Tag Archives: debian

Build strongswan v5.5.0 debian package -- with debug symbols

Usually I am using the packages from the official repositories. However, sometimes it's necessary to use a newer version, I recently had to do this with strongswan and I'm sharing the procedure for other people to try.

Get the build dependencies

[codesyntax lang="bash"]

apt-get update
apt-get install devscripts fakeroot
apt-get build-dep strongswan

[/codesyntax]

Obtain and build the package

[codesyntax lang="bash"]

mkdir ~/work
cd ~/work
debcheckout strongswan
cd strongswan
sed -e '/dh_strip/ s/^#*/#/' -i debian/rules
sed -e 's/debhelper.*/debhelper,/g' -i debian/control
dpkg-buildpackage -rfakeroot -uc -b

[/codesyntax]

How to add debug symbols for MariaDB Debian/Ubuntu packages

I don't know about other distributions, but I know that the debug symbols were stripped from Debian/Ubuntu packages. If there are some crashes reported I won't be able to fully analyze them. The only way to fix this problem is to build the packages again.

[codesyntax lang="bash"]

git clone https://github.com/MariaDB/server.git
cd server/
git branch -a
git checkout 10.0

apt-get install libdistro-info-perl
apt-get install fakeroot
apt-get install libreadline-gplv2-dev libpam0g-dev dpatch libjemalloc-dev
apt-get install libboost-all-dev libjudy-dev libjudydebian1
apt-get install build-essential dpkg-dev devscripts hardening-wrapper
apt-get build-dep mysql-server

patch -p1 < /path/to/patch.txt

./debian/autobake-deb.sh

[/codesyntax]

Note: Here is the patch.txt

ldappasswd and "ldap_sasl_interactive_bind_s: Invalid credentials (49)" error message

Some context might be useful. We have an openldap instance to manage users. We also have phpLDAPadmin, but that's not the point. The point is that I want to add/edit an user from command line. Adding a user it not a problem.

[codesyntax lang="bash"]

ldapadduser john.doe users
Warning : using command-line passwords, ldapscripts may not be safe
Successfully added user john.doe to LDAP
Successfully set password for user john.doe

[/codesyntax]

However, changing the password was a little bit more problematic.

[codesyntax lang="bash"]

ldappasswd briana.bennett
SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Invalid credentials (49)
	additional info: SASL(-13): user not found: no secret in database

[/codesyntax]

I also tried with:

[codesyntax lang="bash"]

ldappasswd -D "cn=admin,dc=domain,dc=net" -W -x john.doe
Enter LDAP Password:
Result: Invalid syntax (21)
Additional info: Invalid DN

[/codesyntax]

Hmm... have no fear, I solved the problem. For future reference if anyone happens across this post with the same issue, the user you are trying to change must also be a full DN:

[codesyntax lang="bash"]

ldappasswd -D 'cn=admin,dc=domain,dc=net' -W -S -x 'uid=john.doe,ou=users,dc=domain,dc=net' -s KZ1URpsdEhP1HOJG

[/codesyntax]

Note: instead of using -s (which is used to specify the password on the command line)  -S to instruct ldappasswd to prompt for new password.

Enable LDAP authentication in Apache

Assuming you have a LDAP server somewhere and you don't want to authenticate users via htpasswd file anymore... I mean, having all your users in one place is a good thing - it's debatable, but in general is a good thing, right?

Now, the technical part...

My LDAP structure is like this:
- groups: cn=group,ou=groups,dc=example,dc=com
- users: uid=firstname.lastname,ou=users,dc=example,dc=com

Next... apache2...

[codesyntax lang="bash"]

a2enmod authnz_ldap

[/codesyntax]

Add this inside your virtualhost.

<Location />
        Order allow,deny
        Allow from all
        Deny from all
        AuthName "Boo..."
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative on

        # Search user
        AuthLDAPURL ldap://IP-DOMAIN-CONTROLLER:389/ou=users,dc=example,dc=com?uid

        # Use this user to bind to LDAP
        AuthLDAPBindDN "uid=ldapauthuser,ou=users,dc=example,dc=com"
        AuthLDAPBindPassword "password"
        Require valid-user
        Satisfy any

        # More restrictions!
        # specific user
        #   Require ldap-user john.doe john1.doe john2.doe
        # specific user by DN
        #   Require ldap-dn CN=John Doe,OU=Finance,OU=Germany,DC=example,DC=net
        # member of group
        #   Require ldap-group CN=Finance Department,OU=Finance,OU=Germany,DC=example,DC=net
</Location>

Restart apache server

[codesyntax lang="bash"]

/etc/init.d/apache2 restart

[/codesyntax]

That's it!

How to enable syntax highlighting in less

I wanted to have syntax highlighting for a php file I was debugging. Source-highlight given a source file, produces a document with syntax highlighting.

These are the output formats already supported:

  • HTML
  • XHTML
  • LATEX
  • MediaWiki (new)
  • ODF (new)
  • TEXINFO
  • ANSI color escape sequences (you can use this feature with less)
  • DocBook

These are the input languages (or input formats) already supported (in alphabetical order):

  • Ada
  • Asm
  • Applescript
  • Awk
  • Autoconf files
  • Bat
  • Bib
  • Bison
  • C/C++
  • C#
  • CakePhp templates
  • Clipper
  • Cobol
  • Configuration files (generic)
  • Caml
  • Changelog
  • Css
  • D
  • Diff
  • Emacs Lisp
  • Erlang
  • errors (compiler output)
  • Flex
  • Fortran
  • GLSL
  • Haskell
  • Haskell literate programming
  • Haxe
  • Html
  • ini files
  • IsLisp (new)
  • Java
  • Javalog
  • Javascript
  • KDE desktop files
  • Latex
  • Ldap files
  • Lilypond (new)
  • Lisp
  • Logtalk
  • Log files
  • lsm files (Linux Software Map)
  • Lua
  • Makefile
  • Manifest
  • M4
  • ML
  • Opa
  • Oz
  • Pascal
  • Perl
  • pkg-config files
  • PHP
  • Po
  • Postscript
  • Prolog
  • Properties files
  • Protobuf (Google's Protocol Buffers)
  • Python
  • R statistics programming language (new)
  • RPM Spec files
  • Ruby
  • Scala
  • Scheme
  • Shell
  • S-Lang
  • Sql
  • T/Foswiki TML markup
  • Tcl
  • Texinfo
  • UPC (unified parallel C)
  • Vala
  • VBscript
  • XML
  • XOrg conf files

Exactly what I needed!

[codesyntax lang="bash"]

apt-get install source-highlight
echo "" >> ~/.bashrc
echo "export LESSOPEN=\"| /usr/share/source-highlight/src-hilite-lesspipe.sh %s\"" >> ~/.bashrc
echo "export LESS=' -R '" >> ~/.bashrc

[/codesyntax]

Note: Be sure this line isn't present in your .bashrc because it will interfere with source-highlight:
[codesyntax lang="bash"]

 [ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"

[/codesyntax]

References:

Prozilla - Linux Download Accelerator

Prozilla Download Accelerator is a multi-threaded download accelerator for Linux which supports both HTTP and FTP protocols and because it makes multiple connections to the server and downloads the file in portions, thus giving a much better speed rate than the conventional download programs which use a single connection, increases download speeds with up to 200-300%.

Resuming connections is fully supported and customizable.

Because it based on ncurses, Prozilla is also a lightweight download accelerator.

1. Get prozilla 2.0.4.

[codesyntax lang="bash"]

git clone https://github.com/totosugito/prozilla-2.0.4.git

[/codesyntax]

2. Install required packages

[codesyntax lang="bash"]

apt-get install autoconf build-essential libncurses5-dev

[/codesyntax]

3. Installing from source code

[codesyntax lang="bash"]

cd prozilla-2.0.4
./configure
make
make install

[/codesyntax]

4. Troubleshouting. If an error occurs:

make[4]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla/src’
make[4]: Entering directory `/home/user/prozilla-2.0.4/libprozilla’
make[4]: Nothing to be done for `all-am’.
make[4]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
make[3]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
make[2]: Leaving directory `/home/user/prozilla-2.0.4/libprozilla’
Making all in src
make[2]: Entering directory `/home/user/prozilla-2.0.4/src’
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -I. -I.. -I../libprozilla/src -I../intl -I/usr/local/include -fno-inline -DLOCALEDIR=\”/usr/local/share/locale\” -Wall -ggdb -D_REENTRANT -MT main.o -MD -MP -MF “.deps/main.Tpo” \
-c -o main.o `test -f ‘main.cpp’ || echo ‘./’`main.cpp; \
then mv -f “.deps/main.Tpo” “.deps/main.Po”; \
else rm -f “.deps/main.Tpo”; exit 1; \
fi
In file included from main.cpp:39:
download_win.h:55: error: extra qualification ‘DL_Window::’ on member âprint_status’
make[2]: *** [main.o] Error 1
make[2]: Leaving directory `/home/user/prozilla-2.0.4/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/user/prozilla-2.0.4′
make: *** [all] Error 2

And the solutions...

Looks like the problem of error occurs because the compatibility of the compiler the GNU C/C+ + latest version, to avoid this error edit the file src/download_win.h and replace:

void DL_Window::print_status(download_t * download, int quiet_mode);

with:

void print_status(download_t * download, int quiet_mode);

5. Do you want to make this a deb package?

[codesyntax lang="bash"]

apt-get install build-essential automake autoconf libtool pkg-config libcurl4-openssl-dev intltool libxml2-dev libgtk2.0-dev libnotify-dev libglib2.0-dev libevent-dev checkinstall
./configure && make && sudo checkinstall

[/codesyntax]

 

Migrate from SVN to GIT - step by step tutorial

Lately I faced a new challenge. To fully migrate our SVN environment to GIT. After reading a little bit on internet I come up with this plan:

  1. Deploy a GIT server
  2. Create a new bare repository
  3. Make a SVN Clone on a different machine
  4. Push it on GIT server

Assumptions:

SVN Repository: https://192.168.0.5/svn/documentation

GIT Server: 192.168.0.22

Client: A Microsoft Windows machine with some IP from 192.168.0.1/24

Prerequisite packages for our client: TortoiseGit  and msysgit. For this tutorial I used: TortoiseGit-1.8.4.0-64bit.msi and msysGit-fullinstall-1.8.3-preview20130601.exe

Add C:\msysgit\msysgit\cmd to the %PATH% (I am not going to cover this here, but you can check this website: http://www.computerhope.com/issues/ch000549.htm)

1. Deploy GIT/GITOLINE/GITWEB

Server side - I assume we have a fresh debian/ubuntu installation

1.1. Install required software

[codesyntax lang="bash"]

apt-get install vim git

[/codesyntax]

1.2. Create user git with disabled password and login shell bash

[codesyntax lang="bash"]
adduser \
 --system \
 --shell /bin/bash \
 --gecos 'git version control' \
 --group \
 --disabled-password \
 --home /home/git \
 git

[/codesyntax]

1.3.  Now login with user git

[codesyntax lang="bash"]

su -l git

[/codesyntax]

1.4.  Install Gitolite

[codesyntax lang="bash"]

cd /home/git; git clone git://github.com/sitaramc/gitolite
mkdir $HOME/bin
gitolite/install -ln

[/codesyntax]

Client side

1.5. Generate RSA key (Create RSA key, after hiting the command just press enter when it ask for passphrase.). This key will be transferred to git server.

[codesyntax lang="bash"]

C:\Users\joe>C:\msysgit\msysgit\bin\ssh-keygen -t rsa -C "Git-Admin"
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa): c:\users\joe\.ssh\id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in c:\users\joe\.ssh\id_rsa.
Your public key has been saved in c:\users\joe\.ssh\id_rsa.pub.
The key fingerprint is:
aa:38:be:f9:3c:d0:87:fe:de:5a:a9:71:1d:d3:38:01 Git-Admin

[/codesyntax]

1.6. From client scp the key into git server.

[codesyntax lang="bash"]

C:\msysgit\msysgit\bin\scp C:\Users\joe\.ssh\id_rsa.pub root@192.168.0.22:~

[/codesyntax]

Server side

1.7. Now setup the Git Admin. Please note that we must be logged in with git user. To check this use whoami command

[codesyntax lang="bash"]

whoami
sudo mv /root/id_rsa.pub /home/git/Git-Admin.pub; sudo chown git:git /home/git/Git-Admin.pub
bin/gitolite setup -pk Git-Admin.pub

[/codesyntax]

1.8. Git user should be in the same group as your Apache user

[codesyntax lang="bash"]

sudo usermod -a -G www-data git
sudo chmod ug+rx /home/git/repositories

[/codesyntax]

Client side

1.9. Clone gitolite-admin repository. Now gitolite-admin directory will be present after cloneing from git server. The gitolite.conf is mainly use for User and group ACL for git server. Now from your system you can easily manage the user group ACL. But for this you have to do git push.

[codesyntax lang="bash"]

git clone git@192.168.0.22:gitolite-admin.git
cat gitolite-admin/conf/gitolite.conf

[/codesyntax]

repo gitolite-admin

    RW+     =   Git-Admin
 
repo testing
    RW+     =   @all

Server side

1.10. Edit the /home/git/.gitolite.rc and change the UMASK to 0002 and GIT_CONFIG_KEYS to '.*'

[codesyntax lang="bash"]

vim /home/git/.gitolite.rc
:%s/0077/0002/
:%s/'',/'.*',/
:wq

[/codesyntax]

1.11. Install gitweb

[codesyntax lang="bash"]

sudo apt-get install gitweb

[/codesyntax]

1.12. Configure gitweb. Edit /usr/lib/cgi-bin/gitweb.cgi and change the value of $projectroot as "/home/git/repositories" and $projects_list as "/home/git/projects.list"

[codesyntax lang="bash"]

sudo vim /usr/lib/cgi-bin/gitweb.cgi
:%s/our $projectroot = "\/pub\/git";/our $projectroot = "\/home\/git\/repositories\/";/
:%s/our $projects_list = "";/our $projects_list = "\/home\/git\/projects.list";/
:wq

[/codesyntax]

[codesyntax lang="bash"]

sudo vim /etc/gitweb.conf
:%s/$projectroot = "\/var\/cache\/git";/$projectroot = "\/home\/git\/repositories\/";/
:%s/$projects_list = $projectroot;/$projects_list = "\/home\/git\/projects.list";/
:wq

[/codesyntax]

Note: if the $projects_list is commented, uncomment it (remove the # from the begining of the line)

2. Migrate from SVN to GIT

Server side

2.1. Create a new git bare repository

[codesyntax lang="bash"]

cd /home/git/repositories/
git init --bare documentation.git

[/codesyntax]

Client side

2.2. Getting the author information.

[codesyntax lang="bash"]

svn log --xml | grep -P "^<author" | sort -u | perl -pe 's/<author>(.*?)<\/author>/$1 = /' > users.txt

[/codesyntax]

That gives you the log output in XML format - you can look for the authors, create a unique list, and then strip out the XML. (Obviously this only works on a machine with grep, sort, and perl installed.) Then, redirect that output into your users.txt file so you can add the equivalent Git user data next to each entry. The users.txt file should look like:

(no author) = Alex <alex@example.com>
bear = Bear <kong@example.com>
monika = Monika <cristina@example.com>
igor = Igor <igor@example.com>
joe = Joe <joe@example.com>

You must execute this command on SVN repository folder. If you are using Windows, then the previous command will not work, so I suggest the following approach.

* Generate the file (svn_users.txt), change it as you like and trasfer it to a linux box (I use GIT server for this)

* Connect to GIT server and process the file there using:

[codesyntax lang="bash"]

cat svn_users.txt | grep -P "^<author" | sort -u | perl -pe 's/<author>(.*?)<\/author>/$1 = /' > users.txt
rm svn_users.txt

[/codesyntax]

* Transfer the file users.txt to Windows machine.

2.3. Add the new repo that we want to migrate to gitolite-admin\conf\gitolite.conf. The file should look something like this:

repo gitolite-admin
    RW+     =   Git-Admin
 
repo testing
    RW+     =   @all
 
repo documentation
    RW+     =   @all

At this point all users will have RW access to our git repository.

2.4. Add new users to GIT. For each user you will need to have to a pair of public/private keys. Copy public keys to keydir folder in gitolite-admin clone, add and push the changes.

2.5. Import SVN repository. This is going to take a while, so go and grab a snack or something.

[codesyntax lang="bash"]

git svn clone https://192.168.0.5/svn/documentation --authors-file=users.txt --no-metadata

[/codesyntax]

2.6. The last thing to do is add the Git server as a remote and push to it.

[codesyntax lang="bash"]

git remote add origin git@192.168.0.22:documentation.git
git push origin --all
git push origin --tags

[/codesyntax]

3. Delete the imported SVN repository on client side and re-import it from GIT server

Server side

4. Securing Gitweb with htpasswd. At this point the Gitweb web page is accessible to all, which of course is not a good idea. So, if you would like to have a set of web pages that are protected, requiring a username/password to gain access, you will have to use htpasswd in apache and add users and passwords.

4.1. Configure htpasswd access in Gitweb

[codesyntax lang="bash"]

sudo vim /etc/apache2/conf.d/gitweb

[/codesyntax]

Alias /gitweb /usr/share/gitweb
 
<Directory /usr/share/gitweb>
    Options FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
        AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Git Access"
    Require valid-user
    AuthUserFile /etc/apache2/gitweb-htpasswd
</Directory>

4.2. Create htpasswd username and password.

[codesyntax lang="bash"]
sudo touch /etc/apache2/gitweb-htpasswd
sudo htpasswd -m /etc/apache2/gitweb-htpasswd user1
sudo htpasswd -m /etc/apache2/gitweb-htpasswd user2
sudo htpasswd -m /etc/apache2/gitweb-htpasswd user3

[/codesyntax]

4.3. Restart the apache server

[codesyntax lang="bash"]

sudo /etc/init.d/apache2 restart

[/codesyntax]

Note: You can use TortoiseGIT for doing all git operations on Windows Machine, of course. I was lazy and I didn't take screenshots with steps that you should do with TortoiseGIT :)

Links:

How to install the same debian packages on another system

The approach is simple: generate a list of installed packages on Debian-based systems and install this list of packages on the new box. This approach is useful when you want to install the same packages on another fresh OS install for example.

1. To export the list of installed packages, proceed as follows:
[codesyntax lang="bash"]

dpkg --get-selections | grep -v deinstall > LIST_FILE

[/codesyntax]

The file LIST_FILE is small so it can be emailed to yourself by using:
[codesyntax lang="bash"]

dpkg --get-selections | grep -v deinstall > LIST_FILE && cat LIST_FILE | mailx -s "`hostname -f`: Package list" "user@test.org"

[/codesyntax]

2. Once you’ve got your server up and running with a fresh base install
[codesyntax lang="bash"]

apt-get update
apt-get dist-upgrade

[/codesyntax]

3. Move your LIST_FILE file into your home directory and run the following commands to recover the previous generated list:
[codesyntax lang="bash"]

dpkg --clear-selections
dpkg --set-selections < LIST_FILE

[/codesyntax]

4. Install the packages
[codesyntax lang="bash"]

aptitude install

[/codesyntax]

Debian: How to determine services are enabled at boot

If you are using CentOS the answer is pretty simple:

[codesyntax lang="bash"]

chkconfig --list | grep $(runlevel | awk '{ print $2}'):on

[/codesyntax]

But how about Debian Linux? How is this done?

[codesyntax lang="bash"]

R=$(runlevel | awk '{ print $2}')
for s in /etc/rc${R}.d/*; do basename $s | grep '^S' | sed 's/S[0-9].//g' ;done

[/codesyntax]

If you like - and I am sure most of you will - you can use rcconf, Debian Runlevel configuration tool.

How to fix the error: "Not replacing deleted config file..."

Let's assume that when you are trying to install apticron the default config file is not created and when you are trying to execute postinst configure the following error message occurs:

Not replacing deleted config file /etc/apticron/apticron.conf

The fix is:

[codesyntax lang="bash"]

aptitude -o DPkg::Options="--force-confmiss" reinstall apticron

[/codesyntax]