Migrating to GIT with Reposurgeon

April 18th, 2014 by Ralf Schlatterbeck

I’ve recently worked a lot with reposurgeon, a tool by Eric S. Raymond to do surgery on version control data. With this tool it is possible to migrate from almost any version control system to almost any other version control system — although these days the most feature-complete system is GIT which is the recommended and best supported target system (and the only one I’ve tested). It comes with a migration guide, the DVCS migration HOWTO.

Beyond just converting data, reposurgeon can be used to clean up artefacts, the simplest of which is to reformat commit comments to conform to established standards on GIT commit messages.

My conversion of the history of the pyst project, a python library to connect to different network interfaces of the Asterisk telephony engine, is a good example of what can be done with reposurgeon. The project, originally started by Karl Putland with version control at the time in CVS, was later taken over by Matthew Nicholson who used Monotone for version control. When I took over maintenance in 2010, I used Subversion. So we had three separate source code repositories in different version control systems. No effort was ever made to convert the version history from one system to another, so each new maintainer imported the last release version into the new version control system and continued from there.

Fortunately, Monotone has a GIT export feature and reposurgeon can natively read the other two formats. So I used separate reposurgeon scripts to clean up the three repositories and then used the reposurgeon graft command to unite them into one. The Subversion repo started with release 0.2 but there had been some commits after 0.2 in Monotone (which were later merged in Subversion) so the commits after 0.2 were put on a branch in the new repository. The last step then was to write out the resulting repository in GIT fast-export format and import into a GIT repository.

What artefacts did I clean up? Let me give two examples, both of which are problems I have when using Subversion.

Subversion doesn’t have the concept of a tag like other version control systems have. Instead tags are emulated by copying the to-be-tagged content to a new location in the repository, effectively creating a new branch, it’s just a naming convention that this is called a tag.

The first example deals with last-minute changes when doing a release: It’s not possible in Subversion to really remove a tag as in other systems. So when doing a release in GIT and something in the release process doesn’t work (not having created a release yet), as long as we didn’t push our changes to the public repository we can still move the release tag. This isn’t possible in Subversion. So I frequently have the situation that a release tag isn’t just one commit but several and the changes are either merged from the trunk to the tag-branch or the other way round from the tag-branch to the trunk. An example of a commit on a tag (r22 “fix PACKAGE definition for SF release”) and subsequent merge back to trunk can be seen in the following illustration created with the graph command of reposurgeon. The tag, originally Subversion commit r21 has already been tagified by reposurgeon. But the commit on the tag is now on the branch V_0_3.

First example

This can be fixed with reposurgeon with the following commands:

debranch V_0_3 trunk
[/^V_0_3\//] paths sup
:70 unmerge
:70 tagify --canonicalize
tag emptycommit-23 delete
tag V_0_3-root rename V_0_3
tag V_0_3 move :69

This puts the branch V_0_3 back onto the trunk and creates a new subdirectory V_0_3 there. Then this subdirectory is removed with the paths reposurgeon command. We then make the merge commit a normal commit with only one predecessor with unmerge and create a tag from this new commit which is possible because it doesn’t change any files. Finally we delete the tag just created and rename and move the V_0_3 tag.

The second example involves accidental commits on a release tag. This frequently happens to me when using Subversion for doing a release and happens as follows:

  • Create new tag by copying to a subdirectory in tags
  • Switch to this new tag using svn switch
  • Do the release
  • Forget to switch back to trunk
  • Come back later, do some accidental commits on the tag
  • Merge accidental changes back to trunk
  • Revert the changes on the tag

An example of this problem can be seen in the following figure.
Second example

This example is from my svnpserver project and shows a series of commits on the V_0_4 tag. Just before the next release I noticed, merged the commits from the tag to trunk, and reverted the erroneous commits on the tag. This is fixed with reposurgeon as follows:

:14063 delete
debranch V_0_4 trunk
[/^V_0_4//] paths sup
tag V_0_5-root rename V_0_5
tag V_0_5 move :14061
:14062 unmerge
:14062 tagify --canonicalize
tag emptycommit-4734 delete

First we delete the commit that reverts the changes on the tag. Then we move the commits from the tag to trunk and remove the resulting path prefix V_0_4. The new V_0_5 tag is moved to the last commit on what was previously the last commit on the tag because we’re going to eliminate the merge-commit next: First we make the merge commit a normal commit by removing the earlier ancestor using unmerge. The last step is to convert this commit into a tag (which is possible because it now doesn’t modify anything) and remove that resulting tag.

Modifying history is usually a bad idea when converting repositories. After all, the version control system is here to preserve the history. My rule is to remove artefacts of the used version control system that would never have occurred with another system. All the problems above would have been avoided by using, e.g., GIT in the first place: With GIT we can simply move a tag (if we haven’t pushed yet) and the erroneous commits on the tag could never have happened because we don’t have to switch branches for doing a release with GIT, so forgetting to switch back from the branch is not possible.

So by using reposurgeon we now have a GIT repository for pyst that spans the entire history of the project united from three different version control systems in use over the duration of the project.

ICMPv6 and prefixes

January 10th, 2014 by Ralf Schlatterbeck

In IPv4 the address assignment is coupled with the assignment of a subnet-mask — which means the insertion of a route to the given subnet.

In IPv6 address assignment is separate from on-link determination, for this an interface maintains a list of prefixes. All addresses matched by these prefixes are directly reachable. In addition routers may issue ICMPv6 redirects and the target of such a redirect is also on-link even if not contained in a known prefix of the interface.

Unfortunately the dhclient from ISC doesn’t get this right, so I spent some time to learn why a prefix I wanted for an interface, which is different from /64, didn’t work. It turns out, dhclient always configures an interface with a /64 subnet mask and associated route.

RFC4861 on IPv6 Neighbor Discovery later updated by RFC5942 “IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes” makes clear that such prefixes may only be set by the following means (RFC5942, p.4)

The Prefix List is populated via the following means:

  • Receipt of a valid Router Advertisement (RA) that specifies a prefix with the L-bit set. Such a prefix is considered on-link for a period specified in the Valid Lifetime and is added to the Prefix List. (The link-local prefix is effectively considered a permanent entry on the Prefix List.)
  • Indication of an on-link prefix (which may be a /128) via manual configuration, or some other yet-to-be-specified configuration mechanism.

And makes clear this also holds for DHCPv6 (RFC5942, p.7):

The assignment of an IPv6 address — whether through IPv6 stateless address autoconfiguration [RFC4862], DHCPv6 [RFC3315], or manual configuration — MUST NOT implicitly cause a prefix derived from that address to be treated as on-link and added to the Prefix List. …

It even lists the bug if dhclient under the heading “Observed Incorrect Implementation Behavior” (RFC5942, p.8):

… An address could be acquired through the DHCPv6 identity association for non-temporary addresses (IA_NA) option from [RFC3315] (which does not include a prefix length), or through manual configuration (if no prefix length is specified). The host incorrectly assumes an invented prefix is on-link. This invented prefix typically is a /64 that was written by the developer of the operating system network module API to any IPv6 application as a “default” prefix length when a length isn’t specified…

And code inspection (client/dhc6.c, line 3844 dhcp-4.3.0a1) shows the value is really hard-coded in dhclient:

/* Current practice is that all subnets are /64's, but
 * some suspect this may not be permanent.
client_envadd(client, prefix, "ip6_prefixlen",
              "%d", 64);
client_envadd(client, prefix, "ip6_address",
              "%s", piaddr(addr->address));

I’ve filed a bug-report (#35178, not the first one I discovered later as the bug-tracker doesn’t seem to be public, the reporter of the Debian bug also has submitted a report) and hope this will be fixed. The bug is present also in older versions, for example isc-dhcp-4.2.2 in Debian stable (wheezy). Debian also has a bug-report that references RFC 5942 which exists since 2012 (RFC 5942 is from 2010).

The fix would probably be to hard-code the netmask /128 for the newly-assigned address and leave the configuration to ICMPv6 router advertisements (see RFC4861).

I hope this will finally be fixed as dhcp is the only autoconfiguration mechanism in IPv6 that can handle netmasks different from /64 (on Ethernet, there may be other layer-2 protocols with a different interface identifier length for stateless autoconfiguration).

Elevate Festival

October 22nd, 2013 by Ralf Schlatterbeck

Am Freitag 25.10. um 12:00 Uhr halte ich beim Elevate Festival in Graz einen Vortrag zu Open Source. Ich werde einige Anwendungen vorstellen, den Begriff Open Source erklären (anhand der Open Source Definition) und einen Ausblick in Richtung Open Hardware geben.

Friday 25th at 12:00 I’ll talk about Open Source at the Elevate Festival in Graz. I’ll cover some applications, explain the term “Open Source” (by using the Open Source Definition) and also look at Open Hardware.

Online-Banking Bank Austria die 2.

December 18th, 2012 by Ralf Schlatterbeck

Jetzt habe ich gerade einige Überweisungsvorlagen geändert. Man muss sich jedesmal durch das ganze Menu hangeln, wenn man gerade eine Vorlage editiert hat — eine normale Browser-Navigation mit dem “Zurück”-Knopf ist unmöglich. Navigation von einer Vorlage zur nächsten braucht > 5 Klicks — von denen jeder einige (zig) Sekunden dauert, weil das neue System so langsam ist.

Aber viel skurriler: Ich habe einige Vorlagen deren Name mit einem großen “Ö” beginnt. Nun würde ich es verstehen, wenn das System keine Umlaute mag und diese einfach am Anfang oder Ende einsortiert (also vor dem “A” oder nach dem “Z”) wenn schon nicht in der Nähe von “O”. Aber bei der Bank Austria muss man das “Ö” zwischen dem “R” und dem “S” suchen. Ich habe mich einmal durch alle meine (mehr als 80) Vorlagen geklickt um die mit dem “Ö” zu finden.

Sehr kreativ.

Online-Banking Bank Austria

November 14th, 2012 by Ralf Schlatterbeck

Ich bin (noch?) Kunde der Bank Austria. In der Presse konnte man ja schon lesen, dass das neue Online-Banking ein “Epic Fail” ist. Was mich wundert: Warum hat da nicht jemand mal einfach nur die generierten Konto-Auszüge angesehen? Da braucht es keinen Super Test, man sieht sofort mit blosem Auge (oder bei Vergleich mit den alten Kontoauszügen) dass das b0rken ist:

  • Auf den Kontoauszügen fehlt bei allen Überweisungen der Zahlungsempfänger, im Buchungstext steht dann z.B. nur “Online Auftrag vom …” und ich muss woanders (in meiner Buchhaltung oder im Online Banking) nachsehen an wen ich da überwiesen habe
  • Die letzte Zeile auf der Seite wird vom Seitenrand durchgestrichen
  • Datum ist mal durch Punkt, mal durch / getrennt
  • Beträge sind nicht aligned sondern in der Spalte zentriert (!)
  • Der neue Ausdruck ist wesentlich mehr Platzverschwendend als der alte durch die teilweise unnützen Spalten (Währung) und das Querformat.

Kontoauszug: Beispiel

Diese Defekte sind auch beim letzten Software-Rollout nicht gefixt. Die Anordnung der Buchungszeilen hat sich leicht geändert, aber die letzte wird immer noch durchgestrichen — der Strich ist jetzt etwas dünner so dass man die Zeile zumindest lesen kann.

Was mich auch stört:

  • Direkt drucken wie im alten online Banking geht nicht, man muss immer zuerst ein PDF generieren (Im Filesystem, ein inline-View funktioniert offensichtlich nicht, ist aber möglicherweise ein Browser setting)

Nachdem mir das das erstemal passiert ist (einige Tage nach dem initialen Rollout) habe ich versucht, über das neue System eine eMail an meinen Betreuer zu schicken. Nachdem ich fertig war und auf “Senden” gedrückt habe, bekam ich die Meldung “Die online Aktivitätszeit ist abgelaufen” und meine Mail war weg.

Man fragt sich wer da was getestet hat — offensichtlich wurden nichtmal die alten Konto-Listings mit den neuen verglichen.

SIGALRM blocked forever — by init

September 23rd, 2011 by Ralf Schlatterbeck

I’m working on an embedded Linux system which allows to chose the root filesystem to boot from (flash card or NAND flash) early in the boot process. Now I was trying to get ppp (for a GSM/GPRS connection) working. But the chat-script hangs forever, it does not get a timeout. Turns out, chat uses alarm(2) to wait for a timeout. After quite some time of debugging I found out that SIGALRM is blocked (look for SigBlk in /proc/pid/status, this is the mask of blocked signals for process with pid).

After some googling I came across a blog entry (look for September 5, 2011) that describes a bug in bash: Bash, when calling “read” with a timeout, will install a signal handler for SIGALRM and longjump out of the signal handler, leaving SIGALRM blocked forever.

The boot-script runs as init (with pid 1) and therefore will leave SIGALRM blocked for all children. My immediate workaround is to read the filesystem to boot in a sub-shell…seems the bug is fixed with newer versions of bash.

Skype Compression Now Published

June 9th, 2011 by Ralf Schlatterbeck

A while ago I blogged about the first published information about reverse-engineering of Skype (Skypes Flux Capacitor has been released, Skypes Flux Capacitor: UDP). A missing piece in the puzzle was the arithmetic compression algorithm used by Skype, details about which were first published in Silver Needle in the Skype. Meanwhile I’ve seen source code of the compression algorithm from two different sources — one of them on a blog on Open Source Skype, although that version doesn’t seem to be available any longer on that page, try the usual sources to find “removed” internet-information. The code is both versions is different. I’ve not yet had the time to further look into this (and try out the code on actual Skype packets) but from what I’ve seen the code looks genuine. There are some questions, though, if the code works with later versions of Skype, it seems the protocol was slightly changed recently.
There is also some press coverage from the interview with Efim Bushmanov, the author of the menioned blog:

So we now have alle the pieces of the puzzle to start writing a plugin for Wireshark to give us a tool to further analyze the network traffic produced by Skype. Maybe an open source client is on the horizon now (there’s still a long way to go since we don’t know the binary formats used by the voice and video codecs in Skype, but maybe keyboard-chat is within reach now). Shameless Plug: If you have resources (money or time) to help writing a Wireshark plugin for Skype, please contact me, I’m trying to coordinate efforts in this direction.
That said, there are rumors that (one of) the Skype Certificate-Authority-Key (the Root key in a certificate chain) was leaked. Lets see what comes from this… leaking the key could make communications available to third parties or forge identities. But be aware that the makers of Skype probably already do have the mechanisms in place to listen into the contents of Skype traffic as was first hinted at by the Silver Needle in the Skype presentation and which I’ve mentioned in my talks on Skype (presentation material linked from my home page).
Looks like Microsoft has aquired a piece of software here that perfectly fits its security record so far — this could be helped by letting independent researchers look at the Skype protocol design, but may well uncover further problems down the road. We again see here that secrecy won’t help security in the long run, we may view this as a generalisation of Kerckhoffs’ Principle. Opening the procotol like speculated in the article Skype reverse-engineered by Russian geek is still a very unlikely move by Microsoft, in my view… but I would certainly welcome this.

LILO “junk in compressed archive” and Grub2 “out of disk” error

January 10th, 2011 by Ralf Schlatterbeck

I’ve recently upgraded a Debian/Asterisk Installation on an older Soekris Net 4501 embedded hardware. After the upgrade the device didn’t boot anymore. The installed LILO bootloader produced the error message:

Initramfs unpacking failed: junk in compressed archive

and later failed with a kernel panic

VFS: Unable to mount root fs on unknown-block(0,0)

Googling for the error message found a blog entry that indicated a missing LILO option “large-memory” — which wasn’t the problem in my case, the option was already present.
So I booted into GRML and installed grub2 instead of LILO. After a reboot, Grub2 ended up in rescue mode with the error message:

error: out of disk.
grub rescue>

I could display the partitions with ls and also get a listing from my root partition but trying to list other directories produces the “out of disk” error again:

grub rescue> ls
(hd0) (hd0,msdos1) (hd1) (hd2) (hd3) 
grub rescue> ls (hd0,msdos1)/
./ ../ lost+found/ var/ etc/ media/ initrd.img usr/

grub rescue> ls (hd0,msdos1)/boot

error: out of disk.

So my diagnosis was that the BIOS of the Soekris box is unable to address the whole (in this case 60GB) harddisk. The install had only worked before because the kernel and the /boot directory where within the BIOS-accessible area on the disk. So there are still BIOSes out there that don’t support large harddisks — I didn’t find out until now what the limit of the Soekris BIOS is. The fix after this diagnosis was easy: Shrink the root filesystem using resize2fs, create a new root partition and copy the shrunken filesystem there, resize2fs to the new partition size. Create a new small /boot partition at the start of the disk and copy the contents of the old /boot directory there. Of course this is only possible with a working rescue system, my rescue system of choice is a GRML netboot setup which enables me to quickly boot any x86-based system that supports network boot.
Lesson learned: For small X86 embedded hardware it still makes sense to have a small /boot partition.

Thomas Greco in Vienna

November 10th, 2010 by Ralf Schlatterbeck

Yesterday evening Thomas Greco was in Vienna. We were a mixed audience coming from different fields all interested in the money problem.
Thomas started by introducing himself and his history. He has an engineering background and worked as a college professor. Got “yanked out of the matrix in 1974″, seeing that not everything we see is as it appears. Started asking questions about problems like war, poverty, exploitation and how to solve these problems.
One day he had a book in the mail “In the Wake of Inflation Can the Church Remain Silent?”, he checked the few references and found (some of) them sound. The question why they allow the money-system to exist kept gnawing at him and he got in touch with the author, they eventually became good friends. He helped put out a second edition of the book. His questions were why the church doesn’t mention usury and why social justice if not part of their program.
He participated in several land-trust, school of living and other projects and his focus narrowed down to money and banking. Over the time he helped starting several local currency projects and wrote several books which document what was learned (a joke was that much was learned from failed projects). The first two books can be downloaded from reinventingmoney.com, the third is available as an EBook-Excerpt, for the fourth there is an excerpt at google books. I’ve read the fourth and can recommend it as one of the most systematic treatments of our current money system problem I know. Books are:

  • Money and Dept: A Solution to the Global Crisis (2nd ed. 1990)
  • New Money for Healthy Communities 1994
  • Money — Understanding and Creating Alternatives to Legal Tender 2001
  • The End of Money and the Future of Civilization 2009

Tom then proceed to outline the history of money: It started out with barter exchange, the first form of money was commodity-money, various commodities like tobacco (cigarettes), flour or grain, nails and precious metals like silver and gold (highly valued in small amounts, portable, durable) served as money. What follows is symbolic money: the first bankers were goldsmiths depositing gold for their customers, the receipt from the bank about the deposit of gold served as a place-holder for the gold. When goldsmiths discovered that they could give receipts not only to people depositing gold, but also to people who came to borrow it, credit money (the 3rd form) was born. The last form is credit clearing where we keep only an account for each member and incoming money is added while outgoing money is subtracted. The main problem of credit is interest which exploits people.
Then a discussion where Franz Nahrada claimed that money is always an alienation ensued. Thomas explained that the farther the relationships among people are, the higher the need for money: In the family we don’t need (and don’t want) money. With a close neighbor we expect some reciprocity (we keep in mind if the other person is always taking). For dealing with people you don’t know we need some kind of formalized structure. But he agreed that a closer community relationship is a good goal. It was mentioned that experiences without money (where you lose your wallet and have to find your way without money for some time) can be a lasting positive experience, on the other hand money may cut through relationships…
In the discussion I asked about Toms view about demurrage, a negative interest rate on money. He answered that demurrage is an unnecessary “stamp scrip” (so called because some demurrage currencies use stamps that have to be bought and affixed to the banknotes) first introduced by Silvio Gesell and that it’s unfortunate that demurrage is the only one of his proposals that is generally remembered. Demurrage currencies where successful in a time where any kind of exchange medium would have been successful. The problem demurrage tries to solve, the prevention of hording (mainly of paper currencies) could be solved by reallocating excess money to (new) businesses. I noted that Gesell also had this in mind when he argues that when depositing excess money in a bank for re-lending, he proposes that there should be no demurrage. (I’m still not fully convinced that demurrage might not be a good tool at times) We agreed that a shortcoming of Gesell is that he can only envision a central banking system while Thomas recommends the separation of money and state (I also think this currently is our best option). There is also a blog post on demurrage by Tom.
During the discussion Tom remarked that due to the “Bubble and Bust Cycle” of our current money system, banks always have to find new ways to indept the people. When he studied, there were no student loans. This is a new idea that came up in the 60s. In the 90s we had the dot com bubble and the recent crisis in 2008 added a lot more dept to the private sector. He thinks we reached the end of the line, the dollar will probably be inflated out of existence. One of the outcomes of a hyper-inflation like Weimar in the 1920s is that the middle class gets wiped out. They still have savings but these won’t buy anything. Maybe the plan for after the inflation is a global currency. A question about the timeframe for these predicted events was answered that it’s hard to say, but China already has satisfied its appetite on US government bonds now buying gold. Maybe an America-wide new currency (Amero) or a global currency will be the plan. This would wipe out everyones savings and re-start the game, hopefully not everybody will go along with this.
In the later discussion I asked — when Tom had talked about the Government and the central banks cooperating — that up until now I had seen the private banking as the problem and the state more in the role of a victim. Tom replied that they are cooperating and that this cooperation was introduced in the early days of the Bank of England (when the king needed money for war). In a blog post When will the dollar die? Greco also outlines a facet of that cooperation: “National governments are unique in being able to play this role [of borrower of last resort] because of their collusive arrangement with the banking cartel.”
We also had some discussions on emerging trends, barter exchanges (which aren’t really barter in the original sense of the word). Tom said that if businesses are not involved early on in an alternative currency project, it is bound to fail. Barter exchanges that only involve retailers can work to a certain degree of circulation. But for a robust system, manufacturers, employess are needed to close the circle. Not all suppliers are within a region, so we have to get regions to cooperate. Mistakes that have been made by some local exchanges (which is detrimental to their own business and the whole “industry”) are:

  • competition with members (taking the best things for themselves)
  • too much credit for themselves (debasing their own currency)

Tom also mentioned Argentina during the discussion which had a strong social currency movement in the early 2000s with dozens of trade exchanges. The system (nearly) collapsed due to mis-managed, my question if this was induced by outsiders was answered that there were accusations of counterfeiting by the central government or other authorities but it is unclear if this is true. When he visited Argentina, there already was counterfeiting in some of the largest exchanges and they didn’t do anything about it. Now they have better safeguards.
The following links are taken from the discussions (no particular order, Tom is not affiliated with any of them as far a I know but knows some of the creators as “cooperatively minded entrepreneurs”), during the discussion I noted that we would need a common protocol among different barter and community currency enterprises, so that not everybody builds his own “walled garden” which was agreed… I’ve written about that problem before when writing about cloud computing.

  • Cyclos, a system for manageing lets trading circles
  • zacle.com an newly started web-based exchange (this takes ages to load for me with layers upon layers of javascript, that by default isn’t enabled when I surf with noscript, so not a site I’d ever use)
  • poiu.com , another trading system
  • community exchange network www.ces.org.za
  • getsplus.com: a proprietary platform where a lot of money was invested, it’s a cashless trading platform which might eventually become open source
  • virtualbarter.net an online barter exchange
  • imsbarter.com one of the biggest US barter companies
  • www.favors.org a social network by Sergio Lub
  • www.livingdirectory.org one of the first social networks with 60.000 people worldwide participating, has levels “identified” (a real person), “sponsor” (trust someone to sponsor other people) and “networker” (full access to the system).

At the end we watched the short film The Essence of Money (4:13) that outlines how money works. In my opinion it’s also a good illustration how a distributed money system — where every player in the game can issue his/her own money — could work. With todays electronic systems we maybe can come up with a solution that is distributed: compare this to file-sharing systems that started out as centralized systems like Napster and evolved into distributed systems like Gnutella today. The film Money as Dept was recommended, there seems to be a sequel, the original seems to be available in several places on the net.

Unix Domain Sockets

November 9th, 2010 by Ralf Schlatterbeck

I recently had to find a solution for a communication problem: An application running on a web-server should update configuration files that are only readable by a privileged user and these should not be directly writeable by the web-server user.
So the idea was to write an update-server running under the privileged account which receives update requests (and can perform additional checks) from the unprivileged web server user.
One of the checks I wanted to make was that only the web-server user (www-data on debian) should be able to send update requests. So I had to find out the user sending a request via the Unix-domain socket. Google found a nice socket howto on Henning Makholm’s blog which told me most of what I needed to know: “so I ended up just checking the EUID of the client process after the connection has been accept()ed. For your reference, the way to do this is getsockopt() with SO_PEERCRED for Linux”.
But one issue was remaining: I didn’t need a SOCK_STREAM socket but wanted to send datagrams to the other side (and didn’t want to fiddle with implementing my own datagram layer on top of a stream socket). With normal SOCK_DGRAM datagram sockets there is no connection — and therefore I can’t determine the user sending the datagram from the other side of the socket.
Looking further I discovered that Linux has connection-oriented datagram sockets for quite some time under the name SOCK_SEQPACKET. With this type of socket you first connect() to the other side and then you send a datagram. Since now there is a connection the trick with SO_PEERCRED as described above works, too.
Code for Server (python):

from socket import socket, SOCK_SEQPACKET, AF_UNIX, SOL_SOCKET
from struct import unpack
try :
    # Not implemented in python 2.6, maybe higher
    from socket import SO_PEERCRED
except ImportError :
    SO_PEERCRED = 17 # Linux
sock = socket (AF_UNIX, SOCK_SEQPACKET)
path = '/path/to/socket'
try :
    os.remove (path)
except OSError :
sock.bind (path)
conn, adr = self.sock.accept ()
ucred = conn.getsockopt (SOL_SOCKET, SO_PEERCRED, 12)
pid, uid, gid = unpack ('LLL', ucred)
if uid... check uid:
    conn.close ()

data = conn.recv (4096)

Code for client (python):

from socket import socket, SOCK_SEQPACKET, AF_UNIX
s.connect ('path/to/socket')
s.send (.....)
s.close ()