Category Archives: Code

Automating Let’s Encrypt Wildcard Certificates with the Namecheap API

I’m a big fan of Let’s Encrypt but when I recently found out about TLS Certificate Transparency Logs and how easy they made searching for otherwise unpublished subdomains, I decided that it might be a good idea to look into using wildcard TLS certificates.

A minor complication was that to validate a wildcard certificate Let’s Encrypt needs to create a TXT DNS record for your domain with a validation code. This is known as the DNS-01 challenge. I happen to use Namecheap as the registrar for most of my domains and luckily there is a Python library to access their API and automatically create this DNS record.

I’ve written a quick Python script which works as a manual authentication hook for Let’s Encrypt’s certbot and helps to automate the process of issuing / renewing a certificate using the DNS-01 challenge.

Usage:

  1. Obtain API credentials for Namecheap as detailed here
  2. Download the script and edit to add the API credentials to the appropriate variables
    N.B. Bad Things could happen if these credentials become public, please take appropriate precautions to keep them secure.
  3. To issue / renew a wildcard certificate for your domain run certbot something like this:
    sudo certbot certonly \
    --non-interactive \
    --manual \
    --manual-public-ip-logging-ok \
    -d <*.domain> \
    --email <email@address> \
    --manual-auth-hook <path/to/the/script>

Reject DOS line-endings at Git pre-commit

All *nix devs seethe with rage when DOS line-endings (CRLF) end up in your beautiful source code, right? If you use Git for your version control you’re in luck, use this local pre-commit hook to kick those CRLFs to the kerb before they can even make it into your local commit.

Install by copying the pre-commit file to the .git/hooks directory of your checkout. Ask your Windows using colleagues nicely to do the same.

GDB attach to a running process in batch mode

Ever needed to attach to a running process in a gdb batch mode script but didn’t know the process’ PID in advance? You can use GDB’s built-in Python interpreter to do the heavy lifting for you. Put the following in your batch-mode script:
python gdb.execute("attach " + os.popen('pgrep <process name>').read().rstrip())
<gdb commands go here>
detach
quit

Then run as follows:
gdb --batch -x <script>

Magic!

Unrar – Delete archive(s) after extraction

Due to lack of disk space on a server I needed a mechanism for automatically deleting RAR archives after their contents had been extracted. I couldn’t find any particularly neat way to do this with a shell script so I knocked up the following quick & dirty patch for unrar.

The patch applies cleanly to version 5.1.6 of the unrar source as follows:

wget 'http://www.rarlab.com/rar/unrarsrc-5.1.6.tar.gz'
tar -xvzf unrarsrc-5.1.6.tar.gz
cd unrar
wget 'http://simon.aldrich.eu/download/unrar/unrar-deleteOnExtract.patch'
patch -p1 < unrar-deleteOnExtract.patch
make

The compiled unrar binary will have the following extra option:

de  Delete archive(s) after extracting

Which you can use with the -e or -x commands e.g.:

unrar x -de test.part01.rar

Hopefully this might be useful to someone other than just me. Although, obviously, if extraction fails for any reason you will have deleted all the earlier volumes in the archive set. My suggestion would be to use the -t command to test your archive(s) first. I take no responsibility for any screw-ups you may cause yourself if you use this patch – caveat emptor!

Network remote for Onkyo A/V Receivers

I recently purchased an Onkyo TX-NR515 A/V receiver & amplifier. One of my main reasons for choosing this amp was that it supports network remote control via its ethernet port. This enables me to shut the amp away out of sight in an A/V cabinet and control it using the Onkyo Remote Android app.

Being a geek though it wasn’t sufficient for me to be able to control it via app. I wanted to make the amp “magically” turn itself on & select the correct input source when I turned on my HTPC or Squeezebox Touch (more on this soon).

Thanks to Tom Gutwin‘s excellent work of finding Onkyo’s protocol specification & documenting his efforts to produce a Java eISCP client it was pretty easy to produce a little Linux command-line utility which sends remote commands to an Onkyo amp.

The utility is written in C and should compile cleanly with GCC on Linux (it may work on other platforms, I haven’t tried it). Usage is as follows:

./onkyo-iscp <amp hostname or ip> <ISCP command> <command parameter>

For example:

./onkyo-iscp onkyo.home.lan PWR 01

will send a “power on” message to the amp. There’s currently no error checking on the command or parameters, it assumes you know what you’re sending to the amp (read the protocol spec for a list of commands & parameters). It also doesn’t read any data from the amp, I might get around to implementing this eventually (if it turns out that I need it).

Source tarball is here: onkyo-iscp.tar.gz

Listing recovery and source files using par2cmdline

I use the parchive command-line utility par2 quite a lot. In order to improve its scriptability I found that I needed to have the ability to list the recovery (*.par2) and source files (the files verified or repaired using the recovery data) associated with a master PAR2 file.

Admittedly I could have scraped the output from par2 -r <somefile.par2> but as it does some progress-percentage type output to the console I thought it might be cleaner to patch the par2 command to add a -list option.

Here’s how to download, patch & compile the par2cmdline v0.4 package to get these changes for yourself. These instructions are specifically for Ubuntu 10.04 (Lucid Lynx) but will probably work on any recent(ish) Ubuntu (or indeed Debian) install.

Optional step; if you’ve already installed par2cmdline via apt-get you’ll probably want to remove it with:

sudo apt-get remove par2
  1. Download the source of par2cmdline v0.4 from here (hint: you want par2cmdline-0.4.tar.gz).
  2. Untar the archive, this will create a par2cmdline-0.4 directory with the source in.
  3. If you’ve got gcc version 4 on your machine (you probably have) you’ll need to apply this patch to the source directory.
  4. Download and apply my patch to the source directory.
  5. Configure, compile and install.

Or, if you’re too busy and|or lazy to follow that, just paste the following into your console:

wget -O "par2cmdline-0.4.tar.gz" "http://downloads.sourceforge.net/project/parchive/par2cmdline/0.4/par2cmdline-0.4.tar.gz?r=&ts=1351786076&use_mirror=switch"
tar -xvzf par2cmdline-0.4.tar.gz
wget "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-arch/par2cmdline/files/par2cmdline-0.4-gcc4.patch"
patch -p0 < par2cmdline-0.4-gcc4.patch
wget "http://simon.aldrich.cc/download/par2cmdline/par2cmdline-0.4-list.patch"
patch -p0 < par2cmdline-0.4-list.patch
cd par2cmdline-0.4/
./configure
make
sudo make install

If all goes well you’ll end up with a par2 command with the following new options:

Usage:

  par2 c(reate) [options]  [files] : Create PAR2 files
  par2 v(erify) [options]  [files] : Verify files using PAR2 file
  par2 r(epair) [options]  [files] : Repair files using PAR2 files
  par2 l(ist)   [options]  [files] : List files using PAR2 files

You may also leave out the "c", "v", and "r" commands by using "parcreate",
"par2verify", or "par2repair" instead.

Options:

  -b  : Set the Block-Count
  -s  : Set the Block-Size (Don't use both -b and -s)
  -r  : Level of Redundancy (%%)
  -c  : Recovery block count (Don't use both -r and -c)
  -f  : First Recovery-Block-Number
  -u     : Uniform recovery file sizes
  -l     : Limit size of recovery files (Don't use both -u and -l)
  -n  : Number of recovery files (Don't use both -n and -l)
  -m  : Memory (in MB) to use
  -v [-v]: Be more verbose
  -q [-q]: Be more quiet (-q -q gives silence)
  -e     : List only recovery files
  -o     : List only source files
  --     : Treat all remaining CommandLine as filenames

The -l command will by default list both the recovery & source files. Use the -e and -o options to restrict listing to one or the other of these file types.

By my own admission this patch is pretty rough and ready (it doesn’t handle PAR v1 files for example) but I hope it’s of use to someone.