Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014
2015JanFebMarAprMayJunJulAugSepOctNovDec2015

No articles posted for 04/2015; five most recent entries shown.

Wed 25th Mar 2015 @ 09:23 2015: Ancient OpenSSL on Solaris

So I was trying to get a custom-built Puppet agent on Solaris 10 to talk to a Red Hat 6 Puppetmaster (all Puppet 3.6.2) and getting the error message:

"Error: Could not request certificate: Unsupported digest algorithm (SHA256)."

https://groups.google.com/forum/#!msg/puppet-dev/_jkdY1Hmq6U/f1IWKZxBHn4J confirms that the problem is that the ancient OpenSSL (0.9.7d) from /usr/sfw doesn't support SHA256.

The answer seems to be to rebuild with a newer OpenSSL, with shared support, and with Ruby using it:
1) OpenSSL
export CFLAGS="-m64 -O2 -fPIC"
export CC=gcc
export AS=gas
export LD=gld


AGENT_DIR=/opt/my-puppet-agent
./Configure solaris64-sparcv9-gcc --prefix=/${AGENT_DIR} --openssldir=${AGENT_DIR}/openssl shared
make
make test
make install
export LDFLAGS="$CFLAGS -R${AGENT_DIR}/lib -L${AGENT_DIR}/lib"
export CFLAGS="$CFLAGS -I${AGENT_DIR}/include"

2) Ruby
For Ruby, the ext/Setup file contains "#openssl" which seems to be to tell it to stub out its own OpenSSL. My pkgconfig is too old for the URL: field, too, so I remove that.

sed s/"^#openssl"/"openssl"/g ext/Setup > /tmp/ext_setup.$$ && mv /tmp/ext_setup.$$ ext/Setup
grep -v "^URL:" template/ruby.pc.in > /tmp/ruby.pc.template && mv /tmp/ruby.pc.template template/ruby.pc.in
./configure --prefix=${AGENT_DIR} --enable-shared --with-opt-dir=${AGENT_DIR} --disable-install-doc --enable-rpath

gmake && gmake install

Post a Comment               

Wed 5th Nov 2014 @ 16:54 2014: Linux Kernel Semaphores

Semaphores are a tunable in the Linux kernel, but they're a bit more awkward than some, just because it's a single tunable which contains 4 different variables, and I for one can never remember which is which.

The Red Hat 5 documentation has a great article about kernel semaphores which explains it all very clearly, including the names. I'll just add the comment about what they are all for.


$ cat /proc/sys/kernel/sem
250 32000 32 128

These are SEMMSL, SEMMNS, SEMOPM and SEMMNI respectively. As the article states, "ipcs -ls" gives you these, with a description:


# ipcs -ls
------ Semaphore Limits --------
max number of arrays = 128
max semaphores per array = 250
max semaphores system wide = 32000
max ops per semop call = 32
semaphore max value = 32767


Which gives us this handy table - where "Index" is the order in which they appear in the kernel.sem variable:




VariableIndexDescription
SEMMSL1Max Semaphores Per Array
SEMMNS2Max Semaphores System Wide
SEMOPM3Max Ops Per Semop Call
SEMMNI4Max Number of Arrays


To change any variable, you have to update all four. For example:


# sysctl -w kernel.sem="250 32000 100 128"
... or
# echo "250 32000 100 128" > /proc/sys/kernel/sem
... or
# echo "kernel.sem = 250 32000 100 128" >> /etc/sysctl.conf
# sysctl -p

Post a Comment               

Wed 24th Jul 2013 @ 17:58 2013: HP iLO - getting full admin rights

Hewlett Packard (HP) ILOs can have multiple login IDs; yours may have some rights, but not others.
Assuming the host runs Linux, you can install the hponcfg package, which uses the BMC to talk to the ILO. Here, I've got access to an account called "stupid", which has no admin rights. I can use that (and the root access on the OS) to give myself full rights via this handy XML file:


[root@host ~]# hponcfg -f fulladmin.xml
HP Lights-Out Online Configuration utility
Version 4.1.0 Date 1/3/2013 (c) Hewlett-Packard Company, 2013
Firmware Revision = 1.13 Device type = iLO 4 Driver name = hpilo
Script succeeded
[root@host ~]#

The "stupid" user now has full rights.

Post a Comment               

Fri 29th Mar 2013 @ 21:41 2013: Shell Scripting Tutorial on Kindle

Shell Scripting TutorialNow available on Kindle

For USA, click here: Amazon.com
For the UK, click here: Amazon.co.uk

Similarly, you can search for “B00C2EGNSA” on any Amazon site, or just go to http://www.amazon.COUNTRY/dp/B00C2EGNSA (where “COUNTRY” is .fr, .de, etc) for your local equivalent.

http://www.amazon.com/Shell-Scripting-Tutorial-ebook/dp/B00C2EGNSA

http://www.amazon.co.uk/Shell-Scripting-Tutorial-ebook/dp/B00C2EGNSA

Post a Comment               

Fri 18th Jan 2013 @ 16:13 2013: Pirate Cinema

I'm reading Pirate Cinema at the moment, a Cory Doctorow novel aimed at young adults, with the thinly-veiled ulterior motive of discussing concepts of piracy, copyright and intellectual property with young people.

A great couple of paragraphs on page 130. The central character, a 16 year old lad from Bradford, has had his internet cut off for downloading and remixing old movies. As a result (in the near-future world in which this is set), his sister can't study, his mother can't claim invalidity benefit, and his father can't perform his job. He is thinking about anti-piracy propaganda:


We'd just laugh at these - the ancient, exquisitely preserved rock star we saw getting out of a limo crying poverty; the workers who claimed that we were taking food out of their kids' mouths by remixing videos or sharing music, when every kid I knew spent every penny he could find on music as well as downloading more for free.

But now I tried to imagine the men who bought and sold MPs like they were pop songs, who put laws into production like they were summer blockbusters, and got to specify exactly what they'd like the statute book to say about the people they didn't like. I realized that somewhere out there, there were gleaming office towers filled with posh, well-padded execs who went around in limos and black cabs, who lived in big houses and whose kids had all the money in the world, and these men had decided to ruin my family for the sake of a few extra pennies.


I just wanted to make a note of this, it conveys the divide between the "haves" and the "have-nots" very succinctly, and how a slight improvement in the way of life of the 1% can come at a very high price for the 99%.

Post a Comment               

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org