Postings by Nathaniel McCallum

grubby - /boot on btrfs support

<a href="" title=""></a>

We've built grubby with support for /boot on btrfs. We're trying to
land this in F28. But we need testers. That's where you come in! If
you ever interact with grubby and especially if you have an exotic
grub2 setup, please download and test this release. As usual provide
feedback in Bodhi (link at the top of this email). Thanks!

Help Reviewing a FreeOTP (Android) Pull Request in Korean

Do you speak (I think) Korean and English? Can you code? If so, I
could use your help.

The Fedora-associated FreeOTP project has received this pull request:
<a href="" title=""></a>

The comments and commit descriptions are almost entirely in Korean and
I don't know how to make heads or tails of them. Communication with
the patch submitter is also difficult since I don't speak Korean and
they don't speak English. However, I'd really like to give the
submitter a fair shot.

Is there anyone in the Fedora community that would be willing to

Help Testing FreeOTP + Jelling

Hello Fedoraland!

I recently blogged about an effort to improve multi-factor
authentication with OTPs by sending the OTP code from your phone to
your computer directly using Bluetooth. The full story can be read

<a href="" title=""></a>

However, I'm unable to get Jelling for Linux to work on Fedora at all
with my devices. I'm very keen to see if anyone is able to get it to
work with their combination of devices.

yubico-piv-tool & p11-kit

So apparently yubico-piv-tool ships $libdir/*, but this
doesn't get picked up by p11-kit by default. I suspect it has gone
unnoticed largely because for most crucial operations the opensc
module also works with Yubikeys. However, this is not true for all
operations (in particular, in my case, key creation).

How can we make this happen? Is there some intentional reason Yubico's
PKCS#11 module has been excluded?

Update python-cffi in F23

I submitted an update in F23 to python-cffi 1.4.2. [1]

I do not anticipate any issues. However, because so many packages
depend on python-cffi, I would like some intentional testing before I
push the update.


For more information on the reasons behind the update, see the bugs
attached to the update. Thanks!

[1] -

python-cryptography 0.8.2 [F21/F22]

I have submitted new packages for python-cryptography to F21 and F22:

<a href=",python-cryptography-0.8.2-1.fc22" title=",python-cryptography-0.8.2-1.fc22"></a>

<a href=",python-cryptography-0.8.2-1.fc21" title=",python-cryptography-0.8.2-1.fc21"></a>

This includes an upstream fix and a fix for a missing dependency
(python*-pyasn1). Please test. Thanks!


python-yubico updates (testing wanted)

<a href="" title=""></a>
<a href="" title=""></a>
<a href="" title=""></a>

I have just created updates for python-yubico. This new upstream
release just adds support for new YubiKey devices (such as YubiKey
NEO). I'd love some testing!

To test:
1. Install the new python-yubico package
2. Insert your YubiKey
3. Run:
$ python -c 'import yubico; yubico.find_yubikey()'

If this command silently returns, everything should be working.


OpenSSL missing NIST p224r1

On Fedora 21, OpenSSL doesn't appear to support NIST p224r1, but *does*
support other NIST curves. I presume this was intentional, but I'm not
sure why. Can someone enlighten me?

$ openssl ecparam -list_curves
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field


Rawhide LDFLAGS (-pie)

FreeIPA is experiencing build-failure in Koji Rawhide.

<a href="" title=""></a>

This is due to -pie being present in the LDFLAGS on rawhide. This in
turn requires that all code be compiled with -fPIC, which is not
normally required for simple executables. Nor is -fPIC being added to
the list of CFLAGS by Koji.

Where does this bug lie, and who needs to fix it? I could add -fPIC to
FreeIPA, but this doesn't seem correct.