Skip to main content

Designed in California...

...but assembled in (and shipped from) Shanghai, CN - a shiny new 13" MPB. Here are just a few things I've come across during the setup routines:

  • Installing rEFIt wasn't so easy this time: the graphical installer completes, but no rEFIt does not show up during the next boot. The trick was to manually execute enable-always.sh.Minor nitpick: rEFIt still does not show any inserted CDs during bootup, so I still have to press "C" to boot up a CD. This seems to be known issue though.

  • Neither Jaunty (2.6.28) nor Karmic (2.6.31-rc5) are able to reboot the machine. poweroff is working, but reboot just hangs when it prints "restarting system". Even sysrq-b wouldn't help. Grrr.

  • very important: replace login window background image in MacOS X: sudo defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture '/path/to/picture.jpg' :-)

  • Strange, MacOS X makes heavy use of xattr but the rsync version that comes with 10.5 still has no support for xattrs. Fortunately there's a more current version on macports, now we can even backup all the attributes.

  • Oh, did I mention that I really dislike this crappy nvidia 9400M graphic chip? I mean, I was expecting that it'll piss me off - now the madness begins again, with crappy binary drivers and gluecode, and breaking video every time a new kernel is built, oh...how I did not miss those times :-\

  • extra geek points for enabling verbose booting with sudo nvram boot-args="-v"

  • To enable daily updates of the locate database, simply copy /etc/periodic/weekly/310.locate into the daily directory. Oh yes, there's Spotlight of course...not my cup of tea though.
  • rsnapshot & cmd_preexec

    Even today with block-based snapshotting filesystems getting more and more popular, they're just not the thing I'm looking for when 1) backing up different filesystems and 2) backing up to a remote host, thousands of miles away. My weapon of choice to tackle this one is still rsnapsot - fairly portable (needs only perl, rsync, probably ssh) and does incremental backups via hardlinks if possible, so it's quite space efficient.

    Minor nitpick: rsnapshot has this cmd_preexec parameter and I thought I could use this to (re)mount the target partition rw - turns out this is not how it's supposed to work, but this task can easily handed over to a wrapper script, which you're probably using anyway when backing up lots of machines.

    No route to host vs. -EHOSTUNREACH

    This has bothered me for quite a while, years even:

    # strace ssh bob
    [...]
    connect(3, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("192.168.10.11")}, \
                16) = -1 EHOSTUNREACH (No route to host)
    
    ....while there clearly is a route to this host - it's just that bob is currently down. I think EHOSTUNREACH is the Right Thing to return, but the description "No route to host" is not. Unfortunately, it's apparently not that easy to convince the libc people to fix this :(

    cannot set date: Invalid argument

    While playing around with GNU/date, this happened:

    # date
    Wed Jul 22 10:24:05 CEST 2009
    # date --set='1970-01-01'
    date: cannot set date: Invalid argument
    Thu Jan  1 00:00:00 CET 1970
    
    So, date gives an error but still modifies the system time? Let's have a closer look:
    # strace -ff -F date --set='1970-01-01' 2>&1 | grep sett
    clock_settime(CLOCK_REALTIME, {18446744073709548016, 0}) 
          = -1 EINVAL (Invalid argument)
    settimeofday({18446744073709548016, 0}, NULL) 
          = -1 EINVAL (Invalid argument)
    
    Wow, scary stuff. However, after a bit more thinking and searching we try again, a bit different this time:
    # TZ=GMT date --set='1970-01-01'
    Thu Jan  1 00:00:00 GMT 1970
    # date
    Thu Jan  1 01:00:04 CET 1970
    
    Oh, and while we're at it: it looks like openSolaris comes with GNU/date as its default date(1) command now. It's three years old already (from GNU/coreutils 6.7), but at least we are a bit more flexible when it comes to displaying date & time.

    Safari cookie managment

    Sometimes (on very rare occasions) I'm using Safari 4 to try out a website or two. And everytime I do that I notice that Safari won't forget the cookies from past sessions. The cookie managment is a friggin' joke, I wonder why we're at version 4 but the cookie handling knobs are no better than the ones in IE5. Luckily macoshints.com knows a way to enforce session cookies:

    Right-click on ~/Library/Cookies/Cookies.plist, click "Get Info" and lock the file. Strangely enough, chmod'ing the file to read-only (or even to 0000) did not help at all.

    lx Branded Zones, pt. I

    After playing around with Solaris 8 and Solaris 9 Branded Zones (it's a weird feeling: suddenly it's the year 2000 again and it's all itchy and....old :-)), I had to try the BrandZ as well - non-global branded zones that contain non-native operating environments. The lx brand is basically a Solaris container running Linux. There are quite a few and good howtos out there, but often outdated or too new and focussing on OpenSolaris. We're currently on Solaris 10 5/08 (i86pc) so we have use a slightly different approach sometimes. Here it goes:

    $ cd /etc/zones
    $ wget http://www.opensolaris.org/os/community/brandz/files/SUNWlx26.xml
    $ zonecfg -z debian26
    zonecfg:debian26> create -t SUNWlx26
    zonecfg:debian26> set zonepath=/data/zones/debian26
    zonecfg:debian26> add net
    zonecfg:debian26:net> set address=10.200.0.129/24
    zonecfg:debian26:net> set physical=bge0
    zonecfg:debian26:net> end
    zonecfg:debian26> verify
    zonecfg:debian26> commit 
    zonecfg:debian26> exit
    
    That's right, we're using a different template here: SUNWlx would allow us to boot a Linux 2.4 kernel, we're trying to boot a Linux 2.6 kernel. OpenSolaris.org suggests to install a CentOS 3 image, but we're Debian fanboys and want a real GNU/Linux installation :-) Well, SUNWlx26 is for 2.6 kernels, but after installing it, we were not even able to login after we tried to install Debian/lenny:
    $ zlogin debian26
    [Connected to zone 'debian26' pts/4]
    FATAL: kernel too old
    
    Debian/sarge shipped with 2.4.27 and 2.6.8, that's hopefully old enough. To build our tarball (for zoneadm later on), we're using a GNU/Linux box somewhere in our lab:
    lnx# mount -o loop,ro debian-31r0-i386-netinst.iso /mnt/cdrom/
    lnx# debootstrap sarge /mnt/zone-sarge31 file:/mnt/cdrom/debian/
    lnx# cd /mnt/zone-sarge31
    lnx# mkdir -p etc/sysconfig etc/rc.d/init.d
    lnx# touch etc/rc.d/rc.sysinit etc/rc.d/init.d/halt
    lnx# tar -cf ../zone-sarge31.tar .
    
    OK, we now have our tarball (with some fake RedHat'ish configuration files) and are now ready to install our configured branded zone:
    $ zoneadm -z debian26 install -d /mnt/nfs/lnx/mnt/zone-sarge31.tar
    $ zoneadm -z debian26 boot
    $ zlogin debian26
    -bash: initialize_job_control: setpgid: Operation not permitted
    $ uname -a
    Linux debian26 2.4.21 BrandZ fake linux i686 GNU/Linux
    $ grep -i proc /proc/cpuinfo 
    processor       : 0
    model name      : AMD Opteron(tm) Processor 848
    processor       : 1
    model name      : AMD Opteron(tm) Processor 848
    $ dmesg 
    klogctl: Function not implemented
    
    Hm, I guess Debian/Sarge still installs 2.4 per default, so we could've just used SUNWlx :-\ The zone is running now, but far too many things are b0rked, e.g. networking: there's no network route set, yet ping(1) across the subnet is working - but we're not able to set a different/default route (SIOCADDRT) - it's not really funny. That's it for now folks, stay tuned how we're gonna solve this one.

    TODO:
  • boot Debian/sarge with a 2.6 kernel (utilize SUNWlx26)
  • configure a SUNWlx zone, may be more easier to do...
  • try Debian/etch?
  • vmware-vdiskmanager: Failed to load library

    OK, this one is easy, but for the sake of the archives, here it goes:

    $ vmware-vdiskmanager -t 2 -r winxp.vmdk winxp-static.vmdk
    SSLLoadSharedLibrary: Failed to load library 
    libssl.so.0.9.8:\
    /opt/vmware-server/bin/libdir/lib/libssl.so.0.9.8/libssl.so.0.9.8:
    cannot open shared object file: No such file or directory
    Core dump limit is 1048576 KB.
    Core dumped.
    
    Of course, strace is here to help:
    $ strace vmware-vdiskmanager [...]
    [...]
    open("/opt/vmware-server/bin/libssl.so.0.9.8", O_RDONLY) \
    = -1 ENOENT (No such file or directory)
    open("/opt/vmware-server/bin/libdir/lib/libssl.so.0.9.8/libssl.so.0.9.8", \
    O_RDONLY) = -1 ENOENT (No such file or directory)
    
    Somehow the VMWare installer must've messed up the directory structure: what is bin/libdir/lib supposed to mean? A symlink helps:
    $ ln -s /opt/vmware-server/lib/vmware /opt/vmware-server/bin/libdir
    
    Oh, and for the initial command: disk performance was kinda sucky and I tried to convert the 2GB filefragments into one big 6GB .vmdk, let's see if this helps....

    Truecrypt hackery

    I don't really like TrueCrypt. But it's the quasi standard to encrypt (external) storage which is to be attached to different operating systems. Yes, its license is kinda fishy; OSI approval has been withdrawn too. But after all, TrueCrypt is available for Windows, MacOS X and GNU/Linux (x86). And lacking the skillz to write my own halfway-portable encryption wrapper myself, I'm stuck with it. That being said, there's still the quest for the optimal filesystem: I'd need a POSIX like filesystem, providing symlinks, honoring ownerships and permissions and perhaps with journaling on top. And I need read and write support.

    Let's see:

  • FAT - not a chance
  • NTFS - crappy symlink implementation, no (stable) MacOS driver
  • UFS - it's dead, Jim. Also: no stable write support in the Linux kernel.
  • ZFS - almost! It's even included in MacOS 10.5, but only as a read-only version. There's a ZFS project on macosforge.org, but it lists MacOS 10.5 as a requirement and I'm still on 10.4 on my PowerBook :-\
  • HFS+ - well, that's it I guess. Comes with all the features required, write support under Linux is pretty stable, not sure about journaling support under Linux though.
  • Anyway, the real question was: how do I convince Truecrypt to format my new volume as HFS+, but with journal, case-sensitivity and enabled ownerships?

    Here it is:
  • Create a new volume in TrueCrypt, just choose "none" when it wants to format your volume. Actually, it does not matter, as we're gonna reformat anyway.
  • Use Truecrypt to "mount" the volume, but before doing that click "Options" in the mount-dialog and check "do not mount" - the wording is kinda sucky, yes.
  • Now TrueCrypt should have activated your volume, but not mounted. We'll now format (and partition) our activated device:
  • $ diskutil disk6
    /dev/disk6
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:                            disk6                  *931.2 Gi   disk6
    
    $ diskutil partitionDisk disk6 1 GPTFormat "Case-sensitive Journaled HFS+" disk6 100%
    Started partitioning on disk disk6 disk6
    Creating partition map
    Formatting disk6s2 as Mac OS Extended (Case-sensitive, Journaled) with name disk6
    [ + 0%..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% ] 
    Finished partitioning on disk disk6
    /dev/disk6
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *931.2 Gi   disk6
       1:                        EFI                         200.0 Mi   disk6s1
       2:                  Apple_HFS disk6                   930.9 Gi   disk6s2
    $ diskutil rename /dev/disk6s2 disk6s2
    $ diskutil list disk6
    /dev/disk6
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *931.2 Gi   disk6
       1:                        EFI                         200.0 Mi   disk6s1
       2:                  Apple_HFS disk6s2                 930.9 Gi   disk6s2
    
    We can now deactivate the device with TrueCrypt ("unmount") and mount it again - this time for real. We still have to enable the ownership model though:
    $ vsdbutil -c /Volumes/disk6s2 
    No entry found for '/Volumes/disk6s2'.
    $ vsdbutil -a /Volumes/disk6s2
    $ vsdbutil -c /Volumes/disk6s2
    Permissions on '/Volumes/disk6s2' are enabled.
    
    $ diskutil info disk6s2
    [...]
       Device Identifier:        disk6s2
       Device Node:              /dev/disk6s2
       Mount Point:              /Volumes/disk6s2
       File System:              Case-sensitive Journaled HFS+
                                 Journal size 81920 KB at offset 0x1d19000
       Owners:                   Enabled
       Partition Type:           Apple_HFS
    
    Now we can really start using it. I still wonder why TrueCrypt (or MacOS X) defaults to case-insensitivity and does not enable the ownership model by itself.

    /etc/release

    I just found out which package takes care of the /etc/release file: it's SUNWsolnm*. So, this file actually will get updated when a new release comes by.

    $ cat /etc/release 
                          Solaris 10 10/08 s10s_u6wos_07b SPARC
               Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
                            Use is subject to license terms.
                                Assembled 27 October 2008
    
    * SunSolve account needed

    sharemgr.exe not found

    I feel kinda stupid even asking this, having done this for years now, but: how do you create NFS shares on a Solaris 10 system? /etc/exports is obsolete, but so is dfstab(4), apparently:

          Do not modify this file directly. This file is reconstructed and only 
          maintained  for backwards compatibility. Configuration lines could
          be lost. Use the sharemgr(1M) command for all share management.
    
    However, sharemgr(1m) does not seem to exist on this Solaris10 box. Well, sharemgr has been introduced in late 2006 (in response to Bug#6281048) but this nifty tool hasn't made it to Solaris10 yet.

    So, for now we're stuck with:
  • editing /etc/dfs/dfstab or
  • using zfs set sharenfs, for ZFS filesystems.

  • There are nice articles from Doug McCallum on this topic:
  • Share properties under sharemgr
  • sharemgr and ZFS