From Fedora Project Wiki


Fedora Weekly News Issue 283

Welcome to Fedora Weekly News Issue 283[1] for the week ending August 11, 2011. What follows are some highlights from this issue.

FWN is back after a few weeks of summer quietude, and we've got several weeks' worth of Fedora coverage for you! Kicking off this week's issue, announcements from the Fedora Project, including awesome heavy metal news on a Fedora 15 release for IBM System z 64bit, details on the Fedora 16 alpha schedule and decisioning, and exciting details on hardened build support coming in Fedora 16. In QA news, details on the latest Fedora 15 Amazon EC2 Test Day, and a schedule for upcoming test days. Also more detail on Fedora 16 Alpha prep, oVirt node spin review and testing, and Instalatron anaconda testing framework details, to name but a few items. Security Advisories brings us a surprisingly short list of security-related software releases for the past three weeks, and our issue wraps up with news from the Planet Fedora, including FLOSSCamp 2011 and FUDCon India event reports, farewell news from Max Spevack, and updates from Máirín Duffy and Joerg Simon. Enjoy FWN 283!

An audio version of some issues of FWN - FAWN - are available! You can listen to existing issues[2] on the Internet Archive. If anyone is interested in helping spread the load of FAWN production, please contact us!

If you are interested in contributing to Fedora Weekly News, please see our 'join' page[3]. We welcome reader feedback:

FWN Editorial Team: Pascal Calarco, Adam Williamson


In this section, we cover announcements from the Fedora Project, including general announcements[1], development announcements[2] and Events[3].

Contributing Writer: Pascal Calarco

Fedora Announcements

Outage: Server reboots - 2011-08-01 14:00 UTC

Kevin Fenzi announced[1]:

"There will be an outage starting at 2011-08-01 14:00 UTC, which will last approximately 2 hours.

To convert UTC to your local time, take a look at[2] or run:

date -d '2011-08-01 14:00 UTC'

Reason for outage:

A number of servers are being upgraded and must be rebooted. Where possible, services should continue to be available during this outage, but users and maintainers may see short periods of instability or interruptions in some services.

Affected Services:
Unaffected Services:

Ticket Link:

Contact Information:

Please join #fedora-admin in or add comments to the ticket for this outage above."

Fedora 15 for IBM System z 64bit official release

Dan Horák announced[1]:

"It's been a longer time since the Fedora 15 release for the primary architectures than we expected, but here we are.

As today, the Fedora IBM System z (s390x) Secondary Arch team proudly presents the Fedora 15 for IBM System z 64bit official release!

And without further ado, here the links to the actual release:

and obviously on all mirrors that mirror the secondary arch content.

The first directory contains the normal installation trees as well as one DVD ISO with the complete release.

Everything as usual contains, well, everything. :)

For Fedora 14 we have collected a couple of example config files, kickstart examples and a nice README here[2]

beware that currently the content there is outdated, but most of the information should be still valid. We're working on fixing that over the next weeks.

Additional information about know issues, the current progress and state for future release, where and how the team can be reached and just anything else IBM System z on Fedora related can be found here[3] for architecture specific release notes and here[4] for more general s390x notes.

Thanks go out to everyone involved in making this happen!

Your Fedora/s390x Maintainers

-- Dan Horák, RHCE Senior Software Engineer, BaseOS

Red Hat Czech s.r.o., Purkyňova 99, 612 45 Brno"

Fedora Development News

The Development Announcement[1] list is intended to be a LOW TRAFFIC announce-only list for Fedora development.

Acceptable Types of Announcements

  • Policy or process changes that affect developers.
  • Infrastructure changes that affect developers.
  • Tools changes that affect developers.
  • Schedule changes
  • Freeze reminders

Unacceptable Types of Announcements

  • Periodic automated reports (violates the INFREQUENT rule)
  • Discussion
  • Anything else not mentioned above

evolution-data-server soname version bump for rawhide/Fedora 16 next week

Milan Crha announced[1]:


I just want to let you know that evolution-data-server 3.1.5 release, which is about to happen the next week, on August 15th, +/-, changes soname versions for almost everything it provides, namely libedataserver, libecal, libedatacal, libebook, libedatabook.

Anything depending on it would be rebuild on both branches against newer eds, when its update will be done. I will rebuild all to which I have commit rights by the end of the week, after the release.



Fedora 16 Alpha to slip by one week

Robyn Bergeron announced[1]:

"Today at the Go/No-Go meeting it was decided to slip the Alpha by one week[1]. Minutes follow below.

There are numerous unresolved blocker bugs at this time[2], requiring the creation of an RC4 once these blockers are resolved.

As a result, ALL MAJOR MILESTONES, and their dependent tasks, will be pushed out by one week.

We will proceed with having the F16 Alpha readiness meeting tomorrow, 2011-08-11, as previously announced on the Logistics mailing list. We will have another F16 Alpha Blocker Bug meeting this Friday.

The adjustments to the F16 schedule will be done (very late) tonight, and published to the Schedule wiki page[3].

Thanks for your patience. We will be meeting again next Wednesday for another Go/No-Go meeting.


[1] Logs:




  1. fedora-meeting: F16 Alpha Go/No-Go Meeting

Meeting started by rbergeron at 21:00:26 UTC. The full logs are available at

Meeting summary

  • present: spot, codeblock, dgilmore, pjones, athmane, cebbert,
  jsmith-mobile, adamw  (rbergeron, 21:03:42)
  • Go/No-Go Meeting (rbergeron, 21:04:07)
  * the Purpose of the Go/No-Go is to gather yay/nay's from Release
    Engineering, QA, and devel on whether or not what we have put
    together is ready for release and meets the release criteria.
    (rbergeron, 21:05:28)
  * LINK:   (adamw,
  * LINK: <--
    that one I know by heart, though.  (rbergeron, 21:06:42)
  • Proposed Blockers (rbergeron, 21:09:50)
  * LINK:
    (rbergeron, 21:10:04)
  * clumens has an updates image (linked in BZ) for people to try out.
    (rbergeron, 21:12:33)
  * AGREED: : #729563, NTH Alpha, consider adding criterion for selinux
    must be enabled by default later.  (rbergeron, 21:14:39)
  * Error while installing updates on Fedora 16 Alpha RC3  (rbergeron,
  * AGREED: revisit #729563 at Blocker meeting friday, try to get more
    (rbergeron, 21:17:34)
  * #729528 - Unable to configure events in reporter to forward in
    anaconda for F-16-Alpha-RC3  (rbergeron, 21:18:09)
  * AGREED: #729528 Alpha Blocker, per criterion of installer must be
    able to report failures to BZ, wiht appropriate info included.
    (rbergeron, 21:22:19)
  * 729537 - Anaconda cannot report crashes in text mode in F16 Alpha
    RC3 due to missing report-cli  (rbergeron, 21:23:14)
  * AGREED: 729537 Alpha Blocker, per criterion of installer must be
    able to report failures to BZ, with appropriate info included.
    (rbergeron, 21:25:32)
  * 728707 - on package upgrade RPM is removing empty directories
    accidentally  (rbergeron, 21:26:02)
  * AGREED: 728707 is a blocker under 'must be able to install updates'
    criterion - this constitutes not installing updates properly
    (adamw, 21:33:36)
  * LINK:

    (jlk, 21:47:30)
  * AGREED: 729600 not blocker or nth, installing from a dd'ed DVD iso
    is expected to require extra configuration. documentation should be
    improved to outline the steps required  (adamw, 21:56:27)
  • go/no-go vote (adamw, 22:00:30)
  * AGREED: Fedora 16 Alpha is no-go at this time  (adamw, 22:01:32)
  * ACTION: rbergeron will take care of updating the schedules  (adamw,
  • open floor (adamw, 22:03:40)

Meeting ended at 22:05:08 UTC.

Action Items

  • rbergeron will take care of updating the schedules

Action Items, by person

  • rbergeron
  * rbergeron will take care of updating the schedules
  * (none)

People Present (lines said)

  • adamw (167)
  • rbergeron (73)
  • pjones (66)
  • jlk (49)
  • dgilmore (36)
  • Viking_Alpha (35)
  • tflink (32)
  • clumens (22)
  • nirik (20)
  • zodbot (6)
  • spot (4)
  • cebbert (3)
  • athmane (2)
  • CodeBlock (2)
  • jsmith-mobile (1)
  • tk009 (1)
  • cwickert (1)
  • jsmith (1)

Generated by MeetBot_ 0.1.4

.. _MeetBot:"

New hardened build support (coming) in F16

Adam Jackson announced[1]:

"tl;dr version: If you have a security-sensitive package, and wish to enable some gcc-level hardening features with a modest performance impact, you will soon be able to enable them (nearly) automagically by rebuilding with this line in your spec file:

%define _hardened_build 1

Now for the details.

  • 1: what are we trying to do?

There are three somewhat-overlapping build features in play here. The first one is called "relro", which instructs the linker to emit some relocations in a special segment that can be marked read-only after relocation processing is finished but before you call into main(). Or in English: more things that you've asked to be const, will actually be const. This on its own is quite cheap, and so it has been enabled globally as of redhat-rpm-config-9.1.0-13.fc16.

By default, not all symbols are resolved that early in program execution. In particular, functions are resolved lazily the first time they're called. This makes startup faster, and since not all functions are actually called in typical program execution, usually makes total execution time faster. However, if all symbols were resolved early, the relro feature could do a better job, and virtually all relocations could be made read-only. The '-z now' flag to the linker makes this happen, and an app so linked is said to be "Full RELRO" instead of "Partial RELRO".

Finally, applications may be built as position-independent executables, by passing -fPIC or -fPIE at build time and -pie at link time. This allows the runtime linker to randomize the placement of the executable at runtime, which makes it more difficult for an attacker to guess the address of writeable memory.

  • 2: how do we go about doing it?

The non-PIE parts of this are trivial, just pass the appropriate flags to the linker and you're done. PIE is more difficult, both at build time and at link time. Although both -fPIC and -fPIE produce position-independent code at the assembly level, -fPIE will (at least on amd64) produce relocation types that are only valid in an executable. This means you can't just say -fPIE in CFLAGS: your libraries will fail to link. (PIC objects in a PIE executable are fine; PIE objects in a PIC library are not. When in doubt, -fPIC.)

Likewise, at link time, the -pie and -shared options are mutually exclusive. will simply refuse to execute if you specify both. ld.bfd will (afaict) let whichever one comes last win, and if that happens to be -pie when you're building a shared library it will fail to link because it won't be able to find a _start symbol.

All of this is only an issue because most build systems don't let you say different CFLAGS or LDFLAGS for shared libraries and executables. Sigh.

So instead, we'll teach gcc to figure it out. To do this we'll use the -specs flag to pass some rewrite rules to the compiler driver. At compile time, if we don't see -fPIC or -fPIE on the command line, we'll add -fPIC. At link time, if we don't see -shared, we'll add -pie. This way we build relocatable objects that are always suitable for either type of final link object, and we'll only attempt to build a PIE if we know we're not building a shared library. Victory!

  • 3: what does this mean for you?

The link-time bit of the last paragraph required a bit of gcc magic to get right (previously specs rules could only add strings to the command line of the program to invoke; they could not rewrite gcc's notion of which flags had been passed in the first place). Thanks to a patch from Jakub Jelinek, this is now fixed in gcc-4.6.1-7.fc16, and will be in gcc 4.7 and later. As a result, %defined _hardened_build 1 will not work until that gcc update has gone through.

Once that's done (and redhat-rpm-config-9.1.0-15.fc16 has been gone through updates), if you're using a %configure-style spec file, defining the magic macro is all you have to do. The rpm macros will notice the macro, and put the right magic into CFLAGS and LDFLAGS, and everything is great and wonderful.

If you're _not_ using %configure, then you have to do whatever is conventional for your build system to get CFLAGS and LDFLAGS inherited properly. For CFLAGS, this will be $RPM_OPT_FLAGS or %{optflags} as before. As of rpm-4.9.1-3.fc16, you will be able to say $RPM_LD_FLAGS for the corresponding LDFLAGS values. Until then, there is no such shell variable, but you can get the same effect from %{?__global_ldflags}. Yes, that's ugly, sorry.

If you are the owner of one of the packages listed here[2]

Then I have locally built (though not extensively tested) your package with the appropriate specfile modifications, and the results do indeed appear to be fully hardened. If you would like to handle the rebuilds yourself, please let me know. Otherwise I will submit them myself once the relevant updates have gone through.

If you've made it to the end, congratulations. Please let me know if there are any issues, or any questions I can answer. In particular if the performance impact of these flags is excessive for you, there are some ways it can be mitigated that are out of scope for this particular email.

- ajax

Fedora 16 Alpha Go/No-Go Meeting, Wednesday, August 10 @ 17:00 EDT

Bobyn Bergeron announced[1]:

"Join us on #fedora-meeting for this important meeting.

Wednesday, August 10, 2011 @21:00 UTC (17:00 EDT/14:00 PDT)

"Before each public release Development, QA and Release Engineering meet to determine if the release criteria are met for a particular release. This meeting is called the: Go/No-Go Meeting."

"Verifying that the Release criteria are met is the responsibility of the QA Team."

For more details about this meeting[2]

In the meantime, keep an eye on the Fedora 16 Alpha Blocker list:


FUDCon EMEA travel subsidies are open

Christoph Wickert announced[1]:

"Hi there,

If you are planning to attend FUDCon Milan 2011 and need travel subsidies, the ticket system is now open. If you need sponsoring, please

1. register[2] 
2. put an X in the $$$ column 
3. make a funding request in the the FUDCon ticket tracker[3] 
4. General instructions about sponsoring[4] 

Funding requests without a ticket will not be considered. We have a limited budget and will work hard to fund as many people as possible. We'll use these answers to help figure out budgeting for the event. We are making arrangements for attendees from other geographic regions to encourage specific initiatives such as future FUDCon events, but preference may otherwise be given to people in EMEA.

The next subsidy meeting will be held on Tuesday, August 16th at 15:00 UTC in #fudcon-planning. Please show up in case the event organizers have questions about your request.



String Freeze 2011-08-02

Noriko Mizumoto announced[1]:

"Fedora Packagers

It is String Freeze date on 2011-08-02. Fedora Localization team will soon start translating latest packages via Transifex. Our goal is Fedora software translation to be 100% completed as many languages as possible.

Please make sure that your latest POT file has been uploaded to Transifex for translators. If you think that you need to break the string freeze, then you should ask for approval from the Fedora Localization Team prior to breaking the freeze. Software string freeze policy can be found at[2]

Thank you so much for your support in advance.


noriko Fedora L10N"

Changes to the Packaging Guidelines

Tom Callaway announced[3]:

"Here are the latest changes to the Fedora Packaging Guidelines:


Some rpm versions pass pathnames to the automatic filtering macros, so a section has been added to the guidelines to help packagers deal with it[4]


For a while, Fedora considered mono packages to be architecture-specific, and installed assemblies to %{_libdir}. However, after discussions with upstream, we now consider mono packages to be architecture (and platform) independent. This means that mono packages should be correctly installed into the GAC in /usr/lib or installed into /usr/lib/PACKAGENAME.

As a notable exception, any ELF binary libraries generated in a mono package must be correctly installed into %{_libdir}, because these files are architecture-specific.

Also, even though we consider mono packages to be architecture independent, they must not be marked as "noarch". Although the assemblies are the same, the files may differ due to strings referring to the build architecture.[5]


It was decided that gnome shell extension packages should have the prefix gnome-shell-extension (with no "s" on the end).[6]


The section in the Fedora Packaging Guidelines concerning libexecdir has been improved and expanded[7]


The Fedora Java Packaging Guidelines have been updated to reflect the latest macros for Maven 3.[8]


These guidelines (and changes) were approved by the Fedora Packaging Committee (FPC).

Many thanks to Christian Krause, Aleksandar Kurtakov, Petr Pisar, Stanislav Ochotnicky, and all of the members of the FPC, for assisting in drafting, refining, and passing these guidelines.

As a reminder: The Fedora Packaging Guidelines are living documents! If you find something missing, incorrect, or in need of revision, you can suggest a draft change. The procedure for this is documented here[9]



Fedora Events

The purpose of event is to build a global Fedora events calendar, and to identify responsible Ambassadors for each event. The event page is laid out by quarter and by region. Please maintain the layout, as it is crucial for budget planning. Events can be added to this page whether or not they have an Ambassador owner. Events without an owner are not eligible for funding, but being listed allows any Ambassador to take ownership of the event and make it eligible for funding. In plain words, Fedora events are the exclusive and source of marketing, learning and meeting all the fellow community people around you. So, please mark your agenda with the following events to consider attending or volunteering near you!

Upcoming Events (June - August 2011)

  • North America (NA)[1]
  • Central & South America (LATAM): [2]
  • Europe, Middle East, and Africa (EMEA)[3]
  • India, Asia, Australia (India/APJ)[4]

Past Events

Archive of Past Fedora Events[1]

Additional information

  • Reimbursements -- reimbursement guidelines.
  • Budget -- budget for the current quarter (as distributed by FAMSCo).
  • Sponsorship -- how decisions are made to subsidize travel by community members.
  • Organization -- event organization, budget information, and regional responsibility.
  • Event reports -- guidelines and suggestions.
  • LinuxEvents -- a collection of calendars of Linux events.


In this section, we cover the activities of the QA team[1]. For more information on the work of the QA team and how you can get involved, see the Joining page[2].

Contributing Writer: Adam Williamson

Test Days

The Fedora 15 Test Day track is now finished, and the main Fedora 16 Test Day track has not yet started. If you would like to propose a main track Test Day for the Fedora 16 cycle, please contact the QA team via email or IRC, or file a ticket in QA Trac[1]. At the weekly group meeting of 2011-07-18[2], the group agreed to delay the planned Fedora 15 on Amazon EC2 Test Day on 2011-07-19, as the images would not be ready in time. Adam Williamson pencilled in the X Test Week for 2011-08-30 to 2011-09-01[3], and Jaroslav Škarvada proposed a power management Test Day for 2011-09-29[4]. Adam sent out a call for Test Days[5].

The Fedora 15 on Amazon EC2 Test Day was eventually held on 2011-08-04[6]. The turnout was modest, but the five testers present were able to confirm the provided AMIs mostly worked well, and expose a few bugs.

Fedora 16 Alpha preparation

Throughout the last few weeks, the team has been working to prepare for the Fedora 16 Alpha release. A first acceptance test run was attempted by Tao Wu on 2011-07-19[1], and ran into critical early failure in the installer. A second attempt was made on 2011-07-26, and failed similarly[2]. The first (and only) test compose was released behind schedule on 2011-08-02[3], and again contained significant bugs. Adam Williamson started a post-TC1 strategy discussion[4] to decide what to do in case it seemed impractical to produce a release candidate in a reasonable timeframe, but in the event, all TC1 blockers were thought to be addressed by 2011-08-06, and a release candidate was produced[5].

In the meantime, blocker bug review meetings were held each Friday - 2011-07-22[6], 2011-07-29[7] and 2011-08-05[8] to review the substantial volume of blocker bugs which were identified.

oVirt node spin review and testing

At the 2011-07-18 weekly meeting, the group held an initial discussion of the proposed oVirt node spin[9], from the standpoint of whether to grant it QA approval. Athmane Madjoudj volunteered to work on making sure the necessary testing framework was in place. By 2011-07-22, he had a draft validation matrix[10] ready for review[11]. The draft matrix was reviewed at the weekly meeting of 2011-07-25[12], and the group agreed Athmane's validation matrix was good and the oVirt spin should be granted QA approval.

QA group meeting SOP

James Laska announced[1] that he had put the draft group meeting SOP (see FWN #282) into production[2].

Separation of release validation and feature processes

At the FESCo meeting of 2011-07-18[1], FESCo approved the group's proposal (see FWN #282) to formalize the separation between the release validation and feature processes. Adam Williamson subsequently announced that he had made the necessary changes to the wiki[2].

Fedora 16 Alpha RATs run

Tao Wu announced the completion of the first RATs (Rawhide Acceptance Tests) automated installation testing run for Fedora 16 Alpha[1]. He reported that the testing failed due to a major bug in installation[2].

Instalatron anaconda testing framework

Sergio Rubio of FrameOS[1] wrote to let the group know[2] of the release of Instalatron[3], a testing framework for anaconda based around VirtualBox input automation and ImageMagick image comparison. James Laska replied to thank Sergio for reaching out, and to point out the similar work being done by Tao Wu and Hongqing Yang to automate the Fedora installation validation matrix[4]. Tim Flink asked some questions about the design of Instalatron[5], and Sergio provided some answers[6]. Eric Blake noted that KVM had recently grown the ability to inject keyboard scancodes[7], which Sergio had cited as the main reason for choosing VirtualBox. David Cantrell gave a heads-up that the design of anaconda would soon change quite drastically[8], and James recommended the use of AT-SPI in preference to image analysis[9]. Sergio thanked everyone for their feedback[10].

Release criteria updates

James Laska followed up his initial survey of ways to handle secondary architecture release criteria (see FWN #281) with a draft[1] of the preferred approach[2].

James also proposed some changes to the criteria following from the second Alpha blocker bug review meeting[3]. Rui He adjusted a test case to reflect the proposed change[4]. Adam Williamson suggested a change to James' proposed shutdown criterion[5], which prompted some discussion. Ultimately James updated the criteria with the revised proposals[6], and proposed a test case to enforce the shutdown criterion[7].

Release criteria and validation testing

Rui He continued adjusting installation validation test cases in response to Adam Williamson's release criteria / validation test concordance survey. She added a test for uncategorized packages[1], updated some test cases to check unattended installations work[2], added a test for the 'use existing Linux partitions' partitioning method[3], updated the rescue mode test case[4], and added test cases for btrfs and xfs installations[5].

Acceptance testing SOP

Rui He proposed the creation of an SOP for the rawhide acceptance testing events[1]. Tao Wu worked on a draft SOP[2], and Adam Williamson provided feedback. Eventually, Tao, Adam and James Laska progressed to a broader discussion on the nature of RATS events, and whether they should simply be folded into the Test Compose / Release Candidate process.

Security testing scripts

Steve Grubb announced[1] some scripts for testing the security of Fedora[2]. Adam Williamson thanked him for the work, and wondered if any of the scripts would be suitable for incorporation into AutoQA[3]. Kamil Paral highlighted some issues with integrating third party tests in the current state of AutoQA[4].


James Laska wondered if it would be possible to run depcheck tests on EPEL packages[1]. Kamil Paral said it had not been tried yet, and had some questions about the benefits. He summarized that "Overall it should be doable, but it requires quite some work and resources."[2]. James said he would check if it was the EPEL SIG or individual maintainers who were interested[3].

Josef Skladanka posted[4] a "brain dump" of ideas he and Kamil had come up with around depcheck[5].

Kamil proposed (and later carried out) the inclusion of a NEWS file in the AutoQA source[6], and provided a draft[7].

The group continued to work on several tasks related to making AutoQA output more attractive and legible[8] [9] [10].

Security Advisories

In this section, we cover Security Advisories from fedora-package-announce for the three weeks ending August 11, 2011.

Contributing Writer: Pascal Calarco

Fedora 15 Security Advisories

Fedora 14 Security Advisories

Planet Fedora

This is the Planet Fedora section, covering news from[1], a collection of blogs from Fedora users spanning the globe.

Contributing Writer: Joel Braun


FLOSSCamp 2011

Nicu Buculei wrote about his time at FLOSScamp 2011[1], the 5th Romanian free and open source software gathering.

FUDCon India

Rahul Sundaram posted the August 9th meeting minutes for FUDCon India[2].

Fedora Community

Max Spevack, a former Fedora Project leader, has announced that he is leaving Red Hat and that Harish Pillay will be stepping in to fill his role[3].

Máirín Duffy has announced some additions[4] to the Fedora logo Guidelines.

Joerg Simon has announced some new members[5] to the Fedora Ambassadors team. He has also posted statistical graphs of the acceptance and numbers of Fedora ambassadors[6].

Máirín Duffy also gave an update on the changes to Fedora Community[7], a webapp designed to help Fedora's package maintainers do their jobs.


The Pulp team blogged on adding non-rpm content support[8].

Dan Walsh wrote about SELinux changes[9] that will come with the alpha release of Fedora 16.

Robyn Bergeron talked about why the Fedora 16 alpha build is being delayed by one week[10], citing numerous bugs.