Wednesday, November 30, 2011

Another approach to modfiy structured files (like config or XML files)

Vienna (Wien) - Hofburg - Labors of Hercules (Encounter with Antaeus - Garden of the Hesperides and Killing Augeas - Augean Stables)

Have you ever wondered if there is a more convenient way to modify xml documents, beside libxml2? Sure, there is the nice dom within Firefox, but outside of that?
Well, there is augeas. AFAIK initially a project to standardize the interface to modify configuration files, in other words a common syntax for different formats.
Files are parsed trough so called lenses. Those lenses transform the actual file (e.g. httpd.conf or passwd) into a tree, which than can be modified by a set of augeas commands.
As lenses are bi-directional the same lense can be used to read a file, and to dump the (internal augeas) tree back into a valid configuration file. A nice concept, ey?

A back to the topic, one of the lenses - Xml.lns - can be used to modify XML files.
The following example creates a dummy xml file and modifies it using augtool.

$ sudo yum install augeas tidyp

$ cat > abc.xml <<EOF
<world poo="bar">
<child>Hi there.</child>

$ augtool -LA -e <<EOF
# Load XML lense
set /augeas/load/xml/lens "Xml.lns"
set /augeas/load/xml/incl "$PWD/abc.xml"

# Dump internal tree
print /files

# Add a note
set /files/$PWD/abc.xml/world/note/#attribute/timestamp "now"
set /files/$PWD/abc.xml/world/note/#text "Wtf"

# Change the text of a node.
set /files/$PWD/abc.xml/world/child/#text "Hello World."

# Insert a new child after the present child
ins child after /files/$PWD/abc.xml/world/child
set /files/$PWD/abc.xml/world/child[2]/#text "Hello Mars."

# Insert a new child - anywhere ..
set /files/$PWD/abc.xml/world/child[3]/#text "Hello Jupiter Jones."

# More children
set /files/$PWD/abc.xml/world/child[4]/child/child/#text "Hello Mars."

print /files/$PWD/abc.xml

print /augeas//error

$ tidyp -xml -i -q < abc.xml

$ unlink abc.xml

With the help from the people at #augeas on freenode, I found out that (a) there is a small bug preventing the usage of relative paths and (b) You need a little knowledge about the format you are writin to. In the (xml) example above, you need to specify attributes before specifying a #text node, because they are written first. If they were specified the other way round, augeas would fail while saving.

Tuesday, November 29, 2011

Using lokkit to handle your firewall.

Some common thing is to turn of the firewall if a freshly installed machine isn't reachable from the outside, as fidling with iptables is not everyones passion.

lokkit is another way to open some ports to the public.

Just use
$ sudo lokkit --list-services

to see what services/ports can be managed/opened using lokkit. For me it's quite common to open ports for ssh, ipsec and mdns afer a fresh installation

$ sudo lokkit -s ssh
$ sudo lokkit -s mdns
$ sudo lokkit -s ipsec

Let's see if there will be something new in the near future to handle - somtimes quite complex (see virtualization) - iptable setups.

Sunday, November 27, 2011

How to get a link to your public hardware data (smolt profile).

Smolt is a tool to gather data about your hardware in a distribution independent way. Hardware data can be interesting for a couple of reasons, e.g. developers get detailed informations about hardware involved in bugs.
When opted-in, a smolt profile is created for your hardware after the installation, on the first boot (via firstboot). There is smoltSendProfile (part of the smolt package), which can be used to re-send your hw data.
But there is no easy way to get a link to your public profile - this should be changed, but until then ..
- if you are interested - you can use the following lines, to determine the URL to your public profile:
$ python <<EOF
import sys
sys.path.append ("/usr/share/smolt/client")
import smolt 
print (smolt.get_profile_link(smolt.smoonURL, smolt.getPubUUID ()))

Thursday, November 24, 2011

Securing peer connections using IPSec


If some application or transport protocol doesn't specify a way to encrypt it's contents, it might be still enough to encrypt a lower layer.

IPSec is a way to encrypt IP packets (actually it is an alternative to IP).

The script after the break can be used to secure a connection - like an RTSP stream - between two peers using a pre shared key (psk).

Saturday, November 19, 2011

The journal - or system wide logging.

A couple of days ago I mentioned the idea of a session wide logging daemon.
Today the folks around systemd introduced "the journal", an improved logging approach for systemd based systems.

Wednesday, November 16, 2011

presence is up for review.

becks beer

To get presence into Fedora a so called "review" is needed - as you might know. If not it's a must to do one.
So if you needed something entertaining tonight, just grab a nice bottle of Beck's beer (or Bionade Holunder) and a box of Pringles (or Rosinen) and enjoy the few spec file lines.


Sunday, November 13, 2011

yum update fails in Fedora 16 because of broken certificates

Today (and also the last days) I ran into trouble when updating my system.
yum update ran silently in to the error:
$ sudo yum update -y
Geladene Plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit
Fehler: Cannot retrieve repository metadata (repomd.xml) for repository:
fedora. Please verify its path and try again
That didn't tell me a lot about the error, also a yum clean metadata didn't help.
After a bit of googling I stumbled across the URLGRABBER_DEBUG variable which tells yum to debug all URL fetching stuff, this lead me to the error:
$ sudo URLGRABBER_DEBUG=1 yum update -y
Geladene Plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit
Could not get metalink
repo=fedora-debug-16&arch=x86_64 error was
14: Peer cert cannot be verified or peer cert invalid
Fehler: Cannot retrieve repository metadata (repomd.xml) for repository: 
fedora. Please verify its path and try again
It was discovered last year that such errors are not passed to the user, but it might be a good idea to fix this.
To get around the error you can temporarily disable the verification of hosts using yum's setopt switch:
$ sudo yum update --setopt=sslverify=false

Friday, November 11, 2011

Session wide logging in GNOME.

Currently each application in GNOME is using GLib's logging functionality or something custom.
Errors written to stdout get logged in ~/.xsession-errors - and other places we don't know about.

What I would like, is to have a central place for application related logging. This could have many benefits:
  • Users have a single place to look out for errors applications didn't (yet) tell them about.
  • A logging daemon can keep a history and this could help solving bugs, e.g. it could be added to abrt reports.
  • Leads to less clutter in ~/.xsession-errors
If such a daemon is introduced, it should to be easy to integrate and be backwards compatible. In my eyes talking to this daemon can easily be realized by providing a GLogFunc, which handles the appropriate communication with the daemon. Additional features - like searching or exporting - could also be provided by the DBus interface, bt this is not important for logging itself.

And this is what I suggest:

slogd a simple logging daemon, providing a DBus interface to log messages.  This daemon also has an example backend which logs the messages into a sqlite database (via GDA).

libslogc a very tiny library to communicate with the daemon and slogc, a small tool wrapping libslogc. libslogc also provides slog_client_log (...), a GLogFunc to be used from C.

And there is finally simple.c, a small example on how to integrate libslogc. (Well, there ain't much to do.)

The code can be found at
This is a prototype to get some feedback and see what other people think about a central logging daemon.

Wednesday, November 9, 2011

Wrapping OpenCL™ in Vala℠

soda straw wrapper

Because of the recent stirs regarding OpenCL in our FLOSS ecosystem (think about clover, pocl, libclc and there is one I am missing ...) and some demand on my side, I tried to use OpenCL (in form of Intel's OCL SDK - as clover and pocl require some bleeding edge clang/llvm) from Vala - my favorite language in the ecological niche of GNOME.

My first attempt was a straight binding of the cl.h without modeling the intended OO structures. Modeling the intended structure is possible, but there are more things to do, like run-time checks (ever heard of ErrorCode?) ..
Yesterday I ended in writing a small set of wrapper classes in vala (so effectively a GLib wrapper around the low-level OpenCL C API), calling the native C functions via the created low-level API.
Today I got first basic kernel running, that's nice progress (I just tested in on a CPU, GPUto go ...)
This wrapper removes a lot of the boilerplate (and checks) needed to get OpenCL and a kernel running.

There is still much room for improvement in the wrapper, much can be cleaned up and VAPI can be restructured to incorporate the OO structure of OpenCL.
This could lead to a simpler wrapper.

Well, it's start - like the projects mentioned in the first paragraph ...
Dig into it at gitorious.

Presence and adjustable video quality.

Presence - a small vala, gstreamer, clutter and dirac/schroedinger - based bi-directional video tool, is configurable now.

You can actually use it to establish uni- or bi-directional audio/video streams in trusted/local networks. Sometimes this can be handy, as those streams can be set-up to have a much better quality than generic VoIP solutions ...
You can even receive more than one stream.

Currently you can adjust the video size, the compression quality and the framerate to get the optimal balance between performance and capabilities of the underlying hardware.
A next thing is to tune those parameters automagically - but I'll need to find out how to detect dropped frames or an increased latency. Additional there should be a way to adjust the latency/buffer on the receiving side, to match the amount of data coming in.

Find it on gitorious.

Tuesday, November 1, 2011

Presence now has »picture in picture (PiP)« mode.

The next branch of presence gained PiP support, this allows the parallel view of "secondary" streams besdes the primary one. Some refactoring needs to be done, before it lands in master.
Another thing on the todo list are more convenient dialogs. Maybe someone has some styling ideas?
If you wonder how I got Big Buck Bunny into presence, just continue reading.