Nowadays many SOHO routers are quite powerful devices. Probably, not as powerful in some aspects as latest Raspberry Pi but powerful enough to run several additional services besides basic routing functionality. In fact, many routers provide Samba and other file servers for years. Some powerful models contain even BitTorrent clients, DLNA servers, VPN clients and servers in the stock firmware.
On the other side, router vendors firmware is rarely ready for extension. Some vendors even lock their firmware so enthusiasts need to hack it first if they want to add anything to their devices. Luckily, there are many vendors which do provide telnet or ssh access to the device console.
Still, even if one gets to the console, those devices don’t contain any development tools and there are no vendor repositories for third party software. So enthusiasts need to create their own repositories. One of well known examples is Entware which can be used on many device brands, models and flavours.
It worth noting that router firmwares are usually quite different from a typical
multipurpose Linux distribution. As a result, Entware adopts the practice of
installing everything under /opt filesystem hierarchy. Installing software
under a prefix like /usr/local is not something unknown in a *NIX world,
however, the weird thing is that Entware can’t rely on “host” layout and
libraries at all, so it needs even its own /opt/etc and its own C library, as
host can use anything of uClibc, musl or glibc.
Does it remind you of anything? When one wants to run applications independently of the host system, they could run them in a virtual machine. Or in the modern Linux world, in a container.
Well, I’m not crazy enough to run Docker on a router (yet). But what about chroot? Some linux distributions have support for running in chroot. The distribution used for lightweight containers most often, Alpine, also has instructions how to setup a chroot.
My router runs a so called Asuswrt-merlin firmware. I already have an attached USB drive formatted to ext4 and Entware installed on it.
Probably, it should be possible to follow instructions from the Alpine wiki step by step without installed Entware. However, someone already scripted that. Unfortunately, the script uses some utilities not provided by the limited router firmware so I need Entware.
I’ve made a couple of modifications so I don’t need additional configuration of the script for my router, they are in in the aarch64 branch of my fork. See the README there for more details.
Disclaimer: I’m writing these instructions from memory. I did this a couple of times but something can be missing. I’ll fix that when I’ll use my own recipe next time.
So, first I need to install some Entware packages for that script to work:
opkg install coreutils-id coreutils-mktemp bash coreutils-sha256sum
You may probably need to install curl also because router wget may lack
HTTPS support.
Download the script with wget or curl.
wget https://github.com/pelepelin/alpine-chroot-install/raw/aarch64/alpine-chroot-install
chmod +x alpine-chroot-install
Find the path for the installation. In the example below the storage is mounted
as /mnt/disk so the command will install Alpine under /mnt/disk/alpine which
should not exist before installation.
./alpine-chroot-install -d /mnt/disk/alpine
It should download and install a minimal alpine environment. I can chroot into it with an installed script:
/mnt/disk/alpine/enter-chroot
Exit chroot by exiting the shell.
Now I have a way to enter the chroot environment, play with Alpine packages there and do all the things.
Unfortunately, once the router is rebooted, mount points created by install
script will disappear. So I need to put their creation into the enter-chroot
script (and ultimately, fix it in the install script). Unmount script (called
destroy) is not yet robust too.
Chroot environment provides only limited isolation. First problem I’ve found is
that ID mappings used by the router in its /etc/passwd and /etc/group don’t
match Alpine base ID mappings. I had to find some compromise. In theory, it
should be possible to use cgroups for ID mapping and probably more isolation,
up to the level which is provided by Linux containers but I’m not sure if I
really need it. Anyway, Entware provides unshare utility to play with that.
On the other side, it would be good to make installation script independent of Entware utilities.
If I want any Alpine service to auto-run when the router boots up, I need to
hook it into router scripts. AsusWRT-Merlin firmware provides a lot of hooks for
that. At least, I’ll use
post-mount,
unmount
and
services-stop.
For starting and stopping services Alpine uses OpenRC init system. OpenRC provides some support for chroot environment but that requires additional configuration.
]]>RDP client collects input for a certain time before sending it to the RDP server. The interval can be decreased by setting a Windows registry key to smaller values than the default of 100. The unit for its values is milliseconds.
100ms is a pretty noticeable delay.
]]>The key does not exist initially and must be of type DWORD. Depending whether the setting should be changed for an individual user or for the system, set either of the following.
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Min Send IntervalHKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client\Min Send Interval
sudoers syntax is not at all intuitive, so every time I need to google for the same lines to be added.
sudo visudo.%sudo line to be:
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
Update: In Ubuntu 20.04, installer created a file in /etc/sudoers.d/ which overrode the setting in sudoers. I removed it.
That’s how my software development always goes. No matter if it’s a job task or my own wish, before I can achieve what was an initial goal, before I can finish the task, I need to learn and finish a thousand of other things.
Like now. I want to make this blog alive but apart of intial easy setup (thanks to the man whose setup I cloned) it involves perpetual unintended nested learning. Look, I want to make the blog bilingual but the initial template is not suited. So I need to experiment with other templates, but it requires local Jekyll environment. Which I don’t want to set up on my Windows laptop, so I need a good virtualized environment. Also, I’m a bit tired by small annoyances while developing Node.JS applications on Windows, so I’d move all development into this environment and so a seemingly easy short path of using Docker for Windows is less attractive. I’d try WSL2 but it’s not in a Windows public release build yet and I failed to join the Windows Insider Program (maybe it’s for better). So I stick to VirtualBox. Unfortunately, heavy applications in VirtualBox lose up to 30% of performance. Also, on my job workplace I still use some Windows applications during the day. So this time I’ve learned that there are interesting alternatives to using a Linux desktop inside of a VirtualBox window. Namely, VcXsrv and Xpra look promising enough for seamless integration of Linux and Windows desktops. VcXsrv is good enough but Xpra is especially interesting as it promises that Linux sessions can survive Windows host reboots the same way as if I use VirtualBox UI. Unfortunately, setup is not that seamless and there are some bugs I’m trying to resolve. So that all becomes really long.
]]>One of those memos is: how to run a command as Administrator. Here it is: Windows+R, type a command, Ctrl+Shift+Enter.
How could I guess this Ctrl+Shift+?
While I’m going to create some demos to showcase my skills later, this is the first step.
I think, having a Jekyll-based blog on GitHub is one of the most geeky ways to create a site for a developer. However, I was lazy enough to set up Ruby locally. It appeared there is a template site called Jekyll Now which allows to setup a Jekyll site on GitHub without a local development copy.
]]>