Re: RFC: OpenScanHub Prototype for Fedora

2024-01-13 Thread Siteshwar Vashisht 
On Tue, Dec 12, 2023 at 4:30 PM Siteshwar Vashisht 
wrote:

> Hello,
>
> I am writing this email to get feedback from the members of the Fedora
> development community about OpenScanHub for Fedora.
>
> # tl;dr
>
> OpenScanHub does static and dynamic analysis of rpm packages and it may be
> helpful in the Fedora community. Please take a look at our staging proof of
> concept[4] and provide feedback. The proof of concept is in its early
> stages so there may be some bugs here or there! If the feedback is positive
> we may roll this out in official infrastructure and integrate with Fedora
> CI and Packit.
>
> # What
>
> OpenScanHub is a service for static and dynamic analysis. It has been in
> development inside Red Hat[1] for more than 12 years and was open sourced
> on GitHub[2] earlier this year. You can read a brief explanation of this
> service on my blog[3]. We would like to deploy this service on the Fedora
> infrastructure and start scanning packages shipped in the Fedora project
> through it.
>
> # Why
>
> I am sharing a prototype[4] of this service to get feedback from the
> community. This prototype is running on the staging instance of the Fedora
> infrastructure, so you would have to login[5] to the staging instance
> before submitting any scan. If you have never logged into that account, it
> may require you to do a password reset.
>
I have received a couple of comments[1][2] from contributors inside and
outside Red Hat. There were several scans submitted by community members
that can be seen on the tasks[3] page. I may bring this prototype down at
some point next week. So if anyone interested in this idea missed this
email earlier, please try it before I bring the prototype down. Thank you!


> Once you are logged into the staging instance, you can login through the
> `krb5login` button[6] on the top right corner of the homepage and submit a
> scan through this form[7].
>
> There are 3 different types of scans supported by OpenScanHub:
>
>-
>
>MockBuild performs a full scan of the package including downstream
>patches. Example[8] mockbuild for `openssl-3.1.1-4.fc39`.
>-
>
>DiffBuild performs a differential scan on the downstream patches. So
>you can find only the defects that are introduced by the downstream
>patches. Example[9] diffbuild for `openssl-3.1.1-4.fc39`. This option would
>not work if the package fails to compile without patches.
>-
>
>VersionDiffBuild performs a differential scan between 2 different
>versions of the package, and you can see defects introduced by the “newer”
>version of the package. Example[10] differential build between
>`openssl-3.1.1-4.fc39` and `openssl-3.0.9-2.fc38`.
>
> All the submitted scans can be seen on the tasks[11] page.
>
> This prototype is running on very limited resources, so please do not
> submit scan for any resource consuming package. Not all defects reported by
> OpenScanHub may be actual bugs, so please avoid fixing reported defects
> without careful examination. If we receive positive feedback on this
> prototype, there may be a possibility of integrating this service with the
> Fedora CI and Packit projects.
>
> This is a very early stage prototype and may behave inconsistently. Please
> keep the discussion in this thread constructive. Thank you!
>
> [1] https://kdudka.fedorapeople.org/muni23.pdf
>
> [2] https://github.com/openscanhub/openscanhub
>
> [3] https://situ.im/posts/openscanhub
>
> [4] https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/
>
> [5] https://accounts.stg.fedoraproject.org
>
> [6]
> https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/auth/krb5login/
> 
>
> [7] https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/scan/new/
>
> [8]
> https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/task/6/log/openssl-3.1.1-4.fc39/scan-results.html
>
> [9]
> https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/task/9/log/openssl-3.1.1-4.fc39/scan-results.html
>
> [10]
> https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/task/7/log/added.html
> [11] https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/task/
>

[1] https://github.com/openscanhub/openscanhub/issues/211

[2] https://github.com/openscanhub/openscanhub/issues/214

[3] https://staging-openscanhub.apps.ocp.stg.fedoraproject.org/task/
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: F40 Change Proposal: Optimized Binaries for the AMD64 Architecture (System-Wide)

2024-01-13 Thread Jens-Ulrik Petersen 
We don't generally use/talk about amd64 in Fedora, so I was a bit thrown by
the naming of this Change.
I don't want to start a skirmish about amd64 vs x86_64, but iiuc this
Change is not AMD specific
so by now I personally feel x86-64 actually kinda sounds more neutral in
this sense
(I am aware that deb based distros favor "amd64" and some may consider it
more "PC").
Perhaps you could consider changing the naming in the title?

Further the text already talks a lot about x86-64-v{1,2,3,4}...
Jens
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Removing deprecated %patch syntax from go-sig's packages

2024-01-13 Thread Richard Fearn 
rpmlint 2.4.0 (in Fedora 39) does not currently support the "%patch
-P1 -p1" syntax [1], and incorrectly reports that patches aren't
applied. 2.5.0 has a fix for this [2]. There's a 2.5.0 update for F39
currently in testing [3].

[1] 
https://github.com/rpm-software-management/rpmlint/issues/461#issuecomment-1500993133
[2] 
https://github.com/rpm-software-management/rpmlint/commit/3631d5f12bf0c26f036e9cfd1bd289c109a09d79
[3] https://bodhi.fedoraproject.org/updates/FEDORA-2024-181fd77b29

Regards,

Richard

On Tue, 9 Jan 2024 at 17:31, Maxwell G  wrote:
>
> Hi everyone,
>
> RPM has deprecated the `%patchN` syntax in favor of `%patch -PN` where
> `N` is the patch number. See the RPM documentation for more information
> [1]. In current RPM versions, this syntax only emits a deprecation
> warning, but support for this syntax has been removed completely on the
> rpm master branch [2]. Around 100 packages maintained by the go-sig
> still use this syntax.
>
> Later this week/early next week, I will run this script [3] over the
> affected go-sig packages [4] to update them to the modern patch syntax.
> For example, the script will change:
>
> %patch0 -p1 -> %patch -P0 -p1
> %patch0005 -p2 -> %patch -P0005 -p2
>
> If anyone has any objections or would like to exclude a package, please
> let me know.
>
> ---Maxwell
>
> [1] https://rpm-software-management.github.io/rpm/manual/spec.html#patch-1
> [2] 
> https://github.com/rpm-software-management/rpm/commit/afd352481bacea521ce5ba01e989866478278532
> [3] 
> https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/new_patch_syntax.sh
> [4] 
> https://git.sr.ht/~gotmax23/fedora-scripts/tree/main/item/go-sig/new_patch_syntax/packages
>
> --
> Maxwell G (@gotmax23)
> Pronouns: He/They
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue



-- 
Richard Fearn
richardfe...@gmail.com
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Request for Review for Two New Packages

2024-01-13 Thread Carlos Rodriguez Fernandez 
Hi All,

I posted two new packages for review. Feedback is highly appreciated :)

mk-configure
https://bugzilla.redhat.com/show_bug.cgi?id=2257985

libmaa
https://bugzilla.redhat.com/show_bug.cgi?id=2257986


Some context:

I took the orphan package dictd. Dictd depends on libmaa. The dictd spec
was pulling libmaa source and building it, and linking to it statically.
Libmaa is not available as a package in Fedora.

I am separating them and making libmaa available as a dynamic library and
its own package.

libmaa builds with mk-configure. The new dictd being developed builds with
mk-configure as well. For that reason, I went ahead and created also that
new mk-configure package.

Both packages are necessary to update dictd going forward.

Thank you,
Carlos R F.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: dnsmasq default configuration changed

2024-01-13 Thread Kevin Kofler via devel 
Petr Menšík wrote:
> That might create a regression in special case. If you are running by
> default systemd-resolved, it listens already on domain port on address
> 127.0.0.53 address. But if bind-interfaces or bind-dynamic is not used
> explicitly, dnsmasq will try to listen on wildcard address 0.0.0.0 and
> just filter incoming requests, accepting only those arriving on
> interface eth0. But if any service already listens on port domain, it
> will fail to listen on it and fail to start.

But we run systemd-resolved by default these days, don't we? So making 
dnsmasq attempt by default to serve the same requests does not sound like a 
good idea to me.

On a server I administer for work, I have dnsmasq serving the DNS for an 
ocserv (OpenConnect) VPN, listening only on the VPN interface. Any request 
for a host not within the VPN network (coming in from clients with no or 
broken split DNS support, e.g., old GNU/Linux distros without systemd-
resolved, or Windows, where the OpenConnect client is still unable to set up 
split DNS) is forwarded to systemd-resolved, which in turn forwards it to 
the upstream DNS from the datacenter. Relying instead on the filtering would 
not have worked exactly for the reason you describe above. But that server 
is not running Fedora anyway.

Kevin Kofler
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Fedora rawhide compose report: 20240113.n.0 changes

2024-01-13 Thread Fedora Rawhide Report 
OLD: Fedora-Rawhide-20240112.n.0
NEW: Fedora-Rawhide-20240113.n.0

= SUMMARY =
Added images:2
Dropped images:  3
Added packages:  28
Dropped packages:0
Upgraded packages:   87
Downgraded packages: 0

Size of added packages:  185.92 MiB
Size of dropped packages:0 B
Size of upgraded packages:   2.67 GiB
Size of downgraded packages: 0 B

Size change of upgraded packages:   2.04 MiB
Size change of downgraded packages: 0 B

= ADDED IMAGES =
Image: Kinoite dvd-ostree x86_64
Path: Kinoite/x86_64/iso/Fedora-Kinoite-ostree-x86_64-Rawhide-20240113.n.0.iso
Image: Sericea dvd-ostree x86_64
Path: Sericea/x86_64/iso/Fedora-Sericea-ostree-x86_64-Rawhide-20240113.n.0.iso

= DROPPED IMAGES =
Image: Workstation live ppc64le
Path: 
Workstation/ppc64le/iso/Fedora-Workstation-Live-ppc64le-Rawhide-20240112.n.0.iso
Image: Cloud_Base raw-xz ppc64le
Path: Cloud/ppc64le/images/Fedora-Cloud-Base-Rawhide-20240112.n.0.ppc64le.raw.xz
Image: Cloud_Base qcow2 ppc64le
Path: Cloud/ppc64le/images/Fedora-Cloud-Base-Rawhide-20240112.n.0.ppc64le.qcow2

= ADDED PACKAGES =
Package: clang13-13.0.1-4.fc40
Summary: A C language family front-end for LLVM
RPMs:clang13-devel clang13-libs clang13-resource-filesystem
Size:127.04 MiB

Package: ghc-crypto-cipher-types-0.0.9-46.fc40
Summary: Generic cryptography cipher types
RPMs:ghc-crypto-cipher-types ghc-crypto-cipher-types-devel 
ghc-crypto-cipher-types-doc ghc-crypto-cipher-types-prof
Size:1.01 MiB

Package: golang-github-tj-assert-0.0.3-6.fc40
Summary: Testify/assert but as testify/require
RPMs:golang-github-tj-assert-devel
Size:17.75 KiB

Package: golang-github-tj-spin-1.1.0-6.fc40
Summary: Terminal spinner package for Golang
RPMs:golang-github-tj-spin-devel
Size:10.23 KiB

Package: lld13-13.0.1-4.fc40
Summary: The LLVM Linker
RPMs:lld13-devel lld13-libs
Size:8.66 MiB

Package: mrsw-biz-udgothic-fonts-1.051-2.fc40
Summary: Morisawa BIZ UD Gothic fonts, Japanese non-proportional sans-serif 
typeface
RPMs:mrsw-biz-udgothic-fonts mrsw-biz-udgothic-fonts-all 
mrsw-biz-udpgothic-fonts
Size:9.51 MiB

Package: mrsw-biz-udmincho-fonts-1.06-2.fc40
Summary: Morisawa BIZ UD Mincho fonts, Japanese non-proportional serif typeface
RPMs:mrsw-biz-udmincho-fonts mrsw-biz-udmincho-fonts-all 
mrsw-biz-udpmincho-fonts
Size:14.29 MiB

Package: python-bioframe-0.6.1-2.fc40
Summary: Operations and utilities for Genomic Interval Dataframes
RPMs:python3-bioframe
Size:193.90 KiB

Package: python-colorthief-0.2.1-1.fc40
Summary: Grabs the dominant color or a representative color palette from an 
image
RPMs:python3-colorthief
Size:21.23 KiB

Package: rust-human-date-parser-0.1.1-1.fc40
Summary: Parses strings that express dates in a human way into ones usable by 
code
RPMs:rust-human-date-parser+default-devel rust-human-date-parser-devel
Size:22.80 KiB

Package: rust-io-extras-0.18.1-3.fc40
Summary: File/socket handle/descriptor utilities
RPMs:rust-io-extras+async-std-devel rust-io-extras+default-devel 
rust-io-extras+mio-devel rust-io-extras+os_pipe-devel 
rust-io-extras+socket2-devel rust-io-extras+tokio-devel 
rust-io-extras+use_async_std-devel rust-io-extras+use_mio_net-devel 
rust-io-extras+use_mio_os_ext-devel rust-io-extras+use_os_pipe-devel 
rust-io-extras+use_socket2-devel rust-io-extras+use_tokio-devel 
rust-io-extras-devel
Size:131.12 KiB

Package: rust-libdeflate-sys-1.19.0-1.fc40
Summary: Bindings to libdeflate for DEFLATE
RPMs:rust-libdeflate-sys+default-devel 
rust-libdeflate-sys+freestanding-devel rust-libdeflate-sys-devel
Size:29.40 KiB

Package: rust-libdeflater-1.19.0-2.fc40
Summary: Bindings to libdeflate for DEFLATE
RPMs:rust-libdeflater+default-devel rust-libdeflater+freestanding-devel 
rust-libdeflater+use_rust_alloc-devel rust-libdeflater-devel
Size:49.31 KiB

Package: rust-parse_datetime-0.5.0-1.fc40
Summary: Parsing human-readable time strings and converting them to a DateTime
RPMs:rust-parse_datetime+default-devel rust-parse_datetime-devel
Size:23.28 KiB

Package: rust-proc-macro-crate1-1.3.1-1.fc40
Summary: Replacement for crate (macro_rules keyword) in proc-macros
RPMs:rust-proc-macro-crate1+default-devel rust-proc-macro-crate1-devel
Size:24.53 KiB

Package: rust-uu_csplit-0.0.23-1.fc40
Summary: Csplit ~ (uutils) Output pieces of FILE separated by PATTERN(s)
RPMs:rust-uu_csplit+default-devel rust-uu_csplit-devel uu_csplit
Size:3.29 MiB

Package: rust-uu_cut-0.0.23-1.fc40
Summary: cut ~ (uutils) display byte/field columns of input lines
RPMs:rust-uu_cut+default-devel rust-uu_cut-devel uu_cut
Size:1.61 MiB

Package: rust-uu_dd-0.0.23-1.fc40
Summary: dd ~ (uutils) copy and convert files
RPMs:rust-uu_dd+default-devel rust-uu_dd-devel uu_dd
Size:1.97 MiB

Package: rust-uu_dirname-0.0.23-1.fc40
Summary: Dirname ~ (uutils) display parent directory of PATHNAME
RPMs:rust-uu_dirname+default-devel rust