X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/c7f4475b04a0040356372a6b04e99cc5d54009dd..0eae61fd9783f8eadf6d9848106c6d24fb9ff838:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 6ed731e28a..5d6e2cf92f 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,561 +20,589 @@
-
More flexible firmware handling in debian-installer
-
2010-05-22 21:30
+
Automatic upgrade testing from Lenny to Squeeze
+
2010-06-11 22:50
-

After a long break from debian-installer development, I finally -found time today to return to the project. Having to spend less time -working dependency based boot in debian, as it is almost complete now, -definitely helped freeing some time.

+

The last few days I have done some upgrade testing in Debian, to +see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs +have been discovered and reported in the process +(#585410 in nagios3-cgi, +#584879 already fixed in +enscript and #584861 in +kdebase-workspace-data), and to get a more regular testing going on, I +am working on a script to automate the test.

+ +

The idea is to create a Lenny chroot and use tasksel to install a +Gnome or KDE desktop installation inside the chroot before upgrading +it. To ensure no services are started in the chroot, a policy-rc.d +script is inserted. To make sure tasksel believe it is to install a +desktop on a laptop, the tasksel tests are replaced in the chroot +(only acceptable because this is a throw-away chroot).

+ +

A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade +currently always fail because udev refuses to upgrade with the kernel +in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade +is created. The bug report +#566000 make me suspect +this problem do not trigger in a chroot, but I touch the file anyway +to make sure the upgrade go well. Testing on virtual and real +hardware have failed me because of udev so far, and creating this file +do the trick in such settings anyway. This is a +known +issue and the current udev behaviour is intended by the udev +maintainer because he lack the resources to rewrite udev to keep +working with old kernels or something like that. I really wish the +udev upstream would keep udev backwards compatible, to avoid such +upgrade problem, but given that they fail to do so, I guess +documenting the way out of this mess is the best option we got for +Debian Squeeze.

+ +

Anyway, back to the task at hand, testing upgrades. This test +script, which I call upgrade-test for now, is doing the +trick:

-

A while back, I ran into a problem while working on Debian Edu. We -include some firmware packages on the Debian Edu CDs, those needed to -get disk and network controllers working. Without having these -firmware packages available during installation, it is impossible to -install Debian Edu on the given machine, and because our target group -are non-technical people, asking them to provide firmware packages on -an external medium is a support pain. Initially, I expected it to be -enough to include the firmware packages on the CD to get -debian-installer to find and use them. This proved to be wrong. -Next, I hoped it was enough to symlink the relevant firmware packages -to some useful location on the CD (tried /cdrom/ and -/cdrom/firmware/). This also proved to not work, and at this point I -found time to look at the debian-installer code to figure out what was -going to work.

- -

The firmware loading code is in the hw-detect package, and a closer -look revealed that it would only look for firmware packages outside -the installation media, so the CD was never checked for firmware -packages. It would only check USB sticks, floppies and other -"external" media devices. Today I changed it to also look in the -/cdrom/firmware/ directory on the mounted CD or DVD, which should -solve the problem I ran into with Debian edu. I also changed it to -look in /firmware/, to make sure the installer also find firmware -provided in the initrd when booting the installer via PXE, to allow us -to provide the same feature in the PXE installer provided in Debian -Edu.

- -

To make sure firmware deb packages with a license questions are not -activated without asking if the license is accepted, I extended -hw-detect to look for preinst scripts in the firmware packages, and -run these before activating the firmware during installation. The -license question is asked using debconf in the preinst, so this should -solve the issue for the firmware packages I have looked at so far.

+
+#!/bin/sh
+set -ex
+
+if [ "$1" ] ; then
+    desktop=$1
+else
+    desktop=gnome
+fi
+
+from=lenny
+to=squeeze
+
+exec < /dev/null
+unset LANG
+mirror=http://ftp.skolelinux.org/debian
+tmpdir=chroot-$from-upgrade-$to-$desktop
+fuser -mv .
+debootstrap $from $tmpdir $mirror
+chroot $tmpdir aptitude update
+cat > $tmpdir/usr/sbin/policy-rc.d <<EOF
+#!/bin/sh
+exit 101
+EOF
+chmod a+rx $tmpdir/usr/sbin/policy-rc.d
+exit_cleanup() {
+    umount $tmpdir/proc
+}
+mount -t proc proc $tmpdir/proc
+# Make sure proc is unmounted also on failure
+trap exit_cleanup EXIT INT
+
+chroot $tmpdir aptitude -y install debconf-utils
+
+# Make sure tasksel autoselection trigger.  It need the test scripts
+# to return the correct answers.
+echo tasksel tasksel/desktop multiselect $desktop | \
+    chroot $tmpdir debconf-set-selections
+
+# Include the desktop and laptop task
+for test in desktop laptop ; do
+    echo > $tmpdir/usr/lib/tasksel/tests/$test <<EOF
+#!/bin/sh
+exit 2
+EOF
+    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
+done
+
+DEBIAN_FRONTEND=noninteractive
+DEBIAN_PRIORITY=critical
+export DEBIAN_FRONTEND DEBIAN_PRIORITY
+chroot $tmpdir tasksel --new-install
+
+echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
+chroot $tmpdir aptitude update
+touch $tmpdir/etc/udev/kernel-upgrade
+chroot $tmpdir aptitude -y dist-upgrade
+fuser -mv
+
-

If you want to discuss the details of these features, please -contact us on debian-boot@lists.debian.org.

+

I suspect it would be useful to test upgrades with both apt-get and +with aptitude, but I have not had time to look at how they behave +differently so far. I hope to get a cron job running to do the test +regularly and post the result on the web. The Gnome upgrade currently +work, while the KDE upgrade fail because of the bug in +kdebase-workspace-data

+ +

I am not quite sure what kind of extract from the huge upgrade logs +(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog +post, so I will refrain from trying. I can report that for Gnome, +aptitude report 760 packages upgraded, 448 newly installed, 129 to +remove and 1 not upgraded and 1024MB need to be downloaded while for +KDE the same numbers are 702 packages upgraded, 507 newly installed, +193 to remove and 0 not upgraded and 1117MB need to be downloaded

+ +

I am very happy to notice that the Gnome desktop + laptop upgrade +is able to migrate to dependency based boot sequencing and parallel +booting without a hitch. Was unsure if there were still bugs with +packages failing to clean up their obsolete init.d script during +upgrades, and no such problem seem to affect the Gnome desktop+laptop +packages.

- Tags: debian, debian edu, english. + Tags: bootsystem, debian, debian edu, english.
-
Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
-
2010-05-21 16:00
+
Skolelinux er laget for sentraldrifting, naturligvis
+
2010-06-09 12:30
-

For en stund tilbake kjøpte jeg en magnetkortleser for å kunne -titte på hva som er skrevet inn på magnetstripene til ulike kort. Har -ikke hatt tid til å analysere mange kort så langt, men tenkte jeg -skulle dele innholdet på to kort med mine lesere.

- -

For noen dager siden tok jeg flyet til Harstad og Hurtigruten til -Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med -magnetstripe. Påtrykket finner jeg følgende informasjon:

- -
-Flytoget Airport Express Train
-
-Fra - Til        : Oslo Sentralstasjon
-Kategori         : Voksen
-Pris             : Nok 170,00
-Herav mva. 8,00% : NOK 12,59
-Betaling         : Kontant
-Til - Fra        : Oslo Lufthavn
-Utstedt:         : 08.05.10
-Gyldig Fra-Til   : 08.05.10-07.11.10
-Billetttype      : Enkeltbillett
+
Det er merkelig hvordan myter om Skolelinux overlever.  En slik
+myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte
+tjenermaskiner.  I siste Computerworld Norge er
+IT-sjef
+Viggo Billdal i Steinkjer intervjuet, og forteller uten
+blygsel:

+
+
Vi hadde Skolelinux, men det har vi sluttet med. Vi testet
+om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at
+Microsoft egentlig var totalt sett bedre egnet. Det var store
+driftskostnader med Skolelinux, blant annet på grunn av
+desentraliserte servere. Det var komplisert, så vi gikk vekk fra det
+og bruker nå bare Windows.

+
+
En rask
+sjekk mot den norske brukerlista i Skolelinuxprosjektet forteller
+at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole
+i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen
+overkjørte skolen og krevde at de gikk over til Windows.  Et søk på
+nettet sendte meg til
+Dagens
+IT nr. 18 2005 hvor en kan lese på side 18:

+
+
Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå
+Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke
+var så stor.  ­ Jeg syntes Skolelinux var utrolig lett å drifte uten
+forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse
+til installasjoner og maskinvarefeil, sier Tømmerås.

+
+
Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet
+over påstanden om at Skolelinux krever desentraliserte tjenere.
+Skolelinux-arkitekturen er laget for sentralisert drift og plassering
+av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet.
+Den er modellert på nettverks- og tjenerløsningen som brukes på
+Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av
+driftstjenester.  Dette er det heldigvis noen som har fått med seg, og
+jeg er glad for å kunne sitere fra en kommentar på den overnevnte
+artikkelen.  Min venn og gamle kollega Sturle Sunde forteller der:
+
+

+
I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til
+meir enn 500 elevar. Dei store skulane har eigen tenar, for det er
+mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser
+sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre
+avhengige av eksterne linjer som er trege eller dyre. Dei minste
+skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje
+noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein
+sentral tenar eller tenaren på ein større skule.

+
+
Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje
+harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer
+programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har
+mykje meir CPU og RAM totalt enn nokon moderne tenar til under
+millionen. Det trengst to kommandoar på den sentrale tenaren for å
+oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen
+problem med diskar som ryk heller, som var eit problem før fordi
+elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i
+nettet, so det er fullt mogleg å køyre slike på småskular med trege
+linjer mot tenaren på ein større skule.

+
+
Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og
+ein person som tek seg av drift av heile nettet, inkludert tenarar,
+klientar, operativsystem, programvare, heimekontorløysing og
+administrasjon av brukarar.

+
+
No skal det seiast at vi ikkje køyrer rein Skulelinux ut av
+boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som
+var der frå før, og som har komplisert installasjonen vår. Etter at
+oppsettet var gjort har løysinga vore stabil og kravd minimalt med
+arbeid.

+

+
+
Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux
+sentraldriftes med sentrale tjenere.  Det forteller meg at Steinkjers
+IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle
+minner.

+
+
+ -102-1015-100508-48382-01-08 - + + Tags: debian edu, norsk, nuug. + +
+
+
+ +
+
Upstart or sysvinit - as init.d scripts see it
+
2010-06-06 23:55
+
+

If Debian is to migrate to upstart on Linux, I expect some init.d +scripts to migrate (some of) their operations to upstart job while +keeping the init.d for hurd and kfreebsd. The packages with such +needs will need a way to get their init.d scripts to behave +differently when used with sysvinit and with upstart. Because of +this, I had a look at the environment variables set when a init.d +script is running under upstart, and when it is not.

+ +

With upstart, I notice these environment variables are set when a +script is started from rcS.d/ (ignoring some irrelevant ones like +COLUMNS):

-

På selve magnetstripen er innholdet -;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?. -Aner ikke hva innholdet representerer, og det er lite overlapp mellom -det jeg ser trykket på billetten og det jeg ser av tegn i -magnetstripen. Håper det betyr at de bruker kryptografiske metoder -for å gjøre det vanskelig å forfalske billetter.

+
+DEFAULT_RUNLEVEL=2
+previous=N
+PREVLEVEL=
+RUNLEVEL=
+runlevel=S
+UPSTART_EVENTS=startup
+UPSTART_INSTANCE=
+UPSTART_JOB=rc-sysinit
+
-

Den andre billetten er fra Hurtigruten, der jeg mistenker at -strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert -fall den biten vi stakk inn i dørlåsen).

+

With sysvinit, these environment variables are set for the same +script.

-

Påtrykket forsiden er følgende:

+
+INIT_VERSION=sysvinit-2.88
+previous=N
+PREVLEVEL=N
+RUNLEVEL=S
+runlevel=S
+
-
-Romnummer 727
-Hurtigruten
-Midnatsol
-Reinholdtsen
-Petter
-Bookingno: SAX69   0742193
-Harstad-Bergen
-Dep: 09.05.2010 Arr: 12.05.2010
-Lugar fra Risøyhamn
-Kost: FRO=4
-
+

The RUNLEVEL and PREVLEVEL environment variables passed on from +sysvinit are not set by upstart. Not sure if it is intentional or not +to not be compatible with sysvinit in this regard.

-

På selve magnetstripen er innholdet -;1316010007421930=00000000000000000000?+E?. Heller ikke her -ser jeg mye korrespondanse mellom påtrykk og magnetstripe.

+

For scripts needing to behave differently when upstart is used, +looking for the UPSTART_JOB environment variable seem to be a good +choice.

- Tags: norsk, nuug, sikkerhet. + Tags: bootsystem, debian, english.
-
Pieces of the roaming laptop puzzle in Debian
-
2010-05-19 19:00
+
A manual for standards wars...
+
2010-06-06 14:15
-

Today, the last piece of the puzzle for roaming laptops in Debian -Edu finally entered the Debian archive. Today, the new -libpam-mklocaluser -package was accepted. Two days ago, two other pieces was accepted -into unstable. The -pam-python -package needed by libpam-mklocaluser, and the -sssd package -passed NEW on Monday. In addition, the -libpam-ccreds -package we need is in experimental (version 10-4) since Saturday, and -hopefully will be moved to unstable soon.

- -

This collection of packages allow for two different setups for -roaming laptops. The traditional setup would be using libpam-ccreds, -nscd and libpam-mklocaluser with LDAP or Kerberos authentication, -which should work out of the box if the configuration changes proposed -for nscd in BTS report -#485282 is implemented. The alternative setup is to use sssd with -libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take -care of the caching of passwords and group information.

- -

I have so far been unable to get sssd to work with the LDAP server -at the University, but suspect the issue is some SSL/GnuTLS related -problem with the server certificate. I plan to update the Debian -package to version 1.2, which is scheduled for next week, and hope to -find time to make sure the next release will include both the -Debian/Ubuntu specific patches. Upstream is friendly and responsive, -and I am sure we will find a good solution.

- -

The idea is to set up the roaming laptops to authenticate using -LDAP or Kerberos and create a local user with home directory in /home/ -when a usre in LDAP logs in via KDM or GDM for the first time, and -cache the password for offline checking, as well as caching group -memberhips and other relevant LDAP information. The -libpam-mklocaluser package was created to make sure the local home -directory is in /home/, instead of /site/server/directory/ which would -be the home directory if pam_mkhomedir was used. To avoid confusion -with support requests and configuration, we do not want local laptops -to have users in a path that is used for the same users home directory -on the home directory servers.

- -

One annoying problem with gdm is that it do not show the PAM -message passed to the user from libpam-mklocaluser when the local user -is created. Instead gdm simply reject the login with some generic -message. The message is shown in kdm, ssh and login, so I guess it is -a bug in gdm. Have not investigated if there is some other message -type that can be used instead to get gdm to also show the message.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

+

Via the +blog +of Rob Weir I came across the very interesting essay named +The Art of +Standards Wars (PDF 25 pages). I recommend it for everyone +following the standards wars of today.

- Tags: debian edu, english, nuug. + Tags: debian, debian edu, english, standard.
-
Parallellized boot is now the default in Debian/unstable
-
2010-05-14 22:40
+
Sitesummary tip: Listing computer hardware models used at site
+
2010-06-03 12:05
-

Since this evening, parallel booting is the default in -Debian/unstable for machines using dependency based boot sequencing. -Apparently the testing of concurrent booting has been wider than -expected, if I am to believe the -input -on debian-devel@, and I concluded a few days ago to move forward -with the feature this weekend, to give us some time to detect any -remaining problems before Squeeze is frozen. If serious problems are -detected, it is simple to change the default back to sequential boot. -The upload of the new sysvinit package also activate a new upstream -version.

- -More information about -dependency -based boot sequencing is available from the Debian wiki. It is -currently possible to disable parallel booting when one run into -problems caused by it, by adding this line to /etc/default/rcS:

+

When using sitesummary at a site to track machines, it is possible +to get a list of the machine types in use thanks to the DMI +information extracted from each machine. The script to do so is +included in the sitesummary package, and here is example output from +the Skolelinux build servers:

-CONCURRENCY=none
+maintainer:~# /usr/lib/sitesummary/hardware-model-summary
+  vendor                    count
+  Dell Computer Corporation     1
+    PowerEdge 1750              1
+  IBM                           1
+    eserver xSeries 345 -[8670M1X]-     1
+  Intel                         2
+  [no-dmi-info]                 3
+maintainer:~#
-

If you report any problems with dependencies in init.d scripts to -the BTS, please usertag the report to get it to show up at -the -list of usertagged bugs related to this.

+

The quality of the report depend on the quality of the DMI tables +provided in each machine. Here there are Intel machines without model +information listed with Intel as vendor and mo model, and virtual Xen +machines listed as [no-dmi-info]. One can add -l as a command line +option to list the individual machines.

+ +

A larger list is +available from the the +city of Narvik, which uses Skolelinux on all their shools and also +provide the basic sitesummary report publicly. In their report there +are ~1400 machines. I know they use both Ubuntu and Skolelinux on +their machines, and as sitesummary is available in both distributions, +it is trivial to get all of them to report to the same central +collector.

- Tags: debian, debian edu, english. + Tags: debian, debian edu, english, sitesummary.
-
Sitesummary tip: Listing MAC address of all clients
-
2010-05-14 21:10
+
Togsatsing på norsk, mot sykkel
+
2010-06-02 23:45
-

In the recent Debian Edu versions, the -sitesummary -system is used to keep track of the machines in the school -network. Each machine will automatically report its status to the -central server after boot and once per night. The network setup is -also reported, and using this information it is possible to get the -MAC address of all network interfaces in the machines. This is useful -to update the DHCP configuration.

- -

To give some idea how to use sitesummary, here is a one-liner to -ist all MAC addresses of all machines reporting to sitesummary. Run -this on the collector host:

- -
-perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
-
+

Det står dårlig til med toget når en finner på å la det +kappkjøre +med sykkel... Jeg tror det trengs strukturendringer for å få +fikset på togproblemene i Norge.

-

This will list all MAC addresses assosiated with all machine, one -line per machine and with space between the MAC addresses.

- -

To allow system administrators easier job at adding static DHCP -addresses for hosts, it would be possible to extend this to fetch -machine information from sitesummary and update the DHCP and DNS -tables in LDAP using this information. Such tool is unfortunately not -written yet.

+

Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags +effekt på området der?

- Tags: debian, debian edu, english, sitesummary. + Tags: norsk.
-
systemd, an interesting alternative to upstart
-
2010-05-13 22:20
+
KDM fail at boot with NVidia cards - and no one try to fix it?
+
2010-06-01 17:05
-

The last few days a new boot system called -systemd -has been -introduced - -to the free software world. I have not yet had time to play around -with it, but it seem to be a very interesting alternative to -upstart, and might prove to be -a good alternative for Debian when we are able to switch to an event -based boot system. Tollef is -in the process of getting -systemd into Debian, and I look forward to seeing how well it work. I -like the fact that systemd handles init.d scripts with dependency -information natively, allowing them to run in parallel where upstart -at the moment do not.

- -

Unfortunately do systemd have the same problem as upstart regarding -platform support. It only work on recent Linux kernels, and also need -some new kernel features enabled to function properly. This means -kFreeBSD and Hurd ports of Debian will need a port or a different boot -system. Not sure how that will be handled if systemd proves to be the -way forward.

- -

In the mean time, based on the -input -on debian-devel@ regarding parallel booting in Debian, I have -decided to enable full parallel booting as the default in Debian as -soon as possible (probably this weekend or early next week), to see if -there are any remaining serious bugs in the init.d dependencies. A -new version of the sysvinit package implementing this change is -already in experimental. If all go well, Squeeze will be released -with parallel booting enabled by default.

+

It is strange to watch how a bug in Debian causing KDM to fail to +start at boot when an NVidia video card is used is handled. The +problem seem to be that the nvidia X.org driver uses a long time to +initialize, and this duration is longer than kdm is configured to +wait.

+ +

I came across two bugs related to this issue, +#583312 initially filed +against initscripts and passed on to nvidia-glx when it became obvious +that the nvidia drivers were involved, and +#524751 initially filed against +kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.

+ +

To me, it seem that no-one is interested in actually solving the +problem nvidia video card owners experience and make sure the Debian +distribution work out of the box for these users. The nvidia driver +maintainers expect kdm to be set up to wait longer, while kdm expect +the nvidia driver maintainers to fix the driver to start faster, and +while they wait for each other I guess the users end up switching to a +distribution that work for them. I have no idea what the solution is, +but I am pretty sure that waiting for each other is not it.

+ +

I wonder why we end up handling bugs this way.

- Tags: debian, english, nuug. + Tags: bootsystem, debian, debian edu, english.
-
Parallellizing the boot in Debian Squeeze - ready for wider testing
-
2010-05-06 23:25
+
Parallellized boot seem to hold up well in Debian/testing
+
2010-05-27 23:55
-

These days, the init.d script dependencies in Squeeze are quite -complete, so complete that it is actually possible to run all the -init.d scripts in parallell based on these dependencies. If you want -to test your Squeeze system, make sure -dependency -based boot sequencing is enabled, and add this line to -/etc/default/rcS:

- -
-CONCURRENCY=makefile
-
- -

That is it. It will cause sysv-rc to use the startpar tool to run -scripts in parallel using the dependency information stored in -/etc/init.d/.depend.boot, /etc/init.d/.depend.start and -/etc/init.d/.depend.stop to order the scripts. Startpar is configured -to try to start the kdm and gdm scripts as early as possible, and will -start the facilities required by kdm or gdm as early as possible to -make this happen.

- -

Give it a try, and see if you like the result. If some services -fail to start properly, it is most likely because they have incomplete -init.d script dependencies in their startup script (or some of their -dependent scripts have incomplete dependencies). Report bugs and get -the package maintainers to fix it. :)

- -

Running scripts in parallel could be the default in Debian when we -manage to get the init.d script dependencies complete and correct. I -expect we will get there in Squeeze+1, if we get manage to test and -fix the remaining issues.

+

A few days ago, parallel booting was enabled in Debian/testing. +The feature seem to hold up pretty well, but three fairly serious +issues are known and should be solved: + +

+ +

All in all not many surprising issues, and all of them seem +solvable before Squeeze is released. In addition to these there are +some packages with bugs in their dependencies and run level settings, +which I expect will be fixed in a reasonable time span.

If you report any problems with dependencies in init.d scripts to the BTS, please usertag the report to get it to show up at the list of usertagged bugs related to this.

+ +

Update: Correct bug number to file-rc issue.

- Tags: debian, english. + Tags: bootsystem, debian, debian edu, english.
-
Forcing new users to change their password on first login
-
2010-05-02 13:47
+
More flexible firmware handling in debian-installer
+
2010-05-22 21:30
-

One interesting feature in Active Directory, is the ability to -create a new user with an expired password, and thus force the user to -change the password on the first login attempt.

- -

I'm not quite sure how to do that with the LDAP setup in Debian -Edu, but did some initial testing with a local account. The account -and password aging information is available in /etc/shadow, but -unfortunately, it is not possible to specify an expiration time for -passwords, only a maximum age for passwords.

- -

A freshly created account (using adduser test) will have these -settings in /etc/shadow:

- -
-root@tjener:~# chage -l test
-Last password change                                    : May 02, 2010
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 99999
-Number of days of warning before password expires       : 7
-root@tjener:~#
-
- -

The only way I could come up with to create a user with an expired -account, is to change the date of the last password change to the -lowest value possible (January 1th 1970), and the maximum password age -to the difference in days between that date and today. To make it -simple, I went for 30 years (30 * 365 = 10950) and January 2th (to -avoid testing if 0 is a valid value).

- -

After using these commands to set it up, it seem to work as -intended:

- -
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change                                    : Jan 02, 1970
-Password expires                                        : never
-Password inactive                                       : never
-Account expires                                         : never
-Minimum number of days between password change          : 0
-Maximum number of days between password change          : 10950
-Number of days of warning before password expires       : 7
-root@tjener:~#  
-
- -

So far I have tested this with ssh and console, and kdm (in -Squeeze) login, and all ask for a new password before login in the -user (with ssh, I was thrown out and had to log in again).

+

After a long break from debian-installer development, I finally +found time today to return to the project. Having to spend less time +working dependency based boot in debian, as it is almost complete now, +definitely helped freeing some time.

-

Perhaps we should set up something similar for Debian Edu, to make -sure only the user itself have the account password?

+

A while back, I ran into a problem while working on Debian Edu. We +include some firmware packages on the Debian Edu CDs, those needed to +get disk and network controllers working. Without having these +firmware packages available during installation, it is impossible to +install Debian Edu on the given machine, and because our target group +are non-technical people, asking them to provide firmware packages on +an external medium is a support pain. Initially, I expected it to be +enough to include the firmware packages on the CD to get +debian-installer to find and use them. This proved to be wrong. +Next, I hoped it was enough to symlink the relevant firmware packages +to some useful location on the CD (tried /cdrom/ and +/cdrom/firmware/). This also proved to not work, and at this point I +found time to look at the debian-installer code to figure out what was +going to work.

-

If you want to comment on or help out with implementing this for -Debian Edu, please contact us on debian-edu@lists.debian.org.

+

The firmware loading code is in the hw-detect package, and a closer +look revealed that it would only look for firmware packages outside +the installation media, so the CD was never checked for firmware +packages. It would only check USB sticks, floppies and other +"external" media devices. Today I changed it to also look in the +/cdrom/firmware/ directory on the mounted CD or DVD, which should +solve the problem I ran into with Debian edu. I also changed it to +look in /firmware/, to make sure the installer also find firmware +provided in the initrd when booting the installer via PXE, to allow us +to provide the same feature in the PXE setup included in Debian +Edu.

-

Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the -shadow(8) page in Debian/testing now state that setting the date of -last password change to zero (0) will force the password to be changed -on the first login. This was not mentioned in the manual in Lenny, so -I did not notice this in my initial testing. I have tested it on -Squeeze, and 'chage -d 0 username' do work there. I have not -tested it on Lenny yet.

+

To make sure firmware deb packages with a license questions are not +activated without asking if the license is accepted, I extended +hw-detect to look for preinst scripts in the firmware packages, and +run these before activating the firmware during installation. The +license question is asked using debconf in the preinst, so this should +solve the issue for the firmware packages I have looked at so far.

-

Update 2010-05-02-19:05: Jim Paris tells me via email that an -equivalent command to expire a password is 'passwd -e -username', which insert zero into the date of the last password -change.

+

If you want to discuss the details of these features, please +contact us on debian-boot@lists.debian.org.

- Tags: debian edu, english, nuug, sikkerhet. + Tags: debian, debian edu, english.
-
Thoughts on roaming laptop setup for Debian Edu
-
2010-04-28 20:40
+
Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
+
2010-05-21 16:00
-

For some years now, I have wondered how we should handle laptops in -Debian Edu. The Debian Edu infrastructure is mostly designed to -handle stationary computers, and less suited for computers that come -and go.

+

For en stund tilbake kjøpte jeg en magnetkortleser for å kunne +titte på hva som er skrevet inn på magnetstripene til ulike kort. Har +ikke hatt tid til å analysere mange kort så langt, men tenkte jeg +skulle dele innholdet på to kort med mine lesere.

-

Now I finally believe I have an sensible idea on how to adjust -Debian Edu for laptops, by introducing a new profile for them, for -example called Roaming Workstations. Here are my thought on this. -The setup would consist of the following:

+

For noen dager siden tok jeg flyet til Harstad og Hurtigruten til +Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med +magnetstripe. Påtrykket finner jeg følgende informasjon:

- +102-1015-100508-48382-01-08 + -

I believe all the pieces to implement this are in Debian/testing at -the moment. If we work quickly, we should be able to get this ready -in time for the Squeeze release to freeze. Some of the pieces need -tweaking, like libpam-ccreds should get support for pam-auth-update -(#566718) and nslcd (or -perhaps debian-edu-config) should get some integration code to stop -its daemon when the LDAP server is unavailable to avoid long timeouts -when disconnected from the net. If we get Kerberos enabled, we need -to make sure we avoid long timeouts there too.

- -

If you want to help out with implementing this for Debian Edu, -please contact us on debian-edu@lists.debian.org.

-
-
- +

På selve magnetstripen er innholdet +;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?. +Aner ikke hva innholdet representerer, og det er lite overlapp mellom +det jeg ser trykket på billetten og det jeg ser av tegn i +magnetstripen. Håper det betyr at de bruker kryptografiske metoder +for å gjøre det vanskelig å forfalske billetter.

- - Tags: debian edu, english, nuug. - -
-
-
- -
-
Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"
-
2010-04-19 17:10
-
-

The last few weeks i have had the pleasure of reading a -thought-provoking collection of essays by Cory Doctorow, on topics -touching copyright, virtual worlds, the future of man when the -conscience mind can be duplicated into a computer and many more. The -book titled "Content: Selected Essays on Technology, Creativity, -Copyright, and the Future of the Future" is available with few -restrictions on the web, for example from -his own site. I read the -epub-version from -feedbooks using -fbreader and my N810. I -strongly recommend this book.

+

Den andre billetten er fra Hurtigruten, der jeg mistenker at +strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert +fall den biten vi stakk inn i dørlåsen).

+ +

Påtrykket forsiden er følgende:

+ +
+Romnummer 727
+Hurtigruten
+Midnatsol
+Reinholdtsen
+Petter
+Bookingno: SAX69   0742193
+Harstad-Bergen
+Dep: 09.05.2010 Arr: 12.05.2010
+Lugar fra Risøyhamn
+Kost: FRO=4
+
+ +

På selve magnetstripen er innholdet +;1316010007421930=00000000000000000000?+E?. Heller ikke her +ser jeg mye korrespondanse mellom påtrykk og magnetstripe.

- Tags: english, fildeling, nuug, opphavsrett, personvern, sikkerhet, web. + Tags: norsk, nuug, sikkerhet.
@@ -602,7 +630,9 @@ strongly recommend this book.

  • April (3)
    • -
  • May (8)
    • +
  • May (9)
    • + +
  • June (7)
    • @@ -657,11 +687,13 @@ strongly recommend this book.

  • aros (1)
    • -
  • debian (19)
    • +
  • bootsystem (5)
    • + +
  • debian (25)
    • -
  • debian edu (19)
    • +
  • debian edu (25)
    • -
  • english (30)
    • +
  • english (36)
  • fiksgatami (1)
    • @@ -675,9 +707,9 @@ strongly recommend this book.

  • multimedia (5)
    • -
  • norsk (65)
    • +
  • norsk (67)
    • -
  • nuug (74)
    • +
  • nuug (75)
  • opphavsrett (12)
    • @@ -689,9 +721,9 @@ strongly recommend this book.

  • sikkerhet (8)
    • -
  • sitesummary (1)
    • +
  • sitesummary (3)
    • -
  • standard (11)
    • +
  • standard (12)
  • stavekontroll (1)