|
@@ -473,51 +473,25 @@ rngtest: Program run time: 115987 microseconds
|
473
|
473
|
|
474
|
474
|
An optional extra is the [[http://cryptotronix.com/products/hashlet/][Cryptotronix Hashlet]] which also has hardware random number generation capability via the [[./Atmel-8740-CryptoAuth-ATSHA204-Datasheet.pdf][Atmel ATSHA204]] chip.
|
475
|
475
|
|
476
|
|
-Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then download the source code.
|
|
476
|
+Install the hashlet [[./images/hashlet_installed.jpg][like this]] on the BBB, then install some dependencies.
|
477
|
477
|
|
478
|
478
|
#+BEGIN_SRC: bash
|
479
|
|
-cd /tmp
|
480
|
|
-wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz
|
481
|
|
-wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz.sig
|
482
|
|
-wget http://freedombone.uk.to/hashlet-1.0.0.patch
|
|
479
|
+apt-get install git build-essential libgcrypt11-dev texinfo
|
483
|
480
|
#+END_SRC
|
484
|
481
|
|
485
|
|
-Install some dependencies.
|
|
482
|
+Download the source code.
|
486
|
483
|
|
487
|
484
|
#+BEGIN_SRC: bash
|
488
|
|
-apt-get install gnupg build-essential libgcrypt11-dev texinfo
|
489
|
|
-#+END_SRC
|
490
|
|
-
|
491
|
|
-Verify it.
|
492
|
|
-
|
493
|
|
-#+BEGIN_SRC: bash
|
494
|
|
-gpg --verify hashlet-1.0.0.tar.gz.sig
|
495
|
|
-#+END_SRC
|
496
|
|
-
|
497
|
|
-The main parts of the verification to check are:
|
498
|
|
-
|
499
|
|
-#+BEGIN_SRC: bash
|
500
|
|
-gpg: Signature made Fri 07 Feb 2014 23:22:37 GMT using RSA key ID 81CD647A
|
501
|
|
-gpg: Good signature from "Joshua Brian Datko <jbd@cryptotronix.com>"
|
502
|
|
-#+END_SRC
|
503
|
|
-
|
504
|
|
-Also verify the patch:
|
505
|
|
-
|
506
|
|
-#+BEGIN_SRC: bash
|
507
|
|
-sha256sum hashlet-1.0.0.patch
|
508
|
|
-bb9f08b049d112fadd0f8889849a39d199a7f7582c627f8eda5680ded842945b
|
|
485
|
+cd /tmp
|
|
486
|
+git clone https://github.com/bashrc/hashlet.git
|
509
|
487
|
#+END_SRC
|
510
|
488
|
|
511
|
489
|
Now install the driver.
|
512
|
490
|
|
513
|
491
|
#+BEGIN_SRC: bash
|
514
|
|
-tar -xzvf hashlet-1.0.0.tar.gz
|
515
|
|
-cd hashlet-1.0.0
|
516
|
|
-patch -p1 < ../hashlet-1.0.0.patch
|
|
492
|
+cd hashlet
|
517
|
493
|
chmod o+rw /dev/i2c*
|
518
|
494
|
./autogen.sh
|
519
|
|
-./configure
|
520
|
|
-make
|
521
|
495
|
make check
|
522
|
496
|
make install
|
523
|
497
|
#+END_SRC
|
|
@@ -540,28 +514,117 @@ Nothing should be returned by this command, but a file called ~/.hashlet will be
|
540
|
514
|
chmod 400 ~/.hashlet
|
541
|
515
|
#+END_SRC
|
542
|
516
|
|
|
517
|
+Now create a daemon which will create a random number generator device */dev/hashletrng*.
|
|
518
|
+
|
543
|
519
|
#+BEGIN_SRC: bash
|
544
|
|
-mknod /dev/hashletrng p
|
545
|
|
-emacs /root/hashletupdate
|
|
520
|
+emacs /usr/bin/hashletd
|
546
|
521
|
#+END_SRC
|
547
|
522
|
|
548
|
|
-Add the following:
|
549
|
|
-
|
550
|
523
|
#+BEGIN_SRC: bash
|
551
|
524
|
#!/bin/sh
|
552
|
525
|
|
|
526
|
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
|
|
527
|
+I2CBUS=2
|
|
528
|
+BYTES=32
|
|
529
|
+DEVICE=/dev/hashletrng
|
|
530
|
+
|
|
531
|
+# create a device
|
|
532
|
+if [ ! -e ${DEVICE} ]; then
|
|
533
|
+ mknod ${DEVICE} p
|
|
534
|
+fi
|
|
535
|
+
|
553
|
536
|
while :
|
554
|
537
|
do
|
555
|
|
-hashlet --bus=/dev/i2c-2 --Bytes 32 random-bytes > /dev/hashletrng
|
|
538
|
+hashlet --bus=/dev/i2c-${I2CBUS} --Bytes ${BYTES} random-bytes > ${DEVICE}
|
556
|
539
|
done
|
557
|
540
|
#+END_SRC
|
558
|
541
|
|
559
|
|
-Save and exit.
|
|
542
|
+Save and exit. Now create an init script to run it.
|
|
543
|
+
|
|
544
|
+#+BEGIN_SRC: bash
|
|
545
|
+emacs /etc/init.d/hashlet
|
|
546
|
+#+END_SRC
|
|
547
|
+
|
|
548
|
+Add the following:
|
|
549
|
+
|
|
550
|
+#+BEGIN_SRC: bash
|
|
551
|
+#!/bin/bash
|
|
552
|
+
|
|
553
|
+# /etc/init.d/hashlet
|
|
554
|
+
|
|
555
|
+### BEGIN INIT INFO
|
|
556
|
+# Provides: hashlet
|
|
557
|
+# Required-Start: $remote_fs $syslog
|
|
558
|
+# Required-Stop: $remote_fs $syslog
|
|
559
|
+# Default-Start: 2 3 4 5
|
|
560
|
+# Default-Stop: 0 1 6
|
|
561
|
+# Short-Description: hashlet
|
|
562
|
+# Description: Creates a random number generator device
|
|
563
|
+### END INIT INFO
|
|
564
|
+
|
|
565
|
+# Author: Bob Mottram <bob@robotics.uk.to>
|
|
566
|
+
|
|
567
|
+#Settings
|
|
568
|
+SERVICE='hashlet'
|
|
569
|
+LOGFILE='/dev/null'
|
|
570
|
+COMMAND="/usr/bin/hashletd"
|
|
571
|
+USERNAME='root'
|
|
572
|
+NICELEVEL=19
|
|
573
|
+HISTORY=1024
|
|
574
|
+INVOCATION="nice -n ${NICELEVEL} ${COMMAND}"
|
|
575
|
+PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
|
|
576
|
+
|
|
577
|
+hashlet_start() {
|
|
578
|
+echo "Starting $SERVICE..."
|
|
579
|
+su --command "screen -h ${HISTORY} -dmS ${SERVICE} ${INVOCATION}" $USERNAME
|
|
580
|
+}
|
|
581
|
+
|
|
582
|
+
|
|
583
|
+hashlet_stop() {
|
|
584
|
+echo "Stopping $SERVICE"
|
|
585
|
+su --command "screen -p 0 -S ${SERVICE} -X stuff "'^C'"" $USERNAME
|
|
586
|
+}
|
|
587
|
+
|
|
588
|
+
|
|
589
|
+#Start-Stop here
|
|
590
|
+case "$1" in
|
|
591
|
+ start)
|
|
592
|
+ hashlet_start
|
|
593
|
+ ;;
|
|
594
|
+ stop)
|
|
595
|
+ hashlet_stop
|
|
596
|
+ ;;
|
|
597
|
+ restart)
|
|
598
|
+ hashlet_stop
|
|
599
|
+ sleep 10s
|
|
600
|
+ hashlet_start
|
|
601
|
+ ;;
|
|
602
|
+ *)
|
|
603
|
+ echo "Usage: $0 {start|stop|restart}"
|
|
604
|
+ exit 1
|
|
605
|
+ ;;
|
|
606
|
+esac
|
|
607
|
+
|
|
608
|
+exit 0
|
|
609
|
+#+END_SRC
|
|
610
|
+
|
|
611
|
+Save and exit, then start the daemon.
|
|
612
|
+
|
|
613
|
+#+BEGIN_SRC: bash
|
|
614
|
+chmod +x /usr/bin/hashletd
|
|
615
|
+chmod +x /etc/init.d/hashlet
|
|
616
|
+update-rc.d hashlet defaults
|
|
617
|
+service hashlet start
|
|
618
|
+#+END_SRC
|
|
619
|
+
|
|
620
|
+Then to obtain some random bytes:
|
560
|
621
|
|
561
|
622
|
#+BEGIN_SRC: bash
|
562
|
|
-chmod +x /root/hashletupdate
|
|
623
|
+cat /dev/hashletrng
|
563
|
624
|
#+END_SRC
|
564
|
625
|
|
|
626
|
+The rate of entropy generation by the Hashlet seems very slow compared to */dev/hwrng*, and this is most likely because of the I2C interface. So it's probably a good idea to keep hwrng as the main random source and only use the Hashlet's random number generator for any ancillary stuff.
|
|
627
|
+
|
565
|
628
|
** Alter ssh configuration
|
566
|
629
|
|
567
|
630
|
Altering the ssh configuration will make it a little more secure than the standard Debian settings.
|
|
@@ -6826,6 +6889,79 @@ Within a browser open https://mydomainname.com:8888
|
6826
|
6889
|
|
6827
|
6890
|
See documentation in /usr/share/doc/kune/INSTALL.gz
|
6828
|
6891
|
|
|
6892
|
+** Loomio
|
|
6893
|
+
|
|
6894
|
+#+BEGIN_SRC: bash
|
|
6895
|
+apt-get install imagemagick libmagickcore-dev postgresql libmagickwand-dev
|
|
6896
|
+#+END_SRC
|
|
6897
|
+
|
|
6898
|
+psql -d postgres
|
|
6899
|
+postgres=# create role postgres login createdb;
|
|
6900
|
+postgres=# \q
|
|
6901
|
+
|
|
6902
|
+
|
|
6903
|
+#+BEGIN_SRC: bash
|
|
6904
|
+cd /srv
|
|
6905
|
+git clone https://github.com/loomio/loomio.git
|
|
6906
|
+cd /srv/loomio
|
|
6907
|
+bundle install
|
|
6908
|
+cp config/database.example.yml config/database.yml
|
|
6909
|
+cp .example-env .env
|
|
6910
|
+bundle exec rake db:create
|
|
6911
|
+bundle exec rake db:schema:load
|
|
6912
|
+bundle exec rake db:schema:load RAILS_ENV=test
|
|
6913
|
+bundle exec rake db:seed
|
|
6914
|
+#+END_SRC
|
|
6915
|
+
|
|
6916
|
+foreman start
|
|
6917
|
+
|
|
6918
|
+Edit the Apache configuration for your mediagoblin site.
|
|
6919
|
+
|
|
6920
|
+#+BEGIN_SRC: bash
|
|
6921
|
+emacs /etc/apache2/sites-available/myloomiodomain
|
|
6922
|
+#+END_SRC
|
|
6923
|
+
|
|
6924
|
+Delete the existing configuration (in Emacs it's CTRL-x h then CTRL-w) and paste the following, replacing /myloomiodomain/ with your mediagoblin domain name and /myusername@mydomainname.com/ with your email address.
|
|
6925
|
+
|
|
6926
|
+#+BEGIN_SRC: bash
|
|
6927
|
+<VirtualHost *:80>
|
|
6928
|
+ ServerAdmin myusername@mydomainname.com
|
|
6929
|
+
|
|
6930
|
+ DocumentRoot /srv/myloomiodomain
|
|
6931
|
+ ServerName myloomiodomain
|
|
6932
|
+
|
|
6933
|
+ <Directory />
|
|
6934
|
+ Options FollowSymLinks
|
|
6935
|
+ AllowOverride None
|
|
6936
|
+ </Directory>
|
|
6937
|
+ <Directory /srv/myloomiodomain/>
|
|
6938
|
+ Options Indexes FollowSymLinks MultiViews
|
|
6939
|
+ AllowOverride All
|
|
6940
|
+ Order allow,deny
|
|
6941
|
+ allow from all
|
|
6942
|
+ </Directory>
|
|
6943
|
+
|
|
6944
|
+ LogLevel warn
|
|
6945
|
+
|
|
6946
|
+ ProxyVia On
|
|
6947
|
+
|
|
6948
|
+ ProxyRequests off
|
|
6949
|
+ ProxyPreserveHost on
|
|
6950
|
+
|
|
6951
|
+ ProxyPass / http://localhost:3000/
|
|
6952
|
+
|
|
6953
|
+ ErrorLog "/var/log/apache2/error.log"
|
|
6954
|
+ CustomLog "/var/log/apache2/access.log" combined
|
|
6955
|
+
|
|
6956
|
+ RewriteEngine On
|
|
6957
|
+ RewriteOptions Inherit
|
|
6958
|
+</VirtualHost>
|
|
6959
|
+#+END_SRC
|
|
6960
|
+
|
|
6961
|
+Save and exit.
|
|
6962
|
+
|
|
6963
|
+Now in a browser visit http://myloomiodomain and create a user.
|
|
6964
|
+
|
6829
|
6965
|
* Related projects
|
6830
|
6966
|
|
6831
|
6967
|
* [[https://freedomboxfoundation.org/][Freedombox]]
|