Ninfacyzga-01 Manual

1. Location Logging

1 Location Logging

This document was created by Steven Baltakatei Sandoval on 2020-06-29T12:14Z under a Creative Commons BY-SA 4.0 license. It was updated by Steven Baltakatei Sandoval on 2020-06-30T19:44Z

1.1 Narrative

Ninfacyzga-01 records (logs) its position in time and space using a GPS receiver. The NMEA location data produced by the receiver is converted into the more commonly used GPS data storage formats of GPX and KML. All three types of data are then compressed and encrypted against a set of public keys. The encrypted data is then written to disk. Data produced by the receiver is segmented into 60-second chunks before being processed and written to disk.

1.2 Description

1.2.1 Hardware

Raspberry Pi Zero W

See the OEM webpage for this product.
PiZ UpTime 2.0

See the OEM webpage for this product.

1.2.2 Software

bkgpslog : The bash script that performs the location data collection and processing. Is an executable file contained within this repository at exec/bkgpslog. It should be copied to $HOME/.local/bin.

gpsd : A background daemon app capable of interfacing with the Ozzmaker BerryGPS-IMU's GPS submodule. Installed and initialized by apt.

gpspipe : A command line app that polls gpsd and produces a stream stdout consisting of GPS data lines in NMEA format. Installed via apt.

gpsbabel : A command line app that converts GPS data from one format into another. bkgpslog uses it to convert NMEA data into GPX and KML. Installed via apt.

gzip : A simple command line app that compresses stdin into a smaller stdout stream.

age : A simple command line app that encrypts stdin against public keys specified in its options. Produces encrypted stdout. Is an executable file contained within this repository at exec/age. It should be copied to $HOME/.local/bin.

Narrative

bkgpslog populates a 60-second buffer with NMEA data from gpsd via gpspipe. This buffer is used by gpsbabel to produce GPX and KML versions of the buffer. All 3 buffers are then comprssed with gzip, encrypted with age, and then written to disk.

1.2.3 Output

File Formats
1. NMEA
  
  See the Wikipedia page for this.
2. GPX
  
  See the Wikipedia page for this. WGS84 is the datum used.
3. KML
  
  See the Wikipedia page for this. WGS84 is the datum used.
Encryption Method

Files produced by the bkgpslog script are encrypted against a set of public keys using age, a simple command line encryption tool selected over gpg because of age's deliberate lack of configurability.

The public keys are bech32 strings supplied as options to bkgpslog when called. The secret key should NOT be stored in Ninfacyzga-01.

If a key pair was generated using age-keygen, then it is an X25519 key pair. See the age Version 1 specification.

An ssh-rsa or ssh-ed25519 SSH public key string may be used instead of the bech32 public key string produced by age-keygen for convenience.

Help information for age is available by running $ age --help.
1. Encryption Commands
  Files may be encrypted to several recipients using a command similar to:
```
timeout "60s" gpspipe -r | gpsbabel -i nmea -f - -o gpx -F | age \
-r age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \
-r age1ce3pvzrqfcn2pc6zqzglc8ac8yjk3fzukpy08cesqjjwns53xywqmaq7xw \
-r age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 \
> location.gpx.age
```
  In this example, the strings beginning with age1... are bech32-formatted public key strings.
2. Decryption Commands
  Files may be decrypted using a command similar to:
```
cat location.gpx.age | age -d -i key.txt > location.gpx
```
  The version of age used to perform the encryption

1.3 Operating Procedures

1.3.1 Initial Startup

See OEM (Ozzmaker) quickstart guide for the BerryGPS-IMU.

Physical Setup

BerryGPS-IMU must be electrically connected to the correct pins on the GPIO header of a Raspberry Pi Zero W.

Optional: stack together with PiZ Uptime 2.0 module. No GPIO pins conflict so a simple stacking and soldering with long header pins is possible.
Software Setup
1. Install Executables
  
  Install Raspbian 10 Buster onto an SD card image. See the Raspberry Pi Foundation installation instructions. Configure WiFi to permit log file transfer. Configure SSH to permit remote administration via the command line interface.
  
  Make sure to install the unattended-upgrades package to make sure the latest security patches for packages are installed. See this page for a description of how unattended-upgrades works.
  
  Install gpsd, gpspipe, git, and this repository for location logging capability.
  
  Install syncthing for log file transfer capability.
  
  Place age binary (the one compiled for ARM CPU architecture for Linux) in $HOME/.local/bin.
2. Disable Swap File
  Since standard Raspbian 10 (Buster) install involves copying unencrypted file system image to SD card which is mounted by the Raspberry Pi, system memory may be written to disk in the form of a Swap file as described here. In order to reduce the chance that location log data is ever written to disk, swap file functionality must be disabled¹.
  
  Raspbian 10 uses dphys-swapfile to manage a swap file. It may be disabled persistently² by running the following command:
```
sudo systemctl disable dphys-swapfile.service
```
  To view the status of the swap file in Raspbian 10, run free -m:
```
pi@ninfacyzga-01:~$ free -m
          total    used    free  shared  buff/cache   available
Mem:        432      86      36      21         309         268
Swap:        99       0      99
```
  After disabling the swap file and rebooting:
```
pi@ninfacyzga-01:~$ free -m
          total    used    free  shared  buff/cache   available
Mem:        432      89     214       3         128         289
Swap:         0       0       0
```
3. Automatic Start Configuration
  Edit the user cron job list with $ crontab -e to add the following lines:
```
0 * * * * /bin/bash ~/bkgpslog --output ~/dir

@reboot /bin/bash ~/bkgpslog --output ~/dir
```
  The first line will run bkgpslog at the start of every hour and save output files to the dir directory in your home folder.
  
  The second line will run bkgpslog when the system starts up.
  
  /bin/bash tells cron to run bkgpslog with Bash.
  
  If encryption and compression are required, then the appropriate options must be added. The lines that must be added via $ crontab -e may resemble:
```
0 * * * * /bin/bash ~/bkgpslog -c -e -r age1z2...qkv6p -o ~/dir

@reboot /bin/bash ~/bkgpslog -c -e -r age1z2...qkv6p -o ~/dir
```
  The age1z2...qkv6p is an age public key string. Please see the Key Generation section for an explanation.
  
  The options are:
```
-c : tells bkgpslog to compress output
-e : tells bkgpslog log to encrypt output
-r : tells bkgpslog to interpret the next argument as a pubkey string
-o : tells bkgpslog to write output files to the directory represented
       by the next argument
```
4. Log Transfer Configuration
  
  Log files may be shared to other machines via syncthing. See this manual for how to set up a shared folder and add Ninfacyzga-01 as a device. Syncthing's directory synchronization capability allows a remote machine to delete files from Ninfacyzga-01 by deleting from the shared folder that they both share.
  
  When log files are removed from Ninfacyzga-01 is not within the scope of this document.
5. Key Generation
  An age encryption key may be generated like so:
```
$ umask          # Gets current umask
0022             # Note: This is the default umask for Raspbian 10
$ umask 066      # So key.txt will have no perms except for owner (you)
$ umask          # Confirm umask set to 066
0066
$ age-keygen > key.txt
Public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5
$ ls -al key.txt
-rw------- 1 baltakatei baltakatei 184 Jun 29 18:28 key.txt
$ umask 0022     # Return umask to default value
$ umask          
0022
```
  The resulting public/private keypair data looks like:
```
$ cat key.txt
# created: 2020-06-29T18:01:56Z
# public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5
AGE-SECRET-KEY-1NEUU5U2XGZGL9UYWNPU5DL99TGJJHFSN4F2E2WCCSDJJ6L5ZMLESNTVTU0
```
  The file key.txt is not password-protected by default and should be secured like an SSH public key should. The $ umask 066 command run before the $ age-keygen > key.txt command ensures key.txt will not be readable, writeable, or executable to anyone except the owner (you).

1.3.2 Normal Startup

Turn on Ninfacyzga-01 by supplying 5VDC power to the Raspberry Pi. No further interaction should be required.

1.3.3 Normal Operation

No interaction beyond continually supplying approximately 100mA of 5VDC power and occasionally removing log files to conserve disk space is required.

Log Transfer

Log files may be transferred by use of syncthing shared folders.
Automatic Updates

The automatic-upgrades package, if installed, should automatically install security patches to packages installed via apt.

1.3.4 Normal Shutdown

The system may be shutdown via SSH by running:

$ sudo shutdown -r 0

1.3.5 Unscheduled Shutdown

Ninfacyzga-01 as described and setup should tolerate unscheduled power loss. Log files being written every 60 seconds means, at most, 60 seconds worth of location data may be lost.

1.3.6 End of Life Disposal

LiPo batteries used by the PiZ Uptime 2.0 module should be disposed of properly with their potential ignitability in mind, especially if they are not fully discharged.

Consult your local municipality for its "E-Waste Disposal" (or equivalent) policy. Metals used in the Raspberry Pi and related components may be recycled.

Take extra precuation if lead solder was used in assembling the electronics. Consumer electronics in early 21st century should use lead-free solder.

Footnotes:

Explanation: https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/

Persistant disabling of swap in Raspbian 10 Buster: https://www.raspberrypi.org/forums/viewtopic.php?p=1490692&sid=5c596a124b7805d6b10dab8d3d7caf16#p1490692