dnf install build deps

If you want to build a package, but need all of its buildrequires packages, use this command:

sudo dnf builddep wxGTK3

I leave my source repositories off, so be sure to do any –enablerepo=fedora-source,updates-source as necessary.

For debian family

Try a cool tool named “mk-build-deps” as documented over at https://www.guyrutenberg.com/2017/09/23/use-mk-build-deps-instead-of-apt-get-build-dep/

References

Weblinks

Automatically install build dependencies prior to building an RPM package [stackoverflow.com]

Increase docker devicemapper space when full

If you are using a docker environment that does not have the best-practice method of storage (docker controlling its own vg), but you still need to grow the space beyond what it currently is, there is still a way.

Edit /etc/sysconfig/docker-storage:

DOCKER_STORAGE_OPTIONS = --storage-opt dm.loopdatasize=180GB

A colleague showed me that. It’s not well-documented in my opinion, but I did find at least one other online reference: Increase disk size of docker containers when using device mapper [wordpress.com]

Lightdm crashes after dnf update

For a few months this year, running “dnf update” caused my display manager to malfunction. It it a terribly annoying problem. In the past, once, my /usr/bin/X was not installed. I don’t know how that happened.

This time, lightdm was not starting due to some error message which is only visible if you turn on logging/debugging and go find the right log.

lightdm gtk:error:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed

Thankfully, the issue was researchable online although it did take a while and I bounced around different distros’ fora to get to the answer.
For Fedora, the answer simply was:

sudo dnf -y reinstall shared-mime-info

References

Web searches

  1. Google: fedora lightdm gtk:error:gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed

Web links

  1. https://forums.fedoraforum.org/showthread.php?280639-Icons-and-images-disappeared-can-t-login-in-gnome-shell
  2. https://bugzilla.redhat.com/show_bug.cgi?id=1002782
  3. points to the next two links https://bbs.archlinux.org/viewtopic.php?id=223801
  4. what actually solved it http://forum.tinycorelinux.net/index.php?topic=4389.0
  5. same kind of error https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1627564

Fixing problem Repository ceres InRelease changed its Label value from Master to Devuan

tl;dr

rm /var/lib/apt/lists/*

The fix

If you encounter an error that resembles the following, on Devuan GNU/Linux, there is a fix for it!

# sudo apt-get update
Reading package lists... Done
E: Repository 'http://packages.roundr.devuan.org/merged ceres InRelease' changed its 'Label' value from 'Master' to 'Devuan'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

There’s a new label in use, it seems. Big deal, except for the fact you can’t really get around it. The apt-secure(8) page does not seem to provide any answers.

To view the current labels for the enabled repos:

# apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://packages.devuan.org/merged ceres/non-free i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=non-free,b=i386
     origin packages.devuan.org
 500 http://packages.devuan.org/merged ceres/contrib i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=contrib,b=i386
     origin packages.devuan.org
 500 http://packages.devuan.org/merged ceres/main i386 Packages
     release v=1.0.0,o=Devuan,a=unstable,n=ceres,l=Master,c=main,b=i386
     origin packages.devuan.org
Pinned packages:

The fix is to remove the cached lists for the repositories and fetch it all again.

rm /var/lib/apt/lists/*

That’s all there is to it! Then run apt-get update again, and you’re back on your way.

References

Weblinks

  1. man page apt_preferences(5)

Local resources

  1. bash autocomplete for apt and apt-get

logrotate ignores files with g+w permission

Another logrotate post!

If you have a logrotate definition, with permission g+w, logrotate will ignore it. You can see that if you run logrotate with -v flag.

-rw-------. 1 root root 349 Nov  2 15:02 nginx

If you want the nginx group to still be able to manage their own logrotate definition, use ACLs, which are already enabled by default on xfs and ext4

# setfacl -m 'group:nginx:rw-' nginx
# getfacl nginx
# file: nginx
# owner: root
# group: root
user::rw-
group::---
group:nginx:rw-                 #effective:---
mask::---
other::---

# ls -l nginx
-rw-------+ 1 root root 349 Nov  2 15:02 nginx

rpm rebuild db

On rare occasions, rpm locks up. The issue is probably a broken database, so try cleaning it and rebuilding it.

Remove the rpm db files
Rebuild the database.

rm -f /var/lib/rpm/__db*
rpm --rebuilddb

Additionally, you can clean up the .lock files, after confirming no yum or rpm processes are running.

rm -f /var/lib/rpm/.*.lock

So many Internet references discuss rebuilding the rpm database, so so specific sources are provided.

Apache use ssl virtual host to reverse proxy to http

Documenting partially for myself but also for anyone else who just wants to deal with the http virtual host, but have ssl as well.

You need some basic ssl configs, which I tend to place in a separate file so all virtal hosts can share the same settings.

tf=/etc/httpd/conf.d/all-ssl.cnf
touch "${tf}" ; chmod 0644 "${tf}" ; chown root.root "${tf}" ;
cat <<EOF 1> "${tf}"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
</Directory>

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateChainFile /etc/pki/tls/certs/chain-localhost.crt

SetEnvIf User-Agent ".*MSIE 4\.0b2.*"                 nokeepalive ssl-unclean-shutdown                 downgrade-1.0 force-response-1.0

LogLevel warn
ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combinedvhost

<Directory "/var/www/html/notfound/">
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

# END OF FILE all-ssl.cnf
EOF

And the real config file:

tf=/etc/httpd/conf.d/repo.conf
touch "${tf}" ; chmod 0644 "${tf}" ; chown root.root "${tf}" ;
cat <<EOF 1> "${tf}" 
# reference:
# https://bgstack15.wordpress.com/2016/03/24/adding-adfs-integration-to-apache/
# ssl act as proxy: https://httpd.apache.org/docs/2.4/rewrite/proxy.html

#Listen 80 # not needed here in base C7 because this is provided in /etc/httpd/conf/httpd.conf
#Listen 443
<VirtualHost *:80>
ServerName repo1.int.example.com
ServerAlias *.int.example.com *
UseCanonicalName Off

DocumentRoot /var/www/html
Options +Indexes
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=*
</VirtualHost>

<VirtualHost *:443>

ServerName repo1.int.example.com:443
ServerAlias *.int.example.com

Include conf.d/all-ssl.cnf
# try the <proxy> stuff from https://bgstack15.wordpress.com/2017/10/12/adding-reverse-proxy-for-plex-to-apache-vhost/

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://repo1.int.example.com/
ProxyPassReverse / http://repo1.int.example.com/

</VirtualHost>