Skip to main content

Prohibit pasword authentication for sshd

· One min read

Make sure PasswordAuthentication is no in config files

cat /etc/ssh/sshd_config | grep -i passwordauthentication
PasswordAuthentication no

cat /etc/ssh/sshd_config.d/50-cloud-init.conf | grep -i passwordauthentication
PasswordAuthentication no

Restart sshd

sudo systemctl restart sshd

Run git action locally

· 2 min read

To run a GitHub Action locally, you can use tools like Act. Act is a popular utility that lets you execute GitHub Actions workflows on your local machine.

Steps to Run a GitHub Action Locally:

  1. Install Act You can install Act using a package manager or by downloading a binary:

    • Linux/macOS (via Homebrew): 
      brew install act
    • Linux/macOS/Windows (via binary): Download from the Act Releases page.

  2. Verify Installation Ensure Act is installed correctly:

    act --version

  3. Prepare Your Repository

    • Make sure your repository contains a .github/workflows/ directory with your GitHub Action workflows.

  4. Provide Secrets (If Needed) If your workflow uses secrets, create a .secrets file in the root of your repository:

    MY_SECRET=your-secret-value

    Or pass secrets directly via the command line:

    act --secret MY_SECRET=your-secret-value

  5. Run the Workflow To run the default workflow (push event):

    act

    To run a specific event:

    act <event_name>

    For example:

    act pull_request

  6. Use Custom Runner Images (Optional) By default, Act uses a lightweight image. If your workflow requires a specific environment, use a custom image:

    act -P ubuntu-latest=nektos/act-environments-ubuntu:18.04

Notes:

  • Dependencies: Ensure your local environment has all required dependencies installed for the workflow to execute correctly.
  • Docker Requirement: Act uses Docker to emulate GitHub Actions environments. Make sure Docker is installed and running on your system.

This approach helps you test and debug your GitHub Actions workflows locally without pushing changes to the repository.

Exclude files from git diff

· One min read

Exclude specific files from git diff

git diff -wu ${hash} -- . ':(exclude)a' ':(exclude)dir/b'

Explanation

  • git diff -wu : Show the changes between two commits, ignoring whitespace
  • ${hash} : Commit hash
  • -- : Separate the commit hash from the file paths
  • . : Include all files in the current directory
  • ':(exclude)a' : Exclude file a

Modify rpath of a binary program

· One min read

Install patchelf

sudo apt install -y patchelf # Ubuntu/Debian
sudo yum install -y patchelf # CentOS/Fedora

Modify rpath

patchelf --set-rpath /path/to/libraries /path/to/binary

Check current rpath

patchelf --print-rpath /path/to/binary

Switch Back From NVIDIA to Nouveau

· 2 min read

disable nvidia driver

  1. open terminal

  2. check the current driver

    lspci -k | grep -A 2 -E "(VGA|3D)"

    see the output like this:

    Kernel driver in use: nvidia

  3. switch to text mode

    sudo systemctl set-default multi-user.target
    sudo reboot

  4. remove nvidia driver one by one

    sudo modprobe -r nvidia*

Set Firewall for ZeroTier Interface

· 2 min read

0. Check interface name of zerotier

root@ImmortalWrt:~# zerotier-cli listnetworks

200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 565799d8f6d8da8f furious_draper 8e:da:a0:99:f2:2c OK PUBLIC ztr2qucatz 192.168.168.168/24

ztr2qucatz is the interface name that we need to use later

1. Add zone

# Add a new zone for ZeroTier
uci add firewall zone
uci set firewall.@zone[-1].name='zerotier'      # Set the zone name to 'zerotier' (can be any name you choose)
uci set firewall.@zone[-1].network='ztr2qucatz' # Set the network to the ZeroTier interface (ztr2qucatz)
uci set firewall.@zone[-1].input='ACCEPT'       # Allow incoming traffic
uci set firewall.@zone[-1].output='ACCEPT'      # Allow outgoing traffic
uci set firewall.@zone[-1].forward='ACCEPT'     # Allow forwarding traffic (if needed)
uci commit firewall
/etc/init.d/firewall restart

2. Add rule

# Allow all traffic from the zerotier zone to the lan zone
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-Zerotier'                  # Name for this rule
uci set firewall.@rule[-1].src='zerotier'                         # Source is the zerotier zone (the name of zone just created)
uci set firewall.@rule[-1].dest='lan'                             # Destination is the LAN zone (adjust if necessary)
uci set firewall.@rule[-1].target='ACCEPT'                        # Allow the traffic
uci set firewall.@rule[-1].family='ipv4'                          # Use IPv4 (you can set 'ipv6' or 'both' if needed)
uci set firewall.@rule[-1].dest_port='21 22 80 139 445 4000 8083' # Specify service port need to be allowed
uci commit firewall
/etc/init.d/firewall restart

Aria2 OSSL_PROVIDER_load 'legacy' failed

· One min read

Openwrt Legacy OpenSsl error #2152

/etc/init.d/aria2 add BOLD line. procd_add_jail "$NAME.$section" log procd_add_jail_mount "/usr/lib" #fix "errorCode=1 OSSL_PROVIDER_load 'legacy' failed" procd_add_jail_mount "$ca_certificate" "$certificate" "$rpc_certificate" "$rpc_private_key" procd_add_jail_mount_rw "$dir" "$config_dir" "$log" procd_close_instance

  • Solution:

    opkg update && opkg install openssl-legacy

Reference

Disadvantages of strlen() in Embedded Domain

· One min read

To read from a "TCP Communication" you are probably using read. The prototype for read is

ssize_t read(int fildes, void *buf, size_t nbyte);

and the return value is the number of bytes read (even if they are 0). So, let's say you're about to read 10 bytes, all of which are 0. You have an array with more than enough to hold all the data

int fildes;
char data[1000];
// fildes = TCPConnection
nbytes = read(fildes, data, 1000);

Now, by inspecting nbytes you know you have read 10 bytes. If you check data[0] through data[9] you will find they have 0;

Reference