Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

With EvolvisForge 4.8.3+evolvis20, we have a new configuration system for Apache 2 (being prepared for merging into FusionForge) which greatly simplifies things.

The most common tasks can now be easily solved:

  • /etc/gforge/templates/httpd.ssl0.inc: uncomment two lines, and all forge vhosts redirect to https unconditionally
  • /etc/gforge/templates/httpd.auth.forge.inc: uncomment a bunch of lines, and you get HTTP Basic Auth with PAM backend accessing nss_pgsql2, which means you must login with your forge username and password to display the site
  • /etc/gforge/templates/httpd.auth.projects.inc: copy the same lines here, and the project homepages (*.forge vhosts) are protected in the same manner
  • /etc/gforge/httpd.d/*: change 02namevhost, 06maindirhttp, 20list, 40virtualhost if you want not *:80 and *:443 vhosts but per-IPv4-address vhosts
  • /etc/gforge/gforge.conf: insert lines like 「sys_sslcrt=/etc/ssl/my.cer」, 「sys_sslkey=/etc/ssl/private/my.key」, 「sys_ssl_apache_extra_cmd=SSLCertificateChainFile /etc/ssl/chain.pem」 to configure HTTPS properly and easily

Of course, there’s more to that: If you have more vhosts, just 「Include /etc/gforge/httpd.security.inc」 to disable a potential security hole / information leak, 「Include /etc/gforge/httpd.log.inc」 to log into the same files, 「Include /etc/gforge/httpd.ssl0.inc」 (SSL off) and 「Include /etc/gforge/httpd.ssl1.inc」 (SSL on) to use the same SSL configuration as the forge. The latter is especially important if you have more than one 〈VirtualHost *:443〉 container, as Apache 2 uses the configuration from the ASCIIbetically first one.

I was able to completely switch from the old, hand-edited configuration to a generated one with little, if any, changes on all our installations now. Some legacy or useful vhosts have been split out, for example a redirect for the old-style Wiki URIs, the Maven 2 repository vhosts, and Alfresco/Domisol (which was already separate but now got split port-80/443 configuration and the above-mentioned Include directives).

Furthermore, eMails from forge users to the FOO-commits@ mailing lists are always allowed by default for newly created lists, and users added to a group with SVN commit rights will be automatically subscribed to that list. We now issue the Forge Identification Header and display the version on the webpage. There was, of course, your usual round of bugfixes and infrastructure improvements, including preparations for more things to come (so stay tuned).

Roland will, as usual, take the best out of EvolvisForge and put it into FusionForge (et vice versa).

There’s also news on the not-so-forge front of Evolvis: our Hudson installations talk Jabber now, and the integration is becoming more tight. We can drive both old-style wikis and gforge-plugin-mediawiki at the same time. We’ve begun adding a bunch of mediawiki plugins (more to follow as needed); if there are people packaging those for Debian already, cooperation is desired.

Until 12th of June, the “Fairtrade Software” booth at LinuxTag 2010 in Berlin, Germany, will present Evolvis and FusionForge to the public. Visit us in Hall 7.2a, Booth 123, and check out the other exciting tarent projects!

SPARCstation 20 (75 MHz)

09.06.2010 by tg@
Tags: debian rant

Wenn Du denkst, MirBSD wäre langsam und sein Installer in irgendeiner Art und Weise doof, dann installiere mal Debian (etch, neuere Versionen können nur noch sun4u und sun4v, kein sun4m mehr) auf einer SPARCstation 20.

Lahm wie Sau, das Teil. Und der Installer ist schwarz auf weiß – was nicht so schlimm wäre, wenn der Cursor (und die dialog-Markierungen) nicht ebenfalls schwarz auf weiß wären…

Ich bin ja mal gespannt, ob das durchläuft.

In response to a planet.d.o series (mentioned in #grml on IRC) of postings: In a sensible shell, Esc+# not only pushes it back but also re-enables the command. Try it out: l s Esc # Cursor-Up Esc #

tg@blau:~ $ #ls
tg@blau:~ $ ls

The command sticks in the history, and is not immediately shown in the next interactive input line, which I consider a plus in most use cases. Anyway, try mksh (just a-g i it), there are a lot of goodies. I found out about Ctrl-O only a year or so ago myself…

I wonder why schizo didn’t write about how to do it in posh tho ☺

Hello, World!

22.05.2010 by tg@
Tags: mksh

Just a random status update: I’ve been too busy with the dayjob, now ill for about two weeks already. There have been some minor mksh fixes but I’d still like to catch up on the Austin ML postings before releasing R39d; Android discussion is live. The base system has some issues found, but I will take a while (no hacking mood, even when not ill).

Scan this! and Google’s playable logo is just weird (at least no sound in Opera) but at least it’s not Fläsh. I played it but there’s no second level. Tonnerre likes «Forth op de Fiets» (as a pun on Ruby on Rails), which lets me remember the Forth Glockenspiel.

Sorry for the lack of updates, but MirBSD is still pretty much a fun project, and Benny is working on his Doctor thesis too.

FWIW: Patents on software are evil and times are worsening. I suppose, if we’ll be able to continue MirBSD at all, I need to disable FAT LFN support. Sucks.

The bsiegert-cfgfile branch of the MirPorts package tools is coming along nicely. Today I committed a patch to info/perform.c that puts its logic from the head on its feet, making the function more readable and, incidentally, getting rid of two gotos. The header of the information has become a little more informative. Watch:

% pkg_info foo
pkg_info(foo): cannot find package 'foo' installed or in a file!

% pkg_info tiff | head -4
Information for tiff-3.7.4-1 (installed):

Comment:
library routines for working with TIFF images

Something new that I got working is support for giving the name of an uninstalled package in a repository mentioned in the new /etc/pkgtools/pkgtools.conf file. This works for both local and remote repos:

% pkg_info tiff-cxx | head -4
Information for /usr/ports/Packages/tiff-cxx-3.7.4-1.cgz:

Comment:
C++ API for working with TIFF images

% pkg_info mc | head -4
>>> ftp -o - http://www.mirbsd.org/MirOS/Pkgs/current/i386//mc-4.6.1-16.cgz
Information for /var/folders/Xk/XkVpSyd8F0WZnoK9NwgsWU+++TI/-Tmp-//instmp.4OV2INPVOK:

Comment:
free Norton Commander clone with many useful features

Actually, in the last case, the output could be improved some more :). You can also give it a package specification such as "tiff->=3.0". If more than one package matches the specification given, then a menu is displayed from which you choose one. This happens, for instance, if you have an older version built locally and a newer version of the same package in a remote repo, or if several flavours of the package are available.

The changes are not in the HEAD branch yet, I will merge them when I consider it "done".

tl;dr: EvolvisForge 4.8 deployed on *all* tarent systems now. Let’s party! Stay tuned for even more cool features.

I just installed EvolvisForge 4.8.3+evolvis12 (after quite some bugfixing) on evolvis.org and the last remaining internal instance.

This means that tarent is no longer running GForge 4.5 so let’s celebrate!

You’re hereby cordially invited to check out the public Evolvis and what makes it so good (FusionForge based) and then even better (our hard work ☺). This is the latest and greatest, but still work in progress, we have a lot of further improvements planned, so stay tuned!

Some things are ugly.

Waldi’s suggestion fails.

db4.6_upgrade: Program version 4.6 doesn’t match environment version 4.4
db4.6_upgrade: DB_ENV->open: DB_VERSION_MISMATCH: Database environment version mismatch

Can’t start it manually.

debian-sks@dev:~$ /usr/sbin/sks recon
Fatal error: exception Bdb.DBError(“Program version 4.6 doesn’t match environment version 4.4″)

The log only shows:

2010-05-09 16:59:29 Opening log
2010-05-09 16:59:29 sks_db, SKS version 1.1.0
2010-05-09 16:59:29 Copyright Yaron Minsky 2002, 2003, 2004
2010-05-09 16:59:29 Licensed under GPL. See COPYING file for details
2010-05-09 16:59:29 http port: 11371
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Opening KeyDB database
2010-05-09 16:59:29 Shutting down database

The solution is ugly as hell, too:

root@dev:/ # su – debian-sks
debian-sks@dev:~$ cd DB
debian-sks@dev:~/DB$ db4.4_checkpoint -1
debian-sks@dev:~/DB$ db4.4_recover
debian-sks@dev:~/DB$ db4.4_archive
log.0000002839
log.0000002840
log.0000002841
log.0000002842
log.0000002843
log.0000002844
log.0000002845
debian-sks@dev:~/DB$ db4.6_archive -d
debian-sks@dev:~/dump$ cd ../PTree/
debian-sks@dev:~/PTree$ db4.4_checkpoint -1
debian-sks@dev:~/PTree$ db4.4_recover
debian-sks@dev:~/PTree$ db4.4_archive
debian-sks@dev:~/PTree$ db4.6_archive -d
debian-sks@dev:~/PTree$ logout
root@dev:/ # /etc/init.d/sks start
Starting sks daemons: sksdb.. sksrecon.. done.

Wow, our internal keyserver works again. Thank you, Debian…

This solution courtesy of Uwe Hermann, although it was for Suckwürstchen.

Upcoming migrations

03.04.2010 by tg@

I finally managed to move my arse and buy a new Socket 7 CPU fan for herc, two new 160 GB IDE HDDs for tear, and plan a number of other migrations. Within the next time, the SSL certificates will be renewed (changed away from CAcert to some as of yet undefined CA for the main (web)server and to ca.mirbsd.org for the secondary services), www will possible move to a dedicated box, cvs from herc to tear for sure though. I’m at gecko2@’s place right now though, so it’ll take a while more (obviously). I’ll take the chance to re-design a number of things during the process and clean up old, no longer used things, as well.

I know I should probably have written something about CLT (it was great, except for the social event, which confused everyone about the who where etc. and I had a headache and the sounds they provided (no music…) didn’t help either, but it was planned and exercised very well and much cleaner than ULB too ☺) and that I managed to do two geocaches in East Germany… and a plethora of other things (I did staff the Debian booth, there were neither a MirBSD nor FreeWRT booth after all; there is interest in makefs(8) but the 31/32-bit limit must go; etc). I’ve had a demanding three weeks at work though, and I’ll probably not write much content for the website anyway any more, but I’ll try to get more hacking done. mksh got more POSIX compliance, and we’re discussing about the things on the Austin Group mailing list. I’ll be writing a bootloaderloader for mika and Grml, with special consideration for a blind user. I need to get screws, RAM, a hard disc and a PSU for my new Cobalt Qube2 and put Debian on it to debug things. I plan to buy the upgrade kit (to 20 MiB RAM) and a new battery for nwt (and use glue to put the broken-off edge back there) just like I started renovating my hardware pool. OpenSSH needs an import, others may need work. So, I’ve got a TODO longer than a lifetime, so I get to pick my things ;-)

There will not be a MirBSD booth at LinuxTag in Berlin. If I’m going (even that’s not sure), I join a shared AllBSD booth, which seems to not happen, or… bsiegert@ will be at some conference for his Chemistry stuff again, and it’s too far for gecko2@ to attend, so I would’ve been alone anyway. At FrOSCon, though, we’ll be sure to happen (I’m even trying to cobble together a FreeWRT booth again, but there are not enough volunteers coming who aren’t expected as another booths’ staff).

gecko2@ upgraded ports/editors/nano and desired documentation, possibly in the form of a tutorial, on how to do it. And I hope bsiegert@ will remember that Google’s “Go” is the second one of that name and use something like ports/lang/google-go (on second thought, a company name in a directory is bad too). And there’s kencc in ports already so I’d like an Inferno port first.

ciruZ said that Syllable is pretty much dead… sad, since mksh now works on Haiku and both Syllable and Plan 9 had similar issues with it, so I was hoping we could get them fixed… (bsiegert@ is our resident Plan 9 expert, so I need to push him into looking at it.) Speaking of MirWorldDomination, /system/bin/sh on Android-x86 is an mksh(1) already ☺

Go

02.04.2010 by bsiegert@

Today was a fine day, which I spent at the excellent Zoo de Mulhouse. Alas, most of the plants there are still in “winter mode”.

Recently, i mentioned in a thread on reddit that Limbo (under Inferno) is “my favorite obscure programming language”. Someone else replied that “it is now called Go”. This led me to take a look at the Go programming language made by Google. Sure enough, there are big names behind it: Rob Pike and Ken Thompson, of Unix (and Plan9) fame, and also Russ Cox, one of the most prolific Plan 9 fans.

When you compile Go, the first thing that is built is a lib9, which contains Plan 9 code, such as the rune routines for UTF-8. The Go compiler is derived from kencc. For the 386 architecture (the one I tested), you get 8g (Go), 8c (C), 8l (linker) and 8a (assembler). For the record, there is also a Go compiler using gcc, which is able to call C code.

Leaving obvious syntax differences aside, Go indeed resembles Limbo quite closely. There is no first-class list data type however, and there exists a curious difference between arrays and slices. Slices are some sort of pointer to (part of) an array. Arrays are passed by-value to functions while slices are passed by reference, it seems. There is also an associative array type that maps one data type of your choice to another, for example a string to an int. Other Limbo niceties, such as easy string manipulations, are also present.

The first thing I tried was porting a scientific program I had written in Limbo before. The math module looks almost like its counterpart in Inferno but is missing the gemm() function (generic matrix multiplication) from BLAS3. Thus, I ported it from the Inferno sources, where gemm() is written in C. (By the way, that code looks like it has been ported from Fortran 77.) Porting from C just involves removing a few parentheses (in if and for clauses) and semicolons (just about everywhere).

I have not explored it much further yet. But it does look very interesting for system programming and similar things. The only thing missing now is a MirPort ...

tl;dr: EvolvisForge 4.8.3+evolvis2 deployed, almost all systems converted; FusionForge 5.0 coming Really Soon Now, faster if YOU help!

I’m happy. I just was able to deploy a new version with many improvements on almost all of our systems (save the two which are not yet on 4.8 but stuck on 4.5 codebase).

For example, Roland has provided code to set the roles’ default permissions in a new forum, tasks or tracker subproject to some (sane) default value, instead of Read – now that they’re suddenly honoured, the bug (of them not being set to e.g. Tech) surprised many people.

I’ve written a CAPTCHA for user self-registration, in the hope of fooling automated login bots to fight spam accounts like we see at evolvis.org quite often these days (maybe spammers have special bot codes for *forge?).

The automated creation of ~user/.forward to enable mail forwarding for «user»@«forge» the same way «user»@users.«forge» is already handled now also works well. Other nifty things include bug fixes and more features in our theme (which should not be considered public) and the mediawiki plugin (allowing better control over importing, editing the Sidebar, logos, etc) and better XHTML/CSS compliance and browser compatibility.

Admins will love this: one can now set the password of any user if one is a Site Admin! (Before, this involved quite some database fiddling after calling md5(1) and encrypt(1) manually.)

The only sad things I see are that we cannot yet upgrade all instances we run to gforge-plugin-mediawiki, so they keep running the old-style separate wikis, which run on the same database though, preventing it from being upgraded from PostgreSQL 8.1 to 8.3 (due to the age of the mediawiki engine being used), and that our internal forge and the public one, evolvis.org, cannot yet be upgraded (especially as I’ll be on vacation RSN).

Still, we hope our cow-orkers enjoy the new release.

On the other track, we’re already running towards a stable 5.0 release, which will rock. One of my colleagues is helping with translating the strings into German upstream, and the branch is created; the code is being stabilised now and short of a release (also, thanks to the speedy help of the Debian FTP masters, with a detailed and correct debian/copyright file and a DFSG free distfile). Some tarent/evolvis extensions have found their way in there already; FusionForge 5.1 will have more, we guess.

Keep up the great work, FusionForge people!

FAQ: When will FusionForge 5.0 be released? ⇒ As soon as it’s ready. Faster if you help.

EvolvisForge will migrate to a 5.0-based code some time after, taking care of possible regressions and merging our changes, some of which will then wander into FusionForge trunk, hopefully ☺

CLT 2010

07.03.2010 by tg@

Quite surprisingly, I’ll attend the Chemnitzer Linuxtage 2010 in Eastern Germany. This is a happenstance, I managed to get fast transportation (via my boss) and accomodation (in a hotel). I will try to help staffing the booth of Debian this time (so I cannot be called Traitor any longer). Schedule, due to the spontaneousness of this, no, though. I may not even be there on Sunday, dunno…

No RCBD (or night) though, some real life and a new release (with fix of an FTBFS-on-hurd-i386 bug) though:
RMD160 (/MirOS/dist/mir/makefs/makefs-20100306.tar.gz) = f65bd8ef5cf3306a9112587dd4915b6255e479fe
This version pulls in NetBSD® changes (Acorn Archimedes support, for one), but I’ve also coded support for boot-info-table (J�rg compatible), as well as setting the PVD dates (used by GNU GRUB 2 for “UUID”s).

On MirBSD, cdio(1) can now be used to burn (TAO) and blank (quick) CD-RW media (I backported some OpenBSD changes) too.

RCBD #2

04.03.2010 by tg@
Tags: debian

My ex-AM now sort-of mentor Zack asked for help of an Autoconf/Libtool guru with an RC bug... well, The MirPorts Framework taught benz and me, under consumption of a bottle of wine, how to deal with that stuff. So I've fixed #559822 (CVE-2009-3736, another of them...) and NMU'd.

Sort of a PITA, considering gettextize runs interactively, and there's a lot of files to remove in debian/rules:clean for a double-build to not add nonsensical files to the .diff.gz; but I did it in the end.

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

MirOS Logo