Definite's Extractor

My findings on Life, Linux, Open Source, and so on.

systemd: remember to keep the daemons alive

My sinopia daemon refused to start. After dig out the journal, I found that ExecStop run straight after ExecStart, what the…

After some research, I found that for daemons, or any other program that put themselves at the background, systemd thought they are stopped, thus stop the service for you. To prevent this, you need following in your systemd service file:

[Service]
...
RemainAfterExit=yes

so your daemons can live happily ever after.

The END

nodejs/npm yum repo for EL7

The nodejs and npm in EL7 is too old, so I borrowed the  to latest nodejs spec from  rawhide. Long story short, the result is at:

https://copr.fedorainfracloud.org/coprs/dchen/nodejs/

Please read the disclaimer and do follow the installation instruction if you choose to proceed. I don’t usually put the disclaimer like that but you need to know that:

  1. The build dependency of nodejs include openssl-1.0.2, but EL7 only shipped with 1.0.1, yet nodejs can run with openssl-1.0.1.
  2. openssl-libs is an important package, without it,  yum, curl and rpm URL install won’t work, so restore it is a bit tricky. The instruction is, however, written in the copr page.

Longer story:

To build this copr, following dependencies need to go in as well:

  1. libuv
  2. crypto-policies
  3. openssl-1.0.2

libuv is piece of cake. But crypto-policies and openssl bring the worst packager nightmare: circular dependency. After F23, crypto-policies require openssl-devel to build, yet openssl require crypto-policies to run.

I eventually dug out crypto-policies from F21 and built it, thus broke the circular dependency and finished the build.

ibus-chewing-1.5.1 Released

ibus-chewing 1.5.1 這次的更新修正了很多操作上的問題,

諸如按Ctrl-2~4 選字的功能,數字版(NumPad)的選字,以及insert 等特殊鍵的處理。

特別感謝 hiunnhue 的貢獻。他不僅提出了更好的處理數字鍵的方法,這個 release  的所有 issue 都是他修復的。再一次感謝各位參與者的意見與 pull request ,使得 ibus-chewing 更為完善。

ibus-chewing-1.5.0釋出

除了修了一些 bug 之外,這個版本有幾個亮點:

  1. 使用者可以選擇在系統匣顯示「中/英」以及「全/半」狀態,如圖:
    systray
    Gnome 3的使用者可能沒法看到,但是其他桌面環境諸如 KDE/Plasma、XFCE、LXDE、LXQT,或是支援systray的視窗管理器如 fluxbox 可以看見。
    在「中」圖示按滑鼠左鍵切換「中/英」,右鍵切換「全/半」。也可用鍵盤 shift 鍵切換「中/英」,shift-space 切換「全/半」

    啟用/停用: 進入設定畫面後,在「鍵盤(keyboard)」分頁中,選項「在系統匣中顯示圖示 (Show systray icons)」。

  2. 更好地處理 Caps Lock 及中英切換。
    現在你可以選擇是用 Shift 來切換中英,或是 Caps Lock 切換中英。
    喜歡用 Caps Lock 切換英數大小寫的使用者可以停用「Caps Lock 切換中文模式」,這樣就不用擔心輸入英文時無法用 Caps Lock 切換大小寫。

RHEL 7 mock build with staff_selinux

By default, mock won’t work with staff_selinux mode in RHEL 7. The instruction from Fedora is mostly correct, but insufficient for staff_selinux. This is because:

  1. /usr/bin/mock is now a sym-link to /usr/bin/consolehelper, thus consolehelper permission should be also allowed.
  2. The Fedora mock policy module does not have the types like staff_consolehelper_t.

There are a lot more reasons, but long story short, I have edited a policy file (PackageMaintainers_MockTricks_mock.te) that should covered the most mock usage. My SELinux skill quickly build up by editing that file.🙂

Time for script that setup the mock, assuming you are running as root:

# getting dependencies
yum -y install selinux-policy-devel policycoreutils-python mock

# Download policy files
wget https://fedoraproject.org/w/uploads/2/2f/PackageMaintainers_MockTricks_mock.if
wget https://fedoraproject.org/w/uploads/7/73/PackageMaintainers_MockTricks_mock.fc
wget https://dchen.fedorapeople.org/files/PackageMaintainers_MockTricks_mock.te

# Build and install
make -f /usr/share/selinux/devel/Makefile
semodule -i PackageMaintainers_MockTricks_mock.pp

That’s it.

But just in case you are still getting SELinux AVC denials, you can get around yourself by using following scripts:

grep -E -e "(mock|consolehelper)" /var/log/audit/audit.log | audit2allow -M my_mock
semodule -i my_mock.pp

Autostart in lxqt + fluxbox

Now day I start playing with fluxbox, which is light weight, yet surprisingly has excellent feature set. For one, it can remember window location  and  size.

The other window mangers that are capable of window remembering have their own downside:

  • KDE: It is indeed full featured but heavy weight. The other weird thing is it asks password for Calendar in Google Chrome whenever my session start, even I do not intent to use it.
  • Enlightenment: starting from 0.20, they dropped systray (Xembed) support. Basically that means the Network Manager and Input Method indicators are gone.

The fluxbox built-in panel (a.k.a. toolbar) has the basic feature sets which I can live with, but it would be better to have the volume control, battery status and popup calendar when I click on the clock.

First candidate is fbpanel, but it’s popup calendar is block by the panel itself.

Then I found lxqt-panel. It has good feature sets like memory graph. But it fail to find the launcher icons, and “logout” won’t logout you.

At last, I came out with use lxqt as session, but fluxbox as window manager. But the autostart did not seem to work. Luckily, you can use startfluxbox as window manager, and you can put whatever you want to autostart in ~/.fluxbox/startup.

Enjoy.

cmake-fedora-2.5.0 is released

  • Enhancement:
    • New Target: changelog_no_force: Does not update ChangeLog if RELEASE-NOTES.txt is newer than ChangeLog.
  • Fixed:
    • MANAGE_ZANATA: Error message that missing right bracket.
      Thanks ChangZhu Chen for pointing it out.
    • Bug 1295278 – cmake-fedora: failed to update version when CMakeCache.txt is newer than RELEASE-NOTES.txt

SELinux for synergy , or generally other tcp/udp services

If you enforcing your SELinux and set your user to non unconfined_u, like either user_u or staff_u. You may found that your synergy or other tcp/udp service stop working. That is because your role cannot listen the ports that your services required.

To allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users), run:

sudo setsebool selinuxuser_tcp_server 1

and for UDP:

sudo setsebool selinuxuser_udp_server 1

Reference:

  1. user SELinux Policy documentation (8)

Fedora: maven-gpg-plugin keep asking passphrase

When doing maven release, maven-gpg-plugin keep showing

請輸入密語: [INFO] gpg: gpg-agent 在此階段無法使用
Enter passphrase: [INFO] gpg: gpg-agent is not available in this session

I literately has to input passphrase dozens (if not hundreds) times. Indeed annoying.

This is because Bug: gpg-1 cannot locate gpg-agent >= 2.1 . But I don’t really want to wait for the package fix. Luckily, gpg2 works, and there is a way to change what maven-gpg-plugin invokes. In other words. add following sections to your ~/.m2/settings.xml

<settings>
  <profiles>
    <profile>
      <id>gpg</id>
      <properties>
        <gpg.executable>gpg2</gpg.executable>
<!-- No need to enter passphrase here, gpg-agent should be working now
        <gpg.passphrase>mypassphrase</gpg.passphrase>
-->
      </properties>
    </profile>
  </profiles>
  <activeProfiles>
    <activeProfile>gpg</activeProfile>
  </activeProfiles>
</settings>

Note that RHEL 7 does not suffer this problem, as in RHEL 7, gpg is actually gpg2. You can use

gpg --version

to verify it.

cmake-fedora-2.4.3 is released

cmake-fedora consists CMake modules and scripts that simplify and automate the release process for software package, especially for Fedora and EPEL.

Even if you are not using CMake on your packages, you can still using following scripts to simplify your package chores. For examples, if you want your packages to be build in koji and submit to bodhi in all active branches like rawhide, f23, f22, f21, simply run

cmake-fedora-fedpkg <SRPM>

It builds the SRPM on all the active branches, skip the already built ones, then submit them to bodhi.

Follow

Get every new post delivered to your Inbox.

Join 378 other followers