Dienstag, 15. Oktober 2013

Raspberry Pi Crosscompile-setup

The goal was to compile packages for my Raspberry Pi on my Desktop PC which is running ArchLinux. The main challange is to compile armhf-binaries on an x86_64-CPU. There are plenty of suggestions to do this...
One of them was crosstool-ng. Sadly I could not get it to work on my ArchLinux-system either. All other approaches basically involved setting up a qemu-environment to do the compiling.
Sadly binfmt_misc refused to run arm-binaries via qemu-user-static on my archlinux-system, so I gave up setup an Ubuntu-VM.

Setting up such an environment in Ubuntu is surprisingly easy:
1. Install qemu and stuff
# apt-get install qemu-kvm-extras-static
2. Install debootstrap
# apt-get install debootstrap
3. setup basic environment
# mkdir virtual-pi
# qemu-debootstrap --arch=armhf wheezy virtual-pi http://mirrordirector.raspbian.org/raspbian/
It's important to use the raspbian-mirror here. Otherwise the compiled binaries cause Segmentation Faults when copied to the Pi.
4. setup build-environment
# chroot virtual-pi
# echo deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi >> /etc/apt/sources.list
# echo deb-src http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi  >> /etc/apt/sources.list
# apt-get update
# apt-get install build-essential
Starting from here I was able to compile binaries to copy to the Raspberry Pi.

Freitag, 6. Juli 2012

Scheduled reconnect with Pirelli PRGAV4202N Modem

Motivation


The Pirelli PRGAV4202N is the model often provided by A1 (former Telekom Austria). Some providers tend to limit the IP-lease in their consumer products. In my case A1 limits connections to 24 hours. After 24 hours the connection is cut and the modem must reconnect. This leaves me without an internet connection for a few seconds. This also terminates all my downloads, uploads, VoIP, game connections, etc. So ideally I want this reconnect to occur at some time when I don't care (like e.g. 5 o'clock in the morning). A trivial solution would be to just get up at 5 o'clock once and force the modem to reconnect manually, so that all subsequent reconnects would also occur at roughly 5 o'clock. But this only works as long as there is no other random reconnect which happens every now and then.

How to


This guide requires some linux-based box that is powered on when the reconnect should occur (e.g. an OpenWRT-powered router or a linux-powered home-server).

You need to install the "expect"-script language.

You can use the following script to force your modem to reconnect:

#!/usr/bin/expect

set timeout 1
set cmd {uname -a}

spawn ssh Telek0m@10.0.0.138
expect_after eof { exit 0 }


## interact with SSH
expect "yes/no" { send "yes\r" }
expect "password:" { send "<the-password>\r" }

expect "OpenRG> "
send "conf\r"
expect "conf> "
send "set /dev/ppp0/enabled 0\r"
expect "conf> "
send "reconf 1\r"
expect "conf> "
send "set /dev/ppp0/enabled 1\r"
expect "conf> "
send "reconf 1\r"
expect "conf> "
send "exit\r"
expect "OpenRG> "
send "exit\r"


The "Telek0m"-user that is used for the SSH-connection was used in earlier firmwares as universal support-user. As I'm not sure how legal it is to provide the password here, I'll just skip it (you'll find it using a good search engine).

make sure the script is executable

# chmod +x reconnect.exp

and put it in a cronjob

# crontab -e
0 5 * * * /path/to/reconnect.exp

That's it.

Donnerstag, 5. Juli 2012

Synchronize clock in initial ramdisk


For some reason my server-system running Ubuntu 12.04 with full disk encryption refuses to boot after a crash due to power loss. I soon discovered, that often after powering on after a power loss, the system clock was reset to Jan 1 2002 (or something). This means that after entering the decryption-password the partitions refuse to mount because the "last mount timestamp" is in the future. There is something in the mount-init-script that corrects for such errors as long as the clock is not off by more than 24 hours. In my case it's off by several years. The system only boots when I set the correct date while in initial ramdisk.

To automate this, I thought let's just synchronize the clock via NTP. So I add ntpclient to the initial ramdisk and make sure it's executed automatically.

Step By Step


Download and compile ntpclient (http://doolittle.icarus.com/ntpclient/)
Note that the version provided there does not compile under ubuntu 12.04.
I created a fork on github that fixes that (https://github.com/ChristophGr/ntpclient/zipball/master)
Compile the ntp-client by invoking "make".

$ make
cc -fno-strict-aliasing -std=c89 -W -Wall -O2 -DENABLE_DEBUG -DENABLE_REPLAY   -c -o ntpclient.o ntpclient.c
cc -fno-strict-aliasing -std=c89 -W -Wall -O2 -DENABLE_DEBUG -DENABLE_REPLAY   -c -o phaselock.o phaselock.c
cc   ntpclient.o phaselock.o -lrt  -o ntpclient


now copy the resulting binary somewhere for the initial ramdisk to pick up. It should be a path that is not writable by regular users.

# cp ntpclient /usr/local/


Create a new file in the initial ramdisk source "/etc/initramfs-tools/hooks/ntpclient" and add the following content:

#!/bin/sh
PREREQ=""
prereqs()
{
        echo "$PREREQ"
}

case $1 in
prereqs)
        prereqs
        exit 0
        ;;
esac

. /usr/share/initramfs-tools/hook-functions

#
# Begin real processing
#

cp /usr/local/ntpclient ${DESTDIR}/sbin

make sure it's executable

# chmod +x /etc/initramfs-tools/hooks/ntpclient
In order to automatically invoke the ntpclient when booting, add this script to /etc/iniramfs-tools/scripts/local-premount

#!/bin/sh -e
# initramfs local-premount script for fixrtc

PREREQ=""

# Output pre-requisites
{
        echo "$PREREQ"
}

case "$1" in
    prereqs)
        prereqs
        exit 0
        ;;
esac

/sbin/ntpclient -s -h <ntp-server-ip>

exit 0;

Replace the ntp-server-ip with the IP (not the URL, as we don't have DNS-resolving in initrd) of an NTP-server close to you. To find one you can do

$ nslookup pool.ntp.org

Make sure the script is executable

# chmod +x /etc/initramfs-tools/scripts/local-premount/syncclock

To finish it, update your ramdisk

# update-initramfs -u

And you're done. From now on, your clock is synced via NTP during every boot before mounting.

Freitag, 1. Juni 2012

Gnome 3.4 in Ubuntu 12.04 and keyboard shortcuts

When I upgraded to Ubuntu 12.04 the first thing I did was install Gnome 3 and scrap Unity. However at the end of my setup efforts when it came to setting up my custom keyboard shortcuts both Ubuntu and Gnome threw stones in my way. In the end I was able to configure all of them, and this is how...

Using the Win-key


I tend to use the "Super"/"Meta"/"Windows" key in many of my custom shortcuts because there are almost no default shortcuts on linux in which this key is involved. However in Gnome 3, by default the Windows-key is bound to "Show the Activities Overview" which makes it unusable in shortcuts. To disable this behaviour open Settings->Keyboard Layout->Options... and change the "Alt/Win key behaviour" to "Meta is mapped to Left Win".


Some people suggest it should be "Meta is mapped to Win Keys" but on my german keyboard this screws up the "Alt Gr"-key.

Gnome 3 Shortcuts


So when you press the Meta-key now, it does nothing. Now normally you would setup keyboard shortcuts in Settings->Keyboard->Shortcuts.


However changing shortcuts here has no effect. It seems this is because in Gnome 3.4 the shortcuts are now managed differently and not all components reflect those changes yet. The new backend used to save all shortcuts is now "dconf". The "dconf-editor" is used to edit this config directly.

# apt-get install dconf-tools

Then open the dconf-editor and look for the corresponding keybinding entries. There are several:
  • org/gnome/settings-daemon/plugins/media-keys
  • org/gnome/mutter/keybindings
  • org/gnome/desktop/wm/keybindings
  • org/gnome/shell/keybindings
There may be more locations I'm not aware of, but these are the ones I searched. Find the keybinding you want to modify and edit the entry manually.


You can use either "<Super>", "<Meta>" or "<Mod4>" to denote the "Meta"-key. When you are done editing changes take effect immediately.

Custom Shortcuts


Configuring custom shortcuts in Gnome's keyboard menu (Settings->Keyboard->Shortcuts) actually works. You can setup custom shortcuts here.


Only when you want to use the "Meta"-key in you key-bindings it does not work. Normally these key-bindings should also be reflected in dconf. They should be located at "" but they are not because Ubuntu patched gnome-settings to use the older "gconf" instead (I suppose this is also the reason for the issue with the Gnome 3 shortcuts not working). So to workaround that you need to use the "gconf-editor".

# apt-get install gconf-editor

In the gconf-editor navigate to /desktop/gnome/keybindings/ and select the custom entry you want to modify.


Edit the value of the "binding"-property and replace the "<Super>" with "<Mod4>" because no other alias will work with gconf. When you're finished editing the changed also take effect immediately. Now the shortcut should work.

I think both Ubuntu and Gnome did their part in screwing this up, but with these workarounds I hope you can enjoy them both anyways. If you're interested in the progress on these bugs:
I hope they fix them soon. Until then, enjoy with these workarounds.

Montag, 14. Mai 2012

SSH unlock with fully encrypted ubuntu 12.04 server

When operating a server with full system encryption it is often undesirable to enter the password with a local keyboard. However setting up unlocking via SSH with ubuntu 12.04 is quite a stony path as there are several bugs that need to be worked around, before it actually works. I put together a complete guide how to set it up. The tutorial is based on the setup created in the previous one.
So I assume your ubuntu 12.04 server is installed on a fully encrypted partition that is managed with LVM. The unlocking of the root-partition is done in the "initial ramdisk" that is stored on the unencrypted /boot partition. In order to enter this password over SSH, you need to add an SSH-server to your initial ramdisk. To keep the initial ramdisk small we use "dropbear" - an SSH-server implementatin for embedded systems.

# apt-get install openssh-server dropbear

The dropbear system-installation will automatically use the RSA and DSA keys provided by OpenSSH.
It is also automatically integrated into the initial ramdisk. However it generates a separate pair of keys for the initial ramdisk which can be undesirable because it will give you nasty "Host identification changed" errors when you connect to the ramdisk-system. So I decided to work around that by using the system-key-pair for the ramdisk as well:
# cp /etc/dropbear/dropbear_* /etc/initramfs-tools/etc/dropbear/

As the initial ramdisk will only contain a root-user, the root-user has to be activated and assigned a password.

# passwd root

Optional: If you like to authenticate using a public key you need to make sure the ramdisk accepts it:

# cp ~/.ssh/authorized_keys /etc/initramfs-tools/root/.ssh/authorized_keys

Because of a bug in ubuntu/debian authentication will always fail when trying to login to your initial ramdisk system. A workaround provided by Alex Roper fixes this problem.

# vi /etc/initramfs-tools/hooks/fix-login.sh

Copy the content of the script into the editor:

#!/bin/sh

PREREQ=""

prereqs()
{
    echo "$PREREQ"
}

case $1 in
# get pre-requisites
prereqs)
    prereqs
    exit 0
    ;;
esac

cp $(dpkg -L libc6 | grep libnss_ | tr '\n' ' ') "${DESTDIR}/lib/"

Save the file and make sure it's executable:

# chmod +x /etc/initramfs-tools/hooks/fix-login.sh

After updating the initramfs you can reboot and login via SSH should work.

# update-initramfs -u
# reboot

However entering the password for the encrypted volume will not work because of a bug in plymouth that prevents other ways to enter the password. So another workaround is required.
Add another script "crypt_unlock" to /etc/initialramfs-tools/hooks:

# vi /etc/initramfs-tools/hooks/crypt_unlock.sh

And add the following content:

#!/bin/sh

PREREQ="dropbear"

prereqs() {
    echo "$PREREQ"
}

case "$1" in
    prereqs)
        prereqs
        exit 0
    ;;
esac

. "${CONFDIR}/initramfs.conf"
. /usr/share/initramfs-tools/hook-functions

if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then
    cat > "${DESTDIR}/bin/unlock" << EOF
#!/bin/sh
if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then
    kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\`
    exit 0
fi
exit 1
EOF

    chmod 755 "${DESTDIR}/bin/unlock"

    mkdir -p "${DESTDIR}/lib/unlock"
cat > "${DESTDIR}/lib/unlock/plymouth" << EOF
#!/bin/sh
[ "\$1" == "--ping" ] && exit 1
/bin/plymouth "\$@"
EOF

    chmod 755 "${DESTDIR}/lib/unlock/plymouth"

    echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd

fi

Make sure it's executable:

# chmod +x /etc/initramfs-tools/hooks/crypt_unlock
And update the initramfs

# update-initramfs -u
# reboot
Now when you boot into your initial ramdisk you can connect to your server via ssh and unlock the encrypted volume by typing

# unlock
Unlocking the disk /dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (sda2_crypt)
Enter passphrase: 
  Reading all physical volumes.  This may take a while...
  Found volume group "mydisk" using metadata type lvm2
  2 logical volume(s) in volume group "mydisk" now active
cryptsetup: sda2_crypt set up successfully
# 
Congratulations! You should now be able to unlock your encrypted server without a local keyboard present.

Setup Ubuntu 12.04 server with full disk encryption

Although there are several tutorials out there describing how to encrypt your system using dmcrypt. There are essentially two reasons why I made this one:
  1. As preparation for the following tutorial on how to setup unlocking via SSH
  2. To document the setup for myself.
We start from scratch with installing ubuntu 12.04 LTS server. You can download it here.
I won't go into the detail on the setup itself, but only the process of partitioning the disk.

There are many ways to encrypt your harddisk. Arch wiki covers it pretty well if your're interested. I'll describe one specific way here. The goal: encrypting "root" and "swap". However, when you setup two encrypted paritions you set up two (different) passwords. I am pretty lazy, so I want to unlock all encrypted volumes at once. This is where LVM comes in. So I just create one encrypted partition and let LVM handle the rest of the partitioning. So let's go:


Obviously you are going to set up the partitions manually, so select "Manual" on this screen.


I start with a completely empty disk. If it's not a new drive you should probably "secure erase" it first.
So first you setup a boot-partition.


This partition will contain the kernel and the initialramfs required to unlock your system. I created a 200MB partition formatted as ext4. You can adjust the size according to your needs.
Then setup a partition using up the rest of the space.


Then select "Configure encrypted volumes" and then "Create encrypted volumes". Select the disks to use for encryption accordingly:


After setting the password you'll end up with an encrypted volume (e.g. sda2_crypt).


Now select "Configure the Logical Volume Manager".


Select "Create Volume group" and give it a name. This name will be used to present your device in udev (/dev/mapper/yourlvmdisk).


Make sure you select the encrypted volume for the volume group.


Then select "Create logical volume" to create a partition inside the volume group. Setup partitions as desired. You can control your layout at the end by selecting "Display configuration Details".


I decided to setup just a root and a swap partition in this testsetup. If you want additional partitions (e.g. home) you need to create them here. When you're satisfied with your volume setup hit finish.


The volumes now appear as partitions in the partition manager and can be formatted like regular partitions.


I setup the first partition as root-partition with ext4 as filesystem.


When you're done setting up the partitions hit "Finish partitioning and write changes to disk" and then carry on with the installation as usual. When the setup is finished and the system rebooted you will be prompted the password for the volume.

Congratulations! Your system is now fully encrypted.

Montag, 5. März 2012

What Touchwiz really is

"Touchwiz" (TW) is the name Samsung gave to the custom Android UI deployed on their mobile devices (except Nexus devices). It can be compared to "Sense" on HTC or "Motoblur" on Motorola. Now when talking about touchwiz most people just think about the launcher (twlauncher).
They don't get that Touchwiz is much more than just a launcher. It customizes several aspects of the phone's UI. So, I took the time to compare Touchwiz and to the default Android UI. I took my Galaxy S and loaded it with a recent build of a Samsung's stock firmware (gingerbread.JVZ, Android 2.3.6) and compared the experience to AOSP (Android Open Source Project) by installing a nightly build of Cyanogen 7.2.
Admittedly this approach is not completely accurate as CyanogenMod comes with some minor modifications to AOSP as well. Also the galaxy S only supports TouchWiz 3.5, while the Galaxy S2 is shipped with TouchWiz 4.0 which contains some improvements to its predecessor.
I don't want to start ranting about TouchWiz right away, so I'll do the rant about it a little later.

Launcher

The first difference is the Launcher.


Both offer several desktops that can be navigated by horizontal swipe gestures and a dock with configurable shortcuts. One of them takes the user to the "App Drawer".

The TouchWiz Launcher presents apps in pages that can be switched by horizontal swiping. Although the initial order is alphabetical, newly installed apps are appended to the end of the list, so the position of the icons remains stable. The order can however be customized manually by entering the "edit-mode". In this mode the user can also uninstall apps directly from the app drawer.
The AOSP Launcher presents the apps in a vertically scrollable list with the apps ordered alphabetically. New apps are inserted at the appropriate spot so that the ordering remains alphabetical. Icons cannot be manually rearranged.

The launcher can easily be replaced by installing a third-party launcher (like ADW or Launcher Pro) from the Market.

Dialer

The dialer is what appears when clicking the phone-symbol.
Both dialers support T9 contact matching. The TouchWiz dialer presents direct shortcuts for texts or video calls. To access the text-shortcut in the AOSP-dialer the user has to press the menu-key.

Calendar

Another major difference is the calendar app. They all provide month-, week-, day- and task overview.
TouchWiz uses a dark theme for the calendar while the AOSP one uses a white background.

The Touchwiz calendar does not show descriptions for entries in the week overview. All day events are indicated by displaying a blue triangle at the day-label.


The TouchWiz calendar marks days as occupied as soon as there is one entry. The AOSP calendar displays the entries of the days as a bar.

Music

The music apps look different but support similar features.





The main difference is that TouchWiz Music does not offer a widget, but a more powerful notification bar entry.

Clock

The clock apps differ quite a bit.


In addition to the alarm clock feature the TouchWiz provides a world clock, stop watch and a countdown timer. The AOSP clock provides an alarm feature and displays the weather on the main page.




Contacts



Messaging



The TouchWiz Messaging App follows the "iPhone-style" for displaying conversations.

Mail



Calculator

The TouchWiz calculator offers a two-line display and a few more buttons.


There are several other modifications Samsung made to the AOSP experience like
  • Incoming Call Screen
  • Lock Screens
  • Swipe Keyboard
  • Mobile Tracker
  • Social Hub
  • Memo
  • ...
That should be the most of it.