User:Maffblaster/Todo

My personal list of Article description::Gentoo stuff to do in order to get Gentoo stuff done.


 * Go to completed tasks.

Todo
Anything in the Todo category, but especially Open discussions in the Handbook namespace.

Audit current security practices in Gentoo against The Update Framework
For my own peace of mind, but also in attempt to increase overall assurance in the Gentoo user community, it would be nice to check off Gentoo's software distribution security controls (Portage and EAPI standards) against The Update Framework's (TUF's) Specification and recommended security design principals.

The goal of this todo item is to answer the following questions:


 * 1) Is the Gentoo project's work on Portage and the EAPI 'in compliance' with TUF's recommendations?
 * 2) Is the install media and stage file downloads hosted on www.g.o and the mirrors compliant with TUF?
 * 3) What changes, if any, are necessary in order to bring software development and distribution into compliance with TUF?
 * 4) Are there areas of the Gentoo project's activities that can be enhanced by the TUF framework?

Also read this PDF.

Portage doesn't want to update due to old EAPI
The following is the output of a couple attempts to upgrade a system that has not been touched since 2020-10-05...

Research package mask info more easily available to sysadmins in standard package query tools
Package mask information should be easily accessible / available to system administrators using standard repo query tools. In my opinion, system administrators should not need to have Gentoo developer knowledge in order to determine the reason a package is masked. That reason should be more readily provided to the administrator with a query that's more accessible than with a detailed search, like in the following example.

For example, I presently see that Qt 6 is masked when I use to search for installed versions of Qt:

In order to determine why Qt is masked, the quickest query is something like the following, by using with a basic regular expression and using context to filter out the unnecessary parts of the  file:

In my opinion, the only way to get this data is to have Gentoo developer knowledge:


 * 1) An understanding of ebuild repository layout.
 * 2) An understanding of where the masked package metadata is stored within the filesystem directory (which file stores package mask info).
 * 3) Decent knowledge of  - regular expressions.

What are better ways to do this?

Ebuild repository sync timestamp ISO-8601 compliant
The timestamp data (located in ) for ebuild repositories last sync time should be ISO-8601 compliant. This is an international standard and is easy to visually inspect and programmatically parse.

Perhaps create a new file in the base of the directory called something like or maybe even something with a more descriptive name such as ?

CPUID flags
Document how to disable CPU features by passing flag names as arguments to the  kcmdline parameter. Note that number codes from the file are also accepted by , however it is better in practice to pass the flag names since the numbers are not stable across CPU architectures. Multiple CPUID flags can specified by delimiting with commas.

It is also important to understand that using  to disable feature(s)/instruction(s) will prevent the kernel from advertising the hardware contains the offered feature(s)/instruction(s) and will prevent the kernel itself from using the feature/instruction, however it does not disable access to the feature(s)/instruction(s) from userspace. A userspace executable can still access the feature(s)/instruction(s) directly.

PPC64

 * Review and merge
 * Handbook_Talk:PPC64/Installation/Bootloader
 * Maffblaster's review using PowerMac G5 hardware: TBA

First, create an Apple partition layout, which will automatically create a first partition with a size of 32.3 kBs (512B to 32.8kB)

Next use parted to create (at minimum) two more partitions, but is wise to include a partition for swap space:

Create swap space:

Create the root filesystem:

Printing the partition layout should look like the following:

Create filesystems and activate swap space:

TODO: Handbook:PPC64/Installation/Stage section is incomplete and broken. Missing GPG public key import step for releng to check the .asc, DIGESTS, and .sha256 files, which all include inline signing.

Verify the, , and inline PGP signed hash files using GPG. The signatures page lists the current Gentoo release PGP keys and provides instructions on how to import the public keys into a local key ring. When running from official installation media, the keys can be imported via:

If running on non-Gentoo media, the keys can be imported from the web:

Verify the each of the above mentioned files:

Finally, the entire stage 3 can be verified:

After each verification checks out with a good signature, then run the following hash commands to verify the stage 3 and files have not been modified.

To verify the hash using SHA-256:

To verify the hash using SHA-512:

Two lines returning as "FAILED" is normal, due to these lines containing the hashes for the BLAKE2B algorithm. The two lines corresponding to the SHA-512 hashes should return as OK.

Two lines returning as "FAILED" is normal, due to these lines containing the hashes for the SHA-512 algorithm. The two lines corresponding to the BLAKE2B hashes should return as OK.

Once in the chroot, GRUB must be installed with IEEE-1275 support.

Better color pallet
Create 16-color pallet for a Gentoo themed shell. Base colors off official Tyrian color pallet. Used https://www.sessions.edu/color-calculator/ for color calculations.


 * 1) 48627a

Typical shell color pallet is something like:

Create community member equivalent of developer form
Members of our community would like to have "profile" pages on our wiki like our official developers do. This todo item tracks 'feature' improvement for our wiki. The following should be created to replace InfoBox user; likely cloned from existing developer resources:


 * Form:Community member
 * Form:Community member

Be sure to add the category Category:Users with profiles.

Moribund project discovery
Write SMW query to discover projects that have no leads, members, or subproject. These projects should probably be retired.

Try using #ask with #if. Check out https://www.semantic-mediawiki.org/wiki/Help:Search_range_of_pages or wildcards and in combination with CURRENTYEAR, CURRENTMONTH, CURRENTDAY magic words.

It maybe be necessary to use https://www.semantic-mediawiki.org/wiki/Extension:Semantic_Compound_Queries

TODO: Add "years, months, and days" overdue row. Need to be able to query just the YEAR, MONTH, DAY from the date datatype to make this happen.

Query moved here: Project:Gentoo/GLEP 39 election date non-compliant projects.

Set Has property description special property on existing Has properties
https://www.semantic-mediawiki.org/wiki/Help:Special_property_Has_property_description

Ease election burden
Many projects are behind on the elections. As presently defined, projects must re-elect a lead each year. In the past, has taken it upon himself to create a tracker bug with many sub-entries to track projects that are behind on elections. While was was a good effort that should not go unnoticed, it did not seem to solve the problem or motivate projects to stay on top of project election updates. Even my own project(s) were years behind (mainly because I didn't have a good situation managing my Gentoo email inbox).

TODO: Link bug where idea is discussed.

The following are a couple of proposals to help fix this:


 * 1) Amend or revise GLEP 39 to make it optional to perform a yearly election.
 * 2) * Make election date self-update (roll over) unless a project member calls for a vote.
 * 3) * Remove the requirement for annual project election; during any period past one year any existing project member has the option to call for a vote in order to appoint a new or reappoint the existing project lead(s).
 * 4)  Create automated service with info based off of the official project election data (SMW) export that will generate an email based off a templated message.
 * 5) * Message would be emailed out two weeks before the annual election date and would include current project lead, current project members... and would ask the team to vote, then update the wiki page with the new date and (new?) lead (if applicable).
 * 6) Create a website (elections.g.o or voting.g.o) that would handle elections.
 * 7) * This site could be linked from the specific project page on the wiki.
 * 8) * Site would need the ability to automatically update wiki project pages based off voting results when the election period has closed.
 * 9) * Site would need to authenticate and identify developers.
 * 10) * An automated email service could be hooked up that delivers a message to defined project email address to kick off voting two weeks before the annual election date lapses.
 * 11) Create a script on dev.g.o that handles project elections (could  be extended for this purpose?)
 * 12) * Script would need the ability to automatically update wiki project pages based off voting results when the election period has closed.
 * 13) * Pro: Authentication and identification is handled by dev.g.o.
 * 14) * Script would need a fall back path if no votes were received: I propose leaving the existing project structure as-is and automatically updating the election date. This would bring each project into compliance with how GLEP 39 without having to amend or modify the GLEP.
 * 15) * Write up documentation on script somewhere on the wiki and provide a link on each "project box" on the each respective project page.

Overlay template
The GURU community ebuild repository is official and should be supported by a template here on the wiki... in fact, the wiki should be able to support "easy linking" for any ebuild repo that the Gentoo project officially references via repos.g.o site.

Task: Create an Overlay template that can link to the repositories available on https://repos.gentoo.org/

The unnamed parameter  can default to the repository name. Also, there should be associated "named" parameters that will do the same thing as the unnamed parameter:  and   should work. The repos.g.o does support linking to the exact location via HTML ID attributes, like this: https://repos.gentoo.org/#guru

Another parameter that should be supported by the template should be  or. This parameter should support arbitrary links (likely to repos that the Gentoo project has no 'official' knowledge of - meaning it's not downloaded with on GitHub, GitLab, or privately hosted).

Finally, a parameter of can be supported in order to change the link text returned by the Overlay template.

Invocation would look something like:


 * - links to https://repos.gentoo.org/#guru with the default link name being "guru".
 * - links to https://repos.gentoo.org/#guru with the link name being "guru".
 * - links to https://repos.gentoo.org/#guru with the link name being "guru".
 * - Links to https://github.com/maffblaster/maffblaster-overlay with the link name being "maffblaster-overlay".
 * -  is already used in another template, so it should likely be used here as well, but I could live with   only instead?

Future enhancements could add a  parameter that would adjust the URL for popular overlay sites, but does not seem to have much value add over simply using  :


 * - links to https://github.com/gentoo/guru with the link name being "guru".
 * - links to https://gitweb.gentoo.org/user/eroen.git/ with the link name being "user/eroen.git" or something... may need to discuss this further.

Also, repos.g.o needs to be updated to current terminology. Layman is no longer the ebuild repository management tool of choice and is largely unmaintained.

Create Gentoo distfiles mirror docker image
Create Gentoo distfiles mirror docker image, create from a docker file?

Include a separate volume for the distfiles directory?

Protect Council and Trustee election forms, properties, and templates
It would be wise to protect council elections forms, properties, and templates:


 * Nominee
 * Nominee properties: Has Name, Has Acceptance State, Has Linked Resource, Is Council Member, Is Trustee, Is Comrel Member, Is QA Member
 * Election
 * Has Title, Has ID, Has Election Official, Has Election Infra Contact, Has Election Cutoff Date, Has Nomination Start Date, Has Start Date,
 * Other downstream properties (research)?

...

Catch up on all open discussions in the Handbook namespace

 * Open discussions

As I continue to clean up our docs in 2022, I am working to catch up with and hopefully close out all open discussions in the Handbook: namespace. Will move this section to Completed tasks when caught up to this point. Aiming for January, 2021 and plan to tackle (at least) one discussion per week, but hopefully multiple per day.

Project lead elections improvement
Provide automagic calculation based on queried project election date and current time to provide visual cue or other notification that the project needs to hold re-election... mgorny has laid the framework: Project:Gentoo/Project Lead Elections.

Gentoo handbook development and maintenance
Fork and provide updates to 's script. This will help with Handbook testing and development.

Dev with KVM/QEMU

 * 1) Verify system firmware has virtualization support enabled; setup if necessary.
 * 2) Verify KVM support is available in the system's kernel.
 * 3) Verify QEMU has been installed and configured properly for the appropriate arch(es).
 * 4) Create testing disks:
 * 5) * MBR disk on legacy x86 BIOS
 * 6) * MBR with hybrid GPT on legacy x86 BIOS.
 * 7) * GPT on legacy x86 BIOS.
 * 8) * GPT on x86_64 EFI.
 * 9) Create a VM.
 * 10) * Snapshot VM

Dev with Docker
The following repo needs copied to gitweb.g.o if it is missing: https://github.com/gentoo/gentoo-docker-images


 * 1) Get the tools:
 * 2) Start the service(s):
 * 3) * OpenRC:
 * 4) * systemd:
 * 5) When running from a Gentoo system:
 * 6) * Get a fresh copy of the gentoo:: ebuild repository:
 * 7) * Pull the stage3 image:
 * 8) * Run the a container, sharing in a copy of the freshly updated gentoo:: repo, and mounting the (512 MiB) and  (16 GiBs) directories in memory (saves SSD writes). Adjust or remove these options if the host system does not have enough memory.
 * 9) ** Alternatively, the mount command can be used, however an extra remount step is necessary in the container:
 * 10) *** When in the container,  must be removed from the  and  tmpfs mounts:
 * 11) When running from a non-Gentoo system, it is easy to also pull down a gentoo:: snapshot and mount into the container as a volume. For example:
 * 12) * Pull the images:
 * 13) * Create a volume:
 * 14) * Run the container with the volume attached
 * 1) ** Alternatively, the mount command can be used, however an extra remount step is necessary in the container:
 * 2) *** When in the container,  must be removed from the  and  tmpfs mounts:
 * 3) When running from a non-Gentoo system, it is easy to also pull down a gentoo:: snapshot and mount into the container as a volume. For example:
 * 4) * Pull the images:
 * 5) * Create a volume:
 * 6) * Run the container with the volume attached
 * 1) * Create a volume:
 * 2) * Run the container with the volume attached
 * 1) * Run the container with the volume attached
 * 1) * Run the container with the volume attached

When finished hacking, clean up the mess.


 * 1) Deletes all containers (without confirmation prompt):
 * 2) Deletes all volumes (without confirmation prompt):
 * 3) Deletes all images without at least one container associated to them (re-download will be necessary):
 * 1) Deletes all images without at least one container associated to them (re-download will be necessary):
 * 1) Deletes all images without at least one container associated to them (re-download will be necessary):

Vocational OSS maintainer
TODO: Explain how a Gentoo developer could approach vocational full time (considered 40 hours a week) or even part time (considered at 20 hours but up to 30 hours a week) work on Gentoo.

Rationale
Audit, compliance, hardening, security, and risk assessment, etc. directly relates to the amount of time a project dedicates these various fields. In Gentoo, a security project exists to cite and inform endpoint systems of vulnerabilities related to package versions and (occasionally) security issues.

Funding (money) and time go hand-in-hand. Most developers work a primary/day job to put food on their tables and care for families. Gentoo is typically a secondary job, or hobby function. Due to this, Gentoo ends up getting the leftover daily bandwidth and minimal compute time in a developer's mind.

Really good blog entry along this theme can be found here: https://sethmlarson.dev/blog/security-for-package-maintainers

Ideas
Use GSOC as an entry point and introduction into the Gentoo ecosystem on a certain project.

Funding options
The following list are some of the methods used by open source developers to fund their efforts improving the quality of software offered (most typically) for no money:


 * https://github.com/sponsors - Gentoo developers would enroll independently; no organizational oversight.
 * https://opencollective.com

Other options include donating directly to the developer via crypto wallet address for various services, which some developers may prefer, however this generally involves transactional network fees and/or cash out conversion fees into national/fiat currencies.

Post-rsync world Handbook improvements
Looks like there are a couple of URIs available to sync the Gentoo ebuild repository via git:


 * https://github.com/gentoo-mirror/gentoo.git
 * https://gitweb.gentoo.org/repo/sync/gentoo.git

Notes from : Project:Portage/Repository_verification and Portage_Security

It would not be terribly bad idea to add an alternative section in the handbook to sync via git instead of rsync. One blocking issue is that Portage will depend upon git for runtime support... just as it depends upon rsync for runtime syncing 'out of the box' (stage) file. The difference here is that is included in the system set, whereas  is not.

IMO, Portage "sync system" dependencies should be better defined in the ebuild itself with new runtime USE flags such as,  ,  ,  ,  , and. TODO: Look at adding bitkeeper support (both to Gentoo and to Portage sync types). (See also: )

In order to obtain a copy of of the Gentoo ebuild repository in order to install git, before creating the  directory, obtain git, create the directory...

Then create the following file and.

Reproducible builds
https://reproducible-builds.org/

Also look at.

Wikidata
Wikidata implementation.

See Wikidata.

https://www.mediawiki.org/wiki/Wikibase

Link developer nickname to developer map on www.g.o
This will require some investigation into the possibility of linking a name to a coordinate on www.g.o.

https://www.gentoo.org/inside-gentoo/developers/map.html

Preferable to link to a location with using an  tag such as   on the ending. The link would originate the from the LDAP generated location and point to the map.

Create a community maintained disk space document
See this discussion. Handbook should reference basic disk space requirements, whereas community page can document in more specificity how much space is necessary for typical installations on a per-profile basis.


 * Profile space requirements
 * distfiles space requirements (btrfs) as of 2021/09/22: 282G
 * gentoo repository space requirements (btrfs) as of 2021/09/22: 562M

Should be able to hook this up to an automated export available via HTTPS somehow...

Since "desktop" profiles are becoming available, it should be possible nab uncompressed filesystem sizes from RelEng builds, this data can be used to generate a table that can be used on the main site.... alternatively link to my space on pecker.

Prefix/Termux
Packages required to be installed in Termux (GitHub) for Gentoo Prefix to run with Termux:

Prefix/Cygwin
Packages required to be installed in Cygwin for Gentoo Prefix/Cygwin to run:

Tyrian

 * Devmanual should be added to the sites drop down menu...

Low disk space output
This message is also caused by low disk space as well; when there is not enough space in the ebuild's root build directory (WORKDIR) to unpack the package.

* Messages for package virtual/jpeg-0-r3:

* The ebuild phase 'unpack' has exited unexpectedly. This type of behavior * is known to be triggered by things such as failed variable assignments * (bug #190128) or bad substitution errors (bug #200313). Normally, before * exiting, bash should have displayed an error message above. If bash did * not produce an error message above, it's possible that the ebuild has * called `exit` when it should have called `die` instead. This behavior * may also be triggered by a corrupt bash binary or a hardware problem * such as memory or cpu malfunction. If the problem is not reproducible or * it appears to occur randomly, then it is likely to be triggered by a * hardware problem. If you suspect a hardware problem then you should try * some basic hardware diagnostics such as memtest. Please do not report * this as a bug unless it is consistently reproducible and you are sure * that your bash binary and hardware are functioning properly.

It would be nice to add some checks to Portage in order to better notify the user of the low space issue. At minimum add a line to the text above that mentions not enough space in WORKDIR.

Bound to fail
Using too high a MAKEOPS value and  set to   (or some other N), is a bad idea when compiling source in tmpfs or when Gentoo has been allocated only a small partition to PORTAGE_TMPDIR. In the example below the following default values are set in :

The previous example is bound to result in job failure output similar to the following:

Why does this happen?
The above occurs as explained in the OSError output from Portage: OSError: [Errno 28] No space left on device

In other words, space runs out in the directory Portage uses for compilation ( PORTAGE_TMPDIR ).

The fastest solution
Run + to close the Python interpreter, then do whatever is appropriate to obtain more disk space. Typically this can look like running and purging any failed compilations from Portage's TMPDIR:

Finally, resuming the with a smaller MAKEOPTS or jobs value (or both!) should work around the build failure:

Building stages with clang
Reddit discussion here.

This Debian sites keeps a nice list of packages that are successfully built with LLVM/Clang.

Captive portals
Explain how to access Cisco (and other annoying) captive portals that are typically present when using (at least) Chromium/FireFox and NetworkManager.

Explain how to connect to a captive portal while booted to a Gentoo admin or minimal installation media to avoid no network problems.

Nice to be able to do this via CLI as well... what tools or techniques can we come up with in order to help our community get past captive portals

Here are some links for research:


 * https://words.filippo.io/captive-browser/ - A dedicated Chrome instance to log into captive portals without messing with DNS settings.
 * https://github.com/FiloSottile/captive-browser/
 * https://www.geeksforgeeks.org/automated-login-for-captive-portals-in-linux/
 * https://github.com/authq/captive-login - Captive-portal login utility for headless environments written in pure bash.
 * https://github.com/SadeghHayeri/Mili - Mili is an open source tool for auto login hotspot pages! (MacOS + Linux)
 * https://unix.stackexchange.com/a/303807 and https://andrewwippler.com/2016/03/11/wifi-captive-portal/
 * https://github.com/topics/captiveportal

Troubleshooting
Sometimes attempting to browse to any site without using HTTPS will help trigger the captive portal to load.

Add information on enabling FreeSync on AMDGPU

 * AMDGPU

Resolve PPC bootloader installation instructions
Handbook probably needs to be migrated from yaboot to GRUB2. See discussion on Handbook_Talk:PPC/Installation/Bootloader.

Pending testing with VOID Linux on a separate HDD. 11/16/2020

Add networking setup example to the Handbooks using ip command
Transision the Handbook to use the command with CIDR format rather than.

Finish new Gentoo wallpapers

 * Add new wallpapers to www.g.o. and create a package for quick and easy installation on Gentoo.
 * Work on getting a resize script for common supported display resolutions. Start with 4K, resize down as appropriate per form factor.
 * Consider mobile device resolutions. What are they?
 * Upload wallpapers sources (with attribution) to maffblaster's GitHub.
 * Cut releases on GitHub.
 * Write imagemagick resize script for end user reproducibility?
 * See this tutorial for possible options. Or this Digital Ocean article.
 * Pseudo-code from Robin:

Terminology update: Overlay -> ebuild repository
Figure out how to address the following articles (man pages will also need updated):

Layman references:


 * PORTDIR_OVERLAY variable.
 * command.

Continue work on: https://wiki.gentoo.org/index.php?title=Special:WhatLinksHere/Overlay&action=purge

Re-add recentchanges bot to #gentoo-wiki
Investigate: https://wikitech.wikimedia.org/wiki/EventStreams


 * Research mw-bot (source) - Done! Disqualified. No releases in three years. Written to C#. Did not reply to (opened issue). Presumed dead/inactive.
 * sopel

Code for a similar recentchanges output:


 * Link from cronolio: https://www.mediawiki.org/wiki/Manual:$wgRCFeeds#Example
 * Setting up ircII with recentchanges: https://wikitech.wikimedia.org/wiki/IRCD#How_to_do_it_on_your_own_server

TODO: write a module to watch recent changes for sopel. Broadly see https://www.mediawiki.org/wiki/Manual:Bots and specifically Wikipedia:CREATEBOT.

Alternatively investigate

 * https://www.mediawiki.org/wiki/API:Recentchanges
 * https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:IRC_RC_Bot#LocalSettings.php

In Unix, what do some obscurely named commands stand for?
Link this somewhere: https://kb.iu.edu/d/abnd

Someone please work on these. Someone. ANYONE?! PLEASE!!

 * GitLab - Clean up article: meld it into proper article layout/formatting according to wiki Guidelines, review for correctness.
 * Work on bringing GitLab to Gentoo. This would be of use to infra as a GitHub fall back (since GitHub isn't nicely open source).
 * Start with a Gentoo-based container (if necessary), and build from there.