Archives

All posts for the month January, 2015

Version 14.0 of XBMC came out a few days before Christmas, though it’s now rebranded as Kodi (not a fan of the new name). I took advantage of some vacation time to rebuild my setup and update from XBMC 13.1.

Previously, my XBMC systems were Windows-based. Not my first choice, but back when I built them, there were major hassles involved with getting HDMI audio to work properly in Linux. Windows clients meant I needed Samba on my file server, which was also not my first choice.

For the rebuild, I chose OpenELEC, which is essentially a very stripped-down, appliance-like Linux distro that runs on multiple hardware platforms. Being Linux-based, it can speak native NFS, which allowed me to ditch Samba.

Server configuration

My OpenBSD file server uses MariaDB for the SQL back-end and the native NFS server for presenting the media library. NFS configuration on OpenBSD is simple and well-documented. Configure your exports in /etc/exports and enable the portmap,mountd, and nfsd daemons; that’s all there is to it.

Minor annoyance: portmap and nfsd bind to consistent ports, but mountd picks 2 random privileged ports. Annoying, but that’s how the protocol is supposed to work, per RFC 1094. If you use PF on the NFS server, you’ll need some ugly rules like:
pass in on $lan_if inet proto udp from <kodihosts> to $lan_if port < 1024
pass in on $lan_if inet proto tcp from <kodihosts> to $lan_if port < 1024
Or, if you want to be more thorough, dynamically update the ruleset via a script and anchor.

OpenELEC clients

OpenELEC installation is straightforward; just follow the docs. I replaced one of my old (and increasingly noisy) PCs with a Raspberry Pi. I mildly overclocked it and added an MPEG-2 license to get hardware-accelerated playback of DVDs.

OpenELEC works very well as installed, but one area needed some attention: by default, it allows ssh access to root, with a hardcoded, publicly-published password. No, seriously:

How do I change the SSH password?

At the moment it’s not possible to change the root password as it’s held in a read-only filesystem. However, for the really security conscious advanced user, you can change the password if you build OpenELEC from source.

This is utterly insane and indefensible. While you wouldn’t want to expose one of these systems to the Internet in the first place, this kind of total disregard for security is just appalling. And their suggested solution is to recompile everything with a different hardcoded password.

A much better solution is to set up ssh keys and then disable password logins, which can be done from within the GUI.

Library Sharing

Setting up Libary Sharing is well-documented and straightforward, assuming you have a bit of SQL familiarity. I’m not thrilled by their suggestion to GRANT ALL ON *.* TO 'xbmc';, but since nothing else is using that SQL instance, I won’t squawk too loudly about it.

Once the initial setup is done, additional clients just need the advancedsettings.xml file to connect to your database and find your library. Fairly slick.

The Inevitable Snag

Every IT project has one…

I installed the Kodi .apk on my Android tablet, added my advancedsettings.xml file, and promptly found that I couldn’t play any videos on the tablet. A few minutes of troubleshooting ran down the issue.

Kodi insists on using unprivileged ports for NFS:

Your NFS server on your NAS needs to be able to allow connections on so-called unprivileged ports, which are port numbers higher than 1023. However, most NAS’s are set up by default to deny incoming NFS connections on these unprivileged ports.

And OpenBSD’s mountd does not allow them:

The -n flag historically allowed clients to use non-reserved ports when
communicating with mountd. In OpenBSD, a reserved port is always used.

So… that simply won’t work. Fun.