Skip to content

gnutls_handshake: Error in the push function.

Sometimes, when sending mails with attachments /var/log/exim4/mainlog says:
TLS error on connection from (hostname) [ipaddress] (gnutls_handshake):\
  Error in the push function.
I did not get around to dig deeper here, but - note to self: find out if this is related to #482012 and if setting MAIN_TLS_TRY_VERIFY_HOSTS to an empty value really helps.

.Inode not directory

OK, when searching for this one the first hit is currently the one you're looking for. So let's just place a short copy here. The story so far: when converting your rootdisk to a RAID-1 as described by the really amazing guide, one might encounter, at least on netbsd-4.0.1/sparc64:
ok boot disk 
Boot device: /pci@1f,4000/scsi@3/disk@0,0  File and args:
NetBSD IEEE 1275 Bootblock
.Inode not directory
ok
...and then it stops. The solution is to install the bootblock again, but with a fixed version of /usr/mdec/bootblk:
# ftp ftp://ftp.netbsd.org
# get /pub/NetBSD-daily/netbsd-5/200812250000Z/sparc64/binary/sets/base.tgz
[...]
# gzip -dc base.tgz | tar -xf - ./usr/mdec/bootblk
# mv  usr/mdec/bootblk /usr/mdec/bootblk-5
# /usr/sbin/installboot -v /dev/rsd0a /usr/mdec/bootblk-5
Booting with "boot disk" will succeed, although this particular error message did not go away on our Ultra-60.
Update: PR 40306 has been opened to track this.

out of inodes

Xen is fun. Now I can actually see what all the other OS flavours out there are up to without "real" rebooting or disk juggling. Of course, at some point it was time for Gentoo again, last time I tried I was highly impressed, but got distracted by Debian somehow :-) Anyway, Gentoo documentation is usually pretty good, straightforward and with real-world examples - so far so good. But after unpacking the portage tree, I was getting "No space left on device" errors. Well, tbh 2 GB for rootfs is not that much, especially when most of the software will be built from source anyway, but I still had ~700MB free. Of course I was out of inodes:
# tar -tjf portage-latest.tar.bz2 | wc -l
130502
# tar -tjf stage3-amd64-2008.0.tar.bz2 | wc -l
40362
# df -i .
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/hda1             125184  125184       0  100% /mnt/gentoo
Recreating the filesystem with mkfs.ext3 -b 1024 -i 1024 did help. Gentoo ships with /etc/mke2fs.conf where these defaults were taken from. While these may make sense for today's systems, they were just too large for my Xen test domain.

of pipes and shells

Only now I came across the following problem:
cmd1 | cmd2; echo $?
...where I'd like to have the errorcode of cmd1. I did not even expect that this issue was indeed so very common and documented. The solutions are even shell-specific, in short: * For bash or zsh, use $PIPESTATUS[n], resp. $pipestatus[n] * For any other shell the solution is way more complicated, but not impossible. See the FAQ again for all the gory details.

space vs. time

# time pbzip2 -c wordlist.txt > wordlist.txt.bz2
real    41m53.295s
user    67m17.972s
sys     5m38.981s

# time 7z a -m0=lzma -mx=9 -mfb=64 -md=32m -ms=on wordlist.txt.7z wordlist.txt
real    525m35.861s
user    446m31.866s
sys     32m20.861s

# ls -lhgo
total 31G
-rw------- 1  25G 2008-12-16 00:55 wordlist.txt
-rw------- 1 776M 2008-12-17 01:09 wordlist.txt.7z
-rw------- 1 5.0G 2008-12-16 08:46 wordlist.txt.bz2
....'nuff said.

<s>censored</s> is the new online

alice$ ifconfig en0 | awk '/inet / {print $2}' | xargs whois | grep NET  
Comcast Cable Communications, Inc. EASTERNSHORE-1 (NET-24-0-0-0-1)
Comcast Cable Communications BAYAREA-9 (NET-24-4-0-0-1)
Yes, it's true - I've signed with the one ISP I wanted to avoid in the first place. And no, getting an internet connection around here is no fun: it's awkward (a 30min. chat session with some hotline monkey just to get my order through?) and expensive: 42 USD for 6Mbps? Come on. "with scorching speeds up to 4 times faster than 1.5 Mbps DSL" - what? Oh, and for $ 66,95 one can order the Blast! package, with speeds "up to 16Mbps", with a magic "Powerboost" feature: "PowerBoost provides bursts of download and upload speeds for the first 10 MB and 5 MB of a file, respectively". Dude, wtf? Unfortunately the competition is no better: you have to subscribe to an High Speed Internet Elite package to get 6Mbps, for 33 USD a month. However, DSL is not available at my place, so I have to stick to the one and only cable provider servicing this area. Welcome to the silicon valley. On the plusside: 5 days after I signed up, I was online - pretty impressive, compared the adventures one has to go through back home. Oh, and winter has finally arrived, I even had to scratch hoarfrost off the car tonight - brrr. So much for global warming. Good job, Greenpeace :-\ Oh, another thing: I was provided with a DOCSIS 2.0 certified cable modem, assigning the public IPv4 address to the connected device. Which is kinda neat: now we don't have a strange NAT blackbox in our way to do "stuff" :-) However, since configuration is done via DHCP, the hostname is modified too. With MacOS 10.4 and /etc/hostconfig still being used, we can avoid that by setting HOSTNAME="foo". So, it's basically dhclient's supersede option in Apple speak :)

building TrueCrypt from source

As there are no existing TrueCrypt for GNU Linux/Sparc, we had to do this ourselves. However, the buildprocess is not pretty and for some reason one just *has* to build all that wxWidget stuff, although I don't intend to manage crypto devices with my mouse, sigh. Oh, and there were quite a few build errors but thanks to Kano we finally succeeded. Here it goes, the whole shebang for TrueCrypt-6.1a:
# apt-get install libfuse-dev pkg-config
# mkdir /usr/local/include/pkcs11-v2-20
# cd /usr/local/include/pkcs11-v2-20
# for i in pkcs11.h pkcs11f.h pkcs11t.h; do \
   wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/$i; done
# for i in `pwd`/*h; do (ln -s $i /usr/include); done 
# cd /usr/local/src
# wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-2.8.9.tar.bz2
# tar -xjf wxWidgets-2.8.9.tar.bz2
# cd ~/dev/truecrypt-6.1-source
# make NOGUI=1 WX_ROOT=/usr/local/src/wxWidgets-2.8.9 wxbuild
# make NOGUI=1 WXSTATIC=1
[....hours later on this box....]
# file Main/truecrypt 
Main/truecrypt: ELF 32-bit MSB executable, SPARC, version 1 (SYSV), dynamically
linked (uses shared libs), stripped
Note: it's really important to get v2.20 of the PKCS11 header files, the current version did not work. Also, Debian/Etch comes with libwxgtk2.[46]-dev - the build failed and I really had to get the 2.8 version. Update: Although the build worked, truecrypt doesn't. Rebuilding with DEBUG=1 DEBUGGER=1 NOSTRIP=1 made gdb(1) spit out all the gory details:
stanley# gdb /usr/local/sbin/truecrypt
GNU gdb 6.4.90-debian
This GDB was configured as "sparc-linux-gnu"...Using host libthread_db 
library "/lib/v9/libthread_db.so.1".

(gdb) run --create /dev/loop0 --encryption=AES --filesystem=fat \
               --hash=ripemd-160 --keyfiles=/root/stanley.key \
               --protect-hidden=no --volume-type=normal \
               --random-source=/dev/urandom
Starting program: /usr/local/sbin/truecrypt --create /dev/loop0 \
              --encryption=AES --filesystem=fat --hash=ripemd-160 \
              --keyfiles=/root/stanley.key --protect-hidden=no \
              --volume-type=normal --random-source=/dev/urandom
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 32604)]

Enter password: 
WARNING: Short passwords are easy to crack using brute force techniques!
We recommend choosing a password consisting of more than 20 characters.
Are you sure you want to use a short password? (y=Yes/n=No) [No]: y
Re-enter password: 

Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 32604)]
0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
99                              return x;
(gdb) bt
#0  0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
#1  0x00168e08 in TrueCrypt::EncryptionTest::TestXtsAES () \
                  at EncryptionTest.cpp:429
#2  0x0016bd30 in TrueCrypt::EncryptionTest::TestAll () \
                  at EncryptionTest.cpp:24
#3  0x000c57e8 in TrueCrypt::VolumeCreator::CreateVolume \
                  (this=0xfff55078, options=@0xfff555e0) \
                  at VolumeCreator.cpp:179
#4  0x00058434 in TrueCrypt::TextUserInterface::CreateVolume \
                 (this=0x4c43f8, options=@0xfff55888, randomSourcePath=@0x5395ac) \
                 at TextUserInterface.cpp:769
#5  0x0007efa8 in TrueCrypt::UserInterface::ProcessCommandLine \
                 (this=0x4c43f8) \
                 at UserInterface.cpp:973
#6  0x00048ed4 in TrueCrypt::TextUserInterface::OnRun \
                 (this=0x4c43f8) \
                 at TextUserInterface.cpp:1141
#7  0x002bd634 in wxEntry (argc=@0x4a9510, argv=0x4b3948) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:460
#8  0x002bd774 in wxEntry (argc=@0xfff55c14, argv=0xfff55c94) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:472
#9  0x000ada54 in main (argc=10, argv=0xfff55c94) at Unix/Main.cpp:84
(gdb) bt all
No symbol "all" in current context.
Hm, but even running truecrypt --test was showing the same behaviour: TestXtsAES just fails to work. However, when trying to create the volume with another cipher, it still crashes at TestXtsAES, because VolumeCreator::CreateVolume always calls EncryptionTest::TestAll before actually creating the volume. Commenting out this call in VolumeCreator.cpp:179, recompiling and trying to create the volume with the Twofish cipher gives:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7980)]
0x001c508c in RMD160Transform (digest=0xffcfc730, data=0xffcfc6ef) \
                at ../Crypto/Rmd160.c:192
192                     X[i] = LE32 (data[i]);
Current language:  auto; currently c
Wow, now it fails at the hashing algorithm. When using SHA-512 instead of ripemd-160, it still crashes:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7991)]
0x0019ea6c in TrueCrypt::VolumeHeader::SerializeEntry \
   (this=0x516df0, entry=@0xffde8840, header=@0xffde8960, offset=@0xffde8850) \
                at VolumeHeader.cpp:286
286                     *reinterpret_cast \
               (header.Get() + offset - sizeof (T)) = Endian::Big (entry);
...and that's it. Still SIGBUS for truecrypt, and -ENOSKILL for me, for not knowing C++ at all. Looks like truecrypt just wasn't meant to be run on big endian platforms. Damn.