Oneliner to extract CentOS Stream package source in dist-git repo

-While investigating the sources of RHEL and Fedora packages, firstly I switch to corresponding branch, then do either rhpkg prep or fedpkg prep to extract source.

Recently, I am interested in CentOS Stream 9, and wish to investigate the source. However, I am too lazy to find the fedpkg or rhpkg equivalent for CentOS Stream, and found the following command useful:

/bin/spectool -g $(basename $PWD).spec; /bin/rpmbuild --nodeps --define "_sourcedir $PWD" --define "_builddir $PWD" --define "_buildrootdir $PWD" -bp $(basename $PWD).spec

RHEL 7 mock build with staff_selinux

By default, mock won’t work with staff_selinux mode in RHEL 7. The instruction from Fedora is mostly correct, but insufficient for staff_selinux. This is because:

1. /usr/bin/mock is now a sym-link to /usr/bin/consolehelper, thus consolehelper permission should be also allowed.
2. The Fedora mock policy module does not have the types like staff_consolehelper_t.

There are a lot more reasons, but long story short, I have edited a policy file (PackageMaintainers_MockTricks_mock.te) that should covered the most mock usage. My SELinux skill quickly build up by editing that file. 🙂

Time for script that setup the mock, assuming you are running as root:

# getting dependencies
yum -y install selinux-policy-devel policycoreutils-python mock

# Download policy files
wget https://fedoraproject.org/w/uploads/2/2f/PackageMaintainers_MockTricks_mock.if
wget https://fedoraproject.org/w/uploads/7/73/PackageMaintainers_MockTricks_mock.fc
wget https://dchen.fedorapeople.org/files/PackageMaintainers_MockTricks_mock.te

# Build and install
make -f /usr/share/selinux/devel/Makefile
semodule -i PackageMaintainers_MockTricks_mock.pp

That’s it.

But just in case you are still getting SELinux AVC denials, you can get around yourself by using following scripts:

grep -E -e "(mock|consolehelper)" /var/log/audit/audit.log | audit2allow -M my_mock
semodule -i my_mock.pp

recordmydesktop: screen recording for linux

A picture is worth a thousand words, and a video is worth a thousand pictures (literately!), especially for bug reporting.

Anyway, I have tried gtk-recordMyDesktop, which is gtk frontend of recordMyDesktop, a desktop session recording tool.

It is not hard to use, and capable of recording my voice. See this  for result.

The packages are in official Fedora repositories, so to install::

sudo yum -y install gtk-recordmydesktop

Replace gtk-recordmydesktop with qt-recordmydesktop if you perfer qt frontend.

 

XScreensaver can be educational

My daughter, Kelly, 6, was looking at the xscreensaver showing “engine” and asked: “What is it?”

“An engine”, I said.

“Hmm, I figured out how it works.” ?!

Although I am not sure how deep she understand, yet I feel that children can learn thing in various interesting way. 🙂

 

ibus-chewing-1.4.4 released

• Resolves Bug 842856 – ibus-chewing 1.4.3-1 not built with $RPM_OPT_FLAGS
• Resolves Bug 1027030 – CVE-2013-4509 ibus-chewing: ibus: visible password entry flaw [fedora-all] Thanks czchen for the GitHub pull request 39.
• Added translations: fr_FR, ja_JP, ko_KR 
• Adopt cmake-fedora-1.2.0

Properly use gnome-keyring-daemon Enlightenment (E-17) with ssh-agent support

Now enlightenment (E-17) become my favorite  window manager because it looks elegant and have the most sane automatic tiling action that do not require you to remember lots of keyboard short-cut. However, I got tire on inputting passcode of ssh keys over and over again.

After some searching,  articles like https://wiki.archlinux.org/index.php/Enlightenment#Gnome_Keyring_integration and http://kill-0.com/duplo/2010/01/27/e17-and-the-gnome-keyring-daemon/ suggest that following code block in ~/.profile do the trick:

if [ -n "$GNOME_KEYRING_PID" ]; then
    eval $(gnome-keyring-daemon --start)
    export SSH_AUTH_SOCK
    export GNOME_KEYRING_CONTROL
    export GPG_AGENT_INFO
fi

After apply it, it did work, typing

ssh-add -L

returns all my keys, but I cannot use any network that manual password typing, the network manager applet shows “User authentication is required”, but the god-damn password dialog just not showing. Other than actually switch network, there is a command, seahorse,  can be used to spot this symptom. Just run

seahorse

enable View->By keyring, and look at upper left. If it does not have section “Password” or “Login”, then you are bitten by this bug.

Oh, I forgot to mention that I use lightdm as Display manager. In order to make the gnome-keyring work with it, /etc/pam.d/lightdm should look like:

auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
...
auth optional pam_gnome_keyring.so 
auth include postlogin 
...
session optional pam_gnome_keyring.so auto_start 
session include postlogin

And if you need autologin, you need to do something similar to /etc/pam.d/lightdm-autologin

After some digging with journalctl  and systemd-loginctl, I found that .profile actually sourced twice, first is by /usr/bin/enlightenment_start (or lightdm), that one does not have ssh-agent associate with it, so calling gnome-keyring-daemon –start on that time let you neither be able to use network password dialog, nor the ssh keys are imported.

The second time is by /usr/bin/ssh-agent /bin/sh -c exec -l /bin/zsh -c “/usr/bin/enlightenment_start”,  you can safely call gnome-keyring-daemon now, as ssh-agent is now on.

So my ~/.profile ends like

if [ -n "$DESKTOP_SESSION" ];then 
    # No point to start gnome-keyring-daemon if ssh-agent is not up 
    if [ -n "$SSH_AGENT_PID" ];then 
        eval $(gnome-keyring-daemon --start) 
        export SSH_AUTH_SOCK export GPG_AGENT_INFO
        export GNOME_KEYRING_CONTROL
    fi
fi

One more thing, if you are using bash and has ~/.bash-profile, better to put above in to ~/.bash-profile.

zsh is similar, use ~/.zprofile instead.

Now be enlighten by enlightenment.

Hey, synergy can copy HTML table and paste to either Libreoffice Calc or Gnumeric

Even it is on other computer, with synergy, you can select the HTML table and copy, then paste into either Libreoffice Calc or Gnumeric as table. Very convenient.

How to determine whether an external monitor is turned on via Linux command line.

How to determine whether an external monitor is turned on via Linux command line.

HOWTO print multiple photos in one page with Linux

If you need to print photos with conventional printers, one photo per page probably is not always good idea, because it is either too big, or waste too much paper and ink.

Luckily, in Linux there are at least 2 choices:
After select the photos you want to print:

1. Shotwell: File->Print -> Page Setup.
   And in “Page per side”, you can choose how many photos you want to put in a page.
2. Gwenview: Plugins -> Images -> Print Assistant -> Select page layout.

ibus-chewing-1.4.3 Released

本次修正：

加入了 buganini 所提供的兩個修正：

1. https://github.com/definite/ibus-chewing/pull/31

2. https://github.com/definite/ibus-chewing/pull/30

感謝 buganini 的辛勞。