This month in GMN:
- 1 Gentoo News
- 2 Gentoo Developer Moves
- 3 Portage
- 4 Security
- 5 Package Removals/Additions
- 6 Bugzilla
- 7 Tips of the month
- 8 Getting Involved?
- 9 Comments or Suggestions?
Interview with Patrick McLean (chutzpah)
(by David Abbott)
1. Hi Patrick o/ tell us about yourself?
I am currently a Gentoo Engineer (yes, that is my actual job title) at Gaikai. Before this job I was a Systems Administrator at the McGill Centre for Intelligent Machines, in Montreal, Quebec, Canada.
When I am not coding or packaging I like to watch television, read sci-fi and fantasy, cycle, occasionally go on hikes. When I can I love downhill skiing, but it’s a little harder in California than it was in Quebec.
2. How did you get involved with Linux and Open Source, and what was the path that lead to you to Gentoo?
I started using Linux at the end of 1996. Originally I switched to Linux because with the slow Internet connections of the times, web pages would take a long time to load. I would often open dozens of windows so I could be reading on site while others were loading. After a certain number of open browsers, Windows 95 would start to bog down then just crash, while when I did the same thing on Linux it would just happily chug along.
Around 2001, when Gnome 2 came out, I wanted to try out, and I don’t like installing software outside of the package manager, so I attempted to get the rpms from the rawhide repository. This experience made me decide to look for a different distro, and I ended up liking Gentoo the most.
3. What aspects of Gentoo do you feel the developers and maintainers have got right?
The ebuild is a great source-based package format, it has it’s drawbacks but it is far superior to the other formats I have looked at. I also like that Gentoo treats configurability as an important feature. The frequent use of /etc/foo.d and the scriptability of many parts of the system is great.
I also like some of the more recent work that has gone in to not breaking systems, preserved-rebuild and (despite some overuse) subslots fix many of the annoyances we had in the old days.
I am also a big fan of what is now OpenRC, ever since I first started using Gentoo, I have thought that this is a huge improvement over the alternatives.
4. What is it about Gentoo you would like to see improved?
I think that portage itself is getting very crufty, and the code base is not very nice to work with. I am sure just about everyone reading this would agree that dependency resolution is way too slow at the moment (especially with subslots). Sometimes it generates error messages that are horribly verbose with no indication of how to fix them. I have seen those errors make people leave Gentoo, this is especially bad when the things it’s generating errors about are relatively harmless.
There are also other problems with how portage stores the information about installed packages on the disk, and binary packages in their current form just suck, and are pretty useless.
5. What resources have you found most helpful when troubleshooting within Gentoo and Linux in general?
For doing research into problems, google of course is very useful. For tracking down problems strace is probably the one tool I find the most useful. Of course also digging into the source is probably the single best way to figure out what is actually going on.
6. What are some of the projects within Gentoo that you enjoy contributing to?
I mostly do ebuild work at the moment, python is one area that I contribute the most to. I would like to get more in to package manager work, and I want to start helping more with OpenRC, but finding time is frequently a problem.
7. What is your programming background?
I taught myself to program on GW-BASIC for DOS, it was in no way a modern or even remotely modern language. I moved on to QBASIC a bit later on. Once I got to post high school I started learning Java, C, C++, but my first programming job was Visual Basic, it was an internship that turned in to a summer job. During this time frame I also taught myself shell scripting.
Later (around 2008) I taught myself python when a friend and I were trying to start a business.
8. For someone new to Python what tips could you give them to get a good foundation?
There are lots of good tutorials out there, I personally used Dive in to Python and found it quite useful. I also found that when I learned more about how Python is implemented, it improved my abilities quite a bit. If you truly understand that in Python everything is a dictionary, and the implications of that then it helps quite a bit in debugging the root cause of problems and write better code.
9. Tell us about pkgcore, its features and future?
Pkgcore is an alternative implementation of the PMS. It’s basically an alternative to portage. It has always had the eventual goal of becoming the default package manager on Gentoo, replacing portage. It’s currently orders of magnitude faster than portage. It’s code base is much cleaner, though a little hard to understand at first thanks to it’s use of libsnakeoil for performance optimization. Currently Tim Harder (radhermit) is working on getting all the recent portage feature implemented, it mostly supports EAPI 5 in the git repo now.
Hopefully it can attract more developers and eventually become a truly viable portage replacement, so we can get rid of the cruft that has built up in the portage source over the years.
10. Which open source programs would you like to see developed?
That’s a hard question to answer. I think the biggest one is I would love to see an open source firmware for BMC controllers. These are the extra small computers included in servers that allow things such as remote console and the ability to remotely manage servers. Currently the ecosystem is full of half-assed implementations done by hardware companies, many of which are rife with security holes. There is no standard for remote console, so they all use buggy and horrible java applets to implement this. I would love to see a standard open source suite that motherboard developer all use, with native remote console clients for major OSes.
11. What would be your dream job?
Well I have long wanted a job as a kernel developer, but have never had the time to really dedicate to get to the point where someone would hire me. My current job is a close second. I work with Gentoo every day at work, often writing new ebuilds an fixing bugs in existing ebuilds as part of my day-to-day duties at work.
My day-to-day duties involve ebuild development and debugging. I also do a lot of automation of things like installing new systems, and was the lead developer on our in-house answer to configuration management. I get to do a lot of cool stuff with Gentoo and I get to get paid for it.
12. Need any help?
Yes, we are currently hiring lots of positions, all working with Gentoo. We are really looking for ebuild developers of all kinds, especially if you are comfortable with Java ebuilds (not mandatory, but it would be nice). We are also looking for anyone who is familiar with Gentoo to help with work in Release Engineering and Site Reliability Engineering. We currently have offices in Southern California, USA and Berlin, Germany.
If you are interested in getting paid to work with Gentoo, please drop me a line.
13. With your skills you would be welcome in any project, why did you chose Gentoo?
It had been my distro of choice for many years, and I just ended maintaining a local overlay with many bug fixes and miscellaneous things, so I decided to become a developer to share my work with everyone else.
14. What can we do to get more people involved as Gentoo developers?
That’s a hard question to answer, at the moment probably the best way would be to get back the “hot” and “cool” factors. These days Gentoo is sort of a “background” distro that has been around for ages, has loads of users but new people don’t get excited about anymore, kind of like Debian.
I think we also need to reduce developer burnout, I get the impression that once some people become developers, they feel that they have to fix every bug in the tree. This leads to them being really productive devs for a few months, then leaving when they get burned out and quit.
15. What users would you like to see recruited to become Gentoo developers?
It would be nice to recruit some of the proxy maintainers to contribute to more packages. I don’t have anyone specific in mind at this moment.
16. As a Gentoo developer what are some of your accomplishments?
When I first started, I was on the amd64 bandwagon very early, so I ended up doing the 64-bit ports for a pretty large number of packges. More recently I maintain ebuilds for some particularly tricky packages such as Ganeti, which is a mixture of Python and Haskell code.
17. Same question but work related.
Well, it’s probably a combination of two things.
Creating Gentoo profiles to auto generate dozens of different server image types, and building solid base Gentoo install for those servers.
Also building a fully automated Gentoo installation system that can partition disks, set up RAID, LVM and other parameters based on a JSON definition. Also a configuration file generation system that makes up the basis of our configuration management system.
18. What are the specs of your personal and work boxes?
My home box is a 6-core Core-i7 970 with 24GB of RAM, a GeForce 770, a 256GB SSD, 2 500GB spinning disks and a 1TB spinning disk. I have a 24” monitor and a 22”.
My workstation at work is a 8-core Opteron with 16GB of RAM. I have 2 32” monitors hooked up to it. We also have some pretty beefy servers for building Gentoo images.
19. Describe your home network.
Nothing that exciting, I have a Netgear WNDR3800 running OpenWRT, and a gigabit switch. Connected to that I have a Synology NAS, a smart TV that I never use the smart features of, a media streaming box, a Blu-Ray, a PS4 (I work for Sony) and a couple of computers.
20. What de/wm do you use now and what did you use in the past?
I currently use XFCE, I used to use Gnome 2, tried out Gnome 3 for 2 days, decided that it isn’t for me so created a huge package.mask to mask it. I stuck with that for several months, then decided I should switch to something else. I tried out Cinnamon for a bit, played with E17, considered Mate but then settled on XFCE.
21. What gives you the most enjoyment within the Gentoo community?
In general developers get along pretty well, this is more true on IRC than on the mailing lists. Also, at conferences there is a strong feeling of community among the Gentoo developers who are attending the conference.
22. How did you get the nick (chutzpah)?
It’s kind of a silly story. Way back when I first started hanging out online (early 90s) I needed a nick. I ended up choosing the name of a particularly challenging Ski Trail at the Sunday River ski resort in Maine. I have been using the name ever since.
This month’s big issue was to compile a preliminary list of features that could go into the next EAPI. It probably does not make sense to go into all the technical details here; you can find the accepted items in the meeting summaries [1,2,3] or on a separate wiki page . One user-visible change will be that from EAPI=6 on every ebuild should accept user patches from /etc/portage/patches , as many do already today. Another one will be that(given an implementation in Portage is ready in time) a new type of use-flags will be introduced that can be used to, e.g., only pull in run-time dependencies; toggling such a useflag does not require a rebuild of the package.
In addition, some of us prepared a proposal to make it in the end easier for developers to host semi-official services within the gentoo.org domain . This still needs work and is definitely not something the council can do on its own, but the general idea was given clear support.
The nomination process is complete, and voting is now open. This year’s candidates are blueness, dberkholz, dilfridge, jlec, patrick, pinkbyte, radhermit, rich0, ryao,TomWij, ulm, williamh, and zerochaos. Additionally, almost every developer was nominated for the council. Elections will be open until 2359 UTC on July 14, and results should be posted around July 16. We’ve already had around 30 people vote, but there are 200 more developers who can vote. Get out there and vote!
Featured New Project: Hardened Musl
(by Anthony G. Basile)
The hardened musl project aims to build and maintain full stage3 tarballs for amd64, arm, mips and i686 architectures using musl as a its C standard library rather than glibc. The “hardened” aspect means that we will also make use of toolchain hardening features so that the resulting userland executables and libraries are more resistant to exploit, although we also provide a “vanilla” flavor without any hardening. In every respect, these stages will be like regular Gentoo stages, except glibc will be replaced by musl.
musl, like uClibc, is ideal for embedded systems although both can be used for servers and desktops. Embedded systems generally have three needs beyond regular systems: 1) They need to have a small footprint both on their storage device and in RAM. 2) They need speed for real time applications. 3) And in some situations, they need their executables to be statically linked. A typical embedded system has has a minimally configured busybox for some needed utilities as well as whatever service the image is to provide, eg. some httpd service. The stages we are producing are not really embedded stages because they don’t use busybox to provide some minimal set of utilities; rather, they use the full set of utilities provided by coreutils, util-linux and friends. This makes these stages ideal as development platforms for building custom embedded images  or expanded into a server or desktop system.
However, be warned! If you try to build a full desktop system, you will hit breakage since musl adheres closely to standards while many packages do not. We are working on getting patches  for as a full XFCE4 desktop as we did for uClibc . On the other hand, I’ve had lots of success building servers and routers from those stages without any extra patching.
 An example of the hardened uClibc stages being used this way is “Real Time And Tiny” (aka RAT) Gentoo.
 These patches are house on the musl branch of the hardened dev overlay.
 As a subproject of the Hardened uClibc project, maintain a full XFCE4 desktop based on uClibc, affectionately named “Lilblue” after the Little Blue Penguin, a smaller relative of the Gentoo.
Gentoo Developer Moves
Gentoo is made up of 237 active developers, of which 35 are currently away.
Gentoo has recruited a total of 799 developers since its inception.
The following developers have recently changed roles:
None this month
The following developers have recently joined the project:
- Alex Brandt (announcement)
The following developers recently left the Gentoo project:
None this month
This section summarizes the current state of the portage tree.
|Architecture||Stable||Testing||Total||% of Packages|
|201406-36||net-nds/openldap||OpenLDAP: Multiple vulnerabilities||290345|
|201406-35||net-im/openfire||Openfire: Multiple vulnerabilities||266129|
|201406-34||kde-base/kdelibs||KDE Libraries: Multiple vulnerabilities||358025|
|201406-33||net-analyzer/wireshark||Wireshark: Multiple vulnerabilities||503792|
|201406-32||dev-java/icedtea-bin||IcedTea JDK: Multiple vulnerabilities||312297|
|201406-31||kde-base/konqueror||Konqueror: Multiple vulnerabilities||438452|
|201406-30||app-admin/sudo||sudo: Privilege escalation||503586|
|201406-29||net-misc/spice-gtk||spice-gtk: Privilege escalation||435694|
|201406-28||media-video/libav||Libav: Multiple vulnerabilities||439052|
|201406-27||None||polkit Spice-Gtk systemd HPLIP libvirt: Privilege escalation||484486|
|201406-26||dev-python/django||Django: Multiple vulnerabilities||508514|
|201406-25||net-misc/asterisk||Asterisk: Multiple vulnerabilities||513102|
|201406-24||net-dns/dnsmasq||Dnsmasq: Denial of Service||436894|
|201406-23||app-admin/denyhosts||DenyHosts: Denial of Service||495130|
|201406-22||media-libs/nas||Network Audio System: Multiple vulnerabilities||484480|
|201406-21||net-misc/curl||cURL: Multiple vulnerabilities||505864|
|201406-20||www-servers/nginx||nginx: Arbitrary code execution||505018|
|201406-19||dev-libs/nss||Mozilla Network Security Service: Multiple vulnerabilities||455558|
|201406-18||x11-terms/rxvt-unicode||rxvt-unicode: User-assisted execution of arbitrary code||509174|
|201406-17||www-plugins/adobe-flash||Adobe Flash Player: Multiple vulnerabilities||512888|
|201406-16||net-print/cups-filters||cups-filters: Multiple vulnerabilities||504474|
|201406-15||kde-misc/kdirstat||KDirStat: Arbitrary command execution||504994|
|201406-14||www-client/opera||Opera: Multiple vulnerabilities||442044|
|201406-13||net-misc/memcached||memcached: Multiple vulnerabilities||279386|
|201406-12||net-dialup/freeradius||FreeRADIUS: Arbitrary code execution||501754|
|201406-11||x11-libs/libXfont||libXfont: Multiple vulnerabilities||510250|
|201406-10||www-servers/lighttpd||lighttpd: Multiple vulnerabilities||392581|
|201406-09||net-libs/gnutls||GnuTLS: Multiple vulnerabilities||501282|
|201406-08||www-plugins/adobe-flash||Adobe Flash Player: Multiple vulnerabilities||510278|
|201406-07||net-analyzer/echoping||Echoping: Buffer Overflow Vulnerabilities||349569|
|201406-06||media-sound/mumble||Mumble: Multiple vulnerabilities||500486|
|201406-05||mail-client/mutt||Mutt: Arbitrary code execution||504462|
|201406-04||dev-util/systemtap||SystemTap: Denial of Service||405345|
|201406-03||net-analyzer/fail2ban||Fail2ban: Multiple vulnerabilities||364883|
|201406-02||app-arch/libarchive||libarchive: Multiple vulnerabilities||366687|
|201406-01||None||D-Bus GLib: Privilege escalation||436028|
|dev-python/python-gnutls||mrueg||02 Jun 2014|
|dev-ruby/fastthread||mrueg||07 Jun 2014|
|dev-perl/perl-PBS||zlogene||11 Jun 2014|
|games-strategy/openxcom||mr_bones_||14 Jun 2014|
|media-plugins/vdr-noepgmenu||hd_brummy||15 Jun 2014|
|net-mail/fetchyahoo||eras||16 Jun 2014|
|app-emacs/redo||ulm||17 Jun 2014|
|games-emulation/boycott-advance-sdl||ulm||17 Jun 2014|
|games-emulation/neopocott||ulm||17 Jun 2014|
|dev-ruby/sshkit||graaff||01 Jun 2014|
|media-gfx/plantuml||pva||02 Jun 2014|
|dev-python/sphinxcontrib-plantuml||pva||02 Jun 2014|
|dev-util/kdevelop-qmake||zx2c4||02 Jun 2014|
|x11-misc/easystroke||jer||04 Jun 2014|
|dev-python/docopt||jlec||04 Jun 2014|
|dev-python/funcsigs||jlec||04 Jun 2014|
|virtual/funcsigs||jlec||04 Jun 2014|
|dev-python/common||jlec||04 Jun 2014|
|dev-python/tabulate||jlec||04 Jun 2014|
|app-admin/ngxtop||jlec||04 Jun 2014|
|dev-python/natsort||idella4||05 Jun 2014|
|dev-libs/liblinear||jer||05 Jun 2014|
|net-analyzer/arp-scan||jer||06 Jun 2014|
|www-servers/mongoose||zmedico||06 Jun 2014|
|dev-ruby/spring||graaff||06 Jun 2014|
|dev-ruby/wikicloth||mrueg||06 Jun 2014|
|net-analyzer/ipgen||jer||07 Jun 2014|
|sec-policy/selinux-dropbox||swift||07 Jun 2014|
|dev-python/jingo||idella4||08 Jun 2014|
|dev-python/click||rafaelmartins||08 Jun 2014|
|dev-python/Coffin||idella4||08 Jun 2014|
|dev-python/sphinx_rtd_theme||bicatali||09 Jun 2014|
|dev-ruby/netrc||graaff||09 Jun 2014|
|dev-ruby/delayer||naota||11 Jun 2014|
|www-client/qtweb||jer||11 Jun 2014|
|dev-python/pyoembed||rafaelmartins||12 Jun 2014|
|www-apps/blohg-tumblelog||rafaelmartins||12 Jun 2014|
|dev-python/jaraco-utils||patrick||12 Jun 2014|
|dev-python/more-itertools||patrick||12 Jun 2014|
|dev-libs/libserialport||vapier||12 Jun 2014|
|dev-python/pretty-yaml||chutzpah||12 Jun 2014|
|net-libs/phodav||dev-zero||13 Jun 2014|
|dev-python/django-haystack||idella4||14 Jun 2014|
|sci-libs/libsigrok||vapier||14 Jun 2014|
|sci-libs/libsigrokdecode||vapier||14 Jun 2014|
|sci-electronics/sigrok-cli||vapier||14 Jun 2014|
|sys-firmware/sigrok-firmware-fx2lafw||vapier||14 Jun 2014|
|sci-electronics/pulseview||vapier||14 Jun 2014|
|dev-ruby/hashr||mrueg||14 Jun 2014|
|games-strategy/openxcom||maksbotan||14 Jun 2014|
|games-engines/openxcom||mr_bones_||14 Jun 2014|
|net-analyzer/icinga2||prometheanfire||15 Jun 2014|
|dev-python/pyxenstore||robbat2||15 Jun 2014|
|sys-cluster/ampi||jauhien||16 Jun 2014|
|dev-python/pyjwt||idella4||17 Jun 2014|
|app-emulation/openstack-guest-agents-unix||robbat2||22 Jun 2014|
|dev-python/plyr||idella4||22 Jun 2014|
|app-misc/relevation||radhermit||22 Jun 2014|
|media-sound/lyvi||idella4||22 Jun 2014|
|app-emulation/xe-guest-utilities||robbat2||23 Jun 2014|
|net-misc/yandex-disk||pinkbyte||24 Jun 2014|
|sec-policy/selinux-resolvconf||swift||25 Jun 2014|
|dev-python/json-rpc||chutzpah||26 Jun 2014|
|app-backup/cyphertite||grknight||26 Jun 2014|
|dev-python/jdcal||idella4||26 Jun 2014|
|net-libs/libcrafter||jer||26 Jun 2014|
|net-analyzer/tracebox||jer||26 Jun 2014|
|dev-python/python-catcher||jlec||27 Jun 2014|
|dev-python/python-exconsole||jlec||27 Jun 2014|
|dev-python/reconfigure||jlec||27 Jun 2014|
|sys-block/sas2ircu||robbat2||27 Jun 2014|
|sys-block/sas3ircu||robbat2||27 Jun 2014|
|dev-ruby/psych||mrueg||27 Jun 2014|
The Gentoo community uses Bugzilla to record and track bugs, notifications, suggestions and other interactions with the development team.
Closed bug ranking
The following table outlines the teams and developers with the most bugs resolved during this period
|2||Gentoo Linux Gnome Desktop Team||54|
|3||Python Gentoo Team||39|
|4||Gentoo KDE team||33|
|6||Gentoo Ruby Team||20|
|7||Default Assignee for Orphaned Packages||20|
|9||Julian Ospald (hasufell)||17|
Assigned bug ranking
The developers and teams who have been assigned the most bugs during this period are as follows.
|2||Gentoo Linux Gnome Desktop Team||91|
|3||Gentoo Linux bug wranglers||91|
|4||Python Gentoo Team||70|
|6||Gentoo KDE team||50|
|8||Default Assignee for Orphaned Packages||49|
|9||Gentoo's Team for Core System packages||35|
Tips of the month
(by Sven Vermeulen)
Quick one-time patching of packages
If you want to patch a package once (for instance to test a patch provided through bugzilla), just start building the package, but when the following is shown, interrupt it (Ctrl-Z):
>>> Source prepared.
Then go to the builddir (like /var/tmp/portage/net-misc/tor-0.2.4.22/work/tor-0.2.4.22) and apply the patch. Then continue the build (with “fg” command).
Verify integrity of installed software
If you don’t want the full-fledged features of tools like AIDE, you can use qcheck to verify this for installed packages:
~# qcheck -e vim-core
Checking app-editors/vim-core-7.4.273 ...
* 1783 out of 1784 files are good
Send us your favorite Gentoo script or tip at email@example.com
Interested in helping out? The GMN relies on volunteers and members of the community for content every month. If you are interested in writing for the GMN or thinking of another way to contribute, please send an e-mail to firstname.lastname@example.org.
Comments or Suggestions?
Please head over to this forum post.