Outils d'utilisateurs

Outils du Site


Misc Tips


Specify proper keymap

Using setxkbmap

$ setxkbmap -layout us -variant intl -options "lv3:ralt_switch_multikey"

Using Hal FDIs

In /etc/hal/fdi/policy, for exemple 10-x11-input.fdi (templates are usually found in /usr/share/hal/fdi/policy/):

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
    <!-- FIXME: Support tablets too. -->
    <match key="info.capabilities" contains="input.mouse">
      <merge key="input.x11_driver" type="string">mouse</merge>
      <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name"
        <merge key="input.x11_driver" type="string">evdev</merge>

    <match key="info.capabilities" contains="input.keys">
      <!-- If we're using Linux, we use evdev by default (falling back to
           keyboard otherwise). -->
      <merge key="input.x11_driver" type="string">keyboard</merge>
      <match key="/org/freedesktop/Hal/devices/computer:system.kernel.name"
        <merge key="input.x11_driver" type="string">evdev</merge>
      <match key="info.product" string="Dell Dell USB Keyboard">
        <merge key="input.x11_options.XkbModel" type="string">dellusbmm</merge>
      <merge key="input.x11_options.XkbOptions" type="string">lv3:ralt_switch_multikey</merge>
      <merge key="input.x11_options.XkbVariant" type="string">intl</merge>

Pass options to synpatics touchpad using Hal

Dans /etc/hal/fdi/policy/11-x11-input-synaptics.fdi:

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
    <match key="info.capabilities" contains="input.touchpad">
      <match key="info.product" contains="Synaptics TouchPad">
	<merge key="input.x11_driver" type="string">synaptics</merge>
	<!-- Arbitrary options can be passed to the driver using 
	the input.x11_options property since xorg-server-1.5. -->
	<!-- EXAMPLE:
	<merge key="input.x11_options.LeftEdge" type="string">120</merge>
      <match key="info.product" contains="AlpsPS/2 ALPS">
	<merge key="input.x11_driver" type="string">synaptics</merge>
      <match key="info.product" contains="appletouch">
	<merge key="input.x11_driver" type="string">synaptics</merge>
      <match key="info.product" contains="bcm5974">
	<merge key="input.x11_driver" type="string">synaptics</merge>
    <match key="input.x11_driver" string="synaptics">
      <merge key="input.x11_options.SHMConfig" type="string">true</merge>
      <merge key="input.x11_options.VertEdgeScroll" type="string">true</merge>
      <merge key="input.x11_options.HorizEdgeScroll" type="string">true</merge>
      <merge key="input.x11_options.CornerCoasting" type="string">true</merge>
      <merge key="input.x11_options.TapButton1" type="string">1</merge>
      <merge key="input.x11_options.TapButton2" type="string">2</merge>

      <merge key="input.x11_options.RightEdge" type="string">900</merge>
      <merge key="input.x11_options.BottomEdge" type="string">700</merge>
      <merge key="input.x11_options.EmulateTwoFingerMinZ" type="string">90</merge>
      <merge key="input.x11_options.VertTwoFingerScroll" type="string">true</merge>
      <merge key="input.x11_options.HorizTwoFingerScroll" type="string">true</merge>

Modelines for Dell 2007WFP

I just found the screen on the side of the road. Surprisingly, it works. There just appears to be an EDID-reading problem, but who cares when one can manually set the modlines?

Section "Monitor"
	Identifier	"DVI1"
	Option		"DPMS"
#			      DCF   HR   SH1  SH2  HFL  VR   SV1  SV2  VFL
	ModeLine	"1680x1050" 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync

This can also be done manually at run-time, using XRandR.

$ xrandr --newmode  "1680x1050" 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync
$ xrandr --addmode VGA1 1680x1050
$ xrandr --output VGA1 --mode 1680x1050

BenQ G900W

Lucky day, I also found another almost perfectly working screen the very same day. It's a BenQ G900W, with the same problem; somebody must have fried their video card. It's nominal resolution is 1440×900, let's try the same trick.

Section "Monitor"
	Identifier	"VGA1"
	Option		"DPMS"
#			      DCF   HR   SH1  SH2  HFL  VR   SV1  SV2  VFL
	ModeLine	"1440x900" 106.50 1440 1520 1672 1904 900 903 909 934 -HSync +Vsync


Quick access control with Apache

In the .htaccess file:

AuthUserFile /PATH/TO/.htpasswd
AuthName "Nice name"
AuthType Basic
<Limit GET>
    require valid-user

Create and maintain the .htpasswd file:

$ htpasswd -c /PATH/TO/.htpasswd user1
New password:
Re-type new password:
Adding password for user user1
$ htpasswd /PATH/TO/.htpasswd user2
New password:
Re-type new password:
Adding password for user user2


Certificate manipulation with OpenSSL

The key

$ export SERVER=`hostname -f`
$ openssl genrsa -out /etc/ssl/private/$SERVER.key 2048

The certificate request

Several AltNames for a single certificate

From (there).

In /etc/ssl/openssl-$SERVER.cnf (or the system's, but it's not as tidy):

req_extensions = v3_req


[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName          = @alt_names


The certificate request is then generated as usual, but the custom configuration file is specified.

$ openssl req -config /etc/ssl/openssl-$SERVER.cnf -new -key /etc/ssl/private/$SERVER.key -out /etc/ssl/$SERVER.csr

The certificate

$ openssl x509 -config /etc/ssl/openssl-$SERVER.cnf -req -days 1000 -in /etc/ssl/$SERVER.csr -signkey /etc/ssl/private/$SERVER.key -out /etc/ssl/$SERVER.crt

Convert a binary certificate to PEM

$ openssl x509 -inform der -in /etc/ssl/$SERVER.crt -out /etc/ssl/$SERVER.pem

Reference: How to generate self-signed SSL certificates

Change a key's passphrase

$ openssl rsa -in /etc/ssl/private/$SERVER.key -out /etc/ssl/private/$SERVER-newpass.key -passout "pass:PASS"

Read the content of a certificate request/certificate/key

$ openssl req|x509|rsa -in /etc/ssl/$SERVER.crt -text

Manually connect to an SSL secured port

$ openssl s_client -connect www.narf.ssji.net:443
Certificate chain
 0 s:/CN=distant-sun.narf.ssji.net
   i:/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
Server certificate
issuer=/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
No client certificate CA names sent
SSL handshake has read 2983 bytes and written 409 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C68B84A9F17B7F2FB2B5E043272B41BC37C34AA826D6B6458C321DE103BD95FC
    Master-Key: E9BFE1B8E6E7B26895541B5E87CC76D7E9E5FD620DE9BB5BDA2B2CFC446F17323CE79717466F8EEC828C1FC2C9E8C770
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket:
    0000 - 37 a3 3f ae ad 81 6d 0d-97 36 10 44 6f 58 ec 49   7.?...m..6.DoX.I
    0010 - d0 74 e0 c6 d5 e6 76 a5-44 a7 1b b6 55 51 f5 65   .t....v.D...UQ.e
    0020 - 75 b0 f1 57 29 01 80 24-a1 bd 67 bf b6 9c b8 50   u..W)..$..g....P
    0030 - 67 f4 87 31 25 d2 0e ac-53 ab 1f 39 97 65 3d 38   g..1%...S..9.e=8
    0040 - a8 87 85 5b f3 7e ec a9-9d bc 01 1b fd e7 dc 0b   ...[.~..........
    0050 - 4b ac 1e ea f9 8c 2f 6c-83 33 c3 45 ce 95 b2 7e   K...../l.3.E...~
    0060 - 9c 51 04 f0 14 9e 0d 03-fb f5 a8 ed 6d b1 90 f3   .Q..........m...
    0070 - 08 3f 47 3b a9 91 f9 d8-99 dc 73 1b a9 86 f6 b0   .?G;......s.....
    0080 - 13 38 30 ae f1 e3 b8 34-7c c2 64 3c 4c ea 8a 10   .80....4|.d<L...
    0090 - 6b e1 59 52 d8 89 f3 9f-6b 17 c7 6c 55 ed 86 0f   k.YR....k..lU...
    00a0 - 70 c6 50 94 21 44 f2 ac-28 f4 ee 59 c3 60 3f f3   p.P.!D..(..Y.`?.
    00b0 - fb f9 bd 54 89 62 44 c5-96 e9 d5 0e 4f be 17 4a   ...T.bD.....O..J

    Start Time: 1291767269
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
Host: www.narf.ssji.net

HTTP/1.1 200 OK
Date: Wed, 08 Dec 2010 00:15:08 GMT
Server: Apache
Content-Location: index.xhtml
Vary: negotiate
TCN: choice
Content-Type: application/xhtml+xml

It also works for TLS connections.

$ openssl s_client -connect SMTP:587 -starttls smtp
[... certificate details ...]

Get Remote Certificate

$ openssl s_client -connect HOST:PORT | sed '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/!d' > HOST.crt
verify error:num=19:self signed certificate in certificate chain
verify return:0

The same can be done to get the fingerprint, with some more filtering:

$ openssl s_client -connect HOST:PORT | sed '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/!d' | openssl x509 -fingerprint
verify error:num=19:self signed certificate in certificate chain
verify return:0
SHA1 Fingerprint=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33


GTK Look and Feel by default

In $JAVA_HOME/lib/swing.properties:

# Swing properties

Recreating the Java KeyStore

If Java complains with a

Unexpected error:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

odds are that the $JAVA_HOME/jre/lib/security/cacerts file is empty (i.e. it's only 32 Bytes in size).

To recreate it from, say, Mozilla's list of trusted certificates, the following (tested on ArchLinux) can be done:

for FILE in /usr/share/ca-certificates/mozilla/*.crt; do
  keytool -deststorepass changeit -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -file $FILE -alias `basename ${FILE/.crt/}` -noprompt

Le minimum avec Mutt

Le .procmailrc:


Le .mutt(ng)rc:

set mbox="~/mbox"
set spoolfile="~/mbox"

Et bien mieux.


Fix UID validity problem

Sometimes, most often when the IMAP server has been reconfigured or changed, OfflineImap complains of UID validity problem. The fix is known but a bit manual. The following automates deletion of all affected folders and metadata.

$ export ACCOUNT=OfflineImapAccountName
$ export MD=/path/to/maildir/root
$ for folder in `offlineimap -a $ACCOUNT -u machineui | sed -n "s/ \[acc.*//;s/.*validityproblem:Folder //p"`; do rm -r $MD/$folder ~/.offlineimap/Account-$ACCOUNT/LocalStatus/$folder ~/.offlineimap/Repository-$ACCOUNT/FolderValidity/$folder; done

An alternate line, for some reason, seems to be needed in same cases.

$ for folder in `offlineimap -a $ACCOUNT -u machineui | sed -n "s/ \[acc.*//;s/%0A.*//;s/.*validityproblem:Folder .*://p"`; do rm -r $MD/$folder ~/.offlineimap/Account-$ACCOUNT/LocalStatus/$folder ~/.offlineimap/Repository-$ACCOUNT/FolderValidity/$folder; done

Rename IMAP folders

How to rename/move IMAP folder from ${OLDNAME} to ${NEWNAME} (those being full tree paths within the IMAP hierarchy, with dots), for an account named ${IMAP}? This assumes the shell is Bash and an OfflineImap configuration such as this (namely: IMAP separators locally mapped to slashes, and consistent repository naming).

  1. Unsubscribe from the old path and move the folder in IMAP.
  2. Subscribe to that new folder.
  3. Move ${OLDNAME} files in all three files Account-${IMAP}/LocalStatus, Repository-${IMAP} and Repository-${IMAP}Local to ${NEWNAME} in OfflineImap's status directory:
    .offlineimap$ for FILE in `find . -name ${OLDNAME}`; do mv $FILE ${FILE/${OLDNAME}/${NEWNAME}}; done
  4. Move the local Maildir copy:
    Maildir$ mv ${OLDNAME/.//} ${NEWNAME/.//}
  5. Adjust the FMD5 in the filenames (see OfflineImap's FAQ, “Why are your Maildir message filenames so long?”):
    Maildir/${NEWNAME/.//}$ for FILE in `find ${NEWNAME/.//} -type f`; do
    >   mv ${FILE} ${FILE/`echo -n "${OLDNAME/.//}" | md5sum | cut -f 1 -d " "`/`echo -n "${NEWNAME/.//}" | md5sum | cut -f 1 -d " "`};
    > done
  6. Sync!

Des fontes GTK de taille normale

  • mettre Xft.dpi: 100 dans ~/.Xresources
  • mettre xrdb -load ~/.Xresources dans ~/.xsession (si nécessaire)
  • redémarrer X

Peut aussi marcher:

$ apt-get install xfonts-base-transcoded


nfs:/data/Sources on /data/Sources type nfs (rw,rsize=32768,wsize=16384,timeo=3,retrans=5,acregmin=1,acregmax=30,acdirmin=10,acdirmax=60,retry=1000,namlen=255,port=2049,mountprog=100005,nfsprog=100003,posix,bg,hard,intr,noac,udp,addr=
lambda-d5.mtek.chalmers.se:/lfs/d5.dd/mehani on /chalmers/users/mehani type nfs (rw,nosuid,hard,intr,grpid,proto=tcp,addr=

Monter une image Qemu

$ mount -oloop,offset=sector_size*partition_start -t vfat /opt/qemu/tempImage /mnt/tempImage

En général sector_size=512 et partition_start=63.

Pour être sûr:

$ fdisk -lu /opt/qemu/tempImage

Convertir de l'EPS en SVG

$ pstoedit -f plot-svg fichier.eps fichier.svg

Créer une vidéo à partir d'images

Les noms des images sont du type img00.jpg à 50 Hz :

$ ffmpeg -f image2 -i img%02d.jpg -r 50 -vcodec mpeg4 vid.avi


Two-sided printing option for landscape documents:

$ lpr -o sides=two-sided-short-edge


Two-sided printing

Two-sided printing with proper folding depending on the printing orientation (i.e. tumble when landscape printing), in /etc/a2ps/a2ps-site.cfg:

Printer: atp-b15-nl2-p1 | #{lp} #o #?l|-oDuplex=DuplexTumble||

or (simpler)

Options: -s2

And stapling:

Variable: lp.options | #{lp} #o #?l|"-oStaple=1Staple(Left)"|"-oStaple=1Staple(Right)"|

Forced two-sided printing

Prevent psnup (and other psutils) from cancelling two-sided printing, as per this post.

Still in /etc/a2ps/a2ps-site.cfg:

Variable: forceduplex \
        cat /etc/a2ps/duplex.ps - 
Variable: forcetumble \
        cat /etc/a2ps/tumble.ps - 
Variable: lp.hook \
        #?d! #?l|#{forcetumble}|#{forceduplex}| | !!

With PS headers duplex.ps and tumble.ps setting the right options.

PDF manipulation

Fill PDF form with an FDF file

This can be done using pdftk.

$ pdftk form.pdf fill_form data.fdf output data.pdf

Unfortunately, the project seems to be dead…

Crop a PDF file

$ gs -o cropped.pdf -sDEVICE=pdfwrite -c "[/CropBox [0 0 280.59 419.52] /PAGES pdfmark" -f input.pdf

The unit of 'CropBox' (and 'MediaBox') are expressed in an unclear (to me) unit. In this example, 280.59 was 99mm.

Using Ghostscript unfortunately scrapes the metadata.

Copy PDF metadata

Once again, PDFTK comes to the rescue.

$ pdftk input.pdf dump_data  | pdftk cropped.pdf update_info - output cropped2.pdf

PPTP-based VPN

PPPd and PPTPClient are needed for this to work

General setup

Using the PPTPClient-provided options, one can quickly create a new peer in, say, /etc/ppp/peers/pptppeer:

file /etc/ppp/options.pptp
name LOGIN
pty "/usr/sbin/pptp PPTPSERVER --nolaunchpppd"


Of course, the password needs to be added to the /etc/ppp/chap-secrets file:

# client        server  secret                  IP addresses
LOGIN           *       PASSWORD                *

Once a network connection has been established, the routes may have to be taken care of before and/or after the establishment of the :

$ sudo pppd call pptppeer
$ sudo route add default gw PPTPPEERGW

Where DEFAULTGW is the default route _before_ the PPTP link has been established, and PPTPPEERGW is the remote endpoint of the P-t-P connection.

Gentoo setup

First emerge the necessary package

$ sudo emerge pptpclient pppd

Then configure the new interface, with dependencies and needed route setup in /etc/conf.d/net:

config_ppp0=( "ppp" )
link_ppp0="pty 'pptp PPTPSERVER --nolaunchpppd'"
       "holdoff 3"
       "child-timeout 60"
       "lcp-echo-interval 15"
       "lcp-echo-failure 3"
       noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp persist
depend_ppp0() {
       depend net

preup() {
	case $1 in
			return 0

postup() {
	case $1 in
			route add default gw PPTPPEERGW dev $1
			return 0

predown() {
	case $1 in
			route del default gw PPTPPEERGW
			return 0

postdown() {
	case $1 in
			return 0

Finally, the startup link has to be created, and can be used directly:

$ sudo ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
$ sudo /etc/init.d/net.ppp0 start

ELF Files Manipulation

Get Library Dependencies without ldd

As seen here.

readelf -d ELFBIN | grep NEEDED

Cleaning Up ownCloud's conflicts

$ export MD5=md5 # BSDs
$ export MD5="md5sum --tag" # GNU
$ for file in *_conflict*; do ext=${file/*.} orig="${file/_conflict*/}.${ext}"; echo -n "$file -> $orig:"; (test -e "$orig" && (test x`$MD5 "$file"|sed 's/.*= //'` = x`$MD5 "$orig"|sed 's/.*= //'` && (echo " same"; rm "./$file")  || echo " DIFFERENT")) || (echo " missing"; mv "$file" "$orig"); done
tips.txt · Dernière modification: 2014/03/19 02:24 par oliviermehani