Search Results: "piotr"

8 September 2010

Michal Čihař: phpMyAdmin GSoC 2010 summary

GSoC 2010 is over for some time and I should write some summary how students projects ended up. The very short summary is that all five students were successful and their work got merged. Follows description of the project in no particular order. Thanks to Martynas Mickevicius you can now get charts out of various parts of phpMyAdmin. They are used on server status pages or you can get query results in form of several charts. It seems to work pretty well at least what I've tried so far. Ankit Gupta was working on Visual Query Builder for phpMyAdmin. Unfortunately this is only project which is not yet merged to master branch, mostly because some UI things were not yet finished. But hopefully it will be merged soon. Adnan Mughal was converting our schema export feature from PDF to support multiple formats. You can now get the schema as SVG, DIA or even Visio formats, some of them will require a little bit of tuning still, because the scaling is not perfect. Ninad Pundalik did a lot of work on AJAXifying phpMyAdmin. His changes touched quite a lot of places and there are still some rough edges (as you can see in our bug tracker), but this is definitely welcome improvement and I hope it will get stable soon. Piotr Przybylski basically continued in his effort two years ago when he had reimplemented setup script and now he had focused on user configuration. It can be stored in session, browser local storage (HTML 5 feature) or in separate table in phpMyAdmin configuration storage (that's new name for pmadb). This is something what people were requesting for very long time and I'm happy we can finally bring this feature. And last but not least is Lorikeet Lee, who spend lot of time on tuning user interface of phpMyAdmin. The most visible changes are on export and import pages, which now should be less scaring for new users, but there are other changes in lot of other places, for example the main page. Generally it was a great summer and I hope we will be so successful also next year. PS: You can try all these features on http://demo.phpmyadmin.net/.

Michal Čihař: phpMyAdmin GSoC 2010 summary

GSoC 2010 is over for some time and I should write some summary how students projects ended up. The very short summary is that all five students were successful and their work got merged. Follows description of the project in no particular order. Thanks to Martynas Mickevicius you can now get charts out of various parts of phpMyAdmin. They are used on server status pages or you can get query results in form of several charts. It seems to work pretty well at least what I've tried so far. Ankit Gupta was working on Visual Query Builder for phpMyAdmin. Unfortunately this is only project which is not yet merged to master branch, mostly because some UI things were not yet finished. But hopefully it will be merged soon. Adnan Mughal was converting our schema export feature from PDF to support multiple formats. You can now get the schema as SVG, DIA or even Visio formats, some of them will require a little bit of tuning still, because the scaling is not perfect. Ninad Pundalik did a lot of work on AJAXifying phpMyAdmin. His changes touched quite a lot of places and there are still some rough edges (as you can see in our bug tracker), but this is definitely welcome improvement and I hope it will get stable soon. Piotr Przybylski basically continued in his effort two years ago when he had reimplemented setup script and now he had focused on user configuration. It can be stored in session, browser local storage (HTML 5 feature) or in separate table in phpMyAdmin configuration storage (that's new name for pmadb). This is something what people were requesting for very long time and I'm happy we can finally bring this feature. And last but not least is Lorikeet Lee, who spend lot of time on tuning user interface of phpMyAdmin. The most visible changes are on export and import pages, which now should be less scaring for new users, but there are other changes in lot of other places, for example the main page. Generally it was a great summer and I hope we will be so successful also next year. PS: You can try all these features on http://demo.phpmyadmin.net/.

28 June 2010

Carl Chenet: Debian maintainer

As some of you may (or more certainly may not) have noticed reading the Debian Project News, I recently became a Debian maintainer. A hugh thanks to Sandro Tosi (morph) and Piotr O arowski (piotr) for their careful reviews of my work. And thanks to Raphael Hertzog (buxy) to pull the trigger for the beginning of my involvment in Debian. I can t wait to attend Debconf 2010. See you there ! Follow me on Identi.ca: http://identi.ca/carlchenet

31 May 2010

Piotr Galiszewski: The end of the first mockups iteration

Last week was very busy for me. Unfortunately, I spent most of my time no my study duties. An exam session is fast approaching, so in next 3 weeks the situation will not be better. But as I promised, during second part of week, I am working full time on my project.

So, here are missing mockups of future Aptitude Qt GUI:

Changes Preview tab:

Only one "Preview Tab" can be opened at the same time. Changes will be live updated here.

Resolver:

Perform Changes tab:


This time I am not too innovative. I think that current Aptitude GTK design for this tabs is quite intuitive and good-looking, so I have added only minor tweaks.

To sum up mockups topic, below are links to all presented mockups (with some comments which raises during my recent private discussions). Now, I am open for any suggestions and comments about current design. At the end of next week, second iteration will be presented. Depending of the level of required changes there could be third iteration, before sending mockups to Piotr "Patpi" Pe zowski, who is the person behind Kadu Usability Project. I am glad that he agreed to spend his spare time and help me with this task :)

Packages tab:

This tab in second iteration will have only small changes. I was told that will be nice to select multiple categories at the same time. I agree, so categories list will support multi selection. There will be also an option in configuration window (There is no mockup now. Currently, I do not know what option will be configurable and it is not the most important thing at this stage. The window will be patterned upon KDE configuration windows) to move this list on the right side of this tab.

It will be possible to have multiple "Packages tabs" opened at the same time. It will not be allowed to close first "Package Tab". Ctrl + T shortcut, action in main menu and toolbar (I have forgotten about toolbar in this iteration - maybe it is not necessary?) will open new tab. There will be also an option that each text search will do this. I will try to add shortcuts wherever is it possible to allow using the GUI without mouse.

"Show changes" button will be change to "Resolve dependencies" when necessary.

Updates widget:

Most of the comments from "Packages tab" apply here too. In the table showing updates will be also "Current Version" column.


Package Informations tab:

Only one clarification: multiple "Packages Informations" tabs for the same package will not be allowed.

I am looking forward to read any comments regarding presented design. Please leave comment below this post or contact me directly (see About Me page).

On Monday/Tuesday I will write first weekly report.

Cheers.

Piotr Galiszewski: Another mockup and official start of coding

Today, I have finished only one mockup. Designing "Package Details" tab was much harder than I had thought it would be. But here is it:

Package details:

It is not finished and requires more work (as all mockups). There are two main mockups left (Preview and Resolver tabs). They will have been finished till the end of Wednesday. Fortunately, there is still some time to finish and evaluate mockups. As I wrote before, firstly I will be coding low level classes.

Today (it is past midnight in my timezone ;) ) is also official start of coding period (It has not been announcement yet). For the next month, I will have been sharing my time between GSoC and my normal study duties. Due to that fact, most of my work will be done in second part of each week. I will write weakly updates on this blog.

So, please stay tuned and wish me good luck :)

Piotr Galiszewski: First two mockups

Here are two mockups presenting my basic ideas about future aptitude-Qt GUI:

Packages tab:


Updates tab:


Mockups for Show Package and Preview tabs will be finished tomorrow.

Any comments and constructive criticism are much appreciated.

Piotr Galiszewski: Short project update

Hello all.

Last week I was very busy, due to my university duties. On Tuesday I had my first exam in this semester (in Numerical Analysis), which took me more time than I had thought it would be.
From this reason my project is slightly behind schedule, but now I will do my best to catch the plan.

On the other hand, there are also some good news for me. Some time ago, Daniel Burrows migrated aptitude repository from mercurial to GIT. I am git user for nearly year, so I strongly support this move ;) .

Here are some basic thoughts which functionalities good package manager must have (and which approach (from aptitude-gtk, synaptic and adept) I like the most):
All of this will be elaborated in mockups. Am I forgetting something important?

The most important questions is: "What is the most common use case for package manager? Installing packages or upgrading packages?". I am not sure if this two actions require different views, or there should be only new category in install package view.

This is all now. More updates (and mockups) will be available today's midnight (or tomorrow morning). So please stay tuned :)

Piotr Galiszewski: Hello Word

Hello Planet Debian readers!

I've never thought that such a thing can ever happen, but I've started blogging ;) So now it is time to introduce myself.

My name is Piotr Galiszewski and I am second year student of computer science at AGH - University of Science and Technology in Krakow (Poland). I have been GNU/Linux user for about 5 years (mostly Debian based distributions).

Thanks for Debian and Google, this summer I will be working on creating Qt-based user interface for aptitude as my Google Summer of Code project. I hope that my mentors Sune Vuorela and Daniel Barrows will be patient with me ;) I am sure I will learn a lot from them. Please look at abstract of my project made by Debian GSoC administrator Obey Arthur Liu:
Qt GUI for aptitude. Currently, KDE users need to use Aptitude via the console interface, or install the newly developed GTK frontend, which does not fit well into KDE desktop. Making Qt frontend to Aptitude would solve this problem and bring an advanced and fully Debian-compliant graphical package manager to KDE.
As I wrote in my proposal I will split my work into three main parts:
  1. writing low level classes which will abstract aptitude signals and slots (which uses sigc++) into Qt slots and signals.
  2. creating and evaluating GUI mockups
  3. implementing GUI on top of classes from the first point
Point 1 and 2 will be made simultaneously and will take all May and half of June. Low level classes should implement all necessary functions for further use in GUI. This classes allow me to avoid direct usage of none Qt code in GUI classes and also give much more time to prepare completed and usability-wise mockups. Every mockups version will be presented and discussed on this blog. First version should be ready in next few days and updates will appear each week (or to weeks).
After finishing this two steps I will start coding GUI. With mockups and finished low level classes this should not be complicated (Yeah, I know that this is only my dream).

Full text of my proposal (including more precise time-line) can be found at Debian wiki.

Currently, project is slightly behind the schedule . It is caused by changes in my studies plan. The Juwanalia students' festival took place earlier, and yesterday it finished. But my first exam will take place one week later on 18 May, so I will have more time to catch up with time-line.

This project is my first direct contribution to Debian, but not first involvement in free software movement. I've been Kadu Instant Messenger developer for more then two year. In last two years I have been second most active developer with more than 700 commits in master branch. During GSoC period my Kadu activities will be limited. If time allows me to do this, I will be still contributing to Kadu. I still can be found at Kadu forum or #kadu channel on irc.freenode.net. I will also continue reviewing patches and fixing low time-consuming bugs.

My plans for the next few days:
If you have any thoughts about this project, please add comment to this post or contact me directly. I will be glad to read all yours opinions

Cheers

PS. As you can see English is not my mother tongue, so please forgive me my mistakes

11 May 2010

Sune Vuorela: The Debian-KDE specific things ?

So. I was wondering, which nice distro specific tools do exist in debian/gnome or in $other/kde that debian/kde is missing? We have kalternatives for managing alternatives, we have a update notifier frontend in progress and after google summer of code, hopefully a package management frontend, aptitude-qt. (Made by Piotr). But what other distribution specific tools are we missing for Debian-KDE ?

26 April 2010

Obey Arthur Liu: Welcome to our 2010 Debian Google Summer of Code students!

I d like to extend a warm welcome to our selected students for the 2010 Debian Google Summer of Code! They should pop up on Debian Planet soon and you re welcome to come talk to them on #debian-soc on irc.debian.org Aptitude Qt by Piotr Galiszewski, mentored by Sune Vuorela Qt GUI for aptitude. Currently, KDE users need to use Aptitude via the console interface, or install the newly developed GTK frontend, which does not fit well into KDE desktop. Making Qt frontend to Aptitude would solve this problem and bring an advanced and fully Debian-compliant graphical package manager to KDE. Content-aware Config Files Upgrading by Krzysztof Tyszecki, mentored by Dominique Dumont When a package deliver configuration files, the problem of merging user data with new configuration instructions will arise during package upgrades on users systems. Sometimes merging can be done with 3 way merge, but this process does not insure that the resulting file is correct or even legal. This project intends to create standards, tools an heuristics to make the scary config file conflict resolution debconf prompt a thing of the past. Debbugs Bug Reporting and Manipulation API by David Wendt Jr., mentored by Bastian Venthur Currently debbugs supports a SOAP interface for querying Debian s Bug Tracking System. Unfortunately this operation is read-only. This project would create an API for debbugs which supports sending and manipulating bug reports, without having to resort to email. This project does not intend to replace email as mean to manipulate the BTS but rather to enhance the BTS to allow other means of bug creation and manipulation. Debian High Performance Computing on Clouds by Dominique Belhachemi, mentored by Steffen Moeller The project paves a way to combine the demands in high performance computing with the dynamics of compute clouds with Debian. Combining the Eucalyptus cloud computing infrastructure with the TORQUE resource manager and preparing the components for dynamically added and removed instances provides the user with a attractive high performance computing environment. Such a system allows users to share resources with large compute centers with minimal changes in their workflow and scripts. Debian-Installer on Neo FreeRunner and Handheld Devices by Thibaut Girka, mentored by Gaudenz Steinlin This project aims to improve the installation experience of Debian on handheld devices by replacing ad-hoc install scripts by a full-blown and adapted Debian-Installer. The Neo FreeRunner is used as it is the most convenient and open device from a development standpoint, but other devices will also be explored. Hurd port and de-Linux-ization of Debian-Installer by J r mie Koenig, mentored by Samuel Thibault The primary means of distributing the Hurd is through Debian GNU/Hurd. However, the installation CDs presently use an ancient, non-native installer. The goal of this project is to port the missing parts of Debian-Installer to Hurd. To achieve this, all problematic Linux-specific code in Debian-Installer will be replaced by less or non-kernel dependent code, paving the way for better support of other non-Linux ports of Debian. Multi-Arch support in APT by David Kalnischkies, mentored by Michael Vogt Hardware like 64bit processors are perfectly able to execute 32bit opcode but until now this potentiality is disregard as the infrastructure tools like dpkg and APT are not able to install and/or solve dependencies across multiple architectures. The project therefore focuses on enabling APT to work out good solutions in a MultiArch aware environments without the need of hacky and partly working biarch packages currently in use. Package Repository Analysis and Migration Automation by Ricardo O Donell, mentored by Neil Williams Emdebian uses a filter to select packages from the main Debian repositories that are considered useful to embedded devices, excluding the majority of packages. The results of processing the filter are automated but maintaining the filter list is manual. This project seeks to automate certain elements of the filtering process to cope with specific conditions. This project will also generalize to more elaborate and intelligent algorithms to improve the transitions of the main Debian archives. Smart Upload Server for FTP Master by Petr Jasek, mentored by Joerg Jaspert Making packages upload smarter, more interactive and painless for uploaders by switching from anonymous FTP and Cron jobs to a robust protocol and modern package checking and processing daemon. This daemon would test early and report early, saving developers time. More details coming soon on http://wiki.debian.org/gsoc Congratulations everyone and have a fruitful summer!

28 March 2010

Stefano Zacchiroli: RC bugs of the week - issue 25

RCBW - #25 Last (long) week has finally passed: first in Geneve visiting Gismo, then in Sierre/Crans-Montana to present a paper at SAC 2010, then back in Paris for half a day before a day in Bruxelles for the 2nd year Mancoosi project review. (And of course campaigning has always been going on ...) All went fine and I can finally relax a bit for a week-end back "home" (i.e. Paris). Regarding RCBW, it looks like that in the past 2 months I've stabilized around 3 issues per month, which makes me happy nevertheless. Without any further ado, here are this weekissue's squashes: Random points:

4 March 2010

Uwe Hermann: libopenstm32 - a Free Software firmware library for STM32 ARM Cortex-M3 microcontrollers

Olimex STM32-H103 eval board I guess it's time to finally announce libopenstm32, a Free Software firmware library for STM32 ARM Cortex-M3 microcontrollers me and a few other people have been working on in recent weeks. The library is licensed under the GNU GPL, version 3 or later (yes, that's an intentional decision after some discussions we had). The code is available via git:
 $ git clone git://libopenstm32.git.sourceforge.net/gitroot/libopenstm32/libopenstm32
 $ cd libopenstm32
 $ make
Building is done using a standard ARM gcc cross-compiler (arm-elf or arm-none-eabi for instance), see the summon-arm-toolchain script for the basic idea about how to build one. The current status of the library is listed in the wiki. In short: some parts of GPIOs, UART, I2C, SPI, RCC, Timers and some other basic stuff works and has register definitions (and some convenience functions, but not too many, yet). We're working on adding support for more subsystems, any help with this is highly welcome of course! Luckily ARM stuff (and especially the STM32) has pretty good (and freely available) datasheets. We have a few simple example programs, e.g. for the Olimex STM32-H103 eval board (see photo). JTAG flashing can be done using OpenOCD, for example. Feel free to join the mailing lists and/or the #libopenstm32 IRC channel on Freenode. The current list of projects where we plan to use this library is Open-BLDC (an Open Hardware / Free Software brushless motor controller project by Piotr Esden-Tempski), openmulticopter (an Open Hardware / Free Software quadrocopter/UAV project), openbiosprog (an Open Hardware / Free Software BIOS chip flash programmer I'm in the process of designing using gEDA/PCB), and probably a few more. If you plan to work on any new (or existing) microcontroller hardware- or software-projects involving an STM32 microcontroller, please consider using libopenstm32 (it's the only Free Software library for this microcontroller family I know of) and help us make it better and more complete. Thanks!

5 February 2010

Carl Chenet: python-memcache 1.45 in unstable


The new upstream version of python-memcache was uploaded yesterday in unstable (thanks Piotr!). Python-memcache is a 100% Python library to interact with your memcached server, typically to store and retrieve data. But you can think of a wide range of uses, e.g writing a plugin to monitor your memcached server. Hmm tomorrow I ll need a 3-hour road trip to reach the Fosdem and it s late already. See you there!

Carl Chenet: python-jabberbot 0.9 in Debian


The new upstream version of python-jabberbot was uploaded yesterday in unstable (thanks Piotr!). Python-jabber is a Python library which makes easy to write your own Jabber bot. /usr/share/doc/python-jabberbot/examples/broadcast.py is a good example of a *really simple* Jabber bot and could be a good start if you need one.

19 November 2009

Josselin Mouette: Why python2.6 is still not in unstable

Getting python2.6 as the default ASAP is currently the #1 priority for the Python modules team. I also consider it very important and tried to help with it, but it is starting to get depressing. The plan is to fix all packages in unstable to be compatible with python2.6 first. This would be easy if there hadn t been a very badly planned change in the installation paths that came together. Because of it, quite a number of packages have to be fixed. Two months ago, I filed a lot of bugs in that order. I missed a number of issues, but overall, almost all packages have been fixed, thanks to Kumar Appaiah, Bastian Venthur and everyone else who sent patches and NMUs. One of the biggest issues, though, comes from python-central. Since it doesn t handle some of the new paths that were introduced (which is somehow ironic, since the python-central maintainer, Matthias Klose, is also the python maintainer who did this change), a large number of packages FTBFS when built against python2.6. In Ubuntu, it turned out to be a giant mess, most packages using python-central needing changes, and we wanted to avoid that. This is why Piotr O arowski sent a NMU for python-central that fixes these issues for good. Guess what happened? Matthias Klose uploaded a new version that does not include the python2.6 fixes, completely discarding the work that has been done. And of course, making the upload of python2.6 to unstable, which was ready to be done in a few days, impossible. I think it s fine if Ubuntu maintainers don t have the time to handle their packages in Debian. But it is clearly not acceptable to hold back development in Debian, nor to treat it as a garbage dumpster where you can send all the crappy software solutions that were badly designed in Ubuntu to duplicate them in Debian. This is what Matthias has been doing for several years. For how long are we going to tolerate such behavior? For how long will we leave such a critical package in the hands of a single person with no interest in Debian?

27 September 2009

Carl Chenet: Python-keyring in Debian


I have been introducing the Python Keyring library in this previous post. At that time I was looking for a sponsor and thanks to Piotr O arowski, python-keyring is now available in Sid. What for ?
  • You can access the keyring you use on your system (Gnome-keyring, KWallet) to store your app s passwords.
  • It s a unified access to keyrings that the Python Keyring library provides, meaning you can easely write your own backend for your keyring software.
  • You can create your own keyring, crypted on a file, still with the same library.
  • Keyrings are cool and this library provides a great way to play with them, from your Python applications.
  • When mature, the Keyring library will be integrated in the official Python module getpass, which means you re not learning yet-another-soon-unmaintained library.
How ? The source package provides three binary packages :
  • python-keyring : the Keyring library without the support of both Gnome-keyring and KWallet.
  • python-keyring-gnome : the support for Gnome-keyring.
  • python-keyring-kwallet : the support for KWallet.
If you use passwords in your Python apps, it s worth to give python-keyring a try.

4 March 2009

Uwe Hermann: Building an ARM cross-toolchain with binutils, gcc, newlib, and gdb from source

I've been planning to write about building custom ARM toolchains for a while (I used stuff from gnuarm.com in the past, but I switched to the lastest and greatest upstream versions at some point). Among other things, recent upstream versions now have ARM Cortex support. First you will need a few base utilities and libs:
  $ apt-get install flex bison libgmp3-dev libmpfr-dev autoconf texinfo build-essential
Then you can use my tiny build-arm-toolchain script, which will download, build, and install the whole toolchain:
  $ cat build-arm-toolchain
  #!/bin/sh
  # Written by Uwe Hermann <uwe@hermann-uwe.de>, released as public domain.
  TARGET=arm-elf                         # Or: TARGET=arm-none-eabi
  PREFIX=/tmp/arm-cortex-toolchain       # Install location of your final toolchain
  PARALLEL="-j 2"                        # Or: PARALLEL=""
  BINUTILS=binutils-2.19.1
  GCC=gcc-4.3.3
  NEWLIB=newlib-1.17.0
  GDB=gdb-6.8
  export PATH="$PATH:$PREFIX/bin"
  mkdir build
  wget -c http://ftp.gnu.org/gnu/binutils/$BINUTILS.tar.bz2
  tar xfvj $BINUTILS.tar.bz2
  cd build
  ../$BINUTILS/configure --target=$TARGET --prefix=$PREFIX --enable-interwork --enable-multilib \
    --with-gnu-as --with-gnu-ld --disable-nls
  make $PARALLEL
  make install
  cd ..
  rm -rf build/* $BINUTILS $BINUTILS.tar.bz2
  wget -c ftp://ftp.gnu.org/gnu/gcc/$GCC/$GCC.tar.bz2
  tar xfvj $GCC.tar.bz2
  cd build
  ../$GCC/configure --target=$TARGET --prefix=$PREFIX --enable-interwork --enable-multilib \
    --enable-languages="c" --with-newlib --without-headers --disable-shared --with-gnu-as --with-gnu-ld
  make $PARALLEL all-gcc
  make install-gcc
  cd ..
  rm -rf build/* $GCC.tar.bz2
  wget -c ftp://sources.redhat.com/pub/newlib/$NEWLIB.tar.gz
  tar xfvz $NEWLIB.tar.gz
  cd build
  ../$NEWLIB/configure --target=$TARGET --prefix=$PREFIX --enable-interwork --enable-multilib \
    --with-gnu-as --with-gnu-ld --disable-nls
  make $PARALLEL
  make install
  cd ..
  rm -rf build/* $NEWLIB $NEWLIB.tar.gz
  # Yes, you need to build gcc again!
  cd build
  ../$GCC/configure --target=$TARGET --prefix=$PREFIX --enable-interwork --enable-multilib \
    --enable-languages="c,c++" --with-newlib --disable-shared --with-gnu-as --with-gnu-ld
  make $PARALLEL
  make install
  cd ..
  rm -rf build/* $GCC
  wget -c ftp://ftp.gnu.org/gnu/gdb/$GDB.tar.bz2
  tar xfvj $GDB.tar.bz2
  cd build
  ../$GDB/configure --target=$TARGET --prefix=$PREFIX --enable-interwork --enable-multilib
  make $PARALLEL
  make install
  cd ..
  rm -rf build $GDB $GDB.tar.bz2
The final toolchain is located in /tmp/arm-cortex-toolchain per default, and is ca. 170 MB in size. I explicitly created the build script in such a way that it minimizes the amount of disk space used during the build (ca. 1.2 GB or so, compared to more than 3 GB in the "naive" approach). Using the "-j 2" option for make (see script) you can speed up the build quite a bit on multi-core machines (ca. 30 minutes vs. 60 minutes on an AMD X2 dual-core box). Also, you can change the script to build for other target variants if you want to (arm-elf or arm-none-eabi, for example). Checkout the blog entry How to build arm gnu gcc toolchain for Mac OS X by Piotr Esden-Tempski for similar instructions for Mac OS X users. Oh, and while I'm at it does anybody have any idea why there are no pre-built toolchains for embedded (microcontroller) ARM targets in Debian? There are some toolchains for other microcontroller architectures (avr, m68hc1x, h8300, z80) but not too much other stuff. Is there some specific reason for the missing ARM toolchains (other than "nobody cared enough yet")? I have heard about Emdebian, but from a quick look that seems to be more intended for toolchains with Linux/libc, not for microcontroller firmware (i.e. no MMU, no Linux, no libc etc.), but maybe I'm wrong?

15 January 2009

Kapil Paranjape: Securing Synchronisation with unison (Mostly Wrong)

There are a number of documents about how to permit ssh access to run rsync or unison for remote synchronisation by an appropriate configuration of the authorized_keys file. Of these the best two are probably those by St phane Kattoor and Christian 'Greek0' Aichinger. Joey Hess also explains some of the pitfalls. The problem is the familiar one: to limit the file-system hierarchy accessible. The humble chroot is a natural way to implement such restrictions which is probably what led "Greek0" to suggest the use of dchroot. This is indeed a fine solution ... except, how does one implement it if one is not root on the server machine? WARNING: The rest of this entry is wrong as was pointed out by Joey Hess. See the update at the bottom. The package fakechroot by Piotr Roszatycki provides a way out. The problem I had was as follows: A recent enough version of fakechroot (version 2.8 worked) allows one to do make use of environment variables as follows:
LD_PRELOAD=libfakechroot.so
LD_LIBRARY_PATH=/usr/lib/fakechroot:/usr/lib64/fakechroot:/usr/lib32/fakechroot:/usr/lib:/lib
FAKECHROOT=true
FAKECHROOT_VERSION=2.8
FAKECHROOT_EXCLUDE_PATH=/bin:/lib:/usr
export LD_LIBRARY_PATH LD_PRELOAD
export FAKECHROOT_EXCLUDE_PATH FAKECHROOT FAKECHROOT_VERSION

After this setup one can run
HOME=/ chroot $HOME/some/dir /usr/bin/unison -server

and the unison server1 will only be able to view /bin, /lib, /usr and $HOME/some/dir; the latter will be mapped to /. (One needs to set the $HOME variable to something sensible for unison to function.) One should not be tempted to create subdirectories of $HOME/some/dir containing only the "relevant" portions of the system directories for unison. The reason is that those files will be created as me and so could be overwritten by unison. The creation of a suitable entry in authorized_keys to use this is an easy exercise! UPDATE: As Joey Hess has noted:
Taking a program, be it fakechroot or unison, that was never designed with security in mind, and trying to use it as a security barrier, is an open invitation to pain.
I had thought about the problem of uploading static-linked binaries and had imagined that it had been overcome. However, the basic facts in this case are:

  1. For those trying this out at $HOME with some terminal command like /bin/sh instead of /usr/bin/unison a suggestion is to add /dev to the FAKEROOT_EXCLUDE_PATH variable so that you have access to your terminal. Be aware that giving remote access to /dev may have unintended consequences!

23 December 2008

Emilio Pozuelo Monfort: Collaborative maintenance

The Debian Python Modules Team is discussing which DVCS to switch to from SVN. Ondrej Certik asked how to generate a list of commiters to the team s repository, so I looked at it and got this:
emilio@saturno:~/deb/python-modules$ svn log egrep "^r[0-9]+ cut -f2 -d sed s/-guest// sort uniq -c sort -n -r
865 piotr
609 morph
598 kov
532 bzed
388 pox
302 arnau
253 certik
216 shlomme
212 malex
175 hertzog
140 nslater
130 kobold
123 nijel
121 kitterma
106 bernat
99 kibi
87 varun
83 stratus
81 nobse
81 netzwurm
78 azatoth
76 mca
73 dottedmag
70 jluebbe
68 zack
68 cgalisteo
61 speijnik
61 odd_bloke
60 rganesan
55 kumanna
52 werner
50 haas
48 mejo
45 ucko
43 pabs
42 stew
42 luciano
41 mithrandi
40 wardi
36 gudjon
35 jandd
34 smcv
34 brettp
32 jenner
31 davidvilla
31 aurel32
30 rousseau
30 mtaylor
28 thomasbl
26 lool
25 gaspa
25 ffm
24 adn
22 jmalonzo
21 santiago
21 appaji
18 goedson
17 toadstool
17 sto
17 awen
16 mlizaur
16 akumar
15 nacho
14 smr
14 hanska
13 tviehmann
13 norsetto
13 mbaldessari
12 stone
12 sharky
11 rainct
11 fabrizio
10 lash
9 rodrigogc
9 pcc
9 miriam
9 madduck
9 ftlerror
8 pere
8 crschmidt
7 ncommander
7 myon
7 abuss
6 jwilk
6 bdrung
6 atehwa
5 kcoyner
5 catlee
5 andyp
4 vt
4 ross
4 osrevolution
4 lamby
4 baby
3 sez
3 joss
3 geole
2 rustybear
2 edmonds
2 astraw
2 ana
1 twerner
1 tincho
1 pochu
1 danderson
As it s likely that the Python Applications Packaging Team will switch too to the same DVCS at the same time, here are the numbers for its repo:

emilio@saturno:~/deb/python-apps$ svn log egrep "^r[0-9]+ cut -f2 -d sed s/-guest// sort uniq -c sort -n -r
401 nijel
288 piotr
235 gothicx
159 pochu
76 nslater
69 kumanna
68 rainct
66 gilir
63 certik
52 vdanjean
52 bzed
46 dottedmag
41 stani
39 varun
37 kitterma
36 morph
35 odd_bloke
29 pcc
29 gudjon
28 appaji
25 thomasbl
24 arnau
20 sc
20 andyp
18 jalet
15 gerardo
14 eike
14 ana
13 dfiloni
11 tklauser
10 ryanakca
10 nxvl
10 akumar
8 sez
8 baby
6 catlee
4 osrevolution
4 cody-somerville
2 mithrandi
2 cjsmo
1 nenolod
1 ffm
Here I m the 4th most committer :D And while I was on it, I thought I could do the same for the GNOME and GStreamer teams:
emilio@saturno:~/deb/pkg-gnome$ svn log egrep "^r[0-9]+ cut -f2 -d sed s/-guest// sort uniq -c sort -n -r
5357 lool
2701 joss
1633 slomo
1164 kov
825 seb128
622 jordi
621 jdassen
574 manphiz
335 sjoerd
298 mlang
296 netsnipe
291 grm
255 ross
236 ari
203 pochu
198 ondrej
190 he
180 kilian
176 alanbach
170 ftlerror
148 nobse
112 marco
87 jak
84 samm
78 rfrancoise
75 oysteigi
73 jsogo
65 svena
65 otavio
55 duck
54 jcurbo
53 zorglub
53 rtp
49 wasabi
49 giskard
42 tagoh
42 kartikm
40 gpastore
34 brad
32 robtaylor
31 xaiki
30 stratus
30 daf
26 johannes
24 sander-m
21 kk
19 bubulle
16 arnau
15 dodji
12 mbanck
11 ruoso
11 fpeters
11 dedu
11 christine
10 cpm
7 ember
7 drew
7 debotux
6 tico
6 emil
6 bradsmith
5 robster
5 carlosliu
4 rotty
4 diegoe
3 biebl
2 thibaut
2 ejad
1 naoliv
1 huats
1 gilir

emilio@saturno:~/deb/pkg-gstreamer$ svn log egrep "^r[0-9]+ cut -f2 -d sed s/-guest// sort uniq -c sort -n -r
891 lool
840 slomo
99 pnormand
69 sjoerd
27 seb128
21 manphiz
8 he
7 aquette
4 elmarco
1 fabian
Conclusions:
- Why do I have the full python-modules and pkg-gstreamer trees, if I have just one commit to DPMT, and don t even have commit access to the GStreamer team?
- If you don t want to seem like you have done less commits than you have actually done, don t change your alioth name when you become a DD ;) (hint: pox-guest and piotr in python-modules are the same person)
- If the switch to a new VCS was based on a vote where you have one vote per commit, the top 3 commiters in pkg-gnome could win the vote if they chosed the same! For python-apps it s the 4 top commiters, and the 7 ones for python-modules. pkg-gstreamer is a bit special :)

16 September 2008

Sandro Tosi: Ignition sequence. All engines are started. We have ignition. 2, 1, zero. We have a DD!! We have a DD!!

I just receive The Mail (tm) from weasel, and I can't be happier that this (mh, is my life too boring?): I just become a DD!!!!!!! Please join my happiness in this achievement!!

I'd like to thank all the people helped me in my way to Debian, both for a long and fruitful collaboration or for just a mail exchange, both for kind people and rude ones (ah, we all have our own character, so never mind :) ) and in doing this I'm sure I'll forget someone (so please excuse me for this, you're in my mind tough): so thank you Tony, Bernd, Piotr, Thomas, Vincent, Adeodato, Lucas, Luk, Sune, Joerg (yeah, I'm brave :) ), Paul, and many others!

Of course, congrats go also to my other colleagues that "laureate" with me in Mid September DD Class :D

Next.

Previous.