Posts by DaCHack

    I tried to install the plugin on a vanilla LibreELEC 11.0 with embedded Airplay support deactivated.

    I saw a range of docker containers being started according to the notification boxes and my expectation was that I could see the appliance in my iPhone's screen mirroring or at least in the Airplay audio devices menu. But none of both is the case.

    So I am still trying to figure out how to troubleshoot (but also with limited time invest since my last post :) )

    Hey markturnip ,

    Thanks for this. Sounds really great. Before I try with a fresh install, could you please elaborate a bit on the functionality?

    - is it possible to use the addon on any system with gstreamer installed (eg osmc)?

    - how does it handle kodis Exclusive access to framebuffer and soundcard? When using rpiplay on osmc in parallel to kodi , my system simply freezes when I connect an iPhone

    - how do you geht back into kodi once the connection with the streaming device is closed?

    EDIT:

    I saw in the code that you are using X11 so assume your setup is depending on a windows manager and won't work on LibreELEC without adding X11, right? I am using KODI on a RPi4 and would like to save that overhead at any cost.

    Thanks for your reply. That is indeed a fair point. And I am aware that I am trading off here. My Focus was so far the „basic homework“ of network (port), authentication and application security to the extend I can cover it as an Administrator. It is hard for me to consider kernel security and complex attack vectors such as via codecs as well. The plan is still to consolidate the appliances as much as possible to make all of this „living room ready“ (I hate shelfs stuffed with numerous hardware 😂). Will go for a proxmox virtualized setup with stronger Hardware maybe at some Point.

    Acknowledged your points, so I‘ll try and rather go for another platform than forcing another user into LE. Still Open for ideas on the „how“ rather than the „if at all“… 😊

    Many thanks

    DaC

    Many thanks for the quick response.

    Highly appreciated.

    The fact that LE is not a conventional distro is exactly what I appreciate. Why? Because a stripped down system reduces the attack surface.

    Maybe a few words on my scenario:

    As a hobby I am running a homeserver based on a slightly hardened and stripped down RPiOS with several services (Bitwarden, Pihole, Lets Encrypt Bot, etc) all separated in individual docker containers. Unfortunately, there is no performant and up-to-date docker image for kodi without X. The only „service“ that actually runs natively is a cron job bash script that copies my Lets Encrypt certs into the user folder of an unpriviledged user.

    I have two other appliances that log in via SCP/SSH to grab them and install them locally. Thus, if they would be compromised they would not have root access to my homeserver (=> Zero Trust Principle). I also would like to avoid that if the homeserver is compromised, an Attacker would have credentials to both of the other appliances. Thus, I am not pushing the files over there.

    Would it make sense to deep dive on this use case or would you rather recommend me going for Kodi directly on RPiOS or OSMC (less stripped down and targeted but more flexible)? I thought this should not be as tricky but might have underestimated the amount of water to be pushed uphill..?

    Thanks

    DaC

    Hi,

    I love the simplicity of LibreElec and thus prefer it over a Kodi installation on Debian or OSMC.

    There is just one thing that drove me crazy today and cost me basically the whole day without success:

    I would like to be able to login via SSH with a non-root User Account that receives certain data by a cron job in the user folder, but does not have access to anything else.

    Thus, I adapted the SYSTEM-file based on HiassofT hint here: How to change files on Read-only file system

    • Created /home/administrator and populated ~/.ssh based on my prior home server
    • Adapted /etc/passwd, /usr/cache/shadow and /storage/.cache/shadow

    But no luck. SSH replies

    sshd[1207]: error: Could not get shadow information for administrator

    and is now not even able to login root anymore (neither with standard password nor with my custom one).

    Any idea how I could accomplish this or what I could be missing?

    Please find my Log here: ix.io :?:

    Many thanks

    DaC