Language Selection

English French German Italian Portuguese Spanish

Debian

Syndicate content
Planet Debian - https://planet.debian.org/
Updated: 6 hours 44 min ago

Jonathan Wiltshire: What to expect on buster release day

Saturday 6th of July 2019 07:19:37 AM

The ‘buster’ release day is today! This is mostly a re-hash of previous checklists, since we’ve done this a few times now and we have a pretty good rhythm.

There have been some preparations going on in advance:

  1. Last week we imposed a “quiet period” on migrations. That’s about as frozen as we can get; it means that even RC bugs need to be exceptional if they aren’t to be deferred to the first point release. Only late-breaking documentation (like the install guide) was accepted.
  2. The security team opened buster-updates for business and carried out a test upload
  3. The debian-installer team made a final release.
  4. Final debtags data was updated.
  5. Yesterday the testing migration script britney and other automatic maintenance scripts that the release team run were disabled for the duration.
  6. We made final preparations of things that can be done in advance, such as drafting the publicity announcements. These have to be done in advance so translators get chance to do their work overnight (translations are starting to arrive right now!).

The following checklist makes the release actually happen:

  1. Once dinstall is completed at 07:52, archive maintenance is suspended – the FTP masters will do manual work for now.
  2. Very large quantities of coffee will be prepared all across Europe.
  3. Release managers carry out consistency checks of the buster index files, and confirm to FTP masters that there are no last-minute changes to be made. RMs get a break to make more coffee.
  4. While they’re away FTP masters begin the process of relabelling stretch as oldstable and buster as stable. If an installer needs to be, er, installed as well, that happens at this point. Old builds of the installer are removed.
  5. A new suite for bullseye (Debian 11) is initialised and populated, and labelled testing.
  6. Release managers check that the newly-generated suite index files look correct and consistent with the checks made earlier in the day. Everything is signed off – both in logistical and cryptographic terms.
  7. FTP masters trigger a push of all the changes to the CD-building mirror so that production of images can begin. As each image is completed, several volunteers download and test it in as many ways as they can dream up (booting and choosing different paths through the installer to check integrity).
  8. Finally a full mirror push is triggered by FTP masters, and the finished CD images are published.
  9. Announcements are sent by the publicity team to various places, and by the release team to the developers at large.
  10. Archive maintenance scripts are re-enabled.
  11. The release team take a break for a couple of weeks before getting back into the next cycle.

During the day much of the coordination happens in the #debian-release, #debian-ftp and #debian-cd IRC channels. You’re welcome to follow along if you’re interested in the process, although we ask that you are read-only while people are still concentrating (during the Squeeze release, a steady stream of people turned up to say “congratulations!” at the most critical junctures; it’s not particularly helpful while the process is still going on). The publicity team will be tweeting and denting progress as it happens, so that makes a good overview too.

If everything goes to plan, enjoy the parties!

(Disclaimer: inaccuracies are possible since so many people are involved and there’s a lot to happen in each step; all errors and omissions are entirely mine.)

Mike Gabriel: My Work on Debian LTS/ELTS (June 2019)

Friday 5th of July 2019 09:02:22 PM

In June 2019, I did not at all reach my goal of LTS/ELTS hours, unfortunately. (At this point, I could come up with a long story about our dog'ish family member and the infection diseases he got, the vet visits we did and the daily care and attention he needed, but I won't...).

I have worked on the Debian LTS project for 9,75 hours (of 17 hours planned) and on the Debian ELTS project just for 1 hour (of 12 hours planned) as a paid contributor.

LTS Work
  • LTS: Setup physical box running Debian jessie (for qemu testing)
  • LTS: Bug hunting mupdf regarding my CVE-2018-5686 patch backport
  • LTS: Upload to jessie-security: mupdf (DLA-1838-1), 3 CVEs [1]
  • LTS: Glib2.0: request CVE Id (CVE-2019-13012) + email communication with upstream [2] (minor issue for Glib2.0 << 2.60)
  • LTS: cfengine3: triage CVE-2019-9929, email communication with upstream (helping out security team) [3]
ELTS Work
  • Upload to wheezy-lts: expat (ELA 136-1), 1 CVE [4]
References

Thorsten Alteholz: My Debian Activities in June 2019

Friday 5th of July 2019 07:08:03 PM

FTP master

As you might have noticed as well, this month has been a month with the highest average temperature of all June so far. So I spent more time in the lake than in NEW. I only accepted 12 packages and rejected 1 upload. The rest of the team probably did the same because the overall number of packages that got accepted was only 22. Let’s see whether July will be the same …

Debian LTS

This was my sixtieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 17h. During that time I did LTS uploads or prepared security uploads of:

  • [DLA 1830-1] znc security update for one CVE
  • [DLA 1833-1] bzip2 security update for two CVEs
  • [DLA 1841-1] gpac security update for three CVEs

I also prepared bzip2 debdiffs for Buster and Stretch and sent them to the maintainer and security team.
Further I created new packages for testing the patches of bind9 and wpa. I would be more confident to upload those if more people could give it a try. Especially after the python issue, I would really like to have some more people to do smoke tests …

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirteenth ELTS month.

During my allocated time I uploaded:

  • ELA-132-1 of bzip2 for two CVEs
  • ELA-138-1 of ntfs-3g for one CVE

As like LTS, I am a bit hesitant to upload bind9

I also did some days of frontdesk duties.

Other stuff

As already written above, I did not do much work in front of a computer, so there is nothing to report here.
Ok, maybe I can mention this email here instead of the LTS section above. This is a script to obtain the correct build order of Go packages in case of security patches. As well as mentioned in the other paragraphs I would like more people to have a look at it, but please be kind :-).

Reproducible Builds: Reproducible Builds in June 2019

Friday 5th of July 2019 01:58:08 PM

Welcome to the June 2019 report from the Reproducible Builds project! In our reports we outline the most important things that we have been up to over the past month.

In order that everyone knows what this is about, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries. The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

In June’s report, we will cover:

  • Media coverageLego bricks, pizza and… Reproducible Builds‽
  • Upstream newsIs Trusting Trust close to a ‘rebuttal’?
  • EventsWhat happened at MiniDebConf Hamburg, the OpenWrt Summit, etc.
  • Software developmentPatches patches patches, etc.
  • Misc newsFrom our mailing list…
  • Getting in touchand how to contribute.
Media coverage
  • The Prototype Fund, an initiative to “aid software developers, hackers and creatives in furthering their ideas from concept to demo” produced a video featuring Holger Levsen explaining Reproducible Builds… using Lego bricks and pizza!

One key motivation for reproducible builds is to enable peak efficiency for the build caches used in modern build systems.

Upstream news


Events

There were a number of events that included or incorporated members of the Reproducible Builds community this month. If you know of any others, please do get in touch. In addition, a number of members of the Reproducible Builds project will be at DebConf 2019 in Curitiba, Brazil and will present on the status of their work.

MiniDebConf Hamburg 2019

Holger Levsen, Jelle van der Waa, kpcyrd and Alexander Couzens attended MiniDebConf Hamburg 2019 and worked on Reproducible Builds. As part of this, Holger gave a status update on the Project with a talk entitled Reproducible Builds aiming for bullseye, referring to the next Debian release name:


Jelle van der Waa kindly gifted Holger with a Reproducible Builds display:

In addition, Lukas Puehringer gave a talk titled Building reproducible builds into apt with in-toto:

As part of various hacking sessions:

  • Jelle van der Waa:

    • Improved the reproducible_json.py script to generate distribution-specific JSON, leading to the availability of an ArchLinux JSON file.
    • Investigated why the Arch Linux kernel package is not reproducible, finding out that KBUILD_BUILD_HOST and KGBUILD_BUILD_TIMESTAMP should be set. The enabling of CONFIG_MODULE_SIG_ALL causes the kernel modules to be signed with a (non-deterministic) build-time key if none is provided, leading to unreproducibility.
    • keyutils was fixed with respect to it embedding the build date in its binary. []
    • nspr was made reproducible in Arch Linux. []
  • kpcyrd:
    • Created various Jenkins jobs to generate Alpine build chroots, schedule new packages and to ultimately build them. [][][]
    • Created an Alpine reproducible testing overview page.
    • Provided a proof of concept SOURCE_DATE_EPOCH patch for abuild to fix timestamp issues in Alpine packages. []
  • Alexander Couzens:
    • Rewrote the database interaction routines for OpenWrt.
    • Migrated the OpenWrt package parser to use Python 3.x as Python 2.x will be reaching end-of-life at the end of this year.
    • Setup a test environment using a new README.development file.

Holger Levsen was on-hand to review and merge all the above commits, providing support and insight into the codebase. He additionally split out a README.development from the regular, more-generic README file.

OpenWrt summit

The OpenWrt project is a Linux operating system targeting embedded devices, particularly wireless network routers. In June, they hosted a summit that took place from 10th to 12th of the month.

Here, Holger participated in the discussions regarding .buildinfo build-attestation documents. As a result of this, Paul Spooren (aparcar) made a pull request to introduce/create a feeds.buildinfo (etc) for reproducibility in OpenWrt.

Software development buildinfo.debian.net

Chris Lamb spent significant time working on buildinfo.debian.net, his experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them. This included:

  • Started making the move to Python 3.x (and Django 2.x) [][][][][][][] additionally performing a large number of adjacent cleanups including dropping the authentication framework [], fixing a number of flake8 warnings [], adding a setup.cfg to silence some warnings [], moving to __str__ and str.format(...) over %-style interpolation and u"Unicode" strings [], etc.

  • Added a number of (as-yet unreleased…) features, including caching the expensive landing page queries. []

  • Took the opportunity to start migrating the hosting from its current GitHub home to a more-centralised repository on salsa.debian.org, moving from the Travis to the GitLab continuous integration platform, updating the URL to the source in the footer [] and many other related changes [].

  • Applied the Black “uncompromising code formatter” to the codebase. []

Project website

There was a significant amount of effort on our website this month.

  • Chris Lamb:

    • Moved the remaining site to the newer website design. This was a long-outstanding task (#2) and required a huge number of changes, including moving all the event and documentation pages to the new design [] and migrating/merging the old _layouts/page.html into the new design [] too. This could then allow for many cleanups including moving/deleting files into cleaner directories, dropping a bunch of example layouts [] and dropping the old “home” layout. []

    • Added reports to the homepage. (#16)

    • Re-ordered and merged various top-level sections of the site to make the page easier to parse/navigate [][] and updated the documentation for SOURCE_DATE_EPOCH to clarify that the alternative -r call to date(1) is for compatibility with BSD variants of UNIX [].

    • Made a large number of visual fixups, particularly to accommodate the principles of responsive web design. [][][][][]

    • Updated the lint functionality of the build system to check for URIs that are not using /foo/-style relative URLs. []

  • Jelle van der Waa updated the Events page to correct invalid Markdown [] and fixed a typo of “distribution” on a previous event page [].

  • Thomas Vincent added a huge number of videos and slides to the Resources page [][][][][][] etc. as well as added a button to link to subtitles [] and fixing a bug when displaying metadata links [].

In addition, Atharva Lele added the Buildroot embedded Linux project to the “Who’s involved” page. []

Test framework

We operate a comprehensive Jenkins-based testing framework that powers tests.reproducible-builds.org. The following changes were done in the last month:

  • Alexander Couzens (OpenWrt):
  • Holger Levsen:
    • Show Alpine-related jobs on the job health page. []
    • Alpine needs the jq command-line JSON processor for the new scheduler. []
    • Start a dedicated README.development file. []
    • Add support for some nodes running Debian buster already. []
  • Jelle van der Waa:
    • Change Arch Linux and Alpine BLACKLIST status to blacklist [] and GOOD to reproducible [] respectfully.
    • Add a Jenkins job to generate Arch Linux HTML pages. []
    • Fix the Arch Linux suites in the reproducible.ini file. []
    • Add an Arch JSON export Jenkins job. []
    • Create per-distribution reproducible JSON files. []
  • kpcyrd (Alpine):

    • Start adding an Alpine theme. []
    • Add an Alpine website. [][][][]
    • Add #alpine-reproducible to the KGB chat bot. []
    • Use the apk version instead of vercmp. []
    • Install/configure various parts of the chroot including passing in Git options [], adding the abuild group onto more servers [][], installing GnuPG []
    • Build packages using its own scheduler. [] [][]
    • Misc maintenance and fixups. [][]
  • Mattia Rizzolo:
    • Adjust the setup_pbuilder script to use [check-valid-until=no] instead of Acquire::Check-Valid-Until (re. (#926242)). []
Upstream patches

The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:

Distribution work

In Debian, 39 reviews of packages were added, 3 were updated and 8 were removed this month, adding to our knowledge about identified issues.

Chris Lamb also did more work testing of the reproducibility status of Debian Installer images. In particular, he was working around and patching an issue stemming from us testing builds far into the “future”. (#926242)

In addition, following discussions at MiniDebConf Hamburg, Ivo De Decker reviewed the situation around Debian bug #869184 again (“dpkg: source uploads including _amd64.buildinfo cause problems”) and updated the bug with some recommendations for the next Debian release cycle.

Bernhard M. Wiedemann posted his monthly Reproducible Builds status update for the openSUSE distribution.

Other tools

In diffoscope (our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues) Chris Lamb documented that run_diffoscope should not be considered a stable API [] and adjusted the configuration to build our Docker image from the current Git checkout, not the Debian archive []

Lastly, Chris Lamb added support for the clamping of tIME chunks in .png files [] to strip-nondeterminism, our tool to remove specific non-deterministic results from a completed build.

Misc news

On our mailing list this month Lars Wirzenius continued conversation regarding various questions about reproducible builds and their bearing on building a distributed continuous integration system which received many replies (thread index for May & June). In addition, Sebastian Huber asked whether anyone has attempted a reproducible build of a GCC compiler itself.

If you are interested in contributing the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:


This month’s report was written by Alexander Borkowski, Arnout Engelen, Bernhard M. Wiedemann, Chris Lamb, heinrich5991, Holger Levsen, Jelle van der Waa, kpcyrd & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Patrick Matthäi: Maintainance of GeoIP legacy databases

Friday 5th of July 2019 01:19:39 PM

Since 9 months now Maxmind is not providing the CSV sources for their legacy database format, but only for their new GeoLite2 database. That is legitimate in my opinion, because the API is quite old and software projects should move to the new format, but mostly all (IMHO) important software projects still only support the old API.. :-(

So I have decided to spend again some more work in my geoip and geoip-database packages and I can say, that I will upload after the Buster release a new geoip source package, which also provides the converter I took from here:
https://github.com/mschmitt/GeoLite2xtables/

Using this converter (and some more magic etc) I am now able to build the country v4+v6 legacy edition by using the GeoLite2 CSV database source :-)

So testing will be welcome and if everything is fine buster and stretch will get backports from this work in the future.

But I had to drop now the geoip-database-extra package, which includes also the AS and City (v4) database. I didn’t find a way to convert the sources and IMO they are not so important.

Bits from Debian: Upcoming Debian 10 "buster"!

Friday 5th of July 2019 06:00:00 AM

The Debian Release Team in coordination with several other teams are preparing the last bits needed for releasing Debian 10 "buster" on Saturday 6 July 2019. Please, be patient! Lots of steps are involved and some of them take some time, such as building the images, propagating the release through the mirror network, and rebuilding the Debian website so that "stable" points to Debian 10.

If you are considering create some artwork on the occasion of buster release, feel free to send us links to your creations to the (publicly archived) debian-publicity mailing list, so that we can disseminate them throughout our community.

Follow the live coverage of the release on https://micronews.debian.org or the @debian profile in your favorite social network! We'll spread the word about what's new in this version of Debian 10, how the release process is progressing during the weekend and facts about Debian and the wide community of volunteer contributors that make it possible.

If you want to celebrate the release of Debian 10 buster, join one of the many release parties or consider organizing one in your city! Celebration will also happen online on the Debian Party Line.

Petter Reinholdtsen: Teach kids to protect their privacy - the EDRi way

Thursday 4th of July 2019 05:10:00 PM

Childs need to learn how to guard their privacy too. To help them, European Digital Rights (EDRi) created a colorful booklet providing information on several privacy related topics, and tips on how to protect ones privacy in the digital age.

The 24 page booklet titled Digital Defenders is available in several languages. Thanks to the valuable contributions from members of the Electronic Foundation Norway (EFN) and others, it is also available in Norwegian Bokmål. If you would like to have it available in your language too, contribute via Weblate and get in touch.

But a funny, well written and good looking PDF do not have much impact, unless it is read by the right audience. To increase the chance of kids reading it, I am currently assisting EFN in getting copies printed on paper to distribute on the street and in class rooms. Print the booklet was made possible thanks to a small et of great sponsors. Thank you very much to each and every one of them! I hope to have the printed booklet ready to hand out on Tuesday, when the Norwegian Unix Users Group is organizing its yearly barbecue for geeks and free software zealots in the Oslo area. If you are nearby, feel free to come by and check out the party and the booklet.

If the booklet prove to be a success, it would be great to get more sponsoring and distribute it to every kid in the country. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Dirk Eddelbuettel: digest 0.6.20

Thursday 4th of July 2019 04:42:00 PM

This morning, digest version 0.6.20 went to CRAN, and I will send a package to Debian shortly as well.

digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, and spookyhash algorithms) permitting easy comparison of R language objects.

This version contains only internal changes with a switch to the (excellent) tinytest package. This now allows you, dear user of the package, to run tinytest::test_package("digest") at any point post-installation to reassure yourself that all standard assertions and tests are still met in your installation. No other changes were made.

CRANberries provides the usual summary of changes to the previous version.

For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Charles Plessy: Inbox zero

Thursday 4th of July 2019 12:52:28 PM

I accidentally erased all the emails in my inbox. This is very easy with mutt. I have some experience in recovering files, but last time I did, it was not so useful in the end. So please send me a reminder if you were expecting some answer from me!

Eddy Petri&#537;or: HOWTO: Rustup: Overriding the rustc compiler version just for some directory

Thursday 4th of July 2019 10:02:47 AM
If you need to use a specific version of the rustc compiler instead of the default, the rustup documentation tells you how to do that.


First install the desired version, e.g. nightly-2018-01-09

$ rustup install nightly-2018-01-09
info: syncing channel updates for 'nightly-2018-01-09-x86_64-pc-windows-msvc'
info: latest update on 2018-01-09, rust version 1.25.0-nightly (b5392f545 2018-01-08)
info: downloading component 'rustc'
info: downloading component 'rust-std'
info: downloading component 'cargo'
info: downloading component 'rust-docs'
info: installing component 'rustc'
info: installing component 'rust-std'
info: installing component 'cargo'
info: installing component 'rust-docs'

  nightly-2018-01-09-x86_64-pc-windows-msvc installed - rustc 1.25.0-nightly (b5392f545 2018-01-08)

info: checking for self-updates
Then override the default compiler with the desired one in the top directory of your choice:

$ rustup override set nightly-2018-01-09
info: using existing install for 'nightly-2018-01-09-x86_64-pc-windows-msvc'
info: override toolchain for 'C:\usr\src\rust\sbenitez-cs140e' set to 'nightly-2018-01-09-x86_64-pc-windows-msvc'

  nightly-2018-01-09-x86_64-pc-windows-msvc unchanged - rustc 1.25.0-nightly (b5392f545 2018-01-08)That's it.

Daniel Kahn Gillmor: WKD for debian.org

Thursday 4th of July 2019 04:00:00 AM
WKD for debian.org

You can now fetch the OpenPGP certificate for any Debian developer who uses an @debian.org e-mail address using Web Key Directory (WKD).

How?

With modern GnuPG, if you're interested in the OpenPGP certificate for dkg just do:

gpg --locate-keys dkg@debian.org

By default, this will show you any matching certificate that you already have in your GnuPG local keyring. But if you don't have a matching certificate already, it will fall back to using WKD.

These certificates are extracted from the debian keyring and published at https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/, as defined in the WKD spec. We intend to keep them up-to-date when ever the keyring-maint team publishes a new batch of certificates. Our tooling uses some repeated invocations of gpg to extract and build the published tree of files.

Debian is current not implementing the Web Key Directory Update Protocol (and we have no plans to do so). If you are a Debian developer and you want your OpenPGP certificate updated in WKD, please follow the normal procedures for Debian keyring maintenance like you always have.

What about other domains?

Our update here works great for e-mail addresses in the @debian.org domain, but it has no direct effect for other e-mail addresses.

However, if you have an e-mail address in a domain you control, you can publish your own WKD. If you would rather use an e-mail service in a domain managed by other people, you might also be interested in GnuPG's list of e-mail service providers that offer WKD.

Why?

The SKS keyserver network has been vulnerable to abuse for years. The recent certificate flooding attacks make fetching an OpenPGP certificate from that pool a risky operation: potentially causing a denial of service against GnuPG. In particular, anyone can flood any certificate in SKS (or other common keyservers that are not resistant to abuse).

WKD avoids the problem of certificate flooding by arbitrary third parties. It's not a guaranteed defense against flooding though: the domain controller (and whoever they authorize to update the WKD) is still capable of offering a flooded certificate via WKD. On the plus side, at least some WKD clients do aggressive filtering on certificates found via WKD, which should limit the ability of an adversary to flood a certificate in your local keyring.

Thanks

Setting this up would not have been possible without help from weasel and jcristau from the Debian System Administration team, and Noodles from the keyring-maint team.

WKD was designed and implemented by Werner Koch and the GnuPG team, in anticipation of this specific need.

Thanks to all of these people for making it possible.

What next?

There's some talk about publishing similar OpenPGP certificates in the DNS as well, using RFC 7929 (OPENPGPKEY) records, but we haven't set that up yet.

Junichi Uekawa: I practice French more recently.

Wednesday 3rd of July 2019 12:02:12 PM
I practice French more recently. I don't usually carry a laptop when I travel, which seems to be a change. I thought that would give me better focus but maybe that's not really happening.

Enrico Zini: live-wrapper fork

Wednesday 3rd of July 2019 10:26:59 AM

I might have accidentally forked live-wrapper.

I sometimes need to build Debian live iso images for work, and some time ago got into an inconvenient situation in which live-wrapper required software not available in Debian anymore, and there was no obvious replacement for it, so I forked it and tried to forward-port things and fill the gaps.

Over time this kind of grew: I ported it to python3, removed difficult dependencies, added several new features that I needed, and removed several that I didn't need.

I recently had a chance to document the result, which makes it good enough to be announced, so here it is. The README has an introduction and links to documentation, recipes and examples.

I'm not actively maintaining this except when work requires, so if there's anything extra you need for it, the best way to get it is via a merge request.

I'm not sure how much of live-wrapper is still left in the fork. If anyone starts using it, we should probably look into a new name.

Joey Hess: custom type checker errors for propellor

Tuesday 2nd of July 2019 08:53:16 PM

Since propellor is configured by writing Haskell, type errors are an important part of its interface. As more type level machinery has been added to propellor, it's become more common for type errors to refer to hard to understand constraints. And sometimes simple mistakes in a propellor config result in the type checker getting confused and spewing an error that is thousands of lines of gobbledygook.

Yesterday's release of the new type-errors library got me excited to improve propellor's type errors.

Most of the early wins came from using ghc's TypeError class, not the new library. I wanted custom type errors that were able to talk about problems with Property targets, like these:

• ensureProperty inner Property is missing support for: FreeBSD • This use of tightenTargets would widen, not narrow, adding: ArchLinux + FreeBSD • Cannot combine properties: Property FreeBSD Property HasInfo + Debian + Buntish + ArchLinux

So I wrote a type-level pretty-printer for propellor's MetaType lists. One interesting thing about it is that it rewrites types such as Targeting OSDebian back to the Debian type alias that the user expects to see.

To generate the first error message above, I used the pretty-printer like this:

(TypeError ('Text "ensureProperty inner Property is missing support for: " ':$$: PrettyPrintMetaTypes (Difference (Targets outer) (Targets inner)) ) )

Often a property constructor in propellor gets a new argument added to it. A propellor config that has not been updated to include the new argument used to result in this kind of enormous and useless error message:

• Couldn't match type ‘Propellor.Types.MetaTypes.CheckCombinable (Propellor.Types.MetaTypes.Concat (Propellor.Types.MetaTypes.NonTargets y0) (Data.Type.Bool.If (Propellor.Types.MetaTypes.Elem ('Propellor.Types.MetaTypes.Targeting 'OSDebian) (Propellor.Types.MetaTypes.Targets y0)) ('Propellor.Types.MetaTypes.Targeting 'OSDebian : Data.Type.Bool.If (Propellor.Types.MetaTypes.Elem ('Propellor.Types.MetaTypes.Targeting 'OSBuntish) -- many, many lines elided • In the first argument of ‘(&)’, namely ‘props & osDebian Unstable’

The type-errors library was a big help. It's able to detect when the type checker gets "stuck" reducing a type function, and is going to dump it all out to the user. And you can replace that with a custom type error, like this one:

• Cannot combine properties: Property <unknown> Property HasInfo + Debian + Buntish + ArchLinux + FreeBSD (Property <unknown> is often caused by applying a Property constructor to the wrong number of arguments.) • In the first argument of ‘(&)’, namely ‘props & osDebian Unstable’

Detecting when the type checker is "stuck" also let me add some custom type errors to handle cases where type inference has failed:

• ensureProperty outer Property type is not able to be inferred here. Consider adding a type annotation. • When checking the inferred type writeConfig :: forall (outer :: [Propellor.Types.MetaTypes.MetaType]) t. • Unable to infer desired Property type in this use of tightenTargets. Consider adding a type annotation.

Unfortunately, the use of TypeError caused one problem. When too many arguments are passed to a property constructor that's being combined with other properties, ghc used to give its usual error message about too many arguments, but now it gives the custom "Cannot combine properties" type error, which is not as useful.

Seems likely that's a ghc bug but I need a better test case to make progress on that front. Anyway, I decided I can live with this problem for now, to get all the other nice custom type errors.

The only other known problem with propellor's type errors is that, when there is a long list of properties being combined together, a single problem can result in a cascade of many errors. Sometimes that also causes ghc to use a lot of memory. While custom error messages don't help with this, at least the error cascade is nicer and individual messages are not as long.

Propellor 5.9.0 has all the custom type error messages discussed here. If you see a hard to understand error message when using it, get in touch and let's see if we can make it better.

This was sponsored by Jake Vosloo and Trenton Cronholm on Patreon.

Thomas Lange: Xterm fonts problems after Buster installation

Tuesday 2nd of July 2019 03:33:10 PM

I've installed a desktop with buster to see if my FAI configuration was working. When I opened a xterm window I say that the font I use looks different than on stretch. It looks not that clean and a little more bold.

I've checked if the correct fonts were used using "xterm -report-fonts" which correctly showed

xos4-terminus-medium-r-normal--16-----*-iso10646-1

I'm setting this in my ~/.Xdefaults

Xft.hintstyle: hintfull

but on Buster the hintstyle (reported by xterm -report-fonts) was now 1 instead of 3. I found out that the package fontconfig-config has a now a new debconf question:

fontconfig-config fontconfig/hinting_style

I've set this to hintfull, but still no change. Then I found a very detailed description on FreeType Subpixel Hinting and Debian bug #867657.

The solution was to also set the variable

export FREETYPE_PROPERTIES=truetype:interpreter-version=35

buster

Bits from Debian: DebConf19 Cheese and Wine Party

Tuesday 2nd of July 2019 12:30:00 PM

In less than one month we will be in Curitiba to start DebCamp and DebConf19 \o/

This C&W is the 15th official DebConf Cheese and Wine party. The first C&W was improvised in Helsinki during DebConf 5, in the so-called "French" room. Cheese and Wine parties are now a tradition for DebConf.

The event is very simple: bring good edible stuff from your country. We like cheese and wine, but we love the surprising stuff that people bring from all around the world or regions of Brazil. So, you can bring non-alcoholic drinks or a typical food that you would like to share as well. Even if you don't bring anything, feel free to participate: our priorities are our attendants and free cheese.

We have to organize for a great party. An important part is planning - We want to know what you are bringing, in order to prepare the labels and organizing other things.

So, please go to our wiki page and add what you will bring!

If you don't have time to buy before travel, we list some places where you can buy cheese and wine in Curitiba. There are more information about C&W, what you can bring, vegan cheese, Brazil customs regulations and non-alcoholic drinks at our site.

C&W will happen on July 22nd, 2019 (Monday) after 19h30min.

We are looking forward to seeing you all here!

Keith Packard: Joining-SiFive

Monday 1st of July 2019 10:12:18 PM
Joining SiFive

I've accepted and offer for a full-time position with SiFive. I'll be starting on July 15th, 2019 and will be working on free software for RISC-V-based processors, among other tasks.

I really enjoyed my time at Hewlett Packard Labs and wish all the best for my colleagues there.

Alessio Treglia: Cosmos Hub and Reproducible Builds

Monday 1st of July 2019 04:11:26 PM

Open source software allows us to build trust in a distributed, collaborative software development process, to know that the software behaves as expected and is reasonably secure. But the benefits of open source are strongest for those who directly interact with the source code. These people can use a computer which they trust to compile the source code into an operational version for themselves. Distributing binaries of open source software breaks this trust model, and reproducible builds restores it.

Tendermint Inc is taking the first steps towards a trustworthy binary distribution process. Our investment in reproducible builds makes doing binary distributions of the gaia software a possibility. We envision that the Cosmos Hub community will be our partners in building trust in this process. The governance features of the Cosmos Hub will enable a novel collaboration between Tendermint and that validator community to release only binaries that can be trusted by anyone.

Here is our game plan.

The release of the cosmoshub-3 will support our new reproducible build process. Tendermint developers will make a governance proposal with the hashes of all supported binaries. We will ask ATOM holders to reproduce the builds on computers they control and vote YES if the hashes match.

If the proposal passes, we will make the binaries available here via Github.

The benefits of reproducible builds

Gaia reproducible binaries then bring many significant advantages to developers and end users:

  • Build sanity — the guarantee that the gaia suite can always be built from sources.
  • Enable third-parties to independently verify executables to ensure that no vulnerabilities were introduced at build time.
  • Large body of independent builders can eventually come to consensus on the correct reproducible binary output and protect themselves from targeted attacks.
How to verify that gaia binaries correspond to a repository snapshot

The gaia repository comes with the required tooling to build both server and client applications deterministically. First you need to clone https://github.com/cosmos/gaia and checkout the release branch or the commit you want to produce the binaries from. For instance, if you intend to build and sign reproducible binaries for all supported platforms of gaia’s master branch, you may want to do the following:

git clone https://github.com/cosmos/gaia && cd gaia chmod +x contrib/gitian-build.sh ./contrib/gitian-build.sh -s email@example.com all

Append the -c flag to the above command if you want to upload your signature to the http://github.com/gaia/gaia.sigs repository as well.

If you want to build the binaries only without signing the build result, just type:

./contrib/gitian-build.sh all

Further information can be found here: github.com/cosmos/gaia/…/docs/reproducible-builds.md

References Credits

Co-authored with Zaki Manian

John Goerzen: Treasuring Moments

Monday 1st of July 2019 02:35:36 PM

“Treasure the moments you have. Savor them for as long as you can, for they will never come back again.”

– J. Michael Straczynski

This quote sits on a post-it note on my desk. Here are some moments of our fast-changing little girl that I’m remembering today — she’s almost 2!

Brothers & Sister

Martha loves to play with her siblings. She has names for them — Jacob is “beedoh” and Oliver is “ah-wah”. When she sees them come home, she gets a huge smile and will screech with excitement. Then she will ask them to play with her.

She loves to go down the slide with Jacob. “Beedoh sigh?” (Jacob slide) — that’s her request. He helps her up, then they go down together. She likes to swing side-by-side with Oliver. “Ahwah sing” (Oliver swing) when she wants him to get on the swing next to her. The boys enjoy teaching her new words and games.

[Video: Martha and Jacob on the slide]

Music

Martha loves music! To her, “sing” is a generic word for music. If we’re near a blue speaker, she’ll say “boo sing” (blue sing) and ask for it to play music.

But her favorite request is “daddy sing.” It doesn’t mean she wants me to sing. No, she wants me to play my xaphoon (a sax-like instrument). She’ll start jumping, clapping, and bopping her head to the music. Her favorite spot to do this is a set of soft climbing steps by the piano.

But that’s not enough — next she pulls out our hymnbooks and music books and pretends to sing along. “Wawawawawawa the end!”

If I decide to stop playing, that is most definitely not allowed. “Daddy sing!” And if I don’t comply, she gets louder and more insistent: “DADDY SING.”

[Videos: Martha singing and reading from hymn books, singing her ABCs]

Airplanes

Martha loves airplanes. She started to be able to say “airplane” — first “peen”, then “airpeen”, and now “airpane!” When we’re outside and she hears any kind of buzzing that might possibly be a plane, I’m supposed to instantly pick her up and carry her past our trees so we can look for it. “AIRPANE! AIRPANE! Ho me?” (hold me) Then when we actually see a plane, it’s “Airpane! Hi airpane!” And as it flies off, “Bye-bye airpane. Bye-bye. [sadly] Airpane all done.”

One day, Martha was trying to see airplanes, but it was cloudy. I bundled her up and we went to our local GA airport and stood in the grass watching planes. Now that was a hit! Now anytime Martha sees warehouse-type buildings, she thinks they are hangars, and begs to go to the airport. She loves to touch the airplane, climb inside it, and look at the airport beacon — even if we won’t be flying that day.

[Video: Hi big plane!]

Martha getting ready for a flight

This year, for Mother’s Day, we were going to fly to a nearby airport with a restaurant on the field. I took a photo of our family by the plane before we left. All were excited!

Mother’s Day photo Mornings

We generally don’t let Martha watch TV, but make a few exceptions for watching a few videos and looking at family pictures. Awhile back, Martha made asked to play with me while I was getting ready for the day. “Martha, I have to get dressed first. Then I’ll play with you.” “OK,” she said.

She ran off into the closet, and came back with what she could reach of my clothing – a dirty shirt, and handed it up to me to wear. I now make sure to give her the chance to bring me socks, shirts, etc. And especially shoes. She really likes to bring me shoes.

Then we go downstairs. Sometimes she sits on my lap in the office and we watch Youtube videos of owls or fish. Or sometimes we go downstairs and start watching One Six Right, a wonderful aviation documentary. She and I jabber about what we see — she can identify the beacon (“bee”), big hangar door (“bih doh”), airplanes of different colors (“yellow one”), etc. She loves to see a little Piper Cub fly over some cows, and her favorite shot is a plane that flies behind the control tower at sunset. She’ll lean over and look for it as if it’s going around a corner.

Sometimes we look at family pictures and videos. Her favorite is a video of herself in a plane, jabbering and smiling. She’ll ask to watch it again and again.

Bedtime

Part of our bedtime routine is that I read a story to Martha. For a long time, I read her The Very Hungry Caterpillar by Eric Carle. She loved that book, and one night said “geecko” for pickle. She noticed I clapped for it, and so after that she always got excited for the geeckos and would clap for them.

Lately, though, she wants the “airpane book” – Clair Bear’s First Solo. We read through that book, she looks at the airplanes that fly, and always has an eye out for the “yellow one” and “boo one” (blue plane). At the end, she requests “more pane? More pane?”

After that, I wave goodnight to her. She used to wave back, but now she says “Goodnight, daddy!” and heads on up the stairs.

Jonas Meurer: debian lts report 2019.06

Monday 1st of July 2019 12:59:09 PM
Debian LTS report for June 2019

This month I was allocated 17 hours. I also had 1.75 hours left over from May, which makes a total of 18.75 hours. I spent 16.75h of them on the following issues, which means I again carry over 2h to the next month.

Links

More in Tux Machines

Late Coverage of Confidential Computing Consortium

  • Microsoft Partners With Google, Intel, And Others To Form Data Protection Consortium

    The software maker joined Google Cloud, Intel, IBM, Alibaba, Arm, Baidu, Red Hat, Swisscom, and Tencent to establish the Confidential Computing Consortium, a group committed to providing better private data protection, promoting the use of confidential computing, and advancing open source standards among members of the technology community.

  • #OSSUMMIT: Confidential Computing Consortium Takes Shape to Enable Secure Collaboration

    At the Open Source Summit in San Diego, California on August 21, the Linux Foundation announced the formation of the Confidential Computing Consortium. Confidential computing is an approach using encrypted data that enables organizations to share and collaborate, while still maintaining privacy. Among the initial backers of the effort are Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. “The context of confidential computing is that we can actually use the data encrypted while programs are working on it,” John Gossman, distinguished engineer at Microsoft, said during a keynote presentation announcing the new effort. Initially there are three projects that are part of the Confidential Computing Consortium, with an expectation that more will be added over time. Microsoft has contributed its Open Enclave SDK, Red Hat is contributing the Enarx project for Trusted Execution Environments and Intel is contributing its Software Guard Extensions (SGX) software development kit. Lorie Wigle, general manager, platform security product management at Intel, explained that Intel has had a capability built into some of its processors called software guard which essentially provides a hardware-based capability for protecting an area of memory.

Graphics: Mesa Radeon Vulkan Driver and SPIR-V Support For OpenGL 4.6

  • Mesa Radeon Vulkan Driver Sees ~30% Performance Boost For APUs

    Mesa's RADV Radeon Vulkan driver just saw a big performance optimization land to benefit APUs like Raven Ridge and Picasso, simply systems with no dedicated video memory. The change by Feral's Alex Smith puts the uncached GTT type at a higher index than the visible vRAM type for these configurations without dedicated vRAM, namely APUs.

  • Intel Iris Gallium3D Is Close With SPIR-V Support For OpenGL 4.6

    This week saw OpenGL 4.6 support finally merged for Intel's i965 Mesa driver and will be part of the upcoming Mesa 19.2 release. Not landed yet but coming soon is the newer Intel "Iris" Gallium3D driver also seeing OpenGL 4.6 support. Iris Gallium3D has been at OpenGL 4.5 support and is quite near as well with its OpenGL 4.6 support thanks to the shared NIR support and more with the rest of the Intel open-source graphics stack. Though it's looking less likely that OpenGL 4.6 support would be back-ported to Mesa 19.2 for Iris, but we'll see.

The GPD MicroPC in 3 Minutes [Video Review]

In it I tackle the GPD MicroPC with Ubuntu MATE 19.10. I touch on the same points made in my full text review, but with the added bonus of moving images to illustrate my points, rather than words. Read more Also: WiringPi - Deprecated

today's howtos