Archive for the 'FOSS' Category

Disable animations in GNOME 3 for older hardware

If you love GNOME 3 but the animations are really sluggish on an older machine (driving you crazy) then you can disable them using dconf-editor (install that first).

In dconf-editor, browse to org.gnome.desktop.interface and set enable-animations=false. Hope that stops someone from un-installing GNOME on an older machine…

Find out what is using your swap, by Erik Ljungstrom

Ever wondered what it is that’s using that swap on your machine? Erik has a great post about it and a script that will help answer that question.

Here is his script:
#!/bin/bash
# Get current swap usage for all running processes
# Erik Ljungstrom 27/05/2011
SUM=0
OVERALL=0
for DIR in `find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]"` ; do
PID=`echo $DIR | cut -d / -f 3`
PROGNAME=`ps -p $PID -o comm --no-headers`
for SWAP in `grep Swap $DIR/smaps 2>/dev/null| awk '{ print $2 }'`
do
let SUM=$SUM+$SWAP
done
echo "PID=$PID - Swap used: $SUM - ($PROGNAME )"
let OVERALL=$OVERALL+$SUM
SUM=0
 
done
echo "Overall swap used: $OVERALL"

Fix problem updating packages in Fedora/Korora due to broken SELinux update

Unfortunately an update to the SELinux policy package in Fedora 20 (and therefore Korora 20) caused RPM scriptlets to fail when updating packages.

This bug only affects systems that have SELinux mode set to enforcing (which is the default) and were updated to version 3.12.1-116 of the selinux-policy package. If you have seen the following sort of error when updating packages, then this bug may affect you:

warning: %post(libkcompactdisc-4.12.1-1.fc20.x86_64) scriptlet failed, exit status 127
Non-fatal POSTIN scriptlet failure in rpm package libkcompactdisc-4.12.1-1.fc20.x86_64

Below are the commands to resolve this issue (which has been fixed in an updated 3.12.1-117 version of selinux-policy).

sudo setenforce 0
sudo yum clean expire-cache
sudo yum update selinux-policy\*
sudo setenforce 1

The first command disables SELinux enforcement for the current session and the subsequent commands expire the yum cache and install the SELinux policy update which fixes this issue. The last command re-enables SELinux enforcement.

If you previously installed any packages which failed with scriptlet errors like above, you can reinstall them using the following command:

sudo yum reinstall

You can find out what packages were installed after the broken update using a command like this:

sudo sed '1,/selinux-policy-3.12.1-116/d' /var/log/yum.log

If you require any assistance please don’t hesitate to ask for help using Engage or jump onto the #korora channel in IRC freenode.net servers.

Add permanent rules to FirewallD

Someone at work wanted to know how to add rules permanently to FirewallD, Fedora’s dynamic firewall (iptables), so I’m posting it in case it’s useful to someone else.

Get the default zone, this is usually “public”:
firewall-cmd --get-active-zones

List services on that zone:
firewall-cmd --zone=public --list-all

Add required TCP ports (let’s do port 80):
firewall-cmd --permanent --zone=public --add-port=80/tcp

If you need a UDP port:
firewall-cmd --permanent --zone=public --add-port=123/udp

You could restart the firewall for them to take affect, or set the rules again without the –permanent option to add them dynamically.

Restart firewall:
systemctl restart firewalld.service

You can also specify services, rather than ports if you like.

sudo firewall-cmd --permanent --zone=public --add-service=http

You’re done!

Force rsync to use delta transfer to fix corrupt remote file

We host our Korora Project ISO images on SourceForge and I (naturally) use rsync to move them there (slowly, at 100kb/sec). Sometimes though the connection drops off and that’s OK because rsync picks up where it left off.

However occasionally the ISO ends up with the wrong checksum, so something went wrong in the transfer. No amount of re-rsyncing seems to fix this up because by default it uses file size and timestamps to check whether it should skip existing files.

Fortunately, I don’t need to re-send the whole file again as rsync can perform a delta transfer instead and only send the small difference. Yay!

The way I do this is by telling rsync to use checksum. I also need to do the transfer in-place (rsync normally writes a temporary file, then moves) and not to copy the whole file (the whole-file option disables deltas), something like:
rsync -Pa --checksum --inplace --no-whole-file local.file remote.server:

Here’s a real example:
chris@x220 ~ $ rsync -Pa --checksum --inplace --no-whole-file -e ssh korora-20-i386-cinnamon-live.iso csmart,kororaproject@frs.sourceforge.net:/home/frs/project/k/ko/kororaproject/20/
 
sending incremental file list
korora-20-i386-cinnamon-live.iso
  1,715,470,336 100% 220.87MB/s 0:00:07 (xfr#1, to-chk=0/1)

So rsync just saved me 4 hours of uploading the ISO again. Thanks rsync.

Enable and test TLS 1.2 in Firefox 26

Firefox has (unfortunately) lagged behind other browsers recently when it comes to implementing the more secure TLS 1.2 and it’s only now officially landing in the upcoming release 27. It can always use more testing though and if you’re running version 26 you can still enable it and test.

Browse to:
about:config

Set the following:
security.tls.version.max:3

This is the maximum supported protocol so it doesn’t mean that the sites you visit will now be using TLS 1.2. If you want to (try and) force it, there is a security.tls.version.min but be warned that probably most of your sites will fail.

You may also wish to disable this deprecated SSL3 algorithm:
security.ssl3.rsa_fips_des_ede3_sha:false

You can test this out by browsing to http://howsmyssl.com.

Calomel is a handy addon (BSD licence) to tell you what your secure connection negotiated to when you visit a site and gives it a score.

If you notice breakage, please report upstream.

Korora 20 (Peach) released

Today we released the final images for Korora Project (Fedora1 Remix) version 20 with Cinnamon, GNOME, KDE, MATE and Xfce desktops (in 32 and 64 bit).

The release was a little delayed because we were waiting for a few bug fixes to land, as well as Christmas and New Year holidays which got in the way.

We have also been hard at work building our new open source web platform which includes a replacement for our forums which is called Engage. Anyone who had an account with our old forums can log in to the new site, you will just get an email to activate your account first. Bug reports welcome!

1 Korora is not provided or supported by the Fedora Project. Official, unmodified Fedora software is available through the Fedora Project website.

Permanently fixing permissions on a shared git repo

When creating a shared git repository (perhaps on a central server) it’s good to use the –shared option:
git init --bare --shared

If you don’t, then you may find that repository permissions get clobbered each time a different person commits and no amount of umasks, chmods and sticky bits seem to help long term.

For your next shared repo that’s fine, but if you have an existing repository you can still fix this (assuming git is your group for write access):

ssh server
chown -Rf root:git /path/to/bare/git/repo
cd /path/to/bare/git/repo
git config core.sharedRepository group
find /path/to/bare/git/repo -type f | xargs chmod 664
find /path/to/bare/git/repo -type d | xargs chmod 775
find /path/to/bare/git/repo -type d | xargs chmod g+s

Enjoy some sanity!

Delete local and remote git branches

Just a quick one for reference..

Deleting one or more local branches is trivial:
git branch --delete branch branch2

However if you want to delete regardless of the merge state:
git branch -D branch branch2

To delete a remote branch you need to push the delete:
git push remote --delete branch

The –delete option is newish, so if your git is old you can use the original syntax:
git push remote :branch

That’s all.

PolicyKit Javascript rules with catchall

So the desktop is ruled by PolicyKit which is awesome. It includes sets of rules about who can run certain actions (such as mounting an internal drive).

The rules are read in lexical order from the /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d directories.

You can get a list of available actions with the command:
$ pkaction

There may come a time when you want to tweak those rules though, to make management of your system easier. For example, managing virt-manager without a password if you’re in the wheel group (the rule is org.libvirt.unix.manage). If so, you can create one with a name like “10-my-policy.rules” in either directory above.

polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("wheel") && subject.active) {
return polkit.Result.YES;
}
});

Some related tasks have several actions, like configuring cups:
$ pkaction |grep cups
org.opensuse.cupspkhelper.mechanism.all-edit
org.opensuse.cupspkhelper.mechanism.class-edit
org.opensuse.cupspkhelper.mechanism.devices-get
org.opensuse.cupspkhelper.mechanism.job-edit
org.opensuse.cupspkhelper.mechanism.job-not-owned-edit
org.opensuse.cupspkhelper.mechanism.printer-enable
org.opensuse.cupspkhelper.mechanism.printer-local-edit
org.opensuse.cupspkhelper.mechanism.printer-remote-edit
org.opensuse.cupspkhelper.mechanism.printer-set-default
org.opensuse.cupspkhelper.mechanism.printeraddremove
org.opensuse.cupspkhelper.mechanism.server-settings

Previously, before the new javascript format, one could match all those actions with:
org.opensuse.cupspkhelper.mechanism.*

That doesn’t work with js though, so this is how you can do it:
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism") == 0 &&
subject.isInGroup("wheel") && subject.active) {
return polkit.Result.YES;
}
});

Changes are picked up straight away, so just save the file and test!