Tips for the world!

I'm currently running Debian's rolling release (aka "testing") on my main machine and have added some stuff to make that nicer.

First thing I have is configuration and package management. Since I have relatively few machines, I am using a metapackage per machine that installs some configuration files with changes that I want. The metapackages depend on packages that I need installed so that I can mark all other packages as being automatically installed. The metapackages are also useful for documenting why I have things installed. It depends on things like task-laptop from tasksel, hardware support packages, the GUI I use, games I play often and so on. My laptop does not have a CD/DVD drive so I have some metapackages to fool apt into ignoring dependencies on CD/DVD related packages I don't need. I'm building the metapackages using equivs-build and a small Makefile. I use the File: header supported by equivs-build for installing config files. I have popcon installed and enabled but I don't want it to leak the names of the metapackages so I have added a prefix to my metapackages and modified the popcon cron job to remove anything containing that prefix. I also don't want apt to ever remove the metapackages so I mark them as Important: yes and configure apt to never autoremove them.

--- /etc/cron.daily/popularity-contest~
+++ /etc/cron.daily/popularity-contest
@@ -71,8 +71,8 @@
 # try to post the report through http POST
 if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
     for URL in $SUBMITURLS ; do
-   if setsid /usr/share/popularity-contest/popcon-upload \
-       -u $URL -f $POPCON 2>/dev/null ; then
+   if grep -v myprefix- $POPCON | setsid /usr/share/popularity-contest/popcon-upload \
+       -u $URL 2>/dev/null ; then
        logger -t popularity-contest "unable to submit report to $URL."
@@ -94,7 +94,7 @@
        echo "MIME-Version: 1.0"
        echo "Content-Type: text/plain"
-       cat $POPCON
+       grep -v myprefix- $POPCON
    ) | do_sendmail


APT::NeverAutoRemove { "^myprefix-.*";} ;

I am using Debian's CDN in order to automatically use an up-to-date and hopefully non-broken repository. Unfortunately this often causes apt to complain about hash sum mismatches and then proceed to forget about all packages. I work around this by always running apt-get update in a loop until it succeeds.

while ! apt-get update ; do sleep 1m; done

A lot of the time I need to install packages from outside of testing. So my sources.list contains lines for testing, unstable and experimental. I have some apt pinning so that by default I only have packages from testing but if I manually upgrade some packages to unstable or experimental, then I will get upgrades within that suite until those packages migrate down to unstable or testing. The apt pinning needs priorities between 1000 and 500 for this to work nicely. I also pin some things like lintian, debian-policy and devref to unstable/experimental since having old versions of those is not useful.


# testing
deb testing-security main contrib non-free
deb-src testing-security main contrib non-free
deb testing main contrib non-free
deb-src testing main contrib non-free
# unstable
deb unstable main contrib non-free
deb-src unstable main contrib non-free
# experimental
deb experimental main contrib non-free
deb-src experimental main contrib non-free


Package: *
Pin: release a=testing
Pin-Priority: 800

Package: *
Pin: release a=unstable
Pin-Priority: 700

Package: *
Pin: release a=experimental
Pin-Priority: 600


Package: lintian
Pin: release a=unstable
Pin-Priority: 900

Package: lintian
Pin: release a=experimental
Pin-Priority: 910

Package: debian-policy
Pin: release a=unstable
Pin-Priority: 999

Package: developers-reference
Pin: release a=unstable
Pin-Priority: 999

Update: I have packaged the coredump stuff in the Debian package corekeeper. I have a few configuration files and a cron job to make all programs dump core files when they crash so that I can file bugs, even for random crashes that are not easy to reproduce. I enabled some kernel settings with sysctl, lifted some security limits to enable core dumps, and added a cron job to delete old core dumps and notify me of new core dumps. In my shell configuration I also turn on two glibc options to cause programs to crash when they have improper memory management. I also have a second machine I use for bug discovery where I have lots of stuff installed and everything apt pinned in the opposite way; experimental > unstable > testing. When I have time I use this machine to do testing of packages I use, classes of packages that I care about (such as games) and sometimes packages I do not use.


fs.suid_dumpable = 1
kernel.core_uses_pid = 1
kernel.core_pattern = /var/cache/corefiles/core-%p-%u-%g-%s-%t-%h-%e


*              soft    core            unlimited
*              hard    core            unlimited


mkdir -p /var/cache/corefiles
chmod 2777 /var/cache/corefiles
if [ $(find /var/cache/corefiles -mtime +100 -a ! -type d | wc -l) -gt 0 ]; then
    echo deleting:
    find /var/cache/corefiles -mtime +100 -a ! -type d
    find /var/cache/corefiles -mtime +100 -a ! -type d -print0 | xargs -0 rm -f
if [ $(find /var/cache/corefiles ! -type d | wc -l) -gt 0 ] ; then
    echo still present:
    find /var/cache/corefiles ! -type d


export MALLOC_CHECK_=2
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))

I unfortunately need some packages from contrib/non-free, so I have a cron job to let me know when I accidentally install new packages from contrib/non-free.

@daily diffcmdoutput ~/.cache/non-free-contrib aptitude search ~i~snon-free\|~i~scontrib

I backup my dpkg package selections and debconf databases.

@daily diffcmdoutput ~/backup/packages dpkg --get-selections
@daily diffcmdoutput ~/backup/config debconf-get-selections 2> /dev/null

I notify myself of changes to the list of new packages so that I can review them, install any useful/interesting ones and tell aptitude to forget them all.

@daily diffcmdoutput ~/.cache/new aptitude search ~N

I notify myself of changes to the list of packages I have installed that are not up-to-date packages from testing. This helps me catch packages removed from testing/unstable/etc that I use.

@daily diffcmdoutput ~/.cache/apt-show-versions sh -c "apt-show-versions | grep -v '/testing uptodate'"

I notify myself of packages that I maintain that are having issues migrating to testing. I considered doing the same for teams I am involved in but they aren't particularly functional teams so there would be a lot of noise.

@daily grep-excuses 'Paul Wise'

I notify myself of RC bugs that apply to testing and are installed. The list is so long that it just makes me depressed instead of motivated to help fix RC bugs so I only notify myself of changes. Even then I rarely do anything other than delete the notifications. If you are looking for ways to help Debian, fixing RC bugs is a great choice.

@daily diffcmdoutput ~/.cache/rcbugs rc-alert -d T --exclude-tags IP+MR

I notify myself of packages that are orphaned or need a new maintainer. There are usually so many packages in this list that it is not useful, so I only notify myself of changes to the list. I rarely adopt packages because I feel overloaded already. If you are looking for ways to help Debian, adopting packages is a good choice.

@daily wnpp-alert --diff

One of my packages is for interacting with servers on the Internet, so I need to run tests periodically to ensure the package works. I do that with a simple Makefile but maybe I need to move to autopkgtest, need to find out if it saves data between runs first.

@monthly cd ~/devel/debian/tests ; make

I install debsecan so that I get notified of security updates in unstable and new security issues that are not fixed yet. The way debsecan works is that it notifies about changes in security issues and updates and also includes a full list of all known unfixed issues. I generally install security updates from unstable when I see them. The list of unchanged issues is so long that it makes me wonder how many times I've been cracked already. The oldest issue goes back to 2002 but most of them are 2010 or later. The various parts of WebKit are by far the worst security offenders. I don't bother with the white-listing functionality due to the quantity of security issues and because it isn't possible to add a comment about each white-list item. If you want to get involved with the security team, reporting issues with the data in the security tracker is a good idea.

I subscribe to the ftpmaster RSS feeds for new and removed packages to keep up to date with changes in the archive.

A lot of the above applies to running systems based on Debian stable too. If you have any other thoughts about running Debian systems, please blog about them. The diffcmdoutput command used above is a simple shell script:

temp="$(mktemp "$cache"XXXXXXXXXXXXXX)"
"$@" > "$temp"
diff --unified "$cache" "$temp"
mv --force "$temp" "$cache"

You can comment on this post at

Posted Mon Oct 29 04:56:35 2012 Tags: tips

Whenever I want to login to a Debian porterbox to figure out some architecture-specific issue I typically do not care which particular host I am going to login to, just what architecture the host is.

After discovering that it is not yet easy for the Debian sysadmins (DSA) to add aliases to DNS for this purpose, I whipped up a quick script to grab the relevant data about Debian machines from the Debian LDAP server and work around this in my OpenSSH config.

To use the script you should run the script and place the magic comment lines suggested by the script into your ~/.ssh/config file and then run the script again, which will contact the Debian LDAP server using python-ldap, download the relevant information and replace the relevant part of your ~/.ssh/config file with some OpenSSH configuration directives to map Debian architecture names to hostnames. Within just a few seconds you will be able to login to armel, powerpc.port or instead of needing to manually look up which servers to login for a particular architecture.

Update: paravoid mentioned his dsa-porterbox script (see below) which is much simpler, does not need to modify your OpenSSH configuration and can be run as like ssh $(dsa-porterbox armel | head -n1). I'm hoping we can add this and a possible ssh-porterbox to the devscripts package.

test -z $1 && exit 1

exec ldapsearch -LLL -x -h -b ou=hosts,dc=debian,dc=org \
 "(&(purpose=porterbox)(architecture=$1))" hostname | \
 sed -n 's/^hostname: //p'
Posted Wed Nov 2 05:19:16 2011 Tags: tips

DebConf9 is getting closer so I was browsing the Internet and the DebConf9 wiki for information. When I'm travelling I enjoy having maps to be able to get around and not get lost. For DebConf8 I relied on TangogGPS with OpenStreetMap on my OpenMoko Freerunner since my laptop is fairly cumbersome and has relatively little battery life these days. For DebConf9 I'll probably do the same since navit doesn't seem too reliable for me yet. During my information gathering for DebConf9 I came across the DebConf9 map overlay and the Madrid free Wi-Fi map. I wanted to have these available in TangoGPS so I wrote a short python script to import them into the TangoGPS POI (points of interest) database. It requires the feedparser and beautifulsoup python modules. First download the GeoRSS feeds you are interested in and then run the script on the machines where you want to use TangoGPS with the filenames as arguments. It only handles points, not lines or polygons since TangoGPS doesn't allow that. Hopefully it will be included in TangoGPS upstream or the Debian TangoGPS package soon. If you want to update the feed you'll need to manually delete the relevant points from the database or remove and recreate the database and then import the feed(s) again.

Posted Thu May 28 07:27:45 2009 Tags: tips


Tried request tracker?

Here is a site that's been up and used for a while:

Posted Mon Apr 5 13:07:18 2004 Tags: tips


Try the following css too (works for css 2.1 browsers, and mozilla, falls back to <p> styles for non Mozilla/CSS2.1 browsers):

pre { white-space: normal; }
pre { white-space: -moz-pre-wrap; }
pre { white-space: pre-wrap; }
Posted Mon Feb 23 12:01:46 2004 Tags: tips


try adding the 'shortname=mixed' to the mount options in /etc/fstab

Posted Tue Dec 9 06:21:49 2003 Tags: tips