Time, time, time

No, not the Paul Simon song that the Bangles sung, rather a lament on deadlines. I’ve an upcoming deadline on Friday for my real life work, so I’m guessing this kerberos stuff will not be finished this week. I hope to at least get some time to start on the stuff. As of right now, I have preliminary ebuilds for relocated heimdal and mit-krb5. Unfortunately, I have not been able to gut either of them of the com_err and ss libraries yet.

Can I have everyone give a round of applause for Sven for really really putting our documentation into shape. When he first took over the Gentoo Documentation Project, he had a pretty uphill battle, because our docs were in shabby shape. I think it was 1.4 where Ryan and I stayed up all night to fix up the install docs. Since then, Sven took over the GDP (see next link) and moved it to another level entirely — what with fixing up the content and syntax, co-ordinating the various translations, bringing in newer docs. It’s amazing what the Docs Team has done with all of the Gentoo documentation.

Just so we’re clear then, the priority of my todo list is thus:

  • Gut mit-krb5 and heimdal to not install common libraries
  • Double check my kerberos-config script to activate one of the kerberi
  • package mask and check in ebuilds for all three (the script will be its own ebuild)
  • revisit why mozilla won’t link against heimdal (or mit-krb5) in Gentoo — Ubuntu achieves this just fine.
  • make the newest nfs-utils be able to compile against either of the kerberi
  • look into putting shishi into portage as another optional implementation of kerberos

Now, does anyone actually use krb4 still? I’m not interested in it, because I honestly don’t see the point. Granted, I’m not nearly knowledgable enough to know why it would be useful, so I’m really curious to hear from those who do find it useful.

It’s the weekend, trying not to think of heimdal

And doing a good job of it too, I must say. I only thought of it because I had to write a Title. Anyway, this is the best quote I’ve seen this week:

When did ANYONE with a clue listen to Microsoft? “Linux costs you more money”, “Linux has more security problems” and “IE doesn’t have any security holes which we can’t fix and do the second we know about them if you have a fucking time machine!” seems to be all they can say lately.

I’m sick of Bill and his lies, who gives a fuck if he says Longhorn will stop teenage pregnancy, cure world hunger and get every geek laid within a week of buying it. He talks so much crap now (and so do most people who have spin doctors sitting up their ass all day) that we may as well go listen to the talking clock for a bit and at least get some truth even if it’s useless 10 seconds later.

Thanks for the laugh, Turn-X Alphonse

Now, from funny to slightly sad. Peter don’t get so down about Gentoo. Remember the reason you got into developing. If you forget, come talk to me, I’ll remind you. For those not in the know, Peter and I met at LWE 1 (not the first LWE ever, but the first LWE that Gentoo was ever at) in NY. There was Peter helping us all out in the booth, talking to other users, hanging out with us, and above all, being cool. And so he and I started talking a bit about him becoming a Gentoo Developer, because he was (and still is!) interested in better Gentoo/IPv6 support and integration. And so I asked him to file some bugs about it with some fixes and voila not a month later (coz Peter was delaying, not me :P) we had latexer at gentoo, previously a paragon of #gentoo netizenry.

Now Peter, you talk of a vocal minority. Here’s the thing — their bark is a lot worse than their bite. Besides which, I think in a forum where you’re trying to communicate things to people of intelligence, they will filter out the wheat from the chaff, as it were. Through all the ups and downs of Gentoo since I joined (and what you and I have both been through), I’ve learned this: ignore the detractors. Invariably, they just seem to have nothing better to do.

Not to get off on a rant of my own either, but that is seriously the case. Remember the fork? All they did was talk about how they were going to be different from Gentoo, how they were not Gentoo, how they were not Gentoo devs, how badly Gentoo did this, that or the other, and how Gentoo sucked at this, that or the other and how they wouldn’t. With all that talk, what did they actually do? I’m not dissing on those people personally, but the zynot folks had a huge talent pool, and a huge level of community support from their moment of inception. They were capable of achieving great things. They squandered their chances by not focusing on making their achievements great, and instead focusing on being NotGentoo.

Apologies to any readers who might have taken offense at any of that, but get over it, it’s the truth.

The sad truth of human nature is that if you can’t use a tool (or be bothered about learning how to use it properly), you tend to blame the tool. I think of SpankY when I conclude : the members of the vocal minority are the tools.

Releng, Easter, Forums, Kerberos

So let’s start off with this: Happy Easter to those who celebrate it.

Congrats to Chris, Benni, Tim, and everyone on the releng team for putting out the 2005.0 release. The delay was worth it for sure. Not that I’m Ryan Seacrest or anything, but this was the best liveCD ever.

Finally, after being here since 2001, someone criticises me for something. Too bad it was for just one line of posting rather than an actual, you know, mistake, but at least the smugness of some of the posts (and links) is pretty entertaining.

Now, on to business: as you know, Vapier put in the com_err stuff and put in a masked e2fsprogs to use that stuff. Finally the time has arrived to fix0r up the kerberi to take advantage of this stuff so they can, once and for all, stop stomping all over the place. I’ll be working on that during this week, so if you’re in the mood to test and possibly break stuff, stay tuned. In the meantime, by the way, prelim tests indicate that that new-fangled e2fsprogs works just fine.

Donnie, “rich” is the least of my spiffs with The Microsoft Way (TM) (C)Eternity, The Microsoft Corporation. Most of all, in my eyes, it’s their abject refusal to co-operate with anyone NotMicrosoft.

Mozilla Ate my Computer

So, the
mozilla moves
that I did (amongst others from net-www to www-client) did not go so well. At first, I forgot to update the updates file for mozilla and firefox, and then mozilla-launcher’s move caused some dep corruption for people. The remedy, if you are experiencing this after a recent sync is to rm -rf /var/cached/edb/dep/* && emerge –metadata. My humblest apologies to everyone who got bitten by this bug.

Now, shout outs to SpankY for getting com_err and libss into portage. Now we can remove the building of those from the next e2fsprogs, and fix up the kerberi (and afs apparently as well) to just DEPEND/RDEPEND on those. Yay!

Wow, people actually read this thing

So, to add to things, Robin e-mailed me saying that since vimap and c-client are both based on uw-imap, they should be tested against kerberos. And, from the
to my previous post: php and, one presumes mod_php, don’t particularly work (during configure) against heimdal.

So apparently I missed Donnie’s reply to my blog in his blog. Sorry about that, Donnie. In fact, it seems a few distros are doing the /var/lib/heimdal thing and have been doing so for a while. I’ll definitely talk with upstream about it.

Spankin’ BSD to the Kerb

So, in Kerberos update news, SpankY and vapier have agreed to break out com_err, et, and ss into a separate package. Rather than have three different packages, we decided to go with one since e2fsprogs apparently needs all 3, and the kerberi require at least 2 out of those 3 (not the same 2 either). Additionally, iFlame has been looking into removing the com_err and et stuff from the freebsd-ubin and freebsd-libs packages for the Gentoo/FBSD project. I’m currently investigating what else (apart from e2fsprogs and the kerberi) actually requires any of the three so that DEPEND and/or RDEPEND strings can be updated.

The other concern is which version of com_err to go with. I’m inclined to go with heimdal’s patched version first and see if e2fsprogs will build against that. Major major major huge shout outs to SpankY.

The list of packages so far is (collecting here before emailing this list to spanky):

MIT’s kerberos

Kickin’ it to the Kerb

So let’s talk kerberos for a second. We all know about heimdal and MIT’s reference implementation (whatever that means) and so on. In Gentoo, at the moment, the two block each other — meaning you can not have both installed at once. This causes some problems because if you have a predilection to, say, heimdal, oftentimes portage will ask you to unmerge it so that it can merge mit-krb5 as a dependency for something else. The latest example is the newest nfs-utils release. Which brings me back around to try and solve the problem of having cohabitating kerberi on your gentoo system.

The current proposal that I’ve discussed with Ryan a few weeks ago involves:

1. Since both kerberi (and probably shishi, which it not in portage yet, but I’m looking into it) install a few common files, we’d remove those to a kerberos-common package which would be a runtime dependency for all the kerberi. This package would contain also a script to switch the system’s kerberos similar to gcc-config and the like (and at this point, it’s probably better to just write up an eclectic plugin. This would solve the blocking implementations problem.

Oh listen, while we’re on the subject of heimdal, I’d really like to have /var/heimdal moved to /var/lib/heimdal, but I don’t want to break people’s setups. I believe the latter to be more FHS-correct.

2. The other problem is more of an issue related to my neuroses than anything else. To take the latest example (see nfs-utils above) — it fails to compile with heimdal. And someone else had issues compiling something against heimdal, for whom I gave a hacky fix (basically renaming the filenames being #included). So I’m thinking maybe some compatibility symlinks for both mit- and heimdal, and some other work to make packages which need kerberos be actually implementation-agnostic.

Having said all this, I’m not in any way, shape or form, kerberos proficient, so I’m definitely open to input and opinions and comments and criticisms (though I’d prefer critiques which tend to be more productive).

But wait, there’s more: at the moment, there’s collisions in the installed files between heimdal and e2fsprogs. So we’re trying to breakout comerr and et out of e2fsprogs and make that a dependency of both anyway (if I remember correctly, both kerberi need et at least).

Oh, so this is what the b-word is all about

Unlike some people I’m fine with talking like a valley girl, like sometimes. So I’m proudly posting my first ever blog entry. I’ll use this space to cover some gentoo ideas and maybe I’ll make a category of postings about non-gentoo thoughts. I’d like to make a shout out to my wife.

By the way, major shout-outs to Daniel for even getting this Planet started, and signing me up with an account so fast. Daniel rocks, as you well know and has continued to rock.