HowTo: Using -lite with a GIT-based application

Years ago while looking for a fast init replacement for work, I found Finit. Originally written by Claudio Matsuoka to act as a drop-in replacement for the Asus EeePC fastinit, “gaps filled with frog DNA …“

Until I found Finit I had always been in awe of those venturing into the realm of PID 1. However, learning from the simplicity of Claudio’s code I realized that although PID 1 at times is indistinguishable from magic, it is really not that hard to master. My version of Finit is available on GitHub.

The code is open sourced under the very liberal MIT/X11 license, and much of its frog DNA has proven very useful to me over the years. This blog post is about how that frog DNA can help you fill gaps in your projects …

[Read More]

Inetd Support in Finit v1.12

A steady flow of features, and releases, is key to keeping any project alive. Recently I ticked off another item in the Finit TODO list …

Finit v1.12 now comes with a built-in inetd! You no longer need an external inetd daemon to launch services on demand.

The good news doesn’t stop there, this little inetd actually supports a poor man’s tcpwrappers!

inetd ssh/tcp          nowait [2345] /sbin/dropbear -i -R -F
inetd ssh@eth0:222/tcp nowait [2345] /sbin/dropbear -i -R -F

With these two lines in your /etc/finit.conf you tell finit to launch the Dropbear SSH server on demand on port 22 (default ssh/tcp port in /etc/services) on all interfaces except on eth0, which in your case is the Internet (WAN) interface, here you want SSH to run on port 222. Actually, you don’t want port 22 open at all on eth0 … so finit takes care of this for you! Seriously, it just works, no need for messing about with that nasty old iptables anymore!

The original UNIX inetd super server supported many protocols internally, some of which may seem a bit odd today, and some have been superseded by more modern protocols.

Finit currently only supports one internal/built-in standard service, time. It is built as a plugin to serve as an example of how you can extend Finit yourself. The time service can be called either as UDP or TCP. To prevent security issues, the time protocol is disabled by default. To enable it you need two things:

  1. The plugin (built by default)
  2. An inetd time ... line in /etc/finit.conf

Assuming you’ve installed the default set of plugins, the following two lines can be added:

inetd time/udp   wait [2345] internal
inetd time/tcp nowait [2345] internal

This can be very useful for testing the inetd capabilities, your network connection, or simply to get the time to a client where NTP for some reason does not work, or is blocked. For instance, you could have a GPS setup on your server and distribute time to clients with the time protocol.

To use it you need an rdate client. Users of rdate in BusyBox may need to be reminded that it only supports TCP.

$ rdate -pu
Sat Mar  7 08:48:58 CET 2015

For more info on Finit and its features, see the README.

Enjoy! ツ

[Read More]

Finit v1.11 released!

Update 2015-03-09: This release has unfortunately been yanked due to serious regressions in launching background processes. It has been replaced by v1.12

[Read More]

Recent Open Source Work

I’m a coder, not a writer. Here’s what I’ve been working on during the winter holidays: A new feature release of Finit is coming shortly, which will use libuEv and feature inetd support built-in! Another minor release of my own take on event loops, libuEv v1.0.3. This time with a heavy focus on documentation and Q&A, extensive validation testing have been done on this release. Released another minor release of mrouted, v3. [Read More]

pimd v2.2.0 -- The last release of pimd?

On one of the last days of 2014 I release pimd v2.2.0, which is an awesome release with a lot of new features and bug fixes!

However, it could very well be the last release I do. Even though its one of my most popular projects on GitHub I have not had enough time to dedicate to it over the years. I will continue to do fixes and merge pull requests until someone else steps up to take over. There is also the distinct possibility that the Xorp PIM-SM or the new Quagga PIM-SSM implementations will (finally) make good old pimd completely redundant.

At work we will likely start using the Quagga PIM rather than pimd in WeOS.

For now though, enjoy pimd v2.2.0. It’s been tested in both my Qemu based virtual testbed and a few setups using Linux’ netns feature in CORE – awesome little proggy! :-)

[Read More]

GnuTLS support in Inadyn and fixes to uftpd

Quite a few changes lately. I finally got around to adding support for GnuTLS to Inadyn, hopefully this will get into Debian … unless the Jessie freeze prevents that. Also, thanks to a friend of mine trying out uftpd recently I discovered that libuev has been missing from the tarball since the release of the TFTP support. Fixed. Another great piece of news is that Coverity accepted uftpd as an Open Source project, I’ve been hard at work fixing nasty bugs uncovered by the Coverity Scan. [Read More]

Bugfix release of uftpd

So them pesky details of /etc/inetd.conf really are important?

This is a small bugfix release of uftpd. Version 1.4 is basically just to change nowait to wait for the TFTP service in /etc/inetd.conf, but there’s also a minor man page update.

Enjoy! :)

The awesome uftpd, now w/ TFTP support! :)

Today sees the release of v1.3 of the awesome little uftpd. The main news is the new TFTP support! Just like before you don’t need any configuration file, just build and install – or build a .deb file and install. This release completes the main purpose of uftpd for me, I can now use it as my daily driver and fully replace vsftpd and tftpd-hpa, which to me are the next best. [Read More]