alsa-ucm contains routing information to setup sound codecs
on some machines, usually SoC-based. It contains configuration
that's mostly relevant to ARM devices, but also a few Atom (CherryTrail and
Broadwell) related SoCs on Intel.
Could we install alsa-ucm by default? As it is necessary for PulseAudio to
be able to use those devices, should we get it dragged in as a PA
We have recently started updating all Fedoras to the latest stable
release of WebKitGTK+ in order to provide effective security support.
I'm pleased that so far we have had no bug reports related to these
Recently, FESCo wisely adopted a policy to ban stable release updates
that break API or ABI, and while I believe we currently comply, we
might be skirting the line a bit. We intend to offer a API and ABI
compatibility indefinitely, most likely until GTK+ 4 is released,
whenever that may be, but with two caveats.
First, the stable DOM bindings API/ABI will not change, but may cease
to function properly if something is removed from the DOM spec. In the
worst case, application crashes are possible, e.g. if an application is
not expecting a function to return NULL. To avoid friction with other
WebKit contributors, we cannot provide compatibility here. To my
knowledge, no real world application has ever been affected by such an
issue, and the odds of real world breakage here are much lower than
with a typical bugfix update, so I don't see the need to worry about
this -- it's just something to be aware of. If your open source
application is ever unlucky enough to be affected by such an issue, we
will help fix it.
WebKitGTK+ also offers a larger, unstable DOM API accessible if
WEBKIT_DOM_USE_UNSTABLE_API is defined. Here API/ABI compatibility is
restricted to micro 2.x.y version updates; the API/ABI *will* break in
a minor version update (2.x), and these updates will occur within the
lifetime of a particular stable Fedora release. The only practical way
to avoid API changes here is to not update WebKit and live with unfixed
remote code execution vulnerabilities. Backports are not practical.
Currently known users of this API are Epiphany and Yelp; since only two
applications are affected, I don't consider this a practical problem.
If your Fedora package needs to use this API, contact me privately so
that we can know to take responsibility for rebuilding your application
when needed and avoid broken updates. Third-party applications are
strongly encouraged to avoid using this API.
intelligentmirror-0.5-1.noarch.rpm installs with a couple of issues:
1. It's missing apache configuration line with "Require all granted"
2. SELinux is blocking it by default so I suppose it needs a policy file?
I know that intelligentmirror is not in fedora repositories and thus not officially supported, but it is a shame that doesn't work out of the box because in my opinion is a very useful piece of software. If anyone would care to take a look at it that would be awesome.
Over the course of this week, I've been involved in the first Snap
sprint focused on making the Snap system broadly useful and workable
across a wide variety of Linux distributions. While I obviously did
not represent Fedora in any official capacity (and I'm not even really
sure it's possible for a person to represent such a diverse community
such as ours), I ensured that Fedora was part of the conversation when
it came to evolving the Snap system.
There are some interesting highlights from the event that I think are
quite relevant to Fedora:
* Snaps are intended to evolve beyond Ubuntu. While snaps have their
origins in Click for Ubuntu Touch user apps, the Snap system is
clearly designed to support a broader array of capabilities and
systems. Snaps can be used to handle OS components, services, CLI
tools, desktop applications, build environments, web services, and so
* Runtimes are supported in snaps. While technically there's no
specific "type" of snap, it's possible to build a snap that contains
common libraries and services that can be connected to other snaps.
This is done through the "plugs" and "slots" that can be used to
create interfaces among them. This is a true superset of the
capability provided by Flatpak through Portals, since it can be used
to export non-DBus oriented communications mechanisms. This is
described on the Snapcraft documentation.
* SELinux-based confinement is a _very_ high priority. As most know,
snapd currently only works on systems using AppArmor and seccomp, and
only those using AppArmor patches developed by Ubuntu that are in the
process of being upstreamed. For SELinux support, we aren't exactly
sure how this will be pulled off. I proposed something along the lines
of how confinement works for Docker containers and virtual machines
(sVirt), but I'm not sure if that's the right approach for enabling
proper confinement while allowing the sandboxes to support the
interconnection capabilities of snaps. The way that the Snap system
enforces confinement using AppArmor and seccomp is by generating a
profile for the snap on the fly that defines what it can and cannot do
and access for the mounted snap filesystem (from the squashfs image).
This policy is applied, locking down the snap's environment. I'm
curious to hear from others on how the approach should be for
providing confinement using SELinux.
* Detection and auto-configuration of confinement is coming.
Snap-confine currently relies on build time configuration to figure
out whether it should support confinement. However, this will change.
Snap-confine will be merged into snapd and snapd will be set up to
query and set up whatever confinement is possible, given the
information returned from the kernel and systemd about what
confinement mechanisms are supported.
* The snap format is simple and lends itself to being able to be
generated by many kinds of tools. While the current main tool used to
make snaps is Snapcraft, there's no reason someone couldn't build a
"snapbuild" (like rpmbuild, debbuild, and pkgbuild) that could
theoretically use RPM spec format (or a derivative of it) to build
* Snapcraft is currently Ubuntu specific, but will be reworked to
remove that. Snapcraft and the snapcraft.yaml format will change to
enable easily and reproducibly building snaps using Debian and RPM
based distro bases in addition to Ubuntu. The goal is to make it
possible for a distribution like Fedora to be able to easily add
support for building snaps and snap parts from Fedora infrastructure
using Fedora packages/software, along the lines of what we do now for
Docker images, so that people can use them in their own snaps or
* The VideoLAN project now officially offers a VLC snap, and the
Elementary OS folks are working on snaps for their Pantheon Desktop
applications and tying it to an Elementary GTK runtime snap.
Similarly, the KDE Neon folks are developing a KDE Frameworks 5
runtime snap and building application snaps to use them.
* Using snapd with alternative stores is possible. In fact, the tests
done on snapd builds rely on a "fake store" set up locally to be able
to test all the functionality. The store API is fully documented
and there's even a simple implementation of it.
* Support for snaps to offer AppStream metadata is coming. The Snappy
development team is highly interested in implementing support for
AppStream so that it's easier for software centers and other tools to
be able to discover and interact with snaps through snapd. Snapd
support for AppStream XML through its API for software centers is
planned as well.
* Fedora packaging of the snap system is under active development.
Zygmunt Krynicki (zyga) is extremely enthused to get the system in
Fedora fully functional, and I'm mentoring him on various aspects of
Fedora packaging, including maintenance and policies.
* Snap development is rather fast, with releases expected to occur
every two weeks. There's no intention to break the API between snapd
and the rest of the system, so interaction points should be fine. The
pace is well-suited for being able to push updates to Fedora in a
timely fashion so that users can get the best experience possible for
using applications and services under the system.
I know that the Workstation WG is very much behind Flatpak right now,
but I see no reason that we cannot offer both. In fact, it is in the
best interests of our users to fully enable both systems to the best
extent we can, so that they have the freedom to develop and use
applications as they see fit.
So, what does everyone think of Snappy, given this new information?
Constructive feedback is highly valuable and very welcome, especially
at this early stage!
真実はいつも一つ！/ Always, there's only one truth!
To implement some Fedora 25 changes (split NSS (Name Service Switch)
subpackages, libcrypt without NSS (Mozilla Network Security Services)
library depdencies), I added additional subpackages to the glibc
The expectation is that libgcrypt-nss is installed by default, and
system administrators may opt to install libcrypt (with the internal
algorithm implementations instead). libcrypt and libcrypt-nss both
provide the soname-based RPM dependencies required by applications which
need password hashing.
In contrast, nss_db, nss_hesiod, nss_nis are expected to be installed by
system administrators who need the specific functionality. They are not
installed by default. (nss_files and nss_dns remain part of the main
glibc package because their use is pretty much required by all
The background for these changes is twofold: We want to reduce minimal
image size (also the gains a very small), and we want to pave the road
towards alternative implementations (based on OpenSSL for libcrypt, and
based on libtirpc for nss_nis).
on Friday, August 5, I will rebuild the sendmail package for rawhide,
because of a rename of sendmail-devel to sendmail-milter-devel. This is
due to . Please change BuildRequires and Requires of your packages
List of know affected packages:
Greetings, we've been told that the email addresses
for this package maintainer is no longer valid. I'm starting the
unresponsive maintainer policy to find out if they are still interested
in maintaining their packages (and if so, have them update their email
addresses in FAS). If they're not interested in maintaining or we
can't locate them I'll have FESCo orphan the packages so that others
can take them over.
If you have a way to contact this maintainer, please let them
know that we'd appreciate knowing what to do with their packages.
User mnagy - former email mgagy(a)redhat.com
Point of contact:
rpms/itzam-core -- Library for creating and manipulating keyed-access database files ( master f25 f24 f23 el6 el5 )
rpms/messiggy -- Messiggy is a database of celestial objects ( master f25 f24 f23 el6 el5 )
rpms/vsftpd -- Very Secure Ftp Daemon ( master f25 f24 f23 )