X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/c6843e8ebe94cbe6bb66c2ab3045a69fba681de1..d6886f7be80b96366e231e17e1aba1aa839e969e:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 7f47311a63..12d04c8d16 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,586 +20,738 @@
-
Parallellized boot seem to hold up well in Debian/testing
-
2010-05-27 23:55
+
LUMA, a very nice LDAP GUI
+
2010-06-28 00:30
-

A few days ago, parallel booting was enabled in Debian/testing. -The feature seem to hold up pretty well, but three fairly serious -issues are known and should be solved: - -

- -

All in all not many surprising issues, and all of them seem -solvable before Squeeze is released. In addition to these there are -some packages with bugs in their dependencies and run level settings, -which I expect will be fixed in a reasonable time span.

- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

The last few days I have been looking into the status of the LDAP +directory in Debian Edu, and in the process I started to miss a GUI +tool to browse the LDAP tree. The only one I was able to find in +Debian/Squeeze and Lenny is +LUMA, which has proved to +be a great tool to get a overview of the current LDAP directory +populated by default in Skolelinux. Thanks to it, I have been able to +find empty and obsolete subtrees, misplaced objects and duplicate +objects. It will be installed by default in Debian/Squeeze. If you +are working with LDAP, give it a go. :)

+ +

I did notice one problem with it I have not had time to report to +the BTS yet. There is no .desktop file in the package, so the tool do +not show up in the Gnome and KDE menus, but only deep down in in the +Debian submenu in KDE. I hope that can be fixed before Squeeze is +released.

+ +

I have not yet been able to get it to modify the tree yet. I would +like to move objects and remove subtrees directly in the GUI, but have +not found a way to do that with LUMA yet. So in the mean time, I use +ldapvi for that.

+ +

If you have tips on other GUI tools for LDAP that might be useful +in Debian Edu, please contact us on debian-edu@lists.debian.org.

- Tags: debian, debian edu, english. + Tags: debian, debian edu, english, ldap, nuug.
-
More flexible firmware handling in debian-installer
-
2010-05-22 21:30
+
Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
+
2010-06-24 00:35
-

After a long break from debian-installer development, I finally -found time today to return to the project. Having to spend less time -working dependency based boot in debian, as it is almost complete now, -definitely helped freeing some time.

- -

A while back, I ran into a problem while working on Debian Edu. We -include some firmware packages on the Debian Edu CDs, those needed to -get disk and network controllers working. Without having these -firmware packages available during installation, it is impossible to -install Debian Edu on the given machine, and because our target group -are non-technical people, asking them to provide firmware packages on -an external medium is a support pain. Initially, I expected it to be -enough to include the firmware packages on the CD to get -debian-installer to find and use them. This proved to be wrong. -Next, I hoped it was enough to symlink the relevant firmware packages -to some useful location on the CD (tried /cdrom/ and -/cdrom/firmware/). This also proved to not work, and at this point I -found time to look at the debian-installer code to figure out what was -going to work.

- -

The firmware loading code is in the hw-detect package, and a closer -look revealed that it would only look for firmware packages outside -the installation media, so the CD was never checked for firmware -packages. It would only check USB sticks, floppies and other -"external" media devices. Today I changed it to also look in the -/cdrom/firmware/ directory on the mounted CD or DVD, which should -solve the problem I ran into with Debian edu. I also changed it to -look in /firmware/, to make sure the installer also find firmware -provided in the initrd when booting the installer via PXE, to allow us -to provide the same feature in the PXE setup included in Debian -Edu.

- -

To make sure firmware deb packages with a license questions are not -activated without asking if the license is accepted, I extended -hw-detect to look for preinst scripts in the firmware packages, and -run these before activating the firmware during installation. The -license question is asked using debconf in the preinst, so this should -solve the issue for the firmware packages I have looked at so far.

- -

If you want to discuss the details of these features, please -contact us on debian-boot@lists.debian.org.

+

A while back, I +complained +about the fact that it is not possible with the provided schemas +for storing DNS and DHCP information in LDAP to combine the two sets +of information into one LDAP object representing a computer.

+ +

In the mean time, I discovered that a simple fix would be to make +the dhcpHost object class auxiliary, to allow it to be combined with +the dNSDomain object class, and thus forming one object for one +computer when storing both DHCP and DNS information in LDAP.

+ +

If I understand this correctly, it is not safe to do this change +without also changing the assigned number for the object class, and I +do not know enough about LDAP schema design to do that properly for +Debian Edu.

+ +

Anyway, for future reference, this is how I believe we could change +the +DHCP +schema to solve at least part of the problem with the LDAP schemas +available today from IETF.

+ +
+--- dhcp.schema    (revision 65192)
++++ dhcp.schema    (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+        NAME 'dhcpHost'
+        DESC 'This represents information about a particular client'
+-       SUP top
++       SUP top AUXILIARY
+        MUST cn
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+ +

I very much welcome clues on how to do this properly for Debian +Edu/Squeeze. We provide the DHCP schema in our debian-edu-config +package, and should thus be free to rewrite it as we see fit.

+ +

If you want to help out with implementing this for Debian Edu, +please contact us on debian-edu@lists.debian.org.

- Tags: debian, debian edu, english. + Tags: debian, debian edu, english, ldap, nuug.
-
Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
-
2010-05-21 16:00
+
Calling tasksel like the installer, while still getting useful output
+
2010-06-16 14:55
-

For en stund tilbake kjøpte jeg en magnetkortleser for å kunne -titte på hva som er skrevet inn på magnetstripene til ulike kort. Har -ikke hatt tid til å analysere mange kort så langt, men tenkte jeg -skulle dele innholdet på to kort med mine lesere.

- -

For noen dager siden tok jeg flyet til Harstad og Hurtigruten til -Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med -magnetstripe. Påtrykket finner jeg følgende informasjon:

- -
-Flytoget Airport Express Train
-
-Fra - Til        : Oslo Sentralstasjon
-Kategori         : Voksen
-Pris             : Nok 170,00
-Herav mva. 8,00% : NOK 12,59
-Betaling         : Kontant
-Til - Fra        : Oslo Lufthavn
-Utstedt:         : 08.05.10
-Gyldig Fra-Til   : 08.05.10-07.11.10
-Billetttype      : Enkeltbillett
-
-102-1015-100508-48382-01-08
-
+

A few times I have had the need to simulate the way tasksel +installs packages during the normal debian-installer run. Until now, +I have ended up letting tasksel do the work, with the annoying problem +of not getting any feedback at all when something fails (like a +conffile question from dpkg or a download that fails), using code like +this: -

På selve magnetstripen er innholdet -;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?. -Aner ikke hva innholdet representerer, og det er lite overlapp mellom -det jeg ser trykket på billetten og det jeg ser av tegn i -magnetstripen. Håper det betyr at de bruker kryptografiske metoder -for å gjøre det vanskelig å forfalske billetter.

+
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+
-

Den andre billetten er fra Hurtigruten, der jeg mistenker at -strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert -fall den biten vi stakk inn i dørlåsen).

+This would invoke tasksel, let its automatic task selection pick the +tasks to install, and continue to install the requested tasks without +any output what so ever. -

Påtrykket forsiden er følgende:

+Recently I revisited this problem while working on the automatic +package upgrade testing, because tasksel would some times hang without +any useful feedback, and I want to see what is going on when it +happen. Then it occured to me, I can parse the output from tasksel +when asked to run in test mode, and use that aptitude command line +printed by tasksel then to simulate the tasksel run. I ended up using +code like this: -
-Romnummer 727
-Hurtigruten
-Midnatsol
-Reinholdtsen
-Petter
-Bookingno: SAX69   0742193
-Harstad-Bergen
-Dep: 09.05.2010 Arr: 12.05.2010
-Lugar fra Risøyhamn
-Kost: FRO=4
-
+
+export DEBIAN_FRONTEND=noninteractive
+cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
+$cmd
+
-

På selve magnetstripen er innholdet -;1316010007421930=00000000000000000000?+E?. Heller ikke her -ser jeg mye korrespondanse mellom påtrykk og magnetstripe.

+

The content of $cmd is typically something like "aptitude -q +--without-recommends -o APT::Install-Recommends=no -y install +~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired +~pimportant", which will install the gnome desktop task, the +laptop task and all packages with priority standard , required and +important, just like tasksel would have done it during +installation.

+ +

A better approach is probably to extend tasksel to be able to +install packages without using debconf-apt-progress, for use cases +like this.

- Tags: norsk, nuug, sikkerhet. + Tags: debian, english, nuug.
-
Pieces of the roaming laptop puzzle in Debian
-
2010-05-19 19:00
+
Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme
+
2010-06-16 11:00
-

Today, the last piece of the puzzle for roaming laptops in Debian -Edu finally entered the Debian archive. Today, the new -libpam-mklocaluser -package was accepted. Two days ago, two other pieces was accepted -into unstable. The -pam-python -package needed by libpam-mklocaluser, and the -sssd package -passed NEW on Monday. In addition, the -libpam-ccreds -package we need is in experimental (version 10-4) since Saturday, and -hopefully will be moved to unstable soon.

- -

This collection of packages allow for two different setups for -roaming laptops. The traditional setup would be using libpam-ccreds, -nscd and libpam-mklocaluser with LDAP or Kerberos authentication, -which should work out of the box if the configuration changes proposed -for nscd in BTS report -#485282 is implemented. The alternative setup is to use sssd with -libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take -care of the caching of passwords and group information.

- -

I have so far been unable to get sssd to work with the LDAP server -at the University, but suspect the issue is some SSL/GnuTLS related -problem with the server certificate. I plan to update the Debian -package to version 1.2, which is scheduled for next week, and hope to -find time to make sure the next release will include both the -Debian/Ubuntu specific patches. Upstream is friendly and responsive, -and I am sure we will find a good solution.

- -

The idea is to set up the roaming laptops to authenticate using -LDAP or Kerberos and create a local user with home directory in /home/ -when a usre in LDAP logs in via KDM or GDM for the first time, and -cache the password for offline checking, as well as caching group -memberhips and other relevant LDAP information. The -libpam-mklocaluser package was created to make sure the local home -directory is in /home/, instead of /site/server/directory/ which would -be the home directory if pam_mkhomedir was used. To avoid confusion -with support requests and configuration, we do not want local laptops -to have users in a path that is used for the same users home directory -on the home directory servers.

- -

One annoying problem with gdm is that it do not show the PAM -message passed to the user from libpam-mklocaluser when the local user -is created. Instead gdm simply reject the login with some generic -message. The message is shown in kdm, ssh and login, so I guess it is -a bug in gdm. Have not investigated if there is some other message -type that can be used instead to get gdm to also show the message.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Dagbladet +melder at Vinmonopolet med bakgrunn i vekterstreiken som pågår i +Norge for tiden, har bestemt seg for med vitende og vilje å bryte +sentralbanklovens paragraf 14 ved å nekte folk å betale med +kontanter, og at flere butikker planlegger å følge deres eksempel. +Jeg synes det er hårreisende hvis de slipper unna med et slikt +soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis +jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med +kontanter selv, da jeg anser det som en borgerrett å kunne handle +anonymt uten at det blir registrert. For meg er det et angrep på mitt +personvern å nekte å ta imot kontant betaling.

+ +

Paragrafen +i sentralbankloven lyder:

+ +
+

§ 14. Tvungent betalingsmiddel

+ +

Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen +er pliktig til i én betaling å ta imot mer enn femogtyve mynter av +hver enhet.

+ +

Sterkt skadde sedler og mynter er ikke tvungent +betalingsmiddel. Banken gir nærmere forskrifter om erstatning for +bortkomne, brente eller skadde sedler og mynter.

+ +

Selv om en avtale inneholder klausul om betaling av en +pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne +betalingsmidler uten hensyn til denne klausul.

+
+ +

Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot +kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må +håndheves strengt.

- Tags: debian edu, english, nuug. + Tags: norsk, personvern.
-
Parallellized boot is now the default in Debian/unstable
-
2010-05-14 22:40
+
Officeshots taking shape
+
2010-06-13 11:40
-

Since this evening, parallel booting is the default in -Debian/unstable for machines using dependency based boot sequencing. -Apparently the testing of concurrent booting has been wider than -expected, if I am to believe the -input -on debian-devel@, and I concluded a few days ago to move forward -with the feature this weekend, to give us some time to detect any -remaining problems before Squeeze is frozen. If serious problems are -detected, it is simple to change the default back to sequential boot. -The upload of the new sysvinit package also activate a new upstream -version.

- -More information about -dependency -based boot sequencing is available from the Debian wiki. It is -currently possible to disable parallel booting when one run into -problems caused by it, by adding this line to /etc/default/rcS:

- -
-CONCURRENCY=none
-
- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

For those of us caring about document exchange and +interoperability, OfficeShots +is a great service. It is to ODF documents what +BrowserShots is for web +pages.

+ +

A while back, I was contacted by Knut Yrvin at the part of Nokia +that used to be Trolltech, who wanted to help the OfficeShots project +and wondered if the University of Oslo where I work would be +interested in supporting the project. I helped him to navigate his +request to the right people at work, and his request was answered with +a spot in the machine room with power and network connected, and Knut +arranged funding for a machine to fill the spot. The machine is +administrated by the OfficeShots people, so I do not have daily +contact with its progress, and thus from time to time check back to +see how the project is doing.

+ +

Today I had a look, and was happy to see that the Dell box in our +machine room now is the host for several virtual machines running as +OfficeShots factories, and the project is able to render ODF documents +in 17 different document processing implementation on Linux and +Windows. This is great.

- Tags: debian, debian edu, english. + Tags: english, standard.
-
Sitesummary tip: Listing MAC address of all clients
-
2010-05-14 21:10
+
Lenny->Squeeze upgrades, removals by apt and aptitude
+
2010-06-13 09:05
-

In the recent Debian Edu versions, the -sitesummary -system is used to keep track of the machines in the school -network. Each machine will automatically report its status to the -central server after boot and once per night. The network setup is -also reported, and using this information it is possible to get the -MAC address of all network interfaces in the machines. This is useful -to update the DHCP configuration.

- -

To give some idea how to use sitesummary, here is a one-liner to -ist all MAC addresses of all machines reporting to sitesummary. Run -this on the collector host:

- -
-perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
-
+

My +testing +of Debian upgrades from Lenny to Squeeze continues, and I've +finally made the upgrade logs available from +http://people.skolelinux.org/pere/debian-upgrade-testing/. +I am now testing dist-upgrade of Gnome and KDE in a chroot using both +apt and aptitude, and found their differences interesting. This time +I will only focus on their removal plans.

+ +

After installing a Gnome desktop and the laptop task, apt-get wants +to remove 72 packages when dist-upgrading from Lenny to Squeeze. The +surprising part is that it want to remove xorg and all +xserver-xorg-video* drivers. Clearly not a good choice, but I am not +sure why. When asking aptitude to do the same, it want to remove 129 +packages, but most of them are library packages I suspect are no +longer needed. Both of them want to remove bluetooth packages, which +I do not know. Perhaps these bluetooth packages are obsolete?

+ +

For KDE, apt-get want to remove 82 packages, among them kdebase +which seem like a bad idea and xorg the same way as with Gnome. Asking +aptitude for the same, it wants to remove 192 packages, none which are +too surprising.

+ +

I guess the removal of xorg during upgrades should be investigated +and avoided, and perhaps others as well. Here are the complete list +of planned removals. The complete logs is available from the URL +above. Note if you want to repeat these tests, that the upgrade test +for kde+apt-get hung in the tasksel setup because of dpkg asking +conffile questions. No idea why. I worked around it by using +'echo >> /proc/pidofdpkg/fd/0' to tell dpkg to +continue.

+ +

apt-get gnome 72 +
bluez-gnome cupsddk-drivers deskbar-applet gnome + gnome-desktop-environment gnome-network-admin gtkhtml3.14 + iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0 + libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0 + nautilus-cd-burner python-gnome2-desktop python-gnome2-extras + serpentine swfdec-mozilla update-manager xorg xserver-xorg + xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev + xserver-xorg-input-kbd xserver-xorg-input-mouse + xserver-xorg-input-synaptics xserver-xorg-input-wacom + xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark + xserver-xorg-video-ati xserver-xorg-video-chips + xserver-xorg-video-cirrus xserver-xorg-video-cyrix + xserver-xorg-video-dummy xserver-xorg-video-fbdev + xserver-xorg-video-glint xserver-xorg-video-i128 + xserver-xorg-video-i740 xserver-xorg-video-imstt + xserver-xorg-video-intel xserver-xorg-video-mach64 + xserver-xorg-video-mga xserver-xorg-video-neomagic + xserver-xorg-video-nsc xserver-xorg-video-nv + xserver-xorg-video-openchrome xserver-xorg-video-r128 + xserver-xorg-video-radeon xserver-xorg-video-radeonhd + xserver-xorg-video-rendition xserver-xorg-video-s3 + xserver-xorg-video-s3virge xserver-xorg-video-savage + xserver-xorg-video-siliconmotion xserver-xorg-video-sis + xserver-xorg-video-sisusb xserver-xorg-video-tdfx + xserver-xorg-video-tga xserver-xorg-video-trident + xserver-xorg-video-tseng xserver-xorg-video-v4l + xserver-xorg-video-vesa xserver-xorg-video-vga + xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9 + xulrunner-1.9-gnome-support

+ +

aptitude gnome 129 + +
bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd + djvulibre-desktop finger gnome-app-install gnome-mount + gnome-network-admin gnome-spell gnome-vfs-obexftp + gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2 + libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2 + libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0 + libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20 + libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common + libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common + libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 + libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0 + libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common + libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0 + libgtksourceview-common libgtksourceview1.0-0 libgucharmap6 + libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10 + libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off + libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2 + libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10 + libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8 + libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1 + libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10 + libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0 + libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6 + libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner + openoffice.org-writer2latex openssl-blacklist p7zip + python-4suite-xml python-eggtrayicon python-gnome2-desktop + python-gnome2-extras python-gtkhtml2 python-gtkmozembed + python-numeric python-sexy serpentine svgalibg1 swfdec-gnome + swfdec-mozilla totem-gstreamer update-manager wodim + xserver-xorg-video-cyrix xserver-xorg-video-imstt + xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga + zip

+ +

apt-get kde 82 + +
cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core + kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3 + kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker + kicker-applets knewsticker kolourpaint konq-plugins konqueror korn + kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1 + libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg + xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev + xserver-xorg-input-kbd xserver-xorg-input-mouse + xserver-xorg-input-synaptics xserver-xorg-input-wacom + xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark + xserver-xorg-video-ati xserver-xorg-video-chips + xserver-xorg-video-cirrus xserver-xorg-video-cyrix + xserver-xorg-video-dummy xserver-xorg-video-fbdev + xserver-xorg-video-glint xserver-xorg-video-i128 + xserver-xorg-video-i740 xserver-xorg-video-imstt + xserver-xorg-video-intel xserver-xorg-video-mach64 + xserver-xorg-video-mga xserver-xorg-video-neomagic + xserver-xorg-video-nsc xserver-xorg-video-nv + xserver-xorg-video-openchrome xserver-xorg-video-r128 + xserver-xorg-video-radeon xserver-xorg-video-radeonhd + xserver-xorg-video-rendition xserver-xorg-video-s3 + xserver-xorg-video-s3virge xserver-xorg-video-savage + xserver-xorg-video-siliconmotion xserver-xorg-video-sis + xserver-xorg-video-sisusb xserver-xorg-video-tdfx + xserver-xorg-video-tga xserver-xorg-video-trident + xserver-xorg-video-tseng xserver-xorg-video-v4l + xserver-xorg-video-vesa xserver-xorg-video-vga + xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9

+ +

aptitude kde 192 +
bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd + djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext + ghostscript-x imlib-base imlib11 indi kandy karm kasteroids + kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat + kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window + kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data + kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data + kdemultimedia-kfile-plugins kdenetwork-kfile-plugins + kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh + kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs + kghostview khelpcenter khexedit kiconedit kitchensync klatin + klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint + kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler + krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver + ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos + kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock + kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile + libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1 + libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2 + libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0 + libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0 + libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0 + libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1 + libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2 + libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1 + libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a + libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9 + libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2 + libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools + libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java + libxerces2-java-gcj libxtrap6 mpeglib networkstatus + openoffice.org-writer2latex pmount poster psutils quanta quanta-data + superkaramba svgalibg1 tex-common texlive-base texlive-base-bin + texlive-common texlive-doc-base texlive-fonts-recommended + xserver-xorg-video-cyrix xserver-xorg-video-imstt + xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga + xulrunner-1.9

-

This will list all MAC addresses assosiated with all machine, one -line per machine and with space between the MAC addresses.

- -

To allow system administrators easier job at adding static DHCP -addresses for hosts, it would be possible to extend this to fetch -machine information from sitesummary and update the DHCP and DNS -tables in LDAP using this information. Such tool is unfortunately not -written yet.

- Tags: debian, debian edu, english, sitesummary. + Tags: debian, debian edu, english.
-
systemd, an interesting alternative to upstart
-
2010-05-13 22:20
+
Åpne trådløsnett er et samfunnsgode
+
2010-06-12 12:45
-

The last few days a new boot system called -systemd -has been -introduced - -to the free software world. I have not yet had time to play around -with it, but it seem to be a very interesting alternative to -upstart, and might prove to be -a good alternative for Debian when we are able to switch to an event -based boot system. Tollef is -in the process of getting -systemd into Debian, and I look forward to seeing how well it work. I -like the fact that systemd handles init.d scripts with dependency -information natively, allowing them to run in parallel where upstart -at the moment do not.

- -

Unfortunately do systemd have the same problem as upstart regarding -platform support. It only work on recent Linux kernels, and also need -some new kernel features enabled to function properly. This means -kFreeBSD and Hurd ports of Debian will need a port or a different boot -system. Not sure how that will be handled if systemd proves to be the -way forward.

- -

In the mean time, based on the -input -on debian-devel@ regarding parallel booting in Debian, I have -decided to enable full parallel booting as the default in Debian as -soon as possible (probably this weekend or early next week), to see if -there are any remaining serious bugs in the init.d dependencies. A -new version of the sysvinit package implementing this change is -already in experimental. If all go well, Squeeze will be released -with parallel booting enabled by default.

+

Veldig glad for å oppdage via +Slashdot +at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode. +Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til +ferdsel i utmark og retten til å bevege seg i strandsonen. Jeg har +glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett +med andre så lenge de ikke forstyrrer min bruk av eget nett. +Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel +SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til +så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte +slekt og venner, holde seg oppdatert om politiske saker, kontakte +organisasjoner og politikere, etc), at det for meg er helt urimelig å +blokkere dette for alle som ikke gjør en flue fortred. De som mener +at potensialet for misbruk er grunn nok til å hindre all den positive +og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen +forståelse for. En kan ikke eksistensen av forbrytere styre hvordan +samfunnet skal organiseres. Da får en et kontrollsamfunn de færreste +ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til +hverandre er høy gjør at samfunnet fungerer ganske godt. Det bør vi +anstrenge oss for å beholde.

- Tags: debian, english, nuug. + Tags: fildeling, norsk, nuug, opphavsrett, personvern, sikkerhet.
-
Parallellizing the boot in Debian Squeeze - ready for wider testing
-
2010-05-06 23:25
+
Automatic upgrade testing from Lenny to Squeeze
+
2010-06-11 22:50
-

These days, the init.d script dependencies in Squeeze are quite -complete, so complete that it is actually possible to run all the -init.d scripts in parallell based on these dependencies. If you want -to test your Squeeze system, make sure -dependency -based boot sequencing is enabled, and add this line to -/etc/default/rcS:

+

The last few days I have done some upgrade testing in Debian, to +see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs +have been discovered and reported in the process +(#585410 in nagios3-cgi, +#584879 already fixed in +enscript and #584861 in +kdebase-workspace-data), and to get a more regular testing going on, I +am working on a script to automate the test.

+ +

The idea is to create a Lenny chroot and use tasksel to install a +Gnome or KDE desktop installation inside the chroot before upgrading +it. To ensure no services are started in the chroot, a policy-rc.d +script is inserted. To make sure tasksel believe it is to install a +desktop on a laptop, the tasksel tests are replaced in the chroot +(only acceptable because this is a throw-away chroot).

+ +

A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade +currently always fail because udev refuses to upgrade with the kernel +in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade +is created. The bug report +#566000 make me suspect +this problem do not trigger in a chroot, but I touch the file anyway +to make sure the upgrade go well. Testing on virtual and real +hardware have failed me because of udev so far, and creating this file +do the trick in such settings anyway. This is a +known +issue and the current udev behaviour is intended by the udev +maintainer because he lack the resources to rewrite udev to keep +working with old kernels or something like that. I really wish the +udev upstream would keep udev backwards compatible, to avoid such +upgrade problem, but given that they fail to do so, I guess +documenting the way out of this mess is the best option we got for +Debian Squeeze.

+ +

Anyway, back to the task at hand, testing upgrades. This test +script, which I call upgrade-test for now, is doing the +trick:

-CONCURRENCY=makefile
+#!/bin/sh
+set -ex
+
+if [ "$1" ] ; then
+    desktop=$1
+else
+    desktop=gnome
+fi
+
+from=lenny
+to=squeeze
+
+exec < /dev/null
+unset LANG
+mirror=http://ftp.skolelinux.org/debian
+tmpdir=chroot-$from-upgrade-$to-$desktop
+fuser -mv .
+debootstrap $from $tmpdir $mirror
+chroot $tmpdir aptitude update
+cat > $tmpdir/usr/sbin/policy-rc.d <<EOF
+#!/bin/sh
+exit 101
+EOF
+chmod a+rx $tmpdir/usr/sbin/policy-rc.d
+exit_cleanup() {
+    umount $tmpdir/proc
+}
+mount -t proc proc $tmpdir/proc
+# Make sure proc is unmounted also on failure
+trap exit_cleanup EXIT INT
+
+chroot $tmpdir aptitude -y install debconf-utils
+
+# Make sure tasksel autoselection trigger.  It need the test scripts
+# to return the correct answers.
+echo tasksel tasksel/desktop multiselect $desktop | \
+    chroot $tmpdir debconf-set-selections
+
+# Include the desktop and laptop task
+for test in desktop laptop ; do
+    echo > $tmpdir/usr/lib/tasksel/tests/$test <<EOF
+#!/bin/sh
+exit 2
+EOF
+    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
+done
+
+DEBIAN_FRONTEND=noninteractive
+DEBIAN_PRIORITY=critical
+export DEBIAN_FRONTEND DEBIAN_PRIORITY
+chroot $tmpdir tasksel --new-install
+
+echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
+chroot $tmpdir aptitude update
+touch $tmpdir/etc/udev/kernel-upgrade
+chroot $tmpdir aptitude -y dist-upgrade
+fuser -mv
-

That is it. It will cause sysv-rc to use the startpar tool to run -scripts in parallel using the dependency information stored in -/etc/init.d/.depend.boot, /etc/init.d/.depend.start and -/etc/init.d/.depend.stop to order the scripts. Startpar is configured -to try to start the kdm and gdm scripts as early as possible, and will -start the facilities required by kdm or gdm as early as possible to -make this happen.

- -

Give it a try, and see if you like the result. If some services -fail to start properly, it is most likely because they have incomplete -init.d script dependencies in their startup script (or some of their -dependent scripts have incomplete dependencies). Report bugs and get -the package maintainers to fix it. :)

- -

Running scripts in parallel could be the default in Debian when we -manage to get the init.d script dependencies complete and correct. I -expect we will get there in Squeeze+1, if we get manage to test and -fix the remaining issues.

- -

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

I suspect it would be useful to test upgrades with both apt-get and +with aptitude, but I have not had time to look at how they behave +differently so far. I hope to get a cron job running to do the test +regularly and post the result on the web. The Gnome upgrade currently +work, while the KDE upgrade fail because of the bug in +kdebase-workspace-data

+ +

I am not quite sure what kind of extract from the huge upgrade logs +(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog +post, so I will refrain from trying. I can report that for Gnome, +aptitude report 760 packages upgraded, 448 newly installed, 129 to +remove and 1 not upgraded and 1024MB need to be downloaded while for +KDE the same numbers are 702 packages upgraded, 507 newly installed, +193 to remove and 0 not upgraded and 1117MB need to be downloaded

+ +

I am very happy to notice that the Gnome desktop + laptop upgrade +is able to migrate to dependency based boot sequencing and parallel +booting without a hitch. Was unsure if there were still bugs with +packages failing to clean up their obsolete init.d script during +upgrades, and no such problem seem to affect the Gnome desktop+laptop +packages.

- Tags: debian, english. + Tags: bootsystem, debian, debian edu, english.
-
Forcing new users to change their password on first login
-
2010-05-02 13:47
+
Skolelinux er laget for sentraldrifting, naturligvis
+
2010-06-09 12:30
-

One interesting feature in Active Directory, is the ability to -create a new user with an expired password, and thus force the user to -change the password on the first login attempt.

- -

I'm not quite sure how to do that with the LDAP setup in Debian -Edu, but did some initial testing with a local account. The account -and password aging information is available in /etc/shadow, but -unfortunately, it is not possible to specify an expiration time for -passwords, only a maximum age for passwords.

- -

A freshly created account (using adduser test) will have these -settings in /etc/shadow:

- -
-root@tjener:~# chage -l test
-Last password change                                    : May 02, 2010
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 99999
-Number of days of warning before password expires       : 7
-root@tjener:~#
-
- -

The only way I could come up with to create a user with an expired -account, is to change the date of the last password change to the -lowest value possible (January 1th 1970), and the maximum password age -to the difference in days between that date and today. To make it -simple, I went for 30 years (30 * 365 = 10950) and January 2th (to -avoid testing if 0 is a valid value).

- -

After using these commands to set it up, it seem to work as -intended:

- -
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change                                    : Jan 02, 1970
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 10950
-Number of days of warning before password expires       : 7
-root@tjener:~#  
-
- -

So far I have tested this with ssh and console, and kdm (in -Squeeze) login, and all ask for a new password before login in the -user (with ssh, I was thrown out and had to log in again).

- -

Perhaps we should set up something similar for Debian Edu, to make -sure only the user itself have the account password?

- -

If you want to comment on or help out with implementing this for -Debian Edu, please contact us on debian-edu@lists.debian.org.

- -

Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the -shadow(8) page in Debian/testing now state that setting the date of -last password change to zero (0) will force the password to be changed -on the first login. This was not mentioned in the manual in Lenny, so -I did not notice this in my initial testing. I have tested it on -Squeeze, and 'chage -d 0 username' do work there. I have not -tested it on Lenny yet.

- -

Update 2010-05-02-19:05: Jim Paris tells me via email that an -equivalent command to expire a password is 'passwd -e -username', which insert zero into the date of the last password -change.

+

Det er merkelig hvordan myter om Skolelinux overlever. En slik +myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte +tjenermaskiner. I siste Computerworld Norge er +IT-sjef +Viggo Billdal i Steinkjer intervjuet, og forteller uten +blygsel:

+ +

Vi hadde Skolelinux, men det har vi sluttet med. Vi testet +om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at +Microsoft egentlig var totalt sett bedre egnet. Det var store +driftskostnader med Skolelinux, blant annet på grunn av +desentraliserte servere. Det var komplisert, så vi gikk vekk fra det +og bruker nå bare Windows.

+ +

En rask +sjekk mot den norske brukerlista i Skolelinuxprosjektet forteller +at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole +i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen +overkjørte skolen og krevde at de gikk over til Windows. Et søk på +nettet sendte meg til +Dagens +IT nr. 18 2005 hvor en kan lese på side 18:

+ +

Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå +Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke +var så stor. ­ Jeg syntes Skolelinux var utrolig lett å drifte uten +forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse +til installasjoner og maskinvarefeil, sier Tømmerås.

+ +

Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet +over påstanden om at Skolelinux krever desentraliserte tjenere. +Skolelinux-arkitekturen er laget for sentralisert drift og plassering +av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet. +Den er modellert på nettverks- og tjenerløsningen som brukes på +Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av +driftstjenester. Dette er det heldigvis noen som har fått med seg, og +jeg er glad for å kunne sitere fra en kommentar på den overnevnte +artikkelen. Min venn og gamle kollega Sturle Sunde forteller der: + +

+

I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til +meir enn 500 elevar. Dei store skulane har eigen tenar, for det er +mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser +sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre +avhengige av eksterne linjer som er trege eller dyre. Dei minste +skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje +noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein +sentral tenar eller tenaren på ein større skule.

+ +

Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje +harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer +programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har +mykje meir CPU og RAM totalt enn nokon moderne tenar til under +millionen. Det trengst to kommandoar på den sentrale tenaren for å +oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen +problem med diskar som ryk heller, som var eit problem før fordi +elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i +nettet, so det er fullt mogleg å køyre slike på småskular med trege +linjer mot tenaren på ein større skule.

+ +

Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og +ein person som tek seg av drift av heile nettet, inkludert tenarar, +klientar, operativsystem, programvare, heimekontorløysing og +administrasjon av brukarar.

+ +

No skal det seiast at vi ikkje køyrer rein Skulelinux ut av +boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som +var der frå før, og som har komplisert installasjonen vår. Etter at +oppsettet var gjort har løysinga vore stabil og kravd minimalt med +arbeid.

+
+ +

Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux +sentraldriftes med sentrale tjenere. Det forteller meg at Steinkjers +IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle +minner.

- Tags: debian edu, english, nuug, sikkerhet. + Tags: debian edu, norsk, nuug.
-
Thoughts on roaming laptop setup for Debian Edu
-
2010-04-28 20:40
+
Upstart or sysvinit - as init.d scripts see it
+
2010-06-06 23:55
-

For some years now, I have wondered how we should handle laptops in -Debian Edu. The Debian Edu infrastructure is mostly designed to -handle stationary computers, and less suited for computers that come -and go.

- -

Now I finally believe I have an sensible idea on how to adjust -Debian Edu for laptops, by introducing a new profile for them, for -example called Roaming Workstations. Here are my thought on this. -The setup would consist of the following:

+

If Debian is to migrate to upstart on Linux, I expect some init.d +scripts to migrate (some of) their operations to upstart job while +keeping the init.d for hurd and kfreebsd. The packages with such +needs will need a way to get their init.d scripts to behave +differently when used with sysvinit and with upstart. Because of +this, I had a look at the environment variables set when a init.d +script is running under upstart, and when it is not.

+ +

With upstart, I notice these environment variables are set when a +script is started from rcS.d/ (ignoring some irrelevant ones like +COLUMNS):

- +
+INIT_VERSION=sysvinit-2.88
+previous=N
+PREVLEVEL=N
+RUNLEVEL=S
+runlevel=S
+
-

I believe all the pieces to implement this are in Debian/testing at -the moment. If we work quickly, we should be able to get this ready -in time for the Squeeze release to freeze. Some of the pieces need -tweaking, like libpam-ccreds should get support for pam-auth-update -(#566718) and nslcd (or -perhaps debian-edu-config) should get some integration code to stop -its daemon when the LDAP server is unavailable to avoid long timeouts -when disconnected from the net. If we get Kerberos enabled, we need -to make sure we avoid long timeouts there too.

+

The RUNLEVEL and PREVLEVEL environment variables passed on from +sysvinit are not set by upstart. Not sure if it is intentional or not +to not be compatible with sysvinit in this regard.

-

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

For scripts needing to behave differently when upstart is used, +looking for the UPSTART_JOB environment variable seem to be a good +choice.

- Tags: debian edu, english, nuug. + Tags: bootsystem, debian, english.
@@ -629,6 +781,8 @@ please contact us on debian-edu@lists.debian.org.

  • May (9)
    • +
  • June (14)
    • +
  • 2009 @@ -682,41 +836,45 @@ please contact us on debian-edu@lists.debian.org.

  • aros (1)
    • -
  • debian (20)
    • +
  • bootsystem (10)
    • + +
  • debian (29)
    • -
  • debian edu (20)
    • +
  • debian edu (28)
    • -
  • english (31)
    • +
  • english (41)
  • fiksgatami (1)
    • -
  • fildeling (6)
    • +
  • fildeling (7)
  • kart (2)
    • +
  • ldap (3)
    • +
  • lenker (1)
  • ltsp (1)
  • multimedia (5)
    • -
  • norsk (65)
    • +
  • norsk (69)
    • -
  • nuug (74)
    • +
  • nuug (79)
    • -
  • opphavsrett (12)
    • +
  • opphavsrett (13)
    • -
  • personvern (11)
    • +
  • personvern (13)
  • reprap (10)
  • rss (1)
    • -
  • sikkerhet (8)
    • +
  • sikkerhet (9)
    • -
  • sitesummary (1)
    • +
  • sitesummary (3)
    • -
  • standard (11)
    • +
  • standard (13)
  • stavekontroll (1)