dracut and CVE-2016-4484: Cryptsetup Initrd root Shell

People who want to secure their Fedora/RHEL system have to: add a BIOS password add a grub password add “rd.shell=0” to the kernel command line Anaconda does add “rd.shell=0” to the kernel command line automatically, if you setup the bootloader with a password.


GPG, Smartcard and ssh

This blog posts shows how to tweak Fedora, if you want to use a smartcard with OpenPGP and use it also as a ssh key. It also serves me as a recipe for fresh installations.


A Python Transaction Class

This is a repost of a blog post of 2008. Just for the reference 🙂 This class allows sub-classes to commit changes to an instance to a history, and rollback to previous states. The final class with an extension for __setstate__ and __getstate__ can be found here: transaction.py and transaction_test.py. […]


libtool: getting rid of 180,000 sed forks

When compiling systemd on rawhide, we noticed a significant slowdown in compile time. Investigating further, it turns out, that libtool forks an incredible amount of sed. Running perf showed 30% of the “make all” was spent in bash. strace showed an execve of sed with the same arguments 180,000 times!!!!! […]


help

Single UEFI executable for kernel+initrd+cmdline

Lately Kay Sievers and David Herrmann created a UEFI loader stub, which starts a linux kernel with an initrd and a kernel command line, which are COFF sections of the executable. This enables us to create single UEFI executable with a standard distribution kernel, a custom initrd and our own […]


Self Hosting Fedora Base

If you want to bootstrap a distribution or want to rebuild it from the sources (SRPMS) to get the same binaries (think CentOS), you have to build the build tools and rebuild them with the built build tools, which have to be built with other build tools… My goal for […]


Linux: HOWTO get the number of CPUs

$ getconf _NPROCESSORS_ONLN returns the number of CPUs online Internally it is parsing /sys/devices/system/cpu/online, which can have the contents: 0-3,5,7-9. Better let getconf do all the counting for you. This is very useful, if you want to optimize the number of threads.


Fedora Boot Optimization

This article shows how to reduce boot time for Fedora 17, but the recipe can also be applied to 18, 19 and 20. The target is to get a fast booting system with NetworkManager running and gdm displaying the login screen as fast as possible. The system I use here […]


feather

Redirecting apache access_log and error_log to the systemd journal

To redirect all apache messages to syslog, which will then appear in the systemd journal modify your httpd.conf: CustomLog “|/bin/logger -t access_log -p user.info” “%v %h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-agent}i\”” ErrorLog syslog:user Of course it would be much nicer, if apache actually could use the journal […]