2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 48,000 views in 2012. If each view were a film, this blog would power 11 Film Festivals

Click here to see the complete report.

SF2: Apache2 based HTTP-Authentication with Capifony

Almost every RoR dev knows Capistrano. It’s an awesome tool for deploying RoR applications (not only, but let’s leave it at that for know ;) ) and also as a Symfony2 dev one can harness its power with Capifony.

I usually create Apache2 based HTTP-Authentication by hand for projects where the customer doesn’t provide a dedicated staging server but wants me to deploy on their live-system without going public. But in one of my current projects htpasswd wasn’t available in the restricted SSH-Shell, I could only use their web-based “Directory Security Tool”. That was fine for the first deploy, but afterwards I was always greeted with a 500 server error. But why?

Continue reading

Using Access Control List for web-development

Who doesn’t know that situation? You’re implementing a feature (e.g.: a file upload :-P) in whatever language you like and when you test it it fails because the web server has no permissions whatsoever to write to that directory. Bummer!

There are quite a few different ways to handle that: chmod 777, chown -R webServer, run the web server as you, suEXEC… but they all bring their own bunch of problems with them (which I won’t pursue in-depth now). The imho most elegant solution are Access Control Lists. With ACLs you get everything you need and when done properly, will render permission problems a thing of the past.

The following commands do basically the same just on two different operating systems. They grant the web-server user (_www/www-data) and me (pubmem) all rights in the directory foo and it’s subdirectories and set default ACL rights that future files/directories will inherit. The last commands (ls and getfacl respectively) allow you to review the ACLs set. For further information regarding the flags RTM. ;)
OS X (10.6):

chmod -R +a 'pubmem allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' foo
chmod -R +a '_www allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' foo
ls -led foo

Ubuntu 10.04:

setfacl -R -m u:www-data:rwx,d:u:www-data:rwx,u:pubmem:rwx,d:u:pubmem:rwx foo
getfacl foo

References

Setting up Gitweb with Gitolite on Ubuntu 10.04 (Lucid Lynx)

As gitosis’s development seems to be no more (last release almost 3 years ago, last commit 1,5 years ago), I switched to gitolite for my repository and user management some time ago (maybe I’ll cover the switch in another post later on). But until yesterday, something was missing for me: I forgot to reconfigure gitweb! :P

The reconfiguration was pretty straightforward. First add the apache user to the git group that is part of the ownership of the gitolite repositories:

sudo usermod -G git www-data

Restart apache so that change is applied.

Then change gitolite’s default umaks to 0027 in .gitolite.rc:

# $REPO_UMASK = 0077;         # gets you 'rwx------'
$REPO_UMASK = 0027;       # gets you 'rwxr-x---'
# $REPO_UMASK = 0022;       # gets you 'rwxr-xr-x'

For existing repositories you need to change the rights to 750 (740 should do it as well) (740 can’t obviously work with a umask of 0027! Thx Dude! ;)) from 700, so gitweb can read the repositories as well:

sudo chmod -R 750 /path/to/repositories/

And the final step is to change the gitweb configuration to point to the gitolite installation:

# path to git projects (.git)
$projectroot = "/srv/git/repositories";

# directory to use for temp files
$git_temp = "/tmp";

# target of the home link on top of all pages
#$home_link = $my_uri || "/";

# html text to include at home page
$home_text = "indextext.html";

# file with project list; by default, simply scan the projectroot dir.
#$projects_list = $projectroot;
$projects_list = "/srv/git/projects.list";

# By default, gitweb will happily let people browse any repository
# they guess the name of. This may or may not be what you want.
# I prefer to set these, to allow exactly the repositories in
# projects.list to be browsed.
$export_ok = "";
$strict_export = "true";

# stylesheet to use
$stylesheet = "/gitweb/gitweb.css";

# logo to use
$logo = "/gitweb/git-logo.png";

# the 'favicon'
$favicon = "/gitweb/git-favicon.png";

You need to make sure that gitwebs $projects_list variable has the same value as the $PROJECTS_LIST variable in gitolite.rc!

And all that’s missing now is a gitweb’bed repository! For this you need to grant the gitweb user readable rights by gitolite to the repository you want to show up in gitolite.conf.

repo foo
  R = gitweb

Save the change, commit it and push it! That’s all folks!

References

Change Git Author/Committer Name and eMail in the History

This happens to me all the time: I have a default user.name and user.email set in the global git config, but when I work on a project I sometimes must use another name. Usually I change it before my first commit, but that’s more the exception than the case. And just now I realized that I can change the commiter name/email in a working repository for all my previous commits. Awesome!! And it’s a one-liner:

git filter-branch --env-filter 'GIT_AUTHOR_NAME="pubmem";GIT_AUTHOR_EMAIL="pubmem@something.net";GIT_COMMITTER_NAME="pubmem";GIT_COMMITTER_EMAIL="pubmem@something.net";' HEAD

UPDATE:

Don’t do this when working with git-svn! ;)

References

Flash EFI firmware update manually on a Mac(Book 5,1)

So, you find yourself in the need to flash an EFI update by hand on a mac??  That’s awesome, I was in the same situation! My story is quite funny, it all started….nah, just kidding! First things first, I’ll tell you my story afterwards. ;) Continue reading

Setup Samba Shares on Ubuntu Server 10.04

First install Samba (all commands should be preceded with sudo, but for the sake of readability it is ommitted):

johndoe@server:~$ apt-get install samba

Then modify the config file in /etc/samba/smb.conf by changing the workgroup to yours (workgroup = YOUR_WORKGROUP) and uncommenting security = user.

Now create a share:

[SHARE_NAME]
comment = A comment about this share
path = /PATH/TO/SHARE
valid users = USER
hide files = /lost+found/
read only = No
browsable = Yes
writable = Yes

All options are explained in the smb.conf man(5) page.

I think a samba user does not necessarily need a UNIX account, but I usually create one to chown dedicated shares.

johndoe@server:~$ adduser --no-create-home --disabled-login USER
johndoe@server:~$ usermod -p PASS USER

According to Google UNIX Samba passwords should stay in sync, but that didn’t work out for me. So set the user password again:

johndoe@server:~$ smbpasswd -a USER

Now restart the server (service smbd restart) and point the Explorer to your machines IP. That’s all folks. ;)

References

Follow

Get every new post delivered to your Inbox.