Page 3 of 3

Re: MiSTerArch

Posted: Tue May 03, 2022 9:18 am
by Solskogen
Quick question: Why do you use both tar and gz? I don't see a reason to use tar when it's only one file.
Also, using zstd is a lot quicker, and still compress quite good.

Re: MiSTerArch

Posted: Wed May 04, 2022 3:53 am
by amstan
Solskogen wrote: Tue May 03, 2022 9:18 am Quick question: Why do you use both tar and gz? I don't see a reason to use tar when it's only one file.
Also, using zstd is a lot quicker, and still compress quite good.
For both of those I was thinking about ease of use. What if the user is on an ancient ubuntu machine and needs to google how to unpack things.

Honestly I have no idea how to unpack a bare .gz file offhand (apparently it's `gzip -d` after looking it up, there's no ungzip alias). `tar xf` has been a far more useful thing in my muscle memory. Relevant: https://xkcd.com/1168/

I know zstd is quite sexy due to its size, was tempting, but I know once I move to that there's going to be users with no way to unpack it since it's too new.

I guess based on what I said I should have picked .zip. It's not too late :D

Re: MiSTerArch

Posted: Wed May 04, 2022 6:16 am
by Solskogen
`gunzip`exists :-)

Re: MiSTerArch

Posted: Wed Jun 15, 2022 6:35 pm
by keilmillerjr
I'm pro supporter of mister switching to a Linux distro with a repo. I use arch on my personal PC.

Re: MiSTerArch

Posted: Wed Jun 15, 2022 9:03 pm
by amstan
keilmillerjr wrote: Wed Jun 15, 2022 6:35 pm I'm pro supporter of mister switching to a Linux distro with a repo. I use arch on my personal PC.
Hey, welcome!

Let me know how it goes. Feel free to join us on IRC or Matrix:
Matrix: #MiSTerArch:hypertriangle.com
IRC: irc://irc.libera.chat/MiSTerArch

Re: MiSTerArch

Posted: Sun Aug 14, 2022 11:02 am
by georgemog
I have been using MisterArch for the past couple of weeks and have hit a couple of minor problems. The main one that has bugged me for a while has been that the certificates package was old and as such the certificate had expired or at least after updates to it had replaced the original. This is what I did to resolve it.

To check if you have the problem try to wget an https file - e.g.

wget http://mirror.archlinuxarm.org/armv7h/c ... pkg.tar.xz

If you get the error message "Issued certificate has expired." the you have the problem.

Run the following commands to download and update the certificates package to the latest version.

wget --no-check-certificate http://mirror.archlinuxarm.org/aarch64/ ... pkg.tar.xz
wget --no-check-certificate http://mirror.archlinuxarm.org/aarch64/ ... pkg.tar.xz
pacman -U ca-certificates-20210603-1-any.pkg.tar.xz ca-certificates-utils-20210603-1-any.pkg.tar.xz


This should resolve the problem.

I am enjoying using this distribution on my MiSTer and have compiled various additions to the Kernel. Thank you to those who developed it.

Re: MiSTerArch

Posted: Sun Aug 14, 2022 3:51 pm
by amstan
certificates package was old
If you update regularly you would avoid such issues.

All it takes is `pikaur -Syu` from time to time.

Re: MiSTerArch

Posted: Mon Aug 15, 2022 11:40 am
by georgemog
Did you mean 'pacman -Syu'? as the is no such command pikaur.

Re: MiSTerArch

Posted: Mon Aug 15, 2022 7:30 pm
by amstan
Sure, it depends on how you installed it. pacman is fine too. pikaur is an AUR wrapper I have muscle memory for, it's also included in the full sd card image i provided.

Re: MiSTerArch

Posted: Mon Aug 22, 2022 8:55 pm
by Natrox
It's a cool project, but I think it doesn't add very much to the MiSTer.
Most packages you want for CLI use are there. For anything missing you can use Entware (it works just fine).

I got ZSH set up with "oh-my-zsh" and added a little script to open a screen with a shell via the MiSTer menu itself.
That covers most of what I need for quick Linux work.

The only things I am missing are tools to convert common PSX rips to .chd, although I can compile it myself with Entware and install it to "/opt".

Re: MisterArch

Posted: Tue Aug 23, 2022 12:49 pm
by throAU
amstan wrote: Tue Mar 01, 2022 6:49 am Some notes about the philosophy of this project:

Why do I want full linux? Shouldn't I just get a raspberry pi?
Honestly, I don't like appliances.

Each to their own. I prefer appliances that are easily rebuilt/re-flashed/not special/etc.

If i want to do linux things I have 3 PCs capable of running a heap of VMs and 3 Raspberry Pis here.


My only complaint with the Linux side of mister is the default (mandatory, cant really be changed without breaking scripts? correct me if i'm wrong) root password.

It may not be a high value machine, intended to be secure, etc. but if i do leave it on my network it is a very, very easily obtained foothold if someone was to hack my router (and most consumer routers are garbage) and find/compromise the MiSTer to launch other attacks/reconnaissance from.

Still. Options are good. If people want this, go nuts.

Re: MisterArch

Posted: Wed Aug 24, 2022 3:05 am
by Natrox
throAU wrote: Tue Aug 23, 2022 12:49 pm
amstan wrote: Tue Mar 01, 2022 6:49 am Some notes about the philosophy of this project:

Why do I want full linux? Shouldn't I just get a raspberry pi?
Honestly, I don't like appliances.

Each to their own. I prefer appliances that are easily rebuilt/re-flashed/not special/etc.

If i want to do linux things I have 3 PCs capable of running a heap of VMs and 3 Raspberry Pis here.


My only complaint with the Linux side of mister is the default (mandatory, cant really be changed without breaking scripts? correct me if i'm wrong) root password.

It may not be a high value machine, intended to be secure, etc. but if i do leave it on my network it is a very, very easily obtained foothold if someone was to hack my router (and most consumer routers are garbage) and find/compromise the MiSTer to launch other attacks/reconnaissance from.

Still. Options are good. If people want this, go nuts.
Root password can be changed just fine, the scripts don't need it as they already run as root by default. For security, if your network isn't fenced off, I'd disable root login entirely by creating a new account and using sudo from that. If you want a home folder for this new user, you might need to create it on the SD and bind mount it to /home. Alternatively, disable root password login and use key pairs instead.

Re: MisterArch

Posted: Wed Aug 24, 2022 8:14 am
by throAU
Natrox wrote: Wed Aug 24, 2022 3:05 am
throAU wrote: Tue Aug 23, 2022 12:49 pm
amstan wrote: Tue Mar 01, 2022 6:49 am Some notes about the philosophy of this project:

Why do I want full linux? Shouldn't I just get a raspberry pi?
Honestly, I don't like appliances.

Each to their own. I prefer appliances that are easily rebuilt/re-flashed/not special/etc.

If i want to do linux things I have 3 PCs capable of running a heap of VMs and 3 Raspberry Pis here.


My only complaint with the Linux side of mister is the default (mandatory, cant really be changed without breaking scripts? correct me if i'm wrong) root password.

It may not be a high value machine, intended to be secure, etc. but if i do leave it on my network it is a very, very easily obtained foothold if someone was to hack my router (and most consumer routers are garbage) and find/compromise the MiSTer to launch other attacks/reconnaissance from.

Still. Options are good. If people want this, go nuts.
Root password can be changed just fine, the scripts don't need it as they already run as root by default. For security, if your network isn't fenced off, I'd disable root login entirely by creating a new account and using sudo from that. If you want a home folder for this new user, you might need to create it on the SD and bind mount it to /home. Alternatively, disable root password login and use key pairs instead.
Cheers, in that case i'll just disable password login entirely for root/ssh and make it key based. Thought i remembered reading somewhere that the default password was in some way required or it broke stuff.


Aside, if anyone wants to do this, OpenSSH is built into later builds of windows 10 and windows 11. And of course standard on linux for decades.

The basic process is:
  • fire up a terminal window/command prompt
  • run ssh-keygen.exe
  • Either enter a password to protect the private key (if you worry about it being stolen from your computer, as its effectively the key to what you put the public key)
  • You will then have some files in c:\users\username

Code: Select all

  
 PS C:\Users\jrose> ssh-keygen.exe
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\jrose/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\jrose/.ssh/id_rsa.
Your public key has been saved in C:\Users\jrose/.ssh/id_rsa.pub.
The key fingerprint is:
  
 ---- output omitted --- 
  
 PS C:\Users\jrose> ls
  Directory: C:\Users\jrose\.ssh


Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----        24/08/2022   4:57 PM           2655 id_rsa
-a----        24/08/2022   4:57 PM            571 id_rsa.pub
-a----        23/12/2020  11:01 PM            175 known_hosts
  • id_rsa is your PRIVATE key - keep this safe, this never leaves your machine - its your key to the log-in.
  • id_rsa.pub is your PUBLIC key - if you add this to the "authorized_keys" file (it's just a plain text file) found under /root/.ssh/ you will then be able to use it to log into the MiSTer (or any other linux box you did this to) by running ssh root@mister-IP-or-hostname. This key is not sensitive and does not need to be protected/hidden
If you set a password on your private key you'd need to enter that, if you did not set a password on the private key - no password required.

Why would you do this?

Then you can comment out "PermitPasswordLogin" (i think that's the option) in /etc/ssh/sshd.config on the Mister, and then (after sshd restart or reboot) the only way to log in as root then is either on the mister console or via key-pair, without the private key remote login is no longer possible. i.e., unless someone steals your private key (AND knows the password to it if you password protected it) they can't remote login to the box.

If password login is disabled your machine is effectively immune to brute force password attack - even if the passphrase on your private key is empty.