The following sections describe the configuration of some packages.
1. acoc
In order to use acoc you should start it with
$ acoc <command>
for example, or you can create an alias like this:
alias pacman='acoc pacman'
2. amavisd-new
For the first initial setup you may want to use our amavisconf
utility.
From amavisd-new-2.5.2-1 we no longer use a random uid/gid, but dedicated ones. Because of this amavis service will not start if you have it installed before, so you have to correct this by issuing these commands:
groupmod -g 40 amavis
usermod -u 40 -g 40 amavis
chown -R amavis:amavis /var/lib/amavis
chown -R amavis:amavis /var/lock/amavis
You should chown any other amavis-owned stuff you may have lying around, these are only the default ones.
3. android-sdk
Setting up Android SDK :
# repoman upd
# repoman merge android-sdk
# pacman-g2 -A android-sdk-r11-1-i686.fpm
You should open a new shell to have android-sdk/tools/ in the path. After that, just type "adb" (not "./adb") as mentionned in following links.
If you want to use your Android phone as a proxy, see these pages :
-
with Proxoid : http://code.google.com/p/proxoid/wiki/installationLinux
-
Proxoid for french users/HTC G1 : http://blog.archambeau.info/?p=9
-
with Tetherbot : http://graha.ms/androidproxy/
4. apache
4.1. How to configure Apache
-
These steps require root privileges, so use su - to get a root shell.
-
The Apache server isn’t started by default. You can change this with the
# service httpd add
command.
-
We don’t want to reboot, so start it manually:
# service httpd start Starting Apache web server (no SSL) [ OK ]
You have finished if you don’t need SSL support.
4.2. Setting up SSL support for Apache
-
Creating the certifications:
# cd /etc/httpd/conf/ # sh mkcert.sh Signature Algorithm ((R)SA or (D)SA) [R]: Here we can accept the default RSA signature algorithm first. Then we have to fill out some fields. There are quite a few fields but you can leave most of them blank. If you enter '.', the field will be left blank. 1) Country Name (2 letter code) [XY]: Give the 2-letter code of our contry (for example US) 2) State or Province Name (full name) [Snake Desert]: We type our state. 3) Locality Name (eg, city) [Snake Town]: The name of our city. 4) Organization Name (eg, company) [Snake Oil, Ltd]: Our organization's name. 5) Organizational Unit Name (eg, section) [Webserver Team]: Our section's name. 6) Common Name (eg, FQDN) [www.snakeoil.com]: Important: Give a real address here, otherwise you'll get warnings in your browser! 7) Email Address (eg, `name@FQDN') [`www@snakeoil.com']: I usually give the email address of the webmaster here. (webmaster@domain.com) 8) Certificate Validity (days) [365]: In most cases, one year will be good. Then, we should choose the version of our certificate: Certificate Version (1 or 3) [3]: The default 3 will be good, so just hit enter. In the next step we can encrypt our private key: Encrypt the private key now? [Y/n]: The keys will not be readable by users, so we can leave this step out.
So the following files are created:
/etc/httpd/conf/ssl.key/server.key (keep this file private!) /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.csr/server.csr
-
Enable SSL in /etc/httpd/conf/httpd.conf: Open the file with your favorite editor, and search the followings at about line 1040:
# Uncomment this if you want SSL support! #<IfModule mod_ssl.c> # Include /etc/httpd/conf/ssl.conf #</IfModule>
Uncomment them.
-
Now we should restart Apache:
# service httpd restart
-
Then we can check if the task was successful:
$ elinks https://localhost/
This should show the default homapage, received via SSL :)
4.3. Self-signed Apache certificate
This must be done as root.
# openssl genrsa -des3 -out server.key 1024
Enter "foobar" twice as passphrase.
# openssl req -new -key server.key -out server.csr
Enter "foobar" when asked for passphrase, answer the questions. Leave "challenge password" "and optional company name" empty.
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
Enter "foobar" when asked for passphrase.
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# cp server.crt /etc/httpd/conf/ssl.crt/
# cp server.key /etc/httpd/conf/ssl.key/
# service httpd stop
# vi /etc/httpd/conf/httpd.conf
Uncomment the marked three lines around line 1044 (look for "SSL support").
# service httpd restart
Don’t forget to open port 443 on your firewall, if any. (Based on How to create a self-signed SSL Certificate…, tested on frugalware-current 2007-02-14.)
5. asciidoc
Asciidoc has a number of configuration files under /etc/asciidoc
and
it’s easy to get lost in that directory.
Regarding pdf (dblatex) generation, here are some options you can set:
-
If you want to avoid the "PDF by dblatex" picture on the front page, edit
/etc/asciidoc/dblatex/asciidoc-dblatex.xsl
:
<xsl:param name="doc.publisher.show">0</xsl:param>
-
If you want to avoid the "Revision History" page, add:
<xsl:param name="latex.output.revhistory">0</xsl:param>
-
If you want to avoid the "Contents" page, add:
<xsl:param name="doc.toc.show">0</xsl:param>
-
If you want to avoid the front page, sadly you can’t do it from a configuration file, but for now you can edit
/usr/share/dblatex/latex/style/docbook.sty
. Change the\maketitle
macro to:
\def\maketitle{
\def\edhead{}
\DBKdomitete
}
6. autojump
6.1. AUTOJUMP
6.1.1. A cd
command that learns
Please read the official README or the manual.
6.1.2. Installation
Add the line :
source /etc/profile
to ~/.bashrc
or ~/.zshrc
if it isn’t already there.
7. avahi
Warning
|
If you have rlocate installed on your system, Avahi will not run and therefore Zeroconf functionality in programs will be disabled. If you want this functionality, then please uninstall rlocate. |
Also, If you are using iptables, please uncomment this line in /etc/sysconfig/firewall:
#-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
After that do not forget to restart iptables with:
# service firewall restart
8. b43-fwcutter
Since version 2.6.24, the bcm43xx driver is deprecated, replaced by the b43 and b43legacy modules.
The module should be loaded automatically, in case it isn’t, you can load it manually:
# modprobe b43
or:
# modprobe b43legacy
You must bring the device up with ifconfig before doing any other configuration steps.
# ifconfig ethX up
Since the channel must be set manually, first do a scan:
# iwlist ethX scan
Then you can set it:
# iwconfig ethX channel Y
Finally set your essid:
# iwconfig ethX essid "myessid"
Ready!
9. cairo-clock
Cairo-Clock requires the Composite option to be enabled in your Xorg configuration. To enable it, add the following lines to /etc/X11/xorg.conf:
Section "Extensions"
Option "Composite" "Enable"
EndSection
10. ccache
After you installed ccache
, it won’t be enabled by default.
First, you need to determine who is allowed to use ccache
. You have to
add each user to the ccache
group. If you want to allow using ccache
from chrooted builds, then you need to add the fst
user:
# usermod -a -G ccache fst
Second, you need to somehow let the build system to use ccache
, and
not the compiler directly. If you use makepkg
, this is enabled by
default (you can disable it with the -B
option). If you build
manually, then you are on your own, though usually there are two ways to
do so:
-
Tell the configure script to use a different compiler:
$ CC=/usr/bin/ccache ./configure
-
Modify path to use the fake compiler provided by
ccache
:
export PATH=/usr/lib/ccache/bin:$PATH
11. cpupower
Configure your hardware specific options under /etc/sysconfig/cpupower. See the man pages for cpupower-frequency-set and cpupower-set for more information. When you are finished configuring, use this command as root to enable it at boot time:
systemctl enable cpupower.service
12. cryptsetup-luks
Follow these steps to when using cryptsetup-luks
:
12.1. Creating
# cryptsetup luksFormat /dev/partition
# cryptsetup luksOpen /dev/partition label
# mke2fs -j /dev/mapper/label
# mount /dev/mapper/label /mnt/label
12.2. Mounting
Of course later you don’t have to use luksFormat
and mke2fs
:
# cryptsetup luksOpen /dev/partition label
# mount /dev/mapper/label /mnt/label
12.3. Umounting
# umount /mnt/label
# cryptsetup luksClose label
12.4. Encrypting your home partition
Note
|
You have need to install the sharutils package to do the followings! |
-
List these modules in
/etc/sysconfig/modules
:
aes
aes-i586
sha256
dm-crypt
-
Move all data from
/home
to a secure place (in this example/media/sda1/home
)
# cp -arvx /home /media/sda1/
-
Umount
/home
(in this example/dev/hda6
) and fill it with random numbers:
# umount /home
# dd if=/dev/urandom of=/dev/hda6
-
Create the encrypted partition:
# cryptsetup -y luksFormat /dev/hda6
Here we will be asked for a password which will be necessary to access /home
at boot time.
-
Open the encrypted partition and create its file system (
ext3
in this example):
# cryptsetup luksOpen /dev/hda6 home
# mkfs.ext3 /dev/mapper/home
-
Mount the home partition and copy the contents of original home:
# mount /dev/mapper/home /home
# cp -arvx /media/sda1/home /home
-
Edit the home related line in
/etc/fstab
:
/dev/mapper/home /home ext3 noatime 0 0
-
Create
/etc/rc.d/rc.crypt
script with the following content:
#!/bin/sh
/usr/sbin/cryptsetup luksOpen /dev/hda6 home
/bin/mount /dev/mapper/home /home
-
Enable it:
# ln -s /etc/rc.d/rc.crypt /etc/rc.d/rcS.d/S15rc.crypt
You have to delay the splash screen, so that you can type your password before the splash appears:
# mv /etc/rc.d/rcS.d/S03rc.splash /etc/rc.d/rcS.d/S15rc.splash
(It will ask the password between the lvm and the splash service.)
Now the system can be restarted and the password will be asked to access home partition boot-time.
Note
|
The English keyboard map will be used at that point of the boot process. |
13. cwiid
13.1. Module loading
To use your wiimote you have to load module uninput with:
# modprobe uninput
To load this module at every start-up, just add uninput in /etc/sysconfig/modules file.
14. cyrus-sasl
14.1. Configuring
This mini-howto helps you to install the saslauthd server using postfix which
will authenticate using users and passwords from /etc/{passwd,shadow}
.
First install the necessary packages:
# pacman-g2 -S postfix saslauthd
Enable sasl in postfix’s config by appending the following lines to
/etc/postfix/main.cf
:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
You may want to append
broken_sasl_auth_clients = yes
as well.
Put the following lines to /usr/lib/sasl2/smtpd.conf
:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Edit /etc/sysconfig/saslauthd
by changing the following lines:
options=""
to
options="-a shadow"
Now you can start saslauthd by
service saslauthd start
as well as enabled in by default on startup:
service saslauthd add
Issue id postfix
and see if the daemon
group is listed. If not, then add
postfix
to the daemon
group:
usermod -G daemon postfix
Finally restart postfix:
service postfix restart
Compeleted!
14.2. Verifying
We test it using telnet. We need perl to generate the string for the SASL authentication:
$ perl -MMIME::Base64 -e 'print encode_base64("vmiklos\0vmiklos\0secret");'
dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==
Then use telnet:
$ telnet host.com 25
Trying ip...
Connected to host.com.
Escape character is '^]'.
220 host.com ESMTP Postfix
ehlo my.dhcp
250-host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
15. dante
15.1. Configuration
In most cases you have a socks server (you can create one easily using ssh, see the documentation of the openssh package), and you want to route all traffic through it. Here is the config you need:
route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 8080
proxyprotocol: socks_v4
}
15.2. Testing it
Try for example:
$ socksify irssi
When you connect to a server, others will see that you’re connecting from the server, not from your own host.
16. ddclient
Please configure /etc/ddclient/ddclient.conf before running ddclient!
Samples for common configurations can be found in: /usr/share/doc/ddclient-$package_version/sample*
Additional details and instructions can be found in: /usr/share/doc/ddclient-$package_version/README
Once you have finished configuring the ddclient.conf file, you can start ddclient as a daemon by running as root, the following command:
# service ddclient start
17. dhcp
If you are in trouble setting up your dhclient, use the following options. These are quite good defaults:
request subnet-mask, broadcast-address, time-offset, \
routers, domain-name, domain-name-servers, \
host-name, netbios-name-servers, netbios-scope;
timeout 20;
script "/sbin/dhclient-script";
18. drupal6
To be able to use this package as intended, you will have to:
-
set up apache to access
/var/www/drupal6
from the web the way you like; -
install and set up your favourite SQL database (mysql or postgresql; this package DOES NOT depend on any of them);
-
create and/or grant access to a mysql or postgresql database;
-
set up your drupal installation itself by entering the correct credentials at the install screen to be able to reach the above-mentioned database.
19. drupal7
To be able to use this package as intended, you will have to:
-
set up apache to access
/var/www/drupal7
from the web the way you like; -
install and set up your favourite SQL database (mysql, postgresql or sqlite; this package DOES NOT depend on any of them);
-
create and/or grant access to a mysql, postgresql or sqlite database;
-
set up your drupal installation itself by entering the correct credentials at the install screen to be able to reach the above-mentioned database.
20. dspam
To populate the DSPAM database, you need to follow several steps.
-
First create a database. Login to the mysql command prompt.
$ mysql -u root -p mysql> CREATE database dspam;
-
Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
Replacing passwd with your chosen password.
-
Optimizing the datebase:
If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
Enter the password you set in the previous step, and the database should be populated.
-
Remember to edit /etc/dspam/dspam.conf accordenly
If you want to use the postgresql, sqlite3 or Berekely DB4 backends you can find instructions in the dspam documentation.
21. eaccelerator
21.1. Setting up eaccelerator
In order to use eAccelerator, you must add the following lines to your /etc/php.ini file:
extension="/usr/lib/php/extensions/no-debug-non-zts-20090626/eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
Do not forget to create the cache directory as well:
mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
21.2. Configuration Options:
eaccelerator.shm_size
The amount of shared memory (in megabytes) that eAccelerator will use.
"0" means OS default. Default value is "0".
eaccelerator.cache_dir
The directory that is used for disk cache. eAccelerator stores precompiled
code, session data, content and user entries here. The same data can be
stored in shared memory also (for more quick access). Default value is
"/tmp/eaccelerator".
eaccelerator.enable
Enables or disables eAccelerator. Should be "1" for enabling or "0" for
disabling. Default value is "1".
eaccelerator.optimizer
Enables or disables internal peephole optimizer which may speed up code
execution. Should be "1" for enabling or "0" for disabling. Default value
is "1".
eaccelerator.debug
Enables or disables debug logging. Should be "1" for enabling or "0" for
disabling. Default value is "0".
eaccelerator.check_mtime
Enables or disables PHP file modification checking . Should be "1" for
enabling or "0" for disabling. You should set it to "1" if you want to
recompile PHP files after modification. Default value is "1".
eaccelerator.filter
Determine which PHP files must be cached. You may specify the number of
patterns (for example "*.php *.phtml") which specifies to cache or not to
cache. If pattern starts with the character "!", it means to ignore files
which are matched by the following pattern. Default value is "" that means
all PHP scripts will be cached.
eaccelerator.shm_max
Disables putting large values into shared memory by " eaccelerator_put() "
function. It indicates the largest allowed size in bytes (10240, 10K, 1M).
The "0" disables the limit. Default value is "0".
eaccelerator.shm_ttl
When eaccelerator fails to get shared memory for new script it removes all
scripts which were not accessed at last "shm_ttl" seconds from shared
memory. Default value is "0" that means - don't remove any files from
shared memory.
eaccelerator.shm_prune_period
When eaccelerator fails to get shared memory for new script it tryes to
remove old script if the previous try was made more then
"shm_prune_period" seconds ago. Default value is "0" that means - don't
try to remove any files from shared memory.
eaccelerator.shm_only
Enables or disables caching of compiled scripts on disk. It has no effect
on session data and content caching. Default value is "0" that means - use
disk and shared memory for caching.
eaccelerator.compress
Enables or disables cached content compression. Default value is "1" that
means enable compression.
eaccelerator.compress_level
Compression level used for content caching. Default value is "9" which is
the maximum value
eaccelerator.keys
eaccelerator.sessions
eaccelerator.content
Determine where keys, session data and content will be cached. The possible
values are:
"shm_and_disk" - cache data in shared memory and on disk (default value)
"shm" - cache data in shared memory or on disk if shared memory
is full or data size greater then "eaccelerator.shm_max"
"shm_only" - cache data in shared memory
"disk_only" - cache data on disk
"none" - don't cache data
eAccelerator API:
eaccelerator_put($key, $value, $ttl=0)
puts the $value into shard memory for $ttl seconds.
eaccelerator_get($key)
returns the value from shared memory which was stored by eaccelerator_put()
or null if it is not exists or was expired.
eaccelerator_rm($key)
removres the $key from shared memory
eaccelerator_gc()
removes all expired keys from shared memory
eaccelerator_lock($lock)
creates a lock with specified name. The lock can be released by function
eaccelerator_unlock() or automatic on the end of request.
For Example:
<?php
eaccelerator_lock("count");
eaccelerator_put("count",eaccelerator_get("count")+1));
?>
eaccelerator_unlock($lock)
release lock with specified name
eaccelerator_set_session_handlers()
install the eaccelerator session handlers.
Since PHP 4.2.0 you can install eaccelerator session handlers
in "php.ini" by "session.save_handler=eaccelerator".
eaccelerator_cache_output($key, $eval_code, $ttl=0)
caches the output of $eval_code in shared memory for $ttl seconds.
Output can be removed from cache by calling mmcach_rm() with the same $key.
For Example:
<?php eaccelerator_cache_output('test', 'echo time(); phpinfo();', 30); ?>
eaccelerator_cache_result($key, $eval_code, $ttl=0)
caches the result of $eval_code in shared memory for $ttl seconds.
Result can be removed from cache by calling mmcach_rm() with the same $key.
For Example:
<?php eaccelerator_cache_output('test', 'time()." Hello";', 30); ?>
eaccelerator_cache_page($key, $ttl=0)
caches the full page for $ttl seconds.
For Example:
<?php
eaccelerator_cache_page($_SERVER['PHP_SELF'].'?GET='.serialize($_GET),30);
echo time();
phpinfo();
?>
eaccelerator_rm_page($key)
removes the page which was cached by eaccelerator_cache_page() with the same
$key from cache
eaccelerator_encode($filename)
returns the encoded bytecode of compiled file $filename
eaccelerator_load($code)
loads script which was encoded by eaccelerator_encode()
22. ejabberd
22.1. Creating your SSL keys
Generate Key Pair:
# cd /etc/ejabberd
# openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
Note
|
You should enter your domain name as the Common Name for your certificate. |
Remove pass parse:
# openssl rsa -in privkey.pem -out privkey.pem
Combine the Private and Public Key:
# cat privkey.pem >> server.pem
Delete Private Key:
# rm privkey.pem
Set permissions:
# chown root:ejabberd server.pem
# chmod 640 server.pem
Finally update the config file:
-
Change the
./ssl.pem
string to/etc/ejabberd/server.pem
. -
Change
starttls
totls
in thelisten
section if you want to force users to use SSL.
22.2. Creating an administrator
Register an account on your ejabberd
deployment. An account can be created
using a jabber client like pidgin
.
Add the following lines to you config:
{acl, admins, {user, "admin", "example.org"}}.
{access, configure, [{allow, admins}]}.
This will promote the account created in the previous step to an account with administrator rights.
22.3. Testing
Add the following line to your /etc/sysconfig/firewall
, for example after
mysql
:
# ejabberd
-A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
Now you should be able to connect to ejabberd
remotely. Start your favourite
jabber client on a remote machine (ie. pidgin) and register another account.
You should be able to talk to the admin now and vica versa.
For more info, please read the Installation and Operation Guide, which can be
found at /usr/share/doc/ejabberd-*/guide.html
.
23. enemy-territory
Evenbalance, developer of Punkbuster dropped support for Wolfenstein Enemy Territory (ET). Also the Punkbusterinstaller isn`t able to install the neccessary files for Enemy Territory. So if you got disconnected from servers and getting some #20004 errors, you can run et-pbupdate instead of pbweb. You can read more: http://etkey.org/
24. fbterm
To configure fbterm, please edit /etc/fbtermrc
.
25. foo2zjs
This driver is under constant change, therefore no "stable" branch exists. Also, communications with the author led nowhere, that might explain some weirdness of building it, getting the latest stable version number etc. Mail
26. fuse
Fuse is a virtual filesystem "helper" which makes possible to mount unusual things as a filesystem. It is achieved by using a simple program, which runs in user space, to provide data that can be represented by the fuse kernel module as a filesystem. The interpreter program is a less complex one than a kernel-space module, which is much harder to write. In Frugalware, regular users of a given box can mount filesystems by fuse. First as root, let’s install the tools needed:
# pacman-g2 -S fuse
Now, having the base of fuse, we need to install the programs for each specific filesystem type. To get a hint on what is available, you can issue the following command:
$ pacman-g2 -Ss fuse
The two most used (ftp, ssh) plugins can be installed by running the following command. Beware, the ftp fs is a perl module, and it seems a bit memory hungry / buggy / slow so therefore it might be replaced by CurlFtpFS in the future.
# pacman-g2 -S fuseftp sshfs-fuse
Then, you can mount a remote dir with sftp access as a regular user doing:
$ /sbin/mount.fuse sshfs#YOURUSERNAME@SERVER:/REMOTEDIR /LOCALDIR -o rw,OTHEROPTIONS
You can also unmount it as a regular user doing:
$ fusermount -u /LOCALDIR
27. fw32
27.1. Initial setup
Edit /etc/fw32/pacman-g2.conf if you want to change the mirror used, or other options used for pacman-g2.
Commands to use (with sudo or root shell):
fw32-create
systemctl enable fw32.service (required for boot-time fw32 root mounting)
27.2. Upgrading chroot
This needs to be done when packages become out of date. Command to use (with sudo or root shell):
fw32-upgrade
Warning
|
Should not be used while someone is using the chroot. |
27.3. Installing packages or groups to chroot
Command to use (with sudo or root shell):
fw32-install <packages and/or groups>
Warning
|
Should not be used while someone is using the chroot. |
27.4. Removing packages or groups from chroot
Command to use (with sudo or root shell):
fw32-remove <packages>
Warning
|
Should not be used while someone is using the chroot. |
27.5. Installing local FPM package to chroot
Command to use (with sudo or root shell):
fw32-install-package <FPM packages>
Warning
|
Should not be used while someone is using the chroot. |
27.6. Installing nobuild package to chroot
Command to use (with sudo or root shell):
fw32-merge <package>
Warning
|
Should not be used while someone is using the chroot. |
27.7. Cleaning chroot cache
Command to use (with sudo or root shell):
fw32-clean
Warning
|
Should not be used while someone is using the chroot. |
27.8. Deleting chroot
Command to use (with sudo or root shell):
fw32-delete
Warning
|
Should not be used while someone is using the chroot. |
27.9. Removing fw32
Command to use (with sudo or root shell):
fw32-delete
systemctl disable fw32.service (only needed if you enabled this at setup time)
rm -f /var/cache/pacman-g2/pkg/*i686.fpm (only needed if you want to delete the fpm cache)
pacman-g2 -R fw32
Warning
|
Should not be used while someone is using the chroot. |
27.10. Running a command within the chroot
Commands run will have the permissions of the user.
To get a shell:
fw32-run
To run a specific command:
fw32-run <command> [<arguments>]
27.11. Commands
-
fw32-clean: Clean the cache of old packages.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-create: Create the initial chroot.
-
fw32-delete: Delete the chroot, ensuring everything is umounted.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-install: Install all packages and groups specified to the chroot.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-install-package: Install all i686 FPMs specified to chroot.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-merge: Install a nobuild package to chroot.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-mount-all: Manually mount the chroot base directories.
-
fw32-run: Run a command within the chroot. If no command is specified, an attempt is made to execute the user’s shell.
-
fw32-umount-all: Manually umount all the directories in the chroot.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-remove: Remove all packages or groups specified from the chroot.
Warning
|
Should not be used while someone is using the chroot. |
-
fw32-upgrade: Performs a system upgrade inside the chroot.
Warning
|
Should not be used while someone is using the chroot. |
27.12. building i686 packages
Use the command fw32-makepkg
as root, in the same way you would use
regular makepkg. It will transparently wrap your build into a i686
chroot to produce a i686 package.
27.13. nobuild packages
Some nobuild
packages (like Skype) are available on x86_64, even if
upstream provides an i686 binary only. In that case the package has to
be installed inside the i686 chroot and on the host system as well: the
host package will contain a desktop file and an icon only to invoke the
chrooted package. See the fw32-merge command for details on how to install
the i686 version.
28. gammu
28.1. Configuring
You need to create your ~/.gammurc:
[gammu]
port = /dev/ttyUSB0
connection = fbus
Replace /dev/ttyUSB0
with your serial port device and fbus
with the
appropriate protocol name if you are not a Nokia user. Check if you have write
access to the device, you need to be a member of the uucp
group.
Once you think you’re done, check your setup:
$ gnokii --identify
It should print your IMEI
number so that you’ll be able to check if gammu
really found your phone or there is a problem.
28.2. Creating a backup
You probably use gammu
to make a backup of your phone.
This involves two steps:
-
Backing up your SMSes
$ gammu --backupsms backupsms.txt
-
The rest of your phone.
$ gammu --backup backup.txt
You may find an alternative format more human-readable for SMSes:
$ gammu --geteachsms > eachsms.txt
See the manual page for more tricks!
29. gif2png
If you want to use web2png, you must install python.
pacman-g2 -S python == git
29.1. gitweb
If you want to set up a web interface for your git repositories, then:
-
install the
gitweb
package -
edit
/etc/gitweb.conf
so that$projectroot
will point to the repository directory -
restart
apache
so that thegitweb
configuration will be included.
30. gnome-bluetooth
For have a full bluetooth support with gnome install obex-data-server # pacman-g2 -S obex-data-server
31. grub2
It is no longer acceptable to edit your grub configuration manually since
upgrading to grub2. Instead, it is advised to insert any customizations
you require in /etc/sysconfig/grub-config
and /etc/sysconfig/grub-custom
.
32. help2man
The most common usage of this applications is something like this:
$ help2man -n "<oneliner description>" -S Frugalware -N ./<binary> |sed 's/\\(co/(c)/' ><binary>.1
33. horde-webmail
This app does not have any webserver, SQL server nor IMAP server in its depends, which is intentional. Anyway, if you plan to use it, you should set up a webserver and an IMAP server. The SQL server is optional, but it’s the most easiest-to-use preferences container.
Additionally this app is not configured in any way: there are far too many customizable settings, so the packager cannot know how to set them for your particular needs. Installation instructions can be found in the INSTALL file.
34. hostapd
Configuration examples can be found in /etc/hostapd. You must edit the following files located in /etc/hostapd to configure hostapd:
hostapd.allow hostapd.conf hostapd.deny
35. icewm
I have included a custom shell script called icewm-menus, for use with the icewm menu file. An example menus file is also include at /usr/share/icewm/menus. It uses standard shell syntax, so you can easily use shell variables, etc, to create dynamic menus in icewm through my script and the usage of your local $HOME/.icewm/menus file. To use it, use the following syntax in your menu file: menuprog "(folder name)" (icon name) icewm-menus (menu switch to use) If setup correctly, you’ll wind up with menus generated by the output of the shell script. Have fun configuring icewm.
36. k3b
If you want to rip a video DVD, install the transcode package as well.
37. kbstick
If you do not know the keycodes for the keys you wish to remap the joystick events to, then please install the xev program. It will help you to identify them. Moving on, the /etc/kbstick.conf is the system level configuration file the shell script reads from if the user does not have a .kbstickrc in their home directory. Syntax is the same in both cases, and the configuration file has some comments to give you an idea of what each variable does. I have set the default up/down/left/right key mappings to what my laptop uses for them and the buttons will have to be manually defined to their proper keycodes. If you need any further help, please email the maintainer of this package.
38. kexec-tools
Warning
|
kexec works just like reboot, so please save your data before using it! |
Loading the new kernel:
# kexec -l /boot/vmlinuz-2.6.18-fw1 --append="ro root=/dev/hda3 quiet resume=/dev/hda2"
Booting it:
# kexec -e
39. keychain
First of all, we have to install package called keychain. (pacman-g2 -S
keychain
)
In the next step we have to create a new key. A key stands from two
parts, a public and a private part. It means two different files in your
~/.ssh/
directory.
Your key is generated by a program called ssh-keygen. It’s a part of openssh package. Run ssh-keygen -t dsa! You’ll see something like this:
voroskoi@kavics~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/voroskoi/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/voroskoi/.ssh/id_dsa.
Your public key has been saved in /home/voroskoi/.ssh/id_dsa.pub.
The key fingerprint is:
ac:47:93:29:d2:c4:e1:85:47:5c:c1:36:93:74:e9:08 voroskoi@kavics
It’ll generate for us the two parts of the key. The program asks where do you want to save the keys, it’s good to simply push an enter. After that You have to type in the passphrase of the key two times. It’s really important to chose a hard passphrase. It should contain lower-/uppercase characters, digits, possibly special characters too. The length must be at least 10 characters! We have to type in this passphrase only once after every restart we shouldn’t choose an easy one.
If everything works fine, then we have an id_dsa and an id_dsa.pub file
in our ~/.ssh/
directory.
voroskoi@kavics~/.ssh $ ls -la
drwx------ 2 voroskoi users 5 2005-04-13 13:39 ./
drwx--x--x 38 voroskoi users 67 2005-04-13 13:24 ../
-rw------- 1 voroskoi users 736 2005-03-01 21:25 id_dsa
-rw-r--r-- 1 voroskoi users 605 2005-04-11 04:18 id_dsa.pub
-rw-r--r-- 1 voroskoi users 230 2005-04-11 04:26 known_hosts
Now, we would like to use our newly generated key. We have to do the following:
$ scp ~/.ssh/id_dsa.pub username@remote_machine:
$ ssh username@remote_machine
$ cat id_dsa.pub >> ~/.ssh/authorized_keys
$ rm id_dsa.pub
$ exit
Good to know, that this time(I mean when we run scp and ssh commands) we can’t use our key’s passphrase, so we have to use our password on the remore_machine. If it’s done without any mistake on next login the remote_machine will ask for our key’s passphrase.
And here comes keychain. In openssh package there is a program called ssh-agent. You can store keys in ssh-agent. Keychain just makes easier using of ssh-agent and adds some new features.
This time i assume that we use bash. If we would like to use keychain
with an other shell, then we can use man keychain:-) So, let’s take out
favourite editor and add the following lines to ~/.bash_profile
file:
keychain -q id_dsa
[ -f $HOME/.keychain/$HOSTNAME-sh ] && source $HOME/.keychain/$HOSTNAME-sh
40. ksplice
ksplice is handy in case there is a serious security fix and you don’t want or can’t afford rebooting your system immediately.
Let’s pick an example, the kernel-2.6.28-6anacreon3 update, which added CVE-2009-2692.patch.
First update FST so that you will have the patch:
# repoman upd
Now create a working dir:
$ cp -a /usr/src/linux/ ~/linux-source
$ cd ~/linux-source
$ mkdir ksplice
$ cp /boot/config ksplice/.config
$ cp /boot/System.map ksplice/
$ ln -s ~/linux-source ksplice/build
$ cp /var/fst/stable/source/base/kernel/CVE-2009-2692.patch .
Now create the ksplice update:
$ ksplice-create --patch=CVE-2009-2692.patch ~/linux-source
Then apply it:
# ksplice-apply ksplice-st4dt4bg.tar.gz
To view all applies updates, or a specific one:
# ksplice-view
# ksplice-view --id=st4dt4bg
To revert one:
# ksplice-undo st4dt4bg
41. kvpnc
Howto setup KVpnc for use without root password - sudo
-
Install sudo
-
Edit /etc/sudoers: add an command alias
# Cmnd alias specification Cmnd_Alias KVPNC = /usr/bin/kvpnc # User privilege specification ALL ALL=NOPASSWD:KVPNC
Warning
|
Do it gently! (As always, when you edit /etc/sudoers.) |
42. lastfmsubmitd
42.1. Configuring Lastfmsubmitd
Change your LastFM username and password in /etc/lastfmsubmitd.conf
and the
MPD server settings in /etc/lastmp.conf
before starting the LastFM submit
daemon.
42.2. Starting the daemon(s)
After configuring lastfmsubmitd
, you should run the following commands to
start the daemons:
# systemctl start lastfmsubmitd.service
# systemctl start lastmp.service
43. lesspipe
For syntax highlighting support in less
via the lesspipe
wrapper, you must
install the source-highlight
package.
44. lilo
So, you feel like using lilo
, do you? Well, here you will find
instructions for configuring lilo
to work with Frugalware. Some things
to keep in mind:
-
lilo
must be rerun every time you upgrade the kernel -
lilo
must also be rerun if you change configuration for it to take effect -
only
lilo
or grub can be installed to your boot sector at the same time, however they do not conflict while simply residing on your system
You will find an example lilo.conf
in /etc/lilo.conf
already. You will need to
tweak it in order for it to match your system’s booting setup. The default
structure is designed to reflect the most common setup I know of, but may
still require a lot of modifications. For more information on lilo
, please
refer to man lilo
and man lilo.conf
.
45. lineakd
After installing lineakd, make sure you create a configuration file before starting it.
Example configuration files are located in /usr/share/doc/lineakd-*/.
Don’t forget to copy the configuration file to /etc/lineakd after you create it.
You can then start the lineak daemon by running the following command:
$ lineakd
46. lirc
After installing lirc you need to take the following steps:
-
Find a lird.conf for your remote control on remotes You can also take a look on /usr/share/remotes directory if you do not have an internet connection. If you do not find your remote controller, try
irrecord myremote
command. -
Copy your lircd.conf to /etc/ directory as root.
-
Add evdev to /etc/sysconfig/modules.
-
Load the module with
modprobe evdev
. -
Edit /etc/sysconfig/lirc if necessary.
$ cat /proc/bus/input/devices | grep -e N -e H
will show you the event# you should use. (Default is 2.)
-
Start lircd and lircmd with
sudo service lirc start
.
47. lmsensors
lmsensors is a hardware monitoring tool which is able to read thermal and voltage values and fan speeds from the sensor chips of your motherboard. Before running sensors you have to run sensors-detect as root to initialize them. It will autodetect your hardware and define which kernel modules you need to get it working properly, and tell you how to autoload them during boot.
So if you want to use lmsensors try to run
sensors-detect
and say YES at end of sensors-detect to write /etc/sysconfig/lm_sensors
.
48. lvm2
48.1. Creating
Here is a mini-HOWTO, a longer one is available here.
First if you are on a setup cd, you need to
modprobe dm-mod
and
vgchange -a y
The first loads the device-mapper support for the kernel, the later enables the existing volume groups. This is automatically done for you on an installed Frugalware system.
You need to decide what physical partitions to use for LVM. In this mini-HOWTO
/
is /dev/hda1
and we create a big /home
partition using /dev/hda2
and
/dev/hdc1
.
Let’s initialize them for use by LVM:
pvcreate /dev/hda2 /dev/hdc1
Create a volume group titled vg
:
vgcreate vg /dev/hda2
Extend it with /dev/hdb1
:
vgextend vg /dev/hdc1
Then we can create a logical volume with a size of 400G titled home
:
lvcreate -L400G -nhome vg
Create a filesystem on it as usual, ie. for ext3:
mke2fs -j /dev/vg/home
And now the only task is to mount it as usual, ie:
mount /dev/vg/home /mnt/target/home
48.2. Extending
You already saw how to extend a volume group. Extending a logical volume is a bit more complex, but still easy.
If you use ext3:
umount /mnt/target/home
lvextend -L+900M /dev/vg/home
resize2fs /dev/vg/home
mount /dev/vg/home /mnt/target/home
Note
|
According to the manpage of resize2fs, it would have support resizing without umounting, but this does not seem to work. |
If you use reiserfs:
lvextend -L+900M /dev/vg/home
resize_reiserfs /dev/vg/home
48.3. Removing
To remove a logical volume:
lvremove /dev/vg/home
To remove a physical volume from a volume group:
vgreduce vg /dev/hdc1
To remove a volume group:
vgremove vg
That’s it.
49. mailman
There is no any kind of http server in mailman’s depends. It’s because they are not needed to get a working mailman. Of cource if you want to provide archives and so don’t forget to install a http server.
50. man-db
If you like coloured man-pages then you can enable that feature by issuing
# chmod +x /etc/profile.d/man-colors.sh
It is handled as a configuration file, so feel free to edit the colors in that file if you want.
51. mantis
You have to GRANT some privileges (at least for the operating user) to be able to use this package, as the installer does not GRANT them. The operating user requires ALTER, SELECT, INSERT, UPDATE and even DELETE privileges, regardless that the latter is not mentioned by upstream. For installation, INDEX, CREATE, DELETE, and DROP privileges are also required - this can be carried out if you provide the (MySQL) superuser’s credentials to the installer.
Do not forget to rm -rf /var/www/mantis/admin
after a successful install to
prevent hijacking your bugtracker, and change the default administrator’s
password.
52. mediawiki
After installing this package, please run /usr/bin/mediawikisetup as root to setup MediaWiki
53. mod_mono
For enable mod_mono module apache don’t forget to define the User/Group directives into /etc/httpd/conf/httpd.conf. For test the configuration of mod_mono into /etc/httpd/conf/httpd.conf : #mono settings Alias /demo /usr/lib/xsp/test MonoApplications "/demo:/usr/lib/xsp/test" MonoServerPath /usr/lib/mono/2.0/mod-mono-server2.exe <Directory /usr/lib/xsp/test> SetHandler mono </Directory> and check the result : http://localhost/demo/
54. monit
You may want to forge a config file for yourself as /etc/monit/monitrc to be able to properly use Monit. Consult the online docs for details:
After doing so you should issue a systemctl enable monit.service
command to
make use of this service.
55. motion
You should edit the settings: videodevice, input, norm, frequency, width, height and target_dir in /etc/motion.conf
56. munin
From munin-1.2.5-2 we no longer use a random uid/gid, but dedicated ones. Because of this munin service will not start if you have it installed before, so you have to correct this by issuing these commands:
groupmod -g 47 munin
usermod -u 47 -g 47 munin
chown -R munin:munin /var/lib/munin
chown -R munin:munin /var/www/html/munin
chown -R munin:munin /var/log/munin
chown -R munin:munin /var/run/munin
You should chown any other munin-owned stuff you may have lying around, these are only the default ones.
57. nss-mdns
To enable IPv4 multicast DNS lookups, append mdns4 to the hosts line in /etc/nsswitch.conf. Use mdns6 for IPv6 or mdns for both.
58. openssh
58.1. Forwarding ports
# ssh -L 8000:localhost:80 server.com
After this you can access server.com:80 at localhost:8000 even if server.com:80 is not accessible from your machine.
58.2. Socks proxy
Many mobile users have the following problem: they have to use an unencrypted wireless lan and they want to access webservers which does not support https. There is an easy solution for this: you transfer data to a server in an ssh tunnel then the data can be transferred to the server unencrypted in a wired network. This is much more secure. Set up the socks proxy on localhost:8080:
$ ssh -D 8080 server.com
Then configure your webbrowser to use the proxy, for example in firefox, select
Manual proxy configuration
and then set SOCKS Host
to localhost, Port
to
8080.
Note
|
Don’t forget to clear other proxy fields! (HTTP, SSL, FTP, etc.) |
59. pawm
Copy /etc/pawm.conf to $HOME/.pawm for your own local changes. If you want icons on your desktop, add a file to your $HOME/.pawm directory that starts with "app" and append an alphanumerical phrase of your choice to it. Then, write the file structure as follows:
<icon name> <x position> <y position> <name to display> <command>
Example:
firefox.xpm 40 40 firefox firefox
Other things to remember, you can only use xpm files for this method, and it takes the files from /usr/share/pixmaps. If I knew how to change this path to a directory the user has, I would.
60. pdns
If you wish to use the gmysql or gpgsql backends with a local server, then follow these instructions.
For gmysql, install mysql
package.
pacman-g2 -Sy mysql
For gpgsql, install postgresql
package.
pacman-g2 -Sy postgresql
Now, copy /lib/systemd/system/pdns.service
to /etc/systemd/system/pdns.service
.
cp -f /lib/systemd/system/pdns.service /etc/systemd/system/pdns.service
Uncomment the lines appropriate for your selected backend. The comments in the file will guide you. After all this, you must still ensure the specific database backend you are wanting to use is properly configured. This means both the pdns configuration and the setup for the mysql or postgresql daemon. Refer to pdns, mysql, and/or postgresql documentation for more information.
61. pekwm
Be sure to make your own file at $HOME/.pekwm/autostart if you use pekwm-session to auto-launch commands when you startup. I know pekwm has a start file for this, but my method launches it only at the start of your session, while the method pekwm uses starts everytime you restart/start pekwm. Use it well. You can find an example below:
dbus-session --exit-with-session --sh-syntax & feh --bg-scale "$HOME/.foo/bar" &
62. perlpanel
I have purposely left out a few perl modules from the dependencies array, because they are not needed to run perlpanel and drag in a lot of GNOME or other stuff you may not want. Below, you will find a list of these modules and what they do. If you find errors in this documentation, then please report it and I will look into it.
perl-xmms - perlpanel plugin interface to xmms perl-gnome2-vfs - various gnome plugin interfaces for perlpanel libgnomeui - for full libglade support in perlpanel
63. phc-optimizer
This package contains a script for finding the optimal voltage while maintaining system stability. During the process, your system will mostly likely crash multiple times before you find the right settings. Make sure you are not running or doing anything important while using this script. Keep a backup of essential data in case of data loss.
Now, you will need to run this script as root or have sudo privileges. In addition, you need to have installed either phc-intel or phc-k8 and have compatible hardware. Run this command as root or regular user with sudo privileges, and follow the interactive prompts it gives you.
phc-optimizer
It will save the results from testing in a file called phc_tweaked_vids
in the
directory it was executed from. This process should be repeated for each VID value.
After all this work, you should have your final set of VIDs.
64. php
You should set
cgi.fix_pathinfo=1
in /etc/php.ini in order to use php-cgi.
65. php-jsmin
65.1. Setting up JSMin
In order to use JSMin, you must add the following lines to your /etc/php.ini file:
extension="/usr/lib/php/extensions/no-debug-non-zts-20090626/jsmin.so"
66. phpbb
After installing this package, please run /usr/bin/phpbbsetup as root to setup phpBB
After upgrading, make sure to run the database update script
67. pm-radeon
Before you can use this package, you must edit the configuration for it in
the file /etc/sysconfig/pm-radeon
. After you are done, run this command to
enable it at startup.
systemctl enable pm-radeon.service
68. pootle
In most cases you want to use pootle with mysql and apache. See here on how to configure them:
Also read these pages if you’re upgrading from Pootle 1.x:
69. postfix
69.1. Using a relay host
These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.
Set up a password maps file (/etc/postfix/sasl_passwd
) as follows:
mail.ispserver.com username:password
# chown root:root /etc/postfix/sasl_passwd
# chmod 600 /etc/postfix/sasl_passwd
# postmap /etc/postfix/sasl_passwd
Append the following lines to /etc/postfix/main.cf
:
relayhost = mail.ispserver.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
Finally reload postfix:
# postfix reload
That should do it!
70. postfixadmin
This package relies on correct install of postfix’s virtual tables and it
needs to be configured before usage. Be sure to read upstream’s
/var/www/postfixadmin/INSTALL.TXT
in order to accomplish the setup
or upgrade. You should also take care of configuring apache to be able to
use the web-based interface.
Should you want to make use of the autoreply (vacation) feature, install
these packages as well: perl-mail-sender
, perl-email-valid
,
perl-mime-charset
, perl-log-dispatch
, perl-mime-encwords
,
perl-params-validate
and read upstream’s
/var/www/postfixadmin/VIRTUAL_VACATION/INSTALL.TXT
in order to
setup autoreply (vacation) properly. Don’t forget to enable it in
config.inc.php
as well!
71. postgrey
To use postgrey, put something along the lines of
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
in your /etc/postfix/main.cf (postfix 2.1 or newer is required.)
72. pptpd
-
Preface
I was asked to set up VPN using PPTP. A much secure way to setup it up is using IPSec, more details here. Also you could use ssh+pppd, but that’s rather problematic on platforms other than Unix.
-
Setting up the server
The big problem here is that most outdated HOWTO starts with patching your kernel and ppp. This is no longer needed!
Requiements: You need kernel>=2.6.15 or newer (Frugalware 0.4 or higher is OK). Also you need ppp>=2.4.2.
Also probably these are already installed on your system, let’s see the new package: pptpd. Install it with the usual
# pacman-g2 -S pptpd
Probably this is done if you’re reading this HOWTO :-)
Here comes my /etc/pptp.conf:
$ grep -v '^\(#\|$\)' /etc/pptpd.conf option /etc/ppp/options.pptpd logwtmp localip 10.0.0.88 remoteip 10.0.0.89-127
10.0.0.88 is the internal address of the server, 10.0.0.89-127 is the range that can be used by the pptp clients.
Then let’s see that referred /etc/ppp/options.pptpd:
$ grep -v '^\(#\|$\)' /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp debug lock nobsdcomp novj novjccomp nologfd
After everything works fine, you can remove the "debug" line from the config.
Then add at least one user:
# cat /etc/ppp/chap-secrets ## client server secret IP addresses mylogin * stupidpassword *
The rest is about to allow pptp on the firewall (I’m assuming that you use the default Frugalware configuration: INPUT is on DROP by default, but FORWARD is allowed, OUTPUT too.)
Add the following 2 lines to the filter section of /etc/sysconfig/firewall:
-A INPUT -p gre -j ACCEPT -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
If you want to allow a client to access Internet via this pptp server, add the following line to the nat section of the same file (change ethX to the correct network interface):
-A POSTROUTING -o ethX -j MASQUERADE
Then check if you have PPP support in the kernel enabled:
# lsmod | grep ppp_generic
If there is no output, enable it:
# modprobe ppp_generic # echo "ppp_generic" >> /etc/sysconfig/modules
Now we’re ready to start:
# pptpd -f -o /etc/ppp/options.pptpd
If no error messages are reported, omit the -f option so it will go background.
Later you can put this to your /etc/rc.d/rc.local. Debug messages will appear in /var/log/messages if you’re interested in them.
-
Client side
Install the necessary "pptp" package:
# pacman-g2 -S pptp
Most howto suggets the pptpconfig (http://pptpclient.sourceforge.net/) tool, it’s written in PHP and uses GTK+2. You don’t want to use graphical tools locally (and install XOrg) for administrating your machine, do you?
We can do it by hand, not too complicated.
You can name every tunnel you create, I’ll use here the "mytunnel" name.
Fire up your favorite editor and create the /etc/ppp/peers/mytunnel file with the following contents:
$ grep -v '^\(#\|$\)' /etc/ppp/peers/mytunnel name mylogin remotename PPTP file /etc/ppp/options.pptp pty "pptp IP_OF_THE_SERVER --nolaunchpppd " require-mppe
Your /etc/ppp/chap-secrets should contain the following line:
mylogin PPTP secret *
We’re ready to start the client:
# pppd pty 'pptp server --nolaunchpppd' call mytunnel debug dump logfd 2 nodetach
A lot of debug messages will be printed, check on an other console if you got a new pppx interface or not:
# ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.0.89 P-t-P:10.0.0.88 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:996 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:70 (70.0 b) TX bytes:76 (76.0 b)
If it seems to be ok, you no longer need the debug messages and pppd can go backround:
# pppd pty 'pptp server --nolaunchpppd' call mytunnel
That was all. Not so simple but anyone can do it :-)
-
Resources
-
http://czeh.hu/linuxdoc/vpn-pptp.html - VPN connection using PPTP and Linux by Istvan Czeh (Hungarian)
-
http://webb.gotdns.com:2080/kernel-mppe/pptp-command.html - pptp-command HOWTO
-
73. prosody
Don’t forget to change /etc/prosody.cfg.lua when needed For more informations about prosody’s configurtion, please take a look at : http://prosody.im/doc
If you want to add or delete JIDs you have to be in the prosody group You can do it with this command : usermod -aG prosody LOGIN_NAME
To start the daemon, type service prosody start To automaticly start the daemon at boot time, type service prosody add Please do NOT use prosodyctl start and stop
74. psx
Note: You must find a PSX bios on your own, and place it in ~/.pSX/bios.
75. pulseaudio
Because PulseAudio can be used as drop-in replacement
for ESD you can fool GNOME into loading the PulseAudio
daemon just like the traditional ESD daemon. To achieve
this use the esdcompat script shipped with PulseAudio.
Install pulseaudio-esd : pacman-g2 -S pulseaudio-esd
Create a symlink from /usr/bin/esd to /usr/bin/esdcompat
For more information on pulseaudio
, please
refer to http://www.pulseaudio.org/wiki/PerfectSetup
76. pyro
You’ll find pyro’s scripts in /usr/lib/python2.5/site-packages/Pyro/bin
77. qemu
77.1. QuickStart
If you are completely new to qemu
, you may find the big list of switches a
bit confusing. Most users want to install an operating system from a cdrom
image to a virtual harddisk. Here is what you need:
$ qemu-img create foo.img 8G
$ wget http://server.com/bar.iso
$ qemu -hda foo.img -cdrom bar.iso
77.2. Guest-agent
The guest agent service is started automatically, as long as the
qemu-guest
subpackage is installed. See
here for setup
instructions.
77.3. Tricks
It worth to read the full documentation at
/usr/share/doc/qemu-*/qemu-doc.html
, it really worth to do so.
To demonstrate how powerful qemu
is, here are a few cheap tricks:
If you want to be able to ssh to the machine, you can use port redirection. For
example using the -redir tcp:1022::22
option, qemu:22
will be available at
localhost:1022
.
Note
|
This requires root privileges. |
You can create a unix socket to control your virtual machine. For example if you are not able to ssh to the machine, you can still properly shut it down:
Use the -monitor unix:/tmp/qemu,server,nowait
option, then send the sendkey
ctrl-alt-delete
string to the socket, for example using python:
python -c "import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); \
sock.connect('/tmp/qemu'); \
sock.send('sendkey ctrl-alt-delete\n')"
Finally a trick about vnc: using for example the -vnc 0
option, it’s possible
to reach qemu’s display via vnc. This is quite handy if you run qemu on a
server (for example in screen), then you can freely attach to and detach from
it whenever you want to do so.
Really, read the full documentation! :)
78. quota-tools
To really activate quotas, you’ll need to add usrquota
to the appropriate
partitions as listed in /etc/fstab
. Here’s an example:
/dev/hda2 /home ext2 defaults,usrquota 1 1
When you want quota support for a given partition, some special files have to be created boot-time. This is not done by default. To do so, you need to
# touch /var/lib/quota/new
then, reboot to create those files.
To edit user quotas, use edquota
. See man edquota
.
79. redmine
Post Installation :
Create an empty database and accompanying user named redmine for example.
For Mysql: create database redmine character set utf8; create user redmine@localhost identified by my_password; grant all privileges on redmine.* to redmine@localhost;
For PostegreSQL: create database redmine character set utf8; create user redmine@localhost identified by my_password; grant all privileges on redmine.* to redmine@localhost;
Edit config/database.yml
Generate a session store secret: cd /var/www/html/redmine/ rake config/initializers/session_store.rb
Create the database structure, by running the following command under the application root directory: RAILS_ENV=production rake db:migrate It will create tables and an administrator account.
Insert default configuration data in database, by running the following command: RAILS_ENV=production rake redmine:load_default_data
Fix permissions mkdir tmp public/plugin_assets chown -R redmine:redmine files log tmp public/plugin_assets chmod -R 755 files log tmp public/plugin_assets
Test the installation by running WEBrick web server: ruby script/server webrick -e production see the result : http://localhost:3000/
-
login: admin
-
password: admin
SMTP Configuration : Copy config/email.yml.example to config/email.yml and edit this file to adjust your SMTP settings.
80. rss2email
80.1. Configure:
Create a new feed database:
$ r2e new you@yourdomain.com
Subscribe to some feeds:
$ r2e add http://www.aaronsw.com/2002/rss2email/updates.rss
(That’s the feed to be notified when there’s a new version of rss2email.) Repeat this for each feed you want to subscribe to.
When you run rss2email, it emails you about every story it hasn’t seen before. But the first time you run it, that will be every story. To avoid this, you can ask rss2email not to send you any stories the first time you run it:
$ r2e run --no-send
Then later, you can ask it to email you new stories:
$ r2e run
You probably want to set this up as a cron job or something.
80.2. Customize:
There are a few options, described at the top of rss2email.py. If you want to change something, add it to config.py. For example, to be notified every time a post changes, instead of just once per post:
$ echo "TRUST_GUID = 0" >>~/.rss2email/config.py
And you can ask rss2email to make the emails look as if they were sent when the item was actually posted:
$ echo "DATE_HEADER = 1" >>~/.rss2email/config.py
81. sawfish
I have included a simple script called sawfish-session which sources $HOME/.sawfish/startup, if it exists. It is setup so you can easily run your own commands before sawfish is launched. You can find an example file at /usr/share/sawfish/startup. Also, there is a sawfish-aplay script as well, which is a wrapper to aplay with the -q argument so your logs aren’t spammed by a bunch of useless messages if you choose to use sound events. To use sound events in sawfish, run sawfish-ui and goto the Sound tab, and enable sounds. Then, close the program, run it again, and there should a greyed out box at the bottom for entering a command to for playing sounds. I have disabled ESD support in favor of this. Check the box to enable it, and enter either sawfish-aplay or another program of your choice. However, keep in mind this box cannot accept arguments, it can only accept the path to an executable of some sort, which is the whole reason I included an aplay wrapper. Also, be sure to visit http://sawfish.wikia.com if you want to find stuff to supplement sawfish, like scripts, themes, etc. And, finally, you will an example piece of lisp code you can put in your $HOME/.sawfishrc and edit to your heart’s content to get the right root menu for you. This is also where you put lisp code that you want to become active every time you restart sawfish. Use sawfish-client if you want to test it, and remember to put it in your rc file if you wish to retain it. Happy hacking!
(setq root-menu '( ("Editors" ("Abiword" (system "abiword &")) ("Leafpad" (system "leafpad &")) ) ("Terminals" ("Sakura" (system "sakura &")) ("xterm" (system "xterm &")) ) ("Multimedia" ("Audacious" (system "audacious &")) ("VLC" (system "vlc &")) ) ("Network" ("Firefox" (system "firefox &")) ("Pidgin" (system "pidgin &")) ) ("Restart" restart) ("Quit" quit) ))
82. screen
82.1. Keeping your screen running across reboots
You may want to restart your screen session automatically after a reboot. This is the case, for example, when we seed the Frugalware ISOs using a torrent client. Here is what you need:
-
Set up your
~/.screenrc
so that it’ll start your application when screen starts up:
screen -t seed 0 /bin/sh -c 'cd $HOME/frugalware-torrents; rtorrent'
-
Run
crontab -e
and append the following line to your crontab:
@reboot screen -d -m
You’re ready!
83. smartcam
Once the installation is complete, make sure you load the kernel modules:
# modprobe videodev # modprobe smartcam
84. squirrelmail
Please start the configure script in the /var/www/squirrelmail directory!
85. squirrelmail-check_quota
You have to install this plugin with squirrelmail’s own ./configure
tool.
86. squirrelmail-login_notes
You have to install this plugin with squirrelmail’s own ./configure
tool.
87. stunnel
You need some additional configuration before stunnel will be functional:
Adjust the configuration file:
# cp /etc/stunnel/stunnel.conf-sample /etc/stunnel/stunnel.conf
# vi /etc/stunnel/stunnel.conf
Note
|
If something goes wrong, try setting sslVersion to all . |
Generate your certificate:
# openssl req -new -x509 -days 365 -nodes -config /etc/stunnel/stunnel.cnf -out \
/etc/stunnel/mail.pem -keyout /etc/stunnel/mail.pem
Hide the certificate from users:
# chmod 600 /etc/stunnel/mail.pem
Now you can enable and start the service:
# systemctl enable stunnel.service
# systemctl start stunnel.service
88. sugarcrm
In order to use the sugarcrm, you have to symlink it to somewhere. For example, if you want to use it under http://localhost/sugarcrm, then use:
# ln -s /var/www/SugarSuite /var/www/html/sugarcrm
After installing this package, please run in a browser http://localhost/sugarcrm/install.php to setup SugarSuite (sugarcrm).
89. syslinux
All the configurable defaults in SYSLINUX can be changed by putting a file called syslinux.cfg.
SYSLINUX searches for the SYSLINUX.CFG file in the following order:
/boot/syslinux/syslinux.cfg /syslinux/syslinux.cfg /syslinux.cfg
Here is a simple example syslinux.cfg file, with one entry to boot a Linux kernel:
DEFAULT linux LABEL linux SAY Now booting the kernel from SYSLINUX… KERNEL vmlinuz.img APPEND ro root=/dev/sda1
see http://syslinux.zytor.com/wiki/index.php/SYSLINUX for the complete documentation.
90. trac
After installing trac you need a few steps to set it up. First of all do not forget to install postgresql/mysql/sqlite according to which database backend you want to use.
To create a new trac project, just use the command:
$ trac-admin /path/to/myproject initenv
You can check the result with:
tracd --port 8000 /path/to/myproject
Then, fire up a browser and visit http://localhost:8000
For further documentation on trac, how to set up with different HTTP daemons see TracGuide
91. tremfusion
Follow this as user:
1) Copy the Tremulous pk3s (data-1.1.0.pk3, vms-1.1.0.pk3, map-atcs-1.1.0.pk3, etc) from their installation directory to /home/<user>/.tremulous/base/"
(Use slocate data-1.1.0.pk3 to find it)
$ cp /usr/share/tremulous/base/*.pk3 ~/.tremulous/base/
2) Copy z-tremfusion-menu-0.99r3.pk3 to /home/<user>/.tremulous/tremfusion/
(Create the directory if it doesn’t exist)
$ mkdir ~/.tremulous/tremfusion
$ cp /usr/share/tremulous/tremfusion/*tremfusion*.pk3 ~/.tremulous/tremfusion/
3) Copy gamex86.so to /home/<user>/.tremulous/base/
$ cp /usr/share/tremulous/base/gamex86.so ~/.tremulous/base/gamex86.so
92. uget
If you want to use aria2-plugin, first install aria2 package: pacman-g2 -S aria2 == util-linux
92.1. Using tmpfs
for /tmp
Frugalware does not use tmpfs
for /tmp
by default. However on servers this
can cause problems: if you do not reboot for months, then cleaning /tmp
can
take some time. Using tmpfs
can solve your problem: it’s a ramdisk so its
content not preserved during a reboot. All you need is to add the following
line to your /etc/fstab
:
tmpfs /tmp tmpfs defaults 0 0
Note
|
You need util-linux >= 2.12-31 for this, otherwise X may not start. |
93. vavoom
93.1. Before you play
To be able to play, you must have the IWAD files of the original games and copy it in ~/.vavoom or in /usr/share/vavoom. You can find this IWAD file on the original game CD or in the net. You can use shareware game’s IWAD, too.
94. vim
If you want to enable spell check support, you need to:
-
install the spell files for your language:
# pacman-g2 -S vim-spell-xx
where xx
is code of the requested language.
-
enable the spell check support for your language (type in
vim
):
:setlocal spell spelllang=xx_yy
Some languages need correctly set encoding. If you get a message like:
Warning: Cannot find word list "hu.latin1.spl" or "hu.ascii.spl"
then you need to set your encoding as well:
:set encoding=latin2
The incorrect words are coloured red by default. You can reach a list of
suggested words by pressing z=
when the cursor is at the given word.
If you want to disable the spell check support, type:
:setlocal nospell
It may be handy to have map function keys in ~/.vimrc
to enable / disable the
spell check support:
set encoding=latin2
map <F5> <Esc>:setlocal spell spelllang=en_gb<CR>
map <F6> <Esc>:setlocal spell spelllang=hu<CR>
map <F7> <Esc>:setlocal nospell<CR>
Note
|
The language code is sometimes in an xx and sometimes is in an xx_yy
form. This is something you need to figure out for your language. |
See the upstream documentation for more info about spell check support:
:help spell
95. wifi-radar
Don’t forget to change the wifi interface name in /etc/wifi-radar.conf!
96. x11vnc
Running x11vnc
without a password is not recommended. To create one, type:
vncpasswd ~/.vnc/passwd
Then you can start the VNC server using
x11vnc -display :0 -rfbauth ~/.vnc/passwd -forever
if are logged in on :0
.
97. xcache
97.1. Installing As PHP Extension?
-
Check /etc/php.ini
# cat /usr/share/doc/xcache-$pkgver/xcache.ini >> /etc/php.ini
-
Modify php.ini for your needs:
# $EDITOR /etc/php.ini
-
Restart php
Warning
|
Use >> with cat, not simply > |
Please take a look on xcache wiki.