DevHeads.net

Postings by Chris Murphy

Fedora Media Writer isn't working on macOS

I filed a bug here:
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1714062" title="https://bugzilla.redhat.com/show_bug.cgi?id=1714062">https://bugzilla.redhat.com/show_bug.cgi?id=1714062</a>

However since that assigns it to mbriza who doesn't do binary signing
for Windows or macOS, I'm not certain that's the correct way to report
it. Maybe websites or release engineering?

abrt's usefulness for Firefox bug reporting

I've got a 100% reproducible crash[1] with Firefox on Wayland, but
I've run into a brick wall getting it properly reported.

Neither coredumpctl nor abrt even report a crash, so no coredump file
exists. I was advised in my bug report that abrt doesn't provide
useful information anyway [1], so I should collect it directly with
gdb.

The problem I then encountered: the laptop becomes a hair dryer and
unresponsive for at least 60 minutes with zero crash information
written out, so I gave up.

F30 change, bootloaderspec by default

<a href="https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault" title="https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault">https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault</a>

I want this change to succeed but I'm experiencing a regression, and
while trying to troubleshoot it I'm finding it difficult to understand
the myriad differences:

- I can't find the code. I assume all of it is in grub as blscfg.mod
and grub2-mkconfig and its associated scripts in /etc/grub.d but I'm
not seeing code or code reference in the change or here
<a href="https://apps.fedoraproject.org/packages/grub2-efi-x64-modules/" title="https://apps.fedoraproject.org/packages/grub2-efi-x64-modules/">https://apps.fedoraproject.org/packages/grub2-efi-x64-modules/</a>

- I can't find any documentation.

Signing Kernel Module with the Private Key

crossposting devel@ and kernel@ since it's both kernel and documentation related

I'm not finding an updated version of this documentation:
<a href="https://docs.fedoraproject.org/en-US/Fedora/26/html/System_Administrators_Guide/sect-signing-kernel-module-with-the-private-key.html" title="https://docs.fedoraproject.org/en-US/Fedora/26/html/System_Administrators_Guide/sect-signing-kernel-module-with-the-private-key.html">https://docs.fedoraproject.org/en-US/Fedora/26/html/System_Administrator...</a>

And when I follow that, copy/pasting the perl script is stomping on my
kernel modules, making them zero length files. I also can't tell from
the documentation if this perl script should work on xz compressed
kernel modules, which they are by default on Fedora.

many legit devel@ emails marked as spam by gmail (dmarc reject)

Semi-related to the "Attention Gmail users, please turn off HTML"
thread; anyone *not* using gmail (e.g. all Yahoo email users) are
having their emails put into spam by google mail.

hidden grub menu feature, bootloader writing to grubenv

Hi,

The more I think about the bootloader writing to grubenv, the more I'm
not a fan. I'm really suspicious of even the general case of anything
doing (over)writes outside of the file system. Is block device writing
something all UEFI firmware support? Even with Secure Boot enabled?

Setting aside the default Workstation partitioning, some valid
alternative schemes that I expect are problematic:

- On UEFI, the installer supports (against all advice) using mdadm
raid1 to sync multiple EFI System partitions. GRUB writing to grubenv
is going to write to which device?

F29 hidden GRUB, problem testing and how to unhide

I've got a Fedora 29 Silverblue installation in a VM. First boot I see
the GRUB menu, and after that it's hidden. And I can't figure out how
to unhide it. Boot is failing before I get multiuser login or ssh, so
extracting information to troubleshoot/bug report isn't possible.

Repeatedly pressing or holding Esc doesn't work.
Spacebar doesn't work.
F8 doesn't work.

So now I'm stuck. Yeah, I can reinstall, and before rebooting make
sure whatever is hiding the GRUB menu is disabled, every time I do
installations.

intel microcode license change?

So this made HN:
<a href="https://news.ycombinator.com/item?id=17801474" title="https://news.ycombinator.com/item?id=17801474">https://news.ycombinator.com/item?id=17801474</a>

I've downloaded both 20180703 and 20180807 firmware from Intel and the
two licenses are different, in particular with the usage of the term
'property'.

When I downloaded the 20180807 version, there was no prompt for
license agreement, but there is a license file in the tgz. Whereas
when downloading the 20180703 version, there is a license agreement
prompt, but no license file in the tgz.

Anyway, should this be in koji until this is resolved?

how to troubleshoot performance problems that trigger kidle-inject

Hi,

Example 1: Firefox, 1 tab open (Google Keep)
<a href="https://drive.google.com/open?id=19dRvyWIgXjN0cyLv21JmPSn-WR9lXx11" title="https://drive.google.com/open?id=19dRvyWIgXjN0cyLv21JmPSn-WR9lXx11">https://drive.google.com/open?id=19dRvyWIgXjN0cyLv21JmPSn-WR9lXx11</a>

Example 2: Firefox, 1 tab open (my bank's web site)
<a href="https://drive.google.com/open?id=1-XMYbyOkWYzgBmo50tdKVUdlioSul11c" title="https://drive.google.com/open?id=1-XMYbyOkWYzgBmo50tdKVUdlioSul11c">https://drive.google.com/open?id=1-XMYbyOkWYzgBmo50tdKVUdlioSul11c</a>

It also happens with Chrome. It happens with Fedora's Firefox or
Mozilla Nightly.

Firefox is crashing constantly?

Since, firefox-60.0.1-5.fc28.x86_64 and unchanged with
firefox-60.0.1-6.fc28.x86_64 I'm getting a dozen random crashes per
day. It's not reproducible, near as I can tell, but happens often
whether clicking on a link, typing in a field, or just looking away
and having touched nothing.

Abrt points me to this bug. I attached the output from processing the
crash with coredumpctl gdb.

I guess maybe I'll revert to -4 and see if that solves the problem.

Fedora Media Writer for macOS, is not signed?

Hi,

The Fedora Media Writer for macOS at getfedora.org is not signed. I
filed this bug a couple weeks ago but somehow lost track of it, and
also it's possibly not the right location for the bug report as it
relates to what's offered on getfedora.org

As I mention in the bug, it's not a big deal to use the work around
for unsigned binaries when testing.

troubleshooting bluetooth

Bluetooth mouse often (every 5-20 minutes) stops working, then
recovers after maybe 30 seconds.

Event has three phases: working, not working, recovery (working). I
have set -d on bluetoothd, but all messages happen once recovery has
happened. There are no kernel messages at the time of disconnect.

<a href="https://paste.fedoraproject.org/paste/KV06205Dzeii9MijkQ7OSg/raw" title="https://paste.fedoraproject.org/paste/KV06205Dzeii9MijkQ7OSg/raw">https://paste.fedoraproject.org/paste/KV06205Dzeii9MijkQ7OSg/raw</a>

The same thing happens with btmon, there's a 10 second gap.

DNSSEC, DoH, dnscrypt-proxy 1 vs 2

Hi,

I've been doing some digging around to figure out how to enhance DNS
security privacy, and it's really a rabbit hole. Fedora 28, not any
different near as I can tell from Windows 10 or macOS 10.13 is simply
deferring to DHCP assigned DNS which for my POS ISP is hardwired to
their DNS servers and can't be changed.

Then I ran into this ancient feature from Fedora 17:
<a href="https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations" title="https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations">https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations</a>

Did that feature actually ship? Did it get undone soon thereafter?

microcode updates and spectre variant 2

Koji contains linux-firmware-20171215-82.git2451bb22.fc27 which
contains intel-ucode from 20171117.

wrong selinux label on user-1000.journal, AVC denials

Fedora 27 workstation. I'm getting selinux AVC denial messages in the
journal as a result of user-1000.journal having label
system_u:object_r:unlabeled_t:s0. It's the only log file with that
label, the other files and the directory its in have
system_u:object_r:var_log_t:s0.

The AVC message of course go away if I relabel /var/log/journal but
then maybe two weeks later the problem starts happening again when the
log gets rotated.

Retrace failed. Try again later and if the problem persists report this issue please.

I'm on a Fedora 27 Workstation system, dnf system-upgrade(d) from
Fedora 26. I've got a few crashes that gnome-abrt (Problem Reporting)
I've clicked on to report, but I get this message for all three of
them:

Retrace job failed
Retrace failed.

grub2-tools problem is causing dnf system-upgrade failures, F26->F27

grub2-tools does not belong to a distupgrade repository, causes
software-upgrade failure
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1491624" title="https://bugzilla.redhat.com/show_bug.cgi?id=1491624">https://bugzilla.redhat.com/show_bug.cgi?id=1491624</a>

I've found at least three bug reports, each with some grub2 component
that has a problem with grub2-tools when doing F26 to F27 'dnf
system-upgrade download'.

I also ran into this problem during my upgrade, and removing
grub2-tools and grub2-efi-modules, which fixed my problem.

f26->f27 server upgrade, starting system activity accounting tool every 10 minutes

Fedora 26 Server was upgraded to Fedora 27 with 'dnf system-upgrade'
so it is no longer strictly the Server product I guess:
$ cat /etc/fedora-release
Fedora release 27 (Twenty Seven)

I'm seeing in the journal, a lot more activity than I'm used to.
Usually it's just once an hour, dnf makecache timer triggers.

f27, hostname changes from former to current during boot

Nov 11 20:37:26 f26s.localdomain systemd[1]: Reached target Switch Root.
Nov 11 20:37:26 f26s.localdomain systemd[1]: Starting Switch Root...
Nov 11 20:37:26 f26s.localdomain systemd[1]: Switching root.
Nov 11 20:37:26 f26s.localdomain systemd-journald[200]: Journal stopped
Nov 11 20:37:32 f27s.localdomain systemd-journald[200]: Received
SIGTERM from PID 1 (systemd).
Nov 11 20:37:32 f27s.localdomain kernel: systemd: 17 output lines
suppressed due to ratelimiting

I'm not sure what component's bug this is.

Re: [CentOS] Btrfs going forward, was: Errors on an SSD drive

Changing the subject since this is rather Btrfs specific now.

On Fri, Aug 11, 2017 at 5:41 AM, hw <hw@gc-24.de> wrote:

Askbot not sending email notification on first postings

cross posting this on users@ and devel@, I'm not sure who all
regularly participates on askbot.fedoraproject.org as it's mainly user
to user.

The gist of this problem is you set up some keywords/tags and if
someone posts a question with one of those tags, you get an email.
Neat because I don't want emails for every question posted, just the
topics I'm going to be useful answering. Problem is, I don't get an
email notification for the original posting.

Fedora 25 GRUB security issue

security@ and security-team@ have no meaningful activity in at least
the last 6 months so I'm posting this here.

grub2 incorrectly initialises the boot_params from the kernel image
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1418360" title="https://bugzilla.redhat.com/show_bug.cgi?id=1418360">https://bugzilla.redhat.com/show_bug.cgi?id=1418360</a>

The gist is that the bug means the kernel can't determine UEFI secure
boot state, considers it not enabled, resulting in the kernel not
enabling certain checks it otherwise does when it knows secure boot is
enabled.

dnf cache downloading behavior

Is this expected behavior? Or is it a bug? And if it's a bug, how do I
collect the necessary information for a bug report? This problem
happens often, but not every day.

[chris@f26h Downloads]$ sudo dnf install *rpm
Fedora 26 - x86_64 - Test Updates

534 kB/s | 24 MB 00:46
Fedora 26 - x86_64 - Updates

570 kB/s | 6.6 MB 00:11
google-chrome

53 kB/s | 3.8 kB 00:00
Last metadata expiration check: 0:00:00 ago on Sat 22 Jul 2017 10:05:21 AM MDT.
Dependencies resolved.

And then in another Terminal tab hardly 25 minutes later it wants to
download the exact same repo metadata again.

Algo (VPN) Server

<a href="https://github.com/trailofbits/algo" title="https://github.com/trailofbits/algo">https://github.com/trailofbits/algo</a>

This looks kinda cool. I like the features and anti-features list.

\\Algo VPN is a set of Ansible scripts that simplify the setup of a
personal IPSEC VPN. It uses the most secure defaults available, works
with common cloud providers, and does not require client software on
most devices.\\

MIT License

F26 dnf makecache timer hanging

I have a new problem I haven't seen until recently on Fedora 26 (I
don't recall running into this during development, so I'm guessing
it's only shown up in the last month). This is on Fedora 26 Server but
should apply equally to Workstation:

So what you'll see below is the timer triggers pretty much once an
hour, and I guess figures out whether it's stale or not and if it is
it downloads new metadata.

rawhide, dnf can not load RPM file *.fc26.x86_64.rpm

Hmm, installing one older or newer kernel package usually works. Any
ideas?

Intel i915 firmwares

I ran into this today:
<a href="https://gist.github.com/Brainiarc7/aa43570f512906e882ad6cdd835efe57" title="https://gist.github.com/Brainiarc7/aa43570f512906e882ad6cdd835efe57">https://gist.github.com/Brainiarc7/aa43570f512906e882ad6cdd835efe57</a>

DRM firmware is loaded by default. HuC and GuC are not. Things work
without them, and things work with them loaded. So what's the pro/con
and if there's a pro, why isn't it the kernel default? Seems like if
it should be default, either upstream should set them as the default,
or the CPU/GPU should ask for it?

Recently (either 4.10/4.11 kernel, or same time frame Firefox on
F25/F26) I notice a blocky flickering when Firefox is launched. This
doesn't happen with the firmware loaded.

power management

01.org has several projects related to power management, but most
aren't in Fedora repositories. Are any of these useful for the recent
effort to make power management better on Fedora?

I've been compiling thermald from source for a while, and it does make
a difference to battery life and heat generation on laptops. It's only
in copr and that version is old.

The description of thermal daemon:
"This is an active open source project distributed under the LGPL open
source license.

Fedora Workstation connects using NT1 protocol by default

Hi,

Got a Fedora 25 Server using fairly default smb.conf, nothing special,
just to share some storage.

Three clients: macOS 10.12.4, Fedora 26, and Windows 10

On the server, using 'smbstatus' I see the following protocols used
for each client when connected:

Windows 10: SMB3_11
macOS: SMB3_02
Fedora 26: NT1

This is true whether I use smbclient or Nautilus to make the connection.

The smb.conf man page says for "client min protocol" and "client max protocol":

Normally this option should not be set as the automatic
negotiation phase in the SMB protocol takes care of choosing th

nic:virbr0 consuming over 3W?

Is this a bug? How is it possible for a virtual device to be the #1
consumer of power?

Power est.