http://w.vaguehope.com/wiki/api.php?action=feedcontributions&user=Haku&feedformat=atom
Vague Hope Wiki - User contributions [en-gb]
2024-03-28T18:36:25Z
User contributions
MediaWiki 1.26.2
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1242
RAID
2018-04-15T16:24:50Z
<p>Haku: /* Mount */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<br />
RAID 1 with 1 drive:<br />
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 missing<br />
<br />
RAID 6 with 4 drives:<br />
mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
<br />
Monitor:<br />
watch cat /proc/mdstat<br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
<br />
nobootwait has been replace with nofail:<br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nofail,user_xattr 0 2<br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
sudo fsck -f /dev/md0<br />
sudo resize2fs /dev/md0<br />
sudo fsck -f /dev/md0<br />
<br />
Recovery if needed:<br />
e2fsck -cc /dev/md0<br />
resize2fs /dev/md0<br />
fsck -f /dev/md0<br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== Fixing ==<br />
<br />
mdadm --detail --scan<br />
(fix uuid in /etc/mdadm/mdadm.conf)<br />
sudo update-initramfs -u<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1764861<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1241
RAID
2018-04-15T15:53:42Z
<p>Haku: /* Create array */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<br />
RAID 1 with 1 drive:<br />
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 missing<br />
<br />
RAID 6 with 4 drives:<br />
mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
<br />
Monitor:<br />
watch cat /proc/mdstat<br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
sudo fsck -f /dev/md0<br />
sudo resize2fs /dev/md0<br />
sudo fsck -f /dev/md0<br />
<br />
Recovery if needed:<br />
e2fsck -cc /dev/md0<br />
resize2fs /dev/md0<br />
fsck -f /dev/md0<br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== Fixing ==<br />
<br />
mdadm --detail --scan<br />
(fix uuid in /etc/mdadm/mdadm.conf)<br />
sudo update-initramfs -u<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1764861<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Vimperator&diff=1240
Vimperator
2017-01-09T23:49:02Z
<p>Haku: </p>
<hr />
<div>These are my customisations for making vimperator (firefox plugin) more sane.<br />
<br />
<pre><br />
# set GUI options.<br />
:set go+=mTB<br />
<br />
# make auto complete work.<br />
:set wildoptions=auto<br />
<br />
# allow ctrl+k to get to search bar.<br />
:noremap <C-k> <A-d><Tab><br />
:inoremap <C-k> <A-d><Tab><br />
<br />
# make copy-past work as expected.<br />
:noremap <C-c> <C-v><C-c><br />
:noremap <C-v> <C-v><C-v><br />
:inoremap <C-c> <C-v><C-c><br />
:inoremap <C-v> <C-v><C-v><br />
<br />
# allow select all in text boxes.<br />
:noremap <C-a> <C-v><C-a><br />
:inoremap <C-a> <C-v><C-a><br />
<br />
# make it still possible to stop page load:<br />
:noremap <C-d> :stop<CR><br />
:inoremap <C-d> :stop<CR><br />
<br />
# make undo work nicely in text boxes.<br />
:inoremap <C-z> <C-v><C-z><br />
<br />
# save config.<br />
:mkv<br />
</pre><br />
<br />
<br />
<pre><br />
"2.1 (created: 2009/05/21 13:13:06)<br />
<br />
inoremap <C-c> <C-v><C-c><br />
inoremap <C-v> <C-v><C-v><br />
inoremap <C-z> <C-v><C-z><br />
inoremap <C-a> <C-v><C-a><br />
inoremap <C-d> :stop<CR><br />
inoremap <C-k> <A-d><Tab><br />
nnoremap <C-k> <A-d><Tab><br />
nnoremap <C-c> <C-v><C-c><br />
nnoremap <C-v> <C-v><C-v><br />
nnoremap <C-d> :stop<CR><br />
nnoremap <C-a> <C-v><C-a><br />
noremap <C-k> <A-d><Tab><br />
noremap <C-c> <C-v><C-c><br />
noremap <C-v> <C-v><C-v><br />
noremap <C-d> :stop<CR><br />
noremap <C-a> <C-v><C-a><br />
set guioptions=rbmTB<br />
set "runtimepath=C:\\Documents and Settings\\haku\\vimperator"<br />
set wildoptions=auto<br />
vnoremap <C-k> <A-d><Tab><br />
vnoremap <C-c> <C-v><C-c><br />
vnoremap <C-v> <C-v><C-v><br />
vnoremap <C-d> :stop<CR><br />
vnoremap <C-a> <C-v><C-a><br />
source! "C:\\Documents and Settings\\haku\\_vimperatorrc.local"<br />
<br />
" vim: set ft=vimperator:<br />
</pre><br />
<br />
<br />
<br />
<br />
<br />
[[Category:dev]]</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1238
TLS
2016-06-17T08:48:28Z
<p>Haku: /* CMS */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out "${HOST}-private.pem" -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -subj "/C=XX/ST=X/L=X/O=X/OU=X/CN=${HOST}" -key "${HOST}-private.pem" -out "${HOST}-public.pem"<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out a.txt.cms \<br />
public_key.pem<br />
<br />
Decrypt file:<br />
openssl cms -decrypt \<br />
-inform der \<br />
-in a.txt.cms \<br />
-recip public_key.pem \<br />
-inkey private_rsa_key_4096.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1237
TLS
2016-06-17T08:46:49Z
<p>Haku: /* CMS */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out "${HOST}-private.pem" -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -subj "/C=XX/ST=X/L=X/O=X/OU=X/CN=X" -key "${HOST}-private.pem" -out "${HOST}-public.pem"<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out a.txt.cms \<br />
public_key.pem<br />
<br />
Decrypt file:<br />
openssl cms -decrypt \<br />
-inform der \<br />
-in a.txt.cms \<br />
-recip public_key.pem \<br />
-inkey private_rsa_key_4096.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1236
TLS
2016-06-17T08:43:17Z
<p>Haku: /* CMS */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out "${HOST}-private.pem" -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key "${HOST}-private.pem" -out "${HOST}-public.pem"<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out a.txt.cms \<br />
public_key.pem<br />
<br />
Decrypt file:<br />
openssl cms -decrypt \<br />
-inform der \<br />
-in a.txt.cms \<br />
-recip public_key.pem \<br />
-inkey private_rsa_key_4096.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1235
TLS
2016-06-17T08:29:14Z
<p>Haku: /* CMS */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out private_rsa_key_4096.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key private_rsa_key_4096.pem -out public_key.pem<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out a.txt.cms \<br />
public_key.pem<br />
<br />
Decrypt file:<br />
openssl cms -decrypt \<br />
-inform der \<br />
-in a.txt.cms \<br />
-recip public_key.pem \<br />
-inkey private_rsa_key_4096.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TcpDump&diff=1234
TcpDump
2016-02-16T09:15:28Z
<p>Haku: </p>
<hr />
<div> tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap<br />
tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap<br />
<br />
<br />
http.time || tcp.analysis.retransmission || _ws.expert.severity >= 0x00600000</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TcpDump&diff=1233
TcpDump
2016-02-15T16:04:28Z
<p>Haku: </p>
<hr />
<div> tcpdump -i eth0 tcp port 80 -w foo.$(date +'%Y%m%d-%H%M%S').pcap<br />
tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +'%Y%m%d-%H%M%S').pcap</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TcpDump&diff=1232
TcpDump
2016-02-15T16:01:07Z
<p>Haku: Created page with " tcpdump -i eth0 tcp port 80 -w foo.$(date +%s).pcap tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +%s).pcap"</p>
<hr />
<div> tcpdump -i eth0 tcp port 80 -w foo.$(date +%s).pcap<br />
tcpdump -i eth0 "(host 10.0.1.1 or 10.0.1.2) and tcp port 8000" -w foo.$(date +%s).pcap</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Awk&diff=1231
Awk
2016-02-15T13:48:16Z
<p>Haku: </p>
<hr />
<div> awk '{print $3}'<br />
awk '{print $4 "|" $5}'<br />
awk 'BEGIN { FS = "|" } ; { print $10 }'<br />
awk '{total += $1; count++} END { print total/count } END {print count}'<br />
awk '{printf "%s,%s\n", $1,$12}'<br />
awk '{print ((substr($1,15,2) * 60) + substr($1,18,2)) "," $2}'<br />
awk '{sub(/\/$/, "") ; print $1}'<br />
awk '$12 > 3 {print $0}'<br />
awk '$11 == "-" && $12 > 1 {print $0}'</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Awk&diff=1230
Awk
2016-02-15T13:29:43Z
<p>Haku: </p>
<hr />
<div> awk '{print $3}'<br />
awk '{print $4 "|" $5}'<br />
awk 'BEGIN { FS = "|" } ; { print $10 }'<br />
awk '{total += $1; count++} END { print total/count } END {print count}'<br />
awk '{printf "%s,%s\n", $1,$12}'<br />
awk '{print ((substr($1,15,2) * 60) + substr($1,18,2)) "," $2}'<br />
awk '{sub(/\/$/, "") ; print $1}'<br />
awk '$12 > 3 {print $0}'</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Awk&diff=1229
Awk
2016-02-15T13:27:14Z
<p>Haku: Created page with " awk -F'"' '{print $3}' awk '{print $4 "|" $5}' awk 'BEGIN { FS = "|" } ; { print $10 }' awk '{total += $1; count++} END { print total/count } END {print count}' awk -F'|'..."</p>
<hr />
<div> awk -F'"' '{print $3}'<br />
awk '{print $4 "|" $5}'<br />
awk 'BEGIN { FS = "|" } ; { print $10 }'<br />
awk '{total += $1; count++} END { print total/count } END {print count}'<br />
awk -F'|' '{printf "%s,%s\n", $1,$12}'<br />
awk -F, '{print ((substr($1,15,2) * 60) + substr($1,18,2)) "," $2}'<br />
awk '{sub(/\/$/, "") ; print $1}'</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=SSL&diff=1228
SSL
2016-01-25T15:38:45Z
<p>Haku: Haku moved page SSL to TLS</p>
<hr />
<div>#REDIRECT [[TLS]]</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1227
TLS
2016-01-25T15:38:44Z
<p>Haku: Haku moved page SSL to TLS</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out rsa_key_4096.pem -outform PEM -cipher des3 -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key key_a.private.pem -out test-user-cert.pem<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out e.txt.cms \<br />
user-cert.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Media_Conversion&diff=1226
Media Conversion
2015-10-25T10:22:11Z
<p>Haku: /* Audio */</p>
<hr />
<div>== Audio ==<br />
<br />
aac to wav<br />
$ mplayer -ao pcm a.aac -ao pcm:file="a.wav"<br />
<br />
aac to m4a<br />
$ MP4box -add a.aac -new a.m4a<br />
<br />
wav to mp3, mono, 192<br />
<pre><br />
lame -h a.wav a.mp3<br />
lame -h -m m a.wav a.mp3<br />
lame -h -b 192 a.wav a.mp3<br />
</pre><br />
<br />
fixing and info<br />
<pre><br />
mpg123 --rate 44100 --stereo --resync a.mp3<br />
vbrfix a.mp3<br />
exiftool a.mp3<br />
</pre><br />
<br />
extract audio from video<br />
<pre><br />
ffmpeg -i inputfile.flv -acodec copy output.mp3<br />
</pre><br />
GUI tool: soundconverter<br />
<br />
flac to mp3<br />
<pre><br />
ffmpeg -i input.flac -ab 196k -ac 2 -ar 48000 output.mp3<br />
</pre><br />
<br />
for a in *.flac; do<br />
ffmpeg -i "$a" -qscale:a 0 "${a[@]/%flac/mp3}"<br />
done<br />
<br />
split mp3<br />
<pre><br />
sudo aptitude install mp3splt-gtk mp3wrap mp3splt<br />
</pre><br />
<br />
join mp3s:<br />
ffmpeg -i "concat:file1.mp3|file2.mp3" -acodec copy output.mp3<br />
ffmpeg -i "concat:$(join '|' *.mp3)" -acodec copy "output.mp3"<br />
<br />
== Video ==<br />
<br />
=== Tools ===<br />
<br />
General guide: http://ubuntuforums.org/showthread.php?t=786095<br />
<br />
=== mplayer ===<br />
<br />
Transcode for Transformer. Burns in ass subs.<br />
* mplayer from source.<br />
* x264 from source.<br />
* neroAacEnc binary (see 4th source),<br />
* Ubuntu repo MP4Box.<br />
* Need to manually supply $FRAME_RATE.<br />
<br />
<pre><br />
mplayer -benchmark -ass \<br />
-vo yuv4mpeg:file=>(x264 --demuxer y4m --crf 22 \<br />
--preset slow --profile main --level 3.1 \<br />
--vbv-bufsize 14000 --vbv-maxrate 14000 \<br />
--threads 2 --output video.264 - 2>x264.log) \<br />
-ao pcm:fast:file=>(neroAacEnc \<br />
-ignorelength -lc -q 0.6 -if - -of audio.mp4 2>nero.log) \<br />
source.mkv<br />
<br />
MP4Box -fps $FRAME_RATE -add video.264 -add audio.mp4 final.mp4<br />
</pre><br />
<br />
Possible FPS detection:<br />
<pre><br />
FPS=$($MPLAYER -vo null -ao null -frames 0 \<br />
-identify "$SOURCE" 2>/dev/null \<br />
| sed -ne '/^ID_/ { s/[]()|&;<>`'"'"'\\!$" []/\\&/g;p }' \<br />
| grep 'VIDEO_FPS' \<br />
| cut -d '=' -f 2)<br />
</pre><br />
<br />
=== mplayer filters ===<br />
<br />
Detect black box border:<br />
<pre><br />
mplayer [source] -chapter 3 -vf cropdetect<br />
</pre><br />
<br />
Select audio and disable subs:<br />
<pre><br />
mplayer [source] -alang ja -nosub -noautosub -forcedsubsonly -sid 1000<br />
</pre><br />
<br />
=== ffmpeg ===<br />
<br />
Down-scale mp4:<br />
<pre><br />
ffmpeg -i source.mp4 -vcodec libx264 -vprofile main -preset slow -b:v 400k -maxrate 400k -bufsize 800k -vf scale=852:480 -threads 0 -acodec libfaac -ab 128k output.mp4<br />
</pre><br />
Note: can do 'scale=-1:480' to calculate width.<br />
<br />
== Lossless Trimming ==<br />
<br />
$FFMPEG -ss 0 -t 00:04:13 -i in.mp4 -acodec copy -vcodec copy out.mp4<br />
<br />
== handbrake ==<br />
<br />
* https://trac.handbrake.fr/wiki/BuiltInPresets#highprofile<br />
* https://dev.gentoo.org/~beandog/handbrake_preset_reference.html<br />
<br />
== References ==<br />
<br />
* http://www.virag.si/2012/01/web-video-encoding-tutorial-with-ffmpeg-0-9/<br />
* http://www.catswhocode.com/blog/19-ffmpeg-commands-for-all-needs<br />
* http://virishi.net/useful-video-transcoding-commands<br />
* https://sites.google.com/site/linuxencoding/x264-encoding-guide<br />
* http://www.mplayerhq.hu/DOCS/HTML/en/faq.html<br />
* http://www.axllent.org/docs/video/mencoder_dvd_to_mpeg4<br />
<br />
== ASCII ==<br />
<pre><br />
xterm -fn 5x7 -geometry 250x80 -e "setterm -cursor off ; mplayer -quiet -vo aa:driver=curses -monitorpixelaspect 0.5 test.avi"<br />
</pre></div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1225
Java
2015-09-29T10:31:11Z
<p>Haku: /* OpenJDK Heapdump */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,depth=7,file=/tmp/app-profile.txt -jar foo.jar<br />
kill -QUIT $pid<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
* http://www.brendangregg.com/blog/2014-06-09/java-cpu-sampling-using-hprof.html<br />
* https://github.com/jnorris/conf/blob/master/bin/hprof#L113<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
$ sudo -u tomcat jstack 1384 | sudo tee /var/log/tomcat6/stacks.txt<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/<br />
<br />
== SSL ==<br />
<br />
java -Djavax.net.debug=ssl:handshake:verbose<br />
<br />
<pre><br />
all turn on all debugging<br />
ssl turn on ssl debugging<br />
<br />
The following can be used with ssl:<br />
record enable per-record tracing<br />
handshake print each handshake message<br />
keygen print key generation data<br />
session print session activity<br />
defaultctx print default SSL initialization<br />
sslctx print SSLContext tracing<br />
sessioncache print session cache tracing<br />
keymanager print key manager tracing<br />
trustmanager print trust manager tracing<br />
pluggability print pluggability tracing<br />
<br />
handshake debugging can be widened with:<br />
data hex dump of each handshake message<br />
verbose verbose handshake message printing<br />
<br />
record debugging can be widened with:<br />
plaintext hex dump of record plaintext<br />
packet print raw SSL/TLS packets<br />
</pre><br />
<br />
* http://www.theeggeadventure.com/wikimedia/index.php/Javax.net.debug</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=VLC&diff=1224
VLC
2015-07-03T10:22:52Z
<p>Haku: </p>
<hr />
<div>==Streaming to Icecast==<br />
cvlc -v --http-proxy '127.0.0.1:3128' "$HOME/tmp/test.m4a" \<br />
--sout '#transcode{vcodec=none,acodec=mp3,ab=128,channels=2,samplerate=44100}:standard{access=shout{mp3=1,bitrate=128, samplerate=44100, channels=2,name='name',genre='all'},,mux=raw,dst=admin:hackme@127.0.0.1:8000/stream}'</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=VLC&diff=1223
VLC
2015-07-03T10:07:22Z
<p>Haku: Created page with "==Streaming to Icecast== cvlc -vvv --http-proxy '127.0.0.1:3128' "$HOME/tmp/test.m4a" \ --sout '#transcode{vcodec=none,acodec=mp3,ab=128,channels=2,samplerate=44100}:standar..."</p>
<hr />
<div>==Streaming to Icecast==<br />
cvlc -vvv --http-proxy '127.0.0.1:3128' "$HOME/tmp/test.m4a" \<br />
--sout '#transcode{vcodec=none,acodec=mp3,ab=128,channels=2,samplerate=44100}:standard{access=shout{mp3=1,bitrate=128, samplerate=44100, channels=2,name='name',genre='all'},,mux=raw,dst=admin:hackme@127.0.0.1:8000/stream}'</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=OSX&diff=1222
OSX
2015-06-08T18:26:25Z
<p>Haku: Created page with " sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clien..."</p>
<hr />
<div> sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd -restart -agent -privs -all<br />
<br />
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off<br />
<br />
* https://apple.stackexchange.com/questions/30238/how-to-enable-os-x-screen-sharing-vnc-through-ssh</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1221
TLS
2015-04-21T12:16:01Z
<p>Haku: /* Examine */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -nodes -in client.p12 | openssl x509 -noout -subject -enddate<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out rsa_key_4096.pem -outform PEM -cipher des3 -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key key_a.private.pem -out test-user-cert.pem<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out e.txt.cms \<br />
user-cert.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1220
Java
2015-04-16T14:00:03Z
<p>Haku: /* Profiling */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,depth=7,file=/tmp/app-profile.txt -jar foo.jar<br />
kill -QUIT $pid<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
* http://www.brendangregg.com/blog/2014-06-09/java-cpu-sampling-using-hprof.html<br />
* https://github.com/jnorris/conf/blob/master/bin/hprof#L113<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/<br />
<br />
== SSL ==<br />
<br />
java -Djavax.net.debug=ssl:handshake:verbose<br />
<br />
<pre><br />
all turn on all debugging<br />
ssl turn on ssl debugging<br />
<br />
The following can be used with ssl:<br />
record enable per-record tracing<br />
handshake print each handshake message<br />
keygen print key generation data<br />
session print session activity<br />
defaultctx print default SSL initialization<br />
sslctx print SSLContext tracing<br />
sessioncache print session cache tracing<br />
keymanager print key manager tracing<br />
trustmanager print trust manager tracing<br />
pluggability print pluggability tracing<br />
<br />
handshake debugging can be widened with:<br />
data hex dump of each handshake message<br />
verbose verbose handshake message printing<br />
<br />
record debugging can be widened with:<br />
plaintext hex dump of record plaintext<br />
packet print raw SSL/TLS packets<br />
</pre><br />
<br />
* http://www.theeggeadventure.com/wikimedia/index.php/Javax.net.debug</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Ruby&diff=1219
Ruby
2015-04-10T10:10:36Z
<p>Haku: </p>
<hr />
<div>== RVM ==<br />
<br />
rvm autolibs fail<br />
<br />
== Bundle ==<br />
<br />
gem install ruby-debug-base19 -v '0.11.25' -- --with-ruby-include=/home/ci/.rvm/src/ruby-1.9.3-p0/<br />
<br />
== Reading ==<br />
<br />
* http://elliotth.blogspot.com/2006/04/lesson-about-using-env1-in-script.html<br />
* http://ruby-doc.org/docs/Newcomers/ruby.html<br />
* https://secure.wikimedia.org/wikibooks/en/wiki/Ruby_Programming/Syntax/Operators<br />
* http://www.rubyinside.com/21-ruby-tricks-902.html</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1218
Java
2015-03-17T09:55:29Z
<p>Haku: /* SSL */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,file=/tmp/app-profile.txt -jar foo.jar<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
* http://www.brendangregg.com/blog/2014-06-09/java-cpu-sampling-using-hprof.html<br />
* https://github.com/jnorris/conf/blob/master/bin/hprof#L113<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/<br />
<br />
== SSL ==<br />
<br />
java -Djavax.net.debug=ssl:handshake:verbose<br />
<br />
<pre><br />
all turn on all debugging<br />
ssl turn on ssl debugging<br />
<br />
The following can be used with ssl:<br />
record enable per-record tracing<br />
handshake print each handshake message<br />
keygen print key generation data<br />
session print session activity<br />
defaultctx print default SSL initialization<br />
sslctx print SSLContext tracing<br />
sessioncache print session cache tracing<br />
keymanager print key manager tracing<br />
trustmanager print trust manager tracing<br />
pluggability print pluggability tracing<br />
<br />
handshake debugging can be widened with:<br />
data hex dump of each handshake message<br />
verbose verbose handshake message printing<br />
<br />
record debugging can be widened with:<br />
plaintext hex dump of record plaintext<br />
packet print raw SSL/TLS packets<br />
</pre><br />
<br />
* http://www.theeggeadventure.com/wikimedia/index.php/Javax.net.debug</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1217
Java
2015-03-17T09:54:59Z
<p>Haku: </p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,file=/tmp/app-profile.txt -jar foo.jar<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
* http://www.brendangregg.com/blog/2014-06-09/java-cpu-sampling-using-hprof.html<br />
* https://github.com/jnorris/conf/blob/master/bin/hprof#L113<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/<br />
<br />
== SSL ==<br />
<br />
<pre><br />
all turn on all debugging<br />
ssl turn on ssl debugging<br />
<br />
The following can be used with ssl:<br />
record enable per-record tracing<br />
handshake print each handshake message<br />
keygen print key generation data<br />
session print session activity<br />
defaultctx print default SSL initialization<br />
sslctx print SSLContext tracing<br />
sessioncache print session cache tracing<br />
keymanager print key manager tracing<br />
trustmanager print trust manager tracing<br />
pluggability print pluggability tracing<br />
<br />
handshake debugging can be widened with:<br />
data hex dump of each handshake message<br />
verbose verbose handshake message printing<br />
<br />
record debugging can be widened with:<br />
plaintext hex dump of record plaintext<br />
packet print raw SSL/TLS packets<br />
</pre><br />
<br />
* http://www.theeggeadventure.com/wikimedia/index.php/Javax.net.debug</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1216
Java
2015-03-10T15:20:56Z
<p>Haku: /* Profiling */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,file=/tmp/app-profile.txt -jar foo.jar<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
* http://www.brendangregg.com/blog/2014-06-09/java-cpu-sampling-using-hprof.html<br />
* https://github.com/jnorris/conf/blob/master/bin/hprof#L113<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1215
Java
2015-03-10T14:09:01Z
<p>Haku: /* Profiling */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,file=/tmp/app-profile.txt -jar foo.jar<br />
<br />
* http://docs.oracle.com/javase/7/docs/technotes/samples/hprof.html<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Media_Conversion&diff=1214
Media Conversion
2015-02-15T11:52:46Z
<p>Haku: /* Audio */</p>
<hr />
<div>== Audio ==<br />
<br />
aac to wav<br />
$ mplayer -ao pcm a.aac -ao pcm:file="a.wav"<br />
<br />
aac to m4a<br />
$ MP4box -add a.aac -new a.m4a<br />
<br />
wav to mp3, mono, 192<br />
<pre><br />
lame -h a.wav a.mp3<br />
lame -h -m m a.wav a.mp3<br />
lame -h -b 192 a.wav a.mp3<br />
</pre><br />
<br />
fixing and info<br />
<pre><br />
mpg123 --rate 44100 --stereo --resync a.mp3<br />
vbrfix a.mp3<br />
exiftool a.mp3<br />
</pre><br />
<br />
extract audio from video<br />
<pre><br />
ffmpeg -i inputfile.flv -acodec copy output.mp3<br />
</pre><br />
GUI tool: soundconverter<br />
<br />
flac to mp3<br />
<pre><br />
ffmpeg -i input.flac -ab 196k -ac 2 -ar 48000 output.mp3<br />
</pre><br />
<br />
for a in *.flac; do<br />
ffmpeg -i "$a" -qscale:a 0 "${a[@]/%flac/mp3}"<br />
done<br />
<br />
split mp3<br />
<pre><br />
sudo aptitude install mp3splt-gtk mp3wrap mp3splt<br />
</pre><br />
<br />
== Video ==<br />
<br />
=== Tools ===<br />
<br />
General guide: http://ubuntuforums.org/showthread.php?t=786095<br />
<br />
=== mplayer ===<br />
<br />
Transcode for Transformer. Burns in ass subs.<br />
* mplayer from source.<br />
* x264 from source.<br />
* neroAacEnc binary (see 4th source),<br />
* Ubuntu repo MP4Box.<br />
* Need to manually supply $FRAME_RATE.<br />
<br />
<pre><br />
mplayer -benchmark -ass \<br />
-vo yuv4mpeg:file=>(x264 --demuxer y4m --crf 22 \<br />
--preset slow --profile main --level 3.1 \<br />
--vbv-bufsize 14000 --vbv-maxrate 14000 \<br />
--threads 2 --output video.264 - 2>x264.log) \<br />
-ao pcm:fast:file=>(neroAacEnc \<br />
-ignorelength -lc -q 0.6 -if - -of audio.mp4 2>nero.log) \<br />
source.mkv<br />
<br />
MP4Box -fps $FRAME_RATE -add video.264 -add audio.mp4 final.mp4<br />
</pre><br />
<br />
Possible FPS detection:<br />
<pre><br />
FPS=$($MPLAYER -vo null -ao null -frames 0 \<br />
-identify "$SOURCE" 2>/dev/null \<br />
| sed -ne '/^ID_/ { s/[]()|&;<>`'"'"'\\!$" []/\\&/g;p }' \<br />
| grep 'VIDEO_FPS' \<br />
| cut -d '=' -f 2)<br />
</pre><br />
<br />
=== mplayer filters ===<br />
<br />
Detect black box border:<br />
<pre><br />
mplayer [source] -chapter 3 -vf cropdetect<br />
</pre><br />
<br />
Select audio and disable subs:<br />
<pre><br />
mplayer [source] -alang ja -nosub -noautosub -forcedsubsonly -sid 1000<br />
</pre><br />
<br />
=== ffmpeg ===<br />
<br />
Down-scale mp4:<br />
<pre><br />
ffmpeg -i source.mp4 -vcodec libx264 -vprofile main -preset slow -b:v 400k -maxrate 400k -bufsize 800k -vf scale=852:480 -threads 0 -acodec libfaac -ab 128k output.mp4<br />
</pre><br />
Note: can do 'scale=-1:480' to calculate width.<br />
<br />
== Lossless Trimming ==<br />
<br />
$FFMPEG -ss 0 -t 00:04:13 -i in.mp4 -acodec copy -vcodec copy out.mp4<br />
<br />
== handbrake ==<br />
<br />
* https://trac.handbrake.fr/wiki/BuiltInPresets#highprofile<br />
* https://dev.gentoo.org/~beandog/handbrake_preset_reference.html<br />
<br />
== References ==<br />
<br />
* http://www.virag.si/2012/01/web-video-encoding-tutorial-with-ffmpeg-0-9/<br />
* http://www.catswhocode.com/blog/19-ffmpeg-commands-for-all-needs<br />
* http://virishi.net/useful-video-transcoding-commands<br />
* https://sites.google.com/site/linuxencoding/x264-encoding-guide<br />
* http://www.mplayerhq.hu/DOCS/HTML/en/faq.html<br />
* http://www.axllent.org/docs/video/mencoder_dvd_to_mpeg4<br />
<br />
== ASCII ==<br />
<pre><br />
xterm -fn 5x7 -geometry 250x80 -e "setterm -cursor off ; mplayer -quiet -vo aa:driver=curses -monitorpixelaspect 0.5 test.avi"<br />
</pre></div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TCP&diff=1213
TCP
2015-01-19T13:56:21Z
<p>Haku: Created page with " sudo tcpdump -i eth0 tcp port 80 -w cap.$(date +'%Y%m%d-%H%M%S').pcap"</p>
<hr />
<div> sudo tcpdump -i eth0 tcp port 80 -w cap.$(date +'%Y%m%d-%H%M%S').pcap</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Java&diff=1212
Java
2015-01-13T15:29:04Z
<p>Haku: /* OpenJDK Heapdump */</p>
<hr />
<div>== Profiling ==<br />
<br />
-Xrunhprof:cpu=samples,file=/tmp/app-profile.txt -jar foo.jar<br />
<br />
== OpenJDK Heapdump ==<br />
<br />
sudo yum install java-1.6.0-openjdk-devel<br />
sudo jmap -F -J-d64 -dump:live,format=b,file=/root/heap.bin 2232<br />
sudo jstack -F 2232 > /root/stacks.txt<br />
<br />
sudo -u tomcat jmap -J-d64 -dump:format=b,file=/tmp/heap.bin 1384<br />
<br />
* http://linux.die.net/man/1/jmap-java-1.6.0-openjdk<br />
* http://www.eclipse.org/mat/<br />
* http://vault.centos.org/6.4/updates/x86_64/Packages/<br />
<br />
== Remote Debug Tomcat6 ==<br />
In /usr/sbin/tomcat6:<br />
-Xdebug -Xrunjdwp:transport=dt_socket,address=62277,server=y,suspend=n<br />
<br />
== GC ==<br />
<br />
* http://mechanical-sympathy.blogspot.co.uk/2013/07/java-garbage-collection-distilled.html<br />
* http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html<br />
<br />
sudo jmap -heap <pid><br />
<br />
java \<br />
-Xms300m \<br />
-Xmx600m \<br />
-verbose:gc \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:+UseConcMarkSweepGC \<br />
-XX:+CMSIncrementalMode \<br />
-XX:+CMSIncrementalPacing \<br />
<br />
java \<br />
-verbose:gc \<br />
-XX:+PrintGCDetails \<br />
-XX:MaxGCPauseMillis=20 \<br />
-XX:MaxGCMinorPauseMillis=10 \<br />
-XX:GCTimeRatio=200 \<br />
-XX:+UseSerialGC \<br />
-Xms140m -Xmx140m \<br />
<br />
* http://stas-blogspot.blogspot.co.uk/2011/07/most-complete-list-of-xx-options-for.html<br />
* https://blog.codecentric.de/en/2013/01/useful-jvm-flags-part-6-throughput-collector/</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Pi&diff=1211
Pi
2015-01-12T15:22:29Z
<p>Haku: /* HDMI */</p>
<hr />
<div>== Wifi ==<br />
<br />
<pre><br />
148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter<br />
</pre><br />
<br />
<pre><br />
/sbin/iwlist scan<br />
/sbin/iwconfig<br />
</pre><br />
<br />
Setup: http://wiki.debian.org/WiFi/HowToUse#Command_Line<br />
<br />
/etc/network/interfaces<br />
<pre><br />
auto lo<br />
iface lo inet loopback<br />
<br />
auto eth0<br />
iface eth0 inet dhcp<br />
<br />
allow-hotplug wlan0<br />
auto wlan0<br />
iface wlan0 inet dhcp<br />
wpa-ssid "testwlan"<br />
wpa-psk "testwlan"<br />
</pre><br />
<br />
DHCP cache: /var/lib/dhcp<br />
<br />
Alt:<br />
apti wicd wicd-curses wicd-cli<br />
<br />
== Bluetooth ==<br />
<br />
* http://wiki.debian.org/BluetoothUser<br />
<br />
hcitool dev<br />
hcitool scan<br />
sudo /etc/init.d/bluetooth restart<br />
sudo hidd --connect <BT_Address><br />
<br />
== 1-Wire ==<br />
<br />
lsmod<br />
sudo modinfo ds2490<br />
sudo modprobe -r ds2490<br />
sudo digitemp_DS2490 -i<br />
sudo digitemp_DS2490 -q -a<br />
<br />
Blacklist:<br />
$ cat /etc/modprobe.d/ds2490<br />
blacklist ds2490<br />
blacklist ds9490r<br />
blacklist wire<br />
<br />
* http://www.raspberrypi.org/phpBB3/viewtopic.php?f=44&t=27379<br />
<br />
== frame buffers ==<br />
<br />
$ setterm -cursor off<br />
$ mplayer -vo fbdev:/dev/fb1 -vf scale=-2:240 -sws 4 video.avi<br />
<br />
* http://www.raspberrypi.org/phpBB3/viewtopic.php?f=93&t=48956&p=385092#p385092<br />
<br />
== HDMI ==<br />
<br />
* http://elinux.org/RPi_Configuration<br />
<br />
hdmi_ignore_edid=0xa5000080<br />
hdmi_group=2<br />
hdmi_mode=68<br />
hdmi_ignore_edid_audio=1</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Zip&diff=1210
Zip
2014-12-08T20:37:13Z
<p>Haku: </p>
<hr />
<div><pre><br />
env LANG=ja_JP 7z l jp.zip | iconv -f SHIFT-JIS -t UTF8<br />
env LANG=ja_JP 7z e jp.zip<br />
convmv --notest -f SHIFT-JIS -t UTF8 *<br />
</pre><br />
http://osmanov-dev-notes.blogspot.co.uk/2010/07/how-to-handle-filename-encodings-in.html<br />
<br />
mkdir foo && cd foo<br />
env LANG=C 7z x ../foo.zip<br />
convmv -f SHIFT_JIS -t utf8 --notest -r *<br />
https://allencch.wordpress.com/2013/04/15/extracting-files-from-zip-which-contains-non-utf8-filename-in-linux/</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Media_Conversion&diff=1209
Media Conversion
2014-11-08T11:55:05Z
<p>Haku: </p>
<hr />
<div>== Audio ==<br />
<br />
aac to wav<br />
$ mplayer -ao pcm a.aac -ao pcm:file="a.wav"<br />
<br />
aac to m4a<br />
$ MP4box -add a.aac -new a.m4a<br />
<br />
wav to mp3, mono, 192<br />
<pre><br />
lame -h a.wav a.mp3<br />
lame -h -m m a.wav a.mp3<br />
lame -h -b 192 a.wav a.mp3<br />
</pre><br />
<br />
fixing and info<br />
<pre><br />
mpg123 --rate 44100 --stereo --resync a.mp3<br />
vbrfix a.mp3<br />
exiftool a.mp3<br />
</pre><br />
<br />
extract audio from video<br />
<pre><br />
ffmpeg -i inputfile.flv -acodec copy output.mp3<br />
</pre><br />
GUI tool: soundconverter<br />
<br />
flac to mp3<br />
<pre><br />
ffmpeg -i input.flac -ab 196k -ac 2 -ar 48000 output.mp3<br />
</pre><br />
<br />
split mp3<br />
<pre><br />
sudo aptitude install mp3splt-gtk mp3wrap mp3splt<br />
</pre><br />
<br />
== Video ==<br />
<br />
=== Tools ===<br />
<br />
General guide: http://ubuntuforums.org/showthread.php?t=786095<br />
<br />
=== mplayer ===<br />
<br />
Transcode for Transformer. Burns in ass subs.<br />
* mplayer from source.<br />
* x264 from source.<br />
* neroAacEnc binary (see 4th source),<br />
* Ubuntu repo MP4Box.<br />
* Need to manually supply $FRAME_RATE.<br />
<br />
<pre><br />
mplayer -benchmark -ass \<br />
-vo yuv4mpeg:file=>(x264 --demuxer y4m --crf 22 \<br />
--preset slow --profile main --level 3.1 \<br />
--vbv-bufsize 14000 --vbv-maxrate 14000 \<br />
--threads 2 --output video.264 - 2>x264.log) \<br />
-ao pcm:fast:file=>(neroAacEnc \<br />
-ignorelength -lc -q 0.6 -if - -of audio.mp4 2>nero.log) \<br />
source.mkv<br />
<br />
MP4Box -fps $FRAME_RATE -add video.264 -add audio.mp4 final.mp4<br />
</pre><br />
<br />
Possible FPS detection:<br />
<pre><br />
FPS=$($MPLAYER -vo null -ao null -frames 0 \<br />
-identify "$SOURCE" 2>/dev/null \<br />
| sed -ne '/^ID_/ { s/[]()|&;<>`'"'"'\\!$" []/\\&/g;p }' \<br />
| grep 'VIDEO_FPS' \<br />
| cut -d '=' -f 2)<br />
</pre><br />
<br />
=== mplayer filters ===<br />
<br />
Detect black box border:<br />
<pre><br />
mplayer [source] -chapter 3 -vf cropdetect<br />
</pre><br />
<br />
Select audio and disable subs:<br />
<pre><br />
mplayer [source] -alang ja -nosub -noautosub -forcedsubsonly -sid 1000<br />
</pre><br />
<br />
=== ffmpeg ===<br />
<br />
Down-scale mp4:<br />
<pre><br />
ffmpeg -i source.mp4 -vcodec libx264 -vprofile main -preset slow -b:v 400k -maxrate 400k -bufsize 800k -vf scale=852:480 -threads 0 -acodec libfaac -ab 128k output.mp4<br />
</pre><br />
Note: can do 'scale=-1:480' to calculate width.<br />
<br />
== Lossless Trimming ==<br />
<br />
$FFMPEG -ss 0 -t 00:04:13 -i in.mp4 -acodec copy -vcodec copy out.mp4<br />
<br />
== handbrake ==<br />
<br />
* https://trac.handbrake.fr/wiki/BuiltInPresets#highprofile<br />
* https://dev.gentoo.org/~beandog/handbrake_preset_reference.html<br />
<br />
== References ==<br />
<br />
* http://www.virag.si/2012/01/web-video-encoding-tutorial-with-ffmpeg-0-9/<br />
* http://www.catswhocode.com/blog/19-ffmpeg-commands-for-all-needs<br />
* http://virishi.net/useful-video-transcoding-commands<br />
* https://sites.google.com/site/linuxencoding/x264-encoding-guide<br />
* http://www.mplayerhq.hu/DOCS/HTML/en/faq.html<br />
* http://www.axllent.org/docs/video/mencoder_dvd_to_mpeg4<br />
<br />
== ASCII ==<br />
<pre><br />
xterm -fn 5x7 -geometry 250x80 -e "setterm -cursor off ; mplayer -quiet -vo aa:driver=curses -monitorpixelaspect 0.5 test.avi"<br />
</pre></div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Gif&diff=1208
Gif
2014-11-03T22:07:39Z
<p>Haku: </p>
<hr />
<div> ffmpeg -i brooms.mp4 -ss 0:6:11 -t 0:0:27 -pix_fmt rgb24 -r 10 brooms.gif<br />
convert -layers Optimize brooms.gif brooms_op.gif<br />
* http://superuser.com/questions/436056/how-can-i-get-ffmpeg-to-convert-a-mov-to-a-gif<br />
<br />
convert \( 1.gif -coalesce \) \( 2.gif -coalesce \) a.gif</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Magick&diff=1207
Magick
2014-10-18T15:18:57Z
<p>Haku: Created page with "* http://www.imagemagick.org/script/command-line-processing.php * http://www.imagemagick.org/script/command-line-options.php convert in.jpg -resize '3840x1200^' -gravity cen..."</p>
<hr />
<div>* http://www.imagemagick.org/script/command-line-processing.php<br />
* http://www.imagemagick.org/script/command-line-options.php<br />
<br />
convert in.jpg -resize '3840x1200^' -gravity center -crop 3840x1200+0+0 +repage out.jpg</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Samba&diff=1206
Samba
2014-10-06T17:40:23Z
<p>Haku: /* File name code page */</p>
<hr />
<div>List users:<br />
sudo pdbedit -L -v<br />
<br />
List users with passwds:<br />
sudo pdbedit -L -w<br />
<br />
== File name code page ==<br />
<br />
in smb.conf:<br />
[global]<br />
dos charset = ASCII<br />
unix charset = UTF8<br />
display charset = UTF8<br />
mangled names = no<br />
<br />
== References ==<br />
<br />
* https://www.samba.org/samba/docs/man/manpages/pdbedit.8.html</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Samba&diff=1205
Samba
2014-10-06T17:39:46Z
<p>Haku: </p>
<hr />
<div>List users:<br />
sudo pdbedit -L -v<br />
<br />
List users with passwds:<br />
sudo pdbedit -L -w<br />
<br />
== File name code page ==<br />
<br />
[global]<br />
dos charset = ASCII<br />
unix charset = UTF8<br />
display charset = UTF8<br />
mangled names = no<br />
<br />
== References ==<br />
<br />
* https://www.samba.org/samba/docs/man/manpages/pdbedit.8.html</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Samba&diff=1204
Samba
2014-10-06T17:39:09Z
<p>Haku: </p>
<hr />
<div>List users:<br />
sudo pdbedit -L -v<br />
<br />
List users with passwds:<br />
sudo pdbedit -L -w<br />
<br />
== File name code page ==<br />
<br />
dos charset = ASCII<br />
unix charset = UTF8<br />
display charset = UTF8<br />
mangled names = no<br />
<br />
== References ==<br />
<br />
* https://www.samba.org/samba/docs/man/manpages/pdbedit.8.html</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=Tengwar&diff=1203
Tengwar
2014-10-01T14:44:43Z
<p>Haku: </p>
<hr />
<div>== Fonts ==<br />
<br />
apti pango-graphite<br />
<br />
== Test ==<br />
<br />
<blockquote style="font-family: 'Tengwar Formal CSUR', 'FreeMonoTengwar', 'Constructium', 'Tengwar Formal Unicode', 'Tengwar Telcontar', 'Everson Mono'; font-size: 150%; line-height: 120%"><br />
<br />
</blockquote></div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1202
TLS
2014-08-29T06:59:29Z
<p>Haku: /* Mangle */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -info -noout -in client.p12<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
<br />
ser="$(openssl x509 -in "$cert" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')"<br />
ser="$(hextodec "$ser")"<br />
subj="$(openssl x509 -in "$cert" -noout -subject | sed -n 's/^subject= *\(.*\)$/\1/p')"<br />
<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -set_serial "$ser" -subj "$subj" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out rsa_key_4096.pem -outform PEM -cipher des3 -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key key_a.private.pem -out test-user-cert.pem<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out e.txt.cms \<br />
user-cert.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=TLS&diff=1201
TLS
2014-08-28T13:32:03Z
<p>Haku: /* Mangle */</p>
<hr />
<div>== Examine ==<br />
<pre><br />
openssl x509 -text -in client.pem<br />
openssl rsa -text -in client.pem<br />
openssl crl -text -in cacrl.pem<br />
openssl pkcs12 -info -noout -in client.p12<br />
openssl x509 -text -in thing.der -inform der<br />
</pre><br />
<br />
== Mangle ==<br />
<br />
Change .p12 password:<br />
<pre><br />
openssl pkcs12 -in original.p12 -nodes -clcerts -out temp.pem<br />
openssl pkcs12 -export -in temp.pem -out new.p12<br />
</pre><br />
<br />
Remove RSA pem password:<br />
openssl rsa -in rsa_key.pem -out rsa_key.clear.pem<br />
<br />
Convert .pem to .p12<br />
<pre><br />
openssl pkcs12 -export -in client.pem -out client.p12<br />
</pre><br />
<br />
Split key:<br />
<pre><br />
openssl pkcs12 -nokeys -in original.p12 -out client.crt<br />
openssl pkcs12 -nocerts -in original.p12 -out client.key<br />
</pre><br />
<br />
or without password:<br />
<pre><br />
openssl pkcs12 -nocerts -nodes -in original.p12 -out client.key<br />
</pre><br />
<br />
Merge cert.pem and key.pem to one pem:<br />
openssl pkcs12 -inkey key.pem -in cert.pem -export -out both.p12<br />
openssl pkcs12 -in both.p12 -nodes -clcerts -out both.pem<br />
<br />
Re-wrap RSA key in new x509:<br />
cert="./x509_cert.pem"<br />
cert_key="./x509_cert_and_rsa_key.clear.pem"<br />
tmp_key="./key.tmp.pem"<br />
tmp_cert_key="./cert_key.tmp.p12"<br />
openssl rsa -in "$cert_key" -out "$tmp_key"<br />
openssl req -batch -x509 -nodes -days 90 -key "$tmp_key" -out "$cert" -new<br />
openssl pkcs12 -inkey "$tmp_key" -in "$cert" -export -passout 'pass:' -out "$tmp_cert_key"<br />
openssl pkcs12 -in "$tmp_cert_key" -passin 'pass:' -clcerts -nodes -out "$cert_key"<br />
<br />
== demoCA ==<br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newca<br />
</pre><br />
<pre><br />
/usr/lib/ssl/misc/CA.sh -newreq<br />
/usr/lib/ssl/misc/CA.sh -sign<br />
</pre><br />
<pre><br />
openssl req -new -nodes -out client2.req.pem -keyout client2.key.pem -days 365<br />
openssl ca -out client2.cert.pem -days 365 -infiles client2.req.pem<br />
curl --insecure -E client2.cert.pem --key client2.key.pem https://localhost:8443<br />
</pre><br />
<pre><br />
echo 01 > demoCA/crlnumber<br />
openssl ca -revoke client.pem -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem<br />
openssl ca -gencrl -keyfile demoCA/private/cakey.pem -cert demoCA/cacert.pem -out cacrl.pem -crldays 30<br />
</pre><br />
<br />
== Fields ==<br />
* C=Country Name (2 letter code)<br />
* ST=State or Province Name (full name) <br />
* O=Organization Name (eg, company)<br />
* OU=<br />
* CN=<br />
<br />
== Java ==<br />
<br />
Make self-signed server key.<br />
<pre><br />
/usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA<br />
</pre><br />
<br />
List Trusted CA Certs.<br />
<pre><br />
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts<br />
</pre><br />
<br />
Export a certificate from a keystore<br />
<pre><br />
keytool -export -alias tomcat -file tomcat.crt -keystore keystore.jks<br />
</pre><br />
<br />
Import New CA into Trusted Certs<br />
<pre><br />
keytool -import -trustcacerts -file tomcat.crt -alias tomcat -keystore truststore<br />
</pre><br />
<br />
Export private key:<br />
<pre><br />
keytool -importkeystore \<br />
-noprompt \<br />
-srcstorepass 123456 \<br />
-storepass 123456 \<br />
-srckeystore keystore.jks \<br />
-srcalias tomcat \<br />
-destkeystore key.p12 \<br />
-deststoretype PKCS12<br />
</pre><br />
<br />
References:<br />
* https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html<br />
<br />
=== jks to bks ===<br />
<br />
<pre><br />
keytool -importkeystore -srckeystore successwhale.jks -destkeystore successwhale.bks \<br />
-srcstoretype JKS -deststoretype BKS -srcstorepass 123456 -deststorepass 123456 \<br />
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \<br />
-providerpath ~/Downloads/bcprov-jdk15on-146.jar<br />
</pre><br />
<br />
References:<br />
* http://www.knowledgebit.appspot.com/zahangirbd/TopicView.action?id=180008<br />
* http://stackoverflow.com/questions/6933103/wrong-version-keystore-when-doing-https-call<br />
<br />
<br />
=== AES-NI ===<br />
<br />
* http://software.intel.com/en-us/articles/improved-advanced-encryption-standard-aes-crypto-performance-on-java-with-nss-using-intel<br />
<br />
=== X509 ===<br />
<br />
* http://invariantproperties.com/2012/05/29/introduction-to-digital-certificates-part-4-creating-certs-with-bouncy-castle/<br />
<br />
== CMS ==<br />
<br />
Generate RSA key:<br />
openssl genpkey -out rsa_key_4096.pem -outform PEM -cipher des3 -algorithm RSA -pkeyopt rsa_keygen_bits:4096<br />
<br />
Wrap RSA key to x509<br />
openssl req -x509 -days 365 -new -key key_a.private.pem -out test-user-cert.pem<br />
<br />
Encrypt file:<br />
openssl cms -encrypt -binary \<br />
-aes256 -outform der \<br />
-in a.txt \<br />
-out e.txt.cms \<br />
user-cert.pem<br />
<br />
=== References ===<br />
* http://wiki.openssl.org/index.php/Manual:Cms(1)<br />
* http://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh<br />
<br />
== Remote cert to trust store ==<br />
<br />
<pre><br />
echo | openssl s_client -connect api.successwhale.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
openssl x509 -text -in remote.crt<br />
keytool -import -trustcacerts -file remote.crt -alias api.successwhale.com -keystore successwhale.jks<br />
</pre><br />
<br />
References:<br />
http://www.madboa.com/geek/openssl/<br />
<br />
== Remote cert to pem for Postfix ==<br />
<br />
<pre><br />
echo | openssl s_client -connect sub5.homie.mail.dreamhost.com:587 -starttls smtp | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -out remote.crt<br />
</pre><br />
<br />
== Apache ==<br />
<br />
* http://www.akadia.com/services/ssh_test_certificate.html<br />
<br />
== Benchmark ==<br />
<br />
openssl speed<br />
openssl dhparam -out dhparam_4096.pem 4096</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1200
RAID
2014-07-20T22:05:58Z
<p>Haku: </p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
sudo fsck -f /dev/md0<br />
sudo resize2fs /dev/md0<br />
sudo fsck -f /dev/md0<br />
<br />
Recovery if needed:<br />
e2fsck -cc /dev/md0<br />
resize2fs /dev/md0<br />
fsck -f /dev/md0<br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== Fixing ==<br />
<br />
mdadm --detail --scan<br />
(fix uuid in /etc/mdadm/mdadm.conf)<br />
sudo update-initramfs -u<br />
<br />
* http://ubuntuforums.org/showthread.php?t=1764861<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=MLT&diff=1199
MLT
2014-07-20T16:46:07Z
<p>Haku: /* Aprox for 12.04 */</p>
<hr />
<div> melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M tune=film preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_25 vb=15M<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_50 vb=15M<br />
<br />
see <code>x264 --fullhelp</code> for tune, preset params.<br />
<br />
* http://www.mltframework.org/bin/view/MLT/ConsumerAvformat<br />
* http://superuser.com/questions/358082/command-line-video-editing-in-linux-cut-join-and-preview<br />
* http://bernaerts.dyndns.org/linux/74-ubuntu/214-ubuntu-stabilize-video-melt<br />
<br />
== From src ==<br />
<br />
* http://www.mltframework.org/bin/view/MLT/BuildScripts<br />
* https://github.com/mltframework/mlt-scripts<br />
<br />
=== Aprox for 12.04 ===<br />
apti build-essential libvpx-dev yasm nasm checkinstall<br />
<br />
sudo apt-get build-dep yasm<br />
wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz<br />
tar xf yasm-1.2.0.tar.gz<br />
cd yasm-1.2.0<br />
./configure<br />
make<br />
sudo checkinstall --pakdir "$HOME/Desktop" --pkgname yasm --pkgversion 1.2.0 --default<br />
yasm --version<br />
<br />
apti libeigen3-dev libglew-dev libsdl-dev libtheora-dev libogg-dev libvorbis-dev git automake autoconf libtool intltool g++ \<br />
swig libmp3lame-dev libgavl-dev libsamplerate-dev libxml2-dev ladspa-sdk libsox-dev libsdl-dev libgtk2.0-dev liboil-dev \<br />
libsoup2.4-dev libqt4-dev libexif-dev libtheora-dev libvdpau-dev libvorbis-dev python-dev</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=MLT&diff=1198
MLT
2014-07-20T16:45:34Z
<p>Haku: /* Aprox for 12.04 */</p>
<hr />
<div> melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M tune=film preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_25 vb=15M<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_50 vb=15M<br />
<br />
see <code>x264 --fullhelp</code> for tune, preset params.<br />
<br />
* http://www.mltframework.org/bin/view/MLT/ConsumerAvformat<br />
* http://superuser.com/questions/358082/command-line-video-editing-in-linux-cut-join-and-preview<br />
* http://bernaerts.dyndns.org/linux/74-ubuntu/214-ubuntu-stabilize-video-melt<br />
<br />
== From src ==<br />
<br />
* http://www.mltframework.org/bin/view/MLT/BuildScripts<br />
* https://github.com/mltframework/mlt-scripts<br />
<br />
=== Aprox for 12.04 ===<br />
apti build-essential libvpx-dev yasm nasm checkinstall<br />
<br />
sudo apt-get build-dep yasm<br />
wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz<br />
tar xf yasm-1.2.0.tar.gz<br />
cd yasm-1.2.0<br />
./configure<br />
make<br />
sudo checkinstall --pakdir "$HOME/Desktop" --pkgname yasm --pkgversion 1.2.0 --default<br />
yasm --version<br />
<br />
apti libeigen3-dev libglew-dev libsdl-dev libtheora-dev libogg-dev libvorbis-dev git automake autoconf libtool intltool g++ swig libmp3lame-dev libgavl-dev libsamplerate-dev libxml2-dev ladspa-sdk libsox-dev libsdl-dev libgtk2.0-dev liboil-dev libsoup2.4-dev libqt4-dev libexif-dev libtheora-dev libvdpau-dev libvorbis-dev python-dev</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=MLT&diff=1197
MLT
2014-07-20T16:43:27Z
<p>Haku: /* From src */</p>
<hr />
<div> melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 vb=15M tune=film preset=slow apsect=16/9<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_25 vb=15M<br />
<br />
melt prj.xml -consumer avformat:prj.mp4 \<br />
acodec=libmp3lame acodec=aac ab=128k \<br />
vcodec=libx264 mlt_profile=atsc_1080p_50 vb=15M<br />
<br />
see <code>x264 --fullhelp</code> for tune, preset params.<br />
<br />
* http://www.mltframework.org/bin/view/MLT/ConsumerAvformat<br />
* http://superuser.com/questions/358082/command-line-video-editing-in-linux-cut-join-and-preview<br />
* http://bernaerts.dyndns.org/linux/74-ubuntu/214-ubuntu-stabilize-video-melt<br />
<br />
== From src ==<br />
<br />
* http://www.mltframework.org/bin/view/MLT/BuildScripts<br />
* https://github.com/mltframework/mlt-scripts<br />
<br />
=== Aprox for 12.04 ===<br />
apti build-essential libvpx-dev yasm nasm checkinstall<br />
<br />
sudo apt-get build-dep yasm<br />
wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz<br />
tar xf yasm-1.2.0.tar.gz<br />
cd yasm-1.2.0<br />
./configure<br />
make<br />
sudo checkinstall --pakdir "$HOME/Desktop" --pkgname yasm --pkgversion 1.2.0 --default<br />
yasm --version<br />
<br />
apti libeigen3-dev libglew-dev libsdl-dev libtheora-dev libogg-dev libvorbis-dev<br />
<br />
git automake autoconf libtool intltool g++<br />
swig libmp3lame-dev libgavl-dev libsamplerate-dev libxml2-dev ladspa-sdk<br />
libsox-dev libsdl-dev libgtk2.0-dev liboil-dev libsoup2.4-dev libqt4-dev libexif-dev libtheora-dev libvdpau-dev libvorbis-dev python-dev</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1196
RAID
2014-07-12T19:54:03Z
<p>Haku: /* Growing */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
sudo fsck -f /dev/md0<br />
sudo resize2fs /dev/md0<br />
sudo fsck -f /dev/md0<br />
<br />
Recovery if needed:<br />
e2fsck -cc /dev/md0<br />
resize2fs /dev/md0<br />
fsck -f /dev/md0<br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1195
RAID
2014-07-10T17:49:26Z
<p>Haku: /* Growing */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
<fsck><br />
<br />
Recovery if needed:<br />
e2fsck -cc /dev/md0<br />
resize2fs /dev/md0<br />
fsck -f /dev/md0<br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1194
RAID
2014-05-26T07:54:17Z
<p>Haku: /* Growing */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
<wait><br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<wait><br />
<fsck><br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<wait><br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1193
RAID
2014-05-26T07:43:55Z
<p>Haku: /* Growing */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1<br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/grow_md0_3.bak<br />
<fsck><br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4 --backup-file=/root/grow_md0_4.bak<br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku
http://w.vaguehope.com/wiki/index.php?title=RAID&diff=1192
RAID
2014-05-26T07:40:31Z
<p>Haku: /* Growing */</p>
<hr />
<div>== Set up ==<br />
<br />
* [[Postfix]]<br />
<br />
<pre><br />
sudo aptitude install mdadm<br />
</pre><br />
<br />
== Create ==<br />
<br />
=== Set disc type ===<br />
<br />
For each disc:<br />
<br />
<pre><br />
sudo fdisk /dev/sdb<br />
<br />
n ; for a new partition<br />
enter<br />
p ; for a primary partition<br />
enter<br />
1 ; number of partition<br />
enter ; accept the default<br />
enter ; accept the default<br />
t ; to change the type<br />
fd ; sets the type to be “Linux raid auto detect” (83h)<br />
w ; write changes to disk and exit<br />
</pre><br />
<br />
=== GUID type ===<br />
<br />
parted /dev/sda<br />
mklabel gpt<br />
mkpart primary 0GB 3001GB<br />
set 1 raid on<br />
<br />
https://www.gnu.org/software/parted/manual/html_chapter/parted_7.html<br />
<br />
=== Create array ===<br />
<pre><br />
sudo mdadm --create --verbose /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1<br />
sudo watch cat /proc/mdstat<br />
</pre><br />
<br />
=== mdadm.conf ===<br />
<br />
sudo -i<br />
mdadm --detail --scan >> /etc/mdadm/mdadm.conf<br />
<br />
Though the above does not quite work. Make it look more like this: (remove name or get weird md127 issues)<br />
ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 UUID=659ec2c1:6631ccfd:08dbd99b:5bf050a3<br />
<br />
Remember: test by rebooting.<br />
<br />
REMEMBER: run `sudo update-initramfs -u` after editing mdadm.conf.<br />
<br />
=== Format ===<br />
<br />
<pre><br />
sudo mkfs.ext4 /dev/md0<br />
</pre><br />
<br />
=== Mount ===<br />
<br />
Add to `/etc/fstab'. 'nobootwait' is IMPORTANT.<br />
<pre><br />
/dev/md0 /media/yama ext4 defaults,errors=remount-ro,nobootwait 0 2<br />
</pre><br />
<br />
=== Extra ===<br />
<br />
Test email:<br />
sudo mdadm --monitor --scan --test --oneshot<br />
<br />
Set the mdadm configuration to send an Email on startup:<br />
sudo vim /etc/default/mdadm<br />
Add the --test parameter to the DAEMON_OPTIONS:<br />
DAEMON_OPTIONS="--syslog --test"<br />
<br />
=== Removing ===<br />
<br />
lsblk<br />
sudo mdadm --stop /dev/md0<br />
sudo mdadm --zero-superblock /dev/sda1<br />
sudo mdadm --zero-superblock /dev/sdb1<br />
sudo fdisk /dev/sda (and delete part)<br />
sudo fdisk /dev/sdb (and delete part)<br />
lsblk<br />
<br />
=== Growing ===<br />
<br />
RAID1 to RAID5<br />
<create partition sdc1><br />
<stop crons that use md0><br />
umount /dev/md0<br />
mdadm --stop /dev/md0<br />
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sda1 /dev/sdb1 --backup-file=/root/create_md0_raid5.bak<br />
mdadm --add /dev/md0 /dev/sdc1<br />
mdadm --grow /dev/md0 --raid-devices=3<br />
<fsck><br />
<br />
RAID5 to RAID6<br />
<create partition sdd1><br />
mdadm --add /dev/md0 /dev/sdd1<br />
mdadm --grow /dev/md0 --level=6 --raid-devices=4<br />
<fsck><br />
<br />
* http://neil.brown.name/blog/20090817000931<br />
* https://raid.wiki.kernel.org/index.php/Growing<br />
* http://ubuntuforums.org/showthread.php?t=1852476<br />
<br />
== References ==<br />
* https://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html<br />
* http://warfieldninjas.com/2010/11/ubuntu-software-raid5-and-raid6-with-mdadm/<br />
* http://www.howtogeek.com/51873/how-to-setup-software-raid-for-a-simple-file-server-on-ubuntu/<br />
* http://www.ainer.org/raid-5-6-install-setup-configuration-guide-for-ubuntu-10-04-lts-lucid-lynx/2<br />
* http://ubuntuforums.org/showthread.php?t=884556</div>
Haku