Due to popular demand I moved debian apt and python-apt from bzr to git today. Moving was pretty painless:

$ git init
$ bzr fast-export --export-marks=marks.bzr -b debian/sid /path/to/debian-sid | git fast-import --export-marks=marks.git

And then a fast-import for the debian-wheezy and debian-experimental branches too. Then a

$ git gc --aggressive

(thanks to Guillem Jover for pointing this out) and that was it.

The branches are available at:

• http://anonscm.debian.org/gitweb/?p=apt/apt.git
• http://anonscm.debian.org/gitweb/?p=apt/python-apt.git.

For a project of mine I created a small app based on webkitgtk that talks to a SSL server.

And I almost forgot about the libsoup default behavior for SSL certificates checking. By default libsoup and therefore webkitgtk will not do any SSL certificate checks. You need to put something like the following snippet into your code (adjust for your language of choice):

from gi.repository import WebKit

session = WebKit.get_default_session()
session.set_property("ssl-use-system-ca-file", True)

If you don’t do this it will accept any certificate (including self-signed ones).

This is documented behavior in libsoup and they don’t want to change it for compatiblity reasons in libsoup. But for webkit its unexpected behavior (at least to me) and I hope the webkitgtk developers will consider changing this default in webkit. I filed a bug about it. So if you use webkitgtk and SSL, remember to set the above property.

I use the PassHash firefox extension to generate site-specific strong passwords. The idea behind the extension is that a master password and a siteTag (e.g. the domain name) is used to generate a sha1 hash. This hash is used as the password for the website. In python its essentially this code:

h = hmac.new(master_pass, site_tag, hashlib.sha1)
print(b64encode(h.digest())[:hash_len])

I want a commandline utility that can output me PassHash compatible hashes when I use w3m (or if the extension stops working for some reason).

To my delight I discovered that the upstream git repNice and hard to brute-force.o of PassHash already has a python helper to generate passhash compatible password. I added some tweaks to add pythons argparse [1] and now I’m really happy with it:

$ ./tools/passhash.py --hash-size 14 slashdot.org
Please enter the master key: 
KPXveo7bq7j1%X

Hard to brute-force and matches what the extension generates.

I uploaded squid-deb-proxy into Debian unstable today and its in the NEW queue. I created it back in the days of Ubuntu 10.04 and some people voiced interest in having it in Debian as well so I spend a bit of time to get it customized for Debian.

Squid-deb-proxy uses the well known squid proxy with a custom configuration to cache deb package and Indexfiles (like Packages.gz) that will allow caching from the default archives and mirrors and reject anything else by default.

The basic philosophy is that “it just works”. You run on your server:

root@server# apt-get install squid-deb-proxy

and on your clients:

root@client# apt-get install squid-deb-proxy-client

and that’s it. It does not require any fiddling with configuration (unless you want to ). The default will let you connect to .debian.org and nothing else.

The server will announce itself via avahi as _apt_proxy._tcp and the
client will hook into apt to use Acquire::http::ProxyAutoDetect. The
client is useful for other servers that announce themself via avahi.

Packaging was a bit more work than anticipated because there is a bit of setup and teardown work in the initscript. For Debian as sysvinit script was needed, Ubuntu uses upstart so it took a bit of refactoring to extract the code into a common helper.

If you want to try it now, its available via:

$ bzr branch lp:squid-deb-proxy
$ cd squid-deb-proxy
$ bzr-buildpackage

and in unstable once it leaves the NEW queue.

A while ago I played with sqlite. Its pretty awesome. When using the full text search (fts) extension it also provides super fast full text searching. One of the things I was missing (compared to other engines) is the similar text suggestion (“Did you mean?”) support. Fortunately this is relatively easy to add via the fts4aux virtual table that sqlite supports.

I pushed a full example of to https://github.com/mvo5/sqlite-fts-did-you-mean. The way it works is that you build a set of similar words and use that to query for the “term” value from the fts4aux table.

Here is the output from the example:

$ ./fts_did_you_mean.py aptx
Did you mean:
 apex (rank: 2)
 apt (rank: 1)
time 0.024138927459716797

I wrote gdebi a long time ago to make it really easy to install .deb package with proper dependency resolution from the commandline and via a gtk (and kde) UI. But another neat (but not very well known) feature of the gdebi-core cli tool is to install the build-dependencies of a debian source package. If you run:

$ gdebi debian/control

in a unpacked debian source package it will check for missing build-dependencies and offer to install them.

There is a new 0.80~exp2 version of unattended-upgrades available. This would normally be fine for debian/sid but because of the freeze I decided to put it into experimental. Some nice features like adding a “–verbose” mode that shows the actual dpkg output when
running and codename based matching plus some nice fixes from Brian Murray (thanks!).

The codename based matching is interessting as it allows writing a matcher like “n=wheezy” (or more verbose “codename=wheezy”) in the config file. You can use “apt-cache policy” (without further arguments) to see what origins are available.

Enjoy and let me know if you find any issues issues!

I got a Music Shield from Seeedstudio a while ago. Its fun to play with but the example source did not quite work for me. So I ported it over to the the new SD library from arduino 1.0 and published a google plus post about it. Some people asked me about the source so I pushed the result to launchpad and github. I also filed a upstream request to include it.

If you tried to reach me via my ubuntu.com mail in the last couple of days you got a 550 error. There seems to be some misconfiguration on the ubuntu.com mailserver, I hope it gets fixed soon. You can use my mvo at debian.org in the meantime.

I created a small extension for sqlite3 today to allow order by debian version easily. This allows writing:

.load "./debversions.so";
SELECT * FROM packages ORDER BY version COLLAT debversion_compare;

And it will do the right ordering. Its available on launchpad.

As OMGUbuntu already posted here the software-center team is working on a gtk3 version that implements a new GUI design. Thanks to the team and especially the wonderful Matthew McGowan we now have the gtk3 version mostly working. Its part of the normal software-center packages as of version 4.1.12. It installs alongside the current gtk2 software-center. For now gtk2 is still the default, but if you run “software-center-gtk3″ on a oneiric system you will get the new UI (and all the new bugs)

I just uploaded a new apt to oneiric. Its a ABI break so there will be short time that the archive is in a state of churn while the packages are rebuild against the new ABI. But the good news is that apt finally got dpointers so we will require less ABI breaks in the future. Plus we moved the library into a proper library package making the transitions much easier from now on.

In natty we got a new tool called “apt-clone”. Its a commandline application that can be used to clone the packages state of a system and restore it on another system. It will save the full state (sources.list, packages/versions installed, auto-installed inforrmation) and optionally using dpkg-repack in order to save not/no-longer downloadable package (like debs that got installed manually via e.g. gdebi or dpkg -i). The file is pretty small because it just stores references to the files in the archive. One nice feature of the restore is that it can be applied to a different root directory (creating a chroot). I use this to reproduce upgrade issues and its really handy for this. Whats missing currently is modified conffiles detection, but there is some work on this in trunk.

I merged a branch from Bilal Akhtar for update-manager the other day to add unity quicklist support (thanks Bilal!). While at it I added the updates count to the launcher too. Small change, but I really like it

There is another cool feature in software-center in natty that I would like to show today. If you have the package “qtnx” (in universe) installed you will be able to “test-drive” a lot of the available applications in software-center without having to actually install them. They are run via the NX protocol on a remove server with pretty good speed. Its all possible thanks to Stéphane Grabers Weblive.

This is what it loks like (notice the “Test drive” button below the screenshot):

And here what happens when I press test-drive and its connected (connecting takes about a minute currently).

A pretty nice (but not much known) piece in apt is the “mirror” method that will automatically select a good mirror based on your location. Putting:
deb mirror://mirrors.ubuntu.com/mirrors.txt natty main restricted universe multiverse
on the top in your sources.list should be all that is needed to make it automatically pick a mirror for you based on your geographical location. With the recent apt upload some issues (mostly in the UI) have been fixed and it should be in good shape now. Feedback for this feature is welcome!

One of the new features in natty is the “apt-btrfs-snapshot” package. Its for people who use a btrfs install of natty. Once installed it will automatically create filesystem snapshot (of everything but /home) when apt installs/removes/upgrades. With the apt-btrfs-snapshot cli app its easy to list/remove/rollback the snapshots. Its build on top of the btfs snapshot feature and will work out of the box with the filesystem layout that a natty alpha3 btrfs install creates.

The software-center team is happy to announce that the “was this review useful” feature can now be used. Its in the code since a while, but it was not visible because the server had a bug in the data returned. This is fortunately fixed now This will also influence the sorting of the reviews (helpful reviews appear first). Aaron Peachey made the client happen. And the unstoppable Matthew McGowan did great UI work.

Ratings&reviews support for software-center has landed last night in natty. A important step for us, thanks for all who were involved and a special thanks to our friends from the ISD team who made the server part of this work ready to rock.

Showing the overview page with ratings

While the software-center team is currently focusing on ratings&reviews there are still some nice features landing in trunk. One I particularly like is the new search suggestions feature. It will suggest spelling corrections for package names or generic search terms:

It also offers suggestions when a search inside a category has no results: