Friday, May 11, 2018

 

RPI3 fedora 27, hyperion relay and fun with the latch of street door

Use the installer:


arm-image-installer --image=Fedora-Server-armhfp-27-1.6-sda.raw.xz --media=/dev/mmcblk0 --target=rpi3 --norootpass --addkey=/home/jfclere/.ssh/id_rsa.pub

resize the image with the graphic tool:


gparted /dev/mmcblk0

boot the PI and find its address:

nmap -sn 192.168.1.0/24 (ifconfig to get the laptop address).
Nmap scan report for 192.168.1.39
Host is up (-0.057s latency).
MAC Address: B8:27:EB:D4:2E:85 (Raspberry Pi Foundation)

ssh -l root 192.168.1.39 you are in!!!

remove the auto configure

/bin/systemctl disable initial-setup.service

setting timezone:

ls -lt /usr/share/zoneinfo/Europe/Zurich
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime

install wifi: (PI3)

curl https://fedora.roving-it.com/brcmfmac43430-sdio.txt -o /lib/firmware/brcm/brcmfmac43430-sdio.txt
reboot

Done:
+++
root@localhost ~]# nmcli device status
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  eth0
lo      loopback  unmanaged  --
wlan0   wifi      unmanaged  --
+++
nmtui
SSID PI2
Mode
Channel
Security
Addresses 10.0.0.201/24
[X] Never use this network for default route
[X] Require IPv4 addressing for this connection
[X] Automatically connect
+++

add dhcp server and configure it.

yum install dhcp-server
use https://github.com/jfclere/tomcatPI/blob/master/conf/master/dhcpd.conf
enable and start it.
/bin/systemctl enable dhcpd
/bin/systemctl start dhcpd

add named and configure it.

use https://github.com/jfclere/tomcatPI/blob/master/conf/master/named.conf
copy the configuration files in /etc/bind (mkdir /etc/bind)
enable and start it.
/bin/systemctl enable named
/bin/systemctl start named

Don't forget the firewall on the PI:
firewall-cmd --permanent --zone=FedoraServer --add-port=53/tcp
firewall-cmd --permanent --zone=FedoraServer --add-port=53/udp
firewall-cmd --reload

Look to the previous blog and enable the services

/bin/systemctl disable initial-setup.service
/bin/systemctl enable named
/bin/systemctl enable dhcpd


Getting the GPIO working...

+++
[root@localhost ~]# yum search gpio
Last metadata expiration check: 2:55:33 ago on Mon 30 Apr 2018 06:50:28 CEST.
=================================================================== Summary & Name Matched: gpio ===================================================================
libgpiod-utils.armv7hl : Utilities for GPIO
sgpio.armv7hl : SGPIO captive backplane tool
libgpiod-devel.armv7hl : Development package for libgpiod
python2-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
python3-RPi.GPIO.armv7hl : A class to control the GPIO on a Raspberry Pi
libgpiod.armv7hl : C library and tools for interacting with linux GPIO char device
+++

install + try:
+++
[root@localhost ~]# python3 jfcgpio.py
Segmentation fault (core dumped)
+++
Oops... broken :-(

install libgpiod-utils trying...

+++
[root@localhost ~]# /usr/bin/gpioinfo
gpiochip0 - 54 lines: 
        line   0:      unnamed       unused   input  active-high
        line   1:      unnamed       unused   input  active-high
...
+++
[root@localhost ~]# /usr/bin/gpiodetect
gpiochip0 [pinctrl-bcm2835] (54 lines)
gpiochip1 [raspberrypi-exp-gpio] (8 lines)
+++
Yes:
gpioset -m time -s 1 gpiochip0 18=1
LED ON!!!

install httpd and start it.

/bin/systemctl enable httpd
/bin/systemctl start httpd

open firewall for httpd
+++
[root@localhost ~]# firewall-cmd --get-default-zone
FedoraServer
+++
So use FedoraServer ;-)
+++
firewall-cmd --permanent --zone=FedoraServer --add-port=80/tcp
firewall-cmd --reload
+++

Arrange the permission (selinux = tricky).

+++
[root@localhost ~]# audit2allow -a


#============= httpd_sys_script_t ==============
allow httpd_sys_script_t gpio_device_t:chr_file { ioctl open read write };
allow httpd_sys_script_t initrc_var_run_t:file { lock open read };
allow httpd_sys_script_t pam_var_run_t:dir { add_name write };
allow httpd_sys_script_t pam_var_run_t:file { create getattr lock open read write };
allow httpd_sys_script_t self:capability { audit_write dac_read_search setgid setuid sys_resource };
allow httpd_sys_script_t self:netlink_audit_socket { create nlmsg_relay };
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t shadow_t:file { getattr open read };
allow httpd_sys_script_t sudo_db_t:dir getattr;
allow httpd_sys_script_t system_dbusd_t:dbus send_msg;
allow httpd_sys_script_t systemd_logind_t:dbus send_msg;

#============= systemd_logind_t ==============
allow systemd_logind_t httpd_sys_script_t:dbus send_msg;
+++
audit2allow -a -M door
semodule -i door.pp
(Not working... Need more time).

disabling selinux :_(

+++
[root@localhost ~]# sestatus
SELinux status:                 disabled
+++

 Add apache in sudoers: sudoedit /etc/sudoers add:

apache ALL=NOPASSWD: /usr/bin/gpioset -m time -s 1 gpiochip0 18=1

For the details on httpd configuration, html, cgi look to https://github.com/jfclere/door

# posted by Jean-Frederic Clere @ 9:30 PM 0 comments

This page is powered by Blogger. Isn't yours?