2016-05-29 22:15
Short log on using letsencrypt
with a 3rd party bash client:
$ sudo su -
# apt-get install git openssl curl
# cd /opt
# git clone https://github.com/lukas2511/letsencrypt.sh
# echo "example.com www.example.com" > /opt/letsencrypt.sh/domains.txt
# mkdir -p /var/www/html/.well-known/acme-challenge
# echo 'WELLKNOWN="/var/www/html/.well-known/acme-challenge"' > /opt/letsencrypt.sh/config
# /opt/letsencrypt.sh/letsencrypt.sh -c
# echo "38 4 * * 7 root /opt/letsencrypt.sh/letsencrypt.sh -c" > /etc/cron.d/letsencrypt
# vi /etc/apache2/sites-enabled/010-default-ssl.conf
# grep SSLCertificate /etc/apache2/sites-enabled/010-default-ssl.conf
SSLCertificateKeyFile /opt/letsencrypt.sh/certs/example.com/privkey.pem
SSLCertificateFile /opt/letsencrypt.sh/certs/example.com/cert.pem
SSLCertificateChainFile /opt/letsencrypt.sh/certs/example.com/chain.pem
# apachectl restart
2016-04-10 14:30
Cisco IOU has been floating around for quite some time.
Out of the boredom, and for fun having Cisco switching lab in my pocket, I've managed to make it running on my Nokia N900.
Prerequisites: Debian chroot on N900 Maemo - all
actions on N900 are assumed within Debian chroot.
Obtain IOU image (insert default joke of you being Cisco employee or having a valid license here) :
N900-deb:~# mkdir -p /data/cisco
N900-deb:~# mv /tmp/a.bin /data/cisco/i86bi-linux-l2-upk9-15.0b.bin
N900-deb:~# file /data/cisco/i86bi-linux-l2-upk9-15.0b.bin
/data/cisco/i86bi-linux-l2-upk9-15.0b.bin: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped
N900-deb:~# uname -m
armv7l
Install qemu-user:
N900-deb:~# apt-get install qemu-user
N900-deb:~# qemu-i386 -version
qemu-i386 version 2.1.2 (Debian 1:2.1+dfsg-12+deb8u5a~bpo70+1), Copyright (c) 2003-2008 Fabrice Bellard
IOU binaries for linux are dynamically linked ELF 32-bit LSB executables for Intel 80386. If we try to simply execute it
via qemu-i386, we'll get an error for missing dynamic linker/loader (see "interpreter" part in 'file' output above):
N900-deb:~# qemu-i386 /data/cisco/i86bi-linux-l2-upk9-15.0b.bin
/lib/ld-linux.so.2: No such file or directory
You can locate the debian package, containing ld-linux.so.2 by searching on packages.debian.org,
for a i386 architecture, (i'm going to use use wheezy packages, because it's the distro my debian chroot is based on). In this case
it's libc6 - download it, and extract to a local directory, then copy ld-linux.so.2 to /lib, where IOU image expects it:
N900-deb:~# wget http://security.debian.org/debian-security/pool/updates/main/e/eglibc/libc6_2.13-38+deb7u10_i386.deb
N900-deb:~# dpkg -x libc6_2.13-38+deb7u10_i386.deb /data/cisco/extract
N900-deb:~# find /data/cisco/extract/ -name ld-linux.so.2
/data/cisco/extract/lib/ld-linux.so.2
/data/cisco/extract/lib/i386-linux-gnu/ld-linux.so.2
N900-deb:~# file /data/cisco/extract/lib/ld-linux.so.2
/data/cisco/extract/lib/ld-linux.so.2: symbolic link to i386-linux-gnu/ld-2.13.so
N900-deb:~# cp /data/cisco/extract/lib/ld-linux.so.2 /lib/
N900-deb:~# file /lib/ld-linux.so.2
/lib/ld-linux.so.2: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=50ea7a832566b8e48b2824267f8f92decdf1c2db, stripped
If you try running IOU image via qemu now, you'll get an error for missing shared library file :
N900-deb:~# qemu-i386 /data/cisco/i86bi-linux-l2-upk9-15.0b.bin
/data/cisco/i86bi-linux-l2-upk9-15.0b.bin: error while loading shared libraries: libcrypto.so.4: cannot open shared object file: No such file or directory
We can use objdump or readelf to find out the needed shared libraries from the foreign architecture binary (ldd won't work here):
N900-deb:~# objdump -x /data/cisco/i86bi-linux-l2-upk9-15.0b.bin | grep NEEDED
NEEDED libcrypto.so.4
NEEDED libm.so.6
NEEDED libgcc_s.so.1
NEEDED libc.so.6
NEEDED libdl.so.2
N900-deb:~# readelf -d /data/cisco/i86bi-linux-l2-upk9-15.0b.bin | grep NEEDED
0x00000001 (NEEDED) Shared library: [libcrypto.so.4]
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x00000001 (NEEDED) Shared library: [libdl.so.2]
We can even use readelf to generate full dependence list, containing all needed files, to automate
package search later:
N900-deb:~# readelf -a /data/cisco/i86bi-linux-l2-upk9-15.0b.bin | egrep "interpreter|NEEDED" | awk '{print $3,$4,$5}' | sed -e 's/\[//' -e 's/\]//'
interpreter: /lib/ld-linux.so.2
Shared library: libcrypto.so.4
Shared library: libm.so.6
Shared library: libgcc_s.so.1
Shared library: libc.so.6
Shared library: libdl.so.2
Use debian package search as per above, to find out and download packages containing needed files, extract packages locally, find, and
copy needed files to some location. Please note that libcrypto.so.4 in a list is going to be copied from libcrypto.so.1.0.0 from libssl,
and it itself contains additional libz dependency. Final needed package list:
And files within:
| Missing |
Package |
File in a package |
| interpreter: /lib/ld-linux.so.2 |
libc6 |
/lib/ld-linux.so.2 |
| Shared library: libcrypto.so.4 |
libssl1.0.0 |
/usr/lib/i386-linux-gnu/libcrypto.so.1.0.0 |
| Shared library: libz.so.1 |
zlib1g |
/lib/i386-linux-gnu/libz.so.1 |
| Shared library: libm.so.6 |
libc6 |
/lib/i386-linux-gnu/libm.so.6 |
| Shared library: libgcc_s.so.1 |
libgcc1 |
/lib/i386-linux-gnu/libgcc_s.so.1 |
| Shared library: libc.so.6 |
libc6 |
/lib/i386-linux-gnu/libc.so.6 |
| Shared library: libdl.so.2 |
libc6 |
/lib/i386-linux-gnu/libdl.so.2 |
Log:
N900-deb:~# ls -1 /data/cisco/pkg/
libc6_2.13-38+deb7u10_i386.deb
libgcc1_4.7.2-5_i386.deb
libssl1.0.0_1.0.1e-2+deb7u20_i386.deb
zlib1g_1.2.7.dfsg-13_i386.deb
N900-deb:~# find /data/cisco/pkg/ -name '*.deb' | while read line; do dpkg -x $line /data/cisco/extract/; done
N900-deb:~# mkdir -p /data/cisco/lib
N900-deb:~# cp /data/cisco/extract/usr/lib/i386-linux-gnu/libcrypto.so.1.0.0 /data/cisco/lib/libcrypto.so.4
N900-deb:~# for i in /data/cisco/extract/lib/i386-linux-gnu/{libz.so.1,libm.so.6,libgcc_s.so.1,libc.so.6,libdl.so.2}; do cp $i /data/cisco/lib/; done
N900-deb:~# ls -1 /data/cisco/lib/
libcrypto.so.4
libc.so.6
libdl.so.2
libgcc_s.so.1
libm.so.6
libz.so.1
Now we can try pointing LD_LIBRARY_PATH environment variable to our library directory, and run IOU image via qemu again:
N900-deb:~# cd /data/cisco
N900-deb:/data/cisco# LD_LIBRARY_PATH=/data/cisco/lib qemu-i386 ./i86bi-linux-l2-upk9-15.0b.bin
IOS On Unix - Cisco Systems confidential, internal use only
<...>
It works:
Last touch: we have all foreign architecture shared library files isolated in a separate directory, but full path
to the "ld-linux.so.2" is hardcoded into the IOU binary, and this file polutes our chroot distro. The solution could be
modifying IOU binary and changing path to the "interpreter" to someting else, or shrinking it so, it is relative, and then
placing dynamic linker/loader to the directory we are running IOU binary from:
There are several standard tools for manipulating ELF headers, like elfedit or objcopy from binutils, or we can simpy
use any HEX editor for that, but for a job,
the most convenient tool I found was patchelf:
N900-deb:~# readelf -a /data/cisco/i86bi-linux-l2-upk9-15.0b.bin | grep interpreter
[Requesting program interpreter: /lib/ld-linux.so.2]
N900-deb:~# patchelf --set-interpreter 'ld-linux.so.2' /data/cisco/i86bi-linux-l2-upk9-15.0b.bin
N900-deb:~# readelf -a /data/cisco/i86bi-linux-l2-upk9-15.0b.bin | grep interpreter
[Requesting program interpreter: ld-linux.so.2]
N900-deb:~# mv /lib/ld-linux.so.2 /data/cisco/
2016-03-10 23:00
For a long time I've been using ccrypt utility for symmetric
encryption on linux. The only problem with it - it's not in default install on most debian-based
distros I use.
There are 2 possible alternatives present in default install:
Openssl:
Nokia-N900:~# echo "this is plain text" > /tmp/123
Nokia-N900:~# openssl enc -aes-192-cbc -in /tmp/123 -out /tmp/123.sslenc
enter aes-192-cbc encryption password:
Verifying - enter aes-192-cbc encryption password:
Nokia-N900:~# rm /tmp/123
Nokia-N900:~# openssl enc -d -aes-192-cbc -in /tmp/123.sslenc -out /tmp/123
enter aes-192-cbc decryption password:
Nokia-N900:~# cat /tmp/123
this is plain text
GnuPG:
Nokia-N900:~# echo "this is plain text" > /tmp/123
Nokia-N900:~# gpg --symmetric --output /tmp/123.gpg /tmp/123
Enter passphrase:
Repeat passphrase:
Nokia-N900:~# rm /tmp/123
Nokia-N900:~# gpg /tmp/123.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
Nokia-N900:~# cat /tmp/123
this is plain text
2016-03-06 22:00
These days I normally carry minimum 2 devices:
- Android phone as a regular phone
- Nokia N900 as a linux terminal
Recent android phone now has more computing power than it needs, but lacks handy keyboard
present in N900 to fully utilise these resources when needed. So, I am going to use N900
as a terminal towards android phone via wireles adb (Android Debug Bridge).
On N900:
Nokia-N900:~# apt-get install git build-essential libssl-dev
Nokia-N900:~# git clone https://github.com/bonnyfone/adb-arm
Nokia-N900:~# cd adb-arm/
Nokia-N900:~/adb-arm# rm adb-arm-binary
Nokia-N900:~/adb-arm# cp makefile.sample makefile.sample.dist
Nokia-N900:~/adb-arm# vi makefile.sample
Nokia-N900:~/adb-arm# diff -U 0 -u makefile.sample.dist makefile.sample
--- makefile.sample.dist
+++ makefile.sample
@@ -5 +5 @@
-TOOLCHAIN= /opt/poky/1.5/sysroots/x86_64-pokysdk-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-
+#TOOLCHAIN= /opt/poky/1.5/sysroots/x86_64-pokysdk-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-
@@ -61 +61 @@
-CPPFLAGS+= -std=c++11
+#CPPFLAGS+= -std=c++11
Nokia-N900:~/adb-arm# chmod +x adb-download-make.sh
Nokia-N900:~/adb-arm# ./adb-download-make.sh
Nokia-N900:~/adb-arm# install adb /usr/local/bin/
Nokia-N900:~/adb-arm# cd
Nokia-N900:~# adb version
Android Debug Bridge version 1.0.31
On Anrdoid device:
Install wirebug via F-Droid
Configure and enable "Mobile hostpot"
Launch wirebug, enable it
Dont' forget to tick USB debugging in settings
On N900:
Connect to resulting access point. Check gateway IP address:
Nokia-N900:~# route -e | grep default | awk '{print $2}'
192.168.43.1
Connect adb:
Nokia-N900:~# adb connect 192.168.43.1
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
connected to 192.168.43.1:5555
Android device should display debugging authorization window:
Accept it, and launch the shell:
Nokia-N900:~# adb shell
shell@a3lte:/ $ uname -a
Linux localhost 3.10.49-641794 #1 SMP PREEMPT Sat Jul 11 00:57:58 KST 2015 armv7l GNU/Linux
shell@a3lte:/ $ grep ^Hardware /proc/cpuinfo
Hardware : Qualcomm Technologies, Inc MSM8916
shell@a3lte:/ $ exit
Nokia-N900:~# adb kill-server
2016-02-28 20:30
Finally migrated blog from unmaintained nanoblogger to
jekyll + github pages +
custom domain.
RSS feeds and popular content redirected to new location with apache mod_rewrite:
RewriteEngine On
...
# blog migration
# redirection exceptions first
RewriteRule ^/favicon.(.*)$ - [L]
...
# feed redirects for feed readers
RewriteRule ^/blog/feed.xml$ http://dev.lab427.net/feed.xml [R=301,L]
RewriteRule ^/b/atom.xml$ http://dev.lab427.net/feed.xml [R=301,L]
RewriteRule ^/b/rss.xml$ http://dev.lab427.net/feed.xml [R=301,L]
# known/indexed articles
RewriteRule rpi_rtl_sdr_and_diy_discone http://dev.lab427.net/rpi-rtl_sdr-and-diy-discone.html [R=301,L]
...
# the rest
RewriteRule ^(.*)$ http://dev.lab427.net [R=301,L]