Oct 22, 2014
TechnologyPackage Preparation
For openssh requires the following packages, first we have to download them all from internet.
zlib, openssl, openssh.
$ wget http://zlib.net/zlib-1.2.8.tar.gz
$ wget https://www.openssl.org/source/openssl-0.9.8zc.tar.gz
$ wget http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz
Building
Cross-compile zlib
We have to manually change the following line in Makefile :
LDSHARED=gcc -shared -Wl,-soname,libz.so.1,--version-script,zlib.map
to
LDSHARED=arm-linux-gcc -shared -Wl,-soname,libz.so.1,--version-script,zlib.map
Then:
$ ./configure --prefix=/media/nfs/rootfs/usr/
$ make CC=arm-linux-gcc AR=arm-linux-ar LD=arm-linux-ld
$ make install
Cross-compile openssh
Get the openssl’s configure help menus:
# ./Configure --help
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]
Then configure the building via:
$ ./Configure --prefix=/media/nfs/rootfs/usr os/compiler:/opt/cross/arm-linux-gcc_4.3.2/bin/arm-linux-gcc
$ make && make install
Cross-compile openssh
Configure the openssh via following command, the lib’s directory should be adjust to previous installed directory:
$ /configure --host=arm-linux --with-libs --with-zlib=/media/nfs/rootfs/usr/ --with-ssl-dir=/media/nfs/rootfs/usr/ --disable-etc-default-login CC=/opt/cross/arm-linux-gcc_4.3.2/bin/arm-linux-gcc
Make but don’t install.
Install steps:
$ cp sshd /media/nfs/rootfs/usr/local/sbin/
$ cp scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan /media/nfs/rootfs/usr/local/bin/
$ cp sftp-server ssh-keysign /media/nfs/rootfs/usr/local/libexec/
In 2440 board, run:
[root@TrustyArch busybox-1.22.1]# mkdir -p /usr/local/etc/
[root@TrustyArch busybox-1.22.1]# mkdir -p /var/run/
[root@TrustyArch busybox-1.22.1]# mkdir -p /var/empty/sshd
[root@TrustyArch busybox-1.22.1]# chmod 755 /var/empty
Generate the key files:
$ ssh-keygen -t rsa -f ssh_host_rsa_key -N ""
$ ssh-keygen -t rsa1 -f ssh_host_key -N ""
$ ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
$ cp ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub /media/nfs/rootfs/usr/local/etc/
Add lines into /etc/passwd and /etc/group in embedded system rootfs:
$ cat /etc/passwd
sshd:*:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
$ cat /etc/group
sshd:*:74:
Change the sshd_config file:
$ cp sshd_config /media/nfs/rootfs/usr/local/etc/
$ vim /media/nfs/rootfs/usr/local/etc/sshd_config
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
PermitRootLogin yes
PermitEmptyPasswords yes
UsePrivilegeSeparation no
Subsystem sftp /usr/local/libexec/sftp-server
Then start the sshd via:
/usr/local/sbin/sshd
Good, we get segment fault, later will investigate this issue.
Oct 21, 2014
TechnologyPackages
Raspberry PI runs ArchLinux, first install related packages.
$ sudo pacman -S openvpn
$ sudo pacman -S easy-rsa
$ sudo pacman -S dnsmasq
openvpn is the OpenVPN’s Kernel.
easy-rsa is used for manage the keys.
dnsmasq will acts like the domain name server.
Configuration
First Make the directory and copy the easy-rsa’s files:
# mkdir /etc/openvpn/easy-rsa
[root@alarmpi ~]# cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa
[root@alarmpi ~]# ls /etc/openvpn/easy-rsa/
build-ca build-key-pkcs12 inherit-inter sign-req
build-dh build-key-server list-crl vars
build-inter build-req openssl-1.0.0.cnf whichopensslcnf
build-key build-req-pass pkitool
build-key-pass clean-all revoke-full
Now go and run easy-rsa:
[root@alarmpi ~]# cd /etc/openvpn/easy-rsa/
[root@alarmpi easy-rsa]# source vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
[root@alarmpi easy-rsa]# ./clean-all
[root@alarmpi easy-rsa]# ./build-ca
Generate the keys and certifications
My name is Trusty_delta.
[root@alarmpi easy-rsa]# sh build-key-server Trusty_delta
[root@alarmpi easy-rsa]# ls keys/Trusty_*
keys/Trusty_delta.crt keys/Trusty_delta.csr keys/Trusty_delta.key
Diffie-Hellman Parameters
This may takes extremely long time, especially on RaspberryPI, OMG…….
[root@alarmpi easy-rsa]# sh build-dh
# cd keys
# cp ca.crt delta.crt delta.key dh2048.pem /etc/openvpn
# cd ..
Generate the private key
# source vars
NOTE:If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
root@delta:/etc/openvpn/easy-rsa# ./build-key laptop
Generating a 1024 bit RSA private key
The private key called “laptop” then we could make a directory for holding private keys and copy them into that directory.
# mkdir ~/ovpn-client
# cp ca.crt laptop.crt laptop.key ~/ovpn-client
If you develier these 3 files to client, client could use them for connecting your VPN server.
OpenVPN Server
Copy the server.conf file into /etc/openvpn/:
# cd /usr/share/openvpn/examples/
# cp server.conf /etc/openvpn/Trusty_delta.conf
# vim Trusty_delta.conf
cert delta.crt
key delta.key
dh dh2048.pem
push "redirect-gateway def1"
push "dhcp-option DNS 172.8.0.1"
Make service start automatically:
# systemctl start openvpn@Trusty_delta.conf
# systemctl enable openvpn@Trusty_delta.conf
Then we could test the vpn in other linux servers, using modified client.conf file.
Check service
Use netstat for check the status of openvpn server:
netstat -anp| grep openvpn
Following is directly copy from the ubuntu related.
DNS Server
Edit the dnsmasq.conf:
listen-address = 127.0.0.1, 172.8.0.1
bind-interfaces
Then restart the dnsmasq.
Oct 21, 2014
TechnologyCapture Window
Sometimes we want to record the window operation, we could use gtk-recordMyDesktop for doing this.
Open the gtk-recordMyDesktop then select the window, start and it will automatically capture all of your input, and save it to ogg file.
Add Background Music
use Mencoder to add a mp3 file as the background of the captured video:
$ mencoder output.ogv -o video_final.ogv -ovc copy -oac copy -audiofile xxx.mp3
Using mencoder for convert the ogv to mp4 file:
$ ffmpeg -i output.ogv -vcodec libx264 -strict -2 output.mp4
7z for split
Install 7zip, and use following command for split the big file into several 10M-size small files:
$ 7z a -v10M output.7z output.mp4
Oct 20, 2014
TechnologyPrerequisite
First you should check your Linux Version, for this tutorial is only works for ubuntu, that means, if you run archlinux/centos/debian on DigitalOcean, this tutorial won’t be fit for your need.
root@justfordemo:~# cat /etc/issue
Ubuntu 14.04.1 LTS \n \l
Upgrade to the newest system via:
root@justfordemo:~# apt-get update && apt-get upgrade
Enter Y if system asks you to confirm.
NGINX and PHP
Following commands refers to:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-14-04 and https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-nginx-on-ubuntu-14-04.
Install nginx
Install the nginx server via:
# apt-get install nginx
Get the ip address via:
# ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
10.0.0.6
fe80::a00:27ff:fe38:b7c5
Use you browser to visit http://10.0.0.6, you will see following page which indiciates the nginx works for you.
Install mysql server
Install it via:
apt-get install mysql-server
When you see following window, choose your password(You should remember this password, for it’s for administration!!!)
Then you should run following commands for install the database and enable secure installation. The suggested answer is listed as following:
root@justfordemo:~# mysql_install_db
root@justfordemo:~# mysql_secure_installation
Change the root password? [Y/n] n
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Install PHP
Install php for processing:
# apt-get install php5-fpm php5-mysql
Open the main php5-fpm configuration file with root privileges:
# nano /etc/php5/fpm/php.ini
Change
;cgi.fix_pathinfo=1
to
cgi.fix_pathinfo=0
Save and restart the php5-fpm service:
# service php5-fpm restart
php5-fpm stop/waiting
php5-fpm start/running, process 15959
Enable php prcessor in NGINX
Change the configuration file /etc/nginx/sites-available/default:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
to
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name server_domain_name_or_IP;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Visit http://10.0.0.6/info.php(assume our ipaddress is 10.0.0.6), then the picture may seems like following:
Now your webserver with php support is ready for use.
Wordpress
Create MYSQL database and users
The steps is quite simple, listed as following:
root@justfordemo:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 48
Server version: 5.5.40-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER wordpressuser@localhost IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye
Wordpress
Download the latest wordpress installation file in home directory:
# cd ~
# wget http://wordpress.org/latest.tar.gz
Unzip the tar.gz file and install, but we have to install php-gd and libssh2-php first:
# apt-get install php5-gd libssh2-php
# tar xzvf latest.tar.gz
# cd wordpress
# cp wp-config-sample.php wp-config.php
# nano wp-config.php
. . .
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wordpressuser');
/** MySQL database password */
define('DB_PASSWORD', 'password');
. . .
Make wordpress running directory and copy the source code here:
# mkdir -p /var/www/html
# rsync -avP ~/wordpress/ /var/www/html/
# chown -R www-data:www-data /var/www/html/*
# cd /var/www/html/
root@justfordemo:/var/www/html# mkdir wp-content/uploads
root@justfordemo:/var/www/html# chown -R :www-data /var/www/html/wp-content/uploads
Modify nginx blocks
# cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wordpress
# nano /etc/nginx/sites-available/wordpress
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/html;
index index.php index.html index.htm;
server_name your_domain.com;
location / {
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Now restart the service via:
# ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
# service nginx restart
# service php5-fpm restart
Now visit:
http://10.0.0.6/ you will get the wordpress configuration window, Enjoy it!!!
Oct 19, 2014
TechnologyI try to install ubuntu on ArchLinux using LXC, for the nfs server in ArchLinux seems forbidden the nfsv3’s client request, but in my joggler(which runs 12.04 server) the nfs server works OK, so I installed this version for validation.
Install method
Install the ubuntu machine via following method:
lxc-create -n Ubuntu_Container -t /usr/share/lxc/templates/lxc-ubuntu
Trouble Shooting
qemu-debootstrap
No debootstrap in Archlinux:
which: no qemu-debootstrap in
Solution: create a soft link from debootstrap to qemu-debootstrap:
lrwxrwxrwx 1 root root 11 Oct 19 20:13 qemu-debootstrap -> debootstrap
Keyrings
No keyring file:
I: Keyring file not available at /usr/share/keyrings/ubuntu-archive-keyring.gpg;
directly copy one keyring file from installed ubuntu system to local machine.
gpg Checking
gpg1v for checking signature error:
Error executing gpg1v to check Release signature
Solution: use –no-check-gpg
Edit the /usr/share/lxc/templates/lxc-ubuntu file, add –no-check-gpg after all of the debootstrap:
debootstrap --arch=amd64 --verbose --no-check-gpg
Now everything should goes OK, and you could enjoy the ubuntu installed on your lxc container.
