https://wiki.archlinux.org/api.php?action=feedcontributions&user=Aaron&feedformat=atomArchWiki - User contributions [en]2024-03-28T16:55:20ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Firewalls&diff=40279Firewalls2008-04-26T13:15:23Z<p>Aaron: /* Firestarter */</p>
<hr />
<div>[[Category:Networking (English)]]<br />
[[Category:Security (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{stub}}<br />
===Firewalling Arch===<br />
A firewall is a system designed to prevent unauthorized access to or from a private network (which could be just one machine). Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and allows, proxys, or denies the traffic based on specified security criteria.<br />
<br />
There is a nice list of firewalls [http://wiki.debian.org/Firewalls here], and a nice comparison of some firewalls [http://www.securityfocus.com/infocus/1410 here].<br />
<br />
There are many posts on the forums about different firewall apps and scripts so here they all are condensed into one page - please add your comments about each firewall, especially ease of use and a security check at [https://www.grc.com/x/ne.dll?bh0bkyd2 Shields Up]<br />
<br />
====iptables====<br />
Kernel itself has very powerful and secure firewall called ''iptables''. The other firewalls are usually just frontends to it. To use iptables in arch, you need to download its userland utilies first:<br />
# pacman -S iptables<br />
<br />
Then define some rules and run <code>/etc/rc.d/iptables save</code>. This script will call iptables-save and save your rules into <code>/etc/iptables/iptables.rules</code>.<br />
<br />
Now you can start iptables, this will call iptables-restore and load your rules:<br />
# /etc/rc.d/iptables start<br />
<br />
You can add it into DAEMONS array in <code>/etc/rc.conf</code>, preferably before 'network', so it will be loaded everytime you boot: <br />
DAEMONS=(... iptables network ...)<br />
<br />
In fact, iptables is more than just a firewall. You can use it to share your internet connection for your private network. If you have your internal network already working but you can't access internet, just add this rule to your gateway-pc iptables:<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
'''Comment by Dheart'''<br />
For some reason the above postrouting line didn't work for me so I used <br />
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to xxx.xxx.xxx.xxx <br />
where xxx.xxx.xxx.xxx is the ip address of my eth0 (the LAN card that has internet connection)<br />
<br />
'''More info:'''<br />
*[[Simple_stateful_firewall_HOWTO|Simple stateful firewall HOWTO]]<br />
*http://gentoo-wiki.com/HOWTO_Iptables_for_newbies<br />
*man iptables http://unixhelp.ed.ac.uk/CGI/man-cgi?iptables+8<br />
*http://tldp.org/HOWTO/Masquerading-Simple-HOWTO/<br />
*http://netfilter.org/documentation/HOWTO/NAT-HOWTO.html<br />
*http://iptables-tutorial.frozentux.net/iptables-tutorial.html<br />
* [http://blog.webhosting.uk.com/2006/11/02/how-to-install-and-configure-apf-firewall-for-cpanel/ How to install and configure APF Firewall for cPanel?]<br />
<br />
====Firewall====<br />
Simple /etc/rc.d/ firewall, configured with /etc/conf.d/firewall<br />
[[firewall pkgbuild]]<br />
<br />
<br />
====ferm====<br />
ferm - for Easy Rule Making<br />
ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.<br />
[http://ferm.foo-projects.org/ ferm home page]<br />
<br />
<br />
====uruk====<br />
uruk loads an rc file, which defines network service access policy, and invokes iptables to set up firewall rules implementing this policy.<br />
[http://mdcc.cx/uruk/ uruk home page]<br />
<br />
<br />
====Guarddog====<br />
Requires kdelibs, but is a really easy to use GUI for configuring iptables. After setting up a basic desktop configuration it passes all Shields Up tests perfectly.<br />
<br />
To have the firewall settings applied at bootup you must run ''/etc/rc.firewall'' from inside ''/etc/rc.local'' or something similar.<br />
<br />
[http://www.simonzone.com/software/guarddog/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=8998 Package ] | [http://bbs.archlinux.org/viewtopic.php?t=9717 Forum]<br />
<br />
<br />
====Firestarter====<br />
A good GUI based firewall, uses gnome dependencies. Firestarter has the ability to use both white and black lists for regulating traffic. Very simple and easy to use, with good documentation available on their website.<br />
<br />
[http://www.fs-security.com/ Website] | [http://www.archlinux.org/packages/1973/ Package]<br />
<br />
====Firewall Builder====<br />
[http://www.fwbuilder.org/ Website] | [http://www.archlinux.org/packages/611/ Package]<br />
<br />
<br />
====KMyFirewall====<br />
Graphical front-end with good setup-wizard.<br />
<br />
Firewall editing capabilities are simple enough to use to be suitable for beginners, but also<br />
allow for sophisticated tweaking of the firewall settings.<br />
<br />
[http://kmyfirewall.sourceforge.net/ Website] | [http://www.archlinux.org/packages/5431/ Package]<br />
<br />
<br />
====Quicktables====<br />
Script. Step by step questions with great explanations<br />
<br />
[http://bbs.archlinux.org/viewtopic.php?t=10527 Forum]<br />
<br />
<br />
====Arno's Firewall====<br />
Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines.<br />
<br />
The script:<br />
*EASY to configure and highly customizable<br />
*daemon script included<br />
*a filter script that makes your firewall log more readable<br />
<br />
Supports:<br />
*NAT and SNAT<br />
*port forwarding<br />
*ADSL ethernet modems with both static and dynamically assigned IPs<br />
*MAC address filtering<br />
*stealth port scan detection<br />
*DMZ and DMZ-2-LAN forwarding<br />
*protection against SYN/ICMP flooding<br />
*extensive user definable logging with rate limiting to prevent log flooding<br />
*all IP protocols and VPNs such as IPSec<br />
*plugin support to add extra features.<br />
<br />
[http://rocky.molphys.leidenuniv.nl/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=6680 Package] | [http://bbs.archlinux.org/viewtopic.php?t=24159 Forum]<br />
<br />
====gShield====<br />
Really simple iptable configuration. (Nothing to do with gnome) Easy to configure, blocks everything not needed (almost) by default. Controlled by only one config file. It gave me all stealth on grc.com<br><br />
Pros:<br />
*Easy to configure<br />
*Only one config file<br />
*Will give you a iptables configuration, which is the best firewall<br />
Cons:<br />
*No GUI<br />
<br />
[http://muse.linuxmafia.org/gshield/ Website] | [http://bbs.archlinux.org/viewtopic.php?t=4557 Forum]<br />
<br />
<br />
==== Shorewall====<br />
The Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.<br />
<br />
[http://www.shorewall.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=8935 Package] | [http://bbs.archlinux.org/viewtopic.php?t=8937 Forum]<br />
<br />
<br />
==== Firehol====<br />
FireHOL is a language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it.<br />
<br />
[http://firehol.sourceforge.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=3971 Package]<br />
<br />
<br />
==== FireFlier====<br />
Looks like a nice alternative, has Java/Qt/Gtk frontends for iptables.<br />
<br />
[http://fireflier.sourceforge.net/ Website] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=4647 Server Package] | [http://aur.archlinux.org/packages.php?do_Details=1&ID=5261 Client Package]<br />
<br />
<br />
==== Firetable====<br />
iptables-based firewall with "human readable" syntax.<br />
<br />
[http://hiawatha.leisink.org/index.php?page=firetable Website]<br />
<br />
<br />
<br />
WikiMigration--[[User:Dlanor|dlanor]] 14:55, 23 Jul 2005 (EDT)</div>Aaronhttps://wiki.archlinux.org/index.php?title=Install_bundled_32-bit_system_in_64-bit_system&diff=39963Install bundled 32-bit system in 64-bit system2008-04-18T23:31:05Z<p>Aaron: /* Download and install dchroot */</p>
<hr />
<div>[[Category:Arch64 (English)]]<br />
[[Category:HOWTOs (English)]]<br />
{{i18n_links_start}}<br />
{{i18n_entry|English|:Arch64_Install_bundled_32bit_system}}<br />
{{i18n_entry|Czech|:32bit chroot}}<br />
{{i18n_links_end}}<br />
= Arch64 Install bundled 32bit system =<br />
<br />
Note that this script doesn't try to change anything out of the 32bit directory. I'm no expert so there is maybe errors or some "bad things".<br />
<br />
This howto is just for those who really need to run 32 bit apps and to install it easily. As Arch64 tries to be a pure 64 bit distro, it seems the devs won't provide any compatibility libs, this system seems to me the cleaner.<br />
<br />
== Install the base 32 bit system ==<br />
We create the repository.<br />
mkdir /opt/arch32<br />
vim /etc/pacman.d/mirrorlist<br />
Here you'll have to replace in the first address x86_64 by i686.<br />
'''Don't forget to revert it at the end of the howto or your system can be screwed when you install something.'''<br />
<br />
As soon as you use the ''--root'' switch to the pacman command below, all the files ''/var/log/pacman.log'' ''/var/lib/pacman/db.lck'' will be created inside your ''/opt/arch32'' directory.<br />
So the log of pacman will be ''/opt/arch32/var/log/pacman.log'' and will NOT mess up with your 64bit installation. There is no need for a ''LogFile'' directive in ''/etc/pacman.conf'' or a ''--logfile'' switch unless you want the log file to be elsewhere.<br />
<br />
The ''--cachedir'' switch is for the package to be cached in the ''/opt/arch32/var/cache/pacman/pkg'' directory instead of /var/cache/pacman/pkg<br />
<br />
We now create that directory, just to be sure:<br />
<br />
mkdir -p /opt/arch32/var/{cache/pacman/pkg,lib/pacman}<br />
<br />
Now proceed to sync up pacman:<br />
<br />
pacman --root /opt/arch32 --cachedir /opt/arch32/var/cache/pacman/pkg -Sy<br />
<br />
Now we can install the base packages:<br />
<br />
pacman --root /opt/arch32 --cachedir /opt/arch32/var/cache/pacman/pkg -S base base-devel<br />
<br />
If you don't intend to compile packages inside this chroot, you can omit the base-devel group:<br />
<br />
pacman --root /opt/arch32 --cachedir /opt/arch32/var/cache/pacman/pkg -S base<br />
<br />
'''You can now revert your pacman.d/mirrorlist file to x86_64.'''<br />
<br />
== /etc/rc.d/arch32 rc script ==<br />
<br />
To initiate the 32bit environment at startup, create a script in /etc/rc.d/ called "arch32":<br />
<br />
#!/bin/bash<br />
<br />
. /etc/rc.conf<br />
. /etc/rc.d/functions<br />
<br />
case $1 in<br />
start)<br />
stat_busy "Starting Arch32 chroot"<br />
mount --bind /proc /opt/arch32/proc<br />
mount --bind /proc/bus/usb /opt/arch32/proc/bus/usb<br />
mount --bind /dev /opt/arch32/dev<br />
mount --bind /dev/pts /opt/arch32/dev/pts<br />
mount --bind /dev/shm /opt/arch32/dev/shm<br />
mount --bind /sys /opt/arch32/sys<br />
mount --bind /tmp /opt/arch32/tmp<br />
mount --bind /home /opt/arch32/home<br />
add_daemon arch32<br />
stat_done<br />
;;<br />
stop)<br />
stat_busy "Stopping Arch32 chroot"<br />
umount /opt/arch32/proc/bus/usb<br />
umount /opt/arch32/proc<br />
umount /opt/arch32/dev/pts<br />
umount /opt/arch32/dev/shm<br />
umount /opt/arch32/dev<br />
umount /opt/arch32/sys<br />
umount /opt/arch32/tmp<br />
umount /opt/arch32/home<br />
rm_daemon arch32<br />
stat_done<br />
;;<br />
restart)<br />
$0 stop<br />
sleep 1<br />
$0 start<br />
;;<br />
*)<br />
echo "usage: $0 {start|stop|restart}"<br />
esac<br />
exit 0<br />
<br />
Then allow execution of this script:<br />
<br />
chmod +x /etc/rc.d/arch32<br />
<br />
And add it to "/etc/rc.conf":<br />
<br />
DAEMONS=(syslog-ng network netfs crond arch32 gdm)<br />
<br />
== Configure the new installed system ==<br />
First, copy some meaningful config files over....<br />
<br />
cd /opt/arch32/etc<br />
<br />
cp /etc/passwd* .<br />
cp /etc/shadow* .<br />
cp /etc/group* .<br />
<br />
cp /etc/rc.conf .<br />
ln /etc/resolv.conf .<br />
<br />
cp -a /etc/localtime .<br />
cp /etc/locale.gen .<br />
cp /etc/profile.d/locale.sh profile.d<br />
<br />
cp /etc/vimrc .<br />
cp /etc/mtab .<br />
<br />
Now chroot in your new system<br />
/etc/rc.d/arch32 start<br />
xhost +local:<br />
chroot /opt/arch32<br />
<br />
I recommend that you use a custom bash prompt inside your ''32bit chroot installation'' to know where you are (i.e. inside the 32bit chroot). You can, for example, add a '''ARCH32''' string to your '''PS1''' string that you may have defined in ''.bashrc'' or other config file.<br />
<br />
Fix some future locale issues<br />
/usr/sbin/locale-gen<br />
pacman -S ttf-bitstream-vera ttf-ms-fonts<br />
<br />
'''Note''' that you can install any other font. You just need one or your apps won't display any text.<br />
<br />
Also, keep in mind that the "/etc/pacman.conf" file from the 32bit environment is the default one. The [community] repo is enabled by default now.<br />
<br />
Now you can install any apps you need (*note for firefox with the nonfree flash plugin, you will need to install libxmu as well! Apparently this dependency has not been taken care of yet; see [http://bugs.archlinux.org/task/5583 Flyspray]).<br />
<br />
pacman -S acroread opera<br />
pacman -S mozilla-firefox<br />
pacman -S libxmu flashplugin<br />
pacman -S mplayer-plugin<br />
<br />
You can also clean up to win back some space by removing some unnecessary packages.<br />
This cleanup is for your '''32 bit root" environment''' and must then be done inside it after '''chrooting'''!<br />
Below is a list of package you '''might''' want to remove...<br />
<br />
pacman -Rd mkinitcpio<br />
pacman -R kernel26<br />
pacman -R grub<br />
pacman -R dhcpcd<br />
pacman -R rp-pppoe<br />
pacman -R ppp<br />
pacman -R xfsprogs<br />
pacman -R reiserfsprogs<br />
pacman -R jfsutils<br />
pacman -R hdparm<br />
pacman -R hwdetect<br />
pacman -R syslog-ng<br />
pacman -R logrotate<br />
pacman -R lvm2<br />
pacman -R dcron<br />
pacman -R wpa_supplicant<br />
pacman -R pcmciautils<br />
<br />
===Consider also clearing out your pacman cache (regularly)===<br />
'''Note''': this is '''not''' a command that you'll only have to run just onc. As packages accumulate, you'll have to keep doing this if you want to clear out the space from the pacman cache:<br />
pacman -Scc<br />
<br />
== Execute a 32bit apps from a 64bit env ==<br />
<br />
<br />
=== Download and install dchroot ===<br />
<br />
Install "dchroot" to your 64-bit installation from the community repository:<br />
<br />
pacman -S dchroot<br />
<br />
=== Configuration ===<br />
<br />
Now, we must edit the configuration file (/etc/dchroot.conf) and add this line:<br />
<br />
arch32 /opt/arch32<br />
<br />
<br />
=== Execute 32bit apps ===<br />
<br />
Finally, to use your 32bit apps:<br />
<br />
dchroot -d "opera -notrayicon"<br />
dchroot -d acroread<br />
<br />
It will launch Opera, without the systray icon, from your 32bit environment. The second example is for Acrobat Reader, where there is no "" since we don't need to add switches.<br />
<br />
=== Using sound ===<br />
The most used application in 32 bits is flash, for YouTube for example. <br />
<br />
To get sound from the flash player in firefox, open a terminal and chroot inside the 32-bit system:<br />
chroot /opt/arch32<br />
<br />
From there, install alsa-oss:<br />
pacman -S alsa-oss<br />
<br />
Then type:<br />
export FIREFOX_DSP="aoss"<br />
<br />
Every chroot into the 32-bit system will require this export command to be entered so it may be best to incorporate it into a script.<br />
<br />
Finally, launch Firefox.<br />
<br />
=== Example script for Firefox with sound ===<br />
Open a text editor and save the following in /usr/bin/firefox32 (as root, use sudo):<br />
<br />
<pre>#!/bin/sh<br />
dchroot -d "firefox $1;export FIREFOX_DSP="aoss""</pre><br />
<br />
Make it executable:<br />
<br />
sudo chmod +x /usr/bin/firefox32<br />
<br />
Now you can make an alias for firefox if you want:<br />
<br />
alias firefox="firefox32"<br />
<br />
Add this to your $HOME/.bashrc file at the end, and type it into bash to make the alias available immediately. Or you can just change all your DE launchers to firefox32 if you still want 64 bit firefox to be available.</div>Aaronhttps://wiki.archlinux.org/index.php?title=Lighttpd_and_FastCGI&diff=38380Lighttpd and FastCGI2008-03-08T22:22:13Z<p>Aaron: Minor grammar fixes.</p>
<hr />
<div>[[Category:Networking (English)]]<br />
[[Category:HOWTOs (English)]]<br />
This document will describe how to set Ruby on Rails and php up on lighttpd with fastcgi and PostgresQL support.<br />
<br />
<br />
====Installing lighttpd and fcgi====<br />
pacman -S lighttpd fcgi<br />
<br />
Now you have lighttpd with fcgi support. If it was that what you wanted you're all set. People that want Ruby on Rails and/or php should continue.<br />
<br />
====Installing php-cgi====<br />
pacman -S php<br />
<br />
Now check if you got the php-cgi version by entering<br />
''php-cgi --version''<br />
<pre><br />
PHP 5.2.5 with Suhosin-Patch 0.9.6.2 (cgi-fcgi) (built: Nov 13 2007 20:03:00)<br />
Copyright (c) 1997-2007 The PHP Group<br />
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies<br />
</pre><br />
If you get a similar output your php is installed successfully<br />
<br />
'''Note''' : Please keep in mind if you receive errors like ''No input file found'' after attempting to access your php files then make sure /etc/php/php.ini has the directives enabled<br />
<br />
<pre><br />
cgi.fix_pathinfo=1<br />
open_basedir = /home/:/tmp/:/usr/share/pear/:/another/path:/second/path<br />
</pre><br />
<br />
====Ruby on Rails related====<br />
Considering you want to use Ruby on Rails I assume you have ruby installed. If not do so.<br />
<br />
We need rubygems and ruby-fcgi. Check the AUR!<br />
Install both rubygems and ruby-fcgi<br />
Rubygems <br />
sudo pacman -S rubygems<br />
<br />
ruby-fcgi<br />
wget http://aur.archlinux.org/packages/ruby-fcgi/ruby-fcgi/PKGBUILD<br />
makepkg<br />
sudo pacman -U ruby-fcgi-x.x.x-x-xxx.pkg.tar.gz<br />
<br />
<br />
Now we have rubygems. Let's get rails!<br />
sudo gem install rails --include-dependencies<br />
sudo gem install fcgi --include-dependencies<br />
<br />
If this fails, get the [http://fastcgi.com/dist/fcgi.tar.gz] and compile it yourself.<br />
<pre><br />
$ wget http://fastcgi.com/dist/fcgi.tar.gz<br />
$ tar zxvf fcgi.tar.gz<br />
$ cd fcgi-2.4.0<br />
$./configure<br />
$ make<br />
# make install<br />
</pre><br />
And repeat the gem install.<br />
<br />
Check if you have more than one fcgi.so<br />
find /usr -name fcgi.so<br />
If you have two, delete the one that doesn't have "/site_ruby/" in its path.<br />
<br />
For documentation how to use Ruby on Rails please consult [http://rubyonrails.org].<br />
<br />
====Configuration of /etc/lighttpd/lighttpd.conf====<br />
I only show those you should change. The config is well commented and documentation can be found on [http://lighttpd.net].<br />
<br />
<pre><br />
server.modules = (<br />
"mod_access",<br />
"mod_fastcgi",<br />
"mod_accesslog" )<br />
<br />
server.indexfiles = ( "dispatch.fcgi", "index.php" ) #dispatch.fcgi is rails specified<br />
<br />
server.error-handler-404 = "/dispatch.fcgi" #too<br />
<br />
fastcgi.server = (<br />
".fcgi" =><br />
( "localhost" =><br />
(<br />
"socket" => "/tmp/rails-fastcgi.socket",<br />
"bin-path" => "/path/to/rails/application/public/dispatch.fcgi"<br />
)<br />
),<br />
".php" =><br />
( "localhost" =><br />
(<br />
"socket" => "/tmp/php-fastcgi.socket",<br />
"bin-path" => "/usr/bin/php-cgi"<br />
)<br />
)<br />
)<br />
</pre><br />
<br />
Prior to switch on the service, in order to get it fully functional, be sure to create the directory /var/run/lighttpd and set the access accordingly. The Lighttpd installation doesn't create it automatically.<br />
<br />
====Troubleshooting====<br />
[http://trac.lighttpd.net/trac/wiki/FrequentlyAskedQuestions Lighttpd FAQ]</div>Aaronhttps://wiki.archlinux.org/index.php?title=64-bit_FAQ&diff=3770864-bit FAQ2008-02-26T02:51:43Z<p>Aaron: /* Can I upgrade/switch my system from i686 to x86_64 without reinstalling? */</p>
<hr />
<div>[[Category:Arch64 (English)]]<br />
[[Category:FAQs (English)]]<br />
<br />
{{i18n_links_start}}<br />
{{i18n_entry|English|Arch64 FAQ}}<br />
{{i18n_entry|Español|Arch64 FAQ (Español)}}<br />
{{i18n_entry|Italiano|Arch64 FAQ (Italiano)}}<br />
{{i18n_entry|简体中文|Arch64 问答}}<br />
{{i18n_links_end}}<br />
<br />
Below is a list of frequently asked questions about Arch64.<br />
<br />
==How can I install Arch64?==<br />
Just use our [http://www.archlinux.org/download/ official install iso CD].<br />
<br />
==How complete is the port? Will I have all the packages from my Arch32 Env?==<br />
Core+Extra repos are ported and almost everything is up to date, only hours or a few days at most behind Arch Linux i686. Our TU's are trying to port the Community repo now.<br />
<br />
The port is ready for daily use in a desktop or server environment.<br />
<br />
==Does 64-bit mean a great speed improvement?==<br />
For applications using the 64-bit CPU registers (large databases and such) this is true in most cases. Some multimedia applications will also run noticeably faster. If you know an application which is known to be much faster when using SSE3 extensions you can rebuild the package yourself. We ''only'' compile with SSE2 support(from march=x86_64) and -O2 optimizations.<br />
For more read http://forums.gentoo.org/viewtopic.php?t=221045 or http://www.thejemreport.com/mambo/content/view/74/74/ .<br />
<br />
For the rest of the system: It doesn't make any difference if the keyboard waits. <br />
<br />
For further details watch our [[Arch64_ToDoS]]. There you will find a list comparing arch32/arch64 package versions.<br />
<br />
For certain boot problems try these special kernel boot flags: http://www.x86-64.org/lists/discuss/msg03747.html (dead link)<br />
<br />
I have three 64-bit Archies running now, and they perform noticeably better under heavy load. It just seems to deliver more punch.<br />
<br />
==Attention when you update glibc from <2.4 version!==<br />
It's important if you update glibc from a version <2.4 that you do it in a separate step. So do only pacman -Sy glibc and if it is successful do pacman -Su. Otherwise the lib-moving may fail and you will have to use pacman.static to fix it.<br />
<br />
==How can I file bugs?==<br />
Simply use Arch's flyspray but note x86_64 in the topic if you think it's a port-related problem!<br />
<br />
==Do you have a mailing list?==<br />
Yes, there is a generic [http://archlinux.org/mailman/listinfo/arch-ports mailing list about arch-ports].<br />
<br />
==What repos should I set up for pacman to use?==<br />
All repos are supported for the port.<br />
<br />
==How can I get the Arch64 PKGBUILDs?==<br />
We have '''''ABS''''' as Arch 32-bit. Recommended place to store is ''/var/abs''. ''abs'' fetches all CVS entries from archlinux.org tagged with CURRENT-64.<br />
<br />
==How can I build new Arch64 packages using existing 32-bit PKGBUILDs?==<br />
We have common PKGBUILDs with Arch32. You can get not-yet-ported 32-bit PKGBUILDs from CVS: http://www.archlinux.org/cvs/<br />
<br />
==How can I patch existing PKGBUILDs for use with Arch64?==<br />
We add to all ported packages this variable:<br />
arch=('i686' 'x86_64') <br />
Add small patches directly to the sources and md5sums area but use for complete different sources:<br />
[ "$CARCH" = "x86_64" ] && source=(${source[@]} 'other source')<br />
[ "$CARCH" = "x86_64" ] && md5sums=(${md5sums[@]} 'other md5sum')<br />
For any small fix use this in the build area:<br />
[ "$CARCH" = "x86_64" ] && (patch -Np0 -i ../foo_x86_64.patch || return 1)<br />
Or when you need more changes:<br />
if [ "$CARCH" = "x86_64" ]; then<br />
configure/patch/sed # for x86_64<br />
else configure/patch/sed # for i686<br />
fi<br />
For the devs:<br />
cvs commit -m "x86_64 updated/fixed or whatever"<br />
cvs tag -cFR CURRENT-64 foo-package-directory (even for extra, community, unstable and testing)<br />
<br />
==What will I miss in Arch64?==<br />
The following applications are known not to be 64-bit compatible:<br />
<br />
* no Java plugin shipped by Sun; KDE's Konqueror has its own native running 64-bit JavaPlugin built in! Best solution to browse JavaApplets these days. There is also a gcj-web-plugin (called gcjplugin in AUR) to use Java-Applets in Gecko browsers.<br />
* true x86_64 Flash support only in parts with GPL gnash or swfdec package from extra repo<br />
* no native Flash plugin shipped by Macromedia/Adobe - nspluginwrapper package from community allows use of 32-bit plugins but forces installation of lib32 packages - follow this guide on how to [[Install Flash on Arch64]]<br />
* Closed-source apps like Skype, Opera - where they don't provide 100% statically built binaries so 32-bit libs are still needed<br />
** '''Note:''' for the last opera 9.50 beta 1, there is a x86_64 port. So for the next release of opera, a native port to x86_64 is expected.<br />
* additional win32 codecs (... that nobody really needs)<br />
* packages that use x86 32-bit assembler code (some emulators like zsnes and syslinux)<br />
<br />
<br />
Almost everything else should be portable. If you miss any Arch32 package in our port and you know that it will compile on x86_64 (e.g. you have found it in another 64-bit distribution without using multilibs), just contact the devs.<br />
<br />
==Can I build 32-bit packages for i686 inside Arch64?==<br />
<br />
Yes. You need a working i686 chroot (installation with i686 iso "quickinstall" is recommended for the quick way to install it inside Arch64). Install "linux32" wrapper pkg from current to make the chroot behave like a real i686 system. Then use this script to login into the chroot environment as root:<br />
<br />
#!/bin/bash<br />
mount --bind /dev /path-to-your-chroot/dev<br />
mount --bind /dev/pts /path-to-your-chroot/dev/pts<br />
mount --bind /dev/shm /path-to-your-chroot/dev/shm<br />
mount -t proc none /path-to-your-chroot/proc<br />
mount -t sysfs none /path-to-your-chroot/sys<br />
linux32 chroot /path-to-your-chroot<br />
<br />
If you keep the sources on the x86_64 host system you can add<br />
"mount --bind /path-to-your-stored-sources /path-to-your-chroot/path-to-your-stored-sources" <br />
to share sources from host to chroot system for pkg building used in /etc/makepkg.conf.<br />
<br />
==Can I run 32-bit apps inside Arch64?==<br />
Yes! <br />
<br />
'''BUT: Our goal is to be the most bleeding-edge distribution around! 32-bit is old-fashioned. We want Arch64 to be modern and pure 64-bit. So we don't have a Multilib system. We won't take any package into the repos improving 32-bit compatibility. Maybe we will place them into the AUR or community repo.'''<br />
'''''Don't expect any support from the devs getting 32-bit apps running on Arch64!'''''<br />
<br />
Boot into Arch64, startx, open a term.<br />
xhost +local:<br />
su<br />
mount /dev/sda1 /mnt/arch32<br />
mount --bind /proc /mnt/arch32/proc<br />
chroot /mnt/arch32<br />
su your32bitusername<br />
/usr/bin/command-you want # or eg: /opt/mozilla/bin/firefox<br />
<br />
Some 32-bit apps (like OpenOffice) may require additional bindings. The following lines can be placed in rc.local to ensure you get all you need for the 32-bit apps (assuming /mnt/arch32 is mounted in fstab):<br />
mount --bind /dev /mnt/arch32/dev<br />
mount --bind /dev/pts /mnt/arch32/dev/pts<br />
mount --bind /dev/shm /mnt/arch32/dev/shm<br />
mount --bind /proc /mnt/arch32/proc<br />
mount --bind /proc/bus/usb /mnt/arch32/proc/bus/usb<br />
mount --bind /sys /mnt/arch32/sys<br />
mount --bind /tmp /mnt/arch32/tmp<br />
#comment the following line if you do not use the same home folder<br />
mount --bind /home /mnt/arch32/home<br />
You can then type in a term:<br />
xhost +localhost<br />
sudo chroot /mnt/arch32 su your32bitusername /opt/openoffice/program/soffice<br />
<br />
==Can I upgrade/switch my system from i686 to x86_64 without reinstalling?==<br />
No. However, you can start the system with the Arch64 install CD, mount the disk, backup anything you may want to keep that isn't a 32-bit binary (e.g: /home & /etc), and install.</div>Aaron