https://wiki.archlinux.org/api.php?action=feedcontributions&user=Louson&feedformat=atomArchWiki - User contributions [en]2024-03-29T14:24:21ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Talk:Dd&diff=781118Talk:Dd2023-06-15T11:37:11Z<p>Louson: start a discussion about the references to figure out the best bs value</p>
<hr />
<div>== Doubts about external references ==<br />
<br />
The section `Cloning_an_entire_hard_disk` gives two references to figure out the best bs value for your use case.<br />
I am not sure they are relevant as running several times make different results. There might be other parameters (such as periodic flushs) that randomly slow down the process [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:37, 15 June 2023 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=756221User:Louson2022-11-07T21:49:27Z<p>Louson: dbus policy in /usr/local/share</p>
<hr />
<div>== Install ==<br />
=== Mainline ===<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
=== Performances ===<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Laptop specific ===<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
==== Hibernation ====<br />
===== Enable hibernation =====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
===== Automatic hibernation =====<br />
====== Low battery ======<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
====== After a delay ======<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
== Post-install ==<br />
<br />
=== ssh ===<br />
<br />
ssh agent<br />
: https://wiki.archlinux.org/title/SSH_keys#SSH_agents<br />
<br />
=== i3 ===<br />
<br />
==== urxvt + tmux ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
==== Bindings ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
=== Blue light filter ===<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
=== MPD ===<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
=== Bluetooth ===<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
=== ldconfig does not load /usr/local/lib ===<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
=== Probe ===<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
== Wayland ==<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
== Rip CD ==<br />
=== Ripit ===<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
=== ABCDE ===<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
=== Beets ===<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
==== Plugins ====<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
=== Add a DiscId ===<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
== Create a builder with systemd-nspawn ==<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
=== Get an archived version ===<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
=== Configure pacman ===<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
=== Follow installation guide after chroot ===<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
Set the [[time zone]]:<br />
<br />
# ln -sf /usr/share/zoneinfo/''Region''/''City'' /etc/localtime<br />
<br />
<br />
[[textedit|Edit]] {{ic|/etc/locale.gen}} and uncomment {{ic|en_US.UTF-8 UTF-8}} and other needed [[locale]]s. Generate the locales by running:<br />
<br />
# locale-gen<br />
<br />
[[Create]] the {{man|5|locale.conf}} file, and [[Locale#Setting the system locale|set the LANG variable]] accordingly:<br />
<br />
{{hc|1=/etc/locale.conf|2=<br />
LANG=''en_US.UTF-8''<br />
}}<br />
<br />
=== Bind a volume ===<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384<br />
<br />
== D-bus ==<br />
<br />
=== Policy in /usr/local/share ===<br />
<br />
By default, the policy must be stored in {{ic|/etc/dbus-1/system.d}} or {{ic|/usr/share/dbus-1/system.d}}. If you need this, create {{ic|/etc/dbus-1/system-local.conf}} with the following content:<br />
<br />
{{hc|/etc/dbus-1/system-local.conf|<nowiki><br />
<busconfig><br />
<includedir>/usr/local/share/dbus-1/system.d</includedir><br />
</busconfig><br />
</nowiki>}}</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Fail2ban&diff=751294Talk:Fail2ban2022-10-05T13:46:30Z<p>Louson: /* Need reference */ ignoreself</p>
<hr />
<div>==Need reference==<br />
As far as I understand, this is not possible anymore as the bug related to this has been fixed (http://www.securelist.com/en/advisories/56691{{dead link|2020|04|02|status=page not found note with an offer, supposedly at no cost, supposedly from Kaspersky, for something. Does that something open source, or required, or work, in arch?}}):<br />
"Additionally, if the attacker knows your IP address, they can send packets with a spoofed source header and get you locked out of the server."<br />
<br />
A reference is needed here. -- [[User:Siosm|Siosm]] ([[User talk:Siosm|Siosm]]) 13:05, 09 February 2014 (UTC)<br />
: Spoofing IP is a known issue. There are many references, such as [[wikipedia:Spoofing_attack#Spoofing_and_TCP/IP]], or [[Security#SSH]]. There are also defense lines, such as [[Sysctl#Reverse_path_filtering]]. [[User:Regid|Regid]] ([[User talk:Regid|talk]]) 08:33, 2 April 2020 (UTC)<br />
<br />
:: The {{ic|jail.conf}} has the option {{ic|ignoreself}} which is true by default. Isn't that enough ? [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 13:46, 5 October 2022 (UTC)<br />
<br />
== warning about log parse error ==<br />
<br />
Hi, I just see the warning added: [https://wiki.archlinux.org/index.php?title=Fail2ban&diff=304228&oldid=295908] <br />
I think it is very good that it was added in the first place. I have also followed the link, but I am not using the package so I cannot comment much on it. I think for the warning it would be useful to elaborate briefly in which circumstances (e.g. log facility, settings, applications, etc) that erroneous IP format in the logs did/could occur. The IP format (IPv4-port) the sshd logs show in the report don't match my journalctl log format, so much I see. <br />
IF it is the case that this can occur by choosing available options (e.g. in sshd.conf or for journalctl) with Arch default packages, it might also help other users by posting a brief description of the issue to the (new) mailing list: https://lists.archlinux.org/archives/list/arch-security@lists.archlinux.org/ or [https://bbs.archlinux.org/viewforum.php?id=8 the bbs] (I'm leaving a note for [[User:666threesixes666]] with a link to this suggestion).<br />
--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 18:07, 13 March 2014 (UTC)<br />
<br />
:hi i dont actually use arch, so i am not sure if the problem occurs. regardless the regex to extract ip v4 addresses is improper, and breaks at pairing with port or process number, and possibly with ip.some.domain.com or xxx-xxx-xxx-xxx.some.domain.com. i signed up here to be friendly and cross reference a wiki i posted at gentoo that was not well covered here so that editors could take examples from it to make their lives easier. mm yeah [[monit]] wiki. i don't do mailing lists, sorry. take it easy arch friends. =D[[User:666threesixes666|666threesixes666]] ([[User talk:666threesixes666|talk]]) 18:32, 13 March 2014 (UTC)<br />
::Well, thanks for reporting it here in this case. But the point that it is unclear whether there exists a problem at all with fail2ban used with Arch repo packages did not really come through .. I have re-phrased it a little more generally. I moved the cross-link to sshguard at the top out of the warning too. It appears useful anyway to provide a contextual link between the two packages (our sshguard page has the to here). Have a look, if you are ok with it. --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 22:58, 13 March 2014 (UTC)<br />
:::i do not mind 1 way or another, its a wiki and i expect merciless editing. i dont use arch, and its very well possible the issue doesnt affect arch as they said in the bug report upstream comes from a ssh patch. regardless if the regex breaks for me i know it will break again sooner or later especially since they refuse to correct their errors. sshguard should be preferred over fail2ban regardless as it is C and not interpreted. [[User:666threesixes666|666threesixes666]] ([[User talk:666threesixes666|talk]]) 09:39, 16 March 2014 (UTC)<br />
::::Anecdotal sidenote first: you might have read that 14th March was world PI-day. Fun fact: the first 144 PI digits add up to 666. ;) <br />
::::To the point: Ok, cool, so let's keep the warning like this. My personal preference is to do it simply with iptables and not an extra tool which runs with root. But that's not so versatile, if you need things like permanent blacklists or something else from the tools unarguably neat features. Anyhow, I guess you are right with your point about the regex. <br />
::::It would be helpful, if you could quickly note here in talk once your bug report has been resolved. Thanks. <br />
::::--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 10:22, 16 March 2014 (UTC)<br />
<br />
== hardening errors ==<br />
<br />
First of all, it seems like we have to have `/var/log/fail2ban` in<br />
<br />
ReadWriteDirectories=/var/run/fail2ban /var/lib/fail2ban /var/spool/postfix/maildrop /tmp /var/log/fail2ban<br />
<br />
On the other hand, it seems these rules causes [https://bbs.archlinux.org/viewtopic.php?pid=1575806#p1575806 problems]--[[User:Xan|Xan]] ([[User talk:Xan|talk]]) 17:14, 3 November 2015 (UTC)<br />
<br />
==== maildrop ====<br />
It seems like the 'Service hardening' will also cause the maildrop to not work, specifically the {{ic|1=NoNewPrivileges=yes}} will cause a permission denied issue ("warning: mail_queue_enter: create file maildrop/103313.473: Permission denied'")[https://lists.freedesktop.org/archives/systemd-devel/2014-June/020305.html]. [[User:JDWUP|JDWUP]] ([[User talk:JDWUP|talk]]) 22:02, 5 March 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=749958User:Louson2022-09-30T18:24:24Z<p>Louson: /* Post-install */ ssh agent in post install</p>
<hr />
<div>== Install ==<br />
=== Mainline ===<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
=== Performances ===<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Laptop specific ===<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
==== Hibernation ====<br />
===== Enable hibernation =====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
===== Automatic hibernation =====<br />
====== Low battery ======<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
====== After a delay ======<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
== Post-install ==<br />
<br />
=== ssh ===<br />
<br />
ssh agent<br />
: https://wiki.archlinux.org/title/SSH_keys#SSH_agents<br />
<br />
=== i3 ===<br />
<br />
==== urxvt + tmux ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
==== Bindings ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
=== Blue light filter ===<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
=== MPD ===<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
=== Bluetooth ===<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
=== ldconfig does not load /usr/local/lib ===<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
=== Probe ===<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
== Wayland ==<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
== Rip CD ==<br />
=== Ripit ===<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
=== ABCDE ===<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
=== Beets ===<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
==== Plugins ====<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
=== Add a DiscId ===<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
== Create a builder with systemd-nspawn ==<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
=== Get an archived version ===<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
=== Configure pacman ===<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
=== Follow installation guide after chroot ===<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
Set the [[time zone]]:<br />
<br />
# ln -sf /usr/share/zoneinfo/''Region''/''City'' /etc/localtime<br />
<br />
<br />
[[textedit|Edit]] {{ic|/etc/locale.gen}} and uncomment {{ic|en_US.UTF-8 UTF-8}} and other needed [[locale]]s. Generate the locales by running:<br />
<br />
# locale-gen<br />
<br />
[[Create]] the {{man|5|locale.conf}} file, and [[Locale#Setting the system locale|set the LANG variable]] accordingly:<br />
<br />
{{hc|1=/etc/locale.conf|2=<br />
LANG=''en_US.UTF-8''<br />
}}<br />
<br />
=== Bind a volume ===<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=747730User:Louson2022-09-22T12:42:33Z<p>Louson: /* Follow installation guide after chroot */ details</p>
<hr />
<div>== Install ==<br />
=== Mainline ===<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
=== Performances ===<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Laptop specific ===<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
==== Hibernation ====<br />
===== Enable hibernation =====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
===== Automatic hibernation =====<br />
====== Low battery ======<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
====== After a delay ======<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
== Post-install ==<br />
<br />
=== i3 ===<br />
<br />
==== urxvt + tmux ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
==== Bindings ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
=== Blue light filter ===<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
=== MPD ===<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
=== Bluetooth ===<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
=== ldconfig does not load /usr/local/lib ===<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
=== Probe ===<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
== Wayland ==<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
== Rip CD ==<br />
=== Ripit ===<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
=== ABCDE ===<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
=== Beets ===<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
==== Plugins ====<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
=== Add a DiscId ===<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
== Create a builder with systemd-nspawn ==<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
=== Get an archived version ===<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
=== Configure pacman ===<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
=== Follow installation guide after chroot ===<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
Set the [[time zone]]:<br />
<br />
# ln -sf /usr/share/zoneinfo/''Region''/''City'' /etc/localtime<br />
<br />
<br />
[[textedit|Edit]] {{ic|/etc/locale.gen}} and uncomment {{ic|en_US.UTF-8 UTF-8}} and other needed [[locale]]s. Generate the locales by running:<br />
<br />
# locale-gen<br />
<br />
[[Create]] the {{man|5|locale.conf}} file, and [[Locale#Setting the system locale|set the LANG variable]] accordingly:<br />
<br />
{{hc|1=/etc/locale.conf|2=<br />
LANG=''en_US.UTF-8''<br />
}}<br />
<br />
=== Bind a volume ===<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=747729User:Louson2022-09-22T12:37:18Z<p>Louson: /* Get an archived version = */ fix heading</p>
<hr />
<div>== Install ==<br />
=== Mainline ===<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
=== Performances ===<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Laptop specific ===<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
==== Hibernation ====<br />
===== Enable hibernation =====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
===== Automatic hibernation =====<br />
====== Low battery ======<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
====== After a delay ======<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
== Post-install ==<br />
<br />
=== i3 ===<br />
<br />
==== urxvt + tmux ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
==== Bindings ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
=== Blue light filter ===<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
=== MPD ===<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
=== Bluetooth ===<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
=== ldconfig does not load /usr/local/lib ===<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
=== Probe ===<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
== Wayland ==<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
== Rip CD ==<br />
=== Ripit ===<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
=== ABCDE ===<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
=== Beets ===<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
==== Plugins ====<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
=== Add a DiscId ===<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
== Create a builder with systemd-nspawn ==<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
=== Get an archived version ===<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
=== Configure pacman ===<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
=== Follow installation guide after chroot ===<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
=== Bind a volume ===<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=747728User:Louson2022-09-22T12:36:41Z<p>Louson: shift headings</p>
<hr />
<div>== Install ==<br />
=== Mainline ===<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
=== Performances ===<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Laptop specific ===<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
==== Hibernation ====<br />
===== Enable hibernation =====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
===== Automatic hibernation =====<br />
====== Low battery ======<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
====== After a delay ======<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
== Post-install ==<br />
<br />
=== i3 ===<br />
<br />
==== urxvt + tmux ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
==== Bindings ====<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
=== Blue light filter ===<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
=== MPD ===<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
=== Bluetooth ===<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
=== ldconfig does not load /usr/local/lib ===<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
=== Probe ===<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
== Wayland ==<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
== Rip CD ==<br />
=== Ripit ===<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
=== ABCDE ===<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
=== Beets ===<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
==== Plugins ====<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
=== Add a DiscId ===<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
== Create a builder with systemd-nspawn ==<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ===<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
=== Configure pacman ===<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
=== Follow installation guide after chroot ===<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
=== Bind a volume ===<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=736438User:Louson2022-07-06T09:35:13Z<p>Louson: /* i3 */ tmux + urxvt</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
<br />
== i3 ==<br />
<br />
=== urxvt + tmux ===<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
bindsym $mod+Return exec urxvt -e tmux<br />
</nowiki>}}<br />
<br />
{{hc|.config/tmux/tmux.conf|<nowiki><br />
set -g default-terminal "tmux-256color"<br />
set -g default-command "${SHELL}"<br />
</nowiki>}}<br />
=== Bindings ===<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=736437User:Louson2022-07-06T09:33:06Z<p>Louson: /* Post-install */ Change I3 bindings</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
<br />
== i3 ==<br />
<br />
=== Bindings ===<br />
<br />
{{hc|.config/i3/i3.conf|<nowiki><br />
# Pulse Audio controls<br />
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +2% #increase sound volume<br />
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -2% #decrease sound volume<br />
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound<br />
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle # mute sound<br />
<br />
# Screen brightness controls<br />
bindsym XF86MonBrightnessUp exec xbacklight -inc 20 # increase screen brightness<br />
bindsym XF86MonBrightnessDown exec xbacklight -dec 20 # decrease screen brightness<br />
<br />
# Screen display<br />
bindsym XF86Display exec autorandr --change<br />
<br />
## Screenshots<br />
bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date).png"<br />
bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date).png"<br />
bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date).png"<br />
## Clipboard Screenshots<br />
bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png<br />
bindsym Ctrl+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png<br />
</nowiki>}}<br />
<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=732748User:Louson2022-06-15T14:56:23Z<p>Louson: /* Probe */</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date !! quality<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29] || fine<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21] || crap<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25] || good<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=727565User:Louson2022-04-25T14:34:42Z<p>Louson: /* Probe */ thinkpad</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|-<br />
| ThinkPad T14 || [https://linux-hardware.org/?probe=37a92322aa 2022-04-25]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=727564Talk:GnuPG2022-04-25T13:46:47Z<p>Louson: /* Recommendation to add */ link to resolved</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
:On the same topic but on a different note, update [[GnuPG#Configuration_files]] to remove ''out of date warning'' and add the following informtion:<br />
:1) '''~/.gnupg/gpg.conf''' and '''~/.gnupg/dirmngr.conf''' are not created by default. So, the user can create them to implement the changes.<br />
:2) global config file is located at '''/etc/gnupg/gpgconf.conf''' shown by command '''gpgconf --list-config'''. This is also not created by default. The example file is <br />
:at '''/usr/share/doc/gnupg/examples/gpgconf.conf'''<br />
:--[[User:RaZorr|RaZorr]] ([[User talk:RaZorr|talk]]) 12:51, 16 January 2022 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
:also requires to restart dirmngr.service [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 13:32, 25 April 2022 (UTC)<br />
:but the problem is probably on the /etc/resolv.conf file. Are you using systemd-resolved ? Then check [[Systemd-resolved#DNS]] [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 13:46, 25 April 2022 (UTC)<br />
<br />
== A comment on provided code snippet ==<br />
<br />
The test from [[GnuPG#Set_SSH_AUTH_SOCK|Set_SSH_AUTH_SOCK]] : <br />
<br />
[ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]<br />
<br />
would probably always fail, since [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307] sets {{ic|gnupg_SSH_AUTH_SOCK_by}} to the process id of {{ic|gpg-agent}}, and the line above tests it for the process id of the {{ic|bash}} process.<br />
<br />
Therefore, <br />
<br />
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" <br />
<br />
will probably get executed every time. However, it most likely wouldn't break anything since at worst it will reset {{ic|SSH_AUTH_SOCK}} to the same value.<br />
<br />
{{Unsigned| 11:16, 1 May 2021 (UTC)|Thread13}}<br />
<br />
== Invalid IPC response and Inappropriate ioctl for device ==<br />
I solved this problem simply by removing an {{ic|#}} inside {{ic|/etc/pinentry/preexec}} enabling the desired option and then setting {{ic|/usr/bin/pinentry}} as default.<br />
[[User:Pavlov|Pavlov]] ([[User talk:Pavlov|talk]]) 15:19, 2 May 2021 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=727563User:Louson2022-04-25T13:45:04Z<p>Louson: /* Mainline */ resolv.conf</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
* resolv.conf stub [[Systemd-resolved#DNS]] (required for gpg)<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=727562Talk:GnuPG2022-04-25T13:32:09Z<p>Louson: /* Recommendation to add */ important precision to make that work</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
:On the same topic but on a different note, update [[GnuPG#Configuration_files]] to remove ''out of date warning'' and add the following informtion:<br />
:1) '''~/.gnupg/gpg.conf''' and '''~/.gnupg/dirmngr.conf''' are not created by default. So, the user can create them to implement the changes.<br />
:2) global config file is located at '''/etc/gnupg/gpgconf.conf''' shown by command '''gpgconf --list-config'''. This is also not created by default. The example file is <br />
:at '''/usr/share/doc/gnupg/examples/gpgconf.conf'''<br />
:--[[User:RaZorr|RaZorr]] ([[User talk:RaZorr|talk]]) 12:51, 16 January 2022 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
:also requires to restart dirmngr.service [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 13:32, 25 April 2022 (UTC)<br />
<br />
== A comment on provided code snippet ==<br />
<br />
The test from [[GnuPG#Set_SSH_AUTH_SOCK|Set_SSH_AUTH_SOCK]] : <br />
<br />
[ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]<br />
<br />
would probably always fail, since [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307] sets {{ic|gnupg_SSH_AUTH_SOCK_by}} to the process id of {{ic|gpg-agent}}, and the line above tests it for the process id of the {{ic|bash}} process.<br />
<br />
Therefore, <br />
<br />
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" <br />
<br />
will probably get executed every time. However, it most likely wouldn't break anything since at worst it will reset {{ic|SSH_AUTH_SOCK}} to the same value.<br />
<br />
{{Unsigned| 11:16, 1 May 2021 (UTC)|Thread13}}<br />
<br />
== Invalid IPC response and Inappropriate ioctl for device ==<br />
I solved this problem simply by removing an {{ic|#}} inside {{ic|/etc/pinentry/preexec}} enabling the desired option and then setting {{ic|/usr/bin/pinentry}} as default.<br />
[[User:Pavlov|Pavlov]] ([[User talk:Pavlov|talk]]) 15:19, 2 May 2021 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=727129Talk:Systemd-nspawn2022-04-21T08:38:36Z<p>Louson: /* Access host filesystem */ idmap option added in the page</p>
<hr />
<div>== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
I asked in the systemd IRC and user 'grawity' mentioned that the X server also listens on an abstract socket at @/tmp/.X11-unix/X0, which is available inside the container if you haven't isolated its network, and thus can still be used inside the container. This means that if you don't isolate the container's network, you don't even need to bind-mount /tmp/.X11-unix to get X applications running, and I guess you also get all the X security issues for free too, which might be worth mentioning in the article.<br />
--[[User:Tomaz|Tomaz]] ([[User talk:Tomaz|talk]]) 13:21, 25 November 2021 (UTC)<br />
<br />
== Using machinectl without root permissions ==<br />
<br />
In the [https://wiki.archlinux.org/index.php/Systemd-nspawn#Using_machinectl_without_root_permissions Using machinectl without root permissions] section of the systemd-nspawn wiki, <br />
the two '''PolKit''' rules that allow '''PolKit''' actions that start with ''org.freedesktop.machine1.'' enable the subject user to login as any other user including root without password using the following '''machinectl''' command:<br />
<br />
{{ic|1=$ machinectl shell --uid=root}}<br />
<br />
Most of the default actions of the ''org.freedesktop.machine1.policy'' are backed with the ''auth_admin'' element which requires the '''PolKit''' defined administrator to identify itself.<br />
Note that the '''PolKit''' defined administrator defaults to any user who is in the wheel group and this is already reasonably flexible.<br />
<br />
[[User:Nicolas Bouchinet|Nicolas Bouchinet]] ([[User talk:Nicolas Bouchinet|talk]]) 10:49, 18 March 2021 (UTC)<br />
<br />
==Use an X environment - Move to Xorg page==<br />
<br />
Most of the information in this section applies to a broader set of use-cases and can be referenced in other parts of the wiki. [https://wiki.archlinux.org/title/Linux_Containers#Xorg_program_considerations_(optional) LXC Xorg considerations], for instance, does not properly discuss running X clients inside containers, and suggests setting the very unsafe {{ic|xhost +}} rather than the the cookie authentication method detailed method in this page. I'm planning to expand the LXC article once the page is moved.<br />
[[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 13:08, 19 January 2022 (UTC)<br />
<br />
:The information does not fit into the [[Xorg]] page. It's revolving around the pages like [[xhost]] and [[Xephyr]]. Most of it seems bound to systemd-nspawn (at least via examples), but if you have a different idea, feel free to propose a specific draft. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 09:46, 23 January 2022 (UTC)<br />
<br />
::My bad, I should've clarified I was referring specifically to the xhost bits. Perhaps an article in [[Xorg]] about authenticating remote machines and containers or multiple users would be more appropriate? If not, I will just prepare a similar section for [[LXC]] if redundancy is not an issue. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 19:48, 23 January 2022 (UTC)<br />
<br />
:::You can't have an article in an article. xhost already has an article in [[xhost]]. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 21:01, 23 January 2022 (UTC)<br />
<br />
::::The section is discussing a method of avoiding xhost, not xhost itself. In any case, I don't think it's fair that the only mention of cookie authentication in the wiki (to my knowledge) is in the systemd-nspawn article. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 16:31, 24 January 2022 (UTC)<br />
<br />
== <s>Containers can start without PID 1 running</s> ==<br />
<br />
Containers does not always start a PID 1, for example when invoking ''systemd-nspawn'' directly, only a shell is started.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Execution Options}} (emphasis mine):<br />
::-a, --as-pid2<br />
::Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 (init). By default, if neither this option nor --boot is used, the selected '''program is run as the process with PID 1''' [...]<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:02, 6 February 2022 (UTC)<br />
<br />
:::Okay, I was wrong about PID 1. The shell program runs as PID 1 by default. {{ic|-b}} is about running an '''automatically searched''' PID 1 program, which is not the shell but usually /sbin/init which itself is symlink to /lib/systemd/systemd).<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:08, 6 February 2022 (UTC)<br />
<br />
== Domain name resolution: /etc/resolv.conf should have its own subsection; this section needs expansion ==<br />
<br />
The "Domain name resolution" section is only about /etc/resolv.conf, but the current section doesn't clearly express what can {{ic|--resolv-conf}} (or {{ic|ResolvConf<nowiki>=</nowiki>}} in ''.nspawn'' file) can do: it can only changes /etc/resolv.conf, not everything.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:It's useless to have a section with one introductory sentence and one subsection. In any case, it is not a reason to add a [[Template:Expansion]], because this problem does not indicate anything missing—[[Template:Style]] should be used for that. What do you think the section is ''missing''? — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:07, 6 February 2022 (UTC)<br />
<br />
:::About ''missing'': the section does not discuss options other than "auto". For some cases DNS automatically works, but not all, and adding other confusing cases can help.<br />
:::About ''one introductory sentence and one subsection'': for this alone this is [[Template:Style]]. But the section is more about incomplete article, so its [[Template:Expansion]]. [[Template:Expansion]] at least resides in three points:<br />
:::1. "Domain name resolution" is a larger topic than /etc/resolv.conf, and I believe there are more cases where DNS does not automatically work even after fixing /etc/resolv.conf, especially in the case of virtual network between host and container.<br />
:::2. Even if the section is only about /etc/resolv.conf, the current description is confusing: the current situation is that the title is "Domain name resolution", which is a much broader one than configuring /etc/resolv.conf, but the current description does not describe it explicitly: the current description does not say the functions of the option {{ic|--resolv-conf}} clearly, and can make the illusion that {{ic|--resolv-conf}} makes ''systemd-nspawn'' magically configure DNS, but it's not. (I believe this section expresses itself pretty unclearly)<br />
:::3. This section does not discuss possible values of {{ic|--resolv-conf}}, and only describes "auto", which is unhelpful (because if it works, nobody search over the Internet for solutions). At least {{ic|--resolv-conf<nowiki>=</nowiki>replace-host}} can be helpful in the case when no init program is launched but the container expects ''systemd-resolved''.<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:36, 6 February 2022 (UTC)<br />
<br />
::::First, the section links to the manual ({{man|1|systemd-nspawn|Integration Options}}) and only then it describes what {{ic|auto}} means. If the user finds that it does not work for them, they can see the manual and configure the option accordingly for their container. The wiki does not duplicate manuals just for completeness.<br />
::::It is also pretty obvious from the section that if {{ic|--private-network}} is used (which is implied by {{ic|--network-veth}} and other options), the configuration of {{ic|/etc/resolv.conf}} is left up to the user according to the [[Domain name resolution]] page.<br />
::::Also I don't see a problem with the section title "Domain name resolution" and omitting "/etc/resolv.conf" in the heading. ''If'' there was something other than {{ic|/etc/resolv.conf}} to be described in the section, it would be mentioned, but since it does not seem to be the case, I'll reiterate that it's useless to have a section with one introductory sentence and one subsection.<br />
::::— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 19:02, 6 February 2022 (UTC)<br />
<br />
== Unprivileged container and user namespace ==<br />
<br />
''systemd-nspawn'''s unprivileged container needs user namespace support. Its only common point with LXC is about user namespaces. A link should be given as [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]].<br />
<br />
Note that ''systemd-nspawn'' must be root so it requires user namespace but not necessarily unprivilged user namespace, unlike LXC and other applications like browsers.<br />
<br />
There is no wiki page for user namespace. The only places I found for user namespace are here, [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]] and [[Security#Sandboxing_applications]] (the two scary note and warning).<br />
<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 20:09, 6 February 2022 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Systemd-nspawn&diff=727128Systemd-nspawn2022-04-21T08:37:26Z<p>Louson: /* Access host filesystem */ idmap to mount with user host id</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Virtualization]]<br />
[[Category:Sandboxing]]<br />
[[es:Systemd-nspawn]]<br />
[[ja:Systemd-nspawn]]<br />
[[zh-hans:Systemd-nspawn]]<br />
{{Related articles start}}<br />
{{Related|systemd}}<br />
{{Related|Linux Containers}}<br />
{{Related|systemd-networkd}}<br />
{{Related|Docker}}<br />
{{Related articles end}}<br />
<br />
''systemd-nspawn'' is like the [[chroot]] command, but it is a ''chroot on steroids''.<br />
<br />
''systemd-nspawn'' may be used to run a command or OS in a light-weight namespace container. It is more powerful than [[chroot]] since it fully virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems and the host and domain name.<br />
<br />
''systemd-nspawn'' limits access to various kernel interfaces in the container to read-only, such as {{ic|/sys}}, {{ic|/proc/sys}} or {{ic|/sys/fs/selinux}}. Network interfaces and the system clock may not be changed from within the container. Device nodes may not be created. The host system cannot be rebooted and kernel modules may not be loaded from within the container.<br />
<br />
''systemd-nspawn'' is a simpler tool to configure than [[LXC]] or [[Libvirt]].<br />
<br />
== Installation ==<br />
<br />
''systemd-nspawn'' is part of and packaged with {{Pkg|systemd}}.<br />
<br />
== Examples ==<br />
<br />
=== Create and boot a minimal Arch Linux container ===<br />
<br />
First install {{Pkg|arch-install-scripts}}.<br />
<br />
Next, create a directory to hold the container. In this example we will use {{ic|~/MyContainer}}. <br />
<br />
Next, we use ''pacstrap'' to install a basic Arch system into the container. At minimum we need to install the {{Pkg|base}} package. <br />
<br />
# pacstrap -c ~/MyContainer base ''[additional packages/groups]''<br />
<br />
{{Tip|The {{Pkg|base}} package does not depend on the {{Pkg|linux}} kernel package and is container-ready.}}<br />
<br />
Once your installation is finished, chroot into the container, and set a root password:<br />
<br />
# systemd-nspawn -D ~/MyContainer<br />
# passwd<br />
# logout<br />
<br />
Finally, boot into the container:<br />
<br />
# systemd-nspawn -b -D ~/MyContainer<br />
<br />
The {{ic|-b}} option will boot the container (i.e. run {{ic|systemd}} as PID=1), instead of just running a shell, and {{ic|-D}} specifies the directory that becomes the container's root directory.<br />
<br />
After the container starts, log in as "root" with your password.<br />
<br />
{{Note|If the login fails with "Login incorrect", the problem is likely the {{ic|securetty}} TTY device whitelist. See [[#Root login fails]].}}<br />
<br />
The container can be powered off by running {{ic|poweroff}} from within the container. From the host, containers can be controlled by the [[#machinectl|machinectl]] tool.<br />
<br />
{{Note|To terminate the ''session'' from within the container, hold {{ic|Ctrl}} and rapidly press {{ic|]}} three times. Non-US keyboard users should use {{ic|%}} instead of {{ic|]}}.}}<br />
<br />
=== Create a Debian or Ubuntu environment ===<br />
<br />
Install {{Pkg|debootstrap}}, and one or both of {{Pkg|debian-archive-keyring}} and {{Pkg|ubuntu-keyring}} depending on which distribution you want.<br />
<br />
{{Note|''systemd-nspawn'' requires that the operating system in the container uses ''systemd'' init (has it running as PID 1) and ''systemd-nspawn'' is installed in the container. Make sure that the ''systemd-container'' package is installed on the container system.}}<br />
<br />
From there it is rather easy to set up Debian or Ubuntu environments:<br />
<br />
# cd /var/lib/machines<br />
# debootstrap --include=systemd-container --components=main,universe ''codename'' ''container-name'' ''repository-url''<br />
<br />
For Debian valid code names are either the rolling names like "stable" and "testing" or release names like "stretch" and "sid", for Ubuntu the code name like "xenial" or "zesty" should be used. A complete list of code names is in {{ic|/usr/share/debootstrap/scripts}} and the official table of code names to version numbers can be found in [https://wiki.ubuntu.com/DevelopmentCodeNames#Release_Naming_Scheme]. In case of a Debian image the "repository-url" can be https://deb.debian.org/debian/. For an Ubuntu image, the "repository-url" can be http://archive.ubuntu.com/ubuntu/. "repository-url" should ''not'' contain a trailing slash.<br />
<br />
Just like Arch, Debian and Ubuntu will not let you log in without a password. To set the root password, run ''systemd-nspawn'' without the {{ic|-b}} option:<br />
<br />
# cd /var/lib/machines<br />
# systemd-nspawn -D ./''container-name''<br />
# passwd<br />
# logout<br />
<br />
=== Build and test packages ===<br />
<br />
See [[Creating packages for other distributions]] for example uses.<br />
<br />
== Management ==<br />
<br />
Containers located in {{ic|/var/lib/machines/}} can be controlled by the ''machinectl'' command, which internally controls instances of the {{ic|systemd-nspawn@.service}} unit. The subdirectories in {{ic|/var/lib/machines/}} correspond to the container names, i.e. {{ic|/var/lib/machines/''container-name''/}}.<br />
<br />
{{Note|If the container cannot be moved into {{ic|/var/lib/machines/}} for some reason, it can be symlinked. See {{man|1|machinectl|FILES AND DIRECTORIES}} for details.}}<br />
<br />
=== Default systemd-nspawn options ===<br />
<br />
It is important to realize that containers started via ''machinectl'' or {{ic|systemd-nspawn@.service}} use different default options than containers started manually by the ''systemd-nspawn'' command. The extra options used by the service are:<br />
<br />
* {{ic|-b}}/{{ic|--boot}} – Managed containers automatically search for an init program and invoke it as PID 1.<br />
* {{ic|--network-veth}} which implies {{ic|--private-network}} – Managed containers get a virtual network interface and are disconnected from the host network. See [[#Networking]] for details.<br />
* {{ic|-U}} – Managed containers use the {{man|7|user_namespaces}} feature by default if supported by the kernel. See [[#Unprivileged containers]] for implications.<br />
* {{ic|1=--link-journal=try-guest}}<br />
<br />
The behaviour can be overridden in per-container configuration files, see [[#Configuration]] for details.<br />
<br />
=== machinectl ===<br />
<br />
{{Note|The ''machinectl'' tool requires [[systemd]] and {{Pkg|dbus}} to be installed in the container. See [https://github.com/systemd/systemd/issues/685] for detailed discussion.}}<br />
<br />
Containers can be managed by the {{ic|machinectl ''subcommand'' ''container-name''}} command. For example, to start a container:<br />
<br />
$ machinectl start ''container-name''<br />
<br />
Similarly, there are subcommands such as {{ic|poweroff}}, {{ic|reboot}}, {{ic|status}} and {{ic|show}}. See {{man|1|machinectl|Machine Commands}} for detailed explanations.<br />
<br />
{{Tip|Poweroff and reboot operations can be performed from within the container using the {{ic|poweroff}} and {{ic|reboot}} commands.}}<br />
<br />
Other common commands are:<br />
<br />
* {{ic|machinectl list}} – show a list of currently running containers<br />
* {{ic|machinectl login ''container-name''}} – open an interactive login session in a container<br />
* {{ic|machinectl shell ''[username@]container-name''}} – open an interactive shell session in a container (this immediately invokes a user process without going through the login process in the container)<br />
* {{ic|machinectl enable ''container-name''}} and {{ic|machinectl disable ''container-name''}} – enable or disable a container to start at boot, see [[#Enable container to start at boot]] for details<br />
<br />
''machinectl'' also has subcommands for managing container (or virtual machine) images and image transfers. See {{man|1|machinectl|Image Commands}} and {{man|1|machinectl|Image Transfer Commands}} for details.<br />
<br />
{{Expansion|Add some explicit examples how to use the image transfer commands. Most importantly, where to find suitable images.}}<br />
<br />
=== systemd toolchain ===<br />
<br />
Much of the core systemd toolchain has been updated to work with containers. Tools that do usually provide a {{ic|1=-M, --machine=}} option which will take a container name as argument.<br />
<br />
Examples:<br />
<br />
See journal logs for a particular machine:<br />
<br />
# journalctl -M ''container-name''<br />
<br />
Show control group contents:<br />
<br />
$ systemd-cgls -M ''container-name''<br />
<br />
See startup time of container:<br />
<br />
$ systemd-analyze -M ''container-name''<br />
<br />
For an overview of resource usage:<br />
<br />
$ systemd-cgtop<br />
<br />
== Configuration ==<br />
<br />
=== Per-container settings ===<br />
<br />
To specify per-container settings and not global overrides, the ''.nspawn'' files can be used. See {{man|5|systemd.nspawn}} for details.<br />
<br />
{{Note|<br />
* ''.nspawn'' files may be removed unexpectedly from {{ic|/etc/systemd/nspawn/}} when you run {{ic|machinectl remove}}. [https://github.com/systemd/systemd/issues/15900]<br />
* The interaction of network options specified in the ''.nspawn'' file and on the command line does not work correctly when there is {{ic|1=--settings=override}} (which is specified in the {{ic|systemd-nspawn@.service}} file). [https://github.com/systemd/systemd/issues/12313#issuecomment-681116926] As a workaround, you need to include the option {{ic|1=VirtualEthernet=on}}, even though the service specifies {{ic|1=--network-veth}}.<br />
}}<br />
<br />
=== Enable container to start at boot ===<br />
<br />
When using a container frequently, you may want to start it at boot.<br />
<br />
First make sure that the {{ic|machines.target}} is [[enabled]].<br />
<br />
Containers discoverable by [[#machinectl|machinectl]] can be enabled or disabled:<br />
<br />
$ machinectl enable ''container-name''<br />
<br />
{{Note|<br />
* This has the effect of enabling the {{ic|systemd-nspawn@''container-name''.service}} systemd unit.<br />
* As mentioned in [[#Default systemd-nspawn options]], containers started by ''machinectl'' get a virtual Ethernet interface. To disable private networking, see [[#Use host networking]].<br />
}}<br />
<br />
=== Resource control ===<br />
<br />
You can take advantage of control groups to implement limits and resource management of your containers with {{ic|systemctl set-property}}, see {{man|5|systemd.resource-control}}. For example, you may want to limit the memory amount or CPU usage. To limit the memory consumption of your container to 2 GiB:<br />
<br />
# systemctl set-property systemd-nspawn@''container-name''.service MemoryMax=2G<br />
<br />
Or to limit the CPU time usage to roughly the equivalent of 2 cores:<br />
<br />
# systemctl set-property systemd-nspawn@''container-name''.service CPUQuota=200%<br />
<br />
This will create permanent files in {{ic|/etc/systemd/system.control/systemd-nspawn@''container-name''.service.d/}}.<br />
<br />
According to the documentation, {{ic|MemoryHigh}} is the preferred method to keep in check memory consumption, but it will not be hard-limited as is the case with {{ic|MemoryMax}}. You can use both options leaving {{ic|MemoryMax}} as the last line of defense. Also take in consideration that you will not limit the number of CPUs the container can see, but you will achieve similar results by limiting how much time the container will get at maximum, relative to the total CPU time.<br />
<br />
{{Tip|If you want these changes to be only temporary, you can pass the option {{ic|--runtime}}. You can check their results with ''systemd-cgtop''.}}<br />
<br />
=== Networking ===<br />
<br />
''systemd-nspawn'' containers can use either ''host networking'' or ''private networking'':<br />
<br />
* In the host networking mode, the container has full access to the host network. This means that the container will be able to access all network services on the host and packets coming from the container will appear to the outside network as coming from the host (i.e. sharing the same IP address).<br />
* In the private networking mode, the container is disconnected from the host's network. This makes all network interfaces unavailable to the container, with the exception of the loopback device and those explicitly assigned to the container. There is a number of different ways to set up network interfaces for the container:<br />
** an existing interface can be assigned to the container (e.g. if you have multiple Ethernet devices),<br />
** a virtual network interface associated with an existing interface (i.e. [[VLAN]] interface) can be created and assigned to the container,<br />
** a virtual Ethernet link between the host and the container can be created.<br />
: In the latter case the container's network is fully isolated (from the outside network as well as other containers) and it is up to the administrator to configure networking between the host and the containers. This typically involves creating a [[network bridge]] to connect multiple (physical or virtual) interfaces or setting up a [[Wikipedia:Network Address Translation|Network Address Translation]] between multiple interfaces.<br />
<br />
The host networking mode is suitable for ''application containers'' which do not run any networking software that would configure the interface assigned to the container. Host networking is the default mode when you run ''systemd-nspawn'' from the shell.<br />
<br />
On the other hand, the private networking mode is suitable for ''system containers'' that should be isolated from the host system. The creation of virtual Ethernet links is a very flexible tool allowing to create complex virtual networks. This is the default mode for containers started by ''machinectl'' or {{ic|systemd-nspawn@.service}}.<br />
<br />
The following subsections describe common scenarios. See {{man|1|systemd-nspawn|Networking Options}} for details about the available ''systemd-nspawn'' options.<br />
<br />
==== Use host networking ====<br />
<br />
To disable private networking and the creation of a virtual Ethernet link used by containers started with ''machinectl'', add a ''.nspawn'' file with the following option:<br />
<br />
{{hc|/etc/systemd/nspawn/''container-name''.nspawn|2=<br />
[Network]<br />
VirtualEthernet=no<br />
}}<br />
<br />
This will override the {{ic|-n}}/{{ic|--network-veth}} option used in {{ic|systemd-nspawn@.service}} and the newly started containers will use the host networking mode.<br />
<br />
==== Use a virtual Ethernet link ====<br />
<br />
If a container is started with the {{ic|-n}}/{{ic|--network-veth}} option, ''systemd-nspawn'' will create a virtual Ethernet link between the host and the container. The host side of the link will be available as a network interface named {{ic|ve-''container-name''}}. The container side of the link will be named {{ic|host0}}. Note that this option implies {{ic|--private-network}}.<br />
<br />
{{Note|<br />
* If the container name is too long, the interface name will be shortened (e.g. {{ic|ve-long-conKQGh}} instead of {{ic|ve-long-container-name}}) to fit into the [https://stackoverflow.com/a/29398765 15-characters limit]. The full name will be set as the {{ic|altname}} property of the interface (see {{man|8|ip-link}}) and can be still used to reference the interface.<br />
* When examining the interfaces with {{ic|ip link}}, interface names will be shown with a suffix, such as {{ic|ve-''container-name''@if2}} and {{ic|host0@if9}}. The {{ic|@if''N''}} is not actually part of the interface name; instead, {{ic|ip link}} appends this information to indicate which "slot" the virtual Ethernet cable connects to on the other end.<br />
: For example, a host virtual Ethernet interface shown as {{ic|ve-''foo''@if2}} is connected to the container {{ic|''foo''}}, and inside the container to the second network interface – the one shown with index 2 when running {{ic|ip link}} inside the container. Similarly, the interface named {{ic|host0@if9}} in the container is connected to the 9th network interface on the host.<br />
}}<br />
<br />
When you start the container, an IP address has to be assigned to both interfaces (on the host and in the container). If you use [[systemd-networkd]] on the host as well as in the container, this is done out-of-the-box:<br />
<br />
* the {{ic|/usr/lib/systemd/network/80-container-ve.network}} file on the host matches the {{ic|ve-''container-name''}} interface and starts a DHCP server, which assigns IP addresses to the host interface as well as the container,<br />
* the {{ic|/usr/lib/systemd/network/80-container-host0.network}} file in the container matches the {{ic|host0}} interface and starts a DHCP client, which receives an IP address from the host.<br />
<br />
If you do not use [[systemd-networkd]], you can configure static IP addresses or start a DHCP server on the host interface and a DHCP client in the container. See [[Network configuration]] for details.<br />
<br />
To give the container access to the outside network, you can configure NAT as described in [[Internet sharing#Enable NAT]]. If you use [[systemd-networkd]], this is done (partially) automatically via the {{ic|1=IPMasquerade=both}} option in {{ic|/usr/lib/systemd/network/80-container-ve.network}}. However, this issues just one [[iptables]] (or [[nftables]]) rule such as<br />
<br />
-t nat -A POSTROUTING -s 192.168.163.192/28 -j MASQUERADE<br />
<br />
The {{ic|filter}} table has to be configured manually as shown in [[Internet sharing#Enable NAT]]. You can use a wildcard to match all interfaces starting with {{ic|ve-}}:<br />
<br />
# iptables -A FORWARD -i ve-+ -o ''internet0'' -j ACCEPT<br />
<br />
{{Note|''systemd-networkd'' and ''systemd-nspawn'' can interface with [[iptables]] (using the [https://tldp.org/HOWTO/Querying-libiptc-HOWTO/whatis.html libiptc] library) as well as with [[nftables]] [https://github.com/systemd/systemd/issues/13307][https://github.com/systemd/systemd/blob/9ca34cf5a4a20d48f829b2a36824255aac29078c/NEWS#L295-L304]. In both cases IPv4 and IPv6 NAT is supported.}}<br />
<br />
Additionally, you need to open the UDP port 67 on the {{ic|ve-+}} interfaces for incoming connections to the DHCP server (operated by ''systemd-networkd''):<br />
<br />
# iptables -A INPUT -i ve-+ -p udp -m udp --dport 67 -j ACCEPT<br />
<br />
==== Use a network bridge ====<br />
<br />
If you have configured a [[network bridge]] on the host system, you can create a virtual Ethernet link for the container and add its host side to the network bridge. This is done with the {{ic|1=--network-bridge=''bridge-name''}} option. Note that {{ic|--network-bridge}} implies {{ic|--network-veth}}, i.e. the virtual Ethernet link is created automatically. However, the host side of the link will use the {{ic|vb-}} prefix instead of {{ic|ve-}}, so the [[systemd-networkd]] options for starting the DHCP server and IP masquerading will not be applied.<br />
<br />
The bridge management is left to the administrator. For example, the bridge can connect virtual interfaces with a physical interface, or it can connect only virtual interfaces of several containers. See [[systemd-networkd#Network bridge with DHCP]] and [[systemd-networkd#Network bridge with static IP addresses]] for example configurations using [[systemd-networkd]].<br />
<br />
There is also a {{ic|1=--network-zone=''zone-name''}} option which is similar to {{ic|--network-bridge}} but the network bridge is managed automatically by ''systemd-nspawn'' and ''systemd-networkd''. The bridge interface named {{ic|vz-''zone-name''}} is automatically created when the first container configured with {{ic|1=--network-zone=''zone-name''}} is started, and is automatically removed when the last container configured with {{ic|1=--network-zone=''zone-name''}} exits. Hence, this option makes it easy to place multiple related containers on a common virtual network. Note that {{ic|vz-*}} interfaces are managed by [[systemd-networkd]] same way as {{ic|ve-*}} interfaces using the options from the {{ic|/usr/lib/systemd/network/80-container-vz.network}} file.<br />
<br />
==== Use a "macvlan" or "ipvlan" interface ====<br />
<br />
Instead of creating a virtual Ethernet link (whose host side may or may not be added to a bridge), you can create a virtual interface on an existing physical interface (i.e. [[VLAN]] interface) and add it to the container. The virtual interface will be bridged with the underlying host interface and thus the container will be exposed to the outside network, which allows it to obtain a distinct IP address via DHCP from the same LAN as the host is connected to.<br />
<br />
''systemd-nspawn'' offers 2 options:<br />
<br />
* {{ic|1=--network-macvlan=''interface''}} – the virtual interface will have a different MAC address than the underlying physical {{ic|''interface''}} and will be named {{ic|mv-''interface''}}.<br />
* {{ic|1=--network-ipvlan=''interface''}} – the virtual interface will have the same MAC address as the underlying physical {{ic|''interface''}} and will be named {{ic|iv-''interface''}}.<br />
<br />
Both options imply {{ic|--private-network}}.<br />
<br />
==== Use an existing interface ====<br />
<br />
If the host system has multiple physical network interfaces, you can use the {{ic|1=--network-interface=''interface''}} to assign {{ic|''interface''}} to the container (and make it unavailable to the host while the container is started). Note that {{ic|--network-interface}} implies {{ic|--private-network}}.<br />
<br />
{{Note|Passing wireless network interfaces to ''systemd-nspawn'' containers is currently not supported. [https://github.com/systemd/systemd/issues/7873]}}<br />
<br />
=== Port mapping ===<br />
<br />
When private networking is enabled, individual ports on the host can be mapped to ports on the container using the {{ic|-p}}/{{ic|--port}} option or by using the {{ic|Port}} setting in an ''.nspawn'' file. This is done by issuing [[iptables]] rules to the {{ic|nat}} table, but the {{ic|FORWARD}} chain in the {{ic|filter}} table needs to be configured manually as shown in [[#Use a virtual Ethernet link]].<br />
<br />
For example, to map a TCP port 8000 on the host to the TCP port 80 in the container:<br />
<br />
{{hc|/etc/systemd/nspawn/''container-name''.nspawn|2=<br />
[Network]<br />
Port=tcp:8000:80<br />
}}<br />
<br />
{{Note|''systemd-nspawn'' explicitly excludes the {{ic|loopback}} interface when mapping ports. Hence, for the example above, {{ic|localhost:8000}} connects to the host and not to the container. Only connections to other interfaces are subjected to port mapping. See [https://github.com/systemd/systemd/issues/6106] for details.}}<br />
<br />
=== Domain name resolution ===<br />
<br />
[[Domain name resolution]] in the container can be configured the same way as on the host system. Additionally, ''systemd-nspawn'' provides options to manage the {{ic|/etc/resolv.conf}} file inside the container:<br />
<br />
* {{ic|--resolv-conf}} can be used on command-line<br />
* {{ic|1=ResolvConf=}} can be used in ''.nspawn'' files<br />
<br />
These corresponding options have many possible values which are described in {{man|1|systemd-nspawn|Integration Options}}. The default value is {{ic|auto}}, which means that:<br />
<br />
* If {{ic|--private-network}} is enabled, the {{ic|/etc/resolv.conf}} is left as it is in the container.<br />
* Otherwise, if [[systemd-resolved]] is running on the host, its stub {{ic|resolv.conf}} file is copied or bind-mounted into the container.<br />
* Otherwise, the {{ic|/etc/resolv.conf}} file is copied or bind-mounted from the host to the container.<br />
<br />
In the last two cases, the file is copied, if the container root is writeable, and bind-mounted if it is read-only.<br />
<br />
For the second case where [[systemd-resolved]] runs on the host, ''systemd-nspawn'' expects it to also run in the container, so that the container can use the stub symlink file {{ic|/etc/resolv.conf}} from the host. If not, the default value {{ic|auto}} no longer works, and you should replace the symlink by using one of the {{ic|replace-*}} options.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Running non-shell/init commands ===<br />
<br />
From {{man|1|systemd-nspawn|Execution_Options}}:<br />
:"''[The option] {{ic|--as-pid2}} [invokes] the shell or specified program as process ID (PID) 2 instead of PID 1 (init). [...] It is recommended to use this mode to invoke arbitrary commands in containers, unless they have been modified to run correctly as PID 1. '''Or in other words: this switch should be used for pretty much all commands''', except when the command refers to an init or shell implementation."''</q><br />
<br />
=== Unprivileged containers ===<br />
<br />
''systemd-nspawn'' supports unprivileged containers, though the containers need to be booted as root.<br />
<br />
{{Style|Very little of [[Linux Containers#Enable support to run unprivileged containers (optional)]] applies to systemd-nspawn.}}<br />
<br />
{{Note|This feature requires {{man|7|user_namespaces}}, for further info see [[Linux Containers#Enable support to run unprivileged containers (optional)]].}}<br />
<br />
The easiest way to do this is to let ''systemd-nspawn'' automatically choose an unused range of UIDs/GIDs by using the {{ic|-U}} option:<br />
<br />
# systemd-nspawn -bUD ~/MyContainer<br />
<br />
If kernel supports user namespaces, the {{ic|-U}} option is equivalent to {{ic|1=--private-users=pick --private-users-ownership=auto}}. See {{man|1|systemd-nspawn|User Namespacing Options}} for details.<br />
<br />
{{Note|You can also specify the UID/GID range of the container manually, however, this is rarely useful.}}<br />
<br />
If a container has been started with a private UID/GID range using the {{ic|1=--private-users-ownership=chown}} option (or on a filesystem where {{ic|-U}} requires {{ic|1=--private-users-ownership=chown}}), you need to keep using it that way to avoid permission errors. Alternatively, it is possible to undo the effect of {{ic|1=--private-users-ownership=chown}} on the container's file system by specifying a range of IDs starting at 0:<br />
<br />
# systemd-nspawn -D ~/MyContainer --private-users=0 --private-users-ownership=chown<br />
<br />
=== Use an X environment ===<br />
<br />
{{Accuracy|The note about the systemd version at the end of this section seems to be obsolete. For me (systemd version 239) X applications also work if {{ic|/tmp/.X11-unix}} is bound rw.|section=/tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant?}}<br />
<br />
See [[Xhost]] and [[Change root#Run graphical applications from chroot]].<br />
<br />
You will need to set the {{ic|DISPLAY}} environment variable inside your container session to connect to the external X server.<br />
<br />
X stores some required files in the {{ic|/tmp}} directory. In order for your container to display anything, it needs access to those files. To do so, append the {{ic|--bind-ro<nowiki>=</nowiki>/tmp/.X11-unix}} option when starting the container.<br />
<br />
{{Note|Since systemd version 235, {{ic|/tmp/.X11-unix}} contents [https://github.com/systemd/systemd/issues/7093 have to be bind-mounted as read-only], otherwise they will disappear from the filesystem. The read-only mount flag does not prevent using {{ic|connect()}} syscall on the socket. If you binded also {{ic|/run/user/1000}} then you might want to explicitly bind {{ic|/run/user/1000/bus}} as read-only to protect the dbus socket from being deleted. }}<br />
<br />
==== Avoiding xhost ====<br />
<br />
{{ic|xhost}} only provides rather coarse access rights to the X server. More fine-grained access control is possible via the {{ic|$XAUTHORITY}} file. Unfortunately, just making the {{ic|$XAUTHORITY}} file accessible in the container will not do the job:<br />
your {{ic|$XAUTHORITY}} file is specific to your host, but the container is a different host.<br />
The following trick adapted from [https://stackoverflow.com/a/25280523 stackoverflow] can be used to make your X server accept the {{ic|$XAUTHORITY}} file from an X application run inside the container:<br />
<br />
$ XAUTH=/tmp/container_xauth<br />
$ xauth nextract - "$DISPLAY" | sed -e 's/^..../ffff/' | xauth -f "$XAUTH" nmerge -<br />
# systemd-nspawn -D myContainer --bind=/tmp/.X11-unix --bind="$XAUTH" -E DISPLAY="$DISPLAY" -E XAUTHORITY="$XAUTH" --as-pid2 /usr/bin/xeyes<br />
<br />
The second line above sets the connection family to "FamilyWild", value {{ic|65535}}, which causes the entry to match every display. See {{man|7|Xsecurity}} for more information.<br />
<br />
==== Using X nesting/Xephyr ====<br />
<br />
Another simple way to run X applications and avoid the risks of a shared X desktop is using X nesting.<br />
The advantages here are avoiding interaction between in-container applications and non-container applications entirely and being able to run a different [[desktop environment]] or [[window manager]], the downsides are less performance and the lack of hardware acceleration when using [[Xephyr]].<br />
<br />
Start Xephyr outside of the container using:<br />
<br />
# Xephyr :1 -resizeable<br />
<br />
Then start the container with the following options:<br />
<br />
--setenv=DISPLAY=:1 --bind-ro<nowiki>=</nowiki>/tmp/.X11-unix/X1<br />
<br />
No other binds are necessary.<br />
<br />
You might still need to manually set {{ic|1=DISPLAY=:1}} in the container under some circumstances (mostly if used with {{ic|-b}}).<br />
<br />
==== Run Firefox ====<br />
<br />
# systemd-nspawn --setenv=DISPLAY=:0 \<br />
--setenv=XAUTHORITY=~/.Xauthority \<br />
--bind-ro=$HOME/.Xauthority:/root/.Xauthority \<br />
--bind=/tmp/.X11-unix \<br />
-D ~/containers/firefox \<br />
--as-pid2 \<br />
firefox<br />
<br />
{{Note|As such, firefox is run as the root user which comes with its own risks if not using [[#Unprivileged containers]]. In that case, you may first opt to [[Users_and_groups#Example_adding_a_user|add a user]] inside the container, and then add the {{ic|--user <username>}} option in ''systemd-nspawn'' invocation.}}<br />
<br />
Alternatively you can boot the container and let e.g. [[systemd-networkd]] set up the virtual network interface:<br />
<br />
# systemd-nspawn --bind-ro=$HOME/.Xauthority:/root/.Xauthority \<br />
--bind=/tmp/.X11-unix \<br />
-D ~/containers/firefox \<br />
--network-veth -b<br />
<br />
Once your container is booted, run the Xorg binary like so:<br />
<br />
# systemd-run -M firefox --setenv=DISPLAY=:0 firefox<br />
<br />
==== 3D graphics acceleration ====<br />
<br />
To enable accelerated 3D graphics, it may be necessary to bind mount {{ic|/dev/dri}} to the container by adding the following line to the ''.nspawn'' file:<br />
<br />
Bind=/dev/dri<br />
<br />
The above trick was adopted from [https://web.archive.org/web/20190925003151/https://patrickskiba.com/sysytemd-nspawn/2019/03/21/graphical-applications-in-systemd-nspawn.html patrickskiba.com]. This notably solves the problem of<br />
<br />
libGL error: MESA-LOADER: failed to retrieve device information<br />
libGL error: Version 4 or later of flush extension not found<br />
libGL error: failed to load driver: i915<br />
<br />
You can confirm that the it has been enabled by running {{ic|glxinfo}} or {{ic|glxgears}}.<br />
<br />
=== Access host filesystem ===<br />
<br />
See {{ic|--bind}} and {{ic|--bind-ro}} in {{man|1|systemd-nspawn}}.<br />
<br />
If both the host and the container are Arch Linux, then one could, for example, share the pacman cache:<br />
<br />
# systemd-nspawn --bind=/var/cache/pacman/pkg<br />
<br />
Or you can specify per-container bind using the file:<br />
<br />
{{hc|/etc/systemd/nspawn/''my-container''.nspawn|<nowiki><br />
[Files]<br />
Bind=/var/cache/pacman/pkg<br />
</nowiki>}}<br />
<br />
See [[#Per-container settings]].<br />
<br />
To bind the directory to a different path within the container, add the path be separated by a colon. For example:<br />
<br />
# systemd-nspawn --bind=''/path/to/host_dir:/path/to/container_dir''<br />
<br />
In case of [[#Unprivileged containers]], the resulting mount points will be owned by the nobody user. This can be modified with the "idmap" mount option:<br />
# systemd-nspawn --bind=''/path/to/host_dir:/path/to/container_dir:idmap''<br />
<br />
=== Run on a non-systemd system ===<br />
<br />
See [[Init#systemd-nspawn]].<br />
<br />
=== Use Btrfs subvolume as container root ===<br />
<br />
To use a [[Btrfs#Subvolumes|Btrfs subvolume]] as a template for the container's root, use the {{ic|--template}} flag. This takes a snapshot of the subvolume and populates the root directory for the container with it.<br />
<br />
{{Note|If the template path specified is not the root of a subvolume, the '''entire''' tree is copied. This will be very time consuming.}}<br />
<br />
For example, to use a snapshot located at {{ic|/.snapshots/403/snapshot}}:<br />
<br />
# systemd-nspawn --template=/.snapshots/403/snapshots -b -D ''my-container''<br />
<br />
where {{ic|''my-container''}} is the name of the directory that will be created for the container. After powering off, the newly created subvolume is retained.<br />
<br />
=== Use temporary Btrfs snapshot of container ===<br />
<br />
One can use the {{ic|--ephemeral}} or {{ic|-x}} flag to create a temporary btrfs snapshot of the container and use it as the container root. Any changes made while booted in the container will be lost. For example:<br />
<br />
# systemd-nspawn -D ''my-container'' -xb<br />
<br />
where ''my-container'' is the directory of an '''existing''' container or system. For example, if {{ic|/}} is a btrfs subvolume one could create an ephemeral container of the currently running host system by doing:<br />
<br />
# systemd-nspawn -D / -xb <br />
<br />
After powering off the container, the btrfs subvolume that was created is immediately removed.<br />
<br />
=== Run docker in systemd-nspawn ===<br />
<br />
Since [[Docker]] 20.10, it is possible to run Docker containers inside an unprivileged ''systemd-nspawn'' container with ''cgroups v2'' enabled (default in Arch Linux) without undermining security measures by disabling cgroups and user namespaces. To do so, edit {{ic|/etc/systemd/nspawn/myContainer.nspawn}} (create if absent) and add the following configurations.<br />
<br />
{{hc|/etc/systemd/nspawn/myContainer.nspawn|<nowiki><br />
[Exec]<br />
SystemCallFilter=add_key keyctl<br />
</nowiki>}}<br />
<br />
Then, Docker should work as-is inside the container.<br />
<br />
{{Note|The configuration above exposes the system calls ''add_key'' and ''keyctl'' to the container, which are not namespaced. This could still be a security risk, even though it is much lower than disabling user namespacing entirely like what one had to do before cgroups v2.}}<br />
<br />
Since ''overlayfs'' does not work with user namespaces and is unavailable inside ''systemd-nspawn'', by default, Docker falls back to using the inefficient ''vfs'' as its storage driver, which creates a copy of the image each time a container is started. This can be worked around by using ''fuse-overlayfs'' as its storage driver. To do so, we need to first expose ''fuse'' to the container:<br />
<br />
{{hc|/etc/systemd/nspawn/myContainer.nspawn|<nowiki><br />
[Files]<br />
Bind=/dev/fuse<br />
</nowiki>}}<br />
<br />
and then allow the container to read and write the device node:<br />
<br />
# systemctl set-property systemd-nspawn@myContainer DeviceAllow='/dev/fuse rwm'<br />
<br />
Finally, install the package {{Pkg|fuse-overlayfs}} inside the container. You need to restart the container for all the configuration to take effect.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Root login fails ===<br />
<br />
If you get the following error when you try to login (i.e. using {{ic|machinectl login <name>}}):<br />
<br />
arch-nspawn login: root<br />
Login incorrect<br />
<br />
And the [[journal]] shows:<br />
<br />
pam_securetty(login:auth): access denied: tty 'pts/0' is not secure !<br />
<br />
{{Accuracy|Files in {{ic|/usr/lib}} should not be edited by users, the change in {{ic|/usr/lib/tmpfiles.d/arch.conf}} will be lost when {{pkg|filesystem}} is upgraded.}}<br />
<br />
It is possible to either delete {{ic|/etc/securetty}}[https://unix.stackexchange.com/questions/41840/effect-of-entries-in-etc-securetty/41939#41939] and {{ic|/usr/share/factory/etc/securetty}} on the '''container''' file system, or simply add the desired pty terminal devices (like {{ic|pts/0}}), as necessary, to {{ic|/etc/securetty}} on the '''container''' file system. Any changes will be overridden on the next boot, therefore it is necessary to also remove the {{ic|/etc/securetty}} entry from {{ic|/usr/lib/tmpfiles.d/arch.conf}} on the '''container''' file system, see {{Bug|63236}}. If you opt for deletion, you might also optionally blacklist the files ([[pacman#Skip files from being installed to system|NoExtract]]) in {{ic|/etc/pacman.conf}} to prevent them from getting reinstalled. See {{Bug|45903}} for details.<br />
<br />
=== execv(...) failed: Permission denied ===<br />
<br />
When trying to boot the container via {{ic|systemd-nspawn -bD ''/path/to/container''}} (or executing something in the container), and the following error comes up:<br />
<br />
execv(/usr/lib/systemd/systemd, /lib/systemd/systemd, /sbin/init) failed: Permission denied<br />
<br />
even though the permissions of the files in question (i.e. {{ic|/lib/systemd/systemd}}) are correct, this can be the result of having mounted the file system on which the container is stored as non-root user. For example, if you mount your disk manually with an entry in [[fstab]] that has the options {{ic|noauto,user,...}}, ''systemd-nspawn'' will not allow executing the files even if they are owned by root.<br />
<br />
=== Terminal type in TERM is incorrect (broken colors) ===<br />
<br />
When logging into the container via {{ic|machinectl login}}, the colors and keystrokes in the terminal within the container might be broken. This may be due to an incorrect terminal type in {{ic|TERM}} environment variable. The environment variable is not inherited from the shell on the host, but falls back to a default fixed in systemd ({{ic|vt220}}), unless explicitly configured. To configure, within the container create a configuration overlay for the {{ic|container-getty@.service}} systemd service that launches the login getty for {{ic|machinectl login}}, and set {{ic|TERM}} to the value that matches the host terminal you are logging in from:<br />
<br />
{{hc|/etc/systemd/system/container-getty@.service.d/term.conf|2=<br />
[Service]<br />
Environment=TERM=xterm-256color<br />
}}<br />
<br />
Alternatively use {{ic|machinectl shell}}. It properly inherits the {{ic|TERM}} environment variable from the terminal.<br />
<br />
=== Mounting a NFS share inside the container ===<br />
<br />
Not possible at this time (June 2019).<br />
<br />
== See also ==<br />
<br />
* [[Getty#Nspawn_console|Automatic console login]]<br />
* [https://lwn.net/Articles/572957/ Creating containers with systemd-nspawn]<br />
* [https://www.youtube.com/results?search_query=systemd-nspawn&aq=f Presentation by Lennart Poettering on systemd-nspawn]<br />
* [https://dabase.com/e/12009/ Running Firefox in a systemd-nspawn container]<br />
* [https://web.archive.org/web/20190925003151/https://patrickskiba.com/sysytemd-nspawn/2019/03/21/graphical-applications-in-systemd-nspawn.html Graphical applications in systemd-nspawn]</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=727126Talk:GnuPG2022-04-21T08:04:49Z<p>Louson: /* Recommendation to add */ try again</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
:On the same topic but on a different note, update [[GnuPG#Configuration_files]] to remove ''out of date warning'' and add the following informtion:<br />
:1) '''~/.gnupg/gpg.conf''' and '''~/.gnupg/dirmngr.conf''' are not created by default. So, the user can create them to implement the changes.<br />
:2) global config file is located at '''/etc/gnupg/gpgconf.conf''' shown by command '''gpgconf --list-config'''. This is also not created by default. The example file is <br />
:at '''/usr/share/doc/gnupg/examples/gpgconf.conf'''<br />
:--[[User:RaZorr|RaZorr]] ([[User talk:RaZorr|talk]]) 12:51, 16 January 2022 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
<br />
:That is not solving the issue for me [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 08:01, 21 April 2022 (UTC)<br />
::Actually it does fix the "Server indicated a failure" but I have now a "Try again later" [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 08:04, 21 April 2022 (UTC)<br />
<br />
== A comment on provided code snippet ==<br />
<br />
The test from [[GnuPG#Set_SSH_AUTH_SOCK|Set_SSH_AUTH_SOCK]] : <br />
<br />
[ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]<br />
<br />
would probably always fail, since [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307] sets {{ic|gnupg_SSH_AUTH_SOCK_by}} to the process id of {{ic|gpg-agent}}, and the line above tests it for the process id of the {{ic|bash}} process.<br />
<br />
Therefore, <br />
<br />
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" <br />
<br />
will probably get executed every time. However, it most likely wouldn't break anything since at worst it will reset {{ic|SSH_AUTH_SOCK}} to the same value.<br />
<br />
{{Unsigned| 11:16, 1 May 2021 (UTC)|Thread13}}<br />
<br />
== Invalid IPC response and Inappropriate ioctl for device ==<br />
I solved this problem simply by removing an {{ic|#}} inside {{ic|/etc/pinentry/preexec}} enabling the desired option and then setting {{ic|/usr/bin/pinentry}} as default.<br />
[[User:Pavlov|Pavlov]] ([[User talk:Pavlov|talk]]) 15:19, 2 May 2021 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=727125Talk:GnuPG2022-04-21T08:01:34Z<p>Louson: /* Recommendation to add */ not solving the issue</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
:On the same topic but on a different note, update [[GnuPG#Configuration_files]] to remove ''out of date warning'' and add the following informtion:<br />
:1) '''~/.gnupg/gpg.conf''' and '''~/.gnupg/dirmngr.conf''' are not created by default. So, the user can create them to implement the changes.<br />
:2) global config file is located at '''/etc/gnupg/gpgconf.conf''' shown by command '''gpgconf --list-config'''. This is also not created by default. The example file is <br />
:at '''/usr/share/doc/gnupg/examples/gpgconf.conf'''<br />
:--[[User:RaZorr|RaZorr]] ([[User talk:RaZorr|talk]]) 12:51, 16 January 2022 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
<br />
:That is not solving the issue for me [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 08:01, 21 April 2022 (UTC)<br />
<br />
== A comment on provided code snippet ==<br />
<br />
The test from [[GnuPG#Set_SSH_AUTH_SOCK|Set_SSH_AUTH_SOCK]] : <br />
<br />
[ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]<br />
<br />
would probably always fail, since [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307] sets {{ic|gnupg_SSH_AUTH_SOCK_by}} to the process id of {{ic|gpg-agent}}, and the line above tests it for the process id of the {{ic|bash}} process.<br />
<br />
Therefore, <br />
<br />
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" <br />
<br />
will probably get executed every time. However, it most likely wouldn't break anything since at worst it will reset {{ic|SSH_AUTH_SOCK}} to the same value.<br />
<br />
{{Unsigned| 11:16, 1 May 2021 (UTC)|Thread13}}<br />
<br />
== Invalid IPC response and Inappropriate ioctl for device ==<br />
I solved this problem simply by removing an {{ic|#}} inside {{ic|/etc/pinentry/preexec}} enabling the desired option and then setting {{ic|/usr/bin/pinentry}} as default.<br />
[[User:Pavlov|Pavlov]] ([[User talk:Pavlov|talk]]) 15:19, 2 May 2021 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=727057Talk:Systemd-nspawn2022-04-20T09:19:58Z<p>Louson: /* Access host filesystem */ closing</p>
<hr />
<div>== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
I asked in the systemd IRC and user 'grawity' mentioned that the X server also listens on an abstract socket at @/tmp/.X11-unix/X0, which is available inside the container if you haven't isolated its network, and thus can still be used inside the container. This means that if you don't isolate the container's network, you don't even need to bind-mount /tmp/.X11-unix to get X applications running, and I guess you also get all the X security issues for free too, which might be worth mentioning in the article.<br />
--[[User:Tomaz|Tomaz]] ([[User talk:Tomaz|talk]]) 13:21, 25 November 2021 (UTC)<br />
<br />
== Using machinectl without root permissions ==<br />
<br />
In the [https://wiki.archlinux.org/index.php/Systemd-nspawn#Using_machinectl_without_root_permissions Using machinectl without root permissions] section of the systemd-nspawn wiki, <br />
the two '''PolKit''' rules that allow '''PolKit''' actions that start with ''org.freedesktop.machine1.'' enable the subject user to login as any other user including root without password using the following '''machinectl''' command:<br />
<br />
{{ic|1=$ machinectl shell --uid=root}}<br />
<br />
Most of the default actions of the ''org.freedesktop.machine1.policy'' are backed with the ''auth_admin'' element which requires the '''PolKit''' defined administrator to identify itself.<br />
Note that the '''PolKit''' defined administrator defaults to any user who is in the wheel group and this is already reasonably flexible.<br />
<br />
[[User:Nicolas Bouchinet|Nicolas Bouchinet]] ([[User talk:Nicolas Bouchinet|talk]]) 10:49, 18 March 2021 (UTC)<br />
<br />
==Use an X environment - Move to Xorg page==<br />
<br />
Most of the information in this section applies to a broader set of use-cases and can be referenced in other parts of the wiki. [https://wiki.archlinux.org/title/Linux_Containers#Xorg_program_considerations_(optional) LXC Xorg considerations], for instance, does not properly discuss running X clients inside containers, and suggests setting the very unsafe {{ic|xhost +}} rather than the the cookie authentication method detailed method in this page. I'm planning to expand the LXC article once the page is moved.<br />
[[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 13:08, 19 January 2022 (UTC)<br />
<br />
:The information does not fit into the [[Xorg]] page. It's revolving around the pages like [[xhost]] and [[Xephyr]]. Most of it seems bound to systemd-nspawn (at least via examples), but if you have a different idea, feel free to propose a specific draft. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 09:46, 23 January 2022 (UTC)<br />
<br />
::My bad, I should've clarified I was referring specifically to the xhost bits. Perhaps an article in [[Xorg]] about authenticating remote machines and containers or multiple users would be more appropriate? If not, I will just prepare a similar section for [[LXC]] if redundancy is not an issue. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 19:48, 23 January 2022 (UTC)<br />
<br />
:::You can't have an article in an article. xhost already has an article in [[xhost]]. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 21:01, 23 January 2022 (UTC)<br />
<br />
::::The section is discussing a method of avoiding xhost, not xhost itself. In any case, I don't think it's fair that the only mention of cookie authentication in the wiki (to my knowledge) is in the systemd-nspawn article. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 16:31, 24 January 2022 (UTC)<br />
<br />
== <s>Containers can start without PID 1 running</s> ==<br />
<br />
Containers does not always start a PID 1, for example when invoking ''systemd-nspawn'' directly, only a shell is started.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Execution Options}} (emphasis mine):<br />
::-a, --as-pid2<br />
::Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 (init). By default, if neither this option nor --boot is used, the selected '''program is run as the process with PID 1''' [...]<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:02, 6 February 2022 (UTC)<br />
<br />
:::Okay, I was wrong about PID 1. The shell program runs as PID 1 by default. {{ic|-b}} is about running an '''automatically searched''' PID 1 program, which is not the shell but usually /sbin/init which itself is symlink to /lib/systemd/systemd).<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:08, 6 February 2022 (UTC)<br />
<br />
== Domain name resolution: /etc/resolv.conf should have its own subsection; this section needs expansion ==<br />
<br />
The "Domain name resolution" section is only about /etc/resolv.conf, but the current section doesn't clearly express what can {{ic|--resolv-conf}} (or {{ic|ResolvConf<nowiki>=</nowiki>}} in ''.nspawn'' file) can do: it can only changes /etc/resolv.conf, not everything.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:It's useless to have a section with one introductory sentence and one subsection. In any case, it is not a reason to add a [[Template:Expansion]], because this problem does not indicate anything missing—[[Template:Style]] should be used for that. What do you think the section is ''missing''? — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:07, 6 February 2022 (UTC)<br />
<br />
:::About ''missing'': the section does not discuss options other than "auto". For some cases DNS automatically works, but not all, and adding other confusing cases can help.<br />
:::About ''one introductory sentence and one subsection'': for this alone this is [[Template:Style]]. But the section is more about incomplete article, so its [[Template:Expansion]]. [[Template:Expansion]] at least resides in three points:<br />
:::1. "Domain name resolution" is a larger topic than /etc/resolv.conf, and I believe there are more cases where DNS does not automatically work even after fixing /etc/resolv.conf, especially in the case of virtual network between host and container.<br />
:::2. Even if the section is only about /etc/resolv.conf, the current description is confusing: the current situation is that the title is "Domain name resolution", which is a much broader one than configuring /etc/resolv.conf, but the current description does not describe it explicitly: the current description does not say the functions of the option {{ic|--resolv-conf}} clearly, and can make the illusion that {{ic|--resolv-conf}} makes ''systemd-nspawn'' magically configure DNS, but it's not. (I believe this section expresses itself pretty unclearly)<br />
:::3. This section does not discuss possible values of {{ic|--resolv-conf}}, and only describes "auto", which is unhelpful (because if it works, nobody search over the Internet for solutions). At least {{ic|--resolv-conf<nowiki>=</nowiki>replace-host}} can be helpful in the case when no init program is launched but the container expects ''systemd-resolved''.<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:36, 6 February 2022 (UTC)<br />
<br />
::::First, the section links to the manual ({{man|1|systemd-nspawn|Integration Options}}) and only then it describes what {{ic|auto}} means. If the user finds that it does not work for them, they can see the manual and configure the option accordingly for their container. The wiki does not duplicate manuals just for completeness.<br />
::::It is also pretty obvious from the section that if {{ic|--private-network}} is used (which is implied by {{ic|--network-veth}} and other options), the configuration of {{ic|/etc/resolv.conf}} is left up to the user according to the [[Domain name resolution]] page.<br />
::::Also I don't see a problem with the section title "Domain name resolution" and omitting "/etc/resolv.conf" in the heading. ''If'' there was something other than {{ic|/etc/resolv.conf}} to be described in the section, it would be mentioned, but since it does not seem to be the case, I'll reiterate that it's useless to have a section with one introductory sentence and one subsection.<br />
::::— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 19:02, 6 February 2022 (UTC)<br />
<br />
== Unprivileged container and user namespace ==<br />
<br />
''systemd-nspawn'''s unprivileged container needs user namespace support. Its only common point with LXC is about user namespaces. A link should be given as [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]].<br />
<br />
Note that ''systemd-nspawn'' must be root so it requires user namespace but not necessarily unprivilged user namespace, unlike LXC and other applications like browsers.<br />
<br />
There is no wiki page for user namespace. The only places I found for user namespace are here, [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]] and [[Security#Sandboxing_applications]] (the two scary note and warning).<br />
<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 20:09, 6 February 2022 (UTC)<br />
<br />
== Access host filesystem ==<br />
<br />
Bind mount is apparently owned by the user nobody. This can be changed by setting the {{ic|private-users}} option to no, which should be the default if I believe the {{man|1|systemd-nspawn|manual}}. If confirmed, we could add those lines in the {{ic|.nspawn}} file to avoid the problem:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 07:44, 20 April 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Mount Options}} for the --bind option: "Note that when this option is used in combination with --private-users, the resulting mount points will be owned by the nobody user. That's because the mount and its files and directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to make them read-only, using --bind-ro=. Alternatively you can use the "idmap" mount option to map the filesystem ids."<br />
:Can you try the idmap mount option?<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:09, 20 April 2022 (UTC)<br />
<br />
::The idmap mount option also fixes the problem. But I could not find why --private-users is set while it supposed to be no by default. -- [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 08:39, 20 April 2022 (UTC)<br />
<br />
:::If you use the systemd-nspawn@.service, then the -U option is used by default, which implies --private-users. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:49, 20 April 2022 (UTC)<br />
<br />
:::: Ok, then idmap is the option to use. Maybe we can add this information at the end of the paragraph ? (closing)<br />
:::: {{ic|<nowiki><br />
In case of [[#Unprivileged containers]], the resulting mount points will be owned by the nobody user. This can be modified with the "idmap" mount option:<br />
# systemd-nspawn --bind=''/path/to/host_dir:/path/to/container_dir:idmap''</nowiki>}}<br />
:::: -- [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 09:19, 20 April 2022 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=727054Talk:Systemd-nspawn2022-04-20T08:39:21Z<p>Louson: /* Access host filesystem */ re</p>
<hr />
<div>== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
I asked in the systemd IRC and user 'grawity' mentioned that the X server also listens on an abstract socket at @/tmp/.X11-unix/X0, which is available inside the container if you haven't isolated its network, and thus can still be used inside the container. This means that if you don't isolate the container's network, you don't even need to bind-mount /tmp/.X11-unix to get X applications running, and I guess you also get all the X security issues for free too, which might be worth mentioning in the article.<br />
--[[User:Tomaz|Tomaz]] ([[User talk:Tomaz|talk]]) 13:21, 25 November 2021 (UTC)<br />
<br />
== Using machinectl without root permissions ==<br />
<br />
In the [https://wiki.archlinux.org/index.php/Systemd-nspawn#Using_machinectl_without_root_permissions Using machinectl without root permissions] section of the systemd-nspawn wiki, <br />
the two '''PolKit''' rules that allow '''PolKit''' actions that start with ''org.freedesktop.machine1.'' enable the subject user to login as any other user including root without password using the following '''machinectl''' command:<br />
<br />
{{ic|1=$ machinectl shell --uid=root}}<br />
<br />
Most of the default actions of the ''org.freedesktop.machine1.policy'' are backed with the ''auth_admin'' element which requires the '''PolKit''' defined administrator to identify itself.<br />
Note that the '''PolKit''' defined administrator defaults to any user who is in the wheel group and this is already reasonably flexible.<br />
<br />
[[User:Nicolas Bouchinet|Nicolas Bouchinet]] ([[User talk:Nicolas Bouchinet|talk]]) 10:49, 18 March 2021 (UTC)<br />
<br />
==Use an X environment - Move to Xorg page==<br />
<br />
Most of the information in this section applies to a broader set of use-cases and can be referenced in other parts of the wiki. [https://wiki.archlinux.org/title/Linux_Containers#Xorg_program_considerations_(optional) LXC Xorg considerations], for instance, does not properly discuss running X clients inside containers, and suggests setting the very unsafe {{ic|xhost +}} rather than the the cookie authentication method detailed method in this page. I'm planning to expand the LXC article once the page is moved.<br />
[[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 13:08, 19 January 2022 (UTC)<br />
<br />
:The information does not fit into the [[Xorg]] page. It's revolving around the pages like [[xhost]] and [[Xephyr]]. Most of it seems bound to systemd-nspawn (at least via examples), but if you have a different idea, feel free to propose a specific draft. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 09:46, 23 January 2022 (UTC)<br />
<br />
::My bad, I should've clarified I was referring specifically to the xhost bits. Perhaps an article in [[Xorg]] about authenticating remote machines and containers or multiple users would be more appropriate? If not, I will just prepare a similar section for [[LXC]] if redundancy is not an issue. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 19:48, 23 January 2022 (UTC)<br />
<br />
:::You can't have an article in an article. xhost already has an article in [[xhost]]. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 21:01, 23 January 2022 (UTC)<br />
<br />
::::The section is discussing a method of avoiding xhost, not xhost itself. In any case, I don't think it's fair that the only mention of cookie authentication in the wiki (to my knowledge) is in the systemd-nspawn article. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 16:31, 24 January 2022 (UTC)<br />
<br />
== <s>Containers can start without PID 1 running</s> ==<br />
<br />
Containers does not always start a PID 1, for example when invoking ''systemd-nspawn'' directly, only a shell is started.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Execution Options}} (emphasis mine):<br />
::-a, --as-pid2<br />
::Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 (init). By default, if neither this option nor --boot is used, the selected '''program is run as the process with PID 1''' [...]<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:02, 6 February 2022 (UTC)<br />
<br />
:::Okay, I was wrong about PID 1. The shell program runs as PID 1 by default. {{ic|-b}} is about running an '''automatically searched''' PID 1 program, which is not the shell but usually /sbin/init which itself is symlink to /lib/systemd/systemd).<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:08, 6 February 2022 (UTC)<br />
<br />
== Domain name resolution: /etc/resolv.conf should have its own subsection; this section needs expansion ==<br />
<br />
The "Domain name resolution" section is only about /etc/resolv.conf, but the current section doesn't clearly express what can {{ic|--resolv-conf}} (or {{ic|ResolvConf<nowiki>=</nowiki>}} in ''.nspawn'' file) can do: it can only changes /etc/resolv.conf, not everything.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:It's useless to have a section with one introductory sentence and one subsection. In any case, it is not a reason to add a [[Template:Expansion]], because this problem does not indicate anything missing—[[Template:Style]] should be used for that. What do you think the section is ''missing''? — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:07, 6 February 2022 (UTC)<br />
<br />
:::About ''missing'': the section does not discuss options other than "auto". For some cases DNS automatically works, but not all, and adding other confusing cases can help.<br />
:::About ''one introductory sentence and one subsection'': for this alone this is [[Template:Style]]. But the section is more about incomplete article, so its [[Template:Expansion]]. [[Template:Expansion]] at least resides in three points:<br />
:::1. "Domain name resolution" is a larger topic than /etc/resolv.conf, and I believe there are more cases where DNS does not automatically work even after fixing /etc/resolv.conf, especially in the case of virtual network between host and container.<br />
:::2. Even if the section is only about /etc/resolv.conf, the current description is confusing: the current situation is that the title is "Domain name resolution", which is a much broader one than configuring /etc/resolv.conf, but the current description does not describe it explicitly: the current description does not say the functions of the option {{ic|--resolv-conf}} clearly, and can make the illusion that {{ic|--resolv-conf}} makes ''systemd-nspawn'' magically configure DNS, but it's not. (I believe this section expresses itself pretty unclearly)<br />
:::3. This section does not discuss possible values of {{ic|--resolv-conf}}, and only describes "auto", which is unhelpful (because if it works, nobody search over the Internet for solutions). At least {{ic|--resolv-conf<nowiki>=</nowiki>replace-host}} can be helpful in the case when no init program is launched but the container expects ''systemd-resolved''.<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:36, 6 February 2022 (UTC)<br />
<br />
::::First, the section links to the manual ({{man|1|systemd-nspawn|Integration Options}}) and only then it describes what {{ic|auto}} means. If the user finds that it does not work for them, they can see the manual and configure the option accordingly for their container. The wiki does not duplicate manuals just for completeness.<br />
::::It is also pretty obvious from the section that if {{ic|--private-network}} is used (which is implied by {{ic|--network-veth}} and other options), the configuration of {{ic|/etc/resolv.conf}} is left up to the user according to the [[Domain name resolution]] page.<br />
::::Also I don't see a problem with the section title "Domain name resolution" and omitting "/etc/resolv.conf" in the heading. ''If'' there was something other than {{ic|/etc/resolv.conf}} to be described in the section, it would be mentioned, but since it does not seem to be the case, I'll reiterate that it's useless to have a section with one introductory sentence and one subsection.<br />
::::— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 19:02, 6 February 2022 (UTC)<br />
<br />
== Unprivileged container and user namespace ==<br />
<br />
''systemd-nspawn'''s unprivileged container needs user namespace support. Its only common point with LXC is about user namespaces. A link should be given as [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]].<br />
<br />
Note that ''systemd-nspawn'' must be root so it requires user namespace but not necessarily unprivilged user namespace, unlike LXC and other applications like browsers.<br />
<br />
There is no wiki page for user namespace. The only places I found for user namespace are here, [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]] and [[Security#Sandboxing_applications]] (the two scary note and warning).<br />
<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 20:09, 6 February 2022 (UTC)<br />
<br />
== Access host filesystem ==<br />
<br />
Bind mount is apparently owned by the user nobody. This can be changed by setting the {{ic|private-users}} option to no, which should be the default if I believe the {{man|1|systemd-nspawn|manual}}. If confirmed, we could add those lines in the {{ic|.nspawn}} file to avoid the problem:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 07:44, 20 April 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Mount Options}} for the --bind option: "Note that when this option is used in combination with --private-users, the resulting mount points will be owned by the nobody user. That's because the mount and its files and directories continue to be owned by the relevant host users and groups, which do not exist in the container, and thus show up under the wildcard UID 65534 (nobody). If such bind mounts are created, it is recommended to make them read-only, using --bind-ro=. Alternatively you can use the "idmap" mount option to map the filesystem ids."<br />
:Can you try the idmap mount option?<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 08:09, 20 April 2022 (UTC)<br />
<br />
::The idmap mount option also fixes the problem. But I could not find why --private-users is set while it supposed to be no by default. -- [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 08:39, 20 April 2022 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User_talk:Louson&diff=727049User talk:Louson2022-04-20T07:44:40Z<p>Louson: Blanked the page</p>
<hr />
<div></div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=727048Talk:Systemd-nspawn2022-04-20T07:44:25Z<p>Louson: missed the timestamp</p>
<hr />
<div>== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
I asked in the systemd IRC and user 'grawity' mentioned that the X server also listens on an abstract socket at @/tmp/.X11-unix/X0, which is available inside the container if you haven't isolated its network, and thus can still be used inside the container. This means that if you don't isolate the container's network, you don't even need to bind-mount /tmp/.X11-unix to get X applications running, and I guess you also get all the X security issues for free too, which might be worth mentioning in the article.<br />
--[[User:Tomaz|Tomaz]] ([[User talk:Tomaz|talk]]) 13:21, 25 November 2021 (UTC)<br />
<br />
== Using machinectl without root permissions ==<br />
<br />
In the [https://wiki.archlinux.org/index.php/Systemd-nspawn#Using_machinectl_without_root_permissions Using machinectl without root permissions] section of the systemd-nspawn wiki, <br />
the two '''PolKit''' rules that allow '''PolKit''' actions that start with ''org.freedesktop.machine1.'' enable the subject user to login as any other user including root without password using the following '''machinectl''' command:<br />
<br />
{{ic|1=$ machinectl shell --uid=root}}<br />
<br />
Most of the default actions of the ''org.freedesktop.machine1.policy'' are backed with the ''auth_admin'' element which requires the '''PolKit''' defined administrator to identify itself.<br />
Note that the '''PolKit''' defined administrator defaults to any user who is in the wheel group and this is already reasonably flexible.<br />
<br />
[[User:Nicolas Bouchinet|Nicolas Bouchinet]] ([[User talk:Nicolas Bouchinet|talk]]) 10:49, 18 March 2021 (UTC)<br />
<br />
==Use an X environment - Move to Xorg page==<br />
<br />
Most of the information in this section applies to a broader set of use-cases and can be referenced in other parts of the wiki. [https://wiki.archlinux.org/title/Linux_Containers#Xorg_program_considerations_(optional) LXC Xorg considerations], for instance, does not properly discuss running X clients inside containers, and suggests setting the very unsafe {{ic|xhost +}} rather than the the cookie authentication method detailed method in this page. I'm planning to expand the LXC article once the page is moved.<br />
[[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 13:08, 19 January 2022 (UTC)<br />
<br />
:The information does not fit into the [[Xorg]] page. It's revolving around the pages like [[xhost]] and [[Xephyr]]. Most of it seems bound to systemd-nspawn (at least via examples), but if you have a different idea, feel free to propose a specific draft. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 09:46, 23 January 2022 (UTC)<br />
<br />
::My bad, I should've clarified I was referring specifically to the xhost bits. Perhaps an article in [[Xorg]] about authenticating remote machines and containers or multiple users would be more appropriate? If not, I will just prepare a similar section for [[LXC]] if redundancy is not an issue. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 19:48, 23 January 2022 (UTC)<br />
<br />
:::You can't have an article in an article. xhost already has an article in [[xhost]]. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 21:01, 23 January 2022 (UTC)<br />
<br />
::::The section is discussing a method of avoiding xhost, not xhost itself. In any case, I don't think it's fair that the only mention of cookie authentication in the wiki (to my knowledge) is in the systemd-nspawn article. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 16:31, 24 January 2022 (UTC)<br />
<br />
== <s>Containers can start without PID 1 running</s> ==<br />
<br />
Containers does not always start a PID 1, for example when invoking ''systemd-nspawn'' directly, only a shell is started.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Execution Options}} (emphasis mine):<br />
::-a, --as-pid2<br />
::Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 (init). By default, if neither this option nor --boot is used, the selected '''program is run as the process with PID 1''' [...]<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:02, 6 February 2022 (UTC)<br />
<br />
:::Okay, I was wrong about PID 1. The shell program runs as PID 1 by default. {{ic|-b}} is about running an '''automatically searched''' PID 1 program, which is not the shell but usually /sbin/init which itself is symlink to /lib/systemd/systemd).<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:08, 6 February 2022 (UTC)<br />
<br />
== Domain name resolution: /etc/resolv.conf should have its own subsection; this section needs expansion ==<br />
<br />
The "Domain name resolution" section is only about /etc/resolv.conf, but the current section doesn't clearly express what can {{ic|--resolv-conf}} (or {{ic|ResolvConf<nowiki>=</nowiki>}} in ''.nspawn'' file) can do: it can only changes /etc/resolv.conf, not everything.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:It's useless to have a section with one introductory sentence and one subsection. In any case, it is not a reason to add a [[Template:Expansion]], because this problem does not indicate anything missing—[[Template:Style]] should be used for that. What do you think the section is ''missing''? — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:07, 6 February 2022 (UTC)<br />
<br />
:::About ''missing'': the section does not discuss options other than "auto". For some cases DNS automatically works, but not all, and adding other confusing cases can help.<br />
:::About ''one introductory sentence and one subsection'': for this alone this is [[Template:Style]]. But the section is more about incomplete article, so its [[Template:Expansion]]. [[Template:Expansion]] at least resides in three points:<br />
:::1. "Domain name resolution" is a larger topic than /etc/resolv.conf, and I believe there are more cases where DNS does not automatically work even after fixing /etc/resolv.conf, especially in the case of virtual network between host and container.<br />
:::2. Even if the section is only about /etc/resolv.conf, the current description is confusing: the current situation is that the title is "Domain name resolution", which is a much broader one than configuring /etc/resolv.conf, but the current description does not describe it explicitly: the current description does not say the functions of the option {{ic|--resolv-conf}} clearly, and can make the illusion that {{ic|--resolv-conf}} makes ''systemd-nspawn'' magically configure DNS, but it's not. (I believe this section expresses itself pretty unclearly)<br />
:::3. This section does not discuss possible values of {{ic|--resolv-conf}}, and only describes "auto", which is unhelpful (because if it works, nobody search over the Internet for solutions). At least {{ic|--resolv-conf<nowiki>=</nowiki>replace-host}} can be helpful in the case when no init program is launched but the container expects ''systemd-resolved''.<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:36, 6 February 2022 (UTC)<br />
<br />
::::First, the section links to the manual ({{man|1|systemd-nspawn|Integration Options}}) and only then it describes what {{ic|auto}} means. If the user finds that it does not work for them, they can see the manual and configure the option accordingly for their container. The wiki does not duplicate manuals just for completeness.<br />
::::It is also pretty obvious from the section that if {{ic|--private-network}} is used (which is implied by {{ic|--network-veth}} and other options), the configuration of {{ic|/etc/resolv.conf}} is left up to the user according to the [[Domain name resolution]] page.<br />
::::Also I don't see a problem with the section title "Domain name resolution" and omitting "/etc/resolv.conf" in the heading. ''If'' there was something other than {{ic|/etc/resolv.conf}} to be described in the section, it would be mentioned, but since it does not seem to be the case, I'll reiterate that it's useless to have a section with one introductory sentence and one subsection.<br />
::::— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 19:02, 6 February 2022 (UTC)<br />
<br />
== Unprivileged container and user namespace ==<br />
<br />
''systemd-nspawn'''s unprivileged container needs user namespace support. Its only common point with LXC is about user namespaces. A link should be given as [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]].<br />
<br />
Note that ''systemd-nspawn'' must be root so it requires user namespace but not necessarily unprivilged user namespace, unlike LXC and other applications like browsers.<br />
<br />
There is no wiki page for user namespace. The only places I found for user namespace are here, [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]] and [[Security#Sandboxing_applications]] (the two scary note and warning).<br />
<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 20:09, 6 February 2022 (UTC)<br />
<br />
== Access host filesystem ==<br />
<br />
Bind mount is apparently owned by the user nobody. This can be changed by setting the {{ic|private-users}} option to no, which should be the default if I believe the {{man|1|systemd-nspawn|manual}}. If confirmed, we could add those lines in the {{ic|.nspawn}} file to avoid the problem:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 07:44, 20 April 2022 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User_talk:Louson&diff=727047User talk:Louson2022-04-20T07:44:02Z<p>Louson: Created page with "test ~~~~"</p>
<hr />
<div>test<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 07:44, 20 April 2022 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=727046Talk:Systemd-nspawn2022-04-20T07:42:03Z<p>Louson: Accessh host file system</p>
<hr />
<div>== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
I asked in the systemd IRC and user 'grawity' mentioned that the X server also listens on an abstract socket at @/tmp/.X11-unix/X0, which is available inside the container if you haven't isolated its network, and thus can still be used inside the container. This means that if you don't isolate the container's network, you don't even need to bind-mount /tmp/.X11-unix to get X applications running, and I guess you also get all the X security issues for free too, which might be worth mentioning in the article.<br />
--[[User:Tomaz|Tomaz]] ([[User talk:Tomaz|talk]]) 13:21, 25 November 2021 (UTC)<br />
<br />
== Using machinectl without root permissions ==<br />
<br />
In the [https://wiki.archlinux.org/index.php/Systemd-nspawn#Using_machinectl_without_root_permissions Using machinectl without root permissions] section of the systemd-nspawn wiki, <br />
the two '''PolKit''' rules that allow '''PolKit''' actions that start with ''org.freedesktop.machine1.'' enable the subject user to login as any other user including root without password using the following '''machinectl''' command:<br />
<br />
{{ic|1=$ machinectl shell --uid=root}}<br />
<br />
Most of the default actions of the ''org.freedesktop.machine1.policy'' are backed with the ''auth_admin'' element which requires the '''PolKit''' defined administrator to identify itself.<br />
Note that the '''PolKit''' defined administrator defaults to any user who is in the wheel group and this is already reasonably flexible.<br />
<br />
[[User:Nicolas Bouchinet|Nicolas Bouchinet]] ([[User talk:Nicolas Bouchinet|talk]]) 10:49, 18 March 2021 (UTC)<br />
<br />
==Use an X environment - Move to Xorg page==<br />
<br />
Most of the information in this section applies to a broader set of use-cases and can be referenced in other parts of the wiki. [https://wiki.archlinux.org/title/Linux_Containers#Xorg_program_considerations_(optional) LXC Xorg considerations], for instance, does not properly discuss running X clients inside containers, and suggests setting the very unsafe {{ic|xhost +}} rather than the the cookie authentication method detailed method in this page. I'm planning to expand the LXC article once the page is moved.<br />
[[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 13:08, 19 January 2022 (UTC)<br />
<br />
:The information does not fit into the [[Xorg]] page. It's revolving around the pages like [[xhost]] and [[Xephyr]]. Most of it seems bound to systemd-nspawn (at least via examples), but if you have a different idea, feel free to propose a specific draft. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 09:46, 23 January 2022 (UTC)<br />
<br />
::My bad, I should've clarified I was referring specifically to the xhost bits. Perhaps an article in [[Xorg]] about authenticating remote machines and containers or multiple users would be more appropriate? If not, I will just prepare a similar section for [[LXC]] if redundancy is not an issue. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 19:48, 23 January 2022 (UTC)<br />
<br />
:::You can't have an article in an article. xhost already has an article in [[xhost]]. — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 21:01, 23 January 2022 (UTC)<br />
<br />
::::The section is discussing a method of avoiding xhost, not xhost itself. In any case, I don't think it's fair that the only mention of cookie authentication in the wiki (to my knowledge) is in the systemd-nspawn article. [[User:Jokersus|Jokersus]] ([[User talk:Jokersus|talk]]) 16:31, 24 January 2022 (UTC)<br />
<br />
== <s>Containers can start without PID 1 running</s> ==<br />
<br />
Containers does not always start a PID 1, for example when invoking ''systemd-nspawn'' directly, only a shell is started.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:See {{man|1|systemd-nspawn|Execution Options}} (emphasis mine):<br />
::-a, --as-pid2<br />
::Invoke the shell or specified program as process ID (PID) 2 instead of PID 1 (init). By default, if neither this option nor --boot is used, the selected '''program is run as the process with PID 1''' [...]<br />
:— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:02, 6 February 2022 (UTC)<br />
<br />
:::Okay, I was wrong about PID 1. The shell program runs as PID 1 by default. {{ic|-b}} is about running an '''automatically searched''' PID 1 program, which is not the shell but usually /sbin/init which itself is symlink to /lib/systemd/systemd).<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:08, 6 February 2022 (UTC)<br />
<br />
== Domain name resolution: /etc/resolv.conf should have its own subsection; this section needs expansion ==<br />
<br />
The "Domain name resolution" section is only about /etc/resolv.conf, but the current section doesn't clearly express what can {{ic|--resolv-conf}} (or {{ic|ResolvConf<nowiki>=</nowiki>}} in ''.nspawn'' file) can do: it can only changes /etc/resolv.conf, not everything.<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 17:56, 6 February 2022 (UTC)<br />
<br />
:It's useless to have a section with one introductory sentence and one subsection. In any case, it is not a reason to add a [[Template:Expansion]], because this problem does not indicate anything missing—[[Template:Style]] should be used for that. What do you think the section is ''missing''? — [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 18:07, 6 February 2022 (UTC)<br />
<br />
:::About ''missing'': the section does not discuss options other than "auto". For some cases DNS automatically works, but not all, and adding other confusing cases can help.<br />
:::About ''one introductory sentence and one subsection'': for this alone this is [[Template:Style]]. But the section is more about incomplete article, so its [[Template:Expansion]]. [[Template:Expansion]] at least resides in three points:<br />
:::1. "Domain name resolution" is a larger topic than /etc/resolv.conf, and I believe there are more cases where DNS does not automatically work even after fixing /etc/resolv.conf, especially in the case of virtual network between host and container.<br />
:::2. Even if the section is only about /etc/resolv.conf, the current description is confusing: the current situation is that the title is "Domain name resolution", which is a much broader one than configuring /etc/resolv.conf, but the current description does not describe it explicitly: the current description does not say the functions of the option {{ic|--resolv-conf}} clearly, and can make the illusion that {{ic|--resolv-conf}} makes ''systemd-nspawn'' magically configure DNS, but it's not. (I believe this section expresses itself pretty unclearly)<br />
:::3. This section does not discuss possible values of {{ic|--resolv-conf}}, and only describes "auto", which is unhelpful (because if it works, nobody search over the Internet for solutions). At least {{ic|--resolv-conf<nowiki>=</nowiki>replace-host}} can be helpful in the case when no init program is launched but the container expects ''systemd-resolved''.<br />
:::[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 18:36, 6 February 2022 (UTC)<br />
<br />
::::First, the section links to the manual ({{man|1|systemd-nspawn|Integration Options}}) and only then it describes what {{ic|auto}} means. If the user finds that it does not work for them, they can see the manual and configure the option accordingly for their container. The wiki does not duplicate manuals just for completeness.<br />
::::It is also pretty obvious from the section that if {{ic|--private-network}} is used (which is implied by {{ic|--network-veth}} and other options), the configuration of {{ic|/etc/resolv.conf}} is left up to the user according to the [[Domain name resolution]] page.<br />
::::Also I don't see a problem with the section title "Domain name resolution" and omitting "/etc/resolv.conf" in the heading. ''If'' there was something other than {{ic|/etc/resolv.conf}} to be described in the section, it would be mentioned, but since it does not seem to be the case, I'll reiterate that it's useless to have a section with one introductory sentence and one subsection.<br />
::::— [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 19:02, 6 February 2022 (UTC)<br />
<br />
== Unprivileged container and user namespace ==<br />
<br />
''systemd-nspawn'''s unprivileged container needs user namespace support. Its only common point with LXC is about user namespaces. A link should be given as [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]].<br />
<br />
Note that ''systemd-nspawn'' must be root so it requires user namespace but not necessarily unprivilged user namespace, unlike LXC and other applications like browsers.<br />
<br />
There is no wiki page for user namespace. The only places I found for user namespace are here, [[Linux_Containers#Unprivileged_containers_on_linux-hardened_and_custom_kernels]] and [[Security#Sandboxing_applications]] (the two scary note and warning).<br />
<br />
[[User:Yemoran|Yemoran]] ([[User talk:Yemoran|talk]]) 20:09, 6 February 2022 (UTC)<br />
<br />
== Access host filesystem ==<br />
<br />
Bind mount is apparently owned by the user nobody. This can be changed by setting the {{ic|private-users}} option to no, which should be the default if I believe the {{man|1|systemd-nspawn|manual}}. If confirmed, we could add those lines in the {{ic|.nspawn}} file to avoid the problem:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]])</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=727045User:Louson2022-04-20T07:27:57Z<p>Louson: /* Create a builder with systemd-nspawn */ bind</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Bind a volume ==<br />
<br />
{{bc|<nowiki><br />
[Files]<br />
Bind=<host point>:<dest point><br />
</nowiki>}}<br />
<br />
To avoid mount on user nobody:<br />
{{bc|<nowiki><br />
[Exec]<br />
PrivateUsers=no<br />
</nowiki>}}<br />
<br />
<br />
= Synchronization =<br />
== Syncthing ==<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=659153User:Louson2021-04-11T18:22:29Z<p>Louson: /* Plugins */ importadded uneeded</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=659152User:Louson2021-04-11T18:13:01Z<p>Louson: /* Beets */ plugins</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
<br />
{{Pkg|beets}} is a nice util for tagging<br />
$ beet import -P <dir><br />
will copies the music to the configured directory. `-P` avoid temporary .wav files. `-N` to avoid questions.<br />
<br />
=== Plugins ===<br />
<br />
Add `mpdupdate` to the list of plugins to alert mpd when changes happen.<br />
<br />
{{hc|~/.config/beets/config.yaml|<nowiki><br />
mpd:<br />
host: localhost<br />
port: 6600<br />
</nowiki><br />
}}<br />
<br />
{{AUR|beets-check}} can be used to checksum audio files. Add `check` to the list of plugin and run:<br />
$ beet check -a<br />
Install `liboggz` for ogg check.<br />
<br />
Add `importadded` to check when albums have been imported.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=658536User:Louson2021-04-09T11:24:42Z<p>Louson: /* ABCDE */ max quality</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
Set maximum quality with the conf:<br />
{{hc|~/.abcde.conf|<nowiki><br />
OGGENCOPTS='-q 9'<br />
</nowiki>}}<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=657755User:Louson2021-04-05T16:25:43Z<p>Louson: /* Post-install */</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== MPD ==<br />
System wide mpd needs TCP connection to pulseaudio https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(with_separate_mpd_user).<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=653078User:Louson2021-02-21T22:13:35Z<p>Louson: /* Probe */ hp envy</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|-<br />
| HP Envy || [https://linux-hardware.org/?probe=4299d44910 2021-02-21]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=653077User:Louson2021-02-21T22:11:36Z<p>Louson: wayland basics</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|}<br />
<br />
= Wayland =<br />
<br />
Check the page :<br />
https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=650008User:Louson2021-01-27T17:22:05Z<p>Louson: /* Mainline */</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman + iwd ?<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
Wayland :<br />
* sway + dmenu-wayland-git(AUR)<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|}<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=642264Talk:GnuPG2020-11-24T17:24:00Z<p>Louson: /* Keyserver fails if resolv.conf is empty */ re: gpg is the only clue you have</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
<br />
== Keyserver fails if resolv.conf is empty ==<br />
<br />
Concerning my [https://wiki.archlinux.org/index.php?title=GnuPG&diff=prev&oldid=642251 contribution] removed. It is said this is part of the systemd-resolved setup. I believe it is not, this issue exists because gpg deals with {{ic|/etc/resolv.conf}} straight.<br />
# systemd-resolved will work properly without populating this file. There is a stub, but only to fix applications that use that file.<br />
# It was hard to find why gpg had this issue, there are absolutely no clue in the logs. It would be very helpful to give a tip about it.<br />
# Isn't tip section made for that ?<br />
Maybe it would have been better to put it after the last point, as it is DNS related.<br />
<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 16:42, 24 November 2020 (UTC)<br />
:Many things will fail if resolv.conf is empty, not just gnupg. That's why it's part of the systemd-resolved setup. You claim that it's not, but it's the first subsection under "Configuration" on the systemd-resolved wiki page. https://wiki.archlinux.org/index.php/Systemd-resolved#DNS . It's also covered in the systemd-resolved man page.<br />
:[[User:Scimmia|Scimmia]] ([[User talk:Scimmia|talk]]) 16:49, 24 November 2020 (UTC)<br />
::Yes, that's how I finally found how to fix the issue. But the issue occurs when you use gpg and it is not an evidence to link it to your DNS resolver. Most of the time, users will install their resolver before gpg. Actually, gpg was the only service that was failing after 4 months on a new install. Services frequently use resolvconf, but a few use resolv.conf. Again, it's hard to spot the issue, because the standard user does not necessarily know that gpg deals with this file.<br />
::The third point in the list is neither a question of gpg, it is a question of DNS.<br />
::[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 17:24, 24 November 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GnuPG&diff=642261Talk:GnuPG2020-11-24T16:42:49Z<p>Louson: Keyserver fails if resolv.conf is empty</p>
<hr />
<div>== System login with gnupg smartcard (yubikey, p-card, rsa token, etc) ==<br />
gnupg with [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=poldi.git poldi] can be used for system login. There is a [https://bbs.archlinux.org/viewtopic.php?id=215554 thread] asking whether it is possible to use gpg for system login.<br />
A new tip section explaining gnupg smartcard for logging into Arch Linux system is a nice addition here.<br />
<br />
[[User:Alive4ever|Alive4ever]] ([[User talk:Alive4ever|talk]]) 02:27, 4 August 2016 (UTC)<br />
<br />
== User configuration files not created ==<br />
<br />
Per the wiki, it states, "You will find skeleton files in /usr/share/gnupg. These files are copied to ~/.gnupg the first time gpg is run if they do not exist there."<br />
<br />
I could very well be doing something wrong so I'd ask that this could be verified. If we need to copy skel configuration files, it should be clearly explained in the wiki shouldn't it?<br />
<br />
I was unable to import public keys until I manually created a blank ~/.gnupg/gpg.conf with just keyserver pgp.mit.edu in it. <br />
<br />
I also found this when searching for info, https://manned.org/gpgv2/2862e42d. It states: There are no configuration files and only a few options are implemented.<br />
<br />
[[User:NuSkool|NuSkool]] ([[User talk:NuSkool|talk]]) 04:09, 26 September 2016 (UTC)<br />
<br />
== Recommendation to add ==<br />
<br />
By default, no skeleton files exist (as mentioned above) but in my case the lack of a dirmngr.conf meant that any --recv-keys failed with useful(?) errors like "gpg: keyserver receive failed: Server indicated a failure" or "gpg: error searching keyserver: Server indicated a failure". Route to get here was via makepkg, and so I skipped all the installation steps etc since gpg was already installed and went straight for a recv.<br />
<br />
echo > $HOME/.gnupg/dirmngr.conf 'standard-resolver'<br />
[[User:Beepboo|Beepboo]] ([[User talk:Beepboo|talk]]) 17:09, 22 March 2020 (UTC)<br />
<br />
== Keyserver fails if resolv.conf is empty ==<br />
<br />
Concerning my [https://wiki.archlinux.org/index.php?title=GnuPG&diff=prev&oldid=642251 contribution] removed. It is said this is part of the systemd-resolved setup. I believe it is not, this issue exists because gpg deals with {{ic|/etc/resolv.conf}} straight.<br />
# systemd-resolved will work properly without populating this file. There is a stub, but only to fix applications that use that file.<br />
# It was hard to find why gpg had this issue, there are absolutely no clue in the logs. It would be very helpful to give a tip about it.<br />
# Isn't tip section made for that ?<br />
Maybe it would have been better to put it after the last point, as it is DNS related.<br />
<br />
[[User:Louson|Louson]] ([[User talk:Louson|talk]]) 16:42, 24 November 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=GnuPG&diff=642235GnuPG2020-11-24T11:38:30Z<p>Louson: /* Key servers */ GPG fails if resolv.conf is not populated</p>
<hr />
<div>[[Category:Encryption]]<br />
[[Category:Email]]<br />
[[Category:GNU]]<br />
[[de:GnuPG]]<br />
[[es:GnuPG]]<br />
[[ja:GnuPG]]<br />
[[ko:GnuPG]]<br />
[[ru:GnuPG]]<br />
[[pl:GnuPG]]<br />
[[zh-hans:GnuPG]]<br />
[[zh-hant:GnuPG]]<br />
{{Related articles start}}<br />
{{Related|pacman/Package signing}}<br />
{{Related|Data-at-rest encryption}}<br />
{{Related|List of applications/Security#Encryption, signing, steganography}}<br />
{{Related articles end}}<br />
<br />
According to the [https://www.gnupg.org/ official website]:<br />
<br />
:GnuPG is a complete and free implementation of the [http://openpgp.org/about/ OpenPGP] standard as defined by [https://tools.ietf.org/html/rfc4880 RFC4880] (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh).<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|gnupg}} package.<br />
<br />
This will also install {{Pkg|pinentry}}, a collection of simple PIN or passphrase entry dialogs which GnuPG uses for passphrase entry. The shell script {{ic|/usr/bin/pinentry}} determines which ''pinentry'' dialog is used, in the order described at [[#pinentry]].<br />
<br />
If you want to use a graphical frontend or program that integrates with GnuPG, see [[List of applications/Security#Encryption, signing, steganography]].<br />
<br />
== Configuration ==<br />
<br />
=== Directory location ===<br />
<br />
{{ic|$GNUPGHOME}} is used by GnuPG to point to the directory where its configuration files are stored. By default {{ic|$GNUPGHOME}} is not set and your {{ic|$HOME}} is used instead; thus, you will find a {{ic|~/.gnupg}} directory right after installation. <br />
<br />
To change the default location, either run gpg this way {{ic|$ gpg --homedir ''path/to/file''}} or set the {{ic|GNUPGHOME}} [[environment variable]].<br />
<br />
=== Configuration files ===<br />
<br />
The default configuration files are {{ic|~/.gnupg/gpg.conf}} and {{ic|~/.gnupg/dirmngr.conf}}. <br />
<br />
By default, the gnupg directory has its [[permissions]] set to {{ic|700}} and the files it contains have their permissions set to {{ic|600}}. Only the owner of the directory has permission to read, write, and access the files. This is for security purposes and should not be changed. In case this directory or any file inside it does not follow this security measure, you will get warnings about unsafe file and home directory permissions.<br />
<br />
Append to these files any long options you want. Do not write the two dashes, but simply the name of the option and required arguments. You will find skeleton files in {{ic|/usr/share/doc/gnupg/}}. These files are copied to {{ic|~/.gnupg}} the first time gpg is run if they do not exist there. Other examples are found in [[#See also]].<br />
<br />
Additionally, [[pacman]] uses a different set of configuration files for package signature verification. See [[Pacman/Package signing]] for details.<br />
<br />
=== Default options for new users ===<br />
<br />
If you want to setup some default options for new users, put configuration files in {{ic|/etc/skel/.gnupg/}}. When the new user is added in system, files from here will be copied to its GnuPG home directory. There is also a simple script called ''addgnupghome'' which you can use to create new GnuPG home directories for existing users:<br />
<br />
# addgnupghome user1 user2<br />
<br />
This will add the respective {{ic|/home/user1/.gnupg/}} and {{ic|/home/user2/.gnupg/}} and copy the files from the skeleton directory to it. Users with existing GnuPG home directory are simply skipped.<br />
<br />
== Usage ==<br />
{{Note|<br />
* Whenever a ''{{ic|user-id}}'' is required in a command, it can be specified with your key ID, fingerprint, a part of your name or email address, etc. GnuPG is flexible on this.<br />
* Whenever a {{ic|''key-id''}} is needed, it can be found adding the {{ic|1=--keyid-format=long}} flag to the command. To show the master secret key for example, run {{ic|1=gpg --list-secret-keys --keyid-format=long ''user-id''}}, the ''key-id'' is the hexadecimal hash provided on the same line as ''sec''.<br />
}}<br />
=== Create a key pair ===<br />
<br />
Generate a key pair by typing in a terminal:<br />
<br />
$ gpg --full-gen-key<br />
<br />
{{Tip|Use the {{ic|--expert}} option for getting alternative ciphers like [[Wikipedia:Elliptic-curve cryptography]]. GnuPG supports elliptic curve keys as mentioned in [https://www.gnupg.org/faq/whats-new-in-2.1.html#ecc GnuPG - what's new in 2.1].}}<br />
<br />
The command will prompt for answers to several questions. For general use most people will want: <br />
<br />
* The default ''RSA and RSA'' for sign and encrypt keys.<br />
* A keysize of the default 3072 value. A larger keysize of 4096 "gives us almost nothing, while costing us quite a lot" (see [https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 why doesn’t GnuPG default to using RSA-4096]).<br />
* An expiration date: a period of one year is good enough for the average user. This way even if access is lost to the keyring, it will allow others to know that it is no longer valid. At a later stage, if necessary, the expiration date can be extended without having to re-issue a new key.<br />
* Your name and email address. You can add multiple identities to the same key later (''e.g.'', if you have multiple email addresses you want to associate with this key).<br />
* ''no'' optional comment. Since the semantics of the comment field are [https://lists.gnupg.org/pipermail/gnupg-devel/2015-July/030150.html not well-defined], it has limited value for identification.<br />
* A secure passphrase, find some guidelines in [[Security#Choosing secure passwords]].<br />
<br />
{{Note|The name and email address you enter here will be seen by anybody who imports your key.}}<br />
<br />
=== List keys ===<br />
<br />
To list keys in your public key ring:<br />
<br />
$ gpg --list-keys<br />
<br />
To list keys in your secret key ring:<br />
<br />
$ gpg --list-secret-keys<br />
<br />
=== Export your public key ===<br />
<br />
GnuPG's main usage is to ensure confidentiality of exchanged messages via public-key cryptography. With it each user distributes the public key of their keyring, which can be used by others to encrypt messages to the user. The private key must ''always'' be kept private, otherwise confidentiality is broken. See [[Wikipedia:Public-key cryptography]] for examples about the message exchange. <br />
<br />
So, in order for others to send encrypted messages to you, they need your public key. <br />
<br />
To generate an ASCII version of a user's public key to file {{ic|''public.key''}} (e.g. to distribute it by e-mail):<br />
<br />
$ gpg --export --armor --output ''public.key'' ''user-id''<br />
<br />
Alternatively, or in addition, you can [[#Use a keyserver]] to share your key. <br />
<br />
{{Tip|Add {{ic|--no-emit-version}} to avoid printing the version number, or add the corresponding setting to your configuration file.}}<br />
<br />
=== Import a public key ===<br />
<br />
In order to encrypt messages to others, as well as verify their signatures, you need their public key. To import a public key with file name {{ic|''public.key''}} to your public key ring:<br />
<br />
$ gpg --import ''public.key''<br />
<br />
Alternatively, [[#Use a keyserver]] to find a public key.<br />
<br />
If you wish to import a key ID to install a specific Arch Linux package, see [[pacman/Package signing#Managing the keyring]] and [[Makepkg#Signature checking]].<br />
<br />
=== Use a keyserver ===<br />
==== Sending keys ====<br />
You can register your key with a public PGP key server, so that others can retrieve it without having to contact you directly:<br />
<br />
$ gpg --send-keys ''key-id''<br />
<br />
{{Warning|Once a key has been submitted to a keyserver, it cannot be deleted from the server. The reason is explained in the [https://pgp.mit.edu/faq.html MIT PGP Public Key Server FAQ].}}<br />
{{Note|The associated email address, once published publicly, could be the target of spammers and in this case anti-spam filtering may be necessary.}}<br />
<br />
==== Searching and receiving keys ====<br />
To find out details of a key on the keyserver, without importing it, do:<br />
<br />
$ gpg --search-keys ''user-id''<br />
<br />
To import a key from a key server:<br />
<br />
$ gpg --recv-keys ''key-id''<br />
<br />
{{Warning|<br />
* You should verify the authenticity of the retrieved public key by comparing its fingerprint with one that the owner published on an independent source(s) (e.g., contacting the person directly). See [[Wikipedia:Public key fingerprint]] for more information.<br />
* It is recommended to use the long key ID or the full fingerprint when receiving a key. Using a short ID may encounter collisions. All keys will be imported that have the short ID, see [https://lkml.org/lkml/2016/8/15/445 fake keys found in the wild] for such example.<br />
}}<br />
<br />
{{Tip|Adding {{ic|auto-key-retrieve}} to {{ic|gpg.conf}} will automatically fetch keys from the key server as needed, but this can be considered a '''privacy violation'''; see "web bug" in {{man|1|gpg}}.}}<br />
<br />
==== Key servers ====<br />
<br />
The most common keyservers are:<br />
<br />
* [https://sks-keyservers.net SKS Keyserver Pool]: federated, no verification, keys cannot be deleted.<br />
* [https://keys.mailvelope.com Mailvelope Keyserver]: central, verification of email IDs, keys can be deleted.<br />
* [https://keys.openpgp.org keys.openpgp.org]: central, verification of email IDs, keys can be deleted, no third-party signatures (i.e. no Web of Trust support).<br />
<br />
More are listed at [[Wikipedia:Key server (cryptographic)#Keyserver examples]].<br />
<br />
An alternative key server can be specified with the {{ic|keyserver}} option in one of the [[#Configuration files]], for instance:<br />
{{hc|~/.gnupg/dirmngr.conf|<br />
keyserver hkp://pool.sks-keyservers.net<br />
}}<br />
A temporary use of another server is handy when the regular one does not work as it should. It can be achieved by, for example,<br />
<br />
$ gpg --keyserver https://keys.openpgp.org/ --search-keys 931FF8E79F0876134EDDBDCCA87FF9DF48BF1C90<br />
<br />
{{Tip|<br />
* If receiving fails with the message {{ic|gpg: keyserver receive failed: General error}}, and you use the default hkps keyserver pool, make sure set the HKPS pool verification certificate with {{ic|hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem}} in your {{ic|dirmngr.conf}} and kill the old dirmngr process.<br />
* If receiving fails with the message {{ic|gpg: error searching keyserver: Server indicated a failure}}, make sure {{ic|/etc/resolv.conf}} is populated. This can occurs if you use an external resolver (as systemd-resolved).<br />
* If your network blocks connection to port 11371 used for hkp, you may need to specify port 80, i.e. {{ic|pool.sks-keyservers.net:80}}.<br />
* If receiving fails with the message {{ic|gpg: keyserver receive failed: Connection refused}}, try using a different DNS server.<br />
* You can connect to the keyserver over [[Tor]] with [[Tor#Torsocks]]. Or using the {{ic|--use-tor}} command line option. See [https://gnupg.org/blog/20151224-gnupg-in-november-and-december.html] for more information.<br />
* You can connect to a keyserver using a proxy by setting the {{ic|http_proxy}} [[environment variable]] and setting {{ic|honor-http-proxy}} in {{ic|dirmngr.conf}}. Alternatively, set {{ic|http-proxy ''host[:port]''}} in the configuration file to override the environment variable of the same name. [[Restart]] the {{ic|dirmngr.service}} [[systemd/User|user service]] for the changes to take effect.}}<br />
<br />
=== Web Key Directory ===<br />
<br />
The Web Key Service (WKS) protocol is a new [https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/ standard] for key distribution, where the email domain provides its own key server called [https://wiki.gnupg.org/WKD Web Key Directory (WKD)]. When encrypting to an email address (e.g. {{ic|user@example.com}}), GnuPG (>=2.1.16) will query the domain ({{ic|example.com}}) via HTTPS for the public OpenPGP key if it is not already in the local keyring. The option {{ic|auto-key-locate}} will locate a key using the WKD protocol if there is no key on the local keyring for this email address.<br />
<br />
# gpg --recipient ''user@example.org'' --auto-key-locate --encrypt ''doc''<br />
<br />
See the [https://wiki.gnupg.org/WKD#Implementations GnuPG Wiki] for a list of email providers that support WKD. If you control the domain of your email address yourself, you can follow [https://wiki.gnupg.org/WKDHosting this guide] to enable WKD for your domain. To check if your key can be found in the WKD you can use [https://metacode.biz/openpgp/web-key-directory this webinterface].<br />
<br />
=== Encrypt and decrypt ===<br />
<br />
==== Asymmetric ====<br />
<br />
You need to [[#Import a public key]] of a user before encrypting (option {{ic|-e}}/{{ic|--encrypt}}) a file or message to that recipient (option {{ic|-r}}/{{ic|--recipient}}). Additionally you need to [[#Create a key pair]] if you have not already done so.<br />
<br />
To encrypt a file with the name ''doc'', use:<br />
<br />
$ gpg --recipient ''user-id'' --encrypt ''doc''<br />
<br />
To decrypt (option {{ic|-d}}/{{ic|--decrypt}}) a file with the name ''doc''.gpg encrypted with your public key, use:<br />
<br />
$ gpg --output ''doc'' --decrypt ''doc''.gpg<br />
<br />
''gpg'' will prompt you for your passphrase and then decrypt and write the data from ''doc''.gpg to ''doc''. If you omit the {{ic|-o}}/{{ic|--output}} option, ''gpg'' will write the decrypted data to stdout.<br />
<br />
{{Tip|<br />
* Add {{ic|--armor}} to encrypt a file using ASCII armor, suitable for copying and pasting a message in text format.<br />
* Use {{ic|-R ''user-id''}} or {{ic|--hidden-recipient ''user-id''}} instead of {{ic|-r}} to not put the recipient key IDs in the encrypted message. This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis.<br />
* Add {{ic|--no-emit-version}} to avoid printing the version number, or add the corresponding setting to your configuration file.<br />
* You can use GnuPG to encrypt your sensitive documents by using your own user-id as recipient or by using the {{ic|--default-recipient-self}} flag; however, you can only do this one file at a time, although you can always tarball various files and then encrypt the tarball. See also [[Data-at-rest encryption#Available methods]] if you want to encrypt directories or a whole file-system.}}<br />
<br />
==== Symmetric ====<br />
<br />
Symmetric encryption does not require the generation of a key pair and can be used to simply encrypt data with a passphrase. Simply use {{ic|-c}}/{{ic|--symmetric}} to perform symmetric encryption:<br />
<br />
$ gpg -c ''doc''<br />
<br />
The following example:<br />
<br />
* Encrypts {{ic|''doc''}} with a symmetric cipher using a passphrase<br />
* Uses the AES-256 cipher algorithm to encrypt the passphrase<br />
* Uses the SHA-512 digest algorithm to mangle the passphrase<br />
* Mangles the passphrase for 65536 iterations<br />
<br />
$ gpg -c --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 --s2k-count 65536 ''doc''<br />
<br />
To decrypt a symmetrically encrypted {{ic|''doc''.gpg}} using a passphrase and output decrypted contents into the same directory as {{ic|''doc''}} do:<br />
<br />
$ gpg --output ''doc'' --decrypt ''doc''.gpg<br />
<br />
== Key maintenance ==<br />
<br />
=== Backup your private key ===<br />
<br />
To backup your private key do the following:<br />
<br />
$ gpg --export-secret-keys --armor --output ''privkey.asc'' ''user-id''<br />
<br />
Note the above command will require that you enter the passphrase for the key. This is because otherwise anyone who gains access to the above exported file would be able to encrypt and sign documents as if they were you ''without'' needing to know your passphrase. <br />
<br />
{{Warning|The passphrase is usually the weakest link in protecting your secret key. Place the private key in a safe place on a different system/device, such as a locked container or encrypted drive. It is the only safety you have to regain control to your keyring in case of, for example, a drive failure, theft or worse.}}<br />
<br />
To import the backup of your private key:<br />
<br />
$ gpg --import ''privkey.asc''<br />
<br />
{{Tip|[[Paperkey]] can be used to export private keys as human readable text or machine readable barcodes that can be printed on paper and archived.}}<br />
<br />
=== Backup your revocation certificate ===<br />
<br />
Revocation certificates are automatically generated for newly generated keys. These are by default located in {{ic|~/.gnupg/openpgp-revocs.d/}}. The filename of the certificate is the fingerprint of the key it will revoke.<br />
The revocation certificates can also be generated manually by the user later using:<br />
<br />
$ gpg --gen-revoke --armor --output ''revcert.asc'' ''user-id''<br />
<br />
This certificate can be used to [[#Revoke a key]] if it is ever lost or compromised. The backup will be useful if you have no longer access to the secret key and are therefore not able to generate a new revocation certificate with the above command. It is short enough to be printed out and typed in by hand if necessary.<br />
<br />
{{Warning|Anyone with access to the revocation certificate can revoke the key publicly, this action cannot be undone. Protect your revocation certificate like you protect your secret key.}}<br />
<br />
=== Edit your key ===<br />
<br />
Running the {{ic|gpg --edit-key ''user-id''}} command will present a menu which enables you to do most of your key management related tasks.<br />
<br />
Type {{ic|help}} in the edit key sub menu to show the complete list of commands. Some useful ones:<br />
<br />
> passwd # change the passphrase<br />
> clean # compact any user ID that is no longer usable (e.g revoked or expired)<br />
> revkey # revoke a key<br />
> addkey # add a subkey to this key<br />
> expire # change the key expiration time<br />
> adduid # add additional names, comments, and email addresses<br />
> addphoto # add photo to key (must be JPG, 240x288 recommended, enter full path to image when prompted)<br />
<br />
{{Tip|If you have multiple email accounts you can add each one of them as an identity, using {{ic|adduid}} command. You can then set your favourite one as {{ic|primary}}.}}<br />
<br />
=== Exporting subkey ===<br />
<br />
If you plan to use the same key across multiple devices, you may want to strip out your master key and only keep the bare minimum encryption subkey on less secure systems.<br />
<br />
First, find out which subkey you want to export.<br />
<br />
$ gpg --list-secret-keys --with-subkey-fingerprint<br />
<br />
Select only that subkey to export.<br />
<br />
$ gpg -a --export-secret-subkeys [subkey id]! > /tmp/subkey.gpg<br />
<br />
{{Warning|If you forget to add the !, all of your subkeys will be exported.}}<br />
<br />
At this point you could stop, but it is most likely a good idea to change the passphrase as well. Import the key into a temporary folder. <br />
<br />
$ gpg --homedir /tmp/gpg --import /tmp/subkey.gpg<br />
$ gpg --homedir /tmp/gpg --edit-key ''user-id''<br />
> passwd<br />
> save<br />
$ gpg --homedir /tmp/gpg -a --export-secret-subkeys ''[subkey id]''! > /tmp/subkey.altpass.gpg<br />
<br />
{{Note|You will get a warning that the master key was not available and the password was not changed, but that can safely be ignored as the subkey password was.}}<br />
<br />
At this point, you can now use {{ic|/tmp/subkey.altpass.gpg}} on your other devices.<br />
<br />
=== Extending expiration date ===<br />
<br />
{{Warning|'''Never''' delete your expired or revoked subkeys unless you have a good reason. Doing so will cause you to lose the ability to decrypt files encrypted with the old subkey. Please '''only''' delete expired or revoked keys from other users to clean your keyring.}}<br />
<br />
It is good practice to set an expiration date on your subkeys, so that if you lose access to the key (e.g. you forget the passphrase) the key will not continue to be used indefinitely by others. When the key expires, it is relatively straight-forward to extend the expiration date:<br />
<br />
$ gpg --edit-key ''user-id''<br />
> expire<br />
<br />
You will be prompted for a new expiration date, as well as the passphrase for your secret key, which is used to sign the new expiration date.<br />
<br />
Repeat this for any further subkeys that have expired:<br />
<br />
> key 1<br />
> expire<br />
<br />
Finally, save the changes and quit:<br />
<br />
> save<br />
<br />
Update it to a keyserver.<br />
<br />
$ gpg --keyserver keyserver.ubuntu.com --send-keys ''key-id''<br />
<br />
Alternatively, if you use this key on multiple computers, you can export the public key (with new signed expiration dates) and import it on those machines:<br />
<br />
$ gpg --export --output pubkey.gpg ''user-id''<br />
$ gpg --import pubkey.gpg<br />
<br />
There is no need to re-export your secret key or update your backups: the master secret key itself never expires, and the signature of the expiration date left on the public key and subkeys is all that is needed.<br />
<br />
=== Rotating subkeys ===<br />
<br />
{{Warning|'''Never''' delete your expired or revoked subkeys unless you have a good reason. Doing so will cause you to lose the ability to decrypt files encrypted with the old subkey. Please '''only''' delete expired or revoked keys from other users to clean your keyring.}}<br />
<br />
Alternatively, if you prefer to stop using subkeys entirely once they have expired, you can create new ones. Do this a few weeks in advance to allow others to update their keyring.<br />
<br />
{{Tip|You do not need to create a new key simply because it is expired. You can extend the expiration date, see the section [[#Extending expiration date]].}}<br />
<br />
Create new subkey (repeat for both signing and encrypting key)<br />
<br />
$ gpg --edit-key ''user-id''<br />
> addkey<br />
<br />
And answer the following questions it asks (see [[#Create a key pair]] for suggested settings).<br />
<br />
Save changes<br />
<br />
> save<br />
<br />
Update it to a keyserver.<br />
<br />
$ gpg --keyserver pgp.mit.edu --send-keys ''user-id''<br />
<br />
You will also need to export a fresh copy of your secret keys for backup purposes. See the section [[#Backup your private key]] for details on how to do this.<br />
<br />
{{Tip|Revoking expired subkeys is unnecessary and arguably bad form. If you are constantly revoking keys, it may cause others to lack confidence in you.}}<br />
<br />
=== Revoke a key ===<br />
Key revocation should be performed if the key is compromised, superseded, no longer used, or you forget your passphrase. This is done by merging the key with the revocation certificate of the key.<br />
<br />
If you have no longer access to your keypair, first [[#Import a public key]] to import your own key.<br />
Then, to revoke the key, import the file saved in [[#Backup your revocation certificate]]:<br />
<br />
$ gpg --import ''revcert.asc''<br />
<br />
Now the revocation needs to be made public. [[#Use a keyserver]] to send the revoked key to a public PGP server if you used one in the past, otherwise, export the revoked key to a file and distribute it to your communication partners.<br />
<br />
== Signatures ==<br />
<br />
Signatures certify and timestamp documents. If the document is modified, verification of the signature will fail. Unlike encryption which uses public keys to encrypt a document, signatures are created with the user's private key. The recipient of a signed document then verifies the signature using the sender's public key.<br />
<br />
=== Create a signature ===<br />
<br />
==== Sign a file ====<br />
<br />
To sign a file use the {{ic|-s}}/{{ic|--sign}} flag:<br />
<br />
$ gpg --output ''doc''.sig --sign ''doc''<br />
<br />
{{ic|''doc''.sig}} contains both the compressed content of the original file {{ic|''doc''}} and the signature in a binary format, but the file is not encrypted. However, you can combine signing with [[#Encrypt and decrypt|encrypting]].<br />
<br />
==== Clearsign a file or message ====<br />
<br />
To sign a file without compressing it into binary format use:<br />
<br />
$ gpg --output ''doc''.sig --clearsign ''doc''<br />
<br />
Here both the content of the original file {{ic|''doc''}} and the signature are stored in human-readable form in {{ic|''doc''.sig}}.<br />
<br />
==== Make a detached signature ====<br />
<br />
To create a separate signature file to be distributed separately from the document or file itself, use the {{ic|--detach-sig}} flag:<br />
<br />
$ gpg --output ''doc''.sig --detach-sig ''doc''<br />
<br />
Here the signature is stored in {{ic|''doc''.sig}}, but the contents of {{ic|''doc''}} are not stored in it. This method is often used in distributing software projects to allow users to verify that the program has not been modified by a third party.<br />
<br />
=== Verify a signature ===<br />
<br />
To verify a signature use the {{ic|--verify}} flag:<br />
<br />
$ gpg --verify ''doc''.sig<br />
<br />
where {{ic|''doc''.sig}} is the signed file containing the signature you wish to verify.<br />
<br />
If you are verifying a detached signature, both the signed data file and the signature file must be present when verifying. For example, to verify Arch Linux's latest iso you would do:<br />
<br />
$ gpg --verify archlinux-''version''.iso.sig<br />
<br />
where {{ic|archlinux-''version''.iso}} must be located in the same directory.<br />
<br />
You can also specify the signed data file with a second argument:<br />
<br />
$ gpg --verify archlinux-''version''.iso.sig ''/path/to/''archlinux-''version''.iso<br />
<br />
If a file has been encrypted in addition to being signed, simply [[#Encrypt and decrypt|decrypt]] the file and its signature will also be verified.<br />
<br />
== gpg-agent ==<br />
<br />
''gpg-agent'' is mostly used as daemon to request and cache the password for the keychain. This is useful if GnuPG is used from an external program like a mail client. {{Pkg|gnupg}} comes with [[systemd/User|systemd user]] sockets which are enabled by default. These sockets are {{ic|gpg-agent.socket}}, {{ic|gpg-agent-extra.socket}}, {{ic|gpg-agent-browser.socket}}, {{ic|gpg-agent-ssh.socket}}, and {{ic|dirmngr.socket}}.<br />
<br />
* The main {{ic|gpg-agent.socket}} is used by ''gpg'' to connect to the ''gpg-agent'' daemon.<br />
* The intended use for the {{ic|gpg-agent-extra.socket}} on a local system is to set up a Unix domain socket forwarding from a remote system. This enables to use ''gpg'' on the remote system without exposing the private keys to the remote system. See {{man|1|gpg-agent}} for details.<br />
* The {{ic|gpg-agent-browser.socket}} allows web browsers to access the ''gpg-agent'' daemon.<br />
* The {{ic|gpg-agent-ssh.socket}} can be used by [[SSH]] to cache [[SSH keys]] added by the ''ssh-add'' program. See [[#SSH agent]] for the necessary configuration.<br />
* The {{ic|dirmngr.socket}} starts a GnuPG daemon handling connections to keyservers.<br />
<br />
{{Note|If you use non-default GnuPG [[#Directory location]], you will need to [[edit]] all socket files to use the values of {{ic|gpgconf --list-dirs}}.}}<br />
<br />
=== Configuration ===<br />
<br />
gpg-agent can be configured via {{ic|~/.gnupg/gpg-agent.conf}} file. The configuration options are listed in {{man|1|gpg-agent}}. For example you can change cache ttl for unused keys:<br />
<br />
{{hc|~/.gnupg/gpg-agent.conf|<br />
default-cache-ttl 3600<br />
}}<br />
<br />
{{Tip|To cache your passphrase for the whole session, please run the following command:<br />
$ /usr/lib/gnupg/gpg-preset-passphrase --preset XXXXX<br />
<br />
where XXXXX is the keygrip. You can get its value when running {{ic|gpg --with-keygrip -K}}. The passphrase will be stored until {{ic|gpg-agent}} is restarted. If you set up {{ic|default-cache-ttl}} value, it will take precedence.<br />
}}<br />
<br />
=== Reload the agent ===<br />
<br />
After changing the configuration, reload the agent using ''gpg-connect-agent'':<br />
<br />
$ gpg-connect-agent reloadagent /bye<br />
<br />
The command should print {{ic|OK}}.<br />
<br />
However in some cases only the restart may not be sufficient, like when {{ic|keep-screen}} has been added to the agent configuration.<br />
In this case you firstly need to kill the ongoing gpg-agent process and then you can restart it as was explained above.<br />
<br />
=== pinentry ===<br />
<br />
{{ic|gpg-agent}} can be configured via the {{ic|pinentry-program}} stanza to use a particular {{Pkg|pinentry}} user interface when prompting the user for a passphrase. For example:<br />
{{hc|~/.gnupg/gpg-agent.conf|<br />
pinentry-program /usr/bin/pinentry-curses<br />
}}<br />
<br />
There are other pinentry programs that you can choose from - see {{ic|pacman -Ql pinentry {{!}} grep /usr/bin/}}.<br />
<br />
{{Tip|In order to use {{ic|/usr/bin/pinentry-kwallet}} you have to install the {{AUR|kwalletcli}} package.}}<br />
<br />
Remember to [[#Reload the agent|reload the agent]] after making changes to the configuration.<br />
<br />
=== Cache passwords ===<br />
<br />
{{ic|max-cache-ttl}} and {{ic|default-cache-ttl}} defines how many seconds gpg-agent should cache the passwords. To enter a password once a session, set them to something very high, for instance:<br />
<br />
{{hc|gpg-agent.conf|<br />
max-cache-ttl 60480000<br />
default-cache-ttl 60480000<br />
}}<br />
<br />
For password caching in SSH emulation mode, set {{ic|default-cache-ttl-ssh}} and {{ic|max-cache-ttl-ssh}} instead, for example:<br />
<br />
{{hc|gpg-agent.conf|<br />
default-cache-ttl-ssh 60480000<br />
max-cache-ttl-ssh 60480000<br />
}}<br />
<br />
=== Unattended passphrase ===<br />
<br />
Starting with GnuPG 2.1.0 the use of gpg-agent and pinentry is required, which may break backwards compatibility for passphrases piped in from STDIN using the {{ic|--passphrase-fd 0}} commandline option. In order to have the same type of functionality as the older releases two things must be done:<br />
<br />
First, edit the gpg-agent configuration to allow ''loopback'' pinentry mode:<br />
<br />
{{hc|~/.gnupg/gpg-agent.conf|<br />
allow-loopback-pinentry<br />
}}<br />
<br />
[[#Reload the agent|Reload the agent]] if it is running to let the change take effect.<br />
<br />
Second, either the application needs to be updated to include a commandline parameter to use loopback mode like so:<br />
<br />
$ gpg --pinentry-mode loopback ...<br />
<br />
...or if this is not possible, add the option to the configuration:<br />
<br />
{{hc|~/.gnupg/gpg.conf|<br />
pinentry-mode loopback<br />
}}<br />
<br />
{{Note|The upstream author indicates setting {{ic|pinentry-mode loopback}} in {{ic|gpg.conf}} may break other usage, using the commandline option should be preferred if at all possible. [https://bugs.g10code.com/gnupg/issue1772]}}<br />
<br />
=== SSH agent ===<br />
<br />
''gpg-agent'' has OpenSSH agent emulation. If you already use the GnuPG suite, you might consider using its agent to also cache your [[SSH keys]]. Additionally, some users may prefer the PIN entry dialog GnuPG agent provides as part of its passphrase management.<br />
<br />
==== Set SSH_AUTH_SOCK ====<br />
<br />
You have to set {{ic|SSH_AUTH_SOCK}} so that SSH will use ''gpg-agent'' instead of ''ssh-agent''. To make sure each process can find your ''gpg-agent'' instance regardless of e.g. the type of shell it is child of use [[Environment_variables#Using_pam_env|pam_env]].<br />
<br />
{{hc|~/.pam_environment|2=<br />
SSH_AGENT_PID DEFAULT=<br />
SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"<br />
}}<br />
<br />
{{Note|<br />
* If you set your {{ic|SSH_AUTH_SOCK}} manually (such as in this pam_env example), keep in mind that your socket location may be different if you are using a custom {{ic|GNUPGHOME}}. You can use the following bash example, or change {{ic|SSH_AUTH_SOCK}} to the value of {{ic|gpgconf --list-dirs agent-ssh-socket}}.<br />
* If GNOME Keyring is installed, it is necessary to [[GNOME/Keyring#Disable keyring daemon components|deactivate]] its ssh component. Otherwise, it will overwrite {{ic|SSH_AUTH_SOCK}}.<br />
}}<br />
<br />
Alternatively, depend on Bash. This works for non-standard socket locations as well:<br />
<br />
{{hc|~/.bashrc|2=<br />
unset SSH_AGENT_PID<br />
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then<br />
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"<br />
fi<br />
}}<br />
<br />
{{Note|1=The test involving the {{ic|gnupg_SSH_AUTH_SOCK_by}} variable is for the case where the agent is started as {{ic|gpg-agent --daemon /bin/sh}}, in which case the shell inherits the {{ic|SSH_AUTH_SOCK}} variable from the parent, ''gpg-agent'' [http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=agent/gpg-agent.c;hb=7bca3be65e510eda40572327b87922834ebe07eb#l1307].}}<br />
<br />
==== Configure pinentry to use the correct TTY ====<br />
<br />
Also set the GPG_TTY and refresh the TTY in case user has switched into an X session as stated in {{man|1|gpg-agent}}. For example:<br />
<br />
{{hc|~/.bashrc|2=<br />
export GPG_TTY=$(tty)<br />
gpg-connect-agent updatestartuptty /bye >/dev/null<br />
}}<br />
<br />
==== Add SSH keys ====<br />
<br />
Once ''gpg-agent'' is running you can use ''ssh-add'' to approve keys, following the same steps as for [[SSH keys#ssh-agent|ssh-agent]]. The list of approved keys is stored in the {{ic|~/.gnupg/sshcontrol}} file. <br />
<br />
Once your key is approved, you will get a ''pinentry'' dialog every time your passphrase is needed. For password caching see [[#Cache passwords]].<br />
<br />
==== Using a PGP key for SSH authentication ====<br />
<br />
You can also use your PGP key as an SSH key. This requires a key with the {{ic|Authentication}} capability (see [[#Custom capabilities]]). There are various benefits gained by using a PGP key for SSH authentication, including:<br />
<br />
* Reduced key maintenance, as you will no longer need to maintain an SSH key.<br />
* The ability to store the authentication key on a smartcard. GnuPG will automatically detect the key when the card is available, and add it to the agent (check with {{ic|ssh-add -l}} or {{ic|ssh-add -L}}). The comment for the key should be something like: {{ic|openpgp:''key-id''}} or {{ic|cardno:''card-id''}}. <br />
<br />
To retrieve the public key part of your GPG/SSH key, run {{ic|gpg --export-ssh-key ''gpg-key''}}.<br />
<br />
Unless you have your GPG key on a keycard, you need to add your key to {{ic|$GNUPGHOME/sshcontrol}} to be recognized as a SSH key. If your key is on a keycard, its keygrip is added to {{ic|sshcontrol}} implicitly. If not, get the keygrip of your key this way:<br />
<br />
{{hc|$ gpg --list-keys --with-keygrip|2=<br />
sub rsa4096 2018-07-25 [A]<br />
Keygrip = ''1531C8084D16DC4C36911F1585AF0ACE7AAFD7E7''<br />
}}<br />
<br />
Then edit {{ic|sshcontrol}} like this. Adding the keygrip is a one-time action; you will not need to edit the file again, unless you are adding additional keys.<br />
<br />
{{hc|$GNUPGHOME/sshcontrol|<br />
''1531C8084D16DC4C36911F1585AF0ACE7AAFD7E7''<br />
}}<br />
<br />
== Smartcards ==<br />
<br />
GnuPG uses ''scdaemon'' as an interface to your smartcard reader, please refer to the [[man page]] {{man|1|scdaemon}} for details.<br />
<br />
=== GnuPG only setups ===<br />
<br />
{{Note| To allow scdaemon direct access to USB smartcard readers the optional dependency {{Pkg|libusb-compat}} must be installed}}<br />
<br />
If you do not plan to use other cards but those based on GnuPG, you should check the {{Ic|reader-port}} parameter in {{ic|~/.gnupg/scdaemon.conf}}. The value '0' refers to the first available serial port reader and a value of '32768' (default) refers to the first USB reader.<br />
<br />
=== GnuPG with pcscd (PCSC Lite) ===<br />
<br />
{{man|8|pcscd}} is a daemon which handles access to smartcard (SCard API). If GnuPG's scdaemon fails to connect the smartcard directly (e.g. by using its integrated CCID support), it will fallback and try to find a smartcard using the PCSC Lite driver.<br />
<br />
To use pscsd [[install]] {{Pkg|pcsclite}} and {{Pkg|ccid}}. Then [[start]] and/or [[enable]] {{ic|pcscd.service}}. Alternatively start and/or enable {{ic|pcscd.socket}} to activate the daemon when needed.<br />
<br />
==== Always use pcscd ====<br />
<br />
If you are using any smartcard with an opensc driver (e.g.: ID cards from some countries) you should pay some attention to GnuPG configuration. Out of the box you might receive a message like this when using {{Ic|gpg --card-status}}<br />
<br />
gpg: selecting openpgp failed: ec=6.108<br />
<br />
By default, scdaemon will try to connect directly to the device. This connection will fail if the reader is being used by another process. For example: the pcscd daemon used by OpenSC. To cope with this situation we should use the same underlying driver as opensc so they can work well together. In order to point scdaemon to use pcscd you should remove {{Ic|reader-port}} from {{ic|~/.gnupg/scdaemon.conf}}, specify the location to {{ic|libpcsclite.so}} library and disable ccid so we make sure that we use pcscd:<br />
<br />
{{hc|~/.gnupg/scdaemon.conf|<nowiki><br />
pcsc-driver /usr/lib/libpcsclite.so<br />
card-timeout 5<br />
disable-ccid<br />
</nowiki>}}<br />
<br />
Please check {{man|1|scdaemon}} if you do not use OpenSC.<br />
<br />
==== Shared access with pcscd ====<br />
<br />
GnuPG {{ic|scdaemon}} is the only popular {{ic|pcscd}} client that uses {{ic|PCSC_SHARE_EXCLUSIVE}} flag when connecting to {{ic|pcscd}}. Other clients like OpenSC PKCS#11 that are used by browsers and programs listed in [[Electronic identification]] are using {{ic|PCSC_SHARE_SHARED}} that allows simultaneous access to single smartcard. {{ic|pcscd}} will not give exclusive access to smartcard while there are other clients connected. This means that to use GnuPG smartcard features you must before have to close all your open browser windows or do some other inconvenient operations. There is a out of tree patch in [https://github.com/GPGTools/MacGPG2/blob/dev/patches/gnupg/scdaemon_shared-access.patch GPGTools/MacGPG2] git repo that enables {{ic|scdaemon}} to use shared access but GnuPG developers are against allowing this because when one {{ic|pcscd}} client authenticates the smartcard then some other malicious {{ic|pcscd}} clients could do authenticated operations with the card without you knowing. You can read full mailing list thread [https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030247.html here].<br />
<br />
If you accept the security risk then you can use the patch from [https://github.com/GPGTools/MacGPG2/blob/dev/patches/gnupg/scdaemon_shared-access.patch GPGTools/MacGPG2] git repo or use {{AUR|gnupg-scdaemon-shared-access}} package. After patching your {{ic|scdaemon}} you can enable shared access by modifying your {{ic|scdaemon.conf}} file and adding {{ic|shared-access}} line end of it.<br />
<br />
===== Multi applet smart cards =====<br />
When using [[YubiKey]]s or other multi applet USB dongles with OpenSC PKCS#11 may run into problems where OpenSC switches your Yubikey from OpenPGP to PIV applet, breaking the {{ic|scdaemon}}. <br />
<br />
You can hack around the problem by forcing OpenSC to also use the OpenPGP applet. Open {{ic|/etc/opensc.conf}} file, search for Yubikey and change the {{ic|1=driver = "PIV-II";}} line to {{ic|1=driver = "openpgp";}}. If there is no such entry, use {{ic|pcsc_scan}}. Search for the Answer to Reset {{ic|ATR: 12 34 56 78 90 AB CD ...}}. Then create a new entry.<br />
<br />
{{hc|/etc/opensc.conf|2=<br />
...<br />
card_atr 12:23:34:45:67:89:ab:cd:... {<br />
name = "YubiKey Neo";<br />
driver = "openpgp"<br />
}<br />
...<br />
}}<br />
<br />
After that you can test with {{ic|pkcs11-tool -O --login}} that the OpenPGP applet is selected by default. Other PKCS#11 clients like browsers may need to be restarted for that change to be applied.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Different algorithm ===<br />
<br />
You may want to use stronger algorithms:<br />
<br />
{{hc|~/.gnupg/gpg.conf|<br />
...<br />
<br />
personal-digest-preferences SHA512<br />
cert-digest-algo SHA512<br />
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed<br />
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES<br />
}}<br />
<br />
In the latest version of GnuPG, the default algorithms used are SHA256 and AES, both of which are secure enough for most people. However, if you are using a version of GnuPG older than 2.1, or if you want an even higher level of security, then you should follow the above step.<br />
<br />
=== Encrypt a password ===<br />
<br />
It can be useful to encrypt some password, so it will not be written in clear on a configuration file. A good example is your email password.<br />
<br />
First create a file with your password. You '''need''' to leave '''one''' empty line after the password, otherwise gpg will return an error message when evaluating the file.<br />
<br />
Then run:<br />
<br />
$ gpg -e -a -r ''user-id'' ''your_password_file''<br />
<br />
{{ic|-e}} is for encrypt, {{ic|-a}} for armor (ASCII output), {{ic|-r}} for recipient user ID.<br />
<br />
You will be left with a new {{ic|''your_password_file''.asc}} file.<br />
<br />
{{Tip|[[pass]] automates this process.}}<br />
<br />
=== Change trust model ===<br />
<br />
By default GnuPG uses the [[Wikipedia::Web of Trust|Web of Trust]] as the trust model. You can change this to [[Wikipedia::Trust on first use|Trust on first use]] by adding {{ic|1=--trust-model=tofu}} when adding a key or adding this option to your GnuPG configuration file. More details are in [https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030341.html this email to the GnuPG list].<br />
<br />
=== Hide all recipient id's ===<br />
<br />
By default the recipient's key ID is in the encrypted message. This can be removed at encryption time for a recipient by using {{ic|hidden-recipient ''user-id''}}. To remove it for all recipients add {{ic|throw-keyids}} to your configuration file. This helps to hide the receivers of the message and is a limited countermeasure against traffic analysis. (Using a little social engineering anyone who is able to decrypt the message can check whether one of the other recipients is the one he suspects.) On the receiving side, it may slow down the decryption process because all available secret keys must be tried (''e.g.'' with {{ic|--try-secret-key ''user-id''}}).<br />
<br />
=== Using caff for keysigning parties ===<br />
<br />
To allow users to validate keys on the keyservers and in their keyrings (i.e. make sure they are from whom they claim to be), PGP/GPG uses the [[Wikipedia::Web of Trust|Web of Trust]]. Keysigning parties allow users to get together at a physical location to validate keys. The [[Wikipedia:Zimmermann–Sassaman key-signing protocol|Zimmermann-Sassaman]] key-signing protocol is a way of making these very effective. [http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html Here] you will find a how-to article.<br />
<br />
For an easier process of signing keys and sending signatures to the owners after a keysigning party, you can use the tool ''caff''. It can be installed from the AUR with the package {{AUR|caff-git}}.<br />
<br />
To send the signatures to their owners you need a working [[Wikipedia:Message transfer agent|MTA]]. If you do not have already one, install [[msmtp]].<br />
<br />
=== Always show long ID's and fingerprints ===<br />
<br />
To always show long key ID's add {{ic|keyid-format 0xlong}} to your configuration file. To always show full fingerprints of keys, add {{ic|with-fingerprint}} to your configuration file.<br />
<br />
=== Custom capabilities ===<br />
<br />
For further customization also possible to set custom capabilities to your keys. The following capabilities are available:<br />
<br />
* Certify (only for master keys) - allows the key to create subkeys, mandatory for master keys.<br />
* Sign - allows the key to create cryptographic signatures that others can verify with the public key.<br />
* Encrypt - allows anyone to encrypt data with the public key, that only the private key can decrypt.<br />
* Authenticate - allows the key to authenticate with various non-GnuPG programs. The key can be used as e.g. an SSH key. <br />
<br />
It's possible to specify the capabilities of the master key, by running: <br />
<br />
$ gpg --full-generate-key --expert<br />
<br />
And select an option that allows you to set your own capabilities.<br />
<br />
Comparably, to specify custom capabilities for subkeys, add the {{ic|--expert}} flag to {{ic|gpg --edit-key}}, see [[#Edit your key]] for more information.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Not enough random bytes available ===<br />
<br />
When generating a key, gpg can run into this error:<br />
<br />
Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy!<br />
<br />
To check the available entropy, check the kernel parameters:<br />
<br />
$ cat /proc/sys/kernel/random/entropy_avail<br />
<br />
A healthy Linux system with a lot of entropy available will have return close to the full 4,096 bits of entropy. If the value returned is less than 200, the system is running low on entropy. <br />
<br />
To solve it, remember you do not often need to create keys and best just do what the message suggests (e.g. create disk activity, move the mouse, edit the wiki - all will create entropy). If that does not help, check which service is using up the entropy and consider stopping it for the time. If that is no alternative, see [[Random number generation#Alternatives]].<br />
<br />
=== su ===<br />
<br />
When using {{Ic|pinentry}}, you must have the proper permissions of the terminal device (e.g. {{Ic|/dev/tty1}}) in use. However, with ''su'' (or ''sudo''), the ownership stays with the original user, not the new one. This means that pinentry will fail with a {{ic|Permission denied}} error, even as root. If this happens when attempting to use ssh, an error like {{ic|sign_and_send_pubkey: signing failed: agent refused operation}} will be returned. The fix is to change the permissions of the device at some point before the use of pinentry (i.e. using gpg with an agent). If doing gpg as root, simply change the ownership to root right before using gpg:<br />
<br />
# chown root /dev/ttyN # where N is the current tty<br />
<br />
and then change it back after using gpg the first time. The equivalent is true with {{Ic|/dev/pts/}}.<br />
<br />
{{Note|The owner of tty ''must'' match with the user for which pinentry is running. Being part of the group {{Ic|tty}} '''is not''' enough.}}<br />
<br />
{{Tip|If you run gpg with {{ic|script}} it will use a new tty with the correct ownership:<br />
<br />
# script -q -c "gpg --gen-key" /dev/null<br />
}}<br />
<br />
=== Agent complains end of file ===<br />
<br />
If the pinentry program is {{ic|/usr/bin/pinentry-gnome3}}, it needs a DBus session bus to run properly. See [[General troubleshooting#Session permissions]] for details.<br />
<br />
Alternatively, you can use a variety of different options described in [[#pinentry]].<br />
<br />
=== KGpg configuration permissions ===<br />
<br />
There have been issues with {{Pkg|kgpg}} being able to access the {{ic|~/.gnupg/}} options. One issue might be a result of a deprecated ''options'' file, see the [https://bugs.kde.org/show_bug.cgi?id=290221 bug] report.<br />
<br />
=== GNOME on Wayland overrides SSH agent socket ===<br />
<br />
For Wayland sessions, {{Ic|gnome-session}} sets {{Ic|SSH_AUTH_SOCK}} to the standard gnome-keyring socket, {{Ic|$XDG_RUNTIME_DIR/keyring/ssh}}. This overrides any value set in {{Ic|~/.pam_environmment}} or systemd unit files.<br />
<br />
See [[GNOME/Keyring#Disable keyring daemon components]] on how to disable this behavior.<br />
<br />
=== mutt ===<br />
<br />
Mutt might not use ''gpg-agent'' correctly, you need to set an [[environment variable]] {{ic|GPG_AGENT_INFO}} (the content does not matter) when running mutt. Be also sure to enable password caching correctly, see [[#Cache passwords]].<br />
<br />
See [https://bbs.archlinux.org/viewtopic.php?pid=1490821#p1490821 this forum thread].<br />
<br />
=== "Lost" keys, upgrading to gnupg version 2.1 ===<br />
<br />
When {{ic|gpg --list-keys}} fails to show keys that used to be there, and applications complain about missing or invalid keys, some keys may not have been migrated to the new format.<br />
<br />
Please read [http://jo-ke.name/wp/?p=111 GnuPG invalid packet workaround]{{Dead link|2020|02|24}}. Basically, it says that there is a bug with keys in the old {{ic|pubring.gpg}} and {{ic|secring.gpg}} files, which have now been superseded by the new {{ic|pubring.kbx}} file and the {{ic|private-keys-v1.d/}} subdirectory and files. Your missing keys can be recovered with the following commands:<br />
<br />
$ cd<br />
$ cp -r .gnupg gnupgOLD<br />
$ gpg --export-ownertrust > otrust.txt<br />
$ gpg --import .gnupg/pubring.gpg<br />
$ gpg --import-ownertrust otrust.txt<br />
$ gpg --list-keys<br />
<br />
=== gpg hanged for all keyservers (when trying to receive keys) ===<br />
<br />
If gpg hanged with a certain keyserver when trying to receive keys, you might need to kill dirmngr in order to get access to other keyservers which are actually working, otherwise it might keeping hanging for all of them.<br />
<br />
=== Smartcard not detected ===<br />
<br />
Your user might not have the permission to access the smartcard which results in a {{ic|card error}} to be thrown, even though the card is correctly set up and inserted.<br />
<br />
One possible solution is to add a new group {{ic|scard}} including the users who need access to the smartcard.<br />
<br />
Then use [[udev rules]], similar to the following:<br />
<br />
{{hc|/etc/udev/rules.d/71-gnupg-ccid.rules|<nowiki><br />
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0116|0111", MODE="660", GROUP="scard"<br />
</nowiki>}}<br />
<br />
One needs to adapt VENDOR and MODEL according to the {{ic|lsusb}} output, the above example is for a YubikeyNEO.<br />
<br />
=== server 'gpg-agent' is older than us (x < y) ===<br />
<br />
This warning appears if {{ic|gnupg}} is upgraded and the old gpg-agent is still running. [[Restart]] the ''user'''s {{ic|gpg-agent.socket}} (i.e., use the {{ic|--user}} flag when restarting).<br />
<br />
=== IPC connect call failed ===<br />
<br />
{{Accuracy|The {{ic|gpg-agent*.socket}} systemd sockets provided by the {{Pkg|gnupg}} package create the sockets in {{ic|/run/user/$UID/gnupg/}} which is guaranteed to be an appropriate file system.}}<br />
<br />
Make sure {{ic|gpg-agent}} and {{ic|dirmngr}} are not running with {{ic|killall gpg-agent dirmngr}} and the {{ic|$GNUPGHOME/crls.d/}} folder has permission set to {{ic|700}}.<br />
<br />
If your keyring is stored on a vFat filesystem (e.g. a USB drive), {{ic|gpg-agent}} will fail to create the required sockets (vFat does not support sockets), you can create redirects to a location that handles sockets, e.g. {{ic|/dev/shm}}:<br />
<br />
# export GNUPGHOME=/custom/gpg/home<br />
# printf '%%Assuan%%\nsocket=/dev/shm/S.gpg-agent\n' > $GNUPGHOME/S.gpg-agent<br />
# printf '%%Assuan%%\nsocket=/dev/shm/S.gpg-agent.browser\n' > $GNUPGHOME/S.gpg-agent.browser<br />
# printf '%%Assuan%%\nsocket=/dev/shm/S.gpg-agent.extra\n' > $GNUPGHOME/S.gpg-agent.extra<br />
# printf '%%Assuan%%\nsocket=/dev/shm/S.gpg-agent.ssh\n' > $GNUPGHOME/S.gpg-agent.ssh<br />
<br />
Test that gpg-agent starts successfully with {{ic|gpg-agent --daemon}}.<br />
<br />
=== Mitigating Poisoned PGP Certificates ===<br />
<br />
In June 2019, an unknown attacker spammed several high-profile PGP certificates with tens of thousands (or hundreds of thousands) of signatures (CVE-2019-13050) and uploaded these signatures to the SKS keyservers.<br />
The existence of these poisoned certificates in a keyring causes gpg to hang with the following message:<br />
<br />
gpg: removing stale lockfile (created by 7055)<br />
<br />
Possible mitigation involves removing the poisoned certificate as per this [https://tech.michaelaltfield.net/2019/07/14/mitigating-poisoned-pgp-certificates/ blog post].<br />
<br />
=== Invalid IPC response and Inappropriate ioctl for device ===<br />
<br />
The default pinentry program is {{ic|/usr/bin/pinentry-gtk-2}}. If {{Pkg|gtk2}} is unavailable, pinentry falls back to {{ic|/usr/bin/pinentry-curses}} and causes signing to fail:<br />
<br />
gpg: signing failed: Inappropriate ioctl for device<br />
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device<br />
<br />
You need to set the {{ic|GPG_TTY}} environment variable for the pinentry programs {{ic|/usr/bin/pinentry-tty}} and {{ic|/usr/bin/pinentry-curses}}.<br />
<br />
$ export GPG_TTY=$(tty)<br />
<br />
== See also ==<br />
<br />
* [https://gnupg.org/ GNU Privacy Guard Homepage]<br />
* [https://futureboy.us/pgp.html Alan Eliasen's GPG Tutorial]<br />
* [https://tools.ietf.org/html/rfc4880 RFC4880 "OpenPGP Message Format"]<br />
* [https://help.riseup.net/en/security/message-security/openpgp/gpg-best-practices gpg.conf recommendations and best practices]<br />
* [https://fedoraproject.org/wiki/Creating_GPG_Keys Creating GPG Keys (Fedora)]<br />
* [https://wiki.debian.org/Subkeys OpenPGP subkeys in Debian]<br />
* [https://github.com/lfit/itpol/blob/master/protecting-code-integrity.md Protecting code integrity with PGP]<br />
* [https://sanctum.geek.nz/arabesque/series/gnu-linux-crypto/ A more comprehensive gpg Tutorial]<br />
* [https://www.reddit.com/r/GPGpractice/ /r/GPGpractice - a subreddit to practice using GnuPG.]</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=636770User:Louson2020-09-29T13:29:03Z<p>Louson: Probe</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
== Probe ==<br />
Install {{AUR|hw-probe}} and run :<br />
$ sudo -E hw-probe -all -upload<br />
<br />
{| class="wikitable"<br />
|+ Results<br />
! Machine !! Date<br />
|-<br />
| Asus zenbook || [https://linux-hardware.org/?probe=28aa6ce10e 2020-09-29]<br />
|}<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=636241User:Louson2020-09-23T13:37:52Z<p>Louson: /* Post-install */ ldconfig</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
== ldconfig does not load /usr/local/lib ==<br />
Enable {{ic|/usr/local/lib}} in ldconfig:<br />
<br />
{{hc|/etc/ld.so.conf.d/usrlocal.conf|<nowiki><br />
/usr/local/lib<br />
<br />
</nowiki>}}<br />
<br />
And restart the systemd service {{ic|ldconfig.service}}.<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=ASUS_Zenbook_UX333/433/533&diff=635671ASUS Zenbook UX333/433/5332020-09-18T12:09:48Z<p>Louson: /* Configuration */ AHCI mode</p>
<hr />
<div>[[Category:ASUS]]<br />
[[ja:ASUS Zenbook UX333]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Intel || {{G|Working}}<br />
|-<br />
| Nvidia || {{G|Working}}<br />
|-<br />
| HDMI || {{G|Working}}<br />
|-<br />
| Ethernet (USB cable) || {{G|Working}}<br />
|-<br />
| Wireless || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Camera || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Function keys || {{G|Working}}<br />
|-<br />
| Face recognition sensor || {{G| working}}<br />
|-<br />
| Battery charge threshold || {{G| working}}<br />
|}<br />
ASUS [https://www.asus.com/us/News/C8ew3iV9HQ6KqLnw announced] UX333, UX433 and UX533 models. Since these models share almost the same hardware (the only difference is screen size and discrete NVidia GPU), this article covers hardware specific configuration for all ZenBook 13 (UX333), ZenBook 14 (UX433) and ZenBook 15 (UX533).<br />
<br />
== Configuration ==<br />
<br />
=== Secure Boot (option) ===<br />
In order to boot any Linux operating system, navigate to BIOS, then hit F7 or click on "Advanced Menu", then the "Security" tab and set "Secure Boot" to {{ic|Off}}.<br />
<br />
If the aforementioned "Secure Boot" option is a menu rather than an on-or-off option, click on "Secure Boot", "Key Management", then "Reset to Setup Mode" and confirm in the dialog.<br />
<br />
=== Sata configuration ===<br />
If your device is not seen with {{ic|fdisk -l}}, you may need to put your sata in AHCI mode.<br />
<br />
Navigate to BIOS, then hit {{ic|F7}} or click on ''Advanced Menu'', then the ''Sata configuration'' tab and set it to {{ic|AHCI}}.<br />
<br />
=== Video ===<br />
See [[Intel_graphics#Installation|Intel Graphics]] and [[Hardware_video_acceleration|Hardware Acceleration]]. For models with discrete Nvidia graphics card, also see [[NVIDIA Optimus]].<br />
<br />
=== Audio ===<br />
See [[PulseAudio]].<br />
<br />
=== Touchpad ===<br />
See [[Libinput]].<br />
<br />
=== Facerecognition login ===<br />
<br />
This computer has built-in face recognition sensor. <br />
You can use it with the project Howdy [https://github.com/boltgolt/howdy].<br />
See the [[howdy]] page for further informations.<br />
<br />
=== Battery charge threshold ===<br />
<br />
The procedure decribed at [[ASUS Zenbook UX534#Battery charge threshold]] works for the UX333, UX433, and UX533.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Microcode ===<br />
During boot you might get the message {{ic|<nowiki>[Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x52 (or later)</nowiki>}}. See [[Microcode]] to resolve it.<br />
<br />
=== Nvidia issues with Bumblebee ===<br />
It is likely that it's one of these issues:<br />
<br />
* You used a power management application (especially [[Powertop]]). See [[bumblebee#Broken power management with kernel 4.8]] for more information.<br />
* You suspended your laptop and resumed, and are now unable to start your GPU, see [[Bumblebee#Failed to initialize the NVIDIA GPU at PCI:1:0:0 (Bumblebee daemon reported: error: %5BXORG%5D (EE) NVIDIA(GPU-0))]].<br />
<br />
=== Suspend ===<br />
<br />
Linux (4.17 at least) default to [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-idle suspend-to-idle] which is not very power effective. This is probably due to this change in [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e870c6c87cf9484090d28f2a68aa29e008960c93 4.14-rc1]. For better power effective you can use [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-ram suspend-to-ram] by adding {{ic|1=mem_sleep_default=deep}} to the kernel cmdline.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Power saving and performance ===<br />
As advertised by ASUS, these laptops are capable to last up to 9 hours on battery. In order to achieve this, see:<br />
<br />
* BIOS update - It is generally recommended to update BIOS, as it usually brings performance, power-saving and security features.<br />
<br />
* [[Power Saving]] - List of general recommendations to increase battery life.<br />
<br />
* [[Improving performance]] - List of general recommendations to increase performance.<br />
<br />
* [[SSD]] - Tips and tricks for Solid State Drives. These three laptops ship M.2 SSD by default.<br />
<br />
* [[Undervolting CPU]] - Decrease voltage for Intel CPU (reduce battery drain, reduce heat and therefore - reduce fan speed)<br />
<br />
=== Extract Windows 10 license key ===<br />
<br />
The laptop comes with Windows 10 preinstalled and the activation key is hardcoded into the firmware. If you replace Windows with Linux, then hardcoded activation key is useless. You might want to extract it and use somewhere else (e.g. virtualized Windows 10):<br />
# grep -aPo '[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}' /sys/firmware/acpi/tables/MSDM<br />
<br />
{{Note|Microsoft online support confirmed that the code is valid, but because you are unable to activate it (Windows fails to activate and asks for another code), they offered 2 options - replace activation code with another one for 40$ or contact OEM (ASUS) about this issue.<br />
<br />
ASUS confirmed, that in order to "use" this activation key, you need to bring this laptop to repair service so they can "restore" system using ASUS OEM Windows 10 image. They do not provide this image for download.}}</div>Lousonhttps://wiki.archlinux.org/index.php?title=ASUS_Zenbook_UX534&diff=635670ASUS Zenbook UX5342020-09-18T12:09:33Z<p>Louson: Undo revision 635668 by Louson (talk) Mistaked my PC which is UX433</p>
<hr />
<div>{{Expansion|Asus Zenbook UX533FTC also suffers from the same bugs. There are some hardware revisions or something, but UX533FTC should be added here as well. Using {{ic|neofetch}} prints my laptop model as {{ic|UX534}} too.}}<br />
<br />
[[Category:ASUS]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Intel || {{G|Working}}<br />
|-<br />
| Nvidia || {{G|Working}}<br />
|-<br />
| HDMI || {{G|Working}}<br />
|-<br />
| Ethernet (USB cable) || {{G|Working}}<br />
|-<br />
| Wireless || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Integrated microphone || {{Y|Only on UX**4 models}}<br />
|-<br />
| Headphones jack || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Camera || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Function keys || {{G|Working}}<br />
|-<br />
| Face recognition sensor || {{G| working}}<br />
|-<br />
| Battery autonomy || {{G| 6.5-10+ hours}}<br />
|-<br />
| Battery charge threshold || {{G|Working}}<br />
|}<br />
ASUS [https://www.asus.com/Laptops/ASUS-ZenBook-13-UX334FL/ UX334], [https://www.asus.com/Laptops/ASUS-ZenBook-14-UX434FL/ UX434] and [https://www.asus.com/Laptops/ASUS-ZenBook-15-UX534FT/ UX534] models with [https://www.asus.com/ScreenXpert-ScreenPad-Intro/ ScreenPad™ 2.0]. These models most probably share almost the same hardware (the only difference is screen size and discrete NVidia GPU, and missing Display Port Alt-Mode on some models, even 15 inch seems to not include USB-C DP Altmode -), this article covers hardware specific configuration for all ZenBook 13 (UX334), ZenBook 14 (UX434) and ZenBook 15 (UX534). <br />
<br />
However the first author is testing on an UX534FTC Full HD (no 4K), with NVidia GTX1650 Max-Q and a 10th generation 10510U Core I7. <br />
<br />
== Configuration ==<br />
<br />
=== Secure Boot ===<br />
<br />
In order to boot Arch (or any OS not supporting [[Secure Boot]]), enter the UEFI parameters by holding {{ic|F2}} (or {{ic|ESC}} key and then selecting "Firmware Setup"), then navigate with the keyboard arrows to the "Security" tab and set "Secure Boot" to {{ic|Off}}.<br />
<br />
=== Video ===<br />
See [[Intel_graphics#Installation|Intel Graphics]] and [[Hardware_video_acceleration|Hardware Acceleration]]. For models with discrete Nvidia graphics card, also see [[NVIDIA Optimus]].<br />
<br />
The Screenpad works as a secondary display and is completely separate from the touchpad: you just have a (non-touch) second screen under your fingers. Therefore it can be deactivated like any other display using one's [[Desktop environment]] settings for example, thus lowering power consumption while leaving the touchpad functionality intact.<br />
<br />
The Screenpad requires a 'Rotation Portrait Left' and is most useful with a scale factor of 200% (Wayland allows to set a different scale factor of 100% if the main screen in only the Full HD version). If you dual boot, brightness is kept from the last Windows setting.<br />
<br />
=== Audio ===<br />
<br />
As of 2020-06-02, a workaround is needed to play sound on the internal speakers and headphones (USB and bluetooth audio works without it).<br />
<br />
Install {{pkg|alsa-tools}} and run the following commands '''in this specific order''':<br />
<br />
{{bc|# hda-verb /dev/snd/hwC0D0 0x20 0x500 0x1b<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x477 0x4a4b<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x500 0xf<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x477 0x74}}<br />
<br />
One way to make this fix persistent is to use a systemd [[Systemd#Writing_unit_files|service file]] to execute those commands at boot. First run<br />
<br />
$ systemctl | egrep 'sound.*device' | awk '{print $1}'<br />
<br />
to get the name of the device unit file for your sound card, then create the following service file:<br />
<br />
{{Expansion|Add target {{ic|suspend.target}} (and likely {{ic|hibernate.target}} to the list), because these commands need to be executed after resuming laptop from sleep as well in order to have sound. Example [[ASUS_Zenbook_UX430/UX530#Headphones_audio_is_too_low|here]].}}<br />
<br />
{{hc|/etc/systemd/system/audio-fix.service|<nowiki><br />
[Unit]<br />
Description=Fix internal audio on ASUS Zenbook UX533/534<br />
# The following options are needed to prevent the service from executing before the sound card is activated and thus failing<br />
Requires=sys-devices-pci0000:00-0000:00:1f.3-sound-card0.device # replace with the result of the previous command <br />
After=sys-devices-pci0000:00-0000:00:1f.3-sound-card0.device # same<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=hda-verb /dev/snd/hwC0D0 0x20 0x500 0x1b ; hda-verb /dev/snd/hwC0D0 0x20 0x477 0x4a4b ; hda-verb /dev/snd/hwC0D0 0x20 0x500 0xf ; hda-verb /dev/snd/hwC0D0 0x20 0x477 0x74<br />
<br />
[Install]<br />
# Make it part of the sound initialization routine<br />
WantedBy=sound.target<br />
</nowiki>}}<br />
<br />
Finally, [[Systemd#Using_units|start and enable]] {{ic|audio-fix.service}}.<br />
<br />
{{Tip|Follow [https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850439 this bug report] for the latest updates.}}<br />
<br />
=== Touchpad ===<br />
See [[Libinput]]. See Screenpad in "Video"<br />
<br />
=== Facerecognition login ===<br />
<br />
This computer has built-in face recognition sensor. <br />
You can use it with the project Howdy [https://github.com/boltgolt/howdy].<br />
See the [[howdy]] page for further informations.<br />
<br />
=== Battery charge threshold ===<br />
<br />
{{Merge|Laptop|Not specific to this model.}}<br />
<br />
Kernel 5.4 brought the ability to set the battery charge threshold for some Asus laptops by modifying the {{ic|charge_control_end_threshold}} variable exposed under {{ic|/sys/class/power_supply/BAT0/}}[https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee ]. By default, this value is set to {{ic|100}}[https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee#diff-a746f90c9503689310ee8f3bdc77bc4eR429-R437].<br />
<br />
The effect of its change can be demonstrated as follows:<br />
<br />
{{bc|<br />
$ cat /sys/class/power_supply/BAT0/status<br />
Charging<br />
$ cat /sys/class/power_supply/BAT0/capacity<br />
74<br />
# echo 60 > /sys/class/power_supply/BAT0/charge_control_end_threshold<br />
$ cat /sys/class/power_supply/BAT0/status<br />
Not charging<br />
}}<br />
<br />
==== systemd service ==== <br />
<br />
In order to make this change permanent, [[create]] the following [[Systemd#Writing_unit_files|systemd service]]:<br />
<br />
{{hc|/etc/systemd/system/battery-charge-threshold.service|<nowiki><br />
[Unit]<br />
Description=Set the battery charge threshold<br />
After=multi-user.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/bin/bash -c 'echo 60 > /sys/class/power_supply/BAT0/charge_control_end_threshold'<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
and then [[enable]] it.<br />
<br />
If this doesn't work, it probably means the service is executed before the battery sysfs path is made available. In that case, try adding an {{ic|1=ExecStartPre=sleep 5}} instruction to the unit {{ic|[Service]}} section for a quick workaround, or for a cleaner solution look into [https://www.freedesktop.org/software/systemd/man/systemd.path.html# path-based activation]:<br />
<br />
{{Warning|As of [[systemd]] 246, activation of this unit may cause to infinite restart of service above.}}<br />
<br />
{{hc|/etc/systemd/system/battery-charge-threshold.path|<nowiki><br />
[Path]<br />
PathExists=/sys/class/power_supply/BAT0/<br />
Unit=battery-charge-threshold.service<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
[[Create]] this [[Systemd#Writing_unit_files|unit file]] and [[enable]] it. Service above should be disabled, since path unit activating it.<br />
<br />
{{Note|According to [https://www.reddit.com/r/linuxhardware/comments/g8kpee/psa_kernel_54_added_the_ability_to_set_a_battery/ some reports], [[systemd.tmpfiles]] are not working for this use case.}}<br />
<br />
==== udev rule ====<br />
<br />
{{Accuracy|udev method doesn't seem to work according to [https://www.reddit.com/r/linuxhardware/comments/g8kpee/psa_kernel_54_added_the_ability_to_set_a_battery/ some comments].}}<br />
In order to make this change permanent, create a corresponding [[Udev#About_udev_rules|udev rule]] such as:<br />
<br />
{{hc|/etc/udev/rules.d/99-battery-charge-threshold.rules|2=<br />
KERNEL=="BAT0", SUBSYSTEM=="power_supply", ATTR{charge_control_end_threshold}="60"<br />
}}<br />
([https://askubuntu.com/a/1211506 source])<br />
<br />
Make sure you are using the proper parameters by [[Udev#List_the_attributes_of_a_device|listing the attributes of the device]] and then [[Udev#Testing_rules_before_loading|testing your rule before loading]], ''e.g.'':<br />
<br />
{{bc|1=<br />
$ udevadm info --attribute-walk --path=/sys/class/power_supply/BAT0<br />
...<br />
# udevadm test /sys/class/power_supply/BAT0<br />
...<br />
Reading rules file: /etc/udev/rules.d/99-battery-charging-threshold.rules<br />
...<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Suspend ===<br />
<br />
Suspend is working out of the box, with the last version of Archlinux Linux 5.6.3-arch1-1 #1 SMP PREEMPT Wed, 08 Apr 2020 07:47:16 +0000 x86_64 GNU/Linux<br />
<br />
Linux (4.17 at least) default to [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-idle suspend-to-idle] which is not very power effective. This is probably due to this change in [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e870c6c87cf9484090d28f2a68aa29e008960c93 4.14-rc1]. For better power effective you can use [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-ram suspend-to-ram] by adding {{ic|1=mem_sleep_default=deep}} to the kernel cmdline.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Power saving and performance ===<br />
As advertised by ASUS, these laptops are capable to last up to 9 hours on battery. In order to achieve this, see:<br />
<br />
* BIOS update - It is generally recommended to update BIOS, as it usually brings performance, power-saving and security features.<br />
<br />
* [[Power Saving]] - List of general recommendations to increase battery life.<br />
<br />
* [[Improving performance]] - List of general recommendations to increase performance.<br />
<br />
* [[SSD]] - Tips and tricks for Solid State Drives. These three laptops ship M.2 SSD by default.<br />
<br />
* [[Undervolting CPU]] - Decrease voltage for Intel CPU (reduce battery drain, reduce heat and therefore - reduce fan speed)<br />
<br />
* [[Bumblebee]] - If using bumbleblee and optimus, install 'bbswitch' to allow a good shutdown of NVidia Card ('nvidia-smi' return error if NVidia is power off, or information if it's in use)<br />
<br />
UX534FT FHD perfom perfectly with Gnome 3, Bumblebee (bbswitch activated), Konkor (Gnome-extension) with Governor 'Power Save' does :<br />
<br />
* 10h+ (more than 10 hours probably arround 12h or more) watching a video from network using VLC with bluetooth audio, low brightness (not lowest)<br />
<br />
* 7.5h+ with brightness arround 60% watching a Youtube Video and using Firefox<br />
<br />
* ? h (TODO) in heavy duty task (for example 'optirun' task using discrete Nvidia GPU</div>Lousonhttps://wiki.archlinux.org/index.php?title=ASUS_Zenbook_UX430/UX530&diff=635669ASUS Zenbook UX430/UX5302020-09-18T12:05:31Z<p>Louson: Undo revision 634916 by Louson (talk) Mistaked my computer which is UX433</p>
<hr />
<div>[[Category:ASUS]]<br />
[[ja:ASUS Zenbook UX430/UX530]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Intel || {{G|Working}}<br />
|-<br />
| Nvidia || {{G|Working}}<br />
|-<br />
| HDMI (USB cable) || {{G|Working}}<br />
|-<br />
| Ethernet (USB cable) || {{G|Working}}<br />
|-<br />
| Wireless || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Camera || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Function keys || {{G|Working}}<br />
|-<br />
| Fingerprint Sensor || {{Y|Partially working}}<br />
|-<br />
| Ambient Light Sensor || {{Y|Partially working}}<br />
|-<br />
| Battery charge threshold || {{G|Working}}<br />
|}<br />
ASUS [https://www.asus.com/News/q0npwWGXCqpxoVf8 announced] UX430 and UX530 models. Since these models share almost the same hardware (the only difference is screen size and discrete NVidia GPU), this article covers hardware specific configuration for all UX430UA, UX430UQ, UX530UQ and UX530UX models.<br />
<br />
== Configuration ==<br />
<br />
=== Secure Boot (option) ===<br />
In order to boot any Linux operating system, navigate to BIOS, then hit {{ic|F7}} or click on ''Advanced Menu'', then the ''Security'' tab and set ''Secure Boot'' to {{ic|Off}}.<br />
<br />
If the aforementioned ''Secure Boot'' option is a menu rather than an on-or-off option, click on ''Secure Boot'', ''Key Management'', then ''Reset to Setup Mode'' and confirm in the dialog.<br />
<br />
=== Video ===<br />
See [[Intel_graphics#Installation|Intel Graphics]] and [[Hardware_video_acceleration|Hardware Acceleration]]. For models with discrete Nvidia graphics card, also see [[NVIDIA Optimus]].<br />
<br />
=== Audio ===<br />
See [[PulseAudio]].<br />
<br />
=== Touchpad ===<br />
See [[Libinput]].<br />
<br />
=== Fingerprint sensor ===<br />
<br />
{{Note|This is likely not going to work at all. See [[Talk:ASUS Zenbook UX430/UX530#Fingerprint Reader]].}}<br />
<br />
The fingerprint sensor is supported since [[Fprint]] v0.99.0, even through it is supported it does not work reliably. This is due to the fingerprint small sensor[https://github.com/iafilatov/libfprint/tree/e459992e76ab322d9f92e1885215f2da7c1d0a59#common-problems].<br />
<br />
=== Ambient Light Sensor ===<br />
<br />
The Ambient Light Sensor should work on UX430UQ[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=db2582afa7444a0ce6bb1ebf1431715969a10b06] and a patch for UX430UNR is available[https://www.spinics.net/lists/platform-driver-x86/msg19357.html].<br />
<br />
=== Battery charge threshold ===<br />
{{Out of date|Kernel 5.4 added the ability to [https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee#diff-a746f90c9503689310ee8f3bdc77bc4eR429-R437 set the battery charge threshold through the sysfs interface]. See [[ASUS_Zenbook_UX534#Battery_charge_threshold]].}}<br />
{{Note|The following has been tested on a Zenbook UX430UNR with BIOS version 308.}}<br />
Most newer Zenbooks supports specifying a charge stop threshold (see [https://www.asus.com/us/support/FAQ/1032726/ ASUS Battery Health Charging] for more information).<br />
<br />
The battery charge stop threshold can be set by modifying the EC registers, which can be done with {{Pkg|acpi_call}}. Finding the correct EC register to modify, is the tricky part.<br />
<br />
You can check the current threshold and battery percent, with the following commands:<br />
{{bc|$ read () { echo "${1}" > /proc/acpi/call; printf "%d\n" $(sed 's/\x0.*//g' /proc/acpi/call); }<br />
$ read "\_SB.PCI0.LPCB.EC0.RRAM 0x3af"<br />
100 # Percent at which the battery will stop charging (default is 100)<br />
$ read "\_SB.PCI0.LPCB.EC0.RRAM 0x3b0"<br />
80 # current battery percent, should match: cat /sys/class/power_supply/BAT0/capacity}}<br />
<br />
{{Warning|Do not proceed if the commands do not return the expected values!}} <br />
<br />
The threshold can be changed with the following command (the threshold is reset when the computer is power cycled):<br />
{{bc|$ echo "\_SB.PCI0.LPCB.EC0.WRAM 0x3af <battery percent in hex, ex: 0x50 for 80%>" > /proc/acpi/call}}<br />
The hex value can be found with {{ic|printf "0x%x\n" 80}}.<br />
<br />
To change the threshold at boot it is possible to use [[systemd-tmpfiles]]. <br />
{{hc|/etc/tmpfiles.d/battery.conf|<br />
w /proc/acpi/call - - - - \\_SB.PCI0.LPCB.EC0.WRAM 0x3af 0x50 # 80%}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Headphones audio is too low ===<br />
<br />
Linux kernel version 4.14 and earlier has a bug, where you may notice that the audio through the headphones is too low ([https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1648183 upstream bug]). In kernel version 4.15 you have to pull out and plug in back your headset after resume in order to fix the low audio.<br />
<br />
In order to fix it, install {{pkg|alsa-tools}} and create the file:<br />
{{hc|/usr/local/bin/fix_headphones_audio.sh|<nowiki><br />
#!/bin/bash<br />
while true; do<br />
DEVICE=`ls /dev/snd/hwC[[:print:]]*D0 | head -n 1`<br />
if [ ! -z "$DEVICE" ]; then<br />
hda-verb "$DEVICE" 0x20 SET_COEF_INDEX 0x67<br />
hda-verb "$DEVICE" 0x20 SET_PROC_COEF 0x3000<br />
break<br />
fi<br />
sleep 1<br />
done<br />
</nowiki>}}<br />
<br />
Then create a [[systemd]] script with the following content:<br />
{{hc|/etc/systemd/system/fix_headphones_audio.service|<nowiki><br />
[Unit]<br />
Description=Fix headphones audio after boot & resume.<br />
After=multi-user.target suspend.target hibernate.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/bin/sh '/usr/local/bin/fix_headphones_audio.sh'<br />
<br />
[Install]<br />
WantedBy=multi-user.target suspend.target hibernate.target<br />
</nowiki>}}<br />
<br />
And finally, [[Systemd#Using_units|start and enable]] {{ic|fix_headphones_audio.service}}.<br />
<br />
=== Microcode ===<br />
During boot you might get the message {{ic|<nowiki>[Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x52 (or later)</nowiki>}}. See [[Microcode]] to resolve it.<br />
<br />
=== Nvidia issues with Bumblebee ===<br />
It is likely that it's one of these issues:<br />
<br />
* You used a power management application (especially [[Powertop]]). See [[bumblebee#Broken power management with kernel 4.8]] for more information.<br />
* You suspended your laptop and resumed, and are now unable to start your GPU, see [[Bumblebee#Failed to initialize the NVIDIA GPU at PCI:1:0:0 (Bumblebee daemon reported: error: %5BXORG%5D (EE) NVIDIA(GPU-0))]].<br />
<br />
=== Headset Microphone ===<br />
You may encounter an issue where your headset microphone is not being detected. To fix this, create this file and restart your system:<br />
{{hc|/etc/modprobe.d/fix_headset_microphone.conf|<nowiki><br />
# Fix an issue where your headset microphone is not being detected:<br />
options snd-hda-intel model=dell-headset-multi<br />
</nowiki>}}<br />
<br />
=== No sound (after Windows) ===<br />
<br />
{{Accuracy|Someone please check and confirm if [[ASUS_N550JV#Dual_boot|this is working alternative solution]].}}<br />
<br />
There seems to be a bug in the firmware that prevents the embedded sound card from working in Arch after Windows has been restarted. A complete shutdown of the laptop is required to get the sound card working again.<br />
<br />
=== Suspend ===<br />
<br />
Linux (4.17 at least) default to [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-idle suspend-to-idle] which is not very power effective. This is probably due to this change in [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e870c6c87cf9484090d28f2a68aa29e008960c93 4.14-rc1]. For better power effective you can use [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-ram suspend-to-ram] by adding {{ic|1=mem_sleep_default=deep}} to the kernel cmdline.<br />
<br />
If you encounter kernel panic when you suspend, issue can be fix using LTS kernel, plus following kernel option {{ic|1=i915.enable_dc=0}}. No additional options need.<br />
<br />
=== Fan always active ===<br />
<br />
See [[Fan speed control#NBFC]].<br />
<br />
== Tips and tricks ==<br />
<br />
=== Power saving and performance ===<br />
As advertised by ASUS, both laptops are capable to last up to 9 hours on battery. In order to achieve this, see:<br />
<br />
* BIOS update - It is generally recommended to update BIOS, as it usually brings performance, power-saving and security features.<br />
<br />
* [[Power Saving]] - List of general recommendations to increase battery life.<br />
<br />
* [[Improving performance]] - List of general recommendations to increase performance.<br />
<br />
* [[SSD]] - Tips and tricks for Solid State Drives. Both laptops ship M.2 SSD by default.<br />
<br />
* [[Undervolting CPU]] - Decrease voltage for Intel CPU (reduce battery drain, reduce heat and therefore - reduce fan speed)<br />
<br />
=== Extract Windows 10 license key ===<br />
<br />
The laptop comes with Windows 10 preinstalled and the activation key is hardcoded into the firmware. If you replace Windows with Linux, then hardcoded activation key is useless. You might want to extract it and use somewhere else (e.g. virtualized Windows 10):<br />
# grep -aPo '[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}' /sys/firmware/acpi/tables/MSDM<br />
<br />
{{Note|Microsoft online support confirmed that the code is valid, but because you are unable to activate it (Windows fails to activate and asks for another code), they offered 2 options - replace activation code with another one for 40$ or contact OEM (ASUS) about this issue.<br />
ASUS confirmed, that in order to "use" this activation key, you need to bring this laptop to repair service so they can "restore" system using ASUS OEM Windows 10 image. They do not provide this image for download.}}</div>Lousonhttps://wiki.archlinux.org/index.php?title=ASUS_Zenbook_UX534&diff=635668ASUS Zenbook UX5342020-09-18T12:04:48Z<p>Louson: /* Configuration */ AHCI mode</p>
<hr />
<div>{{Expansion|Asus Zenbook UX533FTC also suffers from the same bugs. There are some hardware revisions or something, but UX533FTC should be added here as well. Using {{ic|neofetch}} prints my laptop model as {{ic|UX534}} too.}}<br />
<br />
[[Category:ASUS]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Intel || {{G|Working}}<br />
|-<br />
| Nvidia || {{G|Working}}<br />
|-<br />
| HDMI || {{G|Working}}<br />
|-<br />
| Ethernet (USB cable) || {{G|Working}}<br />
|-<br />
| Wireless || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Integrated microphone || {{Y|Only on UX**4 models}}<br />
|-<br />
| Headphones jack || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Camera || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Function keys || {{G|Working}}<br />
|-<br />
| Face recognition sensor || {{G| working}}<br />
|-<br />
| Battery autonomy || {{G| 6.5-10+ hours}}<br />
|-<br />
| Battery charge threshold || {{G|Working}}<br />
|}<br />
ASUS [https://www.asus.com/Laptops/ASUS-ZenBook-13-UX334FL/ UX334], [https://www.asus.com/Laptops/ASUS-ZenBook-14-UX434FL/ UX434] and [https://www.asus.com/Laptops/ASUS-ZenBook-15-UX534FT/ UX534] models with [https://www.asus.com/ScreenXpert-ScreenPad-Intro/ ScreenPad™ 2.0]. These models most probably share almost the same hardware (the only difference is screen size and discrete NVidia GPU, and missing Display Port Alt-Mode on some models, even 15 inch seems to not include USB-C DP Altmode -), this article covers hardware specific configuration for all ZenBook 13 (UX334), ZenBook 14 (UX434) and ZenBook 15 (UX534). <br />
<br />
However the first author is testing on an UX534FTC Full HD (no 4K), with NVidia GTX1650 Max-Q and a 10th generation 10510U Core I7. <br />
<br />
== Configuration ==<br />
<br />
=== Secure Boot ===<br />
<br />
In order to boot Arch (or any OS not supporting [[Secure Boot]]), enter the UEFI parameters by holding {{ic|F2}} (or {{ic|ESC}} key and then selecting "Firmware Setup"), then navigate with the keyboard arrows to the "Security" tab and set "Secure Boot" to {{ic|Off}}.<br />
<br />
=== Sata configuration ===<br />
If your device is not seen with {{ic|fdisk -l}}, you may need to put your sata in AHCI mode.<br />
<br />
Navigate to BIOS, then hit {{ic|F7}} or click on ''Advanced Menu'', then the ''Sata configuration'' tab and set it to {{ic|AHCI}}.<br />
<br />
=== Video ===<br />
See [[Intel_graphics#Installation|Intel Graphics]] and [[Hardware_video_acceleration|Hardware Acceleration]]. For models with discrete Nvidia graphics card, also see [[NVIDIA Optimus]].<br />
<br />
The Screenpad works as a secondary display and is completely separate from the touchpad: you just have a (non-touch) second screen under your fingers. Therefore it can be deactivated like any other display using one's [[Desktop environment]] settings for example, thus lowering power consumption while leaving the touchpad functionality intact.<br />
<br />
The Screenpad requires a 'Rotation Portrait Left' and is most useful with a scale factor of 200% (Wayland allows to set a different scale factor of 100% if the main screen in only the Full HD version). If you dual boot, brightness is kept from the last Windows setting.<br />
<br />
=== Audio ===<br />
<br />
As of 2020-06-02, a workaround is needed to play sound on the internal speakers and headphones (USB and bluetooth audio works without it).<br />
<br />
Install {{pkg|alsa-tools}} and run the following commands '''in this specific order''':<br />
<br />
{{bc|# hda-verb /dev/snd/hwC0D0 0x20 0x500 0x1b<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x477 0x4a4b<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x500 0xf<br />
# hda-verb /dev/snd/hwC0D0 0x20 0x477 0x74}}<br />
<br />
One way to make this fix persistent is to use a systemd [[Systemd#Writing_unit_files|service file]] to execute those commands at boot. First run<br />
<br />
$ systemctl | egrep 'sound.*device' | awk '{print $1}'<br />
<br />
to get the name of the device unit file for your sound card, then create the following service file:<br />
<br />
{{Expansion|Add target {{ic|suspend.target}} (and likely {{ic|hibernate.target}} to the list), because these commands need to be executed after resuming laptop from sleep as well in order to have sound. Example [[ASUS_Zenbook_UX430/UX530#Headphones_audio_is_too_low|here]].}}<br />
<br />
{{hc|/etc/systemd/system/audio-fix.service|<nowiki><br />
[Unit]<br />
Description=Fix internal audio on ASUS Zenbook UX533/534<br />
# The following options are needed to prevent the service from executing before the sound card is activated and thus failing<br />
Requires=sys-devices-pci0000:00-0000:00:1f.3-sound-card0.device # replace with the result of the previous command <br />
After=sys-devices-pci0000:00-0000:00:1f.3-sound-card0.device # same<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=hda-verb /dev/snd/hwC0D0 0x20 0x500 0x1b ; hda-verb /dev/snd/hwC0D0 0x20 0x477 0x4a4b ; hda-verb /dev/snd/hwC0D0 0x20 0x500 0xf ; hda-verb /dev/snd/hwC0D0 0x20 0x477 0x74<br />
<br />
[Install]<br />
# Make it part of the sound initialization routine<br />
WantedBy=sound.target<br />
</nowiki>}}<br />
<br />
Finally, [[Systemd#Using_units|start and enable]] {{ic|audio-fix.service}}.<br />
<br />
{{Tip|Follow [https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850439 this bug report] for the latest updates.}}<br />
<br />
=== Touchpad ===<br />
See [[Libinput]]. See Screenpad in "Video"<br />
<br />
=== Facerecognition login ===<br />
<br />
This computer has built-in face recognition sensor. <br />
You can use it with the project Howdy [https://github.com/boltgolt/howdy].<br />
See the [[howdy]] page for further informations.<br />
<br />
=== Battery charge threshold ===<br />
<br />
{{Merge|Laptop|Not specific to this model.}}<br />
<br />
Kernel 5.4 brought the ability to set the battery charge threshold for some Asus laptops by modifying the {{ic|charge_control_end_threshold}} variable exposed under {{ic|/sys/class/power_supply/BAT0/}}[https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee ]. By default, this value is set to {{ic|100}}[https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee#diff-a746f90c9503689310ee8f3bdc77bc4eR429-R437].<br />
<br />
The effect of its change can be demonstrated as follows:<br />
<br />
{{bc|<br />
$ cat /sys/class/power_supply/BAT0/status<br />
Charging<br />
$ cat /sys/class/power_supply/BAT0/capacity<br />
74<br />
# echo 60 > /sys/class/power_supply/BAT0/charge_control_end_threshold<br />
$ cat /sys/class/power_supply/BAT0/status<br />
Not charging<br />
}}<br />
<br />
==== systemd service ==== <br />
<br />
In order to make this change permanent, [[create]] the following [[Systemd#Writing_unit_files|systemd service]]:<br />
<br />
{{hc|/etc/systemd/system/battery-charge-threshold.service|<nowiki><br />
[Unit]<br />
Description=Set the battery charge threshold<br />
After=multi-user.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/bin/bash -c 'echo 60 > /sys/class/power_supply/BAT0/charge_control_end_threshold'<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
and then [[enable]] it.<br />
<br />
If this doesn't work, it probably means the service is executed before the battery sysfs path is made available. In that case, try adding an {{ic|1=ExecStartPre=sleep 5}} instruction to the unit {{ic|[Service]}} section for a quick workaround, or for a cleaner solution look into [https://www.freedesktop.org/software/systemd/man/systemd.path.html# path-based activation]:<br />
<br />
{{Warning|As of [[systemd]] 246, activation of this unit may cause to infinite restart of service above.}}<br />
<br />
{{hc|/etc/systemd/system/battery-charge-threshold.path|<nowiki><br />
[Path]<br />
PathExists=/sys/class/power_supply/BAT0/<br />
Unit=battery-charge-threshold.service<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
[[Create]] this [[Systemd#Writing_unit_files|unit file]] and [[enable]] it. Service above should be disabled, since path unit activating it.<br />
<br />
{{Note|According to [https://www.reddit.com/r/linuxhardware/comments/g8kpee/psa_kernel_54_added_the_ability_to_set_a_battery/ some reports], [[systemd.tmpfiles]] are not working for this use case.}}<br />
<br />
==== udev rule ====<br />
<br />
{{Accuracy|udev method doesn't seem to work according to [https://www.reddit.com/r/linuxhardware/comments/g8kpee/psa_kernel_54_added_the_ability_to_set_a_battery/ some comments].}}<br />
In order to make this change permanent, create a corresponding [[Udev#About_udev_rules|udev rule]] such as:<br />
<br />
{{hc|/etc/udev/rules.d/99-battery-charge-threshold.rules|2=<br />
KERNEL=="BAT0", SUBSYSTEM=="power_supply", ATTR{charge_control_end_threshold}="60"<br />
}}<br />
([https://askubuntu.com/a/1211506 source])<br />
<br />
Make sure you are using the proper parameters by [[Udev#List_the_attributes_of_a_device|listing the attributes of the device]] and then [[Udev#Testing_rules_before_loading|testing your rule before loading]], ''e.g.'':<br />
<br />
{{bc|1=<br />
$ udevadm info --attribute-walk --path=/sys/class/power_supply/BAT0<br />
...<br />
# udevadm test /sys/class/power_supply/BAT0<br />
...<br />
Reading rules file: /etc/udev/rules.d/99-battery-charging-threshold.rules<br />
...<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Suspend ===<br />
<br />
Suspend is working out of the box, with the last version of Archlinux Linux 5.6.3-arch1-1 #1 SMP PREEMPT Wed, 08 Apr 2020 07:47:16 +0000 x86_64 GNU/Linux<br />
<br />
Linux (4.17 at least) default to [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-idle suspend-to-idle] which is not very power effective. This is probably due to this change in [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e870c6c87cf9484090d28f2a68aa29e008960c93 4.14-rc1]. For better power effective you can use [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-ram suspend-to-ram] by adding {{ic|1=mem_sleep_default=deep}} to the kernel cmdline.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Power saving and performance ===<br />
As advertised by ASUS, these laptops are capable to last up to 9 hours on battery. In order to achieve this, see:<br />
<br />
* BIOS update - It is generally recommended to update BIOS, as it usually brings performance, power-saving and security features.<br />
<br />
* [[Power Saving]] - List of general recommendations to increase battery life.<br />
<br />
* [[Improving performance]] - List of general recommendations to increase performance.<br />
<br />
* [[SSD]] - Tips and tricks for Solid State Drives. These three laptops ship M.2 SSD by default.<br />
<br />
* [[Undervolting CPU]] - Decrease voltage for Intel CPU (reduce battery drain, reduce heat and therefore - reduce fan speed)<br />
<br />
* [[Bumblebee]] - If using bumbleblee and optimus, install 'bbswitch' to allow a good shutdown of NVidia Card ('nvidia-smi' return error if NVidia is power off, or information if it's in use)<br />
<br />
UX534FT FHD perfom perfectly with Gnome 3, Bumblebee (bbswitch activated), Konkor (Gnome-extension) with Governor 'Power Save' does :<br />
<br />
* 10h+ (more than 10 hours probably arround 12h or more) watching a video from network using VLC with bluetooth audio, low brightness (not lowest)<br />
<br />
* 7.5h+ with brightness arround 60% watching a Youtube Video and using Firefox<br />
<br />
* ? h (TODO) in heavy duty task (for example 'optirun' task using discrete Nvidia GPU</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=635468Talk:Systemd-nspawn2020-09-15T12:18:32Z<p>Louson: /* systemd-nspawn as a build environment */ On a frozen archlinux</p>
<hr />
<div>== <s>user namespaces</s> ==<br />
<br />
systemd-nspawn ''never'' uses user namespaces, as you can see [http://cgit.freedesktop.org/systemd/systemd/tree/src/nspawn/nspawn.c?id=05947befcec9afb83b9ce48d613ff372c63e2ed1#n1394 from the source]. User namespaces do not appear to work with a chroot at all right now, because you can't enter one while in a chroot and you can't use chroot while in a user namespace. - [[User:Thestinger|thestinger]] ([[User talk:Thestinger|talk]]) 19:35, 23 April 2014 (UTC)<br />
<br />
:The report is still open, I'm restoring the link here just in case: {{Bug|36969}}. The removed content is [https://wiki.archlinux.org/index.php?title=Arch_systemd_container&curid=15990&diff=311593&oldid=309230]. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 01:45, 25 April 2014 (UTC)<br />
<br />
:In conclusion from above mentioning user namespaces was not relevant on this page (pity really). So the only way to restrict the nspawn-container appears to be limiting its capabilities on start-up (as per man systemd-nspawn). Regarding {{Bug|36969}}: it was originally opened for lxc-containers anyway and those appear to support user namespaces now. Hence, the only question remaining for this article at this point would be, if there are any remaining issues arising for systemd in general when activating CONFIG_USER_NS for lxc (opinion on that?). <br />
:I have added the bug and a couple links with background info to [[Talk:Linux_Containers#Clean.2C_practical_and_detailed_howtos_.26_links|talk:linux containers]] so the reference does not get lost. <br />
:--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 08:56, 3 May 2014 (UTC)<br />
<br />
::Outdated, there is [[Systemd-nspawn#Creating private users (unprivileged containers)]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:35, 23 August 2020 (UTC)<br />
<br />
== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
:::There is [[systemd-nspawn#Build and test packages]] with a link. Of course there are not such nice wrappers as {{pkg|devtools}} provides. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:55, 15 September 2020 (UTC)<br />
<br />
::::You can also freeze a systemd-nspawn archlinux container that you can reuse later in order to keep the same environment. I used to combine systemd-nspawn with the archlinux archive but it's broken (changing the password returns an error: Authentication token manipulation error). It can be useful to build a kernel or a system with yocto or buildroot which are dependant of the gcc version. [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:18, 15 September 2020 (UTC)<br />
<br />
== <s>systemd-nspawn usage examples</s> ==<br />
This page needs lots of awesome usage examples because its such an awesome tool. Please give suggestions. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:08, 20 January 2015 (UTC)<br />
<br />
:There are enough examples, this section is not helpful. Closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:31, 23 August 2020 (UTC)<br />
<br />
== <s>Missing configuration overview</s> ==<br />
<br />
First, thanks to everyone who contributed to this page. It's one of the best I could have found on the net about the topic.<br />
<br />
I had trouble to understand how can I configure my containers. Was started to copy the {{ic|/usr/lib/systemd/system/systemd-nspawn@.service}} file to {{ic|/etc/systemd/system}} and made changes for network changes. This was not as good as to add the {{ic|/etc/systemd/nspawn/mycontainer.nspawn}} file and edit the relevant {{ic|[Network]}} or {{ic|[Files]}} parts there... So, I would recommend to hint with a small section at the top, to use the {{ic|.nspawn}} file rather than the command line parameters. And emphase those exceptions when only the command line can help.<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
:For the first point there is already a [[systemd-nspawn#Specify_per-container_settings]] section. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 14:43, 26 September 2017 (UTC)<br />
<br />
::I created a [[systemd-nspawn#Configuration]] section which improved the structure a lot. Closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:29, 23 August 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
== <s>Unable to login to new container as root without a password</s> ==<br />
<br />
In the section: https://wiki.archlinux.org/index.php/Systemd-nspawn#Create_and_boot_a_minimal_Arch_Linux_distribution_in_a_container it says, '''"After the container starts, log in as "root" with no password"'''. This did not work for me. The solution was to remove the * from the root entry in /etc/shadow, inside the container's file system as explained at https://bbs.archlinux.org/viewtopic.php?id=255776. Perhaps this could be added to the wiki page?<br />
<br />
{{unsigned|23:42, 13 July 2020|Daishun}}<br />
<br />
:I [https://wiki.archlinux.org/index.php?title=Systemd-nspawn&diff=625214&oldid=622751 updated] the section - you need to set the password before running systemd-nspawn. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:47, 14 July 2020 (UTC)<br />
<br />
::Closed. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:38, 23 August 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GNU_Compiler_Collection&diff=635466Talk:GNU Compiler Collection2020-09-15T11:52:18Z<p>Louson: /* Set an old gcc as default */ closing</p>
<hr />
<div>== <s>Set an old gcc as default</s> ==<br />
<br />
Building with a recent gcc can be a serious pain. Packages gccX and gccX-libs are available in community.<br />
<br />
Is it sufficient to redirect gcc, g++ and cpp to gcc-X, g++-X and cpp-X with symlinks ?<br />
<br />
-- [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:44, 14 September 2020 (UTC)<br />
<br />
:Symlinks are not a good solution. You need to configure your build system to use g++-X instead of g++. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:36, 15 September 2020 (UTC)<br />
::Ok, I have to find out how to do that (I'm building with yocto), closing [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:52, 15 September 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:Systemd-nspawn&diff=635465Talk:Systemd-nspawn2020-09-15T11:48:13Z<p>Louson: /* systemd-nspawn as a build environment */ reopen</p>
<hr />
<div>== <s>user namespaces</s> ==<br />
<br />
systemd-nspawn ''never'' uses user namespaces, as you can see [http://cgit.freedesktop.org/systemd/systemd/tree/src/nspawn/nspawn.c?id=05947befcec9afb83b9ce48d613ff372c63e2ed1#n1394 from the source]. User namespaces do not appear to work with a chroot at all right now, because you can't enter one while in a chroot and you can't use chroot while in a user namespace. - [[User:Thestinger|thestinger]] ([[User talk:Thestinger|talk]]) 19:35, 23 April 2014 (UTC)<br />
<br />
:The report is still open, I'm restoring the link here just in case: {{Bug|36969}}. The removed content is [https://wiki.archlinux.org/index.php?title=Arch_systemd_container&curid=15990&diff=311593&oldid=309230]. -- [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 01:45, 25 April 2014 (UTC)<br />
<br />
:In conclusion from above mentioning user namespaces was not relevant on this page (pity really). So the only way to restrict the nspawn-container appears to be limiting its capabilities on start-up (as per man systemd-nspawn). Regarding {{Bug|36969}}: it was originally opened for lxc-containers anyway and those appear to support user namespaces now. Hence, the only question remaining for this article at this point would be, if there are any remaining issues arising for systemd in general when activating CONFIG_USER_NS for lxc (opinion on that?). <br />
:I have added the bug and a couple links with background info to [[Talk:Linux_Containers#Clean.2C_practical_and_detailed_howtos_.26_links|talk:linux containers]] so the reference does not get lost. <br />
:--[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 08:56, 3 May 2014 (UTC)<br />
<br />
::Outdated, there is [[Systemd-nspawn#Creating private users (unprivileged containers)]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:35, 23 August 2020 (UTC)<br />
<br />
== systemd-nspawn as a build environment ==<br />
I've been struggling trying to set this up and i assume others will as well. Would be nice to have an example of a build workflow using this tool on this<br />
or on a seperate page. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 18:32, 19 January 2015 (UTC)<br />
:The {{pkg|devtools}} package implements this for Arch packaging, and is used for building everything in the repositories. It's as simple as replacing {{ic|makepkg}} with {{ic|extra-i686-build}} + {{ic|extra-x86_64-build}}. -- [[User:thestinger|thestinger]] 18:41, 19 January 2015 (UTC)<br />
:: Cool, i'll give that a try. Thanks :) [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:05, 20 January 2015 (UTC)<br />
<br />
:The workflow is described in [[DeveloperWiki:Building in a clean chroot]], closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:34, 23 August 2020 (UTC)<br />
:: That's for building on arch. What about creating an environment that will be used by other platforms ? (reopen) [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 11:48, 15 September 2020 (UTC)<br />
<br />
== <s>systemd-nspawn usage examples</s> ==<br />
This page needs lots of awesome usage examples because its such an awesome tool. Please give suggestions. [[User:Captaincurrie|Captaincurrie]] ([[User talk:Captaincurrie|talk]]) 10:08, 20 January 2015 (UTC)<br />
<br />
:There are enough examples, this section is not helpful. Closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:31, 23 August 2020 (UTC)<br />
<br />
== <s>Missing configuration overview</s> ==<br />
<br />
First, thanks to everyone who contributed to this page. It's one of the best I could have found on the net about the topic.<br />
<br />
I had trouble to understand how can I configure my containers. Was started to copy the {{ic|/usr/lib/systemd/system/systemd-nspawn@.service}} file to {{ic|/etc/systemd/system}} and made changes for network changes. This was not as good as to add the {{ic|/etc/systemd/nspawn/mycontainer.nspawn}} file and edit the relevant {{ic|[Network]}} or {{ic|[Files]}} parts there... So, I would recommend to hint with a small section at the top, to use the {{ic|.nspawn}} file rather than the command line parameters. And emphase those exceptions when only the command line can help.<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
:For the first point there is already a [[systemd-nspawn#Specify_per-container_settings]] section. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 14:43, 26 September 2017 (UTC)<br />
<br />
::I created a [[systemd-nspawn#Configuration]] section which improved the structure a lot. Closing. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:29, 23 August 2020 (UTC)<br />
<br />
== Missing configuration of allowed devices ==<br />
<br />
The other thing I have not find here is, how can I use devices from the container... Was set up an '''mpd''' server which needs network connection and an audio sink. My case the audio sink was ALSA devices (and not pulse socket). Had problem to undersand that I need to bind the device files to the container. (In the {{ic|.nspawn}} file.) And also need {{ic|1=DeviceAllow=char-alsa rwm}} line in the {{ic|.service}} file. (Or to be precise in the {{ic|override.conf}} of the service file.)<br />
<br />
--[[User:Rizsotto|Rizsotto]] ([[User talk:Rizsotto|talk]]) 13:40, 26 September 2017 (UTC)<br />
<br />
== Wayland desktop environment inside nspawn ==<br />
<br />
It would be great if someone with expertise wrote a section regarding starting graphical environments inside nspawn containers. It looks like there is some info on [https://github.com/kenokabe/wayland-desktop-container Github]. This example shows how to run desktop environments in nspawn containers win kwin_wayland compositor. It should be possible to achieve this with mutter too, as it even supports nested mode with something like '''mutter --wayland --nested'''. Also we should be able to open new dbus session with something like eval $(dbus-launch --sh-syntax).<br />
Also it would be great if someone explained which packages could be omitted inside the container (like we don't need xorg org wayland installed if I get it right) on some popular distros.<br />
<br />
{{unsigned|20:07, 23 June 2018|Unb0rn}}<br />
<br />
== linux-firmware causing issues with systemd-tmpfiles-setup.service - still relevant? ==<br />
<br />
The systemd bug report connected with the issue was closed 27 Apr 2018: https://github.com/systemd/systemd/issues/791 Do issues remain or is the fix good enough to remove the note?<br />
<br />
{{unsigned|09:12, 25 October 2018|Buovjaga}}<br />
<br />
<br />
== /tmp/.X11-unix contents have to be bind-mounted as read-only - still relevant? ==<br />
<br />
For me (systemd version 239) X applications also work if /tmp/.X11-unix is bound rw. Can anybody confirm that?<br />
<br />
-- [[User:Chleh|Chleh]] ([[User talk:Chleh|talk]]) 22:51, 2 January 2019 (UTC)<br />
<br />
:I confirm it works with normal binding. Also the linked bug report is closed and apparently solved since 2017. -- [[User:Bonob|Bonob]] ([[User talk:Bonob|talk]]) 17:36, 27 November 2019 (UTC)<br />
<br />
== <s>Unable to login to new container as root without a password</s> ==<br />
<br />
In the section: https://wiki.archlinux.org/index.php/Systemd-nspawn#Create_and_boot_a_minimal_Arch_Linux_distribution_in_a_container it says, '''"After the container starts, log in as "root" with no password"'''. This did not work for me. The solution was to remove the * from the root entry in /etc/shadow, inside the container's file system as explained at https://bbs.archlinux.org/viewtopic.php?id=255776. Perhaps this could be added to the wiki page?<br />
<br />
{{unsigned|23:42, 13 July 2020|Daishun}}<br />
<br />
:I [https://wiki.archlinux.org/index.php?title=Systemd-nspawn&diff=625214&oldid=622751 updated] the section - you need to set the password before running systemd-nspawn. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 13:47, 14 July 2020 (UTC)<br />
<br />
::Closed. -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 11:38, 23 August 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GNU_Compiler_Collection&diff=635377Talk:GNU Compiler Collection2020-09-14T12:46:27Z<p>Louson: Add -- to my signature</p>
<hr />
<div>== Set an old gcc as default ==<br />
<br />
Building with a recent gcc can be a serious pain. Packages gccX and gccX-libs are available in community.<br />
<br />
Is it sufficient to redirect gcc, g++ and cpp to gcc-X, g++-X and cpp-X with symlinks ?<br />
<br />
-- [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:44, 14 September 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=Talk:GNU_Compiler_Collection&diff=635376Talk:GNU Compiler Collection2020-09-14T12:44:29Z<p>Louson: Old gcc as default</p>
<hr />
<div>== Set an old gcc as default ==<br />
<br />
Building with a recent gcc can be a serious pain. Packages gccX and gccX-libs are available in community. Is it sufficient to redirect gcc, g++ and cpp to gcc-X, g++-X and cpp-X with symlinks ? [[User:Louson|Louson]] ([[User talk:Louson|talk]]) 12:44, 14 September 2020 (UTC)</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=634921User:Louson2020-09-11T13:34:47Z<p>Louson: /* Install */ move performances</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=634920User:Louson2020-09-11T13:33:58Z<p>Louson: /* Hibernation */</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
===== Low battery =====<br />
[[Laptop#Hibernate_on_low_battery_level]], in case you have UDEV battery events.<br />
{{hc|/etc/udev/rules.d/99-lowbat.rules|<nowiki><br />
# Suspend the system when battery level drops to 5% or lower<br />
SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"<br />
</nowiki>}}<br />
<br />
===== After a delay =====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=User:Louson&diff=634918User:Louson2020-09-11T13:15:21Z<p>Louson: /* Install */ trim</p>
<hr />
<div>= Install =<br />
== Mainline ==<br />
* Network: connman<br />
* NTP: [[Chrony]]<br />
* DM: {{Pkg|lightdm}} + {{Pkg|lightdm-gtk-greeter}} + {{Pkg|lightdm-gtk-greeter-settings}}<br />
<br />
== Laptop specific ==<br />
* Power management : {{Pkg|tlp}} + {{AUR|tlpui-git}}<br />
<br />
== Performances ==<br />
* SSD : [[Solid_state_drive#TRIM | TRIM]]<br />
<br />
=== Hibernation ===<br />
==== Enable hibernation ====<br />
[[Suspend_and_hibernate#Hibernation | Hibernation]]<br />
* Create [[Swap#Swap_partition | swap]]<br />
* Initramfs : add resume in {{ic|/etc/mkinitcpio.conf}} and reload it with {{ic|$ mkinicpio -P}}.<br />
* Command line : add {{ic|1=resume=UUID=<UUID>}} to the comandline in grub.<br />
<br />
==== Automatic hibernation ====<br />
Active automatic suspend in {{ic|/etc/systemd/logind.conf}}:<br />
HandlePowerKey=suspend-then-hibernate<br />
HandleLidSwitch=suspend-then-hibernate<br />
<br />
Change delay in {{ic|/etc/systemd/sleep.conf}}:<br />
HibernateDelaySec=45min<br />
<br />
= Post-install =<br />
== Blue light filter ==<br />
Start [[redshift]] as user:<br />
$ systemctl --user enable --now redshift-gtk.service<br />
<br />
== Bluetooth ==<br />
Using pulseaudio<br />
<br />
* https://wiki.archlinux.org/index.php/Bluetooth<br />
* https://wiki.archlinux.org/index.php/Bluetooth_headset<br />
$ pulseaudio --start<br />
$ pavucontrol<br />
<br />
'''i3 volume bindings :'''<br />
Install pa-vol.sh in /usr/local/bin : https://github.com/Louson/pa-vol<br />
bindsym XF86AudioRaiseVolume exec "pa-vol.sh plus"<br />
bindsym XF86AudioLowerVolume exec "pa-vol.sh minus"<br />
bindsym XF86AudioMute exec "pa-vol.sh mute"<br />
<br />
= Rip CD =<br />
== Ripit ==<br />
https://musicbrainz.org/doc/MusicBrainz_Enabled_Applications<br />
ripit + musicbrainz<br />
ripit --mb<br />
<br />
== ABCDE ==<br />
$ abcde<br />
<br />
== Beets ==<br />
Nice util for tagging<br />
$ beet import <dir><br />
Copies the music to the configured directory.<br />
<br />
== Add a DiscId ==<br />
picard + https://musicbrainz.org/doc/How_to_Add_Disc_IDs<br />
<br />
= Create a builder with systemd-nspawn =<br />
<br />
Wiki page: [[Systemd-nspawn]]<br />
<br />
== Get an archived version ==<br />
If you need an ancient version, you can look in the [https://wiki.archlinux.org/index.php/Arch_Linux_Archive archives].<br />
<br />
Download a tarball of the [https://www.archlinux.org/download/ latest] or an [https://archive.archlinux.org/iso archive].<br />
<br />
And extract to specific directory<br />
<br />
== Configure pacman ==<br />
<br />
Change /etc/pacman.d/mirrorlist to allow a mirror. For an archived version, change it with the following content:<br />
{{bc|<nowiki><br />
## <br />
## Arch Linux repository mirrorlist <br />
## Generated on 2042-01-01 <br />
##<br />
Server=https://archive.archlinux.org/repos/<yyyy>/<mm>/<dd>/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
Log in with systemd-nspawn. To log on a i686 archi, prefix the command with linux32 or add the option --personality=x86.<br />
{{bc|<nowiki>$ sudo systemd-nspawn -D <rootfs dir></nowiki>}}<br />
<br />
Install the keys :<br />
{{bc|<nowiki><br />
# pacman-key --init<br />
# pacman-key --populate archlinux<br />
# pacman-key --refresh-keys<br />
</nowiki>}}<br />
<br />
Update with {{bc|<nowiki># pacman -Syyuu</nowiki>}}<br />
<br />
Install base packages :<br />
{{bc|<nowiki><br />
# pacman -S base base-devel<br />
</nowiki>}}<br />
<br />
<br />
== Follow installation guide after chroot ==<br />
<br />
https://wiki.archlinux.org/index.php/Installation_guide#Time_zone<br />
<br />
== Synchronization ==<br />
=== Syncthing ===<br />
http://localhost:8384</div>Lousonhttps://wiki.archlinux.org/index.php?title=ASUS_Zenbook_UX430/UX530&diff=634916ASUS Zenbook UX430/UX5302020-09-11T13:02:26Z<p>Louson: /* Configuration */ AHCI mode</p>
<hr />
<div>[[Category:ASUS]]<br />
[[ja:ASUS Zenbook UX430/UX530]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Intel || {{G|Working}}<br />
|-<br />
| Nvidia || {{G|Working}}<br />
|-<br />
| HDMI (USB cable) || {{G|Working}}<br />
|-<br />
| Ethernet (USB cable) || {{G|Working}}<br />
|-<br />
| Wireless || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Camera || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Function keys || {{G|Working}}<br />
|-<br />
| Fingerprint Sensor || {{Y|Partially working}}<br />
|-<br />
| Ambient Light Sensor || {{Y|Partially working}}<br />
|-<br />
| Battery charge threshold || {{G|Working}}<br />
|}<br />
ASUS [https://www.asus.com/News/q0npwWGXCqpxoVf8 announced] UX430 and UX530 models. Since these models share almost the same hardware (the only difference is screen size and discrete NVidia GPU), this article covers hardware specific configuration for all UX430UA, UX430UQ, UX530UQ and UX530UX models.<br />
<br />
== Configuration ==<br />
<br />
=== Secure Boot (option) ===<br />
In order to boot any Linux operating system, navigate to BIOS, then hit {{ic|F7}} or click on ''Advanced Menu'', then the ''Security'' tab and set ''Secure Boot'' to {{ic|Off}}.<br />
<br />
If the aforementioned ''Secure Boot'' option is a menu rather than an on-or-off option, click on ''Secure Boot'', ''Key Management'', then ''Reset to Setup Mode'' and confirm in the dialog.<br />
<br />
=== Sata configuration ===<br />
If your device is not seen with {{ic|fdisk -l}}, you may need to put your sata in AHCI mode.<br />
<br />
Navigate to BIOS, then hit {{ic|F7}} or click on ''Advanced Menu'', then the ''Sata configuration'' tab and set it to {{ic|AHCI}}.<br />
<br />
=== Video ===<br />
See [[Intel_graphics#Installation|Intel Graphics]] and [[Hardware_video_acceleration|Hardware Acceleration]]. For models with discrete Nvidia graphics card, also see [[NVIDIA Optimus]].<br />
<br />
=== Audio ===<br />
See [[PulseAudio]].<br />
<br />
=== Touchpad ===<br />
See [[Libinput]].<br />
<br />
=== Fingerprint sensor ===<br />
<br />
{{Note|This is likely not going to work at all. See [[Talk:ASUS Zenbook UX430/UX530#Fingerprint Reader]].}}<br />
<br />
The fingerprint sensor is supported since [[Fprint]] v0.99.0, even through it is supported it does not work reliably. This is due to the fingerprint small sensor[https://github.com/iafilatov/libfprint/tree/e459992e76ab322d9f92e1885215f2da7c1d0a59#common-problems].<br />
<br />
=== Ambient Light Sensor ===<br />
<br />
The Ambient Light Sensor should work on UX430UQ[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=db2582afa7444a0ce6bb1ebf1431715969a10b06] and a patch for UX430UNR is available[https://www.spinics.net/lists/platform-driver-x86/msg19357.html].<br />
<br />
=== Battery charge threshold ===<br />
{{Out of date|Kernel 5.4 added the ability to [https://github.com/torvalds/linux/commit/7973353e92ee1e7ca3b2eb361a4b7cb66c92abee#diff-a746f90c9503689310ee8f3bdc77bc4eR429-R437 set the battery charge threshold through the sysfs interface]. See [[ASUS_Zenbook_UX534#Battery_charge_threshold]].}}<br />
{{Note|The following has been tested on a Zenbook UX430UNR with BIOS version 308.}}<br />
Most newer Zenbooks supports specifying a charge stop threshold (see [https://www.asus.com/us/support/FAQ/1032726/ ASUS Battery Health Charging] for more information).<br />
<br />
The battery charge stop threshold can be set by modifying the EC registers, which can be done with {{Pkg|acpi_call}}. Finding the correct EC register to modify, is the tricky part.<br />
<br />
You can check the current threshold and battery percent, with the following commands:<br />
{{bc|$ read () { echo "${1}" > /proc/acpi/call; printf "%d\n" $(sed 's/\x0.*//g' /proc/acpi/call); }<br />
$ read "\_SB.PCI0.LPCB.EC0.RRAM 0x3af"<br />
100 # Percent at which the battery will stop charging (default is 100)<br />
$ read "\_SB.PCI0.LPCB.EC0.RRAM 0x3b0"<br />
80 # current battery percent, should match: cat /sys/class/power_supply/BAT0/capacity}}<br />
<br />
{{Warning|Do not proceed if the commands do not return the expected values!}} <br />
<br />
The threshold can be changed with the following command (the threshold is reset when the computer is power cycled):<br />
{{bc|$ echo "\_SB.PCI0.LPCB.EC0.WRAM 0x3af <battery percent in hex, ex: 0x50 for 80%>" > /proc/acpi/call}}<br />
The hex value can be found with {{ic|printf "0x%x\n" 80}}.<br />
<br />
To change the threshold at boot it is possible to use [[systemd-tmpfiles]]. <br />
{{hc|/etc/tmpfiles.d/battery.conf|<br />
w /proc/acpi/call - - - - \\_SB.PCI0.LPCB.EC0.WRAM 0x3af 0x50 # 80%}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Headphones audio is too low ===<br />
<br />
Linux kernel version 4.14 and earlier has a bug, where you may notice that the audio through the headphones is too low ([https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1648183 upstream bug]). In kernel version 4.15 you have to pull out and plug in back your headset after resume in order to fix the low audio.<br />
<br />
In order to fix it, install {{pkg|alsa-tools}} and create the file:<br />
{{hc|/usr/local/bin/fix_headphones_audio.sh|<nowiki><br />
#!/bin/bash<br />
while true; do<br />
DEVICE=`ls /dev/snd/hwC[[:print:]]*D0 | head -n 1`<br />
if [ ! -z "$DEVICE" ]; then<br />
hda-verb "$DEVICE" 0x20 SET_COEF_INDEX 0x67<br />
hda-verb "$DEVICE" 0x20 SET_PROC_COEF 0x3000<br />
break<br />
fi<br />
sleep 1<br />
done<br />
</nowiki>}}<br />
<br />
Then create a [[systemd]] script with the following content:<br />
{{hc|/etc/systemd/system/fix_headphones_audio.service|<nowiki><br />
[Unit]<br />
Description=Fix headphones audio after boot & resume.<br />
After=multi-user.target suspend.target hibernate.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/bin/sh '/usr/local/bin/fix_headphones_audio.sh'<br />
<br />
[Install]<br />
WantedBy=multi-user.target suspend.target hibernate.target<br />
</nowiki>}}<br />
<br />
And finally, [[Systemd#Using_units|start and enable]] {{ic|fix_headphones_audio.service}}.<br />
<br />
=== Microcode ===<br />
During boot you might get the message {{ic|<nowiki>[Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x52 (or later)</nowiki>}}. See [[Microcode]] to resolve it.<br />
<br />
=== Nvidia issues with Bumblebee ===<br />
It is likely that it's one of these issues:<br />
<br />
* You used a power management application (especially [[Powertop]]). See [[bumblebee#Broken power management with kernel 4.8]] for more information.<br />
* You suspended your laptop and resumed, and are now unable to start your GPU, see [[Bumblebee#Failed to initialize the NVIDIA GPU at PCI:1:0:0 (Bumblebee daemon reported: error: %5BXORG%5D (EE) NVIDIA(GPU-0))]].<br />
<br />
=== Headset Microphone ===<br />
You may encounter an issue where your headset microphone is not being detected. To fix this, create this file and restart your system:<br />
{{hc|/etc/modprobe.d/fix_headset_microphone.conf|<nowiki><br />
# Fix an issue where your headset microphone is not being detected:<br />
options snd-hda-intel model=dell-headset-multi<br />
</nowiki>}}<br />
<br />
=== No sound (after Windows) ===<br />
<br />
{{Accuracy|Someone please check and confirm if [[ASUS_N550JV#Dual_boot|this is working alternative solution]].}}<br />
<br />
There seems to be a bug in the firmware that prevents the embedded sound card from working in Arch after Windows has been restarted. A complete shutdown of the laptop is required to get the sound card working again.<br />
<br />
=== Suspend ===<br />
<br />
Linux (4.17 at least) default to [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-idle suspend-to-idle] which is not very power effective. This is probably due to this change in [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e870c6c87cf9484090d28f2a68aa29e008960c93 4.14-rc1]. For better power effective you can use [https://www.kernel.org/doc/html/latest/admin-guide/pm/sleep-states.html#suspend-to-ram suspend-to-ram] by adding {{ic|1=mem_sleep_default=deep}} to the kernel cmdline.<br />
<br />
If you encounter kernel panic when you suspend, issue can be fix using LTS kernel, plus following kernel option {{ic|1=i915.enable_dc=0}}. No additional options need.<br />
<br />
=== Fan always active ===<br />
<br />
See [[Fan speed control#NBFC]].<br />
<br />
== Tips and tricks ==<br />
<br />
=== Power saving and performance ===<br />
As advertised by ASUS, both laptops are capable to last up to 9 hours on battery. In order to achieve this, see:<br />
<br />
* BIOS update - It is generally recommended to update BIOS, as it usually brings performance, power-saving and security features.<br />
<br />
* [[Power Saving]] - List of general recommendations to increase battery life.<br />
<br />
* [[Improving performance]] - List of general recommendations to increase performance.<br />
<br />
* [[SSD]] - Tips and tricks for Solid State Drives. Both laptops ship M.2 SSD by default.<br />
<br />
* [[Undervolting CPU]] - Decrease voltage for Intel CPU (reduce battery drain, reduce heat and therefore - reduce fan speed)<br />
<br />
=== Extract Windows 10 license key ===<br />
<br />
The laptop comes with Windows 10 preinstalled and the activation key is hardcoded into the firmware. If you replace Windows with Linux, then hardcoded activation key is useless. You might want to extract it and use somewhere else (e.g. virtualized Windows 10):<br />
# grep -aPo '[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}-[\w]{5}' /sys/firmware/acpi/tables/MSDM<br />
<br />
{{Note|Microsoft online support confirmed that the code is valid, but because you are unable to activate it (Windows fails to activate and asks for another code), they offered 2 options - replace activation code with another one for 40$ or contact OEM (ASUS) about this issue.<br />
ASUS confirmed, that in order to "use" this activation key, you need to bring this laptop to repair service so they can "restore" system using ASUS OEM Windows 10 image. They do not provide this image for download.}}</div>Louson