Did your commands with custom -CApath stop working after upgrading to Oneiric? Mine did. It turns out Oneiric introduced a change (via OpenSSL 1.0.0, maybe?) that changed the subject hash algorithm used to index certificates in a -CApath directory. Look for a handy code snippet after the jump.…

Trying to use duplicity from the current OpenBSD -stable (4.8) was a non-starter for me. The failure took the form of: % duplicity -v1 /path/to/files file:///path/to/backups Traceback (most recent call last): File "/usr/local/bin/duplicity", line 1236, in with_tempdir(main) File "/usr/local/bin/duplicity", line 1229, in with_tempdir fn() File "/usr/local/bin/duplicity", line 1207, in main full_backup(col_stats) File "/usr/local/bin/duplicity", line 416, in full_backup globals.backend) File "/usr/local/bin/duplicity", line 294, in write_multivol globals.gpg_profile, globals.volsize) File "/usr/local/lib/python2.5/site-packages/duplicity/gpg.py", line 278, in GPGWriteFile bytes_to_go = data_size - get_current_size() File "/usr/local/lib/python2.…

scp doesn’t play well with POSIX filesystem ACLs, and as far as I can tell there’s nothing to be done about it. The problem is that the server side explicitly calls open(2) with the mode of the file on the client side in all cases. Since the file’s group permissions are linked to the mask ACL, this means that – for a mode 644 file – the file gets set mask::r-- instead of inheriting the default mask from the directory.…

tmux makes it easy to construct a plethora of ssh connections via tmux neww "ssh $HOST", so I find myself frequently doing this from scripts. tmux uses a shell to execute the ssh command, though, and I never liked how it left idle shells littering my process tree thusly: \-+= 23132 user tmux: server (/tmp/tmux-505/default) (tmux) |-+= 25189 user sh -c sh | \--- 01613 user ssh hostA |-+= 08778 user sh -c sh | \--- 03665 user ssh hostB Recently I actually bumped into my process limit and couldn’t spawn any new windows.…

jpiasetz has a very good recipe on installing with software raid on OpenBSD 4.6, and so far I’ve had good success doing something very similar with OpenBSD 4.8. The biggest thing I changed was using wd1a rather than sd0a for /altroot. Then it’s easy enough to use daily(8)’s integrated altroot sync to keep altroot up-to-date.…

In my recent web scour, here are the most useful links for a minimal install of Open Manage Server Administrator to keep an eye on storage status. Dell YUM Repository - Use this handy yum repo to install and stay up-to-date on the latest OMSA. Pay particular attention to the section on how to install the individual OMSA components. OMSA 6.4 Documentation and in particular the CLI Guide Dell Linux Engineering for GPG Key 23B66A9D Random Notes for OMSA & Dell Update Packages on CentOS 5:…

From Dell’s OMSA Manual: Use the omreport -? command to get a list of the available commands for omreport. Really, Dell? You’ve decided to go another way on the whole CLI thing? That’s cool, I’m sure there wasn’t any good reason every other Unix utility uses -h for help. Oh wait… # ./omreport -? zsh: no matches found: -? zsh: exit 1 ./omreport -? Thanks Dell. What I needed was another special case in my life.…

I’m having issues with dnsmasq on my pfsense router being unable to contact an overridden nameserver because they’re not being sourced from an interface that has an ipsec policy. For example, I have the following config: Main Office Router A: LAN address: 192.168.1.1/24 WAN address: 24.1.2.3 Remote Office Router B: LAN address: 192.168.2.1/24 WAN address: 64.1.2.3 The two sites are connected by an ipsec tunnel. My internal nameserver serving the domain “company.…

Plagued with a drifting pointer? I sure am. For me this happens when I accidentally zoom using an accessibility “feature” in GNOME. Actually, it’s in Compiz and ambushes me when I accidentally hit Super (windows key) instead of Alt when resizing a window using the Alt+middle click+drag combination. Compiz seems to be a little particular about getting the screen fully zoomed out again, but here’s a method that’s (so far) always reset the zoom without leaving me with a randomly drifting cursor.…

I was having trouble tracking down the ecryptfs mount options that can be used to stop the mount.ecryptfs helper utility from prompting quite so much.  I tested this on Ubuntu 10.10.  ecryptfs_verbosity claims to be the option that I really want to change, but I couldn’t get this one working.

You can add these options to your /etc/fstab.  Their values are partially documented here: http://ecryptfs.sourceforge.net/README

Here’s what I added to my /etc/fstab to stop mount.ecryptfs from prompting for anything besides the password on Ubuntu 10.10:

/root/.crypto /root/crypto ecryptfs noauto,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n 0 0

…