Paul's Blog Entries for November 2007

Thursday 1st November 2007

Local Packages

  • Updated curl to 7.17.1; I've also split out a separate libcurl package, renamed curl-devel to libcurl-devel, and builds for Fedora 8 onwards use NSS rather than OpenSSL by default (all as per current Rawhide)

  • Updated perl-Sub-Uplevel to 0.18

  • Updated perl-Test-File to 1.22

Friday 2nd November 2007

Local Packages

  • Updated sendmail to 8.14.2

Monday 5th November 2007


Had a go at updating moin to 1.6.0beta1 but had to roll it back because of a couple of issues:

  1. My default theme monobook is incompatible with it, and my python-fu is nowhere near good enough to fix it

  2. The migration script that updates the wiki markup to the new style botched all of my InterWiki links

I'll try again with later betas, but I'm very wary of them new

Tuesday 6th November 2007

Local Packages

  • Updated curl to strip the URL variable from the pkgconfig file for libcurl on older distributions, which causes pkg-config on those distributions to barf and result in libcurl not being found by applications looking for it

  • Updated dovecot to support winbind authentication (as per the official Fedora packages), useful for single-sign on in conjunction with samba

  • Updated proftpd to include LDAP schema and LDIF files for managing quotas, as per the official Fedora packages

With the release of Fedora 8 due imminently, I've also started building any of my packages needed for Fedora 8 that haven't yet been built during the Fedora 8 development cycle (i,e, those that still have a .fc7 dist tag in the development repo).

Today's packages were: grepmail, gtorrentviewer, mod_fastcgi, moin, moin-macro-MiniPage, moin-macro-TitleIndexNonPersonal, moin-theme-balanced, moin-theme-hypermodern, moin-theme-mentalwealth, moin-theme-monomoin, moin-theme-widget, python-twisted, python-twisted-conch, python-twisted-lore, python-twisted-mail, python-twisted-names, python-twisted-news, python-twisted-runner, python-twisted-web, python-twisted-words, tidy (20051026 version), torrentsniff, and xv

Some of these had dist tag issues requiring spec file changes and hence rebuilds for all distributions.

Wednesday 7th November 2007

Local Packages

  • Updated moin-theme-monobook to 0.5 (not compatible with the current beta of moin)

  • Updated nmap to include some patches from the official Fedora package, such as the one that removes the instructions on how to scan

  • Updated xxdiff to build using flex on Fedora 7 onwards, and flex-new elsewhere

More updates for the forthcoming Fedora 8 release: perl-ConfigReader-Simple, perl-FileHandle-Unget, perl-HTML-SimpleLinkExtor, perl-HTTP-SimpleLinkChecker, perl-Test-Prereq, php4-pcntl, php4-pcntl-gtk, pptpconfig, tcptraceroute

Thursday 8th November 2007

Local Packages

Completed populating the Fedora 8 repository with builds of, perl-HTTP-Size, weblint, and weblint++

Fedora 8 and VMware Server

Upgraded my work desktop to Fedora 8 in the morning, and found I needed a few extra steps to get VMware Server up and running:

# rpm -Uvh VMware-server-1.0.4-56528.i386.rpm

Before configuring VMware Server, it's necessary to install a few additional packages, patch the kernel modules, and make an SELinux tweak. VMware defaults to using a reserved port (902) for the server; it's easier to make it play nice with SELinux by using an unreserved port such as 4800.

# yum install gcc-c++ kernel-devel xinetd 'perl(ExtUtils::MakeMaker)'
# cd
# wget
# semanage port -a -t inetd_child_port_t -p tcp 4800
# tar xf vmware-any-any-update114.tar.gz
# cd vmware-any-any-update114
# ./
# restorecon -v /etc/services

/!\ If you have a firewall enabled, you'll need to poke a hole in it to allow connections to port 4800 or whatever your chosen port is

SELinux in Fedora 8

Came across a new (to me) type of SELinux denial whilst trying to get a crontab entry like this one to work in Fedora 8:

45 4 * * * /softlib/scripts/updates-sync | Mail -s "Fedora updates subset mirror report" phowarth

Even after adding all of the rules suggested by audit2allow -R in a local policy module, I was still getting Permission denied errors with SELinux in enforcing mode, but it was working in permissive mode.

In /var/log/audit/audit.log, I found this:

type=SELINUX_ERR msg=audit(1194609955.230:176): security_compute_sid:  invalid context unconfined_u:unconfined_r:system_mail_t:s0 for scontext=unconfined_u:unconfined_r:unconfined_crond_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=process

After querying this on fedora-selinux-list, I found that auditallow doesn't currently cope with this sort of denial (which is not an AVC denial), and what I needed to add was:

role unconfined_r types system_mail_t;

So the policy module I ended up with to allow my mail from cron was this:

policy_module(localmisc, 0.0.8) 

require {
        type system_mail_t;
        class netlink_route_socket { bind create getattr nlmsg_read read write };

#============= system_mail_t ==============
role unconfined_r types system_mail_t;
allow system_mail_t self:netlink_route_socket { bind create getattr nlmsg_read read write };

Friday 9th November 2007

Local Packages

  • Updated bittorrent to 5.2.0; there are no GUI changes since 5.0.9 so the GUI still won't work with wxPython 2.8.x, e.g. on Fedora 7 or later

  • Updated getmail to 4.7.7


Monday 12th November 2007

Local Packages

  • Updated perl-ConfigReader-Simple to 1.26

  • Rebuilt ppp and pptp to fix minor packaging issues

Wednesday 14th November 2007

Local Packages

  • Updated moin-theme-monobook to fix another broken reference to headbg.jpg

Monday 19th November 2007

Local Packages

  • Updated curl to fix use of nonblocking sockets in conjunction with NSS (patch from Rawhide), a bug exposed when trying to use the Linux Second Life client

Tuesday 20th November 2007

Local Packages

  • New package getlive for fetching mail from Hotmail Live accounts

Desktop/Server Upgrade

Updated (fresh install) my main desktop/buildsystem/file/dns/dhcp server machine to Fedora 8. My meticulous pre-upgrade preparation of recording how everything was configured led to a very good result - an almost painless update.

The biggest issue I'm having is that the X server regularly hangs in a SIGALARM loop, rendering it useless and having to be sent a SIGKILL. As I do most work remotely, this isn't currently a showstopper but it's a bug I need to get fixed. Will raise a bugzilla ticket on it soon.

Wednesday 21st November 2007

Local Packages

  • Updated getlive to 0.55

Fedora Project

Tuesday 27th November 2007

Local Packages

  • Updated perl-HTML-SimpleLinkExtor to 1.18

  • Updated perl-HTTP-SimpleLinkChecker to 1.14

Wednesday 28th November 2007

Local Packages

  • New package bluefish-unstable, the development version of the bluefish editor; the package is designed to be parallel-installable with the Fedora bluefish package

Fedora Project

It came to my attention yesterday that smbldap-tools wouldn't be released for EPEL because of missing dependencies (perl-Crypt-SmbHash, perl-Digest-MD4, perl-IO-Socket-SSL, perl-Jcode, perl-Net-SSLeay, perl-Unicode-Map, perl-Unicode-Map8, perl-Unicode-MapUTF8, perl-Unicode-String), so I set about getting that fixed.

  • Asked AurelienBompard if he was interested in branching and maintaining in EPEL his packages perl-Jcode, perl-Unicode-Map, perl-Unicode-Map8, perl-Unicode-MapUTF8, and perl-Unicode-String

  • Took over (from the recently declared AWOL JosePedroOliveira), branched, updated, and built perl-Digest-MD4 for Rawhide, EPEL-4, and EPEL-5

  • Branched, updated, and built perl-Crypt-SmbHash for EPEL-4 and EPEL-5

  • Took over (from WarrenTogami) the perl-Net-SSLeay package, updated it in Rawhide to 1.32, branched it for EPEL-4, updated that to 1.30-4, which is the version/release included in RHEL5

  • Took over (from WarrenTogami) the perl-IO-Socket-SSL package, branched it for EPEL-4, updated that to 1.01-1, which is the version/release included in RHEL5, and built a cosmetically-changed version of 1.12 in Rawhide

Also today, AdamJackson kindly fixed Bug #357241 (imlib bug exposed by EXA) for me, applying the debian patch mentioned in the bug report. I just hadn't got round to it yet.

Thursday 29th November 2007

Local Packages

  • Rebuilt curl to fix SSL with PEM certificates on NSS-based builds (Fedora 8 onwards) and to re-enable GSSAPI support

  • Updated dovecot to 1.0.8

Friday 30th November 2007

Local Packages

  • Updated perl-MailTools to 2.02

  • Updated perl-Net-SSLeay to 1.32

  • Rebuilt perl-IO-Socket-SSL against updated perl-Net-SSLeay and add buildreq perl(Test::Simple) as per the Fedora package

  • New package perl-Test-NoWarnings

  • New package perl-Test-Tester

  • Rebuilt perl-MIME-tools to resync with the Fedora package

  • Rebuilt curl with a simplified build process and revised %description as per the Fedora package

Fedora Project

  • Made more suggestions in the curl merge review, all of which were accepted

Night Out

Went to see Marillion at the Manchester Academy. I won two tickets in a prize draw for people pre-ordering their 15th album, which will be out next year. Good to see the lads still obviously enjoying themselves after all these years.

Previous Month: October 2007
Next Month: December 2007