Thursday, 13 December 2018

CS:GO on Linux not starting

Valve, for a company that supposedly loves Linux your support is terrible. I got pointed to a community forum for support when logging this with them. To top it off I paid for it a week before they made it free. Grr..

So I could get CS:GO to launch sometimes so it did work but rarely.

After some pretty extreme testing it seems you need to slow it down when launching.

I found sometime just alt tabbing repeatedly was enough but that was hard to replicate.

Ready for the most stupid work around ever?

Are you sitting down for this one?

I run Gentoo Linux so everything is compiled from scratch. You can see where this is going..

I start compiling something.  Mesa is my usual goto.  Once this is compiling it slows down the launch of CSGO enough that it works.

This is just insane. I tried changing versions of libraries, dependencies etc but none of this mattered just making the system loaded while launching works.


Edit:  turns out you can avoid all this by adding the -nojoy option in the command line options.

Sunday, 26 August 2018

Postfix with ECDSA certificate not connecting

I was playing with this a while back and it didn't work and got forgotten about but this time I dug into it further.

There are lots of guides for setting this up such as

https://zhadum.org.uk/2015/07/25/ssl-certificate-agility-with-postfix/

but this did not work for me.  Using

openssl s_client -cipher ECDHE-ECDSA-AES128-SHA -connect localhost:25 -starttls smtp

CONNECTED(00000003)
1995830688:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent

failed and said it had no presented no cert.

After looking at my cert file I noticed:

 openssl x509 -text -noout
-----BEGIN CERTIFICATE-----
MIID9zCCA5ygAwIBAgIQJDK88IzKKF3Cva9HhMswejAKBggqhkjOPQQDAjCBkDEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMT

...

        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub: 
                    04:24:64:3c:45:da:96:fe:eb:cd:0b:4c:9b:da:4f:
                    db:dd:0d:fa:e9:14:54:67:96:3e:81:3f:55:b8:1d:
                    36:0a:db:c7:a8:be:32:a2:5d:59:4c:dd:c6:11:78:
                    a4:cd:6b:12:c4:0d:76:af:6e:ef:8e:b5:78:4a:ae:
                    94:5a:90:ac:21:04:6a:f1:f2:6e:2e:8d:87:d8:46:
                    a3:54:f3:7e:f0:08:8e:81:3b:1c:0a:1d:ff:b8:a7:
                    fd:db:91:3a:b6:0b:48
                ASN1 OID: secp384r1
                NIST CURVE: P-384



from the postfix page

    smtpd_tls_eecdh_grade = strong | ultra
    # Underlying curves, best not changed:
    # tls_eecdh_strong_curve = prime256v1
    # tls_eecdh_ultra_curve = secp384r1

In my version 3.1 it defaults to strong

postconf -d | grep smtpd_tls_eecdh_grade
smtpd_tls_eecdh_grade = strong

but needs to be set to ultra to support sec384r1 which the cert was issued with. So adding the line

smtpd_tls_eecdh_grade = ultra

to main.cf made the cert work.

None of the other articles I have seen mention this so maybe it's not that common.


Saturday, 17 March 2018

Switch your Raspberry Pi 3 to use a hard drive

I have a Pi 3 that is a DNS, web, email etc server and it's gone through a few SD cards and gets bogged down in high wait % in top sometimes.  It has a USB drive for storage for Storj etc and I was reading how you can boot a Pi 3 with a hard drive to speed things up and hopefully be a bit more reliable than the SD cards have been.

So I found this article

https://thepi.io/how-to-boot-your-raspberry-pi-from-a-usb-mass-storage-device/

Now a bunch of gotchas came up.

Firstly the boot USB option is a OTP setting.  This means once it's set, it for good on your device. Read up on this before doing it!

https://github.com/raspberrypi/documentation/blob/master/hardware/raspberrypi/bootmodes/bootflow.md

 I had a spare drive so I restored a Jessie image to the drive and plugged it in after  setting the option

program_usb_boot_mode=1

and it seem to boot (it's headless) but the drive was accessing, the network was flashing etc. Seems pretty easy.

Ok lets try and migrate the current SD card and drive to a new drive.

So some points to note here.  I tried the SDCard again to get DNS etc back up while I moved data around and it would not boot. Seems you need to remove the line we added earlier

program_usb_boot_mode=1

from /boot/config.txt or the SD card won't boot again. That's a bit annoying.

So I imaged the SDCard and restored this to the drive and tried to boot this and it started but then did not complete booting. OK silly move, need to modify the /etc/fstab on the root partition and the /boot/cmdline to say sda rather than the mmc device that is the SDCard.

Once that was done it booted OK.  We're getting there. Tried to use raspi-config to exapnd the root partition but that doesn't know what the drive is and only works on SDCards.  Doh. Back to the PC and expand with GParted and finish copying the data over and we're in business.

So in short to move you RaPi3 to a harddrive:

Image your SDCard and restore this to the new harddrive. 
Expand the harddrive root partiion with GParted or similar.
Modify the /etc/fstab and /boot/cmdline on the new drive to use sda rather than the mmc device ( I had 3 entries)
On the PI, set the "program_usb_boot_mode=1" option in /boot/config.txt and reboot.
Shut the Pi down and remove the SDCard and plug in the USB drive and it should boot.

Hope that saves some frustration :-)

Gentoo grub-probe not working

 I have a bunch of history commands I run when I d a new kernel etc and one stopped working. grub-mkconfig would fail with grub-probe for /....