My thoughts on Slackware, life and everything

Day: May 20, 2015

Running Slackware 14.1 in an OpenVZ VPS

Last year I rented a OpenVZ based Virtual Private Server (VPS) for a discount price. I needed a new host to experiment with. My other Internet machine, the taper server (a QEMU virtual machine donated to me by a Slackware fan) is not meant for tinkering. It is running the Slackware Documentation Project, and I like to keep that online 24/7.

OpenVZ is a container-based virtualization service for Linux which has widespread use among hosting providers, because it is easy to setup and manage. I did not have prior experience with it, but the pricetag was compelling and I thought, I would find a way to install Slackware on it eventually.

OpenVZ works with an OS “template” which is basically a tarball of a directory tree that holds a complete working OS installation. When renting such a VPS, the usual default choices for your OpenVZ template are Ubuntu, CentOS or Debian. There is a repository of community-supplied templates, but the most recent Slackware template is a very bare-bones Slackware 13.37. So I settled for CentOS 6 in order to see how an OpenVZ based VPS was different from a fully virtualized solution like a QEMU VM and use that experience to create a working Slackware template.

I meant to create a new template based on Slackware 14.1 and the hosting provider was willing to co-operate once I had a tarball ready. However, I had a few doubts which I expressed in a Google+ post. The reactions to that post did not help feeling more confident, and I was convinced that I needed access to the local console of the VPS to be able to debug any boot-up issues that would prevent the SSH daemon from starting (thus preventing remote access). In an unfortunate chain of events, the hosting provider switched from SolusVM to an inhouse developed control panel exactly at that time, and providing (serial) console access was not a first priority for them. So I decided to wait patiently until a serial console was added. Actually, their Control Panel is a nice piece of work, and some months ago they finally made a local console available as well. But at that time I was consumed with getting Plasma 5 packages production ready. And time slipped away silently.

Last week, I decided to pick up my old initiative, dusted off the template creation script that I half-finished last year and using that script I created a first version of a 64bit Slackware 14.1 template. HostUS, my provider, set me up with a VPS for free based on that tarball I gave them so that I could test and debug the template without harming my paid-for VPS. I was very grateful for that, because it turned out the VPS was not booting. An OpenVZ container is limited in certain ways that the Slackware boot scripts do not expect. For instance, the VPS is running on the host kernel (“uname -a” returns: Linux brin 2.6.32-042stab094.7 #1 SMP Wed Oct 22 12:43:21 MSK 2014 x86_64 Intel(R) Xeon(R) CPU L5639 @ 2.13GHz GenuineIntel GNU/Linux). The filesystem is writable on boot; there is no hardware clock; there is no eth0; etcetera.

It took me a little while to get rid of the boot-up bugs and I definitely needed the access to the VPS console to stop it from dropping to the emergency shell, but then I ended with a Slackware VPS that booted out of the box.

I created a template for 32bit Slackware 14.1 as well, provided HostUS with both template tarballs and a Slackware logo bitmap, and then they added Slackware 14.1 (32bit and 64bit) as choices for VPS installation:

Slackware_OpenVZ_2

Hooray! Support was amazing, no silly questions asked, these guys are friendly and cooperative. Minutes after adding Slackware as an option in their VPS control panel, they tweeted:

Slackware_OpenVZ

I guess they were as excited as I am about the new offering 🙂 I told them last year that I wanted to run Slackware on their VPS and that I intended to host a new Slackware mirror there but was a bit afraid of exceeding my monthly bandwidth quota; taper serves more than 5 TB per month to you guys, which equals to my monthly quota limit at HostUS. They immediately responded and (without me having asked) increased my monthly bandwidth TEN-fold. For free. That shows the level of their support I guess.

Some technicalities: the script that created these templates is available on slackware.com. It builds a minimal installation of Slackware 14.1 (89 packages in total). That includes gcc because I do not take a Linux installation seriously which does not ship with a C compiler. This will occupy some 365 MB on your VPS disk once it is running. You could trim this down quite a bit more I guess, but there is a difference between minimal and barebones. My definition of minimal is that you should get a lot of useful tools on a console-based Slackware out of the box, not something that will boot and not much more.

This OpenVZ template comes with slackpkg pre-configured, using the generic URL “mirrors.slackware.com” so that your packages will always be downloaded from a mirror near you. OpenVZ is a bit peculiar in the sense that it knows a little bit about how Linux distros are being configured. So the OpenVZ control panel is the place where you configure the hostname, IP address and root password of your VPS. In order to make the Slackware installation internet-aware out of the box, I added two Google DNS IP addresses to its “/etc/resolv.conf” file. The result? Once provisioned, the VPS starts fast and mere seconds after booting I was able to login as root to my new machine.

I will use the long Pentecost weekend to setup some initial services and seed a Slackware mirror.

And you can consider the option of using this referral link to rent a Slackware 14.1 VPS for yourself 😉

Have fun! Eric

Stable channel for Chromium hits 43

chromium_iconBuilding on my experiences with chromium-dev (the development channel of the Chromium browser which is currently at version 44), I have made similar changes to my latest package for the chromium browser and its widevine and pepperflash plugins.

This means that I have said goodbye to the single configuration file (/etc/default/chromium) and switched to a configuration directory, which is “/etc/chromium/” for the chromium package. Each package (Chromium as well as any plugin or extension) can add its own configuration file to that directory. The new packages for chromium, chromium-pepperflash-plugin and chromium-widevine-plugin are now using this new setup.

I made one other change: I have applied a patch taken from an Ubuntu PPA. That patch is based on a blog post which explains how to enable VAAPI (aka hardware video decoding) on Linux. The chromium sources disable this functionality by default if you are not compiling for ChromeOS. Tell me your experiences with playback of H.264 video!

The new chromium packages have the version number 43.0.2357.65. The first release of the “43” series brings a total of 37 published security fixes, and here are the CVE’s:

  • [$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
  • [$7500][464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
  • [$3000][444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou.
  • [$3000][473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
  • [$2000][478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative
  • [$1500][468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
  • [$1000][450939] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
  • [$1000][468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
  • [$1000][474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
  • [$500][466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
  • [$500][476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
  • [$500][479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
  • [$500][481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

Get my chromium packages in one of the usual locations:

Change the URL a bit to get the widevine-plugin and pepperflash-plugin packages.

Have fun! Eric

© 2024 Alien Pastures

Theme by Anders NorenUp ↑