Categories
Music

FFMPEG – Converting DSF to FLAC

When converting SACD DSF audio files to FLAC (or any other PCM type format) the conversion process will most likely introduce distortion in the upper frequencies. In order to eliminate this you need to use the lowpass filter during the conversion process. This post is mainly so I won’t forget.

These are the ffmpeg commands I used to convert to regular FLAC. To convert to 24bit FLAC use s32 for the sample format.

convert one file to flac
ffmpeg -i inputfile.dsf -af "lowpass=24000,volume=6db" -sample_fmt s16 -ar 48000 outputfile.flac
Convert all dsf files in directory
for i in *.dsf; do ffmpeg -i "$i" -af "lowpass=24000, volume=6dB" -sample_fmt s16 -ar 48000 "${i%.*}.flac"; done

24 bit and 32 bit FLAC

At the time I wrote this the FLAC encoder only supported 16 and 24 bit encoding. As of ffmpeg v6 the FLAC encoder now appears to support 32 bit encoding using the -strict experimental switch. Be sure to test playback devices for the new 32 bit encoded FLAC files.

convert to 24 bit flac
ffmpeg -i inputfile.dsf -af "lowpass=24000, volume=6dB" -sample_fmt s32 -ar 48000 outputfile.flac
convert to 32 bit flac
ffmpeg -i inputfile.dsf -strict experimental -af "lowpass=24000, volume=6dB" -sample_fmt s32 -ar 48000 outputfile.flac

Audio Filters

Remember that the audio filters are specific to convert DSF files only. If you are converting other file types to FLAC they are not necessary. The values are not absolute and can be modified. The lowpass filter passes all frequencies below its setting and blocks any above it. This is required due to the high frequency distortion from converting DSD format to PCM format. The volume filter adjusts the volume. This isn’t required, but highly recommended as the volumes between the two formats are represented differently. The resulting PCM file will be lower in volume. These settings are not specific to FLAC but the conversion process from DSD to PCM.

Written by a real human. No AI involved.

Categories
Fedora Sendmail

Sendmail – LetsEncrypt and verify=OK

How To Configure LetsEncrypt and Sendmail Properly

This documentation pulls from a form post on FreeBSD from user Kuli.
https://forums.freebsd.org/threads/sendmail-and-letsencrypt.57675/

LetsEncrypt certificates aren’t listed in the main distributed ca-bundle.crt. The confCACERTand confCACERT_PATH configurations are two independent configurations that don’t really have anything to do with each other. When verifying certificates, it looks in the confCACERT_PATH for individual hashed files of root certificates. The confCACERTwill be configured with the intermediary LetsEncrypt chain.pem. Sendmail will then be happy to verify=OK the certificates. Do note that, it appears the majority of mail servers are using certificates that can’t be verified. So you will see a lot of NO. It’s better than FAIL. The script works with Fedora and probably any variant of Linux. Your experience may vary.

2021 Update!

I have discovered a much better way to generate the hashed ca files! I really struggled with the shell script. I have only tested this with Fedora 33, though I suspect it should work on other distributions.

Sendmail Configuration

define(CERT_DIR',/etc/letsencrypt/live/<your site>')
define(confCACERT_PATH',/usr/local/etc/ssl/ROOT')
define(confCACERT',CERT_DIR/chain.pem')
define(confSERVER_CERT',CERT_DIR/cert.pem')
define(confSERVER_KEY',CERT_DIR/privkey.pem')
define(confCLIENT_CERT',CERT_DIR/cert.pem')
define(confCLIENT_KEY',CERT_DIR/privkey.pem')

Create the CACERT_PATH files

2021 New Easy Way:

#p11-kit extract --format=openssl-directory --filter=ca-anchors --overwrite /usr/local/etc/ssl/ROOT/

Old Kinda Broken Shell Script Way:

#!/bin/sh
#Separate the root cert into files each with only one cert and name hashed

RCert=/etc/ssl/certs/ca-bundle.crt
DESTDIR=/usr/local/etc/ssl/ROOT
mkdir -p $DESTDIR
cd $DESTDIR
rm -f *
cat $RCert | sed -E '/^(Certificate:|SHA1 Fingerprint|#| |$)/d' | awk 'BEGIN {c=0;} /BEGIN TRUS/{c++} { print > "cert." c ".pem"}'

for a in ls $DESTDIR
do
    mv $a openssl x509 -hash -noout < $a.0
done