diff options
Diffstat (limited to 'doc')
55 files changed, 2116 insertions, 55 deletions
diff --git a/doc/note/bash/bash-on-windoof.txt b/doc/note/bash/bash-on-windoof.txt new file mode 100644 index 0000000..32c0ee3 --- /dev/null +++ b/doc/note/bash/bash-on-windoof.txt @@ -0,0 +1,6 @@ + + +## Stop silly path replacements + + MSYS_NO_PATHCONV=1 ssh foo -- ls /var/lib + diff --git a/doc/note/bash/bashrc b/doc/note/bash/bashrc new file mode 100644 index 0000000..ca3aaa2 --- /dev/null +++ b/doc/note/bash/bashrc @@ -0,0 +1,53 @@ + +WINDOOF=$(if [ -d /c/Windows ]; then echo true; else echo false; fi) + +# Disable annoying "features", so that exclamation marks become usable again. +set +o histexpand + +# Do NOT store duplicates in history. Do NOT store in history if +# starts-with-space. +HISTCONTROL=ignoreboth + +if [ $SHLVL -eq 1 ]; then + set -o ignoreeof # Require explicit 'exit' cmd to exit shell. +else + set +o ignoreeof +fi + +export PS1='\033[1;32m[\033[0m$? \033[1;30m\u\033[0m\033[1;32m@\033[1;30m\h \033[1;34m\w\033[1;32m]\033[0m\n\$ ' + +# Add global node modules to path +#PATH=/opt/node-6.10.1/lib/node_modules/.bin:$PATH +# bash completion for npm +#source /opt/node-6.10.1/etc/npm-completion.sh + +if test -d ~/.local/bin; then export PATH=~/.local/bin:$PATH; fi + +############################################################################### +# +# Auto-launching ssh-agent on Git for Windoofs +# (See: https://docs.github.com/en/github/authenticating-to-github/working-with-ssh-key-passphrases#auto-launching-ssh-agent-on-git-for-windows) +# +if $WINDOOF; then + env=~/.ssh/agent.env + + agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; } + agent_start () { (umask 077; ssh-agent >| "$env"); . "$env" >| /dev/null ; } + + agent_load_env + + # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running + agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?) + + if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then + agent_start + #ssh-add + #elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then + # ssh-add + fi + + unset env +fi +# +############################################################################### + diff --git a/doc/note/bash/inputrc b/doc/note/bash/inputrc new file mode 100644 index 0000000..df82709 --- /dev/null +++ b/doc/note/bash/inputrc @@ -0,0 +1,4 @@ + +set colored-completion-prefix on +set colored-stats off + diff --git a/doc/note/binutils/dumpbin.txt b/doc/note/binutils/dumpbin.txt index e71be0e..d71878b 100644 --- a/doc/note/binutils/dumpbin.txt +++ b/doc/note/binutils/dumpbin.txt @@ -2,15 +2,23 @@ DumpBin For Windoof =================== -Analyze PE32 / PE32+ files. +Scan for unwanted dependencies +------------------------------ -Location: "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\dumpbin.exe" +Linux: -Help + find build/bin -type f -print0|xargs -0I? sh -c 'echo ?;readelf -d ?|egrep NEEDED|egrep -v "\\[(libc\\.|libz\\.|libm\\.|libdl\.|libpthread\.)"' - dumpbin /? -List needed DLLs. +Windoof: - dumpbin /DEPENDENTS foo.exe + find build/bin/*.exe -print0|xargs -0I? sh -c 'echo ?;objdump -p ?|egrep -i DLL\ Name:|egrep -iv "(KERNEL32.dll|msvcrt.dll|USER32.dll|WS2_32.dll|ADVAPI32.dll|GDI32.dll|IMM32.dll|ole32.dll|OLEAUT32.dll|SETUPAPI.dll|SHELL32.dll|VERSION.dll|WINMM.dll)"' + + + + +List Dll Dependencies Of A PE32 Executable +------------------------------------------ + + x86_64-w64-mingw32-objdump -p out.exe | grep 'DLL Name:' diff --git a/doc/note/burncdrom/burncdrom.txt b/doc/note/burncdrom/burncdrom.txt new file mode 100644 index 0000000..4c6f163 --- /dev/null +++ b/doc/note/burncdrom/burncdrom.txt @@ -0,0 +1,38 @@ + +How to handle CD/DVD burning +============================ + +## Install growisofs + + apt install genisoimage + + +## Burn to optical media from ISO + +growisofs -dvd-compat -Z /dev/srX=path/to/my.iso + + +## "Burn" to USB from ISO + + dd bs=4M if=path/to/my.iso of=/dev/sdX status=progress oflag=sync + + +## Get checksum of disc + +- Use isoinfo (from genisoimage pkg) to get size params. +- Use dd parameterized by previous output. + + isoinfo -d dev=/dev/srX + dd bs=${Logical block size} count=${Volume size} if=/dev/srX | md5sum -b + + +## Get checksum of usb drive + +- Use stat to get block/count. +- Divide num by drive block size (likely 4096). +- Use dd parameterized by previous output. + + stat -c '%s' my.iso + dd bs=${Logical block size} count=${Volume size} if=/dev/sdx | md5sum -b + + diff --git a/doc/note/compress/xz.txt b/doc/note/compress/xz.txt new file mode 100644 index 0000000..b7dff5f --- /dev/null +++ b/doc/note/compress/xz.txt @@ -0,0 +1,5 @@ + + + xz --keep --lzma2=preset=9,nice=273,dict=1G -vv + + diff --git a/doc/note/curl/curl.txt b/doc/note/curl/curl.txt new file mode 100644 index 0000000..fe0302b --- /dev/null +++ b/doc/note/curl/curl.txt @@ -0,0 +1,11 @@ + + +## Timing + + curl example.com -w "\n\nconnect=%{time_connect}s, trsf=%{time_starttransfer}s, totl=%{time_total}s\n" + + +## Sources + +- [time trace](https://stackoverflow.com/a/18215566/4415884) + diff --git a/doc/note/docker/Docker-Daemon-Install.txt b/doc/note/docker/Docker-Daemon-Install.txt index c6a120a..1bfa6bb 100644 --- a/doc/note/docker/Docker-Daemon-Install.txt +++ b/doc/note/docker/Docker-Daemon-Install.txt @@ -27,10 +27,10 @@ section (HINT: "/etc/environment" does not work) [service] ... - Environment="HTTP_PROXY=http://10.0.2.2:31280" - Environment="http_proxy=http://10.0.2.2:31280" - Environment="HTTPS_PROXY=http://10.0.2.2:31280" - Environment="https_proxy=http://10.0.2.2:31280" + Environment="HTTP_PROXY=http://10.0.2.2:3128" + Environment="http_proxy=http://10.0.2.2:3128" + Environment="HTTPS_PROXY=http://10.0.2.2:3128" + Environment="https_proxy=http://10.0.2.2:3128" Environment="NO_PROXY=127.0.0.1,10.0.2.2,*.post.ch" Environment="no_proxy=127.0.0.1,10.0.2.2,*.post.ch" diff --git a/doc/note/ffmpeg/ffmpeg.txt b/doc/note/ffmpeg/ffmpeg.txt index 072faa7..c992537 100644 --- a/doc/note/ffmpeg/ffmpeg.txt +++ b/doc/note/ffmpeg/ffmpeg.txt @@ -32,6 +32,18 @@ Use -codec:v copy to keep video, or -codec:v no for audio-only. -filter:a lowpass=f=16000 +## Fix Loudness war, bring bass back + + -af "equalizer=f=200:w=200:t=h:g=-9,equalizer=f=400:w=600:t=h:g=-9,equalizer=f=2000:w=2000:t=h:g=-12,equalizer=f=4000:w=4000:t=h:g=-12,equalizer=f=10000:w=10000:t=h:g=-12,volume=+0.0dB" + + +## Audio trim + +HINT: Repeat afade twice for log. + + -af "afade=t=in:d=500ms,afade=t=out:st=183427ms:d=500ms" \ + + ## Record Desktop ffmpeg -f gdigrab -framerate 6 -probesize 10M -offset_x 0 -offset_y 0 \ @@ -45,6 +57,13 @@ Use -codec:v copy to keep video, or -codec:v no for audio-only. -i INFILE -ss <pos> -to <pos> OUTFILE +## Concatenate + + && ffmpeg -i one.mkv -i two.mkv \ + -filter_complex '[0:v] [0:a] [1:v] [1:a] concat=n=2:v=1:a=1 [v] [a]' \ + -map "[v]" -map "[a]" out.mkv \ + + ## Rotate Portrait -i INFILE -vf "transpose=2" OUTFILE diff --git a/doc/note/firefox/firefox.txt b/doc/note/firefox/firefox.txt index e1e2999..9c48e29 100644 --- a/doc/note/firefox/firefox.txt +++ b/doc/note/firefox/firefox.txt @@ -2,6 +2,7 @@ Firefox ================ + ## Install plugin quickNdirty until restart - Visit "about:debugging" @@ -12,6 +13,7 @@ Firefox For refresh, there is a button on the same page to reload the plugin. + ## Create an XPI file (eg for distribution) "manifest.json" MUST be in top level dir inside ZIP. @@ -19,6 +21,7 @@ For refresh, there is a button on the same page to reload the plugin. zip my.xpi manifest.json main.js + ## Distribute via self-hosting Package MUST be signed by "addons.mozilla.org" (Except for ESR or dev @@ -27,3 +30,9 @@ firefox builds) XPI file can be drag-n-drop to FF to trigger install dialog. Or via gear icon "install from file". + + +## Install native manifest (linux) + +"~/.mozilla/native-messaging-hosts/<name>.json" + diff --git a/doc/note/gdb/gdb.txt b/doc/note/gdb/gdb.txt new file mode 100644 index 0000000..20cbd4d --- /dev/null +++ b/doc/note/gdb/gdb.txt @@ -0,0 +1,10 @@ + +## Print next few ASM instructions + + x/3i $pc + + +## Sources + +- [Print asm instructions](https://stackoverflow.com/a/59331366/4415884) + diff --git a/doc/note/gpg/gpg.txt b/doc/note/gpg/gpg.txt index 11721f0..5580a13 100644 --- a/doc/note/gpg/gpg.txt +++ b/doc/note/gpg/gpg.txt @@ -67,6 +67,36 @@ you're doing! If you don't, you MUST NOT use those instructions! gpgwin --sign-key foreignUser@example.com +## Expand detached subkey expiry + +PS: Why is this so fu***** damn complicated! Anyone still wondering why this + system is not used by most humans?!? Please STOP producing so uselessly + complicated software! + + cd "${WORKDIR:?}" + mkdir master + (cd "${OFFHOME:?}/.gnupg" && tar c $(ls -A)) | (cd master && tar x) + export GNUPGHOME="${WORKDIR:?}/master" + gpg --list-secret-keys --with-keygrip --keyid-format=long --with-fingerprint --with-subkey-fingerprint --list-options show-unusable-subkeys + gpg --edit-key SEC_KEY + expire + save + gpg --edit-key SSB_KEY + key 1 + key 2 + expire + save + NOW=$(date -u +%Y%m%d-%H%MZ) + gpg --export-secret-subkeys F00! BA5! > subkey-${NOW:?}.sec.gpg + gpg --export F00! BA5! > subkey-${NOW:?}.pub.gpg + gpg --list-packets subkey-${NOW:?}.sec.gpg + gpg --list-packets subkey-${NOW:?}.pub.gpg + tar --owner=0 --group=0 -c subkey-${NOW:?}.*.gpg | (cd "${OFFHOME:?}" && sudo tar x) + md5sum -b subkey-${NOW:?}.*.gpg | sudo tee -a "${OFFHOME:?}/MD5SUM" + echo "After import, you'd likely want to change phrase away from master" + gpg --edit-key foo@example.com passwd quit + + ## Use keys with throw-away keyring GNUPGHOME="/tmp/foo/" @@ -85,4 +115,7 @@ you're doing! If you don't, you MUST NOT use those instructions! gpgconf --kill gpg-agent gpgconf --launch gpg-agent +[windoof: Why does git complain that no GPG agent is running?](https://superuser.com/a/1663941/1123359) says: + gpg-connect-agent reloadagent /bye + diff --git a/doc/note/java/java.txt b/doc/note/java/java.txt new file mode 100644 index 0000000..8dc01a2 --- /dev/null +++ b/doc/note/java/java.txt @@ -0,0 +1,7 @@ + +Java / JVM +================ + + --add-opens java.base/java.lang=ALL-UNNAMED + + diff --git a/doc/note/links/links.txt b/doc/note/links/links.txt index 5564be3..049363c 100644 --- a/doc/note/links/links.txt +++ b/doc/note/links/links.txt @@ -83,6 +83,7 @@ Links (Aka argument amplifiers) - SRP "https://blog.ndepend.com/solid-design-the-single-responsibility-principle-srp/" - OCP "https://blog.ndepend.com/solid-design-the-open-close-principle-ocp/" - LSP "https://blog.ndepend.com/solid-design-the-liskov-substitution-principle/" +- ISP "https://blog.ndepend.com/solid-design-the-interface-segregation-principle-isp/" - DIP "https://stackify.com/dependency-inversion-principle/#post-18184-_nuqaxpnmvpn7" ## Java how to handle InterruptedException: @@ -95,6 +96,9 @@ Links (Aka argument amplifiers) - "https://jira.post.ch/browse/SDCISA-5624" - "https://gitit.post.ch/projects/ISA/repos/halfrunt/pull-requests/27/overview?commentId=105541" +## Java dropping exception stack traces is a "feature" +- [](https://stackoverflow.com/a/3010106/4415884) + ## Please don't never not avoid nevative (un)logic - "https://schneide.blog/tag/boolean-statements/" @@ -105,6 +109,7 @@ Links (Aka argument amplifiers) - "https://medium.com/humans-create-software/composition-over-inheritance-cb6f88070205" - "https://softwareengineering.stackexchange.com/a/371715/306800" - "https://youtu.be/wfMtDGfHWpA" +- [Damn! Use it!](https://gitit.post.ch/projects/ISA/repos/bangbang/pull-requests/5/overview?commentId=316867) ## requirements, experts, business: - "https://www.youtube.com/watch?v=BKorP55Aqvg" @@ -130,6 +135,9 @@ Links (Aka argument amplifiers) - [case slf4j](http://www.slf4j.org/api/org/slf4j/Logger.html) - [General rules](https://gualtierotesta.github.io/java/tutorial-correct-slf4j-logging-usage-and-how-to-check-it/) - [logging guards](https://stackoverflow.com/a/12953090/4415884) +- [impl VS facade in lib](https://jira.post.ch/browse/SDCISA-15223) +- [drop logger impl from lib](https://github.com/swisspost/vertx-redisques/pull/153) +- [Should my library attempt to configure logging?](https://www.slf4j.org/faq.html#configure_logging) ## Misleading log msg messages - "https://gitit.post.ch/projects/ISA/repos/zarquon/pull-requests/2/overview?commentId=61283" @@ -152,6 +160,8 @@ Links (Aka argument amplifiers) ## Code Style format auto-formatters - [warning about formatters](https://gitit.post.ch/projects/ISA/repos/trin/pull-requests/79/overview?commentId=235667) +- [Linter produces crap](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/567/overview?commentId=237627) +- [Linter produces crap js if](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/598/overview?commentId=252867) - [static final java uppercase](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/82/overview?commentId=39126) - [invalid java class name](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/82/overview?commentId=39125) - [spotless produces crap](https://gitit.post.ch/projects/ISA/repos/poodoo/pull-requests/40/overview?commentId=263122) @@ -160,8 +170,6 @@ Links (Aka argument amplifiers) - [spotless produces crap](https://gitit.post.ch/projects/ISA/repos/trin/pull-requests/79) - [spotless produces crap](https://gitit.post.ch/projects/ISA/repos/houston/pull-requests/449/overview?commentId=263593) - [boolean expression formatting](https://gitit.post.ch/projects/ISA/repos/houston/pull-requests/461/overview?commentId=284022) -- [Linter produces crap](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/567/overview?commentId=237627) -- [Linter produces crap js if](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/598/overview?commentId=252867) - [Suddenly NEW formatting rules in PaISA since 2021](https://gitit.post.ch/projects/ISA/repos/watson/pull-requests/1/overview?commentId=234597) - "https://gitit.post.ch/projects/ISA/repos/zarniwoop/pull-requests/20/overview?commentId=85912" - "https://gitit.post.ch/projects/ISA/repos/zarniwoop/pull-requests/21/overview?commentId=87250" @@ -201,6 +209,7 @@ Links (Aka argument amplifiers) ## Java Memory - "youtube.com/watch?v=f2aNWtt0QRo" - jvm GC statistics "https://stackoverflow.com/a/467366" +- [sizeof(java.lang.Object)](https://stackoverflow.com/a/258150/4415884) ## Yaml Is Bullshit - "https://www.arp242.net/yaml-config.html#can-be-hard-to-edit-especially-for-large-files" @@ -214,11 +223,9 @@ Links (Aka argument amplifiers) - "https://stackoverflow.com/a/20177092/4415884" - "https://github.com/swisspush/gateleen/pull/426#discussion_r813752075" - "https://github.com/swisspush/gateleen/blob/v1.1.61/gateleen-kafka/src/main/java/org/swisspush/gateleen/kafka/KafkaMessageSender.java#L21" -- performance long "https://m.youtube.com/watch?v=x5akmCWgGY0" -- think please ... "https://m.youtube.com/watch?v=hSfylUXhpkA" - -## The Only way to Format Dates ISO 8601 -- "https://xkcd.com/1179/" +- [How to use java fancy streams](https://m.youtube.com/watch?v=x5akmCWgGY0) +- [think please ...](https://m.youtube.com/watch?v=hSfylUXhpkA) +- [java streams are ugly](https://gitit.post.ch/projects/ISA/repos/nsync/pull-requests/55/overview?commentId=328210) ## Backward compatibility, Breaking Changes - "https://www.redstar.be/backward-compatibility-in-software-development-what-and-why/" @@ -227,30 +234,45 @@ Links (Aka argument amplifiers) - [thor-DasUnheilNaht](https://gitit.post.ch/projects/ISA/repos/fis-masterdata-api/pull-requests/17/overview?commentId=227703) - [thor-DerBlizHatEingeschlagen](https://gitit.post.ch/projects/ISA/repos/fis-masterdata-api/pull-requests/18/overview) - [PaISA api new enum values](https://gitit.post.ch/projects/ISA/repos/fis-control-api/pull-requests/14/overview?commentId=296012) +- [Keep APIs scope narrow as possible](https://gitit.post.ch/projects/ISA/repos/timetable-reservation-api/pull-requests/12/overview?commentId=327819) ## Performance DOES matter - "https://github.com/swisspush/gateleen/pull/456#discussion_r844865066" - [Performance Excuses Debunked](https://m.youtube.com/watch?v=x2EOOJg8FkA) -- [Is writing performant code too expensive?](https://m.youtube.com/watch?v=EpYr3T5VP6w) -- [Simple Code, High Performance](https://m.youtube.com/watch?v=Ge3aKEmZcqY) +- [Is writing performant code too expensive?](https://www.youtube.com/watch?v=EpYr3T5VP6w&t=1109) +- [Simple Code, High Performance](https://m.youtube.com/watch?v=Ge3aKEmZcqY&t=78) - [Houston Last führt zu Neustart](https://wikit.post.ch/x/HDV8T) - [Houston storage request timed out large json](https://jira.post.ch/browse/SDCISA-11294) - [Preflux Garbage Collection issues](https://jira.post.ch/browse/SDCISA-4714) - [Preflux Gatherfacts läuft in Timeout](https://jira.post.ch/browse/SDCISA-8136) +- [Performance Fahrplanimports](https://jira.post.ch/browse/SDCISA-11528) - [Houston Optimize EnqueuePatrol](https://jira.post.ch/browse/SDCISA-2876) - [Update beim Fahrzeughersteller dauert zu lange](https://jira.post.ch/browse/SDCISA-9059) - [vortex too slow](https://jira.post.ch/browse/SDCISA-9990) +- [2023-10-27 OOM nun auch auf Eagle](https://wikit.post.ch/x/c2U1Tw) +- [Fahrplanimports slow](https://jira.post.ch/browse/SDCISA-11528) +- [Jenkinsbuild too slow](https://jira.post.ch/browse/SDCISA-14313?focusedId=1914236&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1914236) +- [Houston check too slow](https://jira.post.ch/browse/SDCISA-13746?focusedId=1937167&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1937167) ## Performance is not an issue ... - [Houston OOM 2023-06-27](https://wikit.post.ch/x/_Bv6Rw) - [Houston OOM 2023-01-20](https://wikit.post.ch/x/iRepPQ) - [Houston OOM Killed](https://jira.post.ch/browse/SDCISA-10871) +- [SDCISA-14967 Houston collects all req bodies into memory](https://jira.post.ch/browse/SDCISA-14967) - [http cache disable](https://gitit.post.ch/projects/ISA/repos/bangbang/pull-requests/1/overview?commentId=287832) +- [How to repair KISS for performance](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/304/diff) +- [Houston readyness fails often](https://jira.post.ch/browse/SDCISA-13746?focusedId=1899551&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1899551) +- [Just one message per minute](https://gitit.post.ch/projects/ISA/repos/eagle/pull-requests/375/overview?commentId=330543) +- [Houston down readyness probe timeout](https://wikit.post.ch/x/koO0Vg) ## Common Performance -- [Optimize code by doing less](https://m.youtube.com/watch?v=5rb0vvJ7NCY) +- [Java Exceptions performance is bad](https://www.baeldung.com/java-exceptions-performance) +- [going fast is about doing less](https://m.youtube.com/watch?v=5rb0vvJ7NCY) - [CppCon Tuning Benchmarks clang CPUs Compilers" ](https://m.youtube.com/watch?v=nXaxk27zwlk) +## Errorhandling is not needed ... +- [OOM exit code 137 9 sigkill houston openshift pod](https://jira.post.ch/browse/SDCISA-13746?focusedId=1925526&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1925526) + ## Bugs are not an issue - [Bistr gateleen Forwarder exception](https://jira.post.ch/browse/SDCISA-11147) @@ -260,6 +282,7 @@ Links (Aka argument amplifiers) ## How to API design - "https://m.youtube.com/watch?v=2xgplCQS1bY" - [How to migrate an API properly via migration path](https://wikit.post.ch/x/pK1WJQ) +- [What "Software Architect" means](https://m.youtube.com/watch?v=rPJfadFSCyQ&t=900) ## Posix c API design - "https://lucumr.pocoo.org/2013/8/18/beautiful-native-libraries/" @@ -347,9 +370,10 @@ Links (Aka argument amplifiers) - "https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html" ## YAGNI (but also KISS and DRY) -- "https://medium.com/swlh/yagni-and-dry-the-kiss-of-death-for-your-software-project-cfd44b0654b6#fc82" +- [YAGNI, KISS and DRY](https://medium.com/swlh/yagni-and-dry-the-kiss-of-death-for-your-software-project-cfd44b0654b6) - [eagle queue json only](https://gitit.post.ch/projects/ISA/repos/eagle/pull-requests/331/overview?commentId=236944) -- [Uncle Bob - Why Are Programmers slow](https://youtu.be/G6HyEeEcB-w) +- [How to repair KISS](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/304/diff) +- [won't stream, bcause YAGNI](https://gitit.post.ch/projects/ISA/repos/bangbang/pull-requests/5/overview?commentId=316503) ## How to format method parameters - "https://gitit.post.ch/projects/ISA/repos/god-backend/pull-requests/281/overview?commentId=210650" @@ -386,10 +410,10 @@ Links (Aka argument amplifiers) ## java assert - [how to enable](https://stackoverflow.com/a/68893479/4415884) -- [What are they for](https://stackoverflow.com/a/298933/4415884) +- [When to use them](https://softwareengineering.stackexchange.com/a/15518/306800) - [What are they for](https://en.wikipedia.org/wiki/Assertion_(software_development)#Assertions_for_run-time_checking) +- [What are they for](https://stackoverflow.com/a/298933/4415884) - [How and when to use them](https://docs.oracle.com/javase/8/docs/technotes/guides/language/assert.html) -- [When to use them](https://softwareengineering.stackexchange.com/questions/15515/when-to-use-assertions-and-when-to-use-exceptions) - [I dont care](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/505/overview?commentId=219173) ## Mensch verblödet, modern tech, IQ, dumm, test @@ -413,12 +437,18 @@ Links (Aka argument amplifiers) ## Resilience limit upper bound - [Thought OOM](https://jira.post.ch/browse/SDCISA-10021) - [Thought DB streams](https://wikit.post.ch/pages/viewpage.action?pageId=993270063&focusedCommentId=993272727#comment-993272727) +- [in-memory buffer OOM](https://gitit.post.ch/projects/ISA/repos/nsync/pull-requests/55/overview?commentId=324715) + +## Resilience reliable end-to-end transport - [How To Prevent Data Loss On A Non-Reliable Transport Channel](https://wikit.post.ch/x/4y_nQg) +- [Houston losing hook messages](https://jira.post.ch/browse/SDCISA-13346) +- [Not interested in the fix](https://jira.post.ch/browse/SDCISA-11619?focusedId=1913186&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1913186) ## Bugs, Frameworks, Dependencies include them all - "https://medium.com/dinahmoe/escape-dependency-hell-b289de537403" - "https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/119/overview?commentId=46245" - [Stop Ductaping crap together](https://devrant.com/rants/5107044) +- [JavaMelody OutOfMemory](https://wikit.post.ch/display/ISA/God+UI+ohne+Inhalt?focusedCommentId=1439580947#comment-1439580947) ## Input validation - [WontDo](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/512/overview?commentId=222672) @@ -444,6 +474,7 @@ Links (Aka argument amplifiers) ## FileLogging is a MUST have (kibana is bullsh**) - [example](https://jira.post.ch/browse/SDCISA-8382?focusedCommentId=1554435&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1554435) +- [example](https://jira.post.ch/browse/SDCISA-13655) - [warning](https://jira.post.ch/browse/SDCISA-7230?focusedCommentId=1550476&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1550476) ## Automatic variable dynamic version are evil @@ -505,6 +536,8 @@ Links (Aka argument amplifiers) ## security - [SDCISA-4808] Security flaw due to no-security-if-no-identity policy Open - [Make ISA secure (again?)](https://wikit.post.ch/x/n984Mg) +- [platform public IP exposed wont fix](https://jira.post.ch/browse/SDCISA-6998) +- [houston public IP exposed](TODO) ## Bus Factor Faktor - [Bus factor definition wikipedia](https://en.wikipedia.org/wiki/Bus_factor) @@ -533,3 +566,32 @@ Links (Aka argument amplifiers) ## Qemu is Crap - [Qemu for Windows Host Quirks](https://wonghoi.humgar.com/blog/2021/05/03/qemu-for-windows-host-quirks/) +## Git paisa complain about rebase stuff +- [Complain about force-pushes](https://gitit.post.ch/projects/ISA/repos/lazlar/pull-requests/3/overview?commentId=311142) + +## Angular is terrible +- [Why angular sucks](https://medium.com/dirtyjs/why-angular-2-4-5-6-sucks-afb36567ad68) +- [JS bloat everywhere](https://tonsky.me/blog/js-bloat/) + +## java try-with-resources behavior +[Exception Scenarios for Java's try-with-resources](https://dev.to/moaxcp/exception-scenarios-for-java-s-try-with-resources-63m) + +[About TLS in isa](https://jira.post.ch/browse/SDCISA-14330?focusedId=1925001&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1925001) + +## Tools like tcpdump are incredibly important +- [tcpdump discovers the truth once more](https://jira.post.ch/browse/SDCISA-13746?focusedId=1939377&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-1939377) + +## MUST have an issue +- [no-issue PR gets sued](https://gitit.post.ch/projects/ISA/repos/preflux/pull-requests/721/overview?commentId=349529) + +## Format Date ISO 8601, UTC GMT localtime +- [public service announcement](https://xkcd.com/1179/) +- [3 simple rules](https://dev.to/corykeane/3-simple-rules-for-effectively-handling-dates-and-timezones-1pe0) + +## (TODO put to a better place in here) +- [how to handle vertx promise fail/errors properly](https://github.com/swisspost/vertx-redisques/pull/164#discussion_r1562105007) + +- [null VS empty](https://jira.post.ch/browse/SDCISA-14534) + + + diff --git a/doc/note/maven-pom/howto-ban-unwanted-sh__.txt b/doc/note/maven-pom/howto-ban-unwanted-sh__.txt new file mode 100644 index 0000000..1edad9b --- /dev/null +++ b/doc/note/maven-pom/howto-ban-unwanted-sh__.txt @@ -0,0 +1,41 @@ + + + <project> + <dependencies> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-slf4j-impl</artifactId> + <version>[0.0.0,)</version> + <scope>provided</scope> + </dependency> + </dependencies> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-enforcer-plugin</artifactId> + <!--<version>1.4.1</version>--> + <version>3.4.1</version> + <executions> + <execution> + <goals><goal>enforce</goal></goals> + <configuration> + <rules> + <bannedDependencies> + <excludes> + <exclude>org.apache.logging.log4j:log4j-slf4j-impl</exclude> + </excludes> + </bannedDependencies> + </rules> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + <project> + + +## Sources + +- [How to globally exclude mvn dependency](https://stackoverflow.com/a/39979760/4415884) +- [How to yell about bannded dependencies](https://stackoverflow.com/a/46104531/4415884) + diff --git a/doc/note/maven/maven.txt b/doc/note/maven/maven.txt index eb55ba0..a9fd248 100644 --- a/doc/note/maven/maven.txt +++ b/doc/note/maven/maven.txt @@ -4,14 +4,18 @@ Maven mvn dependency:help -Ddetail=true -mvn versions:set -DgenerateBackupPoms=false -DnewVersion= +mvn versions:set -DgenerateBackupPoms=false -DallowSnapshots=true -DnewVersion= mvn versions:set -DgenerateBackupPoms=false -DnextSnapshot -mvn versions:update-parent -DparentVersion= +mvn versions:update-parent -DgenerateBackupPoms=false -DallowDowngrade=true -DallowSnapshots=true -DforceUpdate=true -DskipResolution=true -DparentVersion=YOUR_VERSION -mvn versions:set-property -Dproperty=foo.bar -DnewVersion=gugus +mvn versions:set-property -DgenerateBackupPoms=false -DallowSnapshots=true -Dproperty=foo.bar -DnewVersion=gugus +export MAVEN_OPTS="..." + +## Get project version without any other bullshit +mvn help:evaluate -o -q -DforceStdout -Dexpression=project.version && echo ## Deploy paisa snapshot mvn deploy -DaltDeploymentRepository=artifactory-snapshots::default::https://artifactory.tools.pnet.ch/artifactory/libs-snapshot-local @@ -21,6 +25,18 @@ mvn deploy -DaltDeploymentRepository=artifactory-snapshots::default::https://art mvn deploy -Dcmake.generate.skip=true -Dcmake.compile.skip=true -DaltDeploymentRepository=artifactory-releases::default::https://artifactory.tools.pnet.ch/artifactory/libs-release-local +true \ + && DEPLOPTS= \ + && `# Deploy custom gateleen build 20240206` \ + && mvn clean install -pl '!gateleen-hook-js,!gateleen-playground' \ + && mvn deploy -DskipTests -pl '!gateleen-hook-js,!gateleen-playground' ${DEPLOPTS:?} \ + && `# Deploy custom houston build 20240216` \ + && jenkinsbuild-by-upstream \ + #&& mvn clean install \ + #&& mvn deploy -DskipTests ${DEPLOPTS:?} \ + && true + + ## Run e2e locally mvn verify -U -DSelBaseUrl=http://localhost:7012/apigateway/services/foo/index.html -Dskip.tests=false -Dserver.host=localhost -Dserver.port=7012 -Ptestsuite @@ -29,6 +45,6 @@ mvn verify -U -DSelBaseUrl=http://localhost:7012/apigateway/services/foo/index.h mvn dependency:go-offline -(See als "https://maven.apache.org/plugins/maven-dependency-plugin/go-offline-mojo.html") +[See also](https://maven.apache.org/plugins/maven-dependency-plugin/go-offline-mojo.html) diff --git a/doc/note/mount/fstab.txt b/doc/note/mount/fstab.txt new file mode 100644 index 0000000..de642ce --- /dev/null +++ b/doc/note/mount/fstab.txt @@ -0,0 +1,13 @@ + +fstab +===== + +## Moving firefox cache to RAM + +Effect: Faster at runtime, slower at startup. + +fstab entry: +none /home/YOURNAME/.cache/mozilla/firefox tmpfs noatime,noexec,users 0 0 + + + diff --git a/doc/note/mount/mount.txt b/doc/note/mount/mount.txt new file mode 100644 index 0000000..99e1521 --- /dev/null +++ b/doc/note/mount/mount.txt @@ -0,0 +1,8 @@ + +## tmpfs / ramfs + +TODO: it seems as 'size' has no effect, and system may run OOM instead. + + mount -t ramfs -o size=1G ramfs /mnt/ramfs + chown -R $(whoami):$(whoami) /mnt/ramfs + diff --git a/doc/note/nginx/nginx-wdoof.txt b/doc/note/nginx/nginx-wdoof.txt index 2bf7a52..cc9c23d 100644 --- a/doc/note/nginx/nginx-wdoof.txt +++ b/doc/note/nginx/nginx-wdoof.txt @@ -23,6 +23,7 @@ http { sendfile on; keepalive_timeout 65; server { + # For public access use "8080" and "[::]:8080" listen 127.0.0.1:8080; server_name localhost; location / { diff --git a/doc/note/nginx/nginx.txt b/doc/note/nginx/nginx.txt index 2a15ae5..75f2431 100644 --- a/doc/note/nginx/nginx.txt +++ b/doc/note/nginx/nginx.txt @@ -1,4 +1,51 @@ +## Basic nginx config + +[looks promising](https://stackoverflow.com/a/73297125/4415884) + + # Basic setup: + # - Maybe change "access_log" to "/var/log/nginx/access.log". + # - For CLI use: Change all "/tmp/nginx" to "." (single dot, aka workdir or + # other user writable dir). + # Public expose setup: + # - Adapt "listen" as commented. + # - set "server_name" to meaningful value. + # + #daemon off; # run in foreground (eg from cli) + #user www-data; + #worker_processes auto; + pid /run/nginx.pid; + events {} + http { + access_log /dev/stdout; + # Directories nginx needs configured to start up. + client_body_temp_path /tmp/nginx; + proxy_temp_path /tmp/nginx; + fastcgi_temp_path /tmp/nginx; + uwsgi_temp_path /tmp/nginx; + scgi_temp_path /tmp/nginx; + server { + # public access: "80" and "[::]:80" + # local access: "127.0.0.1:80" and "[::1]:80" + listen 127.0.0.1:80; + listen [::1]:80; + server_name localhost; + root /srv/www; + location /foo { + #autoindex on; # directory listing + try_files $uri $uri/ =404; + } + location /example { + return 200 "Example says hi"; + } + } + } + + +[tutorial](https://www.javatpoint.com/nginx-minimal-configuration) + + + ## fCGI keep alive backend connections upstream myFancyBackend { diff --git a/doc/note/openshift/dbg-mem-issues.txt b/doc/note/openshift/dbg-mem-issues.txt new file mode 100644 index 0000000..c730629 --- /dev/null +++ b/doc/note/openshift/dbg-mem-issues.txt @@ -0,0 +1,170 @@ + +How to hunt memory issues in production +======================================= + +true \ + && SVCNAME=foo-prod \ + && PID=42 \ + && OC= \ + && JMX= \ + && MemLeakTry1="lua -W MemLeakTry1.lua" \ + && dropPadding () { sed -E 's_ *; *_;_g'; } \ + && getPodName () { ${OC:?} get pods | egrep ston-[0-9] | cut -d' ' -f1; } \ + && true + + +${OC:?} exec -ti "$(${OC:?} get pods|egrep ston-1|cut -f1 -d' ')" -- pmap 9 > "pmap/${SVCNAME:?}"-pmap-$(date -u +%Y%m%d-%H%M%S).txt + +true `# Track pod memory` \ + && ${OC:?} exec -ti "$(${OC:?} get pods|grep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'true \ + && printf '\''h;PageSize;%s\n'\'' $(getconf PAGESIZE) \ + && printf '\''c;%-24s;%8s;%8s;%8s;%5s;%4s;%3s;%8s;%3s;%7s\n'\'' When nThrds size RSS SHR text lib data dt nFds \ + && while true; do true \ + && printf '\''r;%s;%8s;%8d;%8d;%5d;%4d;%3d;%8d;%3d;%7d\n'\'' \ + "$(date -Is)" \ + $(cat /proc/'${PID:?}'/stat|cut -d" " -f20) \ + $(cat /proc/'${PID:?}'/statm) \ + $(ls -1 /proc/'${PID:?}'/fd | wc -l) \ + && sleep $(expr 60 - \( $(date +%s) % 60 \)) || break; done' \ + | tee "mem/${SVCNAME:?}"-mem-$(date +%Y%m%d-%H%M%S%z).csv + +true `# log JMX stuff` \ + && grepUsed () { egrep 'used : ' | sed -r 's_^[^0-9]+ ([0-9]+) [^0-9]+$_\1_'; } \ + && grepPureNumberLine () { egrep $(printf '^[0-9]+\r?$') | sed -r 's_^(.*)\r$_\1_'; } \ + && (true \ + && printf 'c; When ; JvmMetaspace; jvmNonHeap; JvmClassCnt; JvmHeap\n' \ + && while true; do true \ + && metaSpcByts="$(curl -sS "${JMX:?}"'/servers/0/domains/java.lang/mbeans/name=Metaspace,type=MemoryPool/attributes/Usage/' | grepUsed)" \ + && jvmNonHeap="$(curl -sS "${JMX:?}"'/servers/0/domains/java.lang/mbeans/type=Memory/attributes/NonHeapMemoryUsage/' | grepUsed)" \ + && ldClassCnt="$(curl -sS "${JMX:?}"'/servers/0/domains/java.lang/mbeans/type=ClassLoading/attributes/LoadedClassCount/' | grepPureNumberLine)" \ + && jvmHeap="$(curl -sS "${JMX:?}"'/servers/0/domains/java.lang/mbeans/type=Memory/attributes/HeapMemoryUsage/' | grepUsed)" \ + && printf 'r;%s;%13d;%11d;%12d;%11d\n' "$(date -Is)" "${metaSpcByts:?}" "${jvmNonHeap:?}" "${ldClassCnt:?}" "${jvmHeap:?}" \ + && sleep $(expr 60 - \( $(date +%s) % 60 \)) || break \ + ; done) \ + | tee "jmx/houston-prod-jmx-Metaspace-used-$(date +%Y%m%d-%H%M%S).log" \ + && true + +(true `# Fetch logs` \ + && while true; do true \ + && printf '%s - Fetch logs\n' "$(date -Is)" \ + && ${OC:?} exec -i "$(getPodName)" -- sh -c 'cd /usr/local/vertx/logs && (tar -cz houston* || test $? -eq 1)' \ + > "logs/${SVCNAME:?}-log-$(date -u +%Y%m%d-%H%M%SZ).tgz" \ + && sleep $(expr 14400 - \( $(date +%s) % 14400 \)) || break; done \ + && true) + +true `# Merge logs` \ + && PREFX="houston-prod-log-" \ + && SUFFX=".tgz" \ + && for SRCTGZ in \ + ${PREFX:?}20231110-160510Z${SUFFX:?} \ + ${PREFX:?}20231110-181226Z${SUFFX:?} \ + ${PREFX:?}20231114-093133Z${SUFFX:?} \ + ${PREFX:?}20231114-120002Z${SUFFX:?} \ + ${PREFX:?}20231114-123040Z${SUFFX:?} \ + ${PREFX:?}20231114-160001Z${SUFFX:?} \ + ${PREFX:?}20231116-082933Z${SUFFX:?} \ + ${PREFX:?}20231116-120002Z${SUFFX:?} \ + ${PREFX:?}20231116-160002Z${SUFFX:?} \ + ${PREFX:?}20231117-081112Z${SUFFX:?} \ + ${PREFX:?}20231117-120001Z${SUFFX:?} \ + ${PREFX:?}20231117-164612Z${SUFFX:?} \ + ; do true \ + && echo "[INFO ] Create ${SRCTGZ%.*}.log" \ + && tar xf ../logs/${SRCTGZ:?} \ + && unzip houston.log.1.zip \ + && cat houston.log.1 houston.log > "${SRCTGZ%.*}.log" \ + && rm houston.log.1.zip houston.log.1 houston.log \ + ;done && true \ + && printf '%s' ' + local newLogFileMerger = require("AndisLogUtils").newLogFileMerger + local merger = newLogFileMerger{ + sources = { + io.open("houston-prod-log-20231110-160510Z.log", "r"), + io.open("houston-prod-log-20231110-181226Z.log", "r"), + io.open("houston-prod-log-20231114-093133Z.log", "r"), + io.open("houston-prod-log-20231114-120002Z.log", "r"), + io.open("houston-prod-log-20231114-123040Z.log", "r"), + io.open("houston-prod-log-20231114-160001Z.log", "r"), + io.open("houston-prod-log-20231116-082933Z.log", "r"), + io.open("houston-prod-log-20231116-120002Z.log", "r"), + io.open("houston-prod-log-20231116-160002Z.log", "r"), + io.open("houston-prod-log-20231117-081112Z.log", "r"), + io.open("houston-prod-log-20231117-120001Z.log", "r"), + io.open("houston-prod-log-20231117-164612Z.log", "r"), + }, + snk = { write = function( t, buf, b, c ) io.stdout:write(buf) io.stdout:write("\n") end, }, + }' | lua -W - | gzip -n > houston-log-merged-$(date -u +%Y%m%d-%H%M%S)Z.log.gz \ + && true + + +`# Create heap dump` +com.sun.management.dumpHeap("/usr/local/vertx/houston-storage-file/houston-___-heap-2023____-____Z.hprof", true) + +`# Inspect` +ocprod exec -i "$(ocprod get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && ls -Ahl' + +true `# Get made heap dump` \ + && echo create checksum. \ + && ocprod exec -i "$(ocprod get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && md5sum -b houston-*.hprof >> MD5SUM-$(date -u +%Y%m%d-%H%M%SZ)' \ + && echo checksum done. Begin dload. \ + && ocprod exec -i "$(ocprod get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && tar c houston-*.hprof MD5SUM*' | (cd heapDump && tar x) \ + && echo dload done \ + && true + +true `# Probe` \ + && stage=prod \ + && logFile="houston-${stage:?}-ready-$(date -u +%Y%m%d-%H%M%SZ).log" \ + && printf 'c; when ;rspCode; connectSec; trsfSec; totlSec; curlExit\n' | tee -a "${logFile:?}" \ + && while true; do true \ + && printf 'r;%s;%7d;%11.3f;%8.3f;%8.3f;%9d\n' \ + $(date +%Y-%m-%dT%H:%M:%S%z) \ + $(curl -sSw "%{http_code} %{time_connect} %{time_starttransfer} %{time_total}" "${houstonServerInfoUrl:?}" -o /dev/null || ex=$? && echo " $ex") \ + | tee -a "${logFile:?}" \ + && sleep $(expr 60 - $(date +%s) % 60) || break \ + ;done \ + && true + +true \ + && ONE="houston-prod-pmap-20231102-163425.txt" \ + && TWO="houston-prod-pmap-20231103-074301.txt" \ + && diff -U0 "${ONE:?}" "${TWO:?}" | egrep '^\+' | sed -r 's_\+([^ ]+) .*$_\1_'|sort|uniq \ + && true + +(true \ + && for F in $(ls *pmap*.txt); do true \ + && printf "$F\n" \ + && DATE="$(date +%s -d "$(echo $F|sed -r 's_.*([0-9]{4})([0-9]{2})([0-9]{2})-([0-9]{2})([0-9]{2})([0-9]{2}).*_\1-\2-\3T\4:\5:\6Z_')")" \ + && <"$F" ${MemLeakTry1:?} --date "${DATE:?}" > "${F%.*}.csv" \ + ;done) + + + + + + + +Zwischenfall auf INT 20231124 + + + +`# Create heap dump` +com.sun.management.dumpHeap("/usr/local/vertx/houston-storage-file/houston-___-heap-2023____-____Z.hprof", true) + +`# Inspect` +${OC:?} exec -i "$(${OC:?} get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && ls -Ahl' + +true `# Get made heap dump` \ + && if test ! -d heapDump; then echo "Dir heapDump missing"; false ;fi \ + && echo create checksum. \ + && ${OC:?} exec -i "$(${OC:?} get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && md5sum -b houston-*.hprof >> MD5SUM-$(date -u +%Y%m%d-%H%M%SZ)' \ + && echo checksum done. Begin dload. \ + && ${OC:?} exec -i "$(${OC:?} get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /usr/local/vertx/houston-storage-file && tar c houston-*.hprof MD5SUM*' | (cd heapDump && tar x) \ + && echo dload done \ + && true + + + + + + + diff --git a/doc/note/openshift/openshift.txt b/doc/note/openshift/openshift.txt index e807da3..88e33ee 100644 --- a/doc/note/openshift/openshift.txt +++ b/doc/note/openshift/openshift.txt @@ -77,10 +77,18 @@ HINT: ALL files from Current dir (.) will get uploaded (when global rsync not av ## up/down scale from cli. input von thom (20230815) - oc scale dc/preflux --replicas=1 + oc scale dc/${SVCNAME:?} --replicas=1 -## TODO what was this for? - oc get pvc + +## Kube Probe + + echo && ocprod exec -ti "$(ocprod get pods|egrep ston-[0-9]|cut -f1 -d' ')" -- sh -c 'true \ + && printf "c; When ; rsp_code; time_connect; time_redirect; time_starttransfer; time_total\n" \ + && while true; do true \ + && now=$(date -uIs) \ + && curl -sS -o/dev/null -w "r; $(date -uIs); %{response_code}; %{time_connect}s; %{time_redirect}s; %{time_starttransfer}s; %{time_total}s\n" 127.0.0.1:7012/houston/server/info \ + && sleep 5 || break \ + ;done' | tee -a C:/work/tmp/houston-prod-inPod-probe.log diff --git a/doc/note/pdf/pdfToPng.txt b/doc/note/pdf/pdfToPng.txt new file mode 100644 index 0000000..234b1ea --- /dev/null +++ b/doc/note/pdf/pdfToPng.txt @@ -0,0 +1,3 @@ + + && pdftoppm -f 1 -t 1 -png input.pdf > output.pdf \ + diff --git a/doc/note/qemu/build-cJSON.txt b/doc/note/qemu/build-cJSON.txt new file mode 100644 index 0000000..0e8d0df --- /dev/null +++ b/doc/note/qemu/build-cJSON.txt @@ -0,0 +1,76 @@ + +### Debian native +true \ + && PKGS_TO_ADD="ca-certificates curl gcc libc6-dev" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="curl mingw-w64-gcc tar" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +# Generic +true \ + && CJSON_VERSION="1.7.15" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && CJSON_URL="https://github.com/DaveGamble/cJSON/archive/refs/tags/v${CJSON_VERSION:?}.tar.gz" \ + && CJSON_SRCTGZ="${CACHE_DIR:?}/cJSON-${CJSON_VERSION:?}.tgz" \ + && CJSON_BINTGZ="${CJSON_SRCTGZ%.*}-bin.tgz" \ + && ${PKGINIT:?} && ${PKGADD:?} ${PKGS_TO_ADD} \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && if test ! -e "${CJSON_SRCTGZ:?}"; then (true \ + && echo "Download \"${CJSON_URL:?}\"" \ + && curl -sSLo "${CJSON_SRCTGZ:?}" "${CJSON_URL:?}" \ + );fi \ + && if test ! -e "${CJSON_BINTGZ:?}"; then (true \ + && printf '\n Build cJSON\n\n' \ + && tar xzf "${CJSON_SRCTGZ:?}" \ + && cd "cJSON-${CJSON_VERSION:?}" \ + && mkdir build build/obj build/lib build/include \ + && CFLAGS="-Wall -pedantic -fPIC" \ + && ${HOST_}cc $CFLAGS -c -o build/obj/cJSON.o cJSON.c \ + && ${HOST_}cc $CFLAGS -shared -o build/lib/libcJSON.so.${CJSON_VERSION:?} build/obj/cJSON.o \ + && unset CFLAGS \ + && (cd build/lib \ + && MIN=${CJSON_VERSION%.*} && MAJ=${MIN%.*} \ + && ln -s libcJSON.so.${CJSON_VERSION:?} libcJSON.so.${MIN:?} \ + && ln -s libcJSON.so.${MIN:?} libcJSON.so.${MAJ} \ + ) \ + && ${HOST_}ar rcs build/lib/libcJSON.a build/obj/cJSON.o \ + && cp -t build/. LICENSE README.md \ + && cp -t build/include/. cJSON.h \ + && rm build/obj -rf \ + && (cd build \ + && find -type f -not -name MD5SUM -exec md5sum -b {} + > MD5SUM \ + && tar --owner=0 --group=0 -czf "${CJSON_BINTGZ:?}" * \ + && md5sum -b "${CJSON_BINTGZ:?}" > "${CJSON_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "cJSON-${CJSON_VERSION:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${CJSON_BINTGZ:?}" \ + && true + + + diff --git a/doc/note/qemu/build-gateleen.txt b/doc/note/qemu/build-gateleen.txt new file mode 100644 index 0000000..c29fcdc --- /dev/null +++ b/doc/note/qemu/build-gateleen.txt @@ -0,0 +1,79 @@ + + +### Alpine +true \ + && PKGS_TO_ADD="curl maven nodejs npm redis openjdk11-jre-headless" \ + && SUDO="${HOME:?}/.local/bin/mysudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN=true \ + && mkdir -p "${HOME:?}/.local/bin" \ + && printf '%s\n' '#!/bin/sh' 'printf "Sudo "' 'su root -c "$(echo "$@")"' > "${HOME:?}/.local/bin/mysudo" \ + && chmod u+x "${HOME:?}/.local/bin/mysudo" \ + && true + + +### Generic +true \ + && GATELEEN_GIT_TAG="v1.3.28" \ + && WORKDIR="/${HOME:?}/work" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Setup Dependencies & get sources +true \ + && ${PKGINIT:?} && ${PKGADD:?} $PKGS_TO_ADD \ + \ + && curl -sSL https://github.com/swisspush/gateleen/archive/refs/tags/"${GATELEEN_GIT_TAG:?}".tar.gz > "${CACHE_DIR:?}/gateleen-${GATELEEN_GIT_TAG:?}.tgz" \ + && true + + +### Make +true \ + && mkdir -p "${WORKDIR:?}/gateleen" && cd "${WORKDIR:?}/gateleen" \ + && tar --strip-components 1 -xf "${CACHE_DIR:?}/gateleen-${GATELEEN_GIT_TAG:?}.tgz" \ + && (cd gateleen-hook-js && npm install) \ + && mkdir -p gateleen-hook-js/node/node_modules/npm/bin \ + && ln -s /usr/bin/node gateleen-hook-js/node/node \ + && printf "require('/usr/lib/node_modules/npm/lib/cli.js')\n" | tee gateleen-hook-js/node/node_modules/npm/bin/npm-cli.js >/dev/null \ + && mvn install -PpublicRepos -DskipTests -Dskip.installnodenpm -pl gateleen-hook-js \ + && mvn install -PpublicRepos -DfailIfNoTests=false \ + -pl '!gateleen-test,!gateleen-hook-js' \ + '-Dtest=!ReleaseLockLuaScriptTests,!RedisCacheStorageTest,!DeltaHandlerTest,!QueueCircuitBreakerCloseCircuitLuaScriptTests,!QueueCircuitBreakerGetAllCircuitsLuaScriptTests,!QueueCircuitBreakerHalfOpenCircuitsLuaScriptTests,!QueueCircuitBreakerReOpenCircuitLuaScriptTests,!QueueCircuitBreakerUpdateStatsLuaScriptTests,!RemoveExpiredQueuesLuaScriptTests,!StartQueueTimerLuaScriptTests' \ + && mkdir "${WORKDIR:?}/classpath" \ + && (cd gateleen-playground && mvn dependency:copy-dependencies \ + -DexcludeScope=provided -DoutputDirectory="${WORKDIR:?}/classpath/.") \ + && cp gateleen-playground/target/gateleen-playground-*.jar "${WORKDIR:?}/classpath/." \ + && mkdir "${WORKDIR:?}/etc" "${WORKDIR:?}/redis-state" \ + && printf >"${WORKDIR:?}/etc/redis.conf" '%s\n' \ + 'save ""' \ + 'appendonly yes' \ + 'appendfilename appendonly.aof' \ + && `# Squeeze those funny "static files" into redis` \ + && (cd "${WORKDIR:?}/redis-state" && redis-server "${WORKDIR:?}/etc/redis.conf" \ + & java -cp "${WORKDIR:?}/classpath/"'*' org.swisspush.gateleen.playground.Server \ + & sleep 3 \ + ) \ + && (cd "${WORKDIR:?}/gateleen" && mvn deploy -PuploadStaticFiles) \ + && (pkill -INT java || sleep 3 && pkill -TERM java || sleep 3 && pkill -9 java) \ + && pkill -INT redis-server \ + && $PKGDEL $PKGS_TO_DEL \ + && $PKGCLEAN \ + && sleep 3 \ + && (cd "${WORKDIR:?}/gateleen" && mvn clean) \ + && printf '\n DONE\n\n' \ + && true + + +### Run +true \ + && ip a | grep inet \ + && (true \ + && (cd "${WORKDIR:?}/redis-state" && redis-server "${WORKDIR:?}/etc/redis.conf") \ + & true \ + && cd ~ \ + && java -cp "${WORKDIR:?}/classpath/"'*' org.swisspush.gateleen.playground.Server \ + ) \ + && true + diff --git a/doc/note/qemu/build-jssc.txt b/doc/note/qemu/build-jssc.txt new file mode 100644 index 0000000..3acdf6e --- /dev/null +++ b/doc/note/qemu/build-jssc.txt @@ -0,0 +1,41 @@ + +This is only another copy. Likely we should use the one at +https://github.com/hiddenalpha/jssc/blob/master/contrib/hiddenalpha-buildEnv-one +. + +true `# Configure for debian 9` \ + && CXX="g++" \ + && CFLAGS="-fPIC -Wall -pedantic -Werror \ + -Wno-error=long-long \ + -Wno-error=sign-compare \ + -Wno-error=variadic-macros \ + -Wno-long-long" \ + && targets="linux_64" \ + && SUDO= \ + && true + +true `# Setup` \ + && $SUDO apt install -y --no-install-recommends \ + git openjdk-8-jdk-headless g++ maven \ + && true + +true `# Make` \ + && cat contrib/hiddenalpha-buildEnv-one/res/pom.patch | git apply \ + && mvn clean \ + && mvn -PnoCmake compile \ + && printf '%s "%s"\n' "#define JSSC_VERSION" "$(git describe --tags|sed 's,^v,,')" \ + > src/main/cpp/version.h \ + && mkdir -p src/main/resources-precompiled/natives/linux_64 \ + && g++ $CFLAGS -shared \ + -o src/main/resources-precompiled/natives/linux_64/libjssc.so \ + src/main/cpp/_nix_based/jssc.cpp \ + -I/usr/lib/jvm/java-1.8.0-openjdk-amd64/include \ + -I/usr/lib/jvm/java-1.8.0-openjdk-amd64/include/linux \ + -Isrc/main/cpp \ + && for T in ${targets:?}; do + && mvn -PnoCmake -PnoJavah -PnativeJar -P"${T:?}" package \ + ;done \ + && mvn -PnoCmake -PnoJavah -PnoNatives -PwithTestClasspath verify \ + && true + + diff --git a/doc/note/qemu/build-libarchive.txt b/doc/note/qemu/build-libarchive.txt new file mode 100644 index 0000000..96f95d6 --- /dev/null +++ b/doc/note/qemu/build-libarchive.txt @@ -0,0 +1,72 @@ + +### Debian native +### TODO: test this +true \ + && PKGS_TO_ADD="make gcc curl ca-certificates libc6-dev" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="make mingw-w64-gcc curl tar" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk cache clean 2>&1| grep -v 'ERROR: Package cache is not enabled'" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +### General +true \ + && LIBARCHIVE_VERSION="3.6.2" \ + && CACHE_DIR="/var/tmp" \ + && true + + +### Make +true \ + && if test -n "$(ls -A)"; then true \ + && printf '\n It is recommended to run this script in an empty dir.\n\n' \ + && false \ + ;fi \ + && LIBARCHIVE_URL="https://github.com/libarchive/libarchive/releases/download/v${LIBARCHIVE_VERSION:?}/libarchive-${LIBARCHIVE_VERSION:?}.tar.gz" \ + && LIBARCHIVE_SRCTGZ="${CACHE_DIR:?}/libarchive-${LIBARCHIVE_VERSION:?}.tgz" \ + && LIBARCHIVE_BINTGZ="${LIBARCHIVE_SRCTGZ%.*}-bin.tgz" \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && ${PKGINIT:?} && ${PKGADD:?} $PKGS_TO_ADD \ + && if test ! -e "${LIBARCHIVE_SRCTGZ:?}"; then true \ + && echo "Download ${LIBARCHIVE_URL:?}" \ + && curl -sSLo "${LIBARCHIVE_SRCTGZ:?}" "${LIBARCHIVE_URL:?}" \ + ;fi \ + && if test ! -e "${LIBARCHIVE_BINTGZ}"; then (true \ + && printf '\n Build libarchive\n\n' \ + && tar xf "${LIBARCHIVE_SRCTGZ:?}" \ + && cd "libarchive-${LIBARCHIVE_VERSION:?}" \ + && ./configure --prefix="${PWD:?}/build/usr_local" --host=${HOST} \ + --enable-bsdtar=static --enable-bsdcat=static --enable-bsdcpio=static \ + --disable-rpath --enable-posix-regex-lib \ + --with-libiconv-prefix="${PWD%/*}/libiconv-1.16-mingw64" \ + CC=${HOST_}gcc CPP=${HOST_}cpp \ + && make clean && make -j$(nproc) && make install \ + && (cd build/usr_local \ + && rm -rf lib/pkgconfig lib/libarchive.la \ + && find -type f -not -wholename MD5SUM -exec md5sum {} + > MD5SUM \ + && tar --owner=0 --group=0 -czf "${LIBARCHIVE_BINTGZ:?}" * \ + && md5sum -b "${LIBARCHIVE_BINTGZ:?}" > "${LIBARCHIVE_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "libarchive-${LIBARCHIVE_VERSION:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${LIBARCHIVE_BINTGZ:?}" \ + && true + diff --git a/doc/note/qemu/build-libcurl.txt b/doc/note/qemu/build-libcurl.txt new file mode 100644 index 0000000..be7b8c2 --- /dev/null +++ b/doc/note/qemu/build-libcurl.txt @@ -0,0 +1,99 @@ + + +### Debian native +true \ + && PKGS_TO_ADD="autoconf automake ca-certificates curl make" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="git make mingw-w64-gcc curl tar cmake autoconf automake libtool m4" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && CURL_VERSION="8.3.0" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && if test -n "$(ls -A)"; then true \ + && printf '\n It is recommended to run this script in an empty dir.\n\n' \ + && false \ + ;fi \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && CURL_VERSION_UGLY="$(echo "$CURL_VERSION"|sed 's;\.;_;g')" \ + && CURL_URL="https://github.com/curl/curl/archive/refs/tags/curl-${CURL_VERSION_UGLY:?}.tar.gz" \ + && CURL_SRCTGZ="${CACHE_DIR:?}/curl-${CURL_VERSION:?}.tgz" \ + && CURL_BINTGZ="${CURL_SRCTGZ%.*}-bin.tgz" \ + \ + && ${PKGINIT:?} && ${PKGADD:?} $PKGS_TO_ADD \ + && printf '\n Download Sources\n\n' \ + && if test ! -e "${CURL_SRCTGZ:?}"; then true \ + && echo "Download ${CURL_URL:?}" \ + && curl -sSLo "${CURL_SRCTGZ:?}" "${CURL_URL:?}" \ + ;fi \ + && if test ! -e "${CURL_BINTGZ:?}"; then (true \ + && printf '\n Build curl\n\n' \ + && tar xf "${CURL_SRCTGZ:?}" \ + && cd "curl-curl-${CURL_VERSION_UGLY:?}" \ + && autoreconf -fi \ + && if test -n "$HOST"; then HORSCHT="--host=${HOST:?}";fi \ + && ./configure --prefix="$PWD/build/usr_local" --enable-http --with-nghttp2 --with-nghttp3 \ + --disable-alt-svc --disable-ares --disable-aws --disable-basic-auth \ + --disable-bearer-auth --disable-bindlocal --disable-cookies --disable-curldebug \ + --disable-dateparse --disable-debug --disable-dependency-tracking --disable-dict \ + --disable-digest-auth --disable-dnsshuffle --disable-doh --disable-ech --disable-file \ + --disable-form-api --disable-ftp --disable-get-easy-options --disable-gopher \ + --disable-headers-api --disable-hsts --disable-http-auth --disable-imap --enable-ipv6 \ + --disable-kerberos-auth --disable-largefile --disable-ldap --disable-ldaps \ + --disable-libcurl-option --disable-libtool-lock --enable-manual --disable-mime \ + --disable-mqtt --disable-negotiate-auth --disable-netrc --enable-ntlm --enable-ntlm-wb \ + --disable-openssl-auto-load-config --disable-optimize --disable-pop3 \ + --disable-progress-meter --enable-proxy --disable-pthreads --disable-rt --disable-rtsp \ + --disable-smb --enable-smtp --disable-socketpair --disable-sspi --disable-symbol-hiding \ + --disable-telnet --disable-tftp --disable-threaded-resolver --disable-tls-srp \ + --disable-unix-sockets --disable-verbose --disable-versioned-symbols --disable-warnings \ + --disable-websockets --disable-werror --without-schannel --without-secure-transport \ + --without-amissl --without-ssl --without-openssl --without-gnutls --without-mbedtls \ + --without-wolfssl --without-bearssl --without-rustls --without-test-nghttpx \ + --without-test-caddy --without-test-httpd --without-pic --without-aix-soname \ + --without-gnu-ld --without-sysroot --without-mingw1-deprecated --without-hyper \ + --without-zlib --without-brotli --without-zstd --without-ldap-lib --without-lber-lib \ + --without-gssapi-includes --without-gssapi-libs --without-gssapi \ + --without-default-ssl-backend --without-random --without-ca-bundle --without-ca-path \ + --without-ca-fallback --without-libpsl --without-libgsasl --without-librtmp \ + --without-winidn --without-libidn2 --without-ngtcp2 --without-quiche --without-msh3 \ + --without-zsh-functions-dir --without-fish-functions-dir \ + CFLAGS=-fPIC $HORSCHT \ + && make clean && make -j$(nproc) && make install \ + && (cd build/usr_local \ + && rm -rf share/aclocal bin/curl-config lib/libcurl.la lib/pkgconfig \ + && tar --owner=0 --group=0 -czf "${CURL_BINTGZ:?}" * \ + && md5sum -b "${CURL_BINTGZ:?}" > "${CURL_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "curl-curl-${CURL_VERSION_UGLY:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +### Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${CURL_BINTGZ:?}" \ + && true + + diff --git a/doc/note/qemu/build-libpcap.txt b/doc/note/qemu/build-libpcap.txt new file mode 100644 index 0000000..b86dd1c --- /dev/null +++ b/doc/note/qemu/build-libpcap.txt @@ -0,0 +1,64 @@ + +### Debian native +true \ + && PKGS_TO_ADD="curl ca-certificates gcc make libc6-dev flex bison" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="binutils curl mingw-w64-gcc make tar flex bison" \ + && SUDO="/home/$USER/.local/bin/mysudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && PCAP_VERSION="1.10.4" \ + && CACHE_DIR="/var/tmp" \ + && WORKDIR="/tmp" \ + && INSTALL_ROOT="/usr/local" \ + && MAKE_JOBS=$(nproc) \ + && true + + +## Make +true \ + && PCAP_URL="https://github.com/the-tcpdump-group/libpcap/archive/refs/tags/libpcap-${PCAP_VERSION:?}.tar.gz" \ + && PCAP_SRCTGZ="${CACHE_DIR:?}/pcap-${PCAP_VERSION:?}.tgz" \ + && PCAP_BINTGZ="${PCAP_SRCTGZ%.*}-bin.tgz" \ + && if test -f "${PCAP_SRCTGZ:?}" ]; then true \ + && echo "[DEBUG] Already have \"${PCAP_SRCTGZ:?}\"" \ + ;else true \ + && echo curl -sSL "${PCAP_URL:?}" -o "${PCAP_SRCTGZ:?}" \ + && curl -sSL "${PCAP_URL:?}" -o "${PCAP_SRCTGZ:?}" \ + ;fi \ + && ( mkdir "${WORKDIR:?}/pcap-${PCAP_VERSION}" \ + && cd "${WORKDIR:?}/pcap-${PCAP_VERSION}" \ + && tar xf "${PCAP_SRCTGZ:?}" \ + && cd * \ + && ./configure --prefix=${WORKDIR:?}/pcap-"${PCAP_VERSION:?}"/out \ + && make clean \ + && make -j$(nproc) \ + && make install \ + && cd ../out \ + && rm bin/pcap-config lib/pkgconfig -rf \ + && tar cf "${PCAP_BINTGZ:?}" * \ + && printf '\n Build pcap Done\n\n' \ + ) \ + && true + + +### Install +true \ + && $SUDO mkdir -p "${INSTALL_ROOT:?}" \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xf "${PCAP_BINTGZ:?}" \ + && true + diff --git a/doc/note/qemu/build-libpcre1.txt b/doc/note/qemu/build-libpcre1.txt new file mode 100644 index 0000000..491809b --- /dev/null +++ b/doc/note/qemu/build-libpcre1.txt @@ -0,0 +1,70 @@ + + +### Debian native +true \ + && PKGS_TO_ADD="curl git make gcc ca-certificates libc6-dev cmake autoconf automake libtool m4" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="git make mingw-w64-gcc curl tar cmake autoconf automake libtool m4" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && PCRE_VERSION="8.45" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && if test -n "$(ls -A)"; then true \ + && printf '\n It is recommended to run this script in an empty dir.\n\n' \ + && false \ + ;fi \ + && PCRE_URL="https://sourceforge.net/projects/pcre/files/pcre/${PCRE_VERSION:?}/pcre-${PCRE_VERSION:?}.tar.gz/download" \ + && PCRE_SRCTGZ="${CACHE_DIR:?}/pcre-${PCRE_VERSION:?}.tgz" \ + && PCRE_BINTGZ="${PCRE_SRCTGZ%.*}-bin.tgz" \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && ${PKGINIT:?} && ${PKGADD:?} $PKGS_TO_ADD \ + && printf '\n Download Dependency Sources\n\n' \ + && if test ! -e "${PCRE_SRCTGZ:?}"; then true \ + && echo "Download ${PCRE_URL:?}" \ + && curl -sSLo "${PCRE_SRCTGZ:?}" "${PCRE_URL:?}" \ + ;fi \ + && if test ! -e "${PCRE_BINTGZ:?}"; then (true \ + && printf '\n Build curl\n\n' \ + && tar xf "${PCRE_SRCTGZ:?}" \ + && cd "pcre-${PCRE_VERSION:?}" \ + && ./configure --prefix="$PWD/build/usr_local" --host=$HOST --disable-cpp --enable-utf \ + && make clean && make -j$(nproc) && make install \ + && (cd build/usr_local \ + && rm -rf lib/libpcre.la lib/pkgconfig lib/libpcreposix.la bin/pcre-config \ + && tar --owner=0 --group=0 -czf "${PCRE_BINTGZ:?}" * \ + && md5sum -b "${PCRE_BINTGZ:?}" > "${PCRE_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "pcre-${PCRE_VERSION:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${PCRE_BINTGZ:?}" \ + && true + + + diff --git a/doc/note/qemu/build-lua.txt b/doc/note/qemu/build-lua.txt new file mode 100644 index 0000000..5440233 --- /dev/null +++ b/doc/note/qemu/build-lua.txt @@ -0,0 +1,86 @@ + +### Debian native +true \ + && PKGS_TO_ADD="curl ca-certificates gcc make libc6-dev" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="binutils curl mingw-w64-gcc make tar" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && LUA_VERSION="5.4.3" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && if test -n "$(ls -A)"; then true \ + && printf '\n It is recommended to run this script in an empty dir.\n\n' \ + && false \ + ;fi \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && ${PKGINIT:?} && ${PKGADD:?} $PKGS_TO_ADD \ + && LUA_URL="https://www.lua.org/ftp/lua-${LUA_VERSION:?}.tar.gz" \ + && LUA_SRCTGZ="${CACHE_DIR:?}/lua-${LUA_VERSION:?}.tgz" \ + && LUA_BINTGZ="${LUA_SRCTGZ%.*}-bin.tgz" \ + && printf '\n Download Dependency Sources\n\n' \ + && if test ! -e "${LUA_SRCTGZ:?}"; then true \ + && echo "Download ${LUA_URL:?}" \ + && curl -sSLo "${LUA_SRCTGZ:?}" "${LUA_URL:?}" \ + ;fi \ + && if test ! -e "${LUA_BINTGZ:?}"; then (true \ + && printf '\n Build lua\n\n' \ + && tar xf "${LUA_SRCTGZ:?}" \ + && cd "lua-${LUA_VERSION:?}" \ + && mkdir -p build/bin build/include build/lib build/man/man1 \ + && export CFLAGS="-ggdb -Wall -Wextra" \ + && `# Uncomment this line for debugging` \ + && export CFLAGS="$CFLAGS -DLUAI_ASSERT -DLUA_USE_APICHECK" \ + && `# endOf Uncomment` \ + && make clean \ + && if echo "$HOST"|grep -q '\-mingw'; then true \ + && make -j$(nproc) PLAT=mingw \ + CC="${HOST_}gcc -std=gnu99" AR="${HOST_}ar rcu" RANLIB="${HOST_}ranlib" \ + && cp -t build/. README \ + && cp -t build/bin/. src/lua.exe src/luac.exe \ + ;else true \ + && export CFLAGS="$CFLAGS -DLUA_USE_POSIX" \ + && make -j$(nproc) \ + && cp -t build/. README \ + && cp -t build/bin/. src/lua src/luac \ + ;fi \ + && cp -t build/include/. src/lua.h src/luaconf.h src/lualib.h src/lauxlib.h src/lua.hpp \ + && cp -t build/lib/. src/liblua.a \ + && cp -t build/man/man1/. doc/lua.1 doc/luac.1 \ + && (cd build \ + && rm -rf include/lua.hpp \ + && tar --owner=0 --group=0 -czf "${LUA_BINTGZ:?}" * \ + && md5sum -b "${LUA_BINTGZ:?}" > "${LUA_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "lua-${LUA_VERSION:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${LUA_BINTGZ:?}" \ + && true + + diff --git a/doc/note/qemu/build-sqlite.txt b/doc/note/qemu/build-sqlite.txt new file mode 100644 index 0000000..81210f9 --- /dev/null +++ b/doc/note/qemu/build-sqlite.txt @@ -0,0 +1,77 @@ + +### Debian native +true \ + && PKGS_TO_ADD="curl ca-certificates gcc libc6-dev make tcl" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="curl gcc musl-dev make mingw-w64-gcc tar tcl" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && SQLITE_VERSION="3.33.0" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && SQLITE_URL="https://github.com/sqlite/sqlite/archive/refs/tags/version-${SQLITE_VERSION:?}.tar.gz" \ + && SQLITE_SRCTGZ="${CACHE_DIR:?}/sqlite-${SQLITE_VERSION:?}.tgz" \ + && SQLITE_BINTGZ="${SQLITE_SRCTGZ%.*}-bin.tgz" \ + && ${PKGINIT:?} && ${PKGADD:?} ${PKGS_TO_ADD} \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && if test ! -e "${SQLITE_SRCTGZ:?}"; then (true \ + && echo "Download \"${SQLITE_URL:?}\"" \ + && curl -sSLo "${SQLITE_SRCTGZ:?}" "${SQLITE_URL:?}" \ + );fi \ + && if test ! -e "${SQLITE_BINTGZ:?}"; then (true \ + && printf '\n Build SqLite\n\n' \ + && tar xzf "${SQLITE_SRCTGZ:?}" \ + && cd sqlite-*${SQLITE_VERSION:?} \ + && mkdir build \ + && if echo $HOST|grep -q 'mingw'; then true \ + && ./configure --prefix=${PWD:?}/build --host=${HOST:?} \ + CC=${HOST_}cc CPP=$CPP CXX=$CXX BCC=gcc BEXE=.exe config_TARGET_EXEEXT=.exe \ + && ln -s mksourceid.exe mksourceid \ + && make clean && make -j$(nproc) && make install \ + && (cd build \ + && rm -rf lemon* mksourceid lib/pkgconfig lib/*.la \ + ) \ + ;else true \ + && ./configure --prefix=${PWD:?}/build \ + && make clean && make -j$(nproc) && make install \ + ;fi \ + && cp README.md LICENSE.md VERSION build/. \ + && (cd build \ + && rm -rf lib/libsqlite3.la lib/pkgconfig \ + && find -not -name MD5SUM -type f -exec md5sum -b {} + > MD5SUM \ + && tar --owner=0 --group=0 -czf "${SQLITE_BINTGZ:?}" * \ + && md5sum -b "${SQLITE_BINTGZ:?}" > "${SQLITE_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf sqlite-*${SQLITE_VERSION:?} \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${SQLITE_BINTGZ:?}" \ + && true + + + diff --git a/doc/note/qemu/build-zlib.txt b/doc/note/qemu/build-zlib.txt new file mode 100644 index 0000000..a90e616 --- /dev/null +++ b/doc/note/qemu/build-zlib.txt @@ -0,0 +1,73 @@ + +### Debian native +true \ + && PKGS_TO_ADD="curl ca-certificates gcc libc6-dev make" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && HOST= \ + && true + + +### Alpine mingw cross +true \ + && PKGS_TO_ADD="curl make mingw-w64-gcc tar" \ + && SUDO="/home/$USER/.local/bin/sudo" \ + && PKGINIT=true \ + && PKGADD="$SUDO apk add" \ + && PKGCLEAN="$SUDO apk clean" \ + && HOST=x86_64-w64-mingw32 \ + && true + + +## Generic +true \ + && ZLIB_VERSION="1.2.11" \ + && CACHE_DIR="/var/tmp" \ + && true + + +## Make +true \ + && ZLIB_URL="https://downloads.sourceforge.net/project/libpng/zlib/${ZLIB_VERSION:?}/zlib-${ZLIB_VERSION:?}.tar.gz" \ + && ZLIB_SRCTGZ="${CACHE_DIR:?}/zlib-${ZLIB_VERSION:?}.tgz" \ + && ZLIB_BINTGZ="${ZLIB_SRCTGZ%.*}-bin.tgz" \ + && if test -n "$HOST"; then HOST_="${HOST:?}-" ;fi \ + && if test ! -e "${ZLIB_SRCTGZ:?}"; then (true \ + && echo "Download \"${ZLIB_URL:?}\"" \ + && curl -sSLo "${ZLIB_SRCTGZ:?}" "${ZLIB_URL:?}" \ + );fi \ + && if test ! -e "${ZLIB_BINTGZ:?}"; then (true \ + && printf '\n Build zlib\n\n' \ + && tar xzf "${ZLIB_SRCTGZ:?}" \ + && cd "zlib-${ZLIB_VERSION:?}" \ + && mkdir build \ + && if echo $HOST|grep -q '\-mingw'; then true \ + && export DESTDIR=./build BINARY_PATH=/bin INCLUDE_PATH=/include LIBRARY_PATH=/lib \ + && sed -i "s;^PREFIX =.\*\$;;" win32/Makefile.gcc \ + && make -j$(nproc) -fwin32/Makefile.gcc PREFIX=${HOST_:?} \ + && make -fwin32/Makefile.gcc install PREFIX=${HOST_:?} \ + && unset DESTDIR BINARY_PATH INCLUDE_PATH LIBRARY_PATH \ + ;else true \ + && ./configure --prefix=$PWD/build \ + && make -j$(nproc) && make install \ + ;fi \ + && cp README build/. \ + && (cd build \ + && rm -rf lib/pkgconfig \ + && tar --owner=0 --group=0 -czf "${ZLIB_BINTGZ:?}" * \ + && md5sum -b "${ZLIB_BINTGZ:?}" > "${ZLIB_BINTGZ:?}.md5" \ + ) \ + && cd .. && rm -rf "zlib-${ZLIB_VERSION:?}" \ + );fi \ + && printf '\n DONE\n\n' + + +## Install +true \ + && $SUDO tar -C "${INSTALL_ROOT:?}" -xzf "${ZLIB_BINTGZ:?}" \ + && true + + + diff --git a/doc/note/qemu/php-dev-server.txt b/doc/note/qemu/php-dev-server.txt index 98c5700..c1a8b01 100644 --- a/doc/note/qemu/php-dev-server.txt +++ b/doc/note/qemu/php-dev-server.txt @@ -33,6 +33,7 @@ true `# Setup mounts & persistence (host)` \ && true true `# Run dev server (guest)` \ + && cd "${GUESTWD:?}" \ && DEBUG=1 php -dassert.bail=1 -dzend.assertions=1 -dassert.exception=1 -S 0.0.0.0:8080 src/index.php \ && true @@ -40,3 +41,8 @@ true `# Copy persistence from vm back to host (host)` \ && $SSH -- sh -c "true && cd \"${GUESTWD:?}\" && tar c \"${CPY_OUT:?}\"" | tar x \ && true + +## Links + +- [Install old php](https://tecadmin.net/how-to-install-php-on-debian-12/) + diff --git a/doc/note/qemu/qemu-compile-itself.txt b/doc/note/qemu/qemu-compile-itself.txt new file mode 100644 index 0000000..aed0522 --- /dev/null +++ b/doc/note/qemu/qemu-compile-itself.txt @@ -0,0 +1,27 @@ + +# +# Compile qemu bullshit-free for windoof. +# +# [src](https://wiki.qemu.org/Hosts/W32) +# +# +# WARN: This does NOT work +# + +true \ + && QEMU_URL="https://download.qemu.org/qemu-8.2.1.tar.xz" \ + && SUDO=sudo \ + && WORKDIR=/home/${USER:?}/work \ + && CACHEDIR=/var/tmp \ + && QEMU_TXZ=$(basename "${QEMU_URL:?}") \ + && $SUDO apt install -y --no-install-recommends curl \ + && curl -D- "${QEMU_URL:?}" -o "${CACHEDIR:?}/${QEMU_TXZ:?}" \ + && mkdir -p "${WORKDIR:?}" \ + && cd "${WORKDIR:?}" \ + && tar xf "${CACHEDIR:?}/${QEMU_TXZ:?}" \ + && cd qemu* \ + && ./configure \ + && make \ + && true + + diff --git a/doc/note/qemu/qemu.txt b/doc/note/qemu/qemu.txt index de7a71b..edaf9bc 100644 --- a/doc/note/qemu/qemu.txt +++ b/doc/note/qemu/qemu.txt @@ -7,12 +7,24 @@ Qemu apt install qemu-system-aarch64 qemu-efi-aarch64 -## Create Image +## Manage Images - qemu-img create -f qcow2 my_disk.qcow2 16G +### Create new image + qemu-img create -f qcow2 disk.qcow2 16G +### Create new overlay image + qemu-img create -o backing_file=base.qcow2,backing_fmt=qcow2 -f qcow2 disk.qcow2 -## Shrink img +### Convert qcow2 to raw + qemu-img convert -f qcow2 -O raw foo.qcow2 foo.img + +### Convert raw to qcow2 + qemu-img convert -f raw -O qcow2 foo.img foo.qcow2 + +### Create Standalone image based on snapshot image + qemu-img convert -O qcow2 derived.qcow2 standalone.qcow2 + +## Shrink/compact img Normal systems: qemu-img convert -O qcow2 input.qcow2 output.qcow2 @@ -22,6 +34,74 @@ Windoof: qemu-img convert -O qcow2 input.qcow output.qcow2 +## Shrink snapshot layer + + qemu-img convert -O qcow2 snapLayer.qcow2 tmpFullClone.qcow2 + qemu-img create -f qcow2 -b tmpFullClone.qcow2 diff.qcow2 + qemu-img rebase -b base.qcow2 tmpDiff.qcow2 + mv tmpDiff.qcow2 snapLayer.qcow2 + + +## Example Params (Usage: CopyPaste, then delege what is not needed) +qemu-system-x86_64 \ + -nodefaults `# <- TODO Fix network when using this` \ + -accel kvm:whpx:hax:tcg -m size=2G -smp cores=$(nproc) \ + -monitor stdio -serial stdio `# coose ONE` \ + `# Drives & Boot.` \ + -boot order=dc \ + -cdrom "path/to/cd.iso" \ + -hda "$(dirname "$(realpath "$0")")/hda.qcow2" \ + `# Isolated Network plus host port/cmd reachable from guest` \ + -netdev 'user,id=n1,ipv6=off,restrict=y,guestfwd=tcp:10.0.2.9:80-cmd:ncat 127.0.0.1 80' \ + -device e1000,netdev=n1 \ + `# Isolated Network with samba access to host` \ + -netdev 'user,id=n2,ipv6=off,restrict=y,guestfwd=tcp:10.0.2.9:139-cmd:ncat 127.0.0.1 139,guestfwd=tcp:10.0.2.9:445-cmd:ncat 127.0.0.1 445' \ + -device e1000,netdev=n2 \ + `# 10.0.2.x network with host redirect` \ + -netdev user,id=n0,ipv6=off,hostfwd=tcp:127.0.0.1:${SSH_PORT:-2222}-:22 \ + -device e1000,netdev=n0 \ + `# socket mcast shared network adapter` \ + -netdev socket,id=n1,ipv6=off,mcast=230.0.0.1:1234 \ + -device e1000,netdev=n1 \ + `# USB pass-through` \ + -usb -device usb-host,id=myUsbQemuId,vendorid=0xFFFF,productid=0xFFFF \ + `# Choose ONE of those for graphic output` \ + -nographic \ + -device VGA \ + -display sdl,grab-mod=rctrl \ + -display gtk,show-menubar=on \ + -display vnc=127.0.0.1:0,to=99 `#HINT: 0 is port 5900` \ + ; + +## Broken systems likely need some of those too + `# Fix broken hosts` \ + -L "${QEMU_HOME:?}/Bios" -bios "${QEMU_HOME:?}/Bios/bios-256k.bin" \ + -accel whpx,kernel-irqchip=off `# "https://github.com/Tech-FZ/EmuGUI/issues/72#issuecomment-1940933918"` \ + `# Fix broken guests` \ + -device usb-ehci,id=usb,bus=pci.0,addr=0x4 -device usb-tablet \ + + +## Inspect qcow2 by host mounting it + + $SUDO modprobe nbd + $SUDO qemu-nbd -c /dev/nbd__ /path/to/my.qcow2 + echo 'p' | $SUDO fdisk /dev/nbd__ + $SUDO mount -o ro /dev/nbd__p__ /mnt/q + $SUDO umount /mnt/q `# cleanup` + $SUDO qemu-nbd -d /dev/nbd__ `# cleanup` + $SUDO rmmod nbd `# cleanup` + + +### Example manual adapter setup (inside VM) for socket mcast network: +true \ + && ADDR=192.168.42.101/24 \ + && DEV=ens4 \ + && SUDO=sudo \ + && $SUDO ip a add dev "${DEV:?}" "${ADDR:?}" \ + && $SUDO ip link set "${DEV:?}" up \ + && true + + ## amd64 # Choose whichever fits the need @@ -31,7 +111,7 @@ Windoof: && BIOSFILE="${BIOSDIR:?}/bios-256k.bin" \ && FIXMOUSEALIGN="-device usb-ehci,id=usb,bus=pci.0,addr=0x4 -device usb-tablet" \ && NETWORK="-net nic -net user" \ - && NETWORK="-device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:22" \ + && NETWORK="-device e1000,netdev=n0 -netdev user,id=n0,hostfwd=tcp:127.0.0.1:2222-:22" \ && HOSTSPECIFICOPTS="--enable-kvm" \ && HOSTSPECIFICOPTS="-L ${BIOSDIR:?} -bios ${BIOSFILE:?}" \ @@ -47,19 +127,46 @@ Regular boot ## aarch64 (not working yet) - MAC='00:de:ad:de:ad:00' - DISK=my_disk.qcow2 - cp /usr/share/AAVMF/AAVMF_CODE.fd ./flash1.img - qemu-system-aarch64 -m 1G -cpu cortex-a57 -M virt \ - -pflash /usr/share/AAVMF/AAVMF_CODE.fd \ - -pflash flash1.img \ - -drive if=none,file=${DISK:?},id=hd0 \ - -device virtio-blk-device,drive=hd0 \ - -device virtio-net-device,netdev=net0,mac=${MAC:?} - - qemu-system-aarch64 -M virt -hda my_disk.qcow2 -cdrom debian.iso -boot c -m 1G - - qemu-system-aarch64 -M virt -cpu cortex-a57 -m 1G -bios /usr/share/qemu-efi-aarch64/QEMU_EFI.fd -hda my_disk.qcow2 -cdrom ~/images/debian-12.0.0-arm64-DVD/debian-12.0.0-arm64-DVD-1.iso + #apt install -y --no-install-recommends qemu-uefi-aarch64 + curl -sSLO https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/kernel-qemu-5.10.63-bullseye + curl -sSLO https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/versatile-pb-bullseye-5.10.63.dtb + curl -sSLO https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/native-emulation/dtbs/bcm2711-rpi-4-b.dtb + curl -sSLO https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/kernel-qemu-5.4.51-buster + curl -sSLO https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/versatile-pb-buster-5.4.51.dtb + curl -sSLO https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz + xz -d 2023-05-03-raspios-bullseye-arm64-lite.img.xz + echo p | /sbin/fdisk 2023-05-03-raspios-bullseye-arm64-lite.img | egrep 'Linux$' | sed -E 's:^\S+\s+([0-9]+) .*$:\nmount -o offset=$(expr \1 \\* 512) ./2023-05-03-raspios-bullseye-arm64-lite.img /mnt/foo:' + qemu-img convert -f raw -O qcow2 2023-05-03-raspios-bullseye-arm64-lite.img raspbian-bullseye-lite.qcow2 + qemu-img resize raspbian-bullseye-lite.qcow2 16G + mv raspbian-bullseye-lite.qcow2 hda.qcow2 + + qemu-system-aarch64 \ + -m 256 -cpu arm1176 \ + -M versatilepb \ + -no-reboot \ + -serial stdio \ + -net nic -net user \ + -drive file=2023-05-03-raspios-bullseye-arm64-lite.img,format=raw \ + -boot 'dtb=versatile-pb-bullseye-5.10.63.dtb,kernel=kernel-qemu-5.10.63-bullseye,kernel_args=root=/dev/vda2 panic=1' \ + + qemu-system-aarch64 \ + -dtb ./bcm2711-rpi-4-b.dtb \ + -m 256 -cpu arm1176 -M versatilepb \ + -kernel kernel-qemu-5.10.63-bullseye -append "root=/dev/sda2 rootfstype=ext4 rw" \ + -serial stdio \ + -drive file=2023-05-03-raspios-bullseye-arm64-lite.img,format=raw \ + -net nic -net user \ + -no-reboot \ + + qemu-system-arm \ + -M versatilepb \ + -cpu arm1176 -m 256 \ + -drive "file=2023-05-03-raspios-bullseye-arm64-lite.img,if=none,index=0,media=disk,format=raw,id=disk0" \ + -device "virtio-blk-pci,drive=disk0,disable-modern=on,disable-legacy=off" \ + -net "user,hostfwd=tcp::5022-:2222" \ + -dtb "./versatile-pb-buster-5.4.51.dtb" \ + -kernel "./kernel-qemu-5.4.51-buster" -append 'root=/dev/vda2 panic=1' \ + -no-reboot ## Shared host directory via CIFS/SMB @@ -67,7 +174,7 @@ Regular boot true `# SMB server debian` \ && hostpath=/path/to/host/dir \ && sharename=work \ - && apt install --no-install-recommends -y samba + && apt install --no-install-recommends -y samba \ && printf '[%s]\npath = %s\npublic = no\nwriteable = yes\nguest ok = yes\nforce user = andreas\n' "${sharename:?}" "${hostpath:?}" | $SUDO tee -a /etc/samba/smb.conf >/dev/null \ && $SUDO /etc/init.d/smbd restart \ && true @@ -75,7 +182,7 @@ Regular boot TODO: SMB server windoof DoesNotWork: "https://serverfault.com/questions/442664/virtualization-linux-kvm-qemu-host-windows-vm-guest-how-to-access-data-drive#comment479177_442678" - true `# SMB client debian` \ +true `# SMB client debian` \ && hostUsername=yourHostUser \ && smbServer=10.0.2.2 \ && sharename=work \ @@ -88,6 +195,11 @@ DoesNotWork: "https://serverfault.com/questions/442664/virtualization-linux-kvm- && $SUDO mount -t cifs -o username=${hostUsername:?},uid=${guestUid:?},gid=${guestGid:?} "//${smbServer:?}/${sharename:?}" "${mountpoint:?}" \ && true +### Add those in "/etc/fstab" to setup mount automatically at boot: +### HINT: mkdir /home/user/build + //10.0.2.2/sharename /mnt/sharename cifs password=,uid=1000,gid=1000,user,vers=3.0 0 0 + /home/user/build /mnt/sharename/build none bind 0 0 + List smb shares (eg debugging) smbclient -NL //10.0.2.2 @@ -130,10 +242,13 @@ NOTE: Couldn't yet test any of those commands. ## Alpine PostInstall true \ + && `# HINT: environ setup does not work autmoatically during login. has to be sourced manually.` \ + && P="http://10.0.2.2:3128/" \ + && printf 'export no_proxy=127.0.0.1,10.0.2.*\nexport http_proxy=%s\nexport https_proxy=%s\n' "${P:?}" "${P:?}" >> '/etc/environment' \ && apk add openssh-server \ && rc-update add sshd \ && sed -i -E 's;^# *(PermitRootLogin).+$;\1 yes;' /etc/ssh/sshd_config \ - && sed -i -E 's;^# *(http://dl-cdn.alpinelinux.org/alpine/v[^/]+/community)$;\1;' /etc/apk/repositories \ + && sed -i -E 's;^# *(http://dl-cdn.alpinelinux.org/alpine/v.*?/community)$;\1;' /etc/apk/repositories \ && mkdir /home/user && chown 1000:1000 /home/user && chmod 755 /home/user \ && printf 'user:x:1000:1000:user:/home/user:/bin/ash\n' >> /etc/passwd \ && printf 'user:x:1000:user\n' >> /etc/group \ @@ -146,16 +261,16 @@ NOTE: Couldn't yet test any of those commands. TODO: move this to a better place. Eg: debian/setup.txt or whatever. true \ - && http_proxy= \ - && https_proxy= \ && no_proxy=127.0.0.1,10.0.2.* \ + && http_proxy=http://10.0.2.2:3128 \ + && https_proxy=http://10.0.2.2:3128 \ && SUDO= \ && true \ && if [ -n "$http_proxy" ]; then true \ && (echo "Acquire::http::proxy \"${http_proxy}\";" echo "Acquire::https::proxy \"${https_proxy}\";" ) | $SUDO tee /etc/apt/apt.conf.d/80proxy >/dev/null \ - fi \ + ;fi \ && $SUDO apt update \ && $SUDO apt install -y --no-install-recommends vim openssh-server net-tools curl \ && $SUDO sed -i -E 's;^GRUB_TIMEOUT=5$;GRUB_TIMEOUT=1;' /etc/default/grub \ @@ -179,4 +294,7 @@ TODO: move this to a better place. Eg: debian/setup.txt or whatever. - [USB pass-through](https://unix.stackexchange.com/a/452946/292722) - [qemu monitor via telnet](https://unix.stackexchange.com/a/426951/292722) - [qemu monitor via stdio](https://unix.stackexchange.com/a/57835/292722) +- [qemu raspberry pi TODO](https://blog.agchapman.com/using-qemu-to-emulate-a-raspberry-pi/) +- [connect VM networks](https://qemu.weilnetz.de/doc/6.0/system/invocation.html#sec-005finvocation) +- [inspect qcow2 mount host browse](https://www.jamescoyle.net/how-to/1818-access-a-qcow2-virtual-disk-image-from-the-host) diff --git a/doc/note/qemu/setup-android-env.txt b/doc/note/qemu/setup-android-env.txt new file mode 100644 index 0000000..0008c16 --- /dev/null +++ b/doc/note/qemu/setup-android-env.txt @@ -0,0 +1,85 @@ +# +# Tools for Android development. +# +# HINT: Since JDK-8 is no longer available, we have to add clutter to +# apksigner command. Eg: +# apksigner -J-add-opens=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED \ +# -J-add-opens=java.base/sun.security.x509=ALL-UNNAMED \ +# -J-add-opens=java.base/sun.security.pkcs=ALL-UNNAMED +# +# Refs: +# - [Clean Android HelloWorld Tutorial](https://www.hanshq.net/command-line-android.html) +# - [List of available versions](https://dl.google.com/android/repository/repository-11.xml) +# +set -e + +### Made for debian 10 (alias buster) +true \ + && PKGS_TO_ADD="curl unzip openjdk-17-jdk-headless aapt apksigner zipalign adb android-sdk-platform-tools-common" \ + && SUDO=sudo \ + && PKGINIT="$SUDO apt update" \ + && PKGADD="$SUDO apt install -y --no-install-recommends" \ + && PKGCLEAN="$SUDO apt clean" \ + && PLATFORM_VERSION="24" \ + && BUILD_TOOLS_VERSION="34.0.0" \ + && CMDLINETOOLS_URL="https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip" \ + && BUILD_TOOLS_URL="https://dl.google.com/android/repository/build-tools_r25-linux.zip" \ + && PLATFORM_URL="https://dl.google.com/android/repository/platform-${PLATFORM_VERSION:?}_r02.zip" \ + && NDK_URL="https://dl.google.com/android/repository/android-ndk-r26b-linux.zip" \ + && BUILD_TOOLS_ZIP="$(basename "${BUILD_TOOLS_URL:?}")" \ + && PLATFORM_ZIP="$(basename "${PLATFORM_URL:?}")" \ + && NDK_ZIP="$(basename "${NDK_URL:?}")" \ + \ + && $PKGINIT \ + && $PKGADD $PKGS_TO_ADD \ + && `# Cmdline tools` \ + && (cd /var/tmp && curl -sSLO "${CMDLINETOOLS_URL:?}") \ + && if test -x /tmp/cmdline-tools; then echo >&2 "[ERROR] /tmp/cmdline-tools already exists"; false; fi \ + && (cd /tmp && unzip /var/tmp/$(basename "${CMDLINETOOLS_URL:?}") >/dev/null) \ + && $SUDO mkdir /usr/lib/android-sdk/cmdline-tools \ + && $SUDO mkdir /usr/lib/android-sdk/cmdline-tools/latest \ + && (cd /tmp/cmdline-tools && tar --owner=0 --group=0 -c bin lib source.properties) | (cd /usr/lib/android-sdk/cmdline-tools/latest && $SUDO tar x) \ + && `# Build Tools` \ + && (cd /var/tmp && curl -sSL "${BUILD_TOOLS_URL:?}" -o "${BUILD_TOOLS_ZIP:?}") \ + && mkdir "/tmp/${BUILD_TOOLS_ZIP%.*}" \ + && (cd "/tmp/${BUILD_TOOLS_ZIP%.*}" && unzip "/var/tmp/${BUILD_TOOLS_ZIP:?}") \ + && (cd "/tmp/${BUILD_TOOLS_ZIP%.*}" && tar --owner=0 --group=0 -c *) \ + | (cd /usr/lib/android-sdk/build-tools && $SUDO tar x) \ + && $SUDO find /usr/lib/android-sdk/build-tools -type d -exec chmod 755 {} + \ + && `# Those for some reason are broken (wrong linker) so use the debian variant.` \ + && (cd /usr/lib/android-sdk/build-tools/android* && $SUDO rm aapt zipalign) \ + && `# Platform` \ + && (cd /var/tmp && curl -sSL "${PLATFORM_URL:?}" -o "${PLATFORM_ZIP:?}") \ + && if test -x /tmp/android*; then echo >&2 '[ERROR] /tmp/android* already exists'; false; fi \ + && (cd /tmp && unzip "/var/tmp/${PLATFORM_ZIP:?}" >/dev/null) \ + && $SUDO mkdir /usr/lib/android-sdk/platforms \ + && (cd /tmp && mv android-* "android-${PLATFORM_VERSION:?}") \ + && (cd /tmp && tar --owner=0 --group=0 -c "android-${PLATFORM_VERSION:?}") \ + | (cd /usr/lib/android-sdk/platforms && $SUDO tar x) \ + && $SUDO find /usr/lib/android-sdk/platforms/android-* -type d -exec chmod o+rx {} + \ + && $SUDO find /usr/lib/android-sdk/platforms/android-* -type f -exec chmod o+r {} + \ + && `# Environ` \ + && printf >>~/.profile '%s\n' \ + "PATH=/usr/lib/android-sdk/build-tools/debian:\$PATH" \ + "PATH=\"$(ls -d /usr/lib/android-sdk/build-tools/android-*):\$PATH\"" \ + "PATH=\"/usr/lib/android-sdk/platform-tools:\$PATH\"" \ + "PATH=\"$(ls -d /usr/lib/android-sdk/build-tools/android-*):\$PATH\"" \ + "CLASSPATH=$(ls -d /usr/lib/android-sdk/build-tools/android-*/lib/dx.jar)" \ + "LD_LIBRARY_PATH=$(ls -d /usr/lib/android-sdk/build-tools/android-*/lib64):\$LD_LIBRARY_PATH" \ + "export PATH" \ + "export CLASSPATH" \ + "export LD_LIBRARY_PATH" \ + && `# NDK` \ + && (cd /var/tmp && curl -sSL "${NDK_URL:?}" -o "${NDK_ZIP:?}") \ + && mkdir "/tmp/${NDK_ZIP%.*}" \ + && (cd "/tmp/${NDK_ZIP%.*}" && unzip "/var/tmp/${NDK_ZIP:?}") \ + && `# TODO may worth throw away some of that garbage before moving it into place` \ + && (cd "/tmp/${NDK_ZIP%.*}" && tar --owner=0 --group=0 -c android-ndk-*) \ + | (cd "/usr/lib" && $SUDO tar x) \ + && $SUDO ln -s /usr/lib/android-ndk-* "/usr/lib/android-ndk" \ + && `# Cleanup` \ + && $PKGCLEAN \ + && rm -rf /tmp/* 2>/dev/null || true \ + && printf '\n Done :)\n\n Logout and login to get your new environ from ~/.profile\n\n' \ + && true + diff --git a/doc/note/qemu/setup-dockerVM.txt b/doc/note/qemu/setup-dockerVM.txt new file mode 100644 index 0000000..9bbcff7 --- /dev/null +++ b/doc/note/qemu/setup-dockerVM.txt @@ -0,0 +1,86 @@ + +# +# Use qemu to host dockerimages. +# +# [Execute Docker Containers as QEMU MicroVMs](https://mergeboard.com/blog/2-qemu-microvm-docker/) +# + +true \ + && LINUX_URL=https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.7.4.tar.xz \ + && SUDO=sudo \ + && CACHEDIR=/var/tmp \ + && WORKDIR=/home/$USER/work \ + && LINUX_TXZ=$(basename "${LINUX_URL:?}") \ + && $SUDO apt install -y --no-install-recommends curl make gcc bc flex bison libc-dev libelf-dev libssl-dev \ + && cd "${CACHEDIR:?}" \ + && curl -L "${LINUX_URL:?}" -O \ + && mkdir -p "${WORKDIR:?}" \ + && cd "${WORKDIR:?}" \ + && tar xf "${CACHEDIR:?}/${LINUX_TXZ:?}" \ + && cd linux* \ + && base64 -d <<EOF | gunzip > .config && +H4sIAFBoz2UAA4VZS3MctxG++1eo7EtySCjSoopOlQ4YALMD7eBBALMPplKoSKZkVUmiLVKp5N/n +A2Z2F5jB0jppv+4BGv3u5k8v/vn47f2//vLb09Pvj/+4uPhy/+3j/buHf3/79e/vH75cfPj0+f7x +4t3nh48Xf9x/+f63L5/ef3v4z5eLX+8/vH/4+uHTx7/+8NMLqlUrVqHXlPQbbp3QKpDB6xefHl98 +fXh68Xj/9MPE4/ZuIwx9878DYLQTuyBvBz5woMfDBsd70VROIAMT/vS90qG7O/3sxKoLlrvghYQk +J0LjWDBWU+5cIJT685Sw+flE9MStnSfelVBgvCf72UGJsKtgQkdOPSgv1OpE6zUuH9rgOtH6N1eX +xycNkoSG9ETRkf+olJICIVoy9D5wRZqes4qyJJc0u7Hp14GurB7MCaOtw5GKbQXz3Qm2PiTG4GjH +WcY+okYwtwBby/kdtwu8G1bc902GG5jXLw9gfCMoX8BgL7V6EILbdgE2JsNwjQ0quyi9JjnnTA02 +GrTUFKQJQglvs+fj9OjDcPS+BN8KH0i/JXsXtCoFSEZqWW5IqqUhPjR2XYuRnjRJl71wPnTEMq5y +E8BZW9EXruRk9pTdzeuwuyJG0PzKiPKd54pBAaYnvtVWVm7v9lDrRjhtw2rgLtO6IZZshK0gwRmh +EP5rV6HFSKz6v7LJEd5cXt3kolsOy3geIB8UpNdchUZrH4S9dfMHScrzJxxpUlBEtGa88sD0nbOl +viCIYPPTr3u+4X0tB0kWQwuBR+3e+Py7GQkP92LDQ7M/RGvluBjWeUZjyF9jUrh8ebzS0i4erO0+ +OkDDZ/J3nK5DI7SDb1k7GC9yN1zzHacBXlPkWIuw11LcQTziaqoy3d4J+Do8W6zUm5f/vXyZ/h0z +GF8Rug+bKSIClwMcq7jDDc7A52qOJhpuFSkFhR2i69+GmHQr8CHlrfQmhT98GMmQl5yC9Txx9ISx +PB8J5XmfyBlGfr6aBB8lOYoevXfAy+8SpfKCdTJE5vNvB2lwacOz5CA1G/qcaQSie1OOGkDYgjSo +BTyV1eUxztJjye0X1wYnVjUM7kWuL69q+c7zlRW+kgp9Z7X3Zd5JBUUygDwGvMuVHWnbpswWXvgk +KdtEqxUBJx2D8x55qmHNW/EnHPIW1XZM8oyTJNif8a338MOKdRuhWumRSlzWrkwR2Glv+mFVwy3+ +t8n8a+1k1g4g5BxewJVPVdGQFX+eGiSUJVzu4T2H8ghkP2Gt1cq7LcmqwJ3ROvMHBEsMjVkvo3hh +H7rOfw9K7LIs01qZytkMckODJq4XdD8jSLGyYzIo2CEAypqgmRSiEEOYgGgEB3ElevCakOqDXX5h +4Nw+tkKuoI3lZOQgeY9zpCGCGp3rGBSjzPx3YB1dgrE4LVFLbAnKdFUFelZ2I6STYXNZA6/y8Ik6 +DEyQVcWTPUUPpdEw1uLuSGwErYbKkWGLbmCrNXueq8P/zsgg2XWRj4TZvJ6MiZrG2xoFD2v1jKBR +3WRyosBI8ZhEdqJWZEfS0CBASx0DXtrmCD5nHTBlpiju4avXod/6Qam8FpxonSS0CMNZ1QCy1XYd +K3BqoBA20pTdE/eo50UcNFYwZIwKRbXROAoJhq7rKPKMPUdynD5DRY+kipySE6PsUOMz1PSyyrPC +DrmXeHQ9KOLWoyt9lqn+vDhiFYE4YTDEqyKkgAtTiT/gc12OqCcWQw2a1bec+jNEt1foEHb7OVmR +c19I4jAJW8L4GQa8XBJzVhgmbEUctEirvOUZ/aRQ53zMixBPmi0x2schObuB0Wyu2zgdS0imwthD +YfxdEqTpl/NfvMFYoasE2hPnxGwWe5vvAtJwhvgm8tSMHFPDFqqBdV2t/8bpv5Q+iN+T7Fk9TJ4e +Ot6b3B8KOKQK8+PF47tPXy9+e3j6/fP3jz8edcU3Xpo2e/cBQWuG6Sh7NrwZhtSzdiq2Yb3WZqFf +EPMZ14nyVzwPcVaEacIRC6tykIwomnn0aPDeLEWJRPG0VNM4sOfLkSFr5jc8r7aTqGOtP7V0vsMU +wH21qGx7Uuu7hTKDD20bu65o0rIORhrUWR1oJmrR0m1gu23SkEaWR9fHZluXacoxfl9zHriZwIR0 +c3X9sph7TjDMhupG0QuxVLpw0/PnHITJzJIRMTYP6IExN9eoNk7ZGLjrLNGBmmEZn4sLoZFxOqxA +i8Aw3oTL65sbhKjOE7DRW0SE5a40ebeV1XEqeoKEkFvMHzETox8WJvetiR4nu5YIG4cYy+v0tPhB +L52Php1glmwLSQQLK66gm3rrE+nklee0O0826A3OUlHT16I+qUQycq61+2fIAr+eoe/hV2VGK+j8 +bs3Pfy38ebnXXDlEgT8zZUWWtGJxuq1HbuLATMLtGQkG16AbM0bbWrPGMPXMU0vMR4cVxgSRYceE +M8XmLu2cmBWbYv17yJOYkXW+b5hwKXN/zsDjdLsUx5MydY7LBT9glEDF3YVsi2xJ9iHf+VehXQLT +KpzQfklCBzaUU3miMN7kQ+jbhl3NMXw8raKKPUtLlPai3S+RuKqLq3AUM+TJ2dLhdtCezH6m7lWo +dVKAbceQO9oZ5RzFcWTcEqugsoq9MTHbuFDP1RJ38mFNdR7iCUNY9AxDchb5ZVUdS2pFndMiOudF +v0VcV0PCjnhvK3h/96qK6toZdxXwzvl8net88UZ0Hrk4Ch3XtPV68+P3pw83x3bCxL2P87H5QJxD +z6vcqUajx/0G3+evW3jSAWkrXIc55DwlTfWZFyGeoxM5PVjKK5/FP+uoYXeeMs7TxBL5DA+iPlaI +ZzjSQtTyW3iMDxvSD/xUDJNmNKb5rOEaIU4roOO3YrNAqaX+8iUTbTC0x5C4YCDpr1ALuPCTgyS2 +gXPCOeoU6otOdiJ121oXIVYq7vd5ypRxsSFaQWdLVreH10g0jRiX0t8YJvfJb6dhfF2W3+xtXPTk +O6UY2+MUl7W0e0VknMzLPORiMUdTKXG7LDpgsEXzpcUgMs5s6JDIsjRKbG/nH7WLY9axleyLNmxa +BYJa05aHBuLUmA9HOAeSMIKEVVulWzqEaZPW98f59vqXbK0OjnRotfC150lxkT89zQwVcQe1RXeK +xqZFdHAYI2VciPZ/TosyDcUdAAA= +EOF +true \ + && make olddefconfig \ + && make -j$(nproc) \ + && base64 -d <<EOF | gunzip > "${CACHEDIR:?}/gagainit.c" && +H4sIACTh02UAA41UTYvbMBC9+1cIlwY7JKtsYSlsNoVSAj1s0x62pzQsijxORCzJq4+wacl/35Ed +u85HS3ywnp5n5j2NJNP+3Bq+SNbOlfaeUglmBUvNTHbDtaTLQq/oh+ELSD+Ughu9lcNM8w0YmvZp +9E4oXvgMyAMYo/TN+lOHsi4T51QhlsecVwLpk7idpVJ75c5p69h/2IivmSF9rpV1JIOc+cI9g9oK +o5UE5eYLMiF/IoJP/OPz09cJ9dbQQnNW0KVQ952pbectqKnqFWA8qArNfj4+DqL9OIq2WmSk8v3M +18A3SfW9NlMbs9obDoMjzjFsuRucxeaiAFybA+l2JeZ4ZcVKQUYKrVa1TF6wle1mVg76GXMsSg/r +tM547kjoEBEq1+gz0CInSeCSgzzphY8pmUzI8Jb0eqTa0TCdzr5PZ09NufCURqB2En8xwJxAM+/t +L+wGqUul4zYwiMhNJkyrMvp4d5eSBzLq1qtqop42nZqYBdxpsyM5w05kcadueOBVuOS2Q+6j+h11 +LX4LbfqXxcpeCEiafWlsnva+020Sunu2hMZ+pXfB8ZHbfYQu0R+RTKgkAJTlg8O+I97OF03x7nGK +lVaAi4hpaTQP4DCOEDZqlxMy2NLS2YAR1ui6LPniwVfTFl2XaNcyYCfL/Do1bHgYcbg+geaW8pXR +vgxMi5rc+gaAW2vrFJOQxIe/GMZY8Rt0/pdJm3h4BV5gaLjpuIpKqoXVbb/0azk4bQ7CFIucnAMD +zhtFbse4/W9r76rneAUAAA== +EOF +true \ + && gcc -Wall -static -o "${CACHEDIR:?}/gagainit" "${CACHEDIR:?}/gagainit.c" \ + && echo "[ERROR] TODO Need more steps here" && false \ + && true + + diff --git a/doc/note/qemu/setup-jni-env.txt b/doc/note/qemu/setup-jni-env.txt new file mode 100644 index 0000000..62d204a --- /dev/null +++ b/doc/note/qemu/setup-jni-env.txt @@ -0,0 +1,22 @@ + +# +# Debian with tools for java-native-interface development. +# +# HINT: Since migration from docker, I switched it to jdk-17 (because 11 +# seems no longer available). This change is not yet tested. +# +set -e + + +### For debian 12 +true \ + && SUDO= \ + && export JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64" \ + && $SUDO apt update \ + && $SUDO apt install -y --no-install-recommends \ + g++ make openjdk-17-jdk-headless \ + && (printf '%s\n' "JAVA_HOME=${JAVA_HOME:?}" \ + ) | $SUDO tee "/etc/environment" >/dev/null \ + && $SUDO apt clean \ + && true + diff --git a/doc/note/qemu/setup-jre8-env.txt b/doc/note/qemu/setup-jre8-env.txt new file mode 100644 index 0000000..f39cf98 --- /dev/null +++ b/doc/note/qemu/setup-jre8-env.txt @@ -0,0 +1,18 @@ + +# +# openjdk java 1.8 runtime environment. +# + +### For alpine 3.16.0 +true \ + && apk add openjdk8-jre \ + && true + +### For debian 9 +true \ + && SUDO= \ + && $SUDO apt update \ + && `# Use one of openjdk-8-jre-headless or openjdk-8-jre` \ + && $SUDO apt install -y --no-install-recommends openjdk-8-jre \ + && true + diff --git a/doc/note/qemu/setup-maven-env.txt b/doc/note/qemu/setup-maven-env.txt new file mode 100644 index 0000000..e4ce16d --- /dev/null +++ b/doc/note/qemu/setup-maven-env.txt @@ -0,0 +1,16 @@ +# +# Maven build env. +# +# Use this to share your hosts repository with the container: +# +# mount -t cifs //10.0.2.2/path/to/.m2/repository /var/tmp/.m2/repository +# +set -e + + +### Made for alpine 3.16.0 +true \ + && apk add maven \ + && sed -i "s,</settings>, <localRepository>/var/tmp/.m2/repository</localRepository>\n</settings>,g" /usr/share/java/maven-3/conf/settings.xml \ + && true + diff --git a/doc/note/qemu/setup-nginx-env.txt b/doc/note/qemu/setup-nginx-env.txt new file mode 100644 index 0000000..9a5aeb2 --- /dev/null +++ b/doc/note/qemu/setup-nginx-env.txt @@ -0,0 +1,48 @@ +# +# Bare nginx server serving HTTP/80 and HTTPS/443. +# +set -e + + +### Made for alpine 3.16.0 +true \ + && CN="example.com" \ + \ + && apk add nginx openssl \ + && mkdir /etc/ssl/private \ + && openssl genrsa -out /etc/ssl/private/nginx.key 2048 \ + && openssl req -new -key /etc/ssl/private/nginx.key \ + -out /etc/ssl/private/nginx.csr \ + -subj "/C=/ST=/L=/O=/OU=/CN=${CN:?}" \ + && openssl x509 -req -days 365 -in /etc/ssl/private/nginx.csr \ + -signkey /etc/ssl/private/nginx.key -out /etc/ssl/certs/nginx.crt \ + && chgrp nginx /etc/ssl/private/nginx.key \ + && chmod 0640 /etc/ssl/private/nginx.key \ + && printf '%s\n' \ + 'server {' \ + ' listen 80 default_server;' \ + ' listen [::]:80 default_server;' \ + ' listen 443 ssl default_server;' \ + ' listen [::]:443 default_server;' \ + ' ssl_certificate /etc/ssl/certs/nginx.crt;' \ + ' ssl_certificate_key /etc/ssl/private/nginx.key;' \ + ' location / {' \ + ' root /srv/www;' \ + ' index index.html index.htm;' \ + ' }' \ + '}' \ + > /etc/nginx/http.d/default.conf \ + && mkdir /srv/www \ + && printf '<h1>Nginx says hi</h1>\n' > /srv/www/index.html \ + && chown nginx:nginx /srv/www \ + && chown nginx:nginx /srv/www/index.html \ + && apk del openssl \ + && `# Configure nginx as a service` \ + && rc-update add nginx \ + && /etc/init.d/nginx start \ + && sleep 1 \ + && echo \ + && printf 'GET /index.html HTTP/1.0\r\n\r\n'|nc localhost 80 \ + && echo \ + && true + diff --git a/doc/note/qemu/setup-windoof.txt b/doc/note/qemu/setup-windoof.txt new file mode 100644 index 0000000..5df2cac --- /dev/null +++ b/doc/note/qemu/setup-windoof.txt @@ -0,0 +1,40 @@ + +Setup Windoof in a experiment VM +================================ + +Install system STRICTLY WITHOUT internet connection. + +Stop annoying windoof auto updates. Make sure to use windoof newlines (CRLF) in +the reg file: + + +Windows Registry Editor Version 5.00
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
+"NoAutoUpdate"=dword:00000001
+ +curl -sSD- http://10.0.2.9:80/stop-annoying-updates.reg -O + +After running "reg" file, we can reboot windoof with internet connection. + +Download/Install: +- "https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete" +- "https://notepad-plus-plus.org/" + +Install needed software (Maybe: firefox, MsOffice, MsTeams, ..?). + +Manually trigger updates, reboot, updates, reboot, (likely some more turns ...) + +Configure Performance options. Disable all but screen fonts. + +Make sure no more updates are running. Then, I guess best is to reboot without +internet access once more to cleanup the disk. Delete unused files like +trashcan or downloaded installers: + + SDelete.exe -nobanner -z C: + +Shutdown win guest, then compact disc. + + qemu-img convert -O qcow2 input.qcow output.qcow2 + +Image is ready. + diff --git a/doc/note/qemu/setup-zwp-env.txt b/doc/note/qemu/setup-zwp-env.txt new file mode 100644 index 0000000..a4ce521 --- /dev/null +++ b/doc/note/qemu/setup-zwp-env.txt @@ -0,0 +1,24 @@ + +(true \ + && DIO_URL=https://wikit.post.ch/download/attachments/613505757/d-054897-060542.zip?api=v2 \ + && SUDO=sudo \ + && WORKDIR=/home/$USER/zarniwoop-workspace \ + && CACHEDIR=/var/tmp \ + && DIO_VERSION=$(echo $DIO_URL|sed -E 's_^.*/d-([0-9-]+).zip.*$_\1_') \ + && $SUDO apt install -y --no-install-recommends openssh-server vim make curl git unzip \ + && cd "${CACHEDIR:?}" \ + && echo H4sIAAAAAAAAA1XLOw4CMQwA0Z5TUCMtsuNffBw7jiU6ak7PChqoZppX4NEUaLOw2Vfw6JRg8UXW6tdbHSA83c644by/Hs8Lp23PziU+AjcHdcKmjbjFJ8av0nPGRwGanmRkdSlsKTItcBQgjCL8U+b6VW9H4D67ogAAAA== | base64 -d | gunzip > MD5SUM \ + && curl -LO 'https://wikit.post.ch/download/attachments/613505757/d-054897-060542.zip?api=v2' \ + && grep "${DIO_VERSION:?}" MD5SUM | md5sum -c - \ + && mkdir -p "${WORKDIR:?}" \ + && cd "${WORKDIR:?}" \ + && unzip "${CACHEDIR:?}/d-${DIO_VERSION:?}.zip" \ + && mv DIO021E "d-${DIO_VERSION:?}" \ + && cd "d-${DIO_VERSION:?}/devel" \ + && rm -rf app \ + && git clone https://gitit.post.ch/scm/isa/zarniwoop.git app \ + && cd app \ + && printf '\n Zarniwoop setup complete (TODO install compiler etc)\n\n' \ + && true) + + diff --git a/doc/note/redis/redis.txt b/doc/note/redis/redis.txt new file mode 100644 index 0000000..d64948a --- /dev/null +++ b/doc/note/redis/redis.txt @@ -0,0 +1,32 @@ + +Redis +================ + + +## Run redis commands from cli + +redis-cli -a ***** SCAN 0 + + +## Example commands + +SCAN 0 COUNT 42 +TYPE key +GET redisques:queues:vehicleoperation-events-for-vehicle-9942 +LRANGE key start stop +LRANGE key 1 1 (get head) +LRANGE key -1 -1 (get tail) + + +## List all keys (WARN: do NOT in production!) + +SCAN 0 MATCH *part:of:key:* COUNT 42 +KEYS *:part:inside-the:key:* +KEYS redisques:queues:vehicleoperation-events-for-vehicle-* + + +## Delete by pattern + +redis-cli --scan --pattern schedulers:* | xargs redis-cli del + + diff --git a/doc/note/setup-debian/etc-environment b/doc/note/setup-debian/etc-environment new file mode 100644 index 0000000..1a67ae1 --- /dev/null +++ b/doc/note/setup-debian/etc-environment @@ -0,0 +1,18 @@ + +# Originally copy-pasted from latitude-E6530 + +# Need that duplicate here because openbox is too stupid to load its own env +# file. + +# Configure UI colors +# .. for GTK-2 +#GTK2_RC_FILES=/usr/share/themes/Adwaita-dark/gtk-2.0/gtkrc +# .. for GTK-3 +#GTK_THEME=Adwaita:dark +# .. Qt 5 (needs 'qt5-style-plugins' to be installed) +#QT_QPA_PLATFORMTHEME=gtk2 + +# Disable QT DPI scaling. Can be really helpful for eg vlc in a multi-monitor +# setup. +#QT_AUTO_SCREEN_SCALE_FACTOR=0 + diff --git a/doc/note/setup-debian/setup-debian.txt b/doc/note/setup-debian/setup-debian.txt new file mode 100644 index 0000000..b36945e --- /dev/null +++ b/doc/note/setup-debian/setup-debian.txt @@ -0,0 +1,130 @@ + +How to Setup debian for MY needs +================================ + +## Partitioning + +Use the smaller & faster SSD for the system. Make sure it consists of TWO +partitions so system can be easily upgraded later by just replacing it by a new +install in the other partition. + +I prefer to put users home to a larger (maybe a HDD) for data storage. If +there's only ONE drive, we need an additional partition for the home too. + + +## Base system + +Install base system through debians ISO installers. Usually net installer is +fine. + +Do NOT install ANY additional bloat! Eg untick ALL extra software like desktops +etc. Even disable the standard-system-utilities option. + + +## Install core tools + +ALWAYS use '--no-install-recommends' when installing something to prevent +useless bloat to be installed. + + && apt install -y --no-install-recommends vim net-tools openssh-server openssh-client bash bash-completion + + +## Setup firewall + +WARN: Does NOT setup the effective rules. Rules need to be filled in by admin. + +WARN: This snippet may cut-off network connections. Including your remote shell! + + && $SUDO apt install -y --no-install-recommends iptables iptables-persistent \ + && printf '# TODO add contents here\n' | $SUDO tee /etc/iptables/src-default >/dev/null \ + && printf '\n[WARN ] Needs more setup: /etc/iptables/src-default\n\n' \ + && printf '%s\n' \ + '## Apply from file' '' \ + 'ncat /etc/iptables/src-default | $SUDO iptables-restore' '' \ + '## store current session as default' '' \ + '$SUDO iptables-save | $SUDO tee /etc/iptables/rules.v4 > /dev/null' \ + | $SUDO tee /etc/iptables/README >/dev/null \ + && printf '# TODO setup file contents\n' | $SUDO tee /etc/iptables/src-default4 >/dev/null \ + && printf '%s\n' \ + '*filter' '' \ + '# Loopback' \ + '-A INPUT -i lo -j ACCEPT' \ + '-A OUTPUT -o lo -j ACCEPT' '' \ + '# Log blocked connection attemps' \ + '-A INPUT -j LOG --log-prefix "Fw6BadInn: " --log-level 6' \ + '-A FORWARD -j LOG --log-prefix "Fw6BadFwd: " --log-level 6' \ + '-A OUTPUT -j LOG --log-prefix "Fw6BadOut: " --log-level 6' '' \ + '# Disallow any non-whitelisted packets' \ + '-A INPUT -j DROP' \ + '-A FORWARD -j REJECT' \ + '-A OUTPUT -j REJECT' '' \ + 'COMMIT' | $SUDO tee /etc/iptables/src-default6 >/dev/null \ + && printf '%s\n' \ + '*filter' \ + '-A INPUT -j ACCEPT' \ + '-A FORWARD -j ACCEPT' \ + '-A OUTPUT -j ACCEPT' \ + 'COMMIT' | $SUDO tee /etc/iptables/src-allowAll4 >/dev/null \ + && $SUDO touch /etc/iptables/src-tmp \ + + +## Mount home partition + +# /etc/fstab +UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /mnt/nameOfHdd ext4 noatime 0 2 +/mnt/nameOfHdd/home /home none bind 0 0 + + +## Configure Locale + +- In "/etc/locale.gen" Enable all of: + "de_CH.UTF-8 UTF-8", "de_CH ISO-8859-1", "en_DK.UTF-8 UTF-8", "en_DK ISO-8859-1". +- Run "locale-gen". +- Check list with "locale -a". +- Change "/etc/default/locale" contents to: + LANG=en_DK.UTF-8 + LANGUAGE="en_US:en" + + +## Install Desktop Env + + && $SUDO apt install -y --no-install-recommends xorg openbox mate-terminal lightdm light-locker feh scrot lxpanel qalculate-gtk gmrun gnome-system-monitor vim-gtk3 \ + && mkdir ~/.config ~/.config/openbox || true \ + && update-alternatives \ + +Populate "/etc/environment" as described by "./etc-environment". + + +## Install whatever needed + + && $SUDO apt install -y --no-install-recommends \ + `# basic CLI` \ + vim htop pv openssh-client iptables iptables-persistent xxd zip unzip xz-utils p7zip-full \ + file trash-cli genisoimage ncat curl \ + `# basic UI` \ + firefox-esr file-roller thunderbird chromium evince \ + `# software devel` \ + git sqlite3 manpages-dev gdb qemu-utils qemu-system wireshark samba tigervnc-viewer \ + `# server` \ + nginx-light avahi-daemon \ + `# mDNS client & tools` \ + libnss-mdns avahi-utils \ + `# multimedia` \ + pulseaudio pavucontrol vlc audacity eom darktable gimp lame flac opus-tools ffmpeg \ + `# encryption` \ + keepassxc gpg \ + `# UI customization` \ + gnome-themes-extra \ + `# Office Suite` \ + libreoffice-writer libreoffice-calc libreoffice-draw libxrender1 libgl1 \ + fonts-crosextra-caladea fonts-crosextra-carlito fonts-dejavu fonts-liberation \ + fonts-liberation2 fonts-linuxlibertine fonts-noto-core fonts-noto-mono fonts-noto-ui-core \ + fonts-sil-gentium-basic pdftk-java \ + `# Others` \ + lm-sensors fancontrol bc rsync \ + `# Nvidia graphics (open)` \ + mesa-utils clinfo mesa-opencl-icd \ + `# Nvidia graphics (non-free, DoesNotWorkYet)` \ + nvidia-detect nvidia-tesla-470-driver linux-headers-amd64 \ + + diff --git a/doc/note/ssh/ssh-setup.txt b/doc/note/ssh/ssh-setup.txt index 6a2812b..9f3dde2 100644 --- a/doc/note/ssh/ssh-setup.txt +++ b/doc/note/ssh/ssh-setup.txt @@ -7,6 +7,7 @@ SSH Setup & Key Management - [Insane answer about key formats](https://stackoverflow.com/a/29707204/4415884) + ## Create New Ssh Key Create "path/to/key" and "path/to/key.pub" as a 2048 bit RSA with @@ -16,6 +17,13 @@ Create "path/to/key" and "path/to/key.pub" as a 2048 bit RSA with ssh-keygen -t rsa -b 2048 -f path/to/key -C "your comment" ``` +Create "path/to/key" and "path/to/key.pub" as an elliptic curve. + +```sh +ssh-keygen -t ed25519 -f path/to/key -C "your comment" +``` + + ## Change Passphrase @@ -26,6 +34,7 @@ ssh-keygen -p -f path/to/key NOTE: Just hitting enter when asked for the new one will remove the passphrase. + ## Inspect keys Print public key hash: @@ -46,6 +55,7 @@ Print detailed DER file content: openssl x509 -in dumpcertfile -inform DER -text + ## Export pub key in misc formats ssh-keygen -e -f path/to/ssh2pub-or-privKey -m PKCS8 @@ -62,11 +72,13 @@ TODO to PKCS8: ssh-keygen -i -f path/to/key.pub -e -m PKCS8 > path/to/pub.pem + ## Remove obsolete entry from known_hosts ssh-keygen -f path/to/known_hosts -R "example.com" + ## TODO -e This option will read a private or public OpenSSH key file diff --git a/doc/note/ssh/ssh-usage.txt b/doc/note/ssh/ssh-usage.txt index f9bc2a8..ff76f4c 100644 --- a/doc/note/ssh/ssh-usage.txt +++ b/doc/note/ssh/ssh-usage.txt @@ -30,6 +30,11 @@ request to "localhost:7080" on HOST. ssh -o 'ProxyCommand ncat -p12345 %h %p' MY_SERVER +## Get rid of bullshit warnings + + -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null + + ## Run Cmd via jumphost Source: "https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/" diff --git a/doc/note/tcpdump/tcpdump.txt b/doc/note/tcpdump/tcpdump.txt index 9c9feb6..71ffb02 100644 --- a/doc/note/tcpdump/tcpdump.txt +++ b/doc/note/tcpdump/tcpdump.txt @@ -16,8 +16,13 @@ Tcpdump redis=6379, brox=7022, fluentd=7099 - cd /tmp && timeout --foreground -s INT 180 tcpdump -ni any -C 50M -W 999 -w houston-STAGE-tcp-`date -u +%Y%m%d-%H%M%S`.pcap "not port 443 and not port 6379 and not port 7022 and not port 7099" -z gzip + cd /usr/local/vertx/houston-storage-file && timeout --foreground -s INT 180 tcpdump -ni any -C 50M -W 999 -w houston-STAGE-tcp-`date -u +%Y%m%d-%H%M%S`.pcap "not port 443 and not port 6379 and not port 7022 and not port 7099" -z gzip + cd /tmp && timeout --foreground -s INT 180 tcpdump -ni any -C 50M -W 999 -w houston-prod-tcp-`date -u +%Y%m%d-%H%M%S`.pcap "not port 443 and not port 6379 and not port 7022 and not port 7099" -z gzip + + ocprod exec -i "$(ocprod get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /tmp && tar c "houston-prod-tcp-20231114-165243.pcap*.gz"' > houston-prod-tcp-20231114-165243.pcap.gz.tar + + ocprod exec -ti "$(ocprod get pods|egrep ston-[1-9]|cut -f1 -d' ')" -- sh -c 'cd /tmp && watch ls -Ahl' ## pcap cli PreProcessing @@ -31,6 +36,11 @@ Tips: "https://chrissanders.org/2018/06/large-captures4-filter-whittling/" +## Local dumps isa-only filter + + "portrange 6000-9999 and not port 7778" + + ## Accept HTTP POST requests: "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354" @@ -52,6 +62,15 @@ Tips: "https://chrissanders.org/2018/06/large-captures4-filter-whittling/" "net 172.18.0.0/16" +## Filter kube-probes "GET /houston/server/info" or '{"name":"houston",' + + tcpdump -nni any -w /tmp/houston-${PAISA_ENV:?}-tcp-$(date -u +%Y%m%d-%H%M%SZ)-%s.pcap -C 8M -W 99 -G 600 "(tcp[((tcp[12:1]&0xf0)>>2)+0:4] = 0x47455420 && tcp[((tcp[12:1]&0xf0)>>2)+4:4] = 0x2F686F75 && tcp[((tcp[12:1]&0xf0)>>2)+8:4] = 0x73746F6E && tcp[((tcp[12:1]&0xf0)>>2)+12:4] = 0x2F736572 && tcp[((tcp[12:1]&0xf0)>>2)+16:4] = 0x7665722F && tcp[((tcp[12:1]&0xf0)>>2)+20:4] = 0x696E666F && tcp[((tcp[12:1]&0xf0)>>2)+24:1] = 0x20) or (tcp[((tcp[12:1]&0xf0)>>2)+115:4] = 0x7B226E61 && tcp[((tcp[12:1]&0xf0)>>2)+119:4] = 0x6D65223A && tcp[((tcp[12:1]&0xf0)>>2)+123:4] = 0x22686F75 && tcp[((tcp[12:1]&0xf0)>>2)+127:4] = 0x73746F6E && tcp[((tcp[12:1]&0xf0)>>2)+131:2] = 0x222C)" + + +## Try dump kube-probes fully + + timeout --foreground 900 tcpdump -nni any -w /tmp/houston-${PAISA_ENV:?}-tcp-$(date -u +%Y%m%d-%H%M%SZ)-%s.pcap -C 42M -W 42 -G 600 "host 10.127.73.1 and port 7012" + ## Extract hosts file from DNS traffic @@ -61,3 +80,8 @@ Not perfect because needs manual fine-tuning. But can be helpful anyway. Vielleicht auch mal option "-zhosts" ausprobieren. Sollte auch sowas tun. + +[man tcpdump](https://www.tcpdump.org/manpages/tcpdump.1.html) +[no name port numbers rhel patch](https://superuser.com/a/587304/1123359) +[complex filter by byte contents](https://security.stackexchange.com/a/121013/179017) + diff --git a/doc/note/windoof/kill-auto-update.txt b/doc/note/windoof/kill-auto-update.txt new file mode 100644 index 0000000..d6b896f --- /dev/null +++ b/doc/note/windoof/kill-auto-update.txt @@ -0,0 +1,18 @@ + +Stop Automatic windoof updates +============================== + +For example in Virtual machines running in isolated environments +shouting auto updates are nothing than annoying. Further, they +continuously bloat VM images for no reason and make snapshotting +unneccesarily tedious. + + + +## Stop annoying updates + +Windows Registry Editor Version 5.00
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
+"NoAutoUpdate"=dword:00000001
+ + diff --git a/doc/note/msteams/msteams.txt b/doc/note/windoof/msteams.txt index 216c9ce..216c9ce 100644 --- a/doc/note/msteams/msteams.txt +++ b/doc/note/windoof/msteams.txt diff --git a/doc/note/windoof/msys-path-issue.txt b/doc/note/windoof/msys-path-issue.txt new file mode 100644 index 0000000..0b49323 --- /dev/null +++ b/doc/note/windoof/msys-path-issue.txt @@ -0,0 +1,3 @@ + +MSYS_NO_PATHCONV=1 + diff --git a/doc/note/windoof/outlook-expor-eml.txt b/doc/note/windoof/outlook-expor-eml.txt new file mode 100644 index 0000000..895779f --- /dev/null +++ b/doc/note/windoof/outlook-expor-eml.txt @@ -0,0 +1,14 @@ + +How to export email as EML file in stupid systems +================================================= + +- "https://outlook.office.com" +- Compose a new eMail. +- DragNDrop the email from the inbox to the draft (add attachment). +- Now "Download" that attachment. + + +## Source + +- [How to save mail as eml](https://superuser.com/a/1474143/1123359) + diff --git a/doc/note/windoof/proto-handler.txt b/doc/note/windoof/proto-handler.txt new file mode 100644 index 0000000..b4d214c --- /dev/null +++ b/doc/note/windoof/proto-handler.txt @@ -0,0 +1,6 @@ + + + +## Source +- [how to fix windoof](https://superuser.com/a/1066769/1123359) + |