Bug 1263235
| Summary: | audit in F23 is older than in F22, breaks upgrade | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kamil Páral <kparal> |
| Component: | audit | Assignee: | Steve Grubb <sgrubb> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | awilliam, pbrobinson, robatino, sgallagh, sgrubb |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | AcceptedBlocker | ||
| Fixed In Version: | 2.4.4-2.fc23 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-09-19 18:54:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1170819, 1264167 | ||
|
Description
Kamil Páral
2015-09-15 11:55:27 UTC
This breaks the following Beta requirement: " The upgraded system must include all packages that would be present on the system after a default installation from install media, plus any packages the user previously had (minus any obsolete content). " https://fedoraproject.org/wiki/Fedora_22_Beta_Release_Criteria#Upgrade_requirements audit and setroubleshoot are part of the default installation set, at least on Workstation. I kinda feel like the blocker process just isn't the right way to handle these cases, but I'm not sure what is. Note the criterion was really meant to be about packages not package *versions*, but the exact way we apply the criteria isn't really the issue, the issue is 'what's the right way to handle upgradepath bugs for the release process'. And of course there's the old perennial 'should upgrades be distro-sync'. Of course, we have the option of simply including `--distro-sync` in the documented instructions for using dnf-system-upgrade, I guess. Still, given that it's the process we have right now, tentative +1 from me. For now I think I'm going to tweak the wiki pages to hedge a bit. I'll try to get a build out soon. I needed to push 2.4.4 because of a CVE that people were exposed to on F22/21. For some reason, the build failed in F23 and it was a very unusual failure. I needed a F23 VM to see what is going on. I have not been able to get one to install. (No iso images for the alpha.) I now have the TC5 iso and will see if I can recreate the build failure. (In reply to Steve Grubb from comment #3) > I'll try to get a build out soon. I needed to push 2.4.4 because of a CVE > that people were exposed to on F22/21. For some reason, the build failed in > F23 and it was a very unusual failure. I needed a F23 VM to see what is > going on. I have not been able to get one to install. (No iso images for the > alpha.) I now have the TC5 iso and will see if I can recreate the build > failure. I've fixed it and building an update now. It's because with the linker was using the distro linker flags which are hardened and but the build wasn't using the distro CFLAGs with the appropriate hardening bits. Passing the CFLAGS through make fixes this. You might want to look at the package in other versions as it looks like the package isn't generally built with the appropriate $CFLAGS audit-2.4.4-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-16016 I'd give this a +1 blocker as well, but as a "special blocker" (needs to be fixed and in the stable repo before we announce Beta release, but doesn't necessitate a change to the frozen package set). audit-2.4.4-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update audit'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-16016 Discussed at 2015-09-17 Fedora 23 Beta Go/No-Go meeting, acting as a blocker review meeting: https://meetbot-raw.fedoraproject.org/teams/f23_beta_go_no-go_meeting/f23_beta_go_no-go_meeting.2015-09-17-16.00.log.txt . Accepted as a 'special blocker': in this context that means we are requiring that this update must be in the 0-day update set for Beta. It does *not* need to be included in the frozen Beta repo or media. We really ought to have a better process for tracking such issues, but for now the blocker process is what we've got. audit-2.4.4-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |