Hideki A. Ikeda (HidekiAI) [池田英紀] ["Tony" Ikeda] – BLog

• SquirrelMail: v1.4.19
• SquirrelMail gpg Plugin: v2.1
• PHP: v5.2.13-p10-gentoo
• pecl-gnupg: v1.3.1-r1

For a while now, I’ve not the time to investigate on the issue of why my gpg plugin for the SquirrelMail stopped working…  If you are here, you probably search for the following error on the web and ended up here:

Fatal error: Cannot redeclare class GnuPG in /var/www/your_domain/htdocs/squirrelmail/plugins/gpg/gpg.php on line 419

Of course, the paths would differ for each individuals, but the key part of the error is “Cannot redeclare class GnuPG“.

For the longest time, I thought it was because I’ve upgraded to newer SquirrelMail and I have messed up my local configurations.  But it turns out it was because I have a PECL version of gnupg which also declares a class GnuPG.

There are 3 files which references this class:

• gpg.php – this file defines the class
• gpg_execute.php – new’s the class
• gpg_functions.php – new’s the class

I have two choices, either uninstall PECL’s gpg or alter the code.  I’ve chosen the later because I need pecl-gnupg for other things.  It is not predictable for any developers to anticipate on name collisions like this.  Ideally, just like C++, PHP developers should be using namespaces to avoid collisions, but again it’s easily forgettable even in C++.

Long story short, I’ve renamed the class from GnuPG to MyGnuPG in gpg.php and the other files on my local version…  I tried to go to their bug-tracker site to inform of this issue but it seems that I need permissions and account and I dislike creating accounts so I’ve BLogged here instead.

Related posts

• Postfix + Courier + SquirrelMail:configtest.php (0)
• Why KeepAlive Heartbeats should be on Dedicated Socket Stream (0)
• Testing Postfix + Courier (authlib and imap) + MySQL (0)
• Syslog-ng + syslog-server (Kiwi) = network slowdown (0)
• Serving SVN repositories (0)

The other day, I was researching on an options to have SVN repository and Apache on a separated host. In one forum, the admin even bluntly responded to a user who had this issue with a simple “there’s no correct way” and a “you shouldn’t even be trying it”.  This is one of the reasons why I really hate those holier-than-thou-RTFM admins, but we’ll leave that to another day’s rant and move on to the web-log instead…

The real issue in my opinion, is the fact that there’s a bit of confusion on the user side who do not realize the combinations of ways you can serve SVN.  Here’s a matrix in hopes to clarify things.  Assumptions made here are:

• Repository directory is located at “/var/svn/myrepos“
• The machine hosting it is “myserver”
• Domain name is “mydomain.tld” (note that even if accessing locally, my example will use domain name for clarifications)

Note: In sshd mode, it spawns svnserve upon connection, so you must make sure that you have svnserve working.

So the key part to realize is that when you’re running in WebDAV mode, it is the Apache modules that becomes the front-end proxy to allow the clients to access the repositories.  This is the reasons why the repositories are to be located on the same host as the Apache, simple as that.

The next issue to point out is why would one want to use http and/or https rather than sshd, svnserve or even samba.  In my opinion, file-based is out of the question as a “server”, so we’ll look at the 3 services (yes, I know about inetd, but I don’t think it’s supported on Windows, so I am not considering it – although my servers are Gentoo).

Whether you’re serving for your laptop and desktop in the LAN or serving for your colleagues and groups, it’s about serving to other host machines (otherwise, you’d be using file based and/or git), and the question is whether you want to punch a hole in the router firewall for port 22 (sshd), 80/443 (http/https) or 3690 (svnserve).

It should also be an issue of whether you want to manage the accounting (sshd=PAM, svnserve=text-file-password or SASL, http=htpasswd-based-text-file) as well as security (https=ssl, svnserve=SASL, sshd=PAM).  In my opinions, the decisions should be made on how one would want to manage passwords.  I personally like PAM, and my sshd is hooked in to PAM in which it queries LDAP.  So my choice is to go with “svn+ssh://URL” method.  Only caveat to ssh method is that it constantly asks for password (and you cannot do annonymous read-only, why I’d want to, I don’t know) but that’s OK since my repository is on my dev-box and from the dev-box, I do “file://” anyways.  From other boxes (such as my laptop or work) I only need to checkout/update to read-only and I rarely edit so it’s usually a one-time deal…

In any case, once you comprehend and understand its functions, I’m sure one can make better decisions as to how the repositories are to be serviced.  For me, I’ve decided to just have a cron job that runs daily and copies the repositories from my dev-box to my external SSHd server.  This way, I have a back up of my repository in case my dev-box harddrive crashes…  Alternatively, I could have done the same on my Apache server box box, but I went with ssh because that way, both internally and externally, I’ll be using svn+ssh so I won’t get confused. *grin*

Note: After I was satisfied with self-educating all this crazy mess, I’ve switched to git.  What makes sense is that having it as distributed repositories.  And I can push to the web version if and only if I like to.  I can also have a cron job that would pull from my dev-box if I care to (but I think I would prefer to push from my dev-box only when I am satisfied and besides, because it is distributed it means that if I need to pull on my laptop, I can pull directly from my dev-box too).  But the choices are more flexible.  If you have got to the similar issue and are reading my blog, my recommendations are to switch to git and/or mercurial.  Search on YouTube for Linus Torvald’s presentations on git, or read Joel Spolsky’s (final) blog on mercurial.  For git, read http://book.git-scm.com/4_setting_up_a_public_repository.html and you can see how easy it is to set-up!  P/S: On Windows, use msysGit rather than Cygwin version of git.

Related posts

• Postfix + Dovecot – (Cyrus + Courier) (0)
• Compiling Apache on Gentoo (0)
• Why KeepAlive Heartbeats should be on Dedicated Socket Stream (0)
• Testing Postfix + Courier (authlib and imap) + MySQL (0)
• Syslog-ng + syslog-server (Kiwi) = network slowdown (0)

Have you ever ran into an issue like this:

--------------------------------------------------------------------------------
ERROR   : # 1.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 16 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_interface1_syslog_s7 -p udp --sport syslog --dport 514 -m state --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT  :                                                                                                                                
 
iptables v1.3.8: invalid port/service `syslog' specified
Try `iptables -h' or 'iptables --help' for more information.

You’d get similar errors for “ftp”, “ftp-data”, and I’d imagine other random ones.  You probably won’t see it if you have “START_FIREHOL=YES” not set (or commented out) in your firehol.conf file either…

Contrary to the beliefs that it is a problem with FireHOL or older bash, it’s actually (at least for me) a permission issue…

A simple test might be to do “whoami” and you might see this:

root@localhost ~ # whoami
whoami: cannot find name for user ID 0

I seem to get this whenever I run nscd daemon and have my ldap configured incorrectly.

In any case, try the following:

root@localhost ~ # grpconv
root@localhost ~ # pwconv

Now try restarting FireHOL again (or try “whoami”).  If that works, a possible “temporary” fix until you resolve it is to run a cron hourly of grpconv & pwconv (and of course disable other services such as nscd – at least for me).

Related posts

• Syslog-ng + syslog-server (Kiwi) = network slowdown (0)
• RAID0 is Useless in Today’s Technology (0)
• Networking: AD + Linux (0)
• Compiling Apache on Gentoo (0)
• Why KeepAlive Heartbeats should be on Dedicated Socket Stream (0)