2016-10-20 02:46:01    340    0    0

Principle


Using Docker on Raspberry Pi provides many different benefits (most explained here in French). However when developing new containers, it may require much more CPU and RAM power to build them or even to compile the binaries in armhf format. So this blog post describes how to create an ARM v7 image based on QEMU emulating an ARM Cortex-15 chip with 2Gb of RAM running Debian 8 Jessie.

Why Debian 8 Jessie ?

Simply because the embedded kernel is preconfigured for Docker (see the required modules there). I'll probably use HypriotOS in the future but for now that's good enough and i use the Docker packages directly built by Hypriot anyway.

Why not emulating the Raspberry Pi ?

Simply because the performances are really really bad and it is limited to 256Mb of RAM. I tried multiple times but it is really too slow so i preferred to switch to a different emulator but keeping the same CPU architecture.

Why only a Cort

2016-10-20 02:41:28    142    0    0

Commit some changes

  1. # ...
  2. git commit -am "0" # got hash hash0
  3. # ...
  4. git commit -am "1" # got hash hash1
  5. # ...
  6. git commit -am "2" # got hash hash2
  7. # ...
  8. git commit -am "3" # got hash hash3

Revert change 1, 2, and 3

  1. git reset --hard hash0
  2. git reset --soft hash3
  3. git commit -am 'Reverted 1 2 3'
git    2016-10-20 02:41:23    284    0    0

0. Add a submodule

  1. git submodule add [-b <branch>]<repository> [<path>]
  2. git submodule init
  3. git submodule update

1. Remove config entries:

  1. git config -f .git/config --remove-section submodule.$submodulepath
  2. git config -f .gitmodules --remove-section submodule.$submodulepath

2. Remove directory from index:

  1. git rm --cached $submodulepath

3. Commit

4. Delete unused files:

  1. rm -rf $submodulepath
  2. rm -rf .git/modules/$submodulepath

Background

When you do git submodule add, it only adds it to .gitmodules, but once you did git submodule init, it added to .git/config.

So if you wish to remove the modules, but be able to restore it quickly, then do just this:

  1. git rm --cached $submodulepath
  2. git config -f .git/config --remove-section submodule.$submodulepath

It is a good idea to do git rebase HEAD first and git commit at the end, if you put this in a script.

golang    2016-06-16 09:19:36    208    0    0

传输层安全协议(Transport Layer Security,缩写:TLS),及其前身安全套接层(Secure Sockets Layer,缩写:SSL)是一种安全协议,目的是为互联网通信提供安全及数据完整性保障。

SSL包含记录层(Record Layer)和传输层,记录层协议确定了传输层数据的封装格式。传输层安全协议使用X.509认证,之后利用非对称加密演算来对通信方做身份认证,之后交换对称密钥作为会谈密钥(Session key)。这个会谈密钥是用来将通信两方交换的数据做加密,保证两个应用间通信的保密性和可靠性,使客户与服务器应用之间的通信不被攻击者窃听。

本文并没有提供一个TLS的深度教程,而是提供了两个Go应用TLS的简单例子,用来演示使用Go语言快速开发安全网络传输的程序。

TLS历史

  • 1994年早期,NetScape公司设计了SSL协议(Secure Sockets Layer)的1.0版,但是未发布。
  • 1994年11月,NetScape公司发布SSL 2.0版,很快发现有严重漏洞。
  • 1996年11月,SSL 3.0版问世,得到大规模应用。
  • 1999年1月,互联网标准化组织ISOC接替NetScape公司,发布了SSL的升级版TLS 1.0版。
  • 2006年4月和2008年8月,TLS进行了两次升级,分别为TLS 1.1版和TLS 1.2版。最新的变动是2011年TLS 1.2的修订版。
  • 现在正在制定 tls 1.3。

证书生成

首先我们创建私钥和证书。

服务器端的证书生成

使用了”服务端证书”可以确保服务器不是假冒的。

1、 生成服务器端的私钥

  1. openssl genrsa -out server.key 2048

2、 生成服务器端证书

  1. openssl req -new -x509 -key server.key -out server.pem -days 2048

客户端的证书生成

除了”服务端证书”,在某些场合中还会涉及到”客户端证书”。所谓的”客户端证书”就是用来证明客户端访问者的身份。
比如在某些金融公司的内网,你的电脑上必须部署”客户端证

2016-06-03 06:47:30    406    0    0

Prepare Virtual Machine

  • Install OS on VMware or VirtualBox

  • Startup OS, delete the symbolic link of grubenv, then copy the real grubenv file here, like this:

  1. cd /boot/grub2/
  2. rm f grubenv
  3. cp /boot/efi/EFI/centos/grubenv ./

Export VM and Upload into AWS

  • Shutdown OS, export image using OVA type.

  • Login AWS console, then upload this OVA image into S3 bucket, for example: vm-import

  • Create vmimport role

  1. aws iam create-role --role-name vmimport \
  2. --assume-role-policy-document file://trust-policy.json

Here is the content of trust-policy.json

  1. {
  2. "Version":"2012-10-17",
  3. "Statement":[
  4. {
  5. "Sid":"",
  6. "Effect":"Allow",
  7. "Principal":{
  8. "Service":"vmie.amazonaws.com"
  9. },
  10. "Action":"sts:AssumeRole",
  11. "Condition":{
  12. "StringEquals":{
  13. "sts:ExternalId":"vmimport"
  14. }
  15. }
  16. }
  17. ]
  18. }
  • Edit policy for vmiport
  1. aws iam put-role-policy --
golang    2016-05-28 15:19:05    361    0    0

1. Mail Configuration

When we have certificates for our SMTP servers, the TLSSkipVerify should be set to true. Otherwise, set to false

  1. // MailConfig contains all configuration for mail
  2. type MailConfig struct {
  3. AuthMailAddr string
  4. AuthPassword string
  5. SendFrom string
  6. SMTPHost string
  7. TLSSkipVerify bool
  8. }
  9. var config MailConfig
  10. func SendMail(mailto string, subject string, body string) error {
  11. // Code
  12. }

2. Set From and To

  1. from := mail.Address{
  2. Name: "",
  3. Address: config.SendFrom,
  4. }
  5. to := mail.Address{
  6. Name: "",
  7. Address: mailto,
  8. }

3. Setup Header and Message

  1. // Setup headers
  2. headers := make(map[string]string)
  3. headers["From"] = from.String()
  4. headers["To"] = to.String()
  5. headers["Subject"] = subject
  6. // Setup message
  7. message := ""
  8. for k, v := range headers {
  9. message += fmt.Sprintf("%s: %s\r\n", k, v)
  10. }
  11. message += "