[homepage.git] / blog / tags / debian / index.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
 <head>
  <title>Petter Reinholdtsen: Entries Tagged debian</title> 
  <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
  <link rel="alternate" title="RSS Feed" href="debian.rss" type="application/rss+xml">
 </head>
 <body>

 <div class="title">
  <h1>
       <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
      
  </h1>
  
 </div>

 <p>Entries tagged "debian".</p>




<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html">The sorry state of multimedia browser plugins in Debian</a>
 </div>
 <div class="date">
  2008-11-25 00:10
 </div>

 <div class="body">
  
<p>Recently I have spent some time evaluating the multimedia browser
plugins available in Debian Lenny, to see which one we should use by
default in Debian Edu.  We need an embedded video playing plugin with
control buttons to pause or stop the video, and capable of streaming
all the multimedia content available on the web.  The test results and
notes are available on
<a href="http://wiki.debian.org/DebianEdu/BrowserMultimedia">the
Debian wiki</a>.  I was surprised how few of the plugins are able to
fill this need.  My personal video player favorite, VLC, has a really
bad plugin which fail on a lot of the test pages.  A lot of the MIME
types I would expect to work with any free software player (like
video/ogg), just do not work.  And simple formats like the
audio/x-mplegurl format (m3u playlists), just isn't supported by the
totem and vlc plugins.  I hope the situation will improve soon.  No
wonder sites use the proprietary Adobe flash to play video.</p>

<p>For Lenny, we seem to end up with the mplayer plugin.  It seem to
be the only one fitting our needs. :/</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html">Devcamp brought us closer to the Lenny based Debian Edu release</a>
 </div>
 <div class="date">
  2008-12-07 12:00
 </div>

 <div class="body">
  
<p>This weekend we had a small developer gathering for Debian Edu in
Oslo.  Most of Saturday was used for the general assemly for the
member organization, but the rest of the weekend I used to tune the
LTSP installation.  LTSP now work out of the box on the 10-network.
Acer Aspire One proved to be a very nice thin client, with both
screen, mouse and keybard in a small box.  Was working on getting the
diskless workstation setup configured out of the box, but did not
finish it before the weekend was up.</p>

<p>Did not find time to look at the 4 VGA cards in one box we got from
the Brazilian group, so that will have to wait for the next
development gathering.  Would love to have the Debian Edu installer
automatically detect and configure a multiseat setup when it find one
of these cards.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html">Endelig er Debian Lenny gitt ut</a>
 </div>
 <div class="date">
  2009-02-15 11:50
 </div>

 <div class="body">
  
<p>Endelig er <a href="http://www.debian.org/">Debian</a>
<a href="http://www.debian.org/News/2009/20090214">Lenny</a> gitt ut.
Et langt steg videre for Debian-prosjektet, og en rekke nye
programpakker blir nå tilgjengelig for de av oss som bruker den
stabile utgaven av Debian.  Neste steg er nå å få
<a href="http://www.skolelinux.org/">Skolelinux</a> /
<a href="http://wiki.debian.org/DebianEdu/">Debian Edu</a> ferdig
oppdatert for den nye utgaven, slik at en oppdatert versjon kan
slippes løs på skolene.  Takk til alle debian-utviklerne som har
gjort dette mulig.  Endelig er f.eks. fungerende avhengighetsstyrt
bootsekvens tilgjengelig i stabil utgave, vha pakken
<tt>insserv</tt>.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">Time for new  LDAP schemas replacing RFC 2307?</a>
 </div>
 <div class="date">
  2009-03-29 20:30
 </div>

 <div class="body">
  
<p>The state of standardized LDAP schemas on Linux is far from
optimal.  There is RFC 2307 documenting one way to store NIS maps in
LDAP, and a modified version of this normally called RFC 2307bis, with
some modifications to be compatible with Active Directory.  The RFC
specification handle the content of a lot of system databases, but do
not handle DNS zones and DHCP configuration.</p>

<p>In <a href="http://www.skolelinux.org/">Debian Edu/Skolelinux</a>,
we would like to store information about users, SMB clients/hosts,
filegroups, netgroups (users and hosts), DHCP and DNS configuration,
and LTSP configuration in LDAP.  These objects have a lot in common,
but with the current LDAP schemas it is not possible to have one
object per entity.  For example, one need to have at least three LDAP
objects for a given computer, one with the SMB related stuff, one with
DNS information and another with DHCP information.  The schemas
provided for DNS and DHCP are impossible to combine into one LDAP
object.  In addition, it is impossible to implement quick queries for
netgroup membership, because of the way NIS triples are implemented.
It just do not scale.  I believe it is time for a few RFC
specifications to cleam up this mess.</p>

<p>I would like to have one LDAP object representing each computer in
the network, and this object can then keep the SMB (ie host key), DHCP
(mac address/name) and DNS (name/IP address) settings in one place.
It need to be efficently stored to make sure it scale well.</p>

<p>I would also like to have a quick way to map from a user or
computer and to the net group this user or computer is a member.</p>

<p>Active Directory have done a better job than unix heads like myself
in this regard, and the unix side need to catch up.  Time to start a
new IETF work group?</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html">Returning from Skolelinux developer gathering</a>
 </div>
 <div class="date">
  2009-03-29 21:00
 </div>

 <div class="body">
  
<p>I'm sitting on the train going home from this weekends Debian
Edu/Skolelinux development gathering.  I got a bit done tuning the
desktop, and looked into the dynamic service location protocol
implementation avahi.  It look like it could be useful for us.  Almost
30 people participated, and I believe it was a great environment to
get to know the Skolelinux system.  Walter Bender, involved in the
development of the Sugar educational platform, presented his stuff and
also helped me improve my OLPC installation.  He also showed me that
his Turtle Art application can be used in standalone mode, and we
agreed that I would help getting it packaged for Debian.  As a
standalone application it would be great for Debian Edu.  We also
tried to get the video conferencing working with two OLPCs, but that
proved to be too hard for us.  The application seem to need more work
before it is ready for me.  I look forward to getting home and relax
now. :)</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html">Standardize on protocols and formats, not vendors and applications</a>
 </div>
 <div class="date">
  2009-03-30 11:50
 </div>

 <div class="body">
  
<p>Where I work at the University of Oslo, one decision stand out as a
very good one to form a long lived computer infrastructure.  It is the
simple one, lost by many in todays computer industry: Standardize on
open network protocols and open exchange/storage formats, not applications.
Applications come and go, while protocols and files tend to stay, and
thus one want to make it easy to change application and vendor, while
avoiding conversion costs and locking users to a specific platform or
application.</p>

<p>This approach make it possible to replace the client applications
independently of the server applications.  One can even allow users to
use several different applications as long as they handle the selected
protocol and format.  In the normal case, only one client application
is recommended and users only get help if they choose to use this
application, but those that want to deviate from the easy path are not
blocked from doing so.</p>

<p>It also allow us to replace the server side without forcing the
users to replace their applications, and thus allow us to select the
best server implementation at any moment, when scale and resouce
requirements change.</p>

<p>I strongly recommend standardizing - on open network protocols and
open formats, but I would never recommend standardizing on a single
application that do not use open network protocol or open formats.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html">No patch is not better than a useless patch</a>
 </div>
 <div class="date">
  2009-04-28 09:30
 </div>

 <div class="body">
  
<p>Julien Blache
<a href="http://blog.technologeek.org/2009/04/12/214">claim that no
patch is better than a useless patch</a>.  I completely disagree, as a
patch allow one to discuss a concrete and proposed solution, and also
prove that the issue at hand is important enough for someone to spent
time on fixing it.  No patch do not provide any of these positive
properties.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html">Two projects that have improved the quality of free software a lot</a>
 </div>
 <div class="date">
  2009-05-02 15:00
 </div>

 <div class="body">
  
<p>There are two software projects that have had huge influence on the
quality of free software, and I wanted to mention both in case someone
do not yet know them.</p>

<p>The first one is <a href="http://valgrind.org/">valgrind</a>, a
tool to detect and expose errors in the memory handling of programs.
It is easy to use, all one need to do is to run 'valgrind program',
and it will report any problems on stdout.  It is even better if the
program include debug information.  With debug information, it is able
to report the source file name and line number where the problem
occurs.  It can report things like 'reading past memory block in file
X line N, the memory block was allocated in file Y, line M', and
'using uninitialised value in control logic'.  This tool has made it
trivial to investigate reproducible crash bugs in programs, and have
reduced the number of this kind of bugs in free software a lot.

<p>The second one is
<a href="http://en.wikipedia.org/wiki/Coverity">Coverity</a> which is
a source code checker.  It is able to process the source of a program
and find problems in the logic without running the program.  It
started out as the Stanford Checker and became well known when it was
used to find bugs in the Linux kernel.  It is now a commercial tool
and the company behind it is running
<a href="http://www.scan.coverity.com/">a community service</a> for the
free software community, where a lot of free software projects get
their source checked for free.  Several thousand defects have been
found and fixed so far.  It can find errors like 'lock L taken in file
X line N is never released if exiting in line M', or 'the code in file
Y lines O to P can never be executed'.  The projects included in the
community service project have managed to get rid of a lot of
reliability problems thanks to Coverity.</p>

<p>I believe tools like this, that are able to automatically find
errors in the source, are vital to improve the quality of software and
make sure we can get rid of the crashing and failing software we are
surrounded by today.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html">Kryptert harddisk - naturligvis</a>
 </div>
 <div class="date">
  2009-05-02 15:30
 </div>

 <div class="body">
  
<p><a href="http://www.dagensit.no/trender/article1658676.ece">Dagens
IT melder</a> at Intel hevder at det er dyrt å miste en datamaskin,
når en tar tap av arbeidstid, fortrolige dokumenter,
personopplysninger og alt annet det innebærer.  Det er ingen tvil om
at det er en kostbar affære å miste sin datamaskin, og det er årsaken
til at jeg har kryptert harddisken på både kontormaskinen og min
bærbare.  Begge inneholder personopplysninger jeg ikke ønsker skal
komme på avveie, den første informasjon relatert til jobben min ved
Universitetet i Oslo, og den andre relatert til blant annet
foreningsarbeide.  Kryptering av diskene gjør at det er lite
sannsynlig at dophoder som kan finne på å rappe maskinene får noe ut
av dem.  Maskinene låses automatisk etter noen minutter uten bruk,
og en reboot vil gjøre at de ber om passord før de vil starte opp.
Jeg bruker Debian på begge maskinene, og installasjonssystemet der
gjør det trivielt å sette opp krypterte disker.  Jeg har LVM på toppen
av krypterte partisjoner, slik at alt av datapartisjoner er kryptert.
Jeg anbefaler alle å kryptere diskene på sine bærbare.  Kostnaden når
det er gjort slik jeg gjør det er minimale, og gevinstene er
betydelige.  En bør dog passe på passordet.  Hvis det går tapt, må
maskinen reinstalleres og alt er tapt.</p>

<p>Krypteringen vil ikke stoppe kompetente angripere som f.eks. kjøler
ned minnebrikkene før maskinen rebootes med programvare for å hente ut
krypteringsnøklene.  Kostnaden med å forsvare seg mot slike angripere
er for min del høyere enn gevinsten.  Jeg tror oddsene for at
f.eks. etteretningsorganisasjoner har glede av å titte på mine
maskiner er minimale, og ulempene jeg ville oppnå ved å forsøke å
gjøre det vanskeligere for angripere med kompetanse og ressurser er
betydelige.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html">IDG mener linux i servermarkedet vil vokse med 21% i 2009</a>
 </div>
 <div class="date">
  2009-05-07 22:30
 </div>

 <div class="body">
  
<p>Kom over
<a href="http://news.cnet.com/8301-13505_3-10216873-16.html">interessante
tall</a> fra IDG om utviklingen av linuxservermarkedet.  Fikk meg til
å tenke på antall tjenermaskiner ved Universitetet i Oslo der jeg
jobber til daglig.  En rask opptelling forteller meg at vi har 490
(61%) fysiske unix-tjener (mest linux men også noen solaris) og 196
(25%) windowstjenere, samt 112 (14%) virtuelle unix-tjenere.  Med den
bakgrunnskunnskapen kan jeg godt tro at IDG er inne på noe.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/BSAs_p__stander_om_piratkopiering_m__ter_motstand.html">BSAs påstander om piratkopiering møter motstand</a>
 </div>
 <div class="date">
  2009-05-17 23:05
 </div>

 <div class="body">
  
<p>Hvert år de siste årene har BSA, lobbyfronten til de store
programvareselskapene som Microsoft og Apple, publisert en rapport der
de gjetter på hvor mye piratkopiering påfører i tapte inntekter i
ulike land rundt om i verden.  Resultatene er tendensiøse.  For noen
dager siden kom
<a href="http://global.bsa.org/globalpiracy2008/studies/globalpiracy2008.pdf">siste
rapport</a>, og det er flere kritiske kommentarer publisert de siste
dagene.  Et spesielt interessant kommentar fra Sverige,
<a href="http://www.idg.se/2.1085/1.229795/bsa-hoftade-sverigesiffror">BSA
höftade Sverigesiffror</a>, oppsummeres slik:</p>

<blockquote>
I sin senaste rapport slår BSA fast att 25 procent av all mjukvara i
Sverige är piratkopierad. Det utan att ha pratat med ett enda svenskt
företag. "Man bör nog kanske inte se de här siffrorna som helt
exakta", säger BSAs Sverigechef John Hugosson.
</blockquote>

<p>Mon tro om de er like metodiske når de gjetter på andelen piratkopiering i Norge?  To andre kommentarer er <a
href="http://www.vnunet.com/vnunet/comment/2242134/bsa-piracy-figures-shot-reality">BSA
piracy figures need a shot of reality</a> og <a
href="http://www.michaelgeist.ca/content/view/3958/125/">Does The WIPO
Copyright Treaty Work?</a></p>

<p>Fant lenkene via <a
href="http://tech.slashdot.org/article.pl?sid=09/05/17/1632242">oppslag
på Slashdot</a>.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html">Debian boots quicker and quicker</a>
 </div>
 <div class="date">
  2009-06-24 21:40
 </div>

 <div class="body">
  
<p>I spent Monday and tuesday this week in London with a lot of the
people involved in the boot system on Debian and Ubuntu, to see if we
could find more ways to speed up the boot system.  This was an Ubuntu
funded
<a href="https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint">developer
gathering</a>. It was quite productive.  We also discussed the future
of boot systems, and ways to handle the increasing number of boot
issues introduced by the Linux kernel becoming more and more
asynchronous and event base.  The Ubuntu approach using udev and
upstart might be a good way forward.  Time will show.</p>

<p>Anyway, there are a few ways at the moment to speed up the boot
process in Debian.  All of these should be applied to get a quick
boot:</p>

<ul>

<li>Use dash as /bin/sh.</li>

<li>Disable the init.d/hwclock*.sh scripts and make sure the hardware
   clock is in UTC.</li>

<li>Install and activate the insserv package to enable
   <a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
   based boot sequencing</a>, and enable concurrent booting.</li>

</ul>

These points are based on the Google summer of code work done by
<a href="http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/">Carlos
Villegas</a>.

<p>Support for makefile-style concurrency during boot was uploaded to
unstable yesterday.  When we tested it, we were able to cut 6 seconds
from the boot sequence.  It depend on very correct dependency
declaration in all init.d scripts, so I expect us to find edge cases
where the dependences in some scripts are slightly wrong when we start
using this.</p>

<p>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
introduced by Raphael Geissert today, one that could affect the
startup speed as well.  Instead of starting some scripts concurrently
from rcS.d/ and another set of scripts from rc2.d/, it would be
possible to run a of them in the same process.  A quick way to test
this would be to enable insserv and run 'mv /etc/rc2.d/S* /etc/rcS.d/;
insserv'.  Will need to test if that work. :)</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html">Taking over sysvinit development</a>
 </div>
 <div class="date">
  2009-07-22 23:00
 </div>

 <div class="body">
  
<p>After several years of frustration with the lack of activity from
the existing sysvinit upstream developer, I decided a few weeks ago to
take over the package and become the new upstream.  The number of
patches to track for the Debian package was becoming a burden, and the
lack of synchronization between the distribution made it hard to keep
the package up to date.</p>

<p>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
and my Debian co-maintainer Kel Modderman.  About 10 days ago, I made
a new upstream tarball with version number 2.87dsf (for Debian, SuSe
and Fedora), based on the patches currently in use in these
distributions.  We Debian maintainers plan to move to this tarball as
the new upstream as soon as we find time to do the merge.  Since the
new tarball was created, we agreed with Werner at SuSe to make a new
upstream project at <a href="http://savannah.nongnu.org/">Savannah</a>, and continue
development there.  The project is registered and currently waiting
for approval by the Savannah administrators, and as soon as it is
approved, we will import the old versions from svn and continue
working on the future release.</p>

<p>It is a bit ironic that this is done now, when some of the involved
distributions are moving to upstart as a syvinit replacement.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html">Debian has switched to dependency based boot sequencing</a>
 </div>
 <div class="date">
  2009-07-27 23:50
 </div>

 <div class="body">
  
<p>Since this evening, with the upload of sysvinit version 2.87dsf-2,
and the upload of insserv version 1.12.0-10 yesterday, Debian unstable
have been migrated to using dependency based boot sequencing.  This
conclude work me and others have been doing for the last three days.
It feels great to see this finally part of the default Debian
installation.  Now we just need to weed out the last few problems that
are bound to show up, to get everything ready for Squeeze.</p>

<p>The next step is migrating /sbin/init from sysvinit to upstart, and
fixing the more fundamental problem of handing the event based
non-predictable kernel in the early boot.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html">Parallellizing the boot in Debian Squeeze - ready for wider testing</a>
 </div>
 <div class="date">
  2010-05-06 23:25
 </div>

 <div class="body">
  
<p>These days, the init.d script dependencies in Squeeze are quite
complete, so complete that it is actually possible to run all the
init.d scripts in parallell based on these dependencies.  If you want
to test your Squeeze system, make sure
<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
based boot sequencing</a> is enabled, and add this line to
/etc/default/rcS:</p>

<blockquote><pre>
CONCURRENCY=makefile
</pre></blockquote>

<p>That is it.  It will cause sysv-rc to use the startpar tool to run
scripts in parallel using the dependency information stored in
/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
/etc/init.d/.depend.stop to order the scripts.  Startpar is configured
to try to start the kdm and gdm scripts as early as possible, and will
start the facilities required by kdm or gdm as early as possible to
make this happen.</p>

<p>Give it a try, and see if you like the result.  If some services
fail to start properly, it is most likely because they have incomplete
init.d script dependencies in their startup script (or some of their
dependent scripts have incomplete dependencies).  Report bugs and get
the package maintainers to fix it. :)</p>

<p>Running scripts in parallel could be the default in Debian when we
manage to get the init.d script dependencies complete and correct.  I
expect we will get there in Squeeze+1, if we get manage to test and
fix the remaining issues.</p>

<p>If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
list of usertagged bugs related to this</a>.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html">systemd, an interesting alternative to upstart</a>
 </div>
 <div class="date">
  2010-05-13 22:20
 </div>

 <div class="body">
  
<p>The last few days a new boot system called
<a href="http://www.freedesktop.org/wiki/Software/systemd">systemd</a>
has been
<a href="http://0pointer.de/blog/projects/systemd.html">introduced</a>

to the free software world.  I have not yet had time to play around
with it, but it seem to be a very interesting alternative to
<a href="http://upstart.ubuntu.com/">upstart</a>, and might prove to be
a good alternative for Debian when we are able to switch to an event
based boot system.  Tollef is
<a href="http://bugs.debian.org/580814">in the process</a> of getting
systemd into Debian, and I look forward to seeing how well it work.  I
like the fact that systemd handles init.d scripts with dependency
information natively, allowing them to run in parallel where upstart
at the moment do not.</p>

<p>Unfortunately do systemd have the same problem as upstart regarding
platform support.  It only work on recent Linux kernels, and also need
some new kernel features enabled to function properly.  This means
kFreeBSD and Hurd ports of Debian will need a port or a different boot
system.  Not sure how that will be handled if systemd proves to be the
way forward.</p>

<p>In the mean time, based on the
<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
on debian-devel@</a> regarding parallel booting in Debian, I have
decided to enable full parallel booting as the default in Debian as
soon as possible (probably this weekend or early next week), to see if
there are any remaining serious bugs in the init.d dependencies.  A
new version of the sysvinit package implementing this change is
already in experimental.  If all go well, Squeeze will be released
with parallel booting enabled by default.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html">Sitesummary tip: Listing MAC address of all clients</a>
 </div>
 <div class="date">
  2010-05-14 21:10
 </div>

 <div class="body">
  
<p>In the recent Debian Edu versions, the
<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">sitesummary
system</a> is used to keep track of the machines in the school
network.  Each machine will automatically report its status to the
central server after boot and once per night.  The network setup is
also reported, and using this information it is possible to get the
MAC address of all network interfaces in the machines.  This is useful
to update the DHCP configuration.</p>

<p>To give some idea how to use sitesummary, here is a one-liner to
ist all MAC addresses of all machines reporting to sitesummary.  Run
this on the collector host:</p>

<blockquote><pre>
perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
</pre></blockquote>

<p>This will list all MAC addresses assosiated with all machine, one
line per machine and with space between the MAC addresses.</p>

<p>To allow system administrators easier job at adding static DHCP
addresses for hosts, it would be possible to extend this to fetch
machine information from sitesummary and update the DHCP and DNS
tables in LDAP using this information.  Such tool is unfortunately not
written yet.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html">Parallellized boot is now the default in Debian/unstable</a>
 </div>
 <div class="date">
  2010-05-14 22:40
 </div>

 <div class="body">
  
<p>Since this evening, parallel booting is the default in
Debian/unstable for machines using dependency based boot sequencing.
Apparently the testing of concurrent booting has been wider than
expected, if I am to believe the
<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
on debian-devel@</a>, and I concluded a few days ago to move forward
with the feature this weekend, to give us some time to detect any
remaining problems before Squeeze is frozen.  If serious problems are
detected, it is simple to change the default back to sequential boot.
The upload of the new sysvinit package also activate a new upstream
version.</p>

More information about
<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
based boot sequencing</a> is available from the Debian wiki.  It is
currently possible to disable parallel booting when one run into
problems caused by it, by adding this line to /etc/default/rcS:</p>

<blockquote><pre>
CONCURRENCY=none
</pre></blockquote>

<p>If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
list of usertagged bugs related to this</a>.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html">More flexible firmware handling in debian-installer</a>
 </div>
 <div class="date">
  2010-05-22 21:30
 </div>

 <div class="body">
  
<p>After a long break from debian-installer development, I finally
found time today to return to the project.  Having to spend less time
working dependency based boot in debian, as it is almost complete now,
definitely helped freeing some time.</p>

<p>A while back, I ran into a problem while working on Debian Edu.  We
include some firmware packages on the Debian Edu CDs, those needed to
get disk and network controllers working.  Without having these
firmware packages available during installation, it is impossible to
install Debian Edu on the given machine, and because our target group
are non-technical people, asking them to provide firmware packages on
an external medium is a support pain.  Initially, I expected it to be
enough to include the firmware packages on the CD to get
debian-installer to find and use them.  This proved to be wrong.
Next, I hoped it was enough to symlink the relevant firmware packages
to some useful location on the CD (tried /cdrom/ and
/cdrom/firmware/).  This also proved to not work, and at this point I
found time to look at the debian-installer code to figure out what was
going to work.</p>

<p>The firmware loading code is in the hw-detect package, and a closer
look revealed that it would only look for firmware packages outside
the installation media, so the CD was never checked for firmware
packages.  It would only check USB sticks, floppies and other
"external" media devices.  Today I changed it to also look in the
/cdrom/firmware/ directory on the mounted CD or DVD, which should
solve the problem I ran into with Debian edu.  I also changed it to
look in /firmware/, to make sure the installer also find firmware
provided in the initrd when booting the installer via PXE, to allow us
to provide the same feature in the PXE setup included in Debian
Edu.</p>

<p>To make sure firmware deb packages with a license questions are not
activated without asking if the license is accepted, I extended
hw-detect to look for preinst scripts in the firmware packages, and
run these before activating the firmware during installation.  The
license question is asked using debconf in the preinst, so this should
solve the issue for the firmware packages I have looked at so far.</p>

<p>If you want to discuss the details of these features, please
contact us on debian-boot@lists.debian.org.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html">Parallellized boot seem to hold up well in Debian/testing</a>
 </div>
 <div class="date">
  2010-05-27 23:55
 </div>

 <div class="body">
  
<p>A few days ago, parallel booting was enabled in Debian/testing.
The feature seem to hold up pretty well, but three fairly serious
issues are known and should be solved:

<p><ul>

<li>The wicd package seen to
<a href="http://bugs.debian.org/508289">break NFS mounting</a> and
<a href="http://bugs.debian.org/581586">network setup</a> when
parallel booting is enabled.  No idea why, but the wicd maintainer
seem to be on the case.</li>

<li>The nvidia X driver seem to
<a href="http://bugs.debian.org/583312">have a race condition</a>
triggered more easily when parallel booting is in effect.  The
maintainer is on the case.</li>

<li>The sysv-rc package fail to properly enable dependency based boot
sequencing (the shutdown is broken) when old file-rc users
<a href="http://bugs.debian.org/575080">try to switch back</a> to
sysv-rc.  One way to solve it would be for file-rc to create
/etc/init.d/.legacy-bootordering, and another is to try to make
sysv-rc more robust.  Will investigate some more and probably upload a
workaround in sysv-rc to help those trying to move from file-rc to
sysv-rc get a working shutdown.</li>

</ul></p>

<p>All in all not many surprising issues, and all of them seem
solvable before Squeeze is released.  In addition to these there are
some packages with bugs in their dependencies and run level settings,
which I expect will be fixed in a reasonable time span.</p>

<p>If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
list of usertagged bugs related to this</a>.</p>

<p>Update: Correct bug number to file-rc issue.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html">KDM fail at boot with NVidia cards - and no one try to fix it?</a>
 </div>
 <div class="date">
  2010-06-01 17:05
 </div>

 <div class="body">
  
<p>It is strange to watch how a bug in Debian causing KDM to fail to
start at boot when an NVidia video card is used is handled.  The
problem seem to be that the nvidia X.org driver uses a long time to
initialize, and this duration is longer than kdm is configured to
wait.</p>

<p>I came across two bugs related to this issue,
<a href="http://bugs.debian.org/583312">#583312</a> initially filed
against initscripts and passed on to nvidia-glx when it became obvious
that the nvidia drivers were involved, and
<a href="http://bugs.debian.org/524751">#524751</a> initially filed against
kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.</p>

<p>To me, it seem that no-one is interested in actually solving the
problem nvidia video card owners experience and make sure the Debian
distribution work out of the box for these users.  The nvidia driver
maintainers expect kdm to be set up to wait longer, while kdm expect
the nvidia driver maintainers to fix the driver to start faster, and
while they wait for each other I guess the users end up switching to a
distribution that work for them.  I have no idea what the solution is,
but I am pretty sure that waiting for each other is not it.</p>

<p>I wonder why we end up handling bugs this way.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html">Sitesummary tip: Listing computer hardware models used at site</a>
 </div>
 <div class="date">
  2010-06-03 12:05
 </div>

 <div class="body">
  
<p>When using sitesummary at a site to track machines, it is possible
to get a list of the machine types in use thanks to the DMI
information extracted from each machine.  The script to do so is
included in the sitesummary package, and here is example output from
the Skolelinux build servers:</p>

<blockquote><pre>
maintainer:~# /usr/lib/sitesummary/hardware-model-summary
  vendor                    count
  Dell Computer Corporation     1
    PowerEdge 1750              1
  IBM                           1
    eserver xSeries 345 -[8670M1X]-     1
  Intel                         2
  [no-dmi-info]                 3
maintainer:~#
</pre></blockquote>

<p>The quality of the report depend on the quality of the DMI tables
provided in each machine.  Here there are Intel machines without model
information listed with Intel as vendor and mo model, and virtual Xen
machines listed as [no-dmi-info].  One can add -l as a command line
option to list the individual machines.</p>

<p>A larger list is
<a href="http://narvikskolen.no/sitesummary/">available from the the
city of Narvik</a>, which uses Skolelinux on all their shools and also
provide the basic sitesummary report publicly.  In their report there
are ~1400 machines. I know they use both Ubuntu and Skolelinux on
their machines, and as sitesummary is available in both distributions,
it is trivial to get all of them to report to the same central
collector.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html">A manual for standards wars...</a>
 </div>
 <div class="date">
  2010-06-06 14:15
 </div>

 <div class="body">
  
<p>Via the
<a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/QzU4RgoAGMg/weekly-links-10.html">blog
of Rob Weir</a> I came across the very interesting essay named
<a href="http://faculty.haas.berkeley.edu/shapiro/wars.pdf">The Art of
Standards Wars</a> (PDF 25 pages).  I recommend it for everyone
following the standards wars of today.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html">Upstart or sysvinit - as init.d scripts see it</a>
 </div>
 <div class="date">
  2010-06-06 23:55
 </div>

 <div class="body">
  
<p>If Debian is to migrate to upstart on Linux, I expect some init.d
scripts to migrate (some of) their operations to upstart job while
keeping the init.d for hurd and kfreebsd.  The packages with such
needs will need a way to get their init.d scripts to behave
differently when used with sysvinit and with upstart.  Because of
this, I had a look at the environment variables set when a init.d
script is running under upstart, and when it is not.</p>

<p>With upstart, I notice these environment variables are set when a
script is started from rcS.d/ (ignoring some irrelevant ones like
COLUMNS):</p>

<blockquote><pre>
DEFAULT_RUNLEVEL=2
previous=N
PREVLEVEL=
RUNLEVEL=
runlevel=S
UPSTART_EVENTS=startup
UPSTART_INSTANCE=
UPSTART_JOB=rc-sysinit
</pre></blockquote>

<p>With sysvinit, these environment variables are set for the same
script.</p>

<blockquote><pre>
INIT_VERSION=sysvinit-2.88
previous=N
PREVLEVEL=N
RUNLEVEL=S
runlevel=S
</pre></blockquote>

<p>The RUNLEVEL and PREVLEVEL environment variables passed on from
sysvinit are not set by upstart.  Not sure if it is intentional or not
to not be compatible with sysvinit in this regard.</p>

<p>For scripts needing to behave differently when upstart is used,
looking for the UPSTART_JOB environment variable seem to be a good
choice.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">Automatic upgrade testing from Lenny to Squeeze</a>
 </div>
 <div class="date">
  2010-06-11 22:50
 </div>

 <div class="body">
  
<p>The last few days I have done some upgrade testing in Debian, to
see if the upgrade from Lenny to Squeeze will go smoothly.  A few bugs
have been discovered and reported in the process
(<a href="http://bugs.debian.org/585410">#585410</a> in nagios3-cgi,
<a href="http://bugs.debian.org/584879">#584879</a> already fixed in
enscript and <a href="http://bugs.debian.org/584861">#584861</a> in
kdebase-workspace-data), and to get a more regular testing going on, I
am working on a script to automate the test.</p>

<p>The idea is to create a Lenny chroot and use tasksel to install a
Gnome or KDE desktop installation inside the chroot before upgrading
it.  To ensure no services are started in the chroot, a policy-rc.d
script is inserted.  To make sure tasksel believe it is to install a
desktop on a laptop, the tasksel tests are replaced in the chroot
(only acceptable because this is a throw-away chroot).</p>

<p>A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
currently always fail because udev refuses to upgrade with the kernel
in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
is created.  The bug report
<a href="http://bugs.debian.org/566000">#566000</a> make me suspect
this problem do not trigger in a chroot, but I touch the file anyway
to make sure the upgrade go well.  Testing on virtual and real
hardware have failed me because of udev so far, and creating this file
do the trick in such settings anyway.  This is a
<a href="http://www.linuxquestions.org/questions/debian-26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-804130/">known
issue</a> and the current udev behaviour is intended by the udev
maintainer because he lack the resources to rewrite udev to keep
working with old kernels or something like that.  I really wish the
udev upstream would keep udev backwards compatible, to avoid such
upgrade problem, but given that they fail to do so, I guess
documenting the way out of this mess is the best option we got for
Debian Squeeze.</p>

<p>Anyway, back to the task at hand, testing upgrades.  This test
script, which I call <tt>upgrade-test</tt> for now, is doing the
trick:</p>

<blockquote><pre>
#!/bin/sh
set -ex

if [ "$1" ] ; then
    desktop=$1
else
    desktop=gnome
fi

from=lenny
to=squeeze

exec &lt; /dev/null
unset LANG
mirror=http://ftp.skolelinux.org/debian
tmpdir=chroot-$from-upgrade-$to-$desktop
fuser -mv .
debootstrap $from $tmpdir $mirror
chroot $tmpdir aptitude update
cat > $tmpdir/usr/sbin/policy-rc.d &lt;&lt;EOF
#!/bin/sh
exit 101
EOF
chmod a+rx $tmpdir/usr/sbin/policy-rc.d
exit_cleanup() {
    umount $tmpdir/proc
}
mount -t proc proc $tmpdir/proc
# Make sure proc is unmounted also on failure
trap exit_cleanup EXIT INT

chroot $tmpdir aptitude -y install debconf-utils

# Make sure tasksel autoselection trigger.  It need the test scripts
# to return the correct answers.
echo tasksel tasksel/desktop multiselect $desktop | \
    chroot $tmpdir debconf-set-selections

# Include the desktop and laptop task
for test in desktop laptop ; do
    echo > $tmpdir/usr/lib/tasksel/tests/$test &lt;&lt;EOF
#!/bin/sh
exit 2
EOF
    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
done

DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
export DEBIAN_FRONTEND DEBIAN_PRIORITY
chroot $tmpdir tasksel --new-install

echo deb $mirror $to main > $tmpdir/etc/apt/sources.list
chroot $tmpdir aptitude update
touch $tmpdir/etc/udev/kernel-upgrade
chroot $tmpdir aptitude -y dist-upgrade
fuser -mv
</pre></blockquote>

<p>I suspect it would be useful to test upgrades with both apt-get and
with aptitude, but I have not had time to look at how they behave
differently so far.  I hope to get a cron job running to do the test
regularly and post the result on the web.  The Gnome upgrade currently
work, while the KDE upgrade fail because of the bug in
kdebase-workspace-data</p>

<p>I am not quite sure what kind of extract from the huge upgrade logs
(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog
post, so I will refrain from trying.  I can report that for Gnome,
aptitude report 760 packages upgraded, 448 newly installed, 129 to
remove and 1 not upgraded and 1024MB need to be downloaded while for
KDE the same numbers are 702 packages upgraded, 507 newly installed,
193 to remove and 0 not upgraded and 1117MB need to be downloaded</p>

<p>I am very happy to notice that the Gnome desktop + laptop upgrade
is able to migrate to dependency based boot sequencing and parallel
booting without a hitch.  Was unsure if there were still bugs with
packages failing to clean up their obsolete init.d script during
upgrades, and no such problem seem to affect the Gnome desktop+laptop
packages.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html">Lenny->Squeeze upgrades, removals by apt and aptitude</a>
 </div>
 <div class="date">
  2010-06-13 09:05
 </div>

 <div class="body">
  
<p>My
<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">testing
of Debian upgrades</a> from Lenny to Squeeze continues, and I've
finally made the upgrade logs available from
<a href="http://people.skolelinux.org/pere/debian-upgrade-testing/">http://people.skolelinux.org/pere/debian-upgrade-testing/</a>.
I am now testing dist-upgrade of Gnome and KDE in a chroot using both
apt and aptitude, and found their differences interesting.  This time
I will only focus on their removal plans.</p>

<p>After installing a Gnome desktop and the laptop task, apt-get wants
to remove 72 packages when dist-upgrading from Lenny to Squeeze.  The
surprising part is that it want to remove xorg and all
xserver-xorg-video* drivers.  Clearly not a good choice, but I am not
sure why.  When asking aptitude to do the same, it want to remove 129
packages, but most of them are library packages I suspect are no
longer needed.  Both of them want to remove bluetooth packages, which
I do not know.  Perhaps these bluetooth packages are obsolete?</p>

<p>For KDE, apt-get want to remove 82 packages, among them kdebase
which seem like a bad idea and xorg the same way as with Gnome. Asking
aptitude for the same, it wants to remove 192 packages, none which are
too surprising.</p>

<p>I guess the removal of xorg during upgrades should be investigated
and avoided, and perhaps others as well.  Here are the complete list
of planned removals.  The complete logs is available from the URL
above.  Note if you want to repeat these tests, that the upgrade test
for kde+apt-get hung in the tasksel setup because of dpkg asking
conffile questions.  No idea why.  I worked around it by using
'<tt>echo >> /proc/<em>pidofdpkg</em>/fd/0</tt>' to tell dpkg to
continue.</p>

<p><b>apt-get gnome 72</b>
<br>bluez-gnome cupsddk-drivers deskbar-applet gnome
  gnome-desktop-environment gnome-network-admin gtkhtml3.14
  iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
  libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
  nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
  serpentine swfdec-mozilla update-manager xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
  xulrunner-1.9-gnome-support</p>

<p><b>aptitude gnome 129</b>

<br>bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
  djvulibre-desktop finger gnome-app-install gnome-mount
  gnome-network-admin gnome-spell gnome-vfs-obexftp
  gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
  libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
  libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
  libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
  libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
  libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
  libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
  libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
  libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
  libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
  libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
  libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
  libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
  libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
  libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
  libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
  libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
  libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
  libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
  libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
  openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gnome2-desktop
  python-gnome2-extras python-gtkhtml2 python-gtkmozembed
  python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
  swfdec-mozilla totem-gstreamer update-manager wodim
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  zip</p>

<p><b>apt-get kde 82</b>

<br>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
  kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
  kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
  kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
  kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
  libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9</p>

<p><b>aptitude kde 192</b>
<br>bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
  djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
  ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
  kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
  kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
  kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
  kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
  kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
  kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
  kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
  kghostview khelpcenter khexedit kiconedit kitchensync klatin
  klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
  kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
  krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
  ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
  kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
  kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
  libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
  libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
  libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
  libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
  libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
  libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
  libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
  libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
  libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
  libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
  libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
  libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
  libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
  libxerces2-java-gcj libxtrap6 mpeglib networkstatus
  openoffice.org-writer2latex pmount poster psutils quanta quanta-data
  superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
  texlive-common texlive-doc-base texlive-fonts-recommended
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  xulrunner-1.9</p>


 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html">Calling tasksel like the installer, while still getting useful output</a>
 </div>
 <div class="date">
  2010-06-16 14:55
 </div>

 <div class="body">
  
<p>A few times I have had the need to simulate the way tasksel
installs packages during the normal debian-installer run.  Until now,
I have ended up letting tasksel do the work, with the annoying problem
of not getting any feedback at all when something fails (like a
conffile question from dpkg or a download that fails), using code like
this:

<blockquote><pre>
export DEBIAN_FRONTEND=noninteractive
tasksel --new-install
</pre></blockquote>

This would invoke tasksel, let its automatic task selection pick the
tasks to install, and continue to install the requested tasks without
any output what so ever.

Recently I revisited this problem while working on the automatic
package upgrade testing, because tasksel would some times hang without
any useful feedback, and I want to see what is going on when it
happen.  Then it occured to me, I can parse the output from tasksel
when asked to run in test mode, and use that aptitude command line
printed by tasksel then to simulate the tasksel run.  I ended up using
code like this:

<blockquote><pre>
export DEBIAN_FRONTEND=noninteractive
cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
$cmd
</pre></blockquote>

<p>The content of $cmd is typically something like "<tt>aptitude -q
--without-recommends -o APT::Install-Recommends=no -y install
~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
~pimportant</tt>", which will install the gnome desktop task, the
laptop task and all packages with priority standard , required and
important, just like tasksel would have done it during
installation.</p>

<p>A better approach is probably to extend tasksel to be able to
install packages without using debconf-apt-progress, for use cases
like this.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</a>
 </div>
 <div class="date">
  2010-06-24 00:35
 </div>

 <div class="body">
  
<p>A while back, I
<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
about the fact</a> that it is not possible with the provided schemas
for storing DNS and DHCP information in LDAP to combine the two sets
of information into one LDAP object representing a computer.</p>

<p>In the mean time, I discovered that a simple fix would be to make
the dhcpHost object class auxiliary, to allow it to be combined with
the dNSDomain object class, and thus forming one object for one
computer when storing both DHCP and DNS information in LDAP.</p>

<p>If I understand this correctly, it is not safe to do this change
without also changing the assigned number for the object class, and I
do not know enough about LDAP schema design to do that properly for
Debian Edu.</p>

<p>Anyway, for future reference, this is how I believe we could change
the
<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
schema</a> to solve at least part of the problem with the LDAP schemas
available today from IETF.</p>

<pre>
--- dhcp.schema    (revision 65192)
+++ dhcp.schema    (working copy)
@@ -376,7 +376,7 @@
 objectclass ( 2.16.840.1.113719.1.203.6.6
        NAME 'dhcpHost'
        DESC 'This represents information about a particular client'
-       SUP top
+       SUP top AUXILIARY
        MUST cn
        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
</pre>

<p>I very much welcome clues on how to do this properly for Debian
Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.</p>

<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">LUMA, a very nice LDAP GUI</a>
 </div>
 <div class="date">
  2010-06-28 00:30
 </div>

 <div class="body">
  
<p>The last few days I have been looking into the status of the LDAP
directory in Debian Edu, and in the process I started to miss a GUI
tool to browse the LDAP tree.  The only one I was able to find in
Debian/Squeeze and Lenny is
<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to
be a great tool to get a overview of the current LDAP directory
populated by default in Skolelinux.  Thanks to it, I have been able to
find empty and obsolete subtrees, misplaced objects and duplicate
objects.  It will be installed by default in Debian/Squeeze.  If you
are working with LDAP, give it a go. :)</p>

<p>I did notice one problem with it I have not had time to report to
the BTS yet.  There is no .desktop file in the package, so the tool do
not show up in the Gnome and KDE menus, but only deep down in in the
Debian submenu in KDE.  I hope that can be fixed before Squeeze is
released.</p>

<p>I have not yet been able to get it to modify the tree yet.  I would
like to move objects and remove subtrees directly in the GUI, but have
not found a way to do that with LUMA yet.  So in the mean time, I use
<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p>

<p>If you have tips on other GUI tools for LDAP that might be useful
in Debian Edu, please contact us on debian-edu@lists.debian.org.</p>

<p>Update 2010-06-29: Ross Reedstrom tipped us about the
<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a
useful GUI alternative.  It seem like a good tool, but is unmaintained
in Debian and got a RC bug keeping it out of Squeeze.  Unless that
changes, it will not be an option for Debian Edu based on Squeeze.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html">Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</a>
 </div>
 <div class="date">
  2010-07-03 23:55
 </div>

 <div class="body">
  
<p>Here is a short update on my <a
href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
Debian Lenny->Squeeze upgrade testing</a>.  Here is a summary of the
difference for Gnome when it is upgraded by apt-get and aptitude.  I'm
not reporting the status for KDE, because the upgrade crashes when
aptitude try because of missing conflicts
(<a href="http://bugs.debian.org/584861">#584861</a> and
<a href="http://bugs.debian.org/585716">#585716</a>).</p>

<p>At the end of the upgrade test script, dpkg -l is executed to get a
complete list of the installed packages.  Based on this I see these
differences when I did a test run today.  As usual, I do not really
know what the correct set of packages would be, but thought it best to
publish the difference.</p>

<p>Installed using apt-get, missing with aptitude</p>

<blockquote><p>
  at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
  libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
  libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
  libgtksourceview-common libpt-1.10.10-plugins-alsa
  libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
  libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gtkhtml2
  python-gtkmozembed svgalibg1 xserver-xephyr zip
</p></blockquote>

<p>Installed using apt-get, removed with aptitude</p>

<blockquote><p>
  bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
  gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
  libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
  libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
  libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
  libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
  libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
  libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
  libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
  libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
  libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
  libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
  libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
  libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
  libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
  mysql-common swfdec-gnome totem-gstreamer wodim
</p></blockquote>

<p>Installed using aptitude, missing with apt-get</p>

<blockquote><p>
  gnome gnome-desktop-environment hamster-applet python-gnomeapplet
  python-gnomekeyring python-wnck rhythmbox-plugins xorg
  xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-video-all
  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
  xserver-xorg-video-chips xserver-xorg-video-cirrus
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nouveau xserver-xorg-video-nv
  xserver-xorg-video-r128 xserver-xorg-video-radeon
  xserver-xorg-video-radeonhd xserver-xorg-video-rendition
  xserver-xorg-video-s3 xserver-xorg-video-s3virge
  xserver-xorg-video-savage xserver-xorg-video-siliconmotion
  xserver-xorg-video-sis xserver-xorg-video-sisusb
  xserver-xorg-video-tdfx xserver-xorg-video-tga
  xserver-xorg-video-trident xserver-xorg-video-tseng
  xserver-xorg-video-vesa xserver-xorg-video-vmware
  xserver-xorg-video-voodoo
</p></blockquote>

<p>Installed using aptitude, removed with apt-get</p>

<blockquote><p>
  deskbar-applet xserver-xorg xserver-xorg-core
  xserver-xorg-input-wacom xserver-xorg-video-intel
  xserver-xorg-video-openchrome
</p></blockquote>

<p>I was told on IRC that the xorg-xserver package was
<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
in git</a> today to try to get apt-get to not remove xorg completely.
No idea when it hits Squeeze, but when it does I hope it will reduce
the difference somewhat.

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html">jXplorer, a very nice LDAP GUI</a>
 </div>
 <div class="date">
  2010-07-09 12:55
 </div>

 <div class="body">
  
<p>Since
<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
last post</a> about available LDAP tools in Debian, I was told about a
LDAP GUI that is even better than luma.  The java application
<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
moving LDAP objects and subtrees using drag-and-drop, and can
authenticate using Kerberos.  I have only tested the Kerberos
authentication, but do not have a LDAP setup allowing me to rewrite
LDAP with my test user yet.  It is
<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
Debian</a> testing and unstable at the moment.  The only problem I
have with it is how it handle errors.  If something go wrong, its
non-intuitive behaviour require me to go through some query work list
and remove the failing query.  Nothing big, but very annoying.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html">Idea for storing LTSP configuration in LDAP</a>
 </div>
 <div class="date">
  2010-07-11 22:00
 </div>

 <div class="body">
  
<p>Vagrant mentioned on IRC today that ltsp_config now support
sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
clients, and that this can be used to fetch configuration from LDAP if
Debian Edu choose to store configuration there.</p>

<p>Armed with this information, I got inspired and wrote a test module
to get configuration from LDAP.  The idea is to look up the MAC
address of the client in LDAP, and look for attributes on the form
ltspconfigsetting=value, and use this to export SETTING=value to the
LTSP clients.</p>

<p>The goal is to be able to store the LTSP configuration attributes
in a "computer" LDAP object used by both DNS and DHCP, and thus
allowing us to store all information about a computer in one place.</p>

<p>This is a untested draft implementation, and I welcome feedback on
this approach.  A real LDAP schema for the ltspClientAux objectclass
need to be written.  Comments, suggestions, etc?</p>

<blockquote><pre>
# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
#
# Fetch LTSP client settings from LDAP based on MAC address
#
# Uses ethernet address as stored in the dhcpHost objectclass using
# the dhcpHWAddress attribute or ethernet address stored in the
# ieee802Device objectclass with the macAddress attribute.
#
# This module is written to be schema agnostic, and only depend on the
# existence of attribute names.
#
# The LTSP configuration variables are saved directly using a
# ltspConfig prefix and uppercasing the rest of the attribute name.
# To set the SERVER variable, set the ltspConfigServer attribute.
#
# Some LDAP schema should be created with all the relevant
# configuration settings.  Something like this should work:
# 
# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
#     SUP top
#     AUXILIARY
#     MAY ( ltspConfigServer $ ltsConfigSound $ ... )

LDAPSERVER=$(debian-edu-ldapserver)
if [ "$LDAPSERVER" ] ; then
    LDAPBASE=$(debian-edu-ldapserver -b)
    for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
        filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
        ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
            grep '^ltspConfig' | while read attr value ; do
            # Remove prefix and convert to upper case
            attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
            # bass value on to clients
            eval "$attr=$value; export $attr"
        done
    done
fi
</pre></blockquote>

<p>I'm not sure this shell construction will work, because I suspect
the while block might end up in a subshell causing the variables set
there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)</p>

<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>

<p>Update 2010-07-17: I am aware of another effort to store LTSP
configuration in LDAP that was created around year 2000 by
<a href="http://www.pcxperience.com/thinclient/documentation/ldap.html">PC
Xperience, Inc., 2000</a>.  I found its
<a href="http://people.redhat.com/alikins/ltsp/ldap/">files</a> on a
personal home page over at redhat.com.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">Combining PowerDNS and ISC DHCP LDAP objects</a>
 </div>
 <div class="date">
  2010-07-14 23:45
 </div>

 <div class="body">
  
<p>For a while now, I have wanted to find a way to change the DNS and
DHCP services in Debian Edu to use the same LDAP objects for a given
computer, to avoid the possibility of having a inconsistent state for
a computer in LDAP (as in DHCP but no DNS entry or the other way
around) and make it easier to add computers to LDAP.</p>

<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
information finally found a solution that seem to work.</p>

<p>The old setup required three LDAP objects for a given computer.
One forward DNS entry, one reverse DNS entry and one DHCP entry.  If
we switch powerdns to use its strict LDAP method (ldap-method=strict
in pdns-debian-edu.conf), the forward and reverse DNS entries are
merged into one while making it impossible to transfer the reverse map
to a slave DNS server.</p>

<p>If we also replace the object class used to get the DNS related
attributes to one allowing these attributes to be combined with the
dhcphost object class, we can merge the DNS and DHCP entries into one.
I've written such object class in the dnsdomainaux.schema file (need
proper OIDs, but that is a minor issue), and tested the setup.  It
seem to work.</p>

<p>With this test setup in place, we can get away with one LDAP object
for both DNS and DHCP, and even the LTSP configuration I suggested in
an earlier email.  The combined LDAP object will look something like
this:</p>

<blockquote><pre>
  dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
  cn: hostname
  objectClass: dhcphost
  objectclass: domainrelatedobject
  objectclass: dnsdomainaux
  associateddomain: hostname.intern
  arecord: 10.11.12.13
  dhcphwaddress: ethernet 00:00:00:00:00:00
  dhcpstatements: fixed-address hostname
  ldapconfigsound: Y
</pre></blockquote>

<p>The DNS server uses the associateddomain and arecord entries, while
the DHCP server uses the dhcphwaddress and dhcpstatements entries
before asking DNS to resolve the fixed-adddress.  LTSP will use
dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>

<p>I am not yet sure if I can get the DHCP server to look for its
dhcphost in a different location, to allow us to put the objects
outside the "DHCP Config" subtree, but hope to figure out a way to do
that.  If I can't figure out a way to do that, we can still get rid of
the hosts subtree and move all its content into the DHCP Config tree
(which probably should be renamed to be more related to the new
content.  I suspect cn=dnsdhcp,ou=services or something like that
might be a good place to put it.</p>

<p>If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html">What are they searching for - PowerDNS and ISC DHCP in LDAP</a>
 </div>
 <div class="date">
  2010-07-17 21:00
 </div>

 <div class="body">
  
<p>This is a
<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
on my
<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
work</a> on
<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
all</a> the computer related LDAP objects in Debian Edu.</p>

<p>As a step to try to see if it possible to merge the DNS and DHCP
LDAP objects, I have had a look at how the packages pdns-backend-ldap
and dhcp3-server-ldap in Debian use the LDAP server.  The two
implementations are quite different in how they use LDAP.</p>

To get this information, I started slapd with debugging enabled and
dumped the debug output to a file to get the LDAP searches performed
on a Debian Edu main-server.  Here is a summary.

<p><strong>powerdns</strong></p>

<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
on how to</a> set up PowerDNS to use a LDAP backend is available on
the web.

<p>PowerDNS have two modes of operation using LDAP as its backend.
One "strict" mode where the forward and reverse DNS lookups are done
using the same LDAP objects, and a "tree" mode where the forward and
reverse entries are in two different subtrees in LDAP with a structure
based on the DNS names, as in tjener.intern and
2.2.0.10.in-addr.arpa.</p>

<p>In tree mode, the server is set up to use a LDAP subtree as its
base, and uses a "base" scoped search for the DNS name by adding
"dc=tjener,dc=intern," to the base with a filter for
"(associateddomain=tjener.intern)" for the forward entry and
"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry.  For
forward entries, it is looking for attributes named dnsttl, arecord,
nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
spfrecord and modifytimestamp.  For reverse entries it is looking for
the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
locrecord, srvrecord, naptrrecord and modifytimestamp.  The equivalent
ldapsearch commands could look like this:</p>

<blockquote><pre>
ldapsearch -h ldap \
  -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
  -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
  cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
  rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
  nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
  rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp

ldapsearch -h ldap \
  -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
  -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
  dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
  hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
  srvrecord naptrrecord modifytimestamp
</pre></blockquote>

<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
example LDAP objects used there.  In addition to these objects, the
parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
also exist.</p>

<blockquote><pre>
dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: tjener
arecord: 10.0.2.2
associateddomain: tjener.intern

dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 2
ptrrecord: tjener.intern
associateddomain: 2.2.0.10.in-addr.arpa
</pre></blockquote>

<p>In strict mode, the server behaves differently.  When looking for
forward DNS entries, it is doing a "subtree" scoped search with the
same base as in the tree mode for a object with filter
"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
naptrrecord and modifytimestamp.  For reverse entires it also do a
subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
and the requested attributes are associateddomain, dnsttl and
modifytimestamp.  In short, in strict mode the objects with ptrrecord
go away, and the arecord attribute in the forward object is used
instead.</p>

<p>The forward and reverse searches can be simulated using ldapsearch
like this:</p>

<blockquote><pre>
ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
  '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
  cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
  rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
  nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
  rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp

ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
  '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
</pre></blockquote>

<p>In addition to the forward and reverse searches , there is also a
search for SOA records, which behave similar to the forward and
reverse lookups.</p>

<p>A thing to note with the PowerDNS behaviour is that it do not
specify any objectclass names, and instead look for the attributes it
need to generate a DNS reply.  This make it able to work with any
objectclass that provide the needed attributes.</p>

<p>The attributes are normally provided in the cosine (RFC 1274) and
dnsdomain2 schemas.  The latter is used for reverse entries like
ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>

<p>In Debian Edu, we have created DNS objects using the object classes
dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
attributes) and domainrelatedobject (for associatedDomain).  The use
of structural object classes make it impossible to combine these
classes with the object classes used by DHCP.</p>

<p>There are other schemas that could be used too, for example the
dnszone structural object class used by Gosa and bind-sdb for the DNS
attributes combined with the domainrelatedobject object class, but in
this case some unused attributes would have to be included as well
(zonename and relativedomainname).</p>

<p>My proposal for Debian Edu would be to switch PowerDNS to strict
mode and not use any of the existing objectclasses (dnsdomain,
dnsdomain2 and dnszone) when one want to combine the DNS information
with DHCP information, and instead create a auxiliary object class
defined something like this (using the attributes defined for
dnsdomain and dnsdomain2 or dnszone):</p>

<blockquote><pre>
objectclass ( some-oid NAME 'dnsDomainAux'
    SUP top
    AUXILIARY
    MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
          DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
          TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
          NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
          A6Record $ DNAMERecord
    ))
</pre></blockquote>

<p>This will allow any object to become a DNS entry when combined with
the domainrelatedobject object class, and allow any entity to include
all the attributes PowerDNS wants.  I've sent an email to the PowerDNS
developers asking for their view on this schema and if they are
interested in providing such schema with PowerDNS, and I hope my
message will be accepted into their mailing list soon.</p>

<p><strong>ISC dhcp</strong></p>

<p>The DHCP server searches for specific objectclass and requests all
the object attributes, and then uses the attributes it want.  This
make it harder to figure out exactly what attributes are used, but
thanks to the working example in Debian Edu I can at least get an idea
what is needed without having to read the source code.</p>

<p>In the DHCP server configuration, the LDAP base to use and the
search filter to use to locate the correct dhcpServer entity is
stored.  These are the relevant entries from
/etc/dhcp3/dhcpd.conf:</p>

<blockquote><pre>
ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
ldap-dhcp-server-cn "dhcp";
</pre></blockquote>

<p>The DHCP server uses this information to nest all the DHCP
configuration it need.  The cn "dhcp" is located using the given LDAP
base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))".  The
search result is this entry:</p>

<blockquote><pre>
dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
cn: dhcp
objectClass: top
objectClass: dhcpServer
dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
</pre></blockquote>

<p>The content of the dhcpServiceDN attribute is next used to locate the
subtree with DHCP configuration.  The DHCP configuration subtree base
is located using a base scope search with base "cn=DHCP
Config,dc=skole,dc=skolelinux,dc=no" and filter
"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
The search result is this entry:</p>

<blockquote><pre>
dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
cn: DHCP Config
objectClass: top
objectClass: dhcpService
objectClass: dhcpOptions
dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
dhcpStatements: ddns-update-style none
dhcpStatements: authoritative
dhcpOption: smtp-server code 69 = array of ip-address
dhcpOption: www-server code 72 = array of ip-address
dhcpOption: wpad-url code 252 = text
</pre></blockquote>

<p>Next, the entire subtree is processed, one level at the time.  When
all the DHCP configuration is loaded, it is ready to receive requests.
The subtree in Debian Edu contain objects with object classes
top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
top/dhcpSubnet, top/dhcpGroup and top/dhcpHost.  These provide options
and information about netmasks, dynamic range etc.  Leaving out the
details here because it is not relevant for the focus of my
investigation, which is to see if it is possible to merge dns and dhcp
related computer objects.</p>

<p>When a DHCP request come in, LDAP is searched for the MAC address
of the client (00:00:00:00:00:00 in this example), using a subtree
scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
00:00:00:00:00:00))" as the filter.  This is what a host object look
like:</p>

<blockquote><pre>
dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
cn: hostname
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:00:00:00:00:00
dhcpStatements: fixed-address hostname
</pre></blockquote>

<p>There is less flexiblity in the way LDAP searches are done here.
The object classes need to have fixed names, and the configuration
need to be stored in a fairly specific LDAP structure.  On the
positive side, the invidiual dhcpHost entires can be anywhere without
the DN pointed to by the dhcpServer entries.  The latter should make
it possible to group all host entries in a subtree next to the
configuration entries, and this subtree can also be shared with the
DNS server if the schema proposed above is combined with the dhcpHost
structural object class.

<p><strong>Conclusion</strong></p>

<p>The PowerDNS implementation seem to be very flexible when it come
to which LDAP schemas to use.  While its "tree" mode is rigid when it
come to the the LDAP structure, the "strict" mode is very flexible,
allowing DNS objects to be stored anywhere under the base cn specified
in the configuration.</p>

<p>The DHCP implementation on the other hand is very inflexible, both
regarding which LDAP schemas to use and which LDAP structure to use.
I guess one could implement ones own schema, as long as the
objectclasses and attributes have the names used, but this do not
really help when the DHCP subtree need to have a fairly fixed
structure.</p>

<p>Based on the observed behaviour, I suspect a LDAP structure like
this might work for Debian Edu:</p>

<blockquote><pre>
ou=services
  cn=machine-info (dhcpService) - dhcpServiceDN points here
    cn=dhcp (dhcpServer)
    cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
      cn=10.0.2.0 (dhcpSubnet)
        cn=group1 (dhcpGroup/dhcpOptions)
    cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
      cn=192.168.0.0 (dhcpSubnet)
        cn=group1 (dhcpGroup/dhcpOptions)
    ou=machines - PowerDNS base points here
      cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
</pre></blockquote>

<P>This is not tested yet.  If the DHCP server require the dhcpHost
entries to be in the dhcpGroup subtrees, the entries can be stored
there instead of a common machines subtree, and the PowerDNS base
would have to be moved one level up to the machine-info subtree.</p>

<p>The combined object under the machines subtree would look something
like this:</p>
    
<blockquote><pre>
dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
dc: hostname
objectClass: top
objectClass: dhcpHost
objectclass: domainrelatedobject
objectclass: dnsDomainAux
associateddomain: hostname.intern
arecord: 10.11.12.13
dhcpHWAddress: ethernet 00:00:00:00:00:00
dhcpStatements: fixed-address hostname.intern
</pre></blockquote>

</p>One could even add the LTSP configuration associated with a given
machine, as long as the required attributes are available in a
auxiliary object class.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

<div class="entry">
 <div class="title">
 <a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a>
 </div>
 <div class="date">
  2010-07-27 23:50
 </div>

 <div class="body">
  
<p>I discovered this while doing
<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
testing of upgrades from Debian Lenny to Squeeze</a>.  A few packages
in Debian still got circular dependencies, and it is often claimed
that apt and aptitude should be able to handle this just fine, but
some times these dependency loops causes apt to fail.</p>

<p>An example is from todays
<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
of KDE using aptitude</a>.  In it, a bug in kdebase-workspace-data
causes perl-modules to fail to upgrade.  The cause is simple.  If a
package fail to unpack, then only part of packages with the circular
dependency might end up being unpacked when unpacking aborts, and the
ones already unpacked will fail to configure in the recovery phase
because its dependencies are unavailable.</p>

<p>In this log, the problem manifest itself with this error:</p>

<blockquote><pre>
dpkg: dependency problems prevent configuration of perl-modules:
 perl-modules depends on perl (>= 5.10.1-1); however:
  Version of perl on system is 5.10.0-19lenny2.
dpkg: error processing perl-modules (--configure):
 dependency problems - leaving unconfigured
</pre></blockquote>

<p>The perl/perl-modules circular dependency is already
<a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
hopefully be solved as soon as possible, but it is not the only one,
and each one of these loops in the dependency tree can cause similar
failures.  Of course, they only occur when there are bugs in other
packages causing the unpacking to fail, but it is rather nasty when
the failure of one package causes the problem to become worse because
of dependency loops.</p>

<p>Thanks to
<a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
tireless effort by Bill Allombert</a>, the number of circular
dependencies
<a href="http://debian.semistable.com/debgraph.out.html">left in Debian
is dropping</a>, and perhaps it will reach zero one day. :)</p>

<p>Todays testing also exposed a bug in
<a href="http://bugs.debian.org/590605">update-notifier</a> and
<a href="http://bugs.debian.org/590604">different behaviour</a> between
apt-get and aptitude, the latter possibly caused by some circular
dependency.  Reported both to BTS to try to get someone to look at
it.</p>

 </div>
 <div class="tags">
 

 
  Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
 
 </div>
</div>
<div class="padding"></div>

 <p style="text-align: right;"><a href="debian.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS Feed" width="36" height="14"></a></p>




<div id="sidebar">

<h2>Archive</h2>
<ul>

<li>2010
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (2)</a></li>

</ul></li>

<li>2009
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>

</ul></li>

<li>2008
<ul>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>

<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>

</ul></li>

</ul>



<h2>Tags</h2>
<ul>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (38)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (53)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (71)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (90)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (14)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>

 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>

</ul>

</div>
</body>
</html>