Planet Slackware Indonesia

November 21, 2018

Willy Sudiarto Raharjo

Call For Testing: Cinnamon 4

Today i decided to call for public testing for the upcoming Cinnamon 4 for Slackware Current, a development branch of Slackware which will become Slackware 15.0 in the future. I found the current version of Cinnamon and all of it's components are stable enough for public usage and Slackware already progressed much and some of the packages that are needed by Cinnamon are now included in the core packages as well.

I have merged the cinnamon4 branch into master branch in Github repository, so master branch is now following Cinnamon 4.0 exclusively. The build script is updated to reflect changes to the list of scripts to build the whole Cinnamon desktop. You can just run build-cinnamon.sh to build and install all packages according to the build order.

Binary packages are uploaded to the usual place, thanks to Darren Austin for the mirror space.

As always, please raise a ticket if you found any issue with the build script or if you have any suggestion to improve the experience with Cinnamon Desktop.

UPDATE: vala and graphviz are now removed as vala is included in -current and it was built without graphviz.

by Willy Sudiarto Raharjo (noreply@blogger.com) at November 21, 2018 04:34 PM

November 07, 2018

Willy Sudiarto Raharjo

Cinnamon 4.0 Preview

Clem hasn't announced the official release of Cinnamon 4.0, but the tarball has been around for some days and i have managed to build it on top of latest Slackware Current. Cinnamon 4.0 will give some big performance on Nemo, new panel layout, and many new features. You can check the detailed changes on every sub component of Cinnamon on their github repository.

I noticed the release just two days ago while i was sick at home and i started to work on it. It took some time to do finish it since some sub components changed their build tool to Meson and some changes in the parameters were needed to build without Wayland (Thanks Clem for the pointers). At the end, it was a successful one (at least under a virtual machine), but it won't get merged into master for now as i need to make sure few things before pushing them to master. Also, Slackware Current is still developing, so there might be a chance that some packages are added into the main tree itself.

Here is the part where you can help by trying to reproduce the build on a clean installation of Slackware-Current. Go to Cinnamon SlackBuild repository on branch cinnamon4 and start cloning it. Please use the build-cinnamon.sh script to automate all the download process and installation according to the BUILD_ORDERS.

Let me know if there's a problem with the current installation and please write a new issue so it's trackable.

PS: You will notice that the default icon in the menu turned into GNOME menu. I'm hoping to replace it with Slackware's icon in the final release of Cinnamon 4.0 for Slackware 15.0 :) (Done, thanks to Skaendo for the icon and patch).

by Willy Sudiarto Raharjo (noreply@blogger.com) at November 07, 2018 12:25 PM

October 23, 2018

Willy Sudiarto Raharjo

New LTS Kernel 4.19 and NVidia Patch

Under 24h after Linux Kernel 4.19 LTS is released by Greg, Patrick decided to bump the kernel used in -current to the latest LTS release. This new major version brings tons of new and interesting features, as written in Kernel Newbies.

I decided to try this new kernel and luckily, my VMWare is still working well, even though i used VirtualBox lately. I did have some problems with NVidia 390.87, but i found a simple patch and here's what you need to do:
  1. ./NVIDIA-Linux-x86_64-390.87 --extract-only
  2. cd ./NVIDIA-Linux-x86_64-390.87
  3. Apply the patch found here
  4. ./nvidia-installer
All (except 1) of my wishlist is now fulfilled. The last remaining is moving on to Qt5 and KDE 5. I'm pretty sure it will showed up soon enough as KDE 5 is getting more stable and polished. It has been tested by Eric (and some other) for some time and it's proven to be solid.

by Willy Sudiarto Raharjo (noreply@blogger.com) at October 23, 2018 10:16 AM

July 25, 2018

Willy Sudiarto Raharjo

Helping Patrick and Slackware Linux

I was shocked to hear that the Slackware Store didn't work as intended and Patrick got no income from the store for the last TWO YEARS!!!  I was mad, considering that most people thought the sales would have gone to Patrick and it could helped him financially while working on Slackware Linux project. They don't really need the DVDs, but they wanted to show their respect for Patrick who have devoted his life for the project. I stopped my subscription once i saw that post by sending an email to the store.

Many people have suggested alternative options to Patrick to get the money directly to him instead of using third party and FINALLY, he officially announced his PayPal account (https://www.paypal.me/volkerdi). For now, that's the only official payment method that is confirmed by Patrick himself. Do not go other options like BitCoin address because Patrick has denied that it was his account.

Since my PayPal is blocked permanently for something i didn't do and stupid AI flagged me, i may not be able to send any donations nor receive any donations using PayPal. I will probably wait if Patrick decide to add more ways to set up a donations which goes directly to him.

Please support Patrick and his family so that he can focus on Slackware Linux and make Slackware Linux 15.0 the best release ever!!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 25, 2018 11:55 PM

July 06, 2018

Willy Sudiarto Raharjo

June/July Updates

It's been a month since my last post about SBo DMCA Takedown, and i wanted to share some updates in the Slackware development progress. It has been an amazing progress and most of my wishlist (from one year ago) have been realized, while two remaining.

The recent upgrade in Slackware brought GCC 8.1, the latest major release of GNU C Compiler. It brings new language features as well as better code optimizations, BUT it also comes with a stricter rules (which might affects scripts in the SBo projects). Amazingly Pat has stated that all packages have been tested for build failures against this new version of compiler.

Another progress in development areas are perl 5.28.0, rust 1.27.0, guile 2.2.4, git 2.18.0, mercurial 4.6.2, mariaDB 10.3.8, PHP 7.2.7, and meson 0.47.0. Developers will love it. It has great support of many modern languages along with the tools to support development process.

As for core packages, the kernel is still tracking latest 4.14.x LTS branch along with coreutils 8.30 and sysvinit 2.90 among many other changes. pkgtool have received many love in this cycle and it's a major work related to how package database are located. Previously it was placed under /var/log/packages, but in the latest version, the exact location have been moved under /var/lib/pkgtools/packages, while the old one are symlinked for backward compatibility.

Many updated/new packages/libraries gets into this release, including pulseaudio 12, harfbuzz 1.8, poppler 0.66, mesa 18.1, NetworkManager 1.12, texlive 2018.180630, gimp 2.10.4.

Patrick is now tracking Firefox 60-ESR and no longer continue on following latest release from Mozilla as ESR will get longer support. Next ESR release will be at Firefox 68 which is scheduled to be released on July 2019, so small chances that we need to wait until next year.

I'm still waiting for the KDE5/Qt5 integration in Slackware.

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 06, 2018 11:33 PM

June 14, 2018

Willy Sudiarto Raharjo

SBo DMCA Takedown

About 14h ago, 10:32 PM GMT+7 (Western Indonesian Time), me (and several other people who forked SBo's repository at GitHub) received a DMCA Takedown notice due to a company (Steinberg) filed a complaint to more than 200 open source repositories in GitHub that uses several of their header files (namely aeffect.h and aeffectx.h). We used that files in one of our scripts (jack-tools) which was changed over a year ago by the maintainer. At that time, it was OK to use their header files (although it has been unmaintained since 2013), but some time ago, Steinberg has made an announcement about dropping their support for VST 2 and focusing on VST 3 only. This drives the DMCA takedown action which affects SBo repositories in GitHub.

The admins have discussed this matter last night and we came to a solution of fixing this issue permanently by removing the related commit and all the history for this script in master and 14.2 branch. This is not a trivial action as the commits involved were 11867 since 2017-02-04. Ponce did the initial testing and David did the final touch, including pushing an unexpected public update including with the mass re-base on master and 14.2 branch (Thanks David).

How this affects you?
If you are maintainers who had push access to SBo repository or someone who cloned SBo repository locally, you must do these steps in order to get back to the right track:

git tag -d 14.2-20170204.1 (you only need to do this step once) 
git push github :refs/tags/14.2-20170204.1 (only if you have mirrored SBo repository on github)
git checkout master (do this to 14.2 branch as well)
git fetch --all
git reset --hard origin/master (do it for 14.2 as well)

or a simpler way is to re-clone our repository using git clone. That should give you a clean repository with an updated tags and commits.

If you are regular user who download the scripts or tarball containing the SlackBuild script along with the rest from our website or someone who used automatic tools, such as sbopkg, you don't need to do anything and everything will work normally just as you normally do.

At this point, all the tags are not yet signed, but it will be done soon. SBo will also set a stricter rule to avoid things like this to happen in the future.

by Willy Sudiarto Raharjo (noreply@blogger.com) at June 14, 2018 06:52 AM

May 23, 2018

Willy Sudiarto Raharjo

More Meltdown/Spectre Variants

Four months after initial disclosure of Spectre and Meltdown, researchers have found two more variants of Spectre, called Variant 3 and 4 and vendors are working hard to push the fixes to public. Patrick who are very concern about security called the shots and update the kernels both in -stable (14.2) and -current to the latest version that should fix some of the issues.

Here's my machine (Ryzen) running latest -current tested using Spectre script:
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm):  NO
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)                                                                       
                                                                                                                                           
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'                                                                            
* Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB)                                                  
* Mitigation 1                                                                                                                             
  * Kernel is compiled with IBRS support:  YES                                                                                             
    * IBRS enabled and active:  UNKNOWN                                                                                                    
  * Kernel is compiled with IBPB support:  YES                                                                                             
    * IBPB enabled and active:  YES                                                                                                        
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel supports Page Table Isolation (PTI):  YES
  * PTI enabled and active: dmesg: read kernel buffer failed: Operation not permitted
 UNKNOWN  (dmesg truncated, please reboot and relaunch this script)
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
  * CPU microcode mitigates the vulnerability:  UNKNOWN  (an up to date microcode is sufficient to mitigate this vulnerability, detection will be implemented soon)
> STATUS:  VULNERABLE  (a new microcode will mitigate this vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
  * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

It seems that future kernel-firmware should have a complete fix for this issue for AMD users, while for Intel users, please make sure to get the updated intel-microcode as soon as Intel released it for public.

by Willy Sudiarto Raharjo (noreply@blogger.com) at May 23, 2018 01:50 PM

May 11, 2018

Willy Sudiarto Raharjo

Moving to XOrg 1.20

Even though Xorg 1.20 has just been released under 24h, Patrick decided to go with this new major version that has been developed over a year since it contains major changes compared to 1.19.x. There are caveat of course when we are talking about new XOrg server, especially about third party driver (NVidia/AMD). Well, since i'm an NVidia user, i'm happy to tell you that if you have a modern GPU in your machine, you don't need to worry since NVidia has released NVidia 396.24 that already supports XOrg 1.20. They are anticipating the release of this major update and update it accordingly. Kudos to NVidia folks.

For those who are using older version of GPU which is not supported by 396.24, you can try Drakeo's suggestion by adding this option in your /etc/X11/xorg.conf:
Section "ServerFlags"
Option "IgnoreABI" "1"
EndSection

by Willy Sudiarto Raharjo (noreply@blogger.com) at May 11, 2018 03:37 AM

May 10, 2018

Willy Sudiarto Raharjo

Moving to OpenSSL 1.1.0 and Firefox 60

Another wishlist is now partially included in Slackware-Current tree. Why partial? because i'm still waiting for OpenSSL 1.1.1+ which should have support for TLS 1.3, which is still in draft. Patrick pushed the openssl 1.1.0 package along with openssl10{-solibs} for backward compatibility that needs to be linked against older version of openssl. This ensures smooth transisitions for third party packages.

Another great news is that Firefox 60 will be the next base for ESR (Extended Support Release), which is basically a long term release. Thunderbird 60 will also be an ESR release as well and it's now in Beta version.

Since my last post, there has been a huge amount of updates in -current tree:
  • GIMP 2.10
  • Mesa 18.0.3
  • Pure ALSA system (in /extra)
  • Parallel 20180422
  • Meson 0.46.0
  • Many other updates
There's one wishlist left and that's KDE 5. Although i don't use KDE a lot, but supporting KDE 5 / Plasma 5 is a very nice update compared to 4. It has reached a mature and stable situation, thus ready for inclusion in Slackware. I hope it won't take long before KDE / Plasma 5  gets included in -Current and we can have Alpha/Beta 1 announced.

by Willy Sudiarto Raharjo (noreply@blogger.com) at May 10, 2018 09:08 AM

May 02, 2018

Willy Sudiarto Raharjo

Cinnamon 3.8 Packages For Slackware Current

Clem has just posted Cinnamon 3.8 announcement so i can push my work on Cinnamon 3.8 packages for Slackware Current users. The packages have been available for few days waiting for the official announcement and we also had some last-minute issue in Cinnamon which is finally fixed in Cinnamon 3.8.1.

The binary packages are built against Slackware Current per April update, but it should work with latest changes in May. Few packages have been dropped since 3.6 because some of them are now part of the main tree or no longer needed after discussion with upstream developers:
  • json-glib (included in -current per 1 May)
  • alacarte (deprecated; cinnamon-menu-editor available in Cinnamon package)
  • gnome-common (deprecated; no longer needed by any other deps)
  • speex (included in -current per 25 December)
Here are some changes taken from Linux Mint Blog :

  • CJS, the Javascript interpreter, was rebased on GJS 1.50.2 and now depends on mozjs52
  • Support was added for elogind, systemd-timedated1 (which should replace ntp and ntpdate in Linux Mint 19 Cinnamon Edition), and the admin:// protocol
  • Support was improved for GTK 3.22, CSD windows (in particular for their button layout and titlebar click actions) and LibreOffice (in nemo-preview)
  • With the exception of Nemo extensions, all Python components were ported to Python3
  • The network settings were backported from GNOME 3.24 and include fixes from GNOME 3.26
  • The region settings now support the ability to show uncommon/exotic keyboard layouts
  • In the power settings, “Shutdown immediately” can now be chosen for closed lid and critical battery power events
  • Cinnamon now activates the touchpad if no other pointing devices are present
  • The screen is now locked synchronously prior to suspend
  • Suspend, Hibernate and Screen rotation keys are now supported when the screen is locked
  • Cinnamon no longer allows DE-specific or poorly written applications to start the GNOME or MATE screensavers when the Cinnamon screensaver is running
  • Cinnamon no longer sets QT environment variables (distributions are responsible for making QT5 applications look good out of the box)
  • Titlebar themes are now restricted to metacity-3
  • Nemo-rabbitvcs is no longer maintained by Cinnamon but by RabbitVCS
  • Thumbnails can now be rendered for files as large as 32GB
  • Scale/Overview can now be activated via dbus
  • Xlets can now define column options when using lists, settings with dependencies now use a revealer, dependencies can now be inverted and defined on sections (not just widgets). Simple expressions using boolean operators can be used to compare values. The settings example applet was updated to showcase all these new additions.
Performance was also improved:
  • Improvements in muffin and the window list make Cinnamon feel snappier and much faster than before at rendering new windows.
  • Improvements in libnemo-extension and the way views are rendered make Nemo faster at showing the content of directories.
  • Improvements ported from GNOME reduce the occurrence of full stage redraws.
Look and feel was improved:
  • Window animations were refined. They feel smoother and add to the feeling of snappiness.
  • Symbolic icons give Cinnamon a more modern look and better support for dark themes.
  • The coordinates and size of some widgets and components were adjusted to fall on exact pixels (which results in removing a slight blurriness and making them look crisp).
  • The quit dialog no longer skips the taskbar
And also:
  • The nemo search was simplified and is easier to use. It’s also synchronous and much faster than before.
  • Rubber-banding, which was previously only available in icon view, is now also available in list view.
  • You can now press +Alt (or use the right-click option on the Show Desktop applet) to quickly see your desklets, without minimizing your windows. When doing so, desklets move above your windows, until you click anywhere.
  • Notifications are smarter. They now have a close button (which unlike the notification itself doesn’t send you towards the source application) and no longer fade-out on mouse-over. To avoid notification spam, they’re also limited in number per source and disappear when the application is focused, except for particular applications (Firefox, Chromium..etc) which use multiple tabs and which can send notifications for various internal sources. Notifications can now also show at the bottom of the screen.
  • The maximum sound volume was currently set to 150%, with the sound settings allowing to go all the way to 150% while the sound applet and media keys only allowed a range of 0 to 100%. Cinnamon now lets you define what the maximum sound volume is, between 0 and 150%, and all sound controls (whether it’s the sound settings, the sound applet or the media keys) now range between 0 and the maximum value you defined. This allows you to quickly reach 150% without going into the sound settings, but also to quickly reach any arbitrary value, whatever suits your speakers and your environment, whether that value is higher than 100% for small speakers in loud environments or lower than 100% in quiet environments.
  • In the sound applet, the microphone and the speakers can now be muted separately. An option was added to choose whether or not to force the aspect-ratio of the album art. Tracks can be changed by scrolling left/right (that option is configurable).

If you plan to build your own packages, please head to GitHub repository and clone the latest master update and use the build-cinnamon.sh script to build it according to the BUILD_ORDER.

Website is not yet updated as i'm waiting for next Slackware 15.0 gets released and then i will update the links and screenshots.

Enjoy Cinnamon 3.8 for Slackware Users!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at May 02, 2018 01:58 PM

April 20, 2018

Willy Sudiarto Raharjo

MSB and CSB Mass Rebuilt

Since Patrick decided to remove all .la files under /usr/lib{64}, i have rebuilt all MATE and CINNAMON packages that happened to have .la files under that folder. All the work has been pushed to the main repository (Thanks to Darren) and also to the github repository. You can use the same script to build everything from scratch or just some of the packages you need.

FYI, Cinnamon 3.8 is getting closer for final release as i saw Clem is tagging some of Cinnamon components in github. I will be focusing on supporting -Current at this point as it will be the next stable once it gets released and it should have no problem as most of the deps are already there.

by Willy Sudiarto Raharjo (noreply@blogger.com) at April 20, 2018 05:08 PM

April 19, 2018

Yudha

Slackware-current ChangeLog 20180419

Thu Apr 19 01:04:06 UTC 2018
Hi folks, and welcome to the third ever Slackware Mass Rebuild (and the
longest ChangeLog entry in project history). There were two primary
motivations for rebuilding everything in the main tree. The first was to
switch to the new C++ ABI. The second was to get rid of all the .la files
in the LD_LIBRARY_PATH. Really, having .la files installed has been mostly
obsolete since things began to use pkg-config instead, …

Cuplikan salam mengawali changelog hari ini.

Semoga bisa rilis bulan depan dan bersiap untuk upgrade setelah sekian lama.

by yht at April 19, 2018 01:42 PM

Willy Sudiarto Raharjo

Mass Rebuild to Remove .la files

Get ready folks, Patrick just pushed a mass rebuild on almost everything in the main tree to remove .la files and also switch to new C++ ABI. It must be done in a single sweep so it has been so quiet for few days concentrating on this process. Some third party packages are likely to get affected by this change, but Patrick has provided some trick in order to get them to build again:
rm /{,usr/}lib{,64}/*.la
Get ready to throttle your bandwidth and build machine if you have lots of third party packages built on your -current machine. It's time for a new challenge :)

by Willy Sudiarto Raharjo (noreply@blogger.com) at April 19, 2018 03:33 AM

April 10, 2018

Willy Sudiarto Raharjo

Slackware 13.x EOL in July

Patrick has been supporting older Slackware releases for more than 7 years and it's getting harder to push updates for those releases as their base libraries are too ancient. It will also keep his load high as it might take more time to inspect whether an update affected older releases and trying to build or patch packages to fix those issues.

Well, in the next few months (exactly one day after USA independency day), the support for all Slackware 13.x (13.0, 13.1, and 13.37) will expires and support will only be given to Slackware 14.x and future releases. You can see the notice in the Slackware 13.0 ChangeLog:
Fri Apr  6 20:47:43 UTC 2018
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
# #
# Effective July 5, 2018, security patches will no longer be #
# provided for the following versions of Slackware (which will all #
# be more than 7 years old at that time): #
# Slackware 13.0, Slackware 13.1, Slackware 13.37. #
# If you are still running these versions you should consider #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own #
# security patches. #
####################################################################

by Willy Sudiarto Raharjo (noreply@blogger.com) at April 10, 2018 01:21 AM

April 05, 2018

Willy Sudiarto Raharjo

GNOME Library Stack Update

Patrick has pushed an update to bump GNOME libraries to the latest one available, meeting the requirement to build latest GNOME 3.28 which was released on March 14. It will also give benefit for my MSB project and CSB Project as those two are based on GTK/GNOME libraries.

Other highlight of -Current development until early April are:
  • alsa stack upgraded to 1.1.6
  • openssh upgraded to 7.7p1
  • replace rxvt with rxvt-unicode
  • mesa upgraded to 18.0.0
  • vulkan-sdk upgraded to 1.1.70
  • gstreamer stack upgraded to 1.14
  • nmap upgraded to 7.70
  • meson upgraded to 0.45.1
  • rust upgraded to 1.24.1
  • python3 upgraded to 3.6.5
  • cmake upgraded to 3.11
  • icu4c upgraded to 61.1
  • poppler upgraded to 0.63.0

by Willy Sudiarto Raharjo (noreply@blogger.com) at April 05, 2018 01:01 AM

March 25, 2018

Willy Sudiarto Raharjo

Next Slackware Supports HTTP/2

While it has been requested for some time, i found it surprised that finally Patrick agreed to take Slackware to the next level in their next release: support of HTTP/2. Patrick added jansson and nghttp2 as new dependencies and then recompiled curl and httpd to add HTTP/2 support. HTTP/2 has been published as a standard in May 2015 as RFC 7540.

HTTP/2 is backward-compatible with previous version, plus it add more features that focus on improving page load speed and decreasing latency by utilizing:
  • Header compression
  • Request pipelines
  • Multiplexing and concurrency connections
  • Server push
  • Stream dependencies
It has been a long journey but finally next Slackware will adopt the latest standard while keeping the system still solid, robust, secure, and simple.

HTTP History (Credit by Akamai)

by Willy Sudiarto Raharjo (noreply@blogger.com) at March 25, 2018 01:12 AM

February 27, 2018

Willy Sudiarto Raharjo

Fixing Spectre/Meltdown in 14.2

Patrick has silently update the kernels in -stable releases to the latest kernel release found in kernel.org: 4.4.118. This release is known to fix the remaining Spectre/Meltdown vulnerabilities backported from mainline kernels, 4.15.x. Upstream developers are working to restore the performance penalty after the initial patch for KPTI may have significant performance loss up to 30%. It's still being baked and we might see them backported into older kernel releases, especially LTS version being used by many distributions.

I checked using the same script and now here's the results:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

by Willy Sudiarto Raharjo (noreply@blogger.com) at February 27, 2018 04:36 PM

February 24, 2018

Willy Sudiarto Raharjo

Moving to 64 bit

When i bought my new desktop at home, i already had a plan to reinstall my old desktop with Slackware64, but i didn't specify the timeframe or even the version i'm going to install with. The old one was 32 bit since i got it installed since 2009 and it has been working well so far, but it's getting slower for my needs where i got to use virtual machines to build packages for MATE and Cinnamon. It is a dual-core E5300 Intel CPU with 4 GB of RAM, 320 GB + 1 TB hard drive, and NVidia GeForce 7050.

Last week, i decided to try to remove Slackware from my old laptop and replace it with Solus 3. It was a great distro and it worked well on my laptop and probably my family could use it since i have a new laptop in place since last year. So yesterday i had an idea to try Solus 3 on my old desktop and instantly i reinstalled it using Solus 3 written to a flash drive. Everything was perfectly good until i need to install the NVidia driver legacy (304.xx). It wasn't working well on my system, so i decided it was a good idea to return back to Slackware, but this time it's 64 bit. So i installed Slackware64-14.2 from an official DVD i got from Slackware Store and have it ready in no time, thanks to the local repository i had on my computer. Installation was fast as usual and got everything upgraded to the latest -stable updates.

I'm waiting for the next Slackware 15.0 gets released and i'm going to upgrade this machine to 15.0. I'm pretty sure it's going to be another rock-solid release since i have been using it on my new desktop and laptop. It can be considered as a testbed for migrating the servers to Slackware 15.0 as well.

With this migration, i'm saying good bye to 32 bit architecture. It was a pleasant journey since my old time in elementary school where i got to learn computers for the first time, but it's now the 64 bit era for me. It was a little bit late, but at the end i move on. I do still have 1 machine that's using 32 bit, which is my wife's computer and i will probably leave that for now since it's working well and it's still good enough for her and kids' requirements.

by Willy Sudiarto Raharjo (noreply@blogger.com) at February 24, 2018 11:11 PM

February 09, 2018

Willy Sudiarto Raharjo

Spectre/Meltdown Finally Fixed in -current

Patrick has just pushed a new kernel in -current branch which is based on 4.14.x branch, which finally fixed the Spectre/Meltdown vulnerabilities as the IBPB support has been included in this release by Ashok Raj of Intel (See commit: d395d69de67ea95760e1f207eb0f6fdfbcb6e069. I have confirmed it by using this script. This batch of update also bump dbus, qpdf, nasm, MPlayer, mozilla-firefox and samba.

Here's the result on my AMD Ryzen machine:
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' 
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec:  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that your CPU is unaffected)
* Kernel supports Page Table Isolation (PTI):  YES
* PTI enabled and active:  NO
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

by Willy Sudiarto Raharjo (noreply@blogger.com) at February 09, 2018 02:20 PM

February 07, 2018

Willy Sudiarto Raharjo

MATE 1.20 Released

It's a little bit behind the original schedule, but MATE 1.20 is now released for public. It's been a great development cycle and it seems their efforts came to fruit even with last minute commits on adding HiDPI support.

Here's the highlight for MATE 1.20:
  • MATE Desktop 1.20 supports HiDPI displays with dynamic detection and scaling.
    • HiDPI hints for Qt applications are also pushed to the environment to improve cross toolkit integration.
    • Toggling HiDPI modes triggers dynamic resize and scale, no log out/in required.
  • Marco now supports DRI3 and XPresent, if available.
    • Frame rates in games are significantly increased when using Marco.
  • Marco now supports drag to quadrant window tiling, cursor keys can be used to navigate the Alt + tab switcher and keyboard shourtcuts to move windows to another monitor were added.
  • Support for Global Menu providers such as vala-panel-appmenu has been added.
  • MATE Panel has much improved Status Notifier Items (SNI) support.
  • Bookmarks now support GTK3+ locations.
  • MATE Terminal now supports background images, adds solarised themes and keybindings to switch tabs.
  • Atril, the document viewer, has had a massive overhaul and is better in every single way.
    • In particular accessibility support for visually impaired users is considerably improved.
    • Caret navigation has been added.
  • The Invest applet has been dropped from MATE Applets.
    • The API, provided by Yahoo, has been discontinued and there is no reputable drop in replacement available.
  • Panel applets now size correctly based on the units being displayed and many graphs are dynamically scaled.
  • MATE Themes have seen significant improvements to fully implement all style classes exposed by GTK 3.22
  • Engrampa, the archive viewer, has improved support for encrypted 7z archives.
  • MATE Sensors Applet (finally) supports udisks2.
  • OpenBSD authentication is supported in MATE Screensaver and minizip in Atril supports more BSD variants.
  • A-n-d for distro maintainers we’ve bumped the minimum GTK3+ and GLib requirements.
    • GTK 3.22 and GLib 2.50 or newer are required to build MATE Desktop 1.20.
If you look at the last entry, you will notice that it would be impossible to build MATE 1.20 on top of Slackware 14.2 since it's using older version of GTK+3 and GLIB libraries. Therefore, i only provide binary packages for x86_64 architecture. These packages will then be used by Eric Hameleers to create a Slackware Live ISO which is using MATE instead of KDE or any other DE. It can be used as a testing environment or demo showcase. If you need 32 bit packages, i would suggest to clone the project SlackBuild in GitHub and use it to build your own package. You can use the mate-build-{deps,base,extra}.sh script to automatically build them and install them according to the correct build order. You can grab the sources here.

by Willy Sudiarto Raharjo (noreply@blogger.com) at February 07, 2018 03:42 PM

January 31, 2018

Willy Sudiarto Raharjo

LibreOffice 6.0.0 Released

At the end of January, The Document Foundation has released LibreOffice 6.0, a new major release for their office suite that includes so many new and interesting features:
  • Support for OpenPGP to digitally sign documents
  • Better interoperability on OOXML formats
  • New ePUB export and QuarkXPress import support
  • New online HELP system
  • Default slide size has been switched to 16:9
  • New template for Impress
  • New form menu to create PDF forms
  • Enhanced find toolbar
  • More 1.2 ODF-compliant functions
  • Cell range export to PNG/JPG
  • Better NotebookBar
  • Improved MailMerge functions
  • New splash screen
For more detailed changes, please refer to the Release Notes or watch the video:

At this moment, i have pushed the changes for SBo and it will be part of the next public update, which will be this weekend.

by Willy Sudiarto Raharjo (noreply@blogger.com) at January 31, 2018 01:36 PM

January 29, 2018

Ali Ahmadi

Mencoba Xfce GTK+3 di Slackware Linux

بِسْمِ اللهِ الرَّحْمٰنِ الرَّحِيمِ Lingkungan desktop Xfce merupakan salah satu lingkungan desktop bebas untuk sistem operasi Unix dan mirip Unix yang terkenal memiliki antarmuka yang sederhana namun tetap cantik, ramah pengguna, ringan, cepat, serta memiliki penggunaan sumber daya sistem yang cukup rendah. Saat ini lingkungan desktop Xfce ini sedang dalam proses pengembangan untuk beralih dari … Lanjutkan membaca Mencoba Xfce GTK+3 di Slackware Linux

by idnux at January 29, 2018 02:30 PM

January 26, 2018

Willy Sudiarto Raharjo

What's New in 2018

Welcome to 2018.

It's been almost a month without any single post and i think it's about time that we catch up with all Slackware changes in -current branch as they are getting more excited in this year.

There was a chaos in the early of January when Spectre/Meltdown attack was disclosed. Many vendors/upstreams are releasing new version, helping downstream projects, and backporting to older releases as far as they can. It's still a in-progress effort by many projects and we will still likely to see many changes in the following months, especially in the kernel area.

Back to Slackware development, Patrick has just pushed a new GCC release (7.3.0) which has support for -mindirect-branch=thunk-extern flag which is needed to provide full mitigation of Spectre variant 2 and also push a new kernel built with CONFIG_RETPOLINE=y.Fixes to Meltdown has been pushed earlier when he delivered Linux Kernel 4.14.14 with KPTI enabled. As for Spectre variant 1, it all depends on microcode update. If you are AMD users, you can easily get it by updating to the latest kernel-firmware package found in -current. Intel users will have to install intel-microcode from SBo repository (it's best to be installed alongside with iucode_tool).

Several new packages has been introduced in the current tree since November 2017:
  • libunwind
  • id3lib
  • easytag
  • opus-tools
  • opus
  • opusfile
  • speex
  • Mako
  • libsodium
  • xf86-video-vboxvideo
  • lzlib
  • plzib
  • man-db
  • talloc
  • tdb
  • tevent
  • intel-vaapi-driver
  • libva-utils
Most of the packages found in -current tree has been updated to the latest version, but i'm still waiting for the last 2 of my wishlist:
  • Migrate to Qt5 and KDE 5
  • Migrate to OpenSSL 1.1.x (Support TLS 1.3).
AlienBOB has published his work on latest KDE 5 and even published a new Plasma5 Live ISO for testing. I have tried to run the ISO image on a virtual machine environment, install to virtual hard drive, and everything works out of the box. It's simply amazing and i can't wait to get KDE 5 merged to Slackware-Current as the underlying packages has been declared LTS by upstream and it's a good base for Slackware since it will have long support from upstream. Slackware itself is known to have a good long support by Patrick himself.

by Willy Sudiarto Raharjo (noreply@blogger.com) at January 26, 2018 01:54 PM

December 31, 2017

Willy Sudiarto Raharjo

Closing on 2017

It's almost the end of the year 2017 and things are looking great for Slackware development as -current gets more mature everyday with contributions from many people. It's not yet considered Alpha or Beta 1 yet, but if you look at the CHANGES_AND_HINTS, you will notice a lot of packages gets added in this cycle (rust, meson, python3, SDL2, FFmpeg, libwebp, libsodium, libinput, vulkansdk, dovecot, libbluray, and xorriso are some of the big one) and we also have ash -> dash, slocate -> mlocate, man -> man-db, sendmail -> postfix and tetex -> texlive substitution. Almost all of my wishlist (except for the last two by the time i wrote this few days before it was scheduled to be posted while i am away) are now included in -current as well (i hope they will all get approved for Slackware 15.0). With Patrick being more active in LQ, more reports are coming in on this thread (now changed into a new thread). Issues gets found quickly and resolved in short time.

Meanwhile, KDE has just released their KDE Applications 17.12 that gets rid of KDE 4 completely. Eric Hameleers has been working on that and he has posted on his blog about his work. A new LiveSlack ISO is also available as well with all those changes. He is currently working on testing wayland on top of Slackware-Current and i think he has nailed it with his progress in November. More tweaks are still needed to makes every applications are working well, but overall it's working already.

MATE developers have decided to loosen the release schedule to one release per year instead of two, which was following Ubuntu release cycle. By having longer release schedule, the developers has more time to provide bug fix releases as they did with 1.18.x at this moment. In the past, stable releases are only supported for a short time since they need to prepare for next release, causing some features not yet implemented. They are planning to release MATE 1.20 in January (unless there's a delay) but it will not be possible to install it on top of Slackware 14.2 since they have raised the GTK+3 version requirements. It enables them to remove old codes and also fix many bugs that happened only with older GTK+3 releases.

SBo project is also kicking in 2017. Based on some statistics, we had more than 9600 commits alone this year coming from more than 300 contributors and a total of 6868 scripts for 14.2 repository. We also had a new machine replacing the old server which was coming from donations from our users and sponsors. The new servers is way more powerful than the previous one and it enables us to serve users with more resources with better infrastructure.

sbopkg is still alive and there's some new features included in the master branch already which should make sqg LOT faster, thanks to Marcel Saegebarth for his contributions. You will need to install parallel to get the best of sqg in the next release. Basically it allows you to maximize your machine's CPUs to generate all the queue files. On my new Ryzen machine which has 6 (+6) cores, i test it using time sqg -a -j 24 and i can complete the whole process in 67 seconds.

We are now looking forward toward 2018 and hoping that it could be a better year for all open source projects, especially Slackware-related projects.

by Willy Sudiarto Raharjo (noreply@blogger.com) at December 31, 2017 04:30 PM

December 27, 2017

Ozzie

RepetierHost on Slackware

Prerequisite:


download & build libgdiplus

Creating Slackware package:  /tmp/libgdiplus-5.4-i586-1_SBo.tgz
./
install/
install/doinst.sh
install/slack-desc
usr/
usr/doc/
usr/doc/libgdiplus-5.4/
usr/doc/libgdiplus-5.4/README
usr/doc/libgdiplus-5.4/INSTALL
usr/doc/libgdiplus-5.4/LICENSE
usr/doc/libgdiplus-5.4/AUTHORS
usr/doc/libgdiplus-5.4/TODO
usr/doc/libgdiplus-5.4/ChangeLog
usr/doc/libgdiplus-5.4/NEWS
usr/doc/libgdiplus-5.4/MPL-1.1.html
usr/doc/libgdiplus-5.4/libgdiplus.SlackBuild
usr/lib/
usr/lib/pkgconfig/
usr/lib/pkgconfig/libgdiplus.pc
usr/lib/libgdiplus.la
usr/lib/libgdiplus.so.0.0.0
 
Slackware package /tmp/libgdiplus-5.4-i586-1_SBo.tgz created.
root@x86:~# installpkg  /tmp/libgdiplus-5.4-i586-1_SBo.tgz


download & build Mono

usr/lib/pkgconfig/reactive.pc
usr/lib/pkgconfig/wcf.pc
usr/lib/pkgconfig/system.web.extensions.design_1.0.pc
usr/lib/pkgconfig/dotnet.pc
usr/lib/pkgconfig/system.web.mvc.pc
usr/lib/pkgconfig/cecil.pc
usr/lib/pkgconfig/aspnetwebstack.pc
usr/lib/pkgconfig/mono-options.pc
usr/lib/pkgconfig/mono.pc
usr/lib/libmonosgen-2.0.so.1.0.0
usr/lib/libmono-profiler-iomap.la
usr/lib/libmono-profiler-aot-static.la
usr/lib/libmono-profiler-log.so.0.0.0
usr/lib/libMonoPosixHelper.a
usr/lib/libmono-profiler-log.a
usr/lib/libmono-profiler-log-static.la
usr/lib/libmonosgen-2.0.a
usr/lib/libmono-profiler-log.la
usr/lib/libmonoboehm-2.0.so.1.0.0
usr/lib/libmonosgen-2.0.la
usr/lib/libMonoPosixHelper.la
usr/lib/libMonoSupportW.la
usr/lib/libmono-profiler-iomap-static.a
usr/lib/libikvm-native.a
 
Slackware package /tmp/mono-5.0.1.1-i586-1_SBo.tgz created.
root@x86:~# installpkg  /tmp/mono-5.0.1.1-i586-1_SBo.tgz


Download Slic3r

# wget https://dl.slic3r.org/linux/slic3r-linux-x86-1-2-9-stable.tar.gz
# tar zxvf slic3r-linux-x86-1-2-9-stable.tar.gz 
# mv Slic3r /opt/
# /opt/Slic3r/bin/slic3r


Download RepetierHost

# wget http://download.repetier.com/files/host/linux/repetierHostLinux_2_0_5.tgz
# tar zxvf repetierHostLinux_2_0_5.tgz
# mv RepetierHost /opt/


Edit /opt/RepetierHost/repetierHost

#!/bin/sh
cd /rh/linux/RepetierHost
mono RepetierHost.exe -home /rh/linux/RepetierHost&

TO:

#!/bin/sh
cd /opt/RepetierHost
mono RepetierHost.exe -home /opt/RepetierHost&

Exec:

# /opt/RepetierHost/repetierHost

by ozzie at December 27, 2017 04:56 AM

December 26, 2017

Ozzie

Build MongoDB

download Slackbuilds script (https://slackbuilds.org/repository/14.2/system/mongodb/)

# groupadd -g 285 mongo
# useradd -u 285 -d /var/lib/mongodb -s /bin/false -g mongo mongo

download mongodb 3.6.0

# wget https://fastdl.mongodb.org/src/mongodb-src-r3.6.0.tar.gz?_ga=2.101953665.1097124381.1514254447-1902365496.1510723651

edit monogodb.Slackbuild

PRGNAM="mongodb"
VERSION=${VERSION:-3.4.9}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
MAKEJOBS=${MAKEJOBS:-1}

to:

VERSION=${VERSION:-3.6.0}

execute:

# ./mongodb.Slackbuild

ops error:

Compiling build/opt/mongo/scripting/mozjs/base.o
cc1plus: fatal error: js-config.h: No such file or directory
compilation terminated.
scons: *** [build/opt/mongo/scripting/mozjs/base.o] Error 1
scons: building terminated because of errors.
build/opt/mongo/scripting/mozjs/base.o failed: Error 1

copy header js-config.h

#  cp /tmp/SBo/mongodb-src-r3.6.0/src/third_party/mozjs-45/platform/
x86_64/linux/include/js-config.h /usr/include/

re-execute

# ./mongodb.Slackbuild

edit /etc/rc.d/rc.local

if [ -x /etc/rc.d/rc.mongodb ]; then
    /etc/rc.d/rc.mongodb start
fi

by ozzie at December 26, 2017 06:18 AM

December 22, 2017

Ozzie

slackware-14.2 yubikey Validation

Download Source

root@badak2:~# git clone https://github.com/Yubico/yubikey-val.git
Cloning into 'yubikey-val'...
remote: Counting objects: 3150, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 3150 (delta 0), reused 1 (delta 0), pack-reused 3147
Receiving objects: 100% (3150/3150), 766.74 KiB | 216.00 KiB/s, done.
Resolving deltas: 100% (1940/1940), done.
Checking connectivity... done.


edit Makefile

root@badak2:~# cd yubikey-val/
root@badak2:~/yubikey-val# vi Makefile


From:

wwwgroup = www-data
wwwprefix = /var/www/wsapi

TO:

wwwgroup = apache
wwwprefix = /var/www/htdocs/wsapi

Install

root@badak2:~/yubikey-val# make install
install -D --mode 644 ykval-verify.php /usr/share/yubikey-val/ykval-verify.php
install -D --mode 644 ykval-common.php /usr/share/yubikey-val/ykval-common.php
install -D --mode 644 ykval-synclib.php /usr/share/yubikey-val/ykval-synclib.php
install -D --mode 644 ykval-sync.php /usr/share/yubikey-val/ykval-sync.php
install -D --mode 644 ykval-resync.php /usr/share/yubikey-val/ykval-resync.php
install -D --mode 644 ykval-db.php /usr/share/yubikey-val/ykval-db.php
install -D --mode 644 ykval-db-pdo.php /usr/share/yubikey-val/ykval-db-pdo.php
install -D --mode 644 ykval-db-oci.php /usr/share/yubikey-val/ykval-db-oci.php
install -D --mode 644 ykval-log.php /usr/share/yubikey-val/ykval-log.php
install -D --mode 644 ykval-log-verify.php /usr/share/yubikey-val/ykval-log-verify.php
install -D ykval-queue /usr/sbin/ykval-queue
install -D ykval-synchronize /usr/sbin/ykval-synchronize
install -D ykval-export /usr/sbin/ykval-export
install -D ykval-import /usr/sbin/ykval-import
install -D ykval-gen-clients /usr/sbin/ykval-gen-clients
install -D ykval-export-clients /usr/sbin/ykval-export-clients
install -D ykval-import-clients /usr/sbin/ykval-import-clients
install -D ykval-checksum-clients /usr/sbin/ykval-checksum-clients
install -D ykval-checksum-deactivated /usr/sbin/ykval-checksum-deactivated
install -D ykval-nagios-queuelength.php /usr/sbin/ykval-nagios-queuelength
install -D ykval-queue.1 /usr/share/man/man1/ykval-queue.1
install -D ykval-synchronize.1 /usr/share/man/man1/ykval-synchronize.1
install -D ykval-import.1 /usr/share/man/man1/ykval-import.1
install -D ykval-export.1 /usr/share/man/man1/ykval-export.1
install -D ykval-gen-clients.1 /usr/share/man/man1/ykval-gen-clients.1
install -D ykval-import-clients.1 /usr/share/man/man1/ykval-import-clients.1
install -D ykval-export-clients.1 /usr/share/man/man1/ykval-export-clients.1
install -D ykval-checksum-clients.1 /usr/share/man/man1/ykval-checksum-clients.1
install -D ykval-checksum-deactivated.1 /usr/share/man/man1/ykval-checksum-deactivated.1
install -D ykval-munin-ksmlatency.php /usr/share/munin/plugins/ykval_ksmlatency
install -D ykval-munin-vallatency.php /usr/share/munin/plugins/ykval_vallatency
install -D ykval-munin-queuelength.php /usr/share/munin/plugins/ykval_queuelength
install -D ykval-munin-responses.pl /usr/share/munin/plugins/ykval_responses
install -D ykval-munin-ksmresponses.pl /usr/share/munin/plugins/ykval_ksmresponses
install -D ykval-munin-yubikeystats.php /usr/share/munin/plugins/ykval_yubikeystats
install -D --backup --mode 640 --group apache ykval-config.php /etc/yubico/val/ykval-config.php
install -D --mode 644 ykval-db.sql /usr/share/doc/yubikey-val/ykval-db.sql
install -D --mode 644 ykval-db.oracle.sql /usr/share/doc/yubikey-val/ykval-db.oracle.sql
install -D --mode 644 doc/Generating_Clients.adoc doc/Getting_Started_Writing_Clients.adoc 
doc/Import_Export_Data.adoc doc/Installation.adoc doc/Make_Release.adoc doc/Munin_Probes.adoc 
doc/Revocation_Service.adoc doc/Server_Replication_Protocol.adoc doc/Sync_Monitor.adoc 
doc/Troubleshooting.adoc doc/Validation_Protocol_V2.0.adoc doc/Validation_Server_Algorithm.adoc 
doc/YubiKey_Info_Format.adoc /usr/share/doc/yubikey-val/

Setup & Import MySQL

root@badak2:~/yubikey-val# mysql_install_db --user=mysql
Installing MariaDB/MySQL system tables in '/var/lib/mysql' ...
171222  0:38:39 [Note] /usr/libexec/mysqld (mysqld 10.0.26-MariaDB) starting as process 1116 ...
171222  0:38:39 [Note] InnoDB: Using mutexes to ref count buffer pool pages
171222  0:38:39 [Note] InnoDB: The InnoDB memory heap is disabled
171222  0:38:39 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
 
root@badak2:~/yubikey-val# chmod  +x /etc/rc.d/rc.mysqld
root@badak2:~/yubikey-val# /etc/rc.d/rc.mysqld  start
 
root@badak2:~/yubikey-val# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.0.26-MariaDB MariaDB Server
 
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database ykval;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> \q
Bye
 
root@badak2:~/yubikey-val# mysql -u root -p ykval < /usr/share/doc/yubikey-val/ykval-db.sql
Enter password:


SETUP OTP interface

root@badak2:~/yubikey-val# make symlink
install -d /var/www/htdocs/wsapi/2.0
ln -sf /usr/share/yubikey-val/ykval-verify.php /var/www/htdocs/wsapi/2.0/verify.php
ln -sf /usr/share/yubikey-val/ykval-sync.php /var/www/htdocs/wsapi/2.0/sync.php
ln -sf /usr/share/yubikey-val/ykval-resync.php /var/www/htdocs/wsapi/2.0/resync.php
ln -sf 2.0/verify.php /var/www/htdocs/wsapi/verify.php
root@badak2:~/yubikey-val#

add to php.ini

include_path ".:/etc/yubico/val:/usr/share/yubikey-val"

enable httpd, php, PDO

root@badak2:~/yubikey-val# chmod  +x /etc/rc.d/rc.httpd
root@badak2:~/yubikey-val# /etc/rc.d/rc.httpd start


configure .htaccess

RewriteEngine on
RewriteRule ^([^/\.\?]+)(\?.*)?$ $1.php$2 [L]


TEST

root@badak2:~#  wget -q -O - 'http://localhost/wsapi/2.0/verify
id=1&nonce=asdmalksdmlkasmdlkasmdlakmsdaasklmdlak&otp=dteffujehknhfjbrj
nlnldnhcujvddbikngjrtgh'
h=oVM9kkOCsoXtYkNrWlREc7iJny0=
t=2017-12-21T18:04:06Z0202
status=NO_SUCH_CLIENT

by ozzie at December 22, 2017 12:26 AM

December 21, 2017

Ozzie

slackware-14.2 yubikey Key-Storage-Module

req:
Slackware Linux
Apache, PHP, MySQL, OpenPGP
yubikey-KSM

Download source

root@badak1:~# git clone https://github.com/Yubico/yubikey-ksm.git
Cloning into 'yubikey-ksm'...
remote: Counting objects: 681, done.
remote: Total 681 (delta 0), reused 0 (delta 0), pack-reused 681
Receiving objects: 100% (681/681), 133.22 KiB | 154.00 KiB/s, done.
Resolving deltas: 100% (398/398), done.
Checking connectivity... done.
root@badak1:~#


edit Makefile

root@badak1:~# cd yubikey-ksm/
root@badak1:~/yubikey-ksm# vi Makefile


FROM

wwwgroup = www-data
wwwprefix = /var/www/wsapi

TO

wwwgroup = apache
wwwprefix = /var/www/htdocs/wsapi

Build & Install

root@badak1:~/yubikey-ksm# make install
install -D --mode 640 .htaccess /usr/share/yubikey-ksm/.htaccess
install -D --mode 640 ykksm-decrypt.php /usr/share/yubikey-ksm/ykksm-decrypt.php
install -D --mode 640 ykksm-utils.php /usr/share/yubikey-ksm/ykksm-utils.php
install -D ykksm-gen-keys /usr/bin/ykksm-gen-keys
install -D ykksm-import /usr/bin/ykksm-import
install -D ykksm-export /usr/bin/ykksm-export
install -D ykksm-checksum /usr/bin/ykksm-checksum
install -D --backup --mode 640 --group apache ykksm-config.php /etc/yubico/ksm/ykksm-config.php
install -D ykksm-gen-keys.1 /usr/share/man/man1/ykksm-gen-keys.1
install -D ykksm-import.1 /usr/share/man/man1/ykksm-import.1
install -D ykksm-export.1 /usr/share/man/man1/ykksm-export.1
install -D ykksm-checksum.1 /usr/share/man/man1/ykksm-checksum.1
install -D ykksm-db.sql /usr/share/doc/yubikey-ksm/ykksm-db.sql
install -D Makefile /usr/share/doc/yubikey-ksm/ykksm.mk
install -D doc/Decryption_Protocol.adoc doc/Design_Goals.adoc doc/Generate_Keys.adoc 
doc/Generate_KSM_Key.adoc doc/Import_Keys_To_KSM.adoc doc/Installation.adoc 
doc/Key_Provisioning_Format.adoc doc/Server_Hardening.adoc doc/Sync_Monitor.adoc 
/usr/share/doc/yubikey-ksm/
root@badak1:~/yubikey-ksm#


Configure & Import MySQL

root@badak1:~# mysql_install_db --user=mysql
root@badak1:~# chmod 755 /etc/rc.d/rc.mysqld
root@badak1:~# /etc/rc.d/rc.mysqld  start
root@badak1:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.0.26-MariaDB MariaDB Server
 
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database ykksm;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> \q
Bye
root@badak1:~# mysql -u root -p ykksm < /usr/share/doc/yubikey-ksm/ykksm-db.sql

Edit php.ini

include_path = "/etc/yubico/ksm:/usr/share/yubikey-ksm"

Install OTP

root@badak1:~/yubikey-ksm# make -f /usr/share/doc/yubikey-ksm/ykksm.mk symlink
install -d /var/www/htdocs/wsapi
ln -sf /usr/share/yubikey-ksm/.htaccess /var/www/htdocs/wsapi/.htaccess
ln -sf /usr/share/yubikey-ksm/ykksm-decrypt.php /var/www/htdocs/wsapi/decrypt.php
root@badak1:~/yubikey-ksm#

Generate KSM Key

root@badak1:~# gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
 
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) Y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
 
Real name: ozzienich
Email address: penjaga@kebonbinatang.org
Comment: --
You selected this USER-ID:
    "ozzienich (--) <penjaga@kebonbinatang.org>"
 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
 
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 654FBFAC marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/654FBFAC 2017-12-21
      Key fingerprint = 573F 524E 5A53 C893 87E4  AA47 5D00 059F 654F BFAC
uid                  ozzienich (--) <penjaga@kebonbinatang.org>
sub   2048R/EA96F715 2017-12-21
 
root@badak1:~# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/654FBFAC 2017-12-21
uid                  ozzienich (--) <penjaga@kebonbinatang.org>
sub   2048R/EA96F715 2017-12-21

Generate Keys

root@badak1:~# ykksm-gen-keys --urandom 1 10 | gpg -a --encrypt -r 654FBFAC  -s > keys.txt
You need a passphrase to unlock the secret key for
user: "ozzienich (--) <penjaga@kebonbinatang.org>"
2048-bit RSA key, ID 654FBFAC, created 2017-12-21
 
root@badak1:~# gpg < keys.txt
You need a passphrase to unlock the secret key for
user: "ozzienich (--) <penjaga@kebonbinatang.org>"
2048-bit RSA key, ID EA96F715, created 2017-12-21 (main key ID 654FBFAC)
 
gpg: encrypted with 2048-bit RSA key, ID EA96F715, created 2017-12-21
      "ozzienich (--) <penjaga@kebonbinatang.org>"
# ykksm 1
# serialnr,identity,internaluid,aeskey,lockpw,created,accessed[,progflags]
1,cccccccccccb,8f571fa25058,fb97d03b7126d1cde2437a9dedac3f28,581a6c4ed37e,2017-12-21T15:38:02,
2,cccccccccccd,5b77a49decb3,0f6d2512cd851fecf62ac563ed6a8a28,2494828d32a8,2017-12-21T15:38:02,
3,ccccccccccce,5fb827ac0f57,09857027dd82a0ac835701cd54fe4b7d,c18b216cfa9c,2017-12-21T15:38:02,
4,cccccccccccf,33fb7d3c6875,fdf7bdc7af6f84fece2d8d3e36e2da37,dc7191563906,2017-12-21T15:38:02,
5,cccccccccccg,df3e9f911fbe,455acd1d2ce2297964dd003af33651f4,f0ef56b46c92,2017-12-21T15:38:02,
6,ccccccccccch,2c525fc6fbd6,6412532c160cb7a66c69d79372d84115,da95b9e2b6ce,2017-12-21T15:38:02,
7,ccccccccccci,acfab204f600,aea86d571d39224d9eadc7c1a323b5f2,22d8ddbee8e2,2017-12-21T15:38:02,
8,cccccccccccj,bd602f2c5a0b,1407a47e262a4d5e42d2c9dd0529a95f,f351df3fea41,2017-12-21T15:38:02,
9,ccccccccccck,9f674f8d73f2,f27505d5deda0c4dc33764e7bf009afa,537c32f72293,2017-12-21T15:38:02,
10,cccccccccccl,ae986cf8f6d6,84cc170bc1c9e4c9381a6cca46140bac,75aeb77c0c20,2017-12-21T15:38:02,
# the end
gpg: Signature made Thu 21 Dec 2017 03:38:02 PM WIB using RSA key ID 654FBFAC
gpg: Good signature from "ozzienich (--) <penjaga@kebonbinatang.org>"
root@badak1:~#


Import Keys To Yubikey KSM

root@badak1:~# ykksm-import --verbose --database 'DBI:mysql:dbname=ykksm;host=localhost' --db-user XXXX --db-passwd XXXX < ~/keys.txt
 
You need a passphrase to unlock the secret key for
user: "ozzienich (--) <penjaga@kebonbinatang.org>"
2048-bit RSA key, ID EA96F715, created 2017-12-21 (main key ID 654FBFAC)
 
Verification output:
[GNUPG:] ENC_TO F13DAD25EA96F715 1 0
[GNUPG:] USERID_HINT F13DAD25EA96F715 ozzienich (--) <penjaga@kebonbinatang.org>
[GNUPG:] NEED_PASSPHRASE F13DAD25EA96F715 5D00059F654FBFAC 1 0
[GNUPG:] GOOD_PASSPHRASE
gpg: encrypted with 2048-bit RSA key, ID EA96F715, created 2017-12-21
      "ozzienich (--) <penjaga@kebonbinatang.org>"
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 2 9
[GNUPG:] PLAINTEXT 62 1513845482
gpg: Signature made Thu 21 Dec 2017 03:38:02 PM WIB using RSA key ID 654FBFAC
[GNUPG:] SIG_ID tYngCEEO/FWR5YCuKihwjTajxo0 2017-12-21 1513845482
[GNUPG:] GOODSIG 5D00059F654FBFAC ozzienich (--) <penjaga@kebonbinatang.org>
gpg: Good signature from "ozzienich (--) <penjaga@kebonbinatang.org>"
[GNUPG:] VALIDSIG 573F524E5A53C89387E4AA475D00059F654FBFAC 2017-12-21 1513845482 0 4 0 1 8 00 573F524E5A53C89387E4AA475D00059F654FBFAC
[GNUPG:] TRUST_ULTIMATE
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION
encrypted to: F13DAD25EA96F715
signed by: 654FBFAC
 
You need a passphrase to unlock the secret key for
user: "ozzienich (--) <penjaga@kebonbinatang.org>"
2048-bit RSA key, ID EA96F715, created 2017-12-21 (main key ID 654FBFAC)
 
line: 1,cccccccccccb,8f571fa25058,fb97d03b7126d1cde2437a9dedac3f28,581a6c4ed37e,2017-12-21T15:38:02,
        serialnr 1 publicname cccccccccccb internalname 8f571fa25058 aeskey fb97d03b7126d1cde2437a9dedac3f28 
lockcode 581a6c4ed37e created 2017-12-21T15:38:02 accessed  eol
line: 2,cccccccccccd,5b77a49decb3,0f6d2512cd851fecf62ac563ed6a8a28,2494828d32a8,2017-12-21T15:38:02,
        serialnr 2 publicname cccccccccccd internalname 5b77a49decb3 aeskey 0f6d2512cd851fecf62ac563ed6a8a28 
lockcode 2494828d32a8 created 2017-12-21T15:38:02 accessed  eol
line: 3,ccccccccccce,5fb827ac0f57,09857027dd82a0ac835701cd54fe4b7d,c18b216cfa9c,2017-12-21T15:38:02,
        serialnr 3 publicname ccccccccccce internalname 5fb827ac0f57 aeskey 09857027dd82a0ac835701cd54fe4b7d 
lockcode c18b216cfa9c created 2017-12-21T15:38:02 accessed  eol
line: 4,cccccccccccf,33fb7d3c6875,fdf7bdc7af6f84fece2d8d3e36e2da37,dc7191563906,2017-12-21T15:38:02,
        serialnr 4 publicname cccccccccccf internalname 33fb7d3c6875 aeskey fdf7bdc7af6f84fece2d8d3e36e2da37 
lockcode dc7191563906 created 2017-12-21T15:38:02 accessed  eol
line: 5,cccccccccccg,df3e9f911fbe,455acd1d2ce2297964dd003af33651f4,f0ef56b46c92,2017-12-21T15:38:02,
        serialnr 5 publicname cccccccccccg internalname df3e9f911fbe aeskey 455acd1d2ce2297964dd003af33651f4 
lockcode f0ef56b46c92 created 2017-12-21T15:38:02 accessed  eol
line: 6,ccccccccccch,2c525fc6fbd6,6412532c160cb7a66c69d79372d84115,da95b9e2b6ce,2017-12-21T15:38:02,
        serialnr 6 publicname ccccccccccch internalname 2c525fc6fbd6 aeskey 6412532c160cb7a66c69d79372d84115 
lockcode da95b9e2b6ce created 2017-12-21T15:38:02 accessed  eol
line: 7,ccccccccccci,acfab204f600,aea86d571d39224d9eadc7c1a323b5f2,22d8ddbee8e2,2017-12-21T15:38:02,
        serialnr 7 publicname ccccccccccci internalname acfab204f600 aeskey aea86d571d39224d9eadc7c1a323b5f2 
lockcode 22d8ddbee8e2 created 2017-12-21T15:38:02 accessed  eol
line: 8,cccccccccccj,bd602f2c5a0b,1407a47e262a4d5e42d2c9dd0529a95f,f351df3fea41,2017-12-21T15:38:02,
        serialnr 8 publicname cccccccccccj internalname bd602f2c5a0b aeskey 1407a47e262a4d5e42d2c9dd0529a95f 
lockcode f351df3fea41 created 2017-12-21T15:38:02 accessed  eol
line: 9,ccccccccccck,9f674f8d73f2,f27505d5deda0c4dc33764e7bf009afa,537c32f72293,2017-12-21T15:38:02,
        serialnr 9 publicname ccccccccccck internalname 9f674f8d73f2 aeskey f27505d5deda0c4dc33764e7bf009afa 
lockcode 537c32f72293 created 2017-12-21T15:38:02 accessed  eol
line: 10,cccccccccccl,ae986cf8f6d6,84cc170bc1c9e4c9381a6cca46140bac,75aeb77c0c20,2017-12-21T15:38:02,
        serialnr 10 publicname cccccccccccl internalname ae986cf8f6d6 aeskey 84cc170bc1c9e4c9381a6cca46140bac 
lockcode 75aeb77c0c20 created 2017-12-21T15:38:02 accessed  eol

by ozzie at December 21, 2017 03:13 PM

December 08, 2017

Willy Sudiarto Raharjo

New Desktop Machine

Last week, i decided to buy a new desktop machine for my home as my old desktop is now getting rusty and it's hard to keep up with all the requirements i need. Also it's a good time to switch to x86_64 architecture as my old desktop has been staying at x86 for a long time. I always follow -current development, so i never upgraded my system since the first time i install Slackware on that machine (i believe it was Slackware 13.0). It has been serving me over a great 8 years since 2009 looking from the result of this command:
tune2fs -l /dev/sda8 | grep created
Filesystem created:       Tue Oct  6 03:29:23 2009


So i decided to buy a non-branded PC, but rather i built one myself so i get to pick which parts i'm going to use and finally i decided to take this part:
I actually didn't plan to buy NVidia GTX, but i didn't realized that Ryzen didn't come up with GPU just like Intel and the motherboard doesn't provide one either, so i ended up with another NVidia product which is the moderate level product since i'm not a gamer. I was also surprised to see that Ryzen 1600x doesn't come up with a heat sink so i had to buy a heat sink for it. Hyper 212 LED is a good product and now the temperature is less than 25 C.

The installation of Windows 10 went smooth and i quickly upgrade it to latest Fall Creator update (build 1709) in no time alongside with installation of other applications that i need in Windows environment. I also had time to update my BIOS to the latest version with the utility provided by the vendor. Since i was able to work with UEFI on my laptop, i decided to try again on my new machine and it seems to be a bad decision as i had trouble with it when installing Slackware.

For Slackware installation, i tried to use the -current snapshot per December 4 which already reverted back to Linux Kernel 4.9.66, but i had an infinite loop of IRQ handle messages during initial boot that prevents me to go further. Next i tried to boot using Slackware 14.2 DVD which surprisingly work well so i ended up installing Slackware 14.2 x86_64 before i switched to Slackware64 Current using a local repository i had on my old desktop. I had another issue during boot loader selection as it didn't install elilo even though i have /boot/efi partition detected so i decided to use grub just like what i did with my laptop but i left out Windows since it wasn't detected. When i rebooted, it ended with the same failure as the initial installation. It turns out that Linux Kernel 4.9.x didn't play nice with my Ryzen, so i tried to boot again with my Slackware DVD and this time, i chroot into my root partition and upgrade the kernel to use the latest 4.14.x kernel from testing/. Surprisingly, it worked fine (there's a kernel oops at the beginning about AMD GPIO handler, but it worked fine after that) so i ended up using Linux Kernel 4.14.x for my desktop. I also installed latest NVidia driver and it is working out of the box with 4.14.x.

I started to configure my Slackware so that it can be used just like my previous desktop configuration and so far it is working great. I didn't install too many applications yet on this new system as -current is really a moving target and things changed in fast pace (the icu4c, poppler, and ical upgrade are good example how it can break many things easily). I still need to fix those things on my old desktop (it's compiling Qt5 at this time)

In the end, i still got some issues to solve:
- GRUB is using a low resolution.
  I tried to modify the values in /etc/default/grub, but still it won't work well. vbeinfo doesn't give me a recommended values that i can use. I can live with it though, since GRUB is only displayed like for 10s max before it boots to Linux.

- GRUB is not detecting Windows Boot Manager
  I can still boot to Windows by pressing F12 to boot to Windows Boot Manager directly, but i would rather see the Windows option on GRUB instead of pressing F12 during initial boot.

- Configuring for VGA Switch
  At this moment, i'm working with 2 machines but with 1 monitor. I already ordered a VGA switch to solve this issue, and it's still on delivery. Hopefully i can fix this issue by this week so i don't have to switch cables anymore.

It seems my motherboard has a bug which is reported here. This prevents me to boot properly under 4.9.x and i have to upgrade to 4.14.x in order to boot.

by Willy Sudiarto Raharjo (noreply@blogger.com) at December 08, 2017 06:43 AM

December 05, 2017

Willy Sudiarto Raharjo

Reverting Back to 4.9.66

Few days ago Patrick decided to revert back to 4.9.x and i think that's a wise decision since 4.14.x has been considered unstable for some people, mostly those who are in x86 architecture. I have been using it since 4.14.x gets included and it has been pretty stable for me with watchdog disabled, but today i got system freeze for 3 times and i was unable to work with my desktop, so on the next reboot i decided to revert back to 4.9.x and so far, it's working well again.

Honestly i was quite excited when 4.14.x entered -current earlier since it's considered LTS and having it early means that it could get more testing. It did got what it was intended for (public testing), but not the results i expected. Hopefully this issue can be solved as soon as possible.

by Willy Sudiarto Raharjo (noreply@blogger.com) at December 05, 2017 03:11 PM

November 17, 2017

Willy Sudiarto Raharjo

Kernel 4.14 and Watchdog Module

I got early bitten by Linux Kernel 4.14 on my desktop at home. As soon as i reboot, the kernel message log filling up the screen and then it stopped at a typical kernel panic message, but then it continues and then stopped again and it repets over time. I had a chance to take a screenshot using my phone and i saw a glimpse that it's related to watchdog module.

Lucky me that i saved the previous kernel version just in case something like this happened and it saved me. I simply reboot to the old kernel and create a new file /etc/sysctl.d/50-watchdog.conf with this single entry: kernel.nmi_watchdog=0. After that, i rebooted again and this time, it boots properly.

If you happened to have the same problem as i did, just try the above method and see if it works on your system.

I managed to found a patch for legacy NVidia driver 304.137 that should work on Linux Kernel 4.14 and i will push it into my SlackHacks soon.

So far, everything works with latest -current update here. Can't wait to get wet with Slackware Linux 15.0!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at November 17, 2017 10:43 AM

Slackware ditch Sendmail for Postfix

After a long two weeks without any changes, finally a new update happening in -Current tree where all the excitement comes reality and this batch is no exception. We have some plenty new interesting changes, including:
  • Kernel upgraded to latest LTS release: 4.14.x
  • Sendmail is now moved to extra, replaced by Postfix as the default MTA
  • Several utility were split into different packages and removed from util-linux
  • Latest GTK2/3 stack
  • New mozilla-nss 3.34
  • NetworkManager 1.10
  • Dovecot will be the new default IMAP daemon replacing imapd
  • libmilter is now added along with hostname package
  • Networking script will utilise ip instead of ifconfig and route
  • Mozilla Firefox 57 (Quantum) is here
  • mesa 17.2.5 + libdrm 2.4.88
This will make the next Slackware release a big change from previous release and as always, it's going to be rock solid!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at November 17, 2017 07:49 AM

November 05, 2017

Willy Sudiarto Raharjo

Desktop Lock Issue in Cinnamon

Philip van der Hoeven informed me that cinnamon-screensaver does not lock the desktop in 14.2. After confirming on a VM, it turned out to be true and it seems that i missed some packages during 3.2 -> 3.4 migration few months ago. There wasn't any mentioning in the ChangeLog that it would require python-xapp and psutil, so i didn't build those two. Unfortunately those two are needed to lock the desktop properly, so i have added those two in both 14.2 and current tree as well as in the repository (master and 14.2 branch).

Please make sure to install those two new packages to get the desktop locking enabled again. If you have psutil from SBo, you might want to upgrade it as well since the one in CSB is built against Python 2 and 3 while the one in SBo is built against Python 2 by default (You need to add PYTHON3=yes before running the script to build Python 3 bindings).

by Willy Sudiarto Raharjo (noreply@blogger.com) at November 05, 2017 05:18 PM

October 25, 2017

Willy Sudiarto Raharjo

Early Cinnamon 3.6 Packages for Slackware-Current

It's been a while since i posted news about Cinnamon development and this is the perfect time to share the news that Cinnamon 3.6 is now tagged in the GitHub repository since yesterday and all of the Cinnamon components are tagged as well. There are no official announcement yet, since the developers are still fine-tuning the released tarball for unpredicted surprise (i got one yesterday) that will lead to minor releases in the next few days/weeks.

In the meantime, you can already enjoy Cinnamon 3.6 by downloading binary packages which i built this morning and it has been uploaded the usual repository (only for x86_64) generously provided by Darren Tadgy. It's all built against the latest Slackware-Current update, so please make sure that you are running -current before installing/upgrading to the latest Cinnamon.

All the changes has been pushed to the master branch as well in GitHub so you can also compile it on your own if you prefer to do so. As always, let me know if you found some build issue regarding to Cinnamon SlackBuilds or if you have any feedback while using this work.

by Willy Sudiarto Raharjo (noreply@blogger.com) at October 25, 2017 02:12 AM

October 16, 2017

Latif Anshori Kurniawan

XFCE, Slackware

2 min read

Menyenangkan sekali mendapati Igor Ljubuncic (narablog di balik Dedoimedo, salah satu blog populer yang jamak mengulas distribusi Linux dan open-source) mewawancarai Sean Michael Davis.…

by Latif Anshori Kurniawan at October 16, 2017 06:00 AM

October 14, 2017

Yudha

Virtual Environtment

Perkembangan perangkat bahasa pemrograman semakin cepat dan bervariasi. Namun pengembang banyak yang masih bertahan di versi ‘jadul’, terutama untuk perangkat di mesin-mesin produksi, dan tampak enggan beranjak karena menjaga stabilitas layanan.

Di sisi lain pengembang bahasa pemrograman terus memperbaiki fitur dan kutu yang tentunya membuat semakin baik lagi. Coba saja ikuti versi setiap bahasa pemrograman.

Apa yang bisa kita lakukan?

Sebagai bagian dari pengembangan, tentunya ada sisi lain yang perlu dilakukan selain menulis baris kode, yaitu riset. Percobaan-percobaan yang perlu dilakukan untuk melihat berbagai kemungkinan penerapan di luar platform yang digunakan maupun penerapan pada platform yang lebih baru.

Mengetahui platform lain perlu sebagai perbandingan atau benchmark akan kondisi teknologi yang digunakan saat ini. Karena pada hakekatnya perkembangan teknologi itu berjalan beriringan namun penerapan bergantung dari fokus pengembang platform. Pengguna tentunya sangat diuntungkan dengan adanya banyak pengembangan yang arahnya sama.

Platform yang lebih baru tentunya memiliki fitur yang lebih, baik dari segi kualitas kode maupun keamanan. Kondisi ini mewajibkan tim riset untuk mencoba mengubah kode seiring dengan naiknya versi platform yang digunakan. Tak melakukannya akan membuat beberapa masalah dikemudian hari. Mau mencoba?

Lingkungan Virtual

Lingkungan Virtual atau Virtual Environtment merupakan sebuah media, sarana percobaan, memasuki lingkungan pengembangan yang baru. Beberapa platform, bahasa pemrograman, sudah memiliki sarana ini. Hal ini memudahkan periset untuk menjalankan tugasnya.

Beberapa bahasa pemrograman yang memiliki sarana ini akan coba dibahas.

Perlbrew untuk Perl

Untuk platform Perl,  silakan coba Perlbrew. Ada 2 cara dalam melakukan pemasangan, dengan CPAN atau manual, namun rekomendasi tentunya menggunakan cara aman, yaitu CPAN.

Melakukan instalasi dengan CPAN sangat mudah cukup jalankan “cpan App::perlbrew” untuk memasang, dan jalankan “perlbrew init” untuk mulai menggunakannya.

Pyenv untuk Python

Jika anda pengguna Python, silakan pasang Pyenv. Untuk pemasangannya silakan clone proyek ke .pyenv di home dengan perintah “git clone https://github.com/pyenv/pyenv.git ~/.pyenv“.

Setelah semua selesai silakan ubah variabel PYENV_ROOT ke folder tadi ($HOME/.pyenv). Dan tambahkan $HOME/.pyenv/bin ke dalam $PATH. Dan terakhir, jalankan “pyenv init -“. Untuk otomasi silakan edit berkas .bashrc atau .bash_profile Anda.

 Sebenarnya pyenv ini merupakan hasil fork rbenv yang akan dijelaskan kemudian.

Rbenv untuk Ruby

Terakhir kita akan membahas platform Ruby dengan rbenv. Pada dasarnya pemasangan sama dengan pyenv mengingat ini adalah proyek induk. Namun dalam hal pemasangan versi tambahan, membutuhkan pengaya lagi, yaitu ruby-build, dimana  pyenv yang sudah memasukkannya secara built-in. Untuk pemasangan ikuti saja perintahnya di sini, yang pada dasarnya sama dengan pyenv.

Pemasangan paket tambahan dengan memasukkan ruby-build dengan menjalankan perintah berikut:

> mkdir -p “$(rbenv root)”/plugins
> git clone https://github.com/rbenv/ruby-build.git “$(rbenv root)”/plugins/ruby-build

Dan nikmati kemudahannya.

Pilihan

Platform itu adalah pilihan. Layaknya seorang laki-laki yang memilih istri untuk menjadi ibu bagi anak-anaknya. Jadi, silakan pilih dengan seksama dengan siapa Anda akan menikah. Eh, kog jadi ngelantur. 😀

Tapi memang itulah yang sebenarnya, Anda perlu tahu banyak sebagai pertimbangan dalam menentukan platform yang akan Anda gunakan. Bukan untuk menyindir yang suka “gonta-ganti” platform, tapi sebaiknya platform yang digunakan dapat diadopsi dalam waktu hampir tak terbatas untuk menjaga tersedianya layanan. Sekali lagi itu adalah pilihan.

Dan kenapa saya tidak menulis panjang lebar mengenai bagaimana penggunaannya? Hai, pembaca. Apakah Anda yang membaca ini ingin melakukan riset atau hanya membaca? Poin penting periset adalah membaca dan mencoba menerapkan, bila satu poin gagal ya…

Jangan malas membaca, ya. Dokumentasi lengkap kog.

Dan sekali lagi. Ini adalah pilihan. Buru-burulah memilih, sebelum diambil orang. #eh

by yht at October 14, 2017 06:23 PM

October 06, 2017

Willy Sudiarto Raharjo

Perl 5.26.x Included in -Current

Next Slackware release will jump from perl 5.22 to 5.26, which is a big improvements. You can see the changes in perl 5.24 delta and perl 5.26 delta. One of the big changes is considered a security improvements, but as always, security changes means there wil be some changes need (ie. it breaks things). It's the removal of "." in @INC. It was a very convenience feature, but also it posses some security risk if not used properly, so upstream decided to remove it by default, BUT they provided solutions for those affected.

As we are preparing for the next development cycle while monitoring the changes in -current, Matteo Bernardini had made a note on his blog about these changes. If you are running -current and some of your scripts broke after the latest update, you can try his solutions to rebuild all Perl scripts with the solution.

Besides Perl update, we also have other updates, such as kernels, vte, curl, libinput, xorg-server, p11-kit, vim/gvim, gtk3, openjpeg, imagemagick, librsvg, libmtp, ntp, cmake, python3, cups-filters, and ghostscript.

Since Perl update is also on my wishlist, it's now down to 3 left, KDE 5, PHP 7.1, and OpenSSL 1.1. Hopefully they are approved for this cycle.

by Willy Sudiarto Raharjo (noreply@blogger.com) at October 06, 2017 04:13 PM

September 30, 2017

Willy Sudiarto Raharjo

Welcome TexLive

TeTeX had a long run with Slackware, but it's time to say good bye as the package is severly outdated. I once got a request to edit a LaTeX document from one of my colleague and i can't build the document just because TeTeX and it suddenly worked when i switched to texlive (plus texlive-extra) from SBo. Since texlive is now part of Slackware, i just need to add texlive-extra from SBo for my need :)

I wonder if texlive-extra can be added as well. That will be a great advantage for those using latex as it adds more functionality to the base texlive package, but it comes with a huge size: 263 MB. More over, since Pat has to provide the sources and the SlackBuild itself, it would consume more space on the DVD when it's released. I'm not really sure whether a single DVD can hold up  all those sources if texlive-extra is added.

The other changes are only libpng and cups-filter upgrade.

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 30, 2017 12:06 AM

September 26, 2017

Willy Sudiarto Raharjo

Cinnamon and MATE Packages Rebuilt

As promised, i have pushed the latest build of Cinnamon and MATE binaries targeting for Slackware Current users to http://slackware.uk/. It's built against the latest Slackware Current snapshot (per Tue Sep 26 02:37:01 UTC 2017). Here's some notes on both projects:

Cinnamon
  • All python packages support both python 2/3 bindings in the same package
  • New package: graphviz (new dependency for vala)
  • lxml upgraded to 4.0.0 (requires python3)
  • colord upgraded to 1.4.1 (requires meson)
  • json-glib upgraded to 1.4.2 (requires meson)
  • libgtop upgraded to 2.38.0
  • metacity upgraded to 3.25.2 
  • krb5 upgraded to 1.15.2
  • vala upgraded to 0.38.1 (requires graphviz)
  • python3 removed (included in Slackware)
  • pygobject3-python3 removed (included in pygobject3 in Slackware)
  • py3cairo removed (included in pycairo in Slackware)
  • dbus-python3 removed (included in dbus-python in Slackware)
MATE
  • A mix of 1.18 and 1.19 since not all 1.19 tarballs have been released
  • New package: graphviz (new dependency for vala)
  • gtksourceview3 upgraded to 3.24.4
  • libgtop upgraded to 2.38.0
  • libpeas upgraded to 1.22.0
  • libgxps upgraded to 0.3.0 (requires meson)
  • vala upgraded to 0.38.1 (requires graphviz)
  • docutils removed (included as python-docutils in Slackware)
As always, if you found any issues, please report it on GitHub (CSB and MSB)

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 26, 2017 09:31 PM

MATE and Cinnamon Rebuilt Plan

Since there has been some big changes in -current in the last few batches, i think it's time to test the latest snapshot against MATE and Cinnamon which intended for next Slackware releases. The addition of Python3, meson, and ninja really helped since some of the deps of both projects now requires them as mandatory requirements.

My request of libxslt also got approved and it was needed to build lxml 4.0 properly so at this moment, i'm building latest Cinnamon 3.4 packages against latest Slackware Current. Clem and other developers are still preparing for future Cinnamon 3.6 which is planned to be released by the end of this year (November/December). I hope to release the updated packages in the next few hours if everything goes smooth. Since python 3 got included, i updated some of the python packages to build python 2/3 bindings in the same package instead of splitting them into two packages.

As for MATE, i will merge 1.19-dev branch into master and this will build the latest snapshot of mixed MATE 1.18 and 1.19. Some dependencies have been bumped to the latest version as well since the libraries included in Slackware Current is sufficient to build the latest version. Some of them also migrates to meson, so it's a perfect timing to test them. MATE 1.20 is planned to be released in early 2018, so it will be targeting for next Slackware release. The minimum GTK+3 is probably raised to 3.20/3.22, so Slackware 14.2 will no longer qualified.

Just FYI, the next update of Slackware Live ISO of MATE variants will be based on a mix of MATE 1.18/1.19 built from master branch. Stay tune!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 26, 2017 12:16 PM

Meson and Ninja Approved

This morning, Patrick has pushed three new packages for Slackware-Current, in which one of them is also part of my wishlist, meson build. This will allow future mesa and xorg to be build since they have moved on to meson build and soon they will abandon autoconf-based build. I believe many others will follow their move as meson proved to be faster than other builder. Ninja also goes in as well since it's a dependency for meson.

Another big think is the inclusion of qpdf 7.0.0, binutils 2.29.1, and poppler 0.59.0. This brings some changes in the shared library, so other packages that linked into this library will have to be rebuilt (including atril in my MSB).

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 26, 2017 03:03 AM

September 24, 2017

Willy Sudiarto Raharjo

Python3 Now Included in Current

Slackware has finally shipped Python3 by default in the next release after Patrick has approved the queue from Heinz along with other Python3 packages and also some rebuilt packages. You will notice that Patrick decided to unify Python 2/3 binding support into a single package instead of splitting it into python-XXX and python3-XXX. This will reduce the number of packages to support both version and it's going to be a lot easier to kill Python 2 in the future. It's also possible that SBo will follow the same directions from Slackware in  the next cycle.

Since python3 has been included, providing ninja/meson is getting easier as the main dependency has been met. Python3 is also one of the requirement for newer version of vulkan-sdk, so this batch also came with the latest version of vulkan-sdk. If you are using mailman, you can start using mailman 3 which also requires Python 3. It has tons of new features compared to 2.x.

Another big thing is boost 1.65 which is the latest boost library found upstream. Please note that this version *might* breaks some other applications so you might have to find a patch to fix those issues.

One more wishlist granted. Waiting for more :)

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 24, 2017 09:36 AM

September 16, 2017

Willy Sudiarto Raharjo

New Kernel Update

Patrick has just issued a new security advisory for kernel updates in stable (14.1 and 14.2) and current tree to fix BlueBorne attack which attack the bluetooth stack in the kernel space. The BlueZ package in the user space is also updated to the latest version as well. Please take some time to review this advisory and upgrade as soon as possible.

In -current tree, we got a new package promoted to core package: xorriso. From the description, GNU xorriso is a command line and dialog application, which creates, loads, manipulates, and writes ISO-9660 file system images with Rock Ridge extensions. This package has been used by AlienBOB to produce his Slackware Live ISO images and now it has been included in the core package. The latest ffmpeg, gvfs, and texinfo got included as well.

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 16, 2017 01:45 AM

September 11, 2017

Willy Sudiarto Raharjo

Next MATE Release

MATE 1.18 has been released in March 2017 and upstream developers are still providing patches to the latest release to fix some issues found after the release. While doing so, they also started the work toward next MATE release 1.20 (or whatever the new version will be).

They have released several 1.19 tarballs as a snapshot release for testing and so far, most of their works are removing deprecated functions found in older GTK+3 releases. Their plan was to upgrade the minimum requirement of GTK+3 for next MATE release. It's quite tiring to support 5 different GTK+3 versions (3.14, 3.16, 3.18, 3.20, and 3.22) since every major GTK+3 brings regressions toward themes. They are planning to support only 3.20 or 3.22 as modern distributions are moving forward as well. Slackware-current already uses 3.22, so there won't be any problem at all.

This brings some consequences for Slackware users as Slackware do not update GTK+3 in stable releases, meaning that MATE 1.18 will be the last version of MATE that can be installed for 14.2 (if they do bump the requirement)

I have been working on MATE 1.19 for some time and i prepared a different branch (1.19-dev) for it, while waiting to be merged in master branch someday (when all tarballs have been released). The only big difference is the new package added, which is graphviz as a new requirement for new vala 0.38.0.

Please note that once all MATE 1.19 tarballs have been generated, 1.19-dev branch will be merged into master and it will be supported for -current users only. Stable users should keep following 14.2-mate-1.18 branch for future updates.

by Willy Sudiarto Raharjo (noreply@blogger.com) at September 11, 2017 02:27 AM

August 30, 2017

Willy Sudiarto Raharjo

Another Wishlist Approved

This morning i saw an update on the -current ChangeLog and i was happy since mariaDB is now bumped to 10.2.x, which now has JSON support among other new features. It's also has long term support until May 2022. For full documentation about changes and improvements on MariaDB 10.2.x, please refer to the official documentation, especially the incompatible changes section. Big thanks to Heinz (pprkut), one of my wishlist is now approved.

This latest update also brings some updates to the packages:
  • Mesa: Upgraded to 17.1.8
  • libgcrypt: Upgraded to 1.8.1
  • libpng: Upgraded to 1.6.32
  • jemalloc: Upgraded to 5.0.1
  • glade3: Upgraded to 3.8.6
  • nano: Upgraded to 2.8.7
  • cups-filters: Upgraded to 1.17.2
  • logrotate: Upgraded to 3.12.3


by Willy Sudiarto Raharjo (noreply@blogger.com) at August 30, 2017 08:57 AM

August 26, 2017

Willy Sudiarto Raharjo

Rust is now included in -current

Thanks to the hard work of Andrew Clemons for providing rust SlackBuild, rust is now included in Slackware-Current along with cargo and for that reason, firefox is now following the latest release from Mozilla which is at 55.x instead of staying with 52.xESR release.

Slackware-Current also bumped several other packages, including:
  • kdelibs: Upgraded to 4.14.35
  • gnutls: Upgraded to 3.6.0
  • sudo: Upgraded to 1.8.21
  • cups-filters: Upgraded to 1.7.0
  • kernels: Upgraded to 4.9.45
  • gtk+3: Upgraded to 3.22.19
  • harfbuzz: Upgraded to 1.5.0
  • whois: Upgraded to 5.2.18
  • libdrm: Upgraded to 2.4.83
  • mesa: Upgraded to 17.1.7
  • dialog: Upgraded to 1.3_20170509
  • libedit: Upgraded to 20170329
One of my wishlist is now added into -current. Waiting for next entries gets removed :)

by Willy Sudiarto Raharjo (noreply@blogger.com) at August 26, 2017 01:29 AM

August 14, 2017

Yudha

Bekraf, Sebuah Catatan

Tiga hari, Jum’at s.d Minggu, saya berada di lingkungan JIExpo, Kemayoran. 2 (dua) hari pertama, saya menjadi SPB BlankOn, dan hari terakhir saya mencoba mengenalkan produk-produk industri kreatif kepada anak-anak saya dengan mengantar mereka.

Catatan ini tidak akan memuat tentang Bekraf atau BlankOn, karena pastilah lembaga sebesar Bekraf dan Tim Pengembang BlankOn memiliki bagian kehumasan yang akan mengemas rilis berita yang lebih menarik. Tulisan ini lebih kepada catatan saya sendiri mengenai banyak hal yang sudah saya rencanakan namun belum bisa terlaksana sampai saat ini.

Jadi, ini tulisan apa? Hanya sebuah catatan.

Media Promosi

Dari beberapa obrolan singkat dengan teman-teman, pendukung dan promotor, mengikuti ajang seperti Bekraf merupakan sebuah kewajiban sebagai media promosi. Dari mana produk dapat dikenal masyarakat bila tidak dengan cara mengikuti pameran?

Media Komunikasi

Berkumpul dengan teman-teman yang biasanya hanya bisa bersua daring, dengan para pelaku bisnis yang memanfaatkan produk, dengan promotor acara yang mendukung BlankOn, tidak ada yang lebih indah daripada bertemu muka, bukan?

Riset Pasar

Poin pertama yang saya sebutkan merupakan hal utama bila kita mengenalkan produk. Namun dibalik itu kita dapat mengumpulkan ide-ide baru dari berbagai pertanyaan yang timbul dan kesan pengunjung.

Pembenahan Diri dan Pengambilan Sikap/Keputusan

Hal yang paling bisa saya ambil adalah harus bisa membenahi diri. Banyak hal yang bisa dipelajari dari saat berkomunikasi, baik pengenalan produk maupun dalam tim.

Selain itu, saya juga mulai berani mengambil sikap. Di kesempatan inilah pertama kalinya saya berani mengambil cuti untuk kegiatan komunitas.

Terima kasih kepada teman-teman, para pendukung dan promotor yang memberi kesempatan saya untuk belajar.

by yht at August 14, 2017 11:57 AM

August 12, 2017

Willy Sudiarto Raharjo

glibc issue fixed

If you are following -current ChangeLog, you will notice that glibc issue is now fixed after several packages gets patched and rebuilt with needed patches. They are gcc, httpd, and libxslt. Some third party packages from SBo might need to be rebuilt as well to remove the xlocale.h reference.

Besides glibc fixes, there are also other changes such as:
  • kernel 4.9.41
  • mesa 17.1.6
  • gparted 0.29.0
  • libdrm 2.48.2
  • glew 2.1.0
  • curl 7.55.0
  • poppler 0.57.0
  • harfbuzz 1.4.8
  • gtk+3 3.22.18
  • pango 1.40.9
  • gdk-pixbuf2 2.36.8
  • mg123 1.25.6
  • cups-filter 1.16.1
  • mariadb 10.0.32
  • cmake 3.9.1
  • git 2.14.1
  • mercurial 4.3.1
  • subversion 1.9.7
  • libsoup 2.58.2
  • samba 4.6.7
  • tcl/tk 8.6.7
More requests can be seen in LQ thread

by Willy Sudiarto Raharjo (noreply@blogger.com) at August 12, 2017 03:17 AM

August 06, 2017

Willy Sudiarto Raharjo

New glibc

I was surprised when i saw the latest ChangeLog for -current tree. It added the new shinny glibc 2.26 into the core packages, replacing the old glibc 2.25 which was just added in May. The new glibc 2.26 was released on August 2, and it was added 3 days later on August 5. I don't think  there are many other distributions who have used glibc 2.26 in their repo (even BLFS is still using 2.25git). Patrick also added new sqlite, nmap, bind, imagemagick, and dhcp along with the new glibc.

Unfortunately, there has been a report of a breakage of this new glibc and it was the case when you install a new Slackware from current ISO. If you perform an upgrade from previous glibc, you will NOT be affected by this issue. The ChangeLog does mention some deprecated and removed features, and other changes affecting compatibility:
* The synchronization that pthread_spin_unlock performs has been changed to
now be equivalent to a C11 atomic store with release memory order to the
spin lock's memory location. Previously, several (but not all)
architectures used stronger synchronization (e.g., containing what is
often called a full barrier). This change can improve performance, but
may affect odd fringe uses of spin locks that depend on the previous
behavior (e.g., using spin locks as atomic variables to try to implement
Dekker's mutual exclusion algorithm).

* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
removed.

* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
will only be built and installed when the GNU C Library is configured with
--enable-obsolete-rpc. This allows alternative RPC implementations, such
as TIRPC or rpcsvc-proto, to be used.

* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
libnss_compat, are deprecated, and will not be built or installed by
default.

The NIS(+) support library, libnsl, is also deprecated. By default, a
compatibility shared library will be built and installed, but not headers
or development libraries. Only a few NIS-related programs require this
library. (In particular, the GNU C Library has never required programs
that use 'gethostbyname' to be linked with libnsl.)

Replacement implementations based on TIRPC, which additionally support
IPv6, are available from <https://github.com/thkukuk/>. The configure
option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
name service modules, to be built and installed.

* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
support is enabled, the configured recursive resolver must support EDNS.
(Responding to EDNS-enabled queries with responses which are not
EDNS-enabled is fine, but FORMERR responses are not.)

* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
servers have not supported this opcode for a long time.

* The _res_opcodes variable has been removed from libresolv. It had been
exported by accident.

* no longer includes inline versions of any string functions,
as this kind of optimization is better done by the compiler. The macros
__USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.

* The nonstandard header has been removed. Most programs should
use instead. If you have a specific need for the definition of
locale_t with no other declarations, please contact
libc-alpha@sourceware.org and explain.

* The obsolete header has been removed.

* The obsolete signal constant SIGUNUSED is no longer defined by .

* The obsolete function cfree has been removed. Applications should use
free instead.

* The stack_t type no longer has the name struct sigaltstack. This changes
the C++ name mangling for interfaces involving this type.

* The ucontext_t type no longer has the name struct ucontext. This changes
the C++ name mangling for interfaces involving this type.

* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
longer has the name struct mcontext. On SPARC GNU/Linux, the struct
mc_fq, struct rwindow, struct fpq and struct fq types are no longer
defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
fpregset_t type no longer has the name struct fpu. This changes the C++
name mangling for interfaces involving those types.

* On S/390 GNU/Linux, the constants defined by have been
synced with the kernel:

- PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
are not supported on this architecture and have been removed.

- PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.

Programs that assume the GET/SETREGS ptrace requests are universally
available will now fail to build, instead of malfunctioning at runtime.
GCC is also known to be broken with glibc 2.26. You can read the issue here. While there are patches already on git master, probably best to wait for GCC 7.2.0 which will be released next week. It should have the fixes included.

As glibc is a core library used by many other applications/libraries, there could be more hidden bugs and it's time for another bug hunting. Go build and test!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at August 06, 2017 12:49 AM

July 31, 2017

Willy Sudiarto Raharjo

End of July Status + My Wishlist

I'm swamped with my daily work, so i didn't have time to write any blog post for the last three weeks, but i'm following Slackware's changelog daily. It's been an impressive changes for the past three weeks and here's some of the highlight:
  • vda support in liloconfig, useful for VMs used in QEMU
  • better handling for template strings in mkinitrd
  • many new default configurations in /etc/default
  • support for btrfs and ocfs2 have been added in the busybox/mkinitrd
  • hdri support is now added in ImageMagick
  • removal of idnkit (everything is now linked to libidn2)
  • libwebp is now included in the distribution
  • grayscale support in gdk-pixbuf2 has been restored
  • busybox update to 1.27.1
  • running latest LTS kernel: 4.9.40
Here's my wishlist for next Slackware:

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 31, 2017 03:12 PM

July 25, 2017

Widya Walesa

Revisi - Dual Slackware Current Dalam Satu Partisi

Revisi - Dual Slackware Current Dalam Satu Partisi

Submitted by w41lf0x on Tue, 07/25/2017 - 20:43

Sebelumnya saya menulis mengenai prosedur instalasi dual Slackware Current (x86, x86_64) dalam satu partisi menggunakan filesystem btrfs. Dalam prosedur tersebut saya memanfaatkan fitur subvolume dari btrfs sebagai lokasi DEVROOT untuk setiap OS yang saya pasang. Permasalahannya adalah skrip init mkinitrd Slackware belum mendukung subvolume meskipun telah mendukung filesystem btrfs.

by w41lf0x at July 25, 2017 01:43 PM

July 19, 2017

Widya Walesa

Dual Slackware Current Dalam Satu Partisi

Dual Slackware Current Dalam Satu Partisi

slackwareKali ini saya akan menulis secara singkat panduan untuk memasang dua OS slackware current berbeda arsitektur (32 dan 64 bit) ke dalam satu partisi menggunakan filesystem btrfs. Harap diingat bahwa kehati-hatian amat sangat diperlukan karena teknik ini memang tidak mudah dan bukan sebuah kondisi umum atau normal. Jadi jangan pernah mengharapkan teknik ini semudah anda memasang ubuntu atau fedora di mesin anda. Jika anda memang mengharapkan kemudahan, silakan stop di sini, tutup jendela atau tab berisi halaman ini, dan buka ubuntu.com atau getfedora.org.

w41lf0x Thu, 07/20/2017 - 06:55

by w41lf0x at July 19, 2017 11:55 PM

July 17, 2017

Willy Sudiarto Raharjo

Happy 24th Anniversary

Today marks the 24th anniversary of Slackware since it was released on 1993.Currently, Slackware is the oldest Linux distribution still actively maintained single-handed by Patrick Volkerding himself with lots of help by the Slackware Core Team and also contributors all around the world who suggested a lot of ideas and patches, mostly in LQ.

Twenty four years of constant maintaining a Linux distribution is not an easy thing, especially when the user base is growing with lots of new ideas and requests. Patrick keep firms on his philosophy while maintaining Slackware throughout all these years. That's why you will feel familiar when you install a new version of Slackware since the installation method and how the system is configured doesn't really change on every releases. I remembered my first Slackware Linux installation was in 2002 and at that time, i was just testing several few Linux distributions out of my curiosity. I started to use Slackware Linux as my main operating system in 2005 and since then i never moved on to another distributions.

Many people doubt that Slackware has future when systemd is adopted by many upstream project and distributions, but Slackware Linux stands still and keep using the old init system which works out-of-the-box. Patrick doesn't just just follow others in introducing new packages into the core packages, but he evaluates the maintainability and stability of each packages in the repository. This way, he can keep Slackware supported for a long time. While other Linux distributions provide LTS support, Slackware doesn't have LTS label. Instead, Patrick keep supporting older Slackware releases as long as possible with his strict policy of updating only due to security vulnerabilities or special circumstances exception. Slackware 13.0 which was released in 2009 is still supported up to now and still there's no sign of EOL yet (That is around 8 years already). The last EOL was given to Slackware 8 - 12.2 in December 2013 and it reached 11 years of support for Slackware 8. That's almost twice than LTS support by other distributions.

I'm happy to use Slackware Linux and big thanks to Patrick Volkerding for creating this great product. I appreciated the warm community surrounding Slackware where we work to improve Slackware Linux in many ways by creating projects that complements Slackware Linux. I'm looking forward for more contributions to Slackware Linux from the communities.

Happy Anniversary Slackware Linux!!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 17, 2017 12:05 PM

July 09, 2017

Willy Sudiarto Raharjo

SBo Stats

For those who are interested in SBo statistics, i have generated and published git statistics for SBo project since the infrastructure moved to GIT in 2010 which can be accessed here: https://willysr.github.io/slackbuilds-stats/. It was generated using gitstats with default configuration and no changes through the theme (customizable via CSS).

I was surprised that we had 999 authors for this project (some are duplicates due to inconsistencies when writing the maintainer's name in .info). While some of them are now inactive, i'm still grateful that SBo attracts so many users out there to contribute to this project.We will try to address those inconsistencies so we can have closer estimate to the real authors.

We now have more than 6500 scripts in our repository which counts for 33,149 files with 1,456,319 lines of numbers. It's awesome to look into the progress of this project.

Thank you for all the contributions so far from all authors/maintainers. We are looking forward to see more contributions from all of you and keep sending us new scripts/patches to grow our repository.

PS: I may not periodically update the stats every week!!

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 09, 2017 01:07 AM

New package: libidn2

Some changes have came up since my last post and i will try to highlight them here:
  • kernel: Upgraded to 4.9.36
  • grep: Upgraded to 3.1
  • acct: Upgraded to 6.6.4
  • cups: Upgraded to 2.2.4
  • cups-filter: Upgraded to 1.14.1
  • gphoto2/libgphoto2: Upgraded to 2.5.14
  • tmux: Upgraded to 2.5
  • apr: Upgraded to 1.6.2
  • apr-utils: Upgraded to 1.6.0
  • libpng: Upgraded to 1.6.30
  • sound-theme-freedesktop: Upgraded to 0.8
  • mesa: Upgraded to 17.1.4
  • xscreensaver: Upgraded to 5.37
  • cgmanager: Upgraded to 0.41
  • ghostscript: Upgraded to 9.21
  • mercurial: Upgraded to 4.2.2
  • fftw: Upgraded to 3.3.6_pl2
  • gcr: Upgraded to 3.20.0
  • gnome-keyring: Upgraded to 3.20.1
  • libunistring: Upgraded to 0.9.7
  • pcre: Upgraded to 8.41
  • NetworkManager: Upgraded to 1.8.2
  • ca-certificates: Upgraded to 20161130
  • curl: Upgraded to 7.54.1
  • dhcp: Upgraded to 4.3.5
  • dnsmasq: Upgraded to 2.77
  • gnutls: Upgraded to 3.5.14
  • lftp: Upgraded to 4.7.7
  • php: Upgraded to 5.6.31 (security fix)
  • whois: Upgraded to 5.2.16
  • fontconfig: Upgraded to 2.12.4
  • libinput: Upgraded 1.8.0
We also have a new package: libidn2 which requires some packages to be rebuilt. Make sure that you install the new package so that other applications will find the library on the next start.

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 09, 2017 12:28 AM

July 01, 2017

Willy Sudiarto Raharjo

Security Update: kernel and glibc

Patrick has just issued another security advisory related to kernel. This time, it could lead to possible stack exhaustion, memory corruption, and arbitrary code execution. Both -current and -stable (14.2) are updated with the latest LTS kernel 4.9.35 and 4.4.75.

The other advisory released today was about glibc, which is now rebuilt with upstream patches to improve security. This update was also applied back to 14.2.

You should deploy the updates as soon as possible and reboot the machine in order to get the fixes along with other updates included in the latest kernel release.

by Willy Sudiarto Raharjo (noreply@blogger.com) at July 01, 2017 03:14 PM

June 30, 2017

Willy Sudiarto Raharjo

Security Updates: bind, httpd, libgcrypt

Patrick has issued several Slackware advisories today related to several packages:
  • bind: Upgraded to 9.9.10_P2, 9.10.5_P2, and 9.11.1_P2 (13.0 through - current)
  • httpd: Upgraded to 2.2.32 and 2.4.26 (13.0 through - current)
  • libgcrypt: Upgraded to 1.7.8 (14.2 and -current)
  • kernel: Upgraded to 3.10.107 (only for 14.1)
In -current, several packages gets bumped as well:
  • mkinitrd: Added support to include microcode and bumped to 1.4.10
  • nano: Upgraded to 2.8.5
  • screen: Upgraded to 4.6.0
  • llvm: Upgraded to 4.0.1
  • pcre: Upgraded to 8.40
  • readline: Upgraded to 7.0.003
  • xfdesktop: Upgraded to 4.12.4
It seems that several project are transititioning to Python 3 and some package in Slackware does require Python 3 in order to get bumped to new version. We will see if Python 3 finally gets approved to be included in the core packages and what other new package is included along with Python 3 inclusion.

by Willy Sudiarto Raharjo (noreply@blogger.com) at June 30, 2017 04:38 AM

June 27, 2017

Willy Sudiarto Raharjo

Stack Clash Fixes

You may have heard about Stack Clash vulnerabilities that was published by Qualys last week. It was an old bug, but affected many systems running Linux both x86 and x86_64. As they coordinated the fixes with upstream vendors, the fixes has been released for public. Today's update is all about kernel update both in -stable (14.2 only) and -current. They are now upgraded to 4.4.74 and 4.9.34 which contains the fixes for Stack Clash. You are advised to upgrade your kernel as soon as possible. The other update that were both in -stable and -current are mozilla-thunderbird which is now updated to 52.2.1.

For those running -current, there are more updates in this batch:
  • lrzip: Upgraded to 0.631
  • lvm2: Upgraded to 2.02.171
  • time: Upgraded to 1.7.2
  • mpg123: Upgraded to 1.25.0
  • glib2: Upgraded to 2.52.3
  • glibmm: Upgraded to 2.52.0
  • gtkmm3: Upgraded to 3.22.1
  • plus more in the past updates
Users running Skylake/Kabylake processors should also read this thread on LQ about a bug in the Hyper-Threading feature and apply the fix as soon as possible.

by Willy Sudiarto Raharjo (noreply@blogger.com) at June 27, 2017 12:57 AM

June 16, 2017

Willy Sudiarto Raharjo

Mid June Updates

More than 2 weeks since i gave an update to -current development and things are going more interesting in -current branch. It stays up-to-date with latest changes upstream while keeping the stability standards high. Here's some highlight in the last two weeks:
  • Kernel: Upgraded to 4.9.31
  • Firefox: Upgraded to 52.2.0ESR release
  • Thunderbird: Upgraded to 52.2.0 release and switched to GTK+3
  • NetworkManager: Upgraded to 1.8.0
  • sqlite: Upgraded to 3.19.3
  • bind: Upgraded to 9.11.1_P1
  • gnupg2: Upgraded to 2.1.21
  • gpgme: Upgraded to 1.9.0 (drop libgpgme-pthread support)
  • pth -> npth replacement
  • dirmngr removal (included in latest gnupg2)
  • samba: Upgraded to 4.6.5
  • glew: Upgraded to 2.0.0
  • irssi: Upgraded to 1.0.3
  • libdrm: Upgraded to 2.4.81
  • mesa: Upgraded to 17.1.2
  • gdb: Upgraded to 8.0
  • sane: Upgraded to 1.0.27
  • alsa-lib: Upgraded to 1.1.4.1
  • cmake: Upgraded to 3.8.2
  • mutt: Upgraded to 1.8.3
Due to the changes in the gnupg2 package, some startup scripts might need a little tweak. It dropped some options, so you might need to look up your scripts. Also i found an annoying message about smart card detection every time you sign a file using gpg2. I have notified Patrick about this and send him upstream patch to supress those messages. Let's just wait for the decision.

by Willy Sudiarto Raharjo (noreply@blogger.com) at June 16, 2017 03:25 PM

June 07, 2017

Willy Sudiarto Raharjo

Migrating to x86_64

This evening, i decided to remove my Slackware-Current installation on my old Asus laptop which is still at 32 bit architecture and replace it with Slackware 14.2 64 bit architecture. The reason is simple: more and more upstream projects are supporting only for x86_64. Google, Facebook, Apple, and many big companies invest heavily on x86_64 architecture which has better future. It supports more memory without the use of PAE and better overall performance. Another reason is because i want to play more with Docker, which is (again) only available for x86_64 platform. Docker is now considered mature and ready to be deployed into production environments, so it's time to learn more about it.

I decided to stay with Slackware64 14.2 instead of going with -current for this laptop. I simply use the dual-side DVD of Slackware64-14.2 i got from Slackware Store and install it directly on the laptop. I formatted the old drive and in just under 15 minutes, the full installation is completed.

Next thing was to grab latest patches from -stable repository and i noticed that the wireless LAN was detected, but it wasn't working, so i grab a LAN cable for the initial setup. Later on, i found out that latest firmware from Intel for my WLAN device included in the kernel-firmware package (iwlwifi-1000-5.ucode) is not working as i got lots of error messages in dmesg. I used to wrote about this on this blog back in 2009 and it was working with previous version of iwlwifi driver (iwlwifi-1000-3.ucode), so i tried to remove the iwlwifi-1000-5.ucode and rebooted and i can connect to my WiFI at home. Lucky for me i always wrote all the steps i have done on my blog so it can be used as self-reminder.

Next, i download latest patches, installing sbopkg and building third party applications, and copying back my data from the other computer. It took some time but it finally ended after dinner and before my kids went to bed. I was able to build docker on this laptop but i haven't tried to play with it much further. I did play a bit on my new laptop while i was in the office today. I bought an online course from Udemy for $10 about Docker with Bret Fisher.

Oh, if you are having problems building Docker from SBo, most likely it was because you forget to logout and login again after installing google-go-lang. It was needed to set up the new environment (GOROOT) which is needed for other projects that depends on google-go-lang. Don't forget to use "su -" so you have full root environment instead of just regular "su".

by Willy Sudiarto Raharjo (noreply@blogger.com) at June 07, 2017 03:49 PM