close
  • Pl chevron_right

    FOSS Activites in April 2021

    pubsub.slavino.sk / planetdebian · Saturday, 8 May - 13:30 · 7 minutes

Here’s my (nineteenth) monthly update about the activities I’ve done in the F/L/OSS world.

Debian

debian-logo-small.png

This was my 28th month of active contributing to Debian . I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

Crazy month, as always. Lots of things happening and lots of moving parts.
Now that I am working on Ubuntu-full time, I barely get much time to do any extra stuff. Then the massive COVID wave that has plunged India had made this month further crazier. More on that later, maybe. IDK.

Anyway, I did some Debian stuff, thanks to Salzburg BSP (more down below). I worked on the following stuff:

Uploads and bug fixes:

Other $things:

  • Mentoring for newcomers and assisting people in BSP.
  • Moderation of -project mailing list.

Salzburg BSP 2021

This was my first virtual BSP and the first BSP in Salzburg and it was absolutely amazing!
Many kudos to Bernd Zeimetz for organizing it so smoothly and wonderfully, for real! \o/

We had a bunch of amazing sessions, besides hacking, of course, like:

  • yoga,
  • sports,
  • games, and
  • datacenter tour -> which was super!

We also had lots of things happening at #debian-bsp-2021-szg and did a lot of work.
Whilst everything we did is available on the pad , I work on the following things:

  • [deki/utkarsh]: CVE-2021-28421/fluidsynth (sid); cf: #987168/#987471.
  • [deki/utkarsh]: CVE-2021-28421/fluidsynth (buster); cf: #987168/#987494.
  • [utkarsh]: 18 CVEs for jackson-databind (buster); cf: #987489.
  • [utkarsh]: fix for ruby-librarian/#987113 (unblock request: #987501).
  • [utkarsh]: 17 CVEs for jackson-databind (stretch); LTS upload.
  • [utkarsh]: CVE-2020-12460/opendmarc (stretch); LTS upload.
  • [utkarsh]: CVE-2020-12460/opendmarc (buster); cf: #987531.
  • [deki/utkarsh]: libpam-alreadyloggedin, broken autopkgtest; #958224
  • [deki/utkarsh]: libpam-alreadyloggedin, installed in wrong directory; #986247
  • [deki/utkarsh]: libpam-alreadyloggedin, FTCBFS; #969122
  • [donfede/utkarsh] 10 CVEs for salt (buster)
  • [donfede/utkarsh] 10 CVEs for salt (bullseye)

And finally, we clicked a picture! \o/


Debian (E)LTS

debian-lts-small.png

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

This was my nineteenth month as a Debian LTS and tenth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:

LTS CVE Fixes and Announcements:

ELTS CVE Fixes and Announcements:

Other (E)LTS Work:

  • Front-desk duty from 29-03 until 04-04 and then from 26-04 until 02-05 for both LTS and ELTS.
  • Triaged spamassassin , codemirror-js , jackson-databind , wordpress , gstreamer , underscore , python-bleach , plinth , libpano13 , salt , dojo , ruby2.7 , firefox-esr , clamav , composter , courier-authlib , opendmarc , openexr , libimage-exiftool-perl , tomcat7 , libjs-handlebars , libnet-netmask-perl , network-manager , and curl .
  • Mark CVE-2021-20297/network-manager as not-affected for jessie.
  • Mark CVE-2021-22890/curl as not-affected for jessie and stretch.
  • Mark CVE-2020-7760/codemirror-js as not-affected for jessie.
  • Mark CVE-2021-25122/tomcat8 as not-affected for jessie.
  • Mark CVE-2021-XXXX/plinth as no-dsa for stretch.
  • Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch.
  • Mark CVE-2021-28374/courier-authlib as fixed in 0.58-3.1 for jessie.
  • Mark CVE-2021-1252/clamav as not-affected for jessie.
  • Mark CVE-2021-1404/clamav as not-affected for jessie.
  • Mark CVE-2020-4051/dojo as no-dsa for jessie.
  • Mark CVE-2021-29447/wordpress as not-affected for jessie.
  • Mark CVE-2021-29450/wordpress as not-affected for jessie.
  • Mark CVE-2019-20920/libjs-handlebars as ignored for stretch and jessie.
  • Mark CVE-2021-23369/libjs-handlebars as ignored for stretch and jessie.
  • Mark CVE-2020-4051/dojo as fixed in 1.15.4+dfsg1-1 for sid and bullseye.
  • Mark CVE-2021-28965/ruby2.7 fixed in 2.7.3-1 for sid.
  • Mark CVE-2020-12272/opendmarc as postponed for jessie.
  • Mark CVE-2021-20296, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, and CVE-2021-3479, affecting openexr, as no-dsa for jessie and stretch.
  • Suggest proposed fixes for CVE-2021-22876/curl on LTS public list .
  • Publish the missing DLA update for website on behalf of the community contribution. Thread here .
  • Help suggest and unblock work if FD is missing or something. Thread here .
  • Suggest marking CVE-2021-23369/{node,libjs}-handlebars as no-dsa/ignored for all suites. Thread here .
  • Help unblock Anton with the failed python2.7 build on i386 by co-ordinating with the sec team. Thread here .
  • Private ELTS-related discussion on the ELTS list (+ w/ Raphael).
  • Auto EOL’ed webkit2gtk, python-bleach, tika, linux, ircii, spice-vdagent, libspring-security-2.0-java, file-roller, rustc, python-django-registration, gsoap, thunderbird, mosquitto, ruby-sidekiq, gnuchess, libpodofo, unbound, drupal7, 389-ds-base, and scrollz for jessie.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list .

Until next time.
:wq for today.


Značky: #Debian

  • Pl chevron_right

    qemu-sbuild-utils merged into sbuild

    pubsub.slavino.sk / planetdebian · Thursday, 28 January, 2021 - 10:00

qemu-sbuild-utils have been merged into sbuild and are now shipped as package sbuild-qemu . The executables have been renamed from qemu-sbuild-* to sbuild-qemu-* , to be consisent with the other utilities provided by sbuild.

I may or may not have botched the transitional dummy package, but as the original package never migrated to testing (this was deliberate) and popcon was low, I'm confident that people will manage.

sbuild-qemu depends on the recently uploaded vdbm2 , which added support for arm64, armhf, and ppc64el images. This is really exciting, as this means that sbuild-qemu and autopkgtest will soon be able to build for and test on most of the officially supported architectures, all from one host machine. MRs to enable these new features in autopkgtest have already been filed by Ryutaro Matsumoto. Support for the armel architecture is being discussed; support for the MIPS architectures is a more complicated issue, as they don't use GRUB.

I'd like to thank Johannes Schauer for reaching out, initiating discussion, and collaborating on this merge!


Značky: #Debian

  • Pl chevron_right

    Compiling and installing the Gentoo Linux kernel on emerge without genkernel

    pubsub.slavino.sk / planetdebian · Thursday, 28 January, 2021 - 09:45 · 1 minute

Gentoo emerges of sys-kernel/gentoo-sources will nicely install the current kernel into /usr/src/linux-* but it will not compile them.

The Gentoo wiki kernel documentation has a script snippet to automate the kernel build with genkernel .

I do not like to use genkernel as it brings in lots of firmware files to build initrds that are not needed on virtual hardware. It also makes building the kernel slower.

So, the plain approach:

Make emerge sys-kernel/gentoo-sources symlink the latest kernel to /usr/src/linux so we can find it easily:

echo "sys-kernel/gentoo-sources symlink" >> / etc / portage / package.use / gentoo-sources

Create /etc/portage/env/sys-kernel/gentoo-sources with the following:

post_pkg_postinst ( ) {
CURRENT_KV =$ ( uname -r )
unset ARCH
if [ [ -f " ${EROOT:-/} usr/src/linux- ${CURRENT_KV} /.config" ] ] ; then
cp -n " ${EROOT:-/} usr/src/linux- ${CURRENT_KV} /.config" " ${EROOT:-/} usr/src/linux/.config"
cd " ${EROOT:-/} usr/src/linux/" && \
make olddefconfig && \
make -j5 && make modules_install && make install && \
grub-mkconfig -o / boot / grub / grub.cfg
fi
}

This will compile the next kernel on the basis of the config of the currently running kernel, install the modules and the kernel bzImage and update grub so it knows about the new kernel for the next reboot.

If you forget to unset ARCH the Linux build system will complain like:

Makefile:583: arch/amd64/Makefile: No such file or directory
make: *** No rule to make target 'arch/amd64/Makefile'.  Stop.

You can test the new magic by re-emerging the latest kernel, e.g. currently emerge =sys-kernel/gentoo-sources-5.4.80-r1 :


Značky: #Debian

  • Pl chevron_right

    2020 in Fiction

    pubsub.slavino.sk / planetdebian · Wednesday, 27 January, 2021 - 16:24 · 2 minutes

Cover for Susanna Clarke
Cover for Emily St. John Mandel

I managed to read 31 "books" in 2020. I'm happy with that. I thought the Pandemic would prevent me reaching my goal (30), since I did most of my reading on the commute to the Newcastle office, pre-pandemic. Somehow I've managed to compensate.

I started setting a goal for books read per year in 2012 when I started to use goodreads . Doing so started to influence the type of reading I do (which is the reason I stopped my Interzone subscription in 2014, although I resumed it again sometime afterwards). Once I realised that I've been a bit more careful to ensure setting a goal was a worthwhile thing to do and not just another source of stress in my life.

Two books I read were published in 2020. The first was Robert Galbraith's (a.k.a. J K Rowling's) Troubled Blood , the fifth (and largest) in the series of crime novels featuring Cormoran Strike (and the equally important Robin Ellacott). Nowadays Rowling is a controversial figure, but I'm not writing about that today, or the book itself, in much detail: briefly, it exceeded expectations, and my wife and I really enjoyed it.

The other was Susanna Clarke's Piranesi : an utterly fantastic modern-fantasy story, quite short, completely different to her successful debut novel Jonathan Strange & Mr Norrell . I really loved this book, partly because it appeals to my love of fantasy geography, but also because it is very well put together, with a strong sense of the value of people's lives.

A couple of the other books I read were quite Pandemic-appropriate. I tore through Josh Malerman's Bird Box , a fast-paced post-apocalyptic style horror/suspense story. The appeal was mostly in the construction and delivery: the story itself was strong enough to support the book at the length that it is, but I don't really feel it could have lasted much longer, and so I've no idea how the new sequel ( Malorie ) will work.

The other was Station Eleven by Emily St. John Mandel. This was a story about a group of travelling musicians in a post-apocalyptic (post-pandemic) North America. A cast of characters all revolve around their relationship (or six degrees of separation) to an actor who died just prior to the Pandemic. The world-building in this book was really strong, and I felt sufficiently invested in the characters that I would love to read more about them in another book. However, I think that (although I'm largely just guessing here), in common with Bird Box , the setting was there to support the novel and the ideas that the author wanted to get across, and so I (sadly) doubt she will return to it.

Finally I read a lot of short fiction. I'll write more about that in a separate blog post.


Značky: #Debian

  • Pl chevron_right

    Installing System Rescue (CD) to a flash drive

    pubsub.slavino.sk / planetdebian · Wednesday, 27 January, 2021 - 12:47 · 1 minute

System Rescue , the project formerly known as System Rescue CD , has moved from being based on Gentoo to being built on Arch Linux packages.

With this their ISO layout changed substantially so when updating my trusty recue USB flash drive, I could not just update the kernel, initrd and the root filesystem image as I had typically done every other year before.

The "Installing on a USB memory stick" documentation is good for Windows (use Rufus , it's nice) but rather useless for Linux. They recommend a dd or the fancy graphical version of that, called usbimager .

I much prefer to have a flash drive that I can write to over an image of a CD (ISO) written 1:1 onto the flash media.

The basic idea is to use the bulk of the System Rescue ISO contents but amend these with your own grub and syslinux so they work as intended over the supplied ones that are bound to the ISO layout a bit too much.

I did this on Debian Buster but with some adjustments to paths and what packages to install, any recent Linux distribution should do:

Continue reading "Installing System Rescue (CD) to a flash drive"

Značky: #Debian

  • Pl chevron_right

    Review: A Deadly Education

    pubsub.slavino.sk / planetdebian · Wednesday, 27 January, 2021 - 04:12 · 6 minutes

Review: A Deadly Education , by Naomi Novik

Series: The Scholomance #1
Publisher: Del Rey
Copyright: 2020
ISBN: 0-593-12849-4
Format: Kindle
Pages: 319

Some children are born with magic, which grows as they mature. Magic attracts maleficaria: extremely deadly magical beasts that want to feast on that magic. Having innate magical ability is therefore a recipe for endless attacks from monsters and a death at a young age. This was true even for the enclaves, which are the rich, gated communities of the magical world.

Hence, the Scholomance. This is a boarding school for magic users placed in the Void and protected against maleficaria as completely as possible while still letting the students graduate and leave after their senior year. Students are sent there via a teleportation spell with a weight allowance, taught magic by automated systems and magical artifacts, and left on their own to make alliances and survive. Or not survive; protected as well as possible still means that there are maleficaria everywhere, sneaking past the wards of the graduation hall and looking for snacks. The school sends cleansing fire through the halls at certain times; the rest of the time, the students either learn enough magic to defeat maleficaria themselves, form alliances with those who can, or die to feed the magic of the school.

Enter Galadriel, or El as she prefers. She's not an enclave kid; she's the grumpy, misfit daughter of a hippie mother whose open-hearted devotion to healing and giving away her abilities make her the opposite of the jealously guarded power structures of the enclaves. El has no resources other than what she can muster on her own. She also has her mother's ethics, which means that although she has an innate talent for malia, drawing magic from the death of other living things, she forces herself to build her mana through rigorously ethical means. Like push-ups. Or, worse, crochet.

At the start of the book, El is in her third year of four, and significantly more of her classmates are alive than normally would be. That's because of her classmate, Orion Lake, who has made a full-time hobby of saving everyone from maleficaria. His unique magical ability frees him from the constraints of mana or malia that everyone else is subject to, and he uses that to be a hero, surrounded by adoring fans. And El is thoroughly sick of it.

This book is so good in so many different ways that I don't know where to start.

Obviously, A Deadly Education is a twist on the boarding school novel, both the traditional and the magical kind. This is not a genre in which I'm that well-read, but even with my lack of familiarity, I noticed so many things Novik does to improve the genre tropes, starting with not making the heroic character with the special powers the protagonist. And getting rid of all the adults, which leaves way more space for rich social dynamics between the kids (complex and interesting ones that are entangled with the social dynamics outside of the school, not some simplistic Lord of the Flies take). Going alone anywhere in the school is dangerous, as is sitting at the bad tables in the cafeteria, so social cliques become a matter of literal life and death. And the students aren't just trying to survive; the ones who aren't part of enclaves are jockeying for invitations or trying to build the power to help their family and allies form their own.

El is the first-person narrator of the story and she's wonderful. She's grumpy, cynical, and sarcastic, which is often good for first-person narrators, but she also has a core of ethics from her mother, and from her own decisions, that gives her so much depth. She is the type of person who knows exactly how much an ethical choice will cost her and how objectively stupid it is, and then will make it anyway out of sheer stubbornness and refuse to take credit for it. I will happily read books about characters like El until the end of time.

Her mother never appears in this book, and yet she's such a strong presence because El's relationship with her matters, to both El and to the book. El could not be more unlike her mother in both personality and in magical focus, and she's exasperated by the sheer impracticality of some of her mother's ideals. And yet there's a core of love and understanding beneath that, a level at which El completely understands her mother's goals, and El relies on it even when she doesn't realize she's doing so. I don't think I've ever read a portrayal of a mother-daughter relationship this good where one of the parties isn't even present.

And I haven't even gotten to the world-building, and the level to which Novik chases down and explores all the implications of this ridiculous murder machine of a school.

I will offer this caveat: If you poke at the justification for creating this school in the way it was built, it's going to teeter a lot. That society thought this school was the best solution to its child mortality problem is just something you have to roll with. But once you accept that, the implications are handled so very well. The school is an inhuman character in its own right, with exasperating rules that the students learn and warn each other about. It tries to distract you with rare spellbooks or artifact materials because it's trying to kill you. The language tapes whisper horrific stories of your death. The back wall of your room is a window to the Void, from which you can demand spellbooks. You'll even get them in languages that you understand, for a generous definition of understand that may have involved glancing at one page of text, so be careful not to do that! The school replaces all of the adult teachers in the typical boarding school novel and is so much more interesting than any of them because it adds the science fiction thrill of setting as character.

The world-building does mean a lot of infodumping, so be prepared for that. El likes to explain things, tell stories, and over-analyze her life, and reading this book is a bit like reading the journal of a teenage girl. For me, El's voice is so strong, authentic, stubborn, and sarcastically funny that I scarcely noticed the digressions into background material.

And the relationships! Some of the turns will be predictable, since of course El's stubborn ethics will be (eventually) rewarded by the story, but the dynamic that develops between El and Orion is something special. It takes a lot to make me have sympathy with the chosen one boy hero, but Novik pulls it off without ever losing sight of the dynamics of class and privilege that are also in play. And the friendships El develops almost accidentally by being stubbornly herself are just wonderful, and the way she navigates them made me respect her even more.

The one negative thing I will say about this book is that I don't think Novik quite nailed the climax. Some of this is probably because this is the first book of a series and Novik wanted to hold some social developments in reserve, but I thought El got a bit sidelined and ended up along for the ride in an action-movie sequence. Still, it's a minor quibble, and it's clear from the very end of the book that El is going to get more attention and end up in a different social position in the next book.

This was a wholly engrossing and enjoyable story with a satisfying climax and only the barb of a cliffhanger in the very last line. It's the best SFF novel published in 2020 that I've read so far (yes, even better than Network Effect ). Highly recommended, and I hope it gets award recognition this year.

Followed by The Last Graduate (not yet published at the time of this review).

Rating: 9 out of 10


Značky: #Debian

  • Pl chevron_right

    Migrating from Drupal to WordPress

    pubsub.slavino.sk / planetdebian · Tuesday, 26 January, 2021 - 19:40 · 1 minute

If you can read this on planet.debian.org then migrating my blog from Drupal to WordPress was successful and the feed has been successfully changed by the Debian Planet Maintainers (thanks!).

I’ve been a long term Drupal user. I think I started to use Drupal since it was included in Debian. At some point Drupal was removed from Debian and I started to use Serendipity instead. Later Drupal was included in Debian again and I moved back to Drupal. I think this must have been around Drupal 4 or Drupal 5. No idea.

I even became active in the Drupal community and went to one of the first Drupal barcamps in Germany, namely in Cologne. This was shortly before Dries Buytaert started a business off of Drupal and went to the USA. I met with many devs of Drupal in Cologne and enjoyed the community and started with others a local Drupal User Group in Rostock.

In 2011 we organized a Drupal Barcamp in Rostock, which was quite successful. But at that time it was already apparent that Drupal became more and more complex. It was far away from its original idea of providing a simple to use website and blogging site.

Now I’m still on Drupal 7 and this is some sort of a showstopper. Older major version upgrades had a upgrade path, like from Drupal 5 to Drupal 6 to Drupal 7. But for Drupal 8 there is no easy upgrade path. There are some ways to upgrade, but nothing as smooth as the prior major upgrades. In fact the upgrade from 6 to 7 was already painful.

My impression of Drupal today is that it is a framework suitable for agencies to built complex websites for their customers. It’s too much of a hassle to use it for your hobbyist websites.

So, after all the years my Drupal journey will come to an end. It was a long time with you. Sometimes joyful, sometimes painful. I wish you all the best, Drupal!

Maybe I stay with WordPress, maybe I’ll use Hugo in the future. Having a static website is very appealing, though… 🙂


Značky: #Debian

  • Pl chevron_right

    Making Debian available

    pubsub.slavino.sk / planetdebian · Tuesday, 26 January, 2021 - 15:41 · 1 minute

This is the subject of an interesting thread on the debian-devel mailing list.

It started with ".. The current policy of hiding other versions of Debian is limiting the adoption of your OS by people like me.."

It seems that this user managed to contact us developers and give us some important information how we can improve the user experience. The following discussion shows that all our users need non-free firmware to get their wireless network cards run.

Do we provide such installation images for our users?

Sure. We build them regularly, host them on our servers, we also sign the hash sum with our official signing key. But we hide them very well and still call them unofficial. Why? I would like to have a more positive name for those images. Ubuntu has the HWE (Hardware Enablement) kernel. Maybe Debian firmware enablement images?

We should better promote the images that fits best for our users.

BTW, the URL for all these useful images is https://cdimage.debian.org/cdimage/unofficial/non-free/images-including-firmware/

Since I'm not using the Debian installer or live image often, I thought my own installation tool would already do better. In FAI , I install the package firmware-linux-nonfree if I need some nonfree firmware. But it appears that this package does not depend on any WiFi firmware package. Oops. So, I've filed a bug report #980758 and propose to add another meta package that depends on a list of firmware packages for WiFi cards.

I've now added a workaround to the FAIme service . You can now generate fully automated customized installation images including nonfree firmware for the stable and testing release. The stable release images can also use a newer kernel and firmware from backports. All other package are still from stable. Another useful image variant in my opinion.

Debian FAIme


Značky: #Debian