Security issue: Can't build mediawiki - F7 thinks it's F8
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250819#c1 mediawiki resists my attempts to build it in various ways. The current one is that building (or trying to build) under F7 automatically elevates the package to mediawiki-1.9.3-34.fc8, e.g. an F8 package. What is wrong? -- Axel.Thimm at ATrpms.net pgp9sJL9LR5Ce.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, Aug 06, 2007 at 08:06:20AM -0400, Jesse Keating wrote: On Mon, 6 Aug 2007 08:03:29 -0400 Jesse Keating [EMAIL PROTECTED] wrote: This task is the one you're probably concerned with: http://koji.fedoraproject.org/koji/getfile?taskID=89866name=srpm.log I'm not entirely certain how that produced a .fc8 srpm at the end of it, looking into it. Bingo. mediawiki-1_9_3-34_fc7:devel:athimm:1172147229 You previously tagged this source as 1.9.3-34 when on the devel/ branch, presumably before the branching happened for F-7. Since the CVS tag you asked for lives ^ Typo? in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. Hm, this sounds more like a bug that should be fixed in koji. Wouldn't that apply to any kind of branching CVS, e.g. koji inherits bad tags to branches? This bug only surfaces if the tagsing and building is intermitted by the branch, but consider adding new archs to Fedora, it will hit all packages (as the build for the new arch will be after the branching, unless new archs are limited to devel). -- Axel.Thimm at ATrpms.net pgpqWoPjLlth3.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 6 Aug 2007 14:18:36 +0200 Axel Thimm [EMAIL PROTECTED] wrote: Typo? Not exactly. Expression mismatch. The tag was /applied/ on the devel/ branch, so when cvs is asked for that tag, it tries to pull it from devel/ and bad things happen. in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. Hm, this sounds more like a bug that should be fixed in koji. Wouldn't that apply to any kind of branching CVS, e.g. koji inherits bad tags to branches? This bug only surfaces if the tagsing and building is intermitted by the branch, but consider adding new archs to Fedora, it will hit all packages (as the build for the new arch will be after the branching, unless new archs are limited to devel). I'm not entirely sure how this is going to be handled. It probably does need looking into, something deep in the cvs branching scripts we use. My cvs-fu isn't nearly that strong :( -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 6 Aug 2007 08:03:29 -0400 Jesse Keating [EMAIL PROTECTED] wrote: This task is the one you're probably concerned with: http://koji.fedoraproject.org/koji/getfile?taskID=89866name=srpm.log I'm not entirely certain how that produced a .fc8 srpm at the end of it, looking into it. Bingo. mediawiki-1_9_3-34_fc7:devel:athimm:1172147229 You previously tagged this source as 1.9.3-34 when on the devel/ branch, presumably before the branching happened for F-7. Since the CVS tag you asked for lives in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, Aug 06, 2007 at 08:25:20AM -0400, Jesse Keating wrote: On Mon, 6 Aug 2007 14:18:36 +0200 Axel Thimm [EMAIL PROTECTED] wrote: You previously tagged this source as 1.9.3-34 when on the devel/ branch, presumably before the branching happened for F-7. Since the CVS tag you asked for lives ^ Typo? Not exactly. Expression mismatch. The tag was /applied/ on the devel/ branch, so when cvs is asked for that tag, it tries to pull it from devel/ and bad things happen. I was referring to lives in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. Hm, this sounds more like a bug that should be fixed in koji. Wouldn't that apply to any kind of branching CVS, e.g. koji inherits bad tags to branches? This bug only surfaces if the tagsing and building is intermitted by the branch, but consider adding new archs to Fedora, it will hit all packages (as the build for the new arch will be after the branching, unless new archs are limited to devel). I'm not entirely sure how this is going to be handled. It probably does need looking into, something deep in the cvs branching scripts we use. My cvs-fu isn't nearly that strong :( OK, so for now bump-and-go and worry about mass issues only once they arrive? -- Axel.Thimm at ATrpms.net pgpHoZsGHUsH7.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 6 Aug 2007 14:35:33 +0200 Axel Thimm [EMAIL PROTECTED] wrote: CVS tag you asked for lives ^ Typo? Not exactly. Expression mismatch. The tag was /applied/ on the devel/ branch, so when cvs is asked for that tag, it tries to pull it from devel/ and bad things happen. I was referring to lives I know. I used the term 'lives' to indicate that the reference to that tag exists on the devel/ branch, IE it lives there, that's it's home. in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. Hm, this sounds more like a bug that should be fixed in koji. Wouldn't that apply to any kind of branching CVS, e.g. koji inherits bad tags to branches? This bug only surfaces if the tagsing and building is intermitted by the branch, but consider adding new archs to Fedora, it will hit all packages (as the build for the new arch will be after the branching, unless new archs are limited to devel). I'm not entirely sure how this is going to be handled. It probably does need looking into, something deep in the cvs branching scripts we use. My cvs-fu isn't nearly that strong :( OK, so for now bump-and-go and worry about mass issues only once they arrive? Feel free to examine the branching tools and cvs layout to try to make it better. I'm just saying that I can't right now. -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, Aug 06, 2007 at 08:37:45AM -0400, Jesse Keating wrote: On Mon, 6 Aug 2007 14:35:33 +0200 Axel Thimm [EMAIL PROTECTED] wrote: CVS tag you asked for lives ^ Typo? Not exactly. Expression mismatch. The tag was /applied/ on the devel/ branch, so when cvs is asked for that tag, it tries to pull it from devel/ and bad things happen. I was referring to lives I know. I used the term 'lives' to indicate that the reference to that tag exists on the devel/ branch, IE it lives there, that's it's home. OK, sorry, my bad reading - I thought you referred to http://lives.sourceforge.net/ OK, so for now bump-and-go and worry about mass issues only once they arrive? Feel free to examine the branching tools and cvs layout to try to make it better. I'm just saying that I can't right now. Examine branching tools under CVS? I closed with CVS half a decade ago after it tortured me for quite longer than a decade ;) (me is eagerly watching the discussion about koji/svn hoping there will be an scm-abstraction in koji soon to allow for hg/git) -- Axel.Thimm at ATrpms.net pgpiO58Hxwbq3.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 2007-08-06 at 15:00 +0200, Axel Thimm wrote: On Mon, Aug 06, 2007 at 07:51:00AM -0500, Dennis Gilmore wrote: Once upon a time Monday 06 August 2007, Jesse Keating wrote: On Mon, 6 Aug 2007 14:18:36 +0200 Axel Thimm [EMAIL PROTECTED] wrote: Typo? Not exactly. Expression mismatch. The tag was /applied/ on the devel/ branch, so when cvs is asked for that tag, it tries to pull it from devel/ and bad things happen. in devel, koji gets a little confused when making the srpm for you. You'll most likely need to bump/tag on F-7 then you can build and it will get the proper .fc7 tag to it. Hm, this sounds more like a bug that should be fixed in koji. Wouldn't that apply to any kind of branching CVS, e.g. koji inherits bad tags to branches? This bug only surfaces if the tagsing and building is intermitted by the branch, but consider adding new archs to Fedora, it will hit all packages (as the build for the new arch will be after the branching, unless new archs are limited to devel). I'm not entirely sure how this is going to be handled. It probably does need looking into, something deep in the cvs branching scripts we use. My cvs-fu isn't nearly that strong :( probably need to call make tag after creating the branch. The problem was that make tag has been created before the branch, but the make build afterwards. It is also not possible to rerun make tag. The problem here is actually that the tag created on devel/ didn't include a branch file (that file doesn't get created until the branch-creation scripts are run). In the absence of a branch file, Makefile.common assumes you're on devel/ and expands the %dist tag to the values defined for devel in common/branches (currently .fc8). Basically, tagging before the branch point and building after it is not supported. After the branch point, any builds need to bump the revision and run make tag before they can build. -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 6 Aug 2007 16:49:13 +0200 Axel Thimm [EMAIL PROTECTED] wrote: OK, we got that far, but how will you support a new arch in the tree? Usually we rebuild the package to pick up the arch. In the secondary arch world it might not be a bad thing to have them start at devel and do all the work necessary there to target the next release as the first release that supports $arch. There will be lots of changes needed to packages to build for a new arch anyway and those changes might not be wanted on a released branch. -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, Aug 06, 2007 at 10:54:53AM -0400, Jesse Keating wrote: On Mon, 6 Aug 2007 16:49:13 +0200 Axel Thimm [EMAIL PROTECTED] wrote: OK, we got that far, but how will you support a new arch in the tree? Usually we rebuild the package to pick up the arch. Which is something one can only do in a devel cycle, e.g. with the current setup there will never be new archs for released Fedora cuts. It's just something to think about whether this is wanted at all - with the current Fedora release cycles it doesn't hurt to add a new arch to devel only. But if koji is used for RHEL or other longer-cycle products not being able to add an arch for a released product (or having to rebuild everything for all other arches as well due to artificial release bumps) could become an issue. -- Axel.Thimm at ATrpms.net pgpUK7tmQyE2U.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, 6 Aug 2007 17:06:25 +0200 Axel Thimm [EMAIL PROTECTED] wrote: It's just something to think about whether this is wanted at all - with the current Fedora release cycles it doesn't hurt to add a new arch to devel only. But if koji is used for RHEL or other longer-cycle products not being able to add an arch for a released product (or having to rebuild everything for all other arches as well due to artificial release bumps) could become an issue. In RHEL at least we'd want to rebuild the package anyway. You can't come along 4 months or 2 years later to request that another arch be done of that build, unless you can generate a repodata set that matched the original repodata set and all the original used packages to build your package 4 months or 2 years ago. Buildroot content changes over time and you don't want 3 of your arches using one set of build tools and your new arch using potentially vastly different ones. -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: Security issue: Can't build mediawiki - F7 thinks it's F8
On Mon, Aug 06, 2007 at 11:22:02AM -0400, Jesse Keating wrote: On Mon, 6 Aug 2007 17:06:25 +0200 Axel Thimm [EMAIL PROTECTED] wrote: It's just something to think about whether this is wanted at all - with the current Fedora release cycles it doesn't hurt to add a new arch to devel only. But if koji is used for RHEL or other longer-cycle products not being able to add an arch for a released product (or having to rebuild everything for all other arches as well due to artificial release bumps) could become an issue. In RHEL at least we'd want to rebuild the package anyway. You can't come along 4 months or 2 years later to request that another arch be done of that build, unless you can generate a repodata set that matched the original repodata set and all the original used packages to build your package 4 months or 2 years ago. Buildroot content changes over time and you don't want 3 of your arches using one set of build tools and your new arch using potentially vastly different ones. RHEL is quite different and already equipped to do builds in fixed environments like for customer requested RHEL X update Y states. Furthermore RHEL is not update happy, certainly not in comparison to Fedora, so 4 months or 2 years usually still means the same API/ABI (short of the kernel, of course). But I was told in the interim that the pain of the past of adding archs to released RHELs hardened the RHEL engineering teem enough to fence off any such future requests. ;) -- Axel.Thimm at ATrpms.net pgp6hhYSGXKQF.pgp Description: PGP signature -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
