blog/content-org/all-posts.org
Sergio Durigan Junior d564418f94
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Set tags for previous post
2024-06-12 21:19:49 -04:00

374 lines
16 KiB
Org Mode

#+hugo_base_dir: ../
* DONE The Pagure Debian package is now orphan :debian:free_software:english:pagure:
CLOSED: [2024-06-12 Wed 21:16]
:PROPERTIES:
:EXPORT_FILE_NAME: pagure-debian-is-now-orphan
:END:
As [[* Planning to orphan Pagure on Debian][promised]] in the last post, I have now orphaned the Pagure Debian
package. Here's the full text I posted on the BTS:
#+BEGIN_QUOTE
After several years, I finally decided to orphan pagure :-(.
I haven't been using it as my personal forge anymore, and unfortunately
upstream development slowed down quite a bit after the main author and
maintainer stopped contributing regularly to the project. But that is
not to say that upstream is dead; they are still working towards
preparing the next release.
Pagure is a big package with several components and an extensive list of
build dependencies (and an even bigger testsuite which I never managed
to make fully work on Debian). It is not for the faint of heart, and
most of the time is usually spent fixing its (build) dependencies so
that it doesn't get removed from testing.
If I may, I would like to leave some suggestions for a future
maintainer.
- I never had the time to write dep8 tests, mainly because setting up
the software is not trivial. It would be great if the package had
more Debian-centric testing.
- Speaking of the hurdles to setting up Pagure, I believe the package
installation could be made a bit more automated using debconf. I
don't see a way to fully automate it (look at d/README.Debian), but
there is certainly room for improvement.
I also left a brief TODO list inside d/README.source; feel free to
tackle any item there!
I wish the next maintainer can have as much fun with the package as I
did when I first made it for Debian!
Thank you,
#+END_QUOTE
That's it. It was while it lasted, but I needed to feel myself
unburdened so that I don't have that constant feeling of "I should be
properly maintaining this package...".
If you feel like you'd like to give it a try at maintaining Pagure,
now is the time!
* DONE Planning to orphan Pagure on Debian :english:debian:free_software:
CLOSED: [2024-02-25 Sun 22:23]
:PROPERTIES:
:EXPORT_FILE_NAME: planning-to-orphan-pagure
:END:
I have been thinking more and more about orphaning the [[https://tracker.debian.org/pagure][Pagure Debian
package]]. I don't have the time to maintain it properly anymore, and
I have also lost interest in doing so.
** What's Pagure
[[https://pagure.io/pagure][Pagure]] is a git forge written entirely in Python using pygit2. It was
almost entirely developed by one person, Pierre-Yves Chibon. He is
(was?) a Red Hat employee and started working on this new git forge
almost 10 years ago because the company wanted to develop something
in-house for Fedora. The software is amazing and I admire Pierre-Yves
quite a lot for what he was able to achieve basically alone.
Unfortunately, a few years ago Fedora [[https://communityblog.fedoraproject.org/making-a-git-forge-decision/][decided]] to move to Gitlab and
the Pagure development pretty much stalled.
** Pagure in Debian
Packaging Pagure for Debian was hard, but it was also very fun. I
learned quite a bit about many things (packaging and non-packaging
related), interacted with the upstream community, decided to dogfood
my own work and run my Pagure instance for a while, and tried to get
newcomers to help me with the package (without much success,
unfortunately).
I remember that when I had started to package Pagure, Debian was also
moving away from Alioth and discussing options. For a brief moment
Pagure was a contender, but in the end the community decided to
self-host Gitlab, and that's why we have [[https://salsa.debian.org][Salsa]] now. I feel like I
could have tipped the scales in favour of Pagure had I finished
packaging it for Debian before the decision was made, but then again,
to the best of my knowledge Salsa doesn't use our Gitlab package
anyway...
** Are you interested in maintaining it?
If you're interested in maintaining the package, please get in touch
with me. I will happily pass the torch to someone else who is still
using the software and wants to keep it healthy in Debian. If there
is nobody interested, then I will just orphan it.
* DONE Migrating my repositories to Forgejo :english:selfhost:free_software:
CLOSED: [2024-02-24 Sat 23:51]
:PROPERTIES:
:EXPORT_FILE_NAME: migrating-to-forgejo
:END:
After some thought, I decided to migrate my repositories to [[https://forgejo.org][Forgejo]].
I know, I know... The name sucks a little bit, but nothing is
perfect. Forgejo is a fork of [[https://gitea.com][Gitea]], and was created after [[https://gitea-open-letter.coding.social/][some drama]]
regarding Gitea Ltd taking over the development of the Gitea project.
I have to be honest and say that I'm growing tired of seeing so much
drama and confusion arise from Free Software communities and projects,
but in a way this is just a reflection of what's happening with the
world in general, and there's very little I can do about it. Anyway.
Deploying Forgejo was easy thanks to [[https://github.com/mother-of-all-self-hosting/mash-playbook][mash-playbook]], which is a project
I've been using more and more to deploy my services. I like how
organized it is, and the maintainer is pretty responsive. On top of
that, learning more about Ansible had been on my TODO list for quite a
while.
All of this means that I decided to move /away/ from [[https://sr.ht][Sourcehut]] (I
might use it as a mirror for my public repositories, though). I did
that because I wanted to self-host my git forge again (I've been doing
that for more than a decade if you don't count my migration to
Sourcehut last year). Not liking some of Sourcehut's creator's
opinions (and the way he puts them out there) may or may not have
influenced my decision as well.
** A Continuous Integration to rule them all
Something that I immediately missed when I setup Forgejo was a CI. I
don't have that many uses for it, but when I was using Sourcehut I
setup its build system to automatically publish this blog whenever a
new commit was made to its git repository. Fortunately,
=mash-playbook= also supports deploying [[https://woodpecker-ci.org/][Woodpecker CI]], so after
fiddling during a couple of days with the Forgejo ↔ Woodpecker
integration, I managed to make it work just the way I wanted.
** Next steps
Write more :-). Really... It's almost as if I like more to deploy
things than to write on my blog! Which is true, but at the same
isn't. I've always liked writing, but somehow I grew so conscious of
what to publish on this blog that I'm finding myself avoiding doing it
at all. Maybe if I try to change the way I look at the blog I'll get
motivated again. We'll see.
* DONE Using WireGuard to host services at home :english:howto:selfhost:wireguard:debian:
CLOSED: [2023-05-23 Tue 00:56]
:PROPERTIES:
:EXPORT_FILE_NAME: using-wireguard-host-services-home
:END:
It's been a while since I had this idea to leverage the power of
[[https://wireguard.org][WireGuard]] to self-host stuff at home. Even though I pay for a proper
server somewhere in the world, there are some services that I don't
consider critical to put there, or that I consider *too* critical to
host outside my home.
** It's only NATural
With today's ISP packages for end users, I find it very annoying the
amount of trouble they create when you try to host anything at home.
Dynamic IPs, NAT/CGNAT, port-blocking, traffic shapping are only a few
examples of methods or limitations that prevent users from making
local services reachable in a reliable way from outside.
** WireGuard comes to help
If you already pay for a VPS or a dedicated server somewhere, why not
use its existing infrastructure (and public availability) in your
favour? That's what I thought when I started this journey.
My initial idea was to use a reverse proxy to redirect external
requests to the service running at my home. But how could I make sure
that these requests reach my
dynamic-IP-behind-a-NAT-behind-another-NAT? Well, let's create a
tunnel! WireGuard is the perfect tool for that because of many
things: it's stateless, very performant, secure, and requires very
little configuration.
** Setting up on the server
On the server side (i.e., VPS or dedicated server), you will create
the first endpoint. Something like the following should do:
#+begin_src ini
[Interface]
PrivateKey = PRIVATE_KEY_HERE
Address = 10.0.0.1/32
ListenPort = 51821
[Peer]
PublicKey = PUBLIC_KEY_HERE
AllowedIps = 10.0.0.2/32
PersistentKeepalive = 10
#+end_src
A few interesting points to note:
- The =Peer= section contains information about the home service that
will be configured below.
- I'm using =PersistentKeepalive= because I have a dynamic IP at my
home. If you have a static IP, you could get rid of
=PersistentKeepalive= and specify an =Endpoint= here (don't forget
to set a =ListenPort= *below*, in the =Interface= section).
- Now you have an IP where you can forward requests to. If we're
talking about HTTP traffic, Apache and nginx are absolutely capable
of doing it. If we're talking about other kind of traffic, you
might want to look into other utilities, like [[https://www.haproxy.org/][HAProxy]], [[https://traefik.io/traefik/][Traefik]] and
others.
** Setting up at your home
At your home, you will configure the peer:
#+begin_src ini
[Interface]
PrivateKey = PRIVATE_KEY_HERE
Address = 10.0.0.2/32
[Peer]
PublicKey = PUBLIC_KEY_HERE
AllowedIps = 10.0.0.1/32
Endpoint = YOUR_SERVER:51821
PersistentKeepalive = 10
#+end_src
** A few notes about security
I would be remiss if I didn't say anything about security, especially
because we're talking about hosting services at home. So, here are a
few recommendations:
- Make sure to put your services in a separate local network. Using
VLANs is also a good option.
- Don't run services on your personal (or work!) computer, even if
they'll be running inside a VM.
- Run a firewall on the WireGuard interface and make sure that you
only allow traffic over the required ports.
Have fun!
* DONE Ubuntu debuginfod and source code indexing :english:ubuntu:debuginfod:debian:free_software:gdb:
CLOSED: [2023-05-13 Sat 16:43]
:PROPERTIES:
:EXPORT_FILE_NAME: ubuntu-debuginfod-source-code-indexing
:END:
You might remember that in my [[/posts/debuginfod-is-coming-to-ubuntu/][last post]] about the [[https://debuginfod.ubuntu.com][Ubuntu debuginfod
service]] I talked about wanting to extend it and make it index and
serve source code from packages. I'm excited to announce that this is
now a reality since the Ubuntu Lunar (23.04) release.
The feature should work for a lot of packages from the archive, but
not all of them. Keep reading to better understand why.
** The problem
While debugging a package in Ubuntu, one of the first steps you need
to take is to install its source code. There are some problems with
this:
- =apt-get source= required =dpkg-dev= to be installed, which ends up
pulling in a lot of other dependencies.
- GDB needs to be taught how to find the source code for the package
being debugged. This can usually be done by using the =dir=
command, but finding the proper path to be is usually not trivial,
and you find yourself having to use more "complex" commands like
=set substitute-path=, for example.
- You have to make sure that the version of the source package is the
same as the version of the binary package(s) you want to debug.
- If you want to debug the libraries that the package links against,
you will face the same problems described above for each library.
So yeah, not a trivial/pleasant task after all.
** The solution...
Debuginfod can index source code as well as debug symbols. It is
smart enough to keep a relationship between the source package and the
corresponding binary's Build-ID, which is what GDB will use when
making a request for a specific source file. This means that, just
like what happens for debug symbol files, the user does not need to
keep track of the source package version.
While indexing source code, debuginfod will also maintain a record of
the relative pathname of each source file. No more fiddling with
paths inside the debugger to get things working properly.
Last, but not least, if there's a need for a library source file and
if it's indexed by debuginfod, then it will get downloaded
automatically as well.
** ... but not a perfect one
In order to make debuginfod happy when indexing source files, I had to
patch =dpkg= and make it always use =-fdebug-prefix-map= when
compiling stuff. This GCC option is used to remap pathnames inside
the DWARF, which is needed because in Debian/Ubuntu we build our
packages inside chroots and the build directories end up containing a
bunch of random cruft (like =/build/ayusd-ASDSEA/something/here=). So
we need to make sure the path prefix (the =/build/ayusd-ASDSEA= part)
is uniform across all packages, and that's where =-fdebug-prefix-map=
helps.
This means that the package *must* honour =dpkg-buildflags= during its
build process, otherwise the magic flag won't be passed and your DWARF
will end up with bogus paths. This should not be a big problem,
because most of our packages do honour =dpkg-buildflags=, and those
who don't should be fixed anyway.
** ... especially if you're using LTO
Ubuntu enables [[https://gcc.gnu.org/onlinedocs/gccint/LTO-Overview.html][LTO]] by default, and unfortunately we are affected by an
[[https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109805][annoying (and complex) bug]] that results in those bogus pathnames not
being properly remapped. The bug doesn't affect all packages, but if
you see GDB having trouble finding a source file whose full path
starts without =/usr/src/...=, that is a good indication that you're
being affected by this bug. Hopefully we should see some progress in
the following weeks.
** Your feedback is important to us
If you have any comments, or if you found something strange that looks
like a bug in the service, please reach out. You can either send an
email to my [[https://lists.sr.ht/~sergiodj/public-inbox][public inbox]] (see below) or file a bug against the
[[https://bugs.launchpad.net/ubuntu-debuginfod][ubuntu-debuginfod project on Launchpad]].
* DONE Novo blog, novos links :pt___br:portugues:
CLOSED: [2023-04-20 Thu 21:38]
:PROPERTIES:
:EXPORT_FILE_NAME: novo-blog-novos-links
:END:
Eu sei que não posto aqui há algum tempo, mas gostaria de avisar os
meus leitores (hã!?) de que eu troquei a engine do blog pro [[https://gohugo.io][Hugo]].
Além disso, vocês vão notar que as URLs dos posts mudaram também
(elas não têm mais data, agora são só compostas pelo nome do post; mas
veja abaixo), e que também houve uma mudança na tag =pt_br=:
futuramente eu pretendo parar de postar coisas nela, e vou postar
somente usando a tag [[/tags/portugues][=portugues=]]. Se você acompanha o RSS/ATOM da tag
=pt_br=, por favor atualize o link.
As URLs antigas ainda vão funcionar porque elas estão sendo
redirecionadas pro lugar correto (cortesia do =mod_rewrite=). De
qualquer modo, se você salvou alguma URL de um post antigo, sugiro que
a atualize.
No mais, tudo deve funcionar "como de costume" (TM). Estou postando
direto do Emacs (usando [[https://gohugo.io][ox-hugo]]), e criei um setup bacana no [[https://sr.ht][Sourcehut]]
pra automaticamente publicar os posts assim que eu der o push deles
pro git. Hm, isso na verdade seria um bom tópico pra um post...
* DONE New blog, new links :en___us:english:
CLOSED: [2023-04-20 Thu 21:26]
:PROPERTIES:
:EXPORT_FILE_NAME: new-blog-new-links
:END:
I know I haven't posted in a while, but I'd like to let my readers
(who!?) know that I've switched my blog's engine to [[https://gohugo.io][Hugo]]. Along with
that change, there are also changes to post URLs (no more dates, only
the post name; but see below) and also a change to the =en_us= tag:
eventually, I will stop posting things under it and start posting
solely under [[/tags/english][=english=]]. If you're subscribed to the =en_us= RSS/ATOM
feed, please update it accordingly.
The old URLs should still work because they're being redirected to the
correct path now (thanks, =mod_rewrite=). Either way, if you have
bookmarked some old post URL I'd suggest that you update it.
Other than that, everything should be "the same" (TM). I'm posting
from Emacs (using [[https://ox-hugo.scripter.co][ox-hugo]]), and made quite a cool setup with [[https://sr.ht][Sourcehut]]
in order to automatically publish posts when I push them to the git
repo. Hm, his would actually be a good topic for a post...