Archive for July, 2007

Perl script to help keep track of files in different SVN branches

Tuesday, July 10th, 2007

If you work with text files every day, it’s very handy to use a version control system. We use Subversion, which far from perfect but makes our lives much easier.

Branching is a really useful feature of Subversion if you have a body of code that you reuse with several projects. This allows developers to work on their code without risking breaking other projects whilst allowing them to merge new features into other branches as they are needed. It’s easy to lose track of which versions of files are in each branch. For example, let’s say that we have project called foo, which has a trunk and several branches:

foo/trunk
foo/branches/bar
foo/branches/bam
foo/branches/baz

Now, let’s say that there’s a text file in this project called multigizmo-2000.pl. You’ve made some updates to this file and have ported the changes from one branch to a few others but not all. A while later, you need that code in another project but you’ve forgotten which branches received the updates and which didn’t. Running the script below like:

$ ./compare-a-file-in-branches.pl -d foo/branches/ -f multigizmo-2000.pl

will search the various branches, calculate the MD5 checksum for the file (if it finds a version in a branch) and group the branches accoring to these checksums.

Compare a File in Branches

Autostitch photos of Brighton

Saturday, July 7th, 2007

I’m growing to really like the Autostitch program. As we’ve finally got a little sunshine, I couldn’t resist heading down to Brighton beach and its pier to take a few dozen pictures (merged into a couple of images).

Brighton Beach Autositch

I took another autostitch photo at my cousin’s wedding a couple of weekends ago:

It’s almost as if autostitch is the only option if you’re not taking a close up or a portrait.

Apache Config on Debian for phpMyAdmin

Monday, July 2nd, 2007

I’ve just been installing phpMyAdmin on a Debian server. This is very easy; simply:

# apt-get install phpmyadmin

However, if you are working on a machine with many vhosts, you need to set up a vhost for pma. Again this is not difficult, the vhost is mostly standard. The following allows access to the phpMyAdmin vhost over HTTPS on port 50002 with basic authentication. It assumes that the public (/etc/apache2/ssl/phpmyadmin.example.com.public.pem) and private (/etc/apache2/ssl/phpmyadmin.example.com.private.pem) key files, the password file (/etc/apache2/passwords/passwords) and the group file (/etc/apache2/passwords/groups) exist and that port 50002 is not blocked by the firewall.

<VirtualHost 1.2.3.4:80>
    ServerName phpmyadmin.example.com

    Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>

Listen 50002
NameVirtualHost 1.2.3.4:50002

<VirtualHost 1.2.3.4:50002>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
    SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem

    ServerName phpmyadmin.example.com

    DocumentRoot /var/www/phpmyadmin

    <Location />
        AuthType Basic
        AuthName "phpmyadmin on example.com"
        AuthUserFile /etc/apache2/passwords/passwords
        AuthGroupFile /etc/apache2/passwords/groups
        Require group developers
    </Location>
</VirtualHost>

You run into difficulties, though, when you restart the server if you have the default AllowOverride settings. Normally it’s a good security practice to keep your Apache configuration as locked down as possible and only allow directives to be overridden when it’s necessary. Equivalent statements are true in any field of computer with regards to security. phpMyAdmin’s .htaccess file (as supplied via apt) has a number of directives that are not allowed by default config and it’s necessary to allow them in the vhost conf file.

I came up with:

<Directory /var/www/phpmyadmin>
    AllowOverride Options Indexes FileInfo Limit AuthConfig
</Directory>

Details of the AllowOverride dirctive can be found at

http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride

I have to admit that I’m a little confused about the way that they grouped the directives that you can allow to be overridden. Why are AuthConfig and Limit separate groups? There seems to be a lot of semantic overlap there. What about allowing Options to be overridden? What if a sys admin wants to limit which individual options can be overridden?

Altogether, that’s:

<VirtualHost 1.2.3.4:80>
    ServerName phpmyadmin.example.com

    Redirect permanent / https://phpmyadmin.example.com:50002/
</VirtualHost>

Listen 50002
NameVirtualHost 1.2.3.4:50002

<VirtualHost 1.2.3.4:50002>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/phpmyadmin.example.com.public.pem
    SSLCertificateKeyFile /etc/apache2/ssl/phpmyadmin.example.com.private.pem

    ServerName phpmyadmin.example.com

    DocumentRoot /var/www/phpmyadmin

    <Directory /var/www/phpmyadmin>
        AllowOverride Options Indexes FileInfo Limit AuthConfig
    </Directory>

    <Location />
        AuthType Basic
        AuthName "phpmyadmin on example.com"
        AuthUserFile /etc/apache2/passwords/passwords
        AuthGroupFile /etc/apache2/passwords/groups
        Require group developers
    </Location>
</VirtualHost>