Home Home
Sign up | Login

Author Archive

Configuring an IPv6 DSL connection

January 19th, 2011 by

The German company rh-tec offers free IPv6 internet connections for people that already have T-DSL. Configuring such a connection on openSUSE 11.3 is not as straight forward as with IPv4. It’s not hard either if you know where to put the settings though.

  1. start the yast2 DSL module
  2. follow the instructions of the wizard to set up a new PPPoE device. Enter your user name and password at the provider screen.
  3. At the “Connection Parameters” screen uncheck “Automatically Retrieve DNS”. Enter an arbitrary IPv4 address as first DNS server (yast doesn’t accept IPv6 there yet, bug 665516).
  4. finish the wizard and leave yast
  5. open /etc/sysconfig/network/providers/provider0 (or whatever name was chosen by yast) in an editor
  6. change DNS1 and DNS2 to the actual IPv6 addresses of your provider’s name servers
  7. add the following line to the file:
    PPPD_OPTIONS="noip +ipv6 ipv6cp-accept-local"
  8. save and quit
  9. Done! You may now use cinternet or qinternet to dial in and enjoy the (rather empty) IPv6 internet.

updated permissions handling in 11.4

November 24th, 2010 by

In addition to supporting file system capabilities (fate#307254) I’ve also updated the permissions handling in 11.4 slightly.

There have been complaints that every SuSEconfig run also calls SuSEconfig.permissions which leads to changed file permissions at unexpected times. Therefore I’ve modified SuSEconfig.permissions to only actually set permissions when called explicitly (ie SuSEconfig –module permissions). When called by a generic SuSEconfig run SuSEconfig.permissions now only shows files with wrong permissions but doesn’t actually fix them anymore.

Since packages that have files with special permission handling do call SuSEconfig.permissions explicitly via %run_permissions in %post the change above alone isn’t sufficient to avoid surprises. Therefore I’ve introduced the new macro %set_permissions. This macro expects file names as arguments. Only permissions of those files are adjusted then. To notify packagers of that new method an rpmlint check now issues an informal message if %run_permissions is used.

Hackweek V: mkdiststats

June 16th, 2010 by

When Coolo mentioned that he is looking into improving the rebuild time of Factory
I couldn’t resist to try the script he was using myself. It turned
out that the script was extremly slow, it took about 15 minutes for
the calculation on my computer. The script was originally written a
long time ago for the old autobuild with a much lower number of
packages and dependencies to take care of. The ad-hoc method used
for the ‘rebuild simulation’ just didn’t scale well. Hackweek was a
good opportunity to improve the performance and to add some more
options.
(more…)

Check your WPA2 Enterprise setup

April 20th, 2010 by

Do you have to enter user name and password to establish a link with
your wireless network? If so chances are good that WPA2 Enterprise
with EAP-TTLS or PEAP are used. Sounds familiar? Better check your
setup then. An attacker might easily impersonate your access point
and steal your password if the client you are using isn’t configured
properly.
You are likely vulnerable if you’ve disabled certificate checks
or you’ve checked some button to use a public CA but didn’t specify
any “Subject” or “Common Name” that has to match. NetworkManager for
example doesn’t even allow to enter the latter.
Read more in the paper I’ve written.

A distro without packages?

October 30th, 2009 by

Yesterday i noticed that openal-soft on 11.2 is broken, it just locks up with current pulseaudio. It’s not surprising noone noticed as there are no packages in Factory that use it anymore. Even Chromium BSU which roughly has a 0% chance that it will ever need maintenance, security or otherwise was dropped from Factory and moved to the build service games dumpsi^Wrepo. Please, put your packages back to Factory. Chances that people find and use the software are much bigger if the distro has it rather than some random build service repo. Yes, there are some rules you have to follow then but that’s also a sign of quality for our users. Yes, it won’t be the latest and greatest version always but that doesn’t matter for most packages. So please put your packages back to Factory [unless they are full of security bugs ;-)], a distro without packages is not useful.

Firewall Zone Switcher Updated

August 28th, 2009 by

I have updated the Firewall Zone Switcher.
It now starts with a main window by default instead of
directly going to the system tray. There’s a settings dialog that
allows to enable the system tray icon and optionally also enables
starting the applet on log-in. Furthermore the daemon now uses
PolicyKit for access control and the applet supports i18n.
(more…)

Firewall Zone Switcher

July 10th, 2009 by

So you got that shiny new Netbook, installed Linux on it and carry
it along everywhere you go. The default enabled Firewall blocks
incoming traffic so you feel safe when connecting to that anonymous
WiFi network at your favorite fastfood restaurant. Unfortunately the
very same Firewall becomes quite annoying at home where it prevents
your system from discovering printers or blocks ssh.
(more…)

encrypted root file system on LVM

March 18th, 2009 by

openSUSE 11.1 doesn’t officially support an encrypted root file
system which also means YaST doesn’t allow to create such a setup.

By manually creating an encrypted partition and putting LVM into the
encrypted container it’s however possible to trick YaST into
accepting that as root file system.
(more…)

Conditional features aka “use flags”

September 12th, 2008 by

In a coordinated effort with Manfred Tremmel, the xine maintainer at Packman, we’ve reworked the xine spec file. Most of it can now be shared between Packman and openSUSE Factory so packaging work doesn’t need to be duplicated. The spec file now makes heavy use of conditional build macros to enable or disable certain features. (more…)

Install openSUSE without burning CDs

June 20th, 2008 by

You run Linux already but want to install 11.0? DVD image takes too long to download? Don’t want to waste a CD for the mini iso? A router connects you to the internet?

Check out setupgrubfornfsinstall. It’s a dialog based shell script to prepare remote network installations. It was primarily made for use in LANs but now also supports direct installation from opensuse.org. Just run the script, select 11.0 and it will download the kernel and initrd used for installation. After that it adds an entry to your boot loaders’ config file with proper parameters. Reboot, select the new entry and the installation starts.