Outils d'utilisateurs

Outils du Site


tips

Misc Tips

Xorg

Specify proper keymap

Using setxkbmap

$ setxkbmap -layout us -variant intl -options "lv3:ralt_switch_multikey"

Using Hal FDIs

In /etc/hal/fdi/policy, for exemple 10-x11-input.fdi (templates are usually found in /usr/share/hal/fdi/policy/):

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
  <device>
    <!-- FIXME: Support tablets too. -->
    <match key="info.capabilities" contains="input.mouse">
      <merge key="input.x11_driver" type="string">mouse</merge>
      <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name"
             string="Linux">
        <merge key="input.x11_driver" type="string">evdev</merge>
      </match>
    </match>

    <match key="info.capabilities" contains="input.keys">
      <!-- If we're using Linux, we use evdev by default (falling back to
           keyboard otherwise). -->
      <merge key="input.x11_driver" type="string">keyboard</merge>
      <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name"
             string="Linux">
        <merge key="input.x11_driver" type="string">evdev</merge>
      </match>
      <match key="info.product" string="Dell Dell USB Keyboard">
        <merge key="input.x11_options.XkbModel" type="string">dellusbmm</merge>
      </match>
      <merge key="input.x11_options.XkbOptions" type="string">lv3:ralt_switch_multikey</merge>
      <merge key="input.x11_options.XkbVariant" type="string">intl</merge>
    </match>
  </device>
</deviceinfo>

Pass options to synpatics touchpad using Hal

Dans /etc/hal/fdi/policy/11-x11-input-synaptics.fdi:

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
  <device>
    <match key="info.capabilities" contains="input.touchpad">
      <match key="info.product" contains="Synaptics TouchPad">
	<merge key="input.x11_driver" type="string">synaptics</merge>
	<!-- Arbitrary options can be passed to the driver using 
	the input.x11_options property since xorg-server-1.5. -->
	<!-- EXAMPLE:
	<merge key="input.x11_options.LeftEdge" type="string">120</merge>
	-->
      </match>
      <match key="info.product" contains="AlpsPS/2 ALPS">
	<merge key="input.x11_driver" type="string">synaptics</merge>
      </match>
      <match key="info.product" contains="appletouch">
	<merge key="input.x11_driver" type="string">synaptics</merge>
      </match>
      <match key="info.product" contains="bcm5974">
	<merge key="input.x11_driver" type="string">synaptics</merge>
      </match>
    </match>
    <match key="input.x11_driver" string="synaptics">
      <merge key="input.x11_options.SHMConfig" type="string">true</merge>
      <merge key="input.x11_options.VertEdgeScroll" type="string">true</merge>
      <merge key="input.x11_options.HorizEdgeScroll" type="string">true</merge>
      <merge key="input.x11_options.CornerCoasting" type="string">true</merge>
      <merge key="input.x11_options.TapButton1" type="string">1</merge>
      <merge key="input.x11_options.TapButton2" type="string">2</merge>

      <merge key="input.x11_options.RightEdge" type="string">900</merge>
      <merge key="input.x11_options.BottomEdge" type="string">700</merge>
      <merge key="input.x11_options.EmulateTwoFingerMinZ" type="string">90</merge>
      <merge key="input.x11_options.VertTwoFingerScroll" type="string">true</merge>
      <merge key="input.x11_options.HorizTwoFingerScroll" type="string">true</merge>
    </match>
  </device>
</deviceinfo>

Modelines for Dell 2007WFP

I just found the screen on the side of the road. Surprisingly, it works. There just appears to be an EDID-reading problem, but who cares when one can manually set the modlines?

/etc/X11/xorg.conf.d/5-dell_2007wfp.conf
Section "Monitor"
	Identifier	"DVI1"
	Option		"DPMS"
#			      DCF   HR   SH1  SH2  HFL  VR   SV1  SV2  VFL
	ModeLine	"1680x1050" 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync
EndSection

This can also be done manually at run-time, using XRandR.

$ xrandr --newmode  "1680x1050" 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync
$ xrandr --addmode VGA1 1680x1050
$ xrandr --output VGA1 --mode 1680x1050

BenQ G900W

Lucky day, I also found another almost perfectly working screen the very same day. It's a BenQ G900W, with the same problem; somebody must have fried their video card. It's nominal resolution is 1440×900, let's try the same trick.

/etc/X11/xorg.conf.d/5-benq_g900w.conf
Section "Monitor"
	Identifier	"VGA1"
	Option		"DPMS"
#			      DCF   HR   SH1  SH2  HFL  VR   SV1  SV2  VFL
	ModeLine	"1440x900" 106.50 1440 1520 1672 1904 900 903 909 934 -HSync +Vsync
EndSection

Apache

Quick access control with Apache

In the .htaccess file:

AuthUserFile /PATH/TO/.htpasswd
AuthName "Nice name"
AuthType Basic
<Limit GET>
    require valid-user
</Limit>

Create and maintain the .htpasswd file:

$ htpasswd -c /PATH/TO/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
$ htpasswd /PATH/TO/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2

OpenSSL

Certificate manipulation with OpenSSL

The key

$ export SERVER=`hostname -f`
$ openssl genrsa -out /etc/ssl/private/$SERVER.key 2048

The certificate request

Several AltNames for a single certificate

From (there).

In /etc/ssl/openssl-$SERVER.cnf (or the system's, but it's not as tidy):

[req]
...
req_extensions = v3_req

...

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName          = @alt_names

[alt_names]
DNS.1 = IPADDRESS
DNS.2 = SECONDNAME
DNS.3 = THIRDNAME
...

The certificate request is then generated as usual, but the custom configuration file is specified.

$ openssl req -config /etc/ssl/openssl-$SERVER.cnf -new -key /etc/ssl/private/$SERVER.key -out /etc/ssl/$SERVER.csr

The certificate

$ openssl x509 -config /etc/ssl/openssl-$SERVER.cnf -req -days 1000 -in /etc/ssl/$SERVER.csr -signkey /etc/ssl/private/$SERVER.key -out /etc/ssl/$SERVER.crt

Convert a binary certificate to PEM

$ openssl x509 -inform der -in /etc/ssl/$SERVER.crt -out /etc/ssl/$SERVER.pem

Reference: How to generate self-signed SSL certificates

Change a key's passphrase

$ openssl rsa -in /etc/ssl/private/$SERVER.key -out /etc/ssl/private/$SERVER-newpass.key -passout "pass:PASS"

Read the content of a certificate request/certificate/key

$ openssl req|x509|rsa -in /etc/ssl/$SERVER.crt -text

Manually connect to an SSL secured port

$ openssl s_client -connect www.narf.ssji.net:443
CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=distant-sun.narf.ssji.net
   i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/CN=distant-sun.narf.ssji.net
issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
---
No client certificate CA names sent
---
SSL handshake has read 2983 bytes and written 409 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C68B84A9F17B7F2FB2B5E043272B41BC37C34AA826D6B6458C321DE103BD95FC
    Session-ID-ctx:
    Master-Key: E9BFE1B8E6E7B26895541B5E87CC76D7E9E5FD620DE9BB5BDA2B2CFC446F17323CE79717466F8EEC828C1FC2C9E8C770
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - 37 a3 3f ae ad 81 6d 0d-97 36 10 44 6f 58 ec 49   7.?...m..6.DoX.I
    0010 - d0 74 e0 c6 d5 e6 76 a5-44 a7 1b b6 55 51 f5 65   .t....v.D...UQ.e
    0020 - 75 b0 f1 57 29 01 80 24-a1 bd 67 bf b6 9c b8 50   u..W)..$..g....P
    0030 - 67 f4 87 31 25 d2 0e ac-53 ab 1f 39 97 65 3d 38   g..1%...S..9.e=8
    0040 - a8 87 85 5b f3 7e ec a9-9d bc 01 1b fd e7 dc 0b   ...[.~..........
    0050 - 4b ac 1e ea f9 8c 2f 6c-83 33 c3 45 ce 95 b2 7e   K...../l.3.E...~
    0060 - 9c 51 04 f0 14 9e 0d 03-fb f5 a8 ed 6d b1 90 f3   .Q..........m...
    0070 - 08 3f 47 3b a9 91 f9 d8-99 dc 73 1b a9 86 f6 b0   .?G;......s.....
    0080 - 13 38 30 ae f1 e3 b8 34-7c c2 64 3c 4c ea 8a 10   .80....4|.d<L...
    0090 - 6b e1 59 52 d8 89 f3 9f-6b 17 c7 6c 55 ed 86 0f   k.YR....k..lU...
    00a0 - 70 c6 50 94 21 44 f2 ac-28 f4 ee 59 c3 60 3f f3   p.P.!D..(..Y.`?.
    00b0 - fb f9 bd 54 89 62 44 c5-96 e9 d5 0e 4f be 17 4a   ...T.bD.....O..J

    Start Time: 1291767269
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
HEAD / HTTP/1.1
Host: www.narf.ssji.net

HTTP/1.1 200 OK
Date: Wed, 08 Dec 2010 00:15:08 GMT
Server: Apache
Content-Location: index.xhtml
Vary: negotiate
TCN: choice
Content-Type: application/xhtml+xml

It also works for TLS connections.

$ openssl s_client -connect SMTP:587 -starttls smtp
[... certificate details ...]
---
250 XRDST

Get Remote Certificate

$ openssl s_client -connect HOST:PORT | sed '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/!d' > HOST.crt
verify error:num=19:self signed certificate in certificate chain
verify return:0
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE----
^D
DONE

The same can be done to get the fingerprint, with some more filtering:

$ openssl s_client -connect HOST:PORT | sed '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/!d' | openssl x509 -fingerprint
^D
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
SHA1 Fingerprint=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Java

GTK Look and Feel by default

In $JAVA_HOME/lib/swing.properties:

# Swing properties
swing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel

Recreating the Java KeyStore

If Java complains with a

Unexpected error:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

odds are that the $JAVA_HOME/jre/lib/security/cacerts file is empty (i.e. it's only 32 Bytes in size).

To recreate it from, say, Mozilla's list of trusted certificates, the following (tested on ArchLinux) can be done:

for FILE in /usr/share/ca-certificates/mozilla/*.crt; do
  keytool -deststorepass changeit -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -file $FILE -alias `basename ${FILE/.crt/}` -noprompt
done

Le minimum avec Mutt

Le .procmailrc:

:0
$HOME/mbox

Le .mutt(ng)rc:

set mbox="~/mbox"
set spoolfile="~/mbox"

Et bien mieux.

OfflineImap

Fix UID validity problem

Sometimes, most often when the IMAP server has been reconfigured or changed, OfflineImap complains of UID validity problem. The fix is known but a bit manual. The following automates deletion of all affected folders and metadata.

$ export ACCOUNT=OfflineImapAccountName
$ export MD=/path/to/maildir/root
$ for folder in `offlineimap -a $ACCOUNT -u machineui | sed -n "s/ \[acc.*//;s/.*validityproblem:Folder //p"`; do rm -r $MD/$folder ~/.offlineimap/Account-$ACCOUNT/LocalStatus/$folder ~/.offlineimap/Repository-$ACCOUNT/FolderValidity/$folder; done

An alternate line, for some reason, seems to be needed in same cases.

$ for folder in `offlineimap -a $ACCOUNT -u machineui | sed -n "s/ \[acc.*//;s/%0A.*//;s/.*validityproblem:Folder .*://p"`; do rm -r $MD/$folder ~/.offlineimap/Account-$ACCOUNT/LocalStatus/$folder ~/.offlineimap/Repository-$ACCOUNT/FolderValidity/$folder; done

Rename IMAP folders

How to rename/move IMAP folder from ${OLDNAME} to ${NEWNAME} (those being full tree paths within the IMAP hierarchy, with dots), for an account named ${IMAP}? This assumes the shell is Bash and an OfflineImap configuration such as this (namely: IMAP separators locally mapped to slashes, and consistent repository naming).

  1. Unsubscribe from the old path and move the folder in IMAP.
  2. Subscribe to that new folder.
  3. Move ${OLDNAME} files in all three files Account-${IMAP}/LocalStatus, Repository-${IMAP} and Repository-${IMAP}Local to ${NEWNAME} in OfflineImap's status directory:
    .offlineimap$ for FILE in `find . -name ${OLDNAME}`; do mv $FILE ${FILE/${OLDNAME}/${NEWNAME}}; done
  4. Move the local Maildir copy:
    Maildir$ mv ${OLDNAME/.//} ${NEWNAME/.//}
  5. Adjust the FMD5 in the filenames (see OfflineImap's FAQ, “Why are your Maildir message filenames so long?”):
    Maildir/${NEWNAME/.//}$ for FILE in `find ${NEWNAME/.//} -type f`; do
    >   mv ${FILE} ${FILE/`echo -n "${OLDNAME/.//}" | md5sum | cut -f 1 -d " "`/`echo -n "${NEWNAME/.//}" | md5sum | cut -f 1 -d " "`};
    > done
  6. Sync!

Des fontes GTK de taille normale

  • mettre Xft.dpi: 100 dans ~/.Xresources
  • mettre xrdb -load ~/.Xresources dans ~/.xsession (si nécessaire)
  • redémarrer X

Peut aussi marcher:

$ apt-get install xfonts-base-transcoded

NFS

nfs:/data/Sources on /data/Sources type nfs (rw,rsize=32768,wsize=16384,timeo=3,retrans=5,acregmin=1,acregmax=30,acdirmin=10,acdirmax=60,retry=1000,namlen=255,port=2049,mountprog=100005,nfsprog=100003,posix,bg,hard,intr,noac,udp,addr=192.168.1.64)
lambda-d5.mtek.chalmers.se:/lfs/d5.dd/mehani on /chalmers/users/mehani type nfs (rw,nosuid,hard,intr,grpid,proto=tcp,addr=129.16.61.41)

Monter une image Qemu

$ mount -oloop,offset=sector_size*partition_start -t vfat /opt/qemu/tempImage /mnt/tempImage

En général sector_size=512 et partition_start=63.

Pour être sûr:

$ fdisk -lu /opt/qemu/tempImage

Convertir de l'EPS en SVG

$ pstoedit -f plot-svg fichier.eps fichier.svg

Créer une vidéo à partir d'images

Les noms des images sont du type img00.jpg à 50 Hz :

$ ffmpeg -f image2 -i img%02d.jpg -r 50 -vcodec mpeg4 vid.avi

CUPS

Two-sided printing option for landscape documents:

$ lpr -o sides=two-sided-short-edge

A2PS

Two-sided printing

Two-sided printing with proper folding depending on the printing orientation (i.e. tumble when landscape printing), in /etc/a2ps/a2ps-site.cfg:

Printer: atp-b15-nl2-p1 | #{lp} #o #?l|-oDuplex=DuplexTumble||

or (simpler)

Options: -s2

And stapling:

Variable: lp.options | #{lp} #o #?l|"-oStaple=1Staple(Left)"|"-oStaple=1Staple(Right)"|

Forced two-sided printing

Prevent psnup (and other psutils) from cancelling two-sided printing, as per this post.

Still in /etc/a2ps/a2ps-site.cfg:

Variable: forceduplex \
        cat /etc/a2ps/duplex.ps - 
Variable: forcetumble \
        cat /etc/a2ps/tumble.ps - 
Variable: lp.hook \
        #?d! #?l|#{forcetumble}|#{forceduplex}| | !!

With PS headers duplex.ps and tumble.ps setting the right options.

PDF manipulation

Fill PDF form with an FDF file

This can be done using pdftk.

$ pdftk form.pdf fill_form data.fdf output data.pdf

Unfortunately, the project seems to be dead…

Crop a PDF file

$ gs -o cropped.pdf -sDEVICE=pdfwrite -c "[/CropBox [0 0 280.59 419.52] /PAGES pdfmark" -f input.pdf

The unit of 'CropBox' (and 'MediaBox') are expressed in an unclear (to me) unit. In this example, 280.59 was 99mm.

Using Ghostscript unfortunately scrapes the metadata.

Copy PDF metadata

Once again, PDFTK comes to the rescue.

$ pdftk input.pdf dump_data  | pdftk cropped.pdf update_info - output cropped2.pdf

PPTP-based VPN

PPPd and PPTPClient are needed for this to work

General setup

Using the PPTPClient-provided options, one can quickly create a new peer in, say, /etc/ppp/peers/pptppeer:

file /etc/ppp/options.pptp
name LOGIN
pty "/usr/sbin/pptp PPTPSERVER --nolaunchpppd"

#debug
#nodetach

Of course, the password needs to be added to the /etc/ppp/chap-secrets file:

# client        server  secret                  IP addresses
LOGIN           *       PASSWORD                *

Once a network connection has been established, the routes may have to be taken care of before and/or after the establishment of the :

$ sudo route add PPTPSERVER DEFAULTGW
$ sudo pppd call pptppeer
$ sudo route add default gw PPTPPEERGW

Where DEFAULTGW is the default route _before_ the PPTP link has been established, and PPTPPEERGW is the remote endpoint of the P-t-P connection.

Gentoo setup

First emerge the necessary package

$ sudo emerge pptpclient pppd

Then configure the new interface, with dependencies and needed route setup in /etc/conf.d/net:

config_ppp0=( "ppp" )
link_ppp0="pty 'pptp PPTPSERVER --nolaunchpppd'"
username_ppp0='LOGIN'
password_ppp0='PASSWORD'
pppd_ppp0=(
       "noauth"
       "defaultroute"
       "holdoff 3"
       "child-timeout 60"
       "lcp-echo-interval 15"
       "lcp-echo-failure 3"
       noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp persist
)
depend_ppp0() {
       depend net
}

preup() {
	case $1 in
		ppp0)
			route add PPTPSERVER gw DEFAULTGW
			return 0
		;;
		*)
		;;
	esac
}

postup() {
	case $1 in
		ppp0)
			route add default gw PPTPPEERGW dev $1
			return 0
		;;
		*)
		;;
	esac
}

predown() {
	case $1 in
		ppp0)
			route del default gw PPTPPEERGW
			return 0
		;;
		*)
		;;
	esac
}

postdown() {
	case $1 in
		ppp0)
			route del PPTPSERVER gw DEFAULTGW
			return 0
		;;
		*)
		;;
	esac
}

Finally, the startup link has to be created, and can be used directly:

$ sudo ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
$ sudo /etc/init.d/net.ppp0 start

ELF Files Manipulation

Get Library Dependencies without ldd

As seen here.

readelf -d ELFBIN | grep NEEDED

Cleaning Up ownCloud's conflicts

$ export MD5=md5 # BSDs
$ export MD5="md5sum --tag" # GNU
$ for file in *_conflict*; do ext=${file/*.} orig="${file/_conflict*/}.${ext}"; echo -n "$file -> $orig:"; (test -e "$orig" && (test x`$MD5 "$file"|sed 's/.*= //'` = x`$MD5 "$orig"|sed 's/.*= //'` && (echo " same"; rm "./$file")  || echo " DIFFERENT")) || (echo " missing"; mv "$file" "$orig"); done
tips.txt · Dernière modification: 2014/03/19 01:24 par oliviermehani