~fkooman/www.tuxed.net

de22341cf6a4793142073b7e111b18779c12b65a — François Kooman 3 years ago 722a9b6
update posts
3 files changed, 187 insertions(+), 0 deletions(-)

A posts/android_studio_fedora_28.md
A posts/git_server_centos.md
A posts/git_sign.md
A posts/android_studio_fedora_28.md => posts/android_studio_fedora_28.md +24 -0
@@ 0,0 1,24 @@
---
title: Android Studio on Fedora 28
published: 2018-05-13
---

So far, I notices two issues:

1. Using the NDK (r17) does not work because it requires `ncurses-compat-libs`
   installed;
2. The emulator won't run because you have to force it to use "system libs" 
   instead of the libraries bundled with the emulator.

In slightly related news: you can no longer run the NDK (r17) on CentOS 7 
since the requirements for `glibc` were updated. Good stuff...

So to fix the first problem:

    $ sudo dnf -y install ncurses-compat-libs

To fix the second one you can add the following to `$HOME/.bash_profile`:

    export ANDROID_EMULATOR_USE_SYSTEM_LIBS=1

Then make sure this is active by logging out and in.

A posts/git_server_centos.md => posts/git_server_centos.md +144 -0
@@ 0,0 1,144 @@
---
title: Running a Git server on CentOS
published: 2018-05-24
---

This should really be easier. I guess that is why so many software exists to 
make this "work", adding more bloat in the process. So, I spent some time using
only the basic tools to make hosting your own Git repositories work.

All software is available in the default repository or EPEL. Everything should
also work in Fedora.

We'll be using:

* [git](https://git-scm.com/)
* [cgit](https://git.zx2c4.com/cgit/about/)

The features that should work:

* work over SSH (clone, push)
* work with SELinux
* work over HTTPS (clone)
* able to fetch an archive pointing to a specific commit

### Installation

Make sure you have the EPEL repository enabled:

    $ sudo yum -y install epel-release

Install the software:

    $ sudo yum -y install git \
        cgit \
        python34-pygments \
        python34-markdown \
        highlight

The Python components are required to convert markdown files to HTML, i.e. the
README.md file with the `about-filter` option. The `highlight` is for syntax 
hightlighting, the `source-filter` option. If you are not interested in either
of that you can leave those dependencies out.

### Configuration

Add `git-shell` to list of shells:

    $ echo '/bin/git-shell' | sudo tee -a /etc/shells

Add system user `git`, but leave the default shell for now:

    $ sudo adduser git -r -d /var/lib/git
    $ sudo chown git.git /var/lib/git

We'll switch to the `git` user to perform the following steps:

    $ sudo -i -u git

The following commands are run as the `git` user in the directory 
`/var/lib/git`, you should be put in the directory automatically because of the
`-i` flag.

Now create the SSH directory to configure the public key(s) that have access
to the repositories:

    $ mkdir ${HOME}/.ssh
    $ chmod 0700 ${HOME}/.ssh
    $ echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAag0uPObPcRcVf4h2gRioOBGdXVZkc98NtQ5U4BsQol fkooman@fralen-tuxed-net' | tee ${HOME}/.ssh/authorized_keys
    $ chmod 0600 ${HOME}/.ssh/authorized_keys

Create a bare repository:

    $ mkdir php-oauth2-client.git
    $ cd php-oauth2-client.git
    $ git --bare init

Return to our 'normal' account:

    $ exit

Now we are almost there, except for a little SELinux issue where `sshd` won't 
be able to read the `/var/lib/git/.ssh/authorized_keys` file:

    $ sudo semanage fcontext -a -t ssh_home_t '/var/lib/git/\.ssh(/.*)?'
    $ sudo restorecon -R /var/lib/git

Modifying the policy this way will make sure it also "survives" a relabling of
the filesystem.

Change the shell for the `git` user now:

    $ sudo chsh -s /bin/git-shell git

Now you are ready to test SSH login from your host with the private key that
belongs to the public key that you configured above:

    $ ssh git@HOST

You'll get this error if all is correct:

    fatal: Interactive git shell is not enabled.
    hint: ~/git-shell-commands should exist and have read and execute access.

After this, it is possible to mirror your existing repository to your own 
server:

    $ git clone --bare git@github.com:/fkooman/php-oauth2-client.git
    $ cd php-oauth2-client.git
    $ git push --mirror git@HOST:php-oauth2-client.git

If you want to add your own server as a remote to an existing clone:

    $ git remote add my-server git@HOST:php-oauth2-client.git
    $ git push my-server master

#### cgit

Now all that is left is point cgit to this repository, add at the bottom of 
the file `/etc/cgitrc`:

    repo.url=php-oauth2-client
    repo.path=/var/lib/git/php-oauth2-client.git
    repo.desc=Simple OAuth 2.0 Client
    repo.owner=fkooman@tuxed.net

Some other changes in `/etc/cgitrc` are helpful:

    readme=:README.md
    clone-url=https://HOST/cgit/$CGIT_REPO_URL git@HOST:$CGIT_REPO_URL
    snapshots=zip tar.xz
    about-filter=/usr/libexec/cgit/filters/about-formatting.sh
    source-filter=/usr/libexec/cgit/filters/syntax-highlighting.sh

Now restart Apache:

    $ sudo systemctl restart httpd

Now you can browse to `https://HOST/cgit` assuming you set up your HTTP server
with TLS.

If you are playing with the configuration options, you may need to remove the
cache as cgit will cache the output it sends to the browser:

    $ sudo rm -f /var/cache/cgit/*

A posts/git_sign.md => posts/git_sign.md +19 -0
@@ 0,0 1,19 @@
---
title: Signing Git Commits
published: 2018-05-11
---

What a mess! This is my `$HOME/.gitconfig` that seems to make everything work.
As my keyring only works with `gpg2` and not with `gpg` you also have to set
`gpg.program`.

```
[user]
	email = fkooman@tuxed.net
	name = François Kooman
	signingKey = 6237BAF1418A907DAA98EAA79C5EDD645A571EB2
[commit]
	gpgSign = true
[gpg]
	program = /usr/bin/gpg2
```