1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 11 October 2004. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo News |
9 |
============== |
10 |
|
11 |
Portage breaks through the 100,000 files ceiling |
12 |
------------------------------------------------ |
13 |
|
14 |
In early 2002, synchronizing the Portage tree was usually done in a few |
15 |
seconds. At less than 10,000 files, there wasn't much to wait for, and |
16 |
certainly no real need for today's option in /etc/make.conf that limits |
17 |
syncs to certain parts of the Portage tree. If they want to do the same |
18 |
thing today, Gentoo users must allow for significantly more time: Since |
19 |
Friday last week, the Portage tree contains more than 100,000 files, |
20 |
leaving little to desire in terms of ebuilds for popular and lesser-known |
21 |
applications. Thousands of enhancements, security or Gentoo-specific |
22 |
patches to merge with the original sources, even for different versions of |
23 |
applications available via Portage are included in the tree. Counting |
24 |
toward the total sum are also an increasing number of genuine Gentoo |
25 |
developments, like catalyst or tenshi. Congratulations to all who |
26 |
contributed to this impressive record! |
27 |
|
28 |
Ten PegasosPPC desktops on their way to Gentoo developers |
29 |
--------------------------------------------------------- |
30 |
|
31 |
Freescale Semiconductor, Inc.[1], a Motorola company that took over |
32 |
production of the PowerPC chips from the mother recently, is donating a |
33 |
large number of computers to various open-source projects, in order to |
34 |
evaluate if there is a market for Linux on PowerPC desktops. Ten of the |
35 |
machines, PegasosPPC desktops with 1 GHz G4 CPUs, are being sent to Gentoo |
36 |
developers in the U.S. and in Europe over the next two weeks. The machines |
37 |
will go to the base system, security and hardened herds, one each to |
38 |
Gentoo's X11 and Gnome maintainers, three more to test accessibility, web |
39 |
applications and media/video, and the rest go to the embedded and PPC |
40 |
projects. The Gentoo developers are excited and would like to express |
41 |
their gratitude for this generous donation to Freescale Inc. |
42 |
|
43 |
1. http://www.freescale.com |
44 |
|
45 |
Figure 1.1: Inside the PegasosPPC: G4 CPU, Radeon 9200 graphics |
46 |
/images/gwn/20041011-pegasos.jpg |
47 |
|
48 |
The producers of the donated PegasosPPCs, the Luxemburg-based company |
49 |
Genesi S.a.r.l.[2], is unique in openly and actively supporting Linux for |
50 |
desktop PowerPCs, regardless of its own operating system, MorphOS, shipped |
51 |
pre-installed, too. 3D acceleration isn't available yet, but CPU upgrades |
52 |
will be easier than usual in the PowerPC world: Both 7447A 1.3 GHz |
53 |
processors that do not require active cooling, and a dual-CPU card will be |
54 |
available in a couple of months. Since the G3/G4-series from both IBM and |
55 |
Freescale are pin-compatible, CPU upgrades can be done as soon as the new |
56 |
processors hit the shelves. Freescale will be releasing 2 GHz CPUs soon |
57 |
and is also working on a series of dual-core CPUs. |
58 |
|
59 |
2. http://www.genesi.lu |
60 |
|
61 |
Turkish GWN translation reanimated |
62 |
---------------------------------- |
63 |
|
64 |
After more than a year of inactivity, a Turkish translation of the GWN is |
65 |
available again since last week. Thanks to Bahadir Kandemir[3], the |
66 |
Turkish users of Gentoo join the Japanese, Italian and German readers of |
67 |
the GWN who receive regular service in their own languages. Several other |
68 |
languages still need additional help. Volunteers can contact |
69 |
gwn-feedback[4]. |
70 |
|
71 |
3. kandemir@×××××.com |
72 |
4. gwn-feedback@g.o |
73 |
|
74 |
================== |
75 |
2. Gentoo security |
76 |
================== |
77 |
|
78 |
Netpbm: Multiple temporary file issues |
79 |
-------------------------------------- |
80 |
|
81 |
Utilities included in old Netpbm versions are vulnerable to multiple |
82 |
temporary files issues, potentially allowing a local attacker to overwrite |
83 |
files with the rights of the user running the utility. |
84 |
|
85 |
For more information, please see the GLSA Announcement[5] |
86 |
|
87 |
5. http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml |
88 |
|
89 |
NetKit-telnetd: buffer overflows in telnet and telnetd |
90 |
------------------------------------------------------ |
91 |
|
92 |
Buffer overflows exist in the telnet client and daemon provided by |
93 |
netkit-telnetd, which could possibly allow a remote attacker to gain root |
94 |
privileges and compromise the system. |
95 |
|
96 |
For more information, please see the GLSA Announcement[6] |
97 |
|
98 |
6. http://www.gentoo.org/security/en/glsa/glsa-200410-03.xml |
99 |
|
100 |
PHP: Memory disclosure and arbitrary location file upload |
101 |
--------------------------------------------------------- |
102 |
|
103 |
Two bugs in PHP may allow the disclosure of portions of memory and allow |
104 |
remote attackers to upload files to arbitrary locations. |
105 |
|
106 |
For more information, please see the GLSA Announcement[7] |
107 |
|
108 |
7. http://www.gentoo.org/security/en/glsa/glsa-200410-04.xml |
109 |
|
110 |
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities |
111 |
--------------------------------------------------------- |
112 |
|
113 |
Cyrus-SASL contains two vulnerabilities that might allow an attacker to |
114 |
completely compromise the vulnerable system. |
115 |
|
116 |
For more information, please see the GLSA Announcement[8] |
117 |
|
118 |
8. http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml |
119 |
|
120 |
CUPS: Leakage of sensitive information |
121 |
-------------------------------------- |
122 |
|
123 |
CUPS leaks information about user names and passwords when using remote |
124 |
printing to SMB-shared printers which require authentication. |
125 |
|
126 |
For more information, please see the GLSA Announcement[9] |
127 |
|
128 |
9. http://www.gentoo.org/security/en/glsa/glsa-200410-06.xml |
129 |
|
130 |
ed: Insecure temporary file handling |
131 |
------------------------------------ |
132 |
|
133 |
The ed utility is vulnerable to symlink attacks, potentially allowing a |
134 |
local user to overwrite or change rights on arbitrary files with the |
135 |
rights of the user running ed, which could be the root user. |
136 |
|
137 |
For more information, please see the GLSA Announcement[10] |
138 |
|
139 |
10. http://www.gentoo.org/security/en/glsa/glsa-200410-07.xml |
140 |
|
141 |
ncompress: Buffer overflow |
142 |
-------------------------- |
143 |
|
144 |
compress and uncompress, which could be used by daemon programs, contain a |
145 |
buffer overflow that could lead to remote execution of arbitrary code with |
146 |
the rights of the daemon process. |
147 |
|
148 |
For more information, please see the GLSA Announcement[11] |
149 |
|
150 |
11. http://www.gentoo.org/security/en/glsa/glsa-200410-08.xml |
151 |
|
152 |
========================= |
153 |
3. Heard in the community |
154 |
========================= |
155 |
|
156 |
gentoo-user |
157 |
----------- |
158 |
|
159 |
Groupware products |
160 |
|
161 |
Looking for recommendations for groupware products? Several different |
162 |
packages are listed for consideration in this thread: |
163 |
|
164 |
* Groupware solution[12] |
165 |
12. http://thread.gmane.org/gmane.linux.gentoo.user/102447 |
166 |
|
167 |
|
168 |
Local.start errors |
169 |
|
170 |
Setting up an interrupt at boot time for a low latency test kernel, Mark |
171 |
Knecht added a local.start script that doesn't work as expected. A quick |
172 |
resolution is offered in this thread: |
173 |
|
174 |
* setup commands in local.start[13] |
175 |
13. http://thread.gmane.org/gmane.linux.gentoo.user/102473 |
176 |
|
177 |
|
178 |
Last emerge sync |
179 |
|
180 |
How does one determine when the last emerge sync was run? Several |
181 |
suggestions went into this thread: |
182 |
|
183 |
* when was last sync?[14] |
184 |
14. http://thread.gmane.org/gmane.linux.gentoo.user/102058 |
185 |
|
186 |
|
187 |
Athcool risk |
188 |
|
189 |
Athcool is a powersaving utility for Athlon CPUs, but the ebuild claims it |
190 |
may cause instability. Here's what users have really experienced: |
191 |
|
192 |
* athcool - how safe is it?[15] |
193 |
15. http://thread.gmane.org/gmane.linux.gentoo.user/102476 |
194 |
|
195 |
|
196 |
gentoo-dev |
197 |
---------- |
198 |
|
199 |
A new cron herd |
200 |
|
201 |
The base-system herd has many extra packages that don't really belong into |
202 |
base-system but lacks other maintainers. To reduce the workload, all cron |
203 |
daemons will be outsourced to the new cron herd. Other package groups may |
204 |
follow in the near future. |
205 |
|
206 |
* A new cron herd[16] |
207 |
16. http://thread.gmane.org/gmane.linux.gentoo.devel/21840 |
208 |
|
209 |
|
210 |
Portage subcategories |
211 |
|
212 |
This thread discussed the advantages and disadvantages of extending the |
213 |
package categories from category/package to |
214 |
category/subcategory/.../package. At the moment, portage is unable to |
215 |
handle it, and the usefulness of such a change is not obvious. |
216 |
|
217 |
* Portage subcategories[17] |
218 |
17. http://thread.gmane.org/gmane.linux.gentoo.devel/21818 |
219 |
|
220 |
|
221 |
Portage in embedded systems? |
222 |
|
223 |
How big is portage, and how do embedded systems with low memory handle it? |
224 |
|
225 |
* Portage in embedded systems?[18] |
226 |
18. http://thread.gmane.org/gmane.linux.gentoo.devel/21850 |
227 |
|
228 |
|
229 |
Moving passwd from /usr/bin to /bin |
230 |
|
231 |
This small change will help in system recovery. For example, fsck wants |
232 |
the root password but might fail if /usr/bin is not mounted (which might |
233 |
not be the case during bootup/recovery). |
234 |
|
235 |
* Moving passwd from /usr/bin to /bin[19] |
236 |
19. http://thread.gmane.org/gmane.linux.gentoo.devel/21865 |
237 |
|
238 |
|
239 |
======================= |
240 |
4. Gentoo International |
241 |
======================= |
242 |
|
243 |
Antarctica: First Gentoo penguin webcam online |
244 |
|
245 |
No, the German GARS-O'Higgins Station[20] on the tip of the Antarctic |
246 |
Peninsula was not built for watching Gentoo penguins breed - but since |
247 |
last week it does have a webcam that serves this exact purpose. The |
248 |
station's mission, financed and run by German federal research |
249 |
organizations, is to receive and store vast amounts of geodetic data |
250 |
beaming down on its 9m antenna from various European Space Agency |
251 |
satellites in orbit, forwarding them for number-crunching at data centers |
252 |
in Germany. On 29 September 2004, the GARS team installed its fourth web |
253 |
camera, this one donated by elementary school schildren and other private |
254 |
sponsors back home, and pointed it to a spot where a Gentoo penguin colony |
255 |
takes shelter from the wind during the Antarctic summer, between |
256 |
mid-October and April. The first Gentoos started coming here years ago, |
257 |
right after the antenna and its concrete foundation were built, and have |
258 |
been growing in numbers ever since. Whether they like the place because |
259 |
it's warm and cuddly, or because of the average Gentoo's affinity to |
260 |
technology, is clearly beside the point. At the time of this writing there |
261 |
isn't much to see besides rocks and snow, but the birds should waddle in |
262 |
within the month, says Martin Grund[21], the penguin fan who had the idea |
263 |
for the Gentoo webcam and organised its setup. The camera (a Mobotix[22] |
264 |
M10 Secure Dual) has a StrongARM CPU and runs Linux, by the way. |
265 |
|
266 |
20. http://vlbi.leipzig.ifag.de/ohiggins/ |
267 |
21. http://www.martingrund.de |
268 |
22. http://www.mobotix.de |
269 |
|
270 |
Figure 4.1: Gentoo penguins and their favorite iceberg |
271 |
/images/gwn/20041011-gentoo.jpg |
272 |
|
273 |
Note: Photo courtesy of Reiner Wojdziak, BKG Leizpig |
274 |
|
275 |
====================== |
276 |
5. Gentoo in the press |
277 |
====================== |
278 |
|
279 |
IEEE Computing in Science and Engineering (Volume 6 Issue 5, |
280 |
September/October 2004) |
281 |
----------------------- |
282 |
|
283 |
The IEEE's journal of Computing in Science and Engineering has published a |
284 |
paper by George K. Thiruvathukal titled Gentoo Linux: The Next Generation |
285 |
of Linux[23]. Thiruvathukal is an associate professor at Loyola University |
286 |
in Chicago, and an affluent Gentoo activist, who recommends using it in |
287 |
his advanced Linux classes at the university. His article for the IEEE |
288 |
describes why Gentoo "is a good choice for scientists, and how its |
289 |
structure gives us the flexibility and ease of management we need." Only |
290 |
the abstract is accessible free of charge on the IEEE website, if you want |
291 |
to read the full article, you need to purchase the document (35 USD), or |
292 |
go to a library that subscribes to the journal. |
293 |
|
294 |
23. http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1324553 |
295 |
|
296 |
AnandTech (4 October 2004) |
297 |
-------------------------- |
298 |
|
299 |
A report by Kristopher Kubicki at AnandTech is really about Linux 3D AGP |
300 |
GPU Roundup: More Cutting Edge Penguin Performance[24] and just mentions |
301 |
Gentoo en passant, but in nice enough words to point it out here: "It may |
302 |
be due to the circles that we run in, but the sheer interest for Linux |
303 |
among our peers seems to have peaked 100-fold what it was last year. |
304 |
Simple, clean distros like SuSE, Fedora Core and Mandrake have done |
305 |
wonders to the Windows migration crowd - and then there is the whole |
306 |
Gentoo sensation as well," writes Kubicki in his introduction to |
307 |
AnandTech's hardware benchmarking report for high performance 3D graphics |
308 |
cards. |
309 |
|
310 |
24. http://anandtech.com/linux/showdoc.aspx?i=2229 |
311 |
|
312 |
ZDNet Tech Update (7 October 2004) |
313 |
---------------------------------- |
314 |
|
315 |
David Berlind writes under the headline "Microsoft Surrounded?" that Linux |
316 |
shows promise for the desktop, but must adopt the ease of use seen in Mac |
317 |
OS X, for example, especially with regard to network, management and |
318 |
resource sharing: "Leading the way on that front (according to ZDNet's |
319 |
readers) is the Gentoo distribution." |
320 |
|
321 |
Dallas Morning News (7 October 2004) |
322 |
------------------------------------ |
323 |
|
324 |
Titled "Love that Linux - Programmer finds happiness in moving Microsoft |
325 |
out of his life", an article by Doug Bedell draws a portrait of Gentoo |
326 |
Linux user Mike Owens, CIO at a real estate company and busy migrating |
327 |
proprietary Windows environments to Linux. Registration is compulsory to |
328 |
be able to read this article[25]. |
329 |
|
330 |
25. |
331 |
http://www.dallasnews.com/sharedcontent/ptech/generalstories2/100604ccjrpte |
332 |
chgeeklife.95181.html |
333 |
|
334 |
The Triangle (1 October 2004) |
335 |
----------------------------- |
336 |
|
337 |
The student newspaper of Drexel University carries an article by Kevin |
338 |
Lynch[26] about Linux distribution choices, comparing the "almost |
339 |
idiot-proof configurations" of RPM-based distributions to "the sporty |
340 |
young Gentoo" and others. The article's message is borrowed from Indiana |
341 |
Jones and the Holy Grail: "Choose wisely." |
342 |
|
343 |
26. |
344 |
http://www.thetriangle.org/news/2004/10/01/SciTech/Versatility.Of.Linux.Dis |
345 |
tribution.Allows.Choice-738620.shtml |
346 |
|
347 |
The Triangle (8 October 2004) |
348 |
----------------------------- |
349 |
|
350 |
The same Kevin Lynch writes about the Linux Standard Base (LSB) just one |
351 |
week later[27]: "Most of the controversy surrounding the LSB is over the |
352 |
chosen installation package method, the Red Hat's Package Manager format. |
353 |
[...] Gentoo Linux must redesign its entire package system to conform to |
354 |
the LSB standards." |
355 |
|
356 |
27. |
357 |
http://www.thetriangle.org/news/2004/10/08/SciTech/Linuxs.Future.Lies.In.It |
358 |
s.Communitys.Hands-747249.shtml |
359 |
|
360 |
Maximum PC (October 2004 issue) |
361 |
------------------------------- |
362 |
|
363 |
On page 36 of this print-only magazine[28], editor Will Smith writes in an |
364 |
article on must-have features for Longhorn, the next version of Windows: |
365 |
"Finding and installing new applications is ludicrously easy on most Linux |
366 |
distros these days. Microsoft needs to make finding new apps and loading |
367 |
them on a PC as easy as emerge does on Gentoo or apt-get does on Debian. |
368 |
I'm sick of the Installshield installer." |
369 |
|
370 |
28. http://www.maximumpc.com |
371 |
|
372 |
=========== |
373 |
6. Bugzilla |
374 |
=========== |
375 |
|
376 |
Summary |
377 |
------- |
378 |
|
379 |
* Statistics |
380 |
* Closed bug ranking |
381 |
* New bug rankings |
382 |
|
383 |
Statistics |
384 |
---------- |
385 |
|
386 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[29]) to record and |
387 |
track bugs, notifications, suggestions and other interactions with the |
388 |
development team. Between 03 October 2004 and 09 October 2004, activity on |
389 |
the site has resulted in: |
390 |
|
391 |
29. http://bugs.gentoo.org |
392 |
|
393 |
* 655 new bugs during this period |
394 |
* 402 bugs closed or resolved during this period |
395 |
* 20 previously closed bugs were reopened this period |
396 |
|
397 |
Of the 7116 currently open bugs: 134 are labeled 'blocker', 237 are |
398 |
labeled 'critical', and 530 are labeled 'major'. |
399 |
|
400 |
Closed bug rankings |
401 |
------------------- |
402 |
|
403 |
The developers and teams who have closed the most bugs during this period |
404 |
are: |
405 |
|
406 |
* Gentoo's Team for Core System packages[30], with 66 closed bugs[31] |
407 |
* media-video herd[32], with 20 closed bugs[33] |
408 |
* Jeremy Huddleston[34], with 19 closed bugs[35] |
409 |
* Java team[36], with 14 closed bugs[37] |
410 |
* AMD64 Porting Team[38], with 13 closed bugs[39] |
411 |
* Gentoo Security[40], with 12 closed bugs[41] |
412 |
* Gentoo Games[42], with 12 closed bugs[43] |
413 |
* Net-Mail Packages[44], with 10 closed bugs[45] |
414 |
30. base-system@g.o |
415 |
31. |
416 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
417 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
418 |
ED&assigned_to=base-system@g.o |
419 |
32. media-video@g.o |
420 |
33. |
421 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
422 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
423 |
ED&assigned_to=media-video@g.o |
424 |
34. eradicator@g.o |
425 |
35. |
426 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
427 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
428 |
ED&assigned_to=eradicator@g.o |
429 |
36. java@g.o |
430 |
37. |
431 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
432 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
433 |
ED&assigned_to=java@g.o |
434 |
38. amd64@g.o |
435 |
39. |
436 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
437 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
438 |
ED&assigned_to=amd64@g.o |
439 |
40. security@g.o |
440 |
41. |
441 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
442 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
443 |
ED&assigned_to=security@g.o |
444 |
42. games@g.o |
445 |
43. |
446 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
447 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
448 |
ED&assigned_to=games@g.o |
449 |
44. net-mail@g.o |
450 |
45. |
451 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
452 |
field=bug_status&chfieldfrom=2004-10-03&chfieldto=2004-10-09&resolution=FIX |
453 |
ED&assigned_to=net-mail@g.o |
454 |
|
455 |
|
456 |
New bug rankings |
457 |
---------------- |
458 |
|
459 |
The developers and teams who have been assigned the most new bugs during |
460 |
this period are: |
461 |
|
462 |
* Gentoo's Team for Core System packages[46], with 31 new bugs[47] |
463 |
* AMD64 Porting Team[48], with 15 new bugs[49] |
464 |
* Gentoo Games[50], with 13 new bugs[51] |
465 |
* Gentoo Toolchain Maintainers[52], with 11 new bugs[53] |
466 |
* osx porters[54], with 9 new bugs[55] |
467 |
* media-video herd[56], with 9 new bugs[57] |
468 |
* Gnustep herd[58], with 9 new bugs[59] |
469 |
* Gentoo Linux Gnome Desktop Team[60], with 9 new bugs[61] |
470 |
46. base-system@g.o |
471 |
47. |
472 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
473 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
474 |
-09&assigned_to=base-system@g.o |
475 |
48. amd64@g.o |
476 |
49. |
477 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
478 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
479 |
-09&assigned_to=amd64@g.o |
480 |
50. games@g.o |
481 |
51. |
482 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
483 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
484 |
-09&assigned_to=games@g.o |
485 |
52. toolchain@g.o |
486 |
53. |
487 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
488 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
489 |
-09&assigned_to=toolchain@g.o |
490 |
54. osx@g.o |
491 |
55. |
492 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
493 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
494 |
-09&assigned_to=osx@g.o |
495 |
56. media-video@g.o |
496 |
57. |
497 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
498 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
499 |
-09&assigned_to=media-video@g.o |
500 |
58. gnustep@g.o |
501 |
59. |
502 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
503 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
504 |
-09&assigned_to=gnustep@g.o |
505 |
60. gnome@g.o |
506 |
61. |
507 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
508 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-03&chfieldto=2004-10 |
509 |
-09&assigned_to=gnome@g.o |
510 |
|
511 |
|
512 |
================== |
513 |
7. Tips and Tricks |
514 |
================== |
515 |
|
516 |
OpenVPN primer |
517 |
-------------- |
518 |
|
519 |
There are as many advantages to VPN tunnels as there are different VPN |
520 |
scenarios. One easy implementation is the "OpenVPN via tun-device" |
521 |
solution. An example: you'd like to connect your laptop to your LAN at |
522 |
home so that you can use your mail client without reconfiguring it anytime |
523 |
you switch from home to internet and back. Let's say your mail-server is |
524 |
192.168.1.10 in your LAN (192.168.1.0/24) at home, and you have got a |
525 |
router/firewall providing access to the Internet. You connect from work or |
526 |
school and want to read mail. OpenVPN can create two virtual devices for |
527 |
you when connecting two computers through an encrypted tunnel. Naturally |
528 |
you then have the possibility of forwarding traffic into the networks |
529 |
behind them, and thus would be "virtually connected" to your LAN behind |
530 |
the firewall. To enable this, either your firewall or a server behind it |
531 |
should run OpenVPN (if you choose a server in your LAN, you'll have to |
532 |
forward the destination port to the OpenVPN server). |
533 |
|
534 |
Here's what you need to do: |
535 |
|
536 |
--------------------------------------------------------------------------- |
537 |
| Code Listing 7.1: | |
538 |
|Enable the tun module in your kernel: Kernel config - tun | |
539 |
module--------------------------------------------------------------------- |
540 |
---- |
541 |
| | |
542 |
| [*] Networking support | |
543 |
| Networking options ---> | |
544 |
| [ ] Amateur Radio support ---> | |
545 |
| < > IrDA (infrared) subsystem support ---> | |
546 |
| < > Bluetooth subsystem support ---> | |
547 |
| [*] Network device support | |
548 |
| < > Dummy net driver support | |
549 |
| < > Bonding driver support | |
550 |
| < > EQL (serial line load balancing) support | |
551 |
| <M> Universal TUN/TAP device driver support This option must | |
552 |
be enabled |
553 |
--------------------------------------------------------------------------- |
554 |
|
555 |
Make sure this module exists and can be loaded. Next, install OpenVPN and |
556 |
it dependencies. |
557 |
|
558 |
--------------------------------------------------------------------------- |
559 |
| Code Listing 7.2: | |
560 |
|Install | |
561 |
OpenVPN-------------------------------------------------------------------- |
562 |
----- |
563 |
|emerge openvpn | |
564 |
--------------------------------------------------------------------------- |
565 |
|
566 |
Now on both server and client, create a directory for your configuration: |
567 |
|
568 |
--------------------------------------------------------------------------- |
569 |
| Code Listing 7.3: | |
570 |
|Make | |
571 |
directory------------------------------------------------------------------ |
572 |
------- |
573 |
|mkdir /etc/openvpn | |
574 |
|mkdir /etc/openvpn/myhomelan | |
575 |
--------------------------------------------------------------------------- |
576 |
|
577 |
Inside that directory, create a shared key for your VPN session and copy |
578 |
that key to the client's directory, /etc/openvpn/myhomelan. |
579 |
|
580 |
--------------------------------------------------------------------------- |
581 |
| Code Listing 7.4: | |
582 |
|Generate shared | |
583 |
key------------------------------------------------------------------------ |
584 |
--------------------------------------------------------------------------- |
585 |
|cd /etc/openvpn/myhomelan | |
586 |
|openvpn --genkey --secret myhomelan-key.txt | |
587 |
--------------------------------------------------------------------------- |
588 |
|
589 |
Now for the tricky part, the routing. It is important that the two tun |
590 |
devices on the client and server use IP addresses from the same subnet. |
591 |
The configuration files shown below list the type of device, the two |
592 |
end-points of the tunnel, the compression method and the UDP-port on which |
593 |
the tunnel is established. Finally privileges are dropped to user and |
594 |
group as listed: |
595 |
|
596 |
--------------------------------------------------------------------------- |
597 |
| Code Listing 7.5: | |
598 |
|Server-side configuration file | |
599 |
/etc/openvpn/myhomelan/local.conf------------------------------------------ |
600 |
------------------------------- |
601 |
|dev tun | |
602 |
|ifconfig 172.16.1.1 172.16.1.20 IP of the local tun device and its peer | |
603 |
|secret /etc/openvpn/myhomelan/myhomelan-key.txt | |
604 |
|comp-lzo | |
605 |
|port 5000 | |
606 |
|user nobody | |
607 |
|group nobody | |
608 |
--------------------------------------------------------------------------- |
609 |
|
610 |
The client's configuration needs the tunnel's destination address. This is |
611 |
often a dynamic DNS address, sometimes a fixed IP, depending on your ISP. |
612 |
You also need to route to your home LAN (192.168.1.0 in our example). You |
613 |
can call a shell script from the configuration file that accordingly sets |
614 |
a route. |
615 |
|
616 |
--------------------------------------------------------------------------- |
617 |
| Code Listing 7.6: | |
618 |
|Client-side configuration file | |
619 |
/etc/openvpn/myhomelan/local.conf------------------------------------------ |
620 |
------------------------------- |
621 |
|remote <servers.dynamic.dns.address> or your VPN server's external IP | |
622 |
if you have a fixed one |
623 |
|dev tun | |
624 |
|ifconfig 172.16.1.20 172.16.1.1 IP of the local tun device and its | |
625 |
peer |
626 |
|secret /etc/openvpn/myhomelan/myhomelan-key.txt | |
627 |
|comp-lzo | |
628 |
|port 5000 | |
629 |
|user nobody | |
630 |
|group nobody | |
631 |
|up /etc/openvpn/myhomelan/route.sh sets up the route to the network | |
632 |
behind the VPN server |
633 |
--------------------------------------------------------------------------- |
634 |
|
635 |
The route command would need to set the client's gateway for the network |
636 |
192.168.1.0 to its peer's address (172.16.1.1 in our setup). |
637 |
|
638 |
--------------------------------------------------------------------------- |
639 |
| Code Listing 7.7: | |
640 |
|/etc/openvpn/myhomelan/route.sh-------------------------------------------| |
641 |
------------------------------ |
642 |
|#!/bin/bash | |
643 |
|route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.1 | |
644 |
--------------------------------------------------------------------------- |
645 |
|
646 |
That's it. Start OpenVPN on the server and the client, and check the |
647 |
devices with ifconfig and the routes with route -n. Success! |
648 |
|
649 |
=========================== |
650 |
8. Moves, adds, and changes |
651 |
=========================== |
652 |
|
653 |
Moves |
654 |
----- |
655 |
|
656 |
The following developers recently left the Gentoo team: |
657 |
|
658 |
* None this week |
659 |
|
660 |
Adds |
661 |
---- |
662 |
|
663 |
The following developers recently joined the Gentoo Linux team: |
664 |
|
665 |
* None this week |
666 |
|
667 |
Changes |
668 |
------- |
669 |
|
670 |
The following developers recently changed roles within the Gentoo Linux |
671 |
project: |
672 |
|
673 |
* None this week |
674 |
|
675 |
==================== |
676 |
9. Contribute to GWN |
677 |
==================== |
678 |
|
679 |
Interested in contributing to the Gentoo Weekly Newsletter? Send us an |
680 |
email[62]. |
681 |
|
682 |
62. gwn-feedback@g.o |
683 |
|
684 |
================ |
685 |
10. GWN feedback |
686 |
================ |
687 |
|
688 |
Please send us your feedback[63] and help make the GWN better. |
689 |
|
690 |
63. gwn-feedback@g.o |
691 |
|
692 |
================================ |
693 |
11. GWN subscription information |
694 |
================================ |
695 |
|
696 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
697 |
gentoo-gwn-subscribe@g.o. |
698 |
|
699 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
700 |
gentoo-gwn-unsubscribe@g.o from the email address you are |
701 |
subscribed under. |
702 |
|
703 |
=================== |
704 |
12. Other languages |
705 |
=================== |
706 |
|
707 |
The Gentoo Weekly Newsletter is also available in the following languages: |
708 |
|
709 |
* Danish[64] |
710 |
* Dutch[65] |
711 |
* English[66] |
712 |
* German[67] |
713 |
* French[68] |
714 |
* Japanese[69] |
715 |
* Italian[70] |
716 |
* Polish[71] |
717 |
* Portuguese (Brazil)[72] |
718 |
* Portuguese (Portugal)[73] |
719 |
* Russian[74] |
720 |
* Spanish[75] |
721 |
* Turkish[76] |
722 |
64. http://www.gentoo.org/news/da/gwn/gwn.xml |
723 |
65. http://www.gentoo.org/news/be/gwn/gwn.xml |
724 |
66. http://www.gentoo.org/news/en/gwn/gwn.xml |
725 |
67. http://www.gentoo.org/news/de/gwn/gwn.xml |
726 |
68. http://www.gentoo.org/news/fr/gwn/gwn.xml |
727 |
69. http://www.gentoo.org/news/ja/gwn/gwn.xml |
728 |
70. http://www.gentoo.org/news/it/gwn/gwn.xml |
729 |
71. http://www.gentoo.org/news/pl/gwn/gwn.xml |
730 |
72. http://www.gentoo.org/news/br/gwn/gwn.xml |
731 |
73. http://www.gentoo.org/news/pt/gwn/gwn.xml |
732 |
74. http://www.gentoo.org/news/ru/gwn/gwn.xml |
733 |
75. http://www.gentoo.org/news/es/gwn/gwn.xml |
734 |
76. http://www.gentoo.org/news/tr/gwn/gwn.xml |
735 |
|
736 |
|
737 |
Ulrich Plate <plate@g.o> - Editor |
738 |
Brian Downey <bdowney@×××××××××××.net> - Author |
739 |
Marc Hildebrand <zypher@g.o> - Author |
740 |
Patrick Lauer <patrick@g.o> - Author |
741 |
Emmet Wagle <ewagle@×××××.com> - Author |
742 |
|
743 |
|
744 |
-- |
745 |
gentoo-gwn@g.o mailing list |