Paul's Blog Entries for July 2006
Saturday 1st July 2006
Fedora Extras
Updated lat to 1.0.6
Monday 3rd July 2006
Local Packages
Updated perl-BerkeleyDB to 0.29
Updated perl-Jcode to 2.06
Looked at xxdiff 3.2 but it needs a later version of flex than even FC5 has (see Bug #160658); I'll need to package that myself (in a way that does not conflict with the standard flex) and that'll be a non-trivial task
Tuesday 4th July 2006
Local Packages
Updated moin to 1.5.4, and obsolete the moin-fastcgi subpackage, which I'm no longer supporting (use mod_fcgid instead)
Updated mod_fcgid to 1.10 and also tweaked the SELinux policy to allow the web server to:
read httpd_fastcgi_content_t content without having to set the httpd_builtin_scripting boolean
read /etc/resolv.conf without having to set the httpd_can_network_connect boolean
Updated proftpd to have the default configuration not use sendfile by default, as per MatthiasSaou's Fedora Extras proftpd package, and to include some comments regarding DSO loading
Wiki
Upgraded moin to 1.5.4
Fedora Extras
Updated mod_fcgid submission to include the changes made locally
Submitted buildreq bug-with-fix for drgeo
Wednesday 5th July 2006
Happy birthday mum!
Local Packages
Updated perl-Net-DNS to 0.58
Updated SELinux policy for mod_fcgid to allow FastCGI applications to do DNS lookups
Updated dovecot to 1.0.rc2
Fedora QA
Raised buildreq bugs-with-fixes for driftnet, erlang, fish, and flow-tools
Thursday 6th July 2006
Fedora QA
Fedora Extras
Made a start at putting together the remaining bits of the Gnome-1 stack that have gone from Core in Fedora Core 6. I need everything up to linglade (needed for php-gtk, which is needed for pptpconfig), so I made packages of ORBit and libpng10 ready for submission to Extras.
Friday 7th July 2006
Local Packages
Updated libidn to 0.6.4; I wanted to add valgrind as a buildreq for better test cover, but Red Hat Linux 9 (one of the distros I'm targetting) doesn't have valgrind and although I was able to build valgrind from Fedora CVS on Red Hat Linux 9, it didn't appear to work properly. So I opted for the easy option for the time being of leaving off valgrind as a buildreq.
Fedora QA
Submitted buildreq bugs-with-fixes for gnomad2, gnome-applets-music, gnome-schedule, grads, grhino, and gsynaptics
Monday 10th July 2006
Local Packages
Updated fetchyahoo to 2.10.3
Updated libidn to 0.6.5
Updated perl-Test-File to 1.16
Fedora Extras
Submitted libpng10, ORBit, gnome-libs, and libglade for review
Tuesday 11th July 2006
SELinux Policy Update
Got a message from cron this morning:
/etc/cron.daily/yum.cron: libsepol.scope_copy_callback: proftpd: Duplicate declaration in module: type/attribute ftpdctl_exec_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed!
The reason for this was that my proftpd policy module is now included in the upstream and Fedora base policy, and the definition of the ftpdctl_exec_t type in the new base policy conflicts with the same definition in my local policy module. The solution is of course to unload my local policy module as it's no longer needed:
# semodule -r proftpd
However, that still left me with the old base policy loaded (since linking the new one with my local modules had failed at rpm upgrade time), so I also needed:
# semodule -b /usr/share/selinux/targeted/base.pp
This got me fully up to date.
Wednesday 12th July 2006
Local Packages
Updated mgdiff to build on Fedora Core 5 with modular X
Updated perl-Mail-Mbox-MessageParser to 1.4004
Updated perl-Net-Server to 0.94
Updated tcptraceroute to 1.5beta7
Fedora Extras
Updated perl-Mail-Mbox-MessageParser to 1.4004
Dining Out
Went for a nice meal from work at the Bay Tree Restaurant in Cheadle with our colleagues from LSI Logic.
Web Server Outage
Made a tweak to the web server configuration but it failed to restart. The error log said:
[Wed Jul 12 18:52:49 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Wed Jul 12 18:52:50 2006] [emerg] (28)No space left on device: Couldn't create accept lock (/etc/httpd/logs/accept.lock.7109) (5)
I had no full partitions, nor were there any SELinux issues, which I thought were the most likely reasons for this problem. Fortunately google came to the rescue, with a search on the error message turning up http://www.webpipe.net/howto/Apache_accept_lock_fix. The output of ipcs -s with httpd stopped was a big, long list, all owned by apache. So the fix was to kill them all:
for semid in `ipcs -s | grep apache | cut -f2 -d" "`; do ipcrm -s $semid; done
After doing this, httpd started up without issues.
Thursday 13th July 2006
Local Packages
Updated bittorrent to 4.20.4; the seed client no longer crashes at startup, but it still doesn't work:
File "/usr/lib/python2.3/site-packages/twisted/internet/base.py", line 555, in runUntilCurrent [4.20.4 2006-07-13 10:43:03] STDERR : File "/usr/lib/python2.3/site-packages/twisted/internet/base.py", line 555, in runUntilCurrent call.func(*call.args, **call.kw) [4.20.4 2006-07-13 10:43:03] STDERR : call.func(*call.args, **call.kw) File "/usr/lib/python2.3/site-packages/BitTorrent/launchmanycore.py", line 178, in stats [4.20.4 2006-07-13 10:43:03] STDERR : File "/usr/lib/python2.3/site-packages/BitTorrent/launchmanycore.py", line 178, in stats for d in self.get_torrents(): [4.20.4 2006-07-13 10:43:03] STDERR : for d in self.get_torrents(): exceptions.AttributeError: 'LaunchMany' object has no attribute 'get_torrents' [4.20.4 2006-07-13 10:43:03] STDERR : exceptions.AttributeError: 'LaunchMany' object has no attribute 'get_torrents'
Friday 14th July 2006
Fedora QA
Raised buildreq-bugs-with-fixes for gtktalog, gtk-xfce-engine, gwget, and jam
Monday 17th July 2006
Local Packages
Updated gtkwave to 3.0.6
Updated perl-Text-Glob to 0.07
Import perl-version (new dependency of perl-Module-Build) from Fedora Extras
Fedora Extras
Updated gtkwave to 3.0.6
Wiki
First version of BuildSeLinuxPolicyModules
Thursday 20th July 2006
Fedora Extras
MikeKnox kindly reviewed my libpng10 package, which is now imported. Unfortunately it fails to build on FC6 x86_64, though it builds just fine on RHEL3 x86_64 (the only x86_64 system I have access to at present).
5-a-side
Had my first game of 5-a-side (actually 4-a-side) for about 6 months, in very hot and humid conditions at the Soccer Dome at Trafford Park. Hurt my wrist saving a shot near the end. Lost, due to the other team have all of the fit youngsters on their side.
Friday 21st July 2006
Fedora Extras
Michael Fleming kindly approved my mod_fcgid package. Unfortunately, due to changes in rawhide, it no longer builds in development. Package tweaked accordingly.
MikeKnox kindly approved my ORBit package, which is now imported and built.
Updated gtkwave to 3.0.7
Local Packages
Updated gtkwave to 3.0.7
Updated perl-Devel-Symdump to 2.0602
Monday 24th July 2006
Hospital Visit
The wrist injury I picked up on Thursday was still troubling me, so I visited the Minor Injuries Unit at Altrincham General Hospital on my way to work. The nurse there diagnosed a torn tendon and advised me to keep exercising the joint to prevent scar tissue buildup from restricting movement.
Local Packages
Incorporated the recent changes in rawhide's sendmail package into my own version
Updated contagged so that it'll build on rawhide
Tuesday 25th July 2006
Local Packages
Updated mod_fastcgi so that it'll build on Fedora Core (development), which doesn't have the /etc/httpd/build symlink
Fedora QA
Created buildreq bugs-with-fixes for kanatest, kdissert, leafpad, librx, libtabe, libtomoe-gtk, and licq
Crash Recovery
My firewall/web server box crashed mysteriously for the second time in two weeks. Still haven't figured out what's going on with that. Anyway, some issues cropped up during the reboot.
Firstly, the ldap service didn't start because the Berkeley DB backend was in a broken state and needed recovering:
# slapd_db_recover -v -h /var/lib/ldap Finding last valid log LSN: file: 1 offset 4530737 Recovery starting from [1][2795526] Recovery complete at Tue Jul 25 18:49:15 2006 Maximum transaction ID 8000054d Recovery checkpoint [1][4532387] # service ldap start Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded [ OK ] Starting slapd: [ OK ]
I also found a useful page on the openldap BDB backend, and I decided to add a checkpoint directive to slapd.conf:
database bdb # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # check point whenever 128k data bytes written or # 15 minutes has elapsed whichever occurs first checkpoint 128 15 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index displayName eq,pres,sub index marker eq,pres,sub
Next up, the /var/spool/bacula fileystem where I have my bacula storage daemon write backups to before I write them DVD didn't get nounted at reboot. This was an SELinux issue:
type=AVC msg=audit(1153848704.795:345): avc: denied { mounton } for pid=1829 comm="mount" name="bacula" dev=dm-4 ino=1146906 scontext=system_u:system_r:mount_t:s0 tcontext=user_u:object_r:var_spool_t:s0 tclass=dir type=SYSCALL msg=audit(1153848704.795:345): arch=40000003 syscall=21 success=no exit=-13 a0=98a70b8 a1=98a70d0 a2=98a3058 a3=c0ed0001 items=1 pid=1829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 type=AVC_PATH msg=audit(1153848704.795:345): path="/var/spool/bacula" type=CWD msg=audit(1153848704.795:345): cwd="/" type=PATH msg=audit(1153848704.795:345): item=0 name="/var/spool/bacula" inode=1146906 dev=fd:04 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_spool_t:s0
The problem was that the /var/spool/bacula directory on the root filesystem (i.e. the mount point) had the default file context type for that location of mount_t, and the initscripts weren't allowed to mount anything there (though mounting it manually works fine of course, since that is an unconfined operation). The fix is simple:
# chcon -t mnt_t /var/spool/bacula # service netfs restart Mounting other filesystems: [ OK ] # df /var/spool/bacula Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VgExtra-Bacula 46445552 30978788 13107532 71% /var/spool/bacula
There were more SELinux denials but I didn't have time to look at them today.
Wednesday 26th July 2006
Local Packages
Updated bittorrent to 4.20.6; at last launchmany is working but now the tracker is broken (if you use the --dfile option):
# Shutting down: 2006-07-26 14:55 UTC Traceback (most recent call last): File "/usr/bin/bttrack", line 23, in ? track(argv[1:]) File "/usr/lib/python2.4/site-packages/BitTorrent/track.py", line 836, in track t = Tracker(config, r) File "/usr/lib/python2.4/site-packages/BitTorrent/track.py", line 179, in __init__ self.dfile = efs2(config['dfile']) File "/usr/lib/python2.4/site-packages/BitTorrent/platform.py", line 187, in efs2 p,bad = encode_for_filesystem(path) File "/usr/lib/python2.4/site-packages/BitTorrent/platform.py", line 154, in encode_for_filesystem assert isinstance(path, unicode) AssertionError
Fedora QA
Submitted bug-with-fix for linkchecker
Thursday 27th July 2006
Fedora QA
Submitted buildreq bugs-with-fixes for logjam, multisync, mysql-administrator, nautilus-search-tool, ncmpc, NetworkManager-vpnc, ngrep, and openal
Local Packages
New package flex-new, which is flex 2.5.33; this is a new version of flex that is not fully backwards-compatible with flex 2.5.4 (as shipped even in Fedora Core 6), so I've made this package parallel-installable with flex and using it requires manual specification of flex-new as the lexer, use of /usr/include/flex-new as a header search directory for the compiler, and use of /usr/lib(64)?/flex-new as a library search directory for the linker; flex-new is needed for xxdiff 3.2
Updated xxdiff to 3.2, which is a significant rewrite of the package; I've split off the python scripts into a tools subpackage, and due to the code being written for python 2.4, some of those tools won't work on older distributions. I suspect the fixes for this are pretty easy for someone who knows python.
Friday 28th July 2006
Local Packages
Updated rbldnsd to 0.996a
Added patch to perl-MailTools to fix Bug #200450
Updated mod_fcgid to move SELinux policy modules from /usr/share/selinux/packages/POLICYNAME to /usr/share/selinux/POLICYNAME now that the Core selinux-policy package no longer automatically tries to link all modules in this directory, and includes the correct directory ownership; the update also hardlinks the policy module packages together if they're identical, thus avoiding duplicate files
Made the same change in contagged as for mod_fcgid
Fedora Extras
Updated rbldnsd to 0.996a
Cleaned up perl-MailTools and added a patch to fix Bug #200450
Saturday 29th July 2006
Local Packages
Updated mod_fcgid to split off the SELinux policy module into a separate package, which avoids the need for a dependency on selinux-policy for the main mod_fcgid package
Monday 31st July 2006
Local Packages
Updated perl-Algorithm-Diff to 1.1902
Fedora Extras
Finished the first draft of PackagingDrafts/SELinux/PolicyModules, which I'd been writing up over the weekend
Fedora QA
Raised buildreq bug-with-fix for opencv
Previous Month: June 2006
Next Month: August 2006