Practical experiences from every day IT

Month: February 2026

  • Alpine 3.23 mkimage.sh: ERROR: –usermode not allowed as root

    Recently I decided to upgrade a custom Alpine ISO generator that I run to the latest version of Alpine Linux, 3.23. The task is fairly easy, but required some special attention, because the first ISO build attempt failed:

    sh aports/scripts/mkimage.sh --tag "test-3.23-0.1" --outdir /export --arch x86_64 --repository https://dl-cdn.alpinelinux.org/alpine/v3.23/main --repository https://dl-cdn.alpinelinux.org/alpine/v3.23/community --profile myprofile
ERROR: --usermode not allowed as root

    After some research I found that this is related to the updated version of apk, the package manager used in Alpine Linux. Version 3.x of apk brings a fair amount of new features and some slightly breaking changes such as this one.

    (more…)

  • Short: Automatically generate a one time password to connect to Sophos or OpenVPN Access servers

    If business partners or companies use Sophos or OpenVPN Access, it is likely that they use some sort of OTP “one time password” mechanism. Either as a standalone password or as a combination of a persistent password + one time password. Usually entered one after another without any whitespace as a response to the VPN client querying upon connection buildup.

    If one wanted to automate that, for example on a VPN Gateway, oathtool comes in handy. It allows to generate the right one time password using the initial setup string like that:

    oathtool --totp -b "JBSWY3DPEHPK3PXP"

    The resulting OTP can then be used further to authenticate with the OpenVPN commandline client.

    Using WSL or MSYS2 you can also use (or compile and then use) oathtool on Windows.