Remote Desktop over SSH ?
Hi,
I'm using the LITE version of Raspberry PI OS. ( so without desktop environment and other stuff, but unfortunately not systemd free... )
When I use this raspberry locally I don't need a desktop, but remotely I might...
I've found an interesting link: \ https://www.xmodulo.com/remote-control-raspberry-pi.html \ see Method Three: X11 Forwarding for Desktop over SSH
I see that xinit is not installed by default with LITE ( and it make sense ) so do you think if I install it, and follow the rest of instruction it will work ?
If I understand well the mechanism I do not need to install a desktop environment on the server ( the rpi ) but only on the client right ?
Or do you know a better way do achieve this ?
SOLVED
The following works !
I guess one of my others rules was blocking
table ip Tip {
chain prerouting {
type nat hook prerouting priority -100; policy accept;
ip daddr 192.168.y.2 log prefix "forwarded " dnat to 192.168.y.3
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
masquerade
}
chain INPUT {
type filter hook input priority filter; policy accept;
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
Hi, Thank to all of you.
I made a test environment with the following.
- Machine A: 192.168.Y.1
- Machine B: 192.168.Y.2
- Machine C: 192.168.Y.3
The goal is to send a ping A to B, B forward to C
So ping -4c 1 192.168.y.2 from A, should ping B fw C
I've set the following rule in /etc/nftables.conf
table ip Tip {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
iif "eth0" ip protocol icmp dnat to 192.168.y.3
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip saddr 192.168.y.3 masquerade
}
}
but is not working :'(
I see B receive the package
preroute: IN=eth0 OUT= MAC=▒▒ SRC=192.168.y.1 DST=192.168.y.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=21398 DF PROTO=ICMP TYPE=8 CODE=0 ID=17950 SEQ=1
but it seem C receive nothing..
Any ideas ?
Forward packets Wireguard to local subnet, with Nftables.
Hi,
I would like to forward packets that come from a wireguard connection to a local subnet
environment
- Client: connected to server trough wireguard IP 192.168.X.2
- server: connected to Client trough wireguard IP 192.168.X.1 and 192.168.Y.1 ( it's not systemd free ¯\\(ツ)/¯ )
- aMachine: on the same subnet as server IP 192.168.Y.2
on the server I've done
bash #I don't know if this is necessary ? echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl --system
I've added the following rule to the nftables config on server but it seem the packet get lost ?
nft #added inside existing table `table ip Tip {}` chain chPreRoute { type nat hook prerouting priority 0; policy accept; iif wg0 icmp type echo-request dnat to 192.168.Y.2 }
Use arguments in shell script with apt
Hi,
I would like to pass the arguments to apt trough a .sh script.
bash apt install "${1}/opensnitch_${1}_amd64.deb" "${1}/python3-opensnitch-ui_${1}_all.deb"
so for example if I launch test.sh 1.6.5
the script should run apt install 1.6.5/opensnitch_1.6.5_amd64.deb 1.6.5/python3-opensnitch-ui_1.6.5_all.deb
but it's not wokring it pass to apt only 1.6.5 and not the rest of the string... any ideas ?
As I want the system to be quite ( not sending data ) I was suspected the output hook to be the one. what are you suggesting ?
Obviously, but I'm anyway wondering why it doesn't blocking like it should
I hope nftables do not let other pass like this...
Why my nftables do not block DHCP ?
Hi,
On my Debian 12 Bookworm ( raspberry pi )
My nftables do not block DHCP packets ! according to this basic rules
nft -y list rulesset
```nft table ip Tip {
chain chIN { type filter hook input priority 0; policy drop; ct state established,related accept } chain chFW { type filter hook forward priority 0; policy drop; } chain chOUT { type filter hook output priority 0; policy drop; udp dport 67 drop #DHCP udp dport 53 accept tcp dport { 80, 443} accept ct state established,related accept }
} ``` DHCP should be blocked... but it's not as I get an IP from it..
Any ideas ?
Thanks.
problem with mkinitramfs after compiling new kernel :'(
Hi,
I've recompiled my kernel[^moreinfo] of my raspberry pi 4 that run under Devuan rpi
some of the command used on the rpi to compile
bash apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev mkdir /RaspKernel_6_1_y && cd /RaspKernel_6_1_y git clone --depth=1 --branch rpi-6.1.y https://github.com/raspberrypi/linux cd linux cp /boot/config-6.1.93 /RaspKernel_6_1_y/linux/.config KERNEL=kernel8 make menuconfig time make -j$((`nproc` - 2)) Image.gz modules dtbs make -j$((`nproc` - 2)) modules_install cp arch/arm64/boot/Image.gz /boot/broadcom/$KERNEL.img cp arch/arm64/boot/dts/broadcom/*.dtb /boot/broadcom/ cp arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/ cp arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/ reboot apt install cryptsetup
\
In addition to have enabled some cipher/algorithm in the kernel config I have set a string ( TESTversionA ) in CONFIG_LOCALVERSION , may be I shouldn't have :/ ?
I'm currently following this guide LUKS on Raspberry Pi ( for context my related lemmy post )
So now that the kernel has been updated, the cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 command is successful
So in order to enable luks in initramfs I'm following the preparing-linux section of this guide.\ \ we can read: > initramfs has to be recreated
I followed the guidance and edited the initramfs-rebuild file to match my setup
**initramfs-rebuild** file
```bash #!/bin/sh -e
Rebuild initrd.gz after kernel upgrade to include new kernel's modules.
https://github.com/Robpol86/robpol86.com/blob/master/docs/_static/initramfs-rebuild.sh
Save as (chmod +x): /etc/kernel/postinst.d/initramfs-rebuild
Remove splash from cmdline.
if grep -q '\bsplash\b' /boot/cmdline.txt; then sed -i 's/ \?splash \?/ /' /boot/cmdline.txt fi
Exit if not building kernel for this Raspberry Pi's hardware version.
version="$1" current_version="$(uname -r)" case "${current_version}" in *-v7+) case "${version}" in *-v7+) ;; *) exit 0 esac ;; *+) case "${version}" in *-v7+) exit 0 ;; esac ;; esac
Exit if rebuild cannot be performed or not needed.
[ -x /usr/sbin/mkinitramfs ] || exit 0 [ -f /boot/broadcom/initrd.gz ] || exit 0 lsinitramfs /boot/broadcom/initrd.gz |grep -q "/$version$" && exit 0 # Already in initramfs.
Rebuild.
mkinitramfs -o /boot/broadcom/initrd.gz "$version" ```
\
and when I run mkinitramfs -o /boot/broadcom/initrd.gz I got
> grep: /boot/config-6.1.93TEST+: No such file or directory
I've did
bash cp /RaspKernel_6_1_y/linux/.config /boot/config-6.1.93TEST+ mkinitramfs -o /boot/broadcom/initrd.gz
and it seemed worked.
I've edit the remaining files
- /boot/broadcom/cmdline.txt
- /etc/fstab
- /etc/crypttab
rebooted. Landed in the initramfs shell as expected
but benchmark -c xchacha20,aes-adiantum-plain64 is no longer successful :'(
> Cipher xchacha20,aes-adiantum-plain64 (with 256 bit key) is not available
Any ideas where might lay the problem ?
Thanks.
[^moreinfo]: --branch rpi-6.1.y https://github.com/raspberrypi/linux
Thank you very much all, for your inputs !
I've did
root: file /boot/broadcom/initrd.gz
initrd.gz: Zstandard compressed data ....
root: unmkinitramfs /boot/broadcom/initrd.gz Extracted/
# data where extracted to Extracted/
# but I go few error like:
# cpio: cannot link usr/sbin/vconfig to usr/sbin/watchdog: Operation not permitted
`tree -Fan -L 2 Extracted`
Extracted//
|-- conf/
| |-- arch.conf*
| |-- conf.d/
| `-- initramfs.conf*
|-- etc/
| |-- fstab*
| |-- ld.so.cache*
| |-- ld.so.conf*
| |-- ld.so.conf.d/
| |-- modprobe.d/
| `-- udev/
|-- init*
|-- run/
|-- scripts/
| |-- functions*
| |-- init-bottom/
| |-- init-top/
| |-- local*
| |-- local-bottom/
| |-- local-premount/
| `-- nfs*
`-- usr/
|-- bin/
|-- lib/
`-- sbin/
So it tend to confirm that even if the file is named initrd.gz it's actually an initramfs method.... ( damn this is so misleading )
So I guess I can follow preparing-linux from the guide and overwrite the initrd.gz ?
boot on LUKS encrypted drive ( initramfs Vs initrd ) ?
Hi,
I'm trying to encrypt the root filesystem / of a raspberry pi 4 device running under Devuan rpi ( custom kernel )
I'm following LUKS on Raspberry Pi 2021 guide
That explain step by step how achieve this.
But the guide use initramfs and my distro seem to use initrd
So the question, is: should I migrate to initramfs ? and how check whats is inside my current initrd
or keep-up with initrd but then how insert the necessary to enable LUKS drive to be mounted by it ( initrd ) ?
Thanks.
Thanks @SteveTech@programming.dev
I suppose the file linux/arch/Kconfig is the base the menuconfig to know which option is available ? right ?
Thanks.
I cannot enable HAVE_KPROBES_ON_FTRACE - Kernel compile
Hi,
I have a great piece of software, that apparently need HAVE_KPROBES_ON_FTRACE
To config the kernel option I'm using :
shell make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- menuconfig
The Kernel is Linux/arm64 6.6.63
When I'm doing a search inside menuconfig i get:
```shell
Symbol: HAVE_KPROBES_ON_FTRACE [=n]
Type : bool
Defined at arch/Kconfig:223
Symbol: KPROBES_ON_FTRACE [=n] Type : bool Defined at arch/Kconfig:117 Depends on: KPROBES [=y] && HAVE_KPROBES_ON_FTRACE [=n] && DYNAMIC_FTRACE_WITH_REGS [=n] ```
But I found it no where in the menu...
and if I add it mannuly in the .config file, then make some more other adapations in menuconfig my manual entry disappear..
Any ideas ?
Maybe HAVE_KPROBES_ON_FTRACE is not supported in 6.6.63 ?
Thanks
I believe my initramfs do not support luks encryption, but the link of @DrDystopia@lemy.lol might work.... 🤞
Thanks @DrDystopia@lemy.lol ! indeed https://github.com/gitbls/sdm/blob/master/Docs/Disk-Encryption.md#the-sdm-cryptconfig-script seem what I need. I'll try
Boot on LUKS drive ( Rapsberry pi 4 )
Hi,
The SBC Raspberry Pi 4 boot on an sdcard with two partition /boot and /
So I managed to encrypt the partition / with cryptsetup
Here the partition of my sd-card | device| FILESYS|LABEL|UUID| | ---|---|---|---| | sdb1| vfat|BOOT| ( 9 characters ) | sdb2| crrypto_LUKS|<unknow>| ( 36 characters )
I've modified the /boot/cmdline.txt
to ( on one line )
raw console=serial0,115200 console=tty1 root=UUID=#If I try the UUID of sdb2 it fail and also the UUID when I use `cryptsetup luksOpen /dev/sdb2 b2open` rootfstype=ext4 fsck.repair=yes loglevel=5 net.ifnames=0 firmware_class.path=/lib/firmware/updates/brcm rootwait cryptdevice=UUID=#I dont know which one:b2open
any ideas ?
Thanks.
ohh ! great ! I'll see if I manage to install it on Devuan Thanks.
🤩 Woo I didn't know nix. It seem a better way to handle package !!!
But so if I have already apt that handle packages, is it compatible to use both on the same system !?
Nix stores all packages in isolation from each other; as a result there are no /bin, /sbin, /lib or /usr directories and all packages are kept in /nix/store instead.
Yes, but it's not reliable. because even if you use a bare linux vm to download the packages and dependency, you never know if the online will have already a dependence that the offline system do not have.
no, the only way is to force the dw of the already downloaded package.
Thank you very much @connaisseur@feddit.org
I have tried
apt-get -o Dir::Cache::archives="/to/path" install --download-only apt-offline
But it downloaded only the .deb of apt-offline and not all the dependence tree. Most probably because this machine have them already.
now, remain to force to download also all the dependency tree even if already installed...
indeed .appimage are an amazing thing as they do not require any special runtime or installation process !
I guess I will have to do my own .appimage of software that do not provide them
How install a package/program with all the dependencies tree to an offline devices ?
Hi,
I have an air gaped[^1] device. ( Devuan )
How do you manage to install packages/software on off-line[^1] device ?
I've heard of apt-offline but it seem to bug and I don't know if it's still maintained (last release two years ago)
of course I've tried manually but the dependencies relations are too crazy to do that fully manually
Dependence tree (not complete even) to install for example `apt-offline`
raw ├── Depends │ ├── Depends │ │ ├── Depends │ │ │ ├── Depends │ │ │ │ └── python3-dbg_3.9.2-3_amd64.deb │ │ │ ├── libcurl4-gnutls-dev_7.74.0-1.3+deb11u14_amd64.deb │ │ │ ├── python3-pycurl-dbg_7.43.0.6-5_amd64.deb │ │ │ └── python-pycurl-doc_7.43.0.6-5_all.deb │ │ ├── python3-httplib2_0.18.1-3_all.deb │ │ └── python3-pycurl_7.43.0.6-5_amd64.deb │ ├── iso-codes_4.6.0-1_all.deb │ ├── python3-pysimplesoap_1.16.2-3_all.deb │ └── python-apt-common_2.2.1_all.deb ├── python3-apt_2.2.1_amd64.deb └── python3-debianbts_3.1.0_all.deb
Any ideas ?
Thanks.
[^1]: air gaped, off-line\ https://en.wikipedia.org/wiki/Air_gap_(networking)
Thank you @gerbercj@lemmy.world sadly it's hosted on google ... :/ https://issuetracker.google.com
If I post here on lemmy, me feature request somebody would be kind to submit to google ?
Thanks.
Images to animated GIF offline and FLOSS ( Linux )
cross-posted from: https://programming.dev/post/18448635
> Hi, > > I was a very long time I didn't need to created a animated gif... > I had a program before to take a static images (.jpg, .png etc..) and convert then into an animated gif.. > > All the web search engine push for online (aka SaaSS) tool 🤮 > > ! > > Do you know a program that do that ( Linux ) > > Thanks.
Images to animated GIF offline and FLOSS ( Linux )
Hi,
I was a very long time I didn't need to created a animated gif... I had a program before to take a static images (.jpg, .png etc..) and convert then into an animated gif..
All the web search engine push for online (aka SaaSS) tool 🤮
Do you know a program that do that ( Linux )
Thanks.
Where submit a feature suggestion for Android ?
Hi everyone,
Does someone know where I can submit a feature suggestion for Android ?
Thanks
Mirror / parallel - squeeze / transform path is it possible ?
cross-posted from: https://programming.dev/post/18113218
> Hi, > > Is it possible with Inkscape to squeeze a shape in a mirror way (sorry I don't know how to phrase it better) \ > > Here a gif from a rasterize/pixel editor with what I'm looking for \ > ! > > > ::: spoiler The same question on the official inkscape forum > ! > WTF the fuck happen to peoples ? > Internet should not be a place where everyone could express, share what he want ?! > > I'm glad their is Lemmy, so quick and easy > :::
Installing gunicorn once on the OS and reuse it between venv ?
Hi,
I have quite few venv that run gunicorn.
I would like to reuse gunicorn for other venv
I launch my web application like this
bash #PWD = venv dir source ./bin/activate gunicorn A_WebApp:app #A_WebApp is my python file A_WebApp.py
I supposes that gunicorn is a shell program ? if yes I should use $PATH ? \
or gunicorn is a Python program only ? and then what I should do to use gunicorn in another venv ?
Thanks.
AppImage !
- Open format? Yes
- Free format? Yes
- Fully Contained Single Executable Support . Like an exe file for Windows systems Yes (the only one)
- App Size** The lowest** !
https://en.wikipedia.org/wiki/AppImage
Matrix
https://www.fosslinux.com/42410/snap-vs-flatpak-vs-appimage-know-the-differences-which-is-better.htm
https://phoenixnap.com/kb/flatpak-vs-snap-vs-appimage \
Thank you very much @taaz
So you say 2 but with unix socket so it the same as my proposal number 3 ? no ?
I'll check capabilities
Elevate privileges between Python program ( and Inter-process_communication )
Hi everyone,
I have a Python program (A) that run under a regular user account. (good)
When some events occur in (A) I need to modify my nftables and only the root is allowed to do so.
I've come up with 3 ways to do that (if you know other please share) but I don't which would be the best.
- Make a
sudocall from (A) withfrom subprocess import runbut I will need to store the password ! and I don't think is possible to keep it encrypted and decrypted when need it (it's a flaw) \ . - Make (A) writing a file with the requests. Create a (B) daemon (that run as root) that check that file every X and do the necessary \ .
- Make (A) do an IPC ( Linux socket ) to (B) daemon (that run as root) and does the necessary.
I suppose that the solution 2 is less heavy that the 3 ? But if I'm not mistaken it will react also slower ?
Thanks.
🐧