Wednesday, November 28, 2012
Wednesday, November 14, 2012
Setting default rpath with gcc
I built my own gcc in /usr/local, but unfortunately, the gcc produced still generates executables that have rpath for the usual system library paths, i.e. those in /usr and /. I changed the default by using my own specs file adapted from the default one. I added the appropriate -rpath options at architecture-specific places under '*link'.
Setting gcc default options
gcc can be given default options by putting the desired specs file in designated paths. To discover what the expected paths are, run strace on gcc to see what paths it is checking.
Friday, November 9, 2012
Enabling trim for encrypted LUKS on SSD in Fedora 17
I tried to enable trim on an encrypted partition, following instructions here, which isn't exactly for F17:
http://worldsmostsecret.blogspot.com/2012/04/how-to-activate-trim-on-luks-encrypted.html
and the discussion here:
http://forums.fedoraforum.org/showthread.php?t=278455
It didn't work for me. Neither "dmsetup table ... --showkeys" nor "cryptsetup status ..." indicated that trim was actually being used.
It turned out that in /etc/crypttab, for some reason, the option to specify is not discard, but allow-discards. Why?
http://worldsmostsecret.blogspot.com/2012/04/how-to-activate-trim-on-luks-encrypted.html
and the discussion here:
http://forums.fedoraforum.org/showthread.php?t=278455
It didn't work for me. Neither "dmsetup table ... --showkeys" nor "cryptsetup status ..." indicated that trim was actually being used.
It turned out that in /etc/crypttab, for some reason, the option to specify is not discard, but allow-discards. Why?
Wednesday, November 7, 2012
How to exclude memory regions from the Linux kernel (and how not to use grub2)
The new RAM turned out to be faulty at a particular address, so in order to keep running with a stable system, I tried adding an option 'memmap=1m$12621m' by editing the command-line in grub2 during boot. This was meant to exclude 1MB surrounding the faulty address.
The kernel got stuck very early. It turned out that I was using grub2 wrongly.
grub2 has special escaping requirements, and '$' means something special to it. In order to end up with a literal '$', it needs to be escaped with '\', so if editing the command in grub2 during boot, the option needs to be 'memmap=1m\$12621m'. However, in /etc/default/grub, which is used to generate the grub config file used during boot, an additional layer of escaping is needed, so there's a line in /etc/default/grub that looks like this:
GRUB_CMDLINE_LINUX=" ... memmap=1m\\\$12621m ..."
So, '\' and '$' each needs its own escaping with a '\'.
The kernel got stuck very early. It turned out that I was using grub2 wrongly.
grub2 has special escaping requirements, and '$' means something special to it. In order to end up with a literal '$', it needs to be escaped with '\', so if editing the command in grub2 during boot, the option needs to be 'memmap=1m\$12621m'. However, in /etc/default/grub, which is used to generate the grub config file used during boot, an additional layer of escaping is needed, so there's a line in /etc/default/grub that looks like this:
GRUB_CMDLINE_LINUX=" ... memmap=1m\\\$12621m ..."
So, '\' and '$' each needs its own escaping with a '\'.
Tuesday, November 6, 2012
How to grep for null character
I had the exquisite pleasure of having to recover some text files that I accidentally deleted. From grepping for expected text fragments in the storage device and dumping the context, I got a lot of non-printable content, consisting mainly of the null character. To simplify the job of visually salvaging the text files, I had to remove sections that are not printable. One way to do this is to drop parts that has the null character. bash apparently doesn't let you enter the null character, so what to do?
grep -P '\000'
grep -P '\000'
Saturday, November 3, 2012
How to clear orphaned files in /tmp
Sometimes, misbehaving or crashed processes leave behind files in /tmp. If the filesystem containing /tmp has low capacity, e.g. when it's in RAM, it quickly fills up and subsequent processes have trouble creating their own files in /tmp.
Here is one crontab solution to garbage-collect those orphaned files:
0 * * * * find /tmp -maxdepth 1 -user username -atime +1 -and -not -exec /usr/sbin/fuser -s {} ';' -and -exec rm {} ';'
Every hour, at the hour, the command runs. find finds files that have not been used for at least an hour owned by the specified user (username), and checks using fuser whether each found file is being used by any process. If not, it is removed.
Why can't the user just use "-atime +1" without the "maxdepth 1 -user username"? Simply put, there are files and directories that don't belong to use and the user doesn't have permission to delete or even read/execute.
NB: For more technical discussion perhaps leading to a more robust system-wide solution perhaps see this:
http://linuxgazette.net/18/tmp.html
Here is one crontab solution to garbage-collect those orphaned files:
0 * * * * find /tmp -maxdepth 1 -user username -atime +1 -and -not -exec /usr/sbin/fuser -s {} ';' -and -exec rm {} ';'
Every hour, at the hour, the command runs. find finds files that have not been used for at least an hour owned by the specified user (username), and checks using fuser whether each found file is being used by any process. If not, it is removed.
Why can't the user just use "-atime +1" without the "maxdepth 1 -user username"? Simply put, there are files and directories that don't belong to use and the user doesn't have permission to delete or even read/execute.
- The reason for "-user username" is to avoid deleting files belong to other users.
- If there is a directory doesn't belong to the user, but is executable by the user, find may explore it and later complain when trying to traverse subdirectories in it that are not executable, or delete files in there for which permissions are lacking. In any case, it's probably not a good idea for a user to delete someone else's files. The "-maxdepth 1" prevents this, though it also prevents the traversal of directories belonging to the user. If we only care about orphaned files directory contained in /tmp, this is an ok workaround.
NB: For more technical discussion perhaps leading to a more robust system-wide solution perhaps see this:
http://linuxgazette.net/18/tmp.html
In sshd, how to disable password login
Edit config file /etc/ssh/sshd_config to have this:
PasswordAuthentication no
NB:
Make sure other authentication methods are enable, e.g. "PubkeyAuthentication yes"
Supposedly, "AllowedAuthentications ..." is preferable to "XXXAuthentication yes", but it appears that there are weird interactions with "UsePAM yes", so with "UsePAM yes", this:
PubkeyAuthentication yes
PasswordAuthentication no
... is not the same as:
AllowedAuthentications pubkey
Specifically, pubkey authentication seems to fail with the second setting. Cursory google search yielded no answers and I got no time to dig into this rabbit hole.
PasswordAuthentication no
NB:
Make sure other authentication methods are enable, e.g. "PubkeyAuthentication yes"
Supposedly, "AllowedAuthentications ..." is preferable to "XXXAuthentication yes", but it appears that there are weird interactions with "UsePAM yes", so with "UsePAM yes", this:
PubkeyAuthentication yes
PasswordAuthentication no
... is not the same as:
AllowedAuthentications pubkey
Specifically, pubkey authentication seems to fail with the second setting. Cursory google search yielded no answers and I got no time to dig into this rabbit hole.
On Debian, how to get and set installed packages
dpkg --get-selections
dpkg --set-selections
(--admindir sets admin directory, which defaults to /var/lib/dpkg)
dpkg --set-selections
(--admindir sets admin directory, which defaults to /var/lib/dpkg)
Subscribe to:
Posts (Atom)