TCB13

Members
  • Content Count

    23
  • Joined

  • Last visited

About TCB13

  • Rank
    Member

Profile Information

  • Gender
    Male
  • Location
    Portugal

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You can follow this to know what's been going on :
  2. @Igor is there an estimate on when the NanoPi M4v2 image will show on the downloads page? Thank you in advance.
  3. TCB13

    AppArmor

    @martinayotte I decided to switch to the Debian kernel and the exact same config worked right after a reboot. Although Ubuntu is the OS that brags about using Apparmor by default looks like on ARM Debian works much better.
  4. TCB13

    AppArmor

    Thanks for the answer, here is the result: root@nanopineo2:~# grep APPARMOR /boot/config-* CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set # CONFIG_DEFAULT_SECURITY_APPARMOR is not set CONFIG_SECURITY_APPARMOR is set to y. Shouldn't it work out of the box with my changes to /boot/armbianEnv.txt ?
  5. TCB13

    AppArmor

    Links above seem dead. I tried to get Apparmor to run in a Nanopi Neo 2 (18.04.1 LTS 4.19.13-sunxi64) as: apt install apparmor echo "extraargs=apparmor=1 security=apparmor" >> /boot/armbianEnv.txt update-initramfs -u reboot However after the reboot I still get: root@nanopineo2:~# service apparmor status ● apparmor.service - AppArmor initialization Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled) Active: inactive (dead) Condition: start condition failed at Sat 2019-01-26 16:10:54 UTC; 4min 55s ago └─ ConditionSecurity=apparmor was not met Docs: man:apparmor(7) http://wiki.apparmor.net/ I'm not much versed in this, do I need to compile a new kernel to enable AppArmor or, in theory my changes were enough? Thank you.
  6. TCB13

    NanoPI M4

    Great, where did you get 4.20 from? Is there a link for it?
  7. TCB13

    NanoPI M4

    @littlema can you try ethtool -K eth0 rx off tx off with the built in network adaptor and see if it helps? Check my answer here to survive reboots https://unix.stackexchange.com/a/495378/23085 .
  8. TCB13

    NanoPI M4

    @Igor just found out the source of my problems. It's the on-board network. I just added a cheap USB 3 to Ethernet adaptor and I'm able to download files without issues at all. Maybe there is some strange bug with the driver for the built in network? However I don't get why it only manifests itself on HTTPS, other protocols such as SSH work just fine. Thank you all. ---------------- Update: I manage to find out that this issues are caused by TCP offloading. Disabling it with `ethtool -K eth0 rx off tx off` fixed the issue, no more errors on downloads.
  9. TCB13

    NanoPI M4

    I did have the same issue with downloads using wget on the device itself. It was fixed by an update 2 days ago (cleaned log bellow) I've no idea about which package update fixed the issue locally. libsystemd0:arm64 (232-25+deb9u7) over (232-25+deb9u6) libnss-myhostname:arm64 (232-25+deb9u7) over (232-25+deb9u6) libpam-systemd:arm64 (232-25+deb9u7) over (232-25+deb9u6) systemd (232-25+deb9u7) over (232-25+deb9u6) udev (232-25+deb9u7) over (232-25+deb9u6) libudev1:arm64 (232-25+deb9u7) over (232-25+deb9u6) systemd-sysv (232-25+deb9u7) over (232-25+deb9u6) php7.3-zip (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-intl (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-readline (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-mysql (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-xml (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-opcache (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-curl (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-imap (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-json (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-mbstring (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) php7.3-cli (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) libapache2-mod-php7.3 (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f)] php7.3-common (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f) linux-dtb-rk3399 (5.70) over (5.65) update-initramfs: Deleting /boot/initrd.img-4.4.162-rk3399 Removing obsolete file uInitrd-4.4.162-rk3399 linux-image-rk3399 (5.70) over (5.65) linux-stretch-root-nanopim4 (5.70) over (5.65) linux-u-boot-nanopim4-default (5.70) over (5.65) php7.3 (7.3.1-1+0~20190113101756.25+stretch~1.gbp15aaa9) over (7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f)
  10. TCB13

    NanoPI M4

    Thank you for the answer, however if you look closely at my apache config I was trying to get the file from the eMMC card (because I was afraid of those issues you are taking about). I only had the SSL certifications on external media. Also tried with the certificates on the eMMC, same issue. I don't think its an USB3 issue because if I get a 10GB file stored on a USB disk via SCP it works just fine. Another strange thing: if I wget the file on the device itself it works fine, it doesn't stop, so maybe a network issue and the OpenSSL errors aren't that important?
  11. TCB13

    NanoPI M4

    Hello, can you confirm that my Apache/OpenSSL I/O issue might be something you guy already know about? https://forum.armbian.com/topic/7511-nanopi-m4/?do=findComment&comment=69785
  12. TCB13

    NanoPI M4

    Meanwhile the iotop command is also broken: iotop Traceback (most recent call last): File "/usr/sbin/iotop", line 17, in main() File "/usr/lib/python3/dist-packages/iotop/ui.py", line 620, in main main_loop() File "/usr/lib/python3/dist-packages/iotop/ui.py", line 610, in main_loop = lambda: run_iotop(options) File "/usr/lib/python3/dist-packages/iotop/ui.py", line 508, in run_iotop return curses.wrapper(run_iotop_window, options) File "/usr/lib/python3.5/curses/init.py", line 94, in wrapper return func(stdscr, *args, **kwds) File "/usr/lib/python3/dist-packages/iotop/ui.py", line 501, in run_iotop_window ui.run() File "/usr/lib/python3/dist-packages/iotop/ui.py", line 155, in run self.process_list.duration) File "/usr/lib/python3/dist-packages/iotop/ui.py", line 434, in refresh_display lines = self.get_data() File "/usr/lib/python3/dist-packages/iotop/ui.py", line 415, in get_data return list(map(format, processes)) File "/usr/lib/python3/dist-packages/iotop/ui.py", line 388, in format cmdline = p.get_cmdline() File "/usr/lib/python3/dist-packages/iotop/data.py", line 292, in get_cmdline proc_status = parse_proc_pid_status(self.pid) File "/usr/lib/python3/dist-packages/iotop/data.py", line 196, in parse_proc_pid_status key, value = line.split(':\t', 1) ValueError: not enough values to unpack (expected 2, got 1)
  13. TCB13

    NanoPI M4

    So, did anyone notice issues with Apache + SSL? I'm using Armbian Stretch from here https://dl.armbian.com/nanopim4/Debian_stretch_default.7z and apparently when I enable SSL in Apache, large downloads just hang after a while. I can't reproduce this issue with plain HTTP. Example on `wget` (same behaviour on a browser): wget https://xyz---/test.bin --2019-01-13 18:22:22-- https://xyz---/test.bin Resolving xyz--- (xyz---)... 85.241.xxx.xxx Connecting to xyz--- (xyz---)|85.241.xxx.xxx|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1073741824 (1,0G) [application/octet-stream] Saving to: 'test.bin.2' test.bin.2 39%[==================> ] 403,66M 11,6MB/s eta 54s It was downloading fine until it reached 403,66M, after this point nothing else happened. On the server side I get this: ssl_engine_io.c(2135): [client 85.243.xxx.xxx:59904] OpenSSL: write 16413/16413 bytes to BIO#5588cd8c50 [mem: 5588a87c23] (BIO dump follows) core_filters.c(525): [client 85.243.xxx.xxx:59904] core_output_filter: flushing because of THRESHOLD_MAX_BUFFER core_filters.c(547): (70007)The timeout specified has expired: [client 85.243.xxx.xxx:59904] core_output_filter: writing data to the network ssl_engine_io.c(2144): [client 85.243.xxx.xxx:59904] OpenSSL: I/O error, 16413 bytes expected to write on BIO#5588cd8c50 [mem: 5588a87c23] (70007)The timeout specified has expired: [client 85.243.xxx.xxx:59904] AH01993: SSL output filter write failed. ssl_engine_io.c(2135): [client 95.239.xxx.xxx:9937] OpenSSL: write 45/45 bytes to BIO#55bd9e23e0 [mem: 55bd9ec213] (BIO dump follows) ssl_engine_io.c(2144): [client 95.239.xxx.xxx:9937] OpenSSL: I/O error, 5 bytes expected to read on BIO#55bd9e9d80 [mem: 55bd9ec213] Here is the configuration of the VHosts serving this requests: <VirtualHost *:443> ServerName xyz--- ServerAdmin tcb13--- DocumentRoot /test ErrorLog /test/error.log CustomLog /test/access.log combined SSLEngine on SSLCertificateFile /mnt/SU1/letsencrypt/config/live/xyz---/fullchain.pem SSLCertificateKeyFile /mnt/SU1/letsencrypt/config/live/xyz---/privkey.pem Header always set Strict-Transport-Security "max-age=15768000" LogLevel trace6 </VirtualHost> I'm sure this isn't a network related problem because: Only happens with SSL enabled, on non-ssl vhosts I can download without issues; Other protocols (FTP and SCP) work just fine to download the same test file; No issues while testing the network with iperf3. Some system info: lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 9.6 (stretch) Release: 9.6 Codename: stretch uname -a Linux testxyz 4.4.162-rk3399 #41 SMP Fri Oct 26 14:03:47 CEST 2018 aarch64 GNU/Linux apache2ctl -V | grep -i "Server version" Server version: Apache/2.4.25 (Debian) root@testxyz:~# dpkg -l |grep apache2 ii apache2 2.4.25-3+deb9u6 arm64 Apache HTTP Server ii apache2-bin 2.4.25-3+deb9u6 arm64 Apache HTTP Server (modules and other binary files) ii apache2-data 2.4.25-3+deb9u6 all Apache HTTP Server (common files) ii apache2-utils 2.4.25-3+deb9u6 arm64 Apache HTTP Server (utility programs for web servers) ii libapache2-mod-php7.3 7.3.0-2+0~20181217092659.24+stretch~1.gbp54e52f arm64 server-side, HTML-embedded scripting language (Apache 2 module) Thank you all.
  14. Hello, I was wondering if it is possible to disable both LEDs on this board or, at least, the green (stat) one. Also I was trying to remove wifi completely and I can do: iwconfig wlan0 txpower off ifconfig wlan0 down systemctl disable wpa_supplicant But not sure if it's possible to remove the driver from the OS and what other unnecessary software I can remove. Thank you in advance.