linux

Creating a super-pendrive

Hi,

Its been really long since I blogged. Before going ahead, want to tell you that will be posting my endeavours on running virtual machines soon.

This, however, is my experience/guide for creating a super pen drive (a.k.a. a usb disk that if booted from presents a grub menu with options – GParted, Fedora, .. and any other linux distro hopefully, and has Fedora persistence, and has a spare partition too for you to use it as a normal pen drive).

It wasn’t as straight forward as I thought (like… all other things).

Steps:

  1. Decide the partitioning layout and partition the pen drive.
  2. Install grub on one partition
  3. Install GParted on another
  4. Install Fedora on another
  5. Install grub again on the partition in step 2 :P, and setup grub.conf
  6. Sit back, and enjoy (may need to crouch forward in some cases.. )

A super neat trick:

To check at any time how you pen drive would behave if you boot from it, use the command : qemu -hda /dev/sdb -m 256 -vga std

This command reduced my research time to one third.

1) Decide the partitioning layout

I used GParted on my Fedora installation (on my harddisk) to set up the partition of the pen drive.

2) Install grub on one partition

Make sure you manually mount the grub partition. The /media/something folder in which it gets mounted automatically gave me some trouble. So unmounted it from there, and mounted /dev/sdb5 to /mnt/usbgrub

grub-install –no-floppy –root-directory=/mnt/usbgrub/ /dev/sdb

3) Install GParted on another

Use UNetbootin for GParted

4) Install Fedora on another

Need to make sure that usb disk is ext3 before doing this. When I did this on a vfat disk, I got an “error 22” when trying to boot from the usb disk.

Use liveusb-creator or live-iso-to-disk for Fedora.

Persistence is buggy according to http://forums.fedoraforum.org/archive/index.php/t-219250.html so instead, a better solution is to directly install fedora on the pen drive on a separate partition, like in http://linuxsoftwareblog.com/blog/?p=156

5) Install grub again on the partition in step 2 :P, and setup grub.conf

mount /dev/sdb5 /mnt/usbgrub/

grub-install –no-floppy –root-directory=usbgrub/ /dev/sdb

Now, to setup the grub menu:

cd /mnt/usbgrub/boot/grub/

cp /boot/grub/grub.conf .

cp /boot/grub/splash.xpm.gz .

gedit grub.conf

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,1)
#          kernel /vmlinuz-version ro root=/dev/mapper/VGSahil-LVRoot
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,4)/boot/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.30.8-64.fc11.i686.PAE)
root (hd1,1)
kernel /vmlinuz-2.6.30.8-64.fc11.i686.PAE ro root=/dev/mapper/VGSahil-LVRoot rhgb quiet
initrd /initrd-2.6.30.8-64.fc11.i686.PAE.img

title GParted Live
root (hd0,5)
kernel /live/vmlinuz1 boot=live union=aufs    noswap noprompt acpi=off irqpoll noapic noapm nodma nomce nolapic nosmp ip=frommedia vga=normal
initrd /live/initrd1.img

title Omega 11 Live
root (hd0,6)
kernel /syslinux/vmlinuz0 root=/dev/sdb7  rw liveimg quiet  rhgb
initrd /syslinux/initrd0.img

Making Fedora rpms/yum work – Offline

This is guide relevant to those who wish to spread fedora to friends and loved ones who don’t necessarily always have an internet connection (or a good one atleast). The problem faced in such situations, almost always (talking from my experience), is that there are a huge number of rpms that need to be downloaded to make fedora capable of playing media, and fill it with good stuff like k3b, amarok etc.

This isn’t always possible with the skimpy internet connections that our not-so-tech-savvy aunts have. (We’ll assume that it is our aunt on whose system we need to install fedora for the sake of this guide.)

So, I devised a way of spreading fedora to our aunt’s system, without getting embarrassed  by that fact that we weren’t able to run mp3 on their system.

The way to do this, is to install a fresh copy of fedora on our system, and then bring it to perfect shape by installing many more rpms, and while doing this, keeping a copy of the rpms required, and then copying this repository of rpms (which we are sure don’t require any more rpms as dependencies as we install them on our own system in offline mode) on a pen drive and taking it along with the fedora installation media to our aunt’s home. And after installing fedora on her system, we simply install all the rpms on her system.

Steps:
On our system:
Download all rpms required for the extra packages (the package rpms + dependencies)
yumdownloader --destdir=rpmsForAunt --resolve rpmName(s)

OR

create a service pack of all pending updates or certain rpms using gpk-service-pack

yum install gnome-packagekit-extra

OR

Edit /etc/yum.conf and change the value of keepcache to 1. After the update is done, the downloaded rpm files then can be found in (and copied from) subfolders named “packages” in /var/cache/yum. When you’re done with them you can get rid of them to save disk space with yum clean packages.
On our aunt’s system:

  1. Install fedora.
  2. Install the extra downloaded rpms:
    1. You need to disable all repositories before yum localinstall will work without net access. To do so,
      go to System > Administration > Add/Remove Software and go the System > Software Sources and uncheck all sources.
    2. Installing the rpms:(1 : see footnote)
      cd rpmsForAunt
      yumlocalinstall --nogpgcheck *

      The above command is to be run for every category of rpms below after copying the resultant directories on our Aunt’s system.

For getting all updates:
I wrote a script for downloading all updates (after a fresh install) to a directory:
for i in `yum list updates | grep fc11 | cut -d ' ' -f 1`
do
echo Now downloading rpms for package $i
yumdownloader --destdir=localUpdate --resolve $i
done

For getting all media rpms:
rpm -ivh http://rpm.livna.org/livna-release.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-livna
rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux

(the above is required only so that you (and not your aunt) can download the rpms)
yumdownloader --destdir=localRpmsForMedia --resolve libdvdcss vlc flash-plugin xine xine-lib-extras xine-lib-extras-freeworld mplayer mplayer-gui gecko-mediaplayer mencoder amarok rhythmbox gstreamer-plugins-ugly gstreamer-plugins-bad gstreamer-ffmpeg audacious audacious-plugins-freeworld* k3b

A few more rpms that I use:
yumdownloader --destdir=localRpmsOther system-config-lvm gparted digikam m17n-db-*

(1)I faced an issue while bash was updated using this method. It said transaction failed.
To resolve this, I ran
yum-complete-transaction --clean
rpm -e bash

The above command listed two bash versions (I don’t remember the version numbers), on saying rpm -e bash.version1, it said there are many dependencies, then I tried rpm -e bash.version and it worked. Then, I went back to the yumlocalinstall step and then that worked.

Things done in college – technology

Here is a list of things I have done in the past three years. I have written for the sake of personal record.

As a member of Delta :
Created a “PC Based Oscilloscope” in IIT Bombay, as a summer project. Used java servlets on the server side and a java applet on the client side. Was responsible for the whole of the software side – 2006 Summers
Worked in Pragyan CMS V1, which finally got implemented in our college website – 2005-2007
Made Dalal Street, a stock market simulator using java servlets on the server side and using eclipse to make a java based ui compiled using gcj to eliminate the need of jvm to run the final executable – 2006 Dec – 2007 Jan
Used CVS for the development of Dalal Street, understood the importance of a code versioning system.

As being a part of Delta Core (Technology Changes) :
Implemented LDAP using openldap, in Delta, allowing everyone to have a central authentication server, with a common login everywhere, where everywhere includes :
system login in Sun Lab comps
Implemented NFS on Delta, which gets mounted on all Sun Lab comps, using the default nfs service provided by default on fedora, so everyone has the same home irrespective of the comp they login to, which they do through their ldap accounts.
Implemented pure-ftpd on Delta, configured it to work through ldap, allowing everyone to access their home drives even from “outside” (the user labs).
Setup, and advocated use of Doku for information keeping, made it work through LDAP.
Implemented and introduced SVN on Delta, setup three repositories : pragyan, delta and dalal, delta for the use of all delta projects.
Implemented and introduced trac on delta, setup three repositories : pragyan, delta and dalal. Customized all of these three. Learned how to customize through .egg files.
Made svn and trac work through httpd authentication, which used LDAP to get authentication details. (this was hell)
Revived delta as a student group – meaning, made sure many meetings were held, made sure everyone knew each other, everyone contributed something to delta and felt a part of the group, made sure many treats were held, and chucked a few inactive members out of delta.
Created Pragyan CMS V2, from scratch.

As being Pragyan’08 Systems head :
Implemented mail system through postfix, made its authentication work through ldap. Implemented mailman like features using contact attribute in ldap and aliases in postfix.
Made dovecot work through ldap too.
Learned what SSL certificates are, how they work, created a self signed ssl certificate for pragyan.org, using tinyCA2 provided in Fedora, and made it use it. (basically, allowed the use of https://pragyan.org/…)
Implemented FDS (Fedora Directory Server) as a much better alternative to LDAP on Pragyan Server.

LDAP authentication through Apache for svn, trac or anything else for that matter :P

Apache can be used as an access method for things like svn, trac, and even a whole file system through webdav. And apache also supports authentication through LDAP. Hence Apache can be used to authenticate the services that it provides through LDAP.

Here is how it is done :

For SVN :

<VirtualHost *:80>
ServerName                          repos.nitt.edu
DocumentRoot                        "/var/www/svn/DocumentRoot/"
ErrorLog logs/repos.nitt.edu-error_log
CustomLog logs/repos.nitt.edu-access_log combined

<Location /pragyan>
DAV svn
SVNPath /var/www/svn/pragyan
<LimitExcept OPTIONS REPORTGET>
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName “Pragyan SVN LDAP Authentication”
AuthLDAPURL ldap://localhost:389/ou=Pragyan,dc=www,dc=nitt,dc=edu?cn?sub?(objectClass=*)
AuthLDAPGroupAttribute contact
require valid-user
require ldap-group listName=coding,ou=Groups,ou=Pragyan,dc=www,dc=nitt,dc=edu
</LimitExcept>
</Location>
</VirtualHost>

For trac :
<Location "/trac/delta/login">
AuthType Basic
AuthName "Delta Trac LDAP Authentication"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://delta.nitt.edu:389/ou=Webteam,dc=delta,dc=nitt.edu?uid?sub?(objectClass=*)
AuthLDAPGroupAttribute memberUid
require valid-user
require ldap-group cn=webteam,ou=Groups,ou=Webteam,dc=delta,dc=nitt.edu
</Location>

CrAzY SVN / HTTPD Errors!!! (301, 302 …..)

Yup.

SVN IS MAD.

Sorry, SVN and HTTPD team up to drive people crazy.

I just came across two (or maybe three) of their misdoing in my effort to setup SVN on http://repos.nitt.edu

1) First, with this nitt.edu.conf in /etc/httpd/conf.d directory :

<VirtualHost *:80>
    ServerName                          repos.nitt.edu
    DocumentRoot            "/var/www/html"

I got an error

RA layer request failed
svn: PROPFIND request failed on '/pragyan'
svn: PROPFIND of '/pragyan': 302 Found (http://repos.nitt.edu)

I found this article : http://ynniv.com/blog/2005/12/troubling-svn-error.html

It said that the error occurs when some cms meddles with the way non existent file message (404) is shown. This,… was my case. (Thanks to my Praygan CMS). So then I changed my document root to /var/www/svn.

Then with

<VirtualHost *:80>
ServerName                          repos.nitt.edu
DocumentRoot            "/var/www/svn"

I got an error

RA layer request failed
svn: PROPFIND request failed on '/pragyan'
svn: PROPFIND of '/pragyan': 301 Moved Permanently (http://repos.nitt.edu)

Article that helped me in this grave time of need was : http://subversion.tigris.org/faq.html#http-301-error

It said that the error occurs because, when configuring SVN to work with httpd, the virtualhost document root shouldn’t contain the repository location (or httpd gets confused or something). My repos location was /var/www/svn/pragyan (which was within Document root). I simply changed the DocumentRoot to /var/www/svn/DocumentRoot and all started working well again.

Creating your own schemas in FDS Ldap for use in postfix (or anything else for that matter) :P

What I needed for mailman like functioning while making postfix work with ldap was an attribute that stores content of type DN (Distinguished Name) i.e. a node address, or holding a data type that stores nothing but data of type that can hold address of the data type itself.

In openldap, I used a schemas called evolutionPerson and evolutionPersonList (available with my fedora openldap distribution by moving evolutionperson.schema in /usr/share/evolution-data-server-1.12/ to /etc/opanldap/schemas/). evolutionPerson is very similar to inetOrgPerson class, which stores basically everything that could ever be used to describe a person. The reason I chose evolutionPerson over inetOrgPerson was the availablity of the evolutionPersonList class. Its attributes are : mail, contact and listnName, where both mail and contact can contain more than one values. mail and listName attribute type is text, and contact attribute type is DN. contact’s were used to create groups, and mail’s were used to forward the email to a third party server. Here is a screenshot of the same in action :

The contact attribute worked like charm. If any contact attribute turns out to be another evolutionPersonList, it repeats the whole process again for it, collecting new mails from it, and if it turns out to be evolutionPerson, it takes its mail attribute. The whole process repeats itself, taking care that infinite loops do not get created. In the end, what we get a list of mail ids to which the mail has to be sent.

Now, I haven’t yet figured out how to add evolutionperson.schema to schema. So, what did I do for delta?? I simply created my own schema. For a user, I already had whatever I needed in inetOrgPerson. All I need was some sort of an inetOrgPersonList. So, here are the steps :

  • I am assuming you have already setup fedora directory server through the wonderful install scripts provided. (/usr/sbin/setup-ds-admin.pl and then /usr/sbin/setup-ds.pl)
  • Open Fedora Directory Server admin console : /usr/bin/fedora-idm-console

    Me, showing off my workspace

  • Under the server groups entry in the default view tree, select your directory server and open it, using the DN and password you provided earlier during the directory server setup.
  • Under the to configuration tab, select schema. Select Attributes in the right hand pane.
  • Create a new attribute by clicking on the new attribute button at the bottom of the right pane.

  • I needed two new attributes for my purpose :
    1. contact : of type DN, multi valued.
    2. listName : of type String, single valued.
    3. The third multivalued attribute I needed, mail, already exists.
  • Now, under the Object Classes pane, create any number of Objects you nees, using the attributes you just now created, or the preexisting ones.

  • The one created was inetorgpersonlist having Required Attributes listName and objectClass, and Allowed Attributes contact and mail.

That’s it!!

public_html web server – without mod_userdir

Hell, what does the title mean??

It means this :

Allow people to put files in the public_html folder in their home directories and allow it to be seen through the web server of that server in this format : http://servername/~username/hisorherfiles

Most people use mod_userdir to allow ~username directories in their webservers. However, there is simple rewrite rule workaround that eliminates the need for mod_userdir.  I needed this because we had the home directories on the server, but the users had no login accounts on the server and they needed their public_html to work.

Here is how it goes :

#First, disable the default thing : 
<IfModule mod_userdir.c>
    UserDir disable
</IfModule>
#Then the rewrite rule
#To prevent access to files ~something.html and #something.html#
<Files ~ ".*(~|#)$">
    	   Order allow,deny
    	   Deny from all
</Files>
#To show public_html access
    RewriteEngine On
    RewriteCond %{REQUEST_URI}	^/~\w+/.*$
    RewriteRule /~(\w+)/(.*)	/webteam/$1/public_html/$2
    RewriteCond %{REQUEST_URI}	^/~\w+$
    RewriteRule /~(\w+)		/webteam/$1/public_html/
#To enable .htaccess rules in public_html
<Directory /webteam/*/public_html>
    AllowOverride All
</Directory>