Browse Source

renaming blog posts along jekyl lines and adding more

Dan Ballard 7 years ago
  1. 203
  2. 12
  3. 29
  4. 5
  5. 5
  6. 5
  7. 16


@ -0,0 +1,203 @@
#'s Guide to Setting up a Git Server #
*Last Updated 2009 07*
I've found documentation on the setup of git servers and public repositories kind of lacking, so here is my best attempt at documenting what works for me. Feel free to comment with bugs or enhancements please.
1. [Setting Up A Local Repository](#git.1)
1. [From Scratch](#git.1.1)
2. [From An Existing Project](#git.1.2)
2. [Setting Up A Remote Repository](#git.2)
1. [Remote Repository For Developer Only (ssh)](#git.2.1)
2. [Remote Repository For Public Access (git://)](#git.2.2)
3. [Shared Multi-Developer Public Repository](#git.2.3)
3. [Managing Multiple Developers, Repositories and Branches](#git.3)
4. [Comments](#comments)
<a name="git.1" ></a>
## 1. Setting Up A Local Repository ##
Alice is going to start developing a project and she wants to add source control to it. There are a couple of reasons to set up a local repository that Alice likes including branch control, so that she can revert her code to previous releases, fix, patch or merge a bug fix, roll a release, and then pop back to the current development branch.
<a name="git.1.1" ></a>
### 1.1 From Scratch ###
To set up a git repository for her project, Alice does the following:
alice@home $ mkdir proj
alice@home $ cd proj
alice@home $ git init
The project directory is now an empty git repository. As she creates files, she can add them to the respository with
alice@home $ git add newfile.src
And when she's done work or at least reached some break point, she can commit the new files, and all changes with
alice@home $ git commit -a
<a name="git.1.2" ></a>
### 1.2 From An Existing Project ###
Also, occasionally Alice gets excited and starts coding before creating a repository. To create a repository from an already started project is as simple as
alice@home $ cd ~/proj
alice@home $ git init
and either
alice@home $ git add .
to add all the files, or
alice@home $ git add file1 file2 file3
to add just some of the files, both followed by
alice@home $ git commit -a
for the initial commit of the code to the new repository.
<a name="git.2"></a>
## 2. Setting Up A Remote Repository ##
Some times Alice needs her repositories to be remote and internet accessible. Sometimes she needs to work on them from several locations, and sometimes she wants her project's code to always be accessible to the public.
There are two primary methods for making remote git repositories accessible online. The first method is over ssh, which developers can use to both read and write to the repository and the second is through a dedicated git server which the public can use for read only access.
<a name="git.2.1"></a>
### 2.1 Remote Repository For Developer Only (ssh) ###
If Alice's project is personal and she just needs a central repository to access from a few locations like both work and home, she can set up a repository on any unix machine she has access to as follows.
Alice needs to create a bare repository clone of her working code and then transfer it to the server she will be using as the repository host
alice@home $ git clone --bare ~/proj proj.git
alice@home $ tar -czf proj.git.tar.gz proj.git
alice@home $ scp proj.git.tar.gz
Then, on the server
alice@server $ tar -xzf proj.git.tar.gz
alice@server $ mv proj.git proj
Now Alice can create working copies of the repository from anywhere, like work, and work on the code as normal as follows
alice@work $ git clone ssh://
alice@work $ cd proj
alice@work $ commit -a
However all this does is create a local clone of the repository and commit the changes to the new local clone. To push changes to the local repository back to the central repository, Alice does
alice@work $ git push
(As a note, Alice will also need to perform this clone of the remote repository at home so that her repository is aware of the remote repository, or she can use 'git remote add' to make her current original repository aware of the remote one)
When Alice gets home she can check out the latest changes with a simple
alice@home $ git pull
which pulls all the latest changes from the remote repository. Then she can develop, commit and push her changes and then the next day at work she can pull all those changes.
<a name="git.2.2"></a>
### 2.2 Remote Repository For Public Access (git://) ###
Now, to allow public read only access of the repository over the git:// protocol the steps of setting up a remote repository are all the same, however there are additional steps that need to be taken.
At a minimum, Alice needs to setup the git daemon on the server and tell each git repository that she wants to be publically accessible that it is so.
Setting up the a basic git daemon is up to Alice and her server's distribution, but once it is installed and running, it will try to export any directory on the server filesystem that is a) a git repository, and is b) flagged to be publically accessible.
To make her repositories accessible, Alice does the following
alice@server $ touch ~/proj/git-daemon-export-ok
Now when Bob hears about Alice's project, he can check out a copy of the repository himself as follows
bob@home $ git clone git://
Bob actually ends up with the a full clone of the repository and can work with the code, and if he wants he can make changes and commit them to his local clone of the repository as normal. However, the one thing Bob cannot do is 'push' his changes back to the central repository.
He can, however, even stay up to date with the repository with git pull
bob@home $ git pull
and he'll always get the latest changes.
<a name="git.2.3"></a>
### 2.3 Shared Multi-Developer Public Repository ###
*(Note: This is for those more used to CVS and Subversion style source control. Defacto and "proper" git style is outlined in section [3. Managing Multiple Developers, Repositories and Branches](#git.3).)*
Alice happens to have root access to her server and wants to set up a multiple developer git repository.
First she creates a git user group and makes a root git directory.
root@server # groupadd git
root@server # mkdir /git
Then Alice configures the git daemon to only export repositories in /git in the git-daemon's config file
GITDAEMON_OPTS="--syslog --verbose /git"
Now Alice creates a shared repository. She untars the git repository like normal, but sets its group to git and makes sure it'll stick by setting the stick bit, and then she makes it "shared" which means all the files are writeable by the group git.
root@server # cd /git
root@server # tar -xzf proj.git.tar.gz
root@server # mv proj.git proj
root@server # chgrp -R git proj
root@server # chmod g+ws proj -R
root@server # cd proj
root@server # git config core.sharedRepository true
And of course if Alice wants it to be publically viewable
root@server # touch git-daemon-export-ok
Now Alice has a git repository that several developers on the server can all use. Anyone in the git group can commit to the repository.
Alice's friend Charlie wants to develop for the project so Alice gives him an account on the server. Charlie can then start developing just like normal
charlie@home $ git clone ssh://
charlie@home $ cd proj
charlie@home $ git commit -a
charlie@home $ git push
Alice can get these changes at home, and any she's made from work with a simple
alice@home $ git pull
And if the repository was made public and exportable then Bob can checkout the code and keep up to date too
bob@home $ git clone git://
bob@home $ cd proj
bob@home $ git pull
<a name="git.3"></a>
## 3. Managing Multiple Developers, Repositories and Branches ##
The proper way to use git with multiple developers is for each developer to have their own repository and branches and have a central manager who pulls from all the other branches and merges the code together before release. This is how Linux works (git was created by Linux's creator Linus).
*Note: I know this is the proper way but I haven't really had any experience with it, so until I get time to play with it unfortunately this part of the document will be empty. Check out the official git manual for a good idea of how this should be managed, especially chapter 4 [Sharing Development](*.
<a name="comments"></a>
## Comments ##
**Anon posted on 2010 10**
Section 2.3:
root@server # chmod g+ws proj -R
this makes all files setgid when i think you really only wanted directories to be g+s
root@server # find proj -type f -print0 | xargs -0 chmod g+w
root@server # find proj -type d -print0 | xargs -0 chmod g+ws
is probably better…
<a name="git.ref"></a>
## References ##
* [Git User's Manual (for version 1.5.3 or newer)](
* [Git Ref](
* [Pro Git](
* (appears dead now) [Setting up your Git repositories for open source projects at GitHub](
* [Google](


@ -0,0 +1,12 @@
# Notes on installing Ubuntu on a Lenovo Q190 #
*Aug 25, 2013*
So I like running a full computer on my TV. It's just convenient to be able to easily to Youtube, torrent stuff directly on it, copy files to it over sftp, play any media file I can find, etc etc. Our last "tv box" was a small nettop that was a little under powered: it chocked on high def video files and full screen youtube. So I've been waiting for a replacement that fit the following parameters: cheap (less than $400), small nettop form factor and light on power consumption, and more powerful. The [Lenovo Q190]( hit the mark with dual core and 4gb ram. My only concern was it was a Windows 8 box so it'd be the first time installing Linux on a secure boot machine.
The good news is it went really well. First note, the Windows 8 partition resizer may be the best thing about Windows 8. I remember being stoked when Windows got its own partition resizer back in Vista or Windows 7 days. The only slight con was that it was pretty hungry. If you were using only 20GB on a fresh install, it wouldn't shrink much lower than 60GB... But the new Windows 8 one is hilarious and will let you shrink down to 100% full. Also it's unbelievably fast, like I had to reload it to double check it had actually done the shrink.
After that, rebooted the machine and jammed F1 (ok actually I jammed F1, F2, F8, F9, F10, F11, F12, and ESC) to bring up the "BIOS". There I turned off Secure boot in the security menu, and turned off Quick Boot. Then the USB stick booted Ubuntu fine. The install ran fine too. I did have to go back into the BIOS after to reorder the boot drives. Ubuntu manager to name its partition in a way the BIOS could recognize so I just moved that in priority above Windows 8 and next reboot got Grub!
The device runs fine, all the high def files I could throw at it it ran fine and so far even full screen youtube on higher def seems to be ok.
The box is supposed to have Wifi but that doesn't seem to have been recognized out of the box but that's ok, I can either poke at it or leave it plugged into ethernet, not a deal breaker. It also came with an adorable hand held keyboard/mouse device but it's bluetooth also doesn't seem to be supported. But it fulfils what I need well so I'm pleased and secureboot was less of a pain to work around than I'd worried about, so yeah!


@ -0,0 +1,29 @@
# Getting started with my softkinetic DepthSense 325 #
So a bit ago I bought a DepthSense 325 camera. I've been pretty busy since then but today I finally sat down to get started with it. First thing, it was on my netbook so I had to resetup the software stack and SDK. The SDK is free from softkinetic and works on Linux (which is awesome, and also a big reason I bought this camera) but I think it's more aimed at Ubuntu 12.04 so there was one or two extra steps to make it go on 13.10.
First, regardless of Ubuntu version, you need to add the DepthSense libraries to the LD_LOAD_PATH and the now recommended way is adding a file to /etc/ like this
Then run `sudo ldconfig` to regenerate the cache or what ever. Now you can link agianst the libraries.
Next, at least for Ubuntu 13.10, you need to fake having Thankfully worked fine so run
sudo ln -s /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/
At this point DepthSenseViewer that comes with the SDK should work and you are good to go.
So today's mission after getting set up was to get some code pulling form the camera and displaying using opencv (because I ultimately want to feed it through [ROS]( filters and as was suggested on a [forum post](, the best way to hook the DS325 into ROS was through openCV and then the ros opencv bridge). Thankfully I found what I needed on the softkinetic forum in [Example Linux/OpenCV Code to display/store DS325 data]( The first code needed some slight fixes as detailed in the second (but slightly corrupted formatted) post. With a little poking and proding I had it compiling and working.
g++ ds_show.cxx -I /opt/softkinetic/DepthSenseSDK/include/ -L /opt/softkinetic/DepthSenseSDK/lib -lDepthSense -lopencv_core -lopencv_highgui
Not actually that much coding today, but a lot of pieces in place.
See ds_show.cxx in [references/ds_show.cxx](references/ds_show.cxx)


@ -0,0 +1,5 @@
# USB passthrough to a VM, via GUI only #
*May 26, 2014*
It sure has gotten easier to add USB devices to VMs with libvirt-manager and it's nice UI


@ -0,0 +1,5 @@
# Link: Linux Encryption in the Cloud using LUKS on Linode #
*Aug 26, 2014*
* [Linux Encryption in the Cloud using LUKS on Linode]( - an excellent guide to setting up a Linode with root disk encryption - 2013
* [Work around for 14.04 ...](


@ -0,0 +1,5 @@
# OpenSSH + 2 and 3 factor auth #
*Aug 30, 2014*
* [How To Protect SSH With Two-Factor Authentication]( Setup google authentication + password login via openssh
* [Three-factor authentication with OpenSSH, Google Authenticator and Password]( Two factor authentication + pubkey authentication for openssh


@ -0,0 +1,16 @@
# StrongSwan VPN (and ufw) #
*Jan 26, 2015*
I make ample use of SSH tunnels. They are easy which is the primary reason. But sometimes you need something a little more powerful, like for a phone so all your traffic can't be snooped out of the air around you, or so that all your traffic not just SOCKS proxy aware apps can be sent over it. For that reason I decided to delve into VPN software over the weekend. After a pretty rushed survey I ended up going with [StrongSwan]( OpenVPN brings back nothing but memories of complexity and OpenSwan seemed a bit abandoned so I had to pick one of its decendands and StrongSwan seemed a bit more popular than LibreSwan. Unscientific and rushed, like I said.
So there are several scripts floating around that will just auto set it up for you, but where's the fun (and understanding allowing tweeking) in that. So I found two guides and smashed them together to give me what I wanted:
[strongSwan 5: How to create your own private VPN]( [[local ref](references/strongswan/] is the much more comprehensive one, but also set up a cert style login system. I wanted passwords initially.
[strongSwan 5 based IPSec VPN, Ubuntu 14.04 LTS and PSK/XAUTH]([[local ref](references/strongswan/] has a few more details on a password based setup
Additional notes: I pretty much ended up doing the first one stright through except creating client certs. Also the XAUTH / IKE1 setup of the password tutorial seems incompatible with the Android StrongSwan client, so I used EAP / IKE2, pretty much straight out of the first one. Also seems like you still need to install the CA cert and vpnHost cert on the phone unless I was missing something.
Also, as an aside, and a curve ball to make things more dificult, this was done one a new server I am playing with. Even since I'd played with OpenBSD's pf, I've been ruined for iptables. It's just not as nice. So I'd been hearing about ufw from the Ubuntu community from a while and was curious if it was nicer and better. I figured after several years maybe it was mature enough to use on a server. I think maybe I misunderstood its point. Uncomplicated maybe meant not-featureful. Sure for unblocking ports for an app it's cute and fast, and even for straight unblocking a port its syntax is a bit clearer I guess? But as I delved into it I realized I might have made a mistake. It's built ontop of the same system iptables uses, but created all new tables so iptables isn't really compatible with it. The real problem however is that the ufw command has no way to setup NAT masquerading. None. The interface cannot do that. Whoops. There is a hacky work around I found at [OpenVPN – forward all client traffic through tunnel using UFW]( which involves editing config files in pretty much iptables style code. Not uncomplicated or easier or less messy like I'd been hopnig for.
So a little unimpressed with ufw (but learned a bunch about it so that's good and I guess what I was going for) and had to add "remove ufw and replace with iptables on that server" to my todo list, but after a Sunday's messing around I was able to get my phone to work over the VPN to my server and the internet. So a productive time.