tag:blogger.com,1999:blog-58175631538590215432024-03-14T09:56:17.220+01:00Smithfarm - the BrainHuman Memory Replacementsmithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.comBlogger50125tag:blogger.com,1999:blog-5817563153859021543.post-62805960628045825642014-06-17T11:24:00.002+02:002014-06-17T11:24:50.485+02:00The dreaded 'system error' with Kerberos and sssdAfter some LDAP-related experimentation I was unable to log in to my workstation, which uses sssd to implement a setup where the users are identified by LDAP and authenticated by Kerberos. <br />
<br />
In the log (<code>/var/log/messages</code>) I was seeing messages like these:<br />
<br />
<pre>login: FAILED LOGIN SESSION FROM tty3 FOR smithfarm, System error
pam_sss(login:auth): received for user smithfarm: 4 (System error)
pam_sss(xdm:auth): received for user smithfarm: 4 (System error)
sshd[6004]: error: PAM: System error for smithfarm from ws.farm.cz
</pre><br />
This was mysterious. Since I knew it was Kerberos-related, I raised the debug level in the Kerberos section of the sssd configuration file <code>/etc/sssd/sssd.conf</code>:<br />
<br />
<pre>[domain/default]
debug_level = 0x07F0
enumerate = false
id_provider = ldap
...
</pre><br />
After restarting sssd and trying to login again, the sssd log file (<code>/var/log/sssd/sssd_default.log</code> on my system) had something interesting to say:<br />
<br />
<pre>(Tue Jun 17 10:56:22 2014) [sssd[be[default]]] [cc_residual_is_used] (0x0200): Cache file [/tmp/krb5cc_17006_M5
1GxZ] does not exist, it will be recreated
(Tue Jun 17 10:56:22 2014) [sssd[be[default]]] [check_old_ccache] (0x0400): Saved ccache FILE:/tmp/krb5cc_17006
_M51GxZ doesn't exist.
(Tue Jun 17 10:56:22 2014) [sssd[be[default]]] [krb5_auth_send] (0x0200): Ignoring ccache attribute [FILE:/tmp/
krb5cc_17006_M51GxZ], because it doesn't exist.
</pre><br />
17006 is the uid I always get when I login via LDAP/Kerberos. So I tried the following command:<br />
<br />
<pre># rm -rf /tmp/krb5cc_17006*
</pre><br />
Then after restarting sssd I was able to log in.<br />
smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com3tag:blogger.com,1999:blog-5817563153859021543.post-78682092534629254112014-04-12T13:20:00.000+02:002014-04-12T13:21:12.917+02:00How to install ruby gems in openSUSESome ruby gems are packaged for openSUSE, but often the packages are out of date or simply missing. Apparently, most people use the "Ruby Way" of installing gems. But. . . what is that and how to apply it in openSUSE?<br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2014/04/how-to-install-ruby-gems-in-opensuse.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com3tag:blogger.com,1999:blog-5817563153859021543.post-88260422564777683472014-04-04T18:33:00.000+02:002014-04-04T18:53:05.390+02:00Set up Linux box as a routerIngredients: <br>
<ol><li>one Linux box with multiple Ethernet interfaces</li>
<li>at least two networks with segments assigned</li>
<li>a desire to make the Linux box route packets between the networks</li>
</ol><br>
<a href="http://smithfarm-thebrain.blogspot.com/2014/04/set-up-linux-box-as-router.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-33462266788875643962014-03-05T14:24:00.003+01:002014-03-05T14:24:55.253+01:00Monitor large file transfers with iostatIf you're transferring a large quantity of data and would like to monitor what is going on while you wait . . . and wait . . . and wait, try this command:<br />
<br />
<pre># iostat -mx 1
</pre><br />
It will show you I/O performance statistics for your box, updated approximately once per second.smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-3299740938313593002014-01-17T15:41:00.000+01:002014-01-20T18:23:06.453+01:00Root into a virtual machine (KVM)Scenario: I have a KVM virtualization server with a number of VMs defined. Suddenly, I cannot log in as root to one of the VMs. I will need to reset the root password. The "normal" methods like adding <code>single</code> or <code>init=/bin/bash</code> to the kernel boot line in GRUB do not work. The only option left is to boot from a rescue disc, but this is a virtual machine -- there is no DVD drive. Oh, no -- what to do?<br>
<br>
<b>NEWS FLASH:</b> I just learned from a colleague that there is a much easier method. It is possible to <code>chroot</code> directly into the VM from the virtualization host. Will post detailed instructions as soon as I get them. Until then, there is always the "long route" described below.<br>
<a href="http://smithfarm-thebrain.blogspot.com/2014/01/root-into-virtual-machine-kvm.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-57591263003987931012014-01-10T10:17:00.001+01:002014-01-10T10:23:12.720+01:00How to pipe STDERR onlyOccasionally I may need to pipe STDERR somewhere, e.g. to <code>less</code>, <code>grep</code>, or <code>head</code>. It may not be immediately obvious how to accomplish this.<br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2014/01/how-to-pipe-stderr-only.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-83815564402575043142014-01-06T11:40:00.004+01:002014-03-06T11:17:26.870+01:00Skype on openSUSE 13.1I now have Skype working, more or less, on one machine with openSUSE 13.1. I used <a href="http://en.opensuse.org/SDB:Skype">the instructions at the openSUSE Support Database</a>. The important things to realize here are: (1) Skype does not work out-of-the-box in openSUSE 13.1, but (2) it may start "working" (in a manner of speaking), if you install the right packages and run the Skype binary in the right way.<br />
<br />
<h2>Update</h2><br />
On another machine where Skype was running fine on openSUSE 12.3, it stopped working (predictably) after I upgraded the machine to 13.1 using <code>zypper dup</code>. I reinstalled Skype, but the behavior was different than on the machine mentioned above. Skype would run, but after successful login it would crash with the following:<br />
<br />
<pre>*** Error in `/usr/lib/skype/skype': double free or corruption (!prev): 0xec14e1e0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6dfd3)[0xf29a5fd3]
/lib/libc.so.6(+0x7418a)[0xf29ac18a]
/lib/libc.so.6(+0x74dcc)[0xf29acdcc]
/usr/lib/skype/skype(+0xbfaeba)[0xf6863eba]
[0x61776574]
======= Memory map: ========
de1ff000-de200000 ---p 00000000 00:00 0
...
... on and on, page after page of similar lines
...
</pre><br />
Adding <code>MALLOC_CHECK_=0</code> to the Skype command-line was enough to get it to run. However, I was no longer able to "Allow Skype to automatically adjust my mixer levels", because it would automatically set the microphone level to 100%, causing lots of noise and distortion. So I had to uncheck this option and set my microphone level manually. Sigh.<br />
<br />
<h2>Overall conclusion</h2><br />
Avoid using Skype under Linux, if at all possible.smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com3tag:blogger.com,1999:blog-5817563153859021543.post-39657375436221509992013-12-30T15:29:00.001+01:002013-12-30T20:13:03.493+01:00Remove duplicate filesPoor man's deduplication: scan directories to find duplicate files and remove all but one. This blog entry looks at two tools: <code>fdupes</code> and <code>fslint</code><br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/12/remove-duplicate-files.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-17781715345108075532013-12-27T15:15:00.001+01:002013-12-30T20:13:55.997+01:00Perl development workflowThere is a Perl module that I have been developing. It is now finding its way onto CPAN and the openSUSE Build Service; the process of reaching that goal, however, was a bit tedious -- hence this blog entry which will describe the workflow so I won't have to reinvent the wheel each time I want to do this again.<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/12/perl-development-workflow.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-89154819467993991722013-11-28T15:10:00.002+01:002013-11-28T15:13:33.367+01:00tune2fs: to fsck, or not to fsck?The questions of whether to run <code>fsck</code> on the root filesystem at boot, and how often, are important ones for administrators. Here's some minimal information to get started:<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/tune2fs-to-fsck-or-not-to-fsck.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com1tag:blogger.com,1999:blog-5817563153859021543.post-25820549941360598882013-11-27T16:28:00.001+01:002013-11-27T16:32:10.986+01:00recoll: indexed file searching that worksToday I discovered <a href="http://www.lesbonscomptes.com/recoll/">recoll</a>, a tool for indexing files (i.e. both file names and contents, and including emails) and running searches over the index. It has both graphical and command-line interfaces, and unlike some other open-source tools that claim to do this job, it really seems to work. While traditional tools like <code>grep</code> and <code>find</code> work fine, grep for example was not designed to run searches with multiple search keys, and neither of them use an index, so every search walks the filesystem anew. Another traditional tool, <code>locate</code>, uses an index for speed, but it only knows how to search filenames (and paths), not file contents.<br>
<br>
Anyway, <code>recoll</code> appears to be the open-source file indexing and searching tool that I was looking for. Here's how to install it in openSUSE:<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/recoll-indexed-file-searching-that-works.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com5tag:blogger.com,1999:blog-5817563153859021543.post-71054920392036642332013-11-20T14:26:00.002+01:002013-11-20T14:26:51.238+01:00VLANs: tagged, untagged -- what's the difference?I know this topic has probably been beaten to death elsewhere. . . What can I say? I can't help myself.<br />
<br />
When there is an <b>untagged</b> VLAN on a switch or port, it means the VLAN information is <b>private to the switch</b>. No VLAN information is added to packets leaving the switch. This has a lot of important implications. A machine connecting to an untagged VLAN port does not need to know (and will not know) what VLAN it is in. If I'm connecting two switches together using a cable connected to untagged VLAN ports, each end of the cable could be in a different VLAN and the switches will not care. So, for example, I could send untagged VLAN 1 from one switch and bring it into another switch as untagged VLAN 20.<br />
<br />
<b>Tagged VLAN</b> means that the switch does insert the VLAN information into the header of each packet. In fact, this information is called a "tag", hence the term "tagged VLAN", which means "VLAN where packets contain VLAN tags". Assuming I'm sending tagged VLAN packets (and no untagged ones) on a port, if I connect the eth0 interface of a vanilla-installed PC to that port, and give the interface an address in the tagged VLAN's range, the network will not work over that interface. Of course, I will be able to 'see' the packets using wireshark or tcpdump, but I won't be able to make TCP, UDP, ICMP, etc. connections.smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-4995077249363792532013-11-11T11:19:00.001+01:002014-04-11T15:16:01.127+02:00Learn git and migrate to password-storeA blog entry detailing how I learned something about administering git repositories and, at the same time, migrated my passwords from kwalletmanager (which I found difficult to back up and keep synchronized between machines), to <a href="http://zx2c4.com/projects/password-store/">password-store</a>, a command-line application that optionally works with a git repository.<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/learn-git-and-migrate-to-password-store.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com2tag:blogger.com,1999:blog-5817563153859021543.post-10281143267788090422013-11-03T19:05:00.003+01:002013-11-03T20:31:53.953+01:00Two ways to change a user's passwordAs a Linux administrator, I can change any user's password, assuming I know the right magic incantation. Here are two: one traditional and another based on the <code>usermod</code> command:<br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/two-ways-to-change-users-password.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-39016573118575727432013-11-03T14:01:00.001+01:002015-01-26T12:47:32.472+01:00What is the SUSE equivalent of "httpd -S"?The short answer, for SLE11: <code>rcapache2 config -S</code><br>
<br>
The short answer, for SLE12: <code>start_apache2 -S</code><br>
<br>
In SUSE/openSUSE, the <code>httpd</code> command is renamed to <code>httpd2</code>, but don't use plain <code>httpd2 -S</code> because it doesn't look in <code>/etc/sysconfig/apache2</code><br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/what-is-suse-equivalent-of-httpd-s.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-38074841830111522132013-11-03T12:01:00.003+01:002014-10-23T14:10:28.164+02:00Vim reading listFor years when I needed to search for something in 'vim', I would use the '/' command and type the search key. Usually this would be inefficient, because I would be typing the name of a function that was right there on the screen (sometimes I would use the mouse to copy-and-paste to save a few keystrokes, taxing my brain with yet another keyboard/mouse context switch and exacerbating my "mouse finger" syndrome). Imagine my surprise to learn that Vim has a '*' command to search for whatever word happens to be under the cursor! And then there are the 'n' and 'N' commands which search forwards and backwards, respectively, for the last search key. <br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/vim-readling-list.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-80068096698406242512013-11-01T11:58:00.000+01:002014-03-26T10:34:47.132+01:00Use port forwarding to selectively grant access to machines behind firewall/NATPort forwarding is a networking technique that can be used to give limited outside access to a machine that, due to its location behind a firewall or NAT setup, would not otherwise be accessible from the outside.<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/11/use-port-forwarding-to-selectively.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-85020653667478712112013-10-29T13:21:00.000+01:002014-02-02T11:26:49.289+01:00openSUSE: manipulate patterns without YastI occasionally need to install a pattern, or see if I have a pattern installed -- things like that. Until now, I've been using Yast -- a great tool -- for this purpose. But all along I've had this nagging notion that I could do the same thing from the command line . . .<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/10/opensuse-manipulate-patterns-without.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com2tag:blogger.com,1999:blog-5817563153859021543.post-75428368841384084072013-10-18T16:50:00.003+02:002013-10-31T12:32:01.428+01:00Open Build Service blog, 2013-42Here is a summary of activity on the opensuse-buildservice<br>
mailing list during week 42:<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/10/open-build-service-blog-2013-42.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-24479401706567911732013-10-08T12:26:00.002+02:002014-11-07T10:40:18.848+01:00openSUSE 13.1: install 'bumblebee' and disable discrete graphics adapter on NVIDIA Optimus laptop<b>As far as I know, the following should still work in openSUSE 13.2 -- can anyone confirm or deny?</b><br>
<br>
My scenario: I am running openSUSE 13.1 on an Optimus laptop and would like to be able to turn the discrete graphics adapter on and off. Either (a) I have a clean install of openSUSE 13.1 or (b) I have already done things like install bumblebee, NVIDIA drivers, etc. in the past.<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/10/opensuse-131-nvidia-optimus-bumblebee.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com77tag:blogger.com,1999:blog-5817563153859021543.post-73311916806688550742013-09-09T16:50:00.002+02:002014-03-03T14:01:20.339+01:00Really basic intro to encrypted filesystems in openSUSEWhen I was in high school in the 1980s, I was a total computer geek. (We called geeks "computer geeks" back then, because there used to be such a thing as a non-computer geek.) After high school, though, my life took a different direction, and for 20 years I was only a casual computer user. Only in 2009 did I start getting serious about getting back into the field. During those 20 years a lot of stuff happened in the IT field that I simply missed, and am now catching up on. One of those things is encrypted filesystems. Here's a really basic introduction to setting up and using one of these in openSUSE:<br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/09/really-basic-intro-to-encrypted.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com2tag:blogger.com,1999:blog-5817563153859021543.post-52925854214943751692013-09-09T11:32:00.000+02:002013-09-09T12:17:06.632+02:00MySQL: users, passwords, CLI basicsLike PostgreSQL, MySQL has a concept of "users". In MySQL, users are stored in the <b>mysql</b> database in the <b>user</b> table. (In MySQL terms, this table can be referred to as <b>mysql.user</b>). One of the first things a MySQL administrator must learn to do is change MySQL user passwords. If you're a command-line kind of person (like me), and you know some SQL, the 'mysql' command is your friend. <br>
<br>
<a href="http://smithfarm-thebrain.blogspot.com/2013/09/mysql-users-passwords-cli-basics.html#more">Read more »</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-59198173826715047852013-08-15T16:20:00.008+02:002022-09-26T11:48:12.283+02:00openSUSE: packaging workflowI use the <a href="http://build.opensuse.org">Open Build Service</a> to work on openSUSE packages. There is a useful tutorial <a href="http://en.opensuse.org/openSUSE:Build_Service_Tutorial">HERE</a>. <br />
<br />
Important resources:<br />
<br />
<ol><li><a href="https://github.com/openSUSE/post-build-checks">post-build-checks source code</a></li>
<li><a href="https://en.opensuse.org/openSUSE:Specfile_guidelines">Spec file guidelines</a></li>
</ol><br />
And here is a summary of 'osc' commands I use the most:<br />
<br />
<h3><b>alias oosc='osc -A https://api.opensuse.org'</b></h3><br />
Assuming you will be using the openSUSE Build Service, you will need to include the <b>-A</b> option on all the commands shown below. If you set up this alias, you can save a lot of typing.<br />
<br />
<h3><b>osc api "/source/PRJ/PKG?view=info&parse=1&repository=REPO&arch=ARCH"</b></h3><br />
View the internal metadata used by OBS when it "expands" the spec file immediately prior to build.<br />
<br />
<h3><b>osc ar</b></h3><br />
Add new files, remove disappeared files -- forces the "repository" version into line with the working directory.<br />
<br />
<h3><b>osc bco PRJ PKG</b></h3><br />
See "osc branch", below.<br />
<br />
<h3><b>osc branch -c PRJ PKG</b></h3><br />
If you are not a project maintainer of PRJ, you can still work on PKG by branching it to your home project. Since you typically will want to checkout immediately after branching, 'bco' is a handy abbreviation. <br />
<br />
<h3><b>osc build REPOSITORY ARCH</b></h3><br />
Build the package locally -- typically I do this to make sure the package builds before committing it to the server, where it will build again. The REPOSITORY and ARCH can be chosen from the list produced by <b>osc repositories</b><br />
<br />
<h3><b>osc cat</b></h3><br />
After finding a mysterious internal OBS file - like _link or project.diff - in your package, you can use this command to see what's inside it.<br />
<br />
<h3><b>osc chroot REPOSITORY ARCH</b></h3><br />
Builds take place in a chroot environment, and sometimes they fail mysteriously. This command gives you access to that chroot environment so you can debug. In more recent openSUSEs the directory to go to is <code>~/rpmbuild/BUILD/</code><br />
<br />
<h3><b>osc ci</b></h3><br />
Commit your changes to the server. Other SVN-like subcommands (like <b>update</b>, <b>status</b>, <b>diff</b>) also work as expected.<br />
<br />
<h3><b>osc list</b></h3><br />
Also known as "osc ls", this command can be used to list the "unexpanded sources" of your package: "osc list -u PRJ PKG". If your package is a linkpac, this will show the actual link file. It will also show the mysterious "project.diff" file if there is one. Once you have seen the file, you can use "osc cat" to see what is inside it!<br />
<br />
<h3><b>osc log</b></h3><br />
Each time you commit to your OBS package, a new revision is added. Each revision has a number (like "36") and a hash (like "c038cef019d7eaf2a825082f8b6e2a71"). The revisions can be listed in the web interface, but the web interface does not tell you the revision number or hash. To see the list of revisions *with* revision numbers and hashes, use "osc log".<br />
<br />
<h3><b>osc ls</b></h3><br />
Synonym for "osc list"<br />
<br />
<h3><b>osc meta pkg PRJ PKG -e</b></h3><br />
If you are project maintainer of PRJ, you can create a package directly using this command, which will throw you into an editor and expect you to set up the package's META file. (Hint, it's easier to create new packages via the OBS web UI.)<br />
<br />
<h3><b>osc meta prj PRJ -e</b></h3><br />
This throws up an editor with the meta data of project PRJ.<br />
<br />
<h3><b>osc rebuildpac</b></h3><br />
Sometimes it's desirable to trigger a rebuild on the OBS server.<br />
<br />
<h3><b>osc repositories</b></h3><br />
Shows repositories configured for a project/package. Synonym: "osc repos"<br />
<br />
<h3><b>osc rq list</b></h3><br />
'rq' is short for <b>request</b> -- and <b>request list $PRJ $PKG</b> lists all open requests ("SRs") for the given project and package. For example, if the package <b>python-execnet</b> was submitted to openSUSE:Factory from the devel:languages:python project, the following command would find the request:<br />
<br />
<pre>$ oosc rq list devel:languages:python python-execnet
356494 State:review By:factory-auto When:2016-01-28T12:01:16
submit: devel:languages:python/python-execnet@3 -> openSUSE:Factory
Review by Group is accepted: legal-auto(licensedigger)
Review by Group is accepted: factory-auto(factory-auto)
Review by Group is new: factory-staging
Review by Group is new: legal-team
Review by Group is new: opensuse-review-team
Review by User is new: factory-repo-checker
Comment: Please review build success
</pre><br />
<h3><b>osc results</b></h3><br />
This command shows the current build status. (For example, you just did "osc ci" and would like to see what the server is doing with your commit.<br />
NOTE: adding <code>-v</code> gives more information.<br />
<br />
<h3><b>osc search PKG</b></h3><br />
Search for a package. You can also use <a href="http://software.opensuse.org/">http://software.opensuse.org/</a> and <b>zypper search PKG</b> is also helpful.<br />
<br />
<h3><b>osc search --binary PKG</b></h3><br />
Search for a binary package. If you know the name of a binary package (subpackage) and want to find the corresponding OBS project/package, this magic incantation is what you're looking for!<br />
<br />
<h3><b>osc sr</b></h3><br />
'sr' is short for <b>submitrequest</b> -- this submits your changes to the PROJECT for review and, hopefully, acceptance by the project maintainers. If you're curious who those are, you can run <b>osc maintainer</b> (or <b>osc bugowner</b>)<br />
<br />
<h3><b>osc vc</b></h3><br />
After making your changes, edit the changes file. For each release you need to have an entry. Do not edit the changes file yourself: instead, use this command to maintain the changes file "automagically".<br />
<br />
<h2>NOTE ON LICENSING</h2><br />
JFYI: <a href="http://spdx.org/licenses/">http://spdx.org/licenses/</a> lists all well known licenses and their original source. This becomes extremely handy if you start packaging.<br />
smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0tag:blogger.com,1999:blog-5817563153859021543.post-31994487443462197612013-07-25T11:10:00.001+02:002013-07-25T11:10:19.568+02:00What time do scripts in /etc/cron.daily run?I put a script in <code>/etc/cron.daily</code> and would like to know what time it will run. And, more importantly, how does the system determine this time value?<br />
<br />
On SUSE Linux Enterprise and openSUSE, the time is determined by the <code>CRON_DAILY</code> parameter in the <code>/etc/sysconfig/cron</code> file. If this parameter is not set, it defaults to 15 minutes after the time of the last boot.<br />
<br />
Because of how the mechanism for running scripts in the <code>/etc/cron.{houry,daily,weekly,monthly}</code> directories works, the time value must be a multiple of 15 minutes (i.e. 0, 15, 30, or 45 minutes past the hour). The exact functioning of this mechanism can be seen by studying the following:<br />
<pre># cat /etc/crontab
SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * * root test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1
</pre><br />
This basic cronjob simply runs <code>/usr/lib/cron/run-crons</code> every 15 minutes. The real magic happens inside that script.<br />
<br />
A nice discussion of how cron works in SUSE/openSUSE is available in the Support Data Base (SDB): <a href="http://en.opensuse.org/SDB:Cron">http://en.opensuse.org/SDB:Cron</a>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com1tag:blogger.com,1999:blog-5817563153859021543.post-73347878697895323902013-05-23T14:05:00.001+02:002013-05-30T14:37:01.998+02:00Request Tracker: set up external authentication via LDAPSThis is a description of how I set up my Request Tracker instance to use external authentication via LDAPS (LDAP over SSL on port 636).<br />
<br />
<ol><li>In the <a href="http://smithfarm-thebrain.blogspot.cz/2013/05/opensuse-123-how-i-installed-and-set-up.html">previous installment</a>, I already added the <code>devel:languages:perl</code> repository. Now I install the package containing the <code>RT::Authen::ExternAuth</code> RT extension that will provide the external-authentication-against-LDAP functionality.<br />
<pre># zypper ref
# zypper in perl-RT-Authen-ExternalAuth
# zypper in perl-Net-SSLeay
# zypper in perl-ldap-ssl
</pre></li>
<li>I set up SSL on my system (beyond the scope of this blog entry). At the very least, the <code>openssl</code> package should be installed and configured, and my LDAP server's certificates should be present in the <code>/etc/ssl/certs</code> directory.</li>
<li>I tweak my <code>openldap</code> configuration for CA CERT as per <a href="http://lvogdt.wordpress.com/2013/05/13/ldap-with-tls-and-ca-certificates/">this blog entry</a></li>
<li>I read up on the <code>RT::Authen::ExternalAuth</code> extension (plugin). Here are the principal documentation resources I was able to find:<br />
<ul><li>the <a href="https://github.com/bestpractical/rt-authen-externalauth/blob/master/README">README</a> file</li>
<li>the <b>sample configuration file</b>, which I installed on my system in step 1, above, at the following location:<br />
<pre>/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
</pre>I read it using <code>less</code>.<br />
</li>
<li>And then there is <a href="https://metacpan.org/release/RT-Authen-ExternalAuth">the RT::Authen::ExternAuth page on MetaCPAN</a> and, in particular, <a href="https://metacpan.org/module/RT::Authen::ExternalAuth::LDAP">this subpage of that page</a>.<br />
<li>Thanks to <a href="http://requesttracker.wikia.com/wiki/User:Tsibley">Thomas Sibley (Tsibley)</a> over at the <a href="http://requesttracker.wikia.com/">Request Tracker Wiki</a>, I now know that the <code>RT::Authen::ExternalAuth</code> extension supports LDAPS out of the box by simply specifying the LDAP server with a <b>ldaps://</b> prefix -- see <a href="http://search.cpan.org/~marschap/perl-ldap-0.55/lib/Net/LDAP.pod#new">the Net::LDAPS documentation</a> for more details on this.<br />
</ul><li>After reading the documentation and protracted trial and error, I finally came up with the following working configuration (in <code>RT_SiteConfig.pm</code>):<br />
<pre>Set($ExternalServiceUsesSSLorTLS, 1);
Set($ExternalSettings, {
'MY_LDAP' => {
'type' => 'ldap',
'server' => 'ldaps://ldap.example.com',
'tls' => 0,
'ssl_version' => 3,
...
</pre></li>
<li>At this point, I fire up <code>request-tracker</code> and am able to log in with my LDAP credentials!</li>
</ol>smithfarmhttp://www.blogger.com/profile/10535446949415547444noreply@blogger.com0