Showing posts with label chroot. Show all posts
Showing posts with label chroot. Show all posts

19 July 2013

479. Compiling Wine 1.6 on Debian (using a chroot)

Update:
I noticed
configure: libOSMesa 32-bit development files not found (or too old), OpenGL rendering in bitmaps won't be supported.

popping up at the end of ./configure. I've added a fix for it based on http://forum.winehq.org/viewtopic.php?f=2&t=17713

Original post:
Here's a generic way of building Wine 1.6 which is now stable. And yes, it's the instructions for 1.5.28-1.6-rcX recycled.

See here for information about 3D acceleration using libGL/U with Wine: http://verahill.blogspot.com.au/2013/05/429-briefly-wine-libglliubglu-blender.html

Getting started:
If you set up a e.g. chroot to build 1.5.28 you don't need to set up a new chroot to build 1.6. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox
cd ~/tmp

And skip to 'Building wine'.

Otherwise do this:
Setting up the Chroot
sudo apt-get install debootstrap
mkdir $HOME/tmp/architectures/wine32 -p
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Replace 'beryllium' with the name your host system (it's just to suppress error messages)

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential
mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.6.tar.bz2

tar xvf wine-1.6.tar.bz2
cd wine-1.6/


Optional:
To avoid getting the

configure: libOSMesa 32-bit development files not found (or too old), OpenGL rendering in bitmaps won't be supported.

message, do the following:
1. Edit configure
 9450 LIBS="-lOSMesa -lGLU -lGL $X_LIBS $X_PRE_LIBS $XLIB -lm $X_EXTRA_LIBS $LIBS"

2. Also change
 9473     *) ac_cv_lib_soname_OSMesa=libOSMesa.so

Does it change anything? I don't know. But it removes the error message which is triggered by missing symbols so I think it does since the symbols are found in GLU/GL.
End optional.

Then do
./configure
time make -j3
sudo checkinstall --install=no
checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: Preparing package documentation...OK Please write a description for the package. End your description with an empty line or EOF. >> wine 1.6 >> ***************************************** **** Debian package creation selected *** ***************************************** This package will be built according to these values: 0 - Maintainer: [ root@beryllium ] 1 - Summary: [ wine 1.6] 2 - Name: [ wine ] 3 - Version: [ 1.6] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ i386 ] 8 - Source location: [ wine-1.6 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ wine ] 12 - Conflicts: [ ] 13 - Replaces: [ ]
Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine

Exit the chroot
sandbox@beryllium:~/tmp/wine-1.6$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
 Enable multiarch* and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

*At some point I think ia32-libs may be replaced by proper multiarch packages, but maybe not. So we're kind of doing both here.

 Copy the .deb package and install it
sudo cp wine32/home/sandbox/tmp/wine-1.6/wine_1.6-1_i386.deb .
sudo chown $USER wine_1.6-1_i386.deb
sudo dpkg -i wine_1.6-1_i386.deb

30 May 2013

433. Wine 1.5.31 on Debian

Here's a generic way of building wine which works for 1.5.31 (and 1.5.28 and everything in between except 1.5.31).




See here for information about 3D acceleration using libGL/U with Wine: http://verahill.blogspot.com.au/2013/05/429-briefly-wine-libglliubglu-blender.html

Getting started:
If you set up a e.g. chroot to build 1.5.28 before, you don't need to set up a new chroot to build 1.5.31. In that case, skip the set-up step below and instead re-enter your existing chroot like this:
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox
cd ~/tmp

Setting up the Chroot
sudo apt-get install debootstrap
mkdir $HOME/tmp/architectures/wine32 -p
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Replace 'beryllium' with the name your host system (it's just to suppress error messages)

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential
mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.31.tar.bz2
tar xvf wine-1.5.31.tar.bz2
cd wine-1.5.31/./configure
time make -j3
sudo checkinstall --install=no
checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: Preparing package documentation...OK Please write a description for the package. End your description with an empty line or EOF. >> wine 1.5.31 >> ***************************************** **** Debian package creation selected *** ***************************************** This package will be built according to these values: 0 - Maintainer: [ root@beryllium ] 1 - Summary: [ wine 1.5.31] 2 - Name: [ wine ] 3 - Version: [ 1.5.31] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ i386 ] 8 - Source location: [ wine-1.5.31 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ wine ] 12 - Conflicts: [ ] 13 - Replaces: [ ]
Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine

Exit the chroot
sandbox@beryllium:~/tmp/wine-1.5.31$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
 Enable multiarch* and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

*At some point I think ia32-libs may be replaced by proper multiarch packages, but maybe not. So we're kind of doing both here.

 Copy the .deb package and install it
sudo cp wine32/home/sandbox/tmp/wine-1.5.31/wine_1.5.31-1_i386.deb .
sudo chown $USER wine_1.5.31-1_i386.deb
sudo dpkg -i wine_1.5.31-1_i386.deb

Links to this post:
http://appdb.winehq.org/objectManager.php?sClass=version&iId=19141&iTestingId=79415&bShowAll=true

16 May 2013

416. Compiling Wine 1.5.30 in a chroot (fixed)

Update 2, 22 May 2013: Thanks to the Anonymous poster who pointed out that wine 1.5.30 was broken! Anyway, I've updated this post with instructions how to patch the wine 1.5.30 sources so that it includes libwine in the final .deb package.

(I normally attached a screenshot of the winecfg about tab, but not this time -- had I done that I would've realised something was wrong. )

It's fixed now. Wine 1.5.30 is OK again.






Update 22 May 2013: libwine.so.1 doesn't get included in the deb package, which causes severely reduced functionality. I've confirmed that Wine 1.5.28 built as shown in http://verahill.blogspot.com.au/2013/04/387-compiling-wine-1528-in-i386-chroot.html works fine though.

I'll update here when I've figured out why the compiled libraries don't get included.

It's similar to what is mentioned in these bug reports:
https://bugs.archlinux.org/task/35189
https://bugs.archlinux.org/task/35190
https://bugs.archlinux.org/task/35191

There's a fix here: http://bugs.winehq.org/attachment.cgi?id=44422


Original post:
While it'd be absolutely fair to accuse me of recycling posts, I have a reasonably good reason for doing so: posting build instructions for the latest version -- even if identical to instructions for earlier versions -- confirms that it 'works'. Also, it shows that the instructions are current.

I'm too much of a hoarder to go back and update old posts.

Anyway, here's a generic way of building wine which works for 1.5.30 (and 1.5.28 and everything in between). And yes, I've copy/pasted from my old 1.5.28 post...

See here for information about 3D acceleration using libGL/U: http://verahill.blogspot.com.au/2013/05/429-briefly-wine-libglliubglu-blender.html

Getting started:
If you set up a chroot to build 1.5.28 before, you don't need to set up a new chroot to build 1.5.30. In that case, skip the set-up step below and instead re-enter your existing chroot like this:
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox
cd ~/tmp

Setting up the Chroot
sudo apt-get install debootstrap
mkdir $HOME/tmp/architectures/wine32 -p
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Replace 'beryllium' with the name your host system (it's just to suppress error messages)

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential
mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.30.tar.bz2
tar xvf wine-1.5.30.tar.bz2
cd wine-1.5.30/
wget http://bugs.winehq.org/attachment.cgi?id=44422 -O diff.patch
patch -p1 < diff .patch
patching file configure patching file configure.ac patching file libs/wine/Makefile.in
./configure time make -j3 sudo checkinstall --install=no
checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: Preparing package documentation...OK Please write a description for the package. End your description with an empty line or EOF. >> wine 1.5.30-2 >> ***************************************** **** Debian package creation selected *** ***************************************** This package will be built according to these values: 0 - Maintainer: [ root@beryllium ] 1 - Summary: [ wine 1.5.30-2 ] 2 - Name: [ wine ] 3 - Version: [ 1.5.30-2 ] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ i386 ] 8 - Source location: [ wine-1.5.30 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ wine ] 12 - Conflicts: [ ] 13 - Replaces: [ ]
Compilation took ca 13 minutes with three threads. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine

Exit the chroot
sandbox@beryllium:~/tmp/wine-1.5.30$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
 Enable multiarch* and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

*At some point I think ia32-libs may be replaced by proper multiarch packages, but maybe not. So we're kind of doing both here.

 Copy the .deb package and install it
sudo cp wine32/home/sandbox/tmp/wine-1.5.30/wine_1.5.30-1_i386.deb .
sudo chown $USER wine_1.5.30-1_i386.deb
sudo dpkg -i wine_1.5.30-1_i386.deb

15 April 2013

387. Compiling Wine 1.5.28 in a i386 chroot on Debian Wheezy amd64

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

UPDATE: for those who don't want to compile and are willing to take a minor risk* there are pre-built debs for mepis here: http://main.mepis-deb.org/mepiscr/testrepo/pool/test/w/wine/
They are provided by Steve Pusser, who is an active member at the debian forums.

* I presume, but don't actually know, that they are compatible with debian due to 1) Steve being active on the debian forums and 2) Mepis being based on debian stable (currently Squeeze)

Original post

New version of wine out now: 1.5.28.

Not much to get excited about from what I can tell, but wine now relies on GnuTLS instead of openssl.

Here's how to build it -- a lot of it is shamelessly recycled from earlier posts on this blog.

Getting started:
If you set up a chroot to build 1.5.27 before, you don't need to set up a new chroot to build 1.5.28. In that case, skip the set-up step below and instead re-enter your existing chroot like this:
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

Setting up the Chroot
mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential
mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.28.tar.bz2
tar xvf wine-1.5.28.tar.bz2
cd wine-1.5.28/
./configure
time make -j2
sudo checkinstall --install=no
checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: Preparing package documentation...OK Please write a description for the package. End your description with an empty line or EOF. >> wine 1.5.28 >> ***************************************** **** Debian package creation selected *** ***************************************** This package will be built according to these values: 0 - Maintainer: [ root@beryllium ] 1 - Summary: [ wine 1.5.28 ] 2 - Name: [ wine ] 3 - Version: [ 1.5.28 ] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ i386 ] 8 - Source location: [ wine-1.5.28 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ wine ] 12 - Conflicts: [ ] 13 - Replaces: [ ]

Compilation took ca 19 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot
sandbox@beryllium:~/tmp/wine-1.5.28$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it
sudo cp wine32/home/sandbox/tmp/wine-1.5.28/wine_1.5.28-1_i386.deb .
sudo chown $USER wine_1.5.28-1_i386.deb
sudo dpkg -i wine_1.5.28-1_i386.deb

Links to this post:
http://forum.winehq.org/viewtopic.php?f=8&t=18924

05 April 2013

376. Wine 1.5.27 on Debian: i386 chroot

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

Note: Please, if you do have issues actually using the wine binaries built this way, post a comment -- everything is working fine on my systems but I'd like to know exactly what libraries you need to install on the target system to make Wine built in the chroot run to satisfaction.


Preamble: Building wine on Debian Wheezy amd 64 is a PITA at the moment, since some amd64 -dev packages are not co-installable with their i386 counterpart. Such an example is libfreetype6-dev:i386.


If I'm understanding this post correctly I may be confusing the idea behind multiarch vs cross-compiling:

"multiarch provides support for cross-compiling, but we don't have an amd64->i386 cross-compiler - only a biarch (multilib) compiler."

which I interpret to mean that while we generally can compile against 32 bit libs in wheezy using multiarch, it's not necessarily the way it is intended to work (I've never bother to check whether the binaries are 32 bit, or just linked against 32 bit libs). Instead, an alternative way to look at multiarch is that it supports the use of packages linked against 32 bit libs (and puts libraries in arch dependent locations), but not by necessity the compilation of 32 bit binaries (if it does, great). Or maybe I'm wrong. The bottom line is that we might have to accept compiling in a chroot, and then install the 32 bit libs on the target machine to support execution.
I've built wine using chroot in the past, but it was always with the intention of hammering out dependencies.


Getting started:

The Chroot
mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it):
sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 libcurl4-openssl-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential
mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.27.tar.bz2
cd wine-1.5.27/
./configure
time make -j2
sudo checkinstall --install=no
checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran This software is released under the GNU GPL. The package documentation directory ./doc-pak does not exist. Should I create a default set of package docs? [y]: Preparing package documentation...OK Please write a description for the package. End your description with an empty line or EOF. >> wine 1.5.27 >> ***************************************** **** Debian package creation selected *** ***************************************** This package will be built according to these values: 0 - Maintainer: [ root@beryllium ] 1 - Summary: [ wine 1.5.27 ] 2 - Name: [ wine ] 3 - Version: [ 1.5.27 ] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ i386 ] 8 - Source location: [ wine-1.5.27 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ wine ] 12 - Conflicts: [ ] 13 - Replaces: [ ]

Compilation took ca 20 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot
sandbox@beryllium:~/tmp/wine-1.5.27$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$ 

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it
sudo cp wine32/home/sandbox/tmp/wine-1.5.27/wine_1.5.27-1_i386.deb .
sudo chown $USER wine_1.5.27-1_i386.deb
sudo dpkg -i wine_1.5.27-1_i386.deb

The tricky bit
The question is what 32 bit libs you need on the host system, if any.
ldd /usr/local/bin/wine
linux-gate.so.1 => (0x55573000) libwine.so.1 => /usr/local/bin/../lib/libwine.so.1 (0x55577000) libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0x556f5000) libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0x5570e000) libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0x55871000) /lib/ld-linux.so.2 (0x55555000)
So far everything is working fine with ia32-libs.

Links to this post:
http://forums.bistudio.com/showthread.php?149892-ARMA-III-on-Linux-servers-via-WINE%2Fpage4
http://forum.winehq.org/viewtopic.php?f=8&t=19010

17 March 2013

361. Installing Debian on a USB stick (from a running Debian system)

Post 70 (Installing Debian on a USB stick -- live usb vs a true and full installation) is receiving a lot of traffic. While the method of installing debian used there -- using virtualbox -- works, it is slow and unnecessarily complex.

A better, faster and easier way is to use a chroot. Sure, it's a bit more command line oriented, but that doesn't necessarily make it harder.
You'll need an empty USB stick. Some sticks are faster than others, but they are all slower than spinning disks, and a lot slower than SSDs (never tried a USB3 stick though).

1. Prepare the USB stick
Attach the USB stick to a computer with Debian. Find out what device it is (do ls /dev/sd* before and after attaching the stick, and if it automounts, you can also check the output of df -h). In this case we'll assume that it's /dev/sdb.


sudo apt-get install util-linux e2fsprogs
sudo umount /dev/sdb*
sudo fdisk /dev/sdb
Command (m for help): o
Building a new DOS disklabel with disk identifier 0x209d6329.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Command (m for help): p

Disk /dev/sdb: 4051 MB, 4051697664 bytes
125 heads, 62 sectors/track, 1021 cylinders, total 7913472 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x209d6329

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): 
Using default response p
Partition number (1-4, default 1): 
Using default value 1
First sector (2048-7913471, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-7913471, default 7913471): 
Using default value 7913471

Command (m for help): a                                                                               
Partition number (1-4): 1

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

It really is that simple to set up the partition table. o wipes the previous table, n creates a new partition, and a makes it bootable. w writes the changes. Now prepare the file system:

sudo mkfs.ext4 /dev/sdb1
mke2fs 1.42.5 (29-Jul-2012) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 247504 inodes, 988928 blocks 49446 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=1015021568 31 block groups 32768 blocks per group, 32768 fragments per group 7984 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Allocating group tables: done Writing inode tables: done Creating journal (16384 blocks): done Writing superblocks and filesystem accounting information: done
2. Mount and bootstrap the USB stick

Note that you can change between i386 and amd64, testing and stable and different mirrors, by editing the debootstrap line below. I'd recommend i386 since it will run on 64 bit machines as well, which is useful if you're traveling.

sudo apt-get install debootstrap coreutils
mkdir ~/tmp/usbstick -p
sudo mount /dev/sdb1 ~/tmp/usbstick
sudo debootstrap --arch i386 testing $HOME/tmp/usbstick http://ftp.au.debian.org/debian/
I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id 9FED2BCBDCD29CDF762678CBAED4B06F473041FA) I: Retrieving Packages [..] I: Configuring tasksel... I: Configuring tasksel-data... I: Base system installed successfully.

sudo mount -t proc none $HOME/tmp/usbstick/proc
sudo mount --bind /sys $HOME/tmp/usbstick/sys
sudo mount --bind /dev $HOME/tmp/usbstick/dev
sudo cp /etc/resolv.conf $HOME/tmp/usbstick/resolv.conf
sudo chroot $HOME/tmp/usbstick/

3. Basic setup

Edit the sources.list line as needed. The key is to enable non-free so you can install all the non-free firmware so that youre prepared for most types of hardware.

rm /etc/apt/sources.list
echo 'deb  http://ftp.au.debian.org/debian/ testing main contrib non-free' >> /etc/apt/sources.list
apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 usbstick >> /etc/hosts'
source /etc/bash.bashrc
useradd -m traveller
passwd traveller
usermod -G sudo -a traveller

If you're going to travel with this, you may want to install AIDE to make sure that you're executables haven't been changed (you can also use tripwire). Of course, if anyone has the ability to regenerate the database, then this won't help you.
apt-get install aide

You will have to wait with generating the database until you're properly booted from the USB stick.

4. Make the usbstick bootable
Make sure to install grub to /dev/sdb so that you don't mess up your desktop.

grep -v rootfs /proc/mounts > /etc/mtab
sudo apt-get install grub-pc linux-base linux-image-3.2.0-4-686-pae


You need to set up your /etc/fstab:
blkid /dev/sdb1 -o export|head -n 1 > /etc/fstab

Edit /etc/fstab (your UUID will vary):
UUID=24056f3d-d0c5-4297-adc4-40b2d2007412       /       ext4    errors=remount-ro,user_xattr    0 1

Run
update-grub
Generating grub.cfg ... Found linux image: /boot/vmlinuz-3.2.0-4-686-pae Found initrd image: /boot/initrd.img-3.2.0-4-686-pae done

At this point you've used ca 559 Mb.

5. Installing command line tools
The following installs a curses-based network connection manager, a mail program, a chat program and a browser. All of them work in the terminal:
sudo apt-get install wicd-curses mutt mcabber elinks rcconf

You've now used ca 670 Mb.

To set up Mutt and Mcabber, see here: http://verahill.blogspot.com.au/2011/12/configuring-mutt-for-two-imap-accounts.html
http://verahill.blogspot.com.au/2011/12/linux-basics-google-talk-using-gajim-or.html

6. Installing a desktop
This is luckily very easy. The bad thing is that USB sticks are very slow, so starting a heavy desktop from a USB stick is going to lead to long boot times.

To install gnome (2340 Mb) do
sudo apt-get install gnome rcconf

To install lxde (523 Mb) do
sudo apt-get install lxde rcconf

and to install xfce (457 Mb) do
sudo apt-get install xfce4 rcconf

We installed rcconf to prevent network-manager to start if it has been installed:
Run
rcconf
And unstar whatever you don't want to launch at boot.
To reduce boot times, edit /etc/default/grub and change to
GRUB_CMDLINE_LINUX_DEFAULT="quiet text"
Run
update-grub

You will now have to start whatever desktop you installed manually by running
startx

from the command line i.e. you only start the desktop if you really need it.

Clean your cache to free up some space:

apt-get clean

With xfce4 and cleaning, you've now used a total of 951 Mb.

7. Pull in some extra firmware
In case you'll be using this usb stick on random computers you might want to pull in as many different firmware as you can stomach:
apt-get install firmware-atheros firmware-iwlwifi firmware-ralink firmware-realtek

And so on.
You might also want to install programs such as clamav , but that's your business.

8. Unmounting your usbstick
Once you've installed everything you need:
exit
sudo umount $HOME/tmp/usbstick/sys
sudo umount $HOME/tmp/usbstick/dev
sudo umount $HOME/tmp/usbstick/proc
sudo umount $HOME/tmp/usbstick/

Now you should be able to boot from the USB stick on any computer that supports boot from USB -- and that would be most boxes made in the past five years or so.

Done.


Note that you can generate initramfs manually in debian using
sudo mkinitramfs -o /boot/initrd.img-VER -v VER

where VER e.g. 3.8.0 or 3.2.0-4-amd64 -- the name should be consistent with the vmlinuz, config and system.map suffixes.

Links to this post:
http://atomowki.net/dokuwiki/doku.php
http://andrewgudgel.com/cl-debian-usb.htm

15 March 2013

359. Installing Scientific Linux (CentOS, RHEL) via a chroot in a running debian installation

This is a fun post. I've got a small server and I'd like to put Scientific Linux on it. I figure that between using Arch on my laptop, and Debian on my beowulf cluster, my work desktop, my home desktop and on another two laptops what I really need is to become a bit more proficient in the use of RHEL clones.

I've settled on Scientific Linux since I encounter that more often than CentOS.

My mini server lacks any form of video interface though, so the easiest solution is to take out the harddrive and install Scientific Linux via a USB tether and a chroot, similar to how things are done when making standard installs of Arch or Gentoo (it's all coming together...)

In a future post I'll write up how to install debian via a running debian system and a chroot (hint: debootstrap).

Anyway.

1. Install yum on your debian system
sudo apt-get install yum

2. Set up the Scientific Linux repos for yum on your debian system
Because it's easier, we'll disable gpg check.

If you're target is a 32 bit box, change x86_64 to i386 (my little server runs a 32 bit atom cpu and I screwed this up once)

Create /etc/yum/repo.d/sl.repo
[sl] name=Scientific Linux 6.3 - x86_64 baseurl=http://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/os/ http://ftp1.scientificlinux.org/linux/scientific/6.3/x86_64/os/ http://ftp2.scientificlinux.org/linux/scientific/6.3/x86_64/os/ ftp://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/os/ enabled=1 gpgcheck=0 [sl-security] name=Scientific Linux 6.3 - x86_64 - security updates baseurl=http://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/ http://ftp1.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/ http://ftp2.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/ ftp://ftp.scientificlinux.org/linux/scientific/6.3/x86_64/updates/security/ enabled=1 gpgcheck=0
Test that everything is working by running

yum repolist
sl | 3.2 kB 00:00 sl-security | 1.9 kB 00:00 repo id repo name status sl Scientific Linux 6.3 - x86_64 enabled: 6,399 sl-security Scientific Linux 6.3 - x86_64 - security updates enabled: 1,584 repolist: 7,983
It might take 60 s before you get any feedback, so don't interrupt the command.

3. Mount your external harddrive
mkdir $HOME/tmp/jail -p
sudo mount /dev/sdb1 $HOME/tmp/jail

assuming of course that /dev/sdb1 is your intended root partition (see the arch and gentoo install guides for examples of how to use fdisk)

4. Install a basic system on your mounted harddrive
sudo yum --installroot=$HOME/tmp/jail install bash sl-release coreutils yum iputils vim

5. Chroot your mounted harddrive
sudo cp /etc/resolv.conf $HOME/tmp/jail/etc/resolv.conf
sudo cp /etc/yum/repos.d/* /$HOME/tmp/jail/etc/yum.repos.d/
sudo mount -t proc none $HOME/jail/proc
sudo mount --bind /sys $HOME/tmp/jail/sys
sudo mount --bind /dev $HOME/tmp/jail/dev
sudo chroot $HOME/tmp/jail
bash-4.1# head -n 1 /etc/issue.net Scientific Linux release 6.3 (Carbon) bash-4.1# ping -c 1 google.com PING google.com (74.125.237.98) 56(84) bytes of data. 64 bytes from syd01s12-in-f2.1e100.net (74.125.237.98): icmp_seq=1 ttl=51 time=16.0 ms
We are now working in Scientific Linux. Sure, we're still using the debian kernel, but everything else is from the SL repos:

First set up /etc/fstab. I normally do
blkid > /etc/fstab

and then edit it. In this case I ended up with:
UUID=45495a62-a141-4033-a739-8063f0e80a56 / ext4 errors=remount-ro,user_xattr 0 1 UUID=6dc86d8d-0ad6-4574-8dea-9d28b0151362 none swap sw 0 0
Install everything we need to boot our new system and make it run:
yum install kernel openssh-clients openssh-server passwd dhclient


Important:
passwd

If you don't set a password you can't log in.


A. Grub legacy -- I couldn't make this work; see B
yum install grub 

Make the system bootable (the first command is so that df works)
grep -v rootfs /proc/mounts > /etc/mtab
grub-install --no-floppy /dev/sdb
grub-install --no-floppy /dev/sdb Installation finished. No error reported. This is the contents of the device map /boot/grub/device.map. Check if this is correct or not. If any of the lines is incorrect, fix it and re-run the script `grub-install'. (fd0) /dev/fd0 (hd0) /dev/sda (hd1) /dev/sdb
The last command took a LONG time without any visual feedback until the very end.

Create a /boot/grub/grub.conf file:
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz title Scientific Linux (2.6.32-358.2.1.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-358.2.1.el6.x86_64 ro root=UUID=45495a62-a141-4033-a739-8063f0e80a56 initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img

B. Grub2 -- this worked perfectly for me
Grub and I don't play well together. I'm more at home with grub2 which..well..allows for a bit of stupidity. After spending a fair amount of time trying to figure out grub (legacy) I gave up and did the following:

yum install wget diffutils bison gcc gcc-c++ kernel-devel flex freetype-devel make fuse-libs fuse-devel 
cd /tmp
wget ftp://ftp.gnu.org/gnu/grub/grub-2.00.tar.gz
tar xvf grub-2.00.tar.gz
cd grub-2.00/
./configure
make
make install
grub-mkconfig -o /boot/grub/grub.cfg
yum erase grub
grub-install /dev/sdb


Set up the following files:

/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=science!
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
If you want static inet instead, do
DEVICE=eth0
HWADDR=D4:AE:52:71:79:14
IPADDR=10.1.1.1
NETMASK=255.255.0.0
BOOTPROTO=none
ONBOOT=yes
MTU=1500
TYPE=Ethernet
You're now ready to exit the chroot, unmount everything and reboot. Things to do after the first reboot include setting up a user (useradd -m verahill) and install sudo.
Anyway, there are plenty of guides online for that...

I tried this on physical hardware, and it works  Since the box is headless I only had ssh access, setting up proper rules in /etc/udev/rules.d/ was important so that I could configure the network via /etc/sysconfig/network-scripts files before putting the drive back in the server.

/etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:b6:2a:a9:30", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:b6:2a:a9:31", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

This is a headless box (no graphics card, no vga output -- only a serial port), but I wanted to be able to use for a student to use gnuplot etc. in a pinch.

sudo yum install xorg-x11-server-Xvfb xorg-x11-server-Xorg

To set up keyword-less key-based ssh log in, edit /etc/ssh/sshd_config and uncomment
AuthorizedKeysFile .ssh/authorized_keys
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys

Done.

02 February 2013

330. Installing Arch linux: installing from existing linux onto an external USB HDD

Update: You might want to look at this post instead: http://verahill.blogspot.com.au/2013/02/331-full-linux-install-on-usb-stick.html -- it covers setting up Arch with LXDE (very, very basic set-up -- more openbox than lxde) and wicd

I'll update this post once I've got a good solution to setting up network on headless boxes (i.e. a way of bringing up multiple interfaces without knowing their mac addresses)

Original post:

Note: what follows is what I've 'discovered' while learning. If you have suggestions, feel free to post comments. If you have questions, be aware that I'm only a beginning at Arch myself and will probably not have much advice to offer.

The problem: I have a headless server running 32 bit debian. I don't actually use it much, and so I figured I might as well use it to explore Gentoo or Arch. Given that it's a single core atom I didn't want to risk spending hours compiling things just to get things up and running (Feb/March are busy days at Australian Unis) and I figured that Arch, with it's version of ports, ABS, is a better choice for now.

I'm also curious about systemd, which arch uses by default. (that curiosity has currently turned to frustration)

Why Arch?
I do like my debian, but you need to challenge yourself every now and again. I can also see how a more 'sparse' distro might be a good candidate for my cluster nodes -- less overhead is a good thing. But before doing that I need a test case.

Also, even though I've been using debian I occasionally pay a visit to the Arch wiki and forum when I run into trouble with software that I've compiled myself -- Arch is a lot more bleeding edge than debian (which emphasizes stability), and the information there is often quite good.

Well then...
The easiest way (needing little preparation) by far to install arch would be to use ArchBang which is fast, pretty and functional. I don't need the graphical environment, and I want the learning experience. Otherwise I'd definitely give that a look as well: http://archbang.org/

We'll follow this guide: https://wiki.archlinux.org/index.php/Install_from_Existing_Linux

We'll use method "2: Chroot into LiveCD image".

I've ripped out the harddrive from the headless box and have attached it via USB to my main desktop, which runs Debian Testing.

I've rewritten this guide a couple of time -- not everything worked smoothly from the beginning -- so if it's unreadable and confusing, let me know. Also, due to the lack of versioning in blogspot I have had to try to recover/rewrite from memory, which annoys me.

A word of warning: at one point when working in a chroot I accidentally did grub-install /dev/sda instead of /dev/sdc. I then did update-grub in the main system and rebooted. I should've done grub-install /dev/sda again but from the host system. Anyway, you might screw things up, so a first precaution will be to burn a live CD of some linux distro that you can use to rescue your system with if you mess things up too badly. I'm a debian guy, but I found that the Ubuntu Rescue Remix (http://ubuntu-rescue-remix.org/) was a pretty good thing to have lying around.

Overview:
1. Nuke the existing file system (not necessary, but easier)
2. Get the iso and unsquash it
3. Mount the unsquashed image using chroot, and mount your hdd under it. Get packages
4. Chroot inside the chroot and install the bootloader
5. Set up network


Get started


Format/Prepare your harddrive:
In this case I'm using a 40 Gb hard drive. Since it's so small I'll just partition it to hold one / partition and one /swap partition. We'll make the swap partition 1 Gb which should be plenty, given that the box has 512 Mb RAM. Make sure that you leave enough space before you partition -- 1 Mb is overkill, but is something you can afford. In my original attempt I used palimpsest to format my drive and ended up having to shrink the partition using gparted. Better to use fdisk which may be slightly more challenging, but will give you full control.

Remove the harddrive from your target box, and attach it to your running linux desktop e.g. via USB (or by opening the case and hooking it up via sata/pata). If it automounted, do df -h so see what device it is (here /dev/sdc), otherwise just do ls /dev/sd* before and after it's attached.

df -h
Filesystem Size Used Avail Use% Mounted on /dev/sdc1 36G 15G 20G 43% /media/steelhead
Unmount it:
sudo umount /media/steelhead

We now know that our disk is /dev/sdc, so let's get cracking with fdisk
fdisk -u -l /dev/sdc
Disk /dev/sdc: 40 GB, 40007761920 bytes 255 heads, 63 sectors/track, 4864 cylinders, total 78140160 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System /dev/sdc1 * 63 78140159 39070048 83 Linux
We want our swap to be 1 Gb. (40007761920 bytes /4864 cylinders)/(1024*1024*1024)=.00766038894653320312 Gb per cylinder or ca 130.5 cylinders per Gb. Our first partition will start at cylinder 2 and run until cylinder (4864-131=)4733.

sudo fdisk /dev/sdc
Command (m for help): d
Partition number (1-1): 1
Command (m for help): n
Partition type e extended p primary partition (1-4)
p First cylinder (default 0cyl): 2 Last cylinder or +size or +sizeMB or +sizeKB (default 4863cyl): 4733 Command (m for help): n
Partition type e extended p primary partition (1-4)
p First cylinder (default 0cyl): 4735 Last cylinder or +size or +sizeMB or +sizeKB (default 4863cyl): Command (m for help): w sudo fdisk /dev/sdc Command (m for help): p
Disk /dev/sdc: 40 GB, 40007761920 bytes 255 heads, 63 sectors/track, 4864 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sdc1 2 4734 38025792 83 Linux Warning: Partition 1 does not end on cylinder boundary. /dev/sdc2 4735 4864 1036192 83 Linux
Command (m for help): a Partition number (1-2): 1 Command (m for help): t Partition number (1-2): 2 Hex code (type L to list codes): 82 Changed type of partition 2 to 82 (Linux swap) Command (m for help): w

The cylinder boundary warning is why we started the next partition on cylinder 4735, so as to avoid overlap. 'a' makes the first partition bootable. 't' creates the swap fs.

Create the file system for partition 1:
sudo mkfs.ext4 /dev/sdc1
sudo mkswap /dev/sdc2


Get the iso:
sudo apt-get install bittorrent
cd ~/Downloads
btdownloadcurses https://www.archlinux.org/iso/2013.01.04/archlinux-2013.01.04-dual.iso.torrent

If you're company/isp/whatever has a blanket ban on P2P (e.g. bittorrent) download the file using regular http, e.g.
cd ~/Downloads
wget http://mirror.aarnet.edu.au/pub/archlinux/iso/2013.01.04/archlinux-2013.01.04-dual.iso

However you downloaded it, do:
sudo apt-get install squashfs-tools
sudo mount -o loop archlinux-2013.01.04-dual.iso /mnt
unsquashfs -d /tmp/squashfs-root /mnt/arch/i686/root-image.fs.sfs

This is for a 32 bit install. Most likely you'll want the 64 bit, so change i686 to x86_64 for that. Also note that the unsquashed image is 1.4 Gb so make sure you put it somewhere with sufficient space.

Continue:

sudo umount /mnt
sudo mount -o loop /tmp/squashfs-root/root-image.fs /mnt
sudo mount -t proc none /mnt/proc
sudo mount -t sysfs none /mnt/sys
sudo mount -o bind /dev /mnt/dev
sudo mount -o bind /dev/pts /mnt/dev/pts
sudo cp /etc/resolv.conf /mnt/etc/resolv.conf
sudo chroot /mnt
[root@beryllium /]#

You're now in the chroot.

In the chroot:
mount /dev/sdc1 /mnt
mkdir /run/shm

Since I am installing 32 bit Arch from a 64 bit host, I had to edit /etc/pacman.conf using nano and change
23 Architecture = auto
to
23 Architecture = i686

If you are installing 64 bit Arch from a 64 bit host you don't need to edit anything. Also, the only editor installed by default is nano, not vi, for some reason.

Finally, edit /etc/pacman.d/mirrors and copy/paste (ctrl+k, ctrl+u) the nearest/most logical mirror to the beginning of the file.

pacman-key --init
pacman-key --populate archlinux
pacstrap /mnt base base-devel vim grub-bios openssh
==> Creating install root at /mnt ==> Installing packages to /mnt warning: database file for 'core' does not exist warning: database file for 'extra' does not exist warning: database file for 'community' does not exist :: Synchronizing package databases... core 105.1 KiB 15.8K/s 00:07 [##################] 100% [..] Total Download Size: 163.59 MiB Total Installed Size: 603.01 MiB [..]
I got a couple of errors above re file systems (during grub init) that arch had no business looking at. I don't think it matters since the next chroot is what's important.
pacman -Syy
genfstab -p /mnt >> /mnt/etc/fstab
cat /mnt/etc/fstab
# # /etc/fstab: static file system information # #

# UUID=ae73518f-5675-486e-8cdd-6579c528ab72 LABEL=steelhead /dev/sdc1 / ext4 rw,relatime,data=ordered 0 1 # UUID=f25a484c-e8e2-4ead-808b-96dd5e915020 /dev/sda5 none swap defaults 0 0
Two problems here:
* Since this will be the only hdd on the new system the root partition is probably /dev/sda1. Change the sdc1 to sda1 above OR use UUID
* Likewise, the swap will be the current sdc2 but the future sda2. Alternatively, get the UUID via blkid.

Here's my new two-line version of fstab with uuid:
UUID=ae73518f-5675-486e-8cdd-6579c528ab72 / ext4 rw,relatime,data=ordered 0 1 UUID=a12b484c-f2d2-4edd-8d8b-76ee6f725020 none swap defaults 0 0
Continue:

arch-chroot /mnt

which gives
sh-4.2#

You're now in a chroot inside a chroot.

A chroot within a chroot:


pacman -Syy
pacman-key --init
pacman-key --populate archlinux
ln -s /usr/share/zoneinfo/Australia/Melbourne /etc/localtime
echo "kookaburra" > /etc/hostname

Kookaburra is the hostname of the new Arch box.

Edit /etc/pacman.conf and change Architecture from auto to i686 if you need to.

Edit /etc/locale.gen and uncomment the locales you want. For me
en_AU.UTF-8 UTF-8 en_GB.UTF-8 UTF-8 en_US.UTF-8 UTF-8

Continue working on boot:
locale-gen
echo 'LANG="en_AU.UTF-8"'>/etc/locale
echo 'KEYMAP=us'> /etc/vconsole.conf
mkinitcpio -p linux
==> Building image from preset: 'default' -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img ==> Starting build: 3.7.4-1-ARCH -> Running build hook: [base] [..] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img ==> Image generation successful
grub-mkconfig -o /boot/grub/grub.cfg
Generating grub.cfg ... Found linux image: /boot/vmlinuz-linux Found initrd image: /boot/initramfs-linux.img done

Check /boot/grub/grub.cfg to see that it exists and that it doesn't look like it's about to blow up. Double-check the uuid vs fstab. Check the 'root'. Mine was wrong. I changed it in /boot/grub/grub.cfg by hand, which isn't recommended but we'll deal with that later. In /boot/grub/grub.cfg change hdX to whatever the correct setting is (counting starts at 0) e.g.
  
        set root='hd0,msdos1'

since /dev/sdc in the future will be the only hdd. Changing this file by hand is untenable in the long run, but our goal is to boot and then regenerate the grub.cfg at a later stage.

grub-install /dev/sdc
Installation finished. No error reported.
Then continue -- in this case we're working with a headless box so we want openssh-server and all that:

passwd
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
pacman -S net-tools ifplugd dialog sudo wireless_tools wpa_supplicant wpa_actiond systemctl enable sshd.service systemctl enable net-auto-wired.service systemctl enable net-auto-wireless.service cp /etc/network.d/examples/ethernet-dhcp /etc/network.d/ethli

Edit the /etc/network.d/ethli file as shown in the next section.(the ethli name holds no significance)

adduser verahill -m

Edit /etc/sudoers and add:
verahill ALL=(ALL) ALL
pacman -S pkgtools mlocate htop screen elinks

Time to exit:

sh-4.2# exit
exit
[root@beryllium /]# umount /mnt
[root@beryllium /]# exit

You're now back in your normal host filesystem, and unmount the rest:
sudo umount /mnt/proc
sudo umount /mnt/sys
sudo umount /mnt/dev/pts
sudo umount /mnt/dev
sudo umount /mnt

At this point you have a bootable system. I attached the hdd to my laptop using USB, and chose to boot from it. Went fine. However, it turns out that networking in arch and/or using systemd is very different from debian and initd.

Networking:
Networking should be one of the easiest things in the world to set up, since if you have network access everything else will eventually sort itself out. No network means no remote access via ssh if the screen/keyboard/mouse get screwed up. No network means that you can't install anything. No network means that you can't go online and look up solutions.

initd was easy -- you checked your udev rules, then edited /etc/network/interfaces and added an auto eth0 line followed by e.g. iface eth0 inet dhcp or a more extensive static definition. It was easy.
So I'm a bit frustrated that systemd seems to make the whole process of managing network interfaces so much more difficult. At least for a newcomer.

With systemd your interfaces may not have simple names like eth0 right off the bat, but may have names like enpS08 instead -- it does make things a bit more difficult and unpredictable -- remember that my goal is to get a headless box up and running and that I have no way of getting any error messages -- openssh will simply have to work from the start. I mean, there's a certain logic to systemd, but there are plenty of frustrating issues with it too if you're used to chucking start-up commands in rc.local and setting up your own network devices.

Some of this stuff you could do by hand on a running system, but that's not very helpful when you are working with a headless box where your only option is to connect via ssh (technically I could do rs-232 but I can't find a cable).

Anyway.

Create /etc/udev/10-persisten-net.rules
SUBSYSTEM=="net", ATTR{address}=="00:2e:9e:2e:bb:20", KERNEL=="eth*", NAME="ethli"
SUBSYSTEM=="net", ATTR{address}=="00:e2:bb:be:d4:c8", KERNEL=="wlan*", NAME="wlan0"
and put the mac addresses of you interfaces in it.

Edit /etc/conf.d/netcfg to use the correct WIRED_INTERFACE,
NETWORKS=(ethli ethkb5 ethkb3 wpa-wireless)
WIRED_INTERFACE="ethli"
WIRELESS_INTERFACE="wlan0"
ethkb5, ethb3 and wpa-wireless are other files that I've set up in /etc/network.d/, although at this point they are pretty darned useless -- I can define plenty of profiles, but I can only define a single WIRED_INTERFACE from what I can tell. So only one interface will be started by netcfg.

Copy /etc/network.d/example/ethernet-dhcp to /etc/network.d/ethli, and edit the interface name.
CONNECTION='ethernet'
DESCRIPTION='A basic dhcp ethernet connection using iproute'
INTERFACE='ethli'
IP='dhcp'
Do the same for any other profiles.
For wireless, all you need to do is copy  /etc/network.d/examples/wpa-wireless to /etc/network.d/ and add the password in clear text (i.e. no need to use wpa_password). Change the permissions so that it's 'safe'.

Here's my wpa-wireless
CONNECTION='wireless'
DESCRIPTION='A simple WPA encrypted wireless connection'
INTERFACE='wlan0'
SECURITY='wpa'
ESSID='verahillunwired'
KEY='sadfUsfdjdsfH87j'
IP='dhcp'

The wired network should now start on boot. To launch it manually, just do
sudo netcfg ethli

This is where I'm currently at:
* arch works fine when I boot it by attaching the hdd via usb to a laptop or desktop and booting off of it. I have working internet and the sky's the limit to what can be done

* I can't get it to boot my headless box (or at least not to get a working network connection), and because it's completely headless (it's a server with only eth ports and an RS 232 port) I have no idea why. The logging in systemd leaves a lot to be desired it seems. I'm waiting for an rs-232 cable to arrive via ebay, so we'll see.
The two possibilities that I'm entertaining right now is that either there's an issue with the network devices or...well, I don't know. I'm also getting tired of netcfg and will probably switch to wicd -- it's not quite what I want, but at least I know that it works.
But more about that some other time...

Error 1:
# pacstrap /mnt
==> Creating install root at /mnt
mount: mount point /mnt/dev/shm is a symbolic link to nowhere
==> ERROR: failed to setup API filesystems in new root

Solution:
mkdir /run/shm

On debian /dev/shm points to /run/shm via a symlink, so your chroot has a dead link.

Error 2:
error: key "E62F853100F0D0F0" could not be looked up remotely
error: psmisc: key "FCF2CB179205AC90" is unknown
error: key "FCF2CB179205AC90" could not be looked up remotely
error: reiserfsprogs: key "7F2D434B9741E8AC" is unknown
error: key "7F2D434B9741E8AC" could not be looked up remotely

Solution:
pacman-key --init
pacman-key --populate archlinux

You need to get all the gpg keys so you can check the package signatures.

Error 3:
warning: database file for 'core' does not exist
warning: database file for 'extra' does not exist
warning: database file for 'community' does not exist

Solution:
pacman -Syy

Not sure, but probably due to me interrupting pacman rather rudely with ^C at some point.

Error 4:
# arch-chroot /mnt pacman -S grub-bios
error: failed to prepare transaction (package architecture is not valid) :: package grub-bios-2.00-1-i686 does not have a valid architecture
Solution:
pacstrap /mnt grub-bios

And then skip the arch-root command

Error:
grub-install /dev/sdc
/usr/sbin/grub-bios-setup: warning: your embedding area is unusually small.  core.img won't fit in it..
/usr/sbin/grub-bios-setup: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
/usr/sbin/grub-bios-setup: error: will not proceed with blocklists.

Solution: You partitioned your system without leaving enough space before the first partition. In my case I had 32 sectors*512 bytes.
sudo apt-get install gparted
gparted
Start gparted and shrink the partition. I put 2 Mb (probably overkill) of free space in front, and aligned to cylinder.

11 January 2013

316. Briefly: Automated chroot/sandbox creation

EDIT:
There are plenty of reasons to use chroots, but security is not one of them.

For a practical how-to see e.g
http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

For a bit of yelling, see
http://yarchive.net/comp/linux/chroot.html

chroot will improve your security by creating an obstacle which may filter out some would-be crackers, but it will not make it secure by any standard. (in spite of what I may have written elsewhere on this blog).

Original post:
I've been using chroot to compile and test stuff so much lately that I figure it was time to automate the process.

Before creating your chroot you'll need a few packages:
sudo apt-get install debootstrap coreutils x11-xserver-utils


The scripts
makechroot.sh
mkdir $HOME/tmp/jail/$1 -p sudo debootstrap --arch amd64 testing $HOME/tmp/jail/$1 http://ftp.au.debian.org/debian/ sudo cp setupchroot.sh $HOME/tmp/jail/$1/

setupchroot.sh
rm /etc/apt/sources.list echo 'deb http://ftp.au.debian.org/debian/ wheezy main contrib non-free' >> /etc/apt/sources.list apt-get update apt-get install locales sudo vim echo 'export LC_ALL="C"'>>/etc/bash.bashrc echo 'export LANG="C"'>>/etc/bash.bashrc echo 'export DISPLAY=:0.0' >> /etc/bash.bashrc echo '127.0.0.1 beryllium >> /etc/hosts' source /etc/bash.bashrc adduser sandbox usermod -g sudo sandbox echo 'Defaults !tty_tickets' >> /etc/sudoers

launchchroot.sh
xhost + sudo mount -o bind /proc $1/proc sudo cp /etc/resolv.conf $1/etc/resolv.conf sudo chroot $HOME/tmp/jail/$1

How to use
To set up the chroot:
sh makechroot.sh mynewchroot
sudo chroot mynewchroot
root@beryllium:/# sh setupchroot.sh

To use the chroot:
sh launchchroot.sh mynewchroot

Once you're done with the chroot and logged out, do
sudo umount $HOME/tmp/jail/mynewchroot/proc

to unmount the /proc -- you can now delete, copy etc. the directory structure of you chroot.

16 December 2012

293. Running GIMP 2.8 in a chroot on debian stable/squeeze (ugly)

Update: because I had copied and pasted some of the instructions from one of my earlier attempts at building gimp under stable, there were some minor discrepancies. Those are fixed now.

Original post:
Here's the least elegant and functional way of running GIMP 2.8 on stable/squeeze other than running it in a virtual machine.
 I've previously tried
 * creating a statically linked binary of gimp 2.8 under testing, then using it under stable (didn't work --
 * compiling gimp + all dependencies from scratch -- ballooned out of control
 * compiling the bare minimum needed for gimp from scratch, but had issues with libglib2.0-dev -- the dev files are obviously taken care of when you compile glib, but the -dev package is required by a lot of libraries needed for graphics support, and I wanted to replace the libglib2.0-0 package.

Long story short, I gave up. If you don't mind the overhead in terms of space, you can run it in a chrooted environment. It's not pretty, but it works.


We first set up a chrooted environment

sudo apt-get install debootstrap coreutils
mkdir -p $HOME/tmp/architectures/testing
cd $HOME/tmp/architectures
sudo debootstrap --arch amd64 testing $HOME/tmp/architectures/testing/ http://ftp.au.debian.org/debian/
sudo chroot testing/

Cosmetic
Sort out locales to avoid annoying error messages
apt-get install locales
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
source /etc/bash.bashrc

Also, add your hostname (=beryllium) to /etc/hosts by putting your hostname at the end of the 127.0.0.1 line:
127.0.0.1 localhost beryllium

to avoid constant warnings about unresolved hostname like the one below
sudo: unable to resolve host beryllium

Continue
I don't like working as root even in a chrooted environment, so create a new user, 'build' and give it superuser powers:
adduser gimp

And edit /etc/sudoers to add
gimp ALL=ALL:ALL
Defaults !tty_tickets

The reason we add the !tty_tickets is that otherwise you will have to type the password each time you use sudo i.e. it will time out instantaneously.

Run the echo command below and exit your chroot:
echo "export DISPLAY=:0.0">>/etc/bash.bashrc
exit
And put this in a file, e.g. gimp.sh
xhost + sudo mount -o bind /proc $HOME/tmp/architectures/testing/proc sudo cp /etc/resolv.conf $HOME/tmp/architectures/testing/etc/resolv.conf sudo chroot $HOME/tmp/architectures/testing
Run
sh gimp.sh

Now inside the chrooted shell that you just started, do
su gimp
cd ~

Time to install gimp
sudo apt-get install gimp

And you're done!

You can now run GIMP 2.8 in the chrooted environment. It is NOT elegant though.
Gimp running in a chrooted Wheezy on a Squeeze virtual machine (LXDE) on a Wheezy physical machine (gnome 3).
Moving files in and out of the jail:
There are a few options -- you can obviously always move files from your host system to the chroot jail. A major point of a chroot jail is that you can't access the host system though, but we've set up our gimp.sh so that we can connect via ssh or sftp as well

In your chroot, as the user gimp, do e.g.
sudo apt-get install openssh-client
sftp me@host:shared/

I warned you that it wasn't elegant...

20 October 2012

262. chroot/jail your iceweasel (firefox)

Update: in my youth I thought that chroot=security. I now know better.
http://yarchive.net/comp/linux/chroot.html
http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

In other words, don't rely on chroot for security -- it's not meant to be a security tool. I personally use it to browse at work without leaving a too obvious a trail (nothing shady -- part of my job is to apply for permanent jobs, but it is not necessarily in the interest of my current employer to see me succeed. Academia is a weird place.)

Original post:
There are many reasons why you'd want to secure your browser -- ranging from paranoia to justifiable cautiousness (you're probably visiting the wrong kind of sites...).

A chroot environment doesn't make you anonymous -- it just helps sandbox your applications. To protect your anonymity you'll want to prevent your browser from setting cookies, and use a proxy via an ssh tunnel to encrypt your traffic and hide your true IP address. There's no silver bullet for these things.

I've chroot:d things in the past when compiling 32 bit applications on 64 bit machines, but for this guide I'm leaning heavily on this post: https://help.ubuntu.com/community/BasicChroot

sudo apt-get install coreutils debootstrap

Time to get rocking. Be aware that you should have a bit of free space on your target drive.


sudo debootstrap --arch amd64 wheezy /media/chroot/ http://ftp.au.debian.org/debian/

which gets stuff underway:


I: Retrieving InRelease
I: Checking Release signature
I: Valid Release signature (key id 9FED2BCBDCD29CDF762678CBAED4B06F473041FA)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://ftp.au.debian.org/debian...
I: Retrieving libacl1
I: Validating libacl1
I: Retrieving apt
[..]
I: Configuring dpkg-dev...
I: Configuring build-essential...
I: Base system installed successfully.

So far, so good.

Create a shell script, e.g. chroot.sh, with the following in it:
xhost +
sudo mount -o bind /proc /media/chroot/proc
sudo cp /etc/resolv.conf /media/chroot/etc/resolv.conf
sudo chroot /media/chroot

Run it everytime you want to enter you chroot environment:
sh chroot.sh

In the chroot shell, do
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo 'DISPLAY=:0.0' >> /etc/bash.bashrc
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
apt-get install iceweasel
su sandbox
cd ~

Launch iceweasel/firefox:

sandbox@beryllium:/$ firefox


And you're pretty much done.
Next time you want to launch a sandboxed version of firefox just do:

me@beryllium:~$ sh chroot.sh 
access control disabled, clients can connect from any host
root@beryllium:/# su sandbox
sandbox@beryllium:/$ firefox