#fedora-meeting-1 log

16:00:38 <geppetto> #startmeeting fpc
16:00:38 <zodbot> Meeting started Thu Mar 31 16:00:38 2016 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:38 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:38 <zodbot> The meeting name has been set to 'fpc'
16:00:38 <geppetto> #meetingname fpc
16:00:38 <zodbot> The meeting name has been set to 'fpc'
16:00:38 <geppetto> #topic Roll Call
16:00:52 <mbooth> Hi
16:01:05 <geppetto> #chair mbooth
16:01:05 <zodbot> Current chairs: geppetto mbooth
16:01:06 <geppetto> Hey
16:02:43 <tibbs|w> Howdy.
16:02:49 <geppetto> #chair tibbs
16:02:49 <zodbot> Current chairs: geppetto mbooth tibbs
16:04:13 <tibbs|w> ...
16:04:43 <geppetto> yeh
16:04:58 <orionp> here - was helping a user...
16:05:34 <geppetto> #chair orionp
16:05:34 <zodbot> Current chairs: geppetto mbooth orionp tibbs
16:05:40 <geppetto> Ok … one more … we can do it ;)
16:05:52 <geppetto> although maybe not, as nobody else is on IRC
16:05:57 <tibbs|w> orionp: While we're waiting, if I want to drop in %python_default_filter.... Is python-rpm-macros the right place on all Fedora releases now?
16:07:15 <orionp> tibbs|w: I'm just starting on trying to get it into f23, so just for F24+, epel7 now
16:07:29 <tibbs|w> Ah, OK.
16:07:40 <tibbs|w> I saw some commits to it but wasn't sure of the current state.
16:07:57 <tibbs|w> And there's our fifth.
16:08:05 <Rathann> hi
16:08:33 <geppetto> #chair Rathann
16:08:33 <zodbot> Current chairs: Rathann geppetto mbooth orionp tibbs
16:08:48 <geppetto> Ok, cool
16:09:11 <geppetto> #topic Schedule
16:09:17 <geppetto> #link https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/6T7XKHZUHH2DWD6KT4ETJD7PDJ7BM3QE/
16:09:28 <geppetto> #topic #610 Packaging guidelines: Check upstream tarball signatures
16:09:37 <geppetto> .fpc 610
16:09:40 <zodbot> geppetto: #610 (Packaging guidelines: Check upstream tarball signatures) – fpc - https://fedorahosted.org/fpc/ticket/610
16:09:53 <geppetto> Lots of discussion on the ticket here
16:10:04 <tibbs|w> And on the list, too.
16:10:14 <tibbs|w> I'm not sure it's in a state where we can move on it, though.
16:10:54 <geppetto> Ok, I watned to put it in the meeting given how mush discussion was happening
16:11:05 <geppetto> Also wasn't sure how far you'd have gotten with the macros
16:11:11 <tibbs|w> Not much, really.
16:11:14 * geppetto nods
16:11:30 <tibbs|w> They seem to keep changing their concept of the best way to do it.
16:11:47 <geppetto> Not much on the schedule … so we can wait a couple of minutes for everyone to look, see if anyone has any questions/etc.
16:12:11 * geppetto shrugs … gpg2 was the only tool I'd ever used before
16:12:34 <geppetto> Saying that, I hate it and it doesn't seem suited for whatever I've wanted to use it for (including this)
16:13:55 <tibbs|w> So what was the canonical command to check the signature on a file using a key?
16:14:38 <tibbs|w> Also, I have no problem providing documentation on doing this "the right way" in the guidelines.
16:14:47 * geppetto nods
16:14:57 <tibbs|w> However, I'm still unsure as to whether this is something we'd want to make mandatory.
16:15:45 <tibbs|w> Is it just gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} ?
16:15:59 <tibbs|w> Obviously changing those source numbers around as necessary?
16:16:02 <Rathann> apparently yes
16:16:22 <geppetto> I don't think so
16:16:35 <geppetto> He still sets up a gpghome and imports the keys
16:16:41 <tibbs|w> That's what's currently in the youtube-dl spec.
16:16:47 <geppetto> Oh
16:16:59 <tibbs|w> But I don't know if it's the "right" way.
16:17:13 <geppetto> Oh … source2 is a keyring
16:17:28 <Rathann> or two lines:
16:17:28 <geppetto> I really don't think we want to check binary keyrings into git
16:17:33 <Rathann> gpg2 --dearmor $KEY.asc
16:17:33 <Rathann> gpgv2 --keyring $KEY.asc.gpg %{SOURCE1} ${SOURCE0}
16:17:51 <tibbs|w> So now you see why I didn't make much progress on the macros....
16:17:52 <Rathann> could be one line with &&
16:17:52 <geppetto> That would be cool
16:18:08 <geppetto> tibbs: :)
16:18:41 <tibbs|w> Anyway, I envision something like: %check_gpg_sig -f 0 -s 1 -k 2
16:18:51 <tibbs|w> Or maybe just using positional args.
16:19:02 <tibbs|w> And open to suggestions on the macro name....
16:19:30 <tibbs|w> And then modifying autosetup:
16:19:47 <tibbs|w> %autosetup -n whatever -p1 -g 0,1,2
16:19:50 <Rathann> %gpg_verify maybe?
16:20:09 <Rathann> gpgv2 manpage: says "gpgv2 - Verify OpenPGP signatures"
16:20:19 <Rathann> so it makes sense to use the same wording
16:20:37 <tibbs|w> Just have to work around the fact that RPM already has gpg-related macros.
16:20:46 <tibbs|w> Which are involved in checking RPM signatures.
16:21:24 <Rathann> is there a need to work around anything?
16:21:32 <tibbs|w> There _was_ %__gpg_verify_cmd, but that's now done internally.
16:21:40 <Rathann> built-in macros are prefixed with _ or __
16:22:11 <tibbs|w> Also, rpm always used/uses %__gpg, which was just  %_bindir/gpg2
16:22:17 <tibbs|w> Is gpgv2 a new thing?
16:22:33 <tibbs|w> And if so, when did it appear?
16:23:06 <tibbs|w> Also, the only reason to "work around" anything RPM has used is to avoid confusion.
16:23:13 <Rathann> it seems to be a stripped-down version of gpg2
16:23:52 <Rathann> probably equivalent to gpg2 --verify
16:23:56 <tibbs|w> Is there any reason to call both?
16:24:10 <Rathann> I guess not
16:24:33 <tibbs|w> Just double checking.  Would mean I could just use %__gpg and not have to worry about another executable.
16:25:38 <tibbs|w> Anyway, please if you can, update the ticket with the actual, canonical command line.
16:26:29 <tibbs|w> Also, I assume that "gpg2 --dearmor foo.asc" wrtites out "foo.asc.gpg".  We have to be careful about where that temporary file goes, don't we?
16:27:29 <tibbs|w> Probably not in the first attempt, but the problems are always in the details.
16:27:35 * geppetto nods
16:28:27 <Rathann> tibbs|w: comment 17 seems to contain a good example
16:28:33 <Rathann> using gpg2 only
16:28:58 <Rathann> ah
16:29:06 <Rathann> not exactly
16:30:08 <tibbs|w> But that's an external shell script.  I'm not sure if people were suggesting just having the script in git and calling it from the spec.  Which I would see as somewhat suboptimal if we want people to actually do this.
16:31:00 <tibbs|w> Anyway, all of this just shows that a simple idea doesn't always turn into a simple implementation.
16:32:03 <tibbs|w> If someone includes exactly what should be called, I'll toss out a macro you can paste into the top of the spec just to test it all out.  If it's good, I can move that into redhat-rpm-config in rawhide and test some more.
16:32:44 * geppetto nods
16:33:14 <tibbs|w> I'm in macros currently, so if someone could do that before I swap that knowledge out again, that would be great.
16:33:48 <Rathann> ok
16:34:08 <geppetto> I think it's the bottom of: https://fedorahosted.org/fpc/attachment/ticket/610/dl-exim-chk.2.sh
16:34:45 <geppetto> Where $key is the .asc of keys, $asc is the .asc signature and $url is the upstream url
16:35:01 <tibbs|w> I'll start there, then.
16:35:51 <tibbs|w> I find it interesting that gpgv2 uses a different method to check the signature than gpg2.
16:36:41 <tibbs|w> Any time I touch encryption, some expert comes out of the woodwork to tell me how I'm doing it wrong.
16:37:14 <geppetto> :)
16:38:00 <tibbs|w> Also, I guess that leaks gpghome, but that should be a big deal.
16:38:23 <tibbs|w> Anyway, I have a full day but should be able to whip something up this afternoon.
16:38:34 <geppetto> I figure just need a trap -- rm -rf gpghome or something
16:38:39 <geppetto> but, yeh
16:38:45 <geppetto> Want to move on?
16:40:12 <geppetto> #topic #612 Python naming convention makes some Python tools unusable
16:40:15 <geppetto> .fpc 612
16:40:16 <zodbot> geppetto: #612 (Python naming convention makes some Python tools unusable) – fpc - https://fedorahosted.org/fpc/ticket/612
16:40:28 <tibbs|w> I don't see that any consensus was reached in 612.
16:40:38 <tibbs|w> I certainly don't think what we're doing is wrong.
16:40:46 <tibbs|w> And using alternatives for this case seems.... horrible.
16:41:10 <tibbs|w> The discussion seems to have moved to how to fix the actual bug in sphinx.
16:41:34 <orionp> yeah, this just seems like typical python issues that need to be handled by python community/projects/etc.
16:42:07 * geppetto nods … ok, just want to make sure nobody thought it needed fixing
16:42:14 <tibbs|w> Also, the ticket says "some Python tools" but the only example I saw was sphinx.
16:42:17 <tibbs|w> What were the others?
16:43:17 <tibbs|w> As far as I understand things, the method of naming executables we have is the one preferred by upstreams and other distros, so I doubt there would be all that much breakage caused by it.
16:44:28 * geppetto nods
16:45:24 <geppetto> #topic Open Floor
16:45:32 <geppetto> Ok, anything else anyone wants to discuss?
16:46:26 <tibbs|w> I have stuff I still need to get to.
16:46:36 <tibbs|w> There was grousing that 558 never happened, for example.
16:46:58 <tibbs|w> Actually there has been general grousing that the python guidelines are still confusing, and that's related.
16:48:19 <tibbs|w> I think the problem is that the section " Avoiding collisions between the python 2 and python 3 stacks" is mostly about something else.
16:48:59 <tibbs|w> Namely the whole "py2 and py3 versions provide different functionality".
16:49:25 <tibbs|w> I have been meaning to propose a small reorganization but haven't gotten around to it.
16:49:52 <geppetto> no problem
16:49:53 <tibbs|w> But everything I seem to do seems to reduce confusion in one place and add it in another.
16:50:54 <orionp> almost just seems like 10.1 and 10.2 shouldn't be sub-sections
16:50:59 <tibbs|w> That and rpm file triggers are the only other things that aren't in needinfo or simply waiting on me.
16:51:04 <tibbs|w> orionp: Yeah, pretty much.
16:51:26 <Rathann> oh, I have one thing, too
16:51:49 <tibbs|w> Move the whole "if the executable provides the same functionality, then must use py3" up, and then pull the less common case out to a separate page or something so most people will never see it to be confused by it.
16:53:19 <orionp> Rathann: ?
16:53:28 <tibbs|w> Yeah, I'm done.
16:53:28 <Rathann> the removal of the wiki page listing the reasons for unbundling has been bugging me ever since bundling was allowed, so I'd like to resurrect it in a modified form
16:53:46 <tibbs|w> Feel free.
16:54:06 <tibbs|w> FESCo wanted it gone, but I may have gone too far in excising the whole thing.
16:54:11 <Rathann> shall I open a ticket for this?
16:54:27 <tibbs|w> No reason not to do so, I guess.
16:54:49 <tibbs|w> But I would suggest that you just go ahead and put something there now, and we can tweak it.
16:54:57 <Rathann> ok, will do
16:55:14 <tibbs|w> Only because it means I don't have to do the wiki stuff myself....
16:55:49 <Rathann> :)
16:56:08 <Rathann> I'm more than happy to take care of it
16:56:30 <Rathann> I'm fighting with bundling @dayjob these days
16:56:42 <tibbs|w> I believe I am at least caught up with everything else that I can write up currently.
16:57:19 <tibbs|w> The two things currently in the writeup state actually need the macros to get into the distro before I can put them into the guidelines.
16:57:56 <tibbs|w> If anyone sees anything else that could be cleaned up by the clever application of macros, please let me know.
16:59:15 <tibbs|w> Crap, I need to resurrect my plan to remove useless %defattr lines.
16:59:26 <tibbs|w> Was supposed to do that after we branched but I got buried.
17:00:36 <geppetto> From?
17:01:11 <tibbs|w> Every spec currently in rawhide.
17:01:16 <geppetto> Ahh
17:01:50 <tibbs|w> I'd do it for all of the stuff I magically added to EL5, too, but only after a bunch more testing.
17:02:05 <tibbs|w> It's only a year until EPEL5 death anyway.
17:02:57 <geppetto> maybe
17:03:19 <tibbs|w> Last EPEL meeting it was discussed, the death date was firm.
17:04:02 <geppetto> interesting
17:04:24 <tibbs|w> I thought there was even an announcement, but maybe not yet.
17:05:11 <geppetto> if there was I missed it
17:05:29 <tibbs|w> PSA: Enterprise Linux 5 End of Production on 2017-03-31 and EPEL.
17:06:37 <tibbs|w> I so dislike the new mailing list archives....
17:06:42 <tibbs|w> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/TMHYHDE4ZYUWWCNA5FCNKFWSXWD6GMIO/
17:07:02 <tibbs|w> "[...] I wanted to give a long heads up that EL-5 will also be removed from the builders on April 1 2017 and no builds will be done after that."
17:09:01 <geppetto> Ahh, epel-devel, I'm pretty sure I'm not on that
17:09:14 <geppetto> figured it would goto devel-announce
17:10:35 <geppetto> Anyway … we are 10 past our hour … anyone need to talk about
17:10:38 <geppetto> anything
17:10:40 <geppetto> bah
17:10:45 <tibbs|w> I should bug smooge about it; I'm not sure why he didn't announce it more widely.
17:10:50 <tibbs|w> And I'm done.
17:10:57 <geppetto> If not I'm going to close it in a minute or so
17:10:58 * geppetto nods
17:11:12 <geppetto> A devel announce seems appropriate
17:11:15 <Rathann> nothing further from me and I need to go anyway
17:11:18 <Rathann> thanks
17:12:01 <geppetto> #endmeeting