submission rate limit advice

I've tightened or rather overtightened several postfix limits, in what
seemed like a good idea at the time...

noticed now this warning, this user is on a dynamic IP, so can't add his
IP to exception:

going by the counter "Connection rate limit exceeded: 125", what values
should I alter?

Jan 31 14:01:09 geko postfix/smtpd[24223]: warning: Connection rate limit
exceeded: 124 from[] for
service submission
Jan 31 14:03:14 geko postfix/smtpd[24340]: warning: Connection rate limit
exceeded: 125 from[

Arch Linux Update Notifier for KDE

Hey all I wanted to help generate awareness for an Update Notifier plasmoid
for Arch Linux and possibly create an online blog post to help people know
about it.

For those who don't know Arch Linux has you manually upgrade packages through
the terminal.

My Plasmoid is a front end for it.

You can checkout my github page for screenshots and more information.

<a href="" title=""></a>

Current Features:

* change refresh interval
* turn version numbers on and off
* show upgrade in konsole or yakauke
* AUR support
* Custom Icon Support

This affects not just



I was trying to install Tor and now I my mouse cursor indicates that
something is waiting for input.  I executed ps  to see what is causing
it and I find a utility running called /sbin/agett.  I ran the man pages
and it seems to be a legitimate linux utility but I still am uncertain. 
Is this needed or is somehow related to the recent Tor installation?

I don't like something running in the background waiting for some
unknown input as indicated by the mouse cursor being a circle that is
rotating.  If it is unnecessary, should I get rid of it or simply
disable it?  Also, I looked in

Firefox 60 crashes when trying to save an image

On any web page with an image, if i right-click on the image and select "Save Image As...", firefox crashes.

Final messages from stderr:
(firefox:3401): GLib-GIO-ERROR **: No GSettings schemas are installed on the system
[Child 3502, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /builddir/build/BUILD/firefox-60.1.0/ipc/chromium/src/chrome/common/, line 353
Trace/breakpoint trap (core dumped)

I've reported this on RHEL bugzilla (1601254), but on the off chance that this is a problem with the CentOS build I'm posting here as well.

Centos 7 Not coming back from Sleep

Hi All

im running centos 7 on my HP Probook 450. the problem im having is that
when i put the Laptop to sleep (close the lid or press power button
once)  it goes to sleep fine. but to resume back, it cannot. it only
lights up the keybord LED's to indicate PC is awake, but the screen will
be blank. i have  to force reboot ( long press of power button) for the 
laptop to come back up.

what/were can i check to make sure it comes back from sleep nicely.

kvm & permission denied


I am trying to install KVM on a desktop unit as a lab project with the
hope of being able to use kvm on one of our office servers after I
learn how. So far I am very low on the learning curve.

I have used the guide to make the installation :

<a href="" title=""></a>

The installation seemed to go well, but when I tried to add Fedora 27
with virt-manager I have continued to get file permission errors.

sip-related build failures in rawhide


A few days ago scidavis builds started failing in rawhide. Someone
mentioned here that sip was to blame for a number of such failures and
according to koschei they started to happen after the update from
sip-4.19.9-0.2.dev1805261119.fc29 to sip-4.19.12-2.fc29.

According to the logs[0], sip can't find a file:
sip: Unable to find file "QtCore/QtCoremod.sip"

which results in a number of files not getting generated.

Is this a bug in sip, do I need to change something in my spec file,
or should I contact upstream?

Best regards,


xfig license change

License of xfig package was changed

PR submitted, not yet merged:
<a href="" title=""></a>

Hans or Steve, please, merge.


transfig license change

License of transfig package was changed

<a href="" title=""></a>

Fedora Rawhide-20180714.n.0 compose check report

No missing expected images.

Failed openQA tests: 44/138 (x86_64), 23/24 (i386), 1/2 (arm)

New failures (same test did not fail in Rawhide-20180711.n.0):

ID: 257505 Test: x86_64 Server-dvd-iso install_default_upload
URL: <a href="" title=""></a>
ID: 257518 Test: x86_64 Server-dvd-iso install_repository_nfs_variation
URL: <a href="" title=""></a>
ID: 257519 Test: x86_64 Server-dvd-iso install_repository_nfs_graphical
URL: <a href="" title=""></a>
ID: 257526 Test: x86_64 Server-dvd-iso install_updates_nfs
URL: <a href="https://openqa.fedora" title="https://openqa.fedora">https://openqa.fedora</a>

Fedora updates-20180715.0 compose check report

Missing expected images:

Atomichost qcow2 x86_64
Atomichost raw-xz x86_64

Passed openQA tests: 2/2 (x86_64)

New passes (same test did not pass in updates-20180713.0):

ID: 257682 Test: x86_64 AtomicHost-dvd_ostree-iso install_default
URL: <a href="" title=""></a>
ID: 257683 Test: x86_64 AtomicHost-dvd_ostree-iso install_default@uefi
URL: <a href="" title=""></a>

Clamd issues on Centos 6.10

Hello all,

Been having an issue today that I can't seem to solve, so reaching out to others much more
knowledgeable for help/advice/assistance.

I ran the software update this morning and installed 134 packages, clamd was one of the packages.
Upon completion of the update, I needed to reboot the box.

Failure message


ssm vs. lvm: moving physical drives and volume group to another system

I did the following test:


Computer with Centos 7.5 installed on hard drive /dev/sda.

Added two hard drives to the computer: /dev/sdb and /dev/sdc.

Created a new logical volume in RAID-1 using RedHat System Storage Manager:

ssm create --fstype xfs -r 1 /dev/sdb /dev/sdc /mnt/data

Everything works.
/dev/lvm_pool/lvol001 is mounted to /mnt/data.
Files and folders can be copied/moved, read/written on /mnt/data.



I erased CentOS 7.5 from /dev/sda.
Wrote zeros to /dev/sda using dd.

CentOS-announce Digest, Vol 161, Issue 3

Send CentOS-announce mailing list submissions to
<a href="mailto:centos- ... at centos dot org">centos- ... at centos dot org</a>

To subscribe or unsubscribe via the World Wide Web, visit
<a href="" title=""></a>
or, via email, send a message with subject or body 'help' to
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

You can reach the person managing the list at
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:


KDE Frameworks 5.48.0 released

14th July 2018. KDE today announces the release of KDE Frameworks 5.48.0.

KDE Frameworks are 78 addon libraries to Qt which provide a wide variety of·
commonly needed functionality in mature, peer reviewed and well tested·
libraries with friendly licensing terms.

2018-07-16 @ 16:00 UTC - Fedora 29 Blocker Review Meeting

# F29 Blocker Review meeting
# Date: 2018-07-16
# Time: 16:00 UTC
# Location: #fedora-blocker-review on

Hi folks! We have 4 proposed Beta blockers to review, so let's have a
review meeting on Monday.

If you have time this weekend, you can take a look at the proposed or
accepted blockers before the meeting - the full lists can be found
here: <a href="" title=""></a> .

We'll be evaluating these bugs to see if they violate any of the
Release Criteria and warrant the blocking of a release if they're not

2018-07-16 @ 15:00 UTC - Fedora QA Meeting

# Fedora Quality Assurance Meeting
# Date: 2018-07-16
# Time: 15:00 UTC
(<a href="" title=""></a>)
# Location: #fedora-meeting on

Greetings testers!

We didn't meet last week, and there are Interesting Times going on in
Rawhide (and I think Test Day land) right now, so let's meet on Monday!

If anyone has any other items for the agenda, please reply to this
email and suggest them! Thanks.

== Proposed Agenda Topics ==

1. Previous meeting follow-up
2. Fedora 29 status (DNF 3, Python 3.7, mass rebuild, binutils...)
3. Test Day status
4. Open floor

Installing Packages as Another User with Sudo

I have been trying and failing to set up the sudoers file so that I can run
apt/dpkg/etc as another user without sudo (root) access.

Self Introduction: Chris/BunnyApocalypse

Hello all, I'm Chris King, and on the internet I go by BunnyApocalypse, a name which I created in 6th grade, and has stuck with me ever since.

I am a foss enthusiast and have been using Linux as my daily driver for a few years now, although I only recently switched to Fedora. I don't have any major experience to contributing to large open source projects, but I have a few small ones on my GitHub here: <a href="" title=""></a>.

Firefix 60.10-5 ESR Install Problems For CentOS 6

Johnny/et al,

Looks like we've run into some issues with incompatible libs for the new
Firefox 60 ESR install:

re-installing system

This was a clean install of 18.04 on an HP laptop, quad core AMD 8 gigs

I suspect something went wrong during installation. Nothing will install
from the repositories. It comes back with an error that says I need a
"gtk3" something. Googling is no help or anything else I've tried.

I'm wondering if there is something that will re-install everything from
a dvd or...................... that doesn't mean wiping the hard drive
clean and starting over. I'm not against doing that but would rather not
if I can.

grep in Postfix logfiles


I'm looking for a search tool to analyze Postfix logfiles. It should be
something like a multiline grep application which is able to show all
lines, which are related to one incoming mail. Mainly I want to search
for the sender and the recipient at the same time. E.g. something like that:

mailgrep "from=<local1@domain1>.*to=<local2@domain2>" /var/log/mail.log

I assume, that I'm not the first Postfix user with this requirement. But
I couldn't find a suitable tool. Does somebody know an adequate
application or do I have to write it for my own?


fsck error creating live cd


I was trying to build a live cd with livecd-creator and towards the
latter part of the process I encountered the following error,

Checking filesystem /var/tmp/imgcreate-230i9kyl/tmp-fjf6k6vu/ext3fs.img
resizing /var/tmp/imgcreate-230i9kyl/tmp-fjf6k6vu/ext3fs.img
Checking filesystem /var/tmp/imgcreate-230i9kyl/tmp-fjf6k6vu/ext3fs.img
Error creating Live CD : fsck after resize returned an error (1)!

I also tried with increasing the value of ,
part / --size
in kick start file, but still get the same error.

What should I do to overcome this error?

ODBC - Getting CONN ERROR: errmsg='The buffer was too small for the InfoValue'"

I've ported a powerbuilder application to postgresql. Tested ok on windows
10 64, was installed on two win10-64 other computers, all connecting the
postgresql database in the localhost with access via odbc. The third of
them presented the error detailed below in the logs (mylog and psqlodbc)
integrally copy and paste.
Can anyone help me?

- The application send the connect command and receive error "IM001"as a
- The ODBC DSN interface test shows "connection successful".
- The log tell us that the connection to the database was effectively
completed by the driver.

strange behavior of KCookieServer

Hello to everyone,
in my ongoing attempt to integrate Konqueror and QWebEngine, I'm still
struggling with a way to share cookies between QWebEngineCookieStore and
KCookieServer. While investigating this issue, I found a problem when adding
cookies to KCookieServer by hand which doesn't seem happen when using
Konqueror with either KHTML or KWebKitPart.

Teaching people to code

Does anyone here have any recommendations for resources on teaching people to code?

I've kind of volunteered to teach Ruby to some of my co-workers. I'm good at _explaining_ but I'm rapidly discovering that there is a big gap between that and teaching.

Worse, it looks as if one of my students has never coded before.

Intend to retire python-openstack-nose-plugin

the subject says it, I'm intending to retire
python-openstack-nose-plugin. It is old,
very old. Last commit upstream was 2012.

Any takers, otherwise I'd retire it in a week.


Widevine plugin for CentOS 6?

Does anyone know of a CentOS 6 compiled version of the widevine DRM plugin?

With Firefox 60ESR, Netflix (e.g.) installs a version in your
~/.mozilla/firefox/(profile name)gmp-widevinecdm/ directory but it has the
following library failures in 'ldd' output:

Problem: do threads always run for at least TIME_QUANTUM_USEC before termination, on Linux?

I have a GUI project (Tk), which makes use of threads for performing
background filesystem searches based on a filename pattern.

My system is a 4 cores, on recent Linux; the interpreter is MRI 2.3.

At any given time, there should be at most one search background
thread, so the requests for new searches cause termination of the one
currently executing.

The search code is properly structured: it's a simple loop through
directories, that exits either when the directories are exhausted, or
when a termination flag is passed (by the project scheduler) to the

The problem I've observed is

ERC20 Compatible Wallet

Does anyone have any experience with hardware wallets?

Is there one they would recommend that is easy to use with Ubuntu 18.04?

- Richard.

Litte misspelling

<a href="" title=""></a>
[image: image.png]
<a href="" title=""></a>

DANE-TA(2) private CAs and SHA-1

By using DANE-TA(2) TLSA records you can associate your SMTP server
with a either a public or private (your own) issuer CA. This can
simplify the management of TLSA records of multiple MX hosts by
using a CNAME to a common location where you publish the shared CA
key hash.

Some care needs to be take to make sure that certificate chains
issued by a private CA can be successfully validated by correctly
configured DANE TLS clients.



When you will fix the CVE's affected to kernel package.

Could you please let us know ,when you will fix these below CVE's in kernel package.
1) CVE-2018-10940
2) CVE-2018-1120


Reports from Libre Base failing

I am using the installation of Libre Base from the repository for Ubuntu
16.04. With earlier versions I was able to produce reports.  Now if I
use the reporting system the data base freezes. Where should i look for
any error messages associated with this problem?


Peter Goggin

haproxy protocol ipv6 support?

I've been successfully using Postfix 3.3.1 behind an Haproxy for a few
weeks now, and while this is a minor complaint, I just wondered if it
was known.

I have dual-stack ipv4/v6 support enabled and as a result most of my
mail that comes from Google comes from an ipv6 address.

The IP address is not parsed properly I think in the haproxy protocol,
and I suspect that was fixed in send-proxy-v2 which I believe Postfix
doesn't support.

C7, ipmi, NIC2, still fighting

This is that system with the missing management port, and I'm still
fighting it.

Vault and mantis 6.10 issues

The bug tracker doesn't have 6.10 as a version option.

The vault doesn't have the RPMs for 6.9.


AUTO: Joerg Meidl is out of the office (Rückkehr am 20.07.2018)

Ich kehre zurück am 20.07.2018.

Sehr geerhte Damen und Herren!

Ich bin von 09.07.2018 bis 20.07. 2018auf Urlaub und habe nicht immer die
Möglichkeit meine Mails zu lesen!

Mit freundlichen Grüßen

Jörg Meidl

Hinweis: Dies ist eine automatische Antwort auf Ihre Nachricht "Re: Why
nil" gesendet am 09.07.2018 16:30:51.

Diese ist die einzige Benachrichtigung, die Sie empfangen werden, während
diese Person abwesend ist.

Unsubscribe: <>

TLS1.3 only


postfix-3.3.1 + openssl-1.1.1pre8

For fun I tried to disable all TLS protocol versions other then TLS1.3
submission.local inet n - - - - smtpd
-o smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1,!TLSv1.2

but I'm still able to connect using TLS1.2

$ openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018

$ openssl s_client -connect submission.local:587 -starttls smtp -tls1_2
Start Time: 1531425453
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
Shouldn't that fail like this one?

$ openssl

RE: new strangeness with O365 [OT] --TESTING

I'm conducting a test to see if the URL rewrite issue is better, for me anyway.

Self Introduction: Kairui Song

Hi all,

I'm working on submitting a package, it's my first package. So I want to
give a brief self-introduction here.

My name is Kairui Song, I'm a software engineer at Red Hat, have been a Red
Hat employee for two years, and start working on kdump / kexec and related
components recently. Have been a Linux user/fan/enthusiast for about 4
years since college, started with customizing and optimize my smartphone's
kernel. Besides this, I also have some experience working as a full-stack
developer, and I enjoy learning and try all kinds of new things and tech

SMTP access restriction lists


I intend to protect some internal email distribution lists in a way,
which is described here:

<a href="" title=""></a>

I would need to add "check_recipient_access ..." to the parameter
"smtpd_recipient_restrictions". The actual value of this parameter in is:

smtpd_recipient_restrictions =

"smtpd_relay_restrictions" is not explicitly defined in

Packages needlessly use __provides_exclude_from on python sitearch

There are 56 packages that use something like this:

%global __provides_exclude_from ^(%{python_sitearch}/.*\\.so)$
%global __provides_exclude_from ^(%{python2_sitearch}/.*\\.so)$
%global __provides_exclude_from ^(%{python3_sitearch}/.*\\.so)$
%global __provides_exclude_from

and 68 like this:

%filter_provides_in %{python_sitearch}/whatnot/.*\.so$
%filter_provides_in %{python2_sitearch}/.*\.so$
%filter_provides_in %{python2_sitearch}/.*\.so$ %{python3_sitearch}/.*\.so$

The full list can be obtained by:

$ rg '(filter_provides_in|__

Lets Drop Old Monitors


Do excuse me for mooching, (part of), a Subject: line. :-)

In a sense, this is about a similar sort of problem, but coming
at it from a different direction. My hope here, is to provide
some ideas for improving on what so far, is _very_ frustrating.

A while back when my trusty old Optiquest Q-71 monitor died, and
I replaced it with a brand new HD monitor, I expected it to solve
a host of problems. Unfortunately, a bunch of really nasty
problems showed up, mostly dealling with text, and symbol sizes.
I am constantly running up against this problem.

Today's meeting cancelled


nobody else showed up so it's cancelled.

Have a great day!

OCaml 4.07.0 is now in Fedora 29

OCaml 4.07.0 was released on Tuesday and it's in Fedora Rawhide today.
All packages that use OCaml have been recompiled except:

- why3: "Error: Unbound module Stdlib" - probably needs an
upstream change

If you see any other problems related to OCaml compilation with the
new package then let me know.


C7, just updated firefox, bugs

I just updated the "critical" firefox update, and it is *seriously* buggy.

1. I killed my old session, and started a new. Many (all?) tabs show
*nothing* until I put my cursor in the URL bar and hit <enter>
2. I cannot open a link in an email in thunderbird. I click the link, and
after a bit (30 sec? more?) a small windows tells me that firefox is
running, but not responding, which it certainly responds when I focus on


postfix cleanup process dropping messages

My postfix servers remain pretty busy throughout the day getting around
100 - 200 mails / second

I have seen that for every 100 k mails around 20 mails disappear from
the queue.
From maillogs , I can see smtpd accepting the connection , creating a
queue-id and then cleanup picking it up.
But nothing after that , no qmgr lines no discard etc

If I enable cleanup in  debug mode I can see  errors like this  ( esp
cleanup_flush: status 1 )

How do I debug this further ?

Jul 12 18:20:35 smtpbp1 smtpbp1/cleanup[9121]: open incoming/6262B115F
Jul 12 18:20:35 smtpbp1 smtpbp1/cleanup[9121]:

CentOS-announce Digest, Vol 161, Issue 2

Send CentOS-announce mailing list submissions to
<a href="mailto:centos- ... at centos dot org">centos- ... at centos dot org</a>

To subscribe or unsubscribe via the World Wide Web, visit
<a href="" title=""></a>
or, via email, send a message with subject or body 'help' to
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

You can reach the person managing the list at
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:


glassfish-el-javadoc license change

License of glassfish-el-javadoc package was changed

<a href="" title=""></a>

Fedora Rawhide-20180711.n.0 compose check report

No missing expected images.

Failed openQA tests: 19/138 (x86_64), 23/24 (i386), 1/2 (arm)

New failures (same test did not fail in Rawhide-20180710.n.0):

ID: 256995 Test: x86_64 Server-dvd-iso server_firewall_default
URL: <a href="" title=""></a>
ID: 256998 Test: x86_64 Server-dvd-iso server_role_deploy_database_server
URL: <a href="" title=""></a>
ID: 257000 Test: x86_64 Server-dvd-iso server_role_deploy_domain_controller
URL: <a href="" title=""></a>
ID: 257055 Test: x86_64 AtomicWorkstation-dvd_ostree-iso install_no_user


Hi all,

With the release of firefox 60.x.x ESR that does not by default use the package
'centos-indexhtml', we are left with only KDE's 'konqueror' using it. Just for
discussion... is centos-indexhtml needed any more and have a future in the
distro and should konqueror be altered to homepage to the CentOS homepage?



rpath issues

Hi Hannah,

I was working for a long time today with getting Qt to build in craft on my Mac and getting everything required for KStars to build properly on top of that since you told me I shouldn’t be using ~/Qt/5.11.1. The issue really comes down to one thing: @rpath.

Schedule for Thursday's FPC Meeting (2018-07-12 16:00 UTC)

  Following is the list of topics that will be discussed in the FPC
meeting Thursday at 2018-07-12 16:00 UTC in #fedora-meeting-1 on

  Local time information (via.

mail for ... loops back to myself

I suspect the answer to this is going to be "Well, don't do that then." but I may as well ask...

I have a VM that's running two services. One of them is a vanilla postfix smarthost - it accepts mail on port 587 and relays it out to the world.

The other is an unrelated smtp server that listens for inbound email on port 25. They use unrelated domains and hostnames, but are both on the same IP address.

If I try and send mail via the smarthost to the inbound smtp server the postfix rejects the attempt with "mail for <the destination domain> loops back to myself".

Haskell failures: relocation refers to local symbol "" [1], which is defined in a discarded section

Hello all,

All Haskell packages seem to be broken now, e.g., ghc-optional-args [1] or anything on koschei [2].

libperl5.26 dependency problems

I've been getting this for a couple of days, searched the mail list but
couldn't find anything. launchpad had some hits but i couldn't find this
exact thing.


Hi Im an oldie, who once installed an Apache server, now I was on to make a new installation BUT OHHHH,
things have become so complexity, so inflated, I can make no sense of what to download, or from where........

Fedora 27 Candidate Update-20180711.1812 Available Now!

According to the schedule [1], Fedora 27 Candidate Update-20180711.1812 is now
available for testing. Please help us complete all the validation

Header files in Ruby repo?

Hoping this question has a simple answer, I'm familiar with where the
Header files can be found in a Distro's own packagment system,
typically the package names will have a "-dev" or "--devel" appended
to the end of the package name. If something similar exists for gem
files from the official Ruby repos and can't seem to find in
Documentation(My search skills seem to have failed me), I can't find

How to autoreply with "Undelivered Mail Returned to Sender" unknown user for


Let's say that I do have a user "user" on my system, but I would like
for emails sent to "user+ ... at domain dot org" to bounce back the
"Undelivered mail" message with something like:

<user+ ... at domain dot org>: unknown user: "user+doesnotexist"

How would I do this? I naively tried adding

user+doesnotexist: doesnoteixst

to my /etc/aliases file, but it was still delivered to my user account.

Thanks for any help.


Flock Update - ~1 month away

An Update on Flock

* New Sponsor

Some of you may have noticed that the ARM Foundation is now a Gold Sponsor
for Flock.

* Tickets and T-shirts

My tardiness at getting t-shirts ordered is to your BENEFIT. The tickets
that have t-shirts associated with them have been extended until tomorrow,
12 July. Get your order in now if you want to be assured of getting a

Tickets that don't guarantee a t-shirt or lunch, will be available until 8

* Transportation Details

Transportation Information has been added to the website as provided by
Amit Shah.

Rawhide Rebase Warning to Package Maintainers


This e-mail is intended to inform you about the upcoming Bugzilla changes
happening on 2018-08-14 (Rawhide bug rebase) and what you need to do,
if anything.

We will be automatically changing the version for most rawhide bugs to
Fedora 29.
This will result in regular bugs reported against rawhide during the Fedora 29
development cycle being changed to version ‘29' instead of their current
assignment, ‘rawhide’.

FYI: Useful to know on pdf printing

This is just an FYI, folks.

We've got this large poster printer. We had some, er, environmental
issues, let us say, and first I had to recreate the .ppd (HP "doesn't
support printing from Linux, and the one a former coworker extracted from
the Mac package... was for a 23", not this 44"). Then... I was trying to
print from a 6.9 box.

Disable SSL/TLS renegotiation

Hello postfix-users,

While checking the SSL configuration of a Postfix server, I noticed that
so-called "Client-initiated secure renegotiation" is available at
Postfix by default.
You can verify it with following openssl command and press "R" once the
connection is successfully established:

openssl s_client -connect <hostname/IP>:25 -starttls smtp

250 DSN
depth=2 C = US, O = XXX, OU = <a href="" title=""></a>, CN = XXX Root CA
verify return:1
depth=1 C = US, O = XXX, OU = <a href="" title=""></a>, CN = XXX Server CA
verify return:1
depth=0 C = XX, ST = XXX, L = XXX, O = XX, CN = XXX
verify return:

F29 Self Contained Change: Update comps to use Python 3

= Proposed self contained change =
<a href="" title=""></a>

* Owner:

Change the comps groups python-classroom, engineering-and-scientific,
development-libs, cloud-management, font-design, mysql,
robotics-suite, authoring-and-publishing and electronic-lab to use
python3 packages instead of the python2 ones.

Reminder meeting on Thursday 3pm UTC


kind reminder that we will hold CentOS Cloud SIG meeting on
#centos-devel on Freenode at 3pm UTC


NSS authentication issue in FIPS mode.

Hi ,

In FIPS mode I was using

"NSS FIPS 140-2 Certificate DB:mypassphrase" in /etc/ipsec.d/nsspassword and in my custom location.

But it is failing with the below error in logs:

Jun 27 12:36:11: authentication of "NSS FIPS 140-2 Certificate DB" failed Jun 27

12:36:11: FATAL: NSS initialization failure

I was using CentOS Linux release 7.4.1708 (Core) with libreswan-3.20-3.el7.x86_64.

Could you please help me to resolve this problem.



Fedora c++ default build flags

during a discussion with upstream (MongoDB) they asked me about default
Fedora C/C++ build flags. And I don't remember all Fedora System Wide
changes where it was introduced,... so is there some place where it's

Main upstream question was:
I don't know what is in those various hardening scripts, so hard to say
what they do. I am somewhat interested in whether you think we should
be applying these flags for our hardened builds.

Update to podofo-0.9.6 in rawhide


I'm updating podofo to version 0.9.6 in rawhide. It carries a soname
bump ( ->, but all affected
packages build without changes against the new version [1].

new sclo-php*-php-pecl-redis4 packages available for testing

Yet another package available in centos-sclo-sclo-testing

This extension provides an API for communicating
with Redis servers.

<a href="" title=""></a>

For rh-php71 (EL-7 only)

* sclo-php71-php-pecl-redis4-4.1.0-1

For rh-php70

* sclo-php70-php-pecl-redis4-4.1.0-1


- this extension is already available, as sclo-php70-php-pecl-redis
and sclo-php71-php-pecl-redis version 3.1.6.

Intent to retire cryptominisat4

With cvc4 1.6 building in Rawhide right now, the last Fedora user of
cryptominisat 4.x is gone. All Fedora consumers are now on
cryptominisat 5.x, which is in the cryptominisat package.
Consequently, I intend to retire the cryptominisat4 package soon. If
somebody needs it, let me know and I will give it to you instead of
retiring it.

cvc4 license change

The license of cvc4 has been corrected from GPv3+ to "Boost and BSD
and MIT". Since that is a less restrictive license, it should cause
no issues.

check_client_access not blocking /8 /16 /24 etc.

I'm curious to know what I've done wrong with my client checks file.

I can reject a specific IP but it won't reject when I use net blocks...

Call for entries for Ruby biz Grand prix 2018


This is Shugo Maeda from the Ruby biz Grand prix 2018 executive committee.

We started invitation to the fourth contest Ruby biz Grand prix 2018.
This Grand prix is to make honorable recognition of services and products that create innovative new values of the programing language Ruby by utilizing it in the field of business.
Why don't you advertise your business or services by applying for this Grand prix?

[Exemplification of expected technical areas]
・Web application
・IoT (edge computing, sensor devices etc.), machine control
・Data analysis/utilization

We widely pro

Packages which use banned tags

The packaging guidelines indicate that the following tags must not be
<a href="" title=""></a>

I wasn't aware that a package would even build if the first three were
used, but it seems that a few instances of these tags persist.

Nothing uses Copyright:.

Five packages use Vendor:
dpkg etoys gold netbeans storhaug

Packager: is used by mcollective

apmud has Prereq: chkconfig which is obviously a sign that something is

mass SRUing for changing triggers to noawait in progress

Hi ubuntu-devel,

just a quick note that there is a mass SRUing going on (into xenial
mostly) for converting await triggers to noawait, the progress is being
tracked in <a href="" title=""></a>. Help is welcome,
just assign yourself a task first and then complete it. Do note that
there are some pitfalls where triggers cannot be converted to noawait,
like gsettings schemas.

Packages which use the BuildRoot: directive

The Packaging Guidelines indicate that BuildRoot: should not be used in
Fedora specfiles.

The BuildRoot: tag has not been required since RHEL6 and was also not
required in EPEL5 (due to some magic in epel-rpm-macros). It has not
been needed in any Fedora release since at least Fedora 12.

It has already been removed from most packages due to previous efforts
but it lingers in a few (91, to be exact).

GCC 8/9 ABI change: call for rebuilds

Recently a serious bug in the compiler was discovered whereby we miscompiled
several packages. The problem only occurs in C++ programs that contain a class
with a trivial move constructor and deleted copy constructor. For such
programs, the calling convention changed inappropriately, in the sense that an
object was passed via memory rather than via registers. See

I did a scratch mass rebuild with a specially-tweaked gcc in order to find out
which packages need to be rebuilt.

CentOS Dojo @ CERN: CFP closes this weekend

This is your final reminder that the Call For Papers for the CentOS Dojo
at CERN closes at midnight on Sunday, July 15th.

(If you're one of those people that asks "which timezone", then perhaps
you're putting it off too long! ;-) But, I believe it's CET.)

<a href="" title=""></a> <--- Event details and call for abstracts are here.

Fedora Rawhide-20180710.n.0 compose check report

No missing expected images.

Failed openQA tests: 19/138 (x86_64), 23/24 (i386), 1/2 (arm)

New failures (same test did not fail in Rawhide-20180709.n.0):

ID: 256117 Test: x86_64 Server-dvd-iso base_update_cli
URL: <a href="" title=""></a>
ID: 256131 Test: x86_64 Workstation-live-iso desktop_notifications_live
URL: <a href="" title=""></a>
ID: 256134 Test: x86_64 Workstation-live-iso desktop_notifications_postinstall
URL: <a href="" title=""></a>
ID: 256137 Test: x86_64 Workstation-live-iso desktop_update_graphical
URL: <a href="https://op" title="https://op">https://op</a>

Semi-OT: LSI raid card sorta....

I've got a box running C7, just updated (yesterday). It had an onboard
RAID controller, and an HBA. I just installed a new, additional RAID card,
all LSI.

MegaCli64 only sees one controller. I can't seem to find the magic to see
the others. I *know* the new card is a MegaRAID - the box it came in says

STARTTLS / DANE difficulties?

We are migrating our Postfix MX services and in the process have
disrupted a setup which has been very stable for the past couple of

Solarflare SFC9000 direct connection

hi guys

I wonder if any of you might be using SFN6122F-R7 SFP+ (SFC9000, same
firmware everywhere, Centos 7.5 too.

I'm trying poor man's setup to get the servers onto 10GbE network.

Setup is such that three Dell R815 are connected to each other, each has
one Solarflare(SFP ports) and each Solarflare is set as net-team(both
ports on a card are net-team device) with runner in broadcast mode. And
it all seems to work, they ping each other, iperf okey.

The problem, big problem is that when traffic start to flow between all
three servers simultaneously, with rsync for example, then!!

Fedora Atomic Host Two Week Release Announcement: 28.20180708.0

A new Fedora Atomic Host update is available via an OSTree update:

Version: 28.20180708.0
Commit(x86_64): 5736e832b1fd59208465458265136fbe2aa4ba89517d8bdcc91bc84724f40a8e
Commit(aarch64): 4066f8e2f2f13709d0cf9a562a1f24cd2459bdc9f13e1ea1034a367586f79dac
Commit(ppc64le): a197bd8bfb8cf039e8f2cccf7f743cbb92dde30fffa6ccb0729f8ad13e757b17

We are releasing images from multiple architectures but please note
that x86_64 architecture is the only one that undergoes automated
testing at this time.

Existing systems can be upgraded in place via e.g.

Orphaning metamorphose2

Good Morning Everyone,

metamorphose2 is a small wxPython (GUI) app allowing to mass-rename files.
The last commit upstream is from July 22nd 2016, so almost 2 years ago.
It fails to build from source now.

I'm intending to orphan it.

If someone is interested in picking it up, let me know and I'll give it to you


Ubuntu 18.04 and wine

Dear All,

how to get wine running on Ubuntu 18.04 64bit ? unfortunately I'm not
able to get it working on Ubuntu ( it installs without issue but unable
to run any "exe" using command wine nameofexe.exe )


Certbot error CentOS 7.5

Hi All - I am running CentOS 7.5 and trying to use certbot.
I am getting an error 403 forbidden on the

Some searching indicated permission problems... I also noticed that the
/var/www/html directory does not even have the .well-known directory in
it. The /var/www/html directory was root:root I changed it to root:apache
and still same error.
ls -l /var/www/
total 0
drwxr-xr-x. 2 root root 6 Jun 27 09:49 cgi-bin
drwxr-xr-x. 6 root apache 214 Jun 27 09:49 html

Anyone ran into this ?

Orphaning eclipse-xtext and dependencies

eclipse-xtext and its dependencies eclipse-xpand and eclipse-emf-mwe have
just been orphaned. Eclipse SIG has no use of these packages anymore
(despite them being really active upstream), the build system is quite
complicated and they haven't been properly kept upto date lately.

SSL-Settings for Healthchecks (mod_proxy_balancer)

Hello all apache-users!
I'm trying to set up load-balancing to backends which use different SSL/TLS settings.
I'm using version 2.4.33 of apache.
According to documentation it should be possible to set SSLProxy* directives inside a <Proxy> section.

bad text under KDE and C7

I recently installed C7 from a C7+gnome CD.
Gnome was awful enough that I promptly installed KDE.

KDE is not doing so well either.
Text in text editors invoked by "opening" a file is flakey at best.
E.g. pieces disappear and duplicate.
Terminals seem ok, including vim invoked from the terminal.
Firefox text seems ok.
The sidebar text in file-browser windows often has "black tape" over it,
usually completely covering text.
The file names are ok.

Suggestions on how to dignose this?

What did I just ruin?

I may have outsmarted myself.

I was about to upgrade packages and I wanted to capture the plethora of
messages I expected
this to produce, so I did it under script(1). It captured all right, but
I'm a bit worried by a thing it
captured a few times...

For instance, at the end of fetching packages....

linker errors (since binutils-2.30.90-1.fc29?) : _end: invalid version 21 (max 0), error adding symbols: bad value

See bug <a href="" title=""></a>

Haven't been able to successfully build anything in rawhide recently.

-- Rex

Syndicate content