Nxl67170 - Ubuntu

From miki
Jump to navigation Jump to search

Introduction

This is the configuration page for the Ubuntu Precise 12.04 partition on NXL67170.

Configuration Files

All configuration files can be found here.

Repositories

To be completed.

Installed Applications

Common applications
See Common configuration for Linux.

Essential:
VirtualBox (virtualbox-4.2) [2013-02-20] Updated to 4.2.8!
Local settings. See also VirtualBox
Privoxy (privoxy)
Gufw (gufw) graphical front-end to ufw
SSH Tunnel script (sshtunnel.pl, libssl-dev) Thierry Walrant's Perl script sshtunnel.pl
LAMP (apache2 php5 mysql-server mysql-client php5-mysql) See local config
PHPMyAdmin (phpmyadmin) Install for apache2 + configure phpmyadmin database + see local config
dwww (dwww)
Courier IMAP (courier-imap courier-doc courier-imap-ssl) Install instructions and local settings
Courier-POP3 (courier-pop courier-pop-ssl)
qmail (ucspi-tcp qmail) See qmail page
NTP (ntp) Set system to synchronize with NTP server automatically (servers: ntp0.nl.net, ntp1.nl.net, ntp2.nl.net, ntp.univ-lyon1.fr)
HTTrack (httrack)
WireShark (wireshark tshark)
MBR (mbr) To create VirtualBox rawdisk
Samba Server (samba smbfs) See local config
ACL (acl)
Google Chrome (chromium-browser)
Thunderbird (thunderbird)
Wine (wine) See Wine page
Psi (psi) See local config
CUPS PDF (cups-pdf) Allow CUPS to access ~/PDF:
sudo aa-complain cupsd
LaTeX (texlive texlive-xetex latex2hml) Including XeTeX package
TeX Extra packages (texlive-plain-extra texlive-science) Soul package requires CTAN color package - see [1]
[2011-01-14] Added texlive-science.
GNU C/C++ compiler (g++)
C/C++ documentation (manpages-posix-dev stl-manual) Make SGI doc available at http://localhost/sgi :
ln -s /usr/share/doc/stl-manual/html /var/www/sgi
Javadoc Installed on http://nxl67002ux/. JDK 1.4.2 in /data/www/javase/1.4.2/docs; JDK 6u21 in /data/www/javase/6/docs
Perl-doc html (perl-doc-html) Available from dwww, section Programming/perl
Google Earth (googleearth googleearth-data) Requires Medibuntu repository
Recoll desktop search (recoll) See also Recoll page.
pdftk (pdftk)
Oracle/Sun Java JDK 1.6 (sun-java6-jdk)
4Pane (4pane) See Linux Software#4Pane
Git (git-gui gitk git-doc gitweb) [2013-02-20]Updated to 1.7.10.5 compiled from source.
sudo apt-get install zlib1g-dev libcurl4-openssl-dev expat asciidoc     # More packages might be needed
git clone git://github.com/gitster/git.git          # Use proxygit if behind a proxy
cd git
make configure                                      # See also INSTALL
./configure --prefix=/usr/local                     # In // of existing package installation. /usr/local has precedence
make all doc
sudo make install install-doc install-html

[2013-02-20] — Installed tileqt tcl/tk widget theme for gitk (see here).

Some git browsers (qgit gitg source-highlight) [2013-02-20] gitg updated to 0.0.7!
KDirStat (kdirstat)
Color Diff (colordiff)
Word Diff (wdiff)
Diffuse (diffuse)
bsdiff (bsdiff)
KDiff3-QT (kdiff3-qt) (QT version has no dep on KDE) Settings → Integration → add ;-- to command line opts to ignore, and check Quit also via Escape key
Diffstat (diffstat) A better grep...
Ack (ack-grep) A better grep...
sudo ln -s /usr/bin/ack-grep /usr/local/bin/ack
Hexedit (hexedit) Hex editor
Hexer (hexer) Hex editor with vi-like interface
Uncrustify (uncrustify) v0.59, simply compiled from source (./configure; make; sudo make install)
socat (socat)
multitee (multitee)
colortail (colortail)
Qiv (qiv)
libdvdcss2 Installed via sudo /usr/share/doc/libdvdread4/install-css.sh (see also [2])
VLC (vlc)
apt-rdepends (apt-rdepends)
GraphViz (graphviz) To plot package dependencies with apt-cache dotty and apt-rdepends -d
pipe viewer (pv)
Acrobat Reader (acroread) Edit mime type in ~/.local/share/applications/mimeapps.list:
[Added Associations]
application/pdf=acroread.desktop;evince.desktop;gimp.desktop

Add to ~/.mailcap:

application/pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-bzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.bz2
application/x-gzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.gz

Local applications:

Application (package) [YYYY-MM-DD] Update
Additional configuration settings

Un-installed applications (by uninstall date):

[yyyy-mm-dd] Application (package) [YYYY-MM-DD] uninstalled (reason)

Simple Settings

  • SUDO - keep environment variable http_proxy, https_proxy (to keep proxy settings for apt-get etc)
  • SUDO - keep environment variable GREP_OPTIONS (keep grep options)
  • SUDO - keep environment variable DISPLAY, XAUTHORITY (avoid doing xhost local:root before launching X pgm)
  • SUDO - keep environment variable HOME (e.g. to keep git aliases and settings when using etckeeper)
Defaults        env_reset, env_keep="http_proxy https_proxy GREP_OPTIONS DISPLAY XAUTHORITY HOME"
  • SUDO - Allow truecrypt and rfkill w/o password:
ALL     ALL=NOPASSWD: /usr/bin/truecrypt
ALL     ALL=NOPASSWD: /sbin/rfkill
  • CRON - cron script for automatic backup of wikis on Noekeon's (see config files).
  • PROXY - script for automatic setup of network environment (proxy, ssh...) (see config files).
  • Security — Disabled control-alt-del in console as recommended in Ubuntu Server Guide. Comment out the following line in the file /etc/init/control-alt-delete.conf:
#exec shutdown -r now "Control-Alt-Delete pressed"
  • Add user www for synchronization of /data/www folder (localhost page):
sudo useradd -g www-data -G users -u 999 -s /bin/bash -m www
sudo passwd www
su - www
ssh-keygen                                         # Or copy .ssh/ copy from other www users
scp .ssh/id_rsa.pub .ssh/authorized_keys

Detailed System Settings

1st install

  • 2nd install on [2013-02-20]
  • Distribution: Ubuntu 12.04 amd64
  • Installation method: Net boot install from Internet using GRUB
  • Language: English
  • Location: Europe, Belgium Time
  • Computer name: nxl67170ux
  • Keyboard layout: BE
  • Name: beq06659
  • Login name: beq06659
  • Update: No automatic update
  • Software to install: Ubuntu Desktop
  • Partition: see main page

Kernel

  • Initial kernel: Precise Pangolin 3.2.0-38-generic (see Ubuntu page).

File System

  • For details, see /etc/fstab.
    • NTFSC: → do not mount automatically. Risk of corruption if mounted while VirtualBox is running!
      Also NTFS partition must be mounted without umask=007,gid=46, or will get operation not permitted when modifying timestamps:
    • Reiserfs/ → enable acl
    • ext4/data → enable acl and data=writeback
/dev/sda2               /c          ntfs        ro,users,nls=utf8,exec                0       2
UUID=...                /           reiserfs    notail,noatime,acl                    0       1
UUID=...                /data       etc4        defaults,noatime,data=writeback,acl   0       2
  • File system structure:
/:                                        
  drwxr-xr-x root      root      boot/       # /dev/sda3
  drwxr-xr-x root      root      c/          # /dev/sda2
  lrwxrwxrwx root      root      d -> /data/d/
  drwxr-xr-x root      root      data/       # /dev/sda8
  drwxr-xr-x root      root      net/
  lrwxrwxrwx root      root      sage -> /data/sage-4.2.1/
  drwxr-xr-x root      root      smb/
  drwxr-xr-x root      root      win/
/data:
  drwxrwsr-x beq06659  beq06659  d/
  drwxr-xr-x root      root      home/
  drwxr-xr-x beq06659  beq06659  sage-4.2.1/
  drwxr-xr-x www-data  root      www/
/home/beq06659:
  lrwxrwxrwx beq06659  beq06659  Documents -> /windows/d/Profiles/beq06659/My Documents/
/net:
  # NFS autofs
/smb:
  drwxr-xr-x root      root      mnemosyne/   # SMB autofs
/var:
  lrwxrwxrwx root      root      www -> /data/www/
  • Configure acl on /data/d:
# VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'root', all files gets root/root ownership.
# We use acl so that files gets group access beqO6659/rwx by default
cd /data
sudo chgrp -R beq06659 d
sudo chmod -R g+w d
find d -type d -print0|sudo xargs -0 chmod g+s
find d -type d -print0|sudo xargs -0 setfacl -m d:group:beq06659:rwx
  • Configure acl on /data/www:
# Set default access condition to rwxr-xr-x / www / www-data
cd /data
sudo chgrp -R www-data www
find d -type www -print0|sudo xargs -0 chmod g+s
find d -type www -print0|sudo xargs -0 setfacl -m d:group:www-data:r-x
find d -type www print0|sudo xargs -0 setfacl -m d:user:www:r-x           # TODO: this one does not work with root...

Network

  • Edited /etc/hosts (added names for intranet)
  • Added to /etc/apt/apt.conf:
Acquire::http::proxy "http://localhost:8118/";
Acquire::ftp::proxy "ftp://localhost:8118/";
Acquire::https::proxy "https://localhost:8118/";
  • Added to /etc/environment:
http_proxy="http://localhost:8118/"
ftp_proxy="ftp://localhost:8118/"
https_proxy="https://localhost:8118/"
NXP network
sshproxy
  • Connect to NXP proxy with sshtunnel (with NTLM auth. if needed)
  • Forward IMAP/SMTP ports
  • Opens a SOCKS5 proxy
privoxy
  • Forward to ssh SOCKS5 proxy.
  • Provide http proxy server.
apt-get, wget, browsers
  • through privoxy (through environment variables or .pac file)
ftp
  • Direct connection (no solution...)
HOME network
sshproxy
  • Direct connection
  • Forward IMAP/SMTP ports
  • Opens a SOCKS5 proxy (not used)
privoxy
  • Direct connection
  • Provide http proxy server.
apt-get, wget, browsers
  • through privoxy (through environment variables or .pac file)
ftp
  • SAMBA/NFS CLIENT - Mount mnemosyne shares as NFS autofs (see [3]) and as SMB autofs
    • Enabled/created the following automounters in /etc/auto.master:
    • /net           /etc/auto.net
      /smb/mnemosyne /etc/auto.smb.mnemosyne
      
    • Created configuration file /etc/auto.smb.mnemosyne (mount options: noperm,iocharset=utf8,credentials=/etc/auto.smb.mnemosyne.*)
    • Created SMB credential files /etc/auto.smb.mnemosyne.* (see man mount.cifs)
    • Created path for mount points:
    • sudo mkdir /net
      sudo mkdir -p /smb/mnemosyne
      #ls /net/mnemosyne
      #sudo mkdir -p /mnt/mnemosyne
      #for i in /net/mnemosyne/volume1/*; do sudo ln -s $i /mnt/mnemosyne/$(basename $i); done
      
  • NXP Wired (see Linux Admin#Network Manager - Search Path)
    • Added local domain name be-leu01.nxp.com to /etc/resolv.conf
  • NXP Wireless (see Linux Admin#Wireless Network)
    • Network name (SSID): WLAN-WBI
    • Wireless security: Dynamic WEP (802.1x)
    • Authentication: TLS
    • Identity: michael.peeters@nxp.com
    • User certificate / CA certificate / Private key: imported from Windows (NXP Enterprise CA 1 for Client Authentication, Secure Email, serial 2F DF 1F D4 00 00 00 00 5E 1C)
  • Privoxy settings:
    • Added to /etc/privoxy/user.action:
    { -filter }
    tennislibre.com
    

Firewall

  • Moved user rules to /etc/ufw so that they can be tracked by etckeeper
  • cd /lib/ufw
    sudo mv user* /etc/ufw
    sudo ln -s /etc/ufw/user.rules
    sudo ln -s /etc/ufw/user6.rules
    
  • Enabled ufw
  • sudo ufw enable
    
  • Policy:
  • sudo ufw allow from 192.168.11.2                   # Enable full access from local virtualbox
    sudo ufw allow from 172.19.0.0/16 to any port 22   # Enable - from home local network - SSH
    

Preferences

  • Theme
  • The mighty Macbuntu 10.04 theme! Reverted changes:
    • Fonts — see below.
    • TerminalColors select Use colors from system theme (was set to Gray on black built-in schemes). Keep transparent background 95%.
    • Panel — add back System Monitor. We don't add back the bottom task panel.
    • In Configuration Editor, /apps/metacity/general/button_layout: menu:minimize,maximize,close
  • Appearance
    • (before Macbuntu) Fonts — ApplicationTahoma 9; DocumentSans 8; DesktopSans 8; Title → Sans Bold 9; Fixed widthMonospace 8
    • (after Macbuntu) Fonts — ApplicationLucida Grande 9; DocumentLucida Grande 9; DesktopLucida Grande 9; Title → Lucida Grande 10; Fixed widthLucida Console 9 (originally Lucida Console 10)
    • Fonts — rename ~/.fonts.conf to ~/.fonts.conf.macbuntu to disable macbuntu hinting settings override.
  • Appearance
    • Isabelle Hires Noir&Blanc crop-despeckle 936x1200.png, in ~/etc.
  • Keyboard Layout (System-Wide)
    • Layout: Belgium (default) + USA, no separate layout
      Custlayout Belgium (file /usr/share/X11/xkb/symbols/be) to allow AltGr-; → '<' and AltGr-: → '>', and support Greek letters with AltGr-Shift.
    • Options: Capslock affects all keys, Alt+CapsLock or Right Ctrl+Right Shift switch layout, right alt chooses 3rd level.
      (because Alt+Shift,Left Ctrl+Left Shift prevents ctrl-alt-shift shortcuts to work, Right Ctrl conflicts with VirtualBox)
  • Keyboard Shortcuts
  • Shortcut Action Remark
    Super-E Home Folder Hack Super is mapped to Win keys not needed anymore it seems
  • Window List Panel (see here)
    • Window List Content → Show windows from all workspaces
    • Restoring Minimized Windows → Restore to native workspace
  • Fonts
    • System fonts (/usr/local/share/fonts):
    Added BitStream Vera 1.10
    Added jsMath fonts (Linux variant, darkness 20 file, see here)
    Added all jsMath extra fonts (dark version from this page)
    • User fonts (~/.fonts):
    Added Tahoma
  • Compiz
    • General Option - Move Window: SuButton2
      because AButton3 is used in OpenOffice to move columns / rows
    • Static Application Switcher: Use AAlt for Next Window (current workspace)
    • Scale: Multi-Output ModeOn all output devices, darken background, Emblem for overlay icon
    • Ring Switcher: Enabled + Use SuTab for Next Windows (All Workspaces) + Allow Mouse Selection
    • Enhanced Zoom Desktop: Disabled
    • Negative: Disabled
    • Desktop Wall: enabled Edge Flip Move.
    • Put : disabled Put Pointer, enabled Put To Next Output (Superz) selected Avoid Offscreen.
    Frequently used Compiz shortcuts (bold are custom ones)
    Shortcut Action Remark
    SASpace
    SuButton3
    General Options - Window Menu
    CALeft
    CARight
    Desktop Wall - Move
    SCALeft
    SCARight
    Desktop Wall - Move with window
    SSue Expo Key
    AF7 Move Window
    Suz Windows Put To Next Output
    AF8
    SuButton2
    Resize Window
    SuTab
    SSuTab
    Ring Switcher (All Workspaces)
    Suw
    Sua / TopLeft / TopRight
    Scale windows Current viewport
    All windows
    ATab
    SATab
    Static application switcher Current viewport

Detailed Application Settings

Amarok

Courier IMAP

  • Install (reference here):
    • Create directories for web-based administration
    • SSL Certificate: /etc/courier/pop3d.pem, /etc/courier/imapd.pem
    • Postfix configuration: local only
    • System mail name: nxl67002ux.wbi.nxp.com
    • Created /etc/courier/userdb, and kept entries for root, localuser and beq06659
    • Use password from /etc/courier/userdb (method authuserdb).

Firefox

  • Theme: macfox3 1.1.7
  • Extensions (some disabled because Firefox hangs on launch/exit):
    • AutoPager 0.7.0.0 — disabled
    • Belgium eID 1.0.11 — disabled
    • CHM Reader 0.2.3
    • Cycle Input Focus 1.0.0 — disabled
    • Delicious Bookmarks 2.3.1
    • Fast Dial 3.4
    • FireGestures 1.5.7 — disabled
    • FoxyProxy Standard 3.3
    • Live HTTP headers 0.17
    • Ubuntu Firefox Modifications 0.9rc2
    • User Agent Switcher 0.7.3 — disabled

LAMP

Install the servers:

sudo apt-get install apache2 php5 mysql-server mysql-client php5-mysql
# --> Defined password for MySQL root user
sudo vi /etc/apache2/apache2.conf
# --> Added lines at line 32:
#     #MIP CUSTOM
#     ServerName "nxl67002ux"
# Restart apache server to activate php module...
sudo /etc/init.d/apache restart

# Move www root dir to /data disk
sudo mv /var/www /data
sudo ln -sf /data/www /var/www

Apache:

  • configuration file is at /etc/apache2/apache2.conf
  • Apache root http directory is /var/www
  • Enable mod-rewrite module.
    In /etc/apache2/sites-available/default, change as: AllowOverride NoneFileInfo (twice).


Create databases that will store local copies of cryptokiwi and mikiwiki wiki, and of mikido:

MYSQL_HISTFILE=/dev/null mysql --user=root -p mysql
mysql> CREATE DATABASE cryptokiwi;
mysql> GRANT ALL PRIVILEGES ON cryptokiwi.* TO kiwi@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikiwiki;
mysql> GRANT ALL PRIVILEGES ON mikiwiki.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikido;
mysql> GRANT ALL PRIVILEGES ON mikido.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE nxpwiki;
mysql> GRANT ALL PRIVILEGES ON nxpwiki.* TO nxp@localhost IDENTIFIED BY '********';
mysql> quit
  • Enabled HTTPS (requires valid-user)
  • Firewall blocks port 80 but allow port 443 (so that localhost can connect w/o password but other guest needs password)

Nautilus

  • Default view: List View
  • Display, date format: YYYY-MM-DD hh:mm:ss
  • List View: zoom 33%
  • Icon View, Compact View: zoorm 66%
  • Preview: all set to Never, and only for files smaller than 500kB (to prevent thumbnailing PDFs...)

Psi

(recovered from previous settings on Gryphon at ~/.psi)

  • Gnome: Added Psi as startup program (Psi, /usr/bin/psi, Communicate over the jabber network).
  • OptionsEventsEnable popup notifications (all notifications)
  • Modify Account... → Changed resource to work-ux
  • Modify Account...Automatically reconnect if disconnected
  • Modify Account...Proxylocalhost:8118

Samba

   security = user
   username map = /etc/samba/smbusers

# [...]

[homes]
   comment = Home Directories
   browseable = no
 
# [...]
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

SSH

  • Installed SSH-Tunnel
  • Files recovered from other installation (ssh-tunnel v2.26 + patch):
/usr/local/bin
-rwxr-xr-x 1 root root ssh-agent-refresh_andlinux.sh
-rwxr-xr-x 1 root root ssh-agent-refresh.sh
-rwxr-xr-x 1 root root ssh.pl
-rwxr-xr-x 1 root root ssh-tunnel.pl
  • User beq06659 - configuration file in directory ~/.ssh:
    • id_rsa || id_rsa.pub || authorized_keys || config* || proxy.conf* || clbanner.txt
  • Disabled SSH Key Agent from Gnome Startup Applications
  • Added startup application:
    • Name: startup.sh
    • Command: /home/beq06659/bin/startup.sh
    • Comment: Custom startup script
  • Do not accept locale env var. LC_* from the client (see SSH#Missing Locale in Perl)

Terminal

Vim

  • Added ~/.bash_completion from [4] (modified to also take alias v=gvim)

VirtualBox

  • See virtual machine configuration log.
  • Installed with apt (original version 4.2.8)
  • VirtualBox is launched as user root (because it seems that only the current user and root can access PulseAudio in a same X session — see [5])
  • Allow user beq06659 to launch VirtualBox through user root. Add to /etc/sudoers:
beq06659	ALL=NOPASSWD: /usr/bin/VirtualBox
  • Helper script to add to e.g. ~/bin :
#First allow user vbox to connect to X11
#xhost +SI:localuser:vbox
#sudo su vbox -c /usr/bin/VirtualBox&

#New config - run VirtualBox as root to allow sound
sudo /usr/bin/VirtualBox&
  • Create a launcher in ~/.local/share/applications/virtualbox-root.desktop
#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=VBox
Name[en_US]=Oracle VM VirtualBox (root)
Exec=/home/beq06659/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=Oracle VM VirtualBox (root)
Comment=Run several virtual systems on a single host computer
Icon=VBox

Wine

See Configuration NXP Dell Latitude E5430 - Wine.

To Do

Issues

  • Issue — To be completed
  • To Do — Description

Done & Fixed

  • Fixed — Issue description
    Fix description
  • Done — Description