Minimum apt repository

My minimum apt repository hosted at
How to install the package:
$vi /etc/apt/sources.list.d/rioapt.list
which has one line: deb [trusted=yes] /
$apt-get update
$apt-cache show riodeb
$apt-get install riodeb
How to test it: $ /usr/local/bin/
outputs: I am from 200125
How to make the package:
cd /home/rio/proj/deb/riodeb_1.0-1
vi DEBIAN/control details in tarball below
has: Package: riodeb Version: 1.0-1 Architecture: amd64 and more
permission must < 775:
vi riodeb_1.0-1/usr/local/bin/ echo some msg. will be installed to /usr/local/bin
cd /home/rio/proj/deb
dpkg-deb –build riodeb_1.0-1
this creates riodeb_1.0-1.deb
dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
copy Packages.gz and riodeb_1.0-1.deb to

Files on server: contains two files:
Packages.gz is the index file “apt-get update” that tells where to find a certain package.
riodeb_1.0-1.deb is the software package “apt-get install” downloads that holds
It’s cached as /var/cache/apt/archives/riodeb_1.0-1_amd64.deb,
which can be installed by “apt install” and “dpkg -i” directly

Download everything at

Free wildcard cert manually

Letsencrypt started supporting wildcard certificate since version certbot 0.22.
These changes need to be applied to
1. certbot 0.22 on Ubuntu18. Ubuntu14 can only install certbot 0.14.2, which cannot do wildcard cert.
2. In addition to make a cert file as requested by Letsencrypt, DNS record are required to be created.
3. server need to be changed from acme-v01 to acme-v02. therefore the whole command becomes:
/usr/bin/certbot certonly –authenticator manual –server –text –email –csr riowingNet.csr –logs-dir . –config-dir . –work-dir .

Details on DSN verification:
Taking Google Domains as an example.
DNS TXT record name:
DNS TXT record value comes from the challenge, about 50 characters long
Propagation took over one hour in my case.
To verify:
openssl verify -verbose -CAfile <(cat 0000_chain.pem root.crt) riowingChainCertbot.crt
output: riowingChainCertbot.crt: OK
where: 0000_chain.pem is intermediate cert that sits between riowingChainCertbot and root.
To view:
certutil.exe -decode riowingChainCertbot.crt riowingChainCertbot.bin
certUtil.exe riowingChainCertbot.bin
Output includes: CN=* and CN=Let’s Encrypt Authority X3


Install web server nginx-1.9.15 supporting http/2.
Finding out http version of from remote client windows/WSL:
Curl: $ curl -sI –insecure -o/dev/null -w ‘%{http_version}\n’
output: 2
External tool:
type in
output: HTTP/2 protocol is supported. see attachment
F12 to bring up the DevTools window, and the network tab says H2.

Server side:
Build nginx, need to build from source code as http2 is not in default.
download source:
untar it and go to that folder.
$ ./configure –with-http_ssl_module –with-http_v2_module –add-module=../nginx-rtmp-module-master
I need nginx-rtmp for streaming
$ make this builds the binary objs/nginx
edit so that nginx.conf https has this line:
listen 443 ssl http2;
Most ubuntu meet minimum requirement: nginx 1.9.5 and TLS 1.2


Roku SDK: legacy vs SceneGraph

How video is played, legacy vs SceneGraph, or SDK1 vs SDK2
Screen creation:
SDK1: CreateObject(“roScreen”, true)
SDK2: CreateObject(“roSGScreen”) followed by CreateScene
Video object creation:
SDK1: CreateObject(“roVideoPlayer”)
SDK2: CreateObject(“roSGNode”, “Video”) followed by reparent to scene
Start video playing:
SDK1: video.Play()
SDK2: video.control = “play”
Event loop:
Nothing more than an empty dead loop, like while(true) end while, just to prevent main from exiting

Source code: