Monday, November 17, 2014

Rsync files between two machines over SSH and limit read access

From time to time I need to get contents from a remote machine to my local workstation. The data sometimes is big and I don't want to start all over again if something fails. Further the transmission should be secure and the connection should be limited to syncing only this path and its sub-directories. So I've setup a way to do this using rsync and ssh and I'm going to describe this setup.

Consider you have already created a SSH key, say ~/.ssh/key_rsa together with ~/.ssh/key_rsa.pub, and on the remote machine there is an SSH server running allowing to login by a public key and rsync is available. Lets further assume the following:

  • the remote machine is rsync.domain.tld
  • the path on the remote machine that holds the data is /path/mydata
  • the user on the remote machine being able to read /path/mydata and to login via SSH is remote_user
  • the path on the local machine to put the data is /path/mydest
  • the user on the local machine being able to write /path/mydest is local_user
  • the user on the local machine has the private key ~local_user/.ssh/key_rsa and the public key ~local_user/.ssh/key_rsa.pub

Now the public key ~local_user/.ssh/key_rsa.pub is added to the remote users ~remote_user/.ssh/authorized_keys file. The file will then probably look like this (there is just one very long line with the key, here cut out by [..]):

ssh-rsa [..]= user@domain.tld

Now I would like to limit the abilities for a user logging in with this key to only rsync the special directory /path/mydata. I therefor preceed the key with a command prefix, which is explained in the manual page sshd(8). The file then looks like this:

command="/usr/bin/rsync --server --sender -vlogDtprze . /path/mydata",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [..]= user@domain.tld

I then can rsync the remote directory to a local location over SSH by running:

rsync -avz -P --delete -e 'ssh remote_user@rsync.domain.tld' rsync.domain.tld:/path/mydata/ /path/mydest

That's it.

Pilzfundliste 2014

Das Pilzjahr nähert sich dem Ende und ich kann auf tolle Pilzfunde, auch einige Erstfunde, leckere Mahlzeiten und schöne Spaziergänge zurückschauen. Zu den begangenen Wäldern gehörten das Gebiet um Dresden, insbesondere die Dresdner Heide, der Zellwald bei Nossen, die brandenburgischen Wälder nahe Elsterwerda und der Darßwald.
Eine Information wurde mir erst dieses Jahr bewusst gemacht und ich möchte sie voranstellen: diverse Pilzarten, die ich und vermutlich auch andere bisher als selbstverständlich gesammelt haben, stehen unter Artenschutz (§ 1 i.V.m. Anlage 1 BArtSchV) und dürfen nur für den Eigengebrauch gesammelt werden (§ 2 Abs. 1 BArtSchV). Dazu gehören u.a. Steinpilze (Boletus edulis) sowie alle einheimischen Pfifferlinge (Cantharellus spp.), Birkenpilze und Rotkappen (Leccinum spp.). Für weitere Pilzarten wie den Schwarzhütigen Steinpilz (auch Bronzeröhrling, Boletus aereus) besteht keine solche Ausnahmeregelung und sie sind unbedingt zu schonen. Im übrigen können Pilze auch auf das regelmäßige Betreten des Waldes mit Rückzug reagieren (vgl. Cantharellus lutescens auf Seite 7 hier). Ich fände es schön, wenn mehr Menschen diese Informationen bewusst wären.
Im Folgenden befindet sich nun die Auflistung meiner besonderen Pilzfunde aus dem Jahr 2014 und ggf. ihre Stellung auf der "Roten Liste Pilze Sachsen" (1999) bzw. ihrem sonstigen Schutzstatus. Erstfunde und sind fett dargestellt.
  • Hasenröhrling (Gyroporus castaneus, RL 2)
  • Flockenstieliger Hexenröhrling (Boletus erythropus)
  • Kornblumenröhrling (Gyroporus cyanescens, RL 2)
  • Pfefferröhrling (Chalciporus piperatus)
  • Porphyrröhrling (Porphyrellus porphyrosporus)
  • Beringter Rotfußröhrling (Xerocomus pruinatus)
  • Rotkappe (Leccinum leucopodium, L. spp., RL 2)
  • Schmarotzerröhrling (Pseudoboletus parasiticus)
  • Samtpfifferling (Cantharellus friesii, RL 3)
  • Trompetenpfifferling (Craterellus tubaeformis)
  • Kegeliger Saftling (Hygrocybe conica)
  • Wiesenchampignon (Agaricus campestris)
  • Grubenlorchel (Helvella lacunosa)
  • Herbstlorchel (Helvella crispa)
  • Stinkmorchel (Phallus impudicus)
Zu den typischerweise angetroffenen Speisepilzen 2014 gehörten zudem:
  • Birkenpilz/Raufußröhrling (Leccinum scabrum, L. spp., RL 3)
  • Butterpilz (Suillus luteus)
  • Goldröhrling (Suillus grevillei)
  • Gemeiner Rotfußröhrling (Xerocomellus chrysenteron)
  • Sandröhrling (Suillus variegatus)
  • Steinpilz (Boletus edulis, evtl. auch Boletus aestivalis)
  • Ziegenlippe (Xerocomus subtomentosus)
  • Echter Pfifferling (Cantharellus cibarius)
  • Violetter Lacktrichterling (Laccaria amethystea)
  • Krause Glucke (Sparassis crispa)
Daneben standen natürlich noch Dutzende bekannte und unbekannte Pilzarten in den o.g. Wäldern. Hier noch einige Impressionen:
Pilzfunde im September 2014 Cantharellus spp. Pilzfunde im November 2014 Cantharellus cibarius Pseudoboletus parasiticus Craterellus tubaeformis (rasig) Phallus impudicus Hallimasch entlang des Blitzschlags Fuligo septica Flechtenblüte

Install automatically starting XBMC to N54L microserver under Debian Wheezy 7.7

This is a followup to my previous post about getting sound output from the Sapphire Radeon HD 6450 card in my HP N54L microserver via HDMI. This post will describe, howto install XBMC from Wheezy backports and how to automatically start it. Again, there are vaious ways and I'll only describe mine. Further, this is, what I did so far: enable the audio output for the Radeon card and install X.org together with lightdm.

Step 3 - Install XBMC

This is a pretty easy task. I've chosen to install XBMC 13.2 from the Wheezy backports repository.

# apt-get install -t wheezy-backports xbmc

Step 4 - Automically start XBMC

There are various ways; some involve starting it a s a service using init scripts für sysvinit or upstrart or systemd. You'll easily find them. I've chosen to create a user, automatically log him into X and start XBMC. The user is called xbmc.

# adduser --home /home/xbmc --add_extra_groups xbmc

I used to choose a password. But I wonder, if using --disabled-password would work too? Next I adjusted /etc/lightdm/lightdm.conf. Below are only the differences to the stock version of this file. I haven't touched other lines.

[SeatDefaults]
greeter-session=lightdm-gtk-greeter
user-session=XBMC
autologin-guest=false
autologin-user=xbmc
autologin-user-timeout=0

The file /usr/share/xsessions/XBMC.desktop is the stock one, no changes made. After restarting lightdm:

# service lightdm restart

XBMC is started automatically. If anything goes wrong or doesn't work, I suggest to check /var/log/auth.log, /home/xbmc/.xsession-errors and /var/log/lightdm/*.log. In a few cases it seems necessary to login the user xbmc manually once although it wasn't necessary here.

JFTR: When I checked /var/log/auth.log I saw a few errors and installed gnome-keyring too:

apt-get install --install-recommends gnome-keyring

Step 5 - Useful packages

There are some packages, which might be useful running XBMC, e.g.

Conclusion

I'm now running XBMC on top of Debian Wheezy on the N54L microserver without a bloated desktop environment. The system automatically starts the XBMC session on start/reboot. Video and sound are working fine, though it was necessary to install recent firmware and a recent kernel from Wheezy backports to get it done.

Thanks to the whole OSS community for aksing, for answering, for blogging, for using and for continue developing! I currently enjoy the results :)

Sunday, November 16, 2014

Getting the audio over HDMI to work for the HP N54L microserver running Debian Wheezy and a Sapphire Radeon HD 6450

Conclusion: Sound over HDMI works with the Sapphire Radeon HD 6450 card in my HP N54L microserver. It requires a recent kernel and firmware from Wheezy 7.7 backports and the X.org server. There is no sound without X.org, even if audio has been enabled for the radeon kernel module.

Last year I couldn't get audio over HDMI to work after I installed a Sapphire Radeon HD 6450 1 GB (11190-02-20g) card into my N54L microserver. The cable that connects the HDMI interfaces between the card and the TV monitor supports HDMI 1.3, so audio should have been possible even then. However, I didn't get any audio output by XBMC playing video or music files. Nothing happened with stock Wheezy 7.1 and X.org/XBMC installed. So I removed the latter two and used the server as stock server without X/desktop and delayed my plans for an HTPC.

Now I tried again after I found some new hints, that made me curious for a second try :) Imagine my joy, when (finally) speaker-test produced noise on the TV! So here is my configuration and a step-by-step guide to

  • enable Sound over HDMI for the Radeon HD 6450
  • install a graphical environment
  • install XBMC
  • automatically start XBMC on boot

The latter two will be covered by a second post. Also note, that there is lot of information out there to achive the above tasks. So this is only about my configuration. Some packages below are marked as optional. A few are necessary only for the N54L microserver (firmware) and for a few I'm not sure they are necessary at all.

Step 1 - Prepare the system

At this point I don't have any desktop nor any other graphical environment (X.org) installed. First I purged pulseaudio and related packages completely and only use ALSA:

# apt-get autoremove --purge pulseaudio pulseaudio-utils pulseaudio-module-x11 gstreamer0.10-pulseaudio
# apt-get install alsa-base alsa-utils alsa-oss

Next I installed a recent linux kernel and recent firmware from Wheezy backports:

# apt-get install -t wheezy-backports linux-image-amd64 firmware-linux-free firmware-linux firmware-linux-nonfree firmware-atheros firmware-bnx2 firmware-bnx2x

This put linux-image-3.16-0.bpo.3-amd64 and recent firmware onto my system. I've chosen to upgrade linux-image-amd64 instead to pick a special (recent) linux kernel package from Wheezy backports to keep up-to-date with recent kernels from there.

Then I enabled the audio output of the kernel radeon module. Essentially there are at least three ways to do this. I use the one to modify /etc/modules.d/radeon.conf and set the audio parameter there. The hw_i2c parameter is disabled. I read, that it might cause trouble with the audio output here although I never personally experienced it:

options radeon audio=1 hw_i2c=0

JFTR: This is how I boot the N54L by default:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi=force pcie_aspm=force nmi_watchdog=0"

After rebooting I see this for the Radeon card in question:

# lsmod | egrep snd\|radeon\|drm | awk '{print $1}' | sort
[..]
drm
drm_kms_helper
i2c_algo_bit
i2c_core
radeon
snd
snd_hda_codec
snd_hda_codec_hdmi
snd_hda_controller
snd_hda_intel
snd_hwdep
snd_pcm
snd_seq
snd_seq_device
snd_timer
soundcore
ttm
[..]
# lspci -k
[..]
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Caicos [Radeon HD 6450/7450/8450 / R5 230 OEM]
        Subsystem: PC Partner Limited / Sapphire Technology Device e204
        Kernel driver in use: radeon
01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Caicos HDMI Audio [Radeon HD 6400 Series]
        Subsystem: PC Partner Limited / Sapphire Technology Radeon HD 6450 1GB DDR3
        Kernel driver in use: snd_hda_intel
[..]
# cat  /sys/module/radeon/parameters/audio 
1
# cat  /sys/module/radeon/parameters/hw_i2c 
0
# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
  Subdevices: 0/1
  Subdevice #0: subdevice #0
# aplay -L
null
    Discard all samples (playback) or generate zero samples (capture)
pulse
    PulseAudio Sound Server
hdmi:CARD=HDMI,DEV=0
    HDA ATI HDMI, HDMI 0
    HDMI Audio Output

At this point, without having the X.org server installed, I still have no audio output to the connected monitor. Running alsamixer I only see the S/PDIF bar for the HDA ATI HDMI device, showing a value of 00. I can mute and un-mute this device but not change the value. No need to worry, sound comes with step two.

Step 2 - Install a graphical environment (X.org server)

Next is to install a graphical environment, basically the X.org server. This is done in Debian by the desktop task. Unfortunately tasksel makes use of APT::Install-Recommends="true" and would install a desktop environment and some more recommended packages. At the moment I don't want this, only X. So basically I installed only the task-desktop package with dependencies:

# apt-get install task-desktop xfonts-cyrillic

Next is to install a display manager. I've chosen lightdm:

# apt-get install lightdm accountsservice

Done. Now (re-)start the X server. Simply ...

# service lightdm restart

... should do. And now there is sound, probably due to the X.org Radeon driver. The following command created noise on the two monitor speakers :)

# speaker-test -c2 -D hdmi:0 -t pink

Finally there is sound over HDMI!

Step 3 - Install XBMC

To be continued ...

Tuesday, November 11, 2014

*Pics* Hygrocybe conica

Hygrocybe conica Hygrocybe conica
Kegeliger Saftling / Kegelhütiger Saftling / Schwärzender Saftling / Hygrocybe conica
Grödel-Elsterwerdaer-Floßkanal, nahe Ortslage Gröditz, Sachsen

Monday, November 10, 2014

Removal of debian.wgdd.de and {cvs,svn,vcs}.wgdd.de

If you've recently tried to browse to or apt-get from either cvs.wgdd.de, svn.wgdd.de, vcs.wgdd.de, debian.wgdd.de or ubuntu.wgdd.de you've probably seen (and still are) an error (410, Gone) coming up and I'd like to give a short explanation why.

{cvs,svn,vcs}.wgdd.de

I've left my server provider and shut down the above services and only keep a small amount of services running. The domains {cvs,svn,vcs}.wgdd.de were used to provide (a) a subversion (SVN) server (via HTTPS and dav_svn) for some public and private work and (b) a CVS web-client to some old project works in CVS.

Among the latter was e.g. old code to generate manual pages for the proprietary fglrx graphics driver, stuff that laid there untouched for many years. So I guess, it was about time to finally remove it :)

The subversion web-client gave public access to some packaging work I do for the Debian GNU/Linux distribution, e.g. for the cvsweb, gtypist packages and some non-official packaging work. For the official packages I plan to move the files into the collab-maint web space and adjust the packages control files accordingly. Everything else will be hosted non-publicly in the future. I still intend to move stuff, that turns out to be useful for more people, to public places like github and Co. Update 17.11.2014: cvsweb, gurlchecker and gtypist have been moved to collab-maint.

debian.wgdd.de

I used this site to describe my usage of Debian GNU/Linux on the hardware I own ... laptop, servers etc. I wrote a few HOWTOs and provided a link collection with useful links. You can still find all of this using the archive.org service. I also had a repository up and working, especially to provide bluefish packages for users of Debian stable and Ubuntu. Half a year ago I dropped the Ubuntu build environments and packages and moved the Debian stable backports to official places. This effectively emptied the repository and left only the wgdd-archive-keyring package in place. So, there is no real need for a public repository anymore and the linklist probably got outdated too. All in all, I decided to stop this service (maybe I'll forward the site to here later :)).

If you see an error regarding the debian.wgdd.de URL running apt-get or aptitude, then there is a reference to this site in /etc/apt/sources.list or /etc/apt/sources.list.d/*, which can be safely removed. Further you should get rid of the wgdd-archive-keyring package:

apt-get autoremove --purge wgdd-archive-keyring

... or the repository key:

apt-key del E394D996

What else

In case you need any content from the mentioned services, just let me know.