Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Send desktop notification to other user

bgstack15

Comments

Main workflow

Here are some notes about sending desktop notifications to a different user, perhaps even on a different system.

ssh destinationhostname

Find something with the dbus session bus address.

eval $( /bin/grep -sozZe '^DBUS_SESSION_BUS_ADDRESS=[a-zA-Z0-9:=,/-]*$' /proc/*/environ | tr '\0' '\n' | sort -u | grep -i dbus_session_ )

On my desktops, I know the session is using fluxbox (except for that one XFCE system).

eval $( sudo /bin/grep -sozZe '^DBUS_SESSION_BUS_ADDRESS=[a-zA-Z0-9:=,/-]*$' /proc/$( pidof fluxbox )/environ )
export DISPLAY=:0

Find the user running fluxbox, and merge in to current user the xauth.

sudo su - "$( stat -c '%U' "/proc/$( pidof fluxbox )" )" -c "xauth extract - :0" | xauth merge -

Technically this next command makes a new notification-daemon process, but that is acceptable to me.

notify-send "Hello world"

References

Weblinks

  1. Use su with ssh X-forwarding | Knowledge Base (this blog)
  2. ubuntu - notify-send to other user on the same system - Super User

Additional reading

I cannot remember for sure if I used any commands from here, but this is fantastic reading, as always: Desktop notifications - ArchWiki

My github credential for git

bgstack15

Comments

A few years ago, Github decided passwords were not good enough, and made me use a static password that must be stored somewhere on the filesystem. How is that better than a password I type every ~hour?

So here's how I automated it so I never have to cat token-github for pasting into the auth form when pushing to the cruddy old github. I push changes there only for projects that already exist there; I don't use github for my own projects.

You set up ~/.gitconfig like so.

[includeIf "hasconfig:remote.*.url:https://github.com/**"]
   path = ~/.gitconfig-github

And then ~/.gitconfig-github like the following.

# References:
#    man git-config
#    https://medium.com/@jogarcia/different-git-configurations-for-different-remote-repositories-276759c4f14c
[core]
   askPass = /home/bgstack15/.gitconfig-github.sh
[credential]
   username = bgstack15

And then finally ~/.gitconfig-github.sh.

#!/bin/sh
cat /path/to/token-github

I didn't want to deal with how git might parse spaces in askPass=, so it was logical to use a shell script.

And now Github gets what it wants (a password stored somewhere on the filesystem), and I get what I want (auth without copy-pasting).

References

  1. Different git configurations for different remote repositories | by Jose Garcia | Medium

Play Frogger on Devuan desktop

bgstack15

Comments

To play Frogger, I used my Dosbox-X installation that runs Windows 98. So I guess it wasn't directly on Devuan, sorry.

I had to load up an iso file with the installer,

mkisofs -J -rock -V Frogger -o frogger.iso dir-with-frogger-installer/

And then I could configure dosbox-x.conf to load that.

[autoexec]
IMGMOUNT C hdd.img
IMGMOUNT F "/home/bgstack15/.dosbox-x/frogger.iso"
BOOT C:

And then just run dosbox-x, and install the game inside my emulated Windows environment!

It struggled with resizing the window and going full-screen, i.e., it completely failed when trying those operations. But you can just adjust the screen resolution beforehand if necessary.

Screenshot of gameplay

Configure Windows 7 with Powershell my way

bgstack15

Comments

I recently reinstalled Windows 7 in some virtual machines. I was following my process to configure the system in a usable way, which involves setting some things like a black background on the login screen, hiding "Libraries" and other cruft from Windows Explorer (this is before it was renamed to File Explorer), and so on.

I have applied my professional Powershell skills to this old document, with a curious legacy twist because Powershell 2.0 is missing some features I would have found useful. Now I've turned my 15-minute set of steps into a 10-minute set of steps, for the thing I do once every 7 years, hooray! It only took me a few fun hours.

Here is the instructions for customizing my Windows 7 install, which is the basis (and comments) for the following powershell script.

files/2025/listings/windows-7-config.txt (Source)

Filename: windows-7-config.txt
Location: bgstack15.ddns.net/blog
Author: bgstack15
Startdate: 2013-04-15
Title: Standard Settings for a New W7 System
Purpose: To provide a standard for settings and customization
History:
Usage:
Reference:
   %Setups%\Default\W8def.txt
Improve:
# Install Windows 7 Professional
# Iso files:
#    /mnt/public/Support/SetupsBig/en_windows_7_professional_with_sp1_x86_dvd_u_677056.iso
#    /mnt/public/Support/SetupsBig/en_windows_7_professional_x64_dvd_x15-65805.iso
Physical machine, from Windows
- Copy the .iso contents to a blank hdd.
- Run "E:\boot\bootsect.exe /nt60 e:" for the drive letter in use for this hdd.
- Mark the partition as active in "Compmgmt.msc."
- Place the drive in the target system and install Windows 7 to its own drive.
- Select username bgstack15-local\\[old domain pw]
- Enable rdp connections in "System Properties\Remote tab"
- Rename "C:\support" as "C:\tsupport" or otherwise.
Copy %Setups% as C:\Support\Setups
Md "C:\Support\Installed"
Create "C:\Support\Installed\$HOST.txt"
Disable UAC
- Start menu\search box "uac"\"Change User Account Control Settings"
   - Set slider to bottom, "Never notify"
Configure Windows interface and default settings
- Enable network sharing features.
   - Control Panel\Network and Internet Settings\Network and Sharing Center\"Change Advanced Sharing Settings"
   - Domain profiles: Turn on network discovery, Turn on file and printer sharing
   - To allow HSP\SERVER access, visit "Control Panel\Network and Internet\Network and Sharing Center" and select "Change advanced sharing settings" on the left. On the bottom of this screen is "Allow user accounts and passwords to connect to other computers." Enable it.
- Personalize the taskbar.
   - Unpin everything from the taskbar: IE, Explorer, Media Player
   - Right-click Taskbar, Properties\Taskbar tab--> unlock taskbar, use small icons, never combine/hide labels
   - Create Quicklaunch toolbar.
     - Right-click Taskbar, Toolbars\New toolbar--> %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch
     - Right-click this new toolbar--> Uncheck show title, uncheck show text
     - Arrange toolbar to be on far left.
     - Delete the 2 icons there: show desktop, switch between windows.
   - Drag taskbar to be 2small-icons tall.
- Personalize Windows: Try "C:\Support\Setups\Default\Albion-Desktops-baseline.theme"
   - Right-click Desktop\Properties-->Windows Classic theme
   - Desktop color black
   - Adjust color scheme to have red titlebar and selection: transform the numbers RGB --> BGR.
   - Save theme if not in RDP and you were able to adjust the gradient color of titlebars also.
   - Right-click clock\Adjust date and time\Change date and time\Change calendar settings\
     - Date tab\Short date: YYYY-mm-dd
     - Currency tab\negative currenty: $-1.1 (down 2)
     - Time tab\Both short and long time: HH:mm.ss
   - Control Panel\Ease of Access\Ease of Access Center\"Make the keyboard easier to use"\underline keyboard shortcuts and access keys
- Personalize Explorer.
   - Tools\Folder options\
   - Check both boxes in General tab\Navigation pane (show all folders, expand to current folder)
   - View tab\ (See %setups%\Default\Explorer01.png for settings)
   - Apply to all folders
   - View menu\
     - Details (ALT+V,D)
     - Group by none (ALT+V,P,N)
     - Status bar (ALT+V,B)
- Personalize desktop
   - Delete files desktop.ini from desktop
   - Right-click desktop\View\"small icons"
   - Empty Recycle Bin
Adjust power settings (for battery-enabled devices)
Adjust drives
- Change CD drive letter to F: using Compmgmt.msc
- Rename C: to "C_$HOST"
Update Windows.
- Run %Setups%\Win7\dotNetFx40_Full_x86_x64.exe
- Configure Windows Updates
  - Set option to "Never check for updates."
Adjust Explorer mostly with registry settings
- Try file "C:\Support\Setups\Default\W7_explorer.reg"
- Only x64 systems need the Wow6432Node directory.
- might need to allow permission by right-clicking and allowing all users permissions to these keys.
- Hide libraries.
   - [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}]
   - [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}]
- Hide Favorites.
   - HKEY_CLASSES_ROOT\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder changing "Attributes" to 0xa9400100
- Hide user folder.
   - HKEY_CLASSES_ROOT\CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\ShellFolder changing "Attribute" to 0xf094012d
- Remove homegroups.
   - services.msc\"Homegroup Provider" disabled and stopped.
- Hide Action Center from system tray
   - Systray\More icons\Customize...\"Turn system icons on or off"
   - Set Action Center to off.
- Restarting Explorer is required to take effect (Logon Screen Tweaker below will do that automatically!).
- Rename C:\autorun.inf to autoruna.inf to prevent the disk icon from looking like the Setup icon.
- Change NIC names to typeable format
   - "Local Area Connection" --> "NIC"
   - "Wireless ..." "WNIC"
   - If more than one of a type, do "NIC1" "NIC2" etc.
Configure msconfig
- msconfig\boot tab
- Remove "Windows Setup" option
- Check "Make all boot settings permanent"
- Save and close
Run Logon Screen Tweaker
- Use image "C:\Support\Setups\Default\black.png"
Install 7+ Taskbar Tweaker (7tt_setup.exe)
- Refer to %setups%\default\7tt.png
Install Classic Shell
- Load default settings from "C:\Support\Setups\Default\ClassicShell_Start_Menu.xml"
- In the Classic start menu, set "Default Programs" link to the name "is $HOST"
- Change user picture
   - Copy %Setups%\Default\user01.jpg to C:\Support\Installed\user02.jpg
   - Use pbrush to add opaque text overlay in bottom right: "$HOST" in size 12 Courier New font.
   - Use real Start menu to set photo.
Install Notepad++
- Plugins menu\Plugin Manager\"Show Plugin Manager"
- Check "Compare"
- Check "TextFX Characters"
- Select Install and restart Npp
- Adjust shortcuts
   - Settings menu\"Shortcut mapper..."
     - Main menu tab\271 Run... "none"
     - Plugins tab\193 I:Date & Time - short format "F5"
- Settings menu\Preferences...
   - Auto-Completion tab\"Enable auto-completion on each input" unchecked
   - Misc tab\"Document swicher" unchecked
   
Install NotepadReplacer
- Point to "C:\Program Files\Notepad++\notepad++.exe"
- Copy %Setups%\notepadex.exe to C:\Windows\System32\
7-zip
Adobe Acrobat Reader 6.0
Irfanview 4.44 and all plugins
PrimoPDF
ArsClip
- Extract the exe to C:\Program Files (x86)\Arsclip
- Regedit\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"Arsclip" reg_expand_sz:"C:\Program Files (x86)\Arsclip\Arsclip.exe"
- Adjust NTFS permissions on C:\Program Files (x86)\Arsclip to allow all users full access
VLC
VirtualDrivePro 15
- clear cabinet
- Set drives up to 3 total for H, I, J.
- Refer to %setups%\default\VDM.png
Winkey replacement-- AutoHotKey
- Install AutoHotKey
- Copy %setups%\Default\Shortcut_keys.ahk to "C:\Support\Installed\Shortcut_keys.ahk"
- regedit\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"Shortcut keys"
   - value reg_expand_sz:"C:\Program Files\AutoHotKey\AutoHotKey.exe" "C:\Support\Installed\Shortcut_keys.ahk"
- Adjust NTFS permissions on C:\Program Files\AutoHotKey to allow all users full access
Office 2013 (from iso with VDP)
- See %setups%\Default\O2013def.txt
Map network shares
- Credential Manager
   - server1.ipa.internal.com ipa\bgstack15 [old domain password]
- Make a shortcut in %Appdata%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
   - C:\Support\Installed\map.bat "C:\Support\Installed\map.csv"

files/2025/listings/windows-7-config.ps1 (Source)

# File: windows-7-config.ps1
# Location: bgstack15.ddns.net/blog
# Author: bgstack15
# Startdate: 2025-06-26 13:35
# Title: Automate Some Steps from W7def
# Project: SETUPS directory
# Purpose: Automate some of the steps from W7def.txt, in Windows 7 pwsh 2.0
# History:
# Usage:
#    If possible, run the whole thing in admin powershell window, but otherwise copy-paste each section as you get to it in W7def.txt
# Reference:
#    https://powershellcommands.com/set-acl-powershell
#    https://stackoverflow.com/questions/70049129/set-a-hex-registry-value-with-powershell
#    https://sudhakaryblog.wordpress.com/2019/09/16/requested-registry-access-is-not-allowed/
#    https://stackoverflow.com/questions/24366162/set-acl-requested-registry-access-is-not-allowed
# Improve:
# Dependencies:
#    Designed for Windows 7 with base powershell 2.0, which limits a few things
# Documentation:
#    This is designed to implement as much as possible from windows-7-config.txt and no more. NOTE: It does not implement everything, primarily installing applications.
Remove-Item HKLM:\"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
Remove-Item HKLM:\"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}"
Function Grant-Acl-To-Path {
   [CmdletBinding()]
   # Future improvement: calculate root key from any proper registry path
   param(
       ## appears to be unsupported in Powershell 2.0 on Windows 7
       #[ArgumentCompleter({
       #  enum PathTypeEnum { Filesystem = 1; Registry = 2; }
       #  [PathTypeEnum].GetEnumValues()
       #})]
       #[ValidateScript({
       #  enum PathTypeEnum { Filesystem = 1; Registry = 2; }
       #  [PathTypeEnum]$_
       #})]
       [Parameter(Mandatory=$false)][string]$PathType = "Filesystem"
      ,[Parameter(Mandatory= $true)][string]$Path = ""
      ,[Parameter(Mandatory=$false)][string]$rootKey = "HKCR"
      ,[Parameter(Mandatory= $true)][string]$Principal = "BUILTIN\Administrator"
      ,[Parameter(Mandatory= $true)][string]$Control = "FullControl"
      ,[Parameter(Mandatory= $true)][string]$AllowOrDeny = "Allow"
   )
   Write-Verbose $PathType
   If ($PathType -eq "Registry") {
      switch -regex ($rootKey) {
         'HKCU|HKEY_CURRENT_USER'    { $rootKeyname = 'CurrentUser' }
         'HKLM|HKEY_LOCAL_MACHINE'   { $rootKeyname = 'LocalMachine' }
         'HKCR|HKEY_CLASSES_ROOT'    { $rootKeyname = 'ClassesRoot' }
         'HKCC|HKEY_CURRENT_CONFIG'  { $rootKeyname = 'CurrentConfig' }
         'HKU|HKEY_USERS'            { $rootKeyname = 'Users' }
      }
      $key = [Microsoft.Win32.Registry]::$rootKeyname.OpenSubKey($Path,[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubtree,[System.Security.AccessControl.RegistryRights]::ChangePermissions)
      $rule = New-Object System.Security.AccessControl.RegistryAccessRule($Principal,$Control,$AllowOrDeny)
      $acl = $key.GetAccessControl()
      $acl.SetAccessRule($rule)
      Return $key.SetAccessControl($acl)
   }
   Elseif ($PathType -eq "Filesystem") {
      $acl = Get-Acl -Path $Path -Verbose:$Verbose
      $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($Principal,$Control,$AllowOrDeny)
      $acl.SetAccessRule($rule)
      Set-Acl -Path $Path -AclObject $acl -Verbose:$Verbose
   }
   Else {
      Write-Error "Invalid PathType chosen. Use FileSystem or Registry."
   }
}
Function Make-Shortcut {
   [CmdletBinding()]
   param(
       [Parameter(Mandatory= $true)][string]$Source
      ,[Parameter(Mandatory= $true)][string]$DestinationFile
      ,[Parameter(Mandatory=$false)][string]$Arguments
      ,[Parameter(Mandatory=$false)][string]$IconLocation
   )
   $WshShell = New-Object -COMObject WScript.Shell
   $Shortcut = $WshShell.CreateShortcut($DestinationFile)
   $Shortcut.TargetPath = $Source
   If ($Arguments) { $Shortcut.Arguments = $Arguments }
   If ($IconLocation) { $Shortcut.IconLocation = $IconLocation }
   $Shortcut.Save()
}
$RegPath = "CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder"
Grant-Acl-To-Path -Path $RegPath -rootKey "HKCR" -Principal "BUILTIN\Administrators" -Control "FullControl" -AllowOrDeny "Allow" -PathType Registry
Set-ItemProperty -Type DWORD -Value 0xA9400100 -Name Attributes -LiteralPath "Registry::HKEY_CLASSES_ROOT\$($RegPath)"
$RegPath = "CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\ShellFolder"
Grant-Acl-To-Path -Path $RegPath -rootKey "HKCR" -Principal "BUILTIN\Administrators" -Control "FullControl" -AllowOrDeny "Allow" -PathType Registry
Set-ItemProperty -Type DWORD -Value 0xf094012d -Name Attributes -LiteralPath "Registry::HKEY_CLASSES_ROOT\$($RegPath)"
Get-Service -Name HomeGroupProvider | Set-Service -StartupType Disabled
Set-ItemProperty -Path "Registry::HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" -Name "Arsclip" -Type "string" -Value "C:\Program Files (x86)\ArsClip\ArsClip.exe"
Write-Host "For VDPsecond"
Get-WmiObject win32_networkadapterconfiguration | select Description, MACAddress | ? {$_.MACAddress -ne $null}
New-Item -Path "C:\Support" -Name "Installed" -Type Directory -ErrorAction SilentlyContinue
Copy-Item -Path "C:\Support\Setups\Default\Shortcut_keys.ahk" -Destination "C:\Support\Installed"
Set-ItemProperty -Path "Registry::HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" -Name "Shortcut-Keys" -Type "ExpandString" -Value "`"C:\Program Files\AutoHotKey\AutoHotKey.exe`" `"C:\Support\Installed\Shortcut_keys.ahk`""
Grant-Acl-To-Path -Path "C:\Program Files (x86)\ArsClip" -principal "BUILTIN\Users" -Control "FullControl" -AllowOrDeny "Allow" -PathType Filesystem
# Make shortcut
Copy-Item -Path "C:\Support\Setups\Default\map.bat" -Destination "C:\Support\Installed"
Copy-Item -Path "C:\Support\Setups\Default\map.csv" -Destination "C:\Support\Installed"
Make-Shortcut -Source "C:\Support\Installed\map.bat" -Arguments "C:\Support\Installed\map.csv" -DestinationFile "$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup\map.lnk" -IconLocation "%SystemRoot%\system32\SHELL32.dll,148"

Windows 7 in QEMU needs particular virtual hardware

bgstack15

Comments

If you install Windows 7 in a qemu/libvirt vm on a libvirt/qemu system that does not have SPICE support, then it does not include some of the hardware that SPICE will need.

Even after I reinstalled qemu with SPICE re-enabled, the vm did not work correctly with merely a swapped display device. What did work was just building a new vm, and it added the necessary parts on my behalf already.

Comparison of listed hardware in virt-manager for a Windows 7 guest installed without qemu spice, and with qemu spice support

For the two xml files for you to diff:

Rocky 9 kvm networked bridge interface

bgstack15

Comments

Similar to what I did on CentOS 7 all those years ago, I needed to set up a bridge network interface in my current setup on Rocky 9. This design seems to be imperfect, but I guess it will have to do. The problem I have found is that it takes a few minute after boot before it is up, so my nfs server doesn't seem to start. But more on that later.

The main purpose of a bridged network device is so virtual machines will be on the main network, accessible to all systems.

After ensuring the basic network card exists, named enp0s25 on my system, use nmcli to make the new device.

sudo nmcli con add ifname br0 type bridge con-name br0
sudo nmcli con add type bridge-slave ifname enp0s25 master br0
sudo nmcli con modify br0 ipv4.addresses 192.168.1.58/24 ipv4.method manual # this server1 ip address
sudo nmcli con modify br0 ipv4.gateway 192.168.1.254 # default gateway of main network
sudo nmcli con modify br0 ipv4.dns 192.168.1.10,192.168.1.11 # default dns servers

Configure qemu to allow... whatever this allows. I didn't read it.

sudo tee -a /etc/qemu-kvm/bridge.conf <<EOF
allow all
EOF

And then take down enp0s25 and up br0.

sudo nmcli con down ep0s25 ; sudo nmcli con up br0 ;

Of course the usual warnings apply about doing this remotely. Yes, I did it remotely (the second time, when my config was actually valid).

It took within 2 minutes to actually bring the network up! So this affects nfs-server on reboot. Still, I will talk about that further down.

I wrote file bridge.xml. Its path is irrelevant because you will input it to virsh.

<network>
   <name>br0</name>
   <forward mode="bridge"/>
   <bridge name="br0"/>
</network>

And then load this definition to virsh.

sudo virsh net-define ./bridge.xml
sudo virsh net-start br0
sudo virsh net-autostart br0

And then restart libvirtd.

sudo systemctl restart libvirtd

Experiment for nfs-server

Because of the delays (only on my hardware?) for the bridge to come up, nfs-server fails to start. And since I serve /var/lib/libvirt/images to the other virtual machine hosts from this server, that is a huge problem! I currently have an experiment in place, and will need to determine over time if this has solved my problem.

I edited nfs-server:

sudo systemctl edit nfs-server.service
[Unit]
After=sys-devices-virtual-net-br0.device
Requires=sys-devices-virtual-net-br0.device
# :wq

Let us see over time if this will help the nfs server come up when the whole system/network is ready.

Auxiliary and raw notes

Reference 1's guide didn't seem to work so well for me. I had to delete all that effort, restore my network card definition entirely, and then try with Reference 2.

The commands that did not work for me:

sudo nmcli con show
sudo nmcli con delete enp0s25
sudo nmcli con add type bridge autoconnect yes con-name br0 ifname virbr0
sudo nmcli con modify br0 ipv4.addresses 192.168.1.58/24 ipv4.method manual
sudo nmcli con modify br0 ipv4.gateway 192.168.1.254
sudo nmcli con modify br0 ipv4.dns 192.168.1.10,192.168.1.11
sudo nmcli con add type bridge-slave autoconnect yes con-name enp0s25 master br0

I don't feel like learning what I did wrong with that. Reference 2 worked, and I have other problems than comprehending the network card stupidity of RHEL.

References

Weblinks

  1. Setting Up libvirt on Rocky Linux - Documentation
  2. Creating a Rocky Linux 9 KVM Networked Bridge Interface – Answertopia

Internal files

  1. server1a-log.md

Fixed systemctl-service-shim in Devuan: bug #898

bgstack15

Comments

My friend Plasma41 found that my project systemctl-service-shim has a serious bug (#898)that breaks grub2 from finding new kernels for building the boot menu.

So I had to fix it.

The stub behavior in the main script that short-circuits when called as systemd-detect-virt and hostnamectl was misleading grub and causing grub to skip searching for kernel/initram entries. Freeipa uses those, hardcoded, for changing behavior slightly when a client is joining a domain. So I patched freeipa while updating it to no longer need these. Then I could fix systemctl-service-shim.

I removed the stub behavior of systemctl-service-shim entirely, and removed the symlinks from the package. If something downstream breaks because those scripts are no longer there, we should file bugs against those projects.

And now systemctl-service-shim_0.0.8-1 breaks freeipa-client < 4.12.4-1devuan1 so users cannot have the new systemctl-service-shim with the old freeipa that would try to use the now-gone binaries.

Make an F-Droid custom repo

bgstack15

Comments

Purpose

The official F-Droid repos which I mirror in my fdroid mirror do not contain some packages for various reasons. Because that project is supposed to be about mirroring only the relevant parts of the official repos, I need a separate spot to store apks I care about.

Preparing the main F-droid custom repo

User fdroid already exists. I took these steps, following Reference 1.

# my user
mkdir -p /mnt/public/www/example/repo/fdroid
chown fdroid:admins /mnt/public/www/example/repo/fdroid
sudo su - fdroid
cd /mnt/public/www/example/repo/fdroid
fdroid init # generated a keystore.p12

I intend to use a cert signed by my own CA, so I will follow Reference 2 and my previous post.

openssl genpkey -algorithm RSA -out fdroid-server3.ipa.example.com.key -pass pass:''
openssl req -new -key fdroid-server3.ipa.example.com.key \
    -subj "/OU=fdroid/CN=server3.ipa.example.com" \
    -addext "subjectAltName = DNS:fdroid.ipa.example.com,DNS:server3.ipa.example.com,DNS:internal.example.com" \
    -out fdroid-server3.ipa.example.com.csr
ipa host-add --force fdroid.ipa.example.com
# other DNS SANs already exist as hosts in ipa.example.com
ipa service-add --force FDROID/server3.ipa.example.com
ipa service-add --force FDROID/fdroid.ipa.example.com
ipa service-add --force FDROID/internal.example.com
ipa cert-request --chain --principal=FDROID/server3.ipa.example.com fdroid-server3.ipa.example.com.csr --certificate-out=fdroid-server3.ipa.example.com.pem

I had to split out the CA cert from the .pem file because if it is in the pkcs12, then fdroid clients will have a problem reading the repo:

> Bad fingerprint
> org.fdroid.index.SigningException: index.jar code signers must only have a single certificate

After fixing the pem to have a single entry:

openssl pkcs12 -export -in fdroid-server3.ipa.example.com.pem -inkey fdroid-server3.ipa.example.com.key -out fdroid-server3.ipa.example.com.p12 -name fdroid
# see-keepass-for-pw

Unfortunately my requested subject was not given, but I do have a cert, with serial number 11412853854 (0x2a842545e).

sudo chown fdroid:admins *p12
sudo chmod 0660 *p12
sudo chgrp admins repo
sudo chmod u=rwX,g=rwX repo

I adjusted config.yml with the relevant details. I put the bare csr, key, and pem in .certs/.

Now I placed the desired wireguard apk in the directory /mnt/public/www/example/repo/fdroid/repo by running /mnt/public/Support/Programs/wireguard/get-latest-upstream-wireguard-apk.sh. And then generate the initial metadata with this.

. ~/venv2/bin/activate
fdroid update -c --use-date-from-apk

I set up the icon too:

cp -pi /mnt/mirror/fdroid/bgstack15.png /mnt/public/www/example/repo/fdroid/

I copied in the existing css assets:

cp -pr /mnt/mirror/fdroid/assets /mnt/public/www/example/repo/fdroid

What packages are included here

So far I only wanted this additional package.

  • wireguard

Related files

These files are underneath /mnt/public/www/example/repo/fdroid/.

  • .certs/
  • bgstack15.png
  • config.yml
  • fdroid-server3.ipa.example.com.p12
  • generate-web-example.conf is the config file for fdroid_generate_web.py

Additional files

  • /etc/installed/fdroid/fdroid_generate_web.py
  • /mnt/public/Support/Programs/wireguard/get-latest-upstream-wireguard-apk.sh

Operations

Checking for updated packages

Checking for new wireguard packages

As user fdroid@server3, run /mnt/public/Support/Programs/wireguard/get-latest-upstream-wireguard-apk.sh

Adding a new package

(Based on Reference 4 Find the desired .apk files and place them in /mnt/public/www/example/repo/fdroid/repo. Then for an icon, you might need to explode the zip-format .apk file and find a suitable icon, and place it as file:

/mnt/public/www/example/repo/fdroid/repo/com.example.appname/en-US/icon.png

Make sure user fdroid can write to that en-US directory because it will generate some hash of the file and make a symlink to it.

You also have to add contents to a yml file in metadata/. To build the blank default ones for any new packages, run fdroid update -c --use-date-from-apk. Perhaps check https://gitlab.com/fdroid/fdroiddata/-/tree/master/metadata by downloading it with git. The web view is hard to navigate because of the large number of files.

Updating the repository

Once all desired apk files are in place in /mnt/public/www/example/repo/fdroid/repo, switch to user fdroid@server3 and run these commands.

cd /mnt/public/www/example/repo/fdroid
fdroid update

Also update the static web page I generate.

CONF_FILE=/mnt/public/www/example/repo/fdroid/generate-web-example.conf /etc/installed/fdroid/fdroid_generate_web.py

Using the repository in F-Droid client

Use address https://server3.ipa.example.com/example/repo/fdroid/repo/

References

Weblinks

  1. Setup an F-Droid App Repo | F-Droid - Free and Open Source Android App Repository
  2. Signing Process | F-Droid - Free and Open Source Android App Repository
  3. Latest way to get certificate in FreeIPA | Knowledge Base
  4. Extend the „simple binary repo“: Screenshots & more - IzzyOnDroid
  5. F-droid partial mirror | Knowledge Base

Man pages

SPICE available on EL9 using a COPR

bgstack15

Comments

Red Hat famously removed support for SPICE consoles in RHEL 9. One good conversation about it is over on the Rocky Linux 9 forums.

To find all this info, I started with an Internet search: rocky 9 spice graphics are not supported with this QEMU

But some wonderful and enterprising individual rebuilds the Fedora packages for EL9, and has put them in a copr! So all us EL addicts can get our SPICE kvm guest consoles back so everything works.

The instructions are very simple. To enable the repository, run this dnf command.

# dnf -y copr enable ligenix/enterprise-qemu-spice ; dnf update

And then install qemu-kvm with spice support. Or if it is already installed, just update.

dnf install virt-manager

This information will enable my work for some future blog posts.