Sparcitecture

I have no idea of the cause or remedy for this problem, but it certainly is a pain. I have two boxes running Debian GNU/Linux that are set up solely as SSH gateways. They use RSA token authentication. So far, so good. Now the weird part - I am unable to enter a capital letter c in the shell while connected to the boxes. If I cut and paste a string with a C in it the C gets stripped out, e.g. pasting Chris would result in hris showing up in the shell. If I launch vi or another editor I can paste the letter C or type it.

Any ideas?

Update: The problem seems to spring from having the following set in .bashrc

bind "set completion-ignore-case on"

[composed and posted with ecto]

Lately I have noticed that several packages in the Darwin Ports distribution fail to build properly, with the “port install” command either complaining about being unable to open the file or reporting a checksum mismatch. All of the ports in question (txt2html, nethack, rxvt) were hosted at SourceForge and when I followed the actual build process it appeared the source downloads were not completing and the errors were misleading.

Until DP gets their ports tree fixed, you can download the correct file from SourceForge manually and place it in /opt/local/var/db/dports/distfiles/ and run the install command and everything should build properly.

[composed and posted with ecto]

To anyone who has any influences at Apple’s marketing group:

1. Please make white “Apple” USB and FireWire cables in all useful lengths and configurations.
2. Please offer, for a reasonable amount more, the option to have a real CD shipped to you when you buy an album in the iTunes Store. That way you have instant gratification without the postpartum depression from spending money and not having anything physical to show for it.

[composed and posted with ecto]

This seems like a pretty smart idea for new linux users. Euronode has a web interface that allows you to customize a Debian-based Linux server. They then create the ISO images for installation with all of the correct configuration files for the services you specify.

[composed and posted with ecto]

To configure Sendmail on Solaris to only listen on the localhost, add the following to /etc/default/sendmail and restart the daemon.

MODE="-bd -ODaemonPortOptions=Addr=localhost"

[composed and posted with ecto]

Just posting this here for my own reference:

Darren Moffat: Using Solaris RBAC to only allow scp/sftp:

The RBAC functionality in Solaris is normally used to empower users but it can also be used to restrict what commands they may run.

It is possible to use RBAC to restrict access to the sshd(1m) subsystems. This is normally done to create a user who can use sftp but can not login.

Since sshd(1m) starts the subsystems listed in sshd_config(4) using the users login shell it isn’t possible to restrict the user by giving them a bogus shell (eg /bin/false). However if the user is assigned one of the profile shells (pfsh,pfksh,pfcsh) then they can be configured with only the commands necessary for the relvant sshd(1m) subsystems.

Create a new execution profile that contains only the scp and sftp-server commands thus:

$ cat <<_EOM_ >> /etc/security/exec_attr
Restricted Secure Shell:suser:cmd:::/usr/bin/scp:
Restricted Secure Shell:suser:cmd:::/usr/lib/ssh/sftp-server:
_EOM_

$ cat <<_EOM_ >> /etc/security/prof_attr
Restricted Secure Shell:::scp/sftp access only:
_EOM_

Update /etc/security/policy.conf to remove the “Basic Solaris User” profile from the PROFS_GRANTED entry, this ensures that by default users with profile shells can not run commands except those listed in their profile.

Set the users login shell to be one of the profile shells (eg /bin/pfsh). Give the user the “Restricted Secure Shell” profile eg.

        upload::::profiles=Restricted Secure Shell

Note the user can still login to the system and move around using cd but they can only issue the commands in the profile and shell builtins. Since ssh isn’t in the profile they won’t be able to use scp to get out of the machine again (In current Solaris implementations ssh is exec’d by scp to make the connection). The restricted feature of ksh allows stopping this behaviour as well. It is possible to have both a restricted shell and a profile shell out of the same binary. Unfortunately though we didn’t ship /bin/rpfksh in Solaris but it is trivial to implement as a one line shell script:

#!/bin/ksh
exec /bin/pfksh -r

You can now use /bin/rpfksh as the login shell rather than /bin/pfksh. Note that this will not stop the user using sftp to browse the filesystem via “cd” only a login shell. It is intended to make the login shell rather useless.

If we added a “-c” argument to /bin/pfexec we could achive an even better result for the login shell but would still have the issue of sftp-server allowing the user to “wander” around the filesystem. To fix that either sshd or sftp-server would need to chroot the user into their home directory. Neither Solaris or OpenSolaris supports that today.

[composed and posted with ecto]

Ben Rockwood: Exploring Sun Studio 10:

Alan Hargreaves recently blogged about Cscope-fast in OpenSolaris-Land. Cscope is a nifty tool, one that looks boring enough sittin in /opt/SUNWspro/bin untill you give it a spin and suddenly fall in love with it. I’ve always ment to really dig around with the tools that come with Sun Studio (aka: SOS) but never had the time, I just install it and use cc, thats it. Well, Alan get me interested, so I spent a little time today digging around.

I’m putting my devtools notes online. They aren’t fancy or anything, just what I jotted down as I played around.

Many of the tools supprised me, they are really handy! Simple things that I’ve known about but never actually bothered to use like indent and lint are pretty handy. Things I didn’t know where there like X Designer gave me a bit of a shock. But some nifty “hidden” treasures are there that I never bothered to notice like cscope, prof, cflow, dumpstabs, cxref, and ctrace. There are some kick ass tools in there if you only take the time to dig around, and now that I get to use Sun Studio for more than 60 days (thanks to OpenSolaris!) its time to learn.

Have a looksie at my notes and then take the time to dig around a little yourself, you’ll be glad you did.

[composed and posted with ecto]

Jeremy Teo: Evince/Poppler Packages up for testing:

Evince and Poppler packages are up for testing.

What is Evince? Shamelessly ripped from their homepage:

“Evince is a document viewer for multiple document formats like pdf, postscript, and many others. The goal of evince is to replace the multiple document viewers that exist on the GNOME Desktop, like ggv, gpdf, and xpdf with a single simple application.”

And Poppler:

“Poppler is a PDF rendering library based on the xpdf-3.0 code base.”

Packages are available as linked below (You need poppler to run evince)

Evince

• Solaris Sparc
• Solaris x86/x64

Poppler

• Solaris Sparc
• Solaris x86/x64

As usual, you may need additional packages from blastwave. If you’re running Gnome 2.8 from blastwave, you should be set. You will also need CSWgcc3corert and CSWgcc3g++rt (which you most likely already have. Again, pkg-get is your friend)

As usual feedback is appreciated, particularly from Sparc folks, since I don’t have a Sparc desktop.

[composed and posted with ecto]

Ben Rockwood: Solaris Flash Archives: Protect your development box:

If you’ve started to play with OpenSolaris you might have noticed that one of our constant concerns is turning your beloved development workstation into a brick. Brickification, or the result of a bad BFU (upgrade), can be painful. You have to remember that OpenSolaris is in fact the OS/Net conslidation of Solaris (and we call the Solaris 11 codebase we all now use Nevada, hence ONNV or OS/Net Nevada - thats OpenSolaris) is not simply the kernel like Linux but the whole base OS, from LibC to the tools, to the kernel, to the modules. On Linux if you build a bad kernel, no problem, reboot and select a diffrent kernel from GRUB or LILO and figure out what went wrong, but even on Linux if you jack up GNU LibC or the base toolset your gonna be reaching for a rescue or install CD. So when you upgrade a complete OpenSolaris system a lot is at stake. For the record, you can infact install only a kernel using the Install (pronounced Cap-Eye-Install) tool, but thats not nearly as much fun as upgrading the whole system via BFU. So, what we need is a way to protect our investment of time and effort. On Solaris we have two amazingly kick ass tools to help us solve this problem, and they become more important than ever in OpenSolaris development: Live Upgrade and Flash Archives.

I’ve actually written a paper on OpenSolaris development that covers both, but I haven’t completed it yet and don’t have time, so I’ll blog it in request to several folks who are curious about it. I’d like to extend a hearty thank you to Mr. John S. Howard who is no longer with Sun (who ever decided that was a dipshit), who is the unquestioned Jumpstart, Live Upgrade, Flash Archive god of Solaris. John, you rule.

Live Upgrade (LU) and Flash Archive (Flar) are both essentially big ass wrapper around CPIO, and neither do anything that seems particuarly unusual at first look, they are both definately “Ya, of course!” tools, but the point is that no one else does it, at least not as well as they do.

Live Upgrade allows you to create a copy of your root disk onto another disk in the system, and then (the Live bit) upgrade that copy (which we call an Alternate Boot Enviroment, or ABE). When you finish patching or upgrading the ABE you simply activate the ABE and reboot into it. In this way you can do time consuming (a complete recommended patch cluster on Solaris9 for instance can take 3-4 hours to install) upgrades to Solaris without incurring any more downtime than it takes to reboot.

Flash Archives on the other hand are root disk images. You create a flash archive using the “flar” tool, which will output a single file containing your system image. We can use these system images in a variety of ways to provide a robust imaging and snapshot/backup solution. The reason Flash Archives are so much more polished than other solutions is the fact that when you run the Solaris Installer (from CD usually) you’ll notice you actually are given 3 (or more) install options: Install, Upgrade, or Flash. When we create a Flash Archive we can store it on either an NFS, FTP or HTTP server and then access it again via a CD installer, as well as the fact that we can also use these archives via both JumpStart and Live Upgrade! When archives are installed onto a system they are done with the networking unconfigured (just like a sys-unconfig’ed system) making them great for imaging, just get a Solaris install how you like it, create the archive, then JumpStart install the archive onto your pool of servers, effortless rollouts!

For our purposes we’re interested in simply creating point in time snapshots of our system. Flash Archives indeed could be cron’ed and made to act as a nightly backup solution, but there are certainly better tools for doing that. When you feel you’ve got your box the way you like you can use “flarcreate” to create a Flash Archive, which we can store in some place accessable via NFS, FTP or HTTP. If for some reason we destroy or extensively damage our installation for some reason we can just pop in the Install CD, enter the networking information and point the installer to the archive… minutes later we’re booting back into our system. Every time I feel I’ve significantly improved or upgraded a system I cut an archive just in case.

Creating Flash Archives is easy. NFS provides the best method for archive storage, imho, so mount an NFS share locally, I prefer to mount to /flash. Then run run “flar create” with the appropriate arguments like this:

$ flarcreate -n "Monolyth B16 Snapshot" -a "benr@cuddletech.com"> \
-S -R / -x /flash /flash/Monolyth-Snapshot-`date '+%m-%d-%y'`.flar

So, looking at the arguments:

• -n adds a description to the archive (this is displayed during installation later)
• -a adds a string containing conact information
• -S tells flarcreate to skip its size checks, normally it will estimate the size of the archive prior to creating it, which can take a really really long time, this argument just lets us speed up the process
• -R specifies the root directory, by default its /, but I often supply it for completeness.
• -x specifies a directory to exclude from the archive, supply one -x per directory to exclude (ie: -x /opt -x /export). NFS mounted filesystems are excluded by default, but again for completeness I tend to put them in there anyway.
• (archivename).flar is the actual name of the output archive file. You can name it whatever you want, but typically its wise to put the hostname, archive creation date, and a .flar extention in the filename just to help identify it. The filename should be a absolute pathname, so since we’ve mounted our NFS archive repository to /flash, we’ll specify that path.

If your not using NFS then you should create a directory to put the archive in and be sure to exclude (-x) that directory during creation before you move it to your FTP or HTTP server.

As you can see, Flash Archives are quick and easy methods of creation snapshot backups of your system. I used one just this morning! I needed a bigger IDE harddrive in Monolyth, so I created an archive last night before I left the office, then this morning I shutdown, pulled the old drive completely and put in the new one, booted the installation CD (Solaris Express: Community Release in this case), setup networking, partitioned the new drive, and then installed from my NFS archive, all from the graphical installer. An hour later the copy completed and the system rebooted. I didn’t know anything had changed! I logged in and got back to work. Absolutely painless and I’ve got a faster disk with 70GB more space!

So, in the future as you play with OpenSolaris (or Solaris) and for whatever reason think that the system is good as it is, but you might want to reinstall it, or you want to see what rm -rf / does or whatever, don’t worry, don’t pull the drive and put it aside or mess with tapes, just create a Flash Archive and know that if you need to get back to where you were its only a quick install a way. Enjoy.

For more information check out:

• Solaris 10 Installation Guide: Solaris Flash Archives (Creation and Installation)
• Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning
• Solaris 10 Installation Guide: Custom JumpStart and Advanced Installations
• Using Live Upgrade 2.0 With JumpStart Technology and Web Start Flash[PDF] (BluePrint) by John S. Howard
• WebStart Flash[PDF] (BluePrint) by John S. Howard and Alex Noordergraaf
• Customizing JumpStart Framework for Installation and Recovery[PDF] (BluePrint) by John S. Howard and Alex Noordergraaf
• JumpStart Technology: Effective Use in the Solaris Operating Environment, the ultimate book discussing JumpStart, Flash, and LiveUpgrade by John S. Howard and Alex Noordergraaf, buy it online or at your local bookstore

[composed and posted with ecto]

Ben Rockwood: Burning CDs in Solaris:

I’ve never actually burned CDs under Solaris. Its such a pain (I’m still getting over how terrible it was several years ago) on Linux that I just didn’t even wanna touch CD burning on Solaris. But, to my great amazement, its really really easy! Witness!:

root@monolyth benr$ cdrw -l
Looking for CD devices...
    Node                   Connected Device                Device type
----------------------+--------------------------------+-----------------
 cdrom0               | SONY     DVD RW DW-D18A   VYS2 | CD Reader/Writer
root@monolyth benr$ cdrw -i sol-nv-b16-x86-v1.iso
Looking for CD devices...
Initializing device...done.
Writing track 1...
Finalizing (Can take several minutes)...done.
root@monolyth benr$

Talk about painless. The cdrw tool is even part of the default Solaris install, so nothing to setup or anything. I’m happy.

[composed and posted with ecto]