Entries Tagged 'development' ↓

Deploying, merb, capistrano & passenger

First of all I did a:

capify .

And used this deploy.rb

Then to setup the current, releases, etc. directories:

cap deploy:setup

Then, when I tried to login via ssh with shared key: nothing!
After some searching I found out that capistrano messed up the permissions on the .ssh directory :(

To fix it:

chmod 755 $HOME
chmod 755 $HOME/.ssh
chmod 644 $HOME/.ssh/authorized_keys

New ticket/issue tracking software


I was surfing for some ticketing / project management software and it returned the following result:

Especially Sifter looks really nice! But… it isn’t open source. So too bad. I went with Redmine: open source, ruby on rails and already a nice feature set!

A nice overview of bug/issue tracking systems can be found on wikipedia.

Css flash messages

I was reading a nice article on Ruby on Rails flesh messages. It linked to an article about styling message boxes with css.

I’m a real sucker for nice message boxes. If you are too: this is a must-read.

vpnc with openssl!

The default vpnc in Ubuntu comes without openssl support. Bugger… But with these few lines of code this is solved:

sudo apt-get update
sudo apt-get build-dep vpnc
sudo apt-get install libssl-dev
mkdir ~/src/vpnc -p
cd ~/src/vpnc
apt-get source vpnc
cd vpnc-*
dpkg-buildpackage
sudo dpkg -i ../vpnc*.deb

Et voila: vpnc with openssl!

Installing ruby 1.8.7 (and guessnet) on Hardy

There were some vulnerabilities in Ruby which are supposedly fixed in ruby 1.8.7. Because of that and because it’s always nice to have the latest, I installed ruby from Ubuntu Intrepid on Hardy Herron.

And while I was doing that I also decided to install guessnet from Intrepid. So I don’t have to compile guessnet anymore.

It involves two steps:

  1. Updating you apt sources
  2. Making sure only ruby and guessnet are going to be installed from the new sources. Not all the packages!

1. Updating your sources

Create /etc/apt/sources.list.d/intrepid.list and copy the following code into it:

deb http://nl.archive.ubuntu.com/ubuntu/ intrepid main restricted multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates main restricted multiverse
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid universe
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid universe
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates universe
deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://nl.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse
# deb-src http://nl.archive.ubuntu.com/ubuntu/ intrepid-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository. This software is not part of Ubuntu, but is
## offered by Canonical and the respective vendors as a service to Ubuntu
## users.
deb http://archive.canonical.com/ubuntu intrepid partner
# deb-src http://archive.canonical.com/ubuntu intrepid partner

deb http://security.ubuntu.com/ubuntu intrepid-security main restricted multiverse
deb-src http://security.ubuntu.com/ubuntu intrepid-security main restricted
deb http://security.ubuntu.com/ubuntu intrepid-security universe
deb-src http://security.ubuntu.com/ubuntu intrepid-security universe

2. Apt preferences

If /etc/apt/preferences does not exist, touch it!

Then copy this code into it:

Package: *
Pin: release v=8.10
Pin-Priority: -1
Package: ruby
Pin: release v=8.10
Pin-Priority: 500

Package: ruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: libruby
Pin: release v=8.10
Pin-Priority: 500

Package: libruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: rdoc
Pin: release v=8.10
Pin-Priority: 500

Package: rdoc1.8
Pin: release v=8.10
Pin-Priority: 500

Package: ri
Pin: release v=8.10
Pin-Priority: 500

Package: ri1.8
Pin: release v=8.10
Pin-Priority: 500

Package: irb
Pin: release v=8.10
Pin-Priority: 500

Package: irb1.8
Pin: release v=8.10
Pin-Priority: 500

Package: libopenssl-ruby
Pin: release v=8.10
Pin-Priority: 500

Package: libreadline-ruby
Pin: release v=8.10
Pin-Priority: 500

Package: libreadline-ruby1.8
Pin: release v=8.10
Pin-Priority: 500

Package: ruby-dev
Pin: release v=8.10
Pin-Priority: 500

Package: ruby1.8-dev
Pin: release v=8.10
Pin-Priority: 500
Package: guessnet
Pin: release v=8.10
Pin-Priority: 501

That’s all! “Aptitude update” & “aptitude install ruby guessnet” and you are good to go.

I tried using the “Package” keyword with wildcards, but that’s a no-go :(

Downloading Netbeans nightly builds

I’m starting with Python/GtkBuilder and I wanted a nice IDE for Python. Because I really like using netbeans for coding ruby, I gave it a try for python. But the support for python is still alpha. :(

For it to work you have to download the latest (nightly) netbeans build and the netbeans python plugin(s)

How to make a diff/patch


I had to make a couple of diff’s lately and I always forget what switch to use :P

So here is it:

diff orig_file patched_file -u

Apache2 umask: testserver purposes!

On v2 of my website I wrote a post on configuring a webserver for testing/developing purposes. In that post I explained how to adjust the umask of Apache. I did that by changing the Apache startup script. But, of course, when apache is updated/upgraded, you custom mod will dissapear. In coincidence I stumbled upon a post that explained how to add environment variables to apache without modding the distribution scripts.

All you do is adding the desired variables to “/etc/apache2/envars”. That’s it!

Puppet troubles

I’ve installed puppet recently and I’m know trying to understand how it works and make use of it :)

If that’s not difficult enough, I encountered this weird behaviour that the –noop argument didn’t do anything. After an hour of searching I realized it was my own stupid fault!

I had to puppet configuration files: /etc/puppet/puppetd.conf (old way) and /etc/puppet/puppet.conf (new way). I browsed throught the source code and it looks like puppet first checks the old file, if it is found it parses that one. If it’s not found, the new file is parsed. I don’t know why, but if the old file is used, the –noop argument isn’t parsed by puppet. So removing /etc/puppet/puppetd.conf was all I had to do. Pffff….

But why did I create the puppetd.conf file? Because I’v read the “Pulling strings with puppet”-book. And althought it’s fairly new, puppet is advancing at a very high rate. So the book is becoming out-of-date already.

compiling suexec: the fast way (because your website is down)

At Tim_online we have several webservers and each of them have apache2 installed running php with fcgid (a fastcgi implementation). Why this configuration and not mod_php? Because it is reasonably fast (at leaster faster than plain cgi) an secure (because it doesn’t run under the apache user).

For it to run php scripts as the website owner, you need suexec.

Suexec is a mechanism supplied with Apache that allows to execute CGI scripts as the user they belong to, rather than Apache’s wwwrun user. This improves security in situations where multiple mutually distrusting users have the possibility to put CGI content on the server.

So when u visitor requests one of the webpages of one of my customers the proces looks like this:

request -> apache -> fastcgi -> suexec -> proxy -> php file

I don’t exactly know anymore why the proxy is required, but it is :)
Know the problem is: suexec (by default) can’t execute the proxy file, because it isn’t owned by the php file owner. So you have to hack suexec to make this work.

I did this. And everything worked. The webservers were happy to serve al these requests untill one day apache get updated. The automatic ubuntu updates push a new version of apache with a new suexec binary. Problem!

So when you come at work there are 16 “missed incoming calls” and you co-workers are going mad with all the dissapointed customers. You look at the apache logs: hmzzz, suexec is giving 120 errors… What could that be? !Ping! Suexec ofcourse. Let’s see, how did I solve this problem the last time. First let’s download the apache sources. ./configure. Yes. now where’s suexec.c? Ah, cd support. Now,  make suexec. Wait, missing headers. Let’s install those first. Make suexec. Arrgh. It doesn’t work! Suexec -v. Wait, forgot to adjust the ap_httpd_user, ow, and comment out the offending lines. Yes, this should work. Ok. Copy it to /usr/lib/apache2. Ok, it works!

But at that time, an hour has past. If you can find the right files at once. So I decided to write down the steps I took to download, configure and compile suexec the quickest and simplest way. Here we go:

sudo apt-get install apache2-threaded-dev
mkdir -p ~/src/suexec
cd ~/src/suexec
sudo apt-get install apache2-threaded-dev
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.c
wget http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/suexec.h
wget http://www.vanutsteen.nl/wp-content/uploads/2008/06/suexecc.patch
patch suexec.c suexec.c.patch -o suexec.patched.c
gcc -DLOG_EXEC='"/var/log/apache2/suexec.log"' -DAP_HTTPD_USER='"www-data"' -DAP_DOC_ROOT='"/var/www"' -I/usr/include/apr-1.0 -I/usr/include/apache2  -o suexec suexec.patched.c

That’s it! Test it by doing: sudo ./suexec -V
That should output:

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

Basically what I did:

  1. I installed the necessary headers
  2. Got the latests suexec code from the apache svn repo
  3. Downloaded the suexec patch from my blog
  4. Patched suexec to disable the file owner check
  5. Compiled suexec with the default ubuntu options