add new notes
This commit is contained in:
parent
78887ab15e
commit
6eb86ef064
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
title: Arch Linux Secure Boot
|
||||||
|
tags:
|
||||||
|
- Linux
|
||||||
|
---
|
||||||
|
I needed to enable Secure Boot so that I could play League of Legends with Riot's Vanguard Anti Cheat. It seemed complex at first but was actually easier than I expected. The Arch Wiki is both helpful and confusing here, it provides a bunch of different ways to do this, but doesn't always do a great job of differentiating them as logically separate processes.
|
||||||
|
|
||||||
|
My basic understanding of Secure Boot is that when your computer first loads up, it loads the motherboard firmware, which then boots a bootloader. I remember from my OS classes that historically, the bootloader is 512 bytes, specifically the first 512 bytes on the boot disk. The bootloader can be anything, the computer will just run it because of its location in storage, which means malicious actors could run any arbitrary code there and compromise the system. Secure boot mitigates this by only allowing cryptographically signed bootloaders to run. The process outlined here is to sign our bootloaders so that Secure Boot will allow them to run. We are doing this by using our own keys (see [Assisted process with sbctl](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Assisted_process_with_sbctl)), rather than using a pre-signed boot loader. Note that "firmware" here refers to the motherboard firmware, commonly referred to as "the BIOS"
|
||||||
|
|
||||||
|
0. Reboot into firmware and set secure boot mode to Setup mode. What this really means is clearing any keys that currently exist.
|
||||||
|
1. Install `sbctl` and run `sbtcl status` to verify Setup mode is enabled
|
||||||
|
2. Create custom keys `sbctl create-keys`
|
||||||
|
3. Enroll your keys `sbctl enroll-keys -m`. the `-m` means to enroll Microsoft's keys as well. You almost always want this, even if you're not dual-booting with Windows because some firmware is still signed with Microsoft's keys
|
||||||
|
4. Check boot files that need signing `sbctl verify`
|
||||||
|
5. Sign the files `sbctl sign -s /boot/vmlinuz-linux`
|
||||||
|
1. If you have a lot of files, the command given in the wiki works great `sbctl verify | sed 's/✗ /sbctl sign -s /e'`, this assumes that every file listed in `sbctl verify` starts with `/boot`
|
||||||
|
6. Make sure all files are signed `sbctl verify`
|
||||||
|
7. Reboot into firmware and turn on Secure Boot
|
||||||
|
1. In my Asus ROG motherboard's firmware, the setting is in Boot -> Secure Boot and the options are "Windows UEFI" or "Other OS" which are unclear. Windows UEFI turns Secure Boot on.
|
||||||
|
8. Reboot again and run `sbctl status` to verify Secure Boot is on
|
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
title: Example Systemd Service
|
||||||
|
slug: systemd-example
|
||||||
|
tags:
|
||||||
|
- Linux
|
||||||
|
---
|
||||||
|
|
||||||
|
System units go in `/etc/systemd/system`
|
||||||
|
User units go in `$HOME/.config/systemd/user`
|
||||||
|
|
||||||
|
```
|
||||||
|
[Unit]
|
||||||
|
Description=Webring test service
|
||||||
|
After=network.target
|
||||||
|
StartLimitIntervalSec=0
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
RestartSec=1
|
||||||
|
WorkingDir=/code/webring
|
||||||
|
ExecStart=/code/webring/webring --dsn /code/webring/webring.db --addr :8000
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
title: Example .desktop File
|
||||||
|
slug: desktop-file-example
|
||||||
|
tags:
|
||||||
|
- Linux
|
||||||
|
---
|
||||||
|
Example
|
||||||
|
|
||||||
|
```
|
||||||
|
[Desktop Entry]
|
||||||
|
|
||||||
|
# The type as listed above
|
||||||
|
Type=Application
|
||||||
|
|
||||||
|
# The version of the desktop entry specification to which this file complies
|
||||||
|
Version=1.0
|
||||||
|
|
||||||
|
# The name of the application
|
||||||
|
Name=jMemorize
|
||||||
|
|
||||||
|
# A comment which can/will be used as a tooltip
|
||||||
|
Comment=Flash card based learning tool
|
||||||
|
|
||||||
|
# The path to the folder in which the executable is run
|
||||||
|
Path=/opt/jmemorise
|
||||||
|
|
||||||
|
# The executable of the application, possibly with arguments.
|
||||||
|
Exec=jmemorize
|
||||||
|
|
||||||
|
# The name of the icon that will be used to display this entry
|
||||||
|
Icon=jmemorize
|
||||||
|
|
||||||
|
# Describes whether this application needs to be run in a terminal or not
|
||||||
|
Terminal=false
|
||||||
|
|
||||||
|
# Describes the categories in which this entry should be shown
|
||||||
|
Categories=Education;Languages;Java;
|
||||||
|
```
|
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
title: Retrieving status.cafe Updates During Hugo Builds
|
||||||
|
slug: hugo-build-status-cafe
|
||||||
|
tags:
|
||||||
|
- Hugo
|
||||||
|
- Web Development
|
||||||
|
---
|
||||||
|
|
||||||
|
status.cafe provides you with a JavaScript snippet to include your status on your site. I don't update my status super often, so I don't need to be hitting m15o's servers on every page load. To get around this, I wanted to see if I could update my status as a build step in Hugo.
|
||||||
|
|
||||||
|
This is the script status.cafe provides:
|
||||||
|
```js
|
||||||
|
document.writeln('<div id="statuscafe"><div id="statuscafe-username"></div><div id="statuscafe-content"></div></div>');
|
||||||
|
fetch("https://status.cafe/users/yequari/status.json")
|
||||||
|
.then( r => r.json() )
|
||||||
|
.then( r => {
|
||||||
|
if (!r.content.length) {
|
||||||
|
document.getElementById("statuscafe-content").innerHTML = "No status yet."
|
||||||
|
return
|
||||||
|
}
|
||||||
|
document.getElementById("statuscafe-username").innerHTML = '<a href="https://status.cafe/users/yequari" target="_blank">' + r.author + '</a> ' + r.face + ' ' + r.timeAgo
|
||||||
|
document.getElementById("statuscafe-content").innerHTML = r.content
|
||||||
|
})
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
This takes just over a second to fully load. Fetching the above script takes 478ms, then running the script fetches a json file, which takes 680ms. Now this is asynchronous, which means a user is not waiting on this for the rest of the page to load, but it is noticeable that the status pops in later than everything else. The entire page loads in 1.22s
|
||||||
|
|
||||||
|
Here is the same functionality written as a hugo template
|
||||||
|
```go-html-template
|
||||||
|
{{ $data := dict }}
|
||||||
|
{{ $url := "https://status.cafe/users/yequari/status.json" }}
|
||||||
|
{{ with resources.GetRemote $url }}
|
||||||
|
{{ with .Err }}
|
||||||
|
{{ errorf "%s" . }}
|
||||||
|
{{ else }}
|
||||||
|
<div id="statuscafe">
|
||||||
|
{{ $data = .Content | transform.Unmarshal }}
|
||||||
|
{{ $length := len $data.content }}
|
||||||
|
{{ if eq $length 0 }}
|
||||||
|
No status
|
||||||
|
{{ else }}
|
||||||
|
<div id="statuscafe-username">
|
||||||
|
<a href="https://status.cafe/users/yequari" target="_blank">{{ $data.author }}</a> {{ $data.face }} {{ $data.timeAgo }}
|
||||||
|
</div>
|
||||||
|
<div id="statuscafe-content">
|
||||||
|
{{ $data.content }}
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{ else }}
|
||||||
|
{{ errorf "Unable to get remote resource %q" $url }}
|
||||||
|
{{ end }}
|
||||||
|
```
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
title: Vim Tips
|
||||||
|
slug: vim-tips
|
||||||
|
tags:
|
||||||
|
- Linux
|
||||||
|
---
|
||||||
|
## General Tips
|
||||||
|
- `vim -p file1 file2` to open multiple files as tabs
|
||||||
|
- `:qa` to quit out of all open buffers
|
||||||
|
- `:Ex` to return to netrw (file explorer)
|
||||||
|
## Terminals
|
||||||
|
- `:term` to open a terminal in current window
|
||||||
|
- Use `i` to enter insert mode and type into the shell
|
||||||
|
- `<C-\><C-n>` to return to normal mode to allow scrolling or switching windows
|
||||||
|
- I've remapped this to `<C-space>`
|
||||||
|
## Windows
|
||||||
|
- `<C-w>` prefixes all window commands
|
||||||
|
- `<C-w>` + `h,j,k,l` to focus window to left, bottom, up, right, respectively
|
||||||
|
- `<C-w>s` to split current window horizontally, equivalent to `:split`
|
||||||
|
- `<C-w>v` to split current window vertically, equivalent to `:vs`
|
||||||
|
## Registers
|
||||||
|
- `"c` before a command, where `c` is the register to store the text
|
||||||
|
- Use capital letter to append to the register, e.g. `"C`
|
||||||
|
## Macros
|
||||||
|
- Press `qc` to start recording, where `c` is the register to store the macro
|
||||||
|
- Stop recording with `q`
|
||||||
|
- Replay the macro with `@c`
|
|
@ -1,8 +1,9 @@
|
||||||
---
|
---
|
||||||
title: Dockerized ZNC
|
title: Dockerized ZNC
|
||||||
date: "2022-11-07T14:18:30-07:00"
|
date: "2022-11-07T14:18:30-07:00"
|
||||||
categories:
|
tags:
|
||||||
- tech
|
- Linux
|
||||||
|
- Self-Hosting
|
||||||
---
|
---
|
||||||
|
|
||||||
# Setting Up ZNC with Docker
|
# Setting Up ZNC with Docker
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
---
|
||||||
title: League on Linux
|
title: League on Linux
|
||||||
date: "2022-11-06T14:18:30-07:00"
|
date: "2022-11-06T14:18:30-07:00"
|
||||||
categories:
|
tags:
|
||||||
- tech
|
- Linux
|
||||||
- gaming
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# League of Legends on Linux
|
# League of Legends on Linux
|
||||||
|
|
Loading…
Reference in New Issue