ejohansson.se » debian

/me is the new Debian maintainer for Licq

Erik Johansson — Thu, 14 Jan 2010 23:01:01 +0000

Update 2010-10-30: Changed the initial setup to use gbp-clone.

I’m now officially the maintainer of Licq’s Debian packages. Since I’m not a real Debian maintainer, I’m very grateful to Joel Rosdahl who is my sponsor.

Version 1.3.8-1 is coming to a mirror near you as I write this.

The package source is kept in my git repository. To build the package from the git repository, install git-buildpackage and pristine-tar then follow the instructions below.

Initial setup:

% gbp-clone --pristine-tar git://git.ejohansson.se/debian/licq.git

~~% git clone git://git.ejohansson.se/debian/licq.git licq % cd licq licq % git checkout -b pristine-tar origin/pristine-tar licq % git co master~~

To build the latest version:

licq % git-buildpackage --git-export-dir=../build-area

To build a specific version:

licq % git-buildpackage --git-export-dir=../build-area --git-export=debian/1.3.8-1

The final packages will be available in ../build-area.

Later on when you wish to update:

licq % git pull
licq % git-buildpackage ...

The next version will have qt4-gui.

Wake on LAN with Debian

Erik Johansson — Thu, 31 Dec 2009 13:45:20 +0000

To enable Wake on LAN on a Asus P5E-V motherboard under Debian you can do the following. Since I have a Asus motherboard, that’s the only one I’ve tested, but except from the BIOS (which may differ a bit), the instructions should be the same for all motherboards/NIC that supports Wake on LAN.

In the BIOS, enable “Power on by PCIE device”.

In Linux, first install ethtool and then check that Wake on LAN is supported by running the following command:

root@host$ ethtool eth0
...
        Supports Wake-on: g
        Wake-on: g
...

The output should contain a ‘g’ to indicate that the device can be woken by sending it a “magic packet”.

Enable Wake-on by running:

root@host$ ethtool -s eth0 wol g

Since this command must be run on every boot, add it to /etc/rc.local.

root@host$ cat /etc/rc.local
...
ethtool -s eth0 wol g
exit 0

As the last step we must make sure that halt doesn’t disable the network device. This is done by adding this line to /etc/default/halt:

NETDOWN=no

We also need the MAC address to send the magic packet to.

root@host$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1e:8c:cf:d0:bb  
...

Then shutdown the computer. On an other computer, install e.g. wakeonlan and run:

user@other$ wakeonlan 00:1e:8c:cf:d0:bb

The computer should now start.

Debian packages

Erik Johansson — Sat, 23 Aug 2008 13:55:03 +0000

My Debian packages are now available at debian.ejohansson.se instead of eddie.ejohansson.se. Please update your /etc/apt/sources.list to point to the new location.

SELinux on NSLU2 now working

Erik Johansson — Sun, 02 Sep 2007 18:10:11 +0000

Not willing to wait any longer for a resolution to the bug I wrote about in my last post I decided to take action. I have now compiled libsepol with my fix applied and uploaded the debian package to my repository.

Since libsepol1-dev ships with a static version of libsepol, I’ve also recompiled some of the packages that build-depends on libsepol1-dev and added them to the repository as well.

If you wish to use SELinux on you slug and feel that you trust me enough to use my version of this rather central piece of security software, add this to your sources.list:

deb http://eddie.ejohansson.se/debian/ etch main

The version number is the same as the version in etch with ‘a’ added at the end. Hopefully this means that when updated official packages are released they will automatically be upgraded.

If you want information on how to configure SELinux, this guide worked for me. But before you follow that guide (and after installing my updated packages), run ‘dpkg-reconfigure selinux-policy-refpolicy-targeted’ so that the base module and modules for the daemons you’re using are properly loaded.

NSLU2 + SELinux

Erik Johansson — Sat, 25 Aug 2007 14:24:30 +0000

It took some time, but I finally figured out why SELinux wouldn’t work on my Debian/NSLU2 installation. The bug report has all the details.

DSPAM Sarge backport

Erik Johansson — Sun, 14 May 2006 17:41:38 +0000

A backport of DSPAM for Debian stable (Sarge) is now available in my repository. No changes have been done compared to the version in unstable, just a recompile.

For those of you that don’t know what DSPAM is:

DSPAM is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. On a properly configured system, many users experience results between 99.5% – 99.95%, or one error for every 200 to 2000 messages.

If anybody is interested in my setup (Exim4+DSPAM+MySQL), let my know and I’ll publish my configuration files.

Sarge r2

Erik Johansson — Wed, 19 Apr 2006 14:34:04 +0000

Sarge r2 is out. Time to put your up alias to work. You do have an up alias now, don’t you? If not, time to add this to your ~/.bashrc and save a few keystrokes.

alias up='aptitude update && aptitude upgrade'

Now, up and enjoy the beauty of apt. Being a Debian administrator is sooo easy.

DSA reaches 1000

Erik Johansson — Tue, 14 Mar 2006 13:31:00 +0000

Debian Security Advisory 1000 just arrived in my mailbox. This might or might not (depending on your point of view) be something to celebrate. We skip the celebration for now and look at some statistics instead.

Since the first DSA in November 2000 (that’s when the first DSA was issued, Debian has been releasing security advisories since 1997) there has been a steady flow, with an average of 1 advisory every other day.

# ruby -rdate -e 'puts "DSAs/day: #{1000.0/(Date.parse("2006-03-14") - Date.parse("2000-11-29"))}"'
DSAs/day: 0.517866390471258
# ruby -e 'puts "Days between DSAs: #{1/0.517866390471258}"'
Days between DSAs: 1.931

We can also note that every year has seen more DSAs then the previous. This year does not seem to be any different. So far 72 advisories have been issued, which, by a strike of coincidence, is the exact same number as 2005 (up to March the 14th).

Continuing on the date statistics, we see that January is, by far, the month with most advisories (153). Followed by October (96) and February (94). Interesting is also the fact that the late spring and summer months July (72), June (62) and May (40) comes furthest down in the result list. It would seem that even security experts prefer the sun to the computer. Nah, proably purely coincidental. Everybody knows that computer geeks prefers the screen and its friendly glow

The most popular date is, far from surprisingly, in January. Namely the 23th (12) with three advisories more than any other day.

Top 10

But, let us leave the dates and move on to something more interesting: Top 10.

Vulnerabilities

The top 10 vulnerabilities is given below (the number is the number of DSAs tagged with the vulnerability).

173 - buffer overflow
130 - several vulnerabilities
 57 - buffer overflows
 37 - missing input sanitising
 37 - insecure temporary file
 27 - insecure temporary files
 27 - programming error
 23 - denial of service
 22 - integer overflow
 18 - format string

The most common vulnerability is not surprisingly buffer overflows, followed by insecure temporary files and missing sanitising of input. All three classic security issues.

Packages

The 16 (only 10 would have excluded packages with the same number of advisories as some that where included) packages with the most advisories are given below.

13 - ethereal
13 - kdelibs
11 - squid
10 - cvs
 9 - mysql
 8 - krb5
 8 - cupsys
 8 - heimdal
 8 - samba
 7 - sudo
 7 - tcpdump
 7 - xfree86
 7 - xpdf
 7 - apache
 7 - openssl
 7 - fetchmail

These numbers are actually a bit suprising. I can understand that kdelibs, mysql, cupsys, samba, xfree86 and apache are included since they are pretty big. But what’s ethereal, cvs, tcpdump, xpdf and fetchmail doing there? I don’t think they are big enough to justify theire appearance among the top (bottom?) 10.

We close this post with the top packages, counting only 2005 and 2006. Much the same as the previous, but now with squid as the leader and courier and firefox joining in.

7 - squid
5 - clamav
4 - courier
4 - ethereal
4 - xpdf
4 - mozilla-firefox
4 - kdelibs

Disclaimer: I know it’s unfair to just list the packages with the most advisories. I should proably dig deeper and compare the count to the impact each vulnerability had. But I don’t have the time to do so now and my tiny DSA statistics script doesn’t do it for me. So take the data presented here (as the Swedish saying goes) with an ounce of salt.

Digg This Article

Presenting my debian repository

Erik Johansson — Sat, 11 Mar 2006 22:53:20 +0000

Following the instructions in the howto “Setting up your own APT repository with upload support” I’ve created my own debian repository for sarge (i386 only). At the moment, there isn’t much in it. Just a backport of reprepro from unstable.

To use my repository, add these lines to your /etc/apt/sources.list

# Erik Johansson's repository
deb     http://eddie.ejohansson.se/debian/ sarge main
deb-src http://eddie.ejohansson.se/debian/ sarge main

I’m using a similar versioning scheme as backports.org: reducing the debian version by one and adding “.erik.x”, where x is a number starting at 1. This way they are automatically upgraded when the version in unstable hits stable (etch).

Happy apt-getting!

Sarge is out!

Erik Johansson — Mon, 06 Jun 2005 09:22:43 +0000

It has finally happen. After more than three years[0] of development, Sarge is now ready. There hasn’t been an offically announcement yet, but you can download the cd images and get started with your installation (or, if you already have woody, just aptitude update; aptitude dist-upgrade). Watch this space for more information.

Time to get the party started!

[0] or 1053 days to be exact:

# ruby -rdate -e 'puts Date.parse("2005-06-06") - Date.parse("2002-07-19")'
1053

Update: It’s official.