Planet GNU

Aggregation of development blogs from the GNU Project

October 27, 2021

Trisquel GNU/Linux

Release announcement: Trisquel 9.0.1 Etiona security update

Images are available at https://trisquel.info/download or directly at https://cdimage.trisquel.info/ and its mirrors.

This minor update to the 9.x "Etiona" series is intended to provide an up to date set of ISO images, both for use as an installation medium and as a live environment with newer packages. This addresses two main security concerns in the 9.0 original ISO images:

Along with those fixes, the release includes any other security update published upstream since we published Etiona, and the latest version of the Mozilla-based "Abrowser" (v93).

These updates will contribute to keep the v9.0 branch in good working order as it will continue to be actively maintained until April 2023.

In other news, the development of Trisquel 10 is ongoing at great pace, with initial ISO images being now available for testing at https://cdbuilds.trisquel.org/nabia/ Please note that these images are not yet   intended for production usage, so use them only for testing and development or (as it is true in any case) at your own risk.

 

27 October, 2021 07:36PM by quidam

FSF Blogs

October GNU Spotlight with Mike Gerwitz: 8 new GNU releases!

8 new GNU releases in the last month (as of October 24, 2021):

27 October, 2021 05:27PM

October 26, 2021

GNU Guix

From ‘guix environment’ to ‘guix shell’

There are times when what looked like the right design choice some years back comes out as an odd choice as time passes. The beloved guix environment tool is having that fate. Its command-line interface has become non-intuitive and annoying for the most common use cases. Since it could not be changed without breaking compatibility in fundamental ways, we devised a new command meant to progressively replace it; guix shell—that’s the name we unimaginatively ended up with—has just landed after a three-week review period, itself a followup to discussions and hesitations on the best course of action.

This post introduces guix shell, how it differs from guix environment, the choices we made, and why we hope you will like it.

The story of guix environment

The guix environment command started its life in 2014, when Guix was a two-year old baby and the whole community could fit in a small room. It had one purpose: “to assist hackers in creating reproducible development environments”. It was meant to be similar in spirit to VirtualEnv or Bundler, but universal—not limited to a single language. You would run:

guix environment inkscape

… and obtain an interactive shell with all the packages needed to hack on Inkscape; in that shell, the relevant environment variables—PATH, CPATH, PKG_CONFIG_PATH, and so on—would automatically point to a profile created on the fly and containing the compiler, libraries, and tools Inkscape depends on, but not Inkscape itself.

Only a year later did it become clear that there are cases where one would want to create an environment containing specific packages, rather than an environment containing the dependencies of packages. To address that, David Thompson proposed the --ad-hoc option:

guix environment --ad-hoc inkscape -- inkscape

… would create an environment containing only Inkscape, and would then launch the inkscape command in that environment. Many features were added over the years, such as the invaluable --container option, but these two modes, development and “ad hoc”, are the guts of it.

Fast forward six years: today, there’s consensus that the name --ad-hoc is confusing for newcomers and above all, that the “ad hoc” mode should be the default. This is the main problem that guix shell addresses.

Doing what you’d expect

Changing the default mode from “development environment” to “ad hoc” is technically easy, but how to do that without breaking compatibility is harder. This led to lengthy discussions, including proposals of mechanisms to choose between the new and old semantics.

In the end, keeping the guix environment name while allowing it to have different semantics was deemed dangerous. For one thing, there’s lots of material out there that demoes guix environment—blog posts, magazine articles, on-line courses—and it would have been impossible to determine whether they refer to the “new” or to the “old” semantics. We reached the conclusion that it would be easier to use a new command name and to eventually deprecate guix environment.

With guix shell, the default is to create an environment that contains the packages that appear on the command line; to launch Inkscape, run:

guix shell inkscape -- inkscape

The --ad-hoc option is gone! Likewise, to spawn an ephemeral development environment containing Python and a couple of libraries, run:

guix shell python python-numpy python-scipy -- python3

Now, if you want, say, the development environment of Inkscape, add the --development or -D option right before:

guix shell -D inkscape

You can add Git and GDB on top of it like so:

guix shell -D inkscape git gdb

(Note that -D only applies to the immediately following package, inkscape in this case.) It’s more concise and more natural than with guix environment. As can be seen in the manual, all the other options supported by guix environment remain available in guix shell.

Short-hands for development environments

A convention that’s become quite common is for developers to provide a guix.scm at the top of their project source tree, so that others can start a development environment right away:

guix environment -l guix.scm

The guix.scm file would contain a package definition for the project at hand, as in this example. This option is known as -f in guix shell, for consistency with other commands, and the equivalent command is:

guix shell -D -f guix.scm

Since all Guix commands accept a “manifest” with -m, another option is to provide a manifest.scm file and to run:

guix shell -m manifest.scm

“Wouldn’t it be nice if guix shell would automatically follow these conventions when not given any argument?”, some suggested. As in the case of Bundler, direnv, or typical build tools from Meson to Make, having a default file name can save typing and contribute to a good user experience for frequently-used commands. In this spirit, guix shell automatically loads guix.scm or manifest.scm, from the current directory or an ancestor thereof, such that entering a project to hack on it is as simple as:

cd ~/my/project/src
guix shell

Worry not: guix shell loads guix.scm or manifest.scm if and only if you have first added its directory to ~/.config/guix/shell-authorized-directories. Otherwise guix shell warns you and prints a hint that you can copy/paste if you want to authorize the directory.

Caching environments

With that in place, guix shell can pretty much fill the same role as direnv and similar tools, with one difference though: speed. When all the packages are already in store, guix shell can take one to a few seconds to run, depending on the package set, on whether you’re using a solid state device (SSD) or a “spinning” hard disk, and so on. It’s acceptable but prohibitively slow for direnv-like use cases.

To address that, guix shell maintains a profile cache for the -D -f guix.scm and -m manifest.scm cases. On a hot cache, it runs in 0.1 second. All it has to do is fork a shell with the right environment variable definitions; it does not talk to guix-daemon, and it does not even read guix.scm or manifest.scm (it’s possible to forcefully update the cache with --rebuild-cache).

That makes guix shell usable even for short-lived commands like make:

guix shell -- make

Hopefully it’ll change the way we use the tool!

The shell doctor

While revamping this command-line interface, the idea of a “shell doctor” came up. In interactive use, guix shell sets environment variables and spawns a shell, but it’s not uncommon for the shell to mess up with the whole environment. Why? Because, contrary to documented practice, it’s quite common for users to define or override environment variables in the startup files of non-login shells, ~/.bashrc for Bash, ~/.zshrc for Zsh. Instead, environment variable definitions should go to the startup file of login shells—~/.bash_profile, ~/.profile, or similar. But let’s face it: it’s a subtle distinction that few of us know or care about.

As a result, users of Guix, especially on distros other than Guix System, would often be disappointed when running guix environment --pure and yet find that PATH contains non-Guix entries, that there’s a bogus LD_LIBRARY_PATH definition, and whatnot. Now, they can call the doctor, so to speak, to obtain a diagnosis of the health of their shell by adding the --check flag:

guix shell --check python python-numpy

The command creates an environment containing Python and NumPy, spawns an interactive shell, checks the environment variables as seen by the shell, and prints a warning if PATH or PYTHONPATH in this case have been overridden. It does not tell users where the problem comes from—it cannot guess—but it tells them if something’s wrong, which is a first step.

Of course, the best way to sidestep these problems is to pass --container, which gives a fresh, isolated environment that does not contain those startup files. That’s not always an option though, for instance on systems lacking support for unprivileged user namespaces, so --check comes in handy there.

Try it!

Just run guix pull to get this shiny new guix shell thingie!

If you don’t feel ready yet, that’s OK: guix environment won’t disappear overnight. We have a written commitment to keep it around until May, 1st 2023. Though overall, we hope you’ll find the guix shell interface easier to use and compelling enough that you’ll be willing to switch overnight!

About GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, AArch64 and POWER9 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.

26 October, 2021 03:00PM by Ludovic Courtès

October 22, 2021

parallel @ Savannah

GNU Parallel 20211022 ('Sinclair') released

GNU Parallel 20211022 ('Sinclair') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  GNU parallel is a severely underrated tool for just spawning a
  shitload of tasks. I use it every day and fucking love it.
    -- Jane @serialexpjane@twitter

New in this release:

  • Don't postpone output until $jobslots jobs have been started.
  • Bug fixes and man page updates.

News about GNU Parallel:

Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c82233e7da3166308632ac8c34f850c0
    12345678 c82233e7 da316630 8632ac8c 34f850c0
    $ md5sum install.sh | grep ae3d7aac5e15cf3dfc87046cfc5918d2
    ae3d7aac 5e15cf3d fc87046c fc5918d2
    $ sha512sum install.sh | grep dfc00d823137271a6d96225cea9e89f533ff6c81f
    9c5198d5 31a3b755 b7910ece 3a42d206 c804694d fc00d823 137271a6 d96225ce
    a9e89f53 3ff6c81f f52b298b ef9fb613 2d3f9ccd 0e2c7bd3 c35978b5 79acb5ca
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

22 October, 2021 08:42PM by Ole Tange

October 20, 2021

FSF Blogs

October 19, 2021

gdbm @ Savannah

Version 1.22

Version 1.22 is available for download.  This version includes several bugfixes and improves the documentation.  The list of bugfixes follows:

  • Fix file header validation
  • Fix key verification in sequential access
  • Fix testing with DejaGNU 1.6.3
  • Fix stack overflow in print_usage
  • Fix a leak of avail entry on pushing a new avail block
  • Calls to gdbm_recover preserve crash tolerance settings

19 October, 2021 05:49AM by Sergey Poznyakoff

October 18, 2021

health @ Savannah

MyGNUHealth release 1.0.5 is out!

Dear community

We are very happy to announce MyGNUHealth 1.0.5, the libre, privacy-oriented, Personal Health Record from GNU Health.

This maintenance release contains bug fixes and three new languages for the documentation:

  • French
  • German
  • Spanish

The source English documentation has been revised.

The main package resides at GNU.org, and contains both the source and all the documentation languages.

To save download time and disk space, the packages at the Python Package Index (PyPi) contain only the source English language. You can always download your language(s) pack from GNU.org or read it online at the GNU Health documentation portal (https://www.gnuhealth.org/docs).

Thank you to all contributors, and we hope you enjoy MyGNUHealth as much as we do developing it :)

Happy and healthy hacking
Luis

 

About GNU Health

GNU Health is a Libre, community driven project from GNU Solidario (https://www.gnusolidario.org), a non-profit humanitarian organization focused on Social Medicine. Our project has been adopted by hospitals, laboratories, multilateral organizations and national public health systems around the world.

The GNU Health project provides the tools for individuals, health professionals, institutions and governments to proactively assess and improve the underlying determinants of health, from the socioeconomic agents to the molecular basis of disease. From primary health care to precision medicine.

The main components of the GNU Health digital health ecosystem are:

  • Hospital Management
  • Laboratory Management and bioinformatics
  • Personal Health Record (MyGNUHealth)
  • Thalamus (the GNU Health Federation message server)
  • Health Information System (reporting / epidemiology)

GNU Health is an official GNU project, licensed under GPL v3+

18 October, 2021 08:13PM by Luis Falcon

October 11, 2021

GNU Taler news

Cómo Emitir una Moneda Digital del Banco Central

Nos complace anunciar la publicación de nuestro artículo sobre"Cómo Emitir una Moneda Digital del Banco Central"que es un trabajo conjunto con el Banque nationale suisse.

11 October, 2021 10:00PM

October 09, 2021

remotecontrol @ Savannah

Corrections & Amplifications - WSJ - October 9th, 2021

https://www.wsj.com/articles/corrections-amplifications-11633728902

The editor of the Wall Street Journal has retracted their article about the new Google Nest Thermostat feature by issuing a public correction announcement.

09 October, 2021 11:42AM by Stephen H. Dawson DSL

October 07, 2021

Google Rolls Out Emission-Curbing Tools for Nest Thermostat

https://www.wsj.com/articles/google-rolls-out-emission-curbing-tools-for-nest-thermostat-11633503660

This offering from Google is false advertising. There is no means for an electricity customer to select the source of the electricity provided to their premises.

07 October, 2021 03:33PM by Stephen H. Dawson DSL

nano @ Savannah

GNU nano 5.9 was released

Version 5.5 brought the option --minibar, for a minimized user interface, and version 5.6 brought the spotlighting of a search match, in black on yellow by default.  Subsequent versions added a few minor things and fixed some bugs.

07 October, 2021 10:03AM by Benno Schulenberg

October 06, 2021

FSF Blogs

LibrePlanet 2022 returns online: Submit your session proposal by Dec. 1

The fourteenth edition of the Free Software Foundation's (FSF) conference on technology and social justice will be held in spring 2022, online. The Call for Sessions is now open, and will close on December 1, 2021. Potential talks should examine free software through the lens of this year's theme: Living Liberation.

06 October, 2021 08:40PM

FSF Events

LibrePlanet 2022 CFS office hours

Need help getting your session proposal in good shape? We're holding office hours in #LibrePlanet on Libera.chat every Thursday at 1 PM (EDT/EST).

06 October, 2021 08:28PM

October 05, 2021

FSF News

FSF Blogs

October 04, 2021

automake @ Savannah

automake-1.16.5 released [stable]

This is to announce automake-1.16.5, a stable release.

Thanks to Karl for doing all the real work.
See the NEWS below for a brief summary.

There have been 18 commits by 6 people in the 10 weeks since 1.16.4.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Akim Demaille (1)
  Dimitri Papadopoulos (1)
  Jan Engelhardt (1)
  Jim Meyering (6)
  Karl Berry (8)
  Nick Bowler (1)

Jim [on behalf of the automake maintainers]
==================================================================

Here is the GNU automake home page:
    http://gnu.org/s/automake/

Here are the compressed sources:
  https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.xz (1.6MB)
  https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz (2.3MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.xz.sig
  https://ftp.gnu.org/gnu/automake/automake-1.16.5.tar.gz.sig

Use a mirror for higher download bandwidth:
  https://ftpmirror.gnu.org/automake/automake-1.16.5.tar.xz
  https://ftpmirror.gnu.org/automake/automake-1.16.5.tar.gz

Here are the SHA1 and SHA256 checksums:

8B1YzW2dd/vcqetLvV6tGYgij9tz1veiAfX41rEYtGk  automake-1.16.5.tar.xz
B70krQimS8FyUM4J7FbpIdY0OQOUPpnM9ju/BwXjRgU  automake-1.16.5.tar.gz

Each SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify automake-1.16.5.tar.xz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE

and rerun the 'gpg --verify' command.

Please report bugs and problems to <bug-automake@gnu.org>,
and send general comments and feedback to <automake@gnu.org>.

==================================================================
NEWS

* Bugs fixed

  - PYTHON_PREFIX and PYTHON_EXEC_PREFIX are now set according to
    Python's sys.* values only if the new configure option
    --with-python-sys-prefix is specified. Otherwise, GNU default values
    are used, as in the past. (The change in 1.16.3 was too incompatible.)

  - consistently depend on install-libLTLIBRARIES.

* Distribution

  - use const for yyerror declaration in bison/yacc tests.

04 October, 2021 04:49AM by Jim Meyering

October 02, 2021

FSF News

September 30, 2021

FSF announces JShelter browser add-on to combat threats from nonfree JavaScript

BOSTON, Massachusetts, USA -- Thursday, September 30th, 2021 -- The Free Software Foundation (FSF) today announced the JShelter project, an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection. The project is supported by NLnet Foundation's Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund. Collaborators include Libor Polčák and Bednář Martin (Brno University of Technology), Giorgio Maone (NoScript), and Ana Isabel Carvalho and Ricardo Lafuente (Manufactura Independente). The JShelter browser add-on is in development and the first release is available.

30 September, 2021 10:50PM

FSF Blogs

Keeping your freedom intact when registering or renewing as a DMCA agent

DMCA agent registration only lasts three years before it must be renewed. Use these add-ons to register and renew without the use of nonfree JavaScript.

30 September, 2021 09:58PM

September 29, 2021

GNU Anastasis

GNU Anastasis v0.2.0 released

GNU Anastasis is a Free Software protocol and implementation that allows users to securely deposit core secrets with an open set of escrow providers and to recover these secrets if their original copies are lost.

29 September, 2021 10:00PM

GNU Anastasis v0.2.0 released

GNU Anastasis is a Free Software protocol and implementation that allows users to securely deposit core secrets with an open set of escrow providers and to recover these secrets if their original copies are lost.

29 September, 2021 10:00PM

September 24, 2021

coreutils @ Savannah

Subject: coreutils-9.0 released [stable]

This is to announce coreutils-9.0, a stable release.

This is a new major release, with these significant changes:
  - cp has changed how it handles data
    - enables CoW by default (through FICLONE ioctl),
    - uses copy offload where available (through copy_file_range),
    - detects holes differently (though SEEK_HOLE)
    - This also applies to mv and install.

  - utilities are more tuned to the hardware available
    - wc uses avx2 instructions to count lines
    - cksum uses pclmul instructions for --algorithm=crc

  - More amalgamation of utilities
    - cksum now supports the -a option to select any digest.
    - This is the preferred interface, rather than sha*sum etc.
    - This is similar to the amalgamation of encoding utilities
      introduced in the basenc command in v8.31.
See the NEWS below for more details.

Thanks to everyone who has contributed!
There have been 257 commits by 25 people in the 81 weeks since 8.32
  Andreas Schwab (1)              KOBAYASHI Takashi (2)
  Arman Absalan (1)               Kamil Dudka (4)
  Assaf Gordon (1)                Kristoffer Brånemyr (3)
  Ben Pfaff (1)                   Nikolay Nechaev (1)
  Benno Schulenberg (1)           Nishant Nayan (1)
  Bernhard Voelker (17)           Paul Eggert (97)
  Carl Edquist (2)                Pádraig Brady (110)
  Emanuele Giacomelli (1)         Tianjia Zhang (1)
  Erik Auerswald (1)              Tim Gates (1)
  Grigorii Sokolik (2)            Tobias Stoeckmann (1)
  Jason Kim (1)                   Zorro Lang (1)
  Jim Meyering (7)                nl6720 (1)
  Justin Tracey (1)

Pádraig [on behalf of the coreutils maintainers]

==================================================================

Here is the GNU coreutils home page:
   https://gnu.org/software/coreutils/

For a summary of changes and contributors, see:
   https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.0
or run this command from a git-cloned coreutils directory:
   git shortlog v8.32..v9.0

To summarize the 1615 gnulib-related changes, run these commands
from a git-cloned coreutils directory:
   git checkout v9.0
   git submodule summary v8.32

==================================================================


Here are the compressed sources:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.0.tar.gz   (14MB)
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.0.tar.xz   (5.4MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.0.tar.gz.sig
  https://ftp.gnu.org/gnu/coreutils/coreutils-9.0.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

027a318930f295cb5bbc0dd06fb47a3b8552fc80  coreutils-9.0.tar.gz
b9TriKUVAEl3/HLX9HtAYgQJzEHfrwBBn90b4XZjxDQ  coreutils-9.0.tar.gz
e2623469f37259d4a89ced5f91af5eaf0ab8792d  coreutils-9.0.tar.xz
zjCs30pBvFuzDdlV6eqnX6IWtOPesIiJ7TJDPHs7l84  coreutils-9.0.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify coreutils-9.0.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys DF6FD971306037D9

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16.4
  Gnulib v0.1-4937-g9aca7b673
  Bison 3.7.4

==================================================================

NEWS

* Noteworthy changes in release 9.0 (2021-09-24) [stable]

** Bug fixes

  chmod -v no longer misreports modes of dangling symlinks.
  [bug introduced in coreutils-5.3.0]

  cp -a --attributes-only now never removes destination files,
  even if the destination files are hardlinked, or the source
  is a non regular file.
  [bug introduced in coreutils-8.6]

  csplit --suppress-matched now elides the last matched line
  when a specific number of pattern matches are performed.
  [bug introduced with the --suppress-matched feature in coreutils-8.22]

  df no longer outputs duplicate remote mounts in the presence of bind mounts.
  [bug introduced in coreutils-8.26]

  df no longer mishandles command-line args that it pre-mounts
  [bug introduced in coreutils-8.29]

  du no longer crashes on XFS file systems when the directory hierarchy is
  heavily changed during the run.
  [bug introduced in coreutils-8.25]

  env -S no longer crashes when given unusual whitespace characters
  [bug introduced in coreutils-8.30]

  expr no longer mishandles unmatched \(...\) in regular expressions.
  [bug introduced in coreutils-6.0]

  ls no longer crashes when printing the SELinux context for unstatable files.
  [bug introduced in coreutils-6.9.91]

  mkdir -m no longer mishandles modes more generous than the umask.
  [bug introduced in coreutils-8.22]

  nl now handles single character --section-delimiter arguments,
  by assuming a second ':' character has been specified, as specified by POSIX.
  [This bug was present in "the beginning".]

  pr again adjusts tabs in input, to maintain alignment in multi column output.
  [bug introduced in coreutils-6.9]

  rm no longer skips an extra file when the removal of an empty directory fails.
  [bug introduced by the rewrite to use fts in coreutils-8.0]

  split --number=K/N will again correctly split chunk K of N to stdout.
  Previously a chunk starting after 128KiB, output the wrong part of the file.
  [bug introduced in coreutils-8.26]

  tail -f no longer overruns a stack buffer when given too many files
  to follow and ulimit -n exceeds 1024.
  [bug introduced in coreutils-7.5]

  tr no longer crashes when using --complement with certain
  invalid combinations of case character classes.
  [bug introduced in coreutils-8.6]

  basenc --base64 --decode no longer silently discards decoded characters
  on (1024*5) buffer boundaries
  [bug introduced in coreutils-8.31]

** Changes in behavior

  cp and install now default to copy-on-write (COW) if available.

  cp, install and mv now use the copy_file_range syscall if available.
  Also, they use lseek+SEEK_HOLE rather than ioctl+FS_IOC_FIEMAP on sparse
  files, as lseek is simpler and more portable.

  On GNU/Linux systems, ls no longer issues an error message on a
  directory merely because it was removed.  This reverts a change
  that was made in release 8.32.

  ptx -T no longer attempts to substitute old-fashioned TeX escapes
  for 8-bit non-ASCII alphabetic characters.  TeX indexes should
  instead use '\usepackage[latin1]{inputenc}' or equivalent.

  stat will use decomposed (major,minor) device numbers in its default format.
  This is less ambiguous, and more consistent with ls.

  sum [-r] will output a file name, even if only a single name is passed.
  This is consistent with sum -s, cksum, and other sum(1) implementations.

** New Features

  cksum now supports the -a (--algorithm) option to select any
  of the existing sum, md5sum, b2sum, sha*sum implementations etc.
  cksum now subsumes all of these programs, and coreutils
  will introduce no future standalone checksum utility.

  cksum -a now supports the 'sm3' argument, to use the SM3 digest algorithm.

  cksum --check now supports auto detecting the digest type to use,
  when verifying tagged format checksums.

  expr and factor now support bignums on all platforms.

  ls --classify now supports the "always", "auto", or "never" flags,
  to support only outputting classifier characters if connected to a tty.

  ls now accepts the --sort=width option, to sort by file name width.
  This is useful to more compactly organize the default vertical column output.

  ls now accepts the --zero option, to terminate each output line with
  NUL instead of newline.

  nl --line-increment can now take a negative number to decrement the count.

  stat supports more formats for representing decomposed device numbers.
  %Hd,%Ld and %Hr,%Lr will output major,minor device numbers and device types
  respectively.  %d corresponds to st_dev and %r to std_rdev.

** Improvements

  cat --show-ends will now show \r\n as ^M$.  Previously the \r was taken
  literally, thus overwriting the first character in the line with '$'.

  cksum [-a crc] is now up to 4 times faster by using a slice by 8 algorithm,
  and at least 8 times faster where pclmul instructions are supported.
  A new --debug option will indicate if pclmul is being used.

  md5sum --check now supports checksum files with CRLF line endings.
  This also applies to cksum, sha*sum, and b2sum.

  df now recognizes these file systems as remote:
  acfs, coda, fhgfs, gpfs, ibrix, ocfs2, and vxfs.

  rmdir now clarifies the error if a symlink_to_dir/ has not been traversed.
  This is the case on GNU/Linux systems, where the trailing slash is ignored.

  stat and tail now know about the "devmem", "exfat", "secretmem", "vboxsf",
  and "zonefs" file system types.  stat -f -c%T now reports the file system
  type, and tail -f uses polling for "vboxsf" and inotify for the others.

  timeout now supports sub-second timeouts on macOS.

  wc is up to 5 times faster when counting only new line characters,
  where avx2 instructions are supported.
  A new --debug option will indicate if avx2 is being used.

24 September, 2021 01:55PM by Pádraig Brady

September 22, 2021

parallel @ Savannah

GNU Parallel 20210922 ('Vindelev') released [stable]

GNU Parallel 20210922 ('Vindelev') [stable] has been released. It is available for download at: lbry://@GnuParallel:4

No new functionality was introduced so this is a good candidate for a
stable release.

Quote of the month:

  Take a look at GNU Parallel. It’s magnificent.
    -- Siira@ycombinator.com

New in this release:

  • Bug fixes and man page updates.

News about GNU Parallel:

Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c82233e7da3166308632ac8c34f850c0
    12345678 c82233e7 da316630 8632ac8c 34f850c0
    $ md5sum install.sh | grep ae3d7aac5e15cf3dfc87046cfc5918d2
    ae3d7aac 5e15cf3d fc87046c fc5918d2
    $ sha512sum install.sh | grep dfc00d823137271a6d96225cea9e89f533ff6c81f
    9c5198d5 31a3b755 b7910ece 3a42d206 c804694d fc00d823 137271a6 d96225ce
    a9e89f53 3ff6c81f f52b298b ef9fb613 2d3f9ccd 0e2c7bd3 c35978b5 79acb5ca
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

22 September, 2021 09:52PM by Ole Tange

September 18, 2021

GNU MediaGoblin

MediaGoblin 0.12.0: Potions

Potions
"Potions" by Charlotte Koch (reproduced with permission)

Happy Software Freedom Day! Today we're pleased to announce the release of MediaGoblin 0.12.0. See the release notes for full details and upgrading instructions.

This release resolves two significant issues in the Celery backend media processing. The first was causing processed media to be marked as failed and the second was inhibiting useful error messages. We've also resolved installation issues caused by deprecated upstream code in the Werkzeug and jsonschema libraries.

We've added provisional gmg serve and gmg celery commands to simplify deployment. These commands may change in the future and are not yet recommended in the deployment documentation. If your deployment is already running smoothly, there's no reason to switch at this stage.

Thanks to Rodrigo Martins, Marco Pessotto and Jgart for their contributions in this release. Thanks again to Charlotte for allowing us to feature her artwork.

To join us and help improve MediaGoblin, please visit our getting involved page.

18 September, 2021 05:00AM by Ben Sturmfels

September 15, 2021

unifont @ Savannah

Unifont 14.0.01 Released

14 September 2021 Unifont 14.0.01 is now available.  This adds glyphs for all new ranges in Unicode 14.0.0 Plane 0 and Plane 1.  See http://unifoundry.com/unifont/ for further details.

Download this release from GNU server mirrors at:

     https://ftpmirror.gnu.org/unifont/unifont-14.0.01/

or if that fails,

     https://ftp.gnu.org/gnu/unifont/unifont-14.0.01/

or, as a last resort,

     ftp://ftp.gnu.org/gnu/unifont/unifont-14.0.01/

These files are also available on the unifoundry.com website:

     https://unifoundry.com/pub/unifont/unifont-14.0.01/

Font files are in the subdirectory

     https://unifoundry.com/pub/unifont/unifont-14.0.01/font-builds/

15 September, 2021 02:50AM by Paul Hardy

September 11, 2021

bison @ Savannah

Bison 3.8.1 released

I'm very pleased to announce the release of Bison 3.8(.1), whose main
novelty is the D backend for deterministic parsers, contributed by
Adela Vais.  It supports all the bells and whistles of Bison's other
deterministic parsers, which include: pull/push interfaces, verbose
and custom error messages, lookahead correction, LALR(1), IELR(1),
canonical LR(1), token constructors, internationalization, locations,
printers, token and symbol prefixes, and more.

There are several other notable changes.  Please see the detailed NEWS
below for more details.

Cheers!

==================================================================

Here are the compressed sources:
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.gz   (6.1MB)
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.lz   (3.1MB)
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.xz   (3.1MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.gz.sig
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.lz.sig
  https://ftp.gnu.org/gnu/bison/bison-3.8.1.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

79e97c868475c0e20286d62021f2a7cfd20610f7  bison-3.8.1.tar.gz
zjGKRxlhVft8JpErUTEC89DhR1fC5JXjRgh1e2EznFw  bison-3.8.1.tar.gz
e7fe4142c22ac5353ec4416652a56e9da951ffa5  bison-3.8.1.tar.lz
AJ2nWoBj4aO9IVRrN+UkISBWiR/CySr6EanzlphoIbg  bison-3.8.1.tar.lz
9772ea3130d6cbddaefe29a659698775a5701394  bison-3.8.1.tar.xz
MfxgJIiq1r3s8MzFVuD8cvxXzcWVz5I5jwIODPSYDxU  bison-3.8.1.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify bison-3.8.1.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 0DDCAA3278D5264E

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16b
  Flex 2.6.4
  Gettext 0.20.1.153-6c39c
  Gnulib v0.1-4853-g964ce0a92

==================================================================

GNU Bison is a general-purpose parser generator that converts an annotated
context-free grammar into a deterministic LR or generalized LR (GLR) parser
employing LALR(1) parser tables.  Bison can also generate IELR(1) or
canonical LR(1) parser tables.  Once you are proficient with Bison, you can
use it to develop a wide range of language parsers, from those used in
simple desk calculators to complex programming languages.

Bison is upward compatible with Yacc: all properly-written Yacc grammars
work with Bison with no change.  Anyone familiar with Yacc should be able to
use Bison with little trouble.  You need to be fluent in C, C++, D or Java
programming in order to use Bison.

Bison and the parsers it generates are portable, they do not require any
specific compilers.

GNU Bison's home page is https://gnu.org/software/bison/.

==================================================================

NEWS

* Noteworthy changes in release 3.8.1 (2021-09-11) [stable]

  The generation of prototypes for yylex and yyerror in Yacc mode is
  breaking existing grammar files.  To avoid breaking too many grammars, the
  prototypes are now generated when `-y/--yacc` is used *and* the
  `POSIXLY_CORRECT` environment variable is defined.

  Avoid using `-y`/`--yacc` simply to comply with Yacc's file name
  conventions, rather, use `-o y.tab.c`.  Autoconf's AC_PROG_YACC macro uses
  `-y`.  Avoid it if possible, for instance by using gnulib's gl_PROG_BISON.


* Noteworthy changes in release 3.8 (2021-09-07) [stable]

** Backward incompatible changes

  In conformance with the recommendations of the Graphviz team
  (https://marc.info/?l=graphviz-devel&m=129418103126092), `-g`/`--graph`
  now generates a *.gv file by default, instead of *.dot.  A transition
  started in Bison 3.4.

  To comply with the latest POSIX standard, in Yacc compatibility mode
  (options `-y`/`--yacc`) Bison now generates prototypes for yyerror and
  yylex.  In some situations, this is breaking compatibility: if the user
  has already declared these functions but with some differences (e.g., to
  declare them as static, or to use specific attributes), the generated
  parser will fail to compile.  To disable these prototypes, #define yyerror
  (to `yyerror`), and likewise for yylex.

** Deprecated features

  Support for the YYPRINT macro is removed. It worked only with yacc.c and
  only for tokens.  It was obsoleted by %printer, introduced in Bison 1.50
  (November 2002).

  It has always been recommended to prefer `%define api.value.type foo` to
  `#define YYSTYPE foo`.  The latter is supported in C for compatibility
  with Yacc, but not in C++.  Warnings are now issued if `#define YYSTYPE`
  is used in C++, and eventually support will be removed.

  In C++ code, prefer value_type to semantic_type to denote the semantic
  value type, which is specified by the `api.value.type` %define variable.

** New features

*** A skeleton for the D programming language

  The "lalr1.d" skeleton is now officially part of Bison.

  It was originally contributed by Oliver Mangold, based on Paolo Bonzini's
  lalr1.java, and was improved by H. S. Teoh.  Adela Vais then took over
  maintenance and invested a lot of efforts to complete, test and document
  it.

  It now supports all the bells and whistles of the other deterministic
  parsers, which include: pull/push interfaces, verbose and custom error
  messages, lookahead correction, token constructors, internationalization,
  locations, printers, token and symbol prefixes, etc.

  Two examples demonstrate the D parsers: a basic one (examples/d/simple),
  and an advanced one (examples/d/calc).

*** Option -H, --header and directive %header

  The option `-H`/`--header` supersedes the option `--defines`, and the
  directive %header supersedes %defines.  Both `--defines` and `%defines`
  are, of course, maintained for backward compatibility.

*** Option --html

  Since version 2.4 Bison can be used to generate HTML reports.  However it
  was a two-step process: first bison must be invoked with option `--xml`,
  and then xsltproc must be run to the convert the XML reports into HTML.

  The new option `--html` combines these steps.  The xsltproc program must
  be available.

*** A C++ native GLR parser

  A new version of the C++ GLR parser was added: "glr2.cc".  It generates
  "true C++11", instead of a C++ wrapper around a C parser as does the
  existing "glr.cc" parser.  As a first significant consequence, it supports
  `%define api.value.type variant`, contrary to glr.cc.

  It should be upward compatible in terms of interface, feature and
  performance to "glr.cc". To try it out, simply use

  %skeleton "glr2.cc"

  It will eventually replace "glr.cc".  However we need user feedback on
  this skeleton.  _Please_ report your results and comments about it.

*** Counterexamples

  Counterexamples now show the rule numbers, and always show ε for rules
  with an empty right-hand side.  For instance

    exp
    ↳ 1: e1       e2     "a"
         ↳ 3: ε • ↳ 1: ε

  instead of

    exp
    ↳ e1  e2  "a"
      ↳ • ↳ ε

*** Lookahead correction in Java

  The Java skeleton (lalr1.java) now supports LAC, via the `parse.lac`
  %define variable.

*** Abort parsing for memory exhaustion (C)

  User actions may now use `YYNOMEM` (similar to `YYACCEPT` and `YYABORT`)
  to abort the current parse with memory exhaustion.

*** Printing locations in debug traces (C)

  The `YYLOCATION_PRINT(File, Loc)` macro prints a location.  It is defined
  when (i) locations are enabled, (ii) the default type for locations is
  used, (iii) debug traces are enabled, and (iv) `YYLOCATION_PRINT` is not
  already defined.

  Users may define `YYLOCATION_PRINT` to cover other cases.

*** GLR traces

  There were no debug traces for deferred calls to user actions.  They are
  logged now.

11 September, 2021 05:09PM by Akim Demaille

September 07, 2021

GNU Anastasis

GNU Anastasis v0.1.0 released

GNU Anastasis is a Free Software protocol and implementation that allows users to securely deposit core secrets with an open set of escrow providers and to recover these secrets if their original copies are lost.

07 September, 2021 10:00PM

GNU Anastasis v0.1.0 released

GNU Anastasis is a Free Software protocol and implementation that allows users to securely deposit core secrets with an open set of escrow providers and to recover these secrets if their original copies are lost.

07 September, 2021 10:00PM

September 05, 2021

Applied Pokology

Array boundaries and closures in Poke

Poke arrays are rather peculiar. One of their seemingly bizarre characteristics is the fact that the expressions calculating their boundaries (when they are bounded) evaluate in their own lexical environment, which is captured. In other words: the expressions denoting the boundaries of Poke arrays conform closures. Also, the way they evaluate may be surprising. This is no capricious.

05 September, 2021 10:05PM

September 03, 2021

gzip @ Savannah

gzip-1.11 released [stable]

This is to announce gzip-1.11, a stable release.

There have been 43 commits by 5 people in the 2.7(!) years since 1.10.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bjarni Ingi Gislason (1)
  Dmitry V. Levin (1)
  Ilya Leoshkevich (8)
  Jim Meyering (20)
  Paul Eggert (13)

Jim [on behalf of the gzip maintainers]
==================================================================

Here is the GNU gzip home page:
    http://gnu.org/s/gzip/

For a summary of changes and contributors, see:
  http://git.sv.gnu.org/gitweb/?p=gzip.git;a=shortlog;h=v1.11
or run this command from a git-cloned gzip directory:
  git shortlog v1.10..v1.11

To summarize the 2581 gnulib-related changes, run these commands
from a git-cloned gzip directory:
  git checkout v1.11
  git submodule summary v1.10

==================================================================
Here are the compressed sources:
  https://ftp.gnu.org/gnu/gzip/gzip-1.11.tar.gz   (1.2MB)
  https://ftp.gnu.org/gnu/gzip/gzip-1.11.tar.xz   (788KB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/gzip/gzip-1.11.tar.gz.sig
  https://ftp.gnu.org/gnu/gzip/gzip-1.11.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are SHA1 and SHA256 checksums:
  ee2d3f44d8b370db7090b4c3250132cd62b38ec6  gzip-1.11.tar.gz
  PooODEW60wCTQdzhfXFTbExlXZMTA5AhznVUomzVDtk  gzip-1.11.tar.gz
  adf4964893a45a211a888f8943c939f2794d86d4  gzip-1.11.tar.xz
  m5qV1o/cuTaEmk1vrai/hobN31i5smycQontDJKneQc  gzip-1.11.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify gzip-1.11.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16d
  Gnulib v0.1-4886-g93280a4bd

NEWS

* Noteworthy changes in release 1.11 (2021-09-03) [stable]

** Performance improvements

  IBM Z platforms now support hardware-accelerated deflation.

03 September, 2021 03:00PM by Jim Meyering

September 02, 2021

FSF News

gdbm @ Savannah

Version 1.21

Version 1.21 is available for download.  This version introduces an important new feature: Crash tolerance, brought to gdbm by Terence Kelly.

02 September, 2021 02:28PM by Sergey Poznyakoff

August 23, 2021

GNU Taler news

GNU Taler v0.8 released

We are happy to announce the release of GNU Taler v0.8.

23 August, 2021 10:00PM

August 22, 2021

health @ Savannah

MyGNUHealth maintenance release 1.0.4 is out!

Dear community

I am pleased to announce the maintanance release 1.0.4 from MyGNUHealth, the GNUHealth Personal Health Record.

It fixes plotting issues when matplotlib uses unsorted records or dup batch inputs.

You can see the Changelog at GNU Savannah mercurial server.

The package is at GNU.org, the Python Package Index (PyPi) and different GNU/Linux distributions.

Happy and healthy hacking!
Luis

--
Dr. Luis Falcon, MD, MSc
President, GNU Solidario
Advancing Social Medicine
http://www.gnuhealth.org

22 August, 2021 09:41PM by Luis Falcon

parallel @ Savannah

GNU Parallel 20210822 ('Kabul') released

GNU Parallel 20210822 ('Kabul') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  Safe to say, @GnuParallel was a life changer during my PhD! It helped
  me optimise so many of my tasks and analyses.
    -- Parice Brandies @PariceBrandies@twitter

New in this release:

  • --ctag/--ctagstring colors the tag in different colors for each job.
  • You can use unit prefixes (k, m, g, etc) with -n -N -L.
  • Bug fixes and man page updates.

News about GNU Parallel:

Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c82233e7da3166308632ac8c34f850c0
    12345678 c82233e7 da316630 8632ac8c 34f850c0
    $ md5sum install.sh | grep ae3d7aac5e15cf3dfc87046cfc5918d2
    ae3d7aac 5e15cf3d fc87046c fc5918d2
    $ sha512sum install.sh | grep dfc00d823137271a6d96225cea9e89f533ff6c81f
    9c5198d5 31a3b755 b7910ece 3a42d206 c804694d fc00d823 137271a6 d96225ce
    a9e89f53 3ff6c81f f52b298b ef9fb613 2d3f9ccd 0e2c7bd3 c35978b5 79acb5ca
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

22 August, 2021 08:02PM by Ole Tange

August 15, 2021

GNU Anastasis

Anastasis becomes a GNU package

Anastasis is now officially a GNU package.

15 August, 2021 10:00PM

GNU Health

GNU Health emergency response in Haiti

Yesterday, yet another devastating earthquake hit the southern area of Haiti.

Immediately knowing about the earthquake, we contacted our representative in Haiti, Pierre Michel Augustin, and started an emergency humanitarian response in coordination with our team in the country .

Haiti suffers from recurrent natural disasters (hurricanes, earthquakes). In the last years, Haiti has also been a victim of structural poverty and civil unrest. Haitians are strong, resilient, noble people. Haiti is the land of the free and the brave (see my post “My trip to Haiti, the land of the Free and the Brave” ), yet it seems like the world has forgotten about Haiti.

GNU Solidario emergency response campaign in Haiti: https://www.gnusolidario.org/haiti.html

Archive picture (credit: UN Photo/Marco Dormino).

We need emergency response now, but we also need to work on Social Medicine, and tackle the socioeconomic determinants that are the root cause of the structural poverty in Haiti. Only then, our Haitians brothers and sisters will be able to recover the dignity that they deserve, and grow in prosperity. We need to create the conditions, working the local community in the country to strengthen the public health and education system. GNU Health is part of this program.

Our local representative, engineer Pierre Michel Augustin, has been working in the localization of GNU Health, and by the end of 2021, we will have the GNU Health node fully operational in Limbé. The Haiti GNU Health office will provide training and support to the local and regional health professionals and institutions.

The GNU Health project focuses on helping health professionals delivering Social Medicine and health informatics.

Natural disasters have a profound impact in the short, medium and long period in any nation. The situation gets much worse when they hit impoverished nations. So, in the short term, we will put all the effort to tackle this emergency and save lives. For the medium and long term, we will continue the GNU Health node in Haiti and building the GNU Health Federation in the country, in cooperation with the local team, academic and health institutions.

Creating local capacity is key to make the project sustainable. Resources will be dedicated to build the infrastructure (hardware, network..), but the main focus and effort will be on building local capacity, and training the local team to make them independent and build a sustainable and ethical model.

Visit https://www.gnusolidario.org/haiti.html to support our mission in Haiti

In the end, technology is just a medium, and GNU Health is a social project that uses really cool Free/Libre technology and open science, for the betterment of our societies.

Please consider helping GNU Solidario humanitarian campaign in Haiti, by visiting the following link:

https://www.gnusolidario.org/haiti.html

About GNU Solidario:

GNU Solidario is a non-profit humanitarian organization focused on Social Medicine. We have missions around the globe, and our projects has been adopted by health institutions, multilateral organizations and national public health systems around the world.

GNU Solidario is the organization behind GNU Health, the award winning Free / Libre digital health ecosystem, that provides a Hospital Management System, a Lab Information System, a Personal Health Record and a distributed, Federated health network.

GNU Health is a GNU official project ( see www.gnu.org), licensed under the GNU General Public License, GPL v3+

15 August, 2021 01:26PM by Luis Falcon

August 14, 2021

grep @ Savannah

grep-3.7 released [stable]

This is to announce grep-3.7, a stable release.

There have been 33 commits by 6 people in the 40 weeks since 3.6.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Helge Kreutzmann (1)
  Jim Meyering (15)
  Kevin Locke (2)
  Marek Suppa (1)
  Mateusz Okulus (1)
  Paul Eggert (13)

There were also 855 changes via the gnulib submodule.
==================================================================
Here is the GNU grep home page:
    http://gnu.org/s/grep/

Here are the compressed sources:
  https://ftp.gnu.org/gnu/grep/grep-3.7.tar.gz   (2.6MB)
  https://ftp.gnu.org/gnu/grep/grep-3.7.tar.xz   (1.6MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/grep/grep-3.7.tar.gz.sig
  https://ftp.gnu.org/gnu/grep/grep-3.7.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

5359ea0105cedfa21a63c89b22e0d7b41b016a40  grep-3.7.tar.gz
wisM8tT2u+WZyQI4foBYmQ4e7pmu8zOiA4KeX9Pbs0I  grep-3.7.tar.gz
4d56da85e468e4012c81533a22052014a4c98b17  grep-3.7.tar.xz
XBDaMSRgrschmE1dgyRtJFIOxDjdSNerWgXbwNbWgjw  grep-3.7.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify grep-3.7.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16d
  Gnulib v0.1-4847-g1cb09be022

===============================
NEWS

* Noteworthy changes in release 3.7 (2021-08-14) [stable]

** Changes in behavior

  Use of the --unix-byte-offsets (-u) option now evokes a warning.
  Since 3.1, this Windows-only option has had no effect.

** Bug fixes

  Preprocessing N patterns would take at least O(N^2) time when too many
  patterns hashed to too few buckets. This now takes seconds, not days:
  : | grep -Ff <(seq 6400000 | tr 0-9 A-J)
  [Bug#44754 introduced in grep 3.5]

14 August, 2021 08:12PM by Jim Meyering

August 12, 2021

Parabola GNU/Linux-libre

TalkingParabola merged in main ISO and installation medium with installer

Last year Arch integrated the features from the TalkingArch project into archiso and some months ago they added an installer into their installation medium. As a result, and with some delay, TalkingParabola was deprecated and we added these features to our ISOs too. They are available in out download page as well.

Note that although the OpenRC LXDE ISO has the speech boot option, this only works for CLI. Screen reader support will be added in the future for the GUI and the current installer will be replaced with one based in Zen Installer.

12 August, 2021 05:43AM by David P.

August 07, 2021

GNU Taler news

Code Blau GmbH deploys first external Taler auditor

We received a grant from NLnet foundation with the goal to qualify Code Blau GmbH to act as an external auditor for GNU Taler. To do this, we created a guide that describes how to deploy a Taler auditor and then practiced the steps using the existing Taler exchange deployment at BFH. Code Blau wrote a report detailing all the steps taken. Finally, we have created a draft of the kind of business agreement that Code Blau would enter with banks operating the Taler payment system. We thank CodeBlau for their work, and NLnet and the European Commission's Horizion 2020 NGI initiative for funding this work.

07 August, 2021 10:00PM

GNUnet News

GNUnet 0.15.0

GNUnet 0.15.0 released

We are pleased to announce the release of GNUnet 0.15.0.
This is a new major release. It breaks protocol compatibility with the 0.14.x versions. Please be aware that Git master is thus henceforth INCOMPATIBLE with the 0.14.x GNUnet network, and interactions between old and new peers will result in issues. 0.14.x peers will be able to communicate with Git master or 0.14.x peers, but some services - in particular GNS - will not be compatible.
The MESSENGER service goes out of experimental to be used by libraries and applications as dependency. It handles decentralized messaging in flexible groups by using the CADET service and messages can be signed with your ego from the IDENTITY service. The service is still in an early stage, so its protocol (currently version 0.1) will likely adapt or change in future releases to some degree.
In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.15.0 release is still only suitable for early adopters with some reasonable pain tolerance .

Download links

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Noteworthy changes in 0.15.0 (since 0.14.1)

  • GNS :
  • SCALARPRODUCT : Crypto ported to libsodium improving performance. #6818
  • RECLAIM : Added support for BBS+ blind signature credentials for selective disclosure.
  • UTIL :
    • Swap gnunet-config's default behaviour for the rewrite flag.
    • Config file is not not always written
    • Introduced new TIME helper functions
  • SETU : Implemented set union subsystem along with technical specification LSD0003 .
  • MESSENGER : New messenger component moved out of experimental.

A detailed list of changes can be found in the ChangeLog and the bug tracker .

Known Issues

  • There are known major design issues in the TRANSPORT, ATS and CORE subsystems which will need to be addressed in the future to achieve acceptable usability, performance and security.
  • There are known moderate implementation limitations in CADET that negatively impact performance.
  • There are known moderate design issues in FS that also impact usability and performance.
  • There are minor implementation limitations in SET that create unnecessary attack surface for availability.
  • The RPS subsystem remains experimental.
  • Some high-level tests in the test-suite fail non-deterministically due to the low-level TRANSPORT issues.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, Daniel Golle, Alessio Vanni, Thien-Thi Nguyen, Elias Summermatter, t3sserakt, TheJackiMonster and Martin Schanzenbach.

07 August, 2021 10:00PM

August 05, 2021

mailutils @ Savannah

Version 3.13

Version 3.13 of GNU mailutils is [https://ftp.gnu.org/gnu/mailutils/mailutils-3.13.tar.gz available for download.

New in this version:

  • Improved mailbox locking.
  • Changes in the 'locking' configuration statement.
  • Important changes in mail utility.

05 August, 2021 11:46AM by Sergey Poznyakoff

August 02, 2021

GNU Guix

Taming the ‘stat’ storm with a loader cache

It was one of these days where some of us on IRC were rehashing that old problem—that application startup in Guix causes a “stat storm”—and lamenting the lack of a solution when suddenly, Ricardo proposes what, in hindsight, looks like an obvious solution: “maybe we could use a per-application ld cache?”. A moment where collective thinking exceeds the sum of our individual thoughts. The result is one of the many features that made it in the core-updates branch, slated to be merged in the coming weeks, one that reduces application startup time.

ELF files and their dependencies

Before going into detail, let’s look at what those “stat storms” look like and where they come from. Loading an ELF executable involves loading the shared libraries (the .so files, for “shared objects”) it depends on, recursively. This is the job of the loader (or dynamic linker), ld.so, which is part of the GNU C Library (glibc) package. What shared libraries an executable like that of Emacs depends on? The ldd command answers that question:

$ ldd $(type -P .emacs-27.2-real)
        linux-vdso.so.1 (0x00007fff565bb000)
        libtiff.so.5 => /gnu/store/l1wwr5c34593gqxvp34qbwdkaf7xhdbd-libtiff-4.2.0/lib/libtiff.so.5 (0x00007fd5aa2b1000)
        libjpeg.so.62 => /gnu/store/5khkwz9g6vza1n4z8xlmdrwhazz7m8wp-libjpeg-turbo-2.0.5/lib/libjpeg.so.62 (0x00007fd5aa219000)
        libpng16.so.16 => /gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/libpng16.so.16 (0x00007fd5aa1e4000)
        libz.so.1 => /gnu/store/rykm237xkmq7rl1p0nwass01p090p88x-zlib-1.2.11/lib/libz.so.1 (0x00007fd5aa1c2000)
        libgif.so.7 => /gnu/store/bpw826hypzlnl4gr6d0v8m63dd0k8waw-giflib-5.2.1/lib/libgif.so.7 (0x00007fd5aa1b8000)
        libXpm.so.4 => /gnu/store/jgdsl6whyimkz4hxsp2vrl77338kpl0i-libxpm-3.5.13/lib/libXpm.so.4 (0x00007fd5aa1a4000)
[…]
$ ldd $(type -P .emacs-27.2-real) | wc -l
89

(If you’re wondering why we’re looking at .emacs-27.2-real rather than emacs-27.2, it’s because in Guix the latter is a tiny shell wrapper around the former.)

To load a graphical program like Emacs, the loader needs to load more than 80 shared libraries! Each is in its own /gnu/store sub-directory in Guix, one directory per package.

But how does ld.so know where to find these libraries in the first place? In Guix, during the link phase that produces an ELF file (executable or shared library), we tell the linker to populate the RUNPATH entry of the ELF file with the list of directories where its dependencies may be found. This is done by passing -rpath options to the linker, which Guix’s “linker wrapper” takes care of. The RUNPATH is the run-time library search path: it’s a colon-separated list of directories where ld.so will look for shared libraries when it loads an ELF file. We can look at the RUNPATH of our Emacs executable like this:

$ objdump -x $(type -P .emacs-27.2-real) | grep RUNPATH
  RUNPATH              /gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31/lib:/gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib/lib:/gnu/store/l1wwr5c34593gqxvp34qbwdkaf7xhdbd-libtiff-4.2.0/lib:/gnu/store/5khkwz9g6vza1n4z8xlmdrwhazz7m8wp-libjpeg-turbo-2.0.5/lib:[…]

This RUNPATH has 39 entries, which roughly corresponds to the number of direct dependencies of the executable—dependencies are listed as NEEDED entries in the ELF file:

$ objdump -x $(type -P .emacs-27.2-real) | grep NEED | head
  NEEDED               libtiff.so.5
  NEEDED               libjpeg.so.62
  NEEDED               libpng16.so.16
  NEEDED               libz.so.1
  NEEDED               libgif.so.7
  NEEDED               libXpm.so.4
  NEEDED               libgtk-3.so.0
  NEEDED               libgdk-3.so.0
  NEEDED               libpangocairo-1.0.so.0
  NEEDED               libpango-1.0.so.0
$ objdump -x $(type -P .emacs-27.2-real) | grep NEED | wc -l
52

(Some of these .so files live in the same directory, which is why there are more NEEDED entries than directories in the RUNPATH.)

A system such as Debian that follows the file system hierarchy standard (FHS), where all libraries are in /lib or /usr/lib, does not have to bother with RUNPATH: all .so files are known to be found in one of these two “standard” locations. Anyway, let’s get back to our initial topic: the “stat storm”.

Walking search paths

As you can guess, when we run Emacs, the loader first needs to locate and load the 80+ shared libraries it depends on. That’s where things get pretty inefficient: the loader will search each .so file Emacs depends on in one of the 39 directories listed in its RUNPATH. Likewise, when it finally finds libgtk-3.so, it’ll look for its dependencies in each of the directories in its RUNPATH. We can see that at play by tracing system calls with the strace command:

$ strace -c emacs --version
GNU Emacs 27.2
Copyright (C) 2021 Free Software Foundation, Inc.
GNU Emacs comes with ABSOLUTELY NO WARRANTY.
You may redistribute copies of GNU Emacs
under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 55.46    0.006629           3      1851      1742 openat
 16.06    0.001919           4       422           mmap
 11.46    0.001370           2       501       477 stat
  4.79    0.000573           4       122           mprotect
  3.84    0.000459           4       111           read
  2.45    0.000293           2       109           fstat
  2.34    0.000280           2       111           close
[…]
------ ----------- ----------- --------- --------- ----------------
100.00    0.011952           3      3325      2227 total

For this simple emacs --version command, the loader and emacs probed for more than 2,200 files, with the openat and stat system calls, and most of these probes were unsuccessful (counted as “errors” here, meaning that the call returned an error). The fraction of “erroneous” system calls is no less than 67% (2,227 over 3,325). We can see the desperate search of .so files by looking at individual calls:

$ strace -e openat,stat emacs --version
[…]
openat(AT_FDCWD, "/gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31/lib/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib/lib/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/l1wwr5c34593gqxvp34qbwdkaf7xhdbd-libtiff-4.2.0/lib/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/5khkwz9g6vza1n4z8xlmdrwhazz7m8wp-libjpeg-turbo-2.0.5/lib/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/haswell/x86_64/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/haswell/x86_64", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/haswell/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/haswell", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/x86_64/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/x86_64", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/tls", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/haswell/x86_64/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/haswell/x86_64", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/haswell/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/haswell", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/x86_64/libpng16.so.16", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/x86_64", 0x7ffe428a1c70) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/lib/libpng16.so.16", O_RDONLY|O_CLOEXEC) = 3
[…]

Above is the sequence where we see ld.so look for libpng16.so.16, searching in locations where we know it’s not going to find it. A bit ridiculous. How does this affect performance? The impact is small in the most favorable case—on a hot cache, with fast solid state device (SSD) storage. But it likely has a visible effect in other cases—on a cold cache, with a slower spinning hard disk drive (HDD), on a network file system (NFS).

Enter the per-package loader cache

The idea that Ricardo submitted, using a loader cache, makes a lot of sense: we know from the start that libpng.so may only be found in /gnu/store/…-libpng-1.6.37, no need to look elsewhere. In fact, it’s not new: glibc has had such a cache “forever”; it’s the /etc/ld.so.cache file you can see on FHS distros and which is typically created by running ldconfig when a package has been installed. Roughly, the cache maps library SONAMEs, such as libpng16.so.16, to their file name on disk, say /usr/lib/libpng16.so.16.

The problem is that this cache is inherently system-wide: it assumes that there is only one libpng16.so on the system; any binary that depends on libpng16.so will load it from its one and only location. This models perfectly matches the FHS, but it’s at odds with the flexibility offered by Guix, where several variants or versions of the library can coexist on the system, used by different applications. That’s the reason why Guix and other non-FHS distros such as NixOS or GoboLinux typically turn off that feature altogether… and pay the cost of those stat storms.

The insight we gained on that Tuesday evening IRC conversation is that we could adapt glibc’s loader cache to our setting: instead of a system-wide cache, we’d have a per-application loader cache. As one of the last package build phases, we’d run ldconfig to create etc/ld.so.cache within that package’s /gnu/store sub-directory. We then need to modify the loader so it would look for ${ORIGIN}/../etc/ld.so.cache instead of /etc/ld.so.cache, where ${ORIGIN} is the location of the ELF file being loaded. A discussion of these changes is in the issue tracker; you can see the glibc patch and the new make-dynamic-linker-cache build phase. In short, the make-dynamic-linker-cache phase computes the set of direct and indirect dependencies of an ELF file using the file-needed/recursive procedure and derives from that the library search path, creates a temporary ld.so.conf file containing this search path for use by ldconfig, and finally runs ldconfig to actually build the cache.

How does this play out in practice? Let’s try an emacs build that uses this new loader cache:

$ strace -c /gnu/store/ijgcbf790z4x2mkjx2ha893hhmqrj29j-emacs-27.2/bin/emacs --version
GNU Emacs 27.2
Copyright (C) 2021 Free Software Foundation, Inc.
GNU Emacs comes with ABSOLUTELY NO WARRANTY.
You may redistribute copies of GNU Emacs
under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 28.68    0.002909          26       110        13 openat
 25.13    0.002549          26        96           read
 20.41    0.002070           4       418           mmap
  9.34    0.000947          10        90           pread64
  6.60    0.000669           5       123           mprotect
  4.12    0.000418           3       107         1 newfstatat
  2.19    0.000222           2        99           close
[…]
------ ----------- ----------- --------- --------- ----------------
100.00    0.010144           8      1128        24 total

Compared to what we have above, the total number of system calls has been divided by 3, and the fraction of erroneous system calls goes from 67% to 0.2%. Quite a difference! We count on you, dear users, to let us know how this impacts load time for you.

Flexibility without stat storms

With GNU Stow in the 1990s, and then Nix, Guix, and other distros, the benefits of flexible file layouts rather than the rigid Unix-inherited FHS have been demonstrated—nowadays I see it as an antidote to opaque and bloated application bundles à la Docker. Luckily, few of our system tools have FHS assumptions baked in, probably in large part thanks to GNU’s insistence on a rigorous installation directory categorization in the early days rather than hard-coded directory names. The loader cache is one of the few exceptions. Adapting it to a non-FHS context is fruitful for Guix and for the other distros and packaging tools in a similar situation; perhaps it could become an option in glibc proper?

This is not the end of stat storms, though. Interpreters and language run-time systems rely on search paths—GUILE_LOAD_PATH for Guile, PYTHONPATH for Python, OCAMLPATH for OCaml, etc.—and are equally prone to stormy application startups. Unlike ELF, they do not have a mechanism akin to RUNPATH, let alone a run-time search path cache. We have yet to find ways to address these.

About GNU Guix

GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, AArch64 and POWER9 machines.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.

02 August, 2021 03:00PM by Ludovic Courtès

libc @ Savannah

The GNU C Library version 2.34 is now available

The GNU C Library
=================

The GNU C Library version 2.34 is now available.

The GNU C Library is used as the C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library.  It follows all relevant
standards including ISO C11 and POSIX.1-2017.  It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.34 release may be downloaded from:
        http://ftpmirror.gnu.org/libc/
        http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

NEWS for version 2.34
=====================

Major new features:

  • In order to support smoother in-place-upgrades and to simplify

  the implementation of the runtime all functionality formerly
  implemented in the libraries libpthread, libdl, libutil, libanl has
  been integrated into libc.  New applications do not need to link with
  -lpthread, -ldl, -lutil, -lanl anymore.  For backwards compatibility,
  empty static archives libpthread.a, libdl.a, libutil.a, libanl.a are
  provided, so that the linker options keep working.  Applications which
  have been linked against glibc 2.33 or earlier continue to load the
  corresponding shared objects (which are now empty).  The integration
  of those libraries into libc means that additional symbols become
  available by default.  This can cause applications that contain weak
  references to take unexpected code paths that would only have been
  used in previous glibc versions when e.g. preloading libpthread.so.0,
  potentially exposing application bugs.

  • When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,

  PTHREAD_STACK_MIN is no longer constant and is redefined to
  sysconf(_SC_THREAD_STACK_MIN).  This supports dynamic sized register
  sets for modern architectural features like Arm SVE.

  • Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ.  When _DYNAMIC_STACK_SIZE_SOURCE

  or _GNU_SOURCE are defined, MINSIGSTKSZ and SIGSTKSZ are no longer
  constant on Linux.  MINSIGSTKSZ is redefined to sysconf(_SC_MINSIGSTKSZ)
  and SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ).  This supports
  dynamic sized register sets for modern architectural features like
  Arm SVE.

  • The dynamic linker implements the --list-diagnostics option, printing

  a dump of information related to IFUNC resolver operation and
  glibc-hwcaps subdirectory selection.

  • On Linux, the function execveat has been added.  It operates similar to

  execve and it is is already used to implement fexecve without requiring
  /proc to be mounted.  However, different than fexecve, if the syscall is not
  supported by the kernel an error is returned instead of trying a fallback.

  • The ISO C2X function timespec_getres has been added.
  • The feature test macro _STDC_WANT_IEC_60559_EXT_, from draft ISO

  C2X, is supported to enable declarations of functions defined in Annex F
  of C2X.  Those declarations are also enabled when
  _STDC_WANT_IEC_60559_BFP_EXT_, as specified in TS 18661-1, is
  defined, and when _GNU_SOURCE is defined.

  • On powerpc64*, glibc can now be compiled without scv support using the

  --disable-scv configure option.

  • Add support for 64-bit time_t on configurations like x86 where time_t

  is traditionally 32-bit.  Although time_t still defaults to 32-bit on
  these configurations, this default may change in future versions.
  This is enabled with the _TIME_BITS preprocessor macro set to 64 and is
  only supported when LFS (_FILE_OFFSET_BITS=64) is also enabled.  It is
  only enabled for Linux and the full support requires a minimum kernel
  version of 5.1.

  • The main gconv-modules file in glibc now contains only a small set of

  essential converter modules and the rest have been moved into a supplementary
  configuration file gconv-modules-extra.conf in the gconv-modules.d directory
  in the same GCONV_PATH.  Similarly, external converter modules directories
  may have supplementary configuration files in a gconv-modules.d directory
  with names ending with .conf to logically classify the converter modules in
  that directory.

  • On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used

  to configure the size of the thread stack cache.

  • The function _Fork has been added as an async-signal-safe fork replacement

  since Austin Group issue 62 droped the async-signal-safe requirement for
  fork (and it will be included in the future POSIX standard).  The new _Fork
  function does not run any atfork function neither resets any internal state
  or lock (such as the malloc one), and only sets up a minimal state required
  to call async-signal-safe functions (such as raise or execve).  This function
  is currently a GNU extension.

  • On Linux, the close_range function has been added.  It allows efficiently

  closing a range of file descriptors on recent kernels (version 5.9).

  • The function closefrom has been added.  It closes all file descriptors

  greater than or equal to a given integer.  This function is a GNU extension,
  although it is also present in other systems.

  • The posix_spawn_file_actions_addclosefrom_np function has been added,

  enabling posix_spawn and posix_spawnp to close all file descriptors greater
  than or equal to a given integer.  This function is a GNU extension,
  although Solaris also provides a similar function.

Deprecated and removed features, and other changes affecting compatibility:

  • The function pthread_mutex_consistent_np has been deprecated; programs

  should use the equivalent standard function pthread_mutex_consistent
  instead.

  • The function pthread_mutexattr_getrobust_np has been deprecated;

  programs should use the equivalent standard function
  pthread_mutexattr_getrobust instead.

  • The function pthread_mutexattr_setrobust_np has been deprecated;

  programs should use the equivalent standard function
  pthread_mutexattr_setrobust instead.

  • The function pthread_yield has been deprecated; programs should use

  the equivalent standard function sched_yield instead.

  • The function inet_neta declared in <arpa/inet.h> has been deprecated.
  • Various rarely-used functions declared in <resolv.h> and

  <arpa/nameser.h> have been deprecated.  Applications are encouraged to
  use dedicated DNS processing libraries if applicable.  For <resolv.h>,
  this affects the functions dn_count_labels, fp_nquery, fp_query,
  fp_resstat, hostalias, loc_aton, loc_ntoa, p_cdname, p_cdnname,
  p_class, p_fqname, p_fqnname, p_option, p_query, p_rcode, p_time,
  p_type, putlong, putshort, res_hostalias, res_isourserver,
  res_nameinquery, res_queriesmatch, res_randomid, sym_ntop, sym_ntos,
  sym_ston.  For <arpa/nameser.h>, the functions ns_datetosecs,
  ns_format_ttl, ns_makecanon, ns_parse_ttl, ns_samedomain, ns_samename,
  ns_sprintrr, ns_sprintrrf, ns_subdomain have been deprecated.

  • Various symbols previously defined in libresolv have been moved to libc

  in order to prepare for libresolv moving entirely into libc (see earlier
  entry for merging libraries into libc).  The symbols __dn_comp,
  __dn_expand, __dn_skipname, __res_dnok, __res_hnok, __res_mailok,
  __res_mkquery, __res_nmkquery, __res_nquery, __res_nquerydomain,
  __res_nsearch, __res_nsend, __res_ownok, __res_query, __res_querydomain,
  __res_search, __res_send formerly in libresolv have been renamed and no
  longer have a __ prefix.  They are now available in libc.

  • The pthread cancellation handler is now installed with SA_RESTART and

  pthread_cancel will always send the internal SIGCANCEL on a cancellation
  request.  It should not be visible to applications since the cancellation
  handler should either act upon cancellation (if asynchronous cancellation
  is enabled) or ignore the cancellation internal signal.  However there are
  buggy kernel interfaces (for instance some CIFS versions) that could still
  see a spurious EINTR error when cancellation interrupts a blocking syscall.

  • Previously, glibc installed its various shared objects under versioned

  file names such as libc-2.33.so.  The ABI sonames (e.g., libc.so.6)
  were provided as symbolic links.  Starting with glibc 2.34, the shared
  objects are installed under their ABI sonames directly, without
  symbolic links.  This increases compatibility with distribution
  package managers that delete removed files late during the package
  upgrade or downgrade process.

  • The symbols mallwatch and tr_break are now deprecated and no longer used in

  mtrace.  Similar functionality can be achieved by using conditional
  breakpoints within mtrace functions from within gdb.

  • The __morecore and __after_morecore_hook malloc hooks and the default

  implementation __default_morecore have been removed from the API.  Existing
  applications will continue to link against these symbols but the interfaces
  no longer have any effect on malloc.

  • Debugging features in malloc such as the MALLOC_CHECK_ environment variable

  (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
  disabled by default in the main C library.  Users looking to use these
  features now need to preload a new debugging DSO libc_malloc_debug.so to get
  this functionality back.

  • The deprecated functions malloc_get_state and malloc_set_state have been

  moved from the core C library into libc_malloc_debug.so.  Legacy applications
  that still use these functions will now need to preload libc_malloc_debug.so
  in their environment using the LD_PRELOAD environment variable.

  • The deprecated memory allocation hooks __malloc_hook, __realloc_hook,

  __memalign_hook and __free_hook are now removed from the API.  Compatibility
  symbols are present to support legacy programs but new applications can no
  longer link to these symbols.  These hooks no longer have any effect on glibc
  functionality.  The malloc debugging DSO libc_malloc_debug.so currently
  supports hooks and can be preloaded to get this functionality back for older
  programs.  However this is a transitional measure and may be removed in a
  future release of the GNU C Library.  Users may port away from these hooks by
  writing and preloading their own malloc interposition library.

Changes to build and runtime requirements:

  • On Linux, the shm_open, sem_open, and related functions now expect the

  file shared memory file system to be mounted at /dev/shm.  These functions
  no longer search among the system's mount points for a suitable
  replacement if /dev/shm is not available.

Security related changes:

  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
  a request for netgroup lookup, may crash due to a double-free,
  potentially resulting in degraded service or Denial of Service on the
  local system.  Reported by Chris Schanzle.

  CVE-2021-33574: The mq_notify function has a potential use-after-free
  issue when using a notification type of SIGEV_THREAD and a thread
  attribute with a non-default affinity mask.

  CVE-2021-35942: The wordexp function may overflow the positional
  parameter number when processing the expansion resulting in a crash.
  Reported by Philippe Antoine.

The following bugs are resolved with this release:

  [4737] libc: fork is not async-signal-safe
  [5781] math: Slow dbl-64 sin/cos/sincos for special values
  [10353] libc: Methods for deleting all file descriptors greater than
    given integer (closefrom)
  [14185] glob: fnmatch() fails when '*' wildcard is applied on the file
    name containing multi-byte character(s)
  [14469] math: Inaccurate j0f function
  [14470] math: Inaccurate j1f function
  [14471] math: Inaccurate y0f function
  [14472] math: Inaccurate y1f function
  [14744] nptl: kill -32 $pid or kill -33 $pid on a process cancels a
    random thread
  [15271] dynamic-link: dlmopen()ed shared library with LM_ID_NEWLM
    crashes if it fails dlsym() twice
  [15648] nptl: multiple definition of `__lll_lock_wait_private'
  [16063] nptl: Provide a pthread_once variant in libc directly
  [17144] libc: syslog is not thread-safe if NO_SIGPIPE is not defined
  [17145] libc: syslog with LOG_CONS leaks console file descriptor
  [17183] manual: description of ENTRY struct in <search.h> in glibc
    manual is incorrect
  [18435] nptl: pthread_once hangs when init routine throws an exception
  [18524] nptl: Missing calloc error checking in
    __cxa_thread_atexit_impl
  [19329] dynamic-link: dl-tls.c assert failure at concurrent
    pthread_create and dlopen
  [19366] nptl: returning from a thread should disable cancellation
  [19511] nptl: 8MB memory leak in pthread_create in case of failure
    when non-root user changes priority
  [20802] dynamic-link: getauxval NULL pointer dereference after static
    dlopen
  [20813] nptl: pthread_exit is inconsistent between libc and libpthread
  [22057] malloc: malloc_usable_size is broken with mcheck
  [22668] locale: LC_COLLATE: the last character of ellipsis is not
    ordered correctly
  [23323] libc: [RFE] CSU startup hardening.
  [23328] malloc: Remove malloc hooks and ensure related APIs return no
    data.
  [23462] dynamic-link: Static binary with dynamic string tokens ($LIB,
    $PLATFORM, $ORIGIN) crashes
  [23489] libc: "gcc -lmcheck" aborts on free when using posix_memalign
  [23554] nptl: pthread_getattr_np reports wrong stack size with
    MULTI_PAGE_ALIASING
  [24106] libc: Bash interpreter in ldd script is taken from host
  [24773] dynamic-link: dlerror in an secondary namespace does not use
    the right free implementation
  [25036] localedata: Update collation order for Swedish
  [25383] libc: where_is_shmfs/__shm_directory/SHM_GET_NAME may cause
    shm_open to pick wrong directory
  [25680] dynamic-link: ifuncmain9picstatic and ifuncmain9picstatic
    crash in IFUNC resolver due to stack canary (--enable-stack-
    protector=all)
  [26874] build: -Warray-bounds in _IO_wdefault_doallocate
  [26983] math: [x86_64] x86_64 tgamma has too large ULP error
  [27111] dynamic-link: pthread_create and tls access use link_map
    objects that may be concurrently freed by dlclose
  [27132] malloc: memusagestat is linked to system librt, leading to
    undefined symbols on major version upgrade
  [27136] dynamic-link: dtv setup at thread creation may leave an entry
    uninitialized
  [27249] libc: libSegFault.so does not output signal number properly
  [27304] nptl: pthread_cond_destroy does not pass private flag to futex
    system calls
  [27318] dynamic-link: glibc fails to load binaries when built with
    -march=sandybridge:  CPU ISA level is lower than required
  [27343] nss: initgroups() SIGSEGVs when called on a system without
    nsswich.conf (in a chroot)
  [27346] dynamic-link: x86: PTWRITE feature check is missing
  [27389] network: NSS chroot hardening causes regressions in chroot
    deployments
  [27403] dynamic-link: aarch64: tlsdesc htab is not freed on dlclose
  [27444] libc: sysconf reports unsupported option (-1) for
    _SC_LEVEL1_ICACHE_LINESIZE on X86 since v2.33
  [27462] nscd: double-free in nscd (CVE-2021-27645)
  [27468] malloc: aarch64: realloc crash with heap tagging: FAIL:
    malloc/tst-malloc-thread-fail
  [27498] dynamic-link: __dl_iterate_phdr lacks unwinding information
  [27511] libc: S390 memmove assumes Vector Facility when MIE Facility 3
    is present
  [27522] glob: glob, glob64 incorrectly marked as __THROW
  [27555] dynamic-link: Static tests fail with --enable-stack-
    protector=all
  [27559] libc: fstat(AT_FDCWD) succeeds (it shouldn't) and returns
    information for the current directory
  [27577] dynamic-link: elf/ld.so --help doesn't work
  [27605] libc: tunables can't control xsave/xsavec selection in
    dl_runtime_resolve_*
  [27623] libc: powerpc: Missing registers in sc[v] clobbers list
  [27645] libc: [linux] sysconf(_SC_NPROCESSOR...) breaks down on
    containers
  [27646] dynamic-link: Linker error for non-existing NSS symbols (e.g.
    _nss_files_getcanonname_r) from within a dlmopen namespace.
  [27648] libc: FAIL: misc/tst-select
  [27650] stdio: vfscanf returns too early if a match is longer than
    INT_MAX
  [27651] libc: Performance regression after updating to 2.33
  [27655] string: Wrong size calculation in string/test-strnlen.c
  [27706] libc: select fails to update timeout on error
  [27709] libc: arm: FAIL: debug/tst-longjmp_chk2
  [27721] dynamic-link: x86: ld_audit ignores bind now for TLSDESC and
    tries resolving them lazily
  [27744] nptl: Support different libpthread/ld.so load orders in
    libthread_db
  [27749] libc: Data race __run_exit_handlers
  [27761] libc: getconf: Segmentation fault when passing '-vq' as
    argument
  [27832] nss: makedb.c:797:7: error: 'writev' specified size 4294967295
    exceeds maximum object size 2147483647
  [27870] malloc: MALLOC_CHECK_ causes realloc(valid_ptr, TOO_LARGE) to
    not set ENOMEM
  [27872] build: Obsolete configure option --enable-stackguard-
    randomization
  [27873] build: tst-cpu-features-cpuinfo fail when building on AMD cpu
  [27882] localedata: Use U+00AF MACRON in more EBCDIC charsets
  [27892] libc: powerpc: scv ABI error handling fails to check
    IS_ERR_VALUE
  [27896] nptl: mq_notify does not handle separately allocated thread
    attributes (CVE-2021-33574)
  [27901] libc: TEST_STACK_ALIGN doesn't work
  [27902] libc: The x86-64 clone wrapper fails to align child stack
  [27914] nptl: Install SIGSETXID handler with SA_ONSTACK
  [27939] libc: aarch64: clone does not align the stack
  [27968] libc: s390x: clone does not align the stack
  [28011] libc: Wild read in wordexp (parse_param) (CVE-2021-35942)
  [28024] string: s390(31bit): Wrong result of memchr (MEMCHR_Z900_G5)
    with n >= 0x80000000
  [28028] malloc: malloc: tcache shutdown sequence does not work if the
    thread never allocated anything
  [28033] libc: Need to check RTM_ALWAYS_ABORT for RTM
  [28064] string: x86_64:wcslen implementation list has wcsnlen
  [28067] libc: FAIL: posix/tst-spawn5
  [28068] malloc: FAIL: malloc/tst-mallocalign1-mcheck
  [28071] time: clock_gettime, gettimeofday, time lost vDSO acceleration
    on older kernels
  [28075] nis: Out-of-bounds static buffer read in nis_local_domain
  [28089] build: tst-tls20 fails when linker defaults to --as-needed
  [28090] build: elf/tst-cpu-features-cpuinfo-static fails on certain
    AMD64 cpus
  [28091] network: ns_name_skip may return 0 for domain names without
    terminator

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.34

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports.  These include:

Adhemerval Zanella
Alejandro Colomar \(man-pages\)
Alexandra Hájková
Alice Xu
Alyssa Ross
Andreas Roeseler
Andreas Schwab
Anton Blanchard
Arjun Shankar
Armin Brauns
Bruno Haible
Carlos O'Donell
Cooper Qu
DJ Delorie
Dan Raymond
Darius Rad
David Hughes
Fangrui Song
Florian Weimer
H.J. Lu
Hanataka Shinya
Hugo Gabriel Eyherabide
Jakub Jelinek
JeffyChen
John David Anglin
Joseph Myers
Khem Raj
Lirong Yuan
Lucas A. M. Magalhaes
Lukasz Majewski
Maninder Singh
Mark Harris
Martin Sebor
Matheus Castanho
Michal Nazarewicz
Mike Hommey
Naohiro Tamura
Nicholas Piggin
Noah Goldstein
Paul Eggert
Paul Zimmermann
Pedro Franco de Carvalho
Raoni Fassina Firmino
Raphael Moreira Zinsly
Romain GEISSLER
Sajan Karumanchi
Samuel Thibault
Sebastian Rasmussen
Sergei Trofimovich
Shen-Ta Hsieh
Siddhesh Poyarekar
Stafford Horne
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Tulio Magno Quites Machado Filho
Vineet Gupta
Vitaly Buka
Vitaly Chikunov
Wilco Dijkstra
Xeonacid
Xiaoming Ni
Yang Xu
liuhongt
noah
Érico Nogueira

02 August, 2021 03:57AM by Carlos O'Donell

diffutils @ Savannah

diffutils-3.8 released [stable]

This is to announce diffutils-3.8, a stable release.

There have been 47 commits by 5 people in the 2.6 years since 3.7.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bruno Haible (2)
  Dave Odell (1)
  Jim Meyering (23)
  KO Myung-Hun (1)
  Paul Eggert (20)

Jim [on behalf of the diffutils maintainers]
==================================================================

Here is the GNU diffutils home page:
    http://gnu.org/s/diffutils/

For a summary of changes and contributors, see:
  http://git.sv.gnu.org/gitweb/?p=diffutils.git;a=shortlog;h=v3.8
or run this command from a git-cloned diffutils directory:
  git shortlog v3.7..v3.8

To summarize the 2453 gnulib-related changes, run these commands
from a git-cloned diffutils directory:
  git checkout v3.8
  git submodule summary v3.7

Here are the compressed sources and a GPG detached signature[*]:
  https://ftp.gnu.org/gnu/diffutils/diffutils-3.8.tar.xz
  https://ftp.gnu.org/gnu/diffutils/diffutils-3.8.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://ftpmirror.gnu.org/diffutils/diffutils-3.8.tar.xz
  https://ftpmirror.gnu.org/diffutils/diffutils-3.8.tar.xz.sig

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify diffutils-3.8.tar.xz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16d
  Gnulib v0.1-4758-gb48905892

NEWS

* Noteworthy changes in release 3.8 (2021-08-01) [stable]

** Incompatible changes

  diff no longer treats a closed stdin as representing an absent file
  in usage like 'diff --new-file - foo <&-'.  This feature was rarely
  if ever used and was not portable to POSIX platforms that reopen
  stdin on exec, such as SELinux if the process underwent an AT_SECURE
  transition, or HP-UX even if not setuid.
  [bug#33965 introduced in 2.8]

** Bug fixes

  diff and related programs no longer get confused if stdin, stdout,
  or stderr are closed.  Previously, they sometimes opened files into
  file descriptors 0, 1, or 2 and then mistakenly did I/O with them
  that was intended for stdin, stdout, or stderr.
  [bug#33965 present since "the beginning"]

  cmp, diff and sdiff no longer treat negative command-line
  option-arguments as if they were large positive numbers.
  [bug#35256 introduced in 2.8]

02 August, 2021 02:14AM by Jim Meyering

July 29, 2021

remotecontrol @ Savannah

July 28, 2021

FSF News

FSF job opportunity: Operations assistant

The Free Software Foundation (FSF), a Massachusetts 501(c)(3) charity with a worldwide mission to protect and promote computer-user freedom, seeks a motivated and organized Boston-based individual to be our full-time operations assistant.

28 July, 2021 08:35PM

July 25, 2021

health @ Savannah

Release of MyGNUHealth 1.0.3

Dear GNU community:

I am happy to announce that the release 1.0.3 of the GNU Health Personal Health Record (PHR) component, MyGNUHealth.

This release updates the medical genetics domain, with the latest human natural variant dataset based on UniProt Consortium (release 2021_03 of June 02 2021).

Statistics for single amino acid variants:

             Likely pathogenic or pathogenic (LP/P):  31398
             Likely benign or benign         (LB/B):  39584
             Uncertain significance            (US):   8763
                                             --------------
                                              Total:  79745

In addition, some minor changes / updates in the documentation and credits have been done.

This latest version is already available at Savannah, and the Python Package Index (PyPi). Shortly will also be in your favorite Libre operating system / distribution.

Again, thanks to all of you who collaborate and make GNU Health a reality!

Happy and healthy hacking!
Luis

25 July, 2021 01:03PM by Luis Falcon

July 22, 2021

parallel @ Savannah

GNU Parallel 20210722 ('Blue Unity') released

GNU Parallel 20210722 ('Blue Unity') has been released. It is available for download at: lbry://@GnuParallel:4

Please help spreading GNU Parallel by making a testimonial video like Juan Sierra Pons: http://www.elsotanillo.net/wp-content/uploads/GnuParallel_JuanSierraPons.mp4

It does not have to be as detailed as Juan's. It is perfectly fine if you just say your name, and what field you are using GNU Parallel for.

Quote of the month:

  We use gnu parallel now - and happier for it.
     -- Ben Davies @benjamindavies@twitter

New in this release:

  • parset supports associative arrays in bash, ksh, zsh.
  • Online HTML is now generated by Sphinx.
  • Bug fixes and man page updates.

News about GNU Parallel:

Get the book: GNU Parallel 2018 http://www.lulu.com/shop/ole-tange/gnu-parallel-2018/paperback/product-23558902.html

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep c82233e7da3166308632ac8c34f850c0
    12345678 c82233e7 da316630 8632ac8c 34f850c0
    $ md5sum install.sh | grep ae3d7aac5e15cf3dfc87046cfc5918d2
    ae3d7aac 5e15cf3d fc87046c fc5918d2
    $ sha512sum install.sh | grep dfc00d823137271a6d96225cea9e89f533ff6c81f
    9c5198d5 31a3b755 b7910ece 3a42d206 c804694d fc00d823 137271a6 d96225ce
    a9e89f53 3ff6c81f f52b298b ef9fb613 2d3f9ccd 0e2c7bd3 c35978b5 79acb5ca
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

22 July, 2021 08:33PM by Ole Tange

July 14, 2021

health @ Savannah

MyGNUHealth maintenance release 1.0.2 is out!

MyGNUHealth 1.0.2 is ready to be downloaded from GNU.org!

This maintenance release fixes some issues with global (drawer) menus in MATE, XFCE desktops, as well as in SXMO on the PinePhone.

In addition, the documentation has been updated.
(https://www.gnuhealth.org/docs/mygnuhealth)

Happy and healthy hacking!

14 July, 2021 11:13PM by Luis Falcon

July 12, 2021

GNU Health

Back to the Future

Leonardo da Vinci said “simplicity is the ultimate sophistication“, but it seems like the “modern” computing world never heard that quote, or ignore it. Today, a single application takes hundreds of megabytes, both of disk and RAM space. Slow, buggy, inefficient systems at every level.

Probably the best example on this cluttering mess comes from the mobile computing. Most phones are bloated with useless software that not only hinders the navigation experience, but pose a threat to your privacy. Yes, all this software is proprietary. Worst of it, you can not even uninstall it.

Fortunately, there is hope. Let me introduce SXMO, the Simple X on Mobile project. As the authors describe it, SXMO is a minimalist environment for Linux smartphones, such as the PinePhone. SXMO embraces simplicity, and simplicity is both elegant and efficient.

MyGNUHealth running on PinePhone and SXMO
Full screen mode of MyGNUHealth on SXMO

SXMO uses a tiling window manager called dwm (Dynamic Window Manager), which allocates the different applications in the most efficient way. The dwm project is available as a single binary file, which source is intended not to exceed 2000 lines of code. That is amazing.

Simplicity is robust, and that again applies to SXMO. All the necessary components expected on a mobile phone (making and receiving calls, browsing the Internet, SMS messaging,..) just work. Moreover, SMXO comes with a scripting system that allow us to write solutions to our needs. For instance, the screenshots you see were taken with a script of 3 lines of code. Just place the little program under your “userscripts” directory, and voilà!, you’re ready to make screenshots from your PinePhone!

Browsing the Internet and the GNU Health homepage

Menu driven navigation in SXMO dwm in the PinePhone

In the end, most of current desktop environments today are huge, bloated and buggy. The discovery of SXMO has been an eyeopener. The perfect companion for my PinePhone.

I’m using SXMO on my PinePhone as a daily driver, and I just love it. Thanks to simple distributions such as Archlinux, Parabola or PostmarketOS, and simple Desktop / window managers as DWM, a am finally enjoying Libre mobile computing.

I feel projects like this take us back to the roots, to the beautiful world of simplicity, yet delivering the latest technology and showing us the path o the future.

References:

SXMO: https://www.sxmo.org

Pine64: https://www.pine64.org/

GNU Health : https://www.gnuhealth.org

PostmarketOS: https://postmarketos.org/

Archlinux: https://www.archlinux.org

Parabola: https://www.parabola.nu/

Featured Image: Leonardo da Vinci, drawing of a flying machine . Public domain, via Wikimedia Commons

12 July, 2021 02:18PM by Luis Falcon

July 08, 2021

FSF Events

"Freedom ladder" IRC discussion and brainstorming: August 05

Learning how to find help / Trying a free operating system

08 July, 2021 05:10PM

"Freedom ladder" IRC discussion and brainstorming: July 29

Understanding encryption / Mobile phone freedom

08 July, 2021 05:10PM

"Freedom ladder" IRC discussion and brainstorming: July 22

Free replacements and installing your first free program

08 July, 2021 05:10PM

"Freedom ladder" IRC discussion and brainstorming: July 15

Understanding nonfree software / Finding your own reason to use free software

08 July, 2021 05:10PM

health @ Savannah

MyGNUHealth 1.0.1 is out!

Dear all

I just released 1.0.1 for the stable series 1.0 of MyGNUHealth, the GNU Health Personal Health Record.

This maintenance release for MyGNUHealth contains, in a nutshell:

  • Fix the download path within GNU.org. Now it points to https://ftp.gnu.org/gnu/health/mygnuhealth/
  • Include Changelog file
  • Include local / offline documentation (resides on /usr/share/doc/mygnuhealth)
  • Clean up _pycache_ from tarball

Happy and healthy hacking!
Luis

08 July, 2021 12:23AM by Luis Falcon

July 07, 2021

Parabola GNU/Linux-libre

[From Arch] Sorting out old password hashes

Starting with libxcrypt 4.4.21, weak password hashes (such as MD5 and SHA1) are no longer accepted for new passwords. Users that still have their passwords stored with a weak hash will be asked to update their password on their next login.

If the login just fails (for example from display manager) switch to a virtual terminal (Ctrl-Alt-F2) and log in there once.

07 July, 2021 01:34AM by David P.

July 03, 2021

texinfo @ Savannah

Texinfo 6.8 released

We have released version 6.8 of Texinfo, the GNU documentation format.

It's available via a mirror (xz is much smaller than gz, but gz is available too just in case):

http://ftpmirror.gnu.org/texinfo/texinfo-6.8.tar.xz
http://ftpmirror.gnu.org/texinfo/texinfo-6.8.tar.gz

Please send any comments to bug-texinfo@gnu.org.

Full announcement: https://lists.gnu.org/archive/html/bug-texinfo/2021-07/msg00011.html

03 July, 2021 11:48AM by Gavin D. Smith

June 28, 2021

Christopher Allan Webber

Hello, I'm Chris Lemmer-Webber, and I'm nonbinary trans-femme

A picture of Chris and Morgan together

I recently came out as nonbinary trans-femme. That's a picture of me on the left, with my spouse Morgan Lemmer-Webber on the right.

In a sense, not much has changed, and so much has changed. I've dropped the "-topher" from my name, and given the common tendency to apply gender to pronouns in English, please either use nonbinary pronouns or feminine pronouns to apply to me. Other changes are happening as I wander through this space, from appearance to other things. (Probably the biggest change is finally achieving something resembling self-acceptance, however.)

If you want to know more, Morgan and I did a podcast episode which explains more from my present standing, and also explains Morgan's experiences with being demisexual, which not many people know about! (Morgan has been incredible through this whole process, by the way.)

But things may change further. Maybe a year from now those changes may be even more drastic, or maybe not. We'll see. I am wandering, and I don't know where I will land, but it won't be back to where I was.

At any rate, I've spent much of my life not being able to stand myself for how I look and feel. For most of my life, I have not been able to look at myself in a mirror for more than a second or two due to the revulsion I felt at the person I saw staring back at me. The last few weeks have been a shift change for me in that regard... it's a very new experience to feel so happy with myself.

I'm only at the beginning of this journey. I'd appreciate your support... people have been incredibly kind to me by and large so far but like everyone who goes through a process like this, it's very hard in those experiences where people aren't. Thank you to everyone who has been there for me so far.

28 June, 2021 11:13PM by Chris Lemmer-Webber

June 24, 2021

GNU Health

Welcome to MyGNUHealth, the Libre Personal Health Record

MyGNUHealth 1.0 us out! The GNU Health Libre Personal Health Record is now ready for prime time!

This is great news. Great news because citizens around the world have now access to a Free/Libre application, focused on privacy, that puts them in control of their health.

Health is personal, so is the health data. It’s been years since I got the idea of expanding the GNU Health ecosystem, not only to the health professionals and institutions, but making it personal, accessible to individuals. Now is a reality!

Throughout these years, the mobile health (mHealth) has been governed by private companies that benefit from your health data. Private companies, private insurances, proprietary operating systems, proprietary health applications. Big business, no privacy.

MyGNUHealth running on KDE Plasma desktop and Arch Linux

GNU and Libre Software

The GNU Health ecosystem exists because of Free software. Thanks to communities such as GNU, we can have fully operational operating systems, desktop environments, databases and programming languages that allow us to use and write free software. GNU Health is one example.

The Libre Software movement fights for the advancement of our societies, by providing universality in computing. In the case of GNU Health, that freedom and equity in computing is applied into the healthcare and social medicine domains. Health is a non-negotiable human right, so it must be health informatics.

What is MyGNUHealth?

MyGNUHealth (MyGH)is a Health Personal Record application focused in privacy, that can be used in desktops and mobile devices.

MyGH embraces the main health domains (bio-psycho-social). All the components in the GNU Health ecosystem combine social medicine and primary care with the latest on bioinformatics and precision medicine. The complex interactions between these health domains play a key role in the state of health and disease of an individual, family and society.

MyGH has the functionality of a health and activity tracker, and that of a health diary / record. It records and tracks the main anthropometric and physiological measures, such as weight, blood pressure, blood sugar level or oxygen saturation. It keeps track of your lifestyle, nutrition, physical activity, and sleep, with numerous charts to visualize the trends.

MyGNUHealth is also a diary, that records all relevant information from the medical and social domain and their context. In the medical domain, you can record your encounters, immunizations, hospitalizations, lab tests,genetic and family history, among others. In the genetic context, MyGH provides a dataset of over 30000 natural variants / SNP from UniProt that are relevant in human. Entering the RefSNP will automatically provide the information about that particular variant and it clinical significance.

The Social domain, contains the key social determinants of health (Social Gradient, Early life development, Stress, Social exclusion, Working conditions, Education, Physical environment, Unemployment, Social Support, Addiction, Food, Transportation, Health services, Family functionality, Family violence, Bullying, War) , most of them from the World Health Organization social determinants of health.

A very important feature of MyGH is that it is GNU Health Federation. That is, if you want to share any of this data with your health professional in real-time, and they will be able to study it.

Lifestyle and activity tracker
Social domain and its contexts, along the book of life
Mood and energy assessment
Medical genetics showing the relevant information on a particular natural variant / SNP

The PinePhone and the revolution in mobile computing

Of course, in a world of mobile phones and mobile computing, we need free/libre mobile applications. The problem I was facing until recently, that prevented me from writing MyGNUHealth, was the fact that there was no libre mobile environment. The mobile computing market has been dominated by Google and Apple, which both deliver proprietary operating systems, Android and iOS respectively.

The irruption of the Pine64 community was the eye-opener and a game changer. A thriving community of talented people, determined to provide freedom in mobile computing. The Pine64 provides, among others, a smartphone (PinePhone), and a smartwatch (PineTime), and I have adopted both.

Starting up MyGNUHealth application in the PinePhone
KDE Plasma mobile applications on the PinePhone

I wrote an article some weeks ago (“Liberating our mobile computing”), where I mentioned why I have changed the Android phone to the PinePhone, and my watch to the PineTime.

Does the PinePhone have the best camera? Can we compare the PinePhone with Apple or Google products? It’s hard to compare a multi-billion dollar corporation with a fresh, community-oriented project. The business model, the technology components and the ethics behind are very different.

So, why making the move? I made the change because we, as a society, need to embrace a technology that is universal and that respects our freedom and privacy. A technology that focuses on the individual and not in the corporation. That moves takes determination and commitment. There is a small price to pay, but freedom and privacy are priceless.

Taking MyGNUHealth and the PinePhone to the outdoors.

As a physician, I need to provide my patients the resources that use state-of-the-art technology, and, at the same time, guarantee the privacy of their sensitive medical information. Libre software and open standards are key in healthcare. When my patients choose free/libre software, they have full control. They also have the possibility to share it with me or with other health professionals, in real-time and with the highest levels of privacy.

We can only manage sensitive health data with technology that respects our privacy. In other words, we can not put our personal information in the hands of corporate interests. Choosing Libre Software and Hardware means much more than just technology. Libre Software means embracing solidarity and cooperation. It means sharing knowledge, code and time with others. It means embracing open science for the advancement of our societies, specially for those that need it most.

MyGNUHealth will be included by default in many operating systems and distributions, so you don’t have to worry about the technical details. Just use your health companion! If your operating system does not have MyGH in their repositories, please ask them to include it.

Governments, institutions, and health professional need affordable technology that respects their citizens freedom. We need you to be part of this eHealth revolution.

Happy and healthy hacking!

About GNUHealth:

MyGNUHealth is part of the GNU Health, the Libre digital health ecosystem. GNU Health is from GNU Solidario, a humanitarian, non-for-profit organization focused on the advancement of Social Medicine. GNU Solidario develops health applications and uses exclusively Free/Libre software. GNU Health is an official GNU project.

Homepage : https://www.gnuhealth.org

Documentation portal : https://www.gnuhealth.org/docs

24 June, 2021 02:54PM by Luis Falcon