Re: FC3 (and beyond) wishlist
by Chris Adams
Once upon a time, Peter Backlund <peter.backlund(a)home.se> said:
> The approach of using one file per configuration entry instead of one
> monolithic config file is IMO better in most cases, and several
> applications have adopted this fairly recently (apt, ld at least).
> I think it would be beneficial to do this in as many cases as possible.
> Candidates include:
>
> - grub
The problem with this one is that order is meaningful. How do you
decide which one comes first with a random collection of files? I
suppose you could use a system of symlinks or something (but then GRUB
can't live on a non-Unix FS), but it is getting complicated for
something that (hopefully) doesn't change much.
--
Chris Adams <cmadams(a)hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
19 years, 10 months
Re: FC3 (and beyond) wishlist
by Peter Backlund
On tis, 2004-07-20 at 12:11 -0400, Bill Nottingham wrote:
> Thomas Vander Stichele (thomas(a)apestaart.org) said:
> > Here are some examples:
[snip]
> > All the tools that rely on a single configuration file invariably end up
> > having lots of hacks applied to them from various rpm scripts (lilo.conf
> > in the past, grub.conf, apache configs, modules.conf, ...) to edit
> > existing files, hopefully remove old entries and replace them with
> > current ones, failing badly in the process. The easiest solution is for
> > these snippets to be in separate files managed by the package installing
> > them.
>
> True, but it certainly could lead to conflicts depending on how
> much it's used. For things like aliases, it really shouldn't be
> used much at all.
>
> Bill
I just noticed that char-major-195* is indeed included in modprobe.conf.
dist, but is aliased to the old module name "NVdriver" instead of the
current "nvidia". Quick modutils fix anyone, or should I file a bug
(upstream or RH)?
The approach of using one file per configuration entry instead of one
monolithic config file is IMO better in most cases, and several
applications have adopted this fairly recently (apt, ld at least).
I think it would be beneficial to do this in as many cases as possible.
Candidates include:
- modprobe (debated)
- grub
- yum
- prelink
- Others?
Basically, when you have a configuration file with several independent
"blocks", and order isn't important, it's better to split it into
several small files.
/Peter
19 years, 10 months
Re: FC3 (and beyond) wishlist
by Bill Nottingham
Thomas Vander Stichele (thomas(a)apestaart.org) said:
> Here are some examples:
>
> 1) ensure that the quickcam module is loaded with all compatibility
> options
>
> # webcam, quickcam
> options quickcam compatible=255
Then it should be the default. :)
> 3) directfb fusion driver:
> alias char-major-252 fusion
MODULE_ALIAS_CHARDEV_MAJOR(252);
in the module source code.
> 4) making sure that "modprobe lirc" loads the correct backend driver
> (the file containing these entries would/could be managed by a lirc
> configuration tool):
> alias char-major-61 lirc
>
> # get rid of serial if it's been loaded
> pre-install lirc rmmod serial 2> /dev/null; true
Well, that will generally fail as serial's built in.
> All the tools that rely on a single configuration file invariably end up
> having lots of hacks applied to them from various rpm scripts (lilo.conf
> in the past, grub.conf, apache configs, modules.conf, ...) to edit
> existing files, hopefully remove old entries and replace them with
> current ones, failing badly in the process. The easiest solution is for
> these snippets to be in separate files managed by the package installing
> them.
True, but it certainly could lead to conflicts depending on how
much it's used. For things like aliases, it really shouldn't be
used much at all.
Bill
19 years, 10 months
Re: FC3 (and beyond) wishlist
by Thomas Vander Stichele
On Mon, 2004-07-19 at 22:31, Bill Nottingham wrote:
> Peter Backlund (peter.backlund(a)home.se) said:
> > - modprobe.conf.d and prelink.conf.d, similar to ld.so.conf.d.
>
> Whatever for? (in the case of modprobe.conf.d)
I agree with the original statement. It's a lot easier to drop in
additional kernel modules if you can provide config snippets as well
that express what needs expressing to use the modules correctly.
Here are some examples:
1) ensure that the quickcam module is loaded with all compatibility
options
# webcam, quickcam
options quickcam compatible=255
2) ensure that the pwc module also loads the pwcx module
# webcam, pwc
# need -i on both since otherwise pwcx creates a dep loop to pwc
install pwc /sbin/modprobe -i pwc; /sbin/modprobe -i pwcx
3) directfb fusion driver:
alias char-major-252 fusion
4) making sure that "modprobe lirc" loads the correct backend driver
(the file containing these entries would/could be managed by a lirc
configuration tool):
alias char-major-61 lirc
# get rid of serial if it's been loaded
pre-install lirc rmmod serial 2> /dev/null; true
# load lirc_serial driver (homebrew)
alias lirc lirc_serial
All the tools that rely on a single configuration file invariably end up
having lots of hacks applied to them from various rpm scripts (lilo.conf
in the past, grub.conf, apache configs, modules.conf, ...) to edit
existing files, hopefully remove old entries and replace them with
current ones, failing badly in the process. The easiest solution is for
these snippets to be in separate files managed by the package installing
them.
It might not be a direct concern/need for Red Hat given that all modules
are inside the kernel rpm, but there is a Fedora community out there
that likes to, and will, install kernel module packages that could
benefit from a more modular (haha) approach, which is a direction that
Fedora as a project in general seems to want to head into.
Thomas
Dave/Dina : future TV today ! - http://www.davedina.org/
<-*- thomas (dot) apestaart (dot) org -*->
And marry me baby
And sleep with me baby
We'll sleep with the lights on
And we'll sleep with our clothes on
<-*- thomas (at) apestaart (dot) org -*->
URGent, best radio on the net - 24/7 ! - http://urgent.fm/
19 years, 10 months
rawhide report: 20040714 changes
by Build System
New package libtheora
Theora Video Compression Codec
New package vino
A remote desktop system for GNOME
Updated Packages:
Glide3-20010520-33
------------------
* Mon Jul 05 2004 Mike A. Harris <mharris(a)redhat.com> 20010520-33
- Moved glide-ia64 patch from position 0 to position 50 as we no longer
build Glide3 on these architectures. The patch should be reworked to apply
cleanly after all of the other patches we apply that are required for our
real builds. Currently it will just fail to apply. (#126734)
* Wed Jun 23 2004 Mike A. Harris <mharris(a)redhat.com>
- Fixed missing dependancy in Glide3
* Fri Jun 18 2004 Alan Cox <alan(a)redhat.com>
- Fixed gcc 3.4 compile breakage. It remains to see if it works. If not
I'd try turning off aliasing in gcc
Regina-2.3-1
------------
* Tue Jul 13 2004 Phil Knirsch <pknirsch(a)redhat.com> 2.3-1
- Update to Regina-2.3
SDL-1.2.7-7
-----------
* Fri Jul 09 2004 Thomas Woerner <twoerner(a)redhat.com> 1.2.7-7
- fixed resolution switching for ppc (#127254)
THE-3.1-1
---------
* Tue Jul 13 2004 Phil Knirsch <pknirsch(a)redhat.com> 3.1-1
- Update to THE-3.1
anaconda-10.0.2-0.20040713173734
--------------------------------
* Tue Jul 13 2004 Anaconda team <bugzilla(a)redhat.com>
- built new version from CVS
* Thu Jun 03 2004 Jeremy Katz <katzj(a)redhat.com>
- require system-logos and anaconda-help, obsolete anaconda-images
* Fri Apr 30 2004 Jeremy Katz <katzj(a)redhat.com>
- Update description, remove prereq on stuff that was only needed
for reconfig mode
apr-0.9.4-20
------------
* Tue Jul 13 2004 Joe Orton <jorton(a)redhat.com> 0.9.4-20
- move sticky/suid bits outside APR_OS_DEFAULT bitmask (Greg Hudson)
authd-1.3.3-1.fc3
-----------------
* Mon Jul 12 2004 Adrian Havill <havill(a)redhat.com> - 1.3.3-1
- use gnu *_unlocked stream funcs for faster I/O
* Sat Jul 10 2004 Adrian Havill <havill(a)redhat.com> - 1.3.2-1
- enforce rfc restriction limiting port search to the connected
local/foreign pair
* Thu Jul 08 2004 Adrian Havill <havill(a)redhat.com> - 1.3.1-1
- increase default connections-per-sec/max-instances for HP
- more doc cleanup
- remove unnecessary rootdir check for -N/--ident
bash-2.05b-43
-------------
* Thu Jul 08 2004 Tim Waugh <twaugh(a)redhat.com> 2.05b-43
- Fixed command substitution problem (bug #127242).
bogl-0.1.18-1
-------------
* Mon Jul 05 2004 Akira TAGOH <tagoh(a)redhat.com> 0:0.1.18-1
- New upstream release.
- bogl-0.1.18-rh.patch: updated to be able to apply it for this release.
- bogl-0.1.9-vga16-others.patch: removed. no need this patch anymore.
booty-0.40-1
------------
* Mon Jul 12 2004 Jeremy Katz <katzj(a)redhat.com> - 0.40-1
- another tweak to the timeout
cdrtools-2.01.0.a33-1
---------------------
* Tue Jul 13 2004 Harald Hoyer <harald(a)redhat.com> - 8:2.01.0.a33-1
- new version
- [cdrtools changelog]: The changes in this release are as follows:
Cdrecord now tries to check DMA speed, and prevents users from not
using burnproof if the system is too slow. A bug in mkisofs
-dvd-video was fixed. A bug in NT SPTI SCSI handling was fixed.
coreutils-5.2.1-18
------------------
* Tue Jul 13 2004 Tim Waugh <twaugh(a)redhat.com> 5.2.1-18
- Fixed field extraction in sort (bug #127694).
* Fri Jun 25 2004 Tim Waugh <twaugh(a)redhat.com>
- Added 'TERM screen.linux' to DIR_COLORS (bug #78816).
cups-1.1.21-1.rc1.3
-------------------
* Thu Jul 08 2004 Tim Waugh <twaugh(a)redhat.com> 1:1.1.21-1.rc1.3
- Updated DBUS patch.
elinks-0.9.2-0.rc2.2
--------------------
* Mon Jul 12 2004 Tim Waugh <twaugh(a)redhat.com> 0.9.2-0.rc2.2
- Fix elinks -dump -stdin (bug #127624).
ethereal-0.10.5-1
-----------------
* Fri Jul 09 2004 Phil Knirsch <pknirsch(a)redhat.com> 0.10.5-1
- Update to latest ethereal-0.10.5 due to security problems.
- Include dftest for debugging filters.
evolution-1.5.90-5
------------------
* Thu Jul 08 2004 Jeremy Katz <katzj(a)redhat.com> - 1.5.90-5
- use mozilla 1.7 on platforms where it's available
- check to make sure the appropriate mozilla headers exist if using
mozilla nss for ssl or fail the build
* Thu Jul 08 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Wed Jul 07 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
evolution-data-server-0.0.95-3
------------------------------
* Thu Jul 08 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Wed Jul 07 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Tue Jul 06 2004 David Malcolm <dmalcolm(a)redhat.com> - 0.0.95-1
- 0.0.95
findutils-4.1.20-2
------------------
* Tue Jul 06 2004 Tim Waugh <twaugh(a)redhat.com> 1:4.1.20-2
- Fix -iregex (bug #127297).
* Fri Jun 25 2004 Tim Waugh <twaugh(a)redhat.com> 1:4.1.20-1
- Clarify find man page (bug #126098).
- Apply changes by Robert Scheck <redhat(a)linuxnetz.de> (bug #126352):
- Upgrade to 4.1.20 and some specfile cleanup
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
foomatic-3.0.1-6
----------------
* Mon Jul 12 2004 Tim Waugh <twaugh(a)redhat.com> 3.0.1-6
- Updated db to 20040712.
- HPLJ4300 data is upstream now.
gcc-3.4.1-4
-----------
* Sat Jul 10 2004 Jakub Jelinek <jakub(a)redhat.com> 3.4.1-4
- handle c++config.h being different between multilibs
- fix C++ enum handling in range tests (PR tree-optimization/16372)
- one more bitfield patch fix
* Fri Jul 09 2004 Jakub Jelinek <jakub(a)redhat.com> 3.4.1-3
- reenable bitfield patch after fixing it
- don't use SSE prefetch instructions if -mcpu= is a CPU with
SSE prefetch, but -march= is not i686+ and -msse{2,3} is not given
either (#127375)
glib2-2.4.4-1
-------------
* Fri Jul 09 2004 Matthias Clasen <mclasen(a)redhat.com> - 2.4.4-1
- Update to 2.4.4
gnome-python2-2.0.2-1
---------------------
* Wed Jul 14 2004 Jeremy Katz <katzj(a)redhat.com> - 2.0.2-1
- update to 2.0.2
gnopernicus-0.9.5-1
-------------------
* Fri Jul 09 2004 Colin Walters <walters(a)redhat.com> 0.9.5-1
- Update to 0.9.5
gstreamer-0.8.3-3
-----------------
* Mon Jul 05 2004 Colin Walters <walters(a)redhat.com> 0.8.3-3
- Another rebuild to placate beehive!
* Mon Jul 05 2004 Colin Walters <walters(a)redhat.com> 0.8.3-2
- Rebuild to placate beehive
* Wed Jun 23 2004 Colin Walters <walters(a)redhat.com> 0.8.3-1
- Update to 0.8.3, now that I am convinced it is safe.
- Remove backported cpufix patch.
- "cvs remove" a bunch of obsoleted patches.
gstreamer-plugins-0.8.2-3
-------------------------
* Mon Jul 05 2004 Colin Walters <walters(a)redhat.com> - 0.8.2-3
- Another rebuild to placate beehive!
* Mon Jul 05 2004 Colin Walters <walters(a)redhat.com> - 0.8.2-2
- Rebuild to placate beehive
gtk2-2.4.4-1
------------
* Fri Jul 09 2004 Matthias Clasen <mclasen(a)redhat.com> - 2.4.4-1
- Update to 2.4.4
* Thu Jul 08 2004 Matthias Clasen <mclasen(a)redhat.com> - 2.4.1-5
- Look for the gtk.immodules file in the right location. (#127073)
* Thu Jul 08 2004 Matthias Clasen <mclasen(a)redhat.com> - 2.4.1-4
- Add a wrapper for gdk-pixbuf-csource.
gtkhtml3-3.1.17-3
-----------------
* Thu Jul 08 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Wed Jul 07 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Tue Jul 06 2004 David Malcolm <dmalcolm(a)redhat.com> - 3.1.17-1
- 3.1.17
hal-0.2.93.cvs20040712-1
------------------------
* Mon Jul 12 2004 John (J5) Palmieri <johnp(a)redhat.com> 0.2.93.cvs.20040712-1
- Update to new CVS version as of 7-12-2004
htdig-3.2.0b6-1
---------------
* Tue Jul 06 2004 Phil Knirsch <pknirsch(a)redhat.com> 3.2.0b6-1
- Update to htdig-3.2.0b6
- Removed obsolete patches (already included upstream).
- Added manpages to basic package.
- Added missing httpd BuildPreReq (#125037)
- Added fix for broken behaviour with robots.txt (#126482)
hwdata-0.123-1
--------------
* Fri Jul 09 2004 Mike A. Harris <mharris(a)redhat.com> 0.123-1
- Quick pcitable/Cards update for ATI Radeon and FireGL boards
* Mon Jun 28 2004 Bill Nottingham <notting(a)redhat.com>
- add Proview monitor (#125853)
- add ViewSonic monitor (#126324)
- add a Concord camera (#126673)
im-sdk-11.4-65.svn1772
----------------------
* Mon Jul 05 2004 Jens Petersen <petersen(a)redhat.com> - 1:11.4-65.svn1772
- add a symlink "IIim" to the xinit.d script to smooth upgrades
- update im-switch to use alternatives and xinput.d
kdelibs-3.2.3-5
---------------
* Mon Jul 12 2004 Than Ngo <than(a)redhat.com> 6:3.2.3-5
- rebuild
kernel-2.6.7-1.486
------------------
* Tue Jul 13 2004 Arjan van de Ven <arjanv(a)redhat.com>
- add "enforcemodulesig" boot option to make the kernel load signed modules only
* Mon Jul 12 2004 Arjan van de Ven <arjanv(a)redhat.com>
- updated voluntary preempt
- 2.6.8-rc1
libesmtp-1.0.3r1-1
------------------
* Tue Jul 13 2004 John Dennis <jdennis(a)redhat.com> 1.0.3r1-1
- bring up to latest upstream release
libgal2-2.1.11-2
----------------
* Wed Jul 07 2004 David Malcolm <dmalcolm(a)redhat.com>
- rebuilt
* Tue Jul 06 2004 David Malcolm <dmalcolm(a)redhat.com> - 2:2.1.11-1
- 2.1.11
libgnomeprintui22-2.7.1-1
-------------------------
* Thu Jul 08 2004 Colin Walters <walters(a)redhat.com> 2.7.1-1
- Update to latest upstream CVS (20040708)
- Merge dynamism patch with upstream CVS
* Thu Jun 17 2004 Matthias Clasen <mclasen(a)redhat.com> 2.7.0-2
- Show printers in a tree view.
* Tue Jun 15 2004 Colin Walters <walters(a)redhat.com> 2.7.0-1
- Update to 2.7.0 CVS
- Pass --enable-gtk-doc to configure
- Add current version of patch which handles dynamic updating
from libgnomeprint.
- Bump required libgnomeprint version.
libidn-0.5.1-1
--------------
* Fri Jul 09 2004 Joe Orton <jorton(a)redhat.com> 0.5.1-1
- update to 0.5.1 (#127496)
libselinux-1.15.1-1
-------------------
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.1-1
- Update to latest from NSA
- Add fix to only get old path if file_context file exists in old location
libtool-1.5.6-4
---------------
* Tue Jul 06 2004 Jens Petersen <petersen(a)redhat.com> - 1.5.6-4
- improve buildrequires and prereqs
- buildrequire texinfo (Dawid Gajownik, 126950)
libwmf-0.2.8.3-3
----------------
* Thu Jul 08 2004 Matthias Clasen <mclasen(a)redhat.com> - 0.2.8.3-3
- Update to use the new update-gdk-pixbuf-loaders script in gtk2-2.4.1-2
* Thu May 20 2004 Caolan McNamara <caolanm(a)redhat.com>
- Initial version
lm_sensors-2.8.7-1
------------------
* Tue Jul 06 2004 Phil Knirsch <pknirsch(a)redhat.com> 2.8.7-1
- Update to latest upstream version.
lynx-2.8.5-18
-------------
* Thu Jul 08 2004 Tim Waugh <twaugh(a)redhat.com> 2.8.5-18
- Removed perl dependencies (bug #127423).
miniChinput-0.0.3-58
--------------------
* Tue Jul 06 2004 Leon Ho <llch(a)redhat.com>
- added a simple patch for gcc34 compiler
- added support for xinitrc-4.0.1
- run alternativates on post and preun
- included xinput-miniChinput
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon May 17 2004 Yu Shao <yshao(a)redhat.com>
- patch miniChinput-0.0.3-DEF-IC.patch to fix bug 106807
mod_python-3.1.3-3
------------------
* Tue Jul 13 2004 Nils Philippsen <nphilipp(a)redhat.com>
- set default-handler for manual files to fix #127622
nabi-0.13-1
-----------
* Tue Jul 06 2004 Leon Ho <llch(a)redhat.com>
- upgraded to 0.13
- added support to xinitrc-4.0.1
- added xinput-nabi
- added alternativies on post and preun
ncftp-3.1.7-5
-------------
* Wed Jul 07 2004 Karsten Hopp <karsten(a)redhat.de> 2:3.1.7-5
- rebuild with new gcc
ncurses-5.4-10.fc3
------------------
* Thu Jul 08 2004 Adrian Havill <havill(a)redhat.com> 5.4-10
- add home/end mappings to gnome definition (#122815)
* Tue Jul 06 2004 Adrian Havill <havill(a)redhat.com> 5.4-9.fc3
- n-v-r
* Tue Jul 06 2004 Adrian Havill <havill(a)redhat.com> 5.4-9.fc2
- n-v-r
net-tools-1.60-29
-----------------
* Mon Jul 12 2004 Phil Knirsch <pknirsch(a)redhat.com> 1.60-29
- Fixed initscript patch for netplug (#127351)
nmap-3.55-1
-----------
* Tue Jul 13 2004 Harald Hoyer <harald(a)redhat.com> - 2:3.55-1
- new version
nss_db-2.2-27
-------------
* Tue Jul 06 2004 Nalin Dahyabhai <nalin(a)redhat.com> 2.2-27
- only provide a -compat subpackage on platforms where glibc provides
compat NSS modules (%{ix86})
- make -compat depend on the same version of the non-compat package
oprofile-0.8-20040511.12
------------------------
* Wed Jul 07 2004 Will Cohen <wcohen(a)redhat.com>
- Add oparchive patch.
pam-0.77-49
-----------
* Sat Jul 10 2004 Alan Cox <alan(a)redhat.com>
- Fixed the pam glib2 dependancy issue
* Mon Jun 21 2004 Alan Cox <alan(a)redhat.com>
- Fixed the pam_limits fencepost error (#79989) since nobody seems to
be doing it
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
pciutils-2.1.99.test7-1
-----------------------
* Fri Jul 09 2004 Bill Nottingham <notting(a)redhat.com> 2.1.99.test7-1
- update to test7
- fix segfault on some x86-64 boxen
policycoreutils-1.15.1-1
------------------------
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.1-1
- Latest from NSA
- Fix fixfiles.cron to delete outfile
postgresql-7.4.3-3
------------------
* Sat Jul 10 2004 Tom Lane <tgl(a)redhat.com> 7.4.3-3
- Undo ill-considered chkconfig change that causes server to start
immediately upon install. Mea culpa (bug 127552).
prelink-0.3.2-6
---------------
* Wed Jul 07 2004 Jakub Jelinek <jakub(a)redhat.com> 0.3.2-6
- change sed separator in testsuite scripts from | to , if \|
is present in regexps, as that invokes undefined behaviour
which changed between GNU sed 4.0.9 and 4.1
* Wed Jul 07 2004 Jakub Jelinek <jakub(a)redhat.com> 0.3.2-5
- skip vDSO in ldd /sbin/init output when determining if /sbin/telinit -u
should be run (#127350)
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
rdesktop-1.3.1-5
----------------
* Thu Jul 08 2004 Warren Togami <wtogami(a)redhat.com>
- #127207 Finnish "fi" keymap fix
"fi" ISO_Level3_Shift warning fix
rhgb-0.12.2-1
-------------
* Mon Jul 12 2004 Daniel Veillard <veillard(a)redhat.com> 0.12.2
- previous version lost two patches which were not commited
* Mon Jul 12 2004 Daniel Veillard <veillard(a)redhat.com> 0.12.1
- bug fixes for xinerama and build fixes
- lot of translation strings update
* Fri Oct 17 2003 Jonathan Blandford <jrb(a)redhat.com> 0.11
- only launch if explicitly listed in grub
rpm-4.3.2-0.6
-------------
* Fri Jul 09 2004 Jeff Johnson <jbj(a)jbj.org> 4.3.2-0.6
- fix: evaluate rather than default file_contexts path. (#127501).
* Mon Jul 05 2004 Jeff Johnson <jbj(a)jbj.org> 4.3.2-0.5
- change default behavior to resolve file conflicts as LIFO.
- add --fileconflicts to recover rpm traditional behavior.
- prefer elf64 over elf32 files, everywhere and always (#126853).
- ia64: auto-relocate entire, not partial, directory contents (#126905).
- ia64: auto-relocate glibc.ix86 interpreter path (#100563).
rpmdb-fedora-2-0.20040714
-------------------------
rusers-0.17-41
--------------
* Mon Jul 12 2004 Phil Knirsch <pknirsch(a)redhat.com> 0.17-41
- Bump release.
* Mon Jul 12 2004 Phil Knirsch <pknirsch(a)redhat.com> 0.17-40
- Made patch to make rpc.rstatd independant of procps (#127512)
sed-4.1.1-1
-----------
* Thu Jul 08 2004 Jakub Jelinek <jakub(a)redhat.com> 4.1.1-1
- update to 4.1.1
selinux-policy-strict-1.15.4-1
------------------------------
* Mon Jul 12 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.4-1
- Break out unlimitedServices in to multiple tunables
* Mon Jul 12 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.3-1
- Fixes for sudo and userhelper.
* Wed Jul 07 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.2-1
* Wed Jul 7 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.1-1
- Update with latest from NSA
selinux-policy-targeted-1.15.3-1
--------------------------------
* Mon Jul 12 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.3-1
- Fixes for sudo and userhelper.
* Wed Jul 07 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.2-1
* Wed Jul 7 2004 Dan Walsh <dwalsh(a)redhat.com> 1.15.1-1
- Update with latest from NSA
setools-1.4.1-1
---------------
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 1.4.1-1
- Latest from Tresys
shadow-utils-4.0.3-24
---------------------
* Sat Jul 10 2004 Alan Cox <alan(a)redhat.com> 4.0.3-24
- Fix nscd path. This fixes various stale data caching bugs (#125421)
sox-12.17.4-4
-------------
* Fri Jul 09 2004 Bill Nottingham <notting(a)redhat.com> 12.17.4-4
- add patch for 64-bit problem (#127502)
strace-4.5.6-1
--------------
* Mon Jul 12 2004 Roland McGrath <roland(a)redhat.com> 4.5.6-1
- new upstream version, updates ioctl lists (#127398), fixes quotactl (#127393), more ioctl decoding (#126917)
* Sun Jun 27 2004 Roland McGrath <roland(a)redhat.com> 4.5.5-1
- new upstream version, fixes x86-64 biarch support (#126547)
sudo-1.6.7p5-28
---------------
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 1.6.7p5-28
- Fix selinux patch to switch to root user
sysreport-1.3.11-1
------------------
* Tue Jul 13 2004 Than Ngo <than(a)redhat.com> 1.3.11-1
- add more SELinux information
* Mon Jul 12 2004 Than Ngo <than(a)redhat.com> 1.3.10-1
- add gathering information on SELinux setup
system-config-printer-0.6.103-1
-------------------------------
* Tue Jul 13 2004 Tim Waugh <twaugh(a)redhat.com> 0.6.103-1
- Use %{_libdir} (bug #127737).
tetex-2.0.2-18
--------------
* Wed Jul 07 2004 Tim Waugh <twaugh(a)redhat.com> 2.0.2-18
- Fixed ambiguous sed expressions (bug #127377).
tux-3.2.18-2
------------
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
udev-029-1
----------
* Tue Jul 06 2004 Harald Hoyer <harald(a)redhat.com> - 029-1
- version 029, added udev_remove and udev_owner to udev.conf
usermode-1.70-8
---------------
* Mon Jul 12 2004 Dan Walsh <dwalsh(a)redhat.com> 1.70-8
- Additional diffs from NSA
- Clean up comments
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 1.70-7
- More fixes for SELinux. roll back to only use root for auth.
- Add getenforce checks
- Add root_passwd check
vim-6.3.013-1
-------------
* Tue Jul 13 2004 Karsten Hopp <karsten(a)redhat.de> 6.3.013-1
- patchlevel 13 to fix some crashes with multi-line patterns
and when using CTRL-R in command mode
* Thu Jul 08 2004 Dan Walsh <dwalsh(a)redhat.com> 6.3.011-4
- Fix selinux patch to handle symlinks
* Wed Jul 07 2004 Karsten Hopp <karsten(a)redhat.de> 6.3.011-3
- rebuild with new gcc
w3m-el-1.4.1-1
--------------
* Fri Jul 09 2004 Akira TAGOH <tagoh(a)redhat.com> 1.4.1-1
- New upstream release.
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Thu May 06 2004 Akira TAGOH <tagoh(a)redhat.com> 1.4-1
- New upstream release.
- w3m-el-1.3.6-m17n.patch: removed.
x3270-3.3.2.p1-6
----------------
* Wed Jul 07 2004 Karsten Hopp <karsten(a)redhat.de> 3.3.2.p1-6
- rebuild with new gcc
xcdroast-0.98a15-4
------------------
* Tue Jul 13 2004 Harald Hoyer <harald(a)redhat.com> - 0.98a15-4
- added xcdroast-0.98alpha15-linebuffer.patch (Tim Waugh, bz 127658)
- corrected buildrequires (bz 127300)
xterm-192-1
-----------
* Tue Jul 13 2004 Mike A. Harris <mharris(a)redhat.com> 192-1
- Updated main tarball to xterm-192 for FC3 devel
- Resolved bugs #126569,127132
yaboot-1.3.12-5
---------------
* Sat Jul 10 2004 Paul Nasrat <pnasrat(a)redhat.com> - 1.3.12-5
- Added hfsutils requires for pmac
* Wed Jun 23 2004 David Woodhouse <dwmw2(a)redhat.com> - 1.3.12-4
- Increase TFTP load buffer size to 8MiB.
19 years, 10 months
System.map contents in
by Pete Zaitcev
Arjan, what's up with the System.map on FC2? Looks like garbage to me.
[zaitcev@lembas ksrc]$ ls /boot
config-2.6.5-1.358 initrd-2.6.6-1.435.img vmlinux-2.6.7-ub
config-2.6.6-1.435 initrd-2.6.7-ub.img vmlinuz-2.6.5-1.358
config-2.6.6-1.435.2.3 System.map-2.6.5-1.358 vmlinuz-2.6.6-1.435
grub System.map-2.6.6-1.435 vmlinuz-2.6.6-1.435.2.3
initrd-2.6.5-1.358.img System.map-2.6.6-1.435.2.3 vmlinuz-2.6.7-ub
initrd-2.6.6-1.435.2.3.img System.map-2.6.7-ub
[zaitcev@lembas ksrc]$ head /boot/System.map-2.6.6-1.435.2.3
021481c0 T I_BDEV
022b9d18 r __ksymtab_I_BDEV
022bf818 r __kstrtab_I_BDEV
02347aa8 B MCA_bus
022b8db0 r __ksymtab_MCA_bus
022bd687 r __kstrtab_MCA_bus
021f74aa T QUIRK_LIST
022bba28 r __ksymtab_QUIRK_LIST
022c3809 r __kstrtab_QUIRK_LIST
02347020 B ROOT_DEV
[zaitcev@lembas ksrc]$ head /boot/System.map-2.6.7-ub
c0100000 A _text
c0100000 T startup_32
c0100070 T startup_32_smp
c01000fd t checkCPUtype
c010017e t is486
c0100185 t is386
c01001e8 t L6
c01001ea t check_x87
c010021a t setup_idt
c0100237 t rp_sidt
[zaitcev@lembas ksrc]$
I have a little tool which reads slabs from /dev/kmem and finds leaked
structs, and it fails to find cache_cache value, that's why I ask.
-- Pete
19 years, 10 months
udev in initrd
by Thomas Woerner
There are new FC3 test packages for udev usage in initrd:
http://people.redhat.com/twoerner/UDEV/FC3/
This is a minimal version without udev-persistent support and no busybox. It is using
the normal nash initrd environment.
U S A G E
=========
- Install initscripts, mkinitrd and udev updates
- To use udev in initrd, set USE_UDEV and UDEV_INITRD in /etc/sysconfig/udev.
udev will then use the normal /dev directory and will generate devices in there.
- udev can be started in a clean mounted ramfs on /dev by setting UDEV_RAMFS
- To get this ramfs /dev to your system, set UDEV_KEEP_DEV. Setting UDEV_KEEP_DEV
also sets UDEV_RAMFS. /dev will be bind-mounted to your root directory, then.
- Unset udev_owner in /etc/udev/udev.conf to get normal persimissions. Newer udev
packages are not setting device ownerships or permissions, if the device already
exists. But this is needed if you are keeping your /dev, because udev will
generate devices with root ownership (there is no other user in initrd) and
udevstart in rc.sysinit will not set correct permissions, then.
- Setting udev_remove will remove devices if the corresponding hardware device is
gone e.g. for USB devices.
E X A M P L E C O N F I G U R A T I O N
=========================================
/etc/sysconfig/udev
-------------------
...
USE_UDEV="yes"
UDEV_INITRD="yes"
UDEV_RAMFS="yes"
UDEV_KEEP_DEV="yes"
/etc/udev/udev.conf
-------------------
...
udev_owner="no"
udev_remove="yes"
W A R N I N G
=============
Do not overwrite your initrd images and make new grub entries, to have a sane
fallback. Please be careful if you are using LVM or RAID. These are not tested, yet.
Thomas
19 years, 10 months
Re: Musings about on-disk encryption in Fedora Core
by W. Michael Petullo
>>> Securing the system is exactly the same thing IMHO.
>>>
>>> If your system is insecure then encryption won't help, the attacker will
>>> get all your passwords and happily decrypt all your data!
>> I would argue that it depends on what you are securing against. For
>> example, securing data against physical laptop theft does not really
>> require booting from removable media...as long as you don't trust the
>> laptop once it is recovered.
>
> True. But what about servers? How secure is YOUR server room? Taking
> disks out etc is not difficult to do. Replacing the BIOS on the
motherboard
> adds an extra level of difficulty and the risk is decreased if that is what
> an attacker would be forced to do.
You are entirely right. Again, my point is that it depends what you are
securing against. I don't have a server room. I am interested in securing
my laptop. The important thing is that, as these techniques are developed,
we are straight forward with and aware of the precise things they defend
against.
>> However, if you are requiring a physical token to provide a key then
>> booting from that token is not too much of a leap. Assuming your firmware
>> supports booting from, say, USB. This seems outside the scope of mkinitrd
>> and more a responsibility of properly configuring yaboot, lilo, grub, etc.
>
> You need the initrd to be able to mount an encrypted root fs, so there are
> some changes to initrd needed. They are probably more significant than the
> changes to allow booting from a USB device.
Yes. I am already working on modifying mkinitrd (see elsewhere in this
thread). So, as I mentioned, once mkinitrd/initrd supports encrypted root
filesystems and accessing a key on a removable device then booting from that
same device should be simple.
--
Mike
19 years, 10 months
Re: Musings about on-disk encryption in Fedora Core
by W. Michael Petullo
>>> For a really secure system you have to boot from removable or read-only
>>> media.
>>> If an attacker can compromise the kernel image that you boot from then
>>> they can own you. If you have an unencrypted kernel/initrd stored on the
>>> hard disk then you must either keep the hard disk locked up at all times
>>> (in which case encrypting it doesn't gain much) or treat every unexpected
>>> reboot as a potential compromise.
>> I was concentrating mainly on means to secure data (against prying eyes,
>> not corruption), securing a system is a completely different kind of
>> thing.
> Securing the system is exactly the same thing IMHO.
>
> If your system is insecure then encryption won't help, the attacker will
get
> all your passwords and happily decrypt all your data!
I would argue that it depends on what you are securing against. For example,
securing data against physical laptop theft does not really require booting
from removable media...as long as you don't trust the laptop once it is
recovered.
However, if you are requiring a physical token to provide a key then booting
from that token is not too much of a leap. Assuming your firmware supports
booting from, say, USB. This seems outside the scope of mkinitrd and more a
responsibility of properly configuring yaboot, lilo, grub, etc.
In addition, when you boot from removable media, you really need to
authenticate that you are booting from the removable media. Perhaps the boot
process could tell you a secret that only you and the removable media know.
If the attacker has access to the firmware then the attacker may cause the
computer to spoof your normal boot process. A firmware password may or may
not help, depending on how paranoid you are.
So we can go down any number of paranoid trails (and we should). But that
doesn't mean we shouldn't start "picking at the low hanging fruit" to make
progress. We just need to be straight forward about what we are protecting
against (for example, a stolen laptop vs. a stolen laptop that I can trust if
returned).
--
Mike
19 years, 10 months
Re: Musings about on-disk encryption in Fedora Core
by Russell Coker
On Wed, 7 Jul 2004 00:43, "mike(a)flyn.org" <mike(a)flyn.org> wrote:
> > Securing the system is exactly the same thing IMHO.
> >
> > If your system is insecure then encryption won't help, the attacker will
> > get all your passwords and happily decrypt all your data!
>
> I would argue that it depends on what you are securing against. For
> example, securing data against physical laptop theft does not really
> require booting from removable media...as long as you don't trust the
> laptop once it is recovered.
True. But what about servers? How secure is YOUR server room? Taking disks
out etc is not difficult to do. Replacing the BIOS on the motherboard adds
an extra level of difficulty and the risk is decreased if that is what an
attacker would be forced to do.
> However, if you are requiring a physical token to provide a key then
> booting from that token is not too much of a leap. Assuming your firmware
> supports booting from, say, USB. This seems outside the scope of mkinitrd
> and more a responsibility of properly configuring yaboot, lilo, grub, etc.
You need the initrd to be able to mount an encrypted root fs, so there are
some changes to initrd needed. They are probably more significant than the
changes to allow booting from a USB device.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
19 years, 10 months
