Saturday, July 11, 2009

Three scripts for package management on Debian and Ubuntu systems

Five of the top 10 most downloaded distributions on Distrowatch use the Debian package system. It has developed a rich infrastructure of utilities -- not just the core commands apt-get and dpkg, but also such less well-known commands as apt-cache, apt-spy, and apt-listbugs. In addition, an array of other scripts, some mashups of existing utilities, and some original, are regularly available on sites like openDesktop.org. Such scripts help to streamline the process of keeping a Debian-based package system in working order, and provide information to help you make better decisions about software installation.

These scripts join a host of graphical front ends to apt-get and GUI tools for searching package repositories. However, because efficient package management is still done at the command line, they have a relevance that many command lines tools lack today. Some are simple, some are specific to one distribution (usually Ubuntu), and you might need to modify them before they suit your needs. However, all can be surprisingly useful if you believe in making hands-on decisions about the contents of your system instead of relying on the update applet in your notification tray. Here are three excellent examples.

Apt-utility

Apt-utility is a simple bash script designed for those who like to keep their systems constantly up to date, and would prefer not to enter the commands one at a time.

Unfortunately, the script is a little muddled in the apt-get commands that it issues. It begins, reasonably enough, by using apt-get update to make sure that the package repositories are current. However, it then runs apt-get upgrade, followed immediately by apt-get dist-upgrade -- which is a redundancy, since dist-upgrade does everything that upgrade does, as well as handling the dependencies in new versions of packages. Then it runs apt-get clean, followed by apt-get autoclean, leaving autoclean with nothing to do, since clean has already cleared out the /var/cache/apt/archives directory. The script ends with apt-get autoremove to remove packages that were installed as dependencies for packages that are no longer on the system.

You can fix those issues with a little judicious editing. While you are removing apt-get upgrade and apt-get autoclean from the script, you can also remove sudo from the start of every line of the script if you are not using the sudo command to access the root account (by default, Debian does not use sudo, while Ubuntu does).

You should also be check which repositories are enabled in /etc/apt/sources.list before you use this script or your own version of it. Used with the stable or even the testing repositories of Debian, Apt-utility should be safe, but automated updates with the unstable or experimental repositories enabled could result in broken dependencies and, in extreme cases, even major system problems.

Ubucleaner

Although it's intended primarily for Ubuntu, Ubucleaner is a grab-bag script that works -- mostly -- with other Debian-based distributions as well. The script cleans the apt-cache, removes the configuration files for removed packages, removes all kernels except the present one, and empties the trash for every user on the system. The kernel removal function works only with Ubuntu kernels.

All these tasks have in common is that they remove extra files from the system, so you might want to edit the script or comment out sections that you don't want. In particular, considering that a backup kernel may be useful if tinkering disables your current one, you might want to disable the kernel removal feature -- as well as the "Removing old kernels" message, so you don't have a heart attack when you run the script.

The script assumes that you are using the text-based Aptitude application, rather than apt-get and dpkg. If you are not using Aptitude, you should also replace the reference to aptitude clean with apt-get clean and the reference to aptitude purge to dpkg --purge.

daptup

Like Ubucleaner, daptup is intended for use with Aptitude. However, it is far safer than Ubucleaner, since it is purely informational, building for Debian-derived distributions lists of new packages, upgradeable packages, watched packages, and outdated packages that have upgrades available. You can use these lists to plan your software upgrades.

You can configure the content of these lists by editing the file /etc/daptup.conf. Here you can set such criteria as how many days old a package should be before it is listed as outdated, what packages on your system to watch, and what packages to watch that are uninstalled. You might, for instance, want to keep checking on whether the latest version of OpenOffice.org has arrived in a repository, or to wait until Gnash reaches its 1.0 release before you install it. The configuration file is heavily commented and includes examples, so you should have little trouble setting daptup to run exactly as you want.

If you do not automatically upgrade, or if you know that a large number of packages has recently flooded into the repositories you use, you might want to run daptup piped into either the less or more command (for instance, daptup | less); otherwise, the lists could easily be longer than your display buffer, so that the first entries disappear before the last one is visible. Alternatively, you might comment out some of the lists in /etc/daptup.conf, or change the number of lines in the display buffer in your terminal program's configuration settings.

Conclusion

There are many other scripts out on the Internet for Debian-based package management. For instance, UnusedPkg lists programs on the system that are not used and therefore might be removable, but the download is apparently no longer available. And for more advanced users who want to examine and compare dpkg status files, the awk script dpkg-diff might come in handy.

All these scripts help you gain more information about your system, and most are easy to modify even if you know little about any form of scripting. If you keep an eye on sites like openDesktop.org that list new applications, chances are that you will have no trouble finding utilities that allow you to make more intelligent decisions about the software you are running.

Bruce Byfield is a computer journalist who writes regularly for Linux.com.

dpkg tricks for Ubuntu / debian

http://unixlab.blogspot.com)

In Debian GNU/Linux and its derivatives such as Ubuntu the software packages are bundled in a special format. We generally call them deb packages. A .deb package is basically
an archive of files that you want to install to your computer, plus some header and control
information that identifies the software. The deb files can be manipulated with dpkg command. Here are some common dpkg tricks that you can use in every day life on the Ubuntu/Debian systems.
Let us first get a debian package from Internet. I am using Ubuntu 9.04 for this tutorial and will be using aspell as a demo package. Download aspell from the Jaunty repository.

Installing a package manually.

# dpkg -i aspell_0.60.6-1_i386.deb

Removing the package

# dpkg -r aspell

#dpkg -P aspell ( Removes everything including config files.)

Now Let us explore the contents of a deb package.

Make a temporary directory.

#mkdir aspell_tmp
Extract the deb to the aspell_tmp directory.

# dpkg -x aspell_0.60.6-1_i386.deb aspell_tmp


You can see the package contents.
( Try ls -lR aspell_tmp)

The control information alone can be extrcted using -e flag instead of -x.
Or you can list the contents of a deb package as below.
# dpkg -c aspell_0.60.6-1_i386.deb

You can get details about the package with

#dpkg -p aspell
#dpkg -s aspell

If you find a strange file on your system you can check if it belongs to any package. Let us check the file /usr/share/man/man1/aspell.1.gz ( man page of aspell)
$ dpkg -S /usr/share/man/man1/aspell.1.gz
aspell: /usr/share/man/man1/aspell.1.gz

To see the installed files belonging to aspell try this
# dpkg -L aspell

If the package is not removed completely, you may see some configuration files left over.

Wednesday, July 8, 2009

Chuyển qua lại các dạng file cài của Linux(deb, rpm, pkg...).

Để chuyển qua lại giữa các dạng file bạn cd đến thư mục cần chuyển đổi gõ alien [options] file [...]

file [...] Package file or files to convert.
-d, --to-deb Generate a Debian deb package (default).
Enables these options:
--patch= Specify patch file to use instead of automatically
looking for patch in /var/lib/alien.
--nopatch Do not use patches.
--anypatch Use even old version os patches.
-s, --single Like --generate, but do not create .orig
directory.
--fixperms Munge/fix permissions and owners.
--test Test generated packages with lintian.
-r, --to-rpm Generate a Red Hat rpm package.
--to-slp Generate a Stampede slp package.
-l, --to-lsb Generate a LSB package.
-t, --to-tgz Generate a Slackware tgz package.
Enables these options:
--description= Specify package description.
--version= Specify package version.
-p, --to-pkg Generate a Solaris pkg package.
-i, --install Install generated package.
-g, --generate Generate build tree, but do not build package.
-c, --scripts Include scripts in package.
-v, --verbose Display each command alien runs.
--veryverbose Be verbose, and also display output of run commands.
-k, --keep-version Do not change version of generated package.
--bump=number Increment package version by this number.
-h, --help Display this help message.
-V, --version Display alien's version number.


Ví dụ, mình vừa thử convert file pidgin-groupmsg_2.2.0-2_i386.deb sang pidgin-groupmsg_2.2.0-2_i386.rpm, mình gõ


alien -r pidgin-groupmsg_2.2.0-2_i386.deb

0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks

Published: 2009-07-06,
Last Updated: 2009-07-07 14:08:53 UTC
by Stephen Hall (Version: 2)

A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.

Please keep a watchful eye on your AV and IDS/IPS vendors updates to ensure coverage as early as possible on this exploit as it is likely to be widely deployed with the code being available.

A valid work around for the attack vector is available which set's the kill bit on the vulnerable DLL.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400

Details of the exploit are available on the CSIS web site, but are included below:


var appllaa='0';

var nndx='%'+'u9'+'0'+'9'+'0'+'%u'+'9'+'0'+'9'+appllaa;

[SHELL CODE REMOVED]

var headersize=20;

var omybro=unescape(nndx);

var slackspace=headersize+dashell.length;

while(omybro.length<0x30000) shuishimvp="shuishiMVP+shuishiMVP+bZmybr;" memory="new" x="0;x<300;x++)" myobject="document.createElement('object');" width="'1';" height="'1';" data="'./logo.gif';" classid="'clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF';

UPDATE July 6, 2009 19:00 UTC

Microsoft have released an advisory for the exploit, it can be found here :
http://www.microsoft.com/technet/security/advisory/972890.mspx

In addition, they have published a number of blog entries to cover their user base:
http://blogs.technet.com/msrc/default.aspx
http://www.microsoft.com/technet/security/advisory/default.mspx
http://blogs.technet.com/srd/

Friday, July 3, 2009

Some ways to restore Grub

First :
1. Pop in the Live CD, boot from it until you reach the desktop.
2. Open a terminal window or switch to a tty.
3. Type "grub"
4. Type "root (hd0,6)", or whatever your harddisk + boot partition numbers are (my /boot is at /dev/sda7, which translates to hd0,6 for grub).
5. Type "setup (hd0)", ot whatever your harddisk nr is.
6. Quit grub by typing "quit".
7. Reboot.


Or

1. Boot your computer up with Ubunto CD
2. Go through all the process until you reech "[!!!] Disk Partition"
3. Select Manual Partition
4. Mount your appropriate linux partions

/
/boot
swap
.....

5. DO NOT FORMAT THEM.
6. Finish the manual partition
7. Say "Yes" when it asks you to save the changes
8. It will give you errors saying that "the system couldn't install ....." after that
9. Ignore them, keep select "continue" until you get back to the Ubuntu installation menu
10. Jump to "Install Grub ...."
11. Once it is finished, just restart your computer