$ acoc <command>
The following sections describe the configuration of some packages.
In order to use acoc you should start it with
$ acoc <command>
for example, or you can create an alias like this:
alias pacman='acoc pacman'
From amavisd-new-2.5.2-1 we no longer use a random uid/gid, but dedicated ones. Because of this amavis service will not start if you have it installed before, so you have to correct this by issuing these commands:
groupmod -g 40 amavis usermod -u 40 -g 40 amavis chown -R amavis:amavis /var/lib/amavis chown -R amavis:amavis /var/lock/amavis
You should chown any other amavis-owned stuff you may have lying around, these are only the default ones.
These steps require root privileges, so use su - to get a root shell.
The Apache server isn't started by default. You can change this with the
# service httpd add
command.
We don't want to reboot, so start it manually:
# service httpd start Starting Apache web server (no SSL) [ OK ]
You have finished if you don't need SSL support.
Creating the certifications:
# cd /etc/httpd/conf/
# sh mkcert.sh
Signature Algorithm ((R)SA or (D)SA) [R]:
Here we can accept the default RSA signature algorithm first. Then
we have to fill out some fields. There are quite a few fields but
you can leave most of them blank. If you enter '.', the field will
be left blank.
1) Country Name (2 letter code) [XY]:
Give the 2-letter code of our contry (for example US)
2) State or Province Name (full name) [Snake Desert]:
We type our state.
3) Locality Name (eg, city) [Snake Town]:
The name of our city.
4) Organization Name (eg, company) [Snake Oil, Ltd]:
Our organization's name.
5) Organizational Unit Name (eg, section) [Webserver Team]:
Our section's name.
6) Common Name (eg, FQDN) [www.snakeoil.com]:
Important: Give a real address here, otherwise you'll get
warnings in your browser!
7) Email Address (eg, `name@FQDN') [`www@snakeoil.com']:
I usually give the email address of the webmaster here.
(webmaster@domain.com)
8) Certificate Validity (days) [365]:
In most cases, one year will be good.
Then, we should choose the version of our certificate:
Certificate Version (1 or 3) [3]:
The default 3 will be good, so just hit enter. In the next
step we can encrypt our private key:
Encrypt the private key now? [Y/n]:
The keys will not be readable by users, so we can leave this
step out.
So the following files are created:
/etc/httpd/conf/ssl.key/server.key (keep this file private!) /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.csr/server.csr
Enable SSL in /etc/httpd/conf/httpd.conf: Open the file with your favorite editor, and search the followings at about line 1040:
# Uncomment this if you want SSL support! #<IfModule mod_ssl.c> # Include /etc/httpd/conf/ssl.conf #</IfModule>
Uncomment them.
Now we should restart Apache:
# service httpd restart
Then we can check if the task was successful:
$ elinks https://localhost/
This should show the default homapage, received via SSL :)
This must be done as root.
# openssl genrsa -des3 -out server.key 1024
Enter "foobar" twice as passphrase.
# openssl req -new -key server.key -out server.csr
Enter "foobar" when asked for passphrase, answer the questions. Leave "challenge password" "and optional company name" empty.
# cp server.key server.key.org # openssl rsa -in server.key.org -out server.key
Enter "foobar" when asked for passphrase.
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # cp server.crt /etc/httpd/conf/ssl.crt/ # cp server.key /etc/httpd/conf/ssl.key/ # service httpd stop # vi /etc/httpd/conf/httpd.conf
Uncomment the marked three lines around line 1044 (look for "SSL support").
# service httpd restart
Don't forget to open port 443 on your firewall, if any. (Based on How to create a self-signed SSL Certificate…, tested on frugalware-current 2007-02-14.)
|
Warning
|
If you have rlocate installed on your system, Avahi will not run and therefore Zeroconf functionality in programs will be disabled. If you want this functionality, then please uninstall rlocate. |
Also, If you are using iptables, please uncomment this line in /etc/sysconfig/firewall:
#-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
After that do not forget to restart iptables with:
# service firewall restart
After installing this package, please run
# /usr/bin/b2evosetup
to setup B2evolution.
Since version 2.6.24, the bcm43xx driver is deprecated, replaced by the b43 and b43legacy modules.
The module should be loaded automatically, in case it isn't, you can load it manually:
# modprobe b43
or:
# modprobe b43legacy
You must bring the device up with ifconfig before doing any other configuration steps.
# ifconfig ethX up
Since the channel must be set manually, first do a scan:
# iwlist ethX scan
Then you can set it:
# iwconfig ethX channel Y
Finally set your essid:
# iwconfig ethX essid "myessid"
Ready!
Cairo-Clock requires the Composite option to be enabled in your Xorg configuration. To enable it, add the following lines to /etc/X11/xorg.conf:
Section "Extensions" Option "Composite" "Enable" EndSection
After you installed ccache, it won't be enabled by default. There are 3 options to enable it:
Use makepkg. It uses ccache if the package is installed unless you use the -B option.
Most package's ./configure script supports specifying a custom compiler:
$ CC=/usr/bin/ccache ./configure
should enable ccache for you.
Modify the PATH, this way ccache will be enabled for you till you leave the shell:
export PATH=/usr/lib/ccache/bin:$PATH
After installing cpuspeed, make sure you edit the configuration file before starting it. The configuration file is located in /etc/cpuspeed.conf.
Set the correct CPUFreq driver name in the confiuration file by setting the DRIVER value. for eg: if you want to use the p4-clockmod driver, your cpuspeed configuration file should contain:
DRIVER="p4-clockmod"
For a list of drivers, check this directory /lib/modules/your_kernel_version/kernel/arch/i386/kernel/cpu/cpufreq
Follow these steps to when using cryptsetup-luks:
# cryptsetup luksFormat /dev/partition # cryptsetup luksOpen /dev/partition label # mke2fs -j /dev/mapper/label # mount /dev/mapper/label /mnt/label
Of course later you don't have to use luksFormat and mke2fs:
# cryptsetup luksOpen /dev/partition label # mount /dev/mapper/label /mnt/label
# umount /mnt/label # cryptsetup luksClose label
|
Note
|
You have need to install the sharutils package to do the followings! |
List these modules in /etc/sysconfig/modules:
aes aes-i586 sha256 dm-crypt
Move all data from /home to a secure place (in this example /media/sda1/home)
# cp -arvx /home /media/sda1/
Umount /home (in this example /dev/hda6) and fill it with random numbers:
# umount /home # dd if=/dev/urandom of=/dev/hda6
Create the encrypted partition:
# cryptsetup -y luksFormat /dev/hda6
Here we will be asked for a password which will be necessary to access /home at boot time.
Open the encrypted partition and create its file system (ext3 in this example):
# cryptsetup luksOpen /dev/hda6 home # mkfs.ext3 /dev/mapper/home
Mount the home partition and copy the contents of original home:
# mount /dev/mapper/home /home # cp -arvx /media/sda1/home /home
Edit the home related line in /etc/fstab:
/dev/mapper/home /home ext3 noatime 0 0
Create /etc/rc.d/rc.crypt script with the following content:
#!/bin/sh /usr/sbin/cryptsetup luksOpen /dev/hda6 home /bin/mount /dev/mapper/home /home
Enable it:
# ln -s /etc/rc.d/rc.crypt /etc/rc.d/rcS.d/S15rc.crypt
You have to delay the splash screen, so that you can type your password before the splash appears:
# mv /etc/rc.d/rcS.d/S03rc.splash /etc/rc.d/rcS.d/S15rc.splash
(It will ask the password between the lvm and the splash service.)
Now the system can be restarted and the password will be asked to access home partition boot-time.
|
Note
|
The English keyboard map will be used at that point of the boot process. |
This mini-howto helps you to install the saslauthd server using postfix which will authenticate using users and passwords from /etc/{passwd,shadow}.
First install the necessary packages:
# pacman-g2 -S postfix saslauthd
Enable sasl in postfix's config by appending the following lines to /etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous
You may want to append
broken_sasl_auth_clients = yes
as well.
Put the following lines to /usr/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
Edit /etc/sysconfig/saslauthd by changing the following lines:
SASL_DIE=1
to
SASL_DIE=0
and
auth_mechanism=""
to
auth_mechanism="shadow"
Now you can start saslauthd by
service saslauthd start
as well as enabled in by default on startup:
service saslauthd add
Issue id postfix and see if the daemon group is listed. If not, then add postfix to the daemon group:
usermod -G daemon postfix
Finally restart postfix:
service postfix restart
Compeleted!
We test it using telnet. We need perl to generate the string for the SASL authentication:
$ perl -MMIME::Base64 -e 'print encode_base64("vmiklos\0vmiklos\0secret");'
dm1pa2xvcwB2bWlrbG9zAHNlY3JldA==
Then use telnet:
$ telnet host.com 25 Trying ip... Connected to host.com. Escape character is '^]'. 220 host.com ESMTP Postfix ehlo my.dhcp 250-host.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN dm1pa2xvcwB2bWlrbG9zAHNlY3JldA== 235 2.0.0 Authentication successful quit 221 2.0.0 Bye Connection closed by foreign host.
In most cases you have a socks server (you can create one easily using ssh, see the documentation of the openssh package), and you want to route all traffic through it. Here is the config you need:
route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 8080
proxyprotocol: socks_v4
}
Try for example:
$ socksify irssi
When you connect to a server, others will see that you're connecting from the server, not from your own host.
First, please note that darcs comes with a very good HTML documentation, which is available under the /usr/share/doc/darcs-1.0.9/manual dir. That's the place where everything is properly documented, not the manpage. Using darcs [subcommand] -h is usable only as a reference, too.
If you're completely new to darcs, then start at /usr/share/doc/darcs-1.0.9/manual/node4.html.
Please also note that in order for the darcs send command to work properly, you must properly configure your mail transport agent to relay outgoing mail. For example, if you are using postfix, you need to edit /etc/postfix/main.cf, see the Using a relay host part of the postfix package documentation for more info.
If you got errors saying:
dazuko: failed to register
then you need to do:
# rmmod capability # modprobe dazuko # modprobe capability
It will work.
Please configure /etc/ddclient/ddclient.conf before running ddclient!
Samples for common configurations can be found in: /usr/share/doc/ddclient-$package_version/sample*
Additional details and instructions can be found in: /usr/share/doc/ddclient-$package_version/README
Once you have finished configuring the ddclient.conf file, you can start ddclient as a daemon by running as root, the following command:
# service ddclient start
If you are in trouble setting up your dhclient, use the following options. These are quite good defaults:
request subnet-mask, broadcast-address, time-offset, \
routers, domain-name, domain-name-servers, \
host-name, netbios-name-servers, netbios-scope;
timeout 20;
script "/sbin/dhclient-script";
Dillo is moving to FLTK2. As of 2006-04-29 it is unstable (both unreleased and has some random erratic bugs, but upstream is working on it), and some KDE stuff has fltk dep, so not a good idea to mess with.
Dillo is now "crippled" by removing the new FLTK based download GUI, as it is only this needs FLTK2, but for the next release more FLTK2 expected.
After installing this package, please run /usr/bin/drupalsetup as root to setup Drupal
To populate the DSPAM database, you need to follow several steps.
First create a database. Login to the mysql command prompt.
$ mysql -u root -p mysql> CREATE database dspam;
Next, you need to create a dspam user. At the same MySQL prompt:
mysql> GRANT ALL PRIVILEGES ON dspam.* TO dspam@'localhost' IDENTIFIED BY 'passwd';
Replacing passwd with your chosen password.
Optimizing the datebase:
If you want a space optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-space.sql
If you want a speed optimized db do:
$ mysql -u dspam dspam -p < /var/lib/dspam/mysql/mysql_objects-speed.sql
Enter the password you set in the previous step, and the database should be populated.
Remember to edit /etc/dspam/dspam.conf accordenly
If you want to use the postgresql, sqlite3 or Berekely DB4 backends you can find instructions in the dspam documentation.
In order to use eAccelerator, you must add the following lines to your /etc/php.ini file:
extension="extensions/no-debug-non-zts-20060613/eaccelerator.so" eaccelerator.shm_size="16" eaccelerator.cache_dir="/tmp/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_max="0" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" eaccelerator.compress="1" eaccelerator.compress_level="9"
Do not forget to create the cache directory as well:
mkdir /tmp/eaccelerator chmod 0777 /tmp/eaccelerator
eaccelerator.shm_size
The amount of shared memory (in megabytes) that eAccelerator will use.
"0" means OS default. Default value is "0".
eaccelerator.cache_dir
The directory that is used for disk cache. eAccelerator stores precompiled
code, session data, content and user entries here. The same data can be
stored in shared memory also (for more quick access). Default value is
"/tmp/eaccelerator".
eaccelerator.enable
Enables or disables eAccelerator. Should be "1" for enabling or "0" for
disabling. Default value is "1".
eaccelerator.optimizer
Enables or disables internal peephole optimizer which may speed up code
execution. Should be "1" for enabling or "0" for disabling. Default value
is "1".
eaccelerator.debug
Enables or disables debug logging. Should be "1" for enabling or "0" for
disabling. Default value is "0".
eaccelerator.check_mtime
Enables or disables PHP file modification checking . Should be "1" for
enabling or "0" for disabling. You should set it to "1" if you want to
recompile PHP files after modification. Default value is "1".
eaccelerator.filter
Determine which PHP files must be cached. You may specify the number of
patterns (for example "*.php *.phtml") which specifies to cache or not to
cache. If pattern starts with the character "!", it means to ignore files
which are matched by the following pattern. Default value is "" that means
all PHP scripts will be cached.
eaccelerator.shm_max
Disables putting large values into shared memory by " eaccelerator_put() "
function. It indicates the largest allowed size in bytes (10240, 10K, 1M).
The "0" disables the limit. Default value is "0".
eaccelerator.shm_ttl
When eaccelerator fails to get shared memory for new script it removes all
scripts which were not accessed at last "shm_ttl" seconds from shared
memory. Default value is "0" that means - don't remove any files from
shared memory.
eaccelerator.shm_prune_period
When eaccelerator fails to get shared memory for new script it tryes to
remove old script if the previous try was made more then
"shm_prune_period" seconds ago. Default value is "0" that means - don't
try to remove any files from shared memory.
eaccelerator.shm_only
Enables or disables caching of compiled scripts on disk. It has no effect
on session data and content caching. Default value is "0" that means - use
disk and shared memory for caching.
eaccelerator.compress
Enables or disables cached content compression. Default value is "1" that
means enable compression.
eaccelerator.compress_level
Compression level used for content caching. Default value is "9" which is
the maximum value
eaccelerator.keys
eaccelerator.sessions
eaccelerator.content
Determine where keys, session data and content will be cached. The possible
values are:
"shm_and_disk" - cache data in shared memory and on disk (default value)
"shm" - cache data in shared memory or on disk if shared memory
is full or data size greater then "eaccelerator.shm_max"
"shm_only" - cache data in shared memory
"disk_only" - cache data on disk
"none" - don't cache data
eAccelerator API:
eaccelerator_put($key, $value, $ttl=0)
puts the $value into shard memory for $ttl seconds.
eaccelerator_get($key)
returns the value from shared memory which was stored by eaccelerator_put()
or null if it is not exists or was expired.
eaccelerator_rm($key)
removres the $key from shared memory
eaccelerator_gc()
removes all expired keys from shared memory
eaccelerator_lock($lock)
creates a lock with specified name. The lock can be released by function
eaccelerator_unlock() or automatic on the end of request.
For Example:
<?php
eaccelerator_lock("count");
eaccelerator_put("count",eaccelerator_get("count")+1));
?>
eaccelerator_unlock($lock)
release lock with specified name
eaccelerator_set_session_handlers()
install the eaccelerator session handlers.
Since PHP 4.2.0 you can install eaccelerator session handlers
in "php.ini" by "session.save_handler=eaccelerator".
eaccelerator_cache_output($key, $eval_code, $ttl=0)
caches the output of $eval_code in shared memory for $ttl seconds.
Output can be removed from cache by calling mmcach_rm() with the same $key.
For Example:
<?php eaccelerator_cache_output('test', 'echo time(); phpinfo();', 30); ?>
eaccelerator_cache_result($key, $eval_code, $ttl=0)
caches the result of $eval_code in shared memory for $ttl seconds.
Result can be removed from cache by calling mmcach_rm() with the same $key.
For Example:
<?php eaccelerator_cache_output('test', 'time()." Hello";', 30); ?>
eaccelerator_cache_page($key, $ttl=0)
caches the full page for $ttl seconds.
For Example:
<?php
eaccelerator_cache_page($_SERVER['PHP_SELF'].'?GET='.serialize($_GET),30);
echo time();
phpinfo();
?>
eaccelerator_rm_page($key)
removes the page which was cached by eaccelerator_cache_page() with the same
$key from cache
eaccelerator_encode($filename)
returns the encoded bytecode of compiled file $filename
eaccelerator_load($code)
loads script which was encoded by eaccelerator_encode()
Generate Key Pair:
# cd /etc/jabberd # openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
|
Note
|
You should enter your domain name as the Common Name for your certificate. |
Remove pass parse:
# openssl rsa -in privkey.pem -out privkey.pem
Combine the Private and Public Key:
# cat privkey.pem >> server.pem
Delete Private Key:
# rm privkey.pem
Set permissions:
# chown root:ejabberd server.pem # chmod 640 server.pem
Finally update the config file:
Change the ./ssl.pem string to /etc/ejabberd/server.pam.
Change starttls to tls in the listen section if you want to force users to use SSL.
Register an account on your ejabberd deployment. An account can be created using a jabber client like pidgin.
Add the following lines to you config:
{acl, admins, {user, "admin", "example.org"}}.
{access, configure, [{allow, admins}]}.
This will promote the account created in the previous step to an account with administrator rights.
Add the following line to your /etc/sysconfig/firewall, for example after mysql:
# ejabberd -A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
Now you should be able to connect to ejabberd remotely. Start your favourite jabber client on a remote machine (ie. pidgin) and register another account. You should be able to talk to the admin now and vica versa.
For more info, please read the Installation and Operation Guide, which can be found at /usr/share/doc/ejabberd-*/guide.html.
If you got disconnected from servers and getting some #20004 errors, then run as pbweb AS ROOT!!!
Then try again :)
Regards
If your keyboard doesn't work that can be because wrong virtual terminal number set in entrance config. Use the following command to set the proper value:
# ecore_config -c /etc/entrance_config.cfg -k /entranced/xserver -s "/usr/X11R6/bin/X -quiet -nolisten tcp vt7"
In this example you want to run entrance on vt7.
To test festival, try:
$ echo "Frugalware can speak" | festival --tts
Start KTTSD (if not already running): kttsd
Send "Frugalware can speak" to KTTSD for speaking in English:
$ dcop kttsd KSpeech setText "Frugalware can speak" "en"
Speak the text:
$ dcop kttsd KSpeech startText 0
If hardware acceleration does not work make sure you have something similar in /etc/fstab:
tmpfs /dev/shm tmpfs defaults 0 0
If xv output doesn't work in mplayer add the following line to /etx/X11/xorg.conf's Device section:
Option "VideoOverlay" "on"
On the following page you can find some useful solutions for different fglrx problems: Thinkwiki fglrx.
This version comes with a system init script now. You have to run the firestarter executable from the command line (in an X driven console) first to generate the initial start-up scripts.
To add it to startup, run this:
# chkconfig --del rc.firewall # chkconfig --add rc.firestarter
To remove it from startup:
# chkconfig --del rc.firestarter # chkconfig --add rc.firewall
Once you have the .flv file you want to share, you need FlowPlayer.swf from /usr/share/flowplayer and the following code sniplet:
<object type="application/x-shockwave-flash" data="FlowPlayer.swf"
width="320" height="262">
<param name="movie" value="FlowPlayer.swf" />
<param name="flashvars" value="config={videoFile: 'foo.flv', loop: false}" />
</object>
This driver is under constant change, therefore no "stable" branch exists. Also, communications with the author led nowhere, that might explain some weirdness of building it, getting the latest stable version number etc. Mail
Installation
On the server:
# pacman-g2 -S freenx
On the client:
# pacman-g2 -S knx
Configuration
On the server setup a fake password for the nx user:
# passwd nx
Now allow the client to connect to the server by copying the file /usr/NX/home/nx/id_dsa from the server to /usr/share/knx/client.id_dsa.key on the client. Also make sure about it's readable by users:
# chmod 644 /usr/share/knx/client.id_dsa.key
Also don't forget to allow incoming ssh connections (by default port 22) in /etc/sysconfig/firwall, then load the config with the
# service firewall restart
command.
Users
By default shell accounts are not allowed to connect to th nx server, you can allow a user to do so by
# nxserver --adduser <username>
then set a separate (for nx) password for the user:
# nxserver --passwd <username>
The client
Now start knx, the usage of that application is self-explaining.
After installing this package, please run /usr/bin/fudforumsetup as root to setup FUDforum
Fuse is a virtual filesystem "helper" which makes possible to mount unusual things as a filesystem. It is achieved by using a simple program, which runs in user space, to provide data that can be represented by the fuse kernel module as a filesystem. The interpreter program is a less complex one than a kernel-space module, which is much harder to write. In Frugalware, regular users of a given box can mount filesystems by fuse. First as root, let's install the tools needed:
# pacman-g2 -S fuse
Then you have to add the fuse service to the startup list and start it manually for now:
# service fuse add # service fuse start
Now, having the base of fuse, we need to install the programs for each specific filesystem type. To get a hint on what is available, you can issue the following command:
$ pacman-g2 -Ss fuse
The two most used (ftp, ssh) plugins can be installed by running the following command. Beware, the ftp fs is a perl module, and it seems a bit memory hungry / buggy / slow so therefore it might be replaced by CurlFtpFS in the future.
# pacman-g2 -S fuseftp sshfs-fuse
Then, you can mount a remote dir with sftp access as a regular user doing:
$ /sbin/mount.fuse sshfs#YOURUSERNAME@SERVER:/REMOTEDIR /LOCALDIR -o rw,OTHEROPTIONS
You can also unmount it as a regular user doing:
$ fusermount -u /LOCALDIR
You need to create your ~/.gammurc:
[gammu] port = /dev/ttyUSB0 connection = fbus
Replace /dev/ttyUSB0 with your serial port device and fbus with the appropriate protocol name if you are not a Nokia user. Check if you have write access to the device, you need to be a member of the uucp group.
Once you think you're done, check your setup:
$ gnokii --identify
It should print your IMEI number so that you'll be able to check if gammu really found your phone or there is a problem.
You probably use gammu to make a backup of your phone.
This involves two steps:
Backing up your SMSes
$ gammu --backupsms backupsms.txt
The rest of your phone.
$ gammu --backup backup.txt
You may find an alternative format more human-readable for SMSes:
$ gammu --geteachsms > eachsms.txt
See the manual page for more tricks!
I have heard I should never remove the gcc package. Is this still true?
“No, since we split the gcc package, the standard C++ library is a separate package, you have to install gcc only in case you really need a C compiler.”
gcjwebplugin is a Firefox plugin for running Java applets. It is now included in the libgcj sub-package, though it is not enabled by default.
GNU Classpath and libgcj's security implementation is under active development, but it is not ready to be declared secure. Specifically, it cannot run untrusted applets safely.
When gcjwebplugin is enabled, it prompts you with a dialog before loading an applet. The dialog tells you that a certain URL would like to load an applet, and asks if you trust the applet. Be aware though that this dialog is mostly informative and doesn't provide much protection:
http and DNS can be spoofed meaning that the URL named in the warning dialog cannot be trusted
someone could create a browser denial-of-service attack by creating a page with hundreds of applet tags, causing gcjwebplugin to create warning dialog after warning dialog. The browser would have to be closed to eliminate the latest dialog
the whitelist is provided as a convenience, but it is unsafe because a domain may change hands from a trusted owner to an untrusted owner. If that domain is in the whitelist then the warning dialog will not appear when loading the new malicious applet.
CURRENTLY GCJWEBPLUGIN RUNS WITH NO SECURITY MANAGER. THIS MEANS THAT APPLETS CAN DO ANYTHING A JAVA APPLICATION THAT YOU DOWNLOAD AND RUN COULD DO. BE VERY CAREFUL WHICH APPLETS YOU RUN. DO NOT USE GCJWEBPLUGIN ON YOUR SYSTEM IF YOUR SYSTEM STORES IMPORTANT DATA. THIS DATA CAN BE DESTROYED OR STOLEN.
The same warning applies to gappletviewer, which also runs with no security manager (in fact, gcjwebplugin spawns gappletviewer to do the applet loading). When run on the command line, gappletviewer issues a warning on startup and asks you if you want to continue.
Even considering the risks involved, you may still want to try gcjwebplugin. GNU Classpath's AWT and Swing implementations are now sufficiently mature that they're able to run many applets deployed on the web. If you're interested in trying gcjwebplugin, you can do so by creating a symbolic link in ~/.mozilla/plugins like so:
ln -s /usr/lib/gcj-*/libgcjwebplugin.so ~/.mozilla/plugins/
Type about:plugins in Firefox's URL bar to confirm that the plugin has been loaded. To see gcjwebplugin debugging output, run:
$ firefox -g
then at the GDB prompt, type
(gdb) run
If you want to set up a web interface for your git repositories, then:
install the gitweb package
edit /etc/gitweb.conf so that $projectroot will point to the repository directory
restart apache so that the gitweb configuration will be included.
The Mini Commander applet has been replaced by Deskbar. If you want the functionality provided by the Mini Commander applet, please install the deskbar-applet package with pacman
The most common usage of this applications is something like this:
$ help2man -n "<oneliner description>" -S Frugalware -N ./<binary> |sed 's/\\(co/(c)/' ><binary>.1
This app does not have any webserver, SQL server nor IMAP server in its depends, which is intentional. Anyway, if you plan to use it, you should set up a webserver and an IMAP server. The SQL server is optional, but it's the most easiest-to-use preferences container.
Additionally this app is not configured in any way: there are far too many customizable settings, so the packager cannot know how to set them for your particular needs. Installation instructions can be found in the INSTALL file.
Don't forget to open port 8080 on your firewall!
To do this, add the following two lines to your /etc/sysconfig/firewall:
# httpircproxy -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
for example after MySQL's entry.
After installing this package, please run /usr/bin/joomlasetup as root to setup Joomla
If you want to rip a video DVD, install the transcode package as well.
Get the latest xen0 package.
# pacman-g2 -Syu && pacman-g2 -S kernel-xen0
Add the following lines to the bottom of /boot/grub/menu.lst
title Frugalware 0.5 (Siwenna) - With Xen
kernel (hd0,13)/boot/xen.gz noreboot dom0_mem=768M
module (hd0,13)/boot/vmlinuz-2.6.16-xen0-fw4 ro root=/dev/hda14
Replace (hd0,13) with the grub reference to your Frugalware partition, and /dev/hda14 with the Linux device name for your partition (use the existing grub entry for frugalware as a reference). 768M should also be replaced with a value of around half of your total system memory.
Reboot and select the Xen option at the Grub menu.
Hopefully nothing bad will happen. If it does, write down the last few messages that you see, and file a bugreport at http://bugs.frugalware.org
If all works OK after the first few boots, you should be able to safely remove noreboot from the kernel command line. If you run into problems later and Xen reboots before you can see the error, just readd noreboot
|
Note
|
on i686, you need the glibc-xen package instead of the normal glibc! |
|
Warning
|
kexec works just like reboot, so please save your data before using it! |
Loading the new kernel:
# kexec -l /boot/vmlinuz-2.6.18-fw1 --append="ro root=/dev/hda3 quiet vga=792 resume=/dev/hda2"
Booting it:
# kexec -e
If you want to test this package, you can use for example the server of VoipBuster.
First, you should register a user name and password with their native (Windows-only) client. After that give iax.voipbuster.com as the server and your just registered username and password.
Now you should able to dial (currently the first minute is for free).
To use knb, you need a config file like this:
nick idlenick realname Knb nicks keepnick server irc.server.com 6667 channel #channel
where idlenick is used till keepnick is used by someone else. The bot will join to #channel on irc.server.com.
You need to register that you're the owner for the first time. To do this, join #channel and
!new nick!ident@host
to give access someone to the bot.
Once keepnick is no longer used and knb switched to that nick, you can use
!n -yes idlenick
to change knb's nick back to idlenick, so that you can change your nick back to keepnick.
See the scripts directory on how to re-start your knb from cron automatically.
If you want to use kqemu, you need to mount tmpfs on /dev/shm. This is not problematic, qemu prints a usable error message if you miss that. The problem is that you have to do this again and again after each reboot. If you hate this, then just add the following line to your /etc/fstab:
tmpfs /dev/shm tmpfs defaults,size=144m 0 0
Howto setup KVpnc for use without root password - sudo
Install sudo
Edit /etc/sudoers: add an command alias
# Cmnd alias specification Cmnd_Alias KVPNC = /usr/bin/kvpnc # User privilege specification ALL ALL=NOPASSWD:KVPNC
|
Warning
|
Do it gently! (As always, when you edit /etc/sudoers.) |
Change your LastFM username and password in /etc/lastfmsubmitd.conf and the MPD server settings in /etc/lastmp.conf before starting the LastFM submit daemon.
After configuring lastfmsubmitd, you should run the following commands to start the daemons:
# service lastfmsubmitd start # service lastmp start
After installing lineakd, make sure you create a configuration file before starting it. An example configuration file is located in /etc/lineak/lineakd.conf.example for the user's reference.
You can then start the lineak daemon by running the following command:
$ lineakd
After installing lirc you need to take the following steps:
Find a lird.conf for your remote control on remotes You can also take a look on /usr/share/remotes directory if you do not have an internet connection. If you do not find your remote controller, try irrecord myremote command.
Copy your lircd.conf to /etc/ directory as root.
Add evdev to /etc/sysconfig/modules.
Load the module with modprobe evdev.
Edit /etc/sysconfig/lirc if necessary.
$ cat /proc/bus/input/devices | grep -e N -e H
will show you the event# you should use. (Default is 2.)
Start lircd and lircmd with sudo service lirc start.
Lmsensors is a hardware monitoring tool which is able to read thermal and voltage values and fan speeds from the sensor chips of your motherboard. Before running sensors you have to run sensors-detect as root to initialize them. It will autodetect your hardware and define which kernel modules you need to get it working properly, and tell you how to autoload them during boot.
So if you want to use lmsensors try to run
# sensors-detect
and say YES at end of sensors-detect to write /etc/sysconfig/lm_sensors.
Then issue:
# service lmsensors start
Here is a mini-HOWTO, a longer one is available here.
First if you are on a setup cd, you need to
modprobe dm-mod
and
vgchange -a y
The first loads the device-mapper support for the kernel, the later enables the existing volume groups. This is automatically done for you on an installed Frugalware system.
You need to decide what physical partitions to use for LVM. In this mini-HOWTO / is /dev/hda1 and we create a big /home partition using /dev/hda2 and /dev/hdc1.
Let's initialize them for use by LVM:
pvcreate /dev/hda2 /dev/hdc1
Create a volume group titled vg:
vgcreate vg /dev/hda2
Extend it with /dev/hdb1:
vgextend vg /dev/hdc1
Then we can create a logical volume with a size of 400G titled home:
lvcreate -L400G -nhome vg
Create a filesystem on it as usual, ie. for ext3:
mke2fs -j /dev/vg/home
And now the only task is to mount it as usual, ie:
mount /dev/vg/home /mnt/target/home
You already saw how to extend a volume group. Extending a logical volume is a bit more complex, but still easy.
If you use ext3:
umount /mnt/target/home lvextend -L+900M /dev/vg/home resize2fs /dev/vg/home mount /dev/vg/home /mnt/target/home
|
Note
|
According to the manpage of resize2fs, it would have support resizing without umounting, but this does not seem to work. |
If you use reiserfs:
lvextend -L+900M /dev/vg/home resize_reiserfs /dev/vg/home
To remove a logical volume:
lvremove /dev/vg/home
To remove a physical volume from a volume group:
vgreduce vg /dev/hdc1
To remove a volume group:
vgremove vg
That's it.
There is no any kind of http server in mailman's depends. It's because they are not needed to get a working mailman. Of cource if you want to provide archives and so don't forget to install a http server.
If you like coloured man-pages then you can enable that feature by issuing
# chmod +x /etc/profile.d/man-colors.sh
It is handled as a configuration file, so feel free to edit the colors in that file if you want.
You have to GRANT some privileges (at least for the operating user) to be able to use this package, as the installer does not GRANT them. The operating user requires ALTER, SELECT, INSERT, UPDATE and even DELETE privileges, regardless that the latter is not mentioned by upstream. For installation, INDEX, CREATE, DELETE, and DROP privileges are also required - this can be carried out if you provide the (MySQL) superuser's credentials to the installer.
Do not forget to rm -rf /var/www/mantis/admin after a successful install to prevent hijacking your bugtracker, and chage the default administrator's password.
Install the tk package if you intend to use the gui "xmaxima". Detailed documentation can be found using
info maxima
in the directory /usr/share/maxima/$package_version/doc/
How to convert each users mbox from /var/mail to Maildir (under /home/$user)?
If you are too lazy to read the complete documentation:
cd /var/mail
for i in *
do
echo $i
su - $i -c "mb2md -m"
rm -v $i
done
After installing this package, please run /usr/bin/mediawikisetup as root to setup MediaWiki
Do not forget to open port 8080 on your firewall!
To do this, add the following two lines to your /etc/sysconfig/firewall:
# midpssh-http-server -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
for example after MySQL's entry.
You can set up Monit by adding these lines to /etc/inittab:
# Run monit in standard run-levels mo:2345:respawn:/usr/sbin/monit -Ic /etc/monit/monitrc
You should edit the settings: videodevice, input, norm, frequency, width, height and target_dir in /etc/motion.conf
If the file already exists, it wont be overwritten by the package while upgrading. You can refer /etc/motion-dist.conf for configuring motion.
From munin-1.2.5-2 we no longer use a random uid/gid, but dedicated ones. Because of this munin service will not start if you have it installed before, so you have to correct this by issuing these commands:
groupmod -g 47 munin usermod -u 47 -g 47 munin chown -R munin:munin /var/lib/munin chown -R munin:munin /var/www/html/munin chown -R munin:munin /var/log/munin chown -R munin:munin /var/run/munin
You should chown any other munin-owned stuff you may have lying around, these are only the default ones.
You can configure MythTV this way:
Start mysql service and setup mysql database password with mysqladmin -u root password mysqlpassword.
Set up the initial database with mysql -u root -p < /usr/share/mythtv/mc.sql and enter mysqlpassword.
Run sudo mythtv-setup for tune your tvcard.
Start mythtv backend with sudo service mythtv start.
Use mythfilldatabase to fill in your database.
Finally run mythfrontend and have fun!
For more information see MythTV documentation.
Here is an excerpt from the Samba documentation explaining what you need to do to make this work:
USERSHARE Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands. To set this up, first set up your smb.conf by adding to the [global] section: usershare path = /home/usershares Next create the directory /home/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example the "users" group. Set the permissions on /home/usershares to 01770. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file). Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb.conf a line such as: usershare max shares = 100 to allow 100 usershare definitions. Now, members of the UNIX group "users" can create user defined shares on demand using the commands below. The usershare commands are: net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share. net usershare delete sharename - to delete a user defined share. net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share. net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.
Ndiswrapper requires .inf and .sys files from a Windows(tm) driver to function. Download these to /root for example, then run:
# ndiswrapper -i /root/foo.inf
After that you can delete them. They will be copied to the proper location. Once done, please run:
# depmod -a
Check this list of drivers. You can get your possible hadware with:
# lspci -n | egrep 'Class (0280|0200):' | cut -d' ' -f4
Look for that on the above page for your driver.
Please have a look at the wiki for the FAQ, HowTos, Tips, Configuration, and installation information.
Install script has generated default certificate use:
# /usr/sbin/nessus-mkcert
if you need to make a personalized one.
Remember to create a user with:
# /usr/sbin/nessus-adduser
Use /etc/sysconfig/nessusd for setting nessusd starting arguments.
Install script has generated default certificate use:
# /usr/sbin/nessus-mkcert
if you need to make a personalized one.
Remember to create a user with:
# /usr/sbin/nessus-adduser
Use /etc/sysconfig/nessusd for setting nessusd starting arguments.
To enable IPv4 multicast DNS lookups, append mdns4 to the hosts line in /etc/nsswitch.conf. Use mdns6 for IPv6 or mdns for both.
Please add /usr/lib/ooextras to your template paths in OpenOffice.org!
You can do this under:
Tools > Options > OpenOffice.org > Paths
Enjoy the new templates! :-)
# ssh -L 8000:localhost:80 server.com
After this you can access server.com:80 at localhost:8000 even if server.com:80 is not accessible from your machine.
Many mobile users have the following problem: they have to use an unencrypted wireless lan and they want to access webservers which does not support https. There is an easy solution for this: you transfer data to a server in an ssh tunnel then the data can be transferred to the server unencrypted in a wired network. This is much more secure. Set up the socks proxy on localhost:8080:
$ ssh -D 8080 server.com
Then configure your webbrowser to use the proxy, for example in firefox, select Manual proxy configuration and then set SOCKS Host to localhost, Port to 8080.
|
Note
|
Don't forget to clear other proxy fields! (HTTP, SSL, FTP, etc.) |
You require the data files of the original Transport Tycoon Deluxe for Windows to play the game. You have to manually copy the following files to /usr/share/openttd/data/
sample.cat trg1r.grf trgcr.grf trghr.grf trgir.grf trgtr.grf
If you want to use the included scenarios, run openttd with the following command:
$ openttd -g openttd -g /usr/share/openttd/scenario/<scenario_name>
You should set
cgi.fix_pathinfo=1
in /etc/php.ini in order to use php-cgi.
After installing this package, please run /usr/bin/phpbbsetup as root to setup phpBB
After upgrading, make sure to run the database update script
Pootle provides a separate webserver, after starting it, you should be able to reach it at http://127.0.0.1:8080/.
No-one can login to Pootle by default. You should edit /usr/lib/python2.5/site-packages/Pootle/users.prefs, and uncomment the startup user. Its password is startup, too. Then login via the web interface, create an account. Finally edit the configuration file again and comment the startup user.
These are the basic steps to set up Postfix to use SMTP Authentication to send mail through a relay host.
Set up a password maps file (/etc/postfix/sasl_passwd) as follows:
mail.ispserver.com username:password
# chown root:root /etc/postfix/sasl_passwd # chmod 600 /etc/postfix/sasl_passwd # postmap /etc/postfix/sasl_passwd
Append the following lines to /etc/postfix/main.cf:
relayhost = mail.ispserver.com smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options =
Finally reload postfix:
# postfix reload
That should do it!
This package relies on correct install of postfix's virtual tables and it needs to be configured by hand before usage. Copy /var/www/postfixadmin/config.inc.php.sample to /var/www/postfixadmin/config.inc.php and edit it to your taste. Below is an excerpt from upstream's INSTALL.TXT.
Create the Database Tables
In DATABASE_MYSQL.TXT you can find the table structure for MySQL that you need
in order to configure Postfix Admin and Postfix in general to work with
Virtual Domains and Users.
In DATABASE_PGSQL.TXT you can find the table structure for PostgreSQL.
Configure
Check the config.inc.php file. There you can specify settings that are relevant to your setup.
Postfix Admin contains 3 views of administration. There is the Site Admin view, located at http://domain.tld/postfixadmin/admin/. There is the Domain Admin view, located at http://domain.tld/postfixadmin/. And there is the User Admin View, located at http://domain.tld/postfixadmin/users/.
In order to do the initial configuration you have to go to the Site Admin view.
The default password for the Site Admin view of Postfix Admin is admin/admin.
This is specified in the .htpasswd file in the /admin directory. Make sure that the location of the .htpasswd file matches your path.
When you have finished, you have to restart apache (service httpd restart) in order to be able to authenticate the master admin. If you fail to do this, anybody will be able to do anything as postfixadmin's administrator without any authentication.
To use postgrey, put something along the lines of
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
in your /etc/postfix/main.cf (postfix 2.1 or newer is required.)
Preface
I was asked to set up VPN using PPTP. A much secure way to setup it up is using IPSec, more details here. Also you could use ssh+pppd, but that's rather problematic on platforms other than Unix.
Setting up the server
The big problem here is that most outdated HOWTO starts with patching your kernel and ppp. This is no longer needed!
Requiements: You need kernel>=2.6.15 or newer (Frugalware 0.4 or higher is OK). Also you need ppp>=2.4.2.
Also probably these are already installed on your system, let's see the new package: pptpd. Install it with the usual
# pacman-g2 -S pptpd
Probably this is done if you're reading this HOWTO :-)
Here comes my /etc/pptp.conf:
$ grep -v '^\(#\|$\)' /etc/pptpd.conf option /etc/ppp/options.pptpd logwtmp localip 10.0.0.88 remoteip 10.0.0.89-127
10.0.0.88 is the internal address of the server, 10.0.0.89-127 is the range that can be used by the pptp clients.
Then let's see that referred /etc/ppp/options.pptpd:
$ grep -v '^\(#\|$\)' /etc/ppp/options.pptpd name pptpd domain nemesis.example.net refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp debug lock nobsdcomp novj novjccomp nologfd
nemesis.example.net is the full name of the machine, replace it to your one. After everything works fine, you can remove the "debug" line from the config.
Then add at least one user:
# cat /etc/ppp/chap-secrets Password: vmiklos pptpd "secret" *
The rest is about to allow pptp on the firewall (I'm assuming that you use the default Frugalware configuration: INPUT is on DROP by default, but FORWARD is allowed, OUTPUT too.)
Add the following 2 lines to the filter section of /etc/sysconfig/firewall:
-A INPUT -p gre -j ACCEPT -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
Now we're ready to start:
# pptpd -f -o /etc/ppp/options.pptpd
If no error messages are reported, omit the -f option so it will go background.
Later you can put this to your /etc/rc.d/rc.local. Debug messages will appear in /var/log/messages if you're interested in them.
Client side
Install the necessary "pptp" package:
# pacman-g2 -S pptp
Most howto suggets the pptpconfig (http://pptpclient.sourceforge.net/) tool, it's written in PHP and uses GTK+2. You don't want to use graphical tools locally (and install XOrg) for administrating your machine, do you?
We can do it by hand, not too complicated.
You can name every tunnel you create, I'll use here the "mytunnel" name.
Fire up your favorite editor and create the /etc/ppp/peers/mytunnel file with the following contents:
$ grep -v '^\(#\|$\)' /etc/ppp/peers/mytunnel name vmiklos remotename PPTP file /etc/ppp/options.pptp pty "pptp IP_OF_THE_SERVER --nolaunchpppd " require-mppe
Your /etc/ppp/chap-secrets should contain the following line:
vmiklos PPTP secret *
We're ready to start the client:
# pppd pty 'pptp server --nolaunchpppd' call mytunnel debug dump logfd 2 nodetach
A lot of debug messages will be printed, check on an other console if you got a new pppx interface or not:
# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.0.89 P-t-P:10.0.0.88 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:996 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:70 (70.0 b) TX bytes:76 (76.0 b)
If it seems to be ok, you no longer need the debug messages and pppd can go backround:
# pppd pty 'pptp server --nolaunchpppd' call mytunnel
That was all. Not so simple but anyone can do it :-)
Resources
http://czeh.hu/linuxdoc/vpn-pptp.html - VPN connection using PPTP and Linux by Istvan Czeh (Hungarian)
http://webb.gotdns.com:2080/kernel-mppe/pptp-command.html - pptp-command HOWTO
You'll find pyro's scripts in /usr/lib/python2.5/site-packages/Pyro/bin
If you are completely new to qemu, you may find the big list of switches a bit confusing. Most users want to install an operating system from a cdrom image to a virtual harddisk. Here is what you need:
$ qemu-img create foo.img 8G $ wget http://server.com/bar.iso $ qemu -hda foo.img -cdrom bar.iso
It worth to read the full documentation at /usr/share/doc/qemu-*/qemu-doc.html, it really worth to do so.
To demonstrate how powerfull qemu is, here are a few cheap tricks:
If you want to be able to ssh to the machine, you can use port derirection. For example using the -redir tcp:1022::22 option, qemu:22 will be available at localhost:1022.
|
Note
|
This requires root privileges. |
You can create a unix socket to control your virtual machine. For example if you are not able to ssh to the machine, you can still properly shut it down:
Use the -monitor unix:/tmp/qemu,server,nowait option, then send the sendkey ctrl-alt-delete string to the socket, for example using python:
python -c "import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); \
sock.connect('/tmp/qemu'); \
sock.send('sendkey ctrl-alt-delete\n')"
Finally a trick about vnc: using for example the -vnc 0 option, it's possible to reach qemu's display via vnc. This is quite handy if you run qemu on a server (for example in screen), then you can freely attach to and detach from it whenever you want to do so.
Really, read the full documentation! :)
To really activate quotas, you'll need to add usrquota to the appropriate partitions as listed in /etc/fstab. Here's an example:
/dev/hda2 /home ext2 defaults,usrquota 1 1
When you want quota support for a given partition, some special files have to be created boot-time. This is not done by default. To do so, you need to
# touch /var/lib/quota/new
then, reboot to create those files.
To edit user quotas, use edquota. See man edquota.
This is the r8169 driver from Realtek. This in not the same r8169 presented in Linux kernel.
This driver supports: RTL8169S/8110S, RTL8169SB/8110SB, RTL8110SC
To use this driver you have to remove the official r8169 if loaded.
# rmmod r8169
You can load this module with
# modprobe realtek-r8169
It might be a good idea to blacklist r8169 and add realtek-r8169 to /etc/sysconfig/modules, so you do not have to play this game after every reboot.
Create a new feed database:
$ r2e new you@yourdomain.com
Subscribe to some feeds:
$ r2e add http://www.aaronsw.com/2002/rss2email/updates.rss
(That's the feed to be notified when there's a new version of rss2email.) Repeat this for each feed you want to subscribe to.
When you run rss2email, it emails you about every story it hasn't seen before. But the first time you run it, that will be every story. To avoid this, you can ask rss2email not to send you any stories the first time you run it:
$ r2e run --no-send
Then later, you can ask it to email you new stories:
$ r2e run
You probably want to set this up as a cron job or something.
There are a few options, described at the top of rss2email.py. If you want to change something, add it to config.py. For example, to be notified every time a post changes, instead of just once per post:
$ echo "TRUST_GUID = 0" >>~/.rss2email/config.py
And you can ask rss2email to make the emails look as if they were sent when the item was actually posted:
$ echo "DATE_HEADER = 1" >>~/.rss2email/config.py
You need to complete the install, running:
# /usr/lib/scratchbox/run_me_first.sh
Do not forget to create a scratchbox user:
# /usr/lib/scratchbox/sbin/sbox_adduser <user>
For further documentation about how to setup scratchbox for your development needs have a look at scratchbox documentation.
Also note that when you reboot and before trying to run scratchbox, you should run:
# service scratchbox start
You can also add it to the default runlevel:
# service scratchbox add
Then to start scratchbox, run:
$ /usr/lib/scratchbox/login
|
Note
|
In order to run scratchbox, you have to be in the sbox group. |
You may want to restart your screen session automatically after a reboot. This is the case, for example, when we seed the Frugalware ISOs using a torrent client. Here is what you need:
Set up your ~/.screenrc so that it'll start your application when screen starts up:
screen -t seed 0 /bin/sh -c 'cd $HOME/frugalware-torrents; rtorrent'
Run crontab -e and append the following line to your crontab:
@reboot screen -d -m
You're ready!
Driver for the SpeedTouch USB and SpeedTouch 330
The binaries (modem_run and pppoax) have been installed in /usr/sbin.
You will find the documentation and example script files in: /usr/share/doc/speedtouch-pkgver
You can start configuring your modem by running
/usr/bin/speedtouch-setup
|
Note
|
Read the documentation (/usr/share/doc/speedtouch-pkgver/howto) carefully to use this driver correctly! |
Please start the configure script in the /var/www/squirrelmail directory!
You have to install this plugin with squirrelmail's own ./configure tool.
You have to install this plugin with squirrelmail's own ./configure tool.
You need some additional configuration before stunnel will be functional:
Adjust the configuration file:
# cp /etc/stunnel/stunnel.conf-sample /etc/stunnel/stunnel.conf # vi /etc/stunnel/stunnel.conf
|
Note
|
If something goes wrong, try setting sslVersion to all. |
Genrate your certificate:
# openssl req -new -x509 -days 365 -nodes -config /etc/stunnel/stunnel.cnf -out \ /etc/stunnel/mail.pem -keyout /etc/stunnel/mail.pem
Hide the certificate from users:
# chmod 600 /etc/stunnel/mail.pem
Now you can enable and start the service:
# service stunnel add # service stunnel start
In order to use the sugarcrm, you have to symlink it to somewhere. For example, if you want to use it under http://localhost/sugarcrm, then use:
# ln -s /var/www/SugarSuite /var/www/html/sugarcrm
After installing this package, please run in a browser http://localhost/sugarcrm/install.php to setup SugarSuite (sugarcrm).
First of all, read the INSTALL file for the instructions.
For lazy users, here's what i had to do to get the driver working:
Make sure you have the evdev kernel module loaded before the x server started (or restart it after you loaded the module).
Now open your /etc/X11/xorg.conf and add the following:
Load "synaptics"
to the "Module" section.
Replace the content of your "InputDevice" section to the followings:
Section "InputDevice" Identifier "Synaptics Mouse" Driver "synaptics" Option "Device" "/dev/psaux" Option "Protocol" "auto-dev" Option "LeftEdge" "1700" Option "RightEdge" "5300" Option "TopEdge" "1700" Option "BottomEdge" "4200" Option "FingerLow" "25" Option "FingerHigh" "30" Option "MaxTapTime" "180" Option "MaxTapMove" "220" Option "VertScrollDelta" "100" Option "MinSpeed" "0.09" Option "MaxSpeed" "0.18" Option "AccelFactor" "0.0015" Option "SHMConfig" "on" # Option "Repeater" "/dev/ps2mouse" EndSection
Add this line to the "ServerLayout" Section:
InputDevice "Synaptics Mouse" "CorePointer"
After installing trac you need a few steps to set it up. First of all do not forget to install postgresql/mysql/sqlite according to which database backend you want to use.
To create a new trac project, just use the command:
$ trac-admin /path/to/myproject initenv
You can check the result with:
tracd --port 8000 /path/to/myproject
Then, fire up a browser and visit http://localhost:8000
For further documentation on trac, how to set up with different HTTP daemons see TracGuide
/lib/udev/devices is the directory where packages or you can place real device nodes, which get copied over to /dev at every boot. This replaces our previous /etc/sysconfig/udev solution. (The change was recommended by upstream.)
unp is a small perl script which makes extraction of any archive files easier. It support several compressors and archiver programs, chooses the right one(s) automatically and extracts one or more files in one go. It detects the right type from the file extensions or the "file" output.
unp was written by Andre Karwath (http://www.aka-online.de) in 1997, I (Eduard Bloch <blade@debian.org>) found it later and improved it to fill my needs. Have fun!
Create a big empty file:
# dd if=/dev/zero of=root_fs bs=1M count=1000
Format it:
# mke2fs -F -j root_fs
Mount it:
# mkdir uml # mount root_fs -o loop uml # cd uml
Install base and openssh:
# mkdir -p var/log tmp # pacman-g2 -Sy base openssh -r ./
Create etc/fstab with the following contents:
none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 /dev/ubda / ext3 defaults 1 1
Create etc/sysconfig/keymap with the following contents:
keymap=us
Create etc/profile.d/lang.sh with the following contents:
export LANG=en_US export LC_ALL=$LANG
We want networking, put the followings to etc/sysconfig/network/default:
[eth0] options = 192.168.0.1 gateway = default gw 192.168.0.254
If you want to use multiple virtual machines, use 192.168.0.2, 192.168.0.3 and so on instead.
Let's copy in the terminal device and change our root:
# cp -a /dev/tty dev/ # chroot ./
Create a regular user:
# adduser
Remove unnecessary services and enable ssh:
# service keymap del # service time del # rm /etc/rc.d/rcS.d/S18rc.time # service sshd add
Remove unnecessary packages:
# pacman-g2 -R gpm kernel
Change /etc/inittab so that ctrl-alt-del will halt (and not reboot the system). Change the line
ca::ctrlaltdel:/sbin/shutdown -t5 -r now
to
ca::ctrlaltdel:/sbin/shutdown -t5 -h now
Exit from the chroot and umount:
# exit # cd .. # umount uml
You're ready, let's register it!
You should edit /etc/sysconfig/uml. Each item in the machines array defines a virtual machine. Here is an example:
machines=('ubd0=/home/uml/root_fs_0 eth0=tuntap,,,192.168.0.254 mem=128MB con0=null,fd:1 con=null')
This does the following:
root fs will be /home/uml/root_fs_0
the IP of the host will be 192.168.0.254
allocate 128MB of memory
disable console input, console output will be stdout (that'll be logged to /var/log)
disable other consoles (we don't need them, we can use ssh)
First you need the tun kernel module:
# modprobe tun # echo tun >> /etc/sysconfig/module
Second, you need NAT. Let's assume you access the external network via the eth0 interface, then edit /etc/sysconfig/network/default and search the end of the [eth0] section. Just append
post_up = iptables -t nat -A POSTROUTING -j MASQUERADE
to the section. After a
# netconfig restart
NAT will be enabled.
Now you can easily start/stop your machines using the usual service uml start/stop command.
Frugalware does not use tmpfs for /tmp by default. However on servers this can cause problems: if you do not reboot for months, then cleaning /tmp can take some time. Using tmpfs can solve your problem: it's a ramdisk so its content not preserved during a reboot. All you need is to add the following line to your /etc/fstab:
tmpfs /tmp tmpfs defaults 0 0
|
Note
|
You need util-linux >= 2.12-31 for this, otherwise X may not start. |
If you want to enable spell check support, you need to:
install the spell files for your language:
# pacman-g2 -S vim-spell-xx
where xx is code of the requested language.
enable the spell check support for your language (type in vim):
:setlocal spell spelllang=xx_yy
Some languages need correctly set encoding. If you get a message like:
Warning: Cannot find word list "hu.latin1.spl" or "hu.ascii.spl"
then you need to set your encoding as well:
:set encoding=latin2
The incorrect words are coloured red by default. You can reach a list of suggested words by pressing z= when the cursor is at the given word.
If you want to disable the spell check support, type:
:setlocal nospell
It may be handy to have map function keys in ~/.vimrc to enable / disable the spell check support:
set encoding=latin2 map <F5> <Esc>:setlocal spell spelllang=en_gb<CR> map <F6> <Esc>:setlocal spell spelllang=hu<CR> map <F7> <Esc>:setlocal nospell<CR>
|
Note
|
The language code is sometimes in an xx and sometimes is in an xx_yy form. This is something you need to figure out for your language. |
See the upstream documentation for more info about spell check support:
:help spell
If you want to be able to use the VirtualBox guest additions, run this command as root to get the Additions ISO (requires an active Internet connection):
# /usr/bin/get-vbox-additions
Don't forget to change the wifi interface name in /etc/wifi-radar.conf!
Running x11vnc without a password is not recommended. To create one, type:
vncpasswd ~/.vnc/passwd
Then you can start the VNC server using
x11vnc -display :0 -rfbauth ~/.vnc/passwd -forever
if are logged in on :0.
Check /etc/php.ini
# cat /usr/share/doc/xcache-$pkgver/xcache.ini >> /etc/php.ini
Modify php.ini for your needs:
# $EDITOR /etc/php.ini
Restart php
|
Warning
|
Use >> with cat, not simply > |
Please take a look on xcache wiki.
How should I remote control xmms from xchat?
First make sure you really need it - some people think it's a security hole.
You need XChat-XMMS plugin from XChat's Scripts + Plugins section, and some other packages (mostly Perl modules) which I'm too lazy to search for, but are available in fpm. Unpack the tarball, copy the .pl script to your XChat dir, and (try to) load it. If it complains about missing Perl modules, install them and try again. (This script has some minor bugs, but was found to be the most useful one amongst the kind. The documentation is a German PDF, which is to be translated to English/Hungarian.)
|
Warning
|
Xen is unstable software, meaning that it should not be used on your main PC, it may destroy your data. As an example, I destroyed my file system during testing. |
Xgl server
Xgl is a hardware accelerated X server. It renders everything that gets drawn to the screen with OpenGL to allow for fancy effects like wobbly windows, translucency, etc. The disadvantage to Xgl is that programs that already use OpenGL will not work on it. Xgl is only recommended if you do not have a graphics card that supports GLX_EXT_texture_from_pixmap.
AIGLX
Accelerated Indirect GLX ("AIGLX") is an open source project founded by Red Hat and the Fedora Linux community to allow accelerated indirect GLX rendering capabilities to X.Org and DRI drivers. This allows remote X clients to get fully hardware accelerated rendering over the GLX protocol; coincidentally, this development was required for OpenGL compositing window managers (such as Compiz) to function with hardware acceleration.
Compiz Fusion
Compiz Fusion is the result of a merge between the well-known Beryl composite window manager and Compiz Extras, a community set of improvements to the Compiz composite window manager. Compiz Fusion aims to provide an easy and fun-to-use windowed environment, allowing use of the graphics hardware to render each individual window and the entire screen, to provide some impressive effects, speed and usefulness.
|
Note
|
Before starting with installing compiz fusion, make sure you remove all beryl packages installed on your system. Beryl is now merged with compiz-fusion and is no longer supported on frugalware. |
This section describes how to setup Xgl or AIGLX depending on which graphics card you have.
This section describes how to setup Xgl/AIGLX on computers having Intel Graphics Cards. First, make sure that the Intel Xorg drivers are installed. You can install it using:
# pacman-g2 -S xf86-video-i810
I would recommend using AIGLX and NOT xgl for intel users. This is because Xgl works extremely slow on such cards. On the other hand, AIGLX is much faster than Xgl and is easier to setup. This section describes how to setup AIGLX for Intel GMA series cards.
You have to edit the /etc/X11/xorg.conf as root.
Look for Section "Module" and make sure that the following lines exist in that section
Load "dri" Load "glx" Load "dbe"
Now, look for Section "Device" and add the following lines to it
Option "XAANoOffscreenPixmaps" "true" Option "DRI" "true"
And add this to Section "ServerLayout"
Option "AIGLX" "true"
Now look for Section "DRI". Create it if it doesn't exist and make sure it looks like the following
Section "DRI"
Group "video"
Mode 0660
EndSection
|
Note
|
Also please make sure you are in the video group. |
Finally, add this line to Section "Extensions"
"Option" "Composite" "Enable"
Save the file and exit the editor. Reboot your system. Your system should now be set up to use Compiz Fusion. Now read on to the Window Manager setup section!
If you have an nVidia card, you're in luck - you can use all the fancy effects without the need for Xgl. This means you'll get much better performance. First of all, you'll need the latest nVidia drivers (100.14.11-6). Install them if you haven't already done it.
# pacman-g2 -Sy nvidia
Now, as i stated earlier, you can use it with or without Xgl. Both the ways are described below.
You have to edit the /etc/X11/xorg.conf as root.
First find the Device section for your nVidia card. Add the following line to it:
Option "XAANoOffscreenPixmaps" "false"
Now go to the Screen section. Make sure the following lines are there:
Option "AddARGBGLXVisuals" "True" Option "RenderAccel"