Nxl67170 - Ubuntu

Introduction

This is the configuration page for the Ubuntu Precise 12.04 partition on NXL67170.

Configuration Files

All configuration files can be found here.

Repositories

• Added texlive-backports ppa (backports of latest TeX Live from Ubuntu 12.10, see [1])

sudo add-apt-repository ppa:texlive-backports/ppa

• Added LibreOffice 4.0.x PPA (LibreOffice 4.0.x series stable backports ppa, see [2])

sudo add-apt-repository ppa:libreoffice/libreoffice-4-0
sudo apt-get update
sudo apt-get install libreoffice-gnome

Installed Applications

Common applications

See Common configuration for Linux.

Essential

#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=VBox
Name[en_US]=Oracle VM VirtualBox (vbox user)
Exec=/home/beq06659/bin/vbox.sh
Comment[en_US]=Run several virtual systems on a single host computer
Name=Oracle VM VirtualBox (vbox user)
Comment=Run several virtual systems on a single host computer
Icon=VBox

server wbi.nxp.com iburst

sudo aa-complain cupsd

updmap                # Update user's pdftex.map

sudo apt-get install autoconf zlib1g-dev libcurl4-openssl-dev expat asciidoc     # More packages might be needed
git clone git://github.com/gitster/git.git          # Use proxygit if behind a proxy
cd git
make configure                                      # See also INSTALL
./configure --prefix=/usr/local                     # In // of existing package installation. /usr/local has precedence
make all doc
sudo make install install-doc install-html

sudo adduser --system --home /home/git --shell /usr/bin/git-shell git
# Add ssh keys to ~git/.ssh/authorized_keys

sudo ln -s /usr/bin/ack-grep /usr/local/bin/ack

[Added Associations]
application/pdf=acroread.desktop;evince.desktop;gimp.desktop

application/pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-pdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf
application/x-bzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.bz2
application/x-gzpdf; acroread '%s'; test=test -n "$DISPLAY"; nametemplate=%s.pdf.gz

Development

ln -s /usr/share/doc/stl-manual/html /var/www/sgi

sudo update-alternatives --config java
sudo update-alternatives --config javac
# TODO: Add others (like ant, javah, etc?)

sudo apt-get install build-essential g++ dkms \
     nvidia-current virtualbox-dkms

sudo apt-get install gcc-multilib

sudo ln -s /usr/bin/perl /usr/local/bin/perl
sudo mkdir -p /usr/ccs/lib
sudo ln -s /usr/bin/cpp /usr/ccs/lib/cpp

# Basic rule - set group 'plugdev' for all USB HUB
#SUBSYSTEMS=="usb", ATTR{bDeviceClass}=="09", MODE="660", GROUP="plugdev"

# More advanced rule, only set 'plugdev' grp for hub that have an FTDI board connected to them
#SUBSYSTEM=="tty", DRIVERS=="ftdi_sio", RUN+="/etc/udev/rules.d/plugdev_hub.sh"

# Even better, this rules also detects board removal, which allow to reset grp to 'root'
SUBSYSTEM=="tty", KERNEL=="ttyUSB*", RUN+="/etc/udev/rules.d/plugdev_hub.sh"

#! /bin/bash

# Set group to 'plugdev' for given hub device
function setgrp()
{
    DEVNAME=/dev/$(udevadm info -q name -p $1)
    chgrp plugdev $DEVNAME
}

# Reset group to 'root' if no ttyUSB device found for given hub
function resetgrp()
{
    TTYDEVS=$(find $1 -lname "*/ttyUSB*")
    if [ -z "$TTYDEVS" ]; then
        DEVNAME=/dev/$(udevadm info -q name -p $1)
        chgrp root $DEVNAME
    fi
}

if [ "$ACTION" = "add" -o "$ACTION" = "remove" ]; then
    F=/sys$DEVPATH
    while [ "$F" != "/sys" ] ; do 
        if [ -a "$F/bDeviceClass" ] ; then
            if [ "$(cat $F/bDeviceClass)" == "09" ] ; then
                if [ "$ACTION" = "add" ]; then
                    setgrp $F                           # add
                else
                    resetgrp $F                         # remove
                    true
                fi
                break
            fi
        fi
        F=$(dirname $F)
    done
fi

if [ -a ~/bin/local/pypy-env/bin/pypy ]; then
    alias pypy=~/bin/local/pypy-env/bin/pypy
fi

Local applications

Uninstalled

Simple Settings

• SUDO - keep environment variables:
  • http_proxy, https_proxy (to keep proxy settings for apt-get etc)
  • GREP_OPTIONS (keep grep options)
  • DISPLAY, XAUTHORITY (avoid doing xhost local:root before launching X pgm)
  • HOME (e.g. to keep git aliases and settings when using etckeeper)

Defaults        env_reset
Defaults        env_keep += "http_proxy https_proxy GREP_OPTIONS DISPLAY XAUTHORITY HOME"

• SUDO - Allow truecrypt and rfkill w/o password:

ALL     ALL=NOPASSWD: /usr/bin/truecrypt
ALL     ALL=NOPASSWD: /sbin/rfkill

• CRON - Add cron script ~/etc/crontab-noekeon (backup of wikis on Noekeon.org)
• PROXY - script for automatic setup of network environment (proxy, ssh...) (see config files).
• Security — Disabled control-alt-del in console as recommended in Ubuntu Server Guide. Comment out the following line in the file /etc/init/control-alt-delete.conf:

#exec shutdown -r now "Control-Alt-Delete pressed"

• Add user www for synchronization of /data/www folder (localhost page):

sudo useradd -g www-data -G users -u 999 -s /bin/bash -m www
sudo passwd www
su - www
ssh-keygen                                         # Or copy .ssh/ copy from other www users
scp .ssh/id_rsa.pub .ssh/authorized_keys

• ~/bin — Convert scripts for new hostname nxl6717ux and NXL67170 (see ~/bin/restore_wiki.sh, ~/bin/generate_wiki_page.sh, ~/bin/set-network.sh, files in ~/.unison)
• Force locale time to en_US.UTF-8. Add to ~/.profile:

export LC_TIME="en_US.UTF-8"

For Telematics build environment

• CRON - Add cron script ~/work/NXP/ATOP/crontab-svn-fetch (fetch svn database automatically)
• Printer — add Canon network printer (select IPP network printer via DNS-SD for protocol)

Detailed System Settings

1st install

• 2nd install on [2013-02-20]
• Distribution: Ubuntu 12.04 amd64
• Installation method: Net boot install from Internet using GRUB
• Language: English
• Location: Europe, Belgium Time
• Computer name: nxl67170ux
• Keyboard layout: BE
• Name: beq06659
• Login name: beq06659
• Update: No automatic update
• Software to install: Ubuntu Desktop
• Partition: see main page

Upgrade to Ubuntu 14.04 Trusty Tahr

• Get list of packages not coming from repositories

apt-show-versions | grep -v uptodate

• Add back some repositories

sudo add-apt-repository ppa:recoll-backports/recoll-1.15-on
sud apt-get update
sudo apt-get upgrade

• Remove / reinstall obsolete packages

sudo apt-get purge app-install-data-medibuntu medibuntu-keyring psmouse-dkms adobeair
sudo apt-get install git-annex=5.20140412ubuntu1

• Reinstall grub (to fix file not found error messages at boot [7])

sudo grub-install --directory=/usr/lib/grub/i386-pc --target=i386-pc --recheck /dev/sda
sudo grub-mkconfig -o /boot/grub/grub.cfg

Kernel

• Initial kernel: Precise Pangolin 3.2.0-38-generic (see Ubuntu page).

File System

• For details, see /etc/fstab.
  • NTFS — C: → do not mount automatically. Risk of corruption if mounted while VirtualBox is running!
    Also NTFS partition must be mounted without umask=007,gid=46, or will get operation not permitted when modifying timestamps:
  • Reiserfs — / → enable acl
  • ext4 — /data → enable acl and data=writeback

/dev/sda2               /c          ntfs        ro,users,nls=utf8,exec                0       2
UUID=...                /           reiserfs    notail,noatime,acl                    0       1
UUID=...                /data       ext4        defaults,noatime,data=writeback,acl   0       2

• File system structure:

/:                                        
  drwxr-xr-x  root      root      boot/       # /dev/sda3
  drwxr-xr-x  root      root      c/          # /dev/sda2
  lrwxrwxrwx  root      root      d -> /data/d/
  drwxr-xr-x  root      root      data/       # /dev/sda8
  drwxr-xr-x  root      root      net/
  lrwxrwxrwx  root      root      sage -> /data/sage-6.0/
  drwxr-xr-x  root      root      smb/
  drwxr-xr-x  root      root      win/
/data:
  drwxrwsr-x+ beq06659  vbox      d/
  drwxr-xr-x  root      root      home/
  drwxr-xr-x  beq06659  beq06659  sage-6.0/
  drwxr-sr-x+ root      www-data  www/
/home/beq06659:
  lrwxrwxrwx  beq06659  beq06659  Documents -> /d/documents/
/net:
  # NFS autofs
/smb:
  drwxr-xr-x  root      root      mnemosyne/   # SMB autofs
/var:
  lrwxrwxrwx  root      root      www -> /data/www/

• Configure acl on /data/d:

# VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'vbox', all files gets vbox/vbox ownership.
# beq06659 user is in group 'vbox' so he can access all files created by vbox.
# We use acl so that files gets group access vbox/rwx, so that vbox can also access any file created by other users.
# OLD CONFIG:
# # VirtualBox uses /data/d as Windows D: drive. Since VirtualBox runs as 'root', all files gets root/root ownership.
# # We use acl so that files gets group access beqO6659/rwx by default
cd /data
sudo chgrp -R vbox d
sudo chmod -R g+w d
find d -type d -print0|sudo xargs -0 chmod g+ws
find d -type d -print0|sudo xargs -0 setfacl -m d:group:vbox:rwx

• Configure acl on /data/www:

# Set default access condition to rwxr-xr-x / www / www-data
cd /data
sudo chgrp -R www-data www
find www -type d -print0|sudo xargs -0 chmod g+s
find www -type d -print0|sudo xargs -0 setfacl -m d:group:www-data:r-x
find www -type d -print0|sudo xargs -0 setfacl -m d:user:www:r-x           # TODO: this one does not work with root...

Network

• Edited /etc/hosts (added names for intranet)
• Added to /etc/apt/apt.conf:

Acquire::http::proxy "http://localhost:8118/";
Acquire::ftp::proxy "ftp://localhost:8118/";
Acquire::https::proxy "https://localhost:8118/";

• Added to /etc/environment:

http_proxy="http://localhost:8118/"
ftp_proxy="ftp://localhost:8118/"
https_proxy="https://localhost:8118/"

• .pac files:
  • privoxy: file:///home/beq06659/etc/proxylocal-privoxy.pac (or http://localhost/proxy.pac to circumvent Opera bug)
  • nxp: http://nww.nics.nxp.com:8080/proxy.pac
• /etc/sudoers — keep variables http_proxy and https_proxy
• Proxy configurations

• SAMBA/NFS CLIENT - Mount mnemosyne shares as NFS autofs (see [8]) and as SMB autofs
• Enabled/created the following automounters in /etc/auto.master:

/net           /etc/auto.net
/smb/mnemosyne /etc/auto.smb.mnemosyne

• Created configuration file /etc/auto.smb.mnemosyne (mount options: noperm,iocharset=utf8,credentials=/etc/auto.smb.mnemosyne.*)
• Created SMB credential files /etc/auto.smb.mnemosyne.* (see man mount.cifs)
• Created path for mount points:

sudo mkdir /net
sudo mkdir -p /smb/mnemosyne
#ls /net/mnemosyne
#sudo mkdir -p /mnt/mnemosyne
#for i in /net/mnemosyne/volume1/*; do sudo ln -s $i /mnt/mnemosyne/$(basename $i); done

• NXP Wired
• Added local domain name be-leu01.nxp.com to /etc/resolv.conf (! do not edit this file directly, see Linux Admin#Network Manager - Search Path)
• NXP Wireless (see Linux Admin#Wireless Network)
• Network name (SSID): WLAN-NXP
• Wireless security: WPA & WPA2 Enterprise
• Authentication: TLS
• Identity: beq06659
• User certificate / CA certificate / Private key: imported from Windows (EMEA-CA, exp. 2014-02-18, for Client Authentication, Secure Email)
• Privoxy settings:
  • Added to /etc/privoxy/user.action:

  { -filter }
  tennislibre.com
  

  • Add filter settings for chromanova web-radio (config file):

  # 3 forward rules for chromanova radio
  forward             85.25.86.69         emea.nics.nxp.com:8080
  forward             91.143.81.239       emea.nics.nxp.com:8080
  forward             212.112.241.88      emea.nics.nxp.com:8080
  

Firewall

• Moved user rules to /etc/ufw so that they can be tracked by etckeeper

cd /lib/ufw
sudo mv user* /etc/ufw
sudo ln -s /etc/ufw/user.rules
sudo ln -s /etc/ufw/user6.rules

• Enabled ufw

sudo ufw enable

• Policy:

sudo ufw allow from 192.168.11.2                   # Enable full access from local virtualbox
sudo ufw allow from 172.19.0.0/16 to any port 22   # Enable - from home local network - SSH

Preferences

• Fonts (via ubuntu-tweak):

Category	Font	Size
Default Font	Ubuntu	9
Desktop Font	Sans	9
Monospace font	Lucida Console Semi-Condensed	10
Document font	Sans	10
Window title bar font	Ubuntu Bold	10

• Hinting: Basic
• Antialiasing: Subpixel antialising (LCD screens only)
• Keyboard
• Assign Ctrl-Alt-Del to Shutdown dialog
• Appearance
• Launcher icon size: 32
• Desktop icons (via ubuntu-tweak)
• Show desktop icons: ON (switching off disable the wallpaper as well!)
• File Manager (via ubuntu-tweak)
• Use the location entry instead of the pathbar: ON
• Displays
• Sticky edges: OFF
• Launcher placement: leftmost screen only (or we will have sticky edge on the middle edge)
• Brightness and Lock
• Turn off screen: after 5 minutes
• Lock: Disabled
• Theme
• Macbuntu 14.04. See Ubuntu.
• Compiz settings, see Ubuntu.
• Wallpaper: Pirate Mac.jpg (previous was Isabelle Hires Noir&Blanc crop-despeckle 936x1200.png).

Users

sudo gpasswd -a $USER dialout    # for access to /dev/ttyUSB0
sudo gpasswd -a $USER fuse       # to allow mounting FUSE fs (like curlftpfs)

Detailed Application Settings

Amarok

• Select PulseAudio as preferred device (instead of sound output HDA Intel (STAC92xx Analog)
• Set proxy settings in ~/.kde/share/config/kioslaverc.

Courier IMAP

• Install (reference here):
  • Create directories for web-based administration
  • SSL Certificate: /etc/courier/pop3d.pem, /etc/courier/imapd.pem
  • Postfix configuration: local only
  • System mail name: nxl67002ux.wbi.nxp.com
  • Created /etc/courier/userdb, and kept entries for root, localuser and beq06659
  • Use password from /etc/courier/userdb (method authuserdb).
• Recovered most files from nxl67002ux, but it failed at first because users where assigned different UID!!!
  Make sure users have identical UID, or courier will complain it has not the permission to access Maildir/p

Crontab

# Crontab
#
# Install this crontab with
#
#   sed -r '/^#/!s/\$USER/'$USER'/g' crontab-noekeon | crontab
#
#   !!! THIS WILL OVERWRITE ANY CURRENT CRONTAB !!!
#
# Or append only job to current crontab
#
#   ( crontab -l; sed -r '$!d;s/\$USER/'$USER'/g' crontab-noekeon ) | crontab
#
# Use /bin/bash to run commands, instead of the default /bin/sh
SHELL=/bin/bash
# Define variable USER because we need it in our job scripts
USER=beq06659
# Mail any output to '$USER', no matter whose crontab this is
MAILTO=beq06659
# Set PATH - by default it is set to /usr/bin:/bin
PATH=/home/beq06659/bin:/usr/local/bin:/usr/bin:/bin
#
#
# m h dom mon dow   command     (dow=0|7 is sunday)
37 * * * *      chronic ~beq06659/bin/backup_main ~beq06659/etc/backup-noekeon
33 * * * *      chronic ~beq06659/bin/fetch_all_svn.sh
30 12  * * * RCLCRON_RCLINDEX= RECOLL_CONFDIR="/home/beq06659/.recoll/" recollindex
42 * * * *      chronic ~beq06659/bin/local/fetch_all_git.sh
37 * * * *      chronic ~beq06659/bin/backup_main ~beq06659/etc/backup-nxpwiki
47 * * * *      chronic ~beq06659/bin/local/deduplocal.sh
50 * * * *      chronic ~beq06659/bin/backup_main ~beq06659/etc/backup-evoswiki

Firefox

• Theme: macfox3 1.1.7
• Extensions (some disabled because Firefox hangs on launch/exit):
  • AutoPager 0.7.0.0 — disabled
  • Belgium eID 1.0.11 — disabled
  • CHM Reader 0.2.3
  • Cycle Input Focus 1.0.0 — disabled
  • Delicious Bookmarks 2.3.1
  • Fast Dial 3.4
  • FireGestures 1.5.7 — disabled
  • FoxyProxy Standard 3.3
  • Live HTTP headers 0.17
  • Ubuntu Firefox Modifications 0.9rc2
  • User Agent Switcher 0.7.3 — disabled

LAMP

Install the servers:

sudo apt-get install apache2 php5 mysql-server mysql-client php5-mysql
# --> Defined password for MySQL root user
sudo vi /etc/apache2/apache2.conf
# --> Added lines at line 32:
#     #MIP CUSTOM
#     ServerName "nxl67002ux"
# Restart apache server to activate php module...
sudo /etc/init.d/apache restart

# Move www root dir to /data disk
sudo mv /var/www /data
sudo ln -sf /data/www /var/www

Apache:

• configuration file is at /etc/apache2/apache2.conf
• Apache root http directory is /var/www
• Enable mod-rewrite module.
  In /etc/apache2/sites-available/default, change as: AllowOverride NoneFileInfo (twice).
• Enable mathjax:

First install it:

sudo apt-get install libjs-mathjax

Then edit /etc/apache2/sites-available/default-ssl.conf:

 DocumentRoot /var/www
+Alias /mathjax /usr/share/javascript/mathjax

Create databases that will store local copies of cryptokiwi and mikiwiki wiki, and of mikido:

MYSQL_HISTFILE=/dev/null mysql --user=root -p mysql

mysql> CREATE DATABASE cryptokiwi;
mysql> GRANT ALL PRIVILEGES ON cryptokiwi.* TO kiwi@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikiwiki;
mysql> GRANT ALL PRIVILEGES ON mikiwiki.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE mikido;
mysql> GRANT ALL PRIVILEGES ON mikido.* TO miki@localhost IDENTIFIED BY '********';
mysql> CREATE DATABASE nxpwiki;
mysql> GRANT ALL PRIVILEGES ON nxpwiki.* TO nxp@localhost IDENTIFIED BY '********';
mysql> quit

• Enabled HTTPS (requires valid-user)
• Firewall blocks port 80 but allow port 443 (so that localhost can connect w/o password but other guest needs password)

Nautilus

• Default view: List View
• Display, date format: YYYY-MM-DD hh:mm:ss
• List View: zoom 33%
• Icon View, Compact View: zoorm 66%
• Preview: all set to Never, and only for files smaller than 500kB (to prevent thumbnailing PDFs...)

Opera

• (nxp) Import collabnet client-side certificate (beq06659.pfx)
• Change fonts (Preferences → webpages — requires restart for changes to take effect!):
  • Normal font: DejaVu Sans, 16.
  • Monospace font: DejaVu Sans Mono, 16.

Psi

(recovered from previous settings on Gryphon at ~/.psi)

• Gnome: Added Psi as startup program (Psi, /usr/bin/psi, Communicate over the jabber network).
• Options → Events → Enable popup notifications (all notifications)
• Modify Account... → Changed resource to work-ux
• Modify Account... → Automatically reconnect if disconnected
• Modify Account... → Proxy → localhost:8118

Samba

• See Samba server page on this wiki.
• File /etc/samba/smb.conf:

   security = user
   username map = /etc/samba/smbusers

# [...]

[homes]
   comment = Home Directories
   browseable = no
 
# [...]
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

• Added user beq06659
• Opened firewall ports (137/udp, 138/udp, 139/tcp, 445/tcp)

SSH

• Installed SSH-Tunnel
• Files recovered from other installation (ssh-tunnel v2.26 + patch):

/usr/local/bin
-rwxr-xr-x 1 root root ssh-agent-refresh_andlinux.sh
-rwxr-xr-x 1 root root ssh-agent-refresh.sh
-rwxr-xr-x 1 root root ssh.pl
-rwxr-xr-x 1 root root ssh-tunnel.pl

• User beq06659 - configuration file in directory ~/.ssh:
  • id_rsa || id_rsa.pub || authorized_keys || config* || proxy.conf* || clbanner.txt
• Disabled SSH Key Agent from Gnome Startup Applications
• Added startup application:
  • Name: startup.sh
  • Command: /home/beq06659/bin/startup.sh
  • Comment: Custom startup script
• Do not accept locale env var. LC_* from the client (see SSH#Missing Locale in Perl)

Terminal

• My custom configuration

Vim

• Added ~/.bash_completion from [9] (modified to also take alias v=gvim)

Wine

See Configuration NXP Dell Latitude E5430 - Wine.

Issues and To Do

Issues

See Common Issues

To Do

• To Do — Set up smtp server for localhost (to allow sending mail to remote server from local smtp)
• To Do — See To Do / Issue list on Configuration NXP Dell Latitude E6500
• To Do — recoll, install more filters: python:epub, python:midi, python:rarfile (see ~/.recoll/missing)
• To Do — Install macbuntu or similar theme, if available
• To Do — See Ubuntu 14.04 Trusty Tahr guides
• To Do — Things to try, as demo'ed by Alicia Da Conceicao on her Surface Pro 2:
  • MS Office on Wine + Play on Linux
  • Connect to MS Exchange using Evolution
  • Connect to MS Lync using Online Buddy (Pidgin)

Done

• Done — Description