在前面几天终于把 64-bit MongoDB Server 折腾编译好之后,现在就可以在 Raspberry Pi 上部署 Apache 2 + PHP 7 + MongoDB 的环境了~
编译和安装可以参考之前两篇post~在 Raspberry Pi 4 上编译 64-bit 的 MongoDB Server,在 Raspberry Pi 上安装 64-bit MongoDB Server 服务
那么现在就是接着在上次的 chroot 环境里部署 Apache 2 + PHP 7,以及 PHP 的 MongoDB 接口~
Continue reading 在 Raspberry Pi 4 上部署 Apache 2 + PHP 7 + MongoDBWhen I was deploying my Raspberry Pi for my new project, dpkg reported a unrecoverable fatal error while installing dependencies,
dpkg: unrecoverable fatal error, aborting: unknown system group 'ssl-cert' in statoverride file; the system group got removed before the override, which is most probably a packaging bug, to recover you can remove the override manually with dpkg-statoverride E: Sub-process /usr/bin/dpkg returned an error code (2)
So I had a look at the file /var/lib/dpkg/statoverride
Since dpkg said that the system group ssl-cert was already removed, and to recover I need to remove these entries with ssl-cert.
Then it was time for sed, let's remove the lines containing ssl-cert
sed -i '/ssl-cert/d' /var/lib/dpkg/statoverrideContinue reading Solution for "dpkg: unknown user / system group in statoverride file"
啊,算是这个大坑的最后一篇了吧
前一篇是关于编译的,在 Raspberry Pi 4 上安装 64-bit MongoDB Server 服务
那么在编译完之后,就是安装这个服务了~由于编译时绝大部分是静态链接的,因此上一篇编译出来之后,MongoDB Server r4.2.1 的体积在 2.2GB 左右,emmmmm,有点大。。总之,因为几乎都是静态链接,所以可以做个清洁安装~
上次编译了 MongoDB 的 Embedded 版本,不过官方表示那个还只是一个实验中的程序,同时上次编译的还是 32-bit 的 Embedded 版本,因此这次就来编译一个真正可用的 64-bit 的 MongoDB 好了_(:3」∠)_
总的来说倒也没有想象中那么复杂,但是确实有几个可能踩到的的坑
首先我做的就是先让树莓派到 64-bit 环境中,可以参考我的这篇博客,让 Raspberry Pi 4 完全运行在 64-bit 模式下。
确认 schroot 到 64-bit 环境中之后,同样的,通过 apt 安装必要的依赖
sudo apt install -y scons libssl-dev libffi-dev libcurl4-openssl-dev wget gcc g++ vim cmake python3 python3-pip
包括稍后会用到的 Python 的依赖
cat << EOF >~/build-requirements.txt Cheetah3 # src/mongo/base/generate_error_codes.py psutil pymongo >= 3.0, != 3.6.0 # See PYTHON-1434, SERVER-34820 PyYAML >= 3.0.0 regex requests >= 2.0.0 typing >= 3.6.4 EOF sudo pip3 install -r ~/build-requirements.txt
在国内的话,可以指定使用清华大学 TUNA 镜像源
sudo pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple -r ~/build-requirements.txtContinue reading 在 Raspberry Pi 4 上编译 64-bit 的 MongoDB Server
I didn't realize that Raspberry Pi 4 worked in 32-bit mode until I compiled MongoDB Embedded. Though Raspberry Pi 4 comes with a 64-bit CPU, it uses 32-bit kernel by default, let alone these userland programs.
Obviously, the compiled MongoDB Embedded was 32-bit too. But fortunately, it was not what I actually want, and after setup 64-bit environment for Raspberry Pi 4 in this post, I can compile a fully-functional MongoDB.
But wait, there seems to be an easier way to put Raspberry Pi 4 to 64-bit mode -- Install Manjaro. However, I don't quite like Arch.
There are basically three steps to get a Raspberry Pi worked in the 64-bit environment.
于是在我编译完 MongoDB Embedded 之后发现,虽然 Raspberry Pi 4 的 CPU 是 64-bit 的,但是默认使用的还是 32bit 的内核,userland 的程序也都是 32-bit 的。
自然,前一篇编译出来的 MongoDB Embedded 也是
要让 Raspberry Pi 4 完全运行在 64 位模式下的话,有一个似乎简单的方法——安装 Manjaro,但是我不喜欢 Arch。
总体来说分如下几步~
Continue reading 让 Raspberry Pi 4 完全运行在 64-bit 模式下Recently, I'm planning a new tiny project which can run on a Raspberry Pi 4. Well, actually, it can run anywhere, but given that I already bought a Raspberry Pi 4, why not have some fun on that♪(´ε` )
After considerations, a NoSQL database will be used for this project. And I opt for MongoDB. Although there is a MongoDB on Raspbian repo, the version of that is too old -- it's MongoDB 2.4, whereas the newest version is 4.2.1.
Therefore, to ensure that there won't be too many changes because of the updates of MongoDB in the future, let's use the latest version of MongoDB~ And of course, there will be a long time to compile MongoDB on Raspberry Pi. ( ;´Д`)
At the time of writing, the release version of Raspbian on my Raspberry Pi 4 is
$ cat /etc/os-release PRETTY_NAME="Raspbian GNU/Linux 10 (buster)" NAME="Raspbian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=raspbian ID_LIKE=debian HOME_URL="http://www.raspbian.org/" SUPPORT_URL="http://www.raspbian.org/RaspbianForums" BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
To prepare the compile environment is not really time-consuming, but it will take several hours to do the actual compiling. Anyway, you can faff around while compiling. (*^3^)
Continue reading Compile MongoDB Embedded 4.2.1 on Raspberry Pi 4最近想了一个可以跑在树莓派上的新坑,其实也可以跑在别的地方啦,不过既然都买了新的 Raspberry Pi 4 的话,就拿着折腾一下吧(◐‿◑)。
然后这个新坑我计划需要用到 NoSQL 数据库,最后决定选择 MongoDB。 Raspbian 上虽然有自带的 MongoDB,但是已经相当久远了,还停留在 MongoDB 2.4 版本。
emmmmm,为了确保这个项目以后不会经常因为 MongoDB 的版本更新做改动,那就尽量用最新的 MongoDB 版本吧。于是就要在 Raspberry Pi 上开始漫长的编译啦( ;´Д`)
在写这篇 post 时,我的 Raspbian 系统版本如下
$ cat /etc/os-release PRETTY_NAME="Raspbian GNU/Linux 10 (buster)" NAME="Raspbian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=raspbian ID_LIKE=debian HOME_URL="http://www.raspbian.org/" SUPPORT_URL="http://www.raspbian.org/RaspbianForums" BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
前期准备工作的时间并不算长,但是编译的时间大概就得好几个小时了∑(゚Д゚)不过编译的时候正好摸鱼hhhhhhh
简单来说就是以上 4 步啦~
Continue reading 在树莓派 4 上编译安装 MongoDB Embedded 4.2.1Yesterday, a local privilege escalation vulnerability of sudo was reported by a security researcher, Joe Vennix. The proof of concept is simple but the exploitation of that can be powerful.
$ sudo -u#-1 whoami
root
-u#-1 means that, sudo is required to run the command as the user with id equals to -1.
With merely 5 more characters (the highlighted ones) you can do a local privilege escalation for all sudo version prior to 1.8.28. Isn't that amazing (and maybe dangerous as well)? Let's dive into it and see what happens inside. sudo version 1.8.27 will be used for demonstration in this post. (It can be downloaded at https://www.sudo.ws/dist/sudo-1.8.27.tar.gz)
Given that the vulnerability is related to the command line argument, it would be a great idea to the src/parse_args.c file firstly.
The AI Lab of my mentor was running by me for quite some months. And now it's about time to hand over the docs of the internal server to graduates. Though one of which tends to lose internet connection from time to time due to its location. However, I heart that it had been moved back to university in the middle of July.
And originally, I use Microsoft Word to keep all the records and information of almost everything, but it obviously would cause some issues.
For example, one's docs version may vary from another. Yes, I've thought about to use the cloud storage with version control even. The problem is that we cannot afford the expense of cloud drive. And we could not find someone who's willing to take the charge of reimbursement. The bills have already piled up in my mentor's desk.
Besides that, to use file as docs will inevitably introduce the ugly naming, such as docs-20190807, docs-20190607 or whatever. And it would be totally disaster if to use git for version control. Despite of the unreadable commits, the filename needs to be the same, which extremely likely to be ignored to update from the git repo for some people.
Luckily, there's one instance on AliCloud (Although personally I don't really like AliCloud, but that's another story, let's save it for next time). And lots of packages that can generate static HTML from markdown have been developed these years around.
It would be easy for everyone to access docs online and because the markdown file is pure text, we can have a very good and most important, readable track of changes with git.
The final decision is to use VuePress as the static HTML generator. And to ensure a simple installation process, dockerization is the best shot at the moment. Furthermore, basic HTTP auth is needed to keep unwanted visitors out, leaving the docs only accessible to the lab.
For your convenience, this project is located at my GitHub, #/docs. It's fully prepared and dockerized with docker-compose support.
Continue reading 仔细想想还是 Dockerized 吧!