Colin Watson: Free software activity in January/February 2024
Two months into my new gig and it s going
great! Tracking my time has taken a bit of
getting used to, but having something that amounts to a queryable database
of everything I ve done has also allowed some helpful introspection.
Freexian sponsors up
to 20% of my time on Debian tasks of my choice. In fact I ve been spending
the bulk of my time on
debusine which is itself
intended to accelerate work on Debian, but more details on that later.
While I contribute to Freexian s
summaries now, I ve
also decided to start writing monthly posts about my free software activity
as many others do, to get into some more detail.
January 2024
- I added Incus support to autopkgtest. Incus is a system container and virtual machine manager, forked from Canonical s LXD. I switched my laptop over to it and then quickly found that it was inconvenient not to be able to run Debian package test suites using autopkgtest, so I tweaked autopkgtest s existing LXD integration to support using either LXD or Incus.
- I discovered Perl::Critic and used it to tidy up some poor practices in several of my packages, including debconf. Perl used to be my language of choice but I ve been mostly using Python for over a decade now, so I m not as fluent as I used to be and some mechanical assistance with spotting common errors is helpful; besides, I m generally a big fan of applying static analysis to everything possible in the hope of reducing bug density. Of course, this did result in a couple of regressions (1, 2), but at least we caught them fairly quickly.
- I did some overdue debconf maintenance, mainly around tidying up error message handling in several places (1, 2, 3).
- I did some routine maintenance to move several of my upstream projects to a new Gnulib stable branch.
- debmirror includes a useful summary of how big a Debian mirror is, but it hadn t been updated since 2010 and the script to do so had bitrotted quite badly. I fixed that and added a recurring task for myself to refresh this every six months.
- Some time back I added AppArmor and seccomp confinement to man-db. This
was mainly motivated by a desire to support manual pages in
snaps (which
is still open several
years later ), but since reading manual pages involves a non-trivial
text processing toolchain mostly written in
C++, I thought it was reasonable to
assume that some day it might have a vulnerability even though its track
record has been good; so
man
now restricts the system calls thatgroff
can execute and the parts of the file system that it can access. I stand by this, but it did cause some problems that have needed a succession of small fixes over the years. This month I issued DLA-3731-1, backporting some of those fixes to buster. - I spent some time chasing a console-setup build failure following the removal of kFreeBSD support, which was uploaded by mistake. I suggested a set of fixes for this, but the author of the change to remove kFreeBSD support decided to take a different approach (fair enough), so I ve abandoned this.
- I updated the Debian zope.testrunner package to 6.3.1.
- openssh:
- A Freexian collaborator had a problem with automating installations
involving changes to
/etc/ssh/sshd_config
. This turned out to be resolvable without any changes, but in the process of investigating I noticed that my dodgy arrangements to avoid ucf prompts in certain cases had bitrotted slightly, which meant that some people might be prompted unnecessarily. I fixed this and arranged for it not to happen again. - Following a recent debian-devel discussion, I realized that some particularly awkward code in the OpenSSH packaging was now obsolete, and removed it.
- A Freexian collaborator had a problem with automating installations
involving changes to
- I backported a python-channels-redis fix to bookworm. I wasn t the first person to run into this, but I rediscovered it while working on debusine and it was confusing enough that it seemed worth fixing in stable.
- I fixed a simple build failure in storm.
- I dug into a very confusing cluster of celery build failures
(1,
2,
3), and tracked the hardest bit down
to a Python 3.12
regression, now fixed
in unstable thanks to Stefano Rivera. Getting celery back into testing
is blocked on the 64-bit
time_t
transition for now, but once that s out of the way it should flow smoothly again.