HowTo: Ask questions in Bash?

December 29, 2015 Uncategorized 1 comment , , , , , ,

I’ve been writing some script to configure some firewall and came up with this way of asking a question in Bash. I hope it helps as an example. Feel free to contribute your own:

#!/usr/bin/env bash

ask() {
    local query=$1

    if ( echo $query | grep -qi password ); then
        read -s -p "$query: " answer
        echo
    else
        read -p "$query: " answer
    fi

    return 0
}

ask 'What is your name?'

echo
echo "Hello, $answer"

ask 'Please, give me your password'

echo
echo "Access granted"

As you can devise from the script, “$answer” is a global; which will get overwritten if you use ask() again. In case you want to make several questions, just reassign the var to another one:

ask 'What is your first name?'
firstname=${answer^}

ask 'What is your last name?'
lastname=${answer^}

echo
echo "Nice to meet you, $firstname $lastname!"

So, this gives you an idea. I’d check this article to learn some defensive Bash programming; which I am just starting to absorb: http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming/

HowTo: Fixing Dovecot 2.2 in CentOS 7.2

December 22, 2015 Uncategorized No comments , , , , , ,

Warning: If you update dovecot on CentOS 7, it will brake! You need to update one of the config files in order for it to keep working:

# /etc/dovecot/conf.d/15-mailboxes.conf
...
namespace inbox {
    ...
    inbox = yes
    ...
}
...

So, basically, you need to add inbox = yes within the inbox namespace.

Far away: A Creative Commons success story

December 12, 2015 Uncategorized 2 comments , , , , ,

Once upon a time, I made a song for a good friend (Juan Carlos Cano); since he got a good contract from a big label and he was to record an album.

https://www.jamendo.com/track/1298683/far-away

The song was made and I uploaded it to my website: https://downloads.woralelandia.com/audio/

So, Juan heard it and liked it. I don’t know if he ended up putting it on the album or not.

A year passed and a great artist, Carlos SBF; from Brazil, decided to make an awesome video of him painting a guitar and decided to use “Far away”; which he found on OpSound; a Creative Commons website for artists, like me, who like to upload their songs with a Freedom-friendly licenses.

The video is awesome… and it got 6,000,000 views… wow!

People asked for the song so I decided to upload it to the website of my Creative Commons band: introbella.

I am impressed of what happened. I didn’t have any expectations for that song… for none of my songs. I just make them because I love to listen to them. It feels awesome when someone else appreciates it. In this case, I got the chance of being heard by 6,000,000 people. This is far more than what I wished for.

Thank you Carlos. Thank you, listener. I am delighted to learn that people appreciates my music.

Feel free to download it, share it, change it and sing it with your friends if you feel like it. Same goes for all my music. It is mine and yours.

Thank you!

HowTo: Generate free SSL certificates for Nginx/Tengine with LetsEncrypt

December 11, 2015 Uncategorized 1 comment , , , , , , , , , , , ,

OK, it’s fairly easy to get this done on a distro like Funtoo/Gentoo or Fedora, which are the distros I use.

First of all, you need to install this thing on your server:

# Fedora
su -
dnf -y install letsencrypt

# Funtoo/Gentoo
su -
mkdir src && cd src
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

This will install, in both cases, the necessary stuff to generate your certificates. Now, on the second case, it’s going to create a virtual environment. The letsencrypt package is available for Funtoo/Gentoo but masked for now.

OK, now, we’re going to use the manual method to generate our certificates. This is because they say that nginx is highly experimental at the moment and we don’t want to mess around with these things so we’re to do it manually and learn a bit in the process.

Now, after you install, you’re gonna have /etc/letsencrypt created. Backup that directory right now!

tar -caf $( date +%Y%m%d )-etc-letsencrypt.tar.gz /etc/letsencrypt

Now, let’s generate some certs. No wildcards so we’re to generate as many specific domain certs as we want, in a single run!

letsencrypt certonly --manual --agree-tos -m renich@woralelandia.com -d woralelandia.com -d www.woralelandia.com -d downloads.woralelandia.com -d blog.woralelandia.com

This will generate all my certs. It will ask me if I agree of my server’s IP being logged. I do agree. So, I say yes. After that, it will ask me something like: “make sure this file is visible in http://woraleladnia.com/.well-known/acme-challenge/ and it contains “. So, just make sure you can click on the link and see the contents. This is to be done manually. For example:

umask 022
cd /srv/www/woralelandia.com/default/public
mkdir -p .well-known/acme-challenge
cd .well-known/acme-challenge
touch allaskdjlk2j3l4kj3245lw2kj4lkj4l2k3j4lk23j4lkj234 # the long filename mentioned before
echo 'allaskdjlk2j3l4kj3245lw2kj4lkj4l2k3j4lk23j4lkj234.2Z_2342847298slkdjflksdjflkjr95832ulsdjf' > allaskdjlk2j3l4kj3245lw2kj4lkj4l2k3j4lk23j4lkj234

Obviously, try the link and see if the contents are correct.

Now, you will have to do this for all domains. In my case: woralelandia.com, www.woralelandia.com, blog.woralelandia.com and downloads.woralelandia.com.

After this, it tells you a bunch of things but it says the word: “congratulations” somewhere. If you see that word, you’re there, dude/dudess!

This thing has created some certs in a very non-FHS place: /etc/letsencrypt/live/woralelandia.com in my case. So now, the contents of that are some symlinks:

cert.pem  chain.pem  fullchain.pem  privkey.pem

This is smart by them. You will need to update these in 3 months! You should be able to automate this in a cron job or something. I’ll try to do that later on.

Now, I am to use the cert and the privkey. I will edit my nginx configuration and add:

ssl_certificate /etc/letsencrypt/live/woralelandia.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/woralelandia.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/woralelandia.com/fullchain.pem;

To all the server {} instances I need to. Also, try having:

ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_stapling on;
ssl_stapling_verify on;

somewhere in your global conf; somewhere inside http {}. This will limit the protocols to use and leave you with the one you’re using. If you don’t know what this is, just leave it as it is. This is semi-pro stuff 😉

References
* https://letsencrypt.org/2015/12/03/entering-public-beta.html
* https://github.com/letsencrypt/letsencrypt
* http://nginx.org/en/docs/http/configuring_https_servers.html

HowTo: Compilando crystal en Fedora 22

September 18, 2015 Uncategorized No comments , , , , , ,

Me ha interesado mucho el lenguaje de programación crystal: http://crystal-lang.org/.

Este lenguaje tiene la sintaxis muy parecida a Ruby; si no es que igual. Parece que hasta el Matzu; creador de Ruby, es fan del proyecto.

En todo caso, para compilarlo en Fedora, hice un script. El script aplica un parche.

Mi recomendación es crear un directorio temporal. Yo voy a usar /home/renich/Desktop/crystal:

Ahí voy a poner mi parche: bdw-gc-temporary_static_link.patch

--- a/src/gc/boehm.cr
+++ b/src/gc/boehm.cr
@@ -1,5 +1,5 @@
 @[Link("pthread")]
-@[Link("gc")]
+@[Link(ldflags: "-Wl,-Bstatic -lgc -Wl,-Bdynamic")]
 lib LibGC
   fun init = GC_init
   fun malloc = GC_malloc(size : UInt32) : Void*

Luego, mi script: do

#!/usr/bin/env bash

# pre-requisites
case $( cat /etc/*release | grep -oiEm 1 'fedora|debian|ubuntu' | awk '{print tolower($0)}' ) in
    fedora)
        echo 'installing prerequisites for Fedora... '

        sudo dnf -y install libxml2-devel gmp-devel libevent-devel pcl-devel pcllib-devel gc-devel libunwind-devel libbsd-devel libyaml-devel readline-devel libedit-devel llvm-static
        ;;
    debian|ubuntu)
        echo 'installing prerequisites for Debian or Ubuntu... '

        sudo apt-get install libbsd-dev libedit-dev libevent-core-2.0-5 libevent-extra-2.0-5 libevent-openssl-2.0-5 libevent-pthreads-2.0-5 libevent-dev libgc-dev libpcl1 libpcl1-dev libunwind8 libunwind8-dev libgmpxx4ldbl libgmp-dev libxml2-dev libyaml-dev readline-dev 
        ;;
    *)
        echo "
I'm sorry. Your OS is not supported by this script. Please, visit:

    https://github.com/manastech/crystal/wiki/All-required-libraries

And devise which dependencies you need and expand this script. It is easy enough ;).
"
        exit 1
        ;;
esac

# settings
path=$( mktemp -d )
scriptpath=$( readlink -f $( dirname $0 ) )
os='linux'
arch='x86_64'
version='0.7.7'
release='1'

# env
export PATH="${path}/crystal-${version}-${release}/bin:${PATH}"
export LIBRARY_PATH="${path}/crystal-${version}-${release}/embedded/lib"

## tell me where you're working in
echo "working in $path"


# generate tmp dir
cd $path


# get source code
git clone git@github.com:manastech/crystal.git

## change into latest release
cd $path/crystal
git checkout $version

## patch
patch -p1 < $scriptpath/bdw-gc-temporary_static_link.patch || exit 1

cd $path


# get binary
curl -LO https://github.com/manastech/crystal/releases/download/${version}/crystal-${version}-${release}-${os}-${arch}.tar.gz

## uncompress
tar -xaf crystal-${version}-${release}-${os}-${arch}.tar.gz


# build
## cleanup
cd $path/crystal
rm -fr .crystal
make clean

## build
make


# install
sudo install -o root -g root -m 755 -p  $path/crystal/.build/crystal /usr/local/bin/

Luego, para compilar, solo corres el script. Yo lo puse en un archivo llamado ‘do’:

chmod 700 ./do
./do

El script creará un directorio temporal en /tmp y hará todo el merequetengue ahí. Al final, se instalará en /usr/local/bin

Así, crystal estará en tu path y podrás jugar con él!

Al principio del script, está la información de versión y release. Para actualizar tu crystal, solo pon la versión que quieras compilar; basado en los releases de su página de github: https://github.com/manastech/crystal. Al momento de escribir este artículo, estoy usando la versión: 0.7.7

Para mayor referencia de mi script, visita el siguiente issue: https://github.com/manastech/crystal/issues/1382

%d bloggers like this: