open-eid / linux-installer

Ubuntu meta package
55 stars 21 forks source link

Support Fedora (CentOS/RedHat) #13

Closed abitrolly closed 6 years ago

abitrolly commented 7 years ago

I'd like to update my certificate from Fedora. There are no packages, no build files for, it and no Makefile to build the tool myself.

abitrolly commented 7 years ago

From description at https://github.com/open-eid/linux-installer/blob/master/debian/control it looks like the primary tool that I need is qesteidutil.

metsma commented 7 years ago

Feel free to help upstream package maintainers https://admin.fedoraproject.org/pkgdb/package/rpms/qesteidutil/

abitrolly commented 7 years ago

It is not packaged for latest Fedora releases - https://apps.fedoraproject.org/packages/qesteidutil - looks like this open source support plan is not very effective. )

vodolaz095 commented 6 years ago

i'll be grateful, if release for Fedora 26 would be present!

gitcoinbot commented 6 years ago

This issue now has a funding of 0.045 ETH (21.76 USDT) attached to it.

owocki commented 6 years ago

hi from gitcoin.co -- doing my best to source someone to turn this around. will keep yall posted

owocki commented 6 years ago

still working on it..

step21 commented 6 years ago

I am quite familiar with debian packages, but still seems like a lot of work for that bounty. Have you tried to use alien https://sourceforge.net/projects/alien-pkg-convert/ It should also be available in fedora...

gitcoinbot commented 6 years ago

The funding of 0.045 ETH (33.2 USD) attached has been claimed by @muhammaddava1321.

@muhammaddava1321, please leave a comment to let the funder (@abitrolly) and the other parties involved your implementation plan. If you don't leave a comment, the funder may expire your claim at their discretion.

abitrolly commented 6 years ago

@step21 you can find former work here - https://admin.fedoraproject.org/pkgdb/package/rpms/qesteidutil/

abitrolly commented 6 years ago

Ad for bounty, this is all I can get for this issue. If you can convince guys from this project to set a maintenance fund for different package maintainers - that will help to increase the funding.

step21 commented 6 years ago

@abitrolly thanks. ok that would make it easier. Did you try just installing the older package? Somtimes that works, esp version jump from 25 to 26 is not that big. Just trying this before installing fedora packaging tools etc...

owocki commented 6 years ago

@muhammaddava1321 mind popping in and letting us nkow what we can expect from you/

owocki commented 6 years ago

@muhammaddava1321 if we dont hear from you soon we will need to reject your claim so that someone who can make this a prioroity takes the issue

abitrolly commented 6 years ago

@step21 what is the proper way to install older package?

~ sudo dnf install qesteidutil
Last metadata expiration check: 0:09:18 ago on Fri 29 Dec 2017 12:28:01 AM +03.
No match for argument: qesteidutil
Error: Unable to find a match
step21 commented 6 years ago

Mmmh, looks like it is not available anymore on fedora pkgdb. What you can anyway try - download the newest one here from rpmfind, which is 3.12 and for fedora 25 should be new enough http://rpmfind.net/linux/rpm2html/search.php?query=qesteidutil(x86-64) Then install with sudo yum localinstall <path to downloaded package Obviously replace the <> with the path to the package you downloaded and the package name. If that doesn't work, it should not be too hard to build from the source package, because that is still available at https://admin.fedoraproject.org/pkgdb/package/rpms/qesteidutil/ http://pkgs.fedoraproject.org/cgit/rpms/qesteidutil.git/

abitrolly commented 6 years ago

There is no point to run the old version that doesn't fix problem with hacked ids. How to build newest version from source?

step21 commented 6 years ago

Mmh ok sorry it looked fairly recent to me at first. Clone the soure package from http://pkgs.fedoraproject.org/cgit/rpms/qesteidutil.git/ then build an rpm from that. Maybe I can do it tonight if I don't do anything else.

owocki commented 6 years ago

@abitrolly i suggest rejecting @muhammaddava1321's claim on this issue due to radio silence from him/her. lets open up the issue for someone else to claim.

you can do so at https://gitcoin.co/funding/details?url=https://github.com/open-eid/linux-installer/issues/13

step21 commented 6 years ago

I started a build project on open build service, but so far it only builds successfully on fedora 25 because of some patch problem. However I also saw that some other guy published a temporary repo. You have to put it into fedora software sources I guess, I couldn't test it. Maybe that works for you. https://github.com/open-eid/qesteidutil/issues/78#issuecomment-347653717

step21 commented 6 years ago

You can now find my build here: https://build.opensuse.org/package/binaries/home:fl0id/qesteidutil?repository=Fedora_26

owocki commented 6 years ago

@abitrolly would you mind rejecting the current claimee's claim at https://gitcoin.co/funding/details?url=https://github.com/open-eid/linux-installer/issues/13 ? since they no-showed, id love to let @step21 claim it

abitrolly commented 6 years ago

@owocki does rejecting cancel funding? The interface is not clear about it.

abitrolly commented 6 years ago

The issue is free to claim, @step21. )

I looked if I can package it myself, but I couldn't find sufficiently short tutorial or at least a picture with process overview get started. All I understood is that I need a .spec file. Then there are lengthy guidelines, which carry too much bloody details.

If you already experienced with packaging, maybe https://github.com/jordansissel/fpm would be a better way.

step21 commented 6 years ago

Thanks! I saw, but yesterday I had some problems to claim it as described here: https://github.com/MetaMask/metamask-extension/issues/1081#issuecomment-355372620 Did you see the rpm link I posted, did that work? You can download it from there directly, but you can also add it as a repo with this url https://download.opensuse.org/repositories/home:/fl0id/Fedora_26/home:fl0id.repo (please note, while this is a service on an open suse server, the packages have nothing to do with suse but are based on a fedora spec file. I created it and if you need any changes, let me know) (as stated above, others are also working independently to bring it back to the official repos, but no idea how long that will take) I could also write a short report on the work if you would like to know for the future.

abitrolly commented 6 years ago

@step21 I would be interested to see it officially resurrected in Fedora repo, where it could get more security reviews.

step21 commented 6 years ago

This is being worked on independently, it doesn't really make sense or make it faster for me to duplicate that effort and this was not mentioned in the bounty/thread before. You can track the status of this here https://bugzilla.redhat.com/show_bug.cgi?id=1519323 (no idea how long it will take) However please be advised, that this does not include (as for many packages in most distributions) any kind of security review. As long as it confirms to packaging guidelines etc it is as reasonably secure as any other program, but mostly upstream (the original authors) is responsible for writing secure code, as everywhere else. Anyway, did you test the packages I built so far? I could run them, but I cannot test them properly as I do not have an effected ID card and even if I had I am pretty sure you can just update once.

abitrolly commented 6 years ago

@step21 I can only test binaries coming from official Fedora channels, sorry for not making it clear in the first place. This ticket and bounty is not about "compiling package for me". It is about supporting Fedora in proper way provided by this operating system, through its official channels.

There is also a security concern about running packages with critical software from other people servers, even if those people are with good intentions. Fedora builds are controlled, so that they are build from verified sources and no modification are made except those that are written in package spec. I can't be sure that your packages were not modified by you or any 3rd party, and don't want to risk my keys. Sorry about that.

abitrolly commented 6 years ago

I didn't notice https://bugzilla.redhat.com/show_bug.cgi?id=1519323 in the first place. There is no sense to duplicate efforts, and I wish we had noticed @Germano0 work faster, so he could claim the bounty.

abitrolly commented 6 years ago

@step21 I don't mind splitting the bounty if you can help resolve remaining issues in https://bugzilla.redhat.com/show_bug.cgi?id=1519323.

@owocki it is possible to split the bounty, right?

Germano0 commented 6 years ago

If you are a Fedora user you can temporarily use my Copr repository https://copr.fedorainfracloud.org/coprs/germano/este-id-card-tools/ Why este id packages are not yet available in official Fedora repositories? Because Fedora packages guidelines are very strict and packages review take some amount of time. During past weeks I have been very busy, but now I am resuming the package reviews process, for example I have just updated https://bugzilla.redhat.com/show_bug.cgi?id=1519747 and https://bugzilla.redhat.com/show_bug.cgi?id=1519749

step21 commented 6 years ago

Yeah, that was not really clear. You still might consider my package, as on closer inspection the spec file in the bugzilla thread is only fedora 27, unless I am missing the part where there is one for 26.

I know that it is not only about 'compiling packages for you' but that is why I also asked multiple times what you would prefer (before and after I had seen the bugzilla report). As I have also said, I did not build the packages on my own server, but they are built by the opensuse build service, which is very established in the community and can be used to built software for all kinds of distributions, and is in no way specific to suse. (in fact I enabled only fedora packages) It creates a container with a fedora system, just for building, and then this container is discarded. As stated, I could also provide instructions to build it yourself, from some points of view that would be even more secure than using a fedora package, unless you do not trust the original authors but then well... better not use it :) ( @Germano0 I also indirectly mentioned your copr repository when linking to your comment in the other repository, but I guess they did not see it or like it ) We could also try to have it included with the original repository, so that maybe in the future open-eid could provide it themselves - as really, having it as a fedora package does not make it more secure. Whether they would be open for that I do not know.

That said, if claiming works again for me and I try to push this to get included with/for fedora 26, I would like the full bounty, as I only saw the bugzilla thread when my package was already building on the build service, overall I spent quite some time on this already and I assumed your priority would be updating your card as fast as possible, instead of waiting for a package included with fedora, which by most accounts, does not make it more secure in itself. Lastly, with transaction fees as they are, it makes even less sense to split I think as I might pay up to 50 % as transactions fees and then I would just rather leave it I think.

Germano0 commented 6 years ago

I really have no time to follow the whole discussion, so I can shortly summarise:

Best regards

abitrolly commented 6 years ago

Thank you @Germano0 for settling things up. We are still experimenting with this bounty system, and it will take some time to bring up mechanics that makes problem solving fun for all participants.

@step21 I apologize again that I missed links to bugzilla that you've sent in previous posts. With rolling update model of Fedora, I don't think it is valuable to port to 26. But making .spec files native for this repository with instruction how to update/maintain this package in Fedora will make it fair to claim for full bounty. I think neither me nor @Germano0 mind if Fedora will get more collection maintainers thanks to your contribution. :)

step21 commented 6 years ago

Ok, cool. By native you mean on the fedora bugzilla or in the github source? (like for example debian spec like files are included there)

abitrolly commented 6 years ago

By native I mean that this Github repo will contain all necessary files in fedora/ subdir along with instructions in README.md to build and install Fedora package from scratch. Like Debian, right.

To avoid bitrot this repo should also contain instructions how to compare packaging files with files in Fedora repo and explanation of how to sync those files. This requires description of what steps are required to push changes on Fedora side. The doc may go into separate file.

gitcoinbot commented 6 years ago

The funding of 0.045 ETH (45.85 USD) attached has been claimed by @step21.

@step21, please leave a comment to let the funder (@abitrolly) and the other parties involved your implementation plan. If you don't leave a comment, the funder may expire your claim at their discretion.

owocki commented 6 years ago

@owocki does rejecting cancel funding? The interface is not clear about it.

sorry for the radio silence @abitrolly . was away skiing this weekend.

not it doesnt. it just rejects the current claim. i will update the interface.. thanks!

owocki commented 6 years ago

@step21 👋 good to have you here :)

step21 commented 6 years ago

Hi @abitrolly I submitted a PR now to the qesteidutil. https://github.com/open-eid/qesteidutil/pull/89 Please let me know what you think. I tried to make the instructions clear and not assume too much, but of course not everything can be covered.

step21 commented 6 years ago

Everything is reviewed now and will hopefully be merged soon.

vs77bb commented 6 years ago

@step21 Fantastic! cc @owocki

step21 commented 6 years ago

Merged now

owocki commented 6 years ago

@abitrolly mind releasing the funds to @step21 at https://gitcoin.co/funding/details?url=https://github.com/open-eid/linux-installer/issues/13 ?

abitrolly commented 6 years ago

There is still no package built for F28 at https://apps.fedoraproject.org/packages/esteidcerts/ and all tickets on Bugzilla are still open, so @step21 if you can help @Germano0 with upstream review by notifying https://bugzilla.redhat.com/show_bug.cgi?id=1518957 that pagure issue is resolved and find out how to schedule F28 built - that will help to move it forward.

gitcoinbot commented 6 years ago

⚡️ A tip worth 0.045 ETH ($52.0) has been granted to @germano0 for this issue. ⚡️

Nice work @germano0, check your email for further instructions.

gitcoinbot commented 6 years ago

The funding of 0.045 ETH (53.03 USD) attached to this issue has been approved & issued to @step21.

abitrolly commented 6 years ago

Sorry for F28 reference. I meant F27 of course. Now that F27 packages are officially being built and delivered, I'd sent tips to @Germano0 and approved claim by @step21 for working on the issue.

@step21 it would be nice if I you could make a PR that will cover how to install this soft on Fedora 27 from official repos. Maybe merge wiki into README/docs, update install script to be compatible with Fedora, or merge RPM files into this dir so that this software could be built independently.

I still haven't figured out how to install the software. Will start trying with esteidcerts later.

step21 commented 6 years ago

Thank you for this. After the last post, I was indeed a bit confused, and not sure what to do. Because of the version but also because it seemed to become a never ending issue (new version, new package (new bugzilla thread), new task after having asked before if PR with instructions would cover the issue) and because I didn't really want to get involved in any disagreement between @Germano0 and Fedora. I can add a note to the qesteidutils package where I added the other things. I do not think this repo (linux-installer) is appropriate, as it explicitly states that it is for Ubuntu/Debian. For other distributions (gentoo etc) there is a seperate repo, but I am not sure if there should be one for Fedora/rpm, in my opinion as long as rpms are now built and spec files are part of source repos, this should not be necessary. You would install it from official repos exactly as any other software. I assume you are used to Fedora and how it installs software. How did you install the previous versions?

metsma commented 6 years ago

I still haven't figured out how to install the software. Will start trying with esteidcerts later.

Forget esteidcerts, its was used by libdigidoc and witch is not ported to openssl 1.1 (upstream has not confirmed that they will)