commit d4bae1bcd3a38e5dd2d3d11637a3cde711216357
parent 3b75de040cc623fe6a53fa134068e92720918860
Author: lash <dev@holbrook.no>
Date: Sun, 23 Oct 2022 13:11:33 +0100
Add remaining drafts files from october
Diffstat:
5 files changed, 436 insertions(+), 0 deletions(-)
diff --git a/content/20221005_forro_wala.rst b/content/20221005_forro_wala.rst
@@ -0,0 +1,14 @@
+End to end encrypted contact form
+#################################
+
+:date: 2022-10-05 10:01
+:modified: 2022-10-05 10:01
+:category: Code
+:author: Louis Holbrook
+:tags: wala,forro,pgp,crypto,messaging
+:slug: forro-wala
+:summary: A end-to-end encrypted, self-hosted contact form that protects sender anonymity
+:lang: en
+:status: draft
+
+
diff --git a/content/20221015_fresh_git.rst b/content/20221015_fresh_git.rst
@@ -0,0 +1,153 @@
+Keeping your gits in a row
+##########################
+
+:date: 2022-10-15 14:49
+:modified: 2022-10-15 14:49
+:category: Archiving
+:author: Louis Holbrook
+:tags: git,bash
+:slug: git-fresh
+:summary: Scripts to keep your local git clone fresh, and help you move them around.
+:lang: en
+:status: draft
+
+
+I believe that if you use a piece of code, you are also responsible for making sure that that code is available in the future.
+
+In this spirit, I decided a couple of years ago that I would keep a full clone of all VCS repositories that I use.
+
+
+Dude, I can't be bothered
+=========================
+
+Yeah, yeah, I hear ya.
+
+But imagine that one day you cannot reach the code repository anymore.
+
+It could be because you are working where internet is scarce or impossible to rely on.
+
+It could be that you have to cope with what was in your faraday cage when a giant solar flare happened.
+
+It could be that you, or the author of the code, have been cut off by the accelerating `weaponization of everything <https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/>`_.
+
+Or maybe none of the above happened. But you still understand and appreciate what it means to build a truly decentralized society, where we all participate and contribute, not only consume.
+
+
+Git organized
+=============
+
+For every `git` repository that I use, I actually keep a *local copy* on my daily device.
+
+I also keep a copy on a device at home, *and* on a remote device.
+
+My thinking is:
+
+1. If I lose my laptop, I have two copies
+2. If my house burns down, I have two copies
+3. If my house burns down *with* my laptop inside, I have *at least one more copy*.
+
+... and so on.
+
+
+I hate to move it, move it
+==========================
+
+Sometimes we have to, though,.
+
+And what can be a real pain is to move heaps of code repositories around. For example if you are moving to a new machine, or want to bootstrap a new copy without having to source the data yourself.
+
+To make this easier, I wrote the `gitrefresh bash tool <https://git.defalsify.org/gitrefresh>`_ to copy only the minimum of information required to source the data from a remote. [1]_
+
+
+
+
+Freshening up
+=============
+
+To make sense of what is what in the repository store, I use a simple folder structure.
+
+Obviously, when I create copies of the repository store, I would like to keep the same folder structure. So the tool needed to make that possible.
+
+Additionally, what's needed are tools to bootstrap a repository group from a list, and a tool to refresh those repositories periodically once they've been bootstrapped.
+
+To achieve this, I actually wrote `three tools <https://git.defalsify.org/gitrefresh>`_, as follows:
+
+
+`gitlist.sh`
+------------
+
+create a list of `git` repositories under a filesystem path, with the option of preserving the directory structure.
+
+
+`gitstart.sh`
+-------------
+
+clone `git` repositories from a list generated from :code:`gitlist.sh`, with or without direcory structure.
+
+
+`gitrefresh.sh`
+---------------
+
+fetch and merge updates from remotes of each repository under a directory.
+
+
+Behavior
+========
+
+The :code:`gitlist.sh` and :code:`gitrefresh.sh` tools work more or less the same way.
+
+They traverse a directory structure recursively.
+
+Every time a valid git repository is found, that repository is processed. Afterwards, the tool will exit to the parent folder. [2]_
+
+
+Example
+-------
+
+Let's say we have three repositories that we are mirroring locally:
+
+* :code:`https://github.com/bitcoin/bips` under :code:`btc/bips`
+* :code:`https://aur.archlinux.org/libkeccak.git` under :code:`os/archlinux/aur/libkeccak`
+* :code:`git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git` under :code:`linux/linux`
+
+First we use :code:`gitlist.sh` to generate the list of repos to bootstrap [3]_:
+
+.. code:: console
+
+ $ gitlist.sh -p | tee gitlist.txt
+ https://github.com/bitcoin/bips btc/bips
+ https://aur.archlinux.org/libkeccak.git os/archlinux/aur/libkeccak`
+ git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux/linux`
+
+
+Using :code:`gitstart.sh` with this list, we can restore this bunch of repositories *with* the same directory structure anywhere else:
+
+.. code:: console
+
+ $ cd /path/to/new/repos/location
+ $ gitstart.sh < gitlist.txt
+
+Now, the idea is that from time to time you should get the latest changes from the upstream source.
+
+I simply combine :code:`gitrefresh.sh` with :code:`cron` to do this on the remote, while manually doing the refresh locally once in awhile.
+
+Using the tool, all it takes is:
+
+.. code:: console
+
+ $ cd /path/to/new/repos/location
+ $ gitrefresh.sh pull
+
+
+..
+
+ .. [1] Yes. I didn't get beyond `git` yet. But at least it's a start.
+
+..
+
+ .. [2] This, of course, means that the tool will not automatically archive code from *submodules*. The submodule construct is a target of both a lot of love and a lot of hate. Personally, I like it. But at the same time it is my opinion that it does not absolve us from *knowing* and being *mindful* which submodules a repository is using, and thus making sure that we have an independent clone of that repository.
+
+..
+
+ .. [3] We add the :code:`-p` flag to preserve the directory structure on disk.
+
diff --git a/content/20221015_linux_prep.rst b/content/20221015_linux_prep.rst
@@ -0,0 +1,31 @@
+The linux prepper
+#################
+
+:date: 2022-10-15 14:37
+:modified: 2022-10-15 14:37
+:category: Offlining
+:author: Louis Holbrook
+:tags: linux,gnu
+:slug: linux-prep-basic
+:summary: If you were stranded on a digital island with no internet, then what would wish you had brought?
+:lang: en
+:status: draft
+
+
+To be honest, I don't even consider keeping your own copies of software and/or version histories as "prepping."
+
+In fact, I find it digusting to what degree we all take it for granted that there will be *someone* out there making sure that you have what you need at all times.
+
+I believe this is a responsibility we all have. Making sure linux is always available is not the responsibility of the Linux Foundation. We all share this responsibility. And taking that responsibility doesn't require much.
+
+
+## Planning your stores
+
+An important question in any backup scheme is how many copies should you have, and where should you store them.
+
+I keep a remote (VPS) copy and a copy on a device at home. In the case of software that I need frequent access to, like package repositories for code languages or the OS, I keep a copy either on my daily device or a portable external disk.
+
+
+## Fresh your git
+
+A couple of years back I wrote a tool that I've come to find indispensable in both keeping my git clones up-to-date, but also
diff --git a/content/20221020-gnunet-debian-qemu.rst b/content/20221020-gnunet-debian-qemu.rst
@@ -0,0 +1,177 @@
+gnunet on qemu from scratch
+###########################
+
+:date: 2022-10-20 14:40
+:modified: 2022-10-20 14:40
+:category: Hygiene
+:author: Louis Holbrook
+:tags: gnunet,p2p,debian,qemu
+:slug: gnunet-debian-qemu
+:summary: Set up a clean gnunet instance using debian on a qemu guest.
+:lang: en
+:status: draft
+
+
+..
+
+ $ fallocate -l4g deb.bin
+ $ fallocate -l2g data.bin
+ $ wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-11.5.0-amd64-netinst.iso
+ $ qemu-system-x86_64 -cdrom debian-11.5.0-amd64-netinst.iso -drive format=raw,file=deb.bin --enable-kvm
+ # in another terminal window
+ $ vncviewer localhost:5900
+
+Depends
+
+..
+
+ git
+
+..
+
+ gcc
+ automake
+ autoreconf
+ make
+ autopoint
+ recutils
+ libgnutls30
+ iptables
+ gettext
+ libtool
+ libidn2-dev
+ libltdl-dev
+ libtool
+ libgcrypt-dev
+ libmicrohttpd-dev
+ libunistring-dev
+ libjansson-dev
+ libjose-dev
+ libgmp-dev
+ libcurl4-gnutls-dev
+ texinfo
+ pkg-config
+ libz-dev
+ libsodium-dev
+ libsqlite3-dev
+ net-tools
+ miniupnpc
+
+Optionals:
+
+* miniupnpc for upnpc support
+* net-tools provides ifconfig
+
+
+..
+
+ $ git clone -b v0.17.6 https://git.gnunet.org/git/gnunet.git
+ $ cd gnunet
+ $ ./bootstrap
+ $ ./configure --disable-documentation --enable-logging=veryverbose
+ $ make
+ $ mkdir build
+ $ make install DESTDIR=$(realpath build)
+
+
+..
+
+ $ cat <<eof > src.sh
+ set -a
+ export LD_LIBRARY_PATH=$(realpath build/usr/local/lib)
+ export PATH=$(realpath build/usr/local/bin):$PATH
+ set +a
+ eof
+ $ mkdir ~/.config
+ $ touch ~/.config/gnunet.conf
+
+
+..
+
+ $ . src.sh
+ $ gnunet-arm -s
+
+
+## Set up virtual TAP network
+
+Set up netdev group and udev rule
+
+..
+
+ $ groupadd -U <user> netdev
+ $ cat <<eof > /etc/udev/rules.d/netdev-tun.rules
+ KERNEL=="tun", GROUP="netdev", MODE="0660", OPTIONS+="static_node=net/tun"
+ eof
+
+Given device on host connected to internet is :code:`eth0`
+
+Source `stty.io`_ for setup and parms.
+
+Source `stackoverflow.com`_ for iptables rule
+
+..
+
+ $ sudo -s
+ $ ip tuntap add mode tap name vmm0 group netdev
+ $ ip link set vmm0 up
+
+..
+
+ # seems bridge is not needed, so skip this
+ # if bridge not exists
+ $ ip link add brr type bridge
+ # else
+ $ ip addr flush dev brr
+ $ ip addr add 192.168.99.0/24 dev brr
+ $ ip link set vmm0 master brr
+ $ ip link set brr up
+
+..
+
+ # if dhcp
+ $ dnsmasq --interface brr --dhcp-range=192.168.9.100,192.168.9.250
+
+ # make sure dhcp traffic is broadcast
+ $ iptables -C QEMU
+ $ iptables -I INPUT 1 -i brr -j QEMU
+ $ iptables -A QEMU -i brr -p udp -s 0.0.0.0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+
+
+..
+
+ $ iptables -t nat -A POSTROUTING -s 192.168.99.0/24 ! -d 192.168.99.0/24 -j MASQUERADE
+ # if forwarding is restricted
+ $ iptables -A FORWARD -i brr -j ACCEPT
+ $ iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+ # start it
+ # if more than one node, new tap interface and different mac - otherwise the mac may be set to same on both guests!
+ $ qemu-system-x86_64 -drive file=deb.bin,format=raw -drive file=data.bin,format=raw,mac=50:12:34:56:78:90 -m 2g --device virtio-net-pci,netdev=vmm0 -netdev tap,id=vmm0,ifname=vmm0,script=no,downscript=no --enable-kvm
+
+
+### Connect guest to host network
+
+There will be one interface set up inside the guest, with an ip from dnsmasq. Mine received the name :code:`ens3`.
+
+My device connected to internet was on :code:`192.168.8.147/24`.
+
+
+..
+
+ # if not dhcp
+ $ ip addr add 192.168.99.13/24 dev ens3
+
+ # TODO check if we can use --dhcp-option for dnsmasq instead to set these automatically
+ $ ip route add 192.168.8.0/24 dev ens3
+ $ ip route add default via 192.168.8.147
+
+..
+
+ # to ssh to the guest if using bridge, make sure specify explicit interface
+ $ ssh -b 192.168.8.147 root@192.168.99.13
+
+..
+
+ _stty.io: https://stty.io/2019/05/13/qemu-vm-wireguard-vpn-tun-tap-networking/
+
+ _stackoverflow: https://unix.stackexchange.com/questions/525822/nat-configuration-for-qemu-kvm-guest-and-host-networks
diff --git a/content/20221021_gnunet_nonstandard_ext.rst b/content/20221021_gnunet_nonstandard_ext.rst
@@ -0,0 +1,61 @@
+non-standard gnunet location
+############################
+
+:date: 2022-10-21 17:30
+:modified: 2022-10-21 17:30
+:category: Code
+:author: Louis Holbrook
+:tags: gnunet,c
+:slug: gnunet-nonstandard-lib-location
+:summary: Building a gnunet application using a non-standard gnunet library location
+:lang: en
+:status: draft
+
+
+
+## build gnunet
+
+.. code-block:: console
+
+ $ cd <gnunet-repo-dir>
+ $ ./bootstrap
+ $ mkdir build
+ $ export GNUNET_BUILD_DIR=$(realpath build)
+ $ ./configure --prefix=$GNUNET_BUILD_DIR --enable-logging=veryverbose --disable-documentation
+ $ make -j8 # or whatever cpu count you have
+ # will be installed in ./build
+ $ make install
+
+## build extension
+
+.. code-block:: console
+
+ $ cd <gnunet-ext-repo-dir>
+ $ export PKG_CONFIG_PATH=$GNUNET_BUILD_DIR/lib/pkgconfig/
+ $ ./bootstrap
+ $ ./configure --with-gnunet=$GNUNET_BUILD_DIR --prefix=$GNUNET_BUILD_DIRk
+ # libgnunetext.so is not available at build time if we don't make this first.
+ $ pushd src/ext
+ $ make libgnunetext.la
+ $ popd
+ $ make -j8 CFLAGS="-I$GNUNET_BUILD_DIR/include -L$GNUNET_BUILD_DIR/lib -llibgnunetext"
+ $ make install
+
+## run extension
+
+.. code-block:: console
+
+ $ GNUNET_BUILD_DIR=/home/lash/src/build/gnunet/0.17.6/build
+ $ GNUNET_EXT_BUILD_DIR=$(realpath ./build)
+ $ PATH=:$GNUNET_EXT_BUILD_DIR/lib/gnunet/libexec:$GNUNET_BUILD_DIR/bin:$PATH
+ $ LD_LIBRARY_PATH=/home/lash/src/build/gnunet/0.17.6/build/lib
+ $ ./build/lib/gnunet/libexec/gnunet-service-ext -c ~/.config/gnunet.conf -L debug
+
+
+## run with arm
+
+*change* the :code:`.libname` in the *project description struct* to "libgnunetutil." Otherwise it will produce the wrong configuration path. [1]_
+
+
+..
+ .. _[1]: Services in 0.17.6 get their configuation variables from :code:`/proc/<pid>/maps` by taking the path of `libgnunetutil`. The extension template source filess me the :code:`.libname` is named after the project. However, it does not seem to build (and load) that object when starting the service in its template form. Instead, the binary executable (:code:`libexec`) path is used.