Michal Čihař - Blog Archives for Debian

Time for change, time for DebConf?

Okay I did thing I considered already for several months - I decided to quit my current job at SYSGO, make one month holidays in summer and find some new job meanwhile. So I'm looking forward to free August, which I will probably spend travelling somewhere :-).

This brought up again question whether to go or not to go to this year DebConf. The only problem with this is distance - flight to Buenos Aires will be something around 2000 USD and it means lot of money for me. I applied for sponsorship for half of the price (well I'm not sure if I can really pay the other half, but I would feel really bad for asking that much money) and let's see how it turns out. On the other side, I'd love to visit Argentina, but that would probably require much more time and money. Let's see how it all turns out, there is still time to decision...

PS: If you have some interesting job offer, just contact me at michal@cihar.com.

Changing SSH keys on SF.net

Yes Erik, SourceForge did not do anything. But what is even more "funny" is that changing keys over web interface does not change ~/.ssh/authorized_keys. So even if you are aware of this problem and change keys in interface which should do it, it does not work. I just realized this today when I read your post and wanted to check whether this file is really world readable...

Everything bad is good for something

After recent not so funny thing with OpenSSL in Debian, I realized that I will have to regenerate most of keys and certificates, because last big changes I did in networking/vpn/ssh setup which involved generating keys are not older than broken OpenSSL appeared in archives.

First obvious thing was SSH keys and cleanup of ~/.ssh/authorized_keys on all hosts. While doing that, I realized that I still have there several keys, which are more or less gone (not that I'd lost them, but I simply stopped to use them). So it was good opportunity to do cleanup here. While I was at these changes, cleaning up ~/.ssh/known_hosts was also good idea, because I still had there lot of hosts I collected during some of my previous jobs and I definitely won't (and can not) access these machines anymore. So good, big cleanup in SSH configuration was forced :-).

Next and harder step was to found out where else I use certificates generated by vulnerable OpenSSL. Server certificates for sure were also generated by OpenSSL, so let's regenerate web and email certificates and hope I did not miss anything.

All this happened yesterday, but today I realized that I missed other even more important thing - OpenVPN certificates. While regenerating certificates, I also found some machine keys which are not really used anymore, so I again could drop some of them. So that was task for this evening and now I'm hopefully really done with this issue and I really hope that this won't happen again in near future, I don't need to cleanup that often ;-).

Jak na debianí balíčky?

Tak jsem se nechal přemluvit k napsaní seriálu o tvorbě balíčků pro Debian. Protože je přeci jen dělám už nějaký ten pátek, tak už jsem asi zapomněl na některé věci, na které jsem v začátcích narazil. A proto jsem se rozhodl napsat tento zápisek :-). Pokud jste měli (nebo máte) s něčím problémy při vytváření balíčku pro Debian, napište to do diskuze, za odměnu se vám pokusím nabídnout co nejlepší odpověď ve vznikajícím seriálu.

PS: Když mi Robert poprvé napsal, tak jsem moc netušil co psát. Teď už se blížím třinácti dílům, takže si myslím, že se máte na co těšit :-).

Toshiba ACPI keys, HAL and friends

Long time ago I used FnFX to handle events from ACPI keys on my Toshiba notebook. However when reinstalling notebook because of disk crash, I thought there must be a cleaner way to handle these and I found patch for acpid which added handling of these special events.

However I really didn't like patching acpid on every update and there didn't seem to be chance to merge it upstream, so I started to look for better solution. After another amount of googling, I found that HAL already has some support for Toshiba hotkeys. Unfortunately it is now disabled in Debian because most key did not emit anything using HAL.

Okay, let's fix the HAL, maybe it will get later enabled. Converting FnFX keymap to C code was quite easy and I made a patch for HAL to add support for all keys. Hopefully it get merged soon and I can then file bug on Debian package to reenable Toshiba support in HAL.

Meanwhile I'd like to find some generic way of configuring what happens on these events. For now I hacked simple Python script which listens to DBUS events and invokes appropriate commands for keys, but I hope that some such tool already exists and I just missed it. If you know something, please let me know at michal@cihar.com.

České man stránky pro Debian

Dnes jsem se konečně zase do delší době dostal k údržbě mých balíčků v Debianu a kromě drobných oprav (například Enca už bohužel není udržovaná a její stránky pohltili spammeři) jsem si rozhodl přidělat práci a připravil jsem balíček s českými man stránkami . Teď už jenom zbývá počkat, než projde přes frontu nových balíčků . Nedočkavci balíček mezitím najdou v mém repository .

My key is finally in keyring

I somehow expected that this will never happen, but todays update contained debian-keyring version 2007.12.04, which includes changes from last two years or so. So finally who-uploads and other tools work reasonably good for mine stuff.

Anyway I think with more than 6000 lines in last changelog entry, it is good candidate to be the longest changelog entry ever been in Debian :-).