dpkg tips
dpkg is package manager for Debian, and found in most of its derivatives. Programs such as apt and aptitude are front-ends to dpkg. Following are some handy to know dpkg commands.
Package Listing
To display all currently installed packages (including version numbers) or a specfic package:
dpkg -l [package_name] |
Package Querying
To show details about a specific package:
dpkg -p {package_name} |
To find out which files are installed by a package:
dpkg -L {package_name} |
To find out which package installs a particular file:
dpkg -S {/path/to/file | part_of_filename} |
Package Removal
To remove a package but retain the configuration files:
dpkg -r {package_name} |
To remove a package including the configuration files:
dpkg -P {package_name} |
apt autoclean
To have apt-get/aptitude auto-clean all the downloaded .deb files after running an "update" (to keep as much free space as possible) simply add the following to /etc/apt/apt.conf.d/00autoclean
Aptitude::Autoclean-After-Update; |
ownCloud private web storage
ownCloud is a webdav based application allowing you to store files on your own personal server on the Internet and access them via http or webdav. Installation is as follows:
Ensure apache2, php and mysql are installed
$ apt-get install apache2 php5 mysql-server php5-mysql sqlite php5-sqlite |
Download the latest stable (or the experimental version via git if preferred). At time of writing, the latest stable version is stable version 1.2 and install to the webserver directory:
$ wget 'http://owncloud.org/releases/owncloud-1.2.tar.bz2' $ bunzip2 owncloud-1.2.tar.bz2 $ tar xvf owncloud-1.2.tar $ mv owncloud /var/www/ |
Appropriate permissions need to be set so that the webserver has full control of the directory. On debian or ubuntu this is:
$ chown -R www-data:www-data /var/www/owncloud |
Next you need to decide upon the database used, the administrator user and password. This is done through the "first run wizard" which will appear the first time the owncloud directory is browsed. Sqlite requires no configuration, while selecting MySQL will require additional information to build the tables.
ownCloud first run wizard
After configuration, the standard login will be presented:
ownCloud login page
once logged in files are displayed and options to upload or create directories are available under "More Actions":
ownCloud file listing
The web interface is now functioning as well as access via webdav. Since KDE supports webdav it is possible to configure access to the server storage space via the "Network" place as follows:
Select "Add Network Folder"
Select the "webdav"access method:
Select WebFolder (webdav)
fill in the details, notice that the folder field is set to "/owncloud/webdav/owncloud.php" (this assumes the installation was to /var/www/owncloud on a debian or ubuntu system)
Enter configuration details
Upon saving the details a prompt for the password will appear and an option to "Remember password" so you don't have to re-enter it whenever accessing the folder:
Enter password
The share will now appear in the "Network" places:
ownCloud in Network places
And can be used like any other folder on the system within KDE:
ownCloud access via webdav in KDE
The files themselves are stored in a per-user directory in a sub-folder of the owncloud directory entitled "data"
GRUB2 splash image
GRUB2 supports background images being displayed during the selection phase of the boot process. A wide variety of formats are supported, including jpg, png and tga. The image size should be 640x480 pixels.
Place the image in /boot/grub and run the command update-grub, looking for the indication that the image was found:
$ update-grub Generating grub.cfg ... Found background image: splashimg.png |
The next time the system is boot the custom image will be displayed. My example image can be found below
Sample GRUB splash image
Anonymous Windows PDF generation via SAMBA
On Ubuntu I'm completely used to the idea of printing out a PDF document of what I want/need. It saves on paper and allows me to keep digital copies; it can also prove indispensable if I need to send a copy via email.
At work, on Microsoft Windows, I have struggled with trying to do this. The only products available for PDF generation appear to be commercial. Through some tinkering with a Ubuntu server in the office I setup a PDF printer for all to use anonymously. Here's how...
Configuring Samba and PDF
The important thing to remember is that PDF printer on the server produces PDF files locally, and therefore access to the produced PDFs must be via SAMBA too.
Samba is usually installed by default, but if not, run:
$ sudo apt-get install samba
Changes need to be made to the config file /etc/samba/smb.conf to allow printing. Uncomment/add the following entries:
printing = cups printcap name = cups
We now need a location that anybody can read or write to (which is where our PDFs will be placed for pickup). In this example I will use the /tmp directory. To do this we add the following entry to the samba config file:
[tmp] comment = Samba server's tmp directory locking = no path = /tmp guest ok = yes create mask = 0666 read only = no
Restart Samba
$ sudo /etc/init.d/samba restart
You may already have the PDF printer installed (as cups is installed by default) however, if you don't, simply run:
$ sudo apt-get install cups-pdf
We now need to tell the cups-pdf printer where to otput its files. System users have their files printed to the folder ~/PDF. This has implications for samba users too. If you mount samba shares as a system user on the server then your PDFs will be printed to that user's ~/PDF directory. This may be what you want.
The file we need to alter is /etc/cups/cups-pdf.conf, specifically the following two entries:
Out ${HOME}/PDF
The above entry details where PDFs are created for system users. Altering this affects all system users AND samba users who use system user credentials to mount drives. Change this to suit your needs. Next is the AnonDirName entry, change it to:
AnonDirName /tmp
Now any anonymous user will have their PDFs placed in /tmp to pickup via samba. Restart CUPS - on Hardy (and earlier?) this appears to be:
$ sudo /etc/init.d/cupsys restart
but on Jaunty (and later?) it may be:
$ sudo /etc/init.d/cups restart
Configuring Windows
The example here has been completed on a Windows Vista machine, but should be similar for other versions. First you need to browse to the computer:
Windows printers
and double-click the "PDF" printer, which will start to install the printer. A printer driver error message will be displayed indicating that the printer driver could not be found:
Windows printer driver error message
This is not a problem. Simply click "Ok" to continue the install. You will now need to select a printer driver to use with the printer. The printer works with PostScript documents so I selected a HP PostScript printer driver to use with it, the 'HP LaserJet Series 1200 PS' - CafeNinja tested with the 'IBM 4079 Color Jetprinter PS' driver and achieved successful results
Windows add printer wizard
Once the driver has been installed the printer's queue will be displayed. Don't worry about the "Access denied, unable to connect" message - this has never stopped it working for me:
Windows printer queue
From the printer queue window select Printer > Properties to get to the properties window. Then select to "Print Test Page" - closing any "sent test page" window box that may appear
Windows printer properties
Now browse to the /tmp directory and collect the Windows (recognisable) printed PDF. Take note that the output PDF is in color too!
Windows test page PDF
Caveats
A couple of things to remember...
- The PDF gets its name from the file that was being printed - this could lead to accidental overwrites
- The files do not get auto-deleted so you may wish to setup a cron job to do this periodically
Bridged VPN with OpenVPN
This VPN guide will use a bridged method (bridging the LAN connections to those of the Internet on a tap virtual interface.) This requires the bridge-utils to be installed - the OpenVPN software can be installed at the same time:
$ sudo apt-get install openvpn bridge-utils
Configure Networking
Typically, the VPN is on the LAN and the firewall transparently forwards packets from the outside world; this is the premise I will work from. The bridge will require the interfaces it manages to be in promiscuous mode, therefore, a typical bridge configuration on a Linux system could look as follows (where eth0 is managaed by the bridge br0) in /etc/network/interfaces:
## Start these interfaces on boot auto lo br0 iface lo inet loopback iface br0 inet static address 192.168.1.10 netmask 255.255.255.0 gateway 192.168.1.1 bridge_ports eth0 iface eth0 inet manual up ifconfig $IFACE 0.0.0.0 up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down
As seen above, we will assume a 192.168.1/24 private network. To have the changes take effect, the network needs to be restarted:
$ /etc/init.d/networking restart
As stated, OpenVPN will manage devices in promiscuous mode. When started, OpenVPN will create the tap device - however, the device needs to be added to the bridge we have created. To achieve this we will create two scripts which will be run by OpenVPN. The first, /etc/openvpn/up.sh will manage the addition:
#!/bin/sh BR=$1 DEV=$2 MTU=$3 /sbin/ifconfig $DEV mtu $MTU promisc up /usr/sbin/brctl addif $BR $DEV
The next, /etc/openvpn/down.sh will manage the removal of the tap device:
#!/bin/sh BR=$1 DEV=$2 /usr/sbin/brctl delif $BR $DEV /sbin/ifconfig $DEV down
We will see later how they are called. Finally, we make them executable:
$ chmod +x /etc/openvpn/up.sh /etc/openvpn/down.sh
Configure OpenVPN Server
We must generate certificates for the server. In order to do this we will setup our own Certificate Authority using the provided easy-rsa scripts in the /usr/share/doc/openvpn/examples/easy-rsa/ directory:
$ sudo mkdir /etc/openvpn/easy-rsa/ $ cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Before generating the CA we need to edit a file - /etc/openvpn/easy-rsa/vars. Change the values of the below entries to better reflect your CA:
export KEY_COUNTRY="US" export KEY_PROVINCE="CA" export KEY_CITY="SanFrancisco" export KEY_ORG="Fort-Funston" export KEY_EMAIL="me@myhost.mydomain"
Now we setup the CA and create the server certificate:
$ cd /etc/openvpn/easy-rsa/ ## move to the easy-rsa directory $ source ./vars ## execute your new vars file $ ./clean-all ## Setup the easy-rsa directory (Deletes all keys) $ ./build-dh ## takes a while consider backgrounding $ ./pkitool --initca ## creates ca cert and key $ ./pkitool --server server ## creates a server cert and key $ cd keys $ openvpn --genkey --secret ta.key ## Build a TLS key $ cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
By default all servers specified in *.conf files in /etc/openvpn/ are started on boot. Therefore, all we have to do is configure the openvpn server by creating /etc/openvpn/server.conf from the example file:
$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ $ gzip -d /etc/openvpn/server.conf.gz
Edit etc/openvpn/server.conf amending/setting the following options as required (note that we specify here how our networking up and down scripts are called and we have commented out the server line as we are using bridged mode):
local 192.168.1.10 dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;server 10.8.0.0 255.255.255.0 server-bridge 192.168.1.10 255.255.255.0 192.168.1.100 192.168.1.150 push "route 192.168.1.0 255.255.255.0" push "dhcp-option DNS 192.168.1.1" push "dhcp-option DOMAIN example.com" tls-auth ta.key 0 # This file is secret user nobody group nogroup
- local: is the IP address of the bridge interface.
- server-bridge: is needed when the configuration uses bridging. The 192.168.1.10 255.255.255.0 portion is the bridge interface and mask. The IP range 192.168.1.100 192.168.1.150 is the range of IP addresses that will be assigned to clients.
- push: are directives to add networking options for clients.
- user and group: configure which user and group the openvpn daemon executes as.
We can now restart the server so that our changes take effect:
$ /etc/init.d/openvpn restart
If this fails, check /var/log/daemon.log for errors. It is likely that you get errors similar to:
Mar 15 19:28:52 dev ovpn-server[7786]: openvpn_execve: external program may not be called due to setting of --script-security level Mar 15 19:28:52 dev ovpn-server[7786]: script failed: external program fork failed
This can be fixed by altering the /etc/default/openvpn file and amend the OPTARGS="" entry as follows:
OPTARGS="--script-security 2"
Configure OpenVPN Client
The VPN client will also need a certificate to authenticate itself to the server. Create the certificate on the server as follows (replacing "hostname" with the name of the client):
$ cd /etc/openvpn/easy-rsa/ source vars ./pkitool hostname
Now copy the following files from the /etc/openvpn/easy-rsa/keys directory to /etc/openvpn on the client (note that a secure method of transfer is highly recommended!):
- hostname.crt
- hostname.key
- ta.key
- ca.crt
With the server configured and the client certificates copied over, create a client configuration file by copying the example.
$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/
Now edit /etc/openvpn/client.conf changing the following options:
dev tap remote vpn.example.com 1194 cert hostname.crt key hostname.key tls-auth ta.key 1
Remember to replace vpn.example.com with the hostname of your VPN server as it is seen from the Internet (this could be the firewall if the firewall port-forwards port 1194 to the VPN server inside its LAN), and hostname.* with the actual certificate and key filenames.
Now simply start openvpn on the client in the same way you did for the server.
Windows Client Notes
On a Windows client it is necessary to name the config file hostname.ovpn and the client must be run with "administrator" privileges otherwise appropriate routes cannot be configured. This can be done by right-clicking the shortcut and selecting "Run as administrator"
Acknowledgements
This guide is unashamedly based upon the amazing efforts made by the Ubuntu community, namely:
https://help.ubuntu.com/community/OpenVPN
https://help.ubuntu.com/9.10/serverguide/C/openvpn.html
Acer Aspire One and SD cards
There are two SD card readers built into some Acer Aspire One systems. The one on the left side is designed to act as more long-term storage (the card left in between netbook uses) the right side, however, is designed to be hot-swappable and supports other types of storage cards. The issue results in SD cards not being usable when the netbook booted up unless a SD card was plugged in before boot, at which point it worked as expected.
There is an Ubuntu bug report detailing the issue and potential fixes:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/271019
On my Acer Aspire One, the fix was an entry added to GRUB's /boot/grub/menu.lst file, adding "pciehp.pciehp_force=1" to the end of the kernel line. However, this change would not take effect at the next kernel update. Ubuntu's grub update script uses markers to update kernel entries - according to its comments:
### BEGIN AUTOMAGIC KERNELS LIST ## lines between the AUTOMAGIC KERNELS LIST markers will be modified ## by the debian update-grub script except for the default options below ## DO NOT UNCOMMENT THEM, Just edit them to your needs |
The entry needed was:
## additional options to use with the default boot option, but not with the ## alternatives ## e.g. defoptions=vga=791 resume=/dev/hda5 # defoptions=quiet splash |
The first few lines begin with a double hash (##) - these are the real comments, the entries beginning with a single hash (#) are the lines used by the update-grub script. The change to be made resulted in the following:
## additional options to use with the default boot option, but not with the ## alternatives ## e.g. defoptions=vga=791 resume=/dev/hda5 # defoptions=quiet splash pciehp.pciehp_force=1 |