mobile and gis dev notes

This is already an update on my First Howto with debian. So far, I could atest that Debian has been very good to me, and lessen my daily admin tasks.

1. Install base system. I prefer a minimal install.

2. Setup Networking

2.1 Disable IPV6
vi /etc/modprobe.d/aliases
alias ipv6 off
alias net-pf-10 off
 
2.2 Setup IP
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.211
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

2.3 Modify Hosts

#vi /etc/hosts
127.0.0.1           localhost
127.0.1.1           rupert-debian
192.168.1.211     rupert-debian
222.73.255.64     mirrors.geekbone.org
61.132.102.124   debian.cn99.com
128.31.0.36       security.debian.org
 
# The following lines are desirable for IPv6 capable hosts
#::1     ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

You can delete the commented (#) lines, if you don’t have ipv6 on your network…

2.4 Setup Basic Firewall
vi firewall.sh

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -i lo -j ACCEPT
 
iptables -A FIREWALL -p icmp --icmp-type any -j ACCEPT
 
#iptables -A FIREWALL -p 50 -j ACCEPT
#iptables -A FIREWALL -p 51 -j ACCEPT
 
#iptables -A FIREWALL -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#iptables -A FIREWALL -p udp -m udp --dport 631 -j ACCEPT
 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A FIREWALL -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 3306 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 5432 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules

sh -v firewall_setup.sh

To set it up on boot:
vi /etc/network/interfaces
…
iface lo inet loopback
pre-up iptables-restore < /etc/firewall-rules
…

I did catch a slight problem on this, for more details please read this post.

3. Specify the nearest source list

<a href="/wordpress/?p=83">
vi /etc/apt/sources.list
#deb http://mirrors.geekbone.org/debian etch main
#deb-src http://mirrors.geekbone.org/debian etch main
 
deb http://mirrors.geekbone.org/debian etch main
deb-src http://mirrors.geekbone.org/debian etch main
</a>

4. Let’s get ssh up and running first.

<a href="/wordpress/?p=83">
apt-get update
apt-get install ssh
</a>

5. Once you have networking up and running, then I advise to upgrade to lenny (testing) as stated from the source list[3] above.

<a href="/wordpress/?p=83">
apt-get upgrade libc6
apt-get dist-upgrade
</a>

6. Reboot

7. Do you want this machine to be your desktop? If yes, let’s get gnome.

<a href="/wordpress/?p=83">
#aptitude install gnome
#aptitude install gnome-core
#aptitude install x-window-system
</a>

8. Reboot. You should see a graphical Gnome Login

9. Utilities

<a href="/wordpress/?p=83">
#apt-get install htop nmap unzip subversion build-essential cmake locate
#apt-get install libboost-graph*
</a>

10. Servers
#apt-get install apache2
#apt-get install postgresql-8.2
#apt-get install postgresql-8.2-postgis
#apt-get install postgresql-server-dev-8.2
#apt-get install mysql-server

11. Removing unwanted services
#update-rc.d -f portmap remove
#update-rc.d -f cupsys remove
#update-rc.d -f exim4 remove

12. Configuring vimrc with syntax highlighting

<a href="/wordpress/?p=83">
set nocompatible
set nu
set ts=4
syntax on
</a>

My first hack with debian was smooth except for the firewall issues. RHEL/Fedora/CentOS stores its firewall policies in /etc/sysconfig/iptables, in Debian, you have to write down the chains and run it. Writing the chain rules is basically the same for both distros since it is iptables, however it is not pretty obvious for a newbie. So my problem was, I cannot ping a domainname but can ping an IP address instantly. I misinterpreted the root cause of the problem as a dns problem, so I disabled ipv6.. still a no go. Later I found out it was one of the rules in my iptables policies.

So here is the iptables firewall shell script that resolved the issue…

1. vi firewall.sh

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -i lo -j ACCEPT
 
iptables -A FIREWALL -p icmp --icmp-type any -j ACCEPT
 
#iptables -A FIREWALL -p 50 -j ACCEPT
#iptables -A FIREWALL -p 51 -j ACCEPT
 
#iptables -A FIREWALL -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#iptables -A FIREWALL -p udp -m udp --dport 631 -j ACCEPT
 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A FIREWALL -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 3306 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 5432 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules

2. Run sh -v firewall_setup.sh

Here’s a brief explanation of the iptables flag taken from man.

-F, –flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.

-N, –new-chain chain
Create a new user-defined chain by the given name. There must be no target of that name already.

-A, –append chain rule-specification
Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

-j, –jump target
This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below).

So I checked out my CentOS4 box and found out that I four (4) lines which I don’t understand. See commented lines above. Here’s an explanation of them..

Port 50 is Remote Mail Checking Protocol
Killing this may stop you checking if you have new mail on your provider’s POP server. Haven’t confirmed this…

Port 51 is IMP Logical Address Maintenance. Dunno what this is for..

Port 5353
This port is used for the Apple Bonjour network discovery protocol, as you can read here: http://www.apple.com/support/downloads/bonjourforwindows_readme.html

Port 631 IPP (Internet Printing Protocol). Enable this if you want to print from Linux.

I didn’t have much time blogging for the past week. But since July 18, I am running Debian, Centos and Ubuntu on my desktop.

1. Install CentOS 5.

2. Manually partition as follows:

Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux (boot)
/dev/sda2 14 3837 30716280 83 Linux (/)
/dev/sda3 3838 4090 2032222+ 82 Linux swap


3. Put bootloader grub on mbr.

4. Reboot.

5. Install Ubuntu

6. Manually partition.

/dev/sda4 4091 19457 123435427+ 5 Extended
/dev/sda5 19446 19457 96390 83 Linux
/dev/sda6 19204 19444 1935801 82 Linux swap / Solaris
/dev/sda7 15556 19202 29294496 83 Linux


7. Install bootloader on /boot of /dev/sda4

8. Reboot.

9. Install Debian 7

10. Manually partition as follows:

/dev/sda8 4091 4102 96327 83 Linux
/dev/sda9 4103 4343 1935801 82 Linux swap / Solaris
/dev/sda10 4344 7990 29294496 83 Linux


11. Reboot.

Hurray! Key point here is to install the bootloader on mbr first then, installing successive loaders in /boot of other distros.

Requirements: JRE

1. Download and Install Nokia Wap Gateway Simulator 4.0

2. Download and Install Nokia Mobile Browser 4.0

3. Launch NWGS first then pop up NMBS.

4. To test, Load a URL.

Download swf “Right Click” then “Save As”
Play ScreenCast (Opens in a new windows)
You need Adobe Flash Player.

Tested on: CentOS 5.0, 4.1
vim /etc/ld.so.conf
include /usr/lib64
include /usr/local/lib
include /usr/lib

Prerequisites:
rpm -ivh $CENTOS/bzip2-devel-1.0.3-3.x86_64.rpm
rpm -ivh $CENTOS/libidn-0.6.5-1.1.x86_64.rpm
rpm -ivh $CENTOS/curl-7.15.5-2.el5.x86_64.rpm
rpm -ivh $CENTOS/pkgconfig-0.21-1.fc6.x86_64.rpm
rpm -ivh $CENTOS/libidn-devel-0.6.5-1.1.x86_64.rpm
rpm -ivh $CENTOS/e2fsprogs-devel-1.39-10.el5.x86_64.rpm
rpm -ivh $CENTOS/krb5-devel-1.6.1-17.el5.x86_64.rpm
rpm -ivh $CENTOS/zlib-devel-1.2.3-3.x86_64.rpm
rpm -ivh $CENTOS/openssl-devel-0.9.8b-8.3.el5_0.2.x86_64.rpm
rpm -ivh $CENTOS/flex-2.5.4a-41.fc6.x86_64.rpm
rpm -ivh $CENTOS/libstdc++-devel-4.1.2-14.el5.x86_64.rpm
rpm -ivh $CENTOS/libxml2-devel-2.6.26-2.1.2.x86_64.rpm
rpm -ivh $CENTOS/libxslt-devel-1.1.17-2.x86_64.rpm
rpm -ivh $CENTOS/nmap-4.11-1.1.x86_64.rpm
rpm -ivh $CENTOS/swig-1.3.29-2.el5.x86_64.rpm
rpm -ivh $CENTOS/apr-1.2.7-11.x86_64.rpm
rpm -ivh $CENTOS/apr-util-1.2.7-6.x86_64.rpm
rpm -ivh $CENTOS/neon-0.25.5-5.1.x86_64.rpm
rpm -ivh $CENTOS/perl-URI-1.35-3.noarch.rpm
rpm -ivh $CENTOS/subversion-1.4.2-2.el5.x86_64.rpm
rpm -ivh $CENTOS/libtool-ltdl-1.5.22-6.1.x86_64.rpm
rpm -ivh $CENTOS/libtool-1.5.22-6.1.x86_64.rpm
rpm -ivh $CENTOS/libtool-ltdl-devel-1.5.22-6.1.x86_64.rpm
rpm -ivh $CENTOS/guile-1.8.0-8.20060831cvs.x86_64.rpm
rpm -ivh $CENTOS/libX11-devel-1.0.3-8.0.1.el5.x86_64.rpm $CENTOS/libXau-devel-1.0.1-3.1.x86_64.rpm $CENTOS/xorg-x11-proto-devel-7.1-9.el5.centos.x86_64.rpm $CENTOS/mesa-libGL-devel-6.5.1-7.5.el5.x86_64.rpm $CENTOS/libXdmcp-devel-1.0.1-2.1.x86_64.rpm
rpm -ivh $CENTOS/libjpeg-devel-6b-37.x86_64.rpm
rpm -ivh $CENTOS/libpng-1.2.10-7.0.2.x86_64.rpm
rpm -ivh $CENTOS/freetype-2.2.1-19.el5.x86_64.rpm
rpm -ivh $CENTOS/freetype-devel-2.2.1-19.el5.x86_64.rpm
rpm -ivh $CENTOS/gd-devel-2.0.33-9.3.fc6.x86_64.rpm $CENTOS/fontconfig-devel-2.4.1-6.el5.x86_64.rpm $CENTOS/libXpm-devel-3.5.5-3.x86_64.rpm $CENTOS/libpng-devel-1.2.10-7.0.2.x86_64.rpm $CENTOS/gd-2.0.33-9.3.fc6.x86_64.rpm

1. Install proj4
-tar -zxvf proj-4.4.9.tar.gz
-./configure
-make
-make install

2. Install geos
-bzip2 -d geos-3.0.0.tar.bz2
-tar -xvf geos-3.0.0.tar
-./configure –enable-python
-make
-make install

3. install postgres and postgis
rpm -ivh postgresql-libs-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-devel-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-server-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-contrib-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-plperl-8.3.1-1PGDG.rhel5.x86_64.rpm
rpm -ivh postgresql-plpython-8.3.1-1PGDG.rhel5.x86_64.rpm

# tar -zxvf postgis-1.3.3.tar.gz
# cd postgis-1.3.3
# ./configure –with-pgsql=/usr/bin/pg_config
# make
# make install

If you need to put the postgres data for mapserver, then:
initdb -E utf8 -D /var/lib/pgsql/data

3. install gdal
./configure –with-png –with-libtiff –with-static-proj4=/usr/local/bin –with-python –with-perl –with-geos –with-pg=/usr/bin/pg_config

Note: If there is an error regarding libxpat.so because of 64 bit libraries, then edit GDALmake.opt and change /usr/lib to /usr/lib64
http://www.nabble.com/GDAL-v1.5.1-compile-error-on-RHEL5.-td17428872.html

GDAL is now configured for i686-pc-linux-gnu

Installation directory: /usr/local
C compiler: gcc -O2
C++ compiler: g++ -O2

LIBTOOL support: yes

LIBZ support: external
GRASS support: no
CFITSIO support: no
PCRaster support: internal
NETCDF support: no
LIBPNG support: external
LIBTIFF support: external
LIBGEOTIFF support: internal
LIBJPEG support: external
LIBGIF support: external
OGDI support: no
HDF4 support: no
HDF5 support: no
KAKADU support: no
JASPER support: no
ECW support: no
MrSID support: no
CURL support (wcs): yes
POSTGRESQL support: yes
MySQL support: yes
XERCES support: no
ODBC support: no
PGEO support: no
OCI support: no
SDE support: no
DODS support: no
SQLite support: no
DWGdirect support no
PANORAMA GIS support: no
INFORMIX DataBlade support:no
GEOS support: yes

Statically link PROJ.4: yes

Traditional Python: yes
NG SWIG Bindings: perl

enable OGR building: yes

make
make install

4. Remove any existing apache from rpm then install apache2 by source.
rpm -e httpd-2.2.3-11.el5.centos gnome-user-share-0.10-6.el5.x86_64
./configure –prefix=/usr/local/apache2 –enable-rewrite –enable-so –with-mpm=prefork
make
make install

5. rpm -ivh alsa-lib-devel-1.0.14-1.rc4.el5.x86_64.rpm esound-0.2.36-3.x86_64.rpm esound-devel-0.2.36-3.x86_64.rpm audiofile-0.2.6-5.x86_64.rpm mesa-libGLU-6.5.1-7.5.el5.x86_64.rpm mesa-libGLU-devel-6.5.1-7.5.el5.x86_64.rpm libXext-1.0.1-2.1.x86_64.rpm libXext-devel-1.0.1-2.1.x86_64.rpm libXrandr-devel-1.1.1-3.1.x86_64.rpm libXrender-devel-0.9.1-3.1.x86_64.rpm libXt-devel-1.0.2-3.1.fc6.x86_64.rpm audiofile-devel-0.2.6-5.x86_64.rpm libSM-devel-1.0.1-3.1.x86_64.rpm libICE-devel-1.0.1-2.1.x86_64.rpm

6. rpm -ivh SDL-1.2.10-8.el5.x86_64.rpm SDL-devel-1.2.10-8.el5.x86_64.rpm

7. Dont use agg-2.4! PLEASE read this post from mapserver trac ticket. Instead, download the packages form http://dag.wieers.com/rpm/packages/agg/

Note: For 64-bit packages:
- http://dag.wieers.com/rpm/packages/agg/agg-2.5-1.el5.rf.x86_64.rpm
- http://dag.wieers.com/rpm/packages/agg/agg-devel-2.5-1.el5.rf.x86_64.rpm

8. install mapserver. This assumes you have PHP, APACHE, POSTGRES, POSTGIS,
MYSQL already installed.

./configure \
–with-agg \
–with-jpeg \
–with-gd \
–with-freetype \
–with-png \
–with-ogr \
–with-proj \
–with-gdal \
–with-httpd=/usr/local/apache2/bin/httpd \
–with-tiff \
–with-wfs \
–with-wcs \
–with-sos \
–with-wmsclient \
–with-wfsclient \
–with-geos=/usr/local/bin/geos-config \
–with-gdal=/usr/local/bin/gdal-config \
–with-postgis=/usr/bin/pg_config

-make
-make install

9. Post Install Considerations:
ln -s /usr/local/lib/libproj.so.0 /usr/lib/libproj.so.0
ln -s /usr/local/lib/libgdal.so.1 /usr/lib/libgdal.so.1
ln -s /usr/local/lib/libgeos_c.so.1 /usr/lib/libgeos_c.so.1
ldconfig

10. cp -rf mapserv /usr/local/apache2/cgi-bin/
check mapserv
./mapserv -v
MapServer version 5.0.3 OUTPUT=GIF OUTPUT=PNG OUTPUT=JPEG OUTPUT=WBMP OUTPUT=SVG SUPPORTS=PROJ SUPPORTS=AGG SUPPORTS=FREETYPE SUPPORTS=WMS_SERVER SUPPORTS=WMS_CLIENT SUPPORTS=WFS_SERVER SUPPORTS=WFS_CLIENT SUPPORTS=WCS_SERVER SUPPORTS=SOS_SERVER SUPPORTS=GEOS INPUT=EPPL7 INPUT=POSTGIS INPUT=OGR INPUT=GDAL INPUT=SHAPEFILE

11. cp the ff:
cp legend scalebar shp2img shp2pdf shptree shptreetst shptreevis sortshp
tile4ms /usr/local/apache2/cgi-bin/

12. cp $mapserver_install_dir/mapscript/php3/php_mapscript.so /usr/local/apache2/modules/

######################################
11. edit httpd.conf
setenv LD_LIBRARY_PATH /usr/local/lib

12. vi /etc/ld.so.conf
Add the following lines:
/usr/local/include
/usr/local/lib
run:
13 ldconfig