graffitihead

Ubuntu Custom CD: a quick and dirty way

A few notes on my practical experience of building custom ubuntu disks. I work here with Ubuntu Precise (12.04). But any other Ubuntu distro should be ok, unless the bug I mention below is fixed, then you can stick with the official guide. Anyways, lets start:

First, useful resources used:

https://help.ubuntu.com/community/Repositories/Ubuntu
https://help.ubuntu.com/community/AptMoveHowto
https://help.ubuntu.com/community/LiveCDCustomization
http://wiki.debian.org/DebianInstaller/Modify/CD
https://help.ubuntu.com/community/InstallCDCustomization - this is the main tutorial I followed. However a few things didn't work for me, so here are my workarounds.

If you follow the guide you will run into the error: can't install base-files while bootstrapping the installer. The practical testing demonstrated that there is some problem with generated Packages (sequence?), so with wrong sequence you'll have base-files and base-passwd to fail dependency on libc6. I believe this bug is similar to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601670 and I have not been able to figure out how to generate a proper Packages sequence. Instead, I simply modify the checksums/sizes for updated ubuntu-keyring in Packages and have everything else in 'extra' folder. This way you don't need to worry about sequences althu this is a bit of manual work. The good thing is - you only have to do it once, to add your pgp key to ubuntu-keyring, and won't have to do it again, unless you'd have the key.

So here are my steps of doing custom Ubuntu disk:

step 1: generate your gpg key pair and create new version of ubuntu-keyring package (you will have .deb and .udeb files). (covered very well here https://help.ubuntu.com/community/InstallCDCustomization)
step 2: mount and copy content of official ubuntu image. (also covered here https://help.ubuntu.com/community/InstallCDCustomization, so won't be repeated)
step 3:

Copy over your ubuntu-keyring packages into proper location, replacing old files:

cp ubuntu-keyring_2011.11.21.1_all.deb c-image/pool/main/u/ubuntu-keyring/ubuntu-keyring_2011.11.21.1_all.deb

cp ubuntu-keyring-udeb_2011.11.21.1_all.udeb cd-image/pool/main/u/ubuntu-keyring/ubuntu-keyring-udeb_2011.11.21.1_all.udeb


step3:
generate packages file, so you could cut-n-paste the right bits:

apt-ftparchive packages cd-image/dists/precise/main/ > /tmp/newPackages

note that if you try to replace current Packages.gz with newPackages file, your installation will fail because of wrong sequence. if you don't replace the Packages file, which contains checksums for ubuntu-keyring packages, your installation will fail due to 'corrupt cd media' error.

step 4:

cd into cd-image/dists//main

cd binary-amd64 (or i386)
gunzip Packages (and you can leave this unpacked. if you wish)

now edit the file and replace the entry for ubuntu-keyring*.deb with the one from /tmp/newPackages. you can leave everything in place and just replace size, md5sum, sha1, sha128, sha256, ..

once done, save the file.

cd -
cd debian-installer

gunzip Packages

and replace the entry for ubuntu-keyring-udev* fule with the one from /tmp/newPackages.

save and you're good.

step5: create your own preseed file (again, the official guide works very well on this)

step6: create cd-image/pool/extra folder and copy your files into cd-image/pool/extra

step7:
create apt-ftparchive folder. create release.conf file in it. create apt-ftparchive-extras.conf file. Here are mine:

cat apt-ftparchive/apt-ftparchive-extras.conf
Dir {
ArchiveDir "/opt/cd-image/";
};

TreeDefault {
Directory "pool/";
};

BinDirectory "pool/extras" {
Packages "dists/precise/extras/binary-amd64/Packages";
};

Default {
Packages {
Extensions ".deb";
Compress ". gzip";
};
};

Contents {
Compress "gzip";


};

and release.conf:

cat apt-ftparchive/release.conf
APT::FTPArchive::Release::Origin "Ubuntu";
APT::FTPArchive::Release::Label "Ubuntu";
APT::FTPArchive::Release::Suite "precise";
APT::FTPArchive::Release::Version "12.04";
APT::FTPArchive::Release::Codename "precise";
APT::FTPArchive::Release::Architectures "amd64";
APT::FTPArchive::Release::Components "main restricted extras universe";
APT::FTPArchive::Release::Description "Ubuntu 12.04 LTS custom";

..

step8:

run this script:

#!/bin/bash

BUILD=/opt/cd-image
APTCONF=/opt/apt-ftparchive/release.conf
DISTNAME=precise
KEY=YourKeyID
pushd $BUILD
apt-ftparchive -c $APTCONF generate /opt/apt-ftparchive/apt-ftparchive-extras.conf
apt-ftparchive -c $APTCONF release $BUILD/dists/$DISTNAME > $BUILD/dists/$DISTNAME/Release

gpg --default-key $KEY --output $BUILD/dists/$DISTNAME/Release.gpg -ba $BUILD/dists/$DISTNAME/Release
find . -type f -print0 | xargs -0 md5sum > md5sum.txt
popd


step9:

you can build your iso now:
#!/bin/bash
IMAGE=custom.iso
BUILD=/opt/cd-image/

mkisofs -r -V "Custom" \
-cache-inodes \
-J -l -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot \
-boot-load-size 4 -boot-info-table \
-o $IMAGE $BUILD



you should have proper bootable custom.iso in the current folder by now. Enjoy!
graffitihead

OpenVAS 4.x/5.x from SVN source

Didn't see any around. so here are my notes.
Build instructions for Debian and ubuntu. Assuming pcap, libc, gcc are already installed.

build libraries first:

cd openvas-libraries
apt-get install uuid-dev
apt-get install libgpgme11-dev libgpg-error-dev
apt-get install gnupg2
apt-get install libssh-dev libglib2.0-dev
apt-get install cmake
apt-get install gnutls-doc
apt-get install gnutls-bin

apt-get install libgnutls-dev
apt-get install libssh2-1-dev libssh-4
apt-get install libssh2-1-dev libssh-4
apt-get install libwxfgtk2.8-dev
rm CMakeCache.txt
cmake .
make
make doc && make doc-full && make install
ldconfig

build scanner:

cd openvas-scanner
cmake .
make
make doc && make doc-full && make install
openvas-mkcert

get plugins:

openvas-nvt-sync

build manager:

cd openvas-manager
apt-get install libsqlite3-dev
apt-get install xmltoman
apt-get install sqlfairy
apt-get install xsltproc
export PKG_CONFIG_PATH=/usr/share/pkgconfig
cmake .
make && make doc && make doc-full && sudo make install
openvas-mkcert-client -n om -i


build administrator:

cd openvas-administrator
cmake . && make && make doc && sudo make install

build GSA:

cd gsa
apt-get install libmicrohttpd-dev libxslt1-dev
make && make doc && sudo make install

build CLI: (optional)

cmake .
make && make doc && sudo make install

build GSD: (optional)

apt-get install qt4-dev-tools qt4-cmake
cmake .
make && make doc && sudo make install
graffitihead

socket proxy in erlang

Since I started spitting out some code here, here's another thing I've been playing recently. Erlang. For kicks, I decided to implement a socket proxy/connection bouncer. The erlang socket programming model is slightly different from the ones we used to in python/c/perl/... so here is the piece (docs and original example here:
http://www.erlang.org/doc/man/gen_tcp.html

Interesting things to pay attention on:

you are only going to get data via messages (receive statement) if you use active socket. w/ passive socket you'll have to fetch it with recv.

{packet,0} - means you're getting raw data. it is also possible to request for pre-packaged data (see avail. options at http://www.erlang.org/doc/man/inet.html#setopts-2).

Anyways,
1-2:erl fygrave$ cat socket_proxy.erl
-module(socket_proxy).

-export([
	 start/4,
	 server/3,
	 process/1,
         loop/2
]).
%
% once compiled, start it like socket_proxy:start(20, 1222, "somehost", 22).
%
start(Num,LPort, Host, DPort) ->
    case gen_tcp:listen(LPort,[{active, true},{packet,0}]) of
        {ok, ListenSock} ->
            start_servers(Num,ListenSock, Host, DPort),
            {ok, Port} = inet:port(ListenSock),
            Port;
        {error,Reason} ->
            {error,Reason}
    end.
start_servers(0,_, _, _) ->
    ok;
start_servers(Num,LS, Host, DPort) ->
    spawn(?MODULE,server,[LS, Host, DPort]),
    start_servers(Num-1,LS, Host, DPort).
server(LS, Host, DPort) ->
    io:format("Server started ~n"),
    case gen_tcp:accept(LS) of
        {ok,S} ->
            io:format("Got connect ~n"),
            case gen_tcp:connect(Host, DPort,
				 [binary, 
		     {packet,0},
		     {active, true}
                    ]
				) of
		{ok, Socket} ->
		    loop(S,Socket),
		    server(LS,Host, DPort);
		E ->
		    io:format("Error:Connect failed!~n"),
		    E
		end,
		ok;
        Other ->
            io:format("Error: accept returned ~w - finita!~n",[Other]),
            ok
    end.
loop(S,Socket) ->
    inet:setopts(S,[{active,once}]),
    receive
        {tcp,S,Data} ->
	    io:format("Received tcp ~p ~n",[Data]),
            Ret = process(Data), % you can poke around with the data
            gen_tcp:send(Socket,Ret),
            loop(S, Socket); % erlang awesomeness. no loops ;)
        {tcp,Socket,Data} ->
            io:format("Received tcp(S) ~p ~n", [Data]),
            Ret = process(Data),
            gen_tcp:send(S, Ret),
            loop(S,Socket);
        {tcp_closed,S} ->
            gen_tcp:close(Socket),
            io:format("Socket ~w closed [~w]~n",[S,self()]),
            ok;
        {tcp_closed, Socket}->
            gen_tcp:close(S),
            io:format("Socket (S) ~w closed [~w]~n",[S,self()]),
            ok
	
    end.

process(Data) ->
    io:format("Process data: ~p ~n", [ Data]),
    Data.


blah. time for stress-test ;)
graffitihead

Chunked decoding in python

I haven't been able to find any short and quick method of decoding "chunked-encoding" encoded data in python without whacking 3rd party libraries, so here is my bet:
(chunked content encoding explained here: http://www.faqs.org/rfcs/rfc2616.html)

assuming that data contains raw http response. Code simplified for readability
def decode_chunked(data):
    offset = 0
    encdata = ''
    newdata = ''
    offset = string.index(data, "\r\n\r\n") + 4 # get the offset 
    # of the data payload. you can also parse content-length header as well.
    encdata =data[offset:]
    try:
        while (encdata != ''):
            off = int(encdata[:string.index(encdata,"\r\n")],16)
            if off == 0:
                break
            encdata = encdata[string.index(encdata,"\r\n") + 2:]
            newdata = "%s%s" % (newdata, encdata[:off])
            encdata = encdata[off+2:]
                             
    except:
       line = traceback.format_exc()
       print "Exception! %s" %line # probably indexes are wrong
    return newdata


for php version look here:

http://www.codingforums.com/showthread.php?t=147061
graffitihead

(no subject)

Everyone knows that Kyrgyz Internet magically went down when the whole revolutinary mess, purchased by north american or russian democrats, kicked off. Makes me thinking: we should build a p2p-ble framework for twitter/file and video swaps. so as long as there are bytes that could make it from one network to another, the network would be communicable. This sort of explains why skype survived while everything else went down. Due to p2p nature of skype it is extremely difficult to block
graffitihead

Refused US visa. 2 times

What's wrong with all those dudes sitting in embassy I wonder!! I have 1 week-short business trip planned. I have all the invitation letters and flights in place. full time employed, coming with all these papers to the embassy just to waste 10,000NT going into pockets of American political system and 20 minutes of fruiteless conversation with some iron-headed crook. ughhh...
graffitihead

(no subject)

now this is funny :) ripped off from some chain letter. "A foreigner decides to start learning chinese. on the first class he gets list of words for 'wife' and 'husband'. here's the list ;-) (use translate.google.com if you want to find the actual meaning :))


Wife =

1妻子,
2老婆,
3太太,
4夫人,
5老伴,
6愛人,
7內人,
8媳婦,
9那口子,
10拙荊,
11賢內助,
12對象,
13孩他媽,
14孩他娘,
15內子,
16婆娘,
17糟糠,
18娃他娘,
19崽他娘,
20山妻,
21賤內,
22賤荊,
23女人,
24馬子,
25主婦,
26女主人,
27財政部長,
28紀檢委,
29渾人,
30娘子,
31屋裏的,
32另一半,
33女當家,
34渾家,
35髮妻,
36堂客,
37婆姨,
38領導,
39燒火婆,
40黃臉婆

Husband =

1,丈夫
2,愛人
3,那口子
4,當家的
5,掌櫃的
6,不正經的
7,潑皮
8,不爭氣的
9,沒出息的
10,該死的
11,死鬼
12,死人
13,傻子
14,臭不要臉的
15,孩子他爹
16,孩子他親爹
17,哎
18,老公
19,豬
20,親愛的
21,先生
22,官人
23,相公
24,大人
25,挨千刀的
26,老伴
27,男客