]> pere.pagekite.me Git - homepage.git/blob - blog/archive/2018/10/10.rss
Generated.
[homepage.git] / blog / archive / 2018 / 10 / 10.rss
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
3 <channel>
4 <title>Petter Reinholdtsen - Entries from October 2018</title>
5 <description>Entries from October 2018</description>
6 <link>http://people.skolelinux.org/pere/blog/</link>
7
8
9 <item>
10 <title>Fetching trusted timestamps using the rfc3161ng python module</title>
11 <link>http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html</link>
12 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html</guid>
13 <pubDate>Mon, 8 Oct 2018 12:30:00 +0200</pubDate>
14 <description>&lt;p&gt;I have earlier covered the basics of trusted timestamping using the
15 &#39;openssl ts&#39; client. See blog post for
16 &lt;a href=&quot;http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html&quot;&gt;2014&lt;/a&gt;,
17 &lt;a href=&quot;http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html&quot;&gt;2016&lt;/a&gt;
18 and
19 &lt;a href=&quot;http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html&quot;&gt;2017&lt;/a&gt;
20 for those stories. But some times I want to integrate the timestamping
21 in other code, and recently I needed to integrate it into Python.
22 After searching a bit, I found
23 &lt;a href=&quot;https://dev.entrouvert.org/projects/python-rfc3161&quot;&gt;the
24 rfc3161 library&lt;/a&gt; which seemed like a good fit, but I soon
25 discovered it only worked for python version 2, and I needed something
26 that work with python version 3. Luckily I next came across
27 &lt;a href=&quot;https://github.com/trbs/rfc3161ng/&quot;&gt;the rfc3161ng library&lt;/a&gt;,
28 a fork of the original rfc3161 library. Not only is it working with
29 python 3, it have fixed a few of the bugs in the original library, and
30 it has an active maintainer. I decided to wrap it up and make it
31 &lt;a href=&quot;https://tracker.debian.org/pkg/python-rfc3161ng&quot;&gt;available in
32 Debian&lt;/a&gt;, and a few days ago it entered Debian unstable and testing.&lt;/p&gt;
33
34 &lt;p&gt;Using the library is fairly straight forward. The only slightly
35 problematic step is to fetch the required certificates to verify the
36 timestamp. For some services it is straight forward, while for others
37 I have not yet figured out how to do it. Here is a small standalone
38 code example based on of the integration tests in the library code:&lt;/p&gt;
39
40 &lt;pre&gt;
41 #!/usr/bin/python3
42
43 &quot;&quot;&quot;
44
45 Python 3 script demonstrating how to use the rfc3161ng module to
46 get trusted timestamps.
47
48 The license of this code is the same as the license of the rfc3161ng
49 library, ie MIT/BSD.
50
51 &quot;&quot;&quot;
52
53 import os
54 import pyasn1.codec.der
55 import rfc3161ng
56 import subprocess
57 import tempfile
58 import urllib.request
59
60 def store(f, data):
61 f.write(data)
62 f.flush()
63 f.seek(0)
64
65 def fetch(url, f=None):
66 response = urllib.request.urlopen(url)
67 data = response.read()
68 if f:
69 store(f, data)
70 return data
71
72 def main():
73 with tempfile.NamedTemporaryFile() as cert_f,\
74 tempfile.NamedTemporaryFile() as ca_f,\
75 tempfile.NamedTemporaryFile() as msg_f,\
76 tempfile.NamedTemporaryFile() as tsr_f:
77
78 # First fetch certificates used by service
79 certificate_data = fetch(&#39;https://freetsa.org/files/tsa.crt&#39;, cert_f)
80 ca_data_data = fetch(&#39;https://freetsa.org/files/cacert.pem&#39;, ca_f)
81
82 # Then timestamp the message
83 timestamper = \
84 rfc3161ng.RemoteTimestamper(&#39;http://freetsa.org/tsr&#39;,
85 certificate=certificate_data)
86 data = b&quot;Python forever!\n&quot;
87 tsr = timestamper(data=data, return_tsr=True)
88
89 # Finally, convert message and response to something &#39;openssl ts&#39; can verify
90 store(msg_f, data)
91 store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
92 args = [&quot;openssl&quot;, &quot;ts&quot;, &quot;-verify&quot;,
93 &quot;-data&quot;, msg_f.name,
94 &quot;-in&quot;, tsr_f.name,
95 &quot;-CAfile&quot;, ca_f.name,
96 &quot;-untrusted&quot;, cert_f.name]
97 subprocess.check_call(args)
98
99 if &#39;__main__&#39; == __name__:
100 main()
101 &lt;/pre&gt;
102
103 &lt;p&gt;The code fetches the required certificates, store them as temporary
104 files, timestamp a simple message, store the message and timestamp to
105 disk and ask &#39;openssl ts&#39; to verify the timestamp. A timestamp is
106 around 1.5 kiB in size, and should be fairly easy to store for future
107 use.&lt;/p&gt;
108
109 &lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
110 activities, please send Bitcoin donations to my address
111 &lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
112 </description>
113 </item>
114
115 <item>
116 <title>Automatic Google Drive sync using grive in Debian</title>
117 <link>http://people.skolelinux.org/pere/blog/Automatic_Google_Drive_sync_using_grive_in_Debian.html</link>
118 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_Google_Drive_sync_using_grive_in_Debian.html</guid>
119 <pubDate>Thu, 4 Oct 2018 15:20:00 +0200</pubDate>
120 <description>&lt;p&gt;A few days, I rescued a Windows victim over to Debian. To try to
121 rescue the remains, I helped set up automatic sync with Google Drive.
122 I did not find any sensible Debian package handling this
123 automatically, so I rebuild the grive2 source from
124 &lt;a href=&quot;http://www.webupd8.org/&quot;&gt;the Ubuntu UPD8 PPA&lt;/a&gt; to do the
125 task and added a autostart desktop entry and a small shell script to
126 run in the background while the user is logged in to do the sync.
127 Here is a sketch of the setup for future reference.&lt;/p&gt;
128
129 &lt;p&gt;I first created &lt;tt&gt;~/googledrive&lt;/tt&gt;, entered the directory and
130 ran &#39;&lt;tt&gt;grive -a&lt;/tt&gt;&#39; to authenticate the machine/user. Next, I
131 created a autostart hook in &lt;tt&gt;~/.config/autostart/grive.desktop&lt;/tt&gt;
132 to start the sync when the user log in:&lt;/p&gt;
133
134 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
135 [Desktop Entry]
136 Name=Google drive autosync
137 Type=Application
138 Exec=/home/user/bin/grive-sync
139 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
140
141 &lt;p&gt;Finally, I wrote the &lt;tt&gt;~/bin/grive-sync&lt;/tt&gt; script to sync
142 ~/googledrive/ with the files in Google Drive.&lt;/p&gt;
143
144 &lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
145 #!/bin/sh
146 set -e
147 cd ~/
148 cleanup() {
149 if [ &quot;$syncpid&quot; ] ; then
150 kill $syncpid
151 fi
152 }
153 trap cleanup EXIT INT QUIT
154 /usr/lib/grive/grive-sync.sh listen googledrive 2&gt;&amp;1 | sed &quot;s%^%$0:%&quot; &amp;
155 syncpdi=$!
156 while true; do
157 if ! xhost &gt;/dev/null 2&gt;&amp;1 ; then
158 echo &quot;no DISPLAY, exiting as the user probably logged out&quot;
159 exit 1
160 fi
161 if [ ! -e /run/user/1000/grive-sync.sh_googledrive ] ; then
162 /usr/lib/grive/grive-sync.sh sync googledrive
163 fi
164 sleep 300
165 done 2&gt;&amp;1 | sed &quot;s%^%$0:%&quot;
166 &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;
167
168 &lt;p&gt;Feel free to use the setup if you want. It can be assumed to be
169 GNU GPL v2 licensed (or any later version, at your leisure), but I
170 doubt this code is possible to claim copyright on.&lt;/p&gt;
171
172 &lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
173 activities, please send Bitcoin donations to my address
174 &lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
175 </description>
176 </item>
177
178 </channel>
179 </rss>