On Wed, 2025-07-09 at 20:11 -0500, Chris Adams wrote:
> Once upon a time, Adam Williamson said:
> > On Wed, 2025-07-09 at 20:10 -0400, Sam Varshavchik wrote:
> > > Chris Murphy writes:
> > >
> > > > I'm able to fix this with efibootmgr, but... what a swig of sour milk.
> > >
> > > That pretty mu
OLD: Fedora-eln-20250709.n.1
NEW: Fedora-eln-20250710.n.0
= SUMMARY =
Added images:0
Dropped images: 0
Added packages: 20
Dropped packages:0
Upgraded packages: 38
Downgraded packages: 0
Size of added packages: 121.49 MiB
Size of dropped packages:0 B
Size
On Wed, Jul 9, 2025 at 7:52 PM Kevin Fenzi wrote:
> We should probibly put this info into onboarding docs, it's just been a
> long time since it changed.
...
> I tried to announce things to devel-announce (which also cc to this
> list).
>
> Open to ideas on how to better announce things.
I think
On 7/9/25 6:11 PM, Chris Adams wrote:
Once upon a time, Adam Williamson said:
On Wed, 2025-07-09 at 20:10 -0400, Sam Varshavchik wrote:
Chris Murphy writes:
I'm able to fix this with efibootmgr, but... what a swig of sour milk.
That pretty much describes my kneejerk reaction about a decade
Em qua., 9 de jul. de 2025, 22:11, Chris Adams escreveu:
> Once upon a time, Adam Williamson said:
> > On Wed, 2025-07-09 at 20:10 -0400, Sam Varshavchik wrote:
> > > Chris Murphy writes:
> > >
> > > > I'm able to fix this with efibootmgr, but... what a swig of sour
> milk.
> > >
> > > That pret
Once upon a time, Adam Williamson said:
> On Wed, 2025-07-09 at 20:10 -0400, Sam Varshavchik wrote:
> > Chris Murphy writes:
> >
> > > I'm able to fix this with efibootmgr, but... what a swig of sour milk.
> >
> > That pretty much describes my kneejerk reaction about a decade ago when I
> > fi
On Wed, 2025-07-09 at 20:10 -0400, Sam Varshavchik wrote:
> Chris Murphy writes:
>
> > I'm able to fix this with efibootmgr, but... what a swig of sour milk.
>
> That pretty much describes my kneejerk reaction about a decade ago when I
> first read about secure boot, and how great it is to have
Chris Murphy writes:
I'm able to fix this with efibootmgr, but... what a swig of sour milk.
That pretty much describes my kneejerk reaction about a decade ago when I
first read about secure boot, and how great it is to have each boot stage
signed by an all-mighty cert.
I swear that my im
On Wed, 2025-07-09 at 17:58 -0400, Chris Murphy wrote:
>
> On Wed, Jul 9, 2025, at 5:14 PM, Chris Adams wrote:
> > Once upon a time, Chris Murphy said:
> > > Not After : Jun 27 21:32:45 2026 GMT
> >
> > > I'm confused why I'm able to boot. Seems like shim should fail
> > > verificat
On Wed, Jul 9, 2025, at 5:14 PM, Chris Adams wrote:
> Once upon a time, Chris Murphy said:
>> Not After : Jun 27 21:32:45 2026 GMT
>
>> I'm confused why I'm able to boot. Seems like shim should fail verification
>> if the public key is expired.
>
> Are you posting from the future?
Once upon a time, Chris Murphy said:
> Not After : Jun 27 21:32:45 2026 GMT
> I'm confused why I'm able to boot. Seems like shim should fail verification
> if the public key is expired.
Are you posting from the future? :)
--
Chris Adams
--
On Wed, Jul 9, 2025, at 4:42 PM, Chris Murphy wrote:
> I have a Lenovo Thinkpad, just a few years old I suppose. It has
> received firmware updates as recently as end of last year and it has
>
> [1.072253] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI
> CA 2011: 13adbf4309bd827
Hello Martin,
Thank you very much for the heads-up and all the information.
I will bring up the topic of migrating to dasbus with the
input-remapper developer over the weekend and we'll see for the next
steps.
Thanks for the grace period as well.
Best regards,
A.
--
On Tue, Jul 8, 2025, at 8:44 PM, Mateus Rodrigues Costa wrote:
> I guess that users with devices that actively receive BIOS updates
> should receive a update with the new certificates included, but it's
> unknown what will happen for devices that are basically out of
> support.
I have a Lenovo T
On Tue, Jul 08, 2025 at 09:22:06AM +0200, Zdenek Dohnal wrote:
> Hi all,
>
> thank you for all the work you did/are doing atm with datacenter move! I'm
> looking forward to faster infrastructure for my builds and tests :) .
>
> Unfortunately (as with every big change) discrepancies are appearing
On Wed, Jul 9, 2025 at 3:24 PM Kaleb Keithley wrote:
>
> On Wed, Jul 9, 2025 at 2:36 PM Stephen Gallagher wrote:
>>
>> On Wed, Jul 9, 2025 at 1:17 PM Kaleb Keithley wrote:
>> >
>> > Arrow packages include libarrow*.rpm parquet*.rpm (libparquet*), and
>> > python-pyarrow*.rpm. Updating to Arro
On Wed, Jul 9, 2025 at 2:36 PM Stephen Gallagher
wrote:
> On Wed, Jul 9, 2025 at 1:17 PM Kaleb Keithley wrote:
> >
> > Arrow packages include libarrow*.rpm parquet*.rpm (libparquet*), and
> python-pyarrow*.rpm. Updating to Arrow 20.0.0
> >
> > Correction Correction Correction
>
On Wed, Jul 9, 2025 at 1:17 PM Kaleb Keithley wrote:
>
> Arrow packages include libarrow*.rpm parquet*.rpm (libparquet*), and
> python-pyarrow*.rpm. Updating to Arrow 20.0.0
>
> Correction Correction Correction
> side-tag f43-build-side-114791 has been created for rebuilding the
Em qua., 9 de jul. de 2025 às 13:21, Alexander F. Lent
escreveu:
>
> Hi Michael, Chris, and devel folks,
>
> On Wed, Jul 9, 2025, 11:16 Michael Cronenworth wrote:
>>
>> On 7/9/25 9:51 AM, Chris Adams wrote:
>> > How can I tell what my systems have (ideally from within Linux)?
>>
>> There might be
On Wed, Jul 9, 2025 at 11:16 AM Kaleb Keithley wrote:
> Arrow packages include libarrow*.rpm parquet*.rpm (libparquet*), and
> python-pyarrow*.rpm. Updating to Arrow 20.0.0
>
> Correction Correction Correction
> side-tag f43-build-side-114791 has been created for rebuilding the d
Once upon a time, Michael Cronenworth said:
> # dnf install efivar
> $ efivar --list | grep -i kek
> $ efivar -p -n
>
> It will be a hexdump so you will need to look at the ASCII output
> for "Microsoft Corporation KEK CA 2011" or "Microsoft Corporation
> KEK 2K CA 2023".
Thanks, that works, an
Arrow packages include libarrow*.rpm parquet*.rpm (libparquet*), and
python-pyarrow*.rpm. Updating to Arrow 20.0.0
Correction Correction Correction
side-tag f43-build-side-114791 has been created for rebuilding the
dependent packages:
* ceph (for which I am the maintainer)
* gda
Hi,
If anyone wants, there are a couple of simple packages to review:
* https://bugzilla.redhat.com/show_bug.cgi?id=2378972
* https://bugzilla.redhat.com/show_bug.cgi?id=2379069
I'm willing to review others packages in exchange :).
Thanks
Fale
--
Fabio Alessandro "Fale" Locati
fale.io
--
_
On 7/9/25 11:21 AM, Alexander F. Lent wrote:
I usually use mokutil to list keys: (it should be installed by default)
$ mokutil -l --kek
$ mokutil -l --db
Thanks! This list showed I missed the CA in the hexdump. My Supermicro server has
the 2023 CA.
However, when I ran the same commands on m
Hi!
I am the Fedora maintainer of python-pydbus[0] and would like to
announce the intent of orphaning the package in the Fedora 44
timeframe.
As for some backstory, the Anaconda installer team packaged pydbus long
ago as a better replacement for the python-dbus library. While it
indeed worked muc
Hi Michael, Chris, and devel folks,
On Wed, Jul 9, 2025, 11:16 Michael Cronenworth wrote:
> On 7/9/25 9:51 AM, Chris Adams wrote:
> > How can I tell what my systems have (ideally from within Linux)?
>
> There might be a better way, but I used "efivar" from the package with the
> same name.
>
I
Hi -
npopov wrote:
> Thanks! If you still have the rpm, would you mind also sharing how large
> the installed size is? (Via something like rpm2cpio
> llvm-static-20.1.7-1.fc42.x86_64.rpm | cpio -idmv followed by du -sh usr).
Certainly:
before: 366M
after: 2.5G
> I'd expect that the new source
On Wednesday, 09 July 2025 at 14:38, Michael Catanzaro wrote:
> Your problem is:
> https://github.com/fwupd/fwupd/wiki/LVFS-Triaged-Issue:-dbx-efivarfs-IO-error
Thanks. I went into firmware setup and reset the SecureBoot keys and now
the update is not showing as available at all. I'm not sure I un
* Gerd Hoffmann:
>> At least for me it seems to be a extremely generic update that doesn't rely
>> on hardware specific characteristics as is with a full BIOS update.
>
> Correct. It's literally just the new ms kek key with a pkcs7 signature
> from the hardware vendor's PK key. No code update.
On Wed, 2025-07-09 at 13:38 +, Richard Hughes via devel wrote:
> In the pathological case at least one vendor has lost the private key used
> for signing their PK, so they're having to issue firmware updates to replace
> the PK on the running system -- which could be a terrible idea from an
On Wed, 2025-07-09 at 13:38 +, Richard Hughes via devel wrote:
> In the pathological case at least one vendor has lost the private key used
> for signing their PK, so they're having to issue firmware updates to replace
> the PK on the running system -- which could be a terrible idea from an
On 7/9/25 9:51 AM, Chris Adams wrote:
How can I tell what my systems have (ideally from within Linux)?
There might be a better way, but I used "efivar" from the package with the same
name.
# dnf install efivar
$ efivar --list | grep -i kek
$ efivar -p -n
It will be a hexdump so you will nee
OLD: Fedora-eln-20250708.n.0
NEW: Fedora-eln-20250709.n.1
= SUMMARY =
Added images:0
Dropped images: 0
Added packages: 1
Dropped packages:1
Upgraded packages: 39
Downgraded packages: 0
Size of added packages: 178.47 KiB
Size of dropped packages:611.65 KiB
On Wednesday, 9 July 2025 at 15:51, Chris Adams wrote:
> How can I tell what my systems have (ideally from within Linux)?
If you need to script it "fwupdmgr get-devices --json" assuming you have fwupd
>= 2.0.12 -- or just use gnome-firmware if you want something with a UI.
Richard.
--
__
Dear all,
You are kindly invited to the meeting:
ELN SIG on 2025-07-10 from 15:00:00 to 16:00:00 US/Eastern
At meet...@fedoraproject.org
The meeting will be about:
Source: https://calendar.fedoraproject.org//meeting/11018/
--
___
devel mailin
Em qua., 9 de jul. de 2025, 10:38, Richard Hughes via devel <
devel@lists.fedoraproject.org> escreveu:
> On Wednesday, 9 July 2025 at 09:52, Daniel P. Berrangé <
> berra...@redhat.com> wrote:
> > Historically fwupd wasn't able to cope with this, but recent releases
> > have been enhanced to handle
Once upon a time, Michael Cronenworth said:
> My Supermicro server motherboard from 2019 has a KEK with only the
> 2011 CA. Latest UEFI released Dec 2024.
> My Gigabyte desktop motherboard from 2022 has a KEK with both 2011
> and 2023 CAs. Latest UEFI released Apr 2025.
How can I tell what my sys
On 7/8/25 7:44 PM, Mateus Rodrigues Costa wrote:
For instance, my device, a Dell laptop, for which fwupd recognizes:
the firmware (which I update via a built in Bios flash utility), the
dbx (updated via fwupd) and a mysterious "Dell Platform Key", which
might be Microsoft's certificate along with
On Wednesday, 9 July 2025 at 09:52, Daniel P. Berrangé
wrote:
> Historically fwupd wasn't able to cope with this, but recent releases
> have been enhanced to handle the updates that Linux users will need
> to see, which should mitigate the worst of the impact. There's a
> reasonable overview of t
> On Wed, Jul 09, 2025 at 01:14:59PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Jul 09, 2025 at 01:16:45PM +0200, Jan Stanek wrote:
> > > Hello everyone!
> > > I recently ran into build failure in the upcoming nodejs24, on i686
> > > architecture (yay!). It seems like some of the sse vector instr
Your problem is:
https://github.com/fwupd/fwupd/wiki/LVFS-Triaged-Issue:-dbx-efivarfs-IO-error
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
http
Hi,
> At least for me it seems to be a extremely generic update that doesn't rely
> on hardware specific characteristics as is with a full BIOS update.
Correct. It's literally just the new ms kek key with a pkcs7 signature
from the hardware vendor's PK key. No code update.
take care,
Gerd
On Wed, Jul 09, 2025 at 01:14:59PM +0100, Daniel P. Berrangé wrote:
> On Wed, Jul 09, 2025 at 01:16:45PM +0200, Jan Stanek wrote:
> > Hello everyone!
> > I recently ran into build failure in the upcoming nodejs24, on i686
> > architecture (yay!). It seems like some of the sse vector instructions
>
On Wednesday, 09 July 2025 at 14:06, Michael Catanzaro wrote:
> On Wed, Jul 9 2025 at 11:28:19 AM +02:00:00, Gerd Hoffmann
> wrote:
> > Problem with that is not so much linux, but that a KEK update has never
> > happened before so there are chances that bios vendors messed up things
> > and updati
Em qua., 9 de jul. de 2025, 09:06, Michael Catanzaro
escreveu:
> On Wed, Jul 9 2025 at 11:28:19 AM +02:00:00, Gerd Hoffmann
> wrote:
> > Problem with that is not so much linux, but that a KEK update has
> > never
> > happened before so there are chances that bios vendors messed up
> > things
> >
On Wednesday, 09 July 2025 at 12:01, Vít Ondruch wrote:
>
> Dne 09. 07. 25 v 11:49 Michal Schorm napsal(a):
> > Thoughts with disclaimer - I have zero technical experience in this area.
> >
> > As I see it, the problem is:
> > - we have a service(s) running on good will, volunteer work and
> > do
On Wed, Jul 09, 2025 at 01:16:45PM +0200, Jan Stanek wrote:
> Hello everyone!
> I recently ran into build failure in the upcoming nodejs24, on i686
> architecture (yay!). It seems like some of the sse vector instructions
> are not defined, on just this arch:
> Side note, the code that is trying to
On Wed, Jul 9 2025 at 11:28:19 AM +02:00:00, Gerd Hoffmann
wrote:
Problem with that is not so much linux, but that a KEK update has
never
happened before so there are chances that bios vendors messed up
things
and updating the KEK doesn't work. Also not sure how good older
hardware is covered
On Wed, Jul 09, 2025 at 01:54:07PM +0200, Fabio Valentini wrote:
> Yeah - the i686 arch baseline *SHOULD* include SSE2 - since Fedora 29:
> https://fedoraproject.org/wiki/Changes/Update_i686_architectural_baseline_to_include_SSE2
But the
66 REX.W 0F 7E /r
MOVQ r/m64, xmm
instruction doesn't requir
On Wed, Jul 9, 2025 at 1:36 PM Tom Hughes via devel
wrote:
>
> On 09/07/2025 12:16, Jan Stanek wrote:
>
> > I recently ran into build failure in the upcoming nodejs24, on i686
> > architecture (yay!). It seems like some of the sse vector instructions
> > are not defined, on just this arch:
> >
> >
On 09/07/2025 12:16, Jan Stanek wrote:
I recently ran into build failure in the upcoming nodejs24, on i686
architecture (yay!). It seems like some of the sse vector instructions
are not defined, on just this arch:
```
../../deps/v8/src/strings/string-hasher.cc: In static member function
‘static
Hello everyone!
I recently ran into build failure in the upcoming nodejs24, on i686
architecture (yay!). It seems like some of the sse vector instructions
are not defined, on just this arch:
```
../../deps/v8/src/strings/string-hasher.cc: In static member function
‘static uint64_t v8::internal::Co
Dne 09. 07. 25 v 11:49 Michal Schorm napsal(a):
Thoughts with disclaimer - I have zero technical experience in this area.
As I see it, the problem is:
- we have a service(s) running on good will, volunteer work and
donations for everyone to use freely
- it just simply does not work anymore, it
Thoughts with disclaimer - I have zero technical experience in this area.
As I see it, the problem is:
- we have a service(s) running on good will, volunteer work and
donations for everyone to use freely
- it just simply does not work anymore, it burns all of the above, all
of the time
- so let's
Hi,
> (I believe on a UEFI Secure Boot VM it's shown)
The default secure boot variable store template shipped by fedora
includes the 2023 keys for roughly one year, so VMs younger than that
and fresh installs should have them.
> For instance, my device, a Dell laptop, for which fwupd recognize
On Tue, Jul 08, 2025 at 09:44:54PM -0300, Mateus Rodrigues Costa wrote:
> Hello all,
>
> As you guys know Secure Boot is supported by Fedora Linux and it
> relies on the Microsoft signing keys.
> Well, recently I was looking at this month's Windows 11 cumulative
> update and noticed this warning:
Am 09.07.25 um 04:45 schrieb Kevin Kofler via devel:
Is that not configuration-dependent? Checking only user agents with
"Mozilla" in them makes it very easy for the AI bots to bypass this
Of course but so far this is great heuristic.
As always you should never expect that anubis or something
OLD: Fedora-Rawhide-20250708.n.0
NEW: Fedora-Rawhide-20250709.n.0
= SUMMARY =
Added images:2
Dropped images: 1
Added packages: 4
Dropped packages:2
Upgraded packages: 163
Downgraded packages: 0
Size of added packages: 44.80 MiB
Size of dropped packages
Hi,
On 7/7/25 8:10 PM, David Auer wrote:
Hello,
following to the non-responsive maintainer policy I'm writing to this list to
ask if anyone knows how to contact the maintainer kushal. In addition to the
contact attempts through bugzilla I also wrote an email to a different address
found in a
Neal Gompa venit, vidit, dixit 2025-07-09 03:22:40:
> On Tue, Jul 8, 2025 at 8:45 PM Mateus Rodrigues Costa
> wrote:
> >
> > Hello all,
> >
> > As you guys know Secure Boot is supported by Fedora Linux and it
> > relies on the Microsoft signing keys.
> > Well, recently I was looking at this month'
On 7/8/25 6:34 AM, Luna Jernberg wrote:
tried to ping him in #foss-sthlm on Libera for you
Thank you for the ping :) That worked!!
Kushal
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.
On Tue, Jul 8, 2025 at 7:20 PM Frank Ch. Eigler wrote:
>
> Hi -
>
> I wrote:
>
> > I see what you mean. I've tried to gather this data about llvm on my
> > workstation, but recent rpmbuild's keep barfing with: [...]
>
> Uninstalling lua-devel and glibc-devel.i686 resulted in complete &
> compara
62 matches
Mail list logo
