Search Results: "aurel32"

18 March 2012

Aurelien Jarno: 10 years ago

Date: Mon, 18 Mar 2002 18:22:10 +0000
From: James Troup <troup@samosa.debian.org>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: da-manager@debian.org
Subject: New Debian maintainer Aurelien Jarno [ This is a long (automatically-generated) mail, but it contains
important information, please read it all carefully. ] Dear Aurelien Jarno! An account has been created for you on developer-accessible machines with username aurel32 . The password for this account can be found encrypted with your PGP or GPG key and appended to this message. A list of machines available to Debian developers can be found at <URL:http://db.debian.org/machines.cgi>. Please take a minute now to familiarize yourself with the Debian Machine Usage Policy, available at <URL:http://www.debian.org/devel/dmup> You have been subscribed to the debian-private mailing list as <aurel32@debian.org>. Please respect the privacy of that list and don t forward mail from it elsewhere. E-mail to <aurel32@debian.org> will be forwarded to <aurelien@aurel32.net>. To change this, please see <URL:http://db.debian.org/forward.html> Also, please subscribe to debian-devel-announce, if you haven t done so already. We strongly suggest that you use your aurel32@debian.org address for the maintainer field in your packages, because that one will be valid as long as you are a Debian developer, even if you change jobs, leave university or change Internet Service providers. If you do so, please add that address to your PGP/GPG key(s) (using gpg edit-key YOUR USER ID ) and send it to the keyring server at keyring.debian.org with gpg keyserver keyring.debian.org send-keys YOUR USER ID . You can find more information useful to developers at <URL:http://www.debian.org/devel/> (in particular, see the subsection titled Debian Developer s reference ). We suggest that you subscribe to debian-mentors@lists.debian.org. This list is for new maintainers who seek help with initial packaging and other developer-related issues. Those who prefer one-on-one help can also post to the list, and an experienced developer may volunteer to help you. You can get online help on IRC, too, if you join the channel #debian-devel on irc.debian.org. Take a look at the support section on www.debian.org in order to find out more information. You should have read these documents before working on your packages. o The Debian Social Contract
<URL:http://www.debian.org/social_contract.html> o The Debian Policy Manual
<URL:http://www.debian.org/doc/debian-policy/> If you have some spare time and want to contribute it to Debian you may wish to take a look at the Work-Needing and Prospective Packages for Debian GNU/Linux also known as WNPP that can be found at <URL:http://www.debian.org/devel/wnpp/> If you plan to make a Debian package from a not yet packaged piece of software you *must* announce your intention on the debian-devel mailing list to make sure nobody else is working on them. The machine ftp-master.debian.org is our main archive server. Every uploaded package finds it s way there (except for Packages covered by US crypto laws which go to non-us.debian.org) eventually. master.debian.org is the home of our bug tracking system. Project web pages and CVS archives are hosted on klecker.debian.org (aka cvs/www.debian.org), klecker is also our general shell server. Web pages should be placed in public_html on klecker and refered to by http://people.debian.org/~aurel32 You should use ssh to log into the machines instead of regular telnet or rlogin. Our LDAP directory is able to share ssh RSA keys among machines, please see <URL:http://db.debian.org/doc-mail.html> Otherwise when you first login a ~/.ssh directory will be created with the appropriate permissions. Please be aware of the security implications of using RSA authentication and ssh agents. Finally, please take a minute to visit <URL:http://db.debian.org/>.
Login using the password information appended to this email, and update your personal information. The information is used to maintain your accounts on various Debian machines, and also to allow other developers and general users to find out more about you. Many of the fields are only visible to other registered Debian developers. This is also the only way to change your password. The passwd program does not yet work. Welcome to the project!
The Debian New Maintainer Team

27 January 2012

Craig Small: Unlucky sometimes

Sometimes life throws little curves at you to see if you are still awake, today has been one of those days. fglrx is (apparently) fixed I ve had a long-running problem with fglrx on my laptop. The problem stems from ATI closed-source drivers with one of those laptops that has an ATI and Intel driver. It means I am basically using the slow Intel chip only. This morning I had enough and backed up my home and started to rebuild the laptop with debian 6.0.3. So I kicked off the very very slow process of reformatting the crypto drive (it has taken 5 hours and still going) let it gurgle on its merry way and started to read my email. One of the emails was that my bug about fglrx not working is closed, apparently it is fixed. If I had read that 10 minutes earlier, a simple apt-get install fglrx-driver would of perhaps fixed it; oh well. My problem is now is do I move to the latest driver and hope their fix is my fix or leave it with some ancient version? My preference is the former; I only hope it works! psmisc 22.15 and buffer overflows psmisc has a program called pstree which prints the set of processes in a tree fashion. It hasn t changed much for quite a while. I released version 22.15 and the Debian package 22.15-1. 22.15-1 I also adopted the harden CFLAGS as suggested for procps. I was a little surprised that I received an important bug. The report was saying I had a buffer overflow introduced in 22.15-1, but no relevant code had changed. The compiler options had done their job and stopped a buffer being overflowed. But where exactly was the overflow? Running gdb on pstree quickly showed that it was line 267 of pstree.c which uses strcpy(). That function set off warning bells. The relevant code is:
    PROC *new;
 
    if (!(new = malloc(sizeof(PROC))))  
        perror("malloc");
        exit(1);
     
    strcpy(new-&gt;comm, comm);
Now comm is the short command name you find in /proc//stat. It is fixed in the kernel at 16 characters. The PROC structure has this field as 17 characters long, one extra for the NUL. I went and checked the Linux source and yes, it is still 16 characters long. The clue was in the name of the program that it died on.
#6  new_proc (comm=0x6111b0 " console-kit-dae ", pid=1571, uid=0)
  at pstree.c:267
That string is 17 characters long. The problem is that 16 characters is for the name only. If the name is in brackets or braces, then that 16 character limit doesn t apply. The buffer overflow bug has been there for a long time, but only with the compiler flags did it become visible. Given you need to read names out of the /proc filesystem and if someone can fiddle with that you have bigger problems it doesn t seem to be too much of an issue. It should be (and is in Debian 22.15-2) fixed but is a nice example of the compiler catching bad things.

5 January 2012

Aurelien Jarno: Performances of open-source Radeon driver

I am the happy owner of a new netbook with an AMD Fusion E-450 APU, which includes a Radeon graphics card. I am using the open-source driver on it, that is a 3.2-rc7 kernel for KMS, and xserver-xorg-video-radeon package from sid. I have to say I am not really happy about the performances. No I don t speak about the graphical performances that are pretty good (especially compared to my Intel Atom N450 based previous netbook) but about the power consumption. With this setup and with the original battery I get 2h30 of autonomy. Switching to UMS and adding some power management options in xorg.conf improves it to 2h40, but breaks suspend to ram/disk (a pity for a netbook) and switch between VT. I then tried the non-free fglrx driver, it also suffers from the suspend to ram/disk issue, in addition to crashing xorg when playing videos On the other hand I get an impressive 3h30 of autonomy, and additionally a silent netbook (contrary to the open-source driver, the fan doesn t spin at idle). I have tried plenty of options, ranging from adding some power management options to xorg.conf, to passing dynclks=1 to the radeon module, including setting /sys/class/drm/card0/device/power_method to dynpm. Right now I have worked around the issue by buying a bigger battery which brings me 5h30 of autonomy, but I would really appreciate any software way to improve it with the open-source driver.

Aurelien Jarno: Performances of open-source Radeon driver

I am the happy owner of a new netbook with an AMD Fusion E-450 APU, which includes a Radeon graphics card. I am using the open-source driver on it, that is a 3.2-rc7 kernel for KMS, and xserver-xorg-video-radeon package from sid. I have to say I am not really happy about the performances. No I don t speak about the graphical performances that are pretty good (especially compared to my Intel Atom N450 based previous netbook) but about the power consumption. With this setup and with the original battery I get 2h30 of autonomy. Switching to UMS and adding some power management options in xorg.conf improves it to 2h40, but breaks suspend to ram/disk (a pity for a netbook) and switch between VT. I then tried the non-free fglrx driver, it also suffers from the suspend to ram/disk issue, in addition to crashing xorg when playing videos On the other hand I get an impressive 3h30 of autonomy, and additionally a silent netbook (contrary to the open-source driver, the fan doesn t spin at idle). I have tried plenty of options, ranging from adding some power management options to xorg.conf, to passing dynclks=1 to the radeon module, including setting /sys/class/drm/card0/device/power_method to dynpm. Right now I have worked around the issue by buying a bigger battery which brings me 5h30 of autonomy, but I would really appreciate any software way to improve it with the open-source driver.

Aurelien Jarno: Performances of open-source Radeon driver

I am the happy owner of a new netbook with an AMD Fusion E-450 APU, which includes a Radeon graphics card. I am using the open-source driver on it, that is a 3.2-rc7 kernel for KMS, and xserver-xorg-video-radeon package from sid. I have to say I am not really happy about the performances. No I don t speak about the graphical performances that are pretty good (especially compared to my Intel Atom N450 based previous netbook) but about the power consumption. With this setup and with the original battery I get 2h30 of autonomy. Switching to UMS and adding some power management options in xorg.conf improves it to 2h40, but breaks suspend to ram/disk (a pity for a netbook) and switch between VT. I then tried the non-free fglrx driver, it also suffers from the suspend to ram/disk issue, in addition to crashing xorg when playing videos On the other hand I get an impressive 3h30 of autonomy, and additionally a silent netbook (contrary to the open-source driver, the fan doesn t spin at idle). I have tried plenty of options, ranging from adding some power management options to xorg.conf, to passing dynclks=1 to the radeon module, including setting /sys/class/drm/card0/device/power_method to dynpm. Right now I have worked around the issue by buying a bigger battery which brings me 5h30 of autonomy, but I would really appreciate any software way to improve it with the open-source driver.

9 August 2011

Aurelien Jarno: Debian s390x port (aka 31 bits is not enough)

During Debconf 11, I got access to a fast s390 machine, and I have started to work on a Debian s390x port, the 64-bit version of the s390 port. One of my goal was to help the SPARC64 port, as some of the issues are the same: both are 64-bit big-endian, don t support unaligned access and behave differently between -fpic and -fPIC. Why such a port? When talking about 64-bit ports, we usually hear: 4GB is enough, handling 64-bit takes more memory . This really sounds like 640K ought to be enough for anybody . The s390 port is actually 31-bit from the address point of view (one bit is reserved for address space extension from 24 to 31 bits), so each process is limited to 2GB only. Nowadays applications which need more than 2GB are not that uncommon, especially on mainframes. Actually the 2GB limit already causes some problem in Debian: in some cases it s not possible to build haskell applications or even C applications using GCC. On the other hand, we already require a 64-bit kernel on the s390 port (only the userland is 32-bit), and applications are handling more and more 64-bit or greater values (files offset, time counters, uid, etc.). What is the status? Bootstrapping the architecture was not really easy (as for any other new architectures), due to a huge amount of dependencies and build-dependencies loops, as explained by Wookey during Debconf11. Now that this part is mostly done, an autobuilder has been started and currently more than 65% of the packages are built. The s390x port is hosted on debian-ports.org. Unfortunately it is not yet deboostrapable, though that should happen in the next few days (only a few packages are missing). The main issues are currently packages which fail to build from source due to linker, gcc-4.6 and curl changes, or due to the libjpeg and multiarch transitions, and thus are not directly related to s390x. If your package is in this case, it would be a good idea to fix it. Otherwise if it has a lot of reverse dependencies and the bug is opened for a while, just expect an NMU (as allowed by the 0-day NMU policy). Of course for a few packages s390x specific fixes are needed, some of them are already in the BTS. How you can help? The list of bugs blocking the s390x port is available through the s390x usertag, fixing these bugs (a lot of them are general FTBFS) would help a lot. Alternatively if you have access to an s390x machine you can take a look at the packages failing to build. Update: Fixed the explanation about the 32th bit, thanks to Bastian Blank for the comment.

4 June 2011

Rudy Godoy: GSoC: Status report 01

Hello, this is the official project report for the Debian GSoC admins and everyone. It s been few days since the official coding phase started. Most of the time I ve been figuring out the details regarding integration of non-x86 images to the Eucalyptus IaaS and working on the ARM image, as you ll learn later. I m also in the process of starting to design the set of tools we ll be delivering as part of the project. The project s goal is to be a useful resource for Debian developers and porters. I ve joined some porters list in order to learn what are the things they are struggling with and how the project can help to address them. I ll be starting a wiki page with such topics. Bonding period:
Bonding period has been more fruitful than I expected. As mentioned in my previous post, Steffen and I got in touch with the Eucalyptus team, since they show their early interest on the project. We are coordinating cooperation between our teams. Besides my mentor and I defined to start working on the ARM image. Coordination went OK. We ll be having meetings every two weeks. Project Status:
Resuming Dominique s work I began working on the ARM image. Aur lien s work was a great resource. Currently I have a working and updated Debian testing ARM image using the versatile kernel that can be used under qemu-arm. I m currently making tests and figuring out the next phase which is cloudify it. Over this weekend I expect to finish on that side and then began on the design and implementation of the tools that will be the project s result.
Until now I haven t faced much issues, but the Eucalyptus part since the docs are targeting x86 and amd_64 archs. However I think I can run qemu-arm on top. I ll talk to them about the idea.
Future plans: week 3: - Finish tests with the ARM image. - Design the base tool-set, thinking integration with dpkg-buildpackage and qemubuilder. week 4-8: - Write the necessary code. mid-term evaluation. Other bits: Latest days have been quite busy for me, since I m still have to attend class, my semester ends in five weeks. This week was quite overwhelming with media , my University published an article (Spanish) about me and the program. I m the third student of the CS school participating in GSoC, in the past we had Gentoo Project and KDE students. Later, a local Cable TV program interview me on the same matter, it went fine. I managed to talk about Debian and what we do (we get free Advertising yay!) :) also about Google s Summer of Code program and invited students to participate both in FLOSS projects and the program. Still don t know if they have put it on air, I think it will be next week.

29 April 2011

Ian Wienand: Toolchains, libc and interesting interactions

When building a user space binary, the -lc that gcc inserts into the final link seems pretty straight forward link the C library. As with all things system-library related there is more to investigate. If you look at /usr/lib/libc.so; the "library" that gets linked when you specify -lc, it is not a library as such, but a link script which specifies the libraries to link, which also includes the dynamic linker itself:
$ cat /usr/lib/libc.so
/* GNU ld script
   Use the shared library, but some functions are only in
   the static library, so try that secondarily.  */
OUTPUT_FORMAT(elf64-x86-64)
GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a  AS_NEEDED ( /lib/ld-linux-x86-64.so.2 ) )
On very old glibc's the AS_NEEDED didn't appear; so every binary really did have a DT_NEEDED entry for the dynamic linker itself. This can be somewhat confusing if you're ever doing forensics on an old binary which seems to have these entries for not apparent reason. However, we can see that that /lib/libc.so itself does actually require symbols from the dynamic linker:
$ readelf --dynamic /lib/libc.so.6   grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]
Although you're unlikely to encounter it, a broken toolchain can cause havoc if it gets the link order wrong here, because the glibc dynamic linker defines minimal versions of malloc and friends -- you've got a chicken-and-egg problem using libc's malloc before you've loaded it! You can simulate this havoc with something like:
$ cat foo.c
#include <stdio.h>
#include <syslog.h>
int main(void)
 
   syslog(LOG_DEBUG, "hello, world!");
   return 0;
 
$ cat libbroken.so
GROUP ( /lib/ld-linux-x86-64.so.2 )
$ gcc -o -Wall -Wl,-rpath=. -L. -lbroken -g -o foo foo.c
$ ./foo
Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion  ptr == alloc_last_block' failed!
Depending on various versions of things, you might see that assert or possibly just strange, corrupt output in your logs as syslog calls the wrong malloc. You could debug something like this by asking the dynamic linker to show you its bindings as it resolves them:
$ LD_DEBUG_OUTPUT=foo.txt LD_DEBUG=bindings ./foo
Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion  ptr == alloc_last_block' failed!
$ cat foo.txt.11360   grep "\ malloc'"
     11360:	binding file /lib/libc.so.6 [0] to /lib64/ld-linux-x86-64.so.2 [0]: normal symbol  malloc' [GLIBC_2.2.5]
     11360:	binding file /lib64/ld-linux-x86-64.so.2 [0] to /lib64/ld-linux-x86-64.so.2 [0]: normal symbol  malloc' [GLIBC_2.2.5]
     11360:	binding file /lib/libc.so.6 [0] to /lib64/ld-linux-x86-64.so.2 [0]: normal symbol  malloc' [GLIBC_2.2.5]
Above, because the dynamic loader comes first in the link order, libc.so.6's malloc has bound to the minimal implementation it provides, rather the full-featured one it provides internally. As an aside, AFAICT, there is really only one reason why a normal library will link against the dynamic loader -- for the thread-local storage support function __tls_get_addr. You can try this yourself:
$ cat tls.c
char __thread *foo;
char* moo(void)  
	return foo;
 
$ gcc -fPIC -o libtls.so -shared tls.c
$ readelf -d ./libtls.so    grep NEED
 0x00000001 (NEEDED)                     Shared library: [libc.so.6]
 0x00000001 (NEEDED)                     Shared library: [ld-linux.so.2]
 0x6ffffffe (VERNEED)                    0x314
 0x6fffffff (VERNEEDNUM)                 2
Thread-local storage is worthy of a book of its own, but the gist is that this support function says "hey, give me an address of foo in libtls.so", the magic being that if the current thread has never accessed foo then it may not actually have any storage for foo yet, so the dynamic linker can allocate some memory for it lazily and then return the right thing. Otherwise, every thread that started would need to reserve room for foo "just in case", even if it never cares about moo. But looking a little closer at the symbols of libc.so is also interesting. libc.so doesn't actually have many functions you can override. You can see what it is possible to override by checking the relocations against the procdure-lookup table (PLT).
Relocation section '.rela.plt' at offset 0x1e770 contains 8 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
00000035b000  084600000007 R_X86_64_JUMP_SLO 00000000000a2100 sysconf + 0
00000035b008  02e000000007 R_X86_64_JUMP_SLO 0000000000075e50 calloc + 0
00000035b010  01dd00000007 R_X86_64_JUMP_SLO 0000000000077910 realloc + 0
00000035b018  029300000007 R_X86_64_JUMP_SLO 00000000000661c0 feof + 0
00000035b020  046f00000007 R_X86_64_JUMP_SLO 00000000000768c0 malloc + 0
00000035b028  000400000007 R_X86_64_JUMP_SLO 0000000000000000 __tls_get_addr + 0
00000035b030  01b400000007 R_X86_64_JUMP_SLO 0000000000076dd0 memalign + 0
00000035b038  086000000007 R_X86_64_JUMP_SLO 00000000000767e0 free + 0
i.e. instead of jumping directly to the malloc defined in the libc code section, any internal calls will jump to this stub which, the first time, asks the dynamic linker to go out and find the address of malloc (it then saves it, so the second time the stub just jumps to the saved location). This is an interesting list, seemingly without much order. feof, for example, stands out as worth checking out a bit closer why would that be there when fopen isn't, say? We can track down where it comes from with a bit of detective work; knowing that the value of the symbol feof will be placed into 0x35b018 we can disassemble libc.so to see that this address is used by the feof PLT stub at 0x1e870 (luckily, objdump has done the math to offest from the rip for us; i.e. 0x1e876 + 0x33c7a2 = 0x35b018)
000000000001e870 <feof@plt>:
   1e870:       ff 25 a2 c7 33 00       jmpq   *0x33c7a2(%rip)        # 35b018 <_IO_file_jumps+0xb18>
   1e876:       68 03 00 00 00          pushq  $0x3
   1e87b:       e9 b0 ff ff ff          jmpq   1e830 <h_errno+0x1e7dc>
From there we can search for anyone jumping to that address, and find out the caller:
$ objdump --disassemble-all /lib/libc.so.6   grep 1e870
000000000001e870 <feof@plt>:
   1e870:	ff 25 a2 c7 33 00    	jmpq   *0x33c7a2(%rip)        # 35b018 <_IO_file_jumps+0xb18>
   f19f7:	e8 74 ce f2 ff       	callq  1e870 <feof@plt>
$ addr2line -e /lib/libc.so.6 f19f7
/home/aurel32/eglibc/eglibc-2.11.2/sunrpc/bindrsvprt.c:70
Which turns out to be part of a local patch which probably gets things a little wrong, as described below. The sysconf relocation is from a similar add-on patch (being used to find the page size, it seems). libc, like all sensible libraries, uses the hidden attribute on symbols to restrict what is exported by the library. The benefit of this is that when the linker knows you are referencing a hidden symbol it knows that the value can never be overridden, and thus does not need to emit extra code to do indirection just in case you ever wish to redirect the symbols. In the above, it appears that feof has never been marked as hidden, probably because no internal glibc functions used it until that add-on patch, and since it is not considered an internal function the linker must allow for the possibility that it will be overridden at run time and provide a PLT slot for it. There are consequences; if this was on a fast-path then the extra jumps required to go via the PLT may matter for performance and it may also cause strange behaviour if somebody had preloaded something that took over feof. Note, this is different from saying that your library can override symbols provided by libc.so; such as when you LD_PRELOAD a library to wrap an open call. What you can not override is the open call that say, the internal libc.so function getusershell does to read /etc/shells. Having the malloc related calls as preemptable seems intentional and sane; although I can not find a comment to the effect of "we deliberately leave these like this so that users may use alternative malloc implementations", it makes sense so that libc.so is internally using the same malloc as everything else if you choose to use something such as tc-malloc. tl;dr? Digging into your system libraries is always interesting. Be careful with your link order when creating toolchains, and be careful about symbol visibility when you're working with libraries.

29 March 2011

Steve Langasek: Multiarch Monomania

So the other day, I was able to do this in an Ubuntu natty amd64 chroot for the first time.
# cat > /etc/apt/apt.conf.d/multiarch-me
APT::Architectures   "amd64"; "i386";  ;
^D
# cat >> /etc/dpkg/dpkg.cfg
foreign-architecture i386
^D
# apt-get update
# apt-get install flashplugin-installer:i386
Reading package lists... Done
Building dependency tree       
Reading state information... Done
[...]
The following NEW packages will be installed:
  flashplugin-installer:i386 flashplugin-nonfree:i386 gcc-4.5-base:i386
  libatk1.0-0:i386 libavahi-client3:i386 libavahi-common-data:i386
  libavahi-common3:i386 libc6:i386 libcairo2:i386 libcomerr2:i386
  libcups2:i386 libdatrie1:i386 libdbus-1-3:i386 libdrm2:i386
  libegl1-mesa:i386 libexpat1:i386 libfontconfig1:i386 libfreetype6:i386
  libgcc1:i386 libgcrypt11:i386 libgdk-pixbuf2.0-0:i386 libgl1-mesa-glx:i386
  libglib2.0-0:i386 libgnutls26:i386 libgpg-error0:i386 libgssapi-krb5-2:i386
  libgtk2.0-0:i386 libgtk2.0-common libice6:i386 libjasper1:i386
  libjpeg62:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386
  libkrb5support0:i386 libnspr4:i386 libnspr4-0d:i386 libnss3:i386
  libnss3-1d:i386 libpango1.0-0:i386 libpcre3:i386 libpixman-1-0:i386
  libpng12-0:i386 libselinux1:i386 libsm6:i386 libsqlite3-0:i386
  libstdc++6:i386 libtasn1-3:i386 libthai-data libthai0:i386 libtiff4:i386
  libudev0:i386 libuuid1:i386 libx11-6:i386 libx11-data libx11-xcb1:i386
  libxau6:i386 libxcb-dri2-0:i386 libxcb-render0:i386 libxcb-shape0:i386
  libxcb-shm0:i386 libxcb-xfixes0:i386 libxcb1:i386 libxcomposite1:i386
  libxcursor1:i386 libxdamage1:i386 libxdmcp6:i386 libxext6:i386
  libxfixes3:i386 libxft2:i386 libxi6:i386 libxinerama1:i386 libxrandr2:i386
  libxrender1:i386 libxt6:i386 libxxf86vm1:i386 x11-common zlib1g:i386
0 upgraded, 78 newly installed, 0 to remove and 3 not upgraded.
Need to get 15.1 MB/15.6 MB of archives.
After this operation, 48.9 MB of additional disk space will be used.
Do you want to continue [Y/n]?
It is a truly heady experience, after so many years of talking about the need to properly support multiarch in Debian and Ubuntu, to see support for cross-installation of packages come to fruition. If you've talked to me any time in the past couple of weeks and noticed it's a little hard to get me to change the subject, well, that's why. Many who have grown accustomed to Debian and Ubuntu's lack of support for installing i386 packages on amd64 (or vice versa) may wonder what the fuss is about. (Whereas others who are well versed in distributions such as Red Hat and SuSE may laugh and wonder what took us so long...) So maybe a few words of explanation are in order. If you've ever installed ia32-libs on an amd64 machine anywhere; if you've ever noticed a bug where ia32-libs didn't work right because of wrong system paths, or had to file a request for another library to be added to ia32-libs because it wasn't included in the set of libraries Debian decided to package up in this grotesque, all-in-one 32-bit compatibility bundle; if you've ever decided not to install a 64-bit OS on your perfectly 64-bit-capable hardware because of concern that you wouldn't be able to run $random32-bitonly_application; multiarch is for you. If you've gotten stuck maintaining a lib32foo "biarch" package in Debian due to popular demand, multiarch is definitely for you. :) If you've ever cross-compiled software for a different Debian architecture than the one you were running, multiarch is for you. If you've ever wanted to run binaries for a different architecture under emulation, and found it awkward to set up the library dependencies, multiarch is for you, too. Because although the .deb world may be a little late to the party, we're also naturally taking things much further than anyone's done with rpm. Multiarch won't just give you the ability to install 32-bit libs on 64-bit systems; it'll give you the ability to install libs for any known architecture on any system. And a whole lot of pain just falls out of the equation in the process. A cross-compiling environment looks the same as a native-compiling environment. An emulated system looks the same as a native system. We can start to seriously consider cross-grading systems from one architecture to another. And all this is happening now. The groundwork is there in Ubuntu natty. Wheezy will be the release that brings multiarch to Debian. When dpkg 1.16.0 is uploaded to unstable real soon now, the bootstrapping will begin. I am immensely grateful to everyone who's helped make multiarch a reality - to Tollef, Matt and others for seeding the vision; Aurelien, Matthias and Arthur for their work to ready the toolchain; David and Michael for the apt implementation; Guillem and Raphael for the dpkg implementation, and Linaro's support to help make this possible; and the many other developers who've helped to refine this design over the years in numerous other BoFs, sessions and mailing list threads. I'm excited to find out what the Debian community will do with multiarch now that it's upon us. Christian, maybe you should start a pool for how long it will take before all the libraries shipped in ia32-libs have been converted to multiarch and we can drop ia32-libs from the archive?

20 August 2010

Steve McIntyre: Debian GNU/kFreeBSD CDs now happening

Thanks to the sterling work of aurel32, debian-cd now supports creating CDs for the kfreebsd-amd64 and kfreebsd-i386 ports. For now, only the daily "sid" builds will be available - see http://cdimage.debian.org/cdimage/daily-builds/sid_d-i/arch-latest/. Once there's been another alpha/beta release of d-i then we'll get squeeze daily builds and weekly builds too.

28 June 2010

Aurelien Jarno: Debian and the ARM hype

Thanks to the versatility of the Linux kernel, Debian has always been known for supporting a large number of architectures. It has also often been criticized for that as it is said to slow down the development of Debian. Among these architectures, the ARM one was considered dead a few years ago, and some people wanted to get rid of it. Today all major distributions now have an ARM port, one of those distributions being even based on Debian. It seems Debian was right. Now that Android has been ported to MIPS, we may see more and more MIPS based devices. Will the same scenario happen again?

12 June 2010

Aurelien Jarno: bindv6only=1 and GNU/kFreeBSD

A few months ago the netbase package started to install the /etc/sysctl.d/bindv6only.conf file to switch the default bindv6only value from 0 to 1. A lot of people are not happy with this change, but it is not my goal to give my opinion here. On the other hand, people have propagated the rumour that it has been done as the FreeBSD kernel, used in the kfreebsd-amd64 and kfreebsd-i386 ports of Debian, only supports the mode corresponding to 1. Let s give the truth:

25 May 2010

Aurelien Jarno: EGLIBC and PowerPCSPE port

This has been roughly one year since Debian switched from GLIBC to EGLIBC, so it s probably the time to make a small report about this change. First of all, on the GLIBC upstream side, things has improved a bit since we now have regular stable release, thanks to Petr Baudis aka Pasky. The good point is that the stable releases are imported into the EGLIBC stable repositories. On the EGLIBC side the switch has helped to reduce the number of patches in the Debian package (for example, resolv.conf is automatically reloaded if needed), and has brought some bug fixes and improvements, especially for the arm, mips and powerpc targets. It should be noted that the newly created PowerPCSPE port for PowerPC e500 series CPU also benefits from EGLIBC, as it is not natively supported by GLIBC.

9 April 2010

Aurelien Jarno: Debian SH4 QEMU image available

Thanks to the great work of Nobuhiro Iwamatsu and others, Debian has an unofficial SH4 port which is close to complete (> 90% of the packages built). In order to help developers to fix bugs on this architecture, I have produced an SH4 QEMU image which is available at the same location as my other QEMU images. You will need a recent GIT HEAD QEMU to use it. Previous versions suffer from bugs in the MMU, causing segfaults and gratuitous TLB flushing. The MMU emulation is now hopefully correct, but still a bit slow. Also the emulated board is limited to 64 MB of memory, and this value can t be changed as memory extension would overlap the addresses used for peripherals. Update: I have backported the necessary SH4 patches into the QEMU Debian package version 0.12.3+dfsg-4.

7 March 2010

Aurelien Jarno: Squeeze will be released with eglibc 2.11

Contrary to what lucas announced (I don t know where he got this info), we plan to release Squeeze with eglibc 2.11. It is already packaged in experimental and is ready on all architectures except hppa where there are a few major regressions in the testsuite to fix. This is what prevent us to upload it to unstable.

27 January 2010

Aurelien Jarno: Working on the eglibc package

In the last weeks, I stopped being motivated to work on the eglibc package, it s not fun as it was before. Maintaining this package is taking a lot of my (free) time, and I am not anymore able to follow the bug rate, especially for RC bugs or bugs that I consider high priority. In turn it does not give me time to integrate eglibc 2.11 or other wishlist features I would have liked to see (rework of the locales* packages, using multiarch paths, etc.). I hope it s only a bad moment and that things will change soon, so I can find time to work on GNU/kFreeBSD, QEMU or to do electronics. In any case you can help by handling bug reports or writing patches. Everything is in the BTS!

1 January 2010

Thorsten Glaser: RCBD #1

My first RC Bug-squashing Day (or rather night): I picked all of them mostly randomly from the list Zack gave me, and except dietlibc they are packages I had not even heard of before. The first one begun easily (track down licencing information, pimp debian/copyright, but I ended up fixing compiler and lintian warnings and even wrote a manpage for it while there (but for this one, I didn t bump the Standards-Version). The second one was only the second one to complete because the others took longer; it s basically a change of a d mon to use two instead of one listening socket, to work with a doble stack OS instead of just a dual stack OS by not using v4-mapped IPv6 addresses (I considered if to use select(2) or poll(2), or to just fork and have two d mons running, but that seemed too ressource-consuming to me so I chose the less-complicated poll(2) method, looking at popa3d(8) s source code (inherited from OpenBSD) in the MirBSD tree since I could not find my network programming book. The third one was basically communicating with upstream; the bug can be blosed with no change to the package. The fourth one took me a while; luckily I have qemu 0.11.0 on MirBSD, and aurel32 s mipsel qemu images helped a great deal; however, cowbuilder --create failed for me, so I ended up waiting almost the entire night for a-g d-u to finish; in the end, it was simply a bug in upstream s configure.ac which is only exposed due to a toolchain bug on mips(el). To do: my AM Zack needs to upload the NMUs (after checking, of course); I need to communicate some of the fixes upstream (the gidentd upstream is NXDOMAIN ), produce a very small testcase for the mipsel toolchain bug, maybe fix some more mipsel FTBFSen as I have a working qemu instance now, but maybe I ll do that at the BSP when I can t find IPv6 bugs or so that I feel I can fix (I also want to do an mksh release which has to be prepared first RSN, and there s still the need to formally publish the MirBSD-current bi-arch snapshot and make another ISO out of it for BT and prepare the multi-BSD USB stick for allbsd.de ). Annoyances: a-g d-u could ask me things at the start before working for some four+ hours instead of in the middle, and the same questions several times (PAM restart). The sid kernel doesn t boot today but did yesterday, the lenny kernel produces this:
Starting the hotplug events dispatcher: udevdudevd[320]: udev: missing sysfs features; please update the kernel or disable the kernel's CONFIG_SYSFS_DEPRECATED option; udev may fail to work correctly
(I hate udev.) And, worst of all, these annoying fireworks (some sounded like originating from inside our staircase, I pity the neighbour s cats) when one wants to hack Finally, I *loathe* CDBS. Debhelper v5 rules! Oh, and I also was under the impression that Firstname LASTNAME was a French thing, and to a much lesser extent Asian. (@bubulle)

12 November 2009

Aurelien Jarno: Thought of the day

New features usually come with new versions. Before reporting a bug for a new feature, it may be a good idea to make sure you are using the latest version. apt-get can be really useful for that.

13 May 2009

Jonathan McDowell: Breaking the Web of Trust

With all the discussion about SHA-1 weaknesses and generation of new OpenPGP keys going on there's some concern about how the web of trust will be affected. I'm particularly interested in the impact on Debian; while it's possible to add new keys and keep the old ones around that hasn't worked so well for us with the migration away from PGPv3 keys. We still have 125 v3 keys left, many of them for users who also have a v4 key but haven't asked for the v3 key to be removed or responded to my email prodding them about it. I don't want to repeat that.

So if we're looking at key replacement we need to have some idea about where our Web of Trust currently stands, and what effect various changes might have on it. I managed to find the keyrings Debian shipped all the way back to slink and ran the keyanalyze and cwot stats against them. I then took the current keyring, pull in all the updates for the keys in it (so that any signatures from newly generated keys would be included) and ran the stats again. Finally I took details of 12 key migrations (mostly from Debian Planet but also a couple of others I knew about) and calculated what the effect of removing each key would be. These stats are cumulative and I replaced the most well connected (by centrality) keys first.

The results are below.

TotalSCSReachableMSDCentrality
1999-02-06 (slink)22836(15.78%)50 (21.92%)2.9022
2000-01-03 (potato)375104 (27.73%)180 (48.00%)4.3382
2001-09-22 (woody)948538 (56.75%)704 (74.26%)4.73202008.6249
2005-05-28 (sarge/etch) 1106883 (79.83%)969 (87.61%)3.34852074.6604
2007-12-0411911001 (84.04%)1062 (89.16%)3.11032113.3747
2009-01-18 (lenny)1126947 (84.10%)1010 (89.69%)3.04891941.2594
2009-04-04 (squeeze/sid)1121946 (84.38%)1008 (89.91%)3.04661936.9761
2009-05-06 (current)1067894 (83.78%)958 (89.78%)2.96701759.4363
TotalSCSReachableMSDCentrality
base1067904 (84.72%)959 (89.87%)2.96401776.4389
update-93sam1067902 (84.53%) 958 (89.78%)2.97341780.9874
update-joerg1067900 (84.34%) 958 (89.78%)2.97761780.7578
update-aurel321067898 (84.16%) 957 (89.69%)2.98031779.2497
update-noodles1067896 (83.97%) 956 (89.59%)2.98311777.8326
update-jaldhar1067896 (83.97%) 955 (89.50%)2.98551779.9193
update-srivasta1067896 (83.97%) 955 (89.50%)2.99041784.3382
update-ana1067895 (83.88%) 954 (89.40%)2.99261784.3102
update-nobse1067893 (83.69%) 953 (89.31%)2.99471782.2392
update-neilm1067892 (83.59%) 951 (89.12%)2.99741782.6098
update-reg1067891 (83.50%) 950 (89.03%)2.99771780.8515
update-rmayorga1067890 (83.41%) 949 (88.94%)2.99841779.4910
update-evgeni1067889 (83.31%) 948 (88.84%)2.99741776.6445

This is actually more hopeful than I thought. There's an obvious weakening as a result of the migrations, but the MSD stays under 3 and the centrality stays fairly constant too. The reachable/SCS counts do decrease, but at this point it looks fairly linear rather than an instant partition. Of course the more keys that are removed the more likely this is to drop off suddenly. Counteracting that DebConf9 is coming up which will provide a good opportunity for normally geographically disperse groups to cross sign, reinforcing the WoT for these new keys.

Either way I at least have a better handle on the current state of play, which gives me something to work with when thinking about how to proceed. For now, bed.

10 May 2009

Aurelien Jarno: New GPG key

pub   4096R/1DDD8C9B 2009-05-09
      Key fingerprint = 7746 2642 A9EF 94FD 0F77  196D BA9C 7806 1DDD 8C9B
uid                  Aurelien Jarno <aurel32@debian.org>
uid                  Aurelien Jarno <aurelien@aurel32.net>
uid                  Aurelien Jarno <aurelien@jarno.fr>
sub   4096R/C3FCA1A8 2009-05-09
I ll get it signed by other Debian Developers tomorrow, during the Debian France meeting.

Next.

Previous.