Modern gcc compiler on Travis CI

I recently needed to setup Travis CI for a little pet project I'm working on. However, my code requires C++17 (yeh, I'm nuts), and the compiler suite that comes with the various Travis images do not satisfy this. Long story short, there are ways around this, forcing the installation and activation of gcc8 on Xenial. Example:

dist: xenial
language: cpp
compiler: gcc

before_install:
  - sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
  - sudo apt-get update -qq
  - sudo apt-get install g++-8 libstdc++-8-dev
  - sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-8 90
  - sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 90

install: autoreconf -if

script: ./configure && make -j4 && make test

Hacking: 

Slow logins to Ubuntu 18.04 server

I recently setup a Ubuntu 18.04 server for CI and builds. Once setup, I had "ssh" sessions always taking 25s to complete, which seemed odd. Turns out, of course, this is a bloody timeout in dbus and systemd's interacting with such. Why, you may ask, would systemd be involved here? Well, it's because it's fucking stupid. that's why! The first indicator I had was, after tracing the ssh daemon, was this  gem in auth.log:

Mar 11 00:43:43 castafiore sshd[1519]: pam_systemd(sshd:session): Failed to create session: Connection timed out

pam_systemd eh? So, I edited the following files, removing the optional systemd lines:

/etc/pam.d/common-session
/etc/pam.d/runuser-l
/etc/pam.d/systemd-user

E.g. 

#session    optional    pam_systemd.so

Please systemd, when will you go back and just do the one thing you were good at, and supposed to do; replace init.d.

Disabling WiFi and Bluetooth on Raspberry Pi's

I have some Raspberry's that are on wired network, and obviously, WiFi is just unecessary. The best way to disable this that I've found is to add these two lines to e.g. /etc/modprobe.d/raspi-blacklist.conf:

blacklist brcmfmac
blacklist brcmutil

At this point, you probably want to turn off the Bluetooth services:

systemctl disable  bluetooth.service

Hacking: 

Turning off tmpfs for /tmp and swap with systemd

systemd, by arch nemesis, strikes again. Now it wants to own various mount points, of course. This include /tmp, which is not good on boxes with little memory, like a Raspberry Pi. At least not when doing something serious. To turn this off, run

$ systemctl mask tmp.mount
$ systemctl disable zram-swap.service

Hacking: 

Turning off spectre and meltdown protection in Linux

This is perhaps not the best thing to do always, particularly not in a desktop Linux system. But in my case, I have some machines that are inside a firewall, doing nothing but compiling software, and it generally doesn't run things that are unsafe or from the wild. Turning off these protections can give you significant performance improvements (well, returning to the old performance before Spectre). Here's what I did for my Fedora 29 boxes:

In /etc/default/grub, append:

GRUB_CMDLINE_LINUX="... quiet pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier"

Then, re-run the grub2 command, in my case, since I'm on EFI, it's

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

Alternatively, you would run

grub2-mkconfig -o /boot/grub2/grub.cfg

 

Caching yum repo data in Fedora

Since Comcast are nuts and meters my connection, and I do a lot of yum update and yum install on my day-to-day work, I decided to setup an HTTP cache. I decided against doing a mirror, because I don't need all of what Fedora provides, only a very small subset. Now, the modern Fedora DNF configurations uses metalink and HTTPS URLs, which are not (easily) cacheable. The first thing I ended up doing was to edit the yum.repos.d configuration files, e.g. fedora.repo, for example:

[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
baseurl=http://some_cache.ogre.com/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
enabled=1
...

In particular, notice that I removed (commented out) the metalink configuration. Alternatively, I'm fairly certain you can keep the baseurl pointing to the normal download.fedoraproject.org server, and instead add a proxy= configuration option to /etc/dnf/dnf.conf. However, since I had to edit the .repo files anwyays, I figured I might as well just do it all there.

Next, it's time to setup a caching proxy, in my case, the obvious choise is Apache Traffic Server. What gets a little tricky here is that the Fedora download servers sends a lot of redirects to the mirrors, which mostly defeats the purpose of caching. In my configuration (remap.config), I work around this by making sure ATS itself follows such redirects:

map http://some_cache.ogre.com http://download.fedoraproject.org \
    @plugin=conf_remap.so \
    @pparam=proxy.config.http.number_of_redirections=2 \
    @pparam=proxy.config.http.redirect_use_orig_cache_key=1

 

Update: I attached a Lua plugin script, that's a little more clever, and does more aggressive caching of the various RPM file extentions. This combines all the logic above, and this additional cache tweaking all into one nice script.

Fwiw, I tried  using https://download.fedoraproject.org, but that did not seem to work :-/. I did a few minor other tweaks in ATS itself, but primarily this is running a stock ATS configuration out of the box (change the ports definition though). One thing to bear in mind is that the content from Fedora (and its mirrors) do not include a Cache-Control or Expires header. So, I ended up changing the ATS configurations to allow heuristics based on Last-Modified:

CONFIG proxy.config.http.cache.required_headers INT 1
CONFIG proxy.config.http.cache.heuristic_min_lifetime INT 7200
CONFIG proxy.config.http.cache.heuristic_max_lifetime INT 172800

Obviously set this min/max to some numbers that are reasonable for your environment and needs. Enjoy!

Running HomeBrew gdb on macOS

So, if you try to run gdb from e.g. HomeBrew on macOS, you get an error like this:

Starting program: /Users/leif/apache/trafficserver/iocore/net/.libs/test_UDPNet
Unable to find Mach task port for process-id 42037: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

 

I found this article / HowTo for doing a code signing certificate for the gdb binary, and sign it: https://sourceware.org/gdb/wiki/PermissionsDarwin

Hacking: 

Drupal 8 upgrades

I did the latest security updates for Drupal 8 on this system, and ended up having new problems that I've not seen before. This showed up in my logs:

[Thu Jan 17 13:40:42.339572 2019] [:error] [pid 12676] [client 127.0.0.1:37080] PHP Fatal error:  Class 'TYPO3\\PharStreamWrapper\\Behavior' not found in drupal8/core/lib/Drupal/Core/DrupalKernel.php on line 484

The solution, of course, is to update the dependency modules, using

$ composer install --no-dev

 

Hacking: 

RPi Picade and turning off the display

Since Peter has the fancy Picade in his bedroom, I wanted to turn off the display completely at night. Even with the screen saver, it has a bit of a glow to it. So, I found a few commands that I added to my crontab:

0 20 * * * /usr/bin/vcgencmd display_power 0 > /dev/null
0 8 * * *  /usr/bin/vcgencmd display_power 1 > /dev/null

Hacking: 

Pages

Subscribe to Ogre.com RSS