How to install ruby & rubygems in Alpine Linux


You want to install ruby and the gem package manager in Alpine linux, but running apk install ruby rubygems shows you that the package doesn’t exist

/ # apk add ruby rubygems
ERROR: unable to select packages:
  rubygems (no such package):
    required by: world[rubygems]


gem is included in the ruby package. So the only command you need to run is

apk update
apk add ruby

Example output:

/ # apk add ruby
(1/7) Installing ca-certificates (20191127-r5)
(2/7) Installing gdbm (1.19-r0)
(3/7) Installing gmp (6.2.1-r0)
(4/7) Installing readline (8.1.0-r0)
(5/7) Installing yaml (0.2.5-r0)
(6/7) Installing ruby-libs (2.7.3-r0)
(7/7) Installing ruby (2.7.3-r0)
Executing busybox-1.32.1-r6.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 928 MiB in 154 packages

After doing that, you can immediately use both ruby and gem.

Posted by Uli Köhler in Alpine Linux, Container, Docker, Linux, Ruby

How to fix StereoPi Ethernet & USB not working

If you are trying to work with your StereoPi, you might have a situation in which Ethernet and USB are not working while the Raspberry Pi boots up and HDMI output works fine.

The reasons for this is that you are trying to power your board using the MicroUSB connector instead of using the USB power cable that comes with your StereoPi. The USB power cable is the one that has an USB Type-A connector at one end and the small white plug with a red and a black lead on the other side.

How to fix

  • Unplug the MicroUSB cable from the StereoPi
  • Unplug the USB power cable from
  • Now plug in only the USB power cable
  • In case your StereoPi doesn’t boot up immediately, switch the small switch on the StereoPi (which is adjacent to the socket where you connected the USB power cable) to the other side

Once your StereoPi has finished booting up, Ethernet and USB will work immediately

Why don’t USB & Ethernet work with the MicroUSB cable

If you are powering your StereoPi using the MicroUSB connector, only the Compute Module will be powered. All the functions of the StereoPi board, including USB power to the USB ports and the Ethernet chip will not receive power. Even if you have plugged in both MicroUSB and the USB power connector, you might have switched off the power switch – all will appear normal, as the Raspberry Pi boots up properly, but the StereoPi will not be powered properly.

Note that switching on the power from the USB power cable after the StereoPi has booted up will not fix the issue: While this will give power to the components on the StereoPi board, the operating system which is running on the StereoPi will not properly recognize the components. You need to reboot the StereoPi in order for the operating system to recognize all StereoPi components and initialize them correctly.

For more information on how to power the StereoPi, see the StereoPi wiki which contains a section on how to properly power the board.

Posted by Uli Köhler in Raspberry Pi

How to enable 3D SBS view on the Raspberry Pi

The following code enables stereoscopic output (side-by-side mode) for the Raspberry Pi 3.

tvservice -e "CEA_3D_SBS 32"

It has been tested with a StereoPi 1 using a Raspberry Pi 3 Compute module and an ASUS VG series stereoscopic (shutter-style) monitor).


Posted by Uli Köhler in Raspberry Pi

How to suppress legend in pandas .plot()

In order to suppress the legend when using pandas .plot(), use


as an Argument to .plot(), for example:



Posted by Uli Köhler in pandas, Python

How to fix Matomo/Piwik update configureSegments() must be public


When trying to update your Matomo (previously called Piwik) installation, you see an error message like

Fatal error: Access level to Piwik\Plugins\ExampleTracker\Columns\ExampleActionDimension::configureSegments() must be public (as in class Piwik\Columns\Dimension) in /usr/www/users/user/piwik/plugins/ExampleTracker/Columns/ExampleActionDimension.php on line 57


Delete the plugins/ExampleTracker folder in the Matomo installation folder. It contains an example plugin for an old version of Piwik that is not needed any more.

Original source for the fix: Matomo forums

Posted by Uli Köhler in PHP

How to enable SSH root login on Alpine Linux

Note: Be aware that enabling root access via SSH has security implications!

On Alpine Linux, root SSH access using passwords is disabled by default. The following tutorial shows you how to enable password-based root login via SSH when using openssh. (I have not tested whether root access is enabled when installing Alpine Linux using dropbear instead of openssh)

First, open the SSH config file using

vi /etc/ssh/sshd_config

Now look for this line:

#PermitRootLogin prohibit-password

Press I in order to activate vi editing mode.

Remove the # at the beginning of the line and change prohibit-password to yes:

PermitRootLogin yes

Now save and exit by pressing Esc and then pressing :wq and Enter.

After that, restart openssh using

service sshd restart

Now you can login as root using the password.

Posted by Uli Köhler in Alpine Linux

How to change keyboard layout in Alpine Linux

You can easily change the keyboard layout in Alpine Linux by running


This will first prompt you for your generic keyboard layout:

Available keyboard layouts:
af     ara    ba     bg     by     cm     de     ee     fi     gb     gr     id     in     is     ke     kz     lk     ma     mk     mt     nl     pk     ro     se     sy     tm     ua     vn
al     at     bd     br     ca     cn     dk     epo    fo     ge     hr     ie     iq     it     kg     la     lt     md     ml     my     no     pl     rs     si     th     tr     us
am     az     be     brai   ch     cz     dz     es     fr     gh     hu     il     ir     jp     kr     latam  lv     me     mm     ng     ph     pt     ru     sk     tj     tw     uz
Select keyboard layout: [none]

In my case, I just type de to select the German keyboard layout and press Enter.

After that, It will prompt you for the keyboard variant to use. For German keyboards this will look like this:

Available variants: de-T3 de-deadacute de-deadgraveacute de-deadtilde de-dsb de-dsb_qwertz de-dvorak de-e1 de-e2 de-mac de-mac_nodeadkeys de-neo de-nodeadkeys de-qwerty de-ro de-ro_nodeadkeys de-ru de-sundeadkeys de-tr de-us de
Select variant (or 'abort'):

If you don’t particularly care about the variant or if you don’t know what than means, just enter whatever you entered in the first step: If you entered de before, enter de again and press Enter.

Now Alpine will configure your Keyboard:

* WARNING: you are stopping a boot service
* Caching service dependencies ... [ ok ]
* Setting keymap ... [ ok ]

The new keymap will be effective immediately and it will also persist after a reboot.

Note that the Alpine Installer (which you can start using setup-alpine) will automatically ask you for the correct keymap – hence, it’s not neccessary to run setup-keymap before running the installer.

Posted by Uli Köhler in Alpine Linux

How to generate WireGuard key (private & public) in Python without dependencies

The following code allows you to generate a WireGuard private & public key without having to install any Python library.

import subprocess

def generate_wireguard_keys():
    Generate a WireGuard private & public key
    Requires that the 'wg' command is available on PATH
    Returns (private_key, public_key), both strings
    privkey = subprocess.check_output("wg genkey", shell=True).decode("utf-8").strip()
    pubkey = subprocess.check_output(f"echo '{privkey}' | wg pubkey", shell=True).decode("utf-8").strip()
    return (privkey, pubkey)

Usage example:



('KIm+ZlY86I+cInG4FWZpKmhADUnxrqhdtQ5UzaFbuVs=', 'ctX9oUw+CkRe7GfSmUHAB9JjLfQWALOs0gXU9Ikhg1g=')
Posted by Uli Köhler in Networking, Python

How to install .txz package on pfSense

In order to install a .txz file on your pfSense:

  1. Download the file to your computer and scp it to your pfSense to /tmp, e.g.:
    scp pfSense-pkg-WireGuard-0.1.1_1.txz [email protected]:/tmp/
  2. Login as admin to your pfSense via SSH and press 8to go into the root shell:
    ssh [email protected]
  3. Go into /tmp and then run pkg install <.txz>. When prompted, confirm using y.
  4. cd /tmp
    pkg install pfSense-pkg-WireGuard-0.1.1_1.txz


You can install multiple packages at once using pkg install <1.txz> <2.txz> [...]. This is recommended if the packages belong together.p

Posted by Uli Köhler in Networking

Why do medical devices need 2xMOPP?

Also see: Does 2xMOOP / 2xMOPP require two separate converters / layers of isolation?

For medical devices the IEC60601 norm specifies more stringent requirements for electrical safety like the 2xMOPP requirement (MOPP = Means of Patient Protection). Many developers wonder why the requirements are different to other types of devices like consumer devices.

  • It is assumed that patients might already have impaired health and hence any additional damage caused by e.g. a malfunctioning medical device might have greater consequences than in healthy patients.
    • For example, assume that a patient with a severe infection receives a light  electric shock from a malfunctioning infrared thermometer. While the electric shock is unrelated to the original injury of the patient (i.e. the infection), having to treat both issues might be much harder than just treating the infection: For example, the infection might spread to the body part where the electric shock occured, or the additional inflammation due to the electric shock might contribute to the deteriorating health of the patient
  • Additionally, if a patient receives e.g. an electric shock from a medical device, many patients will not trust medical devices – and potentially even the entire medical system – any more, resulting in less capability of treating those patients.
    • Imagine if you would receive a small, unpleasant (but not in any way dangerous) shock every time you use a thermometer to measure fever. Most people would refrain from measuring their temperature when they are ill in order to avoid the impleasant shock. This will lead to many patients being diagnosed at a later stage of their disease which would in turn impede the treatment.
  • Furthermore, it is assumed that the medical device will be used under circumstances like pandemics, where any additional injury will unneccessarily consume medical resources such as hospital beds and keep medical personnel from treating potentially more serious injuries.
Posted by Uli Köhler in Compliance, Electronics, Medical devices

Does 2xMOOP / 2xMOPP require two separate converters / layers of isolation?

Also see: Why do medical devices need 2xMOPP? 

Developers working on medical devices are frequently faced with the challenge of designing according to the stringent electrical safety requirements of IEC60601-1.

One question is whether you need two separate levels of isolation in order to fulfil the 2xMOOP and/or 2xMOPP requirements.

For example, you could design your device like this in order to achieve 2xMOPP isolation:

This is expensive and often unneccessary!

First, you have to understand that IEC60601 does not specify how many converters you have to use, it mandates that you have a minimum isolation voltage! 2xMOPP does not neccessarily mean that you have 1xMOPP plus an additional 1xMOPP converter, it just means that you have to fulfil more stringent isolation requirements than for many non-medical products.

The isolation requirements are:

  • 2xMOOP: 3kV isolation
  • 2xMOPP: 4kV isolation

IEC60601-1 allows two methods of achieving MOOP and MOPP:

  • Either you use two separate layers of isolation, like the two converters shown above
  • Alternatively, you can use reinforced isolation, i.e. a single converter that has additional isolation.

In most cases, IEC60601 products use reinforced isolation instead of having two separate converters.

Some arguments for preferring reinforced isolation as opposed to using two separate converters are:

  • Two converters are typically more expensive than using a single, reinforced isolation converter
  • You have additional risk of one of the components not being available for purchase any more, which could lead to expensive re-certification of your device
  • If you have two converters, you will have approximately two times the risk of one of them being defective (for example, because of aging capacitors after operating your device for a couple of years.)
  • Your device will have lower efficiency since more power is wasted in the two converters than would be wasted in a single converter.

Source & more reading: Johner Institute

Posted by Uli Köhler in Electronics, Medical devices

How to apply Fedora CoreOS changes without a reboot

Do you want to install Fedora CoreOS packages without having to reboot your entire system in order for the packages to be available? Just run

sudo rpm-ostree ex apply-live

after running your rpm-ostree install commands.

For example:

sudo rpm-ostree install nano
sudo rpm-ostree ex apply-live


Note that this is not completely safe for multiple reasons, not even for seemingly innocuous utility packages like nano:

  • As indicated by the ex in the command, the apply-live command is experimental
  • It might apply other changes from the new OSTree like automatically installed updated and hence might have effects
  • When changing files on a system with productive services running, the services might crash or experience other issues. This might not happen immediately and it might be hard to debug especially in a complex environment. In case you want to safely update your services, it’s almost always best to just reboot into the new OSTree.

Also read our previous post on Why do you have to reboot after rpm-ostree install on Fedora CoreOS? where we explain the technical reasoning behind the reboots.

Posted by Uli Köhler in CoreOS

Why do you have to reboot after rpm-ostree install on Fedora CoreOS?

If you have worked with Fedora CoreOS, you might have noticed that every time you install a package you need to reboot in order for the files from said package to be available to you. This is quite different from other Linux distributions where you can immediately use whatever package you installed without having to reboot every time.

What is the technical reasoning for having to reboot?

rpm-ostree is quite a special tool: It does not just install a package. This has the advantage that the currently running system is not modified at all, but a separate OS tree – image it like an image containing all the files constituting your system – is built after running rpm-ostree install.

While rebooting after every install might seem like a stupid idea since it takes down the entire server, remember that it can save you a lot of headache since there are no partially updated services and you don’t need to manually fix or restart anything since everything is restarted on reboot. This means that your system is always in a consistent state, since every service is cleanly shut down before the system reboot – and after the reboot, every service is cleanly started with the system changes.

Can you install multiple packages before having to reboot?

Yes, you can run multiple rpm-ostree install commands before rebooting. When rebooting, all the changes will be applied at once.

Can you delay the reboot after rpm-ostree install?

Yes, there is no need to reboot immediately after the rpm-ostree command. You can delay the reboot as long as you like. Note however, that when the machine is rebooted for reasons other than a manual reboot (like a power outage or restart of the VM host), the updates will be applied as well, but you might not be there to check if all services are running correctly. Hence, I recommend to reboot as soon as possible.

Can you avoid to reboot after installing packages?

Yes, Fedora CoreOS provides an experimental live update feature using rpm-ostree ex apply-live. See our post How to apply Fedora CoreOS changes without a reboot . Note that applying updates or new packages on a system with productively running services might be a bad idea, but it’s not inherently more unsafe than installing packages on a typical Linux distribution like Debian, Fedora or Ubuntu where every install or update to a package immediately affects the files on the file system.


Posted by Uli Köhler in CoreOS

How to install docker-compose on Fedora CoreOS

Just install it using rpm-ostree:

sudo rpm-ostree install docker-compose

and then reboot in order for the changes to the OSTree to take effect:

sudo systemctl reboot


Posted by Uli Köhler in CoreOS

Fedora CoreOS: How to install Xen/XCP-NG guest utilities using rpm-ostree

In Fedora CoreOS, you can install the Xen guest utilities using

sudo rpm-ostree install xe-guest-utilities-latest

After installing the package, reboot in order for the changes to take effect:

sudo systemctl reboot

Now we need to enable and start the Xen service:

sudo systemctl enable --now xe-linux-distribution

It will now automatically start on boot.

Example output from the install command:

# rpm-ostree install xe-guest-utilities-latest
Checking out tree 49ec34c... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2020-08-25T19:10:34Z
rpm-md repo 'updates' (cached); generated: 2021-05-13T01:04:01Z
rpm-md repo 'fedora' (cached); generated: 2020-10-19T23:27:19Z
Importing rpm-md... done
Resolving dependencies... done
Will download: 1 package (1.0 MB)
Downloading from 'updates'... done
Importing packages... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Run "systemctl reboot" to start a reboot


Posted by Uli Köhler in CoreOS

Fedora CoreOS: How to use German keyboard layout in installer

If you want to use the German keyboard layout in the Fedora CoreOS installer, set the de keymap using:

sudo localectl set-keymap de

They new keymap will be effective immediately.

Note that the keyboard layout will not automatically be transferred to the installed system.

Posted by Uli Köhler in CoreOS

How to run mkpasswd with yescrypt on Ubuntu/Debian

Currently the Ubuntu/Debian mkpasswd command does not support yescrypt.

In order to use it anyway, we can use the ulikoehler/mkpasswd docker image to run the proper version of mkpasswd:

docker run --rm -it ulikoehler/mkpasswd

This will prompt you for a password and then echo the yescrypt encrypted and salted password:

$ docker run --rm -it ulikoehler/mkpasswd


Posted by Uli Köhler in Docker, Linux