https://wiki.archlinux.org/api.php?action=feedcontributions&user=Avi9526&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:19:44ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=GRUB/EFI_examples&diff=578469GRUB/EFI examples2019-07-31T12:27:21Z<p>Avi9526: Undo revision 578468 by Avi9526 (talk) after power off B150 PC MATE still forgets added entries even with new bios</p>
<hr />
<div>[[Category:Boot loaders]]<br />
[[ja:GRUB/EFI サンプル]]<br />
[[zh-hans:GRUB/EFI examples]]<br />
{{Accuracy|Many of the examples below indicate that the GRUB EFI binary ({{ic|grubx64.efi}}) needs to be copied to a special location (e.g, {{ic|''esp''/EFI/BOOT/bootx64.efi}}). Although this may work, this is the ''fallback'' filename. Other options may also work, like using [[efibootmgr]] or [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]].}}<br />
<br />
It is well known that different motherboard manufactures implement UEFI differently. The purpose of this page is to show hardware-specific methods known to work when installing/restoring GRUB in EFI mode.<br />
<br />
{{Note|In the entire article {{ic|''esp''}} denotes the mountpoint of the [[EFI system partition]] aka ESP.}}<br />
<br />
== Apple Macs ==<br />
<br />
Use bless command from within macOS to set {{ic|grubx64.efi}} as the default boot option. You can also boot from the macOS install disc and launch a Terminal there if you only have Linux installed. In the Terminal, create a directory and mount the [[EFI system partition]]:<br />
<br />
# cd /Volumes<br />
# mkdir efi<br />
# mount -t msdos /dev/disk0s1 /Volumes/efi<br />
<br />
Then run bless on {{ic|grub.efi}} and on the EFI system partition to set them as the default boot options.<br />
<br />
# bless --folder=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
# bless --mount=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
<br />
More info at https://help.ubuntu.com/community/UEFIBooting#Apple_Mac_EFI_systems_.28both_EFI_architecture.29.<br />
<br />
{{Note|<br />
* TODO: GRUB upstream Bazaar mactel branch http://bzr.savannah.gnu.org/lh/grub/branches/mactel/changes{{Dead link|2018|07|12}}. No further update from grub developers.<br />
* TODO: Experimental "bless" utility for Linux by Fedora developers - {{AUR|mactel-boot}}. Requires more testing.<br />
}}<br />
<br />
== Asus ==<br />
<br />
=== Z68 Family and U47 Family ===<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use [[efibootmgr]] to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
If your motherboard has no such option (or even if it does), you can use [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]] to create a UEFI boot option for the Arch partition temporarily.<br />
<br />
Once you boot into the UEFI shell, add a UEFI boot menu entry:<br />
<br />
Shell> bcfg boot add 0 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|\EFI\GRUB\grubx64.efi}} is the the from the {{ic|--bootloader-id}} from the {{ic|grub-install}} command above.<br />
<br />
This will temporarily add a UEFI boot option for the next boot to get into Arch. Once in Arch, {{ic|modprobe efivars}} and confirm that {{ic|efibootmgr}} creates no errors (no errors meaning you successfully booted in UEFI mode). Then [[GRUB#Installation_2|GRUB installation]] can be performed again and should successfully permanently add a boot entry in the UEFI menu.<br />
<br />
=== ux32vd ===<br />
<br />
{{Note|The BIOS does not allow computer to boot from GPT disk if there is no properly set-up UEFI boot entry. The disk even may not be seen in BIOS in this case. The fix is to make a proper UEFI boot entry.}}<br />
<br />
There is a caveat. If the machine was booted from MBR then {{ic|grub-install}} (or [[efibootmgr]]) will fail to create the UEFI boot entry with the following error:<br />
<br />
EFI variables are not supported on this system<br />
<br />
You first need to boot the machine with EFI and then create the boot entry. This can be done the way described for Z68 Family: by copying {{ic|''esp''/EFI/GRUB/grubx64.efi}} into {{ic|''esp''/shellx64.efi}} and selecting "Launch EFI shell from filesystem device".<br />
After successful boot it is possible to create a boot entry using [[GRUB#Installation_2|grub-install]] or [[efibootmgr]].<br />
<br />
=== P8Z77 Family ===<br />
<br />
{{Accuracy|This procedure is most likely no longer necessary and you can just create the entry via [[efibootmgr]].}}<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The [[EFI system partition]] should contain just two files:<br />
<br />
/Shell.efi<br />
/EFI/GRUB/grubx64.efi<br />
<br />
* Reboot and enter the BIOS (the {{ic|Delete}} key will do this).<br />
* Using the arrow keys, move to the ''exit'' menu and drop down to the ''EFI shell''.<br />
* Add an entry for Arch to the menu. Below is an example, see the [[Unified Extensible Firmware Interface#Launching UEFI Shell]] article for more.<br />
<br />
'''Within UEFI shell'''<br />
<br />
Shell> bcfg boot dump -v<br />
Shell> bcfg boot add 1 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
Shell> exit<br />
<br />
* Reboot the machine and enter the BIOS.<br />
* Navigate to the ''Boot'' section and adjust the boot order to with the "GRUB" being the one on the SSD.<br />
* Boot to this entry and enjoy.<br />
<br />
=== M5A97===<br />
<br />
Finish the standard Arch install procedures, making sure that you partition your boot hard disk as GPT.<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The reason that we need this shell application is that the {{ic|efibootmgr}} command will fail silently during {{ic|grub-install}}.<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The UEFI shell will show up. From here we need to add our GRUB entry to the NVRAM.<br />
<br />
Shell> bcfg boot add 3 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|3}} is the zero based boot entry index.<br />
<br />
{{Tip|UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. {{ic|map}} lists recognized filesystems ({{ic|fs0}}, ...) and data storage devices ({{ic|blk0}}, ...). Run {{ic|help -b}} to list available commands. See [[Unified Extensible Firmware Interface#Important UEFI Shell commands]] for more information.}}<br />
<br />
To list the current boot entries you can run:<br />
<br />
Shell> bcfg boot dump -v<br />
<br />
== Asrock ==<br />
<br />
=== Z97M Pro4 ===<br />
<br />
{{Accuracy|If ''efibootmgr'' works when launched from the installed system, why would it not work when {{ic|grub-install}} executes it?}}<br />
<br />
This is a similar procedure to Asus Z68 Family. This was tested on a Z97M Pro4 BIOS P1.90.<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASROCK UEFI BIOS, goto ''Exit'' tab and choose "Launch EFI Shell From Filesystem Device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use ''efibootmgr'' to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
== Dell ==<br />
<br />
=== PowerEdge T30 ===<br />
<br />
The Dell UEFI implementation needs the [[GRUB/Tips_and_tricks#UEFI_firmware_workaround|UEFI firmware workaround]] to load grub. Otherwise it will drop into a "no OS found" screen.<br />
<br />
== MSI ==<br />
<br />
These MSI motherboards seem to want the EFI program to exist in a different location from where GRUB installs it. Do one of the following after following the instructions for installing [[GRUB]]:<br />
<br />
=== B250M PRO-VH ===<br />
<br />
# mkdir ''esp''/EFI/BOOT<br />
# cp ''esp''/EFI/grub/grubx64.efi ''esp''/EFI/BOOT/shellx64.efi<br />
<br />
=== B150 PC MATE / B250 PC MATE / H110I PRO / Z370 GAMING PLUS ===<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
{{Note|The procedures above probably also work for other MSI motherboards.}}<br />
<br />
== HP ==<br />
<br />
=== EliteBook 840 G1 ===<br />
<br />
See [[HP EliteBook 840 G1#UEFI Setup]] for details.<br />
<br />
{{Note|The procedures in the link above probably also work for a range of other HP models.}}<br />
<br />
== Intel ==<br />
<br />
=== S5400 Family ===<br />
<br />
{{Expansion|Does it support booting from the default/fallback boot path {{ic|''esp''/EFI/BOOT/BOOTia32.efi}}? If it does, the instructions could be simplified.}}<br />
<br />
This board can run in BIOS or in EFI mode. BIOS mode requires an MBR partitioned hard drive, EFI - a GPT hard drive. Please note that this board operates on the Intel EFI v1.10 specification, and is IA32 (32-bit) only. The normal procedure for UEFI installation can be followed, with the exception of the following changes.<br />
<br />
* Instead of using the {{ic|grub-efi-x86_64}} target, {{ic|grub-efi-i386}} has to be used<br />
* The {{ic|bcfg}} command is not available for pre-UEFI (v2.0) firmware. A {{ic|startup.nsh}} file can be used on the root of the [[EFI system partition]] containing the path to the bootloader. For example: {{ic|FS0:\EFI\GRUB\grubia32.efi}} has to be placed in the {{ic|startup.nsh}} file on the root of the EFI system partition.<br />
* The {{ic|grub.cfg}} file has to be placed in the same directory as the grub EFI binary, otherwise GRUB will not find it and enter the interactive shell.<br />
<br />
== Lenovo ==<br />
<br />
=== K450 IdeaCentre ===<br />
<br />
The EFI system partition requires the file {{ic|\EFI\BOOT\BOOTx64.efi}} to be present in order to boot, otherwise you will receive "Error 1962: No operating system found. Boot sequence will automatically repeat."<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
This is a workaround for what is likely a bug in the UEFI implementation.<br />
<br />
=== M92p ThinkCentre ===<br />
<br />
This system whitelists UEFI boot entries. It will only boot from a entry called "Red Hat Enterprise Linux". So specify the bootloader-id appropriately:<br />
<br />
# grub-install --target=x86_64-efi --efi-directory=''esp'' --bootloader-id="Red Hat Enterprise Linux" --recheck --debug<br />
<br />
=== X270 Thinkpad ===<br />
<br />
{{Accuracy|There's no need to do anything special for UEFI booting on this laptop.|section=X270}}<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].</div>Avi9526https://wiki.archlinux.org/index.php?title=GRUB/EFI_examples&diff=578468GRUB/EFI examples2019-07-31T12:20:32Z<p>Avi9526: /* B150 PC MATE / B250 PC MATE / H110I PRO / Z370 GAMING PLUS */ bios update seems to solve this problem for B150</p>
<hr />
<div>[[Category:Boot loaders]]<br />
[[ja:GRUB/EFI サンプル]]<br />
[[zh-hans:GRUB/EFI examples]]<br />
{{Accuracy|Many of the examples below indicate that the GRUB EFI binary ({{ic|grubx64.efi}}) needs to be copied to a special location (e.g, {{ic|''esp''/EFI/BOOT/bootx64.efi}}). Although this may work, this is the ''fallback'' filename. Other options may also work, like using [[efibootmgr]] or [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]].}}<br />
<br />
It is well known that different motherboard manufactures implement UEFI differently. The purpose of this page is to show hardware-specific methods known to work when installing/restoring GRUB in EFI mode.<br />
<br />
{{Note|In the entire article {{ic|''esp''}} denotes the mountpoint of the [[EFI system partition]] aka ESP.}}<br />
<br />
== Apple Macs ==<br />
<br />
Use bless command from within macOS to set {{ic|grubx64.efi}} as the default boot option. You can also boot from the macOS install disc and launch a Terminal there if you only have Linux installed. In the Terminal, create a directory and mount the [[EFI system partition]]:<br />
<br />
# cd /Volumes<br />
# mkdir efi<br />
# mount -t msdos /dev/disk0s1 /Volumes/efi<br />
<br />
Then run bless on {{ic|grub.efi}} and on the EFI system partition to set them as the default boot options.<br />
<br />
# bless --folder=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
# bless --mount=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
<br />
More info at https://help.ubuntu.com/community/UEFIBooting#Apple_Mac_EFI_systems_.28both_EFI_architecture.29.<br />
<br />
{{Note|<br />
* TODO: GRUB upstream Bazaar mactel branch http://bzr.savannah.gnu.org/lh/grub/branches/mactel/changes{{Dead link|2018|07|12}}. No further update from grub developers.<br />
* TODO: Experimental "bless" utility for Linux by Fedora developers - {{AUR|mactel-boot}}. Requires more testing.<br />
}}<br />
<br />
== Asus ==<br />
<br />
=== Z68 Family and U47 Family ===<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use [[efibootmgr]] to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
If your motherboard has no such option (or even if it does), you can use [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]] to create a UEFI boot option for the Arch partition temporarily.<br />
<br />
Once you boot into the UEFI shell, add a UEFI boot menu entry:<br />
<br />
Shell> bcfg boot add 0 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|\EFI\GRUB\grubx64.efi}} is the the from the {{ic|--bootloader-id}} from the {{ic|grub-install}} command above.<br />
<br />
This will temporarily add a UEFI boot option for the next boot to get into Arch. Once in Arch, {{ic|modprobe efivars}} and confirm that {{ic|efibootmgr}} creates no errors (no errors meaning you successfully booted in UEFI mode). Then [[GRUB#Installation_2|GRUB installation]] can be performed again and should successfully permanently add a boot entry in the UEFI menu.<br />
<br />
=== ux32vd ===<br />
<br />
{{Note|The BIOS does not allow computer to boot from GPT disk if there is no properly set-up UEFI boot entry. The disk even may not be seen in BIOS in this case. The fix is to make a proper UEFI boot entry.}}<br />
<br />
There is a caveat. If the machine was booted from MBR then {{ic|grub-install}} (or [[efibootmgr]]) will fail to create the UEFI boot entry with the following error:<br />
<br />
EFI variables are not supported on this system<br />
<br />
You first need to boot the machine with EFI and then create the boot entry. This can be done the way described for Z68 Family: by copying {{ic|''esp''/EFI/GRUB/grubx64.efi}} into {{ic|''esp''/shellx64.efi}} and selecting "Launch EFI shell from filesystem device".<br />
After successful boot it is possible to create a boot entry using [[GRUB#Installation_2|grub-install]] or [[efibootmgr]].<br />
<br />
=== P8Z77 Family ===<br />
<br />
{{Accuracy|This procedure is most likely no longer necessary and you can just create the entry via [[efibootmgr]].}}<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The [[EFI system partition]] should contain just two files:<br />
<br />
/Shell.efi<br />
/EFI/GRUB/grubx64.efi<br />
<br />
* Reboot and enter the BIOS (the {{ic|Delete}} key will do this).<br />
* Using the arrow keys, move to the ''exit'' menu and drop down to the ''EFI shell''.<br />
* Add an entry for Arch to the menu. Below is an example, see the [[Unified Extensible Firmware Interface#Launching UEFI Shell]] article for more.<br />
<br />
'''Within UEFI shell'''<br />
<br />
Shell> bcfg boot dump -v<br />
Shell> bcfg boot add 1 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
Shell> exit<br />
<br />
* Reboot the machine and enter the BIOS.<br />
* Navigate to the ''Boot'' section and adjust the boot order to with the "GRUB" being the one on the SSD.<br />
* Boot to this entry and enjoy.<br />
<br />
=== M5A97===<br />
<br />
Finish the standard Arch install procedures, making sure that you partition your boot hard disk as GPT.<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The reason that we need this shell application is that the {{ic|efibootmgr}} command will fail silently during {{ic|grub-install}}.<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The UEFI shell will show up. From here we need to add our GRUB entry to the NVRAM.<br />
<br />
Shell> bcfg boot add 3 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|3}} is the zero based boot entry index.<br />
<br />
{{Tip|UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. {{ic|map}} lists recognized filesystems ({{ic|fs0}}, ...) and data storage devices ({{ic|blk0}}, ...). Run {{ic|help -b}} to list available commands. See [[Unified Extensible Firmware Interface#Important UEFI Shell commands]] for more information.}}<br />
<br />
To list the current boot entries you can run:<br />
<br />
Shell> bcfg boot dump -v<br />
<br />
== Asrock ==<br />
<br />
=== Z97M Pro4 ===<br />
<br />
{{Accuracy|If ''efibootmgr'' works when launched from the installed system, why would it not work when {{ic|grub-install}} executes it?}}<br />
<br />
This is a similar procedure to Asus Z68 Family. This was tested on a Z97M Pro4 BIOS P1.90.<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASROCK UEFI BIOS, goto ''Exit'' tab and choose "Launch EFI Shell From Filesystem Device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use ''efibootmgr'' to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
== Dell ==<br />
<br />
=== PowerEdge T30 ===<br />
<br />
The Dell UEFI implementation needs the [[GRUB/Tips_and_tricks#UEFI_firmware_workaround|UEFI firmware workaround]] to load grub. Otherwise it will drop into a "no OS found" screen.<br />
<br />
== MSI ==<br />
<br />
These MSI motherboards seem to want the EFI program to exist in a different location from where GRUB installs it. Do one of the following after following the instructions for installing [[GRUB]]:<br />
<br />
=== B250M PRO-VH ===<br />
<br />
# mkdir ''esp''/EFI/BOOT<br />
# cp ''esp''/EFI/grub/grubx64.efi ''esp''/EFI/BOOT/shellx64.efi<br />
<br />
=== B150 PC MATE / B250 PC MATE / H110I PRO / Z370 GAMING PLUS ===<br />
<br />
Check if motherboard firmware is latest version or install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
{{Note|The procedures above probably also work for other MSI motherboards.}}<br />
<br />
== HP ==<br />
<br />
=== EliteBook 840 G1 ===<br />
<br />
See [[HP EliteBook 840 G1#UEFI Setup]] for details.<br />
<br />
{{Note|The procedures in the link above probably also work for a range of other HP models.}}<br />
<br />
== Intel ==<br />
<br />
=== S5400 Family ===<br />
<br />
{{Expansion|Does it support booting from the default/fallback boot path {{ic|''esp''/EFI/BOOT/BOOTia32.efi}}? If it does, the instructions could be simplified.}}<br />
<br />
This board can run in BIOS or in EFI mode. BIOS mode requires an MBR partitioned hard drive, EFI - a GPT hard drive. Please note that this board operates on the Intel EFI v1.10 specification, and is IA32 (32-bit) only. The normal procedure for UEFI installation can be followed, with the exception of the following changes.<br />
<br />
* Instead of using the {{ic|grub-efi-x86_64}} target, {{ic|grub-efi-i386}} has to be used<br />
* The {{ic|bcfg}} command is not available for pre-UEFI (v2.0) firmware. A {{ic|startup.nsh}} file can be used on the root of the [[EFI system partition]] containing the path to the bootloader. For example: {{ic|FS0:\EFI\GRUB\grubia32.efi}} has to be placed in the {{ic|startup.nsh}} file on the root of the EFI system partition.<br />
* The {{ic|grub.cfg}} file has to be placed in the same directory as the grub EFI binary, otherwise GRUB will not find it and enter the interactive shell.<br />
<br />
== Lenovo ==<br />
<br />
=== K450 IdeaCentre ===<br />
<br />
The EFI system partition requires the file {{ic|\EFI\BOOT\BOOTx64.efi}} to be present in order to boot, otherwise you will receive "Error 1962: No operating system found. Boot sequence will automatically repeat."<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
This is a workaround for what is likely a bug in the UEFI implementation.<br />
<br />
=== M92p ThinkCentre ===<br />
<br />
This system whitelists UEFI boot entries. It will only boot from a entry called "Red Hat Enterprise Linux". So specify the bootloader-id appropriately:<br />
<br />
# grub-install --target=x86_64-efi --efi-directory=''esp'' --bootloader-id="Red Hat Enterprise Linux" --recheck --debug<br />
<br />
=== X270 Thinkpad ===<br />
<br />
{{Accuracy|There's no need to do anything special for UEFI booting on this laptop.|section=X270}}<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].</div>Avi9526https://wiki.archlinux.org/index.php?title=GRUB/EFI_examples&diff=578068GRUB/EFI examples2019-07-26T20:38:20Z<p>Avi9526: mention MSI B150 PC MATE</p>
<hr />
<div>[[Category:Boot loaders]]<br />
[[ja:GRUB/EFI サンプル]]<br />
[[zh-hans:GRUB/EFI examples]]<br />
{{Accuracy|Many of the examples below indicate that the GRUB EFI binary ({{ic|grubx64.efi}}) needs to be copied to a special location (e.g, {{ic|''esp''/EFI/BOOT/bootx64.efi}}). Although this may work, this is the ''fallback'' filename. Other options may also work, like using [[efibootmgr]] or [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]].}}<br />
<br />
It is well known that different motherboard manufactures implement UEFI differently. The purpose of this page is to show hardware-specific methods known to work when installing/restoring GRUB in EFI mode.<br />
<br />
{{Note|In the entire article {{ic|''esp''}} denotes the mountpoint of the [[EFI system partition]] aka ESP.}}<br />
<br />
== Apple Macs ==<br />
<br />
Use bless command from within macOS to set {{ic|grubx64.efi}} as the default boot option. You can also boot from the macOS install disc and launch a Terminal there if you only have Linux installed. In the Terminal, create a directory and mount the [[EFI system partition]]:<br />
<br />
# cd /Volumes<br />
# mkdir efi<br />
# mount -t msdos /dev/disk0s1 /Volumes/efi<br />
<br />
Then run bless on {{ic|grub.efi}} and on the EFI system partition to set them as the default boot options.<br />
<br />
# bless --folder=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
# bless --mount=/Volumes/efi --file=/Volumes/efi/EFI/GRUB/grubx64.efi --setBoot<br />
<br />
More info at https://help.ubuntu.com/community/UEFIBooting#Apple_Mac_EFI_systems_.28both_EFI_architecture.29.<br />
<br />
{{Note|<br />
* TODO: GRUB upstream Bazaar mactel branch http://bzr.savannah.gnu.org/lh/grub/branches/mactel/changes{{Dead link|2018|07|12}}. No further update from grub developers.<br />
* TODO: Experimental "bless" utility for Linux by Fedora developers - {{AUR|mactel-boot}}. Requires more testing.<br />
}}<br />
<br />
== Asus ==<br />
<br />
=== Z68 Family and U47 Family ===<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use [[efibootmgr]] to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
If your motherboard has no such option (or even if it does), you can use [[Unified Extensible Firmware Interface#UEFI Shell|UEFI shell]] to create a UEFI boot option for the Arch partition temporarily.<br />
<br />
Once you boot into the UEFI shell, add a UEFI boot menu entry:<br />
<br />
Shell> bcfg boot add 0 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|\EFI\GRUB\grubx64.efi}} is the the from the {{ic|--bootloader-id}} from the {{ic|grub-install}} command above.<br />
<br />
This will temporarily add a UEFI boot option for the next boot to get into Arch. Once in Arch, {{ic|modprobe efivars}} and confirm that {{ic|efibootmgr}} creates no errors (no errors meaning you successfully booted in UEFI mode). Then [[GRUB#Installation_2|GRUB installation]] can be performed again and should successfully permanently add a boot entry in the UEFI menu.<br />
<br />
=== ux32vd ===<br />
<br />
{{Note|The BIOS does not allow computer to boot from GPT disk if there is no properly set-up UEFI boot entry. The disk even may not be seen in BIOS in this case. The fix is to make a proper UEFI boot entry.}}<br />
<br />
There is a caveat. If the machine was booted from MBR then {{ic|grub-install}} (or [[efibootmgr]]) will fail to create the UEFI boot entry with the following error:<br />
<br />
EFI variables are not supported on this system<br />
<br />
You first need to boot the machine with EFI and then create the boot entry. This can be done the way described for Z68 Family: by copying {{ic|''esp''/EFI/GRUB/grubx64.efi}} into {{ic|''esp''/shellx64.efi}} and selecting "Launch EFI shell from filesystem device".<br />
After successful boot it is possible to create a boot entry using [[GRUB#Installation_2|grub-install]] or [[efibootmgr]].<br />
<br />
=== P8Z77 Family ===<br />
<br />
{{Accuracy|This procedure is most likely no longer necessary and you can just create the entry via [[efibootmgr]].}}<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The [[EFI system partition]] should contain just two files:<br />
<br />
/Shell.efi<br />
/EFI/GRUB/grubx64.efi<br />
<br />
* Reboot and enter the BIOS (the {{ic|Delete}} key will do this).<br />
* Using the arrow keys, move to the ''exit'' menu and drop down to the ''EFI shell''.<br />
* Add an entry for Arch to the menu. Below is an example, see the [[Unified Extensible Firmware Interface#Launching UEFI Shell]] article for more.<br />
<br />
'''Within UEFI shell'''<br />
<br />
Shell> bcfg boot dump -v<br />
Shell> bcfg boot add 1 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
Shell> exit<br />
<br />
* Reboot the machine and enter the BIOS.<br />
* Navigate to the ''Boot'' section and adjust the boot order to with the "GRUB" being the one on the SSD.<br />
* Boot to this entry and enjoy.<br />
<br />
=== M5A97===<br />
<br />
Finish the standard Arch install procedures, making sure that you partition your boot hard disk as GPT.<br />
<br />
[[GRUB#Installation_2|Install GRUB]] and copy the [[Unified Extensible Firmware Interface#Obtaining UEFI Shell|modified UEFI Shell binary]] to [[ESP]].<br />
<br />
The reason that we need this shell application is that the {{ic|efibootmgr}} command will fail silently during {{ic|grub-install}}.<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASUS UEFI BIOS, switch to advanced mode, press ''Exit'' in the top right corner and choose "Launch EFI shell from filesystem device"). The UEFI shell will show up. From here we need to add our GRUB entry to the NVRAM.<br />
<br />
Shell> bcfg boot add 3 FS0:\EFI\GRUB\grubx64.efi "GRUB"<br />
<br />
where {{ic|FS0:}} is the mapping corresponding to the [[EFI system partition]] and {{ic|3}} is the zero based boot entry index.<br />
<br />
{{Tip|UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. {{ic|map}} lists recognized filesystems ({{ic|fs0}}, ...) and data storage devices ({{ic|blk0}}, ...). Run {{ic|help -b}} to list available commands. See [[Unified Extensible Firmware Interface#Important UEFI Shell commands]] for more information.}}<br />
<br />
To list the current boot entries you can run:<br />
<br />
Shell> bcfg boot dump -v<br />
<br />
== Asrock ==<br />
<br />
=== Z97M Pro4 ===<br />
<br />
{{Accuracy|If ''efibootmgr'' works when launched from the installed system, why would it not work when {{ic|grub-install}} executes it?}}<br />
<br />
This is a similar procedure to Asus Z68 Family. This was tested on a Z97M Pro4 BIOS P1.90.<br />
<br />
# cp ''esp''/EFI/GRUB/grubx64.efi ''esp''/shellx64.efi<br />
<br />
After this launch the UEFI Shell from the UEFI setup/menu (in ASROCK UEFI BIOS, goto ''Exit'' tab and choose "Launch EFI Shell From Filesystem Device"). The GRUB menu will show up and you can boot into your system. Afterwards you can use ''efibootmgr'' to setup a menu entry, for example if you have the [[EFI system partition]] on {{ic|/dev/sda1}}:<br />
<br />
# efibootmgr --create --disk /dev/sda --part 1 --write-signature --loader /EFI/GRUB/grubx64.efi --label "GRUB" --verbose<br />
<br />
== Dell ==<br />
<br />
=== PowerEdge T30 ===<br />
<br />
The Dell UEFI implementation needs the [[GRUB/Tips_and_tricks#UEFI_firmware_workaround|UEFI firmware workaround]] to load grub. Otherwise it will drop into a "no OS found" screen.<br />
<br />
== MSI ==<br />
<br />
These MSI motherboards seem to want the EFI program to exist in a different location from where GRUB installs it. Do one of the following after following the instructions for installing [[GRUB]]:<br />
<br />
=== B250M PRO-VH ===<br />
<br />
# mkdir ''esp''/EFI/BOOT<br />
# cp ''esp''/EFI/grub/grubx64.efi ''esp''/EFI/BOOT/shellx64.efi<br />
<br />
=== B150 PC MATE / B250 PC MATE / H110I PRO / Z370 GAMING PLUS ===<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
{{Note|The procedures above probably also work for other MSI motherboards.}}<br />
<br />
== HP ==<br />
<br />
=== EliteBook 840 G1 ===<br />
<br />
See [[HP EliteBook 840 G1#UEFI Setup]] for details.<br />
<br />
{{Note|The procedures in the link above probably also work for a range of other HP models.}}<br />
<br />
== Intel ==<br />
<br />
=== S5400 Family ===<br />
<br />
{{Expansion|Does it support booting from the default/fallback boot path {{ic|''esp''/EFI/BOOT/BOOTia32.efi}}? If it does, the instructions could be simplified.}}<br />
<br />
This board can run in BIOS or in EFI mode. BIOS mode requires an MBR partitioned hard drive, EFI - a GPT hard drive. Please note that this board operates on the Intel EFI v1.10 specification, and is IA32 (32-bit) only. The normal procedure for UEFI installation can be followed, with the exception of the following changes.<br />
<br />
* Instead of using the {{ic|grub-efi-x86_64}} target, {{ic|grub-efi-i386}} has to be used<br />
* The {{ic|bcfg}} command is not available for pre-UEFI (v2.0) firmware. A {{ic|startup.nsh}} file can be used on the root of the [[EFI system partition]] containing the path to the bootloader. For example: {{ic|FS0:\EFI\GRUB\grubia32.efi}} has to be placed in the {{ic|startup.nsh}} file on the root of the EFI system partition.<br />
* The {{ic|grub.cfg}} file has to be placed in the same directory as the grub EFI binary, otherwise GRUB will not find it and enter the interactive shell.<br />
<br />
== Lenovo ==<br />
<br />
=== K450 IdeaCentre ===<br />
<br />
The EFI system partition requires the file {{ic|\EFI\BOOT\BOOTx64.efi}} to be present in order to boot, otherwise you will receive "Error 1962: No operating system found. Boot sequence will automatically repeat."<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].<br />
<br />
This is a workaround for what is likely a bug in the UEFI implementation.<br />
<br />
=== M92p ThinkCentre ===<br />
<br />
This system whitelists UEFI boot entries. It will only boot from a entry called "Red Hat Enterprise Linux". So specify the bootloader-id appropriately:<br />
<br />
# grub-install --target=x86_64-efi --efi-directory=''esp'' --bootloader-id="Red Hat Enterprise Linux" --recheck --debug<br />
<br />
=== X270 Thinkpad ===<br />
<br />
{{Accuracy|There's no need to do anything special for UEFI booting on this laptop.|section=X270}}<br />
<br />
Install GRUB to the [[GRUB#Default/fallback boot path|default/fallback boot path]].</div>Avi9526https://wiki.archlinux.org/index.php?title=Power_management/Suspend_and_hibernate&diff=529671Power management/Suspend and hibernate2018-07-15T05:00:10Z<p>Avi9526: /* Suspend/hibernate doesn't work, or not consistently */ tell about watchdog timer</p>
<hr />
<div>[[Category:Power management]]<br />
[[ja:サスペンドとハイバネート]]<br />
[[ru:Power management/Suspend and hibernate]]<br />
[[zh-hans:Power management/Suspend and hibernate]]<br />
{{Related articles start}}<br />
{{Related|Uswsusp}}<br />
{{Related|systemd}}<br />
{{Related|Power management}}<br />
{{Related articles end}}<br />
<br />
Currently there are three methods of suspending available: '''suspend to RAM''' (usually called just '''suspend'''), '''suspend to disk''' (usually known as '''hibernate'''), and '''hybrid suspend''' (sometimes aptly called '''suspend to both'''):<br />
<br />
* '''Suspend to RAM''' method cuts power to most parts of the machine aside from the RAM, which is required to restore the machine's state. Because of the large power savings, it is advisable for laptops to automatically enter this mode when the computer is running on batteries and the lid is closed (or the user is inactive for some time).<br />
<br />
* '''Suspend to disk''' method saves the machine's state into [[swap space]] and completely powers off the machine. When the machine is powered on, the state is restored. Until then, there is zero power consumption.<br />
<br />
* '''Suspend to both''' method saves the machine's state into swap space, but does not power off the machine. Instead, it invokes usual suspend to RAM. Therefore, if the battery is not depleted, the system can resume from RAM. If the battery is depleted, the system can be resumed from disk, which is much slower than resuming from RAM, but the machine's state has not been lost.<br />
<br />
There are multiple low level interfaces (backends) providing basic functionality, and some high level interfaces providing tweaks to handle problematic hardware drivers/kernel modules (e.g. video card re-initialization).<br />
<br />
== Low level interfaces ==<br />
<br />
Though these interfaces can be used directly, it is advisable to use some of [[#High level interfaces|high level interfaces]] to suspend/hibernate. Using low level interfaces directly is significantly faster than using any high level interface, since running all the pre- and post-suspend hooks takes time, but hooks can properly set hardware clock, restore wireless etc.<br />
<br />
=== kernel (swsusp) ===<br />
<br />
The most straightforward approach is to directly inform the in-kernel software suspend code (swsusp) to enter a suspended state; the exact method and state depends on the level of hardware support. On modern kernels, writing appropriate strings to {{ic|/sys/power/state}} is the primary mechanism to trigger this suspend.<br />
<br />
See [https://www.kernel.org/doc/Documentation/power/states.txt kernel documentation] for details.<br />
<br />
=== uswsusp ===<br />
<br />
The uswsusp ('Userspace Software Suspend') is a wrapper around the kernel's suspend-to-RAM mechanism, which performs some graphics adapter manipulations from userspace before suspending and after resuming.<br />
<br />
See main article [[Uswsusp]].<br />
<br />
== High level interfaces ==<br />
<br />
The end goal of these packages is to provide binaries/scripts that can be invoked to perform suspend/hibernate. Actually hooking them up to power buttons or menu clicks or laptop lid events is usually left to other tools. To automatically suspend/hibernate on certain power events, such as laptop lid close or battery depletion percentage, you may want to look into running [[Acpid]].<br />
<br />
=== systemd ===<br />
<br />
[[systemd]] provides native commands for suspend, hibernate and a hybrid suspend, see [[Power management#Power management with systemd]] for details. This is the default interface used in Arch Linux.<br />
<br />
See [[Power management#Sleep hooks]] for additional information on configuring suspend/hibernate hooks. Also see {{man|1|systemctl}}, {{man|8|systemd-sleep}}, and {{man|7|systemd.special}}.<br />
<br />
== Hibernation ==<br />
<br />
In order to use hibernation, you need to create a [[swap]] partition or file. You will need to point the kernel to your swap using the {{ic|1=resume=}} kernel parameter, which is configured via the boot loader. You will also need to [[#Configure the initramfs|configure the initramfs]]. This tells the kernel to attempt resuming from the specified swap in early userspace. These three steps are described in detail below.<br />
<br />
=== About swap partition/file size ===<br />
<br />
Even if your swap partition is smaller than RAM, you still have a big chance of hibernating successfully. According to [https://www.kernel.org/doc/Documentation/power/interface.txt kernel documentation]:<br />
<br />
: ''{{ic|/sys/power/image_size}} controls the size of the image created by the suspend-to-disk mechanism. It can be written a string representing a non-negative integer that will be used as an upper limit of the image size, in bytes. The suspend-to-disk mechanism will do its best to ensure the image size will not exceed that number. However, if this turns out to be impossible, it will try to suspend anyway using the smallest image possible. In particular, if "0" is written to this file, the suspend image will be as small as possible. Reading from this file will display the current image size limit, which is set to 2/5 of available RAM by default.''<br />
<br />
You may either decrease the value of {{ic|/sys/power/image_size}} to make the suspend image as small as possible (for small swap partitions), or increase it to possibly speed up the hibernation process.<br />
<br />
See [[Systemd#Temporary files]] to make this change persistent.<br />
<br />
=== Required kernel parameters ===<br />
<br />
The kernel parameter {{ic|1=resume=''swap_partition''}} has to be used. Either the name the kernel assigns to the partition or its [[UUID]] can be used as {{ic|''swap_partition''}}. For example:<br />
<br />
* {{ic|1=resume=/dev/sda1}}<br />
* {{ic|1=resume=UUID=4209c845-f495-4c43-8a03-5363dd433153}}<br />
* {{ic|1=resume=/dev/archVolumeGroup/archLogicVolume}} -- example if using LVM<br />
<br />
Generally, the naming method used for the {{ic|resume}} parameter should be the same as used for the {{ic|root}} parameter.<br />
<br />
The configuration depends on the used [[boot loader]], refer to [[Kernel parameters]] for details.<br />
<br />
==== Hibernation into swap file ====<br />
<br />
{{Warning|[[Btrfs#Swap file|Btrfs]] does not support swap files. Failure to heed this warning may result in file system corruption. While a swap file may be used on Btrfs when mounted through a loop device, this will result in severely degraded swap performance.}}<br />
<br />
Using a swap file instead of a swap partition requires an additional kernel parameter {{ic|1=resume_offset=''swap_file_offset''}}.<br />
<br />
The value of {{ic|''swap_file_offset''}} can be obtained by running {{ic|filefrag -v ''swap_file''}}, the output is in a table format and the required value is located in the first row of the {{ic|physical_offset}} column. For example:<br />
<br />
{{hc|# filefrag -v /swapfile|<nowiki><br />
Filesystem type is: ef53<br />
File size of /swapfile is 4294967296 (1048576 blocks of 4096 bytes)<br />
ext: logical_offset: physical_offset: length: expected: flags:<br />
0: 0.. 0: 38912.. 38912: 1: <br />
1: 1.. 22527: 38913.. 61439: 22527: unwritten<br />
2: 22528.. 53247: 899072.. 929791: 30720: 61440: unwritten<br />
...<br />
</nowiki>}}<br />
<br />
In the example the value of {{ic|''swap_file_offset''}} is the first {{ic|38912}} with the two periods.<br />
<br />
The value of {{ic|''swap_file_offset''}} can also be obtained by running {{ic|swap-offset ''swap_file''}}. The ''swap-offset'' binary is provided by package {{AUR|uswsusp-git}}.<br />
<br />
{{Note|<br />
* The {{ic|resume}} kernel parameter specifies the device of the partition that contains the swap file, not swap file itself! The parameter {{ic|resume_offset}} informs the system where the swap file starts on the resume device. Before the first hibernation a reboot is required for them to be active.<br />
* If using [[uswsusp]], then these two parameters have to be provided in {{ic|/etc/suspend.conf}} via the keys {{ic|resume device}} and {{ic|resume offset}}. No reboot is required in this case.}}<br />
<br />
{{Tip|You might want to decrease the [[Swap#Swappiness]] for your swapfile if the only purpose is to be able to hibernate and not expand RAM.}}<br />
<br />
=== Configure the initramfs ===<br />
<br />
* When an [[initramfs]] with the {{ic|base}} hook is used, which is the default, the {{ic|resume}} hook is required in {{ic|/etc/mkinitcpio.conf}}. Whether by label or by UUID, the swap partition is referred to with a udev device node, so the {{ic|resume}} hook must go ''after'' the {{ic|udev}} hook. This example was made starting from the default hook configuration:<br />
<br />
:{{bc|1=HOOKS=(base udev autodetect keyboard modconf block filesystems '''resume''' fsck)}}<br />
<br />
:Remember to [[regenerate the initramfs]] for these changes to take effect.<br />
<br />
:{{Note|[[LVM]] users should add the {{ic|resume}} hook after {{ic|lvm2}}.}}<br />
<br />
* When an initramfs with the {{ic|systemd}} hook is used, a resume mechanism is already provided, and no further hooks need to be added.<br />
<br />
== Troubleshooting ==<br />
<br />
=== ACPI_OS_NAME ===<br />
<br />
You might want to tweak your '''DSDT table''' to make it work. See [[DSDT]] article<br />
<br />
=== VAIO Users ===<br />
<br />
Add acpi_sleep=nonvs kernel flag to your loader, and you are done!<br />
<br />
=== Suspend/hibernate doesn't work, or not consistently ===<br />
<br />
There have been many reports about the screen going black without easily viewable errors or the ability to do anything when going into and coming back from suspend and/or hibernate. These problems have been seen on both laptops and desktops. This is not an official solution, but switching to an older kernel, especially the LTS-kernel, will probably fix this.<br />
<br />
Also problem may rise when using hardware watchdog timer (disabled by default, see [https://www.freedesktop.org/software/systemd/man/systemd-system.conf.html#RuntimeWatchdogSec=]). When bugged watchdog timer may reset computer before system able to finish creating the hibernation image.<br />
<br />
Sometimes the screen goes black due to device initialization from within the initramfs. Removing any modules you might have in [[Mkinitcpio#MODULES]] and rebuilding the initramfs, can possibly solve this issue, specially graphics drivers for [[Kernel_mode_setting#Early_KMS_start|early KMS]]. Initializing such devices before resuming can cause inconsistencies that prevents the system resuming from hibernation. This does not affect resuming from RAM. Also, check this [https://01.org/blogs/rzhang/2015/best-practice-debug-linux-suspend/hibernate-issues article] for the best practices to debug suspend/hibernate issues.<br />
<br />
For Intel graphics drivers, enabling early KMS may help to solve the blank screen issue. Refer to [[Kernel mode setting#Early KMS start]] for details.<br />
<br />
After upgrading to kernel 4.15.3, resume may fail with a static (non-blinking) cursor on a black screen. [[Blacklisting]] the module {{ic|nvidiafb}} might help. [https://bbs.archlinux.org/viewtopic.php?id=234646]<br />
<br />
=== Wake-on-LAN ===<br />
<br />
If [[Wake-on-LAN]] is active, the network interface card will consume power even if the computer is hibernated.<br />
<br />
=== Instantaneous wakeups from suspend ===<br />
<br />
For some Intel Haswell systems with the LynxPoint and LynxPoint-LP chipset, instantaneous wakeups after suspend are reported. They are linked to erroneous BIOS ACPI implementations and how the {{ic|xhci_hcd}} module interprets it during boot. As a work-around reported affected systems are added to a blacklist (named {{ic|XHCI_SPURIOUS_WAKEUP}}) by the kernel case-by-case.[https://bugzilla.kernel.org/show_bug.cgi?id=66171#c6] <br />
<br />
Instantaneous resume may happen, for example, if a USB device is plugged during suspend and ACPI wakeup triggers are enabled. A viable work-around for such a system, if it is not on the blacklist yet, is to disable the wakeup triggers. An example to disable wakeup through USB is described as follows.[https://bbs.archlinux.org/viewtopic.php?pid=1575617] <br />
<br />
To view the current configuration:<br />
<br />
{{hc|$ cat /proc/acpi/wakeup|<br />
Device S-state Status Sysfs node<br />
...<br />
EHC1 S3 *enabled pci:0000:00:1d.0<br />
EHC2 S3 *enabled pci:0000:00:1a.0<br />
XHC S3 *enabled pci:0000:00:14.0<br />
...<br />
}}<br />
<br />
The relevant devices are {{ic|EHC1}}, {{ic|EHC2}} and {{ic|XHC}} (for USB 3.0). To toggle their state you have to echo the device name to the file as root.<br />
<br />
# echo EHC1 > /proc/acpi/wakeup<br />
# echo EHC2 > /proc/acpi/wakeup<br />
# echo XHC > /proc/acpi/wakeup<br />
<br />
This should result in suspension working again. However, this settings are only temporary and would have to be set at every reboot. To automate this take a look at [[systemd#Writing unit files]]. See [https://bbs.archlinux.org/viewtopic.php?pid=1575617#p1575617 BBS thread] for a possible solution and more information.</div>Avi9526https://wiki.archlinux.org/index.php?title=CUPS/Printer_sharing&diff=524917CUPS/Printer sharing2018-06-05T19:21:42Z<p>Avi9526: tell about cups classes</p>
<hr />
<div>[[Category:Printers]]<br />
[[ja:CUPS/プリンター共有]]<br />
[[ru:CUPS/Printer sharing]]<br />
[[zh-hans:CUPS/Printer sharing]]<br />
{{Related articles start}}<br />
{{Related|Samba}}<br />
{{Related|CUPS}}<br />
{{Related articles end}}<br />
<br />
This article contains instruction on sharing printers between systems, be it between two GNU/Linux systems or between a GNU/Linux system and Microsoft Windows. <br />
<br />
==Creating class for multiple printers==<br />
<br />
'Class' in CUPS have meaning of a group. When you have multiple printers connected to single CUPS server you may want them to be balanced (printing jobs are automatically queued to different printers). This is also give an advantage that users on remote machine dealing with single 'printer'. Which is especially useful when one printer from class must be taken for repair, you just exclude it from class, yet for end users nothing have changed, printing jobs queued to another printer by CUPS server. Creating and managing classes can be done from CUPS Web GUI<br />
<br />
==Between GNU/Linux systems==<br />
<br />
The server can be configured using either the web interface or by manually editing {{ic|/etc/cups/cupsd.conf}}.<br />
To configure the client, see [[CUPS]].<br />
<br />
===Using the web interface===<br />
<br />
Open up the web interface to the server, select the ''Administration'' tab, look under the ''Server'' heading, and enable the "Share printers connected to this system" option. Save your change by clicking on the ''Change Settings'' button. The server will automatically restart.<br />
<br />
For more complex configurations, you can directly edit the {{ic|/etc/cups/cupsd.conf}} file by selecting ''Edit Configuration File''. See [[#Manual setup]] for more information.<br />
<br />
===Manual setup===<br />
<br />
On the server computer (the one directly connected to the printer), allow access to the server by modifying the location directive. For instance:<br />
{{hc|/etc/cups/cupsd.conf|<br />
<Location /><br />
Order allow,deny<br />
Allow localhost<br />
Allow 192.168.0.*<br />
</Location><br />
...<br />
}}<br />
<br />
Also make sure the server is listening on the IP address the client will use:<br />
{{hc|/etc/cups/cupsd.conf|<br />
...<br />
Listen <hostname>:631<br />
...<br />
}}<br />
<br />
There are more configuration possibilities, including automatic methods, which are described in detail in [https://www.cups.org/doc/network.html Using Network Printers] and {{man|5|cupsd.conf}}.<br />
<br />
After making any modifications, [[restart]] the {{ic|org.cups.cupsd}} service.<br />
<br />
If CUPS is started using socket activation, create a [[drop-in snippet]] for {{ic|org.cups.cupsd.socket}} so that socket activation also works for remote connections:<br />
{{hc|/etc/systemd/system/org.cups.cupsd.socket.d/override.conf|<nowiki><br />
[Socket]<br />
ListenStream=631<br />
</nowiki>}}<br />
<br />
===Enabling browsing===<br />
<br />
To enable browsing (shared printer discovery), [[Avahi]] must be installed and running on the server.<br />
If you do not need printer discovery, Avahi is not required on either the server or the client.<br />
<br />
To enable browsing, either select ''Share printers connected to this system'' in the web interface, or manually turn on Browsing and set the BrowseAddress:<br />
{{hc|/etc/cups/cupsd.conf|<br />
...<br />
Browsing On<br />
BrowseAddress 192.168.0.*:631<br />
...<br />
}}<br />
and [[restart]] the {{ic|org.cups.cupsd}} service.<br />
<br />
Note that "browsing" at the print server is a different thing from "browsing" at a remote networked host. On the print server, {{ic|cupsd}} provides the DNS-SD protocol support which the {{ic|avahi-daemon}} broadcasts. The {{ic|cups-browsed}} service is unnecessary on the print server, unless also broadcasting the old CUPS protocol, or the print server is also "browsing" for other networked printers. On the remote networked host, the {{ic|cups-browsed}} service is ''required'' to "browse" for network broadcasts of print services, and running {{ic|cups-browsed}} will also automatically start {{ic|cupsd}}.<br />
<br />
The {{ic|org.cups.cupsd.service}} service will be automatically started when a USB printer is plugged in, however this may not be the case for other connection types. If {{ic|cupsd}} is not running, {{ic|avahi-daemon}} does not broadcast the print services, so in that case the systemd unit service file must be modified to start on boot, and then the service must again be "enabled/installed" with the new dependency. To do this, [[edit]] the service file {{ic|[Install]}} section to add a {{ic|1=WantedBy=default.target}} dependency, and then [[enable]] and [[start]] the {{ic|org.cups.cupsd.service}} service.<br />
<br />
==Between GNU/Linux and Windows==<br />
<br />
===Linux server - Windows client===<br />
<br />
====Sharing via IPP====<br />
<br />
The '''preferred way''' to connect a Windows client to a Linux print server is using [[wikipedia:Internet_Printing_Protocol|IPP]], as the configuration is simpler than using Samba. It is a standard printer protocol based on HTTP, allowing you to use port forwarding, tunneling etc.<br />
IPP has been natively supported by Windows since Windows 2000.<br />
{{Note|You may have to add the Internet Printing Client to Windows (''Control Panel > Programs > Turn Windows features on or off > Print and Document Services'')}}<br />
<br />
First, configure the server as described in the section [[#Between GNU/Linux systems]].<br />
<br />
On the Windows computer, go to ''Control Panel > Devices and Printers'' and choose 'Add a printer'. If on Windows 10, click "The printer that I want isn't listed". Next, choose 'Select a shared printer by name' and type in the location of the printer:<br />
<br />
http://''hostname'':631/printers/''printer_name''<br />
<br />
(where ''hostname'' is the GNU/Linux server's hostname or IP address and ''printer_name'' is the name of the print queue being connected to. You can also use the server's fully qualified domain name, if it has one, but you may need to set {{ic|ServerAlias my_fully_qualified_domain_name}} in {{ic|/etc/cups/cupsd.conf}} for this to work).<br />
<br />
{{Note|<br />
* The 'Add Printer' dialog in Windows suggests the format {{ic|<nowiki>http://computername/printers/printername/.printer</nowiki>}}, which it will not accept. Instead, use the syntax suggested above.<br />
* If you are using a proxy carefully check any used proxy '''exclusions'''. A wrong setting here may result in you being unable to add a printer until the next reboot even if you disable the proxy afterwards (at least on Windows 7).}}<br />
<br />
After this, install the native printer drivers for your printer on the Windows computer. If the CUPS server's print queue is set up to use its own printer drivers instead of as a {{ic|raw}} queue, you can just select a generic postscript printer driver for the Windows client (e.g. 'HP Color LaserJet 8500 PS' or 'Xerox DocuTech 135 PS2' or 'Microsoft PS Class driver').<br />
<br />
====Sharing via Samba====<br />
<br />
If your client's Windows version is below Windows 2000 or if you experienced troubles with IPP you can also use Samba for sharing.<br />
Note of course that with Samba this involves another complex piece of software. This makes this way '''more difficult to configure''' and thus sometimes also '''more error-prone''', mostly due to authentication problems.<br />
<br />
To configure Samba on the Linux server, edit {{ic|/etc/samba/smb.conf}} file to allow access to printers. File {{ic|smb.conf}} can look something like this:<br />
{{hc|/etc/samba/smb.conf|2=<br />
[global]<br />
workgroup=Heroes<br />
server string=Arch Linux Print Server<br />
security=user<br />
<br />
[printers]<br />
comment=All Printers<br />
path=/var/spool/samba<br />
browseable=yes<br />
# to allow user 'guest account' to print.<br />
guest ok=no<br />
writable=no<br />
printable=yes<br />
create mode=0700<br />
write list=@adm root yourusername<br />
}}<br />
<br />
That should be enough to share the printer, yet adding an individual printer entry may be desirable:<br />
{{hc|/etc/samba/smb.conf|2=<br />
[ML1250]<br />
comment=Samsung ML-1250 Laser Printer<br />
printer=ml1250<br />
path=/var/spool/samba<br />
printing=cups<br />
printable=yes<br />
printer admin=@admin root yourusername<br />
user client driver=yes<br />
# to allow user 'guest account' to print.<br />
guest ok=no<br />
writable=no<br />
write list=@adm root yourusername<br />
valid users=@adm root yourusername<br />
}}<br />
<br />
Please note that this assumes configuration was made so that users must have a valid account to access the printer. To have a public printer, set ''guest ok'' to ''yes'', and remove the ''valid users'' line. To add accounts, set up a regular GNU/Linux account and then set up a Samba password on the server. For instance:<br />
# useradd yourusername<br />
# smbpasswd -a yourusername<br />
<br />
<!--<br />
After setting up all the needed user accounts, the samba spool directory also needs configuration:<br />
{{bc|<br />
# mkdir /var/spool/samba<br />
# chmod 777 /var/spool/samba<br />
}}<br />
<br />
The next items that need changing are {{ic|/etc/cups/mime.convs}} and {{ic|/etc/cups/mime.types}}:<br />
<br />
{{ic|mime.convs}}:<br />
{{bc|<br />
# The following line is found at near the end of the file. Uncomment it.<br />
application/octet-stream application/vnd.cups-raw 0 -<br />
}}<br />
<br />
{{ic|mime.types}}:<br />
{{bc|<br />
# Again near the end of the file.<br />
application/octet-stream<br />
}}<br />
<br />
The changes to {{ic|mime.convs}} and {{ic|mime.types}} are needed to make CUPS print Microsoft Office document files. Many users seem to need that.<br />
--><br />
<br />
After this, restart the Samba daemon.<br />
<br />
Obviously, there are a lot of tweaks and customizations that can be done with setting up a Samba print server, so it is advised to look at the Samba and CUPS documentation for more help. The {{ic|smb.conf.example}} file also has some good samples that might warrant imitating.<br />
<br />
===Windows server - Linux client===<br />
{{Warning|Any special characters in the printer URIs need to be appropriately quoted, or, if your Windows printer name or user passwords have spaces, CUPS will throw a "lpadmin: Bad device-uri" error.<br />
For example:<br />
<code>smb://BEN-DESKTOP/HP Color LaserJet CP1510 series PCL6</code><br />
<br />
becomes:<br />
<br />
<code>smb://BEN-DESKTOP/HP%20Color%20LaserJet%20CP1510%20series%20PCL6</code><br />
<br />
This result string can be obtained by running the following command:<br />
$ python -c 'from urllib.parse import quote; print("smb://" + quote("BEN-DESKTOP/HP Color LaserJet CP1510 series PCL6"))'<br />
}}<br />
<br />
====Sharing via LPD====<br />
<br />
Windows 7, 8 and 10 have a built-in LPD server - using it will probably be the easiest approach as it does neither require an installation of ''Samba'' on the client nor heavy configuration on the server. It can be activated in the ''Control Panel'' under ''Programs'' -> ''Activate Windows functions'' in the section ''Print services''. The printer must have ''shared'' activated in its properties. Use a share name without any special characters like spaces, commas, etc.<br />
<br />
Then the printer can be added in CUPS, choosing LPD protocol. The printer address will look like this:<br />
<br />
# lpd://windowspc/printersharename<br />
<br />
Before adding the printer, you will most likely have to install an appropriate printer driver depending on your printer model. Generic PostScript or RAW drivers might also work.<br />
<br />
====Sharing via IPP====<br />
<br />
As above, IPP is also the '''preferred''' protocol for printer sharing although it '''only works with Windows Server versions'''. Windows Server versions (e.g. Server 2016) include IPP support ("Print and Document Services" role, "Internet Printing" service). Client versions (e.g. Windows 10), only include the IPP client, and '''do not support sharing through IPP'''.<br />
<br />
====Sharing via Samba====<br />
<br />
A '''much simpler way''' is using Window's native printer sharing via Samba. There is almost no configuration needed, and all of it can be done from the CUPS Backend. As above noted, if there are any problems the reason is mostly related to authentication trouble and Windows access restrictions.<br />
<br />
On the server side enable sharing for your desired printer and ensure that the user on the client machine has the right to access the printer.<br />
<br />
The following section describes how to set up the client, assuming that both daemons (cupsd and smbd) are running.<br />
<br />
=====Configuration using the web interface=====<br />
<br />
The Samba CUPS back-end is enabled by default, if for any reason it is not activate it by entering the following command and restarting CUPS.<br />
# ln -s $(which smbspool) /usr/lib/cups/backend/smb<br />
<br />
Next, simply log in on the CUPS web interface and choose to add a new printer. As a device choose "Windows Printer via SAMBA".<br />
<br />
For the device location, enter:<br />
smb://username:password@hostname/printer_name<br />
<br />
Or without a password:<br />
smb://username@hostname/printer_name<br />
<br />
Make sure that the user actually has access to the printer on the Windows computer and select the appropriate drivers. If the computer is located on a domain, make sure the URI includes the domain: <br />
smb://username:password@domain/hostname/printer_name<br />
<br />
=====Manual configuration=====<br />
<br />
{{Accuracy|This should probably use lpadmin instead of editing the config file}}<br />
<br />
For manual configuration stop the CUPS daemon and add your printer to {{ic|/etc/cups/printers.conf}}, which might for example look like this<br />
{{hc|/etc/cups/printers.conf|2=<br />
<DefaultPrinter MyPrinter><br />
AuthInfoRequired username,password<br />
Info My printer via SAMBA<br />
Location In my Office<br />
MakeModel Samsung ML-1250 - CUPS+Gutenprint v5.2.7 # <= use 'lpinfo -m' to list available models<br />
DeviceURI smb://username:password@hostname/printer_name # <= server URI as described in previous section<br />
State Idle<br />
Type 4<br />
Accepting Yes<br />
Shared No<br />
JobSheets none none<br />
QuotaPeriod 0<br />
PageLimit 0<br />
KLimit 0<br />
AllowUser yourusername # <= do not forget to change this<br />
OpPolicy default<br />
ErrorPolicy stop-printer<br />
</Printer><br />
}}<br />
<br />
Then restart the CUPS daemon and try to print a test page.<br />
<br />
=====Finding URIs for Windows print servers=====<br />
<br />
Sometimes Windows is a little less than forthcoming about exact device URIs (device locations). If having trouble specifying the correct device location in CUPS, run the following command to list all shares available to a certain windows username:<br />
$ smbtree -U ''windowsusername''<br />
This will list every share available to a certain Windows username on the local area network subnet, as long as Samba is set up and running properly. It should return something like this:<br />
{{bc| WORKGROUP<br />
\\REGULATOR-PC <br />
\\REGULATOR-PC\Z <br />
\\REGULATOR-PC\Public <br />
\\REGULATOR-PC\print$ Printer Drivers<br />
\\REGULATOR-PC\G <br />
\\REGULATOR-PC\EPSON Stylus CX8400 Series EPSON Stylus CX8400 Series}}<br />
What is needed here is first part of the last line, the resource matching the printer description. So to print to the EPSON Stylus printer, one would enter:<br />
smb://username.password@REGULATOR-PC/EPSON Stylus CX8400 Series<br />
as the URI into CUPS.<br />
<br />
==Remote administration==<br />
<br />
Once the server is set up as described in [[#Between GNU/Linux systems]], it can also be configured so that it can be remotely administered. Add the allowed hosts to the {{ic|<Location /admin>}} block in {{ic|/etc/cups/cupsd.conf}}, using the same syntax as described in [[#Manual setup]]. Note that three levels of access can be granted:<br />
<br />
<Location /> #access to the server<br />
<Location /admin> #access to the admin pages<br />
<Location /admin/conf> #access to configuration files<br />
<br />
To give remote hosts access to one of these levels, add an {{ic|Allow}} statement to that level's section. An {{ic|Allow}} statement can take one or more of the forms listed below:<br />
Allow from all<br />
Allow from host.domain.com<br />
Allow from *.domain.com<br />
Allow from ip-address<br />
Allow from ip-address/netmask<br />
Allow from @LOCAL<br />
<br />
Deny statements can also be used. For example, to give full access to all hosts on your local network interfaces, edit {{ic|/etc/cups/cupsd.conf}} to include this:<br />
# Restrict access to the server...<br />
# By default only localhost connections are possible<br />
<Location /><br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
# Restrict access to the admin pages...<br />
<Location /admin><br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
# Restrict access to configuration files...<br />
<Location /admin/conf><br />
AuthType Basic<br />
Require user @SYSTEM<br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
{{Accuracy|CUPS generates a certificate automatically so this should not be an issue}}<br />
<br />
You might also need to add:<br />
<br />
DefaultEncryption Never<br />
<br />
This should avoid the error: 426 - Upgrade Required when using the CUPS web interface from a remote machine.<br />
<br />
=== Kerberos ===<br />
<br />
[[Kerberos]] can be used to authenticate users accessing a remote CUPS server. This assumes that your machine has a keytab and it will need a ticket for "HTTP". Instead of using {{ic|<nowiki>http://localhost:631</nowiki>}} you must use {{ic|<nowiki>https://host.example.co.uk:631</nowiki>}} - encryption is required for auth (hence https) and the full hostname is needed so that Kerberos/Negotiate can work. In addition, the server must be configured in {{ic|/etc/cups/cupsd.conf}} to use a {{ic|DefaultAuthType}} of {{ic|Negotiate}}.<br />
<br />
If you are using [[Samba]]'s winbind NSS support, you can add an AD group name to {{ic|/etc/cups/cups-files.conf}} - in the following example {{ic|sysadmin}} might be an AD group: <br />
SystemGroup sys root sysadmin<br />
<br />
==Troubleshooting==<br />
<br />
See [[CUPS/Troubleshooting]] for general troubleshooting tips.<br />
<br />
===Cannot print with GTK applications===<br />
If you get a ''getting printer information failed'' message when you try to print from GTK applications, add this line to your {{ic|/etc/hosts}}:<br />
# serverip some.name.org ServersHostname<br />
<br />
=== Permission errors on Windows ===<br />
<br />
Some users fixed 'NT_STATUS_ACCESS_DENIED' (Windows clients) errors by using a slightly different syntax:<br />
smb://workgroup/username:password@hostname/printer_name<br />
<br />
==Other operating systems==<br />
More information on interfacing CUPS with other printing systems can be found in the CUPS manual, e.g. on http://localhost:631/help/network.html</div>Avi9526https://wiki.archlinux.org/index.php?title=CUPS/Printer_sharing&diff=524916CUPS/Printer sharing2018-06-05T19:11:08Z<p>Avi9526: /* Sharing via IPP */ mention another generic postscript driver</p>
<hr />
<div>[[Category:Printers]]<br />
[[ja:CUPS/プリンター共有]]<br />
[[ru:CUPS/Printer sharing]]<br />
[[zh-hans:CUPS/Printer sharing]]<br />
{{Related articles start}}<br />
{{Related|Samba}}<br />
{{Related|CUPS}}<br />
{{Related articles end}}<br />
<br />
This article contains instruction on sharing printers between systems, be it between two GNU/Linux systems or between a GNU/Linux system and Microsoft Windows. <br />
<br />
==Between GNU/Linux systems==<br />
<br />
The server can be configured using either the web interface or by manually editing {{ic|/etc/cups/cupsd.conf}}.<br />
To configure the client, see [[CUPS]].<br />
<br />
===Using the web interface===<br />
<br />
Open up the web interface to the server, select the ''Administration'' tab, look under the ''Server'' heading, and enable the "Share printers connected to this system" option. Save your change by clicking on the ''Change Settings'' button. The server will automatically restart.<br />
<br />
For more complex configurations, you can directly edit the {{ic|/etc/cups/cupsd.conf}} file by selecting ''Edit Configuration File''. See [[#Manual setup]] for more information.<br />
<br />
===Manual setup===<br />
<br />
On the server computer (the one directly connected to the printer), allow access to the server by modifying the location directive. For instance:<br />
{{hc|/etc/cups/cupsd.conf|<br />
<Location /><br />
Order allow,deny<br />
Allow localhost<br />
Allow 192.168.0.*<br />
</Location><br />
...<br />
}}<br />
<br />
Also make sure the server is listening on the IP address the client will use:<br />
{{hc|/etc/cups/cupsd.conf|<br />
...<br />
Listen <hostname>:631<br />
...<br />
}}<br />
<br />
There are more configuration possibilities, including automatic methods, which are described in detail in [https://www.cups.org/doc/network.html Using Network Printers] and {{man|5|cupsd.conf}}.<br />
<br />
After making any modifications, [[restart]] the {{ic|org.cups.cupsd}} service.<br />
<br />
If CUPS is started using socket activation, create a [[drop-in snippet]] for {{ic|org.cups.cupsd.socket}} so that socket activation also works for remote connections:<br />
{{hc|/etc/systemd/system/org.cups.cupsd.socket.d/override.conf|<nowiki><br />
[Socket]<br />
ListenStream=631<br />
</nowiki>}}<br />
<br />
===Enabling browsing===<br />
<br />
To enable browsing (shared printer discovery), [[Avahi]] must be installed and running on the server.<br />
If you do not need printer discovery, Avahi is not required on either the server or the client.<br />
<br />
To enable browsing, either select ''Share printers connected to this system'' in the web interface, or manually turn on Browsing and set the BrowseAddress:<br />
{{hc|/etc/cups/cupsd.conf|<br />
...<br />
Browsing On<br />
BrowseAddress 192.168.0.*:631<br />
...<br />
}}<br />
and [[restart]] the {{ic|org.cups.cupsd}} service.<br />
<br />
Note that "browsing" at the print server is a different thing from "browsing" at a remote networked host. On the print server, {{ic|cupsd}} provides the DNS-SD protocol support which the {{ic|avahi-daemon}} broadcasts. The {{ic|cups-browsed}} service is unnecessary on the print server, unless also broadcasting the old CUPS protocol, or the print server is also "browsing" for other networked printers. On the remote networked host, the {{ic|cups-browsed}} service is ''required'' to "browse" for network broadcasts of print services, and running {{ic|cups-browsed}} will also automatically start {{ic|cupsd}}.<br />
<br />
The {{ic|org.cups.cupsd.service}} service will be automatically started when a USB printer is plugged in, however this may not be the case for other connection types. If {{ic|cupsd}} is not running, {{ic|avahi-daemon}} does not broadcast the print services, so in that case the systemd unit service file must be modified to start on boot, and then the service must again be "enabled/installed" with the new dependency. To do this, [[edit]] the service file {{ic|[Install]}} section to add a {{ic|1=WantedBy=default.target}} dependency, and then [[enable]] and [[start]] the {{ic|org.cups.cupsd.service}} service.<br />
<br />
==Between GNU/Linux and Windows==<br />
<br />
===Linux server - Windows client===<br />
<br />
====Sharing via IPP====<br />
<br />
The '''preferred way''' to connect a Windows client to a Linux print server is using [[wikipedia:Internet_Printing_Protocol|IPP]], as the configuration is simpler than using Samba. It is a standard printer protocol based on HTTP, allowing you to use port forwarding, tunneling etc.<br />
IPP has been natively supported by Windows since Windows 2000.<br />
{{Note|You may have to add the Internet Printing Client to Windows (''Control Panel > Programs > Turn Windows features on or off > Print and Document Services'')}}<br />
<br />
First, configure the server as described in the section [[#Between GNU/Linux systems]].<br />
<br />
On the Windows computer, go to ''Control Panel > Devices and Printers'' and choose 'Add a printer'. If on Windows 10, click "The printer that I want isn't listed". Next, choose 'Select a shared printer by name' and type in the location of the printer:<br />
<br />
http://''hostname'':631/printers/''printer_name''<br />
<br />
(where ''hostname'' is the GNU/Linux server's hostname or IP address and ''printer_name'' is the name of the print queue being connected to. You can also use the server's fully qualified domain name, if it has one, but you may need to set {{ic|ServerAlias my_fully_qualified_domain_name}} in {{ic|/etc/cups/cupsd.conf}} for this to work).<br />
<br />
{{Note|<br />
* The 'Add Printer' dialog in Windows suggests the format {{ic|<nowiki>http://computername/printers/printername/.printer</nowiki>}}, which it will not accept. Instead, use the syntax suggested above.<br />
* If you are using a proxy carefully check any used proxy '''exclusions'''. A wrong setting here may result in you being unable to add a printer until the next reboot even if you disable the proxy afterwards (at least on Windows 7).}}<br />
<br />
After this, install the native printer drivers for your printer on the Windows computer. If the CUPS server's print queue is set up to use its own printer drivers instead of as a {{ic|raw}} queue, you can just select a generic postscript printer driver for the Windows client (e.g. 'HP Color LaserJet 8500 PS' or 'Xerox DocuTech 135 PS2' or 'Microsoft PS Class driver').<br />
<br />
====Sharing via Samba====<br />
<br />
If your client's Windows version is below Windows 2000 or if you experienced troubles with IPP you can also use Samba for sharing.<br />
Note of course that with Samba this involves another complex piece of software. This makes this way '''more difficult to configure''' and thus sometimes also '''more error-prone''', mostly due to authentication problems.<br />
<br />
To configure Samba on the Linux server, edit {{ic|/etc/samba/smb.conf}} file to allow access to printers. File {{ic|smb.conf}} can look something like this:<br />
{{hc|/etc/samba/smb.conf|2=<br />
[global]<br />
workgroup=Heroes<br />
server string=Arch Linux Print Server<br />
security=user<br />
<br />
[printers]<br />
comment=All Printers<br />
path=/var/spool/samba<br />
browseable=yes<br />
# to allow user 'guest account' to print.<br />
guest ok=no<br />
writable=no<br />
printable=yes<br />
create mode=0700<br />
write list=@adm root yourusername<br />
}}<br />
<br />
That should be enough to share the printer, yet adding an individual printer entry may be desirable:<br />
{{hc|/etc/samba/smb.conf|2=<br />
[ML1250]<br />
comment=Samsung ML-1250 Laser Printer<br />
printer=ml1250<br />
path=/var/spool/samba<br />
printing=cups<br />
printable=yes<br />
printer admin=@admin root yourusername<br />
user client driver=yes<br />
# to allow user 'guest account' to print.<br />
guest ok=no<br />
writable=no<br />
write list=@adm root yourusername<br />
valid users=@adm root yourusername<br />
}}<br />
<br />
Please note that this assumes configuration was made so that users must have a valid account to access the printer. To have a public printer, set ''guest ok'' to ''yes'', and remove the ''valid users'' line. To add accounts, set up a regular GNU/Linux account and then set up a Samba password on the server. For instance:<br />
# useradd yourusername<br />
# smbpasswd -a yourusername<br />
<br />
<!--<br />
After setting up all the needed user accounts, the samba spool directory also needs configuration:<br />
{{bc|<br />
# mkdir /var/spool/samba<br />
# chmod 777 /var/spool/samba<br />
}}<br />
<br />
The next items that need changing are {{ic|/etc/cups/mime.convs}} and {{ic|/etc/cups/mime.types}}:<br />
<br />
{{ic|mime.convs}}:<br />
{{bc|<br />
# The following line is found at near the end of the file. Uncomment it.<br />
application/octet-stream application/vnd.cups-raw 0 -<br />
}}<br />
<br />
{{ic|mime.types}}:<br />
{{bc|<br />
# Again near the end of the file.<br />
application/octet-stream<br />
}}<br />
<br />
The changes to {{ic|mime.convs}} and {{ic|mime.types}} are needed to make CUPS print Microsoft Office document files. Many users seem to need that.<br />
--><br />
<br />
After this, restart the Samba daemon.<br />
<br />
Obviously, there are a lot of tweaks and customizations that can be done with setting up a Samba print server, so it is advised to look at the Samba and CUPS documentation for more help. The {{ic|smb.conf.example}} file also has some good samples that might warrant imitating.<br />
<br />
===Windows server - Linux client===<br />
{{Warning|Any special characters in the printer URIs need to be appropriately quoted, or, if your Windows printer name or user passwords have spaces, CUPS will throw a "lpadmin: Bad device-uri" error.<br />
For example:<br />
<code>smb://BEN-DESKTOP/HP Color LaserJet CP1510 series PCL6</code><br />
<br />
becomes:<br />
<br />
<code>smb://BEN-DESKTOP/HP%20Color%20LaserJet%20CP1510%20series%20PCL6</code><br />
<br />
This result string can be obtained by running the following command:<br />
$ python -c 'from urllib.parse import quote; print("smb://" + quote("BEN-DESKTOP/HP Color LaserJet CP1510 series PCL6"))'<br />
}}<br />
<br />
====Sharing via LPD====<br />
<br />
Windows 7, 8 and 10 have a built-in LPD server - using it will probably be the easiest approach as it does neither require an installation of ''Samba'' on the client nor heavy configuration on the server. It can be activated in the ''Control Panel'' under ''Programs'' -> ''Activate Windows functions'' in the section ''Print services''. The printer must have ''shared'' activated in its properties. Use a share name without any special characters like spaces, commas, etc.<br />
<br />
Then the printer can be added in CUPS, choosing LPD protocol. The printer address will look like this:<br />
<br />
# lpd://windowspc/printersharename<br />
<br />
Before adding the printer, you will most likely have to install an appropriate printer driver depending on your printer model. Generic PostScript or RAW drivers might also work.<br />
<br />
====Sharing via IPP====<br />
<br />
As above, IPP is also the '''preferred''' protocol for printer sharing although it '''only works with Windows Server versions'''. Windows Server versions (e.g. Server 2016) include IPP support ("Print and Document Services" role, "Internet Printing" service). Client versions (e.g. Windows 10), only include the IPP client, and '''do not support sharing through IPP'''.<br />
<br />
====Sharing via Samba====<br />
<br />
A '''much simpler way''' is using Window's native printer sharing via Samba. There is almost no configuration needed, and all of it can be done from the CUPS Backend. As above noted, if there are any problems the reason is mostly related to authentication trouble and Windows access restrictions.<br />
<br />
On the server side enable sharing for your desired printer and ensure that the user on the client machine has the right to access the printer.<br />
<br />
The following section describes how to set up the client, assuming that both daemons (cupsd and smbd) are running.<br />
<br />
=====Configuration using the web interface=====<br />
<br />
The Samba CUPS back-end is enabled by default, if for any reason it is not activate it by entering the following command and restarting CUPS.<br />
# ln -s $(which smbspool) /usr/lib/cups/backend/smb<br />
<br />
Next, simply log in on the CUPS web interface and choose to add a new printer. As a device choose "Windows Printer via SAMBA".<br />
<br />
For the device location, enter:<br />
smb://username:password@hostname/printer_name<br />
<br />
Or without a password:<br />
smb://username@hostname/printer_name<br />
<br />
Make sure that the user actually has access to the printer on the Windows computer and select the appropriate drivers. If the computer is located on a domain, make sure the URI includes the domain: <br />
smb://username:password@domain/hostname/printer_name<br />
<br />
=====Manual configuration=====<br />
<br />
{{Accuracy|This should probably use lpadmin instead of editing the config file}}<br />
<br />
For manual configuration stop the CUPS daemon and add your printer to {{ic|/etc/cups/printers.conf}}, which might for example look like this<br />
{{hc|/etc/cups/printers.conf|2=<br />
<DefaultPrinter MyPrinter><br />
AuthInfoRequired username,password<br />
Info My printer via SAMBA<br />
Location In my Office<br />
MakeModel Samsung ML-1250 - CUPS+Gutenprint v5.2.7 # <= use 'lpinfo -m' to list available models<br />
DeviceURI smb://username:password@hostname/printer_name # <= server URI as described in previous section<br />
State Idle<br />
Type 4<br />
Accepting Yes<br />
Shared No<br />
JobSheets none none<br />
QuotaPeriod 0<br />
PageLimit 0<br />
KLimit 0<br />
AllowUser yourusername # <= do not forget to change this<br />
OpPolicy default<br />
ErrorPolicy stop-printer<br />
</Printer><br />
}}<br />
<br />
Then restart the CUPS daemon and try to print a test page.<br />
<br />
=====Finding URIs for Windows print servers=====<br />
<br />
Sometimes Windows is a little less than forthcoming about exact device URIs (device locations). If having trouble specifying the correct device location in CUPS, run the following command to list all shares available to a certain windows username:<br />
$ smbtree -U ''windowsusername''<br />
This will list every share available to a certain Windows username on the local area network subnet, as long as Samba is set up and running properly. It should return something like this:<br />
{{bc| WORKGROUP<br />
\\REGULATOR-PC <br />
\\REGULATOR-PC\Z <br />
\\REGULATOR-PC\Public <br />
\\REGULATOR-PC\print$ Printer Drivers<br />
\\REGULATOR-PC\G <br />
\\REGULATOR-PC\EPSON Stylus CX8400 Series EPSON Stylus CX8400 Series}}<br />
What is needed here is first part of the last line, the resource matching the printer description. So to print to the EPSON Stylus printer, one would enter:<br />
smb://username.password@REGULATOR-PC/EPSON Stylus CX8400 Series<br />
as the URI into CUPS.<br />
<br />
==Remote administration==<br />
<br />
Once the server is set up as described in [[#Between GNU/Linux systems]], it can also be configured so that it can be remotely administered. Add the allowed hosts to the {{ic|<Location /admin>}} block in {{ic|/etc/cups/cupsd.conf}}, using the same syntax as described in [[#Manual setup]]. Note that three levels of access can be granted:<br />
<br />
<Location /> #access to the server<br />
<Location /admin> #access to the admin pages<br />
<Location /admin/conf> #access to configuration files<br />
<br />
To give remote hosts access to one of these levels, add an {{ic|Allow}} statement to that level's section. An {{ic|Allow}} statement can take one or more of the forms listed below:<br />
Allow from all<br />
Allow from host.domain.com<br />
Allow from *.domain.com<br />
Allow from ip-address<br />
Allow from ip-address/netmask<br />
Allow from @LOCAL<br />
<br />
Deny statements can also be used. For example, to give full access to all hosts on your local network interfaces, edit {{ic|/etc/cups/cupsd.conf}} to include this:<br />
# Restrict access to the server...<br />
# By default only localhost connections are possible<br />
<Location /><br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
# Restrict access to the admin pages...<br />
<Location /admin><br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
# Restrict access to configuration files...<br />
<Location /admin/conf><br />
AuthType Basic<br />
Require user @SYSTEM<br />
Order allow,deny<br />
'''Allow from @LOCAL'''<br />
</Location><br />
<br />
{{Accuracy|CUPS generates a certificate automatically so this should not be an issue}}<br />
<br />
You might also need to add:<br />
<br />
DefaultEncryption Never<br />
<br />
This should avoid the error: 426 - Upgrade Required when using the CUPS web interface from a remote machine.<br />
<br />
=== Kerberos ===<br />
<br />
[[Kerberos]] can be used to authenticate users accessing a remote CUPS server. This assumes that your machine has a keytab and it will need a ticket for "HTTP". Instead of using {{ic|<nowiki>http://localhost:631</nowiki>}} you must use {{ic|<nowiki>https://host.example.co.uk:631</nowiki>}} - encryption is required for auth (hence https) and the full hostname is needed so that Kerberos/Negotiate can work. In addition, the server must be configured in {{ic|/etc/cups/cupsd.conf}} to use a {{ic|DefaultAuthType}} of {{ic|Negotiate}}.<br />
<br />
If you are using [[Samba]]'s winbind NSS support, you can add an AD group name to {{ic|/etc/cups/cups-files.conf}} - in the following example {{ic|sysadmin}} might be an AD group: <br />
SystemGroup sys root sysadmin<br />
<br />
==Troubleshooting==<br />
<br />
See [[CUPS/Troubleshooting]] for general troubleshooting tips.<br />
<br />
===Cannot print with GTK applications===<br />
If you get a ''getting printer information failed'' message when you try to print from GTK applications, add this line to your {{ic|/etc/hosts}}:<br />
# serverip some.name.org ServersHostname<br />
<br />
=== Permission errors on Windows ===<br />
<br />
Some users fixed 'NT_STATUS_ACCESS_DENIED' (Windows clients) errors by using a slightly different syntax:<br />
smb://workgroup/username:password@hostname/printer_name<br />
<br />
==Other operating systems==<br />
More information on interfacing CUPS with other printing systems can be found in the CUPS manual, e.g. on http://localhost:631/help/network.html</div>Avi9526https://wiki.archlinux.org/index.php?title=Router&diff=467864Router2017-02-07T06:11:42Z<p>Avi9526: /* Hardware Requirements */ tell about router-on-a-stick</p>
<hr />
<div>[[Category:Network sharing]]<br />
[[Category:Security]]<br />
[[ja:ルーター]]<br />
[[zh-hans:Router]]<br />
{{Poor writing|The introduction states that this page "focuses on ''security''", but 99% is plain system configuration. It also needs massive deduplication, security is already covered [[Simple stateful firewall|elsewhere]].}}<br />
<br />
This article is a tutorial for turning a computer into an internet gateway/router. It focuses on ''security'', since the gateway is connected directly to the Internet. It should not run '''any''' services available to the outside world. Towards the LAN, it should only run gateway specific services. It should not run httpd, ftpd, samba, nfsd, etc. as those belong on a server in the LAN as they introduce security flaws.<br />
<br />
This article does not attempt to show how to set up a shared connection between 2 PCs using cross-over cables. For a simple internet sharing solution, see [[Internet sharing]].<br />
<br />
==Hardware Requirements==<br />
* At least 1 GB of hard drive space. The base install will take up around 500MB of space and if you want to use a caching web proxy, you will need to reserve space for the cache as well.<br />
* At least two physical network interfaces: a gateway connects two networks with each other (actually router can be made using single physical interface that underlay two VLAN interfaces and connected to VLAN-aware switch, so-called router-on-a-stick configuration, but it is not covered in this article). You will need to be able to connect those networks to the same physical computer. One interface must connect to the external network, while the other connects to the internal network.<br />
* A hub, switch or UTP cable: You need a way to connect the other computers to the gateway<br />
<br />
==Conventions==<br />
Conventions in this guide will be to use non-realistic interface names, to avoid confusion about which interface is which.<br />
<br />
* '''intern0''': the network card connected to the LAN. On an actual computer it will probably have the name enp2s0, enp1s1, etc.<br />
* '''extern0''': the network card connected to the external network (or WAN). It will probably have the name enp2s0, enp1s1, etc.<br />
<br />
==Network interface configuration==<br />
<br />
===Persistent naming and Interface renaming===<br />
Systemd automatically chooses unique interface names for all your interfaces. These are persistent and will not change when you reboot. If you would like to rename interface to user friendlier names read [[Network configuration#Device names]].<br />
<br />
===IP configuration===<br />
Now you will need to configure the network interfaces. The best way to do so is using [[netctl]] profiles. You will need to create two profiles.<br />
{{Note|If you will be connecting to the Internet only via PPPoE (you have one WAN port) you '''do not need''' to setup or enable the extern0-profile. See below for more information on configuring PPPoE.}}<br />
* {{ic|/etc/netctl/extern0-profile}}<br />
Description='Public Interface.'<br />
Interface=extern0<br />
Connection=ethernet<br />
IP='dhcp'<br />
<br />
* {{ic|/etc/netctl/intern0-profile}}<br />
Description='Private Interface'<br />
Interface=intern0<br />
Connection=ethernet<br />
IP='static'<br />
Address=('10.0.0.1/24')<br />
<br />
{{Note|The example configuration above assumes a full subnet. If you are building the gateway for a small amount of people, you will want to change the CIDR suffix to accommodate a smaller range. For example /27 will give you 10.0.0.1 to 10.0.0.30. You can find many CIDR calculators online.}}<br />
<br />
Next up is to set up the interfaces with netctl.<br />
# netctl enable extern0-profile<br />
# netctl enable intern0-profile<br />
<br />
==ADSL connection/PPPoE==<br />
Using rp-pppoe, we can connect an ADSL modem to the {{ic|extern0}} interface of the firewall and have Arch manage the connection. Make sure you put the modem in ''bridged'' mode though (either half-bridge or RFC1483), otherwise the modem will act as a router too. [[Install]] the {{pkg|rp-pppoe}} package.<br />
<br />
It should be noted that if you use only PPPoE to connect to the internet (ie. you do not have other WAN port, except for the one that connects to your modem) you do not need to set up the {{ic|extern0-profile}} as the external pseudo-interface will be ppp0.<br />
<br />
===PPPoE configuration===<br />
You can use netctl to setup the pppoe connection. To get started<br />
# cp /etc/netctl/examples/pppoe /etc/netctl/<br />
and start editing. For the interface configuration choose the interface that connects to the modem. If you only connect to the internet through PPPoE this will probably be {{ic|extern0}}. Fill in the rest of the fields with your ISP information. See the pppoe section in netctl.profile man page for more information on the fields.<br />
<br />
==DNS and DHCP==<br />
We will use [[dnsmasq]], a DNS and DHCP daemon for the LAN. It was specifically designed for small sites. [[Install]] it with the {{Pkg|dnsmasq}} package.<br />
<br />
Dnsmasq needs to be configured to be a DHCP server. To do this, edit {{ic|/etc/dnsmasq.conf}}:<br />
{{bc|<nowiki><br />
interface=intern0 # make dnsmasq listen for requests only on intern0 (our LAN)<br />
expand-hosts # add a domain to simple hostnames in /etc/hosts<br />
domain=foo.bar # allow fully qualified domain names for DHCP hosts (needed when<br />
# "expand-hosts" is used)<br />
dhcp-range=10.0.0.2,10.0.0.255,255.255.255.0,1h # defines a DHCP-range for the LAN: <br />
# from 10.0.0.2 to .255 with a subnet mask of 255.255.255.0 and a<br />
# DHCP lease of 1 hour (change to your own preferences)<br />
</nowiki>}}<br />
<br />
Somewhere below, you will notice you can also add "static" DHCP leases, i.e. assign an IP-address to the MAC-address of a computer on the LAN. This way, whenever the computer requests a new lease, it will get the same IP. That is very useful for network servers with a DNS record. You can also deny certain MAC's from obtaining an IP.<br />
<br />
Now [[start]] {{ic|dnsmasq.service}}.<br />
<br />
==Connection sharing==<br />
<br />
Time to tie the two network interfaces to each other.<br />
<br />
This can be done with Shorewall. See [[Shorewall]] for detailed configuration.<br />
<br />
==IPv6 tips==<br />
<br />
{{Merge|IPv6|Merge into the main article, the topic is not specific to ''router configuration''. The wording should be probably changed along the way.}}<br />
<br />
Useful reading: [[IPv6]] and the [[wikipedia:IPv6]].<br />
<br />
=== Unique Local Addresses ===<br />
<br />
You can use your router in IPv6 mode even if you do not have an IPv6 address from your ISP. Unless you disable IPv6 all interfaces should have been assigned a unique {{ic|fe80::/10}} address.<br />
<br />
For internal networking the block {{ic|fc00::/7}} has been reserved. These addresses are guaranteed to be unique and non-routable from the open internet. Addresses that belong to the {{ic|fc00::/7}} block are called [[wikipedia:Unique_local_address|Unique Local Addresses]]. To get started [http://www.simpledns.com/private-ipv6.aspx generate a ULA /64 block] to use in your network. For this example we will use {{ic|fd00:aaaa:bbbb:cccc::/64}}. Firstly we must assign a static IPv6 on the internal interface. Modify the {{ic|intern0-profile}} we created above to include the following line<br />
<br />
IPCustom=('-6 addr add fd00:aaaa:bbbb:cccc::1/64 dev intern0')<br />
<br />
This will add the ULA to the internal interface. As far as the router goes, this is all you need to configure.<br />
<br />
=== Global Unicast Addresses ===<br />
<br />
If your ISP or WAN network can access the IPv6 Internet you can additionally assign global link addresses to your router and propagate them through SLAAC to your internal network. The global unicast prefix is usually either ''static'' or provided through ''prefix delegation''.<br />
<br />
==== Static IPv6 prefix ====<br />
<br />
If your ISP has provided you with a static prefix then edit {{ic|/etc/netctl/extern0-profile}} and simply add the IPv6 and the IPv6 prefix (usually /64) you have been provided<br />
<br />
IPCustom=('-6 addr add 2002:1:2:3:4:5:6:7/64 dev extern0')<br />
<br />
You can use this in addition to the ULA address described above.<br />
<br />
====Acquiring IPv6 prefix via DHCPv6-PD====<br />
<br />
If your ISP handles IPv6 via prefix delegation then you can follow the instructions in the [[IPv6#Prefix_delegation_.28DHCPv6-PD.29|main IPv6 article]] on how to properly configure your router. Following the conventions of this article the WAN interface is {{ic|extern0}} (or {{ic|ppp0}} if you are connecting through PPPoE) and the LAN interface is {{ic|intern0}}.<br />
<br />
=== Router Advertisement and Stateless Autoconfiguration (SLAAC) ===<br />
<br />
To properly hand out IPv6s to the network clients we will need to use an advertising daemon. Follow the details of the [[IPv6#For_gateways|main IPv6 article]] on how to setup {{ic|radvd}}. Following the convention of this guide the LAN facing interfaces is {{ic|intern0}}. You can either advertise all prefixes or choose which prefixes will be assigned to the local network.<br />
<br />
==Optional additions==<br />
<br />
===UPnP===<br />
The above configuration of shorewall does not include [[Wikipedia:UPnP|UPnP]] support. Use of UPnP is discouraged as it may make the gateway vulnerable to attacks from within the LAN. However, some applications require this to function correctly.<br />
<br />
To enable UPnP on your router, you need to install an UPnP Internet gateway daemon (IGD). To get it, install {{Pkg|miniupnpd}} from the [[official repositories]].<br />
<br />
Read the [http://www.shorewall.net/UPnP.html Shorewall guide on UPnP] for more information<br />
<br />
===Remote administration===<br />
<br />
[[OpenSSH]] can be used to administer your router remotely. This is useful for running it "headless" (no monitor or input devices).<br />
<br />
=== Caching web proxy ===<br />
<br />
See [[Squid]] or [[Polipo]] for the setup of a web proxy to speed up browsing and/or adding an extra layer of security.<br />
<br />
=== Time server ===<br />
To use the router as a time server, see [[Network Time Protocol daemon]].<br />
<br />
Then, configure shorewall or iptables to allow NTP traffic in and out.<br />
<br />
=== Content filtering ===<br />
<br />
Install and configure [[DansGuardian]] or [[Privoxy]] if you need a content filtering solution.<br />
<br />
=== Traffic shaping ===<br />
<br />
Traffic shaping is very useful, especially when you are not the only one on the LAN. The idea is to assign a priority to different types of traffic. Interactive traffic (ssh, online gaming) probably needs the highest priority, while P2P traffic can do with the lowest. Then there is everything in between.<br />
<br />
==== Traffic shaping with shorewall ====<br />
See [[Shorewall#Traffic shaping]]<br />
<br />
==See also==<br />
*[[Simple stateful firewall]]<br />
*[[Internet sharing]]</div>Avi9526https://wiki.archlinux.org/index.php?title=Firefox/Tweaks&diff=467557Firefox/Tweaks2017-02-03T17:54:54Z<p>Avi9526: hide fullscreen warning</p>
<hr />
<div>[[Category:Web browser]]<br />
[[ja:Firefox 設定]]<br />
[[tr:Firefox İpuçları]]<br />
{{Related articles start}}<br />
{{Related|Firefox}}<br />
{{Related|Browser plugins}}<br />
{{Related|Firefox/Profile on RAM}}<br />
{{Related|Firefox/Privacy}}<br />
{{Related articles end}}<br />
<br />
This page contains advanced Firefox configuration options and performance tweaks.<br />
<br />
== Performance ==<br />
<br />
Improving Firefox's performance is divided into parameters that can be inputted while running Firefox or otherwise modifying its configuration as intended by the developers, and advanced procedures that involve foreign programs or scripts.<br />
<br />
{{Note|Listed options may only be available for the latest version of Firefox.}}<br />
<br />
=== Advanced Firefox options ===<br />
This section contains advanced Firefox options for performance tweaking. For additional information see [http://kb.mozillazine.org/Category:Tweaking_preferences these Mozillazine forum posts].<br />
<br />
==== Enable OpenGL Off-Main-Thread Compositing (OMTC) ====<br />
<br />
{{Warning|If OpenGL OMTC is disabled for a specific hardware, it may be due to stability issues, high system resources consumption, driver bugs or a number of different variables. Proceed with force-enabling it at your own risk.}}<br />
{{Note|Since Firefox version 40 basic software OMTC is enabled by default except on machines mentioned above.}}<br />
<br />
To enable OpenGL OMTC go to {{ic|about:config}} and set:<br />
* {{ic|layers.acceleration.force-enabled true}}<br />
<br />
Restart Firefox for changes to take effect.<br />
<br />
To check if OpenGL OMTC is enabled, go to {{ic|about:support}} and under the "Graphics" section look for "Compositing". If it reports "Basic", OpenGL OMTC is disabled; if it reports "OpenGL" it is enabled.<br />
<br />
If the above changes do not enable GPU acceleration, try setting the environment variable as follows: {{ic|1=export MOZ_USE_OMTC=1|2==}}. Then run Firefox [http://featherweightmusings.blogspot.se/2013/11/no-more-main-thread-opengl-in-firefox.html].<br />
<br />
For more information on OMTC in Firefox read here: https://wiki.mozilla.org/Platform/GFX/OffMainThreadCompositing<br />
<br />
==== Set AzureContentBackend to Skia instead of Cairo ====<br />
{{Note|Since Firefox 51 skia is the default content backend}}<br />
[https://skia.org/ Skia] is a 2D open-source graphics library to eventually supersede Cairo as the default Azure backend on Linux.<br />
<br />
To set Skia as the default go to {{ic|about:config}} and set:<br />
* {{ic|gfx.content.azure.backends skia,cairo}}<br />
<br />
Restart Firefox for changes to take effect.<br />
<br />
To confirm the default Azure backend go to {{ic|about:support}} and under the "Graphics" section look for "AzureContentBackend" and check if it reports "skia".<br />
<br />
==== Enable Accelerated Azure Canvas ====<br />
To go {{ic|about:config}} accept the warning, right click and create a new boolean value. Set the name as {{ic|gfx.canvas.azure.accelerated}} and set it to true.<br />
<br />
To verify restart firefox then go to {{ic|about:support}} and search for AzureCanvasAccelerated which should be set to 1.<br />
<br />
==== Network settings ====<br />
<br />
Advanced network settings can be found on the {{ic|about:config}} page (try searching for ''network'').<br />
<br />
{| class="wikitable"<br />
|+ Suggested values<br />
! Key || Value || Description<br />
|-<br />
| network.http.pipelining || true || Enable [[w:HTTP_pipelining|HTTP pipelining]] for normal connections<br />
|-<br />
| network.http.pipelining.ssl || true || Enable HTTP pipelining for SSL connections<br />
|-<br />
| network.http.proxy.pipelining || true || Enable HTTP pipelining for proxy connections<br />
|}<br />
<br />
==== Stop urlclassifier3.sqlite from being created again ====<br />
Removing all {{ic|urlclassifier*}} files can prevent the use of megabytes of storage in your firefox profile. If you remove all the {{ic|urlclassifier*}} files, you may find out that {{ic|urlclassifier3.sqlite}} keeps growing again after a certain time. Here is a simple solution to avoid it for now and ever.<br />
<br />
$ cd ~/.mozilla/firefox/<profile_dir><br />
$ echo "" > urlclassifier3.sqlite<br />
$ chmod 400 urlclassifier3.sqlite<br />
<br />
This effectively makes the file empty and then read-only so Firefox cannot write to it anymore.<br />
<br />
==== Turn off OCSP validation ====<br />
OCSP validation may cause Firefox [http://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html to become slower] for each (HTTPS) connection to a new server. This is worse, recently, where web gadgets are included in pages via HTTPS (e.g., "like" buttons of the social networks), resulting in many connections for a single URL.<br />
<br />
* Turn off the following option under Preferences -> Advanced -> Certificates -> ''"Requests: Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"''.<br />
<br />
{{Warning|Disabling OCSP causes vulnerabilities to man-in-the-middle attacks. If you are using a potentially vulnerable connection such as Wi-Fi or VPN, it is strongly advised to leave OCSP on.}}<br />
<br />
==== Turn off the disk cache ====<br />
Every object loaded (html pages, jpeg images, css stylesheets, gif banners) is saved in the Firefox cache, to be loaded in the future without to download it again from the server, but only fraction of these objects will be really reused without download (usually the 30%). This because of too short expiration times for the objects, updates or simply the user behavior (to load new pages instead the ones already visited). The Firefox cache is divided in memory and disk cache and using the disk cache results to frequent disk writes, because every time an object loaded it is written to the disk and some older object is removed.<br />
<br />
* Turn on the following option under Preferences -> Advanced -> Network -> ''"Cached Web Content: Override automatic cache management"'' and specify zero in ''"Limit cache to"''.<br />
<br />
==== Longer interval to save session ====<br />
The Firefox session store automatically saves the current status (opened urls, cookies, history and bookmarks) to the disk every 15 seconds. It may be too frequent for the user needs, resulting in a frequent disk access. <br />
<br />
This setting can be found on the {{ic|about:config}} page (try searching for ''sessionstore'').<br />
<br />
* browser.sessionstore.interval 300000<br />
<br />
If you want to disable this feature, then you will need to change the following setting from true to false.<br />
<br />
* browser.sessionstore.resume_from_crash false<br />
<br />
==== Immediate rendering of pages ====<br />
Mozilla applications render web pages incrementally - they display what has been received of a page before the entire page has been downloaded. Since the start of a web page normally does not have much useful information to display, Mozilla applications will wait a short interval before first rendering a page. This preference controls that interval. Note that if you are on slower connections (dial up) changing this setting might make web pages load for longer times even though the page appears faster.<br />
<br />
This setting can be created in the {{ic|about:config}} page as <br />
<br />
* nglayout.initialpaint.delay with a value of 0.<br />
<br />
==== Referer header control ====<br />
Firefox as of version 28 has the ability to control how the HTTP Referer header is send. The options are hidden from the GUI configuration, but available through {{ic|about:config}}. There are [http://security.stackexchange.com/a/80194 four related keys]. The source post mentions recommended and default settings. A short description of the recommended setting is given in table, as well as the values to achieve a perfect score on [https://ip-check.info ip-check.info].<br />
<br />
{| class="wikitable"<br />
|+ Suggested values<br />
! Key || Recommended || [https://ip-check.info ip-check.info] || Default || Description<br />
|-<br />
| network.http.sendRefererHeader || 1 || 1 || 2 || Only for clicked links (0 disabled completely, 1 send referer on link click, 2 always send; incl. images)<br />
|-<br />
| network.http.referer.XOriginPolicy || 1 || 1 || 0 || Only if base domains match (0 always send, 2 only if host matches)<br />
|-<br />
| network.http.referer.spoofSource || true || false || false || Send target URI instead <br />
|-<br />
| network.http.referer.trimmingPolicy || 2 || 0 || 0 || scheme, host and port (0 full; 1 scheme, host port and path)<br />
|}<br />
<br />
==== Defragment the profile's SQLite databases ====<br />
{{Warning|This procedure may damage the databases in such a way that sessions are not saved properly.}}<br />
<br />
In Firefox 3.0, bookmarks, history, passwords are kept in an SQLite databases. SQLite databases become fragmented over time and empty spaces appear all around. But, since there are no managing processes checking and optimizing the database, these factors eventually result in a performance hit. A good way to improve start-up and some other bookmarks and history related tasks is to defragment and trim unused space from these databases.<br />
<br />
{{AUR|profile-cleaner}} does just this.<br />
<br />
{| class="wikitable"<br />
|+ Sample size differences comparison<br />
! SQLite database || Size Before || Size After || % change<br />
|- <br />
|urlclassifier3.sqlite|| 37 M || 30 M || 19 %<br />
|-<br />
|places.sqlite || 16 M || 2.4 M || 85 %<br />
|-<br />
|}<br />
<br />
==== Cache the entire profile into RAM via tmpfs ====<br />
If the system has memory to spare, {{ic|tmpfs}} can be used to [[Firefox on RAM|cache the entire profile directory]], which might result in increased Firefox responsiveness.<br />
<br />
==== Turn off sponsored content and tiles ====<br />
In {{ic|about:config}}, set the string value to a blank for both of these: {{ic|browser.newtabpage.directory.source}} and {{ic|browser.newtabpage.directory.ping}}. Consider also disabling the tile feature from the tools on a new tab page. A [[Wireshark]] session demonstrates the level of chatter created by these features.<br />
<br />
==== Enable Electrolysis ====<br />
In firefox 48 (45 ESR) or later, Electrolysis (multi-process) may be enabled to improve performance and security by setting {{ic|browser.tabs.remote.autostart}} to ''true'' in {{ic|about:config}}. It may be needed to force-enable Electrolysis [https://wiki.mozilla.org/Electrolysis#Force_Enable], although this is generally not recommended and may cause issues.<br />
<br />
To check if Electrolysis is enabled, go to {{ic|about:support}} and under the "Application Basics" section look for "Multiprocess Windows". If it reports "0/1 (Disabled)", Electrolysis is disabled; if it reports "1/1 (Enabled by user)" it is enabled. Note that the given numbers ''*/*'' indicate the number of open Firefox windows, e.g. 0/2 meaning non of the two Firefox-windows are using Electrolysis, and 2/2 means it is enabled for both windows.<br />
<br />
==== Enable HTTP Cache ====<br />
In {{ic|about:config}}, set {{ic|browser.cache.use_new_backend}} from value 0 to 1.<br />
<br />
==== Disable Pocket ====<br />
If you don't use the Pocket-service, you may want to disable it by setting {{ic|extensions.pocket.enabled}} to ''false'' in {{ic|about:config}}.<br />
{{Note|on 45ESR the keys are {{ic|browser.pocket...}}}}<br />
<br />
== Appearance ==<br />
=== Fonts ===<br />
See the main article: [[Font configuration]]<br />
<br />
==== Configure the DPI value ====<br />
Modifying the following value can help improve the way fonts looks in Firefox if the system's DPI is below 96. Firefox, by default, uses 96 and only uses the system's DPI if it is a higher value. To force the system's DPI regardless of its value, type {{ic|about:config}} into the address bar and set {{ic|layout.css.dpi}} to '''0'''.<br />
<br />
Note that the above method only affects the Firefox user interface's DPI settings. Web page contents still use a DPI value of 96, which may look ugly or, in the case of high-resolution displays, may be rendered too small to read. A solution is to change {{ic|layout.css.devPixelsPerPx}} to system's DPI divided by 96. For example, if your system's DPI is 144, then the value to add is 144/96 = 1.5. Changing {{ic|layout.css.devPixelsPerPx}} to '''1.5''' makes web page contents use a DPI of 144, which looks much better.<br />
<br />
See also [[HiDPI#Firefox]] for information about HiDPI displays and [https://www.sven.de/dpi/] for calculating the DPI.<br />
<br />
==== Default font settings from Microsoft Windows ====<br />
Below are the default font preferences when Firefox is installed in Microsoft Windows. Many web sites use the Microsoft fonts.<br />
{{bc|<br />
Proportional: Serif Size (pixels): 16<br />
Serif: Times New Roman<br />
Sans-serif: Arial<br />
Monospace: Courier New Size (pixels): 13<br />
}}<br />
<br />
=== General user interface CSS settings ===<br />
Firefox's user interface can be modified by editing the {{ic|userChrome.css}} and {{ic|userContent.css}} files in {{ic|~/.mozilla/firefox/<profile_dir>/chrome/}} (''profile_dir'' is of the form ''hash.name'', where the ''hash'' is an 8 character, seemingly random string and the profile ''name'' is usually ''default'').<br />
<br />
{{Note|The {{ic|chrome/}} folder and {{ic|userChrome.css}}/{{ic|userContent.css}} files may not necessarily exist, so they may need to be created.}}<br />
<br />
This section only deals with the {{ic|userChrome.css}} file which modifies Firefox's user interface, and not web pages.<br />
<br />
==== Change the font ====<br />
The setting effectively overrides the global GTK+ font preferences, and does not affect webpages, only the user interface itself:<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<br />
* {<br />
font-family: "FONT_NAME";<br />
}<br />
}}<br />
<br />
==== Hide button icons ====<br />
Enables text-only buttons:<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<br />
.button-box .button-icon {<br />
display: none;<br />
}<br />
}}<br />
<br />
==== Hiding various tab buttons ====<br />
These settings hide the arrows that appear to the horizontal edges of the tab bar, the button that toggles the "all tabs" drop-down list, and the plus sign button that creates a new tab.<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<nowiki><br />
/* Tab bar */<br />
<br />
.tabbrowser-strip *[class^="scrollbutton"] {<br />
/* Hide tab scroll buttons */<br />
display: none;<br />
}<br />
<br />
.tabbrowser-strip *[class^="tabs-alltabs"] {<br />
/* Hide tab drop-down list */<br />
display: none;<br />
}<br />
<br />
.tabbrowser-strip *[class^="tabs-newtab-button"] {<br />
/* Hide new-tab button */<br />
display: none;<br />
}</nowiki><br />
}}<br />
<br />
==== Horizontal tabs ====<br />
To place the tab bar horizontally stacked along the sides of the browser window:<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<br />
/* Display the tabbar on the left */<br />
#content > tabbox {<br />
-moz-box-orient: horizontal;<br />
}<br />
<br />
.tabbrowser-strip {<br />
-moz-box-orient: vertical;<br />
/*<br />
* You can set this to -moz-scrollbars-vertical instead,<br />
* but then the scrollbar will *always* be visible. this way<br />
* there is never a scrollbar, so it behaves like the tab bar<br />
* normally does<br />
*/<br />
overflow: -moz-scrollbars-none;<br />
}<br />
<br />
.tabbrowser-tabs {<br />
-moz-box-orient: horizontal;<br />
min-width: 20ex; /* You may want to increase this value */<br />
-mox-box-pack: start;<br />
-moz-box-align: start;<br />
}<br />
<br />
.tabbrowser-tabs > hbox {<br />
-moz-box-orient: vertical;<br />
-moz-box-align: stretch;<br />
-moz-box-pack: start;<br />
}<br />
<br />
.tabbrowser-tabs > hbox > tab {<br />
-moz-box-align: start;<br />
-moz-box-orient: horizontal;<br />
}<br />
}}<br />
<br />
==== Hide window border and title bar ====<br />
Install the [https://addons.mozilla.org/firefox/addon/hide-caption-titlebar-plus-sma/ Hide Caption Titlebar Plus] extension and set the following settings (leaving other settings to default):<br />
{| class="wikitable"<br />
! Option<br />
! Value<br />
|-<br />
| Show Custom Caption/TitleBar<br />
| Never<br />
|-<br />
| Activate custom borders and corner resizers<br />
| Deactivate<br />
|-<br />
| Enable Customizable Buttons (min,max,close)<br />
| Using a Glass-like window background<br />
|-<br />
| Custom Minimize, Max, Close Buttons<br />
| Auto. Current theme's skin (fixed position)<br />
|-<br />
| Drag Fx window using Tab-bar background<br />
| Enable<br />
|-<br />
| Alternative hide-titlebar feature<br />
| Use<br />
|}<br />
<br />
The extension [https://addons.mozilla.org/firefox/addon/classicthemerestorer/ Classic Theme Restorer] provides more tweaking options to get the best result (e.g. set tab height to 28px, enable/disable toolbars/buttons, etc.).<br />
<br />
==== Auto-hide Bookmarks Toolbar ====<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<br />
#PersonalToolbar {<br />
visibility: collapse !important;<br />
}<br />
<br />
#navigator-toolbox:hover > #PersonalToolbar {<br />
visibility: visible !important;<br />
}<br />
}}<br />
<br />
==== Remove sidebar width restrictions ====<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userChrome.css|<br />
/* remove maximum/minimum width restriction of sidebar */<br />
#sidebar {<br />
max-width: none !important;<br />
min-width: 0px !important;<br />
}<br />
}}<br />
<br />
=== Web content CSS settings ===<br />
This section deals with the {{ic|userContent.css}} file in which you can add custom CSS rules for web content. Changes to this file will take effect once the browser is restarted.<br />
<br />
This file can be used for making small fixes or to apply personal styles to frequently visited websites. Custom stylesheets for popular websites are available from sources such as [http://userstyles.org/ userstyles.org]. You can install an add-on such as [https://addons.mozilla.org/firefox/addon/superusercontent/ superUserContent] to manage themes. This add-on creates the directory {{ic|chrome/userContent.css.d}} and applies changes to the CSS files therein when the page is refreshed.<br />
<br />
==== Import other CSS files ====<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userContent.css|<br />
@import url("./imports/some_file.css");<br />
}}<br />
<br />
==== Block certain parts of a domain ====<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userContent.css|<br />
@-moz-document domain(example.com) {<br />
div#header {<br />
background-image: none !important;<br />
} <br />
}<br />
}}<br />
<br />
==== Add [pdf] after links to PDF files ====<br />
{{hc|~/.mozilla/firefox/<profile_dir>/chrome/userContent.css|<nowiki><br />
/* add '[pdf]' next to links to PDF files */<br />
a[href$=".pdf"]:after {<br />
font-size: smaller;<br />
content: " [pdf]";<br />
}</nowiki><br />
}}<br />
<br />
==== Firefox 4 New Menu Bar/Firefox Button ====<br />
To toggle between the new Firefox button and the classic menu bar:<br />
* if the button is active, check ''Preferences > Menu Bar'', or right click in the toolbar area and check ''Menu Bar''.<br />
* if the menu bar is active, uncheck ''View > Toolbars > Menu Bar'', or right click in the toolbar area and uncheck ''Menu Bar''.<br />
<br />
In GNU/Linux, you will just get a plain grey button instead of the new orange one from Windows. However you can change this to either a Firefox icon or the icon followed by the "Firefox" text.<br />
<br />
Adding the following to your {{ic|~/.mozilla/firefox/userprofile/chrome/userChrome.css}} file will place the icon before the text:<br />
{{bc|<br />
#appmenu-toolbar-button {<br />
list-style-image: url("chrome://branding/content/icon16.png");<br />
}<br />
}}<br />
<br />
Adding the following to the same file will ''remove'' the "Firefox" text:<br />
{{bc|<br />
#appmenu-toolbar-button > .toolbarbutton-text,<br />
#appmenu-toolbar-button > .toolbarbutton-menu-dropmarker {<br />
display: none !important;<br />
}<br />
}}<br />
<br />
This userChrome.css configuration copies the default Windows Firefox 4+ look and adds an orange background to the button, with a purple background in Private Browsing mode:<br />
{{bc|<br />
#main-window:not([privatebrowsingmode]) #appmenu-toolbar-button {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(34,85%,60%), hsl(26,72%,53%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
<br />
#main-window:not([privatebrowsingmode]) #appmenu-toolbar-button:hover:not(:active):not([open]) {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(26,72%,53%), hsl(34,85%,60%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
<br />
#main-window:not([privatebrowsingmode]) #appmenu-toolbar-button:hover:active,<br />
#main-window:not([privatebrowsingmode]) #appmenu-toolbar-button[open] {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(26,72%,53%), hsl(26,72%,53%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
<br />
#appmenu-toolbar-button {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(279,70%,46%), hsl(276,75%,38%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
<br />
#main-window #appmenu-toolbar-button:hover:not(:active):not([open]) {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(276,75%,38%), hsl(279,70%,46%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
<br />
#main-window #appmenu-toolbar-button:hover:active,<br />
#main-window #appmenu-toolbar-button[open] {<br />
-moz-appearance: none !important;<br />
color: #FEEDFC !important;<br />
background: -moz-linear-gradient(hsl(276,75%,38%), hsl(276,75%,38%) 95%) !important;<br />
border: 1px solid #000000 !important;<br />
}<br />
}}<br />
<br />
{{Note|You need to create both the {{ic|chrome}} directory and {{ic|userChrome.css}}, if they do not already exist.}}<br />
<br />
==== Block ads ====<br />
<br />
See [http://www.floppymoose.com floppymoose.com] for an example of how to use {{ic|userContent.css}} as a basic ad-blocker.<br />
<br />
==== Remove fullscreen warning ====<br />
<br />
Warning about video displayed in full screen mode ("… is now fullscreen") can be disabled by setting "full-screen-api.warning.timeout" to 0 in about:config<br />
<br />
== Miscellaneous ==<br />
<br />
Other tips and tweaks.<br />
<br />
=== Enable additional media codecs ===<br />
<br />
{{Expansion|This section is not completed, there are many other variables related to Media Codecs in firefox.}}<br />
<br />
Before continuing, remember there is a reason some of these variables are not enabled by default, e.g. stability, memory leaks, etc. Go to {{ic|about:config}} and check the following options:<br />
<br />
{| class="wikitable"<br />
|+ Suggested values<br />
! Key || Value || Description<br />
|-<br />
| media.mediasource.enabled || true (default) || Enable [[wikipedia:Media_Source_Extensions|Media Source Extensions]] (MSE)<br />
|-<br />
| media.mediasource.mp4.enabled || true (default) || Enable [[wikipedia:MPEG-4_Part_14|MP4]] MSE<br />
|-<br />
| media.mediasource.webm.enabled || true (default) || Enable [[wikipedia:WebM|WebM]] MSE.<br />
|-<br />
| media.mediasource.ignore_codecs || true || Enable H.264 MSE, amongst other things (This boolean key has to be created!)<br />
|}<br />
<br />
==== Widevine and Netflix/Amazon Video ====<br />
<br />
Starting with version 50 (49 doesn't work because of [https://bugzilla.mozilla.org/show_bug.cgi?id=1303813 bug 1303813]), Firefox can play Widevine videos, such as those on Netflix and Amazon Prime. Making this actually work properly, however, takes some extra work.<br />
<br />
# '''Allow Firefox to install DRM.''' The first time you visit a Widevine-enabled page, Firefox will pop a prompt below the address bar asking for permission to install DRM. You have to approve this and then wait for the "Downloading" bar to disappear.<br />
# '''Forge a Chrome on Linux user agent.''' Netflix uses your user agent string to decide which player to serve you, and if it detects Firefox on Linux it will try to use Silverlight. Use a user agent string from Chrome on Linux such as {{ic|Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2876.0 Safari/537.36}}. This can be configured using the [https://addons.mozilla.org/firefox/addon/user-agent-switcher/ User Agent Switcher extension] or with {{ic|general.useragent.override}} in ''about:config''<br />
<br />
=== Mouse wheel scroll speed ===<br />
<br />
To modify the default values (i.e. speed-up) of the mouse wheel scroll speed, go to {{ic|about:config}} and search for {{ic|mousewheel.acceleration}}. This will show the available options, modifying the following:<br />
<br />
* Set {{ic|mousewheel.acceleration.start}} to '''-1'''.<br />
* Set {{ic|mousewheel.acceleration.factor}} to the desired number (10 to 20 are common values).<br />
<br />
Alternatively you can install the [http://smoothwheel.mozdev.org/ SmoothWheel add-on].<br />
<br />
=== Change the order of search engines in the Firefox Search Bar ===<br />
<br />
To change the order search engines are displayed in:<br />
* Open the drop-down list of search engines and click ''Manage Search Engines...'' entry.<br />
* Highlight the engine you want to move and use ''Move Up'' or ''Move Down'' to move it. Alternatively, you can use drag-and-drop.<br />
<br />
=== How to open a *.doc automatically with Abiword or LibreOffice Writer ===<br />
<br />
Go to ''Preferences > Applications'' and search for ''Word Document'' (or ''Word 2007 Document'' for {{ic|*.docx}}). After finding it, click the drop-down list and select ''Use other...''. From there you have to specify the exact path to the Abiword or Writer executable (i.e.{{ic|/usr/bin/abiword}} or {{ic|/usr/bin/lowriter}}).<br />
<br />
=== "I'm Feeling Lucky" mode ===<br />
<br />
Some search engines have a "feeling lucky" feature. For example, Google has "I'm Feeling Lucky", and DuckDuckGo has "I'm Feeling Ducky".<br />
<br />
To activate them:<br />
# Type {{ic|about:config}} in the address bar.<br />
# Search for the string {{ic|keyword.url}}.<br />
# Modify its value (if any) to the URL of the search engine. <br />
<br />
For Google, set it to:<br />
{{bc|<nowiki>https://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=</nowiki>}}<br />
For DuckDuckGo, set it to:<br />
{{bc|<nowiki>https://duckduckgo.com/?q=\</nowiki>}}<br />
<br />
=== Secure DNS with DNSSEC validator ===<br />
<br />
You can enable [[DNSSEC]] support for safer browsing.<br />
<br />
=== Adding magnet protocol association ===<br />
<br />
In {{ic|about:config}} set {{ic|network.protocol-handler.expose.magnet}} to '''false'''.<br />
<br />
The next time you open a magnet link, you will be prompted with a {{ic|Launch Application}} dialogue. From there simply select your chosen torrent client. This technique can also be used with other protocols.<br />
<br />
=== Adding magnet protocol association for kTorrent (KDE4) ===<br />
<br />
Create a user copy of {{ic|/usr/share/applications/kde4/ktorrent.desktop}} to {{ic|~/.local/share/applications/kde4/}}, and append to {{ic|1=Mimetype=}}<br />
<br />
x-scheme-handler/magnet<br />
<br />
Modify {{ic|~/.config/mimeapps.list}} and append:<br />
<br />
x-scheme-handler/magnet=kde4-ktorrent.desktop<br />
<br />
See [http://superuser.com/questions/44072/how-do-i-associate-magnet-links-with-ktorrent-in-firefox]<br />
<br />
=== Prevent accidental closing ===<br />
<br />
The [https://addons.mozilla.org/firefox/addon/disable-ctrl-q-shortcut/ Disable Ctrl-Q Shortcut] extension can be installed to prevent unwanted closing of the browser.<br />
<br />
An alternative is to add a rule in your window manager configuration file. For example in [[Openbox]] add:<br />
<keybind key="C-q"><br />
<action name="Execute"><br />
<execute>false</execute><br />
</action><br />
</keybind><br />
in the ''<keyboard>'' section of your {{ic|~/.config/openbox/rc.xml}} file.<br />
{{Note|This will be effective for every application used under a graphic server.}}<br />
<br />
=== Plugins do not work with latest version ===<br />
<br />
Due to Arch's bleeding edge nature, there can be some compatibility issues with plugins not working with the latest Firefox install (e.g. [http://5digits.org/pentadactyl/index Pentadactyl]). If possible, try installing the nightly/beta builds available, or see [[Downgrading packages]].<br />
<br />
[https://addons.mozilla.org/firefox/addon/checkcompatibility/ Disable Add-on Compatibility Checks] plugin should take care of spurious compatibility issues when the plugins get disabled, even though they work just fine with the new version.<br />
<br />
=== Jerky or choppy scrolling ===<br />
<br />
Scrolling in Firefox can feel "jerky" or "choppy". A post on [http://forums.mozillazine.org/viewtopic.php?f=8&t=2749475/ MozillaZine] gives settings that work on Gentoo, but reportedly work on Arch Linux as well: <br />
<br />
# Set {{ic|mousewheel.min_line_scroll_amount}} to 40<br />
# Set {{ic|general.smoothScroll}} and {{ic|general.smoothScroll.pages}} to '''false'''<br />
# Set {{ic|image.mem.min_discard_timeout_ms}} to something really large such as 2100000000 but no more than 2140000000. Above that number Firefox will not accept your entry and complain with the error code: "The text you entered is not a number." <br />
# Set {{ic|image.mem.max_decoded_image_kb}} to at least 512K<br />
<br />
Now scrolling should flow smoothly.<br />
<br />
=== Run Firefox inside an nspawn container ===<br />
<br />
{{Move|systemd-nspawn|This is potentially useful for any browser, so... move back?}}<br />
<br />
Note: on newer systems, you must enable local access to the user xserver with 'xhost local:root'<br />
<br />
To run as PID 1<br />
<br />
# systemd-nspawn --setenv=DISPLAY=:0 \<br />
--setenv=XAUTHORITY=~/.Xauthority \<br />
--bind-ro=$HOME/.Xauthority:/root/.Xauthority \<br />
--bind=/tmp/.X11-unix \<br />
-D ~/containers/firefox \<br />
firefox<br />
<br />
Else rather boot the container, with systemd ideally setting up your networking with [[systemd-networkd]]:<br />
<br />
# systemd-nspawn --bind-ro=$HOME/.Xauthority:/root/.Xauthority \<br />
--bind=/tmp/.X11-unix \<br />
-D ~/containers/firefox \<br />
--network-veth -b<br />
<br />
Once your container is booted, run the Xorg binary like so:<br />
<br />
# systemd-run -M firefox --setenv=DISPLAY=:0 firefox<br />
<br />
=== Show search matches position in scroll bar ===<br />
<br />
This chrome feature can be achieved via [https://addons.mozilla.org/firefox/addon/findbar-tweak/ FindBar Tweak] extension.<br />
<br />
== See also ==<br />
<br />
* [http://kb.mozillazine.org/Knowledge_Base MozillaZine Wiki]<br />
* [http://kb.mozillazine.org/About:config_entries about:config Entries Explained]<br />
* [http://linuxtidbits.wordpress.com/2009/08/01/better-fox-cat-and-weasel/ Firefox touch-ups that might be desired]</div>Avi9526https://wiki.archlinux.org/index.php?title=Roundcube&diff=459353Roundcube2016-12-14T23:24:27Z<p>Avi9526: minor fix in starttls section</p>
<hr />
<div>[[Category:Email clients]]<br />
[http://roundcube.net Roundcube] is a full-featured, [[PHP]] web-based mail client.<br />
<br />
== Installation ==<br />
Install the {{pkg|roundcubemail}} package.<br />
Further you will need a database (e.g. [[MariaDB]]) and a [[:Category:Web server|web server]] with [[PHP]]-support (this guide will assume the [[Apache HTTP Server]]).<br />
<br />
== Configuration ==<br />
<br />
=== MariaDB ===<br />
<br />
Here's an example on how you could setup a database for Roundcube with [[MariaDB]] called {{ic|roundcubemail}} for the user {{ic|roundcube}} identified by the password {{ic|password}}:<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE roundcubemail;<br />
GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';<br />
}}<br />
<br />
For any database you use, you will need to initialize the roundcubemail database tables. Here is an example of how to do this with [[MariaDB]]:<br />
<br />
$ mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/SQL/mysql.initial.sql<br />
<br />
=== SQLite ===<br />
<br />
A SQLite DB will be created automagically by Roundcube. Ensure the file specified in the config is located in a basedir location. Consider adding /var/lib/roundcubemail to your basedir definition. This implies creating the directory and chowning it to http.<br />
<br />
=== Other Databases ===<br />
<br />
Roundcubemail has installation scripts for mssql, Oracle, and Postgres.<br />
<br />
=== Roundcube ===<br />
<br />
Copy the example configuration file and adjust it to your configuration:<br />
<br />
# cp /etc/webapps/roundcubemail/config/config.inc.php.sample /etc/webapps/roundcubemail/config/config.inc.php<br />
<br />
Set your mail server settings, and set {{ic|enable_installer}} to enable the setup wizard:<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['db_dsnw'] = 'mysql://roundcube:****@localhost/roundcubemail';<br />
$config['default_host'] = 'tls://localhost';<br />
$config['smtp_server'] = 'localhost';<br />
$config['des_key'] = 'some_awesome_long_semi_random_string';<br />
$config['enable_installer'] = true;<br />
</nowiki>}}<br />
<br />
=== PHP ===<br />
<br />
Make sure to adjust following variables to these minimal values in your PHP config:<br />
<br />
{{hc|/etc/php/php.ini|<nowiki><br />
date.timezone = "UTC"<br />
</nowiki>}}<br />
<br />
and uncomment<br />
extension=iconv.so<br />
<br />
<br />
{{Warning| The distributed Apache conf file includes these directories. Adding to your php.ini will make them apply to all php web apps. See [http://phpsec.org/projects/phpsecinfo/tests/open_basedir.html phpsec open_basedir] }}<br />
You also need to make sure that PHP can access {{ic|/etc/webapps}} and {{ic|/usr/share/webapps}}. Add them to {{ic|open_basedir}} in {{ic|/etc/php/php.ini}} if open_basedir is not yet configured:<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
=== Webserver (Apache) ===<br />
<br />
Copy the configuration file for Apache to its configuration directory:<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/roundcube.conf<br />
<br />
And include it at the bottom of<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/roundcube.conf<br />
</nowiki>}}<br />
<br />
Restart Apache ({{ic|httpd.service}}).<br />
<br />
=== Webserver (Nginx) ===<br />
<br />
{{Warning|This is an example config of RoundCube running in an subdirectory of the web root and has been compiled based on experiments with information from multiple sources, proceed with caution}}<br />
<br />
{{Note|This assumes you already have a working [[nginx]] server setup with [[Nginx#PHP_configuration|php-fpm]]}}<br />
<br />
Add a location block for RoundCube<br />
<br />
{{hc|/etc/nginx.conf|<nowiki><br />
location /webmail {<br />
alias /usr/share/webapps/roundcubemail;<br />
access_log /var/log/nginx/roundcube_access.log;<br />
error_log /var/log/nginx/roundcube_error.log;<br />
# Favicon<br />
location ~ ^/webmail/favicon.ico$ {<br />
root /usr/share/webapps/roundcubemail/skins/classic/images;<br />
log_not_found off;<br />
access_log off;<br />
expires max;<br />
}<br />
# Robots file<br />
location ~ ^/webmail/robots.txt {<br />
allow all;<br />
log_not_found off;<br />
access_log off;<br />
}<br />
# Deny Protected directories <br />
location ~ ^/webmail/(config|temp|logs)/ {<br />
deny all;<br />
}<br />
location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {<br />
deny all;<br />
}<br />
location ~ ^/webmail/(bin|SQL)/ {<br />
deny all;<br />
}<br />
# Hide .md files<br />
location ~ ^/webmail/(.+\.md)$ {<br />
deny all;<br />
}<br />
# Hide all dot files<br />
location ~ ^/webmail/\. {<br />
deny all;<br />
access_log off;<br />
log_not_found off;<br />
}<br />
#Roundcube fastcgi config<br />
location ~ /webmail(/.*\.php)$ {<br />
include fastcgi.conf;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/roundcubemail/$fastcgi_script_name;<br />
fastcgi_param PATH_INFO $fastcgi_path_info;<br />
fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail";<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
Finally [[restart]] the {{ic|nginx.service}} unit.<br />
<br />
== Install Roundcube ==<br />
<br />
Finally you can visit the Roundcube installation wizard in your browser: http://localhost/roundcube/installer<br />
<br />
For security reasons, you should '''disable the installer when you have completed the wizard''': remove {{ic|1=$config['enable_installer'] = true;}} from {{ic|config.inc.php}}. <br />
<br />
Because the {{ic|~/roundcube/config}} directory contains sensitive information about your server, it's also a good idea to disallow access to this directory by adding these lines, too.<br />
<br />
{{hc|/etc/httpd/conf/extra/roundcube.conf|<nowiki><br />
<Directory /usr/share/webapps/roundcubemail/config><br />
Options -FollowSymLinks<br />
AllowOverride None<br />
Require all denied<br />
</Directory><br />
</nowiki>}}<br />
<br />
== Tips and tricks ==<br />
=== Setting Roundcube up for use with an IMAP/SMTP server that only allows TLS authentication ===<br />
It's quite common for modern IMAP/SMTP servers to only allow encrypted authentication, say using STARTTLS. '''If you are setting Roundcube up for TLS authentication, the web-based installer won't help you.''' You will need to edit the {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} by hand, adding the following lines:<br />
<br />
$config['default_host'] = 'tls://mail.my_domain.org';<br />
// For STARTTLS IMAP<br />
$config['imap_conn_options'] = array(<br />
'ssl' => array(<br />
'verify_peer' => true,<br />
// certificate is not self-signed if cafile provided<br />
'allow_self_signed' => false,<br />
'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem',<br />
// probably optional parameters<br />
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',<br />
'peer_name' => 'mail.my_domain.org',<br />
),<br />
);<br />
// For STARTTLS SMTP<br />
$config['smtp_conn_options'] = array(<br />
'ssl' => array(<br />
'verify_peer' => true,<br />
// certificate is not self-signed if cafile provided<br />
'allow_self_signed' => false,<br />
'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem',<br />
// probably optional parameters<br />
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',<br />
'peer_name' => 'mail.my_domain.org',<br />
),<br />
);<br />
<br />
<br />
where {{ic|mail.my_domain.org}} is the {{ic|CN}} host name in your SSL certificate (i.e. the hostname of your IMAP server), and {{ic|/etc/ssl/certs/Your_CA_certificate.pem}} is the path to your SSL certificate. You might need to adjust the {{ic|ciphers}} element to correspond to the ciphers allowed by your IMAP server.<br />
<br />
A complete list of PHP SSL configuration options [http://php.net/manual/en/context.ssl.php can be found here].<br />
<br />
=== PDF and OpenDocument file preview ===<br />
The following Roundcube extensions enable you to preview PDF or OpenDocument file attachements.<br />
<br />
==== PHP 5 ====<br />
Install {{AUR|roundcubemail-plugins-kolab}} from the [[AUR]] and adjust following configuration file to enable the extensions.<br />
<br />
==== PHP 7 ====<br />
Since PHP 7 was released {{AUR|php-kolabformat}} will no longer build, thus we must install the plugins manually. This can be done by issuing the following commands.<br />
<br />
===== Build php-kolab =====<br />
This is only required if you wish to use odfviewer, pdfviewer works out of the box<br />
Coming Soon<br />
<br />
# cd /tmp<br />
# git clone https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git<br />
# cd /usr/share/webapps/roundcubemail/plugins<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/pdfviewer .<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/odfviewer .<br />
<br />
==== Enable the Plugins ====<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'pdfviewer',<br />
'odfviewer'<br />
);<br />
</nowiki>}}<br />
<br />
If you encounter any file permission issues, than try this command:<br />
{{bc|chown -R http:http /usr/share/webapps/roundcubemail/plugins/odfviewer/files}}<br />
<br />
=== Calendar Support ===<br />
==== PHP 7 ====<br />
With the release of PHP7 {{AUR|roundcubemail-plugins-kolab}} will not successfully build since it depends on {{AUR|php-kolabformat}} which does not build with the PHP7 source. We must manually install these plugins, so execute the following commands.<br />
<br />
# cd /tmp<br />
# git clone https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git<br />
# cd /usr/share/webapps/roundcubemail/plugins<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/calendar .<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/libcalendaring .<br />
<br />
==== PHP 5 ====<br />
Install {{AUR|roundcubemail-plugins-kolab}}<br />
<br />
==== Update the roundcube database ====<br />
# mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/plugins/calendar/drivers/database/SQL/mysql.initial.sql<br />
<br />
==== Configure the calendar service ====<br />
The default configuration should suffice for most applications, however we still need to move it into place.<br />
# cp /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php.dist /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php<br />
<br />
==== Sabre\VObject\Property\Text Not Found ====<br />
If you get this error, it means that either Sabre was not included with the plugin or it is out of date<br />
# cd /usr/share/webapps/roundcubemail ; composer update ; composer require sabre/dav ~3.1.3<br />
<br />
==== Enable the Plugin ====<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'calendar'<br />
);<br />
</nowiki>}}<br />
<br />
=== Synchronize address book with CardDav contacts ===<br />
It's useful to use the Roundcube address book to have auto-completion features for address fields etc. If you have your contacts stored somewhere else and the remote application offers a CardDav server for synchronization, then you can use the {{AUR|roundcube-rcmcarddav}} extension from the [[AUR]] to access your remote address book in Roundcube. To enable it, adjust following lines in your config file:<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'carddav'<br />
);</nowiki>}}<br />
Further usage instructions can be found [https://github.com/blind-coder/rcmcarddav here].<br />
<br />
== Troubleshooting ==<br />
=== SMTP Error: Authentication failure ===<br />
You may first try to disable(comment) the following settings in ''config.inc.php'' as shown:<br />
//$config['smtp_user'] = '%u';<br />
//$config['smtp_pass'] = '%p';<br />
<br />
<br />
== See also ==<br />
* [https://github.com/roundcube/roundcubemail/wiki/Configuration The Roundcube Howto Config Wiki page]<br />
* [http://roundcube.net Offical web page]<br />
* [https://github.com/roundcube/roundcubemail/wiki/Installation Official installation manual]</div>Avi9526https://wiki.archlinux.org/index.php?title=Roundcube&diff=459351Roundcube2016-12-14T23:22:38Z<p>Avi9526: add smtp_conn_options when using starttls smtp</p>
<hr />
<div>[[Category:Email clients]]<br />
[http://roundcube.net Roundcube] is a full-featured, [[PHP]] web-based mail client.<br />
<br />
== Installation ==<br />
Install the {{pkg|roundcubemail}} package.<br />
Further you will need a database (e.g. [[MariaDB]]) and a [[:Category:Web server|web server]] with [[PHP]]-support (this guide will assume the [[Apache HTTP Server]]).<br />
<br />
== Configuration ==<br />
<br />
=== MariaDB ===<br />
<br />
Here's an example on how you could setup a database for Roundcube with [[MariaDB]] called {{ic|roundcubemail}} for the user {{ic|roundcube}} identified by the password {{ic|password}}:<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE roundcubemail;<br />
GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';<br />
}}<br />
<br />
For any database you use, you will need to initialize the roundcubemail database tables. Here is an example of how to do this with [[MariaDB]]:<br />
<br />
$ mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/SQL/mysql.initial.sql<br />
<br />
=== SQLite ===<br />
<br />
A SQLite DB will be created automagically by Roundcube. Ensure the file specified in the config is located in a basedir location. Consider adding /var/lib/roundcubemail to your basedir definition. This implies creating the directory and chowning it to http.<br />
<br />
=== Other Databases ===<br />
<br />
Roundcubemail has installation scripts for mssql, Oracle, and Postgres.<br />
<br />
=== Roundcube ===<br />
<br />
Copy the example configuration file and adjust it to your configuration:<br />
<br />
# cp /etc/webapps/roundcubemail/config/config.inc.php.sample /etc/webapps/roundcubemail/config/config.inc.php<br />
<br />
Set your mail server settings, and set {{ic|enable_installer}} to enable the setup wizard:<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['db_dsnw'] = 'mysql://roundcube:****@localhost/roundcubemail';<br />
$config['default_host'] = 'tls://localhost';<br />
$config['smtp_server'] = 'localhost';<br />
$config['des_key'] = 'some_awesome_long_semi_random_string';<br />
$config['enable_installer'] = true;<br />
</nowiki>}}<br />
<br />
=== PHP ===<br />
<br />
Make sure to adjust following variables to these minimal values in your PHP config:<br />
<br />
{{hc|/etc/php/php.ini|<nowiki><br />
date.timezone = "UTC"<br />
</nowiki>}}<br />
<br />
and uncomment<br />
extension=iconv.so<br />
<br />
<br />
{{Warning| The distributed Apache conf file includes these directories. Adding to your php.ini will make them apply to all php web apps. See [http://phpsec.org/projects/phpsecinfo/tests/open_basedir.html phpsec open_basedir] }}<br />
You also need to make sure that PHP can access {{ic|/etc/webapps}} and {{ic|/usr/share/webapps}}. Add them to {{ic|open_basedir}} in {{ic|/etc/php/php.ini}} if open_basedir is not yet configured:<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/<br />
<br />
=== Webserver (Apache) ===<br />
<br />
Copy the configuration file for Apache to its configuration directory:<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/roundcube.conf<br />
<br />
And include it at the bottom of<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/roundcube.conf<br />
</nowiki>}}<br />
<br />
Restart Apache ({{ic|httpd.service}}).<br />
<br />
=== Webserver (Nginx) ===<br />
<br />
{{Warning|This is an example config of RoundCube running in an subdirectory of the web root and has been compiled based on experiments with information from multiple sources, proceed with caution}}<br />
<br />
{{Note|This assumes you already have a working [[nginx]] server setup with [[Nginx#PHP_configuration|php-fpm]]}}<br />
<br />
Add a location block for RoundCube<br />
<br />
{{hc|/etc/nginx.conf|<nowiki><br />
location /webmail {<br />
alias /usr/share/webapps/roundcubemail;<br />
access_log /var/log/nginx/roundcube_access.log;<br />
error_log /var/log/nginx/roundcube_error.log;<br />
# Favicon<br />
location ~ ^/webmail/favicon.ico$ {<br />
root /usr/share/webapps/roundcubemail/skins/classic/images;<br />
log_not_found off;<br />
access_log off;<br />
expires max;<br />
}<br />
# Robots file<br />
location ~ ^/webmail/robots.txt {<br />
allow all;<br />
log_not_found off;<br />
access_log off;<br />
}<br />
# Deny Protected directories <br />
location ~ ^/webmail/(config|temp|logs)/ {<br />
deny all;<br />
}<br />
location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {<br />
deny all;<br />
}<br />
location ~ ^/webmail/(bin|SQL)/ {<br />
deny all;<br />
}<br />
# Hide .md files<br />
location ~ ^/webmail/(.+\.md)$ {<br />
deny all;<br />
}<br />
# Hide all dot files<br />
location ~ ^/webmail/\. {<br />
deny all;<br />
access_log off;<br />
log_not_found off;<br />
}<br />
#Roundcube fastcgi config<br />
location ~ /webmail(/.*\.php)$ {<br />
include fastcgi.conf;<br />
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;<br />
fastcgi_split_path_info ^/webmail/(.+\.php)(/.*)$;<br />
fastcgi_index index.php;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/roundcubemail/$fastcgi_script_name;<br />
fastcgi_param PATH_INFO $fastcgi_path_info;<br />
fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail";<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
Finally [[restart]] the {{ic|nginx.service}} unit.<br />
<br />
== Install Roundcube ==<br />
<br />
Finally you can visit the Roundcube installation wizard in your browser: http://localhost/roundcube/installer<br />
<br />
For security reasons, you should '''disable the installer when you have completed the wizard''': remove {{ic|1=$config['enable_installer'] = true;}} from {{ic|config.inc.php}}. <br />
<br />
Because the {{ic|~/roundcube/config}} directory contains sensitive information about your server, it's also a good idea to disallow access to this directory by adding these lines, too.<br />
<br />
{{hc|/etc/httpd/conf/extra/roundcube.conf|<nowiki><br />
<Directory /usr/share/webapps/roundcubemail/config><br />
Options -FollowSymLinks<br />
AllowOverride None<br />
Require all denied<br />
</Directory><br />
</nowiki>}}<br />
<br />
== Tips and tricks ==<br />
=== Setting Roundcube up for use with an IMAP/SMTP server that only allows TLS authentication ===<br />
It's quite common for modern IMAP/SMTP servers to only allow encrypted authentication, say using STARTTLS. '''If you are setting Roundcube up for TLS authentication, the web-based installer won't help you.''' You will need to edit the {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} by hand, adding the following lines:<br />
<br />
$config['default_host'] = 'tls://mail.my_domain.org';<br />
<br />
// For STARTTLS IMAP<br />
$config['imap_conn_options'] = array(<br />
'ssl' => array(<br />
'verify_peer' => true,<br />
// certificate is not self-signed if cafile provided<br />
'allow_self_signed' => false,<br />
'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem',<br />
// probably optional parameters<br />
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',<br />
'peer_name' => 'mail.my_domain.org',<br />
),<br />
);<br />
// For STARTTLS SMTP<br />
$config['smtp_conn_options'] = array(<br />
'ssl' => array(<br />
'verify_peer' => true,<br />
// certificate is not self-signed if cafile provided<br />
'allow_self_signed' => false,<br />
'cafile' => '/etc/ssl/certs/Your_CA_certificate.pem',<br />
// probably optional parameters<br />
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',<br />
'peer_name' => 'mail.my_domain.org',<br />
),<br />
);<br />
<br />
<br />
where {{ic|mail.my_domain.org}} is the {{ic|CN}} host name in your SSL certificate (i.e. the hostname of your IMAP server), and {{ic|/etc/ssl/certs/ssl-cert-cyrus.my_domain.org.pem}} is the path to your SSL certificate. You might need to adjust the {{ic|ciphers}} element to correspond to the ciphers allowed by your IMAP server.<br />
<br />
A complete list of PHP SSL configuration options [http://php.net/manual/en/context.ssl.php can be found here].<br />
<br />
=== PDF and OpenDocument file preview ===<br />
The following Roundcube extensions enable you to preview PDF or OpenDocument file attachements.<br />
<br />
==== PHP 5 ====<br />
Install {{AUR|roundcubemail-plugins-kolab}} from the [[AUR]] and adjust following configuration file to enable the extensions.<br />
<br />
==== PHP 7 ====<br />
Since PHP 7 was released {{AUR|php-kolabformat}} will no longer build, thus we must install the plugins manually. This can be done by issuing the following commands.<br />
<br />
===== Build php-kolab =====<br />
This is only required if you wish to use odfviewer, pdfviewer works out of the box<br />
Coming Soon<br />
<br />
# cd /tmp<br />
# git clone https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git<br />
# cd /usr/share/webapps/roundcubemail/plugins<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/pdfviewer .<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/odfviewer .<br />
<br />
==== Enable the Plugins ====<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'pdfviewer',<br />
'odfviewer'<br />
);<br />
</nowiki>}}<br />
<br />
If you encounter any file permission issues, than try this command:<br />
{{bc|chown -R http:http /usr/share/webapps/roundcubemail/plugins/odfviewer/files}}<br />
<br />
=== Calendar Support ===<br />
==== PHP 7 ====<br />
With the release of PHP7 {{AUR|roundcubemail-plugins-kolab}} will not successfully build since it depends on {{AUR|php-kolabformat}} which does not build with the PHP7 source. We must manually install these plugins, so execute the following commands.<br />
<br />
# cd /tmp<br />
# git clone https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git<br />
# cd /usr/share/webapps/roundcubemail/plugins<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/calendar .<br />
# cp -r /tmp/roundcubemail-plugins-kolab/plugins/libcalendaring .<br />
<br />
==== PHP 5 ====<br />
Install {{AUR|roundcubemail-plugins-kolab}}<br />
<br />
==== Update the roundcube database ====<br />
# mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/plugins/calendar/drivers/database/SQL/mysql.initial.sql<br />
<br />
==== Configure the calendar service ====<br />
The default configuration should suffice for most applications, however we still need to move it into place.<br />
# cp /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php.dist /usr/share/webapps/roundcubemail/plugins/calendar/config.inc.php<br />
<br />
==== Sabre\VObject\Property\Text Not Found ====<br />
If you get this error, it means that either Sabre was not included with the plugin or it is out of date<br />
# cd /usr/share/webapps/roundcubemail ; composer update ; composer require sabre/dav ~3.1.3<br />
<br />
==== Enable the Plugin ====<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'calendar'<br />
);<br />
</nowiki>}}<br />
<br />
=== Synchronize address book with CardDav contacts ===<br />
It's useful to use the Roundcube address book to have auto-completion features for address fields etc. If you have your contacts stored somewhere else and the remote application offers a CardDav server for synchronization, then you can use the {{AUR|roundcube-rcmcarddav}} extension from the [[AUR]] to access your remote address book in Roundcube. To enable it, adjust following lines in your config file:<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array(<br />
'carddav'<br />
);</nowiki>}}<br />
Further usage instructions can be found [https://github.com/blind-coder/rcmcarddav here].<br />
<br />
== Troubleshooting ==<br />
=== SMTP Error: Authentication failure ===<br />
You may first try to disable(comment) the following settings in ''config.inc.php'' as shown:<br />
//$config['smtp_user'] = '%u';<br />
//$config['smtp_pass'] = '%p';<br />
<br />
<br />
== See also ==<br />
* [https://github.com/roundcube/roundcubemail/wiki/Configuration The Roundcube Howto Config Wiki page]<br />
* [http://roundcube.net Offical web page]<br />
* [https://github.com/roundcube/roundcubemail/wiki/Installation Official installation manual]</div>Avi9526https://wiki.archlinux.org/index.php?title=PCI_passthrough_via_OVMF&diff=390702PCI passthrough via OVMF2015-08-09T19:33:46Z<p>Avi9526: /* PCI-STUB & IOMMU */ putting pci-stub in mkinitcpio.conf-MODULES not working for me, forum closed, no one to ask</p>
<hr />
<div>[[Category:Virtualization]]<br />
{{Expansion|Missing introduction and descriptions of ''why'' the steps are necessary (it may be explained in the external sources, but still...)}}<br />
<br />
This is a guide on how to do PCI VGA Passthrough on QEMU. Since kernel 3.19 and a change in QEMU, it is now possible to passthrough a graphics card, offering the VM native graphics performance which is useful when doing graphic-intensive tasks such as gaming. To do this, you need two graphics cards, one for the host and one for the VM; it is possible to use integrated graphics for the host. Your processor and motherboard also need to support AMD-VI/VT-D.<br />
<br />
==Installation==<br />
<br />
[[Install]] {{Pkg|qemu}} and {{Pkg|rpmextract}}. <br />
<br />
Install edk2.git-ovmf-x64 from [https://www.kraxel.org/repos/jenkins/edk2/ Gerd Hoffman's repository].<br />
<br />
Extract that archive to /usr:<br />
<br />
{{bc|# rpmextract.sh edk2.git-ovmf-x64-0-20150223.b877.ga8577b3.noarch.rpm<br />
# cp -R ./usr/share/* /usr/share}}<br />
<br />
Ensure /usr/share/edk2.git/ovmf-x64 contains these files:<br />
{{hc|$ ls /usr/share/edk2.git/ovmf-x64/*pure*.fd|<br />
/usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd<br />
/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd<br />
/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd}}<br />
<br />
This will be the BIOS that the VM will use. Non-UEFI users may need to use i440fx without OVMF, and the i915 vga arbiter patch for Intel graphics as host, see this forum thread. For users that do have a UEFI compatible motherboard but a UEFI incompatible graphics card, look at this post.<br />
<br />
==Setting up libvirt==<br />
<br />
See [[Polkit#Bypass password prompt]] to bypass the password prompt, then [[enable]] and start {{ic|libvirtd.service}}.<br />
<br />
Start ''virtmanager'' and configure the hypervisor. Virtmanager should connect to the qemu session.<br />
<br />
==PCI-STUB & IOMMU==<br />
<br />
If you are on Intel, add intel_iommu=on to your [[Kernel_parameters|bootloader kernel options]].<br />
<br />
You may also need to add {{ic|pci-stub}} to {{ic|/etc/mkinitcpio.conf}}<br />
{{hc|<nowiki>/etc/mkinitcpio.conf</nowiki>|<nowiki>MODULES="... pci-stub ..."</nowiki>}}<br />
if it doesn't work, you may try add it to /etc/modules-load.d/:<br />
echo "pci-stub" > /etc/modules-load.d/libvirt.conf<br />
<br />
Check dmesg to confirm after reboot:<br />
{{hc|dmesg<nowiki>|</nowiki>grep -e DMAR -e IOMMU|<br />
[ 0.000000] ACPI: DMAR 0x00000000BDCB1CB0 0000B8 (v01 INTEL BDW 00000001 INTL 00000001)<br />
[ 0.000000] Intel-IOMMU: enabled<br />
[ 0.028879] dmar: IOMMU 0: reg_base_addr fed90000 ver 1:0 cap c0000020660462 ecap f0101a<br />
[ 0.028883] dmar: IOMMU 1: reg_base_addr fed91000 ver 1:0 cap d2008c20660462 ecap f010da<br />
[ 0.028950] IOAPIC id 8 under DRHD base 0xfed91000 IOMMU 1<br />
[ 0.536212] DMAR: No ATSR found<br />
[ 0.536229] IOMMU 0 0xfed90000: using Queued invalidation<br />
[ 0.536230] IOMMU 1 0xfed91000: using Queued invalidation<br />
[ 0.536231] IOMMU: Setting RMRR:<br />
[ 0.536241] IOMMU: Setting identity map for device 0000:00:02.0 [0xbf000000 - 0xcf1fffff]<br />
[ 0.537490] IOMMU: Setting identity map for device 0000:00:14.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537512] IOMMU: Setting identity map for device 0000:00:1a.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537530] IOMMU: Setting identity map for device 0000:00:1d.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537543] IOMMU: Prepare 0-16MiB unity mapping for LPC<br />
[ 0.537549] IOMMU: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]<br />
[ 2.182790] [drm] DMAR active, disabling use of stolen memory}}<br />
<br />
==Bind the GPU==<br />
Find your target card's PCI location:<br />
{{hc|lspci -nn<nowiki>|</nowiki>grep -iP "NVIDIA<nowiki>|</nowiki>Radeon"|<br />
01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cayman PRO [Radeon HD 6950] [1002:6719]<br />
01:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Cayman/Antilles HDMI Audio [Radeon HD 6900 Series] [1002:aa80]<br />
04:00.0 VGA compatible controller [0300]: NVIDIA Corporation G73 [GeForce 7600 GS] [10de:0392] (rev a1)}}<br />
<br />
Add the PCI location to the kernel command line (e.g., in file /etc/default/grub, parameter "GRUB_CMDLINE_LINUX_DEFAULT"):<br />
pci-stub.ids=10de:0392<br />
<br />
If your graphic card have audio as separated PCI device it's must be added as well:<br />
pci-stub.ids=1002:6719,1002:aa80<br />
<br />
Check dmesg output for successful assigning of the device to a pci-stub:<br />
{{hc|dmesg <nowiki>|</nowiki> grep pci-stub|<br />
...<br />
[ 2.390128] pci-stub: add 1002:6719 sub<nowiki>=</nowiki>FFFFFFFF:FFFFFFFF cls<nowiki>=</nowiki>00000000/00000000<br />
[ 2.390143] pci-stub 0000:01:00.0: claimed by stub<br />
[ 2.390150] pci-stub: add 1002:AA80 sub<nowiki>=</nowiki>FFFFFFFF:FFFFFFFF cls<nowiki>=</nowiki>00000000/00000000<br />
[ 2.390159] pci-stub 0000:01:00.1: claimed by stub<br />
...}}<br />
<br />
There are many methods to bind the card to vfio, here are two examples:<br />
*[http://www.firewing1.com/howtos/fedora-20/create-gaming-virtual-machine-using-vfio-pci-passthrough-kvm firewing1 webpage]. Check the part after grub2-mkconfig.<br />
*[https://bbs.archlinux.org/viewtopic.php?id=162768 BBS topic]. Down below the red stars.<br />
<br />
==Blacklist modules==<br />
<br />
Blacklist {{ic|radeon}} or {{ic|nouveau}} or {{ic|nvidia}} or {{ic|fglrx}} in {{ic|/etc/modprobe.d/blacklist.conf}}.<br />
<br />
Example, blacklisting the opensource radeon module:<br />
{{hc|/etc/modprobe.d/modprobe.conf|blacklist radeon}}<br />
<br />
==QEMU permissions==<br />
<br />
Give QEMU access to hardware (there may be safer ways of doing this):<br />
{{hc|<nowiki>/etc/libvirt/qemu.conf</nowiki>|<nowiki>...<br />
user = "root"<br />
group = "root"<br />
clear_emulator_capabilities = 0</nowiki>}}<br />
<br />
QEMU also needs acces to VFIO files. Include every numbered file in /dev/vfio:<br />
<br />
ls -1 /dev/vfio<br />
<br />
{{hc|<nowiki>/etc/libvirt/qemu.conf</nowiki>|<nowiki>...<br />
cgroup_device_acl = [<br />
"/dev/null", "/dev/full", "/dev/zero",<br />
"/dev/random", "/dev/urandom",<br />
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",<br />
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",<br />
"/dev/vfio/1"<br />
]<br />
...</nowiki>}}<br />
<br />
Referenced from [http://www.firewing1.com/howtos/fedora-20/create-gaming-virtual-machine-using-vfio-pci-passthrough-kvm firewing1's webpage]<br />
<br />
==QEMU commands==<br />
<br />
This is the command to run QEMU with VGA Passthrough:<br />
cp /usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd /tmp/my_vars.fd<br />
qemu-system-x86_64 \<br />
-enable-kvm \<br />
-m 2048 \<br />
-cpu host,kvm=off \<br />
-vga none \<br />
-device vfio-pci,host=01:00.0 \<br />
-drive if=pflash,format=raw,readonly,file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd \<br />
-drive if=pflash,format=raw,file=/tmp/my_vars.fd<br />
<br />
{{ic|1=-enable KVM}} - enables KVM for your system, using AMD-VI/VT-D for hardware virtualisation.<br />
<br />
{{ic|1=-m [number]}} - sets the amount of memory the VM should have.<br />
<br />
{{ic|1=-cpu host, kvm=off}} - emulate the host's exact CPU. {{ic|1=kvm=off}} is used for NVIDIA cards to stop it detecting a hypervisor and therefore exiting with an error.<br />
<br />
{{ic|1=-vga none}} - disables the built in graphics card emulation.<br />
<br />
{{ic|1=-device vfio-pci,host=01:00.0 \}} - graphics card(s) you are using for VGA passthrough.<br />
<br />
{{ic|1=-drive if=flash,format=raw,readonly,file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd}} BIOS location.<br />
<br />
For more commands see [https://wiki.archlinux.org/index.php/QEMU QEMU.]<br />
<br />
==Create and configure VM for OVMF==<br />
<br />
[http://vfio.blogspot.com/2014/08/primary-graphics-assignment-without-vga.html Alex Williamson's blog]<br />
<br />
Use virsh to edit the VM with these changes:<br />
<br />
{{bc|<nowiki><domain type='kvm'></nowiki>}}<br />
<br />
{{bc|<nowiki><os><br />
<loader readonly='yes' type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader><br />
<nvram template='/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd'/><br />
</os></nowiki>}}<br />
{{bc|<nowiki><hyperv><br />
<relaxed state='off'/><br />
<vapic state='off'/><br />
<spinlocks state='off'/><br />
</hyperv></nowiki>}}<br />
{{bc|<nowiki><features><br />
<kvm><br />
<hidden state='on'/><br />
</kvm><br />
</features></nowiki>}}<br />
{{bc|<nowiki><clock><br />
<timer name='hypervclock' present='no'/><br />
</clock></nowiki>}}<br />
<br />
==Operating system==<br />
<br />
Depending on your operating system, you may find that it may refuse to boot after a certain point. To work around this, simply replace {{ic|-vga none}} to {{ic|-vga qxl}}, install your operating system, check Device Manager and see if your graphics card has PCI device id equal to your actual GPU and install the graphics card driver, and then change it back to {{ic|-vga none}}.<br />
<br />
==See also==<br />
* [https://bbs.archlinux.org/viewtopic.php?id=162768 Discussion on Arch Linux forums]<br />
* [https://docs.google.com/spreadsheet/ccc?key=0Aryg5nO-kBebdFozaW9tUWdVd2VHM0lvck95TUlpMlE User contributed hardware compatibility list]</div>Avi9526https://wiki.archlinux.org/index.php?title=PCI_passthrough_via_OVMF&diff=390699PCI passthrough via OVMF2015-08-09T19:23:59Z<p>Avi9526: /* Bind the GPU */ info about checking if pci-stub worked</p>
<hr />
<div>[[Category:Virtualization]]<br />
{{Expansion|Missing introduction and descriptions of ''why'' the steps are necessary (it may be explained in the external sources, but still...)}}<br />
<br />
This is a guide on how to do PCI VGA Passthrough on QEMU. Since kernel 3.19 and a change in QEMU, it is now possible to passthrough a graphics card, offering the VM native graphics performance which is useful when doing graphic-intensive tasks such as gaming. To do this, you need two graphics cards, one for the host and one for the VM; it is possible to use integrated graphics for the host. Your processor and motherboard also need to support AMD-VI/VT-D.<br />
<br />
==Installation==<br />
<br />
[[Install]] {{Pkg|qemu}} and {{Pkg|rpmextract}}. <br />
<br />
Install edk2.git-ovmf-x64 from [https://www.kraxel.org/repos/jenkins/edk2/ Gerd Hoffman's repository].<br />
<br />
Extract that archive to /usr:<br />
<br />
{{bc|# rpmextract.sh edk2.git-ovmf-x64-0-20150223.b877.ga8577b3.noarch.rpm<br />
# cp -R ./usr/share/* /usr/share}}<br />
<br />
Ensure /usr/share/edk2.git/ovmf-x64 contains these files:<br />
{{hc|$ ls /usr/share/edk2.git/ovmf-x64/*pure*.fd|<br />
/usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd<br />
/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd<br />
/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd}}<br />
<br />
This will be the BIOS that the VM will use. Non-UEFI users may need to use i440fx without OVMF, and the i915 vga arbiter patch for Intel graphics as host, see this forum thread. For users that do have a UEFI compatible motherboard but a UEFI incompatible graphics card, look at this post.<br />
<br />
==Setting up libvirt==<br />
<br />
See [[Polkit#Bypass password prompt]] to bypass the password prompt, then [[enable]] and start {{ic|libvirtd.service}}.<br />
<br />
Start ''virtmanager'' and configure the hypervisor. Virtmanager should connect to the qemu session.<br />
<br />
==PCI-STUB & IOMMU==<br />
<br />
If you are on Intel, add intel_iommu=on to your [[Kernel_parameters|bootloader kernel options]].<br />
<br />
You may also need to add {{ic|pci-stub}} to {{ic|/etc/mkinitcpio.conf}}<br />
{{hc|<nowiki>/etc/mkinitcpio.conf</nowiki>|<nowiki>MODULES="... pci-stub ..."</nowiki>}}<br />
<br />
Check dmesg to confirm after reboot:<br />
{{hc|dmesg<nowiki>|</nowiki>grep -e DMAR -e IOMMU|<br />
[ 0.000000] ACPI: DMAR 0x00000000BDCB1CB0 0000B8 (v01 INTEL BDW 00000001 INTL 00000001)<br />
[ 0.000000] Intel-IOMMU: enabled<br />
[ 0.028879] dmar: IOMMU 0: reg_base_addr fed90000 ver 1:0 cap c0000020660462 ecap f0101a<br />
[ 0.028883] dmar: IOMMU 1: reg_base_addr fed91000 ver 1:0 cap d2008c20660462 ecap f010da<br />
[ 0.028950] IOAPIC id 8 under DRHD base 0xfed91000 IOMMU 1<br />
[ 0.536212] DMAR: No ATSR found<br />
[ 0.536229] IOMMU 0 0xfed90000: using Queued invalidation<br />
[ 0.536230] IOMMU 1 0xfed91000: using Queued invalidation<br />
[ 0.536231] IOMMU: Setting RMRR:<br />
[ 0.536241] IOMMU: Setting identity map for device 0000:00:02.0 [0xbf000000 - 0xcf1fffff]<br />
[ 0.537490] IOMMU: Setting identity map for device 0000:00:14.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537512] IOMMU: Setting identity map for device 0000:00:1a.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537530] IOMMU: Setting identity map for device 0000:00:1d.0 [0xbdea8000 - 0xbdeb6fff]<br />
[ 0.537543] IOMMU: Prepare 0-16MiB unity mapping for LPC<br />
[ 0.537549] IOMMU: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]<br />
[ 2.182790] [drm] DMAR active, disabling use of stolen memory}}<br />
<br />
==Bind the GPU==<br />
Find your target card's PCI location:<br />
{{hc|lspci -nn<nowiki>|</nowiki>grep -iP "NVIDIA<nowiki>|</nowiki>Radeon"|<br />
01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Cayman PRO [Radeon HD 6950] [1002:6719]<br />
01:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI] Cayman/Antilles HDMI Audio [Radeon HD 6900 Series] [1002:aa80]<br />
04:00.0 VGA compatible controller [0300]: NVIDIA Corporation G73 [GeForce 7600 GS] [10de:0392] (rev a1)}}<br />
<br />
Add the PCI location to the kernel command line (e.g., in file /etc/default/grub, parameter "GRUB_CMDLINE_LINUX_DEFAULT"):<br />
pci-stub.ids=10de:0392<br />
<br />
If your graphic card have audio as separated PCI device it's must be added as well:<br />
pci-stub.ids=1002:6719,1002:aa80<br />
<br />
Check dmesg output for successful assigning of the device to a pci-stub:<br />
{{hc|dmesg <nowiki>|</nowiki> grep pci-stub|<br />
...<br />
[ 2.390128] pci-stub: add 1002:6719 sub<nowiki>=</nowiki>FFFFFFFF:FFFFFFFF cls<nowiki>=</nowiki>00000000/00000000<br />
[ 2.390143] pci-stub 0000:01:00.0: claimed by stub<br />
[ 2.390150] pci-stub: add 1002:AA80 sub<nowiki>=</nowiki>FFFFFFFF:FFFFFFFF cls<nowiki>=</nowiki>00000000/00000000<br />
[ 2.390159] pci-stub 0000:01:00.1: claimed by stub<br />
...}}<br />
<br />
There are many methods to bind the card to vfio, here are two examples:<br />
*[http://www.firewing1.com/howtos/fedora-20/create-gaming-virtual-machine-using-vfio-pci-passthrough-kvm firewing1 webpage]. Check the part after grub2-mkconfig.<br />
*[https://bbs.archlinux.org/viewtopic.php?id=162768 BBS topic]. Down below the red stars.<br />
<br />
==Blacklist modules==<br />
<br />
Blacklist {{ic|radeon}} or {{ic|nouveau}} or {{ic|nvidia}} or {{ic|fglrx}} in {{ic|/etc/modprobe.d/blacklist.conf}}.<br />
<br />
Example, blacklisting the opensource radeon module:<br />
{{hc|/etc/modprobe.d/modprobe.conf|blacklist radeon}}<br />
<br />
==QEMU permissions==<br />
<br />
Give QEMU access to hardware (there may be safer ways of doing this):<br />
{{hc|<nowiki>/etc/libvirt/qemu.conf</nowiki>|<nowiki>...<br />
user = "root"<br />
group = "root"<br />
clear_emulator_capabilities = 0</nowiki>}}<br />
<br />
QEMU also needs acces to VFIO files. Include every numbered file in /dev/vfio:<br />
<br />
ls -1 /dev/vfio<br />
<br />
{{hc|<nowiki>/etc/libvirt/qemu.conf</nowiki>|<nowiki>...<br />
cgroup_device_acl = [<br />
"/dev/null", "/dev/full", "/dev/zero",<br />
"/dev/random", "/dev/urandom",<br />
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",<br />
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",<br />
"/dev/vfio/1"<br />
]<br />
...</nowiki>}}<br />
<br />
Referenced from [http://www.firewing1.com/howtos/fedora-20/create-gaming-virtual-machine-using-vfio-pci-passthrough-kvm firewing1's webpage]<br />
<br />
==QEMU commands==<br />
<br />
This is the command to run QEMU with VGA Passthrough:<br />
cp /usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd /tmp/my_vars.fd<br />
qemu-system-x86_64 \<br />
-enable-kvm \<br />
-m 2048 \<br />
-cpu host,kvm=off \<br />
-vga none \<br />
-device vfio-pci,host=01:00.0 \<br />
-drive if=pflash,format=raw,readonly,file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd \<br />
-drive if=pflash,format=raw,file=/tmp/my_vars.fd<br />
<br />
{{ic|1=-enable KVM}} - enables KVM for your system, using AMD-VI/VT-D for hardware virtualisation.<br />
<br />
{{ic|1=-m [number]}} - sets the amount of memory the VM should have.<br />
<br />
{{ic|1=-cpu host, kvm=off}} - emulate the host's exact CPU. {{ic|1=kvm=off}} is used for NVIDIA cards to stop it detecting a hypervisor and therefore exiting with an error.<br />
<br />
{{ic|1=-vga none}} - disables the built in graphics card emulation.<br />
<br />
{{ic|1=-device vfio-pci,host=01:00.0 \}} - graphics card(s) you are using for VGA passthrough.<br />
<br />
{{ic|1=-drive if=flash,format=raw,readonly,file=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd}} BIOS location.<br />
<br />
For more commands see [https://wiki.archlinux.org/index.php/QEMU QEMU.]<br />
<br />
==Create and configure VM for OVMF==<br />
<br />
[http://vfio.blogspot.com/2014/08/primary-graphics-assignment-without-vga.html Alex Williamson's blog]<br />
<br />
Use virsh to edit the VM with these changes:<br />
<br />
{{bc|<nowiki><domain type='kvm'></nowiki>}}<br />
<br />
{{bc|<nowiki><os><br />
<loader readonly='yes' type='pflash'>/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd</loader><br />
<nvram template='/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd'/><br />
</os></nowiki>}}<br />
{{bc|<nowiki><hyperv><br />
<relaxed state='off'/><br />
<vapic state='off'/><br />
<spinlocks state='off'/><br />
</hyperv></nowiki>}}<br />
{{bc|<nowiki><features><br />
<kvm><br />
<hidden state='on'/><br />
</kvm><br />
</features></nowiki>}}<br />
{{bc|<nowiki><clock><br />
<timer name='hypervclock' present='no'/><br />
</clock></nowiki>}}<br />
<br />
==Operating system==<br />
<br />
Depending on your operating system, you may find that it may refuse to boot after a certain point. To work around this, simply replace {{ic|-vga none}} to {{ic|-vga qxl}}, install your operating system, check Device Manager and see if your graphics card has PCI device id equal to your actual GPU and install the graphics card driver, and then change it back to {{ic|-vga none}}.<br />
<br />
==See also==<br />
* [https://bbs.archlinux.org/viewtopic.php?id=162768 Discussion on Arch Linux forums]<br />
* [https://docs.google.com/spreadsheet/ccc?key=0Aryg5nO-kBebdFozaW9tUWdVd2VHM0lvck95TUlpMlE User contributed hardware compatibility list]</div>Avi9526