Author Archives: rom1dep

vmware on fedora 24 wih kernel 4.8

This is what seems to be the third post of a series of fixes for getting vmware to work on fedora:
Previous posts:
vmware on fedora 24 with kernel 4.7
vmware on fedora 24 with kernel 4.6

The following should make it possible to use vmware on the kernel on version 4.8:

vim /usr/lib/vmware/modules/source/vmmon.tar → vmmon-only/linux/hostif.c
(vim) :%s/NR_ANON_PAGES/NR_ANON_MAPPED/g
Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

vmware on fedora 24 wih kernel 4.7

This is what seems to be the second post of a series of fixes for getting vmware to work on fedora:
Previous post: vmware on fedora 24 with kernel 4.6

The following should make it possible to use vmware on the kernel on version 4.7:

vim /usr/lib/vmware/modules/source/vmnet.tar → vmnet-only/netif.c
(vim) :%s/dev->trans_start = jiffies/netif_trans_update(dev)/g
Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Use a Let’s Encrypt certificate with ejabberd

If you want to use a custom certificate on your ejabberd instance, here is how to make it in a way which is understandable by your server.

Ejabberd requires the key, the certificate, and the chain all together in a single file (in this order).
So, if you are obtaining your certificate from let’s encrypt, you can simply:

cd /etc/letsencrypt/live/<the domain>
cat privkey.pem fullchain.pem > server.pem
chown ejabberd server.pem && cp server.pem <ejabberd certificate location>
Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

vmware on fedora 24 with kernel 4.6

With the new kernel 4.6 found in fedrora 24, you will need to patch two modules for vmware to work again:

/usr/lib/vmware/modules/source/vmmon.tar → vmmon-only/linux/hostif.c
/usr/lib/vmware/modules/source/vmnet.tar → vmnet-only/userif.c

and replace any occurence of “get_user_pages” by “get_user_pages_remote” in these two files.

This comes particularly handy with vim where it’s only a matter of typing :%s/get_user_pages/get_user_pages_remote/g in hostif.c and userif.c . A nice feature of vim (that not everyone is aware of) is that it lets you browse zipped archives and edit the files it contains as if they were plain, uncompressed files.

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Create a rhodecode gist directly from CLI

With your rhodecode installation comes a nice gist tool that allows you to share and edit code snippets (just like the well known gist from github). Less known but very very handy is its client-side counterpart, aka the rhodecode-gist command that allows you to pipe the output of any shell script directly into a new gist, easing things like:
cat myscript.py|rhodecode-gist --private
for quick sharing, or
$buggy_command|rhodecode-gist
for sharing a trace with developers.

Installing rhodecode-gist

Sadly, rhodecode-gist is bundled with rhodecode-tools that isn’t (yet) available on pypi. Instead you’ll have to fetch it from the official website:
pip install https://code.rhodecode.com/rhodecode-tools/archive/stable.zip

Configuring rhodecode-gist

Server-side

You need to generate an API Key, just login to your rhodecode account, User → My account → API keys
Copy the new API Key.

Client-side

Simply run
rhodecode-gist --apikey={above key} --apihost=http://{url to your RC installation} --save-config

And that’s all, now you can use the above commands! As optional parameters, you can also specify the gist visibility (public/private), set a filename/description and specify the lifetime, the command should return a json string containing your brand new gist URL.

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Dogecoin Tips

Hi all!
I just enabled a plugin allowing easy donations using the (many wow) dogecoin crypto currency,
if you wanna tip me for the content of this blog, feel free to give away your such awesome DOGEs at DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c !

Dogecoin-NASA

to the moon

Very Thanks!

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Fedora 20, How I got by my RPM breakage of the day

It’s not that common that RPM breaks its database, but it already happened to me twice since f20 released.

Last time, and because I was in a hurry, I finished by simply reinstalling my system, but today I think I got through enough WTF to post something about it.

It started with the usual message of a yum no longer able to install anything, and a notice about corruption and the advise of rebuilding the package database.

That’s what I did, with rpm --rebuilddb but that lead to a brand new error message… so was my first time it broke that bad. rpmdb --rebuilddb didn’t do any better so I finished with this very old (and bad) advise which consists of removing the databases files themselves. After that, the above –rebuilddb commands worked well, but:

  • Yum was by then unable to connect to any mirror, because it was unable to parse the $releasever tag for its queries,
  • yum check was reporting about 2500 packages with missing dependencies (!!!)

I found the first issue very irritating, because despite of the database problem that was finally gone, I was now hit by a bug from nowhere preventing me from fetching the packages I could require for fixing my stuff…
But hopefully this can be worked around by passing the –releasever=20 parameter to any yum command.

So now, what do when yum puts $releasever in the URLs of the mirrors it tries to connect with? Simply install the fedora-release package that provides the missing redhat-release.

But this sadly doesn’t fix the 2500+ “has missing requires” errors returned by yum check. Before moving away the rpmdb files, I did a rpm -qa > pkglist.txt just inc case… So what about a yum $(cat pkglist.txt) then? Sadly it didn’t work, with yum answering all packages are already installed… (Hu! ô.O) So I ended with the above snippet (source):

yum check dependencies \
| grep 'has missing requires' \
| sed 's/.\+has missing requires of //' \
| sed 's/ [=<>].\+//' \
| while read dep; do yum -y install "$dep"; done

This will run yum install as many times as there is a missing dep, so it will literally kill your yum history and very likely run much more commands than required. I’d rather suggest a:

yum check dependencies \
| grep 'has missing requires' \
| sed 's/.\+has missing requires of //' \
| sed 's/ [=<>].\+//' > yumrescue.list

in combination with a yum install $(cat yumrescue.list)

Hope it helps.

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

rom1dep

October 2, 2013

Hi, I just did some server-wide tweaks regarding cache management and php config, loading times should be way faster now.

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Major update

Hi !

today wasn’t an easy sysadmin day : I switched host, moved from a virtual private server at ikoula to a dedicated one at OVH, I migrated all my services (finally !), and made a complete rewrite of all the apache config in order to handle more efficiently multiple DNs since I’m going to share this server.
That’s why this blog looks so shiny white, the new default wordpress theme isn’t that bad 🙂 , and I might well keep it as a basis for further typo-tuning.

See you around !

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?

Howto : (Clean) Install of a Samsung SPL laser printer under GNU/Linux (without the whole “unified linux driver”)

Printing under GNU/Linux has turned very easy I the last years, by combining an improved compatibility with the even most recent hardware and polished user interfaces to let any user get in with it’s printing server configuration. Well, most of the time there is an opensource driver for your printer, and making it work is then as easy as plugin the USB chord and waiting a tenth of seconds for a green popup to tell you that everything is clean and working… Most of the time.

Towards Samsung, at least for the laser printer I own (a SCX-3200), there is no such an easy install process, because of no tested opensource driver. Configuring your printer will likely drives you to your product’s support page (fr), and maybe will you finish installing the so called “Samsung Unified Linux printing drivers”, what is bad, very bad. This bundle comes with a brunch of middleware you’re likely not to want on your computer (because you may only want to use an USB/network printer). This script also installs it’s own Qt libraries for nothing more than a GUI that is totally redundant with your distrib’ system tools. As of system services and OS’ integration, I doubt those 2011 scripts are aware of the last changes in systemd, selinux, … anyway.

This post will describe how you can make your Samsung printer work as good as on any other platform (using Samsung’s proprietary driver), but without requiring you to install all the burden of the “Unified Linux Driver”.

Step 1: Download and unpack the needed files

http://downloadcenter.samsung.com/content/DR/201110/20111006104050600/UnifiedLinuxDriver_0.93.tar.gz

This link is working at the date of writing and will download the 0.93 drivers. You can get a link by your own by visiting your printer’s support page at samsung.com .

Step 2: Install the ppd file for your printer

Once unpacked, you can plug your printer and turn it on. Whatever your distrib, the wizard will fail finding a working driver but will allow you to specify a ppd file. The path to them is :

<extract_path>/cdroot/Linux/noarch/at_opt/share/ppd/

You just have to pick the good one (scx3200.ppd in my case).

Step 3: Install rastertosamsungspl

PPD files aren’t enough, the Samsung driver mostly consists on a tool that rasters the content you want to print to the Samsung Printing Language (SPL). This binary file is to be found under:

<extract_path>/cdroot/Linux/<your_arch>/at_root/usr/lib<arch>/cups/filter/

You need to copy this file to your cups filters folder :

/usr/lib/cups/filter/rastertosamsungspl

Step 4: Configure SELinux to allow rastertosamsungspl to be run

If you try printing something, this kind of message will appear in dmesg :

Jan 20 13:09:53 NetAce setroubleshoot: SELinux is preventing /usr/sbin/cupsd from execute access on the file rastertosamsungspl. For complete SELinux messages. run sealert -l 81360021-b4dd-4f5d-9f78-760346329e48
sealert -l 81360021-b4dd-4f5d-9f78-760346329e48
 *SELinux is preventing /usr/sbin/cupsd from execute access on the file rastertosamsungspl.
*****  Plugin catchall (100. confidence) suggests  ***************************
If vous pensez que cupsd devrait être autorisé à accéder execute sur rastertosamsungspl file par défaut.
 Then vous devriez rapporter ceci en tant qu'anomalie.
 Vous pouvez générer un module de stratégie local pour autoriser cet accès.
 Do
 autoriser cet accès pour le moment en exécutant :
 # grep cupsd /var/log/audit/audit.log | audit2allow -M mypol
 # semodule -i mypol.pp
Additional Information:
 Source Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
 Target Context                unconfined_u:object_r:user_home_t:s0
 Target Objects                rastertosamsungspl [ file ]
 Source                        cupsd
 Source Path                   /usr/sbin/cupsd
 Port                          <Unknown>
 Host                          localhost.localdomain
 Source RPM Packages           cups-1.5.4-20.fc18.x86_64
 Target RPM Packages
 Policy RPM                    selinux-policy-3.11.1-71.fc18.noarch
 Selinux Enabled               True
 Policy Type                   targeted
 Enforcing Mode                Enforcing
 Host Name                     localhost.localdomain
 Platform                      Linux localhost.localdomain 3.7.2-204.fc18.x86_64
 #1 SMP Wed Jan 16 16:22:52 UTC 2013 x86_64 x86_64
 Alert Count                   3
 First Seen                    2013-01-20 04:52:54 CET
 Last Seen                     2013-01-20 13:09:52 CET
 Local ID                      81360021-b4dd-4f5d-9f78-760346329e48
Raw Audit Messages
 type=AVC msg=audit(1358683792.720:1284): avc:  denied  { execute } for  pid=873 comm="cupsd" name="rastertosamsungspl" dev="sda5" ino=1444799 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1358683792.720:1284): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fffcaff5d00 a1=7f7acb65ec90 a2=7fffcaff4930 a3=7fffcaff3b30 items=0 ppid=31168 pid=873 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none) comm=cupsd exe=/usr/sbin/cupsd subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
Hash: cupsd,cupsd_t,user_home_t,file,execute
audit2allow
#============= cupsd_t ==============
 allow cupsd_t user_home_t:file execute;
audit2allow -R
#============= cupsd_t ==============
 allow cupsd_t user_home_t:file execute;

As explained (in french, sorry…) you can fix it by simply running:

$ grep cupsd /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp

And then :

$ /sbin/restorecon -v /usr/lib/cups/filter/rastertosamsungspl

Now your printer should work as expected, without the definitely annoying and useless “Unified Linux Driver” stuff.

Donate Dogecoins: DJi4fgSMxcq5vRjytvCEq9A1TVsDZevd7c Whats This?