Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>

Clone

HTTPS: git clone https://vervis.peers.community/repos/yEzqv

SSH: git clone USERNAME@vervis.peers.community:yEzqv

Branches

• master

Tags

infinote.mdwn

[[TODO|TODO/OPEN]] write about all the config I did and how to use as a client. Pay attention to the certificate part, see how it can work with Monkeysphere if possible

After several months, time has come to make infinote work!

Here’s how my setup works. There’s a system user infinote which runs the daemon, and its home folder is /home/infinote. There there’s a file .config/infinoted.conf which requires TLS, sets the key and cert files and some more options. The port number is not the normal 6523, because my wifi router (supplied by the ISP) can forward only 16 entries, and I’m already using them all. Until I setup my own router (hopefully running LibreCMC), I’m limited to using port ranges. Therefore the port is 51414, and can be changed in the initscript.

Currently there’s no public access to the infinote server, and users are authenticated using a PAM service. That service uses the pwdfile module, which uses a file containing pairs of username and password hash.

Tasks:

• Create a server page for infinote, and move this diary there
• Can I use my own cert and key in place of infinote’s? Check the properties of the generated ones, and make my own ones instead, signed with my CA
• Document the process of getting access to the server. This is beginning to feel like an LDAP server to centrally approve users won’t hurt. I could use Linux users for that perhaps - I’m not sure why everyone seems to use databases. Maybe the ability to authenticate over the network and maintain order. Anyway, for now it’s just send-me-email-with-username. But I also need to tell people how to generate a password hash to send to me.
• How to make the password hash? How to add a user? I knew that and did it already once! Document it clearly
• Test! I’ll probably need to test with myself…
• I2P access, consider how it will play with/out TLS

Links:

• http://www.ghacks.net/2010/05/03/set-up-infinote-server-for-collaborative-use/
• http://softwarebakery.com/infinote-server-with-pam
• http://gobby.0x539.de/trac/wiki/Infinote/Infinoted
• http://fabianrodriguez.com/blog/2010/02/05/gobby-server-in-3-steps
• http://gobby.debian.org/
• http://www.webupd8.org/2011/04/how-to-set-up-and-use-gedit.html

As to passwords, here are weak ways to generate them:

http://softwarebakery.com/infinote-server-with-pam

But look what the docs say:

https://github.com/tiwe-de/libpam-pwdfile (g1thu8 link)

I used one of the openssl commands, which seem to have weak hashes. I don’t know much about hashes, but mkpasswd also offers SHA-256 and SHA-512. Maybe they’re better? Anyway, I need to try. My file is at /etc/infinoted.passwd.

Looks like what I had so far was an MD5 hash. Let’s move to SHA.

As to the initscript, it’s from the links above but I added a port option:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          infinoted
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts infinoted
# Description:       starts infinoted using start-stop-daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/infinoted-0.5
USER=infinote
NAME=infinoted
PIDFILE=/home/infinote/.infinoted/infinoted-0.5.pid
DESC="Infinote Daemon"
PORT=51414

test -x $DAEMON || exit 0

if [ -f /etc/default/infinoted ] ; then
	    . /etc/default/infinoted
fi

set -e

. /lib/lsb/init-functions

# Function that starts the daemon
d_start() {
	    log_daemon_msg "Starting $DESC" "$NAME"
	    start-stop-daemon --quiet -c $USER -p $PIDFILE -x $DAEMON --start -- -p "$PORT"  -d
	    log_end_msg $?
}

# Function that stops the daemon
d_stop() {
	    log_daemon_msg "Stopping $DESC" "$NAME"
	    start-stop-daemon --quiet -c $USER -p $PIDFILE -x $DAEMON --stop -- -D
	    log_end_msg $?
}

case "$1" in
  start)
	    d_start
	    ;;
  stop)
	    d_stop
	    ;;
  restart)
	    log_daemon_msg "Restarting $DESC" "$NAME"
	    d_stop || true
	    sleep 1
	    d_start
	    log_daemon_msg "Done"
	    ;;
  status)
	    status_of_proc -p $PIDFILE "$DAEMON" infinoted && exit 0 || exit $?
	    ;;
  *)
	    log_daemon_msg "Usage: $NAME {start|stop|restart|status}" >&2
	    exit 1
	    ;;
esac

exit 0

Okay, reading about mkpasswd… it comes from the whois package, at least on Debian 7.

http://www.cyberciti.biz/faq/generating-random-password/

Here’s an example for users to follow for my infinote server:

$ mkpasswd --method=sha-512

Then it asks for the password. Then you send me the username you want and the hash you got from that command. Example:

$ mkpasswd --method=sha-512
Password: hello
$6$t8PPrSEMyfYx$wOkAK0D8EiLASBEJptMByfziW6RIUXFb5Bu2XDr5buFspxJHGrVyNrKyDK7oXHnZbLO7teAw7Xq4H4xo8MbAI1

I just tried Gobby - it connects to localhost:51414 and asks for the password. Then it lets me use the chat and create a new document. Seems to work. I do get a certificate warning. It’s time to create my own one. The domain is going to be collab.partager.null (allows TLS) and collab.partager.i2p (allows TLS but there’s probably no need to use it).

Before I open the cert with TinyCA, I’d like to handle the harddisk replacemnent task. See you there.