X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/6150c7a64a43c3644a1f02db495c0d22651e2624..48242bda221d48f034db275c4758ac81cc92d31b:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 6b3194e75e..95d6887c41 100644 --- a/blog/index.html +++ b/blog/index.html @@ -19,6 +19,118 @@ +
+
Fetching trusted timestamps using the rfc3161ng python module
+
8th October 2018
+

I have earlier covered the basics of trusted timestamping using the +'openssl ts' client. See blog post for +2014, +2016 +and +2017 +for those stories. But some times I want to integrate the timestamping +in other code, and recently I needed to integrate it into Python. +After searching a bit, I found +the +rfc3161 library which seemed like a good fit, but I soon +discovered it only worked for python version 2, and I needed something +that work with python version 3. Luckily I next came across +the rfc3161ng library, +a fork of the original rfc3161 library. Not only is it working with +python 3, it have fixed a few of the bugs in the original library, and +it has an active maintainer. I decided to wrap it up and make it +available in +Debian, and a few days ago it entered Debian unstable and testing.

+ +

Using the library is fairly straight forward. The only slightly +problematic step is to fetch the required certificates to verify the +timestamp. For some services it is straight forward, while for others +I have not yet figured out how to do it. Here is a small standalone +code example based on of the integration tests in the library code:

+ +
+#!/usr/bin/python3
+
+"""
+
+Python 3 script demonstrating how to use the rfc3161ng module to
+get trusted timestamps.
+
+The license of this code is the same as the license of the rfc3161ng
+library, ie MIT/BSD.
+
+"""
+
+import os
+import pyasn1.codec.der
+import rfc3161ng
+import subprocess
+import tempfile
+import urllib.request
+
+def store(f, data):
+    f.write(data)
+    f.flush()
+    f.seek(0)
+
+def fetch(url, f=None):
+    response = urllib.request.urlopen(url)
+    data = response.read()
+    if f:
+        store(f, data)
+    return data
+
+def main():
+    with tempfile.NamedTemporaryFile() as cert_f,\
+    	 tempfile.NamedTemporaryFile() as ca_f,\
+    	 tempfile.NamedTemporaryFile() as msg_f,\
+    	 tempfile.NamedTemporaryFile() as tsr_f:
+
+        # First fetch certificates used by service
+        certificate_data = fetch('https://freetsa.org/files/tsa.crt', cert_f)
+        ca_data_data = fetch('https://freetsa.org/files/cacert.pem', ca_f)
+
+        # Then timestamp the message
+        timestamper = \
+            rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr',
+                                        certificate=certificate_data)
+        data = b"Python forever!\n"
+        tsr = timestamper(data=data, return_tsr=True)
+
+        # Finally, convert message and response to something 'openssl ts' can verify
+        store(msg_f, data)
+        store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
+        args = ["openssl", "ts", "-verify",
+                "-data", msg_f.name,
+	        "-in", tsr_f.name,
+		"-CAfile", ca_f.name,
+                "-untrusted", cert_f.name]
+        subprocess.check_call(args)
+
+if '__main__' == __name__:
+   main()
+
+ +

The code fetches the required certificates, store them as temporary +files, timestamp a simple message, store the message and timestamp to +disk and ask 'openssl ts' to verify the timestamp. A timestamp is +around 1.5 kiB in size, and should be fairly easy to store for future +use.

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

+
+
+ + + Tags: english, sikkerhet. + + +
+
+
+
Automatic Google Drive sync using grive in Debian
4th October 2018
@@ -631,159 +743,6 @@ wait "$gstpid"

I hope you find the approach useful. I know I do.

-

As usual, if you use Bitcoin and want to show your support of my -activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

-
-
- - - Tags: debian, english, kodi, video. - - -
- -
- -
-
Streaming the Linux desktop to Kodi using VLC and RTSP
-
12th July 2018
-

PS: See -the -followup post for a even better approach.

- -

A while back, I was asked by a friend how to stream the desktop to -my projector connected to Kodi. I sadly had to admit that I had no -idea, as it was a task I never had tried. Since then, I have been -looking for a way to do so, preferable without much extra software to -install on either side. Today I found a way that seem to kind of -work. Not great, but it is a start.

- -

I had a look at several approaches, for example -using uPnP -DLNA as described in 2011, but it required a uPnP server, fuse and -local storage enough to store the stream locally. This is not going -to work well for me, lacking enough free space, and it would -impossible for my friend to get working.

- -

Next, it occurred to me that perhaps I could use VLC to create a -video stream that Kodi could play. Preferably using -broadcast/multicast, to avoid having to change any setup on the Kodi -side when starting such stream. Unfortunately, the only recipe I -could find using multicast used the rtp protocol, and this protocol -seem to not be supported by Kodi.

- -

On the other hand, the rtsp protocol is working! Unfortunately I -have to specify the IP address of the streaming machine in both the -sending command and the file on the Kodi server. But it is showing my -desktop, and thus allow us to have a shared look on the big screen at -the programs I work on.

- -

I did not spend much time investigating codeces. I combined the -rtp and rtsp recipes from -the -VLC Streaming HowTo/Command Line Examples, and was able to get -this working on the desktop/streaming end.

- -
-vlc screen:// --sout \
-  '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{dst=projector.local,port=1234,sdp=rtsp://192.168.11.4:8080/test.sdp}'
-
- -

I ssh-ed into my Kodi box and created a file like this with the -same IP address:

- -
-echo rtsp://192.168.11.4:8080/test.sdp \
-  > /storage/videos/screenstream.m3u
-
- -

Note the 192.168.11.4 IP address is my desktops IP address. As far -as I can tell the IP must be hardcoded for this to work. In other -words, if someone elses machine is going to do the steaming, you have -to update screenstream.m3u on the Kodi machine and adjust the vlc -recipe. To get started, locate the file in Kodi and select the m3u -file while the VLC stream is running. The desktop then show up in my -big screen. :)

- -

When using the same technique to stream a video file with audio, -the audio quality is really bad. No idea if the problem is package -loss or bad parameters for the transcode. I do not know VLC nor Kodi -enough to tell.

- -

Update 2018-07-12: Johannes Schauer send me a few -succestions and reminded me about an important step. The "screen:" -input source is only available once the vlc-plugin-access-extra -package is installed on Debian. Without it, you will see this error -message: "VLC is unable to open the MRL 'screen://'. Check the log -for details." He further found that it is possible to drop some parts -of the VLC command line to reduce the amount of hardcoded information. -It is also useful to consider using cvlc to avoid having the VLC -window in the desktop view. In sum, this give us this command line on -the source end - -

-cvlc screen:// --sout \
-  '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{sdp=rtsp://:8080/}'
-
- -

and this on the Kodi end

- -

-echo rtsp://192.168.11.4:8080/ \
-  > /storage/videos/screenstream.m3u
-
- -

Still bad image quality, though. But I did discover that streaming -a DVD using dvdsimple:///dev/dvd as the source had excellent video and -audio quality, so I guess the issue is in the input or transcoding -parts, not the rtsp part. I've tried to change the vb and ab -parameters to use more bandwidth, but it did not make a -difference.

- -

I further received a suggestion from Einar Haraldseid to try using -gstreamer instead of VLC, and this proved to work great! He also -provided me with the trick to get Kodi to use a multicast stream as -its source. By using this monstrous oneliner, I can stream my desktop -with good video quality in reasonable framerate to the 239.255.0.1 -multicast address on port 1234: - -

-gst-launch-1.0 ximagesrc use-damage=0 ! video/x-raw,framerate=30/1 ! \
-  videoconvert ! queue2 ! \
-  x264enc bitrate=8000 speed-preset=superfast tune=zerolatency qp-min=30 \
-  key-int-max=15 bframes=2 ! video/x-h264,profile=high ! queue2 ! \
-  mpegtsmux alignment=7 name=mux ! rndbuffersize max=1316 min=1316 ! \
-  udpsink host=239.255.0.1 port=1234 ttl-mc=1 auto-multicast=1 sync=0 \
-  pulsesrc device=$(pactl list | grep -A2 'Source #' | \
-    grep 'Name: .*\.monitor$' |  cut -d" " -f2|head -1) ! \
-  audioconvert ! queue2 ! avenc_aac ! queue2 ! mux.
-
- -

and this on the Kodi end

- -

-echo udp://@239.255.0.1:1234 \
-  > /storage/videos/screenstream.m3u
-
- -

Note the trick to pick a valid pulseaudio source. It might not -pick the one you need. This approach will of course lead to trouble -if more than one source uses the same multicast port and address. -Note the ttl-mc=1 setting, which limit the multicast packages to the -local network. If the value is increased, your screen will be -broadcasted further, one network "hop" for each increase (read up on -multicast to learn more. :)!

- -

Having cracked how to get Kodi to receive multicast streams, I -could use this VLC command to stream to the same multicast address. -The image quality is way better than the rtsp approach, but gstreamer -seem to be doing a better job.

- -
-cvlc screen:// --sout '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{mux=ts,dst=239.255.0.1,port=1234,sdp=sap}'
-
-

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

@@ -825,7 +784,7 @@ activities, please send Bitcoin donations to my address
  • September (3)
    • -
  • October (1)
    • +
  • October (2)
    • @@ -1134,7 +1093,7 @@ activities, please send Bitcoin donations to my address
  • drivstoffpriser (4)
    • -
  • english (386)
    • +
  • english (387)
  • fiksgatami (23)
    • @@ -1200,7 +1159,7 @@ activities, please send Bitcoin donations to my address
  • scraperwiki (2)
    • -
  • sikkerhet (54)
    • +
  • sikkerhet (55)
  • sitesummary (4)