Stuart Herbert | Gentoo

I’ve just done an upgrade of a web box from Apache 2.0.x to Apache 2.2.8, using Portage 2.1.4.4. Somehow, Apache got built after the modules (PHP, Subversion, etc etc) were upgraded - and not before. This left Apache completely unable to start, because the modules had been linked against Apache 2.0. Grrr.

Gentoo’s new Apache 2.2.8 default config also left behind the mod_ssl config file from Apache 2.0 (for some reason, instead of updating this file, Apache 2.2.8 comes with a mod_ssl file with a different name)

Also had problems with /usr/lib/apache2/logs not existing, and with Apache’s Listen directive being hidden away inside the default vhost, instead of in the main config file where it belongs.

All in all, took me a couple of hours to dig through everything and sort it out. It’s not like Gentoo’s Apache team to fsck things up as badly as this; I hope this isn’t a sign of things to come, or else I’ll fork these packages and maintain them myself.

Give or take a couple of weeks, it’s been 12 months since I resigned from Gentoo.  At the time, I said that I was looking to continue my work on the Seeds project “downstream” of Gentoo.  I’m now ready to do that.

Seed Linux, hosted on Google Code, is the official successor to Gentoo Seeds project that I started during my time at Gentoo.  At the moment, there’s an embryonic overlay and wiki, and a handy script to build a Seed Linux Xen VM from scratch (tested on CentOS 5) - and four basic seeds for x86:

• portage-server is a simple local rsync server seed for the Portage tree, to save your Seeds having to sync their trees from the Net all the time.
• file-server is a very simple Samba server for running on a home or office file server.
• lamp-server is a basic LAMP (Linux, Apache, PHP 5, MySQL) stack, perfect for running a blog on.  It also supports mod_python and Ruby on Rails, but I plan on releasing a separate LAMR stack in the future (an optimised LAMP stack makes for poor LAMR performance, and vice versa).
• devbox is an empty seed, useful for developing other seeds

I’m also working on a basic home-gateway seed (email/anti-spam/internal DNS/VPN gateway), but that isn’t ready to commit just yet.

The whole idea behind the Seeds is to do what Gentoo has never managed - to provide out-of-the-box working solutions to specific problems.  To do that, I need somewhere I can host pre-compiled Seeds for users to download. If anyone can provide suitable diskspace and bandwidth (or knows anyone who can), I’d love to hear from you!

My focus this week isn’t on the LAMP Server seed, but on our NX packages. Unfortunately, I’ve lost my proxy maintainer, and I’ve allowed these packages to become quite a mess.

Time for some sorting out.

The plan is to get FreeNX (and maybe 2X too) working against the NX-1.5.0 libraries first, and then to get the NoMachine nxserver-2.1 release working against the NX-2.x libraries. To save lots of time, I’m going to be working in the Gentoo NX Overlay; I’ll bring the packages across to the main Portage tree once I’m happy with them.

If you’re interested in helping to test these packages on amd64, ppc or sparc (which is where older versions are keyworded), give me a shout. The older packages are junk, and need removing from Portage; I’ll be dropping keywords if no-one’s available to test the newer packages.

I’ve revbumped the seeds-config/lamp-server-portage package this morning, to change some of the USE flags that it sets in package.use. Doing so made me realise that bumping all the package.* files under seeds-config/lamp-server-portage/files just for a one line change takes too much work.

Instead, I’ve switched the seeds-config/lamp-server-portage to hold the package.* files inside the ebuild itself. Bumping the ebuild is all that you have to do, whenever we need to change the settings.

This has made me look at support for package.use in profiles from a different angle. I’m still in favour of that feature, but I’m no longer so sure that making heavy use of it is right for the Seeds project.

If we change the contents of the profile (e.g., we change the USE flags listed in package.use), but we don’t give the profile a new name … then we’ve changed the behaviour of the profile itself. It’s not like changing a package, where a user gets to choose whether he wants the change or not (he chooses by upgrading to a later version of the package or not). Changing a profile means that we’re forcing a change on a user; the only way they can avoid the change is to avoid syncing, or by versioning their own tree.

In the back of my mind, I’m aware that one possible outcome from the Seeds project is that we might choose to build it against a slower-moving copy of the Gentoo package tree (i.e. the so-called ‘enterprise’ tree). (We’re not doing any work on this atm, btw, before anyone gets their knickers in a twist). If that happens, then the LAMP Server packages and profiles are likely to have a much longer shelf-life than your average Gentoo package. LAMP Server users (if we ever gain any ) will want to be able to roll out identical installs across their web farms. Reproducability (something that the wider Gentoo tree makes difficult) could become an important factor.

So, at the moment, when per-profile package.use comes along, I’m not sure whether or not to switch the seeds-config/lamp-server-portage package over using it or not. It’s going to require a bit more thought.

If we don’t switch, then that’ll probably force our hand, and make us have all the seed packages pin their deps down to exact versions of packages (e.g., explicitly require net-www/apache-2.2.3, instead of just net-www/apache).

The LAMP Server’s base-system will now pull in the network-tools package.

As with all the LAMP Server packages, I’m sure we’re missing a few tools that folks’d like to see included. Let me know what’s missing, and I’ll take a look at it.

Before heading into work this morning, I split up seeds-extra/misc-admin-tools; we now have separate packages for disk-tools and fs-tools.

I’m sure there are plenty of tools we should be including (but currently aren’t), so let me know what we’re missing - and why it should be included - and we’ll take a look.

http://ossec.net/

One of the things that we need in the LAMP Server seed is a host-based intrusion detection system. It’s not the sort of tool that I’ve played with before; it’s nice to get to learn something new for a change

One of the packages I’m evaluating is ossec-hids. I’ve put together a basic package for this in my overlay (layman -a stuart-server). If I decide to take on the responsibility of maintaining this package longer term, I’ll move it across to the main Portage tree.

Samhain is also on the list, as is rkhunter. Any other packages I should be looking at?

I’ve added two new pages to the Gentoo Seeds Wiki this morning. We now have a page listing the roles where we know we need help, and a page listing the folks who are working on the project.

Please make sure you add your details to our team page

One of the things we’re looking for is someone who fancies creating a post-install configuration tool for seeds. The tool will need to be flexible - it must work on the console and in X (some seeds will not include X at all), it needs to support both configuration common to all seeds and per-seed configuration, and it needs to be scriptable too. As the tool is definitely post-install, it’s not intended to be a replacement for the Gentoo Linux Installer. If you’re interested in designing such a tool, come and talk to me

I’ve added a staffing page to the Gentoo Seeds wiki to help us all keep track of who is working on what. It also helps us all answer queries every time someone pops into #gentoo-php or #gentoo-seeds asking how they can help

I’ve only listed the details of what I’m working on; I don’t want to make any assumptions about what you’re working on Please add your details directly onto the wiki page. If you’re working on the project, but don’t have write access to the wiki, let me know and I’ll get that sorted out for you.

I’ve been through all of the packages that are currently in the Gentoo Seeds overlay, and added some really basic documentation about each of them to the wiki. Right now, the docs are as much a memory aide as anything else, but at least there’s something for each and every package.

I haven’t documented the profile yet, nor written anything up about the SEEDS_EXTRA USE_EXPAND. I’ll try and get that done as soon as possible; it’ll make it easier for other folks to contribute