From d6f256f294f5e0465c0a0b0c855be4814694e783 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 10 Apr 2014 22:50:54 +0100 Subject: [PATCH] Improved hashlet instructions --- beaglebone.txt | 224 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 180 insertions(+), 44 deletions(-) diff --git a/beaglebone.txt b/beaglebone.txt index cf306d07..a9ad4616 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -473,51 +473,25 @@ rngtest: Program run time: 115987 microseconds An optional extra is the [[http://cryptotronix.com/products/hashlet/][Cryptotronix Hashlet]] which also has hardware random number generation capability via the [[./Atmel-8740-CryptoAuth-ATSHA204-Datasheet.pdf][Atmel ATSHA204]] chip. -Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then download the source code. +Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then install some dependencies. + +#+BEGIN_SRC: bash +apt-get install git build-essential libgcrypt11-dev texinfo +#+END_SRC + +Download the source code. #+BEGIN_SRC: bash cd /tmp -wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz -wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz.sig -wget http://freedombone.uk.to/hashlet-1.0.0.patch -#+END_SRC - -Install some dependencies. - -#+BEGIN_SRC: bash -apt-get install gnupg build-essential libgcrypt11-dev texinfo -#+END_SRC - -Verify it. - -#+BEGIN_SRC: bash -gpg --verify hashlet-1.0.0.tar.gz.sig -#+END_SRC - -The main parts of the verification to check are: - -#+BEGIN_SRC: bash -gpg: Signature made Fri 07 Feb 2014 23:22:37 GMT using RSA key ID 81CD647A -gpg: Good signature from "Joshua Brian Datko " -#+END_SRC - -Also verify the patch: - -#+BEGIN_SRC: bash -sha256sum hashlet-1.0.0.patch -bb9f08b049d112fadd0f8889849a39d199a7f7582c627f8eda5680ded842945b +git clone https://github.com/bashrc/hashlet.git #+END_SRC Now install the driver. #+BEGIN_SRC: bash -tar -xzvf hashlet-1.0.0.tar.gz -cd hashlet-1.0.0 -patch -p1 < ../hashlet-1.0.0.patch +cd hashlet chmod o+rw /dev/i2c* ./autogen.sh -./configure -make make check make install #+END_SRC @@ -540,28 +514,117 @@ Nothing should be returned by this command, but a file called ~/.hashlet will be chmod 400 ~/.hashlet #+END_SRC +Now create a daemon which will create a random number generator device */dev/hashletrng*. + #+BEGIN_SRC: bash -mknod /dev/hashletrng p -emacs /root/hashletupdate +emacs /usr/bin/hashletd +#+END_SRC + +#+BEGIN_SRC: bash +#!/bin/sh + +PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin' +I2CBUS=2 +BYTES=32 +DEVICE=/dev/hashletrng + +# create a device +if [ ! -e ${DEVICE} ]; then + mknod ${DEVICE} p +fi + +while : +do +hashlet --bus=/dev/i2c-${I2CBUS} --Bytes ${BYTES} random-bytes > ${DEVICE} +done +#+END_SRC + +Save and exit. Now create an init script to run it. + +#+BEGIN_SRC: bash +emacs /etc/init.d/hashlet #+END_SRC Add the following: #+BEGIN_SRC: bash -#!/bin/sh +#!/bin/bash -while : -do -hashlet --bus=/dev/i2c-2 --Bytes 32 random-bytes > /dev/hashletrng -done +# /etc/init.d/hashlet + +### BEGIN INIT INFO +# Provides: hashlet +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: hashlet +# Description: Creates a random number generator device +### END INIT INFO + +# Author: Bob Mottram + +#Settings +SERVICE='hashlet' +LOGFILE='/dev/null' +COMMAND="/usr/bin/hashletd" +USERNAME='root' +NICELEVEL=19 +HISTORY=1024 +INVOCATION="nice -n ${NICELEVEL} ${COMMAND}" +PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin' + +hashlet_start() { +echo "Starting $SERVICE..." +su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME +} + + +hashlet_stop() { +echo "Stopping $SERVICE" +su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME +} + + +#Start-Stop here +case "$1" in + start) + hashlet_start + ;; + stop) + hashlet_stop + ;; + restart) + hashlet_stop + sleep 10s + hashlet_start + ;; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 + ;; +esac + +exit 0 #+END_SRC -Save and exit. +Save and exit, then start the daemon. #+BEGIN_SRC: bash -chmod +x /root/hashletupdate +chmod +x /usr/bin/hashletd +chmod +x /etc/init.d/hashlet +update-rc.d hashlet defaults +service hashlet start #+END_SRC +Then to obtain some random bytes: + +#+BEGIN_SRC: bash +cat /dev/hashletrng +#+END_SRC + +The rate of entropy generation by the Hashlet seems very slow compared to */dev/hwrng*, and this is most likely because of the I2C interface. So it's probably a good idea to keep hwrng as the main random source and only use the Hashlet's random number generator for any ancillary stuff. + ** Alter ssh configuration Altering the ssh configuration will make it a little more secure than the standard Debian settings. @@ -6826,6 +6889,79 @@ Within a browser open https://mydomainname.com:8888 See documentation in /usr/share/doc/kune/INSTALL.gz +** Loomio + +#+BEGIN_SRC: bash +apt-get install imagemagick libmagickcore-dev postgresql libmagickwand-dev +#+END_SRC + +psql -d postgres +postgres=# create role postgres login createdb; +postgres=# \q + + +#+BEGIN_SRC: bash +cd /srv +git clone https://github.com/loomio/loomio.git +cd /srv/loomio +bundle install +cp config/database.example.yml config/database.yml +cp .example-env .env +bundle exec rake db:create +bundle exec rake db:schema:load +bundle exec rake db:schema:load RAILS_ENV=test +bundle exec rake db:seed +#+END_SRC + +foreman start + +Edit the Apache configuration for your mediagoblin site. + +#+BEGIN_SRC: bash +emacs /etc/apache2/sites-available/myloomiodomain +#+END_SRC + +Delete the existing configuration (in Emacs it's CTRL-x h then CTRL-w) and paste the following, replacing /myloomiodomain/ with your mediagoblin domain name and /myusername@mydomainname.com/ with your email address. + +#+BEGIN_SRC: bash + + ServerAdmin myusername@mydomainname.com + + DocumentRoot /srv/myloomiodomain + ServerName myloomiodomain + + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride All + Order allow,deny + allow from all + + + LogLevel warn + + ProxyVia On + + ProxyRequests off + ProxyPreserveHost on + + ProxyPass / http://localhost:3000/ + + ErrorLog "/var/log/apache2/error.log" + CustomLog "/var/log/apache2/access.log" combined + + RewriteEngine On + RewriteOptions Inherit + +#+END_SRC + +Save and exit. + +Now in a browser visit http://myloomiodomain and create a user. + * Related projects * [[https://freedomboxfoundation.org/][Freedombox]]