changelogs in packages and space use
by Seth Vidal
Colin Walters mentioned on irc reducing the changelogs kept in pkgs a
bit to help us fit on the livecd a bit better. I didn't really believe
it would make enough of an impact to be noticeable but I did a little
mucking about and found I was wrong. So I wrote this:
http://skvidal.fedorapeople.org/changelog/changelog-sizes.py
It'll dump out 4 files:
- old-repo.txt : changelogs from the pkgs in the repos where the
changelog entry is > 1yr old
- new-repo.txt : changelogs from the pkgs in the repos where the
changelog entry is < 1yr old
- old-db.txt : changelogs from the pkgs in the rpmdb where the changelog
entry is > 1yr old
- new-db.txt : changelogs from the pkgs in the rpmdb where the changelog
entry is < 1yr old
On a mostly-rawhide system with rawhide repos I found:
8157 pkgs in rawhide repos:
new changelogs: 12M
old changelogs: 31M
on my system 1128 packages installed:
new changelogs: 2.2M
old changelogs: 8.6M
That may not seem like much but when we're squinched for space in 700M
on a livecd that 8.6M might be all that's needed. Moreover it may be a
bit silly to be carting all of this history around in all the pkgs and
repodata and in the rpmdb. Esp if we're trying to trim download sizes
for various items. So things we can do:
1. trim the changelogs at createrepo-runtime - fine - but that only gets
it for the repodata
2. trim repos at rpmbuild time - great - I've suggested it as an option
to rpmbuild on rpm-maint list.
3. trim them out of the pkgs the next time we change a package. Just
prune them down to the last years worth of changelogs - maybe saving the
old changelogs in a file in the cvs repository - or even into an unused
source file in the srpm?
What're people's thoughts on this?
-sv
16 years, 7 months
Re: Improving availability and guaranteeing integrity in ISO downloads
by Anthony Bryan
> http://www.getright.com/seedtorrent.html
>
> Supported by Azureus, among others. We already have an extensive
> HTTP/FTP mirror system to leverage.
>
> I've noticed, after the initial release rush, torrents end up being
> quite a bit slower than just downloading from a mirror. Especially on a
> less popular arch. (cough ppc cough...) In the past I've just stopped
> the torrent, downloaded the iso from a mirror, then restarted the
> torrent to help seed.
>
> It would be nice to just have this happen automagically.
That's how Metalink works with clients that also support P2P networks.
GetRight supports this w/ metalink, hopefully KGet will eventually
along with aria2. Phex also supports it over gnutella. (Sorry for the
late reply)
> On Tue, Jun 19, 2007 at 03:40:59PM -0400, Anthony Bryan wrote:
> > >On Sat, Jun 09, 2007 at 07:51:20PM +0200, Ruben Kerkhof wrote:
> >
> > Have you had a chance to look over Ruben's additions? Any feedback? He
> > said he re-licensed it to line up w/ mirrormanager. Any ideas/comments
> > for features in Metalink that could be of use to Fedora?
>
> Yes, I took a quick look; I'll be able to do something with this, but
> not for the next 4 weeks, as I'm out of the office moving houses and
> on vacation, then catching up on real work. :-)
checking in after 10 wks :) Will what Ruben submitted be usable?
a few more metalink apps have been released. Free Download Manager
(Win) has been released under GPL3.
DownThemAll 1.0b2 firefox extension is out, and displays more of the
info contained in a metalink to the person downloading, like a how
many mirrors are listed, logo,
description, version, os/arch, and other stuff that could be useful.
here are some screenshots the DTA team put up:
http://code.downthemall.net/maierman/metalink-test/metalink-feisty.png
http://code.downthemall.net/maierman/metalink-test/metalink-xp.png
http://code.downthemall.net/maierman/metalink-test/metalink-comment.png
there's also Celerius, a GTK python downloader in progress at
http://celerius.tuxfamily.org/ if anyone wants to help out.
--
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
)) Easier, More Reliable, Self Healing Downloads
16 years, 7 months
Developing Fedora Derivative distro yum "priority" question
by Mark
Hey,
First of all i hope this is the right place to ask this.
Imagine that i want to make a Fedora Derivative distro and add in
packages that fedora has only than with other things in it.. for
example k3b but than with ffmpeg support (something i can do because i
don't live in the us but fedora can't because of possible us law
restrictions?) how would i do that in a Fedora Derivative? i mean.. if
i type: "yum -y install k3b" and the version number of the fedora k3b
package is higher/newer than the version in my repository than the one
from fedora is being installed/updated.
Now i could of cause add exclude=k3b in the fedora.repo file but that
exclude list would get quite large with a full distro and yum would
get alot slower but it would prevent fedora files from installing and
allow my files to be installed. or is there some "priority" setting in
yum?
With priority i mean this:
fedora.repo has: k3b-5.5.5
mark.repo has k3b-4.4.4 but has the priority over all other .repo
files and this one gets installed. The yum manual doesn't say anything
about this. the closest is --exclude
is something like that available?
I hope that it's clear what i try to ask.
(for now) i don't have the intention to make a distro of my own but
who knows how the future looks ^_^
16 years, 7 months
Fedora Crypto Consolidation Project
by Steve Grubb
Hi,
I wanted to announce a new Fedora Project that will span several distro
releases and outline the reasons why we are starting this project. I believe
this issue affects the whole Open Source Community. But don't think anyone
has explained all the issues.
The basic problem is that users want to have high quality, tested crypto that
can meet any certifications that the user wishes to deploy into, is easy to
manage, and works seamlessly across all applications.
Wouldn't it be neat if you could obtain a digital certificate from a CA using
Firefox, and then immediately turn around and use it to ssh to another
machine? Wouldn't it be nice to be able to turn off SSL2 in a central control
panel, and be guaranteed that all apps on your desktop obey that decision?
Wouldn't it be cool if every app needing crypto noticed that you inserted a
smart card, and immediately took advantage of it for operations like signing
email or setting up IPSec connections?
What prevents this is two problems: lack of tested crypto engine and the
proliferation of crypto into many packages. In order to deploy Fedora into
some environments like government or financial settings, you have to have a
crypto engine that passes FIPS 140-2. This certification ensures that the
crypto is correct for the algorithms tested.
The other problem is that there are dozens of packages that implement their
own version of crypto functions. If they make a mistake in one, the others
need to be checked to see if they copied the same bug. Because they are all
implemented separately, no sharing of keys, algorithm selection, or other
configuration data is possible.
The current state of certified crypto is that OpenSSL has passed a level 1
certification on a version that Red Hat has never shipped and therefore
unusable. Then there is NSS which is certified regularly at level 2. A level
1 crypto cert means that its good for use in Single User Mode, while level 2
means its good for multi-user mode. I'm not aware of any other FIPS
certifications of crypto contained within Fedora. So its down to these two.
So, if we want to make crypto easier to manage and enable Fedora's use in
these environments, that leaves us with a choice to make. We looked at
OpenSSL which has been supported well in the community, but it seems to have
a flaw that makes it unsuitable. For some applications like openssh, it draws
the crypto boundary inside the application. Openssh has to handle raw crypto
keys. This means that not only does OpenSSL need FIPS certification, but
openssh does, too.
If the crypto boundary was completely contained within the library and the
library has been FIPS 140-2 certified, many applications will gain the cert
just by linking to it. Its that simple. The only requirement is to follow the
system security policy. Nss only allows applications to have a handle to a
crypto session and the keys are not accessible to the application.
What we'd like to do in order to enable certified crypto is to update some
applications so that they can link against either OpenSSL or NSS. For Fedora,
we would then set the configure option to use NSS. We only want to do 2-3
packages for Fedora 8 and then some more in Fedora 9. We've already converted
some apps, like pam_pkcs11. Apache has mod_nss. We've built some tools to
help with enabling NSS by using an an abstraction library that presents some
of OpenSSL's API for easy conversion, while allowing other upstream users to
continue to use other libraries. Now we want to expand the effort and bring
other packages on-board.
Linux has a plethora of applications which use encryption technologies. Most
of these applications use encryption as a minor part the the application's
main functionality, just as it uses name service, file system services, etc.
Getting these applications on single toolkit will allow new encryption
technologies (like pkix, new crypto algorithms, etc.) to be added without
adding a burden on each of the many applications that use crypto.
We're looking for people interested in enabling NSS in their packages and
feeding the changes upstream.
For those unfamiliar with NSS, its the Secure Sockets library in FireFox.
There are already several applications using it such as Thunderbird and
evolution. More information about it can be found here:
http://www.mozilla.org/projects/security/pki/nss/
For more information about this Fedora Project, please see:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Some developer resources:
http://fedoraproject.org/wiki/nss_compat_ossl
And a comparison of crypto libraries:
http://fedoraproject.org/wiki/CryptoConsolidationEval
-Steve Grubb
16 years, 7 months
Compilation problem with rawhide
by Eric Tanguy
When i try to compile a lib in rawhide i obtain this error in configure
section whereas there is no problem in F-7 :
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld) supports shared
libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... cat: ld.so.conf.d/*.conf: No
such file or directory
GNU/Linux ld.so
Someone could help me to solve this ?
Thanks
Eric
16 years, 7 months
icewm devel cvs - sources file
by Oliver Falk
Can please someone kick the sources file from icewm...
[oliver@gosa icewm]$ file sources
sources: gzip compressed data, from Unix, last modified: Tue Aug 7
07:12:36 2007, max compression
[oliver@gosa icewm]$ gunzip -c sources | tar tfv -|tail
-rw-rw-r-- mark/mark 1004 2007-08-07 07:12 icewm-1.2.32/lib/winoptions
-rw-rw-r-- mark/mark 1241 2007-08-07 07:12
icewm-1.2.32/README.wm-session
-rw-rw-r-- mark/mark 268 2007-08-07 07:12 icewm-1.2.32/sysdep.os2
-rw-r--r-- mark/mark 4281 2007-08-07 07:12 icewm-1.2.32/Makefile.in
-rwxrwxr-x mark/mark 5603 2007-08-07 07:12 icewm-1.2.32/install-sh
-rw-rw-r-- mark/mark 3424 2007-08-07 07:12 icewm-1.2.32/icewm.spec
-rw-rw-r-- mark/mark 577 2007-08-07 07:12 icewm-1.2.32/icewm.lsm
-rw-rw-r-- mark/mark 607 2007-08-07 07:12 icewm-1.2.32/aclocal.m4
-rwxrwxr-x mark/mark 416280 2007-08-07 07:12 icewm-1.2.32/configure
-rw-rw-r-- mark/mark 4509 2007-08-07 07:12 icewm-1.2.32/Makefile
Maybe I can do that myself, but if so, I would like to get permission to
do so first!
Thx,
Oliver
16 years, 7 months
Fwd: Fedora Infinity Update
by Mark
---------- Forwarded message ----------
From: Nicu Buculei <nicu_fedora(a)nicubunu.ro>
Date: 31 aug. 2007 15:48
Subject: Re: Fedora Infinity Update
To: "Discussions about the artwork included with Fedora, including
icons, themes, and wallpapers." <fedora-art-list(a)redhat.com>
Mark wrote:
>
> Well i'm not counting on it to leave for F9..
> And i looked over the c coding of splash.c and it can't be hard to
> patch it to use a image instead.. but a harder thing might be that the
> background needs to fit the screen so you need to check and see if the
> screen is widescreen or not and if it is place the background on that
> belongs with it.
OK, then is out from Art hands and have to be asked on either desktop or
devel it such a patch would be accepted. If the patch is accepted, we
already have the background PNG.
--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com
Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/
Open Clip Art Library: http://www.openclipart.org
my Fedora stuff: http://fedora.nicubunu.ro
_______________________________________________
Fedora-art-list mailing list
Fedora-art-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-art-list
16 years, 7 months