= Proposed System Wide Change: Annobin =
* Nick Clifton <nickc AT redhat DOT com>
This change causes extra information to be stored in binary files
compiled by gcc. This information can be used by scripts to check on
various features of the file, such as the hardening options used of
potential ABI conflicts.
== Detailed Description ==
The plan is to use a plugin to gcc to record extra information in the
object files it creates. This information can then be examined by
static analysis tools. The information is recorded in a compact,
extensible format, described here:
The Fedora annobin package is an implementation of the plugin for gcc.
It also includes some example scripts that demonstrate how the
recorded information can be used to, for example, check that an
executable has been compiled with the correct hardening options, or
detect if any conflicting ABI options have been used when compiling
various parts of the executable.
To enable this change it is proposed that the redhat-rpm-config
package should be extended to add the "-fplugin=annobin" option to the
__global_compiler-flags macro. In theory such a change will be
completely invisible to Fedora users but should prove to be very
helpful to Fedora Release Management, assuming that they like the idea
of these annotated binaries.
== Scope ==
* Proposal owners:
Make sure the annobin plugin is ready.
* Other developers:
An update is needed to the redhat-rpm-config package in order for the
plugin to be invoked when gcc is used to compile programs, and to add
a dependency upon the annobin package.
* Release engineering: https://pagure.io/releng/issue/7069
- Coordination with release engineering is needed.
- A mass rebuild will be required.
* List of deliverables:
All delivered images are affected, however there no changes to the list it self.
* Policies and guidelines:
No updates needed
* Trademark approval:
N/A (not needed for this Change)
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
I like to have everything on my system in a package. So, I looked around and
found no recipe or rpm for Rstudio. This is really a shame because every
tutorial on R kinda tells you to install it. Even the Coursera classes in the
Data Science track make you install it and send a screenshot to prove it.
So, I spent some time getting it packaged and working. I am placing the spec
file and necessary patch here so that google finds it and saves other people the
trouble. I'm not wanting to submit the package to Fedora because its more work
than I have time for. If anyone else wants to take it from here and submit
and/or maintain it, feel free.
Since its retirement from Fedora, SciDAVis has undergone
significant development and I think it is ready to be re-included in
our package collection. After a few months of private builds that I
distributed among co-workers and friends, I set up a copr and I've
been keeping up with the upstream project.
SciDAVis comes with a bundled copy of liborigin, which the upstream
developers helped me unbundle. Its version has been bumped to 3.0.0
internally, although there hasn't been a 3.0.0 release yet. In Fedora
we carry liborigin2 (code from the latest public release) and
liborigin (snapshot from 2008) which both help import different
versions of Origin project files. The new release will render them
SciDAVis and liborigin share a number of contributors, but at the
moment their codebases have diverged; upstream liborigin trunk has
been adjusted to work with development versions of LabPlot 2.x, while
the copy bundled with SciDAVis is closer to that of a future
liborigin-3.0.0 release, but they are not interchangeable. I asked the
developers to clarify their plans and I was told that the two
versions will merge back, though some API changes might come in the
I have checked if there are any packages at the moment that require
liborigin* or liborigin*-devel and I have found none (though I'd be
grateful if someone who feels more at ease with dnf could
double-check). If not for this divergence, I would submit scidavis and
liborigin3 for review as separate packages, with Provides & Obsoletes
for the previous liborigin* and liborigin*-devel versions and be done
with it. However I would have to use the unbundled copy from SciDAVis
as source for liborigin3. Should I proceed with that anyway or should
I keep it bundled until such time as the two codebases have merged?
I need/want/would like to build new node 6 for EL6, but gcc is too old.
For that reason, I'd like to use devtoolset-4-gcc, but the build fails
(obviously) because the package doesn't exist.
So, is there a way to make that work somehow?
I am not sure about enabling external repos during build, maybe someone
will be wiser.
Here's the build:
apitrace 5.0 bundles libbacktrace, which looks like is living within the
gcc sources. libbacktrace is not build as a shared library from the gcc
sources, and not packaged.
Is it feasible to build libbacktrace as a shared library and ship it in
a corresponding package? Or should I rather go for a bundling exception
This is a reminder that the webkitgtk and webkitgtk3 packages will be
retired from rawhide shortly after F26 is branched from rawhide. This
is due to numerous security issues affecting those packages (I just
counted 204 CVEs), many of which could allow remote code execution.
Bugs have already been filed against all directly-affected packages
Note: to count the vulnerabilities, I just manually added up the CVEs
listed at , ignoring the oldest advisory WSA-2015-0001, and
discounting five of the older vulnerabilities in WSA-2015-0002.
My next project for Red Hat is to work on improving Linux laptop battery life.
Part of the (hopefully) low hanging fruit here is using kernel tunables to
enable more runtime powermanagement. My first target here is SATA Link Power
Management (LPM) which, as Matthew Garrett blogged about 2 years ago:
can lead to a significant improvement in battery life.
There is only one small problem, there have been some reports that some
disks/SSDs don't play well with Linux' min_power LPM policy and that this
may lead to system crashes and even data corruption.
As such I've written a new LPM policy, which matches the power-management
defaults from the Intel RST Windows drivers. Since it mimicks Windows,
this new policy will hopefully not hit any SSD firmware bugs like min_power
So now I'm looking for people with a laptop with a SATA SSD or HDD to help
me test this to make sure this won't cause any issues when we enable this
by default for F28, for more details and test instructions see:
= System Wide Change: NSS Default File Format SQL =
* Kai Engert <kaie(a)redhat.com>
Change the NSS library default to use the sqlite based data storage,
when applications don't specify their preferred storage file format.
== Detailed Description ==
Applications that use the NSS library often use a database for storage
of keys, certificates and trust. NSS supports two different file
formats, one called DBM (based on berkeley DB files) and another one
called SQL (based on sqlite DB files).
Today's default file format used by NSS, used when applications omit
the type parameter, is the older DBM file format, which forbids
parallel access to the storage. The suggestion is to change the
default file format to SQL, which allows parallel access to the
Applications, or users using the NSS command line utilities, often
provide the database storage location using a simple directory path
parameter. Some might not be aware, or forget, that the parameter can
be prefixed with a type modifier, either "dbm:" or "sql:".
As a result, when not providing this parameter, the file format used
will be the fragile DBM file format. This is particuarly problematic,
if a user attempts to modify the NSS storage using command line tools,
while another process, such as a daemon, is running concurrently,
which also accesses the same database in the DBM file format. This
often results in corrupted database storage, which cannot be
By changing the default, all applications that currently use the DBM
file format, will automatically be migrated to the SQL file format.
NSS has the ability to discover if a storage location (a directory)
contains the DBM file format. If configured to use the modern SQL
format, NSS will automatically perform a one-time conversion from the
DBM to the SQL format.
The same applies to the NSS command line utilities. If the NSS library
default is changed to SQL, the NSS tools will also trigger the
one-time conversion, or access the already converted files.
== Scope ==
* Proposal owners:
A small downstream patch needs to be applied to the NSS library
package, which changes the library default.
* Other developers:
It's up to developers of NSS applications, if they accept the new
default and an automatic conversion, or if they prefer to continue to
use the classic DBM storage format. Although not recommended,
developers can easily do so, by adding a "dbm:" prefix to the storage
parameter they provide to NSS at NSS library initialization time.
* Release engineering: 
No help should be necessary. No mass rebuild necessary.
* Policies and guidelines: N/A
* Trademark approval: N/A
I am gathering informations about various use of CI with Copr. Do you use Copr for building packages for nightlies? For
building packages before pull request is merged? Do you have your set up described somewhere? What is the name of your
Please let me know. Either here or via private reply.
It will help me to understand your use of Copr and to make Copr better.
Thanks in advance.