Planet GNU

Aggregation of development blogs from the GNU Project

December 19, 2024

FSF Blogs

The FSF SysOps Team needs your help to secure technological freedom!

The FSF SysOps team has been hard at work over the past six months on quite a few major projects.

19 December, 2024 09:55PM

December 18, 2024

Simon Josefsson

Guix Container Images for GitLab CI/CD

I am using GitLab CI/CD pipelines for several upstream projects (libidn, libidn2, gsasl, inetutils, libtasn1, libntlm, …) and a long-time concern for these have been that there is too little testing on GNU Guix. Several attempts have been made, and earlier this year Ludo’ came really close to finish this. My earlier effort to idempotently rebuild Debian recently led me to think about re-bootstrapping Debian. Since Debian is a binary distribution, it re-use earlier binary packages when building new packages. The prospect of re-bootstrapping Debian in a reproducible way by rebuilding all of those packages going back to the beginning of time does not appeal to me. Instead, wouldn’t it be easier to build Debian trixie (or some future release of Debian) from Guix, by creating a small bootstrap sandbox that can start to build Debian packages, and then make sure that the particular Debian release can idempotently rebuild itself in a reproducible way? Then you will eventually end up with a reproducible and re-bootstrapped Debian, which pave the way for a trustworthy release of Trisquel. Fortunately, such an endeavour appears to offer many rabbit holes. Preparing Guix container images for use in GitLab pipelines is one that I jumped into in the last few days, and just came out of.

Let’s go directly to the point of this article: here is a GitLab pipeline job that runs in a native Guix container image that builds libksba after installing the libgpg-error dependency from Guix using the pre-built substitutes.

test-amd64-latest-wget-configure-make-libksba:
  image: registry.gitlab.com/debdistutils/guix/container:latest
  before_script:
  - lndir /gnu/store/*profile/etc/ /etc
  - rm -f /etc/group
  - groupadd --system guixbuild
  - for i in $(seq -w 1 10); do useradd -g guixbuild -G guixbuild -d /var/empty -s $(command -v nologin) -c "Guix build user $i" --system guixbuilder$i; done
  - export HOME=/
  - export LANG=C.UTF-8
  - guix-daemon --disable-chroot --build-users-group=guixbuild &
  - guix archive --authorize < /share/guix/ci.guix.gnu.org.pub
  - guix archive --authorize < /share/guix/bordeaux.guix.gnu.org.pub
  - guix describe
  - guix package -i libgpg-error
  - GUIX_PROFILE="//.guix-profile"
  - . "$GUIX_PROFILE/etc/profile"
  script:
  - wget https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.6.7.tar.bz2
  - tar xfa libksba-1.6.7.tar.bz2
  - cd libksba-1.6.7
  - ./configure
  - make V=1
  - make check VERBOSE=t V=1

You can put that in a .gitlab-ci.yml and push it to GitLab and you will end up with a nice pipeline job output.

As you may imagine, there are several things that are sub-optimal in the before_script above that ought to be taken care of by the Guix container image, and I hope to be able to remove as much of the ugliness as possible. However that doesn’t change that these images are useful now, and I wanted to announce this work to allow others to start testing them and possibly offer help. I have started to make use of these images in some projects, see for example the libntlm commit for that.

You are welcome to join me in the Guix container images for GitLab CI/CD project! Issues and merge requests are welcome – happy hacking folks!

18 December, 2024 06:43PM by simon

December 17, 2024

FSF Blogs

Fresh off the digital Gutenberg: The fall 2024 Bulletin is now online

The latest issue of the Free Software Bulletin is now online. We've got a line-up of articles about abandonware traps, tools for cleaning up the Internet, and more!

17 December, 2024 10:40PM

December 15, 2024

GNU Taler news

GNU Taler 0.14 released

We are happy to announce the release of GNU Taler v0.14.

15 December, 2024 11:00PM

libiconv @ Savannah

GNU libiconv 1.18 released

The GNU libiconv package provides the basis for character set conversion of text, for systems that don't use glibc.
It contains an implementation of the iconv() POSIX:2024 API and of the 'iconv' program, in a way that is mostly glibc compatible.

New in this release:

  • Many more transliterations, in particular also of Emoji characters.


  • The iconv_open function is now POSIX:2024 compliant: it recognizes a suffix //NON_IDENTICAL_DISCARD in the 'tocode' argument, with the effect that characters that cannot be represented in the target character set will be silently discarded. Whereas the suffix //IGNORE in the 'tocode' argument has the effect of discarding not only characters that cannot be represented in the target character set, but also invalid multibyte sequences in the input. Accordingly, the iconvctl function accepts requests ICONV_GET_DISCARD_INVALID, ICONV_SET_DISCARD_INVALID, ICONV_GET_DISCARD_NON_IDENTICAL, ICONV_SET_DISCARD_NON_IDENTICAL.


  • The iconv_open function and the iconv program now support multiple suffixes, such as //TRANSLIT//IGNORE, not only one.


  • GB18030 is now an alias for GB18030:2005. A new converter for GB18030:2022 is added. Since this encoding merely cleans up a few private-use-area mappings, you can continue to use the GB18030 converter, for backward compatibility. Its Unicode to GB18030 conversion direction has been enhanced, to help transitioning away from PUA code points.


  • When converting from/to an EBCDIC encoding, a non-standard way of converting newlines can be requested
    • at the C level, by calling iconvctl with argument ICONV_SET_FROM_SURFACE or ICONV_SET_TO_SURFACE, or
    • from the iconv program, by setting the environment variable ICONV_EBCDIC_ZOS_UNIX to a non-empty value.


  • Special support for z/OS: The iconv program adds a charset metadata tag to its output file. (Contributed by Mike Fulton.)


  • For conversions from UCS-2, UCS-4, UTF-16, UTF-32, invoking iconv(cd,NULL,NULL,...) now preserves the byte order state.

15 December, 2024 01:35PM by Bruno Haible

December 13, 2024

FSF Blogs

FSD meeting recap 2024 12 13

Check out the important work our volunteers accomplished at today's Free Software Directory (FSD) IRC meeting.

13 December, 2024 09:50PM

FSF Events

Free Software Directory meeting on IRC: Friday, December 20, starting at 12:00 EST (17:00 UTC)

Join the FSF and friends on Friday, December 13 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

13 December, 2024 03:37PM

December 12, 2024

FSF Blogs

IDAD 2024 - Dec. 20: For freedom, against restriction

Don't let computers go to waste and join us in fighting restriction on December 20 for the eighteenth International Day Against Digital Restrictions Management (IDAD).

12 December, 2024 08:50PM

GNU Guix

The Shepherd 1.0.0 released!

Finally, twenty-one years after its inception (twenty-one!), the Shepherd leaves ZeroVer territory to enter a glorious 1.0 era. This 1.0.0 release is published today because we think Shepherd has become a solid tool, meeting user experience standards one has come to expect since systemd changed the game of free init systems and service managers alike. It’s also a major milestone for Guix, which has been relying on the Shepherd from a time when doing so counted as dogfooding.

To celebrate this release, the amazing Luis Felipe López Acevedo designed a new logo, available under CC-BY-SA, and the project got a proper web site!

Logo of the Shepherd.

Let’s first look at what the Shepherd actually is and what it can do for you.

At a glance

The Shepherd is a minimalist but featureful service manager and as such, it herds services: it keeps track of services, their state and their dependencies, and it can start, stop, and restart them when needed. It’s a simple job; doing it right and providing users with insight and control over services is a different story.

The Shepherd consists of two commands: shepherd is the daemon that manages services, and herd is the command that lets you interact with it to inspect and control the status of services. The shepherd command can run as the first process (PID 1) and serve as the “init system”, as is the case on Guix System; or it can manage services for unprivileged users, as is the case with Guix Home. For example, running herd status ntpd as root allows me to know what the Network Time Protocol (NTP) daemon is up to:

$ sudo herd status ntpd
● Status of ntpd:
  It is running since Fri 06 Dec 2024 02:08:08 PM CET (2 days ago).
  Main PID: 11359
  Command: /gnu/store/s4ra0g0ym1q1wh5jrqs60092x1nrb8h9-ntp-4.2.8p18/bin/ntpd -n -c /gnu/store/7ac2i2c6dp2f9006llg3m5vkrna7pjbf-ntpd.conf -u ntpd -g
  It is enabled.
  Provides: ntpd
  Requires: user-processes networking
  Custom action: configuration
  Will be respawned.
  Log file: /var/log/ntpd.log

Recent messages (use '-n' to view more or less):
  2024-12-08 18:35:54  8 Dec 18:35:54 ntpd[11359]: Listen normally on 25 tun0 128.93.179.24:123
  2024-12-08 18:35:54  8 Dec 18:35:54 ntpd[11359]: Listen normally on 26 tun0 [fe80::e6b7:4575:77ef:eaf4%12]:123
  2024-12-08 18:35:54  8 Dec 18:35:54 ntpd[11359]: new interface(s) found: waking up resolver
  2024-12-08 18:46:38  8 Dec 18:46:38 ntpd[11359]: Deleting 25 tun0, [128.93.179.24]:123, stats: received=0, sent=0, dropped=0, active_time=644 secs
  2024-12-08 18:46:38  8 Dec 18:46:38 ntpd[11359]: Deleting 26 tun0, [fe80::e6b7:4575:77ef:eaf4%12]:123, stats: received=0, sent=0, dropped=0, active_time=644 secs

It’s running, and it’s logging messages: the latest ones are shown here and I can open /var/log/ntpd.log to view more. Running herd stop ntpd would terminate the ntpd process, and there’s also a start and a restart action.

Services can also have custom actions; in the example above, we see there’s a configuration action. As it turns out, that action is a handy way to get the file name of the ntpd configuration file:

$ head -2 $(sudo herd configuration ntpd)
driftfile /var/run/ntpd/ntp.drift
pool 2.guix.pool.ntp.org iburst

Of course a typical system runs quite a few services, many of which depend on one another. The herd graph command returns a representation of that service dependency graph that can be piped to dot or xdot to visualize it; here’s what I get on my laptop:

Example of a service dependency graph.

It’s quite a big graph (you can zoom in for details!) but we can learn a few things from it. Each node in the graph is a service; rectangles are for “regular” services (typically daemons like ntpd), round nodes correspond to one-shot services (services that perform one action and immediately stop), and diamonds are for timed services (services that execute code periodically).

Blurring the user/developer line

A unique feature of the Shepherd is that you configure and extend it in its own implementation language: in Guile Scheme. That does not mean you need to be an expert in that programming language to get started. Instead, we try to make sure anyone can start simple for their configuration file and gradually get to learn more if and when they feel the need for it. With this approach, we keep the user in the loop, as Andy Wingo put it.

A Shepherd configuration file is a Scheme snippet that goes like this:

(register-services
  (list (service '(ntpd) …)
        …))

(start-in-the-background '(ntpd …))

Here we define ntpd and get it started as soon as shepherd has read the configuration file. The ellipses can be filled in with more services.

As an example, our ntpd service is defined like this:

(service
  '(ntpd)
  #:documentation "Run the Network Time Protocol (NTP) daemon."
  #:requirement '(user-processes networking)
  #:start (make-forkexec-constructor
           (list "…/bin/ntpd"
                 "-n" "-c" "/…/…-ntpd.conf" "-u" "ntpd" "-g")
           #:log-file "/var/log/ntpd.log")
  #:stop (make-kill-destructor)
  #:respawn? #t)

The important parts here are #:start bit, which says how to start the service, and #:stop, which says how to stop it. In this case we’re just spawning the ntpd program but other startup mechanisms are supported by default: inetd, socket activation à la systemd, and timers. Check out the manual for examples and a reference.

There’s no limit to what #:start and #:stop can do. In Guix System you’ll find services that run daemons in containers, that mount/unmount file systems (as can be guessed from the graph above), that set up/tear down a static networking configuration, and a variety of other things. The Swineherd project goes as far as extending the Shepherd to turn it into a tool to manage system containers—similar to what the Docker daemon does.

Note that when writing service definitions for Guix System and Guix Home, you’re targeting a thin layer above the Shepherd programming interface. As is customary in Guix, this is multi-stage programming: G-expressions specified in the start and stop fields are staged and make it into the resulting Shepherd configuration file.

New since 0.10.x

For those of you who were already using the Shepherd, here are the highlights compared to the 0.10.x series:

  • Support for timed services has been added: these services spawn a command or run Scheme code periodically according to a predefined calendar.
  • herd status SERVICE now shows high-level information about services (main PID, command, addresses it is listening to, etc.) instead of its mere “running value”. It also shows recently-logged messages.
  • To make it easier to discover functionality, that command also displays custom actions applicable to the service, if any. It also lets you know if a replacement is pending, in which case you can restart the service to upgrade it.
  • herd status root is no longer synonymous with herd status; instead it shows information about the shepherd process itself.
  • On Linux, reboot --kexec lets you reboot straight into a new Linux kernel previously loaded with kexec --load.

The service collection has grown:

  • The new log rotation service is responsible for periodically rotating log files, compressing them, and eventually deleting them. It’s very much like similar log rotation tools from the 80’s since shepherd logs to plain text files like in the good ol’ days.

    There’s a couple of be benefits that come from its integration into the Shepherd. First, it already knows all the files that services log to, so no additional configuration is needed to teach it about these files. Second, log rotation is race free: no single line of log can be lost in the process.

  • The new system log service what’s traditionally devoted to a separate syslogd program. The advantage of having it in shepherd is that it can start logging earlier and integrates nicely with the rest of the system.

  • The timer service provides functionality similar to the venerable at command, allowing you to run a command at a particular time:

herd schedule timer at 07:00 -- mpg123 alarm.mp3
  • The transient service maker lets you run a command in the background as a transient service (it is similar in spirit to the systemd-run command):
herd spawn transient -d $PWD -- make -j4
  • The GOOPS interface that was deprecated in 0.10.x is now gone.

As always, the NEWS file has additional details.

In the coming weeks, we will most likely gradually move service definitions in Guix from mcron to timed services and similarly replace Rottlog and syslogd. This should be an improvement for Guix users and system administrators!

Cute code

I did mention that the Shepherd is minimalist, and it really is: 7.4K lines of Scheme, excluding tests, according to SLOCCount. This is in large part thanks to the use of a high-level memory-safe language and due to the fact that it’s extensible—peripheral features can live outside the Shepherd.

Significant benefits also come from the concurrency framework: the concurrent sequential processes (CSP) model and Fibers. Internally, the state of each service is encapsulated in a fiber. Accessing a service’s state amounts to sending a message to its fiber. This way to structure code is itself very much inspired by the actor model. This results in simpler code (no dreaded event loop, no callback hell) and better separation of concern.

Using a high-level framework like Fibers does come with its challenges. For example, we had the case of a memory leak in Fibers under certain conditions, and we certainly don’t want that in PID 1. But the challenge really lies in squashing those low-level bugs so that the foundation is solid. The Shepherd itself is free from such low-level issues; its logic is easy to reason about and that alone is immensely helpful, it allows us to extend the code without fear, and it avoids concurrency bugs that plague programs written in the more common event-loop-with-callbacks style.

In fact, thanks to all this, the Shepherd is probably the coolest init system to hack on. It even comes with a REPL for live hacking!

What’s next

There’s a number of down-to-earth improvements that can be made in the Shepherd, such as adding support for dynamically-reconfigurable services (being able to restart a service but with different options), integration with control groups (“cgroups”) on Linux, proper integration for software suspend, etc.

In the longer run, we envision an exciting journey towards a distributed and capability-style Shepherd. Spritely Goblins provides the foundation for this; using it looks like a natural continuation of the design work of the Shepherd: Goblins is an actor model framework! Juliana Sims has been working on adapting the Shepherd to Goblins and we’re eager to see what comes out of it in the coming year. Stay tuned!

Enjoy!

In the meantime, we hope you enjoy the Shepherd 1.0 as much as we enjoyed making it. Four people contributed code that led to this release, but there are other ways to help: through graphics and web design, translation, documentation, and more. Join us!

Originally published on the Shepherd web site.

12 December, 2024 11:02AM by Ludovic Courtès

December 11, 2024

FSF Blogs

December 10, 2024

FSF Events

Free Software Directory meeting on IRC: Friday, December 13, starting at 12:00 EST (17:00 UTC)

Join the FSF and friends on Friday, December 13 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

10 December, 2024 07:55PM

December 08, 2024

GNUnet News

GNUnet 0.23.0

GNUnet 0.23.0 released

We are pleased to announce the release of GNUnet 0.23.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. It breaks protocol compatibility with the 0.22.0X versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.22.0X GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.23.0 release is still only suitable for early adopters with some reasonable pain tolerance .

Download links

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log , the NEWS and the bug tracker . Noteworthy highlights are

  • Code review: A number of issues found during a code review have been addressed.
  • util : A GNUNET_OS_ProjectData must now be passed to some APIs that are commonly used by third parties using libgnunetutil (e.g. Taler, GNUnet-Gtk) as to properly handle cases where the GNUnet installation directory is different from the third-party directory.
  • Build System : Improved build times by outsourcing handbook to prebuilt files and only generating GANA source files manually.

Known Issues

  • There are known major design issues in the CORE subsystems which will need to be addressed in the future to achieve acceptable usability, performance and security.
  • There are known moderate implementation limitations in CADET that negatively impact performance.
  • There are known moderate design issues in FS that also impact usability and performance.
  • There are minor implementation limitations in SET that create unnecessary attack surface for availability.
  • The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, TheJackiMonster, oec, ch3, and Martin Schanzenbach.

08 December, 2024 11:00PM

December 02, 2024

FSF Events

Free Software Directory meeting on IRC: Friday, December 6, starting at 12:00 EST (17:00 UTC)

Join the FSF and friends on Friday, December 6 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

02 December, 2024 09:39PM

December 01, 2024

unifont @ Savannah

Unifont 16.0.02 Released

1 December 2024 Unifont 16.0.02 is now available.  This is a minor release with many glyph improvements.  See the ChangeLog file for details.

Download this release from GNU server mirrors at:

     https://ftpmirror.gnu.org/unifont/unifont-16.0.02/

or if that fails,

     https://ftp.gnu.org/gnu/unifont/unifont-16.0.02/

or, as a last resort,

     ftp://ftp.gnu.org/gnu/unifont/unifont-16.0.02/

These files are also available on the unifoundry.com website:

     https://unifoundry.com/pub/unifont/unifont-16.0.02/

Font files are in the subdirectory

     https://unifoundry.com/pub/unifont/unifont-16.0.02/font-builds/

A more detailed description of font changes is available at

      https://unifoundry.com/unifont/index.html

and of utility program changes at

      https://unifoundry.com/unifont/unifont-utilities.html

Information about Hangul modifications is at

      https://unifoundry.com/hangul/index.html

and

      http://unifoundry.com/hangul/hangul-generation.html

01 December, 2024 07:25PM by Paul Hardy

gettext @ Savannah

GNU gettext 0.23 released

Download from https://ftp.gnu.org/pub/gnu/gettext/gettext-0.23.tar.gz

New in this release:

  • Internationalized data formats:
    • XML:
      • The escaping of characters such as & < > has been changed:
        • No escaping is done any more by xgettext, when creating a POT file.
        • Instead, extra escaping can be requested for the msgfmt pass, when merging into an XML file.
        • The default value of 'escape' in the <gt:escapeRule> was "yes"; now it is "no".
      • This means that existing translations of older POT files may no longer fully apply. As a maintainer of a package that has translatable XML files, you need to regenerate the POT file and pass it on to your translators.
      • XML schemas for .its and .loc files are now provided.
      • The value of the xml:lang attribute, inserted by msgfmt, now conforms to W3C standards.
      • 'msgfmt --xml' accept an option --replace-text, that causes the output to be a mono-lingual XML file instead of a multi-lingual XML file.
      • xgettext and 'msgfmt --xml' now support DocBook XML files.
    • Desktop: xgettext now produces POT files with correct line numbers.


  • Programming languages support:
    • Python:
      • xgettext now assumes source code for Python 3 rather than Python 2. This affects the interpretation of escape sequences in string literals.
      • xgettext now recognizes the f-string syntax.
    • Scheme:
      • xgettext now supports the option '-L Guile' as an alternative to '-L Scheme'.  They are nearly equivalent.  They differ in the interpretation of escape sequences in string literals: While 'xgettext -L Scheme' assumes the R6RS and R7RS syntax of string literals, 'xgettext -L Guile' assumes the syntax of string literals understood by Guile 2.x and 3.0 (without command-line option '--r6rs' or '--r7rs', and before a '#!r6rs' directive is seen).
      • xgettext now recognizes comments of the form '#; <expression>'.
    • Java: xgettext now has an improved recognition of format strings when the String.formatted method is used.
    • JavaScript:
      • xgettext now parses template literals inside JSX correctly.
    • xgettext has a new option --tag that customizes the behaviour of tagged template literals.
    • C#:
      • The build system and tools now also support 'dotnet' (.NET) as C# implementation.  In order to declare a preference for 'dotnet' over 'mono', you can use the configure option '--enable-csharp=dotnet'.
      • xgettext now recognizes strings with embedded expressions (a.k.a. interpolated strings).
    • awk: xgettext now recognizes string concatenation by juxtaposition.
    • Smalltalk: xgettext now recognizes the string concatenation operator ','.
    • Vala: xgettext now has an improved recognition of format strings when the string.printf method is used.
    • Glade: xgettext has improved support for GtkBuilder 4.
    • Tcl: With the recently released Tcl 9.0, characters outside the Unicode BMP in Tcl message catalogs (.msg files) will work regardless of the locale's encoding.
    • Perl:
      • xgettext now reports warnings instead of fatal errors.
      • xgettext now recognizes strings with embedded expressions (a.k.a. interpolated strings).
    • PHP:
      • xgettext now recognizes strings with embedded expressions.
      • xgettext now scans Heredoc and Nowdoc strings correctly.
      • xgettext now regards the format string directives %E, %F, %g, %G, %h, %H as valid.


  • Runtime behaviour:
    • In the C.UTF-8 locale, like in the C locale, the *gettext() functions now return the msgid untranslated. This is relevant for GNU systems, Linux with musl libc, FreeBSD, NetBSD, OpenBSD, Cygwin, and Android.


  • Documentation:
    • The section "Preparing Strings" now gives more advice how to deal with string concatenation and strings with embedded expressions.


  • xgettext:
    • Most of the diagnostics emitted by xgettext are now labelled as "warning" or "error".


  • msgmerge:
    • The option '--sorted-output' is now deprecated.


  • libgettextpo library:
    • This library is now multithread-safe.
    • The function 'po_message_set_format' now supports resetting a format string mark.

01 December, 2024 02:04PM by Bruno Haible

November 28, 2024

GNU Taler news

libeufin independent security audit report and developer response published

We received a grant from NLnet foundation to pay for the development of libeufin for regional- and event-currencies. NGI assists these projects by paying for independent security audits. Thus, we are happy that RadicallyOpenSecurity performed an external crystal-box security audit of the libeufin component of GNU Taler. You can find the final report here. We already addressed all significant findings and compiled a response detailing the changes. We thank RadicallyOpenSecurity for their work, and NLnet and the European Commission's Horizion 2020 NGI initiative for funding this work.

28 November, 2024 11:00PM

Parabola GNU/Linux-libre

i686 users - manual intervention required

i686 users will probably be unable to upgrade, due to a problem with the latest archlinux32-keyring 20241114-1

the solution is posted on the bug tracker https://labs.parabola.nu/issues/3679

28 November, 2024 10:00PM by bill auger

remotecontrol @ Savannah

Smart gadgets’ failure to commit to software support could be illegal, FTC warns

28 November, 2024 12:38PM by Stephen H. Dawson DSL

November 27, 2024

FSF Events

Free Software Directory meeting on IRC: Friday, November 29, starting at 12:00 EST (17:00 UTC)

Join the FSF and friends on Friday, November 29 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

27 November, 2024 04:45PM

November 26, 2024

GNU Artanis

November 24, 2024

GNU Guix

Guix/Hurd on a Thinkpad X60

A lot has happened with respect to the Hurd since our Childhurds and GNU/Hurd Substitutes post. As long as two years ago some of you have been asking for a progress update and although there have been rumours on a new blog post for over a year, we were kind of waiting for the rumoured x86_64 support.

With all the exciting progress on the Hurd coming available after the recent (last?) merger of core-updates we thought it better not to wait any longer. So here is a short overview of our Hurd work over the past years:

NetDDE and Rumpdisk support

Back in 2020, Ricardo Wurmus added the NetDDE package that provides Linux 2.6 network drivers. At the time we didn't get to integrate and use it though and meanwhile it bitrotted.

After we resurrected the NetDDE build, and with kind help of the Hurd developers we finally managed to support NetDDE for the Hurd.. This allows the usage of the Intel 82573L Gigabit Ethernet Controller of the Thinkpad X60 (and many other network cards, possibly even WIFI). Instead of using the builtin kernel driver in GNU Mach, it would be running as a userland driver.

What sparked this development was upstream's NetBSD rumpdisk support that would allow using modern hard disks such as SSDs, again running as a userland driver. Hard disk support builtin in GNU Mach was once considered to be a nice hack but it only supported disks up to 128 GiB…

First, we needed to fix the cross build on Guix.

After the initial attempt at rumpdisk support for the Hurd it took (v2) some (v3) work (v4) to finally arrive at rumpdisk support for the Hurd, really, *really* (v5)

Sadly when actually using them, booting hangs:

start: pci.arbiter:

What did not really help is that upstream's rumpkernel archive was ridiculously large. We managed to work with upstream to remove unused bits from the archive. Upstream created a new archive that instead of 1.8 GiB (!) now “only” weighs 670 MiB.

Anyway, after a lot of building, rebuilding, and debugging and some more with kind help from upstream we finally got Rumpdisk and NetDDE to run in a Childhurd.

NetDDE and Rumpdisk userland processes in a Childhurd

Initial Guix/Hurd on the Thinkpad X60

Now that the last (!) core-updates merge has finally happened (thanks everyone!), the recipe of installing Guix/Hurd has been much simpfilied. It goes something along these lines.

  1. Install Guix/Linux on your X60,

  2. Reserve a partition and format it for the Hurd:

    mke2fs -o hurd -L hurd /dev/sdaX
  3. In your config.scm, add some code to add GRUB menuentries for booting the Hurd, and mount the Hurd partition under /hurd:

    (use-modules (srfi srfi-26)
                 (ice-9 match)
                 (ice-9 rdelim)
                 (ice-9 regex)
                 (gnu build file-systems))
    
    (define %hurd-menuentry-regex
      "menuentry \"(GNU with the Hurd[^{\"]*)\".*multiboot ([^ \n]*) +([^\n]*)")
    (define (text->hurd-menuentry text)
      (let* ((m (string-match %hurd-menuentry-regex text))
             (label (match:substring m 1))
             (kernel (match:substring m 2))
             (arguments (match:substring m 3))
             (arguments (string-split arguments #\space))
             (root (find (cute string-prefix? "root=" <>) arguments))
             (device-spec (match (string-split root #\=)
                            (("root" device) device)))
             (device (hurd-device-name->device-name device-spec))
             (modules (list-matches "module ([^\n]*)" text))
             (modules (map (cute match:substring <> 1) modules))
             (modules (map (cute string-split <> #\space) modules)))
        (menu-entry
         (label label)
         (device device)
         (multiboot-kernel kernel)
         (multiboot-arguments arguments)
         (multiboot-modules modules))))
    
    (define %hurd-menuentries-regex
      "menuentry \"(GNU with the Hurd[^{\"]*)\" \\{([^}]|[^\n]\\})*\n\\}")
    (define (grub.cfg->hurd-menuentries grub.cfg)
      (let* ((entries (list-matches %hurd-menuentries-regex grub.cfg))
             (entries (map (cute match:substring <> 0) entries)))
        (map text->hurd-menuentry entries)))
    
    (define (hurd-menuentries)
      (let ((grub.cfg (with-input-from-file "/hurd/boot/grub/grub.cfg"
                        read-string)))
        (grub.cfg->hurd-menuentries grub.cfg)))
    
    ...
    (operating-system
       ...
      (bootloader (bootloader-configuration
                   (bootloader grub-bootloader)
                   (targets '("/dev/sda"))
                   (menu-entries (hurd-menuentries))))
      (file-systems (cons* (file-system
                             (device (file-system-label "guix"))
                             (mount-point "/")
                             (type "ext4"))
                           (file-system
                             (device (file-system-label "hurd"))
                             (mount-point "/hurd")
                             (type "ext2"))
                           %base-file-systems))
      ...)
  4. Create a config.scm for your Hurd system. You can get inspiration from bare-hurd.tmpl and inherit from %hurd-default-operating-system. Use grub-minimal-bootloader and add a static-networking-service-type. Something like:

    (use-modules (srfi srfi-1) (ice-9 match))
    (use-modules (gnu) (gnu system hurd))
    
    (operating-system
      (inherit %hurd-default-operating-system)
      (bootloader (bootloader-configuration
                   (bootloader grub-minimal-bootloader)
                   (targets '("/dev/sda"))))
      (kernel-arguments '("noide"))
    ...
      (services
        (cons*
          (service static-networking-service-type
                   (list %loopback-static-networking
                         (static-networking
                          (addresses
                           (list
                            (network-address
                             (device "eth0")
                             (value "192.168.178.37/24"))))
                          (routes
                           (list (network-route
                                  (destination "default")
                                  (gateway "192.168.178.1"))))
                          (requirement '())
                          (provision '(networking))
                          (name-servers '("192.168.178.1")))))
        ...)))
  5. Install the Hurd. Assuming you have an ext2 filesystem mounted on /hurd, do something like:

    guix system build --target=i586-pc-gnu vuurvlieg.hurd --verbosity=1
    sudo -E guix system init --target=i586-pc-gnu --skip-checks \
        vuurvlieg.hurd /hurd
    sudo -E guix system reconfigure vuurvlieg.scm
  6. Reboot and...

Hurray!

We now have Guix/Hurd running on Thinkpad.

Guix/Hurd GRUB menu on ThinkpadX60

Guix/Hurd running on ThinkpadX60

Guix/Hurd on Real Iron

While the initial manual install on the X60 was an inspiring milestone, we can do better. As mentioned above, just recently the installer learnt about the Hurd, right after some smaller problems were addressed, like guix system init creating essential devices for the Hurd, not attempting to run a cross-built grub-install to install Grub, soft-coding the hard-coded part:1:device:wd0 root file-system, adding support for booting Guix/Hurd more than once.

To install Guix/Hurd, first, build a 32bit installation image and copy it to a USB stick:

guix system image --image-type=iso9660 --system=i686-linux gnu/system/install.scm
dd if=/gnu/store/cabba9e-image.iso of=/dev/sdX status=progress
sync

then boot it on a not-too-new machine that has wired internet (although installation over WIFI is possible, there is currently no WIFI support for the installed Hurd to use it). On the new Kernel page:

Installer Kernel page

choose Hurd. Do not choose a desktop environment, that's not available yet. On the Network management page:

Installer Network management page

choose the new Static networking service. In the final Configuration file step, don't forget to edit:

Installer Configuration file page

and fill-in your IP and GATEWAY:

Installer Edit static networking

You may want to add some additional packages such as git-minimal from (gnu packages version-control) and sqlite from (gnu packages sqlite).

If you also intend to do Guix development on the Hurd—e.g., debugging and fixing native package builds—then you might want to include all dependencies to build the guix package, see the devel-hurd.tmpl for inspiration on how to do that. Note that any package you add must already have support for cross-building.

Good luck, and let us know if it works for you and on what kind of machine, or why it didn't!

What's next?

In an earlier post we tried to answer the question “Why bother with the Hurd anyway?” An obvious question because it is all too easy to get discouraged, to downplay or underestimate the potential social impact of GNU and the Hurd.

The most pressing problem currently is that the guix-daemon fails when invoking guix authenticate on the Hurd, which means that we cannot easily keep our substitutes up to date. guix pull is known to work but only by pulling from a local branch doing something like:

mkdir -p ~/src/guix
cd src/guix
git clone https://git.savannah.gnu.org/git/guix.git master
guix pull --url=~/src/guix/master

kinda like we did it in the old days. Sometimes it seems that guix does not grok the sqlite store database. This is needs to be resolved but as sqlite does read it this can be easily worked around by doing something like:

mv /var/guix/db/db.sqlite /var/guix/db/db.sqlite.orig
sqlite3 /var/guix/db/db.sqlite.orig .dump > /var/guix/db/db.sqlite.dump
sqlite3 -init /var/guix/db/db.sqlite.dump /var/guix/db/db.sqlite .quit

Also, the boot process still fails to handle an unclean root file system. Whenever the Hurd has suffered an unclean shutdown, cleaning it must currently be done manually, e.g., by booting from the installer USB stick.

Upstream now has decent support for 64bit (x86_64) albeit with more bugs and fewer packages. As mentioned in the overview we are now working to have that in Guix and have made some progress:

Hello Guix 64bit Hurd

more on that in another post. Other interesting task for Guix include:

  • Have guix system reconfigure work on the Hurd,
  • Figure out WiFi support with NetDDE (and add it to installer!),
  • An isolated build environment (or better wait for, err, contribute to the Guile guix-daemon?),
  • An installer running the Hurd, and,
  • Packages, packages, packages!

We tried to make Hurd development as easy and as pleasant as we could. As you have seen, things start to work pretty nicely and there is still plenty of work to do in Guix. In a way this is “merely packaging” the amazing work of others. Some of the real work that needs to be done and which is being discussed and is in progress right now includes:

All these tasks look daunting, and indeed that’s a lot of work ahead. But the development environment is certainly an advantage. Take an example: surely anyone who’s hacked on device drivers or file systems before would have loved to be able to GDB into the code, restart it, add breakpoints and so on—that’s exactly the experience that the Hurd offers. As for Guix, it will make it easy to test changes to the micro-kernel and to the Hurd servers, and that too has the potential to speed up development and make it a very nice experience.

Join #guix and #hurd on libera.chat or the mailing lists and get involved!

Addendum

It has been brought to our attention that people haven't heard that Debian GNU/Hurd has been a reality for some years now. While Guix GNU/Hurd has an exciting future, please be aware that it lacks many packages and services, including Xorg. If you would simply like to install the Hurd on bare metal running your favorite window manager (eg: i3, icewm, etc.) or lightweight desktop environment (Xfce) right now, then installing Debian GNU/Hurd is a good choice. Though we hope to catch up to them soon!

24 November, 2024 06:00PM by Janneke Nieuwenhuizen

GNU Artanis

Build Artanis-0.6 on Ubuntu-24.04

24 November, 2024 11:33AM

GNU Artanis 1.0.0 released

24 November, 2024 11:26AM

November 23, 2024

gnuboot @ Savannah

GNU Boot November 2024 News

A lot has changed since the two last news from the GNU Boot project.

GNU Boot install party in Paris the 7 and 8 December 2024


People involved in the GNU Boot project will be organizing a 100% free
software install party within a bigger event that also has a regular
install party. There will also be a presentation about 100% free
software in there. The event will be mainly in French.

More details are available in French and in English in the following
link:
https://lists.gnu.org/archive/html/help-guix/2024-11/msg00112.html

GNU Boot 0.1 RC4


Many changes were made since the RC3 and since then we fixed an
important bug that prevented Trisquel from booting (If during the
Trisquel installation you chose "LVM2" and didn't encrypt the
storage, GNU Boot images with GRUB would not find the Trisquel
installation).

Because of that we decided to do a new RC4 (release candidate 4)
and to publish new GNU Boot images.

There are still some work needed before doing a 0.1 release as we want
to make it easier for less technical users to install and use GNU
Boot, but more and more of the project structure are getting in place
(website, manual, automatic tests, guix, good development procedures,
enabling build on all distributions, etc) which then makes it easier
to contribute.

We also decided to use Guix for more of the software components
we build, and since this is a big change, we will need people to
help more with testing.

Nonfree software found again, no supported device affected.


The last announcement we made was "Nonfree software found in GNU Boot
releases again, many distros affected"[1].

Some people misunderstood it (maybe we could have been more clear):
the nonfree software that we found was code that GNU Boot didn't use,
so it was easy to remove and it didn't affect the supported devices in
any way.

Finding nonfree software in 100% free distribution is also common:
this is part of the work to ensure these distribution remains 100%
free.

The first time it happened in GNU Boot we publicized it to explain why
we were re-releasing some of the GNU Boot files as it could be very
scary if this happens without any public communication.

The second time we published a news about it mainly to help propagate
the information to the affected distributions and this is probably why
it was misunderstood: it was mainly targeted at GNU Boot users and
maintainers of the affected packages. We also contacted upstream and
some affected distributions directly as well but contacting everybody
takes a lot of time so having a news about it helps. At least Debian
and Trisquel fixed the issue but we still need to contact some
distributions.

After that, and probably thanks to the previous news, Leah Rowe
contacted us on one of the GNU Boot mailing lists[2] to notify us that
she also found additional similar nonfree software in GNU Boot.

So we confirmed that and promptly removed them and re-made again the
source release. And here again even if the work was delayed a bit,
this was fast to do and it doesn't affect the supported devices in any
way.

But we also need help contacting distributions again because one of
the issue she found is very serious because it affects many
distributions and also important devices that GNU Boot doesn't
support.

The ARM trusted firmware ships a nonfree hdcp.bin binary in its source
code. ARM trusted firmware is a dependency of u-boot that is used to
support many ARM computers in other distributions (like Guix, Debian,
etc).

As contacting affected distributions is a tedious task, we also need
help to propagate the information and contact them especially because
we don't know if Leah intend or not to do that work (so far she didn't
reply when asked twice about it), so it's probably up to the GNU Boot
community as a whole (which also includes its maintainers and readers
of this news) to help here.

The details are in the commit 343515aee7ef34695ac45830fad419d9562f9c15
("coreboot: blobs.list: arm-trusted-firmware: Remove RK3399 hdcp.bin
firmware.") in the GNU Boot source code[3].

[1]https://savannah.gnu.org/news/?id=10684
[2]https://lists.gnu.org/archive/html/gnuboot-patches/2024-10/msg00028.html
[3]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=343515aee7ef34695ac45830fad419d9562f9c15

Website and documentation


Jordán (isf) has been contributing some Spanish translations of the
most important website pages (the landing, status and how to
contribute pages). This is important as it could help get more
contributors. These contributions also helped us improve the process
for accepting pseudonymous contributions and enabled us to fix issues.

The work on improving the website in general also continued. Many of
the website pages were reviewed and improved (there is a lot of work
there and mentioning it all would make the news way too long).

The website also now shows the git revision from which it is build and
we also helped the FSF fix some server configuration that created
issue with the deployment of the GNU Boot website (more details are in
the commit message[1]) by reporting the issue to them and testing the
fix.

Patches for making a manual are also being reviewed. While there isn't
much in the manual yet, it also enables to better organize the
documentation and it has the potential to make GNU Boot more
accessible to less technical people.

The next goals is to look how to merge part of the website inside the
manual and continue improving both the website and the manual.

[1]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=d1df672383f6eb8d4218fdef7fbe9ec5e41803e4

Authenticating GNU Boot source code


We now have the ability to verify the source code when downloading it
from git. This is important to avoid certain type of attacks and it
also enables to write code to automatically download, verify and build
the GNU Boot source code.

The source can be verified with the following command (it requires to
have Guix installed):
 $ guix git authenticate $(git rev-parse HEAD) \
  "E23C 26A5 DEEE C5FA 9CDD  D57A 57BC 26A3 6871 16F6" \
  -k origin/keyring

If the authentication works it will print a message like that:

    guix git: successfully
    authenticated commit 05c09293d9660ea1f26b5b705a089b466a0aa718

The 05c09293d9660ea1f26b5b705a089b466a0aa718 might be different in
your case.

The "E23C 26A5 DEEE C5FA 9CDD D57A 57BC 26A3 6871 16F6" part in the
command above is Adrien Bourmault (neox)'s GPG key.

How to use that will be documented more in depth in the upcoming GNU
Boot manual that is currently being reviewed. Its importance will also
be explained in more details for people not familiar with the security
issues it's meant to solve. Also note that we also welcome help for
reviewing patches.

Licensing


The GNU Boot source code has a complex history. It is based on the
last fully free software releases of Libreboot. And the Libreboot
source code history is very complex.

We found some missing authorship information in some of the files that
come from Libreboot and so we started such information from the
various git repositories that were used at some point by Libreboot or
some of the projects it was based on.

To help with this task we also added a page on the GNU Boot website
(https://www.gnu.org/software/gnuboot/web/docs/history/) to track the
status of the reconstruction of the missing authorship and to document
the GNU Boot source code history.

Upstream contributions and easier building of GNU Boot


GNU Boot is just a distribution and like most distributions, it tries
to collaborate with various upstream projects whenever possible.

Since GNU Boot relies on Guix, we improved the Guix documentation
directly to help people install Guix on Trisquel and Parabola. We also
helped Trisquel fix security issues in the Guix package by bug
reporting and testing fixes (some bugs still need to be fixed in
Parabola and Debian, and reporting issues upstream takes time).

Since we also advise to use PureOS or Trisquel to build GNU Boot we
also enabled people with Guix to produce PureOS or Trisquel chroots
with Debootstrap. This was done through contributions to Debootstrap,
and to the Guix Debootstrap package. We could then mention that in the
GNU Boot build documentation
(https://www.gnu.org/software/gnuboot/web/docs/build/) and added a
script (in contrib/start-guix-daemon.py) to support building GNU Boot
in chroots. However there are still issue with the build in chroots
that need to be fixed to producing all released files. Instructions on
how to do build in chroots is also lacking.

In addition we also added the ability to build GNU Boot with Trisquel
11 (aramo).

An apt-cacher-ng package was also contributed in Guix upstream as it
can then be used to speed-up one of the automatic tests used in GNU
Boot but the support for apt-cacher-ng was not integrated yet in GNU
Boot. Last year we also contributed a GRUB package in Guix but we
didn't have the occasion to use it yet. It will probably happen soon
though.

Building GNU Boot


How to build GNU Boot has changed a lot since GNU Boot 0.1 RC3.

Before Guix could only be optionally used to build the website.

In addition to that, Guix is now integrated in the build system so we
can now rely on Guix packages to build GNU Boot images. This also
means that you need to install Guix to build GNU Boot images.

We currently use Guix packages to build some tests. We also build some
installation utilities for the I945 ThinkPads (ThinkPad X60, X60s,
X60T and T60) but we don't have documentation for less technical
people yet on how to use them. We also would need help for testing
these computers as we have no idea if they still work fine or which
fully free distributions still work on them in practice.

We now also support the './configure' and 'make' commands to build GNU
Boot but not yet the 'make install' command as to work we would need
to adapt many of the scripts that are used during the build to be
compatible with that.

There is also less visible work that was done, like cleaning up a lot
of code, adding tests for code quality, documenting a bit the GNU Boot
source code structure, and so on.

Work on making GNU Boot reproducible also started. See
https://reproducible-builds.org/ or
https://en.wikipedia.org/wiki/Reproducible_builds for more detail on
the issue.

We took an extremely strict approach and put the checksum of some of
the things we build directly into GNU Boot and verify it the checksum
during the compilation. This enables us to automatically detect
issues without having to do anything.

We started to enable that for easy things, and we also added the
infrastructure to also use that in Guix packages as well by validating
one of the packages we use during automatic testing.

However at one point this guix package stopped being
reproducible. Since we wanted to keep that code (especially as it was
showing a good example of how to do it), we fixed the bug instead of
removing the test.

This then helped us detect a very subtle and interesting bug in one of
the components we use for automatic tests.

The bug could not be caught during testing because some time
information stored inside the FAT32 file system has a granularity of a
day, and since all the testing happened the same day, it was caught
only later on.

This bug was then fixed and the details are in the fix[1]. A bug
report was also opened upstream because bugs were found in diffoscope
along the way[2]. We still need to do some testing though to
understand if the bug is in diffoscope or one of the underlying
libraries (libguestfs) and then to report the remaining bugs to the
distributions we used during this work.

We also made it easier to update the checksum in the Guix package. If
you package software with Guix, this change is also a good example of
how not to break the '--without-tests' option when you override the
tests in the package you contribute. The commit message[3] and the
change have more details and references on all that.

[1]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=4c3de49fbb3b43940b43f8fdccc8e51ee7df8f46
[2]https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/390
[3]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=40fcb94e2f7ab1df8d320f78311e623f801d8602

LVM2 bug


WodeShengli reported a very important bug[1]: GNU Boot images with
GRUB can't find LVM2 partitions if the partition itself is not
encrypted. For instance if you have LVM2 and no encryption at all or
if the disk is encrypted and that on top you have LVM2, GNU Boot will
not find the partition.

Since this is an extremely serious usability issue (because images
with GRUB are supposed to work out of the box) we spent time to fix
it.

The issue was that the GRUB configuration we ship hardcoded the name
of the LVM volumes to try to boot from. Fixing it required to be able
loop over all the partitions being found, but we found no command to
do that in GRUB (which is probably why the LVM partition names were
hardcoded in the first place).

So we started adding GRUB command options to do that but while the
code worked fine, it didn't integrate in GRUB well. So we contacted
GRUB looking for help as we would have needed to upstream our command
option in GRUB anyway.

And we were told that GRUB already had a way to do what we were
looking for so we used that to fix the issue.

We also added tests that automatically download the Trisquel installer
and installs Trisquel with LVM2 and test if GNU Boot can boot the new
Trisquel installation[2].

While this test is skipped for 32bit computers, it is still good to
have as some people will run it. The test also paves the way to add
more tests that would enable us to improve further the GRUB
configuration without breaking the boot.

[1]https://savannah.gnu.org/bugs/index.php?65663
[2]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=860b00bf1e798d86c8bb2a70d77633599dfa1da2
[3]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=9cc02ddde1e164fabfbddc8bbd3832ef9468d92d

23 November, 2024 07:05PM by GNUtoo

November 22, 2024

parallel @ Savannah

GNU Parallel 20241122 ('Ahoo Daryaei') released

GNU Parallel 20241122 ('Ahoo Daryaei') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  GNU parallel is so satisfying
    -- James Coman @jcoman.bsky.social

New in this release:

  • --pipe --block works similar to --pipepart --block if --block size is negative.
  • DBURLs can be written with / instead of %2F for sqlite and CSV.
  • Bug fixes and man page updates.

News about GNU Parallel:


GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.


About GNU Parallel


GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
    12345678 883c667e 01eed62f 975ad28b 6d50e22a
    $ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
    cc21b4c9 43fd03e9 3ae1ae49 e28573c0
    $ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
    79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
    fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference


If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)


If GNU Parallel saves you money:



About GNU SQL


GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.


About GNU Niceload


GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

22 November, 2024 10:22PM by Ole Tange

November 21, 2024

FSF Events

Free Software Directory meeting on IRC: Friday, November 22, starting at 12:00 EST (17:00 UTC)

Join the FSF and friends on Friday, November 22 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

21 November, 2024 05:30PM

www-zh-cn @ Savannah

Welcome our new member - bingchuanjuzi

Hi, All:

Please join me in welcoming our new member:

User Details:
-------------
Name:    Haoran Du
Login:   bingchuanjuzi
Email:   dududu233@outlook.com

I wish bingchuanjuzi a wonderful journey in GNU CTT.

Happy Hacking
wxie

21 November, 2024 02:01AM by Wensheng XIE

November 20, 2024

libtool @ Savannah

libtool-2.5.4 released [stable]

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.4.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 49 commits by 16 people in the 8 weeks since 2.5.3.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Adrien Destugues (1)
  Alastair McKinstry (6)
  Bruno Haible (1)
  Ileana Dumitrescu (27)
  Jerome Duval (1)
  Jonathan Nieder (2)
  Joshua Root (1)
  Khalid Masum (1)
  Markus Mützel (1)
  Martin Storsjö (1)
  Richard Purdie (1)
  Sergey Poznyakoff (1)
  Tim Schumacher (1)
  Vincent Lefevre (2)
  mintsuki (1)
  streaksu (1)

Ileana
 [on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
  https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.4
or run this command from a git-cloned libtool directory:
  git shortlog v2.5.3..v2.5.4

Here are the compressed sources:
  https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.gz   (2.0MB)
  https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.xz   (1.1MB)

Here are the GPG detached signatures:
  https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.gz.sig
  https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  77227188ead223ed8ba447301eda3761cb68ef57  libtool-2.5.4.tar.gz
  2o67LOTc9GuQCY2vliz/po9LT2LqYPeY0O8Skp7eat8=  libtool-2.5.4.tar.gz
  9781a113fe6af1b150571410b29d3eee2e792516  libtool-2.5.4.tar.xz
  +B9YYGZrC8fYS63e+mDRy5+m/OsjmMw7rKavqmAmZnU=  libtool-2.5.4.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify libtool-2.5.4.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22  B99F 6570 EA01 146F 7354
  uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
  uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key ileanadumi95@protonmail.com

  gpg --recv-keys 6570EA01146F7354

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify libtool-2.5.4.tar.gz.sig

This release was bootstrapped with the following tools:
  Autoconf 2.72e
  Automake 1.17
  Gnulib v1.0-1108-gea58a72d4d

NEWS

  • Noteworthy changes in release 2.5.4 (2024-11-20) [stable]


** New features:

  - New libtool command line flag, --no-finish, to skip executing
    finish_cmds that would alter the shared library cache during testing.

  - New libtool command line flag, --reorder-cache=DIRS, to reorder the
    shared library cache, only on OpenBSD.

** Bug fixes:

  - Fix incorrect use of workarounds designed for Darwin versions that
    don't have -single_module support.

  - Fix errors when executing 'make distclean' and 'make maintainer-clean'.

  - Fix bug where the constructed rpath omit directories, instead of
    appending them to the end.

  - Fix configure error for when variable 'multlib' is unset.

  - Fix searching for -L in link paths being over-greedy and incorrectly
    handling paths with -L in them.

  - Avoid using AC_TRY_EVAL macro, "dangerous and undocumented".

  - Fix linking libraries at runtime with tcc by adding run path.

  - Fix path comparison by removing trailing slashes on install commands.

  - Fix linking for mingw with lld by prefering response files over the
    linker script.

  - Fix '-Fe' usage with linking in MSVC.

  - Fix '--no-warnings' flag.

  - Fix handling xlc(1)-specific options.

  - Fix Haiku support.

** Changes in supported systems or compilers:

  - Support additional flang-based compilers, 'f18' and 'f95'.

  - Support for 'netbsdelf*-gnu'.

  - Support for '*-mlibc', and subsequently Ironclad and Managarm.

  - Support for SerenityOS.

  - Support for wasm32-emscripten.

Enjoy!

20 November, 2024 08:27PM by Ileana Dumitrescu

November 10, 2024

GNU Guix

Take the Guix User and Contributor Survey

To understand the views of the Guix community we're running a survey that we'd love you to take part in! The Guix User and Contributor Survey is live now, and should take about 10 minutes to fill out. Perfect for doing with a cup of tea and a biscuit!

The Guix project continues to grow and change, with new contributors and users joining our community. We decided to run this survey as it's the best way to gather good quality feedback across the widest cross-section of the community. Of course, there's lots of interesting topics a survey could ask about! We decided to focus on how Guix is used, and how contributors take part in the project.

The survey is being run on LimeSurvey which is a Free Software project and has been used by many other projects for similar surveys. The survey's hosted on the LimeSurvey SaaS so that we don't have the additional task of operating the software. No personal data is asked for (e.g. email addresses), no tracking data is being collected (e.g. IP addresses) and the entries are anonymised.

We'll be making the results and the anonymised data available under the Creative Commons CCO: that way anyone can analyse the data for further insights.

We hope the results of the survey will be used to understand both the Guix project's strengths and areas we can improve. Which is why your input is so important. If you can, please take the survey!

Take the survey now!

10 November, 2024 10:01AM by Steve George

October 28, 2024

GNUnet News

GNUnet 0.22.2

GNUnet 0.22.2

This is a bugfix release for gnunet 0.22.1. It fixes some regressions and minor bugs.

Links

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links may be functional early after the release. For direct access try https://ftp.gnu.org/gnu/gnunet/

28 October, 2024 11:00PM

October 24, 2024

Parabola GNU/Linux-libre

manual intervention required for local pacman repositories

NOTE: pacman v7 is currently in [libre-testing]; but it will be promoted to libre soon

from arch:

With the release of [version 7.0.0] pacman has added support for downloading packages as a separate user with dropped privileges.

For users with local repos however this might imply that the download user does not have access to the files in question, which can be fixed by assigning the files and folder to the alpm group and ensuring the executable bit (+x) is set on the folders in question.

$ chown :alpm -R /path/to/local/repo

Remember to [merge the .pacnew] files to apply the new default.

Pacman also introduced [a change] to improve checksum stability for git repos that utilize .gitattributes files. This might require a one-time checksum change for PKGBUILDs that use git sources.

24 October, 2024 06:11AM by bill auger

October 23, 2024

www-ru @ Savannah

Разговор о свободных программах в Москве

Компьютеры и сети содействуют нам в борьбе за свободу: они помогают посвятить время и силы важным общественным инициативам, организовывать протесты, защищаться от цензуры.

Но свободны ли наши компьютеры?  И свободны ли мы как пользователи?

Обсудим эти вопросы 25 октября в 19:00 в Открытом пространстве с Глебом Ерофеевым — активистом движения за свободные программы и волонтёром проекта "ГНУ", который в 1983 году запустил философ и активист Ричард Столлман.

Команда проекта "ГНУ" занимается разработкой свободного софта и техноэтическим активизмом, чтобы дать пользователям контроль над их компьютерами и искоренить несправедливость, которую приносят в общество собственнические программы.

Адрес: Плетешковский пер., 8с1 (м. "Бауманская").

Участие бесплатно.  Приветствуются пожертвования в пользу пространства.

23 October, 2024 01:17PM by Ineiev

October 22, 2024

FSF News

FSF is working on freedom in machine learning applications

BOSTON (October 22, 2024) -- The Free Software Foundation (FSF) has announced today that it is working on a statement of criteria for free machine learning applications, which will require the software, as well as the raw training data and associated scripts, to grant users the four freedoms.

22 October, 2024 09:40PM

October 21, 2024

FSF associate members to assist in review of current board members

21 October, 2024 08:00PM

parallel @ Savannah

GNU Parallel 20241022 ('Sinwar Nasrallah') released [stable]

GNU Parallel 20241022 ('Sinwar Nasrallah') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  GNU Parallel is one of the most helpful tools I've been using recently, and it's just something like: parallel -j4 'gzip {}' ::: folder/*.csv
     -- Milton Pividori @miltondp@twitter
 
New in this release:

  • No new features. This is a candidate for a stable release.
  • Bug fixes and man page updates.


News about GNU Parallel:


GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.


About GNU Parallel


GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
    12345678 883c667e 01eed62f 975ad28b 6d50e22a
    $ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
    cc21b4c9 43fd03e9 3ae1ae49 e28573c0
    $ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
    79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
    fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
  • Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference


If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)


If GNU Parallel saves you money:



About GNU SQL


GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.


About GNU Niceload


GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

21 October, 2024 07:31PM by Ole Tange

GNU Guix

Build User Takeover Vulnerability (CVE-2024-52867)

A security issue, known as CVE-2024-52867, has been identified in guix-daemon which allows for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build. You are strongly advised to upgrade your daemon now (see instructions below), especially on multi-user systems.

This exploit requires the ability to start a derivation build and the ability to run arbitrary code with access to the store in the root PID namespace on the machine the build occurs on. As such, this represents an increased risk primarily to multi-user systems and systems using dedicated privilege-separation users for various daemons: without special sandboxing measures, any process of theirs can take advantage of this vulnerability.

Vulnerability

For a very long time, guix-daemon has helpfully made the outputs of failed derivation builds available at the same location they were at in the build container. This has aided greatly especially in situations where test suites require the package to already be installed in order to run, as it allows one to re-run the test suite interactively outside of the container when built with --keep-failed. This transferral of store items from inside the chroot to the real store was implemented with a simple rename, and no modification of the store item or any files it may contain.

If an attacker starts a build of a derivation that creates a binary with the setuid and/or setgid bit in an output directory, then, and the build fails, that binary will be accessible unaltered for anybody on the system. The attacker or a cooperating user can then execute the binary, gain the privileges, and from there use a combination of signals and procfs to freeze a builder, open any file it has open via /proc/$PID/fd, and overwrite it with whatever it wants. This manipulation of builds can happen regardless of which user started the build, so it can work not only for producing compromised outputs for commonly-used programs before anybody else uses them, but also for compromising any builds another user happens to start.

A related vulnerability was also discovered concerning the outputs of successful builds. These were moved - also via rename() - outside of the container prior to having their permissions, ownership, and timestamps canonicalized. This means that there also exists a window of time for a successful build's outputs during which a setuid/setgid binary can be executed.

In general, any time that a build user running a build for some submitter can get a setuid/setgid binary to a place the submitter can execute it, it is possible for the submitter to use it to take over the build user. This situation always occurs when --disable-chroot is passed to guix-daemon. This holds even in the case where there are no dedicated build users, and builds happen under the same user the daemon runs as, as happens during make check in the guix repository. Consequently, if a permissive umask that allows execute permission for untrusted users on directories all the way to a user's guix checkout is used, an attacker can use that user's test-environment daemon to gain control over their user while make check is running.

Mitigation

This security issue has been fixed by two commits. Users should make sure they have updated to the second commit to be protected from this vulnerability. Upgrade instructions are in the following section. If there is a possibility that a failed build has left a setuid/setgid binary lying around in the store by accident, run guix gc to remove all failed build outputs.

The fix was accomplished by sanitizing the permissions of all files in a failed build output prior to moving it to the store, and also by waiting to move successful build outputs to the store until after their permissions had been canonicalized. The sanitizing was done in such a way as to preserve as many non-security-critical properties of failed build outputs as possible to aid in debugging. After applying these two commits, the guix package in Guix was updated so that guix-daemon deployed using it would use the fixed version.

If you are using --disable-chroot, whether with dedicated build users or not, make sure that access to your daemon's socket is restricted to trusted users. This particularly affects anyone running make check and anyone running on GNU/Hurd. The former should either manually remove execute permission for untrusted users on their guix checkout or apply this patch, which restricts access to the test-environment daemon to the user running the tests. The latter should adjust the ownership and permissions of /var/guix/daemon-socket, which can be done for Guix System users using the new socket-directory-{perms,group,user} fields in this patch.

A proof of concept is available at the end of this post. One can run this code with:

guix repl -- setuid-exposure-vuln-check.scm

This will output whether the current guix-daemon being used is vulnerable or not. If it is not vulnerable, the last line will contain your system is not vulnerable, otherwise the last line will contain YOUR SYSTEM IS VULNERABLE.

Upgrading

Due to the severity of this security advisory, we strongly recommend all users to upgrade their guix-daemon immediately.

For Guix System, the procedure is to reconfigure the system after a guix pull, either restarting guix-daemon or rebooting. For example:

guix pull
sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon

where /run/current-system/configuration.scm is the current system configuration but could, of course, be replaced by a system configuration file of a user's choice.

For Guix running as a package manager on other distributions, one needs to guix pull with sudo, as the guix-daemon runs as root, and restart the guix-daemon service, as documented. For example, on a system using systemd to manage services, run:

sudo --login guix pull
sudo systemctl restart guix-daemon.service

Note that for users with their distro's package of Guix (as opposed to having used the install script) you may need to take other steps or upgrade the Guix package as per other packages on your distro. Please consult the relevant documentation from your distro or contact the package maintainer for additional information or questions.

Conclusion

Even with the sandboxing features of modern kernels, it can be quite challenging to synthesize a situation in which two users on the same system who are determined to cooperate nevertheless cannot. Guix has an especially difficult job because it needs to not only realize such a situation, but also maintain the ability to interact with both users itself, while not allowing them to cooperate through itself in unintended ways. Keeping failed build outputs around for debugging introduced a vulnerability, but finding that vulnerability because of it enabled the discovery of an additional vulnerability that would have existed anyway, and prompted the use of mechanisms for securing access to the guix daemon.

I would like to thank Ludovic Courtès for giving feedback on these vulnerabilities and their fixes — discussion of which led to discovering the vulnerable time window with successful build outputs — and also for helping me to discover that my email server was broken.

Proof of Concept

Below is code to check if your guix-daemon is vulnerable to this exploit. Save this file as setuid-exposure-vuln-check.scm and run following the instructions above, in "Mitigation."

(use-modules (guix)
             (srfi srfi-34))

(define maybe-setuid-file
  ;; Attempt to create a setuid file in the store, with one of the build
  ;; users as its owner.
  (computed-file "maybe-setuid-file"
                 #~(begin
                     (call-with-output-file #$output (const #t))
                     (chmod #$output #o6000)

                     ;; Failing causes guix-daemon to copy the output from
                     ;; its temporary location back to the store.
                     (exit 1))))

(with-store store
  (let* ((drv (run-with-store store
                (lower-object maybe-setuid-file)))
         (out (derivation->output-path drv)))
    (guard (c (#t
               (if (zero? (logand #o6000 (stat:perms (stat out))))
                   (format #t "~a is not setuid: your system is not \
vulnerable.~%"
                           out)
                   (format #t "~a is setuid: YOUR SYSTEM IS VULNERABLE.

Run 'guix gc' to remove that file and upgrade.~%"
                           out))))
      (build-things store (list (derivation-file-name drv))))))

21 October, 2024 11:00AM by Caleb Ristvedt

October 19, 2024

GNU Health

GHCon2024, the GNU Health Conference . Palermo, Italy

Dear community:

We’re excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.

Mount Etna rising over suburbs of Catania, Sicily (Wikimedia)

The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communities from around the world.

We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record).

GHCon2024 – The IX International GNU Health Conference


The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.

In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.

We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part
of the GNU Health community.

Looking forward to seeing you in Sicily!

Happy Hacking!

GHCon2024 homepage: https://www.gnuhealth.org/ghcon
Registration: https://my.gnusolidario.org/ghcon2024-registration/

Follow us in Mastodon (https://mastodon.social/@gnuhealth) for the latest news.

You can share the news using the tag #GHCon2024

19 October, 2024 05:30PM by Luis Falcon

gnuboot @ Savannah

Nonfree software found in GNU Boot releases again, many distros affected.

The GNU Boot project previously found nonfree microcode in the first
RC1 release (in gnuboot-0.1-rc1_src.tar.xz to be exact).

This was announced in the "GNU Boot December 2023 News"
(https://lists.gnu.org/archive/html/gnuboot-announce/2023-12/msg00000.html). It
was fixed by re-making the affected tarball by hand with the nonfree
software removed and by contacting Canoeboot that had the same issue,
and by bug reporting and proposing patches to fix the issue in Guix as
well (they are still pending as we need to find a reviewer familiar
with Coreboot).

But recently we found a more problematic issue that also affects many
more distributions and all the previous GNU Boot release candidates.

The vboot source code used in Coreboot and in the vboot-utils package
available in many GNU/Linux distributions contains nonfree code in
their test data in tests/futility/data (nonfree microcode, nonfree
BIOS, nonfree Management Engine firmwares, etc).

So we had to re-release all the affected tarballs (like
gnuboot-0.1-rc1_src.tar.xz, gnuboot-0.1-rc2_src.tar.xz, etc).

We made and we improved the process along the way (we now store the
changes in tag inside our git repository and simply regenerate the
tarballs with the build system that is available for a given tag).

We are also in the process of contacting distributions and/or
coordinating with them and we also need help as there are many
distributions to contact.

To do that we started contacting the free GNU/Linux distros
(https://www.gnu.org/distros/free-distros.html) that ship the vboot
source code. We also contacted Replicant that is a free Android distro
that also ships vboot source code.

We also started to contact common distros that require certain
repositories to only have free software (so far we only contacted
Debian as that will help Trisquel fix the issue, but we also need to
contact Fedora for instance). Finding which distro to contact is made
much easier thanks to GNU's review of common distros policies
(https://www.gnu.org/distros/common-distros.html).

We coordinate that work on our bug report system at Savannah,
especially in the bug #66246
(https://savannah.gnu.org/bugs/index.php?66246).

19 October, 2024 01:27PM by GNUtoo

health @ Savannah

GHcon2024, the GNUHealth Conference will be in Palermo, Italy - December 15th

Dear community:

We're excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.

The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communities from around the world.

We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record)

The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.

In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.

We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part of the GNU Health community.

Happy Hacking!

Homepage: https://www.gnuhealth.org/ghcon

Registration: https://my.gnusolidario.org/ghcon2024-registration/

Follow us in Mastodon (https://mastodon.social/@gnuhealth) for the latest news.

You can share the news using the tag #GHCon2024

19 October, 2024 08:46AM by Luis Falcon

October 16, 2024

libunistring @ Savannah

GNU libunistring-1.3 released

Download from https://ftp.gnu.org/gnu/libunistring/libunistring-1.3.tar.gz

This is a stable release.

New in this release:

  • The data tables and algorithms have been updated to Unicode version 16.0.0.
  • New function uc_is_property_modifier_combining_mark and new constant UC_PROPERTY_MODIFIER_COMBINING_MARK.
  • Fixed a bug in the *printf functions: The %ls and %lc directives could lead to a crash on Solaris and MSVC.

16 October, 2024 06:49PM by Bruno Haible

October 12, 2024

Jose E. Marchesi

bugz-mode and a68-mode now in sourcehut

I have decided to start using sourcehut for a few of my projects. The first projects landing there are bugz-mode and a68-mode, two Emacs modes. The first implements a quite efficient and comfortable interface to bugzilla. The second is a programming mode for Algol 68.

Let's see how it goes!

https://git.sr.ht/~jemarch

12 October, 2024 12:00AM

October 09, 2024

GNUnet News

GNUnet 0.22.1

GNUnet 0.22.1

This is a bugfix release for gnunet 0.22.0. It addresses some issues in HELLO URI handling and formatting as well as regressions in the DHT subsystem along with other bug fixes.

Links

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links may be functional early after the release. For direct access try https://ftp.gnu.org/gnu/gnunet/

09 October, 2024 10:00PM

FSF News

Free Software Foundation to serve on "artificial intelligence" safety consortium

BOSTON (October 8, 2024) -- The Free Software Foundation (FSF) has announced that it is taking part in the US National Institute of Standards and Technology (NIST)'s consortium on the safety of (so-called) artificial intelligence, particularly with reference to "generative" AI systems. The FSF will ensure the free software perspective is adequately represented in these discussions.

09 October, 2024 02:05PM

September 26, 2024

health @ Savannah

Time to take back the Internet

It’s no news. They’re stealing the Internet from us and we must do something about it. What it used to be a fun, collaborative hacking space is now ruled by corporations and narcissistic billionaires. Proprietary centralized social networks have become a space for hate, discrimination and propaganda. The messages that you see are those that they want you to see. Your data is no longer yours. They have become a massive thought control machine. You read what they want you to read and, in the end, you will end up writing and doing what they want you to write and to do. It’s a matter of time and money, and they have both.

These corporate-driven social networks are deceiving. They make us fall into false assumptions in a distorted reality. This delusion hits both individuals and organizations. For instance, in GNU Solidario and GNU Health, we fight for Social Medicine and for the rights of human and non-human animals. When we want to share an event, to make a fundraising campaign or to denounce human or animal rights violations we want the message to reach out as many people as possible. We could think, why not share it with our followers on Twitter / X? Experience has it, corporate social networks have not really made a difference in the outcomes. They will promote or “shadow ban” the message depending on who wrote it. You can guess the results for those who fight against neoliberal capitalism.

Social pressure exists, and is not trivial to overcome. Many fear that leaving proprietary centralized social networks that have been using for years will result in losing the status and contacts they’ve built throughout the years. Again, it’s not really a big deal. And we have great news, there are decentralized, community-driven alternatives! Some of those alternatives are Mastodon, Friendica or Diaspora. Not only social networks, today there is an free software alternative to pretty much any proprietary solution (search engines, scientific programs, multimedia, office suites, databases, games…)

There is a correlation between Free Software, freedom and privacy. The more Free Software, the more freedom and privacy you enjoy. The contrary also applies: Proprietary software is inversely proportional to our freedom, both at individual and collective level. There is no transparency, no privacy, no control, no rights in proprietary applications, networks or clouds.

In the last decades, the tech giants have been busy in a campaign to dismantle the Free Software philosophy and community. The “open source” euphemism is one of them. Richard Stallman (creator of the GNU project and the Free Software Foundation) has been warning us about the dangers of “Open Source”. Free societies are built with free software, not with open source. I know some members in the free software community use both terms interchangeably, but I am convinced using the “Free Software” terms not only delivers software, but also freedom to our society.

Internet is no longer fun or empathetic. It has become a hostile and toxic environment, the medium for corporations and elites that increase concentration of power, social gradient and create very unjust societies. They use our data to control individuals and governments. We certainly don’t want to be part of that.

It is our moral duty to bring back spirit of solidarity that RMS delivered in the late 80’s, and that made possible the GNU movement, the best operating systems, programming languages, web servers and database engines for everyone. The GNU project was the inspiration for projects like GNU Health, helping millions around the globe, delivering freedom and equity in healthcare.

In the end, it is up to us to embrace federated, community driven social networks and free software applications. Millions of individuals, activists, free software projects, NGOs and even the European Union have already joined the Fediverse and Mastodon. It only takes an initial push to break the social pressure to set ourselves and our societies free.

Citing our friends from GNUnet: “You broke the Internet… we’ll build a GNU one”.

Happy hacking!

Follow us in Mastodon: https://mastodon.social/@gnuhealth

Original post: https://my.gnusolidario.org/2024/09/26/time-to-take-back-the-internet/

26 September, 2024 06:08PM by Luis Falcon

GNU Health

Time to take back the Internet

It’s no news. They’re stealing the Internet from us and we must do something about it. What it used to be a fun, collaborative hacking space is now ruled by corporations and narcissistic billionaires. Proprietary centralized social networks have become a space for hate, discrimination and propaganda. The messages that you see are those that they want you to see. Your data is no longer yours. They have become a massive thought control machine. You read what they want you to read and, in the end, you will end up writing and doing what they want you to write and to do. It’s a matter of time and money, and they have both.

These corporate-driven social networks are deceiving. They make us fall into false assumptions in a distorted reality. This delusion hits both individuals and organizations. For instance, in GNU Solidario and GNU Health, we fight for Social Medicine and for the rights of human and non-human animals. When we want to share an event, to make a fundraising campaign or to denounce human or animal rights violations we want the message to reach out as many people as possible. We could think, why not share it with our followers on Twitter / X? Experience has it, corporate social networks have not really made a difference in the outcomes. They will promote or “shadow ban” the message depending on who wrote it. You can guess the results for those who fight against neoliberal capitalism.

“The many branches of the Fediverse” (credits: Axbom)

Social pressure exists, and is not trivial to overcome. Many fear that leaving proprietary centralized social networks that have been using for years will result in losing the status and contacts they’ve built throughout the years. Again, it’s not really a big deal. And we have great news, there are decentralized, community-driven alternatives! Some of those alternatives are Mastodon, Friendica or Diaspora. Not only social networks, today there is an free software alternative to pretty much any proprietary solution (search engines, scientific programs, multimedia, office suites, databases, games…)

The GNU head, symbol of the GNU project

There is a correlation between Free Software, freedom and privacy. The more Free Software, the more freedom and privacy you enjoy. The contrary also applies: Proprietary software is inversely proportional to our freedom, both at individual and collective level. There is no transparency, no privacy, no control, no rights in proprietary applications, networks or clouds.

In the last decades, the tech giants have been busy in a campaign to dismantle the Free Software philosophy and community. The “open source” euphemism is one of them. Richard Stallman (creator of the GNU project and the Free Software Foundation) has been warning us about the dangers of “Open Source”. Free societies are built with free software, not with open source. I know some members in the free software community use both terms interchangeably, but I am convinced using the “Free Software” terms not only delivers software, but also freedom to our society.

Internet is no longer fun or empathetic. It has become a hostile and toxic environment, the medium for corporations and elites that increase concentration of power, social gradient and create very unjust societies. They use our data to control individuals and governments. We certainly don’t want to be part of that.

It is our moral duty to bring back spirit of solidarity that RMS delivered in the late 80’s, and that made possible the GNU movement, the best operating systems, programming languages, web servers and database engines for everyone. The GNU project was the inspiration for projects like GNU Health, helping millions around the globe, delivering freedom and equity in healthcare.

In the end, it is up to us to embrace federated, community driven social networks and free software applications. Millions of individuals, activists, free software projects, NGOs and even the European Union have already joined the Fediverse and Mastodon. It only takes an initial push to break the social pressure to set ourselves and our societies free.

Collage with some members of the GNU Health community around the world

Citing our friends from GNUnet: “You broke the Internet… we’ll build a GNU one”.

Happy hacking!

Follow us in Mastodon: https://mastodon.social/@gnuhealth

26 September, 2024 04:16PM by Luis Falcon

September 25, 2024

libtool @ Savannah

libtool-2.5.3 released [stable]

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.3.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 14 commits by 2 people in the 27 days since 2.5.2.

See the NEWS below for a brief summary. An alpha and two beta releases
of GNU Libtool have been released prior to this stable release. Please
view the NEWS entries for those releases for a more complete summary of
the updates between stable releases 2.4.7 and 2.5.3.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bruno Haible (3)
  Ileana Dumitrescu (11)

Ileana
 [on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
  https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.3
or run this command from a git-cloned libtool directory:
  git shortlog v2.5.2..v2.5.3

Here are the compressed sources:
  https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.gz   (2.0MB)
  https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.xz   (1.1MB)

Here are the GPG detached signatures:
  https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.gz.sig
  https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  f48e2fcdb0b80f97e93366c41fdcd1ea90f2f253  libtool-2.5.3.tar.gz
  kyK9j2vISP2j44WJndGTSVcWllKs73FtGdGdJAU6u5U=  libtool-2.5.3.tar.gz
  f1450b2f652d9acf3b83eee823cad966a149cca4  libtool-2.5.3.tar.xz
  iYARIyzFm2s7u+Mhtgq6nbGsEVeKth7Q3wKZRYFGri4=  libtool-2.5.3.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify libtool-2.5.3.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22  B99F 6570 EA01 146F 7354
  uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
  uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key ileanadumi95@protonmail.com

  gpg --recv-keys 6570EA01146F7354

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify libtool-2.5.3.tar.gz.sig

This release was bootstrapped with the following tools:
  Autoconf 2.72e
  Automake 1.17
  Gnulib v1.0-803-g30417e7f91

NEWS

  • Noteworthy changes in release 2.5.3 (2024-09-25) [stable]


** New features:

  - Add 'aarch64' support to the file magic test, which allows for
    shared libraries to be built with Mingw for aarch64.

** Bug fixes:

  - The configure options --with-pic and --without-pic have been renamed
    to --enable-pic and --disable-pic, respectively.  The old names
    --with-pic and --without-pic are still supported, though, for
    backward compatibility.

  - The configure option --with-aix-soname has been renamed to
    --enable-aix-soname.  The old name --with-aix-soname is still
    supported, though, for backward compatibility.

  - Fix conflicting warnings about AC_PROG_RANLIB.

  - Document situations where -export-symbols does not work.

  - Update FSF office address with URL in each file's license block.

  - Add checks for aclocal in standalone.at and subproject.at test files
    that report failures in Linux From Scratch and Darwin builds.
   

Enjoy!

25 September, 2024 03:57PM by Ileana Dumitrescu

September 23, 2024

parallel @ Savannah

GNU Parallel 20240922 ('Gold Apollo AR924') released

GNU Parallel 20240922 ('Gold Apollo AR924') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

  Recently executed a flawless live data migration of ~2.4pb using GNU parallel for scale and bash scripts.
    -- @mechanicker@twitter Dhruva

New in this release:

  • --fast disables a lot of functionality to speed up running jobs.
  • Bug fixes and man page updates.

News about GNU Parallel:


GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
    12345678 883c667e 01eed62f 975ad28b 6d50e22a
    $ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
    cc21b4c9 43fd03e9 3ae1ae49 e28573c0
    $ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
    79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
    fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/

Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists

not already there)

  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the
limit.

23 September, 2024 08:49PM by Ole Tange

September 20, 2024

Gary Benson

Too many git branches?

Do you have too many git branches on the go at once? Here is the command to list them in order of last modification:

git for-each-ref --sort=-committerdate refs/heads

20 September, 2024 02:43PM by gbenson

September 10, 2024

unifont @ Savannah

Unifont 16.0.01 Released

10 September 2024

Unifont 16.0.01 is now available.  This is a major release.

From the NEWS file:

  * Updates to synchronize Unifont with Unicode 16.0.0 release.

  * Many new upper-plane Chinese ideographs added.

  * New "make" build dependency on ImageMagick's "convert" program
    to build thumbnail images of the Unicode plane bitmaps.

  * unifont-combining-$(VERSION).txt is now included in the
    distribution set to provide spacing information on all
    combining characters.

  * Many other minor updates; see ChangeLog for details.

Download this release from GNU server mirrors at:

     https://ftpmirror.gnu.org/unifont/unifont-16.0.01/

or if that fails,

     https://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

or, as a last resort,

     ftp://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

These files are also available on the unifoundry.com website:

     https://unifoundry.com/pub/unifont/unifont-16.0.01/

Font files are in the subdirectory

     https://unifoundry.com/pub/unifont/unifont-16.0.01/font-builds/

A more detailed description of font changes is available at

      https://unifoundry.com/unifont/index.html

and of utility program changes at

      https://unifoundry.com/unifont/unifont-utilities.html

Enjoy!


Paul Hardy

10 September, 2024 04:49PM by Paul Hardy

September 08, 2024

stow @ Savannah

GNU Stow 2.4.1 released

Stow 2.4.1 has been released.  This release contains some minor bug-fixes -- specifically, fixing the --dotfiles option to work correctly with ignore lists, allowing options in .stowrc with spaces, and avoiding a spurious warning on Perl >= 5.40.  There were also some clean-ups and improvements, mostly internal and not visible to users.  Read details of what's new: http://git.savannah.gnu.org/cgit/stow.git/tree/NEWS

08 September, 2024 10:26PM by Adam Spiers

September 07, 2024

texinfo @ Savannah

Texinfo 7.1.1 released

We have released version 7.1.1 of Texinfo, the GNU documentation format. This is a minor bug-fix release.

It's available via a mirror (xz is much smaller than gz, but gz is available too just in case):

http://ftpmirror.gnu.org/texinfo/texinfo-7.1.1.tar.xz
http://ftpmirror.gnu.org/texinfo/texinfo-7.1.1.tar.gz

Please send any comments to bug-texinfo@gnu.org.

Full announcement:

https://lists.gnu.org/archive/html/bug-texinfo/2024-09/msg00041.html

07 September, 2024 07:05PM by Gavin D. Smith

September 02, 2024

libffcall @ Savannah

GNU libffcall 2.5 is released

libffcall version 2.5 is released.

New in this release:

  • Added support for the following platforms: (Previously, a build on these platforms failed.)
    • loongarch64: Linux with lp64d ABI.
    • riscv64: Linux with musl libc.
    • hppa: Linux.
    • powerpc: FreeBSD, NetBSD.
    • powerpc64: FreeBSD.
    • powerpc64le: FreeBSD.
    • arm: Android.


  • Fixed support for the following platforms: (Previously, a build on these platforms appeared to succeed but was buggy.)
    • ia64: Linux.
    • arm64: OpenBSD.


  • Simplified the environmental requirements (the library no longer allocates a temporary file in /tmp) on the following platforms:
    • Linux.
    • macOS.
    • FreeBSD 13 and newer.
    • NetBSD 8 and newer.

02 September, 2024 01:35PM by Bruno Haible

August 29, 2024

libtool @ Savannah

libtool-2.5.2 released [beta]

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.2, a beta release.

This beta release was not planned, but additional testing of a recent bugfix
was requested for distros to have the chance to test it with mass-rebuilds.

The details of this bugfix can be found here:
    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71489
The commit for this bugfix can be found here:
    https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=0e1b33332429cd578367bd0ad420c065d5caf0ac

I hope to release the stable in a couple of weeks if testing goes well!

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 9 commits by 4 people in the 35 days since 2.5.1.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Bruno Haible (1)
  Ileana Dumitrescu (6)
  Sergey Poznyakoff (1)
  Tobias Stoeckmann (1)

Ileana
 [on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
  https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.2
or run this command from a git-cloned libtool directory:
  git shortlog v2.5.1..v2.5.2

Here are the compressed sources:
  https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.gz   (1.9MB)
  https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.xz   (1.0MB)

Here are the GPG detached signatures:
  https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.gz.sig
  https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

  e3384dc0099855942f76ef8a97be94edab6f56de  libtool-2.5.2.tar.gz
  KSdftFsjbW/3IKQz+c1fYeovUsw6ouX4m6V3Jr2lR5M=  libtool-2.5.2.tar.gz
  71b7333e80b76510f5dbd14db54d311d577bb716  libtool-2.5.2.tar.xz
  e2C09MNk6HhRMNNKmP8Hv6mmFywgxdtwirScaRPkgmM=  libtool-2.5.2.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify libtool-2.5.2.tar.gz.sig

The signature should match the fingerprint of the following key:

  pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22  B99F 6570 EA01 146F 7354
  uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
  uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key ileanadumi95@protonmail.com

  gpg --recv-keys 6570EA01146F7354

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

  wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
  gpg --keyring gnu-keyring.gpg --verify libtool-2.5.2.tar.gz.sig

This release was bootstrapped with the following tools:
  Autoconf 2.72e
  Automake 1.17
  Gnulib v1.0-563-gd3efdd55f3

NEWS

  • Noteworthy changes in release 2.5.2 (2024-08-29) [beta]


** Bug fixes:

  - Use shared objects built in source tree instead of the installed
    versions for more reliable testing.

  - Fix test in bug_62343.at for confirmed Cygwin/Mingw32 where the
    incorrect architecture version of a compiler was generating
    object files that could not be linked with a library file.

  - Fix typos found with codespell.

** Changes in supported systems or compilers:

  - Add support for 32-bit mode on FreeBSD/powerpc64.


Enjoy!

29 August, 2024 03:11PM by Ileana Dumitrescu

GNU MediaGoblin

MediaGoblin 0.14.0

We're pleased to announce the release of GNU MediaGoblin 0.14.0. See the release notes for full details and upgrading instructions.

Highlights of this release are:

  • Preliminary support for Docker installation
  • Preliminary support for OS packaging on GNU Guix
  • Major configure/build overhaul
  • Extended configuration documentation

This version has been tested on Debian Bookworm (12), Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04 and Fedora 39.

Thanks go to co-maintainer Olivier Mehani for his major contributions in this release!

To join us and help improve MediaGoblin, please visit our getting involved page.

29 August, 2024 05:00AM by Ben Sturmfels

August 28, 2024

GNU Taler news

GNU Taler 0.13 released

We are happy to announce the release of GNU Taler v0.13.

28 August, 2024 10:00PM

GNUnet News

GNUnet 0.22.0

GNUnet 0.22.0 released

We are pleased to announce the release of GNUnet 0.22.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. It breaks protocol compatibility with the 0.21.x versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.21.x GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.22.0 release is still only suitable for early adopters with some reasonable pain tolerance .

Download links

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log , the NEWS and the bug tracker . Noteworthy highlights are

  • transport :
    • A new experimental HTTP/3 communicator for peer-to-peer transport communicator.
    • New experimental NAT traversal functionality.
  • util :
  • hostlist : The bootstrap URL is changed to https://bootstrap.gnunet.org/v22 and https://bootstrap.gnunet.org/latest for the release and development version (git head), respectively.
  • gnunet-hello : A new CLI to import/export connectivity information (HELLOs) of peers manually.
  • namestore : Significant zone import performance improvements in preparation for DNS TLD mirror deployments (.se, .nu, etc) .
  • messenger :
    • Implementation of discourse subscriptions for live data streaming in chat rooms.
    • New functionality in CLI for the Messenger service to stream data via standard input and output.
  • Build System :
    • Build variant to build a monolithic GNUnet library.
    • Cross compile the monolithic library for use on Android devices. An Android prototype can be found in this repository.

Known Issues

  • There are known major design issues in the CORE subsystems which will need to be addressed in the future to achieve acceptable usability, performance and security.
  • There are known moderate implementation limitations in CADET that negatively impact performance.
  • There are known moderate design issues in FS that also impact usability and performance.
  • There are minor implementation limitations in SET that create unnecessary attack surface for availability.
  • The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, t3sserakt, TheJackiMonster, Pedram Fardzadeh, Shichao, fence, dvn, nullptrderef and Martin Schanzenbach.

libgnunetchat 0.5.1 released

Additionally there's a minor release of libgnunetchat 0.5.1 which fixes multiple issues to improve overall reliability.

Download links

Noteworthy changes in 0.5.1

  • Fixes discourses stalling application on exit of its process.
  • Fixes comparison of egos for proper account management.
  • Implements automatic Github workflow for builds and testing.
  • Fixes destruction of contacts and lobbies.
  • Adjust internal message handling.
  • Adjust all test cases to run independent of each other.
  • Add test case for group opening and leaving.

A detailed list of changes can be found in the ChangeLog .

Messenger-GTK 0.10.1

Utilizing latest changes in GNUnet and libgnunetchat, there's a new release of the messenger application bringing live chats which allow streaming your own voice or video with other contacts. This release requires libgnunetchat 0.5.1.

Download links

Noteworthy changes in 0.10.1

  • Discourses have been added for live voice and video chats with other contacts.
  • Capturing a specific application or a whole monitor can be selected as video source in a live chat.

Keep in mind the application is still in development. So there may still be major bugs keeping you from getting a reliable connection. But if you encounter such issue, feel free to consult our bug tracker at bugs.gnunet.org .

28 August, 2024 10:00PM

screen @ Savannah

GNU Screen v.5.0.0 is released

Screen is a full-screen window manager that multiplexes a physical
terminal between several processes, typically interactive shells.

The 5.0.0 release includes the following changes to the previous
release 4.9.1:

  • Rewritten authentication mechanism
  • Add escape %T to show current tty for window
  • Add escape %O to show number of currently open windows
  • Use wcwdith() instead of UTF-8 hard-coded tables
  • New commands:

  - auth [on|off]
    Provides password protection
  - status [top|up|down|bottom] [left|right]
    The status window by default is in bottom-left corner.
    This command can move status messages to any corner of the screen.
  - truecolor [on|off]
  - multiinput
    Input to multiple windows at the same time

  • Removed commands:

  - time
  - debug
  - password
  - maxwin
  - nethack

  • Fixes:

  - Screen buffers ESC keypresses indefinitely
  - Crashes after passing through a zmodem transfer
  - Fix double -U issue

Release is available for download:
https://ftp.gnu.org/gnu/screen/

Please report any bugs or regressions.
Thanks to everyone who contributed to this release.

Cheers,
Alex

28 August, 2024 09:41PM by Alexander Naumov

August 27, 2024

FSF News

Thank you Odile Bénassy for four years of service on the FSF Board of Directors!

BOSTON (August 27, 2024) -- Free Software Foundation (FSF) Board Member Odile Bénassy has stepped down from the Board after four years of service.

27 August, 2024 06:05PM

August 24, 2024

GNUnet News

GSoC Work Product: GNUnet over HTTP3

GSoC Work Product: GNUnet over HTTP/3

Goals of the Project.

This project aimed to implement a new communicator for GNUnet's Transport Next Generation (TNG) using the HTTP/3 protocol.

What I did.

We chose ngtcp2 and nghttp3 for their stability and adherence to RFC standards. I began by studying communicator fundamentals and analyzing relevant code examples. I then created a QUIC communicator using libngtcp2, implementing essential communication features. Building on this, I integrated libnghttp3 to support HTTP/3 layer communication. After establishing basic uni-directional communication, I proceeded to implement bi-directional capabilities. With the help and guidance of my mentors, I completed the above work, including the selection and design of message transmission methods and the implementation of code.

The current state.

We have two branches, dev/shichao/http3 for basic communication and dev/shichao/http3bidirect for bi-directional communication. They can pass the basic tests. However, we found that there were occasional failures during the test. We currently assume that this is caused by the test harness not being able to process the received data packets in time.

What's left to do.

There are still many areas that can be improved in the HTTP/3 communicator, such as using CID map instead of IP address map. In addition, in bi-directional communication, the server's sending rate is slightly lower than the client's transmission rate, and this will be optimized in the future. Finally, integrating the Peer Identity into the TLS handshake in order to authenticate the peers is a natural feature to implement.

What code got merged (or not) upstream.

All the code is available upstream in the master branch and will be available with the next release.

Challenges I Encountered.

Initially, I was unfamiliar with the ngtcp2 and nghttp3 libraries. While there were some examples available, I found limited guidance for more advanced usage. Through careful study and experimentation, I gradually gained a deeper understanding of these libraries. But in this process, I have a deeper understanding of QUIC and HTTP/3 protocols, and also improved my coding skills.

24 August, 2024 10:00PM