cwrap 1.0.0 – testing your full software stack …

on one single machine! FOSDEM/Brussels, February 2nd, I gave a talk about cwrap. I announced and released version 1.0.0 of cwrap, a set of tools to create a fully isolated network environment to test client/server components on a single host. It provides synthetic account information, hostname resolution and privilege separation support. The heart of cwrap consists of three libraries you can preload to any executable. The libc wrapper project does not require virtualization and can be used to build environments on different operating systems. The project consists of a socket wrapper, NSS module wrapper (users, groups, hosts), and a (s)uid wrapper with support for GNU/Linux, BSD and Solaris. The origin of these wrappers is the Samba project, where the wrappers…

libssh 0.6.0 released

After another development cycle, this time of 2,5 years, the libssh Team is proud to announce version 0.6.0 of libssh. The most important functionality which has been added is a new callback-based server API. Also we added ECDSA support and a new algorithm called gro.h1527108592ssbil1527108592@652a1527108592hs-911527108592552ev1527108592ruc1527108592 for key exchange to have something better than the NIST curves. OpenSSH also uses gro.h1527108592ssbil1527108592@652a1527108592hs-911527108592552ev1527108592ruc1527108592 as the default for key exchange. For ECDSA there is a complete new API for public key management available. Also a big improvement is Kerberos support which has been tested by Red Hat engineers with FreeIPA and gssproxy. Thanks to all contributors!

Curve25519-SHA256 is the default KEX in openSSH too now!

Since some hours gro.h1527108592ssbil1527108592@652a1527108592hs-911527108592552ev1527108592ruc1527108592 is the default KEX in OpenSSH! Several weeks ago Aris added a new Elliptic Curve algorithm for key exchange using Curve25519. After he wrote some kind of a RFC and implemented it in libssh he started to suggest a patch for OpenSSH which finally has been integrated.

Curve25519 and SSH with ECDSA

For the SSH Library we try to keep up with OpenSSH features and implement the most important stuff. After what we read about the NSA and NIST it became clear that the new ECDSA support we added in libssh 0.6.0rc1 needs new curves. So Aris implemented gro.h1527108592ssbil1527108592@652a1527108592hs-911527108592552ev1527108592ruc1527108592 and wrote a draft. At the same time he implemented the first draft and you can find the code in his private wip branch, here. Currently he is working on a patch for OpenSSH. If you have comments or want to discuss patches please subscribe to our mailing list. Update: Aris sent a patch to the OpenSSH mailing list, in this post.

A new release of csync

Finally after 3 years there is a new version of csync available. csync is a file synchronizer especially designed for you, the normal user. About two years ago, Klaas started to use csync as the backend for the owncloud sync client. The last years we added a lot of features, improved our test framework and fixed several bugs. I have to thank Klaas for all the work he did on csync. Improving it, porting features back to csync master and cleaning up his working tree over and over again :) Also thanks to all the contributers for bugs and patches! We relicensed libcsync to LGPL and hope for broader use and more patches to come!

Unit testing with mock objects in C

The article Jakub Hrozek and I wrote for Linux Weekly News ( about CMocka and using mock objects is available to the public now. You can find it here: Unit testing with mock objects in C cmocka is a unit testing framework for C with support for mock objects. It is used by several Free Software projects like libssh, csync, SSSD or Elasto Cloud. If you don't have a subscription you should consider getting one ;)

Writing and reading code

You've probably heard that a developer of an established software project writes an average of 100 lines of code (loc) a day. I can say that this applies to me. So if you write 100 loc per day, how many do you read? I would estimate that the amount of time you spend on reading and understanding code is significantly more than on writing code. You probably also spend quite some time debugging code. If you spend so much more time on reading and debugging code than writing code, shouldn't you put more effort in writing clean and debuggable code? The Samba codebase is pretty old, more than 15 years now. I would say we have some experience with bad…

vim modelines in git config

I'm working on different Open Source projects and most of them have different coding style guidelines. Mostly spaces or tabs or different tabwidth. The easiest thing would be to store these information in the git config of the project. So here is a easy and secure way to have modelines in the git config. So first I set the modelines (here for the Samba project): git config --add vim.modeline "tabstop=8 shiftwidth=8 noexpandtab cindent" or for a specific language: git config --add vim.modeline-python "tabstop=4 shiftwidth=4 expandtab" Then copy this plugin into ~/.vim/plugin folder. The modeline you defined in your git config will be appended to the :setlocal command of vim. It only allows a limited set of setlocal commands to be…

cmocka – a unit testing framework for C

I'm a big fan of unit testing frameworks. When I developed csync, a bidirectional file synchronizer, I used check to write unit tests from the start. check was ok, but it were running valgrind on your testcases to find memleaks in your code the mode reports were about check. So I needed to add valgrind suppressions to get rid of them. When I started to work on libssh, a library implementing the SSH protocol, I wrote unit tests with check too. libssh is multi platform and also works on Windows and with Visual Studio. So we needed a new unit testing framework which is platform independent and has better code quality. I stumbled upon cmockery, a unit testing framework from…