Entries from June 2008 ↓

Installing ruby 1.8.7 (and guessnet) on Hardy

There were some vulnerabilities in Ruby which are supposedly fixed in ruby 1.8.7. Because of that and because it’s always nice to have the latest, I installed ruby from Ubuntu Intrepid on Hardy Herron.

And while I was doing that I also decided to install guessnet from Intrepid. So I don’t have to compile guessnet anymore.

It involves two steps:

  1. Updating you apt sources
  2. Making sure only ruby and guessnet are going to be installed from the new sources. Not all the packages!

1. Updating your sources

Create /etc/apt/sources.list.d/intrepid.list and copy the following code into it:

deb http://nl.archive.ubuntu.com/ubuntu/ intrepid main restricted multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates main restricted multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid universe
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid universe
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates universe
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse
# deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository. This software is not part of Ubuntu, but is
## offered by Canonical and the respective vendors as a service to Ubuntu
## users.
deb http://archive.canonical.com/ubuntu intrepid partner
# deb-src http://archive.canonical.com/ubuntu intrepid partner

deb http://security.ubuntu.com/ubuntu intrepid-security main restricted multiverse
deb-src http://security.ubuntu.com/ubuntu intrepid-security main restricted
deb http://security.ubuntu.com/ubuntu intrepid-security universe
deb-src http://security.ubuntu.com/ubuntu intrepid-security universe

2. Apt preferences

If /etc/apt/preferences does not exist, touch it!

Then copy this code into it:

Package: *
Pin: release v=8.10
Pin-Priority: -1
Package: ruby
Pin: release v=8.10
Pin-Priority: 500

Package: ruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: libruby
Pin: release v=8.10
Pin-Priority: 500

Package: libruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: rdoc
Pin: release v=8.10
Pin-Priority: 500

Package: rdoc1.8
Pin: release v=8.10
Pin-Priority: 500

Package: ri
Pin: release v=8.10
Pin-Priority: 500

Package: ri1.8
Pin: release v=8.10
Pin-Priority: 500

Package: irb
Pin: release v=8.10
Pin-Priority: 500

Package: irb1.8
Pin: release v=8.10
Pin-Priority: 500

Package: libopenssl-ruby
Pin: release v=8.10
Pin-Priority: 500

Package: libreadline-ruby
Pin: release v=8.10
Pin-Priority: 500

Package: libreadline-ruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: ruby-dev
Pin: release v=8.10
Pin-Priority: 500

Package: ruby1.8-dev
Pin: release v=8.10
Pin-Priority: 500
Package: guessnet
Pin: release v=8.10
Pin-Priority: 501

That’s all! “Aptitude update” & “aptitude install ruby guessnet” and you are good to go.

I tried using the “Package” keyword with wildcards, but that’s a no-go :(

Downloading Netbeans nightly builds

I’m starting with Python/GtkBuilder and I wanted a nice IDE for Python. Because I really like using netbeans for coding ruby, I gave it a try for python. But the support for python is still alpha. :(

For it to work you have to download the latest (nightly) netbeans build and the netbeans python plugin(s)

mime_magic errors with php4

I went to a customer for our three-weekly sprint review, I opened my mail there and it was full with hundreds of failed cronjobs. Ah, shit! Another night at the datacenter? But it wasn’t that bad :)

The server had ran an update of php that night and it broke. When I ran php4 from the commandline I got these errors:

PHP Warning: mime_magic: type search/400 \\input text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type search/400 \\section text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type search/400 \\setlength text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type search/400 \\documentstyle text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type search/400 \\chapter text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type search/400 \\documentclass text/x-tex invalid in Unknown on line 0
PHP Warning: mime_magic: type regex [Cc]onstant[[:space:]]+[Ss]tory text/x-inform invalid in Unknown on line 0

Wait a minute… I know these errors! But, of course, I hadn’t documented the solution when I first fixed them. So after much searching I found the workarround again:

In the /usr/share/misc/magic.mime file, find the section that begins "# TeX documents, from Daniel Quinlan" and comment out the lines in that section.

# TeX documents, from Daniel Quinlan (quinlan@yggdrasil.com)
#0 search/400 \\input text/x-tex
#0 search/400 \\section text/x-tex
#0 search/400 \\setlength text/x-tex
#0 search/400 \\documentstyle text/x-tex
#0 search/400 \\chapter text/x-tex
#0 search/400 \\documentclass text/x-tex

# Type: Inform interactive fiction language
# URL: http://www.inform-fiction.org/
# From: Reuben Thomas
#0 regex [Cc]onstant[[:space:]]+[Ss]tory text/x-inform

NOTE: For Debian, it appears that this file is located at /usr/share/file/magic.mime!

How to make a diff/patch


I had to make a couple of diff’s lately and I always forget what switch to use :P

So here is it:

diff orig_file patched_file -u

Apache2 umask: testserver purposes!

On v2 of my website I wrote a post on configuring a webserver for testing/developing purposes. In that post I explained how to adjust the umask of Apache. I did that by changing the Apache startup script. But, of course, when apache is updated/upgraded, you custom mod will dissapear. In coincidence I stumbled upon a post that explained how to add environment variables to apache without modding the distribution scripts.

All you do is adding the desired variables to “/etc/apache2/envars”. That’s it!

rubygems: updating to 1.2.0

I’ve installed rubygems manually (no package manager) in my home directory. But since then “gem –version” reported that it could not it’s version. So now I’ve removed the previous installed version, downloaded the tar and reinstalled. I’ve used this command to install this time:

ruby setup.rb --destdir=~/.rubygems --prefix=/

And now it runs fine!

leon@polly:~$ gem1.8 --version
1.2.0

And I’ve installed ruby 1.8.7 (from Intrepid) on Ubuntu Hardy. But more on that in my next post.

Puppet troubles

I’ve installed puppet recently and I’m know trying to understand how it works and make use of it :)

If that’s not difficult enough, I encountered this weird behaviour that the –noop argument didn’t do anything. After an hour of searching I realized it was my own stupid fault!

I had to puppet configuration files: /etc/puppet/puppetd.conf (old way) and /etc/puppet/puppet.conf (new way). I browsed throught the source code and it looks like puppet first checks the old file, if it is found it parses that one. If it’s not found, the new file is parsed. I don’t know why, but if the old file is used, the –noop argument isn’t parsed by puppet. So removing /etc/puppet/puppetd.conf was all I had to do. Pffff….

But why did I create the puppetd.conf file? Because I’v read the “Pulling strings with puppet”-book. And althought it’s fairly new, puppet is advancing at a very high rate. So the book is becoming out-of-date already.

Installing Fedora core via pxe

I really like ubuntu and I wouldn’t try anything else if it wasn’t for Xen. I was trying to install Xen + xenman/virt-manager of Ubuntu Hardy. But xenman doesn’t install (the pulled it out of the repositories) and virt-manager gives all kind of python errors. Thank you ubuntu! Very nice with a long term release. And nobody’s even answered my bugreport about this issue.

So I decided to give Fedora a try. They’re the real driving force behind libvirt and Xen (Ubuntu picks kvm over Xen). So that must work?!

Because the pc I do all my testing on doesn’t have a cdrom drive I need to do a netboot (pxe) and install the desired distribution via a remote install. Ubuntu/debian has very nice images for this to do. Fedora takes a little more work to set this up. But their installer has a lot more options than the ubuntu/debian netboot. For instance, it’s possible to start a headless vnc install with Fedora. So when the netboot image has booted, you can connect to it with a remote client via vnc. Really nice! Especially if it’s a server where you don’t want to connect a monitor to it.

So how did I set up the tftp layout for Fedora? I used the two resources for documentation:

So after setting up the directory structure and downloading the initrd.img & vmlinuz, it was time to boot into the pxe image of fedora. This is the pxelinux.cfg/default by the way:

default install

LABEL install
kernel i386/vmlinuz
append initrd=i386/initrd.img vnc ip=dhcp ksdevice=eth0 method=http://download.fedora.redhat.com/pub/fedora/linux/releases/9/Fedora/i386/os/ lang=en_US keymap=us

After the boot I have to skip one screen which asks if it should use ipv4 and/or ipv6. It’s really annoying, but I couldn’t find a way to disable.

Why is it annoying? Because you have to hook up a keyboard + monitor for it to confirm the question. When you’ve confirmed the question it boots up the installer in which you can login with vnc. So you don’t need a keyboard anymore at that point. The vnc server port is 5901! Not the standard 5900!

The Fedora installer really looks nice and Fedora itself has some nice things and some less nicer things. But more on that in my next post about Fedora 9.

compiling suexec: the fast way (because your website is down)

At Tim_online we have several webservers and each of them have apache2 installed running php with fcgid (a fastcgi implementation). Why this configuration and not mod_php? Because it is reasonably fast (at leaster faster than plain cgi) an secure (because it doesn’t run under the apache user).

For it to run php scripts as the website owner, you need suexec.

Suexec is a mechanism supplied with Apache that allows to execute CGI scripts as the user they belong to, rather than Apache’s wwwrun user. This improves security in situations where multiple mutually distrusting users have the possibility to put CGI content on the server.

So when u visitor requests one of the webpages of one of my customers the proces looks like this:

request -> apache -> fastcgi -> suexec -> proxy -> php file

I don’t exactly know anymore why the proxy is required, but it is :)
Know the problem is: suexec (by default) can’t execute the proxy file, because it isn’t owned by the php file owner. So you have to hack suexec to make this work.

I did this. And everything worked. The webservers were happy to serve al these requests untill one day apache get updated. The automatic ubuntu updates push a new version of apache with a new suexec binary. Problem!

So when you come at work there are 16 “missed incoming calls” and you co-workers are going mad with all the dissapointed customers. You look at the apache logs: hmzzz, suexec is giving 120 errors… What could that be? !Ping! Suexec ofcourse. Let’s see, how did I solve this problem the last time. First let’s download the apache sources. ./configure. Yes. now where’s suexec.c? Ah, cd support. Now,  make suexec. Wait, missing headers. Let’s install those first. Make suexec. Arrgh. It doesn’t work! Suexec -v. Wait, forgot to adjust the ap_httpd_user, ow, and comment out the offending lines. Yes, this should work. Ok. Copy it to /usr/lib/apache2. Ok, it works!

But at that time, an hour has past. If you can find the right files at once. So I decided to write down the steps I took to download, configure and compile suexec the quickest and simplest way. Here we go:

sudo apt-get install apache2-threaded-dev
mkdir -p ~/src/suexec
cd ~/src/suexec
sudo apt-get install apache2-threaded-dev
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.c
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.h
wget http://www.vanutsteen.nl/wp-content/uploads/2008/06/suexecc.patch
patch suexec.c suexec.c.patch -o suexec.patched.c
gcc -DLOG_EXEC='"/var/log/apache2/suexec.log"' -DAP_HTTPD_USER='"www-data"' -DAP_DOC_ROOT='"/var/www"' -I/usr/include/apr-1.0 -I/usr/include/apache2  -o suexec suexec.patched.c

That’s it! Test it by doing: sudo ./suexec -V
That should output:

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

Basically what I did:

  1. I installed the necessary headers
  2. Got the latests suexec code from the apache svn repo
  3. Downloaded the suexec patch from my blog
  4. Patched suexec to disable the file owner check
  5. Compiled suexec with the default ubuntu options

I bought a Harmony 525

A.K.A.: I bought a Logitech Harmony 525 remote control and a €1.49 remote saved my day!

When I say “525″ in this post, I of course mean the Logitech Harmony 525.

My boss gave me a Mediamarkt gift coupon and this week I decided to buy something for it. I chose a universal remote control, because my current tv (also from my boss :) ) had no remote control. I believe his daughter bit it to pieces :p

Logitech seemed a wise choice. I think it’s a trustworthy brand, and I really like their squeezebox line.

I plugged it in and of course linux doesn’t have any descent support for it :(

But Virtualbox to the rescue. I had already have it installed, so I fired it up, but the logitech remote didn’t show up in Windows. Hmzz, after reading the virtualbox FAQ I added this line to my /etc/fstab:

none /proc/bus/usb usbfs devgid=46,devmode=664 0 0

Restarted my box, fired up Virtualbox and voila: I could now access the remote from Windows XP. After installing the driver and signing up for an account I was of. Added my xbox, dvd player an tv to the remote and it worked! Not like a charm, because not all of the features of the original remote of my tv (a Sanyo CE28FWH2F-C) were added to the 525. A search on google didn’t return anything useful so the only solution was to copy the infrared codes from the original remote. But I didn’t have it so I took my chances with a cheap 1,49 remote from Action. And because of the nice Harmony remote software it was easy as pie.

Cheap remote