Blog

The Gold Linker


After the Update to Fedora 20 I forgot to update the linker to Gold. Today I released that linking Samba is horribly slow. Time to change the linker to Gold again: Fedora: ll /etc/alternatives/ld /usr/sbin/alternatives --set ld /usr/bin/ld.gold openSUSE: ll /etc/alternatives/ld /usr/sbin/update-alternatives --set ld /usr/bin/ld.gold To still build a special project with ld.bfd use: LDFLAGS="-fuse-ld=bfd"

cwrap 1.0.0 – testing your full software stack …


on one single machine! FOSDEM/Brussels, February 2nd, I gave a talk about cwrap. I announced and released version 1.0.0 of cwrap, a set of tools to create a fully isolated network environment to test client/server components on a single host. It provides synthetic account information, hostname resolution and privilege separation support. The heart of cwrap consists of three libraries you can preload to any executable. The libc wrapper project does not require virtualization and can be used to build environments on different operating systems. The project consists of a socket wrapper, NSS module wrapper (users, groups, hosts), and a (s)uid wrapper with support for GNU/Linux, BSD and Solaris. The origin of these wrappers is the Samba project, where the wrappers…

libssh 0.6.0 released


After another development cycle, this time of 2,5 years, the libssh Team is proud to announce version 0.6.0 of libssh. The most important functionality which has been added is a new callback-based server API. Also we added ECDSA support and a new algorithm called gro.h1524317643ssbil1524317643@652a1524317643hs-911524317643552ev1524317643ruc1524317643 for key exchange to have something better than the NIST curves. OpenSSH also uses gro.h1524317643ssbil1524317643@652a1524317643hs-911524317643552ev1524317643ruc1524317643 as the default for key exchange. For ECDSA there is a complete new API for public key management available. Also a big improvement is Kerberos support which has been tested by Red Hat engineers with FreeIPA and gssproxy. Thanks to all contributors!

Powerline


I spent the day to look at tmux and vim and found a lot of great plugins. What I really like for tmux and also vim is powerline. Powerline is a status-line and prompts utility to change the look and feel of your vim or tmux status lines. It looks like this: It consists of a special font, a python tool and plugins for applications. I've created package for Fedora and submitted a review request here.

CM: chromium doesn’t build with JDK 1.7


If you build Android or CyanogenMod and you run into issues with HashSet_jni.h you need the following changes to the chromium_org project: diff --git a/base/android/jni_generator/jni_generator.py b/base/android/jni_generator/jni_generator.py index de865d5..d4a2324 100755 --- a/base/android/jni_generator/jni_generator.py +++ b/base/android/jni_generator/jni_generator.py @@ -555,18 +555,21 @@ class JNIFromJavaSource(object): contents) return JNIFromJavaSource(contents, fully_qualified_class) +def MultipleReplace(string, rep_dict): + pattern = re.compile("|".join([re.escape(k) for k in rep_dict.keys()]), re.M) + return pattern.sub(lambda x: rep_dict[x.group(0)], string) class InlHeaderFileGenerator(object): """Generates an inline header file for JNI integration.""" def __init__(self, namespace, fully_qualified_class, natives, called_by_natives): - self.namespace = namespace - self.fully_qualified_class = fully_qualified_class + self.namespace = MultipleReplace(namespace, {'':''}) + self.fully_qualified_class = MultipleReplace(fully_qualified_class, {'':''}) self.class_name = self.fully_qualified_class.split('/')[-1] self.natives = natives self.called_by_natives = called_by_natives - self.header_guard = fully_qualified_class.replace('/', '_') + '_JNI' + self.header_guard = MultipleReplace(fully_qualified_class, {'/':'_', '':''}) + '_JNI' def…

Curve25519-SHA256 is the default KEX in openSSH too now!


Since some hours gro.h1524317643ssbil1524317643@652a1524317643hs-911524317643552ev1524317643ruc1524317643 is the default KEX in OpenSSH! Several weeks ago Aris added a new Elliptic Curve algorithm for key exchange using Curve25519. After he wrote some kind of a RFC and implemented it in libssh he started to suggest a patch for OpenSSH which finally has been integrated.

Curve25519 and SSH with ECDSA


For the SSH Library we try to keep up with OpenSSH features and implement the most important stuff. After what we read about the NSA and NIST it became clear that the new ECDSA support we added in libssh 0.6.0rc1 needs new curves. So Aris implemented gro.h1524317643ssbil1524317643@652a1524317643hs-911524317643552ev1524317643ruc1524317643 and wrote a draft. At the same time he implemented the first draft and you can find the code in his private wip branch, here. Currently he is working on a patch for OpenSSH. If you have comments or want to discuss patches please subscribe to our mailing list. Update: Aris sent a patch to the OpenSSH mailing list, in this post.

A new release of csync


Finally after 3 years there is a new version of csync available. csync is a file synchronizer especially designed for you, the normal user. About two years ago, Klaas started to use csync as the backend for the owncloud sync client. The last years we added a lot of features, improved our test framework and fixed several bugs. I have to thank Klaas for all the work he did on csync. Improving it, porting features back to csync master and cleaning up his working tree over and over again :) Also thanks to all the contributers for bugs and patches! We relicensed libcsync to LGPL and hope for broader use and more patches to come!