16:00:05 <geppetto> #startmeeting fpc
16:00:05 <zodbot> Meeting started Thu Jun 23 16:00:05 2016 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:05 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:05 <zodbot> The meeting name has been set to 'fpc'
16:00:06 <geppetto> #meetingname fpc
16:00:06 <geppetto> #topic Roll Call
16:00:06 <zodbot> The meeting name has been set to 'fpc'
16:00:26 <tibbs|w> For once I made it.
16:00:36 <orionp> hello
16:00:38 <geppetto> #chair tibbs|w
16:00:38 <zodbot> Current chairs: geppetto tibbs|w
16:00:44 <geppetto> #chair orionp
16:00:45 <zodbot> Current chairs: geppetto orionp tibbs|w
16:01:06 <geppetto> tibbs_: pretty sure you have a high attendance rate :)
16:02:47 <geppetto> Of course now it'll be cool if nobody else shows up :-o
16:02:49 * limburgher is here but spaced
16:02:55 <geppetto> #chair limburgher
16:02:55 <zodbot> Current chairs: geppetto limburgher orionp tibbs|w
16:03:26 <geppetto> #chair racor
16:03:26 <zodbot> Current chairs: geppetto limburgher orionp racor tibbs|w
16:03:47 <geppetto> Ok, that's 5 ... I'll give another couple of minutes to see if we get more though
16:04:15 <Rathann> hi
16:04:30 <geppetto> #chair Rathann
16:04:30 <zodbot> Current chairs: Rathann geppetto limburgher orionp racor tibbs|w
16:04:32 <Rathann> I'll be right back (switching computers)
16:04:36 <geppetto> ok
16:08:42 <mbooth_> Hi
16:08:53 <geppetto> #chair mbooth_
16:08:53 <zodbot> Current chairs: Rathann geppetto limburgher mbooth_ orionp racor tibbs|w
16:09:06 <geppetto> just aiting for rathann to come back
16:09:30 <tomspur> Hi
16:09:36 <geppetto> #chair tomspur
16:09:36 <zodbot> Current chairs: Rathann geppetto limburgher mbooth_ orionp racor tibbs|w tomspur
16:10:05 <mbooth_> 8‽ :-o
16:10:11 <geppetto> :)
16:11:28 <geppetto> ok, going to start without rathann
16:11:34 <geppetto> And there he is :)
16:11:38 <Rathann> I'm back, sorry for the delay
16:11:42 <geppetto> #topic Schedule
16:11:47 <geppetto> https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/DJGQZIMQFABLETAMWARIR6WPW2U7DFDZ/
16:12:06 <geppetto> #topic #630  selinux requirements in review and guidelines
16:12:10 <geppetto> .fpc 630
16:12:12 <zodbot> geppetto: #630 (selinux requirements in review and guidelines) – fpc - https://fedorahosted.org/fpc/ticket/630
16:12:48 <tibbs|w> I'm kind of meh.
16:13:07 <tibbs|w> But only because filing tickets against selinux policy proactively hasn't been well looked upon.
16:13:22 <orionp> really?
16:13:31 <racor> yep
16:13:44 <tibbs|w> As in, I wanted to get something into policy before I made the change in my package, and they told me that I had to come up with a complete set of AVCs first.
16:14:17 <tibbs|w> Which is a hell of a lot more testing, even though I just asked them to add a fcontext entry for one directory.
16:14:21 <Rathann> I had good experience with submitting bugs and getting them fixed, also only SHOULD is proposed
16:15:14 <orionp> Yeah, I've been really happy with my interactions with the selinux folks.
16:15:49 <tibbs|w> For the most part, yes; when you have an AVC caused by an existing package in Fedora they fix it quickly.
16:16:11 <tibbs|w> But it's a chicken and egg thing.  People will trigger this at the review stage.
16:16:50 <orionp> so at the moment there appears to be *nothing* in the guidelines about SELinux?
16:16:52 <tibbs|w> I don't disagree with it, really, but it might be good to know if the selinux people really want to know about issues with packages that aren't yet in the distribution.
16:17:09 <tibbs|w> Yes, we kept selinux stuff out intentionally.  But that was long ago.
16:17:23 <orionp> yeah, let's ask them what they want
16:17:49 <Rathann> well
16:18:05 <tibbs|w> Pinging some folks on #selinux now.
16:18:16 <Rathann> for the record, there already is a lot of stuff in selinux policy covering applications/libraries which are not in the distribution
16:18:56 <Rathann> and will either never be (proprietary stuff) or won't be in in the near future (stuff packaged in RPMFusion for example)
16:18:58 <orionp> yeah, I've gotten a bunch of third party/custom stuff added
16:19:28 <tibbs|w> Also needs real info on the proper way to file those bugs.  At least a bugzilla link.
16:22:43 <geppetto> ok, so we going to needinfo it or will someone turn up?
16:22:54 <tibbs|w> Anyway, a proper draft would be good in any case.
16:23:11 <limburgher> Agreed.
16:23:12 <tibbs|w> And if selinux folks are on  board then all the better.  They'd be getting the bugs anyway, I'd think.
16:24:08 * geppetto nods
16:24:24 * mbooth_ agrees
16:24:50 <geppetto> #info Need real info on filing bugs.
16:24:56 <tibbs|w> Anyway, there's enough here for someone to do a proper draft.  Anyone want to take care of that so I don't have to?
16:25:04 <geppetto> #action A proper draft is required.
16:25:13 <geppetto> #topic #631  Usage of BuildRequires: /usr/bin/desktop-file- validate
16:25:18 <geppetto> .fpc 631
16:25:19 <zodbot> geppetto: #631 (Usage of BuildRequires: /usr/bin/desktop-file-validate) – fpc - https://fedorahosted.org/fpc/ticket/631
16:25:27 <orionp> tibbs|w: yeah, I can take that on
16:25:48 <Rathann> I don't have much free time on my hands until the end of this month, so I'm not volunteering to write a draft for next meeting, but maybe for the next
16:26:39 <tibbs|w> It should be about five minutes of work, but it's five minutes I jut don't have right now.
16:28:34 <mbooth_> This ticket seems nit-picky -- if they admit that either BR is fine, why do they care which one should be used?
16:28:53 <geppetto> I think it's just confusing wording?
16:29:49 <mbooth_> Hmm, I'm not confused by it; I am a native English speaker however
16:30:04 <limburgher> I think it's the wording.  I spoke with the submitter on it, who is not.
16:30:15 <tibbs|w> I think this is another instance of people expecting their exact case to be covered in the guidelines.
16:30:27 * geppetto nods ... we could just needinfo it if they want different/better wording
16:30:47 <limburgher> TBH I think both the reviewer and submitter were making something out of nothing but I have no problem clarifying the wording.
16:30:57 <tibbs|w> You can BR the package or the file; the guidelines care that you have the correct dependencies.
16:31:17 <tibbs|w> Either dependency is correct, so no problem.  Why do we need to be more explicit about that?
16:32:14 <limburgher> It wasn't clear to the reviewer that either is correct.
16:32:21 <limburgher> It was interpreted literally.
16:32:30 <tomspur> I think we favored desktop-file-utils to avoid downloading the filelists. But now that it doesn't matter anymore...
16:33:11 <geppetto> It should again though
16:33:19 <geppetto> dnf devs. have said they'll fix dnf
16:33:55 <geppetto> #info Wording seems fine to us, if you have a change you think is better we'll be happy to review it
16:34:00 <Rathann> tomspur: we do, but /usr/bin deps are part of the main metadata
16:34:11 <geppetto> #topic #633  Document unwritten rule about guideline exceptions
16:34:13 <geppetto> .fpc 633
16:34:15 <zodbot> geppetto: #633 (Document unwritten rule about guideline exceptions) – fpc - https://fedorahosted.org/fpc/ticket/633
16:34:45 <tibbs|w> This sprung out of a FESCo ticket about "offensive" package names.
16:35:14 <tibbs|w> But it's really a general issue that's bugged me for ages now.
16:35:14 * geppetto nods
16:35:32 <tibbs|w> Our language really isn't "tight" enough when it comes to what you must do and what you should do.
16:35:58 <tibbs|w> And, yes, I've avoided it in the past, but I've realized that being precise could clear up a number of disagreements.
16:36:18 <limburgher> There are Strict Constuctionists in our midst.
16:36:23 <limburgher> Say that 10x fast.
16:36:41 <tibbs|w> Is that in the mathematical sense or the political sense?
16:36:53 <limburgher> The latter.
16:37:10 <tibbs|w> Because I have a couple of the former just a few offices down.
16:37:42 <tibbs|w> In any case, really, it's about linting the guidelines to use "must" and "should" (or capitalized if you like yelling, or maybe some other wiki magic).
16:37:42 <geppetto> :)
16:37:55 <orionp> I'm happy with the wording, and with dropping "must be minimal"
16:38:16 <geppetto> I don't mind the draft ... the minimal has me a little worried because sometimes that's not exactly correct
16:38:16 <tibbs|w> And then defining what those terms mean, and what you must (MUST) do when you violate something.
16:38:39 <tibbs|w> geppetto: It's fine; I wrote it in like three minutes so I'm not going to defend it.
16:39:20 * geppetto nods ... just change that line to " The deviation MUST be documented in the specfile" ?
16:39:29 <geppetto> s/line/sentence/
16:40:15 <geppetto> bah ... "The nature of the deviation and the reasoning behind it MUST be documented in the specfile. "
16:40:22 <geppetto> Anyway ... +1
16:40:34 <limburgher> +1
16:40:36 <orionp> +1
16:40:38 <tibbs|w> +1
16:41:24 <mbooth_> +1
16:41:54 <Rathann> +1
16:42:11 <geppetto> racor: vote?
16:42:13 <tomspur> +1
16:42:18 <racor> +1
16:42:30 <geppetto> #action Document unwritten rule about guideline exceptions (+1:8, 0:0, -1:0)
16:42:32 <tibbs|w> Closest thing to unanimous we've had in a long time.
16:43:00 <geppetto> #topic #629     Handling dirs. under /var/lock and /var/run in %files and images
16:43:04 <tibbs|w> But now the hard work begins.  I'll leave the ticket open for a while, and if you find examples of text that needs to change, feel free to point it out there.
16:43:05 <geppetto> .fpc 629
16:43:07 <zodbot> geppetto: #629 (Handling directories under /var/lock and /var/run in %files and base image) – fpc - https://fedorahosted.org/fpc/ticket/629
16:43:22 <tibbs|w> If we have questions about what should be MUST or SHOULD then we can make more tickets.
16:43:36 * geppetto nods
16:44:01 <tibbs|w> For 629, I _think_ it should be sufficient for filesystem to own /run/lock.
16:44:16 <tibbs|w> And if systemd mounts over that, it will then create its own.
16:44:31 <tibbs|w> But it would be nice if someone on that ticket actually said if it would work....
16:44:56 <limburgher> tibbs|w +1
16:45:08 <orionp> filesystem could %ghost it, right?
16:45:18 <geppetto> yeh
16:45:47 <orionp> otherwise you might get annoying boot messages about /run not being empty when mounted
16:46:44 <tibbs|w> Would that happen?  I don't recall seeing those messages in a while.
16:47:01 <tibbs|w> If it ghosted it, that wouldn't help the directory to actually exist.
16:47:34 <tibbs|w> But you're right that _something_ should own it.
16:47:59 <Rathann> tibbs|w: yes, that happens if something mounts over non-empty dir
16:48:12 <geppetto> It's usually ghost+auto creation ... or list in %files, as well as tmpfile.d creation
16:48:34 <tibbs|w> I think the issue is that nothing is doing the tmpfiles.d thing in their case.
16:48:40 <geppetto> yeh
16:48:49 <tibbs|w> Really I don't think we have enough info.
16:48:57 <geppetto> although maybe just fix that :)
16:48:58 <tibbs|w> Basically there are two issues that I see:
16:49:18 <tibbs|w> They have a bug in their container generation thing that doesn't give them a necessary directory.
16:49:27 <tibbs|w> Some package probably should own /run/lock.
16:49:44 <tibbs|w> Neither of these lies with the guidelines, and I don't see any reason they should change.
16:49:48 <tibbs|w> Or am I missing something?
16:50:22 <orionp> Well, one "solution" would be to mandate tmpfiles.d and %ghost'ing /run/lock/foo in packages
16:51:55 <orionp> then installation wouldn't fail in containers without /run/lock,  but it really does seem like /run/lock should always exist
16:52:07 <geppetto> yeh
16:52:38 <tibbs|w> I think I'd prefer not to worry about the details of their container environment.
16:52:48 <tibbs|w> We should care about what should own /run/lock.
16:53:39 <tibbs|w> Which I assume would be systemd, though the whole issue is weird because the rpm would have files which don't exist if you try to validate your system in a chroot or something.
16:53:56 <tibbs|w> I can't recall off the top of my head what rpm -V does for %ghosted files which don't exist.
16:54:17 <Rathann> I think it checks their existence but nothing else
16:54:33 <tibbs|w> So rpm -qf works, but -V won't complain.
16:54:39 <tibbs|w> Which would make some sense.
16:54:48 <geppetto> it depends, ghost'd files can have some metadata with it
16:55:05 <geppetto> rpm -V won't complain if they aren't there, but it can complain if they are "wrong" ... IIRC
16:55:20 <tibbs|w> In this case it's just a directory, so I'd think it could only complain about their permissions.  And maybe the timestamp.
16:55:35 * geppetto nods, perms and user
16:55:37 <tibbs|w> Though it really shouldn't complain about the timestamp for anything that's %ghost'ed.
16:57:37 <geppetto> Any action we want to take or info we want to pass on?
16:57:42 <tibbs|w> Anyway, I guess we ask the systemd folks to %ghost /run/lock?
16:57:50 <tibbs|w> I think that's really about all we can do.
16:58:11 <geppetto> just ghost'ing that one dir. doesn't seem like it'll do anything
16:58:27 <tibbs|w> I agree, except that none of this is really our issue.
16:58:34 <orionp> So why don't we suggest using %ghost in the tmpfiles.d guidelines?
16:59:50 <tibbs|w> There is actually a guidelines thing to change; we explicitly mention /var/run and /var/lock when we should just say "/run and /run/lock"
17:00:02 <Rathann> indeed
17:00:07 <geppetto> Ok, sure. +1
17:00:10 <tibbs|w> In a couple of places.  BUt that's just a trivial thing.
17:00:20 <Rathann> +1
17:00:23 <limburgher> +1
17:00:30 <tibbs|w> And, yeah, we don't mention %ghost at all in the tmpfiles.d guideline.
17:00:31 <tibbs|w> +1
17:00:40 <tibbs|w> So... maybe we should do that too.
17:00:52 <tomspur> +1
17:01:13 <tibbs|w> Actually rereading https://fedoraproject.org/wiki/Packaging:Tmpfiles.d ...
17:01:25 <tibbs|w> Some "Fedora 15" stuff to remove.
17:01:39 <tibbs|w> The guidelines say explicity to _own_ the directory, not to %ghost it.
17:01:55 <tibbs|w> "In the spec file, the packager needs to install the tmpfiles.d conf file into the %{_tmpfilesdir} directory and also make sure the directory is included in the rpm. "
17:02:14 <tibbs|w> There's also mention of how you put files in /run directly.
17:02:53 <tibbs|w> I have some vague recollection of discussing the %ghost issue but can't remember anything else about it.
17:03:05 <tibbs|w> If someone wants to grep some meeting logs, that would be awesome.
17:04:36 <tomspur> Sorry guys. I need to leave in about 5 minutes to catch my train...
17:04:43 <geppetto> ok, n/p
17:05:28 <geppetto> #action Do minor cleanup of /var/run and /var/lock to /run and /run/lock (+1:5, 0:0, -1:0)
17:05:52 <orionp> https://fedorahosted.org/fpc/ticket/439 has a comment about %ghost being ill-advised
17:06:39 <geppetto> tomspur: You have any thoughts on 628, before you go?
17:06:47 <tibbs|w> Can ping rdieter and zbyszek, I guess.
17:07:17 <tibbs|w> I actually checked and, yes, NFS _still_ doesn't do any kind of UID mapping by default.
17:07:36 <tibbs|w> (this is re: 628).
17:07:45 <tibbs|w> So NFS is still a valid argument there.
17:08:11 <orionp> looks like it was supposed to be discussed 2014-07-10  where would logs be?
17:08:50 <geppetto> orionp: Todays should be: http://meetbot.fedoraproject.org/fedora-meeting-1/2016-06-23/fpc.2016-06-23-16.00.txt
17:09:22 <tomspur> geppetto: Sorry, I'd be on the fence on this one...
17:09:34 <tomspur> geppetto: I can vote in the ticket later on, if needed
17:09:49 <geppetto> orionp: https://meetbot.fedoraproject.org/fedora-meeting-1/2014-07-10/fpc.2014-07-10-16.01.log.html
17:09:57 <orionp> got it, thanks
17:10:25 <orionp> no mention of ghost there
17:13:47 <geppetto> I'm not sure then, I'm pretty happy to just declare it a bug with containers
17:14:11 <tibbs|w> I think that's the case anyway, unless they come up with some actual argument as to why it isn't.
17:14:32 <geppetto> But that might upset someone ... we could ask someone (systemd) put it in %files as well as tmpfiles.d
17:14:53 <geppetto> But I really don't want to be the middle man in a flamewar there
17:15:53 <geppetto> Ok ...
17:16:22 <geppetto> #info You can ask systemd package that owns the tmpfiles.d conf. for /var/lock to also have it in %files
17:16:42 <orionp> yeah, this seems like someone's else's issue for the most part
17:16:44 <tibbs|w> Or ask systemd what they'd prefer and why.
17:16:53 <geppetto> #info Also ping the upstream container tools about fixing their tools for this issue.
17:16:59 <tibbs|w> All I can see for us is those minor guidelines fixes I mentioned.
17:17:09 <tibbs|w> Which hopefully I'll find time to fix soon.
17:17:32 * geppetto nods ... moving onto the UID one then
17:17:39 <geppetto> #topic #628     Reserve UID/GID for cassandra
17:17:44 <geppetto> .fpc 628
17:17:45 <zodbot> geppetto: #628 (Reserve UID/GID for cassandra) – fpc - https://fedorahosted.org/fpc/ticket/628
17:18:14 <tibbs|w> So, as I mentioned a bit ago, NFS still doesn't do any kind of user mapping by default, so it's still a valid argument for this kind of thing.
17:18:33 <geppetto> yeh
17:18:41 <limburgher> Yeah
17:18:44 <tibbs|w> Well, with as much validity as most of the other arguments.
17:19:02 <geppetto> I assume cassandra is used over NFS a lot?
17:19:43 <tibbs|w> I think most of these issues are in the category of "might be used over NFS" (or "someone might move the disk between machines" or the like).
17:19:51 <racor> sorry, folks, I need to quit now.
17:20:20 * geppetto nods
17:20:23 <tibbs|w> I think we still have six.
17:20:30 <geppetto> Yeh
17:20:35 <mbooth_> I need to duck out too, sorry
17:20:45 <tibbs|w> Oops.
17:21:08 <geppetto> Do we have any idea yet how many we can give out?
17:21:32 <tibbs|w> Well, let's see.
17:21:39 <tibbs|w> "soft static" is <500.
17:22:31 <tibbs|w> the uidgid file in setup has 167 lines.
17:23:07 <tibbs|w> But that includes one comment and nfsnobody, plus a fer with just question marks which I don't yet understand.
17:23:31 <tibbs|w> So.. say we're at 163 out of 500.
17:23:36 * geppetto nods
17:23:44 <tibbs|w> At this rate we're pretty damn good for quite some time.
17:23:59 <tibbs|w> When it was < 200, then we were kind of in a panic.
17:24:12 <geppetto> yeh, it seems like we should probably just give one
17:24:17 <geppetto> +1
17:24:57 <tibbs|w> I'm assuming that the uidgid file in setup is actually the thing.
17:25:04 * geppetto nods
17:25:37 <tibbs|w> I think we should clarify our guidelines around this kind of thing.
17:26:19 <tibbs|w> Basically, if sharing over NFS or swapping disks is part of _the intended use case_ of the software in question, then ask for an exception.
17:26:30 <tibbs|w> Back this up with documentation.
17:27:10 <tibbs|w> "users might want to access files from remote storage where cassandra is running" doesn't seem to me to quite qualify .
17:27:41 <tibbs|w> I have no bloody idea what cassandra even is, since the submiter didn't even give us a URL or anything.
17:27:51 <tibbs|w> And it's not as if I can search for it.
17:28:40 <limburgher> It's a DB.
17:29:02 <limburgher> https://en.wikipedia.org/wiki/Apache_Cassandra
17:29:12 <geppetto> yeh
17:29:38 <geppetto> I know that much ... just not how it's used or setup or anything
17:29:45 <tibbs|w> Just another example of how not to file an FPC ticket.
17:29:54 <tibbs|w> Maybe we need to clarify that, too.
17:29:57 <geppetto> But, as I said, it seems like it's cheep enough we should probably just +1
17:30:23 <tibbs|w> https://docs.datastax.com/en/cassandra/1.2/cassandra/architecture/architecturePlanningAntiPatterns_c.html
17:30:29 <tibbs|w> "Don't put it on NFS", basically.
17:30:33 <tibbs|w> So, uh...
17:31:03 <tibbs|w> "To best use Cassandra, avoid using NFS." to use a literal quote.
17:31:46 <tibbs|w> I know this is probably "cheap enough", but I'd still like to get them to provide complete and useful information just so we actually have a good record.
17:34:12 <geppetto> Ok, I mean we've requested the info. and nobody has replied for weeks ... so :(
17:34:21 <geppetto> s/the/more/
17:34:50 <tibbs|w> Right, this was a package in review and probably just got dropped.  Either that or they just ignored FPC and went ahead.
17:34:56 <geppetto> #info Can you provide more information please? As far as we can see Cassandra shouldn't be used over NFS, given the upstream docs.
17:35:33 <geppetto> #info Saying that giving a soft static uid shouldn't be a problem if you have a need for it.
17:35:39 <geppetto> Ok
17:35:43 <geppetto> #topic Open floor
17:35:50 <geppetto> Anyone want to being anything up?
17:36:13 <tibbs|w> I sure don't.  I have enough on my plate.
17:36:21 * geppetto nods
17:36:29 <geppetto> Going to close in a couple of minutes then
17:36:38 <geppetto> Lunch has been calling me for a bit now :-o
17:37:56 <limburgher> Nothing here.
17:38:32 <geppetto> #endmeeting