Nxl67170 - Ubuntu

From miki
Revision as of 08:40, 15 March 2013 by Mip (talk | contribs) (→‎Network)
Jump to navigation Jump to search

Introduction

This is the configuration page for the Ubuntu Precise 12.04 partition on NXL67170.

Configuration Files

All configuration files can be found here.

Repositories

To be completed.

Installed Applications

Common applications

See Common configuration for Linux.

Essential

VirtualBox (virtualbox-4.2) [2013-02-20] Updated to 4.2.8!
Local settings. See also VirtualBox
Privoxy (privoxy)
Gufw (gufw) graphical front-end to ufw
SSH Tunnel script (sshtunnel.pl, libssl-dev) Thierry Walrant's Perl script sshtunnel.pl
LAMP (apache2 php5 mysql-server mysql-client php5-mysql) See local config
PHPMyAdmin (phpmyadmin) Install for apache2 + configure phpmyadmin database + see local config
dwww (dwww)
Courier IMAP (courier-imap courier-doc courier-imap-ssl) Install instructions and local settings
Courier-POP3 (courier-pop courier-pop-ssl)
qmail (ucspi-tcp qmail) See qmail page
NTP (ntp) Set system to synchronize with NTP server automatically (servers: ntp0.nl.net, ntp1.nl.net, ntp2.nl.net, ntp.univ-lyon1.fr)
HTTrack (httrack)
WireShark (wireshark tshark)
TrueCrypt v7.1a, with AES-NI instructions!
Samba Server (samba smbfs) See local config
ACL (acl)
Google Chrome (chromium-browser)
Thunderbird (thunderbird)
Wine (wine) See Wine page
Psi (psi) See local config
CUPS PDF (cups-pdf) Allow CUPS to access ~/PDF:
sudo aa-complain cupsd
LaTeX (texlive texlive-xetex latex2hml) Including XeTeX package
TeX Extra packages (texlive-plain-extra texlive-science) Soul package requires CTAN color package - see [1]
[2011-01-14] Added texlive-science.
Google Earth (googleearth googleearth-data) Requires Medibuntu repository
Recoll desktop search (recoll) See also Recoll page.
pdftk (pdftk)
Git (git-gui gitk git-doc gitweb) [2013-02-20]Updated to 1.7.10.5 compiled from source.
sudo apt-get install autoconf zlib1g-dev libcurl4-openssl-dev expat asciidoc     # More packages might be needed
git clone git://github.com/gitster/git.git          # Use proxygit if behind a proxy
cd git
make configure                                      # See also INSTALL
./configure --prefix=/usr/local                     # In // of existing package installation. /usr/local has precedence
make all doc
sudo make install install-doc install-html

[2013-02-20] — Installed tileqt tcl/tk widget theme for gitk (see here).

Some git browsers (qgit gitg source-highlight) [2013-02-20] gitg updated to 0.0.7!
KDirStat (kdirstat)
Color Diff (colordiff)
Word Diff (wdiff)
Diffuse (diffuse)
bsdiff (bsdiff)
KDiff3-QT (kdiff3-qt) (QT version has no dep on KDE) Settings → Integration → add ;-- to command line opts to ignore, and check Quit also via Escape key
Diffstat (diffstat) A better grep...
Ack (ack-grep) A better grep...
sudo ln -s /usr/bin/ack-grep /usr/local/bin/ack
Hexedit (hexedit) Hex editor
Hexer (hexer) Hex editor with vi-like interface
Uncrustify (uncrustify) v0.59, simply compiled from source (./configure; make; sudo make install)
socat (socat)
multitee (multitee)
colortail (colortail)
Qiv (qiv)
libdvdcss2 Installed via sudo /usr/share/doc/libdvdread4/install-css.sh (see also [2])
VLC (vlc)
pipe viewer (pv)
Acrobat Reader (acroread) Edit mime type in ~/.local/share/applications/mimeapps.list:
[Added Associations]
application/pdf=acroread.desktop;evince.desktop;gimp.desktop

Add to ~/.mailcap:

application/pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-bzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.bz2
application/x-gzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.gz
CPU indicator (indicator-multiload) Selected CPU, Memory, Network
screen (screen)

Development

GNU C/C++ compiler (g++)
C/C++ documentation (manpages-posix-dev stl-manual) Make SGI doc available at http://localhost/sgi :
ln -s /usr/share/doc/stl-manual/html /var/www/sgi
openJDK 7 (openjdk-7-jdk openjdk-7-doc) Selected alternatives with:
sudo update-alternatives --config java
sudo update-alternatives --config javac
# TODO: Add others (like ant, javah, etc?)
openJDK 6 32-bit (openjdk-6-jdk:i386) Installing after OpenJDK7 brings less dependency issues it seems. See Griffin for alternatives
ia32 libraries (ia32-libs libc6-dev:i386 gcc-multilib g++-multilib) TODO: Seems we should install ia32-libs-multiarch though...
Installing this package removed some package, so reinstall them back with:
sudo apt-get install build-essential g++ dkms \
     nvidia-current virtualbox-dkms

Compiling with gcc -m32 still does not work though (missing 32-bit libgcc.a). Installing package gcc-4.6:i386 force removal of many 64-bit packages. Instead we go for solution given here:

sudo apt-get install gcc-multilib
Javadoc Installed on http://nxl67002ux/. JDK 1.4.2 in /data/www/javase/1.4.2/docs; JDK 6u21 in /data/www/javase/6/docs
Perl-doc html (perl-doc-html) Available from dwww, section Programming/perl
make documentation (make-doc)
USB dev libs (libusb-dev:i386) For Telematics ATOP development
dos2unix (dos2unix)

Local applications

MBR (mbr) To create VirtualBox rawdisk
apt-rdepends (apt-rdepends)
GraphViz (graphviz) To plot package dependencies with apt-cache dotty and apt-rdepends -d
Banshee (banshee)

Uninstalled

Application (package) [YYYY-MM-DD] uninstalled (reason)

Simple Settings

  • SUDO - keep environment variable http_proxy, https_proxy (to keep proxy settings for apt-get etc)
  • SUDO - keep environment variable GREP_OPTIONS (keep grep options)
  • SUDO - keep environment variable DISPLAY, XAUTHORITY (avoid doing xhost local:root before launching X pgm)
  • SUDO - keep environment variable HOME (e.g. to keep git aliases and settings when using etckeeper)
Defaults        env_reset, env_keep="http_proxy https_proxy GREP_OPTIONS DISPLAY XAUTHORITY HOME"
  • SUDO - Allow truecrypt and rfkill w/o password:
ALL     ALL=NOPASSWD: /usr/bin/truecrypt
ALL     ALL=NOPASSWD: /sbin/rfkill
  • CRON - Add cron script ~/etc/crontab-noekeon (backup of wikis on Noekeon.org)
  • PROXY - script for automatic setup of network environment (proxy, ssh...) (see config files).
  • Security — Disabled control-alt-del in console as recommended in Ubuntu Server Guide. Comment out the following line in the file /etc/init/control-alt-delete.conf:
#exec shutdown -r now "Control-Alt-Delete pressed"
  • Add user www for synchronization of /data/www folder (localhost page):
sudo useradd -g www-data -G users -u 999 -s /bin/bash -m www
sudo passwd www
su - www
ssh-keygen                                         # Or copy .ssh/ copy from other www users
scp .ssh/id_rsa.pub .ssh/authorized_keys
  • ~/bin — Convert scripts for new hostname nxl6717ux and NXL67170 (see ~/bin/restore_wiki.sh, ~/bin/generate_wiki_page.sh, ~/bin/set-network.sh, files in ~/.unison)


For Telematics build environment

  • CRON - Add cron script ~/work/NXP/ATOP/crontab-svn-fetch (fetch svn database automatically)

Detailed System Settings

1st install

  • 2nd install on [2013-02-20]
  • Distribution: Ubuntu 12.04 amd64
  • Installation method: Net boot install from Internet using GRUB
  • Language: English
  • Location: Europe, Belgium Time
  • Computer name: nxl67170ux
  • Keyboard layout: BE
  • Name: beq06659
  • Login name: beq06659
  • Update: No automatic update
  • Software to install: Ubuntu Desktop
  • Partition: see main page

Kernel

  • Initial kernel: Precise Pangolin 3.2.0-38-generic (see Ubuntu page).

File System

  • For details, see /etc/fstab.
    • NTFSC: → do not mount automatically. Risk of corruption if mounted while VirtualBox is running!
      Also NTFS partition must be mounted without umask=007,gid=46, or will get operation not permitted when modifying timestamps:
    • Reiserfs/ → enable acl
    • ext4/data → enable acl and data=writeback
/dev/sda2               /c          ntfs        ro,users,nls=utf8,exec                0       2
UUID=...                /           reiserfs    notail,noatime,acl                    0       1
UUID=...                /data       etc4        defaults,noatime,data=writeback,acl   0       2
  • File system structure:
/:                                        
  drwxr-xr-x root      root      boot/       # /dev/sda3
  drwxr-xr-x root      root      c/          # /dev/sda2
  lrwxrwxrwx root      root      d -> /data/d/
  drwxr-xr-x root      root      data/       # /dev/sda8
  drwxr-xr-x root      root      net/
  lrwxrwxrwx root      root      sage -> /data/sage-4.2.1/
  drwxr-xr-x root      root      smb/
  drwxr-xr-x root      root      win/
/data:
  drwxrwsr-x beq06659  beq06659  d/
  drwxr-xr-x root      root      home/
  drwxr-xr-x beq06659  beq06659  sage-4.2.1/
  drwxr-xr-x www-data  root      www/
/home/beq06659:
  lrwxrwxrwx beq06659  beq06659  Documents -> /windows/d/Profiles/beq06659/My Documents/
/net:
  # NFS autofs
/smb:
  drwxr-xr-x root      root      mnemosyne/   # SMB autofs
/var:
  lrwxrwxrwx root      root      www -> /data/www/
  • Configure acl on /data/d:
# VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'root', all files gets root/root ownership.
# We use acl so that files gets group access beqO6659/rwx by default
cd /data
sudo chgrp -R beq06659 d
sudo chmod -R g+w d
find d -type d -print0|sudo xargs -0 chmod g+s
find d -type d -print0|sudo xargs -0 setfacl -m d:group:beq06659:rwx
  • Configure acl on /data/www:
# Set default access condition to rwxr-xr-x / www / www-data
cd /data
sudo chgrp -R www-data www
find www -type d -print0|sudo xargs -0 chmod g+s
find www -type d -print0|sudo xargs -0 setfacl -m d:group:www-data:r-x
find www -type d -print0|sudo xargs -0 setfacl -m d:user:www:r-x           # TODO: this one does not work with root...

Network

  • Edited /etc/hosts (added names for intranet)
  • Added to /etc/apt/apt.conf:
Acquire::http::proxy "http://localhost:8118/";
Acquire::ftp::proxy "ftp://localhost:8118/";
Acquire::https::proxy "https://localhost:8118/";
  • Added to /etc/environment:
http_proxy="http://localhost:8118/"
ftp_proxy="ftp://localhost:8118/"
https_proxy="https://localhost:8118/"
NXP network
sshproxy
  • Connect to NXP proxy with sshtunnel (with NTLM auth. if needed)
  • Forward IMAP/SMTP ports
  • Opens a SOCKS5 proxy
privoxy
  • Forward to ssh SOCKS5 proxy.
  • Provide http proxy server.
apt-get, wget, browsers
  • through privoxy (through environment variables or .pac file)
ftp
  • Direct connection (no solution...)
HOME network
sshproxy
  • Direct connection
  • Forward IMAP/SMTP ports
  • Opens a SOCKS5 proxy (not used)
privoxy
  • Direct connection
  • Provide http proxy server.
apt-get, wget, browsers
  • through privoxy (through environment variables or .pac file)
ftp
  • SAMBA/NFS CLIENT - Mount mnemosyne shares as NFS autofs (see [3]) and as SMB autofs
    • Enabled/created the following automounters in /etc/auto.master:
    • /net           /etc/auto.net
      /smb/mnemosyne /etc/auto.smb.mnemosyne
      
    • Created configuration file /etc/auto.smb.mnemosyne (mount options: noperm,iocharset=utf8,credentials=/etc/auto.smb.mnemosyne.*)
    • Created SMB credential files /etc/auto.smb.mnemosyne.* (see man mount.cifs)
    • Created path for mount points:
    • sudo mkdir /net
      sudo mkdir -p /smb/mnemosyne
      #ls /net/mnemosyne
      #sudo mkdir -p /mnt/mnemosyne
      #for i in /net/mnemosyne/volume1/*; do sudo ln -s $i /mnt/mnemosyne/$(basename $i); done
      
  • NXP Wired
  • NXP Wireless (see Linux Admin#Wireless Network)
    • Network name (SSID): WLAN-NXP
    • Wireless security: WPA & WPA2 Enterprise
    • Authentication: TLS
    • Identity: beq06659
    • User certificate / CA certificate / Private key: imported from Windows (EMEA-CA for Client Authentication, Secure Email)
  • Privoxy settings:
    • Added to /etc/privoxy/user.action:
    { -filter }
    tennislibre.com
    

Firewall

  • Moved user rules to /etc/ufw so that they can be tracked by etckeeper
  • cd /lib/ufw
    sudo mv user* /etc/ufw
    sudo ln -s /etc/ufw/user.rules
    sudo ln -s /etc/ufw/user6.rules
    
  • Enabled ufw
  • sudo ufw enable
    
  • Policy:
  • sudo ufw allow from 192.168.11.2                   # Enable full access from local virtualbox
    sudo ufw allow from 172.19.0.0/16 to any port 22   # Enable - from home local network - SSH
    

Preferences

  • Fonts (via ubuntu-tweak):
  • Category Font Size
    Default Font Ubuntu 9
    Desktop Font Sans 9
    Monospace font Lucida Console Semi-Condensed 10
    Document font Sans 10
    Window title bar font Ubuntu Bold 10
    • Hinting: Basic
    • Antialiasing: Subpixel antialising (LCD screens only)

  • Theme
  • The mighty Macbuntu 10.04 theme! Reverted changes:
    • Fonts — see below.
    • TerminalColors select Use colors from system theme (was set to Gray on black built-in schemes). Keep transparent background 95%.
    • Panel — add back System Monitor. We don't add back the bottom task panel.
    • In Configuration Editor, /apps/metacity/general/button_layout: menu:minimize,maximize,close
  • Appearance
    • (before Macbuntu) Fonts — ApplicationTahoma 9; DocumentSans 8; DesktopSans 8; Title → Sans Bold 9; Fixed widthMonospace 8
    • (after Macbuntu) Fonts — ApplicationLucida Grande 9; DocumentLucida Grande 9; DesktopLucida Grande 9; Title → Lucida Grande 10; Fixed widthLucida Console 9 (originally Lucida Console 10)
    • Fonts — rename ~/.fonts.conf to ~/.fonts.conf.macbuntu to disable macbuntu hinting settings override.
  • Appearance
    • Isabelle Hires Noir&Blanc crop-despeckle 936x1200.png, in ~/etc.
  • Keyboard Layout (System-Wide)
    • Layout: Belgium (default) + USA, no separate layout
      Custlayout Belgium (file /usr/share/X11/xkb/symbols/be) to allow AltGr-; → '<' and AltGr-: → '>', and support Greek letters with AltGr-Shift.
    • Options: Capslock affects all keys, Alt+CapsLock or Right Ctrl+Right Shift switch layout, right alt chooses 3rd level.
      (because Alt+Shift,Left Ctrl+Left Shift prevents ctrl-alt-shift shortcuts to work, Right Ctrl conflicts with VirtualBox)
  • Keyboard Shortcuts
  • Shortcut Action Remark
    Super-E Home Folder Hack Super is mapped to Win keys not needed anymore it seems
  • Window List Panel (see here)
    • Window List Content → Show windows from all workspaces
    • Restoring Minimized Windows → Restore to native workspace
  • Fonts
    • System fonts (/usr/local/share/fonts):
    Added BitStream Vera 1.10
    Added jsMath fonts (Linux variant, darkness 20 file, see here)
    Added all jsMath extra fonts (dark version from this page)
    • User fonts (~/.fonts):
    Added Tahoma
  • Compiz
    • General Option - Move Window: SuButton2
      because AButton3 is used in OpenOffice to move columns / rows
    • Static Application Switcher: Use AAlt for Next Window (current workspace)
    • Scale: Multi-Output ModeOn all output devices, darken background, Emblem for overlay icon
    • Ring Switcher: Enabled + Use SuTab for Next Windows (All Workspaces) + Allow Mouse Selection
    • Enhanced Zoom Desktop: Disabled
    • Negative: Disabled
    • Desktop Wall: enabled Edge Flip Move.
    • Put : disabled Put Pointer, enabled Put To Next Output (Superz) selected Avoid Offscreen.
    Frequently used Compiz shortcuts (bold are custom ones)
    Shortcut Action Remark
    SASpace
    SuButton3
    General Options - Window Menu
    CALeft
    CARight
    Desktop Wall - Move
    SCALeft
    SCARight
    Desktop Wall - Move with window
    SSue Expo Key
    AF7 Move Window
    Suz Windows Put To Next Output
    AF8
    SuButton2
    Resize Window
    SuTab
    SSuTab
    Ring Switcher (All Workspaces)
    Suw
    Sua / TopLeft / TopRight
    Scale windows Current viewport
    All windows
    ATab
    SATab
    Static application switcher Current viewport

Detailed Application Settings

Amarok

Courier IMAP

  • Install (reference here):
    • Create directories for web-based administration
    • SSL Certificate: /etc/courier/pop3d.pem, /etc/courier/imapd.pem
    • Postfix configuration: local only
    • System mail name: nxl67002ux.wbi.nxp.com
    • Created /etc/courier/userdb, and kept entries for root, localuser and beq06659
    • Use password from /etc/courier/userdb (method authuserdb).
  • Recovered most files from nxl67002ux, but it failed at first because users where assigned different UID!!!
    Make sure users have identical UID, or courier will complain it has not the permission to access Maildir/p

Firefox

  • Theme: macfox3 1.1.7
  • Extensions (some disabled because Firefox hangs on launch/exit):
    • AutoPager 0.7.0.0 — disabled
    • Belgium eID 1.0.11 — disabled
    • CHM Reader 0.2.3
    • Cycle Input Focus 1.0.0 — disabled
    • Delicious Bookmarks 2.3.1
    • Fast Dial 3.4
    • FireGestures 1.5.7 — disabled
    • FoxyProxy Standard 3.3
    • Live HTTP headers 0.17
    • Ubuntu Firefox Modifications 0.9rc2
    • User Agent Switcher 0.7.3 — disabled

LAMP

Install the servers:

sudo apt-get install apache2 php5 mysql-server mysql-client php5-mysql
# --> Defined password for MySQL root user
sudo vi /etc/apache2/apache2.conf
# --> Added lines at line 32:
#     #MIP CUSTOM
#     ServerName "nxl67002ux"
# Restart apache server to activate php module...
sudo /etc/init.d/apache restart

# Move www root dir to /data disk
sudo mv /var/www /data
sudo ln -sf /data/www /var/www

Apache:

  • configuration file is at /etc/apache2/apache2.conf
  • Apache root http directory is /var/www
  • Enable mod-rewrite module.
    In /etc/apache2/sites-available/default, change as: AllowOverride NoneFileInfo (twice).


Create databases that will store local copies of cryptokiwi and mikiwiki wiki, and of mikido:

MYSQL_HISTFILE=/dev/null mysql --user=root -p mysql
mysql> CREATE DATABASE cryptokiwi;
mysql> GRANT ALL PRIVILEGES ON cryptokiwi.* TO kiwi@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikiwiki;
mysql> GRANT ALL PRIVILEGES ON mikiwiki.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikido;
mysql> GRANT ALL PRIVILEGES ON mikido.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE nxpwiki;
mysql> GRANT ALL PRIVILEGES ON nxpwiki.* TO nxp@localhost IDENTIFIED BY '********';
mysql> quit
  • Enabled HTTPS (requires valid-user)
  • Firewall blocks port 80 but allow port 443 (so that localhost can connect w/o password but other guest needs password)

Nautilus

  • Default view: List View
  • Display, date format: YYYY-MM-DD hh:mm:ss
  • List View: zoom 33%
  • Icon View, Compact View: zoorm 66%
  • Preview: all set to Never, and only for files smaller than 500kB (to prevent thumbnailing PDFs...)

Psi

(recovered from previous settings on Gryphon at ~/.psi)

  • Gnome: Added Psi as startup program (Psi, /usr/bin/psi, Communicate over the jabber network).
  • OptionsEventsEnable popup notifications (all notifications)
  • Modify Account... → Changed resource to work-ux
  • Modify Account...Automatically reconnect if disconnected
  • Modify Account...Proxylocalhost:8118

Samba

   security = user
   username map = /etc/samba/smbusers

# [...]

[homes]
   comment = Home Directories
   browseable = no
 
# [...]
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

SSH

  • Installed SSH-Tunnel
  • Files recovered from other installation (ssh-tunnel v2.26 + patch):
/usr/local/bin
-rwxr-xr-x 1 root root ssh-agent-refresh_andlinux.sh
-rwxr-xr-x 1 root root ssh-agent-refresh.sh
-rwxr-xr-x 1 root root ssh.pl
-rwxr-xr-x 1 root root ssh-tunnel.pl
  • User beq06659 - configuration file in directory ~/.ssh:
    • id_rsa || id_rsa.pub || authorized_keys || config* || proxy.conf* || clbanner.txt
  • Disabled SSH Key Agent from Gnome Startup Applications
  • Added startup application:
    • Name: startup.sh
    • Command: /home/beq06659/bin/startup.sh
    • Comment: Custom startup script
  • Do not accept locale env var. LC_* from the client (see SSH#Missing Locale in Perl)

Terminal

Vim

  • Added ~/.bash_completion from [4] (modified to also take alias v=gvim)

VirtualBox

  • See virtual machine configuration log.
  • Installed with apt (original version 4.2.8)
  • VirtualBox is launched as user root (because it seems that only the current user and root can access PulseAudio in a same X session — see [5])
  • Allow user beq06659 to launch VirtualBox through user root. Add to /etc/sudoers:
beq06659	ALL=NOPASSWD: /usr/bin/VirtualBox
  • Helper script to add to e.g. ~/bin :
#First allow user vbox to connect to X11
#xhost +SI:localuser:vbox
#sudo su vbox -c /usr/bin/VirtualBox&

#New config - run VirtualBox as root to allow sound
sudo /usr/bin/VirtualBox&
  • Create a launcher in ~/.local/share/applications/virtualbox-root.desktop
#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=VBox
Name[en_US]=Oracle VM VirtualBox (root)
Exec=/home/beq06659/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=Oracle VM VirtualBox (root)
Comment=Run several virtual systems on a single host computer
Icon=VBox

Wine

See Configuration NXP Dell Latitude E5430 - Wine.

To Do

Issues

  • IssueGit — Cannot install tileqt (tcl theme) to beautify gitk.
  • To Do — Description

Done & Fixed

  • Fixed — Issue description
    Fix description
  • Done — Description