pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[jrmwvu04]

Maybe I misunderstand, but don't you need executables for our routers, instead of Ubuntu executables?

And thus cross-compiling?

Right, armv7, mipsel and aarch, I would only replace the binary. Same as kvics beta script did.

Si señor. Without cross compiling, there are no binaries. But hey, progress.

 

[thelonelycoder]

Si señor. Without cross compiling, there are no binaries. But hey, progress.

Three dynamically linked binaries:
- armv7 (32-bit, RT-AC56U/68U/87U/etc and RT-AC86U/AX88U with 32-bit Entware)
- mipsel (32-bit, RT-N66U/AC66U/etc)
- armv8 (64-bit, RT-AC86U/AX88U with 64-bit Entware)
I know it's a lot to ask for but this is how kvic distributed his beta versions and it would work best for the time being.

There's hope that @kvic returns one day, distributing again his coding excellence through the Entware packaging system again. I don't want to close out that possibility.

 

[jrmwvu04]

I know it's a lot to ask for but this is how kvic distributed his beta versions and it would work best for the time being.

Yeah, but I don't know how to build them. The information I've been able to find so far makes assumptions that you know how to get the build environment set up for all the various architectures you want to create - which I do not.

There's hope that @kvic returns one day

Amen to that, brother.

 

[thelonelycoder]

The certificate I create during Diversion installation will need to be compatible too.
The command I use is

openssl genrsa -out ca.key 1024
openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

Would it suffice if I change the key length and expiry date, like so?

openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

 

[dave14305]

I’m no good with compiling, but there are some closed issues on kvic’s github that might have some hints, if no one has looked there yet.

https://github.com/kvic-z/pixelserv-tls/issues?q=is:issue+is:closed

 

[Jack Yaz]

I’m no good with compiling, but there are some closed issues on kvic’s github that might have some hints, if no one has looked there yet.

https://github.com/kvic-z/pixelserv-tls/issues?q=is:issue+is:closed

I may have found a hacky way of producing the binaries....testing in progress

 

[gattaca]

Doesn't the current openssl dev/source need to be available somewhere on the the compile paths? If linux, you might have to pull that down as part of the developer toolkit / source or maybe github?

I recall seeing OpenSSL versions upgrades in his dev notes. That may be helpful.

https://stackoverflow.com/questions/11841919/cross-compile-openssh-for-arm

https://wiki.openssl.org/index.php/Compilation_and_Installation

https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html

 

[thelonelycoder]

Things start to look better on the pixelserv-tls "new certificate generation" front.
Time to settle down and wait for the updated files.

 

[RMerlin]

The certificate I create during Diversion installation will need to be compatible too.
The command I use is

openssl genrsa -out ca.key 1024
openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

Would it suffice if I change the key length and expiry date, like so?

openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

You also need to set the key usage to Web Server:

https://github.com/RMerl/asuswrt-merlin.ng/commit/e786dfa2a5faac92c77c499a9b7fb0923efce892

Adjust this in the openssl.cnf config file you are using.

Might also want to ensure that the clock is accurately set before generating the cert with a 2 years duration, otherwise your certificate may expire prematurely if someone is running an older firmware release.

https://github.com/RMerl/asuswrt-merlin.ng/commit/9e1566a472b3babcbe463e21e5b00a1b1efff30a

 

[jrmwvu04]

I'm able to build Jack's 2.3 pixelserv natively for ubuntu no problems. When I try to compile it for arm, configure complains that it can't find libcrypto as though the libssl-dev package was missing.

@Jack Yaz get anywhere on those binaries?

 

[gattaca]

^^^^ Doesn't it need the libs for openssl compiled for ARM available, so you have to compile those too or make sure they are in the libpaths?

https://assil.me/2017/09/30/cross-compile-openssl-arm-zynq.html

 

[Jack Yaz]

I'm able to build Jack's 2.3 pixelserv natively for ubuntu no problems. When I try to compile it for arm, configure complains that it can't find libcrypto as though the libssl-dev package was missing.

@Jack Yaz get anywhere on those binaries?

I'll send you a link

 

[jrmwvu04]

I'll send you a link

 

[jrmwvu04]

Currently I'm working with macOS because it's just easier to sit behind one keyboard to do testing. iOS behaves similarly, but doesn't give the user as many specifics. All of this pertains to Safari, by the way. I am not sure how or if other browsers are affected yet.

It's worth noting, I think, that it's not the end of the world that the handshake fails. pixelserv and by extension Diversion will still be quite useful and functional even while a solution is being worked out.

 

[gattaca]

Jack, or anyone, Any progress getting the pixel-serv compile working? This thread got quiet.
I assume no one has heard from @kvic? Thanks! Peace.

 

[Asad Ali]

Jack, or anyone, Any progress getting the pixel-serv compile working? This thread got quiet.
I assume no one has heard from @kvic? Thanks! Peace.

The binaries are already patched and compiled and currently under testing phase.

 

[gattaca]

^^^^ SUPER! Thanks for the update!!

 

[jrmwvu04]

I’ve uploaded Jack’s binaries to my Dropbox if anyone wants to test.

https://dropbox.com/s/m1884645pvf5kxj/pixelserv-tls-2.3.tgz

These are the binaries only, for the various asuswrt platforms. You will need to know what to do with them and what changes to make, and testing is at your own risk - I offer neither support nor guarantees about usability.

 

[XIII]

If Apple releases iOS 13 GM later today, I plan to install that on all my iOS devices.

I wanted to check my current "tav" value before doing that, but I can't get any statistics:

# curl http://192.168.1.2/servstats
curl: (7) Failed to connect to 192.168.1.2 port 80: No route to host

What am I doing wrong?

(I checked with Diversion that pixelserv-tls is indeed running on 192.168.1.2)

 

[visortgw]

If Apple releases iOS 13 GM later today, I plan to install that on all my iOS devices.

I wanted to check my current "tav" value before doing that, but I can't get any statistics:

# curl http://192.168.1.2/servstats
curl: (7) Failed to connect to 192.168.1.2 port 80: No route to host

What am I doing wrong?

(I checked with Diversion that pixelserv-tls is indeed running on 192.168.1.2)

Why are you using curl? From browser, try:

https://192.168.1.2/servstats​