My Free Software Activities in August 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • Really good news this month as Yavor Doganov provided patches for  gamazons (#885735), gnomekiss (#885740) and teg (#885751) which all depended on obsolete GNOME 2 libraries. He succeeded in porting them to GooCanvas and GNOME 3. We are currently aware of some issues in Teg (#907834) and would appreciate more feedback from game testers. In any case this was a non-trivial feat and many thanks go to Yavor who prevented the removal of three games from Debian.
  • I applied a patch from Adrian Bunk which made FreeOrion (#906746) more portable and packaged the latest and greatest release 0.4.8 later.
  • I fixed a broken start script in FreeCol due to OpenJDK 10 changes. (#907661)
  • The Spring RTS engine was affected by a GCC-8 RC bug. (#906409)
  • I backported FreeCiv 2.6.0 to Stretch.
  • I updated some games to the latest standards in Debian, made some minor changes and applied patches to fix FTCBFS bugs or build failures due to a missing libm library. Those issues were solved in tenmado, supertransball2 (#902537), seahorse-adventures, empire (#900197), phlipple (#907207) and ace-of-penguins (#900200).
  • I sponsored mupen64plus-qt for Dan Hastings.

Debian Java

Misc

Debian LTS

This was my thirtieth month as a paid contributor and I have been paid to work 23,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 13.08.2018 until 19.08.2018 and from 27.08.2018 until 02.09.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in intel-microcode, bind9, confuse, libykneomgr, mp4v2, gdm3, wesnoth-1.10, ruby-zip, otrs2, mathjax, mono, tcpflow, bluez, openssh, mariadb-10.0, tomcat-native, wordpress, thunderbird, spice, spice-gtk, libextractor, postgresql-9.1, libcgroup, zutils, soundtouch, squirrelmail, git-annex, ghostscript, libpgjava, elfutils, libpodofo, libtirpc, libxkbcommon, libtasn1-6, cinder, 389-ds-base, wireshark, php5, libzypp, imagemagick, kfreebsd-10, tiff, discount and polarssl.
  • DLA-1467-1.  Issued a security update for ruby-zip fixing 1 CVE.
  • I worked on gdm3 to fix CVE-2018-14424.  I backported the patch to Jessie but could still trigger a session restart with the POC. Since there is no crash and the session is completely restored, we believe now that this is the intended behavior.  I also tried to contact Chris Coulson, the original bug reporter, for further advice but have not received a reply yet. If we don’t discover another issue we will release a DLA for gdm3 in September.
  • DLA-1472-1. Issued a security update for libcgroup fixing 1 CVE.
  • DLA-1473-1. Issued a security update for otrs2 fixing 1 CVE.
  • DLA-1482-1. Issued a security update for libx11 fixing 3 CVE.
  • DLA-1475-1. Issued a security update for tomcat-native fixing 2 CVE.
  • I am still working on a security update for ghostscript. I have already backported the majority of patches to Jessie to fix a serious sandboxing issue with the -dSAFER mode.  More patches are required to fix the problem and only yesterday more CVE were assigned to them.

ELTS

Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my third month and I have been paid to work 12  hours on ELTS.

  • I was in charge of our ELTS frontdesk from 13.08.2018 until 19.08.2018 and I triaged CVE in intel-microcode, azureus, gdm3, couchdb, lxc, squirrelmail, wordpress, wpa, xen, tomcat7, firmware-nonfree, postgresql-9.1, apache2, bluez, dojo, libcommons-compress-java, spice, spice-gtk, tomcat-native, libcgroup, libx11 and samba.
  • ELA-21-1. Issued a security update for openssl fixing 1 CVE.
  • ELA-27-1. Issued a security update for tomcat7 fixing 1 CVE.
  • ELA-28-1. Issued a security update for tomcat-native fixing 2 CVE.
  • ELA-20-2. Issued a regression update for busybox.
  • ELA-29-1. Issued a security update for postgresql-9.1 fixing 1 CVE.
  • ELA-30-1. Issued a security update for libx11 fixing 3 CVE.

Thanks for reading and see you next time.

wiki.debian.org: The Java Packaging Guide

The Java Mascot

Good things come to those who wait. I always wanted to improve our Java Packaging documentation a little. When I started to contribute to Debian Java in 2012,  I often struggled to find the right information and examples that would explain how I could package my own libraries or applications for Debian. After six years of trial and error and helpful advice on the debian-java mailing list, I figured it would be time to document this journey.

At DebConf 2018 in Hsinchu I began to work on updating the wiki documentation. The current status of this work will always be visible at:

https://wiki.debian.org/Java/Packaging

My basic idea was to explain packaging by examples. I didn’t assume that everyone was already familiar with the Java basics and more often than not people end up packaging Java software because it is part of their job or an application supports more than one programming language. Otherwise it is a book of seven seals.

The first thing to know  is that Java compiles to bytecode, so that *.java source files become *.class files. Those files are usually packed together in a zip-based archive, et voila now we have *.jar files. To compile your source code into bytecode you need the Java Virtual Machine  provided by OpenJDK. Learn what the CLASSPATH and a MANIFEST file is and you are good to go. This is what the Java Packaging 101 is all about.

If you grok the basics you will easily understand the next section: NoBuildSystem

Despite the fact that some upstream projects come without a proper build system, they are often very simple to compile. Instead of one or two source files, you just have to compile dozens in one single directory. We have a Java helper tool called….Javahelper that does exactly that for you.  A good start is to read the docs at /usr/share/doc/javahelper/tutorial.txt.gz also replicated here.

Of course the Java world has invented the most powerful build systems in existence that are even able to bend light and can throw galaxies around.  Let’s welcome Ant, Maven and Gradle. Everything else is irrelevant but don’t trust me.

If you can choose we recommend to either use Ant or Maven. Gradle is packaged for Debian but is more difficult to tame because every upstream project looks different. On the contrary Maven follows conventions and every project looks very similar.

Last but not least there is also a Java Packaging FAQ.

Shouldn’t there be more examples and much more information? I’d love that. Please help us to improve the documentation. If you think there is currently something missing, please contact us at debian-java@lists.debian.org or just update the documentation. It’s a Wiki!

My Free Software Activities in July 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

DebConf18 in Hsinchu/Taiwan

  • This year the annual Debian Conference took place in the city of Hsinchu/Taiwan. I was there from the 26th of July to the 6th of August. I enjoyed almost two weeks of hacking and talks and met more than a few nice people. I gave an updated talk about the current status of Debian Games and started a project to improve our Java packaging documentation (more about that in the next blog post).
  • DebConf18 wasn’t all about talking. I actually got some work done. I started with wbar (RC #897885) and lwjgl (RC #893302). I hope we still don’t need OpenJDK 8 in buster for building packages but I don’t think it would be the end of the world as long as we can avoid a runtime dependency. However it is clear that this only prolongs the inevitable. In libpdfbox2-java I could close (#899183) after I made sure that the last update corrected the problem.  In the same vein I triaged an RC bug in asc after it became clear that asc was not affected by the GCC-8 transition.
  • I had a go at libjide-oss-java (RC, #897491). So basically the package won’t compile with OpenJDK 10 and later anymore because it depends on classes that were removed from the JDK. Fortunately for us they were only Windows-specific, so I could just remove the non-building classes. I hope there will be a better upstream solution in the future.
  • I sponsored updates for cutemaze, connectagram and tanglet for Innocent de Marchi.
  • I packaged new upstream releases of several games and Java packages too and also released an update of debian-games, a Blend and collection of metapackages. New versions this month: libokhttp-java, okio, blockattack, peg-e, hexalate, robocode, freeorion, hyperrogue and freeciv.
  • I released a small bug fix release for marsshooter and hopefully made some KDE users happy.
  • Thanks to Reiner Herrmann love and mrrescue are up-to-date again and free of RC bugs!
  • I NMUed bomberclone and fixed/worked around a simple RC bug.
  • Some guys talked me into maintaining https-everywhere, ublock-origin and privacybadger. 😉
  • One of the best aspects of any conference is that you can just talk to someone who sits at the same table as you if you want to solve a problem. Together with Andreas Tille I could finally solve a packaging issue in pilon, which uses Scala. It would still be nice to have a working sbt build tool in Debian though.
  • What can you say about Taiwan? I was impressed by the friendly people at the airport and railway stations who guided you along the way to Hsinchu and helped you out in case you struggled for directions.  I have also learned on our day trip that you can just enter a police station to refill your water bottles. Those cold water producing machines are absolute  lifesavers. Although I could only visit a small part of Taiwan and see Hsinchu and Taipei, I hope there will be a next time. Aah, and the weather was warm and humid. A bit too humid for my taste perhaps but I got used to it. Looking forward how it feels in spring or autumn. A big thanks goes out to all the people who organized and sponsored this DebConf. It was more than a pleasure.

Debian Java

Debian Games

  • Most exciting things happened at DebConf18 but before that I sponsored a new simutrans version, prepared by Jörg Frings-Fürst. Enjoy.

Debian LTS

This was my twenty-ninth month as a paid contributor and I have been paid to work 30 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 09.07.2018 until 15.07.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in mailman, ruby-sprockets, beep, audiofile, gpac, libarchive-zip-perl, libgit2, znc, ant, ceph, xapian-core, wine, radare2, policykit-1 and taglib.
  • DLA-1440-1. Issued a security update for libarchive-zip-perl fixing 1 CVE.
  • DLA-1441-1. Issued a security update for sympa fixing 1 CVE.
  • DLA-1442-1. Issued a security update for mailman fixing 2 CVE. (also DLA-1442-2)
  • DLA-1445-1. Issued a security update for busybox fixing 10 CVE. Two regressions were discovered later and addressed in DLA-1445-2 and DLA-1445-3.
  • DLA-1446-1. Issued a security update for intel-microcode fixing 2 CVE.
  • DLA-1449-1. Issued a security update for openssl fixing 2 CVE.
  • DLA-1452-1. Issued a security update for wordpress fixing 2 CVE.
  • DLA-1453-1. Issued a security update for tomcat7 fixing 1 CVE.
  • DLA-1465-1. Issued a security update for blender fixing 21 CVE.

ELTS

Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my second month and I have been paid to work 11.75  hours on ELTS.

  • ELA-16-1. Issued a security update for tiff fixing 1 CVE.
  • ELA-17-1. Issued a security update for linux 3.16 fixing 13 CVE.
  • ELA-18-1. Issued a security update for intel-microcode fixing 3 CVE.
  • ELA-19-1. Issued a security update for tiff3 fixing 2 CVE.
  • ELA-20-1. Issued a security update for busybox fixing 10 CVE.
  • I investigated open issues in apache2 and found out that it was not affected by CVE-2018-1333 and CVE-2018-8011.
  • I was in charge of our ELTS frontdesk from 09.07.2018 until 15.07.2018 and triaged further CVE in audiofile, libsndfile, curl, couchdb, policykit-1, bouncycastle and cups.

Thanks for reading and see you next time.

My Free Software Activities in June 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • I advocated Phil Morrell to become Debian Maintainer with whom I have previously worked together on corsix-th. This month I sponsored his updates for scorched3d and the new play.it package, an installer for drm-free commercial games. Play.it is basically a collection of shell scripts that create a wrapper around games from gog.com or Steam and put them into a Debian package which is then seamlessly integrated into the user’s system.  Similar software are game-data-packager, playonlinux or lutris (not yet in Debian).
  • I packaged new upstream releases of blockattack, renpy, atomix and minetest, and also backported Minetest version 0.4.17.1 to Stretch later on.
  • I uploaded RC bug fixes from Peter de Wachter for torus-trooper, tumiki-fighters and val-and-rick and moved the packages to Git.
  • I tackled an RC bug (#897548) in yabause, a Saturn emulator.
  • I sponsored connectagram, cutemaze and tanglet updates for Innocent de Marchi.
  • Last but not least I refreshed the packaging of trophy and sauerbraten which had not seen any updates for the last couple of years.

Debian Java

  • I packaged a new upstream release of activemq and could later address #901366 thanks to a bug report by Chris Donoghue.
  • I also packaged upstream releases of bouncycastle, libpdfbox-java, libpdfbox2-java because of reported security vulnerabilities.
  • I investigated and fixed RC bugs in openjpa (#901045), osgi-foundation-ee (#893382) and ditaa (#897494, Java 10 related).
  • A snakeyaml update introduced a regression in apktool (#902666) which was only visible at runtime. Once known I could fix it.
  •   I worked on Netbeans again. It can be built from source now but there is still a runtime error (#891957) that prevents users from starting the application. The current plan is to package the latest release candidate of Netbeans 9 and move forward.

Debian LTS

This was my twenty-eight month as a paid contributor and I have been paid to work 23,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 18.06.2018 until 24.06.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in jasperreports, 389-ds-base, asterisk, lava-server, libidn, php-horde-image, tomcat8, thunderbird, glusterfs, ansible, mercurial, php5, jquery, redis, redmine, libspring-java, php-horde-crypt, mupdf, binutils, jetty9 and libpdfbox-java.
  • DSA-4221-1. Issued a security update for libvncserver fixing 1 CVE.
  • DLA-1398-1. Issued a security update for php-horde-crypt fixing 2 CVE.
  • DLA-1399-1. Issued a security update for ruby-passenger fixing 2 CVE.
  • DLA-1411-1. Issued a security update for tiff fixing 5 CVE.
  • DLA-1410-1. Issued a security update for python-pysaml fixing 2 CVE.
  • DLA-1418-1. Issued a security update for bouncycastle fixing 7 CVE.

ELTS

Extended Long Term Support (ELTS) is a new project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my first month and I have been paid to work 7 hours on ELTS.

  • ELA-1-1. Issued a security update for Git fixing 1 CVE.
  • ELA-8-1. Issued a security update for ruby-passenger fixing 1 CVE.
  • ELA-14-1. Backported the Linux 3.16 kernel from Jessie to Wheezy. This update also included backports of initramfs-tools and the linux-latest source package. The new kernel is available for amd64 and i386 architectures.

Misc

  • I prepared security updates for libvncserver (Stretch, DSA-4221-1) and Sid) and bouncycastle (Stretch, DSA-4233-1)

Thanks for reading and see you next time.

FreeBSD: Installation mit Bildern kurz erklärt

Seit mindestens drei Jahren benutze ich neben Debian nun auch FreeBSD, nachdem es schon eine ganze Weile auf meiner TODO-Liste mit Betriebssystemen abseits von Linux gestanden hatte. Hiermit starte ich eine kleine Serie von Artikeln zu FreeBSD. Den Anfang macht die Installation.

Wer gerade keinen Ersatzrechner parat hat, um ein neues Betriebssystem auszuprobieren, dem empfehle ich FreeBSD in einer virtuellen Maschine zu installieren. Hierzu eignet sich z.B. ausgezeichnet QEMU/KVM, was sich mit virt-manager bequem via graphischer Oberfläche administrieren lässt.

VirtManager

Man kann zwischen verschiedenen Installationsmedien wählen. Ich habe mich für FreeBSD 11 und  AMD64 als Architektur entschieden.  Das minimale Image heißt zur Zeit FreeBSD-11.1-RELEASE-amd64-bootonly.iso. Es beinhaltet alle notwendigen Dateien, setzt jedoch eine funktionierende Netzwerkverbindung voraus. In virt-manager muss man danach nur noch eine neue virtuelle Maschine erstellen und das lokale Installationsmedium (hier eine ISO-Datei) auswählen. Als Speicher genügen 1024 MB RAM vollkommen. Ich habe mich noch für zwei virtuelle CPUs und eine kleine 3 GB Festplatte entschieden, danach kann man auch schon loslegen.

Der gesamte Installationsvorgang ist ausführlich im offiziellen FreeBSD-Handbuch beschrieben mit einer Anleitung in Deutsch oder Englisch. An dieser Stelle möchte ich deswegen nur noch auf einige Besonderheiten von FreeBSD und aus meiner Sicht erwähnenswerte Einstellungen eingehen. Die Installation gestaltet sich ähnlich wie bei Debian, wobei man erwähnen sollte, dass es keine Übersetzungen gibt und man zumindest eine grobe Ahnung der englischen Sprache haben muss. Das deutsche FreeBSD-Handbuch hilft hier jedoch weiter.

FreeBSD-Installation_1

Im Willkommenmenü bestätigt man Option 1 mit der Enter-Taste und mit einem weiteren Enter den Installationsbeginn. Interessant wird es direkt danach, wenn man die Tastaturbelegung auswählen muss. Die meisten Leser werden sich hier für German ISO-8859-15 entscheiden, man kann diese aber auch später noch in /etc/rc.conf ändern.

Bei der Auswahl um zusätzliche Systemkomponenten zu installieren, empfehle ich nur ports auszuwählen. Jede aufgeführte Option kann später auch noch nachträglich installiert werden, jedoch bietet sich ports direkt an, weil man damit unkompliziert weitere Software direkt aus den Quellen bauen kann. Dazu in einem weiteren Beitrag später mehr.

Als nächstes geht es daran das Netzwerk zu konfigurieren. Wer seine IP automatisch via DHCP bezieht, braucht hier lediglich wieder mit Enter bestätigen und danach einen deutschen Spiegelserver auswählen, von welchem das Basissystem heruntergeladen wird. Womit wir auch schon bei der Partitionierung wären. FreeBSD ist bekannt für sein ZFS-Dateisystem, an dieser Stelle empfehle ich jedoch erst einmal die geführte Partitionierung mit dem UFS-Dateisystem zu verwenden. Letzteres lässt sich wiederum mit dem EXT-Dateisystem unter Linux vergleichen, ist für Anfänger einfacher einzurichten, braucht weniger Ressourcen und fühlt sich deswegen in virtuellen Maschinen ohne weitere Konfiguration auch performanter an. Nichtsdestotrotz ist ZFS wegen seinen zahlreichen Verwendungsmöglichkeiten und Merkmalen später auf jeden Fall einen Blick wert. Die weiteren Schritte danach einfach wieder mit Enter bestätigen. Ein Interessanter Aspekt bei der Partitionierung ist, welche Namenskonventionen FreeBSD im Gegensatz zu Linux für Partitionen verwendet. Diese werden auch als Slices bezeichnet und das Ganze liest sich dann so:

ada0s1aDie erste Partition (a) in der ersten Slice (s1) der ersten SATA-Festplatte (ada0).

Anschließend wird das Basissystem, der Kernel und die Portssammlung installiert. Man gibt das Rootpasswort an und wählt noch die Zeitzone aus, in welcher sich der Rechner befindet und schon befindet man sich bei diesem Schritt:

Hier lassen sich noch optionale Dienste/Programme installieren. SSH ist immer eine gute Wahl und unerlässlich, wenn man sich von einem entfernten Rechner verbinden will. Der Rest kann auch später noch installiert werden. Weiter gehts mit der Konfiguration einiger Sicherheitseinstellungen.

Im Prinzip ist es hier sinnvoll alles zu selektieren, wobei die ersten beiden Optionen eher bei Mehrbenutzersystemen mit mehreren lokalen Benutzern Sinn machen, jedoch bei einem Einzelrechner wie  in diesem Fall auch verwirren können. Insbesondere das Ausschalten des entfernten Loggens und das Abschalten von Sendmail sind in den allermeisten Fällen zu empfehlen. Den Sendmail-Dienst kann man bei Bedarf entweder durch eine vollwertige Lösung wie Postfix oder das extrem simple ssmtp ersetzen.

Nun ist der letzte Schritt auch schon fast erreicht. Ein normaler, unprivilegierter Benutzer muss noch angelegt werden, ein einfaches Frage- und Antwortspiel. Aufpassen sollte man aber bei: Invite user into other groups? Hier solltet ihr wheel eintragen. Eine Eigenheit von FreeBSD ist, dass kein normaler Benutzer zu Root werden kann, der nicht Mitglied dieser Gruppe ist.

Das war es auch schon. Anschließend Exit und Neustart wählen und sich in sein neues FreeBSD einloggen. Mehr zu den wichtigsten Befehlen, Konfigurationsdateien und Unterschieden zu Debian, bald hier in einem neuen Beitrag.