My best tool with package bumps: Meld
For quite some time I have been using Meld to detect relevant changes between two releases when I update a package in Gentoo. I run
# ebuild foobar-1.2.ebuild manifest prepare # ebuild foobar-1.3.ebuild manifest prepare
and throw Meld at both outputs
# meld /var/tmp/portage/[..]/foobar-1.2/work/foobar-1.2/ \ /var/tmp/portage/[..]/foobar-1.3/work/foobar-1.3/ &
Meld makes it easy to see what has changed and (especially) what has not
changed. With sole diff -r
that would be difficult. I usually start by
inspecting changes to configure.ac
. If upstream did a good job that diff
tells what dependencies to touch, already. Near the left and right margin you
can see where else the file has been modified. No need to scroll-search down
for more: you already know what you get.
The NEWS
and
ChangeLog
files usually offer pointers of interest, too.
If my hint on Meld made a single Gentoo packager juggler's life easier or more efficient, I have achieved what I was aiming for. Sorry for the noise to everyone else.
PS: The
second preview image up there has been losslessly reduced by 40% in size just
by running it through optipng -o7
.
overlint: Static analysis for your Gentoo overlay
While repoman does a good job of finding smells in ebuilds, a tool to evaluate an overlay with respect to the state of the Gentoo main tree has to my knowledge been missing so far. overlint is a simple command line tool. From a technical view point it reports
- which version bumps from the overlay are missing from the main tree (e.g. the overlay has 7.1 but the main tree has 7.0, only),
- which revision bumps are missing from the main tree (e.g. the overlay has 3.0-r1 but the main tree has 3.0, only), and
- which exact same revisions exist in both trees with differing ebuilds.
On a higher level these findings often indicate that
- certain changes are still to be integrated with the Gentoo main tree to benefit a wider audience and/or that
- an ebuild appeared in an overlay first but can be removed now as the Gentoo main tree has grown an equivalent (or identical) copy.
As a consequence overlint has two main use cases, each with a different user audience:
- Overlay maintainers can use overlint to better keep their overlay in shape.
- Gentoo developers and proxy maintainers can use overlint to detect valuable patches missing from the main tree.
Here is example output of overlint 0.4.1 for the calculate overlay:
# overlint-cli /var/lib/layman/calculate/ =============================================================== Version bumps missing from Gentoo main tree =============================================================== net-misc/ italc :: 1.0.13, 2.0.0 net-print/ foo2zjs :: 20081129, 20110512 net-wireless/ madwifi-ng :: 0.9.4.4178.20120131 madwifi-ng-tools :: 0.9.4.4178.20120131 =============================================================== Revision bumps missing from Gentoo main tree =============================================================== app-arch/ unzip :: 6.0-r9 app-text/ wgetpaste :: 2.18-r1 =============================================================== Ebuils that differ at same revision =============================================================== app-forensics/ unhide :: 20110113 dev-util/ bin_replace_string :: 0.2 qt-creator :: 2.4.1 sys-auth/ pam_keystore :: 0.1.3 sys-block/ tw_cli :: 9.5.3 sys-boot/ grub :: 1.99-r2 sys-libs/ talloc :: 2.0.7 virtual/ linux-sources :: 0
To get it run:
# sudo emerge -av app-portage/overlint
The source code is up on http://git.overlays.gentoo.org/gitweb/?p=proj/overlint.git;a=summary. For small patches just send them along, for bigger ones get in touch before the work, please. Thanks!
Fwd: More tricks for defeating SSL in practice
More Tricks For Defeating SSL in Practice - ekoparty Security Conference 5th edition from ekoparty on Vimeo.
I have actually been watching the Black USA 2009 version but it seems very very similar to the ekoparty one above, except without the view of the speaker.
Fwd: SSL And The Future Of Authenticity
At 07:29 I should be long sleeping but this video of 2011 that I stumbled upon has kept me out of bed for longer. For entry-level security people like me the level of detail is great with this talk. At the point where the focus moves to a proposed solution that the speaker is involved with I had the impression that his view loses a bit of its objectivity and attention to detail due to personal, emotional involvement. I I could imagine that convergence is not the answer yet, but maybe it even is.
My virtual journey of today
I spent some time surfing the internet today (really!) and came by quite a few interesting things, unusually many in my perception. It all started with a video on Ganeti which led to a video on SELinux (which I knew zero about before) which in turn led to a video on mitmproxy. I googled "mitmproxy" and soon ran into the website and universe of Aldo Cortesi. There were an analysis of correlation between choice of programming language and other parameters like the number of contributers made from history on Github, an article about the use of Hilbert curves to binary blob visualization, thoughts on the pros and cons of using object-relational mappers in Python, a way to visualize sorting algorithms, entertaining code review bits on a javascript crypto libarary, the fact that the amount of gold can overflow in World of Warcraft, and a bunch of links to stuff on other sites that I followed including the 3D Mandelbulb, eyetracking-based guidelines on the design of web forms, a page that convinced me that it's very easy for a website to identify me as a certain past visitor even with cookies off, thoughts on how random humans want randomness to be, the fact that the mobile app of path.com uploaded your entire address book without telling or asking before previously, that there are offers for 20 minutes CPU time on 400 machines each to crack WPA keys for about 20 US dollars, and how ugly OpenSSL's code is. My personal quote of today (from here) is: "A thing that two people can lift is not a router".
Fwd: Sarah Kay: If I should have a daughter ...
Fwd: Brené Brown: Listening to shame
Fwd: Restless
At first it felt a bit like this movie was made for an audience of people below 30. Maybe it is. Restless is quite a sad movie. But it does make up for it and when it leaves it is not sadness that remains. Better see for yourself.
Fwd: Beginners
Beautiful. Strongly recommended.
Fwd: Drive
My brother once said: Nicolas Cage is a guarantee for a crap movie. From from my past impressions the opposite seems to be true for Ryan Gosling. I'm just back from "Drive". Good movie. Two downsides. First it's very brutal. Reminded me of a scene in American History X once, the scene I wish I had never seen. Second, the loudness: loud is very loud or everything else too low. The theater I went to turned the volume up to a level where the action hurt my ears. I can still feel it. When it didn't crash-boom-bang the level was right. I liked the music.