Blog - www.stockersolutions.net

Stumbled upon something that I’ve missed for a long time: encrypting files with the ssh public key :)

Source

https://github.com/FiloSottile/age

Install Package

OpenBSD (and most others *nix systems) got a package for age. Just install it.

doas pkg_add age

Asymmetric Encryption

Asymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key’. Together, they’re called a ‘Public and Private Key Pair’

MAC Address Converter

We’re all dealing with MAC Addresses, some times … there are different formats on different systems. this little script convert it to all formats and you can choise the appropriate ones.

Example

$ maconvert aa:bb:cc:dd:ee:ff

aabbccddeeff
aa:bb:cc:dd:ee:ff
aa-bb-cc-dd-ee-ff
aabb.ccdd.eeff

Script

Copy/Paste will work on OpenBSD, Linux needs some small Modifications (as there is no doas for example …)

doas su -

cat << 'EOFSCRIPT' > /usr/local/bin/maconvert
#!/usr/bin/env bash

# v0.1, 2021, by Christian Henschel
# v0.2, 2021-12-29, Stöge -> add OpenBSD Support & install gawk if needed

if [ OpenBSD == $(uname -s) ]; then
  which gawk &>/dev/null || doas pkg_add gawk
  _awk=$(which gawk)
else
  _awk=$(which awk)
fi

if [ -z "$1" ]; then
  cat <<'EOF'

  no mac address entered, valid format are:

  cafedeadbeef
  cafe.dead.beef
  ca:fe:de:ad:be:ef
  ca-fe-de-ad-be-ef

EOF
  exit 1
else
  mac=$(echo $1 | sed -e 's/[.:-]//g')
  maccolon=$(echo $mac  | $_awk '{gsub(/..\B/,"&:")}1')
  macdash=$(echo $mac  | $_awk '{gsub(/..\B/,"&-")}1')
  macpoint=$(echo $mac | $_awk '{gsub(/....\B/,"&.")}1')
fi

cat <<EOF

  $mac
  $maccolon
  $macdash
  $macpoint

EOF
exit 0
EOFSCRIPT

doas chmod 755 /usr/local/bin/maconvert
maconvert

NJoy!

While ago since i installed FreeBSD “by Hand” on a APU … let’s take some Notes (as we’re all getting older …) ;)

Links

Get Install Image

wget https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/13.0/FreeBSD-13.0-RELEASE-amd64-memstick.img.xz
xz -dv FreeBSD-13.0-RELEASE-amd64-memstick.img.xz

Write to USB Stick

time dd if=FreeBSD-13.0-RELEASE-amd64-memstick.img of=/dev/da1 bs=1M conv=sync status=progress

Mount Stick

mount /dev/da1s2a /mnt

Redirect Serial Console

and set other Stuff

cat <<EOF>/mnt/boot/loader.conf
boot_multicons="YES"
boot_serial="YES"
comconsole_speed="115200"
console="comconsole,vidconsole"
EOF

Unmount Image

umount /mnt

Write to USB Stick

time dd if=FreeBSD-13.0-RELEASE-amd64-memstick.img of=/dev/da1 bs=1M conv=sync status=progress

Boot APU with USB Stick

Insert USB Stick into APU and Press F10 -> Boot from USB Device

1. Intro

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you.

Links

Install on OpenBSD

Wanna Install on OpenBSD ?

# get root
doas su -

Install as Root

# Install Poetry
pip3 install --user poetry

# on error PEP 668:
#pip3 install --user poetry --break-system-packages

# Update Poetry
pip3 install poetry -U

# Update Profile
cat << EOF >> ~/.profile

# Poetry, added $(date)
export PATH=\$PATH:/root/.local/bin
EOF

. ~/.profile

Install as User poetry

# Update Poetry
pip3 install poetry -U

# Update Profile
cat << EOF >> ~/.profile

# Poetry, added $(date)
export PATH=\$PATH:~/.local/bin
EOF

. ~/.profile

Install on Debian

run as root

sudo apt-get install -y python3 python3-distutils
curl -sSL https://install.python-poetry.org/ | python3 -

cat << EOF >> ~/.bashrc

# Poetry, added $(date)
export PATH=\$PATH:~/.local/bin
EOF

source ~/.bashrc

run as user

curl -sSL https://install.python-poetry.org/ | python3 -

cat << EOF >> ~/.bashrc

# Poetry, added $(date)
export PATH=\$PATH:~/.local/bin
EOF

source ~/.bashrc

Update Poetry Packages to latest Version

-> set all Packages to “*” execpt python himselv

Signing Files with SSH 8.0

unsigned file

$ cat hosts
127.0.0.1 localhost
::1   localhost

1.2.3.4         egal

sign

$ ssh-keygen -Y sign -f id_rsa -n file hosts
Signing file hosts
Write signature to hosts.sig

signed file

$ cat hosts.sig
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBALJB+O4WCOM7V56H1xigpd
uJem52Izwltl2cG9GQOO94HClebcr7C5aD24iI4wDcT9Ajv5/fu9cDVEXku83I/U0blUZe
oMd8qCIH+4O+RVYyCvKFyEkcZ6n+RRH1G5EgcP0UXtmo4J3p8Hyo/6jtPA/r28+idi84A6
7yW1cmC5GpIw24Vr5aqA3e3rCJdFBZThzsTrwu/DHzIueQstEQdldycUit4X9UPBaCVnov
+nhyijO9b8adzkTMxjcJAl65fdLUmwuJ5h3z0owdKOmrcNlbWxqTIuGU0in25ZDQVxLssc
WI8oW7vR5F7+cXSV7fYliTG/XPsCkD1KpWc/xSOr35bALRQpxD1+T48mrbKToZuzu4hage
cUSOvRI3R0hKIvcXYyf2SQoBfLNlpvl5CRcatlw2fMhFQPrVz0Bh543chEFsF4nxKQw8yq
riJbqkvhW8tzKCnMA7vyTRxey6uSDJrw0YchXIJdprNUlgM1t+z9J3AwC4ugpvhgVd6H0v
9QAAAAxob3N0cy5zaWduZWQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAA
ABgAB9zAZStPsSvPIBh66lAgGLE/JWPk0voZjTUz9pO5wl81aM6Kn1clY9n4jysEkiQ0xy
yy/tWgFzKi10mVfh/SJ34L2Mdo8t+vBnha1KNlkFwXZl+GXiCLlVl+ei6xpRfp9knheoIh
LyEHoxgkuI6lO0c8pi4ymNnrlfvkg9SvvZfSdXWUMfTWHDlHvFIGqMg3BWQu7ylTEgQVDF
obpqDInU3hkisfsywQRQh6KVVe8eSUc0qVH/FSSLoG8X/IX9Vh3g4tT/2FJPrE4k464yie
GdnLkp5edcnnE+jjoSQroMs52QWy2a3XXZC5KTaDL6w4mcry1RpavhXb5aJQ7o0852Pkc9
wDkwX/11JZhMmxNZbDlg+tHsWy12KUubKAxAjJ1HUFXMjTFI6HMu8WyU989e3dOTt/bL3W
l7sDo5P8SGv3/6+tJxugz9shz8WaN9Xz6Oh2AfCM6+IROXaeUgWMXtDmGS5bUZxUOSxHa1
ww7wzYR0NKXuOk3IeJMSQ2f97g==
-----END SSH SIGNATURE-----

verify file

allowed signers

$ cat /etc/allowed_signers
mail@world.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyQfjuFgjjO1eeh9cYoKXbiXpudiM8JbZdnBvRkDjveBwpXm3K+wuWg9uIiOMA3E/QI7+f37vXA1RF5LvNyP1NG5VGXqDHfKgiB/uDvkVWMgryhchJHGep/kUR9RuRIHD9FF7ZqOCd6fB8qP+o7TwP69vPonYvOAOu8ltXJguRqSMNuFa+WqgN3t6wiXRQWU4c7E68Lvwx8yLnkLLREHZXcnFIreF/VDwWglZ6L/p4coozvW/Gnc5EzMY3CQJeuX3S1JsLieYd89KMHSjpq3DZW1sakyLhlNIp9uWQ0FcS7LHFiPKFu70eRe/nF0le32JYkxv1z7ApA9SqVnP8Ujq9+WwC0UKcQ9fk+PJq2yk6Gbs7uIWoHnFEjr0SN0dISiL3F2Mn9kkKAXyzZab5eQkXGrZcNnzIRUD61c9AYeeN3IRBbBeJ8SkMPMqq4iW6pL4VvLcygpzAO78k0cXsurkgya8NGHIVyCXaazVJYDNbfs/SdwMAuLoKb4YFXeh9L/U=

verify

got in touch with httpie, a restapi client for the cli

install

doas pkg_add httpie

Hello World

let’s do a little test

$ https httpie.io/hello

HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json; charset=utf-8
age: 0
cache-control: public, max-age=0, must-revalidate
content-length: 264
date: Wed, 10 Nov 2021 17:34:19 GMT
etag: "108-yw+Xn8xsGAsJIUMQvDLN7gAcQuc"
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /api/hello
x-vercel-cache: MISS
x-vercel-id: fra1::iad1::4kmc7-1636565659646-cf763c94cea0

{
    "ahoy": [
        "Hello, World! 👋 Thank you for trying out HTTPie 🥳",
        "We hope this will become a friendship."
    ],
    "links": {
        "discord": "https://httpie.io/discord",
        "github": "https://github.com/httpie",
        "homepage": "https://httpie.io",
        "twitter": "https://twitter.com/httpie"
    }
}

Examples

Custom HTTP method, HTTP headers and JSON data:

OpenBSD 7.0 released !

the 7.0 Release was released on 14. Oct 2021, two weeks before the official Launch Date (1. Nov).

All the Changes are listed here: https://www.openbsd.org/70.html, or summarized: undeadly.org

Things i have to consider for my Boxes:

dhcpleased(8) was made the default program for configuring IPv4 addresses via DHCP
resolvd(8) was activated to handle concurrent changes to resolv.conf(5) by both dhcpleased(8) and slaacd(8).

Upgrade Guide

Follow to official Upgrade Guide. You can Upgrade with an USB Stick, ISO Image, PXE Boot or inline (from a running system).

ASLO

AS Lookup Helper Script. It’s written for OpenBSD and need’s some modification for Linux. It basically depends on Python, PIP Installer and Python Package “aslookup”. Have Fun !

Download

wget https://blog.stoege.net/scripts/aslo
chmod 755 aslo
./aslo 1.1.1.1

Script

… and the Content himelf. It basically check’s if pip is installed, if as-lookup is installed, and then does the as lookup for the given IP Adress

#!/usr/bin/env bash

# AS Lookup for IP Address

install_pip() {
  echo -e "\npip not found, install ?\n"
  read -rsp $'Press any key to continue...\n' -n1 key
  pkg_add py3-pip--
  ln -sf /usr/local/bin/pip3.9 /usr/local/bin/pip
  echo -e "\npip installed ...\n"
}

install_aslookup() {
  echo -e "\nas-lookup not found, install ?\n"
  read -rsp $'Press any key to continue...\n' -n1 key
  pip install aslookup
  echo -e "\naslookup installed ...\n"
}

aslo() {
  as-lookup -s cymru `getent hosts $1 |awk '!/:/{ print $1}'`
}

which pip &>/dev/null || install_pip
which as-lookup &>/dev/null || install_aslookup
aslo $1

exit 0

Usage

you can simply ask one ip …

Intro

Wanna run your own Nextcloud Server on OpenBSD … ? Give a Try ! It’s quite trivial as you can see. Just fireup an empty machine, assign an Hostname / DNS Record, and follow the Examples below. This Setup is done on the current Version, 6.9. Have Fun !

Inspired by: https://dev.to/nabbisen/nextcloud-on-openbsd-installation-15d6

Packages

install some packages. i use sqlite as db because i don’t expect a lot of users/traffic/files.

$ doas pkg_add nextcloud
quirks-3.633 signed on 2021-09-27T19:58:00Z
Ambiguous: choose package for nextcloud
a 0: <None>
  1: nextcloud-20.0.12
  2: nextcloud-21.0.4
Your choice: 2
Ambiguous: choose dependency for nextcloud-21.0.4:
a 0: php-pdo_mysql-7.4.23
  1: php-pdo_pgsql-7.4.23
  2: php-pdo_sqlite-7.4.23
Your choice: 2
nextcloud-21.0.4:argon2-20190702: ok
nextcloud-21.0.4:libsodium-1.0.18p1: ok
nextcloud-21.0.4:libxml-2.9.10p3: ok
nextcloud-21.0.4:oniguruma-6.9.6: ok
...
nextcloud-21.0.4: ok
Running tags: ok
The following new rcscripts were installed: /etc/rc.d/php74_fpm
See rcctl(8) for details.
New and changed readme(s):
  /usr/local/share/doc/pkg-readmes/femail-chroot
  /usr/local/share/doc/pkg-readmes/nextcloud
  /usr/local/share/doc/pkg-readmes/php-7.4

Preare Chroot

Create some Folders and stuff in the Chrooted Environment

we all do like aliases, right ?

https://git-scm.com/book/en/v2/Git-Basics-Git-Aliases

Some Aliases

git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
git config --global alias.bra "branch -a"

and then, you just type:

git co
git br
git ci
git st
git bra

.gitconfig

all this stuff is saved in ~/.gitconfig

$ cat ~/gitconfig
# This is Git's per-user configuration file.
...
[alias]
  co = checkout
  br = branch
  ci = commit
  st = status
  bra = branch -a

Any Comments ?

sha256: 1175e6dde38a2eaed638973cbcd44b5d877ef48acc4e42127dbed167ec15cd1c