Old Ubuntu-releases in APT / etc.

We have an old VM (Ubuntu 14.10) that we just have running – it does a very specific job, isn’t connected to anything important and just shugs along. But because of a dependency issue with external software, we needed to install a new library to it – and because of dependencies when we first set up the VM, Ubuntu was the distro selected.

Sadly all the old URLs for apt-get in sources.list had stopped working, as the mirrors no longer had that specific Ubuntu (utopic) version available.

Luckily – after a bit of using our old friend Google – I found old-releases.ubuntu.com. This is also available as an archive for content through APT, so if you prefix your old addresses with old-releases.ubuntu.com instead of whatever mirror you’re used to fetching images from, you can get last version of the packages made available when you first set up your distro.

Saved the day!

Enabling OpenVPN configuration / autostart on Ubuntu

This assumes that you’ve already made sure that your configuration is valid and is able to connect (you can do this by calling openvpn --config /etc/openvpn/FILENAME.conf directly. It won’t be daemonized, but it will give you any errors on the console directly).

There’s a few details you’ll have to get right before the openvpn daemon starts your configuration automagically under Ubuntu:

  1. Your configuration has to be under /etc/openvpn/FILENAME.conf. The .conf part is important. If it ends with .ovpn or anything else, it won't be loaded.
  2. Ubuntu isn't set to start all configurations by default. You can change this by editing /etc/default/openvpn. Change the AUTOSTART variable to the configurations you want to start when the daemon starts. The example in the file says "all", which means that all defined configurations will start. This is OK if you want to keep openvpn up at all times.
  3. You have to tell systemd that you've changed the default file. If you don't do this, nothing will have appeared to change for openvpn - unless you restart the OS. And you don't want to restart your server just to make a setting visible. Do systemctl daemon-reload to make systemd reload the settings (this is also in the comments in the file, but hey, you don't have time to read those, so now you're searching Google instead).
  4. Restart openvpn: service openvpn restart
  5. Confirm that everything went OK by looking in /var/log/syslog

dpkg: /etc/resolvconf/update-libc.d/sendmail: 7: .: Can’t open /usr/share/sendmail/dynamic

While apt-get upgrade-ing a server that apparently had bind9 installed, it barfed out complaining about something about sendmail. Weird, as sendmail isn’t installed (at least not any longer), but since sendmail isn’t installed, it couldn’t be removed either.

The solution: mv /etc/resolvconf/update-libc.d/sendmail /tmp — and run dpkg / apt-get / aptitude again. If it works now (and you don’t have sendmail installed either), delete the file from /tmp.

/etc/resolvconf/update-libc.d/sendmail: 7: .: Can't open /usr/share/sendmail/dynamic
run-parts: /etc/resolvconf/update-libc.d/sendmail exited with return code 2
run-parts: /etc/resolvconf/update.d/libc exited with return code 1
invoke-rc.d: initscript bind9, action "restart" failed.
dpkg: error processing bind9 (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 bind9

Evolution & Exchange: Unable to retrieve message

Some time after upgrading to Ubuntu 11.10 I ended up with the dreaded “Unable to retrieve message” in Evolution (which I use for Exchange connectivity). This has usually corrected itself by simply restarting Evolution, but this time nothing would help. I stumbled across a thread that provided a few ways to possibly solve the issue, but the .evolution directory didn’t contain any live installation in Ubuntu.

Turns out the directory is:

.local/share/evolution

As both my mailstore and address book lives on the Exchange server, I decided to just move the evolution directory to a new name and recreate the evolution directory from scratch. This takes a bit of time while Evolution indexes everything, but after a while everything were back to normal.

E:Error, pkgProblemResolver::Resolve generated breaks

While attempting to upgrade to Ubuntu 11.10 (Oneiric) from 11.04, do-release-upgrade refused to do anything useful. The only message it felt like delivering was “E:Error, pkgProblemResolver::Resolve generated breaks”. Googling didn’t turn up much, but a forum thread (which I seem to have lost now) suggested (among other attempts) to remove any references to external (3rd party) APT repositories. I thought do-release-upgrade did this by itself, but apparently not …

Commenting out the external repositories in /etc/apt/sources.list and in /etc/apt/sources.list.d/* solved the problem (I had spotify, dropbox and Google Chrome there), allowing do-release-upgrade to do its thing.

Getting Mac OS X-fonts to Work on Windows (Through Ubuntu)

This will be a fairly technical post, so if you’re not in the mood or don’t know what a bash script or Ubuntu is, this might not be the post for you.

Useful Ubuntu packages: fontforge (install with apt-get install fontforge)
Useful PERL Libraries: Mac::AppleSingleDouble (install with cpan install Mac::AppleSingleDouble)

First; Mac OS X stores the actual font data as a secondary data stream / file that’s attached to the actual font that the user can see. This requires the user sending the font to zip the contents before sending, so that both files can be included. The interesting files will be located in the __MACOSX folder and not in the actual folder containing the font (this folder will only contain the files with a 0 byte size). These files in __MACOSX will be the ones we’re going to town with.

Doing “file” on any file from this directory will probably yield “AppleDouble encoded Macintosh file”.

You can extract the actual contents of these files with the following awesome PERL snippet from a post at superuser:

perl -MMac::AppleSingleDouble -e 'for(@ARGV) {
    $a = new Mac::AppleSingleDouble($_);
    if(open $f, ">", $_.".rsrc") {
        binmode $f;
        print $f $a->get_entry(2);
        close $f;
    }
}' FILENAME_HERE

This will create a FILENAME_HERE.rsrc file in the current directory. This is the actual file that were stored as side channel data, without the other metadata associated with it.

In my case the resulting file was indicated to be a “Mac OSX datafork font, PostScript” by “file”, and after this I tried two things – one worked, one failed.

The first that failed:
In the archive there was also two other small datafiles. I tried extracting these and renaming the files to .pfb and .pfm (to use them as PostScript Type 1 fonts on Windows). This did not work. I’m not really sure where this failed at the moment, as I didn’t really feel like digging myself further down into the Windows Font subsystem. I also tried running the files through fondu, but didn’t get anywhere (it seems I really should run this under Mac OS X to be able to generate the proper .pfb and .afm files).

The second that worked (sort of):
fontforge is able to import a PostScript/dfont file without the associated metadata file. This might break kerning and a few other issues (fontforge will guess, so it won’t be half-bad), but will give you a resulting TTF file that actually works and can be used for most of the things that you’d use the font for. It was good enough for our use. Simply start fontforge, open the file and select file -> Generate Font afterwards.

Hopefully I won’t have to do this any time soon again. Fonts. Prrffftttt.

gnome-web-photo, Ubuntu and “Could not get gre path!”

Another issue I came across in my current adventures in gnome-web-photo land was that gnome-web-photo just stopped running after upgrading up through four different Ubuntu releases. gnome-web-photo crapped out with an error message about the GRE path being wrong, and the only resources on the web were commit messages from when the error message was changed and committed to the gnome-web-photo project.

Digging, digging and a bit more digging led me to suspecting that xulrunner wasn’t behaving as it should. stracing the gnome-web-photo binary (named gnome-web-photo.real on Ubuntu, as gnome-web-photo is a simple wrapper script) revealed that it was attempting to load a difference version of xulrunner than what actually were present (it tried fstat-ing a non-existant directory).

Checking out the current configuration of gre in /etc/gre.d (.. where I’ve never ventured before) indicated that DPKG had left the new package configuration without switching it to the standard configuration. This meant that the old GRE configuration was used, and not the new one. Renaming the old configuration file to gibberish and then removing the suffix from the new one solved the issue.

  • Removed: 1.9.1.14.system.conf
  • Renamed: 1.9.2.11.system.conf.dpkg-bak to 1.9.2.11.system.conf

.. and now gnome-web-photo actually works again!

gnome-web-photo segfaults (segment fault)! OH NOES!

We capture images from beautiful web pages all over the world by exposing the gnome-web-photo package through a simple web service. After moving the service to a new server today gnome-web-photo suddenly started segfaulting (aka segment fault).

Running the application as the same user as the web server worked (after fixing the home directory so that gconf etc was able to create its files), but when running in the web server process itself things segfaulted.

The next attempt was to run both the working and non-working version through strace and see what the difference were, and apparently things segfaulted when the working process accessed <home directory>.mozilla/. This was the first access to anything inside the home directory of the user, which provided the solution:

When the process was running under the web server, the HOME environment variable was not set, but while running under the user from the shell (through su -), it was present. gnome-web-photo (or Firefox?) apparently does not feature any sort of fallback if the HOME environment variable is missing and segfaults instead.

Maybe that could be a patch for the weekend, but hey, the Olympic Games are on!

Fixing dpkg / apt-get Problem With Python2.6

While trying to upgrade to Python 2.6 on one of my development machines tonight I was faced by an error message after running apt-get install python2.6:

After unpacking 0B of additional disk space will be used.
Setting up python2.6-minimal (2.6.4-4) ...
Linking and byte-compiling packages for runtime python2.6...
pycentral: pycentral rtinstall: installed runtime python2.6 not found
pycentral rtinstall: installed runtime python2.6 not found
dpkg: error processing python2.6-minimal (--configure):
 subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of python2.6:
 python2.6 depends on python2.6-minimal (= 2.6.4-4); however:
  Package python2.6-minimal is not configured yet.
dpkg: error processing python2.6 (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 python2.6-minimal
 python2.6
E: Sub-process /usr/bin/dpkg returned an error code (1)

Attempting to install python2.6-minimal wouldn’t work, attempting to install python2.6 proved to have the same problem.

Luckily the Launchpad thread for python-central provided the answer: Upgrade python-central first!

:~# apt-get install python-central
[snip]
Setting up python2.6 (2.6.4-4) ...
Setting up python-central (0.6.14+nmu2) ...
:~#

A Quick Introduction to chmod and Octal Numbers

Someone asked what the difference between doing a chmod 777 and chmod 755 is today, and hopefully this short, informal post will provide you with the answer (if you want to jump straight through to the conclusion, man chmod).

Octal Numbers

The number you provide as an argument to chmod is an octal number telling chmod what access you want to provide to a file (or a directory, device, etc – an entry on the file system). The number are in fact three discreet values, 7, 5 and 5. Each of the values correspond to a set of three bits, either one being zero or one. Three bits makes up a value from 0 – 7, hence an octal number (a decimal number has the digits 0 – 9 for each digit, an octal number has 0 – 7, a binary number has 0 – 1, a hexadecimal number has 0 – F (15)).

If you tried to count from 0 to 10 (decimal) in octal, it’d be: 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12. 12 in octal is the same value as 10 in decimal. The big difference is that both octal and decimal maps very neatly on top of binary numbers, being exactly three or four bits.

The usual way to write an octal number in a programming language is by appending a zero in front of it, such as 0755. This tells the compiler that the number is written in octal notation, and the value is then parsed as such. chmod parses all numbers as octal, and does actually handle four digits. Since missing digits are considered to be zero, the first digit is usually not included (or simply as a zero – which will look the same as the representation used in certain programming languages). The first, usually unused digit, have a special meaning, setting the “set user id” (suid), “set group id” (guid) or the “restricted deletion” or “sticky” attributes (you can read more about these options in the manual page).

File permissions

Now that we know what an octal number is, it’s time to look at how the file permissions work. Each file has three sets of permissions, one set for the user owning the file, one set for the group owning the file and one set for anyone else. If you want to take a look at these values on a unix based system, simply type ls -l to list files in a verbose way. Your result will look something like:

-rw-r--r--  1 mats mats        35 2008-08-23 20:24 IMPORTANTFILE

The permissions are listed in the first column, containng “-rw-r–r–“. The first character “-” indicates if the file is a directory (d), if the suid or guid bits are set etc.

This leaves us with “rw-r–r–” – the three sets of permissions. “rw-” is for the user owning the file, “r–” is for the group owning the file and the last “r–” are for anyone else (or ‘other’ as it’s called). The “r” means read, the “w” means write and the currently missing letter is “x”, which means execute (for files) or search (for directories). The “execute” setting is used to let bash (or another shell) attempt to run the file as a script, attempting to parse the first line as a path to the interpreter for the file (i.e. #!/usr/bin/python).

We have three flags (read, write, execute) that can be either on or off. This should remind us of three bits, either being 0 (not set) or 1 (set). And an octal digit is exactly three bits. This means that an octal digit maps exactly to the bit sequence needed to set permissions for a file. A 7 is “111”, a 5 is “101”, a 4 is “100” and so on. Mapping this to permissions:

7 = 111 = rwx
6 = 110 = rw-
5 = 101 = r-x
4 = 100 = r--
3 = 011 = -wx
2 = 010 = -w-
1 = 001 = --x
0 = 000 = ---

When calling chmod 755 on a directory we’re telling chmod to “set the read, write and search bits for me, the read and search bits for the group and the read and search bits for other users” (‘search’ for directories, ‘execute’ for files).

Another example is 644 that maps to 110 100 100, which again maps to “rw-r–r–” which usually is the standard access mode for files (and 755 for directories).

Handling Permissions With Symbols

I’m now going to eliminate the need for remembering everything I’ve written so far in the post, but at least you’ll know what people are talking about when they’re telling you to chmod something this-or-that.

You can also use the symbols directly with chmod, either adding, removing or setting the permissions for one of the three groups.

Examples:

To remove all access for other users (but leaving group and user intact)
chmod o-rwx file

To give everyone read access
chmod a+r file

To give everyone read – and search – access
chmod a+rx directory

To set particular user modes for each group
chmod u=rw,g=w,o=w file (a file that the user can read, but anyone can write to)

And with that I chmod this post a+r.