Generated.

[homepage.git] / blog / archive / 2018 / 10 / 10.rss

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries from October 2018</title>
                <description>Entries from October 2018</description>
                <link>http://people.skolelinux.org/pere/blog/</link>

        
        <item>
                <title>Fetching trusted timestamps using the rfc3161ng python module</title>
                <link>http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html</link>        
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html</guid>
                <pubDate>Mon, 8 Oct 2018 12:30:00 +0200</pubDate>
                <description>&lt;p&gt;I have  earlier covered the basics of trusted timestamping using the
&#39;openssl ts&#39; client.  See blog post for
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html&quot;&gt;2014&lt;/a&gt;,
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html&quot;&gt;2016&lt;/a&gt;
and
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html&quot;&gt;2017&lt;/a&gt;
for those stories.  But some times I want to integrate the timestamping
in other code, and recently I needed to integrate it into Python.
After searching a bit, I found
&lt;a href=&quot;https://dev.entrouvert.org/projects/python-rfc3161&quot;&gt;the
rfc3161 library&lt;/a&gt; which seemed like a good fit, but I soon
discovered it only worked for python version 2, and I needed something
that work with python version 3.  Luckily I next came across
&lt;a href=&quot;https://github.com/trbs/rfc3161ng/&quot;&gt;the rfc3161ng library&lt;/a&gt;,
a fork of the original rfc3161 library.  Not only is it working with
python 3, it have fixed a few of the bugs in the original library, and
it has an active maintainer.  I decided to wrap it up and make it
&lt;a href=&quot;https://tracker.debian.org/pkg/python-rfc3161ng&quot;&gt;available in
Debian&lt;/a&gt;, and a few days ago it entered Debian unstable and testing.&lt;/p&gt;

&lt;p&gt;Using the library is fairly straight forward.  The only slightly
problematic step is to fetch the required certificates to verify the
timestamp.  For some services it is straight forward, while for others
I have not yet figured out how to do it.  Here is a small standalone
code example based on of the integration tests in the library code:&lt;/p&gt;

&lt;pre&gt;
#!/usr/bin/python3

&quot;&quot;&quot;

Python 3 script demonstrating how to use the rfc3161ng module to
get trusted timestamps.

The license of this code is the same as the license of the rfc3161ng
library, ie MIT/BSD.

&quot;&quot;&quot;

import os
import pyasn1.codec.der
import rfc3161ng
import subprocess
import tempfile
import urllib.request

def store(f, data):
    f.write(data)
    f.flush()
    f.seek(0)

def fetch(url, f=None):
    response = urllib.request.urlopen(url)
    data = response.read()
    if f:
        store(f, data)
    return data

def main():
    with tempfile.NamedTemporaryFile() as cert_f,\
         tempfile.NamedTemporaryFile() as ca_f,\
         tempfile.NamedTemporaryFile() as msg_f,\
         tempfile.NamedTemporaryFile() as tsr_f:

        # First fetch certificates used by service
        certificate_data = fetch(&#39;https://freetsa.org/files/tsa.crt&#39;, cert_f)
        ca_data_data = fetch(&#39;https://freetsa.org/files/cacert.pem&#39;, ca_f)

        # Then timestamp the message
        timestamper = \
            rfc3161ng.RemoteTimestamper(&#39;http://freetsa.org/tsr&#39;,
                                        certificate=certificate_data)
        data = b&quot;Python forever!\n&quot;
        tsr = timestamper(data=data, return_tsr=True)

        # Finally, convert message and response to something &#39;openssl ts&#39; can verify
        store(msg_f, data)
        store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
        args = [&quot;openssl&quot;, &quot;ts&quot;, &quot;-verify&quot;,
                &quot;-data&quot;, msg_f.name,
                &quot;-in&quot;, tsr_f.name,
                &quot;-CAfile&quot;, ca_f.name,
                &quot;-untrusted&quot;, cert_f.name]
        subprocess.check_call(args)

if &#39;__main__&#39; == __name__:
   main()
&lt;/pre&gt;

&lt;p&gt;The code fetches the required certificates, store them as temporary
files, timestamp a simple message, store the message and timestamp to
disk and ask &#39;openssl ts&#39; to verify the timestamp.  A timestamp is
around 1.5 kiB in size, and should be fairly easy to store for future
use.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Automatic Google Drive sync using grive in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Automatic_Google_Drive_sync_using_grive_in_Debian.html</link>        
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_Google_Drive_sync_using_grive_in_Debian.html</guid>
                <pubDate>Thu, 4 Oct 2018 15:20:00 +0200</pubDate>
                <description>&lt;p&gt;A few days, I rescued a Windows victim over to Debian.  To try to
rescue the remains, I helped set up automatic sync with Google Drive.
I did not find any sensible Debian package handling this
automatically, so I rebuild the grive2 source from
&lt;a href=&quot;http://www.webupd8.org/&quot;&gt;the Ubuntu UPD8 PPA&lt;/a&gt; to do the
task and added a autostart desktop entry and a small shell script to
run in the background while the user is logged in to do the sync.
Here is a sketch of the setup for future reference.&lt;/p&gt;

&lt;p&gt;I first created &lt;tt&gt;~/googledrive&lt;/tt&gt;, entered the directory and
ran &#39;&lt;tt&gt;grive -a&lt;/tt&gt;&#39; to authenticate the machine/user.  Next, I
created a autostart hook in &lt;tt&gt;~/.config/autostart/grive.desktop&lt;/tt&gt;
to start the sync when the user log in:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[Desktop Entry]
Name=Google drive autosync
Type=Application
Exec=/home/user/bin/grive-sync
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Finally, I wrote the &lt;tt&gt;~/bin/grive-sync&lt;/tt&gt; script to sync
~/googledrive/ with the files in Google Drive.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -e
cd ~/
cleanup() {
    if [ &quot;$syncpid&quot; ] ; then
        kill $syncpid
    fi
}
trap cleanup EXIT INT QUIT
/usr/lib/grive/grive-sync.sh listen googledrive 2&gt;&amp;1 | sed &quot;s%^%$0:%&quot; &amp;
syncpdi=$!
while true; do
    if ! xhost &gt;/dev/null 2&gt;&amp;1 ; then
        echo &quot;no DISPLAY, exiting as the user probably logged out&quot;
        exit 1
    fi
    if [ ! -e /run/user/1000/grive-sync.sh_googledrive ] ; then
        /usr/lib/grive/grive-sync.sh sync googledrive
    fi
    sleep 300
done 2&gt;&amp;1 | sed &quot;s%^%$0:%&quot;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Feel free to use the setup if you want.  It can be assumed to be
GNU GPL v2 licensed (or any later version, at your leisure), but I
doubt this code is possible to claim copyright on.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>