From: Steven Baltakatei Sandoval Date: Tue, 13 Oct 2020 18:38:03 +0000 (+0000) Subject: Merge branch 'develop' into feature/time-server/EVA-2020-02 X-Git-Url: https://zdv2.bktei.com/gitweb/EVA-2020-02.git/commitdiff_plain/2d61e0ec29e21386608cc446e6dc5a5ba01d5a6d?hp=d50056c252de758c21e28606056de58d64b55950 Merge branch 'develop' into feature/time-server/EVA-2020-02 --- diff --git a/doc/location/README.org b/doc/location/README.org index 7f13e64..4bbecfd 100644 --- a/doc/location/README.org +++ b/doc/location/README.org @@ -1,10 +1,12 @@ * Location Logging -This document was created by Steven Baltakatei Sandoval on -~2020-06-29T12:14Z~ under a [[https://creativecommons.org/licenses/by-sa/4.0/][Creative Commons BY-SA 4.0 license]]. It -was updated by Steven Baltakatei Sandoval on ~2020-07-23T21:49Z~ #+TITLE: Ninfacyzga-01 Manual #+AUTHOR: Steven Baltakatei Sandoval #+EMAIL: baltakatei@gmail.com +** About +This document was created by Steven Baltakatei Sandoval on +~2020-06-29T12:14Z~ under a [[https://creativecommons.org/licenses/by-sa/4.0/][Creative Commons BY-SA 4.0 license]]. It +was updated by Steven Baltakatei Sandoval on ~2020-10-08T18:14Z~ + ** Narrative Ninfacyzga-01 records (logs) its position in time and space using a [[https://en.wikipedia.org/wiki/Satellite_navigation_device][GPS receiver]]. The NMEA location data produced by the receiver is @@ -82,75 +84,11 @@ See the [[https://en.wikipedia.org/wiki/Keyhole_Markup_Language][Wikipedia page] may be converted to this format using ~gpsbabel~. **** Encryption Method -Files produced by the bkgpslog script are encrypted against a set of -public keys using [[https://github.com/FiloSottile/age][~age~]], a simple command line encryption tool -selected over ~gpg~ because of ~age~'s deliberate lack of -configurability. - -The public keys are bech32 strings supplied as options to bkgpslog -when called. The secret key should *NOT* be stored in Ninfacyzga-01. - -If a key pair was generated using ~age-keygen~, then it is an [[https://en.wikipedia.org/wiki/Curve25519][~X25519~]] -key pair. See the [[https://age-encryption.org/v1][~age~ Version 1 specification]]. - -An ~ssh-rsa~ or ~ssh-ed25519~ SSH public key string may be used instead of -the bech32 public key string produced by ~age-keygen~ for convenience. - -Help information for ~age~ is available by running ~$ age --help~. -***** Encryption Commands -****** Encryption through ~age~ -In order to illustrate how ~bklog~ encrypts files, below is an example -command illustrating how ~age~ may be used to encrypt a file. - -#+BEGIN_EXAMPLE -$ echo "asdf" | age -r \ -age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \ -> "$HOME/secret_file" -#+END_EXAMPLE - -The resulting ~secret-file~ is a binary blob with a plaintext header -indicating how the blob was encrypted (which version of age was used, -which public key was used). - -****** Encryption through ~bklog~ -~bklog~ may instructed to encrypt files via the ~-e~ and ~-r [pubkey -string]~ options. An example is shown below: - -#+BEGIN_EXAMPLE -$ gpspipe -r | bklog -e \ --r age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \ --r age1ce3pvzrqfcn2pc6zqzglc8ac8yjk3fzukpy08cesqjjwns53xywqmaq7xw \ --r age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 \ --o "$HOME/Location" -#+END_EXAMPLE - -~bklog~ may be instructed via the ~-e~ and ~-R~ options to watch a -directory in order to locate public key strings in its files. ~bklog~ -reads the first line of each file and interprets it as a public key -string. - -In this example, the strings beginning with ~age1...~ are -bech32-formatted public key strings. Please see the [[*Key Generation][Key Generation]] -section for an explanation. - -Since ~age~ also accepts ~ssh~ public key strings, these may also be -used if they are of the following form (no comment). - -: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA…AACAQDLnJbPs7CjwPT+OxXd - -***** Decryption Commands -Files may be decrypted using a command similar to: - -#+BEGIN_EXAMPLE -cat location.gpx.age | age -d -i key.txt > location.gpx -#+END_EXAMPLE - -The version of ~age~ used to perform the encryption +See [[file:../setup/README.org][Main Setup]] procedures. ** Operating Procedures *** Initial Startup See OEM (Ozzmaker) [[https://ozzmaker.com/berrygps-berrygps-imu-quick-start-guide/][quickstart guide for the BerryGPS-IMU]]. - **** Physical Setup BerryGPS-IMU must be electrically connected to the correct pins on the @@ -162,65 +100,43 @@ possible. **** Software Setup ***** Install Executables +Follow the [[file:../setup/README.org][Main Setup]] procedures to obtain required files from this +repository. -Install Raspbian 10 Buster onto an SD card image. See the Raspberry Pi -Foundation [[https://www.raspberrypi.org/documentation/installation/installing-images/README.md][installation instructions]]. Configure WiFi to permit log -file transfer. Configure SSH to permit remote administration via the -command line interface. +Install ~gpsd~, ~gpsd-clients~, and ~gpsbabel~. -Make sure to install the ~unattended-upgrades~ package to make sure -the latest security patches for packages are installed. See [[https://linux-audit.com/using-unattended-upgrades-on-debian-and-ubuntu/][this page]] -for a description of how ~unattended-upgrades~ works. +: $ sudo apt install gpsd gpsd-clients gpsbabel -Install ~gpsd~, ~gpspipe~, ~git~, and this repository for location -logging capability. +***** Setup Serial for BerryGPS +The Ozzmaker BerryGPS-IMU unit requires that the serial console be +disabled and the serial port enabled. (see [[https://ozzmaker.com/berrygps-setup-guide-raspberry-pi/][ref]]). -Install ~syncthing~ for log file transfer capability. +: $ sudo raspi-config -Place ~age~ binary (the one compiled for ARM CPU architecture for -Linux) in ~$HOME/.local/bin~. +Navigate to ~5 Interfacing Options~, then ~P6 Serial~. -***** Disable Swap File -Since standard Raspbian 10 (Buster) install involves copying -unencrypted file system image to SD card which is mounted by the -Raspberry Pi, system memory may be written to disk in the form of a -Swap file as described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that -location log data is ever written to disk, swap file functionality -must be disabled[fn:ideaheap_20130731_disableswap]. +When prompted "Would you like a login shell to be accessible over +serial?", answer ~No~. -Raspbian 10 uses dphys-swapfile to manage a swap file. It may be -disabled persistently[fn:rpf_20190702_disableswappersist] by running -the following command: +When prompted "Would you like the serial port hardware to be +enabled?", answer ~Yes~. -: sudo systemctl disable dphys-swapfile.service +***** Configure ~gpsd~ +~gpsd~ needs to know which serial port to look at for NMEA location +data generated by the GPS unit. This can be done by modifying the +~gpsd~ configuration file at ~/etc/default/gpsd~. -To view the status of the swap file in Raspbian 10, run ~free -m~: +: sudo nano /etc/default/gpsd -#+BEGIN_EXAMPLE -pi@ninfacyzga-01:~$ free -m - total used free shared buff/cache available -Mem: 432 86 36 21 309 268 -Swap: 99 0 99 -#+END_EXAMPLE - -After disabling the swap file and rebooting: +Change -#+BEGIN_EXAMPLE -pi@ninfacyzga-01:~$ free -m - total used free shared buff/cache available -Mem: 432 89 214 3 128 289 -Swap: 0 0 0 -#+END_EXAMPLE +: DEVICES="" -[fn:ideaheap_20130731_disableswap] Explanation: -https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/ +to -[fn:rpf_20190702_disableswappersist] Persistant disabling of swap in -Raspbian 10 Buster: -https://www.raspberrypi.org/forums/viewtopic.php?p=1490692&sid=5c596a124b7805d6b10dab8d3d7caf16#p1490692 +: DEVICES="/dev/serial0" ***** Automatic Start Configuration - It is recommended to create a daily ~cron~ job that executes a bash script that starts ~bklog~ jobs to record location along with other types of data recording. An example of such a script is below: @@ -285,6 +201,8 @@ In the example script, the options are: : environment variable. ***** Log Transfer Configuration +See [[file:../setup/README.org][Main Setup]] procedures. + Log files may be shared to other machines via ~syncthing~. See [[https://docs.syncthing.net/][this]] manual for how to set up a shared folder and add Ninfacyzga-01 as a device. Syncthing's directory synchronization capability allows a @@ -295,35 +213,7 @@ When log files are removed from Ninfacyzga-01 is not within the scope of this document. ***** Key Generation -An ~age~ encryption key may be generated like so: -#+BEGIN_EXAMPLE -$ umask # Gets current umask -0022 # Note: This is the default umask for Raspbian 10 -$ umask 066 # So key.txt will have no perms except for owner (you) -$ umask # Confirm umask set to 066 -0066 -$ age-keygen > key.txt -Public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 -$ ls -al key.txt --rw------- 1 baltakatei baltakatei 184 Jun 29 18:28 key.txt -$ umask 0022 # Return umask to default value -$ umask -0022 -#+END_EXAMPLE - -The resulting public/private keypair data looks like: -#+BEGIN_EXAMPLE -$ cat key.txt -# created: 2020-06-29T18:01:56Z -# public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 -AGE-SECRET-KEY-1NEUU5U2XGZGL9UYWNPU5DL99TGJJHFSN4F2E2WCCSDJJ6L5ZMLESNTVTU0 -#+END_EXAMPLE - -The file ~key.txt~ is not password-protected by default and should be -secured like an SSH public key should. The ~$ umask 066~ command run -before the ~$ age-keygen > key.txt~ command ensures ~key.txt~ will not -be readable, writeable, or executable to anyone except the owner -(you). +See [[file:../setup/README.org][Main Setup]] procedures. *** Normal Startup Turn on Ninfacyzga-01 by supplying 5VDC power to the Raspberry Pi. No @@ -347,14 +237,4 @@ Ninfacyzga-01 as described and setup should tolerate unscheduled power loss. Log files being written every 60 seconds means, at most, 60 seconds worth of location data may be lost. *** End of Life Disposal -LiPo batteries used by the PiZ Uptime 2.0 module should be disposed of -properly with their potential ignitability in mind, especially if they -are not fully discharged. - -Consult your local municipality for its "E-Waste Disposal" (or -equivalent) policy. Metals used in the Raspberry Pi and related -components may be recycled. - -Take extra precuation if lead solder was used in assembling the -electronics. Consumer electronics in early 21st century should use -lead-free solder. +See [[file:../setup/README.org][Main Setup]] procedures. diff --git a/doc/setup/README.org b/doc/setup/README.org new file mode 100644 index 0000000..7c5b63a --- /dev/null +++ b/doc/setup/README.org @@ -0,0 +1,381 @@ +#+TITLE:Ninfacyzga-01 Setup +#+AUTHOR:Steven Baltakatei Sandoval +#+EMAIL:baltakatei@gmail.com +* Main Setup +** About +This document created by [[http://baltakatei.com][Steven Baltakatei Sandoval]] on +~2020-10-07T18:39Z~ under a [[http://creativecommons.org/licenses/by-sa/4.0/][CC BY-SA 4.0]] license and last updated on +~2020-10-08T00:50Z~. + +This document contains information regarding setup of the +ninfacyzga-01 hardware common to all operation modes. This includes: + +- Raspberry OS installation +- WiFi configuration +- Remote SSH login configuration + +** Scope +This document describes hardware and software installation steps +common to the various environmental sensing functions of +ninfacyzga-01. + +** Narrative +The Raspberry Pi Zero W is the platform in which environment data is +gathered, packaged, and stored for further forwarding to a remote +repository. The Raspberry OS 10 operating system is used. The device +may be equipped with a UPS module in order to allow it to function as +a mobile device for short periods of time. The system may use +executables such as ~bklog~ to append segments of observed compressed +(~gzip~) encrypted (~age~) data to a ~tar~ archive to local disk. This +document describes hardware and software configuration procedures +generally required by all environment sensing operations. + +** Description +*** Hardware +**** Raspberry Pi Zero W +See the [[https://www.raspberrypi.org/pi-zero-w/][OEM]] webpage for this product. +**** PiZ UpTime 2.0 +See the [[https://alchemy-power.com/piz-uptime-2-0/][OEM]] webpage for this product. + +*** Software +~bklog~ : A bash script that saves its stdin stream to a tar file. The +file may be compressed by ~gzip~ and encrypted by ~age~. It is an +executable file contained within this repository at ~exec/bklog~. It +should be copied to ~$HOME/.local/bin~. + +~bkgpslog~ : A legacy bash script similar to ~bklog~ but narrower in +scope in that it only records output from ~gpspipe~. + +~gzip~ : A simple command line app that compresses stdin into a +smaller stdout stream. + +~age~ : A simple command line app that encrypts stdin against public +keys specified in its options. Produces encrypted stdout. Is an +executable file contained within this repository at ~exec/age~. It +should be copied to ~$HOME/.local/bin~. + +*** Output +**** Encryption Method +Files produced by the bklog script are encrypted against a set of +public keys using [[https://github.com/FiloSottile/age][~age~]], a simple command line encryption tool +selected over ~gpg~ because of ~age~'s deliberate lack of +configurability. + +The public keys are bech32 strings supplied as options to bkgpslog +when called. The secret key should *NOT* be stored in Ninfacyzga-01. + +If a key pair was generated using ~age-keygen~, then it is an [[https://en.wikipedia.org/wiki/Curve25519][~X25519~]] +key pair. See the [[https://age-encryption.org/v1][~age~ Version 1 specification]]. + +An ~ssh-rsa~ or ~ssh-ed25519~ SSH public key string may be used instead of +the bech32 public key string produced by ~age-keygen~ for convenience. + +Help information for ~age~ is available by running ~$ age --help~. +***** Encryption Commands +****** Encryption through ~age~ +In order to illustrate how ~bklog~ encrypts files, below is an example +command illustrating how ~age~ may be used to encrypt a file. + +#+BEGIN_EXAMPLE +$ echo "asdf" | age -r \ +age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \ +> "$HOME/secret_file" +#+END_EXAMPLE + +The resulting ~secret-file~ is a binary blob with a plaintext header +indicating how the blob was encrypted (which version of age was used, +which public key was used). + +****** Encryption through ~bklog~ +~bklog~ may instructed to encrypt files via the ~-e~ and ~-r [pubkey +string]~ options. An example is shown below: + +#+BEGIN_EXAMPLE +$ gpspipe -r | bklog -e \ +-r age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \ +-r age1ce3pvzrqfcn2pc6zqzglc8ac8yjk3fzukpy08cesqjjwns53xywqmaq7xw \ +-r age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 \ +-o "$HOME/Location" +#+END_EXAMPLE + +~bklog~ may be instructed via the ~-e~ and ~-R~ options to watch a +directory in order to locate public key strings in its files. ~bklog~ +reads the first line of each file and interprets it as a public key +string. + +In this example, the strings beginning with ~age1...~ are +bech32-formatted public key strings. Please see the [[*Key Generation][Key Generation]] +section for an explanation. + +Since ~age~ also accepts ~ssh~ public key strings, these may also be +used if they are of the following form (no comment). + +: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABA…AACAQDLnJbPs7CjwPT+OxXd + +***** Decryption Commands +Files may be decrypted using a command similar to: + +#+BEGIN_EXAMPLE +cat location.gpx.age | age -d -i key.txt > location.gpx +#+END_EXAMPLE + +The version of ~age~ used to perform the encryption + +** Operating Procedures +*** Initial Startup +**** Physical Setup +The device should be supplied with 5V power and an SD card with the +latest Raspberry Pi OS image installed. As of 2020-10-07, this will be +version 10 (e.g. Raspbian Buster 10). + +No additional hardware (ex: GPS module, UPS module, thermocouples) is +required to perform actions described in this document + +**** Software Setup +***** Install Operating System +Install Raspberry Pi OS onto an SD card image. See the Raspberry Pi +Foundation [[https://www.raspberrypi.org/documentation/installation/installing-images/README.md][installation instructions]]. + +Note: "Raspberry Pi OS" is the name used by the Raspberry Pi +Foundation to refer to their operating system images to be installed +on Raspberry Pi hardware. The change was made in order to facilitate +education of beginners not familiar with the wordplay between +"Raspberry" and "Debian". See [[https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=275380&sid=1a468f226394ccddf4654a3d3d90cb7d#p1668466][this]] forum post made on 2020-05-28 by +plugwash. + +***** Configure Wireless +Configure WiFi in order to permit file transfer and remote +administration. For a Raspberry Pi W, the WiFi settings may be +programmed via a specific text file in the `boot` partition of a +freshly installed image of Raspberry OS. Raspberry Pi Foundation +instructions [[https://www.raspberrypi.org/documentation/configuration/wireless/headless.md][here]]. + +In summary, create a ~wpa_supplicant.conf~ file containing the +following text: +#+BEGIN_EXAMPLE +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +country=US + +network={ + ssid="" + psk="" +} +#+END_EXAMPLE + +Replace ~~ with your WiFi network's SSID. + +Replace ~~ with your WiFi network's +passphrase. +***** Enable Remote SSH Login +Configure SSH to permit remote administration via the command line +interface. Raspberry Pi Foundation instructions [[https://www.raspberrypi.org/documentation/remote-access/ssh/README.md][here]]. + +In summary, remote SSH access may be enabled upon initial startup of a +freshly installed image of Raspberry Pi OS by making sure an empty +file named ~ssh~ is present on the ~boot~ partition. + +***** Add SSH public key +If the use has an SSH public key, it may be added as a line in +~~/.ssh/authorized_keys~. + +Follow [[https://superuser.com/a/925859/][these]] directions to set permissions. + +: $ chmod 700 ~/.ssh +: $ chmod 644 ~/.ssh/authorized_keys + +***** Change default passphrase +The default username is ~pi~ and the default passphrase is +~raspberry~. Change them to something unique. + +: $ passwd + +***** Update software +Update software with distribution repository. + +: $ sudo apt update +: $ sudo apt upgrade -y +: $ sudo apt dist-upgrade -y + +***** Change time zone +The time zone should be set to "UTC" for simplicity. + +: $ sudo raspi-config + +Navigate to ~4 Localisation Options~, ~I2 Change Time Zone~, ~None of the above~, ~UTC~. + +***** Update hostname +A unique hostname is required to uniquely identify the device on the +network. + +Start up the Raspberry Pi Software Configuration Tool by running: +: $ sudo raspi-config + +- Select `2 Network Options` +- Select `N1 Hostname` + +This document recommends a hostname beginning with the prefix: +: ninfacyzga-1- + +An example hostname would be ~ninfacyzga-1-2~. + +***** Install software +****** ~unattended-upgrades~ +Make sure to install the ~unattended-upgrades~ package to make sure +the latest security patches for packages are installed. See [[https://linux-audit.com/using-unattended-upgrades-on-debian-and-ubuntu/][this page]] +for a description of how ~unattended-upgrades~ works. + +The configuration file is located at: +~/etc/apt/apt.conf.d/50unattended-upgrades~ ([[https://linux-audit.com/using-unattended-upgrades-on-debian-and-ubuntu/][ref]]). Make sure that the +following lines are present and not commented out. + +#+BEGIN_EXAMPLE +Unattended-Upgrade::Automatic-Reboot "true"; +#+END_EXAMPLE + +****** ~syncthing~ +Install ~syncthing~ for log file transfer capability. + +: $ sudo apt install syncthing + +Enable automatic startup. (See [[https://docs.syncthing.net/users/autostart.html][ref]]). + +: $ sudo systemctl enable syncthing@pi.service +: $ sudo systemctl start syncthing@pi.service + +The WebUI of the local instance of syncthing (port 8384) can be +accessed by running the following command from a separate machine: + +: $ ssh -L 127.0.0.1:8390:127.0.0.1:8384 pi@ninfacyzga-1-x + +Then, the separate machine should navigate to ~localhost:8390~ in a +web browser in order to change the ninfacyzga-1 device's +configuration. The separate machine's Syncthing configuration options +are accessible via its own web browser via ~localhost:8384~. + +****** ~git~ +~git~ facilitates downloading files from this repository to the +device. It may be installed via: + +: $ sudo apt install git + +****** ninfacyzga-01 git repository +Create the directory ~/git-OC/~ . Within this directory, run the +following commands to clone the ~ninfacyzga-01~ git repository: +: $ git clone https://zdv2.bktei.com/gitweb/ninfacyzga-01.git +: $ cd ninfacyzga-01 + +Check out the ~develop~ branch (if the latest changes are desired over +those of the ~master~ branch). +: $ git checkout --track origin/develop + +****** ~age~ +~age~ is required for encrypting data at rest. + +Place ~age~ binary (the one compiled for ARM CPU architecture for +Linux) in ~$HOME/.local/bin~. A copy of binary may be found within the +~exec~ directory. + +: $ mkdir ~/.local/bin +: $ cp exec/age ~/.local/bin/ + +***** Disable Swap File +Since standard Raspberry OS 10 install involves copying unencrypted +file system image to SD card which is mounted by the Raspberry Pi, +system memory may be written to disk in the form of a Swap file as +described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that location log data +is ever written to disk, swap file functionality must be +disabled[fn:ideaheap_20130731_disableswap]. + +Raspbian 10 uses dphys-swapfile to manage a swap file. It may be +disabled persistently[fn:rpf_20190702_disableswappersist] by running +the following command: + +: sudo systemctl disable dphys-swapfile.service + +To view the status of the swap file in Raspbian 10, run ~free -m~: + +#+BEGIN_EXAMPLE +pi@ninfacyzga-01:~$ free -m + total used free shared buff/cache available +Mem: 432 86 36 21 309 268 +Swap: 99 0 99 +#+END_EXAMPLE + +After disabling the swap file and rebooting: + +#+BEGIN_EXAMPLE +pi@ninfacyzga-01:~$ free -m + total used free shared buff/cache available +Mem: 432 89 214 3 128 289 +Swap: 0 0 0 +#+END_EXAMPLE + +[fn:ideaheap_20130731_disableswap] Explanation: +https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/ + +[fn:rpf_20190702_disableswappersist] Persistant disabling of swap in +Raspbian 10 Buster: +https://www.raspberrypi.org/forums/viewtopic.php?p=1490692&sid=5c596a124b7805d6b10dab8d3d7caf16#p1490692 + +***** Log Transfer Configuration +Log files may be shared to other machines via ~syncthing~. See [[https://docs.syncthing.net/][this]] +manual for how to set up a shared folder and add Ninfacyzga-01 as a +device. Syncthing's directory synchronization capability allows a +remote machine to delete files from Ninfacyzga-01 by deleting from the +shared folder that they both share. + +When log files are removed from Ninfacyzga-01 is not within the scope +of this document. +***** Key Generation +An ~age~ encryption key may be generated like so: +#+BEGIN_EXAMPLE +$ umask # Gets current umask +0022 # Note: This is the default umask for Raspbian 10 +$ umask 066 # So key.txt will have no perms except for owner (you) +$ umask # Confirm umask set to 066 +0066 +$ age-keygen > key.txt +Public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 +$ ls -al key.txt +-rw------- 1 baltakatei baltakatei 184 Jun 29 18:28 key.txt +$ umask 0022 # Return umask to default value +$ umask +0022 +#+END_EXAMPLE + +The resulting public/private keypair data looks like: +#+BEGIN_EXAMPLE +$ cat key.txt +# created: 2020-06-29T18:01:56Z +# public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 +AGE-SECRET-KEY-1NEUU5U2XGZGL9UYWNPU5DL99TGJJHFSN4F2E2WCCSDJJ6L5ZMLESNTVTU0 +#+END_EXAMPLE + +The file ~key.txt~ is not password-protected by default and should be +secured like an SSH public key should. The ~$ umask 066~ command run +before the ~$ age-keygen > key.txt~ command ensures ~key.txt~ will not +be readable, writeable, or executable to anyone except the owner +(you). + +*** Normal Startup +*** Normal Operation +*** Normal Shutdown +*** Unscheduled Shutdown +*** End of Life Disposal +See [[file:../setup/README.org][Main Setup]] procedures. + +LiPo batteries used by the PiZ Uptime 2.0 module should be disposed of +properly with their potential ignitability in mind, especially if they +are not fully discharged. + +Consult your local municipality for its "E-Waste Disposal" (or +equivalent) policy. Metals used in the Raspberry Pi and related +components may be recycled. + +Take extra precuation if lead solder was used in assembling the +electronics. Consumer electronics in early 21st century should use +lead-free solder. + + + diff --git a/exec/age/age-v1.0.0-beta2-linux-arm/age b/exec/age/age-v1.0.0-beta2-linux-arm/age new file mode 100755 index 0000000..d529bb4 Binary files /dev/null and b/exec/age/age-v1.0.0-beta2-linux-arm/age differ diff --git a/exec/age/age-v1.0.0-beta2-linux-arm/age-keygen b/exec/age/age-v1.0.0-beta2-linux-arm/age-keygen new file mode 100755 index 0000000..3d339ac Binary files /dev/null and b/exec/age/age-v1.0.0-beta2-linux-arm/age-keygen differ diff --git a/exec/bklog b/exec/bklog index e0bb57f..afb73be 100644 --- a/exec/bklog +++ b/exec/bklog @@ -11,7 +11,7 @@ dirTmpDefault="/dev/shm"; # Default parent of working directory # Script Metadata scriptName="bklog"; # Define basename of script file. -scriptVersion="0.1.30"; # Define version of script. +scriptVersion="0.1.32"; # Define version of script. scriptURL="https://gitlab.com/baltakatei/ninfacyzga-01"; # Define website hosting this script. scriptTimeStartEpoch="$(date +%s)"; # Save start time of script in epoch seconds scriptTimeStart="$(date +%Y%m%dT%H%M%S.%N)"; # YYYYmmddTHHMMSS.NNNNNNNNN @@ -58,7 +58,7 @@ processArguments() { -p | --process-string) optionProcString="true" && argProcStrings+=("$2") && argProcFileExts+=("$3") && vbm "STATUS:file extension \"$3\" for output of processing string added:\"$2\""; shift; shift;; -l | --label) optionLabel="true" && argLabel="$2"; vbm "DEBUG :Custom label received:$argLabel"; shift;; -w | --store-raw) optionStoreRaw="true" && argRawFileExt="$2"; vbm "DEBUG :Raw stdin file extension received:$argRawFileExt"; shift;; - -W | --no-store-raw) optionNoStoreRaw="true"; vbm "DEBUG :Option selected to not store raw stdin data."; shift;; + -W | --no-store-raw) optionNoStoreRaw="true"; vbm "DEBUG :Option selected to not store raw stdin data.";; *) yell "ERROR: Unrecognized argument: $1"; yell "STATUS:All arguments:$*"; exit 1;; # Handle unrecognized options. esac shift diff --git "a/ref/age \342\200\224 A simple file encryption tool & format.odt" "b/ref/age \342\200\224 A simple file encryption tool & format.odt" new file mode 100644 index 0000000..eecb95e Binary files /dev/null and "b/ref/age \342\200\224 A simple file encryption tool & format.odt" differ diff --git "a/ref/age \342\200\224 A simple file encryption tool & format.pdf" "b/ref/age \342\200\224 A simple file encryption tool & format.pdf" new file mode 100644 index 0000000..7acaed7 Binary files /dev/null and "b/ref/age \342\200\224 A simple file encryption tool & format.pdf" differ