/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fedora 22/23 template #1282

Closed
marmarek opened this Issue Oct 6, 2015 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.1
1 participant
@marmarek
@marmarek
Member

marmarek commented Oct 6, 2015

Checklist:

  • add support for dnf to builder-fedora plugin
  • setup dnf to use updates proxy in TemplateVM
  • setup PackageKit to use updates proxy in TemplateVM (#982)
  • make sure that dom0 updates can be downloaded by f22-based VM
  • make sure that yum hooks are still called (sync appmenus, "updates installed" notify)
  • adjust default application shortcuts (if needed)
  • build the template, verify services (qrexec, gui, etc), disable unneeded services
  • test upgrade path

@marmarek marmarek added this to the Release 3.1 milestone Oct 6, 2015

@marmarek marmarek added enhancement C: templates P: major labels Oct 6, 2015

marmarek added a commit to marmarek/old-qubes-vmm-xen that referenced this issue Oct 6, 2015

@marmarek
Merge branch 'xen-4.4-submodules' into xen-4.4 
* xen-4.4-submodules:
  merge back xen-vm.spec into xen.spec
  Convert hacky copy-in stage into git submodules

Fixes QubesOS/qubes-issues#1281
QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
8e6eb4f
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 26, 2015

Member

Status update:
Generally fc22 introduced new package manager - dnf instead of yum
(actually it was available also in fc21, but not as default). This makes
a lot of problems with the template building/updating code. Some work is
already done - for example there is fc22 branch in my builder-fedora
repo. But some more is needed - for example convincing all that stuff to
use our updates proxy.
Member

marmarek commented Oct 26, 2015

Status update:
Generally fc22 introduced new package manager - dnf instead of yum
(actually it was available also in fc21, but not as default). This makes
a lot of problems with the template building/updating code. Some work is
already done - for example there is fc22 branch in my builder-fedora
repo. But some more is needed - for example convincing all that stuff to
use our updates proxy.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 30, 2015

Member

Not a strict blocker, but pretty severe issue: DNF takes a lot of CPU power for processing repository metadata. Upstream bug (incorrectly closed as a duplicate...): https://bugzilla.redhat.com/show_bug.cgi?id=1227014

The impact is that, the mere checking for updates (which is run in every VM every 6 hours) takes about 10-15 minutes at 100% CPU. At least for the first time (after VM startup), but probably every time after repository metadata got updated.
Member

marmarek commented Oct 30, 2015

Not a strict blocker, but pretty severe issue: DNF takes a lot of CPU power for processing repository metadata. Upstream bug (incorrectly closed as a duplicate...): https://bugzilla.redhat.com/show_bug.cgi?id=1227014

The impact is that, the mere checking for updates (which is run in every VM every 6 hours) takes about 10-15 minutes at 100% CPU. At least for the first time (after VM startup), but probably every time after repository metadata got updated.

marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Oct 30, 2015

@marmarek
tests: perform dom0 update check using VMs of different templates 
QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1029
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
5160423

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Oct 30, 2015

@marmarek
Setup updates proxy in dnf and PackageKit 
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
c2596a0

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 3, 2015

@marmarek
No longer disable auditd 
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
6752be9

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 3, 2015

@marmarek
dom0-updates: prefer yum-deprecated over dnf 
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
d44c8ac

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 11, 2015

@marmarek
dom0-updates: use yum-deprecated instead of dnf in all calls 
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
85793fa

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 11, 2015

@marmarek
updates-proxy-setup: use temporary file for config snippet 
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
f9c7394

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 11, 2015

@marmarek
Implement dnf hooks for post-update actions 
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
b6cfcdc

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 11, 2015

@marmarek
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22 
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
ba28c9f

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 11, 2015

@marmarek
dom0-updates: do not use 'yum check-update -q' 
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
49c7473

marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue Nov 12, 2015

@marmarek
Merge branch 'fc22' 
* fc22:
  Use dnf for Fedora >= 22

QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
cd4fdf1

marmarek added a commit to QubesOS/qubes-linux-yum that referenced this issue Nov 13, 2015

@marmarek
Add Fedora 22 security-testing repositories 
QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
9aa4736

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
Setup updates proxy in dnf and PackageKit 
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197

(cherry picked from commit c2596a0)

Conflicts:
	Makefile
	rpm_spec/core-vm.spec
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
5924cfa

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
updates-proxy-setup: use temporary file for config snippet 
Don't use ${CONF_PATH}.qubes, because it may override some existing
file, and is racy approach (even if not against user, but another script
instance).

QubesOS/qubes-issues#1282

(cherry picked from commit f9c7394)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
85d2f17

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
No longer disable auditd 
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282

(cherry picked from commit 6752be9)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
569bdef

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
dom0-updates: prefer yum-deprecated over dnf 
Some of the reasons:
 - dnf doesn't support --downloaddir option
 - dnf doesn't support `copy_local` repo option (used in automated tests
   only)
 - dnf is horribly slow, especially without cache fetched
 (https://bugzilla.redhat.com/show_bug.cgi?id=1227014)

This is all needed (instead of simply using `yum` command), because
Fedora >= 22 have an command redirection `yum`->`dnf`.

QubesOS/qubes-issues#1282

(cherry picked from commit d44c8ac)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
cdcab08

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
dom0-updates: use yum-deprecated instead of dnf in all calls 
Fix for d44c8ac "dom0-updates: prefer yum-deprecated over dnf"
Because of slightly different options and config syntax, it needs to be
used in call calls, not only the one with --downloaddir option.

QubesOS/qubes-issues#1282

(cherry picked from commit 85793fa)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
9afc93d

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
Implement dnf hooks for post-update actions 
Similar to previous yum hooks:
 - notify dom0 about installed updates (possibly clear "updates pending"
   marker)
 - trigger appmenus synchronization

QubesOS/qubes-issues#1282

(cherry picked from commit b6cfcdc)

Conflicts:
	rpm_spec/core-vm.spec
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
c087bca

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
fedora: do not require/use yum-plugin-post-transaction-actions in F>=22 
Since Fedora 22+ obsoletes yum, do not require yum-specific package to
be installed.

QubesOS/qubes-issues#1282

(cherry picked from commit ba28c9f)

Conflicts:
	rpm_spec/core-vm.spec
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
05e4a69

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Nov 13, 2015

@marmarek
dom0-updates: do not use 'yum check-update -q' 
Depending on yum version, adding '-q' option may hide not only
informational messages, but also updates list. This is especially the
case for yum-deprecated in Fedora 22.
So instead of '-q' option, filter the output manually.

QubesOS/qubes-issues#1282

(cherry picked from commit 49c7473)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
976f4ac

marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Nov 15, 2015

@marmarek
tests: perform dom0 update check using VMs of different templates 
QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1029

(cherry picked from commit 5160423)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
883e387

@marmarek marmarek added the release-notes label Dec 13, 2015

@marmarek marmarek changed the title from Fedora 22 template to Fedora 22/23 template Dec 13, 2015

@marmarek marmarek closed this Dec 13, 2015

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 1, 2016

@marmarek
Prefer 'dnf' over 'yum' for template update 
QubesOS/qubes-issues#1282
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
520894e

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Jun 25, 2016

@marmarek
Prefer 'dnf' over 'yum' for template update 
QubesOS/qubes-issues#1282

(cherry picked from commit 520894e)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
96c909b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment