08 Nov 2011

feedPlanet Gentoo

Tomáš Chvátal: libreoffice progress towards 3.5

Lets start with something slightly different

Tomorow there will be 3.4.4 release.

This is the last 3.4 release with upstream love. There also will be 3.4.5 after 3.5.0 release, but it is for 2012, nothing shiny will happen in this year for that branch.

Now for all awesome candies in master

I worked on nsplugin building with system libraries (xulrunner/firefox/npapi-sdk) which worked great, so now it is enabled by default and built against the system headers (note that the nsplugin was build by default even before and the useflag was quite bogus in gentoo).

The mozilla switch that many of you can see there is used for mozab and ldap backend stuff. It sadly requires INTERNAL mozilla to actually work, so I disabled it in Gentoo for now (both moz stuff and ldap) as it does not work. I am being quite skeptic about fixing it for 3.5.0 as freeze is comming around 5th Dec if my memory serves well.

The only issue I still didn't fix is that SampleICC bundling which is quite hard to do due to patches/magic done there in DMAKE…

Yet again completely unrelated ending section

Seems like I really enjoy to jump from one topic to another…
Anyway I did add really cool game to main tree which I think you should try out.
The package is games-strategy/openxcom which is opensource implementation of UFO: Enemy Unknown (first X-Com based game). It is still alpha quality as some research is not possible, manufactures are being done, ufopedia is not working, but you already can try out shooting ufos and doing missions.
The slightly problematic part is that the game does not provide the data files so you need the orginal game. Other than that it is pretty awesome it works on linux natively instead of requiring dosbox. (So far coolest stuff is that cheating is really simple by editing rulesets in the saved game :P [pistol that decimates whole building is pretty cool :P])

08 Nov 2011 9:44pm GMT

07 Nov 2011

feedPlanet Gentoo

Mike Pagano: Gentoo users with RAID10 running Linux kernel 3.1.0 please read

Attention Gentoo RAID10 users running Linux kernel 3.1.0.

There is a serious bug introduced in the 3.1.0 code. The Gentoo Kernel Team advises any of our RAID10 users running 3.1.0 (vanilla or gentoo-sources) to patch their kernel or immediately upgrade to gentoo-sources-3.1.0-r1 which includes the upstream patch to correct the issue.

Upstream considers this a "serious flaw".

From the original patch submission on LKML:

"Anyone running RAID10 with 3.1 is advised to either apply this patch or revert an earlier kernel as soon as possible. In the mean time, remove any hot spares from an RAID10 array."

From the patch:

"It would normally be possible to recover the data, but that would need care and is not guaranteed."

Summary: RAID10 3.1.0 kernel users, please upgrade to gentoo-sources-3.1.0-r1 or patch your kernel manually.

07 Nov 2011 7:04pm GMT

06 Nov 2011

feedPlanet Gentoo

Andreas K. Hüttel: Gentoo KDE stabilization and the KDE overlay

Here's two small news items that may be worth your attention.
First of all, we (as the Gentoo KDE team) have to decided to change our stabilization target from 4.7.2 to 4.7.3 - the main reason being that there have been many stability improvements e.g. in KDEPIM. This also means that for now the stabilization process is on hold, since version 4.7.3 needs some time to "ripen on the tree". Anyway, feel free to grab the stabilization list from bug 388279 and try it out. Most likely the list will still be updated a few times for minor fixes.
Second, if you are using the Gentoo KDE overlay, it has now been migrated to so-called thin manifests. This makes using git way easier for us committers. You as a user will however need sys-apps/portage from ~arch, because the current stable version does not support the new Manifest file format yet. This may sound like a dangerous requirement, but actually most the devs use testing portage and do not encounter any big problems. I'm running sys-apps/portage- here and all is fine.

06 Nov 2011 2:56pm GMT

05 Nov 2011

feedPlanet Gentoo

Diego E. Pettenò: Apache and multiple technologies

I have said before that for what concerns my paid job, I'm accepting the compromise of paying for closed-source software when there isn't a clear, decent alternative for it in the Free/Open Source world. I don't like, nor I go proud of this, but that's just the way it is. It is for the best in most cases, as a lot of my work is FLOSS-based so I end up using those tools to create new, better software for all to use.

One of this tools - or to be honest the only one nowadays - is Visual Paradigm for UML which I use to work thoroughly on the abstract designs before actually starting to write code, which is a godsend when a paying customer leaves you the time to. I'm also of the idea that if I spend more time on designing the code, the end result is actually more convenient for the customer, as expanding that in a later future becomes much easier.

But I digress… let's go back to Visual Paradigm as a software rather than as a tool. Its license system works in a way that is a bit uncommon for most non-professional users: you can either have a license for the single installation, or you can buy a (slightly more expensive) "floating license". This latter method allows you to have as many installation of the software as you want, just as long as only one (or actually only "as many licenses as you own") is started at once. It's not bad at all, especially for those like me who have multiple boxes, standing or portable, throughout the home and office. For it to work, though, it requires a so-called "licensing server".

When I bought my first license for VP, said licensing server was a standalone application (you find it in my overlay by the way); that you simply had to start, and it listened to a given port-IP combination and provided the keys for the application through HTTP. Later on, the developer replaced the standalone licensing server with a more sophisticated server, which is the "Visual Paradigm Server" framework, with a module for licensing (and a different one fork the TeamWork software). Like everything in the suite, it's written in Java, of course, and this latter is a JSP webapp, which they distribute both standalone or in a webapp packaging so you can actually set it up on Tomcat.

For a long time I kept said application running on my home box, since at worst, I would have missed this on the go with the laptop, but I almost never use that for design anyway. Right now, though, I work much more out of office, and as I said before I have a bit of spare time now and then to work on things. Plus, I have a helper right now and I have to give her access to the design documents, to show the customers. All this considered, I needed access to said server on the public IPv4 network, so I decided to move it to my IOS server.

First problem: the system is Hardened and I like building everything for Hardened if I can. Turns out that the IcedTea ebuild requires a huge chunk of Xorg to build, including GTK+, and CUPS as well.. not exactly what I'd like to have on an headless server. The other alternative is of course to install icedtea-bin, but.. it stinks. Let's go on with that though. Install the package, build Tomcat and mod_jk, and install on the server.

Second problem: there really isn't a clear documentation on how you're supposed to deploy a JSP application. Most of the documentation either points you to the Tomcat's automatic deployment tools, or to a complete reference of each possible XML configuration elements that is supported. The end result is a long night of mix and matching tutorials and blog posts with an end result that looked satisfying.. until someone let me know this afternoon that my blog was reporting as the VP Server - somehow the default vhost was configured by mod_jk … I moved the configuration options later in the processing (some still at global scope, some down to the vhost scope), and it returned to normal.

All this considered, I'm thinking of replacing my current setup, where Apache runs both Passenger and mod_jk, with a reverse-proxy based one, with, respectively, lighttpd and Tomcat running in LXC guests and handling the dynamic part of the code. At that point the "frontend" Apache would only have to take care of serving static content, filtering requests (with ModSecurity) as well as handling rewriting (which was my first reason to move from lighttpd to Apache in the first place).

This would also solve me the problem I've been having trying to set up mod_perl so that I could run RT for my customers… when I did try to set it up, Apache decided to segfault on me. The same exact binpkg works fine on xine's bugzilla - the only difference between the two setups is that my host had Passenger loaded. I'm almost sure that's the problem. Considering that a few of my customers have shown interests in the possibility to set up Wordpress, and the fact that I need to host a customer's custom Rails app… I start to think using containers would be a good idea, even if I know that this also means increasing the attack surface as I'm adding more software to the system.

I just wish I could find the time to work on this in the short term, it's unlikely though.

05 Nov 2011 6:57pm GMT

04 Nov 2011

feedPlanet Gentoo

Olivier Crête: GUPnP 0.18 (and GSSDP 0.12) harmful to VoIP calls

Due to unintentional behavior breakage in the newest versions of GUPnP and GSSDP, the UPnP NAT traversal in all VoIP applications that use Farsight2 is currently broken. This includes Empathy, Pidgin, aMSN, etc. I advise distributors to just stay with the older GUPnP 0.16 (and GSSDP 0.10) releases until this is sorted out. For those who care, the details are on bugzilla.

04 Nov 2011 11:58pm GMT

Paweł Hajdan, Jr.: x86 testers wanted: tuxonice-sources and freeipmi

We have at least two bugs that need more testing reports on x86:

bug #373491 - Stabilize =sys-kernel/tuxonice-sources-2.6.38-r1
bug #364485 - sys-libs/freeipmi-0.8.9 de-keywording request

If you're using those packages please comment on the mentioned bugs what are your testing results (both positive and negative; without positive report we don't really know whether anyone has tested those).

By the way, feel free to just do the same (test and report) from time to time with x86 bugs.

If you have an amd64 system, please do the same with amd64 bugs.

It's really worth your effort. If the updates have annoying bugs, it's better to defer stabilization until they're fixed rather than annoying many stable users. Similarly, if the updates work for you, it's better if we can just release them sooner and start working on other packages.

04 Nov 2011 12:49pm GMT

01 Nov 2011

feedPlanet Gentoo

Diego E. Pettenò: Random quality

RFC 1149.5 specifies 4 as the standard IEEE-vetted random number.

xkcd's Random Number comic © Randall Munroe

We all know that random numbers might not be very random unless you are very careful. Indeed, as the (now old) Debian OpenSSL debacle, a not-enough-random random number generator can be a huge breach in your defences. The other problem is that if you want really random numbers you need a big pool of entropy otherwise code requiring a huge chunk of random bytes would stall until enough data is available.

Luckily there are a number of ways to deal with this; one is to use the EntropyKey while other involves either internal sources of entropy (which is what timer_entropyd and haveged do), or external ones (audio_entropyd, but a number of custom circuitry and software exist as well). These fill in the entropy pool, hopefully at a higher rate than it is depleted, providing random data that is still of high quality (there are other options such as prngd, but as far as I can tell those are slightly worse in term of quality).

So, the other day I was speaking with Jaervosz, who's also an EntropyKey user, and we were reflecting on whether, if there is not enough entropy during crypto operations, the process would stall or cause the generation to be less secure. In most cases, this shouldn't be a problem: any half-decent crypto software will make sure not to process pseudo-random numbers (this is why OpenSSL key generation tells you to move your mouse or something).

What we ended up wondering about, was how much software uses /dev/urandom (that re-uses the entropy when it's starving) rather than /dev/random (which blocks on entropy starvation). Turns out there are quite a few. For instance on my systems, I know that Samba uses /dev/urandom, and so does netatalk - neither of which make me very happy.

A few ebuilds allow you to choose which one you want to use through the (enabled-by-default) urandom USE flag… but these I noted above aren't among those. I suppose, one thing we could be doing would be going over a few ebuilds and see if we can make it configurable which one to use.. for those of us who make sure to have a stable source of entropy, this change should be a very good way to be safe.

Are you wondering if any of your mission-critical services are using /dev/urandom ? Try this:

# fuser -v /dev/{,u}random
                     USER        PID ACCESS COMMAND
/dev/random:         root      12527 F.... ekey-egd-linux
/dev/urandom:        root      10129 f.... smbd
                     root      10141 f.... smbd
                     root      10166 f.... afpd
                     flame     12356 f.... afpd

Also, if you want to make sure that any given service is started only after the entropy services, you can simply make it depend on the virtual service entropy (provided by haveged, or ekeyd if set to kernel output, or ekey-egd-linux if set to EGD output). A quick way to do so without having to edit the init script yourself, is to add the following line to /etc/conf.d/$SERVICENAME:


01 Nov 2011 11:47am GMT

29 Oct 2011

feedPlanet Gentoo

Andreas K. Hüttel: Preparing another Gentoo KDE stable upgrade: KDE 4.7.2

With the blessing of the Gentoo KDE team, I have recently filed the request for stabilization of KDE 4.7.2, which means Gentoo stable users will see the upgrade sometime in the coming weeks, after the testing and the resulting bugfixing has completed.
In general the upgrade from 4.6.5 to 4.7.2 should be easy and bring quite some advantages; we're really happy with most of KDE 4.7.2 here. In particular also many quirks of the graphics acceleration have been ironed out.
However, there is one Big Thing happening with the upgrade: While the stable version of the KDE PIM applications (kontact, kmail, korganizer, ...) so far was still, we will try to stabilize KDE PIM 4.7.2 now. (Not my idea.) This is a major upgrade with potential for major breakage, especially since many people think that KDE PIM 4.7.2 has not even reached beta quality yet.
Why are we doing this, you may ask? Well, the big problem is, the upstream KDE PIM developers consider version obsolete and unsupported. The first regression has appeared (see Gentoo bug 382411 and KDE bug 279432), and we expect there will be more in the future. We will keep KDE PIM in Gentoo and try to support it as long as we can, but then we're not familiar with the code and cannot do too much on our own if things start to break.
Anyway. If you're brave and want to help us testing, please grab the list attached to the stable request, place it on your Gentoo system into /etc/portage/package.keywords, and upgrade your system.

We're looking forward to hearing about your experiences, and if you encounter problems, please file bugs on our Gentoo bugzilla!

29 Oct 2011 10:46pm GMT

Andreas K. Hüttel: Towards Calligra 2.4

I've just committed the ebuild for Calligra 2.4 beta 3, i.e. in Gentoo app-office/calligra-2.3.83, to the portage tree. If all goes well this is going to be the last beta version before Calligra 2.4, the first release of the fork (or should I better say, successor) of KOffice. So, get your penguins compiling and give it a try, for a last big round of bugfixing!

29 Oct 2011 5:57pm GMT

26 Oct 2011

feedPlanet Gentoo

Sune Kloppenborg Jeppesen: Bumped b2evolution and piwik

For those interested I just pushed latest Piwik 1.6 and B2evolution 4.1.1 ebuilds to my portage overlay at github.

Original post blogged on b2evolution.

26 Oct 2011 1:23pm GMT

25 Oct 2011

feedPlanet Gentoo

Josh Saddler: ardour3

i wrote an ebuild for ardour 3 and added it to my overlay. it's a live ebuild for the latest SVN, so there are a few warnings:

1. ardour3 is is still in alpha status. things may not work.

2. upstream hates the thought of distributors packaging ardour to begin with (even though gentoo ebuilds just fetch and compile the source), but they especially do not want to see the alphas and betas officially packaged. this is an unofficial ebuild, in an unofficial overlay. so please, don't even think that this will make it into portage until ardour3 has had a stable release. i don't maintain the official versions in portage, anyway.

3. upstream requests that you do not bug them about problems building ardour, running it, etc. do not hit their forums asking for help. instead, if you need to troubleshoot issues or offer patches and workarounds, visit #ardour on irc.freenode.net, or visit their mailing lists. this same warning is repeated in my ebuild, just to make sure you know that you're agreeing to play by these rules while you try out ardour.

4. a much friendlier community of folks willing to help can be found at #opensourcemusicians on irc.freenode.net. many of 'em have been using ardour3 for awhile, and are familiar with the latest code diffs and how things work compared to ardour2.

5. as with any ebuild in any overlay, if you have issues, first contact the maintainer of the overlay (me), rather than risk wasting anyone else's time. that being said, i've been making music with ardour3 for almost a month now, and aside from UI quirks, find it pretty stable. support for linux VSTs is definitely a plus, as is the inclusion of basic MIDI sequencing.

if you want to try it out, you know where to find it.

25 Oct 2011 8:40am GMT

24 Oct 2011

feedPlanet Gentoo

Jeremy Olexa: Tip: “Intelligent” bugzilla mail threading in GMail using procmail

(Preface: Target audience for this post is Gentoo Devs + GMail WebUI users, however, anyone that forwards bugmail to GMail and has procmail between them could also use this.)

I find it annoying that the GMail web interface chooses to thread messages based on subject name alone, this creates two threads for every new bug report sent to you from bugzilla. Sadly, we can't control the threading that Google tells us is "the only way" (subject based threading or email header based threading, which bugzilla does correctly). If you want to follow the rabbit trail that I went on regarding this subject, I won't stop you…

Or you can use procmail to rewrite the subject, that is, remove "New: " from the first email:

# Remove "New: " from the subject so threading in gmail works
SUBJ_=`formail -xSubject: | expand | tr -d '\n' | sed -e 's/^[ ]*//g' -e 's/New: //'`
* ^From: bugzilla-daemon@gentoo.org
    :0 fwh
    | formail -i"Subject: ${SUBJ_}"

Tangentially related that may be useful, is this rule that kills duplicate messages when you report a bug and are assigned the same bug (or in CC). The bugzilla software has no way of knowing what email aliases you may be in.

# Kill duplicate messages. If I am the reporter *and* the bug is assigned to a
# team I am in, delete the mail to me directly
* ^To: username@gentoo.org
* ^From: bugzilla-daemon@gentoo.org
* ^X-Bugzilla-Reporter: username@gentoo.org
* ^X-Bugzilla-(Assigned-To|CC):.*(team1|team2)@gentoo.org

I like the GMail WebUI. I use it. Please don't suggest that I should use other clients, I already know that other clients can handle the threading fine.

24 Oct 2011 3:29pm GMT

Domen Kožar: Products.TinyMCE 1.3 beta 1 release



Detailed changelog is long, (if you are interested) read following.


  • tinymce version upgrade 3.2.7 (2009) to 3.4.3 (2011)
  • IE9 support (implicitly fixed by previous line)
  • Dexterity support
  • Plone 3 and 4 compatible
  • rewritten Image and Link plugins (now named as plonebrowser) with jQuery
  • configurable shortcuts in browser plugin
  • GS migration
  • JavaScript compressor
  • KSS is gone
  • tested on opera/chrome/firefox/IE7/IE8/IE9
  • split tinymce project to a fork of github.com/tinymce/tinymce/

Known issues

  • editing existing link on image does not recognize current link
  • few IE7 design glitches

If this work is helpful to you, please contribute to my trip to PloneConf2011

24 Oct 2011 9:10am GMT

23 Oct 2011

feedPlanet Gentoo

Hans de Graaff: Rubinius now available in Gentoo as the 5th ruby implementation

After a hiatus of more than 2 years Rubinius is back with Gentoo. Rubinius 1.2.4 got added this weeked as dev-lang/rubinius, making it the 5th ruby provider natively supported in Gentoo. If you want to install your ruby packages (also) for Rubinius you should add "rbx" to RUBY_TARGETS in /etc/make.conf. That will ensure that all packages that have been marked as ready for rubinius will be installed for it.

Right now that list is quite small still, but this should improve over time. If you would like to see a package marked for Rubinius (or another missing ruby implementation), then please open a bug for it. Please add the output of a successful build with both FEATURES=test and USE=doc to verify that everything works as expected.

Thanks to the people participating in bug 334177 for testing, initial ebuilds, and support.

23 Oct 2011 1:31pm GMT

Sven Vermeulen: SELinux’ 2011/07 releases now stable

A few minutes ago, I stabilized both the 2.20110726 policies as well as the SELinux userspace utilities that were stable (upstream) on 20110727. With the change, I also updated the Gentoo SELinux Handbook with the changes I presented on our gentoo-hardened mailinglist. After some time, I'll remove the now obsoleted older policies and userspace utilities to keep the tree in a sane state.

There are a few policy packages whose stabilized version isn't the latest (cfr earlier post), those are due within the proper designated period (about 1 month).

23 Oct 2011 1:07pm GMT

Doug Goldstein: app-emulation/qemu-kvm and binary blobs

Users of qemu-kvm may have noticed that as of 0.15.1 it has a new dependency on sys-apps/seabios from the Coreboot project. Previously we used the pre-built versions that shipped with qemu-kvm, however this version is typically out of date and has recently caused problems for some users. Ubuntu and Fedora have switched to not using the pre-built versions and building their own versions of all the binary blobs recently as well so for Gentoo we'll do the same. The issue however is that some of these can only be built with a x86 toolchain so we will have to come up with a solution for ppc. Any suggestions are welcome.

Tagged: KVM qemu-kvm Gentoo

23 Oct 2011 12:09am GMT