DevHeads.net

Postings by Robert Marcano

RPM strip scripts and executables as shared objects

I have been working on a private RPM for a Rust based program and
noticed that the RPM strip scripts are not reducing the binaries files
like when I execute strip directly on those binaries.

The first thing I checked is the brp-strip script. This one is filtering
executables where "file" reports it is a "shared object", Rust binaries
are marked as "ELF 64-bit LSB shared object" instead of "ELF 64-bit LSB
executable".

Proposal: Reduce *-devel packages dependencies on other unneeded *-devel packages

Greetings.

Current *-devel packages tend to pull a lot of dependencies, probably to
make developers life easier, but I think some of them are not needed.

For example, someone developing against krb5-devel for a GSSAPI client,
probably doesn't need openssl-devel installed, that they are linking
against Kerberos doesn't means they use the same crypto library
directly, they could use nss for example.

This is somewhat related to the remove excessive linking change [1]. We
could help developers detect they are over linking by not installing
unnecessary *-devel dependencies.

Postfix, Kerberos and dns_canonicalize_hostname = false

Greetings.

I have been using Postfix with Kerberos without problem for a few years.
Our setup uses a DNS alias (CNAME) for the hostname. Let call it
smtp.example.com, pointing to the real hostname server.example.com.

With a default MIT Kerberos client configuration, dns_canonicalize_hostname
is true. This setting [1] enable the reverse lookup to search the hostname
given the alias. The Linux distribution used for our clients machines is
changing the default to dns_canonicalize_hostname = false.

SELinux policy contibutions

Greetings. Is <a href="https://github.com/fedora-selinux/selinux-policy-contrib" title="https://github.com/fedora-selinux/selinux-policy-contrib">https://github.com/fedora-selinux/selinux-policy-contrib</a>
the right place to contribute to the Fedora SELinux policy?

I added a pull request for a small update needed for a new release of
cups-pdf, but I am not sure someone is monitoring that. There is another
one from rhatdan there so I presume is the right place.

Cron jobs output are sent to the network by default

I created a new bug [1] that explains that ssmtp is sending all cron
jobs output to an external SMTP server. I marked it as a security bug,
the security tag was removed and it was recommend to make it public,
something I can't do.

NFSv4 / POSIX ACL mapping bug?

Hi,

I need some help clarifying this issue in order to know if this is a bug
or limits of the NFSv4 / POSIX ACL mapping before reporting it

Creating a directory on the server with the following POSIX ACLs, rwx
for the group "sharedgroup" and same defaults:

############################################################
# file: directory
# owner: root
# group: root
user::rwx
group::r-x
group:sharedgroup:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:sharedgroup:rwx
default:mask::rwx
default:other::---
############################################################

C

Multiple repositories or multiple subdirectories

I have local mirrors of the Fedora repositories to serve the internal
requirements without downloading each update for every machine. We do
not install games nor KDE applications, but everytime there is an update
for those packages the network is used.

There are solutions like SpaceWalk for the updates problem, but at the
same time we need to have some packages available to install if needed,
not only updates.