sorted by: recent | see :
popular
Content Tagged Gentoo
Davide Italiano: Updates from Gentoo/Freebsd world
So, seeing that noone recently talked about g/fbsd related things, I decided to write a post by myself.
First of all, some people asked me if the project is dead. I want to answer that the project is still alive even if you did not hear about it recenlty. People like Javier ( The_Paya ) or Alexis ( aballier ) are doing an huge work to port g/fbsd to 7.0. I’m currently writing some documentation + testing some packages ( most of them have been keyworded recently ). IMHO one of the main problem is that those people aren’t prone to write about progresses of their work, so seems that g/fbsd have fallen in a black hole and it it’ve been so far from being discussed from community. This _doesn’t_ mean that the project is dead. Again, the project is _still_ alive.
Maybe you’re wondering: “why so slow?” [referring to releases, testing, commits, keywording, etc..] the team is actually waiting on some key bugs to get into portage fixed before adding the 7.0 ebuilds and profile to portage. One on gcc, which is just waiting for another revbump of 4.3.1 I think, (#192403, actually waiting on vapier) and another one for automake/libtool on the eclasses auto patching for elibtoolize (#196728, this one is waiting on both vapier and flameeyes >.<). With these fixes “in” a lot of things that do not work out of the box will do, so it will be much easier to make a decent upgrade path from 6.x to 7.0 (which is currently almost impossible without breaking your system).
See you soon w/ new updates.
dav
Jeremy Olexa: Gentoo Prefix: PORTAGE_TMPDIR on NFS solution.
Gentoo Prefix allows you to place a “prefixed environment” wherever you would like. So, if you want to be able to access your prefix on a NFS network it would make sense to put the prefix in /home for example. I don’t have any solid numbers but I can imagine that the IO for the nfs server is pretty high when emerging. I would rather not suffer the penalties of compile on NFS but also I WOULD like to access PORTAGE_TMPDIR from any host. For the longest time, I was trying to think of a solution for this, that is..to not compile on a NFS share but also be able to see/access PORTAGE_TMPDIR no matter what host I am on in the network. This is a tricky situation that can be solved by setting PORTAGE_TMPDIR to another NFS mount which just happens to reside on the local machine!
I like it!!
My solution is to symlink $EPREFIX/var/tmp to the other NFS mount on the localhost. In my case, /net/$(hostname)/public/tmp.
UPDATE: The above ’solution’ isn’t that great. It resulted in a total time increase of about 12%. However, making the symlink point to the local hard drive resulted in a total time decrease of about 31%. (on emerge -e system) Therefore, my latest recommendation is to create the symlink as described originally and override it with PORTAGE_TMPDIR set to the local path.
Steve Dibb: finally rebuilding
I’ve put this off for a long time, but I’m finally rebuilding my desktop from scratch. Actually, my one at work, too. Today is a state holiday here in Utah, and it’s great taking a day off in the middle of the week. I honestly have no idea what time it even is right now.
Anyway, at home my box is a dual-core AMD Athlon64 something or other. I’ve stopped building boxes a while ago after realizing that while it may be only around $300 to get started, it ends up costing another $400 for all the stuff I really wanna get on there, like a decent video card and quiet power supply, so this has been my box for a while. In fact, I’m running the exact same motherboard in my media server as well. It’s actually really nice knowing that I can swap hardware between the two boxes in a pinch (which has already happened) without worrying about the specs.
This box has been doing great, and I really don’t use it for much more than just surfing the web, writing email and of course Gentoo development. I’ve had problems on and off with XFCE and X. Exiting out would kill all input, and I could never figure out the cause. It wouldn’t matter which video driver or video card I used, so I just worked around it — I’d switch to the shell if I wanted to kill X, instead of just logging out, etc. But, one thing I sorely miss is using tuxonice, so today I finally decided to take the plunge and scratch it all.
It has been a long time coming, too. I can’t even remember the last time I installed the system on here. Generally speaking, I usually reinstall anyway just to clear out cruft and what not about every 18 months or so. It’s also a good way to keep me on my toes with new installs — my biggest problem is *still* forgetting to change my root password from a fresh stage3 install.
I’ve gotten pretty far, as I’m writing this in Seamonkey right now, and I started this morning. I’ve already been going through the list of stuff I had installed and it’s amazing how many applications I try out and then completely forget about. I’m actually excited to try out the new jobs and resume options in portage, see how that changes things around.
Actually, the thing that kicked off the reinstall at home was that I finally broke down and decided to do my one at work, first. The box is also a dual-core 64-bit machine, but it’s an Intel Pentium D. Now, for some reason, I have *never* had much luck with any of the Intel boxes. I always have some stupid problem where they just end up unresponsive for some reason that I’ve never had on the AMD boxes. I’ve never been able to pin it down, and so I’ve been methodically getting rid of any Intel-based boxes I have around.
This one at work is particularly painful though, though it’s mostly my fault. It’s only got 512 megs of RAM in there which is the obvious bottleneck in today’s modern desktop scenario — especially for a Linux workstation like mine where running a dozen applications all at once is the norm. At first I tried to resist doing anything about it so I changed my CFLAGS to -Os to save on memory (which I probably should have done in the first place), and while that helped, everything of course slowed down by a huge magnitude. Still, at least I wasn’t having jerkiness — it just took everything twice as long to load and save.
I finally broke down this week and shelled out $50 to buy 2 gigs of RAM for the machine. I haven’t been watching computer prices at all recently, so I was quite surprised by how cheap it was. In fact, I’m tempted to put more in my box at home. I’m sure that’ll fix things up alright. In the meantime, it’s reinstalling right now, chugging along, and seeming to do fine. I think I needed my head cleared of all the crap more than that box did, really. Sometimes, even though we technically don’t need to reinstall, it’s just a good mental relief knowing that you’ve done everything you can to make things run better. That’s a hard belief to argue against.
One thing I also did on my box at home is I finally switched over to ~amd64. I’m running unstable, which may not seem that big of a deal, but my policy over the last six years or so of using Gentoo, on my desktop at least, was to use the stable tree. Slowly, though, one by one, on all my other boxes, I’d switch them over to unstable and just run that tree, and I found that more often than not, it runs just fine without a hitch. I first switched over with my myth box, when I realized that my package.keywords file was longer than my arm — if there was one thing I always wanted the very latest bleeding edge code of, it was all the bugfixes and improvements for the multimedia software. The myth box is an obvious choice, and even then, you get it to a working point and then just leave it alone for an eternity. Those last two sentences just contradicted each other, I realize, but anyway, the point was — well, I forget.
Ooh, this –jobs option is pretty cool. Good work, Zack. 
Gentoo rocks, what more can I say. After all this time, I’m still a fan.
Jeremy Olexa: Gentoo: Portage’s new --jobs feature
Yesterday, zmedico wrote about building multiple packages in parallel with Portage-2.2_rc2. In Gentoo Prefix, we had a sneak peak to this feature, so I have had some time to play with it on my dual-quad core box. Some timing results that you may like:
emerge -e system (excluding sys-devel/gcc)
As a baseline:
With --jobs=1 and MAKEOPTS=16, load-average=9:
real 77m54.290s
user 41m46.086s
sys 29m14.598s
Because I was skeptical of what --jobs could really do, I decided to start with small number of parallel jobs:
With --jobs=3, MAKEOPTS=16, load-average=9:
real 61m30.181s
user 42m23.398s
sys 32m32.009s
While that was running, I noticed a very significant amount of time where my cores were idle, thanks to the handy little xfce-extra/xfce4-cpugraph widget. So, I turned --jobs up again:
With --jobs=5, MAKEOPTS=16, load-average=9:
real 58m5.388s
user 42m35.721s
sys 34m46.950s
Meh, not much improvement there. Surprising, but I suspect that I may be reaching the limits of the parallelization (dependencies, etc).
With --jobs=10, MAKEOPTS=16, load-average=9:
real 58m9.824s
user 42m43.525s
sys 37m57.234s
(And actually, a quick visual scan showed load averages staying below 4. Only a few times did I see the average above 8 )
Relying solely on load-average to keep my system usable:
With --jobs=40, MAKEOPTS=40 load-average=15:
real 58m45.106s
user 43m15.129s
sys 40m47.949s
The highest load average I visually saw was 23. But my load average was mostly always greater than 4, so this means that my procs are obviously getting used more but I must have hit another bottleneck.
NOTES:
-emerge -pe system was preformed before each time trial to assume the depgraph was in cache.
-84 packages total
-no ccache/distcc running
Conclusion: 20 minutes? ~30% speedup. Wow. Good! Quite significant even. Assuming you have cores/procs to spare, go ahead and crank up those --jobs. It is nice to be able to make the ./configure step not be the bottleneck anymore. 
I will keep testing and see if I can get the time down even farther (although, unlikely based on the last time trial).
Test requests? Please leave a comment.
Davide Italiano: Hello world
I decided to move to wordpress. Thanks to beandog that suggested me the right way to seek 
Zack Medico: Portage now supports building multiple packages in parallel
In >=portage-2.2_rc2 there are a few new emerge options that many Gentoo users will probably be interested in:
--jobs JOBS Specifies the number of packages to build simultaneously. Also see the related --load-average option. --keep-going Continue as much as possible after an error. When an error occurs, dependencies are recalculated for remaining packages and any with unsatisfied dependencies are automatically dropped. Also see the related --skipfirst option. --load-average LOAD Specifies that no new builds should be started if there are other builds running and the load average is at least LOAD (a floating-point number). This option is recommended for use in combination with --jobs in order to avoid excess load. See make(1) for information about analogous options that should be configured via MAKEOPTS in make.conf(5).
Here is some sample parallel build output from a catalyst stage2 build, with emerge's new --jobs option enabled:
>>> Building (1 of 10) sys-devel/gettext-0.17 for / >>> Building (2 of 10) sys-libs/zlib-1.2.3-r1 for / >>> Building (3 of 10) virtual/libintl-0 for / >>> Building (4 of 10) dev-util/unifdef-1.20 for / >>> Installing virtual/libintl-0 to / >>> Installing dev-util/unifdef-1.20 to / >>> Building (5 of 10) sys-kernel/linux-headers-2.6.23-r3 for / >>> Installing sys-libs/zlib-1.2.3-r1 to / >>> Jobs: 3 of 10 complete, 2 running Load avg: 3.44, 1.46, 0.69
Robert Buchholz: OpenSSH 5.1 and ASCII Art Fingerprints
OpenSSH 5.1 is out, and besides a Security issue that does not affect Linux or the BSDs, it includes a new feature labelled VisualHostKey, aka SSH Fingerprint ASCII Visualisation. Using an idea proposed in the 1999 paper Hash visualization: A new technique to improve real-world security by Perrig and Song, an image with 18×9 resolution is generated from the fingerprint of the SSH server, and is displayed to the client.
Since the feature is experimental, and the algorithm to generate the image should not be considered final yet, display is disabled by default. You can see a test-run in the screen capture, and a (just for fun) list of images of my known hosts. I wonder how long it takes to remember that face… doesn’t it look like bit like Marge Simpson?
Now why all this, you are asking?
It is deemed that images are easier to compare and remember than the usual 32 hex digits, and I believe everyone has to judge by him/herself if that is true. How many of those SSH/OTR/SSL… fingerprint digits do you check*? All of them? Any, at all? Where did you derive your latest Firefox SSL CA certificates from? At a time where I cannot trust my provider to run a secure DNS server, verifying the authenticity of either the other side of communication, or the data in transit is most crucial. Let’s finally get that Tree Signing going!
* If you only check the first 4 digits, and the last 2 — you are riding on a 24 bit fingerprint.
Diego Pettenò: The odyssey of preserved-libs feature
After my previous post about preserved-libs feature, I was asked by many users if I was against this feature because it incremented the usability of Gentoo. I sincerely think I shown before that I don’t want Gentoo to remain for elitists, and thus I won’t be going to say nay to anything to make stuff easier to the users.
On the other hand, I want to make sure that users, excited about being able to upgrade stuff without breaking their system, won’t break it even further. For this reason I want to warn again users against trying the unstable Portage version (2.2) on their stable systems just yet.
Thanks to Zac and Marius, the problem I’m going to talk about is already being taken care of, so it won’t appear once 2.2 final will arrive. So why am I writing about this anyway? Well the reason is actually quite simple: future memory.
On the topic of linking, loaders, ELF files and all the things related, there isn’t a lot of documentation that is available to newcomers. Most of it is very technical and requires good knowledge of many concepts to be useful. I only know of a book that goes in deep of this, Rob Levine’s Linkers and Loaders is probably the most interesting reading on the subject ,as far as I can see. Unfortunately I haven’t tried converting the downloadable version in LRF to load it on the EBook Reader and I haven’t got the printed copy. I should probably get that too, as a reference, I’m just afraid that all the hardcopies I have here will remain at my parents’ house once I move out.
Okay, let’s return back on topic now. What is the problem I found today with preserved-libs? Well as I updated to Xorg 1.5 pre-releases to check if my RandR problems were fixed (by the way, they are), there was a libGL update. I also took the time to switch back to gcc 4.2 for a short time as I wanted to rebuild VirtualBox without ALSA support (whenever I can I’m using PulseAudio), and I could also rebuild xmlrpc-c (the reason why I couldn’t build this with GCC 4.3 is good for a different entry one day). After these builds, Portage told me this:
!!! existing preserved libs:
>>> package: media-libs/mesa-7.1_rc3
* - /usr/lib64/libGLU.so.1.3
* - /usr/lib64/libGLU.so.1.3.070003
>>> package: dev-libs/xmlrpc-c-1.06.27
* - /usr/lib64/libxmlrpc.so.3.6.4I was surprised because I know libGLU rarely changes interface, and I didn’t think xmlrpc-c would have either. And indeed a quick scanelf run over the files confirmed my ideas:
flame@enterprise ~ % scanelf -S /usr/lib64/libGLU.so*
TYPE SONAME FILE
ET_DYN libGLU.so.1 /usr/lib64/libGLU.so
ET_DYN libGLU.so.1 /usr/lib64/libGLU.so.1
ET_DYN libGLU.so.1 /usr/lib64/libGLU.so.1.3
ET_DYN libGLU.so.1 /usr/lib64/libGLU.so.1.3.070003
ET_DYN libGLU.so.1 /usr/lib64/libGLU.so.1.3.070100
flame@enterprise ~ % scanelf -S /usr/lib64/libxmlrpc.so*
TYPE SONAME FILE
ET_DYN libxmlrpc.so.3 /usr/lib64/libxmlrpc.so
ET_DYN libxmlrpc.so.3 /usr/lib64/libxmlrpc.so.3
ET_DYN libxmlrpc.so.3 /usr/lib64/libxmlrpc.so.3.6.15
ET_DYN libxmlrpc.so.3 /usr/lib64/libxmlrpc.so.3.6.4 As you can see the soname for both the versions of libGLU and both the versions of libxmlrpc is the same. So there is no ABI break, and no good reason for the file to disappear, right?
Indeed if we focus solely on the xmlrpc-c case, the result of preserved-libs actions is that there is now an orphaned unused and unusable shared object:
flame@enterprise ~ % ls -l /usr/lib64/libxmlrpc.so*
lrwxrwxrwx 1 root root 19 2008-07-22 18:04 /usr/lib64/libxmlrpc.so -> libxmlrpc.so.3.6.15
lrwxrwxrwx 1 root root 19 2008-07-22 18:04 /usr/lib64/libxmlrpc.so.3 -> libxmlrpc.so.3.6.15
-rwxr-xr-x 1 root root 56864 2008-07-22 18:04 /usr/lib64/libxmlrpc.so.3.6.15
-rwxr-xr-x 1 root root 56368 2008-02-23 13:36 /usr/lib64/libxmlrpc.so.3.6.4Let’s see, ld.so (the runtime linker) will look for a library with, as filename, the soname listed in a program’s NEEDED entry in the dynamic seciton of the ELF file. In this case, the soname of libxmlrpc is libxmlrpc.so.3 so that’s what the linker will look for. On my system, that filename is linked to the 3.6.15 version, so the runtime linker will always load the new version of libxmlrpc. The build-time linker (ld) looks instead for the filename with the simple .so prefix (or .a for static libraries). That one is also pointing to 3.6.15.
So who is using the 3.6.4 version that Portage preserved? Well, the only way to use it is to dlopen() it directly and accessing it that way. Which, if anything would be doing that, would be craziness, to the point that I’d rather not see such a software in my system at all. The other option is for an ELF file to have a tweaked NEEDED entry that points explicitly to the full version, but I can tell you I have none of those.
So for now I’ll simply remove the two files, and get rid of the problem. But as you can see, it’s too soon to expect preserve-libs to work out of the box in a perfect manner.
Anyway, Marius, Zac, please keep up with the good work, it’s really needed :) Thanks guys!
Diego Pettenò: Shadow casting
For those of you who’d like to follow Google Summer of Code progress (I’d very much like to have the blogs of the student available on Universe by the way), today (or rather yesterday) can be counted in as a very important date :)
Seraphim prepared a patch for shadow (the package containing all the basic utilities for users management in Linux) to work with OpenPAM, rather than depending strictly on Linux-PAM. I committed it in tree now for 4.1.2.1 and upstream applied it to trunk already, so now it can be built even when using OpenPAM rather than Linux-PAM. Cool, eh?
This patch (and the related bug) are important not only because they fix a very important part of the functionality of a Linux system with OpenPAM, but also because it will act as a base reference to fix other software to use OpenPAM too.
Indeed, one of the most obnoxious problems with OpenPAM is that a lot of packages instead of writing their own conversation functions rely on misc_conv. Seraphim prepared a patch that can be applied to almost any other package relying on that to make it OpenPAM-compatible. It’s very good.
Unfortunately, as Seraphim also blogged there is one catch with being able to provide OpenPAM support, especially for the future. The problem is that although mostly API compatible, OpenPAM and Linux-PAM are not ABI compatible. Although in a very subtle way, because, as Seraphim learnt, you can have a system built against Linux-PAM run against OpenPAM just fine, up to a point.
The problem is that ABI does not only refer to the name of the functions, or the type of their parameters, but also to the meaning of flag values. In this case, Linux-PAM and OpenPAM give different flags different meanings, so modules built against OpenPAM will not work properly with software built against Linux-PAM.
This is going to be tricky, especially once we’ll allow users to switch from one to the other and vice-versa, because it means all the software will have to be rebuilt to continue functioning as it’s supposed to. And no preserved-rebuild will help us there.
Oh well, there’s time to think of that!
Daniel Drake: Fedora/RPM packaging
Since starting at One Laptop per Child I have been doing some distro work on the OS platform for the XO laptop. The platform is based on Fedora 7 and I have been working on rebasing us onto Fedora 9 for the next release.
Having very little distribution experience outside of developing Gentoo for the last few years, I’ve found some aspects of Fedora’s binary package (RPM) workflow particularly interesting:
- Automatically detected dependencies: In Gentoo ebuilds, we have to state that package A depends on library B. In Fedora, when building the binary package, the build tools determine many runtime dependencies automatically so there is no need for developers to manually list all dependencies in spec files.
- Chroot build environments: All packages are built in an otherwise-empty chroot. The build system creates a chroot, quickly installs all of the base binary packages and the build dependencies, then builds/installs a package, produces a package, and throws the chroot away. This allows for predictable build environments and is good for QA.
- Community access to the build box: All packages are built by Koji. Koji has a nice “scratch-build” system where you can throw a source RPM at it, and it will build it and serve it back to you on a webpage a few minutes later. Great for build testing and handy if you don’t have a complete build environment locally. The scratch-build service is open to non-developers assuming they have been through the click-through contributor agreement.
- Subpackages: It’s pretty neat how one spec file (equivalent to an ebuild in some ways - textual build scripts) can actually produce several packages. Your spec file takes one upstream tarball, unpacks/compiles/installs it, and then specifies which of the installed files belong to which subpackage.
Naturally, there are some drawbacks too:
- Build dependencies: Even though many runtime dependencies are automatically detected, you still need to specify the components required for compilation. Remember, each package is built in a clean chroot. You end up having to specify most of the dependencies anyway (although it is still convenient in that you do not have to specify which subpackage has which dependencies - that is determined automatically).
- No build customisation: OLPC have to fork a few packages which have wacky dependency chains, just to disable support for a certain feature or whatever. Forking away from upstream is undesirable but sometimes necessary. For example, we had to disable libgnome support in GNOME’s Python bindings to avoid libgnome being pulled into the build. libgnome was pulling in the following packages: audiofile bluecurve-icon-theme control-center-filesystem esound-libs fedora-gnome-theme fedora-icon-theme fedora-logos gail gnome-icon-theme gnome-keyring gnome-themes gtk-nodoka-engine libart_lgpl libbonoboui libgnomecanvas libgnomeui libutempter metacity nodoka-metacity-theme pyorbit. Ouch.
- Convolution/confusion of build tools: To build a package, you can use rpmbuild to do it on your live system, or you can use mock to do the clean chroot thing I described above. Or you can use koji’s command-line client to upload it to koji. Not everything can be done through koji/mock, e.g. you still need to use rpmbuild to build OLPC’s kernel. Also, rpmbuild is the only tool that can build a source RPM, I think.
I’ve also been impressed by the Fedora development community. The community recently made the realisation that OLPC is Fedora’s biggest deployment (over 400,000 XO laptops worldwide, 55,000 more built and distributed each month, 100% of them running Fedora). Greg Dekoenigsberg recently announced the Fedora OLPC special interest group which sounds promising.