Debian Bugs Search using UDD

September 14th, 2010 by lucas

After a few hours of hacking, I came up with Debian Bugs Search. This Ultimate Debian Database tool enables to query different kinds of Debian bugs (especially RC bugs using a multi-criteria search. It is aimed at being a replacement for the unofficial RC Bugs tracker, which has some bugs and fails to display the correct status for some bugs (Debian Bugs Search sees 450 RC bugs affecting squeeze, vs 278 for the unofficial RC bugs tracker).

While Debian Bugs Search still lacks some features that the unofficial RC bugs tracker has, it also brings some new features. The main advantage is that it makes it easy to find some classes of “interesting” bugs, for example:

RC bugs affecting squeeze and sid, tagged patch, sorted by time of last change. Why weren’t they fixed using the patch?

RC bugs affecting squeeze and sid, tagged pending, sorted by time of last change. Why weren’t they fixed by an upload if they were tagged pending a long time ago?

Bugs affecting squeeze but not sid, and marked as done. Why didn’t the fixed packages migrate to testing?

I’m open to suggestions of improvements, bug reports, or better, patches. Since it is UDD-based, it is quite easy to add more information. My own TODO list is:
- add popcon information (also enable sorting by popcon)
- add a way to display/hide additional columns (popcon, package’s versions)

Ruby packaging in Debian and Ubuntu: Mythbusting and FAQ

September 12th, 2010 by lucas

A lot is being said on how Ruby is packaged in Debian and Ubuntu. In this post, I’m trying to go through the most common myths and give my position as a Debian Ruby maintainer. Note that those are my views, not necessarily those of the other Debian Ruby maintainers.

Myth: Ruby is completely outdated in Debian and Ubuntu

There’s a culture in the Ruby community of always using the latest bleeding-edge version. There’s also a culture (though this one has recessed a bit, I think) that it’s perfectly fine to change APIs in incompatible ways if it makes the software slightly better.

In Debian (and Ubuntu) stable releases, we try to provide a rock-solid version of Ruby that won’t be allowed to change API during the support lifetime of a release. Bugfixes for important bugs can be applied, but that’s basically all. So it’s not surprising that Ruby in released versions of Debian and Ubuntu is behind the latest upstream version.

In development branches, we are following the latest upstream versions quite closely. Debian 6.0 ‘squeeze’, to be released by the end of the year, includes Ruby 1.8.7-p302, and will include 1.9.2-p0 (the currently of Ruby 1.9.2 in squeeze is currenty a SVN snapshot from beginning of august).

There are people interested in installing a packaged Ruby that just works, and other people interested in installing their own version of Ruby (through RVM and such). People in the Ruby community tend to forget about the first category, and consider that, because they install Ruby from source or with RVM, that should be the solution for everybody.

We need the Ruby community to respect that different people have different ways of using Ruby, and to stop recommending that everyone using Debian and Ubuntu should install Ruby from source.

We also need to leverage the backports services for both Debian and Ubuntu to provide a way to install the latest upstream version on stable releases. The only reason why we are not doing it yet is lack of time.

Myth: Ruby is split into a myriad of packages in Debian

In the past (pre-2005), a decision was made to split some libraries from the standard library into separate packages. This was motivated by:

  • the size of some libraries, like REXML
  • the fact that some libraries, like OpenSSL, readline, gdbm and tk require other library packages to be installed
  • licensing concerns about shipping some code (a .so) linked with OpenSSL, and some other code (another .so) linked with readline, in the same package.

Most of the split was undone a very long time ago, and the readline and openssl splits were undone this year. The current package in Debian squeeze has:

  • ruby1.8: binaries (ruby itself, irb, rdoc)
  • libruby1.8: the standard library, except ruby-tk
  • libtcltk-ruby1.8: ruby-tk (merging it with libruby1.8 would add several megabytes)
  • ri1.8: contains both the ri binary and documentation
  • ruby1.8-dev: development headers (to build applications or gems linked against the Ruby C API), and statically built version of the library
  • ruby1.8-elisp: Ruby emacs mode
  • ruby1.8-examples: Examples
  • libruby1.8-dbg: debug symbols

It is always possible to merge more packages, but merging any of the other packages would significantly increase the size of what you get by default, and might discourage people to use it in some contexts (disk space is not always cheap. Think embedded systems and smartphones).

Myth: Rubygems is crippled in Debian

There are two differences in the rubygems Debian packages. First, gems are installed in /var/lib/gems, not /usr/local/lib/gems. That is because rubygems are seen as “state” for the Rubygems package, not independant software installed separately. A change for this is currently being discussed, and should be done after the squeeze release. (I don’t think that it’s reasonable to push that change now). A consequence of installing to /var/lib/gems is that gems’ binary are outside of $PATH. After the change, gems’ binary would also be installed in /usr/local/bin.

Second, gem update --sytem is disabled in the Debian package, because that would replace code from the Rubygems Debian package with code downloaded from the Internet, and can break your system in subtle ways. We have changed this (in SVN, not in any package in the archive yet) to allow gem update --system if a specific environment variable is set, which gives us the opportunity to display a warning message.

Myth: Ruby is slow on Debian

Ruby is built with the pthread threading code, because not using it breaks many native Ruby libraries (Ruby-gnome2, for example). And other Linux distributions are doing the same.

There are some very old benchmark results floating around in some blogs that show that the pthread code has a performance impact of about 20%. There are been patches for that for a long time (applied in Ruby Enterprise Edition), but they were never properly sent back. Actually, all the discussions about this issue were rumors and blog posts, and there wasn’t even a bug report about it!

After the bug was reported properly, it was fixed in a timely manner. The fix is not yet included in the Ruby 1.8.7, but is being applied as a patch to the Debian package since (So the Debian package is actually newer and faster than upstream Ruby in that regard).

What makes Ruby so difficult to maintain in Debian?

The main problems we have with Ruby are portability issues. The only officially supported platform for Ruby is IA32 (i386 in Debian), and everything else is best effort. It means that it is not even supported officially on x86_64/amd64! Debian supports a dozen of architectures, and the Ruby package has to work on each of them. Ruby 1.8 is mostly OK nowadays thanks to the help of Debian porters, but we still have serious problems with 1.9.2, since the test suite fails on sparc, hppa, ia64 and Debian GNU/kFreeBSD.

Why doesn’t Ruby use the alternatives system on Debian?

The alternatives system provides a way to switch between different software providing the same functionality. Currently, if you want to use Ruby 1.9.2, you need to use the ruby1.9.1 executable (1.9.1 = ruby compatibility version here). The alternatives system would allow to switch ruby to ruby1.9.1 on a system-wide basis.

However, the situation of applications and libraries working only with Ruby 1.8 should be clarified: those should use /usr/bin/ruby1.8 instead of /usr/bin/ruby. Another problem is that the way to specify packages dependencies still need to be determined. There’s nothing impossible to do about that, it just needs someone to do the work.

Where do we go from here?

The Ruby developers (or expert users) community is generally very hostile towards Debian. Many harsh words and insults are used in discussions mentioning Debian in the ruby-core@ mailing list, and there are frequent recommendations to avoid the Debian packages and install from sources, which is quite demotivating (Actually, what prompted that blog post is someone calling Debian-specific changes unforgivable).

This atmosphere makes it hard to recruit people, and the Debian Ruby teams are completely understaffed, which is clearly the major blocker to improving the situation further. We are 3 co-maintainers for the interpreter packages, and I’m the only Debian Developer that is really active on a regular basis in the pkg-ruby-extras team (that does libraries and applications packaging). We desperately need help, but at the same time I have no time to improve our documentation and make it easier to join the team.

While I haven’t reached a final decision yet, I am also likely to stop doing Ruby work in Debian after squeeze is released, as I am getting increasingly tired and demotivated.

SSH ProxyCommand and belier

September 9th, 2010 by lucas

Christoph, belier really looks like a hack. It’s easy to use ProxyCommand to connect to hosts using several hops.

Let’s say that you want to connect to host c, which can only be reached from host b, which can only be reached from host a. It’s as simple as doing:

Host a
    User logina

Host b
    ProxyCommand ssh a nc -q 1 b 22
    User loginb

Host c
    ProxyCommand ssh b nc -q 1 b 22
    User loginc

And of course, it just works with scp, rsync, and everything ssh-based.

It cannot auto-login using passwords, but I’m not sure that having passwords in clear text is a good idea either;)

System calls quizz

August 25th, 2010 by lucas

  1. What is special about the socket, connect, bind, accept, … system calls?
  2. How does the errno value get from the kernel to applications?
  3. Some system calls return a number of times different of 1 in some cases. Which ones? (Put differently: enter a syscall once, exit more or less than once. Which ones can do that?)

(Thanks MG!)

RVM: seriously?

August 24th, 2010 by lucas

There’s some hype in the Ruby community about RVM (Ruby Version Manager). It’s a tool that allows to switch between Ruby versions on the same system (much like what the alternatives system provides for Java on Debian, except that RVM does it either system-wide or per-user).

However, when you look at it, RVM looks quite scary.

The recommended installation instruction is:
bash < <( curl ).
That script doesn’t use set -e, and actually does a git clone behind the scenes. Without first checking that git is installed. But if you don’t have git installed, it’s not a problem: there’s another script later on the page that downloads and compiles it for you.

After installing RVM itself, you need to install rubies (different ruby implementations). Use rvm install ree,1.9.2-head,jruby. That will automatically download and build the various versions in your homedir. It’s interesting to note the the compilation messages were probably too scary, and are not displayed.

But how does it handle the switch between different versions ? First, you need to add some magic to your .bashrc:
[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
or, for a system-wide install of rvm:
[[ -s "/usr/local/rvm/scripts/rvm" ]] && . "/usr/local/rvm/scripts/rvm"
And then, you can select your ruby implementation using rvm --default 1.9.2, for example. That works by redefining $PATH:
# echo $PATH

Of course, that’s quite fragile: if you are in one of the cases where bash doesn’t read .bashrc, or if you happen to be using dash, you lose.

Looking at the code of RVM itself, it is also very fragile: it’s pure bash, without any error handling. During my test (in a chroot), I often got error messages about missing commands that were apparently ignored. The installer insists on using colors, and spews lots of error messages if executed without a controlling tty. There are also some interesting code snippets like perl -e 'sleep 0.5'.

So, where do we go from here? Well, obviously, with my Debian hat, I’m not going to advocate a solution that makes everything possible to avoid the distribution’s packaging system, and I don’t see RVM being packaged in Debian anytime soon.
In Debian, we already provide co-installability of Ruby 1.8 and 1.9.2, and users are free to choose which one to use on a per-script basis, by running them with version-suffixed ruby executables. The ‘ruby’ executable itself still points to 1.8, as it’s clearly too early to make 1.9.2 the default. Many Ruby libraries are provided for both 1.8 and 1.9.2, and we plan to discuss changes in the packaging system to be able to make it easier to provide packages for both versions. There’s also recent work on packaging JRuby, but it’s quite hard as it requires removing all the non-free or undistributable parts, and packaging them separately.

List of new Debian contributors

August 17th, 2010 by lucas

Since I worked on UDD‘s upload history gatherer during Debconf, I generated the list of new Debian contributors. (By contributor, I mean here someone in the Changed-By field of an upload (so it’s not necessarily the maintainer of the package he/she upload)).

It’s quite fun to try to remember the context of your first upload to Debian (which package, who sponsored it), and look at the other contributors that “graduated” at the same time as you did. Or to see the constant flux of new contributors.

On extending Debian membership to non-programming contributors

August 3rd, 2010 by lucas

Stefano raised again the issue of providing some kind of Debian membership to people that contribute to Debian in unusual ways (not involving deep purely technical skills), like doing translation, documentation, marketing, design, etc.

Each time this discussion comes back, people seem to think that we need another membership status for them. But what for?

It’s true that the name “Debian Developer” is suboptimal for non-programmers. But it’s also suboptimal for most DDs, since most of us don’t strictly develop software: we “just” maintain packages, mainly developing meta-data around the upstream source code. “Debian Developer” is how we call our full-fledged project members. Do we want to classify those non-programming contributors as second-class citizens? If not, we need to make them “Debian Developers”, not some strange other name.

Of course, there’s the issue of security and trust. Debian Developers have upload rights on all packages, and access to the project’s machines. And it’s a bit strange to trust non-programmers with that level of power. On the other hand, we have many Debian Developers that are mostly inactive, became DDs half a decade ago, and have the same access rights. Worst, it’s possible that they remember how to use dput, having used it before! And 95% of DDs (me included) should probably not be uploading the libc, even if they can. Why should they be more trusted than active non-programming contributors that probably would be quite scared by the idea of breaking something?

Overall, I think that this issue is actually a non-issue. We should:

  • Acknowledge that, when a non-programming contributor has made notable contributions to Debian (proven by the advocacy of current members) and passed the relevant parts of the Philosophy and Procedures check, it should be made a Debian developer.
  • Orthogonally, acknowledge that we have a problem with security due to the size and the volunteer nature of the project, and address it independently. For example, shell accounts could be disabled after 3 months without connecting to Debian machines (and be re-enabled by the DD on And upload rights could be limited to non-core packages (and extended by the DD on too). It’s not about adding intermediate levels of membership, just about giving the possibility to developers to add a safe-guard against themselves.

Ubuntu bugs with patches on the PTS and the QA Packages Overview

August 2nd, 2010 by lucas

Like the Debian BTS, Launchpad is full of open bugs with patches[1]. They have an ongoing effort called Operation Cleansweep whose goal is to get the number of bugs with patches to zero, by reviewing patches and forwarding them upstream or to Debian.

Since it really makes sense to expose bugs with patches to the Debian maintainers, I’ve modified the Ubuntu box on the Packages Tracking System and the Ubuntu column on the QA Packages Overview (hidden by default for now) to include that information. You can see the result on the dpkg PTS page and the debian-pkg@ packages overview page.

Many thanks to Brian Murray for making this possible on the Launchpad side.

[1] Debian has 55115 open bugs affecting unstable, of which 4011 have a patch. Ubuntu has 76916 open bugs, of which 2207 have a patch. [Insert here disclaimer that this is not at all a judgement of value on the abilities of any distribution at triaging bugs, or at generating patches]
Relevant UDD queries:

select count(*) from bugs
where affects_unstable and status = 'pending'
and id in (select id from bugs_tags where tag ='patch');

select count(*) from bugs
where affects_unstable and status = 'pending';

select count(distinct bugs.bug)
from ubuntu_bugs_tasks tasks,ubuntu_bugs bugs
where tasks.bug = bugs.bug
and distro in ('', 'Ubuntu')
and status not in ('Invalid', 'Fix Released', 'Won''t Fix')
and bugs.patches is true;

select count(distinct bugs.bug)
from ubuntu_bugs_tasks tasks,ubuntu_bugs bugs
where tasks.bug = bugs.bug
and distro in ('', 'Ubuntu')
and status not in ('Invalid', 'Fix Released', 'Won''t Fix');

Help needed: analyzing and filing installation/removal/upgrade bugs

August 1st, 2010 by lucas

I’ve been working on a piuparts-like tool call instest (yeah, crappy name) to test installation, removal and upgrade of packages. Compared to piuparts, it’s simpler and tries to make it easier to file bugs. However, running it on sid still raises ~3000 failures. So I’m seeking help to analyze those failures and file bugs.

The tasks are:

  • get a grasp on what instest does, the script used to analyze the results, and the current results (yes, I know there are some obvious false positives).
  • find possible improvements (isolate false positives or common error cases) and improve the scripts (no need to learn Ruby, I can help with that part)
  • file bugs (there are scripts – based on my archive rebuild ones – to do that efficiently)

If you want to help, just contact me at Debconf!