FWN/Beats/Announcements: Difference between revisions

Announcements

In this section, we cover announcements from the Fedora Project, including general announcements^[1], development announcements^[2] and Events^[3].

Contributing Writer: Pascal Calarco

Fedora Announcements

Outage: Server reboots - 2011-08-01 14:00 UTC

Kevin Fenzi announced^[1]:

"There will be an outage starting at 2011-08-01 14:00 UTC, which will last approximately 2 hours.

To convert UTC to your local time, take a look at^[2] or run:

date -d '2011-08-01 14:00 UTC'

Reason for outage:

A number of servers are being upgraded and must be rebooted. Where possible, services should continue to be available during this outage, but users and maintainers may see short periods of instability or interruptions in some services.

Affected Services:

• Bodhi - https://admin.fedoraproject.org/updates/
• Buildsystem - http://koji.fedoraproject.org/
• Docs - http://docs.fedoraproject.org/
• Email system
• Fedora Account System - https://admin.fedoraproject.org/accounts/
• Fedora Community - https://admin.fedoraproject.org/community/
• Fedora Hosted - https://fedorahosted.org/
• Fedora People - http://fedorapeople.org/
• Main Website - http://fedoraproject.org/
• Package Database - https://admin.fedoraproject.org/pkgdb/
• Smolt - http://smolts.org/
• Spins - http://spins.fedoraproject.org/
• Start - http://start.fedoraproject.org/
• Torrent - http://torrent.fedoraproject.org/
• Wiki - http://fedoraproject.org/wiki/

Unaffected Services:

• BFO - http://boot.fedoraproject.org/
• GIT / Source Control
• DNS - ns1.fedoraproject.org, ns2.fedoraproject.org
• Fedora Insight - https://insight.fedoraproject.org/
• Mirror List - https://mirrors.fedoraproject.org/
• Mirror Manager - https://admin.fedoraproject.org/mirrormanager/

Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/2900

Contact Information:

Please join #fedora-admin in irc.freenode.net or add comments to the ticket for this outage above."

Fedora 15 for IBM System z 64bit official release

Dan Horák announced^[1]:

"It's been a longer time since the Fedora 15 release for the primary architectures than we expected, but here we are.

As today, the Fedora IBM System z (s390x) Secondary Arch team proudly presents the Fedora 15 for IBM System z 64bit official release!

And without further ado, here the links to the actual release:

http://secondary.fedoraproject.org/pub/fedora-secondary/releases/15/Fedora/s390x/

http://secondary.fedoraproject.org/pub/fedora-secondary/releases/15/Everything/s390x/os/

and obviously on all mirrors that mirror the secondary arch content.

The first directory contains the normal installation trees as well as one DVD ISO with the complete release.

Everything as usual contains, well, everything. :)

For Fedora 14 we have collected a couple of example config files, kickstart examples and a nice README here^[2]

beware that currently the content there is outdated, but most of the information should be still valid. We're working on fixing that over the next weeks.

Additional information about know issues, the current progress and state for future release, where and how the team can be reached and just anything else IBM System z on Fedora related can be found here^[3] for architecture specific release notes and here^[4] for more general s390x notes.

Thanks go out to everyone involved in making this happen!

Your Fedora/s390x Maintainers

-- Dan Horák, RHCE Senior Software Engineer, BaseOS

Red Hat Czech s.r.o., Purkyňova 99, 612 45 Brno"

Fedora Development News

The Development Announcement^[1] list is intended to be a LOW TRAFFIC announce-only list for Fedora development.

Acceptable Types of Announcements

• Policy or process changes that affect developers.
• Infrastructure changes that affect developers.
• Tools changes that affect developers.
• Schedule changes
• Freeze reminders

Unacceptable Types of Announcements

• Periodic automated reports (violates the INFREQUENT rule)
• Discussion
• Anything else not mentioned above

evolution-data-server soname version bump for rawhide/Fedora 16 next week

Milan Crha announced^[1]:

"Hi,

I just want to let you know that evolution-data-server 3.1.5 release, which is about to happen the next week, on August 15th, +/-, changes soname versions for almost everything it provides, namely libedataserver, libecal, libedatacal, libebook, libedatabook.

Anything depending on it would be rebuild on both branches against newer eds, when its update will be done. I will rebuild all to which I have commit rights by the end of the week, after the release.

Bye,

Milan"

Fedora 16 Alpha to slip by one week

Robyn Bergeron announced^[1]:

"Today at the Go/No-Go meeting it was decided to slip the Alpha by one week[1]. Minutes follow below.

There are numerous unresolved blocker bugs at this time[2], requiring the creation of an RC4 once these blockers are resolved.

As a result, ALL MAJOR MILESTONES, and their dependent tasks, will be pushed out by one week.

We will proceed with having the F16 Alpha readiness meeting tomorrow, 2011-08-11, as previously announced on the Logistics mailing list. We will have another F16 Alpha Blocker Bug meeting this Friday.

The adjustments to the F16 schedule will be done (very late) tonight, and published to the Schedule wiki page[3].

Thanks for your patience. We will be meeting again next Wednesday for another Go/No-Go meeting.

-Robyn

[1] Logs: http://meetbot.fedoraproject.org/fedora-meeting/2011-08-10/f16_alpha_gono-go_meeting.2011-08-10-21.00.log.html

    Minutes: 

http://meetbot.fedoraproject.org/fedora-meeting/2011-08-10/f16_alpha_gono-go_meeting.2011-08-10-21.00.html

[2] https://fedoraproject.org/wiki/Current_Release_Blockers

[3] https://fedoraproject.org/wiki/Releases/16/Schedule

  jsmith-mobile, adamw  (rbergeron, 21:03:42)

  * the Purpose of the Go/No-Go is to gather yay/nay's from Release
    Engineering, QA, and devel on whether or not what we have put
    together is ready for release and meets the release criteria.
    (rbergeron, 21:05:28)
  * LINK: https://fedoraproject.org/wiki/Go_No_Go_Meeting   (adamw,
    21:06:17)
  * LINK: https://fedoraproject.org/wiki/Current_Release_Blockers <--
    that one I know by heart, though.  (rbergeron, 21:06:42)

  * LINK: https://bugzilla.redhat.com/show_bug.cgi?id=729563
    (rbergeron, 21:10:04)
  * clumens has an updates image (linked in BZ) for people to try out.
    (rbergeron, 21:12:33)
  * AGREED: : #729563, NTH Alpha, consider adding criterion for selinux
    must be enabled by default later.  (rbergeron, 21:14:39)

  21:15:04)
  * Error while installing updates on Fedora 16 Alpha RC3  (rbergeron,
    21:15:20)
  * AGREED: revisit #729563 at Blocker meeting friday, try to get more
    testers. PLEASE TEST THIS ONE AND TRY TO DUPLICATE, FOLKS!
    (rbergeron, 21:17:34)

  21:17:53)
  * #729528 - Unable to configure events in reporter to forward in
    anaconda for F-16-Alpha-RC3  (rbergeron, 21:18:09)
  * AGREED: #729528 Alpha Blocker, per criterion of installer must be
    able to report failures to BZ, wiht appropriate info included.
    (rbergeron, 21:22:19)

  21:22:53)
  * 729537 - Anaconda cannot report crashes in text mode in F16 Alpha
    RC3 due to missing report-cli  (rbergeron, 21:23:14)
  * AGREED: 729537 Alpha Blocker, per criterion of installer must be
    able to report failures to BZ, with appropriate info included.
    (rbergeron, 21:25:32)

  21:25:48)
  * 728707 - on package upgrade RPM is removing empty directories
    accidentally  (rbergeron, 21:26:02)
  * AGREED: 728707 is a blocker under 'must be able to install updates'
    criterion - this constitutes not installing updates properly
    (adamw, 21:33:36)

  * LINK:
    

    (jlk, 21:47:30)
  * AGREED: 729600 not blocker or nth, installing from a dd'ed DVD iso
    is expected to require extra configuration. documentation should be
    improved to outline the steps required  (adamw, 21:56:27)

  * AGREED: Fedora 16 Alpha is no-go at this time  (adamw, 22:01:32)
  * ACTION: rbergeron will take care of updating the schedules  (adamw,
    22:02:04)

  * rbergeron will take care of updating the schedules

  * (none)

.. _MeetBot: http://wiki.debian.org/MeetBot"

New hardened build support (coming) in F16

Adam Jackson announced^[1]:

"tl;dr version: If you have a security-sensitive package, and wish to enable some gcc-level hardening features with a modest performance impact, you will soon be able to enable them (nearly) automagically by rebuilding with this line in your spec file:

%define _hardened_build 1

Now for the details.

• 1: what are we trying to do?

There are three somewhat-overlapping build features in play here. The first one is called "relro", which instructs the linker to emit some relocations in a special segment that can be marked read-only after relocation processing is finished but before you call into main(). Or in English: more things that you've asked to be const, will actually be const. This on its own is quite cheap, and so it has been enabled globally as of redhat-rpm-config-9.1.0-13.fc16.

By default, not all symbols are resolved that early in program execution. In particular, functions are resolved lazily the first time they're called. This makes startup faster, and since not all functions are actually called in typical program execution, usually makes total execution time faster. However, if all symbols were resolved early, the relro feature could do a better job, and virtually all relocations could be made read-only. The '-z now' flag to the linker makes this happen, and an app so linked is said to be "Full RELRO" instead of "Partial RELRO".

Finally, applications may be built as position-independent executables, by passing -fPIC or -fPIE at build time and -pie at link time. This allows the runtime linker to randomize the placement of the executable at runtime, which makes it more difficult for an attacker to guess the address of writeable memory.

• 2: how do we go about doing it?

The non-PIE parts of this are trivial, just pass the appropriate flags to the linker and you're done. PIE is more difficult, both at build time and at link time. Although both -fPIC and -fPIE produce position-independent code at the assembly level, -fPIE will (at least on amd64) produce relocation types that are only valid in an executable. This means you can't just say -fPIE in CFLAGS: your libraries will fail to link. (PIC objects in a PIE executable are fine; PIE objects in a PIC library are not. When in doubt, -fPIC.)

Likewise, at link time, the -pie and -shared options are mutually exclusive. ld.gold will simply refuse to execute if you specify both. ld.bfd will (afaict) let whichever one comes last win, and if that happens to be -pie when you're building a shared library it will fail to link because it won't be able to find a _start symbol.

All of this is only an issue because most build systems don't let you say different CFLAGS or LDFLAGS for shared libraries and executables. Sigh.

So instead, we'll teach gcc to figure it out. To do this we'll use the -specs flag to pass some rewrite rules to the compiler driver. At compile time, if we don't see -fPIC or -fPIE on the command line, we'll add -fPIC. At link time, if we don't see -shared, we'll add -pie. This way we build relocatable objects that are always suitable for either type of final link object, and we'll only attempt to build a PIE if we know we're not building a shared library. Victory!

• 3: what does this mean for you?

The link-time bit of the last paragraph required a bit of gcc magic to get right (previously specs rules could only add strings to the command line of the program to invoke; they could not rewrite gcc's notion of which flags had been passed in the first place). Thanks to a patch from Jakub Jelinek, this is now fixed in gcc-4.6.1-7.fc16, and will be in gcc 4.7 and later. As a result, %defined _hardened_build 1 will not work until that gcc update has gone through.

Once that's done (and redhat-rpm-config-9.1.0-15.fc16 has been gone through updates), if you're using a %configure-style spec file, defining the magic macro is all you have to do. The rpm macros will notice the macro, and put the right magic into CFLAGS and LDFLAGS, and everything is great and wonderful.

If you're _not_ using %configure, then you have to do whatever is conventional for your build system to get CFLAGS and LDFLAGS inherited properly. For CFLAGS, this will be $RPM_OPT_FLAGS or %{optflags} as before. As of rpm-4.9.1-3.fc16, you will be able to say $RPM_LD_FLAGS for the corresponding LDFLAGS values. Until then, there is no such shell variable, but you can get the same effect from %{?__global_ldflags}. Yes, that's ugly, sorry.

If you are the owner of one of the packages listed here^[2]

Then I have locally built (though not extensively tested) your package with the appropriate specfile modifications, and the results do indeed appear to be fully hardened. If you would like to handle the rebuilds yourself, please let me know. Otherwise I will submit them myself once the relevant updates have gone through.

If you've made it to the end, congratulations. Please let me know if there are any issues, or any questions I can answer. In particular if the performance impact of these flags is excessive for you, there are some ways it can be mitigated that are out of scope for this particular email.

- ajax

Fedora 16 Alpha Go/No-Go Meeting, Wednesday, August 10 @ 17:00 EDT

Bobyn Bergeron announced^[1]:

"Join us on irc.freenode.net #fedora-meeting for this important meeting.

Wednesday, August 10, 2011 @21:00 UTC (17:00 EDT/14:00 PDT)

"Before each public release Development, QA and Release Engineering meet to determine if the release criteria are met for a particular release. This meeting is called the: Go/No-Go Meeting."

"Verifying that the Release criteria are met is the responsibility of the QA Team."

For more details about this meeting^[2]

In the meantime, keep an eye on the Fedora 16 Alpha Blocker list:

https://fedoraproject.org/wiki/Current_Release_Blockers

-Robyn"

FUDCon EMEA travel subsidies are open

Christoph Wickert announced^[1]:

"Hi there,

If you are planning to attend FUDCon Milan 2011 and need travel subsidies, the ticket system is now open. If you need sponsoring, please

1. register[2] 
2. put an X in the $$$ column 
3. make a funding request in the the FUDCon ticket tracker[3] 
4. General instructions about sponsoring[4] 

Funding requests without a ticket will not be considered. We have a limited budget and will work hard to fund as many people as possible. We'll use these answers to help figure out budgeting for the event. We are making arrangements for attendees from other geographic regions to encourage specific initiatives such as future FUDCon events, but preference may otherwise be given to people in EMEA.

The next subsidy meeting will be held on Tuesday, August 16th at 15:00 UTC in #fudcon-planning. Please show up in case the event organizers have questions about your request.

Regards,

Christoph"

String Freeze 2011-08-02

Noriko Mizumoto announced^[1]:

"Fedora Packagers

It is String Freeze date on 2011-08-02. Fedora Localization team will soon start translating latest packages via Transifex. Our goal is Fedora software translation to be 100% completed as many languages as possible.

Please make sure that your latest POT file has been uploaded to Transifex for translators. If you think that you need to break the string freeze, then you should ask for approval from the Fedora Localization Team prior to breaking the freeze. Software string freeze policy can be found at^[2]

Thank you so much for your support in advance.

Regards,

noriko Fedora L10N"

Changes to the Packaging Guidelines

Tom Callaway announced^[3]:

"Here are the latest changes to the Fedora Packaging Guidelines:

---

Some rpm versions pass pathnames to the automatic filtering macros, so a section has been added to the guidelines to help packagers deal with it^[4]

---

For a while, Fedora considered mono packages to be architecture-specific, and installed assemblies to %{_libdir}. However, after discussions with upstream, we now consider mono packages to be architecture (and platform) independent. This means that mono packages should be correctly installed into the GAC in /usr/lib or installed into /usr/lib/PACKAGENAME.

As a notable exception, any ELF binary libraries generated in a mono package must be correctly installed into %{_libdir}, because these files are architecture-specific.

Also, even though we consider mono packages to be architecture independent, they must not be marked as "noarch". Although the assemblies are the same, the files may differ due to strings referring to the build architecture.^[5]

---

It was decided that gnome shell extension packages should have the prefix gnome-shell-extension (with no "s" on the end).^[6]

---

The section in the Fedora Packaging Guidelines concerning libexecdir has been improved and expanded^[7]

---

The Fedora Java Packaging Guidelines have been updated to reflect the latest macros for Maven 3.^[8]

---

These guidelines (and changes) were approved by the Fedora Packaging Committee (FPC).

Many thanks to Christian Krause, Aleksandar Kurtakov, Petr Pisar, Stanislav Ochotnicky, and all of the members of the FPC, for assisting in drafting, refining, and passing these guidelines.

As a reminder: The Fedora Packaging Guidelines are living documents! If you find something missing, incorrect, or in need of revision, you can suggest a draft change. The procedure for this is documented here^[9]

Thanks,

~spot"

Fedora Events

The purpose of event is to build a global Fedora events calendar, and to identify responsible Ambassadors for each event. The event page is laid out by quarter and by region. Please maintain the layout, as it is crucial for budget planning. Events can be added to this page whether or not they have an Ambassador owner. Events without an owner are not eligible for funding, but being listed allows any Ambassador to take ownership of the event and make it eligible for funding. In plain words, Fedora events are the exclusive and source of marketing, learning and meeting all the fellow community people around you. So, please mark your agenda with the following events to consider attending or volunteering near you!

Upcoming Events (June - August 2011)

• North America (NA)^[1]
• Central & South America (LATAM): ^[2]
• Europe, Middle East, and Africa (EMEA)^[3]
• India, Asia, Australia (India/APJ)^[4]

Past Events

Archive of Past Fedora Events^[1]

Additional information

• Reimbursements -- reimbursement guidelines.
• Budget -- budget for the current quarter (as distributed by FAMSCo).
• Sponsorship -- how decisions are made to subsidize travel by community members.
• Organization -- event organization, budget information, and regional responsibility.
• Event reports -- guidelines and suggestions.
• LinuxEvents -- a collection of calendars of Linux events.