Tales from beyond the .network


Using qemu-guest-agent as interface between VMs and Proxmox host systems

Since virtual machines created with KVM/QEMU are not simple containers but quite isolated from the hosts environment, QEMU offers a companion service called qemu-guest-agent for Linux guests. qemu-guest-agent acts as an interface between the VMs and the host system.

Some features like passing ACPI information for a clean guest shutdown are pretty well-known. However, did you know that you can even send commands to your VMs directly from your Proxmox host system?

Proxmox Virtual Environment uses KVM/QEMU as virtualization technology. Since calling the qemu-guest-agent interface is not very intuitive by itself, Proxmox provides the qm guest command which acts like a bridge between the host system and the VMs.


Apache2: Restrict access based on file extensions

The following ruleset in Apache 2.4’s vHost or server configuration allows us to only grant access to some specific file extensions. All files not covered by the following rule are not accessible via the web server:

# Restrict access to allowed file extensions
<FilesMatch ".+\.(?!(php|css|js|png|jpg|jpeg)$)[^\.]+?$">
        Require all denied

In this case, we only allow the extensions .php, .css, .js, .png, .jpg and .jpeg. This rule first prevents access to all file types. Then, it explicitly allows access to some files by excluding them from the general rule.

Since these rules will also work in an .htaccess file, full access to the server configuration is not required.

Proxmox: Throttled backups for better performance

On a Proxmox node managed by myself, I’m relying on Proxmox’s integrated backup function as part of my backup concept. Since the server is mostly used for storage purposes, it’s equipped with ‘traditional’ HDDs instead of SSDs.

The VMs are running on a RAID10 on ZFS, the backups are stored on a seperate RAID1 on the same machine. In the beginning this worked very well, but with an increasing load on the Proxmox node due to a growing number of VMs, I ran into more and more problems caused by high I/O load.


Disaster recovery using the GitHub Events API

Last sunday, an unknown individual compromised the libretro project. First, the attacker hijacked and wiped the project’s buildbot server. After gaining access to the server, he took over a GitHub account of a highly ranked member of the libretro team. Using this account, the attacker destroyed multiple repositories managed by the libretro organization by force-pushing a blank initial commit into each affected repository.

Such attacks are not exactly uncommon and happened multiple times before. At first glance, force-pushing an empty commit into a repository means that any data stored in this repository is lost.


MSYS2: SSH authentication with PuTTY’s pageant

With ‘pageant’, the popular SSH client PuTTY provides a convenient tool for using SSH keys as authentication method. After loading all desired SSH keys into pageant, PuTTY is able to use those keys automatically for further authentication attempts.

Besides PuTTY itself, other applications are able to use pagent. Some programs like WinSCP and FileZilla provide pageant support out of the box, in some other cases, support for pageant needs to get added separately.

When I’m running Windows, I use MSYS2 as my development environment of choice. Contrary to WSL (at least if we don’t want to use cross compilation), it’s easily possible to compile native Win32 binaries with GCC while preservice the ‘look and feel’ of a standard ‘Linux shell’.

From time to time, it’s neat to be able to use SSH, scp or rsync from within a MSYS2 session. It would be even better if we could use the SSH keys that are loaded into pageant anyways for this.


Using Snap Packages in Gentoo

One of the main advantages of snap packages is the possibility to use them not only on one Linux distribution like ‘traditional’ packages, but on a wide variety of distributions without having to modify or rebuild them. Many distributions provide the necessary snapd daemon in their repositories.

It is entirely possible to use snap packages with Gentoo too. Even building new snap packages with snapcraft and multipass or LXD will be possible afterwards.


Creating a ScummVM Engine for The Clue!

A couple of months ago, I (somehow) initiated a new project: Creating a ScummVM engine for the game ‘The Clue!’, originally released in 1994.

‘The Clue!’, originally known as ‘Der Clou!’, was developed and published by the Austrian games studio ‘neo Software Produktions GmbH’. Some sources say that the game was published by ‘Max Design’, but that’s not really certain. However, we know for sure that the UK release was published by ‘Kompart UK’.


More Sheep: ScummVM 2.1.1 is here!

A couple of days ago, the ScummVM Team officially released ScummVM 2.1.1, codenamed “:More Sheep:”. This new release includes several improvements and a large amount of bugfixes. Not only the game engines, but also the ScummVM GUI and networking stack received improvements. Let’s have a closer look at the updates that were made for ScummVM 2.1.1.

Amongst other things, the developers fixed a bug that could lead to a crash when switching between certain languages in the GUI. Additionally, changes made to the options dialog won’t be erroneously saved when the dialog is left using the ESC key.


Manjaro: Fixing the screen resolution in VMware

Due to a bug in current versions of Manjaro, it is not possible to change the screen resolution if Manjaro is running as a VMware guest. Neither changing the resolution manually nor using the “Fit Guest Now” option is working correctly. Since the screen resolution is pinned to 800×600 pixels, it’s almost impossible to properly use the VM. I was able to reproduce the issue with my VM running Manjaro with the KDE desktop.


Official kernel packages for Gentoo?

In comparison to other Linux distributions, Gentoo handles kernel installations and upgrades quite differently. While other distributions deploy new kernel release over their package management, Gentoo only packages the kernel sources. It’s up to the user to compile and install the kernel in a second step. Gentoo developer Michał Górny is about to change that with the introcution of an official Gentoo kernel.

Traditionally, configuring and installing the kernel is done either manually or simplified by using genkernel. While configuring the own kernel allows a high level of adjustment to the hardware in use or to specific workloads, genkernel creates a more “generic” kernel.