Colors of Noise

Entries tagged "planetdebian".

On a road to Prizren with a Free Software Phone
12th August 2022

Since people are sometimes slightly surprised that you can go onto a multi week trip with a smartphone running free sofware so only I wanted to share some impressions from my recent trip to Prizren/Kosovo to attend Debconf 22 using a Librem 5. It's a mix of things that happend and bits that got improved to hopefully make things more fun to use. And, yes, there won't be any big surprises like being stranded without the ability to do phone calls in this read because there weren't and there shouldn't be.

After two online versions Debconf 22 (the annual Debian Conference) took place in Prizren / Kosovo this year and I sure wanted to go. Looking for options I settled for a train trip to Vienna, to meet there with friends and continue the trip via bus to Zagreb, then switching to a final 11h direct bus to Prizren.

When preparing for the trip and making sure my Librem 5 phone has all the needed documents I noticed that there will be quite some PDFs to show until I arrive in Kosovo: train ticket, bus ticket, hotel reservation, and so on. While that works by tapping unlocking the phone, opening the file browser, navigating to the folder with the PDFs and showing it via evince this looked like a lot of steps to repeat. Can't we have that information on the Phone Shell's lockscreen?

This was a good opportunity to see if the upcoming plugin infrastructure for the lock screen (initially meant to allow for a plugin to show upcoming events) was flexible enough, so I used some leisure time on the train to poke at this and just before I reached Vienna I was able to use it for the first time. It was the very last check of that ticket, it also was a bit of cheating since I didn't present the ticket on the phone itself but from phosh (the phones graphical shell) running on my laptop but still.

PDF barcode on phosh's lockscreen List of tickets on phosh's lockscreen

This was possible since phosh is written in GTK and so I could just leverage evince's EvView. Unfortunately the hotel check in didn't want to see any documents ☹.

For the next day I moved the code over to the Librem 5 and (being a bit nervous as the queue to get on the bus was quite long) could happily check into the Flixbus by presenting the barcode to the barcode reader via the Librem 5's lockscreen.

When switching to the bus to Prizren I didn't get to use that feature again as we bought the tickets at a counter but we got a nice krem banana after entering the bus - they're not filled with jelly, but krem - a real Kosovo must eat!).

Although it was a rather long trip we had frequent breaks and I'd certainly take the same route again. Here's a photo of Prizren taken on the Librem 5 without any additional postprocessing:


What about seeing the conference schedule on the phone? Confy(a conferences schedule viewer using GTK and libhandy) to the rescue:

Confy with Debconf's schedule

Since Debian's confy maintainer was around too, confy saw a bunch of improvements over the conference.

For getting around Puremaps(an application to display maps and show routing instructions) was very helpful, here geolocating me in Prizren via GPS:


Puremaps currently isn't packaged in Debian but there's work onging to fix that (I used the flatpak for the moment).

We got ourselves sim cards for the local phone network. For some reason mine wouldn't work (other sim cards from the same operator worked in my phone but this one just wouldn't). So we went to the sim card shop and the guy there was perfectly able to operate the Librem 5 without further explanation (including making calls, sending USSD codes to query balance, …). The sim card problem turned out to be a problem on the operator side and after a couple of days they got it working.

We had nice, sunny weather about all the time. That made me switch between high contrast mode (to read things in bright sunlight) and normal mode (e.g. in conference rooms) on the phone quite often. Thankfully we have a ambient light sensor in the phone so we can make that automatic.

Phosh in HighContrast

See here for a video.

Jathan kicked off a DebianOnMobile sprint during the conference where we were able to improve several aspects of mobile support in Debian and on Friday I had the chance to give a talk about the state of Debian on smartphones. pdf-presenter-console is a great tool for this as it can display the current slide together with additional notes. I needed some hacks to make it fit the phone screen but hopefully we figure out a way to have this by default.

Debconf talk Pdf presenter console on a phone

I had two great weeks in Prizren. Many thanks to the organizers of Debconf 22 - I really enjoyed the conference.

Tags: debian, gnome, librem5, phosh, planetdebian, planetfsfe, planetgnome.
phosh overview
28th December 2020

phosh is graphical shell for mobile, touch based devices like smart phones. It's the default graphical shell on Purism's Librem 5 (and that's where it came to life) but projects like postmarketOS, Mobian and Debian have picked it up putting it into use on other devices as well and contributing patches.

This post is meant as a short overview how things are tied together so further posts can provide more details.

A PHone SHell

As mobile shell phosh provides the interface components commonly found on mobile devices to

phosh's overview 2 phosh's lockscreen phosh's overview 1

It uses GObject object system and GTK to build up the user interface components. Mobile specific patterns are brought in via libhandy.

Since phosh is meant to blend into GNOME as seamlessly as possible it uses the common interfaces present there via D-Bus like org.gnome.Screensaver or org.gnome.keyring.SystemPrompter and retrieves user configuration like keybindings via GSettings from preexisting schema.

The components of a running graphical session roughly look like this:

phosh session

The blue boxes are the very same found on GNOME desktop sessions while the white ones are currently only found on phones.

feedbackd is explained quickly: It's used for providing haptic or visual user feedback and makes your phone rumble and blink when applications (or the shell) want to notify the user about certain events like incoming phone calls or new messages. What about phoc and squeekboard?

phoc and squeekboard

Although some stacks combine the graphical shell with the display server (the component responsible for drawing applications and handling user input) this isn't the case for phosh. phosh relies on a Wayland compositor to be present for that. Keeping shell and compositor apart has some advantages like being able to restart the shell without affecting other applications but also adds the need for some additional communication between compositor and shell. This additional communication is implemented via Wayland protocols. The Wayland compositor used with phosh is called phoc for PHone Compositor.

One of these additional protocols is wlr-layer-shell. It allows the shell to reserve space on the screen that is not used by other applications and allows it to draw things like the top and bottom bar or lock screen. Other protocols used by phosh (and hence implemented by phoc) are wlr-output-management to get information on and control properties of monitors or wlr-foreign-toplevel-management to get information about other windows on the display. The later is used to allow to switch between running applications.

However these (and other) Wayland protocols are not implemented in phoc from scratch. phoc leverages the wlroots library for that. The library also handles many other compositor parts like interacting with the video and input hardware.

The details on how phoc actually puts things up on the screen deserves a separate post. For the moment it's sufficient to note that phosh requires a Wayland compositor like phoc.

We've not talked about entering text without a physical keyboard yet - phosh itself does not handle that either. squeekboard is the on screen keyboard for text (and emoji) input. It again uses Wayland protocols to talk to the Wayland compositor and it's (like phosh) a component that wants exclusive access to some areas of the screen (where the keyboard is drawn) and hence leverages the layer-shell protocol. Very roughly speaking it turns touch input in that area into text and sends that back to the compositor that then passes it back to the application that currently gets the text input. squeekboard's main author dcz has some more details here.

The session

So how does the graphical session in the picture above come into existence? As this is meant to be close to a regular GNOME session it's done via gnome-session that is invoked somewhat like:

phoc -E 'gnome-session --session=phosh'

So the compositor phoc is started up, launches gnome-session which then looks at phosh.session for the session's components. These are phosh, squeekboard and gnome-settings-daemon. These then either connect to already running services via D-Bus (e.g. NetworkManager, ModemManager, ...) or spawn them via D-Bus activation when required (e.g. feedbackd).

Calling conventions

So when talking about phosh it's good to keep several things apart:

On top of that people sometimes refer to 'Phosh' as the software collection consisting of the above plus more components from GNOME (Settings, Contacs, Clocks, Weather, Evince, ...) and components that currently aren't part of GNOME but adapt to small screen sizes, use the same technologies and are needed to make a phone fun to use e.g. Geary for email, Calls for making phone calls and Chats for SMS handling.

Since just overloading the term Phosh is confusing GNOME/Phosh Mobile Environment or Phosh Mobile Environment have been used to describe the above collection of software and I've contacted GNOME on how to name this properly, to not infringe on the GNOME trademark but also give proper credit and hopefully being able to move things upstream that can live upstream.

That's it for a start. phosh's development documentation can be browsed here but is also available in the source code.

Besides the projects mentioned above credits go to Purism for allowing me and others to work on the above and other parts related to moving Free Software on mobile Linux forward.

Tags: librem5, phosh, planetdebian, planetgnome.
GTK+ and the application id
28th August 2018

tl;dr: If you want to be sure your application will be displayed with the correct icon under different Wayland compositors make sure that your GApplication (or GtkApplication) uses


on GTK+3. On GTK+4 this is handled for you.

Details: While working on touch based window switching for the Librem5 I noticed that lots of the GNOME application did not end up with a proper icon when using g_desktop_app_info_new (desktop_id). The desktop_id is determined from the Wayland xdg surface's app_id as specified by in Wayland's xdg-shell protocol.

The protocol says:

The compositor shell will try to group application surfaces together
by their app ID. As a best practice, it is suggested to select app
ID's that match the basename of the application's .desktop file.
For example, "org.freedesktop.FooViewer" where the .desktop file is

It's even more explicit about the relation of the app_id to the D-Bus service name:

For D-Bus activatable applications, the app ID is used as the D-Bus
service name.

So why does this currently fail? It's because GTK+3 historically uses g_get_prgname() to set the app_id and this defaults to application's basename. But what we rather want is

g_application_id == D-Bus service name == $(basename desktop_file_path .desktop) == xdg app_id

There were patches by Jonas Ådahl to fix this but those were partially reverted since it broke existing applications. Now with GTK+4 around the corner we can fix this. See the migration docs.

This will also allow us to get rid of all the rename-desktop-file in the flatpak manifests too.

(The reason why this currently works in gnome-shell is because there's a private protocoll between GTK+ and GNOME Shell that (among other things) works around this).

Update: to check what app_id Wayland is seeing use:

WAYLAND_DEBUG=1 your_program |& grep 'xdg_toplevel@[0-9]\+\.set_app_id'
Tags: librem5, phosh, planetdebian, planetgnome.
libhandy 0.0.2
24th July 2018

Last month we tagged the first release of libhandy, a GTK+ library to ease the development of GNOME applications for mobile devices and small screens. Two of the contained widgets, HdyLeaflet and HdyColumn, are containers to address the specific size constraints of phones (video by Adrien). The rest are special purpose widgets, needed more than once on mobile devices, e.g. a Keypad (video).

This time around for the v0.0.2 release we mostly have bugfixes. From the Debian package's changelog:

[ Adrien Plazas ]
* dialer: Make the grid visible and forbid show all.
* example: Drop usage of show_all()
* dialer: Add column-spacing and row-spacing props.
* example: Change the grid's spacing and minimum size request.
* flatpak: Allow access to the dconf config dir.
* Replace phone-dial-symbolic by call-start-symbolic.
* column: Fix height for width request.

[ Guido Günther ]
* Use instead of
* Add AUTHORS file
* gitlab-ci: Build on Debian buster using provided build-deps.
* arrows: test object construction
* Multiple gtk-doc fixes
* docs: Abort on warnings.
* DialerButton: free letters

The Debian package was uploaded to Debian's NEW queue.

Tags: librem5, planetdebian, planetgnome.
git-buildpackage 0.9.2
10th November 2017

After some time in the experimental distribution I've uploaded git-buildpackage 0.9.0 to sid a couple of weeks ago and were now at 0.9.2 as of today. This brought in two new commands:

We moved to better supported tools:

We added integration with pk4:

 mkdir -p ~/.config/pk4/hooks-enabled/unpack/
 ln -s /usr/share/pk4/hooks-available/unpack/gbp ~/.config/pk4/hooks-enabled/unpack/

so pk4 invokes gbp import-dsc on package import.

There were lots of improvements all over the place like gbp pq now importing the patch queue on switch (if it's not already there) and gbp import-dsc and import-orig not creating pointless master branches if debian-branch != 'master'. And after being broken in the early 0.9.x cycle gbp buildpackage --git-overlay ... should be much better supported now that we have proper tests.

All in all 26 bugs fixed. Thanks to everybody who contributed bug reports and fixes.

Tags: debian, planetdebian.
Debian Fun in April 2017
4th May 2017

Debian LTS

April marked the 24th month I contributed to Debian LTS under the Freexian umbrella. I had 8 hours allocated plus 4 hours left from March which I used by:

Other Debian stuff


Released versions 0.8.14 and 0.8.15. Notable changes besides bug fixes:

The versions are also available on pypi.

Tags: debian, planetdebian.
Debian Fun in February 2017
2nd March 2017

Debian LTS

February marked the 22nd month I contributed to Debian LTS under the Freexian umbrella. I had 8 hours allocated which I used by:

Other Debian stuff

Some other Free Software activities

Nothing exciting, just some minor fixes at several places:

Tags: debian, planetdebian.
Debian Fun in January 2017
2nd February 2017

Debian LTS

November marked the 21st month I contributed to Debian LTS under the Freexian umbrella. I had 8 hours allocated which I used for:

Other Debian stuff

Some other Free Software activites

Tags: debian, planetdebian.
Debian Fun in December 2016
9th January 2017

Debian LTS

November marked the 20th month I contributed to Debian LTS under the Freexian umbrella. I had 8 hours allocated which I used by:

Other Debian stuff

Some other Free Software activites

Tags: debian, planetdebian.
Debian Fun in November 2016
9th December 2016

Debian LTS

November marked the nineteenth month I contributed to Debian LTS under the Freexian umbrella. I had 7 hours allocated which I used completely by:

Other Debian stuff

Some other Free Software activites

Tags: debian, planetdebian.
Debian Fun in October 2016
3rd November 2016

Debian LTS

October marked the eighteenth month I contributed to Debian LTS under the Freexian umbrella. I spent 10 hours (out of allocated 9)

Other Debian stuff

Some other Free Software activities

Tags: debian, planetdebian.
Debian Fun in September 2016
9th October 2016

Debian LTS

September marked the seventeenth month I contributed to Debian LTS under the Freexian umbrella. I spent 6 hours (out of 7) working on

Other Debian stuff

Other Free Software activities

Tags: debian, planetdebian.
Debian Fun in August 2016
6th September 2016

Debian LTS

August marked the sixteenth month I contributed to Debian LTS under the Freexian umbrella. I spent 9 hours (of allocated 8) mostly on Rails related CVEs which resulted in DLA-603-1 and DLA-604-1 fixing 6 CVEs and marking others as not affecting the packages. The hardest part was proper testing since the split packages in Wheezy don't allow to run the upstream test suite as is. There's still CVE-2016-0753 which I need to check if it affects activerecord or activesupport.

Additionally I had one relatively quiet week of LTS frontdesk work triaging 10 CVEs.

Other Debian stuff

Tags: debian, planetdebian.
Foreman's Ansible integration
19th August 2016

Gathering from some recent discussions it seems to be not that well known that Foreman (a lifecycle tool for your virtual machines) does not only integrate well with Puppet but also with ansible. This is a list of tools I find useful in this regard:

There's also support for triggering ansible runs from within Foreman itself but I've not used that so far.

Tags: ansible, planetdebian, planetfsfe, theforeman.
Debian Fun in July 2016
3rd August 2016

Debian LTS

July marked the fifteenth month I contributed to Debian LTS under the Freexian umbrella. As usual I spent the 8 hours working on these LTS things:

Other Debian stuff

Tags: debian, planetdebian.
Debian Fun in June 2016
2nd July 2016

Debian LTS

June marked the fourteenth month I contributed to Debian LTS under the Freexian umbrella. I spent the 8 hours working on these LTS things:

Other Debian stuff

Besides the usual bunch of libvirt* uploads I addressed several bugs in git-buildpackage, upload pending.

Tags: debian, planetdebian.
Debian Fun in May 2016
10th June 2016

Debian LTS

May marked the thirteenth month I contributed to Debian LTS under the Freexian umbrella. I spent the 17.25 hours working on these LTS things:

Other Debian stuff

Tags: debian, planetdebian.
Debian Fun in April 2016
8th May 2016

Debian LTS

April marked the twelfth month I contributed to Debian LTS under the Freexian umbrella. I only spent 2 hours (instead of expected 11,25) working on LTS things:

The missing hours will be caught up during May - hopefully also by working on a QEMU/libvirt update in Wheezy should there be any interest - so I've you're relying on QEMU/KVM in wheezy now would be a good time to comment on it.

Other Debian things

Tags: debian, planetdebian.
Debian Fun in March 2016
9th April 2016

Debian LTS

March was the eleventh month I contributed to Debian LTS under the Freexian umbrella. In total I spent 13 hours (of allocated 11.00 + 5.25h from last month) working on preparing for wheezy-lts:

Other Debian things

Tags: debian, planetdebian.
More sandboxing
25th March 2016

More sandboxing

When working on untrusted code or data it's impossible to predict what happens when one does a:

bundle install --path=vendor


npm install

Does this phone out your private SSH and GPG keys? Does a

evince Downloads/justdownloaded.pdf

try to exploit the PDF viewer? While you can run stuff in separate virtual machines this can get cumbersome. libvirt-sandbox to the rescue! It allows to sandbox applications using libvirt's virtualization drivers. It took us a couple of years (The ITP is from 2012) but we finally have it in Debian's NEW queue. When libvirt-sandbox creates a sandbox it uses your root filesystem mounted read only by default so you have access to all installed programs (this can be changed with the --root option though). It can use either libvirt's QEMU or LXC drivers. We're using the later in the examples below:

So in order to make sure the above bundler call has no access to your $HOME you can use:

sudo virt-sandbox \
   -m ram:/tmp=10M \
   -m ram:$HOME=10M \
   -m ram:/var/run/screen=1M \
   -m host-bind:/path/to/your/ruby-stuff=/path/to/your/ruby-stuff \
   -c lxc:/// \
   -S $USER \
   -n rubydev-sandbox \
   -N dhcp,source=default \

This will make your $HOME unaccessible by mounting a tmpfs over it and using separate network, ipc, mount, pid and utc namespaces allowing you to invoke bundler with less worries. /path/to/your/ruby-stuff is bind mounted read-write into the sandbox so you can change files there. Bundler can fetch new gems using libvirt's default network connection.

And for the PDF case:

sudo virt-sandbox \
  -m ram:$HOME=10M \
  -m ram:/dev/shm=10M \
  -m host-bind:$HOME/Downloads=$HOME/Downloads \
  -c lxc:/// \
  -S $USER \
  -n evince-sandbox \
  --env="DISPLAY=:0" \
  /usr/bin/evince Downloads/justdownloaded.pdf

Note that the above example shares /tmp with the sandbox in order to give it access to the X11 socket. A better isolation can probably be achieved using xpra or xvnc but I haven't looked into this yet.

Besides the command line program virt-sandbox there's also the library libvirt-sandbox which makes it simpler to build new sandboxing applications. We're not yet shipping virt-sandbox-service (a tool to provision sandboxed system services) in the Debian packages since it's RPM distro specific. Help on porting this to Debian is greatly appreciated.

Tags: debian, libvirt, planetdebian, planetfsfe.
Contatacs, CardDAV, Calypso and the N900
9th March 2016

As a follow up to calendar synchronisation with calypso, syncevolution and the N900 running maemo I finally added contacts to the mix:

on the phone

When you have the calendar sync already running it's as simple as:

First start ssh on the n900 to ease typing:

apt-get install dropbear
echo /bin/sh >> /etc/shells
cd /etc/dropbear && ./run

SSH into the phone and configure contacts synchronization:

cat <<EOF > ~/.config/syncevolution/webdav/sources/addressbook/config.ini
backend = CardDAV
database =

And perform the initial sync:

syncevolution --sync slow webdav addressbook

From there on you can sync contacts and calendars in one go with:

syncevoluton webdav

Looking at the calypso logs on the server it seems that syncevoluton does not always generate an FN entry and so the card gets skipped. This doesn't harm the overall sync, but I need to have a look how to fix this.

on the laptop

In order to use the contacts im mutt there's pycarddav packaged in Debian. This is basically following upstreams documentation.

sudo apt-get install pycarddav
mkdir -p ~/.config/pycard
cp /usr/share/doc/pycarddav/examples/pycard.conf.sample ~/.config/pycard/pycard.conf
# Edit file as needed

cat ~/.config/pycard/pycard.conf
[Account username]
user: username
write_support = YesPleaseIDoHaveABackupOfMyData

where: vcard


debug: False

To use the entries in mutt add the just extend your .muttrc:

cat <<EOF >>~/.muttrc
set query_command="pc_query -m %s"
macro index,pager B "<pipe-message>pycard-import<enter>" "add sender address to pycardsyncer"

This allows you to query contacts using Q and add new conatcs with CTRL-B in mutt's index and pager.

Calypso Changes

We recently moved calypso's git repository to alioth and started to merge several out of tree patches. More will happen during this years Debian Groupware Meeting including a new upload to Debian.

Tags: groupware, maemo, planetdebian, planetfsfe.
Debian Fun in February 2016
8th March 2016

Debian LTS

February was the tenth month I contributed to Debian LTS under the Freexian umbrella. In total I spent 7 hours (of allocated 11.15 hours) working on squeeze-lts:

… and to make sure we have fewer issues that are fixed in squeeze-lts but affect wheezy …

On non LTS time I cooked up a script to make it simpler to check if a package has security support in a certain release.

Now that squeeze-lts is history I'd like to thank the Debian Security Team for their help and answers to all the questions related to security tracker, DSAs, DLAs and whatnot. I'm looking forward to wheezy-lts now…

Other Debian stuff

Tags: debian, planetdebian.
Debian Fun in January 2016
10th February 2016

Debian LTS

January was the ninth month I contributed to Debian LTS under the Freexian umbrella. In total I spent 13 hours working on:

There was no progress on using the same nss in all suites. This will continue in February as does the Squeeze-lts Wheezy forward porting.

Other Debian stuff

Tags: debian, planetdebian.
Debian Fun in December 2015
9th January 2016

Debian LTS

December was the eighth month I contributed to Debian LTS under the Freexian umbrella. It was a bit of a funny month since most of the time most open CVEs were already taken care of by other team members (which is nice) but it resulted in me not releasing a single DLA which feels weird.

Nevertheless in total I spent nine hours working on:

On unpaid time I introduced some usertags for tracking our non DLA related activities (although it seems I'm currently the only user).

Other Debian stuff

Tags: debian, planetdebian.
Creating views in Jenkins using jenkins-job-builder-addons
14th December 2015

I'm often using jenkins-job-builder to automatically create jenkins jobs since writing them in YAML is more comfortable then doing large amounts of jobs in the GUI, it serves consistency and helps automation.

For views and build pipelines I so far resorted to other tools (like templates in the config management tool at use) but now there's jenkins-job-builder-addons by jimbydamonk. Creating a delivery pipeline view and the "All" view then gets as simple as:

- job:
    name: MyApp
    project-type: folder
      - delivery_pipeline:
          filter-executors: false
          filter-queue: false
          folder: true
            - name: Deploy
              first-job: app-deploy-test
          name: myapp-deploy-pipeline
          build-view-title: "MyApp Deploy Pipeline"
          number-of-pipelines: 3
          show-aggregated-pipeline: true
          number-of-columns: 1
          sorting: none
          show-avatars: false
          update-interval: 1
          allow-manual-triggers: true
          show-total-buildtime: true
          allow-rebuild: true
          allow-pipeline-start: true
      - all:
         folder: true
         name: All

This also uses the folder plugin to make sure the views end up in separate files. It currently needs a slightly patched jenkins-job-builder with this patch applied.

Putting this here since I hit jenkins-job-builder-addons mostly by accident. Once jenkins-job-builder catched up I'll look into packaging this for Debian.

Tags: continuous-delivery, jenkins, planetdebian.
Running ansible's integration tests
9th December 2015

ansible is a great tool for deployments. While it doesn't ship that many unit tests it comes with heaps of integration tests that can be run using:

git submodule update --init
. hacking/env-setup
cd test/integration

after cloning the repo from here.

However when working on individual parts one often only wants to test a single role. This can be done via:

git submodule update --init
. hacking/env-setup
cd test/integration
ansible-playbook -e @integration_config.yml -i"testhost," -c local test_filters.yml

when e.g. working on some new filers or when you want to run one of the destructive modules, test_apt in this case:

git submodule update --init
. hacking/env-setup
cd test/integration
# Destructive tests usually need sudo
sudo ansible-playbook -e @integration_config.yml -i"testhost," -c local destructive.yml --tags=test_apt

The list of available tags can be ssen in test/integration/destructive.yml.

Just putting it here since I just found myself digging this out the second time.

Tags: ansible, continuous-delivery, planetdebian.
Debian Fun in November 2015
6th December 2015

Debian LTS

November was the seventh month I contributed to Debian LTS under the Freexian umbrella. In total I spent ten hours working on:

Other Debian stuff

Tags: debian, planetdebian.
Debian Fun in October 2015
7th November 2015

Debian LTS

October was the sixth month I contributed to Debian LTS under the Freexian umbrella. In total I spent four hours working on:

Besides that I did CVE triaging of 16 CVEs to check if and how they affect oldoldstable security as part of my LTS front desk work.

I also added some very basic indentation support to our CVE/list Emacs major-mode on non LTS time.

Other Debian stuff

Tags: debian, planetdebian.
Debian work in September 2015
7th October 2015

Debian LTS

September was the fifth month I contributed to Debian LTS under the Freexian umbrella. In total I spent eight hours working on:

Besides that I did CVE triaging of 9 CVEs to check if and how they affect oldoldstable security as part of my LTS front desk work.

Other Debian work

I finally sent out the summary of the 8th Debian Groupware Meeting we had in the Linuxhotel earlier this year and gave a short talk about Debian at the Zarafa Tour in the Netherlands.

Tags: debian, planetdebian.
Debian work in August 2015
4th September 2015

Debian LTS

August was the fourth month I contributed to Debian LTS under the Freexian umbrella. In total I spent four hours working on:

Besides that I did CVE triaging of 9 CVEs to check if and how they affect oldoldstable security as part of my LTS front desk work.

Debconf 15 was a great opportunity to meet some of the other LTS contributors in person and to work on some of my packages:


git-buildpackage gained buildpackage-rpm based on the work by Markus Lehtonnen and merging of mock support is hopefully around the corner.

Debconf had two gbp skill shares hosted by dkg and a BoF by myself. A summary is here. Integration with dgit as (discussed with Ian) looks doable and I have parts of that on my todo list as well.

Among other things gbp import-orig gained a --merge-mode option so you can replace the upstream branches verbatim on your packaging branch but keep the contents of the debian/ directory.


I prepared an update for libvirt in Jessie fixing a crasher bug, QEMU error reporting. apparmor support now works out of the box in Jessie (thanks to intrigeri and Felix Geyer for that).

Speaking of apparmor I learned enough at Debconf to use this now by default so we hopefully see less breackage in this area when new libvirt versions hit the archive. The bug count wen't down quiet a bit and we have a new version of virt-manager in unstable now as well.

As usual I prepared the RC candidates of libvirt 1.2.19 in experimental and 1.2.19 final is now in unstable.

Tags: debian, planetdebian.
Debian work in July 2015
7th August 2015

July was the third month I contributed to Debian LTS under the Freexian umbrella. In total I spent eight hours working on:

Besides that I did CVE triaging of 11 CVEs to check if and how they affect oldoldstable security as part of my LTS front desk work.

Tags: debian, planetdebian.
Debian work in June 2015
4th July 2015

June was the second month I contributed to Debian LTS under the Freexian umbrella. In total I spent ten hours working on:

Besides that I did CVE triaging of 17 CVEs to check if and how they affect oldoldstable security. The information provided by the Security team on these issues in data/CVE/list is an awesome help here. So I tried to be as verbose when triaging CVEs that weren't looked at for Wheezy or Jessie yet.

On non LTS time I patched our lts-cve-triage tool to allow to skip packages that are already in dla-needed.txt. This avoids wasting time on CVEs that were already triaged.

Tags: debian, planetdebian.
Debian work in May
5th June 2015

May was the first month I started to contribute to Debian LTS under the Freexian umbrella. In total I spent six hours working on:

My current work flow looks like

Now I have an already patched source tree to add the backported patches to. Especially in cases where the Jessie version is already fixed this makes it rather quick to get an idea what the affected versions are and to see how the code evolved over time.

In order for this to work properly I made (on non LTS time) some improvements to gbp:

Tags: debian, planetdebian.
whatmaps 0.0.9
18th January 2015

I have released whatmaps 0.0.9 a tool to check which processes map shared objects of a certain package. It can integrate into apt to automatically restart services after a security upgrade.

This release fixes the integration with recent systemd (as in Debian Jessie), makes logging more consistent and eases integration into downstream distributions. It's available in Debian Sid and Jessie and will show up in Wheezy-backports soon.

This blog is flattr enabled.

Tags: debian, planetdebian, planetfsfe, planetgnome, whatmaps.
krb5-auth-dialog 3.15.4
17th January 2015

To keep up with GNOMEs schedule I've released krb5-auth-dialog 3.15.4. The changes of 3.15.1 and 3.15.4 include among updated translations, the replacement of deprecated GTK+ widgets, minor UI cleanups and bug fixes a header bar fix that makes us only use header bar buttons iff the desktop environment has them enabled:

krb5-auth-dialog with header bar krb5-auth-dialog without header bar

This makes krb5-auth-dialog better ingtegrated into other desktops again thanks to mclasen's awesome work.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetfsfe, planetgnome.
Testing a NetworkManager VPN plugin password dialog
12th October 2014

Testing the password dialog of a NetworkManager VPN plugin is as simple as:

echo -e 'DATA_KEY=foo\nDATA_VAL=bar\nDONE\nQUIT\n' | ./auth-dialog/nm-iodine-auth-dialog -n test -u $(uuid) -i

The above is for the iodine plugin when run from the built source tree. This allows one to test these dialogs although one didn't see them since ages since GNOME shell uses the external UI mode to query for the password.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetfsfe, planetgnome.
Bits from the 7th Debian groupware meeting
29th April 2014

The seventh Debian Groupware Meeting was held in the LinuxHotel, Essen, Germany. We had one remote hacker from NYC which brings the number of attendants up to 9. This is a short summary of what happened during the weekend:

Since we had a nice mix of first time Debian contributors, Debian Maintainers and Debian Developers we had lots of room for discussion and co-working which made this an exciting weekend.

Groupphoto by Carsten Schönert

Tags: debian, planetdebian, planetfsfe.
Truncating git history
21st February 2014

When starting to work on a new project I start from an empty git repository right away so I can try out different ideas, revert easily, can diff against old versions (to check if I missed something) and have a commit history to record fixmes and todos. However when making the repo public these things are not of much interest anymore so I truncate the history. To be on the save side I want to keep that history locally though. Assuming the repo is on master, I do:

# 1.) Move the old master out of the way
git branch -m branch master oldmaster
# 2.) Get the current tree at HEAD
tree=$(git rev-parse HEAD^{tree})
# 3.) Create a new commit without ancestry
commit=$(git commit-tree -m "Initial commit" $tree)
# 4.) Make this the new master
git branch master $commit
# 5.) Switch to the new branch
git checkout master

Done. One can now add a remote and push the master branch. The old history is still there locally on the completely detached commit history ending at oldmaster:

$ git log --pretty=short --graph --decorate master oldmster

* commit d5cf3371eaefbaa8efac10c0fb9e7597da17b423 (HEAD, master)
  Author: Guido Günther <>

      Initial commit

* commit 64103ff72bde13d7ec4cf0489ad2a80f3ac249d3 (oldmster)
| Author: Guido Günther <>
|     Another uninteresting commit message
* commit bd7332a79380bb217eca09cbd7f6ff0e5174deb8
| Author: Guido Günther <>
|     Uninteresting commit message
... <more old history>

Update: Uli Heller pointed out that this is the same as using git checkout's --orphan option.

Tags: planetdebian, planetfsfe.
CrystalHD progress
30th November 2013

Following up on my port of the crystalhd plugin to the gstreamer 1.0 api I realized that the CrystalHD repo is pretty dormant. After reading slomo's nice article about GStreamer and hardware integration and a short off list mail exchange I decided to split the GStreamer part out of the CrystalHD repo and to try to get the plugin into gst-plugins-bad.

Since the kernel part is already in linux kernel's staging area there would not be much left in the repo except for the libcrystalhd library itself and the firmware blobs. So I split them out as well and started to clean them up a bit by moving it to autoconf/automake, dropping the need for a C++ compiler and adding symbol versioning among other things.

So up to know video is still smooth with:

gst-launch-1.0 filesrc location=sample.mp4 ! decodebin ! xvimagesink

after jhbuilding up to gst-plugins-bad.

There are #ifdefs for macosx and windows but I doubt they're functional but in case anybody is building libcrystalhd on these these platforms it'd be great to know if it still works.

Should these efforts lead to the crystalhd plugin being merged into GStreamer getting the kernel driver out of staging would be a great next step.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetfsfe, planetgnome, wetab.
Calendar synchronisation between Nokia N900 and the Calypso CalDAV server
5th June 2013

One of the replies to the post about Debian's last groupware meeting was from Patrick Ohly of syncevolution fame pointing out that syncevolution already implements calendar autodetection for CalDAV calendars as described in draft-daboo-srv-caldav-10.

While looking at the code I noticed that there's a backend for the N900s calendar by Ove Kåven as well.

When I tried Ove's latest package on my N900 it lead to an immediate crash when doing a:

syncevolution --print-items target-config@webdav calendar

According to Patrick the bug was supposed to be fixed in recent versions so I set up scratchbox and built a newer git snapshot for maemo (sources). This wouldn't crash but didn't show up any items either. It turned out to be a minor bug in calypso returning no content type for REPORT queries which resulted in libneon discarding the whole reply (now already fixed in calypso upstream).

With this out of the way setting up synchronisation is quiet simple:

# Configuration
syncevolution --configure username=<username> password=<password> \
              calendar/backend=caldav calendar/database=https://${CALDAV_SERVER}:5233/private/my_calendar \
              target-config@webdav calendar
syncevolution --configure --template SyncEvolution_Client sync=none syncURL=local://@webdav username= password= webdav
syncevolution --configure sync=two-way backend=calendar webdav calendar

You should then be able to print the items on the local (N900) and from the remote (CalDAV server) end:

# This lists the current calendar items on the server
syncevolution --print-items target-config@webdav calendar
# This lists the current calendar items on the N900
syncevolution --print-items @default calendar

And from there on sync away:

# initial slow sync
syncevolution --sync slow webdav
# from there on
syncevolution webdav

The syncevolution source code has great documentation about debugging problems (e.g. src/backends/webdav/README). So check that in case you run into problems. The tl;dr version is

SYNCEVOLUTION_DEBUG=1 src/syncevolution loglevel=10 --print-items target-config@webdav calendar

to debug CalDAV related problems. In case you need to run syncevoluton from source be sure to set these beforehand:

export SYNCEVOLUTION_XML_CONFIG_DIR=$PWD/src/syncevo/configs/

On the CalDAV side I used current Calypso git which (with some additional minor fixes) now also interoperates nicely with Iceowl/Icowl-Extension aka Sunbird/Lightning on the desktop side. There's also an ITP for it. So it'll hopefully end up in Debian soon.

Update: in order to do ssl verification with syncevolution/libneon you have to put the CAs certificate to /etc/ssl/certs on the N900 and do a

c_rehash /etc/ssl/certs

otherwise syncevolution won't ve able to verify the server's certificate.

Tags: debian, groupware, maemo, planetdebian, planetfsfe.
Bits from the 6th Debian groupware meeting
29th April 2013

The sixth Debian Groupware Meeting was held in the LinuxHotel, Essen, Germany. We had one remote hacker from NYC which brings the number of attendants up to nine - an all time high! This is a short summary of what happened during the weekend:

Groupphoto by Carsten Schönert

Tags: debian, planetdebian.
gst0.10-crystalhd ported to gstreamer 1.0
22nd March 2013

Following up on using Debian on the WeTab with GNOME Shell I figured accelerated video using the built in CrystalHD to save battery power and CPU cycles would be nice to have. There's even a Debian package available but not for gstreamer 1.0 (which is used by GNOME 3.6) so I had a look at gstreamer's plugin writers guide and porting guide and updated the driver. Packages are here until there's a new upstream version or Debian package release.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetgnome, wetab.
Accelerometer and screen orientation in GNOME3
23rd February 2013

Following up on using Debian on the WeTab with GNOME Shell I had a look at automatically adjusting the screen orientation when rotating the device.

The accelerometer is handled in the asus_laptop module since kernel 3.2, so this shows up in /proc/bus/input/devices:

I: Bus=0019 Vendor=0000 Product=0000 Version=0000
N: Name="Pegatron Lucid Tablet Accelerometer"
P: Phys=pega_accel/input0
S: Sysfs=/devices/platform/asus_laptop/input/input4
U: Uniq=
H: Handlers=event4 js0 
B: EV=9
B: ABS=7

Whenever the screen orientation changes the driver emits a udev event. The helper in /lib/udev/accelerometer processes it thanks to /lib/udev/rules.d/61-accelerometer.rules, determines the orientation and adds the ID_INPUT_ACCELEROMETER_ORIENTATION property to the event which can be checked with udevadm monitor --property:

UDEV  [5778.534171] change   /devices/platform/asus_laptop/input/input4 (input)
NAME="Pegatron Lucid Tablet Accelerometer"

This is captured by gnome-settings-daemon (>=3.2) that adjusts the screen rotation using xrandr2 accordingly. This can be checked by running gnome-settings-daemon with --debug. The old way of using xinput events is no longer supported.

Unfortunately Debian's udev has a minor bug that misdetects the input device so this patch is needed to have the screen orientation changed automatically on the WeTab.

This blog is flattr enabled.

Tags: gnome, planetdebian, wetab.
GTK+3 CSS for touch screens
17th February 2013

Following up on using Debian on the WeTab with GNOME Shell I've put together a bit of GTK+3 CSS to make it more touch friendly. It's in the same git repo as the OSK extension. If you put the gtk.css into ~/.config/gtk-3.0/gtk.css scrollbars will be a bit larger and the padding between widgets will be increased over the default theme:

Larger scroll bar Larger scroll bar

This will need more work since some of the sliders look a bit a awkward now so any enhancements will be greatly appreciated. The docs for GTK3's CSS are here.

This blog is flattr enabled.

Tags: gnome, planetdebian.
GNOME Shell and On Screen Keyboard
28th December 2012

Running Debian on the WeTab with GNOME Shell without an external keyboard works pretty nicely. The on screen keyboard - if enabled via the accessibility menu - folds out automatically in the shell itself within text input fields. To have this within GTK+3/GTK+2 applications you need libcaribou-gtk3-module and libcaribou-gtk-module installed. For other cases I stitched together a small extension that puts a keyboard "Button" prominently into the middle of the panel. Clicking/touching it will fold it out, clicking again will hide it again. You can fetch it from

git clone git:// ~/.local/share/gnome-shell/extensions/

and activate it via

 gsettings set enabled-extensions "['']"

OSK Button Screenshot

For kinetic scrolling in Iceweasel I'm currently using Grab and Drag which is not yet packaged for Debian.

Thanks to the Debian's GNOME packaging team gnome-shell 3.6 is already available in experimental.

This blog is flattr enabled.

Tags: debian, gnome, planetdebian.
Preseeding Debian virtual machines with virt-install
13th October 2012

Interactively installing Debian virtual machines with virt-install without having to download anything in advance can already be done by pointing it to a Debian mirror via --location. But you can also add files to the initrd after downloading using --initrd-inject. Upstreams intended use is for kickstart files but we can also feed it a preseed.cfg to automate the whole installation:

virt-install --connect=qemu:///system \
             --location=\-i386 \
             --initrd-inject=/path/to/preseed.cfg \
             --extra-args="auto" \
             --name d-i --ram=512 \

preseed.cfg is a regular preseed file (as described in the Debian Wiki) in your local filesystem. I'm using this one for Squeeze and Wheezy VMs. It must be named preseed.cfg in order for d-i to pick it up from the initrd. This also works for URLs like qemu+ssh://<remotehost>/system/ since virt-install uses libvirt's streaming API to upload the kernel and modified initrd to the remote host.

In case you're running this on an i386 you'll need this fix which already sits in experimental.

This blog is flattr enabled.

Tags: debian, libvirt, planetdebian.
Bits from the 5th Debian Groupware Meeting
11th April 2012

This went out to d-d-a already but I figured that this might be of interest here too:

The fifth Debian Groupware Meeting was held in the LinuxHotel, Essen, Germany. Eight persons attended which is an all time high! This is a short summary of what happened during the weekend:

Tags: debian, planetdebian, planetfsfe.
Iodine plugin for network-manager
24th February 2012

During FOSDEM I finally got around to hack on a iodine plugin for network manager. Given a suitably prepared server on the other end this allows you to tunnel connections over DNS when all other traffic is firewalled. The basic configuration only needs the domain name set:

Network Manager Iodine Configuration

You can grab the sources from, a Debian package is also available.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetgnome.
git-buildpackage in experimental
26th January 2012

I've started uploading snapshots of git-buildpackage to experimental recently. Here's a short list of what changed over the version in wheezy and sid:

This blog is flattr enabled.

Tags: debian, git, planetdebian.
GNOME Prepaid Manager 0.0.3
28th December 2011

A recent trip to Switzerland made me dig out my prepaid card for UMTS usage again. This resulted in some minor enhancements for Prepaid Manager. The new release handles disabled and missing modems more reliably. It also has some visual feedback if we know the length of the top up code:

GNOME Prepaid Manager screenshot

This blog is flattr enabled.

Tags: gnome, planetdebian, planetgnome.
Testing libvirt and KVM/QEMU with libvirt-tck
13th November 2011

Debian's libvirt in unstable finally passes the Technology Compatibility Kit (libvirt-tck) for qemu:///system:

Files=59, Tests=1579, 315 wallclock secs ( 0.77 usr  1.02 sys + 31.40 cusr 10.14 csys = 43.33 CPU)
Result: PASS

We're running libvirt's internal test suite since 0.9.0 but this doesn't launch any real virtual machines to check things like suspend, resume, snapshotting, migration and it doesn't create storage pools and volumes or networks. This means a lot of testing was done manually with each release.

libvirt-tck provides a framework to perform these kinds of integration testing between libvirt and it's drivers, comes with hundreds of testcases already and it's easy to set up since it's available in experimental:

apt-get install -t experimental libvirt-tck

Edit /etc/libvirt-tck/default.cfg if you don't want to use the default connection URI. Then just run libvirt-tck:


Since this is supposed to stress libvirtd and the hypervisor and since it creates and deletes storage pools, networks and virtual machines it's recommended to run this on a dedicated system to make sure the tests don't blow away any precious config.

If a test fails one can debug that single test using:

LIBVIRT_TCK_CONFIG=/etc/libvirt-tck/default.cfg prove --verbose /usr/share/libvirt-tck/tests/hooks/051-daemon-hook.t

This already revealed errors in our package like a missing parted build dependency breaking the creation of disk based storage pools, bugs in libvirt, crashes in QEMU and minor errors in the test suite itself. We're currently cheating a bit since the tests for hooks and nwfilter are currently disabled due to license problems with the used Perl modules.

libvirt-tck can easily be integrated into Jenkins since it can now use libtap-formatter-junit-perl to generate JUnit XML. To do so simply configure a free-style software project to execute these commands:

rm -f libvirt-tck.xml
sudo libvirt-tck --timer --format junit --force > libvirt-tck.xml

allow Jenkins to run libvirt-tck as root

jenkins ALL=(ALL) NOPASSWD: /usr/bin/libvirt-tck --timer --format junit --force

and configure it to publish a JUnit test result report.

Currently I'm only running the tests for qemu:///system so any help running and debugging this for LXC, VirtualBox or XEN is very welcome.

Many thanks go to Salvatore Bonaccorso for packaging the missing Perl modules needed by libvirt-tck.

Tags: debian, libvirt, planetdebian.
GNOME Prepaid Manager 0.0.2
14th August 2011

The new release switches to GDBus and adds an application icon. Together with the recently released Modem Manager 0.5 it's now able to fetch the balance information via USSD on Huawei and ZTE modems as well.

GNOME Prepaid Manager Icon

This blog is flattr enabled.

Tags: gnome, planetdebian, planetgnome.
Puppet Git Hooks
29th July 2011

During todays very interesting Puppet Skills Exchange given by Christian Hofstaedtler at Debconf 11 it was recommended to syntax check puppet manifests in git commit hooks. Since I wanted to do the same some time ago and I couldn't find anything that does manifests, ruby and erb I wrote some hooks that can be either used on commit or on the remote site when receiving the update. The git archive of this can be found at:

git clone git://

This blog is flattr enabled.

Tags: debian, planetdebian, puppet.
Squeeze Debian Installer Images for SGI Indy and SGI O2
24th June 2011

Due to two totally different bugs in tip22 the d-i netinstall images for IP22 (SGI Indy) and IP32 (SGI O2) won't boot the installer correctly.

Tip22 is responsible for merging a minimal loader, kernel and initramfs into a single ELF or ECOFF binary, depending on the architecture. This can then be fetched by the machine's ARC PROM via tftp.

A fixed tip22 has been uploaded to unstable and updated images are available from here until we can get this fixed via stable-proposed-updates.

This blog is flattr enabled.

Tags: debian, mips, planetdebian.
GNOME Prepaid Manager, ModemManager and Huawei modems
31st May 2011

I've made a first release of GNOME Prepaid Manager a couple of days ago after switching to GTK+3, GSettings and PyGObject's GObject introspection but it still wasn't that useful since the very common Huawei chipsets (present in many UMTS USB sticks) weren't working due to some missing code in ModemManager.

GNOME Prepaid Manager screenshot

Thanks to Dan's great description I just got around to add that which should make ppm useful to more people.

This blog is flattr enabled.

Tags: gnome, planetdebian, planetgnome.
Bits from the 4th Debian groupware meeting
12th April 2011

This went out to d-d-a a couple of days ago already but I figured that this might be of interest here too:

The fourth Debian Groupware Meeting was held in the LinuxHotel, Essen, Germany. This is a short summary of what happened during the weekend:

Tags: debian, planetdebian.

RSS Feed