All posts by Pistolfly

Software Engineer in Tokyo, Japan

Install packages necessary for building source package

Ubuntu, Debian

apt-get build-dep <package>

If you got error

E: You must put some 'source' URIs in your sources.list

You have to enable deb-src in /etc/apt/sources.list.
Uncomment the deb-src line of the URLs which is enabled in deb line.

deb http://jp.archive.ubuntu.com/ubuntu xenial main restricted
deb-src http://jp.archive.ubuntu.com/ubuntu xenial main restricted
...

CentOS, RHEL

yum-builddep <package>

How to make sure that password authentication is disabled on SSH

After I have disabled password authentication on SSH, I want to attempt to connect with password authentication so that I confirm that password authentication is certainly disabled.

With -o option set PreferredAuthentications to password.

$ ssh -o PreferredAuthentications=password xxxx@example.com
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

If you see "Permission denied", it's OK.

User-Agent JS Fixer - Firefox addon which changes the Javascript navigator.userAgent

Extends the functionality of other User-Agent addons, allowing them to modify the User-Agent for JavaScript code.

Source: User-Agent JS Fixer :: Add-ons for Firefox

This Firefox addon changes the Javascript navigator.userAgent.
All it does is to redefine the User-Agent for JavaScript code (navigator.userAgent) using the same string that was sent on the HTTP header.
Use it with addons which changes the HTTP header.
I use this addon with FireMobileSimulator.

Core dump is not generated on Ubuntu in some cases

Core dump is not generated on Ubuntu(14.04 LTS) in some cases.
Sometimes it can be generated. It seems to depend on the program.

Like below ulimit is OK.

$ ulimit -c unlimited
$ ulimit -a
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 15739
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 15739
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

I examined where the core dump is generated.

$ sudo sysctl -a | grep core_pattern
kernel.core_pattern = |/usr/share/apport/apport %p %s %c %P

On Ubuntu(14.04 LTS) core_pattern uses apport by default.

In case core dump was successfully generated, core dump was generated in current directory.
In case core dump was not generated, an error occurred on apport.

/var/log/apport.log

ERROR: apport (pid 3480) Tue May 12 18:48:31 2015: called for pid 3479, signal 6, core limit 18446744073709551615
ERROR: apport (pid 3480) Tue May 12 18:48:31 2015: ignoring implausibly big core limit, treating as unlimited
ERROR: ERROR: apport (pid 3480) Tue May 12 18:48:31 2015: Unhandled exception:
Traceback (most recent call last):
  File "/usr/share/apport/apport", line 357, in <module>
    (info['ExecutablePath'], info['ProcCmdline']))
  File "/usr/share/apport/apport", line 99, in error_log
    apport.error('apport (pid %s) %s: %s', os.getpid(), time.asctime(), msg)
  File "/usr/lib/python3/dist-packages/apport/__init__.py", line 44, in error
    sys.stderr.write(msg % args)
UnicodeEncodeError: 'ascii' codec can't encode character '\ufffd' in position 143: ordinal not in range(128)
ERROR: apport (pid 3480) Tue May 12 18:48:31 2015: pid: 3480, uid: 0, gid: 0, euid: 0, egid: 0
ERROR: apport (pid 3480) Tue May 12 18:48:31 2015: environment: environ({})

Because an error occurred on apport, core dump was not generated.
This error seems to be Python's UnicodeEncodeError but I'm not sure, so I decided not to use apport in core_pattern.

# echo 'core.%e.%p' > /proc/sys/kernel/core_pattern
$ ulimit -c unlimited
$ cat segfault.c
#include <stdio.h>

int main(void)
{
  char *s = "hello, world!";
  *s = 'H';

  return 0;
}
$ gcc -Wall -g -o segfault segfault.c
$ ./segfault 
Segmentation fault (core dumped)
$ ls
core.segfault.3423  segfault  segfault.c

Any configuration changes made using the echo command disappear when the system is restarted.
To make configuration changes take effect after the system is rebooted, edit /etc/sysctl.conf.

Source: E.4. Using the sysctl Command

/etc/sysctl.conf

kernel.core_pattern = core.%e.%p

But when the system is restarted, changes disappear and core_pattern uses apport.
When the system is restarted and apport starts, apport seems to overwrite configuration.

Source: 12.04 - How to permanently edit the core_pattern file? - Ask Ubuntu

To stop this behavior, disable apport and restart the system.

/etc/default/apport

# set this to 0 to disable apport, or to 1 to enable it
# you can temporarily override this with
# sudo service apport start force_start=1
#enabled=1
enabled=0

Many cachegrind.out.xxxxxx were generated in /private/var/tmp and disk space filled up

Recently I found that the free disk space of my Mac OS X (Yosemite) got very small, so I looked into why.

$ sudo du -sh /*

$ sudo du -sh /private/*

$ sudo du -sh /private/var/*

Finally I found that /private/var/tmp contained over 200GB files.
In /private/var/tmp there are many files whose name are such as cachegrind.out.50526.
It is said that these files are generated by Xdebug profiler.
Yes, I use Xdebug from MacPorts.
Xdebug is convenient because it shows stacktrace in error, enables stepping execution (but it needs Eclipse...), and so on.

Then I attempted to delete them with rm but an error occurred.

$ sudo rm cachegrind.out.*
-bash: sudo: Argument list too long

Because the files were too many, shell expansion for "*" caused Argument list too long error.

Therefore I deleted them using find -exec.

$ cd /private/var/tmp
$ sudo find . -name 'cachegrind.out.*' -maxdepth 1 -exec rm {} \;

I got about 200GB free space.

See below for details about find -exec.
Delete or grep the results of find

If this goes on, files will be generated and they will fill up my disk again. So I decided to modify Xdebug setting so that Xdebug profiler will generate output files not in /private/var/tmp but in /tmp directory.
(I also set trace output directory to /tmp)
They will be deleted on rebooting.

/opt/local/etc/php53/php.ini
Add xdebug.profiler_output_dir and xdebug.trace_output_dir.

[xdebug]
xdebug.profiler_enable=On
xdebug.remote_enable=On
xdebug.remote_host="localhost"
xdebug.remote_port=9000
xdebug.remote_handler="dbgp"
xdebug.idekey=ECLIPSE_DBGP
xdebug.profiler_output_dir=/tmp/ ; where the profiler output will be written to
xdebug.trace_output_dir=/tmp/ ; where the tracing files will be written to

Xdebug: Documentation.

Testing SSL certificate with OpenSSL commands

Before installing SSL certificate and Intermediate CA certificate on Web server such as Apache, you may want to verify them.
You can do it using OpenSSL openssl command.

Start SSL/TLS server using openssl s_server

s_server implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS.

openssl s_server -cert <path/to/certificate> -key <path/to/private key> -CAfile <path/to/Intermediate CA certificate>

Example:

$ openssl s_server -cert server.crt -key server.key -CAfile intermediate.crt 
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT

Test with openssl s_client

Connect to the server using openssl s_client and verify certificates.
s_client implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS.

openssl s_client -connect localhost:4433 -CAfile <path/to/CA certificate>

Example of CA certificate:

  • Mac OS X
    /etc/openssl/cert.pem
    /opt/local/etc/openssl/cert.pem、/opt/local/share/curl/curl-ca-bundle.crt (with MacPorts)
  • Ubuntu (You need to install ca-certificates using apt)
    /etc/ssl/certs/ca-certificates.crt
  • CentOS
    CA certificate id in /etc/pki/tls/certs/ca-bundle.crt but you don't have to specify it.

Example:

$ openssl s_client -connect localhost:4433 -CAfile /opt/local/share/curl/curl-ca-bundle.crt
CONNECTED(00000003)
depth=3 (omitted)
verify return:1
depth=2 (omitted)
verify return:1
depth=1 (omitted)
verify return:1
depth=0 (omitted)
verify return:1
---
Certificate chain
 0 s:(omitted)
   i:(omitted)
 1 s:(omitted)
   i:(omitted)
 2 s:(omitted)
   i:(omitted)
 3 s:(omitted)
   i:(omitted)
---
Server certificate
-----BEGIN CERTIFICATE-----
(omitted)
-----END CERTIFICATE-----
subject=(omitted)
issuer=(omitted)
---
No client certificate CA names sent
---
SSL handshake has read 4744 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: (omitted)
    Session-ID-ctx: 
    Master-Key: (omitted)
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    (omitted)
    Compression: 1 (zlib compression)
    Start Time: 1421023132
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

After you have installed certificates on the server, verify them with s_client like below.
-servername is needed for SNI (Server Name Indication).

  • Mac OS X

    $ openssl s_client -connect www.example.com:443 -servername www.example.com -showcerts -CAfile /opt/local/etc/openssl/cert.pem
    
  • CentOS

    $ openssl s_client -connect www.example.com:443 -servername www.example.com -showcerts
    
  • Ubuntu
    (You need to install ca-certificates using apt)

    $ openssl s_client -connect www.example.com:443 -servername www.example.com -showcerts -CAfile /etc/ssl/certs/ca-certificates.crt
    

If you want to show expiring date of certificate,

$ echo | openssl s_client -connect www.example.com:443 -servername www.example.com -showcerts 2>/dev/null | openssl x509 -noout -dates

Colorize svn diff

Install colordiff and configure Subversion's diff-cmd.

Installing colordiff

On Mac OS X, you can install colordiff using MacPorts.

$ sudo port install colordiff

On Debian or Ubuntu, you can install colordiff using apt.

$ sudo apt-get install colordiff

On other systems, you can download source tarball from http://www.colordiff.org/ and install colordiff.

Configure Subversion

~/.subversion/config

[helpers]
diff-cmd = colordiff

Execution example

$ svn diff | less -R