Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 219 other subscribers

My Favourites

Slackware

Calendar

July 2016
M T W T F S S
« Jun    
 123
45678910
11121314151617
18192021222324
25262728293031

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

Meta

Ten years of SlackBuilds.org

sbologo This week marks the tenth anniversary of SlackBuilds.org.

Many of us will remember the time when a true Slacker did not bother herself with build scripts. The “configure && make && make install” mantra was at the forefront of everyone’s mind when it came to installing new software. Slackware made this possible. Unlike the other big distros, the Slackware package management did (and does!) not get in your way. If you want to compile your software by hand, bypassing the package management ‘database’ (which in Slackware is nothing more than a directory), then nothing or no one is stopping you.

But when you compile and upgrade a lot of software, or when you have to re-install your computer, all that hand-compiled stuff is quite tricky, if not pretty hard, to replicate unless you wrote down all that you did. And if you had been writing your compile and build steps down anyway, then it was a small step towards formalizing this documentation into an actual build script. And Slackware was (mostly) developed using build scripts, called “SlackBuilds” because of these scripts’ extension “.SlackBuild”. So, these scripts used by Slackware became gradually more common among users of Slackware. And once you had compiled a package using a build script, other advantages would become obvious: if you owned more than one computer you did not have to compile your software twice. You would transfer the package to your other computer(s) and use the Slackware ‘pkgtools’ to install or upgrade the package. Fast and deterministic.

In those days, there was a web site called “linuxpackages.net” – formerly known as “linuxmafia.org” but I guess that name had a negative vibe to it. Linuxpackages.net would offer binaries for Slackware, nicely packaged in case you were not inclined to compile stuff yourself. The site was pretty popular, but it had a major disadvantage: the packages did not have a proper quality control and it would happen ever so often that people’s computers broke after installing one of their packages. The ‘LP‘ packages were apparently built on unclean systems, introducing unknown dependencies, and the build scripts would often be absent. Good old NoobFarm has a lot of nice LP related quotes taken from the regular Slackware meeting places on the Net.

Also in those days, somewhere end of May, beginning of June 2006 (don’t have exact records of our first contact) there was a relative Slackware freshman called Robby Workman. He and his pal Erik Hanson (who initiated the GWare project, a Gnome build for Slackware after Slackware dropped that Desktop Environment from the distro) envisioned a web site where one would be able to find – not binaries, but SlackBuild scripts. These scripts would be quality-tested by a small team of people who carried trust in the community. High-quality scripts and skilled, trustworthy people at the helm, this would certainly gain some traction and be generally beneficial to the Slackware ecosystem. Robby and Erik contacted me because I knew Pat, some of my work had landed in Slackware releases, and my SlackBuilds repository (scripts plus packages) was already quite well-known but not well-organized (no proper ChangeLog.txt).

At that time I was not yet a part of the Slackware coreteam by the way – that would take until August of that same year. Robby and Erik asked me if I would be interested to join them and become part of the admin team of this new SlackBuilds.org (SBo) project they had in mind and I said “yes”. We talked this through with Pat and in particular, we discussed our scope. We wanted Pat to be sympathetic of our cause and we did not want to become a possible burden to him on the long run. For that reason, the golden rule was established that all SlackBuild entries at slackbuilds.org would follow the style of the “mother” scripts. Basically, a SBo script should be transferable into the Slackware core distro without feeling out of place. I think it was this rule that made Pat give the nod of approval. Just think of the scenario where the SBo site would become popular using a style of SlackBuild scripts that did not look at all like Slackware’s own. There was a good chance that people would start demanding that Slackware must adopt the scripting style of SBo. This was a big no-no.

In contrast, my own SlackBuild scripts do a whole lot more than a basic Slackware script – notably my scripts will download the source tarballs for you. You will not find any of those scripts on slackbuilds.org for the exact reason I just explained.

I dug through my email logs and the oldest record I still have is this, the first test email of the then already functional project:

testing_SBo

Coïncidentally this day (8 June 2006) also marks the start of formalizing my own SlackBuilds repository. I had been working on my gen_repos_files.sh script since April 2006 and used it for the first time on June 8th. The first entry in the ChangeLog.txt says:

+--------------------------+
Thu Jun  8 15:10:57 UTC 2006
Starting the ChangeLog.txt for Alien's SlackBuild repository.

Ten years have passed since those days, and SlackBuilds.org has brought a lot of good to Slackware. SBo submissions find their way into the Slackware distro core quite regularly. Which is nice, but more important is the fact that users of the distro are no longer tied to the “small” (other distros’ judgement) official repository but can tap into a vast repository of high-quality build scripts. I don’t think that anybody can concieve today of the idea that there would not be a SlackBuilds.org repository.

The fact that the SlackBuild scripts of SBo remained so basic allowed several “third party” tools to be conceived that wrap themselves around the SBo content as it were, providing queue control and automation for the process of building your own packages as well as all their dependencies. Well-known examples are sbopkg, sbotools and slpkg. The queue management feature is special. Slackware is a distro that does not concern itself with dependency management – you install the full distro, it is small enough, and that fulfills all the dependencies. Working with 3rd party packages and scripts is different though, and these tools around SBo have found ways to build and install all the required dependencies along with the package that you want to have in the first place. All of that is made possible by the SBo “info” file which is part of every submission. It contains the essential information about the software that is to be packaged, it is easily parseable and therefore ideal source material for the 3rd party tools:

PRGNAM="name of application"
VERSION="version of application"
HOMEPAGE="homepage of application"
DOWNLOAD="direct download link(s) of application source tarball(s) arch-independent or x86"
MD5SUM="md5sum(s) of the source tarball(s) defined in DOWNLOAD"
DOWNLOAD_x86_64="direct download link(s) of application source tarball(s), x86_64 only"
MD5SUM_x86_64="md5sum(s) of the source tarball(s) defined in DOWNLOAD_x86_64"
REQUIRES="%README%"
MAINTAINER="name of SlackBuild script maintainer"
EMAIL="email address of author"

I have since retired as a SBo admin, although I still hang out in the users- and admin-channels on IRC. Others have come and gone as well, and the current team is still going strong (and with Robby & Erik still at the wheel). I admire these guys a lot, because just look at the size of the repository! The package database for Slackware 11.0 (which we started with in 2006) contains 429 submissions. Compare that number to the Slackware 14.1 repository’s 5745 entries. That’s more than 13 times as many! And now imagine that this small team (the admin team has grown a bit bigger since the beginning but not much) still QA’s every script by compiling it and checking the outcome. On top of that, the team has to test all these scripts against the upcoming Slackware 14.2 release and make sure that there will be a high-quality SBO repository for Slackware 14.2 when that gets released. The project is using GIT to manage this transition process. Learning about and understanding git is one of the most important things that I took from the SBo project.

These guys need your praise and support. Go tell them in the slackbuilds-users mailing list!

 

Updated ISOs for Slackware Live Edition

blueSW-64pxI am in the process of uploading new ISO images for Slackware Live Edition based on the liveslak 1.0.1 scripts and using Slackware-current dated “Fri May 27 23:08:17 UTC 2016”. This version of Slackware-current has several significant changes and fixes, compared to the snapshot I used for the liveslak-1.0.0 based ISO images.

I did not add a “1.0.1” tag to the repository, but the Live OS will report the “1.0.1” on the boot screen so that you can distinguish these new ISOs from the older versions with the same name. If you want to know the characteristics of an ISO after downloading it, try this command:

$ isoinfo -d  -i your_downloaded.iso | egrep “Volume id|Publisher id|Data preparer id|Application id”

As usual, you will find ISO images for a full Slackware (64bit and 32bit versions), 64bit Plasma5 and MATE variants and the 700MB small XFCE variant (64bit and 32bit versions).

I added a 32bit variant of the XFCE ISO on request because I could see its usefulness when using it on older hardware. Also considering that more and more distributions are abandoning their 32bit OS variants, this addition makes a nice strong statement. There’s still a lot of old hardware out there, in active service.

As announced before, I have “re-written” the original blog post on Slackware Live and saved the old text in a new article so that it does not get lost in history. The URL of the original article is visited a lot and I do not want people reading that original article to think that this project is still in beta, immature and not usable.

The changes between liveslak 1.0.0 and 1.0.1

I can mention a few highlights:

  • Shutdown of PXE-booted Live OS has been fixed (often the computer would hang halfway the shutdown and require a hard reset).
  • Xorriso can be used as an alternative to mkisofs and isohybrid when generating the ISO image. Xorriso has to be installed separately, it is not part of Slackware.
  • A module “broadcom-sta” was added to the “optional/” directory. You should try this one in case the kernel’s support for your Broadcom wireless hardware is not sufficient and wireless does not activate. Use “load=broadcom-sta” on the boot commandline and then the “wl” kernel driver should load and enable your “wlan0” wireless interface.

Download the ISO images

The ISO variants of Slackware Live Edition are: SLACKWARE, XFCE, PLASMA5 and MATE. These ISO images (with MD5 checksum and GPG signature) are being uploaded to the master server (bear) at the moment, and should be available on the mirror servers within the next 24 hours.

Have fun! Eric

Chromium 51 packages available

chromium_iconGoogle updated the stable branch of the Chromium browser to a new major version number: “51”. An overview of the changes since the previous “50” release are found in Google’s git. Updated packages for Slackware 14.1 and -current are now available from my repository, for the download URLs see below.

The announcement on the Google Chrome Releases blog mentions a list of vulnerabilities that were addressed with this release. Here are the ones that got a CVE rating… it sure pays off to be a security researcher and find Google Chrome vulnerabilities:

  • [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  • [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
  • [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
  • [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
  • [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

 

As always, it is strongly advised to upgrade to this new version of Chromium. Get my chromium packages in one of the usual locations:

The widevine and pepperflash plugin packagess for chromium can be found in the same repository. The 64bit version of the Widevine plugin was updated with new libraries extracted from the official Google Chrome for Linux; the new Chrome does not contain a newer PepperFlash than what I already have in my repository.

Remember, even though I can still provide a 32bit Chromium browser, Google has ceased providing a 32bit version of their own Chrome browser – which means, no more updates to the 32bit PepperFlash and Widevine plugins.

Have fun! Eric

Stable 1.0.0 release of liveslak

blueSW-64pxYesterday on the final day of my short holiday (of sorts) I prepped and released version 1.0.0 of my “liveslak” project. It is stable and the bugs that were reported (plus some more) have been taken care of.

The “1.0.0” marker is not the end of its development of course. It means that I consider the project production-ready.  It will be used to create Live Editions of Slackware 14.2 (64bit and 32bit) when that is released. There’s still some more ideas for liveslak that I want to implement and those will become available as 1.x releases.

For demonstration purposes I have generated a new set of ISO images using liveslak version 1.0.0. There are ISO images for a full Slackware (64bit and 32bit versions), 64bit Plasma5 and MATE variants and the 700MB small XFCE variant (also 64bit). They are based on Slackware-current dated “Thu May 12 01:50:21 UTC 2016“.

This weekend I will “re-write” the original blog post on Slackware Live because it is the page that has had the biggest hit rate for the past months. People reading that original article may think that this project is still immature and not usable. I will re-write it into a landing page for anyone who is interested in a Live Edition of Slackware, and copy the original text to a new article for reference purposes. All previous articles about the liveslak project aka “Slackware Live Edition” are accessible through this shortcut link by the way.

The changes between 0.9.0 and 1.0.0

Not much was changed actually:

  • I added a new “tweaks” boot option to tweak various aspects of the system. As documented in the Wiki, these are the currently implemented tweaks (multiple tweak values can be combined when comma-separated):
    • nga – no glamor 2D acceleration, avoids error “EGL_MESA_drm_image required”. Because we now have “tweaks=nga“, the old boot parameter “nga” which did the same thing has been removed.
    • tpb – enable TrackPoint scrolling while holding down middle mouse button (a TrackPoint is found on IBM/Lenovo laptops but not only there).
    • syn – start the syndaemon for better support of Synaptics touchpads.
    • ssh – start the SSH server (it is disabled by default). 
  • The SSH daemon is disabled by default now. The default login accounts and passwords of Slackware Live Edition are too easy to find out. Imagine what could happen if you booted Slackware Live on a public network like an internet café!
    Note that you can still enable the SSH daemon on boot: by providing the “tweaks=ssh” boot parameter.
  • The few bugs reported since 0.9.0 have been fixed and I found a few bugs and enhancements too, which have also been dealt with. Check out the commit log if you are interested.

Download the ISO images

The ISO variants of Slackware Live Edition are: SLACKWARE, XFCE, PLASMA5 and MATE. These ISO images (with MD5 checksum and GPG signature) were uploaded to the master server (bear) yesterday and should be available by now on the mirror servers.

Have fun! Eric

Updates for LibreOffice, Chromium, Calibre, QBittorrent, Veracrypt

I have been preparing a stable release of liveslak, and I wanted the PLASMA5 ISO to have up-to-date software taken from my own “alien” package repository. So I downloaded the latest sources and have prepared new packages for Slackware-current on which the Live ISOs are based, for the following:

  • LibreOffice:
    LibreOffice 5.1.3 is a minor update, focusing on bug fixes.
  • Chromium:
    Chromium 50.0.2661.102 is a security fix, addressing 5 CVE’s. Some days earlier I already uploaded a newer version of the PepperFlash plugin for Chromium. Note that Google no longer releases 32bit versions of its Chrome browser, so that the PepperFlash and Widevine plugins will see only 64bit updates.
  • Calibre:
    Nothing really exciting about the new 2.56.0 version. Kovid Goyal keeps improving this e-book library management program at a steady rate. Its GUI uses Qt5 so this is a natural inclusion for the Plasma5 Live ISO.
  • QBittorrent:
    Version 3.3.4 is the latest of this great bittorrent client with a Qt4 based GUI (I have not switched to its new Qt5 based GUI yet)
  • Veracrypt:
    The successor of TrueCrypt when that program stopped being developed. VeraCrypt fixes many (security) bugs that were still present in TrueCrypt. Its development continues with the 1.17 release while remaining compatible with older TrueCrypt containers.

Now we just need to cross fingers and hope that there will be a release of Slackware 14.2 soon, so that I can create definitive versions of Slackware Live Edition.

Packages for the aforementioned software can be obtained from these mirror sites and probably others too:

Cheers! Eric