Friday, 28 August 2009

WPA cracked

WPA can now be cracked in a minute. So, what are we supposed to use from now on?Surely developing a strong encryption scheme can't be that impossible, after all even GSM is hard to crack and it was developed in the 80's!

Thursday, 27 August 2009

Redmine installation on Ubuntu Jaunty

So, in the previous entry I gave instructions on installing Gitorious on Ubuntu Jaunty. This post will tell how to install Redmine on the same box. It will also use Passenger and MySql so no extra software is installed.

In case you only want to install Redmine, I will also tell which steps from the Gitorious installation instructions must also be done.

Install packages
  1. aptitude install ruby-pkg-tools ruby1.8-dev libapache-dbi-perl libapache2-mod-perl2 libdigest-sha1-perl
Redmine only: also do steps 1,2, 4 and 8.

Fetch Redmine
  1. cd /var/www/
  2. wget
  3. gunzip redmine-0.8.4.tar.gz && tar xvf redmine-0.8.4.tar
  4. mv redmine-0.8.4 redmine
Create user
  1. adduser --system --home /var/www/redmine --no-create-home --group --shell /bin/bash redmine
  2. chown -R redmine:redmine /var/www/redmine
Configure Apache
  1. Copy attached redmine.conf file to /etc/apache2/conf.d/redmine.conf.
Redmine only: you also need to do steps 1-4, 7 and 9. SSL is only not needed by Redmine.

Create database and database user
  1. mysql -p
  2. create database redmine character set utf8;
  3. create user 'redmine'@'localhost' identified by '[password]';
  4. grant all privileges on redmine.* to 'redmine'@'localhost';
  5. quit
  6. Copy attached database.yml to /var/www/redmine/config/database.yml. Change the password to the one you selected in previous step.
Bootstrap Redmine
  1. cd /var/www/redmine
  2. rake db:migrate RAILS_ENV="production"
  3. rake redmine:load_default_data RAILS_ENV="production"
Setup email
  1. Copy attached file email.redmine.yml to /var/www/redmine/config/email.yml. Fix domain name.
Finally restart Apache one more time. Default admin user name and password is admin/admin.


Alias /redmine /var/www/redmine/public

<directory /var/www/redmine/public>
PassengerAppRoot /var/www/redmine

RailsBaseURI /redmine
adapter: mysql
database: redmine
host: localhost
username: redmine
password: [password]
delivery_method: :smtp
port: 25
domain: DOMAIN
authentication: :login
user_name: redmine
password: redmine

Gitorious installation on Ubuntu Jaunty

So I managed to install Gitorious and not only that, I also have Redmine working on the same machine. Both use Apache2, Passenger, MySql and git. No virtual hosts are used, these tools are accessed with "https://hostname/gitorious" and "http://hostname/redmine". I'll start with instructions on how to install Gitorious and the next one will handle Redmine installation on the same machine. I tried to make these instructions as simple as possible, but if something goes really badly wrong, it's on you. I also did this on a fresh virtual machine so I had to install some packages that are installed automatically on "normal" installation. So, here we go. Everything is done as root (sudo -i).

Install needed packages and gems
  1. aptitude update
  2. aptitude install apache2 ruby rubygems git-core git-doc libmysql-ruby mysql-server mysql-client libmysqlclient15-dev phpmyadmin libdbd-mysql-ruby build-essential cron rake wget
  3. aptitude install zlib1g-dev tcl-dev libexpat-dev libcurl4-openssl-dev postfix apg geoip-bin libgeoip1 libgeoip-dev sqlite3 libsqlite3-dev imagemagick libpcre3 libpcre3-dev zlib1g zlib1g-dev libyaml-dev apache2-dev libonig-dev ruby-dev libopenssl-ruby libmagick++-dev zip unzip memcached git-svn git-cvs irb
  4. gem install -b --no-ri --no-rdoc passenger rake
  5. gem install -b --no-ri --no-rdoc rmagick chronic geoip daemons hoe echoe ruby-yadis \ ruby-openid mime-types diff-lcs json rack ruby-hmac stompserver
  6. gem install -b --no-ri --no-rdoc -v rdiscount
  7. gem install -b --no-ri --no-rdoc -v 1.1 stomp
  8. ln -s /var/lib/gems/1.8/bin/rake /usr/bin
  9. ln -s /var/lib/gems/1.8/bin/stompserver /usr/bin
Install Sphinx
  1. cd /tmp
  2. wget
  3. gunzip sphinx- && tar xvf sphinx-
  4. cd sphinx-
  5. ./configure --prefix=/usr && make all install
Fetch Gitorious
  1. git clone /var/www/gitorious
  2. ln -s /var/www/gitorious/script/gitorious /usr/bin
Create user

This step will create the "git" user for the system and also the ssh keyring which is used to identify other users.
  1. adduser --system --home /var/www/gitorious/ --no-create-home --group --shell /bin/bash git
  2. chown -R git:git /var/www/gitorious
  3. su - git
  4. mkdir .ssh
  5. touch .ssh/authorized_keys
  6. chmod 700 .ssh
  7. chmod 600 .ssh/authorized_keys
  8. mkdir tmp/pids
  9. mkdir repositories
  10. mkdir tarballs
  11. exit
Configure Gitorious
  1. Copy attached file gitorious.yml to /var/www/gitorious/config. Change gitorious_client_host and gitorious_host to the system hostname or IP address.
  2. cp /var/www/gitorious/config/broker.yml.example /var/www/gitorious/broker.yml
Configure services
  1. cp /var/www/gitorious/doc/templates/ubuntu/git-ultrasphinx /etc/init.d/
  2. sed -e "s/opt\/ruby-enterprise\/bin\/ruby/usr\/bin\/ruby/" /var/www/gitorious/doc/templates/ubuntu/git-daemon > /etc/init.d/git-daemon
  3. chmod 755 /etc/init.d/git-daemon
  4. Copy attached stomp file to /etc/init.d.
  5. Copy attached git-poller file to /etc/init.d
  6. cp /var/www/gitorious/doc/templates/ubuntu/gitorious-logrotate /etc/logrotate.d/gitorious
  7. chmod 755 /etc/init.d/git-ultrasphinx /etc/init.d/git-daemon /etc/init.d/stomp /etc/init.d/git-poller
  8. update-rc.d stomp defaults
  9. update-rc.d git-daemon defaults
  10. update-rc.d git-ultrasphinx defaults
  11. update-rc.d git-poller defaults
Configure Apache
  1. /var/lib/gems/1.8/bin/passenger-install-apache2-module
  2. Copy attached file passenger.load to /etc/apache2/mods-available/passenger.load.
  3. a2enmod passenger
  4. a2enmod rewrite
  5. a2enmod ssl
  6. a2ensite default-ssl
  7. ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
  8. Copy attached gitorious.conf file to /etc/apache2/conf.d/gitorious.conf.
  9. /etc/init.d/apache2 restart
Step 7 fixes phpmyadmin so it works again.

Create database and database user
  1. mysql -p
  2. create user 'git'@'localhost' identified by '[password]';
  3. grant all privileges on * . * to 'git'@'localhost' identified by '[password]';
  4. grant all privileges on `gitorious_production` . * to 'git'@'localhost' with grant option ;
  5. Copy attached file database.yml to /var/www/gitorious/config/database.yml. Change the password to the one you selected in previous step.
Bootstrap Gitorious
  1. cd /var/www/gitorious
  2. export RAILS_ENV="production"
  3. rake db:create
  4. rake db:migrate
  5. rake ultrasphinx:bootstrap
  6. Add this to crontab: * * * * * cd /var/www/gitorious && /usr/bin/rake ultrasphinx:index RAILS_ENV="production"
And finally
  1. /etc/init.d/apache2 restart
  2. ruby /var/www/create_admin
Last step creates the Gitorious super user. Note that admin email must be fully qualified email address, e.g. ""


# The session secret key (`apg -m 64` is always useful for this kinda stuff)
cookie_secret: ssssht

# The path where git repositories are stored. The actual (bare) repositories $
# in repository_base_path/#{project.slug}/#{}.git/:
repository_base_path: "/var/www/gitorious/repositories"

# Stuff that's in the html head. custom stats javascript code etc

# System message that will appear on all pages if present

# Port the ./script/gitorious script should use:
gitorious_client_port: 80

# Host the ./script/gitorious script should use:
gitorious_client_host: HOSTNAME

# Host which is serving the gitorious app, eg ""
gitorious_host: HOSTNAME

# User which is running git daemon
gitorious_user: git

# Email spam on server errors to:

# Mangle visible e-mail addresses (spam protection)
mangle_email_addresses: true

# Enable or Disable Public Mode (true) or Private Mode (false)
public_mode: true

# Define your locale
locale: en

# Where should we store generated tarballs?
# (should be readable by webserver, since we tell it to send the file using X$
archive_cache_dir: "/var/www/gitorious/tarballs"
# Which directory should we work in when we generate tarballs, before moving
# them to the above dir?
archive_work_dir: "/tmp/tarballs-work"

# is it only site admins who can create new projects?
only_site_admins_can_create_projects: false

# Should we hide HTTP clone urls?
hide_http_clone_urls: true

# Is this Read: should we have a very flashy homepage?
is_gitorious_dot_org: false

# Start/stop the stompserver
# Provides: stomp
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: Stomp
# Description: Stomp

test -f /usr/bin/stompserver || exit 0

. /lib/lsb/init-functions

case "$1" in
start) log_daemon_msg "Starting stompserver" "stompserver"

start-stop-daemon --start --name stompserver --startas /usr/bin/stompserver --background --user git
log_end_msg $?

stop) log_daemon_msg "Stopping stompserver" "stompserver"

start-stop-daemon --stop --name stompserver
log_end_msg $?

restart) log_daemon_msg "Restarting stompserver" "stompserver"

start-stop-daemon --stop --retry 5 --name stompserver
start-stop-daemon --start --name stompserver --startas /usr/bin/stompserver --background --user git
log_end_msg $?


status_of_proc /usr/bin/stompserver stompserver && exit 0 || exit $?

*) log_action_msg "Usage: /etc/init.d/stomp {start|stop|restart|status}"

exit 2

exit 0
# Start/stop the git poller
# Provides: git-poller
# Required-Start: stomp
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: Gitorious poller
# Description: Gitorious poller

/bin/su -- git -c "cd /var/www/gitorious;RAILS_ENV=production script/poller $@"
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-2.2.4/ext/apache2/
PassengerRoot /var/lib/gems/1.8/gems/passenger-2.2.4
PassengerRuby /usr/bin/ruby1.8
Alias /gitorious /var/www/gitorious/public

<directory /var/www/gitorious/public>
PassengerAppRoot /var/www/gitorious

RailsBaseURI /gitorious

adapter: mysql
database: gitorious_production
username: git
password: [PASSWORD]
host: localhost
encoding: utf8

Tuesday, 25 August 2009

Gitorious installation revisited

I wrote earlier about how difficult installing Gitorious is. Thankfully the developers have since written a very good guide about it. I have successfully installed it using those instructions!

Next task is to get Redmine running on the same box. There are some interesting challenges there.

Friday, 21 August 2009

HTTP proxies and sbuild

After studying how mk-sbuild-lv and sbuild itself work it looks clear that mk-sbuild-lv doesn't really support http proxies. That is, if you are behind one, tough luck.

Fortunately this is easy to fix, I already submitted a bug report and a patch to launchpad. It is as simple a patch as can be, it just adds one line to the mk-sbuild-lv script which exports the http_proxy setting to the chroot environment.