Friday, May 11, 2018


RPI3 fedora 27, hyperion relay and fun with the latch of street door

Use the installer:

arm-image-installer --image=Fedora-Server-armhfp-27-1.6-sda.raw.xz --media=/dev/mmcblk0 --target=rpi3 --norootpass --addkey=/home/jfclere/.ssh/

resize the image with the graphic tool:

gparted /dev/mmcblk0

boot the PI and find its address:

nmap -sn (ifconfig to get the laptop address).
Nmap scan report for
Host is up (-0.057s latency).
MAC Address: B8:27:EB:D4:2E:85 (Raspberry Pi Foundation)

ssh -l root you are in!!!

remove the auto configure

/bin/systemctl disable initial-setup.service

setting timezone:

ls -lt /usr/share/zoneinfo/Europe/Zurich
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime

install wifi: (PI3)

curl -o /lib/firmware/brcm/brcmfmac43430-sdio.txt

root@localhost ~]# nmcli device status
eth0    ethernet  connected  eth0
lo      loopback  unmanaged  --
wlan0   wifi      unmanaged  --
[X] Never use this network for default route
[X] Require IPv4 addressing for this connection
[X] Automatically connect

add dhcp server and configure it.

yum install dhcp-server
enable and start it.
/bin/systemctl enable dhcpd
/bin/systemctl start dhcpd

add named and configure it.

copy the configuration files in /etc/bind (mkdir /etc/bind)
enable and start it.
/bin/systemctl enable named
/bin/systemctl start named

Don't forget the firewall on the PI:
firewall-cmd --permanent --zone=FedoraServer --add-port=53/tcp
firewall-cmd --permanent --zone=FedoraServer --add-port=53/udp
firewall-cmd --reload

Look to the previous blog and enable the services

/bin/systemctl disable initial-setup.service
/bin/systemctl enable named
/bin/systemctl enable dhcpd

Getting the GPIO working...

[root@localhost ~]# yum search gpio
Last metadata expiration check: 2:55:33 ago on Mon 30 Apr 2018 06:50:28 CEST.
=================================================================== Summary & Name Matched: gpio ===================================================================
libgpiod-utils.armv7hl : Utilities for GPIO
sgpio.armv7hl : SGPIO captive backplane tool
libgpiod-devel.armv7hl : Development package for libgpiod
python2-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
python3-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
libgpiod.armv7hl : C library and tools for interacting with linux GPIO char device

install + try:
[root@localhost ~]# python3
Segmentation fault (core dumped)
Oops... broken :-(

install libgpiod-utils trying...

[root@localhost ~]# /usr/bin/gpioinfo
gpiochip0 - 54 lines: 
        line   0:      unnamed       unused   input  active-high
        line   1:      unnamed       unused   input  active-high
[root@localhost ~]# /usr/bin/gpiodetect
gpiochip0 [pinctrl-bcm2835] (54 lines)
gpiochip1 [raspberrypi-exp-gpio] (8 lines)
gpioset -m time -s 1 gpiochip0 18=1

install httpd and start it.

/bin/systemctl enable httpd
/bin/systemctl start httpd

open firewall for httpd
[root@localhost ~]# firewall-cmd --get-default-zone
So use FedoraServer ;-)
firewall-cmd --permanent --zone=FedoraServer --add-port=80/tcp
firewall-cmd --reload

Arrange the permission (selinux = tricky).

[root@localhost ~]# audit2allow -a

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t gpio_device_t:chr_file { ioctl open read write };
allow httpd_sys_script_t initrc_var_run_t:file { lock open read };
allow httpd_sys_script_t pam_var_run_t:dir { add_name write };
allow httpd_sys_script_t pam_var_run_t:file { create getattr lock open read write };
allow httpd_sys_script_t self:capability { audit_write dac_read_search setgid setuid sys_resource };
allow httpd_sys_script_t self:netlink_audit_socket { create nlmsg_relay };
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t shadow_t:file { getattr open read };
allow httpd_sys_script_t sudo_db_t:dir getattr;
allow httpd_sys_script_t system_dbusd_t:dbus send_msg;
allow httpd_sys_script_t systemd_logind_t:dbus send_msg;

#============= systemd_logind_t ==============
allow systemd_logind_t httpd_sys_script_t:dbus send_msg;
audit2allow -a -M door
semodule -i door.pp
(Not working... Need more time).

disabling selinux :_(

[root@localhost ~]# sestatus
SELinux status:                 disabled

For the details on httpd configuration, html, cgi look to

Sunday, September 10, 2017


Getting DS1307 on RPI3 with fedora 24

1 - Add in the /boot/config.txt:

In dmesg:
[    5.536541] rtc-ds1307 1-0068: rtc core: registered ds1307 as rtc0
[    5.540786] rtc-ds1307 1-0068: 56 bytes nvram
the modules are loaded a boot now...
[root@pc-8 ~]# i2cdetect -y 1
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- UU -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --

[root@pc-8 ~]# hwclock -r
2017-09-09 17:58:49.868784+1:00
(well not too bad after 2 months (+~1 minute)

2 -  Get chrony to resynchronize my hardware clock (if I have a connection!)
In /etc/chrony.conf:
# Enable kernel synchronization of the real-time clock (RTC).

# Serve time even if not synchronized to any NTP server.
local stratum 10

3 - Get the hard clock set at the RPI3 start time:
creates a /etc/systemd/system/hwclock.service
Description=Setup date and time via hwclock

ExecStart=/usr/sbin/hwclock --hctosys

and do:
systemctl enable hwclock

System time is set corrctly...
[root@pc-8 ~]# timedatectl status      Local time: Sat 2017-09-09 19:35:58 CEST
  Universal time: Sat 2017-09-09 17:35:58 UTC
        RTC time: Sat 2017-09-09 17:35:58
       Time zone: Europe/Zurich (CEST, +0200)
 Network time on: yes
NTP synchronized: no
 RTC in local TZ: no
Don't forget the firewall...
firewall-cmd --permanent --zone=FedoraServer --add-port=123/udp
firewall-cmd --reload

4 - make sure the clients (HypriotOS in my case) use the time server:

Add the RPI3 address in /etc/systemd/timesyncd.conf for (here is the RPI3 with the hardware clock):
service systemd-timesyncd restart

Sunday, October 16, 2016


Having fun with raspberry pi 3 and Astro Hat.

********* basic installation ********

fdisk /dev/mmcblk0
unmount and reinsert
looking for the images:
There are a bunch of them...
Only one I have picked this one.
losetup --partscan --find --show /home/jfclere/Downloads/Fedora-Server-armhfp-24-1.2-sda.raw /dev/loop0
mount -r /dev/loop0p3 /tmp/img/
mkfs.vfat /dev/mmcblk0p1
mkswap /dev/mmcblk0p2
mkfs.ext4 /dev/mmcblk0p3
mkdir /tmp/rpi/
mount /dev/mmcblk0p3 /tmp/rpi/
mkdir /tmp/rpi/boot/
mount /dev/mmcblk0p1 /tmp/rpi/boot/
cp -rpv /tmp/img/* /tmp/rpi/
sync (takes ages)
losetup -d /dev/loop0
[root@jfcpc NOTES]# blkid | grep mmcblk0
/dev/mmcblk0: PTTYPE="dos"
/dev/mmcblk0p1: SEC_TYPE="msdos" UUID="DB85-3C4A" TYPE="vfat"
/dev/mmcblk0p2: UUID="5f07dbe9-2619-481e-b0b3-5f37a7f011bf" TYPE="swap"
/dev/mmcblk0p3: UUID="8df2bd5c-4692-4f80-96ec-da2e9697a713" TYPE="ext4"
edit and ajust /tmp/rpi/etc/fstab
/tmp/rpi/boot/cmdline.txt Add
"dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p3 rootfstype=ext4 elevator=deadline rootwait" (configuration stuff).
/tmp/rpi/boot/config.txt (do we need something?...) empty for the moment...
copy the boot and modules
download the firmware:
what is:
it is like (just a zip repo).
dowload and unzip
[root@jfcpc NOTES]# cp -r /home/jfclere/Downloads/firmware-master/boot/* /tmp/rpi/boot/
So (for + and -v7+ no idea how it is choosen)
Once running doing more /proc/cpuinfo:
processor : 0
model name : ARMv7 Processor rev 4 (v7l)
guessing we use the -v7+ ;-)
[root@jfcpc NOTES]# cp -r /home/jfclere/Downloads/firmware-master/modules/* /tmp/rpi/lib/modules/
umount /tmp/rpi/boot/
umount /tmp/rpi/
network: (trying to check it)...
In fact the fedora24 use systemd
/tmp/rpi/etc/systemd/ (there something run at the first boot).
/tmp/rpi/etc/systemd/system/ -> /lib/systemd/system/
/tmp/rpi/lib/systemd/system/systemd-firstboot.service ?
and it run /usr/bin/systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password
ExecStart=/usr/bin/systemd-firstboot --prompt-locale --prompt-timezone --prompt-root-password
For the curious:
[jfclere@jfcpc ~]$ rpm -qf /usr/bin/systemd-firstboot
nmap -sn
found the PI:
Nmap scan report for pc-151.home (
Host is up (0.047s latency).
MAC Address: B8:27:EB:C1:44:41 (Raspberry Pi Foundation)
scanning it:
[root@jfcpc Downloads]# nmap
Starting Nmap 7.12 ( ) at 2016-09-07 22:15 CEST
Nmap scan report for pc-151.home (
Host is up (0.0044s latency).
Not shown: 998 filtered ports
22/tcp open ssh
9090/tcp open zeus-admin
MAC Address: B8:27:EB:C1:44:41 (Raspberry Pi Foundation)
Nmap done: 1 IP address (1 host up) scanned in 4.60 seconds
Some how the password stuff failed... The stuff still asks :-(
copy my fedora laptop password that helps...
[root@pc-151 ~]# ps -ef | grep tty1
root 343 1 0 18:23 tty1 00:00:00 /bin/bash /usr/libexec/initial-setup/run-initial-setup
root 348 343 12 18:23 tty1 00:00:23 /usr/bin/python3 /usr/libexec/initial-setup/initial-setup-text --no-stdout-log
root 720 696 0 18:26 pts/0 00:00:00 grep --color=auto tty1
In it:
/bin/systemctl disable initial-setup.service (so it remove itself).
and it is a python script...
trying... mount
/dev/mmcblk0p3 on /run/media/jfclere/a440011a-a5ea-4eb7-ae01-95c8cd981673
[root@jfcpc Downloads]# grep ENCRYPT_METHOD /tmp/img/etc/login.defs
echo -n root:Changeit2016 | chpasswd -c SHA512 -R /run/media/jfclere/a440011a-a5ea-4eb7-ae01-95c8cd981673 ?
selinux problems :-( and doesn't work.
echo -n root:Changeit2016 | chpasswd -c SHA512 in PI works...
setting timezone:
ls -lt /usr/share/zoneinfo/Europe/Zurich
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime
easy :D
Done forget to remove the base fedora kernel components (yum might get funny overrwise)...
dnf remove kernel kernel-core kernel-modules

************** configure wifi *************

The goal is to get a sort of captive portal to run an easy demo, the raspberry is acting as an AP and dhcp server and name server
[root@pc-111 ~]# nmcli device status
eth0 ethernet connected eth0
lo loopback unmanaged --
no wifi.
$ cd /lib/firmware/brcm/
$ curl -O
$ curl -O
iw list
Supported interface modes:
* managed
* AP
it can do AP cool...
dnf install NetworkManager-tui NetworkManager-wifi
Mode <Access Point>
Channel <Automatic>
Security <None>
[X] Never use this network for default route
[X] Require IPv4 addressing for this connection
[X] Automatically connect
From the laptop:
wlp4s0 IEEE 802.11 ESSID:"PI"
Mode:Managed Frequency:2.412 GHz Access Point: B8:27:EB:94:11:14
in PI:
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b8:27:eb:94:11:14 txqueuelen 1000 (Ethernet)
hm laptop doesn't get IP?
try dhcp (server?) (give to the PI)
Look to /etc/dhcp/dhcpd.conf
The important:
subnet netmask {
so it listens on
option domain-name "";
option domain-name-servers;
so the name are resolved by the bind of PI.
option routers
so it is the routers for the interface (we can use the PI as router!!!).
Looks nearly OK...
Listening on LPF/wlan0/b8:27:eb:94:11:14/
Sending on LPF/wlan0/b8:27:eb:94:11:14/
ifconfig on the laptop:
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast
nmap -sn (it finds the PI)
[root@jfcpc APACHE-2.4.x]# nmap -sn
Starting Nmap 7.12 ( ) at 2016-09-14 23:41 CEST
Nmap scan report for
Host is up (0.014s latency).
MAC Address: B8:27:EB:94:11:14 (Raspberry Pi Foundation)
Nmap scan report for
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 32.09 seconds
easy... (connected).
to find the address:
nmap -sn
(doesn't help... well run it as root = better...)
Nmap scan report for pc-111.home (
Host is up (0.0067s latency).
MAC Address: B8:27:EB:7A:A6:98 (Raspberry Pi Foundation)
Nmap scan report for pc-111.home (
Host is up (0.0067s latency).
name server: (based on
yum install bind
listen-on port 53 {; };
allow-query {; };
recursion no;
zone "." IN {
type master;
file "/etc/bind/db.fakeroot";
And in /etc/bind/db.fakeroot:
@ IN SOA ( 1 3h 1h 1w 1d )
* IN A
Don't forget the firewall on the PI:
firewall-cmd --permanent --zone=FedoraServer --add-port=53/tcp
firewall-cmd --permanent --zone=FedoraServer --add-port=53/udp
firewall-cmd --reload

********* Getting tomcat running *********

yum install java should be ready for tomcat).
yum install java maven
git clone
cd tomcatPI/demo
java -jar ./target/demo-1.0-SNAPSHOT-jar-with-dependencies.jar
Don't forget the firewall (again).
firewall-cmd --permanent --zone=FedoraServer --add-port=80/tcp
firewall-cmd --reload

******** Getting Astro Hat examples running ********

HAT: (looks the good one...)
A lot needs to be install gcc/python-devel/gcc-gfortran/redhat-rpm-config (hard to guess this one!) and building takes ages...
libz-devel, jpeg-devel
testing... /root/python-sense-hat/examples
mssing cmake/gcc-c++
in RTIMULib/RTIMULi/build (mkdir ) cmake ... make make install.
in RTIMULib/Linux need qt-devel
in RTIMULib/Linux/python (probably the only one really needed!).
./python-sense-hat/examples/ (works...)
./RTIMULib/Linux/build/RTIMULibCal/RTIMULibCal (to get the RTIMULib.ini to pur in /etc according to the doc).
******* Playing with the 8X8 frame buffer ****
[root@jfcpc java]# pwd
[root@jfcpc java]# java -cp . org.jfclere.tomcatPI.PIFrameBuffer
file is 4096Exception in thread "main" No such device
at Method)
at org.jfclere.tomcatPI.PIFrameBuffer.main(
+++ OK ++++ It can't read it :-(
According to Python code:
from sense_hat import SenseHat
The LED matrix is an RGB565 framebuffer
(more or less working now committed).

********* Sending information to ActiveMQ and consuming it *******

yum install stomppy
install activemq on laptop
check stomp port:
INFO | Listening for connections at: stomp://jfcpc:61613?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector stomp started (we receive something binary UTF8 encoded string).
write a STOMP logic to send message to ActiveMQ (running on my laptop)
write a small jms client to consum the messages from the raspberry

Saturday, December 19, 2015


Where you noted your ssh key needs renew

After updating to fedora23 I noted I cant use ssh from my laptop to servers I use to connect it. I have got the weird message ssh -vvv:  
debug1: Roaming not allowed by server

Obviously it isn't a server problem, while try to understand I have found:

Of course adding
in .ssh/config helps
Checking the key shows that I need new key pairs soon:
-rw-------. 1 jfclere jfclere   736 Nov 22  2006 id_dsa
-rw-r--r--. 1 jfclere jfclere   619 Nov 22  2006

I have being using the same keys for ~10 years in fact!!!
Well mostly only inside Red Hat vpn, time to change keys and spot the server I am using only from time to time...

Thursday, December 23, 2010


Tethering with Fedora 14 with iphone

It looks very easy now:
yum install libimobiledevice (really needed?)
dmesg tells:
[ 3202.355929] ipheth 1-8.4:4.2: Apple iPhone USB Ethernet device attached
[ 3202.355982] usbcore: registered new interface driver ipheth
In network manager I am able to confgure it but not to activate it (may be I have something wrong in my box).

Using dhclient wwan0
gets it working :D

Note that the iphone is running 4.2.1 and my provider is swisscom

Wednesday, June 03, 2009


mod_cluster 1.0.0.GA release

mod_cluster brings a dynamic configuration to mod_proxy. In fact mod_cluster is a replacement of mod_proxy_balancer and it uses some of the new features of httpd-trunk like slotmem.
The improvements to mod_proxy/mod_jk are:
- Dynamic configuration of contexts (no more 404 or 400 when an application is been redeployed).
- Load information received from the node of the cluster.
- Asynchronous cping/cpong via a STATUS message from the cluster.
- Minimal configuration.
Paul also blogged on the topic see
For more see try it and join the growing community.

Tuesday, April 14, 2009


Using Tomcat with mod_heartmonitor (part 2)

This is the second blog on the topic using Tomcat with mod_heartmonitor, here it is using HTTP instead multicast sockets... Well no one like multicast sockets but everyone likes the HTTP protocol no?
In the httpd.conf file add something like the following (to the httpd.conf the previous blog):

<Location /HeartbeatListener>
SetHandler hearthbeat
Order deny,allow
Deny from all
Allow from
Allow from

In the server.xml add ProxyList to the HeartbeatListener:

<Listener className="org.apache.catalina.ha.backend.HeartbeatListener" Port="8009" ProxyList="" />

Have fun!!!

This page is powered by Blogger. Isn't yours?