Tackling all those errors during bootup

I think I should get this out in the open before Kernel 2.6.42 gets out. The text was written already half a year ago and never really got a finishing touch but some parts of it might be useful out there in solving some problems and hickups during bootup.

After having some trouble with Kernel 2.6.36 and video playback I turned to examine the bootup messages more closely. The problem, frequent crashes during video playback in X, went away as soon as I was using Kernel 2.6.37 but I thought it can’t hurt to examine the error messages during bootup a little closer. So I checked the messages from the init scripts and the output of X a little bit closer. Weiterlesen

kdm fails to restart after logout

Usualy, after logging out from the desktop (like from KDE), the display manager (kdm in a usual KDE setup) appears again prompting for a new login. On one of my machines this is not a
case for a while now. Instead of returning to the kdm login screen I end up in a virtual terminal for text input. Since this machine is most of the time simply shut down after use, I didn’t really look into the problem until now.

The problem is well know. It’s for example documented in bugs 295743, 432521 in Ubuntu’s launchpad, bug 253987 in the Gentoo bugzilla, bug 18028 in the freedesktop.org bugzilla and this thread in the German-speaking sidux forum.

The guilty party for causing the problem seems to be the X-Server that can not be properly reset. Not all X-Servers are buggy but at least the SiS-X-Server is (in my case
it’s crashing with „SIS(0): Unable to map IO aperture. Invalid argument (22)“) and the Intel-X-Server was. So the solution would be to fix the X-Servers. However, this is not done yet, even though the bug is quite old.

Lucky us, a workaround exists. Telling kdm with "TerminateServer=true" in kdmrc (see the kdm documentation) to terminate the X-Server instead of restarting it, resolves the issue.

If you apply this workaround, be sure to check the entry in your kdm file after each upgrade of kdm. It might me overwritten through the upgrade mechanisms.

SheevaPlug – Computing out of the wall wart

SheevaPlug with USB and LAN port visible

SheevaPlug with USB and LAN port visible

Whether Marvell got the name for it’s ARM compatible CPU core from the Hindu god of destruction or off the character from
the Mortal Kombat game series, I don’t know.

However, the Sheeva CPU core is the heart of Marvell’s System-on a-Chip design called Kirkwood and around that they built a complete computing device the size of a wall wart and called it the SheevaPlug. Weiterlesen

Show installed packages sorted by the size they occupy

This can be done astoundingly easy with only a single command – well, not including the sorting. I’m just writing about it since it took my quite a while to figure out how to do this and later on I had to say that even though I knew that dpkg-query exists but since I liked to dig around in the packagestatus file by myself I never really had a use for the command. Well, now I have.

dpkg-query --show --showformat='${Package;-20}\t${Status}\t${Installed-Size}\n' | sort -k 5 -n|grep -v deinstall

does the job. And afterwards it’s quite easy to kick out the big packets you never heard of or even used …

What to do when the nfsserver hangs on your slug?

I have a slug running on unslung V2.3R63-uNSLUng-6.8-beta.

Sometimes I can’t mount the
exported directories on the slug from my clients in the network. Reading /var/log/messages on the slug I can see the entry

getfh failed: Operation not permitted

This post tracked the cause down to a stale /var/lib/nfs/rmtab file. Wiping all files in /var/lib/nfs/ and executing /opt/etc/init.d/S56nfs-utils – which stops and restarts the nfsd – did the job for me and mounting worked perfectly afterwards.

However, even though I did this quite a view times now I can’t guarantee that this is the proper way to solve this problem. I’m especially not so sure if the wiping part is safe at all. Furthermore, it’s still unclear to me, why the mount problem happens at all and why the file gets stale (feedback is welcome!).

So use this recipe on your own risk.

Updated Debian WordPress 2.0 refuses to run?

Did you update WordPress with Debian’s 2.0-1 package and now you only get the message

Your PHP installation appears to be missing the MySQL which is required for WordPress.

when turning your browser to your blog?

Well, this seems to be an old bug that somehow did not make it into the Debian package. Check out Ticket #1496 at trac.wordpress.org, where reason and fix are described.

Actually, the fix is quite simple: Just add an

if ( !
dl('mysql.so') )

before line 50 (the one that dies with the error message) in wp-settings.php and your blog is running again.

How can I avoid GPG errors with apt 0.6 and above?

Since version 0.6 apt is checking for
packages signatures. If signatures are not known to apt errors like in the following example are produced.

W: GPG error: http://debian.hinterhof.net unstable/ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A0E41455F530F04D
W: GPG error: http://kempele.fi ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76755C2ABD7736A8
W: GPG error: http://www.tux.org sid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY BB5E459A529B8BDA
W: GPG error: ftp://ftp.nerim.net sarge Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
W: GPG error: ftp://ftp.nerim.net etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
W: GPG error: ftp://ftp.nerim.net sid Release: The
following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907

The signatures are included in the Release files, as the error message suggests. So if the public key is not known to GPG the above error messages are produced.

Getting everything right with signatures and apt seems to be still confusing to a lot of people including me. This article and the comments to it at Debian Administration gives an overview but also proofs that there is still need for more detail. Especially the connection between the package debian-keyring and apt and how the keys should enter /etc/apt/trusted.gpg are still quite unclear to me. Furthermore, at the time of writing this apt-key still seems to have some consitnecy bugs as described here. I believe there is still some development going on.

However, here’s how I got GPG quiet again. It’s basicly finding the keys on a keyserver or in a file provided by the keyholder, importing them into GPG and then exporting and piping them into apt-key. It should work with the keys after the NO_PUBKEY warning.

A good example is the repository at http://debian.hinterhof.net. Max Vozeler, the repository maintainer says:

I sign both repositories using key 1024D/F530F04D Automatic Signing Key (debian.hinterhof.net) (asc) which is signed with my Debian key 1024D/B7CDA2DC Max Vozeler (asc).

You can get the key by either asking a keyserver

#gpg --keyserver hkp://wwwkeys.eu.pgp.net --recv-keys F530F04D

or getting the file containing the key

#wget http://hinterhof.net/debian/archive-2005.asc
#gpg --import archive-2005.asc

Now you need to get the key into /etc/apt/trusted.
by using

#gpg --armor --export F530F04D | apt-key add -

Now GPG should not be complaining about this repository again.

Actions for the other repositorys are the same. Christian Marillat has some comments about his keys here. Some more comments on package signing are in the Securing Debian Manual.

How do I create a crypted DVD?

First, make sure that AES is supported by your kernel as well as the following programs: losetup, mount and umount.

Next, check if you have aespipe installed (this package is part of the Debian distribution).

nThe command

mkisofs -r /backup | /usr/local/bin/aespipe -e AES128 -T >backup.iso

will create a crypted DVD-Image. In this example a keylength of 128 bit is used, thus AES asks for a password of (at least) 20 characters. Make sure that your image is not violating the maximum DVD size!

To check the integrity of the crypted image you can do a loopback mount with

mount -t iso9660 backup.iso /mnt/cdrom -o loop=/dev/loop0,encryption=AES128

Now, we have to get the image onto a disk. This is quite easily done with

growisofs -Z /dev/dvdrecorder=backup.iso

If you are creating a crypted CD (check the size of your image!) then you could use

cdrecord -v dev=/dev/cdrecorder backup.iso

Finally, we should check the data on our new disk before deleting any files from the harddrive.
Typing (as root)

mount -t iso9660 /dev/dvdrom /mnt/dvdrom -o loop=/dev/loop0,encryption=AES128

should ask you for the password and afterwards the data should be accessible at the mountpoint.

Just to remind you, device names and mountpoints are subject to your local installation.