thomas
/
labnotes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import sources

Browse Source
main
Thomas Quinot 1 year ago
parent 850007e4fd ab542f68d5
commit c72b35b8e9
23 changed files with 1225 additions and 0 deletions
Show Stats Download Patch File Download Diff File

10
_source/_includes/custom/asides/adsense.html
Unescape Escape View File

@ -0,0 +1,10 @@
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- labnotes-sidebar -->
<ins class="adsbygoogle"
style="display:block"
data-ad-client="ca-pub-9293069461823781"
data-ad-slot="5776170959"
data-ad-format="auto"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>

56
_source/_posts/2014-11-22-debian-jessie-on-dell-precision-m4800.markdown
Unescape Escape View File

@ -0,0 +1,56 @@
---
layout: post
title: "Debian Jessie on Dell Precision M4800"
date: 2014-11-22 01:16:09 +0100
comments: true
categories:
---
The testing ISO image works on a USB key.
Using the nvidia (non-free) driver
----------------------------------
To install the nVidia driver:
* make sure installed kernel headers (linux-headers) match kernel (linux-image),
otherwise DKMS won't build.
* install nvidia-driver (note: this will build a kernel module, so requires
a working compiler)
* run `nvidia-xconfig --query-gpu-info` by hand and make note of PCI BusID
* run `nvidia-xconfig --busid=PCI:x:x:x` to generate xorg.conf
BIOS setup
----------
* Video -> Switchable graphics -> uncheck Enable Switchable Graphics
GNOME 3
-------
Disable `gnome-keyring`:
```
$ cd /etc/xdg/autostart
$ mv gnome-keyring-ssh.desktop gnome-keyring-ssh.desktop-
$ mv gnome-keyring-gpg.desktop gnome-keyring-gpg.desktop-
```
Remember NumLock state:
```
$ gsettings set org.gnome.settings-daemon.peripherals.keyboard remember-numlock-state true
```
Support for smart-card reader
-----------------------------
`apt-get install pcscd`
Network
-------
Disable [IPv6 Privacy Extensions](https://home.regit.org/2011/04/ipv6-privacy/)
```plain /etc/sysctl.conf
# Disable IPv6 "Privacy extensions" (random SLAAC addresses)
net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.default.use_tempaddr=0
```

51
_source/_posts/2014-11-22-setting-up-octopress.markdown
Unescape Escape View File

@ -0,0 +1,51 @@
---
layout: post
title: "Setting up Octopress"
date: 2014-11-22 01:20:42 +0100
comments: true
categories:
---
Objective
---------
To set up Octopress in its own, isolated Ruby environment
Prerequisite
------------
Install rbenv to manage Ruby virtual environments.
Create isolated environment:
```
$ export GEM_HOME=$HOME/octopress.gems
$ gem install bundler
$ export PATH=$GEM_HOME/bin:$PATH
```
`GEM_HOME` and `PATH` need to be set to do any Octopress work.
Clone Octopress:
```
$ git clone git://github.com/imathis/octopress.git octopress
$ cd octopress
```
Install dependencies and default theme:
```
$ bundle install
$ rake install
```
:warning: If `--path` is passed to `bundle install`, the value is cached
in `.bundle/config`, and `$GEM_HOME` is subsequently ignored.
Emoji support
-------------
* Plugin: https://github.com/chriskempson/jekyll-emoji
It is actually necessary to add `gemoji` to the Gemfile
* Images: https://github.com/arvida/emoji-cheat-sheet.com
* `ln -s .../emoji-cheat-sheet.com/public/graphics/emogis source/images/

142
_source/_posts/2015-02-18-upgrading-to-freebsd-10-1-release.markdown
Unescape Escape View File

@ -0,0 +1,142 @@
---
layout: post
title: "Upgrading to FreeBSD 10.1-RELEASE"
date: 2015-02-18 23:06:46 +0100
comments: true
categories:
---
I endeavoured to upgrade my old FreeBSD 9.3-RELEASE system to brand
new 10.1. As expected, this was a quite bumpy process, and below are
a few things I had to find out the hard way.
Ports
=====
Neither `pkg update` nor `portupgrade` can update all ports.
I had to dump all origins, remove all ports, then reinstall
everything manually.
Linuxulator
===========
New CentOS-6 based linux_base requires sysctl:
```
compat.linux.osrelease=2.6.18
```
X11
===
New Xorg
--------
As of Apr. 16, 2014, the X server has been upgraded to a new
release. From https://wiki.freebsd.org/Graphics/WITH_NEW_XORG:
```plain linenos:false
Note that there's a know regression with syscons and kernel video
drivers: you can't switch back to a console once an X.Org session is
started. A new console driver called vt(4) fixes this issue while
bringing nice features. It's available in FreeBSD 9.3-RELEASE and
10.1-RELEASE but isn't enabled by default. To enable it, put the
following line in your /boot/loader.conf:
kern.vty=vt
```
It is a real shame that users essentially have no choice but
switching from the default syscons to the "new" (unfinished,
far from functionally complete) vt console driver.
The X mouse cursor occasionnally disappears for some unidentified
reason. Alt-Tab brings it back.
DRI
---
Both GDM and the GNOME desktop now require DRI access. At least
for ATI video cards, this means that user `gdm`, as well as anyone
logging in to a GNOME session, must have access to `/dev/dri/card0`:
``` plain /etc/devfs.rules linenos:false
add path 'dri/card0 mode 0666
```
GDM
---
Gdm won't work out of the box (black screen):
`gdm_lang` cannot be set to a non-UTF-8 locale anymore
(if the month name in the current date contains an accent,
the greeter will abort). Time to bite the UTF-8 bullet, then.
Oh, and I can't just remove the variable altogether, see below.
Keymap
------
Interesting issue for GNOME users. I found out that the GDM login screen
would always revert to US layout, no matter what. Initially I thought
the X server had an incorrect keymap due to HAL device enumeration,
so I added the following to my setup:
```xml /usr/local/share/hal/fdi/policy/99local/10-x11-keymap.fdi
<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
<device>
<match key="info.capabilities" contains="input.keyboard">
<merge key="input.x11_options.XkbLayout" type="string">fr</merge>
<merge key="input.x11_options.XkbOptions" type="string">terminate:ctrl_alt_bksp,compose:rctrl</merge>
<merge key="input.xkb.layout" type="string">fr</merge>
<merge key="input.xkb.options" type="string">terminate:ctrl_alt_bksp,compose:rctrl</merge>
</match>
</device>
</deviceinfo>
<!-- Legacy X11 options:
Option "XkbRules" "xorg"
Option "XkbModel" "pc105"
Option "XkbLayout" "fr"
Option "XkbOptions" "terminate:ctrl_alt_bksp"
Option "XkbOptions" "compose:rctrl"
-->
```
However this happened to be a total red herring, as by default the
port configures Xorg to use devd, not HAL. For devd, I
[found out](http://olivier.cochard.me/bidouillage/installation-et-configuration-de-freebsd-comme-poste-de-travail#TOC-Configuration-de-la-langue-du-clavier-sans-HAL)
this is achieved
using xorg.conf options:
```
Section "InputClass"
Identifier "Keyboard Defauls"
Driver "keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "fr"
EndSection
```
But all of this was mostly irrelevant for my setup since I add
AutoAddDevices turned off in the X server setup, and the correct
layout was hardcoded in xorg.conf. And indeed,
starting it with startx yields the expected French layout.
However, it appears that gnome-shell considers that whatever keymap
is configured in the X server probably must be unsuitable, and
changes it on its own to a better default based on the current locale
(or "us" if no locale is set for gdm).
Printing
========
I am using an HP MFP1217nfw network printer, which requires the proprietary
`print/hplip` and `print/hplip-plugin` packages. These install `print/cups` as
a dependency. `print/cups-filters` is not installed as a dependency, but
is required anyway, or all print operations will fail with:
```
D [02/Mar/2015:22:24:01 +0100] Print-Job client-error-document-format-not-supported: Unsupported format "application/pdf".
```

93
_source/_posts/2015-03-05-bizarre-packet-filtering-on-ovh-kimsufi-server.markdown
Unescape Escape View File

@ -0,0 +1,93 @@
---
layout: post
title: "Bizarre packet filtering on OVH Kimsufi server"
date: 2015-03-05 23:11:24 +0100
comments: true
categories:
---
Context
=======
I am leasing a Kimsufi dedicated server from OVH,
`ks3269175.kimsufi.com` aka `5.39.82.72`. Since early
January 2015, TCP connections to that machine (and in
particular SSH connections) are sporadically hanging.
Analysis of the issue
=====================
This machine is on a network whose default router
is `5.39.82.254` (`vss-gw-6k.fr.eu`).
As far as I was able to determine, this is a virtual
router, load balanced using [GLBP](http://www.freeccnastudyguide.com/study-guides/ccna/ch14/vrrp-hsrp-glbp/) .
The two actual routers are:
* `vss-9b-6k.fr.eu`, MAC address `00:07:b4:00:01:01`
* `vss-9a-6k.fr.eu`, MAC address `00:07:b4:00:01:02`
When attempting to establish an SSH connection from the outside
to that machine, the first data packet in the connection
appears to be dropped if sent through `00:07:b4:00:01:01`.
This does not appear to be related to any kind of stateful
firewalling system. As an experiment, I wrote a simple Scapy
script that loops sending identical TCP segments, one per second,
through both of the above MAC addresses, to a remote address
outside OVH.
A tcpdump on the dedicated server shows the stream of outgoing packets:
```
23:04:15.390421 00:22:4d:83:36:80 > 00:07:b4:00:01:01, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2122 > 194.98.77.4.60347: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:04:15.406734 00:22:4d:83:36:80 > 00:07:b4:00:01:02, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2222 > 194.98.77.4.60347: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:04:16.424437 00:22:4d:83:36:80 > 00:07:b4:00:01:01, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2122 > 194.98.77.4.60348: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:04:16.441460 00:22:4d:83:36:80 > 00:07:b4:00:01:02, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2222 > 194.98.77.4.60348: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:04:17.459641 00:22:4d:83:36:80 > 00:07:b4:00:01:01, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2122 > 194.98.77.4.60349: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:04:17.476966 00:22:4d:83:36:80 > 00:07:b4:00:01:02, ethertype IPv4 (0x0800), length 115: 5.39.82.72.2222 > 194.98.77.4.60349: Flags [P.], seq 0:49, ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
```
Now observing traffic on the remote machine, we see only those
packets that went through 00:07:b4:00:01:02:
```
23:05:13.322004 IP 5.39.82.72.2222 > 194.98.77.4.60403: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:05:14.355176 IP 5.39.82.72.2222 > 194.98.77.4.60404: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:05:15.390245 IP 5.39.82.72.2222 > 194.98.77.4.60405: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:05:16.426968 IP 5.39.82.72.2222 > 194.98.77.4.60406: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:05:17.456869 IP 5.39.82.72.2222 > 194.98.77.4.60407: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
23:05:18.494918 IP 5.39.82.72.2222 > 194.98.77.4.60408: Flags [P.], ack 0, win 8192, options [TS val 123 ecr 456,eol], length 49
```
Resolution
==========
None so far. OVH has been notified of the problem (TICKET#2015010719008317)
and all analysis elements in my possession have been conveyed to them,
to no avail so far: the machine has been essentially unusable for the
past two months and counting.
**Update 2015-03-20** OVH say they identified a problem and are working on
a fix. No more SSH failure observed since 2015-03-18 in the afternoon,
so apparently the fix did work. Still waiting for a post-mortem explanation
as to what went wrong, and why it took them so long to ackonwledge,
investigate, and resolve the problem.
**Update 2015-04-01** Service remains stable, in that failures are not
observed anymore. OVH indicates they are still discussing the underlying
issue with Cisco, and the fix is not completed yet.
**Update 2015-06-17** Service remains stable. OVH indicates that they have
identified the origin of the issue, a fix is available, and they have
scheduled its deployment.
**Update 2015-09-17** At long last, OVH confirmed that the problem is
indeed resolved on their side, and agreed to extend my subscription
by 3 months at no cost in compensation, which is decent of them.
Acknowledgements
================
Thanks to Pierre Beyssac for hinting at GLBP, and to Fabian at OVH
support for following up internally on this issue.

39
_source/_posts/2015-03-12-gphoto-fails-to-connect-to-canon-eos-20d.markdown
Unescape Escape View File

@ -0,0 +1,39 @@
---
layout: post
title: "GPhoto2 fails to connect to Canon EOS 20D"
date: 2015-03-12 18:43:21 +0100
comments: true
categories:
---
For the past few months, [Digikam](https://www.digikam.org/)
(and the underlying [GPhoto2](http://gphoto.sourceforge.net/) library)
failed to connect to my Canon EOS 20D camera:
```
canon/canon/usb.c (2): Initializing the (USB) camera.
canon/canon/usb.c (2): canon_usb_camera_init()
canon/canon/usb.c (2): canon_usb_identify: USB ID match 0x04a9:0x30eb (model name "Canon:EOS 20D (normal mode)")
gp_context_status (2): Detected a 'Canon:EOS 20D (normal mode)'.
Detected a 'Canon:EOS 20D (normal mode)'.
gp_port_usb_msg_read (3): Reading message (request=0xc value=0x55 index=0x0 size=1=0x1)...
gp_port_usb_msg_read (3): Read 0 = 0x0 out of 1 bytes USB message (request=0xc value=0x55 index=0x0 size=1=0x1) (empty hexdump of empty buffer)
gp_context_error (0): Could not establish initial contact with camera
*** Error ***
Could not establish initial contact with camera
gp_port_close (2): Closing port...
gp_context_error (0): An error occurred in the io-library ('Unknown error'): No error description available
```
Upgrading various components of my system did not help, so I ended up
suspecting a possible issue with the USB stack, which prompted a
[major OS upgrade]({% post_url 2015-02-18-upgrading-to-freebsd-10-1-release %})
from which I am still slowly recovering.
It turned out that the upgrade did not help. Further investigation and
debugging finally allowed me to zero in on the cause of the problem,
which turned out to be a bug in libgphoto2... which coincidentally
got [fixed](http://sourceforge.net/p/gphoto/code/15384/)
hours before I identified it on my own.

29
_source/_posts/2015-05-09-gnupg-2-dot-1-2-doesnt-work-with-caff.markdown
Unescape Escape View File

@ -0,0 +1,29 @@
---
layout: post
title: "GnuPG 2.1.2 doesn't work with caff"
date: 2015-05-09 01:50:02 +0200
comments: true
categories:
---
Today I signed a GnuPG key using my air-gapped master private key,
and then tried to send the signature to the key owner from
my network-connected workstation using [caff](https://wiki.debian.org/caff).
This failed miserably, with caff unable to find a valid signature,
and `gpg --list-secret-keys` missing the (stub) private key.
It turns out that I had inadvertently upgraded GnuPG on this workstation
to version 2.1.2, which has a [completely revamped secret keys handling](https://www.gnupg.org/faq/whats-new-in-2.1.html#nosecring):
secret key material is now entirely handled by `gpg-agent`, and
the `--secret-keyring` command line option for `gpg` (which `caff`
depends on) is now
[obsolete](https://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029296.html).
GnuPG 2.1 apparently also chokes on some legacy keys, and the work-around
is to [reimport the keyring manually](http://jo-ke.name/wp/?p=111).
`caff` has been [fixed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771857)
to support GnuPG 2.1. However this depends on GnuPG 2.1.3 or newer,
which is [not in the ports tree yet](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200057),
so for the time being I have reverted
to the "stable" 2.0 release: `portmaster -o security/gnupg20 gnupg`.

42
_source/_posts/2015-07-30-subsonic.markdown
Unescape Escape View File

@ -0,0 +1,42 @@
---
layout: post
title: "Subsonic, FreeBSD 10, and UTF-8"
date: 2015-07-30 15:00:00 +0200
comments: true
categories:
---
In the context of
[upgrading to FreeBSD 10]({% post_url 2015-02-18-upgrading-to-freebsd-10-1-release %}),
I reinstalled the [Subsonic media server](http://www.subsonic.org/) from ports.
Servlet container
=================
It turns out that using Jetty as the underlying servlet container would not work:
I would get an obscure Java exception during various operations:
```
Message /WEB-INF/jsp/settingsHeader.jsp(12,0) PWC6340: According to the TLD, rtexprvalue is true, and deferred-value is specified for the attribute items of the tag handler org.apache.taglibs.standard.tag.rt.core.ForTokensTag, but the argument for the setter method is not a java.lang.Object
```
Switching to Tomcat 8 worked.
Changing filesystem charset to UTF-8
====================================
I had been using ISO-8859-15 filenames for ever. As part of the OS ugprade,
I decided it was more than time to switch the whole system to UTF-8. (One
specific issue that prompted this was the fact that GDM now seems to not
support ISO 8859-15 GECOS user names anymore).
In order to have Subsonic properly handle file and directory names encoded
in UTF-8, I had to set LANG for it:
```plain /etc/rc.conf.d/tomcat8
export LANG=fr_FR.UTF-8
```
*and* to re-create the database from scratch (remove everything from
`/var/subsonic/db/` *except* `subsonic.script`).

116
_source/_posts/2015-09-05-building-kde-libraries.markdown
Unescape Escape View File

@ -0,0 +1,116 @@
---
layout: post
title: "Digikam, dependencies, and building KDE libraries"
date: 2015-09-05 12:49:51 +0200
comments: true
categories:
---
Context
=======
I have a very basic KDE environment, just enough to be able to run
Digikam. Anytime I try to delete a photo, I get an error message:
```plain
Could not start process
Unable to create io-slave: klauncher said: Unknown protocol 'trash'.
```
Oh, well. So I guess the FreeBSD port for Digikam fails to list a
required dependency. Fixing this is a long (ongoing) journey,
with lots of interesting adventures all along. This is not a step
by step buid, but a series of notes about various traps I fell
on the way.
KDE libraries versioning
========================
Executive summary: you cannot build KDE libraries (such
as sysutils/kfilemetadata) of a given version if it does
not match exactly the installed version of kdelibs:
```plain Build log
[...]
===> Registering installation for kfilemetadata-4.14.3_2 as automatic
pkg-static: Unable to access file /var/ports/work/usr/ports/sysutils/kfilemetadata/work/stage/usr/local/lib/libkfilemetadata.so.4.14.3: No such file or directory
*** Error code 74
```
kfilemetadata fails to install. That file is indeed missing; the staging area
does however contain a libkfilemetadata.so.4.14.2. So why does the source package
of 4.14.3 generate a 4.14.2 library?
Answer: the library version is not set by the package itself, it comes from a
default value from:
o
```plain /usr/local/share/apps/cmake/modules/KDE4Defaults.cmake
set(GENERIC_LIB_VERSION "4.14.2")
```
Where does this come from?
```plain
$ pkg which /usr/local/share/apps/cmake/modules/KDE4Defaults.cmake
/usr/local/share/apps/cmake/modules/KDE4Defaults.cmake was installed by package kdelibs-4.14.2_5
```
Conclusion: the build dependency for kfilemetadata should list the exact same version of
kdelibs, or the port won't build.
Upgrading kdelibs
=================
Let's instead upgrade kdelibs from binary package, and hope for the best:
```plain
# pkg install -f kdelibs
```
This breaks because the binary package depends on a newer libpng, so let's upgrade this one,
keeping the old shared lib intact just in case.
```plain
$ digikam
/usr/local/lib/libpng16.so.16: version PNG16_0 required by /usr/local/lib/libkhtml.so.5 not defined
```
Strange that libpng 1.6.16 does not have version 16... Sigh... OK, upgrading from png-1.6.16
to png-1.6.18 appears to fix the problem. Back on track...
Now Digikam displays its splash screen and starts initializing, then segfaults.
Hell, I'll have to bite the bullet and upgrade a few hundred packages from ports. :-(
VLC ports variants
==================
The vlc port by defaults depends on QT5, whereas the rest of the
KDE system depends on QT4. You can rebuild vlc with the QT4 option,
but that's not quite sufficient: actually phonon (part of KDE)
depends explicitly on slave port vlc-qt4 (so you can't just install
vlc with QT4 option, you have to go through the separate slave
port).
OpenSLP
=======
Digikam does not segault anymore, CUPS is repaired (I had to reinstall
it somewhere in the process, as it would silently fail to startup
due to a missing symbol) but I still cannot delete photos. On second
guess, the missing item might be kde4-runtime, not kde4-workspace.
Here the dead end is quickly reached: x11/kde4-runtime depends on net/openslp,
which won't build because of a security vulnerability... Oh well, let's
build with `DISABLE_VULNERABILITIES=yes`...
Epilogue
========
At long last, small victory: the missing piece was indeed x11/kde4-runtime.
The problem has been [reported](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203222).
I must admit I'm getting sick and tired of the amount of breakage I need to
investigate and fix most times I want to install something using the ports system.
Desktop work nowadays requires humongous dependency closures that are extremely
fragile, and I'm very much tempted these days to switch back to Debian for that.

23
_source/_posts/2015-10-01-unicode-symbols-support.markdown
Unescape Escape View File

@ -0,0 +1,23 @@
---
layout: post
title: "FreeBSD Unicode symbols support"
date: 2015-10-01 22:38:03 +0200
comments: true
categories:
---
The font packages available on a desktop environment with a default
FreeBSD installation do not support the
[Miscellaneous Symbols and Pictographs](https://en.wikipedia.org/wiki/Miscellaneous_Symbols_and_Pictographs)
Unicode range (U+1F300..U+1F5FF), which contains various dingbats
and emoji.
A nice vector font providing these symbols is however available
from ports: `x11-fonts/symbola`.
(Note: `x11-fonts/gnu-unifont` and `x11-fonts/gnu-unifont-ttf` are not
nearly as exhaustive.)
**Update 2017-01-23** Similar problem on Debian (CIRCLED LATIN CAPITAL LETTER V
(U+24CB), &#x24cb; was missing). Resolved by installing `fonts-linuxlibertine`.

61
_source/_posts/2016-01-19-setting-up-grub-slash-gpt-slash-lvm.markdown
Unescape Escape View File

@ -0,0 +1,61 @@
---
layout: post
title: "Setting up GRUB/GPT/LVM"
date: 2016-01-19 17:09:09 +0100
comments: true
categories:
---
Notes on setting up a machine to use GPT partitioning, LVM for
all filesystems (including root), and GRUB2 to boot.
Starting with a vanilla Debian 7.8 setup. Here we assume that /dev/sdb
is the disk that will ultimately contain the system.
GPT setup
=========
(parted) mklabel gpt
(parted) mkpart primary 2048s 4095s
(parted) set 1 bios_grub on
(parted) name 1 "BIOS Boot Partition"
(parted) mkpart primary 4096s 100%
(parted) set 2 lvm on
(parted) name 2 "LVM"
Do we want a swap partition there??? If we don't provision one now,
we'll have to swap to an LVM LV.
LVM setup
=========
pvcreate /dev/sdb1
# Format given disk for LVM
vgcreate tank /dev/sdb2
# Create a volume group with that disk as the underlying storage
lvcreate -n rootfs -L 10G tank
lvcreate -n home -l 100%FREE tank
Filesystem
==========
mkfs.ext4 /dev/mapper/tank-rootfs
mkfs.ext4 /dev/mapper/tank-home
mount -t ext4 /dev/mapper/tank-rootfs /mnt
Set up root filesystem (including /boot subdirectory) in /mnt.
Make sure that /etc/fstab on tank-rootfs points to the proper
root fs.
GRUB2
=====
for i in /dev /dev/pts /proc /sys /run; do mount -B $i /mnt$i; done
chroot /mnt
rm -f /boot/grub/device.map
grub-mkconfig -o /boot/grub/grub.cfg
grub-install /dev/sdb

21
_source/_posts/2016-08-07-gdm-keyboard-layout-revisited.markdown
Unescape Escape View File

@ -0,0 +1,21 @@
---
layout: post
title: "GDM keyboard layout revisited"
date: 2016-08-07 01:38:56 +0200
comments: true
categories:
---
So, I wanted to upgrade Firefox on my FreeBSD 10 workstation,
and this in turn caused some supporting libraries to be upgraded,
and this broke all sorts of things again.
Initially gdm just segfaulted. After more manual upgrades,
it turned out to work again, except that GDM had lost all localization,
and in particular got the wrong keymap for the login screen.
It appears that gdm_lang is no longer honored (despite still being
mentioned in /usr/local/etc/rc.d/gdm): you now need to set gdm's
locale in /usr/local/etc/gdm/locale.conf. Also note that unlike
other user-editable configuration files, this one is overwritten
each time gdm is reinstalled.

25
_source/_posts/2016-08-27-hp-laserjet-m1217nfw-setup-with-cups.markdown
Unescape Escape View File

@ -0,0 +1,25 @@
---
layout: post
title: "HP Laserjet m1217nfw setup with CUPS on FreeBSD 10"
date: 2016-08-27 11:41:57 +0200
comments: true
categories:
---
This is an entry level network-connected multi function printer. It
does not have a built-in Postscript interpreter. Instead, it receives
raster data through a proprietary network protocol implemented as
a closed source binary plugin to the CUPS filtering system.
In addition to CUPS, the following ports must be installed:
* print/hplip
* print/hplip-plugin
Once this is done, the printer can be added to CUPS. The standard
socket connection options cannot be used. Instead, the "HPLIP" transport
must be selected. The printer URI must be set manually from the output of
`hp-makeuri <IP-address>`. (The plugin requires an URI starting with
"hp:", and will reject any other device URI with an error message saying
"Error: This module is designed to work with HP Printers only").

53
_source/_posts/2017-10-11-chaging-default-browser-for-gnome-on-debian.markdown
Unescape Escape View File

@ -0,0 +1,53 @@
---
layout: post
title: "Chaging default browser for GNOME on Debian"
date: 2017-10-11 11:25:00 +0200
comments: true
categories:
---
Problem position
================
I have `chromium` and `firefox-esr` installed. I want `gvfs-open`
to default to the latter when opening a web URL.
Alternatives
============
There are /etc/alternatives entries for `x-www-browser` and
`gnome-www-browser` that can be manually edited using
# update-alternatives --config gnome-www-browser
# update-alternatives --config x-www-browser
Unsuprisingly, this won't have the desired effect. Life
would be too simple...
GNOME MIME
==========
The default browser for GNOME applications is determined using
`gvfs-mime`. Per-user overrides can be specified in
`~/.local/share/applications/mimeapps.list`. System-wide
defaults are generated by `update-desktop-database` and
stored in `/usr/share/applications/mimeinfo.cache`.
Quoting https://wiki.debian.org/MIME:
> The mimeinfo.cache is basically a raw reverse cache for the
> .desktop information. There is no way to define priorities in it.
> To be able to specify default applications, a mimeapps.list file
> (previously named defaults.list up to debian 5) must be created.
> It can be system-wide (in /usr/share/applications or a subdirectory)
> or user-specific (in $HOME/.local/share/applications).
And indeed the fix was to reorder the list from `mimeinfo.cache`,
and create the following file:
```plain /usr/share/applications/mimeapps.list
[Default Applications]
x-scheme-handler/http=firefox-esr.desktop;chromium.desktop;google-chrome.desktop;
x-scheme-handler/https=firefox-esr.desktop;chromium.desktop;google-chrome.desktop;
```

146
_source/_posts/2017-11-29-debian-stretch-on-dell-precision-7520.markdown
Unescape Escape View File

@ -0,0 +1,146 @@
---
layout: post
title: "Linux on Dell Precision 7520"
date: 2017-11-29 12:00:00 +0100
comments: true
categories:
---
Three years after the [M4800]({% post_url 2014-11-22-debian-jessie-on-dell-precision-m4800 %}),
it's time to upgrade again. Let's start with `debian-9.2.1-amd64-netinst.iso`.
Booting it up
-------------
My new laptop came with an OEM Windows 10 preinstalled. I wanted to keep it just
in case, but it turns out that:
* since I want BitLocker, SecureBoot needs to be enabled
* Ubuntu supports SecureBoot, but Debian does not
* since I want LVM+encryption, I need to use Debian
So I'm ditching the pre-installed Windows (I'll make a VirtualBox VM
later on if I really need it).
Installation
------------
System install is pretty uneventful, except for the fact that the trackpad
is apparently not working within the installer. I was able to install
on LVM with encryption as desired. I was happy to find MATE as one of the
desktop options.
Post-install customization
--------------------------
X11
===
Keyboard and trackpad setup appear to work just fine out of the
box (including for GDM).
The default driver appears to work just fine with the embedded LCD
display, but is unable to handle my two external DP monitors
(see below).
Nvidia driver
=============
I am using this laptop on a docking station with two DisplayPort
monitors. This works only if the builtin Intel GPU is disabled,
and the add-on Nvidia GPU only is enabled.
Using the nvidia (non-free) driver
----------------------------------
To install the nVidia driver:
* make sure installed kernel headers (linux-headers) match kernel (linux-image),
otherwise DKMS won't build.
* install nvidia-driver (note: this will build a kernel module, so requires
a working compiler)
* install nvidia-xconfig
* run `nvidia-xconfig --query-gpu-info` by hand and make note of PCI BusID
* run `nvidia-xconfig --busid=PCI:x:x:x` to generate xorg.conf
BIOS setup
----------
To disable the built-in Intel GPU:
* Video -> Switchable graphics -> uncheck Enable Switchable Graphics
(I have also checked Graphics Special Mode, not sure whether this is
needed).
Desktop environment
===================
* Set focus-follows-mouse
* Set keyboard shortcut for lock screen to Win+L
* Set MATE terminal to white-on-black
[Disable GNOME Keyring SSH agent](http://william.shallum.net/random-notes/disabling-gnome-keyring-daemon-ssh-agent-on-mate-desktop):
```
$ gsettings get org.mate.session gnome-compat-startup
['smproxy', 'keyring']
$ gsettings set org.mate.session gnome-compat-startup "['smproxy']"
$ gsettings get org.mate.session gnome-compat-startup
['smproxy']
$ mate-session-properties
# uncheck SSH Key Agent and maybe others.
# This will create a copy of /etc/xdg/autostart/gnome-keyring-ssh.desktop
# in ~/.config/autostart, with appropriate settings to turn it off.
```
Sudo configuration
==================
Add myself to group `sudo`.
APT sources
===========
In `/etc/apt/sources.list`: add contrib and non-free.
Wifi drivers
============
The Intel wireless drivers require non-free binary components,
see https://wiki.debian.org/fr/iwlwifi
Packages
========
firmware-iwlwifo
vim
rsync
net-tools
pcscd
apt-transport-https
openvpn
binutils
ltrace
strace
scdaemon
Hipchat
=======
Hipchat is linked against Qt libraries that assume OpenSSL 1.0,
but Debian provides 1.1.
Work around:
```
# apt-get install libssl1.0.2
# ln -s /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 /opt/HipChat4/lib/libssl.so
# ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 /opt/HipChat4/lib/libcrypto.so
```
(Note: the Atlassian web site gives
[incomplete instructions](https://confluence.atlassian.com/hipchatkb/hipchat4-debian-client-doesn-t-connect-859526103.html)
-- they do not mention libcrypto).

45
_source/_posts/2017-12-28-ipv6-and-netgraph-ethernet-pseudo-interface.markdown
Unescape Escape View File

@ -0,0 +1,45 @@
---
layout: post
title: "IPv6 and Netgraph Ethernet pseudo-interface"
date: 2017-12-28 12:47:00 +0100
comments: true
categories:
---
On a NanoBSD firewall, I want to have a separate
MAC address on one of the Ethernet interfaces to
act as the outer endpoint for IPv6 traffic. This
is achieved using a Netgraph eiface:
```plain /etc/rc.local
kldload ng_ether
ngctl mkpeer sis0: bridge lower link0
ngctl name sis0:lower sis0bridge
ngctl connect sis0: sis0bridge: upper link1
ngctl mkpeer sis0bridge: eiface link2 ether
ngctl msg sis0: setpromisc 1
ngctl msg sis0: setautosrc 0
ifconfig ngeth0 link 06:00:00:00:00:06
```
Note that this does *not* include an ifconfig call to
set the interface's IPv6 address: this is done by
devd, which calls the boot scripts' ifconfig routine
when the interface comes up. Thus I have the following
line in /etc/rc.conf:
```plain /etc/rc.conf
ifconfig_ngeth0_ipv6="inet6 fe80::6/64"
```
If instead of this line I have an explicit ifconfig
in `/etc/rc.local` then there is a race condition between
rc.local and devd. If devd runs last, the boot scripts
won't see any IPv6 address configured for the newly
created interface in `/etc/rc.conf`, and they will set
`ifdisabled` on it (blocking all IPv6 traffic, and marking
the configured link local address as "tentative").
If devd runs first, the problem is dormant, because setting
the link local address clears `ifdisabled` as a side effect.

34
_source/_posts/2018-05-16-add-collation-to-postgres-post-initdb.markdown
Unescape Escape View File

@ -0,0 +1,34 @@
---
layout: post
title: "Add collation to Postgres post-initdb"
date: 2018-05-16 14:09:15 +0200
comments: true
categories:
---
Note: this is for old Postgres installs that lack the
pg_import_system_collations function.
We need to operate as user so that the new collation has the proper
ownership. We connect to template1, because by default we can't connect
to template0.
$ sudo -u postgres psql -d template1
Now allow ourselves to connect to template0
template1=# UPDATE pg_database SET datallowconn = TRUE WHERE datname = 'template0';
template1=# \c template0
Create collation in the proper schema (pg_catalog). Quote collation name
to preserve capitalization.
template0=# CREATE COLLATION pg_catalog."en_US" (LOCALE='en_US.utf8');
Now reset datallowconn to FALSE.
template0=# UPDATE pg_database SET datallowconn = FALSE WHERE datname = 'template0';
Now any database created from the template0 template will inherit the new
collation.

32
_source/_posts/2018-07-31-hplip-wont-print.markdown
Unescape Escape View File

@ -0,0 +1,32 @@
---
layout: post
title: "HPLIP won't print"
date: 2018-07-31 13:08:26 +0200
comments: true
categories:
---
Symptom
-------
Printing to HP MFP1217nfw fails with "Filter failed". No useful
information in CUPS logs even at LogLevel debug. Message found
in `/var/log/daemon.log`:
Jul 31 13:03:10 malaussene hpcups[3083]: common/utils.c 130: validate_plugin_version() Plugin version[3.14.6] mismatch with HPLIP version[3.16.11]
Jul 31 13:03:10 malaussene hpcups[3083]: common/utils.c 157: Plugin version is not matching
Probable cause
--------------
Upgrade of HPLIP Debian packages without corresponding (manual) update
of the proprietary/binary plugin.
Fix
---
Upgrading the plugin using:
# hp-plugin
proved effective.

72
_source/_posts/2019-02-02-debian-setup-for-personal-laptop.markdown
Unescape Escape View File

@ -0,0 +1,72 @@
---
layout: post
title: "Debian setup for personal laptop"
date: 2019-02-02 11:36:09 +0100
comments: true
categories:
---
Setup redone after complete loss of trusty seven years old hard drive
due to mechanical failure. Replaced with SSD, whole system reinstalled
with fresh Debian 9.6.0.
Packages installation
=====================
apt upgrade
packages:
zsh
mutt
git
subversion
whois
gnumeric
net-tools
traceroute
apt-file
packages de dépôts tiers :
virtualbox
package de source non-free :
firmware-iwlwifi
À la main :
firefox
Lastpass
Lastpass binary component (binaire à copier et JSON à générer
dans ~/.mozilla)
Driver Nvidia
=============
Pour fonctionnement correct de l'accélération 3D dans VirtualBox
(pour Fusion 360)
linux-headers-$(uname -r|sed 's/[^-]*-[^-]*-//')
nvidia-driver depuis le dépôt stretch-backports
Dans xorg.conf, override manuel DPI 100x100 (défaut 143x144 : fontes
trop grandes)
Customize
=========
ln -s Téléchargements ftp
Gnome-terminal:
palette prédéfinie blanc sur noir
Apparence/fenêtres
focus follows mouse
chsh zsh
checkout scripts, ln -s .zshrc
xmodmap multi_key
firefox
setup sync
middlemouse.contentLoadURL <- true

38
_source/_posts/2019-05-11-manual-firefox-install-on-debian.markdown
Unescape Escape View File

@ -0,0 +1,38 @@
---
layout: post
title: "Manual Firefox install on Debian"
date: 2019-05-11 15:26:15 +0200
comments: true
categories:
---
# Install downloaded archive
Download and unpack archive under `/opt`. Note: top level directory
in archive is `firefox`, does not contain version.
# Creating a GNOME launcher
From https://wiki.debian.org/Firefox:
```plain /usr/share/applications/firefox.desktop
[Desktop Entry]
Name=Firefox ''Your version''
Comment=Web Browser
GenericName=Web Browser
X-GNOME-FullName=Firefox ''Your version'' Web Browser
Exec=/path/to/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/path/to/firefox/browser/chrome/icons/default/default128.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true
```
# Setting it as default
See [previous post]({% post_url 2017-10-11-chaging-default-browser-for-gnome-on-debian %}).

34
_source/_posts/2019-08-11-arduino-boot-loader-on-cheap-chinese-bluepill-clone.markdown
Unescape Escape View File

@ -0,0 +1,34 @@
---
layout: post
title: "Arduino boot loader on cheap Chinese BluePill clone"
date: 2019-08-11 16:59:46 +0200
comments: true
categories:
---
Boot modes: flash/ROM (system memory)/RAM
Bootloader or not/purpose/various programming methods
* UART
* ST-LINK
* DFU
Arduino boot loader: dual device issue (serial ACM vs DFU)
* reset -> loader (3s) -> user app
* when ACM app detects DTR toggle, reset USB bus (or reset MCU???)
and switch back to DFU loader
* rogerclarke
* support recently integrated in official STM32duino
Bare boot loader: DFU only, by default one shot at reset, no support
for switching back through DTR (no ACM!)
Requires a sketch which implements the ACM dev (SerialUSB)
For some reason the distributed combined loader+sketch does not
work.
Perpetual loader mode (stay in DFU)
Once first sketch is programmed, it contains ACM support for
loading the next one... *If* the correct programming mode is
selected while building the sketch!
Alternative: HID bootloader (not thoroughly investigated)
Reliability issue (host sometimes unable to open ACM)
ST-LINK is superior (no 3s delay at boot time, reliable programming)

54
_source/_posts/2019-12-24-poor-mans-cnc-plotter.markdown
Unescape Escape View File

@ -0,0 +1,54 @@
---
layout: post
title: "Poor man's CNC plotter"
date: 2019-12-24 15:36:20 +0100
comments: true
categories:
---
Initial GRBL settings:
````
$0 = 10 (Step pulse time, microseconds)
$1 = 25 (Step idle delay, milliseconds)
$2 = 0 (Step pulse invert, mask)
$3 = 0 (Step direction invert, mask)
$4 = 0 (Invert step enable pin, boolean)
$5 = 0 (Invert limit pins, boolean)
$6 = 0 (Invert probe pin, boolean)
$10 = 1 (Status report options, mask)
$11 = 0.010 (Junction deviation, millimeters)
$12 = 0.002 (Arc tolerance, millimeters)
$13 = 0 (Report in inches, boolean)
$20 = 0 (Soft limits enable, boolean)
$21 = 0 (Hard limits enable, boolean)
$22 = 0 (Homing cycle enable, boolean)
$23 = 0 (Homing direction invert, mask)
$24 = 25.000 (Homing locate feed rate, mm/min)
$25 = 500.000 (Homing search seek rate, mm/min)
$26 = 250 (Homing switch debounce delay, milliseconds)
$27 = 1.000 (Homing switch pull-off distance, millimeters)
$30 = 255 (Maximum spindle speed, RPM)
$31 = 1 (Minimum spindle speed, RPM)
$32 = 0 (Laser-mode enable, boolean)
$100 = 6.700 (X-axis travel resolution, step/mm)
$101 = 8.000 (Y-axis travel resolution, step/mm)
$102 = 250.000 (Z-axis travel resolution, step/mm)
$110 = 4000.000 (X-axis maximum rate, mm/min)
$111 = 4000.000 (Y-axis maximum rate, mm/min)
$112 = 500.000 (Z-axis maximum rate, mm/min)
$120 = 500.000 (X-axis acceleration, mm/sec^2)
$121 = 500.000 (Y-axis acceleration, mm/sec^2)
$122 = 10.000 (Z-axis acceleration, mm/sec^2)
$130 = 40.000 (X-axis maximum travel, millimeters)
$131 = 30.000 (Y-axis maximum travel, millimeters)
$132 = 200.000 (Z-axis maximum travel, millimeters)
````
Switch to 16x micro-stepping:
````
>>> $100=107.2
ok
>>> $101=128
ok
````

9
_source/_posts/2023-05-06-color-emoji-terminal.markdown
Unescape Escape View File

@ -0,0 +1,9 @@
---
layout: post
title: "Color emoji in mate-terminal on Debian"
date: 2023-05-06 00:58:00 +0100
comments: true
categories:
---
Easy peasy: `apt install apt install fonts-noto-color-emoji`
Write Preview
Loading…
Cancel
Save