Fedora (EPEL) Orphaned Packages Cleanup

Today I got to  the script ready I previously used to report long time orphaned packages for Fedora to allow checking for other releases than Rawhide. I just sent reports for Fedora Branched and Rawhide and EPEL 5, 6 and 7 to the respective devel lists. Especially EPEL 5 needs a lot of care as there are about 700 packages in EPEL 5 that are currently orphaned or depend on an orphaned package. Eventually all orphaned EPEL packages will be retired (removed). For Fedora Branched and Rawhide is was already decided to retire packages that are orphaned for six weeks. However automation for regular reports and checking when the packages were orphaned is still on the TODO list.

To make sure that no packages are retired that you would like to use, please check the reports on the mailing lists for any packages you care about and claim them if necessary. Eventually I will create nice HTML reports that are updated more regularly to make everthing more visible.

Flocked to Fedora 2014

This year I was happy to be able to attend Fedora Flock in Prague. It was a very nice conference and I mainly enjoyed to get to know a lot of other people I already knew from the Internet. I was especially happy to be able to meet Toshio, who now takes some time off from Fedora, so I am not sure if I ever will have the chance again.

The talks were nice, too. I learned about some new features in Python 3, which I would like to use very much. I am sure I will enjoy using keyword-only arguments, chained exceptions, advanced unpacking and the new OSError subclasses. It is too bad that too much of Fedora’s tool (yum, koji) are still Python 2 only, so I am not able to use Python 3 for the current projects (autosigner and autoblocker). Especially chained exeptions is something I was missing in fedpkg, last time I had to debeg something there. I am also looking forward to Bodhi 2 and hope I will be able to provide tests for Taskotron, which according to Tim’s talk about it, should be rather easy. I am also thankful to Nick, that he hosted a GPG keysigning party, which is something a planned to do if I had more time in advance. The late blog post indicates already that I am still short of time. Therefore I only got to mention some highlights from Flock, even though there was a lot more worth mentioning. Thank you to everyone who made it possible for me to attend Flock!

openssl security vulnerability (heartbleed) notes

Update:

The updated package should now be available via yum update openssl\*. Please do not forget to restart your system after you installed them. The manual installation process described below should not be necessary anymore.

Please be a aware that the instructions to update openssl given for example in
Fedora
Magazine
are incomplete. I recommend the following steps (All yum commands
need to run as root, all commands need to be specified on one line):

# Ensure that koji is installed
yum -y install koji
# Download the required packages (these are more RPMs than
# you might need):
# Fedora 19:
koji download-build --key=fb4b18e6 --arch=x86_64 --arch=i686 openssl-1.0.1e-37.fc19.1
# Fedora 20:
koji download-build --key=246110c1 --arch=x86_64 --arch=i686 --arch=armv7hl openssl-1.0.1e-37.fc20.1
# Verify that the RPMs are good, this needs to return lines
# like:
# openssl-1.0.1e-37.fc19.1.i686.rpm: rsa sha1 (md5) pgp md5 OK
# If a line does not contain pgp md5 OK, try to download the
# files again
rpm --checksig *.rpm
# Now get a list of all currently installed openssl
# packages:
yum list installed openssl\*
# This outputs lines starting like:
# openssl-libs.x86_64 1:1.0.1e-37.fc19 @updates
# For each line you need to install a new package, e.g. if
# the line starts with "openssl-libs.x86_64", you need to
# add the file
# openssl-libs-1.0.1e-37.fc19.1.x86_64.rpm
# to the following command:
yum install openssl-libs-1.0.1e-37.fc19.1.x86_64.rpm
# Install all necessary packages at once to avoid dependency
# problems.
# After everything is installed, reboot your system
# (recommended) or restart the necessary programs
# Use needs-restarting to identify these programs:
yum install -y yum-utils
needs-restarting

Overview of packages in RHEL 7 Public Beta

Overview of packages in RHEL 7 Public Beta

If you are wondering, which package might be available to build your EPEL packages on, check this wiki page. Initially created by Dennis Gilmore I extended it with information about which package are available to which architectures. Packages only present in one of the two architectures can be maintained in EPEL for the other architecture.

Monitoring all drupal, ghc, nodejs and rubygem Fedora Packages

I recently added a patch to Fedora’s upstream release monitoring to allow specifying monitored packages with wildcards. This allows to easily monitor packages that come from a central upstream location, such as drupal or ghc packages. This reduces unnecessary manual work adding these kind of packages. Another type of packages this should reduce work are perl packages, but they are currently not all using only the default URL and regex aliases, but this should be addressable in the near future as well.

Bring GPG Fingerprints to FOSDEM

Hello fellow Fedorians and other readers, if you are going to FOSDEM, please bring your GPG fingerprint so we can exchange them. An easy way to generate a sheet with lots of them is to use gpg-key2ps found in the package pgp-tools:

sudo yum install pgp-tools
gpg-key2ps KEYID > KEYID.ps
lpr KEYID.ps

Replace KEYID in with your GPG key ID. Mine is for example 6A3A10B31C109517.