redmi AX6000 install openwrt & KMS

发表评论

follow this link : https://openwrt.org/toh/xiaomi/redmi_ax6000

this version do not contain luci, you should install it

install web luci

opkg update opkg install luci opkg install luci-ssl /etc/init.d/uhttpd restart

install openconnect

opkg install luci-proto-openconnect

install KMS

wget “https://dl.openwrt.ai/packages-23.05/aarch64_cortex-a53/kiddin9/vlmcsd_svn1113-21_aarch64_cortex-a53.ipk”

wget “https://dl.openwrt.ai/packages-23.05/aarch64_cortex-a53/kiddin9/luci-app-vlmcsd_git-24.217.56735-8015371_all.ipk”

opkg install luci-compat

opkg install vlmcsd_svn1113-21_aarch64_cortex-a53.ipk

opkg install luci-app-vlmcsd_git-24.217.56735-8015371_all.ipk

rockylinux 9 和Fedora 36的rpmbuid python模块依赖

发表评论

在我的rpmbuild SPEC里边刚好需要用到Google depot_tools的ninja

本来正常编译pip install ninja就完事了,但是在rpm环境里发现出错了

ModuleNotFoundError: No module named ‘ninia

这个事情很奇怪, 查了下资料, 在rpmbuild 环境里边python -m site 和命令行发现了不同

rpmbuild里边的sys.path

sys.path = [
‘/root/rpmbuild/BUILD’,
‘/usr/lib64/python39.zip’,
‘/usr/lib64/python3.9’,
‘/usr/lib64/python3.9/lib-dynload’,
‘/usr/lib64/python3.9/site-packages’,
‘/usr/lib/python3.9/site-packages’,
]

命令行里边的sys.path

sys.path = [
‘/root/nginx’,
‘/usr/lib64/python39.zip’,
‘/usr/lib64/python3.9’,
‘/usr/lib64/python3.9/lib-dynload’,
‘/usr/local/lib64/python3.9/site-packages’,
‘/usr/lib64/python3.9/site-packages’,
‘/usr/lib/python3.9/site-packages’,
]

检查python的配置文件可以看到, 识别到RPMBUILD环境, 就会去掉/local/这个路径的包

当然, 解决办法也很简单, 在rpmbuild spec里边加个pip install ninja就行了

这是 rocky linux 9 的python 3.9 以及 Fedora 36 的python 3.10开始引入的一个变化

参考文档:

https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe

https://hackmd.io/@python-maint/BkqScKJW5

https://bugzilla.redhat.com/show_bug.cgi?id=1937494

https://github.com/rhinstaller/anaconda/pull/3646

nginx1.25.0支持HTTP3和QUIC

发表评论

nginx1.25.0 mainline已经支持了HTTP3和QUIC了

需要编译工具 gcc g++ cmake go

yum install -y g++ gcc cmake go git

git clone https://boringssl.googlesource.com/boringssl

#这是nginx的旧方式, 也可以

cd boringssl && mkdir build && cd build && cmake .. && make && cd ../../

#新方式, 有点bug

#cd boringssl && mkdir build && cmake -B build && make -C build && cd ../

编译最新版boringssl go的版本>1.18.9, 我的1.16版本出错了升级后正常, CMake 3.10 or higher is required

这里开始编译nginx, 注意跟quic.nginx.org的测试版有不同, 没有了quic_stream模块

cd nginx-1.25.0
./configure
    --with-debug
    --with-http_v3_module
    --with-cc-opt="-I../boringssl/include"
    --with-ld-opt="-L../boringssl/build/ssl
                   -L../boringssl/build/crypto"
make && make install

配置, 这里跟quic.nginx.org的测试版有不同, 没有了http3 取而代之的是listen 443 quic

http {
    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

    access_log logs/access.log quic;

    server {
        # for better compatibility it's recommended
        # to use the same port for quic and https
        listen 443 quic reuseport;
        listen 443 ssl http2 reuseport backlog=8192;;

        ssl_certificate     certs/example.com.crt;
        ssl_certificate_key certs/example.com.key;

        location / {
            # required for browsers to direct them to quic port
            add_header Alt-Svc 'h3=":443"; ma=86400';
        }
    }
}

这里解释下配置:

listen 443 quic reuseport; #配置H3协议守护, 注意reuseport 放在默认虚机即可

add_header Alt-Svc ‘h3=”:443″; ‘; #这个是告知客户端支持H3, 需要这个才会访问到H3

参考文档:

https://nginx.org/en/docs/quic.html

https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md

使用line-profiler进行python代码调优

发表评论

这里主要介绍下line-profiler

https://pypi.org/project/line-profiler/

pip install line_profiler

如果是python2,则使用3.1.0, 这是最后可用的版本

pip2 install line_profiler==3.1.0

然后在需要监测的代码函数块前边加上

@profile

然后执行

kernprof -l -v your_python_scripts.py

就能看到以行为单位的执行时间占比, 从而分析出代码的性能问题主要出在什么地方

python2 pip 安装和升级的问题

发表评论

一些古老的代码是基于python2的, 需要安装一些模块的时候发现提示出错了

#pip install requests

You are using pip version 7.1.0, however version 23.1.2 is available.
You should consider upgrading via the ‘pip install –upgrade pip’ command.
Collecting requests
/usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
/usr/lib/python2.6/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning

看提示是SSL 协商失败了, 嗯嗯, 猜测是pip的SSL版本过于旧, 需要升级下pip,结果又失败了

#pip install –upgrade pip

You are using pip version 7.1.0, however version 23.1.2 is available.
You should consider upgrading via the ‘pip install –upgrade pip’ command.
Collecting pip
Using cached https://files.pythonhosted.org/packages/fa/ee/74ff76da0ab649eec7581233daeb43d8aa35383d8f75317b2ab3b80c922f/pip-23.1.2.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File “”, line 20, in
File “/tmp/pip-build-p1lQDp/pip/setup.py”, line 7
def read(rel_path: str) -> str:
^
SyntaxError: invalid syntax
----------------------------------------
Command “python setup.py egg_info” failed with error code 1 in /tmp/pip-build-p1lQDp/pip

其实多年以前pip的在线安装和升级已经不支持python2了, 需要手工升级下

https://bootstrap.pypa.io/pip/2.7/get-pip.py

https://bootstrap.pypa.io/pip/2.6/get-pip.py

这两个分别是python的2.6 和 2.7版本的pip手工升级包, 当前时间的版本应该是pip-20.3.4, 下载后用python执行就可以自动升级pip了, 然后安装其他模块也没有问题

SecureCRT 7.2.6在MacOS 13 Ventura不兼容

发表评论

Version 7.2.6在用的SecureCRT是这个版本, 升级到MacOS Ventura就直接crash了

点击报告看看详细信息: Library not loaded: /System/Library/Frameworks/Python.framework/Versions/2.5/Python

发现是丢失了python 依赖, 原来这个版本开始移除了默认的python2

解决办法比较简单: 新安装一个2.7版本的:

https://www.python.org/ftp/python/2.7/python-2.7-macosx10.3.dmg

安装完毕后新开一个terminal:

% which python

/Library/Frameworks/Python.framework/Versions/2.7/bin/python

%cd /Library/Frameworks/Python.framework/Versions/

%sudo ln -s 2.7 2.5

这是新建个软链欺骗下系统, 因为2.5 和 2.7 的python没有太大的区别

然后打开 SecureCRT, 发现就一切OK了

nginx range回源和 range slice回源

发表评论

range request in nginx reverse proxy

nginx proxy_cache 模式下是否支持range, 取决于源站是否返回了: Accept-Range Header

在源站没有明确支持range的请求下, 即便nginx cache 了整个文件, 也不会响应任何range 请求, 会返回整个文件

这个行为方式可以通过修改proxy_force_range on;来修改

Syntax:	`proxy_force_ranges on \| off;`
Default:	proxy_force_ranges off;
Context:	`http`, `server`, `location`

This directive appeared in version 1.7.7.

Enables byte-range support for both cached and uncached responses from the proxied server regardless of the “Accept-Ranges” field in these responses.

nginx 有个特殊的模块叫做http_slice_module, 可以支持分片回源

比如如下配置, 会以1M为文件块跟源站回源, 并存成多份1M分割的cache

slice              1m;

    proxy_cache_key    $host$uri$slice_range;

    proxy_set_header   Range $slice_range;

    proxy_http_version 1.1;

    proxy_cache_valid 200 206 300m;

从测试看, 即便开启了proxy_force_range on和slice range 回源, 在源站没有明确返回Accept-Range的情况下, nginx 依然不会使用slice range回源, 保持了良好的适配性

http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_force_ranges

https://forum.nginx.org/read.php?2,281946,281946#msg-281946

proxy_pass 建议写法

发表评论

            location /v {
                proxy_pass https://gs.x.sohu.com;
            }
看个简单的例子, 一般为了方便我们会直接把域名写在proxy_pass的后边, 这会导致当这个域名无法解析的时候,比如机房下线了,比如第三方回源的域名被摘掉了, 导致nginx restart失败
建议的写法是:
                location /v {
                     set $new_host "gs.x.sohu.com";
                     proxy_pass https://$new_host;
                }
两者的不同之处在于: 
1. proxy_pass直接跟域名的话, 会且只会在nginx 服务起来的时候解析一次, 失败则起不来
2. proxy_pass跟一个域名变量的话, 是调用resolver的, 跟随resolver的配置, 包括有效时间等, 有请求的时候才解析, 失败了也不影响全局服务

MYSQL BETWEEN的边界

发表评论

expr BETWEEN min AND max

If expr is greater than or equal to min and expr is less than or equal to max, BETWEEN returns 1, otherwise it returns 0. This is equivalent to the expression (min <= expr AND expr <= max)

https://dev.mysql.com/doc/refman/8.0/en/comparison-operators.html

一句话: MYSQL BETWEEN 是包含 Min 和 Max值的

Meanings of fields in /proc/net/dev?

发表评论

seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
       "%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
       dev->name,
       stats->rx_bytes,
       stats->rx_packets,
       stats->rx_errors,
       stats->rx_dropped + stats->rx_missed_errors,
       stats->rx_fifo_errors,
       stats->rx_length_errors + stats->rx_over_errors +
        stats->rx_crc_errors + stats->rx_frame_errors,
       stats->rx_compressed,
       stats->multicast,
       stats->tx_bytes,
       stats->tx_packets,
       stats->tx_errors,
       stats->tx_dropped,
       stats->tx_fifo_errors,
       stats->collisions,
       stats->tx_carrier_errors + stats->tx_aborted_errors +
        stats->tx_window_errors + stats->tx_heartbeat_errors,
       stats->tx_compressed);

4os

纯粹的美好

redmi AX6000 install openwrt & KMS

install web luci

install openconnect

install KMS

rockylinux 9 和Fedora 36的rpmbuid python模块依赖

nginx1.25.0支持HTTP3和QUIC

使用line-profiler进行python代码调优

python2 pip 安装和升级的问题

SecureCRT 7.2.6在MacOS 13 Ventura不兼容

nginx range回源和 range slice回源

proxy_pass 建议写法

MYSQL BETWEEN的边界

Meanings of fields in /proc/net/dev?