Re: equivalent of Debian config-package?

[devzero2000]

Il gio 31 mag 2018, 13:42 Neal Gompa  ha scritto:

> On Thu, May 31, 2018 at 6:54 AM Dave Love 
> wrote:
> >
> > Is there any existing system for rpm like the Debian one
> >  for building local
> > configuration packages?  If not, would it be feasible to implement one?
>
> No such thing currently exists, because an equivalent to `dpkg-divert`
> does not exist in RPM.
>
> It is technically possible to implement such a mechanism, but it does
> not exist right now.
>
> A toy WIP never completed is here :
>

https://github.com/yersinia/rpm-gen-rpm-configuration

>
>
> --
> 真実はいつも一つ！/ Always, there's only one truth!
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/BMDUJ3ANQG6OJRWBWOOFU72OJ56WVF2G/
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/ZJVWOABDP3WIZUECMRFVNMBJ7PX5PLUL/

Re: BIND 9.10.1 beta with seccomp functionality

[devzero2000]

Il 19/Ago/2014 17:10 "Tomas Hozza"  ha scritto:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello.
>
> ISC is working on new BIND 9.10 release which includes the seccomp
> functionality. It can be turned on by configuring BIND before build with
> "--enable-seccomp".
>
> ISC asked me to kindly ask Fedora community if they would be willing to
> test it. Currently I'm working on rebasing BIND to 9.10 in rawhide.
> However it is still not finished. Since DHCP (including dhclient)
> depends on BIND libraries I'm not able to easily provide a testing RPMs
> that would be installable.
>
> In the future I would like to turn the feature on by default.
>
> So if you are willing to test the feature, you can download latest BIND
> 9.10.1b2 on http://www.isc.org/downloads/
>
> Configure it with "--enable-seccomp" and you're good to go.
>
> You can send your feedback to bind-beta-respo...@lists.isc.org,
> bind-us...@lists.isc.org or bind-b...@isc.org
>
> Some words about the feature from the contributor:
> "It goes further than a chroot. chroot limits an attacker to a
> filesystem. it doesn't prevent the attacker from running his "exploit"
> aka nefarious code and making socket connections over the internet that
> would give him some kind of backdoor access where he can remotely
> execute his code.
>
> That's where seccomp kicks in, it acts as a 2nd wall of defence. In case
> of a security hole being present in the server process, it goes further
> than a chroot, it prevents the attacker from making socket connections
> orexecuting his code, as his "playing field" is significantly reduced.
> There's very little he can do.”

Are there some duplication of security feature that some mac system offer
as selinux, in first place ? Sure someone can Tell that selinux could be
disabled by the lazy sysadmin.

Thanks

Best regards
>
> Thank you.
>
> Regards,
> - --
> Tomas Hozza
> Software Engineer - EMEA ENG Developer Experience
>
> PGP: 1D9F3C2D
> Red Hat Inc.   http://cz.redhat.com
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJT82i/AAoJEMWIetUdnzwtooYH/1hffLhpDtY1zTPNVtSlFLUx
> 236mJQGZMS5jsHAKPtd354qLCSMSIBTEeeGPCUkV9YC3ZtrF+wT6FCN1XFgDylpr
> 7S2toCAVOpjbPIUIOJZ8HvRZENb//KGxUHg8GrlIfHZMeXB9EXhvaTcxLC1QTX04
> JSZyQKXIaDWurTGM/AQESAwHkIWK1vaubmrI2dt8L0mp9e5RWc3N/sb5XAup0jfa
> zfkP/oPsmeS6mZvKdoc/BiwDDj8bLm8NBLHFO++tES0e43HnWAo9+H4HqSNuX5JQ
> 0q4a11zy55VtL8G99kzGN64gdvtXbiNDVuxulecWxxK9BUncHv3aXu5t4ggO0yg=
> =MtKc
> -END PGP SIGNATURE-
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: FTBFS if "-Werror=format-security" flag is used

[devzero2000]

On Wed, Dec 4, 2013 at 7:29 PM, Daniel P. Berrange  wrote:
> On Wed, Dec 04, 2013 at 07:10:39PM +0100, Brendan Jones wrote:
>>
>> This is just a pain. Can someone explain to me why this is good?
>
> If you read the bug description you'll see the link which
> answers your question.
>
>   https://fedoraproject.org/wiki/Format-Security-FAQ
Interesting, for me almost,  that many refs are from debian/ubuntu world.

Best Regards

>
> Daniel
> --
> |: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org  -o- http://virt-manager.org :|
> |: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Ananconda

[devzero2000]

On Sat, Sep 21, 2013 at 8:12 PM, Phil Dobbin  wrote:

> Hi, all.
>
> I was wondering as to why Ananconda has no facility to overwrite a distro
> already present on the target machine. I've studied it & apart from
> destroying the existing partition with GParted there seems to be no other
> way (this happens on 18 & 19).
>
> Most painful it is.
>
> If anybody can show me a workaround I'd be most grateful.
>
In %pre you can do anything, for example preserving the ssh keys. Using
cobbler https://fedorahosted.org/cobbler/wiki/KickstartSnippets or in
satellite using kickstart profile
https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.3/html/Deployment_Guide/s1-provisioning-templates.html

Best

>
> Cheers, Phil...
>
> --
> currently (ab)using
> Arch Linux, CentOS 5.9 & 6.4, Debian Squeeze & Wheezy, Fedora Beefy,
> Spherical & That Damn Cat, Lubuntu 12.10, OS X Snow Leopard & Tiger, Ubuntu
> Precise, Quantal & Raring
> GnuGPG Key : 
> http://phildobbin.org/**publickey.asc
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.**org/mailman/listinfo/devel
> Fedora Code of Conduct: 
> http://fedoraproject.org/code-**of-conduct
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Expanding the list of "Hardened Packages"

[devzero2000]

Perhaps is not working because most of the new policy are deployed in
enforcing mode and not in permissive ? But permissive not was born
exactly for this ?

Best

2013/4/23, Kevin Kofler :
> Adam Williamson wrote:
>> SELinux keeps having bugs *because* they progressively build out the
>> policies. The coverage of the -targeted policy is now greater than it
>> was a few releases back. If they kept the coverage of the stock policies
>> the same over time there would be almost no new bugs, but instead, they
>> increase the coverage and hence the security it provides progressively
>> with each release. *Some* bugs are associated with files moving or
>> program functionality changing or whatever, but most are just the result
>> of the policies growing: the 'scaling' that you say isn't working.
>
> It isn't working because it's adding hundreds of new policy bugs in every
> new Fedora release. And coverage is still VERY far from 100% of Fedora.
>
> Kevin Kofler
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel

-- 
Inviato dal mio dispositivo mobile
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: XFS and trim

[devzero2000]

Please, no flame.  One thing on this mailing list that i like it is the
near absence of flame. IMHO, one has to accept requests from those who do
not follow the mailing, if appropriate and useful. I think this is the
case. Just an opinion.

Best


On Sun, Mar 31, 2013 at 9:51 AM, Matej Cepl  wrote:

> On 2013-03-31, 01:38 GMT, Steven Haigh wrote:
> > Firstly, Please CC me into replies as I'm not subscribed to this list.
>
> http://linuxmafia.com/~rick/faq/?page=netiquette#privatereply
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: tomcat6 unresponsive maintainer & deprecation

[devzero2000]

On Tue, Mar 12, 2013 at 4:28 PM, Stanislav Ochotnicky <
sochotni...@redhat.com> wrote:

> Quoting Kevin Fenzi (2013-03-12 15:53:56)
> > On Tue, 12 Mar 2013 13:49:22 +0100
> > Stanislav Ochotnicky  wrote:
> >
> > > Tomcat6 package in Fedora is old, has several problematic bugs
> > > (including 4 security) and most importantly there's a replacement:
> > > tomcat-7.x
> > >
> > > I believe it is in our (developers as well as users) best interest to
> > > get rid of it. I have sent similar email to java-devel on February
> > > 26th[1], created another tomcat6 bugreport a week ago[2] but I wasn't
> > > successful in reaching David Knox (primary maintainer).
> > >
> > > Note that we already had a bugreport to migrate packages to
> > > tomcat-7[3] and we almost succeeded, but then new packages started
> > > creeping in with dependency on tomcat6. We need to get rid of it ASAP
> > > or we'll be fighting neverending battle. Even as
> > > comaintainer/provenpackager I cannot deprecate package that I do not
> > > own.
> > >
> > > I consider this point 4 of unresponsive maintainer process[4].
> > > However due to security issues, and package being effectively dead I
> > > wouldn't mind speeding up the process. I might try to bring this up
> > > with FESCO, but process doesn't seem to include any wiggle room there.
> >
> > Feel free to file a fesco ticket and explain whats going on.
> Thanks, filed https://fedorahosted.org/fesco/ticket/1094
>
> I believe the emails/bugzilla provides enough context but I'll also try to
> attend
> the FESCO meeting to answer any questions.
>

I have received this today
http://www.exploitthis.com/2013/03/rhsa-20130623-1-important-tomcat6-security-update.html
.

Dunno if useful.

Best




> --
> Stanislav Ochotnicky 
> Software Engineer - Developer Experience
>
> PGP: 7B087241
> Red Hat Inc.   http://cz.redhat.com
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: formulas-devel list established

[devzero2000]

On Sun, Feb 10, 2013 at 10:33 PM, Kevin Fenzi  wrote:

> On Sun, 10 Feb 2013 22:23:50 +0100
> yersinia  wrote:
>
> > On Sun, Feb 10, 2013 at 9:33 PM, Kevin Fenzi  wrote:
> >
> > > Greetings.
> > >
> > > I've setup a fedorahosted project:
> > > https://fedorahosted.org/formulas/wiki/WikiStart
> > > and mailing list:
> > > http://lists.fedorahosted.org/mailman/listinfo/formulas-devel
> > > to discuss development of the formulas idea mentioned at:
> > >
> > >
> http://lists.fedoraproject.org/pipermail/devel/2013-January/176011.html
> > > and
> > > https://fedoraproject.org/wiki/Fedora_formulas
> > >
> > > If you are interested in helping out with this project or just want
> > > to follow progress, please do join the formulas-devel list.
> > >
> > > I'll be sure and pass back to this list anytime we have useful
> > > progress to report.
> > >
> > So fedora like ansible and not puppet anymore ? Just for info.
>
> I don't know that you could ever say something like the Fedora Project
> "likes" just one thing. It's a diverse community of many many
> people. ;)
>
> It 's true. It 's the beauty of the comunity, many ideas, different ways
of dealing with problems.

> I think ansible is a better fit for this use case, yes.
>
> Puppet is surely still available and ready for other cases.
>
> Use what fits your needs and use case. ;)
>
 Yes, of course. But for many could be  difficult to understand that not
exists one solution best for everyone. It is not so simple.
Thanks for the timely response,

Best
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Rolling release model philosophy (was Re: Anaconda is totally trashing the F18 schedule (was Re: f18: how to install into a LVM partitions (or RAID)))

[devzero2000]

For microsoft perhaps, but Ubuntu, Debian ? Upgrading from a release
to the next is trivial, and in general work well. Sure, probably the
update to the core system component is more light, no Usrmove, no
systemd, or something like this. And preserving, updating the new
configuration based on the previous really is not so simple. But this
problem today is really well solved if you use a good configuration
manager, but this is not applicable for a general end user, i think.

Best and sorry for the top posting.

2012/11/4, Simo Sorce :
> On Sat, 2012-11-03 at 00:36 +0100, Michał Piotrowski wrote:
>> Hi,
>>
>> 2012/11/3 Adam Williamson :
>> > Note
>> > that neither Red Hat nor Microsoft actually support major version
>> > upgrades for their operating systems
>
> Adam, this is plainly untrue for Microsoft, they always supported
> upgrading to the next version.
>
>> Just take a look at this - MS rocks here
>> http://www.youtube.com/watch?v=vPnehDhGa14
>
> However keep in mind, that in MS case the OS, is *a lot* smaller than
> what we have.
> They do not give any guarantee that third party apps will keep working
> although they *do* do their damn best to make sure they don't break most
> important stuff. (By simply not changing interfaces, ABIs, or adding
> compatibility libraries in the system).
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel

-- 
Inviato dal mio dispositivo mobile
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: OBS Fedora

[devzero2000]

Sorry for the top posting.

Just my 1 cent , i follow only fedora.

But the answer could be only: political in first place. But this is
the same for every distro, and this is true, in particular, for every
distro rpm based for some reason. Every major rpm distro have its
buildsystem, its bugtracker, its deepsolver, its rpm macro, its
standard and so on. Difficult that this will change in the near
future, if ever. My very long experience tell me this.
Best regards
(aside)

why don't use lauchpad instead ? Because it use   bazar as dvcs ?
Really ? But no.

2012/7/28, Damian Ivanov :
> Hello all,
>
> Any chance Fedora moves from Koji to OBS?
> Why should they?
>
> OBS has a web interface so one can easily fix packages even from an
> internet cafe/work/windows pc.
> Projects can be developed separately and packages can be easily
> branched and submitted.
> openSUSE is entirely build by OBS.
> Third party are unstable packages maintainers, can develop them at one
> place for different distributions.
> e.g as we do with unity for Fedora
> -PACKAGE_dir
> *source.tar.gz
> *dummy.patch
> *%name-%distro.spec
> *%name-%distro2.spec
> *%name-.dsc
>
> What would stop Fedora from doing this switch?
>
> Regards,
> Damian
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel

-- 
Inviato dal mio dispositivo mobile
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: Samba update

[devzero2000]

On Thu, Apr 12, 2012 at 2:17 PM, Jon Ciesla  wrote:

> On Wed, Apr 11, 2012 at 8:24 PM, Bojan Smojver 
> wrote:
> > Anyone knows what's the holdup with the Samba update (CVE-2012-1182)? No
> > new builds have been done or queued up recently AFAICT...
>
> There's a BZ open, I'll look into getting n update out ASAP.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=811392
>

FYI

https://rhn.redhat.com/errata/RHSA-2012-0465.html


> -J
>
> > --
> > Bojan
> >
> > --
> > devel mailing list
> > devel@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
>
>
>
> --
> in your fear, seek only peace
> in your fear, seek only love
>
> -d. bowie
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: selinux versus chcon

[devzero2000]

Sorry for the top posting. No, chcon is not necessary in your example.
Perhaps the advice message is wrong, or it is something historical.
Hth

2011/9/19, Fulko Hew :
> I've reviewing my buildRPM spec file so that it works in newer distributions
> (currently playing with RHEL 5.6), but my question is applicable to
> Fedora xxx as well.
>
> During the development of my package, I had encountered issues with my
> build and install procedures during the slow migration/acceptance of
> SELinux.
>
> In my %post part of my spec file I had added both chcon commands and
> semanage commands and restorecon commands.  As time goes by I've
> forgotten why I used chcon versus semanage, and why I needed the
> restorecon command at all.  :-(
>
> (Today's issue is setroubleshoot browser is recommending I use a chcon
> command to add httpd_sys_content_t to /var/cache/fontconfig/*)
>
> My spec file currently contains this:
>
> %{_bindir}/chcon -t httpd_sys_script_exec_t
> /var/www/html/nia/scripts/* 2>/dev/null
> semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nia/tmp'
> 2>/dev/null
> restorecon -v '/var/www/html/nia/tmp' 2>/dev/null
>
> >From what I can remember:
> 1/ I added the 'chcon' so that my scripts are executable by apache.
> 2/ I used semanage to make my temp directory writable by my scripts
> 3/ I needed the 'restorecon' to 'make the semanage stuff 'sticky'.
>
> >From what I've been able to read:
>
> chcon affects the filesystem, whereas
> semanage affects 'policy' and
> restorecon  is used to 're-affect the filesystem according to policy'
> (set by semanage (and others)).
>
> Is this a valid interpretation?
>
> If so... why use chcon versus the semanage/restorecon technique?
> or if my assesement is wrong... can someone point me to a better
> explanation/tutorial?
>
> TIA
> Fulko
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>

-- 
Inviato dal mio dispositivo mobile
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: popularity package context on fedora

[devzero2000]

2010/5/4 Björn Persson 

> Thomas Janssen wrote:
> > Well, i wouldn't call a software that counts serverside downloads of
> > FOSS software and gives based on that downloads/installations, a
> > popularity suggestion in packagekit, spyware.
> > There's nothing at all that gets sent out of your box.
> >
> > Remind, i'm not speaking of exactly popcon. I spoke about something in
> > the server, just counting the download/installation (not even unique
> > installations via some hash or whatever) and a packagekit extension
> > that shows the count or something like stars or whatever.
> >
> > So, it has to be on by default.
>
> I'm sorry if I misunderstood you, but if you talked about download
> statistics
> then that was far from obvious. I got the impression that you talked about
> the
> same thing as "yersinia", and "yersinia" talked about Popcon.
>
No. I have only post the question whether this feature, right or wrong as it
can be, could be interesting in Fedora, as other distro have done elsewhere.
Just to to hold a discussion, if there was interest in the functionality. I
think it is better to open a debate  about a feature before seeing what is
the best implementation for it, if exists at all or it is better to develop
it from scratch.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: RPM packaging workshop example

[devzero2000]

On Wed, Apr 7, 2010 at 2:07 PM, Ralf Corsepius  wrote:
> There is a small bug in the example:

Corrected.

Thanks
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel