1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries tagged english
</title>
5 <description>Entries tagged english
</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>The sorry state of multimedia browser plugins in Debian
</title>
11 <link>http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</guid>
13 <pubDate>Tue,
25 Nov
2008 00:
10:
00 +
0100</pubDate>
15 <p
>Recently I have spent some time evaluating the multimedia browser
16 plugins available in Debian Lenny, to see which one we should use by
17 default in Debian Edu. We need an embedded video playing plugin with
18 control buttons to pause or stop the video, and capable of streaming
19 all the multimedia content available on the web. The test results and
20 notes are available on
21 <a href=
"http://wiki.debian.org/DebianEdu/BrowserMultimedia
">the
22 Debian wiki
</a
>. I was surprised how few of the plugins are able to
23 fill this need. My personal video player favorite, VLC, has a really
24 bad plugin which fail on a lot of the test pages. A lot of the MIME
25 types I would expect to work with any free software player (like
26 video/ogg), just do not work. And simple formats like the
27 audio/x-mplegurl format (m3u playlists), just isn
't supported by the
28 totem and vlc plugins. I hope the situation will improve soon. No
29 wonder sites use the proprietary Adobe flash to play video.
</p
>
31 <p
>For Lenny, we seem to end up with the mplayer plugin. It seem to
32 be the only one fitting our needs. :/
</p
>
37 <title>Devcamp brought us closer to the Lenny based Debian Edu release
</title>
38 <link>http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</link>
39 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</guid>
40 <pubDate>Sun,
7 Dec
2008 12:
00:
00 +
0100</pubDate>
42 <p
>This weekend we had a small developer gathering for Debian Edu in
43 Oslo. Most of Saturday was used for the general assemly for the
44 member organization, but the rest of the weekend I used to tune the
45 LTSP installation. LTSP now work out of the box on the
10-network.
46 Acer Aspire One proved to be a very nice thin client, with both
47 screen, mouse and keybard in a small box. Was working on getting the
48 diskless workstation setup configured out of the box, but did not
49 finish it before the weekend was up.
</p
>
51 <p
>Did not find time to look at the
4 VGA cards in one box we got from
52 the Brazilian group, so that will have to wait for the next
53 development gathering. Would love to have the Debian Edu installer
54 automatically detect and configure a multiseat setup when it find one
55 of these cards.
</p
>
60 <title>Software video mixer on a USB stick
</title>
61 <link>http://people.skolelinux.org/pere/blog/Software_video_mixer_on_a_USB_stick.html
</link>
62 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Software_video_mixer_on_a_USB_stick.html
</guid>
63 <pubDate>Sun,
28 Dec
2008 15:
40:
00 +
0100</pubDate>
65 <p
>The
<a href=
"http://www.nuug.no/
">Norwegian Unix User Group
</a
> is
66 recording our montly presentation on video, and recently we have
67 worked on improving the quality of the recordings by mixing the slides
68 directly with the video stream. For this, we use the
69 <a href=
"http://dvswitch.alioth.debian.org/
">dvswitch
</a
> package from
70 the Debian video team. As this require quite one computer per video
71 source, and NUUG do not have enough laptops available, we need to
72 borrow laptops. And to avoid having to install extra software on
73 these borrwed laptops, I have wrapped up all the programs needed on a
74 bootable USB stick. The software required is dvswitch with assosiated
75 source, sink and mixer applications and
76 <a href=
"http://www.kinodv.org/
">dvgrab
</a
>. To allow this setup to
77 work without any configuration, I
've patched dvswitch to use
78 <a href=
"http://www.avahi.org/
">avahi
</a
> to connect the various parts
79 together. And to allow us to use laptops without firewire plugs, I
80 upgraded dvgrab to the one from Debian/unstable to get one that work
81 with USB sources. We have not yet tested this setup in a production
82 setup, but I hope it will work properly, and allow us to set up a
83 video mixer in a very short time frame. We will need it for
84 <a href=
"http://www.goopen.no/
">Go Open
2009</a
>.
</p
>
86 <p
><a href=
"http://www.nuug.no/pub/video/bin/usbstick-dvswitch.img.gz
">The
87 USB image
</a
> is for a
1 GB memory stick, but can be used on any
88 larger stick as well.
</p
>
93 <title>When web browser developers make a video player...
</title>
94 <link>http://people.skolelinux.org/pere/blog/When_web_browser_developers_make_a_video_player___.html
</link>
95 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/When_web_browser_developers_make_a_video_player___.html
</guid>
96 <pubDate>Sat,
17 Jan
2009 18:
50:
00 +
0100</pubDate>
98 <p
>As part of the work we do in
<a href=
"http://www.nuug.no
">NUUG
</a
>
99 to publish video recordings of our monthly presentations, we provide a
100 page with embedded video for easy access to the recording. Putting a
101 good set of HTML tags together to get working embedded video in all
102 browsers and across all operating systems is not easy. I hope this
103 will become easier when the
&lt;video
&gt; tag is implemented in all
104 browsers, but I am not sure. We provide the recordings in several
105 formats, MPEG1, Ogg Theora, H
.264 and Quicktime, and want the
106 browser/media plugin to pick one it support and use it to play the
107 recording, using whatever embed mechanism the browser understand.
108 There is at least four different tags to use for this, the new HTML5
109 &lt;video
&gt; tag, the
&lt;object
&gt; tag, the
&lt;embed
&gt; tag and
110 the
&lt;applet
&gt; tag. All of these take a lot of options, and
111 finding the best options is a major challenge.
</p
>
113 <p
>I just tested the experimental Opera browser available from
<a
114 href=
"http://labs.opera.com
">labs.opera.com
</a
>, to see how it handled
115 a
&lt;video
&gt; tag with a few video sources and no extra attributes.
116 I was not very impressed. The browser start by fetching a picture
117 from the video stream. Not sure if it is the first frame, but it is
118 definitely very early in the recording. So far, so good. Next,
119 instead of streaming the
76 MiB video file, it start to download all
120 of it, but do not start to play the video. This mean I have to wait
121 for several minutes for the downloading to finish. When the download
122 is done, the playing of the video do not start! Waiting for the
123 download, but I do not get to see the video? Some testing later, I
124 discover that I have to add the controls=
"true
" attribute to be able
125 to get a play button to pres to start the video. Adding
126 autoplay=
"true
" did not help. I sure hope this is a misfeature of the
127 test version of Opera, and that future implementations of the
128 &lt;video
&gt; tag will stream recordings by default, or at least start
129 playing when the download is done.
</p
>
131 <p
>The test page I used (since changed to add more attributes) is
132 <a href=
"http://www.nuug.no/aktiviteter/
20090113-foredrag-om-foredrag/
">available
133 from the nuug site
</a
>. Will have to test it with the new Firefox
136 <p
>In the test process, I discovered a missing feature. I was unable
137 to find a way to get the URL of the playing video out of Opera, so I
138 am not quite sure it picked the Ogg Theora version of the video. I
139 sure hope it was using the announced Ogg Theora support. :)
</p
>
144 <title>Using bar codes at a computing center
</title>
145 <link>http://people.skolelinux.org/pere/blog/Using_bar_codes_at_a_computing_center.html
</link>
146 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Using_bar_codes_at_a_computing_center.html
</guid>
147 <pubDate>Fri,
20 Feb
2009 08:
50:
00 +
0100</pubDate>
149 <p
>At work with the University of Oslo, we have several hundred computers
150 in our computing center. This give us a challenge in tracking the
151 location and cabling of the computers, when they are added, moved and
152 removed. Some times the location register is not updated when a
153 computer is inserted or moved and we then have to search the room for
154 the
"missing
" computer.
</p
>
156 <p
>In the last issue of Linux Journal, I came across a project
157 <a href=
"http://www.libdmtx.org/
">libdmtx
</a
> to write and read bar
158 code blocks as defined in the
159 <a href=
"http://en.wikipedia.org/wiki/Data_Matrix
">The Data Matrix
160 Standard
</a
>. This is bar codes that can be read with a normal
161 digital camera, for example that on a cell phone, and several such bar
162 codes can be read by libdmtx from one picture. The bar code standard
163 allow up to
2 KiB to be written in the tag. There is another project
164 with
<a href=
"http://www.terryburton.co.uk/barcodewriter/
">a bar code
165 writer written in postscript
</a
> capable of creating such bar codes,
166 but this was the first time I found a tool to read these bar
169 <p
>It occurred to me that this could be used to tag and track the
170 machines in our computing center. If both racks and computers are
171 tagged this way, we can use a picture of the rack and all its
172 computers to detect the rack location of any computer in that rack.
173 If we do this regularly for the entire room, we will find all
174 locations, and can detect movements and removals.
</p
>
176 <p
>I decided to test if this would work in practice, and picked a
177 random rack and tagged all the machines with their names. Next, I
178 took pictures with my digital camera, and gave the dmtxread program
179 these JPEG pictures to see how many tags it could read. This worked
180 fairly well. If the pictures was well focused and not taken from the
181 side, all tags in the image could be read. Because of limited space
182 between the racks, I was unable to get a good picture of the entire
183 rack, but could without problem read all tags from a picture covering
184 about half the rack. I had to limit the search time used by dmtxread
185 to
60000 ms to make sure it terminated in a reasonable time frame.
</p
>
187 <p
>My conclusion is that this could work, and we should probably look
188 at adjusting our computer tagging procedures to use bar codes for
189 easier automatic tracking of computers.
</p
>
194 <title>Checking server hardware support status for Dell, HP and IBM servers
</title>
195 <link>http://people.skolelinux.org/pere/blog/Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html
</link>
196 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Checking_server_hardware_support_status_for_Dell__HP_and_IBM_servers.html
</guid>
197 <pubDate>Sat,
28 Feb
2009 23:
50:
00 +
0100</pubDate>
199 <p
>At work, we have a few hundred Linux servers, and with that amount
200 of hardware it is important to keep track of when the hardware support
201 contract expire for each server. We have a machine (and service)
202 register, which until recently did not contain much useful besides the
203 machine room location and contact information for the system owner for
204 each machine. To make it easier for us to track support contract
205 status, I
've recently spent time on extending the machine register to
206 include information about when the support contract expire, and to tag
207 machines with expired contracts to make it easy to get a list of such
208 machines. I extended a perl script already being used to import
209 information about machines into the register, to also do some screen
210 scraping off the sites of Dell, HP and IBM (our majority of machines
211 are from these vendors), and automatically check the support status
212 for the relevant machines. This make the support status information
213 easily available and I hope it will make it easier for the computer
214 owner to know when to get new hardware or renew the support contract.
215 The result of this work documented that
27% of the machines in the
216 registry is without a support contract, and made it very easy to find
217 them.
27% might seem like a lot, but I see it more as the case of us
218 using machines a bit longer than the
3 years a normal support contract
219 last, to have test machines and a platform for less important
220 services. After all, the machines without a contract are working fine
221 at the moment and the lack of contract is only a problem if any of
222 them break down. When that happen, we can either fix it using spare
223 parts from other machines or move the service to another old
226 <p
>I believe the code for screen scraping the Dell site was originally
227 written by Trond Hasle Amundsen, and later adjusted by me and Morten
228 Werner Forsbring. The HP scraping was written by me after reading a
229 nice article in ;login: about how to use WWW::Mechanize, and the IBM
230 scraping was written by me based on the Dell code. I know the HTML
231 parsing could be done using nice libraries, but did not want to
232 introduce more dependencies. This is the current incarnation:
</p
>
240 sub get_support_info {
241 my ($machine, $model, $serial, $productnumber) = @_;
244 if ( $model =~ m/^Dell / ) {
245 # fetch website from Dell support
246 my $url =
"http://support.euro.dell.com/support/topics/topic.aspx/emea/shared/support/my_systems_info/no/details?c=no
&amp;cs=nodhs1
&amp;l=no
&amp;s=dhs
&amp;ServiceTag=$serial
";
247 my $webpage = get($url);
248 return undef unless ($webpage);
251 my @lines = split(/\n/, $webpage);
252 foreach my $line (@lines) {
253 next unless ($line =~ m/Beskrivelse/);
254 $line =~ s/
&lt;[^
>]+?
>/;/gm;
255 $line =~ s/^.+?;(Beskrivelse;)/$
1/;
257 my @f = split(/\;/, $line);
259 my $lastend =
"";
260 while ($f[
3] eq
"DELL
") {
261 my ($type, $startstr, $endstr, $days) = @f[
0,
5,
7,
10];
263 my $start = POSIX::strftime(
"%Y-%m-%d
",
264 localtime(str2time($startstr)));
265 my $end = POSIX::strftime(
"%Y-%m-%d
",
266 localtime(str2time($endstr)));
267 $str .=
"$type $start -
> $end
";
269 $lastend = $end if ($end gt $lastend);
271 my $today = POSIX::strftime(
"%Y-%m-%d
", localtime(time));
272 tag_machine_unsupported($machine)
273 if ($lastend lt $today);
275 } elsif ( $model =~ m/^HP / ) {
276 my $mech = WWW::Mechanize-
>new();
278 'http://www1.itrc.hp.com/service/ewarranty/warrantyInput.do
';
281 'BODServiceID
' =
> 'NA
',
282 'RegisteredPurchaseDate
' =
> '',
283 'country
' =
> 'NO
',
284 'productNumber
' =
> $productnumber,
285 'serialNumber1
' =
> $serial,
287 $mech-
>submit_form( form_number =
> 2,
288 fields =
> $fields );
289 # Next step is screen scraping
290 my $content = $mech-
>content();
292 $content =~ s/
&lt;[^
>]+?
>/;/gm;
293 $content =~ s/\s+/ /gm;
294 $content =~ s/;\s*;/;;/gm;
295 $content =~ s/;[\s;]+/;/gm;
297 my $today = POSIX::strftime(
"%Y-%m-%d
", localtime(time));
299 while ($content =~ m/;Warranty Type;/) {
300 my ($type, $status, $startstr, $stopstr) = $content =~
301 m/;Warranty Type;([^;]+);.+?;Status;(\w+);Start Date;([^;]+);End Date;([^;]+);/;
302 $content =~ s/^.+?;Warranty Type;//;
303 my $start = POSIX::strftime(
"%Y-%m-%d
",
304 localtime(str2time($startstr)));
305 my $end = POSIX::strftime(
"%Y-%m-%d
",
306 localtime(str2time($stopstr)));
308 $str .=
"$type ($status) $start -
> $end
";
310 tag_machine_unsupported($machine)
313 } elsif ( $model =~ m/^IBM / ) {
314 # This code ignore extended support contracts.
315 my ($producttype) = $model =~ m/.*-\[(.{
4}).+\]-/;
316 if ($producttype
&amp;
&amp; $serial) {
318 get(
"http://www-
947.ibm.com/systems/support/supportsite.wss/warranty?action=warranty
&amp;brandind=
5000008&amp;Submit=Submit
&amp;type=$producttype
&amp;serial=$serial
");
320 $content =~ s/
&lt;[^
>]+?
>/;/gm;
321 $content =~ s/\s+/ /gm;
322 $content =~ s/;\s*;/;;/gm;
323 $content =~ s/;[\s;]+/;/gm;
325 $content =~ s/^.+?;Warranty status;//;
326 my ($status, $end) = $content =~ m/;Warranty status;([^;]+)\s*;Expiration date;(\S+) ;/;
328 $str .=
"($status) -
> $end
";
330 my $today = POSIX::strftime(
"%Y-%m-%d
", localtime(time));
331 tag_machine_unsupported($machine)
340 <p
>Here are some examples on how to use the function, using fake
341 serial numbers. The information passed in as arguments are fetched
342 from dmidecode.
</p
>
345 print get_support_info(
"hp.host
",
"HP ProLiant BL460c G1
",
"1234567890"
346 "447707-B21
");
347 print get_support_info(
"dell.host
",
"Dell Inc. PowerEdge
2950",
"1234567");
348 print get_support_info(
"ibm.host
",
"IBM eserver xSeries
345 -[
867061X]-
",
349 "1234567");
352 <p
>I would recommend this approach for tracking support contracts for
353 everyone with more than a few computers to administer. :)
</p
>
355 <p
>Update
2009-
03-
06: The IBM page do not include extended support
356 contracts, so it is useless in that case. The original Dell code do
357 not handle extended support contracts either, but has been updated to
363 <title>Time for new LDAP schemas replacing RFC
2307?
</title>
364 <link>http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</link>
365 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</guid>
366 <pubDate>Sun,
29 Mar
2009 20:
30:
00 +
0200</pubDate>
368 <p
>The state of standardized LDAP schemas on Linux is far from
369 optimal. There is RFC
2307 documenting one way to store NIS maps in
370 LDAP, and a modified version of this normally called RFC
2307bis, with
371 some modifications to be compatible with Active Directory. The RFC
372 specification handle the content of a lot of system databases, but do
373 not handle DNS zones and DHCP configuration.
</p
>
375 <p
>In
<a href=
"http://www.skolelinux.org/
">Debian Edu/Skolelinux
</a
>,
376 we would like to store information about users, SMB clients/hosts,
377 filegroups, netgroups (users and hosts), DHCP and DNS configuration,
378 and LTSP configuration in LDAP. These objects have a lot in common,
379 but with the current LDAP schemas it is not possible to have one
380 object per entity. For example, one need to have at least three LDAP
381 objects for a given computer, one with the SMB related stuff, one with
382 DNS information and another with DHCP information. The schemas
383 provided for DNS and DHCP are impossible to combine into one LDAP
384 object. In addition, it is impossible to implement quick queries for
385 netgroup membership, because of the way NIS triples are implemented.
386 It just do not scale. I believe it is time for a few RFC
387 specifications to cleam up this mess.
</p
>
389 <p
>I would like to have one LDAP object representing each computer in
390 the network, and this object can then keep the SMB (ie host key), DHCP
391 (mac address/name) and DNS (name/IP address) settings in one place.
392 It need to be efficently stored to make sure it scale well.
</p
>
394 <p
>I would also like to have a quick way to map from a user or
395 computer and to the net group this user or computer is a member.
</p
>
397 <p
>Active Directory have done a better job than unix heads like myself
398 in this regard, and the unix side need to catch up. Time to start a
399 new IETF work group?
</p
>
404 <title>Returning from Skolelinux developer gathering
</title>
405 <link>http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</link>
406 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</guid>
407 <pubDate>Sun,
29 Mar
2009 21:
00:
00 +
0200</pubDate>
409 <p
>I
'm sitting on the train going home from this weekends Debian
410 Edu/Skolelinux development gathering. I got a bit done tuning the
411 desktop, and looked into the dynamic service location protocol
412 implementation avahi. It look like it could be useful for us. Almost
413 30 people participated, and I believe it was a great environment to
414 get to know the Skolelinux system. Walter Bender, involved in the
415 development of the Sugar educational platform, presented his stuff and
416 also helped me improve my OLPC installation. He also showed me that
417 his Turtle Art application can be used in standalone mode, and we
418 agreed that I would help getting it packaged for Debian. As a
419 standalone application it would be great for Debian Edu. We also
420 tried to get the video conferencing working with two OLPCs, but that
421 proved to be too hard for us. The application seem to need more work
422 before it is ready for me. I look forward to getting home and relax
428 <title>Standardize on protocols and formats, not vendors and applications
</title>
429 <link>http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</link>
430 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</guid>
431 <pubDate>Mon,
30 Mar
2009 11:
50:
00 +
0200</pubDate>
433 <p
>Where I work at the University of Oslo, one decision stand out as a
434 very good one to form a long lived computer infrastructure. It is the
435 simple one, lost by many in todays computer industry: Standardize on
436 open network protocols and open exchange/storage formats, not applications.
437 Applications come and go, while protocols and files tend to stay, and
438 thus one want to make it easy to change application and vendor, while
439 avoiding conversion costs and locking users to a specific platform or
440 application.
</p
>
442 <p
>This approach make it possible to replace the client applications
443 independently of the server applications. One can even allow users to
444 use several different applications as long as they handle the selected
445 protocol and format. In the normal case, only one client application
446 is recommended and users only get help if they choose to use this
447 application, but those that want to deviate from the easy path are not
448 blocked from doing so.
</p
>
450 <p
>It also allow us to replace the server side without forcing the
451 users to replace their applications, and thus allow us to select the
452 best server implementation at any moment, when scale and resouce
453 requirements change.
</p
>
455 <p
>I strongly recommend standardizing - on open network protocols and
456 open formats, but I would never recommend standardizing on a single
457 application that do not use open network protocol or open formats.
</p
>
462 <title>Recording video from cron using VLC
</title>
463 <link>http://people.skolelinux.org/pere/blog/Recording_video_from_cron_using_VLC.html
</link>
464 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Recording_video_from_cron_using_VLC.html
</guid>
465 <pubDate>Sun,
5 Apr
2009 10:
00:
00 +
0200</pubDate>
467 <p
>One think I have wanted to figure out for a along time is how to
468 run vlc from cron to do recording of video streams on the net. The
469 task is trivial with mplayer, but I do not really trust the security
470 of mplayer (it crashes too often on strange input), and thus prefer
471 vlc. I finally found a way to do it today. I spent an hour or so
472 searching the web for recipes and reading the documentation. The
473 hardest part was to get rid of the GUI window, but after finding the
474 dummy interface, the command line finally presented itself:
</p
>
476 <blockquote
><pre
>URL=http://www.ping.uio.no/video/rms-oslo_2009.ogg
478 DISPLAY= vlc -q $URL \
479 --sout=
"#duplicate{dst=std{access=file,url=
'$SAVEFILE
'},dst=nodisplay}
" \
480 --intf=dummy
</pre
></blockquote
>
482 <p
>The command stream the URL and store it in the SAVEFILE by
483 duplicating the output stream to
"nodisplay
" and the file, using the
484 dummy interface. The dummy interface and the nodisplay output make
485 sure no X interface is needed.
</p
>
487 <p
>The cron job then need to start this job with the appropriate URL
488 and file name to save, sleep for the duration wanted, and then kill
489 the vlc process with SIGTERM. Here is a complete script
490 <tt
>vlc-record
</tt
> to use from
<tt
>at
</tt
> or
<tt
>cron
</tt
>:
</p
>
492 <blockquote
><pre
>#!/bin/sh
495 SAVEFILE=
"$
2"
496 DURATION=
"$
3"
497 DISPLAY= vlc -q
"$URL
" \
498 --sout=
"#duplicate{dst=std{access=file,url=
'$SAVEFILE
'},dst=nodisplay}
" \
499 --intf=dummy
< /dev/null
> /dev/null
2>&1 &
503 wait $pid
</pre
></blockquote
>
508 <title>No patch is not better than a useless patch
</title>
509 <link>http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</link>
510 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</guid>
511 <pubDate>Tue,
28 Apr
2009 09:
30:
00 +
0200</pubDate>
513 <p
>Julien Blache
514 <a href=
"http://blog.technologeek.org/
2009/
04/
12/
214">claim that no
515 patch is better than a useless patch
</a
>. I completely disagree, as a
516 patch allow one to discuss a concrete and proposed solution, and also
517 prove that the issue at hand is important enough for someone to spent
518 time on fixing it. No patch do not provide any of these positive
519 properties.
</p
>
524 <title>Two projects that have improved the quality of free software a lot
</title>
525 <link>http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</link>
526 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</guid>
527 <pubDate>Sat,
2 May
2009 15:
00:
00 +
0200</pubDate>
529 <p
>There are two software projects that have had huge influence on the
530 quality of free software, and I wanted to mention both in case someone
531 do not yet know them.
</p
>
533 <p
>The first one is
<a href=
"http://valgrind.org/
">valgrind
</a
>, a
534 tool to detect and expose errors in the memory handling of programs.
535 It is easy to use, all one need to do is to run
'valgrind program
',
536 and it will report any problems on stdout. It is even better if the
537 program include debug information. With debug information, it is able
538 to report the source file name and line number where the problem
539 occurs. It can report things like
'reading past memory block in file
540 X line N, the memory block was allocated in file Y, line M
', and
541 'using uninitialised value in control logic
'. This tool has made it
542 trivial to investigate reproducible crash bugs in programs, and have
543 reduced the number of this kind of bugs in free software a lot.
545 <p
>The second one is
546 <a href=
"http://en.wikipedia.org/wiki/Coverity
">Coverity
</a
> which is
547 a source code checker. It is able to process the source of a program
548 and find problems in the logic without running the program. It
549 started out as the Stanford Checker and became well known when it was
550 used to find bugs in the Linux kernel. It is now a commercial tool
551 and the company behind it is running
552 <a href=
"http://www.scan.coverity.com/
">a community service
</a
> for the
553 free software community, where a lot of free software projects get
554 their source checked for free. Several thousand defects have been
555 found and fixed so far. It can find errors like
'lock L taken in file
556 X line N is never released if exiting in line M
', or
'the code in file
557 Y lines O to P can never be executed
'. The projects included in the
558 community service project have managed to get rid of a lot of
559 reliability problems thanks to Coverity.
</p
>
561 <p
>I believe tools like this, that are able to automatically find
562 errors in the source, are vital to improve the quality of software and
563 make sure we can get rid of the crashing and failing software we are
564 surrounded by today.
</p
>
569 <title>Debian boots quicker and quicker
</title>
570 <link>http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</link>
571 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</guid>
572 <pubDate>Wed,
24 Jun
2009 21:
40:
00 +
0200</pubDate>
574 <p
>I spent Monday and tuesday this week in London with a lot of the
575 people involved in the boot system on Debian and Ubuntu, to see if we
576 could find more ways to speed up the boot system. This was an Ubuntu
578 <a href=
"https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint
">developer
579 gathering
</a
>. It was quite productive. We also discussed the future
580 of boot systems, and ways to handle the increasing number of boot
581 issues introduced by the Linux kernel becoming more and more
582 asynchronous and event base. The Ubuntu approach using udev and
583 upstart might be a good way forward. Time will show.
</p
>
585 <p
>Anyway, there are a few ways at the moment to speed up the boot
586 process in Debian. All of these should be applied to get a quick
591 <li
>Use dash as /bin/sh.
</li
>
593 <li
>Disable the init.d/hwclock*.sh scripts and make sure the hardware
594 clock is in UTC.
</li
>
596 <li
>Install and activate the insserv package to enable
597 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
598 based boot sequencing
</a
>, and enable concurrent booting.
</li
>
602 These points are based on the Google summer of code work done by
603 <a href=
"http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/
">Carlos
606 <p
>Support for makefile-style concurrency during boot was uploaded to
607 unstable yesterday. When we tested it, we were able to cut
6 seconds
608 from the boot sequence. It depend on very correct dependency
609 declaration in all init.d scripts, so I expect us to find edge cases
610 where the dependences in some scripts are slightly wrong when we start
611 using this.
</p
>
613 <p
>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
614 introduced by Raphael Geissert today, one that could affect the
615 startup speed as well. Instead of starting some scripts concurrently
616 from rcS.d/ and another set of scripts from rc2.d/, it would be
617 possible to run a of them in the same process. A quick way to test
618 this would be to enable insserv and run
'mv /etc/rc2.d/S* /etc/rcS.d/;
619 insserv
'. Will need to test if that work. :)
</p
>
624 <title>Taking over sysvinit development
</title>
625 <link>http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</link>
626 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</guid>
627 <pubDate>Wed,
22 Jul
2009 23:
00:
00 +
0200</pubDate>
629 <p
>After several years of frustration with the lack of activity from
630 the existing sysvinit upstream developer, I decided a few weeks ago to
631 take over the package and become the new upstream. The number of
632 patches to track for the Debian package was becoming a burden, and the
633 lack of synchronization between the distribution made it hard to keep
634 the package up to date.
</p
>
636 <p
>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
637 and my Debian co-maintainer Kel Modderman. About
10 days ago, I made
638 a new upstream tarball with version number
2.87dsf (for Debian, SuSe
639 and Fedora), based on the patches currently in use in these
640 distributions. We Debian maintainers plan to move to this tarball as
641 the new upstream as soon as we find time to do the merge. Since the
642 new tarball was created, we agreed with Werner at SuSe to make a new
643 upstream project at
<a href=
"http://savannah.nongnu.org/
">Savannah
</a
>, and continue
644 development there. The project is registered and currently waiting
645 for approval by the Savannah administrators, and as soon as it is
646 approved, we will import the old versions from svn and continue
647 working on the future release.
</p
>
649 <p
>It is a bit ironic that this is done now, when some of the involved
650 distributions are moving to upstart as a syvinit replacement.
</p
>
655 <title>Debian has switched to dependency based boot sequencing
</title>
656 <link>http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</link>
657 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</guid>
658 <pubDate>Mon,
27 Jul
2009 23:
50:
00 +
0200</pubDate>
660 <p
>Since this evening, with the upload of sysvinit version
2.87dsf-
2,
661 and the upload of insserv version
1.12.0-
10 yesterday, Debian unstable
662 have been migrated to using dependency based boot sequencing. This
663 conclude work me and others have been doing for the last three days.
664 It feels great to see this finally part of the default Debian
665 installation. Now we just need to weed out the last few problems that
666 are bound to show up, to get everything ready for Squeeze.
</p
>
668 <p
>The next step is migrating /sbin/init from sysvinit to upstart, and
669 fixing the more fundamental problem of handing the event based
670 non-predictable kernel in the early boot.
</p
>
675 <title>ISO still hope to fix OOXML
</title>
676 <link>http://people.skolelinux.org/pere/blog/ISO_still_hope_to_fix_OOXML.html
</link>
677 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/ISO_still_hope_to_fix_OOXML.html
</guid>
678 <pubDate>Sat,
8 Aug
2009 14:
00:
00 +
0200</pubDate>
680 <p
>According to
<a
681 href=
"http://twerner.blogspot.com/
2009/
08/defects-of-office-open-xml.html
">a
682 blog post from Torsten Werner
</a
>, the current defect report for ISO
683 29500 (ISO OOXML) is
809 pages. His interesting point is that the
684 defect report is
71 pages more than the full ODF
1.1 specification.
685 Personally I find it more interesting that ISO still believe ISO OOXML
686 can be fixed in ISO. Personally, I believe it is broken beyon repair,
687 and I completely lack any trust in ISO for being able to get anywhere
688 close to solving the problems. I was part of the Norwegian committee
689 involved in the OOXML fast track process, and was not impressed with
690 Standard Norway and ISO in how they handled it.
</p
>
692 <p
>These days I focus on ODF instead, which seem like a specification
693 with the future ahead of it. We are working in NUUG to organise a ODF
694 seminar this autumn.
</p
>
699 <title>Relative popularity of document formats (MS Office vs. ODF)
</title>
700 <link>http://people.skolelinux.org/pere/blog/Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html
</link>
701 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html
</guid>
702 <pubDate>Wed,
12 Aug
2009 15:
50:
00 +
0200</pubDate>
704 <p
>Just for fun, I did a search right now on Google for a few file ODF
705 and MS Office based formats (not to be mistaken for ISO or ECMA
706 OOXML), to get an idea of their relative usage. I searched using
707 'filetype:odt
' and equvalent terms, and got these results:
</P
>
710 <tr
><th
>Type
</th
><th
>ODF
</th
><th
>MS Office
</th
></tr
>
711 <tr
><td
>Tekst
</td
> <td
>odt:
282000</td
> <td
>docx:
308000</td
></tr
>
712 <tr
><td
>Presentasjon
</td
> <td
>odp:
75600</td
> <td
>pptx:
183000</td
></tr
>
713 <tr
><td
>Regneark
</td
> <td
>ods:
26500 </td
> <td
>xlsx:
145000</td
></tr
>
716 <p
>Next, I added a
'site:no
' limit to get the numbers for Norway, and
717 got these numbers:
</p
>
720 <tr
><th
>Type
</th
><th
>ODF
</th
><th
>MS Office
</th
></tr
>
721 <tr
><td
>Tekst
</td
> <td
>odt:
2480 </td
> <td
>docx:
4460</td
></tr
>
722 <tr
><td
>Presentasjon
</td
> <td
>odp:
299 </td
> <td
>pptx:
741</td
></tr
>
723 <tr
><td
>Regneark
</td
> <td
>ods:
187 </td
> <td
>xlsx:
372</td
></tr
>
726 <p
>I wonder how these numbers change over time.
</p
>
728 <p
>I am aware of Google returning different results and numbers based
729 on where the search is done, so I guess these numbers will differ if
730 they are conduced in another country. Because of this, I did the same
731 search from a machine in California, USA, a few minutes after the
732 search done from a machine here in Norway.
</p
>
736 <tr
><th
>Type
</th
><th
>ODF
</th
><th
>MS Office
</th
></tr
>
737 <tr
><td
>Tekst
</td
> <td
>odt:
129000</td
> <td
>docx:
308000</td
></tr
>
738 <tr
><td
>Presentasjon
</td
> <td
>odp:
44200</td
> <td
>pptx:
93900</td
></tr
>
739 <tr
><td
>Regneark
</td
> <td
>ods:
26500 </td
> <td
>xlsx:
82400</td
></tr
>
742 <p
>And with
'site:no
':
745 <tr
><th
>Type
</th
><th
>ODF
</th
><th
>MS Office
</th
></tr
>
746 <tr
><td
>Tekst
</td
> <td
>odt:
2480</td
> <td
>docx:
3410</td
></tr
>
747 <tr
><td
>Presentasjon
</td
> <td
>odp:
175</td
> <td
>pptx:
604</td
></tr
>
748 <tr
><td
>Regneark
</td
> <td
>ods:
186 </td
> <td
>xlsx:
296</td
></tr
>
751 <p
>Interesting difference, not sure what to conclude from these
757 <title>Automatic Munin and Nagios configuration
</title>
758 <link>http://people.skolelinux.org/pere/blog/Automatic_Munin_and_Nagios_configuration.html
</link>
759 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatic_Munin_and_Nagios_configuration.html
</guid>
760 <pubDate>Wed,
27 Jan
2010 15:
15:
00 +
0100</pubDate>
762 <p
>One of the new features in the next Debian/Lenny based release of
763 Debian Edu/Skolelinux, which is scheduled for release in the next few
764 days, is automatic configuration of the service monitoring system
765 Nagios. The previous release had automatic configuration of trend
766 analysis using Munin, and this Lenny based release take that a step
769 <p
>When installing a Debian Edu Main-server, it is automatically
770 configured as a Munin and Nagios server. In addition, it is
771 configured to be a server for the
772 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">SiteSummary
773 system
</a
> I have written for use in Debian Edu. The SiteSummary
774 system is inspired by a system used by the University of Oslo where I
775 work. In short, the system provide a centralised collector of
776 information about the computers on the network, and a client on each
777 computer submitting information to this collector. This allow for
778 automatic information on which packages are installed on each machine,
779 which kernel the machines are using, what kind of configuration the
780 packages got etc. This also allow us to automatically generate Munin
781 and Nagios configuration.
</p
>
783 <p
>All computers reporting to the sitesummary collector with the
784 munin-node package installed is automatically enabled as a Munin
785 client and graphs from the statistics collected from that machine show
786 up automatically on http://www/munin/ on the Main-server.
</p
>
788 <p
>All non-laptop computers reporting to the sitesummary collector are
789 automatically monitored for network presence (ping and any network
790 services detected). In addition, all computers (also laptops) with
791 the nagios-nrpe-server package installed and configured the way
792 sitesummary would configure it, are monitored for full disks, software
793 raid status, swap free and other checks that need to run locally on
794 the machine.
</p
>
796 <p
>The result is that the administrator on a school using Debian Edu
797 based on Lenny will be able to check the health of his installation
798 with one look at the Nagios settings, without having to spend any time
799 keeping the Nagios configuration up-to-date.
</p
>
801 <p
>The only configuration one need to do to get Nagios up and running
802 is to set the password used to get access via HTTP. The system
803 administrator need to run
"<tt
>htpasswd /etc/nagios3/htpasswd.users
804 nagiosadmin
</tt
>" to create a nagiosadmin user and set a password for
805 it to be able to log into the Nagios web pages. After that,
806 everything is taken care of.
</p
>
811 <title>Debian Edu / Skolelinux based on Lenny released, work continues
</title>
812 <link>http://people.skolelinux.org/pere/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
</link>
813 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html
</guid>
814 <pubDate>Thu,
11 Feb
2010 17:
15:
00 +
0100</pubDate>
816 <p
>On Tuesday, the Debian/Lenny based version of
817 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
> was finally
818 shipped. This was a major leap forward for the project, and I am very
819 pleased that we finally got the release wrapped up. Work on the first
820 point release starts imediately, as we plan to get that one out a
821 month after the major release, to include all fixes for bugs we found
822 and fixed too late in the release process to include last Tuesday.
</p
>
824 <p
>Perhaps it even is time for some partying?
</p
>
826 <p
>After this first point release, my plan is to focus again on the
827 next major release, based on Squeeze. We will try to get as many of
828 the fixes we need into the official Debian packages before the freeze,
829 and have just a few weeks or months to make it happen.
</p
>
834 <title>After
6 years of waiting, the Xreset.d feature is implemented
</title>
835 <link>http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
</link>
836 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html
</guid>
837 <pubDate>Sat,
6 Mar
2010 18:
15:
00 +
0100</pubDate>
839 <p
>6 years ago, as part of the Debian Edu development I am involved
840 in, I asked for a hook in the kdm and gdm setup to run scripts as root
841 when the user log out. A bug was submitted against the xfree86-common
842 package in
2004 (
<a href=
"http://bugs.debian.org/
230422">#
230422</a
>),
843 and revisited every time Debian Edu was working on a new release.
844 Today, this finally paid off.
</p
>
846 <p
>The framework for this feature was today commited to the git
847 repositry for the xorg package, and the git repository for xdm has
848 been updated to use this framework. Next on my agenda is to make sure
849 kdm and gdm also add code to use this framework.
</p
>
851 <p
>In Debian Edu, we want to ability to run commands as root when the
852 user log out, to get rid of runaway processes and do general cleanup
853 after a user. With this framework in place, we finally can do that in
854 a generic way that work with all display managers using this
855 framework. My goal is to get all display managers in Debian use it,
856 similar to how they use the Xsession.d framework today.
<p
>
861 <title>Kerberos for Debian Edu/Squeeze?
</title>
862 <link>http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html
</link>
863 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html
</guid>
864 <pubDate>Wed,
14 Apr
2010 17:
20:
00 +
0200</pubDate>
866 <p
><a href=
"http://www.nuug.no/aktiviteter/
20100413-kerberos/
">Yesterdays
867 NUUG presentation
</a
> about Kerberos was inspiring, and reminded me
868 about the need to start using Kerberos in Skolelinux. Setting up a
869 Kerberos server seem to be straight forward, and if we get this in
870 place a long time before the Squeeze version of Debian freezes, we
871 have a chance to migrate Skolelinux away from NFSv3 for the home
872 directories, and over to an architecture where the infrastructure do
873 not have to trust IP addresses and machines, and instead can trust
874 users and cryptographic keys instead.
</p
>
876 <p
>A challenge will be integration and administration. Is there a
877 Kerberos implementation for Debian where one can control the
878 administration access in Kerberos using LDAP groups? With it, the
879 school administration will have to maintain access control using flat
880 files on the main server, which give a huge potential for errors.
</p
>
882 <p
>A related question I would like to know is how well Kerberos and
883 pam-ccreds (offline password check) work together. Anyone know?
</p
>
885 <p
>Next step will be to use Kerberos for access control in Lwat and
886 Nagios. I have no idea how much work that will be to implement. We
887 would also need to document how to integrate with Windows AD, as such
888 shared network will require two Kerberos realms that need to cooperate
889 to work properly.
</p
>
891 <p
>I believe a good start would be to start using Kerberos on the
892 skolelinux.no machines, and this way get ourselves experience with
893 configuration and integration. A natural starting point would be
894 setting up ldap.skolelinux.no as the Kerberos server, and migrate the
895 rest of the machines from PAM via LDAP to PAM via Kerberos one at the
898 <p
>If you would like to contribute to get this working in Skolelinux,
899 I recommend you to see the video recording from yesterdays NUUG
900 presentation, and start using Kerberos at home. The video show show
901 up in a few days.
</p
>
906 <title>Great book:
"Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future
"</title>
907 <link>http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html
</link>
908 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html
</guid>
909 <pubDate>Mon,
19 Apr
2010 17:
10:
00 +
0200</pubDate>
911 <p
>The last few weeks i have had the pleasure of reading a
912 thought-provoking collection of essays by Cory Doctorow, on topics
913 touching copyright, virtual worlds, the future of man when the
914 conscience mind can be duplicated into a computer and many more. The
915 book titled
"Content: Selected Essays on Technology, Creativity,
916 Copyright, and the Future of the Future
" is available with few
917 restrictions on the web, for example from
918 <a href=
"http://craphound.com/content/
">his own site
</a
>. I read the
920 <a href=
"http://www.feedbooks.com/book/
2883">feedbooks
</a
> using
921 <a href=
"http://www.fbreader.org/
">fbreader
</a
> and my N810. I
922 strongly recommend this book.
</p
>
927 <title>Thoughts on roaming laptop setup for Debian Edu
</title>
928 <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</link>
929 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html
</guid>
930 <pubDate>Wed,
28 Apr
2010 20:
40:
00 +
0200</pubDate>
932 <p
>For some years now, I have wondered how we should handle laptops in
933 Debian Edu. The Debian Edu infrastructure is mostly designed to
934 handle stationary computers, and less suited for computers that come
937 <p
>Now I finally believe I have an sensible idea on how to adjust
938 Debian Edu for laptops, by introducing a new profile for them, for
939 example called Roaming Workstations. Here are my thought on this.
940 The setup would consist of the following:
</p
>
944 <li
>During installation, the user name of the owner / primary user of
945 the laptop is requested and a local home directory is set up for
946 the user, with uid and gid information fetched from the LDAP
947 server. This allow the user to work also when offline. The
948 central home directory can be available in a subdirectory on
949 request, for example mounted via CIFS. It could be mounted
950 automatically when a user log in while on the Debian Edu network,
951 and unmounted when the machine is taken away (network down,
952 hibernate, etc), it can be set up to do automatic mounting on
953 request (using autofs), or perhaps some GUI button on the desktop
954 can be used to access it when needed. Perhaps it is enough to use
955 the fish protocol in KDE?
</li
>
957 <li
>Password checking is set up to use LDAP or Kerberos
958 authentication when the machine is on the Debian Edu network, and
959 to cache the password for offline checking when the machine unable
960 to reach the LDAP or Kerberos server. This can be done using
961 <a href=
"http://www.padl.com/OSS/pam_ccreds.html
">libpam-ccreds
</a
>
962 or the Fedora developed
963 <a href=
"https://fedoraproject.org/wiki/Features/SSSD
">System
964 Security Services Daemon
</a
> packages.
</li
>
966 <li
>File synchronisation with the central home directory is set up
967 using a shared directory in both the local and the central home
968 directory, using unison.
</li
>
970 <li
>Printing should be set up to print to all printers broadcasting
971 their existence on the local network, and should then work out of
972 the box with CUPS. For sites needing accurate printer quotas, some
973 system with Kerberos authentication or printing via ssh could be
974 implemented.
</li
>
976 <li
>For users that should have local root access to their laptop,
977 sudo should be used to allow this to the local user.
</li
>
979 <li
>It would be nice if user and group information from LDAP is
980 cached on the client, but given that there are entries for the
981 local user and primary group in /etc/, it should not be needed.
</li
>
985 <p
>I believe all the pieces to implement this are in Debian/testing at
986 the moment. If we work quickly, we should be able to get this ready
987 in time for the Squeeze release to freeze. Some of the pieces need
988 tweaking, like libpam-ccreds should get support for pam-auth-update
989 (
<a href=
"http://bugs.debian.org/
566718">#
566718</a
>) and nslcd (or
990 perhaps debian-edu-config) should get some integration code to stop
991 its daemon when the LDAP server is unavailable to avoid long timeouts
992 when disconnected from the net. If we get Kerberos enabled, we need
993 to make sure we avoid long timeouts there too.
</p
>
995 <p
>If you want to help out with implementing this for Debian Edu,
996 please contact us on debian-edu@lists.debian.org.
</p
>
1001 <title>Forcing new users to change their password on first login
</title>
1002 <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</link>
1003 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</guid>
1004 <pubDate>Sun,
2 May
2010 13:
47:
00 +
0200</pubDate>
1006 <p
>One interesting feature in Active Directory, is the ability to
1007 create a new user with an expired password, and thus force the user to
1008 change the password on the first login attempt.
</p
>
1010 <p
>I
'm not quite sure how to do that with the LDAP setup in Debian
1011 Edu, but did some initial testing with a local account. The account
1012 and password aging information is available in /etc/shadow, but
1013 unfortunately, it is not possible to specify an expiration time for
1014 passwords, only a maximum age for passwords.
</p
>
1016 <p
>A freshly created account (using adduser test) will have these
1017 settings in /etc/shadow:
</p
>
1019 <blockquote
><pre
>
1020 root@tjener:~# chage -l test
1021 Last password change : May
02,
2010
1022 Password expires : never
1023 Password inactive : never
1024 Account expires : never
1025 Minimum number of days between password change :
0
1026 Maximum number of days between password change :
99999
1027 Number of days of warning before password expires :
7
1029 </pre
></blockquote
>
1031 <p
>The only way I could come up with to create a user with an expired
1032 account, is to change the date of the last password change to the
1033 lowest value possible (January
1th
1970), and the maximum password age
1034 to the difference in days between that date and today. To make it
1035 simple, I went for
30 years (
30 *
365 =
10950) and January
2th (to
1036 avoid testing if
0 is a valid value).
</p
>
1038 <p
>After using these commands to set it up, it seem to work as
1041 <blockquote
><pre
>
1042 root@tjener:~# chage -d
1 test; chage -M
10950 test
1043 root@tjener:~# chage -l test
1044 Last password change : Jan
02,
1970
1045 Password expires : never
1046 Password inactive : never
1047 Account expires : never
1048 Minimum number of days between password change :
0
1049 Maximum number of days between password change :
10950
1050 Number of days of warning before password expires :
7
1052 </pre
></blockquote
>
1054 <p
>So far I have tested this with ssh and console, and kdm (in
1055 Squeeze) login, and all ask for a new password before login in the
1056 user (with ssh, I was thrown out and had to log in again).
</p
>
1058 <p
>Perhaps we should set up something similar for Debian Edu, to make
1059 sure only the user itself have the account password?
</p
>
1061 <p
>If you want to comment on or help out with implementing this for
1062 Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
1064 <p
>Update
2010-
05-
02 17:
20: Paul Tötterman tells me on IRC that the
1065 shadow(
8) page in Debian/testing now state that setting the date of
1066 last password change to zero (
0) will force the password to be changed
1067 on the first login. This was not mentioned in the manual in Lenny, so
1068 I did not notice this in my initial testing. I have tested it on
1069 Squeeze, and
'<tt
>chage -d
0 username
</tt
>' do work there. I have not
1070 tested it on Lenny yet.
</p
>
1072 <p
>Update
2010-
05-
02-
19:
05: Jim Paris tells me via email that an
1073 equivalent command to expire a password is
'<tt
>passwd -e
1074 username
</tt
>', which insert zero into the date of the last password
1080 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
1081 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
1082 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
1083 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
1085 <p
>These days, the init.d script dependencies in Squeeze are quite
1086 complete, so complete that it is actually possible to run all the
1087 init.d scripts in parallell based on these dependencies. If you want
1088 to test your Squeeze system, make sure
1089 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
1090 based boot sequencing
</a
> is enabled, and add this line to
1091 /etc/default/rcS:
</p
>
1093 <blockquote
><pre
>
1094 CONCURRENCY=makefile
1095 </pre
></blockquote
>
1097 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
1098 scripts in parallel using the dependency information stored in
1099 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
1100 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
1101 to try to start the kdm and gdm scripts as early as possible, and will
1102 start the facilities required by kdm or gdm as early as possible to
1103 make this happen.
</p
>
1105 <p
>Give it a try, and see if you like the result. If some services
1106 fail to start properly, it is most likely because they have incomplete
1107 init.d script dependencies in their startup script (or some of their
1108 dependent scripts have incomplete dependencies). Report bugs and get
1109 the package maintainers to fix it. :)
</p
>
1111 <p
>Running scripts in parallel could be the default in Debian when we
1112 manage to get the init.d script dependencies complete and correct. I
1113 expect we will get there in Squeeze+
1, if we get manage to test and
1114 fix the remaining issues.
</p
>
1116 <p
>If you report any problems with dependencies in init.d scripts to
1117 the BTS, please usertag the report to get it to show up at
1118 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
1119 list of usertagged bugs related to this
</a
>.
</p
>
1124 <title>systemd, an interesting alternative to upstart
</title>
1125 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
1126 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
1127 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
1129 <p
>The last few days a new boot system called
1130 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
1132 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
1134 to the free software world. I have not yet had time to play around
1135 with it, but it seem to be a very interesting alternative to
1136 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
1137 a good alternative for Debian when we are able to switch to an event
1138 based boot system. Tollef is
1139 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
1140 systemd into Debian, and I look forward to seeing how well it work. I
1141 like the fact that systemd handles init.d scripts with dependency
1142 information natively, allowing them to run in parallel where upstart
1143 at the moment do not.
</p
>
1145 <p
>Unfortunately do systemd have the same problem as upstart regarding
1146 platform support. It only work on recent Linux kernels, and also need
1147 some new kernel features enabled to function properly. This means
1148 kFreeBSD and Hurd ports of Debian will need a port or a different boot
1149 system. Not sure how that will be handled if systemd proves to be the
1150 way forward.
</p
>
1152 <p
>In the mean time, based on the
1153 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
1154 on debian-devel@
</a
> regarding parallel booting in Debian, I have
1155 decided to enable full parallel booting as the default in Debian as
1156 soon as possible (probably this weekend or early next week), to see if
1157 there are any remaining serious bugs in the init.d dependencies. A
1158 new version of the sysvinit package implementing this change is
1159 already in experimental. If all go well, Squeeze will be released
1160 with parallel booting enabled by default.
</p
>
1165 <title>Sitesummary tip: Listing MAC address of all clients
</title>
1166 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
1167 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
1168 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
1170 <p
>In the recent Debian Edu versions, the
1171 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
1172 system
</a
> is used to keep track of the machines in the school
1173 network. Each machine will automatically report its status to the
1174 central server after boot and once per night. The network setup is
1175 also reported, and using this information it is possible to get the
1176 MAC address of all network interfaces in the machines. This is useful
1177 to update the DHCP configuration.
</p
>
1179 <p
>To give some idea how to use sitesummary, here is a one-liner to
1180 ist all MAC addresses of all machines reporting to sitesummary. Run
1181 this on the collector host:
</p
>
1183 <blockquote
><pre
>
1184 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
1185 </pre
></blockquote
>
1187 <p
>This will list all MAC addresses assosiated with all machine, one
1188 line per machine and with space between the MAC addresses.
</p
>
1190 <p
>To allow system administrators easier job at adding static DHCP
1191 addresses for hosts, it would be possible to extend this to fetch
1192 machine information from sitesummary and update the DHCP and DNS
1193 tables in LDAP using this information. Such tool is unfortunately not
1194 written yet.
</p
>
1199 <title>Parallellized boot is now the default in Debian/unstable
</title>
1200 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
1201 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
1202 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
1204 <p
>Since this evening, parallel booting is the default in
1205 Debian/unstable for machines using dependency based boot sequencing.
1206 Apparently the testing of concurrent booting has been wider than
1207 expected, if I am to believe the
1208 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
1209 on debian-devel@
</a
>, and I concluded a few days ago to move forward
1210 with the feature this weekend, to give us some time to detect any
1211 remaining problems before Squeeze is frozen. If serious problems are
1212 detected, it is simple to change the default back to sequential boot.
1213 The upload of the new sysvinit package also activate a new upstream
1216 More information about
1217 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
1218 based boot sequencing
</a
> is available from the Debian wiki. It is
1219 currently possible to disable parallel booting when one run into
1220 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
1222 <blockquote
><pre
>
1224 </pre
></blockquote
>
1226 <p
>If you report any problems with dependencies in init.d scripts to
1227 the BTS, please usertag the report to get it to show up at
1228 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
1229 list of usertagged bugs related to this
</a
>.
</p
>
1234 <title>Pieces of the roaming laptop puzzle in Debian
</title>
1235 <link>http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</link>
1236 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</guid>
1237 <pubDate>Wed,
19 May
2010 19:
00:
00 +
0200</pubDate>
1239 <p
>Today, the last piece of the puzzle for roaming laptops in Debian
1240 Edu finally entered the Debian archive. Today, the new
1241 <a href=
"http://packages.qa.debian.org/libp/libpam-mklocaluser.html
">libpam-mklocaluser
</a
>
1242 package was accepted. Two days ago, two other pieces was accepted
1244 <a href=
"http://packages.qa.debian.org/p/pam-python.html
">pam-python
</a
>
1245 package needed by libpam-mklocaluser, and the
1246 <a href=
"http://packages.qa.debian.org/s/sssd.html
">sssd
</a
> package
1247 passed NEW on Monday. In addition, the
1248 <a href=
"http://packages.qa.debian.org/libp/libpam-ccreds.html
">libpam-ccreds
</a
>
1249 package we need is in experimental (version
10-
4) since Saturday, and
1250 hopefully will be moved to unstable soon.
</p
>
1252 <p
>This collection of packages allow for two different setups for
1253 roaming laptops. The traditional setup would be using libpam-ccreds,
1254 nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
1255 which should work out of the box if the configuration changes proposed
1256 for nscd in
<a href=
"http://bugs.debian.org/
485282">BTS report
1257 #
485282</a
> is implemented. The alternative setup is to use sssd with
1258 libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
1259 care of the caching of passwords and group information.
</p
>
1261 <p
>I have so far been unable to get sssd to work with the LDAP server
1262 at the University, but suspect the issue is some SSL/GnuTLS related
1263 problem with the server certificate. I plan to update the Debian
1264 package to version
1.2, which is scheduled for next week, and hope to
1265 find time to make sure the next release will include both the
1266 Debian/Ubuntu specific patches. Upstream is friendly and responsive,
1267 and I am sure we will find a good solution.
</p
>
1269 <p
>The idea is to set up the roaming laptops to authenticate using
1270 LDAP or Kerberos and create a local user with home directory in /home/
1271 when a usre in LDAP logs in via KDM or GDM for the first time, and
1272 cache the password for offline checking, as well as caching group
1273 memberhips and other relevant LDAP information. The
1274 libpam-mklocaluser package was created to make sure the local home
1275 directory is in /home/, instead of /site/server/directory/ which would
1276 be the home directory if pam_mkhomedir was used. To avoid confusion
1277 with support requests and configuration, we do not want local laptops
1278 to have users in a path that is used for the same users home directory
1279 on the home directory servers.
</p
>
1281 <p
>One annoying problem with gdm is that it do not show the PAM
1282 message passed to the user from libpam-mklocaluser when the local user
1283 is created. Instead gdm simply reject the login with some generic
1284 message. The message is shown in kdm, ssh and login, so I guess it is
1285 a bug in gdm. Have not investigated if there is some other message
1286 type that can be used instead to get gdm to also show the message.
</p
>
1288 <p
>If you want to help out with implementing this for Debian Edu,
1289 please contact us on debian-edu@lists.debian.org.
</p
>
1294 <title>More flexible firmware handling in debian-installer
</title>
1295 <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</link>
1296 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</guid>
1297 <pubDate>Sat,
22 May
2010 21:
30:
00 +
0200</pubDate>
1299 <p
>After a long break from debian-installer development, I finally
1300 found time today to return to the project. Having to spend less time
1301 working dependency based boot in debian, as it is almost complete now,
1302 definitely helped freeing some time.
</p
>
1304 <p
>A while back, I ran into a problem while working on Debian Edu. We
1305 include some firmware packages on the Debian Edu CDs, those needed to
1306 get disk and network controllers working. Without having these
1307 firmware packages available during installation, it is impossible to
1308 install Debian Edu on the given machine, and because our target group
1309 are non-technical people, asking them to provide firmware packages on
1310 an external medium is a support pain. Initially, I expected it to be
1311 enough to include the firmware packages on the CD to get
1312 debian-installer to find and use them. This proved to be wrong.
1313 Next, I hoped it was enough to symlink the relevant firmware packages
1314 to some useful location on the CD (tried /cdrom/ and
1315 /cdrom/firmware/). This also proved to not work, and at this point I
1316 found time to look at the debian-installer code to figure out what was
1317 going to work.
</p
>
1319 <p
>The firmware loading code is in the hw-detect package, and a closer
1320 look revealed that it would only look for firmware packages outside
1321 the installation media, so the CD was never checked for firmware
1322 packages. It would only check USB sticks, floppies and other
1323 "external
" media devices. Today I changed it to also look in the
1324 /cdrom/firmware/ directory on the mounted CD or DVD, which should
1325 solve the problem I ran into with Debian edu. I also changed it to
1326 look in /firmware/, to make sure the installer also find firmware
1327 provided in the initrd when booting the installer via PXE, to allow us
1328 to provide the same feature in the PXE setup included in Debian
1331 <p
>To make sure firmware deb packages with a license questions are not
1332 activated without asking if the license is accepted, I extended
1333 hw-detect to look for preinst scripts in the firmware packages, and
1334 run these before activating the firmware during installation. The
1335 license question is asked using debconf in the preinst, so this should
1336 solve the issue for the firmware packages I have looked at so far.
</p
>
1338 <p
>If you want to discuss the details of these features, please
1339 contact us on debian-boot@lists.debian.org.
</p
>
1344 <title>Parallellized boot seem to hold up well in Debian/testing
</title>
1345 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</link>
1346 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</guid>
1347 <pubDate>Thu,
27 May
2010 23:
55:
00 +
0200</pubDate>
1349 <p
>A few days ago, parallel booting was enabled in Debian/testing.
1350 The feature seem to hold up pretty well, but three fairly serious
1351 issues are known and should be solved:
1355 <li
>The wicd package seen to
1356 <a href=
"http://bugs.debian.org/
508289">break NFS mounting
</a
> and
1357 <a href=
"http://bugs.debian.org/
581586">network setup
</a
> when
1358 parallel booting is enabled. No idea why, but the wicd maintainer
1359 seem to be on the case.
</li
>
1361 <li
>The nvidia X driver seem to
1362 <a href=
"http://bugs.debian.org/
583312">have a race condition
</a
>
1363 triggered more easily when parallel booting is in effect. The
1364 maintainer is on the case.
</li
>
1366 <li
>The sysv-rc package fail to properly enable dependency based boot
1367 sequencing (the shutdown is broken) when old file-rc users
1368 <a href=
"http://bugs.debian.org/
575080">try to switch back
</a
> to
1369 sysv-rc. One way to solve it would be for file-rc to create
1370 /etc/init.d/.legacy-bootordering, and another is to try to make
1371 sysv-rc more robust. Will investigate some more and probably upload a
1372 workaround in sysv-rc to help those trying to move from file-rc to
1373 sysv-rc get a working shutdown.
</li
>
1375 </ul
></p
>
1377 <p
>All in all not many surprising issues, and all of them seem
1378 solvable before Squeeze is released. In addition to these there are
1379 some packages with bugs in their dependencies and run level settings,
1380 which I expect will be fixed in a reasonable time span.
</p
>
1382 <p
>If you report any problems with dependencies in init.d scripts to
1383 the BTS, please usertag the report to get it to show up at
1384 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
1385 list of usertagged bugs related to this
</a
>.
</p
>
1387 <p
>Update: Correct bug number to file-rc issue.
</p
>
1392 <title>KDM fail at boot with NVidia cards - and no one try to fix it?
</title>
1393 <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</link>
1394 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</guid>
1395 <pubDate>Tue,
1 Jun
2010 17:
05:
00 +
0200</pubDate>
1397 <p
>It is strange to watch how a bug in Debian causing KDM to fail to
1398 start at boot when an NVidia video card is used is handled. The
1399 problem seem to be that the nvidia X.org driver uses a long time to
1400 initialize, and this duration is longer than kdm is configured to
1403 <p
>I came across two bugs related to this issue,
1404 <a href=
"http://bugs.debian.org/
583312">#
583312</a
> initially filed
1405 against initscripts and passed on to nvidia-glx when it became obvious
1406 that the nvidia drivers were involved, and
1407 <a href=
"http://bugs.debian.org/
524751">#
524751</a
> initially filed against
1408 kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.
</p
>
1410 <p
>To me, it seem that no-one is interested in actually solving the
1411 problem nvidia video card owners experience and make sure the Debian
1412 distribution work out of the box for these users. The nvidia driver
1413 maintainers expect kdm to be set up to wait longer, while kdm expect
1414 the nvidia driver maintainers to fix the driver to start faster, and
1415 while they wait for each other I guess the users end up switching to a
1416 distribution that work for them. I have no idea what the solution is,
1417 but I am pretty sure that waiting for each other is not it.
</p
>
1419 <p
>I wonder why we end up handling bugs this way.
</p
>
1424 <title>Sitesummary tip: Listing computer hardware models used at site
</title>
1425 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</link>
1426 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</guid>
1427 <pubDate>Thu,
3 Jun
2010 12:
05:
00 +
0200</pubDate>
1429 <p
>When using sitesummary at a site to track machines, it is possible
1430 to get a list of the machine types in use thanks to the DMI
1431 information extracted from each machine. The script to do so is
1432 included in the sitesummary package, and here is example output from
1433 the Skolelinux build servers:
</p
>
1435 <blockquote
><pre
>
1436 maintainer:~# /usr/lib/sitesummary/hardware-model-summary
1438 Dell Computer Corporation
1
1441 eserver xSeries
345 -[
8670M1X]-
1
1445 </pre
></blockquote
>
1447 <p
>The quality of the report depend on the quality of the DMI tables
1448 provided in each machine. Here there are Intel machines without model
1449 information listed with Intel as vendor and mo model, and virtual Xen
1450 machines listed as [no-dmi-info]. One can add -l as a command line
1451 option to list the individual machines.
</p
>
1453 <p
>A larger list is
1454 <a href=
"http://narvikskolen.no/sitesummary/
">available from the the
1455 city of Narvik
</a
>, which uses Skolelinux on all their shools and also
1456 provide the basic sitesummary report publicly. In their report there
1457 are ~
1400 machines. I know they use both Ubuntu and Skolelinux on
1458 their machines, and as sitesummary is available in both distributions,
1459 it is trivial to get all of them to report to the same central
1460 collector.
</p
>
1465 <title>A manual for standards wars...
</title>
1466 <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</link>
1467 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</guid>
1468 <pubDate>Sun,
6 Jun
2010 14:
15:
00 +
0200</pubDate>
1471 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/QzU4RgoAGMg/weekly-links-
10.html
">blog
1472 of Rob Weir
</a
> I came across the very interesting essay named
1473 <a href=
"http://faculty.haas.berkeley.edu/shapiro/wars.pdf
">The Art of
1474 Standards Wars
</a
> (PDF
25 pages). I recommend it for everyone
1475 following the standards wars of today.
</p
>
1480 <title>Upstart or sysvinit - as init.d scripts see it
</title>
1481 <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</link>
1482 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</guid>
1483 <pubDate>Sun,
6 Jun
2010 23:
55:
00 +
0200</pubDate>
1485 <p
>If Debian is to migrate to upstart on Linux, I expect some init.d
1486 scripts to migrate (some of) their operations to upstart job while
1487 keeping the init.d for hurd and kfreebsd. The packages with such
1488 needs will need a way to get their init.d scripts to behave
1489 differently when used with sysvinit and with upstart. Because of
1490 this, I had a look at the environment variables set when a init.d
1491 script is running under upstart, and when it is not.
</p
>
1493 <p
>With upstart, I notice these environment variables are set when a
1494 script is started from rcS.d/ (ignoring some irrelevant ones like
1497 <blockquote
><pre
>
1503 UPSTART_EVENTS=startup
1505 UPSTART_JOB=rc-sysinit
1506 </pre
></blockquote
>
1508 <p
>With sysvinit, these environment variables are set for the same
1511 <blockquote
><pre
>
1512 INIT_VERSION=sysvinit-
2.88
1517 </pre
></blockquote
>
1519 <p
>The RUNLEVEL and PREVLEVEL environment variables passed on from
1520 sysvinit are not set by upstart. Not sure if it is intentional or not
1521 to not be compatible with sysvinit in this regard.
</p
>
1523 <p
>For scripts needing to behave differently when upstart is used,
1524 looking for the UPSTART_JOB environment variable seem to be a good
1530 <title>Automatic upgrade testing from Lenny to Squeeze
</title>
1531 <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</link>
1532 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</guid>
1533 <pubDate>Fri,
11 Jun
2010 22:
50:
00 +
0200</pubDate>
1535 <p
>The last few days I have done some upgrade testing in Debian, to
1536 see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs
1537 have been discovered and reported in the process
1538 (
<a href=
"http://bugs.debian.org/
585410">#
585410</a
> in nagios3-cgi,
1539 <a href=
"http://bugs.debian.org/
584879">#
584879</a
> already fixed in
1540 enscript and
<a href=
"http://bugs.debian.org/
584861">#
584861</a
> in
1541 kdebase-workspace-data), and to get a more regular testing going on, I
1542 am working on a script to automate the test.
</p
>
1544 <p
>The idea is to create a Lenny chroot and use tasksel to install a
1545 Gnome or KDE desktop installation inside the chroot before upgrading
1546 it. To ensure no services are started in the chroot, a policy-rc.d
1547 script is inserted. To make sure tasksel believe it is to install a
1548 desktop on a laptop, the tasksel tests are replaced in the chroot
1549 (only acceptable because this is a throw-away chroot).
</p
>
1551 <p
>A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
1552 currently always fail because udev refuses to upgrade with the kernel
1553 in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
1554 is created. The bug report
1555 <a href=
"http://bugs.debian.org/
566000">#
566000</a
> make me suspect
1556 this problem do not trigger in a chroot, but I touch the file anyway
1557 to make sure the upgrade go well. Testing on virtual and real
1558 hardware have failed me because of udev so far, and creating this file
1559 do the trick in such settings anyway. This is a
1560 <a href=
"http://www.linuxquestions.org/questions/debian-
26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-
804130/
">known
1561 issue
</a
> and the current udev behaviour is intended by the udev
1562 maintainer because he lack the resources to rewrite udev to keep
1563 working with old kernels or something like that. I really wish the
1564 udev upstream would keep udev backwards compatible, to avoid such
1565 upgrade problem, but given that they fail to do so, I guess
1566 documenting the way out of this mess is the best option we got for
1567 Debian Squeeze.
</p
>
1569 <p
>Anyway, back to the task at hand, testing upgrades. This test
1570 script, which I call
<tt
>upgrade-test
</tt
> for now, is doing the
1573 <blockquote
><pre
>
1577 if [
"$
1" ] ; then
1586 exec
&lt; /dev/null
1588 mirror=http://ftp.skolelinux.org/debian
1589 tmpdir=chroot-$from-upgrade-$to-$desktop
1591 debootstrap $from $tmpdir $mirror
1592 chroot $tmpdir aptitude update
1593 cat
> $tmpdir/usr/sbin/policy-rc.d
&lt;
&lt;EOF
1597 chmod a+rx $tmpdir/usr/sbin/policy-rc.d
1601 mount -t proc proc $tmpdir/proc
1602 # Make sure proc is unmounted also on failure
1603 trap exit_cleanup EXIT INT
1605 chroot $tmpdir aptitude -y install debconf-utils
1607 # Make sure tasksel autoselection trigger. It need the test scripts
1608 # to return the correct answers.
1609 echo tasksel tasksel/desktop multiselect $desktop | \
1610 chroot $tmpdir debconf-set-selections
1612 # Include the desktop and laptop task
1613 for test in desktop laptop ; do
1614 echo
> $tmpdir/usr/lib/tasksel/tests/$test
&lt;
&lt;EOF
1618 chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
1621 DEBIAN_FRONTEND=noninteractive
1622 DEBIAN_PRIORITY=critical
1623 export DEBIAN_FRONTEND DEBIAN_PRIORITY
1624 chroot $tmpdir tasksel --new-install
1626 echo deb $mirror $to main
> $tmpdir/etc/apt/sources.list
1627 chroot $tmpdir aptitude update
1628 touch $tmpdir/etc/udev/kernel-upgrade
1629 chroot $tmpdir aptitude -y dist-upgrade
1631 </pre
></blockquote
>
1633 <p
>I suspect it would be useful to test upgrades with both apt-get and
1634 with aptitude, but I have not had time to look at how they behave
1635 differently so far. I hope to get a cron job running to do the test
1636 regularly and post the result on the web. The Gnome upgrade currently
1637 work, while the KDE upgrade fail because of the bug in
1638 kdebase-workspace-data
</p
>
1640 <p
>I am not quite sure what kind of extract from the huge upgrade logs
1641 (KDE
167 KiB, Gnome
516 KiB) it make sense to include in this blog
1642 post, so I will refrain from trying. I can report that for Gnome,
1643 aptitude report
760 packages upgraded,
448 newly installed,
129 to
1644 remove and
1 not upgraded and
1024MB need to be downloaded while for
1645 KDE the same numbers are
702 packages upgraded,
507 newly installed,
1646 193 to remove and
0 not upgraded and
1117MB need to be downloaded
</p
>
1648 <p
>I am very happy to notice that the Gnome desktop + laptop upgrade
1649 is able to migrate to dependency based boot sequencing and parallel
1650 booting without a hitch. Was unsure if there were still bugs with
1651 packages failing to clean up their obsolete init.d script during
1652 upgrades, and no such problem seem to affect the Gnome desktop+laptop
1658 <title>Lenny-
>Squeeze upgrades, removals by apt and aptitude
</title>
1659 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</link>
1660 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</guid>
1661 <pubDate>Sun,
13 Jun
2010 09:
05:
00 +
0200</pubDate>
1664 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">testing
1665 of Debian upgrades
</a
> from Lenny to Squeeze continues, and I
've
1666 finally made the upgrade logs available from
1667 <a href=
"http://people.skolelinux.org/pere/debian-upgrade-testing/
">http://people.skolelinux.org/pere/debian-upgrade-testing/
</a
>.
1668 I am now testing dist-upgrade of Gnome and KDE in a chroot using both
1669 apt and aptitude, and found their differences interesting. This time
1670 I will only focus on their removal plans.
</p
>
1672 <p
>After installing a Gnome desktop and the laptop task, apt-get wants
1673 to remove
72 packages when dist-upgrading from Lenny to Squeeze. The
1674 surprising part is that it want to remove xorg and all
1675 xserver-xorg-video* drivers. Clearly not a good choice, but I am not
1676 sure why. When asking aptitude to do the same, it want to remove
129
1677 packages, but most of them are library packages I suspect are no
1678 longer needed. Both of them want to remove bluetooth packages, which
1679 I do not know. Perhaps these bluetooth packages are obsolete?
</p
>
1681 <p
>For KDE, apt-get want to remove
82 packages, among them kdebase
1682 which seem like a bad idea and xorg the same way as with Gnome. Asking
1683 aptitude for the same, it wants to remove
192 packages, none which are
1684 too surprising.
</p
>
1686 <p
>I guess the removal of xorg during upgrades should be investigated
1687 and avoided, and perhaps others as well. Here are the complete list
1688 of planned removals. The complete logs is available from the URL
1689 above. Note if you want to repeat these tests, that the upgrade test
1690 for kde+apt-get hung in the tasksel setup because of dpkg asking
1691 conffile questions. No idea why. I worked around it by using
1692 '<tt
>echo
>> /proc/
<em
>pidofdpkg
</em
>/fd/
0</tt
>' to tell dpkg to
1695 <p
><b
>apt-get gnome
72</b
>
1696 <br
>bluez-gnome cupsddk-drivers deskbar-applet gnome
1697 gnome-desktop-environment gnome-network-admin gtkhtml3.14
1698 iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-
1-
0
1699 libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
1700 nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
1701 serpentine swfdec-mozilla update-manager xorg xserver-xorg
1702 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
1703 xserver-xorg-input-kbd xserver-xorg-input-mouse
1704 xserver-xorg-input-synaptics xserver-xorg-input-wacom
1705 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
1706 xserver-xorg-video-ati xserver-xorg-video-chips
1707 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
1708 xserver-xorg-video-dummy xserver-xorg-video-fbdev
1709 xserver-xorg-video-glint xserver-xorg-video-i128
1710 xserver-xorg-video-i740 xserver-xorg-video-imstt
1711 xserver-xorg-video-intel xserver-xorg-video-mach64
1712 xserver-xorg-video-mga xserver-xorg-video-neomagic
1713 xserver-xorg-video-nsc xserver-xorg-video-nv
1714 xserver-xorg-video-openchrome xserver-xorg-video-r128
1715 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
1716 xserver-xorg-video-rendition xserver-xorg-video-s3
1717 xserver-xorg-video-s3virge xserver-xorg-video-savage
1718 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
1719 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
1720 xserver-xorg-video-tga xserver-xorg-video-trident
1721 xserver-xorg-video-tseng xserver-xorg-video-v4l
1722 xserver-xorg-video-vesa xserver-xorg-video-vga
1723 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9
1724 xulrunner-
1.9-gnome-support
</p
>
1726 <p
><b
>aptitude gnome
129</b
>
1728 <br
>bluez-gnome bluez-utils cpp-
4.3 cupsddk-drivers dhcdbd
1729 djvulibre-desktop finger gnome-app-install gnome-mount
1730 gnome-network-admin gnome-spell gnome-vfs-obexftp
1731 gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
1732 libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
1733 libcamel1.2-
11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
1734 libdirectfb-
1.0-
0 libdvdread3 libedataserver1.2-
9 libeel2-
2.20
1735 libeel2-data libepc-
1.0-
1 libepc-ui-
1.0-
1 libfaad0 libgail-common
1736 libgd2-noxpm libgda3-
3 libgda3-common libgdl-
1-
0 libgdl-
1-common
1737 libggz2 libggzcore9 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0
1738 libgnomecups1.0-
1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-
0
1739 libgnomeprint2.2-data libgnomeprintui2.2-
0 libgnomeprintui2.2-common
1740 libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-
0
1741 libgtksourceview-common libgtksourceview1.0-
0 libgucharmap6
1742 libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++
10
1743 libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
1744 libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-
2.2
1745 libosp5 libparted1.8-
10 libpoppler-glib3 libpoppler3 libpt-
1.10.10
1746 libpt-
1.10.10-plugins-alsa libpt-
1.10.10-plugins-v4l libraw1394-
8
1747 libsensors3 libslab0 libsmbios2 libsoup2.2-
8 libssh2-
1
1748 libsuitesparse-
3.1.0 libswfdec-
0.6-
90 libtalloc1 libtotem-plparser10
1749 libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
1750 libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
1751 libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
1752 openoffice.org-writer2latex openssl-blacklist p7zip
1753 python-
4suite-xml python-eggtrayicon python-gnome2-desktop
1754 python-gnome2-extras python-gtkhtml2 python-gtkmozembed
1755 python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
1756 swfdec-mozilla totem-gstreamer update-manager wodim
1757 xserver-xorg-video-cyrix xserver-xorg-video-imstt
1758 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
1761 <p
><b
>apt-get kde
82</b
>
1763 <br
>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
1764 kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
1765 kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
1766 kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
1767 kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
1768 libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
1769 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
1770 xserver-xorg-input-kbd xserver-xorg-input-mouse
1771 xserver-xorg-input-synaptics xserver-xorg-input-wacom
1772 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
1773 xserver-xorg-video-ati xserver-xorg-video-chips
1774 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
1775 xserver-xorg-video-dummy xserver-xorg-video-fbdev
1776 xserver-xorg-video-glint xserver-xorg-video-i128
1777 xserver-xorg-video-i740 xserver-xorg-video-imstt
1778 xserver-xorg-video-intel xserver-xorg-video-mach64
1779 xserver-xorg-video-mga xserver-xorg-video-neomagic
1780 xserver-xorg-video-nsc xserver-xorg-video-nv
1781 xserver-xorg-video-openchrome xserver-xorg-video-r128
1782 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
1783 xserver-xorg-video-rendition xserver-xorg-video-s3
1784 xserver-xorg-video-s3virge xserver-xorg-video-savage
1785 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
1786 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
1787 xserver-xorg-video-tga xserver-xorg-video-trident
1788 xserver-xorg-video-tseng xserver-xorg-video-v4l
1789 xserver-xorg-video-vesa xserver-xorg-video-vga
1790 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9</p
>
1792 <p
><b
>aptitude kde
192</b
>
1793 <br
>bluez-utils cpp-
4.3 cupsddk-drivers cvs dcoprss dhcdbd
1794 djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
1795 ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
1796 kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
1797 kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
1798 kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
1799 kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
1800 kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
1801 kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
1802 kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
1803 kghostview khelpcenter khexedit kiconedit kitchensync klatin
1804 klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
1805 kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
1806 krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
1807 ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
1808 kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
1809 kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
1810 libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
1811 libavahi-core5 libavc1394-
0 libavcodec51 libbluetooth2
1812 libboost-python1.34
.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
1813 libdirectfb-
1.0-
0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
1814 libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-
0
1815 libicu38 libiec61883-
0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
1816 libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
1817 libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
1818 libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
1819 libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
1820 libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-
8 libsmbios2
1821 libssh2-
1 libsuitesparse-
3.1.0 libtalloc1 libtiff-tools
1822 libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
1823 libxerces2-java-gcj libxtrap6 mpeglib networkstatus
1824 openoffice.org-writer2latex pmount poster psutils quanta quanta-data
1825 superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
1826 texlive-common texlive-doc-base texlive-fonts-recommended
1827 xserver-xorg-video-cyrix xserver-xorg-video-imstt
1828 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
1829 xulrunner-
1.9</p
>
1835 <title>Officeshots taking shape
</title>
1836 <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
</link>
1837 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html
</guid>
1838 <pubDate>Sun,
13 Jun
2010 11:
40:
00 +
0200</pubDate>
1840 <p
>For those of us caring about document exchange and
1841 interoperability,
<a href=
"http://www.officeshots.org/
">OfficeShots
</a
>
1842 is a great service. It is to ODF documents what
1843 <a href=
"http://browsershots.org/
">BrowserShots
</a
> is for web
1846 <p
>A while back, I was contacted by Knut Yrvin at the part of Nokia
1847 that used to be Trolltech, who wanted to help the OfficeShots project
1848 and wondered if the University of Oslo where I work would be
1849 interested in supporting the project. I helped him to navigate his
1850 request to the right people at work, and his request was answered with
1851 a spot in the machine room with power and network connected, and Knut
1852 arranged funding for a machine to fill the spot. The machine is
1853 administrated by the OfficeShots people, so I do not have daily
1854 contact with its progress, and thus from time to time check back to
1855 see how the project is doing.
</p
>
1857 <p
>Today I had a look, and was happy to see that the Dell box in our
1858 machine room now is the host for several virtual machines running as
1859 OfficeShots factories, and the project is able to render ODF documents
1860 in
17 different document processing implementation on Linux and
1861 Windows. This is great.
</p
>
1866 <title>Calling tasksel like the installer, while still getting useful output
</title>
1867 <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</link>
1868 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</guid>
1869 <pubDate>Wed,
16 Jun
2010 14:
55:
00 +
0200</pubDate>
1871 <p
>A few times I have had the need to simulate the way tasksel
1872 installs packages during the normal debian-installer run. Until now,
1873 I have ended up letting tasksel do the work, with the annoying problem
1874 of not getting any feedback at all when something fails (like a
1875 conffile question from dpkg or a download that fails), using code like
1878 <blockquote
><pre
>
1879 export DEBIAN_FRONTEND=noninteractive
1880 tasksel --new-install
1881 </pre
></blockquote
>
1883 This would invoke tasksel, let its automatic task selection pick the
1884 tasks to install, and continue to install the requested tasks without
1885 any output what so ever.
1887 Recently I revisited this problem while working on the automatic
1888 package upgrade testing, because tasksel would some times hang without
1889 any useful feedback, and I want to see what is going on when it
1890 happen. Then it occured to me, I can parse the output from tasksel
1891 when asked to run in test mode, and use that aptitude command line
1892 printed by tasksel then to simulate the tasksel run. I ended up using
1895 <blockquote
><pre
>
1896 export DEBIAN_FRONTEND=noninteractive
1897 cmd=
"$(in_target tasksel -t --new-install | sed
's/debconf-apt-progress -- //
')
"
1899 </pre
></blockquote
>
1901 <p
>The content of $cmd is typically something like
"<tt
>aptitude -q
1902 --without-recommends -o APT::Install-Recommends=no -y install
1903 ~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
1904 ~pimportant
</tt
>", which will install the gnome desktop task, the
1905 laptop task and all packages with priority standard , required and
1906 important, just like tasksel would have done it during
1907 installation.
</p
>
1909 <p
>A better approach is probably to extend tasksel to be able to
1910 install packages without using debconf-apt-progress, for use cases
1911 like this.
</p
>
1916 <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
</title>
1917 <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</link>
1918 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</guid>
1919 <pubDate>Thu,
24 Jun
2010 00:
35:
00 +
0200</pubDate>
1921 <p
>A while back, I
1922 <a href=
"http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
">complained
1923 about the fact
</a
> that it is not possible with the provided schemas
1924 for storing DNS and DHCP information in LDAP to combine the two sets
1925 of information into one LDAP object representing a computer.
</p
>
1927 <p
>In the mean time, I discovered that a simple fix would be to make
1928 the dhcpHost object class auxiliary, to allow it to be combined with
1929 the dNSDomain object class, and thus forming one object for one
1930 computer when storing both DHCP and DNS information in LDAP.
</p
>
1932 <p
>If I understand this correctly, it is not safe to do this change
1933 without also changing the assigned number for the object class, and I
1934 do not know enough about LDAP schema design to do that properly for
1935 Debian Edu.
</p
>
1937 <p
>Anyway, for future reference, this is how I believe we could change
1939 <a href=
"http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-
00">DHCP
1940 schema
</a
> to solve at least part of the problem with the LDAP schemas
1941 available today from IETF.
</p
>
1944 --- dhcp.schema (revision
65192)
1945 +++ dhcp.schema (working copy)
1947 objectclass (
2.16.840.1.113719.1.203.6.6
1948 NAME
'dhcpHost
'
1949 DESC
'This represents information about a particular client
'
1953 MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
1954 X-NDS_CONTAINMENT (
'dhcpService
' 'dhcpSubnet
' 'dhcpGroup
') )
1957 <p
>I very much welcome clues on how to do this properly for Debian
1958 Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
1959 package, and should thus be free to rewrite it as we see fit.
</p
>
1961 <p
>If you want to help out with implementing this for Debian Edu,
1962 please contact us on debian-edu@lists.debian.org.
</p
>
1967 <title>LUMA, a very nice LDAP GUI
</title>
1968 <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</link>
1969 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</guid>
1970 <pubDate>Mon,
28 Jun
2010 00:
30:
00 +
0200</pubDate>
1972 <p
>The last few days I have been looking into the status of the LDAP
1973 directory in Debian Edu, and in the process I started to miss a GUI
1974 tool to browse the LDAP tree. The only one I was able to find in
1975 Debian/Squeeze and Lenny is
1976 <a href=
"http://luma.sourceforge.net/
">LUMA
</a
>, which has proved to
1977 be a great tool to get a overview of the current LDAP directory
1978 populated by default in Skolelinux. Thanks to it, I have been able to
1979 find empty and obsolete subtrees, misplaced objects and duplicate
1980 objects. It will be installed by default in Debian/Squeeze. If you
1981 are working with LDAP, give it a go. :)
</p
>
1983 <p
>I did notice one problem with it I have not had time to report to
1984 the BTS yet. There is no .desktop file in the package, so the tool do
1985 not show up in the Gnome and KDE menus, but only deep down in in the
1986 Debian submenu in KDE. I hope that can be fixed before Squeeze is
1989 <p
>I have not yet been able to get it to modify the tree yet. I would
1990 like to move objects and remove subtrees directly in the GUI, but have
1991 not found a way to do that with LUMA yet. So in the mean time, I use
1992 <a href=
"http://www.lichteblau.com/ldapvi/
">ldapvi
</a
> for that.
</p
>
1994 <p
>If you have tips on other GUI tools for LDAP that might be useful
1995 in Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
projects / homepage.git / blob