Skip to main content

My best tool with package bumps: Meld

For quite some time I have been using Meld to detect relevant changes between two releases when I update a package in Gentoo. I run

# ebuild foobar-1.2.ebuild manifest prepare
# ebuild foobar-1.3.ebuild manifest prepare

and throw Meld at both outputs

# meld /var/tmp/portage/[..]/foobar-1.2/work/foobar-1.2/ \
       /var/tmp/portage/[..]/foobar-1.3/work/foobar-1.3/ &

Meld makes it easy to see what has changed and (especially) what has not changed. With sole diff -r that would be difficult. I usually start by inspecting changes to If upstream did a good job that diff tells what dependencies to touch, already. Near the left and right margin you can see where else the file has been modified. No need to scroll-search down for more: you already know what you get.

The NEWS and ChangeLog files usually offer pointers of interest, too.

If my hint on Meld made a single Gentoo packager juggler's life easier or more efficient, I have achieved what I was aiming for. Sorry for the noise to everyone else.

PS: The second preview image up there has been losslessly reduced by 40% in size just by running it through optipng -o7.

overlint: Static analysis for your Gentoo overlay

While repoman does a good job of finding smells in ebuilds, a tool to evaluate an overlay with respect to the state of the Gentoo main tree has to my knowledge been missing so far. overlint is a simple command line tool. From a technical view point it reports

  • which version bumps from the overlay are missing from the main tree (e.g. the overlay has 7.1 but the main tree has 7.0, only),
  • which revision bumps are missing from the main tree (e.g. the overlay has 3.0-r1 but the main tree has 3.0, only), and
  • which exact same revisions exist in both trees with differing ebuilds.

On a higher level these findings often indicate that

  • certain changes are still to be integrated with the Gentoo main tree to benefit a wider audience and/or that
  • an ebuild appeared in an overlay first but can be removed now as the Gentoo main tree has grown an equivalent (or identical) copy.

As a consequence overlint has two main use cases, each with a different user audience:

  • Overlay maintainers can use overlint to better keep their overlay in shape.
  • Gentoo developers and proxy maintainers can use overlint to detect valuable patches missing from the main tree.

Here is example output of overlint 0.4.1 for the calculate overlay:

# overlint-cli /var/lib/layman/calculate/
Version bumps missing from Gentoo main tree
  italc :: 1.0.13, 2.0.0
  foo2zjs :: 20081129, 20110512
  madwifi-ng ::
  madwifi-ng-tools ::

Revision bumps missing from Gentoo main tree
  unzip :: 6.0-r9
  wgetpaste :: 2.18-r1

Ebuils that differ at same revision
  unhide :: 20110113
  bin_replace_string :: 0.2
  qt-creator :: 2.4.1
  pam_keystore :: 0.1.3
  tw_cli :: 9.5.3
  grub :: 1.99-r2
  talloc :: 2.0.7
  linux-sources :: 0

To get it run:

# sudo emerge -av app-portage/overlint

The source code is up on;a=summary. For small patches just send them along, for bigger ones get in touch before the work, please. Thanks!

Fwd: SSL And The Future Of Authenticity

At 07:29 I should be long sleeping but this video of 2011 that I stumbled upon has kept me out of bed for longer. For entry-level security people like me the level of detail is great with this talk. At the point where the focus moves to a proposed solution that the speaker is involved with I had the impression that his view loses a bit of its objectivity and attention to detail due to personal, emotional involvement. I I could imagine that convergence is not the answer yet, but maybe it even is.

My virtual journey of today

I spent some time surfing the internet today (really!) and came by quite a few interesting things, unusually many in my perception. It all started with a video on Ganeti which led to a video on SELinux (which I knew zero about before) which in turn led to a video on mitmproxy. I googled "mitmproxy" and soon ran into the website and universe of Aldo Cortesi. There were an analysis of correlation between choice of programming language and other parameters like the number of contributers made from history on Github, an article about the use of Hilbert curves to binary blob visualization, thoughts on the pros and cons of using object-relational mappers in Python, a way to visualize sorting algorithms, entertaining code review bits on a javascript crypto libarary, the fact that the amount of gold can overflow in World of Warcraft, and a bunch of links to stuff on other sites that I followed including the 3D Mandelbulb, eyetracking-based guidelines on the design of web forms, a page that convinced me that it's very easy for a website to identify me as a certain past visitor even with cookies off, thoughts on how random humans want randomness to be, the fact that the mobile app of uploaded your entire address book without telling or asking before previously, that there are offers for 20 minutes CPU time on 400 machines each to crack WPA keys for about 20 US dollars, and how ugly OpenSSL's code is. My personal quote of today (from here) is: "A thing that two people can lift is not a router".

Fwd: Restless

At first it felt a bit like this movie was made for an audience of people below 30. Maybe it is. Restless is quite a sad movie. But it does make up for it and when it leaves it is not sadness that remains. Better see for yourself.

Fwd: Drive

My brother once said: Nicolas Cage is a guarantee for a crap movie. From from my past impressions the opposite seems to be true for Ryan Gosling. I'm just back from "Drive". Good movie. Two downsides. First it's very brutal. Reminded me of a scene in American History X once, the scene I wish I had never seen. Second, the loudness: loud is very loud or everything else too low. The theater I went to turned the volume up to a level where the action hurt my ears. I can still feel it. When it didn't crash-boom-bang the level was right. I liked the music.