Gentoo 2004.3 x86 release on DVD
The Gentoo Store now delivers the entire 2004.3 release for the x86 architecture, including all binary packages for the supported subarchitectures (x86, i686, Pentium 3, Pentium 4 and Athlon XP) on a single bootable DVD.
It also provides a set of two DVDs that contains a complete archive of the 2004.3 release distfiles, including all necessary source code except for the games category that was omitted for space reasons. The store profits go partly to the Gentoo Foundation, helping in establishing the not-for-profit entity, the server infrastructure and other Gentoo development-related support.
Gentoo documentation updates and extensions
A flurry of activity coming from kernel developer Daniel Drake has enriched the Gentoo documentation last week. Aside from updates to numerous kernel guides and primers, he also authored a mantelpiece for the Gentoo documentation collection, a brandnew "Complete Gentoo Linux 2.6 Migration Guide" that answers all the questions that Gentoo users moving on from the 2.4 kernel series may have.
On the workflow side of things the documentation team has been preoccupied with a few shortcomings of AxKit for a while, i.e. the XML preprocessor responsible for converting the internal XML structure of all web-hosted content at www.gentoo.org to HTML. AxKit is running only with Apache v1, for example, and looks somewhat unmaintained with its lack of significant updates for some time. Xavier Neys and Sven Vermeulen have therefore started replacing AxKit with gorg, its promising successor capable of delivering the missing features. As always, the update page of the documentation project has all these and other important changes, including some gruesome work done on existing files to make the translators' job a little easier.
Sometimes it's nice to show to the users that there's a fair amount of work going into Portage, despite the gaps between stable releases. Portage 2.0.51 hasn't been out more than a month, but its CVS version now has - in a mostly stable fashion - the following features:
Aside from feature additions, and code cleanup that's already started, --regen (checking and updating the dependency path) is now 33% faster, and metadata updates (post rsync'ing) are quicker by almost half in baseline tests.
Then there's the work on the environment settings. Ebuilds now should be able to be completely uninstalled without anything of the tree existing. Nothing but the relevant profile is needed for this, which basically means that Portage developers can start modifying eclasses again without having to worry about backwards compatability going back years.
Also - nifty little trick - the old "I updated ssl, libssl.so got shifted, and now wget won't work and I can't fetch any sources" issue is addressed via a bundled Python-based fetch implementation - if the exit code from the fetch call is indicative of missing libraries or binaries, it tries the bundled lib instead. In tests Brian Herring has done in a system gutted of openssl, the bundled lib has soldiered on, promising that users could get out of that jam.
Some work is going into sync refactoring, too: The CVS format was made more flexible, and snapshot support was added in, meaning the need for emerge-webrsync is vanishing.
The CVS development is a bit embryonic at the moment, with a lot of work left, but these and more changes will not take long before they come your way - the diff between portage-2.0.51 and the version in CVS is already larger than 400KB.
The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.
For more information, please see the GLSA Announcement
BNC: Buffer overflow vulnerability
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code.
For more information, please see the GLSA Announcement
SquirrelMail: Encoded text XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts.
For more information, please see the GLSA Announcement
GIMPS, SETI@home, ChessBrain: Insecure installation
Improper file ownership allows user-owned files to be run with root privileges by init scripts.
For more information, please see the GLSA Announcement
Fcron: Multiple vulnerabilities
Multiple vulnerabilities in Fcron can allow a local user to potentially cause a Denial of Service.
For more information, please see the GLSA Announcement
CD burning and Gentoo kernel 2.6.9
Gentoo developer Daniel Drake is soliciting testers for a replacement bugfix he's done on Gentoo's development kernel (and managed to get included in the official tree for 2.6.10). As CD and DVD burning has been under fire since 2.6.7 because of security concerns with simulated SCSI commands being sent to the devices, fixes that weren't making things any better had to be replaced with a saner approach. Check this thread and tell him what you think:
RAM-voracious ebuilds?
What can be done if during installation an ebuild needs lots of RAM (gtk2hs) or large amounts of disk space (OpenOffice.org)? Since the build process might fail on some systems, it would be useful to have portage check these resources before starting the build. Is there a sane and cross-platform way of doing this? /proc/ does not exist on all platforms, after all.
Handling important upgrade messages
Many ebuilds give important hints about changes in behaviour, configuration files etc. These messages are spewed to the screen during the installation, and therefore usually scroll away during multi-package upgrades. This prevents users from seeing many important messages in an easy way (and no, sitting eight hours watching the messages scroll by doesn't count). This thread explores the possibilities of collecting these messages so that they can be presented all at once.
UK: Oxford Gentoo User Meeting
Hardly surprising, coming to think of it: Since Gentoo users in "that other city" met two weeks ago, Oxford-based Gentooists have been thinking out loud that they can't possibly let this pass. They'll be meeting for the first time on Sunday afternoon, 28 November 2004 from 15:00, at the "Far From The Madding Crowd"in 10-12 Friar's Entry. Half a dozen Oxonian Gentooists have already confirmed, with shadow Portage bash-scripter Edward Catmur expected at the venue, and Gentoo developer robmoss hiking to Oxford on a full 500 mile roundtrip just for this event. Announce your participation in this Forum thread.
2004.3 Release announcements roundup
Last week's release of Gentoo Linux 2004.3 triggered a large number of publications about Gentoo. Here's a list of some of the shinier highlights, many of them with comment areas below the article:
Business Wire (20 November 2004
Business Wire announces that the speaker list for next year's big "Security Enhanced Linux" (SELinux) symposium is now confirmed, and it mentions Gentoo as one of the organisations to be present and presenting at the SELinux Symposium, scheduled for 2-4 March 2005 in Silver Spring, Maryland. What the article doesn't say: The Gentooist involved in this conference is Gentoo developer Joshua Brindle.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 07 November 2004 and 14 November 2004, activity on the site has resulted in:
Of the 7397 currently open bugs: 129 are labeled 'blocker', 240 are labeled 'critical', and 556 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
/var/log/emerge.log is well-known as the central reporitory of information about all emerge activity going on in system. Lesser known are some tricks you can do with the content of that log file. For example, when you start an upgrade, you generally don't know how much time it will take to finish compiling. You probably don't remember how long your last mplayer installation took, but Portage does, and if you'd decipher the Unix time stamps in /var/log/emerge.log, you'd get a pretty good idea, too. Or you could let app-portage/genlop do it for you. Emerge (the unstable, ~arch version of) genlop with:
Code Listing 8.1: Emerge genlop |
#emerge -av genlop |
Now run a pretended world upgrade and pipe it to genlop for an estimation of your upgrade schedule:
Code Listing 8.2: Estimate upgrade time |
#emerge -pu world | genlop --pretend These are the pretended packages: (this may take a while; wait...) * media-libs/tiff * x11-base/xorg-x11 * app-sci/stellarium * app-arch/gzip * dev-libs/libIDL * net-www/mozilla-firefox * sys-boot/lilo * app-doc/abs-guide * app-arch/unarj * app-emulation/wine * app-admin/sudo Estimated update time: 4 hours, 38 minutes. |
A look at the mechanism explains how Portage can double as an oracle. It uses the statistics stored in the emerge.log file, take an average of compilation times for given packages, and summarize the results. There are some uncertainties, of course, for example if you use the CCACHE feature, then compile times for a minor version bump may be much faster than the original package took compiling the first time. On the other hand, if an application has been extended with new features, the old average compile time can be shorter than the version you're about to emerge.
Another brilliant feature of genlop is its --current option, the perfect companion to the estimated compile-time from --pretend:
Code Listing 8.3: How much time spent since the beginning of an emerge |
# genlop --current
* app-portage/splat-0.07
current merge time: 12 seconds.
|
Now you can say how long time you have to wait.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: