[opensuse-packaging] Import of Fedora Packaging Guidelines
Hi all, as you know I wrote a post about Fedora Packaging Guidelines [1]. I was working on it during last three weeks (but a little, so it takes a long time :)) and nowadays I'm ready to import a Fedora's content to en.opensuse.org wiki. Now it is on pack.suse.cz [2]. I also checked that none of that page conflicts with an existing content on openSUSE wiki, so it can be imported easily. Tom Callaway [3] from RedHat confirms me that a Guidelines are under Open Publication License [4] and we can use it for SUSE without restrictions. He was also interested on future collaboration and offers some meeting on LinuxTag - it would be nice if anyone from SUSE will be ready to start a discussion. Before import I'd like to ask: Which pages should be excluded for openSUSE? Some pages seems that they are not interesting for SUSE (like Packaging:OldJPackagePolicy [5], Packaging:SugarActivities [6]). Import it, or don't? Second one is how to edit the text and adapt it for SUSE? Change the existing text or leave it and add a SUSE specifics to the beginning or end of page (as suggests Vladimir)? The second way should help us with synchronizing of changes. After that I'll add a warning [7] on the beginning of every page to prevent that some users will use those guidelines and ask for help with editing ;-) [1] http://lists.opensuse.org/opensuse-packaging/2009-02/msg00043.html [2] http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/ [3] https://fedoraproject.org/wiki/TomCallaway [4] http://fedoraproject.org/wiki/Legal/Licenses/OPL [5] http://fedoraproject.org/wiki/Packaging:OldJPackagePolicy [6] http://fedoraproject.org/wiki/Packaging:SugarActivityGuidelines [7] http://en.opensuse.org/Template:Warning1 Best regards Michal Vyskocil -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, This is quite exciting to me, if openSUSE is really going to use Fedora's packaging guidelines. I used to package for Fedora, because it was my first long time distro. I found their guidelines sane and good documented. I had some problems founding solutions to my problems in SUSE wiki. I also found some SUSE-specific things in specs insane. So, seems I've said what I wanted to say. I'm happy to see more interests on their documentation :) . I complained long on some solutions here and compared theirs. This would solve some problems. Additionally, if their documentation style would be followed here, it would be even easier to find what you need. So, thank you :) . -- Best regards, Jakub 'Livio' Rusinek http://jakubrusinek.pl/ -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Tuesday 03 March 2009 09:05:42 am Michal Vyskocil wrote:
Which pages should be excluded for openSUSE? Some pages seems that they are not interesting for SUSE (like Packaging:OldJPackagePolicy [5], Packaging:SugarActivities [6]). Import it, or don't? Second one is how to edit the text and adapt it for SUSE?
The openSUSE wiki doesn't need all words stacked, and titles look better with spaces. Packaging:SugarActivities > Packaging:Sugar Activities Packaging:OldJPackagePolicy > Packaging:Old J Package Policy -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Wednesday 04 of March 2009 06:21:55 Rajko M. wrote:
On Tuesday 03 March 2009 09:05:42 am Michal Vyskocil wrote:
Which pages should be excluded for openSUSE? Some pages seems that they are not interesting for SUSE (like Packaging:OldJPackagePolicy [5], Packaging:SugarActivities [6]). Import it, or don't? Second one is how to edit the text and adapt it for SUSE?
The openSUSE wiki doesn't need all words stacked, and titles look better with spaces.
Packaging:SugarActivities > Packaging:Sugar Activities Packaging:OldJPackagePolicy > Packaging:Old J Package Policy
Good point. I have read the openSUSE Style Guide [1] and it recommends the same. Other important issue is usage of colons in page names, which is quite unusual on opensuse wiki. Fedora's wiki has redirects from First/Second to First:Second - don't know why and there's nothing about it in a Guide. CCing opensuse-wiki, maybe someone will help. [1] http://en.opensuse.org/OpenSUSE_Style_Guide BTW: the second line would be Old JPackage Policy, because JPackage is a name of project.
-- Regards, Rajko
Regards Michal Vyskocil -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Wednesday 04 March 2009 02:29:55 am Michal Vyskocil wrote:
On Wednesday 04 of March 2009 06:21:55 Rajko M. wrote:
On Tuesday 03 March 2009 09:05:42 am Michal Vyskocil wrote:
Which pages should be excluded for openSUSE? Some pages seems that they are not interesting for SUSE (like Packaging:OldJPackagePolicy [5], Packaging:SugarActivities [6]). Import it, or don't? Second one is how to edit the text and adapt it for SUSE?
The openSUSE wiki doesn't need all words stacked, and titles look better with spaces.
Packaging:SugarActivities > Packaging:Sugar Activities Packaging:OldJPackagePolicy > Packaging:Old J Package Policy
Good point. I have read the openSUSE Style Guide [1] and it recommends the same.
Other important issue is usage of colons in page names, which is quite unusual on opensuse wiki. Fedora's wiki has redirects from First/Second to First:Second - don't know why and there's nothing about it in a Guide. CCing opensuse-wiki, maybe someone will help.
The Guide is still valid, but it needs serious work, mostly to add stuff that exists on Wikipedia and it is applicable to our situation. We don't need elaborate system as they have, but we also don't have to reinvent stuff that they already discussed and established. It is approximately the same idea as importing Fedora packaging documentation. I added: http://en.opensuse.org/OpenSUSE_Style_Guide/Colon_in_title In this particular case it could be wanted. Packaging can grow substantially and can use the same names of packages that ordinary user will look for to see instructions, so to help them creating Packaging: namespace can be good idea one day. There was discussion about need for more namespaces, but at the time we discussed it no one could offer names, later all was covered with dust.
BTW: the second line would be Old JPackage Policy, because JPackage is a name of project.
I was suspicious that it might be the JPackage, but it was one of my lazy moments. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Dienstag 03 März 2009 16:05:42 Michal Vyskocil wrote:
as you know I wrote a post about Fedora Packaging Guidelines [1]. I was working on it during last three weeks (but a little, so it takes a long time
:)) and nowadays I'm ready to import a Fedora's content to : en.opensuse.org
wiki. Now it is on pack.suse.cz [2]. I also checked that none of that page conflicts with an existing content on openSUSE wiki, so it can be imported easily.
Great work! Thanks! Just some questions 1) http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/Packaging/ Most of the files in this folder have a #Redirect to themselves or are empty. Is this intended? 2) Are you planning to merge the existing SUSE Package Conventions with the new Guidelines? http://en.opensuse.org/SUSE_Package_Conventions/RPM_Style for example contains some duplicates of http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/Packaging:NamingGu... With kind regards, Lars -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Wednesday 04 of March 2009 15:02:43 Lars Vogdt wrote:
On Dienstag 03 März 2009 16:05:42 Michal Vyskocil wrote:
as you know I wrote a post about Fedora Packaging Guidelines [1]. I was working on it during last three weeks (but a little, so it takes a long time
:)) and nowadays I'm ready to import a Fedora's content to : en.opensuse.org
wiki. Now it is on pack.suse.cz [2]. I also checked that none of that page conflicts with an existing content on openSUSE wiki, so it can be imported easily.
Great work! Thanks! Just some questions 1) http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/Packaging/
Most of the files in this folder have a #Redirect to themselves or are empty. Is this intended?
I just downloaded a content from Fedora wiki - the redirects are usually pages with like Packaging/Guidelines -> Packaging:Guidelines. I'm thinking about it, but probably I'll use the Section/Subsection layout, so the redirects will be gone.
2) Are you planning to merge the existing SUSE Package Conventions with the new Guidelines?
Yes, that's a long term plan. The reason what I'm doing this is because Fedora's structure of documentation is better than we have (we also has a lot of information on wiki, but you often need to know where it is). And if we will have a packaging documentation in similar structure, it would be easier to check the differences. And maybe work on some unification, but my main goal is improve packaging docs for SUSE.
http://en.opensuse.org/SUSE_Package_Conventions/RPM_Style for example contains some duplicates of http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/Packaging:NamingG uidelines.mwiki
With kind regards, Lars
Regards Michal Vyskocil -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
2009/3/5 Michal Vyskocil <mvyskocil@suse.cz>:
2) Are you planning to merge the existing SUSE Package Conventions with the new Guidelines?
Yes, that's a long term plan. The reason what I'm doing this is because Fedora's structure of documentation is better than we have (we also has a lot of information on wiki, but you often need to know where it is). And if we will have a packaging documentation in similar structure, it would be easier to check the differences. And maybe work on some unification, but my main goal is improve packaging docs for SUSE.
In which state is this? I see "http://fedoraproject.org/wiki/SIGs/Games/Packaging" isn't in http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/, but it has some interesting points. I don't know what other maintainers of the game repo think, but I would say it is valid with just these changes: - For third point we make it the other way. openSUSE game packages use /usr/games and %{_datadir}/games/%{name} - For point six I find a general problem in openSUSE. Packages seem to use whatever Group the packager can imagine. We don't limit ourself to groups from /usr/share/doc/packages/rpm/GROUPS. Isn't as if we gave much importance to the Group tag, but... - The OpenGL Wrapper part can be removed. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Cristian Morales Vega wrote:
2009/3/5 Michal Vyskocil <mvyskocil@suse.cz>:
2) Are you planning to merge the existing SUSE Package Conventions with the new Guidelines? Yes, that's a long term plan. The reason what I'm doing this is because Fedora's structure of documentation is better than we have (we also has a lot of information on wiki, but you often need to know where it is). And if we will have a packaging documentation in similar structure, it would be easier to check the differences. And maybe work on some unification, but my main goal is improve packaging docs for SUSE.
In which state is this? I see "http://fedoraproject.org/wiki/SIGs/Games/Packaging" isn't in http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/, but it has some interesting points.
The import status (and the list of the imported pages) is here http://en.opensuse.org/Packaging/Status . As you can see we only imported (some of the) pages from Packaging: namespace, so SIGs/Games/Packaging is not there. It is a nice document and I'm considering it adding to our Packaging Guidelines, but first I'd like to clarify some points ...
I don't know what other maintainers of the game repo think, but I would say it is valid with just these changes: - For third point we make it the other way. openSUSE game packages use /usr/games and %{_datadir}/games/%{name}
This is worth discussion. Is there a solid reason to use separate directories for games? (According to FHS /usr/games and /usr/share/games are optional and we have it in our filesystem, so I'm neutral about this).
- For point six I find a general problem in openSUSE. Packages seem to use whatever Group the packager can imagine. We don't limit ourself to groups from /usr/share/doc/packages/rpm/GROUPS. Isn't as if we gave much importance to the Group tag, but...
- The OpenGL Wrapper part can be removed.
We have opengl-games-utils package in games, so we could probably follow this point, but I'm not sure whether it is worth it. I just added the check to Game Store[1], where it makes sense, because the user cannot see the console output. [1] http://stick.gk2.sk/blog/2009/07/gamestore/ -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
2009/7/4 Pavol Rusnak <prusnak@suse.cz>:
Cristian Morales Vega wrote:
2009/3/5 Michal Vyskocil <mvyskocil@suse.cz>:
2) Are you planning to merge the existing SUSE Package Conventions with the new Guidelines? Yes, that's a long term plan. The reason what I'm doing this is because Fedora's structure of documentation is better than we have (we also has a lot of information on wiki, but you often need to know where it is). And if we will have a packaging documentation in similar structure, it would be easier to check the differences. And maybe work on some unification, but my main goal is improve packaging docs for SUSE.
In which state is this? I see "http://fedoraproject.org/wiki/SIGs/Games/Packaging" isn't in http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/, but it has some interesting points.
The import status (and the list of the imported pages) is here http://en.opensuse.org/Packaging/Status . As you can see we only imported (some of the) pages from Packaging: namespace, so SIGs/Games/Packaging is not there. It is a nice document and I'm considering it adding to our Packaging Guidelines, but first I'd like to clarify some points ...
I don't know what other maintainers of the game repo think, but I would say it is valid with just these changes: - For third point we make it the other way. openSUSE game packages use /usr/games and %{_datadir}/games/%{name}
This is worth discussion. Is there a solid reason to use separate directories for games? (According to FHS /usr/games and /usr/share/games are optional and we have it in our filesystem, so I'm neutral about this).
I'm also pretty neutral... if I would need to select one I would vote to not use games suffix, if only to follow Fedora. The only problem is that since you ;-) asked me to use the games suffix (http://lists.opensuse.org/opensuse-packaging/2008-07/msg00048.html) I have always been using it and it seems the packages from the games repo really use it most of the time. If we are going to change it better now than later, but we have a good quantity of packages already using games. After all... I would vote to not use the games suffix, I don't think games are so special. Even if I just asked two days ago to a submitreq to use the suffix :-p The current games will change with time, there is no hurry. I put Toni CC since Packman also has a lot of games, most from him, and he may have something to say.
- The OpenGL Wrapper part can be removed.
We have opengl-games-utils package in games, so we could probably follow this point, but I'm not sure whether it is worth it. I just added the check to Game Store[1], where it makes sense, because the user cannot see the console output.
Being a nVidia user without problems to install the propietary driver my view could be biased, but I don't really see much need for it. There are still problems when trying to use 3D games at the same time than a compositing window manager with other drivers? But sure, if the package is already there it could be used. If Fedora uses it I suppose false positives aren't a problem. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Cristian Morales Vega wrote:
I'm also pretty neutral... if I would need to select one I would vote to not use games suffix, if only to follow Fedora. The only problem is that since you ;-) asked me to use the games suffix (http://lists.opensuse.org/opensuse-packaging/2008-07/msg00048.html)
I just wrote the recommendation based on mine observation that most of the packages use /usr/games and I wanted to maintain consistency. This is not true anymore (I think it's around 60%:40% now) and therefore I'm OK with changing all to /usr/bin if we will agree on that.
I have always been using it and it seems the packages from the games repo really use it most of the time. If we are going to change it better now than later, but we have a good quantity of packages already using games.
Changing the paths in all games packages should be a few minutes task.
After all... I would vote to not use the games suffix, I don't think games are so special. Even if I just asked two days ago to a submitreq to use the suffix :-p The current games will change with time, there is no hurry. I put Toni CC since Packman also has a lot of games, most from him, and he may have something to say.
- The OpenGL Wrapper part can be removed. We have opengl-games-utils package in games, so we could probably follow this point, but I'm not sure whether it is worth it. I just added the check to Game Store[1], where it makes sense, because the user cannot see the console output.
Being a nVidia user without problems to install the propietary driver my view could be biased, but I don't really see much need for it. There are still problems when trying to use 3D games at the same time than a compositing window manager with other drivers? But sure, if the package is already there it could be used. If Fedora uses it I suppose false positives aren't a problem.
I think that reason for the wrapper is not only to inform the user about the problem, but also to create a pressure from users to graphic cards vendors. The actual wording is: """ Your system currently is not capable of hardware accelerated 3D. Therefore $1 cannot run. Usually the cause of this error is that there are no Free Software drivers for your graphics card, please contact your graphics card manufacturer and kindly ask them to provide Free Software support for your card. """ :-) ... and btw. this wrapper only gets executed ONLY if the game is run from the .desktop file. -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
2009/7/4 Pavol Rusnak <prusnak@suse.cz>:
Cristian Morales Vega wrote:
I'm also pretty neutral... if I would need to select one I would vote to not use games suffix, if only to follow Fedora. The only problem is that since you ;-) asked me to use the games suffix (http://lists.opensuse.org/opensuse-packaging/2008-07/msg00048.html)
I just wrote the recommendation based on mine observation that most of the packages use /usr/games and I wanted to maintain consistency. This is not true anymore (I think it's around 60%:40% now) and therefore I'm OK with changing all to /usr/bin if we will agree on that.
I have always been using it and it seems the packages from the games repo really use it most of the time. If we are going to change it better now than later, but we have a good quantity of packages already using games.
Changing the paths in all games packages should be a few minutes task.
A script would not be 100% accurate. Sometimes the packager added a "--prefix" to the configure, some use /usr/games by default, perhaps there is a patch to a custom Makefile, etc. But I suppose the error rate should not be so high and it could be fixed manually after running the script.
After all... I would vote to not use the games suffix, I don't think games are so special. Even if I just asked two days ago to a submitreq to use the suffix :-p The current games will change with time, there is no hurry. I put Toni CC since Packman also has a lot of games, most from him, and he may have something to say.
- The OpenGL Wrapper part can be removed. We have opengl-games-utils package in games, so we could probably follow this point, but I'm not sure whether it is worth it. I just added the check to Game Store[1], where it makes sense, because the user cannot see the console output.
Being a nVidia user without problems to install the propietary driver my view could be biased, but I don't really see much need for it. There are still problems when trying to use 3D games at the same time than a compositing window manager with other drivers? But sure, if the package is already there it could be used. If Fedora uses it I suppose false positives aren't a problem.
I think that reason for the wrapper is not only to inform the user about the problem, but also to create a pressure from users to graphic cards vendors. The actual wording is:
I think we would make more pressure if we weren't creating packages for proprietary drivers :-( (and then asking the manufacturer to host our packages ¿?¿?), but ok.
""" Your system currently is not capable of hardware accelerated 3D. Therefore $1 cannot run.
Usually the cause of this error is that there are no Free Software drivers for your graphics card, please contact your graphics card manufacturer and kindly ask them to provide Free Software support for your card. """
:-) ... and btw. this wrapper only gets executed ONLY if the game is run from the .desktop file.
The kind of user that doesn't already knows about the problem is the one that will always use the menu, so... It's fine with me. So the Fedora rules could be used directly without changes. The only difference is that Fedora uses "Amusements/Games" RPM group and we have http://en.opensuse.org/SUSE_Package_Conventions/RPM_Groups#2.1._Amusement Since YaST now does some kind of simplification (and I think PackageKit GUIs do the same) and only shows a "Games" group I would argue we should also copy this point from the Fedora guide. There is no point in having so detailed subgroups when nobody but the "rpm -qi" user is going to see them. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Cristian Morales Vega wrote:
So the Fedora rules could be used directly without changes. The only difference is that Fedora uses "Amusements/Games" RPM group and we have http://en.opensuse.org/SUSE_Package_Conventions/RPM_Groups#2.1._Amusement Since YaST now does some kind of simplification (and I think PackageKit GUIs do the same) and only shows a "Games" group I would argue we should also copy this point from the Fedora guide. There is no point in having so detailed subgroups when nobody but the "rpm -qi" user is going to see them.
I think that Fedora ignores Group tag completely and the next RPM will make Group tag optional, so it could be left from the .spec file ... -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Cristian Morales Vega wrote:
So the Fedora rules could be used directly without changes. The only difference is that Fedora uses "Amusements/Games" RPM group and we have http://en.opensuse.org/SUSE_Package_Conventions/RPM_Groups#2.1._Amusement Since YaST now does some kind of simplification (and I think PackageKit GUIs do the same) and only shows a "Games" group I would argue we should also copy this point from the Fedora guide. There is no point in having so detailed subgroups when nobody but the "rpm -qi" user is going to see them.
Hi again! I discussed the games issue with Ludwig Nussel and we agreed on not using /usr/games + /usr/share/games anymore. Now there are no differences, so I imported the Fedora Games Packaging Guidelines into ours - http://en.opensuse.org/Packaging/Games - and we should follow them! I will probably start to change the packages in games repo soon. Thanks Cristian for bringing up this issue! -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
2009/7/10 Pavol Rusnak <prusnak@suse.cz>:
Cristian Morales Vega wrote:
So the Fedora rules could be used directly without changes. The only difference is that Fedora uses "Amusements/Games" RPM group and we have http://en.opensuse.org/SUSE_Package_Conventions/RPM_Groups#2.1._Amusement Since YaST now does some kind of simplification (and I think PackageKit GUIs do the same) and only shows a "Games" group I would argue we should also copy this point from the Fedora guide. There is no point in having so detailed subgroups when nobody but the "rpm -qi" user is going to see them.
Hi again!
I discussed the games issue with Ludwig Nussel and we agreed on not using /usr/games + /usr/share/games anymore. Now there are no differences, so I imported the Fedora Games Packaging Guidelines into ours - http://en.opensuse.org/Packaging/Games - and we should follow them! I will probably start to change the packages in games repo soon. Thanks Cristian for bringing up this issue!
In little more than an hour I will leave and will be without an Internet connection for two weeks. If you want help with the changes you can wait until July 27th. Note that perhaps the permissions package also needs a look: $ fgrep -H games /etc/permissions.* | wc -l 103 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Cristian Morales Vega wrote:
In little more than an hour I will leave and will be without an Internet connection for two weeks. If you want help with the changes
I guess I will start sooner. Have a nice vacation!
you can wait until July 27th. Note that perhaps the permissions package also needs a look:
$ fgrep -H games /etc/permissions.* | wc -l 103
Hmm, Ludwig, what about these permissions? Are they still needed? -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Pavol Rusnak wrote:
you can wait until July 27th. Note that perhaps the permissions package also needs a look:
$ fgrep -H games /etc/permissions.* | wc -l 103
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/ -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default.
Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly? Easier to modify one high score directory than lots of games and safer too. OTOH I would think that for those 0.00001% of multi-user machines that actually install games the admin could deal with this problem himself. The remaining 99.9999% of our installation base probably use the system as a single-user desktop computer and can as well write high scores to the home dir or to /var/... without bothering about how other users can write there, too. Schlomo -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default.
Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with security in mind so having access to highscore files could allow a local attacker to do nasty things. Best way would be to have the highscore files written via daemon. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, Ludwig Nussel wrote:
Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed? Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default. Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with security in mind so having access to highscore files could allow a local attacker to do nasty things. Best way would be to have the highscore files written via daemon.
I agree 100%. But my point was rather that I believe that the question of multi-user high score files is not really that important to 99.999% of our users and those, to whom it matters, surely will be able to deal with it adequately. So that as a practical solution for openSUSE I would suggest to simply drop the permissions and leave it to the interested admin to deal with the issue. Regards, Schlomo -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Schlomo Schapiro wrote:
Ludwig Nussel wrote:
Hmm, Ludwig, what about these permissions? Are they still needed? Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default. Could this not be also done via a suitable setup of the highscore directory with ACLs and setgid on the directory? Make it group writeable for all users and make sure that the default ACLs are set correctly?
That wouldn't increase security. Those games are not written with security in mind so having access to highscore files could allow a local attacker to do nasty things. Best way would be to have the highscore files written via daemon.
I agree 100%. But my point was rather that I believe that the question of multi-user high score files is not really that important to 99.999% of our users and those, to whom it matters, surely will be able to deal with it adequately.
So that as a practical solution for openSUSE I would suggest to simply drop the permissions and leave it to the interested admin to deal with the issue.
Sure. That might require some fixes in games that expect the highscore file writeable though. The following games need to be checked if we want to remove the setgid bit: /usr/games/atc games:games 2755 /usr/games/battlestar games:games 2755 /usr/games/canfield games:games 2755 /usr/games/cribbage games:games 2755 /usr/games/phantasia games:games 2755 /usr/games/robots games:games 2755 /usr/games/sail games:games 2755 /usr/games/snake games:games 2755 /usr/games/tetris-bsd games:games 2755 /usr/games/Maelstrom games:games 2755 /usr/games/pachi games:games 2755 /usr/games/martian games:games 2755 /usr/lib/nethack/nethack.tty games:games 2755 /usr/games/chromium games:games 2755 /usr/games/xscrab games:games 2755 /usr/games/trackballs games:games 2755 /usr/games/ltris games:games 2755 /usr/games/xlogical games:games 2755 /usr/games/lbreakout2 games:games 2755 /usr/bin/xgalaga games:games 2755 /usr/games/rocksndiamonds games:games 2755 /usr/bin/glines games:games 2755 /usr/bin/gnibbles games:games 2755 /usr/bin/gnobots2 games:games 2755 /usr/bin/gnometris games:games 2755 /usr/bin/gnomine games:games 2755 /usr/bin/gnotravex games:games 2755 /usr/bin/gnotski games:games 2755 /usr/bin/gtali games:games 2755 /usr/bin/mahjongg games:games 2755 /usr/bin/same-gnome games:games 2755 Now we only need a volunteer to try them out and file bugs if necessary :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On 7/14/2009 at 8:57, Ludwig Nussel <ludwig.nussel@suse.de> wrote: Sure. That might require some fixes in games that expect the highscore file writeable though. The following games need to be checked if we want to remove the setgid bit:
/usr/games/atc games:games 2755 /usr/games/battlestar games:games 2755 /usr/games/canfield games:games 2755 /usr/games/cribbage games:games 2755 /usr/games/phantasia games:games 2755 /usr/games/robots games:games 2755 /usr/games/sail games:games 2755 /usr/games/snake games:games 2755 /usr/games/tetris-bsd games:games 2755 /usr/games/Maelstrom games:games 2755 /usr/games/pachi games:games 2755 /usr/games/martian games:games 2755 /usr/lib/nethack/nethack.tty games:games 2755 /usr/games/chromium games:games 2755 /usr/games/xscrab games:games 2755 /usr/games/trackballs games:games 2755 /usr/games/ltris games:games 2755 /usr/games/xlogical games:games 2755 /usr/games/lbreakout2 games:games 2755 /usr/bin/xgalaga games:games 2755 /usr/games/rocksndiamonds games:games 2755 /usr/bin/glines games:games 2755 /usr/bin/gnibbles games:games 2755 /usr/bin/gnobots2 games:games 2755 /usr/bin/gnometris games:games 2755 /usr/bin/gnomine games:games 2755 /usr/bin/gnotravex games:games 2755 /usr/bin/gnotski games:games 2755 /usr/bin/gtali games:games 2755 /usr/bin/mahjongg games:games 2755 /usr/bin/same-gnome games:games 2755
Now we only need a volunteer to try them out and file bugs if necessary :-)
I suggest the other way round: have bug reports for all of them to check, and close them one after another after testing (gives us also the opportunity to know if somebody checked them or not). Dominique -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Dominique Leuenberger wrote:
Now we only need a volunteer to try them out and file bugs if necessary :-)
I suggest the other way round: have bug reports for all of them to check, and close them one after another after testing (gives us also the opportunity to know if somebody checked them or not).
How about using wiki instead for this purpose? I created a page with list and instructions: http://en.opensuse.org/Games/Fixes -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On 7/12/2009 at 14:11, Ludwig Nussel <ludwig.nussel@suse.de> wrote: Pavol Rusnak wrote: you can wait until July 27th. Note that perhaps the permissions package also needs a look:
$ fgrep -H games /etc/permissions.* | wc -l 103
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default.
What would actually be the 'bad thing' happening if /var/games/$package would just be world write-able? According to FHS [1] one reason of splitting it to /var/games after all was to have the possibility of setting permissions accordingly. [1] http://www.pathname.com/fhs/pub/fhs-2.3.html#VARGAMESVARIABLEGAMEDATA Dominique -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Dominique Leuenberger wrote:
On 7/12/2009 at 14:11, Ludwig Nussel <ludwig.nussel@suse.de> wrote: Pavol Rusnak wrote: you can wait until July 27th. Note that perhaps the permissions package also needs a look:
$ fgrep -H games /etc/permissions.* | wc -l 103
Hmm, Ludwig, what about these permissions? Are they still needed?
Well, you tell me :-) Those binaries are usually setgid games for writing shared highscore files in /var. I'd be happy to get rid of the setgid bits by default.
What would actually be the 'bad thing' happening if /var/games/$package would just be world write-able?
It would be trivial to place symlinks to have the victim overwrite it's own files when running a certain game for example. Also it's not possible to package subdirs in world writeable directories in a safe way. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Tue, 3 Mar 2009, Michal Vyskocil wrote:
as you know I wrote a post about Fedora Packaging Guidelines [1]. I was working on it during last three weeks (but a little, so it takes a long time :)) and nowadays I'm ready to import a Fedora's content to en.opensuse.org wiki. Now it is on pack.suse.cz [2]. I also checked that none of that page conflicts with an existing content on openSUSE wiki, so it can be imported easily.
Tom Callaway [3] from RedHat confirms me that a Guidelines are under Open Publication License [4] and we can use it for SUSE without restrictions. He was also interested on future collaboration and offers some meeting on LinuxTag - it would be nice if anyone from SUSE will be ready to start a discussion.
Before import I'd like to ask:
Have you done the import? I would like to use these updated Guidelines for the new project we are discussing about an openSUSE LTS or openSLES. I think it is important that we use what ever you have done and the consensus that happened with them. I think we should have rpm lint checks that let us know where we need to make changes in openSUSE and any other SUSE related project. Thanks,
[1] http://lists.opensuse.org/opensuse-packaging/2009-02/msg00043.html [2] http://pack.suse.cz/mvyskocil/fedora-packaging-guidelines/ [3] https://fedoraproject.org/wiki/TomCallaway [4] http://fedoraproject.org/wiki/Legal/Licenses/OPL [5] http://fedoraproject.org/wiki/Packaging:OldJPackagePolicy [6] http://fedoraproject.org/wiki/Packaging:SugarActivityGuidelines [7] http://en.opensuse.org/Template:Warning1
-- Boyd Gerber <gerberb@zenez.com> 801 849-0213 ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Boyd Lynn Gerber wrote:
Have you done the import? I would like to use these updated Guidelines for the new project we are discussing about an openSUSE LTS or openSLES.
Import is done, but the adjusting work is very slow ... :-/ Almost no one is interesting in doing this boring but very important task. You can view the status here: http://en.opensuse.org/Packaging/Status (together with links to particular imported subpages) -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Community Multiplier Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
participants (10)
-
Boyd Lynn Gerber -
Cristian Morales Vega -
Dominique Leuenberger -
Jakub 'Livio' Rusinek -
Lars Vogdt -
Ludwig Nussel -
Michal Vyskocil -
Pavol Rusnak -
Rajko M. -
Schlomo Schapiro