Project

General

Profile

Freedom Issue #3530

Repo Sync Happened without Filtering!

wael - 7 months ago - . Updated 7 months ago.

Status:
fixed
Priority:
freedom issue
Assignee:
-
% Done:

100%

Description

Seems like the latest repo sync happened without filtering pulling in non-free software from upstream.
You can find packages such as linux, linux-firmware, chromium, firefox, electron...etc

Subtasks

Freedom Issue #3529: [linux] Linux-libre already existfixed

Actions

History

#1

Updated by GNUtoo 7 months ago

Few days ago I pushed this commit in the blacklist repository:

commit cb48ffefa62ebc268e35661f549d03b53d0865cb
Author: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Date:   Thu Sep 14 18:24:43 2023 +0200

    Add back rp-pppoe

    Older versions of rp-pppoe were including "nonfree software
    recommendation (ServPoET)" and so they were patched with libre.patch.

    But now Arch Linux uses rp-pppoe 4.0, and there the only mention of
    ServPoET is in src/plugin.c:
        $ grep -i ServPoET -r *
        src/plugin.c:    /* Set remote_number for ServPoET */
    and we don't have files named in this way anymore:
        $ find -iname "*ServPoET*" 
    so this makes the libre.patch used not necessary anymore, so we can
    now safely use Arch Linux package.

    Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

So it's probably related.

PS: Note that at least users are still protected by your-freedom but Parabola is probably redistributing nonfree software.

Denis.

#2

Updated by bill-auger 7 months ago

yep i noticed this too - good to see so many others noticed immediately also - this will be my first task today

it is definitely not related to blacklist.git though - IIRC, i disabled the import script downloading the blacklist file on-the-fly; because cgit fails or stalls sometimes - i made it reference the installed 'your-freedom' file instead - so even if blacklist.git was somehow corrupted, it could not influence the package imports until someone manually upgrades the 'your-freedom' package on winston

#3

Updated by wael 7 months ago

  • Status changed from confirmed to fixed
#4

Updated by wael 7 months ago

  • Status changed from fixed to in progress

I thought it was OK already, but I see that some python pip packages slipped through still - hence I'm reopening.

#5

Updated by bill-auger 7 months ago

can you identify some by name? - maybe those were present before, for a different reason

i still can not explain why it happened - i did nothing to correct for it yet - the first thing i wanted to do was to save the debug logs, and let the scheduled import run normally; because i suspected that this was just a fluke that would fix itself - and apparently it did

there was one curious correlated event - around the time of the sync yesterday, parabolaweb posted about two dozen error emails to the maintenance list, all within a few minutes, and only those few minutes - i dont suppose that parabolaweb plays any role in the repo imports; but it does suggest that the server was having a bad hair day around that same time

#6

Updated by bill-auger 7 months ago

  • Status changed from in progress to fixed

Also available in: Atom PDF