Planet GNU

Aggregation of development blogs from the GNU Project

November 23, 2015

Aleksander Morgado

Concurso Universitario de Software Libre 2015-2016

Long time no post!


A quick reminder for students (*) in Spain interested in participating in this year’s CUSL, the deadline for the project proposals has been extended until December 1st:

You’re still on time to submit a proposal!

* Universidad, bachiller, ciclos de grado medio…

Filed under: FreeDesktop Planet, GNOME Planet, GNU Planet, Meetings, Planets, Uncategorized

by aleksander at November 23, 2015 08:24 PM

FSF Events

Richard Stallman - "El movimiento del software libre" (Cuatitlan, Mexico)

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Lugar: Aula Magna, Edificio A7, Ave. 1° de Mayo S/N, Santa Maria las Torres, 54740 Cuautitlán Izcalli

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de la Ciudad de México.

November 23, 2015 03:45 PM

Nick Clifton

October/November GNU Toolchain Update

Hi Guys,

  Sorry for the delay beqwteen these updates.  My new job is keeping me very busy...  Anyway here are the highlights of the changes in the GNU toolchain over the last two months:

  The compiler and assembler now have support for the ARC EM/HS and ARC600/700 architectures and the Power9 variant of the PowerPC architecture.

  The GCC mainline sources are now in Stage 3 (bug fixes only) which means that a branch may be happening soon.

  The Binutils sources have branched, getting ready for a 2.26 release soon.

  GDB's record instruction-history command accepts a new modifier: /s. This behaves exactly like the /m modifier and prints mixed source + disassembly into the history.

  GDB now supports displaced stepping on AArch64 GNU/Linux.

  GCC's named address space feature has been extended to add address spaces for the x86 architecture.  Here variables may be declared as being relative to the %fs or %gs segments using the __seg_fs and __seg_gs attributes.  Alternatively if one of these segments is used for thread local storage then the __seg_tls attribute can be used access the correct segment.

  GCC's function attribute feature has been extended to support another attribute: target_clones (<options>).  This is used to specify that a function is to be cloned into multiple versions compiled with different target options than specified on the command line.  The supported options and restrictions are the same as for target attribute.
  For instance on an x86, you could compile a function with target_clones("sse4.1,avx").   It will create 2 function clones, one compiled with -msse4.1 and another with -mavx.  At the function call it will create resolver ifunc, that will dynamically call a clone suitable for current architecture.

  A new type attribute has been added to specify the endianness of the fields in a struct, union or array: scalar_storage_order ("<endianness>"). This attribute sets the storage order, aka endianness, of the scalar fields of the type to either "big-endian" or "little-endian".  The attribute has no effects on fields which are themselves a union, a struct or an array whose component is a union or a struct, and it is possible to have fields with a different scalar storage order than the enclosing type.
  Additional restrictions are enforced for types with the reverse scalar storage order with regard to the scalar storage order of the target:
    * Taking the address of a scalar field of a union or a struct with reverse scalar storage order is not permitted and will yield an error.
    * Taking the address of an array field, whose component is scalar, of a union or a struct with reverse scalar storage order is permitted but will yield a warning, unless the option  -Wno-scalar-storage-order is specified.
    * Taking the address of a union or a struct with reverse scalar storage order is permitted.
  These restrictions exist because the storage order attribute is lost when the address of a scalar or the address of an array with scalar component is taken, so storing indirectly through this address will generally not work.  The second case is nevertheless allowed to be able to perform a block copy from or to the array.

  A new warning option: -Wduplicated-cond will produce messages whenever a condition is duplicated in an if-else-if chain.  The warning is enabled with -Wall.  It will for example warn about:

    if (p->q != NULL) { ... }
    else if (p->q != NULL) { ... }

  A new option: -fkeep-static-functions will make sure that gcc will generate code for static functions that are never used.

  The block reordering optimization in gcc can now be tuned via the option: -freorder-blocks-algorithm=<simple|stc>. The default for optimization levels below -O2 (or at -Os) is the simple algorithm  which does not increase code size.  The new stc algorithm stands for "software trace cache" and it tries to put all often executed code together, minimizing the number of branches executed by making extra copies of code.

  The ARM backend supports a new option: -mlow-precision-recip-sqrt which uses two steps instead of three for double-precision reciprical square root calculations.  (It also uses one step instead of two steps for single-precision calculations).  This reduces the latency and precision of the operation.

  The x86 and x86_64 backends support a new option: -mms-bitfields This enables a bit-field layout compatible with the native Microsoft Windows compiler.   This option is enabled by default for Windows targets.

  The x86 and x86_64 backends also support the new option: -mmitigate-rop. This tries to avoid generating code sequences that contain unintended return opcodes, to mitigate against certain forms of attack.  At the moment, this option is limited in what it can do and should not be relied on to provide serious protection.

  The assembler and linker now support a configure time option to enable the automatic compression of debug sections.  This is off by default, but after the next release of the binutils, it will be switched on by default for some targets.

  The linker supports a new ARM specific command line option: --fix-stm32l4xx-629360.  This enables a link-time workaround for a bug in the bus matrix / memory controller for some of the STM32 Cortex-M4 based products (STM32L4xx).

  The objcopy program now has the ability to insert new symbols into an object file or executable.  It is controlled by the option: --add-symbol <name>=[<section>:]<value>[,<flags>].
  This adds a new symbol called <name>.  If the <section> is given, the symbol will be associated with and relative to that section, otherwise it will be an absolute symbol.  Symbol flags can be specified as well although not all flags will be meaningful for all object file formats.  The special flag before=<othersym> will insert the new symbol in front of the specified <othersym>, otherwise the symbol(s) will be added at the end of the symbol table in the order they appear.

  The MSP430 port of gas accepts a new command line option to control workarounds for various silicon errata: -msilicon-errata=<name>[,<name>...]. This option enables the specified workarounds, but does not produce any informative output for the user when it does so.  The related option: -msilicon-errata-warn=<name>[,<name>...] can be used to produce warning messages whenever a situation where a silicon errata might be valid is encountered by the assembler.

  The x86/x86_64 linkers now support a command line option to specify the byte to be used as padding when transforming an indirect call to a locally defined function 'foo' into a call via its GOT slot:

  -z call-nop=prefix-addr   generates: "0x67 call foo"
   -z call-nop=prefix-nop     generates: "0x90 call foo"
  -z call-nop=suffix-nop     generates: "call foo 0x90"
   -z call-nop=prefix-<byte> generates: " call foo"
  -z call-nop=suffix-<byte> generates: "call foo <byte>"

November 23, 2015 03:14 PM

FSF Events

Richard Stallman - "El Software Libre y Tu Libertad" (Mexico City, Mexico)

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Lugar: ITAM (Instituto Tecnológico Autónomo de México) Campus Santa Teresa, Auditorio ("se encuentra en el sótano del Edificio de Investigadores. Es el último edificio al fondo del predio"), Av. Camino a Sta. Teresa No. 930 Col. Heroes de Padierna, Mexico D.F. CP 10700, México

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de la Ciudad de México.

November 23, 2015 02:55 PM

guile @ Savannah

Give a talk in GNU Guile's track at FOSDEM!

GNU Guile will have its own developer room at FOSDEM 2016, which will take place in Brussels, Belgium, 30–31 January 2016.

Now is the time to submit a proposal for a talk in our devroom! We welcome all kinds of talks, be it about functional programming with Guile, experience reports on embedding Guile in your application, Web development with Guile, GNU Guix development, and more—Guile has very diverse use cases, and this devroom should reflect that.

We look forward to reading your proposal and to meeting you! :-)

by Ludovic Courtès at November 23, 2015 09:32 AM


November 22, 2015

parallel @ Savannah

GNU Parallel 20151122 ('Bataclan') released [stable]

GNU Parallel 20151122 ('Bataclan') [stable] has been released. It is available for download at:

No new functionality was introduced so this is a good candidate for a stable release.

Haiku of the month:

UNIX pipe too tight?
You should then learn dash dash pipe.
Use GNU Parallel
-- Ole Tange

New in this release:

  • GNU Parallel was cited in: A Detailed Characterization of Errors in Logic Circuits due to Single-Event Transients
  • Bug fixes and man page updates.

GNU Parallel - For people who live life in the parallel lane.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job is can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

You can find more about GNU Parallel at:

You can install GNU Parallel in just 10 seconds with: (wget -O - || curl | bash

Watch the intro video on

Walk through the tutorial (man parallel_tutorial). Your commandline will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2011): GNU Parallel - The Command-Line Power Tool, ;login: The USENIX Magazine, February 2011:42-47.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ lists
  • Get the merchandise
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --bibtex)

If GNU Parallel saves you money:


GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

by Ole Tange at November 22, 2015 07:20 PM


GnuTLS 3.4.7

Released GnuTLS 3.3.19 and GnuTLS 3.4.7 which are bug fix releases in the current and next stable branches.

by Nikos Mavrogiannopoulos ( at November 22, 2015 12:00 AM

November 20, 2015

Sylvain Beucler

Rebuilding Android proprietary SDK binaries

Going back to Android recently, I saw that all tools binaries from the Android project are now click-wrapped by a quite ugly proprietary license, among others an anti-fork clause (details below). Apparently those T&C are years old, but the click-wrapping is newer.

This applies to the SDK, the NDK, Android Studio, and all the essentials you download through the Android SDK Manager.

Since I keep my hands clean of smelly EULAs, I'm working on rebuilding the Android tools I need.
We're talking about hours-long, quad-core + 8GB-RAM + 100GB-disk-eating builds here, so I'd like to publish them as part of a project who cares.

As a proof-of-concept, the Replicant project ships a 4.2 SDK and I contributed build instructions for ADT and NDK (which I now use daily).

(Replicant is currently stuck to a 2013 code base though.)

I also have in-progress instructions on my hard-drive to rebuild various newer versions of the SDK/API levels, and for the NDK whose releases are quite hard to reproduce (no git tags, requires fixes committed after the release, updates are partial rebuilds, etc.) - not to mention that Google doesn't publish the source code until after the official release (closed development) :/ And in some cases like Android Support Repository [not Library] I didn't even find the proper source code, only an old prebuilt.

Would you be interested in contributing, and would you recommend a structure that would promote Free, rebuilt Android *DK?

The legalese

Anti-fork clause:

3.4 You agree that you will not take any actions that may cause or result in the fragmentation of Android, including but not limited to distributing, participating in the creation of, or promoting in any way a software development kit derived from the SDK.

So basically the source is Apache 2 + GPL, but the binaries are non-free. By the way this is not a GPL violation because right after:

3.5 Use, reproduction and distribution of components of the SDK licensed under an open source software license are governed solely by the terms of that open source software license and not this License Agreement.

Still, AFAIU by clicking "Accept" to get the binary you still accept the non-free "Terms and Conditions".

(Incidentally, if Google wanted SDK forks to spread and increase fragmentation, introducing an obnoxious EULA is probably the first thing I'd have recommended. What was its legal team thinking?)

Indemnification clause:

12.1 To the maximum extent permitted by law, you agree to defend, indemnify and hold harmless Google, its affiliates and their respective directors, officers, employees and agents from and against any and all claims, actions, suits or proceedings, as well as any and all losses, liabilities, damages, costs and expenses (including reasonable attorneys fees) arising out of or accruing from (a) your use of the SDK, (b) any application you develop on the SDK that infringes any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person or defames any person or violates their rights of publicity or privacy, and (c) any non-compliance by you with this License Agreement.

Usage restriction:

3.1 Subject to the terms of this License Agreement, Google grants you a limited, worldwide, royalty-free, non-assignable and non-exclusive license to use the SDK solely to develop applications to run on the Android platform.

3.3 You may not use the SDK for any purpose not expressly permitted by this License Agreement. Except to the extent required by applicable third party licenses, you may not: (a) copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK; or (b) load any part of the SDK onto a mobile handset or any other hardware device except a personal computer, combine any part of the SDK with other software, or distribute any software or device incorporating a part of the SDK.

If you know the URLs, you can still direct-download some of the binaries which don't embed the license, but all this feels fishy. GNU licensing didn't answer me (yet). Maybe debian-legal has an opinion?

In any case, the difficulty to reproduce the *DK builds is worrying enough to warrant an independent rebuild.

Did you notice this?

November 20, 2015 02:18 PM

No to ACTA - Paris

Today, there were events all around Europe to block ACTA.

In Paris, the protest started at Place de la Bastille :

APRIL was present, with in particular its president Lionel Allorge, and two members who wore the traditional anti-DRM suit :

Jérémie Zimmermann from La Quadrature du Net gave a speech and urged people to contact their legal representatives, in addition to protesting in the street :

The protest was cheerful and free of violence :

It got decent media coverage :

Notable places it crossed include Place des Victoires :

and Palais Royal, where it ended :

Next protest is in 2 weeks, on March 10th. Update your agenda!

November 20, 2015 02:18 PM

New free OpenGL ES documentation

Great news!

The Learn OpenGL ES website recently switched its licensing to Creative Commons BY-SA 3.0 :)

It provides tutorials for OpenGL ES using Java/Android and WebGL, and is focusing on a more community-oriented creative process. Give them cheers!

November 20, 2015 02:18 PM

Meritous: Free game ported on Android

Base attack

Meritous is a nice, addictive action-adventure dungeon crawl game. Each new game is unique since the dungeon is built in a semi-random fashion. Last but not least, the engine, graphics and sound effects are GPL'd :)

The game is based on SDL 1.2, which has an unofficial Android variant, so I decided to try and port it on my cell phone! The port was surprinsingly smooth and only non-SDL fixes (move big stack allocation to heap) were necessary. Who said it was difficult to program in C on Android? ;)

It was also an opportunity to study the build system for F-Droid, an app market for free software apps, where APKs are rebuilt from source. The spec-like file is here.

The game packaging is also being ressurected for Debian but is being distressfully held hostage in the NEW queue for 2 weeks!

You can download the very first (aka beta) Android version:

  • for free at F-Droid
  • for 0.50€ at GPlay - because publishing at GPlay costs $25 (+30% of sells..)

Comments welcome!

November 20, 2015 02:18 PM

Make sure glue isn't stripped

If you ever get this cryptic error when loading an Android native app:

java.lang.RuntimeException: Unable to start activity ComponentInfo{org.wikibooks.OpenGL/}: java.lang.IllegalArgumentException: Unable to load native library: /data/data/org.wikibooks.OpenGL/lib/
       at android.os.Handler.dispatchMessage(
       at android.os.Looper.loop(
       at java.lang.reflect.Method.invokeNative(Native Method)
       at java.lang.reflect.Method.invoke(
       at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.IllegalArgumentException: Unable to load native library: /data/data/org.wikibooks.OpenGL/lib/
       ... 11 more

This may mean that Java couldn't find the ANativeActivity_onCreate function in your code, because it was stripped by the compiler.

If you use the native_app_glue NDK module, you may have noticed this strange code:

    // Make sure glue isn't stripped.

Let's experiment what happens with and without this line:

Calling app_dummy:

$ arm-linux-androideabi-objdump -T libs/armeabi/  | grep ANativeActivity_onCreate
000067fc g    DF .text  000000f8 ANativeActivity_onCreate

Not calling app_dummy :

$ arm-linux-androideabi-objdump -T libs/armeabi/ | grep ANativeActivity_onCreate
$   # nothing

native_app_glue mainly defines Android callbacks. Since none of them are called directly by your code, the compiler strips the android_native_app_glue.o module entirely. If you use app_dummy however, it embeds it. Fortunately the compiler cannot strip the module on a per-function basis ;)

That's why you need to call app_dummy when using the native_app_glue NDK module.

This looks like a ugly work-around though - isn't there a cleaner way?

November 20, 2015 02:18 PM

Invitation to the GNU Hackers Meeting 2013

Here's a WebGL-powered invitation to the GNU Hackers Meeting 2013, which is taking place in Paris on August 22-25 :)

Free, hardware-accelerated WebGL support is recent under GNU/Linux, you'll need Mesa/Mesa-DRI 9 and Linux kernel 3.6 from Debian sid plus a recent Firefox, though a Mesa-software fallback is usually available in earlier versions. Meanwhile, here's a WebM capture:

(Curious about the capture process?)

Work is underway on an extended version of this invitation/demo, peek here :)

November 20, 2015 02:18 PM

FreeGLUT for OpenGL ES

FreeGLUT on Android

The OpenGL ES port of FreeGLUT is progressing :)

Now we have:

  • Basic Android/EGL port

  • Full X11/EGL port (using Mesa EGL), so we can test GLES on desktop :)

  • Geometry functions: upgrade from glBegin to glVertexPointer and GLES compatibility (triangulation). We also plan to provide shaders-compatible (OpenGL >= 2) geometry functions.

In addition, the work is available in the official repository!

Question: Mesa and Android ship GLES 1&2 in separate libraries. So at first glance, we'll have to ship 3 FreeGLUT builds:

  • / .a

  • / .a with -DFREEGLUT_GLES2 (-lGLESv2 + GLES2/gl2.h)

  • / .a with -DFREEGLUT_GLES1 (-lGLESv1_CM + GLES/gl.h)

Though, EAGL (on iPhone) can initialize either GLES 1 or 2 at run-time. Maybe it's possibly to do that by dlopen'ing the GLES library dynamically, but this won't work for static builds - and make distro packagers cringe unless I'm mistaken ;)

Do you think there's a way to provide a unified version?

November 20, 2015 02:18 PM

Cross-compiling with CMake

I'm working on porting FreeGLUT for Android, and FreeGLUT is switching to CMake.

I'm more familiar with the GNU Autotools myself, and I'm used to cross-compile with a simple:

./configure --host=arm-linux-androideabi

Can we do that with CMake? Well, it's not well-documented, but yes :) Let's see how to do that for Android (smartphones) and MinGW (.exe for windows).

The principle is:

  • write a "toolchain" CMake script that defines the cross-compiler,

  • mention you're using a "GNU" compiler (a.k.a. GCC) so CMake automatically looks for prefixed cross-compilers tools such as arm-linux-androideabi-cpp or arm-linux-androideabi-ld.

  • pass the toolchain script to CMake using the predefined CMAKE_TOOLCHAIN_FILE variable.

  • REMOVE all the CMake-generated files when you change anything, CMake does not rebuild its cache when the toolchain script or PATH is modified, this creates misleading errors. Hence, building in a subdirectory is crucial.

Here's a simple toolchain script:

SET(CMAKE_SYSTEM_NAME Linux)  # Tell CMake we're cross-compiling
# Prefix detection only works with compiler id "GNU"
# CMake will look for prefixed g++, cpp, ld, etc. automatically
CMAKE_FORCE_C_COMPILER(arm-linux-androideabi-gcc GNU)

Note: SET(ANDROID TRUE) is not mandatory for CMake, it's just used to detect an Android build in the particular case of FreeGLUT development.

Here's how to invoke it:

cd /usr/src/freeglut-3.0.0/
mkdir cross-android/ && cd cross-android/
cmake \
  -D CMAKE_TOOLCHAIN_FILE=../android_toolchain.cmake \
make -j4
make install DESTDIR=$(pwd)

Now here's a slightly more complex toolchain for MinGW.

The main issue with MinGW is that there are at least 4 possible prefixes depending on which version and which distro you're using. So I ask the user to specify it with GNU_HOST:

    SET(GNU_HOST i586-mingw32msvc)
# Prefix detection only works with compiler id "GNU"
# CMake doesn't automatically look for prefixed 'windres', do it manually:

I wanted to print an error when GNU_HOST is not specified, but the toolchain script is loaded multiple times, and the command-line variables are not always set (CMake is not super-clean in that regard). So I defined a default, that works.

Sample invocation:

  apt-get install mingw-w64

  mkdir cross-woe/ && cd cross-woe/
  cmake \
    -D GNU_HOST=x86_64-w64-mingw32 \
    -D CMAKE_TOOLCHAIN_FILE=../mingw_cross_toolchain.cmake \
    -D CMAKE_INSTALL_PREFIX=/freeglut \
  make -j4
  make install DESTDIR=$(pwd)

I used this technique to cross-compile my projects, or other projects that use CMake. mingw-cross-env uses this technique (abeilt with explicit definition of all compiler tools) to provide pre-built windows libraries without altering the existing CMake scripts.

Do you people have tips or a better technique to cross-compile with CMake?

November 20, 2015 02:18 PM

Branching FreeGLUT SVN with Git

I'm working on porting FreeGLUT to Android!

Since I don't have access so the repository (I'm not a regular contributor), and since it will be a BIG patch, I thought I'd try a git-svn branch. So this won't be a post on OpenGL for once ;)

I'm not an expert at managing Git branch but here's how I set it up.

In this case, let's forget about importing tags: they don't have the same directory branch point in the hierarchy (sometimes the freeglut/ module, sometimes the parent directory), and git-svn only correctly supports set of sane tags that track the same initial directory.

SVN is SLOW, especially remotely. I suggest you make a rsync copy of the repository first, it will greatly speed up the import :

rsync -avHSP freeglut.svn/

Then start the import with git-svn :

git svn clone --trunk=trunk/freeglut/freeglut file://$(pwd)/freeglut.svn/ freeglut-git/

And edit .git/config to point to :

[svn-remote "svn"]
    url =
    fetch = trunk/freeglut/freeglut:refs/remotes/trunk

I work with 2 branches:

  • master : the SVN on-going sync - may be rebased to push with git svn dcommit
  • android : my feature branch - not rebased and hence trackable by contributors

Here's how I synchronize the upstream repository and merge it regularly with my feature branch:

git svn fetch
git checkout master
git merge remotes/trunk

git checkout android  # my feature branch
git merge master
# if conflict
git add .../sthing.c
git commit -m "Merge master"
git push

Any better way?

The ongoing work is available at :)

November 20, 2015 02:18 PM

Android Free developer tools rebuilds

I published some Free rebuilds of the Android SDK, NDK and ADT at:

As described in my previous post, Google is click-wrapping all developer binaries (including preview versions for which source code isn't published yet) with a non-free EULA, notably an anti-fork clause.

There's been some discussion on where to host this project at the campaign list.

Build instructions are provided, so feel free to check if the builds are reproducible, and contribute instructions for more tools!

November 20, 2015 02:18 PM

November 19, 2015

FSF Blogs

Friday Free Software Directory IRC meetup: November 20th

Join the FSF and friends Friday, November 20th, from 12pm to 3pm EST (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Participate in supporting the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly FSD Meetings pages that everyone is welcome to contribute to before, during, and after each meeting.

November 19, 2015 06:26 PM

guix @ Savannah

Service composition in GuixSD

GuixSD provides a declarative, stateless approach to operating system configuration management. In this context, the mechanism offered to select and compose system services is a crucial one. This post presents the new service framework introduced in the 0.9.0 version of GNU Guix.

Declarative Configuration Management

GuixSD is not like your parents’ distro. Instead of fiddling with configuration files all around, or running commands that do so as a side effect, the system administrator declares what the system will be like. This takes the form of an operating-system declaration, which specifies all the details: file systems, user accounts, locale, timezone, system services, etc.

If you’re familiar with it, this may remind you of what deployment tools like Ansible and Puppet provide. There is an important difference though: GuixSD takes a stateless—or “purely functional”—approach. This means that instantiating the system with guix system always produces the same result, without modifying the current system state. This is what makes it possible to test new system configurations, roll-back to previous ones, and so on. The guix system command allows system configurations to be instantiated on the bare metal, in virtual machines, or in containers, which makes it easy to test them.

In GuixSD, operating-system declarations are first-class objects in the host language. They can be inspected at the REPL:

It is also possible to write functions that take or return OS configurations. For instance, the virtualized-operating-system function returns a variant of the given OS where the set of file systems and the initrd are changed so that the resulting OS can be used in a lightweight virtual machine environment. Likewise for containerized-operating-system.

Services Beyond Daemons

System services are specified in the services field of operating-system declarations, which is a list of service objects. As a user, we want to be able to ideally add one line specifying the system service we want to add, possibly with several instances of a service, and have GuixSD do the right thing.

Before 0.9.0, GuixSD had a narrow definition of what a “system service” is. Each service in the operating-system configuration had to map to exactly one dmd service—GNU dmd is the init system of GuixSD. This would work well in many cases: an SSH server or a log-in daemon is indeed a service that dmd has to take care of, even a file system mount is an operation that can be usefully inserted into dmd’s service dependency graph.

However, this simple mapping failed to capture more complex service composition patterns. A striking example is “super-daemons”—daemons that can spawn other daemons, such as dbus-daemon or inetd. From the user viewpoint, it does not matter whether a daemon is started by dmd, or by dbus-daemon, or by inetd; this should be transparent. If it’s a D-Bus service, then dbus-daemon’s configuration file should be told about the service; if it’s an inetd service, then inetd.conf should be augmented accordingly; if it’s a dmd service, information on how to start and stop it should go to dmd’s configuration file. Unfortunately, the pre-0.9.0 services could not express such things.

Worse, this approach did not capture the more general pattern of service extension. In the examples above, the super-daemons are effectively extended by other services that rely on them. But there are many cases where services are similarly extended: eudev can be passed new device rules, polkit can be extended with new rules and actions, the Pluggable authentication module system (PAM) can be extended with new services, and so on. At that point it was clear that GuixSD’s naive approach wouldn’t scale.

Composing System Services

The lesson learned from these observations is that system services extend each other in various way. The new service composition framework is built around this model: “system services”, broadly defined, can extend each other, and services and their “extends” relationships form a graph. The root of the graph is the operating system itself.

We can see that this pattern applies to services that are not daemons. PAM is one such example. Accounts are another example: GuixSD provides an “account service” that can be extended with new user accounts or groups; for example, the Network time protocol (NTP) daemon needs to run under the unprivileged “ntp” user, so the NTP service extends the account service with an “ntp” user account. Likewise, the “/etc” service can be extended with new files to be added to /etc; the “setuid” service can be extended with new programs to be made setuid-root. See the manual for more examples.

The nice thing is that composition of services is made explicit: extensions can only happen where explicit extension relationships have been declared. By looking at the extension graph, users can see how services fit together. The guix system extension-graph command, for instance, takes an operating-system declaration and renders the extension graph in the Graphviz format, making it easy to inspect the OS configuration structure.

The API makes it easy to see how services contributed to a specific service’s configuration. For instance, the following expression shows the PAM service as extended by other declared services:

The result is a service object whose value is a list of pam-service objects. Likewise, the following expression returns the /etc service, whose value is a list of entries to be added to /etc:

This contrasts with the approach taken by NixOS, GuixSD’s cousin, and described in this 2010 paper. In NixOS, the whole system configuration is described in an “attribute set”—a list of key/value associations, similar to JavaScript objects or Python dictionaries. Each NixOS service is passed the whole system configuration, allowing it to inspect and change any part of it.

This form of ambient authority gives a lot of flexibility, but it makes it harder to reason about service composition—all a service implementation does is inspect, add, or modify attributes of the global configuration, which may or may not affect other services. The use of a loose key/value dictionary also prevents good error reporting; for instance, a typo in a service name may go undetected. Lastly, NixOS services are enabled by writing service.enable = true stanzas, which leads to complications for services that may have several instances, each with its own configuration.

Wrapping Up

The new service composition framework in GuixSD 0.9.0 addresses shortcomings found in previous versions of GuixSD. It simplifies operating-system declarations for users, and provides a highly extensible framework that clearly exposes the way services are composed.

This new framework has already allowed us to integrate Freedesktop and GNOME services in a convenient way. We hope it will prove fruitful as we address other types of services, such as Web services.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

by Ludovic Courtès at November 19, 2015 10:05 AM

November 16, 2015

FSF Events

Richard Stallman - "El movimiento del software libre" (Ciudad Mante, Mexico)

Richard Stallman hablará sobre las metas y la filosofía del movimiento del Software Libre, y el estado y la historia del sistema operativo GNU, el cual junto con el núcleo Linux, es actualmente utilizado por decenas de millones de personas en todo el mundo.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

El lugar exacto de la charla: Teatro del Seguro Social, Ciudad Mante, Tamaulipas, Blvd Luis Echeverría Álvarez 300, Zona Centro, 89800 Ciudad Mante, Tamaulipas

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Tamaulipas.

November 16, 2015 01:45 PM

November 15, 2015

wget @ Savannah

GNU wget 1.17 released

    • Remove FTP passive to active fallback due to privacy concerns.
    • Add support for --if-modified-since.
    • Add support for metalink through --input-metalink and --metalink-over-http.
    • Add support for HSTS through --hsts and --hsts-file.
    • Add option to restrict filenames under VMS.
    • Add support for --rejected-log which logs to a separate file the reasons why URLs are being rejected and some context around it.
    • Add support for FTPS.
    • Do not download/save file on error when --spider enabled
    • Add --convert-file-only option. This option converts only the filename part of the URLs, leaving the rest of the URLs untouched.

by Giuseppe Scrivano at November 15, 2015 03:12 PM

November 12, 2015

FSF Events

Richard Stallman to speak in Fribourg, Switzerland

Speech topic, start time, and exact location to be determined.

Please fill out our contact form, so that we can contact you about future events in and around Fribourg.

November 12, 2015 01:25 PM

Richard Stallman to speak in Bhopal, India

Richard Stallman's speech will be nontechnical, admission is gratis, and the public is encouraged to attend.

Speech topic, start time, and exact location to be determined.

Please fill out our contact form, so that we can contact you about future events in and around Bhopal.

November 12, 2015 01:21 PM

Richard Stallman - "Pour une société numérique libre" (Choisy-le-Roi, France)

Richard Stallman's speech will be in French and nontechnical, admission is gratis, and the public is encouraged to attend.

Please fill out our contact form, so that we can contact you about future events in and around Paris.

November 12, 2015 11:45 AM

gsl @ Savannah

GNU Scientific Library 2.1 released

Version 2.1 of the GNU Scientific Library (GSL) is now available. GSL
provides a large collection of routines for numerical computing in C.

This release is primarily for fixing a few bugs present in the recent
2.0 release, but also provides a brand new module for solving large
linear least squares problems.

The full NEWS file entry is appended below.

The file details for this release are:

The GSL project homepage is

GSL is free software distributed under the GNU General Public License.

Thanks to everyone who reported bugs and contributed improvements.

Patrick Alken


  • What is new in gsl-2.1:
    • added test suite for example programs
    • bug fix when compiling with #undef GSL_DISABLE_DEPRECATED
    • bug fix in setting libtool age versioning
    • bug fix in gsl_multifit_wlinear()
    • added gsl_multifit_linear_rcond() to compute reciprocal

condition number of least squares matrix

    • added gsl_multilarge module for large linear least squares


by Patrick Alken at November 12, 2015 12:51 AM

November 11, 2015

guix @ Savannah

Reproducible builds: a means to an end

What we stand for

GNU Guix is committed to improving the freedom and autonomy of computer users. This obviously manifests in the fact that GuixSD is a fully free distro, and this is what GNU stands for. All the packages in Guix are built from source, including things like firmware where there is an unfortunate tendency to use pre-built binaries; that way, users can know what software they run. On the technical side, Guix also tries hard to empower users by making the whole system as hackable as possible, in a uniform way—making Freedom #1 practical, à la Emacs.

Guix provides pre-compiled binaries of software packages as a service to its users—these are substitutes for local builds. This is a convenient way to save time, but it could become a threat to users if they cannot establish that those substitutes are authentic—that their Corresponding Source really is what it claims to be.

Reproducible builds

We view “reproducible builds” as a technical means to an end: that of guaranteeing user autonomy and safety. What matters here is that, if package build processes are reproducible, then users actually have a chance to verify that the substitutes (pre-compiled binaries) they download correspond to the source code that supposedly produced them.

Guix builds packages in a fully isolated environment to maximize reproducibility—a crucial feature inherited from Nix. Thus, by construction, very few variations are possible between separate instances of a build environment; the set of files accessible in the environment, the host name, environment variables, locale, and so on are fully under control and cannot change. This eliminates a whole class of possible discrepancies between independent builds.

The only things that may vary are the kernel, and the hardware. The most prominent example of how ‘hardware’ details can leak into a build process are timestamps: it’s unfortunately quite common for build processes to query the system clock and record it in build outputs. Eelco Dolstra, Andres Löh, and Nicolas Pierron described sources of non-determinism in their 2010 JFP paper about NixOS, along with a study on how this affects packages of the distribution in practice. The Reproducible Debian project has since made a similar evaluation but at a larger scale, and with a larger number of independent builds, thereby providing more insight.

Reproducible Debian has demonstrated one thing: contrary to what one might expect, sources of non-determinism are common in build processes. To eliminate the sources of non-determinism that remain in spite of the isolation techniques used in Nix and Guix, the most viable approach appears to be to fix upstream projects that suffer from these problems—one by one.

The project is a great effort to try and address that collectively. We are glad Guix hackers were invited to participate in the first Reproducible Build Summit organized by the project, which will take place in December.

Going further

How can we take advantage of the fact that builds are reproducible, when they are, to actually empower users? There are several things we can do.

First, users must be able to build software locally in the same way distribution developers would do it. This possibility is an integral part of the transparent source/binary deployment model provided by functional package management; Guix users can use the --no-substitutes command-line option to force a local build.

Second, we must make it easy for users to use the binary provider of their choice, and possibly to use several of them, something that Guix allows.

Third, it must be equally simple for any user to publish their locally-built binaries as a way to improve diversity and avoid any single point of failure or trust. The guix publish command is a simple way to serve signed binaries over HTTP. A fully peer-to-peer approach based on GNUnet was tackled as part of GSoC 2015; the code needs more work before it can be integrated into Guix, but the approach is promising.

Last but not least, users must be able to challenge binary providers by themselves. The ability to verify binaries should not be the privilege of power developers. To address that, the just-released 0.9.0 version of GNU Guix provides a new command called guix challenge. The command allows users to automatically compare the build results of their local builds against those served by one or more binary providers. It allows both to find out about non-reproducible builds—and indeed, has already proved to be fruitful, and possibly to find out about compromised servers.

This and other matters were discussed in a Guix talk earlier this week (slides). We strongly believe in a future where the ability to authenticate distribution-provided binaries will be commonplace. Let’s build it!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

by Ludovic Courtès at November 11, 2015 02:44 PM

November 10, 2015

www @ Savannah

FSF Blogs

New article by RMS, "Applying the Free Software Criteria"

In "Applying the Free Software Criteria," his latest article, Richard Stallman shows us how to "apply the free software criteria to judge whether a software package, an operating system, a computer, or a web page is fit to recommend." He unpacks the issues for us, case by case, to help us navigate some very murky waters, so as to equip us to make---and recommend---only those computing choices that will respect and protect user freedom.

November 10, 2015 04:45 PM

Christopher Allan Webber

Hash tables are easy (in Guile)

As a programmer, I use hash tables of varying kinds pretty much all day, every day. But one of the odd and embarrassing parts of being a community-trained programmer is that I've never actually implemented one. Eek! Well, today I pulled an algorithms book off the shelf and decided to see how long it would take me to implement their simplest example in Guile. It turns out that it takes less than 25 lines of code to implement a basic hash table with O(1) best time, O(1) average time, and O(n) worst case time. The worst case won't be too common depending on how we size things so this isn't so bad, but we'll get into that as we go along.

Here's the code:

;;; Simple hash table implementation -- (C) 2015 Christopher Allan Webber
;;; Released under the "Any Free License 2015-11-05", whose terms are the following:
;;;   This code is released under any of the free software licenses listed on
;;;   which for archival purposes is

(use-modules (srfi srfi-1))

(define (make-dumbhash size)
  "Make a dumb hash table: an array of buckets"
  (make-array '() size))

(define* (dumbhash-ref dumbhash key #:optional (default #f))
  "Pull a value out of a dumbhash"
  (let* ((hashed-key (hash key (array-length dumbhash)))
         (bucket (array-ref dumbhash hashed-key)))
    (or (find (lambda (x) (equal? (car x) key))

(define (dumbhash-set! dumbhash key val)
  "Set a value in a dumbhash"
  (let* ((hashed-key (hash key (array-length dumbhash)))
         (bucket (array-ref dumbhash hashed-key)))
    ;; Only act if it's not already a member
    (if (not (find (lambda (x) (equal? (car x) key))
        (array-set! dumbhash
                    ;; extend the bucket with the key-val pair
                    (cons (cons key val) bucket)

You might even notice that some of these lines are shared between dumbhash-ref and dumbhash-set!, so this could be even shorter. As-is, sans comments and docstrings, it's a mere 17 lines. That's nothing.

We also cheated a little: we're using hash and equal? to generate a hash and to test for equality, which are arguably the hard parts of the job. But these are provided by Guile, and it's one less thing to worry about. Here's a brief demonstration though:

(equal? 'a 'a)               ;; => #t, or true
(equal? 'a 'b)               ;; => #f, or false
(equal? "same" "same")       ;; => #t
(equal? "same" "different")  ;; => #f
(hash "foo" 10)              ;; => 6
(hash 'bar 10)               ;; => 5

equal? is self-explanatory. The important thing to know about hash is that it'll pick a hash value for a key (the first parameter) for a hash table of some size (the second parameter).

So let's jump into an example. make-dumbhash is pretty simple. It just creates an array of whatever size we pass into it. Let's make a simple hash now:

scheme@(guile-user)> (define our-hash (make-dumbhash 8))
scheme@(guile-user)> our-hash
$39 = #(() () () () () () () ())

This literally made an array of 8 items which easy start out with the empty list as its value (that's nil for you common lispers). (You can ignore the $39 part, which may be different when you try this; Guile's REPL lets you refer to previous results at your prompt by number for fast & experimental hacking.)

So our implementation of hash tables is of fixed size, which doesn't limit the number of items we put into it, since buckets can contain multiple values in case of collision (and collisions tend to happen a lot in hash tables, and we come prepared for that), but this does mean we have an existing guess of about how many buckets we need for efficiency. (Resizing hash tables is left as an exercise for the reader.) Our hash table also uses simple linked lists for its buckets, which isn't too uncommon as it turns out.

Let's put something in the hash table. Animal noises are fun, so:

scheme@(guile-user)> (dumbhash-set! our-hash 'monkey 'ooh-ooh)
scheme@(guile-user)> our-hash
$40 = #(() () () ((monkey . ooh-ooh)) () () () ())

The monkey was appended to the third bucket. This makes sense, because the hash of monkey for size 8 is 3:

scheme@(guile-user)> (hash 'monkey 8)
$41 = 3

We can get back the monkey:

scheme@(guile-user)> (dumbhash-ref our-hash 'monkey)
$42 = (monkey . ooh-ooh)

We've set this up so that it returns a pair when we get a result, but if we try to access something that's not there, we get #f instead of a pair, unless we set a default value:

scheme@(guile-user)> (dumbhash-ref our-hash 'chameleon)
$43 = #f
scheme@(guile-user)> (dumbhash-ref our-hash 'chameleon 'not-here-yo)
$44 = not-here-yo

So let's try adding some more things to our-hash:

scheme@(guile-user)> (dumbhash-set! our-hash 'cat 'meow)
scheme@(guile-user)> (dumbhash-set! our-hash 'dog 'woof)
scheme@(guile-user)> (dumbhash-set! our-hash 'rat 'squeak)
scheme@(guile-user)> (dumbhash-set! our-hash 'horse 'neigh)
scheme@(guile-user)> ,pp our-hash
$45 = #(()
        ((horse . neigh))
        ((rat . squeak) (monkey . ooh-ooh))
        ((cat . meow))
        ((dog . woof))

(,pp is a shortcut to pretty-print something at the REPL, and I've taken the liberty of doing some extra alignment of its output for clarity.)

So we can see we have a collision in here, but it's no problem. Both rat and monkey are in the same bucket, but when we do a lookup of a hashtable in our implementation, we get a list back, and we search to see if that's in there.

We can figure out why this is O(1) average / best time, but O(n) worst time. Assume we made a hash table of the same size as the number of items we put in... assuming our hash procedure gives pretty good distribution, most of these things will end up in an empty bucket, and if they end up colliding with another item (as the rat and monkey did), no big deal, they're in a list. Even though linked lists are of O(n) complexity to traverse, assuming a properly sized hash table, most buckets don't contain any or many items. There's no guarantee of this though... it's entirely possible that we could have a table where all the entries end up in the same bucket. Luckily, given a reasonably sized hash table, this is unlikely. Of course, if we ended up making a hash table that started out with 8 buckets, and then we added 88 entries... collisions are guaranteed in that case. But I already said resizing hash tables is an exercise for the reader. :)

If you're familiar enough with any Scheme (or probably any other Lisp), reading dumbhash-ref and dumbhash-set! should be pretty self-explanatory. If not, go read an introductory Scheme tutorial, and come back! (Relatedly, I think there aren't many good introductory Guile tutorials... I have some ideas though!

What lessons are there to be learned from this post? One might be that Guile is a pretty dang nice hacking environment, which is true! Another might be that it's amazing how far I've gotten in my career without ever writing a hash table, which is also true! But the lesson I'd actually like to convey is: most of these topics are not as unapproachable as they seem. I had a long-time fear that I would never understand such code until I took the time to actually sit down and attempt to write it.

As an additional exercise for the reader, here's a puzzle: is the Any Free License this code released under actually a free license? And what commentary, if any, might the author be making? :)

by Christopher Allan Webber at November 10, 2015 12:01 AM