Entries posted in June 2011

When soliciting for opinions, recently, I discovered that the python-based fabric tool was not dead, and was in fact perfect for my needs.

During the process of getting acquainted with it I looked over the source code, it was mostly neat but there was a trivial (low-risk) symlink attack present.

I reported that as #629003 & it is now identified more globally as CVE-2011-2185.

I guess this goes to show that getting into the habit of looking over source code when you install a new package is a worthwhile thing to do; and probably easier than organising a distribution-wide security audit </irony>.

In other news I'm struggling to diagnose a perl segfault, when running a search using the swish-a perl modules. Could it be security worthy? Possibly. Right now I just don't want my scripts to die when I attempt to search 20Gb of syslog data. Meh.

ObQuote: "You're scared of mice and spiders, but oh-so-much greater is your fear that one day the two species will cross-breed to form an all-powerful race of mice-spiders who will immobilize human beings in giant webs in order to steal cheese. " - Spaced.

Tags: fabric, perl, security, swish-e | No comments

I'd like to setup some auto-builders for some projects - and theese projects must be built upon Lenny, Squeeze, Lucid, and multiple other distros. (i386 and amd64 obviously.)

Looking around I figure it should be simple. There are a lot of continuous integration tools out there - but when looking at them in depth it seems like they all work in temporary directories and are a little different to how I'd expect them to be.

Ultimately I want to point a tool at a repository (mercurial), and receive a status report and a bunch of .deb packages for a number of distributions.

The alternative seems to be to write a simple queue submission system, then for each job popped from the queue run:

• Creates a new debootstrap-based chroot.
• Installs build-essential, mercurial, etc.
• Fetches the shource.
• Runs make.
• Copies the files produced in ./binary-out/ to a safe location.
• Cleans up.

Surely this wheel must already exist? I guess its a given that we have to find build-dependencies, and that we cannot just run "pbuilder *.dsc" - as the dsc doesn't exist in advance. We really need to run "make dependencies test build", or similar.

Hudson looked promising, but it builds things into /var/lib/hudson, and doesn't seem to support the use of either chroots or schroots.

ObQuote: "I feel like I should get you another sweater." - "Friends"

Tags: chroot, ci, debian, hudson, schroot | 8 comments

If you've been following new releases you'll see there is a new Firefox browser out, version 5.0.

This will almost certainly make its way into Debian's experimental tree soon, but that doesn't help users of the Debian Stable release. The only sane option for those users (such as myself), without a backport, is to install locally.

So I did the obvious thing, I made /opt/firefox then installed the binary release into it. Then I found that it was good, lovely and fast.

Unfortunately the system firefox and the local firefox are not really compatible. Run the local one, then click on a link in the gnome terminal and it wants to open the system one. Ho hum.

The solution:

• Remove your local firefox & iceweasel packages.
• Create the shell scripts /usr/bin/firefox & /usr/bin/iceweasel to exec the one stored beneath /opt.
• Rejoice.

Of course this being Debian we don't want to do that. So instead here is a package that will let you do that:

• http://firefox.repository.steve.org.uk/file

Download. Build. Install. If you install your local package to a location different than /opt/firefox update the configuration file /etc/firefox/firefox.conf to point to it.

Possibly useful?

ObQuote: "I could help you cross your yard." - Up

Tags: firefox, iceweasel, mercurial | 15 comments

In brief:

• I made the firefox-wrapper package public. Although it seems that mozilla.debian.net is liable to be preferred by most.
• I wrote a script to archive a reddit inbox as a maildir folder, reddit2maildir. Perfect for archiving those interesting discussions that aren't public.
• I posted some random animal photographs, mostly to remind myself to take more.

Finally having recently bought the Canon 70-200mm f/2.8 lens for a King's ransom I've agreed to buy the 24-105mm f/4.0 lens from a friend - that will be my new portrait lens of choice, and I'll sell my existing 85mm f/1.8.

ObQuote: "I could help you cross your yard." - Up

Tags: camera, canon, firefox, lens, software, stolen-souls | No comments