1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of April 28th, 2003. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo News |
9 |
============== |
10 |
|
11 |
Summary |
12 |
------- |
13 |
|
14 |
* Proposed changes to how ebuilds are managed |
15 |
* Mailing list changes |
16 |
* Early addition of tcl/tk |
17 |
|
18 |
Proposed changes to how ebuilds are managed |
19 |
------------------------------------------- |
20 |
|
21 |
The explosive growth of Gentoo Linux has brought on its share of growing |
22 |
pains, one of which is the fact that Gentoo Linux now has over 4000 |
23 |
packages in the Portage tree, with under 100 active developers to maintain |
24 |
them all. With a ratio of 40 packages per developer, its no surprise that |
25 |
some applications have fallen behind their most current versions. |
26 |
|
27 |
In an effort to remedy at least part of this problem, Gentoo developer Dan |
28 |
Armak recently summarized and RFC'd a proposal for reorganizing how Gentoo |
29 |
Linux manages and maintains ebuilds within the Portage tree. The new |
30 |
proposal has four key features: |
31 |
|
32 |
* All ebuilds should, if at all possible, have at least one maintainer |
33 |
assigned to them. Major ebuilds, such as KDE, GNOME and XFree86 might have |
34 |
two or three developers assigned to them. Realistically, only those |
35 |
ebuilds which are complicated or otherwise unusual are likely to have |
36 |
their own maintainers. |
37 |
* For the ebuilds that cannot have their own maintainer and are not |
38 |
complicated enough to require one, they will be organized into thematic |
39 |
groups. So, there might be a "sound" category and a "video" category. Each |
40 |
themed group will have one or more maintainers assigned to it who are |
41 |
responsible for watching for newer upstream versions and bumping those |
42 |
ebuilds in the testing branch of Portage. |
43 |
* These thematic groups are not intended to replace or even necessarily |
44 |
align with Portage categories. Portage categories are a user-side |
45 |
convenience designed to make organizing packages easier. Themed groups of |
46 |
maintainers are a developer-side convenience, designed to ensure complete |
47 |
coverage of the Portage tree. |
48 |
* Finally, if an ebuild is deemed to be complicated enough to need a |
49 |
dedicated maintainer, it will be listed as "unmaintained" and in need of a |
50 |
new owner. If it is not picked up within a pre-determined amount of time, |
51 |
it will be masked and later dropped from Portage. For those people |
52 |
familiar with Debian Linux, this is similar to the method they use for |
53 |
their package maintenance. |
54 |
|
55 |
Currently, this solution is in the draft stage and is subject to revision |
56 |
or even complete abandonment if a better solution comes along. |
57 |
|
58 |
Mailing list changes |
59 |
-------------------- |
60 |
|
61 |
Many of the Gentoo Linux mailing lists have been abuzz this week regarding |
62 |
developer communication, the openness of the private gentoo-core list and |
63 |
other issues related to keeping users appraised of the future of Gentoo |
64 |
Linux. In an effort to address these issues, the following changes will be |
65 |
made: |
66 |
|
67 |
* All communication related to development issues will be kept on |
68 |
gentoo-dev. Previously, because of the signal to noise ratio on dev, many |
69 |
developers chose gentoo-core to discuss development issues. As a result of |
70 |
this, users posting support-related quesitons or other non-development |
71 |
related issues to gentoo-dev may be politely asked to instead post their |
72 |
questions to gentoo-user. |
73 |
* gentoo-core will continue to be a private list, but relevant issues |
74 |
from it will be summarized here in the GWN. (Actually, this has always |
75 |
been the case since the GWN was first published. We've just never |
76 |
explicitly explained that) |
77 |
* Depending on how successfuly the efforts are to improve the signal to |
78 |
noise ratio on gentoo-dev, a third list may be created which would be |
79 |
restricted to posting by Gentoo Linux developers only, but read-only to |
80 |
anyone who wishes to subscribe. |
81 |
|
82 |
Users can help this effort by ensuring that each list is used for its |
83 |
proper purpose. gentoo-user is for support-related questions and general |
84 |
discussion about Gentoo Linux. gentoo-dev is for discussions related to |
85 |
the development of Gentoo Linux. |
86 |
|
87 |
Early addition of tcl/tk |
88 |
------------------------ |
89 |
|
90 |
Earlier this week, tcl-8.4.2 was added to the testing tree ahead of |
91 |
schedule and before the supporting scripts to help users migrate from |
92 |
previous versions of tcl were in place. tcl-8.4.2 requires all |
93 |
applications using tcl to be recompiled before they will function with the |
94 |
new version. The development team is working on a migration strategy to |
95 |
help users migrate from previous versions. In the meantime, anyone using |
96 |
ACCEPT_KEYWORDS="~<arch>" should be aware of the recompilation |
97 |
requirements. |
98 |
|
99 |
================== |
100 |
2. Gentoo Security |
101 |
================== |
102 |
|
103 |
Summary |
104 |
------- |
105 |
|
106 |
* GLSA: snort |
107 |
* New Security Bug Reports |
108 |
|
109 |
GLSA: snort |
110 |
----------- |
111 |
|
112 |
The snort intrusion detection package has been found to contain an integer |
113 |
overflow vulnerability that could permit a DoS attack on a vulnerable |
114 |
computer. It is theoretically possible to exploit the overflow to run |
115 |
arbitrary code as the snort user, typically root. This compromise may be |
116 |
corrected by disabling the stream4 preprocessor in snort.conf. Doing so |
117 |
reduces the utility of snort. |
118 |
|
119 |
* Severity: High - Potential remote root compromise, with published |
120 |
defence. |
121 |
* Packages Affected: net-analyzer/snort versions prior to snort-2.0.0 |
122 |
* Rectification: Synchronize and emerge snort, emerge clean. |
123 |
* GLSA Announcement[1] |
124 |
* Advisory[2] |
125 |
|
126 |
1. http://forums.gentoo.org/viewtopic.php?t=49268 |
127 |
2. http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 |
128 |
|
129 |
New Security Bug Reports |
130 |
------------------------ |
131 |
|
132 |
The following new security bugs were posted this week: |
133 |
|
134 |
* net-www/monkeyd[3] |
135 |
* x11-plugins/gkrellm-newsticker[4] |
136 |
|
137 |
3. http://bugs.gentoo.org/show_bug.cgi?id=19915 |
138 |
4. http://bugs.gentoo.org/show_bug.cgi?id=19916 |
139 |
|
140 |
================================= |
141 |
3. Featured Developer of the Week |
142 |
================================= |
143 |
|
144 |
George Shapovalov |
145 |
|
146 |
This week's featured developer, George Shapovalov[5], is the caretaker of |
147 |
app-sci and "alternative" parts of dev-lang (mostly Pascal-esque and |
148 |
functional languages like Caml[6] and Haskell[7]) and the coordinator of |
149 |
the Russian Gentoo community, and also spends a lot of time tackling |
150 |
organizational and design-related issues, his most notable contribution |
151 |
being the "distributed ebuild processing system" he proposed. Posted as |
152 |
Bug #1523[8], it was a proposed method to ease the load on the core |
153 |
developers' shoulders by delegating ebuild review to users. George |
154 |
submitted this suggestion after he had used Gentoo for a while and had |
155 |
submitted several ebuilds; apparently it caused quite a bit of debate in |
156 |
gentoo-core, and resulted in an invitation to the Gentoo team. While the |
157 |
proposal hasn't been implemented completely, parts of it have been, and |
158 |
George feels that Portage is slowly moving closer to what he suggested. On |
159 |
the Russian front, George coordinates the translation of documentation and |
160 |
the GWN (Russian version coming soon to a browser near you), as well as |
161 |
the community at www.gentoo.ru, comprising forums, a mailing list, and, |
162 |
soon to come, social activities. |
163 |
|
164 |
5. george@g.o |
165 |
6. http://caml.inria.fr/ |
166 |
7. http://www.haskell.org/ |
167 |
8. http://bugs.gentoo.org/show_bug.cgi?id=1523 |
168 |
|
169 |
Trading nice features for tightness, George runs KDE apps like konqueror |
170 |
and kmail for day-to-day stuff under Fluxbox. The other apps he uses are |
171 |
quite standard, although being in charge of app-sci he ends up playing |
172 |
with quite a few fun and special apps. His workspace, an IBM Thinkpad A21m |
173 |
(P3 800, 512MB RAM, 20GB HD) follows him around everywhere; he also has |
174 |
two boxen at home, one serving as a workstation for his wife, the other |
175 |
serving files and routing. When not busy helping shape the future of |
176 |
Portage or translating documents, George can be found doing graduate work |
177 |
in biophysics at Caltech in Pasadena, CA, spending time with his family, |
178 |
or on the occasional mountain climbing or biking trip. He'll be graduating |
179 |
soon, and is thinking of going to Europe, quite possibly Germany. |
180 |
|
181 |
========================= |
182 |
4. Heard In The Community |
183 |
========================= |
184 |
|
185 |
Web Forums |
186 |
---------- |
187 |
|
188 |
Two New Moderators |
189 |
|
190 |
The Gentoo Forums continue to grow at their own mind-boggling pace, and at |
191 |
times some reenforcement of the happy lot that assumes responsibility for |
192 |
moderation is necessary. Last week, bsolar and andrd joined the group of |
193 |
moderators offering some guidance in polite speech to the occasional |
194 |
hothead, redirecting posts to appropriate context, deleting duplicate |
195 |
threads and the rare occurrences of spam posts: |
196 |
|
197 |
* New moderators andrd and bsolar[9] |
198 |
|
199 |
9. http://forums.gentoo.org/viewtopic.php?t=49074 |
200 |
|
201 |
Everything You Always Wanted to Know About Framebuffers, Boot- And Other |
202 |
Splashes |
203 |
|
204 |
Cleanliness and a well-presented desktop have always been in good standing |
205 |
with Gentoo users, at least as far as the Forum dwellers are concerned. |
206 |
Now Narada[10] has shown admirable consideration for his fellow desktop |
207 |
Gentooists, by providing a very concise manual for all those who haven't |
208 |
quite come to terms with framebuffers and other graphic tricks: |
209 |
|
210 |
* The Gentoo Framebuffer, Bootsplash & Grubsplash How-To[11] |
211 |
|
212 |
10. http://forums.gentoo.org/profile.php?mode=viewprofile&u=10944 |
213 |
11. http://forums.gentoo.org/viewtopic.php?t=49036 |
214 |
|
215 |
gentoo-user |
216 |
----------- |
217 |
|
218 |
Public Key Signing |
219 |
|
220 |
A hot topic in the gentoo-user list was that of PGP keys, encryption and |
221 |
secure communications in general. Lots of good information popped up in |
222 |
the thread. Notably, the Reverand Jeffrey Paul preached[12] the dangers of |
223 |
ignorance in cryptography and recommended this PDF[13] as required |
224 |
reading. In summary of the thread, due to the nature of the communities |
225 |
trust in its members, it should not be easy to get your key signed by just |
226 |
anybody. There are pay services offering "Digital IDs", however that's |
227 |
beside the point. A good place to get connected is at your local LUG |
228 |
(Linux User Group), or better yet, at the next Gentoo gathering. |
229 |
|
230 |
* Public Key Signing[14] |
231 |
|
232 |
12. http://article.gmane.org/gmane.linux.gentoo.user/30462 |
233 |
13. ftp://ftp.pgpi.org/pub/pgp/7.0/docs/english/IntroToCrypto.pdf |
234 |
14. |
235 |
http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.user&root=%3C2 |
236 |
00304202123.35045.tawesley%40yahoo.com%3E |
237 |
|
238 |
Upgrading Gentoo RCs (release canidates) |
239 |
|
240 |
This week it was Joel Palimus asking the question, ".. is there then any |
241 |
reason to install a later release candidate or final release?". Not |
242 |
surprisingly, the -user community responded with a unanimous 'no'. Once |
243 |
you have a base system installed and working, it is brought completely up |
244 |
to date through a series of emerge 'syncs' and 'update worlds'. It was |
245 |
stated, however, that the move from Gentoo 1.2 to 1.4 was a little more |
246 |
rocky. The upgrade required recompiling the whole system with a 'emerge -e |
247 |
world' due to the compiler changing from gcc 2.95 to gcc 3.2. Once |
248 |
gcc-config[15] was released, however, it allowed gcc 2.95.3-r8 and gcc 3.x |
249 |
compilers to co-exist peacefully, making the upgrade even easier. Janne |
250 |
Johansson provided an excellent explanation[16] sourced from the gcc |
251 |
website. And yes, you can rest safely knowing the GWN team will announce |
252 |
any special circumstances in the future. |
253 |
|
254 |
* Question about Release Canidates[17] |
255 |
|
256 |
15. http://www.gentoo.org/dyn/pkgs/sys-devel/gcc-config.xml |
257 |
16. http://article.gmane.org/gmane.linux.gentoo.user/30284 |
258 |
17. |
259 |
http://news.gmane.org/onethread.php?group=gmane.linux.gentoo.user&root=%3C5 |
260 |
2085.192.168.1.70.1050771344.squirrel%40gentoo.lan%3E |
261 |
|
262 |
gentoo-dev |
263 |
---------- |
264 |
|
265 |
Several Portage Trees |
266 |
|
267 |
Francisco Gimeno started[18] a big thread with his "I was wondering about |
268 |
having several portage trees to allow external distributor having |
269 |
repositories of packages." He received several comments from Foser[19] and |
270 |
Method[20], along with other Gentoo developers, regarding the problems |
271 |
that may arise if such a thing was allowed. Of chief concern is how to |
272 |
properly track dependencies and cache metadata across multiple trees. |
273 |
|
274 |
18. http://article.gmane.org/gmane.linux.gentoo.devel/8130 |
275 |
19. http://article.gmane.org/gmane.linux.gentoo.devel/8137 |
276 |
20. http://article.gmane.org/gmane.linux.gentoo.devel/8152 |
277 |
|
278 |
Initscripts written in Python |
279 |
|
280 |
An interesting proposal was brought on, about writing the Gentoo init |
281 |
scripts in python. To form a consistency with portage. Read about[21] the |
282 |
pros and cons. |
283 |
|
284 |
21. http://article.gmane.org/gmane.linux.gentoo.devel/7908 |
285 |
|
286 |
Ebuild naming policy |
287 |
|
288 |
Is there one? And if so which one? Here is the full discussion[22] as to |
289 |
how do names come to the Portage tree. Reading the Gentoo Linux Developers |
290 |
HOWTO[23] might come in handy too! |
291 |
|
292 |
22. http://article.gmane.org/gmane.linux.gentoo.devel/7898 |
293 |
23. http://www.gentoo.org/doc/en/gentoo-howto.xml |
294 |
|
295 |
======================= |
296 |
5. Gentoo International |
297 |
======================= |
298 |
|
299 |
The Gentoo Weekly Newsletter is pleased to announce the creation of a |
300 |
Turkish version of the GWN. For our Turkish users, you can now enjoy the |
301 |
GWN in your native toungue. |
302 |
|
303 |
Interested in translating the GWN into a different language? As you can |
304 |
see from each issue that comes out, translating the GWN is a fair amount |
305 |
of work. As such, we prefer to have teams of at least 2-3 people per |
306 |
language, rather than having just one person per language. This helps to |
307 |
distribute the load and also ensures that vacations, illnesses and family |
308 |
emergencies don't disrupt our publishing schedule. If you'd like to help |
309 |
translate the GWN, please send an email to gwn-feedback@g.o. |
310 |
|
311 |
================ |
312 |
6. Portage Watch |
313 |
================ |
314 |
|
315 |
The following stable packages were added to portage this week |
316 |
------------------------------------------------------------- |
317 |
|
318 |
|
319 |
* app-games/orbital-eunuchs-sniper: Snipe terrorists from your orbital |
320 |
base http://icculus.org/oes |
321 |
* dev-python/quixote: Python HTML templating framework for developing web |
322 |
applications. http://www.mems-exchange.org/software/quixote/ |
323 |
* media-video/mtxdrivers: Drviers for the Matrox Parhelia card. |
324 |
http://www.matrox.com/mga/products/parhelia/home.cfm |
325 |
* net-www/davfs2: a Linux file system driver that allows you to mount a |
326 |
WebDAV server as a local disk drive. Davfs2 uses Coda for kernel driver |
327 |
and neon for WebDAV interface. http://dav.sourceforge.net |
328 |
* sys-apps/selinux-base-policy: Gentoo base policy for SELinux |
329 |
http://www.gentoo.org |
330 |
* x11-plugins/asbutton: A simple dockable application launcher for use in |
331 |
AfterStep. http://www.tigr.net |
332 |
* x11-themes/gaim-smileys: Snapshot of Available Gaim Smiley Themes |
333 |
http://gaim.sourceforge.net/themes.php |
334 |
|
335 |
Updates to notable packages |
336 |
--------------------------- |
337 |
|
338 |
* x11-wm/fluxbox: fluxbox-0.9.0.ebuild; |
339 |
* sys-kernel/*: ac-sources-2.4.21_pre7-r1.ebuild; |
340 |
ac-sources-2.4.21_rc1-r1.ebuild; ck-sources-2.4.20-r6.ebuild; |
341 |
development-sources-2.5.68.ebuild; gaming-sources-2.4.20-r2.ebuild; |
342 |
genkernel-1.0.ebuild; gentoo-sources-2.4.20-r3.ebuild; |
343 |
gs-sources-2.4.21_pre7-r1.ebuild; gs-sources-2.4.21_rc1.ebuild; |
344 |
hardened-sources-2.4.20-r2.ebuild; mm-sources-2.5.67-r2.ebuild; |
345 |
mm-sources-2.5.67-r3.ebuild; mm-sources-2.5.67-r4.ebuild; |
346 |
mm-sources-2.5.68-r1.ebuild; openmosix-sources-2.4.20-r3.ebuild; |
347 |
pfeifer-sources-2.4.20.1_pre7.ebuild; selinux-sources-2.4.20-r4.ebuild; |
348 |
xfs-sources-2.4.20-r3.ebuild; |
349 |
* dev-php/php: php-4.3.1-r2.ebuild; |
350 |
* app-admin/gentoolkit: gentoolkit-0.1.19-r4.ebuild; |
351 |
gentoolkit-0.1.19-r5.ebuild; |
352 |
|
353 |
New USE variables |
354 |
----------------- |
355 |
|
356 |
* ladcca: Adds Linux Audio Developer's Configuration and Connection API |
357 |
support (LADCCA) |
358 |
* nhc98: Use the nhc98 Haskell compiler instead of GHC if the package |
359 |
supports it |
360 |
* prebuilt: Flag to enable or disable options for prebuilt (GRP) packages |
361 |
(eg. due to licensing issues) |
362 |
* xinerama: Add support for XFree86's xinerama extension, which allows |
363 |
you to stretch your display across multiple monitors |
364 |
|
365 |
=========== |
366 |
7. Bugzilla |
367 |
=========== |
368 |
|
369 |
Summary |
370 |
------- |
371 |
|
372 |
* Statistics |
373 |
* Closed Bug Ranking |
374 |
* New Bug Rankings |
375 |
|
376 |
Statistics |
377 |
---------- |
378 |
|
379 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[24]) to record and |
380 |
track bugs, notifications, suggestions and other interactions with the |
381 |
development team. In the last 7 days, activity on the site has resulted |
382 |
in: |
383 |
|
384 |
24. http://bugs.gentoo.org |
385 |
|
386 |
* 241 new bugs this week |
387 |
* 443 bugs closed or resolved this week |
388 |
* 8 previously closed bugs were reopened this week. |
389 |
* 2495 total bugs currently marked 'new' |
390 |
* 398 total bugs currently assigned to developers |
391 |
|
392 |
There are currently 2952 bugs open in bugzilla. Of these: 49 are labeled |
393 |
'blocker', 111 are labeled 'critical', and 236 are labeled 'major'. |
394 |
|
395 |
Closed Bug Rankings |
396 |
------------------- |
397 |
|
398 |
The developers and teams who have closed the most bugs this week are: |
399 |
|
400 |
* Daniel Robbins[25], with 23 closed bugs[26] |
401 |
* The KDE Team[27], with 19 closed bugs[28] |
402 |
* Seth Chandler[29], with 16 closed bugs[30] |
403 |
* The Gnome Team[31], with 14 closed bugs[32] |
404 |
|
405 |
25. drobbins@g.o |
406 |
26. |
407 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
408 |
field=bug_status&chfieldfrom=2003-04-19&chfieldto=Now&resolution=FIXED&assi |
409 |
gned_to=drobbins%40gentoo.org |
410 |
27. kde@g.o |
411 |
28. |
412 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
413 |
field=bug_status&chfieldfrom=2003-04-19&chfieldto=Now&resolution=FIXED&assi |
414 |
gned_to=kde%40gentoo.org |
415 |
29. sethbc@g.o |
416 |
30. |
417 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
418 |
field=bug_status&chfieldfrom=2003-04-19&chfieldto=Now&resolution=FIXED&assi |
419 |
gned_to=sethbc%40gentoo.org |
420 |
31. gnome@g.o |
421 |
32. |
422 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
423 |
field=bug_status&chfieldfrom=2003-04-19&chfieldto=Now&resolution=FIXED&assi |
424 |
gned_to=gnome%40gentoo.org |
425 |
|
426 |
New Bug Rankings |
427 |
---------------- |
428 |
|
429 |
The developers and teams who have been assigned the most new bugs this |
430 |
week are: |
431 |
|
432 |
* The X-Free Team[33], with 33 new bugs[34] |
433 |
* Martin Schlemmer[35], with 17 new bugs[36] |
434 |
* Seth Chandler[37], with 13 new bugs[38] |
435 |
* Nicholas Jones[39], with 11 new bugs[40] |
436 |
|
437 |
33. xfree@g.o |
438 |
34. |
439 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
440 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-04-19&chfieldto=Now&=&a |
441 |
ssigned_to=xfree%40gentoo.org |
442 |
35. azarah@g.o |
443 |
36. |
444 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
445 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-04-19&chfieldto=Now&=&a |
446 |
ssigned_to=azarah%40gentoo.org |
447 |
37. sethbc@g.o |
448 |
38. |
449 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
450 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-04-19&chfieldto=Now&=&a |
451 |
ssigned_to=sethbc%40gentoo.org |
452 |
39. carpaski@g.o |
453 |
40. |
454 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
455 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-04-19&chfieldto=Now&=&a |
456 |
ssigned_to=carpaski%40gentoo.org |
457 |
|
458 |
================== |
459 |
8. Tips and Tricks |
460 |
================== |
461 |
|
462 |
Privilege Separation in Portage |
463 |
|
464 |
One nice feature of Portage is that it can drop privileges and compile as a |
465 |
less privileged user. It can also sandbox most phases of the installation. |
466 |
This week's tip shows you how to enable these features of Portage to increase |
467 |
the security of your system. While some later versions of Portage install |
468 |
this user and group automatically, many users may find that they need to make |
469 |
these changes manually. |
470 |
|
471 |
The first step is to create the portage user and group accounts. Portage |
472 |
will use these accounts when running its processes. |
473 |
|
474 |
--------------------------------------------------------------------------- |
475 |
| Code Listing 8.1: | |
476 |
| Adding the portage user and groups | |
477 |
--------------------------------------------------------------------------- |
478 |
| | |
479 |
|# groupadd -g 250 portage | |
480 |
|# useradd -u 250 -g 250 -s /bin/false portage | |
481 |
| | |
482 |
--------------------------------------------------------------------------- |
483 |
|
484 |
The next step is to fix the ownership on the areas portage will need |
485 |
access to. By default, these directories are /usr/portage, |
486 |
/var/tmp/portage. |
487 |
|
488 |
--------------------------------------------------------------------------- |
489 |
| Code Listing 8.2: | |
490 |
| Fixing ownership on Portage directories | |
491 |
--------------------------------------------------------------------------- |
492 |
| | |
493 |
|# chown -R portage:portage /usr/portage | |
494 |
|# chown -R portage:portage /var/tmp/portage | |
495 |
| | |
496 |
--------------------------------------------------------------------------- |
497 |
|
498 |
If you've specified different locations in /etc/make.conf, you will need |
499 |
to ensure that portage has the proper ownership on PORTAGE_TMPDIR, |
500 |
PORTDIR, DISTDIR, PKGDIR, PORT_LOGDIR, and PORTDIR_OVERLAY. |
501 |
After the ownership has been set properly, you need to enable the features |
502 |
for privilege separate in /etc/make.conf. To do this, you need to edit the |
503 |
FEATURES line. |
504 |
|
505 |
--------------------------------------------------------------------------- |
506 |
| Code Listing 8.3: | |
507 |
| /etc/make.conf FEATURES | |
508 |
--------------------------------------------------------------------------- |
509 |
| | |
510 |
|FEATURES should look something like the following | |
511 |
|FEATURES="sandbox userpriv usersandbox" | |
512 |
| | |
513 |
--------------------------------------------------------------------------- |
514 |
|
515 |
Portage is now set up to drop root privileges and build packages under the |
516 |
portage user account. To test it, use the command top. When you have top |
517 |
open, type u to display processes for a specific user, and type portage at |
518 |
the prompt to display processes for portage. Now emerge something, and |
519 |
watch as the portage user shows up as the owner of all the commands. |
520 |
|
521 |
========================== |
522 |
9. Moves, Adds and Changes |
523 |
========================== |
524 |
|
525 |
Moves |
526 |
----- |
527 |
|
528 |
The following developers recently left the Gentoo team: |
529 |
|
530 |
* none this week |
531 |
|
532 |
Adds |
533 |
---- |
534 |
|
535 |
The following developers recently joined the Gentoo Linux team: |
536 |
|
537 |
* Tavis Ormandy (taviso) -- Gentoo Linux/Alpha |
538 |
* Todd Berman (tberman) -- sendmail, java |
539 |
* Michael Sterrett (msterrett) -- miscellaneous |
540 |
* Michael Fitzpatrick (leachim) -- xfree |
541 |
* Fred Van Andel (fava) -- ufed |
542 |
* Chuck Brewer (killian) -- net-dialup |
543 |
* Thomas Schutz (murray_b) -- bug-wranglers |
544 |
* Caleb Tennis (caleb) -- kde |
545 |
* Tal Peer (coredumb) -- php |
546 |
* Bip Thelin (bip) -- php, tomcat |
547 |
* Paul de Vrieze (pauldv) -- kde |
548 |
|
549 |
Changes |
550 |
------- |
551 |
|
552 |
The following developers recently changed roles within the Gentoo Linux |
553 |
project. |
554 |
|
555 |
* none this week |
556 |
|
557 |
===================== |
558 |
10. Contribute to GWN |
559 |
===================== |
560 |
|
561 |
Interested in contributing to the Gentoo Weekly Newsletter? Send us an |
562 |
email[41]. |
563 |
|
564 |
41. gwn-feedback@g.o |
565 |
|
566 |
================ |
567 |
11. GWN Feedback |
568 |
================ |
569 |
|
570 |
Please send us your feedback[42] and help make GWN better. |
571 |
|
572 |
42. gwn-feedback@g.o |
573 |
|
574 |
================================ |
575 |
12. GWN Subscription Information |
576 |
================================ |
577 |
|
578 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
579 |
gentoo-gwn-subscribe@g.o. |
580 |
|
581 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
582 |
gentoo-gwn-unsubscribe@g.o from the email address you are |
583 |
subscribed under. |
584 |
|
585 |
=================== |
586 |
13. Other Languages |
587 |
=================== |
588 |
|
589 |
The Gentoo Weekly Newsletter is also available in the following languages: |
590 |
|
591 |
* Dutch[43] |
592 |
* English[44] |
593 |
* German[45] |
594 |
* French[46] |
595 |
* Japanese[47] |
596 |
* Italian[48] |
597 |
* Portuguese (Brazil)[49] |
598 |
* Portuguese (Portugal)[50] |
599 |
* Spanish[51] |
600 |
* Turkish[52] |
601 |
|
602 |
43. http://www.gentoo.org/news/be/gwn/gwn.xml |
603 |
44. http://www.gentoo.org/news/en/gwn/gwn.xml |
604 |
45. http://www.gentoo.org/news/de/gwn/gwn.xml |
605 |
46. http://www.gentoo.org/news/fr/gwn/gwn.xml |
606 |
47. http://www.gentoo.org/news/ja/gwn/gwn.xml |
607 |
48. http://www.gentoo.org/news/it/gwn/gwn.xml |
608 |
49. http://www.gentoo.org/news/br/gwn/gwn.xml |
609 |
50. http://www.gentoo.org/news/pt/gwn/gwn.xml |
610 |
51. http://www.gentoo.org/news/es/gwn/gwn.xml |
611 |
52. http://www.gentoo.org/news/tr/gwn/gwn.xml |
612 |
|
613 |
|
614 |
Kurt Lieber <klieber@g.o> - Editor |
615 |
AJ Armstrong <aja@×××××××××××××.com> - Contributor |
616 |
Brice Burgess <nesta@×××××××.net> - Contributor |
617 |
Yuji Carlos Kosugi <carlos@g.o> - Contributor |
618 |
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor |
619 |
David Narayan <david@×××××××.net> - Contributor |
620 |
Ulrich Plate <plate@g.o> - Contributor |
621 |
Peter Sharp <mail@××××××××××××××.net> - Contributor |
622 |
Kim Tingkaer <kim@×××××××.dk> - Contributor |
623 |
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation |
624 |
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation |
625 |
Peter Dijkstra <phj.dijkstra@××××.nl> - Dutch Translation |
626 |
Bernard Bernieke <bernieke@××××××××.com> - Dutch Translation |
627 |
Vincent Verleye <zu@×××××××.be> - Dutch Translation |
628 |
Jochen Maes <linux@××××.be> - Dutch Translation |
629 |
Ben De Groot <yngwin@××××××.nl> - Dutch Translation |
630 |
Jelmer Jaarsma <j.jaarsma@××××××××××××××××××.nl> - Dutch Translation |
631 |
Matthieu Montaudouin <mat@××××××××.com> - French Translation |
632 |
Martin Prieto <riverdale@×××××××××.org> - French Translation |
633 |
Michael Kohl <citizen428@g.o> - German Translation |
634 |
Steffen Lassahn <madeagle@g.o> - German Translation |
635 |
Matthias F. Brandstetter <haim@g.o> - German Translation |
636 |
Thomas Raschbacher <lordvan@g.o> - German Translation |
637 |
Klaus-J. Wolf <yanestra@g.o> - German Translation |
638 |
Marco Mascherpa <mush@××××××.net> - Italian Translation |
639 |
Claudio Merloni <paper@×××××××.it> - Italian Translation |
640 |
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation |
641 |
Daniel Ketel <kage-chan@g.o> - Japanese Translation |
642 |
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation |
643 |
Andy Hunne <andy@×××××××××.com> - Japanese Translation |
644 |
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation |
645 |
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation |
646 |
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) |
647 |
Translation |
648 |
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) |
649 |
Translation |
650 |
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) |
651 |
Translation |
652 |
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) |
653 |
Translation |
654 |
Ricardo Nogueira <R.Nogueira@××××××××××××××××.au> - Portuguese (Brazil) |
655 |
Translation |
656 |
Lanark <lanark@××××××××××.ar> - Spanish Translation |
657 |
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation |
658 |
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation |
659 |
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation |
660 |
Pablo Pita Leira <pablo.leira@×××××××××.com> - Spanish Translation |
661 |
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation |
662 |
Tirant <tirant@×××××.net> - Spanish Translation |
663 |
Jaime Freire <jfreire@××.com> - Spanish Translation |
664 |
Lucas Sallovitz <krusty_ar@×××××.com> - Spanish Translation |
665 |
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation |
666 |
Aycan Irican <aycan@××××××××.tr> - Turkish Translation |
667 |
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation |
668 |
Gursel Kaynak <gurcell@×××××××.com> - Turkish Translation |
669 |
Bugra Cakir <19913500@××××××××××××××××.tr> - Turkish Translation |