I don’t really know the best way to do this, but I did it by adding the following line to hooks/post-update:

git push --mirror git@gitorious.org:licq/debian.git

This way the mirror will always be updated when I push to the “real” repository.

Get it by running

% gbp-clone --pristine-tar git://gitorious.org/licq/debian.git

or clone it on Gitorious and send me merge requests

I’m now officially the maintainer of Licq’s Debian packages. Since I’m not a real Debian maintainer, I’m very grateful to Joel Rosdahl who is my sponsor.

Version 1.3.8-1 is coming to a mirror near you as I write this.

The package source is kept in my git repository. To build the package from the git repository, install git-buildpackage and pristine-tar then follow the instructions below.

Initial setup:

% gbp-clone --pristine-tar git://git.ejohansson.se/debian/licq.git

% git clone git://git.ejohansson.se/debian/licq.git
licq % cd licq
licq % git checkout -b pristine-tar origin/pristine-tar
licq % git co master

To build the latest version:

licq % git-buildpackage --git-export-dir=../build-area

To build a specific version:

licq % git-buildpackage --git-export-dir=../build-area --git-export=debian/1.3.8-1

The final packages will be available in ../build-area.

Later on when you wish to update:

licq % git pull
licq % git-buildpackage ...

The next version will have qt4-gui.

In the BIOS, enable “Power on by PCIE device”.

In Linux, first install ethtool and then check that Wake on LAN is supported by running the following command:

root@host$ ethtool eth0
...
        Supports Wake-on: g
        Wake-on: g
...

The output should contain a ‘g’ to indicate that the device can be woken by sending it a “magic packet”.

Enable Wake-on by running:

root@host$ ethtool -s eth0 wol g

Since this command must be run on every boot, add it to /etc/rc.local.

root@host$ cat /etc/rc.local
...
ethtool -s eth0 wol g
exit 0

As the last step we must make sure that halt doesn’t disable the network device. This is done by adding this line to /etc/default/halt:

NETDOWN=no

We also need the MAC address to send the magic packet to.

root@host$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1e:8c:cf:d0:bb  
...

Then shutdown the computer. On an other computer, install e.g. wakeonlan and run:

user@other$ wakeonlan 00:1e:8c:cf:d0:bb

The computer should now start.

We tried many things to get the Wii to connect, without any success. In a last attempt we tried changing the pass phrase to a 64 characters long hexadecimal pass phrase. That did the trick. Both the Wii and both laptops now connect without any problem. So if you are having problems connecting your Wii to the wireless network, try changing the pass phrase to consist of hexadecimal characters (0-9, A-F) only. For WPA/WPA2 it must be exactly 64 characters long.

Back to catching up on LWN issues…

It turned out that the problem was related to the following message that I’ve been seeing in my log:

avc:  denied  { execute_no_trans } for  pid=972 comm="apache2"
name="bash" dev=hda1 ino=26110
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

The mail() function in PHP (which is what wordpress uses to send the notification mail) is implemented using popen(3). When you call mail(), PHP executes popen(“sendmail …”, “w”). This ends up with a call to “sh -c sendmail …”, which explains the log message.

The solution was allow execute_no_trans for httpd:

allow httpd_t shell_exec_t:file execute_no_trans;

1. Turn on httpd_builtin_scripting and httpd_enable_cgi. Turning on httpd_builtin_scripting gives httpd_t (i.e. apache) permission to read and write files marked httpd_sys_script_rw_t. This is needed for commits to work. Turning on httpd_enable_cgi gives httpd_t permission to execute scripts (marked httpd_sys_script_exec_t), something which is needed for hooks to work.

# setsebool -P httpd_builtin_scripting=1
# setsebool -P httpd_enable_cgi=1

2. Set the proper security context on the files in the repository. Assuming that all repositories are located under /home/svn, the following commands will do the job. Also make sure that the user apache is running as (e.g. www-data) has read access to the repository and write access to the directories dav and db (this is the script I use for that).

# semanage fcontext -a -t httpd_sys_content_t '/home/svn(/.*)?'
# semanage fcontext -a -t httpd_sys_script_rw_t '/home/svn/[^/]+/(dav|db)(/.*)?'
# semanage fcontext -a -t httpd_sys_script_exec_t '/home/svn/[^/]+/hooks(/.*)?'
# restorecon -Rv /home/svn

3. Make sure selinux-policy-refpolicy-dev is installed.

4. Create the directory mysvn. In that directory, create the file mysvn.te with the following contents:

policy_module(mysvn,0.0.1)

require {
        type httpd_t;
        type shell_exec_t;
        type httpd_sys_script_t;
        type var_run_t;
};

# If hooks are shell scripts, apache must be able to run a shell. The
# hooks will run in httpd_sys_script_t.
allow httpd_t shell_exec_t:file rx_file_perms;

# For some reason the scripts searches /var/run
allow httpd_sys_script_t var_run_t:dir search;

5. Then run:

# make -f /usr/share/selinux/refpolicy-targeted/include/Makefile
# semodule -i mysvn.pp

The mysvn policy module is needed because hooks are normally shell scripts. For apache to be able to run them it must be able to run a shell. Once the scripts have started, they run in the httpd_sys_script_t domain.