CyanogenMod 9 for HTC Wildfire S

Posted on 23rd January 2012 in Development, Linux

I’ve got a new gadget, a nice and small Android based smartphone, the HTC Wildfire S (WFS). The week before I got it alquez finished porting CyanogenMod 7 to the wfs. I’ve installed it and started to use it. After some time I was curios how to build the system. I’ve asked alquez how to set it up and I built it from source. Then I got interested in Android 4.0 and looked at CM9. After I managed to build it, it booted with the CM7 kernel and you could get a shell but that was it. So I’ve started to look into the Kernel and read CM9 code. Now after two weeks of work the device shows a UI. The questions if it will work in the end. Most of the stuff is Open Source but you rely on some binary libraries for OpenGL and maybe will not work out in the end. Android 4.0 relies on a lot of features of the 3.0 Kernel, new netfilter modules, updated graphics stuff etc.

If it will not work out in the end, at least I worked on the Kernel ;)

flattr this!

comments: 4 »

strace

Posted on 10th October 2011 in Linux, RedHat

You’re traveling with your netbook and the network doesn’t work. Normally you start to debug it and look with strace what’s going on. But hey, Fedora doesn’t install strace by default and you can’t install it cause the network doesn’t work…

m(

flattr this!

comments: 2 »

jailbash

Posted on 2nd September 2011 in KDE, Linux

chroot for users suck!

It is work to maintain them and all in all you have to do a lot of nasty hacks to get it going! In the meantime AppArmor is in the mainline kernel. It is pretty simple to write rules for it and you can easily update it with tools like ‘logprof’.

Here is a small howto to trap users in their home directory with a simple AppArmor profile. First you need to compile the following C code:

#include <unistd.h>

int main(int argc, char *argv[]) {
    return execv("/bin/bash", argv);
}

gcc -o jailbash jailbash.c

Then move the binary to /bin.

The next step is to create an AppArmor profile for the jailbash. So create the file /etc/apparmor.d/bin.jailbash and add the following content:

# Last Modified: Tue Jun  7 08:53:41 2011
#----------------------------------------------------------
#
# JAILBASH
#
#----------------------------------------------------------

#include 

/bin/jailbash {
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 

  deny /bin/df r,
  deny /etc/bash_command_not_found r,

  /bin/ r,
  /bin/bash rix,
  /bin/cat rix,
  /bin/chmod rix,
  /bin/chown rix,
  /bin/cp rix,
  /bin/date rix,
  /bin/egrep rix,
  /bin/grep rix,
  /bin/gunzip rix,
  /bin/gzip rix,
  /bin/jailbash rix,
  /bin/ln rix,
  /bin/ls rix,
  /bin/mkdir rix,
  /bin/mktemp rix,
  /bin/more rix,
  /bin/mv rix,
  /bin/ping rix,
  /bin/readlink rix,
  /bin/rm rix,
  /bin/rmdir rix,
  /bin/sed rix,
  /bin/sleep rix,
  /bin/tar rix,
  /bin/touch rix,
  /bin/uname rix,
  /bin/vim rix,
  /bin/vim-normal rix,
  /bin/zcat rix,
  /dev/null rw,
  /dev/urandom r,
  /etc/ r,
  /etc/manpath.config r,
  /etc/opt/ r,
  /etc/sysconfig/console r,
  /etc/sysconfig/mail r,
  /etc/sysconfig/news r,
  /etc/sysconfig/proxy r,
  /etc/sysconfig/suseconfig r,
  /etc/sysconfig/windowmanager r,
  /etc/vimrc r,
  owner /home/*/ r,
  owner /home/*/** rwl,
  /opt/ r,
  owner /proc/*/cmdline r,
  owner /proc/*/exe r,
  owner /proc/*/mounts r,
  /proc/loadavg r,
  /usr/X11R6/bin/ r,
  /usr/bin/ r,
  /usr/bin/dircolors rix,
  /usr/bin/head rix,
  /usr/bin/id rix,
  /usr/bin/less rix,
  /usr/bin/man rix,
  /usr/bin/manpath rix,
  /usr/bin/mc rix,
  /usr/bin/scp rix,
  /usr/bin/screen rix,
  /usr/bin/ssh rix,
  /usr/bin/ssh-add rix,
  /usr/bin/ssh-agent rix,
  /usr/bin/ssh-copy-id rix,
  /usr/bin/ssh-keygen rix,
  /usr/bin/ssh-keyscan rix,
  /usr/bin/tail rix,
  /usr/bin/tty rix,
  /usr/bin/vim-enhanced rix,
  /usr/bin/wget rix,
  /usr/bin/which rix,
  /usr/lib*/git/git-update-ref rix,
  /usr/lib*/mc/cons.saver rix,
  /usr/lib*/ssh/sftp-server rix,
  /usr/lib*/ssh/ssh-keysign rix,
  /usr/local/bin/ r,
  /usr/share/git-core/*/ r,
  /usr/share/mc/** r,
  /usr/share/vim/** r,
}

This allows the user to execute the most basic commands he needs and allows ssh, sftp and git access. The user has access to some binaires and and can read directories he need for a working shell, like /usr/lib. The owner flag allows him only to write in his own home directory and browse only his home directory.

The next step is to create a new user and use /bin/jailbash as the bash. You can update the profile using logprof or manually if you watch /var/log/audit/audit.log.

flattr this!

comments: 5 »

Debugging cgit

Posted on 4th August 2011 in Linux

For my git repositories I use cgit as the web frontend. The package I used had a problem displaying the treeview. Looking at /var/log/messages I saw that it segfaults. I’ve already fixed a segfault in cgit some time ago. I wondered how I was able to get gdb attached to it. It took me some time to figure it out so this is the way to document it for the future. Maybe someone else will find this useful.

The command to display the html on the commandline is:

CGIT_CONFIG="/srv/www/vhosts/libssh/cgitrc" /srv/www/cgi-bin/cgit/cgit.cgi 1>cgit.html 2>cgit.log

This will write the html output to cgit.html and the errors to cgit.log. So if you want to display a tree of the project, the url to it would be for example: http://git.libssh.org/projects/libssh.git/

So on the commandline this is:

QUERY_STRING="url=projects/libssh.git" CGIT_CONFIG="/srv/www/vhosts/libssh/cgitrc" /srv/www/cgi-bin/cgit/cgit.cgi 1>cgit.html 2>cgit.log

and if you need gdb to get a segfault you can simply use:

QUERY_STRING="url=projects/libssh.git/tree" CGIT_CONFIG="/path/to/libssh/cgitrc" gdb /srv/www/cgi-bin/cgit/cgit.cgi

It segfaulted cause the current version doesn’t support git 1.7.6 and a NULL pointer was passed to a function instead of the right values.

flattr this!

comments: 2 »

libsmbconf

Posted on 14th April 2011 in Development, KDE, Linux, Samba

Three years ago Michael Adam created a nice library to easily read the Samba configuration or modify it if it is stored in the registry. Since we have a new build system it is much easier to create shared libraries, I’ve created a public smbconf library now. The library can be used to setup Samba or Winbind without touching any files. Ok, smb.conf needs one entry: config backend = registry. This library should be available with Samba 3.6 which will be released some time this year.

You can find the documentation for the new library here.

flattr this!

comments: 0 »

Logitech Linux Mouse Support

Posted on 22nd February 2011 in Gaming, Hardware, KDE, Linux

Maybe you ask: Why is there still no new version of lomoco to support the latest Logitech Mice?

The answer is that I still don’t know how they detect a mouse connected to a receiver. Maybe they just have a table which defines which mice come with which receiver and then try some commands. If it fails it is mouse X and if not it must be mouse Y.

I already wrote some proof of concept for the new protocol and sometimes people contact me and the proof of concept is enough for them. So here is a list of small proof of concept utils:

g_hack.c

This is a tool to change the resolution on some gaming mice like the G5, G7 and G9.

http://git.lomoco.org/projects/lomoco.git/tree/proof-of-concept/g_hack.c

lomoco_battery.c

Battery information for a lot of cordless mice like MX, VX and VX Nano.

http://git.lomoco.org/projects/lomoco.git/tree/proof-of-concept/lomoco_battery.c

lomoco_reconnect.c

This allows you to reconnect your cordless mouse to the receiver. This is for MX, VX or VX Nano.

http://git.lomoco.org/projects/lomoco.git/tree/proof-of-concept/lomoco_reconnect.c

flattr this!

comments: 44 »

Diaspora and mod_passenger

Posted on 21st January 2011 in Development, Linux

Maybe you’ve heard already of the privacy aware, personally controlled, open source social network Diaspora. I’ve wanted to try Diaspora so I’ve setup my own seed of Diaspora, they are called pods.

I don’t wanted to run Diaspora with thin so I decided to go with mod_passenger on apache2. I will describe what you need to do to set it up and get it running with mod_passenger.

Instructions

  1. I’ve created a user for diaspora which is in the group www. This is the group apache2 is running as. So you can give write access to this group on directories diaspora needs write access.
  2. To get the basics you should read the official howto first. You should install the required packages and checkout the repository as the user diaspora.
  3. Create and edit config/app_config.yml and config/database.yml as described in the howto. You don’t need to run script/server I will cover this in the following instructions.
  4. If you have created the config files, set up the mysql database then you should create the initial database layout. You can do this with RAILS_ENV=production rake db:seed:dev.
  5. Don’t forget to run jammit to precompile the css files with: bundle exec jammit. You need to redo this step every time you pull changes from the git repository.
  6. Time to install mod_passenger and get it loaded by apache2. You need a virtual host configuration for your pod which should look like this:

            # General setup for the virtual host
        DocumentRoot "/path/to/diaspora/pod/public"
        ServerName pod.example.com:443
        ServerAdmin webmaster@example.com
        ErrorLog /var/log/apache2/pod/error_log
        TransferLog /var/log/apache2/pod/access_log

        SetEnv RAILS_ENV production
        # This enables mod_passenger
        Include /etc/apache2/conf.d/mod_passenger.conf

        <Directory "/path/to/diaspora/pod/public">
                Options +FollowSymlinks -MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
  7. You need to run two processes in the background, one of them is websocket: RAILS_ENV=production ruby script/websocket_server.rb &
  8. The second process is a resque worker. It is responsible for background tasks. You can start it with: RAILS_ENV=production QUEUE=receive,mail,receive_local,socket_webfinger,http_service,http,receive_salmon bundle exec rake resque:work

Feel free to ask questions, I will try to extend the howto.

apparmor and mod_passenger

It is possible to protect passenger with apparmor. You need to create the following wrapper:

passenger.c

#include 

int main(int argc, char *argv[]) {
    return execv("/usr/bin/ruby", argv);
}

I’ve compiled it with gcc -o passenger passenger.c and move it to /usr/local/bin/passenger. Then set the variable PassengerRuby “/usr/local/bin/passenger” and created an apparmor profile for it.

flattr this!

comments: 2 » tags: , , ,

CMake Java Support

Posted on 15th January 2011 in Development, Linux

At the end of last year I’ve worked on Dogtag PKI, which is enterprise-class open source Certificate Authority.

The project is written in serveral different laguages (C, C++ and Java), so I’ve used CMake as the new build system. I know CMake very well and use it since a long time. To be able to build the java project I needed Java support in CMake. The current support is broken and after talking to Bill Hoffman he suggested to write CMake functions. So I’ve started to write functions to compile java files, find jar files, bundle jar files and generate javadoc.

My Java support for CMake should provide everything you need to build java and jni projects. You find the files here:

http://git.cryptomilk.org/projects/cmake-tools.git/tree/language/java

FindJNI.cmake:

Find JNI libraries and headers. I think this is the file from CMake itself.

FindJava.cmake:

Find all needed Java tools like javac, javadoc, jar, etc.

UseJava.cmake:

This file provides all needed function to support creating java projects in CMake. Most of the function are documented in detail. There is some documentation missing. I will try to add it soon.

UseJavaClassFilelist.cmake:

This is needed to find the class files in the build directory. One .java file can create multiple .class files. So you have to glob for these file. There is support to only look for certain .class files.

UseJavaSymlinks.cmake:

This is a helper to create symlinks for versioned jar files.

To checkout the tree use:

git clone git://git.cryptomilk.org/projects/cmake-tools.git

It would be nice if this would be included into the CMake distribution, but at
the moment there is still documentation missing. I hope that this will help
some people to get their Java project built with CMake.

Comments, suggestions and patches are welcome!

UPDATE

This work is upstream and will be available with CMake 2.8.6 (September 2011).

flattr this!

comments: 2 » tags: ,

Weave for PIM?

Posted on 9th January 2011 in KDE, Linux

Last year I discovered Mozilla Weave (now Sync). Weave is a Firefox addon and they offer the server components to install your own weave server. It offers everything I would like to have for PIM. So lets start with some details…

The Firefox Sync addon synchronizes the following things between your browsers/computers:

  • bookmarks
  • history
  • forms
  • prefs
  • tabs
  • passwords

The data stored on the weave server should be as private, and as safe, as data on your personal computer or device so they get encrypted on the client by a password only the user knows. So a server operator can’t read the information or disclose them.
The bookmarks are translated into a json format and added as a part to the weave json format. This is encrypted and the encrypted data is sent to the server. You can find more information about the storage format here.

On a second machine you configure the Firefox addon too. You select the synchronization profile (merge this data with my sync data, replace all data with my sync data, replace all other computers data with this data), enter your password for the encrypted data and start the synchronization. The data is downloaded and the sync engine synchronizes everything ins the json format and then translates it to the data store of firefox. I was really astonished how perfect this works.

And exactly this is what I miss for my PIM data! I would like to have my calender and addressbook in weave. This way it would be stored safely on my server. As soon as my machine has a connection to the weave server it should be synchronized or merged together.

I need a 72 hour day.

flattr this!

comments: 9 » tags: ,

gdb backtrace to file

Posted on 23rd December 2010 in KDE, Linux

I wanted a simple command to get a backtrace in a file from gdb. It took me years to finally discover and craft this command!

alias bt='echo 0 | gdb -batch-silent -ex "run" -ex "set logging overwrite on" -ex "set logging file gdb.bt" -ex "set logging on" -ex "set pagination off" -ex "handle SIG33 pass nostop noprint" -ex "echo backtrace:\n" -ex "backtrace full" -ex "echo \n\nregisters:\n" -ex "info registers" -ex "echo \n\ncurrent instructions:\n" -ex "x/16i \$pc" -ex "echo \n\nthreads backtrace:\n" -ex "thread apply all backtrace" -ex "set logging off" -ex "quit" --args'

bt $crashing_application

This will create gdb.bt in your current directory.

flattr this!

comments: 3 » tags: ,
« Previous