Emulating Amstrad PC1512

My first computer was Amstrad Schneider PC1512SD  so it's understandable that I'm attached to that computer. I own two of them but since lately I don't have enough time to play with them I started to search for emulators to be able to try from time to time old software and games I've used. Since I lost some time to figure out how to emulate Amstrad, I decided to document everything in this blog post. This should be useful to me when I decide I want to play with it again in the future, but it can also help anyone else following my footsteps.

First I needed to find PC XT emulator. Modern day emulators/virtualization solutions like Qemu, VirtualBox, VMWare, and even Bochs do not support anything older than Pentium. So, some other emulator has to be used. After some time spending searching for XT emulators I found the following candidates:

1. MAME
2. PCem
3. PCjs

Turns out MAME and PCem support Amstrad PC1512 while PCjs doesn't. So I decided to go with PCem and MAME. After some trying I didn't manage to get anything from PCem. Namely, after starting emulation the screen was completely garbled so I decided to try MAME. I spent some time trying to figure out how to emulate Amstrad using MAME. Here is the essence of it on Fedora 27:

1. First, you need to install mame package. This package is present in Fedora repository so except of 'dnf install mame' no additional configuration is necessary.
2. Next, you need to obtain ROM images from Amstrad. After some (actually a lot of) Googling I managed to find them. If I remember correctly, I obtained them via MAME ROMS package.

ROMs that you should have are any of the following three ones:

1. Version 1 ROMs: 40044.ic132 (8kB, SHA1: 7781d4717917262805d514b331ba113b1e05a247) and 40043.ic129 (8kB, SHA1: 74002f5cc542df442eec9e2e7a18db3598d8c482)
2. Version 2 ROMs: 40044v2.ic132 (8kB, SHA1: b12fd73cfc35a240ed6da4dcc4b6c9910be611e0) and 40043v2.ic129 (8kB, SHA1: c376fd1ad23025081ae16c7949e88eea7f56e1bb)
3. Version 3 ROMs: 40044-2.ic132 (8kb, SHA1: b77fa44767a71a0b321a88bb0a394f1125b7c220) and 40043-2.ic129 (8kB, SHA1: 18a17b710f9eb079d9d7216d07807030f904ceda).

The names are as expected by MAME. In addition there'll be some other ROMs too:

1. 40045.ic127 (8kb, SHA1: 7d858bbb2e8d6143aa67ab712edf5f753c2788a7)
2. 40078.ic127 (8kB, SHA1: bc8dc4dcedeea5bc1c04986b1f105ad93cb2ebcd)
3. wdbios.rom (8kB, SHA1: 601d7ceab282394ebab50763c267e915a6a2166a)

The first two are, I believe, fonts while the third one is necessary only if you want to emulate HD version of PC1512.

Create in the current (working) directory folder named pc1512 and place selected ROMs into it.

We can now start emulator. Use the following command line:

$ mame pc1512 -rompath . -window -uimodekey DEL_PAD

The first argument to MAME emulator is machine that should be emulated, in our case its PC1512. The option rompath instructs MAME to search for ROMs in the current directory. In our case it'll search for folder named pc1512 and within it for ROMs names as given above. The the option window prevents MAME from going fullscreen (and I had some problems exiting). Finally, the option uimodekey defines escape key to access internal menu.

This will give famous "Pleas wait..." message from BIOS and then "Insert SYSTEM disk into drive A" message. Now we are at the point of providing boot disks to the emulated machine. For that it is necessary to obtain images of Amstrad PC1512 disks. You can find them here. The problem is that disks 1 and 4 are given in CFI format (Compressed Floppy Image, created by tool FDCOPY.COM), while disks 2 and 3 are archives.

So, after unpacking disk 1 (46001.Zip) and disk 4 (46004.Zip) you are presented with files 46001.CFI and 46004.CFI which are not recognized by MAME. To convert them into appropriate format use the following command:

dsktrans -itype cfi 46001.cfi 46001.dsk

dsktrans is a tool that is part of libdsk-tools package, also part of the Fedora repository. So, just run 'dnf install libdsk-tools' and that should be it. After converting 1st disk you can also convert 4th disk.

Now, we are ready to start MAME with system disk provided. One way to do that is to open internal MAME menu after staring PC1512 and then attaching disk image. The other way is to use command line:

mame pc1512 -rompath . -window -uimodekey DEL_PAD -flop 46001.dsk

The new option is flop that defines image to be used as a floppy in a floppy disk. By the way, to find out supported floppies you can use the following command:

mame pc1512 -listmedia

and take a note of (brief) column.

What happens now is that you are provided with MS DOS command prompt in emulated machine.

The next step is to start GEM, but before that I have to find out how to create floppy disk image. Note that the tools imgtool that is part of MAME gives segmentation fault on almost any command you try. Anyway, stay tuned for GEM...

Some useful resources I found while working on this:

• Amstrad XT Pages
• Cliff Lawson Amstrad pages

Lock remote deskop over ssh

I had a seemingly simple problem, connect over SSH to remote computer and lock the screen. Simple Google search for "gnome lock screen" yielded a plenty of results all of which revolving about using command gnome-screensaver-command -l.  First of, the package gnome-screensaver isn't installed by default on Fedora, meaning it isn't used there. Then, after installing it I got the following error message:

** Message: Failed to get session bus: Error spawning command line 'dbus-launch --autolaunch=062fabbac04041679f56c8db8593c352 --binary-syntax --close-stderr': Child process exited with code 1

Ok, turns out that session DBus is inaccessible and that gnome-screensaver-command just sends a message over DBus. Using d-feet it was easy to find out object, interface and method to use to lock the screen, but how to access DBus was a bit harder. The easy part was to find out that the key is in environment variable DBUS_SESSION_BUS_ADDRESS which has to point to a DBus daemon socket. But harder was to find where this socket is by looking into usual places on the file system. Finally, turned out that the easiest was to look at the environment of an existing process and get value from there, i.e.:

$ cat /proc/`pidof gnome-shell`/environ | \
              tr '\0' '\n' | grep DBUS_SESSION_BUS_ADDRESS
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-dl1GC6PYCt,guid=33abd4a9e6bb3dee9262121d5819bdf1

tr command is necessary because entries in the environment are separated by NULL character (i.e. they are strings in C), so we are changing them into new line. Finally, grep just takes out the entry we are interested in. BTW, sorry for the useless cat use, but it is leftover as I constructed the command. :)

When you have properly set environment variable to access DBus, it is easy to invoke method Lock() that locks the screen, i.e.:

dbus-send --print-reply --session \
          --type=method_call --reply-timeout=3000 \
          --dest='org.gnome.ScreenSaver' \
          /org/gnome/ScreenSaver \
          org.gnome.ScreenSaver.Lock

and that will lock the screen. What's left to do is just to glue everything into a script:

#!/bin/bash
PID=`pidof gnome-shell`
DBUS_SESSION_BUS_ADDRESS=$(tr '\0' '\n' < /proc/${PID}/environ | grep "DBUS_SESSION_BUS_ADDRESS" | cut -d "=" -f 2-) \
dbus-send --print-reply --session --type=method_call --reply-timeout=3000 --dest='org.gnome.ScreenSaver' /org/gnome/ScreenSaver org.gnome.ScreenSaver.Lock

Just copy that into a file, make it executable and try it. It should work every time. :)

Fedora 25, kernel 4.9 and VMWare Workstation 12.5.2

Well, after upgrading Fedora 25 which included kernel 4.9.5, VMWare Workstation stopped working again! The fix is easy, even though it annoying to constantly have to patch something in VMWare. Anyway, the procedure - taken from here - is:

1. Switch to root account.
2. Go to /usr/lib/vmware/modules/source.
3. Make backup of files vmmon.tar and vmnet.tar.
4. Unpack those files using 'tar xf' command.
5. Patch file vmnet-only/user_if.c, i.e. you have to open it in you favorite text editor and in function UserifLockPage() that's around line 113 change the following part:
   

   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
       retval = get_user_pages(addr, 1, 1, 0, &page, NULL);
   #else
       retval = get_user_pages(current, current->mm, addr,
                   1, 1, 0, &page, NULL);
   #endif

   with the following:
   

   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)
        retval = get_user_pages(addr, 1, 0, &page, NULL);
   #else
   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
        retval = get_user_pages(addr, 1, 1, 0, &page, NULL);
   #else
        retval = get_user_pages(current, current->mm, addr,
                    1, 1, 0, &page, NULL);
   #endif
   #endif

6. Then, in file vmmon-only/linux/hostif.c in function HostIFGetUserPages() that's around line 1158, change the following
   

   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
      retval = get_user_pages((unsigned long)uvAddr, numPages, 0, 0, ppages, NULL);
   #else
      retval = get_user_pages(current, current->mm, (unsigned long)uvAddr,
                              numPages, 0, 0, ppages, NULL);
   #endif

   with
   

   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)
      retval = get_user_pages((unsigned long)uvAddr, numPages, 0, ppages, NULL);
   #else
   #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
      retval = get_user_pages((unsigned long)uvAddr, numPages, 0, 0, ppages, NULL);
   #else
      retval = get_user_pages(current, current->mm, (unsigned long)uvAddr,
                              numPages, 0, 0, ppages, NULL);
   #endif
   #endif

7. Create new vmmon.tar and vmnet.tar using the following commands:
   

   tar cf vmnet.tar vmnet-only
   tar cf vmmon.tar vmmon-only

8. Start vmware as you would normally start it. This will trigger module compilation and everything should work.

Note that you are doing everything at you own risk! :)

A bit about RSS feed readers on Linux

I'm monitoring lot of sites using RSS so having a good RSS feed reader is mandatory for me. Once upon a time, I used Liferea but since I have a lots of RSS feeds with lots of posts I want to keep around, turned out that Liferea wasn't designed with scalability in mind. So, I decided to find another one. Web based readers are out of question, because I prefer desktop applications. Not to mention that locally I have lot of disk storage that I don't have to pay, while storage in the cloud I would have to pay due to my heavy use of it.

After a search I settled on QuiteRSS. In the process I tried RSSOwl but I wasn't able to start it due to different XULRunner version on my Fedora. Besides, it turns out the last version of RSSOwl was released in December 2013, and isn't maintained any more. QuiteRSS was very good, but it turned out that the bug in Webkit started to annoy me. So, I started to explore RSS feed readers again. Note that I have the following requirements:

• No Web application! I want desktop RSS feed reader with GUI interface. It would be nice, though, that I can synchronize it with a reader on a mobile phone!
• I have a large number of feeds and keep a lot of new (that is unread :D) posts around. So, scalability is of paramount importance.
• And last, but not least, nice looking and usable GUI. 

This brought me to three candidates: QuiteRSS, FeedReader and RSSGuard. I'll describe each of them in a bit more details below. But before that, note that this is a live post, i.e. I'll still try all the mentioned readers and update it with new experience. Also, I would like to hear you comments/sugestions, so if you have any, please leave a comment.

QuiteRSS

QuiteRSS is quite good and I'm using it all the time. There is a homepage and GitHub development page. It has the ability to tag posts, mark them as a read, etc.

It is interesting to look at QuiteRSS GitHub page. From there, the following conclusions can be inferred:

1. QuiteRSS is quite popular, 33 watches, 180 stars and 28 forks.
2. QuiteRSS is basically in maintenance mode since there is no substantial activity since 2014. From 2012 to 2014 development was very intensive.
3. There are 212 open issues and 719 closed ones. I think that there are a lot of open issues but more thorough statistics has to be performed to know for certain.

The problems are the following ones, from the most important to the least important ones:

• You have to disable JavaScript because QuiteRss often freezes on some feeds while loading. It still freezes with some RSS feeds and if that happens some history is lost (read feeds, marked/tagged feds, etc).
• If you accidentally click on a link to PDF file, QuiteRSS freezes!
• Once I mistakenly selected the option "Mark all news read" which is irreversible. There is no confirmation dialog for such cases.
• Some posts on GitHub are in Russian. That's a problem because not everyone is speaking Russion. ;)
• It depends on Qt4 and Webkit4 that are not maintained any  more.

FeedReader

FeedReader is a interesting because it has two components, daemon and a front end. This is uniqe to other readers that bundle those functions together into a single binary. You can read more about this reader on its homepage, and there is also GitHub development page. Looking at the Web page, it has a lots of features but I'm using only a few, if any at this stage. Take this into account while reading this review. Looking at the GitHub page of FeedReader, the following conclusions can be inferred:

1. FeedReader is somehow less popular than QuiteRss. It has 26 watches (against 33 for QuiteRss), 152 stars (against 180) and 6 forks (against 28).
2. FeedReader is in active development, and all the activity is concentrated in 2016 with some additional in 2015.
3. There are 27 open issues and 197 closed ones. This is better ratio than for QuiteRss, but again more research has to be done!

First problem I had was while removing feeds. It was painful because it doesn't allow selection of multiple feeds or feed groups at once.

The next problem was that only two level hierarchy supported, while in QuiteRSS I have three level. So, importing OPML file with multiple levels will result in transforming everything into two layers.

While removing certain feed folders, some of them kept coming back! Maybe the problem was that I right-clicked on a feed and selected delete but it was necessary to first left-click and then right-click. Who will know...

RSS Guard

RSS Guard, as all the other feed readers mentioned above, has its GitHub development page. As for the homepage, it uses Wiki on GitHub. Again, by looking into GitHub page, the following conclusions can be made:

1. RSSGuard has 6 watches, 21 stars and 6 forks. This makes it the lowest ranked by popularity of the three RSS readers reviewed here.
2. RSSGuard is in development since 2013 with evenly spread development efforts. This probably means it isn't going to be finished soon.
3. It has 11 open issues reported and 51 closed. Which isn't that bad.

So, some shortcomings from the personal experience. It is a bit non-intuitive. It took me some time to realize that in order to import OPML file, first I have to create account. Another non-intuitive task was the process of importing itself. When you select OPML file and all the feeds appear, you click OK, but then you have to click Close. First time I clicked twice OK and got all the feeds imported twice!

It support multilevel feed organization, but it is not possible to fold certain feed groups, i.e. they are always unfolded! I finally realized that it is possible to fold a folder, you just need to click twice in order to fold/unfold it. But, this isn't something particularly intuitive, nor visible. Namely, if the folder is folded there is no indication nor there is indication that that the folder can be folded.

When I click "Update all items" button in a toolbar, I expected that all feeds will be updated. But for some reason, that didn't happen.

Conclusion

Comparing development of each of the proposed readers, it turns out that each one of them basically depends on a single developer and has its own pros and cons. In the end, I think that despite its shortcomings, QuiteRSS is still the best feed reader closely followed by FeedReader. If development activity of FeedReader continues with the same intensity, expect that it will become the best RSS among the three.

ChangeLog

• 20161101 - Initial version

Fedora 24, kernel 4.7 and VMWare Workstation 12.1.

As usual, when Fedora upgrades kernel to a new major version VMWare stops working. In this particular case my Fedora was upgraded to Linux kernel version 4.7.2. The fix I found is the following one:

# cd /usr/lib/vmware/modules/source
# tar xf vmnet.tar
# mv vmnet.tar vmnet.old.tar
# sed -i -e 's/dev->trans_start = jiffies/netif_trans_update\(dev\)/g' vmnet-only/netif.c
# tar cf vmnet.tar vmnet-only
# vmware-modconfig --console --install-all

And that was it!

Note that this works if you upgraded from linux kernel version 4.6. In case you've upgraded from some earlier version, you'll have to patch it first for those version. Here is how to patch VMWare Workstation to work with Linux kernel version 4.6.

Quick note about Fedora 24 and VMWare Workstation 12.1

I just updated Fedora 24 from update-testing repository and that pulled Linux kernel 4.6. Well, as usual, VMWare Workstation needed some patching in order to work. Luckily, I quickly found a fix on VMWare forums. Note that at the end of the thread there is a script you can use to automatically patch necessary files. But, be careful, I didn't try it!

Anyway, after patching, run:

vmware-modconfig --console --install-all

and that should be it!

Just as a sidenote, turns out that the same info I found on Arch Wiki page devoted to VMWare. And that page is full of information so you should bookmark it and whenever you have a problem with VMWare check there.

Edit 20160707: The script mentioned above had some errors in it. Here is the fixed version.

Lenovo W540 and Fedora 21

At the end of the November 2014. I got a new laptop, Lenovo W540, and immediately I started taking notes about this machine with my impressions. I'm a long time W-series Lenovo user, and I think that those notebooks are very good machines, albeit a bit more expensive so probably not for an average user. Anyway, this post has been in making for some time now, and I'll update it in a due course. In it I'll write about my impressions, as well as about installing and using Fedora 21 on this machine. Note that when I was starting to write this post Fedora 21 was in beta. So, everything I say here might change in final release (in case I don't change a post).

First, let me start by positive observations about the machine:

• The new machine is thinner than the W530.
• Power adapter seems to be smaller than the one for W530 model.
• Very easy to access RAM slots and hard disk slot in case you want to upgrade RAM and/or put another disk in it.

Well, true, that's a very short list. So, here are some negative ones:

• They again changed connector for attaching power adapter. In other words, anything you have thus far (and I have quite a lot!) won't work for this machine.
• There is no lock that holds the lid closed.
• At first, I thought that there is no LEDs that, when you close a lid, show you the state of the laptop. This is important because now I don't know if the laptop is in sleep mode or not when the lid is closed. But later I realised that there is, it is a dot over letter i in ThinkPad logo in the lower right corner of a lid (looking from above).
• There is numeric part of the keyboard that, honestly, I don't need. This space was gained by not having speakers on both sides of the keyboard as in W530. Later I realised even more how cumbersome this part of keyboard is. Namely, I'm holding this machine a lot of time on my lap and because of numerical keyboard I can not have laptop centered while holding it in my lap.
• There are no more buttons on touchpad, the touchpad itself is a button. But I managed to get used to it by getting rid of the reflex to click with separate arm.
• Fn keys are overloaded with different additional functionalities. For example, F1 key is mute now and it has also LED indicator! Furthermore, all the function keys have alternative functionality that you obtained in the previous models using Fn key. Now, it is opposite, you get the regular functionality of those keys by pressing Fn key in the lower left corner! This is weird! Only later I found out that there is a small led diode on the Fn key, and if you press Fn+Esc it turns on meaning that keys are now function keys, F1, F2, etc.

To be honest, I don't like those changes and probably it'll take some time until I get used to them.

Installing OS

Ok, now about Fedora 21 installation. First, I changed the laptop to use UEFI boot exclusively. I don't know if this is good or bad, but in the end I did it. Note that there is hybrid mode, i.e. both old BIOS and new UEFI will be used for boot process (which ever one manages to boot the machine), but I didn't use it. Anyway, since I removed CDROM I had to boot it somehow to install Fedora 21. First, I tried with PXEBOOT. But, no luck with UEFI. Note that I managed to boot the machine using old BIOS. This means that I properly configured everything for network boot using old BIOS, but not for new UEFI BIOS. Since I wanted to have UEFI boot, I gave up from this option.

Since I managed to obtain a USB stick I decided to go that route. First, I dd'ed efidisk.img file, and that booted laptop, but it couldn't find anything to install from, yet alone start installation. So, I downloaded live Fedora 21 Workstation and dd'ed that to USB disk. That worked.

For some strange reason, I decided to use BTRFS filesystem. Actually, the reason is that I can mount separate root and home partitions that use the same pool of free space. That way it won't happen that I have low free space on one partition, and a lot of space on another partition. But, I didn't notice that encryption is selected separately for the whole volume, and not for a specific file system, i.e. mount point. Since no reasonable person will install OS these days without encryption, I did installation several times until I managed to get over that problem.

While working with new OS what frustrated me a lot was a touchpad. It didn't get click when I tried to left click, it scrolled randomly, and I couldn't find middle click or the right click. Also, the problem was that I pressed mouse button and then scrolled while the mouse button was pressed. This is also somehow problematic on this touchpad.

Here are some additional links I found:

• Debian on ThinkPad W540
• ThinkWiki: Category:W540
• Middle-button scrolling on Thinkpad W540
• http://superuser.com/questions/681430/editing-new-lenovo-touchpad-zones-in-linux
• https://gist.github.com/tfg13/7628614

That's it for now. Stay tuned for more...

Fedora 20 update to kernel 3.17.2-200 and VMWare Workstation

Since I updated to VMWare Workstation 10.0.5 at the end of January 2015, things were again broken. Returning to this post I found that the link in the post now points to something that has changed and there is no patch nor instructions of what to do. So, I had to google again and now I placed the complete instructions in this post so that the next time I don't have to google again.

It turns out that there is a single line that has to be changed in the vmnet module in order for VMWare to be runnable again. So, here are the steps you have to do in order to patch the file:

1. Create temporary directory, e.g. /tmp/vmware and position yourself in that directory.
2. Create a file named vmnet.patch and put into it the following content:
   
   

   diff -ur vmnet-only.a/netif.c vmnet-only/netif.c
   --- vmnet-only.a/netif.c    2014-10-10 03:23:08.585920012 +0300
   +++ vmnet-only/netif.c  2014-10-10 03:23:09.245920008 +0300
   @@ -149,7 +149,7 @@
       memcpy(deviceName, devName, sizeof deviceName);
       NULL_TERMINATE_STRING(deviceName);
   
   -   dev = alloc_netdev(sizeof *netIf, deviceName, VNetNetIfSetup);
   +   dev = alloc_netdev(sizeof *netIf, deviceName, NET_NAME_UNKNOWN, VNetNetIfSetup);
       if (!dev) {
          retval = -ENOMEM;
          goto out;
   

   
   
3. Unpack /usr/lib/vmware/modules/source/vmnet.tar in the current directory (/tmp/vmware):
   
   

   tar xf /usr/lib/vmware/modules/source/vmnet.tar
   

   
   
4. Patch the module:
   
   

   cd vmnet-only; patch -p1 < ../vmnet.patch; cd ..
   

   
   
5. Make a copy of old, unpatched, archive:
   
   

   mv /usr/lib/vmware/modules/source/vmnet.tar /usr/lib/vmware/modules/source/vmnet.tar.SAVED
   

   
   
6. Create a new archive:
   
   

   tar cf /usr/lib/vmware/modules/source/vmnet.tar vmnet-only
   

   
   
7. Start vmware configuration process:
   
   

   vmware-modconfig --console --install-all
   

Hopefully, that should be it.

Old instructions (not valid any more!)

Well, here we go again. After recent update which brought kernel 3.17 to Fedora 20, VMWare Workstation 10.0.4 had problems with kernel modules. Luckily, after some short googling I found a solution. That solution works. There are two things that might confuse you though:

1. After cd command and before for loop you have to switch to root account (that is indicated by prompt sign change from $ to #).
2. The substring kernel-version in patch command should be replaced with a string "3.17". That is actually the name you gave to a file while executing curl command at the beginning of the process.

Anyway, that's it.

Kernel upgrade to 3.13.3-201 and VMWare Workstation...

I just started VMWare for the first time after upgrade and restart into kernel 3.13.3-201, and it didn't work. Well, I already got used to it. Anyway, the fix was very quick. I found a patch in a post on VMWare forums, downloaded it and applied it. The application process is a bit more manually involved that with the previous patches. You need to:

1. Switch to root user.
2. Go to the /usr/lib/vmware/modules/source directory
3. Unpack vmnet.tar using tar command.
4. Enter into newly created vmnet-only directory
5. Apply patch (patch -p1 < path_and_name_of_unpacked_patch_file). Patch shouldn't make any noise, only patched file is displayed.
6. Go one level up (exit vmnet-only directory)
7. Rename existing vmnet.tar into something else, just in case.
8. Create new vmnet.tar (tar cf vmnet.tar vmnet-only)
9. Start vmware

And that's it...

Gnome Shell's calendar and Thunderbird

After I installed Fedora 20, I noticed that the calendar in Gnome Shell's clock doesn't work, i.e. it doesn't show scheduled entries. Actually, this didn't work in the older version of Fedora, neither. But now, I decided to make it work. Before describing what I've tried, and what I did, I have to describe my setup. First of, I'm using Thunderbird. Evolution proved too unstable for me so I ditched it. Next, all my calendars are stored on Google, so, no local calendar in Thunderbird. The reason I'm using Google calendars is to be able to sync with mobile phone. The reason for local client, instead of Web client, is pure habit and comotion, I like more desktop clients than the Web based. Finally, I don't mind having some additional software being installed no matter if I use it directly or not. So, usually, I have Evolution installed alongside Thunderbird.

Gnome Shell's calendar allows integration only with Evolution, Thunderbird isn't allowed. This is actually expected, as Thunderbird is primarily mail application. But using Lightning plugin, it is a very good calendar solution, too. So, no easy way to define Thunderbird as default calendar application. After some quick googling, I found the following plugin for Thunderbird. Basically, it synces Thunderbird's calendar with Evolution's, one way, and that's it. When I wanted to install it, I had a small, and unrelated, problem. Namely, I could not find how to install it in Thunderburd?! There was no option in Thunderbird for managing Addons!? After some short Googling I finally realized that the menu option on the upper right hand side (icon with three parallel lines) isn't actually the full menu! I managed to open full Tools menu item by pressing Alt+F.

After I installed this plugin, and restarting Gnome and then Thunderbird, it didn't work So, the next I tried this. But first, I checked what was the current setting:

$ gsettings get org.gnome.desktop.default-applications.office.calendar exec
'evolution -c calendar'

Ok, now I changed the value using the following command:

$ gsettings set org.gnome.desktop.default-applications.office.calendar exec thunderbird

That didn't work either. It occured to me that the problem might be that I'm using Thunderbird profiles, so I also tried to define a profile in the command:

gsettings set org.gnome.desktop.default-applications.office.calendar exec 'thunderbird -P MyProfile'

Still, no luck! Then I went back to the plugin page and saw there that I have to create initial Evolution profile. I tried that too, but again, no luck. Maybe the problem was that I'm not using local calendars but remote ones. But then I realized that there is very easy solution. Namely, I created Evolution profile that is connected to Google calendars and synces with them. Google calendars are, in turn, connected to Thunderbird and everything works!

Yet, I didn't managed to get Thunderbird used when I click on Open Calendar option in the Gnome Shell's clock. Evolution is always used. Note that I tried two things, and both didn't help. First, I tried to define Thunderbird as default Calendar application using gsettings command as described above. Next, I tried to define Thunderbird default Calendar application in menu that is accessed by selecting All setting application, Details button, and there Default applications menu option. Note that Thunderbird isn't shown as a possible Calendar application. That is because its MIME type doesn't specify it as such. To change that I used procedure described here. In short, open file /usr/share/applications/mozilla-thunderbird.desktop in text editor and modify line MimeType so that it is

MimeType=message/rfc822;x-scheme-handler/mailto;text/calendar;text/x-vcard;:

Now, close text editor and update database file:

update-desktop-database -q

Finally, go to Details button and you'll see Thunderbird is now offered as a Calendar application, too.

In the end, I lost few hours investigating this and trying different solutions. Hopefully, someone will find this useful and will have to waste a lot less time.

Systemd waiting for external crypted disks...

I have an external, encrypted, disk that I periodically connect to the laptop. In order to have some easy to remember name, instead of UUID, I placed an entry in /etc/crypttab:

EXTDISK UUID=a809c218-f828-4149-bd9e-1c352a5f94df none

That way, when I connect disk, it will be automatically named EXTDISK and it will have an entry in /dev/mapper directory. Eventually, it will be mounted under /run/media/<userid>/EXTDISK. Note that there are only three fields in the line, each field separated from the other using space. The last field is passphrase placeholder, but I didn't want to have it written on the disk, so I used keyword none to signal that I want to type it each time the disk is opened.

The problem with this setup is that during  boot procedure, systemd waits for this disk to appear and, since there is no disk, it has to timeout. In system logs there will be messages like the following ones:

Dec 29 13:32:15 w530 systemd: Dependency failed for Cryptography Setup for EXTDISK.
Dec 29 13:32:15 w530 systemd: Dependency failed for dev-mapper-EXTDISK.device.
Dec 29 13:37:27 w530 systemd: Expecting device dev-mapper-EXTDISK.device...

The solution is simple. In newer versions of /etc/crypttab there is nofail option that should be added as a part of the fourth field. Note that, if there are multiple options in the fourth field, they all should be separated using commas and no spaces are allowed there. This option isn't listed in the manual page I linked in the introductory section of the post, so check your local manual page about crypttab.

As a side note, while searching for the solution of this timeout problem, I needed at one point to know which physical devices are beneath luks devices, i.e. my /dev/mapper directory looks like this:

# ls -l /dev/mapper/
total 0
crw-------. 1 root root 10, 236 Dec 29 13:27 control
lrwxrwxrwx. 1 root root       7 Dec 29 13:27 fedora-home -> ../dm-3
lrwxrwxrwx. 1 root root       7 Dec 29 13:27 fedora-root -> ../dm-2
lrwxrwxrwx. 1 root root       7 Dec 29 13:27 fedora-swap -> ../dm-1
lrwxrwxrwx. 1 root root       7 Dec 29 13:27 luks-a2c17ceb-222e-4cd2-3330-24a0a1111b43 -> ../dm-0
lrwxrwxrwx. 1 root root       7 Dec 29 13:27 luks-c7e8d2f7-1114-45c0-333b-fb8444222884 -> ../dm-4

What I was curious about are those two luks symlinks for which I didn't know their physical devices. It turned out its easy to find out, using cryptsetup tool:

# cryptsetup status luks-a2c17ceb-222e-4cd2-3330-24a0a1111b43
/dev/mapper/luks-a2c17ceb-222e-4cd2-3330-24a0a1111b43  is active and is in use.
  type:    LUKS1
  cipher:  aes-xts-plain64
  keysize: 512 bits
  device:  /dev/sda2
  offset:  4096 sectors
  size:    999184384 sectors
  mode:    read/write

So, there is an answer, /dev/sda2.

Upgrade to Fedora 20

This is a log of my tries to upgrade from Fedora 19 to Fedora 20 using fedup. The upgrade process wasn't really so flawless, but that was for three reasons. The first one was that on my laptop I have installed too many packages which creates problems by itself. Namely, on almost every update I have some problems with dependencies, so, it was expected to have problems during upgrade, too. Second problem was that I didn't pay attention to some details. Now, it might be argued that less skilled people will pay even less attention, and so, this will be a problem for them too, but then, I don't know. Finally, there was a third problem as well, and that were bugs in fedup package.

Ok, theoretically, to upgrade Fedora 19 to 20 you only have to do the following:

# fedup --network 20

and after that command finishes, reboot and the upgrade process will start. Finally, after one more reboot, you are in a new environment/OS. Of course, the process is a long one because everything is downloaded from the Internet. There is an option of using ISO image and downloading only updates/external repositories, but I didn't try it.

Problems

The first problems were related to available disk space. When fedup started download I realized that there could be problems with space. On root (/) partition I had available only few gigabytes, so I move two directories, /var/tmp/fedora-upgrade and /var/lib/fedora-upgrade, to /home partition where there was much more space, and created symlinks in the original directories so that fedup finds them.

After starting fedup again it downloaded everything necessary (continuing from where it stopped) and then it tested transaction. One problem was with the available space on the root (/) partition. That problem I solved by uninstalling some extra large packages. The easiest way to find out which packages take the most space is to use the following command:

# rpm -q --qf '%10{SIZE} %{NAME}\n' -a | sort -n

it will print out all packages with theirs sizes sorted from the smallest to the biggest one. So, I removed few biggest ones. I also removed some packages from /opt directory that I manually installed.

Ok, after I restarted fedup it didn't download everything again but after some tests of downloaded packages it tested the upgrade transaction. The following problems were reported:

WARNING: potential problems with upgrade
  ffmpeg2theora-0.29-4.fc19.x86_64 (no replacement) requires ffmpeg-libs-1.2.4-2.fc19.x86_64 (replaced by ffmpeg-libs-2.1.1-1.fc20.x86_64)
  gcc-python3-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python3-plugin-0.12-15.fc20.x86_64) requires gcc-python3-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python3-plugin-0.12-15.fc20.x86_64)
  perl-HTML-Template-2.95-1.fc19.noarch (no replacement) requires 4:perl-5.16.3-266.fc19.x86_64 (replaced by 4:perl-5.18.1-288.fc20.x86_64)
  rubygem-audited-activerecord-3.0.0-3.fc19.noarch (no replacement) requires 1:rubygem-activerecord-3.2.13-1.fc19.noarch (replaced by 1:rubygem-activerecord-4.0.0-1.fc20.noarch)
  gnome-shell-extension-xrandr-indicator-3.8.4-1.fc19.noarch (no replacement) requires gnome-shell-extension-alternative-status-menu-3.8.4-1.fc19.noarch (replaced by gnome-shell-extension-common-3.10.1-1.fc20.noarch)
  gcc-python3-debug-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python3-debug-plugin-0.12-15.fc20.x86_64) requires gcc-python3-debug-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python3-debug-plugin-0.12-15.fc20.x86_64)
  1:NetworkManager-wimax-0.9.8.8-2.fc19.x86_64 (no replacement) requires 1:NetworkManager-0.9.8.8-2.fc19.x86_64 (replaced by 1:NetworkManager-0.9.9.0-20.git20131003.fc20.x86_64)
  gcc-python2-debug-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python2-debug-plugin-0.12-15.fc20.x86_64) requires gcc-python2-debug-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python2-debug-plugin-0.12-15.fc20.x86_64)
  gcc-python2-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python2-plugin-0.12-15.fc20.x86_64) requires gcc-python2-plugin-0.12-15.fc19.x86_64 (replaced by gcc-python2-plugin-0.12-15.fc20.x86_64)
  gazpacho-0.7.2-13.fc19.noarch (no replacement) requires python-kiwi-gazpacho-1.9.26-6.fc19.noarch (replaced by python-kiwi-glade-1.9.38-2.fc20.x86_64)
  python-iguanaIR-1.0.3-2.fc19.x86_64 (no replacement) requires iguanaIR-1.0.3-2.fc19.x86_64 (replaced by iguanaIR-1.0.5-2.fc20.x86_64)

Finally, it asked for reboot to start upgrade. But, I decided to remove offending packages which were those with f19 tag in the package name. Then, I started fedup again. It again found some problems:

WARNING: problems were encountered during transaction test:
  broken dependencies
    gazpacho-0.7.2-13.fc19.noarch requires python-kiwi-gazpacho-1.9.26-6.fc19.noarch
    perl-HTML-Template-2.95-1.fc19.noarch requires perl-4:5.16.3-266.fc19.x86_64
    python-iguanaIR-1.0.3-2.fc19.x86_64 requires iguanaIR-1.0.3-2.fc19.x86_64
    kmod-VirtualBox-3.11.10-200.fc19.x86_64-4.3.4-1.fc19.x86_64 requires kernel-3.11.9-200.fc19.x86_64, kernel-3.11.7-200.fc19.x86_64, kernel-3.11.10-200.fc19.x86_64
    gcc-python3-plugin-0.12-15.fc20.x86_64 requires gcc-python3-plugin-0.12-15.fc20.x86_64
    gnome-shell-extension-xrandr-indicator-3.8.4-1.fc19.noarch requires gnome-shell-extension-common-3.8.4-1.fc19.noarch
    rubygem-audited-activerecord-3.0.0-3.fc19.noarch requires rubygem-activerecord-1:3.2.13-1.fc19.noarch
    ffmpeg2theora-0.29-4.fc19.x86_64 requires ffmpeg-libs-1.2.4-2.fc19.x86_64
    gcc-python2-plugin-0.12-15.fc20.x86_64 requires gcc-python2-plugin-0.12-15.fc20.x86_64
    kmod-VirtualBox-3.11.9-200.fc19.x86_64-4.3.4-1.fc19.x86_64 requires kernel-3.11.9-200.fc19.x86_64, kernel-3.11.7-200.fc19.x86_64, kernel-3.11.10-200.fc19.x86_64
    gcc-python3-debug-plugin-0.12-15.fc20.x86_64 requires gcc-python3-debug-plugin-0.12-15.fc20.x86_64
    kmod-VirtualBox-3.11.7-200.fc19.x86_64-4.3.2-1.fc19.3.x86_64 requires kernel-3.11.9-200.fc19.x86_64, kernel-3.11.7-200.fc19.x86_64, kernel-3.11.10-200.fc19.x86_64
    NetworkManager-wimax-1:0.9.8.8-2.fc19.x86_64 requires NetworkManager-1:0.9.8.8-2.fc19.x86_64
    gcc-python2-debug-plugin-0.12-15.fc20.x86_64 requires gcc-python2-debug-plugin-0.12-15.fc20.x86_64
Continue with the upgrade at your own risk.

I tried again to remove some offending packages that were reported in the previous output, and started fedup again:

# fedup --network 20
setting up repos...
getting boot images...
.treeinfo.signed                          | 2.0 kB  00:00:00
setting up update...
finding updates 100% [===========================================================]
verify local files 100% [===========================================================]
testing upgrade transaction
rpm transaction 100% [===========================================================]
rpm install 100% [===========================================================]
setting up system for upgrade
Finished. Reboot to start upgrade.

I didn't managed to get rid of all transaction problems, more specifically there were problems with kmod-VirtualBox packages. But then, I gave up of trying to fix that and decided to continue with the upgrade. At that moment I made the next mistake which was that I rebooted before fedup finished. Namely, the last thing it printed was 'Finished. Reboot to start upgrade.' but it didn't give a prompt back. I mistakenly thought that it waits for me to reboot. But, it was actually still working! So, actually, nothing happened after boot. I was again in Fedora 19. After again starting fedup and checking what's happening I finally realized that fedup is still working (and consuming a lot of CPU) so I waited and finally I got the prompt back. Then I restarted the computer, selected fedora upgrade option, but nothing happened. I rebooted, and removed rhgb and quiet options from boot option to upgrade with fedup, and the last message I saw after removing rhgb and quite options from boot entry was:

[    5.733054] input: TPPS/2 IBM TrackPoint as /devices/platform/i8042/serio1/serio2/input/input7

Waiting dropped me finally into dracut shell with a message there is no root. It turned out that this message was obscuring passphrase message! Namely, I was asked for the passphrase to unlock disk, but I didn't saw it and everything stopped. After few reboots I realized this as the message was partially visible and I finally realized what was the problem.

Then, something else happened, the upgrade process didn't start. I ended up in the Fedora 19. It also took me some time to realize that fedup "forgot" to put the following options to boot entry:

upgrade systemd.unit=system-upgrade.target

and it did it repeatedly! In other words,  So, I manually added it and the upgrade finally started. Or at least it seamed so. It stopped suddenly, but I noticed that it complained about not finding file package-list and then I realized that symlink is wrong because all the partitions are mounted under sysroot. Namely, because I moved packages to other partition and symlinked it, upgrade process couldn't find it.  Symlinks looked like this:

/var/lib/system-upgrade -> /home/system-upgrade

But during upgrade process, home is mounted under /sysroot directory. So, I had to run fedup again, and after it prepared the system for upgrade, before rebooting, I changed symlinks so that they look like this:

/var/lib/system-upgrade -> /sysroot/home/system-upgrade

Note that after reboot to upgrade if you want to try again, you have to start fedup again. Namely, immediately before upgrade process starts, the boot option is removed from grub. This is safety measure, but it is annoying in case you are trying again.

Anyway, that symlink issue was the last problem, and it upgraded Fedora 19 to 20. It took me almost half a day to get to that point and I don't call this a most pleasant experience. In other words, I think that those things should be polished a bit better than they are.

One last thing, I had problems with fedup 0.7 and I had to upgrade to fedup 0.8. This was somewhere early in the whole process, but since I started to take notes later when I stumbled upon more problems, I didn't noted exactly where it happened, so I'm mentioning it here.

Problem with automatic VMWare upgrade from 9.0.1 to 9.0.2

VMWare Workstation checks upon startup if there are new version of the software, and if it is then it asks you if you want to upgrade. In case automatic checking is disabled, there is an option under the Help menu that allows manual triggering of that process. For some time now I was getting notification about free upgrade from 9.0.1 to 9.0.2 which I would enable, but which never finished for unknown reason. Instead of trying to figure out what was wrong I decided to try to do it manually. In the end, it turned out to be a semi-manual process. Namely, when I received an error message about being unable to upgrade I looked where downloaded files are. It turned out that they are stored in /tmp directory but that they have UUID like names, i.e.:

$ ls -l
total 381768
-rw-r--r--.  1 sgros zemris  66211840 Kol 29 13:28 06dd4484-5c02-4c5d-992c-ff705703e6cb
-rw-r--r--.  1 sgros zemris  11253760 Kol 29 13:29 1cf5e724-f7d4-4f24-b484-30ebb16d593e
-rw-r--r--.  1 sgros zemris  61777920 Kol 29 13:29 2007e14d-3593-416f-b60e-08c4cd18693a
-rw-r--r--.  1 sgros zemris 232693760 Kol 29 13:31 364c998b-8b3b-4cfd-a2dc-67352a3eb082
-rw-r--r--.  1 sgros zemris  13096960 Kol 29 13:31 4b7424a6-e114-4832-be21-f0a3acf8c24b
-rw-r--r--.  1 sgros zemris     81920 Kol 29 13:31 8a8d105f-fd3d-404a-afc9-28411d6566fe
-rw-r--r--.  1 sgros zemris   5795840 Kol 29 13:31 d969898b-30bb-4c6d-bf45-5a7d52918359

Now, using file command it was easy to determine that they are actually tar archives so. So, I created new directory and unpacked all those files there. What I've got was one file with extension bundle and several files with an extension component.

# ls -l
total 390904
-rw-r--r--. 1   201    201      1161 Vel 26  2013 descriptor.xml
-rw-r--r--. 1   201    201  15207519 Vel 26  2013 vmware-tools-freebsd-9.2.3-1031769.x86_64.component
-rw-r--r--. 1   201    201  66202162 Vel 26  2013 vmware-tools-linux-9.2.3-1031769.x86_64.component
-rw-r--r--. 1   201    201     76615 Vel 26  2013 vmware-tools-netware-9.2.3-1031769.x86_64.component
-rw-r--r--. 1   201    201  13088243 Vel 26  2013 vmware-tools-solaris-9.2.3-1031769.x86_64.component
-rw-r--r--. 1   201    201  61771010 Vel 26  2013 vmware-tools-windows-9.2.3-1031769.x86_64.component
-rw-r--r--. 1   201    201  11247429 Vel 26  2013 vmware-tools-winPre2k-9.2.3-1031769.x86_64.component
-rwxr-xr-x. 1 sgros zemris 232680125 Vel 26  2013 VMware-Workstation-9.0.2-1031769.x86_64.bundle

The bundle type file is actually an installer for a new version of VMWare, so I've run it as a root user and it installed new version of VMWare. The component files, on the other hand, have to be installed using vmware-install tool, e.g. to install vmware-tools-windows-9.2.3-1031769.x86_64.component file, execute the following command as a root user:

vmware-installer --install-component=vmware-tools-windows-9.2.3-1031769.x86_64.component

The same command has to be repeated for the other files too. But, note that those files are optional, depending what you've running. You can check which components you have installed using vmware-installer command with an option -t, i.e.
vmware-installer -t
And that was it. Of course, before being able to run VMWare I had to patch it again. But that was it.

VMWare Workstation and kernel 3.10 (again)

Change in the kernel version again broke VMWare Workstation. It would definitely be the best option for VMWare to try to integrate their modules into the kernel. In such a way maintenance of those modules would be bound with kernel and a lot of people would have a lot less annoyance. But, that's not the case and so such problems happen. In this case, the solution is again relatively easy. Just run the following commands, as is, and everything should work:

cd /tmp
curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmblock-9.0.2-5.0.2-3.10.patch
curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmnet-9.0.2-5.0.2-3.10.patch
cd /usr/lib/vmware/modules/source
tar -xvf vmblock.tar
tar -xvf vmnet.tar
patch -p0 -i /tmp/vmblock-9.0.2-5.0.2-3.10.patch
patch -p0 -i /tmp/vmnet-9.0.2-5.0.2-3.10.patch
tar -cf vmblock.tar vmblock-only
tar -cf vmnet.tar vmnet-only
rm -rf vmblock-only
rm -rf vmnet-only
vmware-modconfig --console --install-all

The commands were taken from this link. Note that curl commands are broken to two lines due to the space problems, but they should be typed in a single line. I tried this with VMWare Workstation 9.0.1 and kernel 3.10.9 and it worked flawlessly.

Getting Libreswan to connect to Cisco ASA 5500

Here are some notes about problems I had while trying to make Libreswan connect to Cisco ASA. Note that I'm using certificate based authentication in a roadwarrior configuration. The setup is done on Fedora 19.

The procedure, at least in theory, is quite simple. Edit, /etc/ipsec.conf file, modify /etc/ipsec.d/ipsec.secrets file, import certificates into NSS database and then start libreswan daemon. Finally, activate the connection. Well, it turned out that the theory is very far from the practice. So, here we go.

Preparation steps

First, I used the following ipsec.conf file when I started to test connection to the ASA:

version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
    nat_traversal=yes
    nhelpers=1
    protostack=netkey
    interfaces=%defaultroute

conn VPN
    # Left side is RoadWarrior
    left=%defaultroute
    leftrsasigkey=%cert
    leftcert=SGROS
    leftca=ROOTCA
    leftid=%fromcert
    leftsendcert=always
    # Right side is Cisco
    right=1.1.1.1 # IP address of Cisco VPN
    rightrsasigkey=%cert
    rightcert=CISCO
    rightca=%same
    rightid=%fromcert
    # config
    type=tunnel
    keyingtries=2
    disablearrivalcheck=no
    authby=rsasig
    auth=esp
    keyexchange=ike
    auto=route
    remote_peer_type=cisco
    pfs=no

Note few things about this configuration. First, my client machine (roadwarrior) is a left node, while Cisco is the right one. Next, I didn't arrive to this configuration immediately, I had to experiment with the value of interfaces and left statements. The reason was that I'm assigned dynamic NATed address. So, those settings will cause openswan to automatically select appropriate values (interface and IP address) at the time I'm connecting to VPN. Also, certificate related stuff also took me some time to figure it out.

Into ipsec.secrets file I added the following line:

: RSA SGROS

this will cause openswan to use RSA key for authentication. Finally, I had to import certificates and keys into the NSS database. Note that NSS database is already precreated in /etc/ipsec.d directory. More specifically, the database consists of files cert8.db, key3.db and secmod.db. To see imported certificates (if there are any), use the following command:

# certutil -L -d /etc/ipsec.d/
Certificate Nickname               Trust Attributes
                                   SSL,S/MIME,JAR/XPI
ROOTCA                             CT,C,C
SGROS                              u,u,u
CISCO                              P,P,P

In my case there are three certificates in the database. Mine (SGROS), VPN's (CISCO) and CA that signed them (ROOTCA). Note that I'm referencing those certificates in ipsec.conf file. If you are configuring this database for the first time, it will be empty and you'll have to import all the certificates.

To import CA into your database, use the following command:

certutil -A -i rootca.pem -n ROOTCA -t "TC,TC,TC" -d /etc/ipsec.d/

Note that I'm assuming you have PEM version of certificate stored in the current directory (argument to the -i option). For the rest options, and their meaning, please consult man page.

To import your certificate, with a private key, use the following command:

certutil -A -i certkey.pfx -n SGROS -t "u,u,u" -d /etc/ipsec.d/

Note that this time certificate and private key are stored in PKCS#12 file (named certkey.pfx).

Finally, to import certificate of Cisco ASA, use the following command:

certutil -A -i rootca.pem -n ROOTCA -t "P,P,P" -d /etc/ipsec.d/

Note that the command is very similar to the one used to import ROOTCA, but the trust attributes (option -t) are different. Namely, you don't want ASA's certificate to be CA, i.e. to be able to issue new certificates.

Starting and debugging

To start Libreswan daemon, I used the following command:

ipsec pluto --stderrlog --config /etc/ipsec.conf --nofork

That way I was forcing it not to go to the background (--nofork) and to log to stderr (--stderrlog). Then in another terminal I would trigger VPN establishment using the following command:

ipsec auto --up VPN

The first problem was that Libreswan said it can not determine which end of the connection it is, i.e. I was receiving the following error message.

022 "VPN": We cannot identify ourselves with either end of this connection.

That error message took me some time to resolve. I tried everything possible to let Libreswan knows if it is left or right part in the configuration, which included changing roles several times, changing different parameters and other stuff. In the end, it turned out that that has nothing to do with the configuration file, namely the problem actually was missing kernel module!? NETKEY wasn't loaded, and libreswan couldn't access IPsec stack within the kernel. To be honest, it could be inferred from the log by nothing the following lines:

No Kernel XFRM/NETKEY interface detected
No Kernel KLIPS interface detected
No Kernel MASTKLIPS interface detected
Using 'no_kernel' interface code on 3.10.4-300.fc19.x86_64

But then again, some more informative error message would actually help a lot! In the end, the following command solved that problem:

modprobe af_key

and then, in the logs I saw the following line:

Using Linux XFRM/NETKEY IPsec interface code on 3.10.4-300.fc19.x86_64

that confirmed NETKEY was now accessible, and the error message about not knowing which end of the connection it is, disappeared.

Next, I had problem with peer's public key. The error message I received was:

003 "VPN" #1: no RSA public key known for 'C=HR, L=Zagreb, O=Some ORG, CN=Cisco ASA'

Again, I lost a lot of time trying to figure out why it can not access public key even though it is in the certificate. I also tried to extract public key and write it directly into configuration file. Nothing helped. Then, when I turned on debugging of x509 in ipsec.conf, I found some suspicious messages, like the following one:

added connection description "VPN"
| processing connection VPN
|   trusted_ca called with a=CN=ROOTCA b=
|   trusted_ca returning with failed
|   trusted_ca called with a=CN=ROOTCA b=\001\200\255\373
|   trusted_ca returning with failed

Note the garbage as the second argument of the function trusted_ca!? Googling around for something about this didn't reveal anything useful. But then, out of desperation I tried removing leftca and rightca parameters from ipsec.conf, and guess what! Everything started to work. Checking again at the logging output I saw that now b parameter has the same value as a.

Yet, it still didn't work and after some tinkering I suspected that on the Cisco side XAuth is enabled and required. This I concluded based on the log output where Libreswan says what it received from Cisco:

"VPN" #1: received Vendor ID payload [Cisco-Unity]
"VPN" #1: received Vendor ID payload [XAUTH]
"VPN" #1: ignoring unknown Vendor ID payload [...]
"VPN" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]

At first, I thought that Libreswan will support XAuth, but obviously, if it is not configured Libreswan can not use it. Also, looking into manual page it says there that Xauth is disabled by default. So, after adding the following statements into ipsec.conf file:

leftxauthclient=yes
leftxauthusername=sgros

and adding appropriate line into ipsec.secrets file:

@sgros : XAUTH "mypassword"

I managed to get further. Yet, it still didn't work. Looking again in the log output I realised that something was wrong with client configuration. Also, I got segfaults there that I didn't report to upstream for a simple fear that I might send some secret information. But, after adding the following statements into ipsec.conf segmentation fault was solved:

modecfgpull=yes
leftmodecfgclient=yes

In the logging output of Libreswan I saw that configuration parameters were properly obtained, i.e.:

"VPN" #1: modecfg: Sending IP request (MODECFG_I1)
"VPN" #1: received mode cfg reply
"VPN" #1: setting client address to 192.168.2.33/32
"VPN" #1: setting ip source address to 192.168.2.33/32
"VPN" #1: Received subnet 192.168.0.0/16, maskbits 16
"VPN" #1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4

Now, it seemed like everything was connected, but ICMP probes were not going through. Using setkey command I checked that policies and associations are correctly installed into the kernel, which they were. I quickly realised that the problem was that Libreswan didn't assign IP address to my local interface, nor did it assign routes. That was easy to check by just listing interface's IP addresses. To see if this is really problem, I manually assigned address and route:

# ip addr add 192.168.2.33/32 dev wlp3s0
# ip ro add 192.168.0.0/22 src 192.168.2.33 via 192.168.1.1

and after that I was able to reach addresses within a destination network. Note that IP address given as argument to via keyword (in my case 192.168.1.1) isn't important since XFRM will change it anyway. So, the problem was why this address isn't added in the first place.

After some poking around I found that the script /usr/libexec/ipsec/_updown.netkey is called to setup all the parameters, and also, looking into that script, I found that it didn't do anything when pluto calls it using up-client parameter! So, no wonder nothing happened. I also found on the Internet post about that problem. The fix is simple, as shown in the post I linked, but it messes something with routes. After some further investigation I discovered that when adding locally assigned IP address, the script messes up netmask. To cut the story, I changed the following line:

-it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/${PLUTO_PEER_CLIENT##*/} dev ${PLUTO_INTERFACE%:*}"
+it="ip addr add ${PLUTO_MY_CLIENT} dev ${PLUTO_INTERFACE%:*}"

and also, I changed the following lines for IP address removal:

-it="ip addr del ${PLUTO_MY_SOURCEIP%/*}/${PLUTO_PEER_CLIENT##*/} dev ${PLUTO_INTERFACE%:*}"
+it="ip addr del ${PLUTO_MY_CLIENT} dev ${PLUTO_INTERFACE%:*}"

You can get the complete patch here.

Some random notes

It might happen that Libreswan suddenly stops working and that you can not access network, i.e. you can only ping you local address, but not local router. In that case try to clear XFRM policy using setkey command:

setkey -FP

you can also check if there is anything with:

setkey -DP

yum error

I just got the following error while trying to update the system:

# yum update
Loaded plugins: langpacks, refresh-packagekit
adobe-linux-x86_64                             |  951 B  00:00:00
fedora/19/x86_64/metalink                      |  25 kB  00:00:00
Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=fedora-19&arch=x86_64 error was
No repomd file
Error: File /var/cache/yum/x86_64/19/fedora/metalink.xml does not exist

As seen from the output, the problem is with some Fedora mirror. After googling for a solution and trying different fixes, none of which worked for me, I finally edited /etc/yum.repos.d/fedora.repo, commented out the line mirrorlist and uncommented baseurl line. After that, everything worked.

To conclude this post, the problem is with some mirror picked by yum.

Upgrading to Fedora 19

I just managed to install Fedora 19 and that was harder than it should be. Here are some remarks.

One thing to note. Every system is different and when I managed to fix something, it could be that I changed something else also, at first glance unrelated, to the problem itself. Yet, I don't have time to double check each fix I did. So, treat this as hints what could you do in case you have similar problems.

Failed attempt

First, I tried to uprade using FedUp tool. But that failed. Upgrade process requires certain amount of free space on root partition. Well, I have relatively small root partition and it is isolated from /home where there is a lot of space. For this reason I had to move FedUp working directories (/var/tmp/fedora-upgrade and /var/lib/fedora-upgrade) to home partition and create symlinks. After reboot into fedup, it briefly showed exception and then rebooted again into Fedora 18. The exception was:

[     0.421] (II) fedup.sysprep:remove_cache() removing /var/tmp/fedora-upgrade
[     0.424] (II) fedup:() Exception:
Traceback (most recent call last):
  File "/usr/bin/fedup-cli", line 181, in
    main(args)
  File "/usr/bin/fedup-cli", line 82, in main
    do_cleanup(args)
  File "/usr/lib/python2.7/site-packages/fedup/commandline.py", line 183, in do_cleanup
    remove_cache()
  File "/usr/lib/python2.7/site-packages/fedup/sysprep.py", line 195, in remove_cache
    rm_rf(d)
  File "/usr/lib/python2.7/site-packages/fedup/util.py", line 51, in rm_rf
    rm_f(d, rm=rmtree)
  File "/usr/lib/python2.7/site-packages/fedup/util.py", line 48, in rm_f
    log.warn("failed to remove %s: %s", f, str(e))
NameError: global name 'log' is not defined

At first, I thought that the problem was the inability to remove a directory, but then I realised that the problem is undefined log module/class! So, I opened file /usr/lib/python2.7/site-packages/fedup/util.py and replaced line 48 with a simple pass statement.

Reinstall

Then, I decided to reinstall Fedora from scratch. But, I didn't want to burn CD nor I wanted to go again through the network boot/install process again. So, I booted from USB stick. In essence, you need to download boot.iso file and using livecd-usb-to-disk tool write it on USB stick. Then, boot from this stick and off you go.

Luckily, installation process is much improved from Fedora 18.

Problems

During a boot process, I was dropped into a single user mode. Looking into logs (as suggested by the message just before the root password prompt) I found that dbus isn't working, i.e. there was the following message:

Cannot boot - no /var/lib/dbus directory. Created the directory and disabled SELinux.

It turned out that this directory, for some reason, wasn't created when dbus package was installed. So, I created that directory and disabled SELinux in /etc/sysconfig/selinux.

Next problem was that Firefox didn't want to start for some unknown reason. I have several different profiles and firefox would stuck at profile selection dialog box. But, this was something transient because after several tries it continued to work without any problems.

VMWare

First, I'm using VMWare Workstation 9.0.1. So, this text applies to that version. VMWare couldn't compile kernel modules, so I applied this patch. Simply unpack it to some temporary directory and run bash script. During the compilation process, there are a lot of warnings like this one:

/tmp/modconfig-ZB7ihE/vsock-only/linux/vsockPacket.h:113:4: note: in expansion of macro ‘ASSERT_ON_COMPILE’
    ASSERT_ON_COMPILE(sizeof (VSockPacket) == 56);
    ^
/tmp/modconfig-ZB7ihE/vsock-only/./shared/vmci_iocontrols.h: In function ‘VMCIVA64ToPtr’:
/tmp/modconfig-ZB7ihE/vsock-only/./shared/vm_assert.h:320:20: warning: typedef ‘AssertOnCompileFailed’ locally defined but not used [-Wunused-local-typedefs]

But, despite those warnings, modules compiled and I managed to start VMWare.

Then, I had a problem with entering serial key. When I pressed button Enter key... nothing happened. I entered it via a command line, like this:

/usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXXXXXXXXXXXXXXXXXXXXX

After that, everything seemed to work. By the way, here is a very good page I used to get VMWare working.

Fedora 18, WebEx, Java and sound...

I just tried to use WebEx in order to participate in a conference and I was unable to do so. There are a lot of different pages on the Internet that show you what to do. In the end, everything boils down to the fact that WebEx doesn't support 64-bit versions of Linux so all the solutions actually describe how to install 32 bit version of Firefox and Java. Some of those recipes uninstall 64-bit versions of Firefox/Java, some install them in addition to the existing ones. I think the second approach is better, and here is an example of the latter approach.  Note that there isn't problem with sound in Java thanks to the transparent support of ALSA applications by PulseAudio so there is no need to do something like this.

What I found by reading all the recipes is that they assume two things that might catch you:

1. Sun's Java is installed somewhere in the /opt directory. In case you used RPM archive, it will be in /usr/java.
2. People hardcode Java versions, e.g. 1.6.0_21. I don't know why they don't use /usr/java/latest or /usr/java/default because those are valid links on all installations.

In the end I gave up on trying to make WebEx work. Maybe I'll return to it some day and then I'll extend this post...

Integrating LibreOffice 4 and Alfresco using CMIS

Alfresco is an excellent CMS solution, that unfortunately doesn't have good integration with LibreOffice. That is, it didn't have until LibreOffice 4 (LO4) was released. You could use WebDav to mount Alfresco shares, but there are some quirks related to versioning. First, after each save version is automatically increased by Alfresco, and second, there is no clear way to do check in and provide log of changes. Also, LibreOffice's autosave mechanism can make some problems. But, as I said, LO4 added CMIS protocol. CMIS is actually more than a simply protocol, but in essence it is a standard way of accessing content management systems so any CMS that supports CMIS will allow LibreOffice to be well integrated. CMIS is in Alfresco supported without any additional customizations, so if you followed my post about installing Alfresco, you are ready to try LibreOffice and CMIS.

Now, I was trying all this on Fedora 18 as a client workstation, so if you also have Fedora 18 you'll have to install manually LO4. So, if you didn't already install it, I wrote a post about that so take a look at it and install LO4.

So, to use CMIS first you'll have to enable LibreOffice's native Load/Save dialog boxes. This is done via Options... dialog (found in Toos menu option). Then, select option General in the left pane and you'll see in the main pane check box labeled Use LibreOffice dialogs under Open/Save dialogs section. Mark that check box and close the dialog. Finally, there is no need to restart LibreOffice:

Now, you need to add share from Alfresco where you have your documents stored. To do that, go to the Open dialog (in File menu), and now you'll see a button with three dots in the upper right corner. Click on it and new dialog appears:

Under the Type drop down box select CMIS, and then, under Server Details heading choose option Alfresco 4 as a Server Type. The dialog will have the following form:

Then Binding URL that has the following form:

http://<host>/alfresco/cmisws/RepositoryService?wsdl

has to be changed by filling in the host and port. When you fill URL, click on circular arrow beneath URL on the right hand side of Repository option. This will query repository for available URLs. You have also to type in name for this repository, and that's basically it, click OK to close this dialog. You'll be asked several times for username and password, so, provide it every time. This has to be username/password combination of a user that will access documents, not an administrator's password. Also, during this process, if you clicked check box that LO should remember password, a dialog will appear that will ask you for a master password that will protect your saved password(s).

Now, each time you go to Open dialog to open a new file, you'll have on the left pane this repository under the whatever name you've typed in Name text box.

There were several gotchas during this process. First, don't expect some useful/meaningful error messages. Basically, when you press that circular arrow, and something isn't right, you won't receive any message at all. So, here are some things that might catch you.

First of, while setting up the LO4 I suggest that you start it from the command line. The reason is that you'll see error messages on the console. Like the following ones I got:

http://your.server.name:8443/alfresco/cmisws/RepositoryService?wsdl:1: parser error : Start tag expected, '<' not found

that one was caused because I tried to use http protocol on https port (8443)! :D

Secondly, try first with http, and when you set that up, then you should try to switch to https. The problem is that LibreOffice has to have installed CA that issued certificate for Alfresco. If it doesn't have, then it will silently disconnect, and, as I said, it won't tell you what happened.

Third, if the hostname is incorrect, you also won't receive any error message. So, I suggest that you c/p the URL and try to retrieve wsdl using wget or curl:

wget --no-check-certificate 'https://your.server.name:8443/alfresco/cmisws/RepositoryService?wsdl'

For the end of this setup part, I'll mention that CMIS was introduced in LibreOffice 3.6 but it is marked as an experimental feature and those have to be explicitly enabled via Options dialog. Also, the dialog is different in LibreOffice 4 than in LibreOffice 3.6. Take a look at this blog post, but after several unsuccessful tries I decided to do it with LO4 because that was what I needed.

Experiences

Functionality seems to be OK but access to Alfresco repository is slow. This has a big impact on autosave, i.e. when you type everything suddenly freezes. Also, now and then, LO4 freezes very shortly but noticeably, when editing file from Alfresco.

LibreOffice 4 on Fedora 18...

It seems that LibreOffice 4 won't be packaged for Fedora 18, only in Fedora 19 judging from the fact that it is already in Rawhide and in previous versions of Fedora only minor updates were performed. So, if you need some feature from this newer version you'll have to install it separately from Fedora's repositories. Fortunately, it isn't so hard and/or dangerous to do and here is how.

First, go to LibreOffice Download pages and click on the Main installer link. This will trigger download of archive with all the RPMS necessary for the installation. Note that it's cca. 180MB of data.

After the download finishes, unpack it and you'll have a new directory LibreOffice_4.0.0.3_Linux_x86-64_rpm. Enter that directory, then RPMS/ subdirectory and finally run the following command (as a root user):

yum localinstall *.rpm

When asked to confirm installation process, just hit y. Additionally, install package that will provide LibreOffice 4 in different GNOME menus (note: this is a single line):

yum localinstall desktop-integration/libreoffice4.0-freedesktop-menus-4.0.0-103.noarch.rpm

Now, you can run LibreOffice 4 like you would run older LibreOffice. Note that you have both versions installed in parallel.