Archive for June, 2013

rapt (restricted apt wrapper)

June 26, 2013

One of the projects I created a while ago is called “rapt (restricted apt)“. As I was asked about it on irc about recently I thought I should mention it here as well 🙂

It is a python-apt app that will allow regular users to install/update software or install build-depends via sudo without giving them full root access. rapt will ensure that there is no interaction (like conffile prompts or debconf) that might allow the user to get a rootshell. It allows blacklisting and with a suiteable sources.list it is a easy way to give limited access to more trusted users. One use-case is to allow developers to install build dependencies on a staging machine.

You can install it via

$ bzr branch lp:rapt

and just run the binary via sudo (and a sudoers file that allows to run it). All it needs is python and python-apt (which is installed on most system anyway).

PassHash sha512 support

June 9, 2013

I added sha512 support to the PassHash firefox extension here (and added pull request to get it into the upstream branch). I felt its important to do this after reading this article.

ansible ad-hoc data gathering

June 1, 2013

When using ansible and its “setup” module to gather ad-hoc facts-data about multiple hosts, remember that it runs the jobs in parallel which may result in out-of-order output. With “ansible -f1” the number of parallel processes can be limited to one to ensure this won’t happen. E.g.:

$ ansible all -f1 -m setup -a filter=ansible_mounts

(the filter argument for the facts module is also a nice feature).