Skip to content

Fixing privileges to mount USB Keys with polkit

After switching to Devuan, I got suddenly dolphin complaining that it cannot mount an USB Key. Since Devuan is back to polkit to get rid of systemd (but polkit is probably part of the problem too), the fix is to add a /etc/polkit-1/localauthority/50-local.d/auto-mount.pkla with:

[Allow Automount]
Identity=unix-group:plugdev
Action=org.freedesktop.udisks2.filesystem-mount
ResultAny=yes
ResultInactive=yes
ResultActive=yes

And make sure users belong to plugdev.

Providing different DNS records (spoofed or not) depending on the client with Bind9

I did some major changes to my local server Bind9 setup. I was at the begin caching apt and steam depots on this server using dnsspoof from dsniff. After a few upgrades dnsspoof started to do nothing: it was up, on the proper device, noticing requests relevant to be spoofed but the end clients were still getting the real DNS records, not the spoofed ones.

So, I eventually decided to use directly Bind9, already up as a cache server, to do the spoofing.

Good, except that then nginx, running on the same server as Bind9, then required another resolver than Bind9 in order to get the real DNS records, since Bind9 was replying spoofed crap.

Bind9 is fully featured and I found that the easier way to get it do gives tailored replies depending on the clients is to use the views. But using views implies that every zones are included into views. You cannot just add a “view” for a given purpose and let your general setup.

A setup that should work more or less out of the box is provided with my packages -utils-cache-steam and -utils-cache-apt.

Using this, you must edit your /etc/bind/named.conf so it no longer directly include zones definition files but include the /etc/bind/named.conf.views that in turn will include relevant zones. Clients are set in /etc/bind/named.conf.acl and by default handle 192.168.1.1, 10.0.0.1 and 10.0.1.0 as server host (the two later are being used in my silent low energy consumption home server proposed setup).

It includes /etc/bind/named.conf.cache.sh that will (re-)generate zones definition files (named.conf.cache…) depending on the services you are actually caching.

This could probably be improved (annoying to make differences between 192.168, 10.0.0 and 10.0.1…) but it works fine. You can test by pinging packages.devuan.org from the server (loopback) or any clients.

Moving away from systemd with Devuan

A while ago, I was encouraging to give a try to systemd. Well, now I know better and decided to get away from this tool that clearly wants to replace many parts of my system at once. There are many articles about systemd, why it’s good and why it’s not. I kept on open mind of the topic, I tried systemd on many boxes. Some stuff just stopped to work, or did not work as I expected it to work. Maybe I’m clueless but I’m not alone. Point is with systemd, I’m able to do less and it takes me more time.

Now devuan is installable so I installed it already on two of my boxes. So far, no problem. I wonder how Devuan will cope with bugs reports and stuff in the long run.

The process is as simple as:

wget http://packages.devuan.org/devuan/pool/main/d/devuan-baseconf/devuan-baseconf_0.6.4%2bdevuan3_all.deb
# select ascii (= testing)
dpkg -i devuan-baseconf_0.6.4+devuan3_all.deb
cd /etc/apt/sources.list.d/
# comment  debian sources
nano sources.list
apt-get install devuan-keyring
apt-get update && apt-get upgrade
apt-get --purge remove systemd systemd-shim
dpkg --list | grep systemd
apt-get --purge remove libsystemd-journal0 libsystemd-login0
apt-get --purge autoremove
debfoster

Sharing uid to cope with inconsistent user and group names

One day you set up some service, for instance like this spam slayer setup. Later arises the situation when the distribution package use user account named X (for instance debian-spamd)  while you set up things to use another one (for instance Debian-exim).

The easiest fix is to give them a common uid:

usermod –non-unique –uid 101 debian-spamd

(101 being user id of Debian-exim account).

Obviously it could be best to review the setup to really use two separates accounts. But it’s up to you to decide whether it’s changing it.

You may also add –gid too.

Removing invalid/incomplete multibyte or wide character in filenames

Getting an old backup, from an ante-UTF-8 era, I found out many files had filenames with some characters unreadable, or partly readable depending on the software.

I tried my urlize script first but unac (that it depends on) failed with:

unac_string: Invalid or incomplete multibyte or wide character

The easiest way to get rid of these is simply use iconv, for instance doing in a directory with such files:

for file in *; do mv "$file" "`echo "$file" | iconv -f utf8 -c -t ascii//IGNORE`"; done

Getting rid of the ever growing /var/lib/mysql/ibdata1 by getting rid of InnoDB itself

On your MySQL server, what’s is the size of /var/lib/mysql/ibdata1 ? Even if you completely drop all your databases, it won’t shrink. It surely fits a purpose: MySQL people wrote that “the fact that InnoDB tablespaces can only grow and never shrink is docummented design decision”. But the notion of a file (ibdata1 – InnoDB tablespaces) that can only grow even if you remove permanently all of your data is odd nonetheless.

The solution is not to use InnoDB. Here’s a fast way to get rid of all of it:

First we switch to MariaDB (project under the umbrella of MySQL founder Michael Widenius):

apt-get install mariadb-server mariadb-client

We make a dump of every database we want to keep:

cd /var/lib/mysql

mysqlshow # list databases
mysqldump database1 > database1.dump
mysqldump database2 > database2.dump

We add a configuration snippet to switch off innodb:

echo '[mysqld]
ignore-builtin-innodb
default-storage-engine = myisam' > /etc/mysql/conf.d/noinnodb.cnf

We restart the SQL server:

invoke-rc.d mysql restart
mysql -e "SHOW ENGINES" # should no longer show InnoDB

We remove databases with InnoDB tablespaces:

mysql -e "DROP DATABASE database1"
mysql -e "DROP DATABASE database2"

We recreate them with the dumps:

mysql -e "CREATE DATABASE database1"
mysql -e "CREATE DATABASE database2"
mysql database1 < database1.dump
mysql database2 < database2.dump

We remove the now useless InnoDB crap:

rm -f ib_logfile* ibdata1

And if everything is fine, we also remove the SQL dumps:

rm -f *.dump

Scanning and creating small PDFs using sane and ghostscript

I tend to try to avoid paper printouts. I have enough backups so scanned archives are enough. I made a few test on the best way to produce small PDF on the command line. I found the following bash functions to be the most effective:

function scan2pdf {
  cd ~/tmprm/scan
  FILE=$1
  [ "$FILE" == "" ] && read FILE
  [ -e "$FILE".pdf ] && return
  # scan A4 gray
  scanimage -l 0 -t 0 -x 215 -y 297 --mode Gray --resolution=300 > "$FILE".pnm
  # convert to ps because gs needs this import format
  pnmtops -dpi 300 "$FILE".pnm > "$FILE".ps
  # convert to PDF with decent /ebook quality setting
  gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dBATCH -sOutputFile="$FILE".pdf "$FILE".ps
  rm -f "$FILE".pnm "$FILE".ps
}

function scan2pdfs {
    cd ~/tmprm/scan
    ENDFILE=$1
    [ "$ENDFILE" == "" ] && read ENDFILE
    for i in `seq --equal-width 999`; do
	echo "(d)one?"
	read NEXT
	[ "$NEXT" == "d" ] && break
	scan2pdf "$ENDFILE"$i
    done
    gs -sDEVICE=pdfwrite -dNOPAUSE -dBATCH -sOutputFile="$ENDFILE".pdf -f "$ENDFILE"*.pdf"
    echo "OK? (CTRL-C)"
    read OK    
    rm -f $LIST
}

It can be used as follow:

scan2pdf thisfile

scan2pdf thisotherfile

scan2pdfs multiplefiles

It does all the work in ~/tmp/scan but that’s a personal convenience. With this, I get PDF that are smaller than 1MB – while other methods I tried before was producing 5/6MB files for the same content.

Update: now this is provided as general bashrc.d script. It’s included in the -utils package. Now the main command for multiple A4 pages PDF is no longer scan2pdfs but scan2pdf. Its behavior can be changed through variables SCAN2PDF_DIRECTORY (default = ~/tmprm/scan) and SCAN2PDF_DPI (default = 300).

Follow

Get every new post delivered to your Inbox.