- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html">Teaching vmdebootstrap to create Raspberry Pi SD card images</a></div>
- <div class="date">27th October 2013</div>
- <div class="body"><p>The
-<a href="http://packages.qa.debian.org/v/vmdebootstrap.html">vmdebootstrap</a>
-program is a a very nice system to create virtual machine images. It
-create a image file, add a partition table, mount it and run
-debootstrap in the mounted directory to create a Debian system on a
-stick. Yesterday, I decided to try to teach it how to make images for
-<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi</a>, as part
-of a plan to simplify the build system for
-<a href="https://wiki.debian.org/FreedomBox">the FreedomBox
-project</a>. The FreedomBox project already uses vmdebootstrap for
-the virtualbox images, but its current build system made multistrap
-based system for Dreamplug images, and it is lacking support for
-Raspberry Pi.</p>
-
-<p>Armed with the knowledge on how to build "foreign" (aka non-native
-architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap
-code and adjusted it to be able to build armel images on my amd64
-Debian laptop. I ended up giving vmdebootstrap five new options,
-allowing me to replicate the image creation process I use to make
-<a href=http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html"">Debian
-Jessie based mesh node images for the Raspberry Pi</a>. First, the
-<tt>--foreign /path/to/binfm_handler</tt> option tell vmdebootstrap to
-call debootstrap with --foreign and to copy the handler into the
-generated chroot before running the second stage. This allow
-vmdebootstrap to create armel images on an amd64 host. Next I added
-two new options <tt>--bootsize size</tt> and <tt>--boottype
-fstype</tt> to teach it to create a separate /boot/ partition with the
-given file system type, allowing me to create an image with a vfat
-partition for the /boot/ stuff. I also added a <tt>--variant
-variant</tt> option to allow me to create smaller images without the
-Debian base system packages installed. Finally, I added an option
-<tt>--no-extlinux</tt> to tell vmdebootstrap to not install extlinux
-as a boot loader. It is not needed on the Raspberry Pi and probably
-most other non-x86 architectures. The changes were accepted by the
-upstream author of vmdebootstrap yesterday and today, and is now
-available from
-<a href="http://git.liw.fi/cgi-bin/cgit/cgit.cgi/vmdebootstrap/">the
-upstream project page</a>.</p>
-
-<p>To use it to build a Raspberry Pi image using Debian Jessie, first
-create a small script (the customize script) to add the non-free
-binary blob needed to boot the Raspberry Pi and the APT source
-list:</p>
-
-<p><pre>
-#!/bin/sh
-set -e # Exit on first error
-rootdir="$1"
-cd "$rootdir"
-cat <<EOF > etc/apt/sources.list
-deb http://http.debian.net/debian/ jessie main contrib non-free
-EOF
-# Install non-free binary blob needed to boot Raspberry Pi. This
-# install a kernel somewhere too.
-wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
- -O $rootdir/usr/bin/rpi-update
-chmod a+x $rootdir/usr/bin/rpi-update
-mkdir -p $rootdir/lib/modules
-touch $rootdir/boot/start.elf
-chroot $rootdir rpi-update
-</pre></p>
-
-<p>Next, fetch the latest vmdebootstrap script and call it like this
-to build the image:</p>
-
-<pre>
-sudo ./vmdebootstrap \
- --variant minbase \
- --arch armel \
- --distribution jessie \
- --mirror http://http.debian.net/debian \
- --image test.img \
- --size 600M \
- --bootsize 64M \
- --boottype vfat \
- --log-level debug \
- --verbose \
- --no-kernel \
- --no-extlinux \
- --root-password raspberry \
- --hostname raspberrypi \
- --foreign /usr/bin/qemu-arm-static \
- --customize `pwd`/customize \
- --package netbase \
- --package git-core \
- --package binutils \
- --package ca-certificates \
- --package wget \
- --package kmod
-</pre></p>
-
-<p>The list of packages being installed are the ones needed by
-rpi-update to make the image bootable on the Raspberry Pi, with the
-exception of netbase, which is needed by debootstrap to find
-/etc/hosts with the minbase variant. I really wish there was a way to
-set up an Raspberry Pi using only packages in the Debian archive, but
-that is not possible as far as I know, because it boots from the GPU
-using a non-free binary blob.</p>
-
-<p>The build host need debootstrap, kpartx and qemu-user-static and
-probably a few others installed. I have not checked the complete
-build dependency list.</p>
-
-<p>The resulting image will not use the hardware floating point unit
-on the Raspberry PI, because the armel architecture in Debian is not
-optimized for that use. So the images created will be a bit slower
-than <a href="http://www.raspbian.org/">Raspbian</a> based images.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Det_er_jo_makta_som_er_mest_s_rbar_ved_massiv_overv_kning_av_Internett.html">Det er jo makta som er mest sårbar ved massiv overvåkning av Internett</a></div>
- <div class="date">26th October 2013</div>
- <div class="body"><p>De siste måneders eksponering av
-<a href="http://www.aftenposten.no/nyheter/uriks/Her-er-Edvard-Snowdens-mest-omtalte-avsloringer-7351734.html">den
-totale overvåkningen som foregår i den vestlige verden dokumenterer
-hvor sårbare vi er</a>. Men det slår meg at de som er mest sårbare
-for dette, myndighetspersoner på alle nivåer, neppe har innsett at de
-selv er de mest interessante personene å lage profiler på, for å kunne
-påvirke dem.</p>
-
-<p>For å ta et lite eksempel: Stortingets nettsted,
-<a href="http://www.stortinget.no/">www.stortinget.no</a> (og
-forsåvidt også
-<a href="http://data.stortinget.no/">data.stortinget.no</a>),
-inneholder informasjon om det som foregår på Stortinget, og jeg antar
-de største brukerne av informasjonen der er representanter og
-rådgivere på Stortinget. Intet overraskende med det. Det som derimot
-er mer skjult er at Stortingets nettsted bruker
-<a href="http://en.wikipedia.org/wiki/Google_Analytics">Google
-Analytics</a>, hvilket gjør at enhver som besøker nettsidene der også
-rapporterer om besøket via Internett-linjer som passerer Sverige,
-England og videre til USA. Det betyr at informasjon om ethvert besøk
-på stortingets nettsider kan snappes opp av svensk, britisk og USAs
-etterretningsvesen. De kan dermed holde et øye med hvilke
-Stortingssaker stortingsrepresentantene synes er interessante å sjekke
-ut, og hvilke sider rådgivere og andre på stortinget synes er
-interessant å besøke, når de gjør det og hvilke andre representanter
-som sjekker de samme sidene omtrent samtidig. Stortingets bruk av
-Google Analytics gjør det dermed enkelt for utenlands etteretning å
-spore representantenes aktivitet og interesse. Hvis noen av
-representantene bruker Google Mail eller noen andre tjenestene som
-krever innlogging, så vil det være enda enklere å finne ut nøyaktig
-hvilke personer som bruker hvilke nettlesere og dermed knytte
-informasjonen opp til enkeltpersoner på Stortinget.</p>
-
-<p>Og jo flere nettsteder som bruker Google Analytics, jo bedre
-oversikt over stortingsrepresentantenes lesevaner og interesse blir
-tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan
-bruke den informasjonen til overlater jeg til leseren å undres
-over.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html">Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</a></div>
+ <div class="date">10th September 2014</div>
+ <div class="body"><p>Yesterday, I had the pleasure of attending a talk with the
+<a href="http://www.nuug.no/">Norwegian Unix User Group</a> about
+<a href="http://www.nuug.no/aktiviteter/20140909-sks-keyservers/">the
+OpenPGP keyserver pool sks-keyservers.net</a>, and was very happy to
+learn that there is a large set of publicly available key servers to
+use when looking for peoples public key. So far I have used
+subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
+were misbehaving, but those days are ended. The servers I have used
+up until yesterday have been slow and some times unavailable. I hope
+those problems are gone now.</p>
+
+<p>Behind the round robin DNS entry of the
+<a href="https://sks-keyservers.net/">sks-keyservers.net</a> service
+there is a pool of more than 100 keyservers which are checked every
+day to ensure they are well connected and up to date. It must be
+better than what I have used so far. :)</p>
+
+<p>Yesterdays speaker told me that the service is the default
+keyserver provided by the default configuration in GnuPG, but this do
+not seem to be used in Debian. Perhaps it should?</p>
+
+<p>Anyway, I've updated my ~/.gnupg/options file to now include this
+line:</p>
+
+<p><blockquote><pre>
+keyserver pool.sks-keyservers.net
+</pre></blockquote></p>
+
+<p>With GnuPG version 2 one can also locate the keyserver using SRV
+entries in DNS. Just for fun, I did just that at work, so now every
+user of GnuPG at the University of Oslo should find a OpenGPG
+keyserver automatically should their need it:</p>
+
+<p><blockquote><pre>
+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+</pre></blockquote></p>
+
+<p>Now if only
+<a href="http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/">the
+HKP lookup protocol</a> supported finding signature paths, I would be
+very happy. It can look up a given key or search for a user ID, but I
+normally do not want that, but to find a trust path from my key to
+another key. Given a user ID or key ID, I would like to find (and
+download) the keys representing a signature path from my key to the
+key in question, to be able to get a trust path between the two keys.
+This is as far as I can tell not possible today. Perhaps something
+for a future version of the protocol?</p>
projects / homepage.git / blobdiff