openssl with version information under sles11sp1

If you getting errors like this one

$ /path/to/program
/usr/lib/libcrypto.so.0.9.8: no version information available

you need a libcrypto.so and a libssl.so with version information.

Here are some information about the problem.

openssl has evolved to a very important library in Linux distribution. A
lot of cryptographic applications link to it including system libraries
like pam modules and apache modules. Now it becomes more and more
difficult to get all the binaries and libraries to link to the same
version of openssl. This leads to situations where an application uses
some libraries where on links to openssl 0.9.7 and another one to
version 0.9.8. Since the symbols of the libraries are not yet versioned
this leads to severe segfaults.

Install source package from the repository

$ zypper in -t srcpackages openssl

Create patches
/usr/src/packages/SOURCES/openssl-version-patch.patch

diff -Naur openssl-0.9.8h/Configure openssl-0.9.8h-new/Configure
--- openssl-0.9.8h/Configure	2008-05-02 01:11:30.000000000 +0200
+++ openssl-0.9.8h-new/Configure	2011-02-22 15:30:05.000000000 +0100
@@ -1327,6 +1327,8 @@
 	$shlib_minor=$2;
 	}

+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
+
 open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n";
diff -Naur openssl-0.9.8h/engines/openssl.ld openssl-0.9.8h-new/engines/openssl.ld
--- openssl-0.9.8h/engines/openssl.ld	1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/engines/openssl.ld	2011-02-22 15:31:41.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+    global:
+       *;
+};
diff -Naur openssl-0.9.8h/Makefile openssl-0.9.8h-new/Makefile
--- openssl-0.9.8h/Makefile	2008-05-28 10:48:27.000000000 +0200
+++ openssl-0.9.8h-new/Makefile	2011-02-22 15:30:59.000000000 +0100
@@ -140,9 +140,9 @@
 LIBS=   libcrypto.a libssl.a
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
+SHARED_LIBS=$(SHARED_FIPS) $(SHARED_CRYPTO) $(SHARED_SSL)
+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+SHARED_LDFLAGS=-m64 -Wl,--version-script=openssl.ld

 GENERAL=        Makefile
 BASENAME=       openssl
diff -Naur openssl-0.9.8h/openssl.ld openssl-0.9.8h-new/openssl.ld
--- openssl-0.9.8h/openssl.ld	1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8h-new/openssl.ld	2011-02-22 15:31:48.000000000 +0100
@@ -0,0 +1,4 @@
+OPENSSL_0.9.8 {
+    global:
+       *;
+};

/usr/src/packages/SPECS/openssl.spec.patch

--- openssl.spec	2011-02-22 17:00:26.000000000 +0100
+++ openssl-new.spec	2011-02-22 16:59:58.000000000 +0100
@@ -32,7 +32,7 @@
 %endif
 #
 Version:        0.9.8h
-Release:        30.30.1
+Release:        30.30.1.custom
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@@ -67,6 +67,7 @@
 Patch26:        bug608666.patch
 Patch27:        CVE-2010-3864.patch
 Patch28:        CVE-2010-4180.patch
+Patch29:	openssl-version-patch.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@@ -222,6 +223,7 @@
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
+%patch29 -p1
 cp -p %{S:10} .
 # lib64 installation fixes
 for i in Makefile.org engines/Makefile; do
@@ -433,6 +435,8 @@
 %{_bindir}/%{name}

 %changelog
+* Tue Feb 22 2011 rmichel@devnu11.net
+- added for rsa usage the version information.
 * Tue Dec  7 2010 gjhe@novell.com
 - fix bug [bnc#657663]
   CVE-2010-4180

Patch the spec file

$ cd /usr/src/packages/SPEC/
$ patch -i openssl.spec.patch
patching file openssl.spec

Build the new rpm packages

$ rpmbuild -bb /usr/src/packages/SPECS/openssl.spec

Migrating Ubuntu to Linux Mint 10

Here are some random notes for the migration from ubuntu to linux mint 10 (julia) !

/etc/apt/sources.list

deb http://packages.linuxmint.com/ julia main upstream import
deb http://archive.ubuntu.com/ubuntu/ maverick main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ maverick-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ maverick-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu/ maverick partner
deb http://packages.medibuntu.org/ maverick free non-free

#deb http://archive.getdeb.net/ubuntu maverick-getdeb apps
#deb http://archive.getdeb.net/ubuntu maverick-getdeb games

/etc/apt/preferences

Package: *
Pin: release o=linuxmint
Pin-Priority: 700

Package: *
Pin: origin packages.linuxmint.com
Pin-Priority: 700

Package: *
Pin: release o=Ubuntu
Pin-Priority: 500

adding gpg keys

$ gpg --keyserver hkp://keyserver.ubuntu.com --recv 3EE67F3D0FF405B2 && gpg --export --armor 3EE67F3D0FF405B2 | sudo apt-key add -
$ gpg --keyserver hkp://keyserver.ubuntu.com --recv 2EBC26B60C5A2783 && gpg --export --armor 2EBC26B60C5A2783 | sudo apt-key add -

AWS EC2 & S3 free usage

AWS Free Usage Tier (Per Month):

  • 750 hours of Amazon EC2 Linux Micro Instance usage (613 MB of memory and 32-bit and 64-bit platform support) – enough hours to run continuously each month*
  • 750 hours of an Elastic Load Balancer plus 15 GB data processing*
  • 10 GB of Amazon Elastic Block Storage, plus 1 million I/Os, 1 GB of snapshot storage, 10,000 snapshot Get Requests and 1,000 snapshot Put Requests*
  • 5 GB of Amazon S3 storage, 20,000 Get Requests, and 2,000 Put Requests*
  • 30 GB per of internet data transfer (15 GB of data transfer “in” and 15 GB of data transfer “out” across all services except Amazon CloudFront)*
  • 25 Amazon SimpleDB Machine Hours and 1 GB of Storage**
  • 100,000 Requests of Amazon Simple Queue Service**
  • 100,000 Requests, 100,000 HTTP notifications and 1,000 email notifications for Amazon Simple Notification Service**

Source: AWS (as of 2010-11-17)

Thats perfect for my new project 🙂 muhaaaa

jstat – jvm memory stats

/usr/java/jdk1.5.0_22/bin/jstat -gcutil 18703 1s 10

gcutil = Summary of Garbage Collection Statistics (mandatory)
18703 = process id (mandatory)
1s = refresh interval (optional)
10 = counter (optional)

$ /usr/java/jdk1.5.0_22/bin/jstat -gcutil 25532 1s 10
  S0     S1     E      O      P     YGC     YGCT    FGC    FGCT     GCT   
  0.00   0.00  71.36  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00  72.22  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00  78.39  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00  88.32  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00  93.77  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00  97.66  35.59  72.25     39    6.195     1    0.440    6.635
  0.00   0.00   1.90  36.45  72.25     40    6.357     1    0.440    6.797
  0.00   0.00   6.94  36.45  72.25     40    6.357     1    0.440    6.797
  0.00   0.00   9.40  36.45  72.25     40    6.357     1    0.440    6.797
  0.00   0.00   9.57  36.45  72.25     40    6.357     1    0.440    6.797

event during the 6th and the 7th sample
collection took 0.162s (6.357s-6.195s)
increasing utilization (0.86%) of old space

IPv6 Adressen

Bahn-Streiks sind was tolles…da schafft man was 🙂

Aufbau einer IPv6 Adresse

128 Bit insgesamt. Die ersten 64-Bit sind für das Subnetz-Präfix reserviert, gefolgt von den letzten 64-Bit für den Host.

nnnn:nnnn:nnnn:nnnn:hhhh:hhhh:hhhh:hhhh

Jeder Block ist 16-Bit lang. Nullen am Anfang eines Blockes können gekürzt werden z.B.

2001:db8:0900:085a:0000:0000:0000:0002

würde also

2001:db8:900:85a::2

ergeben. Zusammen hängende Blöcke von Nullen können einmal ersatzlos gestrichen werden und müssen durch einen :: signalisiert werden. Andere Null-Blocks können als 0 geschrieben werden.

Beispiel:

2001:db8:0000:085a:0001:0000:0000:0002 => 2001:db8:0:085a:1::2

IPv6 Adressen werden in HEX geschrieben! Die o.g. Adresse würde im Dualsystem so aussehen

00100000 00000001:00001101 10111000:00001001 00000000::000000000 00000010

Arten von Adressen (unvollständig)

Die default-Route wird idR an 2000::/3 gerichtet. Das ist der globale Unicast und wird im Internet geroutet (RFC4291).

0:0:0:0:0:0:0:0 = ::/128 entspricht 0.0.0.0 unter IPv4.

0:0:0:0:0:0:0:1 = ::1/128 entspricht 127.0.0.1 also localhost unter IPv4.

FF00::/8 sind Multicast Adressen – siehe Multicast @ IANA.