Podman Containers with Systemd (Quadlets)

This is a simple example of how to use Podman to create a container which runs as a user.

Install podman (assumes DNF but you can work it out for any other package manager).

dnf install podman

Add some UIDs and GIDs for the user to utilise in podman. Here we push the UID/GID to something very high to ensure no overlap.

usermod --add-subuids 1000000000-1000999999 znxster
usermod --add-subgids 1000000000-1000999999 znxster

Prepare the user account by enabling linger. This will spawn a user manager at boot which allows services to run when users aren’t logged in.

systemctl enable-linger znxster

Now we can login as the user and create our container.

As we modified subuid/subgid we should migrate podman to ensure that the userspace environment is up-to-date (this will also update existing containers).

podman system migrate

Create this directory to store our container unit files for system to use.

mkdir ~/.config/containers/systemd/

We will run a postgres database as an example.

Create a directory to store the data in, this will be mapped as a volume.

mkdir ~/postgres-data

We can use a podman secret to store the password.

printf "my_safe_password" | podman create secret postgres-pass -

Now create the container unit file, edit the file ~/.config/container/systemd/postgres.container with this content.

[Unit]
Description=My Postgres Container

[Container]
Image=docker.io/library/postgres:latest
Volume=%h/postgres-data:/var/lib/postgresql/data:Z
PublishPort=5432:5432
Environment=POSTGRES_USER=postgres
Secret=postgres-pass,type=env,target=POSTGRES_PASSWORD

[Service]
Restart=always

[Install]
WantedBy=default.target

Check out the documentation for many more options available.

Now reload the systemd daemon to cause it to discover this file.

systemctl --user daemon-reload
systemctl --user status postgres

It can also be useful to manually test with the systemd-generator (known as quadlet) to see if there are issues with your container file.

/usr/lib/systemd/system-generators/podman-system-generator --user --dryrun

This will output any error.

You can start/stop/enable all the standard systemd options.

systemctl --user enable --now postgres

Now you can connect to postgres on port 5432 as normal.

psql -U postgres
Password for user postgres:
postgres=#

How Samba and SMB Versions Relate

SMB/CIFS is a protocol made by Microsoft for sharing files across the network. Samba is a set of tools/libraries created to provide support for SMB/CIFS in Linux and Mac.

SMB VersionReleased inSambaLinux
SMB1DOSSamba 1.x
SMB2.0Vista
2008
Samba 3.6
SMB2.1Win7
2008R2
Samba 4.0.0Linux 3.7
SMB3 (SMB2.2)Win8
2012
Samba 4.1
SMB3.0.2 (SMB3.02)Win8.1
2012R2
Linux 3.12 (backported)
SMB3.1.1Win10
2016
Samba 4.3Linux 4.2

Hopefully nobody is still using SMB1 still, it is insecure and obsolete. Indeed from Samba 4.11 and Linux 6 onwards, disable it by default.

Merging SQLite Databases

If you have two SQLite databases which are the same tables, you can merge them by attaching and then inserting.

$ sqlite3 data.sqlite3
SQLite version 3.31.1 2020-01-27 19:55:54
Enter ".help" for usage hints.
sqlite> attach 'data2.sqlite3' as merge;
sqlite> .table
archive        merge.archive
sqlite> begin;
sqlite> insert into archive select * from merge.archive;
sqlite> commit;
sqlite> detach merge;
sqlite> .quit

It is also just a useful way to handle multiple databases in a single session.

Highlighting Long a Lines

This is a simple configuration for detecting when a line is over a certain length within VIM. This uses a option called colorcolumn which is only available when compiled with the syntax feature.

highlight ColorColumn ctermfg=white ctermbg=darkred guibg=darkred
colorcolumn=+1

That will highlight the column one character after the textwidth. If the textwidth is zero, then this will not be used.

Unrar Bug

So I was recently scripting with the unrar tool and discovered something was wrong.

$ unrar t file.rar
UNRAR 3.80 freeware Copyright (c) 1993-2008 Alexander Roshal
file.rar is not RAR archive
$ echo $?
0

It was returning zero all the time, even when the file wasn’t a rar. This is obviously wrong but also makes it very unhelpful for using in scripting. Fortunately enough a mate on IRC discovered that his version did it correctly.

So I first download the existing SRPM and installed it:

$ yumdownloader --source unrar
$ rpm -i unrar*.srpm

Then I installed that and simply modified so I downloaded the latest version, created a RPM and installed.

I have submitted the a bug report to RPMfusion.

WPA2 Wireless With Linux

This is a simple tutorial produced by me and my good mate enigma. It is aimed at Gentoo and uses the Broadcom drivers but this should replicate to other systems.

The first step is to get your drivers and for Broadcom, which is relatively easy as they produce them for us. So first download the driver (these drivers support BM4311-, BCM4312-, BCM4321-, and BCM4322-based cards) and was also successful in this case with BCM4328.

Check that the package ‘linux-headers’ is installed, this is really just for completeness sakes. Gentoo would not work for long without this package!(gentoo)# emerge linux-headers
... output ...

Unpack the downloaded drivers and build for your current kernel:
(gentoo)# tar -xzf hybrid-portsrc-ARCH-VERSION.tar.gz
(gentoo)# make -C /lib/modules/`uname -r`/build M=`pwd`
... output ...

Remove any existing wireless drivers.
(gentoo)# rmmod ndiswrapper b43 ssb bcm43xx b43legacy

Add in some modules required for WPA wireless:
(gentoo)# modprobe ieee80211_crypt_tkip

Test the newly built wireless driver:
(gentoo)# insmod wl.ko
(gentoo)# iwconfig
.. output ...
(gentoo)# iwlist scanning
... output ...

If that is working we can copy in the driver to the kernel and add to the autoload:
(gentoo)# cp wl.ko /lib/modules/`uname-r`/kernel/net/wireless/
(gentoo)# rmmod wl
(gentoo)# modprobe wl
(gentoo)# echo 'wl' >>/etc/modules.autoload.d/kernel-2.6

So now we have a working driver we can go on to configure for WPA. Alter the /etc/conf.d/net (note we assume that eth0 is wireless):
# Prefer wpa_supplicant over wireless-tools
modules=( "wpa_supplicant" )
# It's important that we tell wpa_supplicant which driver we should
# be using as it's not very good at guessing yet
wpa_supplicant_eth0="-Dmadwifi"

Next set up the network in the /etc/wpa_supplicant/wpa_supplicant.conf:
# This setting is required or the connection will not work
ctrl_interface=/var/run/wpa_supplicant
# Ensure that only root can read the WPA configuration
ctrl_interface_group=0
# Let wpa_supplicant take care of scanning and AP selection
ap_scan=1
# Only WPA-PSK is used. Any valid cipher combination is accepted
network={
ssid="example"
proto=WPA RSN # RSN is needed for WPA2
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
#The higher the priority the faster it connects
priority=2
}

And that is it, you should find that your wireless is enabled on boot.
Thanks should also go to DJ Kaos for the preparation of the driver.

Renaming Files In A Directory

So I had a problem on Windows in that I have lots of directories that are named correctly but I wish the files under them to be uniformly named.

The solution was to use PowerShell, which is an extremely effective scripting tool for Windows, especially if you come from a UNIX shell background.

There is actually quite a lot of documentation available for it and rather than go into detail I will simply show you the script:

#
# RenameDirectoryFiles.ps1
#
 
param( [string[]]$paths )
Set-PSDebug -Strict
 
foreach ( $path in $paths ) {
    if ( !(Test-Path $path -PathType Container) ) {
        Write-Error "'$path' doesn't exist or isn't a directory"
        exit 1
    }
 
    $i = 0
    Get-ChildItem $path | sort FullName | foreach {
        $tmp = "{0:000}" -f $i
        $ext = $_.Extension
        $newname = "$path - $tmp$ext"
        Rename-Item $_.fullname $newname
        $newname
        $i = $i + 1
    }
}

So the usage is extremely simple:

RenameDirectoryFiles.ps1 'My Directory'

After which all the files under ‘My Directory’ will be renamed to ‘My Directory – 000.fileextension’.