Browsed by
Category: Problem solutions

Setting up your own git server with individual user accounts

Setting up your own git server with individual user accounts

This is sort of covered in other spots, but not as clearly and from scratch. Here’s a complete guide that shows how to set up your own git server and git clients. I found this setup handy when trying out some more complex git merging commands and experimenting with remotes while learning git.

I tested this on Ubuntu 16.04 by creating an Ubuntu virtual machine and then cloning it. 1 VM for the server, and 2 for clients. I used bridged networking so each would get their own IP address, but that’s not required as long as the VM’s can communicate with each other over TCP/IP.

There are two ways to set the git accounts up. The first way shown has all client users accessing the repository through the same server user account. While each user’s submissions will be labeled correctly in the git log, having everyone use the same system account isn’t safe computing practices for groups. Instead, if you follow the instructions in the optional part you can use individual user accounts and keep things more safe.

Client/Server Setup

First, on the server:

  1. Make sure ssh is installed on the server:
    server$ sudo apt-get install openssh-server
  2. Make sure sshd is running/listed when you do a ps. If not, reboot or restart it.
    server$ ps -A | grep sshd
  3. Make sure git is installed:
    server$ sudo apt-get install git-core
  4. Add a user to the server that will hold the git repositories
    server$ sudo adduser git
    server$ sudo passwd git
    server$ su - git
    server$ mkdir -p .ssh

 

Next, on your client:

  1. Make sure git is installed
    client$ sudo apt-get install git-core
  2. Create an ssh key. While not strictly required, it’s a good idea to add a passcode to the key when prompted during key creation.
    client$ ssh-keygen -t rsa

    This should create a file called id_rsa.pub in your ~/.ssh directory. See documentation on ssh-keygen for full details.

  3. Copy the ssh key to the server’s git directory:
    client$ scp ~/.ssh/id_rsa.pub git@server.com:/home/git/client_id_rsa.pub

 

Back on server:

  1. Add the client user’s key to the ssh list in the /home/git/.ssh directory
    server$ mkdir ~/.ssh
  2. Append the client user key to the list of authorized keys
    server$ cat ~/client_id_rsa.pub >> ~/.ssh/authorized_keys
  3. Create a new group called ‘gituser’ we’ll use for users to access our repository in /home/git/
    sudo groupadd gituser
    sudo usermod -a -G gituser git
  4. Log out completely and back in. You MUST do this for group assignment to take effect orsubsequent chgrp/chmod commands won’t work.
  5. Make the git repository and tell it to share based on the group the user belongs to.
    server$ cd ~git
    server$ mkdir -p mydepot
    server$ cd mydepot
    server$ git init --bare --shared=group
    Initialized empty Git repository in /home/git/mydepot/
  6. Set the permissions on the repository directory so that anyone in the new ‘gituser’ group can access it.
    chgrp -R gituser /home/git/mydepot
    chmod -R g+rw /home/git/mydepot
    chmod g+s `find /home/git/mydepot -type d`

 

Back on client (if it is a clean client without files for the repo):

  1. Test your ssh connection by trying to ssh into the server (using the git user)
  2. Create the local project:
    client$ mkdir -p depot/project1
    client$ cd depot/project1
    client$ git config --global user.email "you@client.com"
    client$ git config --global user.name "clientUsername"
  3. Clone the remote to your local system
    client$ git clone ssh://git@serverurl_or_ip:/home/git/mydepot/ .

Enter your username password and you’re done. The clone and the remote should be connected. Push/Fetch as normal. See the optional part below if you don’t want to use a global git user account on the server.

 

Or – Back on client that HAS existing files you want to get to the server:

Lets say you have a client that already has a bunch of files or even a git repository and you want to start using a remote repository. Here’s how you can add those local files into the remote server repository you just created.

  1. Initialize the repository where your client files are
    client$ git init
      Initialized empty Git repository in <blah>
    client$ git add .
    client$ git commit
      <Write something about this being a commit from the client>
  2. If you are going to using the git user account for all users, connect the project to your server this way:
    client$ git remote add origin ssh://git@serverurl_or_ip:/home/git/mydepot/

    If you don’t want to use the git account, then you must first create a user account on the server that matches the client userid (making sure to set the group/user properties on the server account), then use this:

    client$ git remote add origin ssh://serverurl_or_ip:/home/git/mydepot/

    Enter the password for your username or the ‘git’ server user depending on which one you used.

  3. Set up git configuration to avoid warnings and push:
    client$ git config –global push.default simple
    client$ git push –set-upstream origin masterYou will be prompted for the passkey you used when you created your RSA key in the above push step. Enter that passkey (not your git/user account password).

Optional – Using user accounts instead of a global ‘git’ account on the server.

The previous instructions had everyone use the same ‘git’ server user account when checking in – which means everyone must have the ‘git’ server account password. The log will show the right names, but security-wise this isn’t always best to use one global account on servers.

If you have more than one user but want everyone to log in separately, simply create a user account on the server like this:

On client for each client user:

  1. Create a ssh key on your client as before.
  2. Copy that key .pub to the server and append it to the authorized_keys file as above.
    client$ scp .ssh/myclient_id_rsa.pub git@serverurl_or_ip:/home/git

On server:

  1. Append the client’s public key to the authorized keys
    server$ cat ~/myclient_id_rsa.pub >> ~/.ssh/authorized_keys
  2. Create a user account that matches the userid on the client
    server$ sudo useradd client_username
    server$ sudo passwd client_username
  3. Make sure the new user account has access to the /home/git/ project directories by setting their group membership:
    server$ sudo usermod -a -G client_username

From now on, you don’t need to specify the git user account. Do not put the git@ part into the git clone url and use the username’s password when asked to log in:

client$ git clone ssh://serverurl_or_ip:/home/git/mydepot .

This method works great, but does require that you keep the client and server userid account passwords synced.

Setting up a Windows client:

Once the server is set up, you’re almost there. Microsoft has written a good guide. You’ll need OpenSSH or Windows 10 installed the generate an ssh key (if you don’t have one already).
https://docs.microsoft.com/en-us/vsts/git/use-ssh-keys-to-authenticate?view=vsts

 

Resource links:

Backdoor IRA’s with Turbotax 2017

Backdoor IRA’s with Turbotax 2017

Ok – Turbotax 2017 has a problem with its entry ordering when handling backdoor Roth IRA’s. If you just follow the normal wizards, you’ll end up with the incorrect information for your IRA contributions either: pay too much tax or be informed you have to pay a penalty for having gone over the IRA contribution limits.

The solution comes in several parts to get the wizard to figure out the right data. Here’s 3 major pitfalls I hit:

  1. If you do automated imports of statements from your financial institute, or you simply enter your IRA contributions/transfers to Roth IRA on page 1/’Wages & Income’ section of your federal taxes BEFORE you enter the ‘Traditional and Roth IRA Contributions’ section on the ‘Deductions & Credits’ page 2, then it often calculates your backdoor Roth IRA incorrectly.
  2. Double-entry and confusion around the word ‘contributed’. You only ‘contributed’ to a traditional IRA. You didn’t contribute to your Roth IRA, you transferred money to it. This can lead to overpayment.
  3. Confusion about conversions and recharacterizations. They seem interchangeable, but are very different tax terms that result in massively different calculations and even severe penalties if done wrong.

 

Solutions and information:

There are number of write-ups on this topic, but here’s the ones that helped:

 

Checking your 8606 form

Once you’ve done the steps above, you should verify the generated 8606 form is correct. Have Turbotax generate a PDF with the worksheets and find the 8606 form. Here’s a site that has a great, and complete, description of backdoor Roth IRA handling shows you what your 1040 and generated 8606 forms should look like.

 

Intel Hardware RAID vs Microsoft Storage Spaces

Intel Hardware RAID vs Microsoft Storage Spaces

RAID systems on home servers and PC’s has become more common now. While we have been in a period of stubbornly elevated prices (from a historic standpoint), hard drives are always doubling in capacity on a regular cadence and improving performance.

There are several things you need to consider when setting up a RAID system. Will this set be my boot drive? What capacity do I need? How much fault tolerance do I need? What performance do I need?

The answer to these questions determines which RAID configuration you should set up. For my setup, I need fault tolerance and performance. This means I will continue to run RAID 5.

Question is, can I do better? There is software RAID available from Microsoft in Windows 10 called Storage Spaces. Also included with most Intel-based motherboards is a hardware RAID. So which should one choose?

Turns out someone has done the analysis between them, and done a good job too. Long story short, stick to hardware RAID, and RAID 5 is still the fastest and most fault tolerant configuration.

Windows vs Intel Raid Performance Smackdown

My 3 brand new 4TB 7200rpm drives are about to thank me. 🙂

VNC on Ubuntu 16 and 17

VNC on Ubuntu 16 and 17

Works on 17.04 as well.

The biggest pain about Ubuntu is changes they made to vnc setup. Often, once you think you have it set up, you connect and get nothing but the ancient X windows grey screen with no way to interact with the UI.

This method works for 17.04 and 16.04. It’s also faster performance that other approaches.

Ubuntu 16.04 – Configure your system to have x11vnc running at startup

Summary:

sudo apt-get install x11vnc -y
sudo x11vnc -storepasswd /etc/x11vnc.pass
Edit /lib/systemd/system/x11vnc.service

[Unit]
Description=Start x11vnc at startup.
After=multi-user.target
[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /etc/x11vnc.pass -rfbport 5900 -shared
[Install]
WantedBy=multi-user.target

sudo systemctl enable x11vnc.service
sudo systemctl daemon-reload
sudo shutdown -r now

On reboot run the script:
sudo ./vnc-startup.sh

Or, just manually start it:
x11vnc -usepw -forever

Use your vnc client to connect to the system’s ip address at port :5900

Kernel compiling and the PIC mode error

Kernel compiling and the PIC mode error

If you see this when compiling an Ubuntu or other kernel (my case was a Yocto kernel on an Ubuntu 17.04 distro)

...
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CC scripts/mod/empty.o
/usr/src/linux-4.4/scripts/mod/empty.c:1:0: error: code model kernel does not support PIC mode
/* empty file to figure out endianness / word size */

 

Then the issue is with your gcc installation. In gcc 6+ versions, PIE (position independent executables) is enabled by default. So in order to compile you need to disable it. Even gcc 5 has the issue. This is a known bug for gcc. Bug Link.

So far there is no official patch from gcc side, so the workaround is to patch the Makefile of kernel source.

If you are familiar with patching the source file use the codes from this link to create the patch file then try to compile.Patch File

Here’s the patch to add to your kernel Makefile to disable PIE compiling.

diff –git a/Makefile b/Makefile
index 5c18baa..e342473 100644
— a/Makefile
+++ b/Makefile
@@ -612,6 +612,12 @@ endif # $(dot-config)
# Defaults to vmlinux, but the arch makefile usually adds further targets
all: vmlinux

+# force no-pie for distro compilers that enable pie by default
+KBUILD_CFLAGS += $(call cc-option, -fno-pie)
+KBUILD_CFLAGS += $(call cc-option, -no-pie)
+KBUILD_AFLAGS += $(call cc-option, -fno-pie)
+KBUILD_CPPFLAGS += $(call cc-option, -fno-pie)

# The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default
# values of the respective KBUILD_* variables
ARCH_CPPFLAGS :=

 

Shiny Pokemon and iPhone screen recording

Shiny Pokemon and iPhone screen recording

I was fooling around with Pokemon Go and ended up getting a very rare shiny Magikarp. I also wanted to know how hard it was to record the iPhone screen and the sound. There are lots of different ways from both PC and Mac, but I used my Mac Mini and it was very easy:

  1. Connect your iPhone or iPad to your Mac via the lightning cable.
  2. Open QuickTime player.
  3. Click File then select ‘New Movie Recording’
  4. A recording window will appear (with you in it, most likely). …
  5. Select the Mic of your iPhone if you want to record music/sound effects.
  6. Click the Record button.

So, I recorded the evolution from the rare shiny Magikarp to the rare shiny Gyarados. Results were very good:

VNC-ing into Ubuntu 14.04

VNC-ing into Ubuntu 14.04

Some VNC functionality was broken in Ubuntu 14.04 due to Vino, but fortunately, it’s fixable:

 

Using a combination of clues from http://discourse.ubuntu.com/t/remote-desktop-sharing-in-ubuntu-14-04/1640 (which is all about VNC access) and https://bugs.launchpad.net/ubuntu/+source/vino/+bug/1281250 (which discusses the bug introduced into Vino) I have managed to resolve the matter.

Essentially you have to disable encryption on remote desktop access in Gnome due to a bug that has come to surface in Vino. However, some threads tell you to uncheck it in the wrong place. Follow these guidelines and you should be able to resolve it quickly.

Specifically it’s

dconf > org > gnome > desktop > remote-access > require-encryption – uncheck

and NOT

dconf > desktop > gnome > remote-access > enabled – uncheck

Here is how you do it:

  1. First make sure Desktop Sharing is set up properly.
  2. Download dconf-tools by typing in Terminal sudo apt-get install dconf-tools
  3. Run dconf-Editor
  4. Expand org
  5. Expand gnome
  6. Expand Desktop
  7. Select Remote Access
  8. Uncheck Require Encryption (don’t click on Set to Default as it rechecks it)
  9. Exit dconf-Editor

It should now work. Tested through a reboot and all good.

Hope it helps.

(I have got a screen shot of dconf but don’t have enough points on here to post it – I am sure everyone can work it out for themselves though! 🙂 )