Posts Tagged ‘linux’

Git jira hook

This is a git hook to update JIRA server with commit info. This is a simple set of bash scripts which can be used to update a jira server with git commit information.

This work as following:

  • When a user writes a commit message in git it used the name of a JIRA issue in the format CODE-XXXX (ie. JVIN-7893). Multiple issues separated by comma are supported. Each will be updated.
  • On push the server post-receive hook updates the corresponding JIRA issue via REST API.
  • The issue custom field will be updated to contain (note that this is JIRA wiki code)

See more on gitHub

Router reboot wrapper script

This is a memory sink article. I found this nice python script which reboots a B525 router and wanted to write a wrapper script around it.

#!/bin/bash

# refs: https://github.com/jinxo13/HuaweiB525Router, https://github.com/mkorz/b618reboot

RUNDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

MAX_ATTEMPTS=10
ATTEMPT=0
TIMEOUT=60
LOCK_FILE=$RUNDIR/lock
REMOTE=google.com
LOCAL=192.168.7.1

if [ -f $LOCK_FILE ]; then
    echo "Already running, exiting"
    exit -1
fi

function finish {
  rm $RUNDIR/lock
}
trap finish EXIT

touch $RUNDIR/lock

while (( $ATTEMPT < $MAX_ATTEMPTS ))
do
    DATE=$(date +%Y%d%m-%H%M%S)
    echo -e "GET http://$REMOTE HTTP/1.0\n\n" | nc $REMOTE 80 > /dev/null 2>&1

    if [ $? -eq 0 ]; then
        echo "$DATE: Online"
        break
    else
        ping -c1 -w1 LOCAL > /dev/null 2>&1

        if [ $? -eq 0 ]; then
            echo "$DATE: Internet offline, router online, trying to reboot router, waiting $TIMEOUT"
            $RUNDIR/b618reboot/reboot_router.py
        else
            echo "$DATE: Internet offline, router offline, waiting $TIMEOUT"
        fi

        sleep $TIMEOUT
        ATTEMPT=$(( ATTEMPT + 1 ))
        TIMEOUT=$(( TIMEOUT * 2 ))
    fi
done

openssl recipes

These last days I had to tinker with openssl a lot and this is a short memory reminder of the params.

PKCS#7 manipulation

Verify pkcs#7 signature

#the -noverify means do not verify the certificate chain, this will only verify the signature not the originating certificate
openssl smime -inform DER -verify -noverify -in signature.p7s

Show the structure of the file (applies to all DER files)

#for debuging
openssl asn1parse -inform DER -i -in signature.p7s

Extract certificate and public key

openssl pkcs7 -inform DER -in signature.p7s -print_certs > certificate.crt
openssl x509 -in certificate.crt -noout -pubkey > pubKey.key

JKS certificate import

Export private key from jks keystore

#convert jks to pkcs#12 format
keytool -importkeystore -srckeystore myKeystore.jks -destkeystore myKeystore.p12
-deststoretype PKCS12 -srcalias myAlias
#export private key (WARNING, manipulate with care)
openssl pkcs12 -in myKeystore.p12  -nodes -nocerts -out myKey.pem

Check .csr or .crt public key against a private key

This will generate the sha256 hash for the public key, compare manualy. Very useful if you lost your key or are getting “No certificate matches private key”.

#generate hash for pubKey generated from privateKey
openssl pkey -in myPrivateKey.key -pubout -outform pem | sha256sum 
#generate hash for pubKey from cert
openssl x509 -in myCertificate.crt -pubkey -noout -outform pem | sha256sum 
#generate hash for pubKey from csr
openssl req -in myCSR.csr -pubkey -noout -outform pem | sha256sum

Convert p7b signed certificate response to jks keystore

This is very useful if you lost your jks keystore containing the original .csr

#export certs from signed certificate response to .pem
openssl pkcs7 -print_certs -in myStore.p7b -out certs.pem
#combine certs and key in pkcs#12 format
openssl pkcs12 -export -name server -in certs.pem -out myKeystore.p12 -inkey myPrivateKey.key
#convert pkcs#12 to jks
keytool -importkeystore -srcstoretype pkcs12 -srckeystore myKeystore.p12 -destkeystore myKeystore.jks

Remove old kernels

for i in $(dpkg --list | grep linux-image | cut -c5-48 | grep -v $(uname -r) | grep -v linux-image-generic); do apt-get remove --purge -y $i; done

Simple hdmi activate script

This is a simple script I bound to ‘meta+F7’ to activate a second hdmi display I am using:

INTERNAL=eDP1
EXTERNAL=HDMI2
LOCK=/tmp/${EXTERNAL}.on
 
disper -l | grep $EXTERNAL
 
function on {
    disper -e -d $INTERNAL,$EXTERNAL -r 1920x1080,1920x1080
    touch $LOCK
}
 
function off {
    disper -s -d $INTERNAL -r auto
    rm -f $LOCK
}
 
if [ $? -eq 1 ]; then #there is no EXTERNAL, run single command
    off
elif [ -f $LOCK ]; then
    off
else
    on
fi

 

Parsing network stream into http request/response

The need was to convert the network stream into clear text http request/responses while doing some decoding of the response body. For instance:

request uri + queryString => response body

  1. Capture the stream – easy using tcpdump
  2. Filter the http stream – easy using wireshark with a tcp.port eq 80 filter
  3. Export http #1. using wireshark file -> export objects -> http. This works fine only for files. It does not work for POST requests. FAIL.
  4. Using tshark and a combination of -Tfields and -e parameters. Did not worked easily enough even if I suspect it would. FAIL.
  5. Using tcpflow:  tcpflow -r test.pcapng -ehttp. This generates some nice flows but it had some disadvantages: requests and responses are in different files and are flow sorted not time sorted. I think this can be overcome by writting a script which parses: report.xml using something like this. FAIL.
  6. Final idea was based on pcap2har which parses a .pcap file to a har. Some changes to main.py and voila:
logging.info('Flows=%d. HTTP pairs=%d' % (len(session.flows), len(session.entries)))
 
for e in sorted(session.entries, key=lambda x: x.ts_start):
    if e.request.msg.method == 'GET':
        print 'GET', e.request.url
    elif e.request.msg.method == 'POST':
        print 'POST', e.request.url, urlencode({k: v[0] for k, v in e.request.query.items()})
    if e.response.mimeType == 'application/octet-stream':
        print decode(e.response.text, options.password)
    else:
        print 'unknown:', e.response.mimeType, e.response.raw_body_length
    print '\n'
 
#write the HAR file

 

Ubuntu 16.04

I’we used ubuntu since edgy days and migrating from gentoo. Things got better each time, until they started getting worse or until I started to expect not to have to fix and patch each time. So now I don’t feel like giving any impression, just a list of bugs:

Searching for signal

For the last few years, one of the tool I have greatly used is a Huawei E587 modem. It’s a great little device which gave me a lot of freedom. Even if it is quite old, it outperforms, even without an external antenna any smartphone I used for tethering and especially my new Samsung Galaxy S5 Neo which, as a parenthesis, has one of the poorest software I have ever seen, reminds me of a circa 2000 windows pre-installed on a laptop and filled with junkware.

However, as many other devices, the reporting of signal strength is very simplistic. My goal was to be able to identify the best spot for the external antenna defined by the best signal strength.

(more…)

Running chrome in docker with audio

The goal is to run google-chrome in a docker container with audio support. I did this trying to get skype.apk to run in archron since skype for linux does not support conferencing anymore. Even if running skype in archron did not seemed to work chrome runs flawlessly with audio support via pulse:

So here is the Dockerfile:

FROM ubuntu:14.04
MAINTAINER len@len.ro
 
RUN apt-get update && apt-get install -y wget pulseaudio && echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list && wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add - && apt-get update && apt-get install -y google-chrome-stable
 
RUN rm -rf /var/cache/apt/archives/*
 
RUN useradd -m -s /bin/bash chrome
 
USER chrome
ENV PULSE_SERVER /home/chrome/pulse
ENTRYPOINT [ "google-chrome" ]

You can build your container using:

docker build -t len/chrome .

The run it using:

docker run -it -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=$DISPLAY -v $HOME/Downloads/chrome:/home/chrome/Downloads -v /run/user/$UID/pulse/native:/home/chrome/pulse -v /dev/shm:/dev/shm --name chrome len/chrome

 

Ensure rPi connectivity

The problem: make sure I can connect to my raspberry pi B+ even if no network is available or network change.

The idea: set a static IP.

First some information:

  • running raspbian 8.0 (cat /etc/issue)
  • there is no need for a crossover UTP cable if you connect directly to the device you can use a normal cable
  • IP configuration is delegated from /etc/network/interfaces to the dhcpcd daemon. This is why the eth0 is set on manual.

I did not wanted to crash default config. Just wanted to ensure the device will be visible. So I just added an aliased (virtual) interface with a fixed ip:

 

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
 
auto lo
iface lo inet loopback
 
iface eth0 inet manual
 
auto eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static
address 10.13.0.201
netmask 255.255.255.0
network 10.13.0.0
 
allow-hotplug wlan0
iface wlan0 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
 
allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

This is my /etc/network/interfaces. You can now use a normal UTP cable to connect directly to the PI or on the LAN by setting an IP in the same class:

ifconfig eth0 10.13.0.1 up

Please note that if you are on ubuntu and have a NetworkManager controlled interface you might need to disable auto-control by editing /etc/NetworkManager/NetworkManager.conf (see the unmanaged-devices section)

[main]
plugins=ifupdown,keyfile,ofono
dns=dnsmasq
 
[ifupdown]
managed=false
 
[keyfile]
unmanaged-devices=mac:xx:xx:xx:xx:xx:xx