Gentoo Monthly Newsletter: October 2013

You missed us? We are back! ūüôā

gentoo-gmn-back

Introduction

So GMN is back! ūüôā As you can see, we moved away from GuideXML and moved to the 2013 era. You can also subscribe to this blog using the form on your left. If you are interested in contributing, have a look at the end of this newsletter.

Gentoo News

Gentoo at Google Summer of Code 2013

RAP

RAP is an abbreviation for “Rap Ain’t Prefix”. It is a variant of¬†Gentoo Prefix¬†that uses its own libc instead of that of the¬†host. By depending only on the Kernel, it expands the horizon of¬†Gentoo Prefix into the systems as handhold Android, multiarch¬†Debian/Ubuntu and ancient (5 years+) GNU/Linux with a libc lacking¬†crucial modern features like fortify. It eases the maintenance of¬†Prefix by being more identical to Gentoo vanilla.

Although the Prefix team has been keeping the possibility in mind and have made several unsuccessful attempts earlier, it was Ruud (redlizard) Koolen (now a Gentoo developer) who brought the first implementation into reality. Benda (heroxbd) Xu from the Prefix team joined the effort of RAP for his Gentoo on Android project under Google Summer of Code 2013, mentored by Luca (lu_zero) Barbato.

RAP specification has been tracked by a GLEP draft. The draft is endorsed by the council and will be further refined after recovery of the GLEP process.

RAP is in a usable state for end users in the two overlays initiated by redlizard and heroxbd, whose development are related closely. With the ultimate goal of offering RAP with Gentoo officially, the development in the overlays will be merged to gx86 tree. The major remaining refinements are:

  • RAP profiles to be integrated with those of prefix and default
  • RAP toolchain patches to be refined and accepted by the toolchain¬†herd and upstream

Contact the RAP developers by mailing list gentoo-alt@lists.gentoo.org or IRC #gentoo-prefix on freenode for further information.

identity.gentoo.org

Pavlos Ratis and Michal Gorny (under the mentorship of Theo Chatzimichos and the great help of Robin Johnson and Matt Summers) were both working on our upcoming identity.gentoo.org website. It is going to be our LDAP frontend, which will be connected with various Gentoo services as well (eg Overlays, Git repositories and Planet). Additionally, it will act as an OpenID provider, which will allow us to connect it to our various Gentoo websites, and use only one account for all of them.

Pavlos has been working on the LDAP part. He implemented the login, signup, attribute settings and password recovery pages, all of the above working against a clone of our production Gentoo LDAP configuration. For the future, privileged accounts through groups are planned as well. Read his final report.

Michal has been working on the OpenID provider, as well to two factor authentication. The website supports authentication with SSH, SSL certs and OTP tokens on top of the traditional username/password authentication. Read his final report.

The team gave much weight on unit and integration tests as well, having around 80% coverage so far. Acceptance tests with selenium are also planned. Also, a large number of work has been done on upstream libraries, like django-ldapdb, django-auth-ldap, even a patch in Django itself was submitted.

The plan for the near future is to finish the groups support first, and then deploy a testing instance for developers’ only. Around February of 2014 the website should be hopefully ready for production usage, although it will remain a developer-only service for quite some time.

In case you are interested in helping, the code is in Github, and you can contact the team in the mail identity@gentoo.org, or in the IRC channel #gentoo-www in Freenode.

Puppet Portage module

The Puppet Portage module provides various Gentoo related features. While it used to be tight to Portage only, Vikraman Choudhury (under the mentorship of Adrien Thebo and Theo Chatzimichos) added support for a number of other Gentoo tools, like layman, eselect, webapp-config, and additionally he did tons of bugfixing. The features are going to be released soon in version 2.1.0 in the PuppetLabs Forge.

SELinux System Administration

Sven Vermeulen, a Gentoo Hardened and Documentation developer, has made his first book publication: SELinux System Administration.

“The book first starts with the fundamentals of SELinux ‚Äď concepts you really need to grasp before diving into SELinux. Then, it goes on about switching SELinux state (disabling, permissive, granular permissive, etc.), logging, managing SELinux users and roles, handling process domains, etc.” is how Sven summarizes his book.

Do you want to know more about SELinux on Gentoo? Read the excellent wiki page.

Read more about this on his blog. ūüėČ

Gentoo Council News

The October 2013 council meeting was comparatively uneventful. Completely replacing the current Gentoo Code of Conduct with a new text did not find a majority; instead a decision about more gradual incorporation of improvements was deferred to the next meeting.

As a consequence of the decisions taken during the September 2013 council meetings, the m68k, s390, and sh profiles have in the meantime been modified to automatically accept testing/unstable keywords. Stable keywords of these arches can and will now be replaced by unstable/testing keywords in ebuilds.

In addition, the council had concluded in its September 2013 meetings that sufficient documentation on initramfs and similar early boot mechanisms is available. As a consequence a news item has been published- Gentoo Linux systems which have / and /usr on separate file systems but do not use an
initramfs will not be supported starting on 01-Nov-2013, and all users with such setups are encouraged to migrate to an initramfs.

Conferences

LinuxDays 2013 in Prague, CZ

LinuxDays is an annual Linux conference that takes place in Czech Technical University in Prague. This conference has big value for our community, as last year it was co-hosted with the Gentoo Miniconf. The conference was a big success this year, having around 500 visitors. Many presentations and workshops took place, the highlight being the 3D printer workshop. Gentoo was also there with a booth, organized by the Czech Gentoo Developers and Contributors, many of whom had presentations around various topics (Autotools, Puppet etc.).

Photos

Gentoo Developer Moves

Summary

Gentoo is made up of 247 active developers, of which 36 are currently away.
Gentoo has recruited a total of 788 developers since its inception.

Moves

The following developers have recently changed roles

Additions

The following developers have recently joined the project

Portage

This section summarizes the current state of the portage tree.

[table th=”0″]
Architectures, 44
Categories, 159
Packages, 16924
Ebuilds, 36928
[/table]

[table]
Architecture, Stable, Testing, Total, % of Packages
alpha, 3569, 534, 4103, 24.24%
amd64, 10350, 6055, 16405, 96.93%
amd64-fbsd, 4, 1562, 1566, 9.25%
arm, 2509, 1616, 4125, 24.37%
hppa, 2993, 472, 3465, 20.47%
ia64, 3108, 595, 3703, 21.88%
m68k, 524, 87, 611, 3.61%
mips, 0, 2243, 2243, 13.25%
ppc, 6832, 2399, 9231, 54.54%
ppc64, 4281, 908, 5189, 30.66%
s390, 1640, 122, 1762, 10.41%
sh, 1865, 173, 2038, 12.04%
sparc, 4073, 918, 4991, 29.49%
sparc-fbsd, 0, 326, 326, 1.93%
x86, 11132, 5153, 16285, 96.22%
x86-fbsd, 0, 3193, 3193, 18.87%
[/table]

gmn-portage-stats-2013-10

Security

The following GLSAs have been released by the Security Team
[table tablesorter=”1″ id=”glsas”]
GLSA, Package, Description, Bug
201310-21, www-apps/mediawiki, MediaWiki: Multiple vulnerabilities, 460352
201310-20, sys-power/acpid, acpid2: Privilege escalation, 434522
201310-19, net-misc/x2goserver, X2Go Server: Arbitrary code execution, 472582
201310-18, net-libs/gnutls, GnuTLS: Multiple vulnerabilities, 455560
201310-17, sys-devel/pmake, pmake: Insecure temporary file usage, 367891
201310-16, net-analyzer/tptest, TPTEST: Arbitrary code execution, 261191
201310-15, sys-devel/automake, GNU Automake: Multiple vulnerabilities, 295357
201310-14, sys-apps/groff, Groff: Multiple Vulnerabilities, 386335
201310-13, media-video/mplayer, MPlayer: Multiple vulnerabilities, 253649
201310-12, media-video/ffmpeg, FFmpeg: Multiple vulnerabilities, 285719
201310-11, dev-perl/Parallel-ForkManager, Perl Parallel-ForkManager Module: Insecure temporary file usage, 389839
201310-10, net-libs/polarssl, PolarSSL: Multiple vulnerabilities, 358783
201310-09, dev-python/setuptools, Setuptools: Man-in-the-Middle attack, 479964
201310-08, net-misc/quagga, Quagga: Multiple vulnerabilities, 408507
201310-07, media-libs/openjpeg, OpenJPEG: User-assisted execution of arbitrary code, 412895
201310-06, net-wireless/aircrack-ng, Aircrack-ng: User-assisted execution of arbitrary code, 311797
201310-05, media-libs/gegl, GEGL: User-assisted execution of arbitrary code, 442016
201310-04, www-servers/nginx, nginx: Multiple vulnerabilities, 458726
201310-03, app-text/poppler, Poppler: Multiple vulnerabilities, 263028
201310-02, net-mail/isync, isync: Man-in-the-Middle attack, 458420
201310-01, dev-perl/Module-Signature, Perl Module-Signature module: Arbitrary code execution, 472428
[/table]

Infrastructure

Sponsors

LeaseWeb provided us a new box.

Puppet

Our Cfengine to Puppet migration is still ongoing. The past month we’ve been
working on the upcoming 2.1.0 release of the Puppet Portage module (which by the way has been moved under the Gentoo Github organization). Also, there has been much effort and testing to provide Gentoo support to the
following puppet modules:

Some of our patches have already been accepted upstream, but more work is
required, and more modules will be needed to be tested or patched in order to
have decent Gentoo support. If you are interested in helping, contact Theo.

Package Removals/Additions

Removals

[table]
Package, Developer, Date
dev-games/neoengine, creffett, 03 Oct 2013
dev-games/neotools, creffett, 03 Oct 2013
dev-python/pyme, mgorny, 05 Oct 2013
net-irc/ezbounce, pacho, 12 Oct 2013
app-misc/gpsdrive, pacho, 12 Oct 2013
sys-fs/cdfs, pacho, 12 Oct 2013
virtual/python-json, pacho, 12 Oct 2013
dev-php/symfony, pacho, 12 Oct 2013
dev-vcs/bzr-svn, pacho, 12 Oct 2013
dev-tex/natbib, dilfridge, 12 Oct 2013
sys-firmware/amd-ucode, hwoarang, 21 Oct 2013
virtual/pyparsing, mgorny, 22 Oct 2013
[/table]

Additions

[table]
Package, Developer, Date
dev-libs/liblouis, teiresias, 02 Oct 2013
dev-java/felix-gogo-runtime, tomwij, 02 Oct 2013
dev-java/felix-utils, tomwij, 02 Oct 2013
dev-java/felix-shell, tomwij, 02 Oct 2013
dev-java/struts-xwork, tomwij, 02 Oct 2013
dev-java/struts-core, tomwij, 02 Oct 2013
dev-java/struts-plugins, tomwij, 02 Oct 2013
dev-lang/execline, williamh, 02 Oct 2013
sys-apps/s6, williamh, 02 Oct 2013
dev-python/xmltodict, radhermit, 04 Oct 2013
x11-libs/xcb-util-cursor, chithanh, 04 Oct 2013
dev-libs/clens, ulm, 04 Oct 2013
app-crypt/tc-play, alonbl, 05 Oct 2013
dev-python/pygal, yngwin, 06 Oct 2013
dev-python/pyptlib, blueness, 06 Oct 2013
x11-libs/libXaw3dXft, hasufell, 06 Oct 2013
media-gfx/xpaint, hasufell, 06 Oct 2013
dev-ruby/activerecord-deprecated_finders, graaff, 07 Oct 2013
dev-ruby/sprockets-rails, graaff, 07 Oct 2013
app-admin/r10k, vikraman, 07 Oct 2013
dev-java/j2ssh, ercpe, 08 Oct 2013
dev-java/junrar, ercpe, 08 Oct 2013
dev-python/simplegui, hasufell, 08 Oct 2013
dev-ruby/protected_attributes, graaff, 09 Oct 2013
dev-python/json-tools, radhermit, 10 Oct 2013
dev-util/xxdi, hasufell, 11 Oct 2013
dev-java/unkrig-nullanalysis, ercpe, 11 Oct 2013
dev-java/janino, ercpe, 11 Oct 2013
kde-base/ktnef, johu, 11 Oct 2013
media-libs/waffle, mattst88, 12 Oct 2013
dev-java/testng, tomwij, 12 Oct 2013
dev-libs/libevdev, chithanh, 13 Oct 2013
dev-libs/go-fuse, zerochaos, 21 Oct 2013
sys-fs/go-mtpfs, zerochaos, 21 Oct 2013
app-arch/lziprecover, polynomial-c, 21 Oct 2013
dev-ruby/tokyocabinet, a3li, 21 Oct 2013
app-backup/bareos, mschiff, 21 Oct 2013
dev-python/dogpile-core, prometheanfire, 22 Oct 2013
dev-python/dogpile-cache, prometheanfire, 22 Oct 2013
dev-libs/qcodeedit, jlec, 22 Oct 2013
dev-python/lesscpy, prometheanfire, 23 Oct 2013
dev-python/python-ceilometerclient, prometheanfire, 23 Oct 2013
dev-python/python-troveclient, prometheanfire, 23 Oct 2013
dev-java/glassfish-xmlrpc-api, tomwij, 23 Oct 2013
dev-java/glassfish-ejb-api, tomwij, 23 Oct 2013
dev-java/spring-instrument, tomwij, 23 Oct 2013
java-virtuals/xmlrpc-api, tomwij, 23 Oct 2013
java-virtuals/ejb-api, tomwij, 23 Oct 2013
dev-java/glassfish-interceptor-api, tomwij, 23 Oct 2013
java-virtuals/interceptor-api, tomwij, 23 Oct 2013
dev-java/jdbc2-stdext, tomwij, 24 Oct 2013
dev-java/hibernate-annotations, tomwij, 24 Oct 2013
dev-ruby/jquery-ui-rails, graaff, 25 Oct 2013
media-fonts/hermit, yngwin, 25 Oct 2013
media-libs/libmygpo-qt, yngwin, 26 Oct 2013
net-firewall/shorewall-init, constanze, 26 Oct 2013
sys-apps/lmctfy, patrick, 27 Oct 2013
dev-libs/hidapi, blueness, 27 Oct 2013
net-libs/libkpeople, johu, 29 Oct 2013
app-misc/conmux, hwoarang, 29 Oct 2013
net-libs/libqinfinity, johu, 29 Oct 2013
kde-misc/kte-collaborative, johu, 29 Oct 2013
net-misc/livestreamer, hwoarang, 30 Oct 2013

[/table]

Bugzilla

The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.

Activity

The following tables and charts summarize the activity on Bugzilla between 30 September 2013 and 31 October 2013. Not fixed means bugs that were resolved as NEEDINFO, WONTFIX, CANTFIX, INVALID or UPSTREAM.gmn-activity-2013-10 [table]
Bug Activity, Number
New, 1731
Closed, 1010
Not fixed, 214
Duplicates, 169
Total, 5094
Blocker, 4
Critical, 15

Major, 67
[/table]

Closed bug ranking

The developers and teams who have closed the most bugs during this period are as follows.

gmn-closed-2013-10

[table]

Rank, Team/Developer, Bug Count

1, Gentoo Security, 114
2, Gentoo KDE team, 42
3, Gentoo’s Team for Core System packages, 36
4, Gentoo Linux Gnome Desktop Team, 34
5, Default Assignee for Orphaned Packages, 27
6, Python Gentoo Team, 25
7, Qt Bug Alias, 18
8, Gentoo Prefix, 18
9, Tom Wijsman (TomWij), 17
10, Others, 678
[/table]

Assigned bug ranking

The developers and teams who have been assigned the most bugs during this period are as follows.

gmn-opened-2013-10

[table]
Rank, Team/Developer/, Bug Count
1, Gentoo Linux bug wranglers, 131
2, Gentoo Security, 76
3, Python Gentoo Team, 68
4, Gentoo’s Team for Core System packages, 61
5, Gentoo KDE team, 59
6, Gentoo Linux Gnome Desktop Team, 52
7, Portage team, 43
8, Gentoo X packagers, 38
9, Gentoo Toolchain Maintainers, 32
10, Others, 1170
[/table]

Tips of the Month

Did you know you can switch the locale of your Gentoo box using the locale eselect module?

Get a package’s metadata using one of the following commands

  • equery meta package
  • epkginfo app-misc/package
  • cat ${PORTDIR}/app-misc/package/metadata.xml

Send us your favorite Gentoo script or tip at gmn@gentoo.org

Getting Involved?

Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to gmn@gentoo.org.