Category Archives: Sysadmin

flaticron: Send mail notifications for pending Flatpak updates

Some software packages on a typical Linux desktop setup are no longer installed by the package manager of the distribution, but instead are managed with Flatpak. This approach has become more popular over the last years and allows for shorter release cycles in which updates reach users.

My problem with Flatpak was that I regularly did not benefit from these shorter release cycles, because I was not even aware of an available update. Users of desktop environments such as GNOME have Flatpak integrated into the usual graphical software updater. However, as a user of Xfce and strictly using the terminal for managing packages on my desktop systems, I never received any hint on available Flatpak updates.

For pending updates of distribution packages, I use apticron to receive such notifications automatically via mail. As I couldn’t find any existing solution to receive notifications about pending Flatpak updates via mail as well, I wrote flaticron.

GitHub: https://github.com/raimue/flaticron/

An example report sent by flaticron looks like this:

flaticron report [Thu, 28 Mar 2024 18:36:36 +0100]
========================================================================

flaticron has detected that some flatpaks need updating on:

  ferret

The following flatpaks are currently pending an update:

  org.freedesktop.Platform.GL.default              22.08        flathub
  org.freedesktop.Platform.GL.default              22.08-extra  flathub
  org.freedesktop.Platform.GL.default              23.08        flathub
  org.freedesktop.Platform.GL.default              23.08-extra  flathub
  org.freedesktop.Platform.VAAPI.Intel             22.08        flathub
  org.freedesktop.Platform.VAAPI.Intel             23.08        flathub
  org.freedesktop.Platform.ffmpeg-full             23.08        flathub
  org.freedesktop.Platform                         23.08        flathub
  org.gnome.Platform                               44           flathub
  org.gnome.Platform                               45           flathub

========================================================================

You can perform the update by issuing the command:

  flatpak update

as raimue on ferret

-- 
flaticron

The format of the report is very similar to what is generated by apticron, so it should feel familiar for existing users. The prerequisite for mail notifications is that you have a working MTA on your system.

flaticron is available as a Debian package and can be downloaded and installed from the latest GitHub release. If flaticron gains at least some popularity, I might look into getting this into the official Debian repositories. Let me know if you would be interested.

If you are a Flatpak user, I hope flaticron will be a useful tool for you to get notified about pending updates via mail.

Postfix with relayhost over stunnel on macOS 10.12 Sierra

I like to have a working mail setup on all machines as this allows to be notified about cronjobs that failed and also to be able to send other notifications that would otherwise be lost. It is also especially useful for things like git send-email or automatically sending GPG signatures with caff to others.

However, mails cannot just be sent from any device and mail servers on the internet usually reject mails from dial-up IPs or public WiFi networks. To fight spam, techniques like SPF have been developed that restrict the mail servers that are allowed to send mails for the domain name used in the From: field. Therefore the best way is to relay all outgoing mail through the mail server that is responsible for your domains.

While most tools also allow you to configure an external SMTP server, it is on one hand tedious to configure it everywhere and on the other hand also insecure if you have to write the username and password for authentication to many user-readable configuration files on your system. Therefore I am running a local MTA on all the computers I administrate to relay mails to a central mail server.

Continue reading

Upgrading a VM from macOS 10.12 Sierra to macOS 10.13 High Sierra in VirtualBox

For testing purposes, I have a VM in VirtualBox currently runnning macOS 10.12 Sierra. Now that macOS 10.13 High Sierra is in Beta, I wanted to upgrade my VM to this new release. However, this proved to be difficult with the usual ways. This blog post will describe how to upgrade a Sierra VM to High Sierra.

Continue reading

How to run rsync on remote host with sudo

Sometimes I want to transfer files including ownership. This is not possible as normal user as the chown(2) system call requires special privileges, that is: uid == 0. However, I do not want to open ssh access for root, but go with the usual way to elevate my privileges: sudo.

I will go through common solutions presented on the web and explain why these do not work at all without significant modifications on the remote host and then present a working solution using X11-Forwarding that is less invasive.

Continue reading

Should we distrust Comodo after issuing a rogue SSL certificate for Windows Live?

About a year ago, I wrote an article why I no longer trust StartSSL. Back then, I said I switched to a paid certificate issued by Comodo under the PositiveSSL brand instead. A reader now brought a recent issue with a Comodo certificate erroneously issued for Microsoft’s Windows Live to my attention and asked whether I would still prefer them over StartSSL.

Arno wrote this comment (link):

Do you still trust Commodo to be more trustworthy than StartCom just because they asked for money to handle revocations? Think twice – a guy from Finland managed to get a valid certificate from Commodo for “live.fi”, (Microsoft Live in Finland), just because he was able to register “hostmaster@live.fi” as his e-mail-address:

http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/

I started to type my answer as a comment as well, but soon I realized my explanation just became too long to be a comment, so I turned it into an article on its own.
Continue reading