unwind: wildcard in blacklist

Soon, unwind will have support wildcard in blacklist.

Here, a change that makes any domain in the blacklist that starts with ‘.’, which is not a legal name due to an empty label, is treated as any subdomain on that zone.

This means that .example.com blocks all requests to any subdomain of example.com, but allows example.com.

Changes: https://marc.info/?l=openbsd-cvs&m=173244784522937&w=2

GNU Guix: Guix/Hurd on a Thinkpad X60

GNU Guix: Guix/Hurd on a Thinkpad X60

A lot has happened with respect to the Hurd
since our Childhurds and GNU/Hurd
Substitutes

post. As long as two years ago some of you have been
asking
for a
progress update and although there have been
rumours

on a new blog post for over a year, we
were
kind of
waiting for
the rumoured x86_64
support
.

With all the exciting progress on the Hurd coming available after the
recent (last?) merger of
core-updates

we thought it better not to
wait
any
longer. So here is a short overview of our Hurd work over the past
years:

NetDDE and Rumpdisk support

Back in 2020, Ricardo Wurmus added the NetDDE
package

that provides Linux 2.6 network drivers. At the time we didn’t get to
integrate and use it though and meanwhile it bitrotted.

After we resurrected the NetDDE
build
,
and with kind help of the Hurd
developers

we finally managed to support NetDDE for the
Hurd.
.
This allows the usage of the Intel 82573L Gigabit Ethernet Controller
of the Thinkpad X60 (and many other network cards, possibly even
WIFI). Instead of using the builtin kernel driver in GNU Mach, it
would be running as a userland driver.

What sparked this development was upstream’s NetBSD rumpdisk support
that would allow using modern hard disks such as SSDs, again running
as a userland driver. Hard disk support builtin in GNU Mach was
once considered to be a nice hack but it only supported disks up to
128 GiB…

First, we needed to fix the cross build on
Guix
.

After the initial attempt at rumpdisk support for the
Hurd

it took
(v2)

some
(v3)

work
(v4)

to finally arrive at rumpdisk support for the Hurd, really, *really*
(v5)

Sadly when actually using them, booting hangs:

start: pci.arbiter:

What did not really help is that upstream’s rumpkernel archive was
ridiculously
large
.
We managed to work with upstream to remove unused bits from the
archive. Upstream created a new archive that instead of 1.8 GiB (!) now
“only” weighs 670 MiB.

Anyway, after a lot of building, rebuilding, and debugging and some
more with kind help from
upstream

we finally got Rumpdisk and NetDDE to run in a
Childhurd
.

GNU Guix: Guix/Hurd on a Thinkpad X60

Initial Guix/Hurd on the Thinkpad X60

Now that the last (!) core-updates merge has finally happened (thanks
everyone!), the recipe of installing Guix/Hurd has been much
simpfilied. It goes something along these lines.

  1. Install Guix/Linux on your X60,

  2. Reserve a partition and format it for the Hurd:

    mke2fs -o hurd -L hurd /dev/sdaX
  3. In your config.scm, add some code to add GRUB menuentries for
    booting the Hurd, and mount the Hurd partition under /hurd:

    (use-modules (srfi srfi-26)
                 (ice-9 match)
                 (ice-9 rdelim)
                 (ice-9 regex)
                 (gnu build file-systems))
    
    (define %hurd-menuentry-regex
      "menuentry "(GNU with the Hurd[^{"]*)".*multiboot ([^ n]*) +([^n]*)")
    (define (text->hurd-menuentry text)
      (let* ((m (string-match %hurd-menuentry-regex text))
             (label (match:substring m 1))
             (kernel (match:substring m 2))
             (arguments (match:substring m 3))
             (arguments (string-split arguments #space))
             (root (find (cute string-prefix? "root=" <>) arguments))
             (device-spec (match (string-split root #=)
                            (("root" device) device)))
             (device (hurd-device-name->device-name device-spec))
             (modules (list-matches "module ([^n]*)" text))
             (modules (map (cute match:substring <> 1) modules))
             (modules (map (cute string-split <> #space) modules)))
        (menu-entry
         (label label)
         (device device)
         (multiboot-kernel kernel)
         (multiboot-arguments arguments)
         (multiboot-modules modules))))
    
    (define %hurd-menuentries-regex
      "menuentry "(GNU with the Hurd[^{"]*)" \{([^}]|[^n]\})*n\}")
    (define (grub.cfg->hurd-menuentries grub.cfg)
      (let* ((entries (list-matches %hurd-menuentries-regex grub.cfg))
             (entries (map (cute match:substring <> 0) entries)))
        (map text->hurd-menuentry entries)))
    
    (define (hurd-menuentries)
      (let ((grub.cfg (with-input-from-file "/hurd/boot/grub/grub.cfg"
                        read-string)))
        (grub.cfg->hurd-menuentries grub.cfg)))
    
    ...
    (operating-system
       ...
      (bootloader (bootloader-configuration
                   (bootloader grub-bootloader)
                   (targets '("/dev/sda"))
                   (menu-entries (hurd-menuentries))))
      (file-systems (cons* (file-system
                             (device (file-system-label "guix"))
                             (mount-point "/")
                             (type "ext4"))
                           (file-system
                             (device (file-system-label "hurd"))
                             (mount-point "/hurd")
                             (type "ext2"))
                           %base-file-systems))
      ...)
  4. Create a config.scm for your Hurd system. You can get
    inspiration from bare-hurd.tmpl
    and inherit from %hurd-default-operating-system. Use
    grub-minimal-bootloader and add a static-networking-service-type.
    Something like:

    (use-modules (srfi srfi-1) (ice-9 match))
    (use-modules (gnu) (gnu system hurd))
    
    (operating-system
      (inherit %hurd-default-operating-system)
      (bootloader (bootloader-configuration
                   (bootloader grub-minimal-bootloader)
                   (targets '("/dev/sda"))))
      (kernel-arguments '("noide"))
    ...
      (services
        (cons*
          (service static-networking-service-type
                   (list %loopback-static-networking
                         (static-networking
                          (addresses
                           (list
                            (network-address
                             (device "eth0")
                             (value "192.168.178.37/24"))))
                          (routes
                           (list (network-route
                                  (destination "default")
                                  (gateway "192.168.178.1"))))
                          (requirement '())
                          (provision '(networking))
                          (name-servers '("192.168.178.1")))))
        ...)))
  5. Install the Hurd. Assuming you have an ext2 filesystem mounted
    on /hurd, do something like:

    guix system build --target=i586-pc-gnu vuurvlieg.hurd --verbosity=1
    sudo -E guix system init --target=i586-pc-gnu --skip-checks 
        vuurvlieg.hurd /hurd
    sudo -E guix system reconfigure vuurvlieg.scm
  6. Reboot and…

Hurray!

We now have Guix/Hurd running on
Thinkpad
.

Guix/Hurd GRUB menu on ThinkpadX60

Guix/Hurd running on ThinkpadX60

Guix/Hurd on Real Iron

While the initial manual install on the X60 was an inspiring
milestone, we can do better. As mentioned above, just recently the
installer learnt about the
Hurd
,
right after some smaller problems were addressed, like guix system init creating essential devices for the Hurd, not attempting to run a
cross-built grub-install to install Grub, soft-coding the hard-coded
part:1:device:wd0 root file-system, adding support for booting
Guix/Hurd more than once.

To install Guix/Hurd, first, build a 32bit installation image and copy
it to a USB stick:

guix system image --image-type=iso9660 --system=i686-linux gnu/system/install.scm
dd if=/gnu/store/cabba9e-image.iso of=/dev/sdX status=progress
sync

then boot it on a not-too-new machine that has wired internet
(although installation over WIFI is possible, there is currently no
WIFI support for the installed Hurd to use it). On the new Kernel
page:

Installer Kernel page

choose Hurd. Do not choose a desktop environment, that’s not
available yet. On the Network management page:

Installer Network management page

choose the new Static networking service. In the final
Configuration file step, don’t forget to edit:

Installer Configuration file page

and fill-in your IP and GATEWAY:

Installer Edit static networking

You may want to add some additional packages such as git-minimal
from (gnu packages version-control) and sqlite from (gnu packages sqlite).

If you also intend to do Guix development on the Hurd—e.g., debugging
and fixing native package builds—then you might want to include all
dependencies to build the guix package, see the
devel-hurd.tmpl
for inspiration on how to do that. Note that any package you add must
already have support for cross-building.

Good luck, and let us know if it works for you and on what kind of
machine, or why it didn’t!

What’s next?

In an earlier
post

we tried to answer the question “Why bother with the Hurd anyway?” An
obvious question because it is all too easy to get
discouraged
, to downplay or underestimate the
potential social impact of GNU and the Hurd.

The most pressing problem currently is that the guix-daemon fails
when invoking guix authenticate on the
Hurd
, which means that we cannot
easily keep our substitutes up to date. guix pull is known to work
but only by pulling from a local branch doing something like:

mkdir -p ~/src/guix
cd src/guix
git clone https://git.savannah.gnu.org/git/guix.git master
guix pull --url=~/src/guix/master

kinda like we did it in the old days. Sometimes it seems that guix
does not grok the sqlite store database. This is needs to be resolved
but as sqlite does read it this can be easily worked around by doing
something like:

mv /var/guix/db/db.sqlite /var/guix/db/db.sqlite.orig
sqlite3 /var/guix/db/db.sqlite.orig .dump > /var/guix/db/db.sqlite.dump
sqlite3 -init /var/guix/db/db.sqlite.dump /var/guix/db/db.sqlite .quit

Also, the boot process still fails to handle an unclean root file
system. Whenever the Hurd has suffered an unclean shutdown, cleaning
it must currently be done manually, e.g., by booting from the
installer USB stick.

Upstream now has decent support for 64bit (x86_64) albeit with more
bugs and fewer
packages
.
As mentioned in the overview we are now
working

to have
that

in
Guix

and have
made

some progress:

Hello Guix 64bit Hurd

more on that in another post. Other interesting task for Guix
include:

  • Have guix system reconfigure work on the Hurd,
  • Figure out WiFi support with NetDDE (and add it to installer!),
  • An isolated build
    environment
    (or better
    wait for, err, contribute to the Guile
    guix-daemon
    ?),
  • An installer running the Hurd, and,
  • Packages, packages, packages!

We tried to make Hurd development as easy and as pleasant as we could.
As you have seen, things start to work pretty nicely and there is
still plenty of work to do in Guix. In a way this is “merely
packaging” the amazing work of others. Some of the real work that
needs to be done and which is being discussed and is in progress right
now includes:

All these tasks look daunting, and indeed that’s a lot of work ahead.
But the development environment is certainly an advantage. Take an
example: surely anyone who’s hacked on device drivers or file systems
before would have loved to be able to GDB into the code, restart it, add
breakpoints and so on—that’s exactly the experience that the Hurd
offers. As for Guix, it will make it easy to test changes to the
micro-kernel and to the Hurd servers, and that too has the potential to
speed up development and make it a very nice experience.

Join #guix and #hurd on
libera.chat or the mailing
lists
and get involved!

Managing third-party packages in 9front

Every now and then, news from the club I’m too cool to join, the plan9/9front community, pierces the veil of coolness and enters our normal world. This time, someone accidentally made a package manager for 9front. I’ve been growing tired of manually handling random software, so I decided to find a simple way to automate the process and ended up making a sort of “package manager” for 9front¹. It’s really just a set of shell scripts that act as a frontend for git and keep a simple database of package names and URLs. Running the pkginit script will ask for a location to store the source files for installed packages (/sys/pkg by default) which will then be created if non-existent. And that’s it! No, really. Now you can provide a URL for a git repository to pkg/add. ↫ Kelly “bubstance” Glenn As I somehow expected from 9front, it’s quite a simple and elegant system. I’m not sure how well it would handle more complex package operations, but I doubt many 9front systems are complex to begin with, so this may just be enough to take some of the tedium out of managing software on 9front, as the author originally intended. One day I will be cool enough to use 9front. I just have to stay cool.

ARY News 10 AM Headlines | 24th Nov 2024 | Interner services down due to protest#ptiprotest…

Video by via Dailymotion Source #ptiprotest #mobileservice #internetservice #headlines #arynews Follow the ARY News channel on WhatsApp: https://bit.ly/46e5HzY Subscribe to our channel and press the bell icon for latest news updates: http://bit.ly/3e0SwKP ARY News is a leading Pakistani news channel that promises to bring you factual and timely international stories and stories about Pakistan, sports, … Read more

Skills You Need to Learn to Become a Professional Programmer (Developer) #programming #technology

Video by via Dailymotion Source Embark on your programming journey with Brainy Knowledge Hub’s guide to the “Skills You Need to Learn to Become a Professional Programmer (Developer)”! 🚀👩‍💻 Explore fundamental languages, problem-solving techniques, version control, web development, database management, frameworks, cybersecurity, and crucial soft skills. Whether you’re a coding novice or aspiring pro, these … Read more

“Carta de Florianópolis” é divulgada ao final da reunião do Consórcio de Integração do Sul e Sudeste

Video by via Dailymotion Source A 12ª reunião do Consórcio de Integração do Sul e Sudeste foi encerrada neste sábado (23). Os governadores dos estados envolvidos divulgaram a “Carta de Florianópolis”, o texto traz medidas a serem tomadas e sugestões principalmente sobre as agendas de segurança, meio ambiente e reforma tributária. Acacio Miranda e Luiz … Read more

Elvish Yadav ने Bigg Boss 18 की Contestant Nyra Banerjee से किया सवाल, तो Actress हुईं हैरान!

Video by via Dailymotion Source Natasa was spotted in the city with Elvish Yadav on Friday night. She also dropped a reel with him as they vibed together on Natasa’s song ‘Tere Krke’. Incidentally, it was Hardik Pandya’s first birthday yesterday post their divorce. Watch video to know more… #ElvishYadav #NatasaStankovic #ElvishYadavNatasaStankovic #HardikPandya #bollywood #bollywoodgossips … Read more