Re: libraries missing on F22 and higher
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Note that is not just a fc? vs fc23 issue; just for example:
1) Which RPMFusion packages use %license?
(http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text)
$ repoquery -f /usr/share/licenses/* --disablerepo=fedora,updates
- --enablerepo=rpmfusion-free-updates-testing
or
$ repoquery -f /usr/share/licenses/* --disablerepo=fedora,updates
- --enablerepo=rpmfusion-free
And which ones push a COPYING in a bad directory?
$ repoquery -f /usr/share/doc/*/COPYING* --disablerepo=fedora,updates
- --enablerepo=rpmfusion-free
2) Which RPMFusion packages are **rebuilt** by including hardening flags?
(http://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags
https://fedoraproject.org/wiki/Changes/Harden_All_Packages)
Just for example I chosen that most famous:
$ rpm -qa ffmpeg
ffmpeg-2.8.3-1.fc23.x86_64
(Good! It has been rebuilt for F23)
$ rpm -q --list ffmpeg | grep bin
/usr/bin/ffmpeg
/usr/bin/ffplay
/usr/bin/ffprobe
/usr/bin/ffserver
/usr/bin/qt-faststart
# checksec --file /usr/bin/ffmpeg
Ops! 'Partial RELRO' and 'No PIE' warnings
$ rpm -qa ffmpeg-compat
ffmpeg-compat-0.6.7-9.fc23.x86_64
(Ops! Still fc22 but okay, it's working)
$ rpm -q --list ffmpeg | grep COPYING
/usr/share/doc/ffmpeg/COPYING.GPLv2
/usr/share/doc/ffmpeg/COPYING.GPLv3
/usr/share/doc/ffmpeg/COPYING.LGPLv2.1
/usr/share/doc/ffmpeg/COPYING.LGPLv3
(Ops! Packaging rules violation)
$ rpm -q --list ffmpeg-compat | grep lib
/usr/lib64/libavcodec.so.52
/usr/lib64/libavcodec.so.52.72.2
/usr/lib64/libavdevice.so.52
/usr/lib64/libavdevice.so.52.2.0
/usr/lib64/libavfilter.so.1
/usr/lib64/libavfilter.so.1.19.0
/usr/lib64/libavformat.so.52
/usr/lib64/libavformat.so.52.64.2
/usr/lib64/libavutil.so.50
/usr/lib64/libavutil.so.50.15.1
/usr/lib64/libpostproc.so.51
/usr/lib64/libpostproc.so.51.2.0
/usr/lib64/libswscale.so.0
/usr/lib64/libswscale.so.0.11.0
# checksec --file /usr/lib64/libavcodec.so.52.72.2
Ops! 'Partial RELRO' warning
Therefore, am I exagerrating? Okay, but please don't tell me that ALL
RPMFusion packages respect packaging guidelines of Fedora.
- --
Antonio Trande
mailto: sagitter 'at' fedoraproject 'dot' org
http://fedoraos.wordpress.com/
https://fedoraproject.org/wiki/User:Sagitter
GPG Key: 0x565E653C
Check on https://keys.fedoraproject.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWhRoTAAoJEF5tK7VWXmU8iswH/0b1wEDOAlKW10xYt5rhwq2R
41irVEf/VMbB8wARDDWLXVxlWAeVy/NEcKcQfVaHYYets1zZyykyXXIgNej2kM2L
2SQBWiAfIzTncVO9nEkjlpKmfWLbDgzM2T75gq8ifC0yi7ZZttv3qmLyLDuLWF57
0oiLDEtlIF9MkWixxfCVnOVKq5w2vGE8GzimhYxVv7x6YHHEuGny4dMTL9K80rxv
RxJQ/lDIrQAuIc4+i/wW64g0sISIVYVPevxwFXTsprpALrorOCTTsapA0xUwq5rf
yMiSfOM6mcU2tq5ywg4YKivtaqlAXlg0+4wGAolzMUznI9C97K8/PZQpurZOpeY=
=1u9b
-----END PGP SIGNATURE-----