= Proposed Self Contained Change: Replace Bacula with Bareos =
Change Owner(s): Simone Caronni <negativo17 at gmail.com>
The powerful Bacula network backup solution has switched from being Open
Source friendly to being almost closed source. Originally the project was
conceived totally as Open Source, but since the creation of Bacula Systems and
its proprietary Bacula Enterprise Edition product, the Open Source (now called
"Community Edition") has received less and less updates and is mostly
== Detailed description ==
The most important points that are left "abandoned" are the following:
* Installation scripts and updates to makefiles are not updated anymore.
* New plugins and functionalities are not added anymore, except those in the
* Gaphical (and buggy) console has not received any update in almost two
* Patches and bugs opened in the bug tracker are mostly left abandoned. Even
trivial fixes are not imported in the source.
* Windows binaries are no longer provided, nor the source for the clients has
been updated. Even if compiled with difficulties, there is no support for recent
A former Bacula developer, frustrated by the situation created the fork Bareos
a long time ago from Bacula 5.2.x (the current Fedora and RHEL 7 version).
This version has now received '''a lot of bugfixes''' compared to the original
Bacula source. This makes compilation and installation a lot easier than it
was with Bacula.
On top of this, a '''lot of new features''' have been added; some unique to
Bareos but many available only in the closed source Bacula Enterprise.
Here is the list of new features compared to the current Bacula 5.2.13:
Some highlights include NDMP support for enterprise class storage (NetApp,
etc.), support for enterprise class tape libraries and Windows support
(including Windows Server 2012) with Bareos generated binaries.
For further details on why a Bacula fork was created please look at the
Bareos can also be '''fully compatible with Bacula''' by setting a specific
configuration directive in the Daemon configuration files; thus providing the
option for RHEL 6/7 users to interoperate with Fedora systems.
== Scope ==
To accomplish the goal, the following Bacula packages need to be replaced with
Currently, the same Fedora packages can be rebuilt as they are, to work also
on CentOS/RHEL 5 and 6, upgrading the EPEL or official Bacula packages in the
distributions. This is to have a consistent backup infrastructure across all
the Fedora/CentOS/RHEL ecosystem.
To ease installation, a repository for installing those packages on a
CentOS/RHEL system do exist:
The idea is the same for Bareos: import into Fedora 21 packages that can be
rebuilt for all supported Fedora/RHEL/CentOS releases and provide a repository
that can upgrade any Bacula release currently installed in the system with the
new one. In detail; the upgrade scenarios supported when going from Bacula to
Bareos would be:
From Bacula 2.4:
* RHEL/CentOS 5 with EPEL repository
From Bacula 5.0:
* RHEL/CentOS 6
From Bacula 5.2.13:
* Fedora 18+
* RHEL/CentOS 5
* RHEL/CentOS 6
As written before, the change is impacting only Fedora 21, the list of
upgrades supported are only for users who want a consistent backup solution
across the enterprise.
=== External activities ===
Proposal owners: I'm the current Bacula mantainer in Fedora and will complete
the transition in time for the release.
Other developers: N/A (not a System Wide Change)
Release engineering: the release engineering team should make sure the new
Bareos packages are in place instead of the current Bacula packages for the
Policies and guidelines: N/A (not a System Wide Change)
devel-announce mailing list
So a friend of mine has been wrangling with suexec trying to configure it
for his needs, and he has become quite furious over the fact that suexec
Then he finds out that Debian actually has a version of suexec that lets
you use a conf file to configure suexec. My question is, why the heck isn't
this in Fedora? How is it that Debian can offer both versions, but
I'm honestly surprised that Fedora doesn't offer this little piece of
flexibility. I would think that this would be in Fedora and RHEL, because
of how useful this would be. So what's going on here?
真実はいつも一つ！/ Always, there's only one truth!
apitrace 5.0 bundles libbacktrace, which looks like is living within the
gcc sources. libbacktrace is not build as a shared library from the gcc
sources, and not packaged.
Is it feasible to build libbacktrace as a shared library and ship it in
a corresponding package? Or should I rather go for a bundling exception
In Fedora 21 we show any valid application in the software center with
an application icon of 32x32 or larger. Currently a 32x32 icon has to
be padded with 16 pixels of whitespace on all 4 edges, and *also* has
to be scaled x2 to match other UI elements on HiDPI screens. This
looks fuzzy, out of alignment and lowers the quality of an otherwise
beautiful installing experience.
For Fedora 22 we are planning to increase the minimum icon size to
48x48, with recommended installed sizes of 24x24, 48x48, 64x64,
256x256 (or SVG). Modern desktop applications typically ship multiple
sizes of icons in known locations, and it's very much the minority of
packages in Fedora that only ship such small icons.
I'm asking package maintainers linked below to install a larger icon
than 32x32 in the package. Most of the time this will involve just
installing a different icon from the tarball, but could also mean
contacting upstream and asking them for larger icons and a new tarball
release. If you're asking upstream, please ask for a 256x256 or 64x64
icon, as the latter will probably be the minimum size for F23 and
Updated packages should be built for F22 (rawhide) before the end of
October; after that I'll start mass-filing bugs for the remainder of
the packages. If you want to fix up F20 and F21 too that would be
great, but not expected. At the end of November I'll change the
minimum icon size in the AppStream generator so that applications not
fixed will be dropped from the metadata. You can of course install the
applications in F22 with dnf on the command line, but they won't be
visible in the software center until they are installed.
If you're unclear on what needs to be done in order to be listed in
the AppStream metadata, refer to this
send me email.
I've included a list of packages and the maintainers below. You can
either reply to this email when you've fixed a package, or not; I'll
regenerate the list of affected packages again in a month, and then
again before I mass file bugs. Thanks.
awjb dosbox (dosbox.desktop)
beuc freedink-engine (freedink.desktop)
bsjones guitarix (guitarix.desktop)
bsjones jkmeter (jkmeter.desktop)
bsjones whysynth-dssi (whysynth.desktop)
chitlesh covered (covered.desktop)
cicku wxGlade (wxglade.desktop)
dbrasher dsi (dsi.desktop)
dtimms qjackctl (qjackctl.desktop)
dwrobel crrcsim (CRRCsim.desktop)
eponyme monkeystudio (monkeystudio.desktop)
fcomida luminance-hdr (luminance-hdr.desktop)
gbailey keepassx (keepassx.desktop)
goeran mj (mj.desktop)
??? haxima (haxima.desktop)
hman-it themonospot-gui-gtk (themonospot-gtk.desktop)
hpejakle kflickr (kflickr.desktop)
hubbitus escape (escape.desktop)
jcapik sudoku-savant (sudoku-savant.desktop)
jcapik tong (tong.desktop)
jreznik kmousetool (kmousetool.desktop)
jskarvad linpsk (linpsk.desktop)
jskarvad putty (putty.desktop)
jskarvad pyobd (pyobd.desktop)
jwrdegoede asc (asc.desktop)
jwrdegoede BlockOutII (BlockOutII.desktop)
krege kaudiocreator (kaudiocreator.desktop)
kumarpraveen qroneko (qroneko.desktop)
limb asylum (asylum.desktop)
limb bastet (bastet.desktop)
limb curblaster (curblaster.desktop)
limb neverball-neverball (neverball.desktop)
limb neverball-neverputt (neverputt.desktop)
limb pingus (pingus.desktop)
limb vdrift (vdrift.desktop)
lkundrak insight (insight.desktop)
lkundrak opticalraytracer (opticalraytracer.desktop)
lucilanga tucnak2 (tucnak2.desktop)
marcindulak python-ase (ase-gui.desktop)
mariobl hex-a-hop (hex-a-hop.desktop)
mathstuf uzbl-defaults (uzbl.desktop)
mhlavink apcupsd-gui (gapcmon.desktop)
mjakubicek weka (weka.desktop)
musuruan hatari-ui (hatariui.desktop)
nando qsynth (qsynth.desktop)
nbecker kdiff3 (kdiff3.desktop)
nonamedotc fityk (fityk.desktop)
nphilipp gpsdrive (gpsdrive.desktop)
nphilipp gtick (gtick.desktop)
orion cmake-gui (CMake.desktop)
pcpa sagemath (sagemath.desktop)
??? qjackmmc (qjackmmc.desktop)
rdieter maxima-gui (xmaxima.desktop)
remi gmusicbrowser (gmusicbrowser.desktop)
scop portecle (portecle.desktop)
sparks cqrlog (cqrlog.desktop)
spot fbg2 (fbg2.desktop)
stransky berusky2 (berusky2.desktop)
terjeros mathomatic (mathomatic.desktop)
terjeros sqliteman (sqliteman.desktop)
terjeros teamgit (teamgit.desktop)
thias fillets-ng (fillets.desktop)
tieugene qxkb (qxkb.desktop)
tieugene screengrab (screengrab.desktop)
topdog ike (ike.desktop)
vascom kbackup (kbackup.desktop)
verdurin arpage (arpage.desktop)
verdurin yoshimi (yoshimi.desktop)
this is a heads-up for an update to the ca-certificates package that
I've just submitted for updates-testing for Fedora 19 and 20.
The upstream Mozilla CA list maintainers have decided to start removing
CA certificates that use a weak 1024-bit key. Although those
certificates are still valid, Mozilla has worked with the CAs, and they
did agree that it's OK to remove them.
However, there are end-entity and intermediate-CA certificates which
have been issued by the removed CAs, which are still valid, and they
might still be used by some - despite the CAs having attempted to reach
out to all their customers and getting them to reconfigure their
This means, when installing the updated ca-certificates package version
2014.2.1, some SSL/TLS connections might suddenly fail, because the
related CA certificate is no longer trusted.
If you experience such situations, the right approach is to contact the
owner of the certificate (or the server), and ask them to get a
replacement certificate, or to install a replacement certificate on
their SSL/TLS server.
Additional details can be found in the update description, which I'll
paste at the end of this message.
(I have disabled karma-automation for this update, in case there's a
need for a longer testing period. Note that this updated set of CA
certificates is currently planned to be part of Firefox 32, which will
get released around SEP 02.)
This is an update to the latest released set of CA certificates
according to the Mozilla CA Policy. It's the same set that has been
released in NSS versions 3.16.4 and 3.17.
It's noteworthy that several CA certificates with a weak key size of
1024-bits have been removed, prior to their expiration. (It is expected
that additional CA certificates with weak 1024-bit keys will be removed
in future releases.)
The removed CA certificates have been used to issue end-entity and
intermediate-CA certificates which are still valid. Those certificates
are likely to be rejected when using this upated ca-certificates
package. The owners of affected certificates should contact their CA and
ask for replacement certificates. In some scenarios it might be
sufficient to install an alternative intermediate CA certificate (e.g.
on a TLS server), allowing an alternative trust chain to another root CA
certificate to be found.
More information about the affected CA certificates and other recent
modifications can be found in the NSS release notes for version 3.16.3
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_... with amendments to the changes as explained in the NSS release notes for version 3.16.4 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_...
-----BEGIN PGP SIGNED MESSAGE-----
== The Problem ==
It is very common for users to have systems with encrypted root
partitions (or even just /var and /etc). This may be due to a personal
concern for their data or a corporate policy mandating full-disk
encryption. Disk encryption requires a password (or other more
complicated credentials) be be presented just after the kernel is
booted and before the drives can be mounted and their data read.
With the current implementation of the offline updates in Fedora, this
leads to a very unpleasant user experience when updating. We offer two
ways to perform offline updates in the default user environment of
Fedora Workstation: "Install updates and reboot" or "Install updates
and shut down".
With "Install updates and reboot", the behavior is as follows:
1) The system shuts down and initiates an ACPI reboot.
2) The system presents the kernel boot menu and then starts the
3) The system presents the user with a password prompt for the disk
encryption (possibly more than one, if the system is configured with
different passwords for different partitions).
4) The offline updates occur.
5) The system shuts down and initiates an ACPI reboot.
6) The system presents the kernel boot menu and then starts the
standard (possibly updated) kernel.
7) The system presents the user with a password prompt for the disk
encryption (possibly more than one, if the system is configured with
different passwords for different partitions).
8) The system completes booting.
During this experience, the user has been required to enter their disk
encryption password *twice*. The same is true for the "Install and
shut down" case, except that the two passwords are separated by some
actual wallclock time.
== Proposed Improvements ==
We could significantly improve this situation by allowing the system
to drop directly from the interactive system into the updater
environment without doing a full reboot or relaunching the kernel.
Lennart, would it be possible to set up a special systemd target for
performing updates that would essentially stop all processes except
for systemd and then apply the updates?
In an ideal world, it would then also be possible after update is
completed to restore operation to the standard boot targets of systemd
so that the system comes back up without having to perform a total
reboot. The exceptional case would of course be that in which either
the kernel, libc or systemd needed to be updated, in which case a
reboot could be performed.
In this scenario, we can reduce the number of encrypted disk
challenges to at most a single one, and that only if absolutely
minimal plumbing packages saw an update.
I'd very much like to hear from the plumbers on this matter.
 I'm told that this might not be necessary; that systemd can
re-exec itself to pick up its own updates. That would reduce the scope
presumably to "only the kernel" forcing reboots.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
first $SUBJ is available at:
It's just a src.spm and plugin support it not finished (don't browse
youtube ;-)) but may work as a preview.
I'll provide Fedora builds and repo later.