Archive for the ‘gentoo’ Category.
February 3, 2012, 10:48 am
Gentoo Prefix is still alive and going strong. In my opinion, Gentoo Prefix remains a strong point of Gentoo Linux and really establishes that Gentoo Linux is a metadistribution. In this post I want to focus on the numbers. The number of packages in the Gentoo Prefix tree, specifically. But first, a history lesson. It wasn’t until EAPI3 in Gentoo that “allowed” Gentoo Prefix variables into the main Gentoo Linux tree. That was in late 2011, but Gentoo Prefix existed much before then, all the way back to 2006 (at least). Before EAPI3, the prefix team made slight modifications to ebuilds and placed them in a repo and called it the tree of packages for Gentoo Prefix. This worked fine, but we had growing pains. The major issue was that we were getting too successful to manage the increased contributions from users. In other words, as the number of “forked” packages grew, the amount of maintenance time increased greatly – this is due to the fact that it is a chore to keep our forks synced. At least, a large chore for a small team. This is why we looked for help and adoption from the other pool of 200 Gentoo Developers, hence EAPI3 and beyond. Since supporting Gentoo Prefix is not a big use of overall developer time, this has gone over quite well in my opinion – yes, there are some pain points at times I do realize. Enough history, here are the numbers:
- Number of packages in Gentoo Linux: 15554 packages in 154 categories.
- Number of total* packages in Gentoo Prefix: 9483 packages in 154 categories.
- Number of KEYWORDED packages in Gentoo Prefix: About 3000 for the most popular arch
- Number of packages still NOT in the main Gentoo Linux tree: 369 packages
* The total packages in the tree also contains non-keyworded packages because that just makes life simple. Once packages started migrating to the main tree, I helped think of this “whitelist” concept. The short version of the whitelist is that if a package is listed in that text file, it gets included in the Gentoo Prefix tree as a direct copy of the version in the Gentoo Linux tree. The presense of the package in the old repo means that it is used instead. Eventually, this concept will go away and we will overlay the Gentoo Linux tree directly.
So why is it taking so long to migrate ALL packages to the Gentoo Linux tree? Well, that is where the rubber meets the road and we get into roadblocks. A roadblock for us could be a number of things, such as a disagreement with the Gentoo Linux maintainer, some patches existing that we don’t feel are a good fit for Gentoo Linux, or even us being lazy and not submitting stuff to upstream. We also don’t want to push invasive changes to Gentoo Linux for critical packages, like the toolchain for example.
It has long since been our agenda to not add anymore packages to the old repo and going forward only adding new stuff to Gentoo Linux directly. I hope we can make a dent in those remaining 369 in 2012!
November 11, 2011, 12:25 pm
Colemak is my new keymap of choice. Luckily, Gentoo Linux supports it well. Unlike some of the crazy instructions people have posted out there, you only need to edit 2 files to convert your console and Xorg server. Note, I’m taking the time to write this because I couldn’t find easy instructions out there…
% cat /etc/conf.d/keymaps
# Use keymap to specify the default console keymap. There is a complete tree
# of keymaps in /usr/share/keymaps to choose from.
keymap="en-latin9"
<...>
% cat /etc/X11/xorg.conf.d/30-keyboard.conf
Section "InputClass"
Identifier "keyboard-all"
Option "XkbVariant" "colemak"
EndSection
October 24, 2011, 10:29 am
(Preface: Target audience for this post is Gentoo Devs + GMail WebUI users, however, anyone that forwards bugmail to GMail and has procmail between them could also use this.)
I find it annoying that the GMail web interface chooses to thread messages based on subject name alone, this creates two threads for every new bug report sent to you from bugzilla. Sadly, we can’t control the threading that Google tells us is “the only way” (subject based threading or email header based threading, which bugzilla does correctly). If you want to follow the rabbit trail that I went on regarding this subject, I won’t stop you…
Or you can use procmail to rewrite the subject, that is, remove “New: ” from the first email:
# Remove "New: " from the subject so threading in gmail works
SUBJ_=`formail -xSubject: | expand | tr -d '\n' | sed -e 's/^[ ]*//g' -e 's/New: //'`
:0
* ^From: bugzilla-daemon@gentoo.org
{
:0 fwh
| formail -i"Subject: ${SUBJ_}"
}
Tangentially related that may be useful, is this rule that kills duplicate messages when you report a bug and are assigned the same bug (or in CC). The bugzilla software has no way of knowing what email aliases you may be in.
# Kill duplicate messages. If I am the reporter *and* the bug is assigned to a
# team I am in, delete the mail to me directly
:0
* ^To: username@gentoo.org
* ^From: bugzilla-daemon@gentoo.org
* ^X-Bugzilla-Reporter: username@gentoo.org
* ^X-Bugzilla-(Assigned-To|CC):.*(team1|team2)@gentoo.org
/dev/null
I like the GMail WebUI. I use it. Please don't suggest that I should use other clients, I already know that other clients can handle the threading fine.
October 5, 2011, 2:11 pm
Well, I got sick of setting -python -perl on my Gentoo hosts, I even consider them “questionable defaults” for a majority of Gentoo users..
So, let this be an advanced notice that you may see some rebuilds for useflag changes. There has been sufficient testing such that there should be few to nil problems, but we can’t test everything. Please file bug reports, if needed.
See also:
September 16, 2011, 10:42 am
I don’t know how many people know about per-package environment variables in portage since 2.1.9 or so. (ref: bug 44796) It is a worthwhile enhancement to know about, regardless. Like most people, I have my PORTAGE_TMPDIR on tmpfs to speed up compilation times and reduce I/O usage. My 2G tmpfs mounted on /var/tmp/portage is large enough for almost all packages, even multiple jobs at once, however, not all. Solution:
% cat /etc/portage/package.env
app-office/libreoffice notmpfs.conf
% cat /etc/portage/env/notmpfs.conf
PORTAGE_TMPDIR=”/var/tmp/notmpfs”
(More info available in the portage man page)
Now, when I find my next package that needs notmpfs, it is as easy as: echo "cat-egory/pkg notmpfs.conf" >> /etc/portage/package.env which is much easier than bashrc hacks or something else insane that I have seen. Of course you can extend that to most make.conf settings, hope that helps someone.
April 10, 2011, 8:14 am
It has been awhile since I’ve posted about what I’ve been doing with Gentoo Linux. So, here is a general update for the team that I have been spending most of my time with.
- You may have seen the Bugzilla upgrade that Christian was working on. Gentoo moved from the bottom of the list provided from one of the upstream devs to the top of the list. (As of April 2011)
- I finally put an idea of mine into reality of graphing the number of “emerge –sync’s” against the rsync.gentoo.org rotation. Full graph and last 4 weeks
- A new reporting website was born: http://qa-reports.gentoo.org/ – The vision was: “Many Gentoo devs have useful scripts and many people complain that there is not a central place to see all the output.” This site is a solution, and open for all. repo: qa-scripts.git
- A new “Get Gentoo at a glance” website was born: http://get.gentoo.org/ that Matthew is still working on, so maybe expect some layout changes – The motivation for this was inspired from bug 350271, repo: get-gentoo.git
- Some behind the scenes work involving our mastermirror service. The current hardware running this important service is one of the oldest hosts we have.
Of course, there is always the untold hours to keep Gentoo Linux infrastructure running happily for all customers. As a final note, if you have a good idea, feel free to propose it via bugs or IRC. We will listen and definately avoid NIH syndrome if we can. Cheers.
February 11, 2011, 10:11 am
Scenario: You need to setup a service that requires ssh access to a remote host, possibly/probably by the root user. This service needs to run at regular intervals and it is critical that it works without a human entering a passphrase (even once).
Solution: The obvious solution that comes to mind is a ssh key. But a password-less key that allows root login? RED FLAG. However, there is a way to accomplish this without allowing a root login completely. That is to create, what I call, a single purpose key. I feel like this not a widely known trick, so I am archiving it so I don’t forget myself.
Details:
(Where local host is the host that needs ssh access and remote host is the host that you are “opening” up or allowing ssh access to)
- On the local host, create a ssh key without a passphrase for the root user, this is widely documented via other sources
- On the remote host, add the key to the
/root/.ssh/authorized_keys file. However, start the line in that file with command="/root/bin/validate-ssh.sh"
- On the remote host, the
/root/bin/validate-ssh.sh script is a simple script that allows access to your service and exits for anything else. An example of allowing rsync access [only]:
% cat /root/bin/validate-ssh.sh
#!/bin/bash
case "$SSH_ORIGINAL_COMMAND" in
rsync\ --server*)
# uncomment for debug
# echo "$(date +%Y%m%d): $SSH_ORIGINAL_COMMAND" >> /var/log/ssh-cmd.log
$SSH_ORIGINAL_COMMAND
;;
# debug
testconnect)
echo "You successfully connected to $(hostname)"
;;
*)
echo "Sorry, command '$SSH_ORIGINAL_COMMAND' is not allowed"
exit 1
;;
esac
- Optional, if you only want to allow this access from a small set of hosts add
from="192.168.1.11,10.80.80.1" to the same line in /root/.ssh/authorized_keys
So, now, you can use that password-less ssh key as root (assuming the remote host allows root logins via ssh) and you should see something. ssh root@remote testconnect will return that string. rsync root@remote:/file will work. Everything else will get the message that indicates it wasn’t allowed. This is expandable to just about everything provided that you know the “$SSH_ORIGINAL_COMMAND” – on another host I use it to allow password-less sshfs access, so SSH_ORIGINAL_COMMAND=/usr/lib/misc/sftp-server and so-forth.
Naturally, this will work for other users/uses as well. I’ve seen references that some admins are using this to allow access if and only if they enter a sekrit token, etc. I’ll also say that you should be smart with this, opening up root access is a hole – if anyone compromises the local host, I suppose they could get access to the remote host if they knew how.
January 25, 2011, 2:26 pm
The problem:
% dmesg | grep -i micro
Atom PSE erratum detected, BIOS microcode update recommended
Atom PSE erratum detected, BIOS microcode update recommended
microcode: CPU0 sig=0x106c2, pf=0x4, revision=0x208
microcode: CPU1 sig=0x106c2, pf=0x4, revision=0x208
microcode: Microcode Update Driver: v2.00 , Peter Oruba
I found out that some recent kernel that I loaded at an unknown time, was able to point out that I had ‘old’ microcode for my processor on my Aspire1 ZG5. I searched around for a BIOS upgrade, but since this is an older generation netbook, I quickly gave up when my searching yielded nothing useful. There is a userspace tool that you can use to ‘upgrade’ the microcode provided by Intel on every boot. In Gentoo Linux, that is called sys-apps/microcode-ctl. Simply install that and enable the init script on boot.
The output after:
% dmesg | grep -i micro
Atom PSE erratum detected, BIOS microcode update recommended
Atom PSE erratum detected, BIOS microcode update recommended
microcode: CPU0 sig=0x106c2, pf=0x4, revision=0x208
microcode: CPU1 sig=0x106c2, pf=0x4, revision=0x208
microcode: Microcode Update Driver: v2.00 , Peter Oruba
microcode: CPU0 updated to revision 0x218, date = 2009-04-10
microcode: CPU1 updated to revision 0x218, date = 2009-04-10
References:
Edit: Added a reference
