<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>Lenny->Squeeze upgrades, removals by apt and aptitude</title>
- <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</guid>
- <pubDate>Sun, 13 Jun 2010 09:05:00 +0200</pubDate>
+ <title>Idea for storing LTSP configuration in LDAP</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
+ <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
<description>
-<p>My
-<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">testing
-of Debian upgrades</a> from Lenny to Squeeze continues, and I've
-finally made the upgrade logs available from
-<a href="http://people.skolelinux.org/pere/debian-upgrade-testing/">http://people.skolelinux.org/pere/debian-upgrade-testing/</a>.
-I am now testing dist-upgrade of Gnome and KDE in a chroot using both
-apt and aptitude, and found their differences interesting. This time
-I focus on their removal plans.</p>
-
-<p>After installing a Gnome desktop and the laptop task, apt-get wants
-to remove 72 packages when dist-upgrading from Lenny to Squeeze. The
-surprising part is that it want to remove xorg and all
-xserver-xorg-video* drivers. Clearly not a good choice, but I am not
-sure why. When asking aptitude to do the same, it want to remove 129
-packages, but most of them are library packages I suspect are no
-longer needed. Both of them want to remove bluetooth packages, which
-I do not know. Perhaps these bluetooth packages are obsolete?</p>
-
-<p>For KDE, apt-get want to remove 82 packages, among them kdebase
-which seem like a bad idea and xorg the same way as with Gnome. Asking
-aptitude for the same, it wants to remove 192 packages, none which are
-too surprising.</p>
-
-<p>I guess the removal of xorg during upgrades should be investigated
-and avoided, and perhaps others as well. Here are the complete list
-of removals. The complete logs is available from the URL above. Note
-if you want to repeat these tests, that the upgrade test for
-kde+apt-get hung in the tasksel setup because of dpkg asking conffile
-questions. No idea why. I worked around it by using '<tt>echo >>
-/proc/<em>pidofdpkg</em>/fd/0</tt>' to tell dpkg to continue.</p>
-
-<p><b>apt-get gnome 72</b>
-<br>bluez-gnome cupsddk-drivers deskbar-applet gnome
- gnome-desktop-environment gnome-network-admin gtkhtml3.14
- iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
- libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
- nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
- serpentine swfdec-mozilla update-manager xorg xserver-xorg
- xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-input-wacom
- xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
- xserver-xorg-video-ati xserver-xorg-video-chips
- xserver-xorg-video-cirrus xserver-xorg-video-cyrix
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-imstt
- xserver-xorg-video-intel xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nsc xserver-xorg-video-nv
- xserver-xorg-video-openchrome xserver-xorg-video-r128
- xserver-xorg-video-radeon xserver-xorg-video-radeonhd
- xserver-xorg-video-rendition xserver-xorg-video-s3
- xserver-xorg-video-s3virge xserver-xorg-video-savage
- xserver-xorg-video-siliconmotion xserver-xorg-video-sis
- xserver-xorg-video-sisusb xserver-xorg-video-tdfx
- xserver-xorg-video-tga xserver-xorg-video-trident
- xserver-xorg-video-tseng xserver-xorg-video-v4l
- xserver-xorg-video-vesa xserver-xorg-video-vga
- xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
- xulrunner-1.9-gnome-support</p>
-
-<p><b>aptitude gnome 129</b>
-
-<br>bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
- djvulibre-desktop finger gnome-app-install gnome-mount
- gnome-network-admin gnome-spell gnome-vfs-obexftp
- gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
- libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
- libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
- libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
- libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
- libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
- libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
- libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
- libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
- libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
- libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
- libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
- libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
- libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
- libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
- libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
- libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
- libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
- libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
- libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
- libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
- openoffice.org-writer2latex openssl-blacklist p7zip
- python-4suite-xml python-eggtrayicon python-gnome2-desktop
- python-gnome2-extras python-gtkhtml2 python-gtkmozembed
- python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
- swfdec-mozilla totem-gstreamer update-manager wodim
- xserver-xorg-video-cyrix xserver-xorg-video-imstt
- xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
- zip</p>
-
-<p><b>apt-get kde 82</b>
-
-<br>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
- kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
- kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
- kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
- kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
- libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
- xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-input-wacom
- xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
- xserver-xorg-video-ati xserver-xorg-video-chips
- xserver-xorg-video-cirrus xserver-xorg-video-cyrix
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-imstt
- xserver-xorg-video-intel xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nsc xserver-xorg-video-nv
- xserver-xorg-video-openchrome xserver-xorg-video-r128
- xserver-xorg-video-radeon xserver-xorg-video-radeonhd
- xserver-xorg-video-rendition xserver-xorg-video-s3
- xserver-xorg-video-s3virge xserver-xorg-video-savage
- xserver-xorg-video-siliconmotion xserver-xorg-video-sis
- xserver-xorg-video-sisusb xserver-xorg-video-tdfx
- xserver-xorg-video-tga xserver-xorg-video-trident
- xserver-xorg-video-tseng xserver-xorg-video-v4l
- xserver-xorg-video-vesa xserver-xorg-video-vga
- xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9</p>
-
-<p><b>aptitude kde 192</b>
-<br>bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
- djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
- ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
- kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
- kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
- kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
- kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
- kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
- kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
- kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
- kghostview khelpcenter khexedit kiconedit kitchensync klatin
- klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
- kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
- krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
- ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
- kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
- kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
- libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
- libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
- libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
- libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
- libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
- libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
- libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
- libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
- libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
- libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
- libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
- libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
- libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
- libxerces2-java-gcj libxtrap6 mpeglib networkstatus
- openoffice.org-writer2latex pmount poster psutils quanta quanta-data
- superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
- texlive-common texlive-doc-base texlive-fonts-recommended
- xserver-xorg-video-cyrix xserver-xorg-video-imstt
- xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
- xulrunner-1.9</p>
+<p>Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.</p>
+
+<p>Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP. The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.</p>
+
+<p>The goal is to be able to store the LTSP configuration attributes
+in a "computer" LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.</p>
+
+<p>This is a untested draft implementation, and I welcome feedback on
+this approach. A real LDAP schema for the ltspClientAux objectclass
+need to be written. Comments, suggestions, etc?</p>
+
+<blockquote><pre>
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings. Something like this should work:
+#
+# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
+# SUP top
+# AUXILIARY
+# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ "$LDAPSERVER" ] ; then
+ LDAPBASE=$(debian-edu-ldapserver -b)
+ for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
+ filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
+ ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
+ grep '^ltspConfig' | while read attr value ; do
+ # Remove prefix and convert to upper case
+ attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
+ # bass value on to clients
+ eval "$attr=$value; export $attr"
+ done
+ done
+fi
+</pre></blockquote>
+
+<p>I'm not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)</p>
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Åpne trådløsnett er et samfunnsgode</title>
- <link>http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/__pne_tr__dl__snett_er_et_samfunnsgode.html</guid>
- <pubDate>Sat, 12 Jun 2010 12:45:00 +0200</pubDate>
+ <title>jXplorer, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
<description>
-<p>Veldig glad for å oppdage via
-<a href="http://yro.slashdot.org/story/10/06/11/1841256/Finland-To-Legalize-Use-of-Unsecured-Wi-Fi">Slashdot</a>
-at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode.
-Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til
-ferdsel i utmark og retten til å bevege seg i strandsonen. Jeg har
-glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett
-med andre så lenge de ikke forstyrrer min bruk av eget nett.
-Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel
-SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til
-så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte
-slekt og venner, holde seg oppdatert om politiske saker, kontakte
-organisasjoner og politikere, etc), at det for meg er helt urimelig å
-blokkere dette for alle som ikke gjør en flue fortred. De som mener
-at potensialet for misbruk er grunn nok til å hindre all den positive
-og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen
-forståelse for. En kan ikke eksistensen av forbrytere styre hvordan
-samfunnet skal organiseres. Da får en et kontrollsamfunn de færreste
-ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til
-hverandre er høy gjør at samfunnet fungerer ganske godt. Det bør vi
-anstrenge oss for å beholde.</p>
+<p>Since
+<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
+last post</a> about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma. The java application
+<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos. I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet. It is
+<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
+Debian</a> testing and unstable at the moment. The only problem I
+have with it is how it handle errors. If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query. Nothing big, but very annoying.</p>
</description>
</item>
<item>
- <title>Automatic upgrade testing from Lenny to Squeeze</title>
- <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</guid>
- <pubDate>Fri, 11 Jun 2010 22:50:00 +0200</pubDate>
+ <title>MS Word krøller det til for politiet?</title>
+ <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
+ <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>
<description>
-<p>The last few days I have done some upgrade testing in Debian, to
-see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs
-have been discovered and reported in the process
-(<a href="http://bugs.debian.org/585410">#585410</a> in nagios3-cgi,
-<a href="http://bugs.debian.org/584879">#584879</a> already fixed in
-enscript and <a href="http://bugs.debian.org/584861">#584861</a> in
-kdebase-workspace-data), and to get a more regular testing going on, I
-am working on a script to automate the test.</p>
-
-<p>The idea is to create a Lenny chroot and use tasksel to install a
-Gnome or KDE desktop installation inside the chroot before upgrading
-it. To ensure no services are started in the chroot, a policy-rc.d
-script is inserted. To make sure tasksel believe it is to install a
-desktop on a laptop, the tasksel tests are replaced in the chroot
-(only acceptable because this is a throw-away chroot).</p>
-
-<p>A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
-currently always fail because udev refuses to upgrade with the kernel
-in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
-is created. The bug report
-<a href="http://bugs.debian.org/566000">#566000</a> make me suspect
-this problem do not trigger in a chroot, but I touch the file anyway
-to make sure the upgrade go well. Testing on virtual and real
-hardware have failed me because of udev so far, and creating this file
-do the trick in such settings anyway. This is a
-<a href="http://www.linuxquestions.org/questions/debian-26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-804130/">known
-issue</a> and the current udev behaviour is intended by the udev
-maintainer because he lack the resources to rewrite udev to keep
-working with old kernels or something like that. I really wish the
-udev upstream would keep udev backwards compatible, to avoid such
-upgrade problem, but given that they fail to do so, I guess
-documenting the way out of this mess is the best option we got for
-Debian Squeeze.</p>
-
-<p>Anyway, back to the task at hand, testing upgrades. This test
-script, which I call <tt>upgrade-test</tt> for now, is doing the
-trick:</p>
-
-<blockquote><pre>
-#!/bin/sh
-set -ex
-
-if [ "$1" ] ; then
- desktop=$1
-else
- desktop=gnome
-fi
-
-from=lenny
-to=squeeze
-
-exec &lt; /dev/null
-unset LANG
-mirror=http://ftp.skolelinux.org/debian
-tmpdir=chroot-$from-upgrade-$to-$desktop
-fuser -mv .
-debootstrap $from $tmpdir $mirror
-chroot $tmpdir aptitude update
-cat > $tmpdir/usr/sbin/policy-rc.d &lt;&lt;EOF
-#!/bin/sh
-exit 101
-EOF
-chmod a+rx $tmpdir/usr/sbin/policy-rc.d
-exit_cleanup() {
- umount $tmpdir/proc
-}
-mount -t proc proc $tmpdir/proc
-# Make sure proc is unmounted also on failure
-trap exit_cleanup EXIT INT
-
-chroot $tmpdir aptitude -y install debconf-utils
-
-# Make sure tasksel autoselection trigger. It need the test scripts
-# to return the correct answers.
-echo tasksel tasksel/desktop multiselect $desktop | \
- chroot $tmpdir debconf-set-selections
-
-# Include the desktop and laptop task
-for test in desktop laptop ; do
- echo > $tmpdir/usr/lib/tasksel/tests/$test &lt;&lt;EOF
-#!/bin/sh
-exit 2
-EOF
- chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
-done
-
-DEBIAN_FRONTEND=noninteractive
-DEBIAN_PRIORITY=critical
-export DEBIAN_FRONTEND DEBIAN_PRIORITY
-chroot $tmpdir tasksel --new-install
-
-echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
-chroot $tmpdir aptitude update
-touch $tmpdir/etc/udev/kernel-upgrade
-chroot $tmpdir aptitude -y dist-upgrade
-fuser -mv
-</pre></blockquote>
-
-<p>I suspect it would be useful to test upgrades with both apt-get and
-with aptitude, but I have not had time to look at how they behave
-differently so far. I hope to get a cron job running to do the test
-regularly and post the result on the web. The Gnome upgrade currently
-work, while the KDE upgrade fail because of the bug in
-kdebase-workspace-data</p>
-
-<p>I am not quite sure what kind of extract from the huge upgrade logs
-(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog
-post, so I will refrain from trying. I can report that for Gnome,
-aptitude report 760 packages upgraded, 448 newly installed, 129 to
-remove and 1 not upgraded and 1024MB need to be downloaded while for
-KDE the same numbers are 702 packages upgraded, 507 newly installed,
-193 to remove and 0 not upgraded and 1117MB need to be downloaded</p>
-
-<p>I am very happy to notice that the Gnome desktop + laptop upgrade
-is able to migrate to dependency based boot sequencing and parallel
-booting without a hitch. Was unsure if there were still bugs with
-packages failing to clean up their obsolete init.d script during
-upgrades, and no such problem seem to affect the Gnome desktop+laptop
-packages.</p>
+<p>De siste dagene har Aftenposten
+<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a>
+<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a>
+politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
+tekst som skal skrives fra høyre mot venstre når de har laget
+løpeseddel for å be om informasjon fra publikum. Resultatet har vært
+en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når
+teksten har blitt "kopiert inn i programvare som ikke har støtte for
+språk som skrives fra høyre mot venstre", og jeg er ganske sikker på
+at det er snakk om Microsoft Office i dette tilfellet. Er det slik at
+MS Office i norsk språkdrakt ikke har støtte for tekst som skal
+skrives fra høyre mot venstre? Jeg tror alle utgaver av
+OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
+la slik støtte finnes i alle utgaver av et program hvis støtten først
+er utviklet. Aftenpostens melding får meg til å undre om problemet
+ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
+Office.</p>
+
+<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for
+offentlig myndighet?</p>
</description>
</item>
<item>
- <title>Skolelinux er laget for sentraldrifting, naturligvis</title>
- <link>http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</guid>
- <pubDate>Wed, 9 Jun 2010 12:30:00 +0200</pubDate>
+ <title>Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
+ <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
+ <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
<description>
-<p>Det er merkelig hvordan myter om Skolelinux overlever. En slik
-myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte
-tjenermaskiner. I siste Computerworld Norge er
-<a href="http://www.idg.no/computerworld/article169432.ece">IT-sjef
-Viggo Billdal i Steinkjer intervjuet</a>, og forteller uten
-blygsel:</p>
-
-<blockquote><p>Vi hadde Skolelinux, men det har vi sluttet med. Vi testet
-om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at
-Microsoft egentlig var totalt sett bedre egnet. Det var store
-driftskostnader med Skolelinux, blant annet på grunn av
-desentraliserte servere. Det var komplisert, så vi gikk vekk fra det
-og bruker nå bare Windows.</p></blockquote>
-
-<p>En <a
-href="https://init.linpro.no/pipermail/skolelinux.no/bruker/2010-June/009101.html">rask
-sjekk</a> mot den norske brukerlista i Skolelinuxprosjektet forteller
-at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole
-i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen
-overkjørte skolen og krevde at de gikk over til Windows. Et søk på
-nettet sendte meg til
-<a href="http://www.dn.no/multimedia/archive/00090/Dagens_it_nr__18_90826a.pdf">Dagens
-IT nr. 18 2005</a> hvor en kan lese på side 18:</p>
-
-<blockquote><p>Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå
-Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke
-var så stor. Jeg syntes Skolelinux var utrolig lett å drifte uten
-forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse
-til installasjoner og maskinvarefeil, sier Tømmerås.</p></blockquote>
-
-<p>Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet
-over påstanden om at Skolelinux krever desentraliserte tjenere.
-Skolelinux-arkitekturen er laget for sentralisert drift og plassering
-av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet.
-Den er modellert på nettverks- og tjenerløsningen som brukes på
-Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av
-driftstjenester. Dette er det heldigvis noen som har fått med seg, og
-jeg er glad for å kunne sitere fra en kommentar på den overnevnte
-artikkelen. Min venn og gamle kollega Sturle Sunde forteller der:
-
-<blockquote>
-<p>I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til
-meir enn 500 elevar. Dei store skulane har eigen tenar, for det er
-mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser
-sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre
-avhengige av eksterne linjer som er trege eller dyre. Dei minste
-skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje
-noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein
-sentral tenar eller tenaren på ein større skule.</p>
-
-<p>Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje
-harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer
-programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har
-mykje meir CPU og RAM totalt enn nokon moderne tenar til under
-millionen. Det trengst to kommandoar på den sentrale tenaren for å
-oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen
-problem med diskar som ryk heller, som var eit problem før fordi
-elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i
-nettet, so det er fullt mogleg å køyre slike på småskular med trege
-linjer mot tenaren på ein større skule.</p>
-
-<p>Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og
-ein person som tek seg av drift av heile nettet, inkludert tenarar,
-klientar, operativsystem, programvare, heimekontorløysing og
-administrasjon av brukarar.</p>
-
-<p>No skal det seiast at vi ikkje køyrer rein Skulelinux ut av
-boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som
-var der frå før, og som har komplisert installasjonen vår. Etter at
-oppsettet var gjort har løysinga vore stabil og kravd minimalt med
-arbeid.</p>
-</blockquote>
-
-<p>Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux
-sentraldriftes med sentrale tjenere. Det forteller meg at Steinkjers
-IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle
-minner.</p>
+<p>Here is a short update on my <a
+href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
+Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the
+difference for Gnome when it is upgraded by apt-get and aptitude. I'm
+not reporting the status for KDE, because the upgrade crashes when
+aptitude try because of missing conflicts
+(<a href="http://bugs.debian.org/584861">#584861</a> and
+<a href="http://bugs.debian.org/585716">#585716</a>).</p>
+
+<p>At the end of the upgrade test script, dpkg -l is executed to get a
+complete list of the installed packages. Based on this I see these
+differences when I did a test run today. As usual, I do not really
+know what the correct set of packages would be, but thought it best to
+publish the difference.</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
+ libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
+ libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
+ libgtksourceview-common libpt-1.10.10-plugins-alsa
+ libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
+ libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
+ python-4suite-xml python-eggtrayicon python-gtkhtml2
+ python-gtkmozembed svgalibg1 xserver-xephyr zip
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
+ gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
+ libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
+ libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
+ libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
+ libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
+ libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
+ libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
+ libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
+ libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
+ libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
+ libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
+ libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
+ libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
+ libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
+ libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
+ libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
+ libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
+ libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
+ mysql-common swfdec-gnome totem-gstreamer wodim
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ gnome gnome-desktop-environment hamster-applet python-gnomeapplet
+ python-gnomekeyring python-wnck rhythmbox-plugins xorg
+ xserver-xorg-input-all xserver-xorg-input-evdev
+ xserver-xorg-input-kbd xserver-xorg-input-mouse
+ xserver-xorg-input-synaptics xserver-xorg-video-all
+ xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
+ xserver-xorg-video-chips xserver-xorg-video-cirrus
+ xserver-xorg-video-dummy xserver-xorg-video-fbdev
+ xserver-xorg-video-glint xserver-xorg-video-i128
+ xserver-xorg-video-i740 xserver-xorg-video-mach64
+ xserver-xorg-video-mga xserver-xorg-video-neomagic
+ xserver-xorg-video-nouveau xserver-xorg-video-nv
+ xserver-xorg-video-r128 xserver-xorg-video-radeon
+ xserver-xorg-video-radeonhd xserver-xorg-video-rendition
+ xserver-xorg-video-s3 xserver-xorg-video-s3virge
+ xserver-xorg-video-savage xserver-xorg-video-siliconmotion
+ xserver-xorg-video-sis xserver-xorg-video-sisusb
+ xserver-xorg-video-tdfx xserver-xorg-video-tga
+ xserver-xorg-video-trident xserver-xorg-video-tseng
+ xserver-xorg-video-vesa xserver-xorg-video-vmware
+ xserver-xorg-video-voodoo
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+ deskbar-applet xserver-xorg xserver-xorg-core
+ xserver-xorg-input-wacom xserver-xorg-video-intel
+ xserver-xorg-video-openchrome
+</p></blockquote>
+
+<p>I was told on IRC that the xorg-xserver package was
+<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
+in git</a> today to try to get apt-get to not remove xorg completely.
+No idea when it hits Squeeze, but when it does I hope it will reduce
+the difference somewhat.
</description>
</item>
<item>
- <title>Upstart or sysvinit - as init.d scripts see it</title>
- <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</guid>
- <pubDate>Sun, 6 Jun 2010 23:55:00 +0200</pubDate>
+ <title>Caching password, user and group on a roaming Debian laptop</title>
+ <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
+ <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
<description>
-<p>If Debian is to migrate to upstart on Linux, I expect some init.d
-scripts to migrate (some of) their operations to upstart job while
-keeping the init.d for hurd and kfreebsd. The packages with such
-needs will need a way to get their init.d scripts to behave
-differently when used with sysvinit and with upstart. Because of
-this, I had a look at the environment variables set when a init.d
-script is running under upstart, and when it is not.</p>
-
-<p>With upstart, I notice these environment variables are set when a
-script is started from rcS.d/ (ignoring some irrelevant ones like
-COLUMNS):</p>
+<p>For a laptop, centralized user directories and password checking is
+a bit troubling. Laptops are typically used also when not connected
+to the network, and it is vital for a user to be able to log in or
+unlock the screen saver also when a central server is unavailable.
+This is possible by caching passwords and directory information (user
+and group attributes) locally, and the packages to do so are available
+in Debian. Here follow two recipes to set this up in Debian/Squeeze.
+It is also possible to set up in Debian/Lenny, but require more manual
+setup there because pam-auth-update is missing in Lenny.</p>
+
+<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
+
+This is the traditional method with a twist. The password caching is
+provided by libpam-ccreds (version 10-4 or later is needed on
+Squeeze), and the directory caching is done by nscd. The directory
+lookup and password checking is done using LDAP. If one want to use
+Kerberos for password checking the libpam-ldapd package can be
+replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
+local home directory with the path listed in LDAP, one can use the
+pam_mkhomedir module from pam-modules to make this happen instead of
+using libpam-mklocaluser. A setup for pam-auth-update to enable
+pam_mkhomedir will have to be written until a fix for
+<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
+archive. Because I believe it is a bad idea to have local home
+directories using misleading paths like /site/server/partition/, I
+prefer to create a local user with the home directory in /home/. This
+is done using the libpam-mklocaluser package.</p>
+
+<p>These packages need to be installed and configured</p>
<blockquote><pre>
-DEFAULT_RUNLEVEL=2
-previous=N
-PREVLEVEL=
-RUNLEVEL=
-runlevel=S
-UPSTART_EVENTS=startup
-UPSTART_INSTANCE=
-UPSTART_JOB=rc-sysinit
+libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
</pre></blockquote>
-<p>With sysvinit, these environment variables are set for the same
-script.</p>
+<p>The ldapd packages will ask for LDAP connection information, and
+one have to fill in the values that fits ones own site. Make sure the
+PAM part uses encrypted connections, to make sure the password is not
+sent in clear text to the LDAP server. I've been unable to get TLS
+certificate checking for a self signed certificate working, which make
+LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
+is talking to the correct LDAP server), and very much welcome feedback
+on how to get this working.</p>
+
+<p>Because nscd do not have a default configuration fit for offline
+caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
+is fixed, this configuration should be used instead of the one
+currently in /etc/nscd.conf. The changes are in the fields
+reload-count and positive-time-to-live, and is based on the
+instructions I found in the
+<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
+instructions by Flyn Computing.</p>
<blockquote><pre>
-INIT_VERSION=sysvinit-2.88
-previous=N
-PREVLEVEL=N
-RUNLEVEL=S
-runlevel=S
+ debug-level 0
+ reload-count unlimited
+ paranoia no
+
+ enable-cache passwd yes
+ positive-time-to-live passwd 2592000
+ negative-time-to-live passwd 20
+ suggested-size passwd 211
+ check-files passwd yes
+ persistent passwd yes
+ shared passwd yes
+ max-db-size passwd 33554432
+ auto-propagate passwd yes
+
+ enable-cache group yes
+ positive-time-to-live group 2592000
+ negative-time-to-live group 20
+ suggested-size group 211
+ check-files group yes
+ persistent group yes
+ shared group yes
+ max-db-size group 33554432
+ auto-propagate group yes
+
+ enable-cache hosts no
+ positive-time-to-live hosts 2592000
+ negative-time-to-live hosts 20
+ suggested-size hosts 211
+ check-files hosts yes
+ persistent hosts yes
+ shared hosts yes
+ max-db-size hosts 33554432
+
+ enable-cache services yes
+ positive-time-to-live services 2592000
+ negative-time-to-live services 20
+ suggested-size services 211
+ check-files services yes
+ persistent services yes
+ shared services yes
+ max-db-size services 33554432
</pre></blockquote>
-<p>The RUNLEVEL and PREVLEVEL environment variables passed on from
-sysvinit are not set by upstart. Not sure if it is intentional or not
-to not be compatible with sysvinit in this regard.</p>
+<p>While we wait for a mechanism to update /etc/nsswitch.conf
+automatically like the one provided in
+<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
+content need to be manually replaced to ensure LDAP is used as the
+directory service on the machine. /etc/nsswitch.conf should normally
+look like this:</p>
-<p>For scripts needing to behave differently when upstart is used,
-looking for the UPSTART_JOB environment variable seem to be a good
-choice.</p>
+<blockquote><pre>
+passwd: files ldap
+group: files ldap
+shadow: files ldap
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks: files
+protocols: files
+services: files
+ethers: files
+rpc: files
+netgroup: files ldap
+</pre></blockquote>
+
+<p>The important parts are that ldap is listed last for passwd, group,
+shadow and netgroup.</p>
+
+<p>With these changes in place, any user in LDAP will be able to log
+in locally on the machine using for example kdm, get a local home
+directory created and have the password as well as user and group
+attributes cached.
+
+<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
+ libpam-mklocaluser/pam_mkhomedir</h2>
+
+<p>Because nscd have had its share of problems, and seem to have
+problems doing proper caching, I've seen suggestions and recipes to
+use nss-updatedb to copy parts of the LDAP database locally when the
+LDAP database is available. I have not tested such setup, because I
+discovered sssd.</p>
+
+<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
+
+<p>A more flexible and robust setup than the nscd combination
+mentioned earlier that has shown up recently, is the
+<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
+It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
+to provide a Active Directory like directory service for Linux
+machines. The sssd system combines the caching of passwords and user
+information into one package, and remove the need for nscd and
+libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
+1.2 do not support netgroups, but it is said that it will support this
+in version 1.5 expected to show up later in 2010. Because the
+<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
+was missing in Debian, I ended up co-maintaining it with Werner, and
+version 1.2 is now in testing.
+
+<p>These packages need to be installed and configured to get the
+roaming setup I want</p>
+
+<blockquote><pre>
+libpam-sss libnss-sss libpam-mklocaluser
+</pre></blockquote>
+
+The complete setup of sssd is done by editing/creating
+<tt>/etc/sssd/sssd.conf</tt>.
+
+<blockquote><pre>
+[sssd]
+config_file_version = 2
+reconnection_retries = 3
+sbus_timeout = 30
+services = nss, pam
+domains = INTERN
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/INTERN]
+enumerate = false
+cache_credentials = true
+
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ldap://ldap
+ldap_search_base = dc=skole,dc=skolelinux,dc=no
+ldap_tls_reqcert = never
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
+</pre></blockquote>
+
+<p>I got the same problem here with certificate checking. Had to set
+"ldap_tls_reqcert = never" to get it working.</p>
+
+<p>With the libnss-sss package in testing at the moment, the
+nsswitch.conf file is update automatically, so there is no need to
+modify it manually.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>A manual for standards wars...</title>
- <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</guid>
- <pubDate>Sun, 6 Jun 2010 14:15:00 +0200</pubDate>
+ <title>LUMA, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
<description>
-<p>Via the
-<a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/QzU4RgoAGMg/weekly-links-10.html">blog
-of Rob Weir</a> I came across the very interesting essay named
-<a href="http://faculty.haas.berkeley.edu/shapiro/wars.pdf">The Art of
-Standards Wars</a> (PDF 25 pages). I recommend it for everyone
-following the standards wars of today.</p>
+<p>The last few days I have been looking into the status of the LDAP
+directory in Debian Edu, and in the process I started to miss a GUI
+tool to browse the LDAP tree. The only one I was able to find in
+Debian/Squeeze and Lenny is
+<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to
+be a great tool to get a overview of the current LDAP directory
+populated by default in Skolelinux. Thanks to it, I have been able to
+find empty and obsolete subtrees, misplaced objects and duplicate
+objects. It will be installed by default in Debian/Squeeze. If you
+are working with LDAP, give it a go. :)</p>
+
+<p>I did notice one problem with it I have not had time to report to
+the BTS yet. There is no .desktop file in the package, so the tool do
+not show up in the Gnome and KDE menus, but only deep down in in the
+Debian submenu in KDE. I hope that can be fixed before Squeeze is
+released.</p>
+
+<p>I have not yet been able to get it to modify the tree yet. I would
+like to move objects and remove subtrees directly in the GUI, but have
+not found a way to do that with LUMA yet. So in the mean time, I use
+<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p>
+
+<p>If you have tips on other GUI tools for LDAP that might be useful
+in Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-06-29: Ross Reedstrom tipped us about the
+<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a
+useful GUI alternative. It seem like a good tool, but is unmaintained
+in Debian and got a RC bug keeping it out of Squeeze. Unless that
+changes, it will not be an option for Debian Edu based on Squeeze.</p>
</description>
</item>
<item>
- <title>Sitesummary tip: Listing computer hardware models used at site</title>
- <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</guid>
- <pubDate>Thu, 3 Jun 2010 12:05:00 +0200</pubDate>
+ <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+ <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
<description>
-<p>When using sitesummary at a site to track machines, it is possible
-to get a list of the machine types in use thanks to the DMI
-information extracted from each machine. The script to do so is
-included in the sitesummary package, and here is example output from
-the Skolelinux build servers:</p>
-
-<blockquote><pre>
-maintainer:~# /usr/lib/sitesummary/hardware-model-summary
- vendor count
- Dell Computer Corporation 1
- PowerEdge 1750 1
- IBM 1
- eserver xSeries 345 -[8670M1X]- 1
- Intel 2
- [no-dmi-info] 3
-maintainer:~#
-</pre></blockquote>
-
-<p>The quality of the report depend on the quality of the DMI tables
-provided in each machine. Here there are Intel machines without model
-information listed with Intel as vendor and mo model, and virtual Xen
-machines listed as [no-dmi-info]. One can add -l as a command line
-option to list the individual machines.</p>
-
-<p>A larger list is
-<a href="http://narvikskolen.no/sitesummary/">available from the the
-city of Narvik</a>, which uses Skolelinux on all their shools and also
-provide the basic sitesummary report publicly. In their report there
-are ~1400 machines. I know they use both Ubuntu and Skolelinux on
-their machines, and as sitesummary is available in both distributions,
-it is trivial to get all of them to report to the same central
-collector.</p>
+<p>A while back, I
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
+about the fact</a> that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.</p>
+
+<p>In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.</p>
+
+<p>If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.</p>
+
+<p>Anyway, for future reference, this is how I believe we could change
+the
+<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
+schema</a> to solve at least part of the problem with the LDAP schemas
+available today from IETF.</p>
+
+<pre>
+--- dhcp.schema (revision 65192)
++++ dhcp.schema (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+- SUP top
++ SUP top AUXILIARY
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+</pre>
+
+<p>I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Togsatsing på norsk, mot sykkel</title>
- <link>http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</guid>
- <pubDate>Wed, 2 Jun 2010 23:45:00 +0200</pubDate>
+ <title>Calling tasksel like the installer, while still getting useful output</title>
+ <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
+ <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
<description>
-<p>Det står dårlig til med toget når en finner på å la det
-<a href="http://www.aftenposten.no/nyheter/iriks/article3677060.ece">kappkjøre
-med sykkel</a>... Jeg tror det trengs strukturendringer for å få
-fikset på togproblemene i Norge.</p>
+<p>A few times I have had the need to simulate the way tasksel
+installs packages during the normal debian-installer run. Until now,
+I have ended up letting tasksel do the work, with the annoying problem
+of not getting any feedback at all when something fails (like a
+conffile question from dpkg or a download that fails), using code like
+this:
-<p>Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags
-effekt på området der?</p>
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+</pre></blockquote>
+
+This would invoke tasksel, let its automatic task selection pick the
+tasks to install, and continue to install the requested tasks without
+any output what so ever.
+
+Recently I revisited this problem while working on the automatic
+package upgrade testing, because tasksel would some times hang without
+any useful feedback, and I want to see what is going on when it
+happen. Then it occured to me, I can parse the output from tasksel
+when asked to run in test mode, and use that aptitude command line
+printed by tasksel then to simulate the tasksel run. I ended up using
+code like this:
+
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
+$cmd
+</pre></blockquote>
+
+<p>The content of $cmd is typically something like "<tt>aptitude -q
+--without-recommends -o APT::Install-Recommends=no -y install
+~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
+~pimportant</tt>", which will install the gnome desktop task, the
+laptop task and all packages with priority standard , required and
+important, just like tasksel would have done it during
+installation.</p>
+
+<p>A better approach is probably to extend tasksel to be able to
+install packages without using debconf-apt-progress, for use cases
+like this.</p>
</description>
</item>
<item>
- <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
- <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
- <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
+ <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
+ <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
+ <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>
<description>
-<p>It is strange to watch how a bug in Debian causing KDM to fail to
-start at boot when an NVidia video card is used is handled. The
-problem seem to be that the nvidia X.org driver uses a long time to
-initialize, and this duration is longer than kdm is configured to
-wait.</p>
-
-<p>I came across two bugs related to this issue,
-<a href="http://bugs.debian.org/583312">#583312</a> initially filed
-against initscripts and passed on to nvidia-glx when it became obvious
-that the nvidia drivers were involved, and
-<a href="http://bugs.debian.org/524751">#524751</a> initially filed against
-kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.</p>
-
-<p>To me, it seem that no-one is interested in actually solving the
-problem nvidia video card owners experience and make sure the Debian
-distribution work out of the box for these users. The nvidia driver
-maintainers expect kdm to be set up to wait longer, while kdm expect
-the nvidia driver maintainers to fix the driver to start faster, and
-while they wait for each other I guess the users end up switching to a
-distribution that work for them. I have no idea what the solution is,
-but I am pretty sure that waiting for each other is not it.</p>
-
-<p>I wonder why we end up handling bugs this way.</p>
+<p><a href="http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/">Dagbladet
+melder</a> at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
+Norge for tiden, har bestemt seg for med vitende og vilje å bryte
+sentralbanklovens paragraf 14 ved å nekte folk å betale med
+kontanter, og at flere butikker planlegger å følge deres eksempel.
+Jeg synes det er hårreisende hvis de slipper unna med et slikt
+soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
+jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med
+kontanter selv, da jeg anser det som en borgerrett å kunne handle
+anonymt uten at det blir registrert. For meg er det et angrep på mitt
+personvern å nekte å ta imot kontant betaling.</p>
+
+<p><a href="http://www.lovdata.no/all/tl-19850524-028-003.html#14">Paragrafen
+i sentralbankloven</a> lyder:</p>
+
+<blockquote>
+<p>§ 14. Tvungent betalingsmiddel</p>
+
+<p>Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
+er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
+hver enhet.</p>
+
+<p>Sterkt skadde sedler og mynter er ikke tvungent
+betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
+bortkomne, brente eller skadde sedler og mynter.</p>
+
+<p>Selv om en avtale inneholder klausul om betaling av en
+pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
+betalingsmidler uten hensyn til denne klausul.</p>
+</blockquote>
+
+<p>Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
+kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må
+håndheves strengt.</p>
</description>
</item>
<item>
- <title>Parallellized boot seem to hold up well in Debian/testing</title>
- <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</guid>
- <pubDate>Thu, 27 May 2010 23:55:00 +0200</pubDate>
+ <title>Officeshots taking shape</title>
+ <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
+ <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>
<description>
-<p>A few days ago, parallel booting was enabled in Debian/testing.
-The feature seem to hold up pretty well, but three fairly serious
-issues are known and should be solved:
-
-<p><ul>
-
-<li>The wicd package seen to
-<a href="http://bugs.debian.org/508289">break NFS mounting</a> and
-<a href="http://bugs.debian.org/581586">network setup</a> when
-parallel booting is enabled. No idea why, but the wicd maintainer
-seem to be on the case.</li>
-
-<li>The nvidia X driver seem to
-<a href="http://bugs.debian.org/583312">have a race condition</a>
-triggered more easily when parallel booting is in effect. The
-maintainer is on the case.</li>
-
-<li>The sysv-rc package fail to properly enable dependency based boot
-sequencing (the shutdown is broken) when old file-rc users
-<a href="http://bugs.debian.org/575080">try to switch back</a> to
-sysv-rc. One way to solve it would be for file-rc to create
-/etc/init.d/.legacy-bootordering, and another is to try to make
-sysv-rc more robust. Will investigate some more and probably upload a
-workaround in sysv-rc to help those trying to move from file-rc to
-sysv-rc get a working shutdown.</li>
-
-</ul></p>
-
-<p>All in all not many surprising issues, and all of them seem
-solvable before Squeeze is released. In addition to these there are
-some packages with bugs in their dependencies and run level settings,
-which I expect will be fixed in a reasonable time span.</p>
-
-<p>If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
-list of usertagged bugs related to this</a>.</p>
-
-<p>Update: Correct bug number to file-rc issue.</p>
+<p>For those of us caring about document exchange and
+interoperability, <a href="http://www.officeshots.org/">OfficeShots</a>
+is a great service. It is to ODF documents what
+<a href="http://browsershots.org/">BrowserShots</a> is for web
+pages.</p>
+
+<p>A while back, I was contacted by Knut Yrvin at the part of Nokia
+that used to be Trolltech, who wanted to help the OfficeShots project
+and wondered if the University of Oslo where I work would be
+interested in supporting the project. I helped him to navigate his
+request to the right people at work, and his request was answered with
+a spot in the machine room with power and network connected, and Knut
+arranged funding for a machine to fill the spot. The machine is
+administrated by the OfficeShots people, so I do not have daily
+contact with its progress, and thus from time to time check back to
+see how the project is doing.</p>
+
+<p>Today I had a look, and was happy to see that the Dell box in our
+machine room now is the host for several virtual machines running as
+OfficeShots factories, and the project is able to render ODF documents
+in 17 different document processing implementation on Linux and
+Windows. This is great.</p>
</description>
</item>
projects / homepage.git / blobdiff