Playing with IPFS to act as a RPM repo

This is a short howto get IPFS running on a vm to play around and discover. You should not do this on a machine with sensitive information on it nor on a production server…

This is a pretty straight forward howto, if you want to know how IPFS work it’s not the right place, I might make another post on this later.

Download and Install IPFS binary.

[arsenick@rpm-distro-build ipfs]$ wget https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz
--2018-03-13 14:39:08-- https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz
Resolving dist.ipfs.io (dist.ipfs.io)... 147.135.130.181, 217.182.195.23, 2001:41d0:303:27b5::, ...
Connecting to dist.ipfs.io (dist.ipfs.io)|147.135.130.181|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12635297 (12M) [application/x-gzip]
Saving to: ‘go-ipfs_v0.4.13_linux-amd64.tar.gz’

go-ipfs_v0.4.13_linux-amd64.tar. 100%[=========================================================>] 12.05M 2.84MB/s in 4.6s

2018-03-13 14:39:13 (2.63 MB/s) - ‘go-ipfs_v0.4.13_linux-amd64.tar.gz’ saved [12635297/12635297]

[arsenick@rpm-distro-build ipfs]$ tar -xzvf go-ipfs_v0.4.13_linux-amd64.tar.gz 
go-ipfs/build-log
go-ipfs/install.sh
go-ipfs/ipfs
go-ipfs/LICENSE
go-ipfs/README.md
[arsenick@rpm-distro-build ipfs]$ cd go-ipfs/
[arsenick@rpm-distro-build go-ipfs]$ ls
build-log install.sh ipfs LICENSE README.md
[arsenick@rpm-distro-build go-ipfs]$ sudo ./install.sh 
Moved ipfs to /usr/local/bin
[arsenick@rpm-distro-build ipfs]$

 

Initialize and configure CORS

I used * and 0.0.0.0 to permit all host, remember this is a lab setup just to play around, don’t do this if you want to keep the daemon running 24/7 on a machine with important documents.

$ ipfs init
$ ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
$ ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
$ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
$ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "GET", "POST"]'

If you want to check the current config run ipfs config Addresses:

[arsenick@rpm-distro-build mylivecrypto]$ ipfs config Addresses

{
 "API": "/ip4/0.0.0.0/tcp/5001",
 "Announce": [],
 "Gateway": "/ip4/0.0.0.0/tcp/8080",
 "NoAnnounce": [],
 "Swarm": [
 "/ip4/0.0.0.0/tcp/4001",
 "/ip6/::/tcp/4001"
 ]
}

Starting the daemon

$ ipfs daemon

If you have problem launch the daemon with –debug

$ ipfs daemon --debug

 

Verify that we are connected to other peers in the swarm:

$ ipfs swarm peers

First publish

Let’s create a directory in which we’ll put a picture, wathever the picture you have, really… If you don’t have any you can get the classic IPFS hosted cat here.

$ mkdir test-ipfs
$ cp Images/cat.jpg test-ipfs/

Let’s add the entire folder:

$ ipfs add -r test-ipfs

IPFS will generate a hash for each and every files that is in this directory. The -r mean recursive.

You can now test using a public gateway like ipfs.io just add the site hash you got after adding the directory.

https://ipfs.io/ipfs/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Let’s try to use it as a RPM repo

First we’ll copy some rpm inside a directory. I want to share those files with apache too so I’ll put them in /var/www/html

$ cd /var/www/html
$ sudo mkdir mylivecrypto
$ sudo cp /home/arsenick/rpmbuild/RPMS/noarch/*.rpm /var/www/html/mylivecrypto/
$ sudo createrepo -v /var/www/html/mylivecrypto/

Then we’ll add the directory we’ve just created with it’s content to the swarm:

$ ipfs add -r mylivecrypto/
added QmSsDvYbXzqo9X3F5Vz1kunSsznPJJWmzbd16PNVSumPH1 mylivecrypto/etherwallet-3.20.03-1.fc27.noarch.rpm
added QmaizchR1MFu5cvtYD52KBrghJzuZGV3ZHUzCZmgu7EyWL mylivecrypto/mycrypto-3.12.0-1.fc27.noarch.rpm
added QmU7y5uycimDRK92Bu2hrBkYz858S9VP4k1sZZ5jJtb3ey mylivecrypto/repodata/1b18985381e6e801dd30895d83ff1a60b4e251238bf54b7d964607fae6fee6ff-other.sqlite.bz2
added QmTZnzS5yHBo39ESDvsg73KhmmsuhX4b4wH8QTGfDqbXBu mylivecrypto/repodata/26902cfa30e1b791faadbd1bb745e7803c07a6733450d88625788d53de9baee9-primary.sqlite.bz2
added QmZTV2j774nuvb8NaW31FvHVGdehtsURpxxmFA1Dc8Wn9h mylivecrypto/repodata/4d5e514c7bbf4ea0593a7b0e33ffef97ff6739b0803ad84b699c72f87ae9ce5e-primary.xml.gz
added QmfRcKNTi65hRRseE2NM81iSefjffQfUG6S9nfd6HcUrGC mylivecrypto/repodata/4f0c27f652c56e97ce1ac06941d80c083f1a52cd85b5f24d335ecc167b362a2e-filelists.sqlite.bz2
added QmNjS1MoQCphNC9E8mmJUR2aXAzMN1QNAs1qaJrimVivoT mylivecrypto/repodata/5a1a69e89862cb338a014a1fc513626f4104b23fa0c41c1a961d8ced92be6dcc-other.xml.gz
added QmeGAVXs3wGq2LSPcQy1bji7id9BeVBULLt8m95gjJCAdu mylivecrypto/repodata/ce3dea1b7bd0f02f95a5858873b6370c1aa592a0e5508ce8297f94c8e125231a-filelists.xml.gz
added QmegVtiYKzCRHin3FhEqzFDLytXTT83cya1ZEAAfPFjNWg mylivecrypto/repodata/repomd.xml
added QmX8od9tRccsbVPwchjjsB24Q38piNbkDXonQwRqfHLen9 mylivecrypto/repodata
added QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo mylivecrypto

That’s it our directory and it’s content has been added to the swarm! In the example above QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo is the folder hash.

If you want to add this repo to your host you should then add the repo url: https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo

[arsenick@rpm-distro-build ~]$ sudo yum-config-manager --add-repo https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo
[sudo] password for arsenick:

Yum-utils package has been deprecated, use dnf instead.
See 'man yum2dnf' for more information.

adding repo from: https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo

[ipfs.io_ipfs_QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo]
name=added from: https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo
baseurl=https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo
enabled=1

[arsenick@rpm-distro-build ~]$ yum search myether
added from: https://ipfs.io/ipfs/QmXXoZCjQHxZxRAxbRTQtGQ4jwQjHJ8YjxvGWLWCpgfKEo 3.5 kB/s | 2.4 kB 00:00 
Last metadata expiration check: 0:00:00 ago on Thu 15 Mar 2018 11:35:07 AM EDT.
================================================== Description Matched: myether ===================================================
etherwallet.noarch : Packaged version of MEW. Package maintained by Rene Jr Purcell

It’s working! The big problem with that is, I can’t update the files once it’s added… I’ll make another post soon about IPNS which should enable us to use the same hash to access the folder, when you need to update the files, you just point the IPNS to the new IPFS hash.

Accessing the WebUI

If you want to access the WebUI from the localhost then you can just go to: http://127.0.0.1:5001/webui

If you are trying to access the WebUI from a remote machine it’s not gonna work, even if you changed the ip address on which the API listen… It seems like for now even if you configure CORS correctly, the localhost is still hardcoded in the webui as a “Security measure”. You should be able to call the API remotely with the correct CORS config we did (more info here: https://github.com/INFURA/tutorials/wiki/IPFS-and-CORS ). So if you really want this to work remotely with the WebUI you’ll have to use ssh to forward port.

$ ssh -L 5001:localhost:5001 arsenick@192.168.X.X

$ ssh -L 8080:localhost:8080 arsenick@192.168.X.X

 

And then use http://127.0.0.1:5001/webui SSH will forward 5001 and 8080 to the machine running IPFS daemon.

Create service for easy and automatic startup (mandatory)

$ vim /lib/systemd/system/ipfs.service

[Unit]
Description=ipfs daemon

[Service]
ExecStart=/usr/local/bin/ipfs daemon
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target

Let’s reload systemd and enable IPFS service.

$ systemctl daemon-reload
$ systemctl enable ipfs.service

That’s it, you can now play around with IPFS. I’m curently testing how this could work for a RPM repository!

 

Ressources:

https://ipfs.io/docs/install/

https://ipfs.io/docs/getting-started/

https://discuss.ipfs.io/t/how-can-i-enable-remote-connection-to-webui/698/3

https://github.com/INFURA/tutorials/wiki/IPFS-and-CORS

Related to remote access of webui:

https://github.com/ipfs/webui/issues/591

https://github.com/ipfs/webui/issues/594

https://github.com/ipfs/go-ipfs/issues/1807

View at Medium.com

Use multiple monitor and full screen with Citrix receiver on Linux

Hi, here’s a quick post with the instruction I used to fix this. My employer give access to different ressources via Citrix. One of them was starting full screen and using my 3 monitor. The other one was starting in a windows 1024×768 ..

 

I assume you already have installed citrix reciever ( located in /opt/Citrix/ICAClient/ ) and everything is already working.. So here’s how I fixed the multiple monitor thing.

Create a new script:

$ sudo vim /opt/Citrix/ICAClient/xdg-open-wfica.sh

Put this content in it:

#!/bin/sh
FILEA=$1 ; sed -i 's/DesiredVRES.*/DesiredVRES=4294967295/' $FILEA ; sed -i 's/DesiredHRES.*/DesiredHRES=4294967295/' $FILEA ; export WFICA_OPTS="-span a" ; /opt/Citrix/ICAClient/wfica -span h -icaroot /opt/Citrix/ICAClient $FILEA

Change the permissions

$ sudo chmod +x /opt/Citrix/ICAClient/xdg-open-wfica.sh

Allright, now you can try if this work!

$ /opt/Citrix/ICAClient/xdg-open-wfica.sh /path/to/your/launch.ica

The session should start on all your monitor. There’s nothing really complex here, we are just replacing the DesiredVRES and DesiredHRES the Citrix server preset in the .ica file…

Now if you want to launch all the ica file using this script you can just modify the .desktop entry and point the Exec= to the script we just created and add %f at the end which is the variable referencing the filename.

$ cat /usr/share/applications/wfica.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Name=Citrix Receiver Engine
StartupWMClass=Wfica
NoDisplay=true
MimeType=application/x-ica;
Categories=Application;Network;X-Red-Hat-Base;X-SuSE-Core-Internet;
Icon=/opt/Citrix/ICAClient/icons/manager.png
TryExec=/opt/Citrix/ICAClient/wfica
Exec=/opt/Citrix/ICAClient/xdg-open-wfica.sh %f

I’m not sure if this is necessary, but if it doesn,t work yet, try it:

sudo update-desktop-database && sudo update-mime-database /usr/share/mime

So after that you should be able to doublecheck an .ica file in your nautilus or maybe open it right in firefox. I wanted to use xdg-open in forefox to open the file directly but I’m using the snap version of firefox and there seems to have a problem opening files..

This is far from perfect, I don’t have a lot of time and I wanted to work quick so it might be a bit dirty, but it’s a good start.

Hope this will help!

 

Building a fedora spin

 

Install and Configure mock

# dnf install mock
# usermod -a -G mock <user>

Here’s how you setup a Fedora 27 x86_64 environment.

$ mock -r fedora-27-x86_64 --init
$ mock -r fedora-27-x86_64 --install lorax-lmc-novirt git vim-minimal pykickstart

For a different arch or release modify the mock configuration file.

Enable network access in mock. Modify config_opts[‘rpmbuild_networking’] to True.

$ sudo vi /etc/mock/site-defaults.cfg

Kickstart files

Inside the mock chroot or container, clone the kickstarts git repository. If your system is using SELinux it needs to be set to Permissive mode while running lorax. The –old-chroot might not be needed for you. I had to use it because I had problem with loop device inside mock.

$ sudo setenforce 0
$ mock -r fedora-27-x86_64 --shell --old-chroot
<mock-chroot> sh-4.4# git clone https://pagure.io/fedora-kickstarts.git

Modify the fedora-repo.ks. You’ll have to comment the rawhide repo and uncomment this line:

 %include fedora-repo-not-rawhide.ks

ksflatten

change directory into fedora-kickstarts and flatten a kickstart

<mock-chroot> sh-4.4# cd fedora-kickstarts
<mock-chroot> sh-4.4# ksflatten --config fedora-live-workstation.ks -oFedora-MyLiveCrypto.ks --version F27

You should see a warning about redundant “part /”, go edit the flat-fedora-live-workstation.ks and remove one of them. If you want to remove packages or group of packages, add stuff etc.. That’s where you’ll do it. For the first time I suggest you just go with the original kickstart file just to verify everything is working.

livemedia-creator

<mock-chroot> sh-4.4# livemedia-creator --ks Fedora-MyLiveCrypto.ks --no-virt --resultdir /var/lmc --project Fedora-work-mylivecrypto --make-iso --volid Fedora-mylivecrypto-27 --iso-only --iso-name Fedora-mylivecrypto-27-x86_64-1.iso --releasever 27 --title Fedora-MyLiveCrypto-live --macboot

<mock-chroot> sh-4.4# livemedia-creator --ks Fedora-MyLiveCrypto.ks --no-virt --resultdir /var/lmc --project Fedora-work-mylivecrypto --make-iso --volid Fedora-mylivecrypto-27 --iso-only --iso-name Fedora-mylivecrypto-27-x86_64-1.iso --releasever 27 --title Fedora-MyLiveCrypto-live --macboot
2018-03-05 21:02:02,319: livemedia-creator v27.11-1
2018-03-05 21:02:02,554: disk_img = /var/lmc/lmc-disk-_zch_o2a.img
2018-03-05 21:02:02,555: Using disk size of 6658MiB
X2018-03-05 21:02:06,314: Running anaconda.
2018-03-05 21:02:07,567: 
2018-03-05 21:02:07,568: ** (process:1703): WARNING **: Kernel module 'btrfs' not available
2018-03-05 21:02:07,570: 
2018-03-05 21:02:07,571: ** (process:1703): WARNING **: Cannot load the BTRFS plugin
2018-03-05 21:02:10,302: Starting installer, one moment...
2018-03-05 21:02:10,304: terminal size detection failed, using default width
2018-03-05 21:02:10,304: anaconda 27.20.4-1 for Fedora-work-mylivecrypto 27 (pre-release) started.
2018-03-05 21:02:10,324: Traceback (most recent call last):
2018-03-05 21:02:10,325: File "/usr/sbin/anaconda", line 603, in <module>
2018-03-05 21:02:10,325: display.setup_display(anaconda, opts, addon_paths=addon_paths)
2018-03-05 21:02:10,326: File "/usr/lib64/python3.6/site-packages/pyanaconda/display.py", line 258, in setup_display
2018-03-05 21:02:10,327: vnc_can_be_started, vnc_error_messages = check_vnc_can_be_started(anaconda)
2018-03-05 21:02:10,328: File "/usr/lib64/python3.6/site-packages/pyanaconda/display.py", line 120, in check_vnc_can_be_started
2018-03-05 21:02:10,328: if not nm_is_connecting() and not nm_is_connected():
2018-03-05 21:02:10,329: File "/usr/lib64/python3.6/site-packages/pyanaconda/nm.py", line 173, in nm_is_connecting
2018-03-05 21:02:10,330: return nm_state() == NM.State.CONNECTING
2018-03-05 21:02:10,330: File "/usr/lib64/python3.6/site-packages/pyanaconda/nm.py", line 149, in nm_state
2018-03-05 21:02:10,331: return NM.State.CONNECTED_GLOBAL
2018-03-05 21:02:10,331: AttributeError: type object 'State' has no attribute 'CONNECTED_GLOBAL'
2018-03-05 21:02:10,468: Running anaconda failed: process '['anaconda', '--kickstart', '/fedora-kickstarts/Fedora-MyLiveCrypto.ks', '--cmdline', '--dirinstall', '--remotelog', '127.0.0.1:54649']' exited with status 1
2018-03-05 21:03:08,338: Install failed: novirt_install failed
2018-03-05 21:03:08,346: Removing bad disk image
2018-03-05 21:03:08,360: ERROR: Image creation failed: novirt_install failed
<mock-chroot> sh-4.4# livemedia-creator --ks Fedora-MyLiveCrypto.ks --no-virt --resultdir /var/lmc --project Fedora-work-mylivecrypto --make-iso --volid Fedora-mylivecrypto-27 --iso-only --iso-name Fedora-mylivecrypto-27-x86_64-1.iso --releasever 27 --title Fedora-MyLiveCrypto-live --macboot
2018-03-05 22:16:30,299: livemedia-creator v27.11-1
2018-03-05 22:16:30,300: The results_dir (/var/lmc) should not exist, please delete or move its contents
<mock-chroot> sh-4.4# rm -rf /var/lmc/
<mock-chroot> sh-4.4# livemedia-creator --ks Fedora-MyLiveCrypto.ks --no-virt --resultdir /var/lmc --project Fedora-work-mylivecrypto --make-iso --volid Fedora-mylivecrypto-27 --iso-only --iso-name Fedora-mylivecrypto-27-x86_64-1.iso --releasever 27 --title Fedora-MyLiveCrypto-live --macboot
2018-03-05 22:16:34,188: livemedia-creator v27.11-1
2018-03-05 22:16:34,250: disk_img = /var/lmc/lmc-disk-d6h69eot.img
2018-03-05 22:16:34,251: Using disk size of 6658MiB
2018-03-05 22:16:37,432: Running anaconda.
2018-03-05 22:16:37,754: 
2018-03-05 22:16:37,754: ** (process:1825): WARNING **: Kernel module 'btrfs' not available
2018-03-05 22:16:37,755: 
2018-03-05 22:16:37,755: ** (process:1825): WARNING **: Cannot load the BTRFS plugin
2018-03-05 22:16:38,869: Starting installer, one moment...
2018-03-05 22:16:38,870: terminal size detection failed, using default width
2018-03-05 22:16:38,870: anaconda 27.20.4-1 for Fedora-work-mylivecrypto 27 (pre-release) started.
2018-03-05 22:16:38,870: 22:16:38 Not asking for VNC because of an automated install
2018-03-05 22:16:38,871: 22:16:38 Not asking for VNC because of an automated install
2018-03-05 22:16:38,871: 22:16:38 Not asking for VNC because we don't have Xvnc
2018-03-05 22:16:38,874: 22:16:38 Not asking for VNC because we don't have Xvnc
2018-03-05 22:16:39,630: Processing logs from ('127.0.0.1', 39458)
2018-03-05 22:18:08,849: Starting automated install.......................................................................................
2018-03-05 22:18:08,850: ================================================================================
2018-03-05 22:18:08,851: ================================================================================
2018-03-05 22:18:08,851: Installation
2018-03-05 22:18:08,852: 
2018-03-05 22:18:08,853: 1) [x] Language settings 2) [x] Time settings
2018-03-05 22:18:08,854: (English (United States)) (US/Eastern timezone)
2018-03-05 22:18:08,854: 3) [x] Installation source 4) [x] Software selection
2018-03-05 22:18:08,855: (https://mirrors.fedoraproject.o (Custom software selected)
2018-03-05 22:18:08,856: rg/mirrorlist?repo=fedora-$relea
2018-03-05 22:18:08,856: sever&arch=$basearch)
2018-03-05 22:18:08,857: 5) [x] Network configuration 6) [ ] User creation
2018-03-05 22:18:08,857: (No network devices available) (No user will be created)
2018-03-05 22:18:08,858: 
2018-03-05 22:18:08,858: ================================================================================
2018-03-05 22:18:08,859: ================================================================================
2018-03-05 22:18:08,860: Progress
2018-03-05 22:18:08,861: 
2018-03-05 22:18:08,864: Setting up the installation environment
2018-03-05 22:18:09,545: .
2018-03-05 22:18:09,545: Configuring storage
2018-03-05 22:18:09,547: .
2018-03-05 22:18:09,547: Running pre-installation scripts
2018-03-05 22:18:09,772: .
2018-03-05 22:18:09,773: Running pre-installation tasks
2018-03-05 22:23:03,040: .
2018-03-05 22:23:03,040: Installing.
2018-03-05 22:23:03,041: Starting package installation process
2018-03-05 22:23:03,041: Downloading packages
2018-03-05 22:23:03,042: Downloading 1686 RPMs, 0 B / 1.48 GiB (0%) done.
2018-03-05 22:23:03,042: Downloading 1686 RPMs, 5.52 MiB / 1.48 GiB (0%) done.
2018-03-05 22:23:03,043: Downloading 1686 RPMs, 11.56 MiB / 1.48 GiB (0%) done.
2018-03-05 22:23:03,043: Downloading 1686 RPMs, 17.84 MiB / 1.48 GiB (1%) done.
2018-03-05 22:23:03,044: Downloading 1686 RPMs, 23.42 MiB / 1.48 GiB (1%) done.
2018-03-05 22:23:03,044: Downloading 1686 RPMs, 29.77 MiB / 1.48 GiB (1%) done.
[...]
2018-03-05 15:51:31,853: Verifying hunspell-en-GB.noarch (1558/1559)
2018-03-05 15:51:31,853: Verifying perl-libnet.noarch (1559/1559)
2018-03-05 15:51:31,854: .
2018-03-05 15:51:31,854: Configuring storage
2018-03-05 15:51:31,855: .
2018-03-05 15:51:31,855: Performing post-installation setup tasks
2018-03-05 15:51:36,506: .
2018-03-05 15:51:36,507: 
2018-03-05 15:51:36,507: Configuring installed system
2018-03-05 15:51:38,665: .
2018-03-05 15:51:38,667: Creating users
2018-03-05 15:51:38,669: .
2018-03-05 15:51:38,670: Configuring addons
2018-03-05 15:52:04,568: .
2018-03-05 15:52:04,569: Generating initramfs
2018-03-05 15:53:15,788: .
2018-03-05 15:53:15,789: Running post-installation scripts
2018-03-05 15:53:15,792: .
2018-03-05 15:53:15,793: Storing configuration files and kickstarts
2018-03-05 15:53:15,801: .
2018-03-05 15:55:49,196: Shutting down log processing
2018-03-05 15:55:52,559: Disk Image install successful
2018-03-05 15:55:52,561: working dir is /var/tmp/lmc-work-_4z0sq47
2018-03-05 16:29:59,226: Rebuilding initrds
2018-03-05 16:29:59,227: dracut args = ['--xz', '--add', 'livenet dmsquash-live convertfs pollcdrom qemu qemu-net', '--omit', 'plymouth', '--no-hostonly', '--debug', '--no-early-microcode']
2018-03-05 16:29:59,229: rebuilding boot/initramfs-4.15.6-300.fc27.x86_64.img
2018-03-05 16:31:12,965: Building boot.iso
2018-03-05 16:31:13,084: running x86.tmpl
2018-03-05 16:31:53,990: Creating image file /var/tmp/lmc-work-_4z0sq47/images/product.img from contents of /var/tmp/lorax.imgutils.nzcr8i5_/usr/share/lorax//product/
2018-03-05 16:32:34,309: Disk image erased
2018-03-05 16:32:42,993: SUMMARY
2018-03-05 16:32:42,998: -------
2018-03-05 16:32:42,999: Logs are in /fedora-kickstarts
2018-03-05 16:32:42,999: Results are in /var/lmc
<mock-chroot> sh-4.4#

Get the iso and test it

You’ll find the iso in “/var/lib/mock/fedora-27-x86_64/root/var/lmc” just copy it somewhere else and test it using Virtualbox, kvm or qemu.

If you want to build a new iso you’ll have to delete the “/var/lmc” inside your mock, otherwise livemedia-creator won’t start.

 

Special thanks to Southern_Gentlem, dowdle and sfix for their help on Freenode #fedora and #fedora-respins

Sources:

https://fedoraproject.org/wiki/Livemedia-creator-_How_to_create_and_use_a_Live_CD

https://github.com/rhinstaller/pykickstart/blob/master/docs/kickstart-docs.rst

https://fedoraproject.org/wiki/Spins_Guidelines

New project, MyLiveCrypto

Edit of original post:

After a lot of discussion and reading on the numerous standard and rules of Fedora packaging I’ve decided to not go forward with this project. I’m really sad, I think it’s a great idea but the main problem is with all the rules and guideline I have to follow while packaging MEW/mycrypto and other wallets. I cannot include dependency in a single package, so just for mew/mycrypto I had to package all the node dependency and the list was crazy.

I could be doing it anyway and not being part of the fedora project but it would mean people using my spin would have to trust me 100% for not tampering with code or anything inside the OS. So I know I wouldn’t put that amount of trust into someone I don’t know, why would you ? Anyway you shouldn’t! So it’s on hold for now, I’ll follow the guideline updates few folks told me there could be some adjustment soon regarding the kind of dependency I had in my packages..

If anyone reading this have experience in packaging in Fedora and think they can help I would be more than happy to revive this project. Send me an email at arsenick@fedoraproject.org

---

 

It’s been a long time since my last post here. A lot of things have changed and getting older with more responsibility mean less time to play around and update my internet life!

So a little recap of the last year for my digital life, I’m now a full time Openstack administrator and a lot of my time last year has been used to learn about the Openstack platform and read about blockchains and distributed ledger technology. I really liked the connection blockchain made with the opensource and the decentralized and fair way of doing things.

With Crypto you are responsible for your own security, the blockchain is deemed secure, but you have to handle and keep your private key in a safe place. That’s the weak point for most people, this and not sending eth to scammer impersonating vitalik on twitter…

So here I am, and here’s my new project, MyLiveCrypto. The idea is pretty simple, a readonly Live Fedora spin with CryptoCurrency wallet already installed. Anybody running windows could reboot their PC/Laptop, boot into the live image and at the very least they won’t have to worry about getting their private key stoled by a virus or a malware. I understand that using this spin put the trust on the creator, I don’t have yet a good way to mitigate this but as the project advance I hope to find ways of being transparent enough so other people could look into the details and verify everything.

This is the first draft so I would like to have comments and idea, here’s a recap of the main feature I aim for the V0.1 release, this is gonna be a small start as I have to learn the spin process and create few packages, follow fedora guideline etc…

• Live image with graphical desktop
• Firefox and Brave already installed
• Basic packaging of MEW and MyCrypto. The first release will only contain Ethereum wallet.
• Basic packaging for a local version of ethaddress.org offline paper wallet generator (https://www.reddit.com/r/ethereum/comments/3jz85n/ethaddressorg_paper_wallets_for_ethereum/)
• Basic packaging of offline paperwallet generator for Bitcoin (https://github.com/pointbiz/bitaddress.org)
• Basic rebrand of the visual of background and plymouth splash screen
• Documentation with best practice, hint and rule of thumb regarding the use of the live image. I want this to open automatically when the X Session start.

Todo for V0.2

• Find a way to pre-install few browser extensions, metamask, Cryptonite, EtherAddressLookup
• Make few posts on reddit to see what people think of the ideas and create a poll to see which wallet should I add into the distro for other blockchain
• Add more Ethereum wallet.
• Add more Bitcoin wallet.
• Try to see if Parity could be installed, with geth 1.8 fast sync on a usd key to provite a metamask alternative ?

Ideas for later

• Grub menu with a selection for booting completely offline to generate transaction with “offline wallet” (at least MEW or MyCrypto).
• Offer easy usb key encryption to store private keys. Careful with the FS used, people might want to read this key on windows.
• Package and install Ledger wallet desktop app once it’s released.
• Look into different solution to verify the integrity of the live image.

That’s it for now, I’ll update this blog when I reach certain milestone, like completing a package etc.. For now I’m working to generate a basic live media image, once everything work as I’d like to and I’m comfortable with the process, I’ll put more work into the MEW and MyCrypto packaging.

Let me know if you are interested in the project!

OpenLDAP crash under barracuda query

The problem appear just after I installed a barracuda V400 and configured the LDAP verification for a valid recipients.

On the server the process just died. At the end of the log I was able to see things like this:

Jul 25 06:30:24 XXXXXXXXX slapd[8327]: daemon: read active on 94
Jul 25 06:30:24 XXXXXXXXX slapd[8327]: daemon: epoll: listen=7 busy
Jul 25 06:30:24 XXXXXXXXX  slapd[8327]: daemon: epoll: listen=8 busy
Jul 25 06:30:24 XXXXXXXXX  slapd[8327]: daemon: epoll: listen=9 busy
Jul 25 06:30:24 XXXXXXXXX  slapd[8327]: daemon: epoll: listen=10 active_threads=0 tvp=NULL
Jul 25 06:30:24 XXXXXXXXX  slapd[8327]: daemon: epoll: listen=11 active_threads=0 tvp=NULL
Jul 25 06:30:29 XXXXXXXXX  slapd[8327]: daemon: activity on 1 descriptor
Jul 25 06:30:29 XXXXXXXXX  slapd[8327]: daemon: activity on:
Jul 25 06:30:29 XXXXXXXXX  slapd[8327]:

I opened a case at barracuda support and after few check with their engineer they told me this was a known issue with the Exchange Antivirus.

So the solution they provided me was to disable the exchange antivirus, in our case this was not a problem, we just don’t have exchange.. I probably just havn’t seen this option during my initial setup..

 

So to disable this option go to ADVANCED => Exchange Antivirus:

Check the “No” radio button for “Enable Exchange Antivirus” to disable it. At this time our LDAP haven’t crashed since this change..

How to install webpasswordsafe 1.3 WAR on Centos 6

Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.

Prerequiste:

You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :

Howto install JDK 7 with JCE

Howto install Tomcat 7 on centos 6

I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..

• Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
  • Don’t forget to run mysql_secure_installation and change the root password..

 

• Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )

 

• Download the webpasswordsafe war on google code: https://code.google.com/p/webpasswordsafe/downloads/list

 

Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:

# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*

If you see a file there, skip the copy, you already have the JDBC driver installed.

# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/

Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.

# mysql -u root -p
 mysql> create database webpasswordsafe;
 mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE';
 mysql> grant all privileges on webpasswordsafe.* to wps@localhost;
 mysql> grant usage on webpasswordsafe.* to wps@localhost;
 mysql> flush privileges;
 mysql> exit

Now we will deploy the WAR for the first time, and configure some settings:

Stop tomcat if it run:

# /etc/init.d/tomcat-webpasswordsafe stop

Copy the WAR in the webapp directory of your tomcat install and we will rename it:

# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/
# mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war

Start Tomcat:

# /etc/init.d/tomcat-webpasswordsafe start

Now let’s configure few basics settings:

Set a new secret key at encryptor.jasypt.password

# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3
# vim WEB-INF/encryption.properties

Edit the config to access the database:

# vim WEB-INF/jdbc.properties
 set db user key
 jdbc.username=wps
 jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE

 uncomment mysql config:
 # MySQL/MariaDB settings
 hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe
 jdbc.validationQuery=select 1

Now restart Tomcat and we’ll see if everything work:

# /etc/init.d/tomcat-webpasswordsafe restart

Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/

If you are using the default LocalAuthenticator the user/pass are: admin/admin

That’s it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.

 

Be sure to setup a SSL connection if you want to use this in production… You don’t want to access your password manager via http… You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.

 

Note:

• Here’s the admin documentation http://webpasswordsafe.googlecode.com/svn/trunk/docs/AdministratorGuide.html
• Thanks to Jonathon who posted the steps he took to install webpassword safe on debian in the group. ( https://groups.google.com/d/msg/webpasswordsafe/IUTko0NGuv4/UANDeTbFnsEJ )

Howto install java JDK 7 on CentOS 6 with Java Cryptography Extension (JCE) enabled ready for Tomcat

This installation of java is for people who want to install java and use it with tomcat or any other app that don’t require the java bin to be in the $PATH…

 

Download the latest JDK 7 release: http://java.sun.com/javase/downloads/index.jsp

If you need to install the JCE, download it: Other Downloads -> Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. If you don’t know what JCE is, the chance are you won’t need it..

Untar the archive and move it to /opt

# tar -xzvf jdk-7u51-linux-x64.gz

# mv jdk-7u51-linux-x64 /opt/

If you downloaded the JCE, unzip it. We’ll need to overwrite the default file. We’ll backup the file before..

# mv /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar.orig

# mv /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar.orig

# unzip UnlimitedJCEPolicyJDK7.zip

# cp UnlimitedJCEPolicy/*.jar /opt/jdk1.7.0_51/jre/lib/security/

 

And voila!

 

 

Howto Install Tomcat 7 clean on Centos 6

Prerequisite: you need to have a working copy of Java installed. See my post about installing Java on CentOS 6 Here.

You’ll see that Tomcat is installed in /opt and every single application will use it’s own catalina_home, this is in place to separate different install and simplify the update process, same thing for java, if a single war don’t support a new version of tomcat, you can upgrade by application, changing only the symbolic link..

 

The user will use uid 5007, it’s a standard uid of the tomcat user where I work.

useradd -u 5007 -s /sbin/nologin -c "Tomcat" _tomcat

Download the latest tarball and extract it to /opt

tar xzvf apache-tomcat-7.0.53.tar.gz -C /opt
ln -s /opt/apache-tomcat-7.0.53 /opt/tomcat-webpasswordsafe

We will now create the catalina_home base config

cd /opt
mkdir -p webpasswordsafe/catalina_base
cd webpasswordsafe/catalina_base
mkdir bin conf logs webapps work temp
chown _tomcat logs webapps work temp

Now we’ll create setenv.sh where the java_home will be set:

vim /opt/webpasswordsafe/catalina_base/bin/setenv.sh

Point the JAVA_HOME variable to your java home, if you have followed my howto on java it should look like this…

JAVA_HOME=/opt/java-webpasswordsafe

Copy the server.xml and web.xml to our catalina_base, the default should be ok:

cp /opt/apache-tomcat-7.0.53/conf/server.xml /opt/webpasswordsafe/catalina_base/conf/

cp /opt/apache-tomcat-7.0.53/conf/web.xml /opt/webpasswordsafe/catalina_base/conf/

We will now give the files the right ownership:

chmod -R 644 /opt/webpasswordsafe/catalina_base/conf/*
chown -R _tomcat._tomcat /opt/webpasswordsafe/catalina_base/

Create the init script used to start tomcat.

You’ll have to adjust the variable CATALINA_BASE, CATALINA_HOME and SVC_SCRIPT to reflect your installation if it’s not the same as mine.

vim /etc/init.d/tomcat-webpasswordsafe

#!/bin/bash
#
# Init file for buildserver tomcat
#
# chkconfig: 35 99 10
# description: BuildServer Tomcat
#

# source function library
. /etc/rc.d/init.d/functions

RETVAL=0
prog="tomcat pour le gestionnaire de password"

SVC_SCRIPT=/opt/tomcat-webpasswordsafe/bin/catalina.sh
SVC_START_ARGS="start"
SVC_STOP_ARGS="stop"
SVC_USER="_tomcat"

ECHO=/bin/echo
SUDO=/usr/bin/sudo
RUNUSER=/sbin/runuser

# Toute la config et les apps sont deployees dans ce repertoire
export CATALINA_BASE=/opt/webpasswordsafe/catalina_base
# Le repertoire ou tomcat est vraiment installe
export CATALINA_HOME=/opt/tomcat-webpasswordsafe


start()
{
 $ECHO -n $"Starting $prog: "
 # On utilise runuser au lieu de daemon() car daemon clear l'environnement... need CATALINA_*
 $RUNUSER -s /bin/bash -m -c "$SVC_SCRIPT $SVC_START_ARGS" "$SVC_USER" && success || failure
 RETVAL=$?
}

stop()
{
 $ECHO -n $"Stopping $prog: "
 $SVC_SCRIPT $SVC_STOP_ARGS && success || failure
 RETVAL=$?
}


case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 start
 ;;
 *)
 echo $"Usage: $0 {start|stop|restart}"
 RETVAL=1
esac
exit $RETVAL

Give the right permissions to the files:

chmod +x /etc/init.d/tomcat-webpasswordsafe

Enable the service to start at boot:

chkconfig tomcat-webpasswordsafe on

Let’s try this!

Start tomcat with the init script we’ve just created:

/etc/init.d/tomcat-passwordsafe start

You can take a look at the log to see if everything is ok.

tail -f /opt/webpasswordsafe/catalina_base/logs/catalina.out

If you see something similar to INFO: Server startup in 33397 ms, your installation is fine you can go ahead and put your war file in the webapp directory in catalina_home.

 

Let me know what you think and if you have problem I’ll be glad to help you, but this is pretty straight forward!

Spacewalk 2.1 Problem pushing config files to systems. ( ‘str’ object has no attribute ‘value’ )

I have a problem publishing config file to my registered system using satellite 2.1

When I run rhn_check on the systems I always get a: D: Sending back response(49, “Failed deployment, rolled back:  ‘str’ object has no attribute ‘value'”, {})

I found a bug opened few days ago, so I’m curently working with a DEV on this, it look like a bug, if you too face this bug, please comment on the bugreport!

https://bugzilla.redhat.com/show_bug.cgi?id=1087786

Here’s the full output of rhn_check -vv:

D: opening db environment /var/lib/rpm cdb:mpool:joinenv
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening db index /var/lib/rpm/Name rdonly mode=0x0
D: added key gpg-pubkey-0608b895-4bd22942 to keyring
D: added key gpg-pubkey-863a853d-4f55f54d to keyring
D: added key gpg-pubkey-b3892132-4c63febc to keyring
D: added key gpg-pubkey-c105b9de-4e0fd3a3 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: opening db index /var/lib/rpm/Providename rdonly mode=0x0
D: check_action{'action': "<?xml version='1.0'?>\n<methodCall>\n<methodName>configfiles.deploy</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>files</name>\n<value><array><data>\n<value><struct>\n<member>\n<name>config_channel</name>\n<value><string>base-sepaq</string></value>\n</member>\n<member>\n<name>username</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>encoding</name>\n<value><string>base64</string></value>\n</member>\n<member>\n<name>checksum</name>\n<value><string>ec3c5c05a212c20ca690def7c2d3c79d</string></value>\n</member>\n<member>\n<name>filetype</name>\n<value><string>file</string></value>\n</member>\n<member>\n<name>delim_start</name>\n<value><string>{|</string></value>\n</member>\n<member>\n<name>delim_end</name>\n<value><string>|}</string></value>\n</member>\n<member>\n<name>symlink</name>\n<value><string></string></value>\n</member>\n<member>\n<name>modified</name>\n<value><string></string></value>\n</member>\n<member>\n<name>groupname</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>file_contents</name>\n<value><string>I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n</string></value>\n</member>\n<member>\n<name>filemode</name>\n<value><int>644</int></value>\n</member>\n<member>\n<name>checksum_type</name>\n<value><string>md5</string></value>\n</member>\n<member>\n<name>path</name>\n<value><string>/etc/aaa</string></value>\n</member>\n<member>\n<name>selinux_ctx</name>\n<value><string>etc_t</string></value>\n</member>\n<member>\n<name>revision</name>\n<value><int>4</int></value>\n</member>\n</struct></value>\n</data></array></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n", 'version': 2, 'id': 126}
updateLoginInfo() login info
D: login(forceUpdate=True) invoked
logging into up2date server
D: rpcServer: Calling XMLRPC up2date.login
D: writeCachedLogin() invoked
D: Wrote pickled loginInfo at 1398439576.61 with expiration of 1398443176.61 seconds.
successfully retrieved authentication token from up2date server
D: logininfo:{'X-RHN-Server-Id': 1000010006, 'X-RHN-Auth-Server-Time': '1398439576.41', 'X-RHN-Auth': 'M0X4upKQItLGbt4W6CMUjQ==', 'X-RHN-Auth-Channels': [['prod-centos6-x86_64', '20140324072756', '1', '1'], ['prod-epel_rhel6_x86_64', '20140413154109', '0', '1'], ['prod-spacewalk-client-2.1-centos6-x86_64', '20140414235043', '0', '1'], ['prod-rhel6-vm-x64-esx5-5', '20140416225329', '0', '1']], 'X-RHN-Auth-User-Id': '', 'X-RHN-Auth-Expire-Offset': '3600.0'}
D: handle_action{'action': "<?xml version='1.0'?>\n<methodCall>\n<methodName>configfiles.deploy</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>files</name>\n<value><array><data>\n<value><struct>\n<member>\n<name>config_channel</name>\n<value><string>base-sepaq</string></value>\n</member>\n<member>\n<name>username</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>encoding</name>\n<value><string>base64</string></value>\n</member>\n<member>\n<name>checksum</name>\n<value><string>ec3c5c05a212c20ca690def7c2d3c79d</string></value>\n</member>\n<member>\n<name>filetype</name>\n<value><string>file</string></value>\n</member>\n<member>\n<name>delim_start</name>\n<value><string>{|</string></value>\n</member>\n<member>\n<name>delim_end</name>\n<value><string>|}</string></value>\n</member>\n<member>\n<name>symlink</name>\n<value><string></string></value>\n</member>\n<member>\n<name>modified</name>\n<value><string></string></value>\n</member>\n<member>\n<name>groupname</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>file_contents</name>\n<value><string>I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n</string></value>\n</member>\n<member>\n<name>filemode</name>\n<value><int>644</int></value>\n</member>\n<member>\n<name>checksum_type</name>\n<value><string>md5</string></value>\n</member>\n<member>\n<name>path</name>\n<value><string>/etc/aaa</string></value>\n</member>\n<member>\n<name>selinux_ctx</name>\n<value><string>etc_t</string></value>\n</member>\n<member>\n<name>revision</name>\n<value><int>4</int></value>\n</member>\n</struct></value>\n</data></array></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n", 'version': 2, 'id': 126}
D: handle_action actionid = 126, version = 2
D: do_call configfiles.deploy({'files': [{'config_channel': 'base-seq', 'username': 'root', 'encoding': 'base64', 'checksum': 'ec3c5c05a212c20ca690def7c2d3c79d', 'filetype': 'file', 'delim_start': '{|', 'modified': '', 'symlink': '', 'groupname': 'root', 'delim_end': '|}', 'selinux_ctx': 'etc_t', 'filemode': 644, 'file_contents': 'I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n', 'checksum_type': 'md5', 'path': '/etc/aaa', 'revision': 4}]},){'cache_only': None}
'str' object has no attribute 'value'
D: Sending back response(49, "Failed deployment, rolled back: 'str' object has no attribute 'value'", {})
D: do_call packages.checkNeedUpdate('rhnsd=1',){}
D: opening db environment /var/lib/rpm cdb:mpool:joinenv
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening db index /var/lib/rpm/Name rdonly mode=0x0
D: added key gpg-pubkey-0608b895-4bd22942 to keyring
D: added key gpg-pubkey-863a853d-4f55f54d to keyring
D: added key gpg-pubkey-b3892132-4c63febc to keyring
D: added key gpg-pubkey-c105b9de-4e0fd3a3 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: opening db index /var/lib/rpm/Providename rdonly mode=0x0
D: closed db index /var/lib/rpm/Providename
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm
Loaded plugins: fastestmirror, rhnplugin
Config time: 0.033
D: rpcServer: Calling XMLRPC up2date.listChannels
This system is receiving updates from RHN Classic or Red Hat Satellite.
Setting up Package Sacks
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: centos.mirror.rafal.ca
 * updates: centos.mirror.rafal.ca
pkgsack time: 0.233
rpmdb time: 0.000
Checking for new repos for mirrors
repo time: 0.001
D: local action status: (0, 'rpm database not modified since last update (or package list recently updated)', {})
D: rpcServer: Calling XMLRPC registration.welcome_message
D: closed db index /var/lib/rpm/Providename
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm

Fedora 15 problem with Empathy and you are unable to connect to msn ?

LAST UPDATE #2: An update as been pushed in the Fedora Testing repo and correct this problem. If you want to install this update you just have to use the enablerepo feature just like that:

#yum install papyon --enablerepo=updates-testing

The repository is enabled only for this update!

UPDATE #1: This has worked for me yesterday, but it’s not working anymore.. I haven’t been able to fix the issue… Please report your test and problems in the bug report at: https://bugzilla.redhat.com/show_bug.cgi?id=750884

Papyon : Can't login in Windows live : accountab.py:202:_HandleABFindAllResponse:AttributeError: 'NoneType' object has no attribute 'find'

If you get this erorr reported by ABRT on Fedora 15 and you are unable to connect to msn with empathy, here’s a workaround.

Here’s the bug report if you want to share your problem regarding this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=750884

The workaround consist of a upstram patch that has been released. It will probably work it’s way to fedora soon but for now you need to do some work by hand.

Here you can get the code to update: http://cgit.collabora.com/git/user/maiku/papyon.git/commit/?h=bug-42689&id=011201e47004538e732f247bfeb21634c6e1d97f

As you can see you have to edit three files. The path I will give you is the exact path under Fedora 15 but can change with other distrib. The line with “-” need to be commented with a “#” at the beginning of the line, and the line with a + need to be added..

1 – /usr/lib/python2.7/site-packages/papyon/service/description/SingleSignOn/RequestMultipleSecurityTokens.py

- CONTACTS = ("contacts.msn.com", "MBI")
+ CONTACTS = ("local-bay.contacts.msn.com", "MBI")

2 – /usr/lib/python2.7/site-packages/papyon/service/description/AB/__init__.py

-url = "http://contacts.msn.com/abservice/abservice.asmx"
+url = "http://local-bay.contacts.msn.com/abservice/abservice.asmx"

3 – /usr/lib/python2.7/site-packages/papyon/service/description/Sharing/__init__.py

-url = "http://contacts.msn.com/abservice/SharingService.asmx"
+url = "http://local-bay.contacts.msn.com/abservice/SharingService.asmx"

That’s it!

MythTV and MythWEB on Fedora 14

I finally get everything working correctly… I don’t have a lot of time for this post, but I want to share how I corrected few problems I had.

1 – Sound problem. This one is cause by MythTV having problem dealing with PulseAudio. The solution was simple, and it was to set the MythTV FrontEnd audio device to ALSA:pulse … There’s no auto discovery for this.

The second problem was with MythWeb. I was unable to load the web interface.

Here’s the errors I got:

Apache logs:
PHP Fatal error:  Failed to open translation file:  modules_path/_shared/lang/English.lang in /usr/share/mythweb/classes/Translate.php on line 172

MythTV Backend:
MainServer, Warning: Unknown socket closing MythSocket

So I don’t think this is the best fix ever. But if you’re like me and totally pissed off do this:

# vim /usr/share/mythweb/classes/Translate.php

Modify this section (original) :

    // Load the primary language file, or English if the other doesn't exist.
        if (file_exists(modules_path.'/_shared/lang/'.$language.'.lang'))
            $path = modules_path.'/_shared/lang/'.$language.'.lang';
        else
            $path = modules_path.'/_shared/lang/English.lang';

After modification it should look like this:

       //if (file_exists(modules_path.'/_shared/lang/'.$language.'.lang'))
        if (file_exists('/usr/share/mythweb/modules/_shared/lang/English.lang'))
            $path = '/usr/share/mythweb/modules/_shared/lang/English.lang';
        else
            $path = '/usr/share/mythweb/modules/_shared/lang/English.lang';

And voila… everything is working now. Feel free to ask question I know there’s not a lot of detail in this post but I’ve run into a lot of problem with this setup, so I can probably help!

++

S2LQ Fedora presence report

The S2LQ is now over. We had two great days and a lot of people had come! There was more than 600 persons who sign up for the free event which make this event one of the top 3 biggest event in the computer industry in Quebec, Canada!

First, sorry for the delay of this report, there’s a lot of thing happening in my life those last weeks and unfortunately I don’t have all the time I want to invest in my community activities..

That said, here’s a picture of the booth ( and me ) at the S2LQ

Unfortunately we haven’t received the  Fedora 14 DVD and there was a bunch of F13 DVD/Live cd, so I gave those media to people and tell them to download the lastest version if they like it! I almost gave an entire box of DVD and LiveCD, I can’t tell you how many, but during those two days a lot of people come back home with Fedora media to try it :)The stickers and button were pretty popular too!

So what can I say regarding the event..

My main goal was:

1. Position Fedora in Quebec city. Show to the people that there are people using Fedora and there’s help here in Quebec city if they have trouble!
2. Put some visibility for the Fedora Project. This one was a success with all the media distributed and with the big Fedora vertical banner
3. Explain to people the relationship between Redhat and the Fedora Project
4. Create some connection between the member of other community in the Quebec area ( other distribution, project etc… )
5. Publicize the fact that there’s two Fedora ambassadors in Quebec city, and where to look if they want to be informed of release party and other events.
6. Explain what are the main goal of the Fedora as a Linux distribution, what are the differences with the other distributions etc..

All those objectives has been achieved! I’m really proud of this event, I’ve met a lot of people involved in very different way in Opensource and heard of project born here and we didn’t even know!

I event get a picture with Richard Stallman! Again not the best picture ever.. I don’t know what’s wrong with me an pictures ;)

Thanks for everyone who helped me for this event, I think about Larry Cafiero who sent me the vertical banner and the button, Jean-Francois Saucier who gave me the F13 media, ng who sent me Fedora t-shirt which I didn’t receive on time unfortunately :( ,Michael Lessard and Claude Reeves for all the talk during spare time between presentation! ;) Ho, and Thanks the Laurent Bounin and everyone from the APELL who make this event a success!

More photos of the event:

http://www.flickr.com/search/?q=s2lq&m=tags

http://s2lq.com/photos

Videos:

http://s2lq.com/zone-vid%C3%A9o

Thank you Redhat!

 

Sometimes you can recieve small gift that warm your heart!

That was one of those, redhat sent me a 5$ Starbucks gift card just because I was watching/listening to their webinar on rhel6! What a deal for attending a webinar you wanted to! :)

With the winter starting, this “FreeCofee” will be welcome!

Howto fix IRobot Roomba left or right wheel

My Roomba 530 started to spin around his right wheel few week ago. It happened few times and then more often and after that it was doing only this… So I tried all the iRobot suggested “repair” method, but there’s not a lot to do on iRobot  website regarding problem with your right or left wheel. So I was faced with the reality, I will have to buy a new right wheel module. It’s not that expensive you can find it on ebay for around 20$ shipped but I’m the kind of guy who don’t like to buy replacement part when I can fix it!

After few test and diagnostic, I confirmed that the problem was the right wheel. It was unable to spin, but if I just pushed a little bit the roomba, it start working. So I put the roomba on it’s back and tried to move both wheels and found out that the resistance on both wheel wasn’t the same and after a closer look I was pretty sure there was hairs stuck in the wheel module. Then I opened the roomba and I took few pics of my adventure in case that my idea will work, it can always help someone else! If your problem look like mine, you can follow those steps, maybe you will be able to fix it! If anyone found a way to open the wheel contained in the wheel module let us know I was unable to find anything on the net regarding this..

This is a “Try at your own risk” repair. This had fixed my wheel but I don’t know yet if it will last for weeks or months.. do this only if you’re desperate and you tried all other option suggested by iRobot support.

Ok so here’s the first step I tried before doing the main repair, you should probably try every step before, in case your problem is not the same as mine!

Try the iRobot suggested fix method

If you roomba say “Please Inspect and Clean Roomba’s left (or right) Wheel” or if, like me, your roomba spin around a wheel and if you push it a little bit it started to go straight and then restart to spin.

Try those url from iRobot support website :

http://homesupport.irobot.com/app/answers/detail/a_id/498

http://homesupport.irobot.com/app/answers/detail/a_id/805

Fixing hair stuck in the wheel module

If those steps fail for you, and you contacted iRobot support and they told you you’ll need a new wheel module or you feel a different resistance when you spin the wheel, maybe you’re like me and there’s hair or anything stuck in the wheel module. You can try those steps, again, at your own risk.

The idea I had was to used a hair removal mousse, to “soften” the hair stuck in the wheel mechanism. Here’s how to open your roomba 500 and insert the veet foam into the wheel and add oil for lubrication after that.

• Put your roomba on it’s back. You can put a towel or something smooth under it if you don’t want to scratch the top. Unscrew the side brush and remove it with a flat screwdriver. On the main plate you can see 4 screw with arrow pointing, unscrew them.

• Remove the plate, and you’ll see the battery. Pull out the battery carefully.

• Now you should have removed battery and you should be able to locate both side wheels.

• Remove those three screw.

 

• Pull out the wheel module gently. Now you should have the wheel module in your hand. I took a picture to show you how to “open” the module but I didn’t remove it on this picture. you can do it like this but it’s hard to keep everything clean…
• As you can see on the picture, take a thin knife and you have to insert the knife horizontally in the small crack between the inner plastic piece and the rubber wheel. You’ll feel the plastic moving.. be careful to don’t cut or damage the wheel or the plastic.. When your knife is between both parts, lift the knife as it is on the picture so you’ll see a small crack. this is where you’ll need to spray the hair removal mousse… I didn’t show it on the picture because it was already done, and I don’t want do this again.. it’s not easy as it could seem, you may need another hand to keep everything in place and put the hair removal foam… Put a decent amount of foam, you want it to reach the center of the wheel where the air are stuck.

• After you put the foam into the wheel let it “work” for almost 10 minutes.
• Roll the wheel and see if you still feel a resistance if you don’t it look good!
• I wiped the extra foam and I added oil or something to lubricate the center of the wheel. Be careful don’t put too much oil or lubricant because hair and dust will stick to this!

That’s it, put everything back in place. and try your roomba. Mine took almost 5 minutes of “under supervision” first run. After that the wheel was fine!

Let me know if this helped you or if you have another trick to fix the wheels! This is certainly not the best way to do it, but maybe my wheel will survive 1-2 months more!

@+

Telus release Android 2.1-update1 for the Motorola Milestone, and no, there’s no OTA update available…

I think they released the Android 2.1-update1 yesterday.. I based this on the filename of the release note ;)

Here’s the Release Note: http://bit.ly/bv5gZX

To update

go to: http://direct.motorola.com/hellomoto/support/update/

And follow the instruction, or simply start the software updater on your not so favorite OS a.k.a. Windows.

I’ve just updated, nothing new.. I didn’t had a lot of problem with my phone anyway.. but if this could fix the music problem I’ll be just happy… The only bad thing with this update is that they just started to release OTA (Over The Air) updates on the Motorola Droid and you know what ? They are recieving froyo, yeah Android 2.2… So let’s dream about the end of Septembre where we are “supposed” (  unconfirmed Rumor I think ) to recieve the update for our Milestone!!!

So now I get:

Version : 2.1-update1

GAS_NA_SHOUTELUS_P012

Kernel: 2.6.29-omap1

Have fun with your updates!