Everybody Staze…

Apple unfortunately forgot to include freetype support in GD with their stock version of PHP 5.3.0 in 10.6 Server at least up to 10.6.2.

So, there’s some info online about compiling freetype into GD in 10.6, but it doesn’t specifically address 10.6 Server, and it references downloading the PHP 5.3.0 source from Apple’s servers, rather than directly from php.net.

So, here’s the info.

1. Create a directory for the src.
   sudo mkdir /src
2. Chown that over to yourself.
   sudo chown username /src
3. Change into that directory.
   cd /src
4. Create pcre directory.
   mkdir pcre
5. Change into pcre directory.
   cd pcre
6. Download pcre source.
   curl ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.01.tar.gz -O
7. Download php5.3.1 source.
   curl http://us3.php.net/distributions/php-5.3.1.tar.gz -O
8. Download libjpeg-v7 source.
   curl http://www.ijg.org/files/jpegsrc.v7.tar.gz -O
9. Untar all of the above.
   find *.tar.gz -exec tar xfvz {} \;
10. Change into pcre source directory.
    cd pcre-8.01
11. configure pcre.
    ./configure --disable-shared --enable-static
12. Make, and install pcre.
    make && make install DESTDIR=/src/pcre/pcre-local
13. Change into the jpeg directory.
    cd ../../jpeg-7
14. Copy some config files into the current directory.
    cp /usr/share/libtool/config/config.sub .; cp /usr/share/libtool/config/config.guess .
15. Config libjpeg.
    export MACOSX_DEPLOYMENT_TARGET=10.6
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
LDFLAGS="-arch x86_64" \
./configure --enable-shared
16. Make, and Make install.
    make; sudo make install
17. Change directory into PHP source folder.
    cd ../php-5.3.1
18. Modify line 186 of ./ext/iconv/iconv.c and change #define iconv libiconv to #define iconv iconv
19. Configure PHP.
    MACOSX_DEPLOYMENT_TARGET=10.6
CFLAGS="-arch x86_64 -g -Os -pipe -no-cpp-precomp"
CCFLAGS="-arch x86_64 -g -Os -pipe"
CXXFLAGS="-arch x86_64 -g -Os -pipe"
LDFLAGS="-arch x86_64 -bind_at_load"
export CFLAGS CXXFLAGS LDFLAGS CCFLAGS MACOSX_DEPLOYMENT_TARGET
./configure --prefix=/usr \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--disable-dependency-tracking \
--sysconfdir=/private/etc \
--with-apxs2=/usr/sbin/apxs \
--enable-cli \
--with-config-file-path=/etc \
--with-libxml-dir=/usr \
--with-openssl=/usr \
--with-kerberos=/usr \
--with-zlib=/usr \
--enable-bcmath \
--with-bz2=/usr \
--enable-calendar \
--with-curl=/usr \
--enable-exif \
--enable-ftp \
--with-gd \
--with-jpeg-dir=/usr/local/lib \
--with-png-dir=/usr/X11R6 \
--with-freetype-dir=/usr/X11R6 \
--with-xpm-dir=/usr/X11R6 \
--with-ldap=/usr \
--with-ldap-sasl=/usr \
--enable-mbstring \
--enable-mbregex \
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-mysql-sock=/var/mysql/mysql.sock \
--with-iodbc=/usr \
--enable-shmop \
--with-snmp=/usr \
--enable-soap \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-xmlrpc \
--with-iconv-dir=/usr \
--with-xsl=/usr \
--with-pcre-regex=/src/pcre/pcre-local/usr/local
20. Make PHP.
    export EXTRA_CFLAGS="-lresolv"; make
21. Backup your php.ini
    sudo cp /private/etc/php.ini /private/etc/php.ini.bak
22. Install new PHP
    sudo make install
23. Restore php.ini, and restart apache.
    sudo cp /private/etc/php.ini.bak /private/etc/php.ini; sudo apachectl graceful

All and all, on a new mac mini server, this took about 20-30 minutes. And I now have a working PHP 5.3.1 install, and freetype now works with GD (allowing me to put the captcha back on my contact form under “About”. Good luck!

Reference Links:

• http://www.gen-x-design.com/archives/recompiling-php-5-3-on-snow-leopard-with-freetype-support/
• http://diymacserver.com/installing-php/adding-the-gd-module-to-php-on-snow-leopard/

Not sure if anyone knows, but previous to now, my server hosting this site was a Powerbook G4, 1.67ghz, with 2GB of ram, and an 80GB HD.

It ran 10.5 Server, and all and all, ran it pretty well. I was using Marc Liyanage’s PHP build (http://www.entropy.ch/software/macosx/PHP/), and that worked fairly well. Though, the 5.3.0 install was kinda odd. This computer also served as my weather station machine, file server, power monitor, etc.

Anyway, it worked, but it was rather slow to do any real crunching on (like elaborate SQL queries, etc). Or for that matter, running mod_deflate on my site. And while it’s power usage was pretty low, and it had a built-in UPS (it’s battery) it wasn’t as good as it could be. Also, had to add Cardbus USB card to add additional ports, and making any kind of timelapse movies from my webcam images was out of the question. So, it worked, but it was pretty loaded (load averaged about 20-40%).

So, all that in mind, Tara and I have been selling random crap on eBay the last few weeks, and managed to build up enough between that,

and me cashing out some vacation from work, to buy a brand new Mac Mini Server (also traded in my old personal powerbook for some store credit).

All and all, it’s sweet. It’s significantly faster, smaller, uses less power, and is more apt to be a server than an old powerbook. =) Sure, the picture to the left makes it look pretty messy (power supply, Keyspan USB-Serial adapter, serial cable from that to weather station), usb cable to webcam, usb cable to TED, firewire to Drobo), but I’m going to clean that up and put it all up on shelves above my desk. And yeah, the pictures in the background are of me as a kid.

Load average on the new system, about 2-4%. Not to mention, the RAM doubling in the new system (with the actual potential to go to 8GB at some point in the future. And being able to run 10.6 server, and I would imagine, 10.7 server as well (whenever it ships). It’s a speedy machine. I RAID1′d the two drives, so I’m not nearly as worried about a drive crashing at this point.

And since I never really talked about it, the Drobo is pretty nice as well. It’s not as fast as it could be, but that’s really not much of an issue. It’s mainly for storing media that we watch on the PS3, or laptops. So it’s doesn’t need to be a rocket, it just needs to work, and be reliable. Right now I’ve got two WD15EADS drives (1.5TB “Green” drives). They’re pretty nice, though I worry about the head parking overly aggressively. As you can see, it’s about 70% full, so I’ll probably buy another drive in the nearish future which will give me 3TB of storage. Not too bad given my homegrown only had 1TB. I’ll do more of a write up on the Drobo in the next week or two. I wanted to wait to write it up until I got the new server, as it acted kinda odd sometimes when it was hooked to the old Powerbook.

Here’s to a new week.

The weather today lent itself quite well to yard work, which is nice as we still hadn’t cleaned up the mess from the wind storm earlier this week. Tara started with just raking up the driveway, and we quickly moved to spraying the moss on the walk way with iron (a good, low impact, way to kill moss). Then on to pruning our maple in the front yard. Normally, pruning japanese maples should be done either right after leaf fall, or in mid-summer. But, we’re impatient, and I figure since we’re sealing the wounds, bleeding should be minimal.

We removed about 1/4 of the total foliage I would guess. But, I would say after 3 years of doing this, we now have a maple that looks presentable (at least skeleton wise). We will have to see what it looks like once it leafs out.

You might think it looks spartan (below image), but given what it used to look like, a giant blob (gumdrop, right image), this is a huge improvement. This is more what you would expect from a japanese maple you’d see at a Japanese garden somewhere. I’m no expert, but I know the basic theory of removing crossing branches, parallel branches, branches that move directly toward or away from the viewer, and opening up the structure to allow the viewer to admire the structure of the tree. We also removed or trimmed branches to keep the leaves off the ground when it does leaf out (this was an issue last year).

Overall, the goal is to produce a tree that looks like an older, larger, more mature version of itself or similar tree.

Not sure if we succeeded, but we do believe it looks better. My only hope is that we didn’t open it up so much that we get bark scalding during the summer, but that shouldn’t be an issue since it will be leafed out enough by then, as well as the fact that it barely gets any direct sun anyway. We have Douglas fir’s that shield it from the south sun. It gets a bit of late evening sun, but that shouldn’t be an issue either.

Also pruned the Rhododendron next to the lamp post in this picture (it was rather blob-ish). This should cut down on the aphid infestations it gets during the summer. Aphids tend to dislike airflow. Also gave all the rhodie’s in the yard a spray of iron to help with chlorosis.

I’ll try to remember to post some more photos once the maple leafs out and we see how it looks. So, expect more on this in about 4-5 months. =)

UPDATE: Did have a weird issue where the AppleTV was rebooting randomly. Restoring to factory defaults again (after the 3.0.1 update), then re-updating to 3.0.1 seems to have fixed it. Will know more after the weekend.

My boss, about a year ago or more, had his HD crap out on his Apple TV. So, being ingenious, he brought it to me and I proceeded to get it back working by finding a DMG online of the boot partition that allowed it to work again. Problem was, he couldn’t run software updates on it. It would see the update, but wouldn’t let him install it. Was quite odd.

So, fast forward to today, when he finally brought it back in, and I started looking around online. Turns out, you need the recovery partition to be intact for updates to work. Not sure why, but you do.

So, after looking all around online, I did find a source for a full image of a working 2.0.2 Apple TV. If you’re familiar with torrents (and more specifically, the former major torrent site that is still around, but who knows for how long…), you can look for something called “smallatv.rar”.

So, once you have that, take a new drive (or one you’ve removed all the partitions from (you can do this via disk utility by selecting 1 partition, and then for type, select “free space”.), and do the following from terminal.

diskutil list

With that, find the drive you’re restoring. In my case, it was “disk6″.

Then:

dd if=/location/of/smallatv.dmg of=/dev/disk6 bs=1024k

That’ll take a bit, but you should now have an AppleTV drive. Problem is, the media partition is only 35GB. If you only had a 60GB drive, then you’re good. If you had bigger than that, then read on.

Now, go get a copy of AtvCloner from here: http://dynaflashtech.net/atvcloner/

Load that up, and in the first tab, point it at /dev/disk6 and hit “image source partitions”. This will take a bit, but you should end up with 3 dmg’s. An efi.dmg, a boot.dmg, and a recovery.dmg. Once you have those, quit AtvCloner, and go back into diskutil and “re-empty” the drive.

Okay, so now, go back into AtvCloner, and go to the second tab. In this tab, point it at the 3 dmg’s you just created, and if the drive is bigger than 500GB, then check the appropriate box. Then hit “Prepare New Drive”. This will take a bit, but once you’re done, you will have a functional, and full sized AppleTV drive. Drop that into your AppleTV, and boot it up.

One thing I did notice was that the downloaded image isn’t stock. It has some hack in it, since you see a Linux logo when booting. But, once you’re booted, you can go to “Update Software”, and it’ll download the latest AppleTV OS (in my case, 3.0.1), and update itself, which removes whatever hack was there.

Good luck! I really wish Apple made some stuff easier.

Looking around online, I found several instances of people wanting to chroot sftp on 10.5 server. The purpose being, they want to give access to sftp for users they may not trust, and want to keep them where they belong over sftp.

Unfortunately, there were a couple pieces missing from the instructions. So, thought I would fix that.

First, make a backup of /etc/sshd_config. While it should be easy enough to back out these changes, it’s just good practice to make a backup.

Second, create a directory for the “jail”. In my case, this was in /Volumes/Data/Websites/username.

The key here is that all directories up to and including the username directory must be read only by everyone but root when it comes to POSIX directories. So / would need to be root:group, and something like rwxr-xr-x. That goes for /Volumes, /Volumes/Data and /Volumes/Data/Websites.

The rest is all in the /etc/sshd_config

Comment out (with a #):

Subsystem sftp /usr/libexec/sftp-server

And add:

Subsystem sftp internal-sftp

At the end of the sshd_config, add:

Match User username
ChrootDirectory /Volumes/Data/Websites/username/
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

Or, if you want to enforce on a group:

Match Group usergroup
ChrootDirectory /Volumes/Data/Websites/
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

You can add both, and ssh will read from first to last. So, if you want specific users to go to specific folders, you can add them first, then end with a group policy.

Lastly, while testing this, make sure to watch /var/log/secure.log. You’ll see errors there when it doesn’t work. My problem, when working on this, was the write ability for users other than root on the parent directories. I had to systematically remove group and other write before it would work.

Those errors looked like:

fatal: bad ownership or modes for chroot directory component "/"

In the case of the root directory.

Lastly, this will remove SSH capability for the user specified. They will only be able to SFTP, but they’ll be locked into the directory specified. Great for a random student groups, in my case, that need to have a website, but you don’t necessarily want running wild on your system.