Category Archives: linux

Rosemary Recovery 2020

There was a fail event reported on rosemary from one side of a pair of 60GB SSDs, which hold Rosemary_Data. Typical of my installations this mirror set holds the stuff the system needs beyond the os install: /home, databases, certificates, repositories, mail, samba, local bin, etc. Its a mirror set with an encrypted container, containing a btrfs filesystem. The older versions of these setups contain separate btrfs subvolumes for the different directories, newer ones have only one subvolume for that, and another for snaps. This is an old one.

Rosemary doesn’t have an extensive set of services – really only the /home and the databases. No real need for much of anything else. The local bin comes out of the repo anyway, there is no mail, no repository, no certs. However, without that volume the system won’t come up in a usable way. So lesson one learned here was when you get a fail event, attend to it. I let it go for a few days, because I knew I was going to have to pull the case out of the rack mount to get at the SSDs.

Continue reading Rosemary Recovery 2020

Stop pulseaudio startup under gdm

GDM is the display manager I’m using under Arch. I think it is the default DM in Arch, but I don’t really remember if I’ve changed it. In any case, the issue that has arisen is that when GDM is started by systemd after a reboot, it is launched with its own pulseaudio daemon. Then when I log in, as dee, I get a second pulseaudio daemon for dee (which is actually the desired one).

Most of the time this doesn’t matter, I guess. But I’m interested in enabling network sources in pulseaudio so I can (perhaps) have the boxes in the basement send their sound upstairs to oregano. Right now avahi is broadcasting two different network sound services on oregano, one from dee and one from gdm.

I want to stop pulseaudio from launching under gdm.

I thought this would be a simple matter of turning off autospawn in the client conf. The client conf is located in ~/.config/pulse (I think it used to be in ~/.pulse and was moved to be more “correct”). And ~ for gdm is /var/lib/gdm, so I tried client.conf in both .config/pulse/client.conf and .pulse/client.conf, but neither worked.

Poked around a little more and discovered that /usr/lib/systemd/user has a pulseaudio.service and pulseaudio.socket so these are actually being launched there by systemd. After a little reading I found that one could mask them by creating a local user override in ~/.config/systemd (for gdm this is /var/lib/gdm/.config/systemd), so I put in a /var/lib/gdm/.config/systemd/user/pulseaudio.socket and symlinked it to /dev/null.

And when I rebooted, sure enough I got not pulseaudio daemon for gdm.

Installing Mac OS on KVM

Background

I first tried to install Mac OS onto a VM back in 2010 or 2011 I think. I’ve come back to the task from time to time and have never been successful, but truthfully until recently all the virtual machines I’ve created on Cinnamon had been too slow to be useful anyway. Now that I have Cinnamon doing virtual machines well, I came back to the Mac – at the same time I was doing other VMs, and I didn’t keep careful track of what I did to get it up. This document is meant to record what I remember of what I did the first time, and then to do it again and keep better records.

Continue reading Installing Mac OS on KVM

Packagekit adjustments in ubuntu

When I tried to upgrade Cinnamon to Focal, I began to experience a lot of odd problems with VNC and GDM and the whole collection of machinery associated with getting a graphical environment particularly in a remote window. Cinnamon is physically downstairs in a rack in the basement, and my usual way of working is 80-90% ssh/command line and occasionally vinagre in an adjacent monitor with screens for a dozen or so places that I occasionally need to see graphically, including Cinnamon, but Vinagre usually stays pointed at Rosemary (also in the basement).

Continue reading Packagekit adjustments in ubuntu

libmtp udev rules

After updating Arch today I found I could no longer mount usb storage devices – usb sticks. The log shows the device coming up, but then messages from MTP saying:

mtp-probe: bus: 2, device: 5 was not an MTP device

I have seen this before. It is irritating, I am doing something else, my head full of whatever it is, and suddenly usb sticks won’t mount.

Continue reading libmtp udev rules

Out of space on btrfs

I don’t know if I actually know enough to write this post. But I want to record what little I do know about this.

The symptom is that my tarragondata volume on this system, tarragon, claims to be out of space. This is a btrfs volume, about which there are other posts. It contains most of the dynamic parts of the system. The root volume ‘/’ is very small, about 20GB. Just enough to install the Centos code and keep a few little things. The great majority of the information needed to run the system is symlinked out of /, which includes /home, mail, databases, websites and their data, the repositories, certificates, local scripts etc.

This is a 180GB disk, and it currently is running about 55% full, i.e. almost 100GB used. Among the information on this disk are snapshots of all the tarragondata, every night for 30 days. This isn’t disaster backup/disk failure backup (which is elsewhere), this is “operator error” backup.

A couple of weeks ago I began to experience a new kind of failure. In the middle of the night, suddenly this btrfs volume would report that it was out of space – usage 100%, although the amount of storage in use was, still the roughtly 100GB that it normally uses. It manifestly was not actually out of space.

Continue reading Out of space on btrfs

Goodbye fedora

I’ve commented in a number of previous posts that I have had an inordinate amount of trouble with Fedora, compared to other distributions I have used. There were also a few posts about my efforts with Arch. Now I am biting the bullet and declaring the move of my main daily work computer to Arch to have been completed. I have been running on Arch for a month or three, and there is no going back.

Continue reading Goodbye fedora

No Worthy mechs

I just built another little gateway pi, on Raspbian. It is a newer Raspbian than I used for the others. And newer is better, right? But when the little fellow came up, postfix claimed it couldn’t relay through tarragon, because it couldn’t accomplish login. Sasl authentication failed, no worthy mechs.

I remember good old “no worthy mechs” from way back when, always thought it a very cool error message. But why in the heck am I getting this? I’m not doing anything fancy.

I had a vague nagging feeling from some old Fedora problems, long ago. Could it be that I have to install some kind of sasl library, even to do plain authentication? Poked around a little. Eventually did an apt install libsasl2-modules and sasl2-bin. Sure enough, they actually installed.

And afterwords postfix came up and send the mail out of the queue. I’ll be dipped in … I am surprised. This was not something I had to do before. Is this an improvement in Raspbian. Don’t package any sasl mechs, make the poor sod figure out why sasl authentication won’t work.

This is to help me remember the next time this happens.

Re-signing Openssh Certificates

Seldom do I get to write a post where I am offering information which might not actually be out there in a lot of places. I could not find this information on the web, and had to figure it out myself, by reading the code, and doing experiments.

I talked in the last post about the need to re-issue all the openssh certificates, in order to update the hash algorithm used for the signatures. My way of maintaining the certificates, in my repository, would make it easy for the signing box to get all the existing certificates, but not (directly) the public keys that are inside those certificates.

Continue reading Re-signing Openssh Certificates

SSH Certificate signing

I’ve encountered a problem migrating from Fedora to Arch which ends up being about ssh and openssh certificates. I look back and discover that I never posted anything about my movement toward openssh certificates. Curious because I wrote a lengthy document about it (because of my leaky brain – not because I am any kind of authority on it).

I will probably go back and write a post about it, and back date it. But now a problem has arisen. Rather than explain, let the boys at openssh speak for themselves, in the release notes for openssh 8.2:

Continue reading SSH Certificate signing