Craig Box's journeys, stories and notes...


Posts Tagged ‘debian’

GPG agent doesn't prompt for my passphrase

Thursday, February 22nd, 2007

Something that has always bothered me; I use the gpg-agent program to cache my passphrase in memory, but if I call it from dpkg-buildpackage or falcon, it just does this:

You need a passphrase to unlock the secret key for
user: "IT Partners <packages@itpartners.co.nz>"
1024-bit DSA key, ID xxxxxxx, created 2005-04-21

gpg: cancelled by user
gpg: skipped "xxxxxxxx": bad passphrase

Why does it punish me so? Turns out that pinentry, the program that asks for the passphrase, can't find a terminal, so can't run, and the key doesn't get cached.

To fix this, you can set the GPG_TTY variable, which I do in my .bashrc like so: export GPG_TTY=`tty`

Problem solved. And added to the WLUG wiki for posterity.

Periods in run-parts

Tuesday, October 31st, 2006

Repeat after me, Debian/Ubuntu sysadmins. You cannot use the period (.) character in /etc/foo.d directories. Can't can't can't.

Why? Well, man runparts says:

If the --lsbsysinit option is not given then the names must consist
entirely of upper and lower case letters, digits, underscores, and
hyphens.

So, you can't have files named "vhost.foo.co.nz" in your /etc/logrotate.d directory, and you can't have files named "awstats-foo.co.nz" in your /etc/cron.d directory.

As much of a big deal is made of Halloween, and as many groups of kids I saw walking the streets about 7:45, we only had one person knock on the door trick-or-treating. And we managed to successfully pretend we weren't here, sitting in the lounge watching Torchwood. (I keep waiting for the Doctor to turn up.)

Customising a Debian/Ubuntu installation CD

Thursday, August 17th, 2006

One of the things I maintain at work is a self-installing Linux distribution.

When I started in 2002, we were purchasing KickStart installed Red Hat 7.x machines from a local company. With Progeny's AutoInstall, I managed to get a CD that would automatically install Debian Woody, but not in a very nice fashion.

Ubuntu came out, was more up to date than Woody (I think my Commodore 64 was more up to date than Woody for a moment there), and so I changed to it after the second release. Hoary introducted some support for KickStart installations, but I found that much more power could be gained with the new debian-installer that was coming for Sarge. A guide to remastering your Ubuntu CD ensued.

Two releases later, I updated all the machines to Ubuntu Dapper, and tidied up the installer a whole heap. Today, under the chargeable heading of "documenting my self-installing Linux distribution in case I get hit by a bus", I have given the Ubuntu Install CD Customization page a complete overhaul. Read it - it's grand.

AWStats on Ubuntu

Friday, July 21st, 2006

AWStats is a "free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically". It's commonly used for generating pretty logs of your Apache web server. (See the AWStats demo if you're unfamiliar and interested.)

I got it going with my Ubuntu virtual web hosting setup this morning, and wrote a page about AWStats, Apache 2 and Ubuntu or Debian on the WLUG wiki. Enjoy.

Shutting Debconf up

Monday, July 17th, 2006

Debian's package system, as well as its automatic dependency resolution, has reasonable management of configuration files - not as great as Gentoo, unfortunately, which has some smarts about merging changes, but at least it stops you and tells you what is changing. It does this for files that are labelled as 'conffiles'.

If you're upgrading a lot of alike machines, you can find out what answers you want to load in first, and then tell the others to accept or reject the changes appropriately.

For example, hdparm gets an init script in Dapper that it didn't have in Hoary, so we can safely force an answer of 'yes' for that package:

apt-get install -y hdparm -o Dpkg::Options::="--force-confnew"

However, the firewall rules have been customized locally, and overwriting them with defaults would be bad!

apt-get install -y linuxserver-firewall -o Dpkg::Options::="--force-confold"

ClamAV's packages are a bit smarter, using the newer ucf configuration system, which, among other things, can handle a three way merge - letting you compare new, current and original, in a way that can roll your changes in a bit better. (It's also designed more for files edited or created in postinst, and not just plain configuration files). The syntax for automatic accepting of conffile changes is different for UCF:

UCF_FORCE_CONFFOLD=yes apt-get install -y clamav-base

Look at 'man ucf' and 'man dpkg' for more force options.