Lector de Feeds
Add note on patches, links to see also
← Older revision
Revision as of 08:36, 30 January 2025
(One intermediate revision by the same user not shown)Line 69:
Line 69:
Overview: Overview:
−# Developer builds a package SRPM containing all application source code as well as any unpackaged dependency source code for an application (i.e. vendoring it), including a software attestation+# Developer builds a package SRPM containing all application source code as well as any unpackaged dependency source code for an application (i.e. vendoring it), including a SBOM
−# The build system adds packaged dependencies to the software attestation+# The build system adds packaged dependencies to the SBOM
# For interpreted languages, the build system puts any vendored code into a filesystem location specific to the application # For interpreted languages, the build system puts any vendored code into a filesystem location specific to the application
−# The build system stores the software attestation at the end of the build into a central repository+# The build system stores the SBOM at the end of the build into a central repository
−# A security scanner periodically scans all software attestations to look for dependencies that have reported security vulnerabilities+# A security scanner periodically scans all SBOMs to look for dependencies that have reported security vulnerabilities
# If a security vulnerability is found, it outputs a list of packages that need to be updated and rebuilt and opens one or more bugs # If a security vulnerability is found, it outputs a list of packages that need to be updated and rebuilt and opens one or more bugs
−# Each package needing a rebuild goes back to step 1 (if a local patch to fix a vulnerability has been added, it is noted in the software attestation)+# Each package needing a rebuild goes back to step 1 (if a local patch to fix a vulnerability has been added, it is noted in the SBOM)
−Software attestations will be stored in the [https://spdx.dev/ SPDX] format.+SBOMs will be stored in the [https://spdx.dev/ SPDX] format.
+
+Security updates are assumed to consist of upgrading to a new upstream release. Those that require patching a dependency complicates this flow, since the same patch must then be applied to each vendored instance of that dependency.
=== Go === === Go ===
Line 90:
Line 92:
* [[Security Updates]] * [[Security Updates]]
* [https://lwn.net/Articles/1005655/ Fedora proposing allowing vendored Go packages] * [https://lwn.net/Articles/1005655/ Fedora proposing allowing vendored Go packages]
+* [https://fosdem.org/2025/schedule/event/fosdem-2025-5570-rust-rpms-and-the-fine-art-of-dependency-bundling/ Rust, RPMs, and the Fine Art of Dependency Bundling]
+* [https://ml.mageia.org/l/arc/dev/2023-04/msg00579.html Thread on packages with many components/modules/subpackages]
[[Category:Packaging]] [[Category:Packaging]]
Danf
Figured I'd post an update on how things are going with the new laptop (HP Omnibook Ultra 14, AMD Ryzen AI 9 365 "Strix Point", for the searchers) and with Silverblue.
I managed to work around the hub issue by swapping out the fancy $300 Thunderbolt hub for a $40 USB-C hub off Amazon. This comes with limitations - you're only going to get a single 4k 60Hz external display, and limited bandwidth for anything else - but it's sufficient for my needs, and makes me regret buying the fancy hub in the first place. It seems to work 100% reliably on startup, reboot and across suspend/resume. There's still clearly something wrong with Thunderbolt handling in the kernel, but it's not my problem any more.
The poor performance of some sites in Firefox turned out to be tied to the hanging problem - I'd disabled graphics acceleration in Firefox, which helped with the hanging, but was causing the appalling performance on Google sites and others. I've now cargo-culted a set of kernel args - amdgpu.dcdebugmask=0x800 amdgpu.lockup_timeout=100000 drm.vblankoffdelay=0 - which seem to be helping; I turned graphics acceleration back on in Firefox and it hasn't started hanging again. At least, I haven't had random hangs for the last few days, and this morning I played a video on youtube and the system has not hung since then. I've no idea how bad they are for battery life, but hey, they seem to be keeping things stable. So, the system is pretty workable at this point. I've been using it full-time, haven't had to go back to the old one.
I'm also feeling better about Silverblue as a main OS this time. A lot of things seem to have got better. The toolbox container experience is pretty smooth now. I managed to get adb working inside a container by putting these udev rules in /etc/udev/rules.d. It seems like I have to kill and re-start the adb server any time the phone disconnects or reboots - usually adb would keep seeing the phone just fine across those events - but it's a minor inconvenience. I had to print something yesterday, was worried for a moment that I'd have to figure out how to get hp-setup to do its thing, but then...Silverblue saw my ancient HP printer on the network, let me print to it, and it worked, all without any manual setup at all. It seems to be working over IPP, but I'm a bit surprised, as the printer is from 2010 or 2011 and I don't think it worked before. But I'm not complaining!
I haven't had any real issues with app availability so far. All the desktop apps I need to use are available as flatpaks, and the toolbox container handles CLI stuff. I'm running Firefox (baked-in version), Evolution, gedit, ptyxis (built-in), liferea, nheko, slack and vesktop (for discord) without any trouble. LibreOffice and GIMP flatpaks also work fine. Everything's really been pretty smooth.
I do have a couple of tweaks in my bashrc (I put them in a file in ~/.bashrc.d, which is a neat invention) that other Atomic users might find useful...
if [ -n "$container" ]
then
alias gedit="flatpak-spawn --host /var/lib/flatpak/exports/bin/org.gnome.gedit"
alias xdg-open=flatpak-xdg-open
else
alias gedit=/var/lib/flatpak/exports/bin/org.gnome.gedit
fi
the gedit aliases let me do gedit somefile either inside or outside a container, and the file just opens in my existing gedit instance. Can't really live without that. You can adapt it for anything that's a flatpak app on the host. The xdg-open alias within containers similar makes xdg-open somefile within the container do the same as it would outside the container.
So it's still early days, but I'm optimistic I'll keep this setup this time. I might try rebasing to the bootc build soon.
In Mageia/9/x86_64:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
In Mageia/9/aarch64:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
In Mageia/9/armv7hl:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
In Mageia/9/i586:
Mesa is an OpenGL 4.6 compatible 3D graphics library.
In Mageia/cauldron/x86_64:
Rachota is a portable application for timetracking different projects. It runs
everywhere. It displays time data in diagram form, creates customized reports
and invoices or analyses measured data and suggests hints to improve user's
time usage. The totally portable yet personal timetracker.
In Mageia/cauldron/i586:
Rachota is a portable application for timetracking different projects. It runs
everywhere. It displays time data in diagram form, creates customized reports
and invoices or analyses measured data and suggests hints to improve user's
time usage. The totally portable yet personal timetracker.
In Mageia/cauldron/i586:
A program to convert images from PPM format into the control language for the
Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata.
This program drives the Alps Micro-Dry series of printers, including the
Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the
DP-7000).
In the current release, the program drives the standard mode fairly well; the
dye sublimation mode very well; and the VPhoto mode reasonably well.
It supports all the colours available up to the DP-5000, including the foil
colours.
In Mageia/cauldron/x86_64:
A program to convert images from PPM format into the control language for the
Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata.
This program drives the Alps Micro-Dry series of printers, including the
Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the
DP-7000).
In the current release, the program drives the standard mode fairly well; the
dye sublimation mode very well; and the VPhoto mode reasonably well.
It supports all the colours available up to the DP-5000, including the foil
colours.
In Mageia/cauldron/x86_64:
This tool tries to recover JFIF (JPEG) pictures and MOV movies (using
recovermov) from a peripheral. This may be useful if you mistakenly overwrite
a partition or if a device such as a digital camera memory card is bogus.
In Mageia/cauldron/i586:
This tool tries to recover JFIF (JPEG) pictures and MOV movies (using
recovermov) from a peripheral. This may be useful if you mistakenly overwrite
a partition or if a device such as a digital camera memory card is bogus.
In Mageia/cauldron/x86_64:
Rdfind is a program that finds duplicate files. It is useful for compressing
backup directories or just finding duplicate files. It compares files based on
their content, NOT on their file names.
In Mageia/cauldron/i586:
Rdfind is a program that finds duplicate files. It is useful for compressing
backup directories or just finding duplicate files. It compares files based on
their content, NOT on their file names.
In Mageia/cauldron/x86_64:
Unifont is a Unicode font with a glyph for every visible Unicode Basic
Multilingual Plane code point and more, with supporting utilities to
modify the font. This package contains tools and glyph descriptions.
In Mageia/cauldron/i586:
Unifont is a Unicode font with a glyph for every visible Unicode Basic
Multilingual Plane code point and more, with supporting utilities to
modify the font. This package contains tools and glyph descriptions.
In Mageia/cauldron/i586:
RANCID monitors a router's (or more generally a device's) configuration,
including software and hardware (cards, serial numbers, etc) and uses CVS
(Concurrent Version System) or Subversion to maintain history of changes.
RANCID does this by the very simple process summarized here:
* login to each device in the router table (router.db),
* run various commands to get the information that will be saved,
* cook the output; re-format, remove oscillating or incrementing data,
* email any differences (sample) from the previous collection to a mail
list,
* and finally commit those changes to the revision control system
RANCID also includes looking glass software. It is based on Ed Kern's looking
glass which was once used for http://nitrous.digex.net/, for the old-school
folks who remember it. Our version has added functions, supports Cisco,
Juniper, and Foundry and uses the login scripts that come with rancid; so it
can use telnet or ssh to connect to your devices(s).
Rancid currently supports Cisco routers, Juniper routers, Catalyst switches,
Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd),
Alteon switches, and HP Procurve switches and a host of others.
Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America,
Certainty Solutions Inc.
In Mageia/cauldron/x86_64:
RANCID monitors a router's (or more generally a device's) configuration,
including software and hardware (cards, serial numbers, etc) and uses CVS
(Concurrent Version System) or Subversion to maintain history of changes.
RANCID does this by the very simple process summarized here:
* login to each device in the router table (router.db),
* run various commands to get the information that will be saved,
* cook the output; re-format, remove oscillating or incrementing data,
* email any differences (sample) from the previous collection to a mail
list,
* and finally commit those changes to the revision control system
RANCID also includes looking glass software. It is based on Ed Kern's looking
glass which was once used for http://nitrous.digex.net/, for the old-school
folks who remember it. Our version has added functions, supports Cisco,
Juniper, and Foundry and uses the login scripts that come with rancid; so it
can use telnet or ssh to connect to your devices(s).
Rancid currently supports Cisco routers, Juniper routers, Catalyst switches,
Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd),
Alteon switches, and HP Procurve switches and a host of others.
Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America,
Certainty Solutions Inc.
In Mageia/cauldron/x86_64:
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.
You can use Redis from most programming languages also.
In Mageia/cauldron/i586:
Redis is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Redis works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Redis also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Redis behave like
a cache.
You can use Redis from most programming languages also.
|
