Fedora (EPEL) Orphaned Packages Cleanup

Today I got to  the script ready I previously used to report long time orphaned packages for Fedora to allow checking for other releases than Rawhide. I just sent reports for Fedora Branched and Rawhide and EPEL 5, 6 and 7 to the respective devel lists. Especially EPEL 5 needs a lot of care as there are about 700 packages in EPEL 5 that are currently orphaned or depend on an orphaned package. Eventually all orphaned EPEL packages will be retired (removed). For Fedora Branched and Rawhide is was already decided to retire packages that are orphaned for six weeks. However automation for regular reports and checking when the packages were orphaned is still on the TODO list.

To make sure that no packages are retired that you would like to use, please check the reports on the mailing lists for any packages you care about and claim them if necessary. Eventually I will create nice HTML reports that are updated more regularly to make everthing more visible.

Flocked to Fedora 2014

This year I was happy to be able to attend Fedora Flock in Prague. It was a very nice conference and I mainly enjoyed to get to know a lot of other people I already knew from the Internet. I was especially happy to be able to meet Toshio, who now takes some time off from Fedora, so I am not sure if I ever will have the chance again.

The talks were nice, too. I learned about some new features in Python 3, which I would like to use very much. I am sure I will enjoy using keyword-only arguments, chained exceptions, advanced unpacking and the new OSError subclasses. It is too bad that too much of Fedora’s tool (yum, koji) are still Python 2 only, so I am not able to use Python 3 for the current projects (autosigner and autoblocker). Especially chained exeptions is something I was missing in fedpkg, last time I had to debeg something there. I am also looking forward to Bodhi 2 and hope I will be able to provide tests for Taskotron, which according to Tim’s talk about it, should be rather easy. I am also thankful to Nick, that he hosted a GPG keysigning party, which is something a planned to do if I had more time in advance. The late blog post indicates already that I am still short of time. Therefore I only got to mention some highlights from Flock, even though there was a lot more worth mentioning. Thank you to everyone who made it possible for me to attend Flock!

openssl security vulnerability (heartbleed) notes

Update:

The updated package should now be available via yum update openssl\*. Please do not forget to restart your system after you installed them. The manual installation process described below should not be necessary anymore.

Please be a aware that the instructions to update openssl given for example in
Fedora
Magazine
are incomplete. I recommend the following steps (All yum commands
need to run as root, all commands need to be specified on one line):

# Ensure that koji is installed
yum -y install koji
# Download the required packages (these are more RPMs than
# you might need):
# Fedora 19:
koji download-build --key=fb4b18e6 --arch=x86_64 --arch=i686 openssl-1.0.1e-37.fc19.1
# Fedora 20:
koji download-build --key=246110c1 --arch=x86_64 --arch=i686 --arch=armv7hl openssl-1.0.1e-37.fc20.1
# Verify that the RPMs are good, this needs to return lines
# like:
# openssl-1.0.1e-37.fc19.1.i686.rpm: rsa sha1 (md5) pgp md5 OK
# If a line does not contain pgp md5 OK, try to download the
# files again
rpm --checksig *.rpm
# Now get a list of all currently installed openssl
# packages:
yum list installed openssl\*
# This outputs lines starting like:
# openssl-libs.x86_64 1:1.0.1e-37.fc19 @updates
# For each line you need to install a new package, e.g. if
# the line starts with "openssl-libs.x86_64", you need to
# add the file
# openssl-libs-1.0.1e-37.fc19.1.x86_64.rpm
# to the following command:
yum install openssl-libs-1.0.1e-37.fc19.1.x86_64.rpm
# Install all necessary packages at once to avoid dependency
# problems.
# After everything is installed, reboot your system
# (recommended) or restart the necessary programs
# Use needs-restarting to identify these programs:
yum install -y yum-utils
needs-restarting