title

Blog of René Jochum

Blogging about Programming, Security, Linux, Networking and Web Apps.

My installation of Ubuntu Mate 15.04 (Vivid)


This is my own documentation of my installation, i assume you have installed
Ubuntu Mate 14.10 before.

Grub + cryptoroot + BTRFS works a lot better with Vivid, yeah!

Features

  • Latest Ubuntu Mate
  • Encrypted disk
  • BTRFS root, home and stuff i keep between sys updates.

Install Linux from a livecd

  • Start from the livecd
  • Go to Control Center->Hardware->Keyboard and set the keyboard to german nodeadkeys
  • connect to the internet

Get root and install BTRFS Tools

sudo -s -H
apt-get -y install btrfs-tools

Decrypt the root

cryptsetup --allow-discards luksOpen /dev/sda2 root

Create the root subvolume

mkdir /mnt/btrfs
mount -o subvolid=0,compress=lzo,recovery,noatime /dev/mapper/root /mnt/btrfs
btrfs subvolume create /mnt/btrfs/\@ubuntu_15.04

Mount the new Subvolume to /target

mkdir /target
mount -o subvol=@ubuntu_15.04,compress=lzo,recovery,noatime /dev/mapper/root /target
mkdir -p /target/var/lib/lxc
mkdir -p /target/opt/mono
mkdir -p /target/mnt/btrfs

Rsync /rofs to /target

rsync -avP /rofs /target

Copy stuff from 14.10 to 15.04

cp /etc/mtab /target/etc/

export from='/mnt/btrfs/@ubuntu_14.10'
cp -a $from/etc/hosts /target/etc/
cp -a $from/etc/hostname /target/etc/
cp -a $from/etc/sysctl.conf /target/etc/
cp -a $from/etc/sudoers /target/etc/
cp -a $from/etc/crypttab /target/etc/
cp -a $from/etc/fstab /target/etc/
sed -i -e's/@ubuntu_14.10/@ubuntu_15.04/' /target/etc/fstab
cp -a $from/etc/data_luks.key /target/etc/
cp -a $from/etc/initramfs-tools/modules /target/etc/initramfs-tools
cp -a $from/etc/NetworkManager/system-connections/* /etc/NetworkManager/system-connections/
cp -pfra $from/etc/NetworkManager/dnsmasq.d/* /target/etc/NetworkManager/dnsmasq.d/
cp -a $from/etc/samba/smb.conf /target/etc/samba/
rsync -avP $from/etc/libvirt/ /target/etc/libvirt/

Chroot to /target

mount -o bind,rw /dev /target/dev
mount -o bind,rw /proc /target/proc
mount -o bind,rw /sys /target/sys
mount -o bind,rw /dev/pts /target/dev/pts
mount -o bind,rw /run /target/run

chroot /target /bin/bash

export TARGET_USERNAME=$SUDO_USER
rm -f /usr/lib/locale/locale-archive
locale-gen de_AT.UTF-8 en_US.UTF-8 de_AT en_US
update-locale LANG=de_AT.UTF-8
export LANG=de_AT.UTF-8
dpkg-reconfigure keyboard-configuration
dpkg-reconfigure tzdata

Make sure dhclient never updates resolv.conf

See: http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/

cat <<EOF > /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
#!/bin/sh
make_resolv_conf(){
    :
}
EOF
  cat /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate # check

Create your user

export TARGET_USERNAME="pcdummy"
adduser --no-create-home ${TARGET_USERNAME}
usermod -a --groups=sudo,cdrom,floppy,audio,dip,video,plugdev ${TARGET_USERNAME}
passwd -l root
usermod -a -G fuse ${TARGET_USERNAME}

Update the fresh install (still in chroot)

sed -i -e's/archive.ubuntu/ch.archive.ubuntu/g' /etc/apt/sources.list
apt-get update && apt-get -yy dist-upgrade

Update grub.

cat <<'EOF' > /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 kopt=root=/dev/mapper/root quiet splash"
#GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root"
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="luks cryptodisk gcry_rijndael gcry_sha1"
EOF'

update-grub

My favorite console text editor and aptitude.

apt-get -yy install vim vim-scripts aptitude
update-alternatives --set editor /usr/bin/vim.basic

Remove live installer

apt-get -yy purge casper ubiquity && apt-get -yy autoremove

German Language packs and suggestions

apt-get -yy install firefox-locale-de libreoffice-l10n-de thunderbird-locale-de hyphen-de libreoffice-help-de mythes-de thunderbird-gnome-support ttf-lyx myspell-de-at

Nvidia driver.

apt-get update
apt-get -yy install nvidia-settings nvidia-current
nvidia-xconfig --no-logo

Install usefull stuff.

Speed :)

sudo apt-get -y install readahead-fedora preload nscd

Reboot

reboot

Gnome-encfs-manager

sudo add-apt-repository -y ppa:gencfsm/ppa
sudo apt-get update
sudo apt-get -y install gnome-encfs-manager

Atom text editor

He explains my reasons to switch to Atom from Sublime quiet good

sudo add-apt-repository -y ppa:webupd8team/atom
sudo apt-get update
sudo apt-get -y install atom nodejs git

Geany text editor

sudo aptitude install 'geany-plugins' geany-plugin-py geany-plugin-treebrowser geany-plugin-vc

Evernote on Linux

Isn’t working!

 sudo add-apt-repository -y ppa:vincent-c/nevernote
 sudo apt-get update
 sudo apt-get -y install nixnote

I’ve made my own package witch works on 15.04:

pushd .
cd ~/Downloads
wget http://rene.jochums.at/downloads/nixnote2-2.0-beta3_amd64.deb
sudo dpkg -i nixnote2-2.0-beta3_amd64.deb; sudo apt-get install -y -f
popd

Virtual development environment

  sudo add-apt-repository -y ppa:jacob/virtualisation
sudo add-apt-repository -y ppa:ubuntu-lxc/lxc-stable
sudo apt-get -y install libvirt-bin virt-manager qemu qemu-kvm qemu-system spice-client python-spice-client-gtk bridge-utils ebtables virt-top
sudo apt-get -y install lxc cgmanager uidmap lxc-templates
sudo apt-get -y install system-config-samba # To setup sharing's for windows guests.
sudo usermod -a -G libvirtd $SUDO_USER

Playing with OpenVSwitch

sudo apt-get -y install openvswitch-switch ethtool

Git repository viewer

sudo apt-get -y install git-cola fldiff

KeePass 2: Password manager

sudo add-apt-repository -y ppa:dlech/keepass2-plugins
sudo apt-get update
sudo apt-get -y install keepass2 mono-dmcs mono-complete libmono-system-management4.0-cil keepass2-plugin-rpc xul-ext-keefox xul-ext-keebird keepass2-plugin-keepasshttp

Go Development with gvm

install deps:

sudo apt-get install curl git mercurial make binutils bison gcc build-essential

Python Development with PyEnv

Nice howto on that from davebehnke.com

sudo apt-get -y install python3-pip python3-dev python3-wheel python-tox python3-nose python3-coverage make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm

Syncthing

sudo add-apt-repository -y ppa:ytvwld/syncthing
sudo add-apt-repository -y ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get -y install syncthing syncthing-gtk

Quassel IRC Client (git/development version!). I have a quassel-core (means server) somewhere in the wild.

sudo add-apt-repository -y ppa:mamarley/quassel-git
sudo apt-get update
sudo apt-get -y install quassel-client

Skype

sudo dpkg --add-architecture i386
sudo apt-get update
wget -O skype-install.deb http://www.skype.com/go/getskype-linux-deb
sudo dpkg -i skype-install.deb; sudo apt-get -f install
rm -f skype-install.deb

Remote desktop (RDP+VNC) clients/managers - i use gnome-rdp and remmina (slowly switching over to remmina).

sudo apt-get -y install gnome-rdp remmina-plugin-rdp remmina-plugin-vnc libfreerdp-plugins-standard rdesktop xtightvncviewer

OpenVPN client

sudo apt-get -y install network-manager-openvpn-gnome

IPSec client

sudo apt-get -y install network-manager-vpnc-gnome

Tranmission Remote (for my apu1d4 :) )

  sudo apt-get -y install transmission-remote-gtk

PHP Dev

sudo apt-get -y install php5-cli php5-pear php-dev php-apc

Java Web start (for Cisco ASDM)

sudo apt-get -y install icedtea-7-plugin

Citrix Receiver

Goto https://receiver.citrix.com and download the .deb version

pushd .
cd Downloads
sudo dpkg -i icaclient_13.1.0.285639_amd64.deb; sudo apt-get install -f
popd

Audiograbber on Linux

sudo apt-get -y install install sound-juicer

Audio file tag editor

sudo apt-get -y install puddletag

Softether VPN

sudo add-apt-repository -y ppa:paskal-07/softethervpn
sudo sed -i -e's|vivid|trusty|g' /etc/apt/sources.list.d/paskal-07-ubuntu-softethervpn-vivid.list
sudo apt-get update
sudo apt-get -y install softether-vpnclient

sudo vpnclient start

Create a VPN connection:

pcdummy@ThinkPad-T410:~$ vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.17 Build 9562   (English)
Compiled 2015/05/30 17:41:38 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.

By using vpncmd program, the following can be achieved.

1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)

Select 1, 2 or 3: 2

Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:

Connected to VPN Client "localhost".

VPN Client>AccountCreate
AccountCreate command - Create New VPN Connection Setting
Name of VPN Connection Setting: pcdummy.lan

Destination VPN Server Host Name and Port Number: apu1d4.home.pc-dummy.net:8888

Destination Virtual Hub Name: vpn.pcdummy.lan

Connecting User Name: jochumr

Used Virtual Network Adapter Name: 0

The command completed successfully.

Create a Password:

VPN Client>Accountpasswordset
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Name of VPN Connection Setting: pcdummy.lan

Please enter the password. To cancel press the Ctrl+D key.

Password: ********************
Confirm input: ********************


Specify standard or radius: standard

The command completed successfully.

Connect the newly created “Account”:

AccountConnect pcdummy.lan

Wine with 32bit default

sudo apt-get -y install wine1.7 wine-gecko:i386 wine-mono:i386

# Set wine to 32bit by default
cat <<EOF >> ~/.profile

# Set wine to 32bit
WINEARCH=win32
WINEPREFIX=$HOME/.wine32
EOF

source $HOME/.profile

Filezilla

sudo apt-get -y install filezilla

Google Chrome OpenSource - Chromium

sudo apt-get -y install chromium-browser chromium-browser-l10n

Google Chrome

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
sudo apt-get update
sudo apt-get -y install google-chrome-stable

Salt client

sudo add-apt-repository -y ppa:saltstack/salt
sudo apt-get update
sudo apt-get -qy install salt-minion

Misc

sudo apt-get -y install sshfs unrar screen pwgen whois uuid

LXC (Linux Container)

sudo add-apt-repository -y ppa:ubuntu-lxc/stable
sudo apt-get update
sudo apt-get -y install lxc lxctl cgmanager uidmap

Default NAT Bridge:

sudo sh -c 'cat <<EOF > /etc/default/lxc-net
USE_LXC_BRIDGE="true"
LXC_BRIDGE="mlabnatbr0"
LXC_ADDR="10.167.161.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.167.161.0/24"
LXC_DHCP_RANGE="10.167.161.100,10.167.161.254"
LXC_DHCP_MAX="153"
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
LXC_DOMAIN="mlabnat.pcdummy.lan"
EOF'

By default other lxc hosts will go over my NAT interface:

sudo sed -i -e's|lxc.network.link = lxcbr0|lxc.network.link = mlabnatbr0|' /etc/lxc/default.conf

Make mlabnatbr0 the default for lxc:

sudo sh -c 'cat <<EOF > /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = mlabnatbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
EOF'

Install and configure radvd and dnsmasq for lxc mlabnatbr0:

sudo apt-get -y install radvd
sudo sh -c 'cat <<EOF > /etc/radvd.conf
interface mlabnatbr0
{
   # Advertise
   AdvSendAdvert on;

   # Maximum time between RAs
   MaxRtrAdvInterval 60;

   AdvManagedFlag on;

   prefix fd57:c87d:f1ee:ee01::1/64
   {
        # We are the only router. If we shut down, nobody else can route
        # this prefix -- tell clients about this.
        DeprecatePrefix on;
   };
};
EOF'

sudo sh -c 'cat <<EOF > /etc/lxc/dnsmasq.conf
dhcp-range=::add:0:0:100,::add:0:0:1e3, constructor:mlabnatbr0, 12h

dhcp-option=option:all-subnets-local,1
dhcp-option=option6:dns-server,[::]
dhcp-option=option6:ntp-server,[::]
dhcp-option=option:domain-search,mlabnat.pcdummy.lan
EOF'

Create the lxd user and give him some permissions:

sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd # /bin/bash so i can "ssh lxd@localhost"
sudo usermod -a -G lxd pcdummy
# Give lxd 99 uid/gid ranges to map.
for i in {1..99}; do
    sudo usermod --add-subuids ${i}00000-${i}65536 lxd
    sudo usermod --add-subgids ${i}00000-${i}65536 lxd
done # This takes a while
sudo mkdir /var/lib/lxd
sudo chown lxd:lxd /var/lib/lxd
sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/
sudo sudo -H -u lxd sh -c 'cat <<EOF > /var/lib/lxd/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65537
lxc.id_map = g 0 100000 65537
EOF'

Allow userspace containers to use the network interfaces:

echo 'lxd veth mlabnatbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
echo 'lxd veth mlabbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null

Restart lxc and lxc-net

sudo service lxc stop
sudo service lxc-net restart
sudo service lxc start

For “ssh lxd@localhost”

sudo apt-get -y install openssh-server
sudo mkdir /var/lib/lxd/.ssh/
sudo cp $HOME/.ssh/workkey.pub /var/lib/lxd/.ssh/authorized_keys
sudo chown -R lxd:lxd /var/lib/lxd/.ssh/

Gimp

sudo apt-get -y install gimp gimp-help-de gimp-plugin-registry

Rhythmbox close on hide

pushd .
mkdir -p ~/.local/share/rhythmbox/plugins
cd ~/.local/share/rhythmbox/plugins
git clone https://github.com/fossfreedom/close-on-hide
popd

after close rhythmbox and open it again (real close), then enable
the plugin, have fun.

DNS .local fix

At my employer we use a .local Domain, the above link shows you how to fix it.