systemd integration in the “ps” command

In Debian, since version 2:3.3.10-1, the procps package has the systemd integration bits enabled. This means that now the “ps” command can display which (user) unit has started a process or to which slice or scope it belongs.

For example with the following command:

ps  -eo pid,user,command,unit,uunit,slice

ps-systemd

Debian GNOME/systemd sprint

Last weekend was a pretty busy weekend as we had our first joined Debian GNOME/systemd sprint.  10 people gathered at my employer office Inuits in Antwerp to work together on GNOME and systemd integration in Debian.

I worked mainly on GNOME packages, helping with transitions and packaging new bits for the GNOME 3.12 release. We also discussed a lot of things like the switch of the team repository from svn to git and the version of GNOME that we are planning to ship in Jessie.

I really think this was a very constructive sprint and such event should happen more often, we already planned to do this again near the release of 3.14.

The full log of the sprint can be found at: https://lists.debian.org/debian-devel-announce/2014/05/msg00001.html

Add a new CA certificate to the certificates stash in Debian

Since a few days, the CAcert root certificates have been removed from the ca-certificates package. While there was a discussion about whether it should be trusted by default in Debian, let’s see here how an administrator can trust CAcert again (or any other CA certificates).

In Debian, the certificates stash is located in /etc/ssl/certs/. This directory contains by default a series of symlinks that points to the certificates installed by the ca-certificates package (including the needed symlinks generated by c_rehash(1)) and a ca-certificates.crt which is a concatenation of all these certificates. Everything managed by the update-ca-certificates(8) command which is taking care of updating the symlinks and the ca-certificates.crt file.

Adding a new (CA) certificate to the stash is quite easy as update-ca-certificates(8) is also looking for files in /usr/local/share/ca-certificates/, the administrator just has to place the new certificate in the PEM format in this directory (with the .crt extension) and run update-ca-certificates(8) as root. All the applications on the system (wget, …) should now trust it.