1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/' xmlns:
atom=
"http://www.w3.org/2005/Atom">
4 <title>Petter Reinholdtsen
</title>
5 <description></description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
7 <atom:link href=
"http://people.skolelinux.org/pere/blog/index.rss" rel=
"self" type=
"application/rss+xml" />
10 <title>Broken umask handling with sshfs
</title>
11 <link>http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html
</guid>
13 <pubDate>Thu,
26 Aug
2010 13:
30:
00 +
0200</pubDate>
15 <p
>My file system sematics program
16 <a href=
"http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
">presented
17 a few days ago
</a
> is very useful to verify that a file system can
18 work as a unix home directory,and today I had to extend it a bit. I
'm
19 looking into alternatives for home directory access here at the
20 University of Oslo, and one of the options is sshfs. My friend
21 Finn-Arne mentioned a while back that they had used sshfs with Debian
22 Edu, but stopped because of problems. I asked today what the problems
23 where, and he mentioned that sshfs failed to handle umask properly.
24 Trying to detect the problem I wrote this addition to my fs testing
28 mode_t touch_get_mode(const char *name, mode_t mode) {
30 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
34 if (-
1 != fstat(fd,
&statbuf)) {
35 retval = statbuf.st_mode
& 0x1ff;
42 /* Try to detect problem discovered using sshfs */
43 int test_umask(void) {
44 printf(
"info: testing umask effect on file creation\n
");
46 mode_t orig_umask = umask(
000);
48 if (
0666 != (newmode = touch_get_mode(
"foobar
",
0666))) {
49 printf(
" error: Wrong file mode %o when creating using mode
666 and umask
000\n
",
53 if (
0660 != (newmode = touch_get_mode(
"foobar
",
0666))) {
54 printf(
" error: Wrong file mode %o when creating using mode
666 and umask
007\n
",
62 int main(int argc, char **argv) {
69 <p
>Sure enough. On NFS to a netapp, I get this result:
</p
>
72 Testing POSIX/Unix sematics on file system
73 info: testing symlink creation
74 info: testing subdirectory creation
75 info: testing fcntl locking
76 Read-locking
1 byte from
1073741824
77 Read-locking
510 byte from
1073741826
78 Unlocking
1 byte from
1073741824
79 Write-locking
1 byte from
1073741824
80 Write-locking
510 byte from
1073741826
81 Unlocking
2 byte from
1073741824
82 info: testing umask effect on file creation
85 <p
>When mounting the same directory using sshfs, I get this
89 Testing POSIX/Unix sematics on file system
90 info: testing symlink creation
91 info: testing subdirectory creation
92 info: testing fcntl locking
93 Read-locking
1 byte from
1073741824
94 Read-locking
510 byte from
1073741826
95 Unlocking
1 byte from
1073741824
96 Write-locking
1 byte from
1073741824
97 Write-locking
510 byte from
1073741826
98 Unlocking
2 byte from
1073741824
99 info: testing umask effect on file creation
100 error: Wrong file mode
644 when creating using mode
666 and umask
000
101 error: Wrong file mode
640 when creating using mode
666 and umask
007
104 <p
>So, I can conclude that sshfs is better than smb to a Netapp or a
105 Windows server, but not good enough to be used as a home
111 <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge
</title>
112 <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</link>
113 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html
</guid>
114 <pubDate>Mon,
23 Aug
2010 19:
30:
00 +
0200</pubDate>
116 <p
>I Norge pågår en prosess for å
117 <a href=
"http://www.e-valg.dep.no/
">innføre elektronisk
118 stemmegiving
</a
> ved kommune- og stortingsvalg. Dette skal
119 introduseres i
2011. Det er all grunn til å tro at valg i Norge ikke
120 vil være til å stole på hvis dette blir gjennomført. Da det hele var
121 oppe til høring i
2006 forfattet jeg
122 <a href=
"http://www.nuug.no/dokumenter/valg-horing-
2006-
09.pdf
">en
123 høringsuttalelse fra NUUG
</a
> (og EFN som hengte seg på) som skisserte
124 hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
125 og elektronisk stemmegiving mangler flere av disse. Elektronisk
126 stemmegiving er for alle praktiske formål å putte ens stemme i en sort
127 boks under andres kontroll, og satse på at de som har kontroll med
128 boksen er til å stole på - uten at en har mulighet til å verifisere
129 dette selv. Det er ikke slik en gjennomfører demokratiske valg.
</p
>
131 <p
>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
132 må fungere for at også ikke-krypografer skal kunne delta, har det vært
133 mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
135 <a href=
"http://wiki.nuug.no/uttalelser/
2006-elektronisk-stemmegiving
">liten
136 samling referanser
</a
> finnes på NUUGs wiki. Den siste er fra India,
137 der valgkomisjonen har valgt
138 <a href=
"http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source
">å
139 pusse politiet på en forsker
</a
> som har dokumentert svakheter i
140 valgsystemet.
</p
>
142 <p
>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
143 med teknobabbel for å få befolkningen til å tro at dette skal bli
144 sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
145 valgene i Norge, og bør ikke innføres.
</p
>
147 <p
>Den offentlige diskusjonen blir litt vanskelig av at media har
148 valgt å kalle dette
"evalg
", som kan sies å både gjelde elektronisk
149 opptelling av valget som Norge har gjort siden
60-tallet og som er en
150 svært god ide, og elektronisk opptelling som er en svært dårlig ide.
151 Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
152 mot
"evalg
", og jeg forsøker derfor å være klar på at jeg snakker om
153 elektronisk stemmegiving og unngå begrepet
"evalg
".
</p
>
158 <title>Robot, reis deg...
</title>
159 <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</link>
160 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html
</guid>
161 <pubDate>Sat,
21 Aug
2010 22:
10:
00 +
0200</pubDate>
163 <p
>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
164 har brukt noen timer til å google etter interessante referanser og
165 aktuell kildekode for bruk på Linux. Det mest lovende så langt er
166 <a href=
"http://ispykee.toyz.org/
">ispykee
</a
>, som har en
167 BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
168 lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
169 å fjernstyre roboten. Linux-daemonen implementerer deler av
170 protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
171 kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
172 måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
173 den lytter på IP-port
9000 og
9001, gikk jeg i gang med å finne ut
174 hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
175 av protokollen er publisert av produsenten med GPL-lisens, slik at det
176 er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
177 for Android som så ganske snasen ut, men fant ingen kildekode for
178 denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
179 utgangspunkt i den.
</p
>
181 <p
>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
182 tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
183 til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
184 som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
185 (act, forward, right, left, etc). Det involverte i praksis å bytte ut
186 socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
187 klienten om til en tjener.
</p
>
189 <p
>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
190 skrudd sammen resten av roboten for å få montert kamera og plastpynten
191 (armer, plastfiber for lys). Nå er det hele montert, og roboten er
192 klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
193 før det blir praktisk, men de bitene av protokollen er ikke
194 implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
195 eller en windows-maskin, eller implementere det selv.
</p
>
197 <p
>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
198 samle notater og referanser på
<a
199 href=
"http://wiki.nuug.no/grupper/robot/
">NUUGs wiki
</a
>. Ta en titt
200 der hvis du er nysgjerrig.
</p
>
205 <title>2 Spykee-roboter i hus, nå skal det lekes
</title>
206 <link>http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</link>
207 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/
2_Spykee_roboter_i_hus__n___skal_det_lekes.html
</guid>
208 <pubDate>Wed,
18 Aug
2010 13:
30:
00 +
0200</pubDate>
210 <p
>Jeg kjøpte nettopp to
211 <a href=
"http://www.spykee-robot.com/
">Spykee
</a
>-roboter, for test og
212 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
213 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
214 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
215 en liten stabel på lager som de ikke hadde klart å selge ut etter
216 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
217 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
218 det blir morsomt å se hva vi får ut av dette.
</p
>
220 <p
>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
221 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
222 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
223 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
224 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
225 firmwaren. :)
</p
>
228 <li
><a href=
"http://en.wikipedia.org/wiki/Spykee
">Wikipedia-oppføring
</a
></li
>
229 <li
><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html
">Nedlasting av firmware-kilden
</a
></li
>
230 <li
><a href=
"http://wiki.nuug.no/grupper/robot
">prosjektwiki hos NUUG
</a
></li
>
236 <title>Rob Weir: How to Crush Dissent
</title>
237 <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</link>
238 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html
</guid>
239 <pubDate>Sun,
15 Aug
2010 22:
20:
00 +
0200</pubDate>
241 <p
>I found the notes from Rob Weir on
242 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/VGb23-kta8c/how-to-crush-dissent.html
">how
243 to crush dissent
</a
> matching my own thoughts on the matter quite
244 well. Highly recommended for those wondering which road our society
245 should go down. In my view we have been heading the wrong way for a
251 <title>No hardcoded config on Debian Edu clients
</title>
252 <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</link>
253 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html
</guid>
254 <pubDate>Mon,
9 Aug
2010 20:
15:
00 +
0200</pubDate>
256 <p
>As reported earlier, the last few days I have looked at how Debian
257 Edu clients are configured, and tried to get rid of all hardcoded
258 configuration settings on the clients. I believe the work to be
259 mostly done, and the clients seem to work just fine with dynamically
260 generated configuration.
</p
>
262 <p
>What is the point, you might ask? The point is to allow a Debian
263 Edu desktop to integrate into an existing network infrastructure
264 without any manual configuration.
</p
>
266 <p
>This is what happens when installing a Debian Edu client here at
267 the University of Oslo using PXE. With the PXE installation, I am
268 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
269 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
270 accept to reformat the hard drive (yes), if I want to submit info to
271 popcon.debian.org (no) and root password (secret). After answering
272 these questions, the installer goes ahead and does its thing, and
273 after around
50 minutes it is done. I press enter to finish the
274 installation, and the machine reboots into KDE. When the machine is
275 ready and kdm asks for login information, I enter my university
276 username and password, am told by kdm that a local home directory has
277 been created and that I must log in again, and finally log in with the
278 same username and password to the KDE
4.4 desktop. At no point during
279 this process did it ask for university specific settings, and all the
280 required configuration was dynamically detected using information
281 fetched via DHCP and DNS. The roaming workstation is now ready for
284 <p
>How was this done, you might wonder? First of all, here is the
285 list of things that need to be configured on the client to get it
286 working properly out of the box:
</p
>
289 <li
>IP address/netmask and DNS server.
</li
>
290 <li
>Web proxy URL.
</li
>
291 <li
>LDAP server for NSS directory information (user, group, etc).
</li
>
292 <li
>Kerberos server for PAM password checking.
</li
>
293 <li
>SMB mount point to access the network home directory. (*)
</li
>
294 <li
>Central syslog server to send syslog messages to. (*)
</li
>
295 <li
>Sitesummary collector URL to submit info to central server. (*)
</li
>
298 <p
>(Hm, did I forget anything? Let me knew if I did.)
</p
>
300 <p
>The points marked (*) are not required to be able to use the
301 machine, but needed to provide central storage and allowing system
302 administrators to track their machines. Since yesterday, everything
303 but the sitesummary collector URL is dynamically discovered at boot
304 and installation time in the svn version of Debian Edu.
</p
>
306 <p
>The IP and DNS setup is fetched during boot using DHCP as usual.
307 When a DHCP update arrives, the proxy setup is updated by looking for
308 http://wpat/wpad.dat and using the content of this WPAD file to
309 configure the http and ftp proxy in /etc/environment and
310 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
311 hook to ensure that the client stops using the Debian Edu proxy when
312 it is moved outside the Debian Edu network, and instead uses any local
313 proxy present on the new network when it moves around.
</p
>
315 <p
>The DNS names of the LDAP, Kerberos and syslog server and related
316 configuration are generated using DNS information at boot. First the
317 installer looks for a host named ldap in the current DNS domain. If
318 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
319 LDAP server is found, its root DSE entry is requested and the
320 attributes namingContexts and defaultNamingContext are used to
321 determine which LDAP base to use for NSS. If there are several
322 namingContexts attibutes and the defaultNamingContext is present, that
323 LDAP subtree is used as the base. If defaultNamingContext is missing,
324 the subtrees listed as namingContexts are searched in sequence for any
325 object with class posixAccount or posixGroup, and the first one with
326 such an object is used as the LDAP base. For Kerberos, a similar
327 search is done by first looking for a host named kerberos, and then
328 for the _kerberos._tcp SRV record. I
've been unable to find a way to
329 look up the Kerberos realm, so for this the upper case string of the
330 current DNS domain is used.
</p
>
332 <p
>For the syslog server, the hosts syslog and loghost are searched
333 for, and the _syslog._udp SRV record is consulted if no such host is
334 found. This algorithm works for both Debian Edu and the University of
335 Oslo. A similar strategy would work for locating the sitesummary
336 server, but have not been implemented yet. I decided to fetch and
337 save these settings during installation, to make sure moving to a
338 different network does not change the set of users being allowed to
339 log in nor the passwords required to log in. Usernames and passwords
340 will be cached by sssd when the user logs in on the Debian Edu
341 network, and will not change as the laptop move around. For a
342 non-roaming machine, there is no caching, but given that it is
343 supposed to stay in place it should not matter much. Perhaps we
344 should switch those to use sssd too?
</p
>
346 <p
>The user
's SMB mount point for the network home directory is
347 located when the user logs in for the first time. The LDAP server is
348 consulted to look for the user
's LDAP object and the sambaHomePath
349 attribute is used if found. If it isn
't found, the home directory
350 path fetched from NSS is used instead. Assuming the path is of the
351 form /site/server/directory/username, the second part is looked up in
352 DNS and used to generate a SMB URL of the form
353 smb://server.domain/username. This algorithm works for both Debian
354 edu and the University of Oslo. Perhaps there are better attributes
355 to use or a better algorithm that works for more sites, but this will
356 do for now. :)
</p
>
358 <p
>This work should make it easier to integrate the Debian Edu clients
359 into any LDAP/Kerberos infrastructure, and make the current setup even
360 more flexible than before. I suspect it will also work for thin
361 client servers, allowing one to easily set up LTSP and hook it into a
362 existing network infrastructure, but I have not had time to test this
365 <p
>If you want to help out with implementing these things for Debian
366 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
368 <p
>Update
2010-
08-
09: Simon Farnsworth gave me a heads-up on how to
369 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
370 before falling back to the upper case DNS domain name. Will have to
371 implement it for Debian Edu. :)
</p
>
376 <title>Testing if a file system can be used for home directories...
</title>
377 <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</link>
378 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html
</guid>
379 <pubDate>Sun,
8 Aug
2010 21:
20:
00 +
0200</pubDate>
381 <p
>A few years ago, I was involved in a project planning to use
382 Windows file servers as home directory servers for Debian
383 Edu/Skolelinux machines. This was thought to be no problem, as the
384 access would be through the SMB network file system protocol, and we
385 knew other sites used SMB with unix and samba as the file server to
386 mount home directories without any problems. But, after months of
387 struggling, we had to conclude that our goal was impossible.
</p
>
389 <p
>The reason is simply that while SMB can be used for home
390 directories when the file server is Samba running on Unix, this only
391 work because of Samba have some extensions and the fact that the
392 underlying file system is a unix file system. When using a Windows
393 file server, the underlying file system do not have POSIX semantics,
394 and several programs will fail if the users home directory where they
395 want to store their configuration lack POSIX semantics.
</p
>
397 <p
>As part of this work, I wrote a small C program I want to share
398 with you all, to replicate a few of the problematic applications (like
399 OpenOffice.org and GCompris) and see if the file system was working as
400 it should. If you find yourself in spooky file system land, it might
401 help you find your way out again. This is the fs-test.c source:
</p
>
405 * Some tests to check the file system sematics. Used to verify that
406 * CIFS from a windows server do not work properly as a linux home
408 * License: GPL v2 or later
410 * needs libsqlite3-dev and build-essential installed
411 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
414 #define _FILE_OFFSET_BITS
64
415 #define _LARGEFILE_SOURCE
1
416 #define _LARGEFILE64_SOURCE
1
418 #define _GNU_SOURCE /* for asprintf() */
420 #include
&lt;errno.h
>
421 #include
&lt;fcntl.h
>
422 #include
&lt;stdio.h
>
423 #include
&lt;string.h
>
424 #include
&lt;stdlib.h
>
425 #include
&lt;sys/file.h
>
426 #include
&lt;sys/stat.h
>
427 #include
&lt;sys/types.h
>
428 #include
&lt;unistd.h
>
432 * Test sqlite open, as done by gcompris require the libsqlite3-dev
433 * package and linking with -lsqlite3. A more low level test is
435 * See also
&lt;URL: http://www.sqlite.org./faq.html#q5
>.
437 #include
&lt;sqlite3.h
>
438 #define CREATE_TABLE_USERS \
439 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT );
"
440 int test_sqlite_open(void) {
442 char *name =
"testsqlite.db
";
445 int rc = sqlite3_open(name,
&db);
447 printf(
"error: sqlite open of %s failed: %s\n
", name, sqlite3_errmsg(db));
453 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,
0,
&zErrMsg);
454 if( rc != SQLITE_OK ){
455 printf(
"error: sqlite table create failed: %s\n
", zErrMsg);
459 printf(
"info: sqlite worked\n
");
463 #endif /* TEST_SQLITE */
466 * Demonstrate locking issue found in gcompris using sqlite3. This
467 * work with ext3, but not with cifs server on Windows
2003. This is
468 * done in the sqlite3 library.
470 *
&lt;URL:http://www.cygwin.com/ml/cygwin/
2001-
08/msg00854.html
> and the
471 * POSIX specification
472 *
&lt;URL:http://www.opengroup.org/onlinepubs/
009695399/functions/fcntl.html
>.
474 int test_gcompris_locking(void) {
476 char *name =
"testsqlite.db
";
478 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE,
0644);
479 printf(
"info: testing fcntl locking\n
");
481 fl.l_whence = SEEK_SET;
483 printf(
" Read-locking
1 byte from
1073741824");
484 fl.l_start =
1073741824;
487 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
489 printf(
" Read-locking
510 byte from
1073741826");
490 fl.l_start =
1073741826;
493 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
495 printf(
" Unlocking
1 byte from
1073741824");
496 fl.l_start =
1073741824;
499 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
501 printf(
" Write-locking
1 byte from
1073741824");
502 fl.l_start =
1073741824;
505 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
507 printf(
" Write-locking
510 byte from
1073741826");
508 fl.l_start =
1073741826;
510 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
512 printf(
" Unlocking
2 byte from
1073741824");
513 fl.l_start =
1073741824;
516 if (
0 != fcntl(fd, F_SETLK,
&fl) ) printf(
" - error!\n
"); else printf(
"\n
");
523 * Test if permissions of freshly created directories allow entries
524 * below them. This was a problem with OpenOffice.org and gcompris.
525 * Mounting with option
'sync
' seem to solve this problem while
526 * slowing down file operations.
528 int test_subdirectory_creation(void) {
530 char *path = strdup(
"test
");
533 printf(
"info: testing subdirectory creation\n
");
534 for (level =
0; level
&lt; LEVELS; level++) {
535 char *newpath = NULL;
536 if (-
1 == mkdir(path,
0777)) {
537 printf(
" error: Unable to create directory
'%s
': %s\n
",
538 path, strerror(errno));
541 asprintf(
&newpath,
"%s/%s
", path,
"test
");
549 * Test if symlinks can be created. This was a problem detected with
552 int test_symlinks(void) {
553 printf(
"info: testing symlink creation\n
");
554 unlink(
"symlink
");
555 if (-
1 == symlink(
"file
",
"symlink
"))
556 printf(
" error: Unable to create symlink\n
");
560 int main(int argc, char **argv) {
561 printf(
"Testing POSIX/Unix sematics on file system\n
");
563 test_subdirectory_creation();
566 #endif /* TEST_SQLITE */
567 test_gcompris_locking();
572 <p
>When everything is working, it should print something like
576 Testing POSIX/Unix sematics on file system
577 info: testing symlink creation
578 info: testing subdirectory creation
580 info: testing fcntl locking
581 Read-locking
1 byte from
1073741824
582 Read-locking
510 byte from
1073741826
583 Unlocking
1 byte from
1073741824
584 Write-locking
1 byte from
1073741824
585 Write-locking
510 byte from
1073741826
586 Unlocking
2 byte from
1073741824
589 <p
>I do not remember the exact details of the problems we saw, but one
590 of them was with locking, where if I remember correctly, POSIX allow a
591 read-only lock to be upgraded to a read-write lock without unlocking
592 the read-only lock (while Windows do not). Another was a bug in the
593 CIFS/SMB client implementation in the Linux kernel where directory
594 meta information would be wrong for a fraction of a second, making
595 OpenOffice.org fail to create its deep directory tree because it was
596 not allowed to create files in its freshly created directory.
</p
>
598 <p
>Anyway, here is a nice tool for your tool box, might you never need
604 <title>Autodetecting Client setup for roaming workstations in Debian Edu
</title>
605 <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</link>
606 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
</guid>
607 <pubDate>Sat,
7 Aug
2010 14:
45:
00 +
0200</pubDate>
609 <p
>A few days ago, I
610 <a href=
"http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
">tried
611 to install
</a
> a Roaming workation profile from Debian Edu/Squeeze
612 while on the university network here at the University of Oslo, and
613 noticed how much had to change to get it operational using the
614 university infrastructure. It was fairly easy, but it occured to me
615 that Debian Edu would improve a lot if I could get the client to
616 connect without any changes at all, and thus let the client configure
617 itself during installation and first boot to use the infrastructure
618 around it. Now I am a huge step further along that road.
</p
>
620 <p
>With our current squeeze-test packages, I can select the roaming
621 workstation profile and get a working laptop connecting to the
622 university LDAP server for user and group and our active directory
623 servers for Kerberos authentication. All this without any
624 configuration at all during installation. My users home directory got
625 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
626 In short, openldap and sssd is correctly configured. In addition to
627 this, the client look for http://wpad/wpad.dat to configure a web
628 proxy, and when it fail to find it no proxy settings are stored in
629 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
630 configured to look for the same wpad configuration and also do not use
631 a proxy when at the university network. If the machine is moved to a
632 network with such wpad setup, it would automatically use it when DHCP
633 gave it a IP address.
</p
>
635 <p
>The LDAP server is located using DNS, by first looking for the DNS
636 entry ldap.$domain. If this do not exist, it look for the
637 _ldap._tcp.$domain SRV records and use the first one as the LDAP
638 server. Next, it connects to the LDAP server and search all
639 namingContexts entries for posixAccount or posixGroup objects, and
640 pick the first one as the LDAP base. For Kerberos, a similar
641 algorithm is used to locate the LDAP server, and the realm is the
642 uppercase version of $domain.
</p
>
644 <p
>So, what is not working, you might ask. SMB mounting my home
645 directory do not work. No idea why, but suspected the incorrect
646 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
647 the cause. These are not properly configured during installation, and
648 had to be hand-edited to get the correct Kerberos realm and server,
649 but SMB mounting still do not work. :(
</p
>
651 <p
>With this automatic configuration in place, I expect a Debian Edu
652 roaming profile installation would be able to automatically detect and
653 connect to any site using LDAP and Kerberos for NSS directory and PAM
654 authentication. It should also work out of the box in a Active
655 Directory environment providing posixAccount and posixGroup objects
656 with UID and GID values.
</p
>
658 <p
>If you want to help out with implementing these things for Debian
659 Edu, please contact us on debian-edu@lists.debian.org.
</p
>
664 <title>Debian Edu roaming workstation - at the university of Oslo
</title>
665 <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</link>
666 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html
</guid>
667 <pubDate>Tue,
3 Aug
2010 23:
30:
00 +
0200</pubDate>
669 <p
>The new roaming workstation profile in Debian Edu/Squeeze is fairly
670 similar to the laptop setup am I working on using Ubuntu for the
671 University of Oslo, and just for the heck of it, I tested today how
672 hard it would be to integrate that profile into the university
673 infrastructure. In this case, it is the university LDAP server,
674 Active Directory Kerberos server and SMB mounting from the Netapp file
677 <p
>I was pleasantly surprised that the only three files needed to be
678 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
679 /etc/mklocaluser.d/
20-debian-edu-config) and one file had to be added
680 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
681 Most of the changes were to get the client to use the university LDAP
682 for NSS and Kerberos server for PAM, but one was to change a hard
683 coded DNS domain name in the mklocaluser hook from .intern to
686 <p
>This testing was so encouraging, that I went ahead and adjusted the
687 Debian Edu scripts and setup in subversion to centralise the roaming
688 workstation setup a bit more and avoid the hardcoded DNS domain name,
689 so that when I test this tomorrow, I expect to get away with modifying
690 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
691 university servers.
</p
>
693 <p
>My goal is to get the clients to have no hardcoded settings and
694 fetch all their initial setup during installation and first boot, to
695 allow them to be inserted also into environments where the default
696 setup in Debian Edu has been changed or as with the university, where
697 the environment is different but provides the protocols Debian Edu
703 <title>Circular package dependencies harms apt recovery
</title>
704 <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</link>
705 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</guid>
706 <pubDate>Tue,
27 Jul
2010 23:
50:
00 +
0200</pubDate>
708 <p
>I discovered this while doing
709 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">automated
710 testing of upgrades from Debian Lenny to Squeeze
</a
>. A few packages
711 in Debian still got circular dependencies, and it is often claimed
712 that apt and aptitude should be able to handle this just fine, but
713 some times these dependency loops causes apt to fail.
</p
>
715 <p
>An example is from todays
716 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing//test-
20100727-lenny-squeeze-kde-aptitude.txt
">upgrade
717 of KDE using aptitude
</a
>. In it, a bug in kdebase-workspace-data
718 causes perl-modules to fail to upgrade. The cause is simple. If a
719 package fail to unpack, then only part of packages with the circular
720 dependency might end up being unpacked when unpacking aborts, and the
721 ones already unpacked will fail to configure in the recovery phase
722 because its dependencies are unavailable.
</p
>
724 <p
>In this log, the problem manifest itself with this error:
</p
>
726 <blockquote
><pre
>
727 dpkg: dependency problems prevent configuration of perl-modules:
728 perl-modules depends on perl (
>=
5.10.1-
1); however:
729 Version of perl on system is
5.10.0-
19lenny
2.
730 dpkg: error processing perl-modules (--configure):
731 dependency problems - leaving unconfigured
732 </pre
></blockquote
>
734 <p
>The perl/perl-modules circular dependency is already
735 <a href=
"http://bugs.debian.org/
527917">reported as a bug
</a
>, and will
736 hopefully be solved as soon as possible, but it is not the only one,
737 and each one of these loops in the dependency tree can cause similar
738 failures. Of course, they only occur when there are bugs in other
739 packages causing the unpacking to fail, but it is rather nasty when
740 the failure of one package causes the problem to become worse because
741 of dependency loops.
</p
>
744 <a href=
"http://lists.debian.org/debian-devel/
2010/
06/msg00116.html
">the
745 tireless effort by Bill Allombert
</a
>, the number of circular
747 <a href=
"http://debian.semistable.com/debgraph.out.html
">left in Debian
748 is dropping
</a
>, and perhaps it will reach zero one day. :)
</p
>
750 <p
>Todays testing also exposed a bug in
751 <a href=
"http://bugs.debian.org/
590605">update-notifier
</a
> and
752 <a href=
"http://bugs.debian.org/
590604">different behaviour
</a
> between
753 apt-get and aptitude, the latter possibly caused by some circular
754 dependency. Reported both to BTS to try to get someone to look at