[debian] Show installed packages sizes
dpkg-query -W --showformat='${Installed-Size}\t${Package}\n' | sort -nr | less
Ноя
29
2011
29
2011
Ноя
22
2011
22
2011
[bash] Create a non-blocking pipe/FIFO in bash
#!/bin/bash set -e INPIPE=/tmp/pipe_in OUTPIPE=/tmp/pipe_out rm -f "$INPIPE" "$OUTPIPE" 2>/dev/null if ! mkfifo "$INPIPE" "$OUTPIPE"; then exit 1; fi process_cmd() { echo $@ sleep 4 } while IFS="" read -r -d $'\n' line; do printf '%s\n' "${line}" done <$INPIPE >$OUTPIPE & bgproxy=$! exec 3>$INPIPE exec 4<$OUTPIPE while IFS="" read -r -d $'\n' <&4 line; do process_cmd $line done & bgreader=$! trap "kill -TERM $bgproxy; kill -TERM $bgreader; echo 'bgproxy=$bgproxy bgreader=$bgreader'; rm -f '$PIPE'; exit" 0 1 2 3 13 15 wait "$bgproxy"
Links: Linux non-blocking fifo (on demand logging), Using Named Pipes (FIFOs) with Bash
июля
02
2011
02
2011
[nginx] configure gitosis and basic http auth for git-http-backend
2. Path gitosis:
git am --signoff < feauture_http_auth.patch
From 815cf347c83465fb9fe20977198e12b9d438b014 Mon Sep 17 00:00:00 2001 From: Arkady Smirnov <smirnov.arkady@gmail.com> Date: Sat, 2 Jul 2011 20:35:28 +0300 Subject: [PATCH] Add http-auth feature --- gitosis/httpauth.py | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++ gitosis/run_hook.py | 5 ++ 2 files changed, 124 insertions(+), 0 deletions(-) create mode 100644 gitosis/httpauth.py diff --git a/gitosis/httpauth.py b/gitosis/httpauth.py new file mode 100644 index 0000000..eda96ff --- /dev/null +++ b/gitosis/httpauth.py @@ -0,0 +1,119 @@ +import os, errno, re +import logging + +log = logging.getLogger('gitosis.httpautch') + +from gitosis import util +from gitosis import access + +_ACCEPTABLE_USER_RE = re.compile(r'^[a-zA-Z][a-zA-Z0-9_.-]*(@[a-zA-Z][a-zA-Z0-9.-]*)?$') + +def isSafeUsername(user): + match = _ACCEPTABLE_USER_RE.match(user) + return (match is not None) + +def _extract_reldir(topdir, dirpath): + if topdir == dirpath: + return '.' + prefix = topdir + '/' + assert dirpath.startswith(prefix) + reldir = dirpath[len(prefix):] + return reldir + +def WriteHtpasswd(config, keydir): + repositories = util.getRepositoryDir(config) + + def _error(e): + if e.errno == errno.ENOENT: + pass + else: + raise e + for (dirpath, dirnames, filenames) \ + in os.walk(repositories, onerror=_error): + + reldir = _extract_reldir( + topdir=repositories, + dirpath=dirpath, + ) + + log.debug('Walking %r, seeing %r', reldir, dirnames) + to_recurse = [] + repos = [] + for dirname in dirnames: + if dirname.endswith('.git'): + repos.append(dirname) + else: + to_recurse.append(dirname) + dirnames[:] = to_recurse + + for repo in repos: + reponame, ext = os.path.splitext(repo) + if reldir != '.': + reponame = os.path.join(reldir, reponame) + assert ext == '.git' + + log.debug('http-auth for repo %r', repo) + + htpasswd_w = os.path.join(dirpath, repo, '.htpasswd-write') + htpasswd_r = os.path.join(dirpath, repo, '.htpasswd-read') + tmpw = '%s.%d.tmp' % (htpasswd_w, os.getpid()) + tmpr = '%s.%d.tmp' % (htpasswd_r, os.getpid()) + + try: + outw = file(tmpw, 'w') + outr = file(tmpr, 'w') + + + for filename in os.listdir(keydir): + if filename.startswith('.'): + continue + + username, ext = os.path.splitext(filename) + if ext != '.htpasswd': + continue + + if not isSafeUsername(username): + log.warn('Unsafe HTTP-AUTH username in keyfile: %r', filename) + continue + + path = os.path.join(keydir, filename) + f = file(path) + log.debug('OPEN %r', path) + + # write access is always sufficient + newpath = access.haveAccess( + config=config, + user=username, + mode='writable', + path=reponame) + + if newpath is None: + newpath = access.haveAccess( + config=config, + user=username, + mode='readonly', + path=reponame) + + if newpath is not None: + log.debug('USERNAME = %r has readonly access', username) + for line in f: + line = line.rstrip('\n') + print >>outr, line + else: + log.debug('USERNAME = %r has write access', username) + for line in f: + line = line.rstrip('\n') + print >>outw, line + print >>outr, line + + f.close() + os.fsync(outw) + os.fsync(outr) + + finally: + outw.close() + outr.close() + + os.rename(tmpw, htpasswd_w) + os.rename(tmpr, htpasswd_r) + diff --git a/gitosis/run_hook.py b/gitosis/run_hook.py index e535e6a..f8d089b 100644 --- a/gitosis/run_hook.py +++ b/gitosis/run_hook.py @@ -10,6 +10,7 @@ import shutil from gitosis import repository from gitosis import ssh +from gitosis import httpauth from gitosis import gitweb from gitosis import gitdaemon from gitosis import app @@ -47,6 +48,10 @@ def post_update(cfg, git_dir): path=authorized_keys, keydir=os.path.join(export, 'keydir'), ) + httpauth.WriteHtpasswd( + config=cfg, + keydir=os.path.join(export, 'keydir'), + ) class Main(app.App): def create_parser(self): -- 1.7.0.4
3. Nginx config
server {
listen 80;
server_name git.example.com;
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
client_max_body_size 500m;
proxy_buffering off;
# Enable chunk support
# https://github.com/agentzh/chunkin-nginx-module
chunkin on;
error_page 411 = @my_411_error;
location @my_411_error {
chunkin_resume;
}
set $git_root /home/git/repositories;
if ($uri ~ "^(/[^/]+\.git)(.*)" ) {
set $git_project $git_root$1;
set $git_export_ok $git_project/git-daemon-export-ok;
}
if ( !-d $git_project ) {
return 401;
}
if ($arg_service ~* "git-receive-pack") {
rewrite ^ /git-auth/write$uri last;
}
if ( -f $git_export_ok ) {
rewrite ^ /git/public$uri last;
}
# default auth-read action
rewrite ^ /git-auth/read$uri last;
location ~ ^/git/public(/.*) {
internal;
# fcgiwrap is set up to listen on this host:port
fastcgi_pass unix:/var/run/git-backend-fcgi;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
#fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT $git_root;
fastcgi_param PATH_INFO $1;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
location ~ ^/git-auth/read(/.*) {
internal;
auth_basic "git-auth";
auth_basic_user_file $git_project/.htpasswd-read;
# fcgiwrap is set up to listen on this host:port
fastcgi_pass unix:/var/run/git-backend-fcgi;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT $git_root;
fastcgi_param PATH_INFO $1;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
location ~ ^/git-auth/write(/.*) {
internal;
auth_basic "git-auth";
auth_basic_user_file $git_project/.htpasswd-write;
# fcgiwrap is set up to listen on this host:port
fastcgi_pass unix:/var/run/git-backend-fcgi;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT $git_root;
fastcgi_param PATH_INFO $1;
fastcgi_param REMOTE_USER $remote_user;
include fastcgi_params;
}
}
мая
09
2011
09
2011
[XEN] Change tap device mac address to prevent change of bridge’s
In XEN 4.0.1-2 package on Debian GNU/Linux 6.0.1 (squeeze):
1. Patch your /etc/xen/scripts/qemu-ifup file
echo -c 'config qemu network with xen bridge for '
echo $*
+ip link set $1 addr fe:ff:ff:ff:ff:ff
ifconfig $1 0.0.0.0 up
brctl addif $2 $12. Add /etc/xen/scripts/hotplugpath.sh
SBINDIR="/usr/sbin" BINDIR="/usr/bin" LIBEXEC="/usr/lib/xen/bin" LIBDIR="/usr/lib64" SHAREDIR="/usr/share" PRIVATE_BINDIR="/usr/lib64/xen/bin" XENFIRMWAREDIR="/usr/lib/xen/boot" XEN_CONFIG_DIR="/etc/xen" XEN_SCRIPT_DIR="/etc/xen/scripts" XEN_LOCK_DIR="/var/lock"
http://lists.xensource.com/archives/html/xen-devel/2010-12/msg01302.html
Апр
07
2011
07
2011
Nginx static files POST request 405 Method Not Allowed
server {
listen 80;
...
error_page 405 = $uri;
...
}
марта
03
2011
03
2011
--
Фев
12
2011
12
2011
xen xm console on lucid 10.04 DomU
Add hvc0 console init:
cp /etc/init/tty1.conf /etc/init/hvc0.conf sed -i 's/tty1/hvc0/' /etc/init/hvc0.conf
in xen config file:
extra = "console=hvc0"
Янв
27
2011
27
2011
RaLink RT3090 Wireless 802.11n 1T/1R PCIe For HP ProBook 4320s 4520s
RaLink RT3090 Wireless 802.11n 1T/1R PCIe [1814:3090]
Install drivers:
https://launchpad.net/~smirnov-arkady/+archive/rt3090
1. Download kernel source RaLink RT3090 ( amd64 | i386 )
2. Download modaliases package ( amd64 | i386 )
3. Install by console
sudo dpkg -i rt3090-kernel-source_2.4.0.4-0ubuntu0~ppa1_amd64.deb rt3090-modaliases_2.4.0.4-0ubuntu0~ppa1_amd64.deb
or doubleclick and use Ubuntu Software Center
To solve the problem with wireless reconnects try to adjust smp affinity
for your card:
1. Get IRQ number in the first column in /proc/interrupts for wlan or ra device
$ cat /proc/interrupts | egrep “wlan|ra”
2. Dedicate our first CPU (CPU0) to handling the card interrupts
$ echo 1 > /proc/irq/ < IRQ > /smp_affinity
PS. Working with rt2860sta driver too.
PS. Must have uninstalled the irqbalance package
Ноя
20
2010
20
2010
--
DomU in Xen 4.0 on Debian squeeze pvops kernel
Check if your kernel was built with:
CONFIG_XEN_BLKDEV_FRONTEND=m CONFIG_XEN_NETDEV_FRONTEND=m
Add modules to initrd (in DomU)
echo "xen-blkfront" >> /etc/initramfs-tools/modules echo "xen-netfront" >> /etc/initramfs-tools/modules
Update initrd (in DomU)
update-initramfs -u -k all
Ноя
15
2010
15
2010
--
[fix] CenterIM GTalk contacts blinking
diff -urNad centerim-4.22.9~/src/icqcontacts.cc centerim-4.22.9/src/icqcontacts.cc
--- centerim-4.22.9~/src/icqcontacts.cc 2010-01-12 09:55:38.000000000 +0200
+++ centerim-4.22.9/src/icqcontacts.cc 2010-11-15 02:03:21.000000000 +0200
@@ -374,5 +374,5 @@
}
- c->setgroupid(gid);
+ c->setgroupid(gid, false);
}
июля
26
2010
26
2010
--
[debian #552439] drbd8 and linux-2.6.26 at lenny stable
/usr/src/modules/drbd8/drbd/drbd_nl.c: In function ‘drbd_nl_init’: /usr/src/modules/drbd8/drbd/drbd_nl.c:2403: error: size of array ‘type name’ is negative /usr/src/modules/drbd8/drbd/drbd_nl.c:2409: warning: passing argument 3 of ‘cn_add_callback’ from incompatible pointer type
ln -s /usr/src/linux-headers-`uname -r`/ /lib/modules/`uname -r`/source m-a -t build drbd8
мая
13
2010
13
2010
--
Янв
04
2010
04
2010
--
Настройка дополнительного домена для недоставленной почты
Проблема: Основной почтовый домен хостится на google app. Автоматические отчеты отсылаются напрямую в googleapp . Если gmail начал отклонять письма (не касается платных аккаунтов) на ваши служебные адреса (hostmaster, postmaster, root) – вы перестаните получать уведомления об ошибках, нотификации, ежедневные отчеты и тп. Приведенная конфигурация касается только конфигураци для почтовых серверов расчитаных в основном для отправки почты (lamp). Для возможности архивирования и пересылки используем дополнительный relay.
Решение:
1. Создаем вспомогательный домен c собвственным MX, SPF (к примеру: bounces.domain.ua, colo.domain.ua).
2. На серверах прописываем транспорт и направляем все ошибки (про доставленную почту и тп) через наш домен bounces.domain.ua.
/etc/postfix/main.cf
# Отчеты о недоставленой почте отправляем постмастеру notify_classes = bounce,resource,software double_bounce_sender = postmaster bounce_notice_recipient = postmaster@bounces.domain.ua # # Всю почту from:<> отправляем через наш relay empty_address_relayhost_maps_lookup_key = MAILER-DAEMON sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
/etc/postfix/sender_relay
MAILER-DAEMON bounces.domain.ua
3. В /etc/aliases перенаправляем всю почту для root на root@colo.domain.ua.
4. В моем случае, необходимо было всю почту к @bounces.domain.ua перенаправлять к одному адресату, а на ящики root@colo.domain.ua и cron@colo.domain.ua к другим. Остальное > /dev/null. Вот конфигурация вспомогательного почтового сервера:
# ---- Virtual domains for reposts ---- ...........................[SKIPED]......................... virtual_alias_domains = colo.domain.ua bounces.domain.ua virtual_alias_maps = hash:/etc/postfix/virtual # ---- Rewrite address ---- sender_canonical_maps = regexp:/etc/postfix/sender_canonical recipient_canonical_maps = hash:/etc/postfix/recipient_canonical # ---- Redefine default transport ---- default_transport = local # ---- Relay all local transport to one email ---- local_recipient_maps = luser_relay = null # ---- Define normal smtp transport for some domain ---- transport_maps = hash:/etc/postfix/transport # ---- Access only my network ---- smtpd_client_restrictions = permit_mynetworks, reject
/etc/postfix/virtual
@bounces.domain.ua xxxx1@other-domain.com.ua root@colo.domain.ua xxxx2@other-domain.com.ua cron@colo.domain.ua xxxx3@other-domain.com.ua
/etc/postfix/sender_canonical
/^(.*)@(.*)$/ ${1}@dsn.domain.ua
/etc/postfix/transport
@gmail.com smtp:gmail.com other-domain.com.ua smtp:other-domain.com.ua
Дек
18
2009
18
2009
--
Ноя
17
2009
17
2009
--
Как добавить patch в собираемый deb пакет [Debian Maintainers]
При сборке пакетов, крайне не рекомендуется изменять исходный код. Если нам все-таки необходимо это сделать – пользуемся менеджерами патчей dpatch или quilt.
Using DPatch
1. Устанавливаем dpatch
apt-get install dpatch
2. В список зависимостей Build-Depends, который находится в debian/control, добавляем dpatch
3. Создаем папку:
mkdir debian/patches
4. С помощью команды dpatch-edit-patch создаем наш патч. Утилита откроет консоль с копией исходников. Все сделаные изменения будут собраны в diff.
dpatch-edit-patch 01_our_new_patch
5. Файл debian/patches/00list указывает порядок исполнения. Добавляем название нашего патча в список :
echo 01_our_new_patch >> debian/patches/00list
6. В файл сборки debian/rules добавляем:
include /usr/share/dpatch/dpatch.make ... build: build-stamp build-stamp: patch-stamp ... build stuff here ... clean: unpatch ... clean stuff here ... ...
original link: HowTo use dpatch
Ноя
16
2009
16
2009
Linux initrd boot scheme (initramfs-tools)
After initrd image unpack and mount to / (rootfs, tmpfs):
mount /sys and /proc
init-top hook
init-premount hook
local-top hook
local-premount hook
mount realroot to /root
local-bottom hook
init-bottom hook
move mount /sys to /root/sys
move mount /proc to /root/proc
exec run-init(klibc)
delete rootfs contents
overmount from /root to /
chroot and chdir("/")
exec /sbin/init
июля
30
2009
30
2009
--
Storing your PHP sessions using memcached
apt-get install memcached apt-get install php5-memcache
Be sure that /etc/php5/apache2/conf.d/memcache.ini contains this line :
extension=memcache.so
replace
session.save_handler = files ; session.save_path = "N;/path"
with
session.save_handler = memcache ; change server:port to fit your needs... session.save_path=”tcp://127.0.0.1:11211?persistent=1&weight=1&timeout=1&retry_interval=15″
июля
25
2009
25
2009
--
Generate password [bash]
Add to ~/.bashrc
genpasswd() { local l=$1 [ "$l" == "" ] && l=20 tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs }
usage:
genpasswd 16or use
# http://www.adel.nursat.kz/apg/download.shtml
apg
июля
20
2009
20
2009
--
RPM excluded man pages
При установке rpm, если не хотите устанавливать документацию – создаем файл:
/etc/rpm/macros.nodoc
# Файлы описаные с помощью %doc в спеке: %_excludedocs 1 # Отключаются файлы, прописанные в спеке как %lang(<locale>) <file> : %_install_langs C:en:uk # Path to selinux file context patterns: %__file_context_path %{nil}
июля
01
2009
01
2009
--
uppercase in sh | shell programming
Convert variable data from lowercase to upper
echo $VAR | tr '[:upper:]' '[:lower:]' echo $VAR | tr '[:lower:]' '[:upper:]'
июня
30
2009
30
2009
--
мая
12
2009
12
2009
--
IP spoofing attack?!
Problem:
/! FAILSAFE /! Tue May 12 15:15:53 +0300 2009
Status: 500 Internal Server Error
IP spoofing attack?!
HTTP_CLIENT_IP=”10.1.200.218″
HTTP_X_FORWARDED_FOR=”217.117.64.2, 217.117.64.2″
Decision:
( Rails 2.3 )
ActionController::Base.ip_spoofing_check = false
Ruby on Rails 2.3 Release Notes
( Path )
forwarded_client_ip_with_test.patch
( READ )
https://rails.lighthouseapp.com/projects/8994/tickets/322
( READ )
http://github.com/rails/rails/commit/0a4a5f3129a137fc357e8444a08b135f0ad4fbe8
мая
11
2009
11
2009
--
мая
01
2009
01
2009
--
Sphinx Search – ubuntu – package
sudo apt-get install bzr-builddeb sudo bzr-buildpackage lp:pkg-sphinx sudo dpkg -i ../sphinxsearch_0.9.8-1_amd64.deb
Апр
15
2009
15
2009
--
Шрифты and Ubuntu and Firefox and Tahoma
mkdir ~/.fonts wget http://www.stchman.com/tools/MS_fonts/tahoma.zip unzip -d ~/.fonts tahoma.zip rm tahoma.zip
Открываем “System -> Параметры -> внешний вид -> шрифты”, везде выбираем “Tahoma , размер 8 + ставим галочку против “Монохромная отрисовка”.
Апр
13
2009
13
2009
--
[ubuntu] netbeans line height
short solution:
1. Install sun-java6-jdk (not open-jdk)
2. /usr/bin/netbeans –jdkhome /usr/lib/jvm/java-6-sun
links:
Editor text wasting vertical space
#Bug 146555 – Setting for “Line Height Correction”
How to change line height in NetBeans’ editor
марта
24
2009
24
2009
--
xen ubuntu console-kit-daemon
При установке Ubuntu под Xen часто возникает ошибка:
Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 58 activation: Invalid argument Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 8 activation: Invalid argument Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 43 activation: Invalid argument Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 47 activation: Invalid argument Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 45 activation: Invalid argument Mar 24 15:55:13 db console-kit-daemon[13251]: WARNING: Error waiting for native console 12 activation: Invalid argument
лечится это так:
rm /etc/dbus-1/system.d/ConsoleKit.conf rm /usr/share/dbus-1/system-services/org.freedesktop.ConsoleKit.service invoke-rc.d dbus restart
Незнаю, правильно это или нет, но, демон уже не запускается при старте 
марта
20
2009
20
2009
--
ubuntu [hardy/intrepid] bug #238755 ‘Account has expired’ message when adding a new user, after “passwd -l root”
‘Account has expired’ message when adding a new user, after “passwd -l root”
This seems to be related to the use of “passwd -l root”.
Until the Debian fix shows up in hardy, here is a workaround, thanks to Nicolas François:
sudo passwd --unlock root sudo usermod --lock root
марта
19
2009
19
2009
--
[ubuntu] wine и microsoft visio 2003
1. Устанивливаем последний wine (Wine for Ubuntu and Ubuntu derivatives)
sudo wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add - sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.list sudo apt-get update sudo apt-get install wine
2.
wget http://www.kegel.com/wine/winetricks sh winetricks corefonts vcrun6 sh winetricks wsh56 sh winetricks gecko msxml3 riched20 riched30 gdiplus
марта
05
2009
05
2009
--
Copy files partition2partition
Mount point method:
cd <mount-point-source> find . -xdev | cpio -pm <mount-point-dest>
Block device method:
if ( size[device2] >= size[device1] )
dd if=/block/device1 of=/block/device2 bs=4k
Remote copy over ssh:
ssh remote-host.com dd if=/block/source bs=4k | dd of=/block/destination bs=4k