This month in GMN:
- 1 Gentoo News
- 2 Gentoo Developer Moves
- 3 Portage
- 4 Security
- 5 Infrastructure
- 6 Package Removals/Additions
- 7 Bugzilla
- 8 Tips of the Month
- 9 Getting Involved?
Interview with Richard Freeman, a Gentoo developer, Council and Trustees member
(by David Abbott)
To get us started, can you give us a little background information about yourself?
I guess I’m a bit of an oddball (which might be why I settled on Gentoo). I’ve been programming since elementary school but ended up studying Biochemistry. Then I ended up building a career in the pharmaceutical industry doing a little bit of both. Other interests include aviation, photography, and the cello.
How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?
My first introduction to Linux was a book I picked up in the early 90s that contained a Slackware CD. I remember running it with a UMSDOS root and a /usr symlinked to the CD (ah, those days of yore when systems worked fine without /usr). However, I didn’t really have room for a second OS on my 120MB hard drive so it wasn’t until the late 90s that I started using Linux seriously. I messed around with Mandrake but it was Mandrake’s “single network firewall” appliance that really was my first serious box – it sat on my network and would dial up and share a PPP connection on-demand.
It was probably inevitable that I’d end up running Gentoo, but one of the drivers was the ability to download and apply security patches in revbumps without having to re-download the original source tarball over my 56k modem. I use open source anywhere I can because even if there are more bumps in the road I at least feel like I’m in control and able to do something about it. I’ve had to re-image Tivos when things go wrong, and I’ve debugged numerous MythTV issues, and I’ll take the latter at any time. Gentoo really is just the next logical step, a distro that gives users the highest level of control possible short of rolling your own.
What aspects of Gentoo do you feel the developers and maintainers have got right?
For all the storms on the lists, I think we have a LOT of things right. First, just the quality of our developers is VERY high. Second, we really do foster innovation – I think a lot of really interesting stuff gets done in Gentoo and that is pretty impressive considering just how small we are compared to the commercially-backed distros. I like that developers are free to scratch their own itches, fork projects, compete, etc.
What is it about Gentoo you would like to see improved?
I think our developer quality can actually be a double-edged sword – I think many potential contributors may feel like they’re not up to our standards. I think that any contributor with a good attitude has something to offer the community. What matters most isn’t just technical skill, but the ability to consistently make positive contributions while avoiding negative ones. Even if those contributions are small they add up.
As far as improvements go, one thing I’d really like to see improved is better dependency documentation. I’ve seen this theme come up in a few ways over the last few months. Just recently we’ve had a thread about capturing versions in dependency atoms even when all in-tree versions are adequate, because this improves the upgrade path and makes the experience better for overlay users. Another thread I’ve seen has been about better understanding boot-time requirements under various configurations – that is really a dependency documentation issue of a different nature. I’ve stated in the past that I’d like to see @system dependencies documented explicitly as well. In all of these cases the challenge is the additional workload of capturing all those dependencies, and in some of these cases automation might help us out. The advantage in all cases is that better documentation will allow us to better resolve dependencies, whether that is in correctly updating old systems, updating @system packages in parallel, or correctly building initramfs or populating /usr (as you prefer).
What are some of the projects within Gentoo that you enjoy contributing to?
Oh, a bit of this, a bit of that. Many of the packages I maintain have been scratching an itch. I do contribute to the amd64 arch team, when ago leaves a bug open for longer than 15 minutes. Since that doesn’t happen often I help take care of MythTV and I’ve been trying to help Robin with the git migration here and there.
For people that have never used MythTV please give me an overview.
MythTV is an open source DVR, designed in the era when people still obtained video from broadcast TV or cable. I’m still in that boat myself. It is a very robust client/server system that is VERY scalable (in theory you could probably run a hotel off of it), and clients are available for X11, Windows, Web, and Android (I’m sure there are others as well).
Describe some of the challenges in maintaining MythTV.
For a while I struggled because my diskless front-end was not running Gentoo. MythTV only supports running with all clients and servers running the same build (not every commit breaks this, but in practice you need to be very close), and every distro does releases of the fixes branch on a different schedule. After a hardware upgrade I was able to get my front-end running Gentoo reliably which made it much easier to maintain the package as I could update everything at once (on a side note – one of these days I’ll have to figure out why OpenRC doesn’t shut down correctly on my NFS-root PXE-boot front-end). I’ve been able to release patches to MythTV monthly now, and we’re finally stable on amd64 (if anybody wants to test on x86 just let me know).
What are some of the other packages you are maintaining?
Not all that many, actually. The Android SDK is one of the more popular ones I’m sure.
I understand you did a presentation at you local LUG, what did you do to prepare?
I’ve actually done a few over the years, one of which was an intro to Gentoo. The Ubuntu users there realize I’m a lost cause, though they started taking me more seriously once Unity came along. For those who aren’t aware Gentoo actually has a page full of presentations from various venues – I borrowed a bit of that to start out, and my presentation is listed there and licensed CC.
What were some of the questions you were asked?
ESR (who I’m ashamed I didn’t recognize at the moment) asked me what the point of Gentoo was – why not just run Debian or whatever? My feeling has always been that Gentoo is the best starting point for anybody who wants to do something unusual with Linux, or who wants a lot more control over how their system behaves. Gentoo isn’t one of those “just works” distros – however, when “just works” just doesn’t work the way you need it to, Gentoo is probably the best option out there. If I were building an embedded device (say to measure latency / buffer-bloat using GPS references) I’d probably strongly consider it as well.
What is your programming background?
Very little of my programming education is formal, but I’ve been writing software ever since my father let me play with a Tektronix 4051. I have to admit that I don’t usually have the patience to sit down and build out full-featured applications from scratch. However, I do enjoy problem-solving using software – especially when I can integrate existing software, or build a solution up from modules that can stand on their own. I think it is really the design/algorithms that interest me more than the implementation.
Which open source programs would you like to see developed?
I think that “the cloud” really is the future for software, and this is an area where open source is greatly lacking (on the application front, not the infrastructure front). I can probably find 300 FOSS MUAs if I look hard enough, but if I want to run them from a browser there are only two decent ones I am aware of and neither really is at the level of something like GMail, KMail, or Thunderbird. I’m typing this response in Google docs, and the closest thing to that in the FOSS world is Etherpad – clearly not in the same realm. There is no FOSS alternative to my Google account for me to point my Android phone at. The FOSS world just needs to catch up here, and I think that part of the challenge is that licenses like the Affero GPL are not popular.
What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?
Chroots and VMs are really good tools (if a bit slow) when you’re trying to figure out whether you’ve shot yourself in the foot – just grab a stage3 and emerge your package. I’m running git on /etc which is useful for backtracking, and I’ve recently started running snapper which is great for all kinds of problems (assuming you run btrfs). I have clonezilla and a Gentoo installer ready to serve via PXE which is very convenient. Something I need to get working again is a rescue kernel for when I get the odd panic (though these are less common these days – I suspect this is because I’m no longer using a certain driver or ext4+lvm+mdadm) – it was useful when it was working but for whatever reason my wiki instructions no longer seem to work.
What would be your dream job?
I was once asked this in an interview and I said “a different job every year.” I got the job, and six months later the interviewer moved to a different job. I’m actually fairly conservative personality-wise so the uncertainty of moving around or consulting puts me off, but the reality is that I thrive when confronted with solving problems in completely new domains. I love to learn, so any arrangement where I can learn something new and somebody else can benefit from my outsider’s perspective and skills is a good one. That is a hard sell in today’s culture where we try to hire out-of-the-box employees to deploy out-of-the-box software, but for the most part I find ways to make it work where I’m at.
What can users do to improve Gentoo?
Contribute! If you’re happy with Gentoo and you feel like you know how to make it work for you, chances are you have what it takes to help make it better. You could become a developer, a proxy-maintainer, contribute patches, etc. You can even run an overlay if you’re really turned off by dealing with the rest of us, but there are many of us interested in making it easier to contribute. If you want to contribute, there is certainly a way to make it work out for everybody.
How can we get users and developers working more closely?
I think respect goes a LONG way to making this work. We need to respect every contributor, whether they’re developers or staff or users. People contribute in many ways as well – whether they’re helping out new members of the community on #gentoo or in the forums, or adding features to portage. Sure, making it easier to submit patches, find packages, and test packages would certainly make things better. However, I think what really makes both developers and users want to leave the community is when they aren’t treated with respect.
You are currently helping with the git migration for the portage tree, whats left?
At this point I think the back-end is the biggest area that needs work (accepting pushed commits and getting them into the mirrors and everything that needs to happen in-between). However, before this can really be considered done I think we need to have a better understanding of just how we’re going to use git. There are many ways of using the tool, and I think many of us just assume we know how it will work for Gentoo without us all actually being on the same page. Perhaps we should put together a wiki page listing possible workflows where we can debate their merits.
Tell us about the Gentoo Foundation and your time as a trustee.
The Foundation is really important to Gentoo, even if for the most part it just keeps the lights on. Without it we lose our legal standing to protect our name and work, and operate as a single legal organization for our many sponsors to work with. In my time as a trustee I was privy to all the donations that come in and it really is amazing to see how many people care about Gentoo.
I enjoyed working with my fellow Trustees for my term, and I do plan to continue contributing to the functioning of the Foundation.
What needs to be improved, changed, fixed?
I’d love to see the Foundation have a more active role in improving Gentoo. We actually have a fair amount of money in our rainy day fund, though pressures with some of our sponsors are forcing us to dip into that a bit more heavily than we’ve had to in the past. I think a challenge here is how to do this while preserving the community that we have. Many FOSS communities have suffered when previously volunteer work became compensated.
You’re currently a member of the Gentoo council, tell us about that.
Well, it is probably worth mentioning that Gentoo is a small community – anybody who wants to speak up can actually have a pretty strong influence on our direction without needing any kind of formal title. I think for the most part the Council works best when it takes the role of moving the debate forward – recognizing the direction the community wants to move in and nudging the distro along. I really wanted to see more movement in the Council this year and I think we’re already well on our way. However, I fully recognize that the Linux world is facing a number of controversies so we need to still be careful. If half the distro thinks we’re too slow and the other half thinks we’re crazy radicals then perhaps we’re doing our job correctly.
Looks like the council finally got the shed painted. What are some of the decisions recently made and what still needs to be worked out?
Well, we basically spent the better part of a month getting through a single agenda, so we’ve been fairly busy. Probably the thing most on everybody’s minds is /usr, systemd, and all the other stuff that has generally been causing an uproar in the Linux community. Quite a bit there still needs to be worked out, but I think that really the direction the Council is trying to set is that we can’t just pretend that all this stuff isn’t happening.
Sometimes no action is better than too much, how can that be council keep it balanced?
Well, there’s the rub. Not many (including myself) are really eager to go making major changes (such as a /usr move, or other wide-reaching changes). I’d like developers to seriously consider that the way Gentoo does things today probably isn’t the best way they can be done. That said, I’d really like to see us move towards something and not simply away from something. I think disruptive change makes the most sense when it is towards an end everybody can at least appreciate (even if they don’t necessarily agree).
Where do you see Gentoo 5 years from now?
I think we’ll be providing better support for an even greater variety of configurations, including full support for both systemd and openrc (or something like it), prefix (and RAP), and hardened.
Can you describe your personal desktop setup (WM/DE)?
I run KDE. I’ve always preferred KDE, though in the early days of KDE4 I ended up switching to Xfce. Since then I’ve gotten more RAM and KDE has tended to demand less of it so I’m once again happy with it. That said, I don’t tend to rely on the “DE” aspects of KDE that much, but it is nice to be able to use a “fish://” URI when the need arises.
What are the specs of your current boxes?
I don’t tend to spend a lot on hardware, and I haven’t bought a vendor-built PC since Y2K (though I’m happily typing this on a Cr-48 that Google graciously sent to me after only light begging – that is based on Gentoo at least). My main box is a Phenom II X4 965 with 8GB RAM (I’m sometimes tempted to bump that up a bit). I also run Gentoo on my mythtv front-end, and that an Atom-330 based diskless system with 2GB of RAM and an NVidia ION.
Describe your home network
Nothing too exciting here. I actually am using my FIOS router as a router because I’m too lazy to bug them to enable the ethernet port on my ONT or bridge it. I run DNS/DHCP off of my Gentoo box, and have a DD-WRT-based router running WiFi. Most of the network is Gigabit and wired (one of these days I’ll run raceway to make it look nice, though little of it is in places you’d notice it).
What gives you the most enjoyment within the Open Source community?
I’ll refer back to the “ideal job” question. I really enjoy a little bit of everything – I enjoy being able to scratch my itches and contribute back a little here and there when I’m able to. I enjoy working with others who are of a like mind (if only we could all get together once in a while!). I like knowing that I’ve contributed things that have made the lives of others better while enjoying the fruits of their labor as well.
Uh, you’re not tired of listening to me already? Trust me – if there is something I think needs saying, it will make its way onto the lists. I think I spent too many days as a kid admiring how quickly my father could type on those 4051s…
Gentoo as a development environment for newcomers
(by Rohit Mukherjee)
Gentoo Linux is rumoured to be a difficult beast when it comes to initial installation. However,
after you have Gentoo installed, here is why you can never switch to any other Linux distribution:
Although the Gentoo installation takes much longer than other distros, the entire process teaches you an incredible amount of how linux operating systems are structured right down to the kernel. Other distributions cannot provide the amount of flexibility Gentoo does in terms of picking exactly which elements you want inside your system (daemons, services, loggers).
While installing Gentoo you pick the version that is suited to your microprocessor architecture whether x86, PowerPC, Sparc 64Bit or even ARM. This provides the basis for a system optimized for your hardware. Since you compile the Gentoo kernel, you get the freedom to pick what you want such as which filesystem types/drivers to include and this results in a much leaner kernel, customized to your needs!
Superior Package Management
Gentoo’s package manager, Portage is considered to be one of Gentoo’s biggest strengths. It was inspired by FreeBSD’s ports and deals with source directly. Although it is fairly complicated to get started with, it speeds up the process of package management considerably after users get familiar with it. According to the Gentoo Linux documentation, “Portage is completely written in Python and Bash and therefore fully visible to the users as both are scripting languages.” This makes the source package management extremely transparent to the user. Portage allows users to conveniently install packages in a manner that is system specific. For example, a binary package manager will install a package with support for different GNOME versions and KDE. Portage allows users to install in a much leaner, faster manner with only support for the desktop they are using. Installing packages is a dream with the emerge script. Slotting is another killer package management feature on Gentoo. Users can install multiple versions of the same package simultaneously. The portage tree is a collection of ebuilds, which essentially contain all information required for management of software packages. Ebuilds declare a particular SLOT for their version and Ebuilds with different slots can coexist on a system. This allows users to have multiple versions installed simultaneously in different SLOTS.
Gentoo is extremely well documented and has a very active user community. Reading the Gentoo Linux Handbook is a must for any user who wants to get started with the distribution.
Having used Ubuntu and Red Hat, Gentoo feels a lot faster on the my PC. Running my developer tools such as Eclipse, Maven and a Tomcat server is extremely smooth and hiccupfree. A benchmarking exercise conducted by LinuxMag for Gentoo and Ubuntu showed that Gentoo was a lot lighter on system resources than Ubuntu and faster as well in operations such as video encoding.
Being new to Gentoo, these are just some of the reasons I have started loving Gentoo, only with greater mastery can one understand some of the more subtle features and functionality Gentoo provides.
Gentoo Council News
In its 12/Nov meeting, the council decided to disband the current QA team due to inactivity (but not its subprojects such as e.g. treecleaners or PMS). This was a consequence of several failed attempts behind the scenes to revive QA activity. For a transition period, until a new team is formed and elects its lead, the council formally takes over the position of QA team lead. A call for new QA team members was made and several developers responded. What remains is to decide if and how GLEP48, which defines the procedures around QA, should be improved. In particular one question is whether the QA lead should be elected by the QA team members but require confirmation by the council. Right now no staffing decisions have been made yet; this will be done at latest after the next regular council meeting and the decision on GLEP48. A week later, 19/Nov, several detail agenda topics were handled. This includes the removal of several old and abandoned projects from our webpages, and a preliminary approval of robbat2’s gnupg key policies for commit signing.Finally the rules concerning long-pending stabilization requests were further modified. Summarizing, if an arch does not respond and there is no obvious reason for not stabilizing, the package maintainer may now also remove the last keyworded version of a package for that arch after a waiting time.
Gentoo Developer Moves
Gentoo is made up of 248 active developers, of which 36 are currently away.
Gentoo has recruited a total of 789 developers since its inception.
The following developers have recently changed roles
- Stephen Klimaszewski joined the ARM team.
- Richard Farina joined the ARM team.
- Steve Arnold joined the ADA team.
- David Abbott joined the GMN team.
The following developers have recently joined the project:
This section summarizes the current state of the portage tree.
|Architecture||Stable||Testing||Total||% of Packages|
|201311-22||app-text/namazu||Namazu: Multiple vulnerabilities||391259|
|201311-21||app-arch/cpio||cpio: Arbitrary code execution||314663|
|201311-20||kde-base/okular||Okular: Arbitrary code execution||334469|
|201311-19||app-shells/rssh||rssh: Access restriction bypass||415255|
|201311-18||net-dns/unbound||Unbound: Denial of Service||395287|
|201311-17||dev-lang/perl||Perl: Multiple vulnerabilities||249629|
|201311-16||sys-process/fcron||fcron: Information disclosure||308075|
|201311-15||net-analyzer/zabbix||Zabbix: Multiple vulnerabilities||312875|
|201311-14||dev-qt/qtcore||QtCore: Multiple vulnerabilities||361401|
|201311-14||dev-qt/qtgui||QtGui: Multiple vulnerabilities||361401|
|201311-13||net-misc/openvpn||OpenVPN: Multiple vulnerabilities||293894|
|201311-12||net-p2p/opendchub||Open DC Hub: Arbitrary code execution||314551|
|201311-11||net-p2p/ctorrent||CTorrent: User-assisted arbitrary code execution||266953|
|201311-10||media-gfx/graphicsmagick||GraphicsMagick: Multiple vulnerabilities||365769|
|201311-09||net-dialup/freeradius||FreeRADIUS: Multiple vulnerabilities||339389|
|201311-08||media-libs/netpbm||Netpbm: User-assisted arbitrary code execution||308025|
|201311-07||media-gfx/blender||Blender: Multiple vulnerabilities||219008|
|201311-06||dev-libs/libxml2||libxml2: Multiple vulnerabilities||434344|
|201311-05||media-gfx/gimp||GIMP: Multiple vulnerabilities||434580|
|201311-04||sys-process/vixie-cron||Vixie cron: Denial of Service||308055|
|201311-03||net-irc/quassel||Quassel: Multiple Vulnerabilities||338879|
|201311-02||dev-db/phpmyadmin||phpMyAdmin: Multiple vulnerabilities||465420|
|201311-01||games-emulation/mednafen||Mednafen: Arbitrary code execution||326141|
recruiting.gentoo.org went also under total rewrite. The website has been developed mainly by Isaiah Peng, with the help of Joachim Bartosik who is the author of the previous version. It’s still under testing, the Recruiters Team will let us know when it will be official with a new announcement.
Portage module v2.1.0 has been released! It has been a while since the previous version was released, thus it provides many new bugfixes and features. It also includes all the GSoC code. For detailed information see the Changelog.
|x11-themes/qtcurve-qt4||yngwin||04 Nov 2013|
|net-im/python-otr||hanno||09 Nov 2013|
|dev-games/gigi||tomka||10 Nov 2013|
|games-strategy/seven-kingdoms-data||pinkbyte||10 Nov 2013|
|www-plugins/mozplugger||axs||11 Nov 2013|
|dev-python/pytrailer||sochotnicky||19 Nov 2013|
|media-video/pyqtrailer||sochotnicky||19 Nov 2013|
|sci-libs/mccp4||jlec||20 Nov 2013|
|sci-biology/allpaths||jlec||20 Nov 2013|
|dev-ruby/amstd||graaff||24 Nov 2013|
|dev-ruby/markaby||graaff||24 Nov 2013|
|dev-ruby/pdf-writer||graaff||24 Nov 2013|
|dev-ruby/semacode||graaff||24 Nov 2013|
|dev-tcltk/tcl-debug||jlec||24 Nov 2013|
The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.
The following tables and charts summarize the activity on Bugzilla between 29 October 2013 and 28 November 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.
Closed bug ranking
The developers and teams who have closed the most bugs during this period are as follows.
|2||Gentoo KDE team||31|
|3||Gentoo's Team for Core System packages||24|
|4||Gentoo Science Related Packages||19|
|7||Julian Ospald (hasufell)||16|
|8||Python Gentoo Team||15|
|9||Gentoo Toolchain Maintainers||14|
Assigned bug ranking
The developers and teams who have been assigned the most bugs during this period are as follows.
|1||Gentoo Linux bug wranglers||92|
|2||Perl Devs @ Gentoo||81|
|4||Gentoo's Team for Core System packages||44|
|5||Gentoo KDE team||43|
|8||Gentoo X packagers||34|
|9||Gentoo Linux Gnome Desktop Team||34|
Tips of the Month
Did you know emerge accepts filenames as arguments?
emerge -1av /usr/bin/vim
will rebuild the app-editors/vim package.
Send us your favorite Gentoo script or tip at email@example.com
Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to firstname.lastname@example.org.