]> pere.pagekite.me Git - homepage.git/blob - blog/index.html
Ny oppføring.
[homepage.git] / blog / index.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html>
4 <head>
5 <title>Petter Reinholdtsen</title>
6 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
7 <link rel="alternate" title="RSS Feed" href="http://people.skolelinux.org/pere/blog/index.rss" type="application/rss+xml">
8
9 </head>
10 <body>
11
12 <div class="title">
13 <h1>
14 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
15
16 </h1>
17
18 </div>
19
20
21
22 <div class="entry">
23 <div class="title"><a href="http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html">2 Spykee-roboter i hus, nå skal det lekes</a></div>
24 <div class="date">2010-08-18 13:30</div>
25 <div class="body">
26 <p>Jeg kjøpte nettopp to
27 <a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
28 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
29 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
30 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
31 en liten stabel på lager som de ikke hadde klart å selge ut etter
32 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
33 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
34 det blir morsomt å se hva vi får ut av dette.</p>
35
36 <p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
37 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
38 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
39 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
40 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
41 firmwaren. :)</p>
42
43 <ul>
44 <li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
45 <li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
46 </ul>
47 </div>
48 <div class="tags">
49
50
51
52 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
53
54 </div>
55 </div>
56 <div class="padding"></div>
57
58 <div class="entry">
59 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html">Rob Weir: How to Crush Dissent</a></div>
60 <div class="date">2010-08-15 22:20</div>
61 <div class="body">
62 <p>I found the notes from Rob Weir on
63 <a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html">how
64 to crush dissent</a> matching my own thoughts on the matter quite
65 well. Highly recommended for those wondering which road our society
66 should go down. In my view we have been heading the wrong way for a
67 long time.</p>
68 </div>
69 <div class="tags">
70
71
72
73 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
74
75 </div>
76 </div>
77 <div class="padding"></div>
78
79 <div class="entry">
80 <div class="title"><a href="http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html">No hardcoded config on Debian Edu clients</a></div>
81 <div class="date">2010-08-09 20:15</div>
82 <div class="body">
83 <p>As reported earlier, the last few days I have looked at how Debian
84 Edu clients are configured, and tried to get rid of all hardcoded
85 configuration settings on the clients. I believe the work to be
86 mostly done, and the clients seem to work just fine with dynamically
87 generated configuration.</p>
88
89 <p>What is the point, you might ask? The point is to allow a Debian
90 Edu desktop to integrate into an existing network infrastructure
91 without any manual configuration.</p>
92
93 <p>This is what happens when installing a Debian Edu client here at
94 the University of Oslo using PXE. With the PXE installation, I am
95 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
96 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
97 accept to reformat the hard drive (yes), if I want to submit info to
98 popcon.debian.org (no) and root password (secret). After answering
99 these questions, the installer goes ahead and does its thing, and
100 after around 50 minutes it is done. I press enter to finish the
101 installation, and the machine reboots into KDE. When the machine is
102 ready and kdm asks for login information, I enter my university
103 username and password, am told by kdm that a local home directory has
104 been created and that I must log in again, and finally log in with the
105 same username and password to the KDE 4.4 desktop. At no point during
106 this process did it ask for university specific settings, and all the
107 required configuration was dynamically detected using information
108 fetched via DHCP and DNS. The roaming workstation is now ready for
109 use.</p>
110
111 <p>How was this done, you might wonder? First of all, here is the
112 list of things that need to be configured on the client to get it
113 working properly out of the box:</p>
114
115 <ul>
116 <li>IP address/netmask and DNS server.</li>
117 <li>Web proxy URL.</li>
118 <li>LDAP server for NSS directory information (user, group, etc).</li>
119 <li>Kerberos server for PAM password checking.</li>
120 <li>SMB mount point to access the network home directory. (*)</li>
121 <li>Central syslog server to send syslog messages to. (*)</li>
122 <li>Sitesummary collector URL to submit info to central server. (*)</li>
123 </ul>
124
125 <p>(Hm, did I forget anything? Let me knew if I did.)</p>
126
127 <p>The points marked (*) are not required to be able to use the
128 machine, but needed to provide central storage and allowing system
129 administrators to track their machines. Since yesterday, everything
130 but the sitesummary collector URL is dynamically discovered at boot
131 and installation time in the svn version of Debian Edu.</p>
132
133 <p>The IP and DNS setup is fetched during boot using DHCP as usual.
134 When a DHCP update arrives, the proxy setup is updated by looking for
135 http://wpat/wpad.dat and using the content of this WPAD file to
136 configure the http and ftp proxy in /etc/environment and
137 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
138 hook to ensure that the client stops using the Debian Edu proxy when
139 it is moved outside the Debian Edu network, and instead uses any local
140 proxy present on the new network when it moves around.</p>
141
142 <p>The DNS names of the LDAP, Kerberos and syslog server and related
143 configuration are generated using DNS information at boot. First the
144 installer looks for a host named ldap in the current DNS domain. If
145 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
146 LDAP server is found, its root DSE entry is requested and the
147 attributes namingContexts and defaultNamingContext are used to
148 determine which LDAP base to use for NSS. If there are several
149 namingContexts attibutes and the defaultNamingContext is present, that
150 LDAP subtree is used as the base. If defaultNamingContext is missing,
151 the subtrees listed as namingContexts are searched in sequence for any
152 object with class posixAccount or posixGroup, and the first one with
153 such an object is used as the LDAP base. For Kerberos, a similar
154 search is done by first looking for a host named kerberos, and then
155 for the _kerberos._tcp SRV record. I've been unable to find a way to
156 look up the Kerberos realm, so for this the upper case string of the
157 current DNS domain is used.</p>
158
159 <p>For the syslog server, the hosts syslog and loghost are searched
160 for, and the _syslog._udp SRV record is consulted if no such host is
161 found. This algorithm works for both Debian Edu and the University of
162 Oslo. A similar strategy would work for locating the sitesummary
163 server, but have not been implemented yet. I decided to fetch and
164 save these settings during installation, to make sure moving to a
165 different network does not change the set of users being allowed to
166 log in nor the passwords required to log in. Usernames and passwords
167 will be cached by sssd when the user logs in on the Debian Edu
168 network, and will not change as the laptop move around. For a
169 non-roaming machine, there is no caching, but given that it is
170 supposed to stay in place it should not matter much. Perhaps we
171 should switch those to use sssd too?</p>
172
173 <p>The user's SMB mount point for the network home directory is
174 located when the user logs in for the first time. The LDAP server is
175 consulted to look for the user's LDAP object and the sambaHomePath
176 attribute is used if found. If it isn't found, the home directory
177 path fetched from NSS is used instead. Assuming the path is of the
178 form /site/server/directory/username, the second part is looked up in
179 DNS and used to generate a SMB URL of the form
180 smb://server.domain/username. This algorithm works for both Debian
181 edu and the University of Oslo. Perhaps there are better attributes
182 to use or a better algorithm that works for more sites, but this will
183 do for now. :)</p>
184
185 <p>This work should make it easier to integrate the Debian Edu clients
186 into any LDAP/Kerberos infrastructure, and make the current setup even
187 more flexible than before. I suspect it will also work for thin
188 client servers, allowing one to easily set up LTSP and hook it into a
189 existing network infrastructure, but I have not had time to test this
190 yet.</p>
191
192 <p>If you want to help out with implementing these things for Debian
193 Edu, please contact us on debian-edu@lists.debian.org.</p>
194
195 <p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
196 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
197 before falling back to the upper case DNS domain name. Will have to
198 implement it for Debian Edu. :)</p>
199 </div>
200 <div class="tags">
201
202
203
204 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
205
206 </div>
207 </div>
208 <div class="padding"></div>
209
210 <div class="entry">
211 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">Testing if a file system can be used for home directories...</a></div>
212 <div class="date">2010-08-08 21:20</div>
213 <div class="body">
214 <p>A few years ago, I was involved in a project planning to use
215 Windows file servers as home directory servers for Debian
216 Edu/Skolelinux machines. This was thought to be no problem, as the
217 access would be through the SMB network file system protocol, and we
218 knew other sites used SMB with unix and samba as the file server to
219 mount home directories without any problems. But, after months of
220 struggling, we had to conclude that our goal was impossible.</p>
221
222 <p>The reason is simply that while SMB can be used for home
223 directories when the file server is Samba running on Unix, this only
224 work because of Samba have some extensions and the fact that the
225 underlying file system is a unix file system. When using a Windows
226 file server, the underlying file system do not have POSIX semantics,
227 and several programs will fail if the users home directory where they
228 want to store their configuration lack POSIX semantics.</p>
229
230 <p>As part of this work, I wrote a small C program I want to share
231 with you all, to replicate a few of the problematic applications (like
232 OpenOffice.org and GCompris) and see if the file system was working as
233 it should. If you find yourself in spooky file system land, it might
234 help you find your way out again. This is the fs-test.c source:</p>
235
236 <pre>
237 /*
238 * Some tests to check the file system sematics. Used to verify that
239 * CIFS from a windows server do not work properly as a linux home
240 * directory.
241 * License: GPL v2 or later
242 *
243 * needs libsqlite3-dev and build-essential installed
244 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
245 */
246
247 #define _FILE_OFFSET_BITS 64
248 #define _LARGEFILE_SOURCE 1
249 #define _LARGEFILE64_SOURCE 1
250
251 #define _GNU_SOURCE /* for asprintf() */
252
253 #include &lt;errno.h>
254 #include &lt;fcntl.h>
255 #include &lt;stdio.h>
256 #include &lt;string.h>
257 #include &lt;stdlib.h>
258 #include &lt;sys/file.h>
259 #include &lt;sys/stat.h>
260 #include &lt;sys/types.h>
261 #include &lt;unistd.h>
262
263 #ifdef TEST_SQLITE
264 /*
265 * Test sqlite open, as done by gcompris require the libsqlite3-dev
266 * package and linking with -lsqlite3. A more low level test is
267 * below.
268 * See also &lt;URL: http://www.sqlite.org./faq.html#q5 >.
269 */
270 #include &lt;sqlite3.h>
271 #define CREATE_TABLE_USERS \
272 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
273 int test_sqlite_open(void) {
274 char *zErrMsg;
275 char *name = "testsqlite.db";
276 sqlite3 *db=NULL;
277 unlink(name);
278 int rc = sqlite3_open(name, &db);
279 if( rc ){
280 printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
281 sqlite3_close(db);
282 return -1;
283 }
284
285 /* create tables */
286 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
287 if( rc != SQLITE_OK ){
288 printf("error: sqlite table create failed: %s\n", zErrMsg);
289 sqlite3_close(db);
290 return -1;
291 }
292 printf("info: sqlite worked\n");
293 sqlite3_close(db);
294 return 0;
295 }
296 #endif /* TEST_SQLITE */
297
298 /*
299 * Demonstrate locking issue found in gcompris using sqlite3. This
300 * work with ext3, but not with cifs server on Windows 2003. This is
301 * done in the sqlite3 library.
302 * See also
303 * &lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
304 * POSIX specification
305 * &lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
306 */
307 int test_gcompris_locking(void) {
308 struct flock fl;
309 char *name = "testsqlite.db";
310 unlink(name);
311 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
312 printf("info: testing fcntl locking\n");
313
314 fl.l_whence = SEEK_SET;
315 fl.l_pid = getpid();
316 printf(" Read-locking 1 byte from 1073741824");
317 fl.l_start = 1073741824;
318 fl.l_len = 1;
319 fl.l_type = F_RDLCK;
320 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
321
322 printf(" Read-locking 510 byte from 1073741826");
323 fl.l_start = 1073741826;
324 fl.l_len = 510;
325 fl.l_type = F_RDLCK;
326 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
327
328 printf(" Unlocking 1 byte from 1073741824");
329 fl.l_start = 1073741824;
330 fl.l_len = 1;
331 fl.l_type = F_UNLCK;
332 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
333
334 printf(" Write-locking 1 byte from 1073741824");
335 fl.l_start = 1073741824;
336 fl.l_len = 1;
337 fl.l_type = F_WRLCK;
338 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
339
340 printf(" Write-locking 510 byte from 1073741826");
341 fl.l_start = 1073741826;
342 fl.l_len = 510;
343 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
344
345 printf(" Unlocking 2 byte from 1073741824");
346 fl.l_start = 1073741824;
347 fl.l_len = 2;
348 fl.l_type = F_UNLCK;
349 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
350
351 close(fd);
352 return 0;
353 }
354
355 /*
356 * Test if permissions of freshly created directories allow entries
357 * below them. This was a problem with OpenOffice.org and gcompris.
358 * Mounting with option 'sync' seem to solve this problem while
359 * slowing down file operations.
360 */
361 int test_subdirectory_creation(void) {
362 #define LEVELS 5
363 char *path = strdup("test");
364 char *dirs[LEVELS];
365 int level;
366 printf("info: testing subdirectory creation\n");
367 for (level = 0; level &lt; LEVELS; level++) {
368 char *newpath = NULL;
369 if (-1 == mkdir(path, 0777)) {
370 printf(" error: Unable to create directory '%s': %s\n",
371 path, strerror(errno));
372 break;
373 }
374 asprintf(&newpath, "%s/%s", path, "test");
375 free(path);
376 path = newpath;
377 }
378 return 0;
379 }
380
381 /*
382 * Test if symlinks can be created. This was a problem detected with
383 * KDE.
384 */
385 int test_symlinks(void) {
386 printf("info: testing symlink creation\n");
387 unlink("symlink");
388 if (-1 == symlink("file", "symlink"))
389 printf(" error: Unable to create symlink\n");
390 return 0;
391 }
392
393 int main(int argc, char **argv) {
394 printf("Testing POSIX/Unix sematics on file system\n");
395 test_symlinks();
396 test_subdirectory_creation();
397 #ifdef TEST_SQLITE
398 test_sqlite_open();
399 #endif /* TEST_SQLITE */
400 test_gcompris_locking();
401 return 0;
402 }
403 </pre>
404
405 <p>When everything is working, it should print something like
406 this:</p>
407
408 <pre>
409 Testing POSIX/Unix sematics on file system
410 info: testing symlink creation
411 info: testing subdirectory creation
412 info: sqlite worked
413 info: testing fcntl locking
414 Read-locking 1 byte from 1073741824
415 Read-locking 510 byte from 1073741826
416 Unlocking 1 byte from 1073741824
417 Write-locking 1 byte from 1073741824
418 Write-locking 510 byte from 1073741826
419 Unlocking 2 byte from 1073741824
420 </pre>
421
422 <p>I do not remember the exact details of the problems we saw, but one
423 of them was with locking, where if I remember correctly, POSIX allow a
424 read-only lock to be upgraded to a read-write lock without unlocking
425 the read-only lock (while Windows do not). Another was a bug in the
426 CIFS/SMB client implementation in the Linux kernel where directory
427 meta information would be wrong for a fraction of a second, making
428 OpenOffice.org fail to create its deep directory tree because it was
429 not allowed to create files in its freshly created directory.</p>
430
431 <p>Anyway, here is a nice tool for your tool box, might you never need
432 it. :)</p>
433 </div>
434 <div class="tags">
435
436
437
438 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
439
440 </div>
441 </div>
442 <div class="padding"></div>
443
444 <div class="entry">
445 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html">Autodetecting Client setup for roaming workstations in Debian Edu</a></div>
446 <div class="date">2010-08-07 14:45</div>
447 <div class="body">
448 <p>A few days ago, I
449 <a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
450 to install</a> a Roaming workation profile from Debian Edu/Squeeze
451 while on the university network here at the University of Oslo, and
452 noticed how much had to change to get it operational using the
453 university infrastructure. It was fairly easy, but it occured to me
454 that Debian Edu would improve a lot if I could get the client to
455 connect without any changes at all, and thus let the client configure
456 itself during installation and first boot to use the infrastructure
457 around it. Now I am a huge step further along that road.</p>
458
459 <p>With our current squeeze-test packages, I can select the roaming
460 workstation profile and get a working laptop connecting to the
461 university LDAP server for user and group and our active directory
462 servers for Kerberos authentication. All this without any
463 configuration at all during installation. My users home directory got
464 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
465 In short, openldap and sssd is correctly configured. In addition to
466 this, the client look for http://wpad/wpad.dat to configure a web
467 proxy, and when it fail to find it no proxy settings are stored in
468 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
469 configured to look for the same wpad configuration and also do not use
470 a proxy when at the university network. If the machine is moved to a
471 network with such wpad setup, it would automatically use it when DHCP
472 gave it a IP address.</p>
473
474 <p>The LDAP server is located using DNS, by first looking for the DNS
475 entry ldap.$domain. If this do not exist, it look for the
476 _ldap._tcp.$domain SRV records and use the first one as the LDAP
477 server. Next, it connects to the LDAP server and search all
478 namingContexts entries for posixAccount or posixGroup objects, and
479 pick the first one as the LDAP base. For Kerberos, a similar
480 algorithm is used to locate the LDAP server, and the realm is the
481 uppercase version of $domain.</p>
482
483 <p>So, what is not working, you might ask. SMB mounting my home
484 directory do not work. No idea why, but suspected the incorrect
485 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
486 the cause. These are not properly configured during installation, and
487 had to be hand-edited to get the correct Kerberos realm and server,
488 but SMB mounting still do not work. :(</p>
489
490 <p>With this automatic configuration in place, I expect a Debian Edu
491 roaming profile installation would be able to automatically detect and
492 connect to any site using LDAP and Kerberos for NSS directory and PAM
493 authentication. It should also work out of the box in a Active
494 Directory environment providing posixAccount and posixGroup objects
495 with UID and GID values.</p>
496
497 <p>If you want to help out with implementing these things for Debian
498 Edu, please contact us on debian-edu@lists.debian.org.</p>
499 </div>
500 <div class="tags">
501
502
503
504 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
505
506 </div>
507 </div>
508 <div class="padding"></div>
509
510 <div class="entry">
511 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">Debian Edu roaming workstation - at the university of Oslo</a></div>
512 <div class="date">2010-08-03 23:30</div>
513 <div class="body">
514 <p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
515 similar to the laptop setup am I working on using Ubuntu for the
516 University of Oslo, and just for the heck of it, I tested today how
517 hard it would be to integrate that profile into the university
518 infrastructure. In this case, it is the university LDAP server,
519 Active Directory Kerberos server and SMB mounting from the Netapp file
520 servers.</p>
521
522 <p>I was pleasantly surprised that the only three files needed to be
523 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
524 /etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
525 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
526 Most of the changes were to get the client to use the university LDAP
527 for NSS and Kerberos server for PAM, but one was to change a hard
528 coded DNS domain name in the mklocaluser hook from .intern to
529 .uio.no.</p>
530
531 <p>This testing was so encouraging, that I went ahead and adjusted the
532 Debian Edu scripts and setup in subversion to centralise the roaming
533 workstation setup a bit more and avoid the hardcoded DNS domain name,
534 so that when I test this tomorrow, I expect to get away with modifying
535 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
536 university servers.</p>
537
538 <p>My goal is to get the clients to have no hardcoded settings and
539 fetch all their initial setup during installation and first boot, to
540 allow them to be inserted also into environments where the default
541 setup in Debian Edu has been changed or as with the university, where
542 the environment is different but provides the protocols Debian Edu
543 uses.</p>
544 </div>
545 <div class="tags">
546
547
548
549 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
550
551 </div>
552 </div>
553 <div class="padding"></div>
554
555 <div class="entry">
556 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a></div>
557 <div class="date">2010-07-27 23:50</div>
558 <div class="body">
559 <p>I discovered this while doing
560 <a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
561 testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
562 in Debian still got circular dependencies, and it is often claimed
563 that apt and aptitude should be able to handle this just fine, but
564 some times these dependency loops causes apt to fail.</p>
565
566 <p>An example is from todays
567 <a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
568 of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
569 causes perl-modules to fail to upgrade. The cause is simple. If a
570 package fail to unpack, then only part of packages with the circular
571 dependency might end up being unpacked when unpacking aborts, and the
572 ones already unpacked will fail to configure in the recovery phase
573 because its dependencies are unavailable.</p>
574
575 <p>In this log, the problem manifest itself with this error:</p>
576
577 <blockquote><pre>
578 dpkg: dependency problems prevent configuration of perl-modules:
579 perl-modules depends on perl (>= 5.10.1-1); however:
580 Version of perl on system is 5.10.0-19lenny2.
581 dpkg: error processing perl-modules (--configure):
582 dependency problems - leaving unconfigured
583 </pre></blockquote>
584
585 <p>The perl/perl-modules circular dependency is already
586 <a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
587 hopefully be solved as soon as possible, but it is not the only one,
588 and each one of these loops in the dependency tree can cause similar
589 failures. Of course, they only occur when there are bugs in other
590 packages causing the unpacking to fail, but it is rather nasty when
591 the failure of one package causes the problem to become worse because
592 of dependency loops.</p>
593
594 <p>Thanks to
595 <a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
596 tireless effort by Bill Allombert</a>, the number of circular
597 dependencies
598 <a href="http://debian.semistable.com/debgraph.out.html">left in Debian
599 is dropping</a>, and perhaps it will reach zero one day. :)</p>
600
601 <p>Todays testing also exposed a bug in
602 <a href="http://bugs.debian.org/590605">update-notifier</a> and
603 <a href="http://bugs.debian.org/590604">different behaviour</a> between
604 apt-get and aptitude, the latter possibly caused by some circular
605 dependency. Reported both to BTS to try to get someone to look at
606 it.</p>
607 </div>
608 <div class="tags">
609
610
611
612 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
613
614 </div>
615 </div>
616 <div class="padding"></div>
617
618 <div class="entry">
619 <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html">First Debian Edu test release (alpha0) based on Squeeze is released</a></div>
620 <div class="date">2010-07-27 17:45</div>
621 <div class="body">
622 <p>I just posted this announcement culminating several months of work
623 with the next Debian Edu release. Not nearly done, but one major step
624 completed.</p>
625
626 <blockquote>
627 <p>This is the first test release based on Squeeze. The focus of this
628 release is to test the user application selection. To have a look,
629 install the standalone profile and let the developers know if the set
630 of installed packages i.e. applications should be modified. If some
631 user application is missing, or if there are some applications that no
632 longer make sense to be included in Debian Edu, please let us know.
633 Also, if a useful application is missing the translation for your
634 language of choice, please let us know too.</p>
635
636 <p>In addition, feedback and help to polish the desktop (menus,
637 artwork, starters, etc.) is appreciated. We would like to ship a nice
638 and handy KDE4 desktop targeted for schools out of the box.</p>
639
640 <p>The other profiles should be installable, but there is a lot more
641 work left to be done before they are ready, so do not expect to
642 much.</p>
643
644 <p>Changes compared to the lenny based version</p>
645
646 <ul>
647 <li>Everything from Debian Squeeze
648 <ul>
649 <li>Desktop environment KDE 4.4 => the new KDE desktop in
650 combination with some new artwork
651 <li>Web browser Iceweasel 3.5
652 <li>OpenOffice.org 3.2
653 <li>Educational toolbox GCompris 9.3
654 <li>Music creator Rosegarden 10.04.2
655 <li>Image editor Gimp 2.6.10
656 <li>Virtual universe Celestia 1.6.0
657 <li>Virtual stargazer Stellarium 0.10.4
658 <li>3D modeler Blender 2.49.2 (new application)
659 <li>Video editor Kdenlive 0.7.7 (new application)
660 </ul></li>
661 <li>Now using Kerberos for password checking (migration not finished).
662 Enabled for:
663 <ul>
664 <li>PAM
665 <li>LDAP
666 <li>IMAP
667 <li>SMTP (sender verification)
668 </ul>
669 </li>
670 <li>New experimental roaming workstation profile for laptops.</li>
671 <li>Show welcome page to users when they first log in. The URL is
672 fetched from LDAP.</li>
673 <li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
674 <li>General cleanup (not finished)</li>
675 </ul>
676 <p>The following features are not working as they should</p>
677
678 <ul>
679 <li>No web based administration tool for creating users and groups. The
680 scripts ldap-createuser-krb and ldap-add-user-to-group can be used
681 for testing.</li>
682 <li>DVD installs are missing debian-installer images for the PXE boot,
683 and do not set up the PXE menu on eth0 because of this. LTSP
684 clients should still boot from eth1 on thin client servers.</li>
685 <li>The restructured KDE menu is not implemented.</li>
686 <li>The LDAP server setup need to be reviewed for security.</li>
687 <li>The LDAP directory structure need to be reworked.</li>
688 <li>Different sets of packages are installed when using the DVD and the
689 netinst CD. More packages are installed using the netinst CD.</li>
690 <li>The jackd package fail to install. This is believed to be caused by
691 some ongoing transition, and hopefully should be solved soon. The
692 jackd1 package can be installed manually for those that need it.</li>
693 <li>Some packages lack translations. See
694 http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
695 and help out with translations.</li>
696 </ul>
697
698 <p>To download this multiarch netinstall release you can use</p>
699
700 <ul>
701 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
702 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
703 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
704 </ul>
705 <p>To download this multiarch dvd release you can use</p>
706
707 <ul>
708 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
709 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
710 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
711 </ul>
712
713 <p>There is no source DVD available yet. It will be prepared when we
714 get closer to the final release.</p>
715
716 <p>The MD5SUM of these images are</p>
717
718 <ul>
719 <li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
720 <li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
721 </ul>
722
723 <p>The SHA1SUM of these images are</p>
724 <ul>
725 <li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
726 <li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
727 </ul>
728 <p>How to report bugs:
729 http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
730
731 <p>Please direct replies to debian-edu@lists.debian.org</p>
732 </blockquote>
733 </div>
734 <div class="tags">
735
736
737
738 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
739
740 </div>
741 </div>
742 <div class="padding"></div>
743
744 <div class="entry">
745 <div class="title"><a href="http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html">One step closer to single signon in Debian Edu</a></div>
746 <div class="date">2010-07-25 10:00</div>
747 <div class="body">
748 <p>The last few months me and the other Debian Edu developers have
749 been working hard to get the Debian/Squeeze based version of Debian
750 Edu/Skolelinux into shape. This future version will use Kerberos for
751 authentication, and services are slowly migrated to single signon,
752 getting rid of password questions one at the time.</p>
753
754 <p>It will also feature a roaming workstation profile with local home
755 directory, for laptops that are only some times on the Skolelinux
756 network, and for this profile a shortcut is created in Gnome and KDE
757 to gain access to the users home directory on the file server. This
758 shortcut uses SMB at the moment, and yesterday I had time to test if
759 SMB mounting had started working in KDE after we added the cifs-utils
760 package. I was pleasantly surprised how well it worked.</p>
761
762 <p>Thanks to the recent changes to our samba configuration to get it
763 to use Kerberos for authentication, there were no question about user
764 password when mounting the SMB volume. A simple click on the shortcut
765 in the KDE menu, and a window with the home directory popped
766 up. :)</p>
767
768 <p>One step closer to a single signon solution out of the box in
769 Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
770 also Samba. Next step is Cups and hopefully also NFS.</p>
771
772 <p>We had planned a alpha0 release of Debian Edu for today, but thanks
773 to the autobuilder administrators for some architectures being slow to
774 sign packages, we are still missing the fixed LTSP package we need for
775 the release. It was uploaded three days ago with urgency=high, and if
776 it had entered testing yesterday we would have been able to test it in
777 time for a alpha0 release today. As the binaries for ia64 and powerpc
778 still not uploaded to the Debian archive, we need to delay the alpha
779 release another day.</p>
780
781 <p>If you want to help out with implementing Kerberos for Debian Edu,
782 please contact us on debian-edu@lists.debian.org.</p>
783 </div>
784 <div class="tags">
785
786
787
788 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
789
790 </div>
791 </div>
792 <div class="padding"></div>
793
794 <div class="entry">
795 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html">Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</a></div>
796 <div class="date">2010-07-22 23:50</div>
797 <div class="body">
798 <p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
799 musikkbransjen var godt i gang med å selge platene sine med DRM som
800 gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
801 hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
802 plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
803 anseelig samling med plater, så jeg bestemme meg for å slutte å gi
804 penger til en bransje som åpenbart ikke respekterte meg.</p>
805
806 <p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
807 lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
808 ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
809 musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
810 fornøyd.</p>
811
812 <p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
813 setter pris på meg som kunde, og ikke skremme meg bort med DRM og
814 antydninger om at kundene er kriminelle.</p>
815
816 <p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
817 filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
818 holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
819 Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
820 «Ultraviolet» som be annonsert her om dagen.</p>
821 </div>
822 <div class="tags">
823
824
825
826 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
827
828 </div>
829 </div>
830 <div class="padding"></div>
831
832 <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14"></a></p>
833
834 <div id="sidebar">
835
836
837
838
839
840 <h2>Archive</h2>
841 <ul>
842
843 <li>2010
844 <ul>
845
846 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
847
848 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
849
850 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
851
852 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
853
854 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
855
856 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
857
858 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
859
860 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (6)</a></li>
861
862 </ul></li>
863
864 <li>2009
865 <ul>
866
867 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
868
869 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
870
871 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
872
873 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
874
875 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
876
877 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
878
879 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
880
881 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
882
883 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
884
885 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
886
887 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
888
889 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
890
891 </ul></li>
892
893 <li>2008
894 <ul>
895
896 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
897
898 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
899
900 </ul></li>
901
902 </ul>
903
904
905
906 <h2>Tags</h2>
907 <ul>
908
909 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
910
911 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
912
913 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
914
915 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
916
917 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>
918
919 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (40)</a></li>
920
921 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (56)</a></li>
922
923 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
924
925 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
926
927 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
928
929 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
930
931 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (2)</a></li>
932
933 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
934
935 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
936
937 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (72)</a></li>
938
939 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (94)</a></li>
940
941 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
942
943 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (15)</a></li>
944
945 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
946
947 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
948
949 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (11)</a></li>
950
951 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
952
953 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
954
955 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
956
957 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
958
959 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
960
961 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
962
963 </ul>
964
965 </div>
966
967 <p style="text-align: right">
968 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
969 </p>
970 </body>
971 </html>