WPA cracked

WPA can now be cracked in a minute. So, what are we supposed to use from now on?Surely developing a strong encryption scheme can't be that impossible, after all even GSM is hard to crack and it was developed in the 80's!

Redmine installation on Ubuntu Jaunty

So, in the previous entry I gave instructions on installing Gitorious on Ubuntu Jaunty. This post will tell how to install Redmine on the same box. It will also use Passenger and MySql so no extra software is installed.

In case you only want to install Redmine, I will also tell which steps from the Gitorious installation instructions must also be done.

Install packages

1. aptitude install ruby-pkg-tools ruby1.8-dev libapache-dbi-perl libapache2-mod-perl2 libdigest-sha1-perl

Redmine only: also do steps 1,2, 4 and 8.

Fetch Redmine

1. cd /var/www/
2. wget http://rubyforge.org/frs/download.php/56909/redmine-0.8.4.tar.gz
3. gunzip redmine-0.8.4.tar.gz && tar xvf redmine-0.8.4.tar
4. mv redmine-0.8.4 redmine

Create user

1. adduser --system --home /var/www/redmine --no-create-home --group --shell /bin/bash redmine
2. chown -R redmine:redmine /var/www/redmine

Configure Apache

1. Copy attached redmine.conf file to /etc/apache2/conf.d/redmine.conf.

Redmine only: you also need to do steps 1-4, 7 and 9. SSL is only not needed by Redmine.

Create database and database user

1. mysql -p
2. create database redmine character set utf8;
3. create user 'redmine'@'localhost' identified by '[password]';
4. grant all privileges on redmine.* to 'redmine'@'localhost';
5. quit
6. Copy attached database.yml to /var/www/redmine/config/database.yml. Change the password to the one you selected in previous step.

Bootstrap Redmine

1. cd /var/www/redmine
2. rake db:migrate RAILS_ENV="production"
3. rake redmine:load_default_data RAILS_ENV="production"

Setup email

1. Copy attached file email.redmine.yml to /var/www/redmine/config/email.yml. Fix domain name.
   

Finally restart Apache one more time. Default admin user name and password is admin/admin.

Attachments

redmine.conf:

Alias /redmine /var/www/redmine/public

<directory /var/www/redmine/public>
PassengerAppRoot /var/www/redmine

RailsBaseURI /redmine
</directory>

database.yml:

production:
adapter: mysql
database: redmine
host: localhost
username: redmine
password: [password]

email.yml:

production:
delivery_method: :smtp
smtp_settings:
address: 127.0.0.1
port: 25
domain: DOMAIN
authentication: :login
user_name: redmine
password: redmine

Gitorious installation on Ubuntu Jaunty

So I managed to install Gitorious and not only that, I also have Redmine working on the same machine. Both use Apache2, Passenger, MySql and git. No virtual hosts are used, these tools are accessed with "https://hostname/gitorious" and "http://hostname/redmine". I'll start with instructions on how to install Gitorious and the next one will handle Redmine installation on the same machine. I tried to make these instructions as simple as possible, but if something goes really badly wrong, it's on you. I also did this on a fresh virtual machine so I had to install some packages that are installed automatically on "normal" installation. So, here we go. Everything is done as root (sudo -i).

Install needed packages and gems

1. aptitude update
2. aptitude install apache2 ruby rubygems git-core git-doc libmysql-ruby mysql-server mysql-client libmysqlclient15-dev phpmyadmin libdbd-mysql-ruby build-essential cron rake wget
3. aptitude install zlib1g-dev tcl-dev libexpat-dev libcurl4-openssl-dev postfix apg geoip-bin libgeoip1 libgeoip-dev sqlite3 libsqlite3-dev imagemagick libpcre3 libpcre3-dev zlib1g zlib1g-dev libyaml-dev apache2-dev libonig-dev ruby-dev libopenssl-ruby libmagick++-dev zip unzip memcached git-svn git-cvs irb
   
4. gem install -b --no-ri --no-rdoc passenger rake
5. gem install -b --no-ri --no-rdoc rmagick chronic geoip daemons hoe echoe ruby-yadis \ ruby-openid mime-types diff-lcs json rack ruby-hmac stompserver
   
6. gem install -b --no-ri --no-rdoc -v 1.3.1.1 rdiscount
7. gem install -b --no-ri --no-rdoc -v 1.1 stomp
8. ln -s /var/lib/gems/1.8/bin/rake /usr/bin
9. ln -s /var/lib/gems/1.8/bin/stompserver /usr/bin
   

Install Sphinx

1. cd /tmp
2. wget http://sphinxsearch.com/downloads/sphinx-0.9.8.1.tar.gz
3. gunzip sphinx-0.9.8.1.tar.gz && tar xvf sphinx-0.9.8.1.tar
4. cd sphinx-0.9.8.1
5. ./configure --prefix=/usr && make all install

Fetch Gitorious

1. git clone http://git.gitorious.org/gitorious/mainline.git /var/www/gitorious
2. ln -s /var/www/gitorious/script/gitorious /usr/bin

Create user

This step will create the "git" user for the system and also the ssh keyring which is used to identify other users.

1. adduser --system --home /var/www/gitorious/ --no-create-home --group --shell /bin/bash git
2. chown -R git:git /var/www/gitorious
3. su - git
4. mkdir .ssh
5. touch .ssh/authorized_keys
6. chmod 700 .ssh
7. chmod 600 .ssh/authorized_keys
8. mkdir tmp/pids
9. mkdir repositories
10. mkdir tarballs
11. exit

Configure Gitorious

1. Copy attached file gitorious.yml to /var/www/gitorious/config. Change gitorious_client_host and gitorious_host to the system hostname or IP address.
2. cp /var/www/gitorious/config/broker.yml.example /var/www/gitorious/broker.yml
   

Configure services

1. cp /var/www/gitorious/doc/templates/ubuntu/git-ultrasphinx /etc/init.d/
2. sed -e "s/opt\/ruby-enterprise\/bin\/ruby/usr\/bin\/ruby/" /var/www/gitorious/doc/templates/ubuntu/git-daemon > /etc/init.d/git-daemon
3. chmod 755 /etc/init.d/git-daemon
4. Copy attached stomp file to /etc/init.d.
5. Copy attached git-poller file to /etc/init.d
6. cp /var/www/gitorious/doc/templates/ubuntu/gitorious-logrotate /etc/logrotate.d/gitorious
7. chmod 755 /etc/init.d/git-ultrasphinx /etc/init.d/git-daemon /etc/init.d/stomp /etc/init.d/git-poller
8. update-rc.d stomp defaults
9. update-rc.d git-daemon defaults
10. update-rc.d git-ultrasphinx defaults
11. update-rc.d git-poller defaults

Configure Apache

1. /var/lib/gems/1.8/bin/passenger-install-apache2-module
2. Copy attached file passenger.load to /etc/apache2/mods-available/passenger.load.
3. a2enmod passenger
4. a2enmod rewrite
5. a2enmod ssl
6. a2ensite default-ssl
7. ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
8. Copy attached gitorious.conf file to /etc/apache2/conf.d/gitorious.conf.
9. /etc/init.d/apache2 restart

Step 7 fixes phpmyadmin so it works again.

Create database and database user

1. mysql -p
2. create user 'git'@'localhost' identified by '[password]';
3. grant all privileges on * . * to 'git'@'localhost' identified by '[password]';
4. grant all privileges on `gitorious_production` . * to 'git'@'localhost' with grant option ;
5. Copy attached file database.yml to /var/www/gitorious/config/database.yml. Change the password to the one you selected in previous step.

Bootstrap Gitorious

1. cd /var/www/gitorious
2. export RAILS_ENV="production"
3. rake db:create
4. rake db:migrate
5. rake ultrasphinx:bootstrap
6. Add this to crontab: * * * * * cd /var/www/gitorious && /usr/bin/rake ultrasphinx:index RAILS_ENV="production"

And finally

1. /etc/init.d/apache2 restart
2. ruby /var/www/create_admin
   

Last step creates the Gitorious super user. Note that admin email must be fully qualified email address, e.g. "admin@foo.bar.net"

Attachments

gitorious.yml:

production:

# The session secret key (`apg -m 64` is always useful for this kinda stuff)
cookie_secret: ssssht

# The path where git repositories are stored. The actual (bare) repositories $
# in repository_base_path/#{project.slug}/#{repository.name}.git/:
repository_base_path: "/var/www/gitorious/repositories"

# Stuff that's in the html head. custom stats javascript code etc
extra_html_head_data:

# System message that will appear on all pages if present
system_message:

# Port the ./script/gitorious script should use:
gitorious_client_port: 80

# Host the ./script/gitorious script should use:
gitorious_client_host: HOSTNAME

# Host which is serving the gitorious app, eg "gitorious.org"
gitorious_host: HOSTNAME

# User which is running git daemon
gitorious_user: git

# Email spam on server errors to:
exception_notification_emails:

# Mangle visible e-mail addresses (spam protection)
mangle_email_addresses: true

# Enable or Disable Public Mode (true) or Private Mode (false)
public_mode: true

# Define your locale
locale: en

# Where should we store generated tarballs?
# (should be readable by webserver, since we tell it to send the file using X$
archive_cache_dir: "/var/www/gitorious/tarballs"
# Which directory should we work in when we generate tarballs, before moving
# them to the above dir?
archive_work_dir: "/tmp/tarballs-work"

# is it only site admins who can create new projects?
only_site_admins_can_create_projects: false

# Should we hide HTTP clone urls?
hide_http_clone_urls: true

# Is this gitorious.org? Read: should we have a very flashy homepage?
is_gitorious_dot_org: false

stomp:

#!/bin/sh
# Start/stop the stompserver
#
### BEGIN INIT INFO
# Provides: stomp
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: Stomp
# Description: Stomp
### END INIT INFO

test -f /usr/bin/stompserver || exit 0

. /lib/lsb/init-functions

case "$1" in
start) log_daemon_msg "Starting stompserver" "stompserver"

start-stop-daemon --start --name stompserver --startas /usr/bin/stompserver --background --user git
log_end_msg $?
;;

stop) log_daemon_msg "Stopping stompserver" "stompserver"

start-stop-daemon --stop --name stompserver
log_end_msg $?
;;

restart) log_daemon_msg "Restarting stompserver" "stompserver"

start-stop-daemon --stop --retry 5 --name stompserver
start-stop-daemon --start --name stompserver --startas /usr/bin/stompserver --background --user git
log_end_msg $?
;;

status)

status_of_proc /usr/bin/stompserver stompserver && exit 0 || exit $?
;;

*) log_action_msg "Usage: /etc/init.d/stomp {start|stop|restart|status}"

exit 2
;;

esac
exit 0

git-poller:

#!/bin/sh
# Start/stop the git poller
#
### BEGIN INIT INFO
# Provides: git-poller
# Required-Start: stomp
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: Gitorious poller
# Description: Gitorious poller
### END INIT INFO

/bin/su -- git -c "cd /var/www/gitorious;RAILS_ENV=production script/poller $@"

passenger.load:

LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-2.2.4/ext/apache2/mod_passenger.so
PassengerRoot /var/lib/gems/1.8/gems/passenger-2.2.4
PassengerRuby /usr/bin/ruby1.8

gitorious.conf:

Alias /gitorious /var/www/gitorious/public

<directory /var/www/gitorious/public>
PassengerAppRoot /var/www/gitorious

RailsBaseURI /gitorious
</directory>

database.yml:

production:
adapter: mysql
database: gitorious_production
username: git
password: [PASSWORD]
host: localhost
encoding: utf8

Gitorious installation revisited

I wrote earlier about how difficult installing Gitorious is. Thankfully the developers have since written a very good guide about it. I have successfully installed it using those instructions!

Next task is to get Redmine running on the same box. There are some interesting challenges there.

HTTP proxies and sbuild

After studying how mk-sbuild-lv and sbuild itself work it looks clear that mk-sbuild-lv doesn't really support http proxies. That is, if you are behind one, tough luck.

Fortunately this is easy to fix, I already submitted a bug report and a patch to launchpad. It is as simple a patch as can be, it just adds one line to the mk-sbuild-lv script which exports the http_proxy setting to the chroot environment.