Gentoo Weekly Newsletter: April 28th, 2003
Proposed changes to how ebuilds are managed
The explosive growth of Gentoo Linux has brought on its share of growing pains, one of which is the fact that Gentoo Linux now has over 4000 packages in the Portage tree, with under 100 active developers to maintain them all. With a ratio of 40 packages per developer, its no surprise that some applications have fallen behind their most current versions.
In an effort to remedy at least part of this problem, Gentoo developer Dan Armak recently summarized and RFC'd a proposal for reorganizing how Gentoo Linux manages and maintains ebuilds within the Portage tree. The new proposal has four key features:
- All ebuilds should, if at all possible, have at least one maintainer assigned to them. Major ebuilds, such as KDE, GNOME and XFree86 might have two or three developers assigned to them. Realistically, only those ebuilds which are complicated or otherwise unusual are likely to have their own maintainers.
- For the ebuilds that cannot have their own maintainer and are not complicated enough to require one, they will be organized into thematic groups. So, there might be a "sound" category and a "video" category. Each themed group will have one or more maintainers assigned to it who are responsible for watching for newer upstream versions and bumping those ebuilds in the testing branch of Portage.
- These thematic groups are not intended to replace or even necessarily align with Portage categories. Portage categories are a user-side convenience designed to make organizing packages easier. Themed groups of maintainers are a developer-side convenience, designed to ensure complete coverage of the Portage tree.
- Finally, if an ebuild is deemed to be complicated enough to need a dedicated maintainer, it will be listed as "unmaintained" and in need of a new owner. If it is not picked up within a pre-determined amount of time, it will be masked and later dropped from Portage. For those people familiar with Debian Linux, this is similar to the method they use for their package maintenance.
Currently, this solution is in the draft stage and is subject to revision or even complete abandonment if a better solution comes along.
Mailing list changes
Many of the Gentoo Linux mailing lists have been abuzz this week regarding developer communication, the openness of the private gentoo-core list and other issues related to keeping users appraised of the future of Gentoo Linux. In an effort to address these issues, the following changes will be made:
- All communication related to development issues will be kept on gentoo-dev. Previously, because of the signal to noise ratio on dev, many developers chose gentoo-core to discuss development issues. As a result of this, users posting support-related quesitons or other non-development related issues to gentoo-dev may be politely asked to instead post their questions to gentoo-user.
- gentoo-core will continue to be a private list, but relevant issues from it will be summarized here in the GWN. (Actually, this has always been the case since the GWN was first published. We've just never explicitly explained that)
- Depending on how successfuly the efforts are to improve the signal to noise ratio on gentoo-dev, a third list may be created which would be restricted to posting by Gentoo Linux developers only, but read-only to anyone who wishes to subscribe.
Users can help this effort by ensuring that each list is used for its proper purpose. gentoo-user is for support-related questions and general discussion about Gentoo Linux. gentoo-dev is for discussions related to the development of Gentoo Linux.
Early addition of tcl/tk
Earlier this week, tcl-8.4.2 was added to the testing tree ahead of schedule and before the supporting scripts to help users migrate from previous versions of tcl were in place. tcl-8.4.2 requires all applications using tcl to be recompiled before they will function with the new version. The development team is working on a migration strategy to help users migrate from previous versions. In the meantime, anyone using ACCEPT_KEYWORDS="~<arch>" should be aware of the recompilation requirements.
The snort intrusion detection package has been found to contain an integer overflow vulnerability that could permit
a DoS attack on a vulnerable computer. It is theoretically possible to exploit the overflow to run arbitrary code
as the snort user, typically root. This compromise may be corrected by disabling the stream4 preprocessor in
snort.conf. Doing so reduces the utility of snort.
- Severity: High - Potential remote root compromise, with published defence.
- Packages Affected: net-analyzer/snort versions prior to snort-2.0.0
- Rectification: Synchronize and emerge snort, emerge clean.
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Featured Developer of the Week
Figure 3.1: George Shapovalov
This week's featured developer, George Shapovalov, is the caretaker of app-sci and "alternative" parts of dev-lang (mostly Pascal-esque and functional languages like Caml and Haskell) and the coordinator of the Russian Gentoo community, and also spends a lot of time tackling organizational and design-related issues, his most notable contribution being the "distributed ebuild processing system" he proposed. Posted as Bug #1523, it was a proposed method to ease the load on the core developers' shoulders by delegating ebuild review to users. George submitted this suggestion after he had used Gentoo for a while and had submitted several ebuilds; apparently it caused quite a bit of debate in gentoo-core, and resulted in an invitation to the Gentoo team. While the proposal hasn't been implemented completely, parts of it have been, and George feels that Portage is slowly moving closer to what he suggested. On the Russian front, George coordinates the translation of documentation and the GWN (Russian version coming soon to a browser near you), as well as the community at www.gentoo.ru, comprising forums, a mailing list, and, soon to come, social activities.
Trading nice features for tightness, George runs KDE apps like konqueror and kmail for day-to-day stuff under Fluxbox. The other apps he uses are quite standard, although being in charge of app-sci he ends up playing with quite a few fun and special apps. His workspace, an IBM Thinkpad A21m (P3 800, 512MB RAM, 20GB HD) follows him around everywhere; he also has two boxen at home, one serving as a workstation for his wife, the other serving files and routing. When not busy helping shape the future of Portage or translating documents, George can be found doing graduate work in biophysics at Caltech in Pasadena, CA, spending time with his family, or on the occasional mountain climbing or biking trip. He'll be graduating soon, and is thinking of going to Europe, quite possibly Germany.
Heard In The Community
Two New Moderators
The Gentoo Forums continue to grow at their own mind-boggling pace, and at times some reenforcement of the happy lot that assumes responsibility for moderation is necessary. Last week, bsolar and andrd joined the group of moderators offering some guidance in polite speech to the occasional hothead, redirecting posts to appropriate context, deleting duplicate threads and the rare occurrences of spam posts:
Everything You Always Wanted to Know About Framebuffers, Boot- And Other Splashes
Cleanliness and a well-presented desktop have always been in good standing with Gentoo users, at least as far as the Forum dwellers are concerned. Now Narada has shown admirable consideration for his fellow desktop Gentooists, by providing a very concise manual for all those who haven't quite come to terms with framebuffers and other graphic tricks:
Public Key Signing
A hot topic in the gentoo-user list was that of PGP keys, encryption and secure communications in general. Lots of good information popped up in the thread. Notably, the Reverand Jeffrey Paul preached the dangers of ignorance in cryptography and recommended this PDF as required reading. In summary of the thread, due to the nature of the communities trust in its members, it should not be easy to get your key signed by just anybody. There are pay services offering "Digital IDs", however that's beside the point. A good place to get connected is at your local LUG (Linux User Group), or better yet, at the next Gentoo gathering.
Upgrading Gentoo RCs (release canidates)
This week it was Joel Palimus asking the question, ".. is there then any reason to install a later release candidate or final release?". Not surprisingly, the -user community responded with a unanimous 'no'. Once you have a base system installed and working, it is brought completely up to date through a series of emerge 'syncs' and 'update worlds'. It was stated, however, that the move from Gentoo 1.2 to 1.4 was a little more rocky. The upgrade required recompiling the whole system with a 'emerge -e world' due to the compiler changing from gcc 2.95 to gcc 3.2. Once gcc-config was released, however, it allowed gcc 2.95.3-r8 and gcc 3.x compilers to co-exist peacefully, making the upgrade even easier. Janne Johansson provided an excellent explanation sourced from the gcc website. And yes, you can rest safely knowing the GWN team will announce any special circumstances in the future.
Several Portage Trees
started a big thread with his "I was wondering about having several portage trees to allow external distributor having repositories of packages." He received several comments
from Foser and Method, along with other Gentoo developers, regarding the problems
that may arise if such a thing was allowed. Of chief concern is how to properly track dependencies and cache metadata across multiple trees.
Initscripts written in Python
An interesting proposal was brought on, about writing the Gentoo init scripts in python.
To form a consistency with portage.
Read about the pros and cons.
Ebuild naming policy
Is there one? And if so which one? Here is the
full discussion as to how do
names come to the Portage tree. Reading the
Gentoo Linux Developers HOWTO
might come in handy too!
The Gentoo Weekly Newsletter is pleased to announce the creation of a Turkish version of the GWN. For our Turkish users, you can now enjoy the GWN in your native toungue.
Interested in translating the GWN into a different language? As you can see from each issue that comes out, translating the GWN is a fair amount of work. As such, we prefer to have teams of at least 2-3 people per language, rather than having just one person per language. This helps to distribute the load and also ensures that vacations, illnesses and family emergencies don't disrupt our publishing schedule. If you'd like to help translate the GWN, please send an email to firstname.lastname@example.org.
The following stable packages were added to portage this week
Updates to notable packages
- x11-wm/fluxbox: fluxbox-0.9.0.ebuild;
- sys-kernel/*: ac-sources-2.4.21_pre7-r1.ebuild; ac-sources-2.4.21_rc1-r1.ebuild; ck-sources-2.4.20-r6.ebuild; development-sources-2.5.68.ebuild; gaming-sources-2.4.20-r2.ebuild; genkernel-1.0.ebuild; gentoo-sources-2.4.20-r3.ebuild; gs-sources-2.4.21_pre7-r1.ebuild; gs-sources-2.4.21_rc1.ebuild; hardened-sources-2.4.20-r2.ebuild; mm-sources-2.5.67-r2.ebuild; mm-sources-2.5.67-r3.ebuild; mm-sources-2.5.67-r4.ebuild; mm-sources-2.5.68-r1.ebuild; openmosix-sources-2.4.20-r3.ebuild; pfeifer-sources-18.104.22.168_pre7.ebuild; selinux-sources-2.4.20-r4.ebuild; xfs-sources-2.4.20-r3.ebuild;
- dev-php/php: php-4.3.1-r2.ebuild;
- app-admin/gentoolkit: gentoolkit-0.1.19-r4.ebuild; gentoolkit-0.1.19-r5.ebuild;
New USE variables
- ladcca: Adds Linux Audio Developer's Configuration and Connection API support (LADCCA)
- nhc98: Use the nhc98 Haskell compiler instead of GHC if the package supports it
- prebuilt: Flag to enable or disable options for prebuilt (GRP) packages (eg. due to licensing issues)
- xinerama: Add support for XFree86's xinerama extension, which allows you to stretch your display across multiple monitors
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
- 241 new bugs this week
- 443 bugs closed or resolved this week
- 8 previously closed bugs were reopened this week.
- 2495 total bugs currently marked 'new'
- 398 total bugs currently assigned to developers
There are currently 2952 bugs open in bugzilla. Of these: 49 are labeled 'blocker', 111 are labeled 'critical',
and 236 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs
this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Privilege Separation in Portage
One nice feature of Portage is that it can drop privileges and compile
as a less privileged user. It can also sandbox most phases of the
installation. This week's tip shows you how to enable these features
of Portage to increase the security of your system.
The first step is to create the portage user and group
accounts. Portage will use these accounts when running its processes.
Code Listing 8.1: Adding the portage user and group
# groupadd -g 250 portage
# useradd -u 250 -g 250 -s /bin/false portage
The next step is to fix the ownership on the areas portage will need
access to. By default, these directories are /usr/portage,
Code Listing 8.2: Fixing ownership on Portage directories
# chown -R portage:portage /usr/portage
# chown -R portage:portage /var/tmp/portage
If you've specified different locations in /etc/make.conf,
you will need to ensure that portage has the proper ownership on
PORTAGE_TMPDIR, PORTDIR, DISTDIR, PKGDIR, PORT_LOGDIR, and PORTDIR_OVERLAY.
After the ownership has been set properly, you need to enable the
features for privilege separate in /etc/make.conf. To
do this, you need to edit the FEATURES line.
Code Listing 8.3: /etc/make.conf FEATURES
FEATURES="sandbox userpriv usersandbox"
Portage is now set up to drop root privileges and build packages under
the portage user account. To test it, use the command top. When
you have top open, type u to display processes for a specific
user, and type portage at the prompt to display processes for
portage. Now emerge something, and watch as the portage user shows up
as the owner of all the commands.
Moves, Adds and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
- Tavis Ormandy (taviso) -- Gentoo Linux/Alpha
- Todd Berman (tberman) -- sendmail, java
- Michael Sterrett (msterrett) -- miscellaneous
- Michael Fitzpatrick (leachim) -- xfree
- Fred Van Andel (fava) -- ufed
- Chuck Brewer (killian) -- net-dialup
- Thomas Schutz (murray_b) -- bug-wranglers
- Caleb Tennis (caleb) -- kde
- Tal Peer (coredumb) -- php
- Bip Thelin (bip) -- php, tomcat
- Paul de Vrieze (pauldv) -- kde
The following developers recently changed roles within the Gentoo Linux project.
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: