Here s my (nineteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 28th month of actively contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
Crazy month, as always. Lots of things happening and lots of moving parts.
Now that I am working on Ubuntu-full time, I barely get much time to do any extra stuff. Then the massive COVID wave that has plunged India had made this month further crazier. More on that later, maybe. IDK.
Anyway, I did some Debian stuff, thanks to Salzburg BSP (more down below). I worked on the following stuff:
Mentoring for newcomers and assisting people in BSP.
Moderation of -project mailing list.
Salzburg BSP 2021
This was my first virtual BSP and the first BSP in Salzburg and it was absolutely amazing!
Many kudos to Bernd Zeimetz for organizing it so smoothly and wonderfully, for real! \o/
We had a bunch of amazing sessions, besides hacking, of course, like:
yoga,
sports,
games, and
datacenter tour -> which was super!
We also had lots of things happening at #debian-bsp-2021-szg and did a lot of work.
Whilst everything we did is available on the pad, I work on the following things:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my nineteenth month as a Debian LTS and tenth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
Issued DLA 2639-1, fixing CVE-2020-12460, for opendmarc.
For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u3.
Uploaded fluidsynth to sid, fixing CVE-2021-28421.
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.
Uploaded fluidsynth to buster-pu, fixing CVE-2021-28421.
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.
ELTS CVE Fixes and Announcements:
Issued ELA 396-1, fixing CVE-2021-23358, for underscore.
For Debian 8 jessie, these problems have been fixed in version 1.7.0~dfsg-1+deb8u1.
Issued ELA 397-1, fixing CVE-2020-1946, for spamassassin.
For Debian 8 jessie, these problems have been fixed in version 3.4.2-0+deb8u4.
Help issued ELA 401-1, fixing CVE-2021-25329 and CVE-2020-9484, for tomcat7, along with Markus.
For Debian 8 jessie, these problems have been fixed in version 7.0.56-3+really7.0.100-1+deb8u3.
Mark CVE-2021-20297/network-manager as not-affected for jessie.
Mark CVE-2021-22890/curl as not-affected for jessie and stretch.
Mark CVE-2020-7760/codemirror-js as not-affected for jessie.
Mark CVE-2021-25122/tomcat8 as not-affected for jessie.
Mark CVE-2021-XXXX/plinth as no-dsa for stretch.
Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch.
Mark CVE-2021-28374/courier-authlib as fixed in 0.58-3.1 for jessie.
Mark CVE-2021-1252/clamav as not-affected for jessie.
Mark CVE-2021-1404/clamav as not-affected for jessie.
Mark CVE-2020-4051/dojo as no-dsa for jessie.
Mark CVE-2021-29447/wordpress as not-affected for jessie.
Mark CVE-2021-29450/wordpress as not-affected for jessie.
Mark CVE-2019-20920/libjs-handlebars as ignored for stretch and jessie.
Mark CVE-2021-23369/libjs-handlebars as ignored for stretch and jessie.
Mark CVE-2020-4051/dojo as fixed in 1.15.4+dfsg1-1 for sid and bullseye.
Mark CVE-2021-28965/ruby2.7 fixed in 2.7.3-1 for sid.
Mark CVE-2020-12272/opendmarc as postponed for jessie.
Mark CVE-2021-20296, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, and CVE-2021-3479, affecting openexr, as no-dsa for jessie and stretch.
For the next library soname bump of gpsd I needed to rebuild all reverse dependencies.
As this is a task I have to do very often, I came up with some code to generate (and keep uptodate) an include for the gitlab CI.
Right now it is rather uncommented, undocumented, but works well. If you like it, MRs are very welcome.
https://salsa.debian.org/bzed/reverse-dependency-ci/
The generated files are here:
https://bzed.pages.debian.net/reverse-dependency-ci/
Usage:
Recently I joined the group of 3d printer owners and OctoPrint users. After some days I got annoyed by the fact that so far nobody seems to have thought about automatically connecting a printer to OctoPrint after turning the printer on. If you start OctoPrint after your printer, everything works fine. But here OctoPrint runs 24 7 but I turn off the printer when it is done with printing.
My solution of the problem is based on udev and systemd and should work on most recent Linux installations.
Here is my monthly update covering what I have been doing in the free software world in September 2017 (previous month):
Submitted a pull request to Quadrapassel (the Gnome version of Tetris) to start a new game when the pause button is pressed outside of a game. This means you would no longer have to use the mouse to start a new game. [...]
Made a large number of improvements to AptFS my FUSE-based filesystem that provides a view on unpacked Debian source packages as regular folders including moving away from manual parsing of package lists [...] and numerous code tidying/refactoring changes.
Sent a small patch to django-sitetree, a Django library for menu and breadcrumb navigation elements to not mask test exit codes from the surrounding shell. [...]
Updated travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds:
Merged a pull request from James McCoy to pass DEB_BUILD_PROFILES through to the build. [...]
Workaround Travis CI's HTTP proxy which does not appear to support SRV records. [...]
Run debc from devscripts if the build was successful [...] and output the .buildinfo file if it exists [...].
Fixed a few issues in local-debian-mirror, my package to easily maintain and customise a local Debian mirror via the DebConf configuration tool:
Fix an issue where file permissions from the remote could result in a local archive that was impossible to access. [...]
Clear out empty directories on the local repository. [...]
Updated django-staticfiles-dotd, my Django staticfiles adaptor to concatentate static media in .d-style directories to support Python 3.x by using bytes objects (commit) and move away from monkeypatch as it does not have a Python 3.x port yet (commit).
Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.
The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced either maliciously or accidentally during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area.
This month I:
Published a short blog post about how to determine which packages on your system are reproducible. [...]
Submitted a pull request for Numpy to make the generated config.py files reproducible. [...]
Provided a patch to GTK upstream to ensure the immodules.cache files are reproducible. [...]
Within Debian:
Updated isdebianreproducibleyet.com, moving it to HTTPS, adding cachebusting as well as keeping the number up-to-date.
Submitted the following patches to fix reproducibility-related toolchain issues:
gdk-pixbuf: Make the output of gdk-pixbuf-query-loaders reproducible. (#875704)
diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.
Filed an issue attempting to identify the causes behind an increased number of timeouts visible in our CI infrastructure, including running a number of benchmarks of recent versions. (#875324)
New features:
Add "binwalking" support to analyse concatenated CPIO archives such as initramfs images. (#820631).
Print a message if we are reading data from standard input. [...]
Bug fixes:
Loosen matching of file(1)'s output to ensure we correctly also match TTF files under file version 5.32. [...]
Correct references to path_apparent_size in comparators.utils.file and self.buf in diffoscope.diff. [...] [...]
Testing:
Make failing some critical flake8 tests result in a failed build. [...]
Numerous PEP8, flake8, whitespace, other cosmetic tidy-ups.
strip-nondeterminism
strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.
Log which handler processed a file. (#876140). [...]
disorderfs
disorderfs is our FUSE-based filesystem that deliberately introduces non-determinism into directory system calls in order to flush out reproducibility issues.
Lintian
I made a large number of changes to Lintian, the static analysis tool for Debian packages. It reports on various errors, omissions and general quality-assurance issues to maintainers:
Add 4.1.1 as a supported Standards-Version. (#875509)
Warn about Django libraries that do not depend on Django itself. (#877292)
Add a --list-tags option to print all tags Lintian knows about. (#779675)
Prevent false positives in copyright-year-in-future when matching URLs, the Tcl license (#876360) and "meta" statements such as "Original Author" (#873323).
Update the description of unknown-testsuite to reflect that autopkgtest is not the only valid value. (#876003)
Apply patch from Guillem Jover to add more package section mappings. (#874121)
Update the data/fields/perl-provides and data/fields/virtual-packages files from the archive; the latter fixes a false positive in bacula-director. (#835120)
Apply a patch from Jakub Wilk to prevent test failures on armhf/arm64, etc. (#877147)
Apply patch from Gianfranco Costamagnato fix a failing LFS test on 32-bit architectures. (#876343)
Correct Depends of python2.7python3 in Python 3 test package.
Update private/generate-tag-summary to ensure that git-describe(1) will always emit 7 hexadecimal digits as the abbreviated object name, use deb.debian.org as the default mirror, and update the remote locations of Contents-<arch> files.
Issued DLA 1084-1 and DLA 1085-1 for libidn and libidn2-0 to fix an integer overflow vulnerabilities in Punycode handling.
Issued DLA 1091-1 for unrar-free to prevent a directory traversal vulnerability from a specially-crafted .rar archive. This update introduces an regression test.
Issued DLA 1092-1 for libarchive to prevent malicious .xar archives causing a denial of service via a heap-based buffer over-read.
4.0.2-2 Update 0004-redis-check-rdb autopkgtest test to ensure that the redis.rdb file exists before testing against it.
4.0.2-2~bpo9+1 Upload to stretch-backports.
aptfs (0.11.0-1) New upstream release, moving away from using /var/lib/apt/lists internals. Thanks to Julian Andres Klode for a helpful bug report. (#874765)
lintian (2.5.53, 2.5.54) New upstream releases. (Documented in more detail above.)
Here is my monthly update covering what I have been doing in the free software world (previous month):
Fixed a number of instances in the Django web development framework where methods had mutable defaults arguments such as lists or dictionaries. (#7253)
Made a large number of improvements to travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds on every update:
Worked with Evgeni Golov to run autopkgtest and autodep8 tests after builds. (#23, #24 & #25)
Ensured that all remote branches are created locally so that packages that specify options such as pristine_tar=True in debian/gbp.conf work as expected. (commit)
Fixed an issue where checking out other branches did not reliably not work due to Travis cloning the repository with --depth=50. (#21)
Submitted a pull request for the Handbrake video transcoder to make the build reproducible. (#320)
Updated the configuration for my OpenWRT-based router (a device I use as a range extender and to save tedious reconfiguration of all my wifi devices in new locales) to enter a "fallback" mode if it cannot connect to the client network. This works around a longstanding "wontfix" upstream issue. (diff)
Whilst anyone can inspect the source code of free software for malicious flaws, most Linux distributions provide binary (or "compiled") packages to end users.
The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced either maliciously and accidentally during this compilation process by promising identical binary packages are always generated from a given source.
My work in the Reproducible Builds project was also covered in our weekly reports #71, #72, #71 & #74.
I made the following improvements to our tools:
diffoscope
diffoscope is our "diff on steroids" that will not only recursively unpack archives but will transform binary formats into human-readable forms in order to compare them.
Added a global Progress object to track the status of the comparison process allowing for graphical and machine-readable status indicators. I also blogged about this feature in more detail.
Moved the global Config object to a more Pythonic "singleton" pattern and ensured that constraints are checked on every change.
disorderfs
disorderfs is our FUSE filesystem that deliberately introduces nondeterminism into the results of system calls such as readdir(3).
Display the "disordered" behaviour we intend to show on startup. (#837689)
Support relative paths in command-line parameters (previously only absolute paths were permitted).
strip-nondeterminism
strip-nondeterminism is our tool to remove specific information from a completed build.
Fix an issue where temporary files were being left on the filesystem and add a test to avoid similar issues in future. (#836670)
Print an error if the file to normalise does not exist. (#800159)
Testsuite improvements:
Set the timezone in tests to avoid a FTBFS and add a File::StripNondeterminism::init method to the API to to set tzset everywhere. (#837382)
"Smoke test" the strip-nondeterminism(1) and dh_strip_nondeterminism(1) scripts to prevent syntax regressions.
Add a testcase for .jar file ordering and normalisation.
Check the stripping process before comparing file attributes to make it less confusing on failure.
Move to a lookup table for descriptions of stat(1) indices and use that for nicer failure messages.
Don't uselessly test whether the inode number has changed.
Run perlcritic across the codebase and adopt some of its prescriptions including explicitly using oct(..) for integers with leading zeroes, avoiding mixing high and low-precedence booleans, ensuring subroutines end with a return statement, etc.
3.2.3-2 Call ulimit -n 65536 by default from SysVinit scripts to normalise the behaviour with systemd. I also bumped the Debian package epoch as the "2:" prefix made it look like we are shipping version 2.x. I additionaly backported this upload to Debian Jessie.
3.2.4-1 New upstream release, add missing -ldl for dladdr(3) & add missing dependency on lsb-base.
Move to "minimal" debhelper style, making the build reproducible. (#777446 & #792991)
Reorder linker command options to build with --as-needed (#729726) and add hardening flags.
Move to machine-readable copyright file, add missing #DEBHELPER# tokens to postinst and prerm scripts, tidy descriptions & other debian/control fields and other smaller changes.
I sponsored the upload of 5 packages from other developers:
So I was reading G+, and saw there a post by Bernd Zeimetz about some "marble machine". Which turns out to be a very cool device that is programmed to play a single tune, and it is just mesmerising to watch:
So, naturally, I click through to see if there is more music made with this machine. It turns out the machine has been on the making for a while, and the first complete song (the one embedded above) was released only a few days ago. It is obviously porn for nerds, and Wired had already posted an article about it.
So instead I found a band called like the machine: Wintergatan, which sounds pretty great. It took me a while to realise the guy who built the machine is one of the members of the band. They even have a page collecting all the videos about the machine.
After a while, and noticing the suggestions from Youtube, I realise that two of the members of Wintergatan were previously in Detektivbyr n, which is another band I love, and about which I wrote a post on this very blog, 7.5 years ago!1. So the sad news is that Detektivbyran disbanded, the good news is that this guy keeps making great music, now with insane machines.
I only discovered Detektivbyran in the first place thanks to an article the -now sadly defunct- Coilhouse Magazine.
I find this 8-year long loop that closes unexpectedly during a late-night idle browsing session pretty amusing.
I keep telling my friends that I was a hipster before it was cool to do so...
With the announcement of the Let s Encrypt dns-01 challenge support
we finally had a way to retrieve certificates for those hosts where
http challenges won t work. Also it allows to centralize the signing procedure to avoid the
installation and maintenance of letsencrypt clients on all hosts.
For an implementation I had the following requirements in my mind:
Handling of key/csr generation and certificate signing by puppet.
Private keys don t leave the host they were generated on. If they need to (for HA setups and similar cases), handling needs to be done outside of the letsencrypt puppet module.
Deployment and cleanup of tokens in our DNS infrastructure should be easy to implement and maintain.
After reading trough the source code of various letsencrypt client implementations I
decided to use letsencrypt.sh. Mainly
because its dependencies are available pretty much everywhere and adding the
necessary hook is as simple as writing some lines of code in your favourite (scripting) language.
My second favourite was lego, but I wanted to avoid
shipping binaries with puppet, so golang was not an option.
It took me some days to find enough spare time to write the necessary puppet code,
but finally I managed to release a working module today. It is still not perfect,
but the basic tasks are implemented and the whole key/csr/signing chain works pretty
well.
And if your hook can handle it, http-01 challenges are possible, too!
Please give the module a try and send patches if you would like to help to improve it!
In January 2014 the open-vm-tools package was orphaned and I took the chance to take over the maintenance.
Unfortunately the package is still not 100% in the shape I d like to see it, but I m getting closer.
I have to say Thank You for a lot of good bug reports, especially for those use cases which are
hard to test/reproduce for me (running Debian in a Windows-based VMware Workstation Player for example .).
At conova communications GmbH, the company I work for, we are using
the package on all of our Debian VMs, both for customer and internal use. It is essential for us
to have properly working open-vm-tools - not only to be able to shutdown the VM from VMware vCenter, but
also because tools like vSphere Data Protection
and Veeam depend on it. Good thing is that I can work on and test the
package at work and breakages are detected early and fast normally.
Getting a good contact to the VMware upstream was easy and the developers there are helpful and reply
pretty fast to their emails. Also as it seems there are finally real commits showing up in the
open-vm-tools github repository
again, not only huge single commits with a full release. It is not only nice to see that they are moving into the
right direction again, but also this is really helpful in fixing (urgent) bugs before the next release
of open-vm-tools - or to backport a fix to the versoin in stable/oldstable.
Since a few days we have open-vm-tools 10.0.5-3227872 in
testing & unstable
jessie-backports
wheezy-backports-sloppy
If you are using VMware ESX 5.5 or newer, you should upgrade to the backports versions. Same if you use
a recent VMware player version.
Please note that since 10.0.0 the open-vm-dkms package is only necessary if you need the legacy vmxnet module.
This is only the case if you are using very old VM hardware versions. vmxnet3 is shipped in the Debian kernel,
so you don t need to compile extra modules to use it. The vmhgfs module was replaced by a fuse-based implementation.
If you d like to help maintaining the package, please send bugs/patches via the Debian BTS
or even better - send pull requests for pkg-open-vm-tools.
The repository is mirrored to git.bzed.at in case
you want to avoid github.
Finally, bzed.de is back online and I m planning to start blogging again! Part
of the reason why I became inactive was the usage of ikiwiki, which is great,
but at end unnecessarily complicated. So I ve migrated by page to
gohugo.io - a static website generator, written in go.
Hugo has an active community and it is easy to create themes for it or to
enhance it. Also it is using plain
Markdown syntax
instead of special ikiwiki syntax mixed into it - should make it easy to
migrate away again if necessary.
In case somebody else would like to convert from ikiwiki to Hugo, here is the
script I ve hacked together to migrate my old blog posts.
#!/bin/bash
find . -type f -name '*.mdwn' while read i; do
tmp= mktemp
echo '+++'
slug="$(echo $i sed 's,.*/,,;s,\.mdwn$,,')"
echo "slug = \"$ slug \""
echo "title = \"$(echo $i sed 's,.*/,,;s,\.mdwn$,,;s,_, ,g;s/\b\(.\)/\u\1/;s,debian,Debian,g')\""
if grep -q 'meta updated' $i; then
echo -n 'date = '
sed '/meta updated/!d;/.*meta updated.*/s,.*=",,;s,".*,,;s,^,",;s,$,",' $i
else
echo -n 'date = '
git log --diff-filter=A --follow --format='"%aI"' -1 -- $i
fi
if grep -q '\[\[!tag' $i; then
echo -n 'tags ='
sed '/\[\[!tag/!d;s,[^ ]*tag ,,;s,\]\],,;s,\([^ ]*\),"\1",g;s/ /,/g;s,^,[,;s,$,],' $i
fi
echo 'categories = ["linux"]'
echo 'draft = false'
echo '+++'
echo ''
sed -e '/\[\[!tag/d' \
-e '/meta updated/d' \
-e '/\[\[!plusone *\]\]/d' \
-e 's,\[\[!img files[0-9/]*/\([^ ]*\) alt="\([^"]*\).*,,g' \
-e 's,\[\([^]]*\)\](\([^)]*\)),[\1](\2),g' \
-e 's,\[\[\([^ ]*\) \([^]]*\)\]\],[\1](\2),g' \
$i
> $tmp
#cat $tmp; rm $tmp
mv $tmp echo $i sed 's,\.mdwn,.md,g'
done
For the planet Debian readers - only linux related posts will show up on the planet.
If you are interested in my mountain activities and other things I post, please
follow my blog on bzed.de directly.
A good amount of the Debian reproducible
builds team had the chance to
enjoy face-to-face interactions during DebConf15.
Names in red and blue were all present at DebConf15
Hugging people with whom one has been working tirelessly for months gives a lot of warm-fuzzy feelings. Several recorded and hallway discussions paved the way to solve the remaining issues to get reproducible builds part of Debian proper. Both talks from the Debian Project Leader and the release team mentioned the effort as important for the future of Debian.
A forty-five minutes talk presented the state of the reproducible builds effort. It was then followed by an hour long roundtable to discuss current blockers regarding dpkg, .buildinfo and their integration in the archive.
Toolchain fixes
Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-12 which makes class and modules ordering predictable (#795835) and fixes __repr__ so memory addresses don't appear in docs (#795826). Patches by Val Lorentz.
Sergei Golovan uploaded erlang/1:18.0-dfsg-2 which adds support for SOURCE_DATE_EPOCH to erlc. Patch by Chris West (Faux) and Chris Lamb.
Dmitry Shachnev uploaded sphinx/1.3.1-5 which make grammar, inventory, and JavaScript locales generation deterministic. Original patch by Val Lorentz.
Enrico Tassi uploaded lua-ldoc/1.4.3-3 which now pass the -d option to txt2man and add the --date option to override the current date.
Reiner Herrmann submitted a patch to make rdfind sort the processed files before doing any operation. Chris Lamb proposed a new patch for wheel implementing support for SOURCE_DATE_EPOCH instead of the custom WHEEL_FORCE_TIMESTAMP. akira sent one making man2htmlSOURCE_DATE_EPOCH aware.
#796330 on d-shlibs by Reiner Herrmann: sort with LC_ALL set to C.
#795985 on xorg by Dhole: set the timezone to UTC before calling asciidoc.
#795987 on pngcheck by Dhole: set the date in the man pages to the latest debian/changelog entry.
#795997 on python-babel by Val Lorentz: make build timestamp independent from the timezone and remove the name of the build system locale from the documentation.
#796092 on a7xpg by Reiner Herrmann: sort with LC_ALL set to C.
#796212 on bittornado by Chris Lamb: remove umask-varying permissions.
#796251 on liblucy-perl by Niko Tyni: generate lib/Lucy.xs in a deterministic order.
#796271 on tcsh by Reiner Herrmann: sort with LC_ALL set to C.
#796275 on hspell by Reiner Herrmann: remove timestamp from aff files generated by mk_he_affix.
#796324 on fftw3 by Reiner Herrmann: remove date from documentation files.
#796335 on nasm by Val Lorentz: remove extra timestamps from the build system.
#796360 on libical by Chris Lamb: removes randomess caused Perl in generated icalderivedvalue.c.
#796375 on wcd by Dhole: set the date in the man pages to the latest debian/changelog entry.
#796376 on mapivi by Dhole: set the date in the man pages to the latest debian/changelog entry.
#796527 on vserver-debiantools by Dhole: set the date in the man pages to the latest debian/changelog entry.
St phane Glondu reported two issues regarding embedded build date in omake and cduce.
Aur lien Jarno submitted a fix for the breakage of make-dfsg test suite. As binutils now creates deterministic libraries by default, Aur lien's patch makes use of a wrapper to give the U flag to ar.
Reiner Herrmann reported an issue with pound which embeds random dhparams in its code during the build. Better solutions are yet to be found.
reproducible.debian.net
Package pages on reproducible.debian.net now have a new layout improving readability designed by Mattia Rizzolo, h01ger, and Ulrike. The navigation is now on the left as vertical space is more valuable nowadays.
armhf is now enabled on all pages except the dashboard. Actual tests on armhf are expected to start shortly. (Mattia Rizzolo, h01ger)
The limit on how many packages people can schedule using the reschedule script on Alioth has been bumped to 200. (h01ger)
mod_rewrite is now used instead of JavaScript for the form in the dashboard. (h01ger)
Following the rename of the software, debbindiff has mostly been replaced by either diffoscope or differences in generated HTML and IRC notification output.
Connections to UDD have been made more robust. (Mattia Rizzolo)
diffoscope development
diffoscopeversion 31 was released on August 21st. This version improves fuzzy-matching by using the tlsh algorithm instead of ssdeep.
New command line options are available: --max-diff-input-lines and --max-diff-block-lines to override limits on diff input and output (Reiner Herrmann), --debugger to dump the user into pdb in case of crashes (Mattia Rizzolo).
jar archives should now be detected properly (Reiner Herrman). Several general code cleanups were also done by Chris Lamb.
strip-nondeterminism development
Andrew Ayer released strip-nondeterminismversion 0.010-1. Java properties file in jar should now be detected more accurately. A missing dependency spotted by St phane Glondu has been added.
Testing directory ordering issues: disorderfs
During the reproducible builds workshop at DebConf, participants identified that we were still short of a good way to test variations on filesystem behaviors (e.g. file ordering or disk usage). Andrew Ayer took a couple of hours to create disorderfs. Based on FUSE, disorderfs in an overlay filesystem that will mount the content of a directory at another location. For this first version, it will make the order in which files appear in a directory random.
Documentation update
Dhole documented how to implement support for SOURCE_DATE_EPOCH in Python, bash, Makefiles, CMake, and C.
Chris Lamb started to convert the wiki page describing SOURCE_DATE_EPOCH into a Freedesktop-like specification in the hope that it will convince more upstream to adopt it.
Package reviews
44 reviews have
been removed, 192 added and 77 updated this week.
New issues identified this week: locale_dependent_order_in_devlibs_depends, randomness_in_ocaml_startup_files, randomness_in_ocaml_packed_libraries, randomness_in_ocaml_custom_executables, undeterministic_symlinking_by_rdfind, random_build_path_by_golang_compiler, and images_in_pdf_generated_by_latex.
117 new FTBFS bugs have been reported by Chris Lamb, Chris West (Faux), and Niko Tyni.
Misc.
Some reproducibility issues might face us very late. Chris Lamb noticed that the test suite for python-pykmip was now failing because its test certificates have expired. Let's hope no packages are hiding a certificate valid for 10 years somewhere in their source!
Pictures courtesy and copyright of Debian's own paparazzi: Aigars Mahinovs.
This weekend, Bernd Zeimetz organized a BSP at the offices of conova in Salzburg, Austria.
Three days of discussions, bugfixes, sparc removals and a lot of fun and laughter.
We squashed a total of 87 bugs: 66 bugs affecting Jessie/Sid were closed, 9 downgraded and 8 closed via removals. As people tend to care about (old)stable, 3 bugs were fixed in Wheezy and one in Squeeze. These numbers might be not totaly correct, as were kinda creative at counting Marga promised a talk about an introduction to properly counting bugs using the Haus vom Nikolaus algorithm to the base of 7 .
Speaking of numbers, I touched the following bugs (not all RC):
#741806: pygresql: FTBFS: pgmodule.c:32:22: fatal error: postgres.h: No such file or directory
Uploaded an NMU with a patch. The bug was introduced by the recent PostgreSQL development package reorganisation.
#744229: qpdfview: FTBFS synctex/synctex_parser.c:275:20: fatal error: zlib.h: No such file or directory
Talked to the maintainer, explaining the importance of the upload and verifying his fix.
#744300: pexpect: missing dependency on dh-python
Downgraded to wishlist after verifying the build dependency is only needed when building for Wheezy backports.
#744917: luajit: FTBFS when /sbin is not in $PATH
Uploaded an NMU with a patch, which later was canceled due to a maintainer upload with a slightly different fix.
#742943: nagios-plugins-contrib: check_raid: wants mpt-statusd / mptctl
Analyzed the situation, verified the status with the latest upstream version of the ckeck and commented on the bug.
#732110: nagios-plugins-contrib: check_rbl error when nameserver available only in IPv6
Verify that the bug is fixed in the latest release and mark it as done.
#684726: nagios-plugins-contrib: RFP: check-v46 Icinga / Nagios plugin for dual stacked (IPv4 / IPv6) hosts
Mark bug as done, the changelog was missing a proper Closes tag.
#661167: nagios-plugins-contrib: please include nagios-check-printer-status
Mark bug as done, the changelog was missing a proper Closes tag.
#745895: nagios-plugins-contrib: does not compile against Varnish 4.0.0
Write a patch for supporting the Varnish 3 and 4 APIs at the same time. Also proposed the patch upstream.
#744922: nagios-plugins-contrib: check_packages: check for security updates broken
Forward our security_updates_critical patch and Felix fixes to it upstream, then updating check_packages to the latest upstream version.
#744248: nagios-plugins-contrib: check_cert_expire: support configurable warn/crit times
Forward Helmut s patch upstream, then updating check_cert_expire to the latest upstream version.
#745691: django-classy-tags: FTBFS: Sphinx documentation not found
Analyze the issue and the fix proposed in SVN, comment on the bug.
#713876: thinkfan: [PATCH] bugfix: use $MAINPID for ExecReload
Prepare and upload of the latest upstream release, which includes Michael s patch.
#713878: thinkfan: [PATCH] use dh-systemd for proper systemd-related maintscripts
Apply Michael s patch to the Debian packaging.
#728087: thinkfan: Document how to start thinkfan with systemd
Apply Michael s patch to the Debian packaging.
#742515: blktap-dkms: blktapblktap kernel module failed to build
Upload an NMU with a patch based on the upstream fix.
#745598: libkolab: FTBFS in dh_python2 (missing Build-Conflicts?)
Upload an NMU with a patch against libkolab s cmake rules, tightening the search for Python to 2.7.
#745599: libkolabxml: FTBFS with undefined reference to symbol _ZTVN5boost6detail16thread_data_baseE
Upload an NMU with a patch against libkolabxml s cmake rules, properly linking the tests to the Boost libraries.
#746160: libcolabxml: FTBFS when both python2 and python3 development headers are installed
Filling the bug while working on #745599, then uploading an NMU with a patch against libkolabxml s cmake rules, tightening the search for Python to 2.7.
#714045: blcr-dkms: blcr module is not built on kernel 3.9.1
Checking the status of the bug upstream, and marking it as forwarded.
#653404: hdapsd: init.d status support
Added Peter s patch to the Debian packaging, upload yet pending.
#702199: hdapsd: Typo in package description
Fixed typo in the description, upload yet pending.
#745219: crmsh: should depends on python-yaml
Verifying the bug with Stefan Bauer and sponsoring his NMU.
#741600: 389-ds-base: CVE-2014-0132
Sponsoring the NMU for Tobias Frost.
Monthly DPL bits, fresh from the oven^W^W^W hot
from DebConf12, and just
posted to d-d-a.
Howdy from DebConf12. It's hot, but it's also time to bother you
again with a (not so) brief DPL activity report, this time for June
2012.
Time-based freeze: DONE, short freeze: TODO
Two highlights for this month. First, you've probably noticed
Wheezy is now frozen, YAY. This is huge achievement for the
release, but also for the project. It's the first time we do a
time-based freeze, and it took some quite heated discussion at the
beginning of the release cycle to decide to do this. And we did it
properly: respecting the planned month and narrowing down the
period later. This exercise has hopefully helped both DDs in their
package planning and our upstreams in targeting Wheezy with stable
releases of their software. Kudos to the release team for their
coordination work! Now we've the second part still TODO: releasing
Wheezy, without RC bugs, with a freeze period as short as possible.
See the beginning of my
last "bits from the DPL" mail for my usual song and dance
on how to deliver that, together.
DebConf12
A lot of us will attend DebConf12. Enjoy it! ... and take the
chance to both have fun and make great plans for Debian's future.
But remember that "if it didn't happen on a mailing list, it didn't
happen". Not all of us will be lucky enough to attend DebConf (in
person or remotely). Make sure that those who don't can take part
in your team decisions and get informed of what is going to happen
here.
Politics
Since OIN was
seeking comments on their Linux System
definition (not really openly though: I learned about it last
minute from people directly in touch with OIN representatives),
I've contacted them proposing to include all "Debian main" packages
in their definition. I haven't yet hear back from them, but I doubt
they'll accept the idea. It'd be nice to have an official answer
about why, though.
Zack's spring tour
I spent a significant part of June doing Debian talks ins some
sort of "spring tour" between Italy and France. In particular:
I've delivered the opening keynote at the yearly Free Software
conference in Ancona, Italy, ConfSL'12 (see slides)
I've delivered the opening talk at the
Debian for Scientific Facilities Days event organized by the
European Synchrotron Radiation Facility (ESRF) in Grenoble, France
(see slides)
Many thanks to the organizers of these events for inviting and
sponsoring me (as well as other Debian people, in the ESRF case)
and for their interest in Debian.
Sprints
I approved (for a budget of ~2'000 EUR) and helped hosting the
i18n sprint in
Paris. As a (great!) result of it, the i18n infrastructure has
now been moved on DSA administered machines. A more detailed
report
is available. Thanks to all attendees and in particular to
Christian Perrier for the organization work.
as part of the "Debian for Scientific Facilities" event, a
Debian
Science sprint also took place at ESRF. Report is pending
a BSP took place in Salzburg in June, see the
report posted by Bernd Zeimetz. I've approved using some Debian
money (~350 EUR) to pay for lodgement of some of the attendees
Assets
DSA have been working on seting up the first machines we bought
as part of the yearly revamping plan of Debian hardware. As one of
the first user visible changes, UDD has been moved to a new, faster,
machine. I single this out because, if you're doing RC bug
squashing (as you should! :-)), you'll notice that the bugs search
interface is now much faster, hopefully making your release work
less frustrating. Similar improvements are forthcoming for other
machines, while DSA (thanks!) migrate other services to newer
hardware.
Last April I mentioned that we're aiming at publishing
comprehensive Debian budget reports for the past couple of years
and that one of the blocker is access to our transaction
information at SPI. This is still a blocker, unfortunately. And we
still don't have an ETA on when it'll be fixed.
The current owner of debian.eu has let us know that he is
willing to hand over the domain to us. Finally.
The European part of our Madrid protocol application for the
Debian trademark has been vetted by the European trademark office.
Meaning: Debian trademark is now officially protected in
Europe.
DuckDuckGo sent me a first report of the "donation" they're
ready to make, based on our agreement with them. The aument is
still unclaimed, as we're aiming at invoicing twice per year (to
keep the papwerwork low). It isn't a stellar amount: 32.55 USD for
the month of May.
Discussions
Some relevant discussions for project evolution has been going
on in June and I took part into them. You might want to have a look
at them:
proposal
to change the way DM permissions are handled
proposal
to change the policy ruling the debian.net domain
we've been
discussing debconf12 budget at length, including how to deal
with travel sponsorship requests in the future:
in the "debian account on github" thread, I've proposed a
general
policy for presence of accounts named "debian" on non-free
services
the long quest on how to choose Wheezy artwork has come
to an end, and we have a very nice theme now, thanks to
contributions by many artist and integration work by Paul
Tagliamonte. Not all went well in the process, but there are useful
lessons for the future.
Misc
I got quite some feedback about the debate with
debian-multimedia.org I mentioned last month. My take away message
from that feedback is that many users have no idea about the
multimedia capabilities (and in particular of codecs availability)
of recent Debian releases. We should probably invest some
communication energies into that.
as planned, another tech-ctte IRC meeting has happened. I took
part into it, mostly asking to prioritize long standing issues,
such as the Python maintenance one. Minutes
of the meeting are available.
Cheers.
PS the boring day-to-day activity log for June is available at
master:/srv/leader/news/bits-from-the-DPL.txt.201206
Participation and Results
From June 15-17th we held a Debian BugSquashingParty in Salzburg, hosted and sponsored by
conova communications GmbH. It was a fun and busy weekend,
with 15-17 people from 5 countries being around, mainly working on RC bugs in Testing/Unstable.
Gerfried Fuchs (rhonda) also worked on triaging the impact of RC bugs on the version in Squeeze,
while Peter Palfrader (weasel) took care of Tor related things and Debian sysadmin work,
including starting on the new bugs and udd hosts. Phillip Hug (hug) worked on the debian.ch infrastructure.
Together with Miroslav Such from Red Hat Bernd Zeimetz (bzed) worked on the packaging of the necessary
libraries and daemons to add (basic) Spacewalk client support to Debian. As soon as the packages passed
NEW and #677871 was applied (thanks to the APT guys for working on that
already), managing Debian clients with Spacewalk should work out of the box.
Of course we also had a little keysigning party
Statistics
about 68 bugs in unstable/testing were triaged/patched/fixed or at least pinged
54 bugs were tagged to show if they affect Squeeze, several other bugs were pinged to retrieve necessary
information or to trigger an update in the next stable pointrelease.
5 packages were introduced into Debian (still in NEW, though) - the Spacewalk client related packages and libapache2-mod-auth-memcookie.
Accomodation
Thanks to Debian funds we were able to provide accomodation for four participants in the JUFA youth hostel in Salzburg.
We had paid in advance for eight, but changing to rooms with a higher category for only 4 people would have been equally or more expensive.
Press/Media coverage
Additionally to being mentioned in the calendars on ProLinux and similar pages, we had some press coverage by the local newspaper and online magazines:
Fun facts
We consumed 2kg of Leberkas, a big plate of "Buchteln mit Vanillesosse", about 16000cm^2 of Pizza, about 80 litres of coke, juice, beer and wine and I guess we drank at least the same amount of water. We had coffee made of 1.5kg coffee beans and managed to empty the (formerly well filled) icemaker in the fridge.
Also we had successful training sessions of a standard Debconf game (rules won't be explained here obviously). Maybe we even successfully spread the game to the employees of a commercial linux distribution
Just as a little reminder, the Bug Squashing Party in Salzburg will start in three days.
We still have sponsored accomodation for five four people left, so don't hesitate to come! Squashing as many RC bugs for Wheezy as possible is on the TODO list for the weekend!
Also we'll work on making Debian a proper Spacewalk client. This might be a bit too late for Wheezy,
but there will be backports
See YOU in Salzburg!
analyze the current support of Debian as a client in Spacewalk and maybe work on a better integration
finalize the packaging and upload the client packages which were prepared by Miroslav Such (I hope he will be able to join us!)
maybe work on packaging the server side of Spacewalk for Debian (Java is involved, so it would be great to have somebody form the Java team around!)
in the hope that you (yes, you!) are joining me! Please let me know if you are interested to work on Spacewalk related packages, even if you are not able to come to Salzburg.
Nagios or Icinga users probably know the problem that neither the default plugin packages (nagios-plugins-basic and -standard)
nor the few other plugin packages ship all the plugins you need to monitor your hardware and software properly. And unless you
have puppet, cfengine or some other automation software, you probably just start searching plugins on
Nagios Exchange, MonitoringExchange or some other machines you are monitoring already.
Your problem shall be solved! nagios-plugins-contrib passed NEW today. It is a collection of various useful plugins,
maintained within the Debian Nagios Maintainer Group. So far it contains only 6 plugins (check_email_delivery, check_ipmi_sensor, check_lm_sensors, check_memcached, check_raid, check_rbl),
but more are going to come.
To have your favorite plugins added to the package we would like to encourage you to send pull requests, either using github,
alioth or your personal repository. Please keep in mind that you'll be added to the Uploaders
of the package automatically to ensure that you keep your plugin updated and in a good shape.
See debian/README.source for some instructions on adding new plugins.
Unmaintained plugins will be removed!
Of course you can also submit bug reports to
have a new plugin added, but you have to convince somebody to maintain it for you (or that he wants to use the plugin and needs to maintain it therefore ).
We might also also have a similar package in contrib as a lot of commonly used plugins require non-free software, so don't hesitate to prepare plugins for inclusion in such a package and let us know!
Suggestions and ideas for improvement are always welcome. And so is help to maintain the packages!
As the local geek I get all sorts of (Linux)
questions asked, like "How can you delete the nth line with Sed?" or
"Is there a way to search for the following in a file?" (the latter
being a request to construct a regular expression for grep). And while I'm
pretty sure, you can find answers for such questions quickly with
$SEARCH_ENGINE I find myself generally typing the answer into the
IM session. This, and just seeing
Bernd's post about Vim on
Planet Debian,
prompted me to start a little, irregular series of posts, to which I can point
people, whenever I get asked such questions.
I start this off with a tip for Vim, a very powerful text editor. The problem is simple:
you get (source code) files with trailing whitespaces (sometimes accumulated in
"empty" lines). This makes diffing (and merging) difficult. Thus the
question is: how do I prevent that from happening? How do I notice, that I have
whitespaces at the end of a line? The solution consists of two lines in your
.vimrc:
If you just want this functionality if syntax highlighting is also active,
then you should use
:autocmd Syntax * syn match TrailWhitespace /\s\+$\ \+\ze\t/
instead of the :match line. The regular expression used in both
cases matches trailing whitespaces and whitespaces in front of tabs.
Of course there are several other options on how to do this or what you might
want to highlight, but that would be beyond the scope of this little post.
Sometimes projects with a long history of committers tend to collect various styles of indentation.
Unfortunately not for all programming languages exist specialized tools like indent for C/C++, so we need to find a different way to mass-indent files properly.
Using vim is one of them.
First you need to create a file (let's call it /tmp/indent.vim) including all the vim commands you want to run on your code. The following piece is a good start:
gg=G
:x!
Now run vim on your source code files, using the created vim script file. The following example reindents all .php files in the current folder and subfolders
find . -name '*.php' -exec vim -s /tmp/indent.vim \;
If you don't like the result it might be that the indentation settings in you .vimrc don't suit your needs. Of course you are able to add other fancy vim commands to modify your files - like adding or modifying copyright headers.
Just published an ikiwiki plugin to add google's +1 buttons. See ikiwiki.info/plugins/contrib/plusone/ for details.
And if you enable html5 in your ikiwiki settings, it won't show up on planet debian as ugly g:plusone tag.
Not only that it took 4 years to fix #403246 (sbuild dependancy resolution fails when b-dep on A B ; A uninstallable), but our lovely Debian buildds still don't accept packages which use such a dependency due to running too old sbuild versions. Time to get rid of this annoying bug finally!
For the next library soname bump of gpsd I needed to rebuild all reverse dependencies.
As this is a task I have to do very often, I came up with some code to generate (and keep uptodate) an include for the gitlab CI.
Right now it is rather uncommented, undocumented, but works well. If you like it, MRs are very welcome.
Here is my monthly update covering what I have been doing in the free software world in September 2017 (
So I was reading G+, and saw there a 
A good amount of the Debian 
This weekend, 
on how to deliver that, together.
DebConf12
A lot of us will attend DebConf12. Enjoy it! ... and take the
chance to both have fun and make great plans for Debian's future.
But remember that "if it didn't happen on a mailing list, it didn't
happen". Not all of us will be lucky enough to attend DebConf (in
person or remotely). Make sure that those who don't can take part
in your team decisions and get informed of what is going to happen
here.
Politics
