using postfix for secure tests with live data

During web development and quality assurance you sometimes want to test an application with live data (e.g. a web shop test instance with live customer sql data). As your application implements mail functionality you have to make sure that no mail on the test server is sent to a real user but you probably want to be able to send mails to developers and receive all other outgoing test mails in a catch-all account. An easy Postfix tweak for this is using a pcre regular expression virtual map.

So our goal is: All outgoing mails to a specific domain should be delivered normally (e.g. your company domain) while all other outgoing mails should be delivered to one specific catch-all mailbox.

Actually this task can be resolved by adding not more than three lines of configuration code in two files.

1. in /etc/postfix/main.cf add

virtual_alias_maps = pcre:/etc/postfix/virtual.pcre

2. the new /etc/postfix/virtual.pcre should look like

/(.+)@yourowndomain\.tld$/ ${1}@yourowndomain.tld
/(.+)@(.+)/ catchoutgoing@yourowndomain.tld

After having restarted postfix you are already done.

Please note, a ${0} instead of ${1}@yourowndomain.tld did not work for me, so this a tiny workaround which does not look beautiful but really does it’s job.

p.s.: A really nice (but somehow old looking) tool for developing and testing regular expressions is „redet„, a „regular expression development and execution tool“ which knows nearly every important regex syntax depending on the tools you have installed. You’ll find redet in your Debian/Ubuntu repository.

libapache2-mod-xsendfile – processes X-SENDFILE headers with apache2

For some projects I had to figure out a way to deliver a file via Apache2 but still being able to put some business logic before the download. Imagine you have a php, perl, rails, ruby or whatever project and want to check credentials before delivering a file while not blocking your application with submitting large amounts of data. Lighttpd has a mechanism called „xsendfile“ for this. To make it short, this looks for a X-Sendfile header sent by the application. If this header is set and directs to a file the web server stops processing its script and starts delivering a file.

Fortunately there is a promising Apache2 port for this: mod-xsendfile. As I had to compile this serveral times and did not find it in Debian unstable or Ubuntu I made it my first packaging attempt (after having attended the first German Packaging Jam held by Daniel Holbach – thank you!).

If you like, you can test the module for hardy by enabling my ppa archive:

deb http://ppa.launchpad.net/damokles/ubuntu hardy main
deb-src http://ppa.launchpad.net/damokles/ubuntu hardy main

and „aptitude install libapache2-mod-xsendfile“ afterwards. See the website for reference. I will also upload this to my ppa for stable releases within the next days.

There is a launchpad bug I created for this. Feel free to test the module and the package and add comments there or directly here. Sadfully this package is to late to be integrated into hardy, so maybe the Intrepid Ibex (what a name…) will be a good milestone.

fast installation of apc php optimizer/cache on Debian / Ubuntu

If you want a fast installation of the php apc bytecache/optimizer for PHP5/Apache2, try the following snippet when already running a standard PHP5/Apache2 environment:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# install dependencies for compilation
$ sudo aptitude install apache2-dev php5-dev build-essential
# get current version of apc - check if there is a newer one!
$ wget http://pecl.php.net/get/APC-3.0.16.tgz
$ tar xzf  APC-3.0.16.tgz
$ cd  APC-3.0.16
$ phpize
$ ./configure --enable-apc --enable-apc-mmap \
  --with-apxs=/usr/bin/apxs2 \
  --with-php-config=/usr/bin/php-config
$ make
$ sudo make install
# in /etc/php5/apache2/php.ini add: extension=apc.so
$ sudo apache2ctl restart

No a phpinfo(); should show you a new apc section.

Joining an Active Directory domain with Ubuntu

What a pain. Imagine you are in Windows network environment and have a small amount of Ubuntu desktops. You task is to let them join the Active Directory so users can login with their known credentials. There is a package in universe called „authtool“ even providing and promising to do what you need. Sadfully it is quite broken in it’s current status and if you ask me one should even consider removing it until it does at least not break you boot (don’t ask for details) and has a good set of working dependencies. There are other methods as ldap-binding but in my eyes there are either not stable or just too complicated to configure (and therefore hardly qualified for convincing people).

But a solution approaches if you read the following Ubuntu blueprint „Single User Interface to Join and Participate in Microsoft Active Directory Domains„. Currently you might not find much more information about it. So I dropped a line to the blueprint creator Gerald ‚Jerry‘ Carter who was so kind of updating me with the current status of the project (and happens to be directly involved in Likewise):

It is planned to package the open source version of Likewise called „Likewise Open“ for Ubuntu Hardy. Likewise Open enables you to join an Active Directory with actually some simple clicks or one console command. There is already an updated source tarball which can be installed quite easily:

1
2
3
4
5
$ wget \http://archives.likewisesoftware.com/\
likewise-open/src/likewise-open-4.0.4.tar.gz
$ tar zxf likewise-open-4.0.4.tar.gz
$ cd likewise-open-4.0.4-release
$ make dpkg

If you have all necessary dependencies resolved the make process should provide you with .deb files which you should install. As Jerry states there is currently one blocker which can be worked by not using the gui but calling a line like this

1
$ sudo domainjoin-cli join AD_REALM ADMIN_ACCOUNT

Afterwards you should be able to login like this „realm\username“. I tried the process on Gutsy and it worked quite well. I had to reboot once as my gdm hang – maybe it’s better to call the command directly from a „real“ console. So what is missing? Check the comparison of Likewise Open and Likewise Enterprise, the commercial version of Likewise. The thing you might miss at first is:

Do more during logon: Create a home directory, copy template files, set permissions, run scripts, deliver messages, and more.

This means that Likewise Open enables you to login as AD user, creates his home under /local/AD_REALM/USER but you have be smart and hack around a bit to get things working like managing sudo, running scripts and so on. But nonetheless Likewise Open seems to be a promising approach for solving the problem of Ubuntu-Windows-network integration and I am sure to see some nice addons from the community in the future.

Please note: Installing software that changes login procedures is a deep intervention into Linux core procedures. So please: Do this with a test environment before considering it for production purposes.

new kernel release detection snippet

Just a small and old snippet that might be helpful or an example: Some years ago I’s in need of getting to know early about new released Linux kernel versions. Therefore I wrote a (not sophisticated but working) crontabbed script checking the kernel page for a new stable Linux kernel and alerting me via mail if a new version is found with link to the changelog:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/bash
CURRENTVERSION=`w3m -dump \
 http://www.kernel.org/kdist/finger_banner \
 | head -n 1 | awk '{print $10}'`
SAVEDVERSION=`cat ~/bin/kernelversion.log \
 | tail -n 1 | awk '{print $2}'`
SAVEDDATE=`cat ~/bin/kernelversion.log \
 | tail -n 1 | awk '{print $1}'`
MAILADDRESS=mail@address.tld
 
if [[ "$CURRENTVERSION" != "$SAVEDVERSION" ]]
  then
  CURRENTDATE=`date +'%Y-%m-%d'`
  echo "$CURRENTDATE $CURRENTVERSION" \
  >> ~/bin/kernelversion.log
  echo -e "Detected new kernel version \
   ${CURRENTVERSION} on ${CURRENTDATE} \
   (replacing version ${SAVEDVERSION} from\
   ${SAVEDDATE}). Please check \
   http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-\
   ${CURRENTVERSION} forr details." \
 | mail -s "new kernel ${CURRENTVERSION}" \
 ${MAILADDRESS}
fi

The only real bug in this script is that it does not detect network issues and therefore alerts you when it is not able to get a http response. But this could be fixed with one or two lines of code. And yes most lines could be more elegant :) Probably today there are better channels like rss or even an old mailing list with announcements that I never looked for, but this snippet does it’s job very well.

update:

Fixed the broken wrapping of the script. Sorry about this. (Thank you Jeremy.)

Jonne stated that of course using a feed like http://kernel.org/kdist/rss.xml is the better choice today. He is surely right about this  though sometimes receiving a mail is a need.

Call for Papers: Ubuntu Hardy Heron Release Party (Berlin)

As already mentioned the „Ubuntu Berlin“ user group already planned it’s Ubuntu Hardy Heron release party for 26th of April. This time we want to go one step further and extend our lecture track. Therefore we started a call for papers. The call itself is in German due to our local focus. If you live around Berlin and are willing and able to speak about a Ubuntu- oder Linux-related topic – let us know! The most recent version of the call and a pdf version are to be found on: http://www.ubuntu-berlin.de/hardy-cfp/

For the lazy ones around, take the following:

Call for Papers

Ubuntu Hardy Heron Releaseparty (Berlin)

Die Anwendergruppe „Ubuntu Berlin“ sucht Referenten für die am 26.4.2008 in den Räumen des c-base e.V. stattfindende Ubuntu Hardy Heron Releaseparty.

Die Teilnehmer der Party setzen sich aus Ubuntu-Neulingen, Anwendern und fortgeschrittenen Entwicklern zusammen. Es ist mit einer Teilnehmerzahl ab 100 Personen zu rechnen. Thematisch sind Vorträge zu Ubuntu-bezogenen Themen (Neuerungen in Hardy Heron, Ubuntu, Kubuntu, Xubuntu, Edubuntu, Gobuntu, usw.), Installation, speziellen Anwendungsfällen und Applikationen, aber auch Community- und Linux-nahen Aktivitäten willkommen. Die Vortragszeit beträgt 20 Minuten, um ein Vortragsinterval von 30 Minuten einzuhalten. Beamer, Internetzugang, Rechner, Mikrofon können gestellt werden. Bei rechtzeitiger Anfrage ist eventuell die Bereitstellung eines Workshop-Raums für kleinere Sitzungen möglich (ca. 8 Plätze).

Vorschläge sind einzureichen bis zum 29.2.2008. Über eine Annahme der Vorträge wird bis 16.3.2008 entschieden.

Beim Einreichen sind folgende Vorgaben zu beachten:

  • Nennung von Vortragstitel, Name des Vortragenden, Qualifikation (z.B. Anwender, Vereinsmitglied, Entwickler)
  • Beschreibung des Vortragsthemas in einem Absatz
  • Kontakt-Möglichkeit des Vortrages (E-Mail, nach Möglichkeit Telefon)
  • Nennung notwendiger Ressourcen (Beamer, Netzwerk, Rechner)
  • Besteht die Möglichkeit, den Vortrag ca. eine Woche vorher voraufzuführen

Ubuntu Berlin kann keine Kostenerstattung für Anreise, Unterkunft und Verpflegung übernehmen. Ein eventuell notwendiger Transport von Hardware kann im Raum Berlin organisiert werden.

Vortrags-Konzepte und Fragen sind per E-Mail zu richten an
[email protected]

Richard Stallman on 18.2. in Berlin

Just wanted to let you that Richard Stallman helds a lecture in Berlin/Germany on 18th of February.

Here is the German announcement:

Richard Stallman, der Begründer und Vordenker der Freien Software Bewegung hält einen Vortrag über die Philosophie und Geschichte der Freien Software.

Der in New York lebende Richard Stallman ist der Begründer der Freien Software-Bewegung und Verfasser wegweisender Texte dieser Bewegung. Der Begriff der “Freien Software” stammt von ihm und steht für die Idee, dass Software von ihren Benutzern zu jedem Zweck ausgeführt, verändert und weiterentwickelt werden kann und darf. Dieses Recht – das die meisten Software-Firmen ihren Nutzern verweigern – begründet Stallman mit der Forderung, dass Wissen jedem Menschen frei zugänglich sein sollte. Stallman vergleicht das von ihm geforderte Recht auf Freie Software (free software) mit dem Recht der “Freien Rede” (free speach), die im Gegensatz zum “Freibier” (free beer), zu den Grundrechten einer freien Gesellschaft gehört.

Richard Stallman hat mit dem Betriebssystem GNU/Linux auch die Entwicklung des heute am weitesten verbreiten Betriebssystem vorangetrieben, das unter einer freien Lizenz steht. Mit der der GNU General Public Licence hat er darüber hinaus die rechtliche Grundlage für die Nutzung und Verbreitung Freier Software geschaffen. Um die Idee der Freien Software zu kommunizieren und zu verbreiten gründete Richard Stallman 1985 die Free Software Foundation (FSF), die mittlerweile auch Schwesterorganisationen in Europa (FSFE), Indien (FSFI) und Lateinamerika (FSFLA) hat.

Die Veranstaltung beginnt um 19:00 Uhr und findet im Atrium des media centre, Johannisstraße 20, 10117 Berlin statt.

Der Eintritt kostet 5 Euro.

More information can be found on the newthinking website and on the netzpolitik.org blog. See you there?

Bashup – a first example for a simple tree backup over ssh

Some days (weeks?) ago I told you about the release of „Bashup“ a bourne shell compatible backup script on sourceforge. As the script is still in heave Alpha I’d like to give you a first insight into it’s development.

Bashup is written in heavy Bash syntax and has few dependencies to external programs. You should image it as a scripting library for backups as it allows to call different backup methods and is more a framework than a fully integrated solution. The power of this is the ability to be free in the creation of a backup process while still using easy methods.

The following is a fairly easy setup of bashup for backing up some directories over ssh. You see that we only source the bashup library here, setup some variables and call the bashup method then which executes the backup.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/bin/bash
# source bashup lob
. bashup_lib.sh
 
# set setup source - we want to backup a tree
SOURCE=tree
# set source dirs
TREE_DIRECTORIES="$HOME/PDF $HOME/ogg"
# setup filter for compression
FILTER=bzip2
 
# set destination - we want to ssh
DESTINATION=ssh_file
# set ssh host, you could be clever
# and setup access in .ssh/config
SSH_HOST=host.name.tld
# set remote file name
FILE=file.name.bz2
 
# we want two types of logging
USE_REPORTERS="console log"
 
# set the log file names
COMBINED_LOG=combined.log
ERROR_LOG=error.log
 
# call bashup
bashup

I admit this example won’t win a Noble award but if you are busy with setting up backups on very different servers you might like the idea of a scripting environment which only needs bash. Imagine your power when digging deeper into the bashup lib and calling the special methods directly while piping output and more. This is possible of course.

In the next weeks I’ll show you how to use backup rotation (yes, also over ssh, ftp and other methods), mysql/postresql/oracle/subversion backup, nagios feedback integration and more.

If you like to test and tell me what you think or even want to provide patches, feel free to checkout bashup:

svn co https://bashup.svn.sourceforge.net/svnroot/bashup bashup

Ubuntu merchandising articles for people around Berlin

In cooperation with ubuntu Deutschland, the Ubuntu Berlin team organizes a Ubuntu merchandising order. As the official „ubuntu Deutschland e.V.“ (the German LoCo) has a couple of merchandising stuff like posters, lanyards and stickers but does not deliver them to individuals we arranged a collected order. If you live around Berlin(Germany) and want some Ubuntu stuff check the wiki page and feel free to add your wishes. Please drop me a mail to „damokles at ubuntu dot com“ with your contact information so we can meet afterwards – maybe at one of our community meetings.

Please note: The prices mentioned on the web page are bounties that’ll be forwarded completely to „ubuntu Deutschland e.V.“.

If you want an Ubuntu mug, check Mugs from Germany for your LoCo team!

more battery, please

After I found out that the enhanced Gnome power manager applet has some trouble dealing with two batteries (it currently assumes you have only one and therefore it’s ability to guess the correct lifetime based on recent discharging times shows you definitely wrong spans when swapping the battery). But to be honest, this bug isn’t that grave to drop more words about this – I am quite sure it will be fixed soon.

More interesting instead is the possibility to save power. At least with gutsy you have the possibility to install Intel’s „powertop“ utility – a command line tool for measuring power consumption and detecting possible power leaks. I heard a lot of bad words about powertop, I for myself am quite satisfied about it and it’s documentation and hints on the website.

After dealing with it for some time, I wrote the following quite stupid but effective script, that extends my battery life time for some percent:

#!/bin/dash
# stop not essentially needed daemons
/etc/init.d/cupsys stop
/etc/init.d/tor stop
/etc/init.d/privoxy stop
/etc/init.d/bluetooth stop
/etc/init.d/racoon stop
/etc/init.d/postfix stop
/etc/init.d/cron stop
/etc/init.d/sysklogd stop
/etc/init.d/klogd stop
# decrease wlan power consumption (if wlan is not needed: switch it off!)
iwpriv eth1 set_power 5
# increase writeback time
echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
# enable ac97 sound power save mode
echo 1 > /sys/module/snd_ac97_codec/parameters/power_save
# enable usb power save (actually not needed as it gets killed afterwards)
echo 1 > /sys/module/usbcore/parameters/autosuspend
# switch off usb
modprobe -r ehci_hcd
modprobe -r uhci_hcd
# switch off bluetooth
modprobe -r rfcomm
modprobe -r l2cap
modprobe -r bluetooth
# put harddisk to power save mode (spin down)
hdparm -B 1 -S 12 /dev/sda
# activate quiet hard disk mode - probably not needed when using the power save mode
hdparm -M 128 /dev/sda
# remount active partitions with noatime
mount -o remount,noatime /
mount -o remount,noatime /mnt/cryptdevice
# active laptop mode
echo 5 > /proc/sys/vm/laptop_mode

So you might guess I am not the hardware guru and you are right about it. But maybe this snippet is a good starting point for you to save some power. And yes, you can also save power on your desktop pc. It will not extend a battery lifetime but maybe the one of your purse.

Feel free to drop some of your hints or rants in the comment field.