Slaptijack Title

WARNING: The following packages cannot be authenticated!

by Scott Hebert

We run several (read: hundreds) of servers that are still running Debian 6 (Squeeze). A few months ago, we started seeing the following errors coming from the daily apt cronjob: "WARNING: The following packages cannot be authenticated!" When running apt-get update the following errors dump out:

W: GPG error: http://mirror.internode.on.net squeeze-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553
W: GPG error: http://mirror.internode.on.net squeeze-lts Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553
W: GPG error: http://mirror.internode.on.net squeeze-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553

There are two ways to solve the problem:

apt-get install debian-archive-keyring will install all the keys you need.

If you want to install a specific key, then apt-key adv --keyserver pgpkeys.mit.edu --recv-keys 8B48AD6246925553 will do what you need. Obviously, adjust the key accordingly.

OS X Not Appending Search Domains - Yosemite Edition

by Scott Hebert

FinderIt seems this problem has resurfaced again with the new version of Mac OS X. More specifically, this problem seems to affect appending search domains when the hostname contains a dot. In Yosemite (10.10), mDNSResponder has been replaced with discoveryd. Fortunately, all we need to do here is add the --AlwaysAppendSearchDomains argument to the LaunchDaemon startup file and everything should work as expected.

  1. Before you do anything, make sure you have updated to at least OS X 10.10.1.
  2. You will need to edit /System/Library/LaunchDaemons/com.apple.discoveryd.plist. Add <string>--AlwaysAppendSearchDomains</string> to the list of strings in the ProgramArguments <array>.
  3. Restart discoveryd to see your changes take effect.
    sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist
    sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.discoveryd.plist
  4. Profit!

Mac OS X Not Using Search Domains

by Scott Hebert

FinderEvery time I restart my OS X Mountain Lion (10.9) laptop, it stops using the DNS search domains I've added via the Network preferences pane. I have found that restarting mDNSResponder fixes this issue. There are two ways to do this.

The first is a simple restart by sending a SIGHUP to the process:

$ sudo killall -HUP mDNSResponder

The other option is to stop and start the process with the launchctl command:

$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
$ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Mutt: Deleting Messages Older Than 30 Days

by Scott Hebert

Mutt LogoI tend to clear out large chunks of email all at once. The most common thing I do is clear out all mail older than 30 days.

In mutt do the following:

  • Shift-D to delete messages matching a pattern. This will return a prompt that says Delete messages matching:.
  • ~d > 30d to delete messages older than 30 days.
  • Enjoy the extra disk space you just created.

Puppet + Augeas: Modify Logrotate Configuration

by Scott Hebert

PuppetOn my web server, I keep my web sites in /var/lib/www. Each web site has a dedicated logs directory. Since logrotate is already rotating Apache logs on the server, I'd like to continue using that to rotate these log files as well. Below, is a Puppet snippet that uses Augeas to modify the stock Debian logrotate configuration file for Apache to include my custom log directories.

augeas { "apache2/logging/sites":
    lens    => "Logrotate.lns",
    incl    => "/etc/logrotate.d/apache2",
    changes => [
        "ins file after rule[file='/var/log/apache2/*.log']/file[last()]",
        "set rule[file='/var/log/apache2/*.log']/file[last()] '/var/lib/www/*/logs/*_log'",
    ],
    onlyif  => "match rule[file='/var/log/apache2/*.log']/file[.='/var/lib/www/*/logs/*_log'] size == 0",
    require => Noop["apache/installed"],
    before  => Noop["apache/configured"],
}