Related
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
TonnyVanmunster said:
Hello,
I'm trying to connect to a Cisco VPN client by using VPN Connections on an Archos 70 IT 250 GB, that is rooted.
I always get a "Connection failed" message, after which the app crashes.
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Regards,
Tonny
Click to expand...
Click to collapse
Hi,
I used to have the same error on my Galaxy S, when trying to create a VPN tunnel to my companies CISCO gateway.
The problem seems to relate to the missing tun.ko library.
I'm not sure if the Samsung Galaxy files will work for Archos, but you might want to adapt and try the following how-to: http://forum.xda-developers.com/showthread.php?t=793712&highlight=tun.ko
Regards,
Patrick
TonnyVanmunster said:
Did anyone succeed in getting VPN Connections working on Archos 70 IT ?
Click to expand...
Click to collapse
I found a possible clue. After trying several free pptp vpn services and noticing that it seemed to resolve a url one time then just hang, I set up a vpn on my lan and tried the local coffee shop connection to access it. I found that if encryption was completely disabled on the lan vpn and unchecked on the 70 IT, it would connect and I could browse, check email, etc. As soon as I set the policy on the vpn server to enable any level of encryption it was back to the resolve 1 url and hang behavior. Of course an unencrypted vpn is about as worthless as t*ts on a bull but it's the only clue I've found. As a control, I tried an ip*d touch w/encryption on against the same vpn with all levels enabled and that worked.
If anybody else who's running a local vpn can duplicate and confirm this, it's a step in the right direction!
VPN Connections 0.99 (aka get-a-robot-vpnc) working on A101IT with urukdriod-0.6
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Works in UD 1.5
nenadr said:
I've managed to make get-a-robot-vpnc (aka VPN Connections 0.99) work on urukdroid0.6 on Archos 101 IT.
There are two issues with default vpnc.script, and one issue with output of 'ps' command needed by VPN Connections 0.99 GUI, to check is there a connected vpnc process.
Resolving vpnc.script issues:
1. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'which' command (cd /usr/local/bin; ln -s busybox which)
2. Symbolic link is missing that links /bin/busybox (or /usr/local/bin/busysbox on urukdroid) to 'ip' command (cd /usr/local/bin; ln -s busybox ip)
$aur0n told me that this two commands/links will be included in urukdroid-0.7.
Resolving GUI 'ps' issue (a bit harder ):
VPN COnnections GUI do 'ps | grep 'vpnc$' to see is there active vpnc process (established connection), but output of 'ps' command(s) found on urukdroid is not what GUI expects, so it cannot find vpnc proccess even if it is running and VPN is established.
On urukdroid there is 2 versions of 'ps' command:
1st is /bin/ps which is symbolic link to /bin/busybox (very old version of busybox (1.7.2, I believe) and output of ps this command is not suitable for VPN Connections (GUI)
2nd is /usr/local/bin/ps which is native ps command, but its output is also not suitable for VPN Connections (GUI)
There is a (hidden ) 3rd 'ps' command in /usr/local/bin/busybox (that version of busybox is 1.17.2) - but also not suitable output for VPN Connections (GUI).
Experimenting a bit I've found that '/usr/local/bin/ps -A' gives an suitable output, so I:
1. renamed /usr/local/bin/ps to /usr/local/bin/ps.new
2. made a script /usr/local/bin/ps with:
Code:
#!/bin/sh
ps.new -A
exit $?
3. chown root:root /usr/local/bin/ps; chmod 755 /usr/local/bin/ps
After that, everything worked.
Hope this solves issues for some of you
P.S. Forgot to mention - urukdroid 0.7 will have its own vpnc service built-in.
Click to expand...
Click to collapse
Just wanted to say thanks! I'm using Urukdroid 1.5 and had the same issue. Used your trick and now VPNC connects to my companies VPN ^_^
Hi,
Last week I received my Archos 101. In general it is great. Even better is this forum
I installed urukdroid (thanks to the project-team!). I tried to use openvpn but it failed and I am not sure about the reason.
The server-configuration is
...
ifconfig-pool 10.10.10.120 10.10.10.130
push "route 10.10.10.1"
route 10.10.10.0 255.255.255.0
ifconfig 10.10.10.1 255.255.255.0
push "route-gateway 10.10.10.1"
push "route 10.10.10.0 255.255.255.0"
...
As the Archos is the only device it would get IP 10.10.10.120.
BUT: ifconfig shows:
inet addr.: 10.10.10.255 Bcast: 10.255.255.255 Mask 255.0.0.0
That did (and cannot) work. No ping to home network possible.
When I called route it looked fine (I used redirect-gateway).
When I send the command
ifconfig tap0 10.10.10.120 broadcast 10.10.10.1 netmask 255.255.255.0
from Archos Terminal I had at least access to my home network. But all route entries are gone.
Who has an idea what I am doing wrong? I checked it in the last day again and again... If there is no solution: is it possible to 'save' the entries from route and restore it after my manual change of ifconfig? I would like to do it via script, as my home network I only reachable via dyndns.
Thanks and best regards!
I used the OpenVPN Howto Quickstart and had no problems.
macemoneta said:
I used the OpenVPN Howto Quickstart and had no problems.
Click to expand...
Click to collapse
Yes, I know the guide. I did the same with my ubuntu-netbook and it works directly.
And I think, it would work also on the Archos, if the openvpn/ifconfig on Archos accept the 10.10.10.120. But the IP is changed to 10.10.10.255 and that did not fit.
Where the h*** did the 255 instead of 120 come from?
I noticed the same problem...
No idea where it comes from, but as a workaround, you can put a script somewhere containing a suitable "ip addr add x.x.x.x/y dev z" statement, and reference that in the .conf file as "up scriptname".
Note that you need to add "--script-security 2" to the openvpn commandline to make that work. I added that to the OPENVPN_CFG variable in /etc/uruk.conf/openvpn.
regards
Patrick
This is the openvpn configuration I use for my Archos 101 (on the server). I'm not having any problems, using openvpn 2.1.1:
Code:
port 1194
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/[COLOR="Blue"]<my host>[/COLOR].crt
key /etc/openvpn/keys/[COLOR="blue"]<my host>[/COLOR].key
dh /etc/openvpn/keys/dh1024.pem
mode server
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.255
push "route 10.8.0.1 255.255.255.255"
client-config-dir ccd
push "redirect-gateway def1"
push "dhcp-option DOMAIN [COLOR="Blue"]<my domain>[/COLOR]"
push "dhcp-option DNS [COLOR="blue"]<my dns server>[/COLOR]"
keepalive 10 60
inactive 3600
route 10.8.0.0 255.255.255.0
user openvpn
group openvpn
persist-tun
persist-key
verb 4
I examined the situation a bit further.
The problem comes from the ifconfig command that openvpn calls itself:
Code:
/system/bin/ifconfig myvpn \
192.168.x.41 \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255
This is only used when tap interfaces are involved, which is the case in my setup, but not in the setup macemoneta is showing. caesar68: do you also use tap interfaces?
I can reproduce the problem by just using that ifconfig command again.
When I list the IP-address-to-set as the last argument, instead, it works, i.e.
Code:
/system/bin/ifconfig myvpn \
netmask 255.255.255.0 \
mtu 1500 \
broadcast 192.168.x.255 \
192.168.x.41
A quick scanning of the openvpn manpage, does not suggest a way to override the ifconfig command that is used, but it does give an option --ifconfig-noexec which suppresses its calling.
Unfortuntely, when I just pack the is-working-after-the-interface-is-up ifconfig command into an up script with this option, it just gives me an error SIOCSIFNETMASK (Cannot assign requested address) - even if the same commandline works when I run it over an already upped interface... Probably because the interface then already had an IP address...
No problem, though, ifconfig is obsolete anyway, let us just use ip link and ip addr, which are fortunately available under Uruk.
So, caesar68, the clean solution would be to have
--script-security 2 on the openvpn commandline, e.g. via OPENVPN_CFG in /etc/uruk.conf/openvpn
in your myvpn.conf file:
Code:
ifconfig-noexec
up-delay
up-restart
up /etc/openvpn/myvpn-on-up
a corresponding script /etc/openvpn/myvpn-on-up, executable, with content
Code:
#! /system/bin/sh
ip link set $dev mtu $tun_mtu up
ip addr add $ifconfig_local/$ifconfig_netmask \
broadcast $ifconfig_broadcast \
dev $dev
Works For Me
Thanks for the explanation and the workaround, brian_o'fish. Why are you using tap though? Tap provides an Ethernet bridge, so you'll be transporting packets that really don't need to be sent to your Archos (reducing available bandwidth). Tun is layer 3 routed, so only traffic destined for either endpoint goes over the VPN connection.
macemoneta said:
Why are you using tap though?
Click to expand...
Click to collapse
That's what the server I'm using, is configured to do, as it provides transparant bridged LAN access via VPN, and that is what I want, as I am the admin of said LAN and VPN.
If the low level of broadcasts we have, ever increases or appears to be a problem to me, I'll set up an additional tun server, but for now it is simply not an issue.
Anyway, good hint in general!
Hi all!
Thanks a lot for your comments. Yes I am using tap. I would like to have access to my home network (storage etc.). Therefore I want to use the brigde functionality. And that works only when I changed the ifconfig manually afterwards. But the route is distroyed then and packages to the internet are not routed secure thru my home-network.
@ brian_o'fish: Thanks for the advise. I will try that the next days. In the moment I am happy to read, that I am not the only one with the problem (and maybe to stupid to use openvpn - but on the netbook it works).
I have never worked with tun. Maybe I could check, if that is also a workaround.
I will keep you informed, but I am on a trip the next days.
Thanks again!
*** Update ***:
I didn't work neither with tap nor with tun. Meanwhile I tried to run VPNC. I had some trouble, but it works now.
caesar68 said:
I didn't work neither with tap nor with tun.
Click to expand...
Click to collapse
Did you try the approach I described with tap, and can tell where / how it failed?
Hello all,
I figured this tutorial may come in handy to a few people out there since the documentation for getting this to work is quite atrocious.
What this tutorial is:
A step-by-step walkthrough of setting up wpa_supplicant.conf to access advanced networking protocols that we otherwise don't have access to (note, this will ONLY work with root at the moment).
What this tutorial is not:
A wireless troubleshooting thread for any wireless issues not related to wpa_supplicant, EAP-TLS, EAP-TTLS, etc.
Thanks ahead of time.
NOTE: This tutorial will be giving instructions for a Windows 7 machine, but 90% of the code I provide can easily be copied over to Linux/BSD/OSX, just replace with the Bash equivalents.
To begin, you will need a few things:
--ADB, with working drivers, though you don't NEED root access through it it is nice to have, since it cuts the typing in half, and the setup for that can be found here: [App]: ADB Root Hijack [ADB Runs as Root now]
--openSSL, for converting certificates to the proper formats.
Windows instructions: Requires Cygwin, see this link here. This will install several other useful tools, and you'll love Cygwin if you're a power user
Linux/BSD/OSX instructions: install using your favorite repositories or from binaries (in the case of OSX). For Ubuntu/Debian: sudo apt-get install openssl
--You will need access to the Development menu (use an app or the Any Cut app to make a shortcut), as well as Root Browser lite (or Root Explorer).
--Alot of patience, and a bit of time. This should be straightforward, but don't expect a perfect solution for everyone.
1) The most important step, since this will cause you no end of headaches for possibly an hour or two as you trace it down: Go into the Development menu, UNCHECK USB Debugging and RECHECK it, then UNCHECK Auto Mount. So, even if debugging is checked, uncheck and check it anyway. And make SURE Auto Mount is unchecked, otherwise this will automatically install the "normal" NT drivers and screw up the entire process.
2) Plug in the Nook, and bring up the command line (cmd.exe). Run:
Code:
adb devices
If this returns an alphanumeric string (or anything), your device is in and you're good to go. Otherwise, check the other forum topics for troubleshooting (link to come).
3) To begin, we need to convert our tickets to the correct format. For this we will use OpenSSL. To make this easy, I piled all of my working space into a folder in the root of the C: drive, called "certs". For this example, I will assume that you were given a root certificate named rootCA.crt and a private certificate names [email protected].p12 (because I was, for the eduroam worldwide network).
This example also assumes EAP-TLS authentication. To convert the files:
Code:
openssl x509 -in rootCA.crt -out rootCA.der -outform DER
openssl x509 -in rootCA.der -inform DER -out rootCA.pem -outform PEM
then
openssl pkcs12 -in [email protected] -out cert.pem -clcerts -nokeys
openssl pkcs12 -in [email protected] -out key.pem -nocerts
Note: even if your business/Uni doesn't use a separate hashed key normally (For example, the University of Alaska system), you will need it here. Normally a certificate app handles all of this (on AOSP and custom builds).
4) Thanks to good ol' FSTAB, we will have to remount /system so we can read/write to it:
Code:
adb shell
su
mount -o remount,rw /system /system
5) Now, we have three new files: rootCA.pem, cert.pem and key.pem in the C:\certs folder. We push them to their proper directory on the NT:
Code:
adb push rootCA.pem /system/etc/wifi/
adb push cert.pem /system/etc/wifi/
adb push key.pem /system/etc/wifi/
Note: This is where it gets tricky without root ADB access...the option is to push them to "/media/My Files/My Downloads/" (including quotes) and then use a terminal or root browser to move them to /system/etc/wifi/
6) Next, we get to pull wpa_supplicant finally!
Code:
adb pull /system/etc/wifi/wpa_supplicant.conf .
Note: Make sure to include the . at the end, this means 'copy it to the current directory'
7) Open wpa_supplicant.conf in Wordpad (NOT notepad, wrapping issues), and build a profile based on the examples located here.
Here is an edited version of mine, if you use EAP-TLS this will work for you:
Code:
network={
ssid="YourAPNameHere"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
identity="[email protected]"
ca_cert="/system/etc/wifi/rootCA.pem"
client_cert="/system/etc/wifi/cert.pem"
private_key="/system/etc/wifi/key.pem"
private_key_passwd="yourPassHere"
priority=20
}
Change ssid, identity, and private_key_passwd to your respective information.
NOTE: priority, near the bottom, determines when it will connect to the network when others are around. Compare it to the values of the priority's set in /data/misc/wifi/wpa_supplicant.conf, the higher the value the higher the priority when they're all within range.
Now save and close the file.
8) Now, we push and reboot:
Code:
adb push wpa_supplicant.conf /system/etc/wifi/
then reboot the nook.
Now, after reboot, it should be good to go!
Notice, one bit of trouble I ran into, if you just get "error" when turning on the wireless after reboot, double-check that your certificates are correct and in the correct places, and wpa_supplicant.conf points at them. If thats fine, try erasing /data/misc/wifi/wpa_supplicant.conf, then reboot, and the list will be rebuilt and your AP will automatically connect.
Please let me know if there are any issues with the instructions, it's 6am and I haven't slept more than 8 hours in the last 3 days troubleshooting this, building kernels and playing Skyrim
reserved for future things
Also of note: I'm working on making this into scripts, don't worry everyone. And, if you bork your wifi, I will have a wireless fix in the works too.
Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers
LacerdaPT said:
Hi
First of all, thanks for this tutorial
I'm pretty sure this should be very straightforward but not to mess this thing up what do I need to change for a network with the following definitions:
Network SSID: eduroam
Security: 802.1x Enterprise
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
Cheers
Click to expand...
Click to collapse
Hey, it's not a problem at all. Pulled from the source here: NookDevs.com wpa_supplicant.conf I built this skeleton here:
Code:
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP
identity="[email protected]"
password="YOUR-PASSWORD"
ca_cert="/system/etc/wifi/cacert.pem"
phase1="peapver=0"
phase2="MSCHAPV2" }
As you can see, you'll need to enter your University email in the identity field and your password in the password field, and if you don't have the needed certificates/password/etc you can get that from your local IT office (I would ask to speak with your network technicians though, helpdesk may not have it). Make SURE to read the instructions in that link, the openssl bit is different than the guide above!
Thanks!
On monday I will try that and will report the outcome.
Cheers
Hi.
It worked like a charm! No problem at all.
Thanks!
Cheers
Awesome! Glad to hear it.
hello guys,
i'm developing an automatic vulnerability scanner/exploiter for android.
i'm adding the cool feature of using the metasploit framework from our android phones, but i'm having a big issue.
i can start the MsfRpcd ( the metasploit daemon ) from a su shell an make it bind to the 127.0.0.1 address.
i can connect to the server using busybox netcat ( no Java though here ).
i can't connect to 127.0.0.1 from the android app! i got ECONNREFUSED.
uff!
after a bit of google i understood that JavaVM have a separate network and it filter out my connection to localhost/127.0.0.1.
how can i connect to a service bind to 127.0.0.1 on my phone from an android app?
this is a jail!
NOTES:
i gave a quick look at iptables -L output, maybe i can make some hack there, but probably i will break the JavaVM network.
thanks in advance!
-- tux_mind
PS:
binding on wifi ip is not an answer.
WORKAROUND:
do not use socket library, use URLConnection:
Code:
u = new URL("http", InetAddress.getLocalHost().getHostAddress(), mPort, "/api/");
huc = u.openConnection();
huc.setDoOutput(true);
huc.setDoInput(true);
huc.setUseCaches(false);
huc.setRequestProperty("Content-Type", "binary/message-pack");
huc.setReadTimeout(0);
huc.getOutputStream().close();
-1 for google
Hey everyone,
I am looking for a way to activate sleep mode of my chromebook manually in order to save battery without having to log out or power off all the time (it's connected to an external display, so closing the lid doesn't trigger it).
So far I found out that calling "powerd_dbus_suspend" from the shell does the trick, but as you can imagine, using the shell and actually typing the command every time is not really a solution.
Is there a way to create a chrome os app that executes this program call, so I can put it in my shelf and just click it to activate sleep?
I'm not really good at .json, maybe there's a way? Or any other suggestions?
Thanks alot!
Markus
I would like to know it too. Anyone?
Sneets said:
Hey everyone,
I am looking for a way to activate sleep mode of my chromebook manually in order to save battery without having to log out or power off all the time (it's connected to an external display, so closing the lid doesn't trigger it).
So far I found out that calling "powerd_dbus_suspend" from the shell does the trick, but as you can imagine, using the shell and actually typing the command every time is not really a solution.
Is there a way to create a chrome os app that executes this program call, so I can put it in my shelf and just click it to activate sleep?
I'm not really good at .json, maybe there's a way? Or any other suggestions?
Thanks alot!
Markus
Click to expand...
Click to collapse
Run a tiny web server like lighttpd in the shell on a weird port, restrict to localhost. Set up index.php to run system (whatever);
Then bookmark the 127.0.0.1: xxxx URL
Which system call invokes power_dbus_suspend?
Thanks Parrotgeek1. Working off your excellent suggestion I installed a lightweight local server on ChromeOS (Web Server for Chrome with the 200 OK! icon) and built a small framework app that is served from local storage. I'm all set up to call chrome.app.??? from my JavaScript. Which API provides the power_dbus_suspend capability? I looked through the Power and System APIs and I don't see anything. - Thanks!
Sneets said:
Hey everyone,
I am looking for a way to activate sleep mode of my chromebook manually in order to save battery without having to log out or power off all the time (it's connected to an external display, so closing the lid doesn't trigger it).
So far I found out that calling "powerd_dbus_suspend" from the shell does the trick, but as you can imagine, using the shell and actually typing the command every time is not really a solution.
Is there a way to create a chrome os app that executes this program call, so I can put it in my shelf and just click it to activate sleep?
I'm not really good at .json, maybe there's a way? Or any other suggestions?
Thanks alot!
Markus
Click to expand...
Click to collapse
Have you tried this simple extension? Keep Awake
https://chrome.google.com/webstore/...lb?utm_source=chrome-app-launcher-info-dialog
What I do is have the shell tab pinned, and press [up arrow] for the command then hit [enter]. Probably not ideal if you use the shell a lot as you have to step through recently used commands.
Re: Pkt_Lnt's post
Thanks Pkt_Lnt. That app only deals with disabling the normal sleep behavior, not causing it, and in particular not causing it when an external monitor is connected. I'm looking for something like Sneets has requested, to invoke a powerd_dbus_suspend command that will force the system to sleep (and turn off an external monitor). Per Parrotgeek1's comment, I've got a little app now sitting on the shelf that is all set to call some system command to invoke powerd_dbus_suspend, only I'm looking for what command to call, from JavaScript.
I managed to find a way to do something similar with the Secure Shell app. During the process of figuring it out, I also found that I was able to create a homescreen shortcut on my Android tablet which when tapped sends a shell command to the Chromebook.
This method might be overkill somewhat, but, anyway, what I did was as follows:
Installed Secure Shell extension; setup sshd on the Chromebook (by making a symlink in /etc/init/ pointing to /usr/share/chromeos-ssh-config/init/openssh-server-conf); rebooted; added public key from ConnectBot (Android app) to ~/.ssh/authorized_keys in order to test connection; setup Android homescreen shortcut to send shell command; created profile in Secure Shell app on Chromebook to connect to [email protected]/my local IP address; generated keys on Chromebook (in ~/.ssh); added generated public key to ~/.ssh/authorized_keys; imported newly-generated private/public key pair within Secure Shell app (one by one); created bookmark link to [email protected] profile in shelf, and, finally, added required command to profile in Secure Shell.
It works well! It looks like any command can be added to the 'Arguments' field in Secure Shell, with the syntax:
Code:
-- thecommand
Although I guess commands that need sudo would require a connection to [email protected], instead of chronos. (-t argument lets you use sudo, but then sending a line break/ENTER seems to be needed)
The window opened with the click does hang around - I haven't figured out if it's possible to avoid this - but it does at least seem to persistently remember the size and position to which it's set.
I posted up some further details at http://nolirium.blogspot.com/shell-command-shelf-shortcut-chromeos.html
Impressive! But a bit more than I'm looking to do
@Nolirum - I read your blogspot doc and your procedure's pretty impressive. Frankly it's a little beyond me and beyond what I'm looking for. If you ever run across a way to invoke powerd_dbus_suspend a little more directly please post here as well. You clearly have a strong grasp of the issues!
Nolirum said:
I managed to find a way to do something similar with the Secure Shell app. During the process of figuring it out, I also found that I was able to create a homescreen shortcut on my Android tablet which when tapped sends a shell command to the Chromebook.
This method might be overkill somewhat, but, anyway, what I did was as follows:
Installed Secure Shell extension; setup sshd on the Chromebook (by making a symlink in /etc/init/ pointing to /usr/share/chromeos-ssh-config/init/openssh-server-conf); rebooted; added public key from ConnectBot (Android app) to ~/.ssh/authorized_keys in order to test connection; setup Android homescreen shortcut to send shell command; created profile in Secure Shell app on Chromebook to connect to [email protected]/my local IP address; generated keys on Chromebook (in ~/.ssh); added generated public key to ~/.ssh/authorized_keys; imported newly-generated private/public key pair within Secure Shell app (one by one); created bookmark link to [email protected] profile in shelf, and, finally, added required command to profile in Secure Shell.
It works well! It looks like any command can be added to the 'Arguments' field in Secure Shell, with the syntax:
Code:
-- thecommand
Although I guess commands that need sudo would require a connection to [email protected], instead of chronos. (-t argument lets you use sudo, but then sending a line break/ENTER seems to be needed)
The window opened with the click does hang around - I haven't figured out if it's possible to avoid this - but it does at least seem to persistently remember the size and position to which it's set.
Click to expand...
Click to collapse
This really is impressive! Thanks for the extremely detailed explanation.
I was able to follow along completely and get the SSH argument "powerd_dbus_suspend" working.
However, I got to thinking. I was wondering if this could be extended to use an alias stored in ~/.bashrc?
After doing some research of my own and using various parameters and arguments, I was unsuccessful.
The goal is to have a linux app (through crouton) be run using xiwi with just a single bookmark by utilizing an alias.
Any thoughts?
UPDATE:
Of course just a few moments later I figured this out! Rather than dealing with an alias stored in ~/.bashrc and ensuring ssh had access, typing the entire alias command as an argument worked. Now I can run Steam directly from a shelf bookmark. All it took was replacing "powerd_dbus_suspend" with "-- sudo enter-chroot xiwi steam" in the argument.
Thanks again!
DandyRandyMarsh said:
This really is impressive! Thanks for the extremely detailed explanation.
I was able to follow along completely and get the SSH argument "powerd_dbus_suspend" working.
Click to expand...
Click to collapse
No problem! I think it's perhaps overly detailed if anything. Might be easier to follow if I cut it down a bit.
DandyRandyMarsh said:
Now I can run Steam directly from a shelf bookmark. All it took was replacing "powerd_dbus_suspend" with "-- sudo enter-chroot xiwi steam" in the argument.
Click to expand...
Click to collapse
Nice!
Adding crouton single app shortcuts is a cool idea which I hadn't considered. Does it work OK for you with sudo in the command, even straight after booting up? ...You didn't have to setup sudoing without a password via sudoers.d or anything?
Inspired by your post I added xiwi to my chroot to try it out. I seem to remember experiencing quite unbearable lag and slowness when running a full desktop via xiwi in the past, but with single apps there doesn't seem to be any noticeable performance hit (this is on an armv7 Asus Flip, with the chroot on a slooow USB drive).
In order to not have to enter my sudo password, in the argument I put:
Code:
-t -- echo mypassword | sudo -S sh /media/removable/3/bin/enter-chroot xiwi firefox
Maybe I'm missing something? Is there a better way, perhaps?
Anyway, since I have rootfs verification switched off, I also tried saving a similar command to a file in /usr/bin, and putting the filename in the argument instead. This works, too, and I suppose could potentially be useful e.g. in the case of needing to run a more convoluted sequence of commands with a shortcut.
Nolirum said:
Adding crouton single app shortcuts is a cool idea which I hadn't considered. Does it work OK for you with sudo in the command, even straight after booting up? ...You didn't have to setup sudoing without a password via sudoers.d or anything?
Click to expand...
Click to collapse
I'm not entirely familiar with exactly how my process worked, but I do not have any sudo password required within shell.
Here's the list of steps I followed allowing me to use sudo commands in the SSH Arguments box.
As a side note, this is the crouton installation I am running on an ASUS c302.
sudo sh ~/Downloads/crouton -r trusty -t unity,touch,xiwi,extension
Setup Bookmarks that Run Shell Commands
1. Installed Secure Shell extension
2. Open crosh with Ctrl+Atl+T
3. Enter Command: shell
4. Enter Command: sudo su -
5. Enter Command: sudo /usr/share/vboot/bin/make_dev_ssd.sh --force --remove_rootfs_verification
6. Enter Command: reboot
7. Let Chrome OS reboot
8. Open crosh with Ctrl+Atl+T
9. Enter Command: shell
10. Enter Command: sudo su -
11. Enter Command: mount –o remount rw /
12. Close current crosh window
13. Open a new crosh with Ctrl+Atl+T
14. Enter Command: shell
15. Enter Command: sudo ln -s /usr/share/chromeos-ssh-config/init/openssh-server.conf /etc/init/openssh-server.conf
16. Enter Command: sudo initctl reload-configuration
17. Enter Command: sudo initctl start openssh-server
18. Enter Command: cd ~/.ssh/
19. Enter Command: ssh-keygen
“Enter file in which…” *LEAVE BLANK*
“Enter passphrase” *LEAVE BLANK*
“Enter same passphrase” * LEAVE BLANK*20. Enter Command: cat /home/chronos/user/.ssh/id_rsa.pub >> /home/chronos/user/.ssh/authorized_keys
21. Enter Command: cp -a /home/chronos/user/.ssh/id_rsa* /home/chronos/user/Downloads
22. Close current crosh terminal and open Secure Shell extension
23. Select [New Connection]
24. Click Import… and select “id_rsa”
25. Click Import… again and select “id_rsa.pub”
26. Enter chronos as the username and localhost as the hostname
27. Enter a shorthand name replacing the text in the top cell “[email protected]”
28. Click Enter. If prompted, enter “yes” to continue connecting
29. Bookmark the page that is open which should end in, "#profile-id:_ _ _ _"
DONE. Now time to add some commands to automate.
Open Secure Shell and select the connection created. In the arguments box, start with two dashes -- and follow it your desired shell command.
Examples:
-- sudo startunity
-- sudo startgnome
-- sudo enter-chroot xiwi steam
-- sudo enter-chroot xiwi wine microWord
Next Steps... Getting Custom Shelf Icons
Now here I am running into some issues. Rather than have all these icons be the same, I was hoping to customize them.
Followed a strategy found on reddit, Change Shelf Icon for Website, but this only works if the site already had an "apple-touch-icon" set. Also, tried to inject the entire code myself which I couldn't get to work. Unfortunately, I think that since this bookmark is created from a Secure Shell, there are some issues.
I have already tried adding in code for this into the site, but it is having no effect. If someone could make this work then we're really looking good here.
DandyRandyMarsh said:
I'm not entirely familiar with exactly how my process worked, but I do not have any sudo password required within shell.
Click to expand...
Click to collapse
Oh, I see what you mean. You are saying that you can sudo in the shell generally, without being prompted for a password, right?
Was that the default setup on your CB (after switching to Dev mode)? Or did you have to configure it manually for passwordless sudoing...
DandyRandyMarsh said:
Here's the list of steps I followed allowing me to use sudo commands in the SSH Arguments box.
Click to expand...
Click to collapse
Nice work summarizing the steps. :highfive: It's probably easier to follow, listed out like that. One slight addendum, perhaps - at step 29, it might be good to clarify the "add to shelf" procedure. Especially because of the following...
DandyRandyMarsh said:
Next Steps... Getting Custom Shelf Icon
Now here I am running into some issues. Rather than have all these icons be the same, I was hoping to customize them.
Click to expand...
Click to collapse
Happily it turns out that, when you add shortcuts to the shelf on Chrome OS like this, a minimal app is created for each one, with its own manifest.json, and icon.pngs. Our shell shortcuts were getting created with blank pngs by default (the black box with P in the center).
So, all we need to do, is get some icons, find the right folder for our shelf shortcut apps, then copy our new icons into them!
For instance, here's how I made a nice shiny icon for my single app shelf shortcut to Firefox.
Prepared icons:
Created a temporary folder in ~/Downloads to store downloaded icons.
Prepared a set of icons in ~/Downloads/firefox. (I downloaded mine from findicons.com).
Six sizes are required - from 32px to 256. To avoid any manifest editing, saved them as *size*.png
e.g. 32.png; 48.png; 64.png; 96.png; 128.png; 256.png
Located folder to copy icons to:
It is easiest to do this directly after clicking "add to shelf"
EITHER:
To change dir into the most recently modified extension icon subfolder automatically, the following one-liner worked for me*.
Code:
shell
cd ~/Extensions/&&cd $(ls -v1td */ | head -1)/*/icons&&ls
A list of blank icons (*.png) should be visible. If so, the new icons can simply be copied over these, e.g..
Code:
sudo cp ~/Downloads/firefox/* .
*YMMV with this particular one-liner - sometimes there's an extra 'temp' folder in ~/Extensions, which stops it working as expected. If you get an error after running the command, simply use the slightly more manual method to locate the folder, as detailed below.
OR:
(slightly more manual method).
Code:
shell
ls -ltr ~/Extensions
Checked the date/times - the most recently added folder is at the bottom. Then,
Code:
cd themostrecentlyaddedfolder
(or, the folder modified at the date/time that the shortcut was "added to shelf"). Then,
Code:
cd */icons
ls
sudo cp ~/Downloads/firefox/* .
I then repeated the above with a new SSH argument and a set of Ubuntu icons, for a custom startxfce4 shortcut, too.
Then just did sudo restart ui, and enjoyed the shiny new shelf icons!
I am hopeful that these changes will get picked up by CrOS's sync, thus getting backed-up and restored automatically. At this point I am not sure if that will be the case, but I don't see why it wouldn't.
Another way?
Another way to approach this, since you're modifying system stuff anyway, might be to edit crosh at /usr/bin/crosh. It's a regular ol' dash/bash shell program, and you can create a shortcut to it on the shelf by opening crosh (ctrl-alt-T), then right click the top right of the browser and select More Tools --> Add to shelf...
Clicking the newly-created link (which looks like an "N") will launch /usr/bin/crosh in a tab. Changing the default behavior of /usr/bin/crosh could accomplish your goal to do whatever you want. With some experimenting, you might even be able to pass arguments to make it do different things depending on how it's opened (via ALT-CTRL-T vs from the shelf-- dunno if it can read the url used to call crosh), but at the very least you could do something like have it run whatever you want it to run if a second modifier key is held down (or if it isn't...), otherwise return to normal operation. A menu w/1 sec timeout could do this as well, ie--
Doing [THE THING YOU WANT] in 2 seconds (press SPACE for crosh)... /
Note there's no proof-of-concept here. Just throwing it out as an idea that I'm pretty sure would work... Someone might even create a neat extension that allows crosh to use scripts/plugins to execute different system operations beyond the stock ones that are built-in via single-clicks... If it worked, it might be a little simplier than via the SSH extension and you wouldn't have to run any extra daemons.
ft
This is probably harder, but a third way, which probably is the "right" way is to see how the crosh extension works and learn about opening the hterm.Terminal instance chrome.terminalprivate object directly, sending it output, and closing it in the same way crosh does it. There's a file in the crosh extension at js/crosh.js that shows the basics of how it's done:
var terminal = new hterm.Terminal(profileName);
And then you can do stuff with it. You could then create an extension that could handle multiple shelf-icons (say by appending ?COMMAND=ls to the URL to do different shell commands(. The security implications for this would probably be huge obviously.
Update: More on embedding hterm is here.
Nolirum said:
I managed to find a way to do something similar with the Secure Shell app. During the process of figuring it out, I also found that I was able to create a homescreen shortcut on my Android tablet which when tapped sends a shell command to the Chromebook.
I posted up some further details at http://nolirium.blogspot.com/shell-command-shelf-shortcut-chromeos.html
Click to expand...
Click to collapse
Nice post - Some good food for thought, changing up the contents of crosh etc directly is an interesting idea.
fattire said:
Another way to approach this, since you're modifying system stuff anyway, might be to edit crosh at /usr/bin/crosh. It's a regular ol' dash/bash shell program, and you can create a shortcut to it on the shelf by opening crosh (ctrl-alt-T), then right click the top right of the browser and select More Tools --> Add to shelf...
Click to expand...
Click to collapse
Interesting! ....Aaaaand, now I've broken crosh. lol. Lucky I had my SSH shortcut setup... (actually, we can still get into the VTs with CtrlAltF2 etc anyway).
Some good potential for experimentation with this, definitely.
fattire said:
This is probably harder, but a third way, which probably is the "right" way is to see how the crosh extension works and learn about opening the hterm.Terminal instance chrome.terminalprivate object directly, sending it output, and closing it in the same way crosh does it. There's a file in the crosh extension at js/crosh.js that shows the basics of how it's done:
Click to expand...
Click to collapse
Again, very interesting. Now you come to mention it, an approach such as this does seem like it might be do-able without too much messing around (maybe)...
Any possible method we can get e.g. an extension to 'talk' to the shell is worth looking into I think; as you say, if we can cut out the middleman (ssh) and maybe do it more elegantly, that might be pretty useful indeed.