13 Oct 2023
•
almalinux
•
riscv
•
foundry
Until a couple of weeks ago I assumed that RISC-V was still an experimental architecture
that one would have to customize in VHDL or Verilog and use on an FPGA. So when Debian
announced official support for the new architecture, I decided to have a closer look. It
turns out there are several Raspberry Pi-class boards with RISC-V processors that run some
flavor of Linux, and not surprisingly most vendors offer a Debian-based image for their
boards.
More …
29 Jul 2023
•
bash
•
compiler
Two years ago, I was tasked to write a program that generates RPM package
repositories from a large pool of packages. The pool is a set of directories that
contain all packages that were ever built for a given Miracle Linux release, and
the program would be used to pick specific packages from the pool and generate
repositories for yum and dnf. The existing program had hard-coded rules for
package selection that made it require frequent repairs, and it didn’t play nice
with modularity packages. Since the new solution should be an improvement over
the old one, I decided to separate the rules from the code, and for this I needed
a small domain-specific language. I had already written a lot of absurd things in
Bash at the time, so naturally I had to see if a parser could be another of those
things.
More …
08 Jul 2023
•
toolbox
•
messaging
•
eip
In the previous two
articles, I explained how scripts
can communicate with point-to-point and publish-subscribe messaging. There are
different ways how the two mechanisms can be used, so this time we’re going to
have a look at the Request-Reply Pattern. In this pattern, there are two parties. The
first one, the requestor, sends a request to the replier, which sends a response
back to the requestor, as shown in the following figure. If this reminds you of
client-server communication, you got the idea.
More …
10 Jun 2023
•
toolbox
•
bash
When I first wrote toolbox, my goal was to remove
boilerplate code from my scripts and improve code-reuse. Because my scripts became
more robust and maintainable, I felt more comfortable writing long-running processes
like daemons in bash, which led to the development of the ipc module for
message-based communication. Because the module uses GPG for message signing, it can
be tricky to set up, so I added the uipc module, which does mostly the same thing,
but without message signing.
More …
27 May 2023
•
toolbox
•
messaging
•
eip
In the last article, I have explained how to
implement the Point-to-Point Channel and Competing Consumers patterns with toolbox to
process messages in parallel. When employing the Competing Consumers pattern, every message
on the channel will be received by only one process. But what if we wanted to broadcast
messages so that each process receives a copy? This is where
Publish-Subscribe Channels enter the stage.
More …
06 May 2023
•
toolbox
•
messaging
•
eip
Around the time when I was implementing queues in toolbox,
I was reading Enterprise Integration Patterns, a book about messaging patterns, written by
Gregor Hohpe (whom I worked with more than a decade ago) and Bobby Woolf. While reading the
book, I thought how awesome it would be if I could use my queues to implement messaging in
Bash — and that’s how I got inspired to write the uipc module. Because there is no documentation
but an API reference, I decided to
write a few articles about how the uipc module can be used to implement some of the messaging
patterns from the book.
More …
04 May 2023
•
meta
•
automation
As I was adding the finishing touches to the last article of a series I have been writing for
the German monthly Linux-Magazin, I decided to write more stuff to put on here. Not
necessarily at the same pace or with the same depth, but we’ll see.
More …
29 Jul 2022
•
security
•
ipsec
I have a VPS that is hosting a mail server, CalDAV/CardDAV for calendar and contacts,
and some other daily necessities. Because I like to keep my attack surface small (and
having temporal wiggle space for deploying security updates), most of the services on
this VPS are only accessible from inside a VPN. Because the VPS is one of those
semi-virtualized ones where all VPSes share the host kernel, I can’t just go ahead and
load kernel modules as I see fit. Or in other words, I cannot use a VPN that needs more
than a TUN/TAP interface from the kernel, such as IPsec VPNs. So for a lack of other
options, I have been using OpenVPN for the past several years, and it has been working
okay-ish, except I never got it to work on my iPhone. Like on Android, there is no native
OpenVPN support on iOS, meaning you have to use an app for it, and I couldn’t for the life
of me figure out how to get it to connect to my server. Luckily, I got another VPS in the
meanwhile, and it allows me to load kernel modules, which means the IPsec VPN option is
back on the table – so I decided to have a closer look at strongswan one more time. In
the end, it took me several evenings to figure out a configuration that uses certificates
for mutual authentication and works reasonably well on Linux as well as iOS clients. This
post explains how I got it all to work.
More …
19 Jan 2022
•
bash
I promised that we’re going to build a distributed system in bash, but the
mutex that we’ve written in the last part is still pretty far way from that
goal. This time, let’s build something more tangible: a queue!
More …
30 Oct 2021
•
bash
When you need a piece of glue-code, a wrapper, or you want to execute
a few commands in succession, Shell is the natural choice. However,
Shell is almost never chosen for the implementation of larger
applications. While there are some good reasons for that, there are
also a number of good reasons in favor of shell.
More …