Some time back there was discussion of being able to rollback yum updates via
btrfs snapshotting. As I recall, it turned out that the default btrfs install
was not setup correctly to make this feasible (I had briefly tested it on my
machine). I haven't heard anything since - this seems like a great idea.
-- Those who don't understand recursion are doomed to repeat it
Over the past week, we've been dealing with a kernel bug that
prevents i686 machines from booting. Help was requested and given,
and it has been excellent and most welcome. This email has no
reflection on that, and is instead focused on the reality of where
i686 stands today.
In February we sent out an email highlighting that the kernel team
was not going to treat i686 bugs as a priority. Since that time, we
have held true to our word and have not focused on fixing i686 bugs at
all. It seems that the wider community is also treating i686
similarly. The kernel bug that was made automatic blocker because of
existing criteria was present in Fedora since the 4.1-rc6 kernel,
which was released May 31. It has been in every boot.iso created
since that date. Not a single person reported this issue until last
week. That is a timespan of two months.
The kernel team has autotesting for i686 kernels, but the environment
there does not utilize boot.iso so it did not detect this. The QA
team has automated testing for some of this, but nothing for the i686
architecture at all. It is not a priority there either.
Perhaps it is time that we evaluate where i686 stands in Fedora more
closely. For a starting suggestion, I would recommend that we do not
treat it as a release blocking architecture. This is not the same as
demotion to secondary architecture status. That has broader
implications in both buildsys and ecosystem. My suggestion is
narrowly focused so that builds still proceed as today, but if there
is something broken for i686 it does not block the release of whatever
milestone we are pursuing.
(To be clear, I would support a move to secondary arch status for
i686, but I am not suggesting it at this time.)
Making i686 non-release blocking would actually match reality. None
of the Fedora Editions appear at all concerned with i686. Cloud is
demoting i686 from its offering. Workstation has been fairly
ambivalent about it and recommends x86_64. Server does the same.
Given the lack of focus on it, and the fact that the broader community
is not testing the development releases for i686, I believe this would
be a good first step.
OCaml is a statically-safe programming language derived from ML which
compiles to very fast native code. It contains native code backends
for most architectures (all Fedora primary & secondary arches except
s/390x in fact).
Currently Fedora downstream carries two non-upstream backends:
For ppc64 (big endian), a backend was written many years ago by David
Woodhouse and was upstream for a time, but was dropped when the
PlayStation 3 stopped supporting Linux. For ppc64le (little endian /
POWER8) IBM's Michel Normand contributed a native code backend last
year. The upstream project always carried a ppc (32 bit) backend, but
we didn't use it and it's not very interesting for us.
Red Hat and IBM have provided help and loaned equipment to the
upstream project, and as a result upstream have now added ppc64 and
ppc64le backends. This work was merged at the end of August. These
backends were inspired by the Red Hat & IBM work but are not
derivatives. For details see:
So what I want to do is add the new backends [actually it's a single,
combined and extended ppc/ppc64/ppc64le backend] to Fedora Rawhide,
and drop our non-upstream backends.
I have so far cherry-picked the merge commit on top of our Fedora
OCaml tree, and I have dropped the downstream ppc64/ppc64le commits
from our tree. (This is not pushed yet so doesn't appear in the
git.fedorahosted.org link above.)
I have tested it on ppc64le to check that the compiler compiles
itself. A scratch build of the compiler with the new backend is here
(I reserve the right to make further changes, this is just a
preliminary test build):
I used this to compile some ocaml-* packages on ppc64le, with -- it
has to be said -- mixed results. There are two compiler bugs
revealed. This compiler won't be able to compile all the ocaml-*
packages on POWER. However because of the depth of dependencies, I
cannot easily do scratch builds to find out which packages will be
Hence I'd like to do a full rebuild, again, to see what breaks. This
*shouldn't affect primary architectures at all*, but will probably
leave some broken ocaml-* packages on the ppc64/ppc64le secondary
We've actually done two complete rebuilds during the F24 development
cycle already, which in a way is good because it means I know how long
it should take, and I'm confident that the scripts I use will work
So I'm pretty confident the primary arch rebuild will go fine, since
it's not affected by any of the above changes - it's basically just a
release bump. We don't even need to use a side tag for this because
the "old" and "new" packages can be mixed on x86 - they are the same.
The plan for ppc64/ppc64le would then be to fix the bugs revealed in
the rebuild with upstream help.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
I want to ask if PlayOnLinux could be packaged to Fedora. This program
has list of proprietary programs which are not downloaded but could be
installed if you give it setup.exe file.
Also it downloads Windows redistributable when user explicitly wants to
install program (which using this redist) or given redistributable.
If this is not "legal" in terms of Fedora how it's differ from
OpenSource software which are using not-OpenSource addons? Example of
this could be https://marketplace.firefox.com .
I think it's sad that this good LGPL wine prefix manager software is
not part of the Fedora and I like to change this.
Thank you for answers,
Today, I noticed that mock build root prepared by DNF is significantly
larger then prepared by YUM (see attached logs). Owners of packages
installed into minimal buildroot probably wants to review their
I also reported the issue against DNF  in case DNF guys wants to
improve this situation.
In chrony 2.2-pre1 was added support for system call filtering with
the kernel seccomp facility. In chrony it's mainly useful to reduce
the damage from attackers who can execute arbitrary code, e.g. prevent
gaining the root privileges through a kernel vulnerability.
The rawhide chrony package is now compiled with the seccomp support,
but the filtering is not enabled by default. The trouble is it has to
cover all system calls needed in all possible configurations of chrony
and all libraries it depends on, which is difficult and it may even
change over time as the libraries are updated.
I'm interested to know if this works in other configurations than what
I tried, especially non-default NSS configurations, and get an idea if
this could be enabled by default at some point.
If you would like to help with the testing:
1. echo 'OPTIONS="-F -1"' > /etc/sysconfig/chronyd
2. systemctl restart chronyd
3. occasionally check if chronyd is still running
If you see in the log that the process was killed with status=31/SYS,
it's a problem in the seccomp support. Please let me know it has
crashed for you. Unfortunately, abrt doesn't seem to catch these
crashes, even when /proc/sys/fs/suid_dumpable is set to 2.
For F22 and F23 there is a COPR repo with packages built from the
current development code: