rBuild 0.12 is an alpha release.

• The "rbuilder" program has been added as a backward-compatible user interface for the rbuilder command line previously included within the rBuilder product. Portions of the "rbuilder" program interfaces may be removed over time as the "rbuild" program gains capabilities. For that reason, rPath recommends using the "rbuild" program where there is overlap between the "rbuilder" and "rbuild" programs, such as building images. (RBLD-119)

Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a few tests. Your milage may vary — and if it does, please do tell us about it.

rBuild 0.11 is an alpha release.

• There is a new rbuild publish command. The publish command now (by default) publishes and mirrors (if mirroring is enabled) a product release in rBuilder. By default, releases are now created at the end of image builds. Optional --release-name, --release-version, and --release-description arguments can be used to describe the release created as part of building images. Requires rMake 1.0.25 or later. (RBLD-42)
• The "rbuild build packages" and "rbuild images" commands now take a --message (or -m) argument. (RBLD-120)

• Various small changes for consistency, primarily documentation and removing unused imports and variables, as discovered by pylint.

• The conaryfacade.refresh method now takes an optional targetDir parameter. For this reason, refresh now will require Conary 2.0.32 or later. (RBLD-139)
• The base exception class now makes subclassing rBuild exceptions with meaningful parameters simpler. (RBLD-38)
• The exceptions BaseError and InternalError have been renamed to RbuildBaseError and RbuildInternalError, respectively. (RBLD-38)
• The handle.ui object now has a getYn method. (RBLD-30)
• rbuild.constants.VERSION_TUPLE is now available as a tuple of integers in the rBuild version (not including any changeset IDs appended to the rBuild version string).

• rBuilder facade errors are now output with more context and have their own exception class RbuilderError. (RBLD-38)
• When multiple searchPath elements are present in the product definition, rBuild now looks for packages in the latest versions of each group listed in the searchPath, rather than only in the most recently committed group on the searchPath. (RBLD-146)

This release requires Conary 2.0.32 and rMake 1.0.25. Remember to restart rMake after the update.

Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a few tests. Your milage may vary — and if it does, please do tell us about it.

rMake 1.0.25 is a maintenance release.

• The rMake server can now authenticate clients using X509 client certificates with a specially crafted altSubjectName extension, in addition to a CA certificate. (RMK-928)

• rMake now is distributed with the client code necessary to communicate to a multinode rmake installation. (RMK-944)

• rMake now supports building for s390 on s390x (António Meireles). (RMK-945)

• A chroot is now created for all builds, even with strictMode set to False. Previously, the fake chroot used in this scenario caused group cooks to fail with Conary 2.0.29 and later. (RMK-931)
• rMake now correctly saves the trove settings in the database during the building event of a build. (RMK-933)

Conary 2.0.32 is a maintenance release.

• flavorPreferences now handle s390{,x}. (CNY-3056)

• Extended traceback representations display longer strings. (CNY-3053)

• Extended logic in deps.getShortFlavorDescriptors to handle cases where prefers vs requires needs to be distinguished. (CNY-3054)
• checkin.refresh is now a developerApi and takes a new dirName parameter. (RBLD-139)

• Git no longer defaults to the master branch, so we now specify the branch when pulling. (CNY-3012)

rBuild 0.9 had a new feature to make group builds consistent with the version of the platform specified in the product definition. Unfortunately, the way that feature was implemented created a new bug that causes the wrong flavors of packages to be included.

rBuild 0.10 fixes this issue, as well as two others: the rbuild update command in a package checkout now works correctly, and it will now update groups as well as packages when run from a stage or product checkout.

Please update using conary update rbuild

Note that any groups built with rBuild 0.9 should be immediately rebuilt, unless you build only a single flavor of your groups. If in doubt, rebuild.

Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a few tests. Your milage may vary — and if it does, please do tell us about it.

The scheduled maintenance of rBuilder Online is now complete. There are three major changes, as well as various bug fixes and improvements.

Product Definition Multi-Platform Support

The "Create/edit a product version" feature in rBuilder Online has been updated to better support multiple platforms. This has required significant changes in how the data that defines the product versions is stored — and even exactly what data is stored.

• You need to update your existing product definition data — go to the "Edit product version" page of your product and click on the "Update" button.
• If you use rBuild (currently in alpha release only), you will need to update to a newer version that understands the new data format.
• If you have edited a product-definition:source component manually, and have changed the flavor of a build, you will need to re-do your changes; the conversion process does not preserve those changes. (This would be very unusual; we do not believe that it actually applies to anyone.)

With this change, the interface for choosing images to build has been slightly modified. It should present only image types that are expected to work for the platform you have selected as the basis for your product, and the way it presents them is slightly different.

However, what's a new feature without a new bug? Build types that are not supported for a platform should not be presented at all in the user interface; unfortunately, due to a bug they are presented as options, but with an empty architecture/flavor selection listbox. If you try to save a set of images that includes an empty flavor selection, you will see an error. This bug will be corrected in an upcoming update to rBuilder Online. (An example of an unsupported build type is installation ISO or appliance ISO for the Ubuntu Hardy Delivered by rPath platform.)

It should no longer be necessary to specify where to get anaconda for Installable ISO or Appliance ISO images. This only applies to platforms that support the anaconda installer, of course; platforms that do not support the anaconda installer no longer offer these image types.

The default values for the options for building images are now platform-specific. Some of the defaults are different from what rBuilder Online has defaulted to (for all platforms) in the past. Check things like memory size, swap size, and free space if you previously depended on the default values for those settings being exactly what you wanted.

Please let us know if these interface changes are confusing.

One Domain

rBuilder Online is now in one place: http://www.rpath.org/. Previously, it was also directly available at http://www.rpath.com/rbuilder/ but this occasionally caused authentication problems synchronizing authentication (stored in cookies) across the two domains. In rare circumstances, users would find that they seemed to be both logged in and not logged in to rBuilder Online. This was due to a synchronization failure between the two domains. (If you were ever asked to clear cookies for www.rpath.org and www.rpath.com and then log into rBuilder Online again, you were affected by this problem.) Now that rBuilder Online stores authentication cookies for one domain instead of two, it is storing 50% fewer cookies.

Generally, this change will be transparent — redirects are in place. The main differences will be that you will see http://www.rpath.org/ rather than http://www.rpath.com/rbuilder/ in the location bar in your web browser, and that you will not be one of that small group of users affected by the loss of authentication synchronization.

rBuild users will be more directly affected: You will need to change your rBuild serverUrl to https://www.rpath.org (Note: no trailing / character) by running rbuild config --ask or editing your ~/.rbuildrc file.

Wide Page Fixes

The rBuilder Online interface now expands to fill browser windows, rather than being fixed-width. We have fixed some unexpected visual consequences (bugs!) as a result, but we suspect that we aren't yet done with this job. Please report them so that we can fix them, thanks!

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rBuild 0.9 has a lot of changes. I have been waiting to release it until rBuilder Online was updated to use the new schema for product-definition that makes it possible to display the right image type for each supported platform — they do not all support the same image targets. That has finally happened, so it is time to update your rBuild and friends to support the new schema.

Several of the included changes are fixes for corner cases that do not affect many users, but a few of them you will notice. In particular, status reporting: the output of the rbuild status command is more complete and usable, and the rbuild build commands warn you if your local copy of your product definition is not up-to-date, because an out-of-date product definition could cause you to build the wrong thing or set of things, whether that's packages, groups, or images. It is your choice whether to update — rBuild will ask you whether you want to continue.

In addition, particularly useful for testing is the ability to build individual images: rbuild build images 'Image 1' will build only the image named Image 1 (literally — this is the image name you put in the Web form where you defined the image).

rBuild 0.9 now works with released Conary and rMake. You do not need Conary or rMake snapshots from mkj.rpath.org to use rBuild.

Update to or install the latest versions of the stack with:

conary update {decorator,rpath-{common,xmllib,product-definition},rbuild}=mkj.rpath.org@rpl:2


If you have already been using rBuild, you will need to change your rBuild serverUrl to https://www.rpath.org (Note: no trailing / character) by running the rbuild config --ask command or editing your ~/.rbuildrc file. This is to adjust to changes to rBuilder Online.

Then, in each product you build with rBuild, either run the rbuild rebase command in your product; or in the Web UI, "edit product version" and then "update" your Appliance Platform.

So far, there is one known issue (which will be resolved shortly): if you are using rBuild to build groups that include rAPA, the 64-bit versions of your groups will include the 32-bit versions of rAPA. (The very short-term workaround is to remove the line referencing group-rapa from your product-definition.xml file, but this will be needed only until tomorrow.)

Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a few tests. Your milage may vary — and if it does, please do tell us about it.

Conary 2.0.31 is a bug fix release.

• addMetadataItems() automatically creates digests.
• MetadataItem.freeze() no longer creates metadata digests.
• Metadata now has a version 1 digest computed only if it includes extended metadata.

• Hide extended metadata from old clients. (CNY-3050)
• addMetadataItems() now rejects metadata items which don't have digests.

rBuilder Online will undergo scheduled maintenance starting Wednesday December 3rd at 21:00 EST (-0500) and ending at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

Conary 2.0.30 is a maintenance release.

• Refactored the code used for cvc diff and cvc rdiff to provide an internal iterator interface that does not directly print output, for rBuild. (CNY-3043)

• On multiarch systems, a repository query for all versions of a trove could prefer an x86 troves over a multiarch trove, if the x86 flavor scored higher against the system flavor (CNY-3041)
• Conary would unpack 64 bit integers incorrectly on platforms where long was 64 bits instead of 32 (CNY-3042)
• Conary unpacked 16 bit values by treating them as 32 bit values, which broke on big endian machines (CNY-3042)
• Disallow empty trove names and component names.
• Metadata now allows new types to be added, and key/value metadata is a new type. Without this troves with key/data metadata attached were unuseable by older versions of conary (CNY-3040).
• Added a new signature type which includes new metadata types.
• Made Trove.verifyDigests() verify signatures of metadata.
• A bug that caused python dependencies to not be discovered when using alternate versions of python has been fixed (CNY-3029).

The scheduled maintenance of rBuilder Online is now complete. The main changes are to the rPath Management Console. What's that?

The rPath Management Console

What we used to call rBuilder Catalog for EC2™ has expanded far beyond the role of a simple catalog, so we renamed it the rPath Management Console. Don't worry, it still supports Amazon EC2! But in the next new major version of rBuilder Appliance, it will support several other targets, both clouds and virtual infrastructure services.

In this release, we have updated it with a number of bug fixes. Most noticeably, the page now resizes to the maximum width of your browser, which makes it more readable and usable. We've also changed the RUNNING grouping to now say INSTANCES, to clarify the nature of the resources you see under this group. (For virtual infrastructure targets in particular, it is certainly common to have instances that are currently stopped, but could be restarted; these stopped instances make sense to list under INSTANCES but make not sense under RUNNING.)

Under the hood, many operations are now faster.

CentOS Platform

Several bugs have been fixed in the CentOS platform that was recently added to rBuilder Online. One is still outstanding; to build CD/DVD ISO images for system installation (Appliance ISO or Installable ISO) you will need to edit advanced options when creating the image, and specify a custom anaconda template: centos.rpath.com@rpath:centos-5 This bug is expected to be resolved in the next rBuilder Online update.

Horizontal Layout Improvements

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

The maintenance originally scheduled for Wednesday, November 19th has been postponed to start Thursday, November 20th at 21:00 EST (-0500) and will end at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Wednesday November 19th at 21:00 EST (-0500) and ending at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

As a courtesy to rPath Linux 1 users, rPath would like to remind you that rPath Linux 1 general maintenance has come to an end. rPath Linux 2 was released on May 15, 2008. The six months of overlapping general maintenance is complete, so general maintenance for rPath Linux 1 ceased on November 15, 2008.

rPath continues to maintain rPath Appliance Platform Linux Service 1 (rLS 1) for rPath customers. This includes proactive security updates as well as software maintenance in response to issues raised by rPath's customers. The updates will be available for rLS 1 and for the elements of rPath Linux 1 that are required for rPath's customers to develop software for rLS 1.

rPath strongly encourages users to adopt rPath Linux 2 and the rPath Appliance Platform Linux Service 2 (rLS 2). In addition to being an overall technology refresh with new versions of included packages, rPath Linux 2 is specifically designed to be a platform on which to deploy your applications. Here are just a few of the enhancements you will find in rPath Linux 2:

• Smaller footprint: The recommended base software set in rPath Linux 2 is approximately half the size of that in rPath Linux 1, and the kernel is approximately a third smaller.
• Brandable Boot Splash: rPath Linux 2 implements a graphical boot process which is easy to customize. It does not require that your appliance include the X Window System, and thus uses very little disk space.
• Additional security mechanisms: Several additional runtime security measures have been added to most packages ("stack protector" and "FORTIFY_SOURCE") and are enabled by default.
• More robust system boot: The syslinux boot loader is now the default. This well-maintained boot loader is highly extensible, easily branded and can be automatically updated safely and reliably.
• Appliance Installer: This new option installs your appliance software on systems in only a few minutes, requiring less memory and completing more quickly than the earlier package-based installation mechanism.

These enhancements and others are now available in rPath Linux 2 and rLS 2. Take advantage of these new features now by building your appliances on top of the rPath Linux 2 or rLS2 platform.

Please contact your rPath representative with any questions you may have about this announcement. rPath is proud to bring you rPath Linux 2 and will gladly provide advice and assistance for your upgrade.

The components of rLS 1 and rLS 2 are listed at rPath Appliance Platform/Linux Service: Components

rMake 1.0.24 is a maintenance release.

• Recipes are now loaded in the worker as a command instead of in-line in the builder. (RMK-923)
• rMake can now optionally cache chroots for quicker builds when the same chroot environment is required. (RMK-202)

• The defaultBuildReqs setting has been cleared except for the rmake and rmake-chroot user troves to enable building against non-rPath Linux Platforms. (RMK-908)
• When updating the checkout after a trove built from that checkout has been committed, rMake no longer produces output stating that the checkout is already up to date when multiple flavors have been built. (CNY-3035)

• The imageList argument to rmakeClient.createImageJob() have been extended from the 3-tuple (troveSpec, imageType, imageOptions) to the 4-tuple (troveSpec, imageType, imageOptions, buildName) which can later be extended with additional information if necessary. (RMK-907)

• The rmake.1 man page no longer gives wrong instructions for accessing archived chroots.
• Image builds utilizing rBuilder Online now use the proper URI for XMLRPC operations. (RMK-897)
• Groups are no longer marked as pre-built. (RMK-903)
• rMake will now properly handle cooking recipes not in the current working directory. (RMK-906)
• rMake will now correctly build multiple images in rBuilder that share a common name, version, flavor. (RMK-907)
• rMake will now correctly use the build name instead of the product name when building images in rBuilder. (RMK-927)

Conary 2.0.29 is a maintenance release.

• cvc diff now optionally takes a set of files to diff. Note that providing a revision now requires the --revision argument, to differentiate revisions from files. (CNY-2384)
• Added --build-log and --show-file parameters to conary rq. (CNY-2584)
• Group, Fileset, and Redirect recipes now check and record build requirements. (CNY-3016)

• Support for obtaining changeset fingerprints has been added to the network repository client.
• Transient files whose contents have changed will be restored if the file had been previously removed from the local system (CNY-2987)
• generateStatus() call didn't handle a root parameter properly. This didn't cause cvc problems, but didn't work properly within rbuild (CNY-3026).

• Code using a shim client can now more securely "imitate" a user by passing in a ValidPasswordToken object in lieu of the actual password. (CNY-2968)
• Writing files into the content store now decompresses and validates the sha1 once instead of once per content store. Additionally, file creation and the sha1 computation are now done in C instead of python.
• Significantly reduced the number of SQL queries used to commit groups to repositories for a noticeable improvement in commit performance.
• Temporary tables for commits of collection and files are merged into the final tables at the end of the changeset commit instead of incrementally following each trove.
• The original client IP is now used for logging and authentication when a request is received from a HTTP proxy. (CNY-3006)

• ABI dependencies are no longer checked on erase. (CNY-2991)
• createSourceTrove now honors filestreams marked as config. (CNY-3011)
• Subscribing to log messages now works with a system time that requires more than 10 characters to represent the seconds (after Saturday November 20 2286 17:46:39 UTC). (CNY-3019)
• Committing now works through restrictive proxies. (CNY-3032)
• A bug that manifested itself as a TroveNotFound when accessing multiple repositories through the same url has been fixed. (CNY-3027)
• A bug that caused conary to segfault while creating changesets under python 2.6 has been fixed. (CNY-3033)
• An API method nologUpdateSrc has been added, which raises exceptions instead of returning None to indicate failure as the old updateSrc method did. (CNY-3035)

The scheduled maintenance of rBuilder Online is now complete.

Launching Multiple Images in rBuilder Catalog for EC2™

The rBuilder Catalog for EC2™ now supports launching multiple images with a single click of the "Launch" button.

To launch multiple images simultaneously, select multiple images in the catalog and then click "Launch". Each image's launch settings may be individually customized or loaded from a saved launch context prior to launching.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Wednesday November 5th at 21:00 EDT (-0400) and ending at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

As a courtesy to rPath Linux 1 users, rPath would like to remind you that rPath Linux 1 general maintenance is nearing an end. rPath Linux 2 was released on May 15, 2008. The six months of overlapping general maintenance are drawing to an end, so general maintenance for rPath Linux 1 will cease on November 15, 2008.

After November 15, rPath Appliance Platform Linux Service 1 (rLS 1) will continue to be maintained for rPath customers. This will include proactive security updates as well as software maintenance in response to issues raised by rPath's customers. The updates will be available for rLS 1 and for the elements of rPath Linux 1 that are required for rPath's customers to develop software for rLS 1.

rPath strongly encourages users to adopt rPath Linux 2 and the rPath Appliance Platform Linux Service 2 (rLS 2). In addition to being an overall technology refresh with new versions of included packages, rPath Linux 2 is specifically designed to be a platform on which to deploy your applications. Here are just a few of the enhancements you will find in rPath Linux 2:

• Smaller footprint: The recommended base software set in rPath Linux 2 is approximately half the size of that in rPath Linux 1, and the kernel is approximately a third smaller.
• Brandable Boot Splash: rPath Linux 2 implements a graphical boot process which is easy to customize. It does not require that your appliance include the X Window System, and thus uses very little disk space.
• Additional security mechanisms: Several additional runtime security measures have been added to most packages ("stack protector" and "FORTIFY_SOURCE") and are enabled by default.
• More robust system boot: The syslinux boot loader is now the default. This well-maintained boot loader is highly extensible, easily branded and can be automatically updated safely and reliably.
• Appliance Installer: This new option installs your appliance software on systems in only a few minutes, requiring less memory and completing more quickly than the earlier package-based installation mechanism.

These enhancements and others are now available in rPath Linux 2 and rLS 2. Take advantage of these new features now by building your appliances on top of the rPath Linux 2 or rLS2 platform.

Please contact your rPath representative with any questions you may have about this announcement. rPath is proud to bring you rPath Linux 2 and will gladly provide advice and assistance for your upgrade.

The components of rLS 1 and rLS 2 are listed at rPath Appliance Platform/Linux Service: Components

The scheduled maintenance of rBuilder Online is now complete.

Saved Contexts in rBuilder Catalog for EC2™

Saved contexts is a new feature in the rBuilder Catalog for EC2™ that lets you save a set of launch settings for use later. For example, you may often find yourself lauching medium-sized instances using a particular keypair and security group. All you have to do is launch an image, and after having adjusted the setings, save the settings as a context. You can then launch subsequent images using that previously-saved context.

Bug Fixes

A number of bug fixes have been made in this update to improve the reliability of the image build subsystem (RBL-3599). Also, a browser compatibility bug in the Package Creator that affected Internet Explorer 6 and Internet Explorer 7 has been fixed (RBL-3664).

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Wednesday October 29th at 21:00 EDT (-0400) and ending at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The first two lines of this came to me in a dream last night.

A short tool, Mr. Ibid, the boor
Simply quotes others' work from before
He knows only deference
To the previous reference
A dittohead who can't seem to score

My favorite part of The Atlantic is generally the Word Fugitives section of Barbara Wallraff's In a Word. There are always several well-considered, generally balanced, and certainly thought-provoking articles in The Atlantic, but for sheer linguistic fun I have to read the last page first.

The July/August Word Fugitives feature had a request:

And Curtis L. Brown, of Neenah, Wis., writes, “Please help me find an appropriate word for the aversion of many persons (young or old) to revealing their true age.”

I immediately googled “annumadversion” thinking that it was such an obvious coinage that someone else on the internet must have used it, but other than a helpful suggestion that perhaps I meant to “...search for: animadversion,” google was silent.

Hardly daring to hope that I could be the first to think of this coinage, I quickly submitted my answer to The Atlantic's web site. I felt some faint hope for a mention, and was impatient to discover which truly great coinage would cop "top honors" in a later issue.

Today, I picked up the November 2008 issue, and, as usual, I flipped to the back to read my favorite feature. In a Word started with a rehash of the familiar (and I thought discredited) suggestion that the “average college graduate is familiar with about 75,000 words” and ended up quoting Strunk and White: “Avoid fancy words.”

Moving on to Word Fugitives, I discovered that most of the suggestions were funny but snarky: those shy of revealing their age are “egostatistical” “chronic liars” who commit “cosmetic perjury”. Imagine my delight as I read:

But we wanted a word for the tendency—the aversion. Michael K. Johnson, of Apex, N.C., takes top honors for his fancy but refreshingly nonjudgmental coinage annumadversion.

That made my day.

...I married myself a Peanut.

Our wedding photo.

(No kidding! That shot's just west of the corner of Hickory & Van Ness, which is where elopin's took place during the 1998 San Francisco City Hall renovations.)

Well, today was my last day as a member of the rPath team. I will be moving all my blogging activities to http://blog.gafton.net (they weren't that many to begin with, but now with some newfound time on my hands, who knows...). It is unlikely I will be syndicated as part of Planet Conary much longer, so I am looking where to attach my new blog site to...

rBuilder Online's "Create a New Package" feature has been significantly enhanced. Previously, you could upload a binary archive (such as an RPM), but if you needed to modify the package at all, you had to rebuild it yourself on your own Conary-based development system. This is clearly an inconvenient restriction. rPath has now dedicated additional hardware to the task of building these modified packages, and added a web UI for editing package recipes so that you do not have to set up a local Conary development environment when you customize packages. This is a new, experimental feature, and we expect some bugs. Please tell us about them!

One important note: this feature requires that you have defined at least one image in your product. This is because this feature uses the images you have defined to figure out what "flavors" of your package to build — if you only have 32-bit images, it builds only for 32-bit systems; if you have only 64-bit images, it builds only for 64-bit systems; and if you have both 32-bit and 64-bit images, it builds for both 32-bit and 64-bit systems at the same time. Automatically.

This feature works only for products with a product definition — products in which the "Create a New Package" feature was already enabled. In your products, on your Product Home page, if you see the text "No versions available", you will need to create a product version in order to use this feature. To do so, on that Product Home page, under the heading Manage This Product you will see a link for Create a new product version: follow that link to create a new product version for your product. Once you have created that product version, you will be able to use this new feature to build new packages that are customized. Follow either the Create a New Package link or the Maintain packages link from the main product page.

The scheduled maintenance of rBuilder Online is complete.

Yes, It Looks Different

The site looks different. Noticeably different. Most of the controls are the same, except that you are no longer presented with the entire list of products you work on on the right hand side of most pages; it has been replaced by a "Select a product" drop-down menu. If anything has become more confusing to you, please tell us about it. Share your opinions on the rBuilder Online forum for more general discussions. Tell us what you think!

We hope that the new look is more than just another pretty face — in our testing, we have found it easier to understand and use.

Cloud Catalog

The rBuilder Catalog for EC2™ cloud management feature was just the start of rPath's work in making it easier to manage running instances in clouds. rBuilder Online manages images in EC2, because it is the best-known publicly-accessible utility cloud computing service, but we aren't stopping there. The next major version of rBuilder Appliance will support more kinds of clouds — it won't be just rBuilder Catalog for EC2™, but a generic Cloud Catalog that can launch and manage images in multiple clouds.

If you haven't tried it yet, and are interested in trying out cloud computing, it is an easy way to get started. Sign up at Amazon for an AWS account, provide your AWS credentials to rBuilder Online so that it can provision images in EC2 using your AWS account, and browse through images in Cloud Catalog. With a click of a button, you can connect to rAPA on a running image you control, click another button to connect to the main web page of that image, and another button to shut it down.

If you have already tried it in the past few weeks, note that it is now more easily accessible via a link at the upper right side of the web pages, right next to searching for projects or troves. It is also faster and has several UI improvements -- more and better drag-and-drop support, right-click on images brings up a menu of actions for that image (such as launching, fetching info, and managing running instances), and a more responsive interface.

Building Appliances

When building a new appliance (Manage Appliance -> CREATE APPLIANCE) you are no longer required to select any software to add to the appliance. You can start by building an appliance platform that contains only the core supporting software (an "empty appliance") and later return to augment that with the extra software that defines your appliance. This makes it easier to get started with appliances — you have fewer things to learn before you can download an image and see how it works!

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rBuilder Online is currently offline for scheduled maintenance expected to end by 23:00 EDT (-0400).

rBuilder Online is scheduled for maintenance starting Thursday October 9th at 21:00 EDT (-0400) and ending at 23:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed. (The previously-scheduled maintenance window on October 8 was postponed for additional testing.)

Thank you for your interest in rBuilder Online.

Conary 2.0.28 is a maintenance release.

• Groups now support pre-rollback scripts. (CNY-2908)

• Added paranoidCommits option which checks trove data has been stored properly in the SQL database before allowing the commit to complete.

• Fixed handling of troves erased by an update job which satisfy dependencies of packages being installed, so that an error message is given instead of an assertion being raised (CNY-2996).

• The default build requirements for rmake have been added to the BaseRequiresPackage base class to allow rMake to build against non-rPath Linux platforms (CNY-3005).

• New PGP signing keys have been added.

As many of you have noticed, the alpha release of Ubuntu Delivered by rPath is now available as a platform selection on rBuilder Online.

As part of taking Ubuntu Delivered by rPath beyond its current alpha status, we have been making changes to our infrastructure to better support this platform.

Because of the nature of these changes, updates to existing appliances based on Ubuntu Delivered by rPath will fail. Therefore, It will be necessary to recreate the appliance using the latest version of Ubuntu Delivered by rPath, and to then redeploy the appliance.

If you created your appliance using rBuilder Online's web interface:

• Select the appropriate version of your product
• Click "Edit product version"
• Click "Update" next to the Appliance Platform listing
• Select "Ubuntu Hardy Delivered by rPath" from the drop down menu
• Click "Update Appliance Platform"
• Click "Manage Appliance" on the left of the page
• Click "Revise Appliance"
• Click "No archive to package" at the bottom of the page
• Click "Continue" at the bottom of the page
• Click "Update Contents"
• Click "Build Appliance"
• Click "Generate Appliance Images"

If you have created your appliance using rPath's command-line tools:

• Use "cvc checkout" to obtain a copy of the appliance's recipe
• Change any occurrences of "ubuntu.rpath.org" to "ubuntu.rpath.com"
• Commit your changes
• Cook groups and build new images

rPath apologizes for this inconvenience, but these changes were necessary to ensure that this highly-popular platform will be adequately supported by rBuilder Online.

A Christmas gift some years ago of The Dream Hunters introduced me to Neil Gaiman's work. As an amateur of folk tales, I was entranced and delighted by the beauty and craft of The Dream Hunters, and then started reading earlier works in the Sandman series; my introduction to the graphic novel. Neverwhere and Stardust next captured my attention, followed quickly by most of the rest of Gaiman's books.

In my second and third readings of Stardust, I grew conscious of one of the characteristics of Gaiman's works that I find deeply satisfying: What I first saw as "loose threads" were actually precisely woven through the text.

For many authors, it appears to me that internal structural integrity is achieved in a tradeoff against narrative flow; or, more often, that narrative flow is achieved by ruthlessly discarding internal structural integrity. Speaking as an engineer, this is a reasonable tradeoff, since most readers seem not to care about structural integrity. But internal inconsistencies drive me up the wall even when perpetrated by my favorite authors. (I have read — and own and love — dozens of C. S. Lewis's books, but try piecing together the chronology of Narnia!)

Gaiman is in a delightful but rare class of writers who have the means and inclination to combine compelling narrative with extraordinary structural integrity. I consider Dorthy L. Sayers, J. R. R. Tolkien, and Rudyard Kipling well-known exemplars. Each time I re-read most of their published works, I generally notice additional internal consistency, rather than become annoyed by discovering small inconsistencies. This adds delight to re-reading, and helps me slow down while I read, increasing my joy in reading. A virtuous cycle.

Imagine, then, my delight to receive a copy of Gaiman's The Graveyard Book. I paid almost no attention to the title, as usual. I dove in and read the whole book, rudely ignoring everyone around me for hours. As I finished it, I took a deep breath of satisfaction, leaned back in my seat, and said to myself, "Wow. The Jungle Book, set in a graveyard... Oh." I am a little slow on the uptake, I guess.

Like several of Gaiman's other works, you probably won't like it if you are squeamish. There is Death, and Blood, and Violence, and even War. It differs from prime time television news in three ways: it involves magic, it tells of creatures that are literally rather than figuratively inhuman, and it is well worth your time.

Several readers of advanced copies have complained that The Graveyard Book is episodic; almost a collection of short stories. That complaint misses the point in several respects. The first is that Gaiman is a master of the short story; a few words tell a long story. The second is that this story is particularly well-suited to this presentation. It is short enough not to scare away a (say) middle school reader — good! If you want the story to last longer, read slower! True to form, Gaiman's narrative and construction reward careful reading. Finally, this book, in this form, is an homage to another great work worth re-reading, and worth reading out loud.

• Amazon
• Barnes and Noble

Conary 2.0.27 is a maintenance release.

• Metadata information can now be extracted from debian packages. (CNY-2995)

• The "conary rollback" command now handles --info and --interactive flags, which behave similarly to the "conary update" flags. (CNY-820)

• Conary no longer checks for the existence of a db journal on startup, making it possible to perform cvc operations while updating your system. (CNY-2958)
• Files with (only) unsatisfied Java requirements that are filtered out using r.Requires(exceptDeps) no longer have their provides removed. (CNY-3001)
• A bug that caused the frozen list of trove script compatibility information (created if using the "toClass=" keyword argument when adding a trove script) to be recorded in a random order has been fixed. Because sorting the list causes a different Trove signature digest to be generated, this version of Conary introduces version 2 trove signatures. Conary will ignore version 1 trove signatures on old troves that have multiple trove script compatibility entries. (CNY-2997)

• A new type of metadata information, storing key-value pairs, is now available. (CNY-2983)

conary-policy 1.0.22 is a maintenance release.

• A bug causing PHPRequires to fail if buildRequires are not present in the repository has been fixed. (CNP-160)
• PythonEggs now allows directories that end in .egg to be packaged. (CNP-148)
• The NormalizePythonEggs has been added. It automatically unpacks python .egg files that are placed in standard python module locations. The resulting directory is put in place of the .egg file. (CNP-149)
• The SymlinkTargetRequires policy has been added. This policy will supress the DanglingSymlinks policy in favor of adding requires when appropriate. (CNP-130)
• The PHPRequires policy now caches negative results. (CNP-164)
• The PHPRequires policy now looks for binaries named "php5" as well as "php". Previous PHP5 handling looked only for packages named "php5" but still expected to see binaries named "php". (CNP-165)
• The ResetKeyValueMetadata policy has been added. It selectively deletes certain key-value metadata fields. (CNY-2983)

Foresight Linux has gotten a lot more popular recently, in part due to the release of the new Foresight Mobile Edition and Foresight Linux Kid's Edition.

Every silver cloud has a dark lining, it seems. The new attention has caused the system that runs the Foresight repository to run out of resources, and get much, much slower — particularly as Foresight developers are simultaneously doing major rebuilds in preparation for the combined GNOME 2.24 and Foresight 2.0.5 release.

We are now doing emergency maintenance on the Foresight repository system, applying more resources to handle the additional load. Unfortunately, this means that Foresight system updates are not available during some or all of this maintenance. This process will take several hours to complete.

Thanks for your patience!

Update: The Foresight repository is now available for reading, but not for committing. System updates will work. However, the repository will again go offline briefly when the maintenance is completed in order to transition the load.

Another update: The repository is now backed by a more capable database server (more memory, more and faster disk) that seems to be handling the load much better — we were essentially simply running out of memory. We'll be watching performance. And working on the software side too for better scaling.

Conary 2.0.26 is a maintenance release.

• The way that factories are cooked has been changed so that buildRequires are set (for building in rMake) and so that platforms may override the default build requirements. (CNY-2986)

• A bug causing cooks to fail when Perl was not installed on the build system has been fixed. (CNY-2989)
• A bug that prevented Java dependencies from being parsed correctly in some cases, for example when given on a "conary rq --what-provides" command line, has been fixed. Previously a "bad java dependency: flags required" error message was generated. (CNY-2990)

Conary 2.0.25 is a maintenance release.

• "conary emerge" no longer emits unnecessary warnings. (CNY-2835)
• A bug that prevented proper ownership and permissions from being recorded when using r.addArchive(..., perserveOwnership=True) and the archive had a prefix of "./" has been fixed. Additionally, a bug that could cause permissions to be assigned to files with similar paths as those created by addArchive has been fixed. (CNY-2953)
• Promote in 2.0.24 could traceback instead of printing an error message if no troves were present to clone.
• A bug causing addSource to use the wrong file if there was a name collision between a filename in an rpm and the source directory has been fixed. (CNY-2627)
• A bug causing createNewSourceTrove to erroneously change pathIds has been fixed. (CNY-2971)
• When installing with the --root option and a trailing '/' character provided, Conary previously wrote new entries in the ld.so.conf without a leading '/' character. This has been fixed. (CNY-2982)

• Cross-compiling packages that include perl modules can now provide perl: dependencies; the perl @INC path needs to be provided via the r.Requires(bootstrapPerlIncPath=...) keyword argument. (CNY-2943)
• Packaging a version of perl that requires libraries in the destdir to start but does not use RPATH now succeeds. (CNY-2955)
• When the perl @INC path includes elements that are symlinks in the destdir, the symlinks are now resolved for correct perl: provides. (CNY-2949)
• When discovering perl: dependencies using a bootstrap perl, Conary now sets LD_LIBRARY_PATH. (CNY-2959)
• ComponentRequires now handles :cil, :java, :perl, :python, and :ruby components in the same manner it handles :lib. (CNY-2935)
• The r.addArchive() method can now extract file contents from dpkg .deb files when the data is bzip2-compressed. (CNY-2967)
• Promote now uses hasTroves to check to check the completeness of a promote instead of fetching group troves for improved performance.
• Builtin recipes have been broken out so that there's no need to commit conary internals to repository based recipes. BaseRequiresRecipe has been introduced. (CNY-2898)
• Files in /var/log, /var/run, and /var/cache are now automatically marked InitialContents. (CNY-2578)
• Explicit calls to r.Requires are now honored in derived recipes. (CNY-1760)
• The r.addArchive() method can now extract control contents from dpkg .deb archive files. (CNY-2967)

• Shim commitChangeSet() and getFileContents() calls now fall back to network access properly

• Added --lsprof argument to standalone server
• If a user's mirror permission was granted by the second or subsequent role, the anonymous permissions were inappropriately granted to the user (CNY-2964)

• Reimplemented dependency freezing in C
• DependencySet objects now store the frozen depenedency by default and thaw it only when the thawed objects are needed (CNY-2410)
• Intern frozen dependency and frozen StringCollection strings (CNY-2410)
• DependenciesStream and FlavorStream objects now subclass from DependenciesSet instead of having a DependenciesSet object as an attribute. This saves one object per instance. (CNY-2410)

The scheduled maintenance of rBuilder Online is complete.

Introducing Platform Selection

rBuilder Online now allows you to select an appliance platform when creating a new product and/or product version. This selection is currently limited to "rPath Linux 2" for the time being, but stay tuned: more choices are coming very soon.

Some users who created products and product versions in the last few months may see that their appliance is based upon a "custom appliance platform from conary.rpath.com@rpl:2-devel". It is recommended that you update your appliance platform for any product versions that are based on this custom platform by clicking on the Update button in the edit product version page and selecting "rPath Linux 2". Doing so will ensure that you are on a supported path for future platform upgrades.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Thursday September 11th at 21:00 EDT (-0400) and ending at 22:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

I have welcomed the opportunity to do real-world testing of rBuild by working on LochDNS again — this time with a tool that makes the process take less time and attention. I'm pleased to announce LochDNS 2.0.

Again, we're fixing bugs throughout the ecosystem. I even managed to expose a long-standing corner-case bug in Conary that no one had hit for years.

One of the interesting things about LochDNS is that I build lots of images so that people can use it to demonstrate rPath's technology on lots of different platforms. The thought of manually clicking through lots of individual web forms to build about 20 images tended to keep me from spending the time to update LochDNS in the past. My odd case caught one more bug shared between rMake (RMK-907) and rBuild (RBLD-92) that we'll be able to fix shortly.

Having worked all the way through the process once with rBuild, and fixed the relevant bugs in rBuild along the way, I expect that future updates to LochDNS should be easy; mostly a background task.

Update: I have rebuilt rMake for RMK-907 with the critical fix so that all the images will be built. Later, I'll fix rBuild so that it reports which images it is building, instead of a generic Image_1, Image_2, etc. This change to rBuild will require the API change made in rMake for RMK-907 to function, so it won't work with released rMake. In short, update rMake before/if you update rBuild.

Ken VanDine has been using rBuild to build all sorts of projects. He has filed a few bugs, but has also been really enthusiastic about how easy it makes the whole process. Among his projects have been several variants of Foresight Linux. Derived packages are one of Ken's favorite Conary features and are perfect for making lightly-customized variants.

Unfortunately, rBuild didn't deal very well with derived packages. It turned out that this was due to two bugs; one in rBuild proper (RBLD-86) and one in rMake (RMK-906). With those two bugs fixed, Ken is much happier!

I released rBuild 0.5 alpha and built an rmake snapshot. Update to or install the latest versions of the stack with:

conary update {conary,rmake,decorator,rpath-{common,xmllib,product-definition},rbuild}=mkj.rpath.org@rpl:2


Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a few tests. Your milage may vary — and if it does, please do tell us about it.

In the past week of using rBuild for some real tasks, we've discovered several bugs. In particular:

• rBuild being reluctant to rebuild groups (RMK-903)
• rBuild not building images in rBuilder Online (RMK-897)
• rbuild rebase not working in non-standard label case (RPCL-36)
• rbuild rebase failing to update product definition (CNY-2971)

We have fixed all those bugs (in the current source code) without touching rBuild itself — note that all those issue IDs are for other components: rMake, rPath Common Libraries, and Conary.

In addition, we have found other bugs that we haven't yet fixed. For example, rbuild update stage not correctly updating packages (RBLD-89), and cannot publish certain rBuilder images built with rbuild build images (RBL-3386)

I have built some new packages, including conary and rmake snapshots with conary and rmake bug fixes included:

conary update {conary,rmake,decorator,rpath-{common,xmllib,product-definition},rbuild}=mkj.rpath.org@rpl:2


Remember, these are a combination of alpha code and un-validated snapshots. They worked for me in a single minor test. Your milage may vary — and if it does, please do tell us about it.

Conary 2.0.24 is a maintenance release.

• includeConfigFile now interprets paths relative to the file currently being processed, for files and URIs. (CNY-2950)
• includeConfigFile now supports a ~/path syntax to substitute the current user's home directory. (CNY-1650)

• Added support for commitChangeSet and commitChangeSetFile to ShimNetClient (CNY-2545)
• During promote operations use the cloned history for packages for the components of those packages as well. (CNY-1867)
• Promote now uses group weak references to learn about all of the components for a package instead of downloading all of the package troves for the source. (CNY-1867)

• The ccs2tar script now correctly handles changeset files containing directories, symlinks, and other non-regular files. (CNY-2954)

• More of the file installation path was moved into C for improved performance
• Added misc.pack() and use it to freeze TroveRefsFilesStream and StreamCollection objects
• Initial step of promote takes advantage of weak references to avoid downloading so many packages (CNY-1867)
• The shim network client now supports CONARY_CLIENT_LOG environment variable
• Added support for getFileContents call to ShimNetClient (CNY-1669)
• Conary update no longer caches all hostnames immediately on update - instead hostnames are cached as they are accessed. This avoids unnecessary caches when installing from changesets. (CNY-2832)
• Track CLONEDFROMLIST in troveInfo now as well as CLONEDFROM. This keeps track of the full clone history of a trove, with the most recent parent at the end of the list.
• Use CLONEDFROMLIST instead of CLONEDFROM where available to remove the need to follow the cloned from history in time. (CNY-1867)

Early in Conary development, we made a conscious decision to focus on making the normal case easy. Good assumptions simplify. When possible, the tools should do the right thing for the most common case, making it as easy as reasonably possible to specify exceptions to the common case. As we find more patterns of "normal cases", we have been able to automate more and more of those "normal cases".

There is always room for improvement.

We have broadened our perspective. Building individual packages is generally quite easy in Conary. Building an image on rBuilder is not that hard. Doing release management with Conary utilizes two commands. But the whole process, put together, takes too many steps. We have made it so easy to build and maintain custom images (virtual appliances, software appliances, and software stacks for hardware appliances) that it no longer requires relatively esoteric skills—which, oddly enough, makes it clear that the process is still too complex.

Reducing most of the work to a series of commands was really impressive, and yet it's not enough—there are too many commands to run, with different command line arguments; fundamentally, our instructions for how to create a product with rPath's tools have too much verbatim boilerplate. Our highest-level tools expose too many options for different ways of doing things. Don't get me wrong, we don't want to remove the options. We just don't want to force every user to think about each of the options. As James Thurber so aptly put it, "Sixty minutes of thinking of any kind is bound to lead to confusion and unhappiness."

Introducing rBuild

rBuild will provide a single command line program for developing on the rPath platform. After you define a product in rBuilder, you will have one command-line program for packaging, release management, and building images. For normal use, you will not need to run the cvc or rmake at all. To make this possible, rBuild depends on the new product concept in rBuilder—you need to create a product in rBuilder, then you check out the product in rBuild to work on it. The product that you create in rBuilder gives rBuild the information it needs to automate all these processes.

rBuild is alpha-quality software. It has bugs. As alpha-quality software, rBuild is not yet ready to be your first experience with rPath's software products. This is especially true because many cases of unexpected input result in a traceback rather than a nice error message. Experienced Conary packagers and appliance developers can help us turn rBuild into a truly usable software development tool, but there absolutely will be frustrating bumps along the way. Many thanks in advance for your patience! But more than patience, we want to hear your story about using rBuild. Talk to us on the #conary channel, or file bug reports in our issue tracking system.

After rBuild 1.0 is released, the official rPath Application to Appliance guide will be updated to use rBuild instead of cvc and rmake commands.

More warnings: We expect to continue to update the schema for product definitions, and so when we update rBuilder Online you might sometimes need to update rBuild to match. It is likely that newer versions of rBuild will depend on new features in the most recent version of rMake and Conary when they are released. We might come out with multiple versions of rBuild in one day. Expect incompatible interface changes until rBuild 1.0 is released.

Enough Already! Let's Go!

For the moment, I build alpha releases of rBuild in my own rBuilder Online repository. To install rBuild, make sure that you have the most recent versions of Conary and rMake installed, then, run this command:
$ conary update {decorator,rpath-{common,xmllib,product-definition},rbuild}=mkj.rpath.org@rpl:2

Now you are ready to try things out. First, rBuild needs to interview you to find out what you want to do:
$ rbuild config
...
URL to use to contact rBuilder (start with http:// or https://): https://www.rpath.org/rbuilder/
rBuilder contacted ok.
Your rbuilder user name: YOUR_RBUILDER_ONLINE_USER_NAME_HERE
Your rbuilder password: YOUR_RBUILDER_ONLINE_PASSWORD_HERE
Name to display when committing: Your Name Here
Contact - usually email or url: http://your.url/here
rBuild configuration complete. To rerun this configuration test run rbuild config --ask, or simply edit ~/.rbuildrc.
 
You should now begin working with a product by running 'rbuild init <short name> <version>'
...


Unfortunately, the suggested rbuild init <short name> <version> does not work right now with rBuilder Online, so you will have to use the alternative form of just specifying the label you are building on. (Remember what I said about bugs?)

Here follows an example. Try this process with a product that you have defined in rBuilder Online:


$ rbuild init rbuild.rpath.org@rpl:rbuild-1
Created checkout for rbuild.rpath.org@rpl:rbuild-1 at rbuild-1
$ cd rbuild-1
$ ls -l
total 12
drwxrwxr-x 2 johnsonm johnsonm 4096 2008-08-29 15:21 Development
drwxrwxr-x 2 johnsonm johnsonm 4096 2008-08-29 15:21 QA
drwxrwxr-x 2 johnsonm johnsonm 4096 2008-08-29 15:21 Release


Conveniently, "Development", "QA", and "Release" sort the same way in alphabetical and chronological order. These are the stages that are defined automatically for products created in rBuilder. The general idea is that you build packages in the Development stage, and build groups that work. Then you promote your work to the next stage, where you do QA on the entire group of packages together. When you are satisfied, you promote the things you have made sure are high enough quality to Release.


$ cd Development
$ ls -l
total 0
$ rbuild checkout rbuild
Checked out existing package 'rbuild'
$ cd rbuild
$ ls -l
total 8
-rw-rw-r-- 1 johnsonm johnsonm 426 2008-08-29 15:28 CONARY
-rw-rw-r-- 1 johnsonm johnsonm 559 2008-08-18 06:25 rbuild.recipe
$ rbuild build packages
...
Added Job 12
  decorator:source=rbuild.rpath.org@rpl:rbuild-1-devel/2.2.0-3
  info-user:source=rbuild.rpath.org@rpl:rbuild-1-devel/1-1
  rbuild:source=malcolm.rdu.rpath.com@local:rbuild-1-devel/0.2-5
  rpath-common:source=rbuild.rpath.org@rpl:rbuild-1-devel/0.1-4
  rpath-product-definition:source=rbuild.rpath.org@rpl:rbuild-1-devel/0.1-6
  rpath-xmllib:source=rbuild.rpath.org@rpl:rbuild-1-devel/0.1-5
...


If you are following along with the product on rbuild.rpath.org instead of with your own product, this will require that you are building on a 64-bit system, because the rbuild.rpath.org product has images defined for both 32-bit and 64-bit systems. Because these different flavors of images are defined, rBuild automatically fires off builds for all the different flavors. 64-bit builds will fail on a 32-bit system.

Things to note:

• You do not need to have any ~/.conaryrc or .rmakerc configuration to use rBuild.
• You do not need to specify the packages that you need to build; rBuild uses your group and your checked-out packages to determine what to build.
• You do not need to specify which flavors to build; rBuild determines which flavors to build by looking at the list of images you want to build.

Help!

rBuild documentation is presented as inline help. That help is still incomplete. We need to know where to put more useful information. Please file issue reports in our issue tracking system telling us where the help was insufficient, or suggesting improvements to the help text.

Just to help you get started, here's how you use the inline help:

$ build help
rbuild: Conary-based Product Development Tool
 
Common Commands
  build     Build the various components of a product
  checkout  Check out packages and groups for editing
  config    Print the rbuild configuration
  init      Create a directory for for working with a product
  promote   Promote groups and packages to next stage
  rebase    Update product to most recent platform version
  show      Shows details about the result of rbuild operations
  status    Print status summary relative to the current directory
  update    Update working directories from repository
  watch     Watches details about the result of rbuild operations
 
Information Display
  help      Display help information
 
$ rbuild help build
usage: rbuild build <subcommand> [options]
 
    Build commands for building the various components of a product.
 
Subcommands:
     groups    Build groups for this stage
     images    Build images for this stage
     packages  Build edited packages for this stage
     platform  Create a platform usable by others from this product
 
(Use 'rbuild help build <subcommand>' for help on a subcommand)
 
options:
 
  Command Options:
    --no-commit
    --no-watch


If this sounds interesting, please join us on the #conary channel and discuss it! Thanks!

rBuilder Online's unscheduled maintenance is now complete. The problems related to newly-created product versions should now be fixed. Please report any problems at http://issues.rpath.com.

Thank you for your interest in rBuilder Online.

We are having some issues with some code that was deployed yesterday evening. Estimated downtime is unknown. We'll update this blog post as we find out more.

The following changes have been made to rBuilder Catalog for EC2™:

Note: Please press the shift key and click your browser's reload button to ensure the latest version of the rBuilder Catalog for EC2™ is being used.

• Catalog load times have decreased by as much 50% in some cases.
• Improvements have been made to the way user selections are handled.
• A number of improvements and bugfixes have been made to playlists.

The complete list of changes in this update can be found at the rBuilder Online wiki page under the section Recent Changes to rBuilder Online.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

UPDATE: the maintenance window has been moved to 5PM-6PM EDT.

rBuilder Online will undergo scheduled maintenance starting Wednesday, August 27th at 17:00 EDT (-0400) and ending at 18:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The latest version of Appliance Creator has been enhanced to support the addition of already-existing packages to the appliance. Previously, it was only possible to add a package to the appliance by uploading a binary archive and creating a new package from that archive.

Additionally, the workflow has been modified to accommodate this change to the package selection process.

Note: In some circumstances, the new package selection page can cause Internet Explorer 6 and 7 to hang. rPath is actively working to resolve this issue.

An updated version of the rBuilder Catalog for EC2™ is also available. This version includes support for "is not" and "contains" filters for user-defined playlists.

Note: Please press the shift key and click your browser's reload button to ensure the latest version of the rBuilder Catalog for EC2™ is being used.

The complete list of changes in this update can be found at the rBuilder Online wiki page under the section Recent Changes to rBuilder Online.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

Conary 2.0.23 is a maintenance release.

• A new commitaction module that logs to a database the results of all commits in to a repository has been added as logaction.py (CNY-2814, CNY-2849)
• Some trove sources now deal better with being passed a trove name of None when using findTroves. (CNY-2923)
• Added --replace-files, --replace-modified-files, replace-config-files, --replace-managed-files to updateall. (CNY-2512)

• Promote now uses the source trove for packages to determine the source trove for components instead of downloading the components themselves. (CNY-1867)
• Promote no longer uses getTroves() to look up clone history; it uses getTroveInfo() instead. This provides a significant performance improvement as well as a significant RAM savings. (CNY-1867)
• Checking for recloning (due to changes in referenced trove sets) now skips components, improving promote performance. (CNY-1867)
• The file contents of dpkg .deb files can now be extracted by r.addArchive() (CNY-2926)
• Conary now provides python: dependencies during incompatible cross-builds. (CNY-2914)
• The Transient policy now follows packaging instead of walking the filesystem, avoiding inconsistencies caused by side effects of other policies. (CNY-2939)
• When bootstrapping a python that is unable to load the pydeps module for python dependency discovery, fall back to the cross-compiling case. (CNY-2940)

• Recipes containing a mirror:// style source can be properly committed to the repository. (CNY-2848)

conary-policy 1.0.21 is a maintenance release.

• A bug causing PHPRequires to fail in rMake has been fixed. (CNP-154)

Conary Policy 1.0.20 is a maintenance release.

• The PHPRequires policy has been added. It identifies PHP files and when possible automatically adds an appropriate requirement based on the most appropriate PHP interpreter found on your system, buildRequires, or installLabelPath. (CNY-145)

rBuilder Online will undergo scheduled maintenance starting Tuesday, August 19th at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

An updated version of the rBuilder Catalog for EC2™ is now available on rBuilder Online.

Note: Please press the shift key and click your browser's reload button to ensure the latest version of the rBuilder Catalog for EC2™ is being used.

Overview

rBuilder Catalog for EC2™ is a tool that simplifies the management of Amazon Machine Images (AMIs) generated by rBuilder Online. Using it, an rBuilder Online user can quickly launch an AMI on Amazon's Elastic Compute Cloud (EC2), access the running AMI's rPath Appliance Platform Agent management interface, and terminate the running AMI when desired.

Refer to http://wiki.rpath.com/wiki/rBuilder_Online:Catalog_EC2 for more information on getting started with rBuilder Catalog for EC2™.

New Features

The rBuilder Catalog for EC2™ will now automatically create a default security group called "catalog-default" if it does not already exist. Access will be granted to ports 80, 443 and 8003 for your IP address, so you can connect to the appliance's rPath Appliance Platform Agent and/or web service.

The shutdown and manage workflows now support the selection of multiple appliances.

When a running appliance is selected, a "Connect" button now appears. Clicking it will start a browser session directed to port 80 on the selected appliance.

User-defined playlists are now supported. To create a playlist, click the "+" button at the bottom of the sidebar. User-defined playlists can be deleted by clicking the "-" button.

The complete list of changes in this update can be found at the rBuilder Online wiki page under the section Recent Changes to rBuilder Online.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

The scheduled maintenance of rBuilder Online has been completed.

What's New: Appliance Creator

rBuilder Online's latest version introduces a preview of Appliance Creator. Appliance Creator can be used to create an appliance based on rPath Linux, using imported packages that are uploaded and built with rBuilder Online's Package Creator feature.

As noted, this is a preview version of Appliance Creator. Future versions will further refine its workflow, and will allow users to select software that had been previously packaged to be included as part of each appliance.

Bug Fixes and Miscellany

In addition to the introduction of Appliance Creator, a number of other changes have been made, including:

• Adding packages to Group Builder now properly works with Firefox 3 (RBL-3066)
• Tar files generated when creating some image types are now compatible with many Windows-based archivers (RBL-3168)
• Versions of special troves used when generating image CDs (e.g. anaconda-custom, anaconda-templates, media-template) are now displayed in the build information page (RBL-2600)
• Updated branding for Microsoft Virtual Server images

The complete list of changes in this update can be found at the rBuilder Online wiki page under the section Recent Changes to rBuilder Online.

Do Your Part

Help us make rBuilder Online better. We welcome your feedback on the rBuilder Online forum. If you find any bugs, please file an issue.

Thank you for your interest in rBuilder Online.

rMake 1.0.23 is a maintenance release.

• A bug introduced in the chroot creation process in rmake 1.0.21 has been fixed. (RMK-890)

rBuilder Online will undergo scheduled maintenance starting Tuesday, August 12th at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

rMake 1.0.22 is a maintenance release.

Bug Fixes:

• A missing schema migration that caused rmake to fail to function after an update to 1.0.21 has been fixed (RMK-889)

Conary 2.0.22 is a maintenance release.

• The loadSuperClass and loadInstalled methods now returns the loaded recipe class so that the loaded class can be referenced anonymously. This makes factories more flexible. (CNY-2900)
• The addPatch source action now takes a "filter" keyword argument that provides a command line that can modify the patch; for example, by calling the filterdiff program. (CNY-2874)
• Builds previously failed in some circumstances when Conary discovered no need only for :runtime components listed in buildRequires. This has been fixed, and error reporting improved for similar classes of bugs in the future. (CNY-2904)

• The new boolean conaryrc option downloadFirst has been added to instruct Conary to download all required changesets from the repository before proceeding to update steps. (CNY-2808)

• Conary 2.0.20 introduced a bug adding dependencies to postgres-based repositories; this has been resolved.
• Starting in 2.0.20, dependency resolution started locking the database unnecessarily. This affected rmake dependency resolution, and is now resolved.
• Mirroring code now correctly detects when access control changes in the source repository require the generation of absolute changesets for mirroring. (CNY-2888)
• A permission check error for users that only have trove access entitlements has been fixed. (CNY-2761)
• A problem with the autoLoadRecipes config option has been fixed. (CNY-2909)
• A permission check problem when trove names are used as trove patterns in ACLs has been fixed. (CNY-2913)

conary-policy 1.0.19 is a maintenance release.

• A bug causing NormalizeInitscriptContents to fail if the target of a symlink didn't exist has been fixed. (CNP-129)
• A bug causing PkgConfigRequires to fail if the destdir is a symlink has been fixed (CNP-131).
• RequireChkconfig has been modified to handle new style init scripts. It now warns instead of errors on failure. (CNP-109)
• NormalizeInfoPages handles file magic better to cover corner cases. (CNP-135)
• Setting a different prefix will no longer cause the Strip policy and several Normalize policies to traceback. (CNP-141)
• The NormalizeLibrarySymlinks policy no longer attemps to run ldconfig from inside the package when cross-compiling. (CNP-140)
• The EnforceStaticLibBuildRequirements policy now falls back to looking at shared libraries for cases where configure depends on a library existing, but only a shared library exists and no packaged file is linked against the shared library. (CNP-132)
• The Strip policy no longer traces back if an ELF file is found but strip or eu-strip is not installed. (CNP-143)
• The TagLocale policy has been added to tag locale files with a special path-derived tag of the form locale(localename). (CNP-138)

rMake 1.0.21 is a maintenance release.

• Added buildImage command. (RMK-885)

• In jobs with primary troves, extra troves that should only be built if they had a dependency on primary troves would be built if they had never been built. This has been fixed - these troves are now marked as "built" with no built troves associated with them. (RMK-875)
• Don't emit a warning when building multiple flavors of the same group. (RMK-886)

My old powered subwoofer seems to have given up the ghost. The speaker is OK. The amplifier unit seems to be toast. I found the Keiga KG-5205 which seems like it would be a good replacement. I suspect it would cost less than the similar (but for me overspeced) Keiga KG-3100 which seems to cost either $136 or $142 depending on where you look on the page. Unfortunately, google can't find the KG-5205 for sale for any price right now. It can't even find the product page since Keiga is silly enough to front their whole web site with a flash front (is anyone else reminded of false fronts on buildings?) without even a fallback to a site map to help the robots out.

Anyone who know who might sell these or has suggestions for a relatively inexpensive alternative, please drop a comment. I'm not looking for audiophile gear.

The scheduled maintenance of rBuilder Online has been completed. For more information, visit:

http://wiki.rpath.com/wiki/rBuilder_Online

The "Recent Changes to rBuilder Online" section of this page contains an overview of what's changed.

If you have any questions or comments regarding rBuilder Online, the rPath Forum now contains a dedicated rBuilder Online board:

rBuilder Online board

Thank you for your interest in rBuilder Online.

UPDATE -- The maintenance window have been rescheduled to start Tuesday, August 5th at 21:00 EDT, and will end at 22:00.

rBuilder Online will undergo scheduled maintenance starting Tuesday, August 5th at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The scheduled maintenance of rBuilder Online has been completed. For more information, visit:

http://wiki.rpath.com/wiki/rBuilder_Online

The "Recent Changes to rBuilder Online" section of this page contains an overview of what's changed.

If you have any questions or comments regarding rBuilder Online, the rPath Forum now contains a dedicated rBuilder Online board:

rBuilder Online board

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Tuesday, July 29th at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The scheduled maintenance of rBuilder Online has been completed.

This maintenance release fixes a few bugs with Private Projects and the rBuilder Catalog for EC2. For more information, visit:

http://wiki.rpath.com/wiki/rBuilder_Online

The "Recent Changes to rBuilder Online" section of this page contains an overview of what's changed.

If you have any questions or comments regarding rBuilder Online, the rPath Forum now contains a dedicated rBuilder Online board:

rBuilder Online board

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Tuesday, July 22nd at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The scheduled maintenance of rBuilder Online has been completed.

A number of changes have been made, including:

• The introduction of the rBuilder Catalog for EC2™, an easy-to-use means of deploying and managing rBuilder-created Amazon Machine Images (AMIs) on the Amazon Elastic Compute Cloud™.
• The ability to create private products. Private products make it possible to use rBuilder Online to package content licensed under terms that were previously not compatible with rBuilder Online's terms of service.

For more information on these new features, visit:

http://wiki.rpath.com/wiki/rBuilder_Online

The "Recent Changes to rBuilder Online" section of this page contains an overview of what's changed.

If you have any questions or comments regarding rBuilder Online, the rPath Forum now contains a dedicated rBuilder Online board:

rBuilder Online board

Thank you for your interest in rBuilder Online.

Update: The maintenance scheduled for Monday July 16th has been rescheduled to Wednesday, July 16th at 16:00 EDT

rBuilder Online will undergo scheduled maintenance starting Monday, July 14th at 16:00 EDT (-0400) and ending at 17:00. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

Conary 2.0.21 is a maintenance release.

• Added support for RPM payloads which have been compressed with lzma. The /usr/bin/unlzma program must be available to use this feature. (CNY-2834)

• Added separate s390x architecture. (CNY-2852)
• An error introduced in 2.0.20 which caused an assertion failure during dependency checking has been fixed (CNY-2883)

The scheduled maintenance of rBuilder Online has been completed.

A number of changes have been made; for more information, visit:

http://wiki.rpath.com/wiki/rBuilder_Online

The "Recent Changes to rBuilder Online" section of this page contains an overview of what's changed.

If you have any questions or comments regarding rBuilder Online, the rPath Forum now contains a dedicated rBuilder Online board:

rBuilder Online board

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo maintenance starting Monday, July 7th at 21:00 EDT (-0400 UTC) and ending at 22:00 EDT. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

Conary 2.0.20 is a maintenance release.

• Dependency checking can now be run without computing the dependency order.
• Added closeDatabase parameter when creating an updateJob to prevent that updateJob from closing the database when it's destroyed. This is a workaround to support CNY-1834.
• Build dependency temporary tables incrementally instead of rebuilding them each time. This results in speedup for group building approaching 50%.

• Updates after a local update of a package that is referenced in multiple groups now function again. (CNY-2882)

I used to use the galeon web browser. I got used to having tabs on the right side of my browser; I can have lots of tabs and read what is in them. This works in part because I devote one workspace entirely to a full-screen browser.

When galeon maintenance ceased, I did not update until I found the vertigo Firefox extension. Then I stayed on Firefox 1.5.0.x until vertigo supported Firefox 2. Now, I have been staying on Firefox 2 because vertigo does not support Firefox 3. This is starting to feel familiar.

Today, I found a mention of Tree Style Tab as supported by Firefox 3. Trying it out, I was pleasantly surprised; the configuration options are better, and I like the tree style where you can see which tabs were opened from other tabs (this can be disabled if you don't like that feature, though).

Now, the only thing that keeps pushing me back to Firefox 2 is the fact that Firefox 3 does not actually bring up a window, even if I specify -safe-mode, unless I completely remove my .mozilla directory. I haven't yet figured out what it is in my .mozilla directory that is confusing Firefox 3 that badly. This makes me sad.

Update: The problem was that this build of Firefox 3 (I don't know about any other builds) has a broken profile manager, and my profiles.ini setting of StartWithLastProfile=0 causes Firefox to start the profile manager and quit. Changing that 0 to a 1 works around the problem for now; I *usually* choose the default profile anyway, and I do know how to edit profiles.ini to change the default profile even without the profile manager working.

Conary 2.0.19 is a maintenance release.

• Removed unnecessary repository accesses that were occuring while determining local system changes during an update. (CNY-2876)
• "import os" within recipes now functions again. (CNY-2879)

Liza and I went to a conference in Las Vegas last week, called TAM: The Amazing Meeting. It's kind of hard to explain but it's hosted by the James Randi Educational Foundation, and it's basically a bunch of people getting together to discuss issues surrounding critical thinking and skepticism. They had some cool special guests including Adam Savage of The Mythbusters, and Penn & Teller from their famous show. The show was hosted at the Flamingo Hotel, a pretty nice place.

Dr. Neil DeGrasse Tyson, and astrophysicist and author, gave the keynote. There were some standout talks including ones by Phil Plait, the Bad Astronomer, Dr. Ben Goldacre, a doctor and author in the UK, Dr. Michael Shermer, a writer and well-known skeptic, and Dr. Steven Novella of the Skeptic's Guide to the Universe podcast.

But the best part about the conference wasn't the talks, it was the company! We had a great time every night hanging out with newly-made friends. The first night we ran into Brian Dunning and his wife Lisa, and had a bite of supper with them. Brian produces an excellent podcast called Skeptoid, and he's working on a television show pilot project with Dr. Novella, Dr. Shermer, and others. Very cool.

Thursday night we went to the Penn and Teller show at The Rio casino. It was a fantastic show, of course, and we were able to stay a bit later and get signatures from both P&T. Friday night was supposed to be the the Skeptic's Guide podcast dinner at a restaurant in Caesar's Palace, but the place was completely full. We grabbed a couple of people and went to The Palm where I had an excellent steak. After dinner we went back to the Flamingo bar to relax and chat.

Saturday night was the Randi.org "forum" party, again at Caesar's! They rented a suite that seemed to have no air conditioning, and people kept spilling out into the hallways, and we got kicked out by hotel security pretty quickly. We regrouped at the Flamingo bar and didn't get to bed until about 4 AM that morning. The next day had paper presentations instead of talks. We didn't get up very early for them.

I don't like Vegas for Vegas's sake, but TAM6 sure was a great time! We'll definitely be back for TAM7 next year.

I tried by best to keep the more incriminating photos off of Facebook, but...

We believe that the performance problems introduced in the recent update of rBuilder Online have been resolved. Our tests and monitoring are showing stable and acceptable performance. Friday (27 June) night (22:00 US/Eastern) rBuilder Online and other rPath web services will be off-line for maintenance while we add additional hardware to support our growing demand.

This means that if you are now experiencing markedly slower repository performance than you were before 21 June, or if you are experiencing significant variations in repository performance, please let us know.

Conary 2.0.18 is a maintenance release.

• The addRoleMember() and getRoleMembers() calls are now exposed via XMLRPC. (CNY-2862)
• Added support for package creator specific data to trove info and the getPackageCreatorTroves() repository call. (CNY-2855)

• A rare error that occurred when an updating containing several groups that contained different versions of the same package has been fixed. (CNY-2860)
• Some .car format files previously caused builds to fail; this has been corrected. (CNY-2871)
• Tracebacks no longer print each filename twice (bug introduced in Conary 2.0.16). (CNY-2872)

• When the configure script run by r.Configure() or r.ManualConfigure() fails, "command not found" messages are highlighted, and possible missing buildRequires based on those messages are sought in the repository. (CNY-2708)
• All missing buildRequires found by noticing programs used in source actions, build actions, and policies are reported immediately as well as summarized at the end of the build, to make it clearer why each requirement has been suggested. (CNY-2858)
• The r.addPatch() method now takes an optional patchName keyword argument, which is the name of the patch program to use to apply the patch. (CNY-2858)

When we initially rolled out rBuilder Online back in the Fall of 2005, we hoped that people would find our approach to packaging and appliance creation interesting. Well, in nearly three years, the rBuilder Online community has grown to over 15,000 users who, collectively, have produced nearly 10,000 images that have been downloaded over one million times -- so the interest is certainly there!

Now it's time for rBuilder Online's next phase. That means we're going to see to it that rBuilder Online becomes the best way for people to experience our latest thinking on how to make the creation of appliances easier. To do this, we'll be picking up the pace of change on rBuilder Online, with new code being deployed every couple weeks.

These changes will make rBuilder Online the place to check out the latest rBuilder features -- even before our customers see it as part of our rBuilder Appliance product. Toward that end, we're going to slap a "Beta" label by the rBuilder Online name to make it clear that rBuilder Online is on the cutting-edge of appliance creation technology.

What does all this mean to you as a long-time rBuilder Online user? As we start to bring our new concepts to rBuilder Online, some terminology will change. For example, what was previously called a "project" on rBuilder Online now becomes a "product".

But other things will be more than a skin-deep change of terminology. For example, if you've ever grumbled about having to manually specify every single build type with every single build option every single time you are preparing for a release, you'll love our new image sets -- they allow you to define this information once and then quickly kick off all the builds (now called images) in your set with one click of the mouse.

Another change is the first pass of a very nifty feature that uses Conary's recipe factories to make packaging even easier. More on this to come...

Finally, we're also going to provide a dedicated two-way communication channel exclusively for all rBuilder Online users via rPath's forum:

rBuilder Online Forum

We'll use the forum to get the word out about changes to rBuilder Online, and to collect your feedback about your experiences with our software. So if you haven't already, sign up for an account -- we'd love to hear from
you!

rBuilder Online will undergo an extended maintenance period starting Friday, 20-June at 18:00 EDT (-0400 UTC) and ending 23:59 EDT, Monday, 23-June.

During this time, rBuilder Online will be in maintenance mode and not accessible. In addition, the majority of Conary repositories accessible via rBuilder Online will not be available as we convert the nearly 10,000 repositories from Conary 1.x to Conary 2. The only exceptions will be:

• conary.rpath.com
• contrib.rpath.org
• foresight.rpath.org
• gnome.rpath.org
• kernelbits.rpath.org
• shuttle.rpath.org

These repositories will be accessible for Conary-related operations (such as updating/installing software), but not for Web-based browsing of repository contents.

A message will be posted when the maintenance period has been completed.

Thank you for your interest in rBuilder Online, and your understanding during this extended maintenance period.

Build Changes:

• Recipes loaded based on the autoLoadRecipe configuration directive are now ordered based on the loadedTroves list in the packages containing those recipes. (CNY-2694)
• The information provided by the "cvc status" command is now available through the checkin.generateStatus API call, and it now handles new packages that have not yet been checked in. (CNY-2843)
• The "cvc log" command now has a --newer option that prints only log messages that are newer than the current checkout, and has been modified to be consumable via a new checkin.iterLog API call. (CNY-2840)
• Building factories which haven't been checked in should work now (CNY-2757)
• Specifying checkDeps and resolveDeps no longer causes an extra dependency check when building a group
• Checking out a source trove without a buildLabel set, but with a version specified, no longer gives a confusing warning about the buildLabel being unset. (CNY-2783)

Bug Fixes:

• A bug that caused a traceback when rolling back the installation of a group containing a post-rollback script has been corrected. (CNY-2844)
• A bug that caused a traceback during metadata lookup when installing files to a new component has been corrected. (CNY-2846)
• A bug causing magic to identify almost every file as a tarfile has been fixed. (CNP-135)
• When rolling back an update started with Conary version 2.0.15 or older, that generated multiple rollback points (generally as a result of the presence of critical updates as part of the job), the rollback scripts are properly executed. (CNY-2845)

Server Changes:

• The deleteUserByName() xmlrpc call now only deletes the role with a matching name on very limited situations (CNY-2775)

Code Changes:

• magic has been extended to identify tar archives. (CNY-2825)

Bug Fixes:

• Derived packages created from an unmodified shadow now choose the correct binary from which to derive. (CNY-2776)
• A bug that caused conary to traceback when formating strings in the syslog logger has been fixed. (CNY-2689)
• A workaround for a bug in the standard python library that can prevent the display of extended debugging information has been added.
• Unmodified shadows will be recognized as already present when promoting them to their parent branch. Previously they would be re-promoted unnecessarily. (CNY-2837)
• conary update --test no longer executes the tagscripts associated with the update. (CNY-2800)
• Multi-stage rollbacks correctly execute the post-rollback script after all affected troves have been rolled back, instead of between stages. (CNY-2829)

Build Changes:

• Info recipe actions (r.User, r.Group, and r.SupplementalGroup) are now available in package recipes. (CNY-2723)
• Python packages now use %(libdir)s instead of %(prefix)s/lib for pure Python libraries. This is an artifact left behind from fixing CNY-2110 and CNP-121.
• A bug causing log output to be lost if conary's log module was imported in a recipe has been fixed. (CNY-2813)

Server Changes:

• Testing the HTTPS environment variable to know whether a connection is secure is now case-insensitive, because existing implementations differ in case. (CNY-2838)

Bug Fixes:

• Some conary factories require loading of some files associated with them in order to load the recipe at all. Such recipes would fail before this fix.

Code Changes:

• We've started using a @publicApi decorator to tag methods which are part of the public conary API. (CNY-2367)
• xmldata.py is no longer part of the Conary library. (CNY-2765)

Bug Fixes:

• An incompatibility of the db2db migration script with the latest repository schema has been corrected. (CNY-2774)
• An error in the handling of multiple URLs with addArchive has been fixed. (CNY-2778)
• sys.argv is not defined under mod_python; importing cvc.py should no longer fail as a result of using sys.argv as a default argument to main(). (CNY-2786)
• repository code handles correctly the removal of groups that include troves from other repositories. (CNY-2802)
• When using sqlite, some temporary tables used the invalid column datatype of STRING instead of TEXT. This has been fixed. (CNY-2013)
• Fixed bug that made the repository code return incomplete data for the getPackageBranchPathIds call in certain situations. (CNY-2810)

Build Changes:

• Removed defaultBasePackages configuration option as well as the functionality for loading recipes from the filesystem based on configuration.
• Reworked recipe loading to make the code more understandable.
• Implemented autoLoadRecipes configuration option. (CNY-2694)
• Using the byDefault parameter to startGroup only determines the byDefault setting when the new group is added to its parent group. (CNY-2791)

Protocol Changes:

• The commitCheck() xmlrpc API call has been added that will check commit permissions for a trovelist before having to send the changeset for commit (CNY-2683)
• The getPackageBranchPathIds xmlrpc API call accepts now a list of dirnames instead of prefixes for improved performance (CNY-2743)

Client Changes:

• Added an option --exclude-groups to promote that allows the promotion of all the packages within a group without the promotion of the group itself. (CNY-2801)

American Airlines has decided to charge $15 for the first checked in bag. As a not infrequent air traveler, this strikes me as the ultimately boneheaded move. Most of the flights I am on are fully oversold already, and one of the more annoying issues is that the overhead storage always gets filled with luggage halfway through boarding. People just don't like checking in their luggage - overstuffing a carryon (or carrying a bigger one onboard) is much more convenient.

If capitalism has taught anybody anything, it is that usually businesses get ahead by offering convenience; they make profits by taxing convenience. People will pay for something that is perceived as having value, and will resent a price increase on a bad service. Most of my fellow business travelers resent having to check in a bag because of the additional time required to retrieve it, as well as an increased risk of losing the bag in transit - and the US airlines' track records on lost luggage are particularly appalling. The delays caused during the boarding process by too many carryons again translate in more money lost for the airlines, as pilots have to make up the lost time by flying faster and burning more fuel. I doubt that a $15 tax on the first checked bag - something people avoid doing already - will recover any of that cost.

If somebody at American Airlines would be smart, they'd put a tax on the large carryons. The perception of paying for convenience would be kept intact, business travelers would be happier because (maybe) the overhead bins would be able to accommodate their luggage, and airplanes would manage to leave the gate ontime in maybe a higher percentage, letting pilots fly at a more leisurely pace. I'm just wondering what sort of McKinsey alumni Harvard grad it took AA to come up with their current proposal...

One of the more annoying pieces of crapware I have to remove from the manufacturer's Windows preloads is Norton Antivirus. That's not because I hate it on principle - that is because I hate it based on my own usage experience. I (have to) use Windows for maybe one hour every couple of months or so. Even with that limited usage pattern I managed to develop a deep resentment to this worthless antivirus "solution" - for the way it immediately hogged all my available bandwidth on bootup to download enormous updates, for the way it didn't let me cancel that, for the way it stopped my work until the updates were installed, and for the way it required a reboot or two just before continuing. Ultimately, for the way it used to make "boot into Windows" a 30 minute affair before the damn thing got out of my way.

I thought I was alone wondering in amazement how people can charge money for it, until I read somebody else's perfect description of how I feel about it:

If ever a class of software deserved to be cast into the lower reaches of Hell and run on Satan's own desktop, it is this. Performance- sapping, space-hogging, noisy, irritating and prone to inducing just as many problems as they purport to solve, these horrible, ineffective, expensive lumps of digital thuggery keep entire platoons of support engineers in business and home users in tears.

That's part of a good article about how software should not work. Actually, the software itself is mostly fine, it is the surrounding packaging and integration into the operating system that sucks by being invasive, obnoxious and/or just plain annoying. In the world of Linux distributions and free software we have been spared the whole mess created by having every single application handle its own install, update/upgrade, dependencies and uninstall. Can you imagine the horror?

rPath is pleased to announce that rPath Linux 2 is now available and recommended for general use as an appliance platform. rPath Linux is a base operating system platform on which you easily build customized virtual or software appliances, or even an entire operating system of your own. Building on the rPath Linux foundation, use rPath's tools to create and maintain your own minimal operating system stack, with "Just Enough OS" to support the applications and services you include.

What's new?

rPath Linux 2 is the next step in the evolution of the rPath Linux platform. In addition to a technology refresh (new versions of included packages), rPath Linux 2 is better tuned as a platform to show off your work.

• Just Enough OS: rPath Linux 2 is smaller than rPath Linux 1. The group-appliance-platform recommended base software set is approximately half as large in rPath Linux 2 as rPath Linux 1, and the kernel is approximately a third smaller.
• Brandable Boot Splash: rPath Linux 2 implements a graphical boot process which is easy to customize to look the way you want. It does not require that your appliance include the X Window System, and thus uses very little disk space.
• Additional security mechanisms: several additional runtime security measures have been added to most packages ("stack protector" and "FORTIFY_SOURCE") and are enabled by default when you build your own software on the rPath Linux 2 platform.
• More robust system boot: The syslinux boot loader is now the default bootloader. This well-maintained boot loader is highly extensible, easily branded, and most importantly can be automatically updated safely and reliably. The syslinux boot loader has been the most common boot loader for ISO images for most Linux distributions for years; now it is the most capable system boot loader as well.
• The new Appliance Installer option installs your appliance software on systems in only a few minutes, requiring less memory than the earlier package-based installation mechanism. (It is still possible to use the slower package-based installation mechanism if you need to do so, but all the images we are building for the core OS at this time use the faster appliance installer.)

rPath Linux Images

rPath has built three sets of images for rPath Linux 2. Each set is based on a different group which defines the included software set:

• group-dist: A developer tool consisting of a large installation intended for developing Conary-based appliances, particularly for using Conary to discover a wide range of potential build requirements for packages, and for experimenting with the contents of the rPath Linux 2 operating system. (Remember that rPath Linux 2 is not a general-purpose desktop operating system; although X is included in this image, it is not an X desktop!)
• group-text-devel: A developer tool consisting of core text-mode-only development tools, useful primarily as a platform for running the rMake build tool to build packages.
• group-appliance-platform: A developer tool which contains only core software recommended to be on all normal Conary-based appliances. This is not intended to be useful itself. Instead, you can install this image and then migrate to a group that you have built using the group-appliance superclass during testing, before you create any images. You can also use it as a "vanilla" base installation on which to install software during the process of experimenting with defining an appliance. After installing appliance-specific software in an image installed from group-appliance-platform, the command conary updateall --items will show you group-appliance-platform plus the software you have installed, which you can then compare to the group recipe you define when following the step-by-step instructions for building appliances

rPath Linux 2 is the software in the Conary repository; these images are merely snapshots of some of the contents of the repository.

Updates, Bugs, And Features

rPath Linux 1 and rPath Linux 2 will be updated in parallel while rPath Linux 1 is maintained (at least until November 2008). Because rPath Linux 2 is an appliance operating system rather than a desktop operating system, rPath recommends that users of rPath Linux 1 update to an appropriate Conary-based operating system for their needs. Foresight Linux is the most widely-used and actively-developed Conary-based desktop operating system. Many purpose-built server appliances are maintained on rBuilder Online for various services. If none of them meet your needs, consider building your own purpose-built server appliance on rBuilder Online. It is easy to do, and step-by-step instructions teach the process easily.

rPath Linux update advisories, both for security and maintenance updates, are published in several ways:

• To receive only security updates but not maintenance updates, subscribe to security-announce@lists.rpath.com.
• To receive both security and maintenance updates, as well as summaries of changes by group version, subscribe to update-announce@lists.rpath.com or subscribe to Advisories:rPath_Linux_2_Changes.

Please help us make rPath Linux better! Create issues to report bugs or ask for new features in rPath Linux. Visit the rPath Issue Tracking System at https://issues.rpath.com/ and use the "rPath Linux" project to file your request.

Thanks

rPath would like to thank everyone who helped test the software that has become rPath Linux 2. Special thanks go to Foresight Linux for building Foresight Linux 2 based on rPath Linux 2 betas. Conary made it possible for the Foresight developers to test the software on Foresight development and QA branches before publishing updates tested as part of Foresight to Foresight users.

A recent update to rBuilder which enabled support for using extlinux in images built for rPath Linux 2 and appliances based on rPath Linux 2 introduced a bug which causes Xen domU images built either for rPath Linux 2 or for appliances based on rPath Linux 2 to fail to boot. Until this issue is corrected (soon), rPath Linux 2 Xen domU sample images will not be made available.

The maintenance of rBuilder Online has been completed.

Thank you for your interest in rBuilder Online.

rBuilder Online is currently undergoing maintenance, and will be available by 23:30 EDT (UTC-4). During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when this maintenance period has been completed.

Thank you for your interest in rBuilder Online.

The maintenance of rBuilder Online has been completed.

• Support for Citrix XenServer images
• Support for 64-bit Amazon Machine Images
• Support for images larger than 2GiB
• Amazon Machine Images now have a properly-formatted /etc/fstab, allowing auto-mounting of scratch space
• Images delivered as compressed tar files no longer erroneously report missing contents or "trailing garbage" errors. Furthermore, the compressed tar files are now named with the '.tar.gz' extension rather than '.tgz', which caused problems with some archivers on Windows.
• Support for bootman and the EXTLINUX bootloader have been added for images built from groups that contain them
• Stability and bug fixes

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Thursday, May 8 at 21:00 EDT (UTC-4) and ending at midnight. During this time, rBuilder Online and all rpath.org repositories will not be available. A message will be posted when the scheduled maintenance period has been completed.

Thank you for your interest in rBuilder Online.

conary-policy 1.0.18 is a bug fix release.

• ConfigLogBuildRequirements caused builds to fail when encountering a line ending in "result:  " (two or more trailing spaces) while processing a config.log file. This is corrected. (CNP-128)

Bug Fixes:

• A bug causing python-setuptools to incorrectly appear to be an excessive build requirement has been fixed. (CNY-2738)
• A bug in which python-setuptools was sometimes incorrectly not recognized as being needed in buildRequires has been fixed. (CNY-2772)
• A regression has been fixed that caused rMake to abort when recursing through a group recipe that added troves with full versions. (CNY-2768)
• When reporting possibly excessive buildRequires, not mentioning buildRequires at all in the recipe caused Conary to report the immediate superclass's buildRequires as the recipe's buildRequires. This bug has been resolved. (CNY-2769)
• A bug that caused the --context flag to not be recognized when specified before a command has been fixed. (CNY-2770)

Changes in 2.0.13:

Build Changes:

• When cooked, factories can now package additional files in their :recipe component. (CNY-2748)
• Moved VersionConflicts to pluggable policy and removed default exceptions. (CNY-2716)

Client Changes:

• PGP Keyring location is no longer determined using $HOME, which is unreliable; a getpwuid(3) lookup is used instead. (CNY-2722)
• The number of retries for providing a passphrase when signing troves changed from 3 to 5. (CNY-2709)

Code Changes:

• Some incompatibilities with python2.5 have been removed.

Bug Fixes:

• More optimizations for the pathId lookup query times for some package builds. (CNY-2742)
• A bug that caused an InsufficientPermission error when a user only has repository access permissions added by trove calls getNewTroveList() has been fixed. (CNY-2755)
• A bug that caused a request to add access to a trove for a role to be ignored if the same trove was used previously to grant access to a different role has been fixed. (CNY-2758)
• A bug that caused an InsufficientPermission error when a user requests a changeset to which the user has been granted access with addTroveAccess has been fixed. (CNY-2760)
• The XML writer in xmldata.py is now encoding using UTF-8. (CNY-2756)

Changes in 1.0.17

• Description and Licenses policies can now be used to set metadata information for troves. (CNY-2715)
• The RequireChkconfig policy now accepts empty lines in the chkconfig header. (CNP-81)
• The new HttpdConfigRequires policy adds dependencies on /usr/sbin/httpd for all /etc/httpd/conf.d/*.conf files. (CNP-110)
• The FixObsoletePaths policy has been modified to run before AutoDoc. It will now delete empty Obsolete paths rather than attempting to move them. (CNP-70)
• The RemoveNonPackageFiles policy has been modifed to run before most policies designed to Normalize filenames in order to reduce the occurrence of non-package files being masked. (CNP-122)
• Moved VersionConflicts to from Conary to conary-policy and removed default exceptions. (CNY-2716)

Recently, a security researcher made an irresponsibly premature public disclosure of a security weakness in the rPath Appliance Platform Agent on his personal blog. rPath was investigating the issue with him, but instead of responding to rPath's request for information, he published his analysis publicly. rPath is currently working on software updates to address this concern.

While those software updates are being written, rPath is providing detailed information on the scope of the weakness so that developers and users can determine whether their appliances are vulnerable, and if so, take appropriate defensive measures until software updates are made available.

Summary of Analysis

Unless the appliance explicitly enables the "rootpw" plugin for setting the system root password and explicitly adds a service which enables remote root login, the appliance is not affected.

The attack is not generic; an attacker has to target both a specific running vulnerable appliance image and a specific administrator during a time-limited authenticated session.

Full Analysis

In the disclosure, three weaknesses were suggested: lack of password verification for some critical actions (specifically, setting the system root password), cross-site request forgery vulnerability in the rPath Appliance Platform Agent "rootpw" plugin, and exposed salted hashed passwords.

The administrative password in the rPath Appliance Platform Agent provides full control of the system. It is, effectively, equivalent to the system root password, with respect to the capabilities of the rPath Appliance Platform Agent. That password must be guarded similarly to a root login password, and active sessions must be guarded similarly to active root login shell sessions. For this reason, administrative sessions time out after 10 minutes of inactivity.

Currently, the "rootpw" plugin that sets the system root password (which is not a default component of the rPath Appliance Platform Agent) does not require additional authentication or authorization from the administrator if the request is made from a browser with a valid administrative session. To enhance security, certain critical actions (including but not limited to setting the system root password) will be modified to re-validate the administrative password. This will prevent an intruder from being able to perform these actions by using an unattended administrative session in the administrator's web browser.

Note that the rPath Appliance Platform does not enable incoming ssh connections by default, nor does it by default enable any other incoming network service that provides root access, and the rPath Appliance Platform Agent does not enable setting the system root password by default. Appliances that do not explicitly enable root login are not vulnerable to remote attack even if the root password is set; appliances that do not explicitly enable the "rootpw" plugin are not vulnerable to this attack against the rPath Appliance Platform Agent.

The second weakness is the cross-site request forgery (CSRF) vulnerability. This weakness allows an attacker to reset a root password, if he or she knows the hostname of a specific system to attack and can entice an administrative user with an active login session to a vulnerable rPath Appliance Platform Agent to visit an attacker-provided URL. For example, if the administrator has an email client (web mail or otherwise) which displays HTML email through the same browser session used for the administrative login, and the attacker sends the administrator an HTML email including that link (usually as a 1-pixel image with that link as the source of the image). This attack requires that a vulnerable "rootpw" plugin is enabled on the system under attack, and is specific to an individual appliance and an individual administrator with an active session. Additionally, most web mail clients do not display images included in email by default. The targeted administrator will almost always need to click on a link or choose to display the images in an email in order for the browser to visit the URL that changes the root password.

The third suggested weakness, with regard to exposed salted hashed passwords, is simply incorrect. The salted hashed passwords are equivalent to the salted hashed passwords stored in the /etc/shadow file and are similarly protected by standard file permissions. This is not a fault in system design or implementation; the fault is in the analysis by the security researcher in question. His analysis is that an attacker who has already attained root privileges on a system under attack can provide a changed password. rPath's analysis is that an attacker who has already attained root privileges on a system under attack has already subverted the system and can make arbitrary changes; precisely which changes the attacker chooses to make are not a relevant security issue.

Reporting Security Issues to rPath

rPath takes security issues very seriously, and welcomes comments, concerns, and critiques from responsible members of the security community. There are two appropriate ways to notify rPath of a security issue in rPath products and technologies.

• You may send an email to security@rpath.com. A member of our security team will respond, and will ensure that your report is handled appropriately.
• You may file an issue in the rPath Issue Tracking System at https://issues.rpath.com/ by creating an account, clicking on "CREATE NEW ISSUE", selecting the product or technology from the drop-down menu, and selecting a Security Level of "Reporter and rPath Security Team". If you are not sure which product or technology to choose, just guess -- we can fix it later. This allows you to participate more directly in our internal discussions about resolving the issue. (If you choose to send email to security@rpath.com, we will still open an issue in the rPath Issue Tracking System, but we cannot include you in the discussion unless you have created an account.)

In either case, rPath will work with you to analyze the issue and coordinate a disclosure date.

Cristian Gafton laments the demise of the 4:3 aspect ratio laptop screen on Lenovo thinkpads, and says that he is now looking at other brands of laptops as a result. I wish him luck; I suspect that other brands are doing the same thing as a result of concentration of production on 16:9 due to widespread consumer demand. For example, all the HP laptops I could see on the HP website were widescreen. I had to cruise the Dell site for a while before I found the Latitude D530 ("entry level") with a 4:3 aspect ratio. The Gateway site buries this so deep that I lost interest before finding any 4:3 screens (if they carry any). Most Fujitsu laptops are widescreen; the only 4:3 I found on their website are the LifeBook S2210 and Stylistic tablets (all 13" XGA). At this point, I got tired of investigating.

I like pixels. So much so that I've paid extra to get laptops with 1600x1200 screens. One of my main problems with the 1600x1200 screen was that four 80x24 terminal sessions using the huge classic 10x20 X font (now represented as MiscFixed 18) that I love so much do not quite fit on it. In particular, they don't quite fit side-by-side, even if you disable scrollbars. My 1680x1050 widescreen laptop, however, can do that (even with scrollbars on the terminal windows if I choose to use them) with room to spare, and without covering the GNOME toolbar. This makes me happy.

Somewhat as a sidenote, but equally easier to read on the wide screen, I've also changed my coding window arrangement. Two terminal sessions, each with multiple tabs, full-height, 80 characters wide, side by side. I generally write code in tabs in the left-hand terminal session and write/run tests in the right-hand terminal session. In vim, of course.

Oh, and with regard to the various batteries, the 9-cell batteries are still available as of this blog post... Update: It appears that different T61 laptops use completely different batteries, with different voltages, physical interfaces, and capacities. Not what I would have expected for the Thinkpad line, at any rate.

Like so many of my source code jockey brethren, I am one of those saddened by Lenovo's sudden decision to stop selling laptops equipped with "normal" aspect ratio screens. This widescreen all-the-way fad is bugging the hell out of me. At around 5lbs, a T-series laptop with a 14.1" screen and 1400x1050 resolution was a rather nice machine for a traveling programmer. It seems that it's either too few of us buying normal aspect ratio screens or nobody at Lenovo can possibly think of why anyone would value vertical resolution above and beyond the wide-screen idiocy.

Anyway, I was in the market for a new T series laptop, and as I was pricing out a new one online, I noticed a rather great deal they're offering their Linux users:

Yepp, that's right - one can upgrade from SUSE Linux Enterprise Desktop to a full-blown Thinkpad PC DOS License for the low, low price of $8,473.65. I think I should upgrade the CPU to the fastest they offer, memory to the max and get the biggest, baddest hard drive they offer to be able to run that PC DOS beast...

Thinkpads have been my laptops of choice for many years. I have personally owned/changed/worked through 9 of them so far. The Thinkpad line always used to have a 14.1" regular aspect ratio screen in their lineup. As a "businessy" user, I hate change. I hate having to change my coding habits to deal with widescreens. A source code terminal would only utilize half the screen estate, which would bug me to no end. I hate having to purchase a new laptop bag and/or travelcase to accomodate the new screen dimensions. I hate wasting time researching which bag would work best - my current one has not been produced for years now, and keeping up with new developments in the luggage industry has not been one of my curiosities, ever. I hate that these new Thinkpads only come with a 6-cell battery instead of the awesome 9-cells they used to have before. I hate that the new fully-Lenovo designed models are bulkier, thicker, boxier and much heavier than the ones they replace.

I hate that people who feared that Lenovo would end up trashing the prized Thinkpad line appear to have been right.

At long last, my loyalty to the Thinkpad series is forced to an end by Lenovo's dumb decision to stop selling models that I would like to use. The part that sucks the most about this is the fact that I have to waste time looking at other brands of laptops - something I have not done in a long time.

Build Changes:

• Conary now warns about some possibly unused build requirements. This requires conary-policy 1.0.16 or later. (CNY-2232)
• Suggested additions to buildRequires lists are now separately encoded in the XML build log. (CNY-2621)
• Loaded recipe modules are no longer tracked in sys.modules (RPL-2409)
• The source components needed to build everything in a group can now be found when the group uses searchPaths. (CNY-2710)
• The SubscriptionLogWriter (CNY-2622) sometimes caused builds to fail. This issue has been resolved. (CNY-2717)
• Group builds now store the searchPath used with the built troves in the repository. (CNY-2721)

Client Changes:

• Conary will now re-read /etc/resolv.conf if an error occurs when resolving a hostname. (CNY-2703)
• Conary now caches the result of IP lookups and uses the cached results if an IP address lookup fails during an update. (CNY-2260)
• Migrate now preserves local installs only of groups and kernels. Before, all manually-installed components and troves that were referenced by the group being migrated would be updated instead of erased. (CNY-2569)
• An API (the createSourceTrove() method of client objects) has been added which creates source troves without using the conary.checkin module. (CNY-2498)

Bug Fixes:

• The internal function _ensureReadableRollbackStatus now directly ensures that it collects the necessary state it needs to succeed instead of relying on that state having been previously collected. (CNY-2711)
• Conary repository migration from repository databases created by conary 1.2.x has been fixed. (CNY-2731)
• In rare cases, some output could corrupt logging data during builds. This has been fixed. (CNY-2734)
• MySQL performance when inserting troves with large numbers of files has been fixed. (CNY-2737)

Repository Changes:

• The addUser() xmlrpc call no longer automatically creates a matching role. (CNY-2604)

Server Changes

• The repository code and repository schema have been updated to allow for faster processing and lookup of file pathIds. (CNY-2468)

• Policies now work with more recent versions of Conary (2.0.12 and later) so that Conary can warn about possibly excessive buildRequires elements. (CNY-2232)
• The new EnforceLocalizationBuildRequirements policy warns that gettext:devel and intltool:runtime are required if POTFILES.in exists. (CNP-115)
• The EnforceConfigLogBuildRequirements has been expanded to look for header files and static libraries mentioned in config.log files, as well as more binaries. (CNP-35, CNP-123)

Client changes:

• rMake will now use user-specified conaryProxy, overriding the use of rmake's internal proxy. (RMK-850)

Bug Fixes:

• Handle a case where restarting a job would override a package's logPath even though the trove before it had no log. (RMK-827)
• Fixed a logic error wherein a reused variable caused loading jobs with multiple contexts to get slower and slower for each additional context used. (RMK-853)

rPath has just announced a deal we've struck with Novell to OEM their SUSE Enterprise Linux. This means that in addition to our standard rPath Linux distribution, our customers can choose to use SUSE as a base for their appliances. All of the technical benefits of a Conary-based system will remain available. rBuilder and the associated rPath technologies aren't tied to any particular version of Linux, and we've proven this by adding support for SUSE. Who's next?

http://venturebeat.com/2008/04/21/virtual-appliance-maker-rpath-teams-up-with-novell/
http://www.wral.com/business/local_tech_wire/venture/story/2767532/
http://opensource.sys-con.com/read/547747.htm

We got back from Paris yesterday afternoon, and we're still trying to recover from the time difference. I think we were just getting used to CEST when we left! We had a decent time in Paris. Unfortunately Liza got a cold just as we were leaving Geneva, and I wore myself completely out being on crutches walking all over the place, but it was definitely fun!

Before we headed to Paris we were able to have a tour of one of the detectors in the Large Hadron Collider. We had a private tour of the CMS detector:

Amazing stuff. I was pretty awed by the engineering and science that goes into a project like this. I'm going to be watching with interest to see the science that is generated when this huge project turns on in June.

After my talk and demo at the CERN workshop, we took the TGV from Geneva to Paris. The first part of the trip was really beautiful. I guess we were going through the Rhône Alps and the Dijon region. I'm not sure of the route exactly, but there were some stunning views. Unfortunately my camera was in the end compartment of the train and I don't suppose shots through the glass would turn out very well. I liked the train ride a lot--it was quiet and peaceful, and not very crowded. It wasn't as fast as I thought it would be until we got within about an hour of Paris, then it really picked up speed. The opposing trains going to same speed next to us were quite startling.

We got to Paris Wednesday night, and found our way down to the RER train and realized that the metro ticket machines wouldn't take my credit card. So I crutched my way back up, and tried to find an ATM. Finally found one outside the train station with the help of a couple of very helpful locals. We got to our stop eventually, and tried to find our hotel. I think we walked by it twice before we spotted it. No big neon marquee for this one! It was a nice little room with a tiny kitchenette. Our hotel was right next to the Arc de Triomphe:

We spent most of Thursday relaxing because Liza had a cold, and I was still tired from CERN. We found a bakery and got some good bread and wine. Friday we met up with Liza's sister who happened to be in Paris at the same time on a school trip, and walked down the Champs-Élysées to the Louvre. We spent about 3 hours there and probably only saw 10% of the collection. Some fantastic art. I didn't take very many pictures inside the museum because I don't generally like the results. Poor lighting for photography, lots of people, too much glass.

The next day we went to the Palace of Versailles. The train ride out was confusing, and we got off too soon, so we had to walk about a mile to the Chateau. Somehow the RER train splits into different branches at the end, and we weren't sure how to tell which branch it would take. We weren't the only confused tourists who got off at that stop, though! On the way back we found the correct station and walked quite a bit less. Much better.

Versailles was big. I probably would have enjoyed it more if I hadn't been on crutches. Lots of fine artwork and enormous rooms, but I felt like the tour could have had more depth. I would have liked to have seen some of the inner workings of the palace: the servant's quarters, the kitchens, etc. I wanted to see some contrast to the ridiculous opulence of the main areas. I had a hard time imagining the area as it must have been when the royals lived there. I think they could probably do more to recreate that feeling. The entire place seemed to be under construction, too. I'll bet once the renovations are done, it will be a much more enjoyable experience.

Given our short trip, there were about a million things we wanted to see in Paris but didn't have time for. Notre Dame, the Pantheon (which we made it to just after closing time!), Sacre Coeur (which we approached after the Louvre but were too exhausted to get to, and it was raining), the Catacombs (I'll save that for when I'm not on crutches...), Musée d'Orsay, Musée de Cluny, and a million others!

The best part was visiting the little bakeries and shops, and enjoying lots of non-imported French wine!

NetworkManager updates seem to do a very poor job of maintaining compatibility with configuration saved by earlier versions of NetworkManager. I don't know if it is lack of sane schema migration or something else, but when (after updating the NetworkManager stack) networking goes flaky, I sometimes have to do the following steps to return my system to having working networking.

$ killall nm-applet
$ sudo service NetworkManager stop
$ gconftool-2 --recursive-unset /system/networking
$ sudo service NetworkManager start
$ nm-applet&

Of course, this removes all my networking configuration, so I have to start over. But that's better than totally broken (or just flaky) networking.

It is very annoying when the system that requires this action belongs to a less Linux-savvy family member whose networking has just been damaged by an update to NetworkManager.

I sure hope that as NetworkManager moves to being the core network configuration tool for systems, it gets more reliable! As it is, I feel that NetworkManager has been earning the epithet "NetworkMangler" that I've heard applied to it so often.

I have a dual-boot system that, on rare occasions, finds itself running windows. It used to be limited to taxes and GPS database programming, but now it is limited to taxes, GPS database programming, and logitech harmony programming.

Since I so rarely run windows, I keep forgetting or repressing how hard it is to use, and how easily it breaks, catastrophically. I rant loudly whenever things break under Linux about how unacceptable it is.

I just went through the exercise of doing my taxes in turbotax. It occasionally went unresponsive or would simply quit displaying some of its user interface elements, but a restart would bring it back. Once turbotax disappeared entirely right in the middle of using it. (Oh, that's why it auto-saves so often. I guess they expect that.)

Then I wanted to print some forms. Of course, I don't have a printer connected, so I figured I'd just print a PDF (or postscript, that would be OK too) and print it later.

Half an hour later, muttering, I went downstairs to plug my computer into the laserjet. It's an HP LaserJet 1320 -- supports PCL6 and Postscript, has USB, and has been trivially supported under Linux for years. I figured I'd just move the USB cable temporarily to the machine running windows.

Or maybe not.

I tried letting windows try to install the driver automatically. Several times. Then I went to the HP web site, and downloaded three different drivers to try (no help from HP on which drivers to use). None of them worked. I finally, in desperation, found the CD that shipped with the printer. No luck. An hour and twenty minutes later, you'd think that at least I'd still have a working system, even if I couldn't print the tax forms.

I remember jokes about suspend/resume from years ago: "My laptop suspends fine, it's just resume that doesn't work so well." Unfortunately, after these attempts to get printing working, the system no longer shuts down. It just hangs indefinitely with nothing displayed on a blue background. The only way to get it to shut down is to hold the power button down until the hardware timeout passes and the system is forcibly shut down. It's not the "blue screen of death" -- it's the normal (for me) blue background shown during shutdown, it just never goes away. Call it the "blue screen of zombie", I guess.

Of course, setting this printer up under Linux took all of about one minute some years ago, and it has worked flawlessly ever since.

And no, I'm not crazy enough to be running vista with all its performance and driver problems. This is a recent XP install as shipped on a thinkpad.

Afer all that trouble, I find (back on my trusty Linux system) that the IRS site has the form in PDF, that it is a fillable PDF, and that evince can fill it in. This will take all of a couple minutes; I don't even have to use a pen except to sign the form.

We arrived in Geneva after a couple of uneventful flights. We were on the brand-new American Airlines RDU -> LHR flight for the first leg, and the flight was delayed about two hours while they dragged in a replacement antenna, or something like that..much better than having the flight canceled! We had a long layover at Heathrow anyway, so it worked out well enough. Security in Heathrow was interesting. You didn't have to take your computer out of your bag, and you could leave your shoes on, but I had to go in a private room for them to inspect my leg brace. The TSA just wanded me in a public area. I definitely appreciated not having to hassle with my computer and shoes.

We got into Geneva at about 2 PM after a very long and slow line at passport control. Our host picked us up and gave us a brief tour of CERN, where we had some lunch. Afterwards we took the bus system (really a fantastic system) into the center of Geneva, where we promptly learned that everything closes at 6 PM! Oh well. We wandered around a bit, tried to find some grocery store to pick up some food, but those were all closed too. So we hopped back on the bus and got back to CERN.

Sunday was more productive. We found a grocery store in the airport (!) that was open, and stocked up on some picnic-style foods, and got back on the bus and headed to the Jardin Botaniques for lunch. The weather was beautiful! Now we are both exhausted and want to sleep. Jet lag works in mysterious ways. Tomorrow we are getting a private tour of some of the underground areas of CERN, and then I am giving my first of two presentations at the workshop.

The third beta test snapshot toward rPath Linux 2 has been released.

rPath Linux 2 beta releases are available on the conary.rpath.com@rpl:2-qa label.

New in this release:

• All updates, particularly security updates, since rPath Linux 2 Beta 2 have been incorporated into this release.
• Anaconda installation onto iSCSI now work correctly. (RPL-2301)
• The kernel portion of open-vm-tools is now in kernel:vmware instead of kernel:runtime to facilitate removing those modules on systems that need to run the host modules instead. (RPL-2200)
• The telnet-server package is now available. (RPL-2369)
• The splashy boot/shutdown graphical splash screen program is now gracefully quiet by default, preventing it from presenting scary-looking error messages in normal operation. (RPL-2289)
• As always, too many other bugs have been fixed to list in this summary.

rPath Linux 2 will be an appliance operating system. In keeping with this focus, the installer ISO images for rPath Linux 2 Beta 3 are intended primarily for testing the installer, and secondarily as a platform for testing appliance development. This is not a general purpose operating system.

To test rPath Linux 2 Beta 2, we have migrated multiple appliances to an rPath Linux 2 Beta 2 base. In the near future, we will be testing an automated migration process for systems with configuration files that use the /dev/hd* names for IDE devices so that they will work with newer kernels that use /dev/sd* instead. For details, see issues RPL-2250 and RPL-2302.

Be aware that updates of 64-bit appliances that contain 32-bit compatibility libraries from rPath Linux 2 Beta 1 to rPath Linux 2 Beta 2 may not work without applying a manual workaround as described at CNY-2553. New installations are recommended particularly for this case.

Migrating appliances from an rPath Linux 1 base to an rPath Linux 2 Beta base has been tested, and there are known issues with migration, particularly regarding conversion in device names for PATA IDE devices. Please test migrations, but assume that they may break in ways that make it inconvenient or even impractical to recover the test system. Most of our internal appliance testing so far has been of creating working systems based on rPath Linux 2 Beta, not of migrating.

Security update announcements will be made available for rPath Linux 2 Beta, but security updates for beta releases will be lower priority than security updates for generally available releases. Because security-announce@lists.rpath.com is intended to be very low-traffic, security update announcements for this Beta release will be sent only to the update-announce@lists.rpath.com mailing list. Group change summaries will be provided only on the wiki, not sent via email to the update-announce list. Note that most changes to the beta will not reference an advisory.

If you are not yet familiar with rPath Linux or the ground-breaking Conary technology, we recommend that you use our supported and maintained rPath Linux 1 product to become familiar with both technologies before experiencing this beta test snapshot. For a desktop appliance operating system based on rPath Linux 2 Beta components, you may wish to try Foresight Linux 2.

Last week, I spent a lot of my time working on a Conary feature: reporting possibly excessive elements of the buildRequires list. For years, Conary has been recommending additions to the buildRequires list when it notices possible reasons that something might be missing, whether that is because of a dependency, an entry in config.log, or Conary itself running a program.

Recently, those requirements have gotten so good that if you cook a recipe on a system with a full set of software installed, most of the time Conary figures out all the things you need to build. And the better job we do of making Conary do that, the more interest there has been in making Conary tell you which elements of your buildRequires list are not needed.

It took some work to make Conary actually record all the necessary dependencies rather than only the ones that it found missing, but after that, I was able to make Conary report the potential extras. And it has been finding real cases of excess buildRequires. For example:
info: Possible excessive buildRequires: ['userspace-kernel-headers:devel']
I found that while building lvm2 as a sample test package, and it's absolutely true: 'userspace-kernel-headers:devel' is part of the superclass and doesn't need to be mentioned in the lvm2 recipe at all.

However, Conary's recommendations for removing excess build requirements are only as good as its recommendations for adding missing ones; they are opposite sides of the same coin. And while an extraneous build requirement rarely causes much trouble, a missing build requirement is generally catastrophic. Therefore, take these recommendations with a grain of salt. There's a reason that it says Possible in the informational message!

This feature will require both Conary 2.0.12 and conary-policy 1.0.16, neither of which is yet released as I write this...

My wife and I are going on a combination work/fun trip to Geneva next week. We're flying in onto Geneva Saturday morning, and I'll be giving a couple of talks at a workshop at CERN on Monday and Wednesday. Wednesday afternoon we are going to take the TGV to Paris and stay there until Sunday morning. We're staying at CERN's hotel for our stay in Geneva, and I found a place very near the Arc de Triomphe in Paris. I have a couple of questions for the lazyweb:

1. What should we do in Geneva? I haven't spent much time on this leg of the trip. We'll be outside the city staying at CERN, but I figure there must be some nice sites around.

2. In Paris, how can we get some fantastic but relatively inexpensive pastries?

3. How can we find decent, inexpensive food in Paris? I don't want to get stuck in tourist shops, and we're not really haute cuisine people. But, we're going to be in Paris, so we should probably not regret our culinary choices. We will hopefully have a little fridge in our hotel so we might prepare some food there.

4. I guess I don't have a fourth question. Thanks!

conary-policy 1.0.15 is a maintenance release.

• The AutoSharedLibrary policy finds /etc/ld.so.conf.d/*.conf files and tells the SharedLibrary policy that the directories mentioned in those files contain shared libraries. (CNP-108)
• Python *egg-info/requires.txt files are now inspected for suggested buildRequires additions. (CNP-102)
• An error causing PkgConfigRequires to traceback when handling requirement paths involving symlinks has been fixed. (CNP-119)
• The new EnforceStaticLibBuildRequirements policy examines the output of the build process for linking to libraries that are not included among the shared libraries required by the package but are included on the system, and suggests additional buildRequires for those libraries. (CNP-120)

Build Changes:

• Added 'factory' command to cvc for displaying and changing the factory of the currently checked out recipe (CNY-2690)
• The SubscriptionLogWriter now handles line continuation. (CNY-2693)

Bug Fixes:

• A regression introduced by the build requirements suggestions for recipes using r.MakePathsInstall has been fixed. (CNY-2697)
• A bug that caused a traceback when r.MakeDevices() is called with a path that contains 'lib' has been fixed. (CNY-2692)
• A regression introduced by the multi-URL support for addArchive has been fixed. (CNY-2696)

Build Changes:

• The SubscriptionLogWriter now handles line continuation. (CNY-2693)

Bug Fixes:

• A bug that caused a traceback when r.MakeDevices() is called with a path that contains 'lib' has been fixed. (CNY-2692)
• A regression introduced by the multi-URL support for addArchive has been fixed. (CNY-2696)

Build Changes:

• An xml formatted log has been added to :debuginfo. This is in addition to the human readable log. The xml log contains the same information as the human readable log, plus additional contextual information useful for formatting the log data. (CNY-2487)
• A new selective logging facility for policy to use to inspect build output has been added. (CNY-2622)
• It is now possible to pass a list of multiple URLs to addArchive. Conary will try to download the source from each URL, in order, until it succeeds. (CNY-2505)

• Previously, rollbacks could restore files from local rollbacks by overwriting existing contents rather than replacing the file. In addition, the operation was not journaled properly. (CNY-2596)
• A bug in finding the sources required to build all the packages for a group that omitted replace() packages has been fixed. This mainly affected rmake builds of group recipes. (CNY-2605)
• When using PostgreSQL as a repository backend, some queries could be executed with poor execution plans (CNY-2639)
• A bug that caused a local cook (e.g., "cvc cook pkg.recipe") to fail at "Copying forward metadata to newly built items..." when the Conary repository for that recipe is not available has been fixed. (CNY-2640)
• The conary rdiff command works correctly for groups that include troves from foreign repositories. (CNY-2544)
• An issue related to the build logger not properly setting the logging pseudo-tty in raw mode has been fixed. (CNY-2647)
• Conary can now parse perl dependencies with periods in them from the command line. (CNY-2667)
• A source of circular references which could cause unpredictable memory usage has been removed. (CNY-2674)
• Fixed a file descriptor leak when using in-memory-only databases.

• More of the update logic is now protected by the filesystem journal, and the journal now cleans up rollback state on failure. (CNY-2592)
• Conary now displays more progress information during the "Preparing changeset request..." phase. Much of the time in this phase is spent communicating with the repository. Now "Requesting changeset ..." and "Downloading" will be shown as data is transferred.

Build Changes:

• An xml formatted log has been added to :debuginfo. This is in addition to the human readable log. The xml log contains the same information as the human readable log, plus additional contextual information useful for formatting the log data. (CNY-2487)
• AutoResolve defaults to True for image groups. (CNY-2291)
• Exceptions and inclusions to policies that don't match anything will now emit an error. (CNY-2221)
• A new selective logging facility for policy to use to inspect build output has been added. (CNY-2622)
• It is now possible to pass a list of multiple URLs to addArchive. Conary will try to download the source from each URL, in order, until it succeeds. (CNY-2505)
• Recipe actions have now the ability to suggest build requirements. (CNY-935)
• Running "cvc cook" in a directory with a CONARY file now builds the sources specified by that checkout. This is particularly useful for source troves which do not provide recipes thanks to a factory. (CNY-2642)
• Conary now looks for factories in the same places it looks for superclasses, including the current working directory for local cooks. (CNY-2641)
• Suggesting build requirements produces a warning if the supplied command cannot be found in the search path. (CNY-2663)
• Skip FactoryRecipeClass when loading recipes to make it easier to develop factory recipes. (CNY-2666)
• Checking out multiple sources with a single command line once again creates the CONARY files properly. (CNY-2645)
• The addArchive source action now supports .war and .jar archives. (CNY-2684)

Bug Fixes:

• Previously, rollbacks could restore files from local rollbacks by overwriting existing contents rather than replacing the file. In addition, the operation was not journaled properly. (CNY-2596)
• A bug in finding the sources required to build all the packages for a group that omitted replace() packages has been fixed. This mainly affected rmake builds of group recipes. (CNY-2605)
• An error in the repository that caused a malformed exception to be returned to the client when a trove was missing has been corrected. (CNY-2624)
• If launched with sudo, Conary will no longer change the owner on the user's PGP keyring, and will use the proper system-wide keyring. (CNY-2630)
• When using PostgreSQL as a repository backend, some queries could be executed with poor execution plans (CNY-2639)
• A bug that caused a local cook (e.g., "cvc cook pkg.recipe") to fail at "Copying forward metadata to newly built items..." when the Conary repository for that recipe is not available has been fixed. (CNY-2640)
• Checking out source components which used factories now preserves the factory
• Building directly from recipe files which use factories for superclasses now works (CNY-2656)
• The conary rdiff command works correctly for groups that include troves from foreign repositories. (CNY-2544)
• An issue related to the build logger not properly setting the logging pseudo-tty in raw mode has been fixed. (CNY-2647)
• Conary can now parse perl dependencies with periods in them from the command line. (CNY-2667)
• On failure, the proper URL is returned to the Conary client library. This fixes a regression introduced in the Conary 2 codebase, where only the selector part of the URL would be returned. (CNY-2517)
• A source of circular references which could cause unpredictable memory usage has been removed. (CNY-2674)
• Tighten the rules for what characters are allowed in version strings (CNY-2657)
• Fixed a file descriptor leak when using in-memory-only databases.

Client changes

• More of the update logic is now protected by the filesystem journal, and the journal now cleans up rollback state on failure. (CNY-2592)
• Conary now displays more progress information during the "Preparing changeset request..." phase. Much of the time in this phase is spent communicating with the repository. Now "Requesting changeset ..." and "Downloading" will be shown as data is transferred.

Changes in 1.0.18:

Bug Fixes:

• Initially, rmake was not compatible with having recipe superclasses on the filesystem. That incompatibility has been removed, although currently rmake simply ignores all filesystem superclasses. (RMK-834)
• Allow building of redirect checkouts. (RMK-841)
• The robustness of job stopping has been improved. (RMK-843)
• The rmake:gtk component has been removed from rmake, as support for controlling rmake from rbuilder has been removed.

A while ago I have started looking for a more energy efficient way of storing my electronic waste. I do have a big server tower now with a bunch of SATA drives in it, and over the winter its warming effects on the temperature in my office have been appreciated. However, current hard drive prices have made it so that a pair of 1TB drives in a RAID1 configuration can provide me with the needed storage space at a cost that will be easily recuperated from the savings created by turning off this 450W energy hog.

The default option would be to get a USB 2.0 enclosure, connect it to an old laptop, and use the laptop to serve my NFS and samba needs. However, USB 2.0 is slow and I have managed to stress out the usb-storage driver in more than one occasion. This solution is not much on confidence, not much on speed, I'll try to avoid it for as long as possible. (also, e-sata and laptops don't quite mix...)

The next option is a dedicated dual drive NAS. The two contenders here seem to be the Linksys NAS200 and the D-Link DNS-323. Looking over the interwebs it seems that the general consensus is the Linksys device is rather slow. So off I went and I purchased the D-Link one.

That turned out to be a mistake, as the DNS-323 proved to be unable to recover from a simple RAID1 rebuild/simulated hard drive crash test. It didn't lose data, but I couldn't get the device to rebuild the RAID1 array and keep it from going into degraded mode until I reformatted. Not only that, after the simulated failure, it became very unstable, timing out and giving random read only and permission denied errors as I attempted to test working with the device in degraded mode.

I really liked the form factor of the DNS-323 though. That is basically what I am looking for - not much bigger than two hard drives put together, temperature sensor, quiet fan that adjusts its speed based on how much cooling is needed.

I guess it is time to start looking at the Mini PCs. It's hard to believe that what I would like to have is that "far out" and that nobody has attempted to develop something along these lines:
- dual 3.5" drive support
- gigabit ethernet
- small, really small form factor
- x86 based, prefer freedos to windows vista
- no monitor, don't care about graphics performance
- ~50W power consumption
Hardware folks, please design something like that and I shall buy.... at least one.

In my first-ever entry in this blog, on the 9th of November 2005, I wrote that Conary was moving to Mercurial for source code control. Two days later, I blogged that this conversion was a big success.

Today, I'm happy to spread the news that Mercurial 1.0 has finally been released. We continue to be very pleased by our choice of source code control systems. Continued development has made it even easier to use as well as more powerful, and new documentation has made it easy to introduce to others, including non-developers. In particularly, I would like to highlight:

• Distributed revision control with Mercurial, the "unofficial manual"
• Mercurial Usage "cheat sheet" that has enabled non-developers (documentation, marketing, product management, etc.) to use mercurial effectively.

The mercurial community continues to be friendly to "refugees" from other source code control tools, and its use is becoming widespread. Thanks again to everyone who has been involved in Mercurial development! I can't wait to see what Mercurial looks like in another three years!

The second beta test snapshot toward rPath Linux 2 has been released.

rPath Linux 2 beta releases are available on the conary.rpath.com@rpl:2-qa label.

New in this release:

• In addition to previous installable image types, bootable images are available for Xen domU, VMware Workstation, and VMware ESX.
• All updates, particularly security updates, since rPath Linux 2 Beta 1 have been incorporated into this release.
• The group-appliance superclass is available on to use for building appliances. It will, by default, automatically include rPath Appliance Platform Agent 3 in appliances.
• The system logging daemon has been changed to rsyslog (RPL-2090)
• Printing now works correctly in our testing (RPL-2295).
• MySQL works (RPL-2188).
• NFS works (RPL-2147).
• VNC works (RPL-1826).
• More PHP components are included (RPL-2095)
• Appliance installer images can now be modified to boot from USB keys (RPL-2275, RPL-2285)
• As always, too many other bugs have been fixed to list in this summary.

rPath Linux 2 will be an appliance operating system. In keeping with this focus, the installer ISO images for rPath Linux 2 Beta 2 are intended primarily for testing the installer, and secondarily as a platform for testing appliance development. This is not a general purpose operating system.

To test rPath Linux 2 Beta 2, we are migrating multiple appliances to an rPath Linux 2 Beta 2 base.

Be aware that updates of 64-bit appliances that contain 32-bit compatibility libraries from rPath Linux 2 Beta 1 to rPath Linux 2 Beta 2 may not work without applying a manual workaround as described at CNY-2553. New installations are recommended particularly for this case.

Migrating appliances from an rPath Linux 1 base to an rPath Linux 2 Beta base has been tested, and there are known issues with migration, particularly regarding booting (RPL-2250, RPL-2302, and RPL-2339). Please test migrations, but assume that they may break in ways that make it inconvenient or even impractical to recover the test system. Most of our internal appliance testing so far has been of creating working systems based on rPath Linux 2 Beta, not of migrating.

Security update announcements will be made available for rPath Linux 2 Beta, but security updates for beta releases will be lower priority than security updates for generally available releases. Because security-announce@lists.rpath.com is intended to be very low-traffic, security update announcements for this Beta release will be sent only to the update-announce@lists.rpath.com mailing list. Group change summaries will be provided only on the wiki, not sent via email to the update-announce list. Note that most changes to the beta will not reference an advisory.

If you are not yet familiar with rPath Linux or the ground-breaking Conary technology, we recommend that you use our supported and maintained rPath Linux 1 product to become familiar with both technologies before experiencing this beta test snapshot. For a desktop appliance operating system based on rPath Linux 2 Beta components, you may wish to try Foresight Linux 2.

Conary 2.0.9 is a maintenance release.

• A bug that occasionally caused a thread deadlock when multiple threads access the local system Conary database concurrently has been fixed. (CNY-2586)
• Checking out sources unpacks duplicate binary files (CNY-2543)
• Derived packages use the revision which was shadowed from to find the version to derive from instead of the latest on the branch (CNY-2577)
• A bug that occurred when rMake recursed through a group recipe that made use of the replace command has been fixed. (CNY-2606)

Conary 1.2.20 is a maintenance release.

• A bug that occasionally caused a thread deadlock when multiple threads access the local system Conary database concurrently has been fixed. (CNY-2586)
• Checking out sources unpacks duplicate binary files (CNY-2543)
• Derived packages use the revision which was shadowed from to find the version to derive from instead of the latest on the branch (CNY-2577)
• A bug that occurred when rMake recursed through a group recipe that made use of the replace command has been fixed. (CNY-2606)

A pilot (reportedly a flight instructor) pulling a Cessna 172's propeller around by hand (to "free" it, according to the police statement) had his plane's engine start unexpectedly on him today, resulting in his plane heading pilotless across the parking area at my home airport, Charlottesville-Albemarle Regional (CHO).

End result: four aircraft were damaged; two of them appear to be total losses.

This runaway Cessna ("172" in the diagram below) was parked directly across the parking-area taxiway from my own plane, a Mooney 231 ("Jeff" below).

Had the Cessna run away straight across the taxiway, my plane would have been destroyed -- rammed head-on and then chopped to ribbons by the runaway plane's spinning propeller. And had it run away diagonally to its left, it would have rammed my friend's Piper Malibu ("Bart" below) in the tail and then chopped it up.

Lucky for me (and Bart) -- but unlucky for some other folks -- it ran away diagonally to the right.

Its (high) wing appears to have passed directly over my plane's (low) wing -- missing it by only a couple of feet! -- as it headed toward, and then smashed into, a Piper Arrow IV's tail ("Arrow" below). The runaway plane then pivoted to its left and tore into the Arrow with its spinning propeller. Additionally, the runaway Cessna damaged a Piper Cherokee 160 ("160" below) and a Piper Archer ("181" below).

              (totaled) (damaged)
      Bart      Arrow      181
      -----     -----     -----
        |         |         |
   |    |    |    |    |    |    |
   |         |     *   |         |
 -----     -----  /  -----     -----
[vacant]   Jeff  /    160
                /  (damaged)
               /
 - - - - - - -/- - - - - - - - - - - taxiway - -
             /
         (runaway)
            172
 -----     -----     -----     -----
   |         |         |         |
   |         |         |         |

Some pictures:

Cessna, meet Piper.

Cessna 172 embedded in the side of a Piper Arrow. Both aircraft appear to be totaled. The Arrow's fuselage is completely ripped apart. Not visible is the Cessna's right wing, which was partially torn off.

Runaway Cessna's propeller scars in the pavement (foreground bottom). My Mooney 231 is in the background. The rope on the right was tied to the tail of the destroyed Piper Arrow. The runaway Cessna approached from the left side of the picture.

Yellow lines in foreground show destroyed Arrow's parking spot. My Mooney is in the background, as is Bart Bartlett; he's standing next to the tail of his Piper Malibu (far right). The runaway Cessna approached from the left side of the picture.

Damaged cowling and spinner of Piper Cherokee 160.

Damaged Piper Archer in the background, with my Mooney's wing in the foreground. (The tiedown ropes of the destroyed Piper Arrow are visible above and below my Mooney's wing.)

My son cutting the ribbon at the dedication of a new Albemarle County firehouse today.

And, finally, the FAA's preliminary accident report.

• Checkouts of redirects can now be built in rmake. (RMK-754)
• Fixed an incompatibility between rmake 1.0.16 and conary 2.0.8 related to signed updates (RMK-702)

Conary 2.0.8 is a maintenance release.

• A close() method has been added to UpdateJob objects. It is recommended to call the method explicitly instead of relying on the object to be collected when going out of scope. (CNY-2489)

• Group recipes now implement a requireLatest command. It can be passed as a keyword argument to r.add, r.replace, r.addAll, and r.addCopy. This flag defaults to True. (CNY-1611)
• requireLatest has also been implemented as a recipe level attribute. Setting requireLatest to False for a recipe will affect the default for all calls to r.add, r.replace, r.addAll, and r.addCopy. (CNY-1707)
• Conary now has support for group policies. Policies deriving from GroupEnforcementPolicy and ImageGroupEnforcementPolicy will be run on groups at the end of the cook process. (CNY-2378)
• ImageGroup is now an attribute tracked in a group's troveInfo. This attribute is set for groups meant to define a complete, functional system, and implies that ImageGroupEnforcementPolicy group policies have been run for that group, recursively. (CNY-2520)
• The VersionConflicts group policy has been added. This group policy enforces that two different versions of a trove will not be accidentally included in one install image. (CNY-2371)
• TroveFilters now exist. Trove filters allow a packager to reference particular troves within a group for group policy inclusions/exceptions. (CNY-2477)
• The Conary policy to fix trailing newlines in config files has been corrected to handle non-writable config files. (CNY-2559)
• Conary will now warn if the PGP keyring is not writable, and will continue, instead of stopping with an error. (CNY-2555)
• The "cvc derive" command now creates a reference directory named _OLD_ROOT_ alongside _ROOT_ when the --extract argument is provided. (CNY-2530)
• A new group recipe command, startGroup, has been added, which calls createGroup, addNewGroup and setDefaultGroup in one step. (CNY-2197)
• The addCvsSnapshot source action no longer caches the HEAD of the repository, since cvs export will not use it. (CNY-2568)
• Macros from config files and from the command line are now available to group recipes. (CNY-2574)
• A new concept, recipe factories, has been implemented. (CNY-2549)
• Binary packages built from superclass recipes will be unflavored, regardless of any flavor-related references in a recipe. (CNY-2576)

• Conary no longer loses ownership of changed files when updating multiple flavors of the same version of the same package at the same time. (CNY-2553)
• If Conary is running on kernels which, under certain circumstances, return EINVAL when calling poll(), the lazy file cache will only count the file descriptors it has open itself. (CNY-2571)
• conary rdiff works correctly for groups that include troves from foreign repositories. (CNY-2544)
• Job invocation information no longer uses null characters, which are not allowed in an XML document. (CNY-2580)
• Updating files which point to other files (due to a PTR in the changeset) previously failed when those other files were not being installed at the same time (due to a "conary remove" on those files, for example). (CNY-2595)
• Excluding all Java files in the r.Provides policy no longer produces a stack trace. (CNY-2594)

Conary 1.2.19 is a maintenance release.

• A close() method has been added to UpdateJob objects. It is recommended to call the method explicitly instead of relying on the object to be collected when going out of scope. (CNY-2489)

• Conary now has support for group policies. Policies deriving from GroupEnforcementPolicy and ImageGroupEnforcementPolicy will be run on groups at the end of the cook process. (CNY-2378)
• ImageGroup is now an attribute tracked in a group's troveInfo. This attribute is set for groups meant to define a complete, functional system, and implies that ImageGroupEnforcementPolicy group policies have been run for that group, recursively. (CNY-2520)
• The VersionConflicts group policy has been added. This group policy enforces that two different versions of a trove will not be accidentally included in one install image. (CNY-2371)
• TroveFilters now exist. Trove filters allow a packager to reference particular troves within a group for group policy inclusions/exceptions. (CNY-2477)
• The Conary policy to fix trailing newlines in config files has been corrected to handle non-writable config files. (CNY-2559)
• The "cvc derive" command now creates a reference directory named _OLD_ROOT_ alongside _ROOT_ when the --extract argument is provided. (CNY-2530)
• A new group recipe command, startGroup, has been added, which calls createGroup, addNewGroup and setDefaultGroup in one step. (CNY-2197)
• The addCvsSnapshot source action no longer caches the HEAD of the repository, since cvs export will not use it. (CNY-2568)
• Macros from config files and from the command line are now available to group recipes. (CNY-2574)
• Binary packages built from superclass recipes will be unflavored, regardless of any flavor-related references in a recipe. (CNY-2576)

• Conary no longer loses ownership of changed files when updating multiple flavors of the same version of the same package at the same time. (CNY-2553)
• If Conary is running on kernels which, under certain circumstances, return EINVAL when calling poll(), the lazy file cache will only count the file descriptors it has open itself. (CNY-2571)
• Job invocation information no longer uses null characters, which are not allowed in an XML document. (CNY-2580)
• Updating files which point to other files (due to a PTR in the changeset) previously failed when those other files were not being installed at the same time (due to a "conary remove" on those files, for example). (CNY-2595)
• Filtering all java dependencies no longer produces a stack trace. (CNY-2594)

My work laptop hit end of life recently, and I received a replacement this week. This of course means the obligatory deletion-of-windows-xp and installion-of-a-real-OS (in this case the latest Foresight), which is a good thing considering I had troves from 37 labels on my last install.

I decided I wanted the entire hard disk image from my old lappy so that I could keep it around for some time, thus ensuring I won't lose any information. Now I could have grabbed a screwdriver and done some physical muckery to accomplish such a task, but that would be no fun. I found a much more novel experiment.

Attempt 1 involved a LiveCD. very direct. just boot off the CD, mount the hard disk and start moving bits over the network (easy because rPath LiveCDs ship with conary, making them extensible). This worked, but was heniously slow. I don't think it would have finished in a week.

So on to attempt 2. I took advantage of our PXE boot images. Of course all we have are anaconda install images, so I booted the latest rPath installation media in rescue mode. I then made a mount point and mounted tmpfs onto it. This gave me the ability to create a custom chroot of whatever I wanted directly in RAM. A quick install of tar and openssh-client later and I was off and running. After bind mounting my hard disk image into my new ram-chroot, I just tarred the contents of my entire hard disk and piped it through ssh.

Conary's dependency model is the real home run here. All told this took 78M of RAM to get the entire set of runtime dependencies needed to extract my hard disk.

(update: changed 78K to 78M. that's a silly typo)

I went on a short ski trip to Park City, Utah this week, and came back with this to remember it by:

I had a great three hours of a skiing lesson on Monday, but I headed down a run not appropriate for my skill level that afternoon. Got a toboggan and snowmobile ride down to the first aid office, and then a taxi ride down the mountain to the Park City urgent care. I really hoped I had just sprained it badly, but alas. I flew home a day early and found an orthopedist. He had an MRI done, and as it turned out, I fractured my tibia in two places: one that you can see in the x-ray above, and another chip of bone pulled off by my ACL. Luckily, my ACL is intact. They decided not to perform any surgery and just let it heal. So, I'm sitting here in a leg brace. Fun times!

This past weekend, Ken VanDine and I attended FOSDEM 2008 in Brussels, and I gave a talk about Conary packaging called Conary Packaging: Simply Powerful. FOSDEM is a rather well-run conference with a variety of attendees and was worth my time. I'd like to return to a future FOSDEM.

Highlights of the conference for me:

• Meeting António Meireles and Mark Trompell (Foresight Linux developers) for the first time face to face.
• Experiencing the amazing variety of topics being discussed -- it took four buildings to hold all the different talks going on at the same time. (My talk was in a slightly intimidating 1400-seat auditorium.)
• Talking to a wonderfully wide variety of people interested in Conary for a wide variety of reasons. Not just Linux distro/packaging geeks...
• Hearing about even more people using the GNOME DevKit after Ken's GNOME devroom talk, and interest from KDE folks in having a corresponding KDE DevKit. (Ken appears to have been paid in beer for maintaining the GNOME DevKit!)
• Meeting more long-time and new friends than I dare try to list...

On the other hand, there were some low points, too:

• Europe seems to be covered by one huge cloud of tobacco smoke. It's amazing that coming from a state (North Carolina) that is one of the major tobacco-growing states in the US, Brussels would be far smokier. You'd think I'd be used to this after all my previous European trips, but somehow I keep hoping that the clouds will thin a bit.
• Walking for an hour around Brussels Central Station trying to find the hotel that was about 100 meters away from the station... :-)
• Getting fleeced €8 for a small map in order to find said hotel after walking for an hour. The exchange rate between the US peso and the euro made this even more painful.
• Not getting a wireless account at the hotel because Orange WIFI wanted to charge €50 for 50 hours of connectivity -- or more per hour for fewer hours -- and I couldn't bring myself to spend that much.

Client changes:

• Added the rebuild command and the --ignore-rebuild-deps and --ignore-external-rebuild-deps flags. See the man page for more information. (RMK-783)

• Make sure group recipe source files (group scripts) are handled correctly when building .recipe files. (RMK-785)
• A change in the signed key handling in conary 2.0.7 caused the installation of signed packages whose keys are not already in /etc/conary/pubring.gpg to fail in rmake. Signed updates now work in rmake with conary 2.0.7. (RMK-702)

Should have posted this follow-up much sooner, but I was pretty sick last week.

Bongo had booth 45 at the SoCal Linux Expo, which was the 8th to the 10th. I tried to get pictures, but alas I did not have access to my own camera. There is proof that Bongo was there.

SCaLE was a great chance to spread the word about Bongo. I think the biggest lesson learned would be to have some sort of informational flyer to hand out to the curious passerby.

One interesting outcome from SCaLE was that Bongo was invited to OLF.

We've been seeing a sustained download rate of the Bongo appliance of about 30 per day, so there has been some amount of continual interest in Bongo.

I recently needed to have internet access away from functioning wifi (there are a few such places left in the US...) and so decided that I could pay Verizon $15 at least for this month in order to get internet access for my laptop through my Treo 700p. Unfortunately, hours of googling on the treo itself (Blazer isn't threaded, and so is incredibly slow...) led me down many wrong tracks, and was lacking some critical information. For that reason, I'll blog what worked. (I won't blog in detail about the hours of pain that was trying to get information about this from Verizon's ten million different web sites via Blazer on the 700p. Clearly, though, no one at Verizon thought about the bootstrapping problem -- that the biggest immediate motivation for turning on tethered access would be that you don't have any other access.)

Important info:

• I couldn't set up the capability myself with blazer; I ended up calling *611 and punching the 0 key and asking for help getting tethering set up, and I was immediately transferred to someone who could help. It was turned on right away. The bulk of the time was waiting while he looked up "some useful information" which he didn't tell me until he returned was the URL to download windows software to enable the connection. No thanks...
• usb-modem is not necessary (perhaps some of its optimizations might be useful, I don't know); the built-in DUN (Dial-Up Networking) on the phone works. The usb-modem docs did not have sufficient information on how to set up the bluetooth connection, so it never worked for me.
• Finding the right channel is important for the bluetooth connection -- getting a long string of ERROR messages indicates that you have the wrong channel.

Steps, as I remember them:

• Associate the phone and computer. Use an all-numeric PIN, because the treo reverts to numbers for every new character while you enter it. For me, on a Foresight Linux system, after I entered the PIN on the Treo, a window popped up asking for the same PIN. Make a note of the Treo's bluetooth hardware address (BDADDR below).
• Find the right channel: sdptool search --bdaddr BDADDR dun
• Add information to /etc/bluetooth/rfcomm.conf:
  
  rfcomm0 {
  # Automatically bind the device at startup
  bind yes;

  # Bluetooth address of the device
  device BDADDR;

  # RFCOMM channel for the connection
  # sdptool search --bdaddr BDADDR dun
  channel 4;

  # Description of the connection
comment "Treo";
}


• Restart bluetooth for the current channel (you will have to do this every time the channel changes, which it does seemingly at random): service bluetooth restart
• Create /etc/ppp/peers/treo:
  
connect '/usr/sbin/chat -v "" AT OK ATD#777 CONNECT'
rfcomm0
115200
debug
defaultroute
usepeerdns
connect-delay 10000
user YOURPHONENUMBER@vzw3g.com
show-password
crtscts
lock
passive
lcp-echo-failure 200
lcp-echo-interval 65535

• pppd call treo

After you have done this, you can integrate with whatever other network setup you want to do. Note that /var/log/messages will contain useful information like your DNS server addresses.

Changes in 1.0.14:

• Policies that move files in destdir now track path translations so files will end up in the correct package or component. (CNY-1679)
• A policy to enforce a requirement on xinetd when a configuration file with "disabled = no" is deployed in /etc/xinetd.d/ has been added. (CNP-93)

Changes in 1.2.18:

Build Changes:

• Handling pkg-config dependencies has been moved to conary-policy. (CNP-93)

Bug Fixes:

• When resuming the update after the execution of a critical update, Conary will now use the original file replacement flags. This corrects file conflict errors in a migrate when a critical update was present. (CNY-2513)
• The lazy file cache was using /proc/self/fd as a method of determining the number of open file descriptors for the current process. However, under certain circumstances the directory is not readable. The lazy file cache now uses a poll(2)-based technique. (CNY-2536)

Changes in 2.0.7:

Build Changes:

• Handling pkg-config dependencies has been moved to conary-policy. (CNP-93)

Bug Fixes:

• When resuming the update after the execution of a critical update, Conary will now use the original file replacement flags. This corrects file conflict errors in a migrate when a critical update was present. (CNY-2513)
• The lazy file cache was using /proc/self/fd as a method of determining the number of open file descriptors for the current process. However, under certain circumstances the directory is not readable. The lazy file cache now uses a poll(2)-based technique. (CNY-2536)
• If the directory where the public keyring is stored does not exist, it is now automatically created. (CNY-2504)

Other changes:

• Reading metadata from RPM files now validates the size of the RPM and the sha1 of the full set of metadata.

Bug Fixes:

• Building a group and its included troves as .recipe files now orders the group after the packages correctly. (RMK-770 )
• You may now build a .recipe that references a source file in the current directory that has not been cvc added and rmake will add it for you (RMK-771 )
• A backwards incompatibility was added to conary 2.0.5 that caused it to no longer work with rMake. This version of rMake fixes that backwards incompatibility.
• Recipe files that modify the upstream version would fail to build with rmake 1.0.14, giving a cryptic error message. Both the cause of the failure and the error message for similar bugs have been fixed. (RMK-775 )

Conary 1.2.17 is a maintenance release.

• Java dependencies for classes that are not dependency-complete are now automatically disabled. To re-enable them, the missing dependencies should be added as buildRequires. (CNY-2175)

• A minor bug in the display of the password prompt has been fixed. (CNY-2497)
• Slow SQL queries used to remove unused entries from the TroveFiles table and TroveTroves table have been rewritten to make some queries faster with repositories implemented with a sqlite database. (CNY-2515)
• When using the tagScript argument with the client's applyUpdateJob call, the paths to group scripts to be executed are stored relative to the root of the installation, instead of absolute. The tag script is always supposed to be executed under chroot. (CNY-2523)

• The file EULA_Conary.txt has been added to clarify that Conary is available under two licenses, and to state the conditions under which the two licenses apply.

Conary 2.0.6 is a maintenance release.

• Java dependencies for classes that are not dependency-complete are now automatically disabled. To re-enable them, the missing dependencies should be added as buildRequires. (CNY-2175)
• Build actions that do not match anything (r.Move, r.Copy, etc.) will now log exactly what they were trying to do. (CNY-2216)

• A minor bug in the display of the password prompt has been fixed. (CNY-2497)
• When x86_64 is specified and a biarch package is available, Conary will mention the biarch as an alternative flavor instead of the x86 one.
• Derived packages will now work on x86_64 systems even if a biarch flavor is specified. (CNY-2494)
• Signatures of unexpected types on subkeys are now ignored. (CNY-2490)
• When updating a group which contained a package that used to be byDefault False but is now byDefault True, Conary will now install the package. (CNY-2507)
• When using the tagScript argument with the client's applyUpdateJob call, the paths to group scripts to be executed are stored relative to the root of the installation, instead of absolute. The tag script is always supposed to be executed under chroot. (CNY-2523)

• The serverName configuration option now allows glob-style wildcards. (CNY-2293)
• Slow SQL queries used to remove unused entries from the TroveFiles table and TroveTroves table have been rewritten to make some queries faster with repositories implemented with a sqlite database. (CNY-2515)

• The file EULA_Conary.txt has been added to clarify that Conary is available under two licenses, and to state the conditions under which the two licenses apply.

Conary 1.1.31.12 is a maintenance release.

• A bug that could cause incorrect SQLite database error messages has been fixed. (CNY-1840)
• A bug that was preventing users with colons in their passwords to use the web interface has been fixed. (CNY-2374)
• Slow SQL queries used to remove unused entries from the TroveFiles table and TroveTroves table have been rewritten to make some queries faster with repositories implemented with a sqlite database. (CNY-2515)
• When using the tagScript argument with the client's applyUpdateJob call, the paths to group scripts to be executed are stored relative to the root of the installation, instead of absolute. The tag script is always supposed to be executed under chroot. (CNY-2523)

• The file EULA_Conary.txt has been added to clarify that Conary is available under two licenses, and to state the conditions under which the two licenses apply.

Changes in 1.0.14:
Client Changes:

• Added a "rmake load" command and "--to-file" parameter to build command
  to allow the information about a job to be encapsulated and sent
  between rmake instances. (RMK-522 )
• A "--show-config" flag was added to "rmake query". This displays the
  configuration used for the specified job. (RMK-624 )
• Added --clear-prebuilt-list option for "rmake restart". This option
  will run the same job as before but not mark any packages as
  prebuilt (RMK-729 ).
• Removed rmake-xml + rmake.desktop files used for integration w/
  rBuilder. That integration is being removed and something else will
  replace it. (RMK-749 )

Bug Fixes:

• Fixed a traceback when building multiple packages without a parent
  branch (RMK-732 )
• Added back compatibility with conary earlier than 1.2.6. (RMK-741 )
• restart now will not update the version of groups used to recurse
  when --no-update is used (RMK-735 )
• Prebuilt packages are now displayed in query --troves output. (RMK-707 )
• The Conary database from the chroot is removed before attempting to
  clean up the chroot itself. This helps when the latter fails by not
  leaving a Conary database that could potentially confuse rmake if it
  chooses to reuse the chroot. (RMK-698 )
• the currently running rmake no longer installs itself into
  /usr/lib/python2.4/site-pacakges/rmake, using
  /usr/share/rmake/rmake instead.
• The --config option will now correctly override values set in a
  context. (RMK-748 )
• For conary versions 1.2.16 or greater, rMake will do a better job
  of correctly recording the build requirements that it uses when more
  than one version of a package is installed into a chroot. (CNY-2427 )
• Fixed a bug in dependency resolution that would affect rmake repositories
  where an older x86_64 build version was competing with a newer x86
  version built in the same job. (RMK-761 )
• Chroots that have been removed will no longer show up in "list chroot"
  output (RMK-724 )

Bongo has reached its M3 milestone! and with the release of 0.3.0, we've updated the appliance. The appliance is now available in both 32 and 64 bit as well.

More information can be found at http://bongo-project.org/

Congrats Bongoteers!

The first beta test snapshot toward rPath Linux 2 has been released.

rPath Linux 2 beta releases are available on the conary.rpath.com@rpl:2-qa label.

This release contains:

• VMware support integrated into the default kernel; open-vm-tools included in vmware group flavors.
• The group-appliance superclass is available as group-appliance=conary.rpath.com@rpl:2-qa to enable porting appliances from rPath Linux 1 to rPath Linux 2. (We recommend doing this in parallel testing branches until rPath Linux 2 is released.)
• SYSLINUX's EXTLINUX is the default bootloader, though grub continues to be available.
• Conary 2.0 is included, which provides several optimizations and improvements.
• Short group flavors (no more need to specify flavor elements that are really irrelevant to your appliance when you cook groups). This is enabled by the move to Conary 2.0
• Appliance Installer ISO images (fast, lower memory requirements, no package selection available) for 32-bit and 64-bit systems
• Installable ISO images (slower, larger memory requirements, package selection available) for 32-bit and 64-bit systems
• Appliance Installer ISO images for 32-bit and 64-bit Xen dom0

rPath Linux 2 will be an appliance operating system. In keeping with this focus, the installer ISO images for rPath Linux 2 Beta 1 are intended primarily for testing the installer, and secondarily as a platform for testing appliance development. This is not a general purpose operating system.

Migrating appliances from an rPath Linux 1 base to an rPath Linux 2 Beta base has been only minimally tested so far. Please test migrations, but assume that they may break in ways that make it inconvenient or even impractical to recover the test system. Most of our internal appliance testing so far has been of creating working systems based on rPath Linux 2 Beta, not of migrating.

Security update announcements will be made available for rPath Linux 2 Beta, but security updates for beta releases will be lower priority than security updates for generally available releases. Because security-announce@lists.rpath.com is intended to be very low-traffic, security update announcements will be sent only to the update-announce@lists.rpath.com mailing list. Group change summaries will be provided only on the wiki, not sent via email to the update-announce list. Note that most changes to the beta will not reference an advisory.

If you are not yet familiar with rPath Linux or the ground-breaking Conary technology, we recommend that you use our supported and maintained rPath Linux 1 product to become familiar with both technologies before experiencing this beta test snapshot.

Now these are the laws of good Software,
Unwritten and varied they be;
And he who is wise will observe them,
When writing code in script or in C.

As naught may outwit the compiler,
So it is with syntax and its grip,
For the core of programming is syntax,
And the bonds of syntax give the pip.

Take heed what ye pass as directives,
Be your code written simply and plain,
Lest preprocessors choke on the input,
And so ye shall write it again.

If ye labor from morn until even',
And meet with reproof for your toil,
'Tis well that your editor idle;
The compiler--its trousers show soil.

On the strength of all lines in the function,
Dependeth successful return.
Who knows when some misguided caller,
Correct sizing of bufs it will spurn?

When a hacker who's tired returneth,
With some bugs in his code glaring mean;
We debugger new codes for good reason,
Few first passes at coding are clean!
So shall thou, and lest perchance thou grow mired,
In the uttermost parts of the C;
Pray your editor balances braces,
As much and as oft as may be.

Ignore not good documentation
But rather to write it aspire;
Though elder hacks may just use the source
There cometh, perchance, a new hire!

[Inspired by Rear Admiral Ronald A. Hopwood's (C.B., Royal Navy) 1896 masterpiece of naval wisdom. Kipling, please forgive us both.]

Conary 1.2.16 is a maintenance release.

• The rollback API now raises a RollbackError instead of returning non-zero on errors. (CNY-1643)

• When file conflicts occur while cooking groups, the deps that caused a package to be pulled in are listed. (CNY-2308)
• Config policy will automatically append a newline to non-binary files. Files that are marked as Config and appear to be binary will continue to trigger an error as they have previously. (CNY-2422)
• Perl requirements that are not present on the system or provided by the package being built are dropped. (CNY-2180)
• Two expansion functions have been introduced to package recipes: r.glob and r.regexp. These functions return an object that can be substituted for any API parameter that calls for a string based regexp or glob. (CNY-2222)
• Group recipe actions like "r.addAll" and "r.addCopy" now record the version of the group that is being copied from into the newly created group. (CNY-2359)
• Add code to display new-style metadata through rq, q, and showchangeset, as well as propagate that metadata via cooking, promoting, shadowing, and committing source packages. Entering this metadata must still be done through scripts. (CNY-1808)
• Added a hook that allows build requirements to be overridden by rMake. (CNY-2427)
• Build actions that don't match anything (r.Move, r.Copy etc) will now log exactly what they were trying to do. (CNY-2216)

• Conary no longer tracebacks when building a package that contains a pkgconfig reference to a file in the current package that is in a symlinked directory. (CNY-2455)
• The order in which configuration files are read when a glob was passed to includeConfigFile is now deterministic. (CNY-2483)

Conary 2.0.5 is a maintenance release.

• Conary now attempts to provide hints about flavor combinations that would work if it cannot find a flavor that matches your exact request (CNY-1920).
• The rollback API now raises a RollbackError instead of returning non-zero on errors. (CNY-1643)

• When file conflicts occur while cooking groups, the deps that caused a package to be pulled in are listed. (CNY-2308)
• Config policy will automatically append a newline to non-binary files. Files that are marked as Config and appear to be binary will continue to trigger an error as they have previously. (CNY-2422)
• Perl requirements that are not present on the system or provided by the package being built are dropped. (CNY-2180)
• Two expansion functions have been introduced to package recipes: r.glob and r.regexp. These functions return an object that can be substituted for any API parameter that calls for a string based regexp or glob. (CNY-2222)
• Group recipe actions like "r.addAll" and "r.addCopy" now record the version of the group that is being copied from into the newly created group. (CNY-2359)
• Add code to display new-style metadata through rq, q, and showchangeset, as well as propagate that metadata via cooking, promoting, shadowing, and committing source packages. Entering this metadata must still be done through scripts. (CNY-1808)
• Added a hook that allows build requirements to be overridden by rMake. (CNY-2427)

• Conary no longer tracebacks when building a package that contains a pkgconfig reference to a file in the current package that is in a symlinked directory. (CNY-2455)
• The order in which configuration files are read when a glob was passed to includeConfigFile is now deterministic. (CNY-2483)

SCaLE is fast approaching. I'll be manning the Bongo booth. If you're in the area, please stop by and say hi. Bongo is currently a featured appliance on rBuilder Online.

rBuilder Online's move to the new data center has been completed. Thank you for your patience.

We expect to place rBuilder Online in read-only mode for approximately 1 hour to synchronize data starting around 9:00 PM EST on January 19, 2008. After this completes, we will shut down the servers and move them to the new data center. It's possible the outage window will shift depending on the status moving other rPath services to the new data center. We will keep you updated if the schedule changes.

Conary 1.2.15 is a maintenance release.

• Moving an unmodified shadow to tip via cvc promote no longer causes an error. (CNY-2441)
• Recipes using addSvnSnapshot no longer modify the conary configuration object's tmpDir setting (CNY-2401)
• Fixed a rare bug in which dependency resolution would fail when a dependency that used to be provided by one installed package is now provided by two new packages. (CNY-2459)

• Conary will now use the proxy settings stored in its local configuration when loading remote configuration files. (CNY-2363)

• Policies that move files in destdir now track path changes they make so that files will end up in the correct package or component after being moved, when "package=" or "component=" has been used in a build action. (CNY-1679)

Conary 2.0.4 is a maintenance release.

• Moving an unmodified shadow to tip via cvc promote no longer causes an error. (CNY-2441)
• Recipes using addSvnSnapshot no longer modify the conary configuration object's tmpDir setting (CNY-2401)
• Fixed a rare bug in which dependency resolution would fail when a dependency that used to be provided by one installed package is now provided by two new packages. (CNY-2459)

• Conary will now use the proxy settings stored in its local configuration when loading remote configuration files. (CNY-2363)
• PGP keys having some self signatures that fail to pass are no longer failing, as long as at least one self signature passes. (CNY-2439)
• The client enforces the trust model using the internal implementation of OpenPGP. (CNY-1895)

• Policies that move files in destdir now track path changes they make so that files will end up in the correct package or component after being moved, when "package=" or "component=" has been used in a build action. (CNY-1679)

Since its launch on September 15, 2005, rBuilder Online has grown to host over 9,000 projects. rPath designed rBuilder to scale as needed, so the hardware configuration for rBuilder Online is largely unchanged from its original deployment. The hardware on which rBuilder Online runs has been extremely reliable and well-performing throughout the site's tremendous growth. However, we have grown beyond the capabilities of our current Internet Service Provider.

Therefore, rBuilder Online hardware, along with other rPath co-located servers, is moving to a new facility. The new Internet Service Provider has higher quality connectivity to Europe and Asia, which has been a problem for the old provider. Many services will migrate from a virtual server in the old data center to a new virtual server in the new data center. As a result, there should be a relatively short downtime for such resources as wiki.rpath.com, issues.rpath.com, and blogs.rpath.com.

Due to the vast amount of data stored in rBuilder Online, the only practical way to relocate the service is to physically move the servers. The new data center is relatively close to the old one, so the total downtime should be under 24 hours.

Because our customers rely heavily on three particular repositories currently served by the transitioning hardware, rPath is temporarily moving repository services for them to its Raleigh office. This will provide zero downtime for critical services associated with the conary.rpath.com, products.rpath.com, and rap.rpath.com repositories.

The co-location move will take place this weekend, January 18-20, 2008. A specific move window for rBuilder Online will be established when there is more infrastructure in place at the new data center.

I just realized that I never (shame on me!) blogged about the fact that I'm giving a Conary packaging talk called "Conary Packaging: Simply Powerful" at FOSDEM 2008.

I'm excited about this talk, because previous times when I've talked about this material in an ad-hoc fashion (such as the BoF session at last year's Ohio LinuxFest) there have been lots of good questions and the audience have been engaged participants.

I'm also looking forward to meeting for the first time several Foresight contributors with whom I've been working online for years.

So, what will I talk about?

I will present Conary packaging, first demonstrating how simple the process is, then providing technical details of features that make packaging a simple, easy, repeatable process. I will show how Conary handles common cases automatically, while making it easy to override its defaults for unusual cases. I will demonstrate how Conary improves packaging quality, by making packaging consistent and by providing tools to analyze packages and collections of packages. I will explain how Conary's dependency management is different from legacy package management, encoding more thorough dependency information without requiring cascading piles of irrelevant packages.

I'm looking forward to lots of fun discussions about Conary. Come join me!

Conary 2.0.3 is a maintenance release. Conary 2.0.x is not currently included in rPath Linux 1, though it is currently part of rPath Linux development.

• PGP version 3 keys are now supported for verification of package signatures. According to RFC4880, version 3 keys are deprecated. (CNY-2420)
• Superclasses are now loaded from the filesystem. Superclasses can now be cooked. Doing so will make a changeset that installs the recipe itself on the filesystem. (CNY-983)
• When building packages, Conary now reads /etc/ld.so.conf.d/*.conf files to determine whether to include the path in the dependency. (CNY-2433)
• The /etc/ld.so.conf.d/*.conf handling added to Conary 1.2.13 introduced a bug that could erase necessary entries from ld.so.conf in some circumstances. This bug has been resolved. (CNY-2440)
• Spaces in URLs are now automatically escaped. (CNY-2389)
• The Requires() policy now inspects Lib: and Lib.private: pkg-config keywords in .pc files to find library files, and where it finds them, it adds appropriate Conary trove requirements to the .pc files. (CNY-2370)

• The implementation of the util.mkdirChain function has been changed to no longer use exceptions internally to signal that the directory already exists. Raising exceptions is a relatively expensive operation that slows down the data store. Exceptions are still used internally in the very infrequent case of intermediate directories not existing. (CNY-2405)
• Conary will not downgrade packages if no version is specified by the user, but, due to an out of date mirror or other reasons, the update available for a package is older than the currently installed package. (CNY-2402)
• Conary now recognizes /etc/ld.so.conf.d/*.conf files, adding an include line to /etc/ld.so.conf if they exist, and does not add new duplicate entries to /etc/ld.so.conf for directories already specified in /etc/ld.so.conf.d/*.conf files. (CNY-2432)
• A getDatabase() method has been added to the ConaryClient class. This method returns the local system database object. Code that needs to query the local system database should use this method to obtain the database object. (CNY-2316)

• A bug that caused an unhandled exception when adding a new role in the Conary repository web interface has been fixed.

Conary 1.2.14 is a bug fix release.

• The /etc/ld.so.conf.d/*.conf handling added to Conary 1.2.13 introduced a bug that could erase necessary entries from ld.so.conf in some circumstances. This bug has been resolved. (CNY-2440)

Conary 1.2.13 is a maintenance release.

• Conary will not downgrade packages if no version is specified by the user, but, due to an out of date mirror or other reasons, the update available for a package is older than the currently installed package. (CNY-2402)
• Conary now recognizes /etc/ld.so.conf.d/*.conf files, adding an include line to /etc/ld.so.conf if they exist, and does not add new duplicate entries to /etc/ld.so.conf for directories already specified in /etc/ld.so.conf.d/*.conf files. (CNY-2432)

• Superclasses are now loaded from the filesystem. Superclasses can now be cooked. Doing so will make a changeset that installs the recipe itself on the filesystem. (CNY-983)
• When building packages, Conary now reads /etc/ld.so.conf.d/*.conf files to determine whether to include the path in the dependency. (CNY-2433)

The scheduled maintenance of rBuilder Online has been completed.

This maintenance was to install and reconfigure the hardware for rBuilder Online, therefore there are no user visible changes.

Thank you for your interest in rBuilder Online.

rBuilder Online will undergo scheduled maintenance starting Tuesday, January 8th at 10:00pm EDT (-0500 UTC) and ending Wednesday, January 9th at 01:00am EDT. During this time, rBuilder Online and all rpath.org repositories will not be available.

Thank you for your interest in rBuilder Online.

Conary 2.0.2 is a bug fix release. Conary 2.0.x is not currently included in rPath Linux 1, though it is currently part of rPath Linux development.

• PGP version 2 signatures are now properly parsed. Version 2 signatures are documented in the outdated RFC1991 and are considered deprecated, but some PGP keys contain them. (CNY-2417)

• A bug that caused an unhandled exception when adding a new role in the Conary repository web interface has been fixed.

Conary 2.0.1 is a bug fix release. Conary 2.0.x is not currently included in rPath Linux 1, though it is currently part of rPath Linux development.

• The Requires() policy now inspects Lib: and Lib.private: pkg-config keywords in .pc files to find library files, and where it finds them, it adds appropriate Conary trove requirements to the .pc files. (CNY-2370)

• An update bug that could result in a trove integrity error has been fixed. The issue would occur when updating packages where, for some files, the only changes are to file versions. (CNY-2403)

Conary 1.2.12 is a maintenance release.

• A getDatabase() method has been added to the ConaryClient class. This method returns the local system database object. Code that needs to query the local system database should use this method to obtain the database object. (CNY-2316)

• Spaces in URLs are now automatically escaped. (CNY-2389)
• The Requires() policy now inspects Lib: and Lib.private: pkg-config keywords in .pc files to find library files, and where it finds them, it adds appropriate Conary trove requirements to the .pc files. (CNY-2370)

• The PackageSpec documentation incorrectly stated that you could pass both package and component information to it; this has been corrected to properly redirect to ComponentSpec for this usage. (CNY-2387)
• An update bug that could result in a trove integrity error has been fixed. The issue would occur when updating packages where, for some files, the only changes are to file versions. (CNY-2403)

Conary 2.0.0 is a major new feature release. Conary 2.0.x is not currently included in rPath Linux 1, though it is currently part of rPath Linux development.

• The way Conary handles architecture flavors has been changed, primarily for better support for multilib systems that support having both 32-bit and 64-bit packages installed.
• The Conary repository Access Control List capabilities have been significantly upgraded to support per-trove ACLs. Trove permissions are cached and recalculated whenever the ACLs change or new troves are added to the repository, for better scaling and faster changeset retrieval.
• All dependencies on the GnuPG "gpg" program have been removed; Conary now implements the required OpenPGP functionality internally.

• Conary 2.0 is significantly faster for many repository commit operations. Some "cvc promote" operations, in particular, have a 200% performance improvement. Some group commit operations are 75% faster. Creating a new shadow can be as much as 100% faster. Details of some of the changes that provide the improvement are below.
• Committing to repositories has been reworked to pull all modified streams from the repository or database with one query. (CNY-2053)
• Unchanged stream sets now return None on diff. This prevents the Conary repository from having to do unnecessary work to retrieve the "old" version of a stream and apply a diff when nothing actually changed.
• Unchanged file streams are now 2-byte, backwards compatible, sequences instead of more complex representations of "nothing changed".
• The commit code (both client and server) recognizes unchanged files and does not merge stream sets for them.
• Distributed changeset creation no longer recompresses file contents.
• "cvc promote" no longer recompresses non-config files during changeset assembly. (CNY-2202)
• "cvc promote" now gets file contents and streams from changesets when a lot of them are needed from the same trove. (CNY-2202)
• Changesets that represent a "cvc promote" operation have been changed to be relative to either the source of the promote (if promoting within a server) or to the current version on the target. (CNY-2202)
• The "cvc shadow" command now commits relative changesets when the shadow is made to the same repository as the original trove.
• The Conary client now tries to perform update jobs as close to updateThreshold (without going over) as practical for a noticeable performance improvement. (CNY-2283)
• Committing changesets to the repository has been modified to check for files which don't have contents available (during a promote or shadow, for example) with one SQL query. Previously, a single SQL query was used to check for each file. (CNY-2053)

• Conary will now ignore flavoring and requirements from ELF libraries that are built for architectures other than the architecture that is being built for. This avoids a common problem where a single extra (unused) sparc file library causes an entire package to be flavored to be installed on systems that support both x86 and sparc instruction sets, as that configuration is not meaningful. (CNY-1717)
• The rarely used "cvc describe" command line interface has been removed. (CNY-2357)
• The rarely used "cvcdesc" script has been removed. (CNY-2357)
• Spaces in URLs provided in source actions such as addArchive are now automatically escaped to make them legal URLs. (CNY-2389)
• The "cvc promote" command now uses the labels and branches specified in the "from" section of any promote as the place to search for packages (CNY-2235).
• The PackageSpec documentation incorrectly stated that you could pass both package and component information to it; this has been corrected to properly redirect to ComponentSpec for this usage. (CNY-2387)

• The "getTroveLatestByLabel" client-side call has been added.
• Most repository exceptions are demarshalled using logic in the exception class itself rather than in a large if/elif block. (CNY-747)
• The "troveNames" and "troveNamesByServer" methods now accept a "troveTypes" argument, and by default return only troves that are present. (CNY-1838)
• The mirror client supports a --fast-sync flag which will only scan for new troves in the source and skip the time-expensive scans for changed trove info records. (CNY-1756)
• The mirror client supports a --absolute flag which will make it use only absolute changesets to mirror content. (CNY-1755)
• The rollback stack code has been split into a separate class. (CNY-2061)
• A new "conary rmrollback" command that removes old rollbacks has been added. (CNY-2061)
• Rollback objects now have an "isLocal" method to tell whether applying that rollback will require repository access. (CNY-2077)
• Conary now allows a biarch system to have one flavor that expresses both the x86 and x86_64 support. The flavorPreferences configuration option informs conary to prefer x86_64 packages. This change allows group building to automatically resolve x86 packages. (CNY-525)
• Conary no longer uses gnupg for OpenPGP key management. (CNY-2349)
• Conary clients no longer send an absolute URI when talking directly to a repository server. (CNY-2324)
• Many repository permission handling methods have been renamed for consistency. For a complete list, see doc/PROTOCOL.versions in the Conary source code. (CNY-2298)
• Setting/resetting the admin field permission is now handled by the setUserGroupIsAdmin() call instead of addAcl/editAcl. (CNY-1782)

• The scoring for target flavor sets has been fixed. (CNY-1539)
• The (unimplemented) concept of caps for permissions has been removed.
• Server methods have been decorated with the @requireClientProtocol decorator.
• The "usergroups" term has been replaced with "roles" in the repository web user interface. (CNY-1973)
• Server exceptions have been reworked to have marshalling logic in the exception class instead of in a large if/elif block. (CNY-747)
• Server exceptions are marshalled in the proxy layer now instead of in both the proxy and server layers.
• When the repository database is locked, "RepositoryLocked" exceptions are now returned for all code paths. (CNY-1596)
• The repository call log now tracks changeset cache misses. (CNY-1843)
• Repositories no longer pass anonymous hints to the proxy layer. The hint has been False since Conary 1.1.29.
• The "troveNames" method now filters by using the "troveTypes" argument. (CNY-1838)
• The "getPackageBranchPathIds" method no longer requires access to the entire version history of a package; it returns the pathIds and fileIds for troves the user is allowed to see. Previously, an InsufficientPermission exception was raised if part of the version history of a package was not visible to the user. (CNY-2038)
• The repository call log now records the time required to service the request. (CNY-2305)
• A "serializeCommits" boolean server configuration option has been added. This is best turned on for repositories used for development, but is unneeded for repositories that are mirrors. (CNY-2285)

• The XML-RPC protocol now allows passing keyword arguments for exceptions. (CNY-747)
• XML-RPC return values no longer include the "useAnonymous" flag.