On 27. 01. 21 19:30, Kevin Fenzi wrote:
On Wed, Jan 27, 2021 at 10:48:46AM +0200, Panu Matilainen wrote:
On 1/26/21 8:44 PM, Kevin Fenzi wrote:
So, the thread here kind of fell quiet with everything else going on.
It seems clear there's issues to address here before this change might
get approved. Here's my list:
* Try and change the storage format of the signatures to not take up
tons of room. I guess this would be in ima tools and sigul?
That'd be rpm upstream work.
On my F33 laptop, there are 331284 rpm-installed files. The IMA signature as
proposed is apparently 162 bytes per file in the hex-encoded format, this
makes for approximately 51 megabytes of data. My rpmdb is about 115
megabytes. That'd be almost 45% increase in size!
SO, I don't really understand... Patrick says in the Change:
"The size of the rpmdb increases from 22952 to 28416 bytes, a 20%
increase. This is on an install size of 1.7GB in total, so this 5MB
increase is a 0.3% size increase on the final installed system."
Is that just because he used the server install with fewer files?
Or is your or his math wrong here?
Not sure if relevant to the size of rpmdb, but this is the first Python build
affected by the new signature reported by the compose report:
Package: python3.9-3.9.1-2.fc34
Old package: python3.9-3.9.1-1.fc34
Summary: Version 3.9 of the Python interpreter
RPMs: python-unversioned-command python3 python3-debug python3-devel
python3-idle python3-libs python3-test python3-tkinter
Size: 131.69 MiB
Size change: 6.56 MiB
Changelog:
* Wed Jan 20 2021 Miro Hrončok <mhroncok@xxxxxxxxxx> - 3.9.1-2
- Security fix for CVE-2021-3177
And this is the one that went back:
Package: python3.9-3.9.1-4.fc34
Old package: python3.9-3.9.1-3.fc34
Summary: Version 3.9 of the Python interpreter
RPMs: python-unversioned-command python3 python3-debug python3-devel
python3-idle python3-libs python3-test python3-tkinter
Size: 123.94 MiB
Size change: -6.90 MiB
Changelog:
* Mon Jan 25 2021 Miro Hrončok <mhroncok@xxxxxxxxxx> - 3.9.1-4
- Rebuilt to be signed with Fedora 32 compatible signature,
to fix mock bootstrap chroot on Fedora 32 (and possibly EPELs)
(There was a -876.70 KiB change in the meantime.)
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
