  What are the kdc(s) and admin_server (if
admin_server is relevant)?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Koji update to Kerberos problem

2016-12-12 Thread Kevin Fenzi 
To close out this thread (hopefully). 

There is some issue with the fas->ipa sync for some small number of
users. 

As far as I can see both zdohnal and mschorm are fixed for this issue
now and should be all working. 

If anyone else hits this issue, please file a ticket or talk to us on
#fedora-admin and we can get it fixed up. I have also added this to the
kerberos wiki page. 

kevin


pgp5CIKeVkDlO.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 12:32:33 +
Paul Howarth  wrote:

> There's an extra "A" in there.

oops. so there is. :) Sorry about that.

> Anyway, it's not working for me and it's a different error than
> others are seeing:

...snip...

> I tried logging into FAS and that worked but didn't help. It didn't 
> prompt me to change password either. I don't know if the "password 
> expired" thing is the source or a symptom of the problem.

Can you try again now? We adjusted a few things... 

If it still doesn't work, can you open a new issue on it?
https://pagure.io/fedora-infrastructure/new_issue

Thanks. 

kevin


pgpO210EitVIV.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 14:20:47 +0100
Louis Lagendijk  wrote:

> With these updates I can kinit to my username. This almost works:
> 
> kinit llagend...@fedoraproject.org
> Password for llagend...@fedoraproject.org: 
> Password expired.  You must change it now.
> Enter new password: 
> Enter it again: 
> kinit: Cannot find KDC for realm "FEDORAPROJECT.ORG" while getting
> initial credentials
> 
> After changing the password in FAS I can login. But it is strange that
> we use kerberos, but we cannot update the password

Please try again now. If it still doesn't work, please file an issue. 

(or just follow along on the same issue upthread). 

It is not at all surprising that it doesn't let you change the
password, as that is all done in FAS still. IPA only has a one way sync
on it. 

kevin


pgp2L93R2wt9k.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

missing credentials

2016-12-12 Thread Howard Howell 
HI, guys,
I have noticed that messages from Kevin Fenzi and Stephen
Gallagher do not load in evolution.  So I surmise that I am missing a
credential source or something.  Any guidelines... This seems to have
happened when I upgraded from F-24 via DNF if that makes any
difference.

I tried to reply to them privately, but evolution just hung up
and eventually gave me a time out error.

Regards,
Les H.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: missing credentials

2016-12-12 Thread Stephen Gallagher 
On 12/12/2016 12:10 PM, Howard Howell wrote:
> HI, guys,
>   I have noticed that messages from Kevin Fenzi and Stephen
> Gallagher do not load in evolution.  So I surmise that I am missing a
> credential source or something.  Any guidelines... This seems to have
> happened when I upgraded from F-24 via DNF if that makes any
> difference.
> 
>   I tried to reply to them privately, but evolution just hung up
> and eventually gave me a time out error.
> 


I suspect that evolution is having an issue with messages that are signed with
GPG keys (which both Kevin and I do by default). This is a mechanism I use so
that people can trust that what I sent actually came from me. (I'm not signing
this single message so that you can see the reply).

Probably worth filing a bug against Evolution.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Kernel 4.9 rebase plans

2016-12-12 Thread Laura Abbott 
Hi,

Kernel 4.9 was officially released yesterday, December 11. This kernel is
being built for rawhide today. The plan for bringing this kernel into 
F24/F25 is going to follow roughly the same schedule as in the past.
This means pushing the new rebase when we think it's stable enough.
In the past, this has happened around the .2 stable release (so 4.9.2
in this case). Given the holidays, this won't be happening until 2017
but we'll be monitoring closely. I'll update with more information
once it gets closer. As always, please let us know if you have any
questions.

Thanks,
Laura
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Vít Ondruch 


Dne 12.12.2016 v 17:22 Dave Love napsal(a):
> Dennis Gilmore  writes:
>
>> Greetings. 
>>
>> As previously announced, releng has made a number of changes as part of
>> it's 2016 "flag day". 
>>
>> All package maintainers will want to make sure they have updated to
>> the 
>> following package versions (some may be in testing as of this email):
>>
>>  python-cccolutils-1.4-1
> "No package python-cccolutils available." from epel-testing (6 and 7).

```
$ rpm -q python-cccolutils
package python-cccolutils is not installed

$ rpm -q python2-cccolutils
python2-cccolutils-1.4-1.fc26.x86_64
```

The python-cccolutils is actually the source package name ...


Vít
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 16:22:06 +
Dave Love  wrote:

> Dennis Gilmore  writes:
> 
> > Greetings. 
> >
> > As previously announced, releng has made a number of changes as
> > part of it's 2016 "flag day". 
> >
> > All package maintainers will want to make sure they have updated to
> > the 
> > following package versions (some may be in testing as of this
> > email):
> >
> >  python-cccolutils-1.4-1  
> 
> "No package python-cccolutils available." from epel-testing (6 and 7).

Odd. It was added 12 days ago. 

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aae672950a
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-96a64de312

Ah, the actual package produced is python2-cccolutils (from the
python-cccolutils package). 

python2-cccolutils.x86_64 1.4-1.el6 
epel-testing
 
> >  fedpkg-1.26-2  
> 
> That version isn't available, at least on RHEL6.  I haven't checked
> further.

Odd. I will inquire... 
 
> I was happy originally to be assured that this would work for those of
> us who don't use Fedora.  Can we have an announcement if/when things
> work on RHEL6, please.

Well, it should just take the missing updates. I will try and see what
happened to them... 

kevin


pgp8x_5LP4u85.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 09:35:05 -0700
Jerry James  wrote:

> On F-26, I got python-cccolutils, and the new fedpkg and pyrpkg from
> updates-testing, but:
> 
> # rpm -q fedora-packager
> fedora-packager-0.5.10.7-3.fc25.noarch
> # rpm -q koji
> koji-1.10.1-13.fc25.noarch
> # dnf --enablerepo=updates-testing upgrade fedora-packager koji
> Last metadata expiration check: 0:16:39 ago on Mon Dec 12 09:13:41
> 2016. Dependencies resolved.
> Nothing to do.
> Complete!
> # dnf --enablerepo=updates-testing repoquery fedora-packager koji
> Last metadata expiration check: 0:16:52 ago on Mon Dec 12 09:13:41
> 2016. fedora-packager-0:0.5.10.7-3.fc25.noarch
> koji-0:1.10.1-13.fc25.noarch
> 
> It looks like those 2 packages are in some kind of limbo, where
> they've been yanked out of the updates-testing repository but haven't
> yet made it into the stable repository.  Perhaps for future flag days
> we could wait until all of the client side bits land in the stable
> repository before flipping the switch on the server side to require
> them?

Yeah, it seems that the package was unpushed (when it was in testing)
and resubmitted for stable, so it's no longer in testing. ;( 

It should go out stable today. 

In the ideal world I completely agree, and we hoped to have everything
in place by flag day, but we found a number of last minute issues which
we had to fix in the packages. 

kevin


pgpTpz09gnYL_.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 10:15:05 -0700
Kevin Fenzi  wrote:

> On Mon, 12 Dec 2016 16:22:06 +
> Dave Love  wrote:
> 
> > Dennis Gilmore  writes:
> >   
> > > Greetings. 
> > >
> > > As previously announced, releng has made a number of changes as
> > > part of it's 2016 "flag day". 
> > >
> > > All package maintainers will want to make sure they have updated
> > > to the 
> > > following package versions (some may be in testing as of this
> > > email):
> > >
> > >  python-cccolutils-1.4-1
> > 
> > "No package python-cccolutils available." from epel-testing (6 and
> > 7).  
> 
> Odd. It was added 12 days ago. 
> 
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aae672950a
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-96a64de312
> 
> Ah, the actual package produced is python2-cccolutils (from the
> python-cccolutils package). 
> 
> python2-cccolutils.x86_64
> 1.4-1.el6 epel-testing 
> > >  fedpkg-1.26-2
> > 
> > That version isn't available, at least on RHEL6.  I haven't checked
> > further.  
> 
> Odd. I will inquire... 
>  
> > I was happy originally to be assured that this would work for those
> > of us who don't use Fedora.  Can we have an announcement if/when
> > things work on RHEL6, please.  
> 
> Well, it should just take the missing updates. I will try and see what
> happened to them... 

ok, what happened here is that there was a but in python-cccolutils
that needs fixing, then fedpkg and rpkg can be pushed out for epel6.

Hopefully that will occur today. 

kevin



pgp26J3eo3mcD.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 16:36:24 +
Dave Love  wrote:

> Dennis Gilmore  writes:
> 
> > See the general kerberos information at: 
> > https://fedoraproject.org/wiki/Infrastructure_kerberos_authentication
> > for more details.  
> 
> I was going to try to authenticate, even if the tools won't work, but
> that's missing the fundamental information about how to configure the
> realm for clients.  What are the kdc(s) and admin_server (if
> admin_server is relevant)?

fedora-packager-0.6.0 includes:

/etc/krb5.conf.d/fedoraproject_org
and
/etc/krb5.conf.d/stg_fedoraproject_org

which contain: 

[realms]
 FEDORAPROJECT.ORG = {
kdc = https://id.fedoraproject.org/KdcProxy
 }
[domain_realm]
 .fedoraproject.org = FEDORAPROJECT.ORG
 fedoraproject.org = FEDORAPROJECT.ORG

and

[realms]
 STG.FEDORAPROJECT.ORG = {
kdc = https://id.stg.fedoraproject.org/KdcProxy
 }
[domain_realm]
 .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
 stg.fedoraproject.org = STG.FEDORAPROJECT.ORG

That said, autodetect should also work, so you shouldn't actually need
those I don't think. 

kevin


pgpUZVyXJOOqE.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 11:49:47 -0500 (EST)
Petr Mensik  wrote:

> Sure, I am really missing this information written on the wiki page.
> The secret is, they are in the DNS record. If you try $ host -t URI
> _kerberos.fedoraproject.org
> 
> you might get it. But some DNS servers seem to have trouble with this
> record. As Red Hat defaults have dns_lookup_realm = false, we need
> manual configuration. I think there are more people like us. I think
> this should be mentioned on
> https://fedoraproject.org/wiki/Infrastructure/Kerberos:
> 
> [realms]
>  FEDORAPROJECT.ORG = {
>kdc = https://id.fedoraproject.org/KdcProxy
>  }
> [domain_realm]
>  fedoraproject.org = FEDORAPROJECT.ORG
>  .fedoraproject.org = FEDORAPROJECT.ORG

This is included in the fedora-packager-0.6.0 update. 

Make sure your /etc/krb5.conf has the include to include them
from /etc/krb5.conf.d/ though

kevin


pgp8EZ1OPP30P.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Matthew Miller 
In case you haven't seen: there was a recent kernel vulnerability in a
feature called "AF_PACKET". Most services don't need to use the raw
sockets this makes available, and on his blog*, Lennart Poettering notes
that systemd actually has a feature where services can whitelist or
blacklist address families, protecting them from not just this exploit
but similar classes.

The upcoming systemd v232 will include this by default for systemd's
own unit files. But, of course, that's a tiny subset of services in
Fedora. So

Question 1: How can we take advantage of this feature in specific? We
could bulk file a bunch of bugs. Or, what about turning on some more
restrictive defaults (AF_INET AF_INET6 AF_UNIX) on some flag day in
Rawhide, and having services which have different needs add exceptions
to their own unit files (either more or less restrictive).

Question 2: What about *other* systemd security features? The blog post
mentions restricting namespaces as an upcoming feature, and there are
other existing ones which we are not using systemically — like
PrivateTmp, ProtectSystem, etc. How can we take better advantage of
these?




* http://0pointer.net/blog/avoiding-cve-2016-8655-with-systemd.html


-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Packages up for grabs

2016-12-12 Thread Brian C. Lane 
In the spirit of the season I'm giving away packages :)

I am not using most of these anymore, so I'd like to send them off to a good 
home:

https://admin.fedoraproject.org/pkgdb/packager/bcl/ All the python-* packages,
plus pylint, docker-anaconda-addon, bip, mx, and livecd-tools.

Let me know which ones you want and I'll give them to you, otherwise they'll be
orphaned by Friday.


-- 
Brian C. Lane (PST8PDT)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Neal Gompa 
I'll take livecd-tools.

On Mon, Dec 12, 2016 at 1:22 PM, Brian C. Lane  wrote:
> In the spirit of the season I'm giving away packages :)
>
> I am not using most of these anymore, so I'd like to send them off to a good 
> home:
>
> https://admin.fedoraproject.org/pkgdb/packager/bcl/ All the python-* packages,
> plus pylint, docker-anaconda-addon, bip, mx, and livecd-tools.
>
> Let me know which ones you want and I'll give them to you, otherwise they'll 
> be
> orphaned by Friday.
>
>
> --
> Brian C. Lane (PST8PDT)
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org



-- 
真実はいつも一つ!/ Always, there's only one truth!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Christian Dersch 

I'll take pylint, python-astroid and python-sphinx-argparse.

On 12/12/2016 07:22 PM, Brian C. Lane wrote:

In the spirit of the season I'm giving away packages :)

I am not using most of these anymore, so I'd like to send them off to a good 
home:

https://admin.fedoraproject.org/pkgdb/packager/bcl/ All the python-* packages,
plus pylint, docker-anaconda-addon, bip, mx, and livecd-tools.

Let me know which ones you want and I'll give them to you, otherwise they'll be
orphaned by Friday.



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

[no subject]

2016-12-12 Thread Jon Ciesla 
On Mon, Dec 12, 2016 at 12:22 PM, Brian C. Lane  wrote:

> In the spirit of the season I'm giving away packages :)
>
> I am not using most of these anymore, so I'd like to send them off to a
> good home:
>
> https://admin.fedoraproject.org/pkgdb/packager/bcl/ All the python-*
> packages,
> plus pylint, docker-anaconda-addon, bip, mx, and livecd-tools.
>
> Let me know which ones you want and I'll give them to you, otherwise
> they'll be
> orphaned by Friday.
>
>
> --
> Brian C. Lane (PST8PDT)
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>

I'll take pylint and python-astroid.

-- 
http://cecinestpasunefromage.wordpress.com/

in your fear, seek only peace
in your fear, seek only love

-d. bowie
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: missing credentials

2016-12-12 Thread Michael Catanzaro 
On Mon, 2016-12-12 at 12:13 -0500, Stephen Gallagher wrote:
> I suspect that evolution is having an issue with messages that are
> signed with
> GPG keys (which both Kevin and I do by default). This is a mechanism
> I use so
> that people can trust that what I sent actually came from me. (I'm
> not signing
> this single message so that you can see the reply).
> 
> Probably worth filing a bug against Evolution.

That sounds highly plausible. evolution currently shells out to gpg
which is pretty fragile, so it's not very surprising that some issue
could cause it to hang forever. It needs to be rewritten to use GPGME.

Michael
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

i915 firmware not in Fedora?

2016-12-12 Thread Chris Murphy 
The firmware https://01.org/linuxgraphics/intel-linux-graphics-firmwares
is not included in Fedora Workstation by default, I'm also not finding
them in any repo.

I learned about this firmware from a bug I filed upstream and it's
recommended that it be used.
https://bugs.freedesktop.org/show_bug.cgi?id=99057

Are there problems including it in Fedora?


-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: i915 firmware not in Fedora?

2016-12-12 Thread Tom Hughes 

On 12/12/16 18:56, Chris Murphy wrote:


The firmware https://01.org/linuxgraphics/intel-linux-graphics-firmwares
is not included in Fedora Workstation by default, I'm also not finding
them in any repo.

I learned about this firmware from a bug I filed upstream and it's
recommended that it be used.
https://bugs.freedesktop.org/show_bug.cgi?id=99057

Are there problems including it in Fedora?


It's in linux-firmware isn't it? Here's what I see on F25:

dunsmere [~] % rpm -ql linux-firmware | fgrep i915
/usr/lib/firmware/i915
/usr/lib/firmware/i915/bxt_dmc_ver1.bin
/usr/lib/firmware/i915/bxt_dmc_ver1_07.bin
/usr/lib/firmware/i915/kbl_dmc_ver1.bin
/usr/lib/firmware/i915/kbl_dmc_ver1_01.bin
/usr/lib/firmware/i915/skl_dmc_ver1.bin
/usr/lib/firmware/i915/skl_dmc_ver1_23.bin
/usr/lib/firmware/i915/skl_dmc_ver1_26.bin
/usr/lib/firmware/i915/skl_guc_ver1.bin
/usr/lib/firmware/i915/skl_guc_ver4.bin
/usr/lib/firmware/i915/skl_guc_ver6.bin
/usr/lib/firmware/i915/skl_guc_ver6_1.bin
/usr/share/doc/linux-firmware/LICENSE.i915

Tom

--
Tom Hughes (t...@compton.nu)
http://compton.nu/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: i915 firmware not in Fedora?

2016-12-12 Thread Chris Murphy 
On Mon, Dec 12, 2016 at 12:23 PM, Tom Hughes  wrote:
> On 12/12/16 18:56, Chris Murphy wrote:
>
>> The firmware https://01.org/linuxgraphics/intel-linux-graphics-firmwares
>> is not included in Fedora Workstation by default, I'm also not finding
>> them in any repo.
>>
>> I learned about this firmware from a bug I filed upstream and it's
>> recommended that it be used.
>> https://bugs.freedesktop.org/show_bug.cgi?id=99057
>>
>> Are there problems including it in Fedora?
>
>
> It's in linux-firmware isn't it? Here's what I see on F25:
>
> dunsmere [~] % rpm -ql linux-firmware | fgrep i915
> /usr/lib/firmware/i915
> /usr/lib/firmware/i915/bxt_dmc_ver1.bin
> /usr/lib/firmware/i915/bxt_dmc_ver1_07.bin
> /usr/lib/firmware/i915/kbl_dmc_ver1.bin
> /usr/lib/firmware/i915/kbl_dmc_ver1_01.bin
> /usr/lib/firmware/i915/skl_dmc_ver1.bin
> /usr/lib/firmware/i915/skl_dmc_ver1_23.bin
> /usr/lib/firmware/i915/skl_dmc_ver1_26.bin
> /usr/lib/firmware/i915/skl_guc_ver1.bin
> /usr/lib/firmware/i915/skl_guc_ver4.bin
> /usr/lib/firmware/i915/skl_guc_ver6.bin
> /usr/lib/firmware/i915/skl_guc_ver6_1.bin
> /usr/share/doc/linux-firmware/LICENSE.i915

Indeed it is, I've updated the bug. But still something unexpected is going on:

[1.812375] [drm] Replacing VGA console driver
[1.818937] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
[1.818941] [drm] Driver supports precise vblank timestamp query.
[1.827858] [drm] Finished loading i915/skl_dmc_ver1_26.bin (v1.26)
[1.828224] vgaarb: device changed decodes:
PCI::00:02.0,olddecodes=io+mem,decodes=io+mem:owns=io+mem
[1.835177] [drm] GuC firmware load skipped

So the dmc firmware is being loaded but not the guc, which is present
in the same location. And it is in the initramfs.

[chris@f25h skl_guc_ver6_1]$ sudo lsinitrd
/boot/initramfs-4.9.0-0.rc8.git0.1.fc26.x86_64.img | grep skl
-rw-r--r--   1 root root 8928 Sep 23 05:51
usr/lib/firmware/i915/skl_dmc_ver1_26.bin
-rw-r--r--   1 root root   129024 Sep 23 05:51
usr/lib/firmware/i915/skl_guc_ver6_1.bin




-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Paul Wouters 

On Mon, 12 Dec 2016, Matthew Miller wrote:


Question 1: How can we take advantage of this feature in specific? We
could bulk file a bunch of bugs. Or, what about turning on some more
restrictive defaults (AF_INET AF_INET6 AF_UNIX) on some flag day in
Rawhide, and having services which have different needs add exceptions
to their own unit files (either more or less restrictive).


I don't see the use of a flag day. Everyone can (and should) implement
it in their services file and people can file bug reports for those that
do not?


Question 2: What about *other* systemd security features? The blog post
mentions restricting namespaces as an upcoming feature, and there are
other existing ones which we are not using systemically — like
PrivateTmp, ProtectSystem, etc. How can we take better advantage of
these?


Same?

Note that I wonder if restricting address families really belongs in
systemd. Why isnt this a libcap-ng capability? That way my software
can support this without depending on systemd.

Paul
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: i915 firmware not in Fedora?

2016-12-12 Thread Dan Williams 
On Mon, 2016-12-12 at 12:26 -0700, Chris Murphy wrote:
> On Mon, Dec 12, 2016 at 12:23 PM, Tom Hughes  wrote:
> > 
> > On 12/12/16 18:56, Chris Murphy wrote:
> > 
> > > 
> > > The firmware https://01.org/linuxgraphics/intel-linux-graphics-fi
> > > rmwares
> > > is not included in Fedora Workstation by default, I'm also not
> > > finding
> > > them in any repo.
> > > 
> > > I learned about this firmware from a bug I filed upstream and
> > > it's
> > > recommended that it be used.
> > > https://bugs.freedesktop.org/show_bug.cgi?id=99057
> > > 
> > > Are there problems including it in Fedora?
> > 
> > 
> > It's in linux-firmware isn't it? Here's what I see on F25:
> > 
> > dunsmere [~] % rpm -ql linux-firmware | fgrep i915
> > /usr/lib/firmware/i915
> > /usr/lib/firmware/i915/bxt_dmc_ver1.bin
> > /usr/lib/firmware/i915/bxt_dmc_ver1_07.bin
> > /usr/lib/firmware/i915/kbl_dmc_ver1.bin
> > /usr/lib/firmware/i915/kbl_dmc_ver1_01.bin
> > /usr/lib/firmware/i915/skl_dmc_ver1.bin
> > /usr/lib/firmware/i915/skl_dmc_ver1_23.bin
> > /usr/lib/firmware/i915/skl_dmc_ver1_26.bin
> > /usr/lib/firmware/i915/skl_guc_ver1.bin
> > /usr/lib/firmware/i915/skl_guc_ver4.bin
> > /usr/lib/firmware/i915/skl_guc_ver6.bin
> > /usr/lib/firmware/i915/skl_guc_ver6_1.bin
> > /usr/share/doc/linux-firmware/LICENSE.i915
> 
> Indeed it is, I've updated the bug. But still something unexpected is
> going on:
> 
> [1.812375] [drm] Replacing VGA console driver
> [1.818937] [drm] Supports vblank timestamp caching Rev 2
> (21.10.2013).
> [1.818941] [drm] Driver supports precise vblank timestamp query.
> [1.827858] [drm] Finished loading i915/skl_dmc_ver1_26.bin
> (v1.26)
> [1.828224] vgaarb: device changed decodes:
> PCI::00:02.0,olddecodes=io+mem,decodes=io+mem:owns=io+mem
> [1.835177] [drm] GuC firmware load skipped

"modinfo i915 | grep guc" says:

parm: enable_guc_loading:Enable GuC firmware loading (-1=auto, 0=never 
[default], 1=if available, 2=required) (int)

I'd guess upstream just isn't ready to enable GUC firmware loading by
default. If you set that parameter to -1 (autodetect) it might work.

Dan
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Christopher 
On Mon, Dec 12, 2016 at 10:03 AM Stephen Gallagher 
wrote:

> On 12/12/2016 04:53 AM, Vít Ondruch wrote:
> > So several questions:
> >
> > 1) When I have 2 domains I login to with kerberos, how to really make it
> > work. I don't want to kswitch all the time. I am using Kerberos to
> > authenticate my email client, so I want to keep it working all the time.
> >
>
> There are patches still coming that will switch the fedora packaging tools
> to
> use GSSAPI rather than Kerberos directly, which will handle auto-selecting
> the
> right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk
> (CCed)
> was looking into it.
>
>
> > 2) I needed to update a certificate every 6 months, now I need to kinit
> > every day. This is regression. How to make it work without kinit at all.
> > I am using SSSD for company kerberos and I don't need to kinit at all,
> > how to make this work for Fedora?
> >
>
> If you're using GNOME, it will be possible to have it save your TGT
> password in
> GNOME Keyring and use GNOME Online Accounts to sign you in automatically
> when
> you log into your main account. However, there is currently a bug in it:
> https://bugzilla.redhat.com/show_bug.cgi?id=1401605
>
> I'm running with the patch proposed in that ticket and it has fixed the
> issue
> for me, so I know it works.
>
>
> Another (not recommended) option would be to put:
>
> echo "" | kinit usern...@fedoraproject.org
>
>
Better yet, save your password in gnome-keyring:
keyring set login fedora
And retrieve it for kinit:
keyring get login fedora | kinit usern...@fedoraproject.org

(requires python-keyring and python-SecretStorage)

somewhere into your session-start scripts (but of course, this would require
> your password in plaintext somewhere).
>
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>
-- 
Christopher
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Enable coredumpctl by default

2016-12-12 Thread Nicholas Miell 

On 12/05/2016 08:54 AM, Jan Kurik wrote:

= System Wide Change: Enable coredumpctl by default =
https://fedoraproject.org/wiki/Changes/coredumpctl

Change owner(s):
* Michael Catanzaro 

Enable coredumpctl by default. Core dumps will be stored in the system
journal rather than created in the crashing process's current working
directory by ABRT.



systemd-coredump (or, rather, journald) ignores the split between system 
accounts and user accounts as configured in /etc/login.defs ("the 
authoritative definition of UID/GID space allocation", according to the 
Fedora wiki) and instead hard codes 1000 as the split*.


The end result is that when systemd-coredump enabled, unprivileged users 
cannot access their own core dumps. (Or any of their own logs in journald.)


This means that if you are a loyal Fedora user that initially installed 
before the change from 500 to 1000 (Fedora 15 or earlier) and have been 
faithfully upgrading from release to release, enabling systemd-coredump 
by default in Fedora 26 will be a regression in functionality.


systemd-coredump should not be enabled by default in Fedora until this 
bug is fixed by the systemd developers.





*: It's actually more egregious than that: /etc/login.defs is parsed on 
the build machine at compile time and the extracted value is hard coded 
into the various systemd executables which then completely ignore 
/etc/login.defs at run time.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: i915 firmware not in Fedora?

2016-12-12 Thread Chris Murphy 
On Mon, Dec 12, 2016 at 12:42 PM, Dan Williams  wrote:
> On Mon, 2016-12-12 at 12:26 -0700, Chris Murphy wrote:
>> On Mon, Dec 12, 2016 at 12:23 PM, Tom Hughes  wrote:
>> >
>> > On 12/12/16 18:56, Chris Murphy wrote:
>> >
>> > >
>> > > The firmware https://01.org/linuxgraphics/intel-linux-graphics-fi
>> > > rmwares
>> > > is not included in Fedora Workstation by default, I'm also not
>> > > finding
>> > > them in any repo.
>> > >
>> > > I learned about this firmware from a bug I filed upstream and
>> > > it's
>> > > recommended that it be used.
>> > > https://bugs.freedesktop.org/show_bug.cgi?id=99057
>> > >
>> > > Are there problems including it in Fedora?
>> >
>> >
>> > It's in linux-firmware isn't it? Here's what I see on F25:
>> >
>> > dunsmere [~] % rpm -ql linux-firmware | fgrep i915
>> > /usr/lib/firmware/i915
>> > /usr/lib/firmware/i915/bxt_dmc_ver1.bin
>> > /usr/lib/firmware/i915/bxt_dmc_ver1_07.bin
>> > /usr/lib/firmware/i915/kbl_dmc_ver1.bin
>> > /usr/lib/firmware/i915/kbl_dmc_ver1_01.bin
>> > /usr/lib/firmware/i915/skl_dmc_ver1.bin
>> > /usr/lib/firmware/i915/skl_dmc_ver1_23.bin
>> > /usr/lib/firmware/i915/skl_dmc_ver1_26.bin
>> > /usr/lib/firmware/i915/skl_guc_ver1.bin
>> > /usr/lib/firmware/i915/skl_guc_ver4.bin
>> > /usr/lib/firmware/i915/skl_guc_ver6.bin
>> > /usr/lib/firmware/i915/skl_guc_ver6_1.bin
>> > /usr/share/doc/linux-firmware/LICENSE.i915
>>
>> Indeed it is, I've updated the bug. But still something unexpected is
>> going on:
>>
>> [1.812375] [drm] Replacing VGA console driver
>> [1.818937] [drm] Supports vblank timestamp caching Rev 2
>> (21.10.2013).
>> [1.818941] [drm] Driver supports precise vblank timestamp query.
>> [1.827858] [drm] Finished loading i915/skl_dmc_ver1_26.bin
>> (v1.26)
>> [1.828224] vgaarb: device changed decodes:
>> PCI::00:02.0,olddecodes=io+mem,decodes=io+mem:owns=io+mem
>> [1.835177] [drm] GuC firmware load skipped
>
> "modinfo i915 | grep guc" says:
>
> parm: enable_guc_loading:Enable GuC firmware loading (-1=auto, 0=never 
> [default], 1=if available, 2=required) (int)
>
> I'd guess upstream just isn't ready to enable GUC firmware loading by
> default. If you set that parameter to -1 (autodetect) it might work.

Good catch.

-- 
Chris Murphy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Tomasz Torcz 
On Mon, Dec 12, 2016 at 01:14:27PM -0500, Matthew Miller wrote:
> In case you haven't seen: there was a recent kernel vulnerability in a
> feature called "AF_PACKET". Most services don't need to use the raw
> sockets this makes available, and on his blog*, Lennart Poettering notes
> that systemd actually has a feature where services can whitelist or
> blacklist address families, protecting them from not just this exploit
> but similar classes.
> 
> The upcoming systemd v232 will include this by default for systemd's
> own unit files. But, of course, that's a tiny subset of services in
> Fedora. So
> 
> Question 1: How can we take advantage of this feature in specific? We
> could bulk file a bunch of bugs. Or, what about turning on some more
> restrictive defaults (AF_INET AF_INET6 AF_UNIX) on some flag day in
> Rawhide, and having services which have different needs add exceptions
> to their own unit files (either more or less restrictive).

  If you go this route, please do not file the bugs in Fedora bugzilla,
but in corresponding upstream projects.  We shouldn't diverge from
upstream units, and patching units downstream is just that - a divergence.


-- 
Tomasz Torcz Morality must always be based on practicality.
xmpp: zdzich...@chrome.pl-- Baron Vladimir Harkonnen
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Lennart Poettering 
On Mon, 12.12.16 14:41, Paul Wouters (p...@nohats.ca) wrote:

> Note that I wonder if restricting address families really belongs in
> systemd. Why isnt this a libcap-ng capability? That way my software
> can support this without depending on systemd.

hu?

libcap-ng is a library to manage Linux process capabilities.

RestrictAddressFamilies= is a unit file setting, all you have to do
enable it in the unit files of your choice, and the service it runs
then loses access to a specific AF_xyz family (or all but a specific
one). It's implementation is based on Linux seccomp, a kernel facility
entirely unrelated to Linux process capabilities.

And there's no talk of having to "depend" on systemd for this to
work. If you ship a systemd unit file in your package (and, quite
frankly you have to if your package contains a service of some kind,
this is Fedora after all), then all you need to do is add a line
RestrictAddressFamilies= to it.

Ideally, you'd ship such a unit file upstream. But if you don't want
your stuff tainted by the horrible idea of shipping systemd unit files
upstream, then it's totally enough to make this change downstream in
the RPM.

Of course, you can also set up seccomp filters yourself, in your
daemon, in C code, by using libseccomp. It's great if you do, and
that's totally possible, and can be functionality-wise entirely
equivalent. The only difference is: systemd makes all of this
trivially easy to use, by making this a single-line change in a unit
file without involving C hacking.

Lennart

-- 
Lennart Poettering, Red Hat
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Lennart Poettering 
On Mon, 12.12.16 13:14, Matthew Miller (mat...@fedoraproject.org) wrote:

> Question 2: What about *other* systemd security features? The blog post
> mentions restricting namespaces as an upcoming feature, and there are
> other existing ones which we are not using systemically — like
> PrivateTmp, ProtectSystem, etc. How can we take better advantage of
> these?

Hmm, yeah, I should probably blog more about all the nice sandboxing
features we have now in systemd. There's quite some stuff now we
should enable wherever we can. Specifically ProtectSystem=,
ProtectHome=, ProtectKernelTunables=, ProtectKernelModules=,
ProtectedControlGroups=, PrivateUsers=, PrivateTmp=, PrivateDevices=,
PrivateNetwork=, SystemCallFilter=, RestrictAddressFamilies=,
RestrictNamespaces=, MemoryDenyWriteExecute=, RestrictRealtime=.

For now, the only docs available for them are the man pages. Not all
of them are available on all currently maintained Fedoras, but a good
chunk is.

Lennart

-- 
Lennart Poettering, Red Hat
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Richard W.M. Jones 
On Mon, Dec 12, 2016 at 01:24:25PM -0500, Neal Gompa wrote:
> I'll take livecd-tools.

I added myself to that one too, since we use it for building
the virt-p2v ISO.

However I'd like more information on what's happening with
livecd-tools.  Since (seemingly) forever it has been deprecated, but
nothing replaced its exact functionality.

And then recently it was ported to use DNF, and so it's now maintained
again, or it it?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 10:53:39 +0100
Vít Ondruch  wrote:

> So several questions:
> 
> 1) When I have 2 domains I login to with kerberos, how to really make
> it work. I don't want to kswitch all the time. I am using Kerberos to
> authenticate my email client, so I want to keep it working all the
> time.

Fedora should work just fine with other domains. It doesn't need to be
the primary. 

> 2) I needed to update a certificate every 6 months, now I need to
> kinit every day. This is regression. How to make it work without
> kinit at all. I am using SSSD for company kerberos and I don't need
> to kinit at all, how to make this work for Fedora?

I really wish people would stop using that word. 
https://ohjeezlinux.wordpress.com/2013/01/03/new-rule-about-regressions/

Anyhow, this is just a change in behavior that you don't like. 

First, I'll note you don't need to get a new ticket every day, you can
just renew with 'kinit -R'. I am not sure what env kinit needs, but you
may even be able to do this from a cron job. That will work for 1 week. 

As sgallagh noted downthread, gnome online accounts will hopefully
handle this for you soon as soon as that one bug is fixed. 

Finally, I'll note that these tickets are more powerfull than the old
certs. The certs controlled authentication to just koji and uploads,
while tickets allow you to login to almost all our web apps as well. 

kevin


pgp3PgomZjqiT.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Kevin Fenzi 
On Mon, 12 Dec 2016 21:31:40 +
"Richard W.M. Jones"  wrote:

> On Mon, Dec 12, 2016 at 01:24:25PM -0500, Neal Gompa wrote:
> > I'll take livecd-tools.  
> 
> I added myself to that one too, since we use it for building
> the virt-p2v ISO.
> 
> However I'd like more information on what's happening with
> livecd-tools.  Since (seemingly) forever it has been deprecated, but
> nothing replaced its exact functionality.

The official Fedora images are made using livemedia-creator, which is
part of lorax. 

appliance-creator is used for making arm images and it still needs
livecd-tools, but there's plans to port it to livemedia-creator too. 

> And then recently it was ported to use DNF, and so it's now maintained
> again, or it it?

I'll let the folks who worked on that chime in on their plans.
I have no idea. 

kevin




pgpiWw8EWB2mh.pgp
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Un-retiring QCad

2016-12-12 Thread Przemek Klosowski 

On 12/10/2016 07:12 AM, Antonio Trande wrote:

On 12/09/2016 08:43 PM, Przemek Klosowski wrote:

On 12/06/2016 08:25 AM, Antonio Trande wrote:

This is an un-retiring request for QCad on Fedora
(https://admin.fedoraproject.org/pkgdb/package/rpms/qcad/). Now upstream
provides an open-source community edition version of QCad

Could you comment on the current relationship of QCad to its fork
LibreCAD, available in Fedora from librecad.org?
I believe librecad was forked for licensing and/or maintenance issues,
so I am glad to hear that moved forward, but can you give some
background on where the situation stands now as to the relative merits
of both projects?



Are you saying that QCad cannot be easily maintained on Fedora?
Current relationship of QCad to its fork LibreCAD is not a pertinent
matter to the packaging  for me.
I am not saying anything---I am asking this question to find out what 
are the relative merits of both projects, since their web pages do not 
directly make such comparisons.


The reason why I'm asking is that I believe that in general FOSS 
projects should fork as little as possible, and merge as much as 
possible, to avoid duplication of effort. There are circumstances where 
the fork is the only solution, of course, and I am asking what are the 
circumstances in this case.


Greetings

p
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

getentropy and getrandom coming to glibc in Fedora rawhide

2016-12-12 Thread Florian Weimer 
glibc-2.24.90-23.fc26 in rawhide is the first version which adds 
getentropy and getrandom.  (The ppc64 build is still running, but I 
assume it will complete eventually.)


The implementation resides in the new  header.  As this is 
not a POSIX header, no feature test macros are required.  getentropy is 
intended for seeding a PRNG (such as RAND_bytes in OpenSSL).  getrandom 
is the lower-level system call wrapper.


The implementation does not have any protection against symbol 
interposition because I could not get that approved upstream.  We might 
change that before the next glibc release, but in the meantime, we need 
to remove all definitions of getrandom or getentropy with external 
linkage from applications and libraries.  I'll file bugs as required.


(Otherwise, symbol interposition kicks in, and libraries such as OpenSSL 
or GNUTLS might not get the symbol they expect, but something else. 
Symbol interposition is triggered even by legacy code which does not 
include , merely by defining a public symbol with the name 
getentropy or getrandom.)


Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Adam Williamson 
On Mon, 2016-12-12 at 10:22 -0800, Brian C. Lane wrote:
> In the spirit of the season I'm giving away packages :)
> 
> I am not using most of these anymore, so I'd like to send them off to a good 
> home:
> 
> https://admin.fedoraproject.org/pkgdb/packager/bcl/ All the python-* packages,
> plus pylint, docker-anaconda-addon, bip, mx, and livecd-tools.
> 
> Let me know which ones you want and I'll give them to you, otherwise they'll 
> be
> orphaned by Friday.

I'll take bip at least for now, but I reserve the right to switch to
znc or whatever the rest of the world is using and ditch it soon :)
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packages up for grabs

2016-12-12 Thread Adam Williamson 
On Mon, 2016-12-12 at 14:35 -0700, Kevin Fenzi wrote:
> 
> > And then recently it was ported to use DNF, and so it's now maintained
> > again, or it it?
> 
> I'll let the folks who worked on that chime in on their plans.
> I have no idea. 

AIUI the people who did that work are folks who build a few
different Fedora variants and don't like how livemedia-creator works.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

FAmSCo elections - December 2016/January 2017

2016-12-12 Thread Jan Kurik 
Greetings,

FAmSCo elections are now open and we're looking for new candidates:
https://fedoraproject.org/wiki/Elections

For FAmSCo we have opened seven seats:
https://fedoraproject.org/wiki/FAmSCo_nominations

The Elections schedule is as follows:
* December 13 - December 19: Nomination period open (closes promptly at
23:59 UTC on December 19th)
* December 20 - January 09: Campaign period. Individual blog posts, etc.
encouraged. We will also have an interview with answers published on the
Fedora Community Blog.
* January 10 - January 16: Voting open (closes promptly at 23:59 UTC on
January 16th)
* January 17: Results announcement

Elections Questionnaire needs more questions for email/Community blog
interviews! If you have anything you would like to ask candidates to
FAmSCo, please add it to the wiki.
https://fedoraproject.org/wiki/Elections/Questionnaire#FAmSCo

Read more about the FAmSCo at:
https://fedoraproject.org/wiki/Fedora_Ambassadors_Steering_Committee

Thanks for your support,
Jan
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Rahul Sundaram 
Hi

On Mon, Dec 12, 2016 at 4:03 PM Lennart Poettering
> Hmm, yeah, I should probably blog more about all the nice sandboxing

> features we have now in systemd.


It would be useful if we can set these type of options as system wide - for
both the distribution/vendor and for admin overrides with services that can
opt out rather than opt-in

Rahul
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: CVE-2016-8655, systemd, and Fedora

2016-12-12 Thread Paul Wouters 

On Mon, 12 Dec 2016, Lennart Poettering wrote:


Note that I wonder if restricting address families really belongs in
systemd. Why isnt this a libcap-ng capability? That way my software
can support this without depending on systemd.


hu?

libcap-ng is a library to manage Linux process capabilities.

RestrictAddressFamilies= is a unit file setting, all you have to do
enable it in the unit files of your choice, and the service it runs
then loses access to a specific AF_xyz family (or all but a specific
one). It's implementation is based on Linux seccomp, a kernel facility
entirely unrelated to Linux process capabilities.


Oh, I didn't realise it used seccomp. Never mind then. Those who
implemented something using libseccomp I guess could do this also
independently of systemd.


And there's no talk of having to "depend" on systemd for this to
work. If you ship a systemd unit file in your package (and, quite
frankly you have to if your package contains a service of some kind,
this is Fedora after all), then all you need to do is add a line
RestrictAddressFamilies= to it.


I was talking with my (libreswan) upstream hat on. In general, we try
and support things independent of kernel or OS.


Ideally, you'd ship such a unit file upstream. But if you don't want
your stuff tainted by the horrible idea of shipping systemd unit files
upstream, then it's totally enough to make this change downstream in
the RPM.


Yes, we auto-detect systemd and ship service fils there too. And even
support systemd native things like sd_notify() when available :P


Of course, you can also set up seccomp filters yourself, in your
daemon, in C code, by using libseccomp. It's great if you do


We do.


that's totally possible, and can be functionality-wise entirely
equivalent. The only difference is: systemd makes all of this
trivially easy to use, by making this a single-line change in a unit
file without involving C hacking.


For us (libreswan) it probably makes less sense to restrict address
family in the daemon. Our daemon just listens to UDP 500/4500, so it
would never be affected by any other kind of address families.

Paul
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Packagers - Flag day 2016 Important changes

2016-12-12 Thread Chenxiong Qi 



On 12/12/2016 12:37 PM, Chenxiong Qi wrote:



On 12/12/2016 08:58 AM, Josh Boyer wrote:

On Sun, Dec 11, 2016 at 7:34 PM, Dennis Gilmore  wrote:

Greetings.

As previously announced, releng has made a number of changes as part of
it's 2016 "flag day".

All package maintainers will want to make sure they have updated to
the
following package versions (some may be in testing as of this email):

 python-cccolutils-1.4-1
 fedpkg-1.26-2


There will be a new build fedpkg-1.26-3 today, that
contains two fixes found during the testing.

https://pagure.io/fedpkg/c/28897b7f9365f36713b87eb475d721854f3abfa1?branch=master

https://pagure.io/fedpkg/c/4a5ea803d3fed49287f7feb4a750e86565d7?branch=master


Thanks Igor for fixing the issue.



New build fedpkg-1.26-3 is now available in Koji and bodhi process. This 
should work well with pkgs and Koji. Anyway, please have a try and test 
it in your workflow.



 fedora-packager-0.6.0.0-1
 pyrpkg-1.47-3
 koji-1.11.0-1


Note that only python-cccolutils is in stable for F25.  The rest are
all still in updates-testing.

josh
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org





--
Regards,
Chenxiong Qi
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

[Fedocal] Reminder meeting : Modularity WG

2016-12-12 Thread jkurik 
Dear all,

You are kindly invited to the meeting:
   Modularity WG on 2016-12-13 from 15:00:00 to 16:00:00 UTC
   At fedora-meetin...@irc.freenode.net

The meeting will be about:
Meeting for the Modularity Working Group.

More information available at: [Modularity Working Group wiki 
page](https://fedoraproject.org/wiki/Modularity_Working_Group)

The agenda for the meeting is available at [modularity-wg-agendas 
pad](http://piratepad.nl/modularity-wg-agendas).



Source: https://apps.fedoraproject.org/calendar/meeting/4697/

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: F26 System Wide Change: Golang 1.8

2016-12-12 Thread jfilak 

Jakub,




can we enable coredumping for Go programs by default - i.e. set GOTRACEBACK=
crash?




Currently, Go terminate  a process that panic and prints out an error 
message on stderr.

This approach does not provide much room for automatic Go panic detection.










Regards,

Jakub

ABRT





-- Původní zpráva --
Od: Jan Kurik 
Komu: Development discussions related to Fedora , devel-annou...@lists.fedoraproject.org
Datum: 12. 12. 2016 12:32:15
Předmět: F26 System Wide Change: Golang 1.8

"= Proposed System Wide Change: Golang 1.8 =
https://fedoraproject.org/wiki/Changes/golang1.8

Change owner(s):
* Jakub Čajka 

Rebase of Golang package to upcoming version 1.8 in Fedora 26,
including rebuild of all dependent packages.


== Detailed Description ==
Rebase of Golang package to upcoming version 1.8 in Fedora 26. Golang
1.8 is schedule to be released in Feb. Due to current nature of Go
packages, rebuild of dependent package will be required to pick up the
changes.


== Scope ==
* Proposal owners:
Rebase golang package in f26, help with resolving possible issues
found during package rebuilds.

* Other developers:
fix possible issues

* Release engineering:
As there is scheduled mass-rebuild, nothing should be required.

* List of deliverables: N/A

* Policies and guidelines: N/A

* Trademark approval: N/A
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
___
devel-announce mailing list -- devel-annou...@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org
"___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org