Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Jun 2014 12:04:40 +0400
From: "(GalaxyMaster)" <galaxy@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: massive Owl userland updates

Solar,

On Sun, Jun 29, 2014 at 11:41:01AM +0400, Solar Designer wrote:
> > Switching to RPM 4.11.2
> 
> BTW, did you preserve our changes to RPM, such as package build time
> comparison (in case Version and Release on a package being upgraded
> remain unchanged between the old and the new revision)?

You are underestimating me :). Yes, all our custom patches are
incorporated. :)  However, after reviewing your patches to RPM I
strongly believe that our build time comparison is a no-op patch :).
The reason for this is that we have ldv@'s (?) SHA1 header comparison
and if a package has been rebuilt its header changes (even if the
version stays exactly the same).  Anyway, my goal was to update
autotools and RPM and preserve as much as possible (behaviour-like),
so I kept all patches in.

> > cleanly).  There were more than 30 of such packages and it took a while
> > to locate and regenerate these patches.
> 
> Yeah, fuzzy patches are a problem.  I hope you reviewed each of those
> cases individually, rather than merely regenerated the patches.  Each of
> those cases is a risk of the chunk getting applied in a wrong place.

This is why it took me a while.

> I usually check for any fuzz and review and then regenerate patches when
> updating a package to a newer upstream version, but not everyone on our
> team was as careful.

By default new RPM will refuse to apply a patch if it's fuzzy, so it
will bring the quality up.  I also noticed that most of our patches were
not properly generated with TZ=UTC, so they failed to set proper
timestamps when I was applying these patches with 'patch -Z'.

> I'd be happy to setup a 64-bit OpenVZ container for your testing on a
> mostly unused 8-core machine.

It would be very helpful.  However, my quota of spare time (and funds)
for Owl is almost out -- I got like 2 more weeks before I go for another
venture in order to keep my family afloat.

> > Below is a brief summary of the work I've done during the last month:
> > 326 files changed, 16856 insertions(+), 28433 deletions(-)
> 
> Ouch.

Well, actually it's not that intrusive -- there are about a dozen of
packages I really put my time into: automake, autoconf, libtool,
coreutils, rpm, and dependencies of these -- the rest of the list are
packages where I was fixing the revealed issues, e.g. wrong timestamps
in changelogs, fuzzy patches, PreReq -> Requires(pre/post/preun/postun).
The new RPM is much stricter by default and I didn't want to relax it.

-- 
(GM)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ