Paul's Blog Entries for June 2009

Monday 1st June 2009

Fedora Project

  • Updated pptp to remove pptpsetup's checks for MPPE support in the kernel and pppd since all active Fedora releases include MPPE support in both the kernel and pppd out of the box; this resolves Bug #502967, in which pptpsetup's checks fail if binutils isn't installed, due to the absence of /usr/bin/strings

  • Built lat and its dependency dbus-sharp for Fedora 12 development, to get a ppc64 build; due to the very late arrival of Mono 2.4 in the Fedora 11 development cycle (not on ppc64 until after final freeze), there has been a race on to get the Mono stack rebuilt for Fedora 11, which has ppc64 support for the first time (and this has been done without doing the Fedora 12 builds in parallel for the sake of expediency), so I did what was necessary to keep a sane upgrade path for my one and only Mono-based package, i.e. lat

PPTP Client Project

  • Updated pptpsetup to only check for MPPE support in the kernel and pppd if the tunnel being created requires encryption

Local Packages

  • Updated perl-HTML-SimpleLinkExtor to 1.23

  • Updated perl-IPC-Run3 to 0.043

  • Updated perl-Params-Util to 1.00

  • Updated perl-Test-File to 1.28

  • Updated perl-Test-MinimumVersion to 0.010

  • Updated perl-Test-Prereq to 1.037

  • Updated pptp as per Fedora except only the pppd checks were removed (the package requires ppp >= 2.4.2 so it's safe to assume that all users will have MPPE support there); the kernel checks are only done if setting up a tunnel that requires encryption, and that check doesn't pull in any additional dependencies

Tuesday 2nd June 2009

Local Packages

  • Updated getmail to 4.9.1

Thursday 4th June 2009

Fedora Project

  • Updated libpng10 to 1.0.45 in devel branch (mainly cosmetic code changes)

Local Packages

  • Updated kernel-advansys to 0.9.4, adding support for current EL-4 and EL-5 kernels and pretty much all Fedora kernels, the latter being in response to a request to build the advansys module on Fedora 10 x86_64; if that works then I'll try getting it built in stock x86_64 kernels in Fedora

  • Updated libpng10 to 1.0.45 as per Fedora

  • Updated perl-Compress-Raw-Bzip2 to 2.020 (cosmetic changes only)

  • Updated perl-Compress-Raw-Zlib to 2.020 (minor documentation changes)

Friday 5th June 2009

Local Packages

Finally got round to making perl-PPI 1.203 build successfully across all of my supported releases. On Red Hat Linux 9 and Red Hat Enterprise Linux 3 it was failing multiple tests with "Can't use an undefined value as an ARRAY reference" errors like in this test case. This appears to be a bug in perl 5.8.0, or at least the Red Hat version of it, and I was able to fix it with this patch:

--- PPI-1.203/lib/PPI/  2008-05-14 05:14:00.000000000 +0100
+++ PPI-1.203/lib/PPI/  2009-06-05 15:39:19.000000000 +0100
@@ -278,7 +278,7 @@
        # Checking once at the end is faster than adding a special
        # case check for every statement parsed.
        my $v6 = $self->{Tokenizer}->{v6};
-       if ( @$v6 ) {
+       if ( defined($v6) && @$v6 ) {
                my $includes = $Document->find( 'PPI::Statement::Include::Perl6' );
                foreach my $include ( @$includes ) {
                        unless ( @$v6 ) {

On Fedora Core 3 and 4, the 14_charsets.t test just got stuck in an infinite loop gobbling up memory as per CPAN RT#35917, which was easily fixed by updating the test to the one in the 1.204_02 developer release, which simply skips the test on perls older than 5.8.7.

Monday 8th June 2009

Fedora Project

  • Cast my votes in the elections for F12 release name, FESCO, and the Board
  • Updated perl-Crypt-RSA to 1.99 in Rawhide

Local Packages

  • Updated python-zope-interface to buildreq python-setuptools-devel so that egg-info is generated

  • Updated perl-BerkeleyDB to 0.39

Today I got started on a project that I've been meaning to implement for a very long time, namely moving the repository source into a version control system. I've chosen subversion for this, mainly because of my familiarity with it and also because there's no need at this time to use a distributed VCS as I'm the only person likely to be making commits. I'll also be able to use the very nice repository browser that comes with trac when I set up the repository bug tracker (coming soon).

Anyway, here's what I did. The subversion repository is going to live on, so I logged in there and became root, then did:

# yum install subversion mod_dav_svn
# mkdir -p /srv/subversion/repos
# chcon -R -t httpd_sys_content_rw_t /srv/subversion/repos
# chown apache:apache /srv/subversion/repos
# su - -s /bin/sh apache
$ svnadmin create --fs-type fsfs /srv/subversion/repos/cfo-repo
$ logout
# cd /srv/subversion/repos/cfo-repo/conf
# htpasswd -c htpasswd paul
(set my password)
# chgrp apache htpasswd
# chmod 640 htpasswd
# vi authz
# vi /etc/httpd/conf.d/subversion.conf
# service httpd reload


LoadModule dav_svn_module     modules/
LoadModule authz_svn_module   modules/

# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn".  Each repository
# must be readable and writable by the 'apache' user.  Note that if
# SELinux is enabled, the repositories must be labelled with a context
# which httpd can write to; this will happen by default for
# directories created in /var/www.  Use "restorecon -R /var/www/svn"
# to label the repositories if upgrading from a previous release.

# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#   # cd /var/www/svn
#   # svnadmin create stuff   
#   # chown -R apache.apache stuff

<Location /repos>
   DAV svn
   SVNParentPath /srv/subversion/repos

   # Limit write permission to list of valid users.
      # Require SSL connection for password protection.
      # SSLRequireSSL

      AuthType Basic
      AuthName "City-Fan.Org Package Repository"
      AuthUserFile /srv/subversion/repos/cfo-repo/conf/htpasswd
      Require valid-user

<Directory "/srv/subversion/repos">
   Options Indexes FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all


### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

svn-admin = paul

@svn-admin = rw
* = r

Tuesday 9th June 2009

Local Packages

  • Updated libidn to 1.15

Wednesday 10th June 2009

Local Packages

  • Updated moin to 1.8.4

  • Updated perl-Test-File to 1.29

  • Updated perl-NetAddr-IP to 4.027

  • Updated perl-MIME-XBase64 to 3.08

  • Updated perl-ConfigReader-Simple to 1.28

I have also now set up a bug tracker and subversion repository browser using trac, which is mainly for my own convenience though of course any users of my packages are welcome to create accounts there and report issues.

Thursday 11th June 2009

Local Packages

  • Updated bluefish-unstable to 1.3.5


  • Wrote TracWithFastCGIonFedora to document how I configured my bug tracker and repository browser using trac with the AccountManager plugin and mod_fcgid

Monday 15th June 2009

Local Packages

  • Updated curl to renumber patches as per the Fedora version - some of my local changes are likely to get merged into the Fedora version soon too (Bug #504857)

  • Updated davfs2 to 1.4.1 (retry uploads on connection failures)

  • Updated fetchyahoo to 2.13.6 (fix getting message IDs for read messages)

  • Updated perl-Archive-Tar to 1.52 (support for --no-same-permissions style behaviour)

  • Updated perl-Array-Compare to 1.18 (fix uninitialized variable in simple_compare - RT#45145)

  • Updated perl-PAR-Dist to 0.45 (fix test skipping if optional dependencies can't be found)

  • Updated perl-XML-NamespaceSupport to 1.10 (re-bundle with modern testing and Module::Install)

A couple of the perl module packages were unusually troublesome today.

Firstly, perl-XML-NamespaceSupport tries to use the CPAN module by default during installation due to the use of Module::AutoInstall, so that would be an extra build requirement (no too bad) and loads of extra redundant text in the build logs due to the CPAN module trying to configure itself. However, the biggest problem with the use of CPAN in an RPM-based distro is that it might pull in modules that don't get registered in the RPM database, leading to potentially unreproducible builds. Fortunately this could be prevented by adding the --skipdeps parameter to the Makefile.PL invocation.

Secondly, perl-Array-Compare failed to build on anything older than Fedora Core 5, trying to run Build.PL (which requires Module::Build, not in the buildroot). Adding a buildreq of perl(Module::Build) didn't help either, resulting in this strange output:

Checking if your kit is complete...
Looks good
Writing Makefile for Array::Compare
+ /usr/bin/make -j2
/usr/bin/perl "-Iblib/arch" "-Iblib/lib" Build.PL Build
cp lib/Array/ blib/lib/Array/
Manifying blib/man3/Array::Compare.3pm
Too early to specify a build action 'Build'.  Do 'Build Build' instead.
make: *** [Build] Error 2

Looking at what had changed in Makefile.PL since the previous version, I saw that it had been auto-generated by Module::Build::Compat version 0.32, whereas the previous version was auto-generated by Module::Build::Compat version 0.2808_01. The only other change was that the PL_FILES entry was missing from the WriteMakefile call. Adding this back using this patch fixed the problem:

--- Array-Compare-1.18/Makefile.PL      2009-06-14 18:59:54.000000000 +0100
+++ Array-Compare-1.18/Makefile.PL      2009-06-15 10:55:38.000000000 +0100
@@ -9,6 +9,7 @@
                            'Carp' => 0
           'INSTALLDIRS' => 'site',
+          'PL_FILES'  => {},
           'EXE_FILES' => []

Tuesday 16th June 2009

Local Packages

  • Updated contagged to fix buildreqs for SELinux policy module - it's now necessary to buildreq /usr/share/selinux/devel/policyhelp, which might be found in any of selinux-policy, selinux-policy-devel, or selinux-policy-doc depending on OS release

Wednesday 17th June 2009

Local Packages

  • Updated flex-new to 2.5.35 (synced with Fedora and some docs dropped to prevent conflicts with flex)

  • Updated perl-Archive-Zip to 1.28

  • Updated xxdiff to fix tools for python versions prior to 2.4, and make the tools package noarch from Fedora 10 onwards

Thursday 18th June 2009

Local Packages

  • Rebuilt getmail 3.2.5 to clarify the license as GPL version 2 only and to recode the docs as UTF-8

  • Updated libgcrypt to include a patch that fixed some crashes on VIA processors (Bug #505724) as per the Fedora version. Whilst merging this patch, I noticed that the patch wasn't actually applied in the Fedora package (libgcrypt-1.4.4-5.fc11) so I added a comment to that effect in Bodhi and the Fedora maintainer Tomas Mraz quickly issued a fixed version. The RHEL5 version of libgcrypt is now built with FIPS support, since RHEL5.3 supports this.

  • Updated libpng10 to 1.0.46; after importing the gnome-libs package into my subversion repository I did a test build and compared the result with the existing build in the repository, and found that it was missing a dependency on Looking at the build log, it seemed that the configure script wasn't finding png.h, despite having libpng10-devel in the buildroot. It turned out that the recent release of libpng 1.0.45 had some garbage lines in some files, resulting in a libpng10.pc file that returned an empty string for pkg-config --cflags rather than -I/usr/include/libpng10. I emailed the libpng maintainer Glenn Randers-Pehrson about this and he quickly issued version 1.0.46 with this problem addressed.

Fedora Project

  • Updated libpng10 to 1.0.46 in Rawhide

SELinux Reference Policy

  • My SELinux policy for milter-greylist was merged

Friday 19th June 2009

Local Packages

  • Updated grepmail to clean up the package in line with the Fedora version

  • Updated php-Smarty to 2.6.26 (revert super global access changes, rely on USE_SUPER_GLOBALS for security)

Saturday 20th June 2009

Local Packages

Having noticed that there was a kernel update available for CentOS 5, I tried updating one of the CentOS 5 boxes at work. Whilst there were no problems with the CentOS updates, it reported an error regarding one of the packages from my repo:

Error Downloading Packages:
  php-Smarty-2.6.25-1.rhel5.noarch: failure: php-Smarty-2.6.25-1.rhel5.noarch.rpm from [Errno 256] No more mirrors to try.

This was unexpected because I updated php-Smarty to 2.6.26 yesterday. It's no surprise that 2.6.25 wasn't there but a it shouldn't have been looking for it at all. The first thing I tried was to force-update the metadata for my repo:

# yum --disablerepo=\* clean metadata
# yum update php-Smarty
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * epel:
 * base:
 * addons:
 * updates:
 * extras:                                                                            | 2.3 kB     00:00     
primary.sqlite.bz2                                                                      | 186 kB     00:00 [Errno -3] Error performing checksum
Trying other mirror.
primary.sqlite.bz2                                                                      | 186 kB     00:00 [Errno -3] Error performing checksum
Trying other mirror.
Error: failure: repodata/primary.sqlite.bz2 from [Errno 256] No more mirrors to try.

Then I recalled that Fedora 11 (which I've recently migrated by build system to) had a feature of stronger hashes, which includes the RPM package and repository metadata signature algorithms - I was generating repository metadata using the new algorithm (SHA256 in this case) that wasn't understood by older distributions. After some googling I found the solution I needed, a so-far undocumented --checksum option to createrepo that could be used to force the use of the old algorithm. So I changed my repo-building script generator's call to createrepo from this (it's written in awk):

printf "createrepo --update -d .\n"

to this:

if (dist ~ "^fc[1-9][0-9]$") {
        printf "createrepo --update -d .\n"
} else {
       printf "createrepo --update -d --checksum sha .\n"

This used the new algorithm for the Fedora 10 repos onwards (F-10's yum should be fine with that) and the old one everywhere else. I rebuild the repository and it improved things but there was still a problem:

Monday 22nd June 2009

Local Packages

  • Updated libspf2 1.0.4 (for to do lots of clean-ups - previous update was February 2005!

  • Updated nmap to 4.85BETA10 as per Rawhide

Tuesday 23rd June 2009

Local Packages

  • Updated mgdiff to clean up the packaging - another one that hadn't been touched for a long time

Wednesday 24th June 2009

Local Packages

  • Rebuilt curl after adding note that Fedora's version has implemented a similar multilib header fix to my version

  • Updated dovecot to 1.2.rc5

  • Updated mod_fastcgi to 2.4.6

  • Cleaned up moin-macro-MiniPage package and rebuilt it

  • Cleaned up moin-macro-TitleIndexNonPersonal package and rebuilt it

  • Cleaned up perl-Net-DNS-Resolver-Programmable package and rebuilt it

Thursday 25th June 2009

Local Packages

  • Updated dovecot to 1.2.rc6

  • Updated nmap to 4.90RC1

  • Updated proftpd to build against the system libcap library rather than the (old) version bundled with the source; this fixes the cause of the following message appearing when the server starts up:

  • kernel: warning: `proftpd' uses 32-bit capabilities (legacy support in use)

Fedora Project

I looked to see if anyone else had reported the proftpd issue and found Bug #506735, which was related to capabilities but was actually a problem I'd found a fix for two years ago and had never gotten round to submitting the patch upstream. I commented in the bug and asked MatthiasSaou if he'd mind if I became co-maintainer and fixed the problem myself, and he didn't mind at all. So I'm now co-maintainer of proftpd in Fedora.

Monday 29th June 2009

Local Packages

  • Updated dovecot to 1.2.rc7

  • Updated perl-ExtUtils-CBuilder to 0.25

  • Updated python-twisted-core to fix deprecation warnings from python 2.6 as per Fedora version

Tuesday 30th June 2009

Local Packages

  • Updated perl-Archive-Zip to 1.29 and then 1.30 (see CPAN RT#47454)

  • Updated perl-ExtUtils-CBuilder to 0.26

  • Updated perl-Test-MinimumVersion to 0.011

Previous Month: May 2009
Next Month: July 2009