Category Archives: Linux

Finally: A Fix for Python 2.7 Aborts on Import of ctypes

This has been bugging me for quite some time now: Every time I tried to import the ctypes module into Python 2.7, all I would get was the famous “Aborted” message. With some time to spare I could trace the problem down to the file closures.c of the libffi submodule. Most likely due to a compiler/optimization bug in older versions of gcc a double-free is happening there in line 151.
Since the surrounding function only checks for the presence of SELinux on the host and since the box I need to run Python 2.7 on doesn’t have SELinux installed, I opted for simply removing the whole thing:

--- a/Modules/_ctypes/libffi/src/closures.c 2012-04-10 01:07:33.000000000 +0200
+++ b/Modules/_ctpyes/libffi/src/closures.c 2012-06-20 17:35:40.277850045 +0200
@@ -119,52 +119,7 @@
 #define LACKS_SYS_MMAN_H 1
 
 #if FFI_MMAP_EXEC_SELINUX
-#include <sys/statfs.h>
-#include <stdlib.h>
-
-static int selinux_enabled = -1;
-
-static int
-selinux_enabled_check (void)
-{
-  struct statfs sfs;
-  FILE *f;
-  char *buf = NULL;
-  size_t len = 0;
-
-  if (statfs ("/selinux", &sfs) >= 0
-      && (unsigned int) sfs.f_type == 0xf97cff8cU)
-    return 1;
-  f = fopen ("/proc/mounts", "r");
-  if (f == NULL)
-    return 0;
-  while (getline (&buf, &len, f) >= 0)
-    {
-      char *p = strchr (buf, ' ');
-      if (p == NULL)
-        break;
-      p = strchr (p + 1, ' ');
-      if (p == NULL)
-        break;
-      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
-        {
-          free (buf);
-          fclose (f);
-          return 1;
-        }
-    }
-  free (buf);
-  fclose (f);
-  return 0;
-}
-
-#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
-                 : (selinux_enabled = selinux_enabled_check ()))
-
-#else
-
 #define is_selinux_enabled() 0
-
 #endif /* !FFI_MMAP_EXEC_SELINUX */
 
 #elif defined (__CYGWIN__)

Compile, install – works. Now on to some other stuff that needs Python 2.7 to run properly ;)

Astaro ASG as OpenVPN Access Server client

Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.

Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.

If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.

Kleine Erfolgserlebnisse

Vorher

Check name    Uptime    Downtime    Outages   Response time
#######       58.54%    9h 57m 02s    189      9649ms

Nachher

Check name    Uptime    Downtime    Outages   Response time
#######       100.00%   0h 00m 00s     0        647ms

.ovpn to .apc Converter Revisited

The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.

Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.

Slowing down

This has been a very hectic couple of weeks. Not only the beta testing for the (now not so) new Netgear ReadyNAS boxes with ARM architecture: the Duo v2 and the NV+ v2. But also building add-ons for the new interface. Currently available are:

Especially the new web interface was a major obstacle there for in some situations it behaves quite different than the old and trusty Frontview. But now that I’ve got the hang of it I’m quite confident that more stuff is going to follow soon. And of course updates to the ReadyNAS Sparc stuff that has been put on hold for doing the ARM thing ;) Since I’ve just upgraded this site to WordPress 3.3, I might do an add-on for that as well – we’ll see.

For now it’s relaxing time – at least until the end of the week.

The Day The Routers Died

Can’t believe I missed that.

I especially like the part about “those who stay silent”.

Dropbear for ReadyNAS (Sparc)

DropbearUsing SSH to connect to the ReadyNAS has many advantages for the experienced user. However, OpenSSH is kind of a resource hog which is especially true when being used together with rsync. To make rsync over SSH run a bit smoother I decided to replace OpenSSH with Dropbear on my Sparc line of ReadyNAS boxes. So here’s the latest addition to my add-on collection:

DropbearSSH_0.52-readynas-0.1.1.bin

Speed up SSH Logins

Ever since some upgrade of my Ubuntu workstation it would took forever (10-15 seconds) to login to remote hosts using ssh. The solution is quite easy. Edit /etc/ssh/ssh_config and make sure you have set the following options:

    GSSAPIAuthentication no
    AddressFamily inet

Since I made these changes ssh logins again work in no time.

What I Really Hate About Windows

I don’t run Windows regularly. I use Mac OS X. I use Ubuntu. I use Solaris. But when I need to run Windows it will never, ever fail to remind me why I don’t run Windows. It’s as simple as that. If updates are available, Mac OS X will inform me. Ubuntu will inform me. And if I told it to do so, Solaris will inform me. But all of these systems will never fucking ever *reboot* my machine just because they *thought* it’d be necessary. And even if they did have a function like that, they’d sure as hell be intelligent enough to find out that there are tasks running and stop or at least postpone the reboot. Oh well, after all it’s Windows I’m ranting about here ;)
Continue reading

Scan Magic With Scan Tailor

If you do a lot of newspaper scanning you know the problem: grey backgrounds, blurry pictures. No longer. Using Scan Tailor, a high quality scan is just six mouse clicks away. Scan Tailor is available for Windows and Linux – and it’s free as in free beer. Would someone please port this to the Mac?

Before Scan Tailor

Before

After Scan Tailor

6 clicks Later

Scan Tailor not only optimizes the pictures and cleans the background. It also deskews the image and can handle multiple images in one go.
Continue reading

Bash: Dynamic Variables

Every once in a while I need to use dynamic variables in shell scripts for doing things like

echo ${{$foo}_bar}

but unfortunately it won’t work like shown in the example above.
What will work however is this:
Continue reading

Hard Typing Ahead

This camera module is known to be mounted upside-down in some notebooks. Applications that use the libv4l library should display the video correctly, as libv4l detects upside-down cameras and rotates the image automatically. See Hans de Goede’s post on the linux-uvc-devel mailing list for more information. For applications that don’t use libv4l, try holding your computer upside-down.

From the Linux-UVC wiki.
Continue reading

Apache Patch: Pass environment variables to backends connected via mod_proxy_ajp

One popular method to connect Tomcat or JBoss to the Apache web server is using mod_proxy_ajp. This of course works very well except for the case where you want to pass some environment variables to the backends. This is especially true for those who want to implement a 404 error handler using Java or other languages backed by Java. A common request is to be able to pass the values of the REQUEST_… variables defined by Apache to the error handler. While the AJP13 protocol would actually allow for that to happen, mod_proxy_ajp doesn’t offer that functionality. Luckily it’s quite easy to patch the functionality in. All you need is the Apache source code. Download and unpack, then open the file modules/proxy/ajp_header.c in your favorite text editor. Look for this code snippet:
Continue reading

Varnish 2.0.5 released

As mentioned here, Varnish 2.0.5 has been released. Changes include performance improvements on Linux and reduced memory consumption when processing ESI. Going to test it on this site in a few …

Continue reading

Give more threads to Varnish

When running my preferred proxy cache Varnish on Linux I realized that I couldn’t start enough threads on heavily accessed systems. As I found out, reducing the stack size is the key to get to the number I need. Oh well, if everything would be easy, I wouldn’t get paid I guess ;)
Continue reading

Make your ReadyNAS the NTP time server of your network

Since it wasn’t that much work I decided to honor the request and build the server component of the NTP protocol suite for the ReadyNAS Duo/NV/NV+/1100/X6.
There are two archives available:

After installation the server will start immediately. However, it will take some time for the server to actually sync time and date with the official time sources. So it takes about 15 to 20 minutes until any client on your network can actually sync its time with the time source on the ReadyNAS.
Have fun with the tool and remember: Works for me, ymmv.

{openx:6}

CentOS5/RHEL5 fix for ImageMagick “cpio: MD5 sum error” and “cpio: read”

Back on CentOS 5 for a customer I stumbled across a little problem while installing RMagick for Ruby. Said interface between Ruby and the Image Magick tools requires Image Magick in a version greater then 6.3.5 to be installed on one’s system. However, CentOS 5 and RHEL 5 only provide version 6.2.8. Even more unfortunate is that while there are RPMs to be found on ImageMagick.org, they’re all for Fedora. So when trying to install the binary .rpm file, all you’ll get is something like this:

[root@testsys rpms]# rpm -Uvh ImageMagick-6.5.5-6.i386.rpm 
error: Failed dependencies:
	libHalf.so.4 is needed by ImageMagick-6.5.5-6.i386
	libIex.so.4 is needed by ImageMagick-6.5.5-6.i386
	libIlmImf.so.4 is needed by ImageMagick-6.5.5-6.i386
	libImath.so.4 is needed by ImageMagick-6.5.5-6.i386
	libcdt.so.4 is needed by ImageMagick-6.5.5-6.i386
	libfftw3.so.3 is needed by ImageMagick-6.5.5-6.i386
	libgraph.so.4 is needed by ImageMagick-6.5.5-6.i386
	libgvc.so.5 is needed by ImageMagick-6.5.5-6.i386

No problem you might say. Just grab the source rpm and rebuild from there. Alas, this will lead to another problem:

[root@testsys srcrpm]# rpm -Uvh ImageMagick-6.5.5-6.src.rpm 
   1:ImageMagick
warning: user cristy does not exist - using root
warning: group cristy does not exist - using root
########################################### [100%]
error: unpacking of archive failed on file 
/usr/src/redhat/SOURCES/ImageMagick-6.5.5-6.tar.bz2;
4aa10a8f: cpio: read

With older archives you’ll get a similar message:

[root@testsys srcrpm]# rpm -Uvh ImageMagick-6.5.5-5.src.rpm 
   1:ImageMagick
warning: user cristy does not exist - using root
warning: group cristy does not exist - using root
########################################### [100%]
error: unpacking of archive failed on file 
/usr/src/redhat/SOURCES/ImageMagick-6.5.5-5.tar.bz2;
4aa10b19: cpio: MD5 sum mismatch

The reason is that Fedora uses newer RPM utilities than the ones found on CentOS 5 / RHEL 5. This is the reason for the broken MD5 sums. Also, they recently switched from providing .tar.bz2 packed archives to .lzma packed archives which RPM on CentOS 5 / RHEL 5 doen’t know anything about.

Google wasn’t of any help to solve this particular problem without installing everything from source.

But fear not, there’s an easy solution. Just read on.

{openx:6}
Continue reading

iSCSI-Target 0.4.17svn220 fixes memory leaks

I just upgraded the iSCSI support for the older ReadyNAS line to version 0.4.17svn 220. Most notably this version includes a fix for some memory leaks in the previous versions.

For more information see the details or if you aren’t that patient go and get the file ;)

VLC media player 1.0.0 – Goldeneye

The best video player for Linux, Mac and Windows finally made it to version 1.0.0 ;) Go grab it here.

You’ll get:

Continue reading