Posts Tagged Ubuntu
I have a mirror where Debian and Ubuntu packages are hosted ,so people in the internal network can upgrade their software using this mirror. But the other day I realized it couldn’t sync against the Debian mirror, as described in the article How to build Debian and Ubuntu mirrors using debmirror. When I tried to run the sync script I got an error and it exited with errors.
When running debmirror script, it fails with a error similar to this one:
gpgv: Signature made Wed 17 Jul 2013 04:40:31 PM CST using RSA key ID 473041FA [GNUPG:] ERRSIG AED4B06F473041FA 1 2 00 1374050431 9 [GNUPG:] NO_PUBKEY AED4B06F473041FA gpgv: Can’t check signature: public key not found gpgv: Signature made Wed 17 Jul 2013 04:40:31 PM CST using RSA key ID 46925553 [GNUPG:] ERRSIG 8B48AD6246925553 1 2 00 1374050431 9 [GNUPG:] NO_PUBKEY 8B48AD6246925553 gpgv: Can’t check signature: public key not found Release signature does not verify.
Packages are validated using a key, so we can trust what we are downloading from the source repo and what will installed on our computers. Some repositories have a keyrnig with known keys, and it’s likely that a new key signature was added to the Debian/Ubuntu keyring. This can occur if there is new distro version, and new keys were added, making our keyring out of date (the new keys are missing).
In order to fix this issue, follow the next steps depending on the distro you are mirroring:
Update the repository and import the new keys:
aptitude update aptitude safe-upgrade gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /var/data/keyrings/debian/trustedkeys.gpg --import
Sidenote: If no keys were added, download the latest debian-archive-keyring package from the repositories, extract it and use those keyrings. Example:
wget http://ftp.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2012.4_all.deb dpkg -x debian-archive-keyring_2012.4_all.deb ~ gpg --keyring ~/usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --no-default-keyring --keyring /var/data/keyrings/debian/trustedkeys.gpg --import
Download the latest ubuntu-archive-kering package and extrack it, later use the those keyrings . Example:
wget http://mirror.pnl.gov/ubuntu//pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb dpkg -x ubuntu-keyring_2012.05.19_all.deb ~ gpg --keyring ~/usr/share/keyrings/ubuntu-archive-keyring.gpg --export|gpg --no-default-keyring --keyring /var/data/keyrings/ubuntu/trustedkeys.gpg --import
After this procedure, the sync script will run without problems and it will downloaded the latest updates.
If by chances you have a slow connection but in another place have a better connection (school, university, work, etc.) and have a computer with Debian which on the same architecture (x86, x64, etc.) with almost the same software selection, you can do this little trick to carry part of the downloaded packages:
Computer with good connection
Update and upgrade the computer with good connection:
root@dell~# aptitude update aptitude safe-upgrade
On Debian and alike distros the downloaded packages are stored in /var/cache/apt/archives, so you can copy the content of that directory into a pen-drive or external hard drive:
cp -r /var/cache/apt/archives /media/usb0
Computer with poor connection
Update the package list. Despite you have a poor connection , you still need Internet to retrieved the package’s information:
root@cupcake:~# aptitude update root@cupcake:~# aptitude safe-upgrade The following packages will be upgraded: bind9-host dnsutils evolution-data-server evolution-data-server-common gdm3 gnome-shell gnome-shell-common google-chrome-stable gvfs gvfs-backends gvfs-bin gvfs-common gvfs-daemons gvfs-libs host icedtea-netx icedtea-netx-common krb5-locales libbind9-80 libc-bin libc-dev-bin libc6 libc6:i386 libc6-dev libc6-i386 libc6-i686:i386 libcairo-gobject2 libcairo2 libcamel-1.2-33 libdbus-glib-1-2 libdns88 libebackend-1.2-2 libebook-1.2-13 libecal-1.2-11 libedata-book-1.2-13 libedata-cal-1.2-15 libedataserver-1.2-16 libedataserverui-3.0-1 libglib2.0-0 libglib2.0-0:i386 libglib2.0-bin libglib2.0-data libgssapi-krb5-2 libgssapi-krb5-2:i386 libisc84 libisccc80 libisccfg82 libk5crypto3 libk5crypto3:i386 libkrb5-3 libkrb5-3:i386 libkrb5support0 libkrb5support0:i386 liblwres80 libperl5.14 libproxy0 libssh-4 libxen-4.1 libxenstore3.0 locales multiarch-support openssh-client openssh-server perl perl-base perl-modules python python-minimal vim vim-common vim-runtime vim-tiny xserver-xorg-video-nouveau The following packages are RECOMMENDED but will NOT be installed: xserver-xephyr 73 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 103 MB of archives. After unpacking 16.6 MB will be used. Do you want to continue? [Y/n/?] n
Here you can see it needs to download 103 MB. Say no by typing “n”, and copy the packages from the pen-drive to /var/cache/apt/archives/:
# cp -R /media/C6A7-9F3C/archives/* /var/cache/apt/archives/
Now update the package list and try to upgrade the packages one more time:
root@cupcake:~# aptitude update root@cupcake:~# aptitude safe-upgrade The following packages will be upgraded: bind9-host dnsutils evolution-data-server evolution-data-server-common gdm3 gnome-shell gnome-shell-common google-chrome-stable gvfs gvfs-backends gvfs-bin gvfs-common gvfs-daemons gvfs-libs host icedtea-netx icedtea-netx-common krb5-locales libbind9-80 libc-bin libc-dev-bin libc6 libc6:i386 libc6-dev libc6-i386 libc6-i686:i386 libcairo-gobject2 libcairo2 libcamel-1.2-33 libdbus-glib-1-2 libdns88 libebackend-1.2-2 libebook-1.2-13 libecal-1.2-11 libedata-book-1.2-13 libedata-cal-1.2-15 libedataserver-1.2-16 libedataserverui-3.0-1 libglib2.0-0 libglib2.0-0:i386 libglib2.0-bin libglib2.0-data libgssapi-krb5-2 libgssapi-krb5-2:i386 libisc84 libisccc80 libisccfg82 libk5crypto3 libk5crypto3:i386 libkrb5-3 libkrb5-3:i386 libkrb5support0 libkrb5support0:i386 liblwres80 libperl5.14 libproxy0 libssh-4 libxen-4.1 libxenstore3.0 locales multiarch-support openssh-client openssh-server perl perl-base perl-modules python python-minimal vim vim-common vim-runtime vim-tiny xserver-xorg-video-nouveau The following packages are RECOMMENDED but will NOT be installed: xserver-xephyr 73 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 2,474 kB/103 MB of archives. After unpacking 16.6 MB will be used. Do you want to continue? [Y/n/?]
As you can see, now it needs 2,4 MB, much less than originally needed and it will last much less in downloading with a poor connection like the Venezuela’s 3G networks (put here your preferred mobile operator’s name).
Here I explain how to set up a mirror for Debian an Ubuntu repositories, on a Debian server. The steps explained next can be found on other sites, except how to deal with the repository’s keyrings. For instance, on the Ubuntu’s tutorial they explain how to install the keyrings assuming the server you are installing the mirror has Ubuntu running, but what if it’s running on a Debian server?
As I mentioned, I used debmirror for mirroring both distros. There are other programs, like apt-cacher, but I chose debmirror because I wanted to mirror all Debian and Ubuntu repos. So, in order to install debmirror just type the following as root:
aptitude install debmirror
Installing the keyrings
Now it’s time for installing the repositories’ keyrings. Because I wanted a mirror for Debian and other for Ubuntu, I had to download both keyrings packages and import the keyrings from them:
To install the keyrings for Debian’s repos the latest debian-archive-keyrings must be downloaded, for instance from testing:
# wget http://ftp.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2012.4_all.deb
Then the package’s content must be extracted in the root’s home directory:
# dpkg-deb -x debian-archive-keyring_2012.4_all.deb ~
And finally import the keyrings:
# gpg --no-default-keyring --keyring /home/repo/keyrings/debian/trustedkeys.gpg --import /root/usr/share/keyrings/debian-archive-keyring.gpg gpg: keyring `/home/repo/keyrings/debian/trustedkeys.gpg' created gpg: key B98321F9: public key "Squeeze Stable Release Key " imported gpg: key 473041FA: public key "Debian Archive Automatic Signing Key (6.0/squeeze) " imported gpg: key 65FFB764: public key "Wheezy Stable Release Key " imported gpg: key 46925553: public key "Debian Archive Automatic Signing Key (7.0/wheezy) " imported gpg: Total number processed: 4 gpg: imported: 4 (RSA: 4) gpg: no ultimately trusted keys found
On Ubuntu I did something similar. I downloaded the latest ubuntu-keyring package up-to-date, from quantal’s repos:
# wget http://pa.archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2012.05.19_all.deb
Then I proceed to extract the package content in the root’s home directory and import the keyrinngs:
# dpkg-deb -x ubuntu-keyring_2012.05.19_all.deb ~# gpg --no-default-keyring --keyring /home/repo/keyrings/ubuntu/trustedkeys.gpg --import /root/usr/share/keyrings/ubuntu-archive-keyring.gpggpg: keyring `/home/repo/keyrings/ubuntu/trustedkeys.gpg' created gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key " imported gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key " imported gpg: key C0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) " imported gpg: key EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) " imported gpg: Total number processed: 4 gpg: imported: 4 (RSA: 2) gpg: no ultimately trusted keys found
The debmirror script
The script is an adaptation of the the one at Ubuntu’s documentation, I saved as /home/repo/scripts/debian.sh with the following values:
#!/bin/sh# Don't touch the user's keyring, have our own instead export GNUPGHOME=/home/repo/keyrings/ubuntu # Architecture. For Ubuntu can be i386, powerpc or amd64. arch=i386,amd64 # Minimum Ubuntu system requires main, restricted # Section (One of the following - main/restricted/universe/multiverse). section=main,multiverse,universe,restricted # Release of the system (Quantal, Precise, etc) release=quantal,quantal-security,quantal-updates,quantal-backports,precise,precise-security,precise-updates,precise-backports # Server name, minus the protocol and the path at the end server=us.archive.ubuntu.com # Path from the main server, so http://my.web.server/$dir, Server dependant inPath=/ubuntu # Protocol to use for transfer (http, ftp, hftp, rsync) proto=http # Directory to store the mirror in outPath=/home/repo/mirrors/ubuntu # Start script debmirror -a $arch \ --no-source \ --md5sums \ --progress \ --passive \ --verbose \ -s $section \ -h $server \ -d $release \ -r $inPath \ -e $proto \
For Debian I used other parameters and save it as /home/repo/scripts/debian.sh with this values:
#!/bin/sh # Don't touch the user's keyring, have our own instead export GNUPGHOME=/home/repo/keyrings/debian # Architecture (i386, powerpc, amd64, etc.) arch=i386,amd64 # Section (main,contrib,non-free) section=main,contrib,non-free # Release of the system (squeeze,lenny,stable,testing,etc) release=squeeze # Server name, minus the protocol and the path at the end server=ftp.us.debian.org # Path from the main server, so http://my.web.server/$dir, Server dependant inPath=/debian # Protocol to use for transfer (http, ftp, hftp, rsync) proto=http # Directory to store the mirror in outPath=/home/repo/mirrors/debian # Start script debmirror -a $arch \ --no-source \ --md5sums \ --progress \ --passive \ --verbose \ -s $section \ -h $server \ -d $release \ -r $inPath \ -e $proto \ $outPath
Note: On both cases you have to make the scripts executable, check the connection with the chosen servers and check if you have enough space available for hosting the mirrors.
Scheduled job (crontab)
Once the scripts are working, you can create a cron for keep the mirrors synced. For example, to run he scripts at midnight every day you can put the following in the /etc/crontab:
0 0 * * * root /home/repo/scripts/debian.sh 0 0 * * * root /home/repo/scripts/ubuntu.sh
Publishing the mirrrors
I published the mirror via http with Apache, the web server:
aptitude install apache2
By default on Debian, Apache uses /var/www as root directory. Thus in order to set the mirrors just make the symbolic links to that directory:
# ln -s /home/repo/mirrors/ubuntu /var/www/ # ln -s /home/repo/mirrors/debian /var/www/
Setting the clients
On the client side, you have to edit the /etc/apt/sources.list file according to the Linux version used on the client.
For Ubuntu precise (12.04) you have to put something like this in the /etc/apt/sources.list file:
deb http://192.168.1.1/ubuntu/ precise main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-updates main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-backports main restricted universe multiverse deb http://192.168.1.1/ubuntu/ precise-security main restricted universe multiverse
In this case the IP addresses 192.168.1.1 belongs to the server hosting the mirrors, which were published via http with Apache. Change to other IP or a DNS entry according to your configuration.
For Debian Squeeze you must have the following in your /etc/apt/sources.list:
deb http://192.168.1.1/debian squeeze main contrib non-free deb http://192.168.1.1/debian-security squeeze/updates main contrib non-free
For both cases after doing these changes you have to update the package list:
Once the package list has been updated you can use those repositories.
I’m sure you were thinking I was tell you: install Debian!…but no, this time I’m going to be more condescend thus I’m going to give you a tip. After installing Ubuntu one thing you can do to feel you are using Debian is open a terminal and type this:
sudo apt-get install aptitude sudo aptitude update
Now you will be using the Debian’s default console package management .
But what are the differences between aptitude and apt-get / apt-cache?
That doubt was already commented on this article aptitude vs. apt-get
User password vs. root password
Another thing you can do is to assign a password to root
sudo passwd root
After this you can log in as root and forget about sudo, in addition you will separating the installing user from the real system administrator role.
On October 10, 2010 (10/10/10) Ubuntu 10.10 was released, so if you want to update your system to this version you can type the following from a terminal:
Once you have done this just click on the Upgrade button and follow the wizard.
I have an apt-cacher server at home for caching Debian and Ubuntu repos, and the same PC has cron-apt for downloading Debian packages daily, the idea is to have the packages ready to download whenever I want to update them. On the other hand, my sister has a netbook with Ubuntu, but due to cron-apt is set to download only those packages from the distro it’s running by default, in this case Debian, when my sister’s netbook is updated she can’t take advantage of the cache because she has to wait until all packages are downloaded.
The solution is to make cron-apt download Ubuntu packages. Let’s see how to do it…
Adding Ubuntu repos to cron-apt
In order to add the Ubuntu repos you have to edit the /etc/cron-apt/config file in the following line:
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/sources.list.ubuntu10"
Where the /etc/apt/sources.list.ubuntu10 file must have the Ubuntu repos definitions. In my case, it’s the apt-cacher server:
deb http://192.168.2.100:3142/ubuntu/ lucid main restricted deb http://192.168.2.100:3142/ubuntu/ lucid-updates main restricted deb http://192.168.2.100:3142/ubuntu/ lucid universe deb http://192.168.2.100:3142/ubuntu/ lucid-updates universe deb http://192.168.2.100:3142/ubuntu/ lucid multiverse deb http://192.168.2.100:3142/ubuntu/ lucid-updates multiverse deb http://192.168.2.100:3142/ubuntu/ lucid-security main restricted deb http://192.168.2.100:3142/ubuntu/ lucid-security universe deb http://192.168.2.100:3142/ubuntu/ lucid-security multiverse
Ubuntu public keys
You also have to set the public keys, otherwise apt-cacher will send a email with a message like this one:
W: GPG error: http://192.168.2.100 lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5
In order to download and install the public key you have to do the following steps:
gpg --recv-keys 40976EAF437D05B5 gpg --export --armo 40976EAF437D05B5 | apt-key add -
Now next time I update my sister netbook, many of the packages will be ready to download from the local network at home!!
I’ve already mentioned the advantage of using a cached repository like apt-cacher. Okay, it’s true that all packages will be available when upgrading applications, but only if somebody had already downloaded them. It would be great to have something that automatically downloads those packages for you, so when you upgrade from any computer within the network those applications will already be in apt-cacher.
In order to install cron-apt just type this in a terminal as root:
aptitude install cron-apt
You have to define a running frequency of cron-apt in the /etc/cron.d/cron-apt file. There you must define at what time it will be performed, using crontab format. For example:
# Every night at 1 o'clock 0 1 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
Then you have to set some variables in the /etc/cron-apt/config fild, according to your needs. For instance, I changed the package manager from apt-get to aptitude, the mail address, and how often I will be warned:
# APTCOMMAND=/usr/bin/apt-get APTCOMMAND=/usr/bin/aptitude # APTCOMMAND
Check out the whole file if you want to change any behavior, or just let it has it comes.
By default cron-apt is set to download the package list and then download the updates. In the /etc/cron-apt/action.d/0-update you will find this:
update -o quiet=2
And the /etc/cron-apt/action.d/3-download file has this:
dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
You can change this values according to your needs, for instance for an unattended upgrade. You can also use the examples provided by the packages in the /usr/share/doc/cron-apt/examples/ directory.
The new netbook architecture comes with a Intel GMA 3150 graphic card, which it’s not supported completely by the kernel because it doesn’t show any information in the /sys/class/backlight directory. This means you won’t be able to adjust your LCD brightness with the function keys (ACPI), or use any plugin for that matter, or set the brightness with third-party applications such as laptop-mode-tools.
I did a research on Internet and I found a solution to the brightness adjustment problem, which consist in setting the value to the PCI device on the bus directly, as shown here:
setpci -s 00:02.0 f4.b=55
Where 00:02.0 is the PCI id on the bus, and 55 is a hexadecimal value between 0 and FF, which modifies the display’s brightness.
In order to konw which device id to write on, you can query the PCI bus:
mundungus:~# lspci 00:00.0 Host bridge: Intel Corporation N10 Family DMI Bridge 00:02.0 VGA compatible controller: Intel Corporation N10 Family Integrated Graphics Controller 00:02.1 Display controller: Intel Corporation N10 Family Integrated Graphics Controller 00:1b.0 Audio device: Intel Corporation N10/ICH 7 Family High Definition Audio Controller (rev 02) 00:1c.0 PCI bridge: Intel Corporation N10/ICH 7 Family PCI Express Port 1 (rev 02)
As you cans see the device id for the graphic card on the PCI bus is 00:02.0.
Commonly laptop-mode-tools writes on a file into the /sys/class/backlight directory, as I wrote in previous post, but in this case you have to put the following into the /etc/laptop-mode/conf.d/lcd-brightness.conf file:
BATT_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=55" LM_AC_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=77" NOLM_AC_BRIGHTNESS_COMMAND="setpci -s 00:02.0 f4.b=77" BRIGHTNESS_OUTPUT="/dev/null"
Notice you have to set the variable BRIGHTNESS_OUTPUT withe the value /dev/null, otherwise it won’t run properly.
I sold my Lenovo IdeaPad S10 to upgrade it to a Lenovo IdeaPad S10-3. As it happened with my sister’s S10-2 netbook, the partitions scheme looks like the ones shown above: A small partition (I assume to boot Windows), a 100 GB partition for Windows 7, another partition with 30 GB for backups, and 150 GB of rescue and driver for Windows.
Because my disk is mine, I decided to erase the two last partitions (I backup-ed its content first) and change the size of Windows 7 partition in order to make room for two Linux (Debian and Ubuntu), another partition for 1 GB of swap, and the remaining for /home, as is shown in the following picture:
The only side effect is that some applications supplied by Lenovo, like the OneKey Recovey, won’t work properly because the partitions had been deleted. The solutions is to make the rescue disks before erase those partitions, or live with those partitions but resizing them to make room (this what’s I did on my sister’s netbook, a Lenovo S10-2).
Before resizing the Windows partition you better defragment the disk. You should also check that Windows 7 boots properly after resizing the partition, if not you can recovery it by using one of those partitions provided by Lenovo. I did the mistake of erasing them, so I had to borrow a Windows 7 recovery disk, because I didn’t want to wait for a recovery disc shipped from USA.
Some people yelled: what the heck is doing Debian by including Ubuntu Software Center in its repositories? The true is, like it or not, this package is available with the name Software Center, and I have to admit it’s an option for installing software, even more easier than Synaptic does. But it’s not only a graphical interface for installing packages, sol let’s install it and see what else it has to offer.
Installing Software Center
In a terminal you can type the following:
aptitude install software-center
This will install Software Center and its compounds.
In order to use Software Center, which is depicted in the above image, you must got to Applications > System > Software Center:
From there you can search, instal and uninstall applications in the system as you would do from a terminal or graphically in Synaptic, but in a really easy way.
The Update Manager notifies users about new updates, the same way Ubuntu does.
This can be really useful for helping out forgetful people to keep their system up to date (from example if they use Debian testing).
You can also set the system’s repositories from the Software Sources utility. In my case I have some internal repositories with apt-cacher in my local network, which appear in the Third-Party Software Tab:
This application in the end just modifies the /etc/apt/sources.list file or the files in the /etc/apt/sources.list.d folder.
Compatibility with aptitude
My big concern was if this application would integrate with aptitude, I mean, if it were capable of uninstall unused dependency packages of a particular application. So far I’ve tested and it appears so!!