Agrégateur de flux

Russ Allbery: rra-c-util 6.1

Planet Debian - mar, 11/10/2016 - 05:00

This is my collection of supporting libraries, Autoconf macros, and test code for various projects.

This release fixes return-value checks for snprintf to avoid a few off-by-one errors (none of which should have been exploitable, but better to be safe and correct). It adds a new RRA_PROG_CC_FLAG macro to test compiler support for a specific flag and a new RRA_PROG_CC_WARNINGS_FLAGS macro to probe for all the flags I use as my standard make warnings target. And it fixes some problems with one utility due to the removal of the current directory from @INC in the latest Perl release.

You can get the latest version from the rra-c-util distribution page.

Catégories: Elsewhere

Palantir: Top 5 Takeaways From Dublin DrupalCon

Planet Drupal - mar, 11/10/2016 - 03:55
Top 5 Takeaways From Dublin DrupalCon brandt Mon, 10/10/2016 - 20:55 Alex Brandt Oct 11, 2016

Dublin DrupalCon: Community, Sessions, Guinness, and Toast.

In this post we will cover...
  • What we learned in Dublin

  • Some of our favorite events

  • Why we’ll be back next time

Stay connected with the latest news on web strategy, design, and development.

Sign up for our newsletter.

We’ve settled back into our routines, but we are still left with the warm afterglow of another DrupalCon. Palantir’s Tiffany Farriss, George DeMet, Ken Rickard, and Avi Schwab reflect on their time in Dublin and share their thoughts on what makes DrupalCon so special in our top 5 takeaways.

5.) The Drupal community is bright and ambitious.

  • Avi: I’ve been working as a FED on projects lately. This DrupalCon gave me a great opportunity to reinforce and grow my existing Twig knowledge, now that I have some real places to apply the skills. The trio of “Branch out of your comfort zone…”, “Drupal 8 Theming In Depth”, and “21 Things I Learned…” is enough to get anyone from zero to Twig hero in no time.
  • George: I was only at DrupalCon for a couple of days, but during that time I had a lot of great conversations with people in the community. I heard a lot of great ideas for how we can help make Drupal contribution more sustainable, and how we can make it easier for more people to engage with the project and the community in different ways.
  • Tif: Of late, I’ve been thinking about how Drupal can better communicate its community values and expectations at the organizational level (to and among the business ecosystem). Central to that is the question: what does it mean to be a good Drupal citizen whether you’re an individual, an organization or an end user of Drupal? I had some excellent conversations around that topic and am excited about the possibilities for recognizing all of the wonderful work that already happens within the community as a way to communicate and reinforce our community values.

4.) There’s always something to look forward to.

  • Avi: The Drupal Association team always works hard to put on a great event, but I feel like Dublin went more smoothly from a logistical standpoint than any DrupalCon I’ve been to. The venue staff assisted the volunteers at a phenomenal level, the venue itself was amazing, and the food was great.
  • Tif: I love reconnecting with old friends and making some new ones, and having thought-provoking conversations (especially with Kristof Van-Tomme, my friend and CEO of Pronovix).
  • Ken: DrupalCon is a great combination for me, in that I can always expect to run into old friends, and I am also guaranteed to meet new contributors. That makes it a special event.

3.) Yet, we’re always pleasantly surprised with what’s different.

  • George: Now that Drupal 8 has been out for some time and people are building sites with it, this DrupalCon felt more focused on the community. The new Being Human session track in particular had a lot of great content aimed at helping people learn how to contribute in a healthy way while also supporting others.
  • Avi: I’ve gone through some personal changes since NOLA, but for me Dublin felt much more like DrupalCons from our pre-D8 days, where developers dug into the hard problems and worked to share their solutions. It’s refreshing to be back in that seat both personally and as a community. D8 is moving along well and now has the confidence of most folks in the community, and we’re really putting it to work.
  • Tif: It’s remarkable how much the Drupal community has matured and expanded since my first DrupalCon Europe in Szeged in 2008.

2.) The sessions and events only reinforce how special the Drupal community is.

  • George: I very much appreciated Dries’ focus in his keynote on the core values and purpose ( of the Drupal project and community, which set a really great tone for the event. Being able to see and hear how Drupal has made a positive difference in the lives of people all over the world was particularly inspiring.
  • Avi: After a few years of doing more PM work and less development, it was great to come back to Con and be able to absorb so much incredible knowledge from such great people. I also really enjoyed the Tuesday night party on the Cill Airne — too often our socializing is overpowered by loud music and tight spaces, but having a night outside, with a good bar and good folks, but not so much screaming, was greatly appreciated.
  • Tif: I always enjoy the Driesnote. Dries’ expanded purpose for the project (that Drupal is as much about people and impact as it is about code) resonates with me and affirms that Drupal continues to be aligned with Palantir’s purpose and values.
  • Ken: I went to Tim Millwood's session on the Workflow Initiative. That's the Drupal 8 core project that includes moving Workbench Moderation into core as Content Moderation. In many ways, it's the culmination of work that we started at the end of the Drupal 6 development cycle, so it's very rewarding to see the progress being made today.

1.) It wouldn’t be DrupalCon without a few shenanigans.

  • Avi: At the boat party, upon learning that I was a Palantiri, an Irish admirer of his began expounding on Mr. Ken Rickard’s amazing, deep, Hollywood-like voice and how, despite Ken’s contextual configuration talk being incredibly interesting, just listening to the words come from Ken’s mouth made it that much better.
  • Tif: I got Angie (webchick) to try Guinness:
  • Ken: We shared an apartment with Avi’s family. Avi's daughter Calliope tried to put buttered toast into everyone's pockets at the breakfast table every single morning. (I guess to save for later.) Which led to the viral quote. "No, you can't put toast in my pockets. I don't have any pockets."

We want to make your project a success.

Let's Chat.
Catégories: Elsewhere

Nacho Digital: Assisting to Drupalcon Dublin 2016

Planet Drupal - mar, 11/10/2016 - 01:25
I had the opportunity to assist to Drupalcon Dublin 2016. Some insights and highlights on sessions I assisted on this Drupalcon.

Dublin is a lovely city, very international and The Convention Centre Dublin was an excellent location. Dries keynote was less enterprise oriented than others and helps to understand where he wants to take Drupal8. The most interesting thing for me is to see how the new life cycle of D8 roll-out is. There was more about D8 new development cycle on the session "Drupal 8's rapid innovation promises".

Catégories: Elsewhere

OSTraining: How to Set Up Dropdown Menus in Drupal 8

Planet Drupal - lun, 10/10/2016 - 23:46

A few years ago, we published a very popular post called "How to Create Dropdown Menus in Drupal".

That post covers many of the basic points that have not changed in Drupal 8, including these:

  • Many themes don't have dropdown menus built-in. That includes Drupal's core themes, such as Bartik.
  • It is best to choose a theme that does already have dropdowns available.
  • You need to go to Structure > Block layout and make sure your menu is placed in the correct block region.
  • You need to go to Structure > Menus and make sure your menus links are indented.  
Catégories: Elsewhere Top 5 (In My Opinion) Drupal Blogs for Agencies

Planet Drupal - lun, 10/10/2016 - 22:51

Drupal is open source sofware. Thousands of contributors help build it, but of similar importance is the marketing and education wing of the Drupal Community. Drupal Twitter accounts, Drupal podcasts, and today's topic: Drupal Blogs.

There are many, many blogs that are of importance to various aspects of Drupaling. My criteria are really just my own non-authoritative views. Please feel free to Tweet me, Facebook me, or throw in your own ideas in the comments below!

Catégories: Elsewhere

OSTraining: How to Use the Breeze Theme in Drupal 8

Planet Drupal - lun, 10/10/2016 - 22:33

Breeze is a design that we make available as a Joomla template and a WordPress theme. Now, finally, it's available as a Drupal 8 theme!

We use Breeze as an example in many of our video classes and books.

By using the same design, it makes it easy for OSTraining members to see differences and similarities between the various platforms.

Breeze is fully responsive and uses the Bootstrap framework.

Catégories: Elsewhere

Drupalize.Me: Catching the Spirit of Open Hardware

Planet Drupal - lun, 10/10/2016 - 21:52

Drupalize.Me trainer Amber Matz attended this year's Open Hardware Summit in Portland and reports back on what she took away from the event.

Catégories: Elsewhere

The Sego Blog: Testing Software - A Quick Overview

Planet Drupal - lun, 10/10/2016 - 21:28
10/10/2016Testing Software - A Quick Overview

Software is an ever changing interweaving of collections of ideas expressed in code to solve various problems. In today's day an age the problems that software is solving is expanding at an ever increasing rate.

Catégories: Elsewhere

Daniel Pocock: DVD-based Clean Room for PGP and PKI

Planet Debian - lun, 10/10/2016 - 21:25

There is increasing interest in computer security these days and more and more people are using some form of PKI, whether it is signing Git tags, signing packages for a GNU/Linux distribution or just signing your emails.

There are also more home networks and small offices who require their own in-house Certificate Authority (CA) to issue TLS certificates for VPN users (e.g. StrongSWAN) or IP telephony.

Back in April, I started discussing the PGP Clean Room idea (debian-devel discussion and gnupg-users discussion), created a wiki page and started development of a script to build the clean room ISO using live-build on Debian.

Keeping the master keys completely offline and putting subkeys onto smart cards and other devices dramatically lowers the risk of mistakes and security breaches. Using a read-only DVD to operate the clean-room makes it convenient and harder to tamper with.

Trying it out in VirtualBox

It is fairly easy to clone the Git repository, run the script to create the ISO and boot it in VirtualBox to see what is inside:

At the moment, it contains a number of packages likely to be useful in a PKI clean room, including GnuPG, smartcard drivers, the lightweight pki utility from StrongSWAN and OpenSSL.

I've been trying it out with an SPR-532, one of the GnuPG-supported smartcard readers with a pin-pad and the OpenPGP card.

Ready to use today

More confident users will be able to build the ISO and use it immediately by operating all the utilities from the command line. For example, you should be able to fully configure PGP smart cards by following this blog from Simon Josefsson.

The ISO includes some useful scripts, for example, create-raid will quickly partition and RAID a set of SD cards to store your master key-pair offline.

Getting involved

To make PGP accessible to a wider user-base and more convenient for those who don't use GnuPG frequently enough to remember all the command line options, it would be interesting to create a GUI, possibly using python-newt to create a similar look-and-feel to popular text-based installer and system administration tools.

If you are keen on this project and would like to discuss it further, please come and join the new pki-clean-room mailing list and feel free to ask questions or share your thoughts about it.

One way to proceed may be to recruit an Outreachy or GSoC intern to develop the UI. Before they can get started, it would be necessary to more thoroughly document workflow requirements.

Catégories: Elsewhere

Palantir:'s Guide to Digital Governance: Ownership

Planet Drupal - lun, 10/10/2016 - 19:37's Guide to Digital Governance: Ownership's Guide to Digital Governance brandt Mon, 10/10/2016 - 12:37 Scott DiPerna Oct 10, 2016

This is the third installment of’s Guide to Digital Governance, a comprehensive guide intended to help get you started when developing a governance plan for your institution’s digital communications.

In this post we will cover...
  • Why ownership is the cornerstone of good governance
  • What ownership entails
  • How to manage instances of shared or collaborative ownership 

Stay connected with the latest news on web strategy, design, and development.

Sign up for our newsletter.

Now that we have defined all of the digital properties and platforms that we will consider for our Governance Plan, we next need to establish who “owns,” or who will ultimately be responsible for the care, maintenance, and accuracy, of these properties.

Ownership is the cornerstone of good governance. In fact, some may think of ownership as being synonymous with governance. From my experience, I believe that good governance of any digital communications platform involves more than simply defining who is responsible for each piece.

In most organizations, many people are using, sharing, and collaborating on the same systems together. The processes and interactions between those users needs to be defined as well, however we have to identify the people before the process. Defining ownership first is the foundation on which we can begin to define the more complex relationships that exist in a shared system.

Ownership is the cornerstone of good governance…. Defining ownership first is the foundation on which we can begin to define the more complex relationships that exist in a shared system.

I should make one other important distinction between maintenance of the system and the maintenance of the presentation of content, as it relates to ownership.

Since this Governance Plan is considering the guidelines for digital communications, it is explicitly NOT considering the roles, policies, and procedures for the maintenance of the infrastructure that supports the properties and platforms we are considering for the plan.

In other words, when we define who has ownership of the public website or the intranet, we are considering only the content and its presentation – not the underlying software and hardware that makes the website or intranet functional.

Perhaps this is obvious, but it is an important distinction to make for those who are less familiar with modern web technology, who may not fully understand where the functions of an IT department end and an Online Marketing or Communications department begin.

With those caveats out of the way, we can now begin to define who is responsible for each of the properties and platforms we listed earlier.

Obviously, I can’t tell you who is or who should be responsible for each piece within your organization – that must be defined by how your work responsibilities are distributed across the institution – but I can describe some general principles for defining ownership that should help.

  • Ownership of your organization’s web presences ultimately should reside at the very top, with levels of responsibility being delegated down the hierarchy of the institution.
  • The top leadership of an organization should be responsible ultimately for the accuracy and maintenance of the content contained within the parts of the properties they own.
  • Every website, subsite, microsite, department site; every section and sub-section; every page, aggregated listing, and piece of content all the way down to each video, photo, paragraph, headline, and caption should fall within the ownership of someone at the top.
  • Responsibility for daily oversight and hands-on maintenance of those properties then may be delegated to staff within the owner’s groups, offices, or areas of responsibility.
  • Owners should have sufficiently trained staff who have the authority and capacity to make changes, corrections, and updates to the content as needed in a timely manner, such that inaccurate and/or outdated content does not remain on the property for an unreasonable period of time.

In short, ownership has two essential aspects:

  1. top-level responsibility for the accuracy and efficacy of the content, and
  2. hands-on responsibility for the creation and maintenance of the content.

Both are essential and required for good governance, and very likely may be responsibilities held by one person, split between two, or shared among a group.

Shared Ownership / Responsibility

There may be instances in which shared ownership may be necessary. I generally recommend against doing that as it puts at risk a clear chain of accountability. If two people are responsible, it’s easy for both to think the other person is handling it.

If some form of shared ownership is required, consider having one person be the primary owner, who is supported by a secondary owner when needed; or that a primary owner is a decision-maker, but secondary owner(s) are consulted or informed of issues and pending decisions.

If “equally” shared ownership or responsibility is required, try defining the exact responsibilities that are to be owned and dividing them logically between the two. Perhaps there is a logical separation of pages or sections. Or maybe one person is responsible for copy, while another is responsible for images.

Shared ownership is less-than-ideal, but there can be reasonable ways to make it work, provided you do not create any structural gaps in authority, unwittingly.


There are many instances in digital communications where groups of people collaborate to produce content. This is most common with organizational news and events, publications, blogs, social media, etc.

For example, if there is a single person who can be ultimately responsible for all blog content created by various content creators, great! If blog content is created by subject-matter experts from different fields or different parts of the organization, perhaps it is possible to invest ownership in one person for all of the blog posts within a specific subject for each field.

If you are in a situation similar to what I described above, where you have multiple, subject-specific owners, it will probably make sense for all of the owners to meet regularly to agree on standards and best-practices for all contributors to follow.

In the end, the fundamental concept here is to place responsibility for all content and every part of a digital property with the people who are in the best position to manage it and ensure its quality, accuracy, pertinence, and value.


This post is part of a larger series of posts, which make up a Guide to Digital Governance Planning. The sections follow a specific order intended to help you start at a high-level of thinking and then focus on greater and greater levels of detail. The sections of the guide are as follows:

  1. Starting at the 10,000ft View – Define the digital ecosystem your governance planning will encompass.
  2. Properties and Platforms – Define all the sites, applications and tools that live in your digital ecosystem.
  3. Ownership – Consider who ultimately owns and is responsible for each site, application and tool.
  4. Intended Use – Establish the fundamental purpose for the use of each site, application and tool.
  5. Roles and Permissions – Define who should be able to do what in each system.
  6. Content – Understand how ownership and permissions should apply to content.
  7. Organization – Establish how the content in your digital properties should be organized and structured.
  8. URLs – Define how URL patterns should be structured in your websites.
  9. Design – Determine who owns and is responsible for the many aspects design plays in digital communications and properties.
  10. Personal Websites – Consider the relationship your organization should have with personal websites of members of your organization.
  11. Private Websites, Intranets and Portals – Determine the policies that should govern site which are not available to the public.
  12. Web-Based Applications – Consider use and ownership of web-based tools and applications.
  13. E-Commerce – Determine the role of e-commerce in your website.
  14. Broadcast Email – Establish guidelines for the use of broadcast email to constituents and customers.
  15. Social Media – Set standards for the establishment and use of social media tools within the organization.
  16. Digital Communications Governance – Keep the guidelines you create updated and relevant.

We want to make your project a success.

Let's Chat.
Catégories: Elsewhere

Matt Glaman: Managing Your Drupal Project with Composer

Planet Drupal - lun, 10/10/2016 - 15:15

Drupal Commerce was started without writing any Drupal code. Our libraries set Drupal Commerce off the island before Drupal was able to support using third party library not provided by core.

Drupal now ships without third party libraries committed, fully using Composer for managing outside dependencies. However, that does not mean the community and core developers have everything figured out, quite yet.

YNACP: Yet Another Composer Post. Yes. Because as a co-maintainer of Drupal Commerce we're experiencing quite a lot of issue queue frustration. I also want to make the case of "let's make life eaiser" for working with Drupal. As you read compare the manual sans-Composer process for local development and remote deployment versus the Composer flows.

Before we begin

We're going to be discussing Composer. There's specific terminologies I'll cover first.

  • composer.json: defines metadata about the project and dependencies for the project.
  • composer.lock: metadata file containing computed information about dependencies and expected install state.
  • composer install: downloads and installs dependencies, also builds the class autoloader. If a .lock file is available it will install based off of the metadata. Otherwise it will calculated and resolve the download information for dependencies.
  • composer update: updates defined dependencies and rebuilds the lock file.
  • composer require: adds a new dependency, updates the JSON and .lock file.
  • composer remove: removes a dependency, updates the JSON and .lock file.

All Composer commands need to run in the same directory as your composer.json file.

Installing Drupal

There are multiple ways to install Drupal. This article focuses on working with Composer, for general installation help review the official documentation at

Install from packaged archive has a packaging system which provides zip and tar archives. These archives come with all third party dependencies downloaded.

You download the archive, extract the contents and have an installable Drupal instance. The extracted contents will contain the vendor directory and a composer.lock file.

Install via Composer template

A community initiative was started to provide a Composer optimized project installation for Drupal. The  project provided a version of Drupal core which could be installed via Composer and a mirror of projects via a Composer endpoint (This has been deprecated in favor of the endpoint).

To get started you run the create-project command. 

composer create-project drupal-composer/drupal-project:8.x-dev some-dir --stability dev --no-interaction

This will create some-dir folder which holds the vendor directory and a web root directory (Drupal.) This will allow you to install Drupal within a subdirectory of the project, which is a common application structure.

This also keeps your third party libraries out of access from your web server.

Review the repository for documentation on how to use the project, including adding and updating core/projects:

Adding dependencies to Drupal Without Composer

Modules, themes, and profiles are added to Drupal my placing them in a specific directory. This can be done by visiting, downloading the packaged archive and extracting it to the proper location.

There's a problem with this process: it's manual and does not ensure any of the project's dependencies were downloaded. Luckily Composer is a package and dependency manager!

With Composer

To add a dependency we use the composer require command. This will mark the dependency, download any of its own. 

Note if you did not use project base: Currently there is no out of the box way to add projects to a standard Drupal installation. You will need to run a command to the endpoint.

composer config repositories.drupal composer

Let's use the Panels module as an example. Running the following command would add it to your Drupal project.

composer require drupal/panels

This will install the latest stable version of the Paragraphs version. If you inspect your composer.json file you should see something like the following

"require": { "drupal/panels": "3.0-beta4", }

One of the key components is the version specification. This tells Composer what version it can install, and how it can update.

  • 3.0 will be considered a specific version and never update.
  • ~3.0 will consider any patch version as a possible installation option, such as new betas, RCs.
  • ~3 will allow any minor releases to be considered for install or update.
  • ^3.0 will match anything under the major release — allowing any minor or patch release.

You can specify version constraints when adding a dependency as well. This way you can define of you will allow minor or patch updates when updating.

composer require drupal/panels:~3.0

This will allow versions 3.0-beta5,3.0-rc1, 3.0 to be valid update versions.

Know what! The same versioning patterns exist in NPM and other package managers.

Updating dependencies Without Composer

As stated with installing dependencies, it could be done manually. But this requires knowing if any additional dependencies need to be updated. In fact, this is becoming a common issue in the issue queues.

With Composer

Again, this is where Composer is utilized and simplifies package management.

Going from our previous example, let's say that Paragraphs has a new patch release. We want to update it. We would run

composer update drupal/panels --with-dependencies

This will update our Drupal project and any of its dependencies. Why is this important? What if Paragraphs required the newest version of Entity Reference Revisions for a critical fix? Without a package manager, we would have not known or possibly updated.

Why we need --with-dependencies

When Composer updates a dependency, it does not automatically update its dependencies. Why? No idea, apparently the maintainers do not believe it should.

Updating Drupal core Without the Composer template

If you installed Drupal through the normal process, via an extracted archive, you have to manually update in the same fashion. You will need to remove all files provided by Drupal core — *including your possibly modified composer.json file*.

Rightly so, you can move your modified .htaccess, composer.json, or robots.txt and move them back. However, you’ll need to make sure your composer.json matches the current Drupal core’s requirements and run composer update.

That’s difficult.

The official documentation:

Updating Drupal core via the Composer template

If you have setup Drupal with the Composer template or any Composer based workflow, all you need to do is run the following command (assuming you’ve tagged the drupal/core dependency as ^8.x.x or ~8, ~8.1, ~8.2)

composer update drupal/core --with-dependencies

This will update Drupal core and its files alongside the drupal-composer/drupal-scaffold project.

Using patches with Composer

I have been a fan of using build tools with Drupal, specifically  using . However, when I first used Composer I was concerned on how to use patches or pull requests not yet merged with the project — without maintaining some kind of fork.

 create the   project. This will apply patches to your dependencies. The project’s README fully documents its use, so I’ll cover it quickly here.

Patches are stored in a patches portion of the extra schema of the JSON file.

"extra": { "patches": { "drupal/commerce”: { "#2805625: Add a new service to manage the product variation rendering": "" } } }

This patches Drupal Commerce with a specific patch. 

Using GitHub PRs as a patch

Patches are great, as they let you use uncommitted functionality immediately. A problem can arise when you need code from a GitHub pull request (or so it seems.) For instance, Drupal Commerce is developed on GitHub since DrupalCI doesn’t support Composer and contributed projects yet.

Luckily we can take the PR for the issue used in the example and add .patch to it to retrieve a patch file:

We could then update our composer.json to use the pull request’s patch URL and always have up to date versions o the patch.

"extra": { "patches": { "drupal/commerce”: { "#2805625: Add a new service to manage the product variation rendering": "" } } }
Catégories: Elsewhere

Pantheon Blog: Turn on Twig Debug Mode in Drupal 8 on Pantheon

Planet Drupal - lun, 10/10/2016 - 15:00
When working on Drupal 8 theming, it is very helpful to have Twig debug mode on. Debug mode will cause twig to emit a lot of interesting information about which template generated each part of the page. The instructions for enabling debug mode can be found within the comments of the file, among other sources. In short, all you need is the following in your services.yml file:  
Catégories: Elsewhere

Reproducible builds folks: Reproducible Builds: week 76 in Stretch cycle

Planet Debian - lun, 10/10/2016 - 13:16

What happened in the Reproducible Builds effort between Sunday October 2 and Saturday October 8 2016:

Media coverage Events
  • Vagrant Cascadian gave an impromptu talk about reproducible builds at CAT Barcamp on 8th October.

  • Holger discussed Reproducible coreboot at Unlike other projects, coreboot doesn't do binary releases because there have been many instances of people taking some incorrect coreboot binary, flashed it and bricked their machines… The end idea is that coreboot will simply release .buildinfo files (and still no binaries) instead.

Packages reviewed and fixed, and bugs filed Reviews of unreproducible packages

31 package reviews have been added, 27 have been updated and over 20 have been removed in this week, adding to our knowledge about identified issues.

3 issue types have been addded:

1 issue type has been updated:

Weekly QA work

During of reproducibility testing, some FTBFS bugs have been detected and reported by:

  • Chris Lamb (12)


  • The data in reproducible-tracker.json (which is fed to tracker.d.o and DDPO) has been changed to contain data from testing as the build path variations we introduced for unstable are not yet ready for wider consumption. For testing/stretch we recomment to create reproducible packages by rebuilding in the same path. (h01ger)
  • Various reproducibility statistics for testing/stretch have been added to the dashboard view. (h01ger)
  • The repository comparison page has been improved to only show obsolete packages if they exist (which they currently don't as we have rebuilt everything from the plain Debian repos, except for our modified dpkg due to #138409 and #787980). (h01ger)
  • All armhf boards are now using Linux kernels provided by Debian. (vagrant)

This week's edition was written by Chris Lamb, Holger Levsen & Vagrant Cascadian and reviewed by a bunch of Reproducible Builds folks on IRC.

Catégories: Elsewhere

Petter Reinholdtsen: Experience and updated recipe for using the Signal app without a mobile phone

Planet Debian - lun, 10/10/2016 - 11:30

In July I wrote how to get the Signal Chrome/Chromium app working without the ability to receive SMS messages (aka without a cell phone). It is time to share some experiences and provide an updated setup.

The Signal app have worked fine for several months now, and I use it regularly to chat with my loved ones. I had a major snag at the end of my summer vacation, when the the app completely forgot my setup, identity and keys. The reason behind this major mess was running out of disk space. To avoid that ever happening again I have started storing everything in userdata/ in git, to be able to roll back to an earlier version if the files are wiped by mistake. I had to use it once after introducing the git backup. When rolling back to an earlier version, one need to use the 'reset session' option in Signal to get going, and notify the people you talk with about the problem. I assume there is some sequence number tracking in the protocol to detect rollback attacks. The git repository is rather big (674 MiB so far), but I have not tried to figure out if some of the content can be added to a .gitignore file due to lack of spare time.

I've also hit the 90 days timeout blocking, and noticed that this make it impossible to send messages using Signal. I could still receive them, but had to patch the code with a new timestamp to send. I believe the timeout is added by the developers to force people to upgrade to the latest version of the app, even when there is no protocol changes, to reduce the version skew among the user base and thus try to keep the number of support requests down.

Since my original recipe, the Signal source code changed slightly, making the old patch fail to apply cleanly. Below is an updated patch, including the shell wrapper I use to start Signal. The original version required a new user to locate the JavaScript console and call a function from there. I got help from a friend with more JavaScript knowledge than me to modify the code to provide a GUI button instead. This mean that to get started you just need to run the wrapper and click the 'Register without mobile phone' to get going now. I've also modified the timeout code to always set it to 90 days in the future, to avoid having to patch the code regularly.

So, the updated recipe for Debian Jessie:

  1. First, install required packages to get the source code and the browser you need. Signal only work with Chrome/Chromium, as far as I know, so you need to install it. apt install git tor chromium git clone
  2. Modify the source code using command listed in the the patch block below.
  3. Start Signal using the run-signal-app wrapper (for example using `pwd`/run-signal-app).
  4. Click on the 'Register without mobile phone', will in a phone number you can receive calls to the next minute, receive the verification code and enter it into the form field and press 'Register'. Note, the phone number you use will be user Signal username, ie the way others can find you on Signal.
  5. You can now use Signal to contact others. Note, new contacts do not show up in the contact list until you restart Signal, and there is no way to assign names to Contacts. There is also no way to create or update chat groups. I suspect this is because the web app do not have a associated contact database.

I am still a bit uneasy about using Signal, because of the way its main author moxie0 reject federation and accept dependencies to major corporations like Google (part of the code is fetched from Google) and Amazon (the central coordination point is owned by Amazon). See for example the LibreSignal issue tracker for a thread documenting the authors view on these issues. But the network effect is strong in this case, and several of the people I want to communicate with already use Signal. Perhaps we can all move to Ring once it work on my laptop? It already work on Windows and Android, and is included in Debian and Ubuntu, but not working on Debian Stable.

Anyway, this is the patch I apply to the Signal code to get it working. It switch to the production servers, disable to timeout, make registration easier and add the shell wrapper:

cd Signal-Desktop; cat <<EOF | patch -p1 diff --git a/js/background.js b/js/background.js index 24b4c1d..579345f 100644 --- a/js/background.js +++ b/js/background.js @@ -33,9 +33,9 @@ }); }); - var SERVER_URL = ''; + var SERVER_URL = ''; var SERVER_PORTS = [80, 4433, 8443]; - var ATTACHMENT_SERVER_URL = ''; + var ATTACHMENT_SERVER_URL = ''; var messageReceiver; window.getSocketStatus = function() { if (messageReceiver) { diff --git a/js/expire.js b/js/expire.js index 639aeae..beb91c3 100644 --- a/js/expire.js +++ b/js/expire.js @@ -1,6 +1,6 @@ ;(function() { 'use strict'; - var BUILD_EXPIRATION = 0; + var BUILD_EXPIRATION = + (90 * 24 * 60 * 60 * 1000); window.extension = window.extension || {}; diff --git a/js/views/install_view.js b/js/views/install_view.js index 7816f4f..1d6233b 100644 --- a/js/views/install_view.js +++ b/js/views/install_view.js @@ -38,7 +38,8 @@ return { 'click .step1': this.selectStep.bind(this, 1), 'click .step2': this.selectStep.bind(this, 2), - 'click .step3': this.selectStep.bind(this, 3) + 'click .step3': this.selectStep.bind(this, 3), + 'click .callreg': function() { extension.install('standalone') }, }; }, clearQR: function() { diff --git a/options.html b/options.html index dc0f28e..8d709f6 100644 --- a/options.html +++ b/options.html @@ -14,7 +14,10 @@ <div class='nav'> <h1>{{ installWelcome }}</h1> <p>{{ installTagline }}</p> - <div> <a class='button step2'>{{ installGetStartedButton }}</a> </div> + <div> <a class='button step2'>{{ installGetStartedButton }}</a> + <br> <a class="button callreg">Register without mobile phone</a> + + </div> <span class='dot step1 selected'></span> <span class='dot step2'></span> <span class='dot step3'></span> --- /dev/null 2016-10-07 09:55:13.730181472 +0200 +++ b/run-signal-app 2016-10-10 08:54:09.434172391 +0200 @@ -0,0 +1,12 @@ +#!/bin/sh +set -e +cd $(dirname $0) +mkdir -p userdata +userdata="`pwd`/userdata" +if [ -d "$userdata" ] && [ ! -d "$userdata/.git" ] ; then + (cd $userdata && git init) +fi +(cd $userdata && git add . && git commit -m "Current status." || true) +exec chromium \ + --proxy-server="socks://localhost:9050" \ + --user-data-dir=$userdata --load-and-launch-app=`pwd` EOF chmod a+rx run-signal-app

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Catégories: Elsewhere

Paul Johnson: Help Dries crowdsource Drupal 8 success stories

Planet Drupal - lun, 10/10/2016 - 11:14

In little over a month Drupal 8 will be one year old. To mark this momentous occasion Dries Buytaert, Drupal’s founder, will champion noteworthy web sites and applications powered by Drupal 8.

Have you launched a Drupal 8 web site or application this year? Dries would like to hear from you. We’ve prepared a short web form so you can tell him your Drupal 8 success story.

Please spread the word

To reach the widest potential audience and capture the very best examples I encourage your to share this blog post with colleagues, peers, clients. Please email, share on social media, speak to your clients.

Beyond the Drupal shops developing applications our objective is to attract submissions from end users using Drupal 8. If you represent an organisation, enterprise, SME, startup, manufacturer, government department (and more) using Drupal 8 we want to hear from you.

So tell the world, complete the short form and help us celebrate Drupal 8.

Deadline for submissions is November 11th.

Catégories: Elsewhere

Arturo Borrero González: The day I became Debian Developer

Planet Debian - lun, 10/10/2016 - 07:00

The moment has come. You may contact me now at :-)

After almost 6 months of tough NM process, the waiting is over. I have achieved the goal I set to myself back in 2011: become Debian Developer.

This is a professional and personal victory.

I would like to mention many people who have been important for this to happen. But they all know, no need to create a list here. Thanks!

This weekend I was doing some hiking in the mountains and had no internet conection at all. When I arrived back home, I discovered an email from Debian System Administrators on behalf of The Debian New Maintainer Team, in which they let me know that my official DD account had been created.

During the last 6 month I have been trying to imagine the moment in which the process is finally completed (yes, I have been a bit impatient). At the end, the magical moment in the mountains was followed by the joy of the DD account. Curious how things happen sometimes.

Here is a pic of this mountain day, with my adventure friends. I am the first from the left.

Catégories: Elsewhere

Enzolutions: A week in Paris

Planet Drupal - lun, 10/10/2016 - 02:00

Last week I had the opportunity of visit Paris, France for a week as para of my tour Around the Drupal world in 140+ days.

Sadly for me, I got a #drupalflu in Drupal Con, Dublin; So I wasn't in the best shape to enjoy the city.

I want to say thank you to Sebastien Lissarrague and his family for allowing me to stay with them in their home.

During my visit, I had the opportunity to participate in the local Drupal Meetup of Paris community.

Also, I visited some companies like Koriolis, Sensio Labs and

At Koriolis I have the opportunity to show the owner and developers the Drupal Console project to accelerate the Drupal 8 adoption in their projects.

During my visit to Sensio Labs I had a session with part the Symfony Core development team, to show them how we have been using the Symfony Console in Drupal Console project.

During my visit at I learn I little bit how they enable to their Drupal 8 user the usage of Drupal Console project. Next week I will write an articule about that.

About the city, I think anything that I could say about Paris will be nothing compare how beautiful it's; I just could recommend you to visit three mandatory places in you visit.

Eiffel Tower

Louvre Museum


Airplane Distance (Kilometers) Dublin , Ireland → Paris, France → San Jose, Costa Rica 9.957 Previously 96,604 Total 106.561 Walking Distance (steps) Dublin 116.133 Previously 1.780.955 Total 1.897.088 Train Distance (Kilometers) Today 0 Previously 528 Total 528 Bus/Car Distance (Kilometers) Today 0 Previously 2.944 Total 2.944
Catégories: Elsewhere

Hideki Yamane: Simplest debian/watch file GNOME packages

Planet Debian - lun, 10/10/2016 - 01:03
Simplest (two lines) debian/watch file GNOME-related packages, you can just copy&paste it.version=4[\d\.]+[02468])/@PACKAGE@-@ANY_VERSION@@ARCHIVE_EXT@

Catégories: Elsewhere

Bits from Debian: Debian is participating in the next round of Outreachy!

Planet Debian - dim, 09/10/2016 - 19:50

Following the success of the last round of Outreachy, we are glad to announce that Debian will take part in the program for the next round, with internships lasting from the 6th of December 2016 to the 6th of March 2017.

From the official website: Outreachy helps people from groups underrepresented in free and open source software get involved. We provide a supportive community for beginning to contribute any time throughout the year and offer focused internship opportunities twice a year with a number of free software organizations.

Currently, internships are open internationally to women (cis and trans), trans men, and genderqueer people. Additionally, they are open to residents and nationals of the United States of any gender who are Black/African American, Hispanic/Latin@, American Indian, Alaska Native, Native Hawaiian, or Pacific Islander.

If you want to apply to an internship in Debian, you should take a look at the wiki page, and contact the mentors for the projects listed, or seek more information on the (public) debian-outreach mailing-list. You can also contact the Outreach Team directly. If you have a project idea and are willing to mentor an intern, you can submit a project idea on the Outreachy wiki page.

Here's a few words on what the interns for the last round achieved within Outreachy:

  • Tatiana Malygina worked on Continuous Integration for Bioinformatics applications; She has pushed more than a hundred commits to the Debian Med SVN repository over the last months, and has been sponsored for more than 20 package uploads.

  • Valerie Young worked on Reproducible Builds infrastructure, driving a complete overhaul of the database and software behind the website. Her blog contains regular updates throughout the program.

  • ceridwen worked on creating reprotest, an all-in-one tool allowing anyone to check whether a build is reproducible or not, replacing the string of ad-hoc scripts the reproducible builds team used so far. She posted regular updates on the Reproducible Builds team blog.

  • While Scarlett Clark did not complete the internship (as she found a full-time job by the mid-term evaluation!), she spent the four weeks she participated in the program providing patches for reproducible builds in Debian and KDE upstream.

Debian would not be able to participate in Outreachy without the help of the Software Freedom Conservancy, who provides administrative support for Outreachy, as well as the continued support of Debian's donors, who provide funding for the internships. If you want to donate, please get in touch with one of our trusted organizations.

Debian is looking forward to welcoming new interns for the next few months, come join us!

Catégories: Elsewhere


Subscribe to jfhovinne agrégateur