LLVM 3.7.0 released, Gentoo package changes

As announced here, the new LLVM release is now available. If you are interested after reading the release notes (or the clang ones), I just added the corresponding packages in Gentoo, although still masked for some additional testing. mesa-11.0 release candidates compile fine with it though.
2015/09/04 edit: llvm 3.7.0 is now unmasked!

On the Gentoo side, this version bump has some nice changes:

  • We now use the cmake/ninja build system: huge thanks to fellow developer mgorny for his hard work on this rewrite. This is the recommended build system upstream now, and some features will only be available with it
  • LLDB, the debugger  is now available via USE=lldb. This is not a separate package as the build system for llvm and subprojects is quite monolithic. clang is in the same situation: sys-devel/clang package currently does almost nothing, the magic is done in llvm[clang])
  • These new ebuilds include the usual series of fixes, including some recent ones by gienah

On the TODO list, some tests are still failing on 32bit multilib (bug #558604), ocaml doc compilation/installation has a strange bug (see the additional call on docs/ocaml_doc target in the ebuild). And let’s not forget adding other tools, like polly. Another recent suggestion: add llvm’s OpenMP library needed for OpenMP with clang.

Also, if people were still using the dragonegg GCC plugin, note that it is not released anymore upstream. As 3.6.x versions had compilation problems, this package received its last rites.

Removing old NX packages from tree

I already sent the last rites announce a few days ago, but here is a more detailed post on the coming up removal of “old” NX packages. Long story short: migrate to X2Go if possible, or use the NX overlay (“best-effort” support provided).
2015/04/26 note: treecleaning done!

Affected packages

Basically, all NX clients and servers except x2go and nxplayer! Here is the complete list with some specific last rites reasons:

  • net-misc/nxclient,net-misc/nxnode,net-misc/nxserver-freeedition: binary-only original NX client and server. Upstream has moved on to a closed-source technology, and this version  bundles potientally vulnerable binary code. It does not work as well as before with current libraries (like Cairo).
  • net-misc/nxserver-freenx, net-misc/nxsadmin: the first open-source alternative server. It could be tricky to get working, and is not updated anymore (last upstream activity around 2009)
  • net-misc/nxcl, net-misc/qtnx: an open-source alternative client (last upstream activity around 2008)
  • net-misc/neatx: Google’s take on a NX server, sadly it never took off (last upstream activity around 2010)
  • app-admin/eselect-nxserver (an eselect module to switch active NX server, useless without these servers in tree)

Continue using these packages on Gentoo

These packages will be dropped from the main tree by the end of this month (2015/04), and then only available in the NX overlay. They will still be supported there in a “best effort” way (no guarantee how long some of these packages will work with current systems).

So, if one of these packages still works better for you, or you need to keep them around before migrating, just run:

# layman -a nx

Alternatives

While it is not a direct drop-in replacement, x2go is the most complete solution currently in Gentoo tree (and my recommendation), with a lot of possible advanced features, active upstream development, … You can connect to net-misc/x2goserver with net-misc/x2goclient, net-misc/pyhoca-gui, or net-misc/pyhoca-cli.

If you want to try NoMachine’s (the company that created NX) new system, well the client is available in Portage as net-misc/nxplayer. The server itself is not packaged yet, if you are interested in it, this is bug #488334

Switching from GandiBlog/Dotclear2 to WordPress4

This blog was hosted by GandiBlog since mid-2006. Thanks to the Gandi folks, it has served me well, though it was starting to show its age.

Now I intend to revive this blog, and the first step was to finally move it on my server, switching to WordPress in the process! The rest of this post will detail how I did the switch, keeping the blog content and links. Continue reading “Switching from GandiBlog/Dotclear2 to WordPress4”

Backporting Apache support for websockets reverse proxy (aka getting GateOne to work behind Apache)

Recently, I have been toying around with GateOne, a web-based SSH client/terminal emulator. However, installing it on my server proved to be a bit challenging: it requires tornado as a webserver, and uses websockets, while I have an Apache 2.2 instance already running with a few sites on it (and my authentication system configured for my tastes)

So, I looked how to configure a reverse proxy for GateOne, but websockets were not officially supported by Apache… until recently! Jim Jagielski added the proxy_wstunnel module in trunk a few weeks ago. From what I have seen on the mailing list, backporting to 2.4 is easy to do (and was suggested as an official backport), but 2.2 required a few additional changes to the original patch (and current upstream trunk).

A few fixes later, I got a working patch (based on Apache 2.2.24), available here: https://cafarelli.fr/gentoo/apache-2.2.24-wstunnel.patch
2015/10 update: a rebased patch for 2.2.31 (with a few additional fixes) is also available now at https://cafarelli.fr/gentoo/apache-2.2.31-wstunnel.patch
2016/01 update: if you get segmentation faults, this Apache bug could be interesting

Recompile with this patch, and you will get a nice and shiny mod_proxy_wstunnel.so module file!

Now just load it (in /etc/apache2/httpd.conf in Gentoo):

<IfDefine PROXY>
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
</IfDefine>

and add a location pointing to your GateOne installation:

<Location /gateone/ws>
ProxyPass wss://127.0.0.1:1234/gateone/ws
ProxyPassReverse wss://127.0.0.1:1234/gateone/ws
</Location>

<Location /gateone>
Order deny,allow
Deny from all
Allow from #your favorite rule

ProxyPass http://127.0.0.1:1234/gateone
ProxyPassReverse http://127.0.0.1:1234/gateone
</Location>

Reload Apache, and you now have Gateone running behind your Apache server 🙂 If it does not work, first check GateOne log and configuration, especially the “origins” variable

For other websocket applications, Jim Jagielski comments here :

ProxyPass /whatever ws://websocket-srvr.example/com/

Basically, the new submodule adds the ‘ws’ and ‘wss’ scheme to the allowed protocols between the client and the backend, so you tell Apache that you’ll be talking ‘ws’ with the backend (same as ajp://whatever sez that httpd will be talking ajp to the backend).

Update 1: a user-friendly howto on how to apply this patch on Ubuntu is now available here

chromium (the web browser) on Gentoo FAQ

As you’ve probably already heard from one of your favourite sites (slashdot, phoronix, …), Google has just released the first beta-quality version of Google Chrome for Linux. I figured this was as good a time as another to collect and answers a few questions frequently asked on it, or rather on chromium which is the open-source version available in portage

  • What’s the difference between Google Chrome and Chromium? Well, chromium web site has a nice page summing it up here. So emerging chromium will get you a browser very close to Google Chrome, except the log and a few Google specific report links (the sandbox is enabled in gentoo chromium)
  • Why does it depend on ffmpeg (and a recent version of it)? For HTML5 audio/video tags support. There is now a USE-flag to disable this dependency if you are on a stable system and do not need this
  • Where do the source tarballs come from? Are they official ones? I create them manually, based on the SVN dependencies listed for each revision here. And it does take some time (checking out their huge tree, trying to get rid of as much bundled sourcecode as possible, …) For now, I track the developer releases, but may switch to beta releases some time. Especially now that upstream is finally considering making source tarballs available 🙂 Bug report is here. There is also another bugreport interested people can track, number 28287, which lists all bugs that would make our life easier, “our” as in distrib packagers, read this recent rant by the Fedora packager for chromium. Also interesting to read is Evan’s answer, digging into what is exactly there in the 3rd party folder.
  • I want to debug/run gdb on it: again the chromium wiki has a nice page on it. The usual recommendations apply of course
  • Will google-chrome-bin get in the tree? This is bug #272805. Right now we have chromium-bin, installed from snapshots generated by chromium test farms, with SVN revisions close to the from-source packages. Right now I don’t see a lot of benefits between chromium-bin and official google-chrome (except a shiny logo?), but if that changes I’ll probably add it to tree (in addition to/replacing chromium-bin). Or if another dev decides to add it 😉

So that’s it for the first round of questions, add yours in comments if it’s still unanswered 😉

neatx and chromium in portage status updates

Yesterday, I finally found the bug which prevented neatx from working on my system (thanks upstream for the debugging), so in your next portage sync, you’ll find net-misc/neatx-0.3.1_p43 ready for your testing! If you don’t need vnc/sound/printer tunneling or load-balancing, neatx is easier to set up than freenx and works great out-of-the-box. Thanks again to Mike Auty (ikelos) for his work on the ebuild.

Another work-in-progress for me these days is a source ebuild for chromium (open-source version of Google Chrome). A binary version (chromium-bin) has been available in portage for some time now (with amd64 support added recently), but source version ebuild had some problems. Now my current version (available in my overlay for the curious) has fixed most of them, including use of system libraries, makefiles use instead of scons, –as-needed support, … So why is it not yet in portage? Well, for now the tarballs from upstream are not yet available, so you won’t go past the fetch phase 😉 These should be available soon, once available you can expect chromium to quickly land in a portage tree near you.

By the way, if chromium crashes at startup for you (either binary or source version), they finally found the cause: you are probably using nvidia-drivers and nvidia opengl (via eselect opengl). However the libGL.so from nvidia overrides dlsym/dlopen (dynamic linker functions) with broken replacements, breaking applications relying on these functions! Chromium devs implemented a workaround, available for -bin in versions >=4.0.208.0_p25708, but expect some breakage in time-related functions. All the gory details are here: http://code.google.com/p/chromium/issues/detail?id=16800

And now to change a bit from technical talks, I wanted to say a big “thank you” to all of you Gentoo users who spend time filing bugreports, fixing, writing or rewriting ebuilds, debugging and finding the cause for all sorts of bugs (finding that some dynamic linkers break with specific video cards for example…), in short to all of you who work to make your distro a better one! And recently, a special thanks to Bernd Lommerzheim, who helps me a lot in proftpd maintenance, up to providing an entirely new ebuild for latest version, with lots of fixes and new features.

Yet another open-source NX server!

In my last post about FreeNX future, I had mentioned the efforts on a freenx-redesign branch, which seemed to have stalled.

Well, trust the guys at Google that worked on this redesign, they did not give up, and in fact publicly announced the first public release of neatx, the result of the redesign work. While still missing some of the features available in FreeNX, it does already have some original ones, like the drop-down menu for session control in rootless sessions (which is something I use a LOT when running pidgin remotely from home 🙂 ). I’ll make sure to prepare an ebuild (in your favourite NX overlay first as usual) when they tag a new version (first released one has some bugs that were quickly found).

Now, you may be lost between the multiple servers (including the dead ones), considering I never blogged about tacix, a remote server using NX, but with a different approach from the ‘official’ NoMachine way (with the specifix ‘nx’ user, …), making heavy use of dbus, and with its own client. For now, it’s still in the early versions, but it has potential!

So which server will you install on your (Gentoo, but other work of course) system? Here are the ‘active’ ones:

  • Official NX server (net-misc/nxserver-freeedition in portage), closed-source, limited to 2 concurrent sessions, but has all the features. If you want to quickly try NX!
  • FreeNX (net-misc/nxserver-freenx in portage), oldest and most complete open-source version, but its development stalled. The last ebuilds in tree use the branch from the Ubuntu folks, which fixes a few bugs compared to the last upstream source. If you want a stable open-source version
  • X2GO (net-misc/x2goserver and x2goclient in portage, some extended parts are still in the NX overlay). Maturing fast, and worth a try. This one is brought to you thanks to Joachim Langenbach, who does most of the work on the x2go* ebuilds 🙂

And in the future:

  • tacix, for its simpler architecture (think x2go without postgresql,ldap and friends).
  • neatx, which I hope will provide a suitable replacement for freenx soon

Incoming gnustep-make parallel support

When I add gnustep-make-2.2.0 to portage, repoman (our QA and commit tool) will at last be happy, as from this version, it won’t be necessary to force -j1 make flag! This will also allow parallel make for all gnustep packages in our tree(as the gnustep eclass forces -j1). No need to sync again and again your portage tree, this version is not yet released 😉 Original announcement is here

Some other entries on my gentoo/gnustep TODO list: the Etoile packages in the gnustep overlay need some cleanup (some keywords should be dropped for example Melodie player, maybe bump llvm to 2.5, but I hope some other dev will look into it before me), and updates when 0.4.2 will be released, gnustep packages, fix AC_CANONICAL_TARGET usage found in most of gnustep-base packages (thanks Flameeyes for finding more work for us 😉 ), and filter -Werror in some of our packages (helps when switching to newer GCC for example),

FreeNX future

Hum, it’s been some time since I last blogged on these Gentoo packages I handle! Let’s catch up a bit!

There is a thread running on freenx mailing list about current lack of new commits in freenx SVN. Main developer seems to be MIA (after starting a migration to github) and freenx as it is needs to be rewritten from scratch anyway (some work had been done in a freenx-redesign branch, but it seems abandoned too now). Of course, the ideal thing would be to finally get NX natively in X.org, but that’s not for the close future

So where does this leave us? Debian/Ubuntu packagers have created a freenx team, and manage a bzr tree with more and more fixes and updates (like shadowing local X sessions and stubs for guest sessions). Once I’ve figured out how to “tag” gentoo versions from it, this will probably be the new source for freenx packages (at least until upstream resumes development)

And if you want to try an alternative GPL server, remember to try x2go from the NX overlay 😉 I have not added them to main portage tree yet, but hope to do so real soon ™

X2go ebuilds status update

In a previous post, I spoke about new ebuilds for X2go client and server, a GPL remote desktop solution that’s based on NX technology, but in a different way compared to nxserver. With lots of help from Joachim Langenbach in bug #249600, I’m glad to say now that ebuilds in the NX overlay for both client and server work fine, and will probably moved to portage soon (ldap management ebuilds will probably wait a bit longer in the overlay, as I cannot test them for now).

For pros and cons, X2go does not need a special “nx” user on the server, you can use your ssh private key (as you log in directly as your real user), both client and server are GPL are not limited in number of connections, remote mounting of directories is easy (via sshfs/fuse), administration of the server can be done via kde control panel elements (including ldap accounts, if you use it). However x2go requires a running postgresql database on the server, does not support VNC/rdesktop proxying or shadow sessions, and some of the nice advanced features seem reserved to dedicated thin clients setups (like saving your session on a usb key, …).

Anyway, if you’re curious to try it, ‘layman -a nx’ and then emerge either x2goclient or x2goserver depending on which computer you are 😉