X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/1a61a65f98e142155ea20c7a346739b629d5511f..4daa5666ee754c5a84ae9d3951624f9c0a953d98:/blog/tags/debian/index.html diff --git a/blog/tags/debian/index.html b/blog/tags/debian/index.html index 56f39016fb..25241f55b3 100644 --- a/blog/tags/debian/index.html +++ b/blog/tags/debian/index.html @@ -20,6 +20,791 @@

Entries tagged "debian".

+
+
+ New home and release 1.0 for netgroup and innetgr (aka ng-utils) +
+
+ 22nd February 2014 +
+
+

Many years ago, I wrote a GPL licensed version of the netgroup and +innetgr tools, because I needed them in +Skolelinux. I called the project +ng-utils, and it has served me well. I placed the project under the +Hungry Programmer umbrella, and it was maintained in our CVS +repository. But many years ago, the CVS repository was dropped (lost, +not migrated to new hardware, not sure), and the project have lacked a +proper home since then.

+ +

Last summer, I had a look at the package and made a new release +fixing a irritating crash bug, but was unable to store the changes in +a proper source control system. I applied for a project on +Alioth, but did not have time +to follow up on it. Until today. :)

+ +

After many hours of cleaning and migration, the ng-utils project +now have a new home, and a git repository with the highlight of the +history of the project. I published all release tarballs and imported +them into the git repository. As the project is really stable and not +expected to gain new features any time soon, I decided to make a new +release and call it 1.0. Visit the new project home on +https://alioth.debian.org/projects/ng-utils/ +if you want to check it out. The new version is also uploaded into +Debian Unstable.

+ +
+
+ + + Tags: debian, english. + + +
+
+
+ +
+
+ Testing sysvinit from experimental in Debian Hurd +
+
+ 3rd February 2014 +
+
+

A few days ago I decided to try to help the Hurd people to get +their changes into sysvinit, to allow them to use the normal sysvinit +boot system instead of their old one. This follow up on the +great +Google Summer of Code work done last summer by Justus Winter to +get Debian on Hurd working more like Debian on Linux. To get started, +I downloaded a prebuilt hard disk image from +http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz, +and started it using virt-manager.

+ +

The first think I had to do after logging in (root without any +password) was to get the network operational. I followed +the +instructions on the Debian GNU/Hurd ports page and ran these +commands as root to get the machine to accept a IP address from the +kvm internal DHCP server:

+ +

+settrans -fgap /dev/netdde /hurd/netdde
+kill $(ps -ef|awk '/[p]finet/ { print $2}')
+kill $(ps -ef|awk '/[d]evnode/ { print $2}')
+dhclient /dev/eth0
+

+ +

After this, the machine had internet connectivity, and I could +upgrade it and install the sysvinit packages from experimental and +enable it as the default boot system in Hurd.

+ +

But before I did that, I set a password on the root user, as ssh is +running on the machine it for ssh login to work a password need to be +set. Also, note that a bug somewhere in openssh on Hurd block +compression from working. Remember to turn that off on the client +side.

+ +

Run these commands as root to upgrade and test the new sysvinit +stuff:

+ +

+cat > /etc/apt/sources.list.d/experimental.list <<EOF
+deb http://http.debian.net/debian/ experimental main
+EOF
+apt-get update
+apt-get dist-upgrade
+apt-get install -t experimental initscripts sysv-rc sysvinit \
+    sysvinit-core sysvinit-utils
+update-alternatives --config runsystem
+

+ +

To reboot after switching boot system, you have to use +reboot-hurd instead of just reboot, as there is not +yet a sysvinit process able to receive the signals from the normal +'reboot' command. After switching to sysvinit as the boot system, +upgrading every package and rebooting, the network come up with DHCP +after boot as it should, and the settrans/pkill hack mentioned at the +start is no longer needed. But for some strange reason, there are no +longer any login prompt in the virtual console, so I logged in using +ssh instead. + +

Note that there are some race conditions in Hurd making the boot +fail some times. No idea what the cause is, but hope the Hurd porters +figure it out. At least Justus said on IRC (#debian-hurd on +irc.debian.org) that they are aware of the problem. A way to reduce +the impact is to upgrade to the Hurd packages built by Justus by +adding this repository to the machine:

+ +

+cat > /etc/apt/sources.list.d/hurd-ci.list <<EOF
+deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
+EOF
+

+ +

At the moment the prebuilt virtual machine get some packages from +http://ftp.debian-ports.org/debian, because some of the packages in +unstable do not yet include the required patches that are lingering in +BTS. This is the completely list of "unofficial" packages installed:

+ +

+# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
+i   emacs                   - GNU Emacs editor (metapackage)
+i   gdb                     - GNU Debugger
+i   hurd-recommended        - Miscellaneous translators
+i   isc-dhcp-client         - ISC DHCP client
+i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
+i   libc-bin                - Embedded GNU C Library: Binaries
+i   libc-dev-bin            - Embedded GNU C Library: Development binaries
+i   libc0.3                 - Embedded GNU C Library: Shared libraries
+i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
+i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
+i   multiarch-support       - Transitional package to ensure multiarch compatibilit
+i A x11-common              - X Window System (X.Org) infrastructure
+i   xorg                    - X.Org X Window System
+i A xserver-xorg            - X.Org X server
+i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
+#
+

+ +

All in all, testing hurd has been an interesting experience. :) +X.org did not work out of the box and I never took the time to follow +the porters instructions to fix it. This time I was interested in the +command line stuff.

+ +

+
+ + + Tags: bootsystem, debian, english. + + +
+
+
+ +
+
+ New chrpath release 0.16 +
+
+ 14th January 2014 +
+
+

Coverity is a nice tool to +find problems in C, C++ and Java code using static source code +analysis. It can detect a lot of different problems, and is very +useful to find memory and locking bugs in the error handling part of +the source. The company behind it provide +check of free software projects as +a community service, and many hundred free software projects are +already checked. A few days ago I decided to have a closer look at +the Coverity system, and discovered that the +gnash and +ipmitool +projects I am involved with was already registered. But these are +fairly big, and I would also like to have a small and easy project to +check, and decided to request +checking of the chrpath project. It was +added to the checker and discovered seven potential defects. Six of +these were real, mostly resource "leak" when the program detected an +error. Nothing serious, as the resources would be released a fraction +of a second later when the program exited because of the error, but it +is nice to do it right in case the source of the program some time in +the future end up in a library. Having fixed all defects and added +a +mailing list for the chrpath developers, I decided it was time to +publish a new release. These are the release notes:

+ +

New in 0.16 released 2014-01-14:

+ + + +

You can +download the +new version 0.16 from alioth. Please let us know via the Alioth +project if something is wrong with the new release. The test suite +did not discover any old errors, so if you find a new one, please also +include a test suite check.

+ +
+
+ + + Tags: chrpath, debian, english. + + +
+
+
+ +
+
+ New chrpath release 0.15 +
+
+ 24th November 2013 +
+
+

After many years break from the package and a vain hope that +development would be continued by someone else, I finally pulled my +acts together this morning and wrapped up a new release of chrpath, +the command line tool to modify the rpath and runpath of already +compiled ELF programs. The update was triggered by the persistence of +Isha Vishnoi at IBM, which needed a new config.guess file to get +support for the ppc64le architecture (powerpc 64-bit Little Endian) he +is working on. I checked the +Debian, +Ubuntu and +Fedora +packages for interesting patches (failed to find the source from +OpenSUSE and Mandriva packages), and found quite a few nice fixes. +These are the release notes:

+ +

New in 0.15 released 2013-11-24:

+ + + +

You can +download the +new version 0.15 from alioth. Please let us know via the Alioth +project if something is wrong with the new release. The test suite +did not discover any old errors, so if you find a new one, please also +include a testsuite check.

+ +
+
+ + + Tags: chrpath, debian, english. + + +
+
+
+ +
+
+ Debian init.d boot script example for rsyslog +
+
+ 2nd November 2013 +
+
+

If one of the points of switching to a new init system in Debian is +to get rid of huge +init.d scripts, I doubt we need to switch away from sysvinit and +init.d scripts at all. Here is an example init.d script, ie a rewrite +of /etc/init.d/rsyslog:

+ +

+#!/lib/init/init-d-script
+### BEGIN INIT INFO
+# Provides:          rsyslog
+# Required-Start:    $remote_fs $time
+# Required-Stop:     umountnfs $time
+# X-Stop-After:      sendsigs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: enhanced syslogd
+# Description:       Rsyslog is an enhanced multi-threaded syslogd.
+#                    It is quite compatible to stock sysklogd and can be 
+#                    used as a drop-in replacement.
+### END INIT INFO
+DESC="enhanced syslogd"
+DAEMON=/usr/sbin/rsyslogd
+

+ +

Pretty minimalistic to me... For the record, the original sysv-rc +script was 137 lines, and the above is just 15 lines, most of it meta +info/comments.

+ +

How to do this, you ask? Well, one create a new script +/lib/init/init-d-script looking something like this: + +

+#!/bin/sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+
+#
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		$DAEMON_ARGS \
+		|| return 2
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+	#
+	# If the daemon can reload its configuration without
+	# restarting (for example, when it is sent a SIGHUP),
+	# then implement that here.
+	#
+	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+	return 0
+}
+
+SCRIPTNAME=$1
+scriptbasename="$(basename $1)"
+echo "SN: $scriptbasename"
+if [ "$scriptbasename" != "init-d-library" ] ; then
+    script="$1"
+    shift
+    . $script
+else
+    exit 0
+fi
+
+NAME=$(basename $DAEMON)
+PIDFILE=/var/run/$NAME.pid
+
+# Exit if the package is not installed
+#[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+case "$1" in
+  start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  status)
+	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+	;;
+  #reload|force-reload)
+	#
+	# If do_reload() is not implemented then leave this commented out
+	# and leave 'force-reload' as an alias for 'restart'.
+	#
+	#log_daemon_msg "Reloading $DESC" "$NAME"
+	#do_reload
+	#log_end_msg $?
+	#;;
+  restart|force-reload)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+		# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:
+

+ +

It is based on /etc/init.d/skeleton, and could be improved quite a +lot. I did not really polish the approach, so it might not always +work out of the box, but you get the idea. I did not try very hard to +optimize it nor make it more robust either.

+ +

A better argument for switching init system in Debian than reducing +the size of init scripts (which is a good thing to do anyway), is to +get boot system that is able to handle the kernel events sensibly and +robustly, and do not depend on the boot to run sequentially. The boot +and the kernel have not behaved sequentially in years.

+ +
+
+ + + Tags: bootsystem, debian, english. + + +
+
+
+ +
+
+ Browser plugin for SPICE (spice-xpi) uploaded to Debian +
+
+ 1st November 2013 +
+
+

The SPICE protocol for +remote display access is the preferred solution with oVirt and RedHat +Enterprise Virtualization, and I was sad to discover the other day +that the browser plugin needed to use these systems seamlessly was +missing in Debian. The request +for a package was from 2012-04-10 with no progress since +2013-04-01, so I decided to wrap up a package based on the great work +from Cajus Pollmeier and put it in a collab-maint maintained git +repository to get a package I could use. I would very much like +others to help me maintain the package (or just take over, I do not +mind), but as no-one had volunteered so far, I just uploaded it to +NEW. I hope it will be available in Debian in a few days.

+ +

The source is now available from +http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary.

+ +
+
+ + + Tags: debian, english. + + +
+
+
+ +
+
+ Teaching vmdebootstrap to create Raspberry Pi SD card images +
+
+ 27th October 2013 +
+
+

The +vmdebootstrap +program is a a very nice system to create virtual machine images. It +create a image file, add a partition table, mount it and run +debootstrap in the mounted directory to create a Debian system on a +stick. Yesterday, I decided to try to teach it how to make images for +Raspberry Pi, as part +of a plan to simplify the build system for +the FreedomBox +project. The FreedomBox project already uses vmdebootstrap for +the virtualbox images, but its current build system made multistrap +based system for Dreamplug images, and it is lacking support for +Raspberry Pi.

+ +

Armed with the knowledge on how to build "foreign" (aka non-native +architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap +code and adjusted it to be able to build armel images on my amd64 +Debian laptop. I ended up giving vmdebootstrap five new options, +allowing me to replicate the image creation process I use to make +Debian +Jessie based mesh node images for the Raspberry Pi. First, the +--foreign /path/to/binfm_handler option tell vmdebootstrap to +call debootstrap with --foreign and to copy the handler into the +generated chroot before running the second stage. This allow +vmdebootstrap to create armel images on an amd64 host. Next I added +two new options --bootsize size and --boottype +fstype to teach it to create a separate /boot/ partition with the +given file system type, allowing me to create an image with a vfat +partition for the /boot/ stuff. I also added a --variant +variant option to allow me to create smaller images without the +Debian base system packages installed. Finally, I added an option +--no-extlinux to tell vmdebootstrap to not install extlinux +as a boot loader. It is not needed on the Raspberry Pi and probably +most other non-x86 architectures. The changes were accepted by the +upstream author of vmdebootstrap yesterday and today, and is now +available from +the +upstream project page.

+ +

To use it to build a Raspberry Pi image using Debian Jessie, first +create a small script (the customize script) to add the non-free +binary blob needed to boot the Raspberry Pi and the APT source +list:

+ +

+#!/bin/sh
+set -e # Exit on first error
+rootdir="$1"
+cd "$rootdir"
+cat <<EOF > etc/apt/sources.list
+deb http://http.debian.net/debian/ jessie main contrib non-free
+EOF
+# Install non-free binary blob needed to boot Raspberry Pi.  This
+# install a kernel somewhere too.
+wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
+    -O $rootdir/usr/bin/rpi-update
+chmod a+x $rootdir/usr/bin/rpi-update
+mkdir -p $rootdir/lib/modules
+touch $rootdir/boot/start.elf
+chroot $rootdir rpi-update
+

+ +

Next, fetch the latest vmdebootstrap script and call it like this +to build the image:

+ +
+sudo ./vmdebootstrap \
+    --variant minbase \
+    --arch armel \
+    --distribution jessie \
+    --mirror http://http.debian.net/debian \
+    --image test.img \
+    --size 600M \
+    --bootsize 64M \
+    --boottype vfat \
+    --log-level debug \
+    --verbose \
+    --no-kernel \
+    --no-extlinux \
+    --root-password raspberry \
+    --hostname raspberrypi \
+    --foreign /usr/bin/qemu-arm-static \
+    --customize `pwd`/customize \
+    --package netbase \
+    --package git-core \
+    --package binutils \
+    --package ca-certificates \
+    --package wget \
+    --package kmod
+

+ +

The list of packages being installed are the ones needed by +rpi-update to make the image bootable on the Raspberry Pi, with the +exception of netbase, which is needed by debootstrap to find +/etc/hosts with the minbase variant. I really wish there was a way to +set up an Raspberry Pi using only packages in the Debian archive, but +that is not possible as far as I know, because it boots from the GPU +using a non-free binary blob.

+ +

The build host need debootstrap, kpartx and qemu-user-static and +probably a few others installed. I have not checked the complete +build dependency list.

+ +

The resulting image will not use the hardware floating point unit +on the Raspberry PI, because the armel architecture in Debian is not +optimized for that use. So the images created will be a bit slower +than Raspbian based images.

+ +
+
+ + + Tags: debian, english, freedombox, mesh network. + + +
+
+
+ +
+
+ Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway +
+
+ 15th October 2013 +
+
+

The last few days I came across a few good causes that should get +wider attention. I recommend signing and donating to each one of +these. :)

+ +

Via Debian +Project News for 2013-10-14 I came across the Outreach Program for +Women program which is a Google Summer of Code like initiative to get +more women involved in free software. One debian sponsor has offered +to match any donation done to Debian +earmarked for this initiative. I donated a few minutes ago, and +hope you will to. :)

+ +

And the Electronic Frontier Foundation just announced plans to +create video +documentaries about the excessive spying on every Internet user that +take place these days, and their need to fund the work. I've already +donated. Are you next?

+ +

For my Norwegian audience, the organisation Studentenes og +Akademikernes Internasjonale Hjelpefond is collecting signatures for a +statement under the heading +Bloggers United for Open +Access for those of us asking for more focus on open access in the +Norwegian government. So far 499 signatures. I hope you will sign it +too.

+ +
+
+ + + Tags: debian, english, opphavsrett, surveillance. + + +
+
+
+ +
+
+ Videos about the Freedombox project - for inspiration and learning +
+
+ 27th September 2013 +
+
+

The Freedombox +project have been going on for a while, and have presented the +vision, ideas and solution several places. Here is a little +collection of videos of talks and presentation of the project.

+ + + +

A larger list is available from +the +Freedombox Wiki.

+ +

On other news, I am happy to report that Freedombox based on Debian +Jessie is coming along quite well, and soon both Owncloud and using +Tor should be available for testers of the Freedombox solution. :) In +a few weeks I hope everything needed to test it is included in Debian. +The withsqlite package is already in Debian, and the plinth package is +pending in NEW. The third and vital part of that puzzle is the +metapackage/setup framework, which is still pending an upload. Join +us on IRC +(#freedombox on irc.debian.org) and +the +mailing list if you want to help make this vision come true.

+ +
+
+ + + Tags: debian, english, freedombox, sikkerhet, surveillance, web. + + +
+
+
+
Recipe to test the Freedombox project on amd64 or Raspberry Pi @@ -51,8 +836,8 @@ up in their home and get access to secure and private services and communication. The initial deployment platform have been the Dreamplug, which is a piece of hardware I do not own. So to be able to test what -the current Freedombox setup, I had to come up with a way to install -it on some hardware I do got access to. I have rewritten the +the current Freedombox setup look like, I had to come up with a way to install +it on some hardware I do have access to. I have rewritten the freedom-maker image build framework to use .deb packages instead of only copying setup into the boot images, and thanks to this rewrite I am able to @@ -82,7 +867,7 @@ users. I've not been able to do anything else with it so far, but know there are several branches spread around github and other places with lots of half baked features.

-

Anyway, if you want to have a look at the current stat, the +

Anyway, if you want to have a look at the current state, the following recipes should work to give you a test machine to poke at.

@@ -137,7 +922,7 @@ short "apt-get source -b freedombox-privoxy" away. :)

off the DHCP server by running "update-rc.d isc-dhcp-server disable" as root.

-

Please let me know if this work for you, or if you have any +

Please let me know if this works for you, or if you have any problems. We gather on the IRC channel #freedombox on irc.debian.org and the @@ -6631,6 +7416,15 @@ be the only one fitting our needs. :/

Archive