Kaynağa Gözat

Improved hashlet instructions

Bob Mottram 11 yıl önce
ebeveyn
işleme
d6f256f294
1 değiştirilmiş dosya ile 175 ekleme ve 39 silme
  1. 175
    39
      beaglebone.txt

+ 175
- 39
beaglebone.txt Dosyayı Görüntüle

@@ -473,51 +473,25 @@ rngtest: Program run time: 115987 microseconds
473 473
 
474 474
 An optional extra is the [[http://cryptotronix.com/products/hashlet/][Cryptotronix Hashlet]] which also has hardware random number generation capability via the [[./Atmel-8740-CryptoAuth-ATSHA204-Datasheet.pdf][Atmel ATSHA204]] chip.
475 475
 
476
-Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then download the source code.
476
+Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then install some dependencies.
477 477
 
478 478
 #+BEGIN_SRC: bash
479
-cd /tmp
480
-wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz
481
-wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz.sig
482
-wget http://freedombone.uk.to/hashlet-1.0.0.patch
479
+apt-get install git build-essential libgcrypt11-dev texinfo
483 480
 #+END_SRC
484 481
 
485
-Install some dependencies.
482
+Download the source code.
486 483
 
487 484
 #+BEGIN_SRC: bash
488
-apt-get install gnupg build-essential libgcrypt11-dev texinfo
489
-#+END_SRC
490
-
491
-Verify it.
492
-
493
-#+BEGIN_SRC: bash
494
-gpg --verify hashlet-1.0.0.tar.gz.sig
495
-#+END_SRC
496
-
497
-The main parts of the verification to check are:
498
-
499
-#+BEGIN_SRC: bash
500
-gpg: Signature made Fri 07 Feb 2014 23:22:37 GMT using RSA key ID 81CD647A
501
-gpg: Good signature from "Joshua Brian Datko <jbd@cryptotronix.com>"
502
-#+END_SRC
503
-
504
-Also verify the patch:
505
-
506
-#+BEGIN_SRC: bash
507
-sha256sum hashlet-1.0.0.patch
508
-bb9f08b049d112fadd0f8889849a39d199a7f7582c627f8eda5680ded842945b
485
+cd /tmp
486
+git clone https://github.com/bashrc/hashlet.git
509 487
 #+END_SRC
510 488
 
511 489
 Now install the driver.
512 490
 
513 491
 #+BEGIN_SRC: bash
514
-tar -xzvf hashlet-1.0.0.tar.gz
515
-cd hashlet-1.0.0
516
-patch -p1 < ../hashlet-1.0.0.patch
492
+cd hashlet
517 493
 chmod o+rw /dev/i2c*
518 494
 ./autogen.sh
519
-./configure
520
-make
521 495
 make check
522 496
 make install
523 497
 #+END_SRC
@@ -540,28 +514,117 @@ Nothing should be returned by this command, but a file called ~/.hashlet will be
540 514
 chmod 400 ~/.hashlet
541 515
 #+END_SRC
542 516
 
517
+Now create a daemon which will create a random number generator device */dev/hashletrng*.
518
+
543 519
 #+BEGIN_SRC: bash
544
-mknod /dev/hashletrng p
545
-emacs /root/hashletupdate
520
+emacs /usr/bin/hashletd
546 521
 #+END_SRC
547 522
 
548
-Add the following:
549
-
550 523
 #+BEGIN_SRC: bash
551 524
 #!/bin/sh
552 525
 
526
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
527
+I2CBUS=2
528
+BYTES=32
529
+DEVICE=/dev/hashletrng
530
+
531
+# create a device
532
+if [ ! -e ${DEVICE} ]; then
533
+  mknod ${DEVICE} p
534
+fi
535
+
553 536
 while :
554 537
 do
555
-hashlet --bus=/dev/i2c-2 --Bytes 32 random-bytes > /dev/hashletrng
538
+hashlet --bus=/dev/i2c-${I2CBUS} --Bytes ${BYTES} random-bytes > ${DEVICE}
556 539
 done
557 540
 #+END_SRC
558 541
 
559
-Save and exit.
542
+Save and exit.  Now create an init script to run it.
543
+
544
+#+BEGIN_SRC: bash
545
+emacs /etc/init.d/hashlet
546
+#+END_SRC
547
+
548
+Add the following:
549
+
550
+#+BEGIN_SRC: bash
551
+#!/bin/bash
552
+
553
+# /etc/init.d/hashlet
554
+
555
+### BEGIN INIT INFO
556
+# Provides:          hashlet
557
+# Required-Start:    $remote_fs $syslog
558
+# Required-Stop:     $remote_fs $syslog
559
+# Default-Start:     2 3 4 5
560
+# Default-Stop:      0 1 6
561
+# Short-Description: hashlet
562
+# Description:       Creates a random number generator device
563
+### END INIT INFO
564
+
565
+# Author: Bob Mottram <bob@robotics.uk.to>
566
+
567
+#Settings
568
+SERVICE='hashlet'
569
+LOGFILE='/dev/null'
570
+COMMAND="/usr/bin/hashletd"
571
+USERNAME='root'
572
+NICELEVEL=19
573
+HISTORY=1024
574
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
575
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
576
+
577
+hashlet_start() {
578
+echo "Starting $SERVICE..."
579
+su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
580
+}
581
+
582
+
583
+hashlet_stop() {
584
+echo "Stopping $SERVICE"
585
+su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
586
+}
587
+
588
+
589
+#Start-Stop here
590
+case "$1" in
591
+  start)
592
+    hashlet_start
593
+    ;;
594
+  stop)
595
+    hashlet_stop
596
+    ;;
597
+  restart)
598
+    hashlet_stop
599
+    sleep 10s
600
+    hashlet_start
601
+    ;;
602
+    *)
603
+  echo "Usage: $0 {start|stop|restart}"
604
+  exit 1
605
+  ;;
606
+esac
607
+
608
+exit 0
609
+#+END_SRC
610
+
611
+Save and exit, then start the daemon.
612
+
613
+#+BEGIN_SRC: bash
614
+chmod +x /usr/bin/hashletd
615
+chmod +x /etc/init.d/hashlet
616
+update-rc.d hashlet defaults
617
+service hashlet start
618
+#+END_SRC
619
+
620
+Then to obtain some random bytes:
560 621
 
561 622
 #+BEGIN_SRC: bash
562
-chmod +x /root/hashletupdate
623
+cat /dev/hashletrng
563 624
 #+END_SRC
564 625
 
626
+The rate of entropy generation by the Hashlet seems very slow compared to */dev/hwrng*, and this is most likely because of the I2C interface.  So it's probably a good idea to keep hwrng as the main random source and only use the Hashlet's random number generator for any ancillary stuff.
627
+
565 628
 ** Alter ssh configuration
566 629
 
567 630
 Altering the ssh configuration will make it a little more secure than the standard Debian settings.
@@ -6826,6 +6889,79 @@ Within a browser open https://mydomainname.com:8888
6826 6889
 
6827 6890
 See documentation in /usr/share/doc/kune/INSTALL.gz
6828 6891
 
6892
+** Loomio
6893
+
6894
+#+BEGIN_SRC: bash
6895
+apt-get install imagemagick libmagickcore-dev postgresql libmagickwand-dev
6896
+#+END_SRC
6897
+
6898
+psql -d postgres
6899
+postgres=# create role postgres login createdb;
6900
+postgres=# \q
6901
+
6902
+
6903
+#+BEGIN_SRC: bash
6904
+cd /srv
6905
+git clone https://github.com/loomio/loomio.git
6906
+cd /srv/loomio
6907
+bundle install
6908
+cp config/database.example.yml config/database.yml
6909
+cp .example-env .env
6910
+bundle exec rake db:create
6911
+bundle exec rake db:schema:load
6912
+bundle exec rake db:schema:load RAILS_ENV=test
6913
+bundle exec rake db:seed
6914
+#+END_SRC
6915
+
6916
+foreman start
6917
+
6918
+Edit the Apache configuration for your mediagoblin site.
6919
+
6920
+#+BEGIN_SRC: bash
6921
+emacs /etc/apache2/sites-available/myloomiodomain
6922
+#+END_SRC
6923
+
6924
+Delete the existing configuration (in Emacs it's CTRL-x h then CTRL-w) and paste the following, replacing /myloomiodomain/ with your mediagoblin domain name and /myusername@mydomainname.com/ with your email address.
6925
+
6926
+#+BEGIN_SRC: bash
6927
+<VirtualHost *:80>
6928
+    ServerAdmin myusername@mydomainname.com
6929
+
6930
+    DocumentRoot /srv/myloomiodomain
6931
+    ServerName myloomiodomain
6932
+
6933
+    <Directory />
6934
+        Options FollowSymLinks
6935
+        AllowOverride None
6936
+    </Directory>
6937
+    <Directory /srv/myloomiodomain/>
6938
+        Options Indexes FollowSymLinks MultiViews
6939
+        AllowOverride All
6940
+        Order allow,deny
6941
+        allow from all
6942
+    </Directory>
6943
+
6944
+    LogLevel warn
6945
+
6946
+    ProxyVia On
6947
+
6948
+    ProxyRequests off
6949
+    ProxyPreserveHost on
6950
+
6951
+    ProxyPass / http://localhost:3000/
6952
+
6953
+    ErrorLog "/var/log/apache2/error.log"
6954
+    CustomLog "/var/log/apache2/access.log" combined
6955
+
6956
+    RewriteEngine On
6957
+    RewriteOptions Inherit
6958
+</VirtualHost>
6959
+#+END_SRC
6960
+
6961
+Save and exit.
6962
+
6963
+Now in a browser visit http://myloomiodomain and create a user.
6964
+
6829 6965
 * Related projects
6830 6966
 
6831 6967
   * [[https://freedomboxfoundation.org/][Freedombox]]