Lock with XSecureLock after suspend posted on 22 May 2016

To lock your computer with XSecureLock after suspend, create a new systemd service at /usr/lib/systemd/system/xsecurelock@.service

[Unit]
Description=Lock X session using xsecurelock
After=suspend.target

[Service]
Type=simple
Environment=DISPLAY=:0
Environment=XAUTHORITY=/home/%i/.Xauthority
ExecStart=/usr/bin/xsecurelock auth_pam_x11 saver_blank

[Install]
WantedBy=suspend.target

Enable it with sudo systemctl enable xsecurelock@<user>.service.

Then make sure you suspend your computer with systemctl (sudo systemctl suspend) and not directly with sudo pm-suspend. If you don’t systemd won’t trigger your service after suspend.

Lightdm on a specific monitor posted on 21 May 2016

I formatted my workstation yesterday to get rid of Windows for a few reasons:

  • The prompt for Windows 10 was too annoying and impossible to remove. Considering that installing Windows 10 would have blown my dual boot away, and that I would have to set up my dual boot again, I just went for removing Windows.
  • I do not use Photoshop anymore, and found that Krita works fine for me.

Anyway, tonight I was trying to get LightDM to show on my main monitor. I couldn’t figure out how to force it on a specific monitor, but found out that LightDM follows the mouse. So my solution was to add the following line in /etc/lightdm/lightdm.conf:

display-setup-script=xdotool mousemove --screen DVI-0 1280 720

And that did the trick.

Certificates for GRPC with TLS posted on 20 March 2016

I haven’t blogged anything for the past few months because I have been busy working on a few projects using new shiny toys. One of them is gRPC, a high performance, open source, general RPC framework, which is based on Google’s internal Stubby RPC system.

This post is mostly about using TLS with gRPC in Golang, but if you are wondering what gRPC brings that HTTP/JSON does not, here are a few reasons on top of my head:

  • Better performance in respect to network compression, serialization etc.
  • Structured RPC.
  • Error tracing.

Anyway, if you want to use TLS with gRPC, you need to create a few certificates first. This script does it for you. Usage is gen.sh <host> <prefix> where host is the host on which your gRPC server is listening. The parameter prefix is just used to prefix the output files such that you can create prod and dev certificates.

PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
HOST=$1
if [ -z $HOST ]; then HOST="localhost"; fi
PREFIX=$2
if [ -z $PREFIX ]; then PREFIX="dev"; fi

openssl genrsa -passout pass:$PASSWORD -des3 -out $PREFIX'server.key' 4096
openssl req -passin pass:$PASSWORD -new -x509 -days 3650 -key $PREFIX'server.key' -out $PREFIX'server.crt' -subj '/C=US/ST=CA/L=Sunnyvale/O=MyApp/CN='$HOST[email protected]'
openssl rsa -passin pass:$PASSWORD -in $PREFIX'server.key' -out $PREFIX'server.key'

Two files are created, a .crt and .key one. You can then create create a connection with:

creds, err := credentials.NewClientTLSFromFile(grpcCrtFile, host)
if err != nil {
  log.Fatalf("Failed to create TLS credentials %v", err)
}
opts := grpc.WithTransportCredentials(creds)
connection, err := grpc.Dial(g.address, g.opts)

Create your server with:

lis, err := net.Listen("tcp", *grpcHost+":"+strconv.Itoa(*grpcPort))
if err != nil {
  log.Fatalf("failed to listen: %v", err)
}

creds, err := credentials.NewServerTLSFromFile(grpcCrtFile, grpcKeyFile)
if err != nil {
  log.Fatalf("Failed to generate credentials %v", err)
}

s := grpc.NewServer(grpc.Creds(creds))
// Register your services here
s.Serve(lis)

Using Travis'container architecture posted on 02 December 2015

Last year, Travis announced faster builds with container-based infrastructure and Docker.

One requirement to use such infrastructure is to disable sudo with sudo: false at the top of your .travis.yml file.

If you were installing third party software using apt-get and sudo, you can just download the .deb package, and unpack it. For RethinkDB, you can run these commands:

wget http://download.rethinkdb.com/apt/pool/precise/main/r/rethinkdb/rethinkdb_2.2.1
ar x *.deb
ar xvzf data.tar.gz

You can then find your binary in ./usr/bin. For example, this is reqlite .travis.yml:

language: node_js
sudo: false
node_js:
  - "node"
before_install:
  - wget http://download.rethinkdb.com/apt/pool/precise/main/r/rethinkdb/rethinkdb_2.2.1~0precise_amd64.deb
  - ar x *.deb
  - tar xvzf data.tar.gz
before_script:
  - ./usr/bin/rethinkdb --daemon
  - npm install
  - ./bin/reqlite --port-offset 1 &
  - sleep 10
after_script:
  - rethinkdb
notifications:
  email: false