https://wiki.archlinux.org/api.php?action=feedcontributions&user=Lafleur&feedformat=atomArchWiki - User contributions [en]2024-03-29T02:26:11ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Neovim&diff=724751Neovim2022-03-29T12:16:01Z<p>Lafleur: /* Installation */ add neovim-gtk-git ; fix broken neovim-gtk link</p>
<hr />
<div>[[Category:Text editors]]<br />
[[Category:Console applications]]<br />
[[es:Neovim]]<br />
[[ja:Neovim]]<br />
[[pl:Neovim]]<br />
[[pt:Neovim]]<br />
[https://neovim.io/ Neovim] is a fork of [[Vim]] aiming to improve the codebase, allowing for easier implementation of APIs, improved user experience and plugin implementation.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|neovim}} package, or {{AUR|neovim-git}} for the latest development version, which strongly encourages the use of {{Pkg|lua}} as its main configuration language.<br />
<br />
{{Note|With neovim, some of its features are delegated to external "providers". For Python providers, use {{Pkg|python-pynvim}}.<br />
For clipboard providers, see [https://neovim.io/doc/user/provider.html#provider-clipboard provider-clipboard] or the {{ic|:help provider-clipboard}} neovim command.}}<br />
<br />
It is also possible to install one of [https://github.com/neovim/neovim/wiki/Related-projects many GUIs and other related projects], most of them are in [[official repositories]] or in [[AUR]]:<br />
<br />
* {{Pkg|neovim-qt}}<br />
* {{AUR|neovim-gtk}} or {{AUR|neovim-gtk-git}}<br />
* {{AUR|uivonim-git}}<br />
* {{AUR|neovide-git}}, {{AUR|neovide}} or {{AUR|neovide-bin}}<br />
* {{AUR|neoray-git}}<br />
* {{AUR|gnvim}}<br />
* {{AUR|fvim}}<br />
<br />
== Configuration ==<br />
<br />
Nvim's user-specific configuration file is located at {{ic|$XDG_CONFIG_HOME/nvim/init.vim}}, by default {{ic|~/.config/nvim/init.vim}}. The global configuration file is loaded from {{ic|$XDG_CONFIG_DIRS/nvim/sysinit.vim}} (by default {{ic|/etc/xdg/nvim/sysinit.vim}}) if it exists, or if it does not, from {{ic|/usr/share/nvim/sysinit.vim}} which should not be user-edited. [https://github.com/neovim/neovim/blob/master/runtime/doc/starting.txt#L437] By default, the former global configuration file does not exist. If you create the former file, you may wish to have it source the latter if you still want the functionality it provides, which is allowing pacman-installed vim packages to work with Nvim.<br />
<br />
Nvim is compatible with most of Vim's options, however there are options specific to Nvim. For a complete list of Nvim options, see Neovim's [https://neovim.io/doc/user/options.html help file].<br />
<br />
Nvim's data directory is located in {{ic|~/.local/share/nvim/}} and contains swap for open files, the [https://neovim.io/doc/user/starting.html#shada ShaDa] (Shared Data) file, and the site directory for plugins.<br />
<br />
Starting from Nvim's version 0.5, it is possible to setup Nvim via Lua, by default {{ic|~/.config/nvim/init.lua}}, the API is still young, but common configurations work out-of-the-box without much more steps. See [https://github.com/nanotee/nvim-lua-guide] for suggestions on how to convert your current configuration. At the moment there is is not much of an advantage when using {{ic|init.lua}} vs the common {{ic|init.vim}}, but when correctly done, Lua provides a small improvement in startup times, and it becomes specially useful when using several plugins written in lua, due to ease of configuration.<br />
<br />
=== Migrating from Vim ===<br />
<br />
If you wish to migrate your existing Vim configuration to Nvim, simply copy your {{ic|~/.vimrc}} to {{ic|~/.config/nvim/init.vim}}. If applicable, copy the contents of {{ic|~/.vim/autoload/}} to {{ic|~/.local/share/nvim/site/autoload/}}.<br />
<br />
=== Shared Configuration between Vim and Nvim ===<br />
<br />
Neovim uses {{ic|$XDG_CONFIG_HOME/nvim}} instead of {{ic|~/.vim}} as its main configuration directory and {{ic|$XDG_CONFIG_HOME/nvim/init.vim}} instead of {{ic|~/.vimrc}} as its main configuration file.<br />
<br />
If you wish to continue using Vim and wish to source your existing Vim configuration in Nvim, see [https://neovim.io/doc/user/nvim.html#nvim-from-vim nvim-from-vim] or the {{ic|:help nvim-from-vim}} neovim command.<br />
<br />
==== Loading plugins ====<br />
<br />
Vim/Nvim plugins installed from [[official repositories]] or [[AUR]] get automatically sourced by {{ic|/etc/xdg/nvim/sysinit.vim}}, so there is no need to take any extra steps. A vast amount of plugins can be found on both places, but the most recommended way to add plugins is by using a plugin manager, most commonly used are [https://github.com/junegunn/vim-plug vim-plug] which works for both Vim and Nvim, and [https://github.com/wbthomason/packer.nvim packer] which only works on Nvim 0.5 or newer and is written in lua. Both of them allow for expressive configurations, ranging from github branch to runtime commands.<br />
<br />
Most plugins written for vim work without much effort on Nvim, but not every plugin written for Nvim works for Vim, so if your intention is to ensure a compatible configuration, stick to a traditional {{ic|init.vim}} or {{ic|.vimrc}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== Replacing vi and vim with neovim ===<br />
<br />
Setting {{ic|$VISUAL}} and {{ic|$EDITOR}} [[environment variables]] should be sufficient in most cases. <br />
<br />
Some applications may hardcode vi or vim as default editor, to use ''neovim'' in their place, install {{AUR|neovim-symlinks}} or {{AUR|neovim-drop-in}}.<br />
<br />
=== Symlinking init.vim to .vimrc ===<br />
<br />
As neovim is mostly compatible with standard vim, you can symlink {{ic|nvim/init.vim}} to your old {{ic|.vimrc}} to keep old configuration options:<br />
<br />
$ ln -s ~/.vimrc ~/.config/nvim/init.vim<br />
<br />
If you want some lines to be specific to each version, you can use an {{ic|if}} block in your {{ic|.vimrc}} file:<br />
<br />
if has('nvim')<br />
" Neovim specific commands<br />
else<br />
" Standard vim specific commands<br />
endif<br />
<br />
=== Adding true color support to neovim ===<br />
<br />
The {{ic|READMEs}} of [https://github.com/CarloWood/neovim-true-color-scheme-editor this project] explain how to add 24-bits "True Color" support to your syntax highlighting and how to use a color picker to see how it looks in real-time. Comes with the syntax highlighting of the author (if installed) for C++.<br />
<br />
=== Language Server Protocol ===<br />
<br />
Neovim contains a built-in [https://microsoft.github.io/language-server-protocol Language Server Protocol] client and the [https://github.com/neovim/nvim-lspconfig nvim-lspconfig] plugin provides common configurations for it.<br />
<br />
Language servers can be installed natively using the following packages:<br />
<br />
{| class="wikitable"<br />
! LSP config<br />
! Language<br />
! LSP server package<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#als als]<br />
| Ada/SPARK<br />
| {{AUR|ada_language_server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#angularls angularls]<br />
| Angular<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#bashls bashls]<br />
| BASH<br />
| {{Pkg|bash-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ccls ccls]<br />
| C, C++, Objective-C<br />
| {{Pkg|ccls}} {{AUR|ccls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clangd clangd]<br />
| C++<br />
| {{Pkg|clang}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clojure_lsp clojure_lsp]<br />
| Clojure<br />
| {{AUR|clojure-lsp-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cmake cmake]<br />
| CMake<br />
| {{AUR|cmake-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#codeqlls codeqlls]<br />
| CodeQL<br />
| {{AUR|codeql}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cssls cssls]<br />
| CSS, LESS, SASS<br />
| {{Pkg|vscode-css-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dartls dartls]<br />
| Dart<br />
| {{Pkg|dart}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols denols]<br />
| JavaScript, TypeScript<br />
| {{Pkg|deno}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dhall_lsp_server dhall_lsp_server]<br />
| Dhall<br />
| {{Pkg|dhall-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#diagnosticls diagnosticls]<br />
| General purpose<br />
| {{AUR|diagnostic-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dockerls dockerls]<br />
| Dockerfile<br />
| {{AUR|dockerfile-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#efm efm]<br />
| General purpose<br />
| {{Pkg|efm-langserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elixirls elixirls]<br />
| Elixir<br />
| {{AUR|elixir-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elmls elmls]<br />
| Elm<br />
| {{AUR|elm-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#erlangls erlangls]<br />
| Erlang<br />
| {{AUR|erlang_ls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#flow flow]<br />
| Flow<br />
| {{AUR|flow}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fortls fortls]<br />
| Fortran<br />
| {{AUR|fortran-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fsautocomplete fsautocomplete]<br />
| F#<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gdscript gdscript]<br />
| GDScript<br />
| {{Pkg|godot}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ghcide ghcide]<br />
| Haskell<br />
| {{AUR|ghcide}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gopls gopls]<br />
| GOlang<br />
| {{Pkg|gopls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#graphql graphql]<br />
| GraphQL<br />
| {{AUR|graphql-lsp}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#groovyls groovyls]<br />
| Groovy<br />
| {{AUR|groovy-language-server-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#haxe_language_server haxe_language_server]<br />
| Haxe<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hie hie]<br />
| Haskell<br />
| {{AUR|haskell-ide-engine}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hls hls]<br />
| Haskell<br />
| {{Pkg|haskell-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html html]<br />
| HTML<br />
| {{Pkg|vscode-html-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#intelephense intelephense]<br />
| PHP<br />
| {{AUR|nodejs-intelephense}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#java_language_server java_language_server]<br />
| Java<br />
| {{AUR|java-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jdtls jdtls]<br />
| Java<br />
| {{AUR|jdtls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jedi_language_server jedi_language_server]<br />
| Python<br />
| {{Pkg|jedi-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jsonls jsonls]<br />
| JSON<br />
| {{Pkg|vscode-json-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#julials julials]<br />
| Julia<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#kotlin_language_server kotlin_language_server]<br />
| Kotlin<br />
| {{AUR|kotlin-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#leanls leanls]<br />
| Lean<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#metals metals]<br />
| Scala<br />
| {{AUR|metals}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#nimls nimls]<br />
| Nim<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamlls ocamlls]<br />
| OCaml, Reason<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamllsp ocamllsp]<br />
| OCaml, Reason<br />
| {{AUR|ocaml-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#omnisharp omnisharp]<br />
| OmniSharp<br />
| {{AUR|omnisharp-roslyn}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#perlls perlls]<br />
| Perl<br />
| {{AUR|perl-perl-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#phpactor phpactor]<br />
| PHP<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#powershell_es powershell_es]<br />
| PowerShell<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#purescriptls purescriptls]<br />
| PureScript<br />
| {{AUR|purescript-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pylsp pylsp]<br />
| Python<br />
| {{Pkg|python-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pyright pyright]<br />
| Python<br />
| {{Pkg|pyright}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#r_language_server r_language_server]<br />
| R<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#racket_langserver racket_langserver]<br />
| Racket<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rescriptls rescriptls]<br />
| ReScript<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rls rls]<br />
| Rust<br />
| {{AUR|rls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rnix rnix]<br />
| nix<br />
| {{AUR|rnix-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rome rome]<br />
| Rome<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rust_analyzer rust_analyzer]<br />
| Rust<br />
| {{Pkg|rust-analyzer}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#scry scry]<br />
| Crystal<br />
| {{AUR|scry-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#solargraph solargraph]<br />
| Ruby<br />
| {{AUR|ruby-solargraph}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sorbet sorbet]<br />
| Ruby<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sourcekit sourcekit]<br />
| C, C++, Objective-C<br />
| {{AUR|swift-language}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqlls sqlls]<br />
| SQL<br />
| {{AUR|sql-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqls sqls]<br />
| SQL<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#stylelint_lsp stylelint_lsp]<br />
| stylelint<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sumneko_lua sumneko_lua]<br />
| Lua<br />
| {{Pkg|lua-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svelte svelte]<br />
| Svelte<br />
| {{AUR|nodejs-svelte-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svls svls]<br />
| SystemVerilog<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#terraformls terraformls]<br />
| Terraform<br />
| {{AUR|terraform-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#texlab texlab]<br />
| (La)TeX<br />
| {{Pkg|texlab}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tflint tflint]<br />
| Terraform<br />
| {{AUR|tflint}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tsserver tsserver]<br />
| TypeScript<br />
| {{AUR|typescript-language-server-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vala_ls vala_ls]<br />
| Vala<br />
| {{AUR|vala-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vimls vimls]<br />
| Vim<br />
| {{AUR|vim-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vls vls]<br />
| V<br />
| <br />
|-<br />
| [https://github.com/johnsoncodehk/volar/tree/master/packages/vue-language-server volar]<br />
| Vue 3<br />
| {{AUR|volar-server-bin}}<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vuels vuels]<br />
| Vue 2<br />
| {{AUR|nodejs-vls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#yamlls yamlls]<br />
| YAML<br />
| {{Pkg|yaml-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zeta_note zeta_note]<br />
| Markdown<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zls zls]<br />
| Zig<br />
| {{AUR|zls-bin}}<br />
|}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Cursor is not restored to previous state after exit ===<br />
<br />
If after exiting neovim cursor is still blinking see solution on [https://github.com/neovim/neovim/wiki/FAQ#cursor-style-isnt-restored-after-exiting-nvim neovim FAQ].<br />
<br />
== See also ==<br />
<br />
* [https://github.com/neovim/neovim Github repository]<br />
* [https://github.com/neovim/neovim/wiki Github wiki]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Neovim&diff=724750Neovim2022-03-29T12:14:32Z<p>Lafleur: /* Installation */ Add nvim-gtk to the list of GUIs; sort ABS packages before AUR ones</p>
<hr />
<div>[[Category:Text editors]]<br />
[[Category:Console applications]]<br />
[[es:Neovim]]<br />
[[ja:Neovim]]<br />
[[pl:Neovim]]<br />
[[pt:Neovim]]<br />
[https://neovim.io/ Neovim] is a fork of [[Vim]] aiming to improve the codebase, allowing for easier implementation of APIs, improved user experience and plugin implementation.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|neovim}} package, or {{AUR|neovim-git}} for the latest development version, which strongly encourages the use of {{Pkg|lua}} as its main configuration language.<br />
<br />
{{Note|With neovim, some of its features are delegated to external "providers". For Python providers, use {{Pkg|python-pynvim}}.<br />
For clipboard providers, see [https://neovim.io/doc/user/provider.html#provider-clipboard provider-clipboard] or the {{ic|:help provider-clipboard}} neovim command.}}<br />
<br />
It is also possible to install one of [https://github.com/neovim/neovim/wiki/Related-projects many GUIs and other related projects], most of them are in [[official repositories]] or in [[AUR]]:<br />
<br />
* {{Pkg|neovim-gtk}}<br />
* {{Pkg|neovim-qt}}<br />
* {{AUR|uivonim-git}}<br />
* {{AUR|neovide-git}}, {{AUR|neovide}} or {{AUR|neovide-bin}}<br />
* {{AUR|neoray-git}}<br />
* {{AUR|gnvim}}<br />
* {{AUR|fvim}}<br />
<br />
== Configuration ==<br />
<br />
Nvim's user-specific configuration file is located at {{ic|$XDG_CONFIG_HOME/nvim/init.vim}}, by default {{ic|~/.config/nvim/init.vim}}. The global configuration file is loaded from {{ic|$XDG_CONFIG_DIRS/nvim/sysinit.vim}} (by default {{ic|/etc/xdg/nvim/sysinit.vim}}) if it exists, or if it does not, from {{ic|/usr/share/nvim/sysinit.vim}} which should not be user-edited. [https://github.com/neovim/neovim/blob/master/runtime/doc/starting.txt#L437] By default, the former global configuration file does not exist. If you create the former file, you may wish to have it source the latter if you still want the functionality it provides, which is allowing pacman-installed vim packages to work with Nvim.<br />
<br />
Nvim is compatible with most of Vim's options, however there are options specific to Nvim. For a complete list of Nvim options, see Neovim's [https://neovim.io/doc/user/options.html help file].<br />
<br />
Nvim's data directory is located in {{ic|~/.local/share/nvim/}} and contains swap for open files, the [https://neovim.io/doc/user/starting.html#shada ShaDa] (Shared Data) file, and the site directory for plugins.<br />
<br />
Starting from Nvim's version 0.5, it is possible to setup Nvim via Lua, by default {{ic|~/.config/nvim/init.lua}}, the API is still young, but common configurations work out-of-the-box without much more steps. See [https://github.com/nanotee/nvim-lua-guide] for suggestions on how to convert your current configuration. At the moment there is is not much of an advantage when using {{ic|init.lua}} vs the common {{ic|init.vim}}, but when correctly done, Lua provides a small improvement in startup times, and it becomes specially useful when using several plugins written in lua, due to ease of configuration.<br />
<br />
=== Migrating from Vim ===<br />
<br />
If you wish to migrate your existing Vim configuration to Nvim, simply copy your {{ic|~/.vimrc}} to {{ic|~/.config/nvim/init.vim}}. If applicable, copy the contents of {{ic|~/.vim/autoload/}} to {{ic|~/.local/share/nvim/site/autoload/}}.<br />
<br />
=== Shared Configuration between Vim and Nvim ===<br />
<br />
Neovim uses {{ic|$XDG_CONFIG_HOME/nvim}} instead of {{ic|~/.vim}} as its main configuration directory and {{ic|$XDG_CONFIG_HOME/nvim/init.vim}} instead of {{ic|~/.vimrc}} as its main configuration file.<br />
<br />
If you wish to continue using Vim and wish to source your existing Vim configuration in Nvim, see [https://neovim.io/doc/user/nvim.html#nvim-from-vim nvim-from-vim] or the {{ic|:help nvim-from-vim}} neovim command.<br />
<br />
==== Loading plugins ====<br />
<br />
Vim/Nvim plugins installed from [[official repositories]] or [[AUR]] get automatically sourced by {{ic|/etc/xdg/nvim/sysinit.vim}}, so there is no need to take any extra steps. A vast amount of plugins can be found on both places, but the most recommended way to add plugins is by using a plugin manager, most commonly used are [https://github.com/junegunn/vim-plug vim-plug] which works for both Vim and Nvim, and [https://github.com/wbthomason/packer.nvim packer] which only works on Nvim 0.5 or newer and is written in lua. Both of them allow for expressive configurations, ranging from github branch to runtime commands.<br />
<br />
Most plugins written for vim work without much effort on Nvim, but not every plugin written for Nvim works for Vim, so if your intention is to ensure a compatible configuration, stick to a traditional {{ic|init.vim}} or {{ic|.vimrc}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== Replacing vi and vim with neovim ===<br />
<br />
Setting {{ic|$VISUAL}} and {{ic|$EDITOR}} [[environment variables]] should be sufficient in most cases. <br />
<br />
Some applications may hardcode vi or vim as default editor, to use ''neovim'' in their place, install {{AUR|neovim-symlinks}} or {{AUR|neovim-drop-in}}.<br />
<br />
=== Symlinking init.vim to .vimrc ===<br />
<br />
As neovim is mostly compatible with standard vim, you can symlink {{ic|nvim/init.vim}} to your old {{ic|.vimrc}} to keep old configuration options:<br />
<br />
$ ln -s ~/.vimrc ~/.config/nvim/init.vim<br />
<br />
If you want some lines to be specific to each version, you can use an {{ic|if}} block in your {{ic|.vimrc}} file:<br />
<br />
if has('nvim')<br />
" Neovim specific commands<br />
else<br />
" Standard vim specific commands<br />
endif<br />
<br />
=== Adding true color support to neovim ===<br />
<br />
The {{ic|READMEs}} of [https://github.com/CarloWood/neovim-true-color-scheme-editor this project] explain how to add 24-bits "True Color" support to your syntax highlighting and how to use a color picker to see how it looks in real-time. Comes with the syntax highlighting of the author (if installed) for C++.<br />
<br />
=== Language Server Protocol ===<br />
<br />
Neovim contains a built-in [https://microsoft.github.io/language-server-protocol Language Server Protocol] client and the [https://github.com/neovim/nvim-lspconfig nvim-lspconfig] plugin provides common configurations for it.<br />
<br />
Language servers can be installed natively using the following packages:<br />
<br />
{| class="wikitable"<br />
! LSP config<br />
! Language<br />
! LSP server package<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#als als]<br />
| Ada/SPARK<br />
| {{AUR|ada_language_server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#angularls angularls]<br />
| Angular<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#bashls bashls]<br />
| BASH<br />
| {{Pkg|bash-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ccls ccls]<br />
| C, C++, Objective-C<br />
| {{Pkg|ccls}} {{AUR|ccls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clangd clangd]<br />
| C++<br />
| {{Pkg|clang}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clojure_lsp clojure_lsp]<br />
| Clojure<br />
| {{AUR|clojure-lsp-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cmake cmake]<br />
| CMake<br />
| {{AUR|cmake-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#codeqlls codeqlls]<br />
| CodeQL<br />
| {{AUR|codeql}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cssls cssls]<br />
| CSS, LESS, SASS<br />
| {{Pkg|vscode-css-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dartls dartls]<br />
| Dart<br />
| {{Pkg|dart}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols denols]<br />
| JavaScript, TypeScript<br />
| {{Pkg|deno}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dhall_lsp_server dhall_lsp_server]<br />
| Dhall<br />
| {{Pkg|dhall-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#diagnosticls diagnosticls]<br />
| General purpose<br />
| {{AUR|diagnostic-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dockerls dockerls]<br />
| Dockerfile<br />
| {{AUR|dockerfile-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#efm efm]<br />
| General purpose<br />
| {{Pkg|efm-langserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elixirls elixirls]<br />
| Elixir<br />
| {{AUR|elixir-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elmls elmls]<br />
| Elm<br />
| {{AUR|elm-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#erlangls erlangls]<br />
| Erlang<br />
| {{AUR|erlang_ls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#flow flow]<br />
| Flow<br />
| {{AUR|flow}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fortls fortls]<br />
| Fortran<br />
| {{AUR|fortran-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fsautocomplete fsautocomplete]<br />
| F#<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gdscript gdscript]<br />
| GDScript<br />
| {{Pkg|godot}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ghcide ghcide]<br />
| Haskell<br />
| {{AUR|ghcide}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gopls gopls]<br />
| GOlang<br />
| {{Pkg|gopls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#graphql graphql]<br />
| GraphQL<br />
| {{AUR|graphql-lsp}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#groovyls groovyls]<br />
| Groovy<br />
| {{AUR|groovy-language-server-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#haxe_language_server haxe_language_server]<br />
| Haxe<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hie hie]<br />
| Haskell<br />
| {{AUR|haskell-ide-engine}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hls hls]<br />
| Haskell<br />
| {{Pkg|haskell-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html html]<br />
| HTML<br />
| {{Pkg|vscode-html-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#intelephense intelephense]<br />
| PHP<br />
| {{AUR|nodejs-intelephense}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#java_language_server java_language_server]<br />
| Java<br />
| {{AUR|java-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jdtls jdtls]<br />
| Java<br />
| {{AUR|jdtls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jedi_language_server jedi_language_server]<br />
| Python<br />
| {{Pkg|jedi-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jsonls jsonls]<br />
| JSON<br />
| {{Pkg|vscode-json-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#julials julials]<br />
| Julia<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#kotlin_language_server kotlin_language_server]<br />
| Kotlin<br />
| {{AUR|kotlin-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#leanls leanls]<br />
| Lean<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#metals metals]<br />
| Scala<br />
| {{AUR|metals}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#nimls nimls]<br />
| Nim<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamlls ocamlls]<br />
| OCaml, Reason<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamllsp ocamllsp]<br />
| OCaml, Reason<br />
| {{AUR|ocaml-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#omnisharp omnisharp]<br />
| OmniSharp<br />
| {{AUR|omnisharp-roslyn}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#perlls perlls]<br />
| Perl<br />
| {{AUR|perl-perl-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#phpactor phpactor]<br />
| PHP<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#powershell_es powershell_es]<br />
| PowerShell<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#purescriptls purescriptls]<br />
| PureScript<br />
| {{AUR|purescript-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pylsp pylsp]<br />
| Python<br />
| {{Pkg|python-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pyright pyright]<br />
| Python<br />
| {{Pkg|pyright}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#r_language_server r_language_server]<br />
| R<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#racket_langserver racket_langserver]<br />
| Racket<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rescriptls rescriptls]<br />
| ReScript<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rls rls]<br />
| Rust<br />
| {{AUR|rls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rnix rnix]<br />
| nix<br />
| {{AUR|rnix-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rome rome]<br />
| Rome<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rust_analyzer rust_analyzer]<br />
| Rust<br />
| {{Pkg|rust-analyzer}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#scry scry]<br />
| Crystal<br />
| {{AUR|scry-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#solargraph solargraph]<br />
| Ruby<br />
| {{AUR|ruby-solargraph}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sorbet sorbet]<br />
| Ruby<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sourcekit sourcekit]<br />
| C, C++, Objective-C<br />
| {{AUR|swift-language}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqlls sqlls]<br />
| SQL<br />
| {{AUR|sql-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqls sqls]<br />
| SQL<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#stylelint_lsp stylelint_lsp]<br />
| stylelint<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sumneko_lua sumneko_lua]<br />
| Lua<br />
| {{Pkg|lua-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svelte svelte]<br />
| Svelte<br />
| {{AUR|nodejs-svelte-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svls svls]<br />
| SystemVerilog<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#terraformls terraformls]<br />
| Terraform<br />
| {{AUR|terraform-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#texlab texlab]<br />
| (La)TeX<br />
| {{Pkg|texlab}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tflint tflint]<br />
| Terraform<br />
| {{AUR|tflint}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tsserver tsserver]<br />
| TypeScript<br />
| {{AUR|typescript-language-server-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vala_ls vala_ls]<br />
| Vala<br />
| {{AUR|vala-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vimls vimls]<br />
| Vim<br />
| {{AUR|vim-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vls vls]<br />
| V<br />
| <br />
|-<br />
| [https://github.com/johnsoncodehk/volar/tree/master/packages/vue-language-server volar]<br />
| Vue 3<br />
| {{AUR|volar-server-bin}}<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vuels vuels]<br />
| Vue 2<br />
| {{AUR|nodejs-vls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#yamlls yamlls]<br />
| YAML<br />
| {{Pkg|yaml-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zeta_note zeta_note]<br />
| Markdown<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zls zls]<br />
| Zig<br />
| {{AUR|zls-bin}}<br />
|}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Cursor is not restored to previous state after exit ===<br />
<br />
If after exiting neovim cursor is still blinking see solution on [https://github.com/neovim/neovim/wiki/FAQ#cursor-style-isnt-restored-after-exiting-nvim neovim FAQ].<br />
<br />
== See also ==<br />
<br />
* [https://github.com/neovim/neovim Github repository]<br />
* [https://github.com/neovim/neovim/wiki Github wiki]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Neovim&diff=724749Neovim2022-03-29T12:10:40Z<p>Lafleur: /* Language Server Protocol */ Add up-to-date Vue 3 LSP (tested)</p>
<hr />
<div>[[Category:Text editors]]<br />
[[Category:Console applications]]<br />
[[es:Neovim]]<br />
[[ja:Neovim]]<br />
[[pl:Neovim]]<br />
[[pt:Neovim]]<br />
[https://neovim.io/ Neovim] is a fork of [[Vim]] aiming to improve the codebase, allowing for easier implementation of APIs, improved user experience and plugin implementation.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|neovim}} package, or {{AUR|neovim-git}} for the latest development version, which strongly encourages the use of {{Pkg|lua}} as its main configuration language.<br />
<br />
{{Note|With neovim, some of its features are delegated to external "providers". For Python providers, use {{Pkg|python-pynvim}}.<br />
For clipboard providers, see [https://neovim.io/doc/user/provider.html#provider-clipboard provider-clipboard] or the {{ic|:help provider-clipboard}} neovim command.}}<br />
<br />
It is also possible to install one of [https://github.com/neovim/neovim/wiki/Related-projects many GUIs and other related projects], most of them are in [[official repositories]] or in [[AUR]]:<br />
<br />
* {{AUR|uivonim-git}}<br />
* {{AUR|neovide-git}}, {{AUR|neovide}} or {{AUR|neovide-bin}}<br />
* {{Pkg|neovim-qt}}<br />
* {{AUR|neoray-git}}<br />
* {{AUR|gnvim}}<br />
* {{AUR|fvim}}<br />
<br />
== Configuration ==<br />
<br />
Nvim's user-specific configuration file is located at {{ic|$XDG_CONFIG_HOME/nvim/init.vim}}, by default {{ic|~/.config/nvim/init.vim}}. The global configuration file is loaded from {{ic|$XDG_CONFIG_DIRS/nvim/sysinit.vim}} (by default {{ic|/etc/xdg/nvim/sysinit.vim}}) if it exists, or if it does not, from {{ic|/usr/share/nvim/sysinit.vim}} which should not be user-edited. [https://github.com/neovim/neovim/blob/master/runtime/doc/starting.txt#L437] By default, the former global configuration file does not exist. If you create the former file, you may wish to have it source the latter if you still want the functionality it provides, which is allowing pacman-installed vim packages to work with Nvim.<br />
<br />
Nvim is compatible with most of Vim's options, however there are options specific to Nvim. For a complete list of Nvim options, see Neovim's [https://neovim.io/doc/user/options.html help file].<br />
<br />
Nvim's data directory is located in {{ic|~/.local/share/nvim/}} and contains swap for open files, the [https://neovim.io/doc/user/starting.html#shada ShaDa] (Shared Data) file, and the site directory for plugins.<br />
<br />
Starting from Nvim's version 0.5, it is possible to setup Nvim via Lua, by default {{ic|~/.config/nvim/init.lua}}, the API is still young, but common configurations work out-of-the-box without much more steps. See [https://github.com/nanotee/nvim-lua-guide] for suggestions on how to convert your current configuration. At the moment there is is not much of an advantage when using {{ic|init.lua}} vs the common {{ic|init.vim}}, but when correctly done, Lua provides a small improvement in startup times, and it becomes specially useful when using several plugins written in lua, due to ease of configuration.<br />
<br />
=== Migrating from Vim ===<br />
<br />
If you wish to migrate your existing Vim configuration to Nvim, simply copy your {{ic|~/.vimrc}} to {{ic|~/.config/nvim/init.vim}}. If applicable, copy the contents of {{ic|~/.vim/autoload/}} to {{ic|~/.local/share/nvim/site/autoload/}}.<br />
<br />
=== Shared Configuration between Vim and Nvim ===<br />
<br />
Neovim uses {{ic|$XDG_CONFIG_HOME/nvim}} instead of {{ic|~/.vim}} as its main configuration directory and {{ic|$XDG_CONFIG_HOME/nvim/init.vim}} instead of {{ic|~/.vimrc}} as its main configuration file.<br />
<br />
If you wish to continue using Vim and wish to source your existing Vim configuration in Nvim, see [https://neovim.io/doc/user/nvim.html#nvim-from-vim nvim-from-vim] or the {{ic|:help nvim-from-vim}} neovim command.<br />
<br />
==== Loading plugins ====<br />
<br />
Vim/Nvim plugins installed from [[official repositories]] or [[AUR]] get automatically sourced by {{ic|/etc/xdg/nvim/sysinit.vim}}, so there is no need to take any extra steps. A vast amount of plugins can be found on both places, but the most recommended way to add plugins is by using a plugin manager, most commonly used are [https://github.com/junegunn/vim-plug vim-plug] which works for both Vim and Nvim, and [https://github.com/wbthomason/packer.nvim packer] which only works on Nvim 0.5 or newer and is written in lua. Both of them allow for expressive configurations, ranging from github branch to runtime commands.<br />
<br />
Most plugins written for vim work without much effort on Nvim, but not every plugin written for Nvim works for Vim, so if your intention is to ensure a compatible configuration, stick to a traditional {{ic|init.vim}} or {{ic|.vimrc}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== Replacing vi and vim with neovim ===<br />
<br />
Setting {{ic|$VISUAL}} and {{ic|$EDITOR}} [[environment variables]] should be sufficient in most cases. <br />
<br />
Some applications may hardcode vi or vim as default editor, to use ''neovim'' in their place, install {{AUR|neovim-symlinks}} or {{AUR|neovim-drop-in}}.<br />
<br />
=== Symlinking init.vim to .vimrc ===<br />
<br />
As neovim is mostly compatible with standard vim, you can symlink {{ic|nvim/init.vim}} to your old {{ic|.vimrc}} to keep old configuration options:<br />
<br />
$ ln -s ~/.vimrc ~/.config/nvim/init.vim<br />
<br />
If you want some lines to be specific to each version, you can use an {{ic|if}} block in your {{ic|.vimrc}} file:<br />
<br />
if has('nvim')<br />
" Neovim specific commands<br />
else<br />
" Standard vim specific commands<br />
endif<br />
<br />
=== Adding true color support to neovim ===<br />
<br />
The {{ic|READMEs}} of [https://github.com/CarloWood/neovim-true-color-scheme-editor this project] explain how to add 24-bits "True Color" support to your syntax highlighting and how to use a color picker to see how it looks in real-time. Comes with the syntax highlighting of the author (if installed) for C++.<br />
<br />
=== Language Server Protocol ===<br />
<br />
Neovim contains a built-in [https://microsoft.github.io/language-server-protocol Language Server Protocol] client and the [https://github.com/neovim/nvim-lspconfig nvim-lspconfig] plugin provides common configurations for it.<br />
<br />
Language servers can be installed natively using the following packages:<br />
<br />
{| class="wikitable"<br />
! LSP config<br />
! Language<br />
! LSP server package<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#als als]<br />
| Ada/SPARK<br />
| {{AUR|ada_language_server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#angularls angularls]<br />
| Angular<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#bashls bashls]<br />
| BASH<br />
| {{Pkg|bash-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ccls ccls]<br />
| C, C++, Objective-C<br />
| {{Pkg|ccls}} {{AUR|ccls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clangd clangd]<br />
| C++<br />
| {{Pkg|clang}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#clojure_lsp clojure_lsp]<br />
| Clojure<br />
| {{AUR|clojure-lsp-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cmake cmake]<br />
| CMake<br />
| {{AUR|cmake-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#codeqlls codeqlls]<br />
| CodeQL<br />
| {{AUR|codeql}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#cssls cssls]<br />
| CSS, LESS, SASS<br />
| {{Pkg|vscode-css-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dartls dartls]<br />
| Dart<br />
| {{Pkg|dart}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols denols]<br />
| JavaScript, TypeScript<br />
| {{Pkg|deno}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dhall_lsp_server dhall_lsp_server]<br />
| Dhall<br />
| {{Pkg|dhall-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#diagnosticls diagnosticls]<br />
| General purpose<br />
| {{AUR|diagnostic-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#dockerls dockerls]<br />
| Dockerfile<br />
| {{AUR|dockerfile-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#efm efm]<br />
| General purpose<br />
| {{Pkg|efm-langserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elixirls elixirls]<br />
| Elixir<br />
| {{AUR|elixir-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#elmls elmls]<br />
| Elm<br />
| {{AUR|elm-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#erlangls erlangls]<br />
| Erlang<br />
| {{AUR|erlang_ls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#flow flow]<br />
| Flow<br />
| {{AUR|flow}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fortls fortls]<br />
| Fortran<br />
| {{AUR|fortran-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#fsautocomplete fsautocomplete]<br />
| F#<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gdscript gdscript]<br />
| GDScript<br />
| {{Pkg|godot}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ghcide ghcide]<br />
| Haskell<br />
| {{AUR|ghcide}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#gopls gopls]<br />
| GOlang<br />
| {{Pkg|gopls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#graphql graphql]<br />
| GraphQL<br />
| {{AUR|graphql-lsp}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#groovyls groovyls]<br />
| Groovy<br />
| {{AUR|groovy-language-server-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#haxe_language_server haxe_language_server]<br />
| Haxe<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hie hie]<br />
| Haskell<br />
| {{AUR|haskell-ide-engine}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#hls hls]<br />
| Haskell<br />
| {{Pkg|haskell-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html html]<br />
| HTML<br />
| {{Pkg|vscode-html-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#intelephense intelephense]<br />
| PHP<br />
| {{AUR|nodejs-intelephense}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#java_language_server java_language_server]<br />
| Java<br />
| {{AUR|java-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jdtls jdtls]<br />
| Java<br />
| {{AUR|jdtls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jedi_language_server jedi_language_server]<br />
| Python<br />
| {{Pkg|jedi-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#jsonls jsonls]<br />
| JSON<br />
| {{Pkg|vscode-json-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#julials julials]<br />
| Julia<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#kotlin_language_server kotlin_language_server]<br />
| Kotlin<br />
| {{AUR|kotlin-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#leanls leanls]<br />
| Lean<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#metals metals]<br />
| Scala<br />
| {{AUR|metals}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#nimls nimls]<br />
| Nim<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamlls ocamlls]<br />
| OCaml, Reason<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#ocamllsp ocamllsp]<br />
| OCaml, Reason<br />
| {{AUR|ocaml-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#omnisharp omnisharp]<br />
| OmniSharp<br />
| {{AUR|omnisharp-roslyn}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#perlls perlls]<br />
| Perl<br />
| {{AUR|perl-perl-languageserver}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#phpactor phpactor]<br />
| PHP<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#powershell_es powershell_es]<br />
| PowerShell<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#purescriptls purescriptls]<br />
| PureScript<br />
| {{AUR|purescript-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pylsp pylsp]<br />
| Python<br />
| {{Pkg|python-lsp-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#pyright pyright]<br />
| Python<br />
| {{Pkg|pyright}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#r_language_server r_language_server]<br />
| R<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#racket_langserver racket_langserver]<br />
| Racket<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rescriptls rescriptls]<br />
| ReScript<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rls rls]<br />
| Rust<br />
| {{AUR|rls-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rnix rnix]<br />
| nix<br />
| {{AUR|rnix-lsp-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rome rome]<br />
| Rome<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#rust_analyzer rust_analyzer]<br />
| Rust<br />
| {{Pkg|rust-analyzer}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#scry scry]<br />
| Crystal<br />
| {{AUR|scry-git}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#solargraph solargraph]<br />
| Ruby<br />
| {{AUR|ruby-solargraph}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sorbet sorbet]<br />
| Ruby<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sourcekit sourcekit]<br />
| C, C++, Objective-C<br />
| {{AUR|swift-language}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqlls sqlls]<br />
| SQL<br />
| {{AUR|sql-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sqls sqls]<br />
| SQL<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#stylelint_lsp stylelint_lsp]<br />
| stylelint<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#sumneko_lua sumneko_lua]<br />
| Lua<br />
| {{Pkg|lua-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svelte svelte]<br />
| Svelte<br />
| {{AUR|nodejs-svelte-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#svls svls]<br />
| SystemVerilog<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#terraformls terraformls]<br />
| Terraform<br />
| {{AUR|terraform-ls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#texlab texlab]<br />
| (La)TeX<br />
| {{Pkg|texlab}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tflint tflint]<br />
| Terraform<br />
| {{AUR|tflint}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#tsserver tsserver]<br />
| TypeScript<br />
| {{AUR|typescript-language-server-bin}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vala_ls vala_ls]<br />
| Vala<br />
| {{AUR|vala-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vimls vimls]<br />
| Vim<br />
| {{AUR|vim-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vls vls]<br />
| V<br />
| <br />
|-<br />
| [https://github.com/johnsoncodehk/volar/tree/master/packages/vue-language-server volar]<br />
| Vue 3<br />
| {{AUR|volar-server-bin}}<br />
|<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#vuels vuels]<br />
| Vue 2<br />
| {{AUR|nodejs-vls}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#yamlls yamlls]<br />
| YAML<br />
| {{Pkg|yaml-language-server}}<br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zeta_note zeta_note]<br />
| Markdown<br />
| <br />
|-<br />
| [https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#zls zls]<br />
| Zig<br />
| {{AUR|zls-bin}}<br />
|}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Cursor is not restored to previous state after exit ===<br />
<br />
If after exiting neovim cursor is still blinking see solution on [https://github.com/neovim/neovim/wiki/FAQ#cursor-style-isnt-restored-after-exiting-nvim neovim FAQ].<br />
<br />
== See also ==<br />
<br />
* [https://github.com/neovim/neovim Github repository]<br />
* [https://github.com/neovim/neovim/wiki Github wiki]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User_talk:Lafleur/NanoPi_M1&diff=698775User talk:Lafleur/NanoPi M12021-10-11T09:58:14Z<p>Lafleur: typos</p>
<hr />
<div>Hi Lafleur, thanks so much for rescuing my page! I got the email saying it had been edited and excitedly went to see what the change was, only to find myself redirected to the terms of service. With a bit of digging I found the talk page and reading that someone had found my content useful made my day! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
I felt like I was progressing with the project until sadly my NanoPi died - not exactly sure what went wrong but the board wasn't getting any power. Perhaps I'll have a go at fixing it at some point. For anyone interested in updating this documentation (ie. with access to a working board), the Lima driver should be integrated into the mainline kernel, mitigating the need for the binary blob. I'd be curious to know if that works, as it's been nearly five years since I failed to get any GPU output. [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
It seems particularly sad that all this content is being removed from the mainstream wiki - I might try and set up a GitHub pages site or similar as a new repository for some of this content. Might just need to read the license terms though: don't particularly need a repeat of this! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
:I thought about that - maybe the ALARM wiki would link to this page, I think they have a "community ports" section. I have no clue on the GPU questions ; in fact I own a NanoPi NEO, that has no GPU at all. Your howto did the job for it though. BTW if you wished to host the page on your own personal page, I would indeed let you have it and link to it. Also, I managed to have uboot read a btrfs main filesystem by `menuconfig`uring it, works like a charm. I could update the howto when it has definitely settled. What do you say ? [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 09:52, 11 October 2021 (UTC)<br />
<br />
:Just found back my findings on the NanoPi NEO with btrfs ; reproducing it here ATM:<br />
<br />
<br />
I followed "your Archlinux Wiki page" to boot Archlinuxarm on<br />
the Nanopi NEO LTS. This device is very close to the OrangePi. <br />
<br />
I changed one thing : using btrfs for the root filesystem. The boot.cmd was too<br />
complicated, so I wrote simplified-boot.cmd that is in use on my device.<br />
<br />
The boot script build command was :<br />
<br />
mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n "NanoPi NEO Boot Script" -d boot.cmd boot.scr<br />
<br />
The `simplified-boot.cmd` was :<br />
<br />
setenv bootargs console=${console} root=LABEL=nanopi rootflags=subvol=@ rw rootwait<br />
load mmc 0:1 ${kernel_addr_r} /@/boot/zImage<br />
load mmc 0:1 ${fdt_addr_r} /@/boot/dtbs/${fdtfile}<br />
load mmc 0:1 ${ramdisk_addr_r} /@/boot/initramfs-linux.img<br />
bootz ${kernel_addr_r} ${ramdisk_addr_r}:${filesize} ${fdt_addr_r}<br />
<br />
In `./u-boot`, the U-Boot build command was :<br />
<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- nanopi_neo_defconfig<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- menuconfig<br />
[ enable the BTRFS filesystem support ]<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi-<br />
<br />
To flash the resulting boot image, do :<br />
<br />
dd if=u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User_talk:Lafleur/NanoPi_M1&diff=698774User talk:Lafleur/NanoPi M12021-10-11T09:57:47Z<p>Lafleur: add simplified-boot.cmd</p>
<hr />
<div>Hi Lafleur, thanks so much for rescuing my page! I got the email saying it had been edited and excitedly went to see what the change was, only to find myself redirected to the terms of service. With a bit of digging I found the talk page and reading that someone had found my content useful made my day! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
I felt like I was progressing with the project until sadly my NanoPi died - not exactly sure what went wrong but the board wasn't getting any power. Perhaps I'll have a go at fixing it at some point. For anyone interested in updating this documentation (ie. with access to a working board), the Lima driver should be integrated into the mainline kernel, mitigating the need for the binary blob. I'd be curious to know if that works, as it's been nearly five years since I failed to get any GPU output. [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
It seems particularly sad that all this content is being removed from the mainstream wiki - I might try and set up a GitHub pages site or similar as a new repository for some of this content. Might just need to read the license terms though: don't particularly need a repeat of this! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
:I thought about that - maybe the ALARM wiki would link to this page, I think they have a "community ports" section. I have no clue on the GPU questions ; in fact I own a NanoPi NEO, that has no GPU at all. Your howto did the job for it though. BTW if you wished to host the page on your own personal page, I would indeed let you have it and link to it. Also, I managed to have uboot read a btrfs main filesystem by `menuconfig`uring it, works like a charm. I could update the howto when it has definitely settled. What do you say ? [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 09:52, 11 October 2021 (UTC)<br />
<br />
:Just found back my findings on the NanoPi NEO with btrfs ; reproducing it here ATM:<br />
<br />
<br />
I followed "your Archlinux Wiki page" to boot Archlinuxarm on<br />
the Nanopi NEO LTS. This device is very close to the OrangePi. <br />
<br />
I changed one thing : using btrfs for the root filesystem. The boot.cmd was too<br />
complicated, so I wrote simplified-boot.cmd that is in use on my device.<br />
<br />
The boot script build command was :<br />
<br />
mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n "NanoPi NEO Boot Script" -d boot.cmd boot.scr<br />
<br />
The `simplified-boot.cmd` was :<br />
<br />
setenv bootargs console=${console} root=LABEL=nanopi rootflags=subvol=@ rw rootwait<br />
<br />
load mmc 0:1 ${kernel_addr_r} /@/boot/zImage<br />
load mmc 0:1 ${fdt_addr_r} /@/boot/dtbs/${fdtfile}<br />
load mmc 0:1 ${ramdisk_addr_r} /@/boot/initramfs-linux.img<br />
<br />
bootz ${kernel_addr_r} ${ramdisk_addr_r}:${filesize} ${fdt_addr_r}<br />
<br />
In `./u-boot`, the U-Boot build command was :<br />
<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- nanopi_neo_defconfig<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- menuconfig<br />
[ enable the BTRFS filesystem support ]<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi-<br />
<br />
To flash the resulting boot image, do :<br />
<br />
dd if=u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User_talk:Lafleur/NanoPi_M1&diff=698773User talk:Lafleur/NanoPi M12021-10-11T09:55:57Z<p>Lafleur: add info on btrfs under uboot</p>
<hr />
<div>Hi Lafleur, thanks so much for rescuing my page! I got the email saying it had been edited and excitedly went to see what the change was, only to find myself redirected to the terms of service. With a bit of digging I found the talk page and reading that someone had found my content useful made my day! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
I felt like I was progressing with the project until sadly my NanoPi died - not exactly sure what went wrong but the board wasn't getting any power. Perhaps I'll have a go at fixing it at some point. For anyone interested in updating this documentation (ie. with access to a working board), the Lima driver should be integrated into the mainline kernel, mitigating the need for the binary blob. I'd be curious to know if that works, as it's been nearly five years since I failed to get any GPU output. [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
It seems particularly sad that all this content is being removed from the mainstream wiki - I might try and set up a GitHub pages site or similar as a new repository for some of this content. Might just need to read the license terms though: don't particularly need a repeat of this! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
:I thought about that - maybe the ALARM wiki would link to this page, I think they have a "community ports" section. I have no clue on the GPU questions ; in fact I own a NanoPi NEO, that has no GPU at all. Your howto did the job for it though. BTW if you wished to host the page on your own personal page, I would indeed let you have it and link to it. Also, I managed to have uboot read a btrfs main filesystem by `menuconfig`uring it, works like a charm. I could update the howto when it has definitely settled. What do you say ? [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 09:52, 11 October 2021 (UTC)<br />
<br />
:Just found back my findings on the NanoPi NEO with btrfs ; reproducing it here ATM:<br />
<br />
I followed "your Archlinux Wiki page" to boot Archlinuxarm on<br />
the Nanopi NEO LTS. This device is very close to the OrangePi. <br />
<br />
I changed one thing : using btrfs for the root filesystem. The boot.cmd was too<br />
complicated, so I wrote simplified-boot.cmd that is in use on my device.<br />
<br />
The boot script build command was :<br />
<br />
mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n "NanoPi NEO Boot Script" -d boot.cmd boot.scr<br />
<br />
In `./u-boot`, the U-Boot build command was :<br />
<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- nanopi_neo_defconfig<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- menuconfig<br />
[ enable the BTRFS filesystem support ]<br />
make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi-<br />
<br />
To flash the resulting boot image, do :<br />
<br />
dd if=u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User_talk:Lafleur/NanoPi_M1&diff=698772User talk:Lafleur/NanoPi M12021-10-11T09:52:33Z<p>Lafleur: discuss final destination of this howto</p>
<hr />
<div>Hi Lafleur, thanks so much for rescuing my page! I got the email saying it had been edited and excitedly went to see what the change was, only to find myself redirected to the terms of service. With a bit of digging I found the talk page and reading that someone had found my content useful made my day! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
I felt like I was progressing with the project until sadly my NanoPi died - not exactly sure what went wrong but the board wasn't getting any power. Perhaps I'll have a go at fixing it at some point. For anyone interested in updating this documentation (ie. with access to a working board), the Lima driver should be integrated into the mainline kernel, mitigating the need for the binary blob. I'd be curious to know if that works, as it's been nearly five years since I failed to get any GPU output. [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
It seems particularly sad that all this content is being removed from the mainstream wiki - I might try and set up a GitHub pages site or similar as a new repository for some of this content. Might just need to read the license terms though: don't particularly need a repeat of this! [[User:Ls256|Ls256]] ([[User talk:Ls256|talk]]) 06:44, 10 October 2021 (UTC)<br />
<br />
:I thought about that - maybe the ALARM wiki would link to this page, I think they have a "community ports" section. I have no clue on the GPU questions ; in fact I own a NanoPi NEO, that has no GPU at all. Your howto did the job for it though. BTW if you wished to host the page on your own personal page, I would indeed let you have it and link to it. Also, I managed to have uboot read a btrfs main filesystem by `menuconfig`uring it, works like a charm. I could update the howto when it has definitely settled. What do you say ? [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 09:52, 11 October 2021 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur&diff=698659User:Lafleur2021-10-09T10:50:43Z<p>Lafleur: link to NanoPi_M1 subpage</p>
<hr />
<div>One more Arch and ArchWiki user ! I'm not contributing a lot, mostly because I focus on useful contributions, which is (in my humble opinion) a very difficult task. Please feel free to comment on my contributions (or anything else about me) in my [[User_talk:lafleur|User talk]] page.<br />
<br />
I recently added [[User:lafleur/NanoPi_M1|an installation HowTo on the NanoPi M1]] to keep it safe because it is deemed irrelevant to the Arch wiki. Be my guest !</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Category_talk:ARM_architecture&diff=698552Category talk:ARM architecture2021-10-07T23:53:17Z<p>Lafleur: tell I copied the NanoPi_M1's page from the main wiki</p>
<hr />
<div>== Remove all ARM related pages (second attempt) ==<br />
<br />
I think it's time to stop allowing ARM related content in the wiki. The ARM architecture is not supported by Arch Linux, so they do not belong here.<br />
<br />
ALARM has their own wiki which has now existed for more than 5 years, so the excuse that it's just starting out does not work anymore. Even if these devices are not supported by ALARM, it should not be our problem, since they're also not supported by Arch Linux.<br />
<br />
I propose redirecting all pages in [[:Category:ARM architecture]] and [[:Category:ARM architecture]] itself to [[archlinux-service-agreements:code-of-conduct#arch-linux-distribution-support-only]]. Or alternatively, they could be moved to user pages of the users who created them.<br />
<br />
-- [[User:nl6720|nl6720]] ([[User talk:nl6720|talk]]) 07:33, 6 April 2021 (UTC)<br />
<br />
:I support this. My only argument against is that it would be lost documentation, which is in the wrong place anyways, but this is easily solved by moving them to user pages instead.<br />
:-- [[User:NetSysFire|NetSysFire]] ([[User talk:NetSysFire|talk]]) 09:18, 6 April 2021 (UTC)<br />
<br />
::Agreed, let's just get rid of it. There's been more than sufficient time to merge relevant information to the ALARM wiki. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 10:16, 5 October 2021 (UTC)<br />
::Flagged all the pages. Now we should decide what to do with the (content in the) category page itself. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 10:21, 5 October 2021 (UTC)<br />
<br />
:I must say I found invaluable information on these pages to run Arch on my ARMv7 server. I would gladly host [[NanoPi_M1]] on my user page if nobody claims it. I guess a page on the ALARM wiki would still be the best solution, but I'm afraid they won't host them - their wiki claims to only have pages for supported hardware, and the NanoPi_M1 isn't among those. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 19:28, 5 October 2021 (UTC)<br />
<br />
::I'll redirect that article to your user page then if you're willing to maintain it there. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 08:33, 6 October 2021 (UTC)<br />
<br />
:::[[Help:Style#User pages]] says they must not be targets of redirects of other namespaces.<br />
:::-- [[User:NetSysFire|NetSysFire]] ([[User talk:NetSysFire|talk]]) 07:35, 7 October 2021 (UTC)<br />
<br />
::::Guess I'll just move it without leaving a redirect then, and add a redirect to [[archlinux-service-agreements:code-of-conduct#arch-linux-distribution-support-only]] after that... -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 09:31, 7 October 2021 (UTC)<br />
<br />
::I copied the page [[User:lafleur/NanoPi_M1|to my user page]] and added an incipit. I just wonder how anyone will be able to find it there then. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 23:53, 7 October 2021 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/NanoPi_M1&diff=698551User:Lafleur/NanoPi M12021-10-07T23:45:18Z<p>Lafleur: Add an intro note on how the page arrived here and who created it</p>
<hr />
<div>[[Category:ARM architecture]]<br />
[[ja:NanoPi M1]]<br />
<br />
{{Note|The device is not officially supported neither by Archlinux or by the ALARM project, i.e. please refrain from submitting patches, feature requests or bug reports for it.}}<br />
<br />
{{Note|This page was apparently created by [[User:Ls256|Ls256]] on the main Arch wiki ; I'm copying it here before it gets wiped from the wiki. I did use it to successfully install Arch linux on this hardware. Ls256 said they were still trying to figure the graphics components support. Anyone with background on this is welcome to modify the page accordingly.}}<br />
<br />
The NanoPi M1 is a small, arm-based computer. It contains an Allwinner H3 processor and either 512 or 1024 MB of RAM.<br />
This article is strongly based on Orange Pi.<br />
<br />
== Create the base system ==<br />
<br />
This NanoPi M1 boots from a single ext4 partition, imaged with Das U-Boot.<br />
An ArchLinuxArm RootFS can then be downloaded to the card.<br />
<br />
=== Create development environment ===<br />
<br />
Create a directory system to store the development files:<br />
<br />
$ mkdir -p nanopi_arch/mnt<br />
<br />
=== Partition, format and mount SD card ===<br />
<br />
Use fdisk to partition the SD card, and use {{ic|mkfs.ext4 -O ^metadata_csum,^64bit /dev/sdX1}} to format it.<br />
The mount the card with:<br />
# mount /dev/sdX1 mnt<br />
<br />
=== Install ArchLinuxArm RootFS ===<br />
<br />
Download the RootFS from ArchLinuxArm's website:<br />
$ wget https://archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz<br />
Extract the RootFS to the SD card:<br />
# bsdtar -xpf ArchLinuxARM-armv7-latest.tar.gz -C mnt/<br />
# sync<br />
<br />
=== Configure U-Boot ===<br />
<br />
Create a file with the following boot script:<br />
{{hc|boot.cmd|<nowiki><br />
part uuid ${devtype} ${devnum}:${bootpart} uuid<br />
setenv bootargs console=${console} root=PARTUUID=${uuid} rw rootwait<br />
<br />
if load ${devtype} ${devnum}:${bootpart} ${kernel_addr_r} /boot/zImage; then<br />
if load ${devtype} ${devnum}:${bootpart} ${fdt_addr_r} /boot/dtbs/${fdtfile}; then<br />
if load ${devtype} ${devnum}:${bootpart} ${ramdisk_addr_r} /boot/initramfs-linux.img; then<br />
bootz ${kernel_addr_r} ${ramdisk_addr_r}:${filesize} ${fdt_addr_r};<br />
else<br />
bootz ${kernel_addr_r} - ${fdt_addr_r};<br />
fi;<br />
fi;<br />
fi<br />
<br />
if load ${devtype} ${devnum}:${bootpart} 0x48000000 /boot/uImage; then<br />
if load ${devtype} ${devnum}:${bootpart} 0x43000000 /boot/script.bin; then<br />
setenv bootm_boot_mode sec;<br />
bootm 0x48000000;<br />
fi;<br />
fi</nowiki>}}<br />
Compile it and write it to the SD-card using the package {{Pkg|uboot-tools}}:<br />
# mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n "NanoPi M1 Boot Script" -d boot.cmd mnt/boot/boot.scr<br />
<br />
=== Unmount the SD Card ===<br />
<br />
# umount mnt<br />
<br />
=== Install U-Boot ===<br />
<br />
Install {{Pkg|swig}} package.<br />
Clone U-Boot from the offical git repository:<br />
$ git clone https://git.denx.de/u-boot.git<br />
Checkout to latest stable tag e.g.: v2019.04<br />
$ git checkout tags/v2019.04<br />
The NanoPi shares many similarities with the OrangePi PC, so use this as the target until better support is available. Build U-Boot:<br />
$ cd u-boot<br />
$ make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- nanopi_m1_defconfig<br />
$ make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi-<br />
This process should have generated an image called {{ic|u-boot-sunxi-with-spl.bin}}. Write this to your SD card:<br />
# dd if=u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8<br />
$ cd ..<br />
<br />
== Configure the base system ==<br />
<br />
=== Boot the NanoPi ===<br />
<br />
Apply 5V power to the NanoPi. It should boot successfully. If not, then attach the UART serial debugger as shown [https://linux-sunxi.org/FriendlyARM_NanoPi_M1#Locating_the_UART here] and [[Working_with_the_serial_console|here]].<br />
<br />
Login over SSH with {{ic|alarm/alarm}}.<br />
<br />
Root password: {{ic|root}}.<br />
<br />
=== Configure Linux ===<br />
<br />
First, SSH into the machine and change the root password.<br />
<br />
# passwd<br />
<br />
You must install the base-devel group as well as Git in order to continue.<br />
Do this and update the Linux system using:<br />
<br />
# pacman -Syu base-devel git<br />
<br />
=== Open Source Mali driver (lima) ===<br />
<br />
Since linux 5.2 lima drm driver was merged in the mainline kernel.<br />
<br />
# pacman -Syu linux-armv7-rc<br />
<br />
=== Mali Binary driver ===<br />
<br />
Now you should download and install the drivers for the Mali graphics card inside the SoC.<br />
<br />
# git clone https://github.com/mripard/sunxi-mali.git<br />
# cd sunxi-mali<br />
# export CROSS_COMPILE=$TOOLCHAIN_PREFIX<br />
# export KDIR=$KERNEL_BUILD_DIR<br />
# export INSTALL_MOD_PATH=$TARGET_DIR<br />
# ./build.sh -r r6p2 -b<br />
# ./build.sh -r r6p2 -i<br />
<br />
Finally, install the UserSpace blobs from arm using these commands:<br />
<br />
# git clone https://github.com/free-electrons/mali-blobs.git<br />
# cd mali-blobs<br />
# cp -a r6p2/fbdev/lib/lib_fb_dev/lib* $TARGET_DIR/usr/lib</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/NanoPi_M1&diff=698550User:Lafleur/NanoPi M12021-10-07T23:39:24Z<p>Lafleur: Copy of the NanoPi_M1 page from the wiki before it gets dumped</p>
<hr />
<div>[[Category:ARM architecture]]<br />
[[ja:NanoPi M1]]<br />
<br />
{{Expansion|Graphics is still to be documented.}}<br />
<br />
{{Note|The device is not officially supported neither by Archlinux or by the ALARM project, i.e. please refrain from submitting patches, feature requests or bug reports for it.}}<br />
<br />
The NanoPi M1 is a small, arm-based computer. It contains an Allwinner H3 processor and either 512 or 1024 MB of RAM.<br />
This article is strongly based on Orange Pi.<br />
<br />
== Create the base system ==<br />
<br />
This NanoPi M1 boots from a single ext4 partition, imaged with Das U-Boot.<br />
An ArchLinuxArm RootFS can then be downloaded to the card.<br />
<br />
=== Create development environment ===<br />
<br />
Create a directory system to store the development files:<br />
<br />
$ mkdir -p nanopi_arch/mnt<br />
<br />
=== Partition, format and mount SD card ===<br />
<br />
Use fdisk to partition the SD card, and use {{ic|mkfs.ext4 -O ^metadata_csum,^64bit /dev/sdX1}} to format it.<br />
The mount the card with:<br />
# mount /dev/sdX1 mnt<br />
<br />
=== Install ArchLinuxArm RootFS ===<br />
<br />
Download the RootFS from ArchLinuxArm's website:<br />
$ wget https://archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz<br />
Extract the RootFS to the SD card:<br />
# bsdtar -xpf ArchLinuxARM-armv7-latest.tar.gz -C mnt/<br />
# sync<br />
<br />
=== Configure U-Boot ===<br />
<br />
Create a file with the following boot script:<br />
{{hc|boot.cmd|<nowiki><br />
part uuid ${devtype} ${devnum}:${bootpart} uuid<br />
setenv bootargs console=${console} root=PARTUUID=${uuid} rw rootwait<br />
<br />
if load ${devtype} ${devnum}:${bootpart} ${kernel_addr_r} /boot/zImage; then<br />
if load ${devtype} ${devnum}:${bootpart} ${fdt_addr_r} /boot/dtbs/${fdtfile}; then<br />
if load ${devtype} ${devnum}:${bootpart} ${ramdisk_addr_r} /boot/initramfs-linux.img; then<br />
bootz ${kernel_addr_r} ${ramdisk_addr_r}:${filesize} ${fdt_addr_r};<br />
else<br />
bootz ${kernel_addr_r} - ${fdt_addr_r};<br />
fi;<br />
fi;<br />
fi<br />
<br />
if load ${devtype} ${devnum}:${bootpart} 0x48000000 /boot/uImage; then<br />
if load ${devtype} ${devnum}:${bootpart} 0x43000000 /boot/script.bin; then<br />
setenv bootm_boot_mode sec;<br />
bootm 0x48000000;<br />
fi;<br />
fi</nowiki>}}<br />
Compile it and write it to the SD-card using the package {{Pkg|uboot-tools}}:<br />
# mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n "NanoPi M1 Boot Script" -d boot.cmd mnt/boot/boot.scr<br />
<br />
=== Unmount the SD Card ===<br />
<br />
# umount mnt<br />
<br />
=== Install U-Boot ===<br />
<br />
Install {{Pkg|swig}} package.<br />
Clone U-Boot from the offical git repository:<br />
$ git clone https://git.denx.de/u-boot.git<br />
Checkout to latest stable tag e.g.: v2019.04<br />
$ git checkout tags/v2019.04<br />
The NanoPi shares many similarities with the OrangePi PC, so use this as the target until better support is available. Build U-Boot:<br />
$ cd u-boot<br />
$ make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi- nanopi_m1_defconfig<br />
$ make -j4 ARCH=arm CROSS_COMPILE=arm-none-eabi-<br />
This process should have generated an image called {{ic|u-boot-sunxi-with-spl.bin}}. Write this to your SD card:<br />
# dd if=u-boot-sunxi-with-spl.bin of=/dev/sdX bs=1024 seek=8<br />
$ cd ..<br />
<br />
== Configure the base system ==<br />
<br />
=== Boot the NanoPi ===<br />
<br />
Apply 5V power to the NanoPi. It should boot successfully. If not, then attach the UART serial debugger as shown [https://linux-sunxi.org/FriendlyARM_NanoPi_M1#Locating_the_UART here] and [[Working_with_the_serial_console|here]].<br />
<br />
Login over SSH with {{ic|alarm/alarm}}.<br />
<br />
Root password: {{ic|root}}.<br />
<br />
=== Configure Linux ===<br />
<br />
First, SSH into the machine and change the root password.<br />
<br />
# passwd<br />
<br />
You must install the base-devel group as well as Git in order to continue.<br />
Do this and update the Linux system using:<br />
<br />
# pacman -Syu base-devel git<br />
<br />
=== Open Source Mali driver (lima) ===<br />
<br />
Since linux 5.2 lima drm driver was merged in the mainline kernel.<br />
<br />
# pacman -Syu linux-armv7-rc<br />
<br />
=== Mali Binary driver ===<br />
<br />
Now you should download and install the drivers for the Mali graphics card inside the SoC.<br />
<br />
# git clone https://github.com/mripard/sunxi-mali.git<br />
# cd sunxi-mali<br />
# export CROSS_COMPILE=$TOOLCHAIN_PREFIX<br />
# export KDIR=$KERNEL_BUILD_DIR<br />
# export INSTALL_MOD_PATH=$TARGET_DIR<br />
# ./build.sh -r r6p2 -b<br />
# ./build.sh -r r6p2 -i<br />
<br />
Finally, install the UserSpace blobs from arm using these commands:<br />
<br />
# git clone https://github.com/free-electrons/mali-blobs.git<br />
# cd mali-blobs<br />
# cp -a r6p2/fbdev/lib/lib_fb_dev/lib* $TARGET_DIR/usr/lib</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Category_talk:ARM_architecture&diff=698371Category talk:ARM architecture2021-10-05T19:28:49Z<p>Lafleur: give my opinion</p>
<hr />
<div>== Remove all ARM related pages (second attempt) ==<br />
<br />
I think it's time to stop allowing ARM related content in the wiki. The ARM architecture is not supported by Arch Linux, so they do not belong here.<br />
<br />
ALARM has their own wiki which has now existed for more than 5 years, so the excuse that it's just starting out does not work anymore. Even if these devices are not supported by ALARM, it should not be our problem, since they're also not supported by Arch Linux.<br />
<br />
I propose redirecting all pages in [[:Category:ARM architecture]] and [[:Category:ARM architecture]] itself to [[archlinux-service-agreements:code-of-conduct#arch-linux-distribution-support-only]]. Or alternatively, they could be moved to user pages of the users who created them.<br />
<br />
-- [[User:nl6720|nl6720]] ([[User talk:nl6720|talk]]) 07:33, 6 April 2021 (UTC)<br />
<br />
:I support this. My only argument against is that it would be lost documentation, which is in the wrong place anyways, but this is easily solved by moving them to user pages instead.<br />
:-- [[User:NetSysFire|NetSysFire]] ([[User talk:NetSysFire|talk]]) 09:18, 6 April 2021 (UTC)<br />
<br />
::Agreed, let's just get rid of it. There's been more than sufficient time to merge relevant information to the ALARM wiki. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 10:16, 5 October 2021 (UTC)<br />
::Flagged all the pages. Now we should decide what to do with the (content in the) category page itself. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 10:21, 5 October 2021 (UTC)<br />
<br />
:I must say I found invaluable information on these pages to run Arch on my ARMv7 server. I would gladly host [[NanoPi_M1]] on my user page if nobody claims it. I guess a page on the ALARM wiki would still be the best solution, but I'm afraid they won't host them - their wiki claims to only have pages for supported hardware, and the NanoPi_M1 isn't among those. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 19:28, 5 October 2021 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/vector.css&diff=670860User:Lafleur/vector.css2021-05-13T13:06:58Z<p>Lafleur: turn off again</p>
<hr />
<div>/* CSS placed here will affect users of the Vector skin */<br />
/* Try from https://www.mediawiki.org/wiki/Skin:Vector/DarkCSS */</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/vector.css&diff=670858User:Lafleur/vector.css2021-05-13T12:53:38Z<p>Lafleur: try again</p>
<hr />
<div>/* CSS placed here will affect users of the Vector skin */<br />
/* Try from https://www.mediawiki.org/wiki/Skin:Vector/DarkCSS */<br />
<br />
/* CSS placed here will affect users of the Vector skin */<br />
<br />
/* Override Vector colour scheme to make it dark (compiled from modified LESS code) */<br />
h1,h2,h3,h4,h5,h6{color:#c1c1c1}hr{color:#222}.editOptions{background-color:#333;border-color:#4c4c4c}input,textarea{background-color:#4c4c4c;border-color:#4c4c4c;color:#c1c1c1}a,.mw-body a.external,.mw-body a.extiw{color:#e69710}a:visited,.mw-body a.external:visited,.mw-body a.extiw:visited{color:#8a7f6c}a.new,#p-personal a.new{color:#d44}ul{list-style-image:none}div.thumbinner,.catlinks{background-color:#4c4c4c;border-color:#666}#toc,div.toc,ul#filetoc,li.gallerybox div.thumb{background-color:#4c4c4c;border-color:#666}code{border:none;background-color:inherit;color:inherit}table.mw_metadata td,table.mw_metadata th,table.wikitable,table.wikitable>*>tr>th,table.wikitable>*>tr>td,pre{color:#c1c1c1;background-color:#4c4c4c;border-color:#666}table.mw_metadata th,table.wikitable>*>tr>th{background-color:#595959}table.diff{background-color:#4c4c4c}td .diffchange{color:#4c4c4c}#pagehistory li.selected,td.diff-context{background-color:inherit;color:inherit}#pagehistory li{border:0}ul.mw-gallery-packed-hover li.gallerybox:hover div.gallerytextwrapper,ul.mw-gallery-packed-overlay li.gallerybox div.gallerytextwrapper,ul.mw-gallery-packed-hover li.gallerybox.mw-gallery-focused div.gallerytextwrapper{background-color:rgba(0,0,0,0.8)}#left-navigation div.vectorTabs,#right-navigation div.vectorTabs{background-image:inherit;background-color:#250b2d}#left-navigation div.vectorTabs ul,#right-navigation div.vectorTabs ul{background-color:#250b2d}#left-navigation div.vectorTabs ul li,#right-navigation div.vectorTabs ul li{background-color:#222;background-image:-moz-linear-gradient(top, #2e2e2e 20%, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(20%, #2e2e2e), color-stop(100%, #222));background-image:-webkit-linear-gradient(top, #2e2e2e 20%, #222 100%);background-image:linear-gradient(#2e2e2e 20%, #222 100%)}#left-navigation div.vectorTabs li.new a,#right-navigation div.vectorTabs li.new a,#left-navigation div.vectorTabs li.new a:visited,#right-navigation div.vectorTabs li.new a:visited{color:#d44}#left-navigation div.vectorTabs li.selected,#right-navigation div.vectorTabs li.selected{background-color:#333;background-image:-moz-linear-gradient(top, #e69710 0, #333 10%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e69710), color-stop(10%, #333));background-image:-webkit-linear-gradient(top, #e69710 0, #333 10%);background-image:linear-gradient(#e69710 0, #333 10%)}#left-navigation div.vectorTabs li.selected a,#right-navigation div.vectorTabs li.selected a,#left-navigation div.vectorTabs li.selected a:visited,#right-navigation div.vectorTabs li.selected a:visited{color:#8a7f6c}#left-navigation div.vectorTabs li a,#right-navigation div.vectorTabs li a{color:#e69710}#left-navigation div.vectorTabs span,#right-navigation div.vectorTabs span{background:transparent}div#mw-head #right-navigation div.vectorMenu h3{background:inherit}div#mw-head div.vectorMenu h3 span{color:#e69710}div.vectorMenu h3 a{background:inherit}div.vectorMenu ul{background-color:black;border:solid 1px #0c0c0c}div.vectorMenu li a{color:#e69710}div.vectorMenu li.selected a,div.vectorMenu li.selected a:visited{color:#8a7f6c;text-decoration:none}div.vectorMenu#p-cactions div.menu{border-color:#666}div.vectorMenu#p-cactions ul{border:0;background-color:#4c4c4c}#mw-navigation div#mw-panel div.portal{background-image:none;border-top:1px solid #4c4c4c}#mw-navigation div#mw-panel div.portal#p-logo,#mw-navigation div#mw-panel div.portal#p-navigation{border-top:none}html{font-size:100%}html,body{height:100%;margin:0;padding:0;font-family:sans-serif}body{background-color:#2a2a2a}.mw-body{margin-left:10em;padding:1em;border:1px solid #250b2d;border-right-width:0;margin-top:-1px;background-color:#333;color:#c1c1c1;direction:ltr}.mw-body .mw-editsection,.mw-body .mw-editsection-like{font-family:sans-serif}.mw-body p{line-height:inherit;margin:.5em 0}.mw-body h1,.mw-body h2,.mw-body #firstHeading{font-family:"Linux Libertine",Georgia,Times,serif;line-height:1.3;margin-bottom:.25em;padding:0}.mw-body h1,.mw-body #firstHeading{font-size:1.8em}.mw-body h2{font-size:1.5em;margin-top:1em}.mw-body h3,.mw-body h4,.mw-body h5,.mw-body h6{line-height:1.6;margin-top:.3em;margin-bottom:0;padding-bottom:0}.mw-body h3{font-size:1.17em}.mw-body h3,.mw-body h4{font-weight:bold}.mw-body h4,.mw-body h5,.mw-body h6{font-size:100%}.mw-body #toc h2,.mw-body .toc h2{font-size:100%;font-family:sans-serif}div.emptyPortlet{display:none}ul{list-style-type:disc;list-style-image:/* @embed */ url('skins/Vector/images/bullet-icon.png')}pre,.mw-code{line-height:1.3em}#siteNotice{font-size:.8em}.redirectText{font-size:140%}.redirectMsg img{vertical-align:text-bottom}.mw-body-content{position:relative;line-height:1.6;font-size:.875em}body.vector-animateLayout .mw-body,body.vector-animateLayout div#footer,body.vector-animateLayout #left-navigation{-webkit-transition:margin-left 250ms,padding 250ms;-moz-transition:margin-left 250ms,padding 250ms;-o-transition:margin-left 250ms,padding 250ms;transition:margin-left 250ms,padding 250ms}body.vector-animateLayout #p-logo{-webkit-transition:left 250ms;-moz-transition:left 250ms;-o-transition:left 250ms;transition:left 250ms}body.vector-animateLayout #mw-panel{-webkit-transition:padding-right 250ms;-moz-transition:padding-right 250ms;-o-transition:padding-right 250ms;transition:padding-right 250ms}body.vector-animateLayout #p-search{-webkit-transition:margin-right 250ms;-moz-transition:margin-right 250ms;-o-transition:margin-right 250ms;transition:margin-right 250ms}body.vector-animateLayout #p-personal{-webkit-transition:right 250ms;-moz-transition:right 250ms;-o-transition:right 250ms;transition:right 250ms}body.vector-animateLayout #mw-head-base{-webkit-transition:margin-left 250ms;-moz-transition:margin-left 250ms;-o-transition:margin-left 250ms;transition:margin-left 250ms}#p-personal{position:absolute;top:.33em;right:.75em;z-index:100}#p-personal h3{display:none}#p-personal ul{list-style-type:none;list-style-image:none;margin:0;padding-left:10em}#p-personal li{line-height:1.125em;float:left;margin-left:.75em;margin-top:.5em;font-size:.75em;white-space:nowrap}#pt-userpage,#pt-anonuserpage{background-position:left top;background-repeat:no-repeat;background-image:url('skins/Vector/images/user-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/user-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/user-icon.svg');padding-left:15px !important}#p-search{float:left;margin-right:.5em;margin-left:.5em}#p-search h3{display:none}#p-search form,#p-search input{margin:0;margin-top:.4em}div#simpleSearch{display:block;width:12.6em;padding-right:1.4em;height:1.4em;margin-top:.65em;position:relative;min-height:1px;border:solid 1px #aaa;color:black;background-color:white;background-image:/* @embed */ url('skins/Vector/images/search-fade.png');background-position:top left;background-repeat:repeat-x}div#simpleSearch input{margin:0;padding:0;border:0;background-color:transparent;color:black}div#simpleSearch #searchInput{width:100%;padding:.2em 0 .2em .2em;font-size:13px;direction:ltr;-webkit-appearance:textfield}div#simpleSearch #searchInput:focus{outline:none}div#simpleSearch #searchInput.placeholder{color:#999}div#simpleSearch #searchInput:-ms-input-placeholder{color:#999}div#simpleSearch #searchInput:-moz-placeholder{color:#999}div#simpleSearch #searchInput::-webkit-search-decoration,div#simpleSearch #searchInput::-webkit-search-cancel-button,div#simpleSearch #searchInput::-webkit-search-results-button,div#simpleSearch #searchInput::-webkit-search-results-decoration{-webkit-appearance:textfield}div#simpleSearch #searchButton,div#simpleSearch #mw-searchButton{position:absolute;top:0;right:0;width:1.65em;height:100%;cursor:pointer;text-indent:-99999px;line-height:1;direction:ltr;white-space:nowrap;overflow:hidden;background-image:url('skins/Vector/images/search-ltr.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/search-ltr.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/search-ltr.svg');background-position:center center;background-repeat:no-repeat}div#simpleSearch #mw-searchButton{z-index:1}div.vectorTabs h3{display:none}div.vectorTabs{float:left;height:2.5em;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:bottom left;background-repeat:no-repeat;padding-left:1px}div.vectorTabs ul{float:left;height:100%;list-style-type:none;list-style-image:none;margin:0;padding:0;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:right bottom;background-repeat:no-repeat}div.vectorTabs ul li{float:left;line-height:1.125em;display:inline-block;height:100%;margin:0;padding:0;background-color:#f3f3f3;background-image:/* @embed */ url('skins/Vector/images/tab-normal-fade.png');background-position:bottom left;background-repeat:repeat-x;white-space:nowrap}div.vectorTabs ul>li{display:block}div.vectorTabs li.new a,div.vectorTabs li.new a:visited{color:#a55858}div.vectorTabs li.selected{background-image:/* @embed */ url('skins/Vector/images/tab-current-fade.png')}div.vectorTabs li.selected a,div.vectorTabs li.selected a:visited{color:#333;text-decoration:none}div.vectorTabs li.icon a{background-position:bottom right;background-repeat:no-repeat}div.vectorTabs li a{display:inline-block;height:1.9em;padding-left:.5em;padding-right:.5em;color:#e69710;cursor:pointer;font-size:.8em}div.vectorTabs li>a{display:block}div.vectorTabs span{display:inline-block;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:bottom right;background-repeat:no-repeat}div.vectorTabs span a{display:inline-block;padding-top:1.25em}div.vectorTabs span>a{float:left;display:block}div.vectorMenu{direction:ltr;float:left;cursor:pointer;position:relative}body.rtl div.vectorMenu{direction:rtl}div#mw-head div.vectorMenu h3{float:left;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-repeat:no-repeat;background-position:bottom right;margin-left:-1px;font-size:1em;height:2.5em;padding-right:1px;margin-right:-1px}div.vectorMenu h3 span{display:block;font-size:.8em;padding-left:.7em;padding-top:1.375em;margin-right:20px;font-weight:normal;color:#4d4d4d}div.vectorMenu h3 a{position:absolute;top:0;right:0;width:20px;height:2.5em;background-image:url('skins/Vector/images/arrow-down-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-icon.svg');background-position:100% 70%;background-repeat:no-repeat;-webkit-transition:background-position 250ms;-moz-transition:background-position 250ms;-o-transition:background-position 250ms;transition:background-position 250ms}div.vectorMenu.menuForceShow h3 a{background-position:100% 100%}div.vectorMenuFocus h3 a{background-image:url('skins/Vector/images/arrow-down-focus-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-focus-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-focus-icon.svg')}div.vectorMenu div.menu{min-width:100%;position:absolute;top:2.5em;left:-1px;background-color:white;border:solid 1px silver;border-top-width:0;clear:both;text-align:left;display:none}div.vectorMenu:hover div.menu,div.vectorMenu.menuForceShow div.menu{display:block}div.vectorMenu ul{list-style-type:none;list-style-image:none;padding:0;margin:0;text-align:left}div.vectorMenu ul,x:-moz-any-link{min-width:5em}div.vectorMenu ul,x:-moz-any-link,x:default{min-width:0}div.vectorMenu li{padding:0;margin:0;text-align:left;line-height:1em}div.vectorMenu li a{display:inline-block;padding:.5em;white-space:nowrap;color:#e69710;cursor:pointer;font-size:.8em}div.vectorMenu li>a{display:block}div.vectorMenu li.selected a,div.vectorMenu li.selected a:visited{color:#333;text-decoration:none}@-webkit-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@-moz-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@-o-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}#ca-unwatch.icon a,#ca-watch.icon a{margin:0;padding:0;display:block;width:26px;padding-top:3.1em;margin-top:0;height:0;overflow:hidden;background-position:5px 60%}#ca-unwatch.icon a{background-image:url('skins/Vector/images/unwatch-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon.svg')}#ca-watch.icon a{background-image:url('skins/Vector/images/watch-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon.svg')}#ca-unwatch.icon a:hover,#ca-unwatch.icon a:focus{background-image:url('skins/Vector/images/unwatch-icon-hl.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon-hl.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon-hl.svg')}#ca-watch.icon a:hover,#ca-watch.icon a:focus{background-image:url('skins/Vector/images/watch-icon-hl.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-hl.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-hl.svg')}#ca-unwatch.icon a.loading,#ca-watch.icon a.loading{background-image:url('skins/Vector/images/watch-icon-loading.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-loading.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-loading.svg');-webkit-animation:rotate 700ms infinite linear;-moz-animation:rotate 700ms infinite linear;-o-animation:rotate 700ms infinite linear;animation:rotate 700ms infinite linear;outline:none;cursor:default;pointer-events:none;background-position:50% 60%;-webkit-transform-origin:50% 57%;transform-origin:50% 57%}#ca-unwatch.icon a span,#ca-watch.icon a span{display:none}#mw-navigation h2{position:absolute;top:-9999px}#mw-page-base{height:5em;background-position:bottom left;background-repeat:repeat-x;background-image:url('skins/Vector/images/page-fade.png');background-color:#2a2a2a;background-image:-moz-linear-gradient(top, #333 50%, #2a2a2a 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(50%, #333), color-stop(100%, #2a2a2a));background-image:-webkit-linear-gradient(top, #333 50%, #2a2a2a 100%);background-image:linear-gradient(#333 50%, #2a2a2a 100%);background-color:#333}#mw-head-base{margin-top:-5em;margin-left:10em;height:5em}div#mw-head{position:absolute;top:0;right:0;width:100%}div#mw-head h3{margin:0;padding:0}#left-navigation{float:left;margin-left:10em;margin-top:2.5em;margin-bottom:-2.5em;display:inline}#right-navigation{float:right;margin-top:2.5em}#p-logo{position:absolute;top:-160px;left:0;width:10em;height:160px}#p-logo a{display:block;width:10em;height:160px;background-repeat:no-repeat;background-position:center center;text-decoration:none}div#mw-panel{font-size:inherit;position:absolute;top:160px;padding-top:1em;width:10em;left:0}div#mw-panel div.portal{margin:0 .6em 0 .7em;padding:.25em 0;direction:ltr;background-position:top left;background-repeat:no-repeat;background-image:/* @embed */ url('skins/Vector/images/portal-break.png')}div#mw-panel div.portal h3{font-size:.75em;color:#4d4d4d;font-weight:normal;margin:0;padding:.25em 0 .25em .25em;cursor:default;border:none}div#mw-panel div.portal div.body{margin:0 0 0 1.25em;padding-top:0}div#mw-panel div.portal div.body ul{list-style-type:none;list-style-image:none;margin:0;padding:0}div#mw-panel div.portal div.body ul li{line-height:1.125em;margin:0;padding:.25em 0;font-size:.75em;word-wrap:break-word}div#mw-panel div.portal div.body ul li a{color:#e69710}div#mw-panel div.portal div.body ul li a:visited{color:#8a7f6c}div#mw-panel div.portal.first{background-image:none;margin-top:0}div#mw-panel div.portal.first h3{display:none}div#mw-panel div.portal.first div.body{margin-left:.5em}div#footer{margin-left:10em;margin-top:0;padding:.75em;direction:ltr}div#footer ul{list-style-type:none;list-style-image:none;margin:0;padding:0}div#footer ul li{margin:0;padding:0;padding-top:.5em;padding-bottom:.5em;color:#333;font-size:.7em}div#footer #footer-icons{float:right}div#footer #footer-icons li{float:left;margin-left:.5em;line-height:2em;text-align:right}div#footer #footer-info li{line-height:1.4em}div#footer #footer-places li{float:left;margin-right:1em;line-height:2em}body.ltr div#footer #footer-places{float:left}.mw-body .external{background-position:center right;background-repeat:no-repeat;background-image:url('skins/Vector/images/external-link-ltr-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/external-link-ltr-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/external-link-ltr-icon.svg');padding-right:13px}</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/vector.css&diff=670857User:Lafleur/vector.css2021-05-13T12:52:55Z<p>Lafleur: swich back to plain css</p>
<hr />
<div>/* CSS placed here will affect users of the Vector skin */<br />
/* Try from https://www.mediawiki.org/wiki/Skin:Vector/DarkCSS */</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur/vector.css&diff=670856User:Lafleur/vector.css2021-05-13T12:47:13Z<p>Lafleur: add dark mode css</p>
<hr />
<div>/* CSS placed here will affect users of the Vector skin */<br />
/* taken from https://www.mediawiki.org/wiki/Skin:Vector/DarkCSS */<br />
<br />
/* Override Vector colour scheme to make it dark (compiled from modified LESS code) */<br />
h1,h2,h3,h4,h5,h6{color:#c1c1c1}hr{color:#222}.editOptions{background-color:#333;border-color:#4c4c4c}input,textarea{background-color:#4c4c4c;border-color:#4c4c4c;color:#c1c1c1}a,.mw-body a.external,.mw-body a.extiw{color:#e69710}a:visited,.mw-body a.external:visited,.mw-body a.extiw:visited{color:#8a7f6c}a.new,#p-personal a.new{color:#d44}ul{list-style-image:none}div.thumbinner,.catlinks{background-color:#4c4c4c;border-color:#666}#toc,div.toc,ul#filetoc,li.gallerybox div.thumb{background-color:#4c4c4c;border-color:#666}code{border:none;background-color:inherit;color:inherit}table.mw_metadata td,table.mw_metadata th,table.wikitable,table.wikitable>*>tr>th,table.wikitable>*>tr>td,pre{color:#c1c1c1;background-color:#4c4c4c;border-color:#666}table.mw_metadata th,table.wikitable>*>tr>th{background-color:#595959}table.diff{background-color:#4c4c4c}td .diffchange{color:#4c4c4c}#pagehistory li.selected,td.diff-context{background-color:inherit;color:inherit}#pagehistory li{border:0}ul.mw-gallery-packed-hover li.gallerybox:hover div.gallerytextwrapper,ul.mw-gallery-packed-overlay li.gallerybox div.gallerytextwrapper,ul.mw-gallery-packed-hover li.gallerybox.mw-gallery-focused div.gallerytextwrapper{background-color:rgba(0,0,0,0.8)}#left-navigation div.vectorTabs,#right-navigation div.vectorTabs{background-image:inherit;background-color:#250b2d}#left-navigation div.vectorTabs ul,#right-navigation div.vectorTabs ul{background-color:#250b2d}#left-navigation div.vectorTabs ul li,#right-navigation div.vectorTabs ul li{background-color:#222;background-image:-moz-linear-gradient(top, #2e2e2e 20%, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(20%, #2e2e2e), color-stop(100%, #222));background-image:-webkit-linear-gradient(top, #2e2e2e 20%, #222 100%);background-image:linear-gradient(#2e2e2e 20%, #222 100%)}#left-navigation div.vectorTabs li.new a,#right-navigation div.vectorTabs li.new a,#left-navigation div.vectorTabs li.new a:visited,#right-navigation div.vectorTabs li.new a:visited{color:#d44}#left-navigation div.vectorTabs li.selected,#right-navigation div.vectorTabs li.selected{background-color:#333;background-image:-moz-linear-gradient(top, #e69710 0, #333 10%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e69710), color-stop(10%, #333));background-image:-webkit-linear-gradient(top, #e69710 0, #333 10%);background-image:linear-gradient(#e69710 0, #333 10%)}#left-navigation div.vectorTabs li.selected a,#right-navigation div.vectorTabs li.selected a,#left-navigation div.vectorTabs li.selected a:visited,#right-navigation div.vectorTabs li.selected a:visited{color:#8a7f6c}#left-navigation div.vectorTabs li a,#right-navigation div.vectorTabs li a{color:#e69710}#left-navigation div.vectorTabs span,#right-navigation div.vectorTabs span{background:transparent}div#mw-head #right-navigation div.vectorMenu h3{background:inherit}div#mw-head div.vectorMenu h3 span{color:#e69710}div.vectorMenu h3 a{background:inherit}div.vectorMenu ul{background-color:black;border:solid 1px #0c0c0c}div.vectorMenu li a{color:#e69710}div.vectorMenu li.selected a,div.vectorMenu li.selected a:visited{color:#8a7f6c;text-decoration:none}div.vectorMenu#p-cactions div.menu{border-color:#666}div.vectorMenu#p-cactions ul{border:0;background-color:#4c4c4c}#mw-navigation div#mw-panel div.portal{background-image:none;border-top:1px solid #4c4c4c}#mw-navigation div#mw-panel div.portal#p-logo,#mw-navigation div#mw-panel div.portal#p-navigation{border-top:none}html{font-size:100%}html,body{height:100%;margin:0;padding:0;font-family:sans-serif}body{background-color:#2a2a2a}.mw-body{margin-left:10em;padding:1em;border:1px solid #250b2d;border-right-width:0;margin-top:-1px;background-color:#333;color:#c1c1c1;direction:ltr}.mw-body .mw-editsection,.mw-body .mw-editsection-like{font-family:sans-serif}.mw-body p{line-height:inherit;margin:.5em 0}.mw-body h1,.mw-body h2,.mw-body #firstHeading{font-family:"Linux Libertine",Georgia,Times,serif;line-height:1.3;margin-bottom:.25em;padding:0}.mw-body h1,.mw-body #firstHeading{font-size:1.8em}.mw-body h2{font-size:1.5em;margin-top:1em}.mw-body h3,.mw-body h4,.mw-body h5,.mw-body h6{line-height:1.6;margin-top:.3em;margin-bottom:0;padding-bottom:0}.mw-body h3{font-size:1.17em}.mw-body h3,.mw-body h4{font-weight:bold}.mw-body h4,.mw-body h5,.mw-body h6{font-size:100%}.mw-body #toc h2,.mw-body .toc h2{font-size:100%;font-family:sans-serif}div.emptyPortlet{display:none}ul{list-style-type:disc;list-style-image:/* @embed */ url('skins/Vector/images/bullet-icon.png')}pre,.mw-code{line-height:1.3em}#siteNotice{font-size:.8em}.redirectText{font-size:140%}.redirectMsg img{vertical-align:text-bottom}.mw-body-content{position:relative;line-height:1.6;font-size:.875em}body.vector-animateLayout .mw-body,body.vector-animateLayout div#footer,body.vector-animateLayout #left-navigation{-webkit-transition:margin-left 250ms,padding 250ms;-moz-transition:margin-left 250ms,padding 250ms;-o-transition:margin-left 250ms,padding 250ms;transition:margin-left 250ms,padding 250ms}body.vector-animateLayout #p-logo{-webkit-transition:left 250ms;-moz-transition:left 250ms;-o-transition:left 250ms;transition:left 250ms}body.vector-animateLayout #mw-panel{-webkit-transition:padding-right 250ms;-moz-transition:padding-right 250ms;-o-transition:padding-right 250ms;transition:padding-right 250ms}body.vector-animateLayout #p-search{-webkit-transition:margin-right 250ms;-moz-transition:margin-right 250ms;-o-transition:margin-right 250ms;transition:margin-right 250ms}body.vector-animateLayout #p-personal{-webkit-transition:right 250ms;-moz-transition:right 250ms;-o-transition:right 250ms;transition:right 250ms}body.vector-animateLayout #mw-head-base{-webkit-transition:margin-left 250ms;-moz-transition:margin-left 250ms;-o-transition:margin-left 250ms;transition:margin-left 250ms}#p-personal{position:absolute;top:.33em;right:.75em;z-index:100}#p-personal h3{display:none}#p-personal ul{list-style-type:none;list-style-image:none;margin:0;padding-left:10em}#p-personal li{line-height:1.125em;float:left;margin-left:.75em;margin-top:.5em;font-size:.75em;white-space:nowrap}#pt-userpage,#pt-anonuserpage{background-position:left top;background-repeat:no-repeat;background-image:url('skins/Vector/images/user-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/user-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/user-icon.svg');padding-left:15px !important}#p-search{float:left;margin-right:.5em;margin-left:.5em}#p-search h3{display:none}#p-search form,#p-search input{margin:0;margin-top:.4em}div#simpleSearch{display:block;width:12.6em;padding-right:1.4em;height:1.4em;margin-top:.65em;position:relative;min-height:1px;border:solid 1px #aaa;color:black;background-color:white;background-image:/* @embed */ url('skins/Vector/images/search-fade.png');background-position:top left;background-repeat:repeat-x}div#simpleSearch input{margin:0;padding:0;border:0;background-color:transparent;color:black}div#simpleSearch #searchInput{width:100%;padding:.2em 0 .2em .2em;font-size:13px;direction:ltr;-webkit-appearance:textfield}div#simpleSearch #searchInput:focus{outline:none}div#simpleSearch #searchInput.placeholder{color:#999}div#simpleSearch #searchInput:-ms-input-placeholder{color:#999}div#simpleSearch #searchInput:-moz-placeholder{color:#999}div#simpleSearch #searchInput::-webkit-search-decoration,div#simpleSearch #searchInput::-webkit-search-cancel-button,div#simpleSearch #searchInput::-webkit-search-results-button,div#simpleSearch #searchInput::-webkit-search-results-decoration{-webkit-appearance:textfield}div#simpleSearch #searchButton,div#simpleSearch #mw-searchButton{position:absolute;top:0;right:0;width:1.65em;height:100%;cursor:pointer;text-indent:-99999px;line-height:1;direction:ltr;white-space:nowrap;overflow:hidden;background-image:url('skins/Vector/images/search-ltr.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/search-ltr.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/search-ltr.svg');background-position:center center;background-repeat:no-repeat}div#simpleSearch #mw-searchButton{z-index:1}div.vectorTabs h3{display:none}div.vectorTabs{float:left;height:2.5em;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:bottom left;background-repeat:no-repeat;padding-left:1px}div.vectorTabs ul{float:left;height:100%;list-style-type:none;list-style-image:none;margin:0;padding:0;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:right bottom;background-repeat:no-repeat}div.vectorTabs ul li{float:left;line-height:1.125em;display:inline-block;height:100%;margin:0;padding:0;background-color:#f3f3f3;background-image:/* @embed */ url('skins/Vector/images/tab-normal-fade.png');background-position:bottom left;background-repeat:repeat-x;white-space:nowrap}div.vectorTabs ul>li{display:block}div.vectorTabs li.new a,div.vectorTabs li.new a:visited{color:#a55858}div.vectorTabs li.selected{background-image:/* @embed */ url('skins/Vector/images/tab-current-fade.png')}div.vectorTabs li.selected a,div.vectorTabs li.selected a:visited{color:#333;text-decoration:none}div.vectorTabs li.icon a{background-position:bottom right;background-repeat:no-repeat}div.vectorTabs li a{display:inline-block;height:1.9em;padding-left:.5em;padding-right:.5em;color:#e69710;cursor:pointer;font-size:.8em}div.vectorTabs li>a{display:block}div.vectorTabs span{display:inline-block;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-position:bottom right;background-repeat:no-repeat}div.vectorTabs span a{display:inline-block;padding-top:1.25em}div.vectorTabs span>a{float:left;display:block}div.vectorMenu{direction:ltr;float:left;cursor:pointer;position:relative}body.rtl div.vectorMenu{direction:rtl}div#mw-head div.vectorMenu h3{float:left;background-image:/* @embed */ url('skins/Vector/images/tab-break.png');background-repeat:no-repeat;background-position:bottom right;margin-left:-1px;font-size:1em;height:2.5em;padding-right:1px;margin-right:-1px}div.vectorMenu h3 span{display:block;font-size:.8em;padding-left:.7em;padding-top:1.375em;margin-right:20px;font-weight:normal;color:#4d4d4d}div.vectorMenu h3 a{position:absolute;top:0;right:0;width:20px;height:2.5em;background-image:url('skins/Vector/images/arrow-down-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-icon.svg');background-position:100% 70%;background-repeat:no-repeat;-webkit-transition:background-position 250ms;-moz-transition:background-position 250ms;-o-transition:background-position 250ms;transition:background-position 250ms}div.vectorMenu.menuForceShow h3 a{background-position:100% 100%}div.vectorMenuFocus h3 a{background-image:url('skins/Vector/images/arrow-down-focus-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-focus-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/arrow-down-focus-icon.svg')}div.vectorMenu div.menu{min-width:100%;position:absolute;top:2.5em;left:-1px;background-color:white;border:solid 1px silver;border-top-width:0;clear:both;text-align:left;display:none}div.vectorMenu:hover div.menu,div.vectorMenu.menuForceShow div.menu{display:block}div.vectorMenu ul{list-style-type:none;list-style-image:none;padding:0;margin:0;text-align:left}div.vectorMenu ul,x:-moz-any-link{min-width:5em}div.vectorMenu ul,x:-moz-any-link,x:default{min-width:0}div.vectorMenu li{padding:0;margin:0;text-align:left;line-height:1em}div.vectorMenu li a{display:inline-block;padding:.5em;white-space:nowrap;color:#e69710;cursor:pointer;font-size:.8em}div.vectorMenu li>a{display:block}div.vectorMenu li.selected a,div.vectorMenu li.selected a:visited{color:#333;text-decoration:none}@-webkit-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@-moz-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@-o-keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes rotate{from{-webkit-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg)}}#ca-unwatch.icon a,#ca-watch.icon a{margin:0;padding:0;display:block;width:26px;padding-top:3.1em;margin-top:0;height:0;overflow:hidden;background-position:5px 60%}#ca-unwatch.icon a{background-image:url('skins/Vector/images/unwatch-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon.svg')}#ca-watch.icon a{background-image:url('skins/Vector/images/watch-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon.svg')}#ca-unwatch.icon a:hover,#ca-unwatch.icon a:focus{background-image:url('skins/Vector/images/unwatch-icon-hl.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon-hl.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/unwatch-icon-hl.svg')}#ca-watch.icon a:hover,#ca-watch.icon a:focus{background-image:url('skins/Vector/images/watch-icon-hl.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-hl.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-hl.svg')}#ca-unwatch.icon a.loading,#ca-watch.icon a.loading{background-image:url('skins/Vector/images/watch-icon-loading.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-loading.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/watch-icon-loading.svg');-webkit-animation:rotate 700ms infinite linear;-moz-animation:rotate 700ms infinite linear;-o-animation:rotate 700ms infinite linear;animation:rotate 700ms infinite linear;outline:none;cursor:default;pointer-events:none;background-position:50% 60%;-webkit-transform-origin:50% 57%;transform-origin:50% 57%}#ca-unwatch.icon a span,#ca-watch.icon a span{display:none}#mw-navigation h2{position:absolute;top:-9999px}#mw-page-base{height:5em;background-position:bottom left;background-repeat:repeat-x;background-image:url('skins/Vector/images/page-fade.png');background-color:#2a2a2a;background-image:-moz-linear-gradient(top, #333 50%, #2a2a2a 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(50%, #333), color-stop(100%, #2a2a2a));background-image:-webkit-linear-gradient(top, #333 50%, #2a2a2a 100%);background-image:linear-gradient(#333 50%, #2a2a2a 100%);background-color:#333}#mw-head-base{margin-top:-5em;margin-left:10em;height:5em}div#mw-head{position:absolute;top:0;right:0;width:100%}div#mw-head h3{margin:0;padding:0}#left-navigation{float:left;margin-left:10em;margin-top:2.5em;margin-bottom:-2.5em;display:inline}#right-navigation{float:right;margin-top:2.5em}#p-logo{position:absolute;top:-160px;left:0;width:10em;height:160px}#p-logo a{display:block;width:10em;height:160px;background-repeat:no-repeat;background-position:center center;text-decoration:none}div#mw-panel{font-size:inherit;position:absolute;top:160px;padding-top:1em;width:10em;left:0}div#mw-panel div.portal{margin:0 .6em 0 .7em;padding:.25em 0;direction:ltr;background-position:top left;background-repeat:no-repeat;background-image:/* @embed */ url('skins/Vector/images/portal-break.png')}div#mw-panel div.portal h3{font-size:.75em;color:#4d4d4d;font-weight:normal;margin:0;padding:.25em 0 .25em .25em;cursor:default;border:none}div#mw-panel div.portal div.body{margin:0 0 0 1.25em;padding-top:0}div#mw-panel div.portal div.body ul{list-style-type:none;list-style-image:none;margin:0;padding:0}div#mw-panel div.portal div.body ul li{line-height:1.125em;margin:0;padding:.25em 0;font-size:.75em;word-wrap:break-word}div#mw-panel div.portal div.body ul li a{color:#e69710}div#mw-panel div.portal div.body ul li a:visited{color:#8a7f6c}div#mw-panel div.portal.first{background-image:none;margin-top:0}div#mw-panel div.portal.first h3{display:none}div#mw-panel div.portal.first div.body{margin-left:.5em}div#footer{margin-left:10em;margin-top:0;padding:.75em;direction:ltr}div#footer ul{list-style-type:none;list-style-image:none;margin:0;padding:0}div#footer ul li{margin:0;padding:0;padding-top:.5em;padding-bottom:.5em;color:#333;font-size:.7em}div#footer #footer-icons{float:right}div#footer #footer-icons li{float:left;margin-left:.5em;line-height:2em;text-align:right}div#footer #footer-info li{line-height:1.4em}div#footer #footer-places li{float:left;margin-right:1em;line-height:2em}body.ltr div#footer #footer-places{float:left}.mw-body .external{background-position:center right;background-repeat:no-repeat;background-image:url('skins/Vector/images/external-link-ltr-icon.png');background-image:-webkit-linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/external-link-ltr-icon.svg');background-image:linear-gradient(transparent, transparent),/* @embed */ url('skins/Vector/images/external-link-ltr-icon.svg');padding-right:13px}</div>Lafleurhttps://wiki.archlinux.org/index.php?title=User:Lafleur&diff=639333User:Lafleur2020-10-21T13:04:15Z<p>Lafleur: broad self-presentation</p>
<hr />
<div>One more Arch and ArchWiki user ! I'm not contributing a lot, mostly because I focus on useful contributions, which is (in my humble opinion) a very difficult task. Please feel free to comment on my contributions (or anything else about me) in my [[User_talk:lafleur|User talk]] page.</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Iptables&diff=639316Iptables2020-10-20T23:27:06Z<p>Lafleur: /* Console */ add servicewall, another iptables frontend</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Firewalls]]<br />
[[de:Iptables]]<br />
[[el:Iptables]]<br />
[[es:Iptables]]<br />
[[fr:Iptables]]<br />
[[it:Iptables]]<br />
[[ja:Iptables]]<br />
[[ru:Iptables]]<br />
[[sr:Iptables]]<br />
[[zh-hans:Iptables]]<br />
{{Related articles start}}<br />
{{Related|Fail2ban}}<br />
{{Related|Nftables}}<br />
{{Related|Sshguard}}<br />
{{Related|Simple stateful firewall}}<br />
{{Related|Sysctl#TCP/IP stack hardening}}<br />
{{Related|Uncomplicated Firewall}}<br />
{{Related articles end}}<br />
<br />
''iptables'' is a command line utility for configuring Linux kernel [[firewall]] implemented within the [[Wikipedia:Netfilter|Netfilter]] project. The term ''iptables'' is also commonly used to refer to this kernel-level firewall. It can be configured directly with iptables, or by using one of the many [[#Console|console]] and [[#Graphical|graphical]] front-ends. ''iptables'' is used for [[Wikipedia:IPv4|IPv4]] and ''ip6tables'' is used for [[IPv6]]. Both ''iptables'' and ''ip6tables'' have the same syntax, but some options are specific to either IPv4 or IPv6.<br />
<br />
== Installation ==<br />
<br />
The stock Arch Linux kernel is compiled with iptables support. You will only need to [[install]] the userland utilities, which are provided by the package {{Pkg|iptables}}. The {{Pkg|iptables}} package is an indirect dependency of the {{Pkg|base}} [[meta package]], so it should be installed on your system by default.<br />
<br />
=== Front-ends ===<br />
<br />
==== Console ====<br />
<br />
* {{App|Arno's firewall|Secure firewall for both single and multi-homed machines. Very easy to configure, handy to manage and highly customizable. Supports: NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ and DMZ-2-LAN forwarding, protection against SYN/ICMP flooding, extensive user definable logging with rate limiting to prevent log flooding, all IP protocols and VPNs such as IPsec, plugin support to add extra features.|http://rocky.eld.leidenuniv.nl/|{{AUR|arno-iptables-firewall}}}}<br />
* {{App|ferm|Tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. It allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.|http://ferm.foo-projects.org/|{{Pkg|ferm}}}}<br />
* {{App|[[Wikipedia:FireHOL|FireHOL]]|Language to express firewalling rules, not just a script that produces some kind of a firewall. It makes building even sophisticated firewalls easy - the way you want it.|http://firehol.sourceforge.net/|{{AUR|firehol}}}}<br />
* {{App|Firetable|Tool to maintain an IPtables firewall. Each interface can be configured separately via its own configuration file, which holds an easy and human readable syntax.|https://gitlab.com/hsleisink/firetable|{{AUR|firetable}}}}<br />
* {{App|[[firewalld]] (firewall-cmd)|Daemon and console interface for configuring network and firewall zones as well as setting up and configuring firewall rules.|https://firewalld.org/|{{Pkg|firewalld}}}}<br />
* {{App|[[Shorewall]]|High-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files.|http://www.shorewall.net/|{{Pkg|shorewall}}}}<br />
* {{App|[[Uncomplicated Firewall]]|Simple front-end for iptables.|https://launchpad.net/ufw|{{Pkg|ufw}}}}<br />
* {{App|[[PeerGuardian Linux|PeerGuardian]] (pglcmd)|Privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges).|https://sourceforge.net/projects/peerguardian/|{{AUR|pgl}}}}<br />
* {{App|Vuurmuur|Powerful firewall manager. It has a simple and easy to learn configuration that allows both simple and complex configurations. The configuration can be fully configured through an {{Pkg|ncurses}} GUI, which allows secure remote administration through SSH or on the console. Vuurmuur supports traffic shaping, has powerful monitoring features, which allow the administrator to look at the logs, connections and bandwidth usage in realtime.|https://www.vuurmuur.org/|{{AUR|vuurmuur}}}}<br />
* {{App|Servicewall|simple adaptive iptables frontend that lets you define services allowed when connected to a specific realm, and automatically switches profiles when needed. It uses service definitions provided by [https://www.blogger.com/profile/02954133518928245196 jhansonxi] and used by [[Uncomplicated_Firewall|ufw]]. It relies on [http://www.netfilter.org/projects/ulogd/index.html ulogd] to feed journald with dropped packet logs, and provides a log inspection framework with an emphasis on log access restriction.|https://github.com/lafleurdeboum/servicewall|{{AUR|servicewall}}}}<br />
<br />
==== Graphical ====<br />
<br />
* {{App|Firewall Builder|GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. The program runs on Linux, FreeBSD, OpenBSD, Windows and macOS and can manage both local and remote firewalls.|http://fwbuilder.sourceforge.net/|{{Pkg|fwbuilder}}}}<br />
* {{App|[[Wikipedia:firewalld|firewalld]] (firewall-config)|Daemon and graphical interface for configuring network and firewall zones as well as setting up and configuring firewall rules.|https://firewalld.org/|{{Pkg|firewalld}}}}<br />
* {{App|[[Uncomplicated_Firewall#Gufw|Gufw]]|GTK-based front-end to {{Pkg|ufw}} which happens to be a CLI front-end to iptables (gufw->ufw->iptables), is super easy and super simple to use.|https://gufw.org/|{{Pkg|gufw}}}}<br />
* {{App|[[PeerGuardian Linux|PeerGuardian]] GUI (pglgui)|Privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges).|https://sourceforge.net/projects/peerguardian/|{{AUR|pgl}}}}<br />
* {{App|FireStarter|High-level GUI Iptables firewall for Linux systems|https://sourceforge.net/projects/firestarter/|{{AUR|firestarter}}}}<br />
<br />
== Basic concepts ==<br />
<br />
iptables is used to inspect, modify, forward, redirect, and/or drop IP packets. The code for filtering IP packets is already built into the kernel and is organized into a collection of ''tables'', each with a specific purpose. The tables are made up of a set of predefined ''chains'', and the chains contain rules which are traversed in order. Each rule consists of a predicate of potential matches and a corresponding action (called a ''target'') which is executed if the predicate is true; i.e. the conditions are matched. If the IP packet reaches the end of a built-in chain, including an empty chain, then the chain's ''policy'' target determines the final destination of the IP packet. iptables is the user utility which allows you to work with these chains/rules. Most new users find the complexities of linux IP routing quite daunting, but, in practice, the most common use cases (NAT and/or basic Internet firewall) are considerably less complex.<br />
<br />
The key to understanding how iptables works is [https://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg this chart]. The lowercase word on top is the table and the upper case word below is the chain. Every IP packet that comes in ''on any network interface'' passes through this flow chart from top to bottom. A common misconception is that packets entering from, say, an internal interface are handled differently than packets from an Internet-facing interface. All interfaces are handled the same way; it's up to you to define rules that treat them differently. Of course some packets are intended for local processes, hence come in from the top of the chart and stop at <Local Process>, while other packets are generated by local processes; hence start at <Local Process> and proceed downward through the flowchart. A detailed explanation of how this flow chart works can be found [https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES here].<br />
<br />
In the vast majority of use cases you won't need to use the '''raw''', '''mangle''', or '''security''' tables at all. Consequently, the following chart depicts a simplified network packet flow through ''iptables'':<br />
<br />
{{Text art|<nowiki><br />
XXXXXXXXXXXXXXXXXX<br />
XXX Network XXX<br />
XXXXXXXXXXXXXXXXXX<br />
+<br />
|<br />
v<br />
+-------------+ +------------------+<br />
|table: filter| <---+ | table: nat |<br />
|chain: INPUT | | | chain: PREROUTING|<br />
+-----+-------+ | +--------+---------+<br />
| | |<br />
v | v<br />
[local process] | **************** +--------------+<br />
| +---------+ Routing decision +------> |table: filter |<br />
v **************** |chain: FORWARD|<br />
**************** +------+-------+<br />
Routing decision |<br />
**************** |<br />
| |<br />
v **************** |<br />
+-------------+ +------> Routing decision <---------------+<br />
|table: nat | | ****************<br />
|chain: OUTPUT| | +<br />
+-----+-------+ | |<br />
| | v<br />
v | +-------------------+<br />
+--------------+ | | table: nat |<br />
|table: filter | +----+ | chain: POSTROUTING|<br />
|chain: OUTPUT | +--------+----------+<br />
+--------------+ |<br />
v<br />
XXXXXXXXXXXXXXXXXX<br />
XXX Network XXX<br />
XXXXXXXXXXXXXXXXXX<br />
</nowiki>}}<br />
<br />
=== Tables ===<br />
<br />
iptables contains five tables:<br />
<br />
# {{ic|raw}} is used only for configuring packets so that they are exempt from connection tracking.<br />
# {{ic|filter}} is the default table, and is where all the actions typically associated with a firewall take place.<br />
# {{ic|nat}} is used for [[Wikipedia:Network address translation|network address translation]] (e.g. port forwarding).<br />
# {{ic|mangle}} is used for specialized packet alterations.<br />
# {{ic|security}} is used for [[Mandatory Access Control]] networking rules (e.g. SELinux -- see [http://lwn.net/Articles/267140/ this article] for more details).<br />
<br />
In most common use cases you will only use two of these: '''filter''' and '''nat'''. The other tables are aimed at complex configurations involving multiple routers and routing decisions and are in any case beyond the scope of these introductory remarks.<br />
<br />
=== Chains ===<br />
<br />
Tables consist of ''chains'', which are lists of rules which are followed in order. The default table, {{ic|filter}}, contains three built-in chains: {{ic|INPUT}}, {{ic|OUTPUT}} and {{ic|FORWARD}} which are activated at different points of the packet filtering process, as illustrated in the [http://www.frozentux.net/iptables-tutorial/chunkyhtml/images/tables_traverse.jpg flow chart]. The nat table includes {{ic|PREROUTING}}, {{ic|POSTROUTING}}, and {{ic|OUTPUT}} chains.<br />
<br />
See {{man|8|iptables}} for a description of built-in chains in other tables.<br />
<br />
By default, none of the chains contain any rules. It is up to you to append rules to the chains that you want to use. Chains ''do'' have a default policy, which is generally set to {{ic|ACCEPT}}, but can be reset to {{ic|DROP}}, if you want to be sure that nothing slips through your ruleset. The default policy always applies at the end of a chain only. Hence, the packet has to pass through all existing rules in the chain before the default policy is applied.<br />
<br />
User-defined chains can be added to make rulesets more efficient or more easily modifiable. See [[Simple stateful firewall]] for an example of how user-defined chains are used.<br />
<br />
=== Rules ===<br />
<br />
Packet filtering is based on ''rules'', which are specified by multiple ''matches'' (conditions the packet must satisfy so that the rule can be applied), and one ''target'' (action taken when the packet matches all conditions). The typical things a rule might match on are what interface the packet came in on (e.g eth0 or eth1), what type of packet it is (ICMP, TCP, or UDP), or the destination port of the packet.<br />
<br />
Targets are specified using the {{ic|-j}} or {{ic|--jump}} option. Targets can be either user-defined chains (i.e. if these conditions are matched, jump to the following user-defined chain and continue processing there), one of the special built-in targets, or a target extension. Built-in targets are {{ic|ACCEPT}}, {{ic|DROP}}, {{ic|QUEUE}} and {{ic|RETURN}}, target extensions are, for example, {{ic|REJECT}} and {{ic|LOG}}. If the target is a built-in target, the fate of the packet is decided immediately and processing of the packet in current table is stopped. If the target is a user-defined chain and the fate of the packet is not decided by this second chain, it will be filtered against the remaining rules of the original chain. Target extensions can be either ''terminating'' (as built-in targets) or ''non-terminating'' (as user-defined chains), see {{man|8|iptables-extensions}} for details.<br />
<br />
=== Traversing Chains ===<br />
<br />
A network packet received on any interface traverses the traffic control chains of tables in the order shown in the [http://www.frozentux.net/iptables-tutorial/chunkyhtml/images/tables_traverse.jpg flow chart]. The first routing decision involves deciding if the final destination of the packet is the local machine (in which case the packet traverses through the {{ic|INPUT}} chains) or elsewhere (in which case the packet traverses through the {{ic|FORWARD}} chains). Subsequent routing decisions involve deciding what interface to assign to an outgoing packet. At each chain in the path, every rule in that chain is evaluated in order and whenever a rule matches, the corresponding target/jump action is executed. The 3 most commonly used targets are {{ic|ACCEPT}}, {{ic|DROP}}, and jump to a user-defined chain. While built-in chains can have default policies, user-defined chains can not. If every rule in a chain that you jumped fails to provide a complete match, the packet is dropped back into the calling chain as illustrated [http://www.frozentux.net/iptables-tutorial/images/table_subtraverse.jpg here]. If at any time a complete match is achieved for a rule with a {{ic|DROP}} target, the packet is dropped and no further processing is done. If a packet is {{ic|ACCEPT}}ed within a chain, it will be {{ic|ACCEPT}}ed in all superset chains also and it will not traverse any of the superset chains any further. However, be aware that the packet will continue to traverse all other chains in other tables in the normal fashion.<br />
<br />
=== Modules ===<br />
<br />
There are many modules which can be used to extend iptables such as connlimit, conntrack, limit and recent. These modules add extra functionality to allow complex filtering rules.<br />
<br />
== Configuration and usage ==<br />
<br />
iptables is a [[systemd]] service and is [[start]]ed accordingly. The Arch {{Pkg|iptables}} package installs an empty set of rules in {{ic|/etc/iptables/iptables.rules}} which will be loaded when you [[start]] the {{ic|iptables.service}} unit for the first time. As with other services, if you want iptables to be loaded automatically on boot, you must [[enable]] it.<br />
<br />
iptables rules for IPv6 are, by default, stored in {{ic|/etc/iptables/ip6tables.rules}}, which is read by {{ic|ip6tables.service}}. You can start it the same way as above.<br />
<br />
After adding rules via command-line as shown in the following sections, the configuration file is not changed automatically &mdash; you have to save it manually:<br />
<br />
# iptables-save -f /etc/iptables/iptables.rules<br />
<br />
If you edit the configuration file manually, you have to [[reload]] iptables.<br />
<br />
Or you can load it directly through iptables:<br />
<br />
# iptables-restore /etc/iptables/iptables.rules<br />
<br />
=== From the command line ===<br />
<br />
==== Showing the current rules ====<br />
<br />
The basic command to list current rules is {{ic|--list-rules}} ({{ic|-S}}), which is similar in output format to the ''iptables-save'' utility. The main difference of the two is that the latter outputs the rules of all tables per default, while all ''iptables'' commands default to the {{ic|filter}} table only. <br />
<br />
When working with iptables on the command line, the {{ic|--list}} ({{ic|-L}}) command accepts more modifiers and shows more information. For example, you can check the current ruleset and the number of hits per rule by using the command:<br />
<br />
{{hc|# iptables -nvL|Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination<br />
<br />
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination<br />
<br />
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination}}<br />
<br />
If the output looks like the above, then there are no rules (i.e. nothing is blocked) in the default {{ic|filter}} table. Other tables can be specified with the {{ic|-t}} option.<br />
<br />
To show the line numbers when listing rules, append {{ic|--line-numbers}} to that input. The line numbers are a useful shorthand when [[#Editing rules]] on the command line.<br />
<br />
==== Resetting rules ====<br />
<br />
You can flush and reset iptables to default using these commands:<br />
<br />
# iptables -F<br />
# iptables -X<br />
# iptables -t nat -F<br />
# iptables -t nat -X<br />
# iptables -t mangle -F<br />
# iptables -t mangle -X<br />
# iptables -t raw -F<br />
# iptables -t raw -X<br />
# iptables -t security -F<br />
# iptables -t security -X<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P FORWARD ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
<br />
The {{ic|-F}} command with no arguments flushes all the chains in its current table. Similarly, {{ic|-X}} deletes all empty non-default chains in a table.<br />
<br />
Individual chains may be flushed or deleted by following {{ic|-F}} and {{ic|-X}} with a {{ic|[chain]}} argument.<br />
<br />
==== Editing rules ====<br />
<br />
Rules can be edited by appending {{ic|-A}} a rule to a chain, inserting {{ic|-I}} it at a specific position on the chain, replacing {{ic|-R}} an existing rule, or deleting {{ic|-D}} it. The first three commands are exemplified in the following.<br />
<br />
First of all, our computer is not a router (unless, of course, it [[Router|is a router]]). We want to change the default policy on the {{ic|FORWARD}} chain from {{ic|ACCEPT}} to {{ic|DROP}}.<br />
<br />
{{bc|<br />
# iptables -P FORWARD DROP<br />
}}<br />
<br />
{{warning|The rest of this section is meant to teach the syntax and concepts behind iptables rules. It is not intended as a means for securing servers. For improving the security of your system, see [[Simple stateful firewall]] for a minimally secure iptables configuration and [[Security]] for hardening Arch Linux in general.}}<br />
<br />
The [[Wikipedia:Dropbox (service)|Dropbox]] LAN sync feature [https://isc.sans.edu/port.html?port=17500 broadcasts packets every 30 seconds] to all computers it can see. If we happen to be on a LAN with Dropbox clients and do not use this feature, then we might wish to reject those packets.<br />
<br />
{{bc|<br />
# iptables -A INPUT -p tcp --dport 17500 -j REJECT --reject-with icmp-port-unreachable<br />
}}<br />
<br />
{{hc|# iptables -nvL --line-numbers|<br />
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
1 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:17500 reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy DROP 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
<br />
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
<br />
}}<br />
{{note|We use {{ic|REJECT}} rather than {{ic|DROP}} here, because [https://tools.ietf.org/html/rfc1122#page-69 RFC 1122 3.3.8] requires hosts return ICMP errors whenever possible, instead of dropping packets. [http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject This page] explains why it is almost always better to REJECT rather than DROP packets.}}<br />
<br />
Now, say we change our mind about Dropbox and decide to install it on our computer. We also want to LAN sync, but only with one particular IP on our network. So we should use {{ic|-R}} to replace our old rule. Where {{ic|10.0.0.85}} is our other IP:<br />
<br />
{{bc|<br />
# iptables -R INPUT 1 -p tcp --dport 17500 ! -s 10.0.0.85 -j REJECT --reject-with icmp-port-unreachable<br />
}}<br />
<br />
{{hc|# iptables -nvL --line-numbers|<br />
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
1 0 0 REJECT tcp -- * * !10.0.0.85 0.0.0.0/0 tcp dpt:17500 reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy DROP 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
<br />
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
}}<br />
<br />
We have now replaced our original rule with one that allows {{ic|10.0.0.85}} to access port {{ic|17500}} on our computer. But now we realize that this is not scalable. If our friendly Dropbox user is attempting to access port {{ic|17500}} on our device, we should allow him immediately, not test him against any firewall rules that might come afterwards!<br />
<br />
So we write a new rule to allow our trusted user immediately. Using {{ic|-I}} to insert the new rule before our old one:<br />
<br />
{{bc|<br />
# iptables -I INPUT -p tcp --dport 17500 -s 10.0.0.85 -j ACCEPT -m comment --comment "Friendly Dropbox"<br />
}}<br />
<br />
{{hc|# iptables -nvL --line-numbers|<br />
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
1 0 0 ACCEPT tcp -- * * 10.0.0.85 0.0.0.0/0 tcp dpt:17500 /* Friendly Dropbox */<br />
2 0 0 REJECT tcp -- * * !10.0.0.85 0.0.0.0/0 tcp dpt:17500 reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy DROP 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
<br />
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
}}<br />
<br />
And replace our second rule with one that rejects everything on port {{ic|17500}}:<br />
<br />
# iptables -R INPUT 2 -p tcp --dport 17500 -j REJECT --reject-with icmp-port-unreachable<br />
<br />
Our final rule list now looks like this:<br />
<br />
{{hc|# iptables -nvL --line-numbers|<br />
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
1 0 0 ACCEPT tcp -- * * 10.0.0.85 0.0.0.0/0 tcp dpt:17500 /* Friendly Dropbox */<br />
2 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:17500 reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy DROP 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
<br />
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br />
num pkts bytes target prot opt in out source destination<br />
}}<br />
<br />
=== Guides ===<br />
<br />
* [[Simple stateful firewall]]<br />
* [[Router]]<br />
<br />
== Logging ==<br />
<br />
The {{ic|LOG}} target can be used to log packets that hit a rule. Unlike other targets like {{ic|ACCEPT}} or {{ic|DROP}}, the packet will continue moving through the chain after hitting a {{ic|LOG}} target. This means that in order to enable logging for all dropped packets, you would have to add a duplicate {{ic|LOG}} rule before each DROP rule. Since this reduces efficiency and makes things less simple, a {{ic|logdrop}} chain can be created instead.<br />
<br />
Create the chain with:<br />
<br />
# iptables -N logdrop<br />
<br />
And add the following rules to the newly created chain:<br />
<br />
# iptables -A logdrop -m limit --limit 5/m --limit-burst 10 -j LOG<br />
# iptables -A logdrop -j DROP<br />
<br />
Explanation for {{ic|limit}} and {{ic|limit-burst}} options is given [[#Limiting log rate|below]].<br />
<br />
Now whenever we want to drop a packet and log this event, we just jump to the {{ic|logdrop}} chain, for example:<br />
<br />
# iptables -A INPUT -m conntrack --ctstate INVALID -j logdrop<br />
<br />
=== Limiting log rate ===<br />
<br />
The above {{ic|logdrop}} chain uses the limit module to prevent the ''iptables'' log from growing too large or causing needless hard drive writes. Without limiting an erroneously configured service trying to connect, or an attacker, could fill the drive (or at least the {{ic|/var}} partition) by causing writes to the iptables log.<br />
<br />
The limit module is called with {{ic|-m limit}}. You can then use {{ic|--limit}} to set an average rate and {{ic|--limit-burst}} to set an initial burst rate. In the {{ic|logdrop}} example above:<br />
<br />
iptables -A logdrop -m limit --limit 5/m --limit-burst 10 -j LOG<br />
<br />
appends a rule which will log all packets that pass through it. The first 10 consecutive packets will be logged, and from then on only 5 packets per minute will be logged. The "limit burst" count is reset every time the "limit rate" is not broken, i.e. logging activity returns to normal automatically.<br />
<br />
=== Viewing logged packets ===<br />
<br />
Logged packets are visible as kernel messages in the [[systemd journal]].<br />
<br />
To view all packets that were logged since the machine was last booted:<br />
# journalctl -k | grep "IN=.*OUT=.*" | less<br />
<br />
=== syslog-ng ===<br />
<br />
Assuming you are using [[syslog-ng]], you can control where iptables' log output goes this way:<br />
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };<br />
to<br />
filter f_everything { level(debug..emerg) and not facility(auth, authpriv) and not filter(f_iptables); };<br />
<br />
This will stop logging iptables output to {{ic|/var/log/everything.log}}.<br />
<br />
If you also want iptables to log to a different file than {{ic|/var/log/iptables.log}}, you can simply change the file value of destination {{ic|d_iptables}} here (still in {{ic|syslog-ng.conf}})<br />
destination d_iptables { file("/var/log/iptables.log"); };<br />
<br />
=== ulogd ===<br />
<br />
[http://www.netfilter.org/projects/ulogd/index.html ulogd] is a specialized userspace packet logging daemon for netfilter that can replace the default {{ic|LOG}} target. The package {{Pkg|ulogd}} is available in the {{ic|[community]}} repository.<br />
<br />
== See also ==<br />
* [[Wikipedia:iptables|Wikipedia article]]<br />
* [[Port knocking]]<br />
* [http://www.netfilter.org/projects/iptables/index.html Official iptables web site]<br />
* [http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html iptables Tutorial 1.2.2] by Oskar Andreasson<br />
* [[debian:iptables|Debian Wiki - iptables]]<br />
* [https://home.regit.org/netfilter-en/secure-use-of-helpers/ Secure use of connection tracking helpers]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=635433Talk:ECryptfs2020-09-14T22:32:14Z<p>Lafleur: answer /* Changes to /etc/pam.d/system-auth for auto-mounting */</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)<br />
<br />
::::::::Hey, thanks for the heads up. Sounds like great news, though I faintly remember the ecryptfs was always arguing that systemd does not warrant respecitve processes accessing the dir being stopped on user logout. Anyhow, please go ahead and share - it sure is something like a show-stopper for Arch usage of the package in some system environments. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:27, 14 November 2018 (UTC)<br />
<br />
::::::::: Well; I did it at last. Now it seems pretty clear to me, as I tested the setup on 2 machines of daily use. One way or the other, the {{ic|systemd-logind}} process can't quit on user logout if it did reach {{ic|session pam_ecryptfs.so}} in {{ic|system-auth}}. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
== Changes to /etc/pam.d/system-auth for auto-mounting ==<br />
<br />
Section 2.1.3.2 explains the changes to {{ic|/etc/pam.d/system-auth}} that are required for auto-mounting. As the contents of this file have [https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3#diff-8d0411b338c83cd8cd8ad9d9db127101 changed], the guide needs to be updated.<br />
The following works for me, however, I do not use systemd-homed. So, this needs to be verified / corrected:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth [default&#61;die] pam_faillock.so authfail}} add:<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|-password [success&#61;1 default&#61;ignore] pam_systemd_home.so}} insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
[[User:Bananana|Bananana]] ([[User talk:Bananana|talk]]) 13:09, 19 August 2020 (UTC)<br />
<br />
: You were right ! It was corrected (maybe you did) [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:32, 14 September 2020 (UTC)<br />
<br />
=== Updating pam.d files used ===<br />
<br />
Why do we modify {{ic|system-auth}} ? [https://wiki.archlinux.org/index.php/Pam_mount pam_mount] actually modifies {{ic|system-login}} for {{ic|session}} and {{ic|auth}} instructions, and {{ic|password}} for {{ic|password}} instructions. It seems indeed adapted to process home-mounting sequences on login procedure. And I can really understand that {{ic|su}} fails for the reason that it can't access home directory if nobody has logged in. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=635431Talk:ECryptfs2020-09-14T22:29:43Z<p>Lafleur: /* Updating pam.d files used */ compare more precisely with pam_mount</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)<br />
<br />
::::::::Hey, thanks for the heads up. Sounds like great news, though I faintly remember the ecryptfs was always arguing that systemd does not warrant respecitve processes accessing the dir being stopped on user logout. Anyhow, please go ahead and share - it sure is something like a show-stopper for Arch usage of the package in some system environments. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:27, 14 November 2018 (UTC)<br />
<br />
::::::::: Well; I did it at last. Now it seems pretty clear to me, as I tested the setup on 2 machines of daily use. One way or the other, the {{ic|systemd-logind}} process can't quit on user logout if it did reach {{ic|session pam_ecryptfs.so}} in {{ic|system-auth}}. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
=== Updating pam.d files used ===<br />
<br />
Why do we modify {{ic|system-auth}} ? [https://wiki.archlinux.org/index.php/Pam_mount pam_mount] actually modifies {{ic|system-login}} for {{ic|session}} and {{ic|auth}} instructions, and {{ic|password}} for {{ic|password}} instructions. It seems indeed adapted to process home-mounting sequences on login procedure. And I can really understand that {{ic|su}} fails for the reason that it can't access home directory if nobody has logged in. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
== Changes to /etc/pam.d/system-auth for auto-mounting ==<br />
<br />
Section 2.1.3.2 explains the changes to {{ic|/etc/pam.d/system-auth}} that are required for auto-mounting. As the contents of this file have [https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3#diff-8d0411b338c83cd8cd8ad9d9db127101 changed], the guide needs to be updated.<br />
The following works for me, however, I do not use systemd-homed. So, this needs to be verified / corrected:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth [default&#61;die] pam_faillock.so authfail}} add:<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|-password [success&#61;1 default&#61;ignore] pam_systemd_home.so}} insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
[[User:Bananana|Bananana]] ([[User talk:Bananana|talk]]) 13:09, 19 August 2020 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=635427Talk:ECryptfs2020-09-14T22:13:49Z<p>Lafleur: /* Automounting */ typo</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)<br />
<br />
::::::::Hey, thanks for the heads up. Sounds like great news, though I faintly remember the ecryptfs was always arguing that systemd does not warrant respecitve processes accessing the dir being stopped on user logout. Anyhow, please go ahead and share - it sure is something like a show-stopper for Arch usage of the package in some system environments. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:27, 14 November 2018 (UTC)<br />
<br />
::::::::: Well; I did it at last. Now it seems pretty clear to me, as I tested the setup on 2 machines of daily use. One way or the other, the {{ic|systemd-logind}} process can't quit on user logout if it did reach {{ic|session pam_ecryptfs.so}} in {{ic|system-auth}}. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
Another question rises for me, why do we modify {{ic|system-auth}} ? [https://wiki.archlinux.org/index.php/Pam_mount pam_mount] actually modifies {{ic|system-login}}. It seems indeed adapted to process home-mounting sequences on login procedure. And I can really understand that {{ic|su}} fails for the reason that it can't access home directory if nobody has logged in. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
== Changes to /etc/pam.d/system-auth for auto-mounting ==<br />
<br />
Section 2.1.3.2 explains the changes to {{ic|/etc/pam.d/system-auth}} that are required for auto-mounting. As the contents of this file have [https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3#diff-8d0411b338c83cd8cd8ad9d9db127101 changed], the guide needs to be updated.<br />
The following works for me, however, I do not use systemd-homed. So, this needs to be verified / corrected:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth [default&#61;die] pam_faillock.so authfail}} add:<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|-password [success&#61;1 default&#61;ignore] pam_systemd_home.so}} insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
[[User:Bananana|Bananana]] ([[User talk:Bananana|talk]]) 13:09, 19 August 2020 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=635426Talk:ECryptfs2020-09-14T22:13:14Z<p>Lafleur: /* Automounting */ signing</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)<br />
<br />
::::::::Hey, thanks for the heads up. Sounds like great news, though I faintly remember the ecryptfs was always arguing that systemd does not warrant respecitve processes accessing the dir being stopped on user logout. Anyhow, please go ahead and share - it sure is something like a show-stopper for Arch usage of the package in some system environments. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:27, 14 November 2018 (UTC)<br />
<br />
:::::::: Well; I did it at last. Now it seems pretty clear to me, as I tested the setup on 2 machines of daily use. One way or the other, the {{ic|systemd-logind}} process can't quit on user logout if it did reach {{ic|session pam_ecryptfs.so}} in {{ic|system-auth}}. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
Another question rises for me, why do we modify {{ic|system-auth}} ? [https://wiki.archlinux.org/index.php/Pam_mount pam_mount] actually modifies {{ic|system-login}}. It seems indeed adapted to process home-mounting sequences on login procedure. And I can really understand that {{ic|su}} fails for the reason that it can't access home directory if nobody has logged in. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 22:13, 14 September 2020 (UTC)<br />
<br />
== Changes to /etc/pam.d/system-auth for auto-mounting ==<br />
<br />
Section 2.1.3.2 explains the changes to {{ic|/etc/pam.d/system-auth}} that are required for auto-mounting. As the contents of this file have [https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3#diff-8d0411b338c83cd8cd8ad9d9db127101 changed], the guide needs to be updated.<br />
The following works for me, however, I do not use systemd-homed. So, this needs to be verified / corrected:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth [default&#61;die] pam_faillock.so authfail}} add:<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|-password [success&#61;1 default&#61;ignore] pam_systemd_home.so}} insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
[[User:Bananana|Bananana]] ([[User talk:Bananana|talk]]) 13:09, 19 August 2020 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=635425Talk:ECryptfs2020-09-14T22:12:07Z<p>Lafleur: /* Automounting */ discuss auto-unmount and which pam.d file to modify</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)<br />
<br />
::::::::Hey, thanks for the heads up. Sounds like great news, though I faintly remember the ecryptfs was always arguing that systemd does not warrant respecitve processes accessing the dir being stopped on user logout. Anyhow, please go ahead and share - it sure is something like a show-stopper for Arch usage of the package in some system environments. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:27, 14 November 2018 (UTC)<br />
<br />
:::::::: Well; I did it at last. Now it seems pretty clear to me, as I tested the setup on 2 machines of daily use. One way or the other, the {{ic|systemd-logind}} process can't quit on user logout if it did reach {{ic|session pam_ecryptfs.so}} in {{ic|system-auth}}.<br />
<br />
: Another question rises for me, why do we modify {{ic|system-auth}} ? [https://wiki.archlinux.org/index.php/Pam_mount pam_mount] actually modifies {{ic|system-login}}. It seems indeed adapted to process home-mounting sequences on login procedure. And I can really understand that {{ic|su}} fails for the reason that it can't access home directory if nobody has logged in.<br />
<br />
== Changes to /etc/pam.d/system-auth for auto-mounting ==<br />
<br />
Section 2.1.3.2 explains the changes to {{ic|/etc/pam.d/system-auth}} that are required for auto-mounting. As the contents of this file have [https://github.com/archlinux/svntogit-packages/commit/2d5af94ae55a5c98837ce9631f331ad2aad32bb3#diff-8d0411b338c83cd8cd8ad9d9db127101 changed], the guide needs to be updated.<br />
The following works for me, however, I do not use systemd-homed. So, this needs to be verified / corrected:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth [default&#61;die] pam_faillock.so authfail}} add:<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|-password [success&#61;1 default&#61;ignore] pam_systemd_home.so}} insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
[[User:Bananana|Bananana]] ([[User talk:Bananana|talk]]) 13:09, 19 August 2020 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=ECryptfs&diff=635423ECryptfs2020-09-14T21:50:51Z<p>Lafleur: /* Auto-mounting */ update with workaround for systemd+PAM not auto-unmounting home dir on logout</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Data-at-rest encryption]]<br />
[[Category:Stackable file systems]]<br />
[[fr:Encryption avec eCryptfs]]<br />
[[it:ECryptfs]]<br />
[[ja:ECryptfs]]<br />
[[ru:ECryptfs]]<br />
This article describes basic usage of [https://launchpad.net/ecryptfs eCryptfs]. It guides you through the process of creating a private and secure encrypted directory within your home directory to store sensitive files and private data.<br />
<br />
In implementation eCryptfs differs from [[dm-crypt]], which provides a ''block device encryption layer'', while eCryptfs is an actual file-system &ndash; a [[wikipedia:Cryptographic_filesystems|stacked cryptographic file system]]. For comparison of the two you can refer to the [[Data-at-rest encryption#Comparison table]]. One distinguished feature is that the encryption is stacked on an existing filesystem; eCryptfs can be mounted onto any single existing directory and does not require a separate partition (or size pre-allocation). <br />
<br />
== Basics ==<br />
<br />
As mentioned in the summary eCryptfs does not require special on-disk storage allocation effort, such as a separate partition or pre-allocated space. Instead, you can mount eCryptfs on top of any single directory to protect it. That includes, for example, a user's entire home directory or single dedicated directories within it. All cryptographic metadata is stored in the headers of files, so encrypted data can be easily moved, stored for backup and recovered. There are other advantages, but there are also drawbacks, for instance eCryptfs is not suitable for encrypting complete partitions which also means you cannot protect swap space with it (but you can, of course, combine it with [[Dm-crypt/Swap encryption]]). If you are just starting to set up disk encryption, swap encryption and other points to consider are covered in [[Data-at-rest encryption#Preparation]].<br />
<br />
To familiarize with eCryptfs a few points: <br />
* As a stacked filesystem, a mounting of an eCryptfs directory refers to mounting a (stacked) encrypted directory to another '''un'''encrypted mount point (directory) at Linux kernel runtime. <br />
* It is possible to share an encrypted directory between users. However, the encryption is linked to one passphrase so this must be shared as well. It is also possible to share a directory with differently encrypted files (different passphrases). <br />
* Several eCryptfs terms are used throughout the documentation: <br />
** The encrypted directory is referred to as the '''lower''' and the unencrypted as the '''upper''' directory throughout the eCryptfs documentation and this article. While not relevant for this article, the [[Overlay filesystem]] introduced with Linux 3.18 uses [https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#upper-and-lower the same upper/lower nomenclature] for the stacking of filesystems. <br />
** The '''mount''' passphrase (or key) is what gives access to the encrypted files, i.e. unlocks the encryption. eCryptfs uses the term '''wrapped''' passphrase to refer to the cryptographically secured mount passphrase.<br />
** {{ic|FEFEK}} refers to a '''F'''ile's '''E'''ncryption key '''E'''ncryption '''Key''' (see [https://www.kernel.org/doc/html/latest/security/keys/ecryptfs.html kernel documentation]). <br />
** {{ic|FNEK}} refers to a '''F'''ile '''N'''ame '''E'''ncryption '''K'''ey, a key to (optionally) encrypt the filenames stored in the encrypted directory.<br />
<br />
Before using eCryptfs, the following disadvantages should be checked for applicability. <br />
<br />
=== Deficiencies ===<br />
<br />
* Ease of use <br />
:The {{Pkg|ecryptfs-utils}} package provides several different ways of setting up eCryptfs. The high-level [[#Ubuntu tools]] are the easiest to use, but they hard-code the lower directory path and other settings, limiting their usefulness. The package also includes low-level tools which are fully configurable, but they are somewhat more difficult to use compared to alternatives like [[EncFS]].<br />
<br />
* File name length<br />
:File names longer than 143 bytes cannot be encrypted (with the {{ic|FNEK}} option) when stacked on a filesystem with a maximum file name length of 255 bytes.[https://bugs.launchpad.net/ecryptfs/+bug/344878] This can break some programs in your home directory (for example [[wikipedia:Symfony|Symfony]] caching).<br />
<br />
* Network storage mounts<br />
:eCryptfs has long-standing [https://bugs.launchpad.net/ecryptfs/+bug/277578 bugs] when used on top of NFS and possibly other networked filesystems, for example, [[#Mounting may fail on a remote host when connecting via Mosh]]. It is always possible to use eCryptfs on a local directory and then copy the encrypted files from the local directory to a network host. However, if you want to set up eCryptfs directly on top of an NFS mount, with no local copy of the files, eCryptfs may crash or behave incorrectly. If in doubt, [[EncFS]] may be a better choice in this case.<br />
<br />
* Sparse files<br />
:[[wikipedia:Sparse_file|Sparse files]] written to eCryptfs will produce larger, non-sparse encrypted files in the lower directory. For example, in an eCryptfs directory running {{ic|truncate -s 1G file.img}} creates a 1GB encrypted file on the underlying filesystem, with the corresponding resource (disk space, data throughput) requirements. If the same file were created on an unencrypted filesystem or a filesystem using [[Disk_encryption#Block device encryption|block device encryption]], it would only take a few kilobytes.<br />
<br />
:This should be considered before encrypting large portions of the directory structure, though in most cases the disadvantages will be minor. If you need to use large sparse files, you can work around this issue by putting the sparse files in an unencrypted directory or using block device encryption for them.<br />
<br />
== Setup & mounting ==<br />
<br />
Before starting, check the eCryptfs documentation. It is distributed with a very good and complete set of [https://www.ecryptfs.org/documentation manual pages].<br />
<br />
eCryptfs has been included in Linux since version 2.6.19. Start by loading the {{ic|ecryptfs}} module:<br />
# modprobe ecryptfs<br />
<br />
To actually mount an eCryptfs filesystem, you need to use userspace tools provided by the package {{pkg|ecryptfs-utils}} available in the [[Official repositories]]. Unfortunately, due to the poor design of these tools, you must choose between three ways of setting up eCryptfs with different tradeoffs:<br />
<br />
# Use the high-level [[#Ubuntu tools]], which set things up automatically but require the lower directory to be {{ic|~/.Private/}}, and allow only one encrypted filesystem per user.<br />
# Use [[#ecryptfs-simple|ecryptfs-simple]], available from AUR, which is an easy way to mount eCryptfs filesystems using any lower directory and upper directory.<br />
# [[#Manual setup]], which involves separate steps for loading the passphrase and mounting eCryptfs, but allows complete control over the directories and encryption settings.<br />
<br />
=== Ubuntu tools ===<br />
<br />
Most of the user-friendly convenience tools installed by the {{Pkg|ecryptfs-utils}} package assume a very specific eCryptfs setup, namely the one that is officially used by Ubuntu (where it can be selected as an option during distro installation). Unfortunately, these choices are not just default options but are actually hard-coded in the tools. If this set-up does not suit your needs, then you can not use the convenience tools and will have to follow the steps at [[#Manual setup]] instead.<br />
<br />
The set-up used by these tools is as follows:<br />
<br />
* each user can have '''only one encrypted directory''' that is managed by these tools:<br />
** either full {{ic|$HOME}} directory encryption, or <br />
** a single encrypted data directory (by default {{ic|~/Private/}}, but this can be customized).<br />
* the '''lower directory''' for each user is always {{ic|~/.Private/}}<br><small>(in the case of full home dir encryption, this will be a symlink to the actual location at {{ic|/home/.ecryptfs/$USER/.Private/}})</small><br />
* the '''encryption options''' used are:<br />
** ''cipher:'' AES<br />
** ''key length:'' 16 bytes (128 bits)<br />
** ''key management scheme:'' passphrase<br />
** ''plaintext passthrough:'' enabled<br />
* the '''configuration / control info''' for the encrypted directory is stored in a bunch of files at {{ic|~/.ecryptfs/}}:<br><small>(in the case of full home dir encryption, this will be a symlink to the actual location at {{ic|/home/.ecryptfs/$USER/.ecryptfs/}})</small><br />
** {{ic|Private.mnt}} ''[plain text file]'' - contains the path where the upper directory should be mounted (e.g. {{ic|/home/lucy}} or {{ic|/home/lucy/Private}})<br />
** {{ic|Private.sig}} ''[plain text file]'' - contains the signature used to identify the mount passphrase in the kernel keyring<br />
** {{ic|wrapped-passphrase}} ''[binary file]'' - the mount passphrase, encrypted with the login passphrase<br />
** {{ic|auto-mount}}, {{ic|auto-umount}} ''[empty files]'' - if they exist, the {{ic|pam_ecryptfs.so}} module will (assuming it is loaded) automatically mount/unmount this encrypted directory when the user logs in/out<br />
<br />
==== Encrypting a data directory ====<br />
For a full {{ic|$HOME}} directory encryption see [[#Encrypting a home directory]]<br />
<br />
Before the data directory encryption is setup, decide whether it should later be mounted manually or automatically with the user log-in. <br />
<br />
To encrypt a single data directory as a user and mount it manually later, run:<br />
$ ecryptfs-setup-private --nopwcheck --noautomount <br />
<br />
and follow the instructions. The option {{ic|--nopwcheck}} enables you to choose a passphrase different to the user login passphrase and the option {{ic|--noautomount}} is self-explanatory. So, if you want to setup the encrypted directory automatically on log-in later, just ''leave out'' both options right away. <br />
<br />
The script will automatically create the {{ic|~/.Private/}} and {{ic|~/.ecryptfs/}} directory structures as described in the box above. It will also ask for two passphrases:<br />
<br />
;'''login passphrase''': This is the password you will have to enter each time you want to mount the encrypted directory. If you want auto-mounting on login to work, it has to be the same password you use to login to your user account. <br />
<br />
;'''mount passphrase''': This is used to derive the actual file encryption master key. Thus, you should not enter a custom one unless you know what you are doing - instead press Enter to let it auto-generate a secure random one. It will be encrypted using the login passphrase and stored in this encrypted form in {{ic|~/.ecryptfs/wrapped-passphrase}}. Later it will automatically be decrypted ("unwrapped") again in RAM when needed, so you never have to enter it manually. Make sure this file does not get lost, otherwise you can never access your encrypted folder again! You may want to run {{ic|ecryptfs-unwrap-passphrase}} to see the mount passphrase in unencrypted form, write it down on a piece of paper, and keep it in a safe (or similar), so you can use it to recover your encrypted data in case the ''wrapped-passphrase'' file is accidentally lost/corrupted or in case you forget the login passphrase.<br />
<br />
The mount point ("upper directory") for the encrypted folder will be at {{ic|~/Private}} by default, however you can manually change this right after the setup command has finished running, by doing:<br />
<br />
$ mv ~/Private /path/to/new/folder<br />
$ echo /path/to/new/folder > ~/.ecryptfs/Private.mnt<br />
<br />
To actually use your encrypted folder, you will have to mount it - see [[#Mounting]] below.<br />
<br />
==== Encrypting a home directory ====<br />
<br />
The wrapper script {{ic|ecryptfs-migrate-home}} will set up an encrypted home directory for a user and take care of migrating any existing files they have in their not yet encrypted home directory.<br />
<br />
To run it, the user in question must be logged out and own no processes. The best way to achieve this is to log the user out, log into a console as the root user, and check that {{ic|ps -U ''username''}} returns no output. You also need to ensure that you have {{pkg|rsync}}, {{pkg|lsof}}, and {{pkg|which}} installed. Once the prerequisites have been met, run:<br />
<br />
# modprobe ecryptfs<br />
# ecryptfs-migrate-home -u ''username''<br />
<br />
and follow the instructions. After the wrapper script is complete, follow the instructions for auto-mounting - see [[#Auto-mounting]] below. It is imperative that the user logs in ''before'' the next reboot, to complete the process.<br />
<br />
Once everything is working, the unencrypted backup of the users home directory, which is saved to {{ic|/home/''username''.''random_characters''}}, can and should be deleted.<br />
<br />
==== Mounting ====<br />
<br />
===== Manually =====<br />
<br />
Executing the wrapper <br />
$ ecryptfs-mount-private <br />
and entering the passphrase is all needed to mount the encrypted directory to the ''upper directory'' {{ic|~/Private}}, described in [[#Ubuntu tools]].<br />
<br />
Likewise, executing<br />
$ ecryptfs-umount-private<br />
will unmount it again. <br />
<br />
{{Tip|If it is not required to access the private data permanently during a user session, maybe define an [[alias]] to speed the manual step up.}}<br />
<br />
The tools include another script that can be very handy to access an encrypted {{ic|.Private}} data or home directory. Executing {{ic|ecryptfs-recover-private}} as root will search the system (or an optional specific path) for the directory, interactively query the passphrase for it and mount the directory. It can, for example, be used from a live-CD or different system to access the encrypted data in case of a recovery. Note that if booting from an Arch Linux ISO you must first install the {{pkg|ecryptfs-utils}} to it. Further, it will only be able to mount {{ic|.Private}} directories created with the Ubuntu tools.<br />
<br />
===== Auto-mounting =====<br />
<br />
The default way to auto-mount an encrypted directory is via [[Pam_mount|PAM]]. See {{man|8|pam_ecryptfs}} and - for more details - 'PAM MODULE' in:<br />
/usr/share/doc/ecryptfs-utils/README<br />
<br />
For auto-mounting it is required that the passphrase to access the encrypted directory is synchronised with the user log-in. <br />
<br />
The following steps set it up: <br />
<br />
1. Check if {{ic|~/.ecryptfs/auto-mount}}, {{ic|~/.ecryptfs/auto-umount}} and {{ic|~/.ecryptfs/wrapped-passphrase}} exist (these are automatically created by ''ecryptfs-setup-private'').<br />
<br />
2. Add ''ecryptfs'' to the pam-stack exactly as following to allow transparent unwrapping of the passphrase on login:<br />
<br />
Open {{ic|/etc/pam.d/system-auth}} and ''after'' the line containing {{ic|auth required pam_unix.so}} (or {{ic|1=auth [default=die] pam_faillock.so authfail}} if present) add:<br />
auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet<br />
auth required pam_ecryptfs.so unwrap<br />
Next, ''above'' the line containing {{ic|password required pam_unix.so}} (or {{ic|1=-password [success=1 default=ignore] pam_systemd_home.so}} if present) insert:<br />
password optional pam_ecryptfs.so<br />
And finally, ''after'' the line {{ic|session required pam_unix.so}} add:<br />
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet<br />
session optional pam_ecryptfs.so unwrap<br />
<br />
{{Note|1=The {{ic|pam_succeed_if.so}} instructions tells the process to ''skip the next line'' if the service requesting authentication is {{ic|systemd-user}}, that runs parallel to your user session and also authenticates through PAM. Should the home directory be mounted a second time, PAM would be unable to unmount it. This is referenced as a [https://bbs.archlinux.org/viewtopic.php?id=194509 break] with systemd and bugs are filed against it : [https://bugs.freedesktop.org/show_bug.cgi?id=72759] [https://nwrickert2.wordpress.com/2013/12/16/systemd-user-manager-ecryptfs-and-opensuse-13-1/] [https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/313812/comments/43] [http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2014-October/004088.html]. The method exposed here is a workaround. }}<br />
<br />
3. Re-login and check output of ''mount'' which should now contain a mountpoint, e.g.:<br />
/home/$USER/.Private on /home/$USER/Private type ecryptfs (...)<br />
for the user's encrypted directory. It should be perfectly readable at {{ic|~$HOME/Private/}}. <br />
<br />
{{Note|The above changes to {{ic|system-auth}} enable auto-mounting for normal login. If you switch users instead, using {{ic|su -}} or {{ic|su -l}}, you need to apply similar changes also to {{ic|/etc/pam.d/su-l}}.}}<br />
<br />
The latter should be automatically unmounted and made unavailable when the user logs off. <br />
<br />
{{Note|If you use systemd-user [https://wiki.archlinux.org/index.php/Systemd/User#Automatic_start-up_of_systemd_user_instances lingering] services, or other separate processes that survive after you logout, your home directory will not get unmounted until they exit. This is intended, because the user processes should always be able to save their state.}}<br />
<br />
=== ecryptfs-simple ===<br />
<br />
Use [http://xyne.archlinux.ca/projects/ecryptfs-simple/ ecryptfs-simple] if you just want to use eCryptfs to mount arbitrary directories the way you can with [[EncFS]]. ecryptfs-simple does not require root privileges or entries in {{ic|/etc/fstab}}, nor is it limited to hard-coded directories such as {{ic|~/.Private}}. The package is available to be [[install]]ed as {{AUR|ecryptfs-simple}} and from [http://xyne.archlinux.ca/repos/ Xyne's repos].<br />
<br />
As the name implies, usage is simple:<br />
# simple mounting<br />
ecryptfs-simple /path/to/foo /path/to/bar<br />
<br />
# automatic mounting: prompts for options on the first mount of a directory then reloads them next time<br />
ecryptfs-simple -a /path/to/foo /path/to/bar<br />
<br />
# unmounting by source directory<br />
ecryptfs-simple -u /path/to/foo<br />
<br />
# unmounting by mountpoint<br />
ecryptfs-simple -u /path/to/bar<br />
<br />
=== Manual setup ===<br />
<br />
The following details instructions to set up eCryptfs encrypted directories manually. This involves two steps. First, the passphrase is processed and loaded into the kernel keyring. Second, the filesystem is actually mounted using the key from the keyring.<br />
<br />
There are two ways to add the passphrase to the kernel keyring in the first step. The simpler option is {{ic|ecryptfs-add-passphrase}}, which uses a single passphrase to encrypt the files. The disadvantage is that you cannot change the passphrase later. It works like this:<br />
$ ecryptfs-add-passphrase<br />
Passphrase: <br />
Inserted auth tok with sig [78c6f0645fe62da0] into the user session keyring<br />
You can also pipe a passphrase into {{ic|ecryptfs-add-passphrase -}}. Keep in mind that if you leave your passphrase in a file, it will usually defeat the purpose of using encryption.<br />
<br />
As an alternative to a plain passphrase, you can use a "wrapped passphrase", where the files are encrypted using a randomly generated key, which is itself encrypted with your passphrase and stored in a file. In this case, you can change your passphrase by unwrapping the key file with your old passphrase and rewrapping it using your new passphrase. <br />
<br />
In the following we [https://stackoverflow.com/a/3980713 prompt] for the wrapping passphrase and do a generation similar to the [http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/src/utils/ecryptfs-setup-private#L96 source] and then use ''ecryptfs-wrap-passphrase'' to wrap it with the given password to {{ic|~/.ecryptfs/wrapped-passphrase}}:<br />
$ ( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) | xargs printf "%s\n%s" $(od -x -N 100 --width=30 /dev/random | head -n 1 | sed "s/^0000000//" | sed "s/\s*//g") | ecryptfs-wrap-passphrase /home/''username''/.ecryptfs/wrapped-passphrase<br />
Do not use a passphrase with more than 64 characters as this will result in an error later when using {{ic|ecryptfs-insert-wrapped-passphrase-into-keyring}}.<br />
<br />
Next, we can enter our passphrase to load the key into the keyring:<br />
$ ( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) | ecryptfs-insert-wrapped-passphrase-into-keyring /home/''username''/.ecryptfs/wrapped-passphrase -<br />
Inserted auth tok with sig [7c5d3dd8a1b49db0] into the user session keyring<br />
<br />
In either case, when you successfully add the passphrase to the kernel keyring, you will get a "key signature" like {{ic|78c6f0645fe62da0}} which you will need in the next step.<br />
<br />
There are two different ways of manually mounting eCryptfs, described in the following sections. The first way, using {{ic|mount.ecryptfs_private}}, can be run as a regular user and involves setting up some configuration files. This method does not allow you to change the encryption settings, such as key size. The second way is to use a raw {{ic|mount}} command, which gives you complete control over all settings, but requires you to either run it as root, or add an entry to {{ic|/etc/fstab}} which lets a user mount eCryptfs.<br />
<br />
{{Tip|The following examples use an encrypted directory ({{ic|.secret}}) different to the default, hard-coded {{ic|.Private}} in the Ubuntu tools. This is on purpose to avoid problems of erroneous [[#Auto-mounting]] when the system has PAM setup for it, as well as problems with other tools using the hard-coded defaults.}} <br />
<br />
==== With configuration files ====<br />
<br />
This method involves running {{ic|mount.ecryptfs_private}} from the {{Pkg|ecryptfs-utils}} package, after first loading your passphrase. This binary requires no root privileges to work by default.<br />
<br />
First choose a name for your configuration files in {{ic|~/.ecryptfs}} and decide on the lower and upper directories. In this example we use {{ic|secret}} for the configuration files, put in encrypted data in {{ic|~/.secret}}, and mount the decrypted files at {{ic|~/secret}}. Create the required directories:<br />
$ mkdir ~/.secret ~/secret ~/.ecryptfs<br />
<br />
Now specify the directories in {{ic|~/.ecryptfs/secret.conf}}, using full paths. Its format looks like the one in {{ic|/etc/fstab}} without the mount options:<br />
$ echo "$HOME/.secret $HOME/secret ecryptfs" > ~/.ecryptfs/secret.conf<br />
<br />
Write the key signature you got from {{ic|ecryptfs-add-passphrase}} or {{ic|ecryptfs-insert-wrapped-passphrase-into-keyring}} (see above) into {{ic|~/.ecryptfs/secret.sig}}:<br />
$ echo 78c6f0645fe62da0 > ~/.ecryptfs/secret.sig<br />
<br />
If you also want to enable filename encryption, add a second passphrase to the keyring (or reuse the first passphrase) and '''append''' its key signature to {{ic|~/.ecryptfs/secret.sig}}:<br />
$ echo 326a6d3e2a5d444a >> ~/.ecryptfs/secret.sig<br />
<br />
Finally, mount {{ic|~/.secret}} on {{ic|~/secret}}:<br />
$ mount.ecryptfs_private secret<br />
<br />
When you are done, unmount it:<br />
$ umount.ecryptfs_private secret<br />
<br />
==== Raw mount command ====<br />
<br />
By running the actual {{ic|mount}} command manually, you get complete control over the encryption options. The disadvantage is that you need to either run {{ic|mount}} as root, or add an entry to {{ic|/etc/fstab}} for each eCryptfs directory so users can mount them.<br />
<br />
First create your private directories. In this example, we use the same ones as the previous section:<br />
$ mkdir -m 700 ~/.secret<br />
$ mkdir -m 500 ~/secret<br />
<br />
To summarize:<br />
* Actual encrypted data will be stored in the lower {{ic|~/.secret}} directory <br />
* While mounted, decrypted data will be available in {{ic|~/secret}} directory <br />
** While not mounted nothing can be written to this directory<br />
** While mounted it has the same permissions as the lower directory<br />
<br />
Now, supposed you have created the [[#Manual setup|wrapped keyphrase]] above, you need to insert the encryption key once to the root user's keyring: <br />
# ( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) | ecryptfs-insert-wrapped-passphrase-into-keyring /home/''username''/.ecryptfs/wrapped-passphrase -<br />
Inserted auth tok with sig [7c5d3dd8a1b49db0] into the user session keyring<br />
<br />
so that the followng mount command succeeds: <br />
# mount -t ecryptfs ~/.secret ~/secret -o ecryptfs_sig=7c5d3dd8a1b49db0,ecryptfs_fnek_sig=7c5d3dd8a1b49db0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs<br />
* {{ic|ecryptfs_sig}} sets the data passphrase key signature.<br />
* {{ic|ecryptfs_fnek_sig}} sets the filename passphrase key signature; you can omit this option if you do not want to encrypt filenames.<br />
* {{ic|ecryptfs_key_bytes}} can be 16, 24, or 32 to change the encryption key size.<br />
* {{ic|ecryptfs_unlink_sigs}} will remove the passphrase(s) from the keyring when you unmount, so you have to add the passphrase(s) back again in order to re-mount the filesystem.<br />
* There are a few other options listed in the {{ic|ecryptfs}} man page.<br />
<br />
{{Tip|There is a {{ic|mount.ecryptfs}} tool, which you can run as root to enter the mount settings interactively. Once you have used it to mount eCryptfs, you can check {{ic|/etc/mtab}} to find out what options it used.}}<br />
<br />
Once you have chosen the right mount options, you can add an entry to {{ic|/etc/fstab}} so regular users can mount eCryptfs on these directories. Copy the mount options to a new {{ic|/etc/fstab}} entry and add the options {{ic|user}} and {{ic|noauto}}. The full entry will look similar to (bold entries added): <br />
<br />
{{hc|/etc/fstab|2=/home/''username''/.secret /home/''username''/secret ecryptfs '''noauto''','''user''',ecryptfs_sig=7c5d3dd8a1b49db0,ecryptfs_fnek_sig=7c5d3dd8a1b49db0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs '''0 0'''}}<br />
<br />
* The {{ic|noauto}} option is important, because otherwise systemd will error trying to mount the entry directly on boot.<br />
* The {{ic|user}} option enables to mount the directory as a user.<br />
** The user mount will default to option {{ic|noexec}}. If you want to have at least executable files in your private directory, you can add {{ic|exec}} to the fstab options.<br />
<br />
The setup is now complete and the directory should be mountable by the user. <br />
<br />
===== Mounting =====<br />
<br />
To mount the encrypted directory as the user, the passphrase must be unwrapped and made available in the user's keyring. Following above section example: <br />
$ ecryptfs-insert-wrapped-passphrase-into-keyring /home/''username''/.ecryptfs/wrapped-passphrase<br />
Passphrase: <br />
Inserted auth tok with sig [7c5d3dd8a1b49db0] into the user session keyring <br />
<br />
Now the directory can be mounted without the mount helper questions: <br />
$ mount -i /home/''username''/secret<br />
<br />
and files be placed into the {{ic|secret}} directory. The above two steps are necessary every time to mount the directory manually. <br />
<br />
To unmount it again: <br />
<br />
$ umount /home/''username''/secret<br />
<br />
To finalize, the preliminary passphrase to wrap the encryption passphrase may be changed: <br />
$ ecryptfs-rewrap-passphrase /home/''username''/.ecryptfs/wrapped-passphrase<br />
Old wrapping passphrase: <br />
New wrapping passphrase: <br />
New wrapping passphrase (again):<br />
<br />
The un-mounting should also clear the keyring, to check the user's keyring or clear it manually: <br />
$ keyctl list @u<br />
$ keyctl clear @u<br />
<br />
{{Note|One should remember that {{ic|/etc/fstab}} is for system-wide partitions only and should not generally be used for user-specific mounts}}<br />
<br />
===== Auto-mounting =====<br />
<br />
Different methods can be employed to automount the previously defined user-mount in {{ic|/etc/fstab}} on login. As a first general step, follow point (1) and (2) of [[#Auto-mounting]]. <br />
<br />
Then, if you login via console, a simple way is to specify the [[#Mounting_2|user-interactive]] ''mount'' and ''umount'' in the user's shell configuration files, for example [[Bash#Configuration files]]. <br />
<br />
{{Accuracy|<br>- the section should be more generic than it is now<br><br />
- the described method does not work for users, for encountered problems:|section=#Automounting}}<br />
<br />
Another method is to automount the eCryptfs directory on user login using [[pam_mount]]. To configure this method, add the following lines to {{ic|/etc/security/pam_mount.conf.xml}}:<br />
<br />
<luserconf name=".pam_mount.conf.xml" /><br />
<mntoptions require="" /> <!-- Default required mount options are ; this clears them --><br />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount> <!-- --><br />
<br />
Please prefer writing manually these lines instead of simply copy/pasting them (especially the lclmount line), otherwise you might get some corrupted characters.<br />
Explanation:<br />
* the first line indicates where the user-based configuration file is located (here {{ic|~/.pam_mount.conf.xml}})<br />
* the second line overwrites the default required mount options which are unnecessary ("nosuid,nodev")<br />
* the last line indicates which mount command to run (eCryptfs needs the {{Ic|-i}} switch).<br />
<br />
Then set the volume definition, preferably to {{ic|~/.pam_mount.conf.xml}}:<br />
<pam_mount><br />
<volume noroot="1" fstype="ecryptfs" path="/home/user/.secret/" mountpoint="/home/user/secret/"/><br />
</pam_mount><br />
<br />
"noroot" is needed because the encryption key will be added to the user's keyring.<br />
<br />
Finally, edit {{ic|/etc/pam.d/login}} as described in the [[pam_mount]] article.<br />
<br />
====== Optional step ======<br />
<br />
To avoid wasting time needlessly unwrapping the passphrase you can create a script that will check ''pmvarrun'' to see the number of open sessions:<br />
#!/bin/sh<br />
#<br />
# /usr/local/bin/doecryptfs<br />
<br />
exit $(/usr/sbin/pmvarrun -u$PAM_USER -o0)<br />
<br />
With the following line added before the eCryptfs unwrap module in your PAM stack:<br />
auth [success=ignore default=1] pam_exec.so quiet /usr/local/bin/doecryptfs<br />
auth required pam_ecryptfs.so unwrap<br />
The article suggests adding these to {{ic|/etc/pam.d/login}}, but the changes will need to be added to all other places you login, such as {{ic|/etc/pam.d/kde}}.<br />
<br />
== Usage ==<br />
<br />
{{Expansion|Content that still may to be covered:<br />
- point to the above "Setup & Mounting" section for how to mount and unmount [this section here will cover all other (i.e. setup-independent) usage info]<br><br />
- reference ecryptfs tools not used/mentioned in the prior sections (e.g. with a short link to the online manpages and mention of the other tools usage, as it seems useful (not covered yet are, e.g. ecryptfs-stat, ecryptfs-find, ecryptfs-rewrite-file.) <br><br />
- mention the options to share an encrypted folder between users and to place non-encrypted files or folders in the encrypted container ("pass-through")<br />
(references for the points: [https://wiki.archlinux.org/index.php?title&61;Talk:ECryptfs&oldid&61;347981] and (maybe) [https://wiki.archlinux.org/index.php?title&61;ECryptfs&oldid&61;291214])<br />
|section=Major_restructuring/rewrite}}<br />
<br />
=== Symlinking into the encrypted directory ===<br />
<br />
Besides using your private directory as storage for sensitive files, and private data, you can also use it to protect application data. [[Firefox]] for example has an internal password manager, but the browsing history and cache can also be sensitive. Protecting it is easy:<br />
$ mv ~/.mozilla ~/Private/mozilla<br />
$ ln -s ~/Private/mozilla ~/.mozilla<br />
<br />
=== Removal of encryption ===<br />
<br />
There are no special steps involved, if you want to remove your private directory. Make sure it is un-mounted and delete the respective lower directory (e.g. {{ic|~/.Private}}), along with all the encrypted files. After also removing the related encryption signatures and configuration in {{ic|~/.ecryptfs}}, all is gone. <br />
<br />
If you were using the [[#Ubuntu tools]] to setup a single directory encryption, you can directly follow the steps detailed by: <br />
<br />
$ ecryptfs-setup-private --undo<br />
<br />
and follow the instructions.<br />
<br />
=== Backup ===<br />
<br />
If you want to move a file out of the private directory just move it to the new destination while {{ic|~/Private}} is mounted. <br />
<br />
With eCryptfs the cryptographic metadata is stored in the header of the files. Setup variants explained in this article separate the directory with encrypted data from the mount point. The unencrypted mount point is fully transparent and available for a backup. Obviously this has to be considered for automated backups, if one has to avoid leaking sensitive unencrypted data into a backup. <br />
<br />
You can do backups, or incremental backups, of the encrypted (e.g. {{ic|~/.Private}}) directory, treating it like any other directory. <br />
<br />
Further points to note: <br />
<br />
* If you used the Ubuntu tools for [[#Encrypting a home directory]], be aware the location of the lower directory with the encrypted files is ''outside'' the regular user's {{ic|$HOME}} at {{ic|/home/.ecryptfs/$USER/.Private}}. <br />
<br />
* It should be ensured to include the eCryptfs setup files (located in {{ic|~/.ecryptfs}} usually) into the regular or a separate backup.<br />
<br />
* If you use special filesystem mount options, for example {{ic|ecryptfs_xattr}}, do extra checks on restore integrity.<br />
<br />
== Known issues ==<br />
<br />
=== Mounting may fail on a remote host when connecting via Mosh ===<br />
<br />
This is a [https://github.com/mobile-shell/mosh/issues/529 known issue] of [https://mosh.org/ Mosh] server, which does not keep the eCryptfs {{ic|/home}} directory mounted.<br />
<br />
== See also ==<br />
<br />
* [http://ecryptfs.org/documentation.html eCryptfs]{{Dead link|2020|02|23}} - Manpages and project home <br />
* [https://defuse.ca/audits/ecryptfs.htm Security audit] of eCryptfs by Taylor Hornby (January 22, 2014).<br />
* [http://sysphere.org/~anrxc/j/articles/ecryptfs/index.html eCryptfs and $HOME] by Adrian C. (anrxc) - Article with installation instructions and discussion of eCryptfs usage <br />
* [http://www.chromium.org/chromium-os/chromiumos-design-docs/protecting-cached-user-data Chromium data protection] (November 2009) - Design document detailing encryption options for Chromium OS, including explanation on its eCryptfs usage<br />
* [http://ecryptfs.sourceforge.net/ecryptfs.pdf eCryptfs design] by Michael Halcrow (May 2005) - Original design document detailing and discussing eCryptfs</div>Lafleurhttps://wiki.archlinux.org/index.php?title=JACK_Audio_Connection_Kit&diff=593397JACK Audio Connection Kit2019-12-29T01:16:01Z<p>Lafleur: syntax</p>
<hr />
<div>[[Category:Sound]]<br />
[[fr:Jack]]<br />
[[es:JACK Audio Connection Kit]]<br />
[[ja:JACK Audio Connection Kit]]<br />
{{Related articles start}}<br />
{{Related|Sound system}}<br />
{{Related|Professional audio}}<br />
{{Related articles end}}<br />
From [[Wikipedia:JACK Audio Connection Kit]]:<br />
:JACK Audio Connection Kit (or JACK; a recursive acronym) is a professional sound server daemon that provides real-time, low-latency connections for both audio and MIDI data between applications that implement its API. <br />
<br />
==Installation==<br />
In order for JACK to work properly, your user needs to be [[Users and groups#Group management|added]] to the {{ic|realtime}} group for access to higher ulimits defined in {{ic|/etc/security/limits.d/99-realtime-privileges.conf}} (provided by the {{Pkg|realtime-privileges}} package), which is needed for realtime audio processing.<br />
{{Note|You need to manually add your user to the {{ic|realtime}} group even if you're using logind, since logind just handles access to direct hardware.}}<br />
<br />
There are two JACK implementations, see [https://github.com/jackaudio/jackaudio.github.com/wiki/Q_difference_jack1_jack2 this comparison] for the difference between the two. In short, Jack 1 and Jack 2 are equivalent implementations of the same protocol. Programs compiled against Jack 1 will work with Jack 2 without recompile (and vice versa). <br />
<br />
===JACK2===<br />
'''JACK2''' is a C++ implementation with SMP support. [[Install]] it with the {{Pkg|jack2}} package. For 32-bit application support, also install the {{Pkg|lib32-jack2}} package from the [[multilib]] repository. To use the ''jack_control'' command, also install the {{Pkg|python-dbus}} package.<br />
<br />
===JACK===<br />
'''JACK''' uses a C API and supports more than one soundcard on Linux (plus MIDI). [[Install]] it with the {{pkg|jack}} package. For 32-bit application support, also install the {{Pkg|lib32-jack}} package from the [[multilib]] repository.<br />
<br />
===GUI===<br />
<br />
* {{App|Cadence|Set of tools useful for audio production. It performs system checks, manages JACK, calls other tools and make system tweaks.|https://kx.studio/Applications:Cadence|{{Pkg|cadence}}}}<br />
* {{App|Patchage|Modular patch bay for audio and MIDI systems based on JACK and ALSA.|https://drobilla.net/software/patchage|{{Pkg|patchage}}}}<br />
* {{App|PatchMatrix|JACK patch bay in flow matrix style.|https://git.open-music-kontrollers.ch/lad/patchmatrix/about/|{{Pkg|patchmatrix}}}}<br />
* {{App|QjackCtl|Simple Qt application to control the JACK sound server daemon.|https://qjackctl.sourceforge.io/|{{Pkg|qjackctl}}}}<br />
<br />
==Basic Configuration==<br />
<br />
===Overview===<br />
The right configuration for your hardware and application needs depends on several factors. Your sound card and CPU will heavily affect how low of latency you can achieve when using JACK.<br />
<br />
The mainline Linux kernel now supports realtime scheduling, so using a patched kernel is no longer necessary. However, {{AUR|linux-rt}} in the AUR is a patched kernel that has some extra patches that can help to get lower latencies.<br />
<br />
===A shell-based example setup===<br />
JACK2 can be directly launched with the ''jackd'' executable, or controlled with the D-Bus-based ''jack_control'' binary. ''jack_control'' makes it easy to start and configure JACK2 via a shell script. Note that you must install the {{Pkg|python-dbus}} package to use ''jack_control''.<br />
<br />
Create a shell script that can be executed at X login:<br />
<br />
{{hc|start_jack.sh|<br />
#!/bin/bash<br />
<br />
jack_control start<br />
jack_control ds alsa<br />
jack_control dps device hw:HD2<br />
jack_control dps rate 48000<br />
jack_control dps nperiods 2<br />
jack_control dps period 64<br />
sleep 10<br />
a2jmidid -e &<br />
sleep 10<br />
qjackctl &<br />
}}<br />
<br />
The above will start a working JACK instance which other programs can then utilize. Details of each line follow. When discovering your own best configuration, it is helpful to do trial and error using QjackCtl's GUI with a non-D-Bus JACK2 version.<br />
<br />
====Details of the shell-based example setup====<br />
<br />
jack_control start<br />
Starts JACK if it is not already started.<br />
jack_control ds alsa<br />
Sets JACK to use the ALSA driver set.<br />
jack_control dps device hw:HD2<br />
Sets JACK to use ALSA-compatible sound card named HD2. One can find the names with {{ic|cat /proc/asound/cards}}. Most ALSA tutorials and default configurations use card numbers, but this can get confusing when external MIDI devices are in use; names make it easier.<br />
jack_control dps rate 48000<br />
Sets JACK to use 48000 khz sampling. Happens to work very well with this card. Some cards only do 44100, many will go much higher. The higher you go, the lower your latency, but the better your card and your CPU have to be, and software has to support this as well.<br />
jack_control dps nperiods 2<br />
Sets JACK to use 2 periods. 2 is right for motherboard, PCI, PCI-X, etc.; 3 for USB.<br />
jack_control dps period 64<br />
Sets JACK to use 64 frames per period. Lower is less latency, but the setting in this script gives 2.67 ms latency, which is nicely low without putting too much stress on the particular hardware this example was built for. If a USB sound system were in use it might be good to try 32. Anything less than 3-4 ms should be fine for realtime synthesis and/or FX, 5 ms is the smallest a human being can detect. QjackCtl will tell you how you are doing; at no-load, which means no clients attached, you will want a max of 3-5% CPU usage, and if you cannot get that without xruns (the red numbers which mean the system cannot keep up with the demands), you will have to improve your hardware.<br />
sleep 10<br />
Wait for the above to settle.<br />
a2jmidid -e &<br />
Start the ALSA-to-JACK MIDI bridge. Good for mixing in applications which take MIDI input through ALSA but not JACK.<br />
sleep 10<br />
Wait for the above to settle.<br />
qjackctl &<br />
Load QjackCtl. GUI configuration tells it to run in the system tray. It will pick up the JACK session started by D-Bus just fine, and very smoothly too. It maintains the patchbay, the connections between these applications and any other JACK-enabled apps to be started manually. The patchbay is set up using manual GUI, but connections pre-configured in the patchbay are automatically created by QjackCtl itself when apps are started.<br />
<br />
===A GUI-based example setup===<br />
This example setup utilizes a more GUI focused configuration and management of JACK<br />
<br />
* Install {{Pkg|jack2}} and {{Pkg|python-dbus}}.<br />
* Install {{Pkg|qjackctl}}, and tell your GUI window/desktop system to run it at startup.<br />
* Make sure QjackCtl is told to:<br />
** use the D-Bus interface,<br />
** run at startup,<br />
** save its configuration to the default location,<br />
** start the JACK audio server on application startup,<br />
** enable the system tray icon, and<br />
** start minimized to system tray.<br />
* Reboot.<br />
* After logging in, you will see QjackCtl in your system tray. Left-click on it.<br />
* Tweak settings in the QjackCtl GUI to lower latency. The Frame Size, Frame Buffer, and Bitrate settings all affect latency. Larger frame sizes lower latency, lower frame buffers lower latency, and higher bitrate settings lower latency, but all increase load on the sound card and your CPU. A Latency of about ~5ms is desirable for direct monitoring of instruments or microphones, as the latency begins to become perceptible at higher latencies.<br />
<br />
===An alternative GUI-based setup===<br />
<br />
If you use JACK for demanding tasks , but every now and then, it's possible to suspend a running pulseaudio session with QjackCtl just when you're using it. On a virgin config, modify the "Server prefix" option in the "Settings" > "Advanced" submenu, so that it states :<br />
<br />
pasuspender -- jackd<br />
<br />
<br />
The pulseaudio session should resume fine after you close QjackCtl. Tip courtesy of [https://bbs.archlinux.org/viewtopic.php?pid=1163340#p1163340 this post].<br />
<br />
===Playing nice with ALSA===<br />
<br />
{{Note|1=There are several bugs in {{Pkg|alsa-lib}} and {{Pkg|alsa-plugins}} 1.1.9-2 that will cause audio to not play or errors regarding buffers with this setup. Please read [https://bbs.archlinux.org/viewtopic.php?id=250116] for workarounds and potential solutions.}} <br />
To allow Alsa programs to play while jack is running you must install the jack plugin for alsa with {{Pkg|alsa-plugins}}.<br />
<br />
And enable it by editing (or creating) /etc/asound.conf (system wide settings) to have these lines if you have a simple 2-channel setup:<br />
{{bc|<nowiki><br />
# convert alsa API over jack API<br />
# use it with<br />
# % aplay foo.wav<br />
<br />
# use this as default<br />
pcm.!default {<br />
type plug<br />
slave.pcm "jack"<br />
hint.description "Jack Audio"<br />
}</nowiki>}}<br />
<br />
If you have a different number of output/input channels or your first two channels aren't the ones you wish to route audio to, you cannot use the predefined jack pcm source from {{ic|/etc/alsa/conf.d/50-jack.conf}}, but rather something like:<br />
{{bc|<nowiki><br />
# the first jack port goes to an output we don't use and there are no recording devices<br />
pcm.!jack {<br />
type jack<br />
playback_ports {<br />
0 system:playback_2<br />
1 system:playback_3<br />
}<br />
}<br />
<br />
pcm.!default {<br />
type plug<br />
slave.pcm "jack"<br />
hint.description "Jack Audio"<br />
}</nowiki>}}<br />
<br />
You need not restart your computer or anything. Just edit the alsa config files, start up jack, and there you go...<br />
<br />
Remember to start it as a '''user'''. If you start it with {{ic|jackd}} -d alsa" as user X, it will not work for user Y.<br />
<br />
Another approach, using ALSA loopback device (more complex but probably more robust), is described in [https://alsa.opensrc.org/Jack_and_Loopback_device_as_Alsa-to-Jack_bridge this article].<br />
<br />
=== GStreamer ===<br />
<br />
GStreamer requires the {{pkg|gst-plugins-good}} package to work with JACK, which contains the jackaudiosink plugin that adds JACK playback support.<br />
<br />
Further information (outdated): http://jackaudio.org/faq/gstreamer_via_jack.html<br />
<br />
=== PulseAudio ===<br />
If you need to keep {{Pkg|pulseaudio}} installed (in the event it is required by other packages, like {{Pkg|gnome-settings-daemon}}), you may want to prevent it from spawning automatically with X and taking over from JACK.<br />
<br />
Edit {{ic|/etc/pulse/client.conf}}, uncomment "autospawn" and set it to "no":<br />
;autospawn = yes<br />
autospawn = no<br />
<br />
''If you want both to play along, see: [[PulseAudio/Examples#PulseAudio through JACK]]''<br />
<br />
=== Firewire ===<br />
In order to prevent ALSA from messing around with your firewire devices you have to blacklist all firewire related kernel modules. This also prevents PulseAudio from using firewire. Create the following file:<br />
<br />
{{hc|/etc/modprobe.d/alsa-no-jack.conf|<br />
blacklist snd-fireworks<br />
blacklist snd-bebob<br />
blacklist snd-oxfw<br />
blacklist snd-dice<br />
blacklist snd-firewire-digi00x<br />
blacklist snd-firewire-tascam<br />
blacklist snd-firewire-lib<br />
blacklist snd-firewire-transceiver<br />
blacklist snd-fireface<br />
blacklist snd-firewire-motu<br />
}}<br />
<br />
''The list of modules is the most recent available at the time of writing at [https://github.com/takaswie/snd-firewire-improve Alsa Firewire Improve Repository].''<br />
<br />
Now you can unload your loaded firewire modules or reboot.<br />
<br />
=== Network / remote audio ===<br />
<br />
JACK can be configured to send audio data over a network to a "master" machine, which then outputs the audio to a physical device. This can be useful to mix audio from a number of "slave" computers without requiring additional cables or hardware mixers, and keeping the audio path digital for as long as possible (as hardware mixers with digital inputs are very rare).<br />
<br />
The configuration is very simple, however it requires a network that supports multicast traffic (i.e. IGMP snooping must be enabled on managed network switches), and it requires all machines be running the same JACK major version (JACK1 or JACK2) as the protocols are not interoperable between versions. For JACK2, the {{ic|netmanager}} module must be loaded:<br />
<br />
{{bc|<nowiki><br />
master$ jack_load netmanager -i -c<br />
</nowiki>}}<br />
<br />
The {{ic|-i -c}} option tells the netmanager to automatically map any incoming connections to the default audio device. Without this, each incoming connection would have to be manually mapped on each connection. You can use {{ic|-i -h}} instead to see all available options, however note that the options are printed in the {{ic|jackd}} server output, the {{ic|jack_load}} command will not show anything.<br />
<br />
On the client, JACK must be started in network mode:<br />
<br />
{{bc|<nowiki><br />
slave$ jackd -d net<br />
</nowiki>}}<br />
<br />
The two machines will connect and on the master the new audio source will be visible:<br />
<br />
{{bc|<nowiki><br />
master$ jack_lsp<br />
system:playback_1<br />
system:playback_2<br />
remotehost:from_slave_1<br />
remotehost:from_slave_2<br />
</nowiki>}}<br />
<br />
If you passed the {{ic|-c}} option to {{ic|jack_load}} as above, then the remote system will now be able to play audio.<br />
<br />
==MIDI==<br />
<br />
JACK can handle one soundcard very well, and an arbitrary number of MIDI devices (connected e.g. via USB).<br />
If you start JACK and want to use a MIDI keyboard or a synthesizer or some other pure MIDI device, you have to start JACK with a proper soundcard (one that actually outputs or inputs PCM sound).<br />
As soon you have done that, you can connect the MIDI device. E.g. with QjackCtl ({{pkg|qjackctl}}), you click on the connect button and you will find your device listed under JACK-MIDI or ALSA-MIDI, depending on the driver.<br />
<br />
For JACK-MIDI, you may want to set the '''MIDI Driver''' to '''seq''' or '''raw''' in QjackCtl ''Setup > Settings''. This should make your MIDI device appear under the ''MIDI'' tab. You can also change the name of the client (from a generic "midi_capture_1" to something more descriptive), if you enable ''Setup > Display > Enable client/port aliases'' and then ''Enable client/port aliases editing (rename)''.<br />
<br />
For ALSA-MIDI, make sure to turn on '''Enable ALSA Sequencer support''' in QjackCtl ''Setup > Misc''. This will add the ''ALSA'' tab in QjackCtl ''Connect'' window where your MIDI controller will show up.<br />
<br />
{{Note| {{pkg|jack2}} does not come with bridging support for legacy ALSA MIDI only applications. Therefore {{pkg|a2jmidid}} is required [https://github.com/jackaudio/jack2/issues/362 until upstream achieves feature parity on this].}}<br />
For bridging ALSA-MIDI to JACK-MIDI, you may consider using a2jmidid ({{Pkg|a2jmidid}}). The following command will export all available ALSA MIDI ports to JACK MIDI ports:<br />
$ a2jmidid -e<br />
They will be visible in QjackCtl under the ''MIDI'' tab labelled "a2j" client.<br />
You can automate starting of a2jmidid by adding to QjackCtl ''Setup > Options > Execute script after Startup'': {{ic|/usr/bin/a2jmidid -e &}}<br />
{{note|When connecting MIDI keyboard controllers in QjackCtl, make sure to ''Expand All'' first and connect the desired ''Output Ports'' (below the ''Readable Clients'') to the ''Input Ports'' (below the ''Writable Clients''). As a shortcut, if you select a writable client instead of individual ports as your destination, it should connect all its currently displayed output ports underneath.}}<br />
<br />
*'''Q:''' What is the difference between JACK-MIDI and ALSA-MIDI?<br />
*'''A:''' The former has improved timing and sample accurate MIDI event alignment. It extends or may even replace the latter but at this point they both co-exist.<br />
<br />
To install some M-Audio MIDI keyboards, you will need the firmware package {{AUR|midisport-firmware}} in the [[AUR]]. Also, the snd_usb_audio module has to be available.<br />
For more information about specific USB MIDI devices, see http://alsa.opensrc.org/USBMidiDevices.<br />
<br />
==Troubleshooting==<br />
==="Cannot lock down memory area (Cannot allocate memory)" message on startup===<br />
<br />
See [[Realtime process management#Configuring PAM]] and ensure that the user is in the {{ic|realtime}} [[user group]].<br />
<br />
===jack2 and qjackctl errors===<br />
Still having the "Cannot allocate memory" and/or "Cannot connect to server socket err = No such file or directory" error(s) when pressing qjackctl's start button?<br />
<br />
Please delete {{ic|~/.jackdrc}}, {{ic|~/.config/jack/conf.xml}}, {{ic|~/.config/rncbc.org/QjackCtl.conf}}. Kill ''jackdbus'' and restart from scratch :)<br />
(Thanks to nedko)<br />
<br />
Also try running <br />
$ fuser /dev/snd/*<br />
and check the resulting PID's with<br />
$ ps ax | grep [PID here]<br />
This will hopefully show the conflicting programs.<br />
<br />
==="ALSA: cannot set channel count to 1 for capture" error in logs===<br />
Change ALSA input and output channels from 1 to 2<br />
<br />
===Crackling or pops in audio===<br />
Your CPU or sound card is too weak to handle your settings for JACK. Lower the bitrate, lower the frame size, and raise the frame period in small increments until crackling stops. You can also try changing the sampling rate to 44100 or whatever is natively supported. This allows jack to send audio to the system without having to resample. In {{Pkg|jack2}} with {{ic|jack_control}}, this is accomplished with<br />
<br />
jack_control dps rate 44100<br />
<br />
===Problems with specific applications===<br />
====VLC - no audio after starting JACK====<br />
Run VLC and change the following menu options:<br />
* Tools > Preferences<br />
* Show settings: All<br />
* Audio > Output modules > Audio output module: JACK audio output<br />
* Audio > Output modules > JACK: Automatically connect to writable clients (enable)<br />
<br />
==See also==<br />
<br />
* [https://github.com/jackaudio/jackaudio.github.com/wiki/Q_difference_jack1_jack2 Differences between JACK 1 and JACK2]<br />
* [http://jackaudio.org/faq/ JACK FAQ]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=JACK_Audio_Connection_Kit&diff=593396JACK Audio Connection Kit2019-12-29T01:14:36Z<p>Lafleur: propose an alternative for sparse use of QjackCtl</p>
<hr />
<div>[[Category:Sound]]<br />
[[fr:Jack]]<br />
[[es:JACK Audio Connection Kit]]<br />
[[ja:JACK Audio Connection Kit]]<br />
{{Related articles start}}<br />
{{Related|Sound system}}<br />
{{Related|Professional audio}}<br />
{{Related articles end}}<br />
From [[Wikipedia:JACK Audio Connection Kit]]:<br />
:JACK Audio Connection Kit (or JACK; a recursive acronym) is a professional sound server daemon that provides real-time, low-latency connections for both audio and MIDI data between applications that implement its API. <br />
<br />
==Installation==<br />
In order for JACK to work properly, your user needs to be [[Users and groups#Group management|added]] to the {{ic|realtime}} group for access to higher ulimits defined in {{ic|/etc/security/limits.d/99-realtime-privileges.conf}} (provided by the {{Pkg|realtime-privileges}} package), which is needed for realtime audio processing.<br />
{{Note|You need to manually add your user to the {{ic|realtime}} group even if you're using logind, since logind just handles access to direct hardware.}}<br />
<br />
There are two JACK implementations, see [https://github.com/jackaudio/jackaudio.github.com/wiki/Q_difference_jack1_jack2 this comparison] for the difference between the two. In short, Jack 1 and Jack 2 are equivalent implementations of the same protocol. Programs compiled against Jack 1 will work with Jack 2 without recompile (and vice versa). <br />
<br />
===JACK2===<br />
'''JACK2''' is a C++ implementation with SMP support. [[Install]] it with the {{Pkg|jack2}} package. For 32-bit application support, also install the {{Pkg|lib32-jack2}} package from the [[multilib]] repository. To use the ''jack_control'' command, also install the {{Pkg|python-dbus}} package.<br />
<br />
===JACK===<br />
'''JACK''' uses a C API and supports more than one soundcard on Linux (plus MIDI). [[Install]] it with the {{pkg|jack}} package. For 32-bit application support, also install the {{Pkg|lib32-jack}} package from the [[multilib]] repository.<br />
<br />
===GUI===<br />
<br />
* {{App|Cadence|Set of tools useful for audio production. It performs system checks, manages JACK, calls other tools and make system tweaks.|https://kx.studio/Applications:Cadence|{{Pkg|cadence}}}}<br />
* {{App|Patchage|Modular patch bay for audio and MIDI systems based on JACK and ALSA.|https://drobilla.net/software/patchage|{{Pkg|patchage}}}}<br />
* {{App|PatchMatrix|JACK patch bay in flow matrix style.|https://git.open-music-kontrollers.ch/lad/patchmatrix/about/|{{Pkg|patchmatrix}}}}<br />
* {{App|QjackCtl|Simple Qt application to control the JACK sound server daemon.|https://qjackctl.sourceforge.io/|{{Pkg|qjackctl}}}}<br />
<br />
==Basic Configuration==<br />
<br />
===Overview===<br />
The right configuration for your hardware and application needs depends on several factors. Your sound card and CPU will heavily affect how low of latency you can achieve when using JACK.<br />
<br />
The mainline Linux kernel now supports realtime scheduling, so using a patched kernel is no longer necessary. However, {{AUR|linux-rt}} in the AUR is a patched kernel that has some extra patches that can help to get lower latencies.<br />
<br />
===A shell-based example setup===<br />
JACK2 can be directly launched with the ''jackd'' executable, or controlled with the D-Bus-based ''jack_control'' binary. ''jack_control'' makes it easy to start and configure JACK2 via a shell script. Note that you must install the {{Pkg|python-dbus}} package to use ''jack_control''.<br />
<br />
Create a shell script that can be executed at X login:<br />
<br />
{{hc|start_jack.sh|<br />
#!/bin/bash<br />
<br />
jack_control start<br />
jack_control ds alsa<br />
jack_control dps device hw:HD2<br />
jack_control dps rate 48000<br />
jack_control dps nperiods 2<br />
jack_control dps period 64<br />
sleep 10<br />
a2jmidid -e &<br />
sleep 10<br />
qjackctl &<br />
}}<br />
<br />
The above will start a working JACK instance which other programs can then utilize. Details of each line follow. When discovering your own best configuration, it is helpful to do trial and error using QjackCtl's GUI with a non-D-Bus JACK2 version.<br />
<br />
====Details of the shell-based example setup====<br />
<br />
jack_control start<br />
Starts JACK if it is not already started.<br />
jack_control ds alsa<br />
Sets JACK to use the ALSA driver set.<br />
jack_control dps device hw:HD2<br />
Sets JACK to use ALSA-compatible sound card named HD2. One can find the names with {{ic|cat /proc/asound/cards}}. Most ALSA tutorials and default configurations use card numbers, but this can get confusing when external MIDI devices are in use; names make it easier.<br />
jack_control dps rate 48000<br />
Sets JACK to use 48000 khz sampling. Happens to work very well with this card. Some cards only do 44100, many will go much higher. The higher you go, the lower your latency, but the better your card and your CPU have to be, and software has to support this as well.<br />
jack_control dps nperiods 2<br />
Sets JACK to use 2 periods. 2 is right for motherboard, PCI, PCI-X, etc.; 3 for USB.<br />
jack_control dps period 64<br />
Sets JACK to use 64 frames per period. Lower is less latency, but the setting in this script gives 2.67 ms latency, which is nicely low without putting too much stress on the particular hardware this example was built for. If a USB sound system were in use it might be good to try 32. Anything less than 3-4 ms should be fine for realtime synthesis and/or FX, 5 ms is the smallest a human being can detect. QjackCtl will tell you how you are doing; at no-load, which means no clients attached, you will want a max of 3-5% CPU usage, and if you cannot get that without xruns (the red numbers which mean the system cannot keep up with the demands), you will have to improve your hardware.<br />
sleep 10<br />
Wait for the above to settle.<br />
a2jmidid -e &<br />
Start the ALSA-to-JACK MIDI bridge. Good for mixing in applications which take MIDI input through ALSA but not JACK.<br />
sleep 10<br />
Wait for the above to settle.<br />
qjackctl &<br />
Load QjackCtl. GUI configuration tells it to run in the system tray. It will pick up the JACK session started by D-Bus just fine, and very smoothly too. It maintains the patchbay, the connections between these applications and any other JACK-enabled apps to be started manually. The patchbay is set up using manual GUI, but connections pre-configured in the patchbay are automatically created by QjackCtl itself when apps are started.<br />
<br />
===A GUI-based example setup===<br />
This example setup utilizes a more GUI focused configuration and management of JACK<br />
<br />
* Install {{Pkg|jack2}} and {{Pkg|python-dbus}}.<br />
* Install {{Pkg|qjackctl}}, and tell your GUI window/desktop system to run it at startup.<br />
* Make sure QjackCtl is told to:<br />
** use the D-Bus interface,<br />
** run at startup,<br />
** save its configuration to the default location,<br />
** start the JACK audio server on application startup,<br />
** enable the system tray icon, and<br />
** start minimized to system tray.<br />
* Reboot.<br />
* After logging in, you will see QjackCtl in your system tray. Left-click on it.<br />
* Tweak settings in the QjackCtl GUI to lower latency. The Frame Size, Frame Buffer, and Bitrate settings all affect latency. Larger frame sizes lower latency, lower frame buffers lower latency, and higher bitrate settings lower latency, but all increase load on the sound card and your CPU. A Latency of about ~5ms is desirable for direct monitoring of instruments or microphones, as the latency begins to become perceptible at higher latencies.<br />
<br />
===An alternative GUI-based setup===<br />
<br />
If you use JACK for demanding tasks , but every now and then, it's possible to suspend a running pulseaudio session with QjackCtl just when you're using it. On a virgin config, modify the "Server prefix" option in the "Settings" > "Advanced" submenu, so that it states :<br />
<br />
pasuspender -- jackd<br />
<br />
<br />
The pulseaudio session should resume fine after you close QjcaCtl. Tip courtesy of [https://bbs.archlinux.org/viewtopic.php?pid=1163340#p1163340 this post].<br />
<br />
===Playing nice with ALSA===<br />
<br />
{{Note|1=There are several bugs in {{Pkg|alsa-lib}} and {{Pkg|alsa-plugins}} 1.1.9-2 that will cause audio to not play or errors regarding buffers with this setup. Please read [https://bbs.archlinux.org/viewtopic.php?id=250116] for workarounds and potential solutions.}} <br />
To allow Alsa programs to play while jack is running you must install the jack plugin for alsa with {{Pkg|alsa-plugins}}.<br />
<br />
And enable it by editing (or creating) /etc/asound.conf (system wide settings) to have these lines if you have a simple 2-channel setup:<br />
{{bc|<nowiki><br />
# convert alsa API over jack API<br />
# use it with<br />
# % aplay foo.wav<br />
<br />
# use this as default<br />
pcm.!default {<br />
type plug<br />
slave.pcm "jack"<br />
hint.description "Jack Audio"<br />
}</nowiki>}}<br />
<br />
If you have a different number of output/input channels or your first two channels aren't the ones you wish to route audio to, you cannot use the predefined jack pcm source from {{ic|/etc/alsa/conf.d/50-jack.conf}}, but rather something like:<br />
{{bc|<nowiki><br />
# the first jack port goes to an output we don't use and there are no recording devices<br />
pcm.!jack {<br />
type jack<br />
playback_ports {<br />
0 system:playback_2<br />
1 system:playback_3<br />
}<br />
}<br />
<br />
pcm.!default {<br />
type plug<br />
slave.pcm "jack"<br />
hint.description "Jack Audio"<br />
}</nowiki>}}<br />
<br />
You need not restart your computer or anything. Just edit the alsa config files, start up jack, and there you go...<br />
<br />
Remember to start it as a '''user'''. If you start it with {{ic|jackd}} -d alsa" as user X, it will not work for user Y.<br />
<br />
Another approach, using ALSA loopback device (more complex but probably more robust), is described in [https://alsa.opensrc.org/Jack_and_Loopback_device_as_Alsa-to-Jack_bridge this article].<br />
<br />
=== GStreamer ===<br />
<br />
GStreamer requires the {{pkg|gst-plugins-good}} package to work with JACK, which contains the jackaudiosink plugin that adds JACK playback support.<br />
<br />
Further information (outdated): http://jackaudio.org/faq/gstreamer_via_jack.html<br />
<br />
=== PulseAudio ===<br />
If you need to keep {{Pkg|pulseaudio}} installed (in the event it is required by other packages, like {{Pkg|gnome-settings-daemon}}), you may want to prevent it from spawning automatically with X and taking over from JACK.<br />
<br />
Edit {{ic|/etc/pulse/client.conf}}, uncomment "autospawn" and set it to "no":<br />
;autospawn = yes<br />
autospawn = no<br />
<br />
''If you want both to play along, see: [[PulseAudio/Examples#PulseAudio through JACK]]''<br />
<br />
=== Firewire ===<br />
In order to prevent ALSA from messing around with your firewire devices you have to blacklist all firewire related kernel modules. This also prevents PulseAudio from using firewire. Create the following file:<br />
<br />
{{hc|/etc/modprobe.d/alsa-no-jack.conf|<br />
blacklist snd-fireworks<br />
blacklist snd-bebob<br />
blacklist snd-oxfw<br />
blacklist snd-dice<br />
blacklist snd-firewire-digi00x<br />
blacklist snd-firewire-tascam<br />
blacklist snd-firewire-lib<br />
blacklist snd-firewire-transceiver<br />
blacklist snd-fireface<br />
blacklist snd-firewire-motu<br />
}}<br />
<br />
''The list of modules is the most recent available at the time of writing at [https://github.com/takaswie/snd-firewire-improve Alsa Firewire Improve Repository].''<br />
<br />
Now you can unload your loaded firewire modules or reboot.<br />
<br />
=== Network / remote audio ===<br />
<br />
JACK can be configured to send audio data over a network to a "master" machine, which then outputs the audio to a physical device. This can be useful to mix audio from a number of "slave" computers without requiring additional cables or hardware mixers, and keeping the audio path digital for as long as possible (as hardware mixers with digital inputs are very rare).<br />
<br />
The configuration is very simple, however it requires a network that supports multicast traffic (i.e. IGMP snooping must be enabled on managed network switches), and it requires all machines be running the same JACK major version (JACK1 or JACK2) as the protocols are not interoperable between versions. For JACK2, the {{ic|netmanager}} module must be loaded:<br />
<br />
{{bc|<nowiki><br />
master$ jack_load netmanager -i -c<br />
</nowiki>}}<br />
<br />
The {{ic|-i -c}} option tells the netmanager to automatically map any incoming connections to the default audio device. Without this, each incoming connection would have to be manually mapped on each connection. You can use {{ic|-i -h}} instead to see all available options, however note that the options are printed in the {{ic|jackd}} server output, the {{ic|jack_load}} command will not show anything.<br />
<br />
On the client, JACK must be started in network mode:<br />
<br />
{{bc|<nowiki><br />
slave$ jackd -d net<br />
</nowiki>}}<br />
<br />
The two machines will connect and on the master the new audio source will be visible:<br />
<br />
{{bc|<nowiki><br />
master$ jack_lsp<br />
system:playback_1<br />
system:playback_2<br />
remotehost:from_slave_1<br />
remotehost:from_slave_2<br />
</nowiki>}}<br />
<br />
If you passed the {{ic|-c}} option to {{ic|jack_load}} as above, then the remote system will now be able to play audio.<br />
<br />
==MIDI==<br />
<br />
JACK can handle one soundcard very well, and an arbitrary number of MIDI devices (connected e.g. via USB).<br />
If you start JACK and want to use a MIDI keyboard or a synthesizer or some other pure MIDI device, you have to start JACK with a proper soundcard (one that actually outputs or inputs PCM sound).<br />
As soon you have done that, you can connect the MIDI device. E.g. with QjackCtl ({{pkg|qjackctl}}), you click on the connect button and you will find your device listed under JACK-MIDI or ALSA-MIDI, depending on the driver.<br />
<br />
For JACK-MIDI, you may want to set the '''MIDI Driver''' to '''seq''' or '''raw''' in QjackCtl ''Setup > Settings''. This should make your MIDI device appear under the ''MIDI'' tab. You can also change the name of the client (from a generic "midi_capture_1" to something more descriptive), if you enable ''Setup > Display > Enable client/port aliases'' and then ''Enable client/port aliases editing (rename)''.<br />
<br />
For ALSA-MIDI, make sure to turn on '''Enable ALSA Sequencer support''' in QjackCtl ''Setup > Misc''. This will add the ''ALSA'' tab in QjackCtl ''Connect'' window where your MIDI controller will show up.<br />
<br />
{{Note| {{pkg|jack2}} does not come with bridging support for legacy ALSA MIDI only applications. Therefore {{pkg|a2jmidid}} is required [https://github.com/jackaudio/jack2/issues/362 until upstream achieves feature parity on this].}}<br />
For bridging ALSA-MIDI to JACK-MIDI, you may consider using a2jmidid ({{Pkg|a2jmidid}}). The following command will export all available ALSA MIDI ports to JACK MIDI ports:<br />
$ a2jmidid -e<br />
They will be visible in QjackCtl under the ''MIDI'' tab labelled "a2j" client.<br />
You can automate starting of a2jmidid by adding to QjackCtl ''Setup > Options > Execute script after Startup'': {{ic|/usr/bin/a2jmidid -e &}}<br />
{{note|When connecting MIDI keyboard controllers in QjackCtl, make sure to ''Expand All'' first and connect the desired ''Output Ports'' (below the ''Readable Clients'') to the ''Input Ports'' (below the ''Writable Clients''). As a shortcut, if you select a writable client instead of individual ports as your destination, it should connect all its currently displayed output ports underneath.}}<br />
<br />
*'''Q:''' What is the difference between JACK-MIDI and ALSA-MIDI?<br />
*'''A:''' The former has improved timing and sample accurate MIDI event alignment. It extends or may even replace the latter but at this point they both co-exist.<br />
<br />
To install some M-Audio MIDI keyboards, you will need the firmware package {{AUR|midisport-firmware}} in the [[AUR]]. Also, the snd_usb_audio module has to be available.<br />
For more information about specific USB MIDI devices, see http://alsa.opensrc.org/USBMidiDevices.<br />
<br />
==Troubleshooting==<br />
==="Cannot lock down memory area (Cannot allocate memory)" message on startup===<br />
<br />
See [[Realtime process management#Configuring PAM]] and ensure that the user is in the {{ic|realtime}} [[user group]].<br />
<br />
===jack2 and qjackctl errors===<br />
Still having the "Cannot allocate memory" and/or "Cannot connect to server socket err = No such file or directory" error(s) when pressing qjackctl's start button?<br />
<br />
Please delete {{ic|~/.jackdrc}}, {{ic|~/.config/jack/conf.xml}}, {{ic|~/.config/rncbc.org/QjackCtl.conf}}. Kill ''jackdbus'' and restart from scratch :)<br />
(Thanks to nedko)<br />
<br />
Also try running <br />
$ fuser /dev/snd/*<br />
and check the resulting PID's with<br />
$ ps ax | grep [PID here]<br />
This will hopefully show the conflicting programs.<br />
<br />
==="ALSA: cannot set channel count to 1 for capture" error in logs===<br />
Change ALSA input and output channels from 1 to 2<br />
<br />
===Crackling or pops in audio===<br />
Your CPU or sound card is too weak to handle your settings for JACK. Lower the bitrate, lower the frame size, and raise the frame period in small increments until crackling stops. You can also try changing the sampling rate to 44100 or whatever is natively supported. This allows jack to send audio to the system without having to resample. In {{Pkg|jack2}} with {{ic|jack_control}}, this is accomplished with<br />
<br />
jack_control dps rate 44100<br />
<br />
===Problems with specific applications===<br />
====VLC - no audio after starting JACK====<br />
Run VLC and change the following menu options:<br />
* Tools > Preferences<br />
* Show settings: All<br />
* Audio > Output modules > Audio output module: JACK audio output<br />
* Audio > Output modules > JACK: Automatically connect to writable clients (enable)<br />
<br />
==See also==<br />
<br />
* [https://github.com/jackaudio/jackaudio.github.com/wiki/Q_difference_jack1_jack2 Differences between JACK 1 and JACK2]<br />
* [http://jackaudio.org/faq/ JACK FAQ]</div>Lafleurhttps://wiki.archlinux.org/index.php?title=Talk:ECryptfs&diff=547394Talk:ECryptfs2018-10-13T00:06:30Z<p>Lafleur: /* Automounting */ propose to expose a fix for ecryptfs auto-umount</p>
<hr />
<div>=== Automounting ===<br />
Just a short remark which took me several hours to figure out: <br />
<br />
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login. <br />
<br />
It is now working and two crucial steps seemed to be:<br />
1. besides pam_mount.so use also pam_ecryptfs.so<br />
2. put an empty file "auto-mount" into /home/USER/.ecryptfs<br />
<br />
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. <br />
If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.<br />
<br />
Kind regards<br />
[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 21:20, 25 March 2015 (UTC)<br />
<br />
:Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make ([[ECryptfs#Auto-mounting]]). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 [[ECryptfs#Without_ecryptfs-utils]], please confirm. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 06:56, 26 March 2015 (UTC)<br />
<br />
::Hi, oh sorry for the imprecise section reference (must have been too tired) So I started my setup with 3.3.2 and followed up to 3.3.2.2. [[Ecryptfs#Auto-mounting_2]] -- [[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 08:22, 26 March 2015 (UTC)<br />
<br />
:::Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout. <br />
:::Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified {{ic|/etc/pam.d/system-auth}} for other reasons before? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 19:06, 26 March 2015 (UTC)<br />
:::Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with [https://wiki.archlinux.org/index.php?title=ECryptfs&diff=367315&oldid=366857], does it reflect your experience now correctly? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:06, 26 March 2015 (UTC)<br />
<br />
:::: Hi! Yes, your changes exactly make the right points. Thank you very much. By the way, in the pam mount article there is a remark that auto-umount does not work currently. I also noted the double mounting thing on login --[[User:DaAlx|DaAlx]] ([[User talk:DaAlx|talk]]) 22:20, 26 March 2015 (UTC)<br />
<br />
::::: Ok, good. Yes, the auto-umount does not work consistently with just pam_ecryptfs.so as well:[https://wiki.archlinux.org/index.php?title=ECryptfs&diff=365591&oldid=362767] The double-mounting I only noticed with configured pam_mount. Let's keep this item open a bit, maybe someone has an idea about the cause. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 23:19, 26 March 2015 (UTC)<br />
<br />
:::::: With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short <s>write up</s> - see below comment. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 16:36, 14 February 2017 (UTC)<br />
<br />
::::::: Hi I am the person responsible for the link [[User:Indigo|Indigo]] posted I have made a second guide which corrects a very bad issue of your password ending up in the journal log, PLEASE MAKE SURE to update the code mentioned in my guide, [https://paste.debian.net/plainh/f2480500 new guide] and make sure to WIPE YOUR JOURNAL if you did use the previous guide. Sorry for the bad error. I will when I am not tethering for Internet spin up an Arch VM and test this on Arch but thus far I have only tested it on Debian. Improvements and reviews of the guide and its code are more than welcome! [[User:KonomiKitten|KonomiKitten]] ([[User talk:KonomiKitten|talk]]) 09:38, 10 March 2017 (UTC)<br />
<br />
:::::::: In any case thanks for reporting it! --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 15:06, 10 March 2017 (UTC)<br />
:::::::: I forgot to mention you can of course just rewrap with the new passphrase after you ran ''passwd''; more effective than wiping the journal. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 20:41, 17 March 2017 (UTC)<br />
<br />
::::::: Hey [[User:Indigo|Indigo]], concerning auto-umount of ecryptfs, I've been adapting the solution proposed in [https://wiki.archlinux.org/index.php/Talk:Pam_mount the Pam_mount talk], and it works fine with console, lightdm and gdm logins (meaning the encrypted dir gets cleanly unmounted on logout, provided there are no process left using this dir), at least if one uses Ubuntu tools to encrypt the dir. It involves a different setup of /etc/pam.d (moving pam_ecryptfs.so calls to a separate conf file, so as to stop being interfered by {{ic|systemd --user}}). I am willing to expose it in lieu of the actual warning on auto-umounting ; just thought I could to tell you first. [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 00:06, 13 October 2018 (UTC)</div>Lafleurhttps://wiki.archlinux.org/index.php?title=ArchWiki_talk:Sandbox&diff=547393ArchWiki talk:Sandbox2018-10-12T23:55:57Z<p>Lafleur: found how to add an inline codeline</p>
<hr />
<div>==Comments==<br />
<br />
Hello, how are you? -- [[User:Acgtyrant|Acgtyrant]] ([[User talk:Acgtyrant|talk]]) 15:17, 27 August 2013 (UTC)<br />
:Fine, thanks, and you? -- [[User:Acgtyrant|Acgtyrant]] ([[User talk:Acgtyrant|talk]]) 15:17, 27 August 2013 (UTC)<br />
::Tres bien) -- [[User:Kycok|Kycok]] ([[User talk:Kycok|talk]]) 05:33, 28 January 2014 (UTC)<br />
:: how do you edit the wiki?<br />
Testing [[User:Tech2077|Tech2077]] ([[User talk:Tech2077|talk]]) 21:38, 3 July 2015 (UTC)<br />
:::: Uh, tu parles francais [[User:Kycok|Kycok]]? I am from switzerland but I hated french in school and now I am learning it every single day. --[[User:Ndalliard|ndalliard]] ([[User talk:Ndalliard|talk]]) 04:42, 31 July 2015 (UTC)<br />
Trying to contribute here. ([[User:Amoros|Amoros]]) ([[User talk:Amoros|talk]]) 15:37, 12 August 2015 (UTC)<br />
<br />
Hi I'm new here [[User:Chrisfryer78|Chrisfryer78]] ([[User talk:Chrisfryer78|talk]]) 08:36, 7 November 2015 (UTC)<br />
:Hello, I'm new here too! This is a test. [[User:Nullifer|Nullifer]] ([[User talk:Nullifer|talk]]) 07:48, 30 December 2016 (UTC)<br />
:Hello this is a test reply :) [[User:Viktorstrate|Viktorstrate]] ([[User talk:Viktorstrate|talk]])viktorstrate 16:10, 4 July 2018 (UTC)<br />
<br />
== A new section should be added ==<br />
<br />
I'd like to propose to change blahdieblah!<br />
<br />
[[User:E-type|E-type]] ([[User talk:E-type|talk]]) 17:38, 9 October 2016 (UTC)<br />
<br />
<br />
adding my contributions to the new section, test edit blah blah ...<br />
<br />
[[User:Fawix|Fawix]] ([[User talk:Fawix|talk]]) 20:14, 1 January 2017 (UTC)<br />
<br />
Testing stuff in the sandbox [[User:RobU3|RobU3]] ([[User talk:RobU3|talk]]) 05:15, 30 January 2018 (UTC)<br />
<br />
== New test section ==<br />
<br />
Hello Sandbox! <br />
<br />
-- [[User:Raczek|Raczek]] ([[User talk:Raczek|talk]]) 13:43, 11 May 2017 (UTC)<br />
<br />
Just a test...<br />
[[User:Leventel|Leventel]] ([[User talk:Leventel|talk]]) 10:07, 12 May 2017 (UTC)<br />
<br />
Looks like I'm the newest user now. [[User:Mycatfishsteve|Mycatfishsteve]] ([[User talk:Mycatfishsteve|talk]]) 21:56, 6 June 2017 (UTC)<br />
: Short joy ! I myself wonder how to add {{ic|codelines}} [[User:Lafleur|la Fleur]] ([[User talk:Lafleur|talk]]) 23:55, 12 October 2018 (UTC)<br />
<br />
== Add topic test ==<br />
<br />
test<br />
<br />
-- [[User:Z32O|Z32O]] ([[User talk:Z32O|talk]]) 17:14, 13 Oct 2017 (UTC)</div>Lafleur