Outils pour utilisateurs

Outils du site


Panneau latéral

Tips

Divers

Projets

Ham Radio

Machines

Research

Privé

Études

tips:blasturvion

Blasturvion (ArchLinux on a Dell E7440)

Key Advantages

  • Lighter!
  • 4 cores i7
  • 3G modem and GPS
  • Smart Card reader (see Using an OpenPGP SmartCard) [plus contactless and fingerprint readers]
  • Touch Screen
  • SSD

Initial Setup

Install medium

Cancey's disk died on the very day of Blastuvion's arrival, so we're left with an old PowerMac G4 to create the install USB disk.

$ diskutil list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     Apple_partition_scheme                        *465.8 Gi   disk0
   1:        Apple_partition_map                         31.5 Ki    disk0s1
   2:                  Apple_HFS Macintosh HD            465.6 Gi   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *931.5 Gi   disk1
   1:                 DOS_FAT_32 DATA                    931.3 Gi   disk1s1
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *1.9 Gi     disk2
   1:                 DOS_FAT_16 NO NAME                 1.9 Gi     disk2s1
$ diskutil unmountDisk /dev/disk2
Unmount of all volumes on disk2 was successful
$ sudo dd if=archlinux-2014.11.01-dual.iso of=/dev/rdisk2 bs=1m
Password:
577+0 records in
577+0 records out
605028352 bytes transferred in 154.197395 secs (3923726 bytes/sec)
$ diskutil eject  /dev/disk2Disk /dev/disk2 ejected

Then, we're ready to boot and install.

Partitioning, dm-crypt/LUKS and LVM

Partitioning is a tricky step, as we both want UEFI boot and FDE.

$ gdisk /dev/sda
o
n

+512M
EF00 # this will give it the 'boot' flag
p
n


8E00
p
w

Create the LUKS and LVM partitions.

# cryptsetup luksFormat /dev/sda2
Enter passphrase: 
Verify passphrase: 
cryptsetup luksOpen /dev/sda2
Enter passphrase: 
# pvcreate /dev/mapper/lvm
# vgcreate blasturvion /dev/mapper/lvm
# lvcreate -L 50G blasturvion -n root
# lvcreate -L 16G blasturvion -n swap
# lvcreate -l +50%FREE blasturvion -n home
# lvcreate -l +100%FREE blasturvion -n data
# mkfs.ext4 -L root /dev/mapper/blasturvion-root
# mkswap /dev/mapper/blasturvion-swap
# mkfs.ext4 -L home /dev/mapper/blasturvion-home
# mkfs.ext4 -L data /dev/mapper/blasturvion-data
# mount /dev/blasturvion/root -o noatime,/mnt
# mkdir -p /mnt/{boot,data,home,tmp}
# mount -o noatime,discard /dev/sda1 /mnt/boot
# swapon /dev/blasturvion/swap
# mount -o noatime,discard /dev/blasturvion/home /mnt/home
# mount -o noatime,discard /dev/blasturvion/data /mnt/data
# # /tmp is already mounted as tmpfs by systemd

The discard mount option is useful for SSDs (issues TRIM commands).

Installing the Base System

# vi /etc/pacman.d/mirrorlist # Put the closest mirror at the top
# pacstrap /mnt base
# genfstab -p /mnt >> /mnt/etc/fstab
# arch-chroot /mnt
# echo blasturvion > /etc/hostname
# ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime
# # No need for locales,  C is good
# #localectl set-keymap --no-convert dvorak # Should create /etc/vconsole.conf with the right settings, but doesn't work that early
# echo KEYMAP=dvorak > /etc/vconsole.conf
# vi /etc/mkinitcpio.conf
[ add "dm_mod dm_crypt" in MODULES
  add "keymap encrypt lvm2" in HOOKS before "filesystems"; "keymap" is useful for non US mapping when entering the passphrase ]
# mkinitcpio -p linux
# passwd

Booting the kernel as an EFI_STUB

The Intel CPU microcode needs to be loaded before the initrd. An initial intel_ucode.img file can be found on the install media; its location on the UEFI partition is revelad by inspecting /proc/cmdline. It can simply be copied to /boot (which is the root of the ESP).

:!: The following doesn't work, skip to next section now :!:

It seems that efibootmgr is the UEFI tool of choice.

# pacman -S efibootmgr
# efibootmgr -d /dev/sda -p 1 -c -L "ArchLinux" -l /vmlinuz-linux -u "initrd=/intel_ucode.img initrd=/initramfs-linux.img cryptdevice=PARTUUID=`blkid -S PARTUUID -o value /dev/sda2`:blasturvion root=/dev/mapper/blasturvion-root rw initrd=/initramfs-linux.img"

Moment of Truth: Booting the system

# ^D
# umount -R /mnt
# reboot

Aaaand. It fails with a kernel VFS panic. But the kernel booted!

Using an UEFI bootscript

To facilitate UEFI shell usage, a script can be put in the ESP.

/boot/archlinux.nsh
\EFI\Arch\vmlinuz-linux.efi cryptdevice=PARTUUID=9a8e2c89-2b81-481c-957f-8e9093abe3ff:blasturvion:allow-discards root=/dev/mapper/blasturvion-root rw initrd=\EFI\Arch\intel_ucode.img initrd=\EFI\Arch\initramfs-linux.img

It can then be called from the UEFI shell.

> fs0:
> archlinux

Installing an UEFI Boot Manager

At the end of the day, installing a boot manager seems to be easier. (Remember /boot here is the root of the ESP).

# pacman -S gummiboot
# gummiboot install
# cat > /boot/loader/entries/arch.conf
title Arch Linux
efi \vmlinuz-linux
options initrd=\intel_ucode.img initrd=\initramfs-linux.img cryptdevice=PARTUUID=`blkid -s PARTUUID -o value /dev/sda2`:blasturvion:allow-discards root=/dev/mapper/blasturvion-root ro resume=/dev/mapper/blasturvion-swap
^D

# cat >> /boot/loader/loader.conf
default arch
^D

Apparently, this UEFI does not require the EFI stub's name to end in .efi, nor for the initrds to be in a specific subdirectiory, so we can just point gummiboot to where Arch installs its kernels, with no need to move them about.

And now the machine boots on its own!

SSD tweaks

Save from mounting the SSD journalled ext4 volumes with the ''noatime'' option, we also want to reduce the swapiness of the system

/etc/sysctl.d/99-sysctl.conf
vm.swappiness=1

In addition, despite slight security implications (but we use LUKS, so plausible deniability is already gone), it might be wise to pass the TRIM command down to the SSD. The '':allow-discards'' option is added to the kernel command, and ''issue_discards'' is set to 1 in section ''devices'' of ''/etc/lvm/lvm.conf'' (not really needed), and mount the volumes with the ''discard'' option in ''/etc/fstab''.

Setting up networking

# (sed "s/eth0/eno1/;s/#\(IP6.*stateless\)/\1/" /etc/netctl/examples/ethernet-dhcp; echo "AutoWired=yes") > /etc/netctl/ethernet-dhcp
# systemctl enable netctl-ifplugd@eno1.service
# sed "s/wlan0/wlp2s0/;s/dhcp/&\nIP6=stateless/;s/MyNetwork/MyEssid/;s/'WirelessKey'/`wpa_passphrase MyEssid MyPassphrase | sed -n 's/^\tpsk=//p'`/" /etc/netctl/examples/wireless-wpa > /etc/netctl/MyEssid
# systemctl enable netctl-auto@wlp2s0.service

Creating users

https://wiki.archlinux.org/index.php/Users_and_groups#Example_adding_a_user

#  useradd -m -g users -G wheel,lp,video,audio,optical USER
# chfn USER

Installing software

$ sudo pacman -S vim tmux sudo mc \
  base-devel clang git subversion gdb strace ctags ghc cabal-install happy \
  gvim xterm fvwm  conky firefox gnome xorg xorg-apps lightdm-gtk3-greeter stalonetray xorg-xclock xscreensaver xbrightness xgamma imagemagick gajim sonata mpd mpc xorg-apps  zathura-poppler archlinux-wallpaper \
  openssh openntpd mlocate smartmontools hdparm a2ps ssmtp offlineimap \
  iw dnsutils whois openbsd-netcat tcpdump wireshark-gtk kismet net-tools ifplugd wpa_actiond \
  alsa-tools also-utils gnome-alsamixer  \
  ssmtp lynx gsasl tree \
  haveged \
  python2-crypto notification-daemon libxss rox \
  perl_ldap perl-authen-sasl perl-io-socket-ssl perl-datetime \
  gpsd \
  texlive-most vim-latexsuite libreoffice \
  hamster-time-tracker gtg python-dateutil \
  geeqie inkscape gimp calibre w3cam file-roller easytag \
  pcsclite pcsc-tools ccid pinentry libusb-compat
$ sudo systemctl start pcscd
$ sudo systemctl start haveged # see https://www.archlinux.org/news/gnupg-21-and-the-pacman-keyring/
$ sudo systemctl enable haveged
$ sudo tee -a /etc/lightdm/lightdm-gtk-greeter.conf
background='/usr/share/archlinux/wallpaper/archlinux-aqua-vines.jpg'
[monitor: eDP1]
laptop=true
^D
$ sudo systemctl enable lightdm
$ sudo systemctl start lightdm
$ sudo systemctl enable pcscd
$ sudo systemctl enable org.cups.cupsd
$ sudo chgrp mail /etc/ssmtp/ssmtp.conf /usr/bin/ssmtp; sudo chmod 660 /etc/ssmtp/ssmtp.conf; sudo chmod g+s /usr/bin/ssmtp
$ cd /tmp
$ curl https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz | tar xzv
$ cd package-query/; makepkg -fc; sudo pacman -U package-query-*.xz; cd -
$ curl https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz | tar xzv
$ cd yaourt/; makepkg -fc; sudo pacman -U yaourt-*.xz; cd -
$ yaourt -S --noconfirm mutt-patched lbdb poldi owncloud-client xwrits ttf-dejavusansmono-powerline-git  ttf-ms-libre-fonts adobe-source-han-sans-jp-fonts pmount urlview gnulib mpdris2 mpdscribble \
  mbm-gpsd-pl4nkton-git mbm-gps-control-git \
  c2hs \
  perl -datetime-format- dateparse \
  magickthumbnail \
  fortune-mod fortune-mod-3rfts fortune-mod-archlinux fortune-mod-arresteddevelopment fortune-mod-blackadder fortune-mod-blackbooks fortune-mod-bofh-excuses fortune-mod-breakingbad fortune-mod-calvin fortune-mod-chucknorris fortune-mod-confucius fortune-mod-discworld fortune-mod-firefly fortune-mod-fr fortune-mod-freshprince fortune-mod-futurama  fortune-mod-hitchhiker fortune-mod-joel fortune-mod-limericks  fortune-mod-marriedwithchildren fortune-mod-metalfairytale-git fortune-mod-montypython fortune-mod-peepshow fortune-mod-profile fortune-mod-protolol-git fortune-mod-quantumleap fortune-mod-scrubs fortune-mod-sherlock fortune-mod-simpsons-chalkboard fortune-mod-that70sshow  fortune-mod-thebigbangtheory fortune-mod-xfiles
$ cabal install git-annex

Xorg input devices

Keyboard

Keyboard configuration can be created by gnome-control-center. It however seems to reset KEYMAP in /etc/vconsole.conf.

/etc/X11/xorg.conf.d/00-keyboard.conf
Section "InputClass"
        Identifier "system-keyboard"
        MatchIsKeyboard "on"
        Option "XkbLayout" "us,us"
        Option "XkbVariant" "dvorak-intl,intl"
EndSection

Touchpad

$ sudo cp /usr/share/X11/xorg.conf.d/50-synaptics.conf /etc/X11/xorg.conf.d/00-synaptics.conf
/etc/X11/xorg.conf.d/00-synaptics.conf
Section "InputClass">
        Identifier "touchpad catchall"
        Driver "synaptics"
        ....
        Option "CornerCoasting" "1"
        Option "HorizTwoFingerScroll" "1"
        Option "HorizEdgeScroll" "1"
        Option "VertEdgeScroll" "1"
        # Force natural scolling
        Option "VertScrollDelta" "-106" 
        Option "HorizScrollDelta" "-106"

EndSection

Pointers

$ sudo cp /usr/share/X11/xorg.conf.d/10-evdev.conf /etc/X11/xorg.conf.d/
/etc/X11/xorg.conf.d/10-evdev.conf
Section "InputClass"
        Identifier "evdev pointer catchall"
        MatchIsPointer "on"
        MatchDevicePath "/dev/input/event*"
        Driver "evdev"
        Option "Emulate3Buttons" "True"
        # Force natural scolling: each increment of the wheel goes in revers
        Option "VertScrollDelta" "-1" 
        Option "HorizScrollDelta" "-1"
EndSection

Hardware

ELAN Touchscreen

Hardware

It (04f3:0111) is detected by hid-touchscreen, but currently infinitely loops being detected and lost, apparently due to autosuspend. This can be disabled with

# echo 0 > /sys/bus/usb/devices/1-1.8/power/autosuspend_delay_ms && echo auto > /sys/bus/usb/devices/1-1.8/power/control

(or more permanenly).

This can be used for other devices that might exhibit the same behaviour, just changing the 1-1.8 for the relevant bus/port.

Xorg

The touchscreen is natively recognised by Xorg, but some tweak are needed in Xinerama.

~/.xprofile
xinput --map-to-output `xinput -list | grep "ELAN Touchscreen" | sed -n 's/.*id=\([0-9]\+\).*/\1/p'` eDP1 # eDP1 is the LVDS

Dell Hotkeys

Unlike Cancey (E6320) which, after double checking with 'xev, has backlight keys mapped in hardware, and results in X11 receiving XRROutputPropertyChangeNotifiiiiyEvent, the E7440 sends proper X11 keycodes.

$ xev
KeyPress event, serial 41, synthetic NO, window 0x5c00001,
    root 0x9d, subw 0x0, time 24979799, (173,-8), root:(1131,8),
    state 0x0, keycode 232 (keysym 0x1008ff03, XF86MonBrightnessDown), same_screen YES,
    XLookupString gives 0 bytes:
    XmbLookupString gives 0 bytes:
    XFilterEvent returns: False

KeyRelease event, serial 41, synthetic NO, window 0x5c00001,
    root 0x9d, subw 0x0, time 24979799, (173,-8), root:(1131,8),
    state 0x0, keycode 232 (keysym 0x1008ff03, XF86MonBrightnessDown), same_screen YES,
    XLookupString gives 0 bytes:
    XFilterEvent returns: False

KeyPress event, serial 42, synthetic NO, window 0x5c00001,
    root 0x9d, subw 0x0, time 24980069, (173,-8), root:(1131,8),
    state 0x0, keycode 233 (keysym 0x1008ff02, XF86MonBrightnessUp), same_screen YES,
    XLookupString gives 0 bytes:
    XmbLookupString gives 0 bytes:
    XFilterEvent returns: False

KeyRelease event, serial 42, synthetic NO, window 0x5c00001,
    root 0x9d, subw 0x0, time 24980069, (173,-8), root:(1131,8),
    state 0x0, keycode 233 (keysym 0x1008ff02, XF86MonBrightnessUp), same_screen YES,
    XLookupString gives 0 bytes:
    XFilterEvent returns: False

They can be mapped to, e.g., xbrightness (AUR), in fvwm.

~/.fvwm2rc
Key XF86MonBrightnessUp A       N       Exec xbrightness +10000
Key XF86MonBrightnessDown       A       N       Exec xbrightness -10000   

For extra control, we can use modifiers and map them to use xgamma. Unfortunately, it seems to reset the work of xbrightness, and vice-versa.

Sound Cards

The HDMI chip seems to appear first, making it confusing to access the standard PCH sound card without options (e.g., with amixer or mpd).

$ amixer info
Card hw:0 'HDMI'/'HDA Intel HDMI at 0xf7e34000 irq 49'
  Mixer name    : 'Intel Haswell HDMI'
  Components    : 'HDA:80862807,80860101,00100000'
  Controls      : 21
  Simple ctrls  : 3
$ amixer info -c 1
Card default 'PCH'/'HDA Intel PCH at 0xf7e30000 irq 47'
  Mixer name    : 'Realtek ALC3226'
  Components    : 'HDA:10ec0292,102805cb,00100001'
  Controls      : 28
  Simple ctrls  : 13

This can be fixed in /etc/asound.conf, remapping the default card by adding the following.

/etc/asound.conf
defaults.ctl.card 1;
defaults.pcm.card 1;

This works nicely

$ amixer info
Card default 'PCH'/'HDA Intel PCH at 0xf7e30000 irq 47'
  Mixer name    : 'Realtek ALC3226'
  Components    : 'HDA:10ec0292,102805cb,00100001'
  Controls      : 28
  Simple ctrls  : 13

Contactless Cards

PC/SC support can be enabled with a Windows utility, using the ushdiag tool from the Dell ControlVault utility. Fortunately, it works with FreeDOS. It might be necessary to update the firmware first. Using dosupdat.bat works well, but the Wi-Fi killswitch needs to be off.

C:> ushdiag -u -stat REM (output should display RFID in CV only mode)
C:> ushdiag -u -de 4 REM (enable RFID)
C:> ushdiag -u -dt 4 REM (and swipe Your RFID card over reader in meantime)
C:> REM Result should be PASS if Your RFID is working. Repeat test if necessary.
C:> ushdiag -u -dd 8 REM (this will disable CV only mode)
C:> ushdiag -u -dt 4 REM (and swipe Your RFID card)
C:> ushdiag -u -stat REM (should display CV only: DISABLED)

Under Linux, pcsc_scan should now detect a contactless reader, and detect card insertions whenever one comes near.

Fingerprint Reader

GPS

3G Modem

Software

Backup

Backup-manager works pretty well out of the box. It just needs to be called regularly.

As there is no cron anymore, we use systemd timers. This first requires a service to call backup-manager.

/etc/systemd/system/backup-manager.service
[Unit]
Description=Backup Manager
Documentation=man:backup-manager(8)
 
[Service]
ExecStart=/usr/bin/backup-manager
 
[Install]
Alias=backup-manager.service

Then a timer can be written

/etc/systemd/system/backup-manager.timer
[Unit]
Description=Weekly Backup
 
[Timer]
OnCalendar=Fri, 12:30
Persistent=true     
 
[Install]
WantedBy=timers.target

and enabled

$ sudo systemctl enable backup-manager.timer
Created symlink from /etc/systemd/system/timers.target.wants/backup-manager.timer to /etc/systemd/system/backup-manager.timer.

MPD and PulseAudio

The following is a bit dodgy, but works for single-seat machines with a system-wide MPD but user-local PulseAudio. Other configuration might work, but are untested.

/etc/mpd.conf
audio_output {
        type            "pulse"
        name            "My Pulse Output"
#       server          "localhost"             # optional
#       port            "1500"          # optional
#       server          "remote_server"         # optional
#       sink            "remote_server_sink"    # optional
}
/etc/pulse/default.pa
load-module module-native-protocol-tcp auth-anonymous=1
tips/blasturvion.txt · Dernière modification: 2015-08-20 13:31 par shtrom