Release criteria proposal: networking requirements
by Adam Williamson
Hi folks!
So at this week's blocker review meeting, the fact that we don't have
explicit networking requirements in the release criteria really started
to bite us. In the past we have squeezed networking-related issues in
under other criteria, but for some issues that's really difficult,
notably VPN issues. So, we agreed we should draft some explicit
networking criteria.
This turns out to be a big area and quite hard to cover (who'd've
thought!), but here is at least a first draft for us to start from. My
proposal would be to add this to the Basic criteria. I have left out
some wikitext stuff from the proposal for clarity; I'd add it back in
on actually applying the proposed changes. It's just formatting stuff,
nothing that'd change the meaning. Anyone have thoughts, complaints,
alternative approaches, supplements? Thanks!
=== Network requirements ===
Each of these requirements apply to both installer and installed system
environments. For any given installer environment, the 'default network
configuration tools' are considered to be those the installer documents
as supported ways to configure networking (e.g. for anaconda-based
environments, configuration via kernel command line options, a
kickstart, or interactively in anaconda itself are included).
==== Basic networking ====
It must be possible to establish both IPv4 and IPv6 network connections
using DHCP and static addressing. The default network configuration
tools for the console and for release-blocking desktops must work well
enough to allow typical network connection configuration operations
without major workarounds. Standard network functions such as address
resolution and connections with common protocols such as ping, HTTP and
ssh must work as expected.
Footnote titled "Supported hardware": Supported network hardware is
hardware for which the Fedora kernel includes drivers and, where
necessary, for which a firmware package is available. If support for a
commonly-used piece or type of network hardware that would usually be
present is omitted, that may constitute a violation of this criterion,
after consideration of the [[Blocker_Bug_FAQ|hardware-dependent-
issues|normal factors for hardware-dependent issues]]. Similarly,
violations of this criteria that are hardware or configuration
dependent are, as usual, subject to consideration of those factors when
determining whether they are release-blocking
==== VPN connections ====
Using the default network configuration tools for the console and for
release-blocking desktops, it must be possible to establish a working
connection to common OpenVPN, openconnect-supported and vpnc-supported
VNC servers with typical configurations.
Footnote title "Supported servers and configurations": As there are
many different VPN server applications and configurations, blocker
reviewers must use their best judgment in determining whether
violations of this criterion are likely to be encountered commonly
enough to block a release, and if so, at which milestone. As a general
principle, the more people are likely to use affected servers and the
less complicated the configuration required to hit the bug, the more
likely it is to be a blocker.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
2 years, 1 month
upgrading RH 9 system->Fedora with iso files and apt only
by Didier Casse
I have the yarrow's iso files on my HD in a RH9 system. Let's say I want
to upgrade selected packages using an "apt-get install" pointing to my
iso-mounted files, how do I do it?
i.e I mount the iso into some /mnt/yarrow1, /mnt/yarrow 2 etc..
Then what is the complete procedure to make my apt look into my own HD to
upgrade packages. Can anybody redirect me to the correct
resource or some literature hanging on the web? Thanks.
Assume also that I do not wish to burn CDs! I do not want to use
apt-cdrom. Thanks.
With kind regards,
Didier.
---
PhD student
Singapore Synchrotron Light Source (SSLS)
5 Research Link,
Singapore 117603
Email: slsbdfc at nus dot edu dot sg \or\
didierbe at sps dot nus dot edu dot sg
Website: http://ssls.nus.edu.sg
2 years, 3 months
Orphaning luit
by Peter Hutterer
I've orphaned luit. The only user of it was xterm and it recently dropped
support for luit so there are no users left. Whether there are *any* users
left is unclear too :)
The luit package we shipped is still the freedesktop.org one which has been
unmaintained for about a decade now. Upstream now points to
Thomas Dickey's fork at http://invisible-island.net/luit/ so if anyone
wants to take this, I advise switching to that version as part of the first
steps.
Cheers,
Peter
2 years, 3 months
Bodhi critpath package updates now gated on openQA results
by Adam Williamson
Hey folks!
Just wanted to flag up that, now the new Bodhi version has been
deployed to production, critpath updates are gated on openQA test
results. If any openQA test for your critpath update failed, the gating
status will be marked as 'failed' and you will not be able to push it
stable.
Waivers can be issued for failed tests where appropriate:
https://docs.fedoraproject.org/en-US/ci/gating/#_waive
But in almost all cases a failure indicates either a genuine bug or an
opportunity to improve the test, so I'd prefer to avoid use of waivers
where possible. I am trying to keep an eye on all failed tests, but if
you have a blocked update and you don't understand the failure and I
haven't yet commented on it, please do poke me and I'll take a look.
If a failure looks like some kind of transient issue, several folks
have the power to rerun tests: myself, lruzicka, kparal, tflink,
abokovoy (abbra / ab), pwhalen, and sumantrom. You can ask one of us to
do it. There have been plans in the past to implement some sort of
rerun request system in Bodhi but no-one's quite had the roundtuits to
work it out yet; sorry about that.
Thanks everyone, please be patient with any kinks while we see how this
goes :)
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net
2 years, 5 months
deltarpm usefulness?
by Marek Marczykowski-Górecki
Hi all,
I think deltarpm is not really useful anymore:
- there are very few drpm files in the repository, see for example:
https://download.fedoraproject.org/pub/fedora/linux/updates/34/Everything...
https://download.fedoraproject.org/pub/fedora/linux/updates/33/Everything...
- those that actually are there, are mostly about small packages anyway
- personally, I haven't seen it being used for a long time
- there is also argument that people's connection bandwidth nowadays
tends to be fast enough to make the package rebuilding actually
slower than downloading the whole package (but that really vary between
different installations)
- and most importantly: drpm files are - by design - processed before
checking the package signature, which exposes rather big attack
surface(*)
Can deltarpm be disabled by default? In the few cases where it's
actually useful (if there are any...), user is free to enable it, but
the default would be significantly more secure this way.
(*) it is integrity protected via a hash in the repository metadata, but
repository metadata in Fedora are still not signed - so this all heavily
depends on the integrity of the [HTTPS connection to]
mirrors.fedoraproject.org server (or any of CAs trusted by the system) -
a rather fragile single point of failure.
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
2 years, 5 months
openbabel-3.1* in Rawhide
by Antonio T. sagitter
Hi all.
openbabel-3.1.1 is ready for Rawhide branch. 'libopenbabel' soname is
updated from 5 to 7, all dependent packages will need a rebuild at least:
$ repoquery --whatrequires openbabel-devel --disablerepo=*
--enablerepo=*-source
IQmol-0:2.15.0-3.fc34.src
ghemical-0:3.0.0-16.fc34.src
molsketch-0:0.7.2-1.fc34.src
xdrawchem-0:1.10.2-4.fc34.src
I'm waiting some days (one week around) before creating a side-tag.
Ragards.
--
---
Antonio Trande
Fedora Project
mailto: sagitter(a)fedoraproject.org
GPG key: 0x29FBC85D7A51CC2F
GPG key server: https://keyserver1.pgp.com/
2 years, 5 months