SleepMap (Posts about arch linux)

Managing binary package repositories

David Runge — Sat, 02 Jul 2022 11:19:59 GMT

In Packaging for Arch Linux I described the ins and outs of binary repository management and some of the issues that come with the tooling currently used by Arch Linux.

In this article I will highlight the work on new tooling and its features.

Since my last write-up on this topic, the project formerly known as arch-repo-management has been renamed to repod (as in repo-d) and has just seen its first minor release. 🎉

You can find its documentation at https://repod.archlinux.page.

Packaging for Arch Linux

David Runge — Wed, 06 Apr 2022 11:22:53 GMT

In Arch, a recap I elaborated a bit on my reasons for getting involved with Arch Linux. In this post I would like to highlight a few technical details and give a "behind the scenes" when it comes to packaging on and for Arch Linux. This post is written from the viewpoint of a distribution packager, but it is likely to contain information also useful to people packaging on different distributions or for private purposes.

Arch, a recap

David Runge — Sun, 30 Jan 2022 16:00:00 GMT

One of the things, that has kept me (increasingly) busy over the past few years is my involvement with the Linux distribution Arch Linux. While I have been using Linux for probably about 14 years it is frankly hard to pinpoint when exactly I went down the rabbit hole that this operating system/ ecosystem/ community is (relevant XKCD). However, I can elaborate on my motivation and where that got me.

Securely serving webapps using uWSGI

David Runge — Sat, 08 Oct 2016 07:00:00 GMT

Ever since I have been running my own Arch Linux box to serve my services, I used nginx in conjunction with uWSGI.
So instead of using php-fpm and be limited to just PHP, I can use a single application server to do all of them (CGI, Python, PHP and even the stuff I don't use, such as Ruby Rack, Mono, Java, Lua, Perl, WebDAV). They are all separately installable as plugins.
Static sites, such as this, default to being served by nginx directly of course.
Over time I found uWSGI to be a very versatile and powerful piece of software that has many advantages (over e.g. Apache):

socket activation
webapp encapsulation and jailing
self-healing
being able to separetely manage services
exit after idle

I'll explain the services I use (MantisBT, roundcube, ownCloud, Mailman, Stikked, Wordpress, Postfixadmin, phpMyAdmin, cgit, MediaWiki, Etherpad ) along with configuration examples and their possible pitfalls.

In my last post about Let's Encrypt I already showed some examples on how to configure nginx for the use with uWSGI. Let's jump right in.

Let's encrypt it all

David Runge — Thu, 29 Sep 2016 18:00:00 GMT

For a couple of months now I have been using Let's Encrypt to generate free and valid certificates for all the services I run.
In many places the free Certificate Authority (short CA) has spread like wild-fire. From small to large scale services, many adopted it and the amount of issued certificates has grown over 1 million in just four months.
As a visitor to this website you have probably noticed the small green lock sign next to the address bar. The certificate used for this website is accepted to be valid by your browser (and also by your operating system).
If you're up for some background knowledge, just read on. If you're up for some hands-on technical stuff, jump right on to the howto.
Just note: This is a veeeeeeery long article in any case.

Linux Audio Conference 2015

David Runge — Fri, 03 Apr 2015 04:00:00 GMT

It's been quite some time since my last post.
But I have not been lazy!

I will be attending this year's Linux Audio Conference) in Mainz. Not only as a guest (I seriously hope I will have the time to just snoop around), but mainly for setting up the 8 channel version of "The Sound Of People" and to give a workshop on "Arch Linux as a lightweight audio platform".
You can find my information for the event here.

SSH tunnel with single hop, using systemd-networkd and autossh

David Runge — Sun, 01 Feb 2015 18:00:00 GMT

Recently I had the pleasure of setting up a SSH tunnel between two virtual machines that share no route and are located in two different subnets.
They can however reach each other via SSH, hopping their host.
Let's assume the following setup:

client1 (Arch Linux) has 10.0.5.2/24
client2 (Arch Linux) has 10.0.6.2/24
host (Debian) is 10.0.5.1/24 to client1 and 10.0.6.1/24 to client2

As I needed the two clients to be able to send mail to each other and reach each others' services, I did some digging and opted for a SSH connection using TUN devices (aka. "poor man's VPN").

The following is needed to set this up:

root access on both virtual machines (client1 & client2)
a user account on the host system
SSH (OpenSSH assumed) installed on all three machines