issue106:tutoriel2
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
issue106:tutoriel2 [2016/02/28 16:03] – créée auntiee | issue106:tutoriel2 [2016/04/18 14:02] (Version actuelle) – créée andre_domenech | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | In the early days of computers, a company called Digital Equipment Corporation (DEC) created its 32-bit VAX computer using openVMS as its operating system. Because a VAX/VMS computer is so reliable, there are today - after more than 25 years - still a large number of them in use. But, in the end, even these reliable computers will have to be replaced. As described in part 1, you could migrate from VAX/VMS to Linux, as the way Linux works is largely compatible with VAX/VMS. If you use Pascal as your programming language, you will find that Lazarus/ | + | ===== 1 ===== |
- | The art of migration | + | **I would like to start off this article by presenting my new server to the reader. |
- | The best way to do a migration | + | Yes, this is it (shown above). A 2013 version (actually 2014) Nexus 7 tablet, with the Ubuntu Touch operating system. Naturally, it is no news today that mobile phone and tablet hardware is up to some creative use (light use, actually) as a server - the Raspberry Pi took care of that. A point could even be made that ARM processors are ideal for servers with light or sporadic use, since the very same power management characteristics that are so useful making the most of your mobile phone’s battery can actually be put to use, putting such a server to sleep when not processing requests, thus saving on electrical bills. |
+ | |||
+ | What was lacking was in fact the operating system. Neither iOS nor Android can be seen as server-grade operating systems, they are just not built that way. Their paradigm | ||
- | What are eventflags? | + | J' |
- | Eventflags are, in essence, global booleans. The reason why they are important is the fact that they are used consistently throughout the entire system in VMS, including kernel and drivers. Their main function is synchronization between processes and drivers, processes and other processes, or even within a process, between threads. But they can also be used to maintain | + | Oui, c'est lui (ci-dessus). Une version de 2013 (en fait, de 2014) de la tablette Nexus 7, dont le système d' |
- | An eventflag can be set or cleared implicitly or explicitly. Implicitly when used while accessing a device (cleared upon starting and set when done), or explicitly using the kernel routines $SETEF and $CLREF. When set or cleared with the kernel routines, the kernel will return the previous state of the eventflag as its result. This makes it possible to use the eventflag as a binary semaphore, as only 1 process can set the flag and get the result “WASCLEARED”, | + | Ce qui manquait, c' |
+ | ===== 2 ===== | ||
- | How are eventflags used? | + | **WE HAVE ROOT |
+ | To operate a server, having root access to the underlying system is a must. Software needs to be installed and configured, and indeed some services need root access just to start up - mainly those using privileged TCP/IP ports in the 1-1023 range (think Web servers). | ||
- | Only setting or clearing would be useless without reading | + | We all know about the hoops iOS and Android make users run through just to gain root access. Special programs need to be installed, that basically use much the same tools a hacker would need to escalate privileges |
- | You can even wait for one of a number of eventflags | + | In Ubuntu Touch, on the other hand, we can just fire up the terminal - and yes, there is a terminal available as standard. Much as you would on any Ubuntu computer, the default user (who goes by the login “phablet”) just needs to issue a sudo bash, and there one is with root privileges. The password is the same password |
- | In VMS, all access to devices goes through a unified system call named QIO (Queued Input / Output). First you have to create a link to a device to get a handle. Each device has a different way to do this: To access a physical device directly, you use “assign”; | + | Nous avons Root |
- | As the name implies, the kernel uses queues to store your request, a separate queue for every device. This means you do not have to wait for the request to finish. Therefore this function exists in 2 flavors: The $QIO for asynchronous access, and $QIOW if you want to wait for the result. In both cases you have to specify an eventflag | + | Pour faire fonctionner un serveur, il est absolument nécessaire d' |
- | To implement asynchronous calls to functions that are synchronous in Linux, I've used threads. The call to QIO creates a new thread in which the synchronous function is used, the eventflag is cleared and the program continues. When the function is ready, the eventflag is set and the thread is closed. This way, the program behaves on Linux as it did on VMS. | + | Nous savons tous que les utilisateurs d'iOS et d' |
- | Fortunately, you do not always have to use the QIO call. There exist higher level calls that do the complex stuff for you, but the penalty is that this cannot be done asynchronously. As an example: Reading from or writing to a file is done with the VAX-Pascal “open” statement (in Free Pascal: assign), followed by reset/ | + | En revanche, dans Ubuntu Touch, il suffit de lancer le terminal |
+ | ===== 3 ===== | ||
- | How many and what kind are available? | + | **This can be seen both as a good, and a bad feature. On one hand, there is no futzing about with software of dubious origin. On the other, any software that is well-enough thought out could eventually persuade the user to enter his password, thus gaining root access. If Ubuntu Touch were to gain a considerable market share, then such phishing attempts would unfortunately become more a probability than a mere hypothesis. |
- | There are 128 eventflags you can use, numbered from 0 to 127. As they are implemented as 32-bit unsigned integers within the kernel, the eventflags are divided in 4 blocks of 32 each. Because eventflags can be used for different purposes, there are also different eventflags. The first two blocks (or clusters as they are called in VMS) are the process local eventflags (0..31 and 32..63). They can be accessed only by the process itself, and are mainly used when accessing a driver or using a timer. The last two clusters (64..95 and 96..127) are called common eventflags. These clusters exist only when created. | + | THE PACKAGE MANAGER |
- | When you create | + | Since we have root, it should be a relatively simple affair |
- | Once created, they are not fixed to your process. You can switch between clusters (in VMS this is called mapping). Be aware that you can map a common eventflag cluster to a different block. In this case, an eventflag mapped to eventflag 64 in one process could be the same as eventflag 96 in another process! You should better avoid this to prevent confusion. | + | In the first place, Ubuntu Touch has gone the Snappy way. This is a new way of distributing the actual files that a software package contains into our computer’s filesystem. In the regular versions of the *buntu distributions, the apt package system is used. In each package file (actually a .DEB extension file), many individual files are contained. On installation, |
- | Valid only when tested! | + | “Each snappy package is installed into its own directory. snappy packages will never overwrite files that belong to different packages or older versions of the same package. A normal snappy package can read only its own space and write to a special writable area. This is enforced via the apparmor profile for ubuntu-core apps.” |
- | To test my functions, I created a program to show/change all eventflags and to create common eventflag clusters. In the past, there have been times I would have paid good money to have such a program when working with VMS. This small program will also be available as open source. | + | Source: Ubuntu Snappy Filesystem Layout Guide https://developer.ubuntu.com/ |
- | Next month: In the next article, I will go more in-depth on logicals. | + | On peut le considérer comme une fonctionnalité qui soit à la fois bonne et mauvaise. D'un côté, on n'a pas à bricoler avec des logiciels dont l' |
+ | |||
+ | Le gestionnaire de paquets | ||
+ | |||
+ | Puisque nous avons root, ce serait plutôt simple d' | ||
+ | |||
+ | D' | ||
+ | |||
+ | « Chaque paquet snappy est installé dans son propre répertoire. Les paquets snappy n' | ||
+ | |||
+ | |||
+ | Source : Ubuntu Snappy Filesystem Layout Guide https:// | ||
+ | |||
+ | |||
+ | ===== 4 ===== | ||
+ | |||
+ | **Instead of using the Snappy default location for applications (which is /apps), Ubuntu Touch uses directory / | ||
+ | com.ubuntu.terminal: | ||
+ | |||
+ | # find / -name terminal | ||
+ | |||
+ | / | ||
+ | |||
+ | / | ||
+ | |||
+ | / | ||
+ | |||
+ | Ubuntu Touch also has a different software manager. Both graphical (the “Ubuntu Store” app) and console (“pkcon”) versions are available. Unfortunately, | ||
+ | |||
+ | Au lieu de l' | ||
+ | |||
+ | com.ubuntu.terminal : | ||
+ | |||
+ | # find / -name terminal | ||
+ | |||
+ | / | ||
+ | |||
+ | / | ||
+ | |||
+ | / | ||
+ | |||
+ | Ubuntu Touch possède aussi un gestionnaire de logiciels différent. Une version graphique (l' | ||
+ | ===== 5 ===== | ||
+ | |||
+ | **So, what can we use to install our favorite server software? The answer is naturally the very same apt-get, aptitude, etc, commands we are used to on Ubuntu Server. Now, before going any further, let us stress that this is NOT something Canonical approves of, which is quite understandable in a way since there is no guarantee that the Snappy/ | ||
+ | |||
+ | Before proceeding, we should note that the root filesystem is mounted read-only by default on Ubuntu Touch. So the first thing we will need to do is make it remount read-write. To do so, start on the device by going to Settings > About this device > Developer Mode, and turn the Developer Mode on. Now, with the USB cable, connect the device to the computer used to install Ubuntu Touch - or any computer with the phablet-tools package installed. As root, issue the following command on the computer: | ||
+ | |||
+ | # phablet-config writable-image | ||
+ | |||
+ | You should eventually see the device reboot, now with the filesystem | ||
+ | |||
+ | Alors, comment installer nos logiciels serveur préférés ? La réponse est, naturellement, | ||
+ | |||
+ | Avant de continuer, je dois signaler que le système de fichiers de root est monté par défaut en lecture seule sur Ubuntu Touch. Ainsi, la première chose que nous devons faire, c'est le remonter en lecture et en écriture. Pour ce faire, commencez sur votre dispositif en allant à Paramètres > À propos de > Mode développeur et activer celui-ci. Ensuite, utiliser son câble USB pour connecter le dispositif à l' | ||
+ | |||
+ | # phablet-config writable-image | ||
+ | |||
+ | Après un temps d' | ||
+ | |||
+ | ===== 6 ===== | ||
+ | |||
+ | **Inside the Terminal app on the device itself, or through a terminal from the computer (try command “adb shell” on the computer with the device connected), we can now issue a series of commands: | ||
+ | |||
+ | phablet@ubuntu-phablet: | ||
+ | |||
+ | [sudo] password for phablet: | ||
+ | |||
+ | root@ubuntu-phablet: | ||
+ | |||
+ | and we should see the tablet making its connection to the Ubuntu repositories in the usual manner. | ||
+ | |||
+ | MAKING USE OF AVAILABLE TECHNIQUES | ||
+ | |||
+ | Once the apt system is up and running, we can start installing the software to turn our tablet into a server. Just to make things clear: we will be installing software that is meant to work in the background, with, at most, error messages on the console or in log files. There will be no graphical programs on this one, basically because most graphical software for Ubuntu is still compiled for the X server. Ubuntu Touch runs Mir, which is not compatible.** | ||
+ | |||
+ | À l' | ||
+ | |||
+ | phablet@ubuntu-phablet: | ||
+ | |||
+ | [sudo] password for phablet: | ||
+ | |||
+ | root@ubuntu-phablet: | ||
+ | |||
+ | et l'on devrait voir la tablette se connecter normalement aux dépôts Ubuntu. | ||
+ | |||
+ | Utiliser les techniques disponibles | ||
+ | |||
+ | Une fois que le système apt fonctionne bien, nous pouvons commencer à installer les logiciels pour faire de notre tablette un serveur. Pour que les choses soient claires : nous allons installer des logiciels faits pour fonctionner en arrière-plan, | ||
+ | |||
+ | ===== 7 ===== | ||
+ | |||
+ | **Perhaps a first step could be to install an SSH server, to enable us to SSH in from another computer. Actually, this is not necessary since the openssh-server package is already installed in Touch. However, for some reason it is not started automatically on boot. A quick fix is to edit the / | ||
+ | |||
+ | service ssh start | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | Meanwhile, the SSH service can be started manually at any time using the service command: | ||
+ | |||
+ | service ssh restart | ||
+ | |||
+ | When SSH-ing in from another computer, please remember the default user is “phablet”, | ||
+ | |||
+ | ssh phablet@192.168.0.117 | ||
+ | |||
+ | Root entry through SSH and password-less access can be configured in the usual way.** | ||
+ | |||
+ | Comme première étape, on pourrait installer un serveur SSH, pour nous permettre d' | ||
+ | |||
+ | service ssh start | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | Entretemps, le service SSH peut-être lancé manuellement n' | ||
+ | |||
+ | service ssh restart | ||
+ | |||
+ | Quand vous accédez à la tablette via SSH à partir d'un autre ordinateur, vous devez vous rappeler que l' | ||
+ | |||
+ | ssh phablet@192.168.0.117 | ||
+ | |||
+ | L' | ||
+ | |||
+ | |||
+ | |||
+ | ===== 8 ===== | ||
+ | |||
+ | **Since SSH has support for file copying, the scp and rsync commands will work to transfer files to and from the tablet. SFTP will also work, enabling most desktop managers to mount the device’s filesystem over the network. | ||
+ | |||
+ | A second service that may be of use is a web-server. Apache is a likely candidate: | ||
+ | |||
+ | # apt-get install apache2 | ||
+ | |||
+ | Once working, we could investigate options such as using Apache for webDAV. This would mean that once up, any other devices (or computers) on the same network could access files on the device, and if using webDAV-enabled software (such as Cadaver) could upload files to the device. Some calendar systems like to use webDAV to synchronize items. | ||
+ | |||
+ | Windows file-sharing is easily enabled. Just install Samba, and the configuration file / | ||
+ | |||
+ | # apt-get install samba | ||
+ | |||
+ | # vi / | ||
+ | |||
+ | # smbpasswd -a phablet | ||
+ | |||
+ | # service smbd restart** | ||
+ | |||
+ | Puisque SSH prend en charge la copie de fichiers, les commandes scp et rsync fonctionneront pour transférer des fichiers vers, et à partir de, la tablette. SFTP fonctionnera également, ce qui permettra à la plupart des gestionnaires de bureau de monter le système de fichiers du dispositif à partir du réseau. | ||
+ | |||
+ | Un deuxième service qui peut être utile est un serveur Web. Apache est un candidat probable : | ||
+ | |||
+ | # apt-get install apache2 | ||
+ | |||
+ | Une fois que tout cela fonctionnera, | ||
+ | |||
+ | Le partage des fichiers avec Windows est facile à activer. Il suffit d' | ||
+ | |||
+ | # apt-get install samba | ||
+ | |||
+ | # vi / | ||
+ | |||
+ | # smbpasswd -a phablet | ||
+ | |||
+ | # service smbd restart | ||
+ | |||
+ | |||
+ | |||
+ | ===== 9 ===== | ||
+ | |||
+ | **From another computer, we can now navigate through the network and log into our device. Try connecting to address < | ||
+ | |||
+ | For extra Geek points, install a git repository and use it to work collaboratively on a project with other people. Doing a commit to your phone is probably not within the bound of normal users’ experience. | ||
+ | |||
+ | Finally, an easy - and elegant - way of sharing the music and/or videos from your device to the local network is using a Universal Plug-’n-Play software tool to export your media library. Unfortunately, | ||
+ | |||
+ | # apt-get install sqlite minidlna | ||
+ | |||
+ | ** | ||
+ | |||
+ | À partir d'un autre ordinateur, nous pouvons maintenant parcourir le réseau et nous connecter à notre dispositif. Essayez de vous connecter à < | ||
+ | |||
+ | Pour des points Geek supplémentaires, | ||
+ | |||
+ | Enfin, une façon simple - et élégante - de partager de la musique et/ou des vidéos de votre dispositif vers le réseau local est d' | ||
+ | |||
+ | |||
+ | # apt-get install sqlite minidlna | ||
+ | |||
+ | ===== 10 ===== | ||
+ | |||
+ | **Then, edit files / | ||
+ | |||
+ | media_dir=A,/ | ||
+ | |||
+ | media_dir=V,/ | ||
+ | |||
+ | and | ||
+ | |||
+ | network_interface=wlan0 | ||
+ | |||
+ | Reboot the server: | ||
+ | |||
+ | # service minidlna restart | ||
+ | |||
+ | If there are any problems, you may find some indications on what is happening in the log files: | ||
+ | |||
+ | # tail / | ||
+ | |||
+ | From any other computer or tablet on the same network, the tablet’s contents should now be available. For example, on VLC: | ||
+ | |||
+ | ** | ||
+ | |||
+ | Puis, éditer les fichiers / | ||
+ | |||
+ | media_dir=A,/ | ||
+ | |||
+ | media_dir=V,/ | ||
+ | |||
+ | et | ||
+ | |||
+ | network_interface=wlan0 | ||
+ | |||
+ | Redémarrez le serveur : | ||
+ | |||
+ | # service minidlna restart | ||
+ | |||
+ | En cas de problème, vous pourriez sans doute trouver des indications de ce qui se passe dans les fichiers log (journaux) : | ||
+ | |||
+ | # tail / | ||
+ | |||
+ | Le contenu de la tablette devrait maintenant être disponible à partir de tout autre ordinateur ou tablette sur le même réseau. Par exemple, sur VLC : | ||
+ | |||
+ | |||
+ | ===== 11 ===== | ||
+ | |||
+ | **SOME FINAL WORDS | ||
+ | |||
+ | Just to conclude, it may be well to consider some security aspects. Configuring a server securely is supposed to be a complex endeavour - and it actually is. The techniques shown above are in essence opening up doors to the world, such that those outside could conceivable use to get in. If you store sensitive information on the device, this could eventually be compromised. | ||
+ | |||
+ | So it is perhaps best to consider using a mix of security techniques such as strong passwords and encrypted protocols (HTTPs) where available. It is also good practice not to leave less secure services such as Samba (Windows file sharing) and UPnP open on networks you do not fully control. If you do wish to use them, then perhaps it would be best to make sure these servers are not broadcasting on a public network. Some possibilities are to tie them to a particular IP address - one that the device uses on your home network, but not on others -, or simply to have these services off by default and turn them on only when required. | ||
+ | |||
+ | With this in mind, there is no lack of interesting projects that can be investigated with an Ubuntu Touch device. Basically, if a Raspberry Pi can handle it, chances are the ‘phone in your pocket can also do so. In any case, it is nice to know that such possibilities are now available to make your device a little more than just a window for browsing the Internet.** | ||
+ | |||
+ | Pour conclure | ||
+ | |||
+ | Enfin, il serait souhaitable de s' | ||
+ | |||
+ | Ainsi, vaut peut-être mieux envisager d' | ||
+ | |||
+ | Tout en gardant la sécurité à l' |
issue106/tutoriel2.1456671790.txt.gz · Dernière modification : 2016/02/28 16:03 de auntiee