Posts
3556
Following
214
Followers
361
Linux kernel maintainer. Compilers and virtualization at Parity Technologies.

Jarkko Sakkinen

need this for my #btrfs to #ext4 migration šŸ¤· https://codeberg.org/jarkko/adhoc-backup #git

#codesberg - ā€œProbably the best git hosting in the worldā€

2
0
1

Jarkko Sakkinen

Edited 6 months ago
why not? šŸ¤·luks allows to do that why build imaginary blocks...
1
0
0

Jarkko Sakkinen

Really started to like Woodpecker :-) Nicest CI experience so far...
0
0
0

Jarkko Sakkinen

after a bit of adaptation i feel at home with #woodpecker #ci :-) #codeberg
0
0
0

Jarkko Sakkinen

Using #Storj and local #Nextcloud (one per machine) is actually quite easy:

!/usr/bin/env bash
# Taken from https://fedoramagazine.org/nextcloud-20-on-fedora-linux-with-podman/.

podman network create nextcloud-net
podman volume create nextcloud-app
podman volume create nextcloud-data
podman volume create nextcloud-db

# MariaDB
podman run --detach \
           --env MYSQL_DATABASE=nextcloud \
           --env MYSQL_USER=nextcloud \
           --env MYSQL_PASSWORD=DB_USER_PASSWORD \
           --env MYSQL_ROOT_PASSWORD=DB_ROOT_PASSWORD \
           --volume nextcloud-db:/var/lib/mysql \
           --network nextcloud-net \
           --restart on-failure \
           --name nextcloud-db \
           docker.io/library/mariadb:10

# Nextcloud
podman run --detach \
           --env MYSQL_HOST=nextcloud-db.dns.podman \
           --env MYSQL_DATABASE=nextcloud \
           --env MYSQL_USER=nextcloud \
           --env MYSQL_PASSWORD=DB_USER_PASSWORD \
           --env NEXTCLOUD_ADMIN_USER=NC_ADMIN \
           --env NEXTCLOUD_ADMIN_PASSWORD=NC_PASSWORD \
           --volume nextcloud-app:/var/www/html \
           --volume nextcloud-data:/var/www/html/data \
           --network nextcloud-net \
           --restart on-failure \
           --name nextcloud \
           --publish 8080:80 \
           docker.io/library/nextcloud:20

So no need to use Oracle cloud for this. And instances do not really need to necessarily to sync up given the user count.

0
1
1

Jarkko Sakkinen

Migrating my stuff from #Github and #Gitlab to #Codeberg. The first successful CI run done. And seems to generate legit results: https://jarkko.codeberg.page/ #Woodpecker #CI
1
0
2

Jarkko Sakkinen

Early potatoes, herring and egg dip šŸ˜›
0
0
0

Jarkko Sakkinen

Edited 6 months ago

Stumped into a bug straight out right in the get-go ;-) It goes like thisā€¦

First, consider:

āÆ cat pubkey.txt 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3un58bzSwrEXD5PMNuT9nYhyBfdiEeDrcQd3Facw9PZihlFwfec+iz00u4bbNmcrG0YhT056PSnqIR4DqGSK3N2iancS1anBfgNS7Se02jcOyoHsgrDFH6MxEgkZLoFY8XodE5NPDGt6rPoiy6MeN0jKNvuMMQ9UFge67ky0pWZjyDjdyXERZWEIjcp+OQXMaFAU3zJCbnaLgVn7CizZcwriu2ElMg0tVvxdkW59QW9dSgmCdF4zwSvLN6XVpaCw+fiXV+09Wq5PT65qT/rWC/0yO4BWuZFteX8gXyDQBJqEzNKjkvACNFI4ublSUQO7zYnyFQjlww04+afTFkWZYIV2UtOZYzJaTg90DT3fQBkJMxsHHc4G8eF+SveIy1tiOq7jf8btvdKLCyvIrNMlhB99YPAzBFUd/X/w7uOEtm7L4zoWa+6YRjtKiPtuaeGGQVr3CEU/L9rtPY9PfkPOxGUahnM5M2MsST5NPZ9+tWvhjEFX4nSYo5EShFBE9m01sa675mzrOwsBXwi7AlBZtT4hEYN1jvVUVXrwEC8W7RKy3C0mgU/mlnxXHp23af9YEkjiYA5ZBmK4+q85o0pBf616cLAhzebDwoT5v9VkYY+q1t3nLWpaG9HAH0BmPyEW0jlB1jxqwUvlmWQ14vtZUOAzrFnAoUKDVLTeuK+w5vw== cardno:23_610_166

Uploading this results ā€œInvalid file type. SSH public key (.pub) files onlyā€ (screenshot #1).

Then, consider:

āÆ mv pubkey.{txt,pub}
āÆ cat pubkey.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3un58bzSwrEXD5PMNuT9nYhyBfdiEeDrcQd3Facw9PZihlFwfec+iz00u4bbNmcrG0YhT056PSnqIR4DqGSK3N2iancS1anBfgNS7Se02jcOyoHsgrDFH6MxEgkZLoFY8XodE5NPDGt6rPoiy6MeN0jKNvuMMQ9UFge67ky0pWZjyDjdyXERZWEIjcp+OQXMaFAU3zJCbnaLgVn7CizZcwriu2ElMg0tVvxdkW59QW9dSgmCdF4zwSvLN6XVpaCw+fiXV+09Wq5PT65qT/rWC/0yO4BWuZFteX8gXyDQBJqEzNKjkvACNFI4ublSUQO7zYnyFQjlww04+afTFkWZYIV2UtOZYzJaTg90DT3fQBkJMxsHHc4G8eF+SveIy1tiOq7jf8btvdKLCyvIrNMlhB99YPAzBFUd/X/w7uOEtm7L4zoWa+6YRjtKiPtuaeGGQVr3CEU/L9rtPY9PfkPOxGUahnM5M2MsST5NPZ9+tWvhjEFX4nSYo5EShFBE9m01sa675mzrOwsBXwi7AlBZtT4hEYN1jvVUVXrwEC8W7RKy3C0mgU/mlnxXHp23af9YEkjiYA5ZBmK4+q85o0pBf616cLAhzebDwoT5v9VkYY+q1t3nLWpaG9HAH0BmPyEW0jlB1jxqwUvlmWQ14vtZUOAzrFnAoUKDVLTeuK+w5vw== cardno:23_610_166

As can been seen from screenshot #2, the public key was successfully uploaded. For me this looks like as if validation was based on the filename extension o_O

A correct validation would ignore the fileā€™s name and base validation on RFC 4716: The Secure Shell (SSH) Public Key File Format.

1
1
0

@duxsco

NOT true. TPM_ECC_CURVE_448 exists in the TCG algorithm registry. Table 5.1 in this same specifications enumerates ECC curves supported by TPM firmware (or in the spec TCG ā€œTPM 2.0 Libraryā€) interface.

Sometimes features can even land through firmware updates. especially for fTPMā€™s in Intel, ARM (via SMC AMD CPUā€™s this is feasible approach.

Iā€™ve been also started to lobby the idea of getting P256K1 to the registry based on principle of equally feasible playing field for established corporations and growth companies of variable side (aka startups):

  1. Corporates need to have their NIST curves.
  2. Thereā€™s a critical mass of blockchain associated startups, in varying levels. So to have working capitalism also ā€œBitcoin curveā€ should be there.

Iā€™m going to also write P256K1 software primitives to Linux kernel to enable more secure options for managing that sort of assets.

I do it part of my role as Linux kernel key-ring co-maintainer. My job is to identity widely use key types, enable them and call it a day, i.e. create equal capitalist market place for every actor.

I would enable P256K1 even if I hated blockchains by guts because it is my freaking job :-) Liking and disliking about stuff is part of leisure time (or when getting drunk which is part of leisure time ;-)).

2
1
0

Jarkko Sakkinen

Still my #TUI file manager of choice after all these years.
0
0
0

Jarkko Sakkinen

put some #feedback about size units to a #fedora #magazine #article ;-)
0
0
0

Jarkko Sakkinen

#telescope is awesome with the #kernel tree #neovim
0
0
2

Jarkko Sakkinen

Ramping up #systemd #kernel #QA: DONE!

URL: https://gitlab.com/jarkkojs/linux-tpmdd-test

Contents:

CMakeLists.txt
Config.in
LICENSE
README.md
board/x86_64/buildroot.conf
board/x86_64/genimage.cfg
board/x86_64/kselftest-tpm2.exp.in
board/x86_64/linux.config
board/x86_64/post-build.sh
board/x86_64/post-image.sh
board/x86_64/run-qemu.sh.in
board/x86_64/run-tests.sh.in
board/x86_64/ssh_config.in
buildroot-2024.02.3.patch
configs/x86_64_defconfig
external.desc
external.mk

Iā€™ve been editing the history while ramping up this starting point but I will stop this chaotic workflow now and commit to this baseline :-) So no worries if sending pull requestsā€¦

This is also CI capable environment assuming that runner has:

  • QEMU
  • swtpm

The GIF-animation shows the proof that it actually also works.

0
0
0

Jarkko Sakkinen

Edited 6 months ago

Actually not yet too successful booting my #BuildRoot image with systemd-boot. With grub-efi I got to the login.

EDIT: I think I got it and it is pretty obvious. Iā€™m still deploying GRUB style configs when I construct the disk image with genimage, so I just fix them up as systemd boot style configs (found a reference for that).

So I just follow along [1] and cross my fingers ;-) I think it is good exercise to build from scratch a systemd image from boot to user space in all cases.

[1] https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/

1
0
0
Fully works!! Screenshot taken from my MacBook Pro ;-) QEMU running on my PC workstation:
1
1
0

Jarkko Sakkinen

I was able to create #systemd image with #BuildRoot.

However, it boots into emergency mode. Any tips or ideas?

My end product is 2GB img file that can be booted either with real hardware or in QEMU (it has #UEFI layout).
1
0
0

Jarkko Sakkinen

0
1
2
Show older