The main advantage of either of these methods is security: both have easy transport security (SSH by default, Apache if you set it to server over SSL) and are easy to setup authentication for (SSH authenticate against the system’s accounts using PAM and Apache authenticate against basically anything with a simple setup).

The main disadvantage of these methods are that they are slow (SSH is apparently somewhat faster then HTTP) and when supporting multiple large projects of many developers I started running into all kinds of weird connection errors when you try to manipulate many files on many projects at the same time.

Subversion itself offers another alternative using their own network service called svnserve – this is a standard unix daemon that listens on a specific port and uses a native protocol to communicate with Subversion clients (using the svn:// schema in Subversion URLs). It offers very good performance, but no transport security (encryption) by default. Another major problem with using svnserve as a network service is that while CentOS ships the binary itself (it is required as part of the way that the svn+ssh:// protocol is implemented) it doesn’t ship any support files to run it as a standalone service nor to help with its configuration. Also by default svnserve can only authenticate users using its own Apache-style password database file – which makes it unsuitable to integrate in large organizations.

In this article I’ll document how I setup snvserve as a network service to support a large development environment. The requirements do not include transport security because the server is on a private network and can only be accessed by trusted computers (either local or through a VPN), but we do need to have Subversion users authenticate against a central authentication server that is used by all local services. In my setup the authentication services is Mirosoft ActiveDirectory, but the local server is setup to authenticate to the ActiveDirectory using PAM, so we will setup svnserve to use PAM and gloss over the ActiveDirectory specifics.

The process is as follows:

1. Set up your server: Install CentOS 6 and configure PAM to authenticate to your central authentication. Verify that users can SSH into the server using their login credentials.
2. Set up your Subversion repository: Install subversion and use svnadmin to create your repository. In the below examples I’ve created the repository under /var/svn
3. Set up svnserve to require authentication and do the authentication using the Cyrus SASL libraries: copy the file svnserve.conf from your repository’s configuration directory (for example /var/svn/svnserve.conf) to /etc/svnserve.conf. Edit it and add in the [general] section the following lines:
anon-access = none
auth-access = write
realm = The Name of Your Repository
make sure that all other settings in that section are commented out. Now add, at the bottom of the file, a new section like this:
[sasl]
use-sasl = true

4. Setup the Cyrus SASL library to work with the saslauthd authentication service: create the file /etc/sasl2/svn.conf with the following content:
pwcheck_method: saslauthd
mech_list: plain login

5. Start the saslauthd service and make sure it always run when the system start, by executing the following commands:
# service saslauthd start
# chkconfig saslauthd on

6. Set up saslauthd to allow svnserve to authenticate using the main system’s PAM configuration, by executing the following command:
# cd /etc/pam.d
# ln -s system-auth svn

7. Create the SysV initialization script for svnserve – this will allow you to start and stop svnserve using the service command and have it run when the system start. This is the major part that I expected CentOS to ship but is missing. Creating a good SysV script is not trivial – you can do it yourself but I suggest using the script presented here. I’ve used the script from this blog post which is not bad but its implementation of status didn’t report the status of a dead process, so I modified it and you can download my modified version here. The file is compressed because of WordPress, just download it, run it through gunzip and copy the resulting file to /etc/init.d/svnserve and then give it “execute permissions” using:
# chmod 755 /etc/init.d/svnserve

8. Create a configuration file for the service by creating and editing the file /etc/sysconfig/subversion.conf with this content:
OPTIONS="--config-file=/etc/svnserve.conf -r /var/svn"

   We use the -r option to limit svnserve access to only our repository, so have the value there point to your actual repository if its not /var/svn
9. Set up svnserve to run when the system start, and then start the service itself:
# chkconfig svnserve on
# service svnserve start


And that’s it – you should have svnserve listening on port 3690 and ready to serve clients. The URL you use to access the repository should include only the server name as svnserve access is already rooted to only your repository by the configuration file. So for example if my server is called svn then the URL will be svn://svn.

This setup will still allow you to access the repository using the svn+ssh:// protocol as you would under a normal setup. It can be a bit confusing as access over SSH uses different paths then over the Subversion svnserve network service, because you have to use the full path to the repository on the local file system in the svn+ssh:// URL. To circumvent this, its possible to get the SSH access to also be rooted to your repository’s path and thus be symmetric with the above setup. To do this, create a new file at /usr/local/bin/svnserve and put the following code in it:
#!/bin/bash
exec /usr/bin/svnserve "$@" -r /var/svn

Give the file “execute permissions” by running
# chmod 755 /usr/local/bin/svnserve
, so it can be executed by the Subversion client instead of the system’s svnserve binary. Now both native Subversion and SSH access use basically the same URL, except for the schema part.

Related articles

• CentOS – Subversion Configuration (waterbiscuit.wordpress.com)
• Passwords and svn (stackoverflow.com)
• Importing a subversion repository (stackoverflow.com)
• Subversion – Merging Repositories (stackoverflow.com)

The problem is that the “old archive storage” also has limited disk space and I got fed up managing the archive by hand. The solution I came up is to scan the hierarchy of  log files in the storage (logs are stored hierarchically according to origin and type) and delete old files until I have enough room to move some newer files in. That way the “old archive storage” is always kept full and keeps as much back-log as possible and does this automatically.

The piece of code that determines which files we want to delete works like this:

1. Use find to list all the files in the directory structure
2. Pipe it to perl and collect all the file names in a list
3. Use perl’s sort operator to compare the modification times of each file in the list and show them in the order (i.e. oldest first)
4. Use head to get just the first file

So it looks like this:

find /mnt/httpd_back/ -type f | perl -nle 'next unless -f; push @files, $_; END { foreach $file (sort { @a=stat($a); @b=stat($b); $a[9] <=> $b[9] } @files) { print $file; }}' | head -n1


Note: normally we use head to get some initial output and terminate the process early before it does more costly work – when head has enough data it terminates the pipe sending SIGPIPE to the upstream process and that usually terminates the process that generates the data. In this case – and in all other cases involving sort – the upstream process buffers all the data in its own memory before outputting anything, so it can sort everything, and using head here is just a filter to get what I want and does not actually save me from doing all the work. I could have easily done the same thing inside the perl script itself by replacing the block of  print $file; with print $file; last; – this has the same effect as using head, because head will send SIGPIPE to perl after getting the first print and will terminate it. Deciding which way you want to go is probably more about readability of the code and I prefer my original version because its easier to read to non-perl specialists.

I can then just remove that file, see if I have enough room to move in the newer log file and if no – repeat the process.

This would work well, I believe, but it may be inefficient if I find a bunch of small files and I want to copy in a large file. So what I did next is to take advantage of the fact that all the log files I have are named using the following simple format:

<service>-<type>_log-<year><month><day>.gz

and that allows me to easily find all the log files that record the same day and eliminate them at the same time. Subsequent moving of additional files will likely succeed because I cleared out all the log files of an entire day. If not, I can always go and clear up another day’s worth of logs.

Lately I’ve been having problems updating software on my Motorola Milestone (1, as in A853) running CyanogenMod 7.1 (thanks to Nadalbak who maintains an unofficial and unsupported port of CyanogenMod for this old device). When I start the Android Market and do an update of an existing application, I get the error “Package file is invalid” for any application. Sometimes removing an application and reinstalling it will work, but often not.

There could be several problems that cause this, apparently a problem with the file permissions on the file systems is common, and if this is your problem then it can be fixed by opening the terminal emulator, executing “su” to gain super-user permissions and then running “fix_permissions” (it will take a while to complete).

If this doesn’t solve the problem for you, then likely the problem is that you ran out of space on your “data” partition or “cache” partition. This is very common if you have a large “apps partition” on your SD card and you are in the habit of installing tons of applications – I know I am .

The problem is the “Dalvik cache” that gets full and apparently the operating system doesn’t clear old files from it so it will eventually run out of space.

I’ve tried cleaning the Dalvik cache, using Titanium backup and the OpenRecovery menu – but that doesn’t clean the cache properly for some reason, likely because it expects the cache to be on the “data” partition but in CyanogenMod 7 for Milestone the Dalvik cache is on the “cache” partition.

To solve the problem, boot into OpenRecovery then select “Wipe cache” from the main menu. Please note that you must wipe the entire cache partition and not just the Dalvik cache. Also make sure not to choose the similar option to wipe the data partition as that will remove all your personal data from the phone…

Good luck.

Update:

If your /cache partition is constantly overloaded in your Mileston A853 running CyanogenMode 7.1, you can disable the hosting of the apps dalvik cache under /cache by editing the system’s build.prop file. To do it follow these instructions.

1. Start a terminal in your phone using the terminal emulator app (or an alternative – I use ConnectBot).
2. Execute su and approve the super user mode.
3. Execute mount /system -o remount,rw to allow editing the build.prop file.
4. Execute vi /system/build.prop to edit the file.
5. Find the instruction dalvik.vm.dexopt-cache-only – you can type /dalvik<ENTER> to find it. Move the cursor to the end of the line and press on “A” to start editing. Delete the “1″ at the end of the that line and write “0″ instead.
6. Issue an “ESC” button (in ConnectBot you can do it by pressing the camera shutter button) and then type “:x” to save the changes and leave the editor.
7. Execute mount /system -o remount,ro to return the system files to read only mode.
8. Reboot to OpenRecovery and use it to clear the dalvik cache and the cache partition, and then reboot the phone.

Your device should now have enough space in the /cache partition.

Related articles

• CyanogenMod 7.1 Released (beast4romtheeast.wordpress.com)
• Netflix for Android Officially Recognizes CyanogenMod ROMs (pocketnow.com)

If you ever had to work with MS-Windows file server, you should know that you can also access SMB file shares using URLs – with the schema “smb”, like this: smb://file-server/share-name.

Using a URL like that will ask the file browser to open an SMB connection to the file server and try to list the content of the share. If your file server is not of the kind that likes anonymous users, a password dialog would come up where you have to enter a user name and a password, and a domain name. Nautilus will show an authentication dialog with a “domain” field pre-filled with the domain name “WORKGROUP” (which is unlikly to be what you want), while in KDE there is no distinct field for the domain as it expects MS-Windows like “DOMAIN\user” format, which users are likely not accustomed to. If you now type in your password and ask it to be saved, at best the file browser will open the share but not save the password and you will have to type it again the next time, while at worst – the browser will not be able to list the share and prompt you for the password again and again.

A useful way to workaround the issue is to have the “domain” part already in the “smb://” URL – that way the authentication process and the password keyring manager already knows the correct MS-Windows domain name to log in with and will either pre-fill it in the correct field.

GNOME and Nautilus

In GNOME (and using the GVFS command line tools – more about it later), the format of the URL is smb://domain;user@server/share, so for example if your domain name is “OFFICE” and your user is “oded”, and you want to access the share “Documents” on the server “files”, then the URL will be smb://OFFICE;oded@files/Documents:

The password saving feature will now work fine and you can even bookmark the location and if you save the password, then next time you can just click the bookmark to automatically connect to the share.

KDE and Dolphin

In KDE the format of the URL is smb://domain\user@server/share (similar to the user specification in MS-Windows), so using the same example above the URL will be smb://OFFICE\oded@files/Documents:

As you can see, the user name field is pre-filled with the MS-Windows user specification and you are left with only putting in the password. You can also note that Dolphin has “URL encoded” the back-slash character – don’t worry about it, it will work just fine and you can also bookmark this location and the “Remember password” will faithfully keep your password regardless if the URL is “URL encoded” or not.

The main problem with using Consolas on your Linux workstation, is that this font is provided by Microsoft, and while if you are running MS-Windows (or even Mac OS-X) it may already be installed – as it is bundled with many Microsoft products, us in the Linux world have no easy (and legal) way to get to use Consolas in our code editing. Unlike Microsoft Core Fonts for the Web Consolas is not available for download – probably for the same reason the core fonts packages were pulled. But as Consolas is bundled with many Microsoft products, some are available for free download for anyone, we can use that to get us some nifty Consolas prettiness in our day to day Linux computing.

The following steps will allow you to get Consolas on your system rather easily (assuming you don’t flinch at using a terminal) and without installing any Microsoft products. I’m pretty sure its also legal to do so, even when taking into account Microsoft’s EULA, and a discussion of this is at the end if you are interested. Well, into the fray!

Requirements

you need to have the following software packages installed. If you don’t already have them installed, they are available for all Linux operating system, probably using your built-in software management UI, such as Ubuntu’s Software Center or Fedora’s Software Management.

• Wine – the Microsoft Windows compatibility layer for Linux
• cabextract – a Microsoft cabinet file format extractor

Procedure

After you have these installed, lets start going to the Microsoft download center and downloading the latest edition of the freePowerPoint Viewer. In the page linked, click on “Download” and download the resulting file to somewhere on your computer. The default download location for Fedora is the “Downloads” directory and for Ubuntu it is the “Desktop” directory.

Next, let’s open a terminal window (“gnome-terminal” if you are running a GNOME desktop, or “konsole” if you are running a KDE desktop), and follow these steps:

• mkdir tmp – Create a temporary directory. The process involves creating a “wine prefix” and unpacking some files into it, and I wouldn’t want to mess up an existing wine setup if you have one.
• cd tmp – move to the new temporary directory.
• WINEPREFIX=$(pwd) wine ~/Downloads/PowerPointViewer.exe /extract:c:\\ – ask the PowerPoint Viewer, nicely, to extract its content to what Windows call “C:\” instead of installing it. Wine will setup a simulated “C: drive” inside your temporary directory and will then run the installer – you will have to read and agree to the PowerPoint Viewer EULA, but I don’t think you have anything to worry about (see the discussion below). For this command I’m assuming you’ve downloaded the PowerPoint Viewer executable to the “Downloads” directory. If this is not the case, you may change the command appropriately.
• cabextract drive_c/ppviewer.cab -F 'CONSOLA*' – The installer has put a “Microsoft Cabinet file” into the simulated “C: drive”, that contains the files we need, so here we extract the Consolas TTF files from the cabinet.
• rename 'y/A-Z/a-z/;s/consola/Consolas /;s/b/Bold/;s/i/Italic/;s/z/Bold Italic/;s/ \./ Regular./' *.TTF – Optional step – rename the extract files to something that a looks humanly readable. Unless you want to keep the TTF files for future use, you can skip this step.

Now you can install the new fonts – open a file browser and go to your temporary directory. Under GNOME you can install the fonts by opening the font file and the font viewer window should have an “Install Font” button at the bottom right corner. Under KDE, right click the font files and select Actions->Install… and in the dialog that opens select “Personal” to install the font only for you or “System” to install the font to all the users (this will require a system administrator password). After you complete this step for all the TTF files that were created, you can copy the files elsewhere if you want to save them as backup for when you want to reinstall your computer. Finally it is recommended to remove the temporary directory and all its content – you have no further need for this.

Legal Issues

I am not a lawyer and the following is not actually a legal argument, but lets try to look at the above procedure through the Microsoft EULA that you have to agree to in order to get the files:

It is my belief that this procedure is perfectly reasonable for personal use on any device you use – paragraph 1.a of the EULA says “You may install and use any number of copies of the software on your devices.” The rest of the paragraph immediately goes and limits the use of the software but I do no believe that its possible for a license to limit the type of use you do with a software you legally obtained (as long as that use itself is not infringing on the copyright on the software). Its like buying a car and have the manufacturer say that this car may not be used to drive on dirt roads – the manufacturer may refuse to service the car after you drive on dirt roads, but he cannot sue your for violating the “terms of use”.

Please note that after extracting the TTF files, you may not distribute the files, i.e. copy them to other people – this is strictly prohibited both under copyright law and under paragraph 1.b of the EULA, because it will not be “complete and unmodified” copies of the PowerPoint Viewer. You may, though, distribute copies of the original PowerPoint Viewer download to friends along with these instructions .

Regarding the legality of extracting files from the installer, the Microsoft EULA has this to say: “You may not work around any technical limitations in the software” – but we didn’t work around any technical limitations: the Microsoft software itself extracted the files for our use, so there is no technical limitation prevent us from copying files off the installer.

The PowerPoint cabinet also contains all the other fonts of the Microsoft ClearType font collection, of which only Calibri would be of any interest to users, the rest aren’t that interesting but then again – I hate serifs (interestingly all of the ClearType font collection fonts start with “C”).

Related articles

• Manage & Compare Fonts Easily With Font Manager [Linux] (makeuseof.com)
• Free TTF font site (xpjimt.wordpress.com)
• Get The New ICS Font Roboto On Your Android Device Right Now (androidpolice.com)

Locating the correct position in the binary log from which the server can carry on is difficult but can be made easier by the mysqlbinlog utility that can scan the binary log files and show you which position is valid using the --start-position to try random positions in the binary log file and see which position will let you read from the file.

Still, testing each and every possible byte position by hand is very time consuming, not to say very boring. The following small script will allocate the next readable position in the binary log, given a beginning position (that you can see in the MySQL slave status IO position).

start=1008443439
end=$(($start+20000))
binlog=mysql-bin.021468
for; do
  if mysqlbinlog -vv $binlog --start-position=$pos \
        --stop-position=$end > /dev/null 2>&1; then
    echo $pos
    break
  fi
done

[All numbers are made up, obviously - substitute your own]

This will echo the first position in the specified MySQL binary log, from which the log can be read correctly (assuming the corruption is smaller then 20K). You then can restart the slave after the corrupted part by issuing these commands to MySQL:

STOP SLAVE;
CHANGE MASTER TO MASTER_HOST='my-master', MASTER_USER='this-slave',
MASTER_PASSWORD='my-password', MASTER_LOG_FILE='mysql-bin.021468',
MASTER_LOG_POS=1008444916;
STOP SLAVE;

[Where 1008444916 is the position the script reported]

Important note: This is only relevant when it’s affordable to lose few transactions (you should pay attention to the distance between the last position of the IO thread and the position that this script find as usable). If you fear that there may be important data in the missing transactions – don’t use this method and do rebuild your database.

Related articles

• MySQL Replication Setup (sqldbpool.com)
• How To Set Up SSH Encrypted MySQL Replication (kozar.wordpress.com)
• R1Soft Discusses CDP Backup Software for MySQL Databases at 2011 MySQL Conference and Expo (prweb.com)
• Five Things You Need to Know About MySQL (pcworld.com)

Lets forget, for the sake of the discussion, the technical attacks as these are relatively easy to handle and Linux operating systems are already pretty well protected against such. The main vector of attack for malware these days is Social Engineering anyway – this is how Mac OS-X users get attacked by malware: you browse a web site, and an image that looks like a a blinking dialog box notifies you that your computer has been infected by a virus and prompts you to download this “fix”.

Most of us, technically inclined users, sneer at this type of “threat”, but most people aren’t technically inclined and there are enough people out there that will be fooled by this practice time and time again. Click the image and a binary gets downloaded to your computer and if it is in the correct format it will get executed.

This is where the Linux side of business starts (and where the “Mandatory Access Control” part of the title comes to play) – a binary that you just downloaded and executed cannot just go and do anything. Most Linux operating systems these days (at least the more popular ones) employ some sort of “Mandatory Access Control” – be it SELinux or AppArmor – which means that unless you specifically say, ahead of time, that some program can do something – then it can’t. This applies to all access including access to user files.

The thing is – Linux users are already well protected against the user of “downloading an executable file” and running it: You have to download the file and save it somewhere that you can find, then double click it. At which point a dialog box pops up and tells you that you can’t execute files with out the “execute bit”, so you have to open the file properties, go to permissions, figure out what the “execute bit” is and set it, click OK and try to run the file again. That is on Ubuntu – other OSs have even a worse user experience. So you see – no worries there: if a user is gullible enough to download just any file of the internet and try to run it – there’s no way they’re going to be able to do it.

So what’s the problem?

The problem is that if you can target Mac users and get them to download a Mac specific binary file (vs. a Windows specific executable for Windows users), then you can easily target specific (and popular) Linux distributions by getting their users binary files formatted with the appropriate software installation package format (“.deb” for Ubuntu, Debian and related OSs and “.rpm” for Fedora, SuSE and related OSs). All these operating systems, when you start downloading a file with the appropriate format, helpfully pop up a dialog that allows you to easily type in your password and install the “helpful software” right into your operating system!

Unlike getting a user to just execute a program, which will run with the user’s access level and at worst will trash the user’s files, this procedure lets loose an unverified piece of software into your operating system with full administration privileges. With that kind of access, such software can easily install its own “Mandatory Access Policy” that lets itself do whatever it wants.

And how does your operating system protect you from this vector? Very little if at all. At least in Ubuntu you get the very detailed “dpkg UI” dialog which presents a lot of information on the software you are going to install before you click OK – which may also expose you to additional social engineering. Fedora on the other hand does very little except show you the file name and allow you to click OK.

At no point there are warning to help the user decide what is the right thing to do – not that I expect this will do any good: uneducated users are very prone to just click “OK” to any dialog box that pops up without ever reading what it says, let alone considering it.

The Android styled “Mandatory Access Control” that has programs request specific permissions and the user is presented with this list for approval is not any better – for most users this is just another dialog that they don’t have to read if they just want to click OK.

What can be done about it?

Very little I’m afraid. Linux users are currently around 1~2% of total internet traffic and as long as it stays this low it unlikely malware authors will invest the extra effort to target us. But if we want to get more market share – and that means getting more uninformed people to use Linux based operating systems, then this will change.

I think its unhelpful to think that we can educate people to the point that these type of social engineering attacks will fail. If we really want to tackle the problem we have to be pro-active about defense, and as they say – “the best defense is a good offense”

What I propose should be done is that whenever a user tries to install a software using the “single click install” procedure, the confirmation dialog will be much more verbose and ask the user, not for their password, but to fill a simple multiple selection quiz: choose one of the provided reasons you want to install this software (or click “other” and type your own) and a couple of other questions like you get when you try to subscribe to a website – “where did you hear about it” and such. Not something truly drastic, just enough to get the user to think a bit more about what they are about to do.

After completing the dialog, the system will file all this information, along with the URL from which the software was downloaded, to a central repository on the internet (without any personally identifying information of course, not even the IP address) and interested individuals can look at these reports and vote if the software is valid or malware. Whenever an operating system is trying to install a specific piece of software from the internet, it can first look up the target in this database and if the consensus on the internet is that this is malware, then the operating system can refuse to install – very similar to how the website verification process that Internet Explorer and Mozilla Firefox use.

Advanced users can be spared this process (if they want to) as command line installations will not trigger this behavior and if you are really inclined there would be a checkbox in some system settings dialog that says something like “stop harassing me when I install software off the internet”.

So this is my proposal. What do you think?

A lot of system administrators have been waiting for this (me included) so I thought I’d give a heads up

And the answer? Well – it depends Specifically here I’m going to tackle the issue of desktop installs (i.e. the workstation for a single user), and specifically for Fedora – though it shouldn’t be much different for other operating systems in the same class – such as Ubuntu or SuSE.

The issue is basically only interesting if you want to put all the user’s files (i.e. the /home directory) in a different partition from the root file system, otherwise the question is moot – just lump everything into the root partition and be done with it.

It is highly recommended to have a separate home partition for user files as that makes upgrading to a new version of the operating system, recovery in case of a major system failure, or even jumping to a new Linux based operating system – so much easier.

It is so recommended that at least Fedora and SuSE create /home partitions in their default setup.

So the question that arises – how much room to leave to the operating system, as everything else goes into the user’s home partition.

My rule of thumb in the last few years, and its mostly still correct, is 16GB.

There’s really not much point putting in more then that, as even if you install tons of software, including huge things such as Open/Libre Office, the operating system and applications rarely take more then 10GB. Add a few things such as a small database for your pet project and some cache, and there’s really no need for more then 16GB (which is also a nice round number).

All this until you want to do a live operating system upgrade (preupgrade in Fedora-speak or dist-upgrade for you Ununtu/Debian users). When you want to do a full upgrade to the latest release of your operating system, while still running, your computer has to download and store all the software that has been updated in the new release – which is basically all of it – and this takes a lot of room. What prompted this post is that I wanted to do a live upgrade from Fedora 14 to Fedora 15 and needed 8.8GB of room on my root partition.

So – if you have upgrades in mind, don’t skimp on GBs for your root – any new harddrive packs at least 500GB, so make sure to reserve around 30 for your operating system. While it would most likely go to waste most of the time, when upgrade time comes – your life will be so much easier.

Even the next version of Ubuntu – 11.04 Natty Narwhal – doesn’t seem to deliver MySQL 5.5, so upgrading is not really an option as of yet. There is a bug report to deliver MySQL 5.5 for Natty, which is even marked as “in progress” but there’s no guarantee that it will happen.

So how to go about (ab)using the latest software from Oracle? One way is to build it yourself on your server, or convert the Oracle provided RPM packages using the alien tool – but its not really Ubuntu native and a mess (in both cases). Here is another approach:

We can instead install native Ubuntu packages for MySQL 5.5, based on the work in progress for the Ubuntu bug listed above, by using the source packages from Clint Byrum’s PPA and building them locally on your Ubuntu 10.10 server.

It looks that this build nicely, passes all the tests and installs cleanly on an Ubuntu 10.10 server without any hassles, so here is a simple walk through:

1. Setup the PPA repository: go over to Clint Byrum’s PPA (by clicking on this link) and click on “Technical details about this PPA”. In the select box, choose “Lucid” – because the PPA no longer has Maverick packages, but the Lucid ones should work as well. Now in the box below that copy just the “deb-src” line and add it to the end of the /etc/apt/sources.list file on your Ubuntu 10.10 server. Don’t get the first “deb” line because that will add the binary repository and this can mess up your system when you do an upgrade later.
2. Get the source package: create a new directory somewhere where you want to build the package and open a terminal and change to it, then run from the command line the command apt-get update and then apt-get source mysql-5.5.
3. Install dependencies: in the sources that were downloaded into the directory you created in the above step, you’d find a directory called mysql-5.5-some-version, change into it and run dpkg-buildpackage. The command will run and then stop after complaining about missing dependencies. copy the names of all the dependencies (without the version information) and type apt-get install followed by the names of all the missing packages. Complete the installation and configuration of all the required packages.
4. Build the new Ubuntu package: run dpkg-buildpackage again and watch it complete the build and tests. The build is pretty quick – I was very impressed, but the tests take forever and a half – be patient and equip yourself with a hot beverage and something to pass the time. Finally it will report that the new deb packages have been successfully built.
5. Install the new software: go up one directory to the directory where you downloaded the source and install any package you need using the command dpkg -i followed by the file names of each deb package you require. When installing the mysql-server-core package you should get a configuration screen to set up the root password for the server, so don’t forget to set it to something that is useful.
6. Last minute configuration: the mysql-5.5 packages built are designed for Natty (Ubuntu 11.04) and therefor have some Natty specific features. In order to get the MySQL server to start, we need to edit the file /etc/init/mysql and in the pre-start section comment out the apparmor line – this will not work in Ubuntu 10.10 and will cause the server to fail to load.
7. Start the server: at this point we have only to start the server by issuing the “upstart” command start mysql.

Related articles

• What happened to MySQL? (coder2developer.wordpress.com)
• Getting started with MySQL on Ubuntu (curiousx.wordpress.com)
• Oracle Releases MySQL 5.5 (developers.slashdot.org)