GPL Software

To be of any real use in a production environment any Linux distribution must be capable of being installed in a repeatable and reliable manner. In this regard Gentoo Linux is no different however, as it is not distributed as binary packages, it is impossible to deploy "as-is" because, due to differences in configuration between machines, what works on the test system may not be exactly what is produced when the build is performed on the production system. It is also extremely hard to be sure that the exact same versions of the packages tested are deployed when building from source as minor fixes are often deployed without a corresponding revision bump of the ebuild or distributed files.

These "shortcomings" of Gentoo Linux can be turned to an advantage by running an in-house "build server" to produce binary packages which can be tested and later deployed as if a "normal" binary distribution was being used. This task is daunting to the average system administrator however as a great many files need to be kept synchronised to ensure that the binary packages produced on the build-server and tested using an appropriate test framework are actually those which are deployed. This task can be made even more complex as Gentoo Linux uses a variety of configuration files which alter the visibility of packages to the package management system in ways which are not immediately obvious to system administrators new to this distribution.

Whilst maintaining a "build server" requires considerable discipline to ensure that all the relevant files remain in sync those procedures are fairly easily automated. What is not so easily automated is the process of updating the set of binary packages produced by a "build space" ensuring that all administrative tasks are performed as if an actual user had performed the update manually.

The utilities provided in this package aim to fully automate the process of building updated binary packages in a build-space including all of the administrative tasks which would usually be performed manually by the system administrator such as removing orphaned dependencies, rebuilding broken binaries, rebuilding perl and python packages as required and ensuring that only those binary packages which are actually in use on the system are available in the package repository.

An SNMP MIB declaring the Hacking Networked Solutions PEN namespace, branches and objects used by all other Hacking Networked Solutions SNMP MIBs.

The GNU Project's Bourne Again Shell (BASH)◳ is the standard shell supplied with the vast majority of Linux systems, the default shell provided with Mac OS X and Darwin and is even available for Microsoft Windows. Whilst the Bash shell offers an extremely portable and feature rich environment for rapidly developing basic applications and utilities its syntax is often hard to parse visually and some features are buried beneath a mountain of complexity.

The Hacking Networked Solutions library for Bash provides a range of functions designed to simplify the task of writing Bash scripts. Functionality currently includes Array Manipulation Functions, Error Handling and Debugging Functions and Variable Testing Functions.

One of the key advantages of Gentoo Linux◳, which is often overlooked when comparing Linux distributions, is the ease with which software packages may be added to the Portage tree and thus incorporated into the package management system as first-class citizens complete with all the benefits you would expect from portage such as dependency resolution and installation as well as the ability to customise the installation using use-flags.

At Hacking Networked Solutions◳ we exclusively use Gentoo Linux◳ in both production and development environments which often leads us to develop new ebuild files for packages we use which are not yet in the official Gentoo Linux package repository. Sometimes these ebuild files are accepted upstream by the Gentoo Linux Development Team◳ but until that happens they are maintained in a public overlay so that they may be used by anyone.

One of the key advantages of Gentoo Linux◳, which is often overlooked when comparing Linux distributions, is the ease with which software may be modified during the installation process by automatically applying patches. These patches can be easily applied to any of the critical installation files and in some cases patches can even be automatically applied to new versions without user intervention.

At Hacking Networked Solutions◳ we exclusively use Gentoo Linux◳ in both production and development environments which often leads us to develop custom patches or patch-sets which modify the standard distribution to work more effectively for our specific requirements. Sometimes the patches we develop are accepted upstream, either by the Gentoo Linux Development Team◳ or by the developers of the package in question, but until that happens they are maintained in a public repository so that they may be used by anyone.

Whenever a computer system is updated or reconfigured there is always the possibility that the new software or configuration may not function correctly. By extension it is also a possibility, after such an update or reconfiguration, that the next time the computer is rebooted such a problem could render the system unusable by compromising a critical boot-time service, such as the networking stack or SSH daemon. This often makes resolving such an issue time consuming and difficult, especially if you only have remote access to the machine in question.

The Last Known Good Configuration (LKGC) system presented here provides a Dracut module which leverages the LVM snapshot system to make point-in-time recovery images of tagged volumes as well as the Kernel, Initial RAM FS and Hypervisor (such as Xen) which were used to boot the system. Every time the system is successfully booted these snapshots are archived and may be selected as future restore points or duplicated and used as the basis for a Last Known Good system start.

A great many bash scripts require some simple output and error logging facilities such as redirecting the output of a single command or multiple commands to a file or running an application whilst simultaneously recording the output to a file and displaying it to the screen.

The dev-libs/bash-outlogger package provides this functionality and also provides the ability to compress large log-files, using the bzip2 compression utility, and email the resulting log-files as attachments to users using the mutt email client.

The Hacking Networked Solutions patch-set for Gentoo Linux requires a means of applying a series of patch files to a portage repository to be of any value. In addition a mechanism for copying various ancillary files to the repository, such as patches to be applied during the build-phase of an ebuild rather than those to be applied to an ebuild, is also required. The Portage auto-patch utility for Gentoo Linux, or auto-patch-portage, provides such functionality.

There is no standard IETF or IEEE maintained SNMP MIB formalising the structure of harddisk SMART data. Unfortunately, neither the net-analyzer/net-snmp or sys-apps/smartmontools packages provide such a MIB file either.

The snmp-mibs/smartctl-snmp-mib package aims to rectify this by providing the Hacking Networked Solutions SMARTCTL-MIB. This MIB file describes a standard format for harddisk SMART data allowing remote monitoring of drive health using SNMP. Information included in the entry for each disk includes Drive Serial Number, Temperature, Reallocated Sector Count, Current Pending Sector Count, Off-line Uncorrectable Sector Count and UDMA CRC Error Count. Various drive lifetime indicators are also monitored including Read Error Rate, Seek Error Rate and Hardware ECC Recovered Rate.

There is no standard IETF or IEEE maintained SNMP MIB formalising the structure of MD-RAID array state data. Unfortunately, neither the net-analyzer/net-snmp or sys-fs/mdadm packages provide such a MIB file either.

The snmp-mibs/mdraid-snmp-mib package aims to rectify this by providing the Hacking Networked Solutions MD-RAID-MIB. This MIB file describes a standard format for MD-RAID array state data allowing remote monitoring of array health using SNMP. Information included in the entry for each array includes Array Path, Metadata Version, Array UUID, RAID Level, RAID Layout, and Chunk Size. Boolean indicators allowing the monitoring of Health State, Has Failed Components and Has Available Spares are also included. Finally, gauges representing Total Components, Active Components, Failed Components and Spare Components are provided.

The SNMP daemon provided in the net-analyzer/net-snmp package supports a variety of extension mechanisms including "pass-through scripts" which allow simple Bash scripts to be used to extend the functionality of the agent. Unfortunately, writing such a script is a non-trivial exercise not least because the extension agent is required to assist the SNMP daemon by providing access to the MIB structure. This knowledge of the MIB structure is essential to facilitate GETNEXT requests which enable "walking" the resulting tree.

The dev-libs/snmpd-connector-lib package provides an SNMPD agent/connector library for the Bash shell scripting language designed to assist with the development of new SNMPD agents/connectors, especially those providing access to tabular data, by providing an extremely simple API as well as other useful features including abstraction of the MIB structure.

Unfortunately, neither the net-analyzer/net-snmp or sys-fs/mdadm packages provide a suitable SNMPD extension script to enable the SNMP daemon to access MD-RAID array state data.

The snmp-agents/snmpd-mdraid-connector package aims to rectify this by providing an SNMPD extension script and a helper script which together enable the SNMP daemon to be used to remotely monitor the health and sate of MD-RAID devices. Available information includes Array Path, Metadata Version, Array UUID, RAID Level, RAID Layout, and Chunk Size. Boolean indicators allowing the monitoring of Health State, Has Failed Components and Has Available Spares are also included. Finally, gauges representing Total Components, Active Components, Failed Components and Spare Components are provided.

Unfortunately, neither the net-analyzer/net-snmp or sys-apps/smartmontools packages provide a suitable SNMPD extension script to enable the SNMP daemon to access harddisk SMART data.

The snmp-agents/snmpd-smartctl-connector package aims to rectify this by providing an SNMPD extension script and a helper script which together enable the SNMP daemon to be used to remotely monitor the health of the attached disk devices. Available information includes Drive Serial Number, Temperature, Reallocated Sector Count, Current Pending Sector Count, Off-line Uncorrectable Sector Count and UDMA CRC Error Count. Various drive lifetime indicators are also monitored including Read Error Rate, Seek Error Rate and Hardware ECC Recovered Rate.

mod_authnz_subrequest is an authentication and authorisation module which provides a new AuthType enabling Apache2 to restrict access to content to sub-requests issued by specified modules using the Require sub-request directive.

mod_transform is a filter module which enables Apache2 to perform dynamic XSLT transformations on either static XML documents, XML documents generated by another Apache module or XML documents produced by a CGI program.

This version of mod_transform was based on previous work by OutOfOrder.cc◳ and WebÞing◳. We would therefore like to thank the previous authors Nick Kew, Edward Rudd, Paul Querna and Christian Parpart for their work on this project.

Notable new features include the PreventRecursion option (to prevent documents included with xinclude or use of the document() function being subjected to processing) and improved XSLT error handling.