1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>KDM fail at boot with NVidia cards - and no one try to fix it?
</title>
11 <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</guid>
13 <pubDate>Tue,
1 Jun
2010 17:
05:
00 +
0200</pubDate>
15 <p
>It is strange to watch how a bug in Debian causing KDM to fail to
16 start at boot when an NVidia video card is used. The problem seem to
17 be that the nvidia X.org driver uses a long time to initialize, and
18 this duration is longer than kdm is configured to wait.
</p
>
20 <p
>I came across two bugs related to this issue,
21 <a href=
"http://bugs.debian.org/
583312">#
583312</a
> initially filed
22 against initscripts and passed on to nvidia-glx when it became obvious
23 that the nvidia drivers were involved, and
24 <a href=
"http://bugs.debian.org/
524751">#
524751</a
> initially filed against
25 kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.
</p
>
27 <p
>To me, it seem that no-one is interested in actually solving the
28 problem nvidia video card owners experience and make sure the Debian
29 distribution work out of the box for these users. The nvidia driver
30 maintainers expect kdm to be set up to wait longer, while kdm expect
31 the nvidia driver maintainers to fix the driver start faster, and
32 while they wait for each other I guess the users end up switching to a
33 distribution that work for them. I have no idea what the solution is,
34 but I am pretty sure that waiting for each other is not it.
</p
>
36 <p
>I wonder why we end up handling bugs this way.
</p
>
41 <title>Parallellized boot seem to hold up well in Debian/testing
</title>
42 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</link>
43 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</guid>
44 <pubDate>Thu,
27 May
2010 23:
55:
00 +
0200</pubDate>
46 <p
>A few days ago, parallel booting was enabled in Debian/testing.
47 The feature seem to hold up pretty well, but three fairly serious
48 issues are known and should be solved:
52 <li
>The wicd package seen to
53 <a href=
"http://bugs.debian.org/
508289">break NFS mounting
</a
> and
54 <a href=
"http://bugs.debian.org/
581586">network setup
</a
> when
55 parallel booting is enabled. No idea why, but the wicd maintainer
56 seem to be on the case.
</li
>
58 <li
>The nvidia X driver seem to
59 <a href=
"http://bugs.debian.org/
583312">have a race condition
</a
>
60 triggered more easily when parallel booting is in effect. The
61 maintainer is on the case.
</li
>
63 <li
>The sysv-rc package fail to properly enable dependency based boot
64 sequencing (the shutdown is broken) when old file-rc users
65 <a href=
"http://bugs.debian.org/
575080">try to switch back
</a
> to
66 sysv-rc. One way to solve it would be for file-rc to create
67 /etc/init.d/.legacy-bootordering, and another is to try to make
68 sysv-rc more robust. Will investigate some more and probably upload a
69 workaround in sysv-rc to help those trying to move from file-rc to
70 sysv-rc get a working shutdown.
</li
>
74 <p
>All in all not many surprising issues, and all of them seem
75 solvable before Squeeze is released. In addition to these there are
76 some packages with bugs in their dependencies and run level settings,
77 which I expect will be fixed in a reasonable time span.
</p
>
79 <p
>If you report any problems with dependencies in init.d scripts to
80 the BTS, please usertag the report to get it to show up at
81 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
82 list of usertagged bugs related to this
</a
>.
</p
>
84 <p
>Update: Correct bug number to file-rc issue.
</p
>
89 <title>More flexible firmware handling in debian-installer
</title>
90 <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</link>
91 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</guid>
92 <pubDate>Sat,
22 May
2010 21:
30:
00 +
0200</pubDate>
94 <p
>After a long break from debian-installer development, I finally
95 found time today to return to the project. Having to spend less time
96 working dependency based boot in debian, as it is almost complete now,
97 definitely helped freeing some time.
</p
>
99 <p
>A while back, I ran into a problem while working on Debian Edu. We
100 include some firmware packages on the Debian Edu CDs, those needed to
101 get disk and network controllers working. Without having these
102 firmware packages available during installation, it is impossible to
103 install Debian Edu on the given machine, and because our target group
104 are non-technical people, asking them to provide firmware packages on
105 an external medium is a support pain. Initially, I expected it to be
106 enough to include the firmware packages on the CD to get
107 debian-installer to find and use them. This proved to be wrong.
108 Next, I hoped it was enough to symlink the relevant firmware packages
109 to some useful location on the CD (tried /cdrom/ and
110 /cdrom/firmware/). This also proved to not work, and at this point I
111 found time to look at the debian-installer code to figure out what was
112 going to work.
</p
>
114 <p
>The firmware loading code is in the hw-detect package, and a closer
115 look revealed that it would only look for firmware packages outside
116 the installation media, so the CD was never checked for firmware
117 packages. It would only check USB sticks, floppies and other
118 "external
" media devices. Today I changed it to also look in the
119 /cdrom/firmware/ directory on the mounted CD or DVD, which should
120 solve the problem I ran into with Debian edu. I also changed it to
121 look in /firmware/, to make sure the installer also find firmware
122 provided in the initrd when booting the installer via PXE, to allow us
123 to provide the same feature in the PXE setup included in Debian
126 <p
>To make sure firmware deb packages with a license questions are not
127 activated without asking if the license is accepted, I extended
128 hw-detect to look for preinst scripts in the firmware packages, and
129 run these before activating the firmware during installation. The
130 license question is asked using debconf in the preinst, so this should
131 solve the issue for the firmware packages I have looked at so far.
</p
>
133 <p
>If you want to discuss the details of these features, please
134 contact us on debian-boot@lists.debian.org.
</p
>
139 <title>Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten
</title>
140 <link>http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
</link>
141 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html
</guid>
142 <pubDate>Fri,
21 May
2010 16:
00:
00 +
0200</pubDate>
144 <p
>For en stund tilbake kjøpte jeg en magnetkortleser for å kunne
145 titte på hva som er skrevet inn på magnetstripene til ulike kort. Har
146 ikke hatt tid til å analysere mange kort så langt, men tenkte jeg
147 skulle dele innholdet på to kort med mine lesere.
</p
>
149 <p
>For noen dager siden tok jeg flyet til Harstad og Hurtigruten til
150 Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med
151 magnetstripe. Påtrykket finner jeg følgende informasjon:
</p
>
154 Flytoget Airport Express Train
156 Fra - Til : Oslo Sentralstasjon
159 Herav mva.
8,
00% : NOK
12,
59
161 Til - Fra : Oslo Lufthavn
163 Gyldig Fra-Til :
08.05.10-
07.11.10
164 Billetttype : Enkeltbillett
166 102-
1015-
100508-
48382-
01-
08
169 <p
>På selve magnetstripen er innholdet
170 <tt
>;E?+
900120011=
23250996541068112619257138248441708433322932704083389389062603279671261502492655?
</tt
>.
171 Aner ikke hva innholdet representerer, og det er lite overlapp mellom
172 det jeg ser trykket på billetten og det jeg ser av tegn i
173 magnetstripen. Håper det betyr at de bruker kryptografiske metoder
174 for å gjøre det vanskelig å forfalske billetter.
</p
>
176 <p
>Den andre billetten er fra Hurtigruten, der jeg mistenker at
177 strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
178 fall den biten vi stakk inn i dørlåsen).
</p
>
180 <p
>Påtrykket forsiden er følgende:
</p
>
188 Bookingno: SAX69
0742193
190 Dep:
09.05.2010 Arr:
12.05.2010
195 <p
>På selve magnetstripen er innholdet
196 <tt
>;
1316010007421930=
00000000000000000000?+E?
</tt
>. Heller ikke her
197 ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
</p
>
202 <title>Pieces of the roaming laptop puzzle in Debian
</title>
203 <link>http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</link>
204 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html
</guid>
205 <pubDate>Wed,
19 May
2010 19:
00:
00 +
0200</pubDate>
207 <p
>Today, the last piece of the puzzle for roaming laptops in Debian
208 Edu finally entered the Debian archive. Today, the new
209 <a href=
"http://packages.qa.debian.org/libp/libpam-mklocaluser.html
">libpam-mklocaluser
</a
>
210 package was accepted. Two days ago, two other pieces was accepted
212 <a href=
"http://packages.qa.debian.org/p/pam-python.html
">pam-python
</a
>
213 package needed by libpam-mklocaluser, and the
214 <a href=
"http://packages.qa.debian.org/s/sssd.html
">sssd
</a
> package
215 passed NEW on Monday. In addition, the
216 <a href=
"http://packages.qa.debian.org/libp/libpam-ccreds.html
">libpam-ccreds
</a
>
217 package we need is in experimental (version
10-
4) since Saturday, and
218 hopefully will be moved to unstable soon.
</p
>
220 <p
>This collection of packages allow for two different setups for
221 roaming laptops. The traditional setup would be using libpam-ccreds,
222 nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
223 which should work out of the box if the configuration changes proposed
224 for nscd in
<a href=
"http://bugs.debian.org/
485282">BTS report
225 #
485282</a
> is implemented. The alternative setup is to use sssd with
226 libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
227 care of the caching of passwords and group information.
</p
>
229 <p
>I have so far been unable to get sssd to work with the LDAP server
230 at the University, but suspect the issue is some SSL/GnuTLS related
231 problem with the server certificate. I plan to update the Debian
232 package to version
1.2, which is scheduled for next week, and hope to
233 find time to make sure the next release will include both the
234 Debian/Ubuntu specific patches. Upstream is friendly and responsive,
235 and I am sure we will find a good solution.
</p
>
237 <p
>The idea is to set up the roaming laptops to authenticate using
238 LDAP or Kerberos and create a local user with home directory in /home/
239 when a usre in LDAP logs in via KDM or GDM for the first time, and
240 cache the password for offline checking, as well as caching group
241 memberhips and other relevant LDAP information. The
242 libpam-mklocaluser package was created to make sure the local home
243 directory is in /home/, instead of /site/server/directory/ which would
244 be the home directory if pam_mkhomedir was used. To avoid confusion
245 with support requests and configuration, we do not want local laptops
246 to have users in a path that is used for the same users home directory
247 on the home directory servers.
</p
>
249 <p
>One annoying problem with gdm is that it do not show the PAM
250 message passed to the user from libpam-mklocaluser when the local user
251 is created. Instead gdm simply reject the login with some generic
252 message. The message is shown in kdm, ssh and login, so I guess it is
253 a bug in gdm. Have not investigated if there is some other message
254 type that can be used instead to get gdm to also show the message.
</p
>
256 <p
>If you want to help out with implementing this for Debian Edu,
257 please contact us on debian-edu@lists.debian.org.
</p
>
262 <title>Parallellized boot is now the default in Debian/unstable
</title>
263 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
264 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
265 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
267 <p
>Since this evening, parallel booting is the default in
268 Debian/unstable for machines using dependency based boot sequencing.
269 Apparently the testing of concurrent booting has been wider than
270 expected, if I am to believe the
271 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
272 on debian-devel@
</a
>, and I concluded a few days ago to move forward
273 with the feature this weekend, to give us some time to detect any
274 remaining problems before Squeeze is frozen. If serious problems are
275 detected, it is simple to change the default back to sequential boot.
276 The upload of the new sysvinit package also activate a new upstream
279 More information about
280 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
281 based boot sequencing
</a
> is available from the Debian wiki. It is
282 currently possible to disable parallel booting when one run into
283 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
285 <blockquote
><pre
>
287 </pre
></blockquote
>
289 <p
>If you report any problems with dependencies in init.d scripts to
290 the BTS, please usertag the report to get it to show up at
291 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
292 list of usertagged bugs related to this
</a
>.
</p
>
297 <title>Sitesummary tip: Listing MAC address of all clients
</title>
298 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
299 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
300 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
302 <p
>In the recent Debian Edu versions, the
303 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
304 system
</a
> is used to keep track of the machines in the school
305 network. Each machine will automatically report its status to the
306 central server after boot and once per night. The network setup is
307 also reported, and using this information it is possible to get the
308 MAC address of all network interfaces in the machines. This is useful
309 to update the DHCP configuration.
</p
>
311 <p
>To give some idea how to use sitesummary, here is a one-liner to
312 ist all MAC addresses of all machines reporting to sitesummary. Run
313 this on the collector host:
</p
>
315 <blockquote
><pre
>
316 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
317 </pre
></blockquote
>
319 <p
>This will list all MAC addresses assosiated with all machine, one
320 line per machine and with space between the MAC addresses.
</p
>
322 <p
>To allow system administrators easier job at adding static DHCP
323 addresses for hosts, it would be possible to extend this to fetch
324 machine information from sitesummary and update the DHCP and DNS
325 tables in LDAP using this information. Such tool is unfortunately not
326 written yet.
</p
>
331 <title>systemd, an interesting alternative to upstart
</title>
332 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
333 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
334 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
336 <p
>The last few days a new boot system called
337 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
339 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
341 to the free software world. I have not yet had time to play around
342 with it, but it seem to be a very interesting alternative to
343 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
344 a good alternative for Debian when we are able to switch to an event
345 based boot system. Tollef is
346 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
347 systemd into Debian, and I look forward to seeing how well it work. I
348 like the fact that systemd handles init.d scripts with dependency
349 information natively, allowing them to run in parallel where upstart
350 at the moment do not.
</p
>
352 <p
>Unfortunately do systemd have the same problem as upstart regarding
353 platform support. It only work on recent Linux kernels, and also need
354 some new kernel features enabled to function properly. This means
355 kFreeBSD and Hurd ports of Debian will need a port or a different boot
356 system. Not sure how that will be handled if systemd proves to be the
357 way forward.
</p
>
359 <p
>In the mean time, based on the
360 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
361 on debian-devel@
</a
> regarding parallel booting in Debian, I have
362 decided to enable full parallel booting as the default in Debian as
363 soon as possible (probably this weekend or early next week), to see if
364 there are any remaining serious bugs in the init.d dependencies. A
365 new version of the sysvinit package implementing this change is
366 already in experimental. If all go well, Squeeze will be released
367 with parallel booting enabled by default.
</p
>
372 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
373 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
374 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
375 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
377 <p
>These days, the init.d script dependencies in Squeeze are quite
378 complete, so complete that it is actually possible to run all the
379 init.d scripts in parallell based on these dependencies. If you want
380 to test your Squeeze system, make sure
381 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
382 based boot sequencing
</a
> is enabled, and add this line to
383 /etc/default/rcS:
</p
>
385 <blockquote
><pre
>
387 </pre
></blockquote
>
389 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
390 scripts in parallel using the dependency information stored in
391 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
392 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
393 to try to start the kdm and gdm scripts as early as possible, and will
394 start the facilities required by kdm or gdm as early as possible to
395 make this happen.
</p
>
397 <p
>Give it a try, and see if you like the result. If some services
398 fail to start properly, it is most likely because they have incomplete
399 init.d script dependencies in their startup script (or some of their
400 dependent scripts have incomplete dependencies). Report bugs and get
401 the package maintainers to fix it. :)
</p
>
403 <p
>Running scripts in parallel could be the default in Debian when we
404 manage to get the init.d script dependencies complete and correct. I
405 expect we will get there in Squeeze+
1, if we get manage to test and
406 fix the remaining issues.
</p
>
408 <p
>If you report any problems with dependencies in init.d scripts to
409 the BTS, please usertag the report to get it to show up at
410 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
411 list of usertagged bugs related to this
</a
>.
</p
>
416 <title>Forcing new users to change their password on first login
</title>
417 <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</link>
418 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html
</guid>
419 <pubDate>Sun,
2 May
2010 13:
47:
00 +
0200</pubDate>
421 <p
>One interesting feature in Active Directory, is the ability to
422 create a new user with an expired password, and thus force the user to
423 change the password on the first login attempt.
</p
>
425 <p
>I
'm not quite sure how to do that with the LDAP setup in Debian
426 Edu, but did some initial testing with a local account. The account
427 and password aging information is available in /etc/shadow, but
428 unfortunately, it is not possible to specify an expiration time for
429 passwords, only a maximum age for passwords.
</p
>
431 <p
>A freshly created account (using adduser test) will have these
432 settings in /etc/shadow:
</p
>
434 <blockquote
><pre
>
435 root@tjener:~# chage -l test
436 Last password change : May
02,
2010
437 Password expires : never
438 Password inactive : never
439 Account expires : never
440 Minimum number of days between password change :
0
441 Maximum number of days between password change :
99999
442 Number of days of warning before password expires :
7
444 </pre
></blockquote
>
446 <p
>The only way I could come up with to create a user with an expired
447 account, is to change the date of the last password change to the
448 lowest value possible (January
1th
1970), and the maximum password age
449 to the difference in days between that date and today. To make it
450 simple, I went for
30 years (
30 *
365 =
10950) and January
2th (to
451 avoid testing if
0 is a valid value).
</p
>
453 <p
>After using these commands to set it up, it seem to work as
456 <blockquote
><pre
>
457 root@tjener:~# chage -d
1 test; chage -M
10950 test
458 root@tjener:~# chage -l test
459 Last password change : Jan
02,
1970
460 Password expires : never
461 Password inactive : never
462 Account expires : never
463 Minimum number of days between password change :
0
464 Maximum number of days between password change :
10950
465 Number of days of warning before password expires :
7
467 </pre
></blockquote
>
469 <p
>So far I have tested this with ssh and console, and kdm (in
470 Squeeze) login, and all ask for a new password before login in the
471 user (with ssh, I was thrown out and had to log in again).
</p
>
473 <p
>Perhaps we should set up something similar for Debian Edu, to make
474 sure only the user itself have the account password?
</p
>
476 <p
>If you want to comment on or help out with implementing this for
477 Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
479 <p
>Update
2010-
05-
02 17:
20: Paul Tötterman tells me on IRC that the
480 shadow(
8) page in Debian/testing now state that setting the date of
481 last password change to zero (
0) will force the password to be changed
482 on the first login. This was not mentioned in the manual in Lenny, so
483 I did not notice this in my initial testing. I have tested it on
484 Squeeze, and
'<tt
>chage -d
0 username
</tt
>' do work there. I have not
485 tested it on Lenny yet.
</p
>
487 <p
>Update
2010-
05-
02-
19:
05: Jim Paris tells me via email that an
488 equivalent command to expire a password is
'<tt
>passwd -e
489 username
</tt
>', which insert zero into the date of the last password
projects / homepage.git / blob