January 29, 2009

If you have never heard of FOSDEM, it’s the “Free and Open Source Software Developers’ European Meeting” which is held in Brussels in February each year. It usually attracts several thousand geeks from across Europe for two days of presentations and project developer meetings.

I went last year and was really impressed with the “buzz” around the place, it was great to have so many like-minded people around who were all involved with or interested in Free and Open Source projects. As well as the main talk track it has a lot of separate “developer rooms” which are used to host talks for specific projects (e.g. Debian, KDE, mozilla). I attended some good talks, particularly on CMake which was very useful for the LCFG buildtools. I’m going again this year and I am really looking forwards to it, there’s an excellent line-up of talks.

I'm going to FOSDEM, the Free and Open Source Software Developers' European Meeting

Subversion component

January 26, 2009

As mentioned in the previous post, recently I have been working on providing WebDAV access to the LCFG subversion repository. Part of getting this done was extending the LCFG subversion component so that it can generate authorization files which could be used by WebDAV, it now does this and creates a file named webdav_authz in the svn base directory (e.g. /var/svn). At the same time I took the opportunity to rewrite the component into Perl, this has been on my todo list for quite a while because the shell version was suffering from the limit on number of variables. We have not hit this in Informatics but IS were certainly seeing this problem and it was only a matter of time before it did affect our subversion servers. It’s amazing how many minor bugs I found in the code I had added previously to support doing database dumps. Thankfully nothing serious but a few assumptions which should not have been hardcoded. I’ve written up some notes on the LCFG subversion component which covers the new features. The latest version of the package is not yet installed as the default, in the meantime you can download the package if you have sufficient access rights. It uses a slightly different version of the schema which works fine with the stable version of the subversion component if you need to run both on different machines.

Linux file ACLs

January 19, 2009

I am currently working on providing WebDAV access to the LCFG subversion repository. This is being done in a fairly generic way so that the LCFG configuration could be reused for other LCFG managed repositories. Currently it is only available via ssh and access is controlled by making the directory owned by root and accessible only by users in the lcfgsvn group. This is a problem for providing WebDAV access without breaking the previous access method as the apache user is not in that group and, in the case of Informatics, cannot be added to the group membership data, which is stored in LDAP. Simon suggested that as the filesystem is ext3 I should experiment with ACLs, this isn’t something I’ve used before but it was actually very easy to achieve what I needed. Here’s the basics:

$ mount / -o acl,remount
$ mkdir /var/svn/lcfg
$ chgrp lcfgsvn /var/svn/lcfg
$ chmod 0770 /var/svn/lcfg
$ setfacl -m g:apache:rwx /var/svn/lcfg
$ getfacl --access /var/svn/lcfg | setfacl -d -M- /var/svn/lcfg

Most of that is fairly self-explanatory. The first and most important step is to remount the root-partition to gain ACL support. Once the directory is created it has to be configured with the standard permissions. I then added a further group access ACL for apache. The final step is the more interesting and useful to remember bit, it takes the current ACLs and makes them the default for any content created within that directory. The default only applies to new content so if the directory had already existed it would have been necessary to do a recursive setfacl on the contents:

$ setfacl -R -m g:apache:rwx /var/svn/lcfg

Using ACLs has various implications, particularly with backups which might not preserve the ACLs. Tools such as tar (via --acls or --xattrs) and rsync (via --acls) do support storing the ACL information but you have to explicitly turn on the options.

I found a rather useful page that had some good examples.

What we really want now is support in the LCFG file component…