Older blog entries for stan (starting at number 5)

File server encryption setup

I've been in the process of setting up encryption on my server for a while. At work we use lvm encryption - which works well. The lvm server is running debian and has the dropbear package installed. If it is rebooted, we just ssh in and supply the password.

My server also provides dhcp service, so unless you manually configure the client's networking the ssh part doesn't work. So instead I've been setting up ecryptfs, since I use it all my client machines. The configuration on my server is slightly more manual - I'm using mount -t ecryptfs directly.

I'm using a custom cgi script to allow the partition to be mounted. Seems to be working ok.

After thinking about it while writing this I'm preferring making dhcp work somehow (move it somewhere etc) and using lvm in the long run - slight it makes it easier to make sure everything is encrypted. Also the client part would be slightly harder as you need to use a ssh client rather than a web client.

Got annoying

`menu_proxy_module_load': gedit: undefined symbol: menu_proxy_module_load

errors? do

dpkg --purge appmenu-gtk

to get rid of

/etc/X11/Xsession.d/80appmenu

that causes this

Here's my python implementation of Rob Pike's minimal regex (only supports ^.*$ special characters) algorithm:

def match(regexp, text):
    if regexp.startswith("^"):
        return matchhere(regexp[1:], text)
    for i in range(len(text) or 1):
        if matchhere(regexp, text[i:]):
             return True
    return False

def matchhere(regexp, text):
    if len(regexp) == 0:
        return True
    if regexp[1:].startswith("*"):
        return matchstar(regexp[0], regexp[2:], text)
    if regexp == "$":
        return len(text) == 0
    if len(text) > 0 and (regexp[0] == "." or regexp[0] == text[0]):
        return matchhere(regexp[1:], text[1:])
    return False

def matchstar(c, regexp, text):
    for i in range(len(text) or 1):
        if matchhere(regexp, text[i:]):
             return True
        if len(text) < 0 or c not in (text[i], "."):
             return False

import unittest

class Test(unittest.TestCase):

    def test(self):
        self.assert_ (match("a", "a"))
        self.assert_ (not match("a", "b"))
        self.assert_ (match("^a$", "a"))
        self.assert_ (match("^a*b$", "aaaab"))
        self.assert_ (not match("^a*b$", "aaacb"))
        self.assert_ (match("a*a", "aa"))

Here's hoping there's no other major bugs.

What did I do yesterday?

I rigged up a small script to record the title of the active window when it changes (using libwnck). Generates a log like:

2009-05-09 14:16:42,282 gnome-terminal fish ~/lpth
2009-05-09 14:16:53,517 gnome-terminal less ~/lpth
2009-05-09 14:16:55,063 firefox Advogato - Blog: stan - Mozilla Firefox
2009-05-09 14:16:55,694 gnome-terminal less ~/lpth
2009-05-09 14:16:55,922 gnome-terminal fish ~/lpth
2009-05-09 14:16:57,861 gnome-terminal less ~/lpth


Available here.

dbus at_console and /var/run/console

The dbus at_console code checks for presence of /var/run/console/$USERNAME to see whether the user is "at console".

In previous releases (don't know when it changed exactly) this appears to have been populated by libpam-foreground. Now there is a compatibility script /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck. This doesn't seem to get run with just a local console login. Running ck-launch-session explicitly seems to do the job.

dbus-monitor and system bus

To try and troubleshoot some network manager problems I wanted to use dbus-monitor with the system bus. This bus is a lot more locked down than a user's session bus so doesn't work out of the box (at least on jaunty). Experimentation wasn't helped by the fact that the daemon seems to need a full restart to properly pick up the configuration changes.

I have been able to get dbus-monitor working by making the <policy user="root"> section in /etc/dbus-1/system.d/NetworkManager.conf contain the following:

<allow eavesdrop="true" receive_requested_reply="false"/>
<allow eavesdrop="true" send_requested_reply="false"/>

and in the <policy at_console="true"> section

<allow send_destination="org.freedesktop.NetworkManager" eavesdrop="true"/>
<allow eavesdrop="true" send_requested_reply="false"/>

This allows dbus-monitor to pick up method calls and replies when run as root with an "at_console" user sending the method calls (e.g. with the network manager applet).