Saturday, November 23, 2019

SonarQube / SonarCloud for kernel module static analysis

SonarCloud (online version of SonarQube) can be used for static code analysis of C code of kernel modules. It also has a nice and simple integration with GitHub and Travis CI, although there are some known issues . I have successfully used it with my FL2000 DRM dongle driver pet project, some interesting results:

  • In order to get it working with Travis on Ubuntu 18.04 had to use "proposed" repository with 5.3 GCP kernel headers
  • Issue with incorrect interceptor library filename can be solved as I described in a comment to SonarQube issue on community forum
  • Analysis gave me some recommendations around MISRA compliance, cool!
  • Plenty of "smells" are useless, of course, but still worth to review
Now need to implement synthetic DRM tests on Travis, user mode Linux maybe, or qemu / virtme, but how to collect coverage?

Monday, September 16, 2019

Thursday, November 8, 2018

Dropbox is dead, long live OneDrive!

Good news, everyone!

On Nov 7th Dropbox have stopped synching encrypted filesystems on Linux because... well... who cares of home folder encryption on Linux, right? That kind of decision of Dropbox reminded me that I have active OneDrive 1TB subscription with my Office365 home license, so I've decided to drop the Dropbox completely for personal documents use and leave it in free tier only as a private/public file exchange.

And it turns out that there's one extremely useful open source (GPLv3!) tool that supports synchronization with OneDrive on Linux - see the project's GitHub page here: https://github.com/skilion/onedrive

Saturday, November 3, 2018

Stupid broken Ubuntu DNS

Ubuntu basically ignores DNS provided by DHCP [1]:

The primary purpose of adding 127.0.0.53 to resolv.conf is for client software that wants to do DNS resolution by itself instead of using NSS -- most notable example is Google Chrome, and third-party software which is statically linked (e. g. Go). 
However, other software like NetworkManager or isc-dhcp also calls resolvconf and adds name servers picked up by them -- as they don't talk to resolved directly, resolved reads their DNS servers *from* resolv.conf. 
But, software which does its own DNS lookups like the above have to do their own DNSSEC validation too -- you can't both chose to *not* use NSS *and* rely on NSS to do DNSSEC for you.. 
So, this is indeed a wart, but not easily fixed, and also not that important IMHO. Not using NSS is already broken to some degree, as you also ignore things like nss-{winbind,docker,ldap} etc.

This is so freaking lame :(

[1] Launchpad bug 1624320

Sunday, June 3, 2018

Fix MongoDB incompatibility for Unifi 5.x in Ubuntu 18.04

UPDATE: Step 4 is not needed since UniFi SDN Controller version 5.10.17-11638-1

1. Replace Ubuntu’s MongoDB 3.6 with Community Edition MongoDB 3.4
$ sudo service unifi stop
$ sudo apt uninstall mongodb-server mongo-tools mongodb-clients mongodb-server-core
$
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
$ echo "deb [ arch=amd64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
$ sudo apt update
$ sudo apt install mongodb-org
2. Enable MongoDB migration option. NOTE: since MongoDB is started by Unifi, we need to start Unifi
$ sudo service unifi start
$ sudo mongo --port 27117
> db.adminCommand( { setFeatureCompatibilityVersion: "3.4" } )
> exit
$ sudo service unifi stop
3. Reinstall Ubuntu’s MongoDB 3.6
$ sudo rm /etc/apt/sources.list.d/mongodb-org-3.4.list
$ sudo apt update
$ sudo apt install mongodb-server
4. Fix Unifi’s MongoDB options incompatibility
$ sudo mv /usr/lib/unifi/bin/mongod /usr/lib/unifi/bin/mongod.bin
$ sudo cat <<'EOF'>>/usr/lib/unifi/bin/mongod
#!/bin/bash
cleaned_args=$(echo $* | sed -e 's/--nohttpinterface//')
exec /usr/lib/unifi/bin/mongod.bin ${cleaned_args}

EOF
$ sudo chmod +x /usr/lib/unifi/bin/mongod
5. After the install unifi will break all the packages on the system because they specify a maximum version on mongo. In order to fix that - edit the state of dpkg in /var/lib/dpkg/status: advance to "Package: unifi" and remove the maximum on Mongo-db
6. References

Tuesday, March 27, 2018

Skype For [not doing] Business on Linux

S4B on Linux can be used with Pidgin and Sipe plugin.
  1. Follow build/install instructions or get distro binaries. For example, on xUbuntu distros, install latest & greatest sipe plugin with
    sudo add-apt-repository ppa:sipe-collab/ppa
    sudo apt-get update
    sudo apt-get install pidgin-sipe
    
  2. Configure according to description in this guide. NOTES:
    • avoid using SSO unless you have kerberos with domain login fully set up (ok, just avoid it)
    • use remmina as a remote desktop client (install it if you don't have it in the system)
  3. For User Agent string try to use latest and greatest from this blog

Friday, February 16, 2018

Make Outlook search working again

This is hilarious. Outlook cannot find emails because it uses Windows Search which is totally useless. Here's how to fix this - disable Windows Desktop Search Service for Outlook:
1. Open Registry Editor
2. In "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows" create new key "Windows Search"
3. In the "Windows Search" key create new DWORD value, name it "PreventIndexingOutlook" and set it to 1
4. Exit Registry Editor, and then restart Outlook

Source: https://social.technet.microsoft.com/Forums/office/en-US/8fb64888-8954-4626-ab2e-389b138e73ca/email-search-not-working-in-pst?forum=outlook

Voila!

Tuesday, January 31, 2017

Automate DKMS modules signing in Linux

Some time ago I have managed to sign DKMS Nvidia modules with generated keys and upload those to UEFI. Of course, I had to sign modules every time they've been rebuilt, i.e. when kernel or nvidia driver gets updated. So after few kernel updates I have decided to automate the task via postinst.d hook.

#!/bin/sh

DKMS_DIR=/lib/modules/$1/updates/dkms
KEYS_DIR=/opt/sign
SIGN_CMD=/usr/src/linux-headers-$1/scripts/sign-file

for file in $DKMS_DIR/*.ko
do
    $SIGN_CMD sha256 $KEYS_DIR/MOK.priv $KEYS_DIR/MOK.der "$file" > /dev/null 2>&1
done

exit 0
Not quite sure but looks it will get executed also on kernel uninstall :) Now, need to address Nvidia packages updates.

Thursday, January 12, 2017

Just in case if you are writing some communications protocol in C/C++...

... and need to document it in details in your source headers. There you go, a brilliant tool!
################################################################################
#                    ____            _                  _                      #
#                   |  _ \ _ __ ___ | |_ ___   ___ ___ | |                     #
#                   | |_) | '__/ _ \| __/ _ \ / __/ _ \| |                     #
#                   |  __/| | | (_) | || (_) | (_| (_) | |                     #
#                   |_|   |_|  \___/ \__\___/ \___\___/|_|                     #
#                                                                              #
#           == A Simple ASCII Header Generator for Network Protocols ==        #
#                                                                              #
################################################################################
#                                                                              #
#  Written by:                                                                 #
#                                                                              #
#     Luis MartinGarcia.                                                       #
#       -> E-Mail: luis.mgarc@gmail.com                                        #
#       -> WWWW:   http://www.luismg.com                                       #
#       -> GitHub: https://github.com/luismartingarcia                         #
#                                                                              #
################################################################################
Here's an example of generated TCP headers description

   $ protocol tcp
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Source Port          |        Destination Port       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Sequence Number                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Acknowledgment Number                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Offset|  Res. |     Flags     |             Window            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |         Urgent Pointer        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Options                    |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Get it here: https://github.com/luismartingarcia/protocol Thanks andr2000 for the hint.