Montag, 17. November 2014

Rsync files between two machines over SSH and limit read access

From time to time I need to get contents from a remote machine to my local workstation. The data sometimes is big and I don't want to start all over again if something fails. Further the transmission should be secure and the connection should be limited to syncing only this path and its sub-directories. So I've setup a way to do this using rsync and ssh and I'm going to describe this setup.

Consider you have already created a SSH key, say ~/.ssh/key_rsa together with ~/.ssh/key_rsa.pub, and on the remote machine there is an SSH server running allowing to login by a public key and rsync is available. Lets further assume the following:

  • the remote machine is rsync.domain.tld
  • the path on the remote machine that holds the data is /path/mydata
  • the user on the remote machine being able to read /path/mydata and to login via SSH is remote_user
  • the path on the local machine to put the data is /path/mydest
  • the user on the local machine being able to write /path/mydest is local_user
  • the user on the local machine has the private key ~local_user/.ssh/key_rsa and the public key ~local_user/.ssh/key_rsa.pub

Now the public key ~local_user/.ssh/key_rsa.pub is added to the remote users ~remote_user/.ssh/authorized_keys file. The file will then probably look like this (there is just one very long line with the key, here cut out by [..]):

ssh-rsa [..]= user@domain.tld

Now I would like to limit the abilities for a user logging in with this key to only rsync the special directory /path/mydata. I therefor preceed the key with a command prefix, which is explained in the manual page sshd(8). The file then looks like this:

command="/usr/bin/rsync --server --sender -vlogDtprze . /path/mydata",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [..]= user@domain.tld

I then can rsync the remote directory to a local location over SSH by running:

rsync -avz -P --delete -e 'ssh remote_user@rsync.domain.tld' rsync.domain.tld:/path/mydata/ /path/mydest

That's it.

Pilzfundliste 2014

Das Pilzjahr nähert sich dem Ende und ich kann auf tolle Pilzfunde, auch einige Erstfunde, leckere Mahlzeiten und schöne Spaziergänge zurückschauen. Zu den begangenen Wäldern gehörten das Gebiet um Dresden, insbesondere die Dresdner Heide, der Zellwald bei Nossen, die brandenburgischen Wälder nahe Elsterwerda und der Darßwald.
Eine Information wurde mir erst dieses Jahr bewusst gemacht und ich möchte sie voranstellen: diverse Pilzarten, die ich und vermutlich auch andere bisher als selbstverständlich gesammelt haben, stehen unter Artenschutz (§ 1 i.V.m. Anlage 1 BArtSchV) und dürfen nur für den Eigengebrauch gesammelt werden (§ 2 Abs. 1 BArtSchV). Dazu gehören u.a. Steinpilze (Boletus edulis) sowie alle einheimischen Pfifferlinge (Cantharellus spp.), Birkenpilze und Rotkappen (Leccinum spp.). Für weitere Pilzarten wie den Schwarzhütigen Steinpilz (auch Bronzeröhrling, Boletus aereus) besteht keine solche Ausnahmeregelung und sie sind unbedingt zu schonen. Im übrigen können Pilze auch auf das regelmäßige Betreten des Waldes mit Rückzug reagieren (vgl. Cantharellus lutescens auf Seite 7 hier). Ich fände es schön, wenn mehr Menschen diese Informationen bewusst wären.
Im Folgenden befindet sich nun die Auflistung meiner besonderen Pilzfunde aus dem Jahr 2014 und ggf. ihre Stellung auf der "Roten Liste Pilze Sachsen" (1999) bzw. ihrem sonstigen Schutzstatus. Erstfunde und sind fett dargestellt.
  • Hasenröhrling (Gyroporus castaneus, RL 2)
  • Flockenstieliger Hexenröhrling (Boletus erythropus)
  • Kornblumenröhrling (Gyroporus cyanescens, RL 2)
  • Pfefferröhrling (Chalciporus piperatus)
  • Porphyrröhrling (Porphyrellus porphyrosporus)
  • Beringter Rotfußröhrling (Xerocomus pruinatus)
  • Rotkappe (Leccinum leucopodium, L. spp., RL 2)
  • Schmarotzerröhrling (Pseudoboletus parasiticus)
  • Samtpfifferling (Cantharellus friesii, RL 3)
  • Trompetenpfifferling (Craterellus tubaeformis)
  • Kegeliger Saftling (Hygrocybe conica)
  • Wiesenchampignon (Agaricus campestris)
  • Grubenlorchel (Helvella lacunosa)
  • Herbstlorchel (Helvella crispa)
  • Stinkmorchel (Phallus impudicus)
Zu den typischerweise angetroffenen Speisepilzen 2014 gehörten zudem:
  • Birkenpilz/Raufußröhrling (Leccinum scabrum, L. spp., RL 3)
  • Butterpilz (Suillus luteus)
  • Goldröhrling (Suillus grevillei)
  • Gemeiner Rotfußröhrling (Xerocomellus chrysenteron)
  • Sandröhrling (Suillus variegatus)
  • Steinpilz (Boletus edulis, evtl. auch Boletus aestivalis)
  • Ziegenlippe (Xerocomus subtomentosus)
  • Echter Pfifferling (Cantharellus cibarius)
  • Violetter Lacktrichterling (Laccaria amethystea)
  • Krause Glucke (Sparassis crispa)
Daneben standen natürlich noch Dutzende bekannte und unbekannte Pilzarten in den o.g. Wäldern. Hier noch einige Impressionen:
Pilzfunde im September 2014 Cantharellus spp. Pilzfunde im November 2014 Cantharellus cibarius Pseudoboletus parasiticus Craterellus tubaeformis (rasig) Phallus impudicus Hallimasch entlang des Blitzschlags Fuligo septica Flechtenblüte

Install automatically starting XBMC to N54L microserver under Debian Wheezy 7.7

This is a followup to my previous post about getting sound output from the Sapphire Radeon HD 6450 card in my HP N54L microserver via HDMI. This post will describe, howto install XBMC from Wheezy backports and how to automatically start it. Again, there are vaious ways and I'll only describe mine. Further, this is, what I did so far: enable the audio output for the Radeon card and install X.org together with lightdm.

Step 3 - Install XBMC

This is a pretty easy task. I've chosen to install XBMC 13.2 from the Wheezy backports repository.

# apt-get install -t wheezy-backports xbmc

Step 4 - Automically start XBMC

There are various ways; some involve starting it a s a service using init scripts für sysvinit or upstrart or systemd. You'll easily find them. I've chosen to create a user, automatically log him into X and start XBMC. The user is called xbmc.

# adduser --home /home/xbmc --add_extra_groups xbmc

I used to choose a password. But I wonder, if using --disabled-password would work too? Next I adjusted /etc/lightdm/lightdm.conf. Below are only the differences to the stock version of this file. I haven't touched other lines.

[SeatDefaults]
greeter-session=lightdm-gtk-greeter
user-session=XBMC
autologin-guest=false
autologin-user=xbmc
autologin-user-timeout=0

The file /usr/share/xsessions/XBMC.desktop is the stock one, no changes made. After restarting lightdm:

# service lightdm restart

XBMC is started automatically. If anything goes wrong or doesn't work, I suggest to check /var/log/auth.log, /home/xbmc/.xsession-errors and /var/log/lightdm/*.log. In a few cases it seems necessary to login the user xbmc manually once although it wasn't necessary here.

JFTR: When I checked /var/log/auth.log I saw a few errors and installed gnome-keyring too:

apt-get install --install-recommends gnome-keyring

Step 5 - Useful packages

There are some packages, which might be useful running XBMC, e.g.

Conclusion

I'm now running XBMC on top of Debian Wheezy on the N54L microserver without a bloated desktop environment. The system automatically starts the XBMC session on start/reboot. Video and sound are working fine, though it was necessary to install recent firmware and a recent kernel from Wheezy backports to get it done.

Thanks to the whole OSS community for aksing, for answering, for blogging, for using and for continue developing! I currently enjoy the results :)

Sonntag, 16. November 2014

Getting the audio over HDMI to work for the HP N54L microserver running Debian Wheezy and a Sapphire Radeon HD 6450

Conclusion: Sound over HDMI works with the Sapphire Radeon HD 6450 card in my HP N54L microserver. It requires a recent kernel and firmware from Wheezy 7.7 backports and the X.org server. There is no sound without X.org, even if audio has been enabled for the radeon kernel module.

Last year I couldn't get audio over HDMI to work after I installed a Sapphire Radeon HD 6450 1 GB (11190-02-20g) card into my N54L microserver. The cable that connects the HDMI interfaces between the card and the TV monitor supports HDMI 1.3, so audio should have been possible even then. However, I didn't get any audio output by XBMC playing video or music files. Nothing happened with stock Wheezy 7.1 and X.org/XBMC installed. So I removed the latter two and used the server as stock server without X/desktop and delayed my plans for an HTPC.

Now I tried again after I found some new hints, that made me curious for a second try :) Imagine my joy, when (finally) speaker-test produced noise on the TV! So here is my configuration and a step-by-step guide to

  • enable Sound over HDMI for the Radeon HD 6450
  • install a graphical environment
  • install XBMC
  • automatically start XBMC on boot

The latter two will be covered by a second post. Also note, that there is lot of information out there to achive the above tasks. So this is only about my configuration. Some packages below are marked as optional. A few are necessary only for the N54L microserver (firmware) and for a few I'm not sure they are necessary at all.

Step 1 - Prepare the system

At this point I don't have any desktop nor any other graphical environment (X.org) installed. First I purged pulseaudio and related packages completely and only use ALSA:

# apt-get autoremove --purge pulseaudio pulseaudio-utils pulseaudio-module-x11 gstreamer0.10-pulseaudio
# apt-get install alsa-base alsa-utils alsa-oss

Next I installed a recent linux kernel and recent firmware from Wheezy backports:

# apt-get install -t wheezy-backports linux-image-amd64 firmware-linux-free firmware-linux firmware-linux-nonfree firmware-atheros firmware-bnx2 firmware-bnx2x

This put linux-image-3.16-0.bpo.3-amd64 and recent firmware onto my system. I've chosen to upgrade linux-image-amd64 instead to pick a special (recent) linux kernel package from Wheezy backports to keep up-to-date with recent kernels from there.

Then I enabled the audio output of the kernel radeon module. Essentially there are at least three ways to do this. I use the one to modify /etc/modules.d/radeon.conf and set the audio parameter there. The hw_i2c parameter is disabled. I read, that it might cause trouble with the audio output here although I never personally experienced it:

options radeon audio=1 hw_i2c=0

JFTR: This is how I boot the N54L by default:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi=force pcie_aspm=force nmi_watchdog=0"

After rebooting I see this for the Radeon card in question:

# lsmod | egrep snd\|radeon\|drm | awk '{print $1}' | sort
[..]
drm
drm_kms_helper
i2c_algo_bit
i2c_core
radeon
snd
snd_hda_codec
snd_hda_codec_hdmi
snd_hda_controller
snd_hda_intel
snd_hwdep
snd_pcm
snd_seq
snd_seq_device
snd_timer
soundcore
ttm
[..]
# lspci -k
[..]
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Caicos [Radeon HD 6450/7450/8450 / R5 230 OEM]
        Subsystem: PC Partner Limited / Sapphire Technology Device e204
        Kernel driver in use: radeon
01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Caicos HDMI Audio [Radeon HD 6400 Series]
        Subsystem: PC Partner Limited / Sapphire Technology Radeon HD 6450 1GB DDR3
        Kernel driver in use: snd_hda_intel
[..]
# cat  /sys/module/radeon/parameters/audio 
1
# cat  /sys/module/radeon/parameters/hw_i2c 
0
# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
  Subdevices: 0/1
  Subdevice #0: subdevice #0
# aplay -L
null
    Discard all samples (playback) or generate zero samples (capture)
pulse
    PulseAudio Sound Server
hdmi:CARD=HDMI,DEV=0
    HDA ATI HDMI, HDMI 0
    HDMI Audio Output

At this point, without having the X.org server installed, I still have no audio output to the connected monitor. Running alsamixer I only see the S/PDIF bar for the HDA ATI HDMI device, showing a value of 00. I can mute and un-mute this device but not change the value. No need to worry, sound comes with step two.

Step 2 - Install a graphical environment (X.org server)

Next is to install a graphical environment, basically the X.org server. This is done in Debian by the desktop task. Unfortunately tasksel makes use of APT::Install-Recommends="true" and would install a desktop environment and some more recommended packages. At the moment I don't want this, only X. So basically I installed only the task-desktop package with dependencies:

# apt-get install task-desktop xfonts-cyrillic

Next is to install a display manager. I've chosen lightdm:

# apt-get install lightdm accountsservice

Done. Now (re-)start the X server. Simply ...

# service lightdm restart

... should do. And now there is sound, probably due to the X.org Radeon driver. The following command created noise on the two monitor speakers :)

# speaker-test -c2 -D hdmi:0 -t pink

Finally there is sound over HDMI!

Step 3 - Install XBMC

To be continued ...

Dienstag, 11. November 2014

*Pics* Hygrocybe conica

Hygrocybe conica Hygrocybe conica
Kegeliger Saftling / Kegelhütiger Saftling / Schwärzender Saftling / Hygrocybe conica
Grödel-Elsterwerdaer-Floßkanal, nahe Ortslage Gröditz, Sachsen

Montag, 10. November 2014

Removal of debian.wgdd.de and {cvs,svn,vcs}.wgdd.de

If you've recently tried to browse to or apt-get from either cvs.wgdd.de, svn.wgdd.de, vcs.wgdd.de, debian.wgdd.de or ubuntu.wgdd.de you've probably seen (and still are) an error (410, Gone) coming up and I'd like to give a short explanation why.

{cvs,svn,vcs}.wgdd.de

I've left my server provider and shut down the above services and only keep a small amount of services running. The domains {cvs,svn,vcs}.wgdd.de were used to provide (a) a subversion (SVN) server (via HTTPS and dav_svn) for some public and private work and (b) a CVS web-client to some old project works in CVS.

Among the latter was e.g. old code to generate manual pages for the proprietary fglrx graphics driver, stuff that laid there untouched for many years. So I guess, it was about time to finally remove it :)

The subversion web-client gave public access to some packaging work I do for the Debian GNU/Linux distribution, e.g. for the cvsweb, gtypist packages and some non-official packaging work. For the official packages I plan to move the files into the collab-maint web space and adjust the packages control files accordingly. Everything else will be hosted non-publicly in the future. I still intend to move stuff, that turns out to be useful for more people, to public places like github and Co. Update 17.11.2014: cvsweb, gurlchecker and gtypist have been moved to collab-maint.

debian.wgdd.de

I used this site to describe my usage of Debian GNU/Linux on the hardware I own ... laptop, servers etc. I wrote a few HOWTOs and provided a link collection with useful links. You can still find all of this using the archive.org service. I also had a repository up and working, especially to provide bluefish packages for users of Debian stable and Ubuntu. Half a year ago I dropped the Ubuntu build environments and packages and moved the Debian stable backports to official places. This effectively emptied the repository and left only the wgdd-archive-keyring package in place. So, there is no real need for a public repository anymore and the linklist probably got outdated too. All in all, I decided to stop this service (maybe I'll forward the site to here later :)).

If you see an error regarding the debian.wgdd.de URL running apt-get or aptitude, then there is a reference to this site in /etc/apt/sources.list or /etc/apt/sources.list.d/*, which can be safely removed. Further you should get rid of the wgdd-archive-keyring package:

apt-get autoremove --purge wgdd-archive-keyring

... or the repository key:

apt-key del E394D996

What else

In case you need any content from the mentioned services, just let me know.

Montag, 7. Juli 2014

Gartenfreuden - Schwebfliegen, Chili, Bestäubung und die Farbe Blau

Wenige Worte vorweg ...

Ich möchte ein wenig von meiner Terasse und den darauf abgestellten Pflanzen berichten. Vielleicht finden sich für einige Leser Anregungen zur Gestaltung ihres Balkons oder Gartens. Ich kann dankbarerweise auf eine großzügig dimensionierte Terrasse zugreifen.

... und los gehts

Da der OBI meines Vertrauens vor kurzem gut gewachsene Chili-Pflanzen (u.a. Habanero, Jalapeno, Cayenne, etc.) zum Kampfpreis von 99 Cent veräußerte, habe ich mir kurzerhand noch eine Chili "Purple Ball" im 9cm Keramik-Topf zugelegt, wobei es sich wohl um eine C. annuum "Bolivian Rainbow" handelt. Die Pflanze hatte bereits drei Früchte und mehr als ein Dutzend offener Blüten, wohl dank eines besonders guten Standortes im Außenbereich des Marktes :) - andere Pflanzen hatten noch keine Blüten. Nachdem ich die Pflanze umgetopft hatte (25cm Topf / 5 Liter, Substrat aus drei Teilen Blumenerde, drei Teilen Pflanzerde und je einem Teil Mineralsteine und Seramis Granulat), bekam sie einen Standort in der Nähe diverser Blumen.

Die bereits zahlreich vorhandenen Schwebfliegen fanden diese Chili im Gegensatz zu Habanero und Dutch Red, die nur wenige Meter entfernt stehen, sofort interessant. Die Tiere sind an diesem Standort sehr aktiv, da sich im Topf nebenan blaue bis rosa-farbene Kornblumen befinden, die die Schwebfliegen genauso intensiv frequentieren, wie den blau blühenden Borretsch auf der anderen Seite des Chili-Topfes und die weißen Erdbeerblüten der Nachbarschaft. Insbesondere die Blüten des Borretsch ähneln den Blüten der "Purple Ball" sehr. Mein Tipp: Evtl. verhelfen Kornblume, Borretsch und Erdbeere in der Nachbarschaft der "Purple Ball" / "Bolivian Rainbow" zu einer besseren Befruchtung und einer reicheren Ernte. Über das Ergebnis werde ich sicher noch berichten.

Weder an der reichlich blühenden (und auch gut tragenden) Dutch Red noch an der seit kurzem blühenden Habanero konnte ich Schwebfliegen beobachten. Allerdings steht die Habanero in Mischkultur mit Borretsch (Die kleinen Borsten/Stachel des Borretsch können die Blätter der Chili-Pflanze schädigen!! Beim nächsten mal werde ich einen etwas größeren Abstand einplanen.), der demnächst zu Blühen beginnt. Vielleicht ändert sich das dann. Auch darüber werde ich sicher noch berichten.

Samstag, 17. Mai 2014

Bluefish packages for Ubuntu Linux now provided by Klaus Vormweg PPA

I will not longer provide packages of the bluefish-project for the Ubuntu distribution, because I lack time and interest in building and maintaining the necessary environments. Ubuntu-users however can still install and use recent releases of bluefish by changing to the PPA provided by Klaus Vormweg, who kindly agreed to officially provide packages for the project. Please follow the instructions given there.

Entries in /etc/apt/sources.list or /etc/apt/sources.list.d/* pointing to my repository should lead to the above mentioned PPA. But because Klaus is only offering the main-tree in his PPA, you might see some errors thrown by apt-get|aptitude|... as long as you keep my repository in your sources.list. So you probably want to remove any reference to my repository together with my repository key and/or the wgdd-archive-keyring package.

# remove sources.list snippets
rm /etc/apt/sources.list.d/debian.wgdd.de_ubuntu_*.list
# find any references left
grep -rn debian.wgdd.de /etc/apt/sources.list* # --> now delete those entries
# remove and purge the wgdd-archive-keyring package
apt-get autoremove --purge wgdd-archive-keyring
# or delete the key, if you never had the above package installed
apt-key del E394D996

You are done. Now download and install recent packages:

apt-get update
apt-get upgrade