Planet Debian

Subscribe to Planet Debian feed
Planet Debian - https://planet.debian.org/
Updated: 10 min 36 sec ago

Olivier Berger: Virtual Labs presentation at the HubLinked meeting in Dublin

14 June, 2019 - 18:31

We have participated to the HubLinked workshop in Dublin this week, where I delivered a presentation on some of our efforts on Virtual Labs, in the hope that this could be useful to the partners designing the “Global Labs” where students will experiment together for Software Engineering projects.

In this presentation (PDF) I introduced our partners to the Labtainers and Antidote Open Source projects, which are quite promising for designing “virtual labs” using VMs and/or containers.

Thomas and I have recorded the speech, and I’ve used obs and kdenlive to edit the recording.

Here’s the results (unfortunately, the sound is of low quality):

Feel free to comment, ask, etc.

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, May 2019

14 June, 2019 - 14:20

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In May, 214 work hours have been dispatched among 14 paid contributors. Their reports are available:

  • Abhijith PA did 17 hours (out of 14 hours allocated plus 10 extra hours from April, thus carrying over 7h to June).
  • Adrian Bunk did 0 hours (out of 8 hours allocated, thus carrying over 8h to June).
  • Ben Hutchings did 18 hours (out of 18 hours allocated).
  • Brian May did 10 hours (out of 10 hours allocated).
  • Chris Lamb did 18 hours (out of 18 hours allocated plus 0.25 extra hours from April, thus carrying over 0.25h to June).
  • Emilio Pozuelo Monfort did 33 hours (out of 18 hours allocated + 15.25 extra hours from April, thus carrying over 0.25h to June).
  • Hugo Lefeuvre did 18 hours (out of 18 hours allocated).
  • Jonas Meurer did 15.25 hours (out of 17 hours allocated, thus carrying over 1.75h to June).
  • Markus Koschany did 18 hours (out of 18 hours allocated).
  • Mike Gabriel did 23.75 hours (out of 18 hours allocated + 5.75 extra hours from April).
  • Ola Lundqvist did 6 hours (out of 8 hours allocated + 4 extra hours from April, thus carrying over 6h to June).
  • Roberto C. Sanchez did 22.25 hours (out of 12 hours allocated + 10.25 extra hours from April).
  • Sylvain Beucler did 18 hours (out of 18 hours allocated).
  • Thorsten Alteholz did 18 hours (out of 18 hours allocated).
Evolution of the situation

May was a calm month, nothing really changed compared to April, we are still at 214 hours funded by month. We continue to be looking for new contributors. Please contact Holger if you are interested to become a paid LTS contributor.

The security tracker currently lists 34 packages with a known CVE and the dla-needed.txt file has 34 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Candy Tsai: Outreachy Week 4: Weekly Report

14 June, 2019 - 14:03

Just a normal weekly report this week. Can’t believe I’ve been in the Outreachy program for a month!

Progress for this week Week 5 tasks
  • Fix the self service section merge request
  • Enhance the concept UI for the history section
  • Outreachy blog post

Julian Andres Klode: Encrypted Email Storage, or DIY ProtonMail

14 June, 2019 - 03:47

In the previous post about setting up a email server, I explained how I setup a forwarder using Postfix. This post will look at setting up Dovecot to store emails (and provide IMAP and authentication) on the server using GPG encryption to make sure intruders can’t read our precious data!

Architecture

The basic architecture chosen for encrypted storage is that every incoming email is delivered to postfix via LMTP, and then postfix runs a sieve script that invokes a filter that encrypts the email with PGP/MIME using a user-specific key, before processing it further. Or short:

postfix --ltmp--> dovecot --sieve--> filter --> gpg --> inbox

Security analysis: This means that the message will be on the system unencrypted as long as it is in a Postfix queue. This further means that the message plain text should be recoverable for quite some time after Postfix deleted it, by investigating in the file system. However, given enough time, the probability of being able to recover the messages should reduce substantially. Not sure how to improve this much.

And yes, if the email is already encrypted we’re going to encrypt it a second time, because we can nest encryption and signature as much as we want! Makes the code easier.

Encrypting an email with PGP/MIME

PGP/MIME is a trivial way to encrypt an email. Basically, we take the entire email message, armor-encrypt it with GPG, and stuff it into a multipart mime message with the same headers as the second attachment; the first attachment is a control information.

Technically, this means that we keep headers twice, once encrypted and once decrypted. But the advantage compared to doing it more like most normal clients is clear: The code is a lot easier, and we can reverse the encryption and get back the original!

And when I say easy, I mean easy - the function to encrypt the email is just a few lines long:

def encrypt(message: email.message.Message, recipients: typing.List[str]) -> str:
    """Encrypt given message"""
    encrypted_content = gnupg.GPG().encrypt(message.as_string(), recipients)
    if not encrypted_content:
        raise ValueError(encrypted_content.status)

    # Build the parts
    enc = email.mime.application.MIMEApplication(
        _data=str(encrypted_content).encode(),
        _subtype='octet-stream',
        _encoder=email.encoders.encode_7or8bit)

    control = email.mime.application.MIMEApplication(
        _data=b'Version: 1\n',
        _subtype='pgp-encrypted; name="msg.asc"',
        _encoder=email.encoders.encode_7or8bit)
    control['Content-Disposition'] = 'inline; filename="msg.asc"'

    # Put the parts together
    encmsg = email.mime.multipart.MIMEMultipart(
        'encrypted',
        protocol='application/pgp-encrypted')
    encmsg.attach(control)
    encmsg.attach(enc)

    # Copy headers
    headers_not_to_override = {key.lower() for key in encmsg.keys()}

    for key, value in message.items():
        if key.lower() not in headers_not_to_override:
            encmsg[key] = value

    return encmsg.as_string()

Decypting the email is even easier: Just pass the entire thing to GPG, it will decrypt the encrypted part, which, as mentioned, contains the entire original email with all headers :)

def decrypt(message: email.message.Message) -> str:
    """Decrypt the given message"""
    return str(gnupg.GPG().decrypt(message.as_string()))

(now, not sure if it’s a feature that GPG.decrypt ignores any unencrypted data in the input, but well, that’s GPG for you).

Of course, if you don’t actually need IMAP access, you could drop PGP/MIME and just pipe emails through gpg --encrypt --armor before dropping them somewhere on the filesystem, and then sync them via ssh somehow (e.g. patching maildirsync to encrypt emails it uploads to the server, and decrypting emails it downloads).

Pretty Easy privacy (p≥p)

Now, we almost have a file conforming to draft-marques-pep-email-02, the Pretty Easy privacy (p≥p) format, version 2. That format allows us to encrypt headers, thus preventing people from snooping on our metadata!

Basically it relies on the fact that we have all the headers in the inner (encrypted) message. To mark an email as conforming to that format we just have to set the subject to p≥p and add a header describing the format version:

       Subject: =?utf-8?Q?p=E2=89=A1p?=
       X-Pep-Version: 2.0

A client conforming to p≥p will, when seeing this email, read any headers from the inner (encrypted) message.

We also might want to change the code to only copy a limited amount of headers, instead of basically every header, but I’m going to leave that as an exercise for the reader.

Putting it together

Assume we have a Postfix and a Dovecot configured, and a script gpgmymail written using the function above, like this:

def main() -> None:
    """Program entry"""
    parser = argparse.ArgumentParser(
        description="Encrypt/Decrypt mail using GPG/MIME")
    parser.add_argument('-d', '--decrypt', action="store_true",
                        help="Decrypt rather than encrypt")
    parser.add_argument('recipient', nargs='*',
                        help="key id or email of keys to encrypt for")
    args = parser.parse_args()
    msg = email.message_from_file(sys.stdin)

    if args.decrypt:
        sys.stdout.write(decrypt(msg))
    else:
        sys.stdout.write(encrypt(msg, args.recipient))


if __name__ == '__main__':
    main()

(don’t forget to add missing imports, or see the end of the blog post for links to full source code)

Then, all we have to is edit our .dovecot.sieve to add

filter "gpgmymail" "myemail@myserver.example";

and all incoming emails are automatically encrypted.

Outgoing emails

To handle outgoing emails, do not store them via IMAP, but instead configure your client to add a Bcc to yourself, and then filter that somehow in sieve. You probably want to set Bcc to something like myemail+sent@myserver.example, and then filter on the detail (the sent).

Encrypt or not Encrypt?

Now do you actually want to encrypt? The disadvantages are clear:

  • Server-side search becomes useless, especially if you use p≥p with encrypted Subject.

    Such a shame, you could have built your own GMail by writing a notmuch FTS plugin for dovecot!

  • You can’t train your spam filter via IMAP, because the spam trainer won’t be able to decrypt the email it is supposed to learn from

There are probably other things I have not thought about, so let me know on mastodon, email, or IRC!

More source code

You can find the source code of the script, and the setup for dovecot in my git repository.

Bits from Debian: 100 Paper cuts kick-off

14 June, 2019 - 01:30
Introduction

Is there a thorny bug in Debian that ruins your user experience? Something just annoying enough to bother you but not serious enough to constitute an RC bug? Are grey panels and slightly broken icon themes making you depressed?

Then join the 100 papercuts project! A project to identify and fix the 100 most annoying bugs in Debian over the next stable release cycle. That also includes figuring out how to identify and categorize those bugs and make sure that they are actually fixable in Debian (or ideally upstream).

The idea of a papercuts project isn't new, Ubuntu did this some years ago which added a good amount of polish to the system.

Kick-off Meeting and DebConf BoF

On the 17th of June at 19:00 UTC we're kicking off an initial brainstorming session on IRC to gather some initial ideas.

We'll use that to seed discussion at DebConf19 in Brazil during a BoF session where we'll solidify those plans into something actionable.

Meeting details

When: 2019-06-17, 19:00 UTC Where: #debian-meeting channel on the OFTC IRC network

Your IRC nick needs to be registered in order to join the channel. Refer to the Register your account section on the OFTC website for more information on how to register your nick.

You can always refer to the debian-meeting wiki page for the latest information and up to date schedule.

Hope to see you there!

Steinar H. Gunderson: Nageru email list

12 June, 2019 - 19:45

The Nageru/Futatabi community is now large enough that I thought it would be a good idea to make a proper gathering place. So now, thanks to Tollef Fog Heen's hosting, there is a nageru-discuss list. It's expected to be low-volume, but if you're interested, feel free to join!

As for Nageru itself, there keeps being interesting development(s), but that's for another post. :-)

Dirk Eddelbuettel: RcppArmadillo 0.9.500.2.0

12 June, 2019 - 18:58

A new RcppArmadillo release based on a new Armadillo upstream release arrived on CRAN, and will get to Debian shortly. It brings a few upstream changes, including extened interfaces to LAPACK following the recent gcc/gfortran issue. See below for more details.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 610 other packages on CRAN.

Changes in RcppArmadillo version 0.9.500.2.0 (2019-06-11)
  • Upgraded to Armadillo release 9.500.2 (Riot Compact)

    • Expanded solve() with solve_opts::likely_sympd to indicate that the given matrix is likely positive definite

    • more robust automatic detection of positive definite matrices by solve() and inv()

    • faster handling of sparse submatrices

    • expanded eigs_sym() to print a warning if the given matrix is not symmetric

    • extended LAPACK function prototypes to follow Fortran passing conventions for so-called "hidden arguments", in order to address GCC Bug 90329; to use previous LAPACK function prototypes without the "hidden arguments", #define ARMA_DONT_USE_FORTRAN_HIDDEN_ARGS before #include <armadillo>

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Martin Michlmayr: ledger2beancount 1.8 released

12 June, 2019 - 16:32

I released version 1.8 of ledger2beancount, a ledger to beancount converter.

I ran ledger2beancount over the ledger test suite and made it much more robust. If ledger2beancount 1.8 can't parse your ledger file properly, I'd like to know about it.

Here are the changes in 1.8:

  • Add support for apply year
  • Fix incorrect account mapping of certain accounts
  • Handle fixated commodity and postings without amount
  • Improve behaviour for invalid end without apply
  • Improve error message when date can't be parsed
  • Deal with account names consisting of a single letter
  • Ensure account names don't end with a colon
  • Skip ledger directives eval, python, and value
  • Don't assume all filenames for include end in .ledger
  • Support price directives with commodity symbols
  • Support decimal commas in price directives
  • Don't misparse balance assignment as commodity
  • Ensure all beancount commodities have at least 2 characters
  • Ensure all beancount metadata keys have at least 2 characters
  • Don't misparse certain metadata as implicit conversion
  • Avoid duplicate commodity directives for commodities with name collisions
  • Recognise deferred postings
  • Recognise def directive

Thanks to Alen Siljak for reporting a bug.

You can get ledger2beancount from GitHub.

Markus Koschany: My Free Software Activities in May 2019

12 June, 2019 - 03:27

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games
  • Like in previous release cycles I published a new version of debian-games at the end to incorporate the latest archive changes. Unfortunately, Netbeans, the Java IDE, cuyo and holdingnuts didn’t make it and I demoted them to Suggests.
  • A longstanding graphical issue (#871223) was resolved in Neverball where stars in goal points where displayed as squares. As usual something (OpenGL-related?) must have changed somewhere but in the end the installation of some missing png files made the difference. How it worked without them before remains a mystery.
  • I sponsored two uploads which were later unblocked for Buster. Bernat reported a crash in etw, a football simulation game ported from the AMIGA. Fortunately Steinar H. Gunderson could provide a patch quickly. (#928240)
  • A rebuild of marsshooter, a great looking space shooter with an awesome soundtrack, may have been the trigger for a segmentation fault. Jacob Nevins stumbled over it and Bernhard Übelacker provided a patch to fix missing return statements.  (#929513)
Debian Java
  • I provided a security update for jackson-databind to fix CVE-2019-12086 (#929177) in Buster and prepared DSA-4452-1 to fix the remaining 11 CVE in Stretch.
  • Unfortunately Netbeans will not be in Buster. There were at least two issues why I could not recommend our Debian version, clear regressions in comparison to the version in Stretch. I found it odd that the severest one was fixed in Ubuntu shortly after the removal from testing. I surely would have appreciated the patch for Debian too. At the moment I don’t believe I will continue to work on Netbeans, very time consuming to get it in shape for Debian, too many dependencies, where the slightest changes in r-deps may cause bugs in Netbeans, nobody else in the Java team is really interested and most Java developers probably install the upstream version. A really bad combination.
Misc Debian LTS

This was my thirty-ninth month as a paid contributor and I have been paid to work 18 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • I investigated CVE-2019-0227, axis and suggested to mark it as unimportant. I triaged CVE-2019-0227, ampache as no-dsa for Jessie.
  • DLA-1798-1. Issued a security update for jackson-databind fixing 1 CVE.
  • DLA-1804-1. Issued a security update for curl fixing 1 CVE.
  • DLA-1816-1. Issued a security update for otrs2 fixing 2 CVE.
  • DLA-1753-3. Issued a regression update for proftpd-dfsg. When the creation of a directory failed during sftp transfer, the sftp session would be terminated instead of failing gracefully due to a non-existing debug logging function.
  • DLA-xxxx-1. I’m currently testing the next security update of phpmyadmin. I triaged or fixed 19 CVE.
ELTS

Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my twelfth month and I have been paid to work 8 hours on ELTS (15 hours were allocated). I intend to use the remaining hours in June.

  • I investigated three CVE in pacemaker, CVE-2018-16877, CVE-2018-16878, CVE-2019-3885 and found that none of them affected Wheezy.
  • ELA-127-1. Issued a security update for linux and linux-latest fixing 15 CVE.

Thanks for reading and see you next time.

Petter Reinholdtsen: More sales number for my Free Culture paper editions (2019-edition)

11 June, 2019 - 21:05

The first book I published, Free Culture by Lawrence Lessig, is still selling a few copies. Not a lot, but enough to have contributed slightly over $500 to the Creative Commons Corporation so far. All the profit is sent there. Most books are still sold via Amazon (83 copies), with Ingram second (49) and Lulu (12) and Machette (7) as minor channels. Bying directly from Lulu bring the largest cut to Creative Commons. The English Edition sold 80 copies so far, the French 59 copies, and Norwegian only 8 copies. Nothing impressive, but nice to see the work we put down is still being appreciated. The ebook edition is available for free from Github.

Title / language Quantity 2016 jan-jun 2016 jul-dec 2017 jan-jun 2017 jul-dec 2018 jan-jun 2018 jul-dec 2019 jan-may Culture Libre / French 3 6 19 11 7 6 7 Fri kultur / Norwegian 7 1 0 0 0 0 0 Free Culture / English 14 27 16 9 3 7 3 Total 24 34 35 20 10 13 10

It is fun to see the French edition being more popular than the English one.

If you would like to translate and publish the book in your native language, I would be happy to help make it happen. Please get in touch.

Bits from Debian: DebConf19 welcomes its sponsors!

11 June, 2019 - 19:20

DebConf19 is taking place in Curitiba, Brazil, from 21 July to 28 July 2019. It is the 20th edition of the Debian conference and organisers are working hard to create another interesting and fruitful event for attendees.

We would like to warmly welcome the first 29 sponsors of DebConf19, and introduce you to them.

So far we have three Platinum sponsors.

Our first Platinum sponsor is Infomaniak. Infomaniak is Switzerland's largest web-hosting company, also offering backup and storage services, solutions for event organizers, live-streaming and video on demand services. It wholly owns its datacenters and all elements critical to the functioning of the services and products provided by the company (both software and hardware).

Next, as a Platinum sponsor, is Google. Google is one of the largest technology companies in the world, providing a wide range of Internet-related services and products as online advertising technologies, search, cloud computing, software, and hardware. Google has been supporting Debian by sponsoring DebConf since more than ten years, and is also a Debian partner.

Lenovo is our third Planinum sponsor. Lenovo is a global technology leader manufacturing a wide portfolio of connected products, including smartphones, tablets, PCs and workstations as well as AR/VR devices, smart home/office solutions and data center solutions. This is their first year sponsoring DebConf.

Our Gold sponsor is Collabora, a global consultancy delivering Open Source software solutions to the commercial world. Their expertise spans all key areas of Open Source software development. In addition to offering solutions to clients, Collabora's engineers and developers actively contribute to many Open Source projets.

Our Silver sponsors are: credativ (a service-oriented company focusing on open-source software and also a Debian development partner), Cumulus Networks, (a company building web-scale networks using innovative, open networking technology), Codethink (specialists in system-level software infrastructure supporting advanced technical applications), the Bern University of Applied Sciences (with over 6,800 students enrolled, located in the Swiss capital), Civil Infrastructure Platform, (a collaborative project hosted by the Linux Foundation, establishing an open source “base layer” of industrial grade software), \WIT (offering a secure cloud solution and complete data privacy via Kubnernetes encrypted hardware virtualisation), Hudson-Trading, (a company researching and developing automated trading algorithms using advanced mathematical techniques), Ubuntu, (the Operating System delivered by Canonical), NHS (with a broad product portfolio, they offer solutions, amongst others, for data centres, telecommunications, CCTV, and residential, commercial and industrial automation), rentcars.com who helps customers find the best car rentals from over 100 rental companies at destinations in the Americas and around the world, and Roche, a major international pharmaceutical provider and research company dedicated to personalized healthcare.

Bronze sponsors: 4Linux, IBM, zpe, Univention, Policorp, Freexian, globo.com.

And finally, our Supporter level sponsors: Altus Metrum, Pengwin, ISG.EE, Jupter, novatec, Intnet, Linux Professional Institute.

Thanks to all our sponsors for their support! Their contributions make it possible for a large number of Debian contributors from all over the globe to work together, help and learn from each other in DebConf19.

Become a sponsor too!

DebConf19 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through sponsors@debconf.org, and visit the DebConf19 website at https://debconf19.debconf.org.

Keith Packard: snek-1.0

10 June, 2019 - 05:48
Snek 1.0

I've released version 1.0 of Snek today.

Features
  • Python-inspired. Snek is a subset of Python: learning Snek is a great way to start learning Python.

  • Small. Snek runs on an original Arduino Duemilanove board with 32kB of ROM and 2kB of RAM. That's smaller than the Apollo Guidance Computer

  • Free Software. Snek is licensed under the GNU General Public License (v3 or later). You will always be able to get full source code for the system.

Ports Hosts Documentation

Read the Snek manual online or in PDF form:

Dirk Eddelbuettel: #22: Using Rocker and PPAs for Fun and Profit

10 June, 2019 - 01:18

Welcome to the 22nd post in the reasonably rational R recommendations series, or R4 for short.

This post premieres something new: a matching video in lightning talk style:

The topic is something we had mentioned a few times before in this r^4 blog series, for example in this post on finding deb packages as well as in this post on binary installations. Binaries rocks, where available, and Michael Rutter’s PPAs should really be known and used more widely. Hence the video and supporting slides.

Dirk Eddelbuettel: littler 0.3.8: Several nice new features

9 June, 2019 - 23:49

The nineth release of littler as a CRAN package is now available, following in the thirteen-ish year history as a package started by Jeff in 2006, and joined by me a few weeks later.

littler is the first command-line interface for R and predates Rscript. And it is (in my very biased eyes) better as it allows for piping as well for shebang scripting via #!, uses command-line arguments more consistently and still starts faster. It also always loaded the methods package which Rscript converted to only more recently.

littler lives on Linux and Unix, has its difficulties on macOS due to yet-another-braindeadedness there (who ever thought case-insensitive filesystems as a default where a good idea?) and simply does not exist on Windows (yet – the build system could be extended – see RInside for an existence proof, and volunteers are welcome!). See the FAQ vignette on how to add it to your PATH.

A few examples are highlighted at the Github repo, as well as in the examples vignette.

This release extends the support for options("Ncpus") to the scripts install.r and install2.r (which has docopt support) making installation of CRAN packages proceed in parallel and thus quite a bit faster. We also added a new script to run tests from the excellent tinytest package, made the rhub checking scripts more robust to the somewhat incomplete latex support there, and updated some documentation.

The NEWS file entry is below.

Changes in littler version 0.3.8 (2019-06-09)
  • Changes in examples

    • The install.r and install2.r scripts now use parallel installation using options("Ncpu") on remote packages.

    • The install.r script has an expanded help text mentioning the environment variables it considers.

    • A new script tt.t was added to support tinytest.

    • The rhub checking scripts now all suppress builds of manual and vignettes as asking for working latex appears to be too much.

  • Changes in package

    • On startup checks if r is in PATH and if not references new FAQ entry; text from Makevars mentions it too.
  • Changes in documentation

    • The FAQ vignette now details setting r to PATH.

CRANberries provides a comparison to the previous release. Full details for the littler release are provided as usual at the ChangeLog page. The code is available via the GitHub repo, from tarballs and now of course all from its CRAN page and via install.packages("littler"). Binary packages are available directly in Debian as well as soon via Ubuntu binaries at CRAN thanks to the tireless Michael Rutter.

Comments and suggestions are welcome at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Giovanni Mascellani: DQIB, the Debian Quick Image Baker

9 June, 2019 - 20:00

Debian supports (either officially or unofficially) a lot of architectures, which is of course a nice thing. Sometimes you want to play with some exotic architecture you are not familiar with, or you want to debug a problem with that architecture, but you do not have a computer implementing that architecture. Fortunately QEMU is able to emulate most of the architectures supported by Debian (ia64 being an exception), however it can be difficult to install it or to find ready-to-use images on the Internet (there are some, but usually they are quite a few years old). Let's also say that for some reason you cannot or do not want to use the Debian porterboxes (maybe you are not a DD, or you want to mess up with the network, or you want to be root). What do you do?

Mostly for the fun of hacking on some exotic architectures, I tried to brew together a little script, the Debian Quick Image Baker (DQIB). It is basically a wrapper that calls qemu-debootstrap with the right options (where "right" means "those that I have experimentally found to work"), with some thin icing layer on top. qemu-debootstrap is basically another wrapper on top of debootstrap, which of course does the heavy lifting, and qemu-user-static, that allows debootstrap to run executables for foreign architectures.

With DQIB you can quickly create working images for most Debian official architectures (i386, amd64, mips, mipsel, mips64el, armhf, arm64, ppc64el). s390x works, but requires a little workaround because of a little bug that was fixed in recent QEMU versions. Images for armel can be created, but the only Linux kernel offered by Debian for armel does not work on any QEMU machine. I don't know of a workaround here. I would also like to support non official architectures, but this is work in progress. For all the non official architecture, either qemu-debootstrap fails for some reason, or I cannot find the right options to make the Debian-distributed kernel running (except for riscv64, where I know how to make the kernel work, but it requires some non trivial changes to the DQIB script; however, the riscv64 panorama is very dynamical and things could change in very little time).

You can either clone the repository and run DQIB on you computer (check out the README), or download pre-baked images regenerated weekly by a CI process (which include the right command line to launch QEMU; see above for the definition of "right").

(You might ask why this is hosted on Gitlab.com instead of the Debian Developer's obvious choice. The reason is that the artifacts generated by the CI are rather large, and I am not sure DSA would be happy to have them on their servers)

Have fun, and if know how to support more architectures please let me know!

Jonathan McDowell: NIDevConf 19 slides on Home Automation

9 June, 2019 - 17:50

The 3rd Northern Ireland Developer Conference was held yesterday, once again in Riddel Hall at QUB. It’s a good venue for a great conference and as usual it was a thoroughly enjoyable day, with talks from the usual NI suspects as well as some people who were new to me. I finally submitted a talk this year, and ended up speaking about my home automation setup - basically stringing together a bunch of the information I’ve blogged about here over the past year or so. It seemed to go well other than having a bit too much content for the allocated time, but I got the main arc covered and mostly just had to skim through the additional information. I’ve had a similar talk accepted for DebConf19 this Summer, with a longer time slot that will allow me to go into a bit more detail about how Debian has enable each of the pieces.

Slides from yesterday’s presentation are below; if you’re a regular reader I doubt there’ll be anything new and it’s a slide deck very much intended to be talked around rather than stand alone so if you weren’t there they’re probably not that useful. I believe the talk was recorded, so I’ll update this post with a link once that’s available (or you can check the NIDevConf Youtube channel yourself).

Note that a lot of the slides have very small links at the bottom which will take you to either a blog post expanding on the details, or an external reference I think is useful.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.

</embed>

Also available for direct download.

Thorsten Alteholz: My Debian Activities in May 2019

8 June, 2019 - 18:47

FTP master

Nothing changed compared to last month, so this was again a quiet month. I only accepted 126 packages and rejected 15 uploads. The overall number of packages that got accepted was 156.

Debian LTS

This was my fifty ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 18h. During that time I did LTS uploads or prepared security uploads of:

  • [DLA 1783-1] atftp security update for two CVEs
  • [DLA 1803-1] php5 security update for three CVEs
  • [DLA 1807-1] vcftools security update for three CVEs
  • [DLA 1811-1] miniupnpd security update for six CVEs

I also helped the maintainer of lemonldap-ng to create his DLA 1791-1. Further I created a package for testing bind9 and wpa, but both failed miserably in the wild, so I have to start from scratch here.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twelfth ELTS month.

During my allocated time I uploaded:

  • ELA-120-1 of php5 for one CVE
  • ELA-122-1 of curl for one CVE

As like LTS, the bind9 package did not really work, thanks to Roberto C. Sánchez for telling me this.

I also did some days of frontdesk duties.

Other stuff

I uploaded a new upstream version of …

I uploaded a new package for …

On my Go challenge I uploaded golang-github-joyent-gosign, golang-golang-x-xerrors, golang-gopkg-ldap.v3, golang-github-ovh-go-ovh

Emmanuel Kasper: PowerShell on Debian

8 June, 2019 - 18:18
I heard some time ago that Microsoft released their interactive and
scripting language PowerShell under an opensource license (MIT) but I completely missed that they were providing a repository and ready to use packages for your favorite distribution.

Anyway an apt-get away and that's it:



New-Object net.sockets.tcpclient("libera.cc", 80) opens a TCP connection to a target host, a quick way to test if a port is open ( look for Connected: True for a successful socket creation)

Benjamin Mako Hill: Sinonym

8 June, 2019 - 01:46

I’d like to use “sinonym” as another word for an immoral act. Or perhaps to refer to the Chinese name for something. Sadly, I think it might just be another word for another word.

Norbert Preining: Nessie Mystery: Finally Solved

7 June, 2019 - 20:04

The long standing mystery of Nessie, the Monster of Loch Ness, has finally been resolved! And that by my daughter of three years!

In a lovely present my daughter got recently in Berlin, a book full of sheep, in particular Shaun the Sheep (in German a so called “Wimmelbuch”), my daughter spotted Nessie on one of the images. It is clearly to be seen in the above image.

And with Sherlock Holmes worthy detectiveness, she realized the Nessie is in fact a sheep, and even more, it is Shaun. The reason is quite simple:

Both have this very strange mouth!

Finally the world can rest in peace.

Pages

Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้