Re: convert everything to rpmautospec?

2024-04-10 Thread Vít Ondruch 


Dne 09. 04. 24 v 19:06 Zbigniew Jędrzejewski-Szmek napsal(a):

On Tue, Apr 09, 2024 at 12:57:33PM -0400, Neal Gompa wrote:

On Tue, Apr 9, 2024 at 12:56 PM Zbigniew Jędrzejewski-Szmek
 wrote:

On Tue, Apr 09, 2024 at 09:41:01AM +0200, Vít Ondruch wrote:

Dne 08. 04. 24 v 10:43 Zbigniew Jędrzejewski-Szmek napsal(a):

And we already have a significant fraction of packages using rpmautospec,


Actually, could you quantify the "significant fraction"?

7399 / 23912 = 31%.

How much of it is non-Rust and non-Go?

3720 / 19454 = 19% when '^(rust|golang)-.*\.spec' is filtered out
(which matches most but not all rust packages).



Thx for the numbers. While it is not insignificant number, it is also 
far from majority. Based on this, I don't think it is the right time yet.


BTW last time I tried rpmautospec, I quickly reverted back. Not that I 
dislike the idea, but I have immediately hit some issues (don't remember 
the details, sorry). This reminds me that maybe I should give it another 
try and than you for opening the discussion (and reminding me :) ).



Vít



Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_signature.asc
Description: OpenPGP digital signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: convert everything to rpmautospec?

2024-04-10 Thread Michael J Gruber 
Remi Collet venit, vidit, dixit 2024-04-09 10:23:57:
> Le 08/04/2024 à 18:43, Michael J Gruber a écrit :
> 
> > How absurd!
> 
> That is rude, and ONLY your PoV.
> 
> 
> To summarize, there is no agreement on a unique
> workflow, and having one to become the only allowed
> seems to me as a terrible idea.

I would be grateful I you didn't cut the context which explains my
statement (and invalidates your judgement).

Michael
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Fedora rawhide compose report: 20240410.n.0 changes

2024-04-10 Thread Fedora Rawhide Report 
OLD: Fedora-Rawhide-20240409.n.0
NEW: Fedora-Rawhide-20240410.n.0

= SUMMARY =
Added images:1
Dropped images:  1
Added packages:  5
Dropped packages:0
Upgraded packages:   84
Downgraded packages: 0

Size of added packages:  7.31 MiB
Size of dropped packages:0 B
Size of upgraded packages:   1.44 GiB
Size of downgraded packages: 0 B

Size change of upgraded packages:   20.17 MiB
Size change of downgraded packages: 0 B

= ADDED IMAGES =
Image: i3 live aarch64
Path: Spins/aarch64/iso/Fedora-i3-Live-aarch64-Rawhide-20240410.n.0.iso

= DROPPED IMAGES =
Image: Cloud_Base_UKI qcow2 aarch64
Path: 
Cloud/aarch64/images/Fedora-Cloud-Base-UEFI-UKI.aarch64-Rawhide-20240409.n.0.qcow2

= ADDED PACKAGES =
Package: postgresql16-pgvector-0.6.2-1.fc41
Summary: Open-source vector similarity search for Postgres
RPMs:pgvector
Size:323.91 KiB

Package: rust-hashlink0.8-0.8.4-1.fc41
Summary: HashMap-like containers that hold their key-value pairs in a user 
controllable order
RPMs:rust-hashlink0.8+default-devel rust-hashlink0.8+serde-devel 
rust-hashlink0.8+serde_impl-devel rust-hashlink0.8-devel
Size:53.98 KiB

Package: rust-libsqlite3-sys0.25-0.25.2-1.fc41
Summary: Native bindings to the libsqlite3 library
RPMs:rust-libsqlite3-sys0.25+buildtime_bindgen-devel 
rust-libsqlite3-sys0.25+default-devel 
rust-libsqlite3-sys0.25+min_sqlite_version_3_6_23-devel 
rust-libsqlite3-sys0.25+min_sqlite_version_3_6_8-devel 
rust-libsqlite3-sys0.25+min_sqlite_version_3_7_16-devel 
rust-libsqlite3-sys0.25+min_sqlite_version_3_7_7-devel 
rust-libsqlite3-sys0.25+preupdate_hook-devel 
rust-libsqlite3-sys0.25+session-devel rust-libsqlite3-sys0.25+sqlcipher-devel 
rust-libsqlite3-sys0.25+unlock_notify-devel 
rust-libsqlite3-sys0.25+with-asan-devel rust-libsqlite3-sys0.25-devel
Size:101.21 KiB

Package: rust-rusqlite0.28-0.28.0-1.fc41
Summary: Ergonomic wrapper for SQLite
RPMs:rust-rusqlite0.28+array-devel rust-rusqlite0.28+backup-devel 
rust-rusqlite0.28+blob-devel rust-rusqlite0.28+buildtime_bindgen-devel 
rust-rusqlite0.28+chrono-devel rust-rusqlite0.28+collation-devel 
rust-rusqlite0.28+column_decltype-devel rust-rusqlite0.28+csv-devel 
rust-rusqlite0.28+csvtab-devel rust-rusqlite0.28+default-devel 
rust-rusqlite0.28+extra_check-devel rust-rusqlite0.28+functions-devel 
rust-rusqlite0.28+hooks-devel rust-rusqlite0.28+i128_blob-devel 
rust-rusqlite0.28+lazy_static-devel rust-rusqlite0.28+limits-devel 
rust-rusqlite0.28+load_extension-devel rust-rusqlite0.28+modern-full-devel 
rust-rusqlite0.28+modern_sqlite-devel rust-rusqlite0.28+release_memory-devel 
rust-rusqlite0.28+serde_json-devel rust-rusqlite0.28+series-devel 
rust-rusqlite0.28+session-devel rust-rusqlite0.28+sqlcipher-devel 
rust-rusqlite0.28+time-devel rust-rusqlite0.28+trace-devel 
rust-rusqlite0.28+unlock_notify-devel rust-rusqlite0.28+url-devel 
rust-rusqlite0.28+uuid-devel rust-rusqlite0.28+vtab-devel 
rust-rusqlite0.28+window-devel rust-rusqlite0.28+with-asan-devel 
rust-rusqlite0.28-devel
Size:365.30 KiB

Package: valkey-7.2.4~rc1-1.fc41
Summary: A persistent key-value database
RPMs:valkey valkey-devel
Size:6.48 MiB


= DROPPED PACKAGES =

= UPGRADED PACKAGES =
Package:  NiaAML-GUI-0.2.1-1.fc41
Old package:  NiaAML-GUI-0.1.13-8.fc40
Summary:  GUI for NiaAML Python package
RPMs: NiaAML-GUI
Size: 89.79 KiB
Size change:  98 B
Changelog:
  * Tue Apr 09 2024 Benjamin A. Beasley  - 0.2.1-1
  - Update to 0.2.1 (close RHBZ#2250208)


Package:  abseil-cpp-20240116.2-1.fc41
Old package:  abseil-cpp-20240116.0-1.fc40
Summary:  C++ Common Libraries
RPMs: abseil-cpp abseil-cpp-devel abseil-cpp-testing
Size: 8.34 MiB
Size change:  -14.67 KiB
Changelog:
  * Tue Apr 09 2024 Benjamin A. Beasley  - 20240116.2-1
  - Update to 20240116.2 (close RHBZ#2274172)


Package:  anaconda-41.9-1.fc41
Old package:  anaconda-41.7-2.fc41
Summary:  Graphical system installer
RPMs: anaconda anaconda-core anaconda-dracut anaconda-gui 
anaconda-install-env-deps anaconda-install-img-deps anaconda-live anaconda-tui 
anaconda-widgets anaconda-widgets-devel
Size: 17.50 MiB
Size change:  -137.39 KiB
Changelog:
  * Tue Apr 09 2024 Packit  - 41.9-1
  - Update translations from Weblate for master (github-actions)


Package:  blueman-1:2.4.1-1.fc41
Old package:  blueman-1:2.4-2.fc41
Summary:  GTK+ Bluetooth Manager
RPMs: blueman blueman-caja blueman-nautilus blueman-nemo
Size: 5.97 MiB
Size change:  35.07 KiB
Changelog:
  * Tue Apr 09 2024 Artur Frenszek-Iwicki  - 1:2.4.1-1
  - Update to v2.4.1


Package:  bodhi-client-8.1.0-1.fc41
Old package:  bodhi-client-8.0.0-3.fc40
Summary:  Bodhi client
RPMs: bodhi-client
Size: 89.80 KiB
Size change:  -137 B
Changelog:
  * Tue Apr 09 2024 Mattia Verga  - 8.1.0-1
  - Update to 8.1.0


Package:  bodhi-messages-8.1.0-1.fc41
Old package:  bodhi-messages

Re: convert everything to rpmautospec?

2024-04-10 Thread Gerd Hoffmann 
On Tue, Apr 09, 2024 at 05:02:00PM +, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Apr 09, 2024 at 03:38:07PM +0200, Gerd Hoffmann wrote:
> > > In particular:
> > > - local builds work, I do them all the time, with 'fedpkg local' or
> > >   through an srpm.
> > 
> > Using rpmbuild directly needs some adaption though:
> > 
> >  (1) Use 'rpmautospec calculate-release' to figure what the release
> >  number is.
> >  (2) Pass that to rpmbuild using --define "_rpmautospec_release_number $nr".
> 
> I don't use rpmbuild directly very often, but:
>   fedpgk srpm
>   fedpkg local
> work fine both when there are uncommitted modifications and when not.
> I actually use "fedpkg srpm && mock $options $(ls -1tr *.src.rpm|tail -n1)"
> all the time, and that also works with and without uncommitted modifications.
> 
> What goes wrong if _rpmautospec_release_number is not difined?

I've hacked my build script to always set it ...

if grep -q autorelease "$SRCDIR/$specfile"; then
autorelease="$(rpmautospec calculate-release)"
autorelease="${autorelease##* }"
echo "autorelease is $autorelease ..."
else
autorelease="99"
fi
rpmbuild \
--define "_rpmautospec_release_number $autorelease" \
$more_args 

... because something broke, but I don't remember what exactly it was.
Maybe just that the numbering differed from koji/copr builds.

take care,
  Gerd
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Test-Announce] Fedora 40 Candidate RC-1.12 Available Now!

2024-04-10 Thread rawhide 
According to [the schedule][1], Fedora 40 Candidate RC-1.12 is now
available for testing. Please help us complete all the validation
testing! For more information on release validation testing, see:
 https://fedoraproject.org/wiki/QA:Release_validation_test_plan

Test coverage information for the current release can be seen at:
 https://openqa.fedoraproject.org/testcase_stats/40

You can see all results, find testing instructions and image download
locations, and enter results on the Summary page:

 https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Summary

The individual test result pages are:

https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Installation
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Base
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Server
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Cloud
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Desktop
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Security_Lab

All RC priority test cases for each of these [test pages][2] must
pass in order to meet the [RC Release Criteria][3].

Help is available on [the Fedora Quality chat channel][4], [the Fedora
Quality tag on Discourse][5], or on [the test list][6].

Current Blocker and Freeze Exception bugs:
 https://qa.fedoraproject.org/blockerbugs/current

[1]: https://fedorapeople.org/groups/schedule/f-40/f-40-quality-tasks.html
[2]: https://fedoraproject.org/wiki/QA:Release_validation_test_plan
[3]: https://fedoraproject.org/wiki/Fedora_40_RC_Release_Criteria
[4]: 
https://matrix.to/#/#quality:fedoraproject.org?web-instance[element.io]=chat.fedoraproject.org
[5]: https://discussion.fedoraproject.org/tags/c/project/7/quality-team
[6]: https://lists.fedoraproject.org/archives/list/t...@lists.fedoraproject.org/
--
___
test-announce mailing list -- test-annou...@lists.fedoraproject.org
To unsubscribe send an email to test-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/test-annou...@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

CVE-2024-2905: World-readable /etc/shadow & /etc/gshadow on Fedora CoreOS, IoT, Atomic Desktops

2024-04-10 Thread Timothée Ravier 
Due to a bug in rpm-ostree, the /etc/shadow, /etc/shadow-, /etc/gshadow and 
/etc/gshadow- files in Fedora CoreOS, IoT, Atomic Desktops have the 
world-readable bit set.

== Affected versions ==

All Fedora CoreOS nodes installed starting from the following versions are 
impacted:
- stable: 38.20230902.3.0
- testing: 38.20230902.2.1
- next: 38.20230902.1.1

Fedora IoT and Fedora Atomic Desktops (Silverblue, Kinoite, Sway Atomic, Budgie 
Atomic) systems that were installed from Fedora 39 and later release media and 
ISOs are affected.

This only impacts new installations and not updated systems thus systems 
installed from artifacts before those releases are not impacted (Fedora 38 or 
earlier).

This only impacts systems where a password is set. Systems where only SSH keys 
were used are not impacted by this vulnerability even though it is present on 
the node.

On systems with SELinux enabled and in enforcing mode, access to those files is 
limited to unconfined (usually interactive) users, unconfined systemd services 
and privileged containers. Confined daemons, users and containers are not able 
to access them.

== Fixed versions ==

The following Fedora CoreOS versions fix the issue and include a systemd unit 
to fix existing systems on update:
- stable: 39.20240322.3.1
- testing: 39.20240407.2.0
- next: 40.20240408.1.0

Fedora CoreOS systems with automatic updates enabled will automatically get the 
update starting on 2024-04-10 14:00 UTC.

Fedora Atomic Desktops version 39.20240410.1 includes the fix. The fix is still 
pending for Fedora Atomic Desktops 40 (not officially released yet).

An update with the fix for Fedora IoT is still pending.

== Workaround / immediate fix ==

To immediately fix existing systems, you can run the following command as root:

chmod --verbose  /etc/shadow /etc/gshadow /etc/shadow- /etc/gshadow-

As a precaution, we recommend rotating all user credentials stored in those 
files.

== References ==

GitHub Security Advisory: 
https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
Red Hat Security Advisory: https://access.redhat.com/security/cve/CVE-2024-2905
Fedora CoreOS issue: https://github.com/coreos/fedora-coreos-tracker/issues/1705
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Looking for people to be stewards of rpminspect-data-fedora

2024-04-10 Thread David Cantrell 
On 4/9/24 17:14, Kevin Fenzi wrote:
> On Tue, Apr 09, 2024 at 01:55:41PM -0400, David Cantrell wrote:
>> Hello all,
>>
>> I am looking for multiple people to help be upstream stewards of the 
>> rpminspect-data-fedora project.  This is a project that contains config 
>> files and rules for running rpminspect on Fedora builds.  It is a package 
>> containing distribution policy.  It needs people to look over it and review 
>> and merge contributions from other developers, do occassional releases, and 
>> ensure that it is updated as new releases of Fedora are started (and we get 
>> new dist tags).
>>
>> The project currently lives here:
>>
>> https://github.com/rpminspect/rpminspect-data-fedora
>>
>> But absolutely can move depending on the desires of the individuals who take 
>> over maintenance.  I created these rules files in the data package for 
>> rpminspect so that different vendors can customize how rpminspect runs and 
>> reacts to findings.  Maintenance of the rules is independent of the software 
>> maintenance.
>>
>> If you are interested, please email me directly and we can get going on the 
>> logistics.  If you have general questions, feel free to ask here.
> 
> I wonder if this isn't something we should have the QE or releng teams
> manage... ie, adding new branch info (releng), adjusting tests (qe)?
> 

I think that's a good idea.  Syncing the creation of new dist tag files in 
rpminspect-data-fedora could be aligned with creating them in koji, etc.  QE 
and rel-eng don't specifically have to own doing that work, just making sure it 
has been taken care of by one of the rpminspect-data-fedora stewards.

Right now package maintainers can control how rpminspect runs with a local 
rpminspect config file in the dist-git repo.  However, some things cannot be 
overridden with that config file so those changes have to be made in the vendor 
data package.  So having someone review those changes and collectively sign off 
on them is also a good idea for process control.  (An example of something that 
has to be in the vendor data package and cannot be in the local package's 
rpminspect config file is an executable that needs to carry setuid or setgid 
bits.)

-- 
David Cantrell 
Red Hat, Inc. | Boston, MA | EST5EDT
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Looking for people to be stewards of rpminspect-data-fedora

2024-04-10 Thread David Cantrell 
Thank you!  I have a couple other people who have expressed interest, so I will 
send an email to all of you about the next steps (location of the repo, etc, 
those sorts of logistics).

Thanks,

On 4/9/24 18:47, Priscila Gutierres wrote:
> Hello David,
> 
> I would like to contribute. Will be an excellent learning opportunity.
> 
> Priscila.
> 
> On Tue, Apr 9, 2024 at 6:14 PM Kevin Fenzi  > wrote:
> 
> On Tue, Apr 09, 2024 at 01:55:41PM -0400, David Cantrell wrote:
> > Hello all,
> >
> > I am looking for multiple people to help be upstream stewards of the 
> rpminspect-data-fedora project.  This is a project that contains config files 
> and rules for running rpminspect on Fedora builds.  It is a package 
> containing distribution policy.  It needs people to look over it and review 
> and merge contributions from other developers, do occassional releases, and 
> ensure that it is updated as new releases of Fedora are started (and we get 
> new dist tags).
> >
> > The project currently lives here:
> >
> > https://github.com/rpminspect/rpminspect-data-fedora 
> 
> >
> > But absolutely can move depending on the desires of the individuals who 
> take over maintenance.  I created these rules files in the data package for 
> rpminspect so that different vendors can customize how rpminspect runs and 
> reacts to findings.  Maintenance of the rules is independent of the software 
> maintenance.
> >
> > If you are interested, please email me directly and we can get going on 
> the logistics.  If you have general questions, feel free to ask here.
> 
> I wonder if this isn't something we should have the QE or releng teams
> manage... ie, adding new branch info (releng), adjusting tests (qe)?
> 
> kevin
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org 
> 
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org 
> 
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 
> 
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
> 
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org 
> 
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue 
> 
> 
> 
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue

-- 
David Cantrell 
Red Hat, Inc. | Boston, MA | EST5EDT
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Fedora 40 compose report: 20240410.n.0 changes

2024-04-10 Thread Fedora Branched Report 
OLD: Fedora-40-20240409.n.0
NEW: Fedora-40-20240410.n.0

= SUMMARY =
Added images:2
Dropped images:  3
Added packages:  0
Dropped packages:0
Upgraded packages:   8
Downgraded packages: 0

Size of added packages:  0 B
Size of dropped packages:0 B
Size of upgraded packages:   92.22 MiB
Size of downgraded packages: 0 B

Size change of upgraded packages:   -208.80 KiB
Size change of downgraded packages: 0 B

= ADDED IMAGES =
Image: Workstation live aarch64
Path: 
Workstation/aarch64/iso/Fedora-Workstation-Live-aarch64-40-20240410.n.0.iso
Image: Silverblue ociarchive ppc64le
Path: Silverblue/ppc64le/images/Fedora-Silverblue-40.20240410.n.0.ociarchive

= DROPPED IMAGES =
Image: KDE live aarch64
Path: Spins/aarch64/iso/Fedora-KDE-Live-aarch64-40-20240409.n.0.iso
Image: LXQt live aarch64
Path: Spins/aarch64/iso/Fedora-LXQt-Live-aarch64-40-20240409.n.0.iso
Image: Xfce raw-xz aarch64
Path: Spins/aarch64/images/Fedora-Xfce-40-20240409.n.0.aarch64.raw.xz

= ADDED PACKAGES =

= DROPPED PACKAGES =

= UPGRADED PACKAGES =
Package:  fedora-messaging-3.5.0-2.fc40
Old package:  fedora-messaging-3.5.0-1.fc40
Summary:  Set of tools for using Fedora's messaging infrastructure
RPMs: fedora-messaging fedora-messaging-doc python3-fedora-messaging
Size: 263.63 KiB
Size change:  672 B
Changelog:
  * Thu Apr 04 2024 Aurelien Bompard  - 3.5.0-2
  - Remove "-s" from the script shebangs (https://bugzilla.redhat.com/2272526)
  - Relax the dependency on jsonschema (https://bugzilla.redhat.com/2272967)


Package:  fedora-obsolete-packages-40-28
Old package:  fedora-obsolete-packages-40-25
Summary:  A package to obsolete retired packages
RPMs: fedora-obsolete-packages
Size: 38.78 KiB
Size change:  8.28 KiB
Changelog:
  * Sat Feb 24 2024 Otto Liljalaakso  - 40-26
  - Obsolete some retired rubygems that prevent upgrade to F40

  * Tue Apr 02 2024 Mattia Verga  - 40-27
  - Obsolete celestia and celestia-data

  * Tue Apr 02 2024 Miro Hron??ok  - 40-28
  - Update the list of obsoleted Python 3.11 packages
  - Fixes upgrades from Fedora 37 and 38
  - Fixes: rhbz#2233409


Package:  fedora-release-40-38
Old package:  fedora-release-40-0.37
Summary:  Fedora release files
RPMs: fedora-release fedora-release-budgie fedora-release-budgie-atomic 
fedora-release-cinnamon fedora-release-cloud fedora-release-common 
fedora-release-compneuro fedora-release-container fedora-release-coreos 
fedora-release-designsuite fedora-release-i3 fedora-release-identity-basic 
fedora-release-identity-budgie fedora-release-identity-budgie-atomic 
fedora-release-identity-cinnamon fedora-release-identity-cloud 
fedora-release-identity-compneuro fedora-release-identity-container 
fedora-release-identity-coreos fedora-release-identity-designsuite 
fedora-release-identity-i3 fedora-release-identity-iot 
fedora-release-identity-kde fedora-release-identity-kinoite 
fedora-release-identity-lxqt fedora-release-identity-matecompiz 
fedora-release-identity-mobility fedora-release-identity-server 
fedora-release-identity-silverblue fedora-release-identity-snappy 
fedora-release-identity-soas fedora-release-identity-sway 
fedora-release-identity-sway-atomic fedora-release-identity-toolbx 
fedora-release-identity-workstation fedora-release-identity-xfce 
fedora-release-iot fedora-release-kde fedora-release-kinoite 
fedora-release-lxqt fedora-release-matecompiz fedora-release-mobility 
fedora-release-ostree-desktop fedora-release-server fedora-release-silverblue 
fedora-release-snappy fedora-release-soas fedora-release-sway 
fedora-release-sway-atomic fedora-release-toolbx fedora-release-workstation 
fedora-release-xfce
Size: 614.23 KiB
Size change:  3.75 KiB
Changelog:
  * Sat Apr 06 2024 Kevin Fenzi  - 40-38
  - Move to release versioning for Fedora 40 final


Package:  fedora-repos-40-1
Old package:  fedora-repos-40-0.4
Summary:  Fedora package repositories
RPMs: fedora-gpg-keys fedora-repos fedora-repos-archive 
fedora-repos-eln fedora-repos-ostree fedora-repos-rawhide
Size: 177.27 KiB
Size change:  294 B
Changelog:
  * Sat Apr 06 2024 Kevin Fenzi  - 40-1
  - Disable updates-testing for f40 final release.


Package:  gtk4-4.14.2-2.fc40
Old package:  gtk4-4.14.1-1.fc40
Summary:  GTK graphical user interface library
RPMs: gtk4 gtk4-devel gtk4-devel-docs gtk4-devel-tools
Size: 73.77 MiB
Size change:  24.38 KiB
Changelog:
  * Fri Apr 05 2024 David King  - 4.14.2-1
  - Update to 4.14.2

  * Tue Apr 09 2024 Michael Catanzaro  - 4.14.2-2
  - Add patch to hopefully fix Snapshot crash on startup


Package:  passt-0^20240326.g4988e2b-1.fc40
Old package:  passt-0^20240320.g71dd405-1.fc40
Summary:  User-mode networking daemons for virtual machines and namespaces
RPMs: passt passt-selinux
Size: 625.81 KiB
Size change:  765 B
Changelog:
  * Tue Mar 26 2024 Stef

Re: CVE-2024-2905: World-readable /etc/shadow & /etc/gshadow on Fedora CoreOS, IoT, Atomic Desktops

2024-04-10 Thread Christopher Klooz 


On 10/04/2024 15.52, Timothée Ravier wrote:

Due to a bug in rpm-ostree, the /etc/shadow, /etc/shadow-, /etc/gshadow and 
/etc/gshadow- files in Fedora CoreOS, IoT, Atomic Desktops have the 
world-readable bit set.

== Affected versions ==

All Fedora CoreOS nodes installed starting from the following versions are 
impacted:
- stable: 38.20230902.3.0
- testing: 38.20230902.2.1
- next: 38.20230902.1.1

Fedora IoT and Fedora Atomic Desktops (Silverblue, Kinoite, Sway Atomic, Budgie 
Atomic) systems that were installed from Fedora 39 and later release media and 
ISOs are affected.

This only impacts new installations and not updated systems thus systems 
installed from artifacts before those releases are not impacted (Fedora 38 or 
earlier).

This only impacts systems where a password is set. Systems where only SSH keys 
were used are not impacted by this vulnerability even though it is present on 
the node.

On systems with SELinux enabled and in enforcing mode, access to those files is 
limited to unconfined (usually interactive) users, unconfined systemd services 
and privileged containers. Confined daemons, users and containers are not able 
to access them.

== Fixed versions ==

The following Fedora CoreOS versions fix the issue and include a systemd unit 
to fix existing systems on update:
- stable: 39.20240322.3.1
- testing: 39.20240407.2.0
- next: 40.20240408.1.0

Fedora CoreOS systems with automatic updates enabled will automatically get the 
update starting on 2024-04-10 14:00 UTC.

Fedora Atomic Desktops version 39.20240410.1 includes the fix. The fix is still 
pending for Fedora Atomic Desktops 40 (not officially released yet).

An update with the fix for Fedora IoT is still pending.

== Workaround / immediate fix ==

To immediately fix existing systems, you can run the following command as root:

chmod --verbose  /etc/shadow /etc/gshadow /etc/shadow- /etc/gshadow-

As a precaution, we recommend rotating all user credentials stored in those 
files.

== References ==

GitHub Security Advisory: 
https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6
Red Hat Security Advisory: https://access.redhat.com/security/cve/CVE-2024-2905
Fedora CoreOS issue: https://github.com/coreos/fedora-coreos-tracker/issues/1705
--

I suggest to open and maintain a Project Discussion topic (such as [1]) because 
the majority of users will watch there rather than here.

Let me know if I can help there.

[1] 
https://discussion.fedoraproject.org/t/attention-malicious-code-in-current-beta-pre-release-testing-versions-variants-f40-and-rawhide-affected-users-of-f40-rawhide-need-to-respond/110683

--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: convert everything to rpmautospec?

2024-04-10 Thread Pierre-Yves Chibon 
On Mon, Apr 08, 2024 at 02:55:36PM +0200, Emmanuel Seyman wrote:
> * Zbigniew Jędrzejewski-Szmek [08/04/2024 09:02] :
> >
> > Well, you and Kevin see "salami tactics" (whatever that may be),
> 
> FTR, I have no idea what "salami tactics" is.
> 
> > while I see normal engineering practice: some new idea is hatched,
> > it's implemented and used narrowly, them it's applied by default
> > and more widely, and possibly at the end previous methods are
> > deprecated.
> 
> This sounds acceptable but is not at all how these changes are proposed.
> 
> An proposal is made, stating explicity that it will be opt-in or target
> a subset of the target audience and never even suggesting that the scope
> might one day be expanded.
> 
> It is accepted based on that premise and, after a while, changes are
> made to make the change default or opt-out, leaving the people who would
> not have accepted it had they known they would be forced to use it with
> no recourse.
> 
> This is unfriendly (thus violating one of Fedora's core principles) at
> best and deceitful at worst.
> 
> > The alternative would be to have "grand plans" where we decide that
> > some technology will be used by default and mandatory before we deploy
> > it widely and get feedback.
> 
> Another alternative would be not lie to the target audience by
> initially claiming that the change is opt-in. Yet another alternative
> would be to not go back on this claim.

There is one flaw in the reasoning here, as one of the original person behind
rpmautospec (with Nils who arguably has done more for it than me), you can see
that neither of us are involved in this proposal nor this discussion.

So it's a bit unfair to qualify that this was/is a lie and that the goal from
the get go when the change is being asked/proposed by someone else.

So no, it was not a lie, the goal was to make it opt-in. It is still the agreed
behavior and if someone proposes to change it, it's still not a lie. It would be
a lie if at that time, I would have thought: "this is going to be awesome and
we'll end up forcing it but for now I won't present it as such".

Let's look at it in another way: would you say that the people who leaved in the
14th century were liars for saying that the earth is flat?
No, they just didn't know.
Things/context changes and with this our knowledge or opinions. That doesn't
mean where we started from was a lie, it was just a different time/context.


So please, express your feeling in another way and don't use that word.

Thanks,
Pierre
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Looking for people to be stewards of rpminspect-data-fedora

2024-04-10 Thread Adam Williamson 
On Tue, 2024-04-09 at 14:14 -0700, Kevin Fenzi wrote:
> On Tue, Apr 09, 2024 at 01:55:41PM -0400, David Cantrell wrote:
> > Hello all,
> > 
> > I am looking for multiple people to help be upstream stewards of the 
> > rpminspect-data-fedora project.  This is a project that contains config 
> > files and rules for running rpminspect on Fedora builds.  It is a package 
> > containing distribution policy.  It needs people to look over it and review 
> > and merge contributions from other developers, do occassional releases, and 
> > ensure that it is updated as new releases of Fedora are started (and we get 
> > new dist tags).
> > 
> > The project currently lives here:
> > 
> > https://github.com/rpminspect/rpminspect-data-fedora
> > 
> > But absolutely can move depending on the desires of the individuals who 
> > take over maintenance.  I created these rules files in the data package for 
> > rpminspect so that different vendors can customize how rpminspect runs and 
> > reacts to findings.  Maintenance of the rules is independent of the 
> > software maintenance.
> > 
> > If you are interested, please email me directly and we can get going on the 
> > logistics.  If you have general questions, feel free to ask here.
> 
> I wonder if this isn't something we should have the QE or releng teams
> manage... ie, adding new branch info (releng), adjusting tests (qe)?

potentially we can be involved in this, yes. I did not have time to
look at it yet because of F40 release.
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org
https://www.happyassassin.net



--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Switching XZ for ZSTD?

2024-04-10 Thread Daniel Alley 
>[1] https://github.com/facebook/zstd/issues/395#issuecomment-535875379
> .
>If that was part of zstd or even actively being looked at, then yes.

I mean, per your own comment on that thread, the API *is* available and it's in 
zstd, but no frontend supports it yet.

And per the maintainer's comment 
(https://github.com/facebook/zstd/issues/395#issuecomment-492741194) the only 
thing preventing it from becoming more official, is being "battle-tested", 
which means shipping a frontend that does use it (perhaps a third-party one 
until it's stabilized completely) and getting people to use it.  They directly 
compare it to a chicken-and-egg problem 
(https://github.com/facebook/zstd/issues/395#issuecomment-492808642) and say 
that there's nothing more to do upstream until that happens.

And per the last comment in that thread 
(https://github.com/facebook/zstd/issues/395#issuecomment-974796390), there is 
a suggestion that the frontends already exist, it's just that nobody 
distributes them yet, and that making that happen could expedite the process.

So I guess I'm confused about what the blocker is?  If Fedora wants seekable 
zstd, then Fedora can make it happen by being the head on the spear.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Test-Announce] Re: Fedora 40 Candidate RC-1.12 Available Now!

2024-04-10 Thread Adam Williamson 
On Wed, 2024-04-10 at 12:50 +, rawh...@fedoraproject.org wrote:
> According to [the schedule][1], Fedora 40 Candidate RC-1.12 is now
> available for testing. Please help us complete all the validation
> testing! For more information on release validation testing, see:
>  https://fedoraproject.org/wiki/QA:Release_validation_test_plan
> 
> Test coverage information for the current release can be seen at:
>  https://openqa.fedoraproject.org/testcase_stats/40
> 
> You can see all results, find testing instructions and image download
> locations, and enter results on the Summary page:
> 
>  https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Summary
> 
> The individual test result pages are:
> 
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Installation
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Base
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Server
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Cloud
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Desktop
> https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.12_Security_Lab

An update on this: we have RC-1.13 coming in a few hours, but it just
fixes some filenames and updates uboot-tools from the RC to the final
release. Most 1.12 testing will be valid, so please continue to test
1.12 while 1.13 is cooking. At Go/No-Go tomorrow we'll decide whether
to ship 1.13 based on the testing of both.
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org
https://www.happyassassin.net



--
___
test-announce mailing list -- test-annou...@lists.fedoraproject.org
To unsubscribe send an email to test-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/test-annou...@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Looking for people to be stewards of rpminspect-data-fedora

2024-04-10 Thread Leslie Satenstein via devel 
I was noticing a missing file, titled a logfile, (Who did the inspection when, 
and was it OK)


Leslie Satenstein
 

On Wednesday, April 10, 2024 at 10:05:34 a.m. EDT, David Cantrell 
 wrote:  
 
 On 4/9/24 17:14, Kevin Fenzi wrote:
> On Tue, Apr 09, 2024 at 01:55:41PM -0400, David Cantrell wrote:
>> Hello all,
>>
>> I am looking for multiple people to help be upstream stewards of the 
>> rpminspect-data-fedora project.  This is a project that contains config 
>> files and rules for running rpminspect on Fedora builds.  It is a package 
>> containing distribution policy.  It needs people to look over it and review 
>> and merge contributions from other developers, do occassional releases, and 
>> ensure that it is updated as new releases of Fedora are started (and we get 
>> new dist tags).
>>
>> The project currently lives here:
>>
>> https://github.com/rpminspect/rpminspect-data-fedora
>>
>> But absolutely can move depending on the desires of the individuals who take 
>> over maintenance.  I created these rules files in the data package for 
>> rpminspect so that different vendors can customize how rpminspect runs and 
>> reacts to findings.  Maintenance of the rules is independent of the software 
>> maintenance.
>>
>> If you are interested, please email me directly and we can get going on the 
>> logistics.  If you have general questions, feel free to ask here.
> 
> I wonder if this isn't something we should have the QE or releng teams
> manage... ie, adding new branch info (releng), adjusting tests (qe)?
> 

I think that's a good idea.  Syncing the creation of new dist tag files in 
rpminspect-data-fedora could be aligned with creating them in koji, etc.  QE 
and rel-eng don't specifically have to own doing that work, just making sure it 
has been taken care of by one of the rpminspect-data-fedora stewards.

Right now package maintainers can control how rpminspect runs with a local 
rpminspect config file in the dist-git repo.  However, some things cannot be 
overridden with that config file so those changes have to be made in the vendor 
data package.  So having someone review those changes and collectively sign off 
on them is also a good idea for process control.  (An example of something that 
has to be in the vendor data package and cannot be in the local package's 
rpminspect config file is an executable that needs to carry setuid or setgid 
bits.)

-- 
David Cantrell 
Red Hat, Inc. | Boston, MA | EST5EDT
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
  --
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Test-Announce] Fedora 40 Candidate RC-1.13 Available Now!

2024-04-10 Thread rawhide 
According to [the schedule][1], Fedora 40 Candidate RC-1.13 is now
available for testing. Please help us complete all the validation
testing! For more information on release validation testing, see:
 https://fedoraproject.org/wiki/QA:Release_validation_test_plan

Test coverage information for the current release can be seen at:
 https://openqa.fedoraproject.org/testcase_stats/40

You can see all results, find testing instructions and image download
locations, and enter results on the Summary page:

 https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Summary

The individual test result pages are:

https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Installation
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Base
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Server
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Cloud
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Desktop
https://fedoraproject.org/wiki/Test_Results:Fedora_40_RC_1.13_Security_Lab

All RC priority test cases for each of these [test pages][2] must
pass in order to meet the [RC Release Criteria][3].

Help is available on [the Fedora Quality chat channel][4], [the Fedora
Quality tag on Discourse][5], or on [the test list][6].

Current Blocker and Freeze Exception bugs:
 https://qa.fedoraproject.org/blockerbugs/current

[1]: https://fedorapeople.org/groups/schedule/f-40/f-40-quality-tasks.html
[2]: https://fedoraproject.org/wiki/QA:Release_validation_test_plan
[3]: https://fedoraproject.org/wiki/Fedora_40_RC_Release_Criteria
[4]: 
https://matrix.to/#/#quality:fedoraproject.org?web-instance[element.io]=chat.fedoraproject.org
[5]: https://discussion.fedoraproject.org/tags/c/project/7/quality-team
[6]: https://lists.fedoraproject.org/archives/list/t...@lists.fedoraproject.org/
--
___
test-announce mailing list -- test-annou...@lists.fedoraproject.org
To unsubscribe send an email to test-announce-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/test-annou...@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue