In my previous posts, I demonstrated how to build a statically linked transmission-daemon with Buildah. People are asking how to build it for ARM, and I realized they don’t know that with Buildah and qemu-user-static, you can build for almost any architecture on x86_64. In this post, I will demonstrate how to build for ARM64 and make your own custom build with the scripts in my repository. Prerequisites As the build process is based on Buildah, you will only need to have Buildah, Git, and qemu-user-static installed on your system....
Building a Statically Linked Transmission Daemon: An Elegant Solution
In my previous post, How to Build Statically Linked Transmission Daemon 4, I demostrated the way to create a statically linked transmission-daemon. While effective, that approach involved manually linking the final binary which is not ideal in my optinion. After some trials and erros, I discovered a more elegant solution by patching the CMakeLists.txt file for transmission-daemon, which simplifies the process significantly. The New Approach The key improvement in this refined method is to apply a patch to the daemon/CMakeLists....
How to Build Statically Linked Transmission 4.00 with buildah
In this post I will show you how to compile a statically linked transmission-daemon in transmision 4.0.5 with buildah, you should be able to build other components as well. The process should be roughly the same but your mileages may vary, as I am doing some dirty hacks to make it work. The build_tranmission-daemon.sh script # build_tranmission-daemon.sh #!/bin/bash export TRANSMISSION_VERSION="4.0.5" buildah bud -f Containerfile.transmission --iidfile out/transmission-${TRANSMISSION_VERSION}.iid export iid=$(cat out/transmission-${TRANSMISSION_VERSION}.iid | cut -d ':' -f2) export container=$(buildah from ${iid}) copy_script="copy_artifacts....
Code Signing PowerShell Scripts With Hashicorp Vault and osslsigncode
The osslsigncode has added support for signning PowerShell script recently. In this post, I will demonstrate how to use Hashicorp Vault and osslsigncode to sign PowerShell scripts. Prerequisites I am going to make the following assumptions: You have a working Hashicorp Vault cluster running at https://your-vault-server.com with a PKI mount named your-pki-mount. The root CA is already installed on the machine where you are going to run the PowerShell script, it should be installed in the Trusted Root Certification Authorities store....
TFTP Practical Security Controls
The TFTP(Trivial File Transfer Protocol) is a decades old protocol and is still widely used due to its simplicity. But it is also known for minimal security features, which can make it vulnerable to various attacks. This post will discuss some practical security controls for TFTP in RHEL9. Ensure SELINUX is enabled and in enforcing mode In the year 2023, it is expected that SELINUX is enabled and in enforcing mode by default....
How to Build iPXE With Buildah
The iPXE project is a very popular network boot firmware, the official website is ipxe.org. This post will show you how to build iPXE with buildah. This build is focusing on enabling HTTPS boot protocol for iPXE. Some prebuilt binaries are available from github. The build_ipxe.sh script set -e export container=$(buildah from docker.io/amd64/alpine:3.18) pcbios_targets=("ipxe.pxe" "ipxe.kpxe" "ipxe.kkpxe" "ipxe.lkrn") # Initialize the buildtargets string with ipxe.efi build_targets="bin-x86_64-efi/ipxe.efi " # Iterate through the pcbios_targets and construct the buildtargets string for pcbios_target in "${pcbios_targets[@]}"; do build_targets+="bin-x86_64-pcbios/$pcbios_target " done export build_targets buildah run $container wget -c https://ipxe....
How to Enable i2c3 on Orangepi Zero3
The i2c3 bus on the Orange Pi Zero3 is disabled by default. This post will show you how to enable it by patching the Device Tree Source (DTS) file in the mainline kernel source. Please check this post for instructions on how to build the mainline DTB for the Orange Pi Zero3. In general there are two ways to enable an i2c bus on an ARM SBC: Use the DTO (Device Tree Overlay) mechanism to enable the i2c bus at runtime in U-Boot, the offical Orange Pi Zero3 OS uses this way....
How to Install Fedora Server 39 on Orange Pi Zero3
The Orange Pi Zero3 board is not officially supported by The Fedora Project yet. However, it is possible to install Fedora Server 39 on it with mainline U-Boot and DTB. This guide will walk you through the process of installing Fedora Server 39 on the Orange Pi Zero3 board. Prerequisites Download the pre-built U-Boot for Orange Pi Zero3 from here. Check this post if you want to bulid U-Boot from source....
How to Customize Fedora Server Image for ARM SBCs
I have been using Fedora Server as the operating system for my x86_64 home servers over an extended period. However, last year, I decided to phase out my older, power-hungry x86_64 servers and transitioned to ARM Single Board Computers (SBCs). This transition proved to be successful in terms of efficiency and performance. Regrettably, Fedora Server does not offer official support for a wide range of ARM SBCs available in the market....
How To Build Mainline DTB for Orangepi Zero3
The Orange Pi Zero3 has been supported by the mainline Linux kernel since v6.6, but the NIC is not stable yet. Until this patch shows up in the mailing list: https://lore.kernel.org/lkml/20231029074009.7820-2-amadeus@jmu.edu.cn/T/. This post will show you how to build the DTB for the Orange Pi Zero3 with buildah from the mainline Linux kernel source. The build_dtb_orangepi_zero3.sh script # cat build_dtb_orangepi_zero3.sh # Set kernel_ver environment variables export kernel_ver="v6.6" export container=$(buildah from arm64v8/alpine:3....