Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>

[[ 🗃 ^yEzqv rel4tion-wiki ]] :: [📥 Inbox] [📤 Outbox] [🐤 Followers] [🤝 Collaborators] [🛠 Commits]

Clone

HTTPS: git clone https://vervis.peers.community/repos/yEzqv

SSH: git clone USERNAME@vervis.peers.community:yEzqv

Branches

Tags

master :: projects / systems / diaries /

infinote.mdwn

[[TODO|TODO/OPEN]] write about all the config I did and how to use as a client. Pay attention to the certificate part, see how it can work with Monkeysphere if possible


After several months, time has come to make infinote work!

Here’s how my setup works. There’s a system user infinote which runs the daemon, and its home folder is /home/infinote. There there’s a file .config/infinoted.conf which requires TLS, sets the key and cert files and some more options. The port number is not the normal 6523, because my wifi router (supplied by the ISP) can forward only 16 entries, and I’m already using them all. Until I setup my own router (hopefully running LibreCMC), I’m limited to using port ranges. Therefore the port is 51414, and can be changed in the initscript.

Currently there’s no public access to the infinote server, and users are authenticated using a PAM service. That service uses the pwdfile module, which uses a file containing pairs of username and password hash.

Tasks:

Links:

As to passwords, here are weak ways to generate them:

http://softwarebakery.com/infinote-server-with-pam

But look what the docs say:

https://github.com/tiwe-de/libpam-pwdfile (g1thu8 link)

I used one of the openssl commands, which seem to have weak hashes. I don’t know much about hashes, but mkpasswd also offers SHA-256 and SHA-512. Maybe they’re better? Anyway, I need to try. My file is at /etc/infinoted.passwd.

Looks like what I had so far was an MD5 hash. Let’s move to SHA.

As to the initscript, it’s from the links above but I added a port option:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          infinoted
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts infinoted
# Description:       starts infinoted using start-stop-daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/infinoted-0.5
USER=infinote
NAME=infinoted
PIDFILE=/home/infinote/.infinoted/infinoted-0.5.pid
DESC="Infinote Daemon"
PORT=51414

test -x $DAEMON || exit 0

if [ -f /etc/default/infinoted ] ; then
	    . /etc/default/infinoted
fi

set -e

. /lib/lsb/init-functions

# Function that starts the daemon
d_start() {
	    log_daemon_msg "Starting $DESC" "$NAME"
	    start-stop-daemon --quiet -c $USER -p $PIDFILE -x $DAEMON --start -- -p "$PORT"  -d
	    log_end_msg $?
}

# Function that stops the daemon
d_stop() {
	    log_daemon_msg "Stopping $DESC" "$NAME"
	    start-stop-daemon --quiet -c $USER -p $PIDFILE -x $DAEMON --stop -- -D
	    log_end_msg $?
}

case "$1" in
  start)
	    d_start
	    ;;
  stop)
	    d_stop
	    ;;
  restart)
	    log_daemon_msg "Restarting $DESC" "$NAME"
	    d_stop || true
	    sleep 1
	    d_start
	    log_daemon_msg "Done"
	    ;;
  status)
	    status_of_proc -p $PIDFILE "$DAEMON" infinoted && exit 0 || exit $?
	    ;;
  *)
	    log_daemon_msg "Usage: $NAME {start|stop|restart|status}" >&2
	    exit 1
	    ;;
esac

exit 0

Okay, reading about mkpasswd… it comes from the whois package, at least on Debian 7.

http://www.cyberciti.biz/faq/generating-random-password/

Here’s an example for users to follow for my infinote server:

$ mkpasswd --method=sha-512

Then it asks for the password. Then you send me the username you want and the hash you got from that command. Example:

$ mkpasswd --method=sha-512
Password: hello
$6$t8PPrSEMyfYx$wOkAK0D8EiLASBEJptMByfziW6RIUXFb5Bu2XDr5buFspxJHGrVyNrKyDK7oXHnZbLO7teAw7Xq4H4xo8MbAI1

I just tried Gobby - it connects to localhost:51414 and asks for the password. Then it lets me use the chat and create a new document. Seems to work. I do get a certificate warning. It’s time to create my own one. The domain is going to be collab.partager.null (allows TLS) and collab.partager.i2p (allows TLS but there’s probably no need to use it).

Before I open the cert with TinyCA, I’d like to handle the harddisk replacemnent task. See you there.

[See repo JSON]