Run a Secure git Repository on FreeNAS

Posted by Matt Rude on January 27th, 2010 | Filed Under: Technology | Tagged as: FreeNAS, Git, SSH

Running a secure git repository on FreeNAS is pretty straight forward, once you understand what your trying to do. If you have looked over my previous post “Creating a secure Git repository server” you understand that all you really need to do is connect to the git repository via ssh/ssl and copy back what you need. The hardest part of using FreeNAS is creating the keys.

To start out, you need to create a user account on the FreeNAS system. This will be a generic account that everyone who has write access will use. You may also create a account for each person, and grant each of them access to the central repository.

After you have your account, follow my post on “Enable SSH Key Authorization on FreeNAS” to copy over the SSL key and setup the account. Once you are able to log in as your FreeNAS git user, you may follow my previous post “Creating a secure Git repository server” to setup the git repository.

Converting a MediaWiki database from MySQL to SQLite

Posted by Matt Rude on January 17th, 2010 | Filed Under: Technology | Tagged as: MediaWiki, MySQL, SQLite

So the plane here is to convert a fully working MediaWiki install running on MySQL to run on SQLite instead. To do this you will need to install a 2nd MediaWIKI install on a test or development system. Once you are done you can move your new MediaWiki install to where every you would like.

Backup up your Old MediaWiki Installation

To start, from within your working MediaWiki install, first back up your data.

php maintenance/dumpBackup.php --full --uploads > wiki-backup.xml

This will create a file named wiki-backup.xml in your MediaWiki’s root directory, copy that file to a safe place. We aren’t going to touch the MySQL database until were done, but it’s always a good idea to have backups safe and sound in case you need them.

The backup script run above dose not backup your MediaWiki’s uploaded images and other files. These files are stored in your ‘images’ folder in the root of MediaWiki’s directory. You need to back those up also.

tar -czf wiki-images.tgz images/

You should now have everything you need from your old MediaWiki install. Next you will need to install MediaWiki in a new location on your sever (or a development server).

Installing your new SQLite MediaWiki site

You should download and install the newest version of MediaWiki. I always you the development trunk since this is what’s used on Wikipedia.

During the install process you will be asked what database you would like to use, you much choose ‘SQLite’ since this is the point of reinstalling MediaWiki. Bring your new install all the way so you have a new install running on your server. MediaWiki will create a default home page for you and you should be able to modify that page. If you are unable to get MediaWiki installed or if you have a problem modifying the Main Page after the install, please see the MediaWiki mailing lists or the FAQ for assistance.

Restoring your Data on your new SQLite site

After you have your new SQLite version of MediaWiki installed and working, you need to restore your data. The database part of this is pretty strate forward.

Start by copying the xml file you created in the first step to your new MediaWiki install. Then run the following:

php maintenance/importDump.php wiki-backup.xml

Depending on the amount of pages you have, this may take quite some time to process. Once this is done all your pages should be on your new install (expect the Main Page, you will need to copy that manually).
To restore you images and other uploaded files, first you need to extract the tarball you made earlier to temporary location.

mkdir temporary
cp wiki-images.tgz
tar -xzf wiki-images.tgz

This will create a bunch of folders in the temporary directory, you need to copy everything in those folders into a single folder. The name of the folder doesn’t matter, I’m using tempimages, but you may use what you would like.

mkdir tempimages
cp images/*/*/* tempimags

Now that you have everything in a single folder, import the content of that folder into your new MediaWiki install.

php maintenance/importImages.php tempimages/

And that should do it, you should now have a fully working MediaWiki install using SQLite.

Enable SSH Key Authorization on FreeNAS

Posted by Matt Rude on January 2nd, 2010 | Filed Under: Technology | Tagged as: FreeNAS, How-To, SSH

FreeNAS is a powerful tools for archive data and other long-term storage requirements. Recently I have started backing up this and other off-site servers to one of my local FreeNAS boxes. Since these systems are only connected via the insecure internet (no VPN), I decided to transmit the backup files via SSH using SCP. In order to do this without having to enter my password in for each and every backup (most of which happen while I’m hopeful sleeping), I needed to implement SSH Key Authorization on the receiving FreeNAS box.

To do this first I needed to create a DSA key pair on a different system. On my Fedora 12 laptop I ran

ssh-keygen -t dsa

The trick here is to not create your new key pair in the default directory of “~/.ssh/” but in a temporary directory instead. So when it asks you.

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):

Enter a different file in witch to save the key in. Note this is asking for the name of a file, not the name of the directory, it will also create a .pub file, this is the public key for the above private key.

Now that you have a public/private key for the FreeNAS box, if you don’t already you need to create one for the user that you plan on sending the file from. Just follow the above command, but this time, you may just hit enter all the way threw leaving all options as default.

Next, go to your FreeNAS web-page control panel, If you don’t already have one, you will need to create a user on your FreeNAS box for you to connect to. You may do this via “Access -> User and Groups” from the black bar on the top of the page.

Now from the top (black) bar go to “Services -> SSH”

On your Services|SSH page, first make sure the service is enabled (top right hand corner). Once it is you will be able to change the below options.

TCP Port: The default (port 22) is fine in most cases, but note if you change it, you must use the new port for all connections.
Permit root login: My option is that the root account should never be allowed to log in via a remote process. You should set your system up correctly where this is not needed.
Password authentication: For now this must be enabled (checked), once you have set “Key Authorization” up, you may disable this option.
TCP forwarding: Disabled (unchecked)
Compression: Enabled (checked)
Private Key: This will be were we put the private key created above. All you need to do is copy and paste.
Extra options: Blank

After you have made your changes, “Save and Restart” the service.

On your local system, you need to copy the content of the local users public (~/.ssh/username.pub) key file to a new file named “authorized_keys” (Note: this is not the file we created for FreeNAS but the file we created for your local account). This is the file that will need to be copied to your FreeNAS box.

Now that you have all the needed bits, we need to log into your FreeNAS server and create a “.ssh” directory to store the “authorized_keys” file. To log in to the FreeNAS box interactively run a command similar too.

ssh freenasuser@freenasaddress

Or if you changed the “TCP Port” above, your command will look like this:

ssh -P freenasport freenasuser@freenasaddress

Once your logged in, you need to create the directory, by doing.

mkdir ~/.ssh

After you have successfully created your directory, you may exit out of your FreeNAS box for the next step.
Back on your local system you need to copy the “authorized_keys” file created before to the FreeNAS box. Using SCP you can do this by running a command like:

scp -P freenasport authorized_keys freenasuser@freenasaddress:~/.ssh/

This will copy the file to the FreeNAS box. Next, reconnect to the FreeNAS box as you did before and run.

cd ~/.ssh/
chmod 600 authorized_keys

Once your done, you should be able to connect to your FreeNAS box using the private key in the authorized_keys with out a password.

Installing Dovecot with SQLite Support

Posted by Matt Rude on December 8th, 2009 | Filed Under: Technology | Tagged as: Dovecot, Postfix, SQLite

Following in line with my previous post on Installing Postfix with SQL Support. This post will describe installing Dovecot from source with full SQLite support.

Installing from Source

First start out by downloading the lastest version from Dovecot’s website (the current version as of the writing of the how-to is 1.2.8).

yum -y install sqlite sqlite-devel gcc make patch db4-devel cyrus-sasl-devel

Next download and untar the source code.

wget http://dovecot.org/releases/1.2/dovecot-1.2.8.tar.gz
tar -xzf dovecot-1.2.8.tar.gz
cd dovecot-1.2.8/

Next, you will need to configure the code before compiling.

./configure --with-sqlite
echo $?

Assuming the configure command finishes with out error (the last line should be a “0″). Compile and install Dovecot.

make && make install

Configuring Dovecot for SQLite

First we need to create or modify the dovecot config file for SQLite access. If you are currenly using MySQL with Dovecot, switching to SQLite is pretty easy and strate forward. Or you may just use the below dovecot config file.

### Dovecot configuration file ###
### /etc/dovecot.conf ###
protocols = pop3 imap
login_user = postfix
auth_cache_size = 128
auth_cache_ttl = 600
mail_debug = yes

mail_location = maildir:%h/

protocol imap {
 listen = *:143
}

protocol lda {
  postmaster_address = postmaster@mattrude.com
  hostname = odin.mattrude.com
  mail_plugin_dir = /usr/local/lib/dovecot/lda
  auth_socket_path = /var/run/dovecot/auth-master
}

auth default {
  mechanisms = plain login
  userdb sql {
    args = /etc/dovecot-sqlite.conf
  }
  passdb sql {
    args = /etc/dovecot-sqlite.conf
  }
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      user = virtualmail
      group = virtualmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

After you have created the main Dovecot config file, you will need to add the SQLite config file (below).

### /etc/dovecot-sqlite.conf ###
driver = sqlite
connect = /etc/postfix/postfix.sqlite
password_query = SELECT password, username AS user \
  FROM mailbox WHERE username = '%u' AND domain = '%d'
user_query = SELECT maildir, 1000 AS uid, 1000 AS gid FROM mailbox WHERE \
  username = '%u' AND domain = '%d' AND active = '1'

After the config files have been created, we need to create the database file, here is where you will need SQLite installed on the system.

Building the SQLite Database

In order to use the SQLite function, you need a SQLite database. First using SQLite3 run

sqlite3 /etc/postfix/postfix.sqlite

To create the database, then you can copy and past the following scheme into the new database.

CREATE TABLE alias (
  address varchar(255) NOT NULL,
  goto text NOT NULL,
  domain varchar(255) NOT NULL,
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1');

CREATE TABLE domain (
  domain varchar(255) NOT NULL,
  description varchar(255) NOT NULL,
  aliases int(10) NOT NULL default '0',
  mailboxes int(10) NOT NULL default '0',
  maxquota bigint(20) NOT NULL default '0',
  quota bigint(20) NOT NULL default '0',
  transport varchar(255) NOT NULL,
  backupmx tinyint(1) NOT NULL default '0',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1' );

CREATE TABLE mailbox (
  username varchar(255) NOT NULL,
  password varchar(255) NOT NULL,
  name varchar(255) NOT NULL,
  maildir varchar(255) NOT NULL,
  quota bigint(20) NOT NULL default '0',
  domain varchar(255) NOT NULL,
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  local_part varchar(255) NOT NULL );

Then close the database

.quit

Or you may download mine from below and use the same scheme work.

postfix.sqlite

mkdir /var/run/dovecot

Dovecot INIT file

#!/bin/bash
#
#	/etc/rc.d/init.d/dovecot
#
# Starts the dovecot daemon
#
# chkconfig: - 65 35
# description: Dovecot Imap Server
# processname: dovecot
# Source function library.
. /etc/init.d/functions

test -x /usr/local/sbin/dovecot || exit 0

RETVAL=0
prog="Dovecot Imap"

start() {
       echo -n $"Starting $prog: "
	daemon /usr/local/sbin/dovecot
	RETVAL=$?
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dovecot
	echo
}

stop() {
	echo -n $"Stopping $prog: "
	killproc /usr/local/sbin/dovecot
	RETVAL=$?
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dovecot
	echo
}

case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  reload|restart)
	stop
	start
	RETVAL=$?
	;;
  condrestart)
	if [ -f /var/lock/subsys/dovecot ]; then
	    stop
	    start
	fi
	;;
  status)
	status /usr/local/sbin/dovecot
	RETVAL=$?
	;;
  *)
	echo $"Usage: $0 {condrestart|start|stop|restart|reload|status}"
	exit 1
esac

exit $RETVAL

How-To Disable tool-tips in Fedora 12 (while using GNOME)

Posted by Matt Rude on November 27th, 2009 | Filed Under: Technology | Tagged as: Fedora

As the user you login as (ie: not root) edit or create the file named gtkrc-2.0.

vim ~/.gtkrc-2.0

and add the line

gtk-enable-tooltips = 0

if the file dosen’t exict yet, don’t worry about it.

Last, reboot your system and the tool tips should be gone.

Auto Update Script for MiniMyth

Posted by Matt Rude on November 21st, 2009 | Filed Under: Technology | Tagged as: Mythtv

This script will download the newest version of MiniMyth and update your tftp directory.

It first downloads the version file and compares that version number to the current install version of MiniMyth install. If it determines that the version dose not match it will then download the current release, untar it and move the files to their current locations. It dose not delete any older versions on your server.

The TFTPDIR variable is the location on your tftp server where the MiniMyth files are stored.
The URL variable is the MiniMyth directory that the install of MiniMyth you wish to use lives.

You may also download the full directory structure with this script from my github repository or from my server.

# /bin/bash
# Matt Rude <m@mattrude.com> 11-Nov-2009
#
TFTPDIR=/tftpboot/PXEClient
URL="http://minimyth.org/download/stable/latest/"
##############################################################################
if [ -e $TFTPDIR/version ]; then
 mv $TFTPDIR/version $TFTPDIR/version.last
 rm -rf $TFTPDIR/verstion.md5
else
 touch $TFTPDIR/version.log
 touch $TFTPDIR/version.last
fi

cd $TFTPDIR
wget -nc $URL/version > /dev/null 2>&1
VER=`cat $TFTPDIR/version`
OLDVER=`cat $TFTPDIR/version.last`

if [ "$VER" = "$OLDVER" ]; then
 chown -R apache:apache $TFTPDIR/*
 exit 0
else
 echo "`date` Upgraded to version: $VER" >> version.log

 rm -rf $TFTPDIR/ram-minimyth-*.tar.bz2.md5
 wget -nc $URL/ram-minimyth-$VER.tar.bz2 > /dev/null 2>&1
 wget -nc $URL/ram-minimyth-$VER.tar.bz2.md5 > /dev/null 2>&1
 MD5STAT=`md5sum -c ram-minimyth-$VER.tar.bz2.md5 |awk ' {print $2 }'`
 if [ "$MD5STAT" = "OK" ]; then
  rm -f $TFTPDIR/kerne*
  rm -f $TFTPDIR/rootf*
  rm -fr $TFTPDIR/conf/default/theme*
  tar -xjf ram-minimyth-$VER.tar.bz2
  rm -rf ram-minimyth-$VER.*
 else
  echo "`date` Minimyth Version $VER Failed the MD5 check" >> version.log
  echo "" > $TFTPDIR/version
  exit 1
 fi

 RAMDIR=$TFTPDIR/ram-minimyth-$VER

 mkdir -p $TFTPDIR/conf/default
 cp $RAMDIR/kernel $TFTPDIR/kernel-$VER
 cp $RAMDIR/rootfs $TFTPDIR/rootfs-$VER
 cp -r $RAMDIR/themes $TFTPDIR/conf/default/themes-$VER

 ln -s kernel-$VER kernel
 ln -s rootfs-$VER rootfs
 cd $TFTPDIR/conf/default
 ln -s themes-$VER themes
 #mythtvosd --template=scroller --scroll_text="minimyth upgraded to: $VER" > /dev/null
fi

cd $TFTPDIR
mv version.log version.tmp
tail -2 version.tmp > version.log
rm -rf version.tmp
chown -R apache:apache $TFTPDIR/*
exit 0

Next Gallery Image Link in Image Posts

Posted by Matt Rude on October 27th, 2009 | Filed Under: Technology | Tagged as: Photo Gallery, Wordpress

If you were to view one of the images in my WordPress gallery, such as my Minnesota State Fair – 2009 gallery, and view one of the images. You will see a previous and next image on the bottom of the image page. As you may of already of guessed, the next and previous images are all part of the way my theme handles image pages.

In order to do this, I needed to add the below snippet to my image.php file. You should already have a “navigation” section, find it, and replace it with the below code (MAKE SURE YOU BACK UP YOUR IMAGE.PHP FILE FIRST).

<div class="image-navigation">
	<?php $attachments = array_values(get_children( array('post_parent' => $post->post_parent, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => 'ASC', 'orderby' => 'menu_order ID') ));
	foreach ( $attachments as $k => $attachment )
		if ( $attachment->ID == $post->ID )
			break;
	$attachments = array_values(get_children( array('post_parent' => $post->post_parent, 'post_status' => 'inherit', 'post_type' => 'attachment', 'post_mime_type' => 'image', 'order' => 'ASC', 'orderby' => 'menu_order ID') ));
       $next_url =  isset($attachments[$k+1]) ? get_permalink($attachments[$k+1]->ID) : get_permalink($attachments[0]->ID);
       $previous_url =  isset($attachments[$k-1]) ? get_permalink($attachments[$k-1]->ID) : get_permalink($attachments[0]->ID);
	if ( wp_get_attachment_image( $post->ID+1 ) != null ) { ?>
		<p class="attachment">
			Next Image<br />
			<a href="<?php echo $next_url; ?>"><?php echo wp_get_attachment_image( $post->ID+1, 'thumbnail' ); ?></a>
		</p>
    <?php }

    if ( wp_get_attachment_image( $post->ID-1 ) != null ) { ?>
        <p class="attachment">
            Previous Image<br />
            <a href="<?php echo $previous_url; ?>"><?php echo wp_get_attachment_image( $post->ID-1, 'thumbnail' ); ?></a>
        </p>
    <?php } ?>
</div>

WordPress 2.9 Post Thumbnail Function

Posted by Matt Rude on October 11th, 2009 | Filed Under: Technology | Tagged as: How-To, Wordpress

WordPress 2.9 brings a new function for users of gallery’s the add_theme_support(‘post-thumbnails’) function. with this you will get a new item on your new post window named Post Thumbnail (see right). After you have added a post Thumbnail to a post, you need to display it. By using a “gallery” category, creating the below two files (or adding the code to files) and editing your category.php file, you may display a custom gallery page.

See a example here

To start, create a new file named gallery-function.php and add the following code to it, this file should live in the root of your current theme’s directory.

gallery-function.php

<link rel="stylesheet" href="<?php bloginfo('template_url'); ?>gallery-function.css" type="text/css" media="screen" />
<div id="gallerypost-<?php the_ID(); ?>">
    <div id="gallerypost_main-<?php the_ID(); ?>">
	<div id="gallerypost_thumbnail-<?php the_ID(); ?>">
		<?php post_thumbnail(); ?>
	</div>
	<div id="gallerypost_body-<?php the_ID(); ?>">
		<?php $images =& get_children( 'post_type=attachment&post_mime_type=image' ); ?>
		<h2><a rel="bookmark" href="<?php the_permalink(); ?>"><?php the_title(); ?></a></h2>
		<div><small>Posted by <?php the_author_posts_link(); ?> on <?php the_time('F jS, Y') ?></small></div>
		<div>
			<?php the_excerpt(); ?>
		</div>
	</div>
    </div>
    <div id="gallerypost_sub-<?php the_ID(); ?>">
	<div id="gallerypost_sub_left-<?php the_ID(); ?>">
		<p><?php echo get_the_term_list( $post->ID, 'people', 'Who: ', ', ', '<br />' ); ?></p>
		<p><?php echo get_the_term_list( $post->ID, 'events', 'What: ', ', ', '<br />' ); ?></p>
             	<p><?php echo get_the_term_list( $post->ID, 'places', 'Where: ', ', ', '' ); ?></p>
	</div>
	<div id"gallerypost_sub_right-<?php the_ID(); ?>">
		This Album contains <?php echo $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->posts WHERE post_parent = '$post->ID' AND post_type = 'attachment'" ); ?> items.
	</div>
    </div>
</div>

Next create a file named gallery-function.css and also add it to our current theme’s root directory.
gallery-function.css

.gallerypost {
        background-color:#fff;
        display: block;
        hNeight: 300px;
        margin: 0px 0px 10px 0px;
        padding: 20px 10px 10px 10px;
        overflow: hidden;
        border-bottom: 1px solid #D2C4A2;
        }
.gallerypost_body {
        float: right;
        width: 430px;
        margin: 0 20px 0 0;
        }
.gallerypost_body p {
        margin: 50px 0px 0px 0px;
        }
.gallerypost_body .entry p {
        margin: 0px 0px 0px 0px;
        }
.gallerypost_body .entry {
        margin: 0px 0px 0px 0px;
        }
.gallerypost_main {
        width: 690px;
        }
.gallerypost_sub {
        display: block;
        padding: 210px 0px 0px 10px;
        }
.gallerypost_sub {
        display: block;
        padding: 210px 0px 0px 10px;
        }
.gallerypost_sub p {
        vertical-align: bottom;
        margin: 0;
        }
.gallerypost_sub_left {
        width: 220px;
        display: block;
        float: left;
        }
.gallerypost_sub_right {
        width: 220px;
        display: block;
        float: right;
        }
.gallerypost_thumbnail {
        float: left;
        }
.gallerypost_thumbnail img {
        margin: 0 0 0 10px;
        color: #000;
        }

And lastly you will need to add the following to your functions.php file in your current theme’s root directory (you may add it anywhere in functions.php).

add_theme_support('post-thumbnails');
set_post_thumbnail_size(200, 200);

Now that we have our functions built, we need to add some code to your category.php file.

Right after:

<?php while (have_posts()) : the_post(); ?>

Add the following code. This will display the gallery-function.php code when a post is in the “gallery” category.

<? if ( is_category( 'gallery' )) {
                    include('gallery-index.php');
               } else { ?>

Next Before:

<?php endwhile; ?>

Add the following to close the if statement.

<?php } ?>

And that should do it, you should now see the post image on the gallery category page similar to below.

Postfix: remap from addresses with a generic map

Posted by Matt Rude on September 27th, 2009 | Filed Under: Technology | Tagged as: How-To, Postfix

Depending on the software you are using, you may need to change the outbound (from) address of outbound email. In this How-To, we will change the outbound email address from “apache@example.com” to “webmaster@example.com”.

To start out, go to your postfix directory and modify/create your generic file. Your generic file will map the two addresses to each other. At the end of your generic file add a space or tab seperated file simmiler to this.

apache@example.com         webmaster@example.com

Once you have added the entries to your generic file, you need to hash the file so postfix may quickly access it.

postmap /etc/postfix/generic

After you map has been created, you will need to add the entry to your main.cf file to tell Postfix to use your generic map.

smtp_generic_maps = hash:/etc/postfix/generic

Once you have updated your main.cf file, you need to reload postfix

postfix reload

wp reCAPTCHA form version 0.1 released

Posted by Matt Rude on September 18th, 2009 | Filed Under: Technology | Tagged as: Plugin, Wordpress

I have released wp-reCAPTCHA version 0.1. This plugin will allows you to also add subjects to your contact form. Please check it out on it page at http://mattrude.com/projects/wp-recaptcha-form/.