Sunday, March 2, 2014

The Awesome Intel NUC - get one!

My review of the Intel NUC ( Next Unit of Computing ) system I recently purchased. Just for background purposes, I did try really hard to make the latest version of Raspberry Pi with licensed codecs work for this; it was close to making the cut but just fell short.  I loaded XBMC on the Pi which worked great as long as you're streaming compressed content i.e. m4v ( I started down the Apple route first and I'm quite happy with sticking with m4v ).  The Pi falls apart once I switched over to live or recordings of MPEG 2 HD stuff. After more searching, I finally found the Intel NUC on Amazon; was thinking oh how nice it would be to have an i3 system but the price quickly steered me away and started looking at the cheaper models. Since this systems was mostly going to be for a front end system for MythTV which runs on my home server and holds all my TV recordings and ripped movies I've purchased was going for the cheapest possible way. OK, enough blabbing....

Prereq's:

  • Wired Ethernet
  • Compact and quiet
  • Netflix ( don't care how )





Disclaimer:   I only run *nix on my home computers as the main OS.

I am currently running Ubuntu 13.10 64-bit ( will most likely go with 14.04 LTS when released ) on this system with the SSD drive listed below; for the first three weeks I was testing out with a 8 GB USB stick which did work but not ideal due to response time. XMBC and MythTV settings for audio need to be adjusted to 5.1 / 7.1 depending on your setup.  I am running through a Yamaha NS-SP1800BL receiver and although the OS mixer only shows a single pcm channel and no speaker information, the end result sound is correct.  I had issues with the X server not even giving me a useable signal on my projector with 12.04 LTS and after upgrading to 13.10 X did require some tweaking for overscan but all is good now. I am looking forward to Intel releasing some other variants and these would make great firewall/IDS systems if there were multiple NIC's.

Here is my parts list ( sorry.. I love Amazon and also a Prime member ):

Intel NUC - http://www.amazon.com/gp/product/B00B7I8HZ4
SSD Drive - http://www.amazon.com/gp/product/B00DY5C74K
Memory -  http://www.amazon.com/gp/product/B005NU47XI/
Power cord - http://www.amazon.com/gp/product/B0000AOWXO 

Optional:
Remote -  http://www.amazon.com/gp/product/B00224ZDFY
Keyboard/Mouse -  http://www.amazon.com/gp/product/B004T0QLLO/
Bluetooth Adapter ( iPazzPort adapter blows ) - http://www.amazon.com/gp/product/B004LNXO28

What is great about the system:

  • First off, the power connection is the best I've seen on any system. You have to give quite a tug on the power cord for removal.
  • 3 year warranty.
  • Can't beat the price.
  • Plays anything I've thrown at it including OTA 720P via the SiliconDust HDHomeRun.
  • MythTV frontend and XBMC both run flawless.
  • Netflix is possible via the Linux pipelight which is essentially running Silverlight via WINE. 
  • The system is very compact and has a nice solid feel.
  • Have yet to hear a fan and yet the system, by touch, has only felt a medium warmth.

My gripes:

  • You have to purchase the wall to power brick cord!  come on Intel give a coupon at least but after you open the box you'll understand why the power cord is not included.

Saturday, June 16, 2012

Back to Cable TV with mixed feelings

I gave in to the pressure to return to cable.

The kids flat out won this battle as we have been under assault all year to get back cable and now back to watching their favorite Disney and Nickelodeon shows.  I hate to admit it but I've been watching quite of bit of Motocross, Moto GP , and Superbike racing lately and what a season of racing we've had in all the different styles. Wish it were different but I even priced out renting/buying content via iTunes/Amazon Video & TV, and DVD's for the content but at an average of 2.99 a show the cost would add up.  Now if it were just a few shows I could see the big cost savings but you start getting into a half-a-dozen TV shows and movies to boot and your're right up there with cable. Please prove me wrong if you can but Hollywood greed has got us by the wallet.

Saturday, June 9, 2012

Ubuntu 12.04 migrate form 32-bit to 64-bit

So I see many posts asking if there is a way to upgrade from 32-bit to 64-bit and it can be done without the upgrade mentality which will also give you a forced cleanup of cruft-o-packages. I'm doing this because I wanted to play with KVM and some other 64-bit OS so I need a 64-bit kernel, go figure.... like I don't enough outstanding honey-do's.

Disclaimer: I have been doing SA related work for many years and while this is not a HOWTO but more of my tale of how I accomplished this to give less savvy home admin types yet another reference.

Pre-reqs:
 - Verify the install CD when you boot!!! The ubuntu-12.04-alternate-amd64.iso had a file with a bad MD5 ( https://bugs.launchpad.net/bugs/1010757 ) and bailed on the install so I had to start over with the ubuntu-12.04-beta2-alternate-amd64.iso.
 - Make sure you have two backups! ( one should be on another machine/disk ).
 - Don't freak out if you think something went wrong just stay calm.
 - Pay attention when in the disk partition section that you don't format anything but /boot, swap and /.

Packages I run include web, mythtv-backend, kde, xfce4, mail server w/ spam, amavis, clamav cleaners getting all the nastys coming in the ethers.  I like to play with different window managers because the devs screw it up and lose followers with complete "it's gotta be better" re-writes hint: GNOME devs and Unity.  Look, if you just have a toggle UP: show me all the tweaks and toggle DOWN: hide all the tweaks; that would make more users happy.  Heck, I might even give E17 another look.

My disk layout:
RAID-1 pair
/dev/md0           101018      60169     35633  63% /boot
/dev/md1  ( my swap partition )
/dev/md2         29230360    8181368  19583872  30% /
/dev/md3         67290936   30562360  33310352  48% /home
/dev/md4        382552620  195536600 167583400  54% /data

RAID-5 four 1TB ( mythtv recordings, backups, ripped DVD's, etc )
/dev/md5       2927499732 2455517884 471981848  84% /backup


Section 1 ( info gathering and backup ) :
  - apt-get update; apt-get -y dist-upgrade
  - fdisk -l > before_fdisk_ouput
  - cat /proc/mdstat > before_mdstat_output
  - dpkg -l > before_package_list
  - Backup the system TWICE.

Here are my backup commands ( make sure destination directories exist ):

backitup for backup to the RAID-5
rsync -avx --delete /boot/ /backup/mirror/webby_boot/
rsync -avx --delete / /backup/mirror/webby_root/
rsync -avx --delete /dev/ /backup/mirror/webby_root/dev/
rsync -avx --exclude=".gvfs" --delete-after /home/ /backup/home/

backitup_toquad for backup to my other machine
rsync -avx --numeric-ids --delete /boot/ root@quad:/home/webby_backup/webby_boot/
rsync -avx --numeric-ids --delete / root@quad:/home/webby_backup/webby_root/
rsync -avx --numeric-ids --delete /dev/ root@quad:/home/webby_backup/webby_root/dev/
rsync -avx --numeric-ids --exclude=".gvfs" --delete-after /home/ root@quad:/home/webby_backup/home/

Section 2 (  Install 64-bit version ):
  - Boot the install CD and verify disk for defects!!
  - Install and do the manual disk partitioning and only format /boot, swap and / partitions.

Section 3 ( Install/Remove some packages and make a few backups of new /etc files ):
 Install ssh server and get back old keys and setup
  - apt-get install openssh-server openssh-blacklist openssh-blacklist-extra
  - cp -a /etc/ssh /etc/ssh.sav
  - rsync -axv /$BACKUP/etc/ssh/ /etc/ssh/
  - /etc/init.d/ssh restart
  Now you can log in remotely if you want i.e. if you have keys setup ;)

  Optional -  I have scripts and info I need here
  - rsync -axv /$BACKUP/root/ /root/

  Optional - this is more of a server machine so I whack Network Manager
  - apt-get remove network-manager

 Copy hosts, fstab, passwd, group, interfaces
  - cp fstab fstab.64-bit
  You might want to merge the other filesystems into the new fstab if you did not set those up during install.  I just added /home, /data and /backup to the new /etc/fstab.

  - mount -av
  Make sure at least the /backup mounts so you can copy necessary file back.

  - cp -a passwd passwd.64-bit
  - cp -a group group.64-bit
  - cp -a shadow shadow.64-bit


  - cp /$BACKUP/etc/hosts /etc/
  - cp /$BACKUP/etc/network/interfaces  /etc/network/
  - cd /$BACKUP/etc ; cp passwd group shadow shadow- passwd- group- /etc/
  NOTE: user and group id's are not consistent even between like distros so we must fix
  since we copied our versions back.

  - chown -R lightdm:lightdm /var/lib/lightdm
  - chown -R avahi-autoipd:avahi-autoipd /var/lib/avahi-autoipd
  - chown -R couchdb:couchdb /var/lib/couchdb
  - chown -R avahi:avahi /var/run/avahi-daemon
  
Moved this step up as my sound card and logins were getting consolkit dbus error messages when logging in.  This is because the user and group id's for system accounts are not consistent i.a. the user creation scripts will just pick unused account and group numbers.
  - apt-get --reinstall install pulseaudio pulseaudio-module-gconf pulseaudio-utils dbus dbus-x11 gstreamer0.10-pulseaudio pulseaudio-module-gconf pulseaudio-module-x11 pulseaudio-utils python-dbus python-dbus-dev

Section 4 ( reboot, copy back files and re-install packages ):


  - reboot
  Login and make sure everything fires up AOK.


  - cd /$BACKUP/etc ; rsync -axv Mutt* amavis apache2 fail2ban* my* nx* postfix razor spamassassin /etc/
  - cd /$BACKUP/var/lib ; rsync -axv amavis spamassassin nxserver /var/lib/
  - cd /$BACKUP/usr/local/bin; cp librarian-notify-send MythDataGrabber mythicalLibrarian myth-status procmail-check.pl spamfilter /usr/local/bin/
  - cd /$BACKUP/var ;  rsync -axv www /var/
  - cd /$BACKUP/etc ; rsync -axv apache2/ /etc/apache2/
  - cd /$BACKUP/etc/default ; cp google-musicmanager spamassassin mythweb /etc/default/
  - cd /$BACKUP/etc/apt/sources.list.d/ ; cp freenx-team-ppa-lucid.list chromium-daily-ppa-lucid.list google-musicmanager.list /etc/apt/sources.list.d/
  - cd /$BACKUP/etc/apt/ ; cp trusted* /etc/apt/

  NOW compare your dpkg  -l output with the file before_package_list created above. look for packages need to be re-installed.


  - dpkg -l > now_package_list
  - diff -b -y now_package_list before_package_list


Here are a few runs I did:

  - apt-get install vim amavisd-new apache2 php5 spamassassin postfix mythtv-backend mythweb flashplugin-installer clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract p7zip ttf-mscorefonts-installer mythtv-frontend mythtv-database xmltv-util procmail mysql-server razor bsd-mailx libclamunrar6



  - dpkg -l > now_package_list
  - diff -b -y now_package_list before_package_list

  - apt-get install openjdk-6-jdk icedtea-6-plugin icedtea-plugin fonts-ipafont-mincho ttf-telugu-fonts ttf-oriya-fonts ttf-kannada-fonts ttf-bengali-fonts fonts-ipafont-gothic
  - apt-get install lame rsstail openshot lzop lynx logwatch picard mp3info iptraf irssi git ethtool curl cvs arj agrep irssi-scripts git-cvs git-svn
  - apt-get install imagemagick enscript ffmpeg x264 mencoder ddclient mythplugins mythnetvision mythweather

  - dpkg -l > now_package_list
  - diff -b -y now_package_list before_package_list

Yeah..... everything should be a right a rain :)

Thursday, February 16, 2012

Adventures migrating photos from iPhoto 9 to Digikam 2.1.1

After our mac mini update to Snow Leopard, the system was clearly now under-powered and since my wife and I both stay logged at most times running just browsers caused us to swap out way too much. I decided to build a Shuttle SH67H3 with i5-2500k CPU and 16GIG of RAM from NewEgg and we are now running Linux Mint 12. The most important part of the transitions was to not loose all our iPhoto Albums. Also, I did not want to do them over from scratch again so I set out on google and found photokam ( https://sites.google.com/site/laurentbovet/photokam ) which did the majority of my lifting but I did not want a straight copy from iPhoto.

iPhoto splits your images tree into Masters(Originals now a link)/Year/Date(Roll)/etc... and Preview(Modified now a link)/Year/Date(Roll)/etc... but digikam ( http://www.digikam.org/ ) allows you to manage your tree how you like and makes new version of a photo by appending _v1 to the basename of the file.

Just to make sure I did not leave myself with the easiest transition possible :-P I decided to just rsync my iPhoto Library Masters directory to /home/photos on the new machine.  I did not want the separate directory tree so after copying all the Masters/Originals sync'd I figured I'd look at copying the files from the Previews/Modified directory copied over and make a -v1 in the same path from /home/photo_temp.  I'm not sure why but iPhoto changes the extension from .jpg to .JPG on or after the copy process? So I wrote a script but this only gets you 90% there. You'll have to do some manual cleanup because in additions because iPhoto seems to copy modified versions i.e. cropped to an entirely different directory(Roll) so that will need to clean up afterwards.


Here is my update_photo script to move the Previews(Modified) versions over the new master location:
----------------- cut -------------------------
#!/usr/bin/perl


use File::Copy;
use File::Find;


find({ wanted => \&process_file, no_chdir => 1},  "." );
sub process_file {
  $tempfilename = $File::Find::name;
  if ( -f $tempfilename ) {
    #print " This is a file: $tempfilename";
       if ( -f "/home/photos/$tempfilename" ) {
          print " and matching file exist \n";
          my $new_name = "/home/photos/$tempfilename";
          $new_name =~ s/(.*)(\..+$)/$1-v1$2/g;
          print "move $tempfilename $new_name\n";
          move($tempfilename, $new_name);
       } else {
          #print " and matching file does not exist \n";
                my $upper_name = $tempfilename;
                $upper_name =~ s/.jpg/.JPG/g; 
                if ( -f "/home/photos/$upper_name" ) {
                   #print " Upper case is there: /home/photos/$upper_name\n";
                   my $new_upper_name = "/home/photos/$upper_name";
                   $new_upper_name =~ s/(.*)(\..+$)/$1-v1$2/g;
                   print "move $tempfilename $new_upper_name\n";
                   move($tempfilename, $new_upper_name);
                  } else {
                   my $lower_name = $tempfilename;
                   $lower_name =~ s/.JPG/.jpg/g;
                   #print " Lower case is there: /home/photos/$lower_name\n";
                   my $new_lower_name = "/home/photos/$lower_name";
                   $new_lower_name =~ s/(.*)(\..+$)/$1-v1$2/g;
                   print "move $tempfilename $new_lower_name\n";
                   move($tempfilename, $new_lower_name);
                }
       }
  } else {


    print " This is NOT a file: $tempfilename\n";
 }
  
}
----------------- cut -------------------------
So now you have to tweak photokam scripts to migrate the information from the AlbumData.xml file copied over from your iPhoto Library directory I just commented out the copy commands since the files were already copied over:
# diff prepare.py photokam-0.5/prepare.py 
8c8
< file_extensions=('jpg', 'JPG', 'jpeg', 'JPEG')
---
> file_extensions=('jpg', 'JPG', 'jpeg', 'JPEG', 'tif', 'TIF', 'tiff', 'TIFF', 'avi', 'AVI')
23c23
<         input = '.'
---
>         input = 'iPhoto Library'
30c30
<     debug = True
---
>     debug = False
128,129c128
<         print('                     Fullname --- '+to_date_string(date))
<         fullname = to_date_string(date)+' - '+roll['RollName']
---
>         fullname = to_date_string(date)+' - '+roll['AlbumName']
166c165
<     #            copy_file(input, original_source_path, out+'/'+target_path, mtime, True)
---
>                 copy_file(input, original_source_path, out+'/'+target_path, mtime, True)
177,178c176,177
<     #            copy_file(input, original_source_path, out+'/'+original_target_path, mtime, True)
<     #            copy_file(input, source_path, out+'/'+target_path, mtime)
---
>                 copy_file(input, original_source_path, out+'/'+original_target_path, mtime, True)
>                 copy_file(input, source_path, out+'/'+target_path, mtime)
183c182
<     #        copy_file(input, source_path, out+'/'+target_path, mtime)
---
>             copy_file(input, source_path, out+'/'+target_path, mtime)
 So after running the process-digikam-db.py script I get errors immediately on the process so I started hacking away and here is the diff.
$ diff process-digikam-db.py photokam-0.5/process-digikam-db.py 
26c26
<         input = args[0]+'/digikam4.db'
---
>         input = args[0]+'/digikam3.db'
59,60d58
<             if debug:
<                 print( ' The pieces  '+pieces[0])
66,75c64,73
<     #-#print('Setting album dates')
<     #-#p=re.compile('[1-2][0-9][0-9][0-9]-[0-1][0-9]-[0-3][0-9]')
<     #-#c=con.cursor()
<     #-#c.execute("select id, relativePath from Albums")
<     #-#for id, relativePath in c.fetchall():
<     #-#    name=relativePath.split('/')[-1]                
<     #-#    if len(name) >= 10 and p.match(name):
<     #-#        date=time.strptime(name[:10]+' 12', "%Y-%m-%d %H") #12h offset to avoid tz shifts
<     #-#        params=(name[:10], id)
<     #-#        c.execute('update albums set date=date(?) where id=?', params)
---
>     print('Setting album dates')
>     p=re.compile('[1-2][0-9][0-9][0-9]-[0-1][0-9]-[0-3][0-9]')
>     c=con.cursor()
>     c.execute("select id, url from Albums")
>     for id, url in c.fetchall():
>         name=url.split('/')[-1]                
>         if len(name) >= 10 and p.match(name):
>             date=time.strptime(name[:10]+' 12', "%Y-%m-%d %H") #12h offset to avoid tz shifts
>             params=(name[:10], id)
>             c.execute('update albums set date=date(?) where id=?', params)
116d113
<     #print( '    Album path '+album_path+'      Image name '+image_name )
121c118
<             "where Images.album=Albums.id and relativePath=? and name=?", params)
---
>             "where Images.dirid=Albums.id and url=? and name=?", params)
I thought that would get me home but I kept getting errors about not finding the photos in the database and found that the tag-mappings.txt was somehow not quite right... A sample here:

2011/2011-08-28 - 09-11-PhoneDump/IMAG0242.jpg=Albums/Favorites/Summer_2011
2011/2011-08-28 - 09-11-PhoneDump/IMAG0245.jpg=Albums/Favorites/Summer_2011
2011/2011-08-30 - Aug 27, 2011/P1090019.JPG=Albums/Favorites/Summer_2011
2011/2011-08-30 - Aug 27, 2011/P1090023.JPG=Albums/Favorites/Summer_2011

so I hacked up this:
$ cat update_tag_map.sh 
#!/bin/bash

while read line 
do

 myyear=`echo $line | cut -c 1-4`

 mydir=`echo $line | awk -F' - ' '{print $2}' | sed  's!\=.*$!!'`
 myfile=`echo $mydir | sed 's!^.*/!!g'`

  mynewfile=`locate $myfile | grep /home/photos/$myyear | cut -c 19-`
  echo " this is my new file --- $mynewfile"

  mynewline=`echo $line | sed s!"$mydir"!"$mynewfile"!g`
  echo "$mynewline" >> /home/photos/tag-mappings.txt
done < /home/photo_temp/tag-mappings.txt
And the result is:
2011/09-11-PhoneDump/IMAG0242.jpg=Albums/Favorites/Summer_2011
2011/09-11-PhoneDump/IMAG0245.jpg=Albums/Favorites/Summer_2011
2011/Aug 27, 2011/P1090019.JPG=Albums/Favorites/Summer_2011
2011/Aug 27, 2011/P1090023.JPG=Albums/Favorites/Summer_2011
NOTE: make sure the tag-mappings.txt file does not have any blank lines or the process-digikam-db.py script will fail.

Everything seems OK for now but I'll post back if I see any other gotchas.


.

Thursday, June 9, 2011

Samba 4 AD Server on RedHat 6.1

My goal was to run Samba 4 on RHEL6 to provide basic AD services for a our local Windows 7 systems. I did an initial install on a machine not running SElinux just to see if I could get Samba4 and DNS working. I used the bind source rpm from Fedora 14 because the version is RHEL 6.0 did not have the proper DNSSEC support.

Another goal was to also keep SELinux enabled throughout the process of getting things up and running. For the most part, it is working but all of the samba4 directory structure is not properly labeled and the samba processes are running unconfined_u and initrc_t label. Guess I need to figure out how to create a brand new policy from a template or scratch. I highly recommend that you have the policycoreutils-python and setroubleshoot packages installed until you get things working and then remove setroubleshoot.


We are currently running alpha14 from source .tar.gz file installed in /usr/local. Although, I'd like to find a base .spec file to work on in the future.

I used the current instructions on the Samba Wiki to install and test functionality minus the extended file attributes as I'm thinking of joining non-AD host with the stock smb to provide filesharing and maybe printing.
https://wiki.samba.org/index.php/Samba4/HOWTO#Samba4_HOWTO


NOTE:  As of RHEL 6.1 you no longer need to use the bind packages from Fedora 14 as the version shipped with RHEL 6.1 is AOK. You will need ntp => 4.2.6 for the ntp-signd option to work... I downloaded the current stable release from ntp.org and used the RH 6.1 spec file, added --enable-ntp-signd just made adjustments to version, removed all the patch entries and finally adjusted build options along with packaged files.

I installed the following prior to building Samba :
gtkhtml setroubleshoot-server setroubleshoot-plugins policycoreutils-python   libsemange-python setools-libs-python setools-libs popt-devel libpcap-devel   sqlite-devel libidn-devel libxml2-devel libacl-devel libacl-devel mysql-devel   libsepol-devel libattr-devel keyutils-lib-devel zlib-devel  cyrus-sasl-devel

EDIT:  Full ntp.spec posted at the bottom of post now

#  ------- ntp.spec not a full diff -------- #
218c115
< --enable-linuxcaps
---
> --enable-linuxcaps --enable-ntp-signd
327a225
> %{_sbindir}/sntp
345,346c243,244
< %{_mandir}/man8/ntptime.8*
< %{_mandir}/man8/tickadj.8*
---
> %{_mandir}/man8/ntpdtime.8*
> #%{_mandir}/man8/tickadj.8*
352c250
< %{_mandir}/man8/ntp-wait.8*
---
> #%{_mandir}/man8/ntp-wait.8*
#  ------- ntp.spec not a full diff -------- #


Untar the tar file
cd samba-4.0.0alpha14/source4
./configure.developer
make
make quicktest
make install


chgrp named /usr/local/samba/private/dns
chgrp named /usr/local/samba/private/dns.keytab
chmod g+r /usr/local/samba/private/dns.keytab
chmod 775 /usr/local/samba/private/dns


chcon -t named_conf_t /usr/local/samba/private/dns.keytab
chcon -t named_conf_t /usr/local/samba/private/named.conf.update
chcon -t named_var_run_t /usr/local/samba/private/dns
chcon -t named_var_run_t /usr/local/samba/private/dns/DOMAIN.REALM.zone

For some reason I was not able to change the context for the /usr/local/samba/var/run/ntp_signd directory to ntpd_t so I had to create a local policy for Samba to be able to provide time to the clients.

NOTE: I was trying to do this but nothing I did worked to change the context :( so a policy was needed )
chcon -u system_u -t ntpd_t /usr/local/samba/var/run/ntp_signd
chcon -u system_u -t ntpd_t /usr/local/samba/var/run/
chcon -t ntpd_t /usr/local/samba/var/run/ntp_signd/socket 


##################################################################
######  Contents of /etc/selinux/targeted/contexts/files/file_contexts.local ##########
##################################################################
/usr/local/samba/private/dns.keytab    system_u:object_r:named_conf_t:s0
/usr/local/samba/private/named.conf    system_u:object_r:named_conf_t:s0
/usr/local/samba/private/named.conf.update    system_u:object_r:named_conf_t:s0
/usr/local/samba/private/dns    system_u:object_r:named_var_run_t:s0
/usr/local/samba/private/dns/DOMAIN.REALM.zone    system_u:object_r:named_var_run_t:s0
/usr/local/samba/var/run/ntp_signd    system_u:object_r:ntpd_t:s0


################################################
###########  module build steps   ####################
################################################
##
## Look for specific errors for ntpd
##
tail -10 /var/log/audit/audit.log | audit2allow
OR
grep ntpd  /var/log/audit/audit.log | audit2allow


Once you are happy with the output of audit2allow just >> to samba4.te

checkmodule -M -m -o samba4.mod samba4.te 
semodule_package -o samba4.pp -m samba4.mod
semodule -i samba4.pp

# -------------  contents of samba4.te file -------------- #
module samba4 1.0;


require {
type ntpd_t;
type usr_t;
type initrc_t;
class sock_file write;
class unix_stream_socket connectto;
}


#============= ntpd_t ==============
allow ntpd_t usr_t:sock_file write;


#============= ntpd_t ==============
allow ntpd_t initrc_t:unix_stream_socket connectto;

# -------------  end of samba4.te file -------------- #


# ---------------- end of samba4 init.d script ----------------- #
#!/bin/bash
#
# samba4        Startup script for the Samba4 Server
#
# chkconfig: - 85 15
# description: The Samba4 Server the next generation SMB  \
#       server implementing FULL AD roles. 
# processname: samba
# pidfile: /usr/local/samba/var/run/samba.pid
#
### BEGIN INIT INFO
# Provides: samba4
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: start and stop Samba4 Server
# Description: The Samba4 Server the next generation SMB
#  server implementing FULL AD roles.
### END INIT INFO


# Source function library.
. /etc/rc.d/init.d/functions


if [ -f /etc/sysconfig/samba4 ]; then
        . /etc/sysconfig/samba4
fi


samba=${SAMBA-/usr/local/samba/sbin/samba}
prog=samba
pidfile=${PIDFILE-/usr/local/samba/var/run/samba.pid}
lockfile=${LOCKFILE-/var/lock/subsys/samba}
RETVAL=0


# So we just do it the way init scripts are expected to behave here.
start() {
        echo -n $"Starting $prog: "
        daemon --pidfile=${pidfile} $samba $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        return $RETVAL
}


# Kill the processes
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d 10 $samba
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}


# See how we were called.
case "$1" in
  start)
start
;;
  stop)
stop
;;
  status)
        status -p ${pidfile} $samba
RETVAL=$?
;;
  restart)
stop
start
;;
  *)
echo $"Usage: $prog {start|stop|restart}"
RETVAL=2
esac


exit $RETVAL
# ---------------- end of samba4 init.d script ----------------- #

# ---------------- full ntp.spec -------------------------------- #

Summary: The NTP daemon and utilities
Name: ntp
Version: 4.2.6p3
Release: 9
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
# include/ntif.h (not used) : BSD
# include/rsa_md5.h : BSD with advertising
# include/ntp_rfc2553.h : BSD with advertising
# libisc/inet_aton.c (not used) : BSD with advertising
# libntp/md5c.c : BSD with advertising
# libntp/mktime.c : BSD with advertising
# libntp/ntp_random.c : BSD with advertising
# libntp/memmove.c : BSD with advertising
# libntp/ntp_rfc2553.c : BSD with advertising
# libntp/adjtimex.c (not used) : BSD
# libopts/ : BSD or GPLv2+
# libparse/ : BSD
# ntpd/refclock_jjy.c: MIT
# ntpd/refclock_oncore.c : BEERWARE License (aka, Public Domain)
# ntpd/refclock_palisade.c : BSD with advertising
# ntpd/refclock_jupiter.c : BSD with advertising
# ntpd/refclock_mx4200.c : BSD with advertising
# ntpd/refclock_palisade.h : BSD with advertising
# ntpstat-0.2/ : GPLv2
# util/ansi2knr.c (not used) : GPL+
# sntp/ (not packaged) : MSNTP
License: (MIT and BSD and BSD with advertising) and GPLv2
Group: System Environment/Daemons
Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.gz
Source1: ntp.conf
Source2: ntp.keys
Source3: ntpd.init
Source4: ntpd.sysconfig
Source5: ntpstat-0.2.tgz
Source6: ntp.step-tickers
Source7: ntpdate.init
Source8: ntp.cryptopw
Source9: ntpdate.sysconfig
Source10: ntp.dhclient


URL: http://www.ntp.org
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
Requires: ntpdate = %{version}-%{release}
BuildRequires: libcap-devel openssl-devel libedit-devel perl-HTML-Parser
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)


%description
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.


Perl scripts ntp-wait and ntptrace are in the ntp-perl package and
the ntpdate program is in the ntpdate package. The documentation is
in the ntp-doc package.


%package perl
Summary: NTP utilities written in perl
Group: Applications/System
Requires: %{name} = %{version}-%{release}
# perl introduced in 4.2.4p4-7
Obsoletes: %{name} < 4.2.4p4-7
%description perl
This package contains perl scripts ntp-wait and ntptrace.

%package -n ntpdate
Summary: Utility to set the date and time via NTP
Group: Applications/System
Requires(pre): shadow-utils 
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service


%description -n ntpdate
ntpdate is a program for retrieving the date and time from
NTP servers.


%package doc
Summary: NTP documentation
Group: Documentation
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description doc
This package contains NTP documentation in HTML format.

%define ntpdocdir %{_datadir}/doc/%{name}-%{version}


# pool.ntp.org vendor zone which will be used in ntp.conf
%if 0%{!?vendorzone:1}
%{?fedora: %define vendorzone fedora.}
%{?rhel: %define vendorzone rhel.}
%endif


%prep 
%setup -q -a 5




for f in COPYRIGHT; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} && touch -r ${f}{,_} && mv -f ${f}{_,}
done


%build
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
if echo 'int main () { return 0; }' | gcc -pie -fPIE -O2 -xc - -o pietest 2>/dev/null; then
./pietest && export CFLAGS="$CFLAGS -pie -fPIE"
rm -f pietest
fi
%configure \
--sysconfdir=%{_sysconfdir}/ntp/crypto \
--with-openssl-libdir=%{_libdir} \
--enable-all-clocks --enable-parse-clocks \
--enable-linuxcaps --enable-ntp-signd
echo '#define KEYFILE "%{_sysconfdir}/ntp/keys"' >> ntpdate/ntpdate.h
echo '#define NTP_VAR "%{_localstatedir}/log/ntpstats/"' >> config.h


make %{?_smp_mflags}


sed -i 's|$ntpq = "ntpq"|$ntpq = "%{_sbindir}/ntpq"|' scripts/ntptrace
sed -i 's|ntpq -c |%{_sbindir}/ntpq -c |' scripts/ntp-wait


pushd html
../scripts/html2man
# remove adjacent blank lines
sed -i 's/^[\t\ ]*$//;/./,/^$/!d' man/man*/*.[58]
popd 


make -C ntpstat-0.2 CFLAGS="$CFLAGS"


%install
rm -rf $RPM_BUILD_ROOT


make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install


mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8}
rm -rf $RPM_BUILD_ROOT%{_mandir}/man1


pushd ntpstat-0.2
mkdir -p $RPM_BUILD_ROOT%{_bindir}
install -m 755 ntpstat $RPM_BUILD_ROOT%{_bindir}
install -m 644 ntpstat.1 $RPM_BUILD_ROOT%{_mandir}/man8/ntpstat.8
popd


# fix section numbers
sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' $RPM_BUILD_ROOT%{_mandir}/man8/*.8
cp -r html/man/man[58] $RPM_BUILD_ROOT%{_mandir}


mkdir -p $RPM_BUILD_ROOT%{ntpdocdir}
cp -p COPYRIGHT ChangeLog NEWS $RPM_BUILD_ROOT%{ntpdocdir}


# prepare html documentation
find html | egrep '\.(html|css|txt|jpg|gif)$' | grep -v '/build/\|sntp' | \
cpio -pmd $RPM_BUILD_ROOT%{ntpdocdir}
find $RPM_BUILD_ROOT%{ntpdocdir} -type f | xargs chmod 644
find $RPM_BUILD_ROOT%{ntpdocdir} -type d | xargs chmod 755


pushd $RPM_BUILD_ROOT
mkdir -p .%{_sysconfdir}/{ntp/crypto,sysconfig,dhcp/dhclient.d} .%{_initrddir}
mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats}
touch .%{_localstatedir}/lib/ntp/drift
sed -e 's|VENDORZONE\.|%{vendorzone}|' \
-e 's|ETCNTP|%{_sysconfdir}/ntp|' \
-e 's|VARNTP|%{_localstatedir}/lib/ntp|' \
< %{SOURCE1} > .%{_sysconfdir}/ntp.conf
touch -r %{SOURCE1} .%{_sysconfdir}/ntp.conf
install -p -m600 %{SOURCE2} .%{_sysconfdir}/ntp/keys
install -p -m755 %{SOURCE3} .%{_initrddir}/ntpd
install -p -m755 %{SOURCE7} .%{_initrddir}/ntpdate
install -p -m644 %{SOURCE4} .%{_sysconfdir}/sysconfig/ntpd
install -p -m644 %{SOURCE9} .%{_sysconfdir}/sysconfig/ntpdate
install -p -m644 %{SOURCE6} .%{_sysconfdir}/ntp/step-tickers
install -p -m600 %{SOURCE8} .%{_sysconfdir}/ntp/crypto/pw
install -p -m755 %{SOURCE10} .%{_sysconfdir}/dhcp/dhclient.d/ntp.sh
popd


%clean
rm -rf $RPM_BUILD_ROOT


%pre -n ntpdate
/usr/sbin/groupadd -g 38 ntp  2> /dev/null || :
/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r -d %{_sysconfdir}/ntp ntp 2>/dev/null || :


%post
/sbin/chkconfig --add ntpd
:


%post -n ntpdate
/sbin/chkconfig --add ntpdate
:


%preun
if [ "$1" -eq 0 ]; then
/sbin/service ntpd stop &> /dev/null
/sbin/chkconfig --del ntpd
fi
:


%preun -n ntpdate
if [ "$1" -eq 0 ]; then
/sbin/service ntpdate stop &> /dev/null
/sbin/chkconfig --del ntpdate
fi
:


%postun
if [ "$1" -ge 1 ]; then
/sbin/service ntpd condrestart &> /dev/null
fi
:


%files
%defattr(-,root,root)
%dir %{ntpdocdir}
%{ntpdocdir}/COPYRIGHT
%{ntpdocdir}/ChangeLog
%{ntpdocdir}/NEWS
%{_sbindir}/ntp-keygen
%{_sbindir}/ntpd
%{_sbindir}/ntpdc
%{_sbindir}/ntpq
%{_sbindir}/ntptime
%{_sbindir}/tickadj
%{_sbindir}/sntp
%{_initrddir}/ntpd
%config(noreplace) %{_sysconfdir}/sysconfig/ntpd
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ntp.conf
%dir %attr(750,root,ntp) %{_sysconfdir}/ntp/crypto
%config(noreplace) %{_sysconfdir}/ntp/crypto/pw
%dir %{_sysconfdir}/dhcp/dhclient.d
%{_sysconfdir}/dhcp/dhclient.d/ntp.sh
%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp
%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/drift
%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats
%{_bindir}/ntpstat
%{_mandir}/man5/*.5*
%{_mandir}/man8/ntp-keygen.8*
%{_mandir}/man8/ntpd.8*
%{_mandir}/man8/ntpdc.8*
%{_mandir}/man8/ntpq.8*
%{_mandir}/man8/ntpstat.8*
%{_mandir}/man8/ntpdtime.8*
#%{_mandir}/man8/tickadj.8*


%files perl
%defattr(-,root,root)
%{_sbindir}/ntp-wait
%{_sbindir}/ntptrace
#%{_mandir}/man8/ntp-wait.8*
%{_mandir}/man8/ntptrace.8*


%files -n ntpdate
%defattr(-,root,root)
%{_initrddir}/ntpdate
%config(noreplace) %{_sysconfdir}/sysconfig/ntpdate
%dir %{_sysconfdir}/ntp
%config(noreplace) %{_sysconfdir}/ntp/keys
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ntp/step-tickers
%{_sbindir}/ntpdate
%{_mandir}/man8/ntpdate.8*


%files doc
%defattr(-,root,root)
%{ntpdocdir}/html


%changelog
* Wed Jun 1 2010 Your Name <joe@nowhere.me> 4.2.6p3-1
- using 4.2.6p3 stable as base based on RHEL6 specfile
- The exact same as redhat except built with --enable-ntp-signd

# ----------------- end of ntp.spec ----------------------- #