Jekyll2020-07-26T08:13:39+00:00https://springzfx.github.io/feed.xmlFancyFancy Zhangspringzfx@gmail.comBpf2020-07-20T00:00:00+00:002020-07-20T00:00:00+00:00https://springzfx.github.io/blog/bpf<h1 id="bpf">BPF</h1>
<h2 id="bpf-1">bpf</h2>
<p>image from http://www.brendangregg.com/ebpf.html</p>
<p><img src="http://www.brendangregg.com/eBPF/linux_ebpf_internals.png" alt="img" /></p>
<ul>
<li>kprobes
<ul>
<li>kprobes can trace arbitrary functions, but may easily break from one Linux version to the next</li>
</ul>
</li>
<li>tracepoints
<ul>
<li>tracepoints are more stable, they remain mostly the same</li>
<li>and documented in <code class="language-plaintext highlighter-rouge">/sys/kernel/debug/tracing</code></li>
<li>can list with <code class="language-plaintext highlighter-rouge">sudo perf list</code></li>
</ul>
</li>
<li>perf
<ul>
<li>http://www.brendangregg.com/perf.html</li>
</ul>
</li>
</ul>
<p>refer:</p>
<p>https://stackoverflow.com/questions/45618274/are-tracepoints-redundant-in-linux-kernel-after-kprobes-support-for-ftrace</p>
<p><img src="http://www.brendangregg.com/eBPF/linux_ebpf_support.png" alt="img" /></p>
<h2 id="projectstoolsexamples">Projects/Tools/Examples</h2>
<ul>
<li>bcc</li>
<li>bpftrace</li>
<li>libbpf</li>
<li>libbpf-tools</li>
<li>bpftool</li>
<li>sampes/bpf/ in kernel tree</li>
<li>perf, ftrace</li>
</ul>
<h2 id="usage">Usage</h2>
<ul>
<li>cgroup</li>
<li>systemd service</li>
<li>tc-bpf</li>
<li>iptables bpf</li>
<li>socket bpf</li>
<li>ip-route bpf</li>
<li>sockmap</li>
</ul>
<h2 id="build-kernel-samples">Build kernel samples</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># kernel config</span>
<span class="nb">gunzip</span> <span class="nt">-c</span> /proc/config.gz <span class="o">></span> .config
make oldconfig <span class="o">&&</span> make prepare
<span class="c"># install headers</span>
make headers_install <span class="nt">-j8</span>
<span class="c"># build bpf</span>
make <span class="nv">M</span><span class="o">=</span>samples/bpf <span class="nt">-j8</span>
<span class="c"># run</span>
<span class="nb">ulimit</span> <span class="nt">-l</span> unlimited
<span class="nb">sudo</span> ./sockex1
</code></pre></div></div>
<h2 id="must-read">Must Read</h2>
<ul>
<li><code class="language-plaintext highlighter-rouge">bpf.h</code> in kernel tree</li>
<li><code class="language-plaintext highlighter-rouge">sudo bpftool feature probe</code> output</li>
<li><a href="https://www.kernel.org/doc/Documentation/networking/filter.txt">Linux Socket Filtering aka Berkeley Packet Filter (BPF)</a></li>
<li>
<p>Notes on bpf series</p>
<ol>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-1">BPF program types</a></li>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-2">BPF helper functions for those programs</a></li>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-3">BPF userspace communication</a></li>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-4">BPF program build environment</a></li>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-5">BPF bytecodes and verifier</a></li>
<li><a href="http://blogs.oracle.com/linux/notes-on-bpf-6">BPF Packet Transformation</a></li>
<li><a href="https://blogs.oracle.com/linux/notes-on-bpf-7">BPF, tc and Generic Segmentation Offload</a></li>
</ol>
</li>
<li>
<p><a href="https://lwn.net/Articles/826390/">Run a BPF program on socket lookup</a></p>
<ul>
<li><a href="https://linuxplumbersconf.org/event/4/contributions/487/attachments/238/417/Programmable_socket_lookup_LPC_19.pdf">presentation</a></li>
<li>inet_lookup</li>
<li>BPF_PROG_TYPE_SK_LOOKUP</li>
</ul>
</li>
<li>
<p><a href="https://blog.cloudflare.com/sockmap-tcp-splicing-of-the-future/">SOCKMAP - TCP splicing of the future</a></p>
<ul>
<li>two bpf prog attached to one sockmap</li>
<li>BPF_MAP_TYPE_SOCKMAP</li>
<li>BPF_SK_SKB_STREAM_PARSER, BPF_SK_SKB_STREAM_VERDICT</li>
</ul>
</li>
</ul>
<h2 id="typenot-complete">TYPE(not complete)</h2>
<ul>
<li>socket: for iptables –bpf, setsockopt
<ul>
<li>BPF_PROG_TYPE_SOCKET_FILTER</li>
</ul>
</li>
<li>cgroup/sock:
<ul>
<li>BPF_PROG_TYPE_CGROUP_SOCK</li>
<li>BPF_CGROUP_INET_SOCK_CREATE</li>
<li>parameters: see <code class="language-plaintext highlighter-rouge">bpf_ctx_convert</code> in vmlinux.h
<ul>
<li>bpf_sock or __sk_buff</li>
</ul>
</li>
</ul>
</li>
<li>cgroup_skb/egress: for systemd cgroup
<ul>
<li>BPF_PROG_TYPE_CGROUP_SKB</li>
<li>BPF_CGROUP_INET_EGRESS</li>
</ul>
</li>
<li>see <code class="language-plaintext highlighter-rouge">bpf_sec_def</code> in <code class="language-plaintext highlighter-rouge">libbpf.c</code></li>
<li>see samples in <code class="language-plaintext highlighter-rouge">linux/samples/bpf/</code></li>
</ul>Fancy Zhangspringzfx@gmail.comBPFTransparent_proxy2020-04-17T00:00:00+00:002020-04-17T00:00:00+00:00https://springzfx.github.io/blog/transparent_proxy<h1 id="透明代理技术总结linux">透明代理技术总结–Linux</h1>
<h2 id="1-iptables-redirecttproxy">1. iptables REDIRECT/TPROXY</h2>
<p>在linux网络堆栈上实现透明代理,功能上最强大,最完美。具体可以有以下三种方式:</p>
<ul>
<li>global, 即全局透明代理</li>
<li>network namespace,在网络命名空间中透明代理,主机网络相当于中间路由器,具体实现参考 <code class="language-plaintext highlighter-rouge">~/Scripts/ns-proxy.sh</code></li>
<li>net_cls, only in cgroup v1,对特定cgroup进行透明代理, 参考 <a href="https://github.com/heiher/hev-socks5-tproxy#per-app-mode">example</a></li>
<li>iptables cgroup2 path match</li>
</ul>
<p>监听REDIRECT/TPROXY端口的技术实现:</p>
<ul>
<li>redsocks <a href="https://github.com/darkk/redsocks">link</a></li>
<li>v2ray dokodemo-door <a href="https://www.v2ray.com/chapter_02/protocols/dokodemo.html">link</a></li>
<li>gost -L red://:12345 <a href="https://docs.ginuerzh.xyz/gost/redirect/">link</a></li>
</ul>
<blockquote>
<p>未来会出现基于bpf技术,以最小的footprint,实现透明代理</p>
<p>linux内核的bpf技术正在快速发展</p>
</blockquote>
<h2 id="2-proxychains-ng">2. <a href="https://github.com/rofl0r/proxychains-ng">proxychains-ng</a></h2>
<p>原理是利用<code class="language-plaintext highlighter-rouge">LD_PRELOAD</code>,挂钩(hook)网络相关的libc函数,因此只对动态链接的程序有用,例如不支持go程序(静态编译),不支持脚本等。只支持tcp。</p>
<p>配置和使用相当的简单。</p>
<h2 id="3-cgproxy">3. <a href="https://github.com/springzfx/cgproxy">cgproxy</a></h2>
<p>基于cgroup2和TPROXY的透明代理,支持cgroup级别、进程级别的控制。</p>
<p>支持tcp和udp。</p>
<p>可以代理任何程序,可全局代理、网关代理。</p>
<h2 id="4-graftcp">4. graftcp</h2>
<p>可以通过ptrace跟踪或修改任何给定程序的网络连接,因此它可用于任何程序。</p>
<p>只支持tcp,暂不支持ipv6,<a href="https://github.com/hmgle/graftcp/issues/10">issue</a></p>
<hr />
<p><strong>some tests</strong></p>
<p>see <a href="https://www.v2ray.com/chapter_02/protocols/dokodemo.html">Dokodemo-door</a> and <a href="https://www.v2ray.com/chapter_02/05_transport.html">v2ray tproxy config</a>,</p>
<p>note <code class="language-plaintext highlighter-rouge">v2ray redirect</code> only work in ipv4</p>
<p>experiments result following:</p>
<ul>
<li>v2ray tproxy + no root
<ul>
<li>tcp REDIRECT ✓</li>
<li>tcp TPROXY ✗</li>
<li>udp TPROXY ✗</li>
</ul>
</li>
<li>v2ray redirect + no root
<ul>
<li>tcp REDIRECT ✓</li>
<li>tcp TPROXY ✗</li>
<li>udp TPROXY ✗</li>
</ul>
</li>
<li>v2ray tproxy + root ✓</li>
<li>v2ray redirect + root ✓</li>
</ul>
<p>结论:</p>
<ol>
<li>REDIRECT总是可用, 而TPROXY需要root才能使用</li>
<li>在not root下只能代理透明代理tcp</li>
</ol>
<p><strong>一些代理软件</strong></p>
<ul>
<li>gost</li>
<li>clash</li>
<li>v2ray</li>
<li>trojan</li>
</ul>Fancy Zhangspringzfx@gmail.com透明代理技术总结–LinuxMpv_shooter_subtitles_plugin2020-01-01T00:00:00+00:002020-01-01T00:00:00+00:00https://springzfx.github.io/blog/mpv_shooter_subtitles_plugin<h1 id="mpv-射手影音字幕插件">MPV-射手影音字幕插件</h1>
<ol>
<li>put <strong><a href="https://gist.github.com/springzfx/cfa5fde3dbd3c6717ab3ed5936407f24#file-splayersub-py">SPlayerSub.py</a></strong> and <a href="https://gist.github.com/springzfx/cfa5fde3dbd3c6717ab3ed5936407f24#file-download_subtitles_using_splayer_api-js">download_subtitles_using_SPlayer_API.js</a> to <code class="language-plaintext highlighter-rouge">~/.config/mpv/scripts/</code></li>
<li>put <a href="https://gist.github.com/springzfx/cfa5fde3dbd3c6717ab3ed5936407f24#file-mpv-conf">mpv.conf</a> to <code class="language-plaintext highlighter-rouge">~/.config/mpv/</code></li>
<li>打开视频后,按<kbd>a</kbd> 开始下载字幕,字幕会下载到视频<code class="language-plaintext highlighter-rouge">~/.cache/mpv/</code>目录,并自动加载</li>
</ol>
<p>refer:</p>
<ul>
<li>
<p><a href="https://github.com/mpv-player/mpv/wiki/Scripting-language-bindings">Scripting language bindings</a></p>
</li>
<li>
<p><a href="https://docs.google.com/document/d/1ufdzy6jbornkXxsD-OGl3kgWa4P9WO5NZb6_QYZiGI0/preview#heading=h.n2qid0t4grzp">射手影音智能字幕查询API</a></p>
</li>
</ul>Fancy Zhangspringzfx@gmail.comMPV-射手影音字幕插件Openvpn2019-10-07T00:00:00+00:002019-10-07T00:00:00+00:00https://springzfx.github.io/blog/openvpn<h1 id="openvpn">openvpn</h1>
<p><a href="https://github.com/angristan/openvpn-install">OpenVPN installer</a> for Debian, Ubuntu, Fedora, CentOS and Arch Linux.</p>
<h2 id="遇到的问题">遇到的问题</h2>
<p>主机有多个IP的情况下,使用UDP会存在地址绑定不一致的情况,即:</p>
<p><img src="./images/openvpn_udp.png" alt="openvpn_udp" style="zoom:50%;" /></p>
<p>解决方案有二:</p>
<ul>
<li>
<p>选择使用TCP,我的选择</p>
</li>
<li>
<p><code class="language-plaintext highlighter-rouge">-multihome</code>编译,扩展sock API,具体参见<a href="https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/">OPENVPN文档</a></p>
<blockquote>
<p><strong>–multihome</strong></p>
<p>Configure a multi-homed UDP server. This option needs to be used when a server has more than one IP address (e.g. multiple interfaces, or secondary IP addresses), and is not using <strong>–local</strong></p>
<p>Note 2: if you do an IPv6+IPv4 dual-stack bind on a Linux machine with multiple IPv4 address, connections to IPv4 addresses will not work right on kernels before 3.15, due to missing kernel support for the IPv4-mapped case (some distributions have ported this to earlier kernel versions, though).</p>
</blockquote>
</li>
</ul>
<h2 id="手动安装配置">手动安装配置</h2>
<p>OpenVPN installer 的脚本已经一团麻的,处理的方式我不是很满意,所以最终选择自己配置。</p>
<p>主要参考https://wiki.archlinux.org/index.php/OpenVPN</p>
<p>Archwiki建议证书在另一个主机上生成CA(证书颁发机构),这里将会在同一个主机上进行。</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># CA</span>
<span class="nb">cd</span> /etc/easy-rsa
<span class="nb">export </span><span class="nv">EASYRSA</span><span class="o">=</span><span class="si">$(</span><span class="nb">pwd</span><span class="si">)</span>
easyrsa init-pki
easyrsa build-ca
<span class="nb">cp</span> /etc/easy-rsa/pki/ca.crt /etc/openvpn/server/
<span class="c"># server</span>
<span class="nb">export </span><span class="nv">servername</span><span class="o">=</span><span class="s2">"server"</span>
openssl dhparam <span class="nt">-out</span> /etc/openvpn/server/dh2048.pem 2048
openvpn <span class="nt">--genkey</span> <span class="nt">--secret</span> /etc/openvpn/server/ta.key
<span class="nb">cd</span> /etc/easy-rsa
easyrsa gen-req <span class="nv">$servername</span> nopass
<span class="nb">cp</span> /etc/easy-rsa/pki/private/<span class="nv">$servername</span>.key /etc/openvpn/server/
easyrsa sign-req server <span class="nv">$servername</span>
<span class="nb">cp</span> /etc/easy-rsa/pki/issued/<span class="nv">$servername</span>.crt /etc/openvpn/server/
<span class="c"># config server to use tcp,port,dns,gateway,etc</span>
<span class="nb">cp</span> /usr/share/openvpn/examples/server.conf /etc/openvpn/server/server.conf
vi /etc/openvpn/server/server.conf
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># for P20 client</span>
<span class="nb">mkdir</span> <span class="nt">-p</span> /etc/easy-rsa/pki/signed
<span class="nb">export </span><span class="nv">client_name</span><span class="o">=</span><span class="s2">"P20"</span>
<span class="nb">cd</span> /etc/easy-rsa
easyrsa gen-req <span class="nv">$client_name</span> nopass
easyrsa sign-req client <span class="nv">$client_name</span>
<span class="nb">mv</span> /etc/easy-rsa/pki/issued/<span class="nv">$client_name</span>.crt /etc/easy-rsa/pki/signed
<span class="c"># generate client ovpn</span>
<span class="nb">export </span><span class="nv">client_name</span><span class="o">=</span><span class="s2">"P20"</span>
ovpngen 172.24.68.231 /etc/openvpn/server/ca.crt /etc/easy-rsa/pki/signed/<span class="nv">$client_name</span>.crt /etc/easy-rsa/pki/private/<span class="nv">$client_name</span>.key /etc/openvpn/server/ta.key 1194 tcp <span class="o">></span> <span class="nv">$client_name</span>.ovpn
<span class="c"># change cipher to match server config</span>
</code></pre></div></div>
<h2 id="启动">启动</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl enable openvpn-server@server
sudo systemctl start openvpn-server@server
</code></pre></div></div>
<h2 id="配置iptables">配置Iptables</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -A INPUT -p tcp -i enp4s0 --dport 1194 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
sudo iptables -A INPUT -i tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -j ACCEPT
sudo iptables -A FORWARD -o tun+ -j ACCEPT
</code></pre></div></div>
<p>systemd的service文件是可以友好的overide的,参考<a href="https://wiki.archlinux.org/index.php/Systemd#Drop-in_files">systemd-drop in files</a>,因此我们通过 <code class="language-plaintext highlighter-rouge">sudo systemctl edit openvpn-server@server</code> 的方式来自动处理</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/systemd/system/openvpn-server@server.service.d/override.conf
-------------------------------------------------
[Service]
ExecStartPost=/etc/iptables/add-openvpn-rules.sh
ExecStopPost=/etc/iptables/rm-openvpn-rules.sh
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/iptables/add-openvpn-rules.sh
-------------------------------------------------
!/bin/sh
iptables -A INPUT -p tcp -i enp4s0 --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/iptables/rm-openvpn-rules.sh
-------------------------------------------------
!/bin/sh
iptables -D INPUT -p tcp -i enp4s0 --dport 1194 -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -D INPUT -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -o tun+ -j ACCEPT
</code></pre></div></div>
<h2 id="配置nftables">配置nftables</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/nftables.conf
-------------------------------------------------
#!/usr/bin/nft -f
# ipv4/ipv6 Simple & Safe Firewall
# you can find examples in /usr/share/nftables/
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# allow established/related connections
ct state {established, related} accept
# early drop of invalid connections
ct state invalid drop
# allow from loopback
iifname lo accept
# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# allow ssh
tcp dport ssh accept
# allow transmission
tcp dport 51413 accept
# dhcp
#ip protocol udp udp dport 68 accept
#ip6 nexthdr udp udp dport 546 accept
udp dport 68 accept
udp dport 546 accept
# vpn
jump vpn_input
# everything else
reject with icmpx type port-unreachable
}
chain forward {
type filter hook forward priority 0; policy drop;
jump vpn_forward;
}
chain output {
type filter hook output priority 0;
}
chain nat {
type nat hook postrouting priority 100;
jump vpn_nat
}
chain vpn_input {
tcp dport 1194 accept
}
chain vpn_forward {
meta iifname tun0 accept
meta oifname tun0 accept
}
chain vpn_nat {
ip saddr 10.8.0.0/24 masquerade
}
}
# vim:set ts=2 sw=2 et:
</code></pre></div></div>Fancy Zhangspringzfx@gmail.comopenvpnApplication_i_use_in_linux2019-09-11T00:00:00+00:002019-09-11T00:00:00+00:00https://springzfx.github.io/blog/application_I_use_in_linux<h1 id="fancy-applications">Fancy Applications</h1>
<p>Packages default included in KDE Plasma won’t list here.</p>
<p>‘🗸’ means I am using for now in my computer.</p>
<h2 id="神器">神器</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />neovim</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />firejail</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />tmux</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />fzf</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />fd</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />ripgrep</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />the_silver_searcher <code class="language-plaintext highlighter-rouge">ag</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />earlyoom <code class="language-plaintext highlighter-rouge">out of memory handle</code></li>
</ul>
<h2 id="proxy-or-vpn">Proxy or VPN</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />cgproxy</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />proxychains-ng</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Qv2ray, v2ray</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />gost</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />wireguard</li>
</ul>
<h2 id="video-downloader">Video downloader</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />You-Get</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />youtube-dl</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/iawia002/annie">anni</a></li>
</ul>
<h2 id="system">System</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />oh-my-zsh</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Terminator</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />yakuake</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Catfish <code class="language-plaintext highlighter-rouge">Versatile file searching tool</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />KSystemLog</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />GParted <code class="language-plaintext highlighter-rouge">Partition Editor</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Latte Dock</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />VirtualBox</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Vmware</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />fcitx-rime</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />KeePassXC</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />thunderbird</li>
</ul>
<h2 id="internet">Internet</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Transmission <code class="language-plaintext highlighter-rouge">BitTorrent Client</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />FileZilla <code class="language-plaintext highlighter-rouge">FTP client</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Samba</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Syncthing <code class="language-plaintext highlighter-rouge">continuous file synchronization program</code></li>
</ul>
<h2 id="write">Write</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Typora</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Texstudio</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />LyX</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />KLatexFormula</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Mathpix Snipping Tool</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />WPS <code class="language-plaintext highlighter-rouge">office suite</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Jabref <code class="language-plaintext highlighter-rouge">bibtex tool,improved by myself</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />drawio-desktop</li>
</ul>
<h2 id="code">Code</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />IntelliJ IDEA</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />PyCharm</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Sublime Text</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Visual Studio Code</li>
</ul>
<h2 id="git">Git</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/dandavison/delta">delta</a> <code class="language-plaintext highlighter-rouge">A syntax-highlighter for git and diff output</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />GitKraken <code class="language-plaintext highlighter-rouge">Git Client</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />SmartGit <code class="language-plaintext highlighter-rouge">Git Client</code></li>
</ul>
<h2 id="multi-media">Multi media</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />spotify</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />网易云音乐</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />mpv</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Gimp</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Kolourpaint</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />OBS <code class="language-plaintext highlighter-rouge">Streaming/Recording Software</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />kdenlive <code class="language-plaintext highlighter-rouge">video editor</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Peek <code class="language-plaintext highlighter-rouge">Animated GIF recorder</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Spectacle <code class="language-plaintext highlighter-rouge">Screenshot Capture Utility</code></li>
</ul>
<h2 id="command-line-tool">Command line tool</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />neofetch</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />ncdu <code class="language-plaintext highlighter-rouge">Disk usage analyzer with an ncurses interface</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />ss <code class="language-plaintext highlighter-rouge">dump socket statistics, in iproute2</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />glances</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />socat</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />nmap</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />lrzsz</li>
</ul>
<h2 id="monitor">Monitor</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />vnstat <code class="language-plaintext highlighter-rouge">console-based network traffic monitor</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />nethogs <code class="language-plaintext highlighter-rouge">Net top tool grouping bandwidth per process</code></li>
</ul>
<h2 id="management">Management</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Korganizer</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />KCharSelect</li>
</ul>
<h2 id="archlinux">Archlinux</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />pamac <code class="language-plaintext highlighter-rouge">Pamac is a Package Manager based on libalpm with AUR and Appstream support</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />yay <code class="language-plaintext highlighter-rouge">Pacman wrapper and AUR helper written in go.</code></li>
</ul>
<h2 id="web-server">Web Server</h2>
<ul>
<li>apache</li>
<li>caddy 2 <code class="language-plaintext highlighter-rouge">open source web server with automatic HTTPS written in Go</code></li>
</ul>
<h2 id="others">Others</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />crow-translator</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />chezmoi <code class="language-plaintext highlighter-rouge">dotfile manage and sync</code></li>
</ul>
<h2 id="projects-impressed">Projects Impressed</h2>
<ul class="task-list">
<li class="task-list-item">
<p><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/adnanh/webhook">webhook</a> is a lightweight incoming webhook server to run shell commands</p>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/tiangolo/fastapi">FastAPI</a> is a modern, fast (high-performance), web framework for building APIs with Python 3.6+ based on standard Python type hints.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/jumpserver/jumpserver">jumpserver</a> 开源堡垒机</li>
</ul>Fancy Zhangspringzfx@gmail.comFancy ApplicationsMisc_records2019-09-11T00:00:00+00:002019-09-11T00:00:00+00:00https://springzfx.github.io/blog/misc_records<h1 id="misc-records">Misc Records</h1>
<ul>
<li>
<p>connect to another tty</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Print the file name of the terminal connected to standard input.</span>
<span class="nb">tty</span>
<span class="c"># connect to it</span>
script <span class="nt">-f</span> /dev/tty1
</code></pre></div> </div>
</li>
<li>
<p>tar</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># sudo to keep permission
# pack
sudo tar -cvf mysql.tar mysql
# unpack
sudo tar -xvf www.tar -C .
</code></pre></div> </div>
</li>
<li>
<p>manually update zsh completion cache</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rehash
</code></pre></div> </div>
</li>
<li>
<p>zsh completion</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">rm</span> ~/.zcompdump<span class="p">;</span> compinit
</code></pre></div> </div>
</li>
<li>
<p>Generate random password</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># use package pwgen</span>
pwgen 8 <span class="c"># generate with length 8</span>
</code></pre></div> </div>
</li>
<li>
<p>find file in a certain day</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># more to see option `-newerXY` in `man find`</span>
<span class="nb">sudo </span>find /var <span class="nt">-type</span> d <span class="nt">-newermt</span> 2019-08-30 <span class="o">!</span> <span class="nt">-newermt</span> 2019-08-31 <span class="nt">-print</span> 2>/dev/null
</code></pre></div> </div>
</li>
<li>
<p>find dhcp server</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>nmap <span class="nt">--script</span> broadcast-dhcp-discover <span class="nt">-e</span> eth0
<span class="c"># for dhcpv6</span>
<span class="nb">sudo </span>nmap <span class="nt">-6</span> <span class="nt">--script</span> broadcast-dhcp6-discover <span class="nt">-e</span> eth0
</code></pre></div> </div>
</li>
<li>
<p>find out the MAC of a given IP</p>
</li>
</ul>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code> <span class="nb">sudo </span>arping <span class="nt">-I</span> enp4s0 <span class="nt">-c1</span> 172.24.68.179
</code></pre></div></div>
<ul>
<li>
<p>find hostname by IP</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># netbios names</span>
nmblookup <span class="nt">-A</span> <ip>
<span class="c"># from dns server</span>
nslookup <ip>
</code></pre></div> </div>
</li>
<li>
<p>Using the KDE Wallet to store ssh key passphrases <code class="language-plaintext highlighter-rouge">ssh-add</code></p>
</li>
<li>
<p>zip文件名乱码</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>unzip -O cp936 filename
</code></pre></div> </div>
</li>
<li>
<p>run as root in Gui</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># in .desktop
# see https://wiki.archlinux.org/index.php/Sudo#kdesu
X-KDE-SubstituteUID=true
</code></pre></div> </div>
</li>
<li>
<p>visudo导致sudo无法使用时</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># 前提是你已经安装相应的 policykit-1-gnome 或者 polkit-kde-agent
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &
pkexec visudo
# 否则就只能重启进入recovery或者livecd修复
</code></pre></div> </div>
</li>
<li>
<p>Clean journal</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>journalctl --rotate --vacuum-time=1d
</code></pre></div> </div>
</li>
<li>
<p>rsync with root</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rsync -avPpr -e "ssh" --rsync-path="sudo rsync" fancy@172.24.71.53:/opt/cudnn/cudnn-10.1-linux-x64-v7.5.0.56 /opt/cudnn/
</code></pre></div> </div>
</li>
<li>
<p>runtime path</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># refer https://en.wikipedia.org/wiki/Rpath</span>
<span class="c"># see RPATH or RUNPATH</span>
readelf <span class="nt">-d</span> binary-or-library
<span class="c"># see `man chrpath`</span>
chrpath <span class="nt">-l</span> binary-or-library
</code></pre></div> </div>
</li>
<li>
<p>iptables LOG in netns</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sysctl -w net.netfilter.nf_log_all_netns=1
</code></pre></div> </div>
</li>
</ul>
<h2 id="server">Server</h2>
<ul>
<li>
<p>List human users</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cut -d: -f1,3 /etc/passwd | egrep ':[0-9]{4}$' | cut -d: -f1
</code></pre></div> </div>
</li>
<li>
<p>disable or enable users</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># disable</span>
chage <span class="nt">-E</span> 0 <user>
<span class="c"># enable</span>
chage <span class="nt">-E</span> <span class="nt">-1</span> <user>
</code></pre></div> </div>
</li>
</ul>
<h2 id="video-related">Video related</h2>
<ul>
<li>
<p><a href="https://github.com/soimort/you-get">You-Get</a></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># bilibili, 下载 </span>
you-get <url>
<span class="c"># bilibili, 批量下载 </span>
you-get <span class="nt">--playlist</span> <url>
</code></pre></div> </div>
</li>
<li>
<p>video info</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ffprobe <span class="nt">-hide_banner</span> <video>
</code></pre></div> </div>
</li>
<li>
<p>show videos codec</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ffprobe <span class="nt">-v</span> error <span class="nt">-select_streams</span> v:0 <span class="nt">-show_entries</span> <span class="nv">stream</span><span class="o">=</span>codec_name <url>
find <span class="nb">.</span> <span class="nt">-type</span> f <span class="nt">-print</span> <span class="nt">-exec</span> sh <span class="nt">-c</span> <span class="s2">"ffprobe -v error -select_streams v:0 -show_entries stream=codec_name '{}' |grep codec|sed -e 's/codec_name=//'"</span> <span class="se">\;</span>
</code></pre></div> </div>
</li>
<li>
<p>flv to mp4 with loss</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># single</span>
ffmpeg <span class="nt">-i</span> input.flv <span class="nt">-codec</span> copy output.mp4
<span class="c"># loop way</span>
<span class="k">for </span>f <span class="k">in</span> <span class="k">*</span>.flv
<span class="k">do
</span>ffmpeg <span class="nt">-i</span> <span class="s2">"</span><span class="nv">$f</span><span class="s2">"</span> <span class="nt">-codec</span> copy <span class="s2">"</span><span class="k">${</span><span class="nv">f</span><span class="p">/.flv/.mp4</span><span class="k">}</span><span class="s2">"</span>
<span class="k">done</span>
</code></pre></div> </div>
</li>
</ul>
<h2 id="neovim">NeoVIM</h2>
<blockquote>
<p>显示行号,显示空白字符</p>
</blockquote>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>:set nu <span class="c"># show line number</span>
:set list <span class="c"># show space</span>
:noh <span class="c"># turn off highlighting until the next search</span>
</code></pre></div></div>
<blockquote>
<p>Vim < 8.1.1365, Neovim < 0.3.6 中存在<a href="https://www.anquanke.com/post/id/180386">漏洞</a>,modeline 在root情况下默认关闭</p>
</blockquote>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/xdg/nvim/sysinit.vim
-------------------------------
set modeline
</code></pre></div></div>
<h2 id="zsh">ZSH</h2>
<p><code class="language-plaintext highlighter-rouge">^left</code> <code class="language-plaintext highlighter-rouge">^right</code> Backward or forward one word</p>
<p><code class="language-plaintext highlighter-rouge">^u</code> Clear whole line</p>
<p><code class="language-plaintext highlighter-rouge">^k</code> Clear to end of line</p>
<p><code class="language-plaintext highlighter-rouge">^w</code> Delete one word backward</p>
<p><code class="language-plaintext highlighter-rouge">^l</code> Clear screen</p>
<p><code class="language-plaintext highlighter-rouge">^x u</code> Undo last change</p>
<p><code class="language-plaintext highlighter-rouge">^y</code> Yank</p>
<h2 id="pacman">pacman</h2>
<ul>
<li>
<p>Remove orphan package, repeat the cmd multi times</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>pacman <span class="nt">-Ru</span> <span class="si">$(</span>pacman <span class="nt">-Qdtq</span><span class="si">)</span>
</code></pre></div> </div>
</li>
</ul>
<h2 id="cgroup">cgroup</h2>
<p><code class="language-plaintext highlighter-rouge">systemd-cgls</code> <code class="language-plaintext highlighter-rouge">systemd-cgtop</code></p>
<h2 id="journal">journal</h2>
<p><code class="language-plaintext highlighter-rouge">journalctl -f -u <service> </code></p>
<p><code class="language-plaintext highlighter-rouge">journalctl -b <boot_number> </code></p>
<h2 id="exit-stuck-sessions">Exit stuck sessions</h2>
<p><code class="language-plaintext highlighter-rouge">ssh</code> includes the escape character <code class="language-plaintext highlighter-rouge">~</code> by default. The command <code class="language-plaintext highlighter-rouge">~.</code> closes an open connection and brings you back to the terminal.</p>Fancy Zhangspringzfx@gmail.comMisc RecordsKde_desktop_in_docker2019-09-10T00:00:00+00:002019-09-10T00:00:00+00:00https://springzfx.github.io/blog/kde_desktop_in_docker<h1 id="kde-desktop-in-docker-container">kde desktop in docker container</h1>
<h2 id="install-docker">install docker</h2>
<p>see <a href="https://mirror.tuna.tsinghua.edu.cn/help/docker-ce/">this</a></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-fsSL</span> https://download.docker.com/linux/debian/gpg | <span class="nb">sudo </span>apt-key add -
<span class="nb">sudo </span>add-apt-repository <span class="se">\</span>
<span class="s2">"deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian </span><span class="se">\</span><span class="s2">
</span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> </span><span class="se">\</span><span class="s2">
stable"</span>
<span class="nb">sudo </span>apt-get <span class="nb">install </span>docker-ce
</code></pre></div></div>
<h2 id="install-nvidia-docker">install nvidia-docker</h2>
<p>see <a href="https://github.com/NVIDIA/nvidia-docker">this</a></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># 添加源</span>
<span class="nv">$ </span>curl <span class="nt">-s</span> <span class="nt">-L</span> https://nvidia.github.io/nvidia-docker/gpgkey | <span class="nb">sudo </span>apt-key add -
<span class="nv">$ </span>curl <span class="nt">-s</span> <span class="nt">-L</span> https://nvidia.github.io/nvidia-docker/ubuntu18.04/nvidia-docker.list | <span class="nb">sudo tee</span> /etc/apt/sources.list.d/nvidia-docker.list
<span class="c"># 安装并重启docker</span>
<span class="nv">$ </span><span class="nb">sudo </span>apt update <span class="o">&&</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nvidia-container-toolkit
<span class="nv">$ </span><span class="nb">sudo </span>systemctl restart docker
<span class="c"># 在官方CUDA镜像上测试 nvidia-smi</span>
<span class="nv">$ </span><span class="nb">sudo </span>docker run <span class="nt">--gpus</span> all nvidia/cuda:9.0-base nvidia-smi
<span class="c"># 启动支持双GPU的容器</span>
<span class="nv">$ </span><span class="nb">sudo </span>docker run <span class="nt">--gpus</span> 2 nvidia/cuda:9.0-base nvidia-smi
<span class="c"># 指定GPU 1,运行容器</span>
<span class="nv">$ </span><span class="nb">sudo </span>docker run <span class="nt">--gpus</span> <span class="nv">device</span><span class="o">=</span>0 nvidia/cuda:9.0-base nvidia-smi
</code></pre></div></div>
<h2 id="run">run</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># not work, blackscreen after kde logo, problem still unknown</span>
Xephyr <span class="nt">-screen</span> 1024x768 :1 &
docker run <span class="nt">-v</span> /tmp/.X11-unix:/tmp/.X11-unix kdeneon/plasma:unstable
<span class="c"># however application can run normally</span>
xhost +
docker run <span class="nt">-v</span> /tmp/.X11-unix:/tmp/.X11-unix <span class="nt">-e</span> <span class="nv">DISPLAY</span><span class="o">=</span>:0 kdeneon/plasma:unstable okular
</code></pre></div></div>
<h2 id="another-way-that-work">Another way that work</h2>
<p>more see <a href="https://github.com/mviereck/x11docker">x11-docker</a>, <a href="https://github.com/mviereck/x11docker/issues/183">Is kde plasma still supported?</a></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>x11docker --desktop --init=systemd -- kdeneon/plasma:unstable
</code></pre></div></div>Fancy Zhangspringzfx@gmail.comkde desktop in docker containerSamba_config2019-09-10T00:00:00+00:002019-09-10T00:00:00+00:00https://springzfx.github.io/blog/samba_config<h3 id="samba">Samba</h3>
<div class="language-config highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#======================= Global Settings =====================================
</span>[<span class="n">global</span>]
<span class="n">workgroup</span> = <span class="n">WORKGROUP</span>
<span class="n">server</span> <span class="n">string</span> = <span class="n">Samba</span> %<span class="n">v</span>
<span class="n">server</span> <span class="n">role</span> = <span class="n">standalone</span>
<span class="n">log</span> <span class="n">file</span> = /<span class="n">var</span>/<span class="n">log</span>/<span class="n">samba</span>/<span class="n">log</span>.%<span class="n">m</span>
<span class="n">max</span> <span class="n">log</span> <span class="n">size</span> = <span class="m">50</span>
<span class="n">passdb</span> <span class="n">backend</span> = <span class="n">tdbsam</span>
<span class="n">unix</span> <span class="n">extensions</span> = <span class="n">No</span>
<span class="n">security</span> = <span class="n">user</span>
<span class="n">usershare</span> <span class="n">path</span> = /<span class="n">var</span>/<span class="n">lib</span>/<span class="n">samba</span>/<span class="n">usershares</span>
<span class="n">usershare</span> <span class="n">max</span> <span class="n">shares</span> = <span class="m">100</span>
<span class="n">usershare</span> <span class="n">allow</span> <span class="n">guests</span> = <span class="n">yes</span>
<span class="n">usershare</span> <span class="n">owner</span> <span class="n">only</span> = <span class="n">yes</span>
<span class="c">#============================ Share Definitions ==============================
</span>[<span class="n">upload</span>]
<span class="n">create</span> <span class="n">mask</span> = <span class="m">0644</span>
<span class="n">path</span> = /<span class="n">home</span>/<span class="n">fancy</span>/<span class="n">upload</span>
<span class="n">read</span> <span class="n">only</span> = <span class="n">No</span>
<span class="n">valid</span> <span class="n">users</span> = <span class="n">fancy</span>
[<span class="n">share</span>]
<span class="n">path</span> = /<span class="n">home</span>/<span class="n">share</span>
<span class="n">valid</span> <span class="n">users</span> = <span class="n">share</span>
<span class="n">wide</span> <span class="n">links</span> = <span class="n">Yes</span>
[<span class="n">ubuntu</span>]
<span class="n">path</span> = /<span class="n">home</span>/<span class="n">fancy</span>
<span class="n">valid</span> <span class="n">users</span> = <span class="n">fancy</span>
<span class="n">wide</span> <span class="n">links</span> = <span class="n">Yes</span>
</code></pre></div></div>
<ul>
<li><code class="language-plaintext highlighter-rouge">obey pam restrictions = no</code> to avoid nobody auth log</li>
</ul>
<p><img src="./images/samba_auth_log.png" style="zoom:50%;margin-left:100px;" /></p>
<ul>
<li><code class="language-plaintext highlighter-rouge">hosts deny = 172.24.68.179</code> to deny malicious connection/brocast</li>
</ul>Fancy Zhangspringzfx@gmail.comSambaPolicykit_config_to_without_password_ask2019-09-09T00:00:00+00:002019-09-09T00:00:00+00:00https://springzfx.github.io/blog/policykit_config_to_without_password_ask<h1 id="auth-synaptic-and-discover-without-password">Auth Synaptic and Discover without password</h1>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/polkit-1/localauthority/50-local.d/50-fancy-personal.pkla
--------------------------------------------------------------------
[Synaptic]
Identity=unix-group:sudo
Action=com.ubuntu.pkexec.synaptic
ResultAny=no
ResultInactive=no
ResultActive=yes
[Discover]
Identity=unix-group:sudo
Action=org.freedesktop.packagekit.*
ResultAny=no
ResultInactive=no
ResultActive=yes
</code></pre></div></div>
<p>For more, see <code class="language-plaintext highlighter-rouge">man pklocalauthority</code></p>
<p>tips: to be as root login <code class="language-plaintext highlighter-rouge">sudo -i</code></p>Fancy Zhangspringzfx@gmail.comAuth Synaptic and Discover without passwordChroot_those_things2019-09-05T00:00:00+00:002019-09-05T00:00:00+00:00https://springzfx.github.io/blog/chroot_those_things<h1 id="chroot">chroot</h1>
<h2 id="1-mount-some-necessary-resources">1. Mount some necessary resources</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">ARCH_ROOT</span><span class="o">=</span>/home/fancy/archlinux-root
<span class="c"># mount necessary resources</span>
<span class="nb">sudo </span>mount <span class="nt">--bind</span> <span class="nv">$ARCH_ROOT</span> <span class="nv">$ARCH_ROOT</span>
<span class="nb">sudo </span>mount <span class="nt">-t</span> proc /proc <span class="nv">$ARCH_ROOT</span>/proc
<span class="nb">sudo </span>mount <span class="nt">--rbind</span> /sys <span class="nv">$ARCH_ROOT</span>/sys
<span class="nb">sudo </span>mount <span class="nt">--rbind</span> /dev <span class="nv">$ARCH_ROOT</span>/dev
<span class="nb">sudo </span>mount <span class="nt">--bind</span> <span class="nt">-o</span> ro /tmp/.X11-unix <span class="nv">$ARCH_ROOT</span>/tmp/.X11-unix
<span class="nb">sudo cp</span> /etc/resolv.conf <span class="nv">$ARCH_ROOT</span>/etc/resolv.conf
<span class="c"># umount</span>
<span class="nb">sudo </span>umount <span class="nt">--recursive</span> <span class="nv">$ARCH_ROOT</span>
<span class="c">#sudo umount $ARCH_ROOT/dev </span>
<span class="c">#sudo umount $ARCH_ROOT/proc </span>
<span class="c">#sudo umount $ARCH_ROOT/sys </span>
<span class="c">#sudo umount $ARCH_ROOT</span>
<span class="c">#sudo umount $ARCH_ROOT/tmp/.X11-unix</span>
<span class="c">#sudo chmod 1777 /dev/shm</span>
</code></pre></div></div>
<h2 id="2-x-related-to-enable-gui-in-chroot">2. X related to enable GUI in chroot</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># in host, authorize clients</span>
xauth extract <span class="nv">$ARCH_ROOT</span>/root/.Xauthority :0
<span class="c"># chroot to guest</span>
<span class="nb">sudo chroot</span> <span class="nv">$ARCH_ROOT</span>
<span class="c"># in guest</span>
<span class="nb">export </span><span class="nv">XAUTHORITY</span><span class="o">=</span>/root/.Xauthority
<span class="c"># test in guest, assume arch</span>
pacman <span class="nt">-S</span> xorg-eyes <span class="c">#xorg-xauth xorg-server</span>
xeyes
</code></pre></div></div>
<h2 id="3-another-way-to-display-in-current-x-window">3. Another way to display in current X window</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># in host, need bind /tmp/.X11-unix
# disable access control
xhost +
# in guest
xeyes
</code></pre></div></div>
<p>Another way to display in a nested X window</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># in host,need bind /tmp/.X11-unix
sudo apt install xserver-xephyr
Xephyr -screen 1024x768 :1 &
# in guest
DISPLAY=:1
xeyes
</code></pre></div></div>Fancy Zhangspringzfx@gmail.comchroot