Knowledge Base (old posts, page 42)

Export Firefox (and other Mozilla-based browser) bookmarks without Firefox

bgstack15

2021-01-05 08:36

I wrote a library in Python3 to export the bookmarks from Mozilla-based browsers. That means, for browsers like Waterfox, Palemoon, LibreWolf, Firefox, and others, you can use some python commands to extract bookmarks into an html file. Check out the source at gitlab. The basic usage includes finding the available profile directories.

$ python3
>>> import mbbmlib
>>> mbblib.find_available_places() # takes an optional string, which is the directory to search under. Default is your $HOME.
['/home/bgstack15/.config/newmoon','/home/bgstack15/.mozilla/firefox/l1834dn1.default']
>>> mbblib.export_bookmarks_to_html("/home/bgstack15/.mozilla/firefox/l1834dn1.default","/mnt/public/bookmarks-desktop5.html",fetch_icons=True,debuglev=8)

It will output an html file with unordered lists of the contents, in order, of your bookmarks. I did notice it does not handle separators, so if you really want separators, please submit a pull request! I know Firefox and similar browsers can export their bookmarks within the browser itself. I didn't want to run the browser to access these values, as well as I wanted to force the icons to be included which is not a function that Firefox does. Screenshot
of a few bookmarks from an html file generated with
mbbmlib

Trivia

Firefox does not store its bookmarks' icons in favicons.sqlite. I had to use the Google favicon api http://www.google.com/s2/favicons?sz={0}&domain={1}".format(iconsize,domain) to download favicons. It was that, or write a lot of logic to try all the places a favicon could be, for a given domain. And yes, I know a favicon can be different for pages underneath a domain. I was taking the easy route. Feel free to fix this one too with a patch! I really struggled with the blasted encoding of things as you can see from the screenshots. If you want to submit a patch for that, please save me from myself!

GNU screen notes

bgstack15

2021-01-01 08:32

Comments

Look through scrollback, which includes pressing slash to search, and space- scrolling-space to select text.

CTRL+a, [

To escape viewing scrollback, press ESC. Paste what you had selected from scrollback:

CTRL+a, ]

Detach from a screen inside a screen session, courtesy of a user named chaos on Unix StackExchange.

CTRL+a, a, d

List help:

CTRL+a, ?

Split current session into two windows, switch to second window, and start new shell session in that window.

CTRL+a, |
CTRL+a, TAB
CTRL+a, c

I had some trouble running my "set -o vi" ESC commands in bash when inside a screen (or inside a screen inside a screen), but I found that pressing SHIFT with ESC made it recognize the ESC key more often.

LibreWolf dpkg for Debian is now available

bgstack15

2020-12-27 08:45

Comments

I recently came across the LibreWolf project, which is a community that maintains a set of patches on top of current Firefox, to stay focused on privacy. I wrote a script that builds the assets required to build a dpkg of Librewolf. I submitted a merge request to the LibreWolf team to include this script. You can go download LibreWolf for Devuan and Debian from my OBS space. In case I ever purge my gitlab space, here is the script and its conf file.

#!/bin/sh
# File: prep-librewolf-dpkg.sh
# Location: https://gitlab.com/bgstack15/librewolf-linux.git
# Latest supported version: librewolf-83.0-1
# Author: bgstack15
# SPDX-License-Identifier: CC-BY-SA-4.0
# Startdate: 2020-11-29
# Title: Build Dpkg for LibreWolf
# Purpose: Prepare initial assets for running "dpkg-buildpackage -b -us -uc" for LibreWolf by adapting Debian Firefox assets
# History:
# Usage:
#    Can send these final assets up to Open Build Service
# References:
#    Script numbers from https://gitlab.com/librewolf-community/browser/linux/-/tree/master/binary_tarball/scripts
# Improve:
#    Make this idempotent. Right now it is very much not.
# Dependencies:
#    wget, git, tar, awk, sed

#####################################
# Load settings

# basically, dot-source the conf file.
test -z "${librewolf_dpkg_conf}" && export librewolf_dpkg_conf="$( find "$( dirname "${0}" )" -maxdepth 2 -name "$( basename "${0%%.sh}.conf" )" -print 2>/dev/null | head -n1 )"
test ! -r "${librewolf_dpkg_conf}" && { echo "Unable to load config file, which should be named the same as this script but with a .conf ending. Aborted." 1>&2 ; exit 1 ; }
. "${librewolf_dpkg_conf}"

#####################################
# Download initial components

# Download upstream Debian assets, which includes
#   1. orig tarball, which in Debian is not always the pristine contents from upstream source
#   2. debian/ directory which defines how to build a package for Debian
#   3. Debian source package control file
cd "${work_dir}"
test -z "${SKIP_DOWNLOAD}" && {
   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${firefox_version}".orig.tar.xz # -O librewolf_"${firefox_version}".orig.tar.xz
   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".debian.tar.xz # -O librewolf_"${debian_firefox_version}".debian.tar.xz
   wget --content-disposition http://deb.debian.org/debian/pool/main/f/firefox/firefox_"${debian_firefox_version}".dsc # -O librewolf_"${debian_firefox_version}".dsc
}

# extract these contents to where they belong
mkdir -p "${source_dir}"
test -z "${SKIP_EXTRACT}" && {
   echo "Extracting files from orig and debian tarballs. This might take a while." 1>&2
   tar -C "${source_dir}" -Jx --strip-components=1 -f firefox_"${firefox_version}".orig.tar.xz
   tar -C "$( dirname "${debian_dir}" )" -Jxf firefox_"${debian_firefox_version}".debian.tar.xz
   # dsc file is a text file and needs no extraction
}

# Download git sources
test -z "${SKIP_GIT}" && (
   # yes, use a sub-shell because of this cd. pushd is a bash builtin, but we are using sh and not bash.
   cd "${git_source_dir}"
   git clone "${librewolf_common_url}" common
   git clone "${librewolf_settings_url}" settings
   git clone "${librewolf_linux_url}" linux
)

#####################################
# Script 1 tasks

# update debian/control file
# update fields and add libjack-dev
sed -i -r "${debian_dir}"/control \
   -e '/^[[:alpha:]]+: firefox/s/firefox/librewolf/' \
   -e '/^Package:.*-l10/,$d' \
   -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack <bgstack15@gmail.com>' -e '}' \
   -e '/^Uploaders:/d' \
   -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \
   -e '/^Vcs-/d' \
   -e '/Breaks:.*xul-ext-torbutton/d' \
   -e '/Description:/,+8{/Description:/,/^\s*$/d}'
cat <<'EOF' >> "${debian_dir}"/control
Description: LibreWolf variant of Mozilla Firefox web browser
 LibreWolf is a build of Firefox that seeks to protect user privacy,
 security, and freedom.
EOF

#####################################
# Script 2 tasks

# none. Dependencies are handled by the build environment by interpreting the dsc file.

#####################################
# Script 3 tasks

# overlay the orig tarball contents with LibreWolf contents
# LibreWolf branding
cp -pr "${git_source_dir}"/common/source_files/browser/branding "${source_dir}"/browser/
# update mozconfig with needed info
sed -i -e '/with-app-name=/d' "${debian_dir}"/browser.mozconfig.in
cat <<EOF >> "${debian_dir}"/browser.mozconfig.in

# Start of LibreWolf effects
ac_add_options --disable-tests
ac_add_options --disable-debug

ac_add_options --prefix=/usr
ac_add_options --enable-release
ac_add_options --enable-hardening
ac_add_options --enable-rust-simd

# Branding ac_add_options --enable-update-channel=release 
ac_add_options --with-app-name=librewolf
ac_add_options --with-app-basename=LibreWolf
ac_add_options --with-branding=browser/branding/librewolf
ac_add_options --with-distribution-id=io.gitlab.librewolf
ac_add_options --with-unsigned-addon-scopes=app,system
ac_add_options --allow-addon-sideload
export MOZ_REQUIRE_SIGNING=0

# Features
ac_add_options --enable-jack
ac_add_options --disable-crashreporter

# Disables crash reporting, telemetry and other data gathering tools
mk_add_options MOZ_CRASHREPORTER=0
mk_add_options MOZ_DATA_REPORTING=0
mk_add_options MOZ_SERVICES_HEALTHREPORT=0
mk_add_options MOZ_TELEMETRY_REPORTING=0

ac_add_options --disable-elf-hack

# LibreWolf binary release uses clang-11 but Debian builds Firefox with gcc so this is irrelevant.
#export CC='clang-11'
#export CXX='clang++-11'
#export AR=llvm-ar-11
#export NM=llvm-nm-11
#export RANLIB=llvm-ranlib-11

ac_add_options --enable-optimize
EOF

# add patches to debian/patches
mkdir -p "${debian_dir}"/patches/librewolf
cp -pr "${git_source_dir}"/linux/megabar.patch "${git_source_dir}"/linux/remove_addons.patch \
   "${git_source_dir}"/linux/deb_patches/*.patch \
   "${debian_dir}"/patches/librewolf/
cat <<EOF >> "${debian_dir}"/patches/series
librewolf/lower-python3-requirement.patch -p1
librewolf/armhf-reduce-linker-memory-use.patch -p1
#librewolf/build-with-libstdc++-7.patch -p1
librewolf/fix-armhf-webrtc-build.patch -p1
librewolf/webrtc-fix-compiler-flags-for-armhf.patch -p1
librewolf/python3-remove-variable-annotations.patch -p1
librewolf/python3-remove-fstrings.patch -p1
librewolf/python3-remove-pep487.patch -p1
librewolf/silence-gtk-style-assertions.patch -p1
librewolf/sandbox-update-arm-syscall-numbers.patch -p1
librewolf/remove_addons.patch -p1
librewolf/megabar.patch -p1
EOF
# observe that build-with-libstdc++-7 is disabled for this dpkg. Debian builds Firefox with gcc, not clang.
# fix some fuzz in remove_addons.patch. The space is important!
sed -i -r -e 's/libs /l10n /;' "${debian_dir}"/patches/librewolf/remove_addons.patch

# additional main LibreWolf activities
# disable pocket in source
sed -i "/'pocket'/d" "${source_dir}"/browser/components/moz.build
sed -i "/SaveToPocket\.init/d" "${source_dir}"/browser/components/BrowserGlue.jsm
# Remove internal plugin certificates
sed -i -r -e '/organizationalUnit.{0,5}=.{0,5}Mozilla/{N;N;N;d}' "${source_dir}"/toolkit/mozapps/extensions/internal/XPIInstall.jsm
# allow SearchEngines option in non-ESR builds
sed -i -r -e '/enterprise_only/s#true#false#g;' "${source_dir}"/browser/components/enterprisepolicies/schemas/policies-schema.json

#####################################
# Script 4 tasks

sed -i -r -e '2{
   iexport DEB_BUILD_HARDENING=1
   ;iexport DEB_BUILD_HARDENING_STACKPROTECTOR=1
   ;iexport DEB_BUILD_HARDENING_FORTIFY=1
   ;iexport DEB_BUILD_HARDENING_FORMAT=1
   ;iexport DEB_BUILD_HARDENING_PIE=1
   ;iexport CPP
}
/^EXPORTS/{
   iCPPFLAGS += -D_FORTIFY_SOURCE=2
   ;iCFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt
   ;iCXXFLAGS += -march=x86-64 -mtune=generic -O2 -pipe -fno-plt
   ;iLDFLAGS += -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now
}
2{
   iexport MOZ_NOSPAM=1
   iexport MACH_USE_SYSTEM_PYTHON=1
}
' "${debian_dir}"/rules

#####################################
# Additional steps for dpkg implementation

# fix the binary name that gets installed in /usr/bin, and disable crash reporter by changing what variable name it looks for that will enable it
sed -i -e '/%if browser/,+2s/firefox/librewolf/' \
   -e '/%if CRASH_REPORTER/s/CRASH_REPORTER/CRASH_REPORTER_ENABLED/' \
   "${debian_dir}"/browser.install.in

# add changelog contents for LibreWolf
new_changelog="$( mktemp )"
{
   cat <<EOF
librewolf (83.0-1) unstable; urgency=low

  * Fork to librewolf release

 -- B. Stack <bgstack15@gmail.com>  $( date "+%a, %d %b %+4Y %T %z" )

EOF
   cat "${debian_dir}"/changelog
} > "${new_changelog}"
cat "${new_changelog}" > "${debian_dir}"/changelog

rm -f "${new_changelog:-NOTHINGTODEL}"

#####################################
# Build new assets 
# dpkg-buildpackage needs the orig tarball, debian tarball, and dsc file.

echo "Building new tarballs. This might take a while." 1>&2

# orig tarball
cd "${work_dir}"
tar -Jc -f librewolf_"${firefox_version}".orig.tar.xz -C "$( dirname "${source_dir}" )" librewolf_"${firefox_version}"

# debian tarball
tar -Jc -f librewolf_"${debian_firefox_version}".debian.tar.xz -C "$( dirname  "${debian_dir}" )" debian

# dsc file, which needs to be modified
cd "${work_dir}"
sed -r \
   -e '/^(Files|Checksums-.{0,8}):/,$d' \
   -e '1,/^Format:/{/^Format:/!{d}}' \
   -e 's/^([[:alpha:]]+:).* firefox(-l10n[^\s]*)*/\1 librewolf/' \
   -e '/firefox-l10n/d' \
   -e '/^Maintainer:/{s/Maintainer:/XSBC-Original-Maintainer:/;iMaintainer: B. Stack <bgstack15@gmail.com>' -e '}' \
   -e '/^Uploaders:/d' \
   -e '/libasound2-dev/s/libasound2-dev,/libasound2-dev, libjack-dev,/;' \
   -e '/^Vcs-/d' \
   -e '/^ firefox/s/firefox/librewolf/g' \
   firefox_"${debian_firefox_version}".dsc > librewolf_"${debian_firefox_version}".dsc
{
   echo "Files:"
   for word in librewolf*z ;
   do
      printf "%s %s\n" "$( stat -c '%s' "${word}" )" "$( md5sum "${word}" )" 
   done | awk '{print " "$2,$1,$3}'
} >> librewolf_"${debian_firefox_version}".dsc

# And now you have in the ${work_dir} location three files.
# librewolf_80.3.orig.tar.xz librewolf_80.3-1.debian.tar.xz librewolf_80.3-1.dsc

And the config file.

# Config file for prep-librewolf-dpkg.sh
# Configure these settings before running that script.

debian_firefox_version=83.0-1       # current version of Firefox package in Debian sid
firefox_version=83.0                # current version of Firefox

librewolf_common_url=https://gitlab.com/librewolf-community/browser/common.git
librewolf_settings_url=https://gitlab.com/librewolf-community/settings.git
librewolf_linux_url=https://gitlab.com/librewolf-community/browser/linux.git

# user configurable
git_source_dir=/usr/src/librewolf # where LibreWolf git contents are cached
debian_dir=/home/librewolf/debian # where the firefox_debian.tar.xz file is extracted
source_dir=/home/librewolf/librewolf_${firefox_version} # where firefox.orig.tar.xz file is extracted with --strip-components=1
work_dir=/home/librewolf

Squid add port that passes all traffic through

bgstack15

2020-12-23 09:18

Comments

proxy
squid

If you run a squid proxy and want to have an additional port, where it does zero interception, use these configuration entries.

http_port 3180 name=port_3180 # no ssl interception at all on this port
# allow port 3180 to pass ssl through
acl port_3180_acl myportname port_3180
always_direct allow port_3180_acl
ssl_bump splice port_3180_acl

Be sure the bottom three lines here are used before any other ssl_bump or always_direct directives.

Download file from Open Build Service (OBS) from command line

bgstack15

2020-12-19 08:59

Comments

I really like the Open Build Service by the OpenSUSE team. I wrote a tool that will download an OBS service run asset on the cli. This tool interacts with the authentication mechanism so you can get the relevant cookies and accomplish your task. Check it out: https://gitlab.com/bgstack15/obs-dl Yes, it's insecure. Set environment variables USERNAME and PASSWORD and then run command:

./obs-dl https://build.opensuse.org/source/home:bgstack15/freefilesync/_service:recompress:tar_scm:FreeFileSync.tar.gz?rev=9410c094a8ce7fb9df4042c405ea0c7b

url-encode in a shell script

bgstack15

2020-12-15 09:21

Comments

If you need to transform a string into a url-encoded format and you want to avoid bash, here is my adaptation of a fantastic unix.com post.

#!/bin/sh
# Author: Chubler_XL
# Converted to dash from bash version at https://www.unix.com/shell-programming-and-scripting/277083-url-encoding-string-using-sed.html

url_var() {
   LC_ALL=C
   ___encoded=""
   ___temp="$( mktemp )"
   # needs GNU head
   echo "${1}" | sed -r -e 's/(.)/\1\n/g;' | head -n -1 | while read char ;
   do
      #echo "Char: ${char}"
      test '\0' != "${char}" &&
      case "${char}" in
         [a-zA-Z0-9/_.~-] ) ___encoded="${___encoded}${char}" ; test -n "${DEBUG}" && echo "Found simple \"${char}\"" 1>&2 ;;
         * ) ___encoded="${___encoded}$( $( which printf ) "%%%02x" "'${char}" )" ;;
      esac
      echo "${___encoded}" > "${___temp}"
   done
   ___encoded="$( cat "${___temp}" )" ; rm -f "${___temp}"
   echo "${___encoded}"
}

url_var "${1}"

I intend to add this to my bgscripts package at some point, as url-encode.

Date format for dpkg changelog

bgstack15

2020-12-11 09:24

Comments

This format works for me:

date "+%a, %d %b %+4Y %T %z"


Mon, 30 Nov 2020 09:24:07 -0200

Date format for rpm changelog

Increase ssh verbosity in running session

bgstack15

2020-12-07 09:02

Comments

oneliner
ssh

I remember the tilde-question mark mechanism in the openssh client to show available tilde commands.

$ ~?
Supported escape sequences:
 ~.   - terminate connection (and any multiplexed sessions)
 ~B   - send a BREAK to the remote system
 ~C   - open a command line
 ~R   - request rekey
 ~V/v - decrease/increase verbosity (LogLevel)
 ~^Z  - suspend ssh
 ~#   - list forwarded connections
 ~&   - background ssh (when waiting for connections to terminate)
 ~?   - this message
 ~~   - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)

So you can press carriage return, tilde, capital V to decrease verbosity, and CR,~,v to increase verbosity.

Disable apparmor for sssd

bgstack15

2020-12-03 08:39

Comments

tl;dr

Turn it off

sudo ln -sf /etc/apparmor.d/usr.sbin.sssd /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.sssd

Turn it back on

sudo unlink /etc/apparmor.d/disable/usr.sbin.sssd
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.sssd
sudo aa-status # to verify visually

The story

I use FreeIPA on Devuan GNU+Linux. It's only marginally supported in Debian, and even less so in Devuan. The sssd component, which is used to get entries in the passwd and group databases, tends to fill up /var/log/messages with way too many apparmor notices.

Nov 29 15:56:27 ws005 kernel: [2158971.927938] audit: type=1400 audit(1606683387.308:34490156): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_nss" name="/etc/host.conf" pid=16466 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 29 15:56:27 ws005 kernel: [2158971.928030] audit: type=1400 audit(1606683387.308:34490157): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_nss" name="/etc/resolv.conf" pid=16466 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 29 15:56:27 ws005 kernel: [2158971.928226] audit: type=1400 audit(1606683387.308:34490158): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/etc/resolv.conf" pid=16465 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 29 15:56:27 ws005 kernel: [2158971.928230] audit: type=1400 audit(1606683387.308:34490159): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_be" name="/dev/urandom" pid=16465 comm="sssd_be" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Nov 29 15:56:27 ws005 kernel: [2158971.928233] audit: type=1400 audit(1606683387.308:34490160): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd//null-/usr/libexec/sssd/sssd_sudo" name="/etc/host.conf" pid=16467 comm="sssd_sudo" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I miss SELinux.

References

Adapted directly from Ubuntu Linux: Disable Apparmor For Specific Profile / Service Such As Mysqld Server - nixCraft

Configuring znc

bgstack15

2020-11-29 09:20

Comments

I spent some time configuring an irc bouncer so I can see messages from the times even when my client is not logged in. Based on the recommendation from a friend, I set up znc. Thankfully, in CentOS 8, znc 1.8.2 (current as of the time of this writing) is available!

sudo dnf install znc

To do the initial make config action, I ran it as my own user.

znc -c

And I followed the prompts. You set up an account on znc, which is the username you will use from your client when connecting to your "irc server" being run by znc. You can set up a network as well, which is where znc acts as the irc client to a server. Once you have that going, you can stop the server. I always just kill it, as my own user of course.

killall znc

Be sure to open up whatever port on your firewall you picked to run the little web server:

sudo firewall-cmd --add-port=1472/tcp --permanent
sudo firewall-cmd --reload

I was connecting one of my networks to a custom ngircd+Atheme server, where Atheme doesn't have a standard setup for nicks.

/msg *nickserv SetCommand IDENTIFY PRIVMSG NickServ :IDENTIFY {password}

Is what I needed to type in my client. As well as visit the web portal, and ensure that "nickserv" mod was enabled for the network in question. And then to take advantage of the distro-provided znc service, I had to migrate my ~/.znc to the proper location.

killall znc
sudo mv ~/.znc /var/lib/znc/.znc
sudo chown -R znc.znc /var/lib/znc
sudo restorecon -R /var/lib/znc
sudo systemctl enable znc
sudo systemctl start znc


# References


https://wiki.znc.in/Nickserv

Trivia

Related

tl;dr

Turn it off

Turn it back on

The story

References