17
May
2021

How to enable SSH root login on Alpine Linux

Note: Be aware that enabling root access via SSH has security implications!

On Alpine Linux, root SSH access using passwords is disabled by default. The following tutorial shows you how to enable password-based root login via SSH when using openssh. (I have not tested whether root access is enabled when installing Alpine Linux using dropbear instead of openssh)

First, open the SSH config file using

vi /etc/ssh/sshd_config

Now look for this line:

#PermitRootLogin prohibit-password

Press I in order to activate vi editing mode.

Remove the # at the beginning of the line and change prohibit-password to yes:

PermitRootLogin yes

Now save and exit by pressing Esc and then pressing :wq and Enter.

After that, restart openssh using

service sshd restart

Now you can login as root using the password.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
17
May
2021

How to change keyboard layout in Alpine Linux

You can easily change the keyboard layout in Alpine Linux by running

setup-keymap

This will first prompt you for your generic keyboard layout:

Available keyboard layouts:
af     ara    ba     bg     by     cm     de     ee     fi     gb     gr     id     in     is     ke     kz     lk     ma     mk     mt     nl     pk     ro     se     sy     tm     ua     vn
al     at     bd     br     ca     cn     dk     epo    fo     ge     hr     ie     iq     it     kg     la     lt     md     ml     my     no     pl     rs     si     th     tr     us
am     az     be     brai   ch     cz     dz     es     fr     gh     hu     il     ir     jp     kr     latam  lv     me     mm     ng     ph     pt     ru     sk     tj     tw     uz
Select keyboard layout: [none]

In my case, I just type de to select the German keyboard layout and press Enter.

After that, It will prompt you for the keyboard variant to use. For German keyboards this will look like this:

Available variants: de-T3 de-deadacute de-deadgraveacute de-deadtilde de-dsb de-dsb_qwertz de-dvorak de-e1 de-e2 de-mac de-mac_nodeadkeys de-neo de-nodeadkeys de-qwerty de-ro de-ro_nodeadkeys de-ru de-sundeadkeys de-tr de-us de
Select variant (or 'abort'):

If you don’t particularly care about the variant or if you don’t know what than means, just enter whatever you entered in the first step: If you entered de before, enter de again and press Enter.

Now Alpine will configure your Keyboard:

* WARNING: you are stopping a boot service
* Caching service dependencies ... [ ok ]
* Setting keymap ... [ ok ]

The new keymap will be effective immediately and it will also persist after a reboot.

Note that the Alpine Installer (which you can start using setup-alpine) will automatically ask you for the correct keymap – hence, it’s not neccessary to run setup-keymap before running the installer.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
16
May
2021

How to generate WireGuard key (private & public) in Python without dependencies

The following code allows you to generate a WireGuard private & public key without having to install any Python library.

import subprocess

def generate_wireguard_keys():
    """
    Generate a WireGuard private & public key
    Requires that the 'wg' command is available on PATH
    Returns (private_key, public_key), both strings
    """
    privkey = subprocess.check_output("wg genkey", shell=True).decode("utf-8").strip()
    pubkey = subprocess.check_output(f"echo '{privkey}' | wg pubkey", shell=True).decode("utf-8").strip()
    return (privkey, pubkey)

Usage example:

print(generate_wireguard_key())

Output:

('KIm+ZlY86I+cInG4FWZpKmhADUnxrqhdtQ5UzaFbuVs=', 'ctX9oUw+CkRe7GfSmUHAB9JjLfQWALOs0gXU9Ikhg1g=')

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Networking, Python
16
May
2021

How to install .txz package on pfSense

In order to install a .txz file on your pfSense:

  1. Download the file to your computer and scp it to your pfSense to /tmp, e.g.:
    scp pfSense-pkg-WireGuard-0.1.1_1.txz [email protected]:/tmp/
  2. Login as admin to your pfSense via SSH and press 8to go into the root shell:
    ssh [email protected]
  3. Go into /tmp and then run pkg install <.txz>. When prompted, confirm using y.
  4. cd /tmp
pkg install pfSense-pkg-WireGuard-0.1.1_1.txz

     

You can install multiple packages at once using pkg install <1.txz> <2.txz> [...]. This is recommended if the packages belong together.p

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Networking
15
May
2021

Why do medical devices need 2xMOPP?

Also see: Does 2xMOOP / 2xMOPP require two separate converters / layers of isolation?

For medical devices the IEC60601 norm specifies more stringent requirements for electrical safety like the 2xMOPP requirement (MOPP = Means of Patient Protection). Many developers wonder why the requirements are different to other types of devices like consumer devices.

  • It is assumed that patients might already have impaired health and hence any additional damage caused by e.g. a malfunctioning medical device might have greater consequences than in healthy patients.
    • For example, assume that a patient with a severe infection receives a light  electric shock from a malfunctioning infrared thermometer. While the electric shock is unrelated to the original injury of the patient (i.e. the infection), having to treat both issues might be much harder than just treating the infection: For example, the infection might spread to the body part where the electric shock occured, or the additional inflammation due to the electric shock might contribute to the deteriorating health of the patient
  • Additionally, if a patient receives e.g. an electric shock from a medical device, many patients will not trust medical devices – and potentially even the entire medical system – any more, resulting in less capability of treating those patients.
    • Imagine if you would receive a small, unpleasant (but not in any way dangerous) shock every time you use a thermometer to measure fever. Most people would refrain from measuring their temperature when they are ill in order to avoid the impleasant shock. This will lead to many patients being diagnosed at a later stage of their disease which would in turn impede the treatment.
  • Furthermore, it is assumed that the medical device will be used under circumstances like pandemics, where any additional injury will unneccessarily consume medical resources such as hospital beds and keep medical personnel from treating potentially more serious injuries.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Compliance, Electronics, Medical devices
15
May
2021

Does 2xMOOP / 2xMOPP require two separate converters / layers of isolation?

Also see: Why do medical devices need 2xMOPP? 

Developers working on medical devices are frequently faced with the challenge of designing according to the stringent electrical safety requirements of IEC60601-1.

One question is whether you need two separate levels of isolation in order to fulfil the 2xMOOP and/or 2xMOPP requirements.

For example, you could design your device like this in order to achieve 2xMOPP isolation:

This is expensive and often unneccessary!

First, you have to understand that IEC60601 does not specify how many converters you have to use, it mandates that you have a minimum isolation voltage! 2xMOPP does not neccessarily mean that you have 1xMOPP plus an additional 1xMOPP converter, it just means that you have to fulfil more stringent isolation requirements than for many non-medical products.

The isolation requirements are:

  • 2xMOOP: 3kV isolation
  • 2xMOPP: 4kV isolation

IEC60601-1 allows two methods of achieving MOOP and MOPP:

  • Either you use two separate layers of isolation, like the two converters shown above
  • Alternatively, you can use reinforced isolation, i.e. a single converter that has additional isolation.

In most cases, IEC60601 products use reinforced isolation instead of having two separate converters.

Some arguments for preferring reinforced isolation as opposed to using two separate converters are:

  • Two converters are typically more expensive than using a single, reinforced isolation converter
  • You have additional risk of one of the components not being available for purchase any more, which could lead to expensive re-certification of your device
  • If you have two converters, you will have approximately two times the risk of one of them being defective (for example, because of aging capacitors after operating your device for a couple of years.)
  • Your device will have lower efficiency since more power is wasted in the two converters than would be wasted in a single converter.

Source & more reading: Johner Institute

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Electronics, Medical devices
15
May
2021

How to apply Fedora CoreOS changes without a reboot

Do you want to install Fedora CoreOS packages without having to reboot your entire system in order for the packages to be available? Just run

sudo rpm-ostree ex apply-live

after running your rpm-ostree install commands.

For example:

sudo rpm-ostree install nano
sudo rpm-ostree ex apply-live

 

Note that this is not completely safe for multiple reasons, not even for seemingly innocuous utility packages like nano:

  • As indicated by the ex in the command, the apply-live command is experimental
  • It might apply other changes from the new OSTree like automatically installed updated and hence might have effects
  • When changing files on a system with productive services running, the services might crash or experience other issues. This might not happen immediately and it might be hard to debug especially in a complex environment. In case you want to safely update your services, it’s almost always best to just reboot into the new OSTree.

Also read our previous post on Why do you have to reboot after rpm-ostree install on Fedora CoreOS? where we explain the technical reasoning behind the reboots.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

Why do you have to reboot after rpm-ostree install on Fedora CoreOS?

If you have worked with Fedora CoreOS, you might have noticed that every time you install a package you need to reboot in order for the files from said package to be available to you. This is quite different from other Linux distributions where you can immediately use whatever package you installed without having to reboot every time.

What is the technical reasoning for having to reboot?

rpm-ostree is quite a special tool: It does not just install a package. This has the advantage that the currently running system is not modified at all, but a separate OS tree – image it like an image containing all the files constituting your system – is built after running rpm-ostree install.

While rebooting after every install might seem like a stupid idea since it takes down the entire server, remember that it can save you a lot of headache since there are no partially updated services and you don’t need to manually fix or restart anything since everything is restarted on reboot. This means that your system is always in a consistent state, since every service is cleanly shut down before the system reboot – and after the reboot, every service is cleanly started with the system changes.

Can you install multiple packages before having to reboot?

Yes, you can run multiple rpm-ostree install commands before rebooting. When rebooting, all the changes will be applied at once.

Can you delay the reboot after rpm-ostree install?

Yes, there is no need to reboot immediately after the rpm-ostree command. You can delay the reboot as long as you like. Note however, that when the machine is rebooted for reasons other than a manual reboot (like a power outage or restart of the VM host), the updates will be applied as well, but you might not be there to check if all services are running correctly. Hence, I recommend to reboot as soon as possible.

Can you avoid to reboot after installing packages?

Yes, Fedora CoreOS provides an experimental live update feature using rpm-ostree ex apply-live. See our post How to apply Fedora CoreOS changes without a reboot . Note that applying updates or new packages on a system with productively running services might be a bad idea, but it’s not inherently more unsafe than installing packages on a typical Linux distribution like Debian, Fedora or Ubuntu where every install or update to a package immediately affects the files on the file system.

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

How to install docker-compose on Fedora CoreOS

Just install it using rpm-ostree:

sudo rpm-ostree install docker-compose

and then reboot in order for the changes to the OSTree to take effect:

sudo systemctl reboot

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

Fedora CoreOS: How to install Xen/XCP-NG guest utilities using rpm-ostree

In Fedora CoreOS, you can install the Xen guest utilities using

sudo rpm-ostree install xe-guest-utilities-latest

After installing the package, reboot in order for the changes to take effect:

sudo systemctl reboot

Now we need to enable and start the Xen service:

sudo systemctl enable --now xe-linux-distribution

It will now automatically start on boot.

Example output from the install command:

# rpm-ostree install xe-guest-utilities-latest
Checking out tree 49ec34c... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2020-08-25T19:10:34Z
rpm-md repo 'updates' (cached); generated: 2021-05-13T01:04:01Z
rpm-md repo 'fedora' (cached); generated: 2020-10-19T23:27:19Z
Importing rpm-md... done
Resolving dependencies... done
Will download: 1 package (1.0 MB)
Downloading from 'updates'... done
Importing packages... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Added:
  xe-guest-utilities-latest-7.21.0-1.fc33.x86_64
Run "systemctl reboot" to start a reboot

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

Fedora CoreOS: How to use German keyboard layout in installer

If you want to use the German keyboard layout in the Fedora CoreOS installer, set the de keymap using:

sudo localectl set-keymap de

They new keymap will be effective immediately.

Note that the keyboard layout will not automatically be transferred to the installed system.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

How to set keymap in Fedora CoreOS installer or terminal

In order to set the keymap in the Fedora CoreOS installation shell, use

sudo localectl set-keymap [keymap]

For example, in order to set the de keymap:

sudo localectl set-keymap de

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in CoreOS
15
May
2021

How to run mkpasswd with yescrypt on Ubuntu/Debian

Currently the Ubuntu/Debian mkpasswd command does not support yescrypt.

In order to use it anyway, we can use the ulikoehler/mkpasswd docker image to run the proper version of mkpasswd:

docker run --rm -it ulikoehler/mkpasswd

This will prompt you for a password and then echo the yescrypt encrypted and salted password:

$ docker run --rm -it ulikoehler/mkpasswd
Password:
$y$j9T$YzrfO5lQkDWahpz5pwYzg/$HzQoMYt.7E1jj.sd6OyYCGI/Qk6oGehNgz5uvY1qp59

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Docker, Linux
12
May
2021

How to use yum in Dockerfile correctly

Example of how to install the mkpasswd package using yum in your Dockerfile:

RUN yum -y install mkpasswd && yum -y clean all  && rm -rf /var/cache

There are two basic aspects to remember here:

  1. Use yum -y in order to avoid interactive Y/N questions during the automated build
  2. Use yum -y clean all && rm -rf /var/cache to clean up after the call to yum -y install

Complete Dockerfile example:

FROM fedora:34
RUN yum -y install mkpasswd && yum -y clean all  && rm -rf /var/cache

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Container, Docker
07
May
2021

How to autostart service from /etc/init.d on Alpine Linux

In order to autostart a service on Alpine Linux, use

rc-update add [service] default

For example, autostart docker using

rc-update add docker default

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
07
May
2021

How to install XCP-NG Guest Utilities on Alpine Linux

At the time of writing this, the XCP-NG guest tools ISO does not support Alpine Linux, but you can install the guest utilities using

apk add xe-guest-utilities

Additionally, you need to enable starting the Xen guest utilities on startup:

rc-update add xe-guest-utilities default

Now we can start the utilities manually in order to avoid having to reboot:

/etc/init.d/xe-guest-utilities start

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
07
May
2021

How to fix Alpine Linux ERROR: ‘install’ is not an apk command

Problem:

You are trying to install an apk package using e.g.

apk install python

but you see this error message:

ERROR: 'install' is not an apk command. See 'apk --help'.

Solution:

Use apk add instead of apk install to install packages on Alpine Linux !

So instead of

apk install python

use

apk add python

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
07
May
2021

How to fix Alpine Linux -ash: sudo: not found

Many users who are used to classical Linux distributions will see the following error message when using sudo on Alpine Linux:

-ash: sudo: not found

You don’t need sudo in many use cases!

The easiest way to fix that is to just run the command as root.

In order to get into a root shell (if you are not already logged in as root), use

su

which expects you to enter the root password.

Now just run the original command without sudo.

Still want to install sudo?

If you still want to install sudo, just run

apk add sudo

This is often the best approach if you have e.g. scripts that are running sudo commands.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Alpine Linux
07
May
2021

How to fix docker.errors.DockerException: Error while fetching server API version: (‘Connection aborted.’, FileNotFoundError(2, ‘No such file or directory’))

Problem:

While running a docker command like docker-compose pull, you see an error message like

Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 33, in <module>
    sys.exit(load_entry_point('docker-compose==1.27.4', 'console_scripts', 'docker-compose')())
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 67, in main
    command()
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 123, in perform_command
    project = project_from_options('.', options)
  File "/usr/lib/python3.8/site-packages/compose/cli/command.py", line 60, in project_from_options
    return get_project(
  File "/usr/lib/python3.8/site-packages/compose/cli/command.py", line 131, in get_project
    client = get_client(
  File "/usr/lib/python3.8/site-packages/compose/cli/docker_client.py", line 41, in get_client
    client = docker_client(
  File "/usr/lib/python3.8/site-packages/compose/cli/docker_client.py", line 170, in docker_client
    client = APIClient(**kwargs)
  File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 197, in __init__
    self._version = self._retrieve_server_version()
  File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 221, in _retrieve_server_version
    raise DockerException(
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

Solution:

This means you haven’t started your docker service!

First, try to start it using

sudo systemctl start docker

or

sudo service docker start

or

sudo /etc/init.d/docker restart

(whatever works with your distribution).

After that, retry the command that originally caused the error message to appear.

In case it still shows the same error message, try the following steps:

  • First, check /var/log/docker.log using
    cat /var/log/docker.log

    Check that file for errors during docker startup.

  • Also check if the user you’re running the command as is a member of the docker group. While insufficient permissions will not cause a FileNotFoundError(2, 'No such file or directory')), but a Permission denied, the error message might look similar in some cases.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow



Posted by Uli Köhler in Container, Docker, Linux

Categories

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPTPrivacy &amp; Cookies Policy