Peerbox-raspi-v0.24 discussion thread

After almost a month I have decided to release new image, so users can keep up with updates and help me test new features.
By number of changes in git repo I think this is most complex release so far, it features two brand new PCF modules and quite a few changes on kernel. What is star of the show if you ask me is support for 2FA, google-authenticator. I wanted to implement yubikey too but it is far more complex than I imagined, so not to postpone release any more I have decided to feature it in next release.
Few days ago was official birthday of Peerbox project, Peerbox is now six months old. :slight_smile:

Please test, report problems and discuss as always.

Downloads:

[center]http://peerbox.me/download/Peerbox-raspi-v0.24.2.img.gz
sha256sum: 84b447667d56010f8b502e312485006f965ae5d2a491e00d28bd8d28d771b97b

http://peerbox.me/download/Peerbox-raspi-v0.24.2.img.xz
sha256sum: ae13e9288b0e09597e10484fdc8eab59944e05f645cb196eae6cab3837336060[/center]

Mirrors are faster:

[center]EU mirror:

http://coinerella.com/mirror/peerbox-raspi-v0.24.2.img.gz

[center]
Asian Mirror:
http://peerbox-asia.servehttp.com/

European Mirror:
http://peerbox-europe.servehttp.com/[/center]
[/center]

Change log:

minor:

  • Updated system, most notably systemd to 217
  • Updated ppcoind package against latest openssl and boost-libs
  • Deprecated iptables-rules package

major:

  • Added support for 2FA protection of SSH, google-authenticator: https://github.com/peerchemist/Peerbox/wiki/How-to-use-google-authenticator-with-Peerbox

  • Now firewall (iptables) is auto-configured on first boot to match local network settings.
    I have chosen really minimal and simple solution for this problem. If this approach is proven unstable or unusable in some scenarios I have another solution almost ready.
    If you want Peerbox to re-configure firewall just delete /etc/pcf/firewall/.lock and reboot system.

  • Bumped kernel version to current point release to keep up with upstream security patches.
    Also, did quite a few changes in kernel config. Security wise, due this changes system is now more secure.

Update 1:

v0.24.1 released, this update fixes somewhat fatal bug (firewall setup locked out-of-the-box) in v0.24.

Update 2:

Changelog:

Bugfixes:

  • Fix bug #5, version report bug

  • Fix bug #4, pcf-firewall-setup does not load created rules upon first boot and requires user to restart.

  • Fixed some minor quirks with pcf-google-auth module.

    Updates:

  • Updated python to 2.7.9 (security bugfixes)

  • Updated systemd to next point release

Other changes:

  • pcf-modules-google-auth is now installed by default but not activated. To activate it use “google-authenticator” command. I advise you to use google-authenticator, is relatively hassle-free but great improvement on security.

  • Removed utility programs for less popular filesystems (reiserfs, xfs, jfs)

  • Reduced size of the compressed image by starting on fresh filesystem.

  • Backport from v0.25; replace udev rules automouting of USB FLASH devices with more reliable and more sane Udev/systemd hybrid solution by taylorchu. Now USB FLASH devices get mounted in /usb/. For more info see updated wiki: https://github.com/peerchemist/Peerbox/wiki/How-to-backup-wallet.dat

Great work peerchemist! Thank you. Will test and report.

That’s a great update peerchemist, thanx!

Peerbox is now even more secure! I’ve spread it on Facebook, Twitter and Reddit, Thanks! :slight_smile:

Mirror:

coming up… sha hash different atm.

r/peerbox post: http://www.reddit.com/r/Peerbox/comments/2mpqs7/peerbox_v024_released_now_supports_twofactor/

thx for propaganda!

Same mirror name as usual for v0.24

Asian Mirror:
http://peerbox-asia.servehttp.com/

European Mirror:
http://peerbox-europe.servehttp.com/

Thank you again for your great work :slight_smile:

[quote=“GLock, post:8, topic:3077”]Same mirror name as usual for v0.24

Asian Mirror:
http://peerbox-asia.servehttp.com/

European Mirror:
http://peerbox-europe.servehttp.com/

Thank you again for your great work :)[/quote]

thank you for the mirrors

Mirror providers, please download v0.24.1 and re-host it. Thanks.

Updated

iptables still not working OOB for subnets like 192.168.38.0/24 :frowning:

Can’t access SSH, have to modify the rules manually.

[quote=“Thireus, post:12, topic:3077”]iptables still not working OOB for subnets like 192.168.38.0/24 :frowning:

Can’t access SSH, have to modify the rules manually.[/quote]

I had the same problem reported before, I have tried to analyze this issue but without success. As it seems, there is no issue. PCF module recognises correct IP and loads rules properly, that is what testing showed. I will raise an issue on git again, and will contact you to go over this again. If you can, please install Tox so we can communicate in real time. I will contact you as soon as I have some spare time.

SOLVED! Like you said on IRC:

I had to reset the device manually, and SSH worked on the next reboot.

To be fixed in the next release iptables needs to reload the correct rules after the first reboot.

Bump!

http://peerbox.me/posts/v0.24.2%20update.html

I’d like to update, but am unsure how to back up my wallet. As I’ve mentioned before, with my current version (0.24.1??), writing to the USB doesn’t seem to work. I follow the instructions to the letter, but when I inspect the USB in Windows, the wallet.dat file is not there. But in a directory on raspi instead.

Ideas? Or should I just go ahead and flash 0.24.2 and redo importprivkey, and then do ppcoind encrypt (how I ended up doing it previously)?

Edit: Going the importprivkey route seems to reset coin-days, as it appears that that info is contained in wallet.dat. I found this out when I had some PPC sent to a Peerunity address while Peerunity was not running. Upon restarting Peerunity a week or so later, the new transaction finally showed after the blockchain re-sync’d, but with an age of “0”.

That should not interfere with your coin age, as this is determined by the blockchain itself.
Importprivkey doesn’t move your coins on the blockchain, so your coin age should not be affected.

That should not interfere with your coin age, as this is determined by the blockchain itself.
Importprivkey doesn’t move your coins on the blockchain, so your coin age should not be affected.[/quote]

So why did a week old transaction show as “0” days after the block sync in Peerunity? The transaction time/date shows as approximately when the blockchain finished syncing.

To revisit the conversion from another thread, doing:

sudo cp /var/lib/ppcoind/wallet.dat /media/FLASH (this is with 0.24.1)

is most definitely not writing to my USB stick. Instead it is writing to a directory inside of Peerbox itself. I just tried it again.

I think it’s the same problem if you rehash the block chain completely without wallet.dat. Transaction time stamps are stored in the wallet.dat.
Using priv key (and not wallet.dat) won’t give you correct time stamps.