2024-01-04

VMs on macOS 14.2 Sonoma

 Turns out VirtualBox is not supported on macOS 14.2 Sonoma. But VMWare Fusion works.

Posted by at No comments:
Labels: , ,

2023-11-29

Lenovo OneCLI 4.3.0 Linux bash completion bug

Lenovo OneCLI 4.3.0 Linux has a bug in its bash completion file. Line 153 should have its hyphens "-" replaced with underscores "_":

ux_check_bmc_account_opts="--bmc --check-trust --never-check-trust --quiet --output --log --nolog --config --help"

Posted by at No comments:
Labels:

2023-11-01

Python packaging example with commandline script and module-level constant

The Python packaging landscape has evolved a bit since setuptools. I wanted to have a ready-made example for a common use case: a Python module that provides one or more commandline scripts, and uses module-level constants.

I based mine on the Python Packaging Tutorial. It’s available on GitHub.

Improvements to be made include specifying requirements.

Posted by at No comments:
Labels: ,

2023-09-09

Notes on building Genomic Data Commons gdc-client

The National Cancer Institute’s Genomic Data Commons (GDC) produces a tool which facilitates data transfer to and from their data repository called gdc-client, which is open sourced on GitHub.

My first pass at building it gave an error while trying to build lxml without Cython:

      building 'lxml.etree' extension

      creating build/temp.linux-x86_64-cpython-311

      creating build/temp.linux-x86_64-cpython-311/src

      creating build/temp.linux-x86_64-cpython-311/src/lxml

      gcc -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -DCYTHON_CLINE_IN_TRACEBACK=0 -I/usr/include/libxml2 -Isrc -Isrc/lxml/includes -I/home/chind/Src/gdc-client/venv/include -I/home/chind/opt/include/python3.11 -c src/lxml/etree.c -o build/temp.linux-x86_64-cpython-311/src/lxml/etree.o -w

      src/lxml/etree.c:289:12: fatal error: longintrepr.h: No such file or directory

        289 |   #include "longintrepr.h"

            |            ^~~~~~~~~~~~~~~

      compilation terminated.

      Compile failed: command '/usr/bin/gcc' failed with exit code 1

The fix was to build and install lxml from source, using Cython. And Cython < 3 is needed, i.e. Cython 0.29.x.

Once lxml 4.4.2 was installed manually, following the gdc-client build instructions was successful, and the gdc-client script was created.

For more detail, see this Gist.

Posted by at No comments:
Labels: , ,

2023-06-06

AlphaFold Singularity bugfix 2.3.2-1

Just released a bugfix for AlphaFold Singularity 2.3.2. Addresses the issue where the --output_dir argument to the run_singularity.py script was not handled correctly. Find the source release at GitHub. A pre-built Singularity image is also available at Sylabs.io.

Posted by at No comments:
Labels: ,

2023-05-29

Linus Tech Tips takes a look at the Nvidia Grace CPU and the Hopper GPU

Nvidia has a new ARM-based CPU which they announced some time ago. Here, Linus Tech Tips takes a look at it at COMPUTEX Taipei 2023. The design is similar to Apple silicon, where CPU and memory are on the same chip. Nvidia does split out the GPU, connected via Nvlink.



Posted by at No comments:
Labels: , ,

2023-05-26

YubiKey U2F on Ubuntu

Basic walk through of setting up U2F with YubiKey on Ubuntu 23.04 (should work on recent versions, as well). This follows the official documentation closely, removing anything not necessary for my particular setup.

N.B. this is different from challenge response, a different multifactor method. YubiKeys support multiple protocols, U2F and challenge response being two of them.

Preliminaries:

  • Ubuntu 23.04
  • YubiKey
    • I used the YubiKey 5 series: 5 NFC, 5 C, and 5 Ci. Where necessary, I used an adapter to plug in the USB-C key into an standard USB-A port.
Steps:
  • Associate YubiKey U2F with your account
    • Creates a line of text in a file containing your username and the 2nd factor string
    • Move the U2F file to a secure location readable only by root
  • Create PAM configs to require U2F for certain authentication operations, e.g. login, sudo

Create two PAM configs. Creating these configs will allow us to include them rather than copying and pasting the same config lines in multiple other PAM configs in /etc/pam.d.

In these configs, we add the “cue” and “interactive” options which will prompt the user to insert the YubiKey and to touch it.

/etc/pam.d/u2f-required will be the configuration to require the YubiKey:

auth required pam_u2f.so authfile=/etc/yubico/u2f_keys cue interactive

/etc/pam.d/u2f-sufficient will be the configuration which allows using only the YubiKey without a password:

auth sufficient pam_u2f.so authfile=/etc/yubico/u2f_keys cue interactive

For the initial setup, also add the following to the "auth" lines in the above config files:

debug debug_file=/var/log/pam_u2f.log

Then, create an empty debug log file to start: 

sudo touch /var/log/pam_u2f.log

CAUTION Best to have a root shell active, in case something goes awry, and you cannot sudo anymore:

normaluser$ sudo bash
#

DO NOT exit this terminal until you are sure at least sudo works. 

Basic idea: in each authentication scenario (i.e. PAM config file) where you want U2F, add the line

@include u2f-required

after the line 

@include common-auth

E.g. require U2F for sudo, modify the files
  • /etc/pam.d/sudo
  • /etc/pam.d/sudo-i
These are the PAM configs I updated in /etc/pam.d:
  • gdm-password -- prompts for YubiKey at GUI login screen
  • login -- prompts for YubiKey at console login
  • polkit-1 -- prompts for YubiKey when running GUI apps requiring sudo, e.g. synaptic
  • su -- prompts for YubiKey for su
  • sudo -- prompts for YubiKey for sudo
  • sudo-i -- prompts for YubiKey for sudo -i
The first one to try should be sudo since it is easy to test. Make the modification, then open a new terminal tab/window, and run a simple sudo command, e.g. "sudo ls -l /tmp". It should prompt you to insert the device, and then to touch it:

normaluser$ sudo ls -l /tmp
[sudo] password for normaluser: 
Insert your U2F device, then press ENTER.
Please touch the device. (The YubiKey should start flashing.)
total xx
[listing of files here]

If that did not work, examine the debug log /var/log/pam_u2f.log Make any adjustments, close out that sudo terminal tab/window, and launch a new one.

Once you are satisfied that everything works, you can remove the “debug debug_file=/var/log/pam_u2f.log” from /etc/pam.d/u2f_required and /etc/pam.d/u2f_sufficient

Minor annoyance: the GUI popup dialog for sudo authentication won’t accept just ENTER when it says “Insert your U2F device, then press ENTER”: you have to type in at least a SPACE for it to register that you have acknowledged the prompt, and are ready to touch the YubiKey.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)