Gentoo

I’ve been a happy Gentoo user for the last few years. There’s so much to like about it: built from source with only what you need and Portage beats the pants off RPM, among many other reasons. But lately, I’ve been getting a little annoyed with it.

My annoyance has to do with the releases … or lack thereof. And, the communication about said “delays” … or lack thereof.

There used to be four Gentoo releases a year. A few years ago, they went to two releases a year. Last year, they completely skipped 2007.1 release. Now, we’re three months into 2008 and the 2008.0 release, which was supposed to be released to the public as stable on March 17th, hasn’t even been seeded to mirrors for public beta yet. 2007.0 is still the official stable release of Gentoo - a release that is more than a year old at this point.

This wouldn’t be a big deal if I didn’t really need an updated live CD to do installs with. I have new machines with an onboard SATA controller that isn’t supported by the kernel in the 2007.0 release but is supported by the 2.6.23 kernel which was in the Gentoo sources at the time. I was at an impasse, unable to install Gentoo on my equipment until I got around it by compiling my own updated kernel and rolling my own live CD. But, I wouldn’t have had to do that if the Gentoo release team could at least come close to hitting their release schedule. I’m not asking for the universe - just get within the same month as the schedule says and we’ll call it good.

There’s also been disturbingly little communication about the reasoning behind these “delays.” There was one post to the site about the 2007.1 release being cancelled. There’s been no communication on the site whatsoever about the delay with 2008.0. The things on the front page right now talk about the monthly newsletter and some new trustees of the Gentoo foundation.

I know it’s free software and I shouldn’t complain, but for those of us who make our living using Gentoo, it’s a bit annoying to say the least. You won’t need trustees of a foundation if there’s no foundation … because everyone goes somewhere else because the distro is updated less often than a phone book comes out.

Did something I wrote help you out?

That's great! I don't earn any money from this site - I run no ads, sell no products and participate in no affiliate programs. I do this solely because it's fun; I enjoy writing and sharing what I learn.

All the same, if you found this article helpful and want to show your appreciation, here's my Amazon.com wishlist.

Read More

Internal Auto-Renewing LetsEncrypt Certificates

I have a well-documented obsession with pretty URLs, and this extends even to my internal home network. I have way too much stuff bouncing around in my head to have to remember IP addresses when a domain name is much easier to remember. LetsEncrypt launched to offer free SSL certificates to anyone, but the most crucial feature of their infrastructure, and one someone should have figured out before then, was scriptable automatically renewing certificates. Basically they validate you do in fact own the domain using automated methods, then issue you the new certificate. Thus, your certificates can be renewed on a schedule with no interaction from you. Traditionally, they have done this by placing a file in the webroot and looking for that file before issuing the certificate (see my earlier blog post about Zero Downtime nginx Letsencrypt Certificate Renewals Without the nginx Plugin for more detail about this.) But what happens when you want to issue an internal certificate? One for a service that is not accessible to the outside world, and thus, not visible using the webroot method? Well, it turns out there is a solution for that too!

Incrementally Migrating from Apache to nginx

I am currently in the process of migrating a bunch of sites on this machine from Apache to nginx. Rather than take everything down and migrate it all at once, I wanted to do this incrementally. But that raises a question: how do you incrementally migrate site configs from one to the other on the same machine, since both servers will need to be running and listening on ports 80 and 443? The solution I came up with was to move Apache to different ports (8080 and 4443) and to set the default nginx config to be a reverse proxy!