dhcpcd almost ready to replace ISC dhclient in Debian

A lot of time has passed since my previous post on my work to make dhcpcd the drop-in replacement for the deprecated ISC dhclient a.k.a. isc-dhcp-client. Current status:

• Upstream now regularly produces releases and with a smaller delta than before. This makes it easier to track possible breakage.
• Debian packaging has essentially remained unchanged. A few Recommends were shuffled, but that's about it.
• The only remaining bug is fixing the build for Hurd. Patches are welcome. Once that is fixed, bumping dhcpcd-base's priority to important is all that's left.

Refactoring Debian's dhcpcd packaging

Given news that ISC's DHCP suite is getting deprecated by upstream and seeing how dhclient has never worked properly for DHCPv6, I decided to look into alternatives. ISC itself recommends Roy Maple's dhcpcd as a migration path. Sadly, Debian's package had been left unattended for a good 2 years. After refactoring the packaging, updating to the latest upstream and performing one NMU, I decided to adopt the package.

Numerous issues were exposed in the process:

• Upstream's ./configure makes BSD assumptions. No harm done, but still...
• Upstream's ./configure is broken. --prefix does not propagate to all components. For instance, I had to manually specify the full path for manual pages. Patches are welcome.
• Debian had implemented custom exit hooks for all its NTP packages. Since then, upstream has implemented this in a much more concise way. All that's missing upstream is support for timesyncd. Patches are welcome.
• I'm still undecided on whether --prefix should assume / or /usr for networking binaries on a Debian system. Feedback is welcome.
• The previous maintainer had implemented plenty of transitional measures in maintainer scripts such as symbolically linking /sbin/dhcpcd and /usr/sbin/dhcpcd. Most of this can probably be removed, but I haven't gotten around verifying this. Feedback and patches are welcome.
• The previous maintainer had created an init.d script and systemd unit. Both of these interfere with launching dhcpcd using ifupdown via /etc/network/interfaces which I really need for configuring a router for IPv4 MASQ and IPv6 bridge. I solved this by putting them in a separate package and shipping the rest via a new binary target called dhcpcd-base along a logic similar to dnsmasq.
• DHCPv6 Prefix Delegation mysteriously reports enp4s0: no global addresses for default route after a reboot. Yet if I manually restart the interface, none of this appears. Help debuging this is welcome.
• Support for Predictable Interface Names was missing because Debian's package didn't Build-Depends on libudev-dev. Fixed.
• Support for priviledge separation was missing because Debian's package did not ./configure this or create a system user for this. Fixed.
• I am pondering moving the Debian package out of the dhcpcd5 namespace back into the dhcpcd namespace. The 5 was the result of an upstream fork that happened a long time ago and the original dhcpcd package no longer is in the Debian archive. Feedback is welcome on whether this would be desirable.

The key advantage of dhcpcd over dhclient is that works as a dual-stack DHCP client by design. With privilege separation enabled, this means separate child processes handling IPv4 and IPv6 configuration and passing the received information to the parent process to configure networking and update /etc/resolv.conf with nameservers for both stacks. Additionally, /etc/network/interfaces no longer needs separate inet and inet6 lines for each DHCP interface, which makes for much cleaner configuration files.

A secondary advantage is that the dual-stack includes built-in fallback to Bonjour for IPv4 and SLAAC for IPv6. Basically, unless the interface needs a static IP address, this client handles network configuration in a smart and transparent way.

A third advantage is built-in support for DHCPv6 Prefix Delegation. Enabling this requires just two lines in the configuration file.

In the long run, I feel that dhcpcd-base should probably replace isc-dhcp-client as the default DHCP client with priority Important. Adequate IPv6 support should come out of the box on a standard Debian installation, yet dhclient never got around implementing that properly.

sudo apt-get update && sudo apt-get dist-upgrade

Debian 11 (codename Bullseye) was recently released. This was the smoothest upgrade I've experienced in some 20 years as a Debian user. In my haste, I completely forgot to first upgrade dpkg and apt, doing a straight dist-upgrade. Nonetheless, everything worked out of the box. No unresolved dependency cycles. Via my last-mile Gigabit connection, it took about 5 minutes to upgrade and reboot. Congratulations to everyone who made this possible!

Since the upgrade, only a handful of bugs were found. I filed bug reports. Over these past few days, maintainers have started responding. In once particular case, my report exposed a CVE caused by copy-pasted code between two similar packages. The source package fixed their code to something more secure a few years ago, while the destination package missed it. The situation has been brought to Debian's security team's attention and should be fixed over the next few days.

Afterthoughts

Having recently experienced hard-disk problems on my main desktop, upgrading to Bullseye made me revisit a few issues. One of these was the possibility of transiting to BTRFS. Last time I investigated the possibility was back when Ubuntu briefly switched their default filesystem to BRTFS. Back then, my feeling was that BRTFS wasn't ready for mainstream. For instance, the utility to convert an EXT2/3/4 partition to BTRFS corrupted the end of the partition. No thanks. However, in recent years, many large-scale online services have migrated to BRTFS and seem to be extremely happy with the result. Additionally, Linux kernel 5 added useful features such as background defragmentation. This got me pondering whether now would be a good time to migrate to BRTFS. Sadly it seems that the stock kernel shipping with Bullseye doesn't have any of these advanced features enabled in its configuration. Oh well.

Geode

The only point that has become problematic is my Geode hosts. For one things, upstream Rust maintainers have decided to ignore the fact that i686 is a specification and arbitrarily added compiler flags for more recent x86-32 CPUs to their i686 target. While Debian Rust maintainers have purposely downgraded the target, RustC still produces binaries that the Geode LX (essentially an i686 without PAE) cannot process. This affects fairly basic packages such as librsvg, which breaks SVG image support for a number of dependencies. Additionally, there's been persistent problems with systemd crashing on my Geode hosts whenever daemon-reload is issued. Then, a few days ago, problems started occurring with C++ binaries, because GCC-11 upstream enabled flags for more recent CPUs in their default i686 target. While I realize that SSE and similar recent CPU features produce better binaries, I cannot help but feel that treating CPU targets as anything else than a specification is a mistake. i686 is a specification. It is not a generic equivalent to x86-32.

Shipping Debian with GNOME X.XX.0 is an extremely bad idea

Since the freeze has slowly crept in, now is the time to revisit my pet peeve with Debian's release process: to publish a new Debian release as soon as GNOME published a new X.XX.0 version. This is an extremely bad idea: X.XX.0 releases tend to lack polish, their translations are not up-to-date and several silly bugs that hamper the user experience (what the Ubuntu guys call "paper cuts") exist. Those issues tend to be fixed later when GNOME X.XX.1, X.XX.2, etc. bugfix releases are published. However, Debian has a policy of not pushing non-security releases onto a stable distribution. In this particular case, there are only two valid alternatives: either release Bullseye with GNOME 3.38.X or change the Debian policy to allow pushing 3.40.X bugfix releases via bullseye-updates.

Debian within a Windows partition?

A few years ago, I remember that Ubuntu had a trick that allowed the distribution to be installed as one large file within a Windows partition. Does the same thing exist to install Debian?

Outstanding issue in Debian: unroutable public v6 IP

Given how Debian and Ubuntu nowadays enable IPv6 support by default, the routing table includes some IPv6 entries by standard. However, this has the unpleasant side-effect that lib C tries to connect to public IPv6 addresses, even in a case when the only IPv6 entries are for loopback and local link. Apparently, libc incorrectly assumes that the mere presence of any IPv6 means that there is a usable default IPv6 route. This results in, among other things, APT failing at fetching packages from the Debian repository if the DNS rotation returned the IPv6 address for the server first. I was thus wondering whether libc6 could be made to reject public IPv6 addresses, in cases when the host has no IPv6 gateway in its routing table? Or would there be a smarter way to prevent applications from failing at contacting IPv6 addresses whenever there is no IPv6 connection to the outside world?

xf86-video-geode 2.11.14

A few days ago, I pushed out version 2.11.14 of the Geode X.org driver. This is the driver used by the OLPC XO-1 and by a plethora of low-power desktops, micro notebooks and thin clients.

This release mostly features long-overdue fixes to rendering issues under GTK3+ and xulrunner, plus yet more ongoing changes to make this driver compile under recent X servers.

Sadly, the release took place much too late to be included into the upcoming stable Debian version, Wheezy, which is already deeply into freeze, pending publication.

HTML5: Firefox without Flash

Over the past few days, I decided to purge Gnash and LightSpark from my laptop to see whether my Internet experience would be affected in any dramatic way. Amazingly, a number of sites seem to offer video content encoded in Theora (VP3) or WebM (VP8). Sadly, a handful of popular sites such as Vimeo insist upon using the H.264 (MPEG-4) CODEC, which cannot be safely supported on Free Software because of unclear licensing issues that might impose an ulterior usage fee onto the end-users.

The good news is that the Mozilla Foundation has decided to avoid the issue together: starting with the most recent release of the mobile version of Firefox, content decoding is offloaded to the platform's native media CODEC library. On most Free Software platforms, this means that Gstreamer will handle the content and, in turn, use gstreamer-plugins-bad to perform the decoding. However, Gstreamer support is still rather sketchy, as attested by this Debian bug report and thus disabled by default. This leaves me wondering how little is missing for this to properly work. Would either Canonical or Red Hat perhaps be interested in funding this?

Bounty: PulseAudio: implement compression into the RTP modules

I'm looking for someone – preferably based within the IBAN zone – to implement compression support into PulseAudio's RTP modules. Please contact me via my Ubuntu address for details.

OpenWRT: accepting Router Adverts from the ISP in White Russian?

As we are getting closer to the World IPv6 Day, I thought that I'd see if I can upgrade my WRT54GL's OpenWRT (White Russian) installation to accept Router Adverts from the ISP to acquire an IPv6 address (rather than via a 4-to-6 tunnel broker, which seems to be the most documented case), and to propagate its IPv6 address space to my local network via my WRT45GL's radvd. Unfortunately, most of the instructions out there concern newer OpenWRT releases to which I cannot upgrade to because their software base takes up significantly more space than White Russian does. Still, I figure that someone in the community must have already succeeded at configuring their WRT54GL for this and might be able to help. Anyone? :)

Ubuntu: LTS to LTS+1 upgrade leaves cruft

Over the past few weeks, I upgraded my Ubuntu hosts to the Precise release due to be published next month. While the upgrade on my desktops from Oneiric to Precise went mostly well, the upgrade of my terminal server from Lucid to Precise was more daunting. In short: too many packages leave an undue amount of cruft behind, namely tons of obsolete configuration files that are not correctly handled by maintainer scripts, to either delete obsolete files or to rename them to the currently valid filename. At Debian, these oversights are periodically monitored using piuparts and reported to the package maintainer, but Ubuntu doesn't seem to offer this sort of automated Quality Assurance process yet. Perhaps this would be something worth developing?

PS: For those who wonder how I spotted those obsolete configuration files, I simply enabled the FLAUSCH environment variable before running upgrade-system.

Adopted: ispell-et, myspell-lv, rus-ispell.

Over recent months, I have been pondering the relevance of my Free Software involvement a lot:

More than anything, it constantly feels more and more like several important distributions and projects are moving in directions that break with the old ways far too radically, by breaking software usability rules such as "least surprise", "works out of the box", and "if it ain't broken, don't fix it" either to try new approaches to addressing existing needs or simply for change's sake.

Another aspect lies in my usual motivation for packaging or adopting software: because I need it and nobody else bothered doing it. Further reflection made me ponder what, correspondingly, are my usual reasons for dropping software: because what exists already works and because everybody and their grand-mother already invented a million of ways to handle the same issue.

Which brings us to today's news.

What prompted me to hand the dictionary packages I maintained over to someone else was a combination of "no longer need it" and "it already works fine as it is."

For instance, the Estonian dictionaries haven't seen any upstream release since the initial one in 2003. While I still use Estonian daily in my online communications, the last 9 years have mostly been spent making minor changes to the dependencies and maintainer scripts, just to keep the package compliant with current Debian packaging policies and with ongoing improvements to the dictionary-common maintainer tools. This is not the sort of work that requires any knowledge of the Estonian language, so I felt that having dictionary-common developers handle those technical transitions in a clean and across-the-board way for as many dictionary packages as possible would be more productive than me trying to keep track of those changes by myself.

A similar case applies to the Latvian dictionaries. While there have been occasional upstream releases, some of which required patching the source code, maintaining the package has mostly been about tracking Debian policy changes and dictionary-common functional changes. Additionally, my interest for learning Latvian has dramatically dropped over the years, so I no longer saw any point in remaining involved in maintaining the package.

Ditto for the Russian dictionaries: occasional upstream releases, occasional patches, regular packaging upgrades to keep up with the Debian policy and with dictionary-common functionality, but no longer much of anything than a passive interest in practicing my Russian.

One of the developers behind dictionary-common, Agustin Martin Domingo, frequently helped me make sense of the changes I needed to track in the past, so he gladly accepted taking over the technical maintenance of all 3 packages. The Estonian dictionaries, while extremely skim in the breadth of vocabulary they cover, remain useful, but are essentially deprecated, as the upstream author is working on a spell checking engine similar to what Voikko does for Finnish, which is why maintaining them will be a rather easy task for Agustin. Meanwhile, Aigars Mahinovs passively remains on board for the Latvian dictionaries, while the Russian dictionaries have been adopted by Mikhail Gusarov, in both cases with Agustin assisting on technical matters.

Basically, I feel that passing the maintenance over to people whose motivation remains high is a better way to guarantee those packages' future than leaving them in my unmotivated hands and I'm glad that I found someone to keep on packaging them.

PS: happy Valentine's day to everyone!

xf86-video-geode 2.11.13

A few days ago, I pushed out version 2.11.13 of the Geode X driver. This is the driver used by the OLPC XO-1, by a plethora of thin clients such as the ThinCan, by low-power desktops such as the Linutop and by a few notebooks such as the eCafé EC800.

While this release indeed features a few bugfixes (mainly to keep this driver compilable on the latest X server), the lion's share of the changes involve a complete overhaul of the build scripts, courtesy of Gaetan Nadon. The key motivation for this overhaul was to acknowledge the efforts made by third-party contributors to make the driver compile on BSD variants. Sure enough, this release finally compiles on FreeBSD and, low and behold, on Hurd.

However, the hybrid nature of Debian's FreeBSD kernel-based GNU operating system variant posed an additional challenge, because it provides usable support for Video for Linux version 2 (V4L2), but without the full complement of Linux definitions. This resulted in one post-release commit (included in Debian and Ubuntu package 2.11.13-2), following which my assertion that we could now safely define this package as Architecture: any-i386 finally proved to be a safe one for Debian-based operating systems.

At this point, I'm curious as to how many more operating systems, especialy BSD variants, can finally use this driver. Patches to further improve support of non-Linux systems are welcome.

Proposed updates for CUPS-PDF packages at Ubuntu

For those who use CUPS-PDF on Ubuntu, I have pushed some updated packages into Lucid-proposed, Maverick-proposed and Natty-proposed, mainly to make the package's post-install actions bulletproof, so that automated installs and PPD updates take place in a flawless way. Comments from anyone who tested these package updates are welcome on Launchpad bug #805947. Once these updates have been approved, I'll go through the daunting task of reducing the debdiff down to its utmost essential components and attempt to submit a stable-update to Debian as well.

Configuring GNOME themes for both gconf and dconf?

For a number of years, I've been making myself metapackages that pull favorite packages and pre-configure the desktop environment to use my favorite global default settings. This currently means configuring the gconf keys for the GTK theme, icon theme and background image for GDM. Until now, I implemented this by calling gconftool-2 directly in postinst as user gdm but Lintian recently started warning me that the correct way to do this would be by calling gconf-schemas or update-gconf-defaults instead. I was thus wondering, would anyone have any sample code that accomplishes this? To further complicate things, GNOME 3 has transitioned from gconf to dconf, which suggests that a slightly different method needs to be used to perform the same. Would anyone have any sample code to implement this? Thanks in advance to anyone who can help me with this!

X.org video driver Geode 2.11.12

Today we published version 2.11.12 of the X.org Geode driver, code-named "Squeezing the Wheezy out of Debian" in honor of the recent Debian stable release. 2.11.12 is yet another minor bug-fixing release, this time featuring yet another EXA fix for the LX component, courtesy of the OLPC team, plus the removal of an obsolete V4L1 include that was preventing the building of the ztv video input component of our driver since Linux kernel 2.6.38 - thanks to the Fedora and Ubuntu teams for spotting this!

Adding default support for Airport remote sinks in PulseAudio

In another case of "what were they thinking?" it has been my displeasure to find that support to discover remote Apple Airport audio sinks is not enabled by default in PulseAudio and, in practice, enabling this requires the user to install paprefs just to enable the loading of two modules (module-raop-discover and module-zeroconf-discover) that really should have been loaded via the global /etc/pulse/default.pa by standard. The question is, why? I perfectly understand not enabling the publishing of local audio sinks by default, but why prevent the discovery of remote audio sinks by default? More to the point, why force the end-user to jump through hoops and Google for hours just to enable something that really should have worked out of the box?

New GPG key released - signatures welcome

Having rediscovered the wonders of GPG, I finally got around generating myself a 4096R key, signing it with my old key and issuing a transition statement. Given this, if

1. You happen to have signed my old 1E0CB9CD key at DebConf5 in 2005, at Solutions Linux 2008 or at some Free Software event in Finland or in the Baltic countries over the past 7 years and
2. You're satisfied with the content of the transitions statement,

your signature would be appreciated on my new C4B4D7B6 key.

Ubuntu kernel at 1000Hz with PREEMPT enabled?

Back when Linux kernel 2.6 was released, one of the immediate benefits that I noticed was how beautifully responsive my desktop had suddenly become. As it turned out, Linus figured out that he would create a buzz to accompany kernel 2.6's release by having a default clock rate of 1000Hz. However, the excitement was short-lived and kernel defaults were soon brought back down to a more conservative rate of 250Hz, allegedly because some peripheral chips could not handle such a high frequency bump without producing an increased amount of processing errors.

Adding insult to injury, Ubuntu defaults eventually dropped another responsiveness enhancement, kernel preemption, allegedly because the goal was to have a one-size-fits-all kernel shipping with Ubuntu and preemption was detrimental to the kernel performance when the host is used as a server, which was a problem because Ubuntu had somehow decided to shift its focus from the desktop market towards the more lucrative server market.

While there is nothing wrong with universally-safe kernel defaults or with a corporate decision to shift a distribution's focus towards more lucrative markets, it nonetheless left me pondering what would be the best way to get a 1000Hz kernel with preemption on my desktops, without constantly having to crank out my own kernel packages. As such, I was wondering if there would be enough traction from desktop users to justify producing such a kernel and to make it available as a post-install option from the Ubuntu repository?

PS: I'm already aware that a specialized Ubuntu kernel is available to cater for the needs of audio production, but my understanding is that it has power management disabled, because it can interfere with the real-time operation of MIDI devices, while normal desktop users would definitely want to have power management enabled.

Ubuntu no longer ships debian/changelog since Natty?

Since a few days, I have started to notice that the "Debian" changelog that normally ships with packages no longer appears with a number of recent package updates. Is this intentional?