Author Archives: Josh Smith

Upgrade to PC-BSD 10.1 is Now Live!

Hey everyone!

Kris has made the update to 10.1 live on the servers. To upgrade to 10.1 you can simply open the update GUI and start the update from there. You will notice the update takes a little longer to complete, but the good news is it runs in the background and there are no unexpected resets :).

If you are on the EDGE repo you most likely have the newest broken version of pkg which will need to be fixed before upgrading. To fix pkg:

% pkg install –f pkg

After that you should be in business. Please send us your feedback and / or any questions!

10.1 New Update Manager Backend — Call for Testers

Hey testers a new beta update is available to upgrade your systems from 10.x to 10.1. The beta instructions have been sent out to the PC-BSD Testing e-mail list if you would like to participate in the testing. For more information you can email me @ [email protected] or sign up for the testing mailing list @ http://lists.pcbsd.org/mailman/listinfo/testing.

Thanks!

–Josh

Open Letter to the PC-BSD Community Regarding Upgrading to 10.1

We are aware of an issue where many of you have been experiencing some frustrating issues involving the update to PC-BSD 10.1. While we constantly strive for a stable easy going process with PC-BSD in use and in upgrading, sometimes issues appear that were not prevalent during our testing. We are working on a new upgrade patch that will hopefully solve the upgrade problem for some of you who have still not been able to successfully upgrade to 10.1. What we are planning on doing is incorporating just freebsd-update to handle this upgrade for the kernel and let the packages be installed seperately after the kernel has been upgraded.

Going forward we have some ideas on how we can improve the updating process to give a better end user experience for PC-BSD. Just one idea we’ve been thinking about is giving ourselves a little more time before letting RELEASE updates become available to the public. During the extra time period we can ask some of our more advanced users to go ahead and install the “beta” updates and provide us with feedback if issues come up that we were not able to find during our initial testing of the update. This will also let us examine many more different types of system setups.

We want to thank all of you for being avid PC-BSD supporters and want you to understand we are 100% dedicated to providing the BEST BSD based desktop operating system in the world. Going forward our goal is to provide an upgrade experience that is not only simple, but also has gone through much more rigorous testing by our dedicated community to ensure the quality everyone here is looking for.

Thanks!

–Josh

Need community feedback on new role system for PC-BSD

Hey everyone! We are considering a new way to install a more
customized PC-BSD experience called “Roles”. Roles would be a
installation experience for PC-BSD that would allow more flexibility
and a more focused package installation based on what you need or want
for your role. If you are a web developer maybe you need an IDE or
packages specifically focused on that. If you are wanting the best
desktop workstation experience maybe you would get an installation
with libreoffice and some other productivity apps.

We hope to also be able to bring these different roles to you in the
form of pre-made virtualbox / vmware images that are ready to be
rolled out. This would hopefully save you a little bit of time as
they’d be significantly smaller by not including a bunch of
unnecessary packages for your role. You would also be able to select
during a normal PC-BSD DVD / USB installation whether or not you want
to use a pre-defined role to setup your system.

We need your help and input to define what roles are important to you
as users and what packages you would suggest that they include. (I.E.
if you are installing a
{developer/web-designer/network-admin/consumer} workstation, what
would be the custom set of packages you need? You can contribute to
the discussion by responding on the forums, blog, or mailing lists.

Forum link: https://forums.pcbsd.org/showthread.php?t=23266

Pootle Translation System is now Updated to Version 2.5.1.1!

If any of you have tried to use the PC-BSD Translation / Pootle web interface in the last year you probably don’t have a lot of good things to say about it.  A 35 word translation might take you a good 30 minutes between the load times (if you could even login to the site without it timing out).  Thankfully those days are behind us!  PC-BSD has upgraded their translation system to use Pootle version 2.5.1.1 and it is blazingly fast.  I went through localizing a small 35 word applet for PC-BSD and it took me roughly 4 minutes compared to what would have taken at least half an hour before due to the slowness of the old pootle software.  Check out the new translation site at translate.pcbsd.org.

There’s a couple of things you are going to want to keep in mind about the new translation system.  You will have to create a new account.  Upgrading Pootle directly was proving disastrous so we exported all the strings and imported them into the new Pootle server.  What this means is no accounts were transferred since a direct upgrade was not done.  This also means that the strings that were brought in also appear as “fuzzy” translations.  If you have some free time you can help by going to the translation site and approving some of the fuzzy translations.  Many languages have already been done they just need to be reviewed and marked as acceptable (uncheck the fuzzy box if you are 100% certain on the translation).

I hope you guys are as excited as I am over the new translation possibilities!  For more information on how you can help with localization / translating contact me at [email protected]

Best Regards,

–Josh

 

PC-BSD YouTube Channel

Hey everyone just a quick heads up we’ve just started a PC-BSD YouTube channel!  If you want to check it out you can follow this link https://www.youtube.com/channel/UCyd7MaPVUpa-ueUsGjUujag.  Don’t forget to subscribe for new videos and if you have a video or tutorial you’d like to submit send it my way!  We only have a couple videos right now so we need your help to grow our channel :).  Also we’d love for you to submit your ideas we can do for videos in the future.

Thanks!

BASH shell bug

As many of you are probably aware, there is a serious security issue that is currently all over the web regarding the GNU BASH shell.  We at the PC-BSD project are well aware of the issue, a fix is already in place to plug this security hole, and packages with this fix are currently building. Look for an update to your BASH shell within the next 24 hours in the form of a package update.

As a side note: nothing written by the PC-BSD project uses BASH in any way — and BASH is not built-in to the  FreeBSD operating system itself (it is an optional port/package), so the level of severity of this bug is lower on FreeBSD than on other operating systems.

According to the FreeBSD mailing list: Bryan Drewery has already sent a notice that the port is fixed in FreeBSD. However, since he also added some good recommendations in the email for BASH users, we decided to copy that email here for anyone else that is interested.
_______________

From: Bryan Drewery — FreeBSD mailing list

The port is fixed with all known public exploits. The package is
building currently.

However bash still allows the crazy exporting of functions and may still
have other parser bugs. I would recommend for the immediate future not
using bash for forced ssh commands as well as these guidelines:

1. Do not ever link /bin/sh to bash. This is why it is such a big
problem on Linux, as system(3) will run bash by default from CGI.
2. Web/CGI users should have shell of /sbin/nologin.
3. Don’t write CGI in shell script / Stop using CGI :)
4. httpd/CGId should never run as root, nor “apache”. Sandbox each
application into its own user.
5. Custom restrictive shells, like scponly, should not be written in bash.
6. SSH authorized_keys/sshd_config forced commands should also not be
written in bash.
_______________

For more information the bug itself you can visit arstechnica and read the article by clicking the link below.

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

PC-BSD Feature Digest 31 — Warden CLI upgrade + IRC Announcement

Hey everyone!  After a brief hiatus from feature updates we are back!  We’ve switched from Fridays to Mondays and rather than trying to get an update out every week we aren’t on a specific schedule.  We will continue to push out these feature updates when we have some cool new features come out we think you’ll want to know about.

The Warden and PBI_add backend (CLI)  management tools have received some exciting new features we’d like to tell you about.  You can now create jails on the fly when adding a new PBI to your application library.  For instance say you’re adding a PBI using the “pbi_add” command and you want to install the PBI into a new jail that you haven’t created yet.  You would specify:  “sudo pbi_add –J apache” without the quotes to create a default named jail with the PBI apache installed directly into it.  The –J being the new flag that specifies the creation of the new jail.

There’s also a new option now to do a bulk jail creation.  By simply using the new –bulk and –ip4pool flag you can easily roll out your preset number of jails quickly and efficiently.  To use this cool new feature just type:  “warden create <jailname> –bulk 5 –ip4pool 192.168.0.2″ and voila you’ve got 5 brand spanking new jails created in no time starting at IP address 192.168.0.2 .

The PC-BSD team is now hanging out in IRC!  Get involved in the conversation and come  visit us on Freenode in channel #pcbsd.  We look forward to seeing you there!

Weekly Feature Digest 30

Hey PC-BSDers!  This week we’ve been gearing up for the next release of PC-BSD version 10.0.2.   In preparation for the next release we have been fine tuning some of the new features and making sure the loose ends are tied up.   We were also able to close out a good amount of trac tickets this week and commit the fixes for 10.0.2.

In other news / updates this week:

AppCafe

  • Fix a bug where the orphan package filter was also filtering out some base apps.
  • Randomize the browser home page so that it only show 10 random “recommended” and “highlighted” applications.
  •  Add a ton more recommended/highlighted applications to the repo file.
  • Fix some minor display bugs
  • Add menu option to view the recent vulnerability information for ports through freshports.
  • Fix the sizing information for installed meta-pkgs (will show the combined sizes of the direct dependencies instead)
  • Fix the sizing information for available applications (will now show the combined size of all the packages that need to be downloaded/installed for that app)

EasyPBI

  •  Add the ability to fetch/read the pkg-plist for a given pkg.
  • Add a “bulk” module creation side to EasyPBI which allows for creating PBI modules for an entire FreeBSD category at a time (with all sorts of filters and options)
  • Make EasyPBI automatically create up to 5 desktop/menu entries for graphical applications.
  • Make the application binaries detected/usable within the module editor for creating new desktop/menu entries.

Lumina

  • Quick fix for filenames that have spaces in them
  • Quick fix for making sure that when launching an app it is in the same general system environment. This allows apps like firefox/thunderbird to see other instances of themselves and act appropriately.
  • lumina-config - Make sure the menu options actually work

Miscellaneous Fixes / improvements

  • Fixed several warden bugs relating to new jail creation / package management
  • Imported the latest ports and Gnome3 / Cinnamon for 10.0.2
  • Fixed some issues prompting for GELI password from GRUB and then mountroot
  • Fixed a critical bug with new CUPS 1.7.0 breaking foomatic-rip and associated print drivers
  • Imported the latest PEFS code into 11-CURRENT and backported it to our 10-STABLE branches
  • Fixed bugs with system update tray notifier not showing freebsd-update” notifications
  • Migrated one of my build systems to 11-CURRENT and got it setup for doing PKG/ISO builds
  • Misc other trac tickets fixed / closed in cleanup process
  • Many other cosmetic / doc bugs fixes as Dru submitted them
  • Started investigating bug with BE/GRUB failing if the first dataset is destroyed

Weekly Feature Digest 29 — PBING

We’ve been seeing a lot of confusion and questions about the PBI changes that were recently pushed out those of you running the Edge package sets, and Ken Moore was nice enough to break the changes down in this week’s PC-BSD weekly digest.

First, a little history about the PBI system.
It was initially created when the only/primary application distribution method for FreeBSD was the ports system — meaning that any FreeBSD user who wanted frequent updates to their applications needed to manually compile/install any application through the FreeBSD ports tree on a fairly regular schedule. The PBI system was designed as an alternative to provide simple application packages that could easily be downloaded and installed without the need for the user to compile any source code at all. As an added benefit, the PBI system installed these applications into a seperate container on the system — leaving all the “complicated” system configuration and integration to still be run through the FreeBSD ports system. This allowed PC-BSD to have a stable base system for a release (because the base system packages would almost never get touched/updated), while at the same time provide the ability to keep the main end-user applications up to date between releases.

Now fast-forward a bit to the PC-BSD 10 series.
At this time the FreeBSD ports system, while still existing for the “hardcore” users, has mainly been replaced by the pkgng distribution system for general system/application usage. This has provided quite a bit of confusion for PC-BSD users, because they now had two different ways to install applications, and each application on the system would behave differently depending on how that particular application was installed. To make the distibution model simpler for PC-BSD, the PBI files were already being created from pkgng packages (ensuring that there was a lot less compiling done on the build servers), and those packages were simply being collected into “fat files” with a few compatibility scripts and such thrown in for good measure.This meant that there was a lot of duplication between the pkg and PBI systems, resulting in a lot of effort to maintain compatibility between the two systems. The main problem however, was that the special PBI runtime container itself was causing all sorts of system stability issues. Since the release of PC-BSD 10.0 we have actually tried 3 or 4 different types of application runtime containers, each of which was designed to solve a critical flaw in the previous version, but always kept running into large limitations/problems with each new type of container.

At this point we decided to take a step back and refocus on what the PBI system was originally intended to do — provide a “Push Button Installer” to install and run applications while keeping things as simple as possible for the end user. With this definition for the PBI system, it makes perfect sense that the pkgng system should be chosen  as our default application installation method for a couple reasons:
1) Integration with the system environment for things like setting up and running default applications works a lot better (mimetype integration/use).
2) Startup/runtime speed. Applications installed to the base system simply startup and run a lot faster than the ones that are installed into the containers.
3) User Confusion. Lots of people simply did not understand that the “contained” application libraries/files were not installed to the normal location on the system, and that an application in a container could not easily see or use the system-installed applications.

The next-generation PBI system.
This re-implementation is designed so that it no longer uses the “PBI Containers” exclusively and instead returns to its original goal — to provide a simple interface for the end user to install/use applications of all types and in all ways. This means that it is now a system that uses the pkgng packages as it’s basis — but provides all sorts of other information/functionality that the pkgng system does not fully support yet (such as mimetype integration, desktop/menu entries, and graphical information like icons for applications). Additionally, it also provides a number of enhancements to how the user can utilize the different pkgng packages, mainly through how the packages get installed.

1) Standard pkgng installation to the base system.
This allows the user a simple interface to install/remove application on the base system while providing a number of additional safety checks to prevent random “foot-shooting”.

2) Jail management.
By running the AppCafe on the base system, you can now manage all the applications/packages in any of the running jails on your system. Combined with the Warden for creating/managing different kinds of jails, the user now has a simple way to manage and run applications that (for security reasons) should never be installed/used from the base system (such as web servers or network-facing services).

3) Application containers with plugins!
By using the “portjail” creation options in the Warden, you now have a method to safely contain a graphical application while also allowing for a system of installing/removing optional packages into that jail for plugin support without touching your base system packages (very similar to our previous container system, but with a few more layers of separation between the jail and the system).

4) Other installation methods.
Because the PBI system is now installation-method agnostic (almost), we can provide support for alternate types of installation methods (such as into specialized containers like our previous PBI versions have had). While we do not have any other installation methods included at the moment, we can add new methods relatively easy in the future if those installation methods do not break system stability.

So what does this mean for a PC-BSD user?
1) Access to thousands more applications and plugins by default through the AppCafe. The “PBI” applications will show up with things like screenshots, available plugins, nice looking icons, user ratings/tips, and more while you also have the ability to install and use the “raw packages” (which will always have the icon of a box/package) even if the nicer recommendations and information is not available for that raw package.

2) Less confusion about application installations. Since applications will always be installed/integrated into the local system by default, this will prevent a lot of confusion in people who are used to the standard FreeBSD/Linux/Unix installation methods and file locations for applications.

3) Greater flexibility for different installation methods to suite your specific needs. System installation, traditional jail installation, portjail installation, additional future types of installations, it give the user freedom to truly run the system as you need, rather than forcing you to use a particular system that might not be what you were looking for.

Weekly Feature Digest 28 — Photos of the new AppCafe re-design.

Hey everyone just a quick update tonight as much of the work has been the same as last week :).   I’ve uploaded a couple of pics to show how the new AppCafe integration with pkgng will look.  In the first picture below you’ll see a similar looking app information screen with some sweet new features.  The biggest thing you might notice right away is the 5 star rating system in the top left corner under “Firefox”.  In the new AppCafe clicking the stars will immediately pop-up the app’s wiki page allowing you to rate the program.  We are also looking into the ability to add comments as well that will also populate into AppCafe.  Also many programs (especially GUI based applications) will have screenshots in AppCafe to allow you to check them out before you download them to your system.

Notice below right this is the main “installed applications” screen.  Here you’ll be able to view all of your installed apps and also filter them based on a few presets built into AppCafe.   Similar to the package manager, the new AppCafe will pull more information from the package repository about installed packages for you to review.

Important Correction:  I realized after talking with Kris and Ken that I was slightly confused over the new role of pkgng and how it will affect PC-BSD going forward.  pkgng is replacing the PBI system in future versions of PC-BSD and AppCafe.  PBI’s will be immediately  & automatically converted over to use pkgng instead once users update to the next big PC-BSD release.  If you have any further questions we will be glad to answer them for you, and I aplogize for the information discrepancy!

appcafe1       appcafe2

 

 

Weekly Feature Digest 27 — Software System Redesign

PC-BSD has long been very flexible about how you can install software. You have PBI’s, packages, and ports available with just a couple clicks or via a couple of simple terminal commands. For a long time the PBI format has served as an excellent solution for people who may need an offline package install, or just simply prefer the ease and simplicity the PBI format has to offer especially via the AppCafe. Perhaps the “Achilles’ Heel” of this situation is that we have also been severely limited on the amount of software that the AppCafe has to offer as packages had to first be converted into the PBI format.

This week we are announcing a radical change that we think will benefit all PC-BSD users in ways that were previously unthinkable. The PC-BSD team has begun work during the last couple of weeks redesigning our PC-BSD utilities (AppCafe, Update Center) to work with our pkgng software repository that we are currently building to contain detailed information about all the software available through packages and PBIs. What this means for you is that in the near future PC-BSD will have a much broader software pool to pull from, and will not be limited anymore by only having a small subset of PBI’s. You will now be able to install packages and PBI’s in one place, while also being able to update and manage both in one place.

You may be asking yourself “why the change?”. Over the last several months we have noticed a considerable amount of our time has been going into compatibility and fixes for PBIs. So much time in fact that other important development had to be postponed and / or sidelined while we worked on bringing PBIs up to speed. We are hoping by adopting appcafe and the PBI format to work in tandem with pkgng, that we will be able to refocus our efforts on other important endeavours.

We will have more information available soon as development continues on how you can get involved with testing out the new features and submitting ideas to help the project along. Let us know what you think about the changes. Are we headed in the right direction? Do you have ideas related to the redesign that you’d like to contribute? Let us know!

Key Features:

Much larger software library. Instead of 800 available appcafe applications think more like 10000+
Detailed information on all the software available including packages in one place
Ability to search and filter your results to show
Improved compatibility across desktop environments
New rating system is being developed for grading the quality of packages in the AppCafe library

Weekly Feature Digest 26 — The Lumina Project and preload

This week the PC-BSD team has ported over preload, which is an adaptive readahead daemon. It monitors applications that users run, and by analyzing this data, predicts what applications users might run, and fetches those applications and their dependencies to speed up program load times. You can look for preload in the next few days in edge packages and grab it for testing on your own system.

There is an early alpha version of the Lumina desktop environment that has been committed to ports / packages. Lumina is a lightweight, stable, fast-running desktop environment that has been developed by Ken Moore specifically for PC-BSD. Currently it builds and runs, but lacks many other features as it is still in very early development. Grab it from the edge packageset and let us know what you think, and how we can also improve it to better suit you as a user!

Other updates this week:

* Fixed some bugs in ZFS replication causing snapshot operations to take
far longer than necessary
* Fixed an issue with dconf creating files with incorrect permissions
causing browsers to fail
* Added Lumina desktop ports / packages to our build system
* PC-BSD Hindi translation 100% complete
* improvements to the update center app
* Update PCDM so that it will use “pw” to create a user’s home directory if it is missing but the login credentials were valid. This should solve one of the last reported issues with PCDM and Active Directory users.
* Bugfix for pc-mounttray so that it properly ignores the active FreeBSD swap partition as well.
* Another small batch of 10.x PBI updates/approvals.

PC-BSD Weekly Feature Digest 25

Most of you have already heard of the Heartbleed vulnerability, the flaw in OpenSSL encryption. For any of you that may not be aware (which is probably precious few), the Heartbleed vulnerability is basically a flaw that may allow a malicious user to gain access to information that is supposed to be kept safe through OpenSSL. The good news is that the FreeBSD project and PC-BSD have both released fixes that will apply to versions 10.x. If you are currently running a machine with PC-BSD 9.x you are using an earlier version of openSSL that does not have the vulnerability, so no action is necessary to protect yourself from this. If you are running PC-BSD version 10.x make sure to use the “system updater” to apply the security patch to openSSL. After applying the fix reboot your computer and you should be good to go.

Kris has finished a new PBI run-time that will fix a number of stability issues users may have been experiencing while using PBI’s. The fix has also subsequently helped speed up load times for some of the larger PBI’s that may have been hanging or taking a long time to load.

Update Center is moving foward, and has received some fine-tuning this week to help bring it into PC-BSD as the one-stop utility for managing updates. We’d like to add a special thanks to the author Yuri for primary design and layout for the update center. Ken will also be working to help smooth out GUI design elements and help with integrating it fully into PC-BSD.

Other Updates / Bug Fixes:

* Updated openssl packages for 10.0 PRODUCTION/EDGE
* Patched issue with KRDC using FreeRDP version in ports
* A new 9.2 server has been spun up and building PBIs for 9.2 again. (Server failed earlier this week)
* Started work on PBI runtime for Linux compat applications
* Another large chunk of work on Lumina
* Bugfixes for pc-mixer (showing the proper icons)
* Life-Preserver bugfixes
* Large update to the available 10.x PBIs. All updates are finished, a few new applications were also added.
* Bugfixes on a number of PBI’s (waiting on rebuilds to test/approve the new fixed apps)
* Hindi translation project now about 75% complete