Tadek's Blog » Tips&Tricks

Talking TLS to SMTP

tadekp — Tue, 02 Dec 2008 13:06:48 +0000

I recently wanted to test TLS with SMTP. I followed instructions on http://qmail.jms1.net/test-auth.shtml and got it to work in less than 30s

In short:

perl -MMIME::Base64 -e 'print encode_base64("\000user\000password")'
openssl s_client -starttls smtp -crlf -connect :
auth 
mail from:
rcpt to:
data
...
.

Interestingly, when I tried typing RCPT s_client would interpret it as “renegotiate”, which confused me a bit, but you can inhibit it with --quiet or type it in lowercase like I did

xdu: analyzing disk-space usage

tadekp — Thu, 27 Nov 2008 16:05:50 +0000

I recently started getting nagmails about running out of quota on my home directory. Being a very messy user, I had no idea where the space went. I tried playing with du manually, but it’s much easier with xdu:

sudo apt-get install xdu
du > /tmp/blah
xdu -n /tmp/blah

Importing trusted CA certificate in OSX

tadekp — Mon, 28 Apr 2008 08:50:14 +0000

http://net.its.hawaii.edu/advanced/make_work/IPSec/MacOSXTiger/mactigercert.html – how to import a trusted CA certificate in OSX.

Removing all files older than X days

tadekp — Wed, 19 Mar 2008 15:39:50 +0000

I know it’s easy, but every time I write it I have to study the man page of find to figure out the correct parameters:

File only deletion:

find  -atime +7 -type f -print | xargs rm -f

Recursive deletion (be careful):

find  -atime +7 -print | xargs rm -rf

Installing SVN with Apache2 support on my server.

tadekp — Wed, 05 Mar 2008 22:11:09 +0000

I just enabled SVN access on my server through the web interface. It was quite easy and, since we have a Postgres DB authentication, there’s no need to edit inconvenient password files

All I had to do was to enable the SVN module: link dav_svn.{load|conf} in mods-enabled and add the following line to the SSL-ed vhost.


   SVNPath /var/lib/svn/foo
   Dav svn
  
    Require user user@example.com user2@example.com

Since the SSL-ed vhost already requires authentication, I didn’t have to change anything. I also had to create an SVN repository svnadmin create --fs-type fsfs /var/lib/svn/foo and change the permissions to www-data.

The checkout command is:

svn –username user@example.com –password my_secret_password co https://my.example.com/svn/foo

SVN caches the username and password, so any further operations are done without prompting you for it. If you don’t like it, you can disable it with --no-auth-cache.

Finally, one annoying thing. Initially, I would just try to connect without –username and SVN would first try my Unix user name and then ask for it. Unfortunately, some (but not all) users I tried in this way would get a mysterious:

svn: PROPFIND request failed on '/svn/foo'
svn: PROPFIND of '/svn/foo': authorization failed (https://example.com)

WTH?

Apache2.0 -> Apache 2.2 upgrade issues

tadekp — Tue, 04 Mar 2008 10:00:37 +0000

While upgrading apache 2.0 -> 2.2 I found that two configuration options have changed:

AuthAutoritative -> AuthBasicAuthoritative (needs to be set to Off for mod_auth_pgsql to work).
AuthDigestFile -> AuthUserFile

Plus there has been a log of changes in apache2.conf. I looked at the changes we made (keeping /etc/ in SVN comes in handy, in spite of occasional pain) and pasted them to the vanilla apache2.conf that came with 2.2.

WTH: eth0 got renamed to eth2 after an upgrade

tadekp — Tue, 04 Mar 2008 09:49:14 +0000

While upgrading a remote server from sarge to etch including the new kernel, the server did not come up. After attaching a console (thanks Hetzner!) I found out that the network interface got mysteriously renamed to eth2!

After snooping around a bit, I found out that the culprit was udev, more specifically /etc/udev/rules.d/z25_persistent-net.rules which says:

 # This file was automatically generated by the /lib/udev/write_net_rules
 # program, probably run by the persistent-net-generator.rules rules file. 
 #
 # You can modify it, as long as you keep each rule on a single line.
 # MAC addresses must be written in lowercase.
 # PCI device 0x1106:0x3065 (via-rhine)
 SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:76:af:2f:9d", NAME="eth0"

It also contained two entries for bogus eth0 and eth1 (usb dongle got identified as a network card?). After removing the and relabeling interfaces everything is back to normal now.

Patching debian packages

tadekp — Tue, 04 Mar 2008 09:42:43 +0000

While upgrading my server, I had to create a new version of Cyrus-SASL packages with the crypt patch. This turned out to be more difficult as I thought as just patching the raw source would conflict with debian patches applied after that and the package building would fail. Fortunately, I learned about (dpatch)[http://www.tuxmaniac.com/blog/2008/01/25/dpatch-just-superb-a-short-how-to/], which is a standard mechanism for patching stuff in Debian.

Once I figured out how to do it, it tunred out to be very simple:

Unpack the original orig.tar.gz
Apply the Debian diff (this would create a debian subdirectory)
Edit changelog file to add a new release (so that we can keep track of it).
Run dpatch-edit-patch fixing_foo to create a patch. This will create a shell with mounted source package and any changes you make there will be included in the diff.
Exit the shell without changing anything. You will change things after making sure that the patch is applied in the correct order.
Edit 00list to set the patch ordering.
Run dpatch-edit-patch again now, with all the previous patches applied.
Make the necessary changes.
Build the target package with debuild-pbuilder (this will download all the dependencies too).
Install the pakcages with dpkg -i (I could also create my private apt-repository for this. I wrote about in in a blog entry about pbuilder).
Pin the packages so that they will not get upgraded echo "package hold" | dpkg --set-selection

sed and awk – my two old friends

tadekp — Sun, 30 Sep 2007 21:35:48 +0000

Writing some shell scripts I needed to do some a little fancier variable substitution than the standard shell offers. The heavyweight solution would be to write a perl one-liner, but this is, well…, heavyweight?

Here’s a couple of patterns I used:

--parameter=$(sed -re 's/ /,/g' -e 's/(^|,)/\1file:/g' <<<$INPUT) - replaces spaces with commas and prepends file to every file.
--parameter=$(awk '{split($0, a, /@/); printf "%s-?????-of-%05d", a[1], a[2]} <<<$INPUT)'

 - replaces file@5 with file-?????-of-00005
--parameter=$(awk '{sub(/.*:/, ""); print $0}' <<<$INPUT)  - removes everything before the colon.



Parsing parameters in bash – a getopt template
tadekp — Thu, 16 Aug 2007 13:48:28 +0000
Writing some bash scripts that parse command lines, I wrote this handy template with getopt. It is easy to apply even for simplest scripts.

OPTION_SPEC="help,flag1,flag2_params:"
PARSED_OPTIONS=$(getopt -n "$0" -a -o h --long $OPTION_SPEC -- "$@")
OPTIONS_RET=$?
eval set -- "$PARSED_OPTIONS"

Parsing error or no flags

if [ $OPTIONS_RET -ne 0 ] || [ $# -le 0 ]; then
  usage;
  die;
fi

while [ $# -ge 1 ]; do
  case $1 in
    --help | -h )  usage; die;;
    --flag1 )  FLAG1=1;;
    --flag2_params )  shift; FLAG2_PARAMS="$1";;
    -- ) shift;;
    * ) echo "ERROR: unknown flag $1"; usage; die;;
  esac
  shift
done


No more unannotated $ns in my scripts!