16:00:05 #startmeeting fpc 16:00:05 Meeting started Thu Jun 23 16:00:05 2016 UTC. The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:05 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:05 The meeting name has been set to 'fpc' 16:00:06 #meetingname fpc 16:00:06 #topic Roll Call 16:00:06 The meeting name has been set to 'fpc' 16:00:26 For once I made it. 16:00:36 hello 16:00:38 #chair tibbs|w 16:00:38 Current chairs: geppetto tibbs|w 16:00:44 #chair orionp 16:00:45 Current chairs: geppetto orionp tibbs|w 16:01:06 tibbs_: pretty sure you have a high attendance rate :) 16:02:47 Of course now it'll be cool if nobody else shows up :-o 16:02:49 * limburgher is here but spaced 16:02:55 #chair limburgher 16:02:55 Current chairs: geppetto limburgher orionp tibbs|w 16:03:26 #chair racor 16:03:26 Current chairs: geppetto limburgher orionp racor tibbs|w 16:03:47 Ok, that's 5 ... I'll give another couple of minutes to see if we get more though 16:04:15 hi 16:04:30 #chair Rathann 16:04:30 Current chairs: Rathann geppetto limburgher orionp racor tibbs|w 16:04:32 I'll be right back (switching computers) 16:04:36 ok 16:08:42 Hi 16:08:53 #chair mbooth_ 16:08:53 Current chairs: Rathann geppetto limburgher mbooth_ orionp racor tibbs|w 16:09:06 just aiting for rathann to come back 16:09:30 Hi 16:09:36 #chair tomspur 16:09:36 Current chairs: Rathann geppetto limburgher mbooth_ orionp racor tibbs|w tomspur 16:10:05 8‽ :-o 16:10:11 :) 16:11:28 ok, going to start without rathann 16:11:34 And there he is :) 16:11:38 I'm back, sorry for the delay 16:11:42 #topic Schedule 16:11:47 https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/DJGQZIMQFABLETAMWARIR6WPW2U7DFDZ/ 16:12:06 #topic #630 selinux requirements in review and guidelines 16:12:10 .fpc 630 16:12:12 geppetto: #630 (selinux requirements in review and guidelines) – fpc - https://fedorahosted.org/fpc/ticket/630 16:12:48 I'm kind of meh. 16:13:07 But only because filing tickets against selinux policy proactively hasn't been well looked upon. 16:13:22 really? 16:13:31 yep 16:13:44 As in, I wanted to get something into policy before I made the change in my package, and they told me that I had to come up with a complete set of AVCs first. 16:14:17 Which is a hell of a lot more testing, even though I just asked them to add a fcontext entry for one directory. 16:14:21 I had good experience with submitting bugs and getting them fixed, also only SHOULD is proposed 16:15:14 Yeah, I've been really happy with my interactions with the selinux folks. 16:15:49 For the most part, yes; when you have an AVC caused by an existing package in Fedora they fix it quickly. 16:16:11 But it's a chicken and egg thing. People will trigger this at the review stage. 16:16:50 so at the moment there appears to be *nothing* in the guidelines about SELinux? 16:16:52 I don't disagree with it, really, but it might be good to know if the selinux people really want to know about issues with packages that aren't yet in the distribution. 16:17:09 Yes, we kept selinux stuff out intentionally. But that was long ago. 16:17:23 yeah, let's ask them what they want 16:17:49 well 16:18:05 Pinging some folks on #selinux now. 16:18:16 for the record, there already is a lot of stuff in selinux policy covering applications/libraries which are not in the distribution 16:18:56 and will either never be (proprietary stuff) or won't be in in the near future (stuff packaged in RPMFusion for example) 16:18:58 yeah, I've gotten a bunch of third party/custom stuff added 16:19:28 Also needs real info on the proper way to file those bugs. At least a bugzilla link. 16:22:43 ok, so we going to needinfo it or will someone turn up? 16:22:54 Anyway, a proper draft would be good in any case. 16:23:11 Agreed. 16:23:12 And if selinux folks are on board then all the better. They'd be getting the bugs anyway, I'd think. 16:24:08 * geppetto nods 16:24:24 * mbooth_ agrees 16:24:50 #info Need real info on filing bugs. 16:24:56 Anyway, there's enough here for someone to do a proper draft. Anyone want to take care of that so I don't have to? 16:25:04 #action A proper draft is required. 16:25:13 #topic #631 Usage of BuildRequires: /usr/bin/desktop-file- validate 16:25:18 .fpc 631 16:25:19 geppetto: #631 (Usage of BuildRequires: /usr/bin/desktop-file-validate) – fpc - https://fedorahosted.org/fpc/ticket/631 16:25:27 tibbs|w: yeah, I can take that on 16:25:48 I don't have much free time on my hands until the end of this month, so I'm not volunteering to write a draft for next meeting, but maybe for the next 16:26:39 It should be about five minutes of work, but it's five minutes I jut don't have right now. 16:28:34 This ticket seems nit-picky -- if they admit that either BR is fine, why do they care which one should be used? 16:28:53 I think it's just confusing wording? 16:29:49 Hmm, I'm not confused by it; I am a native English speaker however 16:30:04 I think it's the wording. I spoke with the submitter on it, who is not. 16:30:15 I think this is another instance of people expecting their exact case to be covered in the guidelines. 16:30:27 * geppetto nods ... we could just needinfo it if they want different/better wording 16:30:47 TBH I think both the reviewer and submitter were making something out of nothing but I have no problem clarifying the wording. 16:30:57 You can BR the package or the file; the guidelines care that you have the correct dependencies. 16:31:17 Either dependency is correct, so no problem. Why do we need to be more explicit about that? 16:32:14 It wasn't clear to the reviewer that either is correct. 16:32:21 It was interpreted literally. 16:32:30 I think we favored desktop-file-utils to avoid downloading the filelists. But now that it doesn't matter anymore... 16:33:11 It should again though 16:33:19 dnf devs. have said they'll fix dnf 16:33:55 #info Wording seems fine to us, if you have a change you think is better we'll be happy to review it 16:34:00 tomspur: we do, but /usr/bin deps are part of the main metadata 16:34:11 #topic #633 Document unwritten rule about guideline exceptions 16:34:13 .fpc 633 16:34:15 geppetto: #633 (Document unwritten rule about guideline exceptions) – fpc - https://fedorahosted.org/fpc/ticket/633 16:34:45 This sprung out of a FESCo ticket about "offensive" package names. 16:35:14 But it's really a general issue that's bugged me for ages now. 16:35:14 * geppetto nods 16:35:32 Our language really isn't "tight" enough when it comes to what you must do and what you should do. 16:35:58 And, yes, I've avoided it in the past, but I've realized that being precise could clear up a number of disagreements. 16:36:18 There are Strict Constuctionists in our midst. 16:36:23 Say that 10x fast. 16:36:41 Is that in the mathematical sense or the political sense? 16:36:53 The latter. 16:37:10 Because I have a couple of the former just a few offices down. 16:37:42 In any case, really, it's about linting the guidelines to use "must" and "should" (or capitalized if you like yelling, or maybe some other wiki magic). 16:37:42 :) 16:37:55 I'm happy with the wording, and with dropping "must be minimal" 16:38:16 I don't mind the draft ... the minimal has me a little worried because sometimes that's not exactly correct 16:38:16 And then defining what those terms mean, and what you must (MUST) do when you violate something. 16:38:39 geppetto: It's fine; I wrote it in like three minutes so I'm not going to defend it. 16:39:20 * geppetto nods ... just change that line to " The deviation MUST be documented in the specfile" ? 16:39:29 s/line/sentence/ 16:40:15 bah ... "The nature of the deviation and the reasoning behind it MUST be documented in the specfile. " 16:40:22 Anyway ... +1 16:40:34 +1 16:40:36 +1 16:40:38 +1 16:41:24 +1 16:41:54 +1 16:42:11 racor: vote? 16:42:13 +1 16:42:18 +1 16:42:30 #action Document unwritten rule about guideline exceptions (+1:8, 0:0, -1:0) 16:42:32 Closest thing to unanimous we've had in a long time. 16:43:00 #topic #629 Handling dirs. under /var/lock and /var/run in %files and images 16:43:04 But now the hard work begins. I'll leave the ticket open for a while, and if you find examples of text that needs to change, feel free to point it out there. 16:43:05 .fpc 629 16:43:07 geppetto: #629 (Handling directories under /var/lock and /var/run in %files and base image) – fpc - https://fedorahosted.org/fpc/ticket/629 16:43:22 If we have questions about what should be MUST or SHOULD then we can make more tickets. 16:43:36 * geppetto nods 16:44:01 For 629, I _think_ it should be sufficient for filesystem to own /run/lock. 16:44:16 And if systemd mounts over that, it will then create its own. 16:44:31 But it would be nice if someone on that ticket actually said if it would work.... 16:44:56 tibbs|w +1 16:45:08 filesystem could %ghost it, right? 16:45:18 yeh 16:45:47 otherwise you might get annoying boot messages about /run not being empty when mounted 16:46:44 Would that happen? I don't recall seeing those messages in a while. 16:47:01 If it ghosted it, that wouldn't help the directory to actually exist. 16:47:34 But you're right that _something_ should own it. 16:47:59 tibbs|w: yes, that happens if something mounts over non-empty dir 16:48:12 It's usually ghost+auto creation ... or list in %files, as well as tmpfile.d creation 16:48:34 I think the issue is that nothing is doing the tmpfiles.d thing in their case. 16:48:40 yeh 16:48:49 Really I don't think we have enough info. 16:48:57 although maybe just fix that :) 16:48:58 Basically there are two issues that I see: 16:49:18 They have a bug in their container generation thing that doesn't give them a necessary directory. 16:49:27 Some package probably should own /run/lock. 16:49:44 Neither of these lies with the guidelines, and I don't see any reason they should change. 16:49:48 Or am I missing something? 16:50:22 Well, one "solution" would be to mandate tmpfiles.d and %ghost'ing /run/lock/foo in packages 16:51:55 then installation wouldn't fail in containers without /run/lock, but it really does seem like /run/lock should always exist 16:52:07 yeh 16:52:38 I think I'd prefer not to worry about the details of their container environment. 16:52:48 We should care about what should own /run/lock. 16:53:39 Which I assume would be systemd, though the whole issue is weird because the rpm would have files which don't exist if you try to validate your system in a chroot or something. 16:53:56 I can't recall off the top of my head what rpm -V does for %ghosted files which don't exist. 16:54:17 I think it checks their existence but nothing else 16:54:33 So rpm -qf works, but -V won't complain. 16:54:39 Which would make some sense. 16:54:48 it depends, ghost'd files can have some metadata with it 16:55:05 rpm -V won't complain if they aren't there, but it can complain if they are "wrong" ... IIRC 16:55:20 In this case it's just a directory, so I'd think it could only complain about their permissions. And maybe the timestamp. 16:55:35 * geppetto nods, perms and user 16:55:37 Though it really shouldn't complain about the timestamp for anything that's %ghost'ed. 16:57:37 Any action we want to take or info we want to pass on? 16:57:42 Anyway, I guess we ask the systemd folks to %ghost /run/lock? 16:57:50 I think that's really about all we can do. 16:58:11 just ghost'ing that one dir. doesn't seem like it'll do anything 16:58:27 I agree, except that none of this is really our issue. 16:58:34 So why don't we suggest using %ghost in the tmpfiles.d guidelines? 16:59:50 There is actually a guidelines thing to change; we explicitly mention /var/run and /var/lock when we should just say "/run and /run/lock" 17:00:02 indeed 17:00:07 Ok, sure. +1 17:00:10 In a couple of places. BUt that's just a trivial thing. 17:00:20 +1 17:00:23 +1 17:00:30 And, yeah, we don't mention %ghost at all in the tmpfiles.d guideline. 17:00:31 +1 17:00:40 So... maybe we should do that too. 17:00:52 +1 17:01:13 Actually rereading https://fedoraproject.org/wiki/Packaging:Tmpfiles.d ... 17:01:25 Some "Fedora 15" stuff to remove. 17:01:39 The guidelines say explicity to _own_ the directory, not to %ghost it. 17:01:55 "In the spec file, the packager needs to install the tmpfiles.d conf file into the %{_tmpfilesdir} directory and also make sure the directory is included in the rpm. " 17:02:14 There's also mention of how you put files in /run directly. 17:02:53 I have some vague recollection of discussing the %ghost issue but can't remember anything else about it. 17:03:05 If someone wants to grep some meeting logs, that would be awesome. 17:04:36 Sorry guys. I need to leave in about 5 minutes to catch my train... 17:04:43 ok, n/p 17:05:28 #action Do minor cleanup of /var/run and /var/lock to /run and /run/lock (+1:5, 0:0, -1:0) 17:05:52 https://fedorahosted.org/fpc/ticket/439 has a comment about %ghost being ill-advised 17:06:39 tomspur: You have any thoughts on 628, before you go? 17:06:47 Can ping rdieter and zbyszek, I guess. 17:07:17 I actually checked and, yes, NFS _still_ doesn't do any kind of UID mapping by default. 17:07:36 (this is re: 628). 17:07:45 So NFS is still a valid argument there. 17:08:11 looks like it was supposed to be discussed 2014-07-10 where would logs be? 17:08:50 orionp: Todays should be: http://meetbot.fedoraproject.org/fedora-meeting-1/2016-06-23/fpc.2016-06-23-16.00.txt 17:09:22 geppetto: Sorry, I'd be on the fence on this one... 17:09:34 geppetto: I can vote in the ticket later on, if needed 17:09:49 orionp: https://meetbot.fedoraproject.org/fedora-meeting-1/2014-07-10/fpc.2014-07-10-16.01.log.html 17:09:57 got it, thanks 17:10:25 no mention of ghost there 17:13:47 I'm not sure then, I'm pretty happy to just declare it a bug with containers 17:14:11 I think that's the case anyway, unless they come up with some actual argument as to why it isn't. 17:14:32 But that might upset someone ... we could ask someone (systemd) put it in %files as well as tmpfiles.d 17:14:53 But I really don't want to be the middle man in a flamewar there 17:15:53 Ok ... 17:16:22 #info You can ask systemd package that owns the tmpfiles.d conf. for /var/lock to also have it in %files 17:16:42 yeah, this seems like someone's else's issue for the most part 17:16:44 Or ask systemd what they'd prefer and why. 17:16:53 #info Also ping the upstream container tools about fixing their tools for this issue. 17:16:59 All I can see for us is those minor guidelines fixes I mentioned. 17:17:09 Which hopefully I'll find time to fix soon. 17:17:32 * geppetto nods ... moving onto the UID one then 17:17:39 #topic #628 Reserve UID/GID for cassandra 17:17:44 .fpc 628 17:17:45 geppetto: #628 (Reserve UID/GID for cassandra) – fpc - https://fedorahosted.org/fpc/ticket/628 17:18:14 So, as I mentioned a bit ago, NFS still doesn't do any kind of user mapping by default, so it's still a valid argument for this kind of thing. 17:18:33 yeh 17:18:41 Yeah 17:18:44 Well, with as much validity as most of the other arguments. 17:19:02 I assume cassandra is used over NFS a lot? 17:19:43 I think most of these issues are in the category of "might be used over NFS" (or "someone might move the disk between machines" or the like). 17:19:51 sorry, folks, I need to quit now. 17:20:20 * geppetto nods 17:20:23 I think we still have six. 17:20:30 Yeh 17:20:35 I need to duck out too, sorry 17:20:45 Oops. 17:21:08 Do we have any idea yet how many we can give out? 17:21:32 Well, let's see. 17:21:39 "soft static" is <500. 17:22:31 the uidgid file in setup has 167 lines. 17:23:07 But that includes one comment and nfsnobody, plus a fer with just question marks which I don't yet understand. 17:23:31 So.. say we're at 163 out of 500. 17:23:36 * geppetto nods 17:23:44 At this rate we're pretty damn good for quite some time. 17:23:59 When it was < 200, then we were kind of in a panic. 17:24:12 yeh, it seems like we should probably just give one 17:24:17 +1 17:24:57 I'm assuming that the uidgid file in setup is actually the thing. 17:25:04 * geppetto nods 17:25:37 I think we should clarify our guidelines around this kind of thing. 17:26:19 Basically, if sharing over NFS or swapping disks is part of _the intended use case_ of the software in question, then ask for an exception. 17:26:30 Back this up with documentation. 17:27:10 "users might want to access files from remote storage where cassandra is running" doesn't seem to me to quite qualify . 17:27:41 I have no bloody idea what cassandra even is, since the submiter didn't even give us a URL or anything. 17:27:51 And it's not as if I can search for it. 17:28:40 It's a DB. 17:29:02 https://en.wikipedia.org/wiki/Apache_Cassandra 17:29:12 yeh 17:29:38 I know that much ... just not how it's used or setup or anything 17:29:45 Just another example of how not to file an FPC ticket. 17:29:54 Maybe we need to clarify that, too. 17:29:57 But, as I said, it seems like it's cheep enough we should probably just +1 17:30:23 https://docs.datastax.com/en/cassandra/1.2/cassandra/architecture/architecturePlanningAntiPatterns_c.html 17:30:29 "Don't put it on NFS", basically. 17:30:33 So, uh... 17:31:03 "To best use Cassandra, avoid using NFS." to use a literal quote. 17:31:46 I know this is probably "cheap enough", but I'd still like to get them to provide complete and useful information just so we actually have a good record. 17:34:12 Ok, I mean we've requested the info. and nobody has replied for weeks ... so :( 17:34:21 s/the/more/ 17:34:50 Right, this was a package in review and probably just got dropped. Either that or they just ignored FPC and went ahead. 17:34:56 #info Can you provide more information please? As far as we can see Cassandra shouldn't be used over NFS, given the upstream docs. 17:35:33 #info Saying that giving a soft static uid shouldn't be a problem if you have a need for it. 17:35:39 Ok 17:35:43 #topic Open floor 17:35:50 Anyone want to being anything up? 17:36:13 I sure don't. I have enough on my plate. 17:36:21 * geppetto nods 17:36:29 Going to close in a couple of minutes then 17:36:38 Lunch has been calling me for a bit now :-o 17:37:56 Nothing here. 17:38:32 #endmeeting