CentOS Pulse #0904 - 16 August 2009

1. Foreword

I give you the next monthly release of the Newsletter. It was mostly written at HAR2009 where CentOS had its only village and was visited by many people from the Community. There was a lot to discuss as the recent events have left an impact. The Open Letter to Lance resulted in a vast response from many and it seamed to be the News of the day. But this is not the only things that has happened.

Have fun catching up.

On Behalf of the CentOS family,

GeerdDietgerHoffmann -- Editor ad interim

2. Announcements

2.1. Kernel NULL pointer vulnerability

Julien Tinnes and Tavis Ormandy from the Google Security Team have recently found a Linux kernel vulnerability which affected all 2.4 and 2.6 kernels since 2001 on all architectures. The vulnerability has been announcement on LWN. An exploit has been provided by Brad Spengler.

The bug can be tracked in Upstream Bugzilla.

3. RPM packaging best practices

Before you start to package you should set up a packaging environment. Any setup you make for packaging should work as normal user. If you package on fedora/redhat derived systems you can make a simple setup by installing the rpm-build, redhat-rpm-config and rpmdevtools package. Some default configuration of rpm have %_topdir set to some shared directory only accessibly by root. You should override that locally by setting %_topdir to some other location in you ~/.rpmmacros file. This file might look something like this: {{{%_unpackaged_files_terminate_build 0 %_topdir /tmp/yourname %buildroot %{_tmppath}/%{name}-build %_tmppath /tmp/yourname %packager yourname <yourname@yourserver.org> %_gpg_name %packager %vendor yourcompany }}}

When you write SPEC-files there is some things you should consider:

• KISS: Try to avoid complex conditionals unless you really need it. If you need to change something in the source consider to make patches and use the patch-macros instead of doing everything in the specfile.
• No absolute paths: filenames in the %files section should _ALWAYS_ start with a macro (e.g. %{_bindir}, %{_libdir} etc), exception %doc entries.
• Avoid globs: in the %files section try to avoid using globs, on updates new/missing files will be detected and you avoid to have files in the rpm wich should not be there.

• Try to use macros wherever possible, especially %{name} and %{version} but also thinks like %{make} and %configure

• one item per line: only put one item on a line at a time for things like Requires, BuildRequires etc. This way it is much easier to diff spec files.

• sort lists: if you have multiple entries as mentioned above sort this also helps in diff.

A nice little spec file is the htop program on rpmforge. This explains the techniques mentioned above quite simply.

Summary: Interactive process viewer
Name: htop
Version: 0.8.3
Release: 1
License: GPL
Group: Applications/System
URL: http://htop.sourceforge.net/

Source: http://dl.sf.net/htop/htop-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

BuildRequires: gcc >= 3.0
BuildRequires: ncurses-devel

%description
htop is an interactive process viewer for Linux.

%prep
%setup

%build
%configure
%{__make} %{?_smp_mflags}

%install
%{__rm} -rf %{buildroot}
%{__make} install DESTDIR="%{buildroot}"

%clean
%{__rm} -rf %{buildroot}

%files
%defattr(-, root, root, 0755)
%doc AUTHORS ChangeLog COPYING INSTALL NEWS README
%doc %{_mandir}/man1/htop.1*
%{_bindir}/htop
%{_datadir}/applications/htop.desktop
%{_datadir}/pixmaps/htop.png

%changelog
* Wed Jun 24 2009 Dag Wieers <dag@wieers.com> - 0.8.3-1
- Updated to release 0.8.3.

Here is a list of common directory macros:

%{_sysconfdir}        /etc
%{_prefix}            /usr
%{_exec_prefix}       %{_prefix}
%{_bindir}            %{_exec_prefix}/bin
%{_lib}               lib (lib64 on 64bit systems)
%{_libdir}            %{_exec_prefix}/%{_lib}
%{_libexecdir}        %{_exec_prefix}/libexec
%{_sbindir}           %{_exec_prefix}/sbin
%{_sharedstatedir}    /var/lib
%{_datadir}           %{_prefix}/share
%{_includedir}        %{_prefix}/include
%{_infodir}           /usr/share/info
%{_mandir}            /usr/share/man
%{_localstatedir}     /var
%{_initddir}          %{_sysconfdir}/rc.d/init.d

To see the expanded definition of a macro you can use the command rpm --eval "%{macro}".

4. Tip Of The Newsletter

This will be a section in which tips and useful programs will be introduced. If you have a good tip or know of a really good program that you want everyone to know about send us a mail.

This month I want to introduce the program authconfig. The main aim of the tool is to provide a command-line interface to the different system authentication modules and provides some way of configuring them. It can be used to simply tell a system to use NIS, LDAP, Kerberos 5 or SMB for user authentication. This is best explained using a little example. The tip WinbindADS explains how authconfig can be used to authenticate a box against a windows server. {{{# authconfig \ --update \ --kickstart \ --enablewinbind \ --enablewinbindauth \ --smbsecurity=ads \ --smbworkgroup=$ADSWorkgroup \ --smbrealm=$ADSDomain \ --smbservers=$ADSServer \ --winbindjoin=$AdminUser \ --winbindtemplatehomedir=/home/%U \ --winbindtemplateshell=/bin/bash \ --enablewinbindusedefaultdomain \ --enablelocauthorize }}} This is all you need to do to set everything up and modify all the different files, which would otherwise take hours to do by hand.

A little thing to know is that authconfig-tui is deprecated and should not be used any more.

Many people may also know the system-config-authentication gui program, which is very helpful if you X

5. Interview

In this section we will interview a developer or someone who is affiliated with CentOS so the community gets to know the people that bring them this amazing OS.

This month I interviewed Russ Herrold who is one of the founding fathers of CentOS an interresting fact is that he, when younger competitively raced small 'one design' sloop rigged boats -- a US 6 M class called an InterLake, and a Thistle, now though he is too long away from the water, and needs to go sailing to find tranquility.:

---

First can you say something about yourself? (Job, where do you live, etc ...)

I feel certain I am the oldest of the core set of CentOS developers. Most readers will know me as the IRC persona of the gruff and crusty old Orc in #centos, where I strive to maintain a 'Socratic method' learning environment for sysadmin best practices with centos, free of food fights. My undergraduate instutition was not too interested in awarding a 'triple major', so I chose to receive one in Economics. I went on to a law degree, and practiced largely as a trial attorney for many years. All the while I was engaged in computing on the side, and I made the switch over to just computers almost twenty years ago.

What was your first Computer?

Technically the first was a injection plastic 'half-adder, that was programmed with different lengths of plastic soda straws, and which caused small pieces of wire to toggle right or left, in what we now call 'flip-flops' in perhaps 1964; then a reed relay device, programmed with patch cables, and that displayed results in lights. Then access to IBM 509 unit record equipment that one programmed with a phenolith punchgrid, and more elegant patch panels; access to a IBM 709 and 1620; The first computer I was paid to develop on and operate was an IBM 1401

How did you start with *NIX?

I continued working for service bureaus and as a consultant, on through the next couple of decades, on mainframes and then with the advent of the small computers, starting with an Intel 4004 that I wire-wrapped together, the Motorola 6800, an Intel 8080 in a Processor Technology kit, commercial code on IBM 360's and CDC 6600's, a piece of commercial code for the print masking routines for an RPG II interpreter, compiled running on a Sycor 340 (with an 8080 inside, and a 30k hard drive) -- almost all in assembly language, usually with cross compilers toward the little computers. We tended to run in batch mode, and so a *nix like preemptive multitasking OS was either not present, or in the case of the IBM 360's, OS/VM was provided by the vendor

So I was active in the space, when the Unix idea was emerging; I 'dipped my toe' from time to time, and did some local Operating System development. By 1993 I was using 'nix more actively, and by 1994 to 1995, I cut over to it entirely as my preferred environment. I sampled the various BSD's (DDJ magazine was chronicling the efforts for the PC BSD port). I have on my desk a complete set of 'Craftworks Linux V2.0' packaging, CD and pamphlet -- their serial number 0768. I had not yet thought through the implications of the FOSS aspect to the licenses. By late 1995, I was upstreaming patches on lib5 (?)

How did you come to be a CentOS developer?

It was pretty clear by early 2003 that Red Hat was going to restructure its approach to Linux binaries, and at the time I and others had a concern that RPM packaged distributions would become unavailable to the wide community; I connected with Greg Kurtzer out at Lawrence Livermore Berkeley Labs, and we had several conference call meetings to brainstorm how to move forward. This was after the early fedora.US effort, which I had issues as to the management of, and had withdrawn from further participation in that project.

From memory, in June 2003, Red Hat announced its shift from RHL to what we now think of RHEL, but we at cAos had trademark content removal, and buildsystems pretty well solved in the cAos days, in part because I had been working in the area with others for some time.

After a while, CentOS as a stand alone project was viable, and split off from its parent as a standalone one. This also helped the project gain mass, as there was a lively set of other RPM based 'enterprise rebuild' peers, which we have been able to work with or in some cases, permit combinations of effort. A community of problem solving developers is wonderful.

What are your main areas of contribution?

I was a co-founder of the project; Lance Davis was clearly there as well. I want to take a moment and also note that a talented young man, Rocky McGaugh, was the first I find in my email archive to mention the centos concept on a cAos mailing list, and that he and John Newbigin served as the first buildmasters.

Greg, Rocky and I 'pitched' a community enterprise and HPC platform to an IBM VP at Supercomputing 2003 in Phoenix, looking for a donation of bandwidth and build boxes, but we got a lukewarm response. Sadly Rocky is no longer with us, as the HPC firm he was employed at started making threats of suing him for violating an NDA (or so he told us), and he could not stand the pressure.

These days, I build from the released upstream SRPMs, and from Raw Hide, and from a local mirror archive of the sources of many, many projects. Basically 'cover the waterfront' in communication matters for the project. Obviously, as I have noted, CentOS is a meritocracy and I usually have my eyes open, scouting for folks demonstrating professionalism, talent, and a thoughtful attitude aligned with the project's goals. See my blog for more details.

What would you like to dig into in the future?

Virtualization is a 'green field' to FOSS and smaller computers, and has amazing opportunities, together with 'cloud computing' on demand, for load management; this ties to my long interest in the RPM and systematic and professional package and system management.

What is your favorite program?

The combination of XFCE, X, konsole, and screen for lots and lots of terminal sessions.

What do you do if you are not looking at a screen?

I am married a long time, and have family that I enjoy the company of; I' ve been active in my church, in a local charity that tends to the poor and needy, and in the Scouting movement. One thing I do not do is vegetate in front of a television, rather reading at least a couple hundred books a year.

What is your favorite drink?

A fine single malt Scotch gets my undivided attention; failing that I suppose that by count, coffee (black) from the neighborhood coffee house can be shown as that which I imbibe most often and so favor.

6. Jokes and Funny Stuff

6.1. And what do you do?

Three male programmers were in the bathroom standing at the urinals. The first programmer finishes, walks over to the sink to wash his hands. He then proceeds to dry his hands very carefully. He uses paper towel after paper towel and ensures that every single spot of water on his hands is dried. Turning to the other two, he says, "At Microsoft, we are trained to be extremely thorough." The second programmer finishes his task at the urinal and he proceeds to wash his hands. He uses a single paper towel and makes sure that he dries his hands using every available portion of the paper towel. He turns and says, "At Intel not only are we trained to be extremely thorough but we are also trained to be extremely efficient." The third programmer finished and walks straight for the door, shouting over his shoulder, "At Linux, we don`t piss on our hands."

source]

6.2. CentOS at LinuxTag from the view of a Debian devloper

7. CentOS Errata

This section highlights the most severe security updates for each supported CentOS release.

Most of the CentOS 4 fixes are delayed until the upcoming CentOS 4.8 release.

7.1. CentOS 3

• 2009:1134 Important seamonkey security update (CVE-2009-2210)
• 2009:1154 Critical dhcp security update (CVE-2009-0692, CVE-2009-1893)
• 2009:1163 Critical seamonkey security update (CVE-2009-2462, CVE-2009-2463, ...)
• 2009:1181 Important bind security update (CVE-2009-0696)
• 2009:1185 Critical seamonkey security update (CVE-2009-2404)

7.2. CentOS 4

• 2009:1180 Important bind security update (CVE-2009-0696)

7.3. CentOS 5

• 2009:1138 Important openswan security update (CVE-2009-2185)
• 2009:1148 Important httpd security update (CVE-2009-1890, CVE-2009-1891)
• 2009:1162 Critical firefox security update (CVE-2009-2462, CVE-2009-2463, ...)
• 2009:1164 Important tomcat security update (CVE-2007-5333, CVE-2008-5515, ...)
• 2009:1179 Important bind security update (CVE-2009-0696)
• 2009:1193 Important kernel security update (CVE-2007-5966, CVE-2009-1385, ...)
• 2009:1201 Important java-1.6.0-openjdk security update (CVE-2009-0217, CVE-2009-2475, ...)
• 2009:1203 Important subversion security update (CVE-2009-2411)

8. CentOS in the Spotlight

The following articles mention CentOS and are a good resource to understand how the media (and public) looks at CentOS.

The recent Open Letter to Lance was the main topic the past weeks and this led to different views in the media and on blog posts, from "the CentOS project is dying" to "everything is fine". But the main critical resonance is that the project has a lot of work to make things right again (wrt. organization, releases and security updates).

9. Upcoming Events

The CentOS Promo SIG organizes CentOS presence (booths, presentations) at various conferences and tradeshows. Here we highlight upcoming events. If you are interested to help out, join the Promo SIG.

• 2009-08-22 → 2009-08-23: FrOSCon 2009, St. Augustin, Germany -- official site

• 2009-09-23 → 2009-09-24: OpenExpo Winterthur 2009, Switzerland -- official site

• 2009-10-03 → 2009-10-04: T-DOSE 2009, Eindhoven, the Netherlands -- official site

• 2009-10-05 → 2009-10-07: cPanel Conference 2009, Houston, US -- official site

• 2009-11-07 → 2009-11-08: Open Rhein Ruhr Conference 2009, Bottrop, Germany -- official site

The next big meet-up will be at FrOSCon2009 where we will have a stall and will be giving out various freebees. If you are in the area pop by and talk to us and visit the really nice conference.

10. Contributing to this newsletter

This time we had to cut some sections of the Newsletter because we didn't have enough people and it was only possible because some people stepped up, so we are always on the look-out for people that are interested to help report on CentOS community activity, maintain a section in the newsletter, write an article or hint us an interesting topic, thread, article or person to talk about. If you want to appear in the newsletter, you have to contribute positively to the CentOS community and hopefully get noticed by one of our reporters

We have a special page with more information about contributing !