SSL in Postfix with Intermediate Certificate

This article describes just how to install certificates with intermediate certificate in Postfix, it does not describe how to configure Postfix for SSL as that is pretty complex topic.

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy (once you know the steps). First you need to create combined PEM file:

cat domain.tld.key domain.tld.crt intermediate.crt > domain.tld.pem

Next you need to change two variables in Postfix main.cf configuration file:

...
smtpd_tls_cert_file = /path/to/domain.tld.pem
smtpd_tls_key_file = /path/to/domain.tld.pem
...

Now just restart postfix daemon and you’re done 🙂

Tags:

Development Version of Netbeans in Gentoo

Today I just found some time to ask for Gentoo overlay to put there my latest ebuilds for development version of Netbeans, that is for nightly builds of Netbeans 7.0. You can find the overlay at http://git.overlays.gentoo.org/gitweb/?p=dev/fordfrog.git. If you do not know how to use Gentoo overlays, you can find needed information in Overlay guide.

It is safe to give Netbeans 7.0 development a try on Gentoo as Netbeans 7.0 installs in separate slot so you can have in your system both Netbeans 7.0 and 6.9.1 and even older versions. Up to that, though it is still development version, it is pretty stable and I use it myself for my work for several weeks (maybe even months, my poor memory) already.

You might also notice that I have split the single ebuild into several ebuilds, one ebuild for each Netbeans cluster plus one for Netbeans JavaDoc. I decided to do so for several reasons.

First, for me, it’s much easier to manage Netbeans ebuilds when I can rebuild just single cluster instead of whole Netbeans on each change in ebuilds etc. I can also emerge several clusters in parallel using emerge --jobs switch. That saves some time and does not load my laptop much anyway as javac does not utilize parallel compilation.

Second, for users adding/removing clusters to/from current installation does not require complete rebuild of Netbeans anymore but you emerge or unmerge just the cluster(s) that you want, so you save some time on this. Also, the same as above applies, you can emerge several clusters in parallel and save some time.

And third, there are some applications that are built on top of Netbeans Platform, like VisualVM, so these can easily reuse dev-java/netbeans-platform package without need to pull in whole Netbeans with its huge list of dependencies.

This set of ebuilds supports applying custom patches to the Netbeans sources as the previous ebuild does. You just have to set up NETBEANS70_PATCHES_DIR variable so that it points to directory where you have the patches that you want to apply. I have this line in /etc/make.conf:

...
NETBEANS70_PATCHES_DIR="/root/patches/netbeans70"
...

If you like to tweak Netbeans to your needs, you might also want to read my article on .

Tags: ,

SSL in Courier IMAP with Intermediate Certificate

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy (once you know the steps). First you need to create combined PEM file:

cat domain.tld.key domain.tld.crt intermediate.crt > domain.tld.pem

Next you need to change TLS_CERTFILE variable in Courier IMAP pop3d-ssl and imapd-ssl configuration files:

...
TLS_CERTFILE=/path/to/domain.tld.pem
...

Now just restart courier-imapd-ssl and courier-pop3d-ssl daemons and you’re done 🙂

Tags:

NetBeans, Maven and Code Coverage

I just came across Maven Test Coverage plugin for Netbeans. It is available for Netbeans 7.0 builds. It is really useful when you write tests for your code and want to make sure your tests cover all important execution paths.

The plugin runs for you Cobertura test coverage goals and displays coverage report for the tests. It also provides higlights of code lines according to your tests code coverage.

You can find more information (installation, how to use it, …) about the plugin at MavenCodeCoverage website.

Tags: , ,

Checking Free Disk Space on Linux

Long time ago, there was a utility on Gentoo that was able to check and report free disk space left in case the free disk space reached some treshold. Recently I tried to find the tool again but failed. Maybe it was diskfree which is hosted at sourceforge.net, but that application is not maintained anymore. In the end, I decided to write my own script that will report to me information about filesystems that have reached some usage treshold and need my attention. Here is the script:

#!/bin/bash

# Copyright 2010 Miroslav Šulc
#
# You can always find the latest version at http://www.fordfrog.name/posts/checking-free-disk-space-on-linux/
#
# This script is licensed under GPLv3 or newer.

# Percentage of disk usage from which to issue alerts
ALERT_USAGE=90
# You can pass extra switches to 'df' command if you want. Here are those that might be useful:
# -h     = outputs the information about filesystem usage in human readable form
# -l     = performs check only on local filesystems (so ignores filesystems connected via network)
# --sync = performs sync operation which makes the output more up to date, mainly on SunOS systems
#          (for more information see 'df' man page)
DF_EXTRA_SWITCHES="-h -l"

LC_ALL="C" df -P $DF_EXTRA_SWITCHES | grep -vE "(^Filesystem|cdrom)" \
                | awk '{ print $1 " " $5 " " $2 " " $4 }' | while read output
do
        usage=`echo $output | awk '{ print $2 }' | cut -d'%' -f1`

        if [ $usage -ge $ALERT_USAGE ]; then
                part=`echo $output | awk '{ print $1 }'`
                total=`echo $output | awk '{ print $3 }'`
                left=`echo $output | awk '{ print $4 }'`
                echo "$part usage $usage% (left $left out of $total)"
        fi
done

The scripts needs df, grep, awk and cut utilities present on your system, but these are already installed on most of the Linux systems so you should not have to install them manually.

The script has two configuration variables. ALERT_USAGE specifies usage percentage that if reached on single filesystem, it will trigger output of alert about the filesystem usage. The other configuration variable is DF_EXTRA_SWITCHES which you can use to finetune the output, like to ignore mounted network filesystems, output information about disk usage in more readable form, sync disk information before getting information from disk etc. You can see man page of df for all the possible switches.

So, with the default configuration, if you run the script and none of your filesystems has 90%+ usage, no output will be displayed. But if some of your filesystems will use 90% or more of its space, it will appear in the output. Then the output will look like this:

/dev/mapper/vg-var usage 96% (left 1.1G out of 25G)

The output says that device /dev/mapper/vg-var (which is LVM filesystem in this case) has 96% disk usage and there is 1.1GB of data left out of total 25GB which is the filesystem size.

You sure do not want to run the script manually, so put it in your cron configuration so it will be triggered automatically:

0 * * * * root bash /path/to/the/script.sh

This line will trigger the script each hour. Set it up so that it meets your needs. Also, make sure you have correctly set up your email address for cron and that your mailing system works on the box. As the script produces output only if there are any filesystems with usage over the treshold, you will receive emails only in these cases.

Here you can download the script: diskcheck-0.1.zip.

Generating Random Words

Long time ago I coded web application that generates random words. It supported generating of random words by template. Over this weekend, I rewrote the application completely to offer much wider range of generating possibilities, and also improved overall look of the website. If you wanna see how it ended up, you can click at StartNet Word Generator. If you’d have any useful comments on the website and/or application, just leave it below in comments. I hope you’ll find the application useful, be it for your business or personal needs, or just for fun 🙂

Mercurial: displaying diff for moved/renamed/copied file

Often it happens to me that I move/rename some file and while doing that, I also change content of the file. When you issue regular hg diff, the output diff contains whole file with all lines added, which is not very useful in this case.

I wondered whether there is a way to display useful diff for moved/renamed/copied files in Mercurial. The solution was not that obvious (at least for me), but Mercurial really can do this. The command to see the diff for these files is hg diff --git. This way you will get diff against the last committed original file (the parent) which is more useful in this case than the default output.

In case you want to use git diff format by default, put following either in your global Mercurial configuration file or in your repository .hgrc file:

[diff]
git=1

If you then want to use non-git diff for single run, issue following command instead, which overrides diff.git configuration from configuration file:

hg diff --config diff.git=0

Tags:

Java And Final Keyword

I must admit I am addict to using final keyword. Today I came across Renaud Waldura’s The Final Word On the final Keyword which nicely explains why final keyword should not be ignored.

Tags:

Modifying NetBeans Generated Getters And Setters

For quite a long time I was thinking about automatically adding Javadoc to getters and setters generated by NetBeans, and also automatically adding final modifier to setter parameter. NetBeans does not have this feature yet. So what exactly I wanted?

package com.mycompany.mavenproject1;

public class App {

    /**
     * Contains exciting values.
     */
    private String test;

    /**
     * Getter for {@link #test}.
     *
     * @return {@link #test}
     */
    public String getTest() {
        return test;
    }

    /**
     * Setter for {@link #test}.
     *
     * @param test {@link #test}
     */
    public void setTest(final String test) {
        this.test = test;
    }
}

With some guidance from Petr Pišl from NetBeans team, I was able to do this patch: netbeans-getter-setter.patch. You can patch your NetBeans with it, adjust the generated Javadocs to your needs, compile NetBeans and your generated getters and setters should contain exactly what you need without pressing any extra key on your keyboard.

If you want to achieve the same for php, look at org.netbeans.modules.php.editor.codegen.CGSGenerator at GETTER_TEMPLATE and SETTER_TEMPLATE declarations. it’s even easier to modify these to get the comments added.

Sure it would be better if this would be done using templates, but atm this is better than nothing.

Also I updated NetBeans ebuild in Gentoo so that you can emerge NetBeans including your patches. You can find more info at NetBeans article at Gentoo Wiki.

Tags:

Xfce, Keychain And Two ssh-agents

While trying to find out how to make NetBeans work with keychain, I noticed that after I start Xfce and then keychain is run from my .bashrc, I end up with two ssh-agents running instead of one. I did not find out why it works this way, only thing I found out is that SSH_AGENT_PID is empty when running .bashrc, and I was not willing to dig deeper to find the cause. Anyway, I made a small patch that makes Xfce work with keychain:

--- /etc/xdg/xfce4/xinitrc.orig	2010-07-17 18:43:00.025468585 +0200
+++ /etc/xdg/xfce4/xinitrc	2010-07-17 18:54:10.045657796 +0200
@@ -113,7 +113,11 @@
 sshagent=`which ssh-agent`
 kill_sshagent=0
 if test -z "$SSH_AGENT_PID" -a "$sshagent" -a "x$sshagent" != "xno"; then
-	eval `$sshagent -s`
+	if test ! -e $HOME/.keychain; then
+		mkdir $HOME/.keychain
+	fi
+	$sshagent -s | grep -v "echo Agent pid" > $HOME/.keychain/$HOSTNAME-sh
+	. $HOME/.keychain/$HOSTNAME-sh
 	kill_sshagent=1
 fi
 

The patch saves output of ssh-agent into file that keychain uses so keychain then reuses the current data and does not have to spawn new ssh-agent. just to make the info complete, this is what i have in my .bashrc:

keychain -q
. ~/.keychain/$HOSTNAME-sh
. ~/.keychain/$HOSTNAME-sh-gpg

bug report at xfce: bug 6558

Tags: , ,