Creating self signed certs is straight forward:
umask 277
openssl genrsa 1024 > host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
cat host.cert host.key > host.pem
You then import the generated cert in a client; e.g. with php/curl, the incantation is:
curl_setopt($ch, CURLOPT_CAINFO, '.../ssl/host.pem');
Et VoilĂ ! we have a 'secure' communication path between client and server...
2007/12/14
2007/12/02
The hunt for AFK's
qcheck(1) is the key to looking for inconsistencies between what portage installed and a live system: qcheck -aTC
or with nice colour: qcheck -aT
Filtering out python, ... etc false positives (AFK appears to be qcheck code for missing files):
qcheck -aTC >$OUT 2>&1
filter='/usr/lib/python2.4|/usr/lib/gimp/2.0/python|\
/usr/share/javatoolkit/pym|\/usr/kde/3.5/share/doc|\
/usr/share/icons/hicolor|/usr/share/webapps/phpmyadmin'
grep AFK $OUT | egrep -v $filter | sort >${DATE}-afk.log
grep MD5-DIGEST $OUT | egrep -v $filter | sort >${DATE}-md5.log
or with nice colour: qcheck -aT
Filtering out python, ... etc false positives (AFK appears to be qcheck code for missing files):
#!/bin/sh
DATE=`date +%Y%m%d`
OUT=${DATE}.log
qcheck -aTC >$OUT 2>&1
filter='/usr/lib/python2.4|/usr/lib/gimp/2.0/python|\
/usr/share/javatoolkit/pym|\/usr/kde/3.5/share/doc|\
/usr/share/icons/hicolor|/usr/share/webapps/phpmyadmin'
grep AFK $OUT | egrep -v $filter | sort >${DATE}-afk.log
grep MD5-DIGEST $OUT | egrep -v $filter | sort >${DATE}-md5.log
Slowly going faster
An old/slow gentoo box:
/etc/conf.d/rc:svcmount="yes"
/etc/conf.d/rc:svcmount="yes"
sticks the service deps into a tmpfs
Filesystem Size Used Avail Use% Mounted on
svcdir 2.0M 188K 1.9M 10% /var/lib/init.d
Any speedup isn't noticable, but its one step closer to running root fs out of a pseudo-SSD
(pcmcia memory card adapter + old SD card). Going ro is painful from quick glance.
Anyway usage rises to 344k on a reasonably well configured box, so 2MB is fine.
tmpfs is a real gain for emerges with an fstab including:
shm /dev/shm tmpfs noatime,size=4G,nr_inodes=200k 0 0
and linking /var/tmp to /dev/shm - 4GB is comfortable for building openoffice.
2007/11/21
A brief history
Liking xemacs meta-A to call set-mark-command:
(defun php-hook ()
""
(define-key php-mode-map [(meta a)] 'set-mark-command))
(add-hook 'php-mode-hook 'php-hook)
(require 'php-mode)
I don't care to recall how many times I have had to resurrect this arcane formula over the years.
And php-mode is in portage for emacs, but not xemacs...
(defun php-hook ()
""
(define-key php-mode-map [(meta a)] 'set-mark-command))
(add-hook 'php-mode-hook 'php-hook)
(require 'php-mode)
I don't care to recall how many times I have had to resurrect this arcane formula over the years.
And php-mode is in portage for emacs, but not xemacs...
2007/11/15
What big documentation you have
I used kdoc to some effect previously. It was a good habit to get into.
doxygen is the generator of choice where I am at the moment.
The incantation I stumbled on involves:
doxygen is the generator of choice where I am at the moment.
The incantation I stumbled on involves:
$ doxygen -g proj.dox
$ vi proj.dox
...
ALWAYS_DETAILED_SEC = YES
JAVADOC_AUTOBRIEF = YES
EXTRACT_ALL = YES
INPUT = x.h y.h ...
GENERATE_MAN = YES
...
$ doxygoen proj.dox
The html is ok and I like the man pages it spits out.
2007/11/14
Command Lines to Forget
Things I find useful to keep handy...
Installing CPAN modules somewhere other than in the system perl directories
perl Makefile.PL INSTALL_BASE=/home/me/perl
perl Makefile.PL PREFIX=/home/me/perl
Generating usable postscript from man pages
groff -man -Tps apage.3pm >apage.ps
Landscape pages from a2ps
a2ps --columns=1 -f 9 -r -o RESULTS.ps RESULTS.txt
Validate XML against an external DTD
xmllint --noout --postvalid --dtdvalid the.dtd the.xml
Extracting an rpm to the current directory
rpm2cpio foo.rpm | cpio --extract --verbose --preserve-modification-time --no-absolute-filenames --make-directories
Installing CPAN modules somewhere other than in the system perl directories
perl Makefile.PL INSTALL_BASE=/home/me/perl
perl Makefile.PL PREFIX=/home/me/perl
Generating usable postscript from man pages
groff -man -Tps apage.3pm >apage.ps
Landscape pages from a2ps
a2ps --columns=1 -f 9 -r -o RESULTS.ps RESULTS.txt
Validate XML against an external DTD
xmllint --noout --postvalid --dtdvalid the.dtd the.xml
Extracting an rpm to the current directory
rpm2cpio foo.rpm | cpio --extract --verbose --preserve-modification-time --no-absolute-filenames --make-directories
2007/10/26
C99 or back to the future
Its almost 10yrs since I had to look at any significant C, and it was pleasant to find that C99 has added:
- for loop initialisers are supported
- declarations can be mixed with code
- there is a bool type
- the C++ // comment is supported
- and some weird array and macro stuff (variable length arrays are broken in gcc)
2007/10/24
Large File Support in HP-UX
fsadm is the key to turning on large file support in a HP-UX filesystem. Then the fun begins making sure that compiler flags allow you at your >2GB goodness.
There is a reasonable discussion of the other steps in the Tru64 Transition document set.
There is a reasonable discussion of the other steps in the Tru64 Transition document set.
2007/10/18
Soft-boiled egg cracking
Endianness is great make-work and telling the which orientation a box is at runtime is interesting (especially as some architectures are bi) - snippet derived from the IBM article:
int
main(int argc, char* argv[])
{
int i = 1;
char *p = (char *)&i;
if (p[0] == 1)
printf("little endian\n");
else
printf("big endian\n");
return 0;
}
Anyway, HP-UX on Itanium is big (as was/is PA-RISC), linux on Intel is little.
2007/10/15
Caching nameserver with ISC bind
Handy to do in the presence of dodgy local nameserver(s) - on gentoo:
# emerge bind
# vi /etc/bind/named.conf
...
//forward first; // uncomment to avoid going to the root nameservers
forwarders {
192.168.6.53; // local dodgy ns #1
192.168.5.53; // local dodgy ns #2
};
...
# vi /etc/resolv.conf
...
nameserver 127.0.0.1
# rc-config add named
# /etc/init.d/named start
# dig www.dilbert.com # <- note query time
# dig www.dilbert.com # <- note reduced query time
#
# emerge bind
# vi /etc/bind/named.conf
...
//forward first; // uncomment to avoid going to the root nameservers
forwarders {
192.168.6.53; // local dodgy ns #1
192.168.5.53; // local dodgy ns #2
};
...
# vi /etc/resolv.conf
...
nameserver 127.0.0.1
# rc-config add named
# /etc/init.d/named start
# dig www.dilbert.com # <- note query time
# dig www.dilbert.com # <- note reduced query time
#
2007/10/12
HP-UX Versions & Support
HP will support old HP-UX OS versions for ~10 years. Updates to major releases come every 6 months. And major releases come every 3 years.
And they guarantee forward compatibility if there are no kernel dependencies. They don't have a backward compatibility guarantee (build on a newer environment, for deployment on an older one).
Software from the old HP 9000 architecture can run under emulation on Itanium, or is guaranteed to be source code/build time compatible on Itanium.
And they guarantee forward compatibility if there are no kernel dependencies. They don't have a backward compatibility guarantee (build on a newer environment, for deployment on an older one).
Software from the old HP 9000 architecture can run under emulation on Itanium, or is guaranteed to be source code/build time compatible on Itanium.
2007/10/11
C++ References
Small collection of links that I find handy & refer to regularly:
- cppreference - handy site for quick reference
- sgi stl original reference material
- gnu libstdc++ info manual
- shared libs & their care + feeding
- ACE classes, makefile hints
- gmake info manual
- gcc 4.1.2 info manual
- gdb cribsheet
HP-UX SWA
Incantation to install swinstall:
swinstall -s /local/SwAssistant_C.01.02_HP-UX_11iv2+v3_IA_PA.depot
Depots need to be marked for installation inside the swinstall motif gui.
SWA itself is finicky about the specific version of the jre that it requires as well...
But it depends on having internet access to pull down a swa_catalog.xml file, and if your servers don't have that access...
So download it with firefox, scp it to the server, uncompress it, and:
# swa report -x catalog=swa_catalog.xml
And of course it doesn't run because it needs a later 'Gold Base Patches for HP-UX' bundle to be installed...
swinstall -s /local/SwAssistant_C.01.02_HP-UX_11iv2+v3_IA_PA.depot
Depots need to be marked for installation inside the swinstall motif gui.
SWA itself is finicky about the specific version of the jre that it requires as well...
But it depends on having internet access to pull down a swa_catalog.xml file, and if your servers don't have that access...
So download it with firefox, scp it to the server, uncompress it, and:
# swa report -x catalog=swa_catalog.xml
And of course it doesn't run because it needs a later 'Gold Base Patches for HP-UX' bundle to be installed...
Rooting around HP-UX 11.23 ia64
Whats in the box
The divil is in the detail:
swa is the HP recommended way of patching up boxes - its a free download from (the download site was broken the first day I tried - worked the next day).
The divil is in the detail:
- Run machinfo to see installed memory (& hardware model, ...)
- Watch paging use with swapinfo.
- Run 'ioscan ioscan -funC disk' to see installed disks.
- Look at logical volumes/groups with vgdisplay -v (the 'Free PE' field is interesting).
- Look at how a physical disk is allocated with pvdisplay /dev/dsk/c2t0d0
swa is the HP recommended way of patching up boxes - its a free download from (the download site was broken the first day I tried - worked the next day).
Subscribe to:
Posts (Atom)