https://wiki.archlinux.org/api.php?action=feedcontributions&user=StrayArch&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:06:02ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=User:StrayArch&diff=481515User:StrayArch2017-07-08T19:37:07Z<p>StrayArch: refer to new username for rebranding</p>
<hr />
<div>rebranding to a new username [[User:Comrumino|Comrumino]]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=User_talk:StrayArch&diff=481513User talk:StrayArch2017-07-08T18:31:59Z<p>StrayArch: Conversation exhausted, remove per guidelines</p>
<hr />
<div></div>StrayArchhttps://wiki.archlinux.org/index.php?title=User:StrayArch&diff=481512User:StrayArch2017-07-08T18:31:10Z<p>StrayArch: provided new alias, rebranding</p>
<hr />
<div>aka [[User:StrayArch|comrumino]] ([[User talk:StrayArch|talk]]) 18:30, 8 July 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=480713Talk:VMware2017-06-30T01:10:19Z<p>StrayArch: /* 12.5.3 and 4.10.1-1-ARCH */ exhausted conversation cleaned up</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (12.5.3 through 12.5.5 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)<br />
: I agree that it could use some cleanup. On a related note, I was thinking there should be a note somewhere on {{pkg|linux-lts}}, since vmware has tendency to break with every new minor version of {{pkg|linux}}. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:42, 10 June 2017 (UTC)<br />
:: To further expand on my previous comment --- the troubleshooting subsections for old minor versions should stay. After updating and rebooting, I am still unable to get 12.5.6 to work with {{pkg|linux}} and {{pkg|awesome}}. For now, I am using 12.5.4 with {{pkg|linux-lts}}. tl;dr the subsections regarding old minor versions should be kept since they are relevant to lts. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 16:56, 10 June 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:OpenLDAP&diff=480607Talk:OpenLDAP2017-06-28T15:38:09Z<p>StrayArch: proposed new section, it seems useful</p>
<hr />
<div>Proposing adding section on groups/memberof.so --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:37, 28 June 2017 (UTC)<br />
<br />
<s>== Installation Guide Not Working ==<br />
<br />
* The Installation Guide as it stands now doesn't work. I'm getting errors about not being able to listen on ipv6 (Which if there is a configuration I'm missing, would be a missing switch in the systemd unit file - bug?)<br />
* There is no explanation of schemas or indexes and which to enable or leave out.<br />
* I'm told to configure the {{ic|/etc/openldap/slapd.conf}} file and ''then'' I'm told that it is deprecated and should be using {{ic|slapd.d}}. Thereafter I'm told to edit {{ic|slapd.conf}}, delete all files in {{ic|slapd.d}} and run {{ic|slaptest}} every time I want to make a configuration change. There is no explanation for directly working with {{ic|slapd.d}}.<br />
* The automated setup script fails to create a working ldap installation. Various "No such file or directory" errors throughout the running of the script. Also puts invalid syntax into {{ic|slapd.conf}}.<br />
--[[User:Tedd|Tedd]] ([[User talk:Tedd|talk]]) 21:06, 5 August 2014 (UTC)<br />
::Yes, this page is outdated or poorly written. Following the examples is not working without issues. I'm currently thinking of reorganizing the whole LDAP section. If you were able to figure out the issues, please correct the sections. --[[User:T.ask|T.ask]] ([[User talk:T.ask|talk]]) 11:51, 2 April 2015 (UTC)<br />
</s></div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:OpenLDAP&diff=480606Talk:OpenLDAP2017-06-28T15:36:56Z<p>StrayArch: /* Installation Guide Not Working */ conversation is exhausted</p>
<hr />
<div><br />
<s>== Installation Guide Not Working ==<br />
<br />
* The Installation Guide as it stands now doesn't work. I'm getting errors about not being able to listen on ipv6 (Which if there is a configuration I'm missing, would be a missing switch in the systemd unit file - bug?)<br />
* There is no explanation of schemas or indexes and which to enable or leave out.<br />
* I'm told to configure the {{ic|/etc/openldap/slapd.conf}} file and ''then'' I'm told that it is deprecated and should be using {{ic|slapd.d}}. Thereafter I'm told to edit {{ic|slapd.conf}}, delete all files in {{ic|slapd.d}} and run {{ic|slaptest}} every time I want to make a configuration change. There is no explanation for directly working with {{ic|slapd.d}}.<br />
* The automated setup script fails to create a working ldap installation. Various "No such file or directory" errors throughout the running of the script. Also puts invalid syntax into {{ic|slapd.conf}}.<br />
--[[User:Tedd|Tedd]] ([[User talk:Tedd|talk]]) 21:06, 5 August 2014 (UTC)<br />
::Yes, this page is outdated or poorly written. Following the examples is not working without issues. I'm currently thinking of reorganizing the whole LDAP section. If you were able to figure out the issues, please correct the sections. --[[User:T.ask|T.ask]] ([[User talk:T.ask|talk]]) 11:51, 2 April 2015 (UTC)<br />
</s></div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenLDAP&diff=480605OpenLDAP2017-06-28T15:27:37Z<p>StrayArch: /* Configuration */ moved change ownership step prior to stopping and starting slapd.service. this prevents the job from failing</p>
<hr />
<div>[[Category:Networking]]<br />
[[ja:openLDAP]]<br />
[[ru:OpenLDAP]]<br />
[[zh-hans:OpenLDAP]]<br />
{{Related articles start}}<br />
{{Related|LDAP Authentication}}<br />
{{Related|LDAP Hosts}}<br />
{{Related articles end}}<br />
<br />
OpenLDAP is an open-source implementation of the LDAP protocol. An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data. It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or [[LDAP authentication|Linux system authentication]], where it replaces {{ic|/etc/passwd}}) and basically holds the user data.<br />
<br />
{{note|Commands related to OpenLDAP that begin with {{ic|ldap}} (like {{ic|ldapsearch}}) are client-side utilities, while commands that begin with {{ic|slap}} (like {{ic|slapcat}}) are server-side.}}<br />
<br />
This page is a starting point for a basic OpenLDAP installation and a sanity check.<br />
<br />
{{Tip|Directory services are an enormous topic. Configuration can therefore be complex. If you are totally new to those concepts, [http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html this] is an good introduction that is easy to understand and that will get you started, even if you are new to everything LDAP.}}<br />
<br />
== Installation ==<br />
<br />
OpenLDAP contains both a LDAP server and client. [[Install]] it with the package {{Pkg|openldap}}.<br />
<br />
== Configuration ==<br />
<br />
=== The server ===<br />
<br />
{{Note|If you already have an OpenLDAP database on your machine and would like to remove it, then it can be removed by deleting everything inside of {{ic|/var/lib/openldap/openldap-data/}}. So, backup your {{ic|DB_CONFIG}}.}}<br />
<br />
The server configuration file is located at {{ic|/etc/openldap/slapd.conf}}.<br />
<br />
Edit the suffix and rootdn. The suffix typically is your domain name but it does not have to be. It depends on how you use your directory. We will use ''example'' for the domain name, and ''com'' for the tld. The rootdn is your LDAP administrator's name (we will use ''root'' here).<br />
{{bc|<nowiki><br />
suffix "dc=example,dc=com"<br />
rootdn "cn=root,dc=example,dc=com"<br />
</nowiki>}}<br />
<br />
Now we delete the default root password and create a strong one:<br />
# sed -i "/rootpw/ d" /etc/openldap/slapd.conf #find the line with rootpw and delete it<br />
# echo "rootpw $(slappasswd)" >> /etc/openldap/slapd.conf #add a line which includes the hashed password output from slappasswd<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/schema.html schemas] to the top of {{ic|slapd.conf}}:<br />
<br />
{{Note|currently missing: <br />
cp /usr/share/doc/samba/examples/LDAP/samba.schema /etc/openldap/schema}}<br />
<br />
{{bc|<br />
include /etc/openldap/schema/cosine.schema<br />
include /etc/openldap/schema/inetorgperson.schema<br />
include /etc/openldap/schema/nis.schema<br />
#include /etc/openldap/schema/samba.schema<br />
}}<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/tuning.html#Indexes indexes] to the bottom of {{ic|slapd.conf}}:<br />
{{bc|<br />
index uid pres,eq<br />
index mail pres,sub,eq<br />
index cn pres,sub,eq<br />
index sn pres,sub,eq<br />
index dc eq<br />
}}<br />
<br />
If you plan to use your LDAP server for authentication, you might want to check access control configuration in [[LDAP authentication#LDAP Server Setup]].<br />
<br />
Now prepare the database directory. You will need to rename the default config:<br />
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG<br />
<br />
{{Note|With OpenLDAP 2.4 the configuration of {{ic|slapd.conf}} is deprecated. From this version on all configuration settings are stored in {{ic|/etc/openldap/slapd.d/}}.}}<br />
<br />
To store the recent changes in {{ic|slapd.conf}} to the new {{ic|/etc/openldap/slapd.d/}} configuration settings, we have to delete the old configuration files first, do this every time you change the configuration:<br />
<br />
# rm -rf /etc/openldap/slapd.d/*<br />
<br />
Change ownership recursively on the new files and directory in /etc/openldap/slapd.d:<br />
<br />
# chown -R ldap:ldap /etc/openldap/slapd.d<br />
<br />
(if you do not have a database yet, you might need to create one by starting and stopping the {{ic|slapd.service}} [[systemd#Using units|using systemd]] )<br />
<br />
Then we generate the new configuration with:<br />
<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/<br />
<br />
The above command has to be run every time you change {{ic|slapd.conf}}. Check if everything succeeded. Ignore message "bdb_monitor_db_open: monitoring disabled; configure monitor database to enable". <br />
<br />
{{note|Index the directory after you populate it. You should stop slapd before doing this.<br />
# slapindex<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
or just<br />
<br />
$ sudo -u ldap slapindex<br />
}}<br />
<br />
Finally, start the slapd daemon with {{ic|slapd.service}} using systemd.<br />
<br />
=== The client ===<br />
The client config file is located at {{ic|/etc/openldap/ldap.conf}}. <br />
<br />
It is quite simple: you will only have to alter {{ic|BASE}} to reflect the suffix of the server, and {{ic|URI}} to reflect the address of the server, like:<br />
<br />
{{hc|/etc/openldap/ldap.conf|2=<br />
BASE dc=example,dc=com<br />
URI ldap://localhost<br />
}}<br />
<br />
If you decide to use SSL:<br />
<br />
* The protocol (ldap or ldaps) in the {{ic|URI}} entry has to conform with the slapd configuration<br />
* If you decide to use self-signed certificates, add a {{ic|TLS_REQCERT allow}} line to {{ic|ldap.conf}}<br />
* If you use a signed certificate from a CA, add the line {{ic|TLS_CACERTDIR /usr/share/ca-certificates/trust-source}} in {{ic|ldap.conf}}.<br />
<br />
=== Create initial entry ===<br />
Once your client is configured, you probably want to create the root entry, and an entry for the root role:<br />
<br />
$ ldapadd -x -D 'cn=root,dc=example,dc=com' -W<br />
dn: dc=example,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
dc: example<br />
o: Example<br />
description: Example directory<br />
<br />
dn: cn=root,dc=example,dc=com<br />
objectClass: organizationalRole<br />
cn: root<br />
description: Directory Manager<br />
^D<br />
<br />
The text after the first line is entered on stdin, or could be read from a file either with the -f option or a file redirect.<br />
<br />
=== Test your new OpenLDAP installation ===<br />
<br />
This is easy, just run the command below:<br />
$ ldapsearch -x '(objectclass=*)'<br />
<br />
Or authenticating as the rootdn (replacing {{ic|-x}} by {{ic|-D <user> -W}}), using the example configuration we had above:<br />
$ ldapsearch -D "cn=root,dc=example,dc=com" -W '(objectclass=*)'<br />
<br />
Now you should see some information about your database.<br />
<br />
=== OpenLDAP over TLS ===<br />
{{Note|[http://www.openldap.org/doc/admin24/ upstream documentation] is much more useful/complete than this section}}<br />
<br />
If you access the OpenLDAP server over the network and especially if you have sensitive data stored on the server you run the risk of someone sniffing your data which is sent clear-text. The next part will guide you on how to setup an SSL connection between the LDAP server and the client so the data will be sent encrypted.<br />
<br />
In order to use TLS, you must have a certificate. For testing purposes, a ''self-signed'' certificate will suffice. To learn more about certificates, see [[OpenSSL]].<br />
<br />
{{Warning|OpenLDAP cannot use a certificate that has a password associated to it.}}<br />
<br />
==== Create a self-signed certificate ====<br />
To create a ''self-signed'' certificate, type the following:<br />
$ openssl req -new -x509 -nodes -out slapdcert.pem -keyout slapdkey.pem -days 365<br />
<br />
You will be prompted for information about your LDAP server. Much of the information can be left blank. The most important information is the common name. This must be set to the DNS name of your LDAP server. If your LDAP server's IP address resolves to example.org but its server certificate shows a CN of bad.example.org, LDAP clients will reject the certificate and will be unable to negotiate TLS connections (apparently the results are wholly unpredictable).<br />
<br />
Now that the certificate files have been created copy them to {{ic|/etc/openldap/ssl/}} (create this directory if it does not exist) and secure them. <br />
{{ic|slapdcert.pem}} must be world readable because it contains the public key. {{ic|slapdkey.pem}} on the other hand should only be readable for the ldap user for security reasons:<br />
# mv slapdcert.pem slapdkey.pem /etc/openldap/ssl/<br />
# chmod -R 755 /etc/openldap/ssl/<br />
# chmod 400 /etc/openldap/ssl/slapdkey.pem<br />
# chmod 444 /etc/openldap/ssl/slapdcert.pem<br />
# chown ldap /etc/openldap/ssl/slapdkey.pem<br />
<br />
==== Configure slapd for SSL ====<br />
Edit the daemon configuration file ({{ic|/etc/openldap/slapd.conf}}) to tell LDAP where the certificate files reside by adding the following lines:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem<br />
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem<br />
}}<br />
<br />
If you are using a signed SSL Certificate from a certification authority such as [[Let’s Encrypt]], you will also need to specify the path to the root certificates database and your intermediary certificate. You will also need to change ownership of the {{ic|.pem}} files and intermediary directories to make them readable to the user {{ic|ldap}}:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/letsencrypt/live/ldap.my-domain.com/cert.pem<br />
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.my-domain.com/privkey.pem<br />
TLSCACertificateFile /etc/letsencrypt/live/ldap.my-domain.com/chain.pem<br />
TLSCACertificatePath /usr/share/ca-certificates/trust-source<br />
}}<br />
<br />
The TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose when negotiating TLS connections, in decreasing order of preference. In addition to those specific ciphers, you can use any of the wildcards supported by OpenSSL. '''NOTE:''' DEFAULT is a wildcard. See {{ic|man ciphers}} for description of ciphers, wildcards and options supported.<br />
<br />
{{Note|To see which ciphers are supported by your local OpenSSL installation, type the following: {{ic|openssl ciphers -v ALL:COMPLEMENTOFALL}}. Always test which ciphers will actually be enabled by TLSCipherSuite by providing it to OpenSSL command, like this: {{ic|openssl ciphers -v 'DEFAULT'}} }}<br />
<br />
Regenerate the configuration directory:<br />
# rm -rf /etc/openldap/slapd.d/* # erase old config settings<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ # generate new config directory from config file<br />
# chown -R ldap:ldap /etc/openldap/slapd.d # Change ownership recursively to ldap on the config directory<br />
<br />
==== Start slapd with SSL ====<br />
You will have to edit {{ic|slapd.service}} to change to protocol slapd listens on.<br />
<br />
Create the override unit:<br />
{{hc|systemctl edit slapd.service|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldaps:///"</nowiki>}}<br />
<br />
Localhost connections do not need to use SSL. So, if you want to access the server locally you should change the {{ic|ExecStart}} line to:<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldap://127.0.0.1 ldaps:///"<br />
<br />
Then [[restart]] {{ic|slapd.service}}. If it was enabled before, reenable it now.<br />
<br />
{{Note|If you created a self-signed certificate above, be sure to add {{ic|TLS_REQCERT allow}} to {{ic|/etc/openldap/ldap.conf}} on the client, or it will not be able connect to the server.}}<br />
<br />
== Next steps ==<br />
<br />
You now have a basic LDAP installation. The next step is to design your directory. The design is heavily dependent on what you are using it for. If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory ([[PAM]], [[Postfix]], etc).<br />
<br />
A directory for system authentication is the [[LDAP authentication]] article.<br />
<br />
A nice web frontend is [[phpLDAPadmin]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== slapd configuration checking ===<br />
You can check config settings with<br />
<br />
$ slaptest -f /etc/openldap/slapd.conf -v<br />
<br />
=== Client authentication checking ===<br />
If you cannot connect to your server for non-secure authentication<br />
<br />
$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
and for TLS secured authentication with:<br />
<br />
$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
=== LDAP server stops suddenly ===<br />
<br />
If you notice that slapd seems to start but then stops, try running:<br />
<br />
# chown -R ldap:ldap /var/lib/openldap<br />
<br />
to allow slapd write access to its data directory as the user "ldap".<br />
<br />
=== LDAP server does not start ===<br />
<br />
Try starting the server from the command line with debugging output enabled:<br />
<br />
# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats<br />
<br />
== See also ==<br />
* [http://www.openldap.org/doc/admin24/ Official OpenLDAP Software 2.4 Administrator's Guide]<br />
* [[phpLDAPadmin]] is a web interface tool in the style of phpMyAdmin.<br />
* [[LDAP authentication]]<br />
* {{AUR|apachedirectorystudio}} from the [[Arch User Repository]] is an Eclipse-based LDAP viewer. Works perfect with OpenLDAP installations.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenLDAP&diff=480604OpenLDAP2017-06-28T15:10:08Z<p>StrayArch: /* The server */ typo, missed closing }}</p>
<hr />
<div>[[Category:Networking]]<br />
[[ja:openLDAP]]<br />
[[ru:OpenLDAP]]<br />
[[zh-hans:OpenLDAP]]<br />
{{Related articles start}}<br />
{{Related|LDAP Authentication}}<br />
{{Related|LDAP Hosts}}<br />
{{Related articles end}}<br />
<br />
OpenLDAP is an open-source implementation of the LDAP protocol. An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data. It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or [[LDAP authentication|Linux system authentication]], where it replaces {{ic|/etc/passwd}}) and basically holds the user data.<br />
<br />
{{note|Commands related to OpenLDAP that begin with {{ic|ldap}} (like {{ic|ldapsearch}}) are client-side utilities, while commands that begin with {{ic|slap}} (like {{ic|slapcat}}) are server-side.}}<br />
<br />
This page is a starting point for a basic OpenLDAP installation and a sanity check.<br />
<br />
{{Tip|Directory services are an enormous topic. Configuration can therefore be complex. If you are totally new to those concepts, [http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html this] is an good introduction that is easy to understand and that will get you started, even if you are new to everything LDAP.}}<br />
<br />
== Installation ==<br />
<br />
OpenLDAP contains both a LDAP server and client. [[Install]] it with the package {{Pkg|openldap}}.<br />
<br />
== Configuration ==<br />
<br />
=== The server ===<br />
<br />
{{Note|If you already have an OpenLDAP database on your machine and would like to remove it, then it can be removed by deleting everything inside of {{ic|/var/lib/openldap/openldap-data/}}. So, backup your {{ic|DB_CONFIG}}.}}<br />
<br />
The server configuration file is located at {{ic|/etc/openldap/slapd.conf}}.<br />
<br />
Edit the suffix and rootdn. The suffix typically is your domain name but it does not have to be. It depends on how you use your directory. We will use ''example'' for the domain name, and ''com'' for the tld. The rootdn is your LDAP administrator's name (we will use ''root'' here).<br />
{{bc|<nowiki><br />
suffix "dc=example,dc=com"<br />
rootdn "cn=root,dc=example,dc=com"<br />
</nowiki>}}<br />
<br />
Now we delete the default root password and create a strong one:<br />
# sed -i "/rootpw/ d" /etc/openldap/slapd.conf #find the line with rootpw and delete it<br />
# echo "rootpw $(slappasswd)" >> /etc/openldap/slapd.conf #add a line which includes the hashed password output from slappasswd<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/schema.html schemas] to the top of {{ic|slapd.conf}}:<br />
<br />
{{Note|currently missing: <br />
cp /usr/share/doc/samba/examples/LDAP/samba.schema /etc/openldap/schema}}<br />
<br />
{{bc|<br />
include /etc/openldap/schema/cosine.schema<br />
include /etc/openldap/schema/inetorgperson.schema<br />
include /etc/openldap/schema/nis.schema<br />
#include /etc/openldap/schema/samba.schema<br />
}}<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/tuning.html#Indexes indexes] to the bottom of {{ic|slapd.conf}}:<br />
{{bc|<br />
index uid pres,eq<br />
index mail pres,sub,eq<br />
index cn pres,sub,eq<br />
index sn pres,sub,eq<br />
index dc eq<br />
}}<br />
<br />
If you plan to use your LDAP server for authentication, you might want to check access control configuration in [[LDAP authentication#LDAP Server Setup]].<br />
<br />
Now prepare the database directory. You will need to rename the default config:<br />
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG<br />
<br />
{{Note|With OpenLDAP 2.4 the configuration of {{ic|slapd.conf}} is deprecated. From this version on all configuration settings are stored in {{ic|/etc/openldap/slapd.d/}}.}}<br />
<br />
To store the recent changes in {{ic|slapd.conf}} to the new {{ic|/etc/openldap/slapd.d/}} configuration settings, we have to delete the old configuration files first, do this every time you change the configuration:<br />
<br />
# rm -rf /etc/openldap/slapd.d/*<br />
<br />
(if you do not have a database yet, you might need to create one by starting and stopping the {{ic|slapd.service}} [[systemd#Using units|using systemd]] )<br />
<br />
Then we generate the new configuration with:<br />
<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/<br />
<br />
The above command has to be run every time you change {{ic|slapd.conf}}. Check if everything succeeded. Ignore message "bdb_monitor_db_open: monitoring disabled; configure monitor database to enable". <br />
<br />
Change ownership recursively on the new files and directory in /etc/openldap/slapd.d:<br />
<br />
# chown -R ldap:ldap /etc/openldap/slapd.d<br />
<br />
{{note|Index the directory after you populate it. You should stop slapd before doing this.<br />
# slapindex<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
or just<br />
<br />
$ sudo -u ldap slapindex<br />
}}<br />
<br />
Finally, start the slapd daemon with {{ic|slapd.service}} using systemd.<br />
<br />
=== The client ===<br />
The client config file is located at {{ic|/etc/openldap/ldap.conf}}. <br />
<br />
It is quite simple: you will only have to alter {{ic|BASE}} to reflect the suffix of the server, and {{ic|URI}} to reflect the address of the server, like:<br />
<br />
{{hc|/etc/openldap/ldap.conf|2=<br />
BASE dc=example,dc=com<br />
URI ldap://localhost<br />
}}<br />
<br />
If you decide to use SSL:<br />
<br />
* The protocol (ldap or ldaps) in the {{ic|URI}} entry has to conform with the slapd configuration<br />
* If you decide to use self-signed certificates, add a {{ic|TLS_REQCERT allow}} line to {{ic|ldap.conf}}<br />
* If you use a signed certificate from a CA, add the line {{ic|TLS_CACERTDIR /usr/share/ca-certificates/trust-source}} in {{ic|ldap.conf}}.<br />
<br />
=== Create initial entry ===<br />
Once your client is configured, you probably want to create the root entry, and an entry for the root role:<br />
<br />
$ ldapadd -x -D 'cn=root,dc=example,dc=com' -W<br />
dn: dc=example,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
dc: example<br />
o: Example<br />
description: Example directory<br />
<br />
dn: cn=root,dc=example,dc=com<br />
objectClass: organizationalRole<br />
cn: root<br />
description: Directory Manager<br />
^D<br />
<br />
The text after the first line is entered on stdin, or could be read from a file either with the -f option or a file redirect.<br />
<br />
=== Test your new OpenLDAP installation ===<br />
<br />
This is easy, just run the command below:<br />
$ ldapsearch -x '(objectclass=*)'<br />
<br />
Or authenticating as the rootdn (replacing {{ic|-x}} by {{ic|-D <user> -W}}), using the example configuration we had above:<br />
$ ldapsearch -D "cn=root,dc=example,dc=com" -W '(objectclass=*)'<br />
<br />
Now you should see some information about your database.<br />
<br />
=== OpenLDAP over TLS ===<br />
{{Note|[http://www.openldap.org/doc/admin24/ upstream documentation] is much more useful/complete than this section}}<br />
<br />
If you access the OpenLDAP server over the network and especially if you have sensitive data stored on the server you run the risk of someone sniffing your data which is sent clear-text. The next part will guide you on how to setup an SSL connection between the LDAP server and the client so the data will be sent encrypted.<br />
<br />
In order to use TLS, you must have a certificate. For testing purposes, a ''self-signed'' certificate will suffice. To learn more about certificates, see [[OpenSSL]].<br />
<br />
{{Warning|OpenLDAP cannot use a certificate that has a password associated to it.}}<br />
<br />
==== Create a self-signed certificate ====<br />
To create a ''self-signed'' certificate, type the following:<br />
$ openssl req -new -x509 -nodes -out slapdcert.pem -keyout slapdkey.pem -days 365<br />
<br />
You will be prompted for information about your LDAP server. Much of the information can be left blank. The most important information is the common name. This must be set to the DNS name of your LDAP server. If your LDAP server's IP address resolves to example.org but its server certificate shows a CN of bad.example.org, LDAP clients will reject the certificate and will be unable to negotiate TLS connections (apparently the results are wholly unpredictable).<br />
<br />
Now that the certificate files have been created copy them to {{ic|/etc/openldap/ssl/}} (create this directory if it does not exist) and secure them. <br />
{{ic|slapdcert.pem}} must be world readable because it contains the public key. {{ic|slapdkey.pem}} on the other hand should only be readable for the ldap user for security reasons:<br />
# mv slapdcert.pem slapdkey.pem /etc/openldap/ssl/<br />
# chmod -R 755 /etc/openldap/ssl/<br />
# chmod 400 /etc/openldap/ssl/slapdkey.pem<br />
# chmod 444 /etc/openldap/ssl/slapdcert.pem<br />
# chown ldap /etc/openldap/ssl/slapdkey.pem<br />
<br />
==== Configure slapd for SSL ====<br />
Edit the daemon configuration file ({{ic|/etc/openldap/slapd.conf}}) to tell LDAP where the certificate files reside by adding the following lines:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem<br />
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem<br />
}}<br />
<br />
If you are using a signed SSL Certificate from a certification authority such as [[Let’s Encrypt]], you will also need to specify the path to the root certificates database and your intermediary certificate. You will also need to change ownership of the {{ic|.pem}} files and intermediary directories to make them readable to the user {{ic|ldap}}:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/letsencrypt/live/ldap.my-domain.com/cert.pem<br />
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.my-domain.com/privkey.pem<br />
TLSCACertificateFile /etc/letsencrypt/live/ldap.my-domain.com/chain.pem<br />
TLSCACertificatePath /usr/share/ca-certificates/trust-source<br />
}}<br />
<br />
The TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose when negotiating TLS connections, in decreasing order of preference. In addition to those specific ciphers, you can use any of the wildcards supported by OpenSSL. '''NOTE:''' DEFAULT is a wildcard. See {{ic|man ciphers}} for description of ciphers, wildcards and options supported.<br />
<br />
{{Note|To see which ciphers are supported by your local OpenSSL installation, type the following: {{ic|openssl ciphers -v ALL:COMPLEMENTOFALL}}. Always test which ciphers will actually be enabled by TLSCipherSuite by providing it to OpenSSL command, like this: {{ic|openssl ciphers -v 'DEFAULT'}} }}<br />
<br />
Regenerate the configuration directory:<br />
# rm -rf /etc/openldap/slapd.d/* # erase old config settings<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ # generate new config directory from config file<br />
# chown -R ldap:ldap /etc/openldap/slapd.d # Change ownership recursively to ldap on the config directory<br />
<br />
==== Start slapd with SSL ====<br />
You will have to edit {{ic|slapd.service}} to change to protocol slapd listens on.<br />
<br />
Create the override unit:<br />
{{hc|systemctl edit slapd.service|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldaps:///"</nowiki>}}<br />
<br />
Localhost connections do not need to use SSL. So, if you want to access the server locally you should change the {{ic|ExecStart}} line to:<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldap://127.0.0.1 ldaps:///"<br />
<br />
Then [[restart]] {{ic|slapd.service}}. If it was enabled before, reenable it now.<br />
<br />
{{Note|If you created a self-signed certificate above, be sure to add {{ic|TLS_REQCERT allow}} to {{ic|/etc/openldap/ldap.conf}} on the client, or it will not be able connect to the server.}}<br />
<br />
== Next steps ==<br />
<br />
You now have a basic LDAP installation. The next step is to design your directory. The design is heavily dependent on what you are using it for. If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory ([[PAM]], [[Postfix]], etc).<br />
<br />
A directory for system authentication is the [[LDAP authentication]] article.<br />
<br />
A nice web frontend is [[phpLDAPadmin]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== slapd configuration checking ===<br />
You can check config settings with<br />
<br />
$ slaptest -f /etc/openldap/slapd.conf -v<br />
<br />
=== Client authentication checking ===<br />
If you cannot connect to your server for non-secure authentication<br />
<br />
$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
and for TLS secured authentication with:<br />
<br />
$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
=== LDAP server stops suddenly ===<br />
<br />
If you notice that slapd seems to start but then stops, try running:<br />
<br />
# chown -R ldap:ldap /var/lib/openldap<br />
<br />
to allow slapd write access to its data directory as the user "ldap".<br />
<br />
=== LDAP server does not start ===<br />
<br />
Try starting the server from the command line with debugging output enabled:<br />
<br />
# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats<br />
<br />
== See also ==<br />
* [http://www.openldap.org/doc/admin24/ Official OpenLDAP Software 2.4 Administrator's Guide]<br />
* [[phpLDAPadmin]] is a web interface tool in the style of phpMyAdmin.<br />
* [[LDAP authentication]]<br />
* {{AUR|apachedirectorystudio}} from the [[Arch User Repository]] is an Eclipse-based LDAP viewer. Works perfect with OpenLDAP installations.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenLDAP&diff=480603OpenLDAP2017-06-28T15:09:26Z<p>StrayArch: /* The server */ edited note about deleting the database. it was a imperative sentence and not all users may want to do this.</p>
<hr />
<div>[[Category:Networking]]<br />
[[ja:openLDAP]]<br />
[[ru:OpenLDAP]]<br />
[[zh-hans:OpenLDAP]]<br />
{{Related articles start}}<br />
{{Related|LDAP Authentication}}<br />
{{Related|LDAP Hosts}}<br />
{{Related articles end}}<br />
<br />
OpenLDAP is an open-source implementation of the LDAP protocol. An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data. It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or [[LDAP authentication|Linux system authentication]], where it replaces {{ic|/etc/passwd}}) and basically holds the user data.<br />
<br />
{{note|Commands related to OpenLDAP that begin with {{ic|ldap}} (like {{ic|ldapsearch}}) are client-side utilities, while commands that begin with {{ic|slap}} (like {{ic|slapcat}}) are server-side.}}<br />
<br />
This page is a starting point for a basic OpenLDAP installation and a sanity check.<br />
<br />
{{Tip|Directory services are an enormous topic. Configuration can therefore be complex. If you are totally new to those concepts, [http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html this] is an good introduction that is easy to understand and that will get you started, even if you are new to everything LDAP.}}<br />
<br />
== Installation ==<br />
<br />
OpenLDAP contains both a LDAP server and client. [[Install]] it with the package {{Pkg|openldap}}.<br />
<br />
== Configuration ==<br />
<br />
=== The server ===<br />
<br />
{{Note|If you already have an OpenLDAP database on your machine and would like to remove it, then it can be removed by deleting everything inside of {{ic|/var/lib/openldap/openldap-data/}}. So, backup your {{ic|DB_CONFIG}}.<br />
<br />
The server configuration file is located at {{ic|/etc/openldap/slapd.conf}}.<br />
<br />
Edit the suffix and rootdn. The suffix typically is your domain name but it does not have to be. It depends on how you use your directory. We will use ''example'' for the domain name, and ''com'' for the tld. The rootdn is your LDAP administrator's name (we will use ''root'' here).<br />
{{bc|<nowiki><br />
suffix "dc=example,dc=com"<br />
rootdn "cn=root,dc=example,dc=com"<br />
</nowiki>}}<br />
<br />
Now we delete the default root password and create a strong one:<br />
# sed -i "/rootpw/ d" /etc/openldap/slapd.conf #find the line with rootpw and delete it<br />
# echo "rootpw $(slappasswd)" >> /etc/openldap/slapd.conf #add a line which includes the hashed password output from slappasswd<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/schema.html schemas] to the top of {{ic|slapd.conf}}:<br />
<br />
{{Note|currently missing: <br />
cp /usr/share/doc/samba/examples/LDAP/samba.schema /etc/openldap/schema}}<br />
<br />
{{bc|<br />
include /etc/openldap/schema/cosine.schema<br />
include /etc/openldap/schema/inetorgperson.schema<br />
include /etc/openldap/schema/nis.schema<br />
#include /etc/openldap/schema/samba.schema<br />
}}<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/tuning.html#Indexes indexes] to the bottom of {{ic|slapd.conf}}:<br />
{{bc|<br />
index uid pres,eq<br />
index mail pres,sub,eq<br />
index cn pres,sub,eq<br />
index sn pres,sub,eq<br />
index dc eq<br />
}}<br />
<br />
If you plan to use your LDAP server for authentication, you might want to check access control configuration in [[LDAP authentication#LDAP Server Setup]].<br />
<br />
Now prepare the database directory. You will need to rename the default config:<br />
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG<br />
<br />
{{Note|With OpenLDAP 2.4 the configuration of {{ic|slapd.conf}} is deprecated. From this version on all configuration settings are stored in {{ic|/etc/openldap/slapd.d/}}.}}<br />
<br />
To store the recent changes in {{ic|slapd.conf}} to the new {{ic|/etc/openldap/slapd.d/}} configuration settings, we have to delete the old configuration files first, do this every time you change the configuration:<br />
<br />
# rm -rf /etc/openldap/slapd.d/*<br />
<br />
(if you do not have a database yet, you might need to create one by starting and stopping the {{ic|slapd.service}} [[systemd#Using units|using systemd]] )<br />
<br />
Then we generate the new configuration with:<br />
<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/<br />
<br />
The above command has to be run every time you change {{ic|slapd.conf}}. Check if everything succeeded. Ignore message "bdb_monitor_db_open: monitoring disabled; configure monitor database to enable". <br />
<br />
Change ownership recursively on the new files and directory in /etc/openldap/slapd.d:<br />
<br />
# chown -R ldap:ldap /etc/openldap/slapd.d<br />
<br />
{{note|Index the directory after you populate it. You should stop slapd before doing this.<br />
# slapindex<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
or just<br />
<br />
$ sudo -u ldap slapindex<br />
}}<br />
<br />
Finally, start the slapd daemon with {{ic|slapd.service}} using systemd.<br />
<br />
=== The client ===<br />
The client config file is located at {{ic|/etc/openldap/ldap.conf}}. <br />
<br />
It is quite simple: you will only have to alter {{ic|BASE}} to reflect the suffix of the server, and {{ic|URI}} to reflect the address of the server, like:<br />
<br />
{{hc|/etc/openldap/ldap.conf|2=<br />
BASE dc=example,dc=com<br />
URI ldap://localhost<br />
}}<br />
<br />
If you decide to use SSL:<br />
<br />
* The protocol (ldap or ldaps) in the {{ic|URI}} entry has to conform with the slapd configuration<br />
* If you decide to use self-signed certificates, add a {{ic|TLS_REQCERT allow}} line to {{ic|ldap.conf}}<br />
* If you use a signed certificate from a CA, add the line {{ic|TLS_CACERTDIR /usr/share/ca-certificates/trust-source}} in {{ic|ldap.conf}}.<br />
<br />
=== Create initial entry ===<br />
Once your client is configured, you probably want to create the root entry, and an entry for the root role:<br />
<br />
$ ldapadd -x -D 'cn=root,dc=example,dc=com' -W<br />
dn: dc=example,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
dc: example<br />
o: Example<br />
description: Example directory<br />
<br />
dn: cn=root,dc=example,dc=com<br />
objectClass: organizationalRole<br />
cn: root<br />
description: Directory Manager<br />
^D<br />
<br />
The text after the first line is entered on stdin, or could be read from a file either with the -f option or a file redirect.<br />
<br />
=== Test your new OpenLDAP installation ===<br />
<br />
This is easy, just run the command below:<br />
$ ldapsearch -x '(objectclass=*)'<br />
<br />
Or authenticating as the rootdn (replacing {{ic|-x}} by {{ic|-D <user> -W}}), using the example configuration we had above:<br />
$ ldapsearch -D "cn=root,dc=example,dc=com" -W '(objectclass=*)'<br />
<br />
Now you should see some information about your database.<br />
<br />
=== OpenLDAP over TLS ===<br />
{{Note|[http://www.openldap.org/doc/admin24/ upstream documentation] is much more useful/complete than this section}}<br />
<br />
If you access the OpenLDAP server over the network and especially if you have sensitive data stored on the server you run the risk of someone sniffing your data which is sent clear-text. The next part will guide you on how to setup an SSL connection between the LDAP server and the client so the data will be sent encrypted.<br />
<br />
In order to use TLS, you must have a certificate. For testing purposes, a ''self-signed'' certificate will suffice. To learn more about certificates, see [[OpenSSL]].<br />
<br />
{{Warning|OpenLDAP cannot use a certificate that has a password associated to it.}}<br />
<br />
==== Create a self-signed certificate ====<br />
To create a ''self-signed'' certificate, type the following:<br />
$ openssl req -new -x509 -nodes -out slapdcert.pem -keyout slapdkey.pem -days 365<br />
<br />
You will be prompted for information about your LDAP server. Much of the information can be left blank. The most important information is the common name. This must be set to the DNS name of your LDAP server. If your LDAP server's IP address resolves to example.org but its server certificate shows a CN of bad.example.org, LDAP clients will reject the certificate and will be unable to negotiate TLS connections (apparently the results are wholly unpredictable).<br />
<br />
Now that the certificate files have been created copy them to {{ic|/etc/openldap/ssl/}} (create this directory if it does not exist) and secure them. <br />
{{ic|slapdcert.pem}} must be world readable because it contains the public key. {{ic|slapdkey.pem}} on the other hand should only be readable for the ldap user for security reasons:<br />
# mv slapdcert.pem slapdkey.pem /etc/openldap/ssl/<br />
# chmod -R 755 /etc/openldap/ssl/<br />
# chmod 400 /etc/openldap/ssl/slapdkey.pem<br />
# chmod 444 /etc/openldap/ssl/slapdcert.pem<br />
# chown ldap /etc/openldap/ssl/slapdkey.pem<br />
<br />
==== Configure slapd for SSL ====<br />
Edit the daemon configuration file ({{ic|/etc/openldap/slapd.conf}}) to tell LDAP where the certificate files reside by adding the following lines:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem<br />
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem<br />
}}<br />
<br />
If you are using a signed SSL Certificate from a certification authority such as [[Let’s Encrypt]], you will also need to specify the path to the root certificates database and your intermediary certificate. You will also need to change ownership of the {{ic|.pem}} files and intermediary directories to make them readable to the user {{ic|ldap}}:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/letsencrypt/live/ldap.my-domain.com/cert.pem<br />
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.my-domain.com/privkey.pem<br />
TLSCACertificateFile /etc/letsencrypt/live/ldap.my-domain.com/chain.pem<br />
TLSCACertificatePath /usr/share/ca-certificates/trust-source<br />
}}<br />
<br />
The TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose when negotiating TLS connections, in decreasing order of preference. In addition to those specific ciphers, you can use any of the wildcards supported by OpenSSL. '''NOTE:''' DEFAULT is a wildcard. See {{ic|man ciphers}} for description of ciphers, wildcards and options supported.<br />
<br />
{{Note|To see which ciphers are supported by your local OpenSSL installation, type the following: {{ic|openssl ciphers -v ALL:COMPLEMENTOFALL}}. Always test which ciphers will actually be enabled by TLSCipherSuite by providing it to OpenSSL command, like this: {{ic|openssl ciphers -v 'DEFAULT'}} }}<br />
<br />
Regenerate the configuration directory:<br />
# rm -rf /etc/openldap/slapd.d/* # erase old config settings<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ # generate new config directory from config file<br />
# chown -R ldap:ldap /etc/openldap/slapd.d # Change ownership recursively to ldap on the config directory<br />
<br />
==== Start slapd with SSL ====<br />
You will have to edit {{ic|slapd.service}} to change to protocol slapd listens on.<br />
<br />
Create the override unit:<br />
{{hc|systemctl edit slapd.service|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldaps:///"</nowiki>}}<br />
<br />
Localhost connections do not need to use SSL. So, if you want to access the server locally you should change the {{ic|ExecStart}} line to:<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldap://127.0.0.1 ldaps:///"<br />
<br />
Then [[restart]] {{ic|slapd.service}}. If it was enabled before, reenable it now.<br />
<br />
{{Note|If you created a self-signed certificate above, be sure to add {{ic|TLS_REQCERT allow}} to {{ic|/etc/openldap/ldap.conf}} on the client, or it will not be able connect to the server.}}<br />
<br />
== Next steps ==<br />
<br />
You now have a basic LDAP installation. The next step is to design your directory. The design is heavily dependent on what you are using it for. If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory ([[PAM]], [[Postfix]], etc).<br />
<br />
A directory for system authentication is the [[LDAP authentication]] article.<br />
<br />
A nice web frontend is [[phpLDAPadmin]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== slapd configuration checking ===<br />
You can check config settings with<br />
<br />
$ slaptest -f /etc/openldap/slapd.conf -v<br />
<br />
=== Client authentication checking ===<br />
If you cannot connect to your server for non-secure authentication<br />
<br />
$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
and for TLS secured authentication with:<br />
<br />
$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
=== LDAP server stops suddenly ===<br />
<br />
If you notice that slapd seems to start but then stops, try running:<br />
<br />
# chown -R ldap:ldap /var/lib/openldap<br />
<br />
to allow slapd write access to its data directory as the user "ldap".<br />
<br />
=== LDAP server does not start ===<br />
<br />
Try starting the server from the command line with debugging output enabled:<br />
<br />
# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats<br />
<br />
== See also ==<br />
* [http://www.openldap.org/doc/admin24/ Official OpenLDAP Software 2.4 Administrator's Guide]<br />
* [[phpLDAPadmin]] is a web interface tool in the style of phpMyAdmin.<br />
* [[LDAP authentication]]<br />
* {{AUR|apachedirectorystudio}} from the [[Arch User Repository]] is an Eclipse-based LDAP viewer. Works perfect with OpenLDAP installations.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=479553Talk:VMware2017-06-10T17:00:26Z<p>StrayArch: /* Cleanup */ edited comments for clarity: the versions were incorrect esp. the patch version</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
<s>There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</s><br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (12.5.3 through 12.5.5 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)<br />
: I agree that it could use some cleanup. On a related note, I was thinking there should be a note somewhere on {{pkg|linux-lts}}, since vmware has tendency to break with every new minor version of {{pkg|linux}}. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:42, 10 June 2017 (UTC)<br />
:: To further expand on my previous comment --- the troubleshooting subsections for old minor versions should stay. After updating and rebooting, I am still unable to get 12.5.6 to work with {{pkg|linux}} and {{pkg|awesome}}. For now, I am using 12.5.4 with {{pkg|linux-lts}}. tl;dr the subsections regarding old minor versions should be kept since they are relevant to lts. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 16:56, 10 June 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=479551Talk:VMware2017-06-10T16:56:49Z<p>StrayArch: /* Cleanup */ signed comment, because I'm human</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
<s>There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</s><br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (5.13 through 5.15 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)<br />
: I agree that it could use some cleanup. On a related note, I was thinking there should be a note somewhere on {{pkg|linux-lts}}, since vmware has tendency to break with every new minor version of {{pkg|linux}}. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:42, 10 June 2017 (UTC)<br />
:: To further expand on my previous comment --- the troubleshooting subsections for old minor versions should stay. After updating and rebooting, I am still unable to get 5.16 to work with {{pkg|linux}} and {{pkg|awesome}}. For now, I am using 5.4 with {{pkg|linux-lts}}. tl;dr the subsections regarding old minor versions should be kept since they are relevant to lts. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 16:56, 10 June 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=479550Talk:VMware2017-06-10T16:55:30Z<p>StrayArch: /* Cleanup */ responded to comment on old minor version subsections, argument supporting that they are kept</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
<s>There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</s><br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (5.13 through 5.15 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)<br />
: I agree that it could use some cleanup. On a related note, I was thinking there should be a note somewhere on {{pkg|linux-lts}}, since vmware has tendency to break with every new minor version of {{pkg|linux}}. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:42, 10 June 2017 (UTC)<br />
:: To further expand on my previous comment --- the troubleshooting subsections for old minor versions should stay. After updating and rebooting, I am still unable to get 5.16 to work with {{pkg|linux}} and {{pkg|awesome}}. For now, I am using 5.4 with {{pkg|linux-lts}}. tl;dr the subsections regarding old minor versions should be kept since they are relevant to lts.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=VMware&diff=479547VMware2017-06-10T16:22:37Z<p>StrayArch: /* The installer fails to start */ Changed the title from 'The installer fails to start' to 'Installer Fails to Start' to make the title concise and as part of the cleanup mentioned in discussion.</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[it:VMware]]<br />
[[ja:VMware]]<br />
[[ru:VMware]]<br />
[[uk:VMware]]<br />
[[zh-hans:VMware]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|VMware/Installing Arch as a guest}}<br />
{{Related|Moving an existing install into (or out of) a virtual machine}}<br />
{{Related articles end}}<br />
<br />
This article is about installing VMware in Arch Linux; you may also be interested in [[VMware/Installing Arch as a guest]].<br />
{{Note|<br />
*This article is about the latest major VMware versions, meaning VMware Workstation Pro and Player 12.5.<br />
*For older versions, use the {{AUR|vmware-patch}} package.<br />
}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the correct dependencies:<br />
*{{pkg|fuse2}} - for ''vmware-vmblock-fuse''<br />
*{{pkg|gksu}} - for root operations (memory allocations, registering license, etc.)<br />
*{{pkg|gtkmm}} - for the GUI<br />
*{{pkg|linux-headers}}&nbsp;- for module compilation<br />
*{{AUR|ncurses5-compat-libs}} - needed by the {{ic|--console}} installer<br />
*{{pkg|libcanberra}} - for event sounds<br />
<br />
Download the latest [https://www.vmware.com/go/tryworkstation VMware Workstation Pro] or [https://www.vmware.com/go/downloadplayer Player] (or a [https://communities.vmware.com/community/vmtn/beta beta] version, if available).<br />
<br />
Start the installation:<br />
# sh VMware-''edition''-''version''.''release''.''architecture''.bundle<br />
<br />
{{Tip|Some useful flags:<br />
*{{ic|--eulas-agreed}} - Skip the EULAs<br />
*{{ic|--console}} - Use the console UI.<br />
*{{ic|--custom}} - Allows changing the install directory to e.g. {{ic|/usr/local}} (make sure to update the {{ic|vmware-usbarbitrator.service}} paths in [[#systemd services]]).<br />
*{{ic|-I}}, {{ic|--ignore-errors}} - Ignore fatal errors.<br />
*{{ic|1=--set-setting=vmware-workstation serialNumber XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} - Set the serial number during install (good for scripted installs).<br />
*{{ic|--required}} - Only ask mandatory questions (results in silent install when combined with {{ic|--eulas-agreed}} and {{ic|--console}}).<br />
}}<br />
<br />
For the {{ic|System service scripts directory}}, use {{ic|/etc/init.d}} (the default).<br />
<br />
{{Note|During the installation you will get an error about {{ic|"No rc*.d style init script directories"}} being given. This can be safely ignored, since Arch uses [[systemd]].}}<br />
<br />
{{Tip|To (re)build the modules from terminal later on, use:<br />
# vmware-modconfig --console --install-all<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Kernel modules ===<br />
<br />
VMware Workstation 12.5 supports kernels up to 4.8 out of the box.<br />
<br />
=== systemd services ===<br />
<br />
''(Optional)'' Instead of using {{ic|/etc/init.d/vmware}} ({{ic|<nowiki>start|stop|status|restart</nowiki>}}) and {{ic|/usr/bin/vmware-usbarbitrator}} directly to manage the services, you may also use {{ic|.service}} files (also available in the {{AUR|vmware-systemd-services}} package, and also included in {{AUR|vmware-patch}}):<br />
<br />
{{hc|/etc/systemd/system/vmware.service|<br />
2=[Unit]<br />
Description=VMware daemon<br />
Requires=vmware-usbarbitrator.service<br />
Before=vmware-usbarbitrator.service<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware start<br />
ExecStop=/etc/init.d/vmware stop<br />
PIDFile=/var/lock/subsys/vmware<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/vmware-usbarbitrator.service|<br />
2=[Unit]<br />
Description=VMware USB Arbitrator<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/usr/bin/vmware-usbarbitrator<br />
ExecStop=/usr/bin/vmware-usbarbitrator --kill<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Add this service as well, if you want to connect to your VMware Workstation installation from another Workstation Server Console:<br />
<br />
{{hc|/etc/systemd/system/vmware-workstation-server.service|<br />
2=[Unit]<br />
Description=VMware Workstation Server<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware-workstation-server start<br />
ExecStop=/etc/init.d/vmware-workstation-server stop<br />
PIDFile=/var/lock/subsys/vmware-workstation-server<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
After which you can [[enable]] them on boot.<br />
<br />
==== Workstation Server service ====<br />
<br />
The {{ic|vmware-workstation-server.service}} calls {{ic|wssc-adminTool}} in its command chain, despite having been renamed to {{ic|vmware-wssc-adminTool}}.<br />
<br />
To prevent the service startup, this can be fixed with a symlink:<br />
<br />
# ln -s wssc-adminTool /usr/lib/vmware/bin/vmware-wssc-adminTool<br />
<br />
== Launching the application ==<br />
<br />
To open VMware Workstation Pro:<br />
$ vmware<br />
<br />
or Player:<br />
$ vmplayer<br />
<br />
== Tips and tricks ==<br />
<br />
=== Entering the Workstation Pro license key ===<br />
<br />
==== From terminal ====<br />
<br />
# /usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXX-XXXXX-XXXXX-XXXXX-XXXXX<br />
<br />
Where {{ic|XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} is your license key.<br />
<br />
{{Note|The {{ic|-debug}} binary informs the user of an incorrect license.}}<br />
<br />
==== From GUI ====<br />
<br />
If the above does not work, you can try:<br />
<br />
# /usr/lib/vmware/bin/vmware-enter-serial<br />
<br />
=== Extracting the VMware BIOS ===<br />
<br />
$ objcopy /usr/lib/vmware/bin/vmware-vmx -O binary -j bios440 --set-section-flags bios440=a bios440.rom.Z<br />
$ perl -e 'use Compress::Zlib; my $v; read STDIN, $v, '$(stat -c%s "./bios440.rom.Z")'; $v = uncompress($v); print $v;' < bios440.rom.Z > bios440.rom<br />
<br />
=== Extracting the installer ===<br />
<br />
To view the contents of the installer {{ic|.bundle}}:<br />
<br />
$ sh VMware-''edition''-''version''.''release''.''architecture''.bundle --extract ''/tmp/vmware-bundle/''<br />
<br />
==== Using the modified BIOS ====<br />
<br />
If and when you decide to modify the extracted BIOS you can make your virtual machine use it by moving it to {{ic|~/vmware/''Virtual_machine_name''}}:<br />
$ mv bios440.rom ~/vmware/''Virtual_machine_name''/<br />
<br />
then adding the name to the {{ic|''Virtual_machine_name''.vmx}} file:<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=bios440.filename = "bios440.rom"}}<br />
<br />
=== Enable 3D graphics on Intel and Optimus ===<br />
<br />
Some graphics drivers are blacklisted by default, due to poor and/or unstable 3D acceleration. After enabling ''Accelerate 3D graphics'', the log may show something like:<br />
<br />
Disabling 3D on this host due to presence of Mesa DRI driver. Set mks.gl.allowBlacklistedDrivers = TRUE to override.<br />
<br />
This means the following:<br />
<br />
{{hc|~/.vmware/preferences|2=<br />
mks.gl.allowBlacklistedDrivers = TRUE<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Kernel headers for version 4.x-xxxx were not found. If you installed them[...] ===<br />
<br />
Install the headers ({{Pkg|linux-headers}}).<br />
<br />
{{Note|Upgrading the kernel and the headers will require you to boot to the new kernel to match the version of the headers. This is a relatively common error.}}<br />
<br />
=== USB devices not recognized ===<br />
<br />
{{Tip|Also handled by {{AUR|vmware-patch}}.}}<br />
<br />
If not using the [[#systemd services|systemd service]] to automatically handle the services, you need to manually start the {{ic|vmware-usbarbitrator}} binary as root each time.<br />
<br />
To start:<br />
<br />
# vmware-usbarbitrator<br />
<br />
To stop:<br />
<br />
# vmware-usbarbitrator --kill<br />
<br />
=== Incorrect login/password when trying to access VMware remotely ===<br />
<br />
VMware Workstation provides the possibility to remotely manage Shared VMs through the {{ic|vmware-workstation-server}} service. However, this will fail with the error {{ic|"incorrect username/password"}} due to incorrect [[PAM]] configuration of the {{ic|vmware-authd}} service. To fix it, edit {{ic|/etc/pam.d/vmware-authd}} like this:<br />
<br />
{{hc|/etc/pam.d/vmware-authd|<br />
#%PAM-1.0<br />
auth ''required pam_unix.so''<br />
account ''required pam_unix.so''<br />
password ''required pam_permit.so''<br />
session ''required pam_unix.so''<br />
}}<br />
<br />
and restart the {{ic|vmware}} [[systemd]] service.<br />
<br />
Now you can connect to the server with the credentials provided during the installation.<br />
<br />
{{Note|{{Pkg|libxslt}} may be required for starting virtual machines.}}<br />
<br />
=== Issues with ALSA output ===<br />
<br />
[http://bankimbhavsar.blogspot.co.nz/2011/09/hd-audio-in-vmware-fusion-4-and-vmware.html To fix] sound quality issues or enabling proper HD audio output, first run:<br />
$ aplay -L<br />
<br />
If interested in playing 5.1 ''surround sound'' from the guest, look for {{ic|1=surround51:CARD=''vendor_name'',DEV=''num''}}, if experiencing quality issues, look for {{ic|1=front:CARD=''vendor_name'',DEV=''num''}}. Finally put the name in the {{ic|.vmx}}:<br />
<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=<br />
sound.fileName=''"surround51:CARD=Live,DEV=0"''<br />
sound.autodetect=''"FALSE"''<br />
}}<br />
<br />
[[Advanced_Linux_Sound_Architecture#OSS_compatibility|OSS emulation]] should also be disabled.<br />
<br />
=== Kernel-based Virtual Machine (KVM) is running ===<br />
<br />
To disable {{ic|KVM}} on boot, you can use something like:<br />
<br />
{{hc|/etc/modprobe.d/vmware.conf|<br />
blacklist kvm<br />
blacklist kvm-amd # For AMD CPUs<br />
blacklist kvm-intel # For Intel CPUs<br />
}}<br />
<br />
=== Module Issues ===<br />
<br />
==== /dev/vmmon not found ====<br />
<br />
The full error is:<br />
<br />
Could not open /dev/vmmon: No such file or directory.<br />
Please make sure that the kernel module 'vmmon' is loaded.<br />
<br />
This means that at least the {{ic|vmmon}} module is not loaded. See the [[#systemd services]] section for automatic loading.<br />
<br />
==== /dev/vmci not found ====<br />
<br />
The full error is:<br />
<br />
Failed to open device "/dev/vmci": No such file or directory<br />
Please make sure that the kernel module 'vmci' is loaded.<br />
<br />
Try to recompile VMware kernel modules with:<br />
<br />
# vmware-modconfig --console --install-all<br />
<br />
==== Kernel modules fail to build after Linux 4.9 ====<br />
<br />
On VMware Workstation Pro 12.5.2, the module source needs to be modified to be successfully compiled under kernel 4.9 [http://rglinuxtech.com/?p=1847].<br />
<br />
# cd /usr/lib/vmware/modules/source<br />
# tar xf vmmon.tar<br />
# mv vmmon.tar vmmon.old.tar<br />
# sed -i 's/uvAddr, numPages, 0, 0/uvAddr, numPages, 0/g' vmmon-only/linux/hostif.c<br />
# tar cf vmmon.tar vmmon-only<br />
# rm -r vmmon-only<br />
<br />
# tar xf vmnet.tar<br />
# mv vmnet.tar vmnet.old.tar<br />
# sed -i 's/addr, 1, 1, 0/addr, 1, 0/g' vmnet-only/userif.c<br />
# tar cf vmnet.tar vmnet-only<br />
# rm -r vmnet-only<br />
<br />
==== vmware modules fail to build on kernel 4.11+ and GCC 7 ====<br />
<br />
Running vmware-modconfig yields:<br />
Failed to get gcc information.<br />
<br />
The actual error can be found in the logs:<br />
modconfig| I125: Got gcc version "6.3.1".<br />
modconfig| I125: GCC major version 6 does not match Kernel GCC major version 7.<br />
modconfig| I125: The GCC compiler "/sbin/gcc" cannot be used for the target kernel.<br />
<br />
To skip the check, use this workaround:<br />
# sed 's/gcc version 6/gcc version 7/' /proc/version > /tmp/version<br />
# mount --bind /tmp/version /proc/version<br />
# vmware-modconfig --console --install-all<br />
# umount /proc/version && rm /tmp/version<br />
<br />
=== Installer Fails to Start ===<br />
<br />
If you just get back to the prompt when opening the {{ic|.bundle}}, then you probably have a deprecated or broken version of the VMware installer and it should removed (you may also refer to the [[#Uninstallation|uninstallation]] section of this article):<br />
# rm -r /etc/vmware-installer/<br />
<br />
==== User interface initialization failed ====<br />
<br />
You may also see an error like this:<br />
<br />
Extracting VMware Installer...done.<br />
No protocol specified<br />
No protocol specified<br />
User interface initialization failed. Exiting. Check the log for details.<br />
<br />
This can be fixed by either installing the {{AUR|ncurses5-compat-libs}} dependency or temporarily allowing root access to X:<br />
<br />
$ xhost +<br />
$ sudo ./<vmware filename>.bundle<br />
$ xhost -<br />
<br />
=== VMware Fails to Start ===<br />
<br />
==== Segmentation fault at startup due to old Intel microcode ====<br />
<br />
Old Intel microcode may result in the following kind of segmentation fault at startup:<br />
<br />
/usr/bin/vmware: line 31: 4941 Segmentation fault "$BINDIR"/vmware-modconfig --appname="VMware Workstation" --icon="vmware-workstation"<br />
<br />
See [[Microcode]] for how to update the microcode.<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.4 ====<br />
<br />
As per [https://bbs.archlinux.org/viewtopic.php?id=224667] the temporary workaround is to downgrade the package {{ic|libpng}} to version 1.6.28-1 and keep it in the {{ic|IgnorePkg}} parameter in [[Pacman#Skip_package_from_being_upgraded|/etc/pacman.conf]].<br />
<br />
An easier workaround is to make VMWare use the system's version of zlib instead of its own one:<br />
<br />
# cd /usr/lib/vmware/lib/libz.so.1<br />
# mv libz.so.1 libz.so.1.old<br />
# ln -s /usr/lib/libz.so.1 .<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.3 to version 12.5.5 ====<br />
<br />
{{ Note|Use this is not required on version 12.5.6}}<br />
<br />
It seems to be a problem with the file {{ic|/usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6}}, missing {{ic|CXXABI_1.3.8}}.<br />
<br />
If the system have installed {{pkg|gcc-libs}} or {{pkg|gcc-libs-multilib}}, that library is already installed. Therefore, it's possible to remove that file and vmplayer will use the one provided by gcc-libs instead. As root do:<br />
<br />
# mv /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
==== vmware 12 process terminates immediately after start, no GUI is launched ====<br />
<br />
Registered bug at [https://bugs.mageia.org/show_bug.cgi?id=9739 Mageia], but it seems that there are no error messages shown in terminal with arch. When inspecting the logs, which are in {{ic|/tmp/vmware-<id>}}, there are {{ic|VMWARE_SHIPPED_LIBS_LIST is not set}}, {{ic|VMWARE_SYSTEM_LIBS_LIST is not set}}, {{ic|VMWARE_USE_SHIPPED_LIBS is not set}}, {{ic|VMWARE_USE_SYSTEM_LIBS is not set}} issues. Process simply terminates with {{ic|Unable to execute /usr/lib/vmware/bin/vmware-modconfig.}} after vmware or vmplayer is executed. Solution is the same, as root do:<br />
<br />
# mv /etc/vmware/icu/icudt44l.dat /etc/vmware/icu/icudt44l.dat.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== Guest Issues ===<br />
<br />
==== Unable to download VMware Tools for Guests ====<br />
<br />
To download the tools manually, visit the [http://softwareupdate.vmware.com/cds/vmw-desktop/ VMware repository].<br />
<br />
Navigate to: "''application name'' / ''version'' / ''build ID'' / linux / packages/" and download the appropriate Tools.<br />
<br />
Extract with:<br />
<br />
$ tar -xvf vmware-tools-''name''-''version''-''buildID''.x86_64.component.tar<br />
<br />
And install using the VMware installer:<br />
<br />
# vmware-installer --install-component=''/path/''vmware-tools-''name''-''version''-''buildID''.x86_64.component<br />
<br />
If the above does not work, try installing {{AUR|ncurses5-compat-libs}}.<br />
<br />
==== Guests have incorrect system clocks or are unable to boot: "[...]timeTracker_user.c:234 bugNr=148722" ====<br />
<br />
This is due to [http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1591 incomplete] support of power management features ([[Wikipedia:Intel speedstep|Intel SpeedStep]] and [[Wikipedia:AMD powernow|AMD PowerNow!]]/[[Wikipedia:Cool'n'Quiet|Cool'n'Quiet]]) in VMware Linux that vary the CPU frequency. In March 2012, with the release of [https://projects.archlinux.org/svntogit/packages.git/commit/trunk/config.x86_64?h=packages/linux&id=9abe018d91a5d8c3af7523d30b8aa73f86b680be linux 3.3-1] the maximum frequency [[CPU frequency governors|Performance]] governor was replaced with the dynamic ''Ondemand''. When the host CPU frequency changes, the Guest system clock runs too quickly or too slowly, but may also render the whole Guest unbootable.<br />
<br />
To prevent this, the maximum host CPU frequency can be specified, and [[Wikipedia:Time Stamp Counter|Time Stamp Counter]] (TSC) disabled, in the global configuration:<br />
<br />
{{hc|/etc/vmware/config|2=<br />
host.cpukHz = "X" # The maximum speed in KHz, e.g. 3GHz is "3000000".<br />
host.noTSC = "TRUE" # Keep the Guest system clock accurate even when<br />
ptsc.noTSC = "TRUE" # the time stamp counter (TSC) is slow.<br />
}}<br />
<br />
{{Tip|To periodically correct the time (once per minute), in the ''Options'' tab of VMware Tools, enable: ''"Time synchronization between the virtual machine and the host operating system"''.}}<br />
<br />
==== Networking on Guests not available after system restart ====<br />
<br />
This is likely due to the {{ic|vmnet}} module not being loaded [http://www.linuxquestions.org/questions/slackware-14/could-not-connect-ethernet0-to-virtual-network-dev-vmnet8-796095/]. See also the [[#systemd services]] section for automatic loading.<br />
<br />
== Uninstallation ==<br />
<br />
To uninstall VMware you need the product name (either {{ic|vmware-workstation}} or {{ic|vmware-player}}). To list all the installed products:<br />
$ vmware-installer -l<br />
<br />
and uninstall with ({{ic|--required}}&nbsp;skips the confirmation):<br />
# vmware-installer -u ''product'' --required<br />
<br />
{{Tip|Use {{ic|--console}} for the console UI.}}<br />
<br />
Remember to also [[disable]] and remove the services:<br />
# rm /etc/systemd/system/vmware.service<br />
# rm /etc/systemd/system/vmware-usbarbitrator.service<br />
<br />
You may also want to have a look at the module directories in {{ic|/usr/lib/modules/''kernel_name''/misc/}} for any leftovers.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=VMware&diff=479545VMware2017-06-10T16:19:52Z<p>StrayArch: /* Troubleshooting */ Moved the subsection 'The installer fails to start' next to the subsection 'VMware Fails to Start'</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[it:VMware]]<br />
[[ja:VMware]]<br />
[[ru:VMware]]<br />
[[uk:VMware]]<br />
[[zh-hans:VMware]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|VMware/Installing Arch as a guest}}<br />
{{Related|Moving an existing install into (or out of) a virtual machine}}<br />
{{Related articles end}}<br />
<br />
This article is about installing VMware in Arch Linux; you may also be interested in [[VMware/Installing Arch as a guest]].<br />
{{Note|<br />
*This article is about the latest major VMware versions, meaning VMware Workstation Pro and Player 12.5.<br />
*For older versions, use the {{AUR|vmware-patch}} package.<br />
}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the correct dependencies:<br />
*{{pkg|fuse2}} - for ''vmware-vmblock-fuse''<br />
*{{pkg|gksu}} - for root operations (memory allocations, registering license, etc.)<br />
*{{pkg|gtkmm}} - for the GUI<br />
*{{pkg|linux-headers}}&nbsp;- for module compilation<br />
*{{AUR|ncurses5-compat-libs}} - needed by the {{ic|--console}} installer<br />
*{{pkg|libcanberra}} - for event sounds<br />
<br />
Download the latest [https://www.vmware.com/go/tryworkstation VMware Workstation Pro] or [https://www.vmware.com/go/downloadplayer Player] (or a [https://communities.vmware.com/community/vmtn/beta beta] version, if available).<br />
<br />
Start the installation:<br />
# sh VMware-''edition''-''version''.''release''.''architecture''.bundle<br />
<br />
{{Tip|Some useful flags:<br />
*{{ic|--eulas-agreed}} - Skip the EULAs<br />
*{{ic|--console}} - Use the console UI.<br />
*{{ic|--custom}} - Allows changing the install directory to e.g. {{ic|/usr/local}} (make sure to update the {{ic|vmware-usbarbitrator.service}} paths in [[#systemd services]]).<br />
*{{ic|-I}}, {{ic|--ignore-errors}} - Ignore fatal errors.<br />
*{{ic|1=--set-setting=vmware-workstation serialNumber XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} - Set the serial number during install (good for scripted installs).<br />
*{{ic|--required}} - Only ask mandatory questions (results in silent install when combined with {{ic|--eulas-agreed}} and {{ic|--console}}).<br />
}}<br />
<br />
For the {{ic|System service scripts directory}}, use {{ic|/etc/init.d}} (the default).<br />
<br />
{{Note|During the installation you will get an error about {{ic|"No rc*.d style init script directories"}} being given. This can be safely ignored, since Arch uses [[systemd]].}}<br />
<br />
{{Tip|To (re)build the modules from terminal later on, use:<br />
# vmware-modconfig --console --install-all<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Kernel modules ===<br />
<br />
VMware Workstation 12.5 supports kernels up to 4.8 out of the box.<br />
<br />
=== systemd services ===<br />
<br />
''(Optional)'' Instead of using {{ic|/etc/init.d/vmware}} ({{ic|<nowiki>start|stop|status|restart</nowiki>}}) and {{ic|/usr/bin/vmware-usbarbitrator}} directly to manage the services, you may also use {{ic|.service}} files (also available in the {{AUR|vmware-systemd-services}} package, and also included in {{AUR|vmware-patch}}):<br />
<br />
{{hc|/etc/systemd/system/vmware.service|<br />
2=[Unit]<br />
Description=VMware daemon<br />
Requires=vmware-usbarbitrator.service<br />
Before=vmware-usbarbitrator.service<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware start<br />
ExecStop=/etc/init.d/vmware stop<br />
PIDFile=/var/lock/subsys/vmware<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/vmware-usbarbitrator.service|<br />
2=[Unit]<br />
Description=VMware USB Arbitrator<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/usr/bin/vmware-usbarbitrator<br />
ExecStop=/usr/bin/vmware-usbarbitrator --kill<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Add this service as well, if you want to connect to your VMware Workstation installation from another Workstation Server Console:<br />
<br />
{{hc|/etc/systemd/system/vmware-workstation-server.service|<br />
2=[Unit]<br />
Description=VMware Workstation Server<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware-workstation-server start<br />
ExecStop=/etc/init.d/vmware-workstation-server stop<br />
PIDFile=/var/lock/subsys/vmware-workstation-server<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
After which you can [[enable]] them on boot.<br />
<br />
==== Workstation Server service ====<br />
<br />
The {{ic|vmware-workstation-server.service}} calls {{ic|wssc-adminTool}} in its command chain, despite having been renamed to {{ic|vmware-wssc-adminTool}}.<br />
<br />
To prevent the service startup, this can be fixed with a symlink:<br />
<br />
# ln -s wssc-adminTool /usr/lib/vmware/bin/vmware-wssc-adminTool<br />
<br />
== Launching the application ==<br />
<br />
To open VMware Workstation Pro:<br />
$ vmware<br />
<br />
or Player:<br />
$ vmplayer<br />
<br />
== Tips and tricks ==<br />
<br />
=== Entering the Workstation Pro license key ===<br />
<br />
==== From terminal ====<br />
<br />
# /usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXX-XXXXX-XXXXX-XXXXX-XXXXX<br />
<br />
Where {{ic|XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} is your license key.<br />
<br />
{{Note|The {{ic|-debug}} binary informs the user of an incorrect license.}}<br />
<br />
==== From GUI ====<br />
<br />
If the above does not work, you can try:<br />
<br />
# /usr/lib/vmware/bin/vmware-enter-serial<br />
<br />
=== Extracting the VMware BIOS ===<br />
<br />
$ objcopy /usr/lib/vmware/bin/vmware-vmx -O binary -j bios440 --set-section-flags bios440=a bios440.rom.Z<br />
$ perl -e 'use Compress::Zlib; my $v; read STDIN, $v, '$(stat -c%s "./bios440.rom.Z")'; $v = uncompress($v); print $v;' < bios440.rom.Z > bios440.rom<br />
<br />
=== Extracting the installer ===<br />
<br />
To view the contents of the installer {{ic|.bundle}}:<br />
<br />
$ sh VMware-''edition''-''version''.''release''.''architecture''.bundle --extract ''/tmp/vmware-bundle/''<br />
<br />
==== Using the modified BIOS ====<br />
<br />
If and when you decide to modify the extracted BIOS you can make your virtual machine use it by moving it to {{ic|~/vmware/''Virtual_machine_name''}}:<br />
$ mv bios440.rom ~/vmware/''Virtual_machine_name''/<br />
<br />
then adding the name to the {{ic|''Virtual_machine_name''.vmx}} file:<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=bios440.filename = "bios440.rom"}}<br />
<br />
=== Enable 3D graphics on Intel and Optimus ===<br />
<br />
Some graphics drivers are blacklisted by default, due to poor and/or unstable 3D acceleration. After enabling ''Accelerate 3D graphics'', the log may show something like:<br />
<br />
Disabling 3D on this host due to presence of Mesa DRI driver. Set mks.gl.allowBlacklistedDrivers = TRUE to override.<br />
<br />
This means the following:<br />
<br />
{{hc|~/.vmware/preferences|2=<br />
mks.gl.allowBlacklistedDrivers = TRUE<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Kernel headers for version 4.x-xxxx were not found. If you installed them[...] ===<br />
<br />
Install the headers ({{Pkg|linux-headers}}).<br />
<br />
{{Note|Upgrading the kernel and the headers will require you to boot to the new kernel to match the version of the headers. This is a relatively common error.}}<br />
<br />
=== USB devices not recognized ===<br />
<br />
{{Tip|Also handled by {{AUR|vmware-patch}}.}}<br />
<br />
If not using the [[#systemd services|systemd service]] to automatically handle the services, you need to manually start the {{ic|vmware-usbarbitrator}} binary as root each time.<br />
<br />
To start:<br />
<br />
# vmware-usbarbitrator<br />
<br />
To stop:<br />
<br />
# vmware-usbarbitrator --kill<br />
<br />
=== Incorrect login/password when trying to access VMware remotely ===<br />
<br />
VMware Workstation provides the possibility to remotely manage Shared VMs through the {{ic|vmware-workstation-server}} service. However, this will fail with the error {{ic|"incorrect username/password"}} due to incorrect [[PAM]] configuration of the {{ic|vmware-authd}} service. To fix it, edit {{ic|/etc/pam.d/vmware-authd}} like this:<br />
<br />
{{hc|/etc/pam.d/vmware-authd|<br />
#%PAM-1.0<br />
auth ''required pam_unix.so''<br />
account ''required pam_unix.so''<br />
password ''required pam_permit.so''<br />
session ''required pam_unix.so''<br />
}}<br />
<br />
and restart the {{ic|vmware}} [[systemd]] service.<br />
<br />
Now you can connect to the server with the credentials provided during the installation.<br />
<br />
{{Note|{{Pkg|libxslt}} may be required for starting virtual machines.}}<br />
<br />
=== Issues with ALSA output ===<br />
<br />
[http://bankimbhavsar.blogspot.co.nz/2011/09/hd-audio-in-vmware-fusion-4-and-vmware.html To fix] sound quality issues or enabling proper HD audio output, first run:<br />
$ aplay -L<br />
<br />
If interested in playing 5.1 ''surround sound'' from the guest, look for {{ic|1=surround51:CARD=''vendor_name'',DEV=''num''}}, if experiencing quality issues, look for {{ic|1=front:CARD=''vendor_name'',DEV=''num''}}. Finally put the name in the {{ic|.vmx}}:<br />
<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=<br />
sound.fileName=''"surround51:CARD=Live,DEV=0"''<br />
sound.autodetect=''"FALSE"''<br />
}}<br />
<br />
[[Advanced_Linux_Sound_Architecture#OSS_compatibility|OSS emulation]] should also be disabled.<br />
<br />
=== Kernel-based Virtual Machine (KVM) is running ===<br />
<br />
To disable {{ic|KVM}} on boot, you can use something like:<br />
<br />
{{hc|/etc/modprobe.d/vmware.conf|<br />
blacklist kvm<br />
blacklist kvm-amd # For AMD CPUs<br />
blacklist kvm-intel # For Intel CPUs<br />
}}<br />
<br />
=== Module Issues ===<br />
<br />
==== /dev/vmmon not found ====<br />
<br />
The full error is:<br />
<br />
Could not open /dev/vmmon: No such file or directory.<br />
Please make sure that the kernel module 'vmmon' is loaded.<br />
<br />
This means that at least the {{ic|vmmon}} module is not loaded. See the [[#systemd services]] section for automatic loading.<br />
<br />
==== /dev/vmci not found ====<br />
<br />
The full error is:<br />
<br />
Failed to open device "/dev/vmci": No such file or directory<br />
Please make sure that the kernel module 'vmci' is loaded.<br />
<br />
Try to recompile VMware kernel modules with:<br />
<br />
# vmware-modconfig --console --install-all<br />
<br />
==== Kernel modules fail to build after Linux 4.9 ====<br />
<br />
On VMware Workstation Pro 12.5.2, the module source needs to be modified to be successfully compiled under kernel 4.9 [http://rglinuxtech.com/?p=1847].<br />
<br />
# cd /usr/lib/vmware/modules/source<br />
# tar xf vmmon.tar<br />
# mv vmmon.tar vmmon.old.tar<br />
# sed -i 's/uvAddr, numPages, 0, 0/uvAddr, numPages, 0/g' vmmon-only/linux/hostif.c<br />
# tar cf vmmon.tar vmmon-only<br />
# rm -r vmmon-only<br />
<br />
# tar xf vmnet.tar<br />
# mv vmnet.tar vmnet.old.tar<br />
# sed -i 's/addr, 1, 1, 0/addr, 1, 0/g' vmnet-only/userif.c<br />
# tar cf vmnet.tar vmnet-only<br />
# rm -r vmnet-only<br />
<br />
==== vmware modules fail to build on kernel 4.11+ and GCC 7 ====<br />
<br />
Running vmware-modconfig yields:<br />
Failed to get gcc information.<br />
<br />
The actual error can be found in the logs:<br />
modconfig| I125: Got gcc version "6.3.1".<br />
modconfig| I125: GCC major version 6 does not match Kernel GCC major version 7.<br />
modconfig| I125: The GCC compiler "/sbin/gcc" cannot be used for the target kernel.<br />
<br />
To skip the check, use this workaround:<br />
# sed 's/gcc version 6/gcc version 7/' /proc/version > /tmp/version<br />
# mount --bind /tmp/version /proc/version<br />
# vmware-modconfig --console --install-all<br />
# umount /proc/version && rm /tmp/version<br />
<br />
=== The installer fails to start ===<br />
<br />
If you just get back to the prompt when opening the {{ic|.bundle}}, then you probably have a deprecated or broken version of the VMware installer and it should removed (you may also refer to the [[#Uninstallation|uninstallation]] section of this article):<br />
# rm -r /etc/vmware-installer/<br />
<br />
==== User interface initialization failed ====<br />
<br />
You may also see an error like this:<br />
<br />
Extracting VMware Installer...done.<br />
No protocol specified<br />
No protocol specified<br />
User interface initialization failed. Exiting. Check the log for details.<br />
<br />
This can be fixed by either installing the {{AUR|ncurses5-compat-libs}} dependency or temporarily allowing root access to X:<br />
<br />
$ xhost +<br />
$ sudo ./<vmware filename>.bundle<br />
$ xhost -<br />
<br />
=== VMware Fails to Start ===<br />
<br />
==== Segmentation fault at startup due to old Intel microcode ====<br />
<br />
Old Intel microcode may result in the following kind of segmentation fault at startup:<br />
<br />
/usr/bin/vmware: line 31: 4941 Segmentation fault "$BINDIR"/vmware-modconfig --appname="VMware Workstation" --icon="vmware-workstation"<br />
<br />
See [[Microcode]] for how to update the microcode.<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.4 ====<br />
<br />
As per [https://bbs.archlinux.org/viewtopic.php?id=224667] the temporary workaround is to downgrade the package {{ic|libpng}} to version 1.6.28-1 and keep it in the {{ic|IgnorePkg}} parameter in [[Pacman#Skip_package_from_being_upgraded|/etc/pacman.conf]].<br />
<br />
An easier workaround is to make VMWare use the system's version of zlib instead of its own one:<br />
<br />
# cd /usr/lib/vmware/lib/libz.so.1<br />
# mv libz.so.1 libz.so.1.old<br />
# ln -s /usr/lib/libz.so.1 .<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.3 to version 12.5.5 ====<br />
<br />
{{ Note|Use this is not required on version 12.5.6}}<br />
<br />
It seems to be a problem with the file {{ic|/usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6}}, missing {{ic|CXXABI_1.3.8}}.<br />
<br />
If the system have installed {{pkg|gcc-libs}} or {{pkg|gcc-libs-multilib}}, that library is already installed. Therefore, it's possible to remove that file and vmplayer will use the one provided by gcc-libs instead. As root do:<br />
<br />
# mv /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
==== vmware 12 process terminates immediately after start, no GUI is launched ====<br />
<br />
Registered bug at [https://bugs.mageia.org/show_bug.cgi?id=9739 Mageia], but it seems that there are no error messages shown in terminal with arch. When inspecting the logs, which are in {{ic|/tmp/vmware-<id>}}, there are {{ic|VMWARE_SHIPPED_LIBS_LIST is not set}}, {{ic|VMWARE_SYSTEM_LIBS_LIST is not set}}, {{ic|VMWARE_USE_SHIPPED_LIBS is not set}}, {{ic|VMWARE_USE_SYSTEM_LIBS is not set}} issues. Process simply terminates with {{ic|Unable to execute /usr/lib/vmware/bin/vmware-modconfig.}} after vmware or vmplayer is executed. Solution is the same, as root do:<br />
<br />
# mv /etc/vmware/icu/icudt44l.dat /etc/vmware/icu/icudt44l.dat.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== Guest Issues ===<br />
<br />
==== Unable to download VMware Tools for Guests ====<br />
<br />
To download the tools manually, visit the [http://softwareupdate.vmware.com/cds/vmw-desktop/ VMware repository].<br />
<br />
Navigate to: "''application name'' / ''version'' / ''build ID'' / linux / packages/" and download the appropriate Tools.<br />
<br />
Extract with:<br />
<br />
$ tar -xvf vmware-tools-''name''-''version''-''buildID''.x86_64.component.tar<br />
<br />
And install using the VMware installer:<br />
<br />
# vmware-installer --install-component=''/path/''vmware-tools-''name''-''version''-''buildID''.x86_64.component<br />
<br />
If the above does not work, try installing {{AUR|ncurses5-compat-libs}}.<br />
<br />
==== Guests have incorrect system clocks or are unable to boot: "[...]timeTracker_user.c:234 bugNr=148722" ====<br />
<br />
This is due to [http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1591 incomplete] support of power management features ([[Wikipedia:Intel speedstep|Intel SpeedStep]] and [[Wikipedia:AMD powernow|AMD PowerNow!]]/[[Wikipedia:Cool'n'Quiet|Cool'n'Quiet]]) in VMware Linux that vary the CPU frequency. In March 2012, with the release of [https://projects.archlinux.org/svntogit/packages.git/commit/trunk/config.x86_64?h=packages/linux&id=9abe018d91a5d8c3af7523d30b8aa73f86b680be linux 3.3-1] the maximum frequency [[CPU frequency governors|Performance]] governor was replaced with the dynamic ''Ondemand''. When the host CPU frequency changes, the Guest system clock runs too quickly or too slowly, but may also render the whole Guest unbootable.<br />
<br />
To prevent this, the maximum host CPU frequency can be specified, and [[Wikipedia:Time Stamp Counter|Time Stamp Counter]] (TSC) disabled, in the global configuration:<br />
<br />
{{hc|/etc/vmware/config|2=<br />
host.cpukHz = "X" # The maximum speed in KHz, e.g. 3GHz is "3000000".<br />
host.noTSC = "TRUE" # Keep the Guest system clock accurate even when<br />
ptsc.noTSC = "TRUE" # the time stamp counter (TSC) is slow.<br />
}}<br />
<br />
{{Tip|To periodically correct the time (once per minute), in the ''Options'' tab of VMware Tools, enable: ''"Time synchronization between the virtual machine and the host operating system"''.}}<br />
<br />
==== Networking on Guests not available after system restart ====<br />
<br />
This is likely due to the {{ic|vmnet}} module not being loaded [http://www.linuxquestions.org/questions/slackware-14/could-not-connect-ethernet0-to-virtual-network-dev-vmnet8-796095/]. See also the [[#systemd services]] section for automatic loading.<br />
<br />
== Uninstallation ==<br />
<br />
To uninstall VMware you need the product name (either {{ic|vmware-workstation}} or {{ic|vmware-player}}). To list all the installed products:<br />
$ vmware-installer -l<br />
<br />
and uninstall with ({{ic|--required}}&nbsp;skips the confirmation):<br />
# vmware-installer -u ''product'' --required<br />
<br />
{{Tip|Use {{ic|--console}} for the console UI.}}<br />
<br />
Remember to also [[disable]] and remove the services:<br />
# rm /etc/systemd/system/vmware.service<br />
# rm /etc/systemd/system/vmware-usbarbitrator.service<br />
<br />
You may also want to have a look at the module directories in {{ic|/usr/lib/modules/''kernel_name''/misc/}} for any leftovers.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=VMware&diff=479543VMware2017-06-10T16:17:17Z<p>StrayArch: /* Troubleshooting */ Created subsection called 'Module Issues', then made '/dev/vmmon not found', '/dev/vmci not found', 'Kernel modules fail to build after Linux 4.9', and 'vmware modules fail to build on kernel 4.11+ and GCC 7' into subsections.</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[it:VMware]]<br />
[[ja:VMware]]<br />
[[ru:VMware]]<br />
[[uk:VMware]]<br />
[[zh-hans:VMware]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|VMware/Installing Arch as a guest}}<br />
{{Related|Moving an existing install into (or out of) a virtual machine}}<br />
{{Related articles end}}<br />
<br />
This article is about installing VMware in Arch Linux; you may also be interested in [[VMware/Installing Arch as a guest]].<br />
{{Note|<br />
*This article is about the latest major VMware versions, meaning VMware Workstation Pro and Player 12.5.<br />
*For older versions, use the {{AUR|vmware-patch}} package.<br />
}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the correct dependencies:<br />
*{{pkg|fuse2}} - for ''vmware-vmblock-fuse''<br />
*{{pkg|gksu}} - for root operations (memory allocations, registering license, etc.)<br />
*{{pkg|gtkmm}} - for the GUI<br />
*{{pkg|linux-headers}}&nbsp;- for module compilation<br />
*{{AUR|ncurses5-compat-libs}} - needed by the {{ic|--console}} installer<br />
*{{pkg|libcanberra}} - for event sounds<br />
<br />
Download the latest [https://www.vmware.com/go/tryworkstation VMware Workstation Pro] or [https://www.vmware.com/go/downloadplayer Player] (or a [https://communities.vmware.com/community/vmtn/beta beta] version, if available).<br />
<br />
Start the installation:<br />
# sh VMware-''edition''-''version''.''release''.''architecture''.bundle<br />
<br />
{{Tip|Some useful flags:<br />
*{{ic|--eulas-agreed}} - Skip the EULAs<br />
*{{ic|--console}} - Use the console UI.<br />
*{{ic|--custom}} - Allows changing the install directory to e.g. {{ic|/usr/local}} (make sure to update the {{ic|vmware-usbarbitrator.service}} paths in [[#systemd services]]).<br />
*{{ic|-I}}, {{ic|--ignore-errors}} - Ignore fatal errors.<br />
*{{ic|1=--set-setting=vmware-workstation serialNumber XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} - Set the serial number during install (good for scripted installs).<br />
*{{ic|--required}} - Only ask mandatory questions (results in silent install when combined with {{ic|--eulas-agreed}} and {{ic|--console}}).<br />
}}<br />
<br />
For the {{ic|System service scripts directory}}, use {{ic|/etc/init.d}} (the default).<br />
<br />
{{Note|During the installation you will get an error about {{ic|"No rc*.d style init script directories"}} being given. This can be safely ignored, since Arch uses [[systemd]].}}<br />
<br />
{{Tip|To (re)build the modules from terminal later on, use:<br />
# vmware-modconfig --console --install-all<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Kernel modules ===<br />
<br />
VMware Workstation 12.5 supports kernels up to 4.8 out of the box.<br />
<br />
=== systemd services ===<br />
<br />
''(Optional)'' Instead of using {{ic|/etc/init.d/vmware}} ({{ic|<nowiki>start|stop|status|restart</nowiki>}}) and {{ic|/usr/bin/vmware-usbarbitrator}} directly to manage the services, you may also use {{ic|.service}} files (also available in the {{AUR|vmware-systemd-services}} package, and also included in {{AUR|vmware-patch}}):<br />
<br />
{{hc|/etc/systemd/system/vmware.service|<br />
2=[Unit]<br />
Description=VMware daemon<br />
Requires=vmware-usbarbitrator.service<br />
Before=vmware-usbarbitrator.service<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware start<br />
ExecStop=/etc/init.d/vmware stop<br />
PIDFile=/var/lock/subsys/vmware<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/vmware-usbarbitrator.service|<br />
2=[Unit]<br />
Description=VMware USB Arbitrator<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/usr/bin/vmware-usbarbitrator<br />
ExecStop=/usr/bin/vmware-usbarbitrator --kill<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Add this service as well, if you want to connect to your VMware Workstation installation from another Workstation Server Console:<br />
<br />
{{hc|/etc/systemd/system/vmware-workstation-server.service|<br />
2=[Unit]<br />
Description=VMware Workstation Server<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware-workstation-server start<br />
ExecStop=/etc/init.d/vmware-workstation-server stop<br />
PIDFile=/var/lock/subsys/vmware-workstation-server<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
After which you can [[enable]] them on boot.<br />
<br />
==== Workstation Server service ====<br />
<br />
The {{ic|vmware-workstation-server.service}} calls {{ic|wssc-adminTool}} in its command chain, despite having been renamed to {{ic|vmware-wssc-adminTool}}.<br />
<br />
To prevent the service startup, this can be fixed with a symlink:<br />
<br />
# ln -s wssc-adminTool /usr/lib/vmware/bin/vmware-wssc-adminTool<br />
<br />
== Launching the application ==<br />
<br />
To open VMware Workstation Pro:<br />
$ vmware<br />
<br />
or Player:<br />
$ vmplayer<br />
<br />
== Tips and tricks ==<br />
<br />
=== Entering the Workstation Pro license key ===<br />
<br />
==== From terminal ====<br />
<br />
# /usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXX-XXXXX-XXXXX-XXXXX-XXXXX<br />
<br />
Where {{ic|XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} is your license key.<br />
<br />
{{Note|The {{ic|-debug}} binary informs the user of an incorrect license.}}<br />
<br />
==== From GUI ====<br />
<br />
If the above does not work, you can try:<br />
<br />
# /usr/lib/vmware/bin/vmware-enter-serial<br />
<br />
=== Extracting the VMware BIOS ===<br />
<br />
$ objcopy /usr/lib/vmware/bin/vmware-vmx -O binary -j bios440 --set-section-flags bios440=a bios440.rom.Z<br />
$ perl -e 'use Compress::Zlib; my $v; read STDIN, $v, '$(stat -c%s "./bios440.rom.Z")'; $v = uncompress($v); print $v;' < bios440.rom.Z > bios440.rom<br />
<br />
=== Extracting the installer ===<br />
<br />
To view the contents of the installer {{ic|.bundle}}:<br />
<br />
$ sh VMware-''edition''-''version''.''release''.''architecture''.bundle --extract ''/tmp/vmware-bundle/''<br />
<br />
==== Using the modified BIOS ====<br />
<br />
If and when you decide to modify the extracted BIOS you can make your virtual machine use it by moving it to {{ic|~/vmware/''Virtual_machine_name''}}:<br />
$ mv bios440.rom ~/vmware/''Virtual_machine_name''/<br />
<br />
then adding the name to the {{ic|''Virtual_machine_name''.vmx}} file:<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=bios440.filename = "bios440.rom"}}<br />
<br />
=== Enable 3D graphics on Intel and Optimus ===<br />
<br />
Some graphics drivers are blacklisted by default, due to poor and/or unstable 3D acceleration. After enabling ''Accelerate 3D graphics'', the log may show something like:<br />
<br />
Disabling 3D on this host due to presence of Mesa DRI driver. Set mks.gl.allowBlacklistedDrivers = TRUE to override.<br />
<br />
This means the following:<br />
<br />
{{hc|~/.vmware/preferences|2=<br />
mks.gl.allowBlacklistedDrivers = TRUE<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Kernel headers for version 4.x-xxxx were not found. If you installed them[...] ===<br />
<br />
Install the headers ({{Pkg|linux-headers}}).<br />
<br />
{{Note|Upgrading the kernel and the headers will require you to boot to the new kernel to match the version of the headers. This is a relatively common error.}}<br />
<br />
=== USB devices not recognized ===<br />
<br />
{{Tip|Also handled by {{AUR|vmware-patch}}.}}<br />
<br />
If not using the [[#systemd services|systemd service]] to automatically handle the services, you need to manually start the {{ic|vmware-usbarbitrator}} binary as root each time.<br />
<br />
To start:<br />
<br />
# vmware-usbarbitrator<br />
<br />
To stop:<br />
<br />
# vmware-usbarbitrator --kill<br />
<br />
=== The installer fails to start ===<br />
<br />
If you just get back to the prompt when opening the {{ic|.bundle}}, then you probably have a deprecated or broken version of the VMware installer and it should removed (you may also refer to the [[#Uninstallation|uninstallation]] section of this article):<br />
# rm -r /etc/vmware-installer/<br />
<br />
==== User interface initialization failed ====<br />
<br />
You may also see an error like this:<br />
<br />
Extracting VMware Installer...done.<br />
No protocol specified<br />
No protocol specified<br />
User interface initialization failed. Exiting. Check the log for details.<br />
<br />
This can be fixed by either installing the {{AUR|ncurses5-compat-libs}} dependency or temporarily allowing root access to X:<br />
<br />
$ xhost +<br />
$ sudo ./<vmware filename>.bundle<br />
$ xhost -<br />
<br />
=== Incorrect login/password when trying to access VMware remotely ===<br />
<br />
VMware Workstation provides the possibility to remotely manage Shared VMs through the {{ic|vmware-workstation-server}} service. However, this will fail with the error {{ic|"incorrect username/password"}} due to incorrect [[PAM]] configuration of the {{ic|vmware-authd}} service. To fix it, edit {{ic|/etc/pam.d/vmware-authd}} like this:<br />
<br />
{{hc|/etc/pam.d/vmware-authd|<br />
#%PAM-1.0<br />
auth ''required pam_unix.so''<br />
account ''required pam_unix.so''<br />
password ''required pam_permit.so''<br />
session ''required pam_unix.so''<br />
}}<br />
<br />
and restart the {{ic|vmware}} [[systemd]] service.<br />
<br />
Now you can connect to the server with the credentials provided during the installation.<br />
<br />
{{Note|{{Pkg|libxslt}} may be required for starting virtual machines.}}<br />
<br />
=== Issues with ALSA output ===<br />
<br />
[http://bankimbhavsar.blogspot.co.nz/2011/09/hd-audio-in-vmware-fusion-4-and-vmware.html To fix] sound quality issues or enabling proper HD audio output, first run:<br />
$ aplay -L<br />
<br />
If interested in playing 5.1 ''surround sound'' from the guest, look for {{ic|1=surround51:CARD=''vendor_name'',DEV=''num''}}, if experiencing quality issues, look for {{ic|1=front:CARD=''vendor_name'',DEV=''num''}}. Finally put the name in the {{ic|.vmx}}:<br />
<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=<br />
sound.fileName=''"surround51:CARD=Live,DEV=0"''<br />
sound.autodetect=''"FALSE"''<br />
}}<br />
<br />
[[Advanced_Linux_Sound_Architecture#OSS_compatibility|OSS emulation]] should also be disabled.<br />
<br />
=== Kernel-based Virtual Machine (KVM) is running ===<br />
<br />
To disable {{ic|KVM}} on boot, you can use something like:<br />
<br />
{{hc|/etc/modprobe.d/vmware.conf|<br />
blacklist kvm<br />
blacklist kvm-amd # For AMD CPUs<br />
blacklist kvm-intel # For Intel CPUs<br />
}}<br />
<br />
=== Module Issues ===<br />
<br />
==== /dev/vmmon not found ====<br />
<br />
The full error is:<br />
<br />
Could not open /dev/vmmon: No such file or directory.<br />
Please make sure that the kernel module 'vmmon' is loaded.<br />
<br />
This means that at least the {{ic|vmmon}} module is not loaded. See the [[#systemd services]] section for automatic loading.<br />
<br />
==== /dev/vmci not found ====<br />
<br />
The full error is:<br />
<br />
Failed to open device "/dev/vmci": No such file or directory<br />
Please make sure that the kernel module 'vmci' is loaded.<br />
<br />
Try to recompile VMware kernel modules with:<br />
<br />
# vmware-modconfig --console --install-all<br />
<br />
==== Kernel modules fail to build after Linux 4.9 ====<br />
<br />
On VMware Workstation Pro 12.5.2, the module source needs to be modified to be successfully compiled under kernel 4.9 [http://rglinuxtech.com/?p=1847].<br />
<br />
# cd /usr/lib/vmware/modules/source<br />
# tar xf vmmon.tar<br />
# mv vmmon.tar vmmon.old.tar<br />
# sed -i 's/uvAddr, numPages, 0, 0/uvAddr, numPages, 0/g' vmmon-only/linux/hostif.c<br />
# tar cf vmmon.tar vmmon-only<br />
# rm -r vmmon-only<br />
<br />
# tar xf vmnet.tar<br />
# mv vmnet.tar vmnet.old.tar<br />
# sed -i 's/addr, 1, 1, 0/addr, 1, 0/g' vmnet-only/userif.c<br />
# tar cf vmnet.tar vmnet-only<br />
# rm -r vmnet-only<br />
<br />
==== vmware modules fail to build on kernel 4.11+ and GCC 7 ====<br />
<br />
Running vmware-modconfig yields:<br />
Failed to get gcc information.<br />
<br />
The actual error can be found in the logs:<br />
modconfig| I125: Got gcc version "6.3.1".<br />
modconfig| I125: GCC major version 6 does not match Kernel GCC major version 7.<br />
modconfig| I125: The GCC compiler "/sbin/gcc" cannot be used for the target kernel.<br />
<br />
To skip the check, use this workaround:<br />
# sed 's/gcc version 6/gcc version 7/' /proc/version > /tmp/version<br />
# mount --bind /tmp/version /proc/version<br />
# vmware-modconfig --console --install-all<br />
# umount /proc/version && rm /tmp/version<br />
<br />
=== VMware Fails to Start ===<br />
<br />
==== Segmentation fault at startup due to old Intel microcode ====<br />
<br />
Old Intel microcode may result in the following kind of segmentation fault at startup:<br />
<br />
/usr/bin/vmware: line 31: 4941 Segmentation fault "$BINDIR"/vmware-modconfig --appname="VMware Workstation" --icon="vmware-workstation"<br />
<br />
See [[Microcode]] for how to update the microcode.<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.4 ====<br />
<br />
As per [https://bbs.archlinux.org/viewtopic.php?id=224667] the temporary workaround is to downgrade the package {{ic|libpng}} to version 1.6.28-1 and keep it in the {{ic|IgnorePkg}} parameter in [[Pacman#Skip_package_from_being_upgraded|/etc/pacman.conf]].<br />
<br />
An easier workaround is to make VMWare use the system's version of zlib instead of its own one:<br />
<br />
# cd /usr/lib/vmware/lib/libz.so.1<br />
# mv libz.so.1 libz.so.1.old<br />
# ln -s /usr/lib/libz.so.1 .<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.3 to version 12.5.5 ====<br />
<br />
{{ Note|Use this is not required on version 12.5.6}}<br />
<br />
It seems to be a problem with the file {{ic|/usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6}}, missing {{ic|CXXABI_1.3.8}}.<br />
<br />
If the system have installed {{pkg|gcc-libs}} or {{pkg|gcc-libs-multilib}}, that library is already installed. Therefore, it's possible to remove that file and vmplayer will use the one provided by gcc-libs instead. As root do:<br />
<br />
# mv /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
==== vmware 12 process terminates immediately after start, no GUI is launched ====<br />
<br />
Registered bug at [https://bugs.mageia.org/show_bug.cgi?id=9739 Mageia], but it seems that there are no error messages shown in terminal with arch. When inspecting the logs, which are in {{ic|/tmp/vmware-<id>}}, there are {{ic|VMWARE_SHIPPED_LIBS_LIST is not set}}, {{ic|VMWARE_SYSTEM_LIBS_LIST is not set}}, {{ic|VMWARE_USE_SHIPPED_LIBS is not set}}, {{ic|VMWARE_USE_SYSTEM_LIBS is not set}} issues. Process simply terminates with {{ic|Unable to execute /usr/lib/vmware/bin/vmware-modconfig.}} after vmware or vmplayer is executed. Solution is the same, as root do:<br />
<br />
# mv /etc/vmware/icu/icudt44l.dat /etc/vmware/icu/icudt44l.dat.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== Guest Issues ===<br />
<br />
==== Unable to download VMware Tools for Guests ====<br />
<br />
To download the tools manually, visit the [http://softwareupdate.vmware.com/cds/vmw-desktop/ VMware repository].<br />
<br />
Navigate to: "''application name'' / ''version'' / ''build ID'' / linux / packages/" and download the appropriate Tools.<br />
<br />
Extract with:<br />
<br />
$ tar -xvf vmware-tools-''name''-''version''-''buildID''.x86_64.component.tar<br />
<br />
And install using the VMware installer:<br />
<br />
# vmware-installer --install-component=''/path/''vmware-tools-''name''-''version''-''buildID''.x86_64.component<br />
<br />
If the above does not work, try installing {{AUR|ncurses5-compat-libs}}.<br />
<br />
==== Guests have incorrect system clocks or are unable to boot: "[...]timeTracker_user.c:234 bugNr=148722" ====<br />
<br />
This is due to [http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1591 incomplete] support of power management features ([[Wikipedia:Intel speedstep|Intel SpeedStep]] and [[Wikipedia:AMD powernow|AMD PowerNow!]]/[[Wikipedia:Cool'n'Quiet|Cool'n'Quiet]]) in VMware Linux that vary the CPU frequency. In March 2012, with the release of [https://projects.archlinux.org/svntogit/packages.git/commit/trunk/config.x86_64?h=packages/linux&id=9abe018d91a5d8c3af7523d30b8aa73f86b680be linux 3.3-1] the maximum frequency [[CPU frequency governors|Performance]] governor was replaced with the dynamic ''Ondemand''. When the host CPU frequency changes, the Guest system clock runs too quickly or too slowly, but may also render the whole Guest unbootable.<br />
<br />
To prevent this, the maximum host CPU frequency can be specified, and [[Wikipedia:Time Stamp Counter|Time Stamp Counter]] (TSC) disabled, in the global configuration:<br />
<br />
{{hc|/etc/vmware/config|2=<br />
host.cpukHz = "X" # The maximum speed in KHz, e.g. 3GHz is "3000000".<br />
host.noTSC = "TRUE" # Keep the Guest system clock accurate even when<br />
ptsc.noTSC = "TRUE" # the time stamp counter (TSC) is slow.<br />
}}<br />
<br />
{{Tip|To periodically correct the time (once per minute), in the ''Options'' tab of VMware Tools, enable: ''"Time synchronization between the virtual machine and the host operating system"''.}}<br />
<br />
==== Networking on Guests not available after system restart ====<br />
<br />
This is likely due to the {{ic|vmnet}} module not being loaded [http://www.linuxquestions.org/questions/slackware-14/could-not-connect-ethernet0-to-virtual-network-dev-vmnet8-796095/]. See also the [[#systemd services]] section for automatic loading.<br />
<br />
== Uninstallation ==<br />
<br />
To uninstall VMware you need the product name (either {{ic|vmware-workstation}} or {{ic|vmware-player}}). To list all the installed products:<br />
$ vmware-installer -l<br />
<br />
and uninstall with ({{ic|--required}}&nbsp;skips the confirmation):<br />
# vmware-installer -u ''product'' --required<br />
<br />
{{Tip|Use {{ic|--console}} for the console UI.}}<br />
<br />
Remember to also [[disable]] and remove the services:<br />
# rm /etc/systemd/system/vmware.service<br />
# rm /etc/systemd/system/vmware-usbarbitrator.service<br />
<br />
You may also want to have a look at the module directories in {{ic|/usr/lib/modules/''kernel_name''/misc/}} for any leftovers.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=VMware&diff=479540VMware2017-06-10T16:09:41Z<p>StrayArch: /* Troubleshooting */ Created subsection called 'VMware Fails to Start', then made 'Segmentation fault ... Intel microcode', '... from version 12.5.4', '... from version 12.5.3 to version 12.5.5', and '... no GUI is launched' into subsections</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[it:VMware]]<br />
[[ja:VMware]]<br />
[[ru:VMware]]<br />
[[uk:VMware]]<br />
[[zh-hans:VMware]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|VMware/Installing Arch as a guest}}<br />
{{Related|Moving an existing install into (or out of) a virtual machine}}<br />
{{Related articles end}}<br />
<br />
This article is about installing VMware in Arch Linux; you may also be interested in [[VMware/Installing Arch as a guest]].<br />
{{Note|<br />
*This article is about the latest major VMware versions, meaning VMware Workstation Pro and Player 12.5.<br />
*For older versions, use the {{AUR|vmware-patch}} package.<br />
}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the correct dependencies:<br />
*{{pkg|fuse2}} - for ''vmware-vmblock-fuse''<br />
*{{pkg|gksu}} - for root operations (memory allocations, registering license, etc.)<br />
*{{pkg|gtkmm}} - for the GUI<br />
*{{pkg|linux-headers}}&nbsp;- for module compilation<br />
*{{AUR|ncurses5-compat-libs}} - needed by the {{ic|--console}} installer<br />
*{{pkg|libcanberra}} - for event sounds<br />
<br />
Download the latest [https://www.vmware.com/go/tryworkstation VMware Workstation Pro] or [https://www.vmware.com/go/downloadplayer Player] (or a [https://communities.vmware.com/community/vmtn/beta beta] version, if available).<br />
<br />
Start the installation:<br />
# sh VMware-''edition''-''version''.''release''.''architecture''.bundle<br />
<br />
{{Tip|Some useful flags:<br />
*{{ic|--eulas-agreed}} - Skip the EULAs<br />
*{{ic|--console}} - Use the console UI.<br />
*{{ic|--custom}} - Allows changing the install directory to e.g. {{ic|/usr/local}} (make sure to update the {{ic|vmware-usbarbitrator.service}} paths in [[#systemd services]]).<br />
*{{ic|-I}}, {{ic|--ignore-errors}} - Ignore fatal errors.<br />
*{{ic|1=--set-setting=vmware-workstation serialNumber XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} - Set the serial number during install (good for scripted installs).<br />
*{{ic|--required}} - Only ask mandatory questions (results in silent install when combined with {{ic|--eulas-agreed}} and {{ic|--console}}).<br />
}}<br />
<br />
For the {{ic|System service scripts directory}}, use {{ic|/etc/init.d}} (the default).<br />
<br />
{{Note|During the installation you will get an error about {{ic|"No rc*.d style init script directories"}} being given. This can be safely ignored, since Arch uses [[systemd]].}}<br />
<br />
{{Tip|To (re)build the modules from terminal later on, use:<br />
# vmware-modconfig --console --install-all<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Kernel modules ===<br />
<br />
VMware Workstation 12.5 supports kernels up to 4.8 out of the box.<br />
<br />
=== systemd services ===<br />
<br />
''(Optional)'' Instead of using {{ic|/etc/init.d/vmware}} ({{ic|<nowiki>start|stop|status|restart</nowiki>}}) and {{ic|/usr/bin/vmware-usbarbitrator}} directly to manage the services, you may also use {{ic|.service}} files (also available in the {{AUR|vmware-systemd-services}} package, and also included in {{AUR|vmware-patch}}):<br />
<br />
{{hc|/etc/systemd/system/vmware.service|<br />
2=[Unit]<br />
Description=VMware daemon<br />
Requires=vmware-usbarbitrator.service<br />
Before=vmware-usbarbitrator.service<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware start<br />
ExecStop=/etc/init.d/vmware stop<br />
PIDFile=/var/lock/subsys/vmware<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/vmware-usbarbitrator.service|<br />
2=[Unit]<br />
Description=VMware USB Arbitrator<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/usr/bin/vmware-usbarbitrator<br />
ExecStop=/usr/bin/vmware-usbarbitrator --kill<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Add this service as well, if you want to connect to your VMware Workstation installation from another Workstation Server Console:<br />
<br />
{{hc|/etc/systemd/system/vmware-workstation-server.service|<br />
2=[Unit]<br />
Description=VMware Workstation Server<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware-workstation-server start<br />
ExecStop=/etc/init.d/vmware-workstation-server stop<br />
PIDFile=/var/lock/subsys/vmware-workstation-server<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
After which you can [[enable]] them on boot.<br />
<br />
==== Workstation Server service ====<br />
<br />
The {{ic|vmware-workstation-server.service}} calls {{ic|wssc-adminTool}} in its command chain, despite having been renamed to {{ic|vmware-wssc-adminTool}}.<br />
<br />
To prevent the service startup, this can be fixed with a symlink:<br />
<br />
# ln -s wssc-adminTool /usr/lib/vmware/bin/vmware-wssc-adminTool<br />
<br />
== Launching the application ==<br />
<br />
To open VMware Workstation Pro:<br />
$ vmware<br />
<br />
or Player:<br />
$ vmplayer<br />
<br />
== Tips and tricks ==<br />
<br />
=== Entering the Workstation Pro license key ===<br />
<br />
==== From terminal ====<br />
<br />
# /usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXX-XXXXX-XXXXX-XXXXX-XXXXX<br />
<br />
Where {{ic|XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} is your license key.<br />
<br />
{{Note|The {{ic|-debug}} binary informs the user of an incorrect license.}}<br />
<br />
==== From GUI ====<br />
<br />
If the above does not work, you can try:<br />
<br />
# /usr/lib/vmware/bin/vmware-enter-serial<br />
<br />
=== Extracting the VMware BIOS ===<br />
<br />
$ objcopy /usr/lib/vmware/bin/vmware-vmx -O binary -j bios440 --set-section-flags bios440=a bios440.rom.Z<br />
$ perl -e 'use Compress::Zlib; my $v; read STDIN, $v, '$(stat -c%s "./bios440.rom.Z")'; $v = uncompress($v); print $v;' < bios440.rom.Z > bios440.rom<br />
<br />
=== Extracting the installer ===<br />
<br />
To view the contents of the installer {{ic|.bundle}}:<br />
<br />
$ sh VMware-''edition''-''version''.''release''.''architecture''.bundle --extract ''/tmp/vmware-bundle/''<br />
<br />
==== Using the modified BIOS ====<br />
<br />
If and when you decide to modify the extracted BIOS you can make your virtual machine use it by moving it to {{ic|~/vmware/''Virtual_machine_name''}}:<br />
$ mv bios440.rom ~/vmware/''Virtual_machine_name''/<br />
<br />
then adding the name to the {{ic|''Virtual_machine_name''.vmx}} file:<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=bios440.filename = "bios440.rom"}}<br />
<br />
=== Enable 3D graphics on Intel and Optimus ===<br />
<br />
Some graphics drivers are blacklisted by default, due to poor and/or unstable 3D acceleration. After enabling ''Accelerate 3D graphics'', the log may show something like:<br />
<br />
Disabling 3D on this host due to presence of Mesa DRI driver. Set mks.gl.allowBlacklistedDrivers = TRUE to override.<br />
<br />
This means the following:<br />
<br />
{{hc|~/.vmware/preferences|2=<br />
mks.gl.allowBlacklistedDrivers = TRUE<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== /dev/vmmon not found ===<br />
<br />
The full error is:<br />
<br />
Could not open /dev/vmmon: No such file or directory.<br />
Please make sure that the kernel module 'vmmon' is loaded.<br />
<br />
This means that at least the {{ic|vmmon}} module is not loaded. See the [[#systemd services]] section for automatic loading.<br />
<br />
=== /dev/vmci not found ===<br />
<br />
The full error is:<br />
<br />
Failed to open device "/dev/vmci": No such file or directory<br />
Please make sure that the kernel module 'vmci' is loaded.<br />
<br />
Try to recompile VMware kernel modules with:<br />
<br />
# vmware-modconfig --console --install-all<br />
<br />
=== Kernel headers for version 4.x-xxxx were not found. If you installed them[...] ===<br />
<br />
Install the headers ({{Pkg|linux-headers}}).<br />
<br />
{{Note|Upgrading the kernel and the headers will require you to boot to the new kernel to match the version of the headers. This is a relatively common error.}}<br />
<br />
=== USB devices not recognized ===<br />
<br />
{{Tip|Also handled by {{AUR|vmware-patch}}.}}<br />
<br />
If not using the [[#systemd services|systemd service]] to automatically handle the services, you need to manually start the {{ic|vmware-usbarbitrator}} binary as root each time.<br />
<br />
To start:<br />
<br />
# vmware-usbarbitrator<br />
<br />
To stop:<br />
<br />
# vmware-usbarbitrator --kill<br />
<br />
=== The installer fails to start ===<br />
<br />
If you just get back to the prompt when opening the {{ic|.bundle}}, then you probably have a deprecated or broken version of the VMware installer and it should removed (you may also refer to the [[#Uninstallation|uninstallation]] section of this article):<br />
# rm -r /etc/vmware-installer/<br />
<br />
==== User interface initialization failed ====<br />
<br />
You may also see an error like this:<br />
<br />
Extracting VMware Installer...done.<br />
No protocol specified<br />
No protocol specified<br />
User interface initialization failed. Exiting. Check the log for details.<br />
<br />
This can be fixed by either installing the {{AUR|ncurses5-compat-libs}} dependency or temporarily allowing root access to X:<br />
<br />
$ xhost +<br />
$ sudo ./<vmware filename>.bundle<br />
$ xhost -<br />
<br />
=== Incorrect login/password when trying to access VMware remotely ===<br />
<br />
VMware Workstation provides the possibility to remotely manage Shared VMs through the {{ic|vmware-workstation-server}} service. However, this will fail with the error {{ic|"incorrect username/password"}} due to incorrect [[PAM]] configuration of the {{ic|vmware-authd}} service. To fix it, edit {{ic|/etc/pam.d/vmware-authd}} like this:<br />
<br />
{{hc|/etc/pam.d/vmware-authd|<br />
#%PAM-1.0<br />
auth ''required pam_unix.so''<br />
account ''required pam_unix.so''<br />
password ''required pam_permit.so''<br />
session ''required pam_unix.so''<br />
}}<br />
<br />
and restart the {{ic|vmware}} [[systemd]] service.<br />
<br />
Now you can connect to the server with the credentials provided during the installation.<br />
<br />
{{Note|{{Pkg|libxslt}} may be required for starting virtual machines.}}<br />
<br />
=== Issues with ALSA output ===<br />
<br />
[http://bankimbhavsar.blogspot.co.nz/2011/09/hd-audio-in-vmware-fusion-4-and-vmware.html To fix] sound quality issues or enabling proper HD audio output, first run:<br />
$ aplay -L<br />
<br />
If interested in playing 5.1 ''surround sound'' from the guest, look for {{ic|1=surround51:CARD=''vendor_name'',DEV=''num''}}, if experiencing quality issues, look for {{ic|1=front:CARD=''vendor_name'',DEV=''num''}}. Finally put the name in the {{ic|.vmx}}:<br />
<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=<br />
sound.fileName=''"surround51:CARD=Live,DEV=0"''<br />
sound.autodetect=''"FALSE"''<br />
}}<br />
<br />
[[Advanced_Linux_Sound_Architecture#OSS_compatibility|OSS emulation]] should also be disabled.<br />
<br />
=== Kernel-based Virtual Machine (KVM) is running ===<br />
<br />
To disable {{ic|KVM}} on boot, you can use something like:<br />
<br />
{{hc|/etc/modprobe.d/vmware.conf|<br />
blacklist kvm<br />
blacklist kvm-amd # For AMD CPUs<br />
blacklist kvm-intel # For Intel CPUs<br />
}}<br />
<br />
=== Kernel modules fail to build after Linux 4.9 ===<br />
<br />
On VMware Workstation Pro 12.5.2, the module source needs to be modified to be successfully compiled under kernel 4.9 [http://rglinuxtech.com/?p=1847].<br />
<br />
# cd /usr/lib/vmware/modules/source<br />
# tar xf vmmon.tar<br />
# mv vmmon.tar vmmon.old.tar<br />
# sed -i 's/uvAddr, numPages, 0, 0/uvAddr, numPages, 0/g' vmmon-only/linux/hostif.c<br />
# tar cf vmmon.tar vmmon-only<br />
# rm -r vmmon-only<br />
<br />
# tar xf vmnet.tar<br />
# mv vmnet.tar vmnet.old.tar<br />
# sed -i 's/addr, 1, 1, 0/addr, 1, 0/g' vmnet-only/userif.c<br />
# tar cf vmnet.tar vmnet-only<br />
# rm -r vmnet-only<br />
<br />
=== vmware modules fail to build on kernel 4.11+ and GCC 7===<br />
<br />
Running vmware-modconfig yields:<br />
Failed to get gcc information.<br />
<br />
The actual error can be found in the logs:<br />
modconfig| I125: Got gcc version "6.3.1".<br />
modconfig| I125: GCC major version 6 does not match Kernel GCC major version 7.<br />
modconfig| I125: The GCC compiler "/sbin/gcc" cannot be used for the target kernel.<br />
<br />
To skip the check, use this workaround:<br />
# sed 's/gcc version 6/gcc version 7/' /proc/version > /tmp/version<br />
# mount --bind /tmp/version /proc/version<br />
# vmware-modconfig --console --install-all<br />
# umount /proc/version && rm /tmp/version<br />
<br />
=== VMware Fails to Start ===<br />
<br />
==== Segmentation fault at startup due to old Intel microcode ====<br />
<br />
Old Intel microcode may result in the following kind of segmentation fault at startup:<br />
<br />
/usr/bin/vmware: line 31: 4941 Segmentation fault "$BINDIR"/vmware-modconfig --appname="VMware Workstation" --icon="vmware-workstation"<br />
<br />
See [[Microcode]] for how to update the microcode.<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.4 ====<br />
<br />
As per [https://bbs.archlinux.org/viewtopic.php?id=224667] the temporary workaround is to downgrade the package {{ic|libpng}} to version 1.6.28-1 and keep it in the {{ic|IgnorePkg}} parameter in [[Pacman#Skip_package_from_being_upgraded|/etc/pacman.conf]].<br />
<br />
An easier workaround is to make VMWare use the system's version of zlib instead of its own one:<br />
<br />
# cd /usr/lib/vmware/lib/libz.so.1<br />
# mv libz.so.1 libz.so.1.old<br />
# ln -s /usr/lib/libz.so.1 .<br />
<br />
==== vmplayer/vmware fails to start from version 12.5.3 to version 12.5.5 ====<br />
<br />
{{ Note|Use this is not required on version 12.5.6}}<br />
<br />
It seems to be a problem with the file {{ic|/usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6}}, missing {{ic|CXXABI_1.3.8}}.<br />
<br />
If the system have installed {{pkg|gcc-libs}} or {{pkg|gcc-libs-multilib}}, that library is already installed. Therefore, it's possible to remove that file and vmplayer will use the one provided by gcc-libs instead. As root do:<br />
<br />
# mv /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
==== vmware 12 process terminates immediately after start, no GUI is launched ====<br />
<br />
Registered bug at [https://bugs.mageia.org/show_bug.cgi?id=9739 Mageia], but it seems that there are no error messages shown in terminal with arch. When inspecting the logs, which are in {{ic|/tmp/vmware-<id>}}, there are {{ic|VMWARE_SHIPPED_LIBS_LIST is not set}}, {{ic|VMWARE_SYSTEM_LIBS_LIST is not set}}, {{ic|VMWARE_USE_SHIPPED_LIBS is not set}}, {{ic|VMWARE_USE_SYSTEM_LIBS is not set}} issues. Process simply terminates with {{ic|Unable to execute /usr/lib/vmware/bin/vmware-modconfig.}} after vmware or vmplayer is executed. Solution is the same, as root do:<br />
<br />
# mv /etc/vmware/icu/icudt44l.dat /etc/vmware/icu/icudt44l.dat.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== Guest Issues ===<br />
<br />
==== Unable to download VMware Tools for Guests ====<br />
<br />
To download the tools manually, visit the [http://softwareupdate.vmware.com/cds/vmw-desktop/ VMware repository].<br />
<br />
Navigate to: "''application name'' / ''version'' / ''build ID'' / linux / packages/" and download the appropriate Tools.<br />
<br />
Extract with:<br />
<br />
$ tar -xvf vmware-tools-''name''-''version''-''buildID''.x86_64.component.tar<br />
<br />
And install using the VMware installer:<br />
<br />
# vmware-installer --install-component=''/path/''vmware-tools-''name''-''version''-''buildID''.x86_64.component<br />
<br />
If the above does not work, try installing {{AUR|ncurses5-compat-libs}}.<br />
<br />
==== Guests have incorrect system clocks or are unable to boot: "[...]timeTracker_user.c:234 bugNr=148722" ====<br />
<br />
This is due to [http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1591 incomplete] support of power management features ([[Wikipedia:Intel speedstep|Intel SpeedStep]] and [[Wikipedia:AMD powernow|AMD PowerNow!]]/[[Wikipedia:Cool'n'Quiet|Cool'n'Quiet]]) in VMware Linux that vary the CPU frequency. In March 2012, with the release of [https://projects.archlinux.org/svntogit/packages.git/commit/trunk/config.x86_64?h=packages/linux&id=9abe018d91a5d8c3af7523d30b8aa73f86b680be linux 3.3-1] the maximum frequency [[CPU frequency governors|Performance]] governor was replaced with the dynamic ''Ondemand''. When the host CPU frequency changes, the Guest system clock runs too quickly or too slowly, but may also render the whole Guest unbootable.<br />
<br />
To prevent this, the maximum host CPU frequency can be specified, and [[Wikipedia:Time Stamp Counter|Time Stamp Counter]] (TSC) disabled, in the global configuration:<br />
<br />
{{hc|/etc/vmware/config|2=<br />
host.cpukHz = "X" # The maximum speed in KHz, e.g. 3GHz is "3000000".<br />
host.noTSC = "TRUE" # Keep the Guest system clock accurate even when<br />
ptsc.noTSC = "TRUE" # the time stamp counter (TSC) is slow.<br />
}}<br />
<br />
{{Tip|To periodically correct the time (once per minute), in the ''Options'' tab of VMware Tools, enable: ''"Time synchronization between the virtual machine and the host operating system"''.}}<br />
<br />
==== Networking on Guests not available after system restart ====<br />
<br />
This is likely due to the {{ic|vmnet}} module not being loaded [http://www.linuxquestions.org/questions/slackware-14/could-not-connect-ethernet0-to-virtual-network-dev-vmnet8-796095/]. See also the [[#systemd services]] section for automatic loading.<br />
<br />
== Uninstallation ==<br />
<br />
To uninstall VMware you need the product name (either {{ic|vmware-workstation}} or {{ic|vmware-player}}). To list all the installed products:<br />
$ vmware-installer -l<br />
<br />
and uninstall with ({{ic|--required}}&nbsp;skips the confirmation):<br />
# vmware-installer -u ''product'' --required<br />
<br />
{{Tip|Use {{ic|--console}} for the console UI.}}<br />
<br />
Remember to also [[disable]] and remove the services:<br />
# rm /etc/systemd/system/vmware.service<br />
# rm /etc/systemd/system/vmware-usbarbitrator.service<br />
<br />
You may also want to have a look at the module directories in {{ic|/usr/lib/modules/''kernel_name''/misc/}} for any leftovers.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=VMware&diff=479535VMware2017-06-10T15:57:20Z<p>StrayArch: /* Troubleshooting */ Created subsection called 'Guest Issues', then made 'Unable to download VMware Tools for Guests', 'Guests have incorrect system clocks ...', and 'Networking on Guests not available after system restart' into subsections</p>
<hr />
<div>[[Category:Hypervisors]]<br />
[[it:VMware]]<br />
[[ja:VMware]]<br />
[[ru:VMware]]<br />
[[uk:VMware]]<br />
[[zh-hans:VMware]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|VMware/Installing Arch as a guest}}<br />
{{Related|Moving an existing install into (or out of) a virtual machine}}<br />
{{Related articles end}}<br />
<br />
This article is about installing VMware in Arch Linux; you may also be interested in [[VMware/Installing Arch as a guest]].<br />
{{Note|<br />
*This article is about the latest major VMware versions, meaning VMware Workstation Pro and Player 12.5.<br />
*For older versions, use the {{AUR|vmware-patch}} package.<br />
}}<br />
<br />
== Installation ==<br />
<br />
[[Install]] the correct dependencies:<br />
*{{pkg|fuse2}} - for ''vmware-vmblock-fuse''<br />
*{{pkg|gksu}} - for root operations (memory allocations, registering license, etc.)<br />
*{{pkg|gtkmm}} - for the GUI<br />
*{{pkg|linux-headers}}&nbsp;- for module compilation<br />
*{{AUR|ncurses5-compat-libs}} - needed by the {{ic|--console}} installer<br />
*{{pkg|libcanberra}} - for event sounds<br />
<br />
Download the latest [https://www.vmware.com/go/tryworkstation VMware Workstation Pro] or [https://www.vmware.com/go/downloadplayer Player] (or a [https://communities.vmware.com/community/vmtn/beta beta] version, if available).<br />
<br />
Start the installation:<br />
# sh VMware-''edition''-''version''.''release''.''architecture''.bundle<br />
<br />
{{Tip|Some useful flags:<br />
*{{ic|--eulas-agreed}} - Skip the EULAs<br />
*{{ic|--console}} - Use the console UI.<br />
*{{ic|--custom}} - Allows changing the install directory to e.g. {{ic|/usr/local}} (make sure to update the {{ic|vmware-usbarbitrator.service}} paths in [[#systemd services]]).<br />
*{{ic|-I}}, {{ic|--ignore-errors}} - Ignore fatal errors.<br />
*{{ic|1=--set-setting=vmware-workstation serialNumber XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} - Set the serial number during install (good for scripted installs).<br />
*{{ic|--required}} - Only ask mandatory questions (results in silent install when combined with {{ic|--eulas-agreed}} and {{ic|--console}}).<br />
}}<br />
<br />
For the {{ic|System service scripts directory}}, use {{ic|/etc/init.d}} (the default).<br />
<br />
{{Note|During the installation you will get an error about {{ic|"No rc*.d style init script directories"}} being given. This can be safely ignored, since Arch uses [[systemd]].}}<br />
<br />
{{Tip|To (re)build the modules from terminal later on, use:<br />
# vmware-modconfig --console --install-all<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Kernel modules ===<br />
<br />
VMware Workstation 12.5 supports kernels up to 4.8 out of the box.<br />
<br />
=== systemd services ===<br />
<br />
''(Optional)'' Instead of using {{ic|/etc/init.d/vmware}} ({{ic|<nowiki>start|stop|status|restart</nowiki>}}) and {{ic|/usr/bin/vmware-usbarbitrator}} directly to manage the services, you may also use {{ic|.service}} files (also available in the {{AUR|vmware-systemd-services}} package, and also included in {{AUR|vmware-patch}}):<br />
<br />
{{hc|/etc/systemd/system/vmware.service|<br />
2=[Unit]<br />
Description=VMware daemon<br />
Requires=vmware-usbarbitrator.service<br />
Before=vmware-usbarbitrator.service<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware start<br />
ExecStop=/etc/init.d/vmware stop<br />
PIDFile=/var/lock/subsys/vmware<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/vmware-usbarbitrator.service|<br />
2=[Unit]<br />
Description=VMware USB Arbitrator<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/usr/bin/vmware-usbarbitrator<br />
ExecStop=/usr/bin/vmware-usbarbitrator --kill<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Add this service as well, if you want to connect to your VMware Workstation installation from another Workstation Server Console:<br />
<br />
{{hc|/etc/systemd/system/vmware-workstation-server.service|<br />
2=[Unit]<br />
Description=VMware Workstation Server<br />
Requires=vmware.service<br />
After=vmware.service<br />
<br />
[Service]<br />
ExecStart=/etc/init.d/vmware-workstation-server start<br />
ExecStop=/etc/init.d/vmware-workstation-server stop<br />
PIDFile=/var/lock/subsys/vmware-workstation-server<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
After which you can [[enable]] them on boot.<br />
<br />
==== Workstation Server service ====<br />
<br />
The {{ic|vmware-workstation-server.service}} calls {{ic|wssc-adminTool}} in its command chain, despite having been renamed to {{ic|vmware-wssc-adminTool}}.<br />
<br />
To prevent the service startup, this can be fixed with a symlink:<br />
<br />
# ln -s wssc-adminTool /usr/lib/vmware/bin/vmware-wssc-adminTool<br />
<br />
== Launching the application ==<br />
<br />
To open VMware Workstation Pro:<br />
$ vmware<br />
<br />
or Player:<br />
$ vmplayer<br />
<br />
== Tips and tricks ==<br />
<br />
=== Entering the Workstation Pro license key ===<br />
<br />
==== From terminal ====<br />
<br />
# /usr/lib/vmware/bin/vmware-vmx-debug --new-sn XXXXX-XXXXX-XXXXX-XXXXX-XXXXX<br />
<br />
Where {{ic|XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}} is your license key.<br />
<br />
{{Note|The {{ic|-debug}} binary informs the user of an incorrect license.}}<br />
<br />
==== From GUI ====<br />
<br />
If the above does not work, you can try:<br />
<br />
# /usr/lib/vmware/bin/vmware-enter-serial<br />
<br />
=== Extracting the VMware BIOS ===<br />
<br />
$ objcopy /usr/lib/vmware/bin/vmware-vmx -O binary -j bios440 --set-section-flags bios440=a bios440.rom.Z<br />
$ perl -e 'use Compress::Zlib; my $v; read STDIN, $v, '$(stat -c%s "./bios440.rom.Z")'; $v = uncompress($v); print $v;' < bios440.rom.Z > bios440.rom<br />
<br />
=== Extracting the installer ===<br />
<br />
To view the contents of the installer {{ic|.bundle}}:<br />
<br />
$ sh VMware-''edition''-''version''.''release''.''architecture''.bundle --extract ''/tmp/vmware-bundle/''<br />
<br />
==== Using the modified BIOS ====<br />
<br />
If and when you decide to modify the extracted BIOS you can make your virtual machine use it by moving it to {{ic|~/vmware/''Virtual_machine_name''}}:<br />
$ mv bios440.rom ~/vmware/''Virtual_machine_name''/<br />
<br />
then adding the name to the {{ic|''Virtual_machine_name''.vmx}} file:<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=bios440.filename = "bios440.rom"}}<br />
<br />
=== Enable 3D graphics on Intel and Optimus ===<br />
<br />
Some graphics drivers are blacklisted by default, due to poor and/or unstable 3D acceleration. After enabling ''Accelerate 3D graphics'', the log may show something like:<br />
<br />
Disabling 3D on this host due to presence of Mesa DRI driver. Set mks.gl.allowBlacklistedDrivers = TRUE to override.<br />
<br />
This means the following:<br />
<br />
{{hc|~/.vmware/preferences|2=<br />
mks.gl.allowBlacklistedDrivers = TRUE<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== /dev/vmmon not found ===<br />
<br />
The full error is:<br />
<br />
Could not open /dev/vmmon: No such file or directory.<br />
Please make sure that the kernel module 'vmmon' is loaded.<br />
<br />
This means that at least the {{ic|vmmon}} module is not loaded. See the [[#systemd services]] section for automatic loading.<br />
<br />
=== /dev/vmci not found ===<br />
<br />
The full error is:<br />
<br />
Failed to open device "/dev/vmci": No such file or directory<br />
Please make sure that the kernel module 'vmci' is loaded.<br />
<br />
Try to recompile VMware kernel modules with:<br />
<br />
# vmware-modconfig --console --install-all<br />
<br />
=== Kernel headers for version 4.x-xxxx were not found. If you installed them[...] ===<br />
<br />
Install the headers ({{Pkg|linux-headers}}).<br />
<br />
{{Note|Upgrading the kernel and the headers will require you to boot to the new kernel to match the version of the headers. This is a relatively common error.}}<br />
<br />
=== USB devices not recognized ===<br />
<br />
{{Tip|Also handled by {{AUR|vmware-patch}}.}}<br />
<br />
If not using the [[#systemd services|systemd service]] to automatically handle the services, you need to manually start the {{ic|vmware-usbarbitrator}} binary as root each time.<br />
<br />
To start:<br />
<br />
# vmware-usbarbitrator<br />
<br />
To stop:<br />
<br />
# vmware-usbarbitrator --kill<br />
<br />
=== The installer fails to start ===<br />
<br />
If you just get back to the prompt when opening the {{ic|.bundle}}, then you probably have a deprecated or broken version of the VMware installer and it should removed (you may also refer to the [[#Uninstallation|uninstallation]] section of this article):<br />
# rm -r /etc/vmware-installer/<br />
<br />
==== User interface initialization failed ====<br />
<br />
You may also see an error like this:<br />
<br />
Extracting VMware Installer...done.<br />
No protocol specified<br />
No protocol specified<br />
User interface initialization failed. Exiting. Check the log for details.<br />
<br />
This can be fixed by either installing the {{AUR|ncurses5-compat-libs}} dependency or temporarily allowing root access to X:<br />
<br />
$ xhost +<br />
$ sudo ./<vmware filename>.bundle<br />
$ xhost -<br />
<br />
=== Incorrect login/password when trying to access VMware remotely ===<br />
<br />
VMware Workstation provides the possibility to remotely manage Shared VMs through the {{ic|vmware-workstation-server}} service. However, this will fail with the error {{ic|"incorrect username/password"}} due to incorrect [[PAM]] configuration of the {{ic|vmware-authd}} service. To fix it, edit {{ic|/etc/pam.d/vmware-authd}} like this:<br />
<br />
{{hc|/etc/pam.d/vmware-authd|<br />
#%PAM-1.0<br />
auth ''required pam_unix.so''<br />
account ''required pam_unix.so''<br />
password ''required pam_permit.so''<br />
session ''required pam_unix.so''<br />
}}<br />
<br />
and restart the {{ic|vmware}} [[systemd]] service.<br />
<br />
Now you can connect to the server with the credentials provided during the installation.<br />
<br />
{{Note|{{Pkg|libxslt}} may be required for starting virtual machines.}}<br />
<br />
=== Issues with ALSA output ===<br />
<br />
[http://bankimbhavsar.blogspot.co.nz/2011/09/hd-audio-in-vmware-fusion-4-and-vmware.html To fix] sound quality issues or enabling proper HD audio output, first run:<br />
$ aplay -L<br />
<br />
If interested in playing 5.1 ''surround sound'' from the guest, look for {{ic|1=surround51:CARD=''vendor_name'',DEV=''num''}}, if experiencing quality issues, look for {{ic|1=front:CARD=''vendor_name'',DEV=''num''}}. Finally put the name in the {{ic|.vmx}}:<br />
<br />
{{hc|~/vmware/''Virtual_machine_name''/''Virtual_machine_name''.vmx|2=<br />
sound.fileName=''"surround51:CARD=Live,DEV=0"''<br />
sound.autodetect=''"FALSE"''<br />
}}<br />
<br />
[[Advanced_Linux_Sound_Architecture#OSS_compatibility|OSS emulation]] should also be disabled.<br />
<br />
=== Kernel-based Virtual Machine (KVM) is running ===<br />
<br />
To disable {{ic|KVM}} on boot, you can use something like:<br />
<br />
{{hc|/etc/modprobe.d/vmware.conf|<br />
blacklist kvm<br />
blacklist kvm-amd # For AMD CPUs<br />
blacklist kvm-intel # For Intel CPUs<br />
}}<br />
<br />
=== Segmentation fault at startup due to old Intel microcode ===<br />
<br />
Old Intel microcode may result in the following kind of segmentation fault at startup:<br />
<br />
/usr/bin/vmware: line 31: 4941 Segmentation fault "$BINDIR"/vmware-modconfig --appname="VMware Workstation" --icon="vmware-workstation"<br />
<br />
See [[Microcode]] for how to update the microcode.<br />
<br />
=== Kernel modules fail to build after Linux 4.9 ===<br />
<br />
On VMware Workstation Pro 12.5.2, the module source needs to be modified to be successfully compiled under kernel 4.9 [http://rglinuxtech.com/?p=1847].<br />
<br />
# cd /usr/lib/vmware/modules/source<br />
# tar xf vmmon.tar<br />
# mv vmmon.tar vmmon.old.tar<br />
# sed -i 's/uvAddr, numPages, 0, 0/uvAddr, numPages, 0/g' vmmon-only/linux/hostif.c<br />
# tar cf vmmon.tar vmmon-only<br />
# rm -r vmmon-only<br />
<br />
# tar xf vmnet.tar<br />
# mv vmnet.tar vmnet.old.tar<br />
# sed -i 's/addr, 1, 1, 0/addr, 1, 0/g' vmnet-only/userif.c<br />
# tar cf vmnet.tar vmnet-only<br />
# rm -r vmnet-only<br />
<br />
=== vmplayer/vmware fails to start from version 12.5.4 ===<br />
<br />
As per [https://bbs.archlinux.org/viewtopic.php?id=224667] the temporary workaround is to downgrade the package {{ic|libpng}} to version 1.6.28-1 and keep it in the {{ic|IgnorePkg}} parameter in [[Pacman#Skip_package_from_being_upgraded|/etc/pacman.conf]].<br />
<br />
An easier workaround is to make VMWare use the system's version of zlib instead of its own one:<br />
<br />
# cd /usr/lib/vmware/lib/libz.so.1<br />
# mv libz.so.1 libz.so.1.old<br />
# ln -s /usr/lib/libz.so.1 .<br />
<br />
=== vmplayer/vmware fails to start from version 12.5.3 to version 12.5.5 ===<br />
<br />
{{ Note|Use this is not required on version 12.5.6}}<br />
<br />
It seems to be a problem with the file {{ic|/usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6}}, missing {{ic|CXXABI_1.3.8}}.<br />
<br />
If the system have installed {{pkg|gcc-libs}} or {{pkg|gcc-libs-multilib}}, that library is already installed. Therefore, it's possible to remove that file and vmplayer will use the one provided by gcc-libs instead. As root do:<br />
<br />
# mv /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6 /usr/lib/vmware/lib/libstdc++.so.6/libstdc++.so.6.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== vmware 12 process terminates immediately after start, no GUI is launched ===<br />
<br />
Registered bug at [https://bugs.mageia.org/show_bug.cgi?id=9739 Mageia], but it seems that there are no error messages shown in terminal with arch. When inspecting the logs, which are in {{ic|/tmp/vmware-<id>}}, there are {{ic|VMWARE_SHIPPED_LIBS_LIST is not set}}, {{ic|VMWARE_SYSTEM_LIBS_LIST is not set}}, {{ic|VMWARE_USE_SHIPPED_LIBS is not set}}, {{ic|VMWARE_USE_SYSTEM_LIBS is not set}} issues. Process simply terminates with {{ic|Unable to execute /usr/lib/vmware/bin/vmware-modconfig.}} after vmware or vmplayer is executed. Solution is the same, as root do:<br />
<br />
# mv /etc/vmware/icu/icudt44l.dat /etc/vmware/icu/icudt44l.dat.bak<br />
<br />
Also there is a workaround: <br />
<br />
# export VMWARE_USE_SHIPPED_LIBS='yes'<br />
<br />
=== vmware modules fail to build on kernel 4.11+ and GCC 7===<br />
<br />
Running vmware-modconfig yields:<br />
Failed to get gcc information.<br />
<br />
The actual error can be found in the logs:<br />
modconfig| I125: Got gcc version "6.3.1".<br />
modconfig| I125: GCC major version 6 does not match Kernel GCC major version 7.<br />
modconfig| I125: The GCC compiler "/sbin/gcc" cannot be used for the target kernel.<br />
<br />
To skip the check, use this workaround:<br />
# sed 's/gcc version 6/gcc version 7/' /proc/version > /tmp/version<br />
# mount --bind /tmp/version /proc/version<br />
# vmware-modconfig --console --install-all<br />
# umount /proc/version && rm /tmp/version<br />
<br />
=== Guest Issues ===<br />
<br />
==== Unable to download VMware Tools for Guests ====<br />
<br />
To download the tools manually, visit the [http://softwareupdate.vmware.com/cds/vmw-desktop/ VMware repository].<br />
<br />
Navigate to: "''application name'' / ''version'' / ''build ID'' / linux / packages/" and download the appropriate Tools.<br />
<br />
Extract with:<br />
<br />
$ tar -xvf vmware-tools-''name''-''version''-''buildID''.x86_64.component.tar<br />
<br />
And install using the VMware installer:<br />
<br />
# vmware-installer --install-component=''/path/''vmware-tools-''name''-''version''-''buildID''.x86_64.component<br />
<br />
If the above does not work, try installing {{AUR|ncurses5-compat-libs}}.<br />
<br />
==== Guests have incorrect system clocks or are unable to boot: "[...]timeTracker_user.c:234 bugNr=148722" ====<br />
<br />
This is due to [http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1591 incomplete] support of power management features ([[Wikipedia:Intel speedstep|Intel SpeedStep]] and [[Wikipedia:AMD powernow|AMD PowerNow!]]/[[Wikipedia:Cool'n'Quiet|Cool'n'Quiet]]) in VMware Linux that vary the CPU frequency. In March 2012, with the release of [https://projects.archlinux.org/svntogit/packages.git/commit/trunk/config.x86_64?h=packages/linux&id=9abe018d91a5d8c3af7523d30b8aa73f86b680be linux 3.3-1] the maximum frequency [[CPU frequency governors|Performance]] governor was replaced with the dynamic ''Ondemand''. When the host CPU frequency changes, the Guest system clock runs too quickly or too slowly, but may also render the whole Guest unbootable.<br />
<br />
To prevent this, the maximum host CPU frequency can be specified, and [[Wikipedia:Time Stamp Counter|Time Stamp Counter]] (TSC) disabled, in the global configuration:<br />
<br />
{{hc|/etc/vmware/config|2=<br />
host.cpukHz = "X" # The maximum speed in KHz, e.g. 3GHz is "3000000".<br />
host.noTSC = "TRUE" # Keep the Guest system clock accurate even when<br />
ptsc.noTSC = "TRUE" # the time stamp counter (TSC) is slow.<br />
}}<br />
<br />
{{Tip|To periodically correct the time (once per minute), in the ''Options'' tab of VMware Tools, enable: ''"Time synchronization between the virtual machine and the host operating system"''.}}<br />
<br />
==== Networking on Guests not available after system restart ====<br />
<br />
This is likely due to the {{ic|vmnet}} module not being loaded [http://www.linuxquestions.org/questions/slackware-14/could-not-connect-ethernet0-to-virtual-network-dev-vmnet8-796095/]. See also the [[#systemd services]] section for automatic loading.<br />
<br />
== Uninstallation ==<br />
<br />
To uninstall VMware you need the product name (either {{ic|vmware-workstation}} or {{ic|vmware-player}}). To list all the installed products:<br />
$ vmware-installer -l<br />
<br />
and uninstall with ({{ic|--required}}&nbsp;skips the confirmation):<br />
# vmware-installer -u ''product'' --required<br />
<br />
{{Tip|Use {{ic|--console}} for the console UI.}}<br />
<br />
Remember to also [[disable]] and remove the services:<br />
# rm /etc/systemd/system/vmware.service<br />
# rm /etc/systemd/system/vmware-usbarbitrator.service<br />
<br />
You may also want to have a look at the module directories in {{ic|/usr/lib/modules/''kernel_name''/misc/}} for any leftovers.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=479533Talk:VMware2017-06-10T15:43:11Z<p>StrayArch: /* Cleanup */ adding to discussion on troubleshooting</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
<s>There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</s><br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (5.13 through 5.15 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)<br />
: I agree that it could use some cleanup. On a related note, I was thinking there should be a note somewhere on {{pkg|linux-lts}}, since vmware has tendency to break with every new minor version of {{pkg|linux}}. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 15:42, 10 June 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=479531Talk:VMware2017-06-10T15:34:25Z<p>StrayArch: /* 12.5.3 and 4.10.1-1-ARCH */ strike to later cleanup</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
<s>There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</s><br />
<br />
== VMware Remote Console ==<br />
<br />
(After <small>successfully</small> installing the [https://my.vmware.com/web/vmware/details?downloadGroup=VMRC90&productId=491 bundle], and [https://aur.archlinux.org/packages/vmware-patch/ vmware-patch]) <code>vmrc</code> does not ouptut anything (quiting silently).<br />
<br />
[[User:Chinggis6|Chinggis6]] ([[User talk:Chinggis6|talk]]) 11:37, 20 April 2017 (UTC)<br />
<br />
<br />
== Cleanup ==<br />
<br />
The 'Troubleshooting' section is ever expanding. I'd like to suggest pruning issues which definitely apply to old (minor) versions of VMware only (5.13 through 5.15 seem no longer relevant to me). Any opinions?<br />
--[[User:Thralas|Thralas]] ([[User talk:Thralas|talk]]) 15:10, 25 May 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Building_in_a_32-bit_clean_chroot&diff=470823Building in a 32-bit clean chroot2017-03-15T15:19:43Z<p>StrayArch: /* Build 32-bit packages in a 64-bit environment */ minor typo correction</p>
<hr />
<div>[[Category:Package development]]<br />
==Build 32-bit packages in a 64-bit environment==<br />
{{Note|{{pkg|devtools}} is needed. Because of circular dependencies, you may need to install {{pkg|arch-install-scripts}} at the same time.}}<br />
<br />
{{Note|If you are using or plan to use either [[Install bundled 32-bit system in Arch64]] you will need to use a different directory other than /opt/arch32 since this tutorial will conflict with the directory chosen in the other articles.}}<br />
<br />
This example uses mkarchroot to create the chroot environment. First, create /opt/arch32 or another directory of your choice. The next steps is to copy your existing pacman.conf and makepkg.conf file to /opt/arch32 or your chosen directory. In the following tutorial, substitute /opt/arch32 with your chosen directory if you decide to use a different directory.<br />
<br />
{{Note|If you have customized either makepkg.conf or pacman.conf, then you will need to use the standard pacman.conf and makepkg.conf files. Also make sure your /etc/pacman.d/mirrorlist contains the $arch variable instead of x86_64 or i686}}<br />
<br />
'''Edit your /opt/arch32/pacman.conf'''<br />
<br />
Change {{ic|1=Architecture = auto}} to {{ic|1=Architecture = i686}}.<br />
<br />
You will also need to comment out any multi-lib repos.<br />
<br />
{{Note|''Thanks to Remy Oudompheng to pointing this out.'' devtools (version 0.9.10 in [testing]) contains a ready-to-use /usr/share/devtools/makepkg-i686.conf. If you decide to use this conf file, you can skip the next step. You will need to copy /usr/share/devtools/makepkg-i686.conf to /opt/arch32/makepkg.conf if you decide to use devtools[from testing].}}<br />
<br />
'''Edit /opt/arch32/makepkg.conf'''<br />
<br />
Change CARCH="x86_64" '''to''' ''CARCH="i686"<br />
CHOST="x86_64-unknown-linux-gnu" '''to''' CHOST="i686-unknown-linux-gnu".<br />
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe" '''to''' CFLAGS="-march=i686 -mtune=generic -O2 -pipe" .<br />
CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe" '''to''' CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe" .<br />
<br />
After the changes have been made, you will need to create another directory, I created /aur as mine. <br />
<br />
'''Next run:'''<br />
sudo mkarchroot -C /opt/arch32/pacman.conf -M /opt/arch32/makepkg.conf <chrootdir>/root base base-devel <br />
If you create the /aur directory like mine you would run <br />
''sudo mkarchroot -C /opt/arch32/pacman.conf -M /opt/arch32/makepkg.conf /aur/root base base-devel''<br />
<br />
You will need to edit /aur/copy/etc/pacman.d/mirrorlist and select which mirrors to use.<br />
<br />
Now you can use makechrootpkg to build i686 packages like this:<br />
# makechrootpkg -r /aur/</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VMware&diff=470490Talk:VMware2017-03-11T20:54:48Z<p>StrayArch: New issue</p>
<hr />
<div>== GUI doesn't show after upgrade ==<br />
<br />
I just wanted to record that the workaround listed here (export LD_LIBRARY_PATH...) does actually resolve the problem for Workstation 11.1.3 (I'm running on a 4.4.1 Kernel)<br />
<br />
I agree that the solution is not easily confirmed (I've read /usr/bin/vmware and there's nothing obvious why LD_LIBRARY_PATH is required) - but that's probably an issue to be taken to VMware, rather than reported in depth here.<br />
<br />
This workaround is not easily found on the rest of the internet and I have been struggling to get this working for a while (on & off..), so it is definitely a good idea to keep this section here.<br />
<br />
[[User:RuneArch|RuneArch]] ([[User talk:RuneArch|talk]]) 09:15, 18 February 2016 (UTC)<br />
<br />
:Hi, I have this same issue with vmware where the GUI won't show, but If I try the trick in this section of the wiki, it tells me modules have to rebuild, but nothing happens after https://wiki.archlinux.org/index.php/VMware#GUI_doesn.27t_show_after_upgrade. I still get this output: http://slexy.org/view/s2lgjglqrN<br />
:[[User:Professorkaos64|Professorkaos64]] ([[User talk:Professorkaos64|talk]]) 20:56, 5 July 2016 (UTC)<br />
<br />
::I'm using version WS 12.5 with kernel 4.8, searching all pages in many days, then just need add one line: "export VMWARE_USE_SHIPPED_LIBS=force" in /usr/bin/vmware. The solution comes from https://bugzilla.redhat.com/show_bug.cgi?id=1278896#c3. It works for me. Hope this help.<br />
::[[User:pacman]] Oct 23 15:24:53 UTC 2016<br />
<br />
== Tools Download Link ==<br />
<br />
If anyone facing an issue with vmware tools, like could not install component, you can manually download tools from vmware.<br />
<br />
http://softwareupdate.vmware.com/cds/vmw-desktop/ws/<br />
<br />
Just shared so someone can find it usefull ;-)<br />
<br />
== Kernel Modules Not Compiling (Again) ==<br />
<br />
It seems that with the 4.9 kernel vmware is again refusing to compile modules. Just an advisory for anyone currently running testing. I'm sure that there should be another patch / workaround available soon for it. It seems like VMWare is having this issue more often with recent kernels. I think this is the third time in the past six months with only 4.8 not having any new problems. Is this a problem with the kernel changing more stuff lately than normal or is this VMWare's problem? --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 08:20, 30 December 2016 (UTC)<br />
<br />
:''Any'' out-of-tree (non-mainline) driver should get out of sync with each major release of the kernel due to the huge churns and thousands of symbol changes (there's no such thing as a stable ABI for the kernel, because you couldn't then change anything).<br />
:<br />
:VMCI and VSOCK have been mainlined since [https://kernelnewbies.org/Linux_3.9 3.9] (April 2013) and get automatic updates/syncs, but VMMON and VMnet remain bundled/maintained in the app (see [https://communities.vmware.com/thread/186572?tstart=0 this] for vagueish expalantions on each).<br />
:<br />
:4.9 should be fixed by this: http://rglinuxtech.com/?p=1863 (RGLinuxTech is always a good go-to-first resource for Nvidia/VMware breakage)<br />
:<br />
:--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 07:43, 31 December 2016 (UTC)<br />
<br />
::Thanks the modules were an easy fix with this and verified working now. I think this should be held off though. No reason to add it to the main wiki until 4.9 leaves testing. I'll bookmark that site for future reference. --[[User:TheChickenMan|TheChickenMan]] ([[User talk:TheChickenMan|talk]]) 18:47, 1 January 2017 (UTC)<br />
<br />
:::Well no, you can add it. There's not even an official package called "vmware-workstation", it's something you install manually, and {{AUR|vmware-patch}} is also in [[AUR]]. As soon as a new patch is released, it can be added here, so people who use {{AUR|linux-mainline}} also get the benefit.<br />
:::<br />
:::--'''<span style="text-shadow:grey 0.1em 0.1em 0.1em; font-size:110%">[[User:Det|<font color="gold">D</font><font color="orange">e</font><font color="red">t</font>]][[User talk:Det|<sup><font color="white">talk</font></sup>]]</span>''' 18:52, 1 January 2017 (UTC)<br />
<br />
== 12.5.3 and 4.10.1-1-ARCH ==<br />
There are issues w/ the newest workstation release and the {{AUR|vmware-patch}} does not resolve. More details are in the comments. -- [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:54, 11 March 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Docker&diff=470113Docker2017-03-08T15:03:02Z<p>StrayArch: /* Troubleshooting */ cleanup, the issue is now closed on GitHub</p>
<hr />
<div>[[Category:Virtualization]]<br />
[[ja:Docker]]<br />
[[ru:Docker]]<br />
[[zh-hant:Docker]]<br />
{{Related articles start}}<br />
{{Related|systemd-nspawn}}<br />
{{Related|Linux Containers}}<br />
{{Related|Lxc-systemd}}<br />
{{Related|Vagrant}}<br />
{{Related articles end}}<br />
[https://www.docker.com Docker] is a utility to pack, ship and run any application as a lightweight container.<br />
<br />
== Installation ==<br />
<br />
{{Note|<br />
*Docker doesn't support i686 [https://github.com/docker/docker/issues/136].<br />
*Docker needs the {{ic|loop}} module on first usage. The following steps may be required before starting docker:<br />
# tee /etc/modules-load.d/loop.conf <<< "loop"<br />
# modprobe loop <br />
You may need to reboot before the module is available.<br />
}}<br />
<br />
[[Install]] the {{Pkg|docker}} package or, for the development version, the {{Aur|docker-git}} package. Next [[start]] and enable {{ic|docker.service}} and verify operation:<br />
<br />
# docker info<br />
<br />
If you want to be able to run docker as a regular user, add yourself to the docker group:<br />
<br />
{{Warning| Anyone added to the 'docker' group is root equivalent. More information [https://github.com/docker/docker/issues/9976 here] and [http://docs.docker.com/engine/articles/security/ here].}}<br />
<br />
# gpasswd -a ''user'' docker<br />
<br />
Then re-login or to make your current user session aware of this new group, you can use:<br />
<br />
$ newgrp docker<br />
<br />
== Configuration ==<br />
<br />
=== Storage driver ===<br />
<br />
Storage driver, a.k.a. graph driver has huge impact on performance. Its job is to store layers of container images efficiently, that is when several images share a layer, only one layer uses disk space. The default, most compatible option, `devicemapper` offers suboptimal performance, which is outright terrible on rotating disks. Additionally, `devicemappper` is not recommended in production.<br />
<br />
As Arch linux ships new kernels, there's no point using the compatibility option. A good, modern choice is {{ic|overlay2}}.<br />
<br />
To see current storage driver, run {{ic|# docker info {{!}} head}}.<br />
<br />
To set your own choice of storage driver, create a [[Drop-in snippet]] and use {{ic|-s}} option to {{ic|dockerd}}:<br />
{{hc|/etc/systemd/system/docker.service.d/override.conf|2=<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
After=network.target docker.socket<br />
Requires=docker.socket<br />
<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// -s overlay2<br />
}}<br />
<br />
Recall that {{ic|1=ExecStart=}} line is needed to drop inherited {{ic|ExecStart}}.<br />
<br />
Further information on options is available on the [https://docs.docker.com/engine/userguide/storagedriver/selectadriver/ user guide].<br />
<br />
=== Opening remote API ===<br />
<br />
To open the Remote API to port {{ic|4243}} manually, run:<br />
<br />
# docker daemon -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock<br />
<br />
{{ic|-H tcp://0.0.0.0:4243}} part is for opening the Remote API.<br />
<br />
{{ic|-H unix:///var/run/docker.sock}} part for host machine access via terminal.<br />
<br />
===== Remote API with systemd =====<br />
<br />
To start the remote API with the docker daemon, create a [[Drop-in snippet]] with the following content:<br />
<br />
{{hc|/etc/systemd/system/docker.service.d/override.conf|2=<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock<br />
}}<br />
<br />
=== Daemon socket configuration ===<br />
<br />
The ''docker'' daemon listens to a [[Wikipedia:Unix domain socket|Unix socket]] by default. To listen on a specified port instead, create a [[Drop-in snippet]] with the following content:<br />
<br />
{{hc|/etc/systemd/system/docker.socket.d/socket.conf|2=<br />
[Socket]<br />
ListenStream=0.0.0.0:2375<br />
}}<br />
<br />
=== Proxies ===<br />
<br />
Proxy configuration is broken down into two. First is the host configuration of the Docker daemon, second is the configuration required for your container to see your proxy.<br />
<br />
==== Proxy configuration ====<br />
<br />
Create a [[Drop-in snippet]] with the following content:<br />
{{hc|/etc/systemd/system/docker.service.d/proxy.conf|2=<br />
[Service]<br />
Environment="HTTP_PROXY=192.168.1.1"<br />
}}<br />
<br />
{{Note|This assumes {{ic|192.168.1.1}} is your proxy server, do not use {{ic|127.0.0.1}}.}}<br />
<br />
Verify that the configuration has been loaded:<br />
<br />
# systemctl show docker --property Environment<br />
Environment=HTTP_PROXY=192.168.1.1<br />
<br />
==== Container configuration ====<br />
<br />
The settings in the {{ic|docker.service}} file will not translate into containers. To achieve this you must set {{ic|ENV}} variables in your {{ic|Dockerfile}} thus:<br />
<br />
FROM base/archlinux<br />
ENV http_proxy="<nowiki>http://192.168.1.1:3128</nowiki>"<br />
ENV https_proxy="<nowiki>https://192.168.1.1:3128</nowiki>"<br />
<br />
[https://docs.docker.com/engine/reference/builder/#env Docker] provide detailed information on configuration via {{ic|ENV}} within a Dockerfile.<br />
<br />
=== Configuring DNS ===<br />
<br />
By default, docker will make {{ic|resolv.conf}} in the container match {{ic|/etc/resolv.conf}} on the host machine, filtering out local addresses (e.g. {{ic|127.0.0.1}}). If this yields an empty file, then [https://developers.google.com/speed/public-dns/ Google DNS servers] are used. If you are using a service like [[dnsmasq]] to provide name resolution, you may need to add an entry to the {{ic|/etc/resolv.conf}} for docker's network interface so that it isn't filtered out.<br />
<br />
=== Running Docker with a manually-defined network ===<br />
<br />
If you manually configure your network using systemd-network version '''220 or higher''', containers you start with Docker may be unable to access your network. Beginning with version 220, the forwarding setting for a given network ({{ic|net.ipv4.conf.<interface>.forwarding}}) defaults to {{ic|off}}. This setting prevents IP forwarding. It also conflicts with Docker which enables the {{ic|net.ipv4.conf.all.forwarding}} setting within a container.<br />
<br />
To work around this, edit the {{ic|<interface>.network}} file in {{ic|/etc/systemd/network/}} on your Docker host add the following block:<br />
<br />
{{hc|/etc/systemd/network/<interface>.network|2=<br />
[Network]<br />
...<br />
IPForward=kernel<br />
...}}<br />
<br />
This configuration allows IP forwarding from the container as expected.<br />
<br />
=== Images location ===<br />
<br />
By default, docker images are located at {{ic|/var/lib/docker}}. They can be moved to other partitions. <br />
First, [[stop]] the {{ic|docker.service}}. <br />
<br />
If you have run the docker images, you need to make sure the images are unmounted totally. Once that is completed, you may move the images from {{ic|/var/lib/docker}} to the target destination.<br />
<br />
Then add a [[Drop-in snippet]] for the {{ic|docker.service}}, adding the {{ic|-g}} parameter to the {{ic|ExecStart}}:<br />
<br />
{{hc|/etc/systemd/system/docker.service.d/docker-storage.conf|2=<br />
[Service]<br />
ExecStart= <br />
ExecStart=/usr/bin/dockerd -g ''/path/to/new/location/docker'' -H fd://}}<br />
<br />
== Docker 0.9.0 -- 1.2.x and LXC ==<br />
<br />
Since version 0.9.0 Docker provides a new way to start containers without relying on a LXC library called ''libcontainer''.<br />
<br />
The lxc exec driver and the -lxc-conf option may also be removed in the near future [https://github.com/docker/docker/pull/5797], hence, you will not be able to use {{ic|lxc-attach}} with containers managed by Docker 0.9.0+ by default. It is required to make docker daemon run with {{ic|-e lxc}} as an argument.<br />
<br />
Create [[Drop-in snippet]] for the {{ic|docker.service}} with the following content:<br />
{{hc|/etc/systemd/system/docker.service.d/lxc.conf|2=<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/docker -d -e lxc<br />
}}<br />
<br />
== Images ==<br />
=== Arch Linux ===<br />
==== x86_64 ====<br />
The following command pulls the [https://hub.docker.com/r/base/archlinux/ base/archlinux] x86_64 image.<br />
<br />
# docker pull base/archlinux<br />
<br />
==== i686 ====<br />
The default Arch Linux image in Docker Registry is for x86_64 only. i686 image must be built manually.<br />
<br />
==== Build Image ====<br />
Instead, check [https://registry.hub.docker.com/u/base/archlinux/ docker base/archlinux registry] and click the {{ic|mkimage-arch.sh}} link to download {{ic|mkimage-arch.sh}} and {{ic|mkimage-arch-pacman.conf}} to the same directory as raw files. Next, make the script executable and run it: <br />
<br />
$ chmod +x mkimage-arch.sh<br />
$ cp /etc/pacman.conf ./mkimage-arch-pacman.conf # or get a pacman.conf from somewhere else<br />
$ ./mkimage-arch.sh<br />
# docker run -t -i --rm archlinux /bin/bash # try it<br />
<br />
For slow network connections or CPU, the build timeout can be extended: <br />
$ sed -i 's/timeout 60/timeout 120/' mkimage-arch.sh<br />
<br />
=== Debian ===<br />
<br />
Build Debian image with {{Pkg|debootstrap}}:<br />
<br />
# mkdir jessie-chroot<br />
# debootstrap jessie ./jessie-chroot http://http.debian.net/debian/<br />
# cd jessie-chroot<br />
# tar cpf - . | docker import - debian<br />
# docker run -t -i --rm debian /bin/bash<br />
<br />
== Arch Linux image with snapshot repository ==<br />
Arch Linux on Docker can become problematic when multiple images are created and updated each having different package versions. To keep Docker containers with consistent package versions, a [https://registry.hub.docker.com/u/pritunl/archlinux/ Docker image with a snapshot repository] is available. This allows installing new packages from the official repository as it was on the day that the snapshot was created.<br />
<br />
$ docker pull pritunl/archlinux:latest<br />
$ docker run --rm -t -i pritunl/archlinux:latest /bin/bash<br />
<br />
Alternatively, you could use [[Arch Linux Archive]] by freezing {{ic|/etc/pacman.d/mirrorlist}} <br />
Server=https://archive.archlinux.org/repos/2020/01/02/$repo/os/$arch<br />
<br />
== Clean Remove Docker + Images ==<br />
<br />
In case you want to remove Docker entirely you can do this by following the steps below:<br />
<br />
{{Note| Don't just copy paste those commands without making sure you know what you are doing!}}<br />
<br />
Check for running containers:<br />
<br />
# docker ps<br />
<br />
List all containers running on the host for deletion:<br />
<br />
# docker ps -a<br />
<br />
Stop a running container:<br />
<br />
# docker stop <CONTAINER ID><br />
<br />
Killing still running containers:<br />
<br />
# docker kill <CONTAINER ID><br />
<br />
Delete all containers listed by ID:<br />
<br />
# docker rm <CONTAINER ID><br />
<br />
List all Docker images:<br />
<br />
# docker images<br />
<br />
Delete all images by ID:<br />
<br />
# docker rmi <IMAGE ID><br />
<br />
Delete all Docker data (purge directory):<br />
<br />
# rm -R /var/lib/docker<br />
<br />
== Useful tips ==<br />
<br />
To grab the IP address of a running container:<br />
<br />
{{hc|<nowiki>$ docker inspect --format '{{ .NetworkSettings.IPAddress }}' <container-name OR id> </nowiki>|<br />
172.17.0.37}}<br />
<br />
== Troubleshooting ==<br />
=== Cannot start a container with systemd 232 ===<br />
Append {{ic|1=systemd.legacy_systemd_cgroup_controller=yes}} as [[kernel parameter]], see [https://github.com/opencontainers/runc/issues/1175 bug report] for details.<br />
<br />
=== Deleting Docker Images in a BTRFS Filesystem ===<br />
Deleting docker images in a [[btrfs]] filesystem leaves the images in {{ic|/var/lib/docker/btrfs/subvolumes/}} with a size of 0. When you try to delete this you get a permission error.<br />
# docker rm bab4ff309870<br />
# rm -Rf /var/lib/docker/btrfs/subvolumes/*<br />
rm: cannot remove '/var/lib/docker/btrfs/subvolumes/85122f1472a76b7519ed0095637d8501f1d456787be1a87f2e9e02792c4200ab': Operation not permitted<br />
<br />
This is caused by btrfs which created subvolumes for the docker images. So the correct command to delete them is:<br />
# btrfs subvolume delete /var/lib/docker/btrfs/subvolumes/85122f1472a76b7519ed0095637d8501f1d456787be1a87f2e9e02792c4200ab<br />
<br />
=== docker0 Bridge gets no IP / no internet access in containers ===<br />
<br />
Docker enables IP forwarding by itself, but by default systemd overrides the respective sysctl setting. The following disables this override (for all interfaces):<br />
# cat > /etc/systemd/network/ipforward.network <<EOF<br />
[Network]<br />
IPForward=kernel<br />
EOF<br />
<br />
# cat > /etc/sysctl.d/99-docker.conf <<EOF<br />
net.ipv4.ip_forward = 1<br />
EOF<br />
<br />
# sysctl -w net.ipv4.ip_forward=1<br />
<br />
{{Accuracy|Add a reference/bug-report link to the following note.}}<br />
<br />
{{Note|It has been observed that with systemd version 220 creating this file causes bridges used by Docker to lose their IP addresses. Running Docker with a manually-defined network, as described above, is known to work.}}<br />
<br />
Finally [[restart]] the {{ic|systemd-networkd}} and {{ic|docker}} services.<br />
<br />
=== Default number of allowed processes/threads too low ===<br />
<br />
If you run into error messages like<br />
<br />
# e.g. Java<br />
java.lang.OutOfMemoryError: unable to create new native thread<br />
# e.g. C, bash, ...<br />
fork failed: Resource temporarily unavailable<br />
<br />
then you might need to adjust the number of processes allowed by systemd. Default (see system.conf) is 500, which is pretty small for running several docker containers. You need to create a drop-in service file for this:<br />
<br />
# mkdir /etc/systemd/system/docker.service.d<br />
# cat > /etc/systemd/system/docker.service.d/tasks.conf <<EOF<br />
[Service]<br />
TasksMax=infinity<br />
EOF<br />
# systemctl daemon-reload<br />
# systemctl restart docker.service<br />
<br />
=== Error initializing graphdriver: devmapper ===<br />
<br />
If {{ic|systemctl}} fails to start docker and provides an error:<br />
<br />
Error starting daemon: error initializing graphdriver: devmapper: Device docker-8:2-915035-pool is not a thin pool<br />
<br />
Then, try the following steps to resolve the error. Stop the service, back up {{ic|/var/lib/docker/}} (if desired), remove the contents of {{ic|/var/lib/docker/}}, and try to start the service. See the open [https://github.com/docker/docker/issues/21304 GitHub issue] for details.<br />
<br />
== See also ==<br />
<br />
* [https://docs.docker.com/engine/installation/linux/archlinux/ Arch Linux on docs.docker.com]<br />
* [http://opensource.com/business/14/7/docker-security-selinux Are Docker containers really secure?] — opensource.com</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Docker&diff=470111Docker2017-03-08T15:00:42Z<p>StrayArch: /* Troubleshooting */ Provide additional trouble shooting</p>
<hr />
<div>[[Category:Virtualization]]<br />
[[ja:Docker]]<br />
[[ru:Docker]]<br />
[[zh-hant:Docker]]<br />
{{Related articles start}}<br />
{{Related|systemd-nspawn}}<br />
{{Related|Linux Containers}}<br />
{{Related|Lxc-systemd}}<br />
{{Related|Vagrant}}<br />
{{Related articles end}}<br />
[https://www.docker.com Docker] is a utility to pack, ship and run any application as a lightweight container.<br />
<br />
== Installation ==<br />
<br />
{{Note|<br />
*Docker doesn't support i686 [https://github.com/docker/docker/issues/136].<br />
*Docker needs the {{ic|loop}} module on first usage. The following steps may be required before starting docker:<br />
# tee /etc/modules-load.d/loop.conf <<< "loop"<br />
# modprobe loop <br />
You may need to reboot before the module is available.<br />
}}<br />
<br />
[[Install]] the {{Pkg|docker}} package or, for the development version, the {{Aur|docker-git}} package. Next [[start]] and enable {{ic|docker.service}} and verify operation:<br />
<br />
# docker info<br />
<br />
If you want to be able to run docker as a regular user, add yourself to the docker group:<br />
<br />
{{Warning| Anyone added to the 'docker' group is root equivalent. More information [https://github.com/docker/docker/issues/9976 here] and [http://docs.docker.com/engine/articles/security/ here].}}<br />
<br />
# gpasswd -a ''user'' docker<br />
<br />
Then re-login or to make your current user session aware of this new group, you can use:<br />
<br />
$ newgrp docker<br />
<br />
== Configuration ==<br />
<br />
=== Storage driver ===<br />
<br />
Storage driver, a.k.a. graph driver has huge impact on performance. Its job is to store layers of container images efficiently, that is when several images share a layer, only one layer uses disk space. The default, most compatible option, `devicemapper` offers suboptimal performance, which is outright terrible on rotating disks. Additionally, `devicemappper` is not recommended in production.<br />
<br />
As Arch linux ships new kernels, there's no point using the compatibility option. A good, modern choice is {{ic|overlay2}}.<br />
<br />
To see current storage driver, run {{ic|# docker info {{!}} head}}.<br />
<br />
To set your own choice of storage driver, create a [[Drop-in snippet]] and use {{ic|-s}} option to {{ic|dockerd}}:<br />
{{hc|/etc/systemd/system/docker.service.d/override.conf|2=<br />
<br />
[Unit]<br />
Description=Docker Application Container Engine<br />
Documentation=https://docs.docker.com<br />
After=network.target docker.socket<br />
Requires=docker.socket<br />
<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H fd:// -s overlay2<br />
}}<br />
<br />
Recall that {{ic|1=ExecStart=}} line is needed to drop inherited {{ic|ExecStart}}.<br />
<br />
Further information on options is available on the [https://docs.docker.com/engine/userguide/storagedriver/selectadriver/ user guide].<br />
<br />
=== Opening remote API ===<br />
<br />
To open the Remote API to port {{ic|4243}} manually, run:<br />
<br />
# docker daemon -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock<br />
<br />
{{ic|-H tcp://0.0.0.0:4243}} part is for opening the Remote API.<br />
<br />
{{ic|-H unix:///var/run/docker.sock}} part for host machine access via terminal.<br />
<br />
===== Remote API with systemd =====<br />
<br />
To start the remote API with the docker daemon, create a [[Drop-in snippet]] with the following content:<br />
<br />
{{hc|/etc/systemd/system/docker.service.d/override.conf|2=<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock<br />
}}<br />
<br />
=== Daemon socket configuration ===<br />
<br />
The ''docker'' daemon listens to a [[Wikipedia:Unix domain socket|Unix socket]] by default. To listen on a specified port instead, create a [[Drop-in snippet]] with the following content:<br />
<br />
{{hc|/etc/systemd/system/docker.socket.d/socket.conf|2=<br />
[Socket]<br />
ListenStream=0.0.0.0:2375<br />
}}<br />
<br />
=== Proxies ===<br />
<br />
Proxy configuration is broken down into two. First is the host configuration of the Docker daemon, second is the configuration required for your container to see your proxy.<br />
<br />
==== Proxy configuration ====<br />
<br />
Create a [[Drop-in snippet]] with the following content:<br />
{{hc|/etc/systemd/system/docker.service.d/proxy.conf|2=<br />
[Service]<br />
Environment="HTTP_PROXY=192.168.1.1"<br />
}}<br />
<br />
{{Note|This assumes {{ic|192.168.1.1}} is your proxy server, do not use {{ic|127.0.0.1}}.}}<br />
<br />
Verify that the configuration has been loaded:<br />
<br />
# systemctl show docker --property Environment<br />
Environment=HTTP_PROXY=192.168.1.1<br />
<br />
==== Container configuration ====<br />
<br />
The settings in the {{ic|docker.service}} file will not translate into containers. To achieve this you must set {{ic|ENV}} variables in your {{ic|Dockerfile}} thus:<br />
<br />
FROM base/archlinux<br />
ENV http_proxy="<nowiki>http://192.168.1.1:3128</nowiki>"<br />
ENV https_proxy="<nowiki>https://192.168.1.1:3128</nowiki>"<br />
<br />
[https://docs.docker.com/engine/reference/builder/#env Docker] provide detailed information on configuration via {{ic|ENV}} within a Dockerfile.<br />
<br />
=== Configuring DNS ===<br />
<br />
By default, docker will make {{ic|resolv.conf}} in the container match {{ic|/etc/resolv.conf}} on the host machine, filtering out local addresses (e.g. {{ic|127.0.0.1}}). If this yields an empty file, then [https://developers.google.com/speed/public-dns/ Google DNS servers] are used. If you are using a service like [[dnsmasq]] to provide name resolution, you may need to add an entry to the {{ic|/etc/resolv.conf}} for docker's network interface so that it isn't filtered out.<br />
<br />
=== Running Docker with a manually-defined network ===<br />
<br />
If you manually configure your network using systemd-network version '''220 or higher''', containers you start with Docker may be unable to access your network. Beginning with version 220, the forwarding setting for a given network ({{ic|net.ipv4.conf.<interface>.forwarding}}) defaults to {{ic|off}}. This setting prevents IP forwarding. It also conflicts with Docker which enables the {{ic|net.ipv4.conf.all.forwarding}} setting within a container.<br />
<br />
To work around this, edit the {{ic|<interface>.network}} file in {{ic|/etc/systemd/network/}} on your Docker host add the following block:<br />
<br />
{{hc|/etc/systemd/network/<interface>.network|2=<br />
[Network]<br />
...<br />
IPForward=kernel<br />
...}}<br />
<br />
This configuration allows IP forwarding from the container as expected.<br />
<br />
=== Images location ===<br />
<br />
By default, docker images are located at {{ic|/var/lib/docker}}. They can be moved to other partitions. <br />
First, [[stop]] the {{ic|docker.service}}. <br />
<br />
If you have run the docker images, you need to make sure the images are unmounted totally. Once that is completed, you may move the images from {{ic|/var/lib/docker}} to the target destination.<br />
<br />
Then add a [[Drop-in snippet]] for the {{ic|docker.service}}, adding the {{ic|-g}} parameter to the {{ic|ExecStart}}:<br />
<br />
{{hc|/etc/systemd/system/docker.service.d/docker-storage.conf|2=<br />
[Service]<br />
ExecStart= <br />
ExecStart=/usr/bin/dockerd -g ''/path/to/new/location/docker'' -H fd://}}<br />
<br />
== Docker 0.9.0 -- 1.2.x and LXC ==<br />
<br />
Since version 0.9.0 Docker provides a new way to start containers without relying on a LXC library called ''libcontainer''.<br />
<br />
The lxc exec driver and the -lxc-conf option may also be removed in the near future [https://github.com/docker/docker/pull/5797], hence, you will not be able to use {{ic|lxc-attach}} with containers managed by Docker 0.9.0+ by default. It is required to make docker daemon run with {{ic|-e lxc}} as an argument.<br />
<br />
Create [[Drop-in snippet]] for the {{ic|docker.service}} with the following content:<br />
{{hc|/etc/systemd/system/docker.service.d/lxc.conf|2=<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/docker -d -e lxc<br />
}}<br />
<br />
== Images ==<br />
=== Arch Linux ===<br />
==== x86_64 ====<br />
The following command pulls the [https://hub.docker.com/r/base/archlinux/ base/archlinux] x86_64 image.<br />
<br />
# docker pull base/archlinux<br />
<br />
==== i686 ====<br />
The default Arch Linux image in Docker Registry is for x86_64 only. i686 image must be built manually.<br />
<br />
==== Build Image ====<br />
Instead, check [https://registry.hub.docker.com/u/base/archlinux/ docker base/archlinux registry] and click the {{ic|mkimage-arch.sh}} link to download {{ic|mkimage-arch.sh}} and {{ic|mkimage-arch-pacman.conf}} to the same directory as raw files. Next, make the script executable and run it: <br />
<br />
$ chmod +x mkimage-arch.sh<br />
$ cp /etc/pacman.conf ./mkimage-arch-pacman.conf # or get a pacman.conf from somewhere else<br />
$ ./mkimage-arch.sh<br />
# docker run -t -i --rm archlinux /bin/bash # try it<br />
<br />
For slow network connections or CPU, the build timeout can be extended: <br />
$ sed -i 's/timeout 60/timeout 120/' mkimage-arch.sh<br />
<br />
=== Debian ===<br />
<br />
Build Debian image with {{Pkg|debootstrap}}:<br />
<br />
# mkdir jessie-chroot<br />
# debootstrap jessie ./jessie-chroot http://http.debian.net/debian/<br />
# cd jessie-chroot<br />
# tar cpf - . | docker import - debian<br />
# docker run -t -i --rm debian /bin/bash<br />
<br />
== Arch Linux image with snapshot repository ==<br />
Arch Linux on Docker can become problematic when multiple images are created and updated each having different package versions. To keep Docker containers with consistent package versions, a [https://registry.hub.docker.com/u/pritunl/archlinux/ Docker image with a snapshot repository] is available. This allows installing new packages from the official repository as it was on the day that the snapshot was created.<br />
<br />
$ docker pull pritunl/archlinux:latest<br />
$ docker run --rm -t -i pritunl/archlinux:latest /bin/bash<br />
<br />
Alternatively, you could use [[Arch Linux Archive]] by freezing {{ic|/etc/pacman.d/mirrorlist}} <br />
Server=https://archive.archlinux.org/repos/2020/01/02/$repo/os/$arch<br />
<br />
== Clean Remove Docker + Images ==<br />
<br />
In case you want to remove Docker entirely you can do this by following the steps below:<br />
<br />
{{Note| Don't just copy paste those commands without making sure you know what you are doing!}}<br />
<br />
Check for running containers:<br />
<br />
# docker ps<br />
<br />
List all containers running on the host for deletion:<br />
<br />
# docker ps -a<br />
<br />
Stop a running container:<br />
<br />
# docker stop <CONTAINER ID><br />
<br />
Killing still running containers:<br />
<br />
# docker kill <CONTAINER ID><br />
<br />
Delete all containers listed by ID:<br />
<br />
# docker rm <CONTAINER ID><br />
<br />
List all Docker images:<br />
<br />
# docker images<br />
<br />
Delete all images by ID:<br />
<br />
# docker rmi <IMAGE ID><br />
<br />
Delete all Docker data (purge directory):<br />
<br />
# rm -R /var/lib/docker<br />
<br />
== Useful tips ==<br />
<br />
To grab the IP address of a running container:<br />
<br />
{{hc|<nowiki>$ docker inspect --format '{{ .NetworkSettings.IPAddress }}' <container-name OR id> </nowiki>|<br />
172.17.0.37}}<br />
<br />
== Troubleshooting ==<br />
=== Cannot start a container with systemd 232 ===<br />
Append {{ic|1=systemd.legacy_systemd_cgroup_controller=yes}} as [[kernel parameter]], see [https://github.com/opencontainers/runc/issues/1175 bug report] for details.<br />
<br />
=== Docker info errors out ===<br />
<br />
If running {{ic|docker info}} gives an error that looks like this:<br />
<br />
FATA[0000] Get http:///var/run/docker.sock/v1.17/info: read unix /var/run/docker.sock: connection reset by peer. Are you trying to connect to a TLS-enabled daemon without TLS? <br />
<br />
then you might not have the {{ic|bridge}} module loaded. You can check for it by running {{ic|lsmod | grep bridge}}. If it is not loaded, you can try to load it with {{ic|modprobe}} or simply reboot (a reboot might be required if you have upgraded your kernel recently without rebooting and the bridge module was built for the more recent kernel.)<br />
<br />
See [https://github.com/docker/docker/issues/6853 this issue on GitHub for more information].<br />
<br />
=== Deleting Docker Images in a BTRFS Filesystem ===<br />
Deleting docker images in a [[btrfs]] filesystem leaves the images in {{ic|/var/lib/docker/btrfs/subvolumes/}} with a size of 0. When you try to delete this you get a permission error.<br />
# docker rm bab4ff309870<br />
# rm -Rf /var/lib/docker/btrfs/subvolumes/*<br />
rm: cannot remove '/var/lib/docker/btrfs/subvolumes/85122f1472a76b7519ed0095637d8501f1d456787be1a87f2e9e02792c4200ab': Operation not permitted<br />
<br />
This is caused by btrfs which created subvolumes for the docker images. So the correct command to delete them is:<br />
# btrfs subvolume delete /var/lib/docker/btrfs/subvolumes/85122f1472a76b7519ed0095637d8501f1d456787be1a87f2e9e02792c4200ab<br />
<br />
=== docker0 Bridge gets no IP / no internet access in containers ===<br />
<br />
Docker enables IP forwarding by itself, but by default systemd overrides the respective sysctl setting. The following disables this override (for all interfaces):<br />
# cat > /etc/systemd/network/ipforward.network <<EOF<br />
[Network]<br />
IPForward=kernel<br />
EOF<br />
<br />
# cat > /etc/sysctl.d/99-docker.conf <<EOF<br />
net.ipv4.ip_forward = 1<br />
EOF<br />
<br />
# sysctl -w net.ipv4.ip_forward=1<br />
<br />
{{Accuracy|Add a reference/bug-report link to the following note.}}<br />
<br />
{{Note|It has been observed that with systemd version 220 creating this file causes bridges used by Docker to lose their IP addresses. Running Docker with a manually-defined network, as described above, is known to work.}}<br />
<br />
Finally [[restart]] the {{ic|systemd-networkd}} and {{ic|docker}} services.<br />
<br />
=== Default number of allowed processes/threads too low ===<br />
<br />
If you run into error messages like<br />
<br />
# e.g. Java<br />
java.lang.OutOfMemoryError: unable to create new native thread<br />
# e.g. C, bash, ...<br />
fork failed: Resource temporarily unavailable<br />
<br />
then you might need to adjust the number of processes allowed by systemd. Default (see system.conf) is 500, which is pretty small for running several docker containers. You need to create a drop-in service file for this:<br />
<br />
# mkdir /etc/systemd/system/docker.service.d<br />
# cat > /etc/systemd/system/docker.service.d/tasks.conf <<EOF<br />
[Service]<br />
TasksMax=infinity<br />
EOF<br />
# systemctl daemon-reload<br />
# systemctl restart docker.service<br />
<br />
=== Error initializing graphdriver: devmapper ===<br />
<br />
If {{ic|systemctl}} fails to start docker and provides an error:<br />
<br />
Error starting daemon: error initializing graphdriver: devmapper: Device docker-8:2-915035-pool is not a thin pool<br />
<br />
Then, try the following steps to resolve the error. Stop the service, back up {{ic|/var/lib/docker/}} (if desired), remove the contents of {{ic|/var/lib/docker/}}, and try to start the service. See the open [https://github.com/docker/docker/issues/21304 GitHub issue] for details.<br />
<br />
== See also ==<br />
<br />
* [https://docs.docker.com/engine/installation/linux/archlinux/ Arch Linux on docs.docker.com]<br />
* [http://opensource.com/business/14/7/docker-security-selinux Are Docker containers really secure?] — opensource.com</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Samba/Active_Directory_domain_controller&diff=466976Talk:Samba/Active Directory domain controller2017-01-28T04:43:57Z<p>StrayArch: /* Missing step */ relevant links to help correct wiki</p>
<hr />
<div>== Missing step ==<br />
Under interactive provision explanations, the following step is missing. <br><br />
{{ic|DNS forwarder IP address (write 'none' to disable forwarding) [172.16.212.2]:}} <br><br />
Feel free to add. Otherwise, I should/will in the future. Also, considering adding <br><br />
{{ic|listen-on { all; }; }} to /etc/named.conf . it's also worth while to note that the dlz_bind9_11.so part in named.conf should be rewritten so that the conf doesn't need to be updated every time the version of binded is incremented [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:48, 27 January 2017 (UTC)<br />
<br />
Another missing step is the execution of<br />
<nowiki>samba_upgradedns --dns-backend=BIND9_DLZ</nowiki><br />
to generate {{ic|dns.keytab}} [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:21, 28 January 2017 (UTC)<br />
<br />
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller<br />
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable<br />
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End<br />
<br />
The above links should be helpful in updating the wiki (a future task). [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:43, 28 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Samba/Active_Directory_domain_controller&diff=466975Talk:Samba/Active Directory domain controller2017-01-28T04:30:59Z<p>StrayArch: /* Missing step */ fixed markup</p>
<hr />
<div>== Missing step ==<br />
Under interactive provision explanations, the following step is missing. <br><br />
{{ic|DNS forwarder IP address (write 'none' to disable forwarding) [172.16.212.2]:}} <br><br />
Feel free to add. Otherwise, I should/will in the future. Also, considering adding <br><br />
{{ic|listen-on { all; }; }} to /etc/named.conf . it's also worth while to note that the dlz_bind9_11.so part in named.conf should be rewritten so that the conf doesn't need to be updated every time the version of binded is incremented [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:48, 27 January 2017 (UTC)<br />
<br />
Another missing step is the execution of<br />
<nowiki>samba_upgradedns --dns-backend=BIND9_DLZ</nowiki><br />
to generate {{ic|dns.keytab}} [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:21, 28 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Samba/Active_Directory_domain_controller&diff=466974Talk:Samba/Active Directory domain controller2017-01-28T04:21:04Z<p>StrayArch: /* Missing step */ another potentially missed comand</p>
<hr />
<div>== Missing step ==<br />
Under interactive provision explanations, the following step is missing. <br><br />
{{ic|DNS forwarder IP address (write 'none' to disable forwarding) [172.16.212.2]:}} <br><br />
Feel free to add. Otherwise, I should/will in the future. Also, considering adding <br><br />
{{ic|listen-on { all; }; }} <br> to /etc/named.conf . it's also worth while to note that the dlz_bind9_11.so part in named.conf should be rewritten so that the conf doesn't need to be updated every time the version of binded is incremented [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:48, 27 January 2017 (UTC)<br />
<br />
Another missing step is the execution of {{ic|samba_upgradedns --dns-backend=BIND9_DLZ}} to generate {{ic|dns.keytab}} [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:21, 28 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Samba/Active_Directory_domain_controller&diff=466967Talk:Samba/Active Directory domain controller2017-01-28T03:54:38Z<p>StrayArch: /* Missing step */ additional consideration added for personal tracking</p>
<hr />
<div>== Missing step ==<br />
Under interactive provision explanations, the following step is missing. <br><br />
{{ic|DNS forwarder IP address (write 'none' to disable forwarding) [172.16.212.2]:}} <br><br />
Feel free to add. Otherwise, I should/will in the future. Also, considering adding <br><br />
{{ic|listen-on { all; }; }} [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:48, 27 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Samba/Active_Directory_domain_controller&diff=466966Samba/Active Directory domain controller2017-01-28T03:10:52Z<p>StrayArch: /* BIND */ fixed error given by named-checkconf /etc/named.conf</p>
<hr />
<div>[[Category:Network sharing]]<br />
[[ja:Samba/Active Directory ドメインコントローラ]]<br />
[[ru:Samba 4 Active Directory domain controller]]<br />
{{Related articles start}}<br />
{{Related|Active Directory Integration}}<br />
{{Related|Samba}}<br />
{{Related|SOGo}}<br />
{{Related articles end}}<br />
<br />
This article explains how to setup an Active Directory domain controller using [[Samba]]. It is assumed that all configuration files are in their unmodified, post-installation state. This article was written and tested on a fresh installation, with no modifications other than setting up a static IPv4 network connection, and adding openssh and vim (which should have no effect on the Samba configuration). Finally, most of the commands below will require elevated privileges. Despite conventional wisdom, it may be easier to run these short few commands from a root session as opposed to obtaining rights on an as needed basis.<br />
<br />
==Installation==<br />
<br />
{{Note|Make sure you can access the machines in your network via their hostname. See [[Network configuration#Local network hostname resolution]] for more information.}}<br />
<br />
A fully functional samba domain controller requires several programs beyond those included with the Samba distribution. [[Install]] the {{Pkg|bind-tools}}, {{Pkg|krb5}}, {{Pkg|ntp}}, {{Pkg|openldap}}, {{Pkg|openresolv}} and {{Pkg|samba}} packages.<br />
<br />
Additionally, Samba contains its own fully functional DNS server, but many administrators prefer to use the ISC BIND package. If you need to maintain DNS zones for external domains, you are strongly encouraged to use {{Pkg|bind}}. If you need to share printers, you will also need {{Pkg|cups}}. If needed, install the {{Pkg|bind}} and/or {{Pkg|cups}} packages.<br />
<br />
== Creating a new directory ==<br />
<br />
===Provisioning===<br />
<br />
The first step to creating an Active Directory domain is provisioning. This involves setting up the internal LDAP, Kerberos, and DNS servers and performing all of the basic configuration needed for the directory. If you have set up a directory server before, you are undoubtedly aware of the potential for errors in making these individual components work together as a single unit. The difficulty in doing so is the very reason that the Samba developers chose not to use the MIT or Heimdal Kerberos server or OpenLDAP server, instead opting for internal versions of these programs. The server packages above were installed only for the client utilities. Provisioning is quite a bit easier with Samba. Just issue the following command:<br />
<br />
# samba-tool domain provision --use-rfc2307 --use-xattrs=yes --interactive<br />
<br />
====Argument explanations====<br />
;--use-rfc2307<br />
:this argument adds POSIX attributes (UID/GID) to the AD Schema. This will be necessary if you intend to authenticate Linux, BSD, or OS X clients (including the local machine) in addition to Microsoft Windows.<br />
<br />
;--use-xattrs=yes<br />
:this argument enables the use of unix extended attributes (ACLs) for files hosted on this server. If you intend not have file shares on the domain controller, you can omit this switch (but this is not recommended). You should also ensure that any filesystems that will host Samba shares are mounted with support for ACLs.<br />
<br />
;--interactive<br />
:this parameter forces the provision script to run interactively. Alternately, you can review the help for the provision step by running {{ic|samba-tool domain provision --help}}.<br />
<br />
====Interactive provision explanations====<br />
;Realm<br />
:'''INTERNAL.DOMAIN.COM''' - This should be the same as the DNS domain in all caps. It is common to use an internal-only sub-domain to separate your internal domain from your external DNS domains, but it is not required.<br />
<br />
;Domain<br />
:'''INTERNAL''' - This will be the NetBIOS domain name, usually the leftmost DNS sub-domain but can be anything you like. For example, the name INTERNAL would not be very descriptive. Perhaps company name or initials would be appropriate. This should be entered in all caps, and should have a 15 character maximum length for compatibility with older clients.<br />
<br />
;Server Role<br />
:'''dc''' - This article assumes that your are installing the first DC in a new domain. If you select anything different, the rest of this article will likely be useless to you.<br />
<br />
;DNS Backend<br />
:'''BIND9_DLZ''' or '''SAMBA_INTERNAL''' - This is down to personal preference of the server admin. Again, if you are hosting DNS for external domains, you are strongly encouraged to use the '''BIND9_DLZ''' backend so that flat zone files can continue to be used and existing transfer rules can co-exist with the internal DNS server. If unsure, use the '''SAMBA_INTERNAL''' backend.<br />
<br />
;Administrator password<br />
:'''xxxxxxxx''' - You must select a ''strong'' password for the administrator account. The minimum requirements are one upper case letter, one number, and at least eight characters. If you attempt to use a password that does not meet the complexity requirements, provisioning will fail.<br />
<br />
===Configuring daemons===<br />
<br />
====NTPD====<br />
<br />
Create a suitable NTP configuration for your network time server. See [[Network Time Protocol daemon]] for explanations of, and additional configuration options.<br />
Create a backup copy of the default file:<br />
<br />
# cp /etc/ntp.conf{,.default}<br />
<br />
Modify the {{ic|/etc/ntp.conf}} file with the following contents:<br />
<br />
{{hc|/etc/ntp.conf|<nowiki><br />
# Please consider joining the pool:<br />
#<br />
# http://www.pool.ntp.org/join.html<br />
#<br />
# For additional information see:<br />
# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon<br />
# - http://support.ntp.org/bin/view/Support/GettingStarted<br />
# - the ntp.conf man page<br />
<br />
# Associate to Arch's NTP pool<br />
server 0.arch.pool.ntp.org<br />
server 1.arch.pool.ntp.org<br />
server 2.arch.pool.ntp.org<br />
server 3.arch.pool.ntp.org<br />
<br />
# Restrictions<br />
restrict default kod limited nomodify notrap nopeer mssntp<br />
restrict 127.0.0.1<br />
restrict ::1<br />
restrict 0.arch.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br />
restrict 1.arch.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br />
restrict 2.arch.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br />
restrict 3.arch.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery<br />
<br />
# Location of drift file<br />
driftfile /var/lib/ntp/ntpd.drift<br />
<br />
# Location of the update directory<br />
ntpsigndsocket /var/lib/samba/ntp_signd/<br />
</nowiki>}}<br />
<br />
Create the state directory and set permissions:<br />
<br />
# install -d /var/lib/samba/ntp_signd<br />
# chown root:ntp /var/lib/samba/ntp_signd<br />
# chmod 0750 /var/lib/samba/ntp_signd<br />
<br />
Enable and start the {{ic|ntpd.service}} unit.<br />
<br />
====BIND====<br />
<br />
If you elected to use the '''BIND9_DLZ''' DNS backend, [[Install]] the {{Pkg|bind}} package and create the following BIND configuration. See [[BIND]] for explanations of, and additional configuration options. Be sure to replace the '''x''' characters with suitable values:<br />
First, create a backup of the default configuration file:<br />
<br />
# mv /etc/named.conf{,.default}<br />
<br />
Create the {{ic|/etc/named.conf}} file:<br />
<br />
{{hc|/etc/named.conf|<nowiki> <br />
// vim:set ts=4 sw=4 et:<br />
<br />
options {<br />
directory "/var/named";<br />
pid-file "/run/named/named.pid";<br />
<br />
// Uncomment these to enable IPv6 connections support<br />
// IPv4 will still work:<br />
// listen-on-v6 { any; };<br />
// Add this for no IPv4:<br />
// listen-on { none; };<br />
<br />
auth-nxdomain yes;<br />
datasize default;<br />
empty-zones-enable no;<br />
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";<br />
forwarders { </nowiki>'''xxx.xxx.xxx.xxx'''; '''xxx.xxx.xxx.xxx''';<nowiki> };<br />
<br />
// Add any subnets or hosts you want to allow to use this DNS server (use "; " delimiter)<br />
allow-query { </nowiki>'''xxx.xxx.xxx.xxx/xx'''; 127.0.0.0/8;<nowiki> };<br />
<br />
// Add any subnets or hosts you want to allow to use recursive queries<br />
allow-recursion { </nowiki>'''xxx.xxx.xxx.xxx/xx'''; 127.0.0.0/8;<nowiki> };<br />
<br />
// Add any subnets or hosts you want to allow dynamic updates from<br />
allow-update { </nowiki>'''xxx.xxx.xxx.xxx/xx'''; 127.0.0.0/8;<nowiki> };<br />
<br />
allow-transfer { none; };<br />
version none;<br />
hostname none;<br />
server-id none;<br />
};<br />
<br />
zone "localhost" IN {<br />
type master;<br />
file "localhost.zone";<br />
};<br />
<br />
zone "0.0.127.in-addr.arpa" IN {<br />
type master;<br />
file "127.0.0.zone";<br />
};<br />
<br />
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {<br />
type master;<br />
file "localhost.ip6.zone";<br />
};<br />
<br />
zone "255.in-addr.arpa" IN {<br />
type master;<br />
file "empty.zone";<br />
};<br />
<br />
zone "0.in-addr.arpa" IN {<br />
type master;<br />
file "empty0.zone";<br />
};<br />
<br />
zone "." IN {<br />
type hint;<br />
file "root.hint";<br />
};<br />
<br />
//Load AD integrated zones<br />
dlz "AD DNS Zones" {<br />
database "dlopen /usr/lib/samba/bind9/dlz_bind9_10.so";<br />
};<br />
<br />
//zone "example.org" IN {<br />
// type slave;<br />
// file "example.zone";<br />
// masters {<br />
// 192.168.1.100;<br />
// };<br />
// allow-query { any; };<br />
// allow-transfer { any; };<br />
//};<br />
//<br />
logging {<br />
channel xfer-log {<br />
file "/var/log/named.log";<br />
print-category yes;<br />
print-severity yes;<br />
severity info;<br />
};<br />
category xfer-in { xfer-log; };<br />
category xfer-out { xfer-log; };<br />
category notify { xfer-log; };<br />
};<br />
</nowiki>}}<br />
<br />
Set permissions:<br />
<br />
# chgrp named /var/lib/samba/private/dns.keytab<br />
# chmod g+r /var/lib/samba/private/dns.keytab<br />
# touch /var/log/named.log<br />
# chown root:named /var/log/named.log<br />
# chmod 664 /var/log/named.log<br />
<br />
<!-- Remove and adjust above configuration file for new version when this is fixed in arch --><br />
Fix for recent versions of bind:<br />
<br />
# copy /var/named/empty.zone /var/named/empty0.zone<br />
# chown root:named /var/named/empty0.zone<br />
<br />
Enable and start the {{ic|named.service}} unit.<br />
<br />
Good values for forwarders are your ISP's DNS servers. Google (8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, and 2001:4860:4860::8844) and OpenDNS (208.67.222.222, 208.67.220.220, 2620:0:ccc::2 and 2620:0:ccd::2) provide suitable public DNS servers free of charge. Appropriate values for subnets are specific to your network.<br />
<br />
====Kerberos client utilities====<br />
<br />
The provisioning step above created a perfectly valid krb5.conf file for use with a Samba domain controller. Install it with the following commands:<br />
<br />
# mv /etc/krb5.conf{,.default}<br />
# cp /var/lib/samba/private/krb5.conf /etc<br />
<br />
====DNS====<br />
<br />
You will need to begin using the local DNS server now. Reconfigure resolvconf to use only localhost for DNS lookups. Create the {{ic|/etc/resolv.conf.tail}} (do not forget to substitute '''internal.domain.tld''' with your internal domain):<br />
<br />
# Samba configuration<br />
search '''internal.domain.tld'''<br />
# If using IPv6, uncomment the following line<br />
#nameserver ::1<br />
nameserver 127.0.0.1<br />
<br />
Set permissions and regenerate the new {{ic|/etc/resolv.conf}} file<br />
<br />
# chmod 644 /etc/resolv.conf.tail<br />
# resolvconf -u<br />
<br />
====Samba====<br />
<br />
Enable and start the {{ic|samba.service}} unit. If you intend to use the LDB utilities, you will also need create the {{ic|/etc/profile.d/sambaldb.sh}} file to set '''LDB_MODULES_PATH''':<br />
<br />
export LDB_MODULES_PATH="${LDB_MODULES_PATH}:/usr/lib/samba/ldb"<br />
<br />
Set permissions on the file and source it:<br />
# chmod 0755 /etc/profile.d/sambaldb.sh<br />
# . /etc/profile.d/sambaldb.sh<br />
<br />
===Testing the installation===<br />
<br />
====DNS====<br />
<br />
First, verify that DNS is working as expected. Execute the following commands substituting appropriate values for '''internal.domain.com''' and '''server''':<br />
<br />
# host -t SRV _ldap._tcp.'''internal.domain.com'''.<br />
# host -t SRV _kerberos._udp.'''internal.domain.com'''.<br />
# host -t A '''server'''.'''internal.domain.com'''.<br />
<br />
You should receive output similar to the following:<br />
<br />
{{bc|_ldap._tcp.internal.domain.com has SRV record 0 100 389 server.internal.domain.com.<br />
_kerberos._udp.internal.domain.com has SRV record 0 100 88 server.internal.domain.com.<br />
server.internal.domain.com has address xxx.xxx.xxx.xxx}}<br />
<br />
====NT authentication====<br />
<br />
Next, verify that password authentication is working as expected:<br />
<br />
# smbclient //localhost/netlogon -U Administrator -c 'ls'<br />
<br />
You will be prompted for a password (the one you selected earlier), and will get a directory listing like the following:<br />
<br />
{{bc|1=Domain=[INTERNAL] OS=[Unix] Server=[Samba 4.1.2]<br />
. D 0 Wed Nov 27 23:59:07 2013<br />
.. D 0 Wed Nov 27 23:59:12 2013<br />
<br />
50332 blocks of size 2097152. 47185 blocks available}}<br />
<br />
====Kerberos====<br />
<br />
Now verify that the KDC is working as expected. Be sure to replace '''INTERNAL.DOMAIN.COM''' and use upper case letters:<br />
<br />
# kinit administrator@'''INTERNAL.DOMAIN.COM'''<br />
<br />
You should be prompted for a password and get output similar to the following:<br />
<br />
{{bc|Warning: Your password will expire in 41 days on Wed 08 Jan 2014 11:59:11 PM CST}}<br />
<br />
Verify that you actually got a ticket:<br />
<br />
# klist<br />
<br />
You should get output similar to below:<br />
<br />
{{bc|Ticket cache: FILE:/tmp/krb5cc_0<br />
Default principal: administrator@INTERNAL.DOMAIN.COM<br />
<br />
Valid starting Expires Service principal<br />
11/28/2013 00:22:17 11/28/2013 10:22:17 krbtgt/INTERNAL.DOMAIN.COM@INTERNAL.DOMAIN.COM<br />
renew until 11/29/2013 00:22:14}}<br />
<br />
As a final test, use smbclient with your recently acquired ticket. Replace '''server''' with the correct server name:<br />
<br />
# smbclient //'''server'''/netlogon -k -c 'ls'<br />
<br />
The output should be the same as when testing password authentication above.<br />
<br />
===Additional configuration ===<br />
<br />
==== DNS ====<br />
<br />
You will also need to create a reverse lookup zone for each subnet in your environment in DNS. It is important that this is kept in Samba's DNS as opposed to BIND to allow for dynamic updates by cleints. For each subnet, create a reverse lookup zone with the following commands. Replace '''server'''.'''internal'''.'''domain'''.'''tld''' and '''xxx'''.'''xxx'''.'''xxx''' with appropriate values. For '''xxx'''.'''xxx'''.'''xxx''', use the first three octets of the subnet in reverse order (for example: 192.168.0.0/24 becomes 0.168.192):<br />
<br />
# samba-tool dns zonecreate '''server'''.'''internal'''.'''domain'''.'''tld''' '''xxx'''.'''xxx'''.'''xxx'''.in-addr.arpa -U Administrator<br />
<br />
Now, add a record for you server (if your server is multi-homed, add for each subnet) again substituting appropriate values as above. '''zzz''' will be replaced by the fourth octet of the IP for the server:<br />
<br />
# samba-tool dns add '''server'''.'''internal'''.'''domain'''.'''tld''' '''xxx'''.'''xxx'''.'''xxx'''.in-addr.arpa '''zzz''' PTR '''server'''.'''internal'''.'''domain'''.'''tld''' -U Administrator<br />
<br />
Restart the {{ic|samba}} service. If using BIND for DNS, restart the {{ic|named}} service as well.<br />
<br />
Finally, test the lookup. Replace '''xxx'''.'''xxx'''.'''xxx'''.'''xxx''' with the IP of your server:<br />
<br />
# host -t PTR '''xxx'''.'''xxx'''.'''xxx'''.'''xxx'''<br />
<br />
You should get output similar to the following:<br />
<br />
xxx.xxx.xxx.xxx.in-addr.arpa domain name pointer server.internal.domain.tld.<br />
<br />
====TLS====<br />
<br />
TLS support is not enabled by default, however, a default certificate was created when the DC was brought up. With the release of Samba 4.3.8 and 4.2.2, unsecured LDAP binds are disabled by default, and you must configure TLS to use Samba as an authentication source (without reducing the security of your Samba installation). To use the default keys, append the following lines to the "'''[global]'''" section of the {{ic|/etc/samba/smb.conf}} file:<br />
<br />
tls enabled = yes<br />
tls keyfile = tls/key.pem<br />
tls certfile = tls/cert.pem<br />
tls cafile = tls/ca.pem<br />
<br />
If a trusted certificate is needed, create a signing key and a certificate request (see [[OpenSSL]] for detailed instructions). Get the request signed by your chosen certificate authority, and put into this directory. If your certificate authority also needs an intermediate certificate, concatenate the certs (server cert first, then intermediate) and leave '''tls cafile''' blank.<br />
<br />
Restart {{ic|samba}} for the changes to take effect.<br />
<br />
== Adding a second domain controller to an existing domain ==<br />
<br />
TBA...<br />
<br />
== Tips and tricks ==<br />
<br />
===DHCP with dynamic DNS updates ===<br />
<br />
It should be noted that using this method will affect functionality of windows clients, as they will still attempt to update DNS on their own. When this occurs, the machine will be denied permission to do so as the record will be owned by the dhcp user rather than the machine account. While this is essentially harmless, it will generate warnings in the system log of the offending machine. You should create a GPO to overcome this, but unfortunately, Samba does not yet have a command line utility to modify GPOs. You will need a Windows PC with the RSAT tools installed. Simply create a dedicated GPO with the Group Policy Editor, and apply only to OUs that contain workstations (so that servers can still update using 'ipconfig /registerdns') and configure the following settings:<br />
<br />
{{bc|1=Computer Configuration<br />
Policies<br />
Administrative Templates<br />
Network<br />
DNS Client<br />
Dynamic Update = Disabled<br />
Register PTR Records = Disabled}}<br />
<br />
[[Install]] the {{Pkg|dhcp}} package and the {{AUR|samba-dhcpd-update}} package.<br />
<br />
Create an unprivileged user in AD for performing the updates. When prompted for password, use a secure password. 63 random, mixed case, alpha-numeric characters is sufficient. Optionally samba-tool also takes a random argument:<br />
<br />
# samba-tool user create dhcp --description="Unprivileged user for DNS updates via DHCP server"<br />
<br />
Since this is a service account, disabling password expiration on the user account is recommended, but not required:<br />
<br />
# samba-tool user setexpiry dhcp --noexpiry<br />
<br />
Give the user privileges to administer DNS:<br />
# samba-tool group addmembers DnsAdmins dhcp<br />
<br />
Export the users credentials to a private keytab:<br />
# samba-tool domain exportkeytab --principal=dhcp@'''INTERNAL'''.'''DOMAIN'''.'''TLD''' dhcpd.keytab<br />
# install -vdm 755 /etc/dhcpd<br />
# mv dhcpd.keytab /etc/dhcpd<br />
# chown root:root /etc/dhcpd/dhcpd.keytab<br />
# chmod 400 /etc/dhcpd/dhcpd.keytab<br />
<br />
Modify the {{ic|dhcpd-update-samba-dns.conf}} file with the following commands (substituting correct values for '''server''', '''internal'''.'''domain'''.'''tld''', and '''INTERNAL'''.'''DOMAIN'''.'''TLD'''):<br />
<br />
{{hc|/etc/dhcpd/dhcpd-update-samba-dns.conf|<nowiki><br />
# Variables<br />
KRB5CC="/run/dhcpd4.krb5cc"<br />
KEYTAB="/etc/dhcpd/dhcpd.keytab"<br />
DOMAIN=</nowiki>"'''internal'''.'''domain'''.'''tld'''"<nowiki><br />
REALM=</nowiki>"'''INTERNAL'''.'''DOMAIN'''.'''TLD'''"<nowiki><br />
PRINCIPAL="dhcp@${REALM}"<br />
NAMESERVER="</nowiki>'''server'''<nowiki>.${DOMAIN}"<br />
ZONE="${DOMAIN}"<br />
</nowiki>}}<br />
<br />
Configure the dhcpd server following the [[dhcpd]] article and add the following to all subnet declarations in the {{ic|/etc/dhcpd.conf}} file that provide DHCP service:<br />
<br />
{{bc|<nowiki><br />
on commit {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "add", ClientIP, ClientName);<br />
}<br />
<br />
on release {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);<br />
}<br />
<br />
on expiry {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);<br />
</nowiki>}}<br />
<br />
Here is a complete example {{ic|/etc/dhcpd.conf}} file for reference:<br />
<br />
{{hc|/etc/dhcpd.conf|<nowiki><br />
<br />
subnet </nowiki>'''192.168.1.0''' netmask '''255.255.255.0'''<nowiki> {<br />
range </nowiki>'''192.168.1.100''' '''192.168.1.199'''<nowiki>;<br />
option subnet-mask </nowiki>'''255.255.255.0'''<nowiki>;<br />
option routers </nowiki>'''192.168.1.254'''<nowiki>;<br />
option domain-name "</nowiki>'''internal.domain.tld'''<nowiki>";<br />
option domain-name-servers </nowiki>'''192.168.1.1'''<nowiki>;<br />
option broadcast-address </nowiki>'''192.168.1.255'''<nowiki>;<br />
default-lease-time 28800;<br />
max-lease-time 43200;<br />
authoritative;<br />
<br />
on commit {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "add", ClientIP, ClientName);<br />
}<br />
<br />
on release {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);<br />
}<br />
<br />
on expiry {<br />
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);<br />
set ClientName = pick-first-value(option host-name, host-decl-name);<br />
execute("/usr/bin/dhcpd-update-samba-dns.sh", "delete", ClientIP, ClientName);<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
Finally, enable and start (or restart) the {{ic|dhcpd4}} service.<br />
<br />
=== Transferring users from one directory to another ===<br />
<br />
Unfortunately, there is no built-in utility to export users from one directory to another. This is one way, albeit exceptionally ulgy, to get the user specific fields out of your existing SAM and into a suitable LDIF format for ldbmodify:<br />
<br />
ldbsearch -H /var/lib/samba/private/sam.ldb \<br />
-s sub -b cn=Users,dc='''internal''',dc='''domain''',dc='''tld''' '(objectClass=user)' | \<br />
grep -e "^\# record" -e "^accountExpires:" -e "^c:" -e "^cn:" -e "^co:" -e "^codePage:" \<br />
-e "^comment:" -e "^company:" -e "^countryCode:" -e "^department:" \<br />
-e "^description:" -e "^displayName" -e "^displayNamePrintable:" \<br />
-e "^distinguishedName" -e "^division:" -e "^dn:" -e "^employeeID:" \<br />
-e "^facsimileTelephoneNumber:" -e "^generationQualifier:" \<br />
-e "^givenName" -e "^homeDirectory:" -e "^homeDrive:" -e "^homePhone:" \<br />
-e "^homePostalAddress:" -e "^info:" -e "^initials:" \<br />
-e "^internationalISDNNumber:" -e "^ipPhone:" -e "^l:" -e "^mail:" \<br />
-e "^manager:" -e "^middleName:" -e "^mobile:" -e "^name:" -e "^o:" \<br />
-e "^objectClass" -e "^otherFacsimileTelephoneNumber:" \<br />
-e "^otherHomePhone:" -e "^otherIpPhone:" -e "^otherMailbox:" \<br />
-e "^otherMobile:" -e "^otherPager:" -e "^otherTelephone:" -e "^pager:" \<br />
-e "^personalTitle:" -e "^physicalDeliveryOfficeName:" -e "^postalAddress:" \<br />
-e "^postalCode:" -e "^postOfficeBox:" -e "^proxyAddresses\: SMTP" \<br />
-e "^proxyAddresses: smtp" -e "^referredDeliveryMethod:" \<br />
-e "^primaryInternationalISDNNumber:" -e "^primaryTelexNumber:" \<br />
-e "^profilePath:" -e "^registeredAddress:" -e "^sAMAccountName:" \<br />
-e "^scriptPath:" -e "^sn:" -e "^st:" -e "^street:" -e "^streetAddress:" \<br />
-e "^telephoneNumber:" -e "^teletexTerminalIdentifier:" \<br />
-e "^telexNumber:" -e "^title:" -e "^userAccountControl:" -e "^userPrincipalName:"\<br />
-e "^url:" -e "^userSharedFolder:" -e "^userSharedFolderOther:" -e "^wWWHomePage:" | \<br />
sed '/^dn:.*/ a\changetype: add' | sed '/^# record/ i\\n' > user-export.ldif<br />
<br />
Explanation: Run an ldbsearch in the users container only, using sub-tree search for objectclass=user. If you need the whole directory, you can modify the search base to use the root or some other OU. The output from ldbsearch is then piped into a really long grep command that returns only appropriate attributes to keep in the new directory. This is obviously subjective, and probably should be tailored to your specific use case. Finally, we use sed to insert the changetype line (needed to tell ldbmodify that we are adding a user), and prefix with a blank line (to make it easier to read) for each exported object.<br />
<br />
{{Note|You will need to modify the output file and remove any objects that you don't want transferred. The output file will contain objects (service users, built-ins, etc.) that can break your new directory if you fail to remove them! It will also contain the old domain in both the "dn" and "distinguishedName" attributies that must be changed before import.}}<br />
<br />
To import, after editing the file and transferring to the new server, simply run the following command on your new samba domain controller:<br />
<br />
ldbmodify -H /var/lib/samba/private/sam.ldb user-export.ldif<br />
<br />
=== Password Complexity ===<br />
<br />
By default, Samba requires strong passwords. To disable the complexity check, issue the following command:<br />
<br />
{{bc|# samba-tool domain passwordsettings set --complexity&#61;off}}</div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenLDAP&diff=466959OpenLDAP2017-01-27T21:29:31Z<p>StrayArch: /* The server */ otherwise original example could be lost.</p>
<hr />
<div>[[Category:Networking]]<br />
[[ja:openLDAP]]<br />
[[ru:OpenLDAP]]<br />
[[zh-hans:OpenLDAP]]<br />
{{Related articles start}}<br />
{{Related|LDAP Authentication}}<br />
{{Related|LDAP Hosts}}<br />
{{Related articles end}}<br />
<br />
OpenLDAP is an open-source implementation of the LDAP protocol. An LDAP server basically is a non-relational database which is optimised for accessing, but not writing, data. It is mainly used as an address book (for e.g. email clients) or authentication backend to various services (such as Samba, where it is used to emulate a domain controller, or [[LDAP authentication|Linux system authentication]], where it replaces {{ic|/etc/passwd}}) and basically holds the user data.<br />
<br />
{{note|Commands related to OpenLDAP that begin with {{ic|ldap}} (like {{ic|ldapsearch}}) are client-side utilities, while commands that begin with {{ic|slap}} (like {{ic|slapcat}}) are server-side.}}<br />
<br />
This page is a starting point for a basic OpenLDAP installation and a sanity check.<br />
<br />
{{Tip|Directory services are an enormous topic. Configuration can therefore be complex. If you are totally new to those concepts, [http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html this] is an good introduction that is easy to understand and that will get you started, even if you are new to everything LDAP.}}<br />
<br />
== Installation ==<br />
<br />
OpenLDAP contains both a LDAP server and client. [[Install]] it with the package {{Pkg|openldap}}.<br />
<br />
== Configuration ==<br />
<br />
=== The server ===<br />
<br />
{{Note|If you already have an OpenLDAP database on your machine, remove it by deleting everything inside {{ic|/var/lib/openldap/openldap-data/}}.}}<br />
<br />
The server configuration file is located at {{ic|/etc/openldap/slapd.conf}}.<br />
<br />
Edit the suffix and rootdn. The suffix typically is your domain name but it does not have to be. It depends on how you use your directory. We will use ''example'' for the domain name, and ''com'' for the tld. The rootdn is your LDAP administrator's name (we will use ''root'' here).<br />
{{bc|<nowiki><br />
suffix "dc=example,dc=com"<br />
rootdn "cn=root,dc=example,dc=com"<br />
</nowiki>}}<br />
<br />
Now we delete the default root password and create a strong one:<br />
# sed -i "/rootpw/ d" /etc/openldap/slapd.conf #find the line with rootpw and delete it<br />
# echo "rootpw $(slappasswd)" >> /etc/openldap/slapd.conf #add a line which includes the hashed password output from slappasswd<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/schema.html schemas] to the top of {{ic|slapd.conf}}:<br />
<br />
{{Note|currently missing: <br />
cp /usr/share/doc/samba/examples/LDAP/samba.schema /etc/openldap/schema}}<br />
<br />
{{bc|<br />
include /etc/openldap/schema/cosine.schema<br />
include /etc/openldap/schema/inetorgperson.schema<br />
include /etc/openldap/schema/nis.schema<br />
#include /etc/openldap/schema/samba.schema<br />
}}<br />
<br />
You will likely want to add some typically used [http://www.openldap.org/doc/admin24/tuning.html#Indexes indexes] to the bottom of {{ic|slapd.conf}}:<br />
{{bc|<br />
index uid pres,eq<br />
index mail pres,sub,eq<br />
index cn pres,sub,eq<br />
index sn pres,sub,eq<br />
index dc eq<br />
}}<br />
<br />
Now prepare the database directory. You will need to rename the default config:<br />
# cp /var/lib/openldap/openldap-data/DB_CONFIG.example /var/lib/openldap/openldap-data/DB_CONFIG<br />
<br />
{{Note|With OpenLDAP 2.4 the configuration of {{ic|slapd.conf}} is deprecated. From this version on all configuration settings are stored in {{ic|/etc/openldap/slapd.d/}}.}}<br />
<br />
To store the recent changes in {{ic|slapd.conf}} to the new {{ic|/etc/openldap/slapd.d/}} configuration settings, we have to delete the old configuration files first, do this every time you change the configuration:<br />
<br />
# rm -rf /etc/openldap/slapd.d/*<br />
<br />
<br />
(if you do not have a database yet, you might need to create one by starting and stopping the {{ic|slapd.service}} [[systemd#Using units|using systemd]] )<br />
<br />
Then we generate the new configuration with:<br />
<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/<br />
<br />
The above command has to be run every time you change {{ic|slapd.conf}}. Check if everything succeeded. Ignore message "bdb_monitor_db_open: monitoring disabled; configure monitor database to enable". <br />
<br />
Change ownership recursively on the new files and directory in /etc/openldap/slapd.d:<br />
<br />
# chown -R ldap:ldap /etc/openldap/slapd.d<br />
<br />
<br />
{{note|Index the directory after you populate it. You should stop slapd before doing this.<br />
# slapindex<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
or just<br />
<br />
$ sudo -u ldap slapindex<br />
}}<br />
<br />
Finally, start the slapd daemon with {{ic|slapd.service}} using systemd.<br />
<br />
=== The client ===<br />
The client config file is located at {{ic|/etc/openldap/ldap.conf}}. <br />
<br />
It is quite simple: you will only have to alter {{ic|BASE}} to reflect the suffix of the server, and {{ic|URI}} to reflect the address of the server, like:<br />
<br />
{{hc|/etc/openldap/ldap.conf|2=<br />
BASE dc=example,dc=com<br />
URI ldap://localhost<br />
}}<br />
<br />
If you decide to use SSL:<br />
<br />
* The protocol (ldap or ldaps) in the {{ic|URI}} entry has to conform with the slapd configuration<br />
* If you decide to use self-signed certificates, add a {{ic|TLS_REQCERT allow}} line to {{ic|ldap.conf}}<br />
* If you use a signed certificate from a CA, add the line {{ic|TLS_CACERTDIR /usr/share/ca-certificates/trust-source}} in {{ic|ldap.conf}}.<br />
<br />
=== Create initial entry ===<br />
Once your client is configured, you probably want to create the root entry, and an entry for the root role:<br />
<br />
$ ldapadd -x -D 'cn=root,dc=example,dc=com' -W<br />
dn: dc=example,dc=com<br />
objectClass: dcObject<br />
objectClass: organization<br />
dc: example<br />
o: Example<br />
description: Example directory<br />
<br />
dn: cn=root,dc=example,dc=com<br />
objectClass: organizationalRole<br />
cn: root<br />
description: Directory Manager<br />
^D<br />
<br />
The text after the first line is entered on stdin, or could be read from a file either with the -f option or a file redirect.<br />
<br />
=== Test your new OpenLDAP installation ===<br />
<br />
This is easy, just run the command below:<br />
$ ldapsearch -x '(objectclass=*)'<br />
<br />
Or authenticating as the rootdn (replacing {{ic|-x}} by {{ic|-D <user> -W}}), using the example configuration we had above:<br />
$ ldapsearch -D "cn=root,dc=example,dc=com" -W '(objectclass=*)'<br />
<br />
Now you should see some information about your database.<br />
<br />
=== OpenLDAP over TLS ===<br />
{{Note|[http://www.openldap.org/doc/admin24/ upstream documentation] is much more useful/complete than this section}}<br />
<br />
If you access the OpenLDAP server over the network and especially if you have sensitive data stored on the server you run the risk of someone sniffing your data which is sent clear-text. The next part will guide you on how to setup an SSL connection between the LDAP server and the client so the data will be sent encrypted.<br />
<br />
In order to use TLS, you must have a certificate. For testing purposes, a ''self-signed'' certificate will suffice. To learn more about certificates, see [[OpenSSL]].<br />
<br />
{{Warning|OpenLDAP cannot use a certificate that has a password associated to it.}}<br />
<br />
==== Create a self-signed certificate ====<br />
To create a ''self-signed'' certificate, type the following:<br />
$ openssl req -new -x509 -nodes -out slapdcert.pem -keyout slapdkey.pem -days 365<br />
<br />
You will be prompted for information about your LDAP server. Much of the information can be left blank. The most important information is the common name. This must be set to the DNS name of your LDAP server. If your LDAP server's IP address resolves to example.org but its server certificate shows a CN of bad.example.org, LDAP clients will reject the certificate and will be unable to negotiate TLS connections (apparently the results are wholly unpredictable).<br />
<br />
Now that the certificate files have been created copy them to {{ic|/etc/openldap/ssl/}} (create this directory if it does not exist) and secure them. <br />
{{ic|slapdcert.pem}} must be world readable because it contains the public key. {{ic|slapdkey.pem}} on the other hand should only be readable for the ldap user for security reasons:<br />
# mv slapdcert.pem slapdkey.pem /etc/openldap/ssl/<br />
# chmod -R 755 /etc/openldap/ssl/<br />
# chmod 400 /etc/openldap/ssl/slapdkey.pem<br />
# chmod 444 /etc/openldap/ssl/slapdcert.pem<br />
# chown ldap /etc/openldap/ssl/slapdkey.pem<br />
<br />
==== Configure slapd for SSL ====<br />
Edit the daemon configuration file ({{ic|/etc/openldap/slapd.conf}}) to tell LDAP where the certificate files reside by adding the following lines:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem<br />
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem<br />
}}<br />
<br />
If you are using a signed SSL Certificate from a certification authority such as [[Let’s Encrypt]], you will also need to specify the path to the root certificates database and your intermediary certificate. You will also need to change ownership of the {{ic|.pem}} files and intermediary directories to make them readable to the user {{ic|ldap}}:<br />
{{bc|<br />
# Certificate/SSL Section<br />
TLSCipherSuite DEFAULT<br />
TLSCertificateFile /etc/letsencrypt/live/ldap.my-domain.com/cert.pem<br />
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.my-domain.com/privkey.pem<br />
TLSCACertificateFile /etc/letsencrypt/live/ldap.my-domain.com/chain.pem<br />
TLSCACertificatePath /usr/share/ca-certificates/trust-source<br />
}}<br />
<br />
The TLSCipherSuite specifies a list of OpenSSL ciphers from which slapd will choose when negotiating TLS connections, in decreasing order of preference. In addition to those specific ciphers, you can use any of the wildcards supported by OpenSSL. '''NOTE:''' DEFAULT is a wildcard. See {{ic|man ciphers}} for description of ciphers, wildcards and options supported.<br />
<br />
{{Note|To see which ciphers are supported by your local OpenSSL installation, type the following: {{ic|openssl ciphers -v ALL:COMPLEMENTOFALL}}. Always test which ciphers will actually be enabled by TLSCipherSuite by providing it to OpenSSL command, like this: {{ic|openssl ciphers -v 'DEFAULT'}} }}<br />
<br />
Regenerate the configuration directory:<br />
# rm -rf /etc/openldap/slapd.d/* # erase old config settings<br />
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ # generate new config directory from config file<br />
# chown -R ldap:ldap /etc/openldap/slapd.d # Change ownership recursively to ldap on the config directory<br />
<br />
==== Start slapd with SSL ====<br />
You will have to edit {{ic|slapd.service}} to change to protocol slapd listens on.<br />
<br />
Create the override unit:<br />
{{hc|systemctl edit slapd.service|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldaps:///"</nowiki>}}<br />
<br />
Localhost connections do not need to use SSL. So, if you want to access the server locally you should change the {{ic|ExecStart}} line to:<br />
ExecStart=/usr/bin/slapd -u ldap -g ldap -h "ldap://127.0.0.1 ldaps:///"<br />
<br />
Then [[restart]] {{ic|slapd.service}}. If it was enabled before, reenable it now.<br />
<br />
{{Note|If you created a self-signed certificate above, be sure to add {{ic|TLS_REQCERT allow}} to {{ic|/etc/openldap/ldap.conf}} on the client, or it will not be able connect to the server.}}<br />
<br />
== Next Steps ==<br />
<br />
You now have a basic LDAP installation. The next step is to design your directory. The design is heavily dependent on what you are using it for. If you are new to LDAP, consider starting with a directory design recommended by the specific client services that will use the directory ([[PAM]], [[Postfix]], etc).<br />
<br />
A directory for system authentication is the [[LDAP authentication]] article.<br />
<br />
A nice web frontend is [[phpLDAPadmin]].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Client Authentication Checking ===<br />
If you cannot connect to your server for non-secure authentication<br />
<br />
$ ldapsearch -x -H ldap://ldaservername:389 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
and for TLS secured authentication with:<br />
<br />
$ ldapsearch -x -H ldaps://ldaservername:636 -D cn=Manager,dc=example,dc=exampledomain<br />
<br />
=== LDAP Server Stops Suddenly ===<br />
<br />
If you notice that slapd seems to start but then stops, try running:<br />
<br />
# chown ldap:ldap /var/lib/openldap/openldap-data/*<br />
<br />
to allow slapd write access to its data directory as the user "ldap".<br />
<br />
=== LDAP Server Doesn't Start ===<br />
<br />
Try starting the server from the command line with debugging output enabled:<br />
<br />
# slapd -u ldap -g ldap -h ldaps://ldaservername:636 -d Config,Stats<br />
<br />
== See Also ==<br />
* [http://www.openldap.org/doc/admin24/ Official OpenLDAP Software 2.4 Administrator's Guide]<br />
* [[phpLDAPadmin]] is a web interface tool in the style of phpMyAdmin.<br />
* [[LDAP authentication]]<br />
* {{AUR|apachedirectorystudio}} from the [[Arch User Repository]] is an Eclipse-based LDAP viewer. Works perfect with OpenLDAP installations.</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Samba/Active_Directory_domain_controller&diff=466954Talk:Samba/Active Directory domain controller2017-01-27T19:49:00Z<p>StrayArch: missed step under section, note/reminder</p>
<hr />
<div>Under interactive provision explanations, the following step is missing. <br><br />
{{ic|DNS forwarder IP address (write 'none' to disable forwarding) [172.16.212.2]:}} <br><br />
Feel free to add. Otherwise, I should/will in the future. [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:48, 27 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenSMTPD&diff=465140OpenSMTPD2017-01-12T04:40:03Z<p>StrayArch: /* Create user accounts */ redacting recent edit for now</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Dovecot}}<br />
{{Related|Postfix}}<br />
{{Related|Exim}}<br />
{{Related articles end}}<br />
<br />
This article explains how to install and configure a simple [https://www.opensmtpd.org/ OpenSMTPD] server.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|opensmtpd}} from the [[official repositories]].<br />
<br />
== Configuration ==<br />
<br />
{{Pkg|opensmtpd}} is configured in {{ic|/etc/smtpd}}.<br />
<br />
=== Local mail ===<br />
<br />
To have local mail working, for example for [[cron]] mails, it is enough to simply [[start]] {{ic|smtpd.service}}.<br />
<br />
The default configuration of OpenSMTPD is to do local retrieval and delivery of mail, and also relay outgoing mail. See {{man|5|smtpd.conf|url=http://man.openbsd.org/smtpd.conf}}.<br />
<br />
==== Local-only ====<br />
<br />
To do local-only mail, the following is enough:<br />
<br />
{{hc|/etc/smtpd/smtpd.conf|<br />
listen on localhost<br />
accept for local alias <aliases> deliver to mbox<br />
}}<br />
<br />
=== Hybrid : local mail and relay ===<br />
<br />
These two lines in {{ic|/etc/smtpd/smtpd.conf}} :<br />
<br />
accept for local alias <aliases> deliver to mbox<br />
accept for any relay via "smtp://smtp.foo.bar" as "@foo.bar"<br />
<br />
configure OpenSMTPD to :<br />
<br />
* send local email ''locally'', without going through a relay (useful for cron & at mail notifications)<br />
<br />
* use a relay to send a mail outside of localhost<br />
<br />
Simply replace ''smtp.foo.bar'' by your ISP mail server, or another server at<br />
your convenience.<br />
<br />
=== Simple OpenSMTPD/mbox configuration ===<br />
<br />
==== Create encryption keys ====<br />
<br />
{{pkg|openssl}} provides TLS support and is installed by default on Arch installations.<br />
<br />
Create a private key and self-signed certificate. This is adequate for most installations that do not require a [[wikipedia:Certificate_signing_request|CSR]]:<br />
<br />
# mkdir -m 700 /etc/smtpd/tls; cd /etc/smtpd/tls<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout smtpd.key -out smtpd.crt -days 1095<br />
# chmod 400 smtpd.key; chmod 444 smtpd.crt<br />
<br />
==== Create user accounts ====<br />
<br />
* Create a user account on the mail server for each desired mailbox. <br />
<br />
# useradd -m -s /bin/bash roger<br />
# useradd -m -s /bin/bash shirley<br />
<br />
* OpenSMTPD will deliver messages to the user account's mbox file at {{ic|/var/spool/mail/''<username>''}} <br />
* Multiple SMTP email addresses can be routed to a given mbox if desired.<br />
<br />
==== Craft a simple smtpd.conf setup ====<br />
<br />
* A working configuration can be had in as little as nine lines!<br />
{{hc|/etc/smtpd/smtpd.conf|<br />
pki mx.domain.tld certificate "/etc/smtpd/tls/smtpd.crt"<br />
pki mx.domain.tld key "/etc/smtpd/tls/smtpd.key"<br />
<br />
table creds "/etc/smtpd/creds"<br />
table vdoms "/etc/smtpd/vdoms"<br />
table vusers "/etc/smtpd/vusers"<br />
<br />
listen on eth0 tls pki mx.domain.tld<br />
listen on eth0 port 587 tls-require pki mx.domain.tld auth <creds><br />
<br />
accept from any for domain <vdoms> virtual <vusers> deliver to mbox<br />
accept for any relay<br />
}}<br />
<br />
==== Create tables ====<br />
<br />
* For the domain table file; simply put one domain per line<br />
<br />
{{hc|/etc/smtpd/vdoms|<br />
personaldomain.org<br />
businessname.com<br />
}}<br />
<br />
* For the user table file; list one inbound SMTP email address per line and then map it to an mbox user account name, SMTP email address, or any combination of the two on the right, separated by commas.<br />
<br />
{{hc|/etc/smtpd/vusers|<br />
roger@personaldomain.org roger<br />
newsletters@personaldomain.org roger,roger.rulz@gmail.com<br />
<br />
roger@businessname.com roger<br />
shirley@businessname.com shirley<br />
info@businessname.com roger,shirley<br />
contact@businessname.com info@businessname.com<br />
}}<br />
<br />
* For the creds table file; put the user name in the 1st column and the password hash in the 2nd column<br />
<br />
{{hc|/etc/smtpd/creds|<br />
roger <password hash created using 'smtpctl encrypt' command><br />
shirley <password hash created using 'smtpctl encrypt' command><br />
}}<br />
<br />
=== Test the configuration ===<br />
<br />
# smtpd -n<br />
<br />
If you get a message that says 'configuration OK' - you're ready to [[systemd|rock and roll]]. If not, work on any configuration errors and try again.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Console debugging ===<br />
<br />
If you're having problems with mail delivery, try [[stop]]ping the {{ic|smtpd.service}} and launching the daemon manually with the 'do not daemonize' and 'verbose output' options. Then watch the console for errors.<br />
<br />
# smtpd -dv<br />
<br />
=== Subsystem tracing ===<br />
<br />
Add the {{ic|-T}} flag to get real-time subsystem tracing<br />
<br />
# smtpd -dv -T smtp<br />
<br />
Alternately, use the {{ic|smtpctl trace ''<subsystem>''}} command if the daemon is already running. The trace output will appear in the console output above as well as the journalctl output for the smtpd.service. For example:<br />
<br />
# smtpctl trace expand && smtpctl trace lookup<br />
<br />
...will trace both aliases/virtual/forward expansion and user/credentials lookups<br />
<br />
=== Manual Submission port authentication ===<br />
<br />
* Encode username and password in base64<br />
<br />
# printf 'username\0username\0password' | base64 <br />
<br />
* Connect to submission port using {{ic|openssl s_client}} command<br />
<br />
# openssl s_client -host mx.domain.tld -port 587 -starttls smtp<br />
<br />
* enter {{ic|ehlo myhostname}} followed by {{ic|AUTH PLAIN}}. Paste in the base64 string from step above after {{ic|334}} response.<br />
<br />
250 HELP<br />
ehlo test.domain.tld<br />
250-mx.hostname.tld Hello test.domain.tld [5.5.5.5], pleased to meet you<br />
250-8BITMIME<br />
250-ENHANCEDSTATUSCODES<br />
250-SIZE 36700160<br />
250-DSN<br />
250-AUTH PLAIN LOGIN<br />
250 HELP<br />
AUTH PLAIN<br />
334 <br />
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=<br />
235 2.0.0: Authentication succeeded<br />
<br />
=== "Helo command rejected: need fully-qualified hostname" ===<br />
<br />
When sending email, if you get this kind of messages, set your FQDN in the file {{ic|/etc/smtpd/mailname}}. Otherwise, the server name is derived from the local hostname returned by gethostname(3), either directly if it is a fully qualified domain name, or by retreiving the associated canonical name through getaddrinfo(3).<br />
<br />
=== Resources ===<br />
<br />
There are also several handy web sites that can help you test DNS records, deliverability, and encryption support<br />
* [http://mxtoolbox.com/ MXToolBox]<br />
* [http://ismyemailworking.com/ IsMyEmailWorking.com]<br />
* [http://www.mail-tester.com/ MailTester]<br />
* [https://checktls.com/ TLS tests and tools]<br />
* [https://starttls.info/ STARTTLS.info]<br />
* [https://pingability.com/zoneinfo.jsp Pingability Quick DNS Check]<br />
<br />
== See also==<br />
<br />
* OpenSMTPD pairs well with [[Dovecot]]. Combine the two for a nice minimalist mailserver<br />
* [http://opensmtpd.org/ OpenSMTPD project page]<br />
* [https://coderwall.com/p/eejzja Simple SMTP server with OpenSMTPD]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=OpenSMTPD&diff=465138OpenSMTPD2017-01-12T04:29:37Z<p>StrayArch: /* Create user accounts */ Added note to help clarify --- the error output from sendmail is misleading</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Dovecot}}<br />
{{Related|Postfix}}<br />
{{Related|Exim}}<br />
{{Related articles end}}<br />
<br />
This article explains how to install and configure a simple [https://www.opensmtpd.org/ OpenSMTPD] server.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|opensmtpd}} from the [[official repositories]].<br />
<br />
== Configuration ==<br />
<br />
{{Pkg|opensmtpd}} is configured in {{ic|/etc/smtpd}}.<br />
<br />
=== Local mail ===<br />
<br />
To have local mail working, for example for [[cron]] mails, it is enough to simply [[start]] {{ic|smtpd.service}}.<br />
<br />
The default configuration of OpenSMTPD is to do local retrieval and delivery of mail, and also relay outgoing mail. See {{man|5|smtpd.conf|url=http://man.openbsd.org/smtpd.conf}}.<br />
<br />
==== Local-only ====<br />
<br />
To do local-only mail, the following is enough:<br />
<br />
{{hc|/etc/smtpd/smtpd.conf|<br />
listen on localhost<br />
accept for local alias <aliases> deliver to mbox<br />
}}<br />
<br />
=== Hybrid : local mail and relay ===<br />
<br />
These two lines in {{ic|/etc/smtpd/smtpd.conf}} :<br />
<br />
accept for local alias <aliases> deliver to mbox<br />
accept for any relay via "smtp://smtp.foo.bar" as "@foo.bar"<br />
<br />
configure OpenSMTPD to :<br />
<br />
* send local email ''locally'', without going through a relay (useful for cron & at mail notifications)<br />
<br />
* use a relay to send a mail outside of localhost<br />
<br />
Simply replace ''smtp.foo.bar'' by your ISP mail server, or another server at<br />
your convenience.<br />
<br />
=== Simple OpenSMTPD/mbox configuration ===<br />
<br />
==== Create encryption keys ====<br />
<br />
{{pkg|openssl}} provides TLS support and is installed by default on Arch installations.<br />
<br />
Create a private key and self-signed certificate. This is adequate for most installations that do not require a [[wikipedia:Certificate_signing_request|CSR]]:<br />
<br />
# mkdir -m 700 /etc/smtpd/tls; cd /etc/smtpd/tls<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout smtpd.key -out smtpd.crt -days 1095<br />
# chmod 400 smtpd.key; chmod 444 smtpd.crt<br />
<br />
==== Create user accounts ====<br />
<br />
* Create a user account on the mail server for each desired mailbox. <br />
<br />
# useradd -m -s /bin/bash roger<br />
# useradd -m -s /bin/bash shirley<br />
<br />
* OpenSMTPD will deliver messages to the user account's mbox file at {{ic|/var/spool/mail/''<username>''}} <br />
* Multiple SMTP email addresses can be routed to a given mbox if desired.<br />
{{Note|If the error {{ic|cannot create temporary file /var/spool/smtpd/offline/1484194820.XXXXFdUZ9o: Permission denied}} is received, then create the directory {{ic|/var/spool/mail/''<username>''}}.}}<br />
<br />
==== Craft a simple smtpd.conf setup ====<br />
<br />
* A working configuration can be had in as little as nine lines!<br />
{{hc|/etc/smtpd/smtpd.conf|<br />
pki mx.domain.tld certificate "/etc/smtpd/tls/smtpd.crt"<br />
pki mx.domain.tld key "/etc/smtpd/tls/smtpd.key"<br />
<br />
table creds "/etc/smtpd/creds"<br />
table vdoms "/etc/smtpd/vdoms"<br />
table vusers "/etc/smtpd/vusers"<br />
<br />
listen on eth0 tls pki mx.domain.tld<br />
listen on eth0 port 587 tls-require pki mx.domain.tld auth <creds><br />
<br />
accept from any for domain <vdoms> virtual <vusers> deliver to mbox<br />
accept for any relay<br />
}}<br />
<br />
==== Create tables ====<br />
<br />
* For the domain table file; simply put one domain per line<br />
<br />
{{hc|/etc/smtpd/vdoms|<br />
personaldomain.org<br />
businessname.com<br />
}}<br />
<br />
* For the user table file; list one inbound SMTP email address per line and then map it to an mbox user account name, SMTP email address, or any combination of the two on the right, separated by commas.<br />
<br />
{{hc|/etc/smtpd/vusers|<br />
roger@personaldomain.org roger<br />
newsletters@personaldomain.org roger,roger.rulz@gmail.com<br />
<br />
roger@businessname.com roger<br />
shirley@businessname.com shirley<br />
info@businessname.com roger,shirley<br />
contact@businessname.com info@businessname.com<br />
}}<br />
<br />
* For the creds table file; put the user name in the 1st column and the password hash in the 2nd column<br />
<br />
{{hc|/etc/smtpd/creds|<br />
roger <password hash created using 'smtpctl encrypt' command><br />
shirley <password hash created using 'smtpctl encrypt' command><br />
}}<br />
<br />
=== Test the configuration ===<br />
<br />
# smtpd -n<br />
<br />
If you get a message that says 'configuration OK' - you're ready to [[systemd|rock and roll]]. If not, work on any configuration errors and try again.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Console debugging ===<br />
<br />
If you're having problems with mail delivery, try [[stop]]ping the {{ic|smtpd.service}} and launching the daemon manually with the 'do not daemonize' and 'verbose output' options. Then watch the console for errors.<br />
<br />
# smtpd -dv<br />
<br />
=== Subsystem tracing ===<br />
<br />
Add the {{ic|-T}} flag to get real-time subsystem tracing<br />
<br />
# smtpd -dv -T smtp<br />
<br />
Alternately, use the {{ic|smtpctl trace ''<subsystem>''}} command if the daemon is already running. The trace output will appear in the console output above as well as the journalctl output for the smtpd.service. For example:<br />
<br />
# smtpctl trace expand && smtpctl trace lookup<br />
<br />
...will trace both aliases/virtual/forward expansion and user/credentials lookups<br />
<br />
=== Manual Submission port authentication ===<br />
<br />
* Encode username and password in base64<br />
<br />
# printf 'username\0username\0password' | base64 <br />
<br />
* Connect to submission port using {{ic|openssl s_client}} command<br />
<br />
# openssl s_client -host mx.domain.tld -port 587 -starttls smtp<br />
<br />
* enter {{ic|ehlo myhostname}} followed by {{ic|AUTH PLAIN}}. Paste in the base64 string from step above after {{ic|334}} response.<br />
<br />
250 HELP<br />
ehlo test.domain.tld<br />
250-mx.hostname.tld Hello test.domain.tld [5.5.5.5], pleased to meet you<br />
250-8BITMIME<br />
250-ENHANCEDSTATUSCODES<br />
250-SIZE 36700160<br />
250-DSN<br />
250-AUTH PLAIN LOGIN<br />
250 HELP<br />
AUTH PLAIN<br />
334 <br />
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=<br />
235 2.0.0: Authentication succeeded<br />
<br />
=== "Helo command rejected: need fully-qualified hostname" ===<br />
<br />
When sending email, if you get this kind of messages, set your FQDN in the file {{ic|/etc/smtpd/mailname}}. Otherwise, the server name is derived from the local hostname returned by gethostname(3), either directly if it is a fully qualified domain name, or by retreiving the associated canonical name through getaddrinfo(3).<br />
<br />
=== Resources ===<br />
<br />
There are also several handy web sites that can help you test DNS records, deliverability, and encryption support<br />
* [http://mxtoolbox.com/ MXToolBox]<br />
* [http://ismyemailworking.com/ IsMyEmailWorking.com]<br />
* [http://www.mail-tester.com/ MailTester]<br />
* [https://checktls.com/ TLS tests and tools]<br />
* [https://starttls.info/ STARTTLS.info]<br />
* [https://pingability.com/zoneinfo.jsp Pingability Quick DNS Check]<br />
<br />
== See also==<br />
<br />
* OpenSMTPD pairs well with [[Dovecot]]. Combine the two for a nice minimalist mailserver<br />
* [http://opensmtpd.org/ OpenSMTPD project page]<br />
* [https://coderwall.com/p/eejzja Simple SMTP server with OpenSMTPD]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Postfix&diff=465135Postfix2017-01-12T02:14:28Z<p>StrayArch: /* master.cf */ grammar</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:Postfix]]<br />
{{Related articles start}}<br />
{{Related|Postfix with SASL}}<br />
{{Related|Amavis}}<br />
{{Related|Virtual user mail system}}<br />
{{Related|Courier MTA}}<br />
{{Related|Exim}}<br />
{{Related|OpenSMTPD}}<br />
{{Related|OpenDMARC}}<br />
{{Related|OpenDKIM}}<br />
{{Related|SOGo}}<br />
{{Related articles end}}<br />
From [http://www.postfix.org/ Postfix's site]:<br />
:Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.<br />
<br />
The goal of this article is to setup Postfix and explain what the basic configuration files do. There are instructions for setting up local system user-only delivery and a link to a guide for virtual user delivery. <br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|postfix}} package.<br />
<br />
== Configuration ==<br />
<br />
=== master.cf ===<br />
<br />
{{ic|/etc/postfix/master.cf}} is the master configuration file where you can specify which protocols will be served. It is also the place where you can put your new pipes e.g. to check for Spam!<br />
<br />
It is recommended to enable secure SMTP as described in [[#Secure SMTP (sending)]] and [[#Secure SMTP (receiving)]].<br />
<br />
See [http://www.postfix.org/TLS_README.html this page] for more information about encrypting outgoing and incoming email.<br />
<br />
=== main.cf ===<br />
<br />
{{Style|Needs some cleanup}}<br />
<br />
{{ic|/etc/postfix/main.cf}} is the main configuration file where everything is configured. The settings below are recommended for virtual local-only delivery.<br />
<br />
*{{ic|myhostname}} should be set if your mail server has multiple domains, and you do not want the primary domain to be the mail host. You should have both a DNS A record and an MX record point to this hostname.<br />
:{{bc|1=myhostname = mail.nospam.net}}<br />
<br />
*{{ic|mydomain}} is usually the value of {{ic|myhostname}}, minus the first part. If your domain is wonky, then just set it manually.<br />
:{{bc|1=mydomain = nospam.net}}<br />
<br />
*{{ic|myorigin}} is where the email will be seen as being sent from. I usually set this to the value of {{ic|mydomain}}. For simple servers, this works fine. This is for mail originating from a local account. Since we are not doing local delivery (except sending), then this is not really as important as it normally would be. <br />
:{{bc|1=myorigin = $mydomain}}<br />
<br />
*{{ic|mydestination}} is the lookup for local users.<br />
:{{bc|1=mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain}}<br />
<br />
*{{ic|mynetworks}} and {{ic|mynetworks_style}} control relaying, and whom is allowed to. We do not want any relaying.<br />
:For our sakes, we will simply set {{ic|mynetwork_style}} to host, as we are trying to make a standalone Postfix host, that people will use webmail on. No relaying, no other MTA's. Just webmail.<br />
:{{bc|1=mynetworks_style = host}}<br />
<br />
*{{ic|relaydomains}} controls the destinations that Postfix will relay TO. The default value is empty. This should be fine for now.<br />
:{{bc|1=relay_domains = }}<br />
<br />
*{{ic|home_mailbox}} or {{ic|mail_spool_directory}} control how mail is delivered/stored for the users.<br />
:If set, {{ic|mail_spool_directory}} specifies an absolute path where mail gets delivered. By default Postfix stores mails in {{ic|/var/spool/mail}}. <br />
<br />
:{{bc|1=mail_spool_directory = /home/vmailer}}<br />
<br />
:Alternatively, if set, {{ic|home_mailbox}} specifies a mailbox relative to the user's home directory where mail gets delivered (eg: /home/vmailer).<br />
<br />
:Courier-IMAP requires "Maildir" format, so you '''must''' set it like the following example with trailing slash:<br />
:{{bc|1=home_mailbox = Maildir/}}<br />
<br />
{{Warning|If you plan on implementing SSL/TLS, please respond safely to [https://weakdh.org/sysadmin.html FREAK/Logjam] by adding the following to your configuration:<br />
{{bc|1=<br />
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA}}<br />
<br />
Then, generate a [https://www.openssl.org/docs/apps/dhparam.html dhparam file] by following [https://weakdh.org/sysadmin.html these instructions] and then adding the following to your configuration:<br />
{{bc|1=smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem}}<br />
<br />
Since mid-2015, the default settings have been safe against [http://disablessl3.com/ POODLE].<br />
}}<br />
<br />
==== Default message and mailbox size limits ====<br />
<br />
Postfix imposes both message and mailbox size limits by default. The message_size_limit controls the maximum size in bytes of a message, including envelope information. (default 10240000) The mailbox_size_limit controls the maximum size of any local individual mailbox or maildir file. This limits the size of '''any''' file that is written to upon local delivery, '''including files written by external commands''' (i.e. procmail) that are executed by the local delivery agent. (default is 51200000, set to 0 for no limit) If bounced message notifications are generated, check the size of the local mailbox under {{ic|/var/spool/mail}} and use postconf to check these size limits:<br />
<br />
# postconf mailbox_size_limit<br />
mailbox_size_limit = 51200000<br />
# postconf message_size_limit<br />
message_size_limit = 10240000<br />
<br />
=== Aliases ===<br />
<br />
You can specify aliases (also known as forwarders) in {{ic|/etc/postfix/aliases}}.<br />
<br />
You need to map all mail addressed to ''root'' to another account since it is not a good idea to read mail as root. <br />
<br />
Uncomment the following line, and change {{ic|you}} to a real account.<br />
root: you<br />
<br />
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:<br />
postalias /etc/postfix/aliases<br />
For later changes you can use:<br />
newaliases<br />
<br />
{{Tip|Alternatively you can create the file {{ic|~/.forward}}, e.g. {{ic|/root/.forward}} for root. Specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.<br />
<br />
{{hc|/root/.forward|<br />
user@localhost<br />
}}<br />
<br />
}}<br />
<br />
=== Local mail ===<br />
<br />
To only deliver mail to local system users (that are in {{ic|/etc/passwd}}) update {{ic|/etc/postfix/main.cf}} to reflect the following configuration. Uncomment, change, or add the following lines:<br />
<br />
myhostname = localhost<br />
mydomain = localdomain<br />
mydestination = $myhostname, localhost.$mydomain, localhost<br />
inet_interfaces = $myhostname, localhost<br />
mynetworks_style = host<br />
default_transport = error: outside mail is not deliverable<br />
<br />
All other settings may remain unchanged. After setting up the above configuration file, you may wish to set up some [[#Aliases]] and then [[#Start Postfix]].<br />
<br />
=== Virtual mail ===<br />
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}).<br />
<br />
See [[Virtual user mail system]] for a comprehensive guide how to set it up.<br />
<br />
=== DNS records ===<br />
<br />
An MX record should point to the mail host. Usually this is done from configuration interface of your domain provider.<br />
<br />
A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain. <br />
<br />
When an e-mail message is sent through the Internet, the sending mail transfer agent queries the Domain Name System for MX records of each recipient's domain name. This query returns a list of host names of mail exchange servers accepting incoming mail for that domain and their preferences. The sending agent then attempts to establish an SMTP connection to one of these servers, starting with the one with the smallest preference number, delivering the message to the first server with which a connection can be made. <br />
<br />
{{Note|Some mail servers will not deliver mail to you if your MX record points to a CNAME. For best results, always point an MX record to an A record definition. For more information, see e.g. [[Wikipedia:List of DNS record types|Wikipedia's List of DNS Record Types]].}}<br />
<br />
=== Check configuration ===<br />
<br />
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file. <br />
<br />
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.<br />
<br />
== Start Postfix ==<br />
<br />
{{Note|You must run {{ic|newaliases}} at least once for postfix to run, even if you did not set up any [[#Aliases]].}}<br />
<br />
[[Start/enable]] the {{ic|postfix.service}}.<br />
<br />
== Testing ==<br />
<br />
{{Style|Needs some cleanup. There are probably more general ways to write this.}}<br />
<br />
Now lets see if Postfix is going to deliver mail for our test user.<br />
{{bc|<br />
nc servername 25<br />
helo testmail.org<br />
mail from:<test@testmail.org><br />
rcpt to:<cactus@virtualdomain.tld><br />
data<br />
This is a test email.<br />
.<br />
quit<br />
}}<br />
<br />
=== Error response ===<br />
<br />
451 4.3.0 <lisi@test.com>:Temporary lookup failure<br />
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.<br />
<br />
This error will also occur if you neglect to run newaliases at least once before starting postfix. MySQL is not required for local only usage of postfix.<br />
<br />
550 5.1.1 <email@spam.me>: Recipient address rejected: User unknown in virtual mailbox table.<br />
Double check content of mysql_virtual_mailboxes.cf and check the main.cf for mydestination<br />
<br />
=== See that you have received a email ===<br />
<br />
Now type {{ic|$ find /home/vmailer}}.<br />
<br />
You should see something like the following:<br />
{{bc|<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org<br />
}}<br />
The key is the last entry. This is an actual email, if you see that, it is working.<br />
<br />
== Extra ==<br />
<br />
=== PostfixAdmin ===<br />
<br />
To use PostfixAdmin, you need a working Apache/MySQL/PHP setup as described in [[Apache HTTP Server]].<br />
<br />
For IMAP functionality, you will need to install {{Pkg|php-imap}} and uncomment imap.so in /etc/php/php.ini<br />
<br />
Next, [[install]] {{Pkg|postfixadmin}}.<br />
<br />
{{Style|in-code comments}}<br />
<br />
Edit the PostfixAdmin configuration file:<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['configured'] = true;<br />
// correspond to dovecot maildir path /home/vmail/%d/%u <br />
$CONF['domain_path'] = 'YES';<br />
$CONF['domain_in_mailbox'] = 'NO';<br />
$CONF['database_type'] = 'mysql';<br />
$CONF['database_host'] = 'localhost';<br />
$CONF['database_user'] = 'postfix_user';<br />
$CONF['database_password'] = 'hunter2';<br />
$CONF['database_name'] = 'postfix_db';<br />
<br />
// globally change all instances of ''change-this-to-your.domain.tld'' <br />
// to an appropriate value<br />
</nowiki>}}<br />
<br />
If installing dovecot and you changed the password scheme in dovecot (to SHA512-CRYPT for example), reflect that with postfix<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';<br />
</nowiki>}}<br />
<br />
As of dovecot 2, dovecotpw has been deprecated. You will also want to ensure that your config reflects the new binary name.<br />
<br />
{{hc|/etc/webapps/postfixadmin/config.inc.php|<nowiki><br />
$CONF['dovecotpw'] = "/usr/sbin/doveadm pw";<br />
</nowiki>}}<br />
<br />
Create the Apache configuration file:<br />
{{hc|/etc/httpd/conf/extra/httpd-postfixadmin.conf|<nowiki><br />
Alias /postfixadmin "/usr/share/webapps/postfixAdmin"<br />
<Directory "/usr/share/webapps/postfixAdmin"><br />
DirectoryIndex index.html index.php<br />
AllowOverride All<br />
Options FollowSymlinks<br />
Require all granted<br />
</Directory><br />
</nowiki>}}<br />
<br />
To only allow localhost access to postfixadmin (for heightened security), add this to the previous <Directory> directive:<br />
Order Deny,Allow<br />
Deny from all<br />
Allow from 127.0.0.1<br />
<br />
Now, include httpd-postfixadmin.conf to {{ic|/etc/httpd/conf/httpd.conf}}:<br />
# PostfixAdmin configuration<br />
Include conf/extra/httpd-postfixadmin.conf<br />
<br />
{{Note|If you go to yourdomain/postfixadmin/setup.php and it says do not find config.inc.php, add {{ic|/etc/webapps/postfixadmin}} to the {{ic|open_basedir}} line in {{ic|/etc/php/php.ini}}.}}<br />
{{Note|If you get a blank page check the syntax of the file with {{ic|php -l /etc/webapps/postfixadmin/config.inc.php}}.}}<br />
<br />
=== Secure SMTP (sending) ===<br />
<br />
By default, Postfix/sendmail will not send email encrypted to other SMTP servers. To use TLS when available, add the following line to {{ic|main.cf}}:<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtp_tls_security_level = may<br />
}}<br />
<br />
To ''enforce'' TLS (and fail when the remote server does not support it), change {{ic|may}} to {{ic|encrypt}}.<br />
<br />
=== Secure SMTP (receiving) ===<br />
For more information, see [http://www.postfix.org/TLS_README.html Postfix TLS Support].<br />
<br />
==== STARTTLS over SMTP (port 587) ====<br />
<br />
To enable STARTTLS over SMTP (port 587, the proper way of securing SMTP), add the following lines to {{ic|main.cf}}<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_tls_security_level = may<br />
smtpd_tls_cert_file = '''/path/to/cert.pem'''<br />
smtpd_tls_key_file = '''/path/to/key.pem'''<br />
}}<br />
<br />
Also in {{ic|master.cf}} find and remove the comment from the following line to enable the service on that port:<br />
<br />
{{hc|/etc/postfix/master.cf|2=<br />
submission inet n - n - - smtpd<br />
}}<br />
<br />
If you need support for the deprecated SMTPS port 465, read the next section.<br />
<br />
==== SMTPS (port 465) ====<br />
<br />
The deprecated method of securing SMTP is using the '''wrapper mode''' which uses the system service '''smtps''' as a non-standard service and runs on port 465.<br />
<br />
To enable it uncomment the following lines in<br />
<br />
{{hc|/etc/postfix/master.cf|<nowiki><br />
smtps inet n - n - - smtpd<br />
-o smtpd_tls_wrappermode=yes<br />
-o smtpd_sasl_auth_enable=yes<br />
</nowiki>}}<br />
<br />
And verify that these lines are in {{ic|/etc/services}}:<br />
smtps 465/tcp # Secure SMTP<br />
smtps 465/udp # Secure SMTP<br />
<br />
If they are not there, go ahead and add them (replace the other listing for port 465). Otherwise Postfix will not start and you will get the following error:<br />
<br />
''postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype''<br />
<br />
=== SpamAssassin ===<br />
<br />
Install the {{Pkg|spamassassin}} package.<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
==== Spam Assassin rule update ====<br />
<br />
Update the SpamAssassin matching patterns and compile them:<br />
# sa-update<br />
# sa-compile<br />
<br />
You will want to run this periodically, the best way to do so is by setting up a [[Systemd/Timers]].<br />
<br />
Create the following service, which will run these commands:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.service|2=<br />
[Unit]<br />
Description=spamassassin housekeeping stuff<br />
<br />
[Service]<br />
User=spamd<br />
Group=spamd<br />
Type=oneshot<br />
ExecStart=-/usr/bin/vendor_perl/sa-update --allowplugins #You can remove the allowplugins options if you do not want direct plugin updates from SA.<br />
ExecStart=-/usr/bin/vendor_perl/sa-compile<br />
# You can automatically train SA's bayes filter by uncommenting this line and specifying the path to a mailbox where you store email that is spam (for ex this could be yours or your users manually reported spam)<br />
#ExecStart=-/usr/bin/vendor_perl/sa-learn --spam <path to your spam><br />
}}<br />
<br />
Then create the timer, which will execute the previous service daily:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.timer|2=<br />
[Unit]<br />
Description=spamassassin house keeping<br />
<br />
[Timer]<br />
OnCalendar=daily<br />
Persistent=true<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
Finally, you'll need to modify your Spamassassin systemd service file so that it knows to restart itself to read the new rules. Copy the bundled service file to a custom service file:<br />
{{bc|1=<br />
# cp /usr/lib/systemd/system/spamassassin.service /etc/systemd/system<br />
}}<br />
<br />
And edit the newly created {{ic|/etc/systemd/system/spamassassin.service}} to include:<br />
{{bc|1=<br />
[Unit]<br />
PartOf=spamassassin-update.service<br />
}}<br />
<br />
This will ensure that Spamassassin's spamd is restarted just before the timer runs. This means the rules will be available the next day if your timer runs daily. This is so that there is no long service interruption while {{ic|sa.service}} runs as it takes a while to compile rules.<br />
<br />
Now you can [[start]] and [[enable]] {{ic|spamassassin-update.service}}.<br />
<br />
==== SpamAssassin stand-alone generic setup ====<br />
<br />
{{Note|If you want to combine SpamAssassin and Dovecot Mail Filtering, ignore the next two lines and continue further down instead.}}<br />
<br />
Edit {{ic|/etc/postfix/master.cf}} and add the content filter under smtp.<br />
{{bc|1=<br />
smtp inet n - n - - smtpd<br />
-o content_filter=spamassassin<br />
}}<br />
<br />
Also add the following service entry for SpamAssassin<br />
{{bc|1=<br />
spamassassin unix - n n - - pipe<br />
flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f ${sender} ${recipient}<br />
}}<br />
<br />
Now you can [[start]] {{ic|spamassassin.service}}.<br />
<br />
==== SpamAssassin combined with Dovecot LDA / Sieve (Mailfiltering) ====<br />
Set up LDA and the Sieve-Plugin as described in [[Dovecot#Sieve]]. But ignore the last line {{ic|mailbox_command... }}.<br />
<br />
Instead add a pipe in {{ic|/etc/postfix/master.cf}}:<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}<br />
<br />
And activate it in {{ic|/etc/postfix/main.cf}}:<br />
virtual_transport = dovecot<br />
<br />
==== SpamAssassin combined with Dovecot LMTP / Sieve ====<br />
Set up the LMTP and Sieve as described in [[Dovecot#Sieve]].<br />
<br />
Edit {{ic|/etc/dovecot/conf.d/90-plugins.conf}} and add:<br />
<br />
sieve_before = /etc/dovecot/sieve.before.d/<br />
sieve_extensions = +vnd.dovecot.filter<br />
sieve_plugins = sieve_extprograms<br />
sieve_filter_bin_dir = /etc/dovecot/sieve-filter<br />
sieve_filter_exec_timeout = 120s #this is often needed for the long running spamassassin scans, default is otherwise 10s<br />
<br />
Create the directory and put spamassassin in as a binary that can be ran by dovecot:<br />
<br />
# mkdir /etc/dovecot/sieve-filter<br />
# ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc<br />
<br />
Create a new file, {{ic|/etc/dovecot/sieve.before.d/spamassassin.sieve}} which contains:<br />
<br />
require [ "vnd.dovecot.filter" ];<br />
filter "spamc" [ "-d", "127.0.0.1", "--no-safe-fallback" ];<br />
<br />
Compile the sieve rules {{ic|spamassassin.svbin}}:<br />
<br />
# cd /etc/dovecot/sieve.before.d<br />
# sievec spamassassin.sieve<br />
<br />
Finally, [[restart]] {{ic|dovecot.service}}.<br />
<br />
==== Call ClamAV from SpamAssassin ====<br />
<br />
Install and setup clamd as described in [[ClamAV]].<br />
<br />
Follow one of the above instructions to call SpamAssassin from within your mail system.<br />
<br />
[[Install]] the {{pkg|perl-cpanplus-dist-arch}} package. Then install the ClamAV perl library as follows:<br />
<br />
# /usr/bin/vendor_perl/cpanp -i File::Scan::ClamAV<br />
<br />
Add the 2 files from http://wiki.apache.org/spamassassin/ClamAVPlugin into {{ic|/etc/mail/spamassassin/}}.<br />
Edit {{ic|/etc/mail/spamassassin/clamav.pm}} and update {{ic|$CLAM_SOCK}} to point to your Clamd socket location (default is {{ic|/var/lib/clamav/clamd.sock}}).<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
=== Using Razor ===<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
Tell SpamAssassin about Razor, add<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
to {{ic|/etc/mail/spamassassin/local.cf}}.<br />
<br />
Tell Razor about itself, add<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
===Hide the sender's IP and user agent in the Received header===<br />
This is a privacy concern mostly, if you use Thunderbird and send an email. The received header will contain your LAN and WAN IP and info about the email client you used.<br />
(Original source: [http://askubuntu.com/questions/78163/when-sending-email-with-postfix-how-can-i-hide-the-senders-ip-and-username-in AskUbuntu])<br />
What we want to do is remove the Received header from outgoing emails. This can be done by the following steps:<br />
<br />
Add this line to main.cf<br />
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks<br />
Create /etc/postfix/smtp_header_checks with this content:<br />
/^Received: .*/ IGNORE<br />
/^User-Agent: .*/ IGNORE<br />
Finally, restart postfix.service<br />
<br />
=== Postfix in a chroot jail ===<br />
Postfix is not put in a chroot jail by default. The Postfix documentation [http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup] provides details about how to accomplish such a jail. The steps are outlined below and are based on the chroot-setup script provided in the postfix source code.<br />
<br />
First, go into the {{ic|master.cf}} file in the directory {{ic|/etc/postfix}} and change all the chroot entries to 'yes' (y) except for the services {{ic|qmgr}}, {{ic|proxymap}}, {{ic|proxywrite}}, {{ic|local}}, and {{ic|virtual}}<br />
<br />
Second, create two functions that will help us later with copying files over into the chroot jail (see last step)<br />
CP="cp -p"<br />
<br />
cond_copy() {<br />
# find files as per pattern in $1<br />
# if any, copy to directory $2<br />
dir=`dirname "$1"`<br />
pat=`basename "$1"`<br />
lr=`find "$dir" -maxdepth 1 -name "$pat"`<br />
if test ! -d "$2" ; then exit 1 ; fi<br />
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi<br />
}<br />
<br />
Next, make the new directories for the jail:<br />
set -e<br />
umask 022<br />
<br />
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}<br />
cd ${POSTFIX_DIR}<br />
<br />
mkdir -p etc lib usr/lib/zoneinfo<br />
test -d /lib64 && mkdir -p lib64<br />
<br />
Find the localtime file<br />
lt=/etc/localtime<br />
if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi<br />
rm -f etc/localtime<br />
<br />
Copy localtime and some other system files into the chroot's etc<br />
$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc<br />
$CP -f /etc/host.conf /etc/hosts /etc/passwd etc<br />
ln -s -f /etc/localtime usr/lib/zoneinfo<br />
<br />
Copy required libraries into the chroot using the previously created function {{ic|cond_copy}}<br />
cond_copy '/usr/lib/libnss_*.so*' lib<br />
cond_copy '/usr/lib/libresolv.so*' lib<br />
cond_copy '/usr/lib/libdb.so*' lib<br />
<br />
And don't forget to reload postfix.<br />
<br />
===Rule-based mail processing===<br />
With policy services one can easily finetune postfix' behaviour of mail delivery.<br />
{{Pkg|postfwd}} and <span class="plainlinks archwiki-template-pkg">[https://aur.archlinux.org/pkgbase/policyd policyd]</span><sup><small>AUR</small></sup> provide services to do so.<br />
This allows you to e.g. implement time-aware grey- and blacklisting of senders and receivers as well as [[SPF]] policy checking.<br />
<br />
Policy services are standalone services and connected to Postfix like this:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_recipient_restrictions =<br />
...<br />
check_policy_service unix:/run/policyd.sock<br />
check_policy_service inet:127.0.0.1:10040<br />
</nowiki>}}<br />
Placing policy services at the end of the queue reduces load, as only legitimate mails are processed. Be sure to place it before the first permit statement to catch all incoming messages.<br />
<br />
=== DANE (DNSSEC) ===<br />
==== Resource Record ====<br />
<br />
{{warning|This is not a trivial section. Be aware that you make sure you know what you are doing. You better read [https://dane.sys4.de/common_mistakes Common Mistakes] before.}}<br />
<br />
DANE supports several types of records, however not all of them are suitable in postfix.<br />
<br />
Certificate usage 0 is unsupported, 1 is mapped to 3 and 2 is optional, thus it is recommendet to publish a "3" record.<br />
More on [[DANE#Resource Record|Resource Records]].<br />
<br />
==== Configuration ====<br />
Opportunistic DANE is configured this way:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_use_tls = yes<br />
smtp_dns_support_level = dnssec<br />
smtp_tls_security_level = dane<br />
</nowiki>}}<br />
{{hc|/etc/postfix/master.cf|<nowiki><br />
dane unix - - n - - smtp<br />
-o smtp_dns_support_level=dnssec<br />
-o smtp_tls_security_level=dane<br />
</nowiki>}}<br />
<br />
To use per-domain policies, e.g. opportunistic DANE for example.org and mandatory DANE for example.com,<br />
use something like this:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
indexed = ${default_database_type}:${config_directory}/<br />
<br />
# Per-destination TLS policy<br />
#<br />
smtp_tls_policy_maps = ${indexed}tls_policy<br />
<br />
# default_transport = smtp, but some destinations are special:<br />
#<br />
transport_maps = ${indexed}transport<br />
</nowiki>}}<br />
<br />
{{hc|transport|<br />
example.com dane<br />
example.org dane<br />
}}<br />
<br />
{{hc|tls_policy|<br />
example.com dane-only<br />
}}<br />
<br />
{{Note|For global mandatory DANE, change {{ic|smtp_tls_security_level}} to {{ic|dane-only}}. Be aware that this makes postfix tempfail on all delivieres that do not use DANE at all!}}<br />
<br />
Full documentation is found [http://www.postfix.org/TLS_README.html#client_tls_dane here].<br />
<br />
== See also ==<br />
<br />
* [http://linox.be/index.php/2005/07/13/44/ Out of Office] for Squirrelmail<br />
* [https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]<br />
* [http://sherlock.heroku.com/blog/2012/02/03/setting-up-postfix-to-use-gmail-as-an-smtp-relay-host-in-archlinux/ Use Gmail as an SMTP relay]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Unofficial_user_repositories&diff=461626Unofficial user repositories2017-01-05T20:43:36Z<p>StrayArch: /* archstrike */ Change pacman entry to `Server` to better follow setup. also added note</p>
<hr />
<div>[[Category:Package management]]<br />
[[ja:非公式ユーザーリポジトリ]]<br />
[[zh-CN:Unofficial user repositories]]<br />
{{Related articles start}}<br />
{{Related|pacman-key}}<br />
{{Related|Official repositories}}<br />
{{Related articles end}}<br />
This article lists binary repositories freely created and shared by the community, often providing pre-built versions of PKGBUILDS found in the [[AUR]].<br />
<br />
{{Warning|Neither the official Arch Linux Developers nor the Trusted Users perform tests of any sort to verify the contents of these repositories; it is up to each user to decide whether to trust their maintainers, and take full responsibility for whatever their decision brings.}}<br />
<br />
In order to use these repositories, you will have to add them to {{ic|/etc/pacman.conf}}, as explained in [[pacman#Repositories and mirrors]]. If a repository is signed, you will have to obtain and locally sign the associated key, as explained in [[Pacman-key#Adding unofficial keys]].<br />
<br />
If you want to create your own custom repository, follow [[pacman tips#Custom local repository]].<br />
<br />
{{Tip|To get a list of all servers listed in this page: {{bc|<nowiki>curl -s 'https://wiki.archlinux.org/index.php/Unofficial_user_repositories' | awk '/^Server =/ { print $3 }' </nowiki>}}<br />
}}<br />
<br />
== Adding your repository to this page ==<br />
<br />
If you have your own repository, please add it to this page, so that all the other users will know where to find your packages. Please keep the following rules when adding new repositories:<br />
<br />
* Keep the lists in alphabetical order.<br />
* Include some information about the maintainer: include at least a (nick)name and some form of contact information (web site, email address, user page on ArchWiki or the forums, etc.).<br />
* If the repository is of the ''signed'' variety, please include a key-id, possibly using it as the anchor for a link to its keyserver; if the key is not on a keyserver, include a link to the key file.<br />
* Include some short description (e.g. the category of packages provided in the repository).<br />
* If there is a page (either on ArchWiki or external) containing more information about the repository, include a link to it.<br />
* If possible, avoid using comments in code blocks. The formatted description is much more readable. Users who want some comments in their {{ic|pacman.conf}} can easily create it on their own.<br />
<br />
== Any ==<br />
<br />
"Any" repositories are architecture-independent. In other words, they can be used on both i686 and x86_64 systems.<br />
<br />
=== Signed ===<br />
<br />
==== archstrike ====<br />
<br />
* '''Maintainer:''' [https://archstrike.org/team The ArchStrike Team]<br />
* '''Description:''' A repository for security professionals and enthusiasts<br />
* '''Upstream page:''' https://archstrike.org/<br />
* '''Key-ID:''' 9D5F1C051D146843CDA4858BDE64825E7CBC0D51<br />
<br />
{{Note|ArchStrike specific instructions can be found at https://archstrike.org/wiki/setup}}<br />
<br />
{{bc|<nowiki><br />
[archstrike]<br />
Server = https://mirror.archstrike.org/$arch/$repo<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-fonts ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle-fonts repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-fonts]<br />
Server = http://bohoomil.com/repo/fonts<br />
</nowiki>}}<br />
<br />
==== ivasilev ====<br />
<br />
* '''Maintainer:''' [http://ivasilev.net Ianis G. Vasilev]<br />
* '''Description:''' A variety of packages, mostly my own software and AUR builds.<br />
* '''Upstream page:''' http://ivasilev.net/pacman<br />
* '''Key-ID:''' 436BB513<br />
<br />
{{Note|I mantain 'any', 'i686' and 'x86_64' repos. Each of them includes packages from 'any'. $arch can be replaced with any of the three}}<br />
<br />
{{bc|<nowiki><br />
[ivasilev]<br />
Server = http://ivasilev.net/pacman/any<br />
# Server = http://ivasilev.net/pacman/$arch<br />
</nowiki>}}<br />
<br />
==== pkgbuilder ====<br />
<br />
* '''Maintainer:''' [https://chriswarrick.com/ Chris Warrick]<br />
* '''Description:''' A repository for PKGBUILDer, a Python AUR helper.<br />
* '''Upstream page:''' https://github.com/Kwpolska/pkgbuilder<br />
* '''Key-ID:''' 5EAAEA16<br />
<br />
{{bc|<nowiki><br />
[pkgbuilder]<br />
Server = https://pkgbuilder-repo.chriswarrick.com/<br />
</nowiki>}}<br />
<br />
==== xyne-any ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for "any" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{Note|Use this repository only if there is no matching {{ic|[xyne-*]}} repository for your architecture.}}<br />
<br />
{{bc|<nowiki><br />
[xyne-any]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
==== youtube-dl ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=94876 Case_Of]<br />
* '''Description:''' A repository for latest release of youtube-dl package.<br />
* '''Key-ID:''' [https://youtube-dl.tk/youtube-dl-pgp.key 9F213FB2]<br />
<br />
{{Note|Install the package with {{ic|pacman -S youtube-dl/youtube-dl}}.}}<br />
{{bc|<nowiki><br />
[youtube-dl]<br />
Server = https://youtube-dl.tk<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== archlinuxgr-any ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' The Hellenic (Greek) unofficial Arch Linux repository with many interesting packages.<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-any]<br />
Server = http://archlinuxgr.tiven.org/archlinux/any<br />
</nowiki>}}<br />
<br />
== Both i686 and x86_64 ==<br />
<br />
Repositories with both i686 and x86_64 versions. The {{ic|$arch}} variable will be set automatically by pacman.<br />
<br />
=== Signed ===<br />
<br />
==== arcanisrepo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#arcanis arcanis]<br />
* '''Description:''' A repository with some AUR packages including packages from VCS<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[arcanisrepo]<br />
Server = http://repo.arcanis.me/repo/$arch<br />
</nowiki>}}<br />
<br />
(It is also available via FTP with the same url.)<br />
<br />
==== arch-openrc ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=84785 Chris Cromer]<br />
* '''Description:''' Packages to install and maintain OpenRC with sysvinit for Arch Linux.<br />
* '''Upstream sources page:''' https://github.com/cromerc/packages-openrc<br />
* '''Upstream packages/ISO page:''' https://sourceforge.net/projects/archopenrc/files/arch-openrc/<br />
* '''Key-ID:''' 97BEEEC2<br />
<br />
{{bc|<nowiki><br />
[arch-openrc]<br />
Server = http://downloads.sourceforge.net/project/archopenrc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxcn ====<br />
<br />
* '''Maintainers:''' [https://plus.google.com/+PhoenixNemo/ Phoenix Nemo (phoenixlzx)], Felix Yan (felixonmars, TU), [https://twitter.com/lilydjwg lilydjwg], and others<br />
* '''Description:''' Packages by the Chinese Arch Linux community (mostly signed)<br />
* '''Git Repo:''' https://github.com/archlinuxcn/repo<br />
* '''Mirrors:''' https://github.com/archlinuxcn/mirrorlist-repo (Mostly for users in mainland China)<br />
* '''Key-ID:''' Once the repo is added, ''archlinuxcn-keyring'' package must be installed before any other so you do not get errors about PGP signatures.<br />
<br />
{{bc|<nowiki><br />
[archlinuxcn]<br />
SigLevel = Optional TrustedOnly<br />
Server = http://repo.archlinuxcn.org/$arch<br />
## or use a CDN (beta)<br />
#Server = https://cdn.repo.archlinuxcn.org/$arch<br />
</nowiki>}}<br />
<br />
==== blackeagle-pre-community ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#idevolder Ike Devolder]<br />
* '''Description:''' testing of the by me maintaned packages before moving to ''community'' repository<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[blackeagle-pre-community]<br />
Server = http://repo.herecura.be/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0|Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst]<br />
Server = http://mirror.hactar.xyz/Vi0L0/catalyst/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst-hd234k ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0|Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst-hd234k]<br />
Server = http://mirror.hactar.xyz/Vi0L0/catalyst-hd234k/$arch<br />
</nowiki>}}<br />
<br />
==== city ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bgyorgy Balló György]<br />
* '''Description:''' Experimental/unpopular packages.<br />
* '''Upstream page:''' http://pkgbuild.com/~bgyorgy/city.html<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[city]<br />
Server = http://pkgbuild.com/~bgyorgy/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== gustawho ====<br />
* '''Maintainer:''' [https://twitter.com/gustawho Gustavo Castro] <gustawho@openmailbox.com><br />
* '''Description:''' Scientific tools (mostly physics/math) and AUR packages that take long to build (such as {{AUR|firefox-kde-opensuse}}).<br />
* '''Package list:''' https://gustawho.com/pacman<br />
* '''Upstream page:''' https://gustawho.com<br />
* '''Key-ID:''' [https://gustawho.com/repo/gustawho.key 76578671]<br />
{{bc|<nowiki><br />
[gustawho]<br />
Server = https://gustawho.com/repo/$arch<br />
</nowiki>}}<br />
<br />
==== haskell-core ====<br />
<br />
See [[ArchHaskell#haskell-core]].<br />
<br />
==== haskell-happstack ====<br />
<br />
See [[ArchHaskell#haskell-happstack]].<br />
<br />
==== haskell-web ====<br />
<br />
See [[ArchHaskell#haskell-web]].<br />
<br />
==== herecura ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#idevolder Ike Devolder]<br />
* '''Description:''' additional packages not found in the ''community'' repository<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[herecura]<br />
Server = http://repo.herecura.be/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== infinality-bundle ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle main repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle]<br />
Server = http://bohoomil.com/repo/$arch<br />
</nowiki>}}<br />
<br />
==== ivasilev ====<br />
<br />
* '''Maintainer:''' [http://ivasilev.net Ianis G. Vasilev]<br />
* '''Description:''' A variety of packages, mostly my own software and AUR builds.<br />
* '''Upstream page:''' http://ivasilev.net/pacman<br />
* '''Key-ID:''' 436BB513<br />
<br />
{{bc|<nowiki><br />
[ivasilev]<br />
Server = http://ivasilev.net/pacman/$arch<br />
</nowiki>}}<br />
<br />
==== llvm-svn ====<br />
<br />
* '''Maintainer:''' [[User:Kerberizer|Luchesar V. ILIEV (kerberizer)]]<br />
* '''Description:''' [https://aur.archlinux.org/pkgbase/llvm-svn llvm-svn] and [https://aur.archlinux.org/pkgbase/lib32-llvm-svn lib32-llvm-svn] from AUR: the LLVM compiler infrastructure, the Clang frontend, and the tools associated with it<br />
* '''Key-ID:''' [https://sks-keyservers.net/pks/lookup?op=vindex&search=0x76563F75679E4525&fingerprint=on&exact=on 0x76563F75679E4525], fingerprint {{ic|D16C F22D 27D1 091A 841C 4BE9 7656 3F75 679E 4525}}<br />
<br />
{{bc|<nowiki><br />
[llvm-svn]<br />
Server = http://repos.uni-plovdiv.net/archlinux/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== miffe ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=4059 miffe]<br />
* '''Description:''' AUR packages maintained by miffe, e.g. linux-mainline<br />
* '''Key ID:''' 313F5ABD<br />
<br />
{{bc|<nowiki><br />
[miffe]<br />
Server = http://arch.miffe.org/$arch/<br />
</nowiki>}}<br />
<br />
==== repo-ck ====<br />
<br />
* '''Maintainer:''' [[User:Graysky|graysky]]<br />
* '''Description:''' Kernel and modules with Brain Fuck Scheduler and all the goodies in the ck1 patch set.<br />
* '''Upstream page:''' [http://repo-ck.com repo-ck.com]<br />
* '''Wiki:''' [[repo-ck]]<br />
* '''Key-ID:''' 5EE46C4C<br />
<br />
{{bc|<nowiki><br />
[repo-ck]<br />
Server = http://repo-ck.com/$arch<br />
</nowiki>}}<br />
<br />
==== seblu ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#seblu Sébastien Luttringer]<br />
* '''Description:''' All seblu useful pre-built packages, some homemade (virtualbox-ext-oracle, linux-seblu-meta, bedup).<br />
* '''Key-ID:''' Not required, as maintainer is a Developer<br />
<br />
{{bc|<nowiki><br />
[seblu]<br />
Server = http://al.seblu.net/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== seiichiro ====<br />
<br />
* '''Maintainer:''' [https://www.seiichiro0185.org Stefan Brand (seiichiro0185)]<br />
* '''Description:''' AUR-packages I use frequently<br />
* '''Key-ID:''' 805517CC<br />
<br />
{{bc|<nowiki><br />
[seiichiro]<br />
Server = http://www.seiichiro0185.org/repo/$arch<br />
</nowiki>}}<br />
<br />
==== sergej-repo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#spupykin Sergej Pupykin]<br />
* '''Description:''' psi-plus, owncloud-git, ziproxy, android, MySQL, and other stuff. Some packages also available for armv7h.<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[sergej-repo]<br />
Server = http://repo.p5n.pp.ru/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== tredaelli-systemd ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#tredaelli Timothy Redaelli]<br />
* '''Description:''' systemd rebuilt with unofficial OpenVZ patch (kernel < 2.6.32-042stab111.1)<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|{{ic|[tredaelli-systemd]}} must be put before {{ic|[core]}} in {{ic|/etc/pacman.conf}}}}<br />
<br />
{{bc|<nowiki><br />
[tredaelli-systemd]<br />
Server = http://pkgbuild.com/~tredaelli/repo/systemd/$arch<br />
</nowiki>}}<br />
<br />
==== Webkit2Gtk-unstable ====<br />
* '''Maintainer:''' [[User:Mrmariusz|Mariusz Wojcik]]<br />
* '''Description:''' Latest Webkit2Gtk build for early adopters.<br />
* '''Upstream Page:''' https://webkitgtk.org/<br />
* '''Key-ID:''' 346854B5<br />
<br />
{{bc|<nowiki><br />
[home_mrmariusz_ArchLinux]<br />
Server = http://download.opensuse.org/repositories/home:/mrmariusz/ArchLinux/$arch<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== archaudio ====<br />
<br />
* '''Maintainer:''' [[User:Schivmeister|Ray Rashif]], [https://aur.archlinux.org/account/jhernberg Joakim Hernberg]<br />
* '''Description:''' Pro-audio packages<br />
<br />
{{bc|<nowiki><br />
[archaudio-production]<br />
Server = http://repos.archaudio.org/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxfr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
* '''Upstream page:''' http://afur.archlinux.fr<br />
<br />
{{bc|<nowiki><br />
[archlinuxfr]<br />
Server = http://repo.archlinux.fr/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr]<br />
Server = http://archlinuxgr.tiven.org/archlinux/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr-kde4 ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' KDE4 packages (plasmoids, themes etc) provided by the Hellenic (Greek) Arch Linux community<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-kde4]<br />
Server = http://archlinuxgr.tiven.org/archlinux-kde4/$arch<br />
</nowiki>}}<br />
<br />
==== arsch ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' From users of orgizm.net<br />
<br />
{{bc|<nowiki><br />
[arsch]<br />
Server = http://arsch.orgizm.net/$arch<br />
</nowiki>}}<br />
<br />
==== cinnamon ====<br />
<br />
* '''Maintainer:''' [https://github.com/jnbek jnbek]<br />
* '''Description:''' Stable and actively developed Cinnamon packages (Applets, Themes, Extensions), plus others (Hotot, qBitTorrent, GTK themes, Perl modules, and more).<br />
<br />
{{bc|<nowiki><br />
[cinnamon]<br />
Server = http://archlinux.zoelife4u.org/cinnamon/$arch<br />
</nowiki>}}<br />
<br />
==== heftig ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#heftig Jan Steffens]<br />
* '''Description:''' Includes pulseaudio-git, pavucontrol-git, and firefox-developer-edition<br />
* '''Upstream page:''' https://bbs.archlinux.org/viewtopic.php?id=117157<br />
<br />
{{bc|<nowiki><br />
[heftig]<br />
Server = https://pkgbuild.com/~heftig/repo/$arch<br />
</nowiki>}}<br />
<br />
==== home_Minerva_W_Science_Arch_Extra ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' [[OpenFOAM]] packages.<br />
<br />
{{bc|<nowiki><br />
[home_Minerva_W_Science_Arch_Extra]<br />
SigLevel = Never<br />
Server = http://download.opensuse.org/repositories/home:/Minerva_W:/Science/Arch_Extra/$arch <br />
</nowiki>}}<br />
<br />
==== home_Pival81_arch_xapps_Arch_Extra ====<br />
<br />
* '''Maintainer:''' Valerio Pizzi ([https://github.com/Pival81 Pival81] <pival801@gmail.com>)<br />
* '''Description:''' [https://github.com/linuxmint/xapps XApps] packages.<br />
<br />
{{bc|<nowiki><br />
[home_Pival81_arch_xapps_Arch_Extra]<br />
SigLevel = Never<br />
Server = http://download.opensuse.org/repositories/home:/Pival81:/arch:/xapps/Arch_Extra/$arch <br />
</nowiki>}}<br />
<br />
==== noware ====<br />
<br />
* '''Maintainer:''' Alexandru Thirtheu (alex_giusi_tiri2@yahoo.com) ([https://bbs.archlinux.org/profile.php?id=65036 Forums]) ([[User:AGT|Wiki]]) ([http://direct.noware.systems.:2 Web Site])<br />
* '''Description:''' Software which I prefer being present in a repository, than being compiled each time. It eases software maintenance, I find. Almost anything goes.<br />
<br />
{{bc|<nowiki><br />
[noware]<br />
Server = http://direct.$repo.systems.:2/repository/arch/$arch<br />
</nowiki>}}<br />
<br />
==== openrc-eudev ====<br />
* '''Maintainer:''' [[User:Nous|nous]]<br />
* '''Description:''' OpenRC init system, initscripts, eudev and nosystemd packages from the AUR.<br />
* '''Upstream page:''' https://sourceforge.net/projects/archopenrc<br />
* '''Upstream sources:''' https://github.com/cromerc/arch-openrc, https://github.com/cromerc/arch-nosystemd and the AUR<br />
<br />
{{bc|<nowiki><br />
[openrc-eudev]<br />
Server=http://downloads.sourceforge.net/project/archopenrc/$repo/$arch<br />
Server=ftp://ftp.heanet.ie/mirrors/sourceforge/a/ar/archopenrc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== pantheon ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Repository containing Pantheon-related packages<br />
<br />
{{bc|<nowiki><br />
[pantheon]<br />
Server = http://pkgbuild.com/~alucryd/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== pietma ====<br />
<br />
* '''Maintainer:''' MartiMcFly <martimcfly@autorisation.de><br />
* '''Description:''' Arch User Repository packages [https://aur.archlinux.org/packages/?K=martimcfly&SeB=m I create or maintain.].<br />
* '''Upstream page:''' http://pietma.com/tag/aur/<br />
<br />
{{bc|<nowiki><br />
[pietma]<br />
SigLevel = Optional TrustAll<br />
Server = http://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo<br />
</nowiki>}}<br />
<br />
==== trinity ====<br />
<br />
* '''Maintainer:''' [[User:Mmanley|Michael Manley]]<br />
* '''Description:''' [[Trinity]] Desktop Environment<br />
<br />
{{bc|<nowiki><br />
[trinity]<br />
Server = http://repo.nasutek.com/arch/contrib/trinity/$arch<br />
</nowiki>}}<br />
<br />
==== home_tarakbumba_archlinux_Arch_Extra_standard ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Contains a few pre-built AUR packages (zemberek, etc.)<br />
<br />
{{bc|<nowiki><br />
[home_tarakbumba_archlinux_Arch_Extra_standard]<br />
Server = http://download.opensuse.org/repositories/home:/tarakbumba:/archlinux/Arch_Extra_standard/$arch<br />
</nowiki>}}<br />
<br />
==== QOwnNotes ====<br />
<br />
* '''Maintainer:''' http://www.qownnotes.org<br />
* '''Description:''' QOwnNotes is a open source notepad and todo list manager with markdown support and [[ownCloud]] integration.<br />
<br />
{{bc|<nowiki><br />
[home_pbek_QOwnNotes_Arch_Extra]<br />
SigLevel = Optional TrustAll<br />
Server = http://download.opensuse.org/repositories/home:/pbek:/QOwnNotes/Arch_Extra/$arch<br />
</nowiki>}}<br />
<br />
== i686 only ==<br />
<br />
=== Signed ===<br />
<br />
==== xyne-i686 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "i686" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-i686]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' each program I'm using on x86_64 is compiled for i686 too<br />
* '''Upstream page:''' http://andrwe.org/linux/repository<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/i686<br />
</nowiki>}}<br />
<br />
==== kpiche ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Stable OpenSync packages.<br />
<br />
{{bc|<nowiki><br />
[kpiche]<br />
Server = http://kpiche.archlinux.ca/repo<br />
</nowiki>}}<br />
<br />
==== kernel26-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 2.6.39<br />
<br />
{{bc|<nowiki><br />
[kernel26-pae]<br />
Server = http://kernel26-pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
==== linux-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 3.0<br />
<br />
{{bc|<nowiki><br />
[linux-pae]<br />
Server = http://pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
== x86_64 only ==<br />
<br />
=== Signed ===<br />
<br />
==== archzfs ====<br />
<br />
* '''Maintainer:''' [http://archzfs.com Jesus Alvarez (demizer)]<br />
* '''Description:''' Packages for ZFS on Arch Linux.<br />
* '''Upstream page:''' https://github.com/archzfs/archzfs<br />
* '''Key-ID:''' 5E1ABF240EE7A126<br />
<br />
{{bc|<nowiki><br />
[archzfs]<br />
Server = http://archzfs.com/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== ashleyis ====<br />
<br />
* '''Maintainer:''' Ashley Towns ([https://aur.archlinux.org/account/ashleyis/ ashleyis])<br />
* '''Description:''' Debug versions of SDL, chipmunk, libtmx and other misc game libraries. also swift-lang and some other AUR packages <br />
* '''Key-ID:''' B1A4D311<br />
<br />
{{bc|<nowiki><br />
[ashleyis]<br />
Server = http://arch.ashleytowns.id.au/repo/$arch<br />
</nowiki>}}<br />
<br />
==== atom ====<br />
<br />
* '''Maintainer:''' Nicola Squartini ([https://github.com/tensor5 tensor5])<br />
* '''Upstream page:''' https://github.com/tensor5/arch-atom<br />
* '''Description:''' Atom text editor and Electron<br />
* '''Key-ID:''' B0544167<br />
<br />
{{bc|<nowiki><br />
[atom]<br />
Server = http://noaxiom.org/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== aurpackages ====<br />
<br />
* '''Maintainer:''' Mark Vainomaa <mikroskeem@mikroskeem.eu><br />
* '''Description:''' AUR packages I tend to use every day. Will be updated weekly<br />
* '''Key-ID:''' 2A07EF8371AFC028<br />
<br />
{{bc|<nowiki><br />
[aurpackages]<br />
SigLevel = Required<br />
Server = https://r.mikroskeem.eu<br />
</nowiki>}}<br />
<br />
==== boyska64 ====<br />
<br />
* '''Maintainer:''' boyska<br />
* '''Description:''' Personal repository: cryptography, sdr, mail handling and misc; don't expect packages to be upgraded promptly, I am a zealot of slackness<br />
* '''Key-ID:''' 0x7395DCAE58289CA9<br />
<br />
{{bc|<nowiki><br />
[boyska64]<br />
Server = http://boyska.degenerazione.xyz/archrepo<br />
</nowiki>}}<br />
<br />
==== coderkun-aur ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/coderkun/ coderkun]<br />
* '''Description:''' AUR packages with random software. Supporting package deltas and package and database signing.<br />
* '''Upstream page:''' https://www.coderkun.de/arch<br />
* '''Key-ID:''' A6BEE374<br />
* '''Keyfile:''' [https://www.coderkun.de/coderkun.asc https://www.coderkun.de/coderkun.asc]<br />
<br />
{{bc|<nowiki><br />
[coderkun-aur]<br />
Server = http://arch.coderkun.de/$repo/$arch/<br />
</nowiki>}}<br />
<br />
==== coderkun-aur-audio ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/coderkun/ coderkun]<br />
* '''Description:''' AUR packages with audio-related (realtime kernels, lv2-plugins, …) software. Supporting package deltas and package and database signing.<br />
* '''Upstream page:''' https://www.coderkun.de/arch<br />
* '''Key-ID:''' A6BEE374<br />
* '''Keyfile:''' [https://www.coderkun.de/coderkun.asc https://www.coderkun.de/coderkun.asc]<br />
<br />
{{bc|<nowiki><br />
[coderkun-aur-audio]<br />
Server = http://arch.coderkun.de/$repo/$arch/<br />
</nowiki>}}<br />
<br />
==== decryptedepsilon ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/decryptedepsilon/ decryptedepsilon]<br />
* '''Description:''' AUR packages that I usually install (dropbox, jdk, atom, spotify, tor-browser-en, paper-icon-theme-git)<br />
* '''Upstream page:''' http://www.decryptedepsilon.bl.ee/repo/x86_64<br />
* '''Key-ID:''' 60442BA4<br />
* '''Keyfile:''' [http://www.decryptedepsilon.bl.ee/decryptedepsilon.asc http://www.decryptedepsilon.bl.ee/decryptedepsilon.asc]<br />
<br />
{{bc|<nowiki><br />
[decryptedepsilon]<br />
Server = http://decryptedepsilon.bl.ee/repo/$arch/<br />
</nowiki>}}<br />
<br />
==== eatabrick ====<br />
<br />
* '''Maintainer:''' bentglasstube<br />
* '''Description:''' Packages for software written by (and a few just compiled by) bentglasstube.<br />
<br />
{{bc|<nowiki><br />
[eatabrick]<br />
SigLevel = Required<br />
Server = http://repo.eatabrick.org/$arch<br />
</nowiki>}}<br />
<br />
==== freifunk-rheinland ====<br />
<br />
* '''Maintainer:''' nomaster<br />
* '''Description:''' Packages for the Freifunk project: batman-adv, batctl, fastd and dependencies.<br />
<br />
{{bc|<nowiki><br />
[freifunk-rheinland]<br />
Server = http://mirror.fluxent.de/archlinux-custom/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== holo ====<br />
<br />
* '''Maintainer:''' Stefan Majewsky <holo-pacman@posteo.de> (please prefer to report issues at [https://github.com/majewsky/holo-pacman-repo/issues Github])<br />
* '''Description:''' Packages for [https://holocm.org Holo configuration management], including compatible plugins and tools.<br />
* '''Upstream page:''' https://github.com/majewsky/holo-pacman-repo<br />
* '''Package list:''' https://repo.holocm.org/archlinux/x86_64<br />
* '''Key-ID:''' 0xF7A9C9DC4631BD1A<br />
<br />
{{bc|<nowiki><br />
[holo]<br />
Server = https://repo.holocm.org/archlinux/x86_64<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-multilib ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle multilib repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-multilib]<br />
Server = http://bohoomil.com/repo/multilib/$arch<br />
</nowiki>}}<br />
<br />
==== linux-kalterfx ====<br />
<br />
* '''Maintainer''': Anna Ivanova ([https://aur.archlinux.org/account/kalterfive kalterfive])<br />
* '''Upstream page''': https://deadsoftware.ru/files/linux-kalterfx<br />
* '''Description''': A stable kernel with [[#Linux-pf|pf-kernel]]{{Broken section link}}, [[reiser4]] and smack<br />
* '''Key-ID''': A0C04F15<br />
* '''Keyfile''': https://keybase.io/kalterfive/key.asc<br />
<br />
{{bc|<nowiki><br />
[linux-kalterfx]<br />
Server = https://deadsoftware.ru/files/linux-kalterfx/repo/$arch<br />
</nowiki>}}<br />
<br />
==== markzz ====<br />
<br />
* '''Maintainer:''' [[User:Markzz|Mark Weiman (markzz)]]<br />
* '''Description:''' Packages that markzz maintains or uses on the AUR; this includes Linux with the vfio patchset ({{AUR|linux-vfio}} and {{AUR|linux-vfio-lts}}), and packages to maintain a Debian package repository.<br />
* '''Key ID:''' 3CADDFDD<br />
<br />
{{Note|If you want to add the key by installing the ''markzz-keyring'' package, temporarily add {{ic|1=SigLevel = Never}} into the repository section.}}<br />
<br />
{{bc|<nowiki><br />
[markzz]<br />
Server = http://repo.markzz.com/arch/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== qt-debug ====<br />
<br />
* '''Maintainer:''' [http://blog.the-compiler.org/?page_id=36 The Compiler]<br />
* '''Description:''' Qt/PyQt builds with debug symbols<br />
* '''Upstream page:''' https://github.com/qutebrowser/qt-debug-pkgbuild<br />
* '''Key-ID:''' D6A1C70FE80A0C82<br />
<br />
{{bc|<nowiki><br />
[qt-debug]<br />
Server = http://qutebrowser.org/qt-debug/$arch<br />
</nowiki>}}<br />
<br />
==== quarry ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#anatolik anatolik]<br />
* '''Description:''' Arch binary repository for [http://rubygems.org/ Rubygems] packages. See [https://bbs.archlinux.org/viewtopic.php?id=182729 forum announcement] for more information.<br />
* '''Sources:''' https://github.com/anatol/quarry<br />
* '''Key-ID:''' Not needed, as maintainer is a developer<br />
<br />
{{bc|<nowiki><br />
[quarry]<br />
Server = http://pkgbuild.com/~anatolik/quarry/x86_64/<br />
</nowiki>}}<br />
<br />
==== siosm-aur ====<br />
<br />
* '''Maintainer:''' [https://tim.siosm.fr/about/ Timothee Ravier]<br />
* '''Description:''' packages also available in the Arch User Repository, sometimes with minor fixes<br />
* '''Upstream page:''' https://tim.siosm.fr/repositories/<br />
* '''Key-ID:''' 78688F83<br />
<br />
{{bc|<nowiki><br />
[siosm-aur]<br />
Server = http://siosm.fr/repo/$repo/<br />
</nowiki>}}<br />
<br />
==== subtitlecomposer ====<br />
<br />
* '''Maintainer:''' Mladen Milinkovic (maxrd2)<br />
* '''Description:''' Subtitle Composer stable and nightly builds<br />
* '''Upstream page:''' https://github.com/maxrd2/subtitlecomposer<br />
* '''Key-ID:''' EF9D9B26<br />
<br />
{{bc|<nowiki><br />
[subtitlecomposer]<br />
Server = http://smoothware.net/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== xyne-x86_64 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "x86_64" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-x86_64]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== alucryd ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Various packages Maxime Gauduin maintains (or not) in the AUR.<br />
<br />
{{bc|<nowiki><br />
[alucryd]<br />
Server = http://pkgbuild.com/~alucryd/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== alucryd-multilib ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Various packages needed to run Steam without its runtime environment.<br />
<br />
{{bc|<nowiki><br />
[alucryd-multilib]<br />
Server = http://pkgbuild.com/~alucryd/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' contains programs I'm using on many systems<br />
* '''Upstream page:''' http://andrwe.org/linux/repository<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/x86_64<br />
</nowiki>}}<br />
<br />
==== brtln ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bpiotrowski Bartłomiej Piotrowski]<br />
* '''Description:''' Some VCS packages.<br />
<br />
{{bc|<nowiki><br />
[brtln]<br />
Server = http://pkgbuild.com/~barthalion/brtln/$arch/<br />
</nowiki>}}<br />
<br />
==== imake ====<br />
<br />
* '''Maintainer:''' GRV <grvconstanta@gmail.com><br />
* '''Description:''' Important AUR packages that are pre-compiled and ready to install with pacman.<br />
<br />
{{bc|<nowiki><br />
[imake]<br />
SigLevel = Never<br />
Server = http://imake.ddns.net/$arch<br />
</nowiki>}}<br />
<br />
==== jkanetwork ====<br />
<br />
* '''Maintainer:''' kprkpr <kevin01010 at gmail dot com><br />
* '''Maintainer:''' Joselucross <jlgarrido97 at gmail dot com><br />
* '''Description:''' Packages of AUR like pimagizer,stepmania,yaourt,linux-mainline,wps-office,grub-customizer,some IDE.. Open for all that wants to contribute<br />
* '''Upstream page:''' http://repo.jkanetwork.com/<br />
<br />
{{bc|<nowiki><br />
[jkanetwork]<br />
Server = http://repo.jkanetwork.com/repo/$repo/<br />
</nowiki>}}<br />
<br />
==== matrixim ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/mytbk Iru Cai]<br />
* '''Description:''' Packages related to [https://matrix.org Matrix] messaging protocol, and software run on https://matrixim.cc -- my website and Matrix homeserver.<br />
<br />
{{bc|<nowiki><br />
[matrixim]<br />
Server = https://repo.matrixim.cc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== mesa-git ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#lcarlier Laurent Carlier]<br />
* '''Description:''' Mesa git builds for the ''testing'' and ''multilib-testing'' repositories<br />
<br />
{{bc|<nowiki><br />
[mesa-git]<br />
Server = http://pkgbuild.com/~lcarlier/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== mikroskeem ====<br />
<br />
* '''Maintainer:''' Mark Vainomaa <mikroskeem@mikroskeem.eu><br />
* '''Description:''' Openarena, i3 wm, and neovim-related packages<br />
<br />
'''NOTE:''' This repo isn't maintained anymore. It will be shut down on '''01-01-2017'''. Use my ''aurpackages'' repo instead.<br />
<br />
{{bc|<nowiki><br />
[mikroskeem]<br />
Server = https://nightsnack.cf/~mark/arch-pkgs<br />
</nowiki>}}<br />
<br />
==== mingw-w64 ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/ant32 Philip] and [https://aur.archlinux.org/account/nic96 Jeromy] Reimer<br />
* '''Description:''' Almost all mingw-w64 packages in the AUR.<br />
<br />
{{bc|<nowiki><br />
[mingw-w64]<br />
Server = http://downloads.sourceforge.net/project/mingw-w64-archlinux/$arch<br />
#Server = http://amr.linuxd.org/archlinux/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== pkgbuild-current ====<br />
<br />
* '''Maintainer''': [https://fusion809.github.io Brenton Horne] (fusion809)<br />
* '''Description''': most of the packages in the [https://github.com/fusion809/PKGBUILDs fusion809/PKGBUILDs] GitHub repository (please report bugs here). Full list of packages can be found [https://github.com/fusion809/PKGBUILDs/releases/tag/current here].<br />
* '''Upstream page''': https://fusion809.github.io/PKGBUILDs<br />
<br />
{{bc|<nowiki><br />
[pkgbuild-current]<br />
Server = https://github.com/fusion809/PKGBUILDs/releases/download/current<br />
</nowiki>}}<br />
<br />
==== pnsft-pur ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Japanese input method packages Mozc (vanilla) and libkkc<br />
<br />
{{bc|<nowiki><br />
[pnsft-pur]<br />
Server = http://downloads.sourceforge.net/project/pnsft-aur/pur/x86_64<br />
</nowiki>}}<br />
<br />
==== rakudo ====<br />
<br />
* '''Maintainer:''' spider-mario <spidermario@free.fr><br />
* '''Description:''' Rakudo Perl6<br />
<br />
{{bc|<nowiki><br />
[rakudo]<br />
Server = https://spider-mario.quantic-telecom.net/archlinux/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== zrootfs ====<br />
<br />
* '''Maintainer:''' Isabell Cowan <isabellcowan@gmail.com><br />
* '''Description:''' For Haswell and Broadwell architecture processors with size in mind.<br />
<br />
{{Note|This repo has not been maintained since 2016-03-14. There are no guarantees as to how long it will be kept online.}}<br />
<br />
{{bc|<nowiki><br />
[zrootfs]<br />
Server = https://www.izzette.com/izzi/zrootfs-old<br />
</nowiki>}}</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Unofficial_user_repositories&diff=461625Unofficial user repositories2017-01-05T20:38:00Z<p>StrayArch: /* Signed */ Added ArchStrike repository</p>
<hr />
<div>[[Category:Package management]]<br />
[[ja:非公式ユーザーリポジトリ]]<br />
[[zh-CN:Unofficial user repositories]]<br />
{{Related articles start}}<br />
{{Related|pacman-key}}<br />
{{Related|Official repositories}}<br />
{{Related articles end}}<br />
This article lists binary repositories freely created and shared by the community, often providing pre-built versions of PKGBUILDS found in the [[AUR]].<br />
<br />
{{Warning|Neither the official Arch Linux Developers nor the Trusted Users perform tests of any sort to verify the contents of these repositories; it is up to each user to decide whether to trust their maintainers, and take full responsibility for whatever their decision brings.}}<br />
<br />
In order to use these repositories, you will have to add them to {{ic|/etc/pacman.conf}}, as explained in [[pacman#Repositories and mirrors]]. If a repository is signed, you will have to obtain and locally sign the associated key, as explained in [[Pacman-key#Adding unofficial keys]].<br />
<br />
If you want to create your own custom repository, follow [[pacman tips#Custom local repository]].<br />
<br />
{{Tip|To get a list of all servers listed in this page: {{bc|<nowiki>curl -s 'https://wiki.archlinux.org/index.php/Unofficial_user_repositories' | awk '/^Server =/ { print $3 }' </nowiki>}}<br />
}}<br />
<br />
== Adding your repository to this page ==<br />
<br />
If you have your own repository, please add it to this page, so that all the other users will know where to find your packages. Please keep the following rules when adding new repositories:<br />
<br />
* Keep the lists in alphabetical order.<br />
* Include some information about the maintainer: include at least a (nick)name and some form of contact information (web site, email address, user page on ArchWiki or the forums, etc.).<br />
* If the repository is of the ''signed'' variety, please include a key-id, possibly using it as the anchor for a link to its keyserver; if the key is not on a keyserver, include a link to the key file.<br />
* Include some short description (e.g. the category of packages provided in the repository).<br />
* If there is a page (either on ArchWiki or external) containing more information about the repository, include a link to it.<br />
* If possible, avoid using comments in code blocks. The formatted description is much more readable. Users who want some comments in their {{ic|pacman.conf}} can easily create it on their own.<br />
<br />
== Any ==<br />
<br />
"Any" repositories are architecture-independent. In other words, they can be used on both i686 and x86_64 systems.<br />
<br />
=== Signed ===<br />
<br />
==== archstrike ====<br />
<br />
* '''Maintainer:''' [https://archstrike.org/team The ArchStrike Team]<br />
* '''Description:''' A repository for security professionals and enthusiasts<br />
* '''Upstream page:''' https://archstrike.org/<br />
* '''Key-ID:''' 9D5F1C051D146843CDA4858BDE64825E7CBC0D51<br />
<br />
{{bc|<nowiki><br />
[archstrike]<br />
Include = /etc/pacman.d/archstrike-mirrorlist<br />
[archstrike-testing]<br />
Include = /etc/pacman.d/archstrike-mirrorlist<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-fonts ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle-fonts repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-fonts]<br />
Server = http://bohoomil.com/repo/fonts<br />
</nowiki>}}<br />
<br />
==== ivasilev ====<br />
<br />
* '''Maintainer:''' [http://ivasilev.net Ianis G. Vasilev]<br />
* '''Description:''' A variety of packages, mostly my own software and AUR builds.<br />
* '''Upstream page:''' http://ivasilev.net/pacman<br />
* '''Key-ID:''' 436BB513<br />
<br />
{{Note|I mantain 'any', 'i686' and 'x86_64' repos. Each of them includes packages from 'any'. $arch can be replaced with any of the three}}<br />
<br />
{{bc|<nowiki><br />
[ivasilev]<br />
Server = http://ivasilev.net/pacman/any<br />
# Server = http://ivasilev.net/pacman/$arch<br />
</nowiki>}}<br />
<br />
==== pkgbuilder ====<br />
<br />
* '''Maintainer:''' [https://chriswarrick.com/ Chris Warrick]<br />
* '''Description:''' A repository for PKGBUILDer, a Python AUR helper.<br />
* '''Upstream page:''' https://github.com/Kwpolska/pkgbuilder<br />
* '''Key-ID:''' 5EAAEA16<br />
<br />
{{bc|<nowiki><br />
[pkgbuilder]<br />
Server = https://pkgbuilder-repo.chriswarrick.com/<br />
</nowiki>}}<br />
<br />
==== xyne-any ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for "any" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{Note|Use this repository only if there is no matching {{ic|[xyne-*]}} repository for your architecture.}}<br />
<br />
{{bc|<nowiki><br />
[xyne-any]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
==== youtube-dl ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=94876 Case_Of]<br />
* '''Description:''' A repository for latest release of youtube-dl package.<br />
* '''Key-ID:''' [https://youtube-dl.tk/youtube-dl-pgp.key 9F213FB2]<br />
<br />
{{Note|Install the package with {{ic|pacman -S youtube-dl/youtube-dl}}.}}<br />
{{bc|<nowiki><br />
[youtube-dl]<br />
Server = https://youtube-dl.tk<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== archlinuxgr-any ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' The Hellenic (Greek) unofficial Arch Linux repository with many interesting packages.<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-any]<br />
Server = http://archlinuxgr.tiven.org/archlinux/any<br />
</nowiki>}}<br />
<br />
== Both i686 and x86_64 ==<br />
<br />
Repositories with both i686 and x86_64 versions. The {{ic|$arch}} variable will be set automatically by pacman.<br />
<br />
=== Signed ===<br />
<br />
==== arcanisrepo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#arcanis arcanis]<br />
* '''Description:''' A repository with some AUR packages including packages from VCS<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[arcanisrepo]<br />
Server = http://repo.arcanis.me/repo/$arch<br />
</nowiki>}}<br />
<br />
(It is also available via FTP with the same url.)<br />
<br />
==== arch-openrc ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=84785 Chris Cromer]<br />
* '''Description:''' Packages to install and maintain OpenRC with sysvinit for Arch Linux.<br />
* '''Upstream sources page:''' https://github.com/cromerc/packages-openrc<br />
* '''Upstream packages/ISO page:''' https://sourceforge.net/projects/archopenrc/files/arch-openrc/<br />
* '''Key-ID:''' 97BEEEC2<br />
<br />
{{bc|<nowiki><br />
[arch-openrc]<br />
Server = http://downloads.sourceforge.net/project/archopenrc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxcn ====<br />
<br />
* '''Maintainers:''' [https://plus.google.com/+PhoenixNemo/ Phoenix Nemo (phoenixlzx)], Felix Yan (felixonmars, TU), [https://twitter.com/lilydjwg lilydjwg], and others<br />
* '''Description:''' Packages by the Chinese Arch Linux community (mostly signed)<br />
* '''Git Repo:''' https://github.com/archlinuxcn/repo<br />
* '''Mirrors:''' https://github.com/archlinuxcn/mirrorlist-repo (Mostly for users in mainland China)<br />
* '''Key-ID:''' Once the repo is added, ''archlinuxcn-keyring'' package must be installed before any other so you do not get errors about PGP signatures.<br />
<br />
{{bc|<nowiki><br />
[archlinuxcn]<br />
SigLevel = Optional TrustedOnly<br />
Server = http://repo.archlinuxcn.org/$arch<br />
## or use a CDN (beta)<br />
#Server = https://cdn.repo.archlinuxcn.org/$arch<br />
</nowiki>}}<br />
<br />
==== blackeagle-pre-community ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#idevolder Ike Devolder]<br />
* '''Description:''' testing of the by me maintaned packages before moving to ''community'' repository<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[blackeagle-pre-community]<br />
Server = http://repo.herecura.be/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0|Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst]<br />
Server = http://mirror.hactar.xyz/Vi0L0/catalyst/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst-hd234k ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0|Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst-hd234k]<br />
Server = http://mirror.hactar.xyz/Vi0L0/catalyst-hd234k/$arch<br />
</nowiki>}}<br />
<br />
==== city ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bgyorgy Balló György]<br />
* '''Description:''' Experimental/unpopular packages.<br />
* '''Upstream page:''' http://pkgbuild.com/~bgyorgy/city.html<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[city]<br />
Server = http://pkgbuild.com/~bgyorgy/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== gustawho ====<br />
* '''Maintainer:''' [https://twitter.com/gustawho Gustavo Castro] <gustawho@openmailbox.com><br />
* '''Description:''' Scientific tools (mostly physics/math) and AUR packages that take long to build (such as {{AUR|firefox-kde-opensuse}}).<br />
* '''Package list:''' https://gustawho.com/pacman<br />
* '''Upstream page:''' https://gustawho.com<br />
* '''Key-ID:''' [https://gustawho.com/repo/gustawho.key 76578671]<br />
{{bc|<nowiki><br />
[gustawho]<br />
Server = https://gustawho.com/repo/$arch<br />
</nowiki>}}<br />
<br />
==== haskell-core ====<br />
<br />
See [[ArchHaskell#haskell-core]].<br />
<br />
==== haskell-happstack ====<br />
<br />
See [[ArchHaskell#haskell-happstack]].<br />
<br />
==== haskell-web ====<br />
<br />
See [[ArchHaskell#haskell-web]].<br />
<br />
==== herecura ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#idevolder Ike Devolder]<br />
* '''Description:''' additional packages not found in the ''community'' repository<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[herecura]<br />
Server = http://repo.herecura.be/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== infinality-bundle ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle main repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle]<br />
Server = http://bohoomil.com/repo/$arch<br />
</nowiki>}}<br />
<br />
==== ivasilev ====<br />
<br />
* '''Maintainer:''' [http://ivasilev.net Ianis G. Vasilev]<br />
* '''Description:''' A variety of packages, mostly my own software and AUR builds.<br />
* '''Upstream page:''' http://ivasilev.net/pacman<br />
* '''Key-ID:''' 436BB513<br />
<br />
{{bc|<nowiki><br />
[ivasilev]<br />
Server = http://ivasilev.net/pacman/$arch<br />
</nowiki>}}<br />
<br />
==== llvm-svn ====<br />
<br />
* '''Maintainer:''' [[User:Kerberizer|Luchesar V. ILIEV (kerberizer)]]<br />
* '''Description:''' [https://aur.archlinux.org/pkgbase/llvm-svn llvm-svn] and [https://aur.archlinux.org/pkgbase/lib32-llvm-svn lib32-llvm-svn] from AUR: the LLVM compiler infrastructure, the Clang frontend, and the tools associated with it<br />
* '''Key-ID:''' [https://sks-keyservers.net/pks/lookup?op=vindex&search=0x76563F75679E4525&fingerprint=on&exact=on 0x76563F75679E4525], fingerprint {{ic|D16C F22D 27D1 091A 841C 4BE9 7656 3F75 679E 4525}}<br />
<br />
{{bc|<nowiki><br />
[llvm-svn]<br />
Server = http://repos.uni-plovdiv.net/archlinux/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== miffe ====<br />
<br />
* '''Maintainer:''' [https://bbs.archlinux.org/profile.php?id=4059 miffe]<br />
* '''Description:''' AUR packages maintained by miffe, e.g. linux-mainline<br />
* '''Key ID:''' 313F5ABD<br />
<br />
{{bc|<nowiki><br />
[miffe]<br />
Server = http://arch.miffe.org/$arch/<br />
</nowiki>}}<br />
<br />
==== repo-ck ====<br />
<br />
* '''Maintainer:''' [[User:Graysky|graysky]]<br />
* '''Description:''' Kernel and modules with Brain Fuck Scheduler and all the goodies in the ck1 patch set.<br />
* '''Upstream page:''' [http://repo-ck.com repo-ck.com]<br />
* '''Wiki:''' [[repo-ck]]<br />
* '''Key-ID:''' 5EE46C4C<br />
<br />
{{bc|<nowiki><br />
[repo-ck]<br />
Server = http://repo-ck.com/$arch<br />
</nowiki>}}<br />
<br />
==== seblu ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#seblu Sébastien Luttringer]<br />
* '''Description:''' All seblu useful pre-built packages, some homemade (virtualbox-ext-oracle, linux-seblu-meta, bedup).<br />
* '''Key-ID:''' Not required, as maintainer is a Developer<br />
<br />
{{bc|<nowiki><br />
[seblu]<br />
Server = http://al.seblu.net/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== seiichiro ====<br />
<br />
* '''Maintainer:''' [https://www.seiichiro0185.org Stefan Brand (seiichiro0185)]<br />
* '''Description:''' AUR-packages I use frequently<br />
* '''Key-ID:''' 805517CC<br />
<br />
{{bc|<nowiki><br />
[seiichiro]<br />
Server = http://www.seiichiro0185.org/repo/$arch<br />
</nowiki>}}<br />
<br />
==== sergej-repo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#spupykin Sergej Pupykin]<br />
* '''Description:''' psi-plus, owncloud-git, ziproxy, android, MySQL, and other stuff. Some packages also available for armv7h.<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[sergej-repo]<br />
Server = http://repo.p5n.pp.ru/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== tredaelli-systemd ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#tredaelli Timothy Redaelli]<br />
* '''Description:''' systemd rebuilt with unofficial OpenVZ patch (kernel < 2.6.32-042stab111.1)<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|{{ic|[tredaelli-systemd]}} must be put before {{ic|[core]}} in {{ic|/etc/pacman.conf}}}}<br />
<br />
{{bc|<nowiki><br />
[tredaelli-systemd]<br />
Server = http://pkgbuild.com/~tredaelli/repo/systemd/$arch<br />
</nowiki>}}<br />
<br />
==== Webkit2Gtk-unstable ====<br />
* '''Maintainer:''' [[User:Mrmariusz|Mariusz Wojcik]]<br />
* '''Description:''' Latest Webkit2Gtk build for early adopters.<br />
* '''Upstream Page:''' https://webkitgtk.org/<br />
* '''Key-ID:''' 346854B5<br />
<br />
{{bc|<nowiki><br />
[home_mrmariusz_ArchLinux]<br />
Server = http://download.opensuse.org/repositories/home:/mrmariusz/ArchLinux/$arch<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== archaudio ====<br />
<br />
* '''Maintainer:''' [[User:Schivmeister|Ray Rashif]], [https://aur.archlinux.org/account/jhernberg Joakim Hernberg]<br />
* '''Description:''' Pro-audio packages<br />
<br />
{{bc|<nowiki><br />
[archaudio-production]<br />
Server = http://repos.archaudio.org/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxfr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
* '''Upstream page:''' http://afur.archlinux.fr<br />
<br />
{{bc|<nowiki><br />
[archlinuxfr]<br />
Server = http://repo.archlinux.fr/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr]<br />
Server = http://archlinuxgr.tiven.org/archlinux/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr-kde4 ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' KDE4 packages (plasmoids, themes etc) provided by the Hellenic (Greek) Arch Linux community<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-kde4]<br />
Server = http://archlinuxgr.tiven.org/archlinux-kde4/$arch<br />
</nowiki>}}<br />
<br />
==== arsch ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' From users of orgizm.net<br />
<br />
{{bc|<nowiki><br />
[arsch]<br />
Server = http://arsch.orgizm.net/$arch<br />
</nowiki>}}<br />
<br />
==== cinnamon ====<br />
<br />
* '''Maintainer:''' [https://github.com/jnbek jnbek]<br />
* '''Description:''' Stable and actively developed Cinnamon packages (Applets, Themes, Extensions), plus others (Hotot, qBitTorrent, GTK themes, Perl modules, and more).<br />
<br />
{{bc|<nowiki><br />
[cinnamon]<br />
Server = http://archlinux.zoelife4u.org/cinnamon/$arch<br />
</nowiki>}}<br />
<br />
==== heftig ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#heftig Jan Steffens]<br />
* '''Description:''' Includes pulseaudio-git, pavucontrol-git, and firefox-developer-edition<br />
* '''Upstream page:''' https://bbs.archlinux.org/viewtopic.php?id=117157<br />
<br />
{{bc|<nowiki><br />
[heftig]<br />
Server = https://pkgbuild.com/~heftig/repo/$arch<br />
</nowiki>}}<br />
<br />
==== home_Minerva_W_Science_Arch_Extra ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' [[OpenFOAM]] packages.<br />
<br />
{{bc|<nowiki><br />
[home_Minerva_W_Science_Arch_Extra]<br />
SigLevel = Never<br />
Server = http://download.opensuse.org/repositories/home:/Minerva_W:/Science/Arch_Extra/$arch <br />
</nowiki>}}<br />
<br />
==== home_Pival81_arch_xapps_Arch_Extra ====<br />
<br />
* '''Maintainer:''' Valerio Pizzi ([https://github.com/Pival81 Pival81] <pival801@gmail.com>)<br />
* '''Description:''' [https://github.com/linuxmint/xapps XApps] packages.<br />
<br />
{{bc|<nowiki><br />
[home_Pival81_arch_xapps_Arch_Extra]<br />
SigLevel = Never<br />
Server = http://download.opensuse.org/repositories/home:/Pival81:/arch:/xapps/Arch_Extra/$arch <br />
</nowiki>}}<br />
<br />
==== noware ====<br />
<br />
* '''Maintainer:''' Alexandru Thirtheu (alex_giusi_tiri2@yahoo.com) ([https://bbs.archlinux.org/profile.php?id=65036 Forums]) ([[User:AGT|Wiki]]) ([http://direct.noware.systems.:2 Web Site])<br />
* '''Description:''' Software which I prefer being present in a repository, than being compiled each time. It eases software maintenance, I find. Almost anything goes.<br />
<br />
{{bc|<nowiki><br />
[noware]<br />
Server = http://direct.$repo.systems.:2/repository/arch/$arch<br />
</nowiki>}}<br />
<br />
==== openrc-eudev ====<br />
* '''Maintainer:''' [[User:Nous|nous]]<br />
* '''Description:''' OpenRC init system, initscripts, eudev and nosystemd packages from the AUR.<br />
* '''Upstream page:''' https://sourceforge.net/projects/archopenrc<br />
* '''Upstream sources:''' https://github.com/cromerc/arch-openrc, https://github.com/cromerc/arch-nosystemd and the AUR<br />
<br />
{{bc|<nowiki><br />
[openrc-eudev]<br />
Server=http://downloads.sourceforge.net/project/archopenrc/$repo/$arch<br />
Server=ftp://ftp.heanet.ie/mirrors/sourceforge/a/ar/archopenrc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== pantheon ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Repository containing Pantheon-related packages<br />
<br />
{{bc|<nowiki><br />
[pantheon]<br />
Server = http://pkgbuild.com/~alucryd/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== pietma ====<br />
<br />
* '''Maintainer:''' MartiMcFly <martimcfly@autorisation.de><br />
* '''Description:''' Arch User Repository packages [https://aur.archlinux.org/packages/?K=martimcfly&SeB=m I create or maintain.].<br />
* '''Upstream page:''' http://pietma.com/tag/aur/<br />
<br />
{{bc|<nowiki><br />
[pietma]<br />
SigLevel = Optional TrustAll<br />
Server = http://repository.pietma.com/nexus/content/repositories/archlinux/$arch/$repo<br />
</nowiki>}}<br />
<br />
==== trinity ====<br />
<br />
* '''Maintainer:''' [[User:Mmanley|Michael Manley]]<br />
* '''Description:''' [[Trinity]] Desktop Environment<br />
<br />
{{bc|<nowiki><br />
[trinity]<br />
Server = http://repo.nasutek.com/arch/contrib/trinity/$arch<br />
</nowiki>}}<br />
<br />
==== home_tarakbumba_archlinux_Arch_Extra_standard ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Contains a few pre-built AUR packages (zemberek, etc.)<br />
<br />
{{bc|<nowiki><br />
[home_tarakbumba_archlinux_Arch_Extra_standard]<br />
Server = http://download.opensuse.org/repositories/home:/tarakbumba:/archlinux/Arch_Extra_standard/$arch<br />
</nowiki>}}<br />
<br />
==== QOwnNotes ====<br />
<br />
* '''Maintainer:''' http://www.qownnotes.org<br />
* '''Description:''' QOwnNotes is a open source notepad and todo list manager with markdown support and [[ownCloud]] integration.<br />
<br />
{{bc|<nowiki><br />
[home_pbek_QOwnNotes_Arch_Extra]<br />
SigLevel = Optional TrustAll<br />
Server = http://download.opensuse.org/repositories/home:/pbek:/QOwnNotes/Arch_Extra/$arch<br />
</nowiki>}}<br />
<br />
== i686 only ==<br />
<br />
=== Signed ===<br />
<br />
==== xyne-i686 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "i686" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-i686]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' each program I'm using on x86_64 is compiled for i686 too<br />
* '''Upstream page:''' http://andrwe.org/linux/repository<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/i686<br />
</nowiki>}}<br />
<br />
==== kpiche ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Stable OpenSync packages.<br />
<br />
{{bc|<nowiki><br />
[kpiche]<br />
Server = http://kpiche.archlinux.ca/repo<br />
</nowiki>}}<br />
<br />
==== kernel26-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 2.6.39<br />
<br />
{{bc|<nowiki><br />
[kernel26-pae]<br />
Server = http://kernel26-pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
==== linux-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 3.0<br />
<br />
{{bc|<nowiki><br />
[linux-pae]<br />
Server = http://pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
== x86_64 only ==<br />
<br />
=== Signed ===<br />
<br />
==== archzfs ====<br />
<br />
* '''Maintainer:''' [http://archzfs.com Jesus Alvarez (demizer)]<br />
* '''Description:''' Packages for ZFS on Arch Linux.<br />
* '''Upstream page:''' https://github.com/archzfs/archzfs<br />
* '''Key-ID:''' 5E1ABF240EE7A126<br />
<br />
{{bc|<nowiki><br />
[archzfs]<br />
Server = http://archzfs.com/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== ashleyis ====<br />
<br />
* '''Maintainer:''' Ashley Towns ([https://aur.archlinux.org/account/ashleyis/ ashleyis])<br />
* '''Description:''' Debug versions of SDL, chipmunk, libtmx and other misc game libraries. also swift-lang and some other AUR packages <br />
* '''Key-ID:''' B1A4D311<br />
<br />
{{bc|<nowiki><br />
[ashleyis]<br />
Server = http://arch.ashleytowns.id.au/repo/$arch<br />
</nowiki>}}<br />
<br />
==== atom ====<br />
<br />
* '''Maintainer:''' Nicola Squartini ([https://github.com/tensor5 tensor5])<br />
* '''Upstream page:''' https://github.com/tensor5/arch-atom<br />
* '''Description:''' Atom text editor and Electron<br />
* '''Key-ID:''' B0544167<br />
<br />
{{bc|<nowiki><br />
[atom]<br />
Server = http://noaxiom.org/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== aurpackages ====<br />
<br />
* '''Maintainer:''' Mark Vainomaa <mikroskeem@mikroskeem.eu><br />
* '''Description:''' AUR packages I tend to use every day. Will be updated weekly<br />
* '''Key-ID:''' 2A07EF8371AFC028<br />
<br />
{{bc|<nowiki><br />
[aurpackages]<br />
SigLevel = Required<br />
Server = https://r.mikroskeem.eu<br />
</nowiki>}}<br />
<br />
==== boyska64 ====<br />
<br />
* '''Maintainer:''' boyska<br />
* '''Description:''' Personal repository: cryptography, sdr, mail handling and misc; don't expect packages to be upgraded promptly, I am a zealot of slackness<br />
* '''Key-ID:''' 0x7395DCAE58289CA9<br />
<br />
{{bc|<nowiki><br />
[boyska64]<br />
Server = http://boyska.degenerazione.xyz/archrepo<br />
</nowiki>}}<br />
<br />
==== coderkun-aur ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/coderkun/ coderkun]<br />
* '''Description:''' AUR packages with random software. Supporting package deltas and package and database signing.<br />
* '''Upstream page:''' https://www.coderkun.de/arch<br />
* '''Key-ID:''' A6BEE374<br />
* '''Keyfile:''' [https://www.coderkun.de/coderkun.asc https://www.coderkun.de/coderkun.asc]<br />
<br />
{{bc|<nowiki><br />
[coderkun-aur]<br />
Server = http://arch.coderkun.de/$repo/$arch/<br />
</nowiki>}}<br />
<br />
==== coderkun-aur-audio ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/coderkun/ coderkun]<br />
* '''Description:''' AUR packages with audio-related (realtime kernels, lv2-plugins, …) software. Supporting package deltas and package and database signing.<br />
* '''Upstream page:''' https://www.coderkun.de/arch<br />
* '''Key-ID:''' A6BEE374<br />
* '''Keyfile:''' [https://www.coderkun.de/coderkun.asc https://www.coderkun.de/coderkun.asc]<br />
<br />
{{bc|<nowiki><br />
[coderkun-aur-audio]<br />
Server = http://arch.coderkun.de/$repo/$arch/<br />
</nowiki>}}<br />
<br />
==== decryptedepsilon ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/decryptedepsilon/ decryptedepsilon]<br />
* '''Description:''' AUR packages that I usually install (dropbox, jdk, atom, spotify, tor-browser-en, paper-icon-theme-git)<br />
* '''Upstream page:''' http://www.decryptedepsilon.bl.ee/repo/x86_64<br />
* '''Key-ID:''' 60442BA4<br />
* '''Keyfile:''' [http://www.decryptedepsilon.bl.ee/decryptedepsilon.asc http://www.decryptedepsilon.bl.ee/decryptedepsilon.asc]<br />
<br />
{{bc|<nowiki><br />
[decryptedepsilon]<br />
Server = http://decryptedepsilon.bl.ee/repo/$arch/<br />
</nowiki>}}<br />
<br />
==== eatabrick ====<br />
<br />
* '''Maintainer:''' bentglasstube<br />
* '''Description:''' Packages for software written by (and a few just compiled by) bentglasstube.<br />
<br />
{{bc|<nowiki><br />
[eatabrick]<br />
SigLevel = Required<br />
Server = http://repo.eatabrick.org/$arch<br />
</nowiki>}}<br />
<br />
==== freifunk-rheinland ====<br />
<br />
* '''Maintainer:''' nomaster<br />
* '''Description:''' Packages for the Freifunk project: batman-adv, batctl, fastd and dependencies.<br />
<br />
{{bc|<nowiki><br />
[freifunk-rheinland]<br />
Server = http://mirror.fluxent.de/archlinux-custom/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== holo ====<br />
<br />
* '''Maintainer:''' Stefan Majewsky <holo-pacman@posteo.de> (please prefer to report issues at [https://github.com/majewsky/holo-pacman-repo/issues Github])<br />
* '''Description:''' Packages for [https://holocm.org Holo configuration management], including compatible plugins and tools.<br />
* '''Upstream page:''' https://github.com/majewsky/holo-pacman-repo<br />
* '''Package list:''' https://repo.holocm.org/archlinux/x86_64<br />
* '''Key-ID:''' 0xF7A9C9DC4631BD1A<br />
<br />
{{bc|<nowiki><br />
[holo]<br />
Server = https://repo.holocm.org/archlinux/x86_64<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-multilib ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle multilib repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-multilib]<br />
Server = http://bohoomil.com/repo/multilib/$arch<br />
</nowiki>}}<br />
<br />
==== linux-kalterfx ====<br />
<br />
* '''Maintainer''': Anna Ivanova ([https://aur.archlinux.org/account/kalterfive kalterfive])<br />
* '''Upstream page''': https://deadsoftware.ru/files/linux-kalterfx<br />
* '''Description''': A stable kernel with [[#Linux-pf|pf-kernel]]{{Broken section link}}, [[reiser4]] and smack<br />
* '''Key-ID''': A0C04F15<br />
* '''Keyfile''': https://keybase.io/kalterfive/key.asc<br />
<br />
{{bc|<nowiki><br />
[linux-kalterfx]<br />
Server = https://deadsoftware.ru/files/linux-kalterfx/repo/$arch<br />
</nowiki>}}<br />
<br />
==== markzz ====<br />
<br />
* '''Maintainer:''' [[User:Markzz|Mark Weiman (markzz)]]<br />
* '''Description:''' Packages that markzz maintains or uses on the AUR; this includes Linux with the vfio patchset ({{AUR|linux-vfio}} and {{AUR|linux-vfio-lts}}), and packages to maintain a Debian package repository.<br />
* '''Key ID:''' 3CADDFDD<br />
<br />
{{Note|If you want to add the key by installing the ''markzz-keyring'' package, temporarily add {{ic|1=SigLevel = Never}} into the repository section.}}<br />
<br />
{{bc|<nowiki><br />
[markzz]<br />
Server = http://repo.markzz.com/arch/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== qt-debug ====<br />
<br />
* '''Maintainer:''' [http://blog.the-compiler.org/?page_id=36 The Compiler]<br />
* '''Description:''' Qt/PyQt builds with debug symbols<br />
* '''Upstream page:''' https://github.com/qutebrowser/qt-debug-pkgbuild<br />
* '''Key-ID:''' D6A1C70FE80A0C82<br />
<br />
{{bc|<nowiki><br />
[qt-debug]<br />
Server = http://qutebrowser.org/qt-debug/$arch<br />
</nowiki>}}<br />
<br />
==== quarry ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/developers/#anatolik anatolik]<br />
* '''Description:''' Arch binary repository for [http://rubygems.org/ Rubygems] packages. See [https://bbs.archlinux.org/viewtopic.php?id=182729 forum announcement] for more information.<br />
* '''Sources:''' https://github.com/anatol/quarry<br />
* '''Key-ID:''' Not needed, as maintainer is a developer<br />
<br />
{{bc|<nowiki><br />
[quarry]<br />
Server = http://pkgbuild.com/~anatolik/quarry/x86_64/<br />
</nowiki>}}<br />
<br />
==== siosm-aur ====<br />
<br />
* '''Maintainer:''' [https://tim.siosm.fr/about/ Timothee Ravier]<br />
* '''Description:''' packages also available in the Arch User Repository, sometimes with minor fixes<br />
* '''Upstream page:''' https://tim.siosm.fr/repositories/<br />
* '''Key-ID:''' 78688F83<br />
<br />
{{bc|<nowiki><br />
[siosm-aur]<br />
Server = http://siosm.fr/repo/$repo/<br />
</nowiki>}}<br />
<br />
==== subtitlecomposer ====<br />
<br />
* '''Maintainer:''' Mladen Milinkovic (maxrd2)<br />
* '''Description:''' Subtitle Composer stable and nightly builds<br />
* '''Upstream page:''' https://github.com/maxrd2/subtitlecomposer<br />
* '''Key-ID:''' EF9D9B26<br />
<br />
{{bc|<nowiki><br />
[subtitlecomposer]<br />
Server = http://smoothware.net/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== xyne-x86_64 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "x86_64" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-x86_64]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== alucryd ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Various packages Maxime Gauduin maintains (or not) in the AUR.<br />
<br />
{{bc|<nowiki><br />
[alucryd]<br />
Server = http://pkgbuild.com/~alucryd/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== alucryd-multilib ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Various packages needed to run Steam without its runtime environment.<br />
<br />
{{bc|<nowiki><br />
[alucryd-multilib]<br />
Server = http://pkgbuild.com/~alucryd/$repo/x86_64<br />
</nowiki>}}<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' contains programs I'm using on many systems<br />
* '''Upstream page:''' http://andrwe.org/linux/repository<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/x86_64<br />
</nowiki>}}<br />
<br />
==== brtln ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bpiotrowski Bartłomiej Piotrowski]<br />
* '''Description:''' Some VCS packages.<br />
<br />
{{bc|<nowiki><br />
[brtln]<br />
Server = http://pkgbuild.com/~barthalion/brtln/$arch/<br />
</nowiki>}}<br />
<br />
==== imake ====<br />
<br />
* '''Maintainer:''' GRV <grvconstanta@gmail.com><br />
* '''Description:''' Important AUR packages that are pre-compiled and ready to install with pacman.<br />
<br />
{{bc|<nowiki><br />
[imake]<br />
SigLevel = Never<br />
Server = http://imake.ddns.net/$arch<br />
</nowiki>}}<br />
<br />
==== jkanetwork ====<br />
<br />
* '''Maintainer:''' kprkpr <kevin01010 at gmail dot com><br />
* '''Maintainer:''' Joselucross <jlgarrido97 at gmail dot com><br />
* '''Description:''' Packages of AUR like pimagizer,stepmania,yaourt,linux-mainline,wps-office,grub-customizer,some IDE.. Open for all that wants to contribute<br />
* '''Upstream page:''' http://repo.jkanetwork.com/<br />
<br />
{{bc|<nowiki><br />
[jkanetwork]<br />
Server = http://repo.jkanetwork.com/repo/$repo/<br />
</nowiki>}}<br />
<br />
==== matrixim ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/mytbk Iru Cai]<br />
* '''Description:''' Packages related to [https://matrix.org Matrix] messaging protocol, and software run on https://matrixim.cc -- my website and Matrix homeserver.<br />
<br />
{{bc|<nowiki><br />
[matrixim]<br />
Server = https://repo.matrixim.cc/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== mesa-git ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/people/trusted-users/#lcarlier Laurent Carlier]<br />
* '''Description:''' Mesa git builds for the ''testing'' and ''multilib-testing'' repositories<br />
<br />
{{bc|<nowiki><br />
[mesa-git]<br />
Server = http://pkgbuild.com/~lcarlier/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== mikroskeem ====<br />
<br />
* '''Maintainer:''' Mark Vainomaa <mikroskeem@mikroskeem.eu><br />
* '''Description:''' Openarena, i3 wm, and neovim-related packages<br />
<br />
'''NOTE:''' This repo isn't maintained anymore. It will be shut down on '''01-01-2017'''. Use my ''aurpackages'' repo instead.<br />
<br />
{{bc|<nowiki><br />
[mikroskeem]<br />
Server = https://nightsnack.cf/~mark/arch-pkgs<br />
</nowiki>}}<br />
<br />
==== mingw-w64 ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/ant32 Philip] and [https://aur.archlinux.org/account/nic96 Jeromy] Reimer<br />
* '''Description:''' Almost all mingw-w64 packages in the AUR.<br />
<br />
{{bc|<nowiki><br />
[mingw-w64]<br />
Server = http://downloads.sourceforge.net/project/mingw-w64-archlinux/$arch<br />
#Server = http://amr.linuxd.org/archlinux/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== pkgbuild-current ====<br />
<br />
* '''Maintainer''': [https://fusion809.github.io Brenton Horne] (fusion809)<br />
* '''Description''': most of the packages in the [https://github.com/fusion809/PKGBUILDs fusion809/PKGBUILDs] GitHub repository (please report bugs here). Full list of packages can be found [https://github.com/fusion809/PKGBUILDs/releases/tag/current here].<br />
* '''Upstream page''': https://fusion809.github.io/PKGBUILDs<br />
<br />
{{bc|<nowiki><br />
[pkgbuild-current]<br />
Server = https://github.com/fusion809/PKGBUILDs/releases/download/current<br />
</nowiki>}}<br />
<br />
==== pnsft-pur ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Japanese input method packages Mozc (vanilla) and libkkc<br />
<br />
{{bc|<nowiki><br />
[pnsft-pur]<br />
Server = http://downloads.sourceforge.net/project/pnsft-aur/pur/x86_64<br />
</nowiki>}}<br />
<br />
==== rakudo ====<br />
<br />
* '''Maintainer:''' spider-mario <spidermario@free.fr><br />
* '''Description:''' Rakudo Perl6<br />
<br />
{{bc|<nowiki><br />
[rakudo]<br />
Server = https://spider-mario.quantic-telecom.net/archlinux/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== zrootfs ====<br />
<br />
* '''Maintainer:''' Isabell Cowan <isabellcowan@gmail.com><br />
* '''Description:''' For Haswell and Broadwell architecture processors with size in mind.<br />
<br />
{{Note|This repo has not been maintained since 2016-03-14. There are no guarantees as to how long it will be kept online.}}<br />
<br />
{{bc|<nowiki><br />
[zrootfs]<br />
Server = https://www.izzette.com/izzi/zrootfs-old<br />
</nowiki>}}</div>StrayArchhttps://wiki.archlinux.org/index.php?title=User:StrayArch&diff=461329User:StrayArch2017-01-03T21:48:03Z<p>StrayArch: page rank again</p>
<hr />
<div>Just an enthusiast with a [http://james.stro.nz/ personal website] -- James Stronz aka [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 21:47, 3 January 2017 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=User:StrayArch&diff=461328User:StrayArch2017-01-03T21:44:14Z<p>StrayArch: page rank adjustment attempt</p>
<hr />
<div>Just an enthusiast with a [http://james.stro.nz/ personal website] [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:07, 8 December 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Syslinux&diff=461184Syslinux2017-01-03T01:48:27Z<p>StrayArch: /* Kernel parameters */ Add warning regarding the number of APPENDs used per a menu entry</p>
<hr />
<div>[[Category:Boot loaders]]<br />
[[es:Syslinux]]<br />
[[fr:Syslinux]]<br />
[[it:Syslinux]]<br />
[[ja:Syslinux]]<br />
[[ru:Syslinux]]<br />
[[tr:Syslinux]]<br />
[[zh-CN:Syslinux]]<br />
{{Related articles start}}<br />
{{Related|Arch boot process}}<br />
{{Related|Boot loaders}}<br />
{{Related articles end}}<br />
<br />
[[Wikipedia:SYSLINUX|Syslinux]] is a collection of boot loaders capable of booting from drives, CDs, and over the network via [[PXE]]. Some of the supported [[file systems]] are [[Wikipedia:File Allocation Table|FAT]], [[Wikipedia:ext2|ext2]], [[ext3]], [[ext4]], and uncompressed single-device [[Btrfs]].<br />
<br />
{{Warning|1=As of Syslinux 6.03, some of the features of the supported file systems are not supported by the bootloader; for example, the "64bit" feature of ext4 (boot) volumes. See [http://www.syslinux.org/wiki/index.php/Filesystem] for more information.}}<br />
<br />
{{Note|Syslinux, by itself, cannot access files from partitions other than its own. See [[#Chainloading]] on how to work around this.}}<br />
<br />
== BIOS Systems ==<br />
<br />
=== Boot process overview ===<br />
<br />
# '''Stage 1 : Part 1''' - '''Load MBR''' - At boot, the BIOS loads the 440 byte [[MBR]] boot code at the start of the disk ({{ic|/usr/lib/syslinux/bios/mbr.bin}} or {{ic|/usr/lib/syslinux/bios/gptmbr.bin}}). <br />
# '''Stage 1 : Part 2''' - '''Search active partition'''. The '''Stage 1 MBR boot code''' looks for the partition that is marked as active (boot flag in MBR disks). Let us assume this is the {{ic|/boot}} partition, for example.<br />
# '''Stage 2 : Part 1''' - '''Execute volume boot record''' - The '''Stage 1 MBR boot code''' executes the Volume Boot Record (VBR) of the {{ic|/boot}} partition. In the case of Syslinux, the VBR boot code is the starting sector of {{ic|/boot/syslinux/ldlinux.sys}} which is created by the {{ic|extlinux --install}} command. Note that {{ic|ldlinux.sys}} is not the same as {{ic|ldlinux.c32}}.<br />
# '''Stage 2 : Part 2''' - '''Execute {{ic|/boot/syslinux/ldlinux.sys}}''' - The VBR will load the rest of {{ic|/boot/syslinux/ldlinux.sys}}. The sector location of {{ic|/boot/syslinux/ldlinux.sys}} should not change, otherwise syslinux will not boot. {{Note|In the case of [[Btrfs]], the above method will not work since files move around resulting in changing of the sector location of {{ic|ldlinux.sys}}. Therefore, in Btrfs the entire {{ic|ldlinux.sys}} code is embedded in the space following the VBR and is not installed at {{ic|/boot/syslinux/ldlinux.sys}} unlike the case of other filesystems.}}<br />
# '''Stage 3''' - '''Load {{ic|/boot/syslinux/ldlinux.c32}}''' - The {{ic|/boot/syslinux/ldlinux.sys}} will load the {{ic|/boot/syslinux/ldlinux.c32}} (core module) that contains the rest of the '''core''' part of syslinux that could not be fit into {{ic|ldlinux.sys}} (due to file-size constraints). The {{ic|ldlinux.c32}} file should be present in every Syslinux installation and should match the version of {{ic|ldlinux.sys}} installed in the partition. Otherwise Syslinux will fail to boot. See http://bugzilla.syslinux.org/show_bug.cgi?id=7 for more info.<br />
# '''Stage 4''' - '''Search and Load configuration file''' - Once Syslinux is fully loaded, it looks for {{ic|/boot/syslinux/syslinux.cfg}} (or {{ic|/boot/syslinux/extlinux.conf}} in some cases) and loads it if it is found. If no configuration file is found, you will be dropped to a Syslinux {{ic|boot:}} prompt. This step and the rest of '''non-core''' parts of Syslinux ({{ic|/boot/syslinux/*.c32}} modules, excluding {{ic|lib*.c32}} and {{ic|ldlinux.c32}}) require {{ic|/boot/syslinux/lib*.c32}} (library) modules to be present (http://www.syslinux.org/wiki/index.php/Common_Problems#ELF). The {{ic|lib*.c32}} library modules and non-core {{ic|*.c32}} modules should match the version of {{ic|ldlinux.sys}} installed in the partition.<br />
<br />
=== Installation on BIOS ===<br />
<br />
[[Install]] the {{Pkg|syslinux}} package.<br />
<br />
{{Note|<br />
* {{Pkg|gptfdisk}} is required for [[wikipedia:GUID_Partition_Table|GPT]] support using the automated script.<br />
* If your boot partition is FAT, you will also need {{Pkg|mtools}}.<br />
}}<br />
<br />
Installing the package is not the same as installing the bootloader. After installing the relevant package(s), the bootloader code itself needs to be installed (to the adequate area, usually the VBR) so to be able to boot the system; the following sections provide alternative instructions depending on the characteristics of your particular system.<br />
<br />
==== Automatic Install ====<br />
<br />
{{Note|The {{ic|syslinux-install_update}} script is Arch specific, and is not provided/supported by Syslinux upstream. Please direct any bug reports specific to the script to the Arch Bug Tracker and not upstream.<br />
}}<br />
<br />
* After executing the {{ic|syslinux-install_update}} script, do not forget to edit {{ic|/boot/syslinux/syslinux.cfg}} by following [[#Configuration]] and [[#Kernel parameters]].<br />
<br />
{{Warning|The {{ic|syslinux-install_update}} script sets a default root partition that possibly will not match your particular system. It is important to point Syslinux to the correct root partition by editing {{ic|/boot/syslinux/syslinux.cfg}}, or the OS will fail to boot. See [[#Kernel parameters]].}}<br />
<br />
The {{ic|syslinux-install_update}} script will install Syslinux, copy {{ic|*.c32}} modules to {{ic|/boot/syslinux}}, set the boot flag and install the boot code in the MBR. It can handle [[MBR]] and [[GPT]] disks along with software RAID:<br />
<br />
If you use a separate boot partition, make sure that it is mounted. Check with {{ic|lsblk}}; if you do not see a {{ic|/boot}} mountpoint, mount it before you go any further.<br />
<br />
* Run {{ic|syslinux-install_update}} with flags: {{ic|-i}} (install the files), {{ic|-a}} (mark the partition ''active'' with the ''boot'' flag), {{ic|-m}} (install the ''MBR'' boot code): {{bc|# syslinux-install_update -i -a -m}} If this command fails with ''Syslinux BIOS install failed'', the problem is likely that the {{ic|extlinux}} binary could not find the partition containing {{ic|/boot}}: <br />
<br />
{{hc|# extlinux --install /boot/syslinux/|<br />
extlinux: cannot find device for path /boot/syslinux<br />
extlinux: cannot open device (null)<br />
}} <br />
<br />
This can happen, for example, when upgrading from [[LILO]] which, while booting a current custom kernel, turned a kernel command line parameter of say {{ic|1=root=/dev/sda1}} into its numeric equivalent {{ic|1=root=801}}, as evidenced by {{ic|/proc/cmdline}} and the output of the {{ic|mount}} command. Remedy the situation by either continuing with the manual install described below while specifying {{ic|1=--device=/dev/sda1}} to {{ic|extlinux}}, or simply by first rebooting into a stock Arch Linux kernel; its use of an initramfs avoids the problem.<br />
<br />
{{Note|<br />
* If you rebooted your system now, you would get a Syslinux prompt. To automatically boot your system or get a boot menu, you need to create (edit) the configuration file.<br />
* If you are on another root directory (e.g. from an install disk) install SYSLINUX by directing to the chroot:<br />
# syslinux-install_update -i -a -m -c /mnt/<br />
}}<br />
<br />
* Now is the time to edit {{ic|/boot/syslinux/syslinux.cfg}} by following [[#Configuration]] and [[#Kernel parameters]].<br />
<br />
==== Manual install ====<br />
<br />
{{Note|<br />
* If you are unsure of which partition table you are using (MBR or GPT), you can check using the following command<br />
# blkid -s PTTYPE -o value /dev/sda<br />
gpt<br />
<br />
* If you are trying to rescue an installed system with a live CD, be sure to [[chroot]] into it before executing these commands. If you do not chroot first, you must prepend all file paths (not {{ic|/dev/}} paths) with the mount point.<br />
}}<br />
<br />
Your boot partition, on which you plan to install Syslinux, must contain a FAT, ext2, ext3, ext4, or Btrfs file system. You should install it on a mounted directory—not a {{ic|/dev/sdXY}} device. You do not have to install it on the root directory of a file system, e.g., with device {{ic|/dev/sda1}} mounted on {{ic|/boot}}. You can install Syslinux in the {{ic|syslinux}} directory:<br />
<br />
# mkdir /boot/syslinux<br />
# cp /usr/lib/syslinux/bios/*.c32 /boot/syslinux/ ## copy ALL the *.c32 files from /usr/lib/syslinux/bios/, DO NOT SYMLINK<br />
# extlinux --install /boot/syslinux/<br />
<br />
After this, proceed to install the Syslinux boot code ({{ic|mbr.bin}} or {{ic|gptmbr.bin}}) to the Master Boot Record 440-byte boot code region (not to be confused with MBR aka msdos partition table) of the disk, as described in the next sections, respectively.<br />
<br />
{{Note|For a partitionless install, there is no need to install the Syslinux boot code to the MBR. You could skip below and jump to [[#Configuration]]. See [https://unix.stackexchange.com/questions/103501/boot-partiotionless-disk-with-syslinux].}}<br />
<br />
===== MBR partition table =====<br />
<br />
See the main article: [[Master Boot Record]].<br />
<br />
Next, you need to mark your boot partition as "active" in your partition table. Applications capable of doing this include {{ic|fdisk}}, {{ic|cfdisk}}, {{ic|sfdisk}}, {{ic|parted/gparted}} ("boot" flag). It should look like this:<br />
{{hc|# fdisk -l /dev/sda|<br />
[...]<br />
Device Boot Start End Blocks Id System<br />
/dev/sda1 * 2048 104447 51200 83 Linux<br />
/dev/sda2 104448 625142447 312519000 83 Linux<br />
}}<br />
<br />
Install the MBR:<br />
# dd bs=440 count=1 if=/usr/lib/syslinux/bios/mbr.bin of=/dev/sda<br />
<br />
An alternative MBR which Syslinux provides is: {{ic|altmbr.bin}}. This MBR does ''not'' scan for bootable partitions; instead, the last byte of the MBR is set to a value indicating which partition to boot from. Here is an example of how {{ic|altmbr.bin}} can be copied into position:<br />
# printf '\x5' | cat /usr/lib/syslinux/bios/altmbr.bin - | dd bs=440 count=1 iflag=fullblock of=/dev/sda<br />
<br />
In this case, a single byte of value 5 (hexadecimal) is appended to the contents of {{ic|altmbr.bin}} and the resulting 440 bytes are written to the MBR on device {{ic|sda}}. Syslinux was installed on the first logical partition ({{ic|/dev/sda5}}) of the disk.<br />
<br />
===== GUID partition table =====<br />
<br />
See the main article: [[GUID Partition Table]].<br />
<br />
Bit 2 of the attributes ("legacy_boot" attribute) needs to be set for the {{ic|/boot}} partition:.<br />
# sgdisk /dev/sda --attributes=1:set:2<br />
<br />
This would toggle the attribute ''legacy BIOS bootable'' on partition 1. To check:<br />
{{hc|<nowiki># sgdisk /dev/sda --attributes=1:show</nowiki>|<br />
1:2:1 (legacy BIOS bootable)<br />
}}<br />
<br />
Install the MBR:<br />
# dd bs=440 conv=notrunc count=1 if=/usr/lib/syslinux/bios/gptmbr.bin of=/dev/sda<br />
<br />
If this does not work, you can also try:<br />
# syslinux-install_update -i -m<br />
<br />
== UEFI Systems ==<br />
<br />
{{Note|<br />
* {{ic|efi64}} denotes x86_64 UEFI systems, for IA32 (32-bit) EFI replace {{ic|efi64}} with {{ic|efi32}} in the below commands.<br />
<br />
* For Syslinux, the kernel and initramfs files need to be in the [[EFI System Partition]] (aka ESP), as Syslinux does not (currently) have the ability to access files outside its own partition (i.e. outside ESP in this case). For this reason, it is recommended to mount ESP at {{ic|/boot}}.<br />
<br />
* The automatic install script {{ic|/usr/bin/syslinux-install_update}} does not support UEFI install.<br />
<br />
* The configuration syntax of {{ic|syslinux.cfg}} for UEFI is same as that of BIOS.<br />
}}<br />
<br />
=== Limitations of UEFI Syslinux ===<br />
<br />
* UEFI Syslinux application {{ic|syslinux.efi}} cannot be signed by {{ic|sbsign}} (from sbsigntool) for UEFI Secure Boot. Bug report: [http://bugzilla.syslinux.org/show_bug.cgi?id=8]<br />
* Using TAB to edit kernel parameters in UEFI Syslinux menu might lead to garbaged display (text on top of one another). Bug report: [http://bugzilla.syslinux.org/show_bug.cgi?id=9]<br />
* UEFI Syslinux does not support chainloading other EFI applications like {{ic|UEFI Shell}} or {{ic|Windows Boot Manager}}. Enhancement request: [http://bugzilla.syslinux.org/show_bug.cgi?id=17]<br />
* In some cases, UEFI Syslinux might not boot in some Virtual Machines like QEMU/OVMF or VirtualBox or some VMware products/versions and in some UEFI emulation environments like DUET. A Syslinux contributor has confirmed no such issues present on VMware Workstation 10.0.2 and Syslinux-6.02 or later. Bug reports: [http://bugzilla.syslinux.org/show_bug.cgi?id=21], [http://bugzilla.syslinux.org/show_bug.cgi?id=23] and [http://bugzilla.syslinux.org/show_bug.cgi?id=72]<br />
* Memdisk is not available for UEFI. Enhancement request: [http://bugzilla.syslinux.org/show_bug.cgi?id=30]<br />
<br />
=== Installation on UEFI ===<br />
<br />
{{Note|In the commands related to UEFI, {{ic|''esp''}} denotes the mountpoint of the [[EFI System Partition]] aka ESP.}}<br />
<br />
* Install the {{Pkg|syslinux}} and {{Pkg|efibootmgr}} packages from the [[official repositories]]. Then setup Syslinux in the ESP as follows:<br />
<br />
* Copy Syslinux files to ESP:<br />
<br />
# mkdir -p ''esp''/EFI/syslinux<br />
# cp -r /usr/lib/syslinux/efi64/* ''esp''/EFI/syslinux/<br />
<br />
* Setup boot entry for Syslinux using [[Unified Extensible Firmware Interface#efibootmgr|efibootmgr]]:<br />
<br />
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/syslinux/syslinux.efi -L "Syslinux"<br />
<br />
where {{ic|/dev/sdXY}} is the partition containing the bootloader.<br />
<br />
* Create or edit {{ic|''esp''/EFI/syslinux/syslinux.cfg}} by following [[#Configuration]].<br />
<br />
{{Note|The config file for UEFI is {{ic|''esp''/EFI/syslinux/syslinux.cfg}}, not {{ic|/boot/syslinux/syslinux.cfg}}. Files in {{ic|/boot/syslinux/}} are BIOS specific and not related to UEFI Syslinux.}}<br />
<br />
{{Note|When booted in BIOS mode, {{Pkg|efibootmgr}} will not be able to set EFI nvram entry for {{ic|/efi/syslinux/syslinux.efi}}. To work around, place resources at the default EFI location: {{ic|''esp''/EFI/syslinux/* -> ''esp''/EFI/BOOT/*}} and {{ic|''esp''/EFI/syslinux/syslinux.efi -> ''esp''/EFI/BOOT/bootx64.efi}}<br />
}}<br />
<br />
== Configuration ==<br />
<br />
The Syslinux configuration file, {{ic|syslinux.cfg}}, should be created in the same directory where you installed Syslinux. In our case, {{ic|/boot/syslinux/}} for BIOS systems and {{ic|''esp''/EFI/syslinux/}} for UEFI systems.<br />
<br />
The bootloader will look for either {{ic|syslinux.cfg}} (preferred) or {{ic|extlinux.conf}}<br />
<br />
{{Tip|<br />
* Instead of {{ic|LINUX}}, the keyword {{ic|KERNEL}} can also be used. {{ic|KERNEL}} tries to detect the type of the file, while {{ic|LINUX}} always expects a Linux kernel. <br />
* {{ic|TIMEOUT}} value is in units of '''0.1 seconds'''.<br />
}}<br />
<br />
=== Examples ===<br />
<br />
{{Note|<br />
* Any configuration file found in the examples needs to be edited to set the proper kernel parameters. See section [[#Kernel parameters]].<br />
* Please, pay close attention to the paths. The examples may not be suitable for your installation, especially when using UEFI.<br />
}}<br />
<br />
==== Boot prompt ====<br />
This is a simple configuration file that will show a {{ic|boot:}} prompt and will automatically boot after 5 seconds. If you want to boot directly without seeing a prompt, set {{ic|PROMPT}} to {{ic|0}}.<br />
<br />
Configuration:<br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
PROMPT 1<br />
TIMEOUT 50<br />
DEFAULT arch<br />
<br />
LABEL arch<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux.img<br />
<br />
LABEL archfallback<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux-fallback.img</nowiki><br />
}}<br />
<br />
==== Text boot menu ====<br />
<br />
Syslinux also allows you to use a boot menu. To use it, copy the {{ic|menu}} module to your Syslinux directory:<br />
# cp /usr/lib/syslinux/bios/menu.c32 /boot/syslinux/<br />
<br />
Copying additional {{ic|lib*.c32}} library modules might be needed too.<br />
<br />
Configuration:<br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
UI menu.c32<br />
PROMPT 0<br />
<br />
MENU TITLE Boot Menu<br />
TIMEOUT 50<br />
DEFAULT arch<br />
<br />
LABEL arch<br />
MENU LABEL Arch Linux<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux.img<br />
<br />
LABEL archfallback<br />
MENU LABEL Arch Linux Fallback<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux-fallback.img</nowiki><br />
}}<br />
<br />
For more details about the menu system, see [http://www.syslinux.org/wiki/index.php/Menu the Syslinux wiki].<br />
<br />
==== Graphical boot menu ====<br />
<br />
Syslinux also allows you to use a graphical boot menu. To use it, copy the {{ic|vesamenu}} COM32 module to your Syslinux folder:<br />
# cp /usr/lib/syslinux/bios/vesamenu.c32 /boot/syslinux/<br />
<br />
Copying additional {{ic|lib*.c32}} library modules might be needed too.<br />
<br />
{{Note| If you are using [[UEFI]], make sure to copy from {{ic|/usr/lib/syslinux/efi64/}} ({{ic|efi32}} for i686 systems), otherwise you will be presented with a black screen. In that case, boot from a live medium and use [[chroot]] to make the appropriate changes.}}<br />
<br />
This configuration uses the same menu design as the Arch Install CD, its config can be found at [https://projects.archlinux.org/archiso.git/tree/configs/releng/syslinux projects.archlinux.org]. The [https://projects.archlinux.org/archiso.git/plain/configs/releng/syslinux/splash.png Arch Linux background image] can be downloaded from there, too. Copy the image to {{ic|/boot/syslinux/splash.png}}.<br />
<br />
Configuration:<br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
UI vesamenu.c32<br />
DEFAULT arch<br />
PROMPT 0<br />
MENU TITLE Boot Menu<br />
MENU BACKGROUND splash.png<br />
TIMEOUT 50<br />
<br />
MENU WIDTH 78<br />
MENU MARGIN 4<br />
MENU ROWS 5<br />
MENU VSHIFT 10<br />
MENU TIMEOUTROW 13<br />
MENU TABMSGROW 11<br />
MENU CMDLINEROW 11<br />
MENU HELPMSGROW 16<br />
MENU HELPMSGENDROW 29<br />
<br />
# Refer to http://www.syslinux.org/wiki/index.php/Comboot/menu.c32<br />
<br />
MENU COLOR border 30;44 #40ffffff #a0000000 std<br />
MENU COLOR title 1;36;44 #9033ccff #a0000000 std<br />
MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all<br />
MENU COLOR unsel 37;44 #50ffffff #a0000000 std<br />
MENU COLOR help 37;40 #c0ffffff #a0000000 std<br />
MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std<br />
MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std<br />
MENU COLOR msg07 37;40 #90ffffff #a0000000 std<br />
MENU COLOR tabmsg 31;40 #30ffffff #00000000 std<br />
<br />
<br />
LABEL arch<br />
MENU LABEL Arch Linux<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux.img<br />
<br />
<br />
LABEL archfallback<br />
MENU LABEL Arch Linux Fallback<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 rw<br />
INITRD ../initramfs-linux-fallback.img</nowiki><br />
}}<br />
<br />
Since Syslinux 3.84, {{ic|vesamenu.c32}} supports the {{ic|MENU RESOLUTION $WIDTH $HEIGHT}} directive.<br />
To use it, insert {{ic|MENU RESOLUTION 1440 900}} into your config for a 1440x900 resolution.<br />
However, the background picture has to have exactly the right resolution, as Syslinux will otherwise refuse to load the menu.<br />
<br />
To center the menu and adjust resolution, use {{ic|MENU RESOLUTION}}, {{ic|MENU HSHIFT $N}} and {{ic|MENU VSHIFT $N}} where {{ic|$N}} is a positive number. The default values are both {{ic|0}} which is the upper-left hand corner of your monitor. Conversely, a negative number starts from the opposite end of the screen (e.g. {{ic|VHSHIFT -4}} would be 4 rows from the bottom of the screen).<br />
<br />
To move the menu to the center, add or edit these values:<br />
<br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
MENU RESOLUTION 800 600 # or whatever your screen resolution is<br />
MENU WIDTH 78 # width of the menu also required to bring the menu box to size<br />
MENU VSHIFT 10 # moves menu down<br />
MENU HSHIFT 10 # moves menu right<br />
</nowiki><br />
}}<br />
<br />
VESA standards are commonly a maximum of 25 rows and 80 columns, so going higher than those values might move the menu off the screen, potentially requiring editing from a rescue CD.<br />
<br />
=== Kernel parameters ===<br />
<br />
The [[kernel parameters]] are set using the {{ic|APPEND}} line in {{ic|syslinux.cfg}}. It is recommended to make the following changes for the fallback entry as well.<br />
<br />
{{Warning|1=It is suggested that only one {{ic|APPEND}} is used per a menu entry. Having more than one entry may result in a failure to boot.}}<br />
<br />
'''In the simplest case''', the partition name in the {{ic|root}} parameter needs to be replaced. Change {{ic|/dev/sda2}} to point to the correct root partition.<br />
<br />
APPEND root=/dev/sda2<br />
<br />
'''If you want to use [[UUID]]''' for [[persistent block device naming]] change the {{ic|APPEND}} line as follows, substituting {{ic|1234}} with the {{ic|UUID}} of your root partition:<br />
<br />
APPEND root=UUID=''1234'' rw<br />
<br />
'''If you use encryption''' [[LUKS]] change the {{ic|APPEND}} line to use your encrypted volume:<br />
<br />
APPEND root=/dev/mapper/''group''-''name'' cryptdevice=/dev/sda2:''name'' rw<br />
<br />
'''If you are using software''' [[Wikipedia:RAID|RAID]] using [http://neil.brown.name/blog/mdadm mdadm], change the {{ic|APPEND}} line to accommodate your RAID arrays. As an example the following accommodates three RAID 1 arrays and sets the appropriate one as root:<br />
<br />
APPEND root=/dev/md1 rw md=0,/dev/sda2,/dev/sdb2 md=1,/dev/sda3,/dev/sdb3 md=2,/dev/sda4,/dev/sdb4<br />
<br />
If booting from a software raid partition fails using the kernel device node method above an alternative, a more reliable, way is to use partition labels:<br />
<br />
APPEND root=LABEL=THEROOTPARTITIONLABEL rw<br />
<br />
'''If booting a [[btrfs]] subvolume''', amend the {{ic|APPEND}} line with {{ic|rootflags<nowiki>=</nowiki>subvol<nowiki>=</nowiki><root subvolume>}}. For example, where {{ic|/dev/sda2}} has been mounted as a btrfs subvolume called 'ROOT' (e.g. {{ic|mount -o noatime,subvol<nowiki>=</nowiki>ROOT /dev/sda2 /mnt}}), then the {{ic|APPEND}} line would need to be modified as follows:<br />
APPEND root=/dev/sda2 rw rootflags=subvol=ROOT<br />
<br />
A failure to do so will otherwise result in the following error message: {{ic|ERROR: Root device mounted successfully, but /sbin/init does not exist.}}<br />
<br />
=== Auto boot ===<br />
<br />
If you do not want to see the Syslinux menu at all, use the [[#Boot prompt]], and set {{ic|PROMPT}} to {{ic|0}} and comment out any {{ic|UI}} menu entries. Setting the {{ic|TIMEOUT}} variable to {{ic|0}} might also be a good idea. Make sure there is a {{ic|DEFAULT}} set in your {{ic|syslinux.cfg}}. Holding either {{ic|Shift}} or {{ic|Alt}}, or setting either {{ic|Caps Lock}} or {{ic|Scroll Lock}}, during boot will allow for options other than default to be used.<br />
See the [http://www.syslinux.org/wiki/index.php/Directives/special_keys upstream wiki] for additional alternatives.<br />
<br />
=== Security ===<br />
<br />
Syslinux has two levels of bootloader security: a menu master password, and a per-menu-item password. In {{ic|syslinux.cfg}}, use<br />
{{bc|<br />
MENU MASTER PASSWD passwd <br />
}}<br />
to set a master bootloader password, and<br />
{{bc|<br />
MENU PASSWD passwd <br />
}}<br />
within a {{ic|LABEL}} block to password-protect individual boot items.<br />
<br />
The passwd can be either a cleartext password or hashed: [http://www.syslinux.org/wiki/index.php/Comboot/menu.c32 see official documentation].<br />
<br />
=== Chainloading ===<br />
<br />
{{Note|Syslinux BIOS cannot directly chainload files located on other partitions; however, {{ic|chain.c32}} can boot a partition boot sector (VBR).}}<br />
<br />
If you want to chainload other operating systems (such as Windows) or boot loaders, copy the {{ic|chain.c32}} module to the Syslinux directory (additional {{ic|lib*.c32}} library modules might be needed too; for details, see the instructions in the previous section). Then create a section in the configuration file:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
...<br />
LABEL windows<br />
MENU LABEL Windows<br />
COM32 chain.c32<br />
APPEND hd0 3<br />
...<br />
}}<br />
<br />
{{ic|hd0 3}} is the third partition on the first BIOS drive - drives are counted from zero, but partitions are counted from one. <br />
<br />
{{note|For Windows, this skips the system's own boot manager ({{ic|bootmgr}}), which is required for a few important updates ([http://support.microsoft.com/kb/2883200 eg.]) to complete. In such cases it may be advisable to temporarily set the MBR boot flag to the Windows partition (eg. with [[GParted]]), let the update finish installing, and then reset the flag to the Syslinux partition (eg. with Windows's own [http://www.online-tech-tips.com/computer-tips/set-active-partition-vista-xp DiskPart]).}}<br />
<br />
If you are unsure about which drive your BIOS thinks is "first", you can instead use the MBR identifier, or if you are using GPT, the filesystem labels. To use the MBR identifier, run the command<br />
{{hc|# fdisk -l /dev/sdb|<nowiki><br />
Disk /dev/sdb: 128.0 GB, 128035676160 bytes <br />
255 heads, 63 sectors/track, 15566 cylinders, total 250069680 sectors<br />
Units = sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disk identifier: 0xf00f1fd3<br />
<br />
Device Boot Start End Blocks Id System<br />
/dev/sdb1 2048 4196351 2097152 7 HPFS/NTFS/exFAT<br />
/dev/sdb2 4196352 250066943 122935296 7 HPFS/NTFS/exFAT</nowiki><br />
}}<br />
<br />
replacing {{ic|/dev/sdb}} with the drive you wish to chainload. Using the hexadecimal number under Disk identifier: {{ic|0xf00f1fd3}} in this case, the syntax in {{ic|syslinux.cfg}} is<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
...<br />
LABEL windows<br />
MENU LABEL Windows<br />
COM32 chain.c32<br />
APPEND mbr:0xf00f1fd3<br />
...<br />
}}<br />
<br />
For more details about chainloading, see [http://www.syslinux.org/wiki/index.php/Comboot/chain.c32 the Syslinux wiki].<br />
<br />
If you have [[GRUB]] installed on the same partition, you can chainload it by using: <br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
...<br />
LABEL grub2<br />
MENU LABEL Grub2<br />
COM32 chain.c32<br />
append file=../grub/boot.img<br />
...</nowiki><br />
}}<br />
Alternatively, it is also possible to load [[GRUB]] as a linux kernel by prepending {{ic|lnxboot.img}} to {{ic|core.img}}. The file {{ic|lnxboot.img}} is part of {{ic|core/grub}} and can be found in {{ic|/usr/lib/grub/i386-pc}}.<br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
...<br />
LABEL grub2lnx<br />
MENU LABEL Grub2 (lnxboot)<br />
LINUX ../grub/i386-pc/lnxboot.img<br />
INITRD ../grub/i386-pc/core.img<br />
...</nowiki><br />
}}<br />
This may be required for booting from ISO images.<br />
<br />
=== Chainloading other Linux systems ===<br />
{{Accuracy|Among other inaccuracies... 1_ There is no obligation to install yet another boot loader if you already have one related to the other partition/OS (e.g. GRUB2 installed in the MBR or in the VBR of the partition being chainloaded to). 2_ Syslinux (in any of its derivatives) is never "installed to the MBR", so mentioning the MBR in this section without any explanation of what it is being meant or how to do it in practical terms is just adding confusion. 3_ Typos and misspelling. 4_No need to explain (yet again) how to install some (other) bootloader to some (other) partition / OS; just how to chainload from Syslinux to that other partition / bootloader / OS.}}<br />
Chainloading another bootloader such as Windows' is pretty obvious, as there is a definite bootloader to chain to. But with Syslinux, it is only able to load files residing on the same partition as the configuration file. Thus, if you have another version of Linux on a separate partition, without a shared {{ic|/boot}}, it becomes ''necessary'' to employ EXTLINUX rather than the other OS's default bootloader (eg. GRUB2). Essentially, EXTLINUX can be installed on the partition superblock/[[wikipedia:Volume_boot_record|VBR]] and be called as a ''separate bootloader'' right from the MBR installed by Syslinux. EXTLINUX is part of The Syslinux Project and is included with the {{Pkg|syslinux}} package.<br />
<br />
The following instructions assume you have Syslinux installed already. These instructions will also assume that the typical Arch Linux configuration path of {{ic|/boot/syslinux}} is being used and the chainloaded system's {{ic|/}} is on {{ic|/dev/sda3}}. <br />
<br />
From a booted Linux (likely the partition that Syslinux is set up to boot), mount the other system's root partition to your desired mount point. In this example this will be {{ic|/mnt}}. Also, if a separate {{ic|/boot}} partition is used on the second operating system, that will also need to be mounted. The example assumes this is {{ic|/dev/sda2}}.<br />
# mount /dev/sda3 /mnt<br />
# mount /dev/sda2 /mnt/boot (only necessary for separate /boot)<br />
Install EXTLINUX to the partition VBR, and copy necessary {{ic|*.c32}} files<br />
# extlinux -i /mnt/boot/syslinux/ (first create the directory if necessary)<br />
# cp /usr/lib/syslinux/bios/*.c32 /mnt/boot/syslinux<br />
<br />
Create {{ic|/mnt/boot/syslinux/syslinux.cfg}}. You can use the other Linux's bootloader menu file for reference. Below is an example:<br />
{{hc|/mnt/boot/syslinux/syslinux.cfg '''on /dev/sda3'''|<nowiki><br />
timeout 10<br />
<br />
ui menu.c32<br />
<br />
label OtherLinux<br />
linux /boot/vmlinuz-linux<br />
initrd /boot/initramfs-linux.img<br />
append root=/dev/sda3 rw quiet<br />
<br />
label MAIN<br />
com32 chain.c32<br />
append hd0 0</nowiki><br />
}}<br />
<br />
And then add an entry to your main syslinux.cfg <br />
{{hc|/boot/syslinux/syslinux.cfg|<nowiki><br />
label OtherLinux<br />
com32 chain.c32<br />
append hd0 3</nowiki><br />
}}<br />
<br />
taken from [[User:Djgera|Djgera's user wiki page]].<br />
<br />
Note that the other Linux entry in {{ic|<other-OS>/boot/syslinux/syslinux.cfg}} will need to be edited each time you update this OS's kernel unless it has symlinks to its latest kernel and initrd in '''/'''. Since we are booting the kernel directly and not chainloading the other-OS's default bootloader.<br />
<br />
=== Using memtest ===<br />
<br />
Install {{Pkg|memtest86+}} from the [[official repositories]].<br />
<br />
Use this {{ic|LABEL}} section to launch [[Wikipedia:Memtest86|memtest]]:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
...<br />
LABEL memtest<br />
MENU LABEL Memtest86+<br />
LINUX ../memtest86+/memtest.bin<br />
...<br />
}}<br />
''<br />
{{Note|If you are using PXELINUX, change the name from ''memtest.bin'' to ''memtest'' since PXELINUX treats the file with .bin extension as a boot sector and loads only 2KB of it.}}<br />
<br />
=== HDT ===<br />
<br />
[http://hdt-project.org/ HDT (Hardware Detection Tool)] displays hardware information. Like before, the {{ic|.c32}} file has to be copied from {{ic|/boot/syslinux/}}. Additional {{ic|lib*.c32}} library modules might be needed too.<br />
For PCI info, copy {{ic|/usr/share/hwdata/pci.ids}} to {{ic|/boot/syslinux/pci.ids}} and add the following to your configuration file:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
LABEL hdt<br />
MENU LABEL Hardware Info<br />
COM32 hdt.c32<br />
}}<br />
<br />
=== Reboot and power off ===<br />
<br />
{{Note|As of Syslinux 6.03, {{ic|poweroff.c32}} only works with APM and not with ACPI. For a possible solution, see [http://www.syslinux.org/archives/2012-March/017661.html this thread] .}}<br />
<br />
Use the following sections to reboot or power off your machine:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
LABEL reboot<br />
MENU LABEL Reboot<br />
COM32 reboot.c32<br />
<br />
LABEL poweroff<br />
MENU LABEL Power Off<br />
COM32 poweroff.c32<br />
}}<br />
<br />
=== Clear menu ===<br />
<br />
To clear the screen when exiting the menu, add the following line:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
MENU CLEAR<br />
}}<br />
<br />
=== Keyboard layout ===<br />
<br />
If you often have to edit your boot command with diverse parameters in the Syslinux boot prompt, then you might want to remap your keyboard layout. This allows you to enter "=", "/" and other characters easily on a non-US keyboard.<br />
<br />
{{note|keytab-lilo is a perl script invoking the "loadkeys" program.}}<br />
<br />
To create a compatible keymap (e.g. a german one) run:<br />
# keytab-lilo /usr/share/kbd/keymaps/i386/qwerty/us.kmap.gz /usr/share/kbd/keymaps/i386/qwertz/de.kmap.gz > /boot/syslinux/de.ktl<br />
<br />
Now edit {{ic|syslinux.cfg}} and add:<br />
<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
KBDMAP de.ktl<br />
}}<br />
<br />
See the [http://www.syslinux.org/wiki/index.php/Directives/kbdmap Syslinux wiki] for more details.<br />
<br />
=== Hiding the menu ===<br />
<br />
Use the option:<br />
{{hc|/boot/syslinux/syslinux.cfg|<br />
MENU HIDDEN<br />
}}<br />
to hide the menu while displaying only the timeout. Press any key to bring up the menu.<br />
<br />
=== Pxelinux ===<br />
<br />
{{Note|For UEFI, Syslinux uses the same binary for disk booting and network booting. Loading files from TFTP or other network protocols will require network booting Syslinux. }}<br />
<br />
[[Syslinux|PXELINUX]] is provided by the {{Pkg|syslinux}} package.<br />
<br />
For BIOS clients, copy the {{ic|<nowiki>{l,}pxelinux.0</nowiki>}} bootloader to the boot directory of the client. For version 5.00 and newer, also copy {{ic|ldlinux.c32}} from the same package:<br />
<br />
# cp /usr/lib/syslinux/bios/pxelinux.0 "''TFTP_root''/boot"<br />
# cp /usr/lib/syslinux/bios/ldlinux.c32 "''TFTP_root''/boot"<br />
# mkdir "''TFTP_root''/boot/pxelinux.cfg"<br />
<br />
We also created the {{ic|pxelinux.cfg}} directory, which is where PXELINUX searches for configuration files by default. Because we do not want to discriminate between different host MACs, we then create the {{ic|default}} configuration.<br />
<br />
{{hc|''TFTP_root''/boot/pxelinux.cfg/default|<nowiki><br />
default linux<br />
<br />
label linux<br />
kernel vmlinuz-linux<br />
append initrd=initramfs-linux.img quiet ip=:::::eth0:dhcp nfsroot=10.0.0.1:/arch<br />
</nowiki>}}<br />
<br />
Or if you are using NBD, use the following append line:<br />
<br />
{{bc|<nowiki>append ro initrd=initramfs-linux.img ip=:::::eth0:dhcp nbd_host=10.0.0.1 nbd_name=arch root=/dev/nbd0</nowiki>}}<br />
<br />
{{Note|You will need to change {{ic|nbd_host}} and/or {{ic|nfsroot}}, respectively, to match your network configuration (the address of the NFS/NBD server)}}<br />
<br />
PXELINUX uses the same configuration syntax as SYSLINUX; refer to the upstream documentation for more information.<br />
<br />
The kernel and initramfs will be transferred via TFTP, so the paths to those are going to be relative to the TFTP root. Otherwise, the root filesystem is going to be the NFS mount itself, so those are relative to the root of the NFS server.<br />
<br />
To actually load PXELINUX, replace {{ic|filename "/grub/i386-pc/core.0";}} in {{ic|/etc/dhcpd.conf}} with {{ic|filename "/pxelinux.0"}} (or with {{ic|filename "/lpxelinux.0"}}).<br />
<br />
=== Booting ISO9660 image files with memdisk ===<br />
<br />
Syslinux supports booting from ISO images directly using the [http://www.syslinux.org/wiki/index.php/MEMDISK memdisk] module, see [[Multiboot USB drive#Using Syslinux and memdisk]] for examples.<br />
<br />
=== Serial console ===<br />
<br />
{{Merge|Working with the serial console|General page about topic not specific to Syslinux, already provides examples for GRUB.}}<br />
<br />
To enable Serial Console add the {{ic|SERIAL port [baudrate]}} to the top of {{ic|syslinux.cfg}} file. "port" is a number (0 for {{ic|/dev/ttyS0}}), if "baudrate" is omitted, the baud rate default is 9600 bps. The serial parameters are hardcoded to 8 bits, no parity and 1 stop bit.[http://www.syslinux.org/wiki/index.php/SYSLINUX#SERIAL_port_.5Bbaudrate_.5Bflowcontrol.5D.5D]<br />
<br />
{{hc|syslinux.cfg|<br />
SERIAL 0 115200<br />
}}<br />
<br />
Enable Serial Console in the kernel at boot by adding {{ic|1=console=tty0 console=ttyS0,115200n8}} to the {{ic|APPEND}} option.[http://www.mjmwired.net/kernel/Documentation/kernel-parameters.txt#681]<br />
<br />
{{hc|syslinux.cfg|2=<br />
APPEND root=UUID=126ca36d-c853-4f3a-9f46-cdd49d034ce4 rw console=tty0 console=ttyS0,115200n8<br />
}}<br />
<br />
How to do this with GRUB: [[Working with the serial console#GRUB2 and systemd]]<br />
<br />
== Troubleshooting ==<br />
<br />
=== Failed to load ldlinux ===<br />
<br />
An error message such as "Failed to load ldlinux.c32" during the initial boot can be triggered by many diverse reasons.<br />
One potential reason could be a change in file system tools or in a file system structure, depending on its own version.<br />
For instance, newer ext4 file systems might be created with its "64bit" feature enabled by default (whereas its "64bit" feature is only set manually, not by default, in older versions of mke2fs).<br />
This is just one example; file systems other than ext4 could also be affected by changes in their own structures and/or respective tools, thus also affecting bootloaders' behavior.<br />
<br />
{{Warning|1=As of Syslinux 6.03, some of the features of the supported file systems are not supported by the bootloader; for example, the "64bit" feature of ext4 (boot) volumes. See [http://www.syslinux.org/wiki/index.php/Filesystem] for more information.}}<br />
<br />
{{Note|1=There is no direct and unique correspondence between a message such as {{ic|Failed to load ldlinux.c32}} and a problem related to the file system:<br />
* Other alternative symptoms, instead of this message, could also indicate a problem related to the file system.<br />
* The message does not necessarily mean that the problem is related to the file system; there are other possible reasons for this type of messages.}}<br />
<br />
See also [http://www.syslinux.org/wiki/index.php/Common_Problems#Failed_to_load_ldlinux] (the whole page might be relevant for troubleshooting too).<br />
<br />
=== Using the Syslinux prompt===<br />
<br />
You can type in the {{ic|LABEL}} name of the entry that you want to boot (as per your {{ic|syslinux.cfg}}). If you used the example configurations, just type:<br />
boot: arch<br />
<br />
If you get an error that the configuration file could not be loaded, you can pass your needed boot parameters, e.g.:<br />
boot: ../vmlinuz-linux root=/dev/sda2 rw initrd=../initramfs-linux.img<br />
<br />
If you do not have access to {{ic|boot:}} in [[Ramdisk|ramfs]], and therefore temporarily unable to boot the kernel again,<br />
:1. Create a temporary directory, in order to mount your root partition (if it does not exist already):<br />
# mkdir -p /new_root<br />
:2. Mount {{ic|/}} under {{ic|/new_root}} (in case {{ic|/boot/}} is on the same partition, otherwise you will need to mount them both):<br />
{{Note|Busybox cannot mount {{ic|/boot}} if it is on its own ext2 partition.}}<br />
# mount /dev/sd[a-z][1-9] /new_root<br />
<br />
:3. Use {{ic|vim}} and edit {{ic|syslinux.cfg}} again to suit your needs and save file.<br />
:4. Reboot.<br />
<br />
=== Fsck fails on root partition ===<br />
<br />
In the case of a badly corrupted root partition (in which the journal is damaged), in the ramfs emergency shell, mount the root file system:<br />
<br />
# mount /dev/''root partition'' /new_root<br />
And grab the tune2fs binary from the root partition (it is not included in Syslinux):<br />
# cp /new_root/sbin/tune2fs /sbin/<br />
<br />
Follow the instructions at [[Fsck#ext2fs_:_no_external_journal|ext2fs: no external journal]] to create a new journal for the root partition.<br />
<br />
=== No Default or UI found on some computers ===<br />
<br />
Certain motherboard manufacturers have less compatibility for booting from USB devices than others. While an ext4 formatted USB drive may boot on a more recent computer, some computers may hang if the boot partition containing the ''kernel'' and ''initrd'' are not on a FAT16 partition. To prevent an older machine from loading {{ic|ldlinux}} and failing to read {{ic|syslinux.cfg}}, use {{ic|cfdisk}} to create a FAT16 partition (<=2GB) and format using {{Pkg|dosfstools}}:<br />
# mkfs.msdos -F 16 /dev/sda1<br />
<br />
then install and configure Syslinux.<br />
<br />
=== Missing operating system ===<br />
<br />
* Check that you have installed {{ic|gptmbr.bin}} for GPT and {{ic|mbr.bin}} for msdos partition table. A "Missing operating system" message comes from {{ic|mbr.bin}} while {{ic|gptmbr.bin}} would show a "Missing OS" message.<br />
<br />
* Check whether the partition that contains {{ic|/boot}} has the "boot" flag enabled.<br />
<br />
* Check whether the first partition at the boot device starts at sector 1 rather than sector 63 or 2048. Check this with {{ic|fdisk -l}}. If it starts at sector 1, you can move the partition(s) with {{ic|gparted}} from a rescue disk. Or, if you have a separate boot partition, you can back up {{ic|/boot}} with <br />
# cp -a /boot /boot.bak<br />
and then boot up with the Arch install disk. Next, use {{ic|cfdisk}} to delete the {{ic|/boot}} partition, and recreate it. This time it should begin at the proper sector, '''63'''. Now mount your partitions and {{ic|chroot}} into your mounted system, as described in the beginners guide. Restore {{ic|/boot}} with the command<br />
# cp -a /boot.bak/* /boot<br />
Check if {{ic|/etc/fstab}} is correct, run:<br />
# syslinux-install_update -iam<br />
and reboot.<br />
<br />
You will also get this error if you are trying to boot from a md [[RAID]] 1 array and created the array with a too new version of the metadata that Syslinux does not understand. As of August 2013 by default mdadm will create an array with version 1.2 metadata, but Syslinux does not understand metadata newer than 1.0. If this is the case you will need to recreate your [[RAID]] array using the {{ic|1=--metadata=1.0}} flag to mdadm.<br />
<br />
=== Windows boots up, ignoring Syslinux ===<br />
<br />
'''Solution:''' Make sure the partition that contains {{ic|/boot}} has the boot flag enabled. Also, make sure the boot flag is not enabled on the Windows partition. See the installation section above.<br />
<br />
The MBR that comes with Syslinux looks for the first active partition that has the boot flag set. The Windows partition was likely found first and had the boot flag set. If you wanted, you could use the MBR that Windows or MS-DOS {{ic|fdisk}} provides.<br />
<br />
=== Menu entries do nothing ===<br />
<br />
You select a menu entry and it does nothing, it just ''"refreshes"'' the menu. This usually means that you have an error in your {{ic|syslinux.cfg}} file. Hit {{ic|Tab}} to edit your boot parameters. Alternatively, press {{ic|Esc}} and type in the {{ic|LABEL}} of your boot entry (e.g. ''arch''). Another cause could be that you do not have a kernel installed. Find a way to access your file system (through live CD, etc) and make sure that {{ic|/mount/vmlinuz-linux}} exists and does not have a size of 0. If this is the case, [[Kernel_Panics#Option_2:_Reinstall_kernel|reinstall your kernel]].<br />
<br />
=== Cannot remove ldlinux.sys ===<br />
<br />
The {{ic|ldlinux.sys}} file has the immutable attribute set, which prevents it from being deleted or overwritten. This is because the sector location of the file must not change or else Syslinux has to be reinstalled. To remove it, run:<br />
# chattr -i /boot/syslinux/ldlinux.sys<br />
# rm /boot/syslinux/ldlinux.sys<br />
<br />
=== White block in upper left corner when using vesamenu ===<br />
<br />
Problem:<br />
''As of linux-3.0, the modesetting driver tries to keep the current contents of the screen after changing the resolution (at least it does so with my Intel, when having Syslinux in text mode). It seems that this goes wrong when combined with the vesamenu module in Syslinux (the white block is actually an attempt to keep the Syslinux menu, but the driver fails to capture the picture from vesa graphics mode).''<br />
<br />
If you have a custom resolution and a {{ic|vesamenu}} with early modesetting, try to append the following in {{ic|syslinux.cfg}} to remove the white block and continue in graphics mode:<br />
APPEND root=/dev/sda6 rw 5 '''vga=current''' quiet splash<br />
<br />
=== Chainloading Windows does not work, when it is installed on another drive ===<br />
<br />
If Windows is installed on a different drive than Arch and you have trouble chainloading it, try the following configuration:<br />
<br />
LABEL Windows<br />
MENU LABEL Windows<br />
COM32 chain.c32<br />
APPEND mbr:0xdfc1ba9e swap<br />
<br />
Replace the mbr code with the one your Windows drive has (details [[#Chainloading|above]]), and append {{ic|swap}} to the options.<br />
<br />
=== Read bootloader log ===<br />
<br />
In some cases (e.g. bootloader unable to boot kernel) it is highly desirable to get more information from the boot process. ''Syslinux'' prints error messages to screen but the boot menu quickly overwrites the text. To avoid losing the log information, disable {{ic|UI menu}} in {{ic|syslinux.cfg}} and use the default "command-line" prompt. It means:<br />
<br />
* avoid the UI directive<br />
* avoid ONTIMEOUT<br />
* avoid ONERROR<br />
* avoid MENU CLEAR<br />
* use a higher TIMEOUT<br />
* use PROMPT 1<br />
* use DEFAULT <problematic_label><br />
<br />
To get more detailed debug log, [[ABS|recompile]] the {{Pkg|syslinux}} package with additional CFLAGS:<br />
<br />
-DDEBUG_STDIO=1 -DCORE_DEBUG=1<br />
<br />
=== Btrfs compression ===<br />
<br />
Booting from btrfs with compression is not supported.[http://www.syslinux.org/wiki/index.php/Syslinux_4_Changelog#Changes_in_4.02]<br />
This error will show:<br />
btrfs: found compressed data, cannot continue!<br />
invalid or corrupt kernel image.<br />
<br />
=== Btrfs multi-device ===<br />
<br />
Booting from multiple-device btrfs is not supported.[http://repo.or.cz/syslinux.git/blob/HEAD:/extlinux/main.c] (As of 7/21/2016 line 1246 in validate_device_btrfs() in main.c)<br />
This head-scratching error will show (assuming you're installing on sda1):<br />
/boot/syslinux is device /dev/sda1<br />
extlinux: path /boot/syslinux doesn't match device /dev/sda1<br />
<br />
== See also ==<br />
<br />
* [http://www.syslinux.org Official website]<br />
* [http://www.josephn.net/scrapbook/pxelinux_stuff PXELinux configuration]<br />
* [http://blog.jak.me/2013/01/03/creating-a-multiboot-usb-stick-using-syslinux/ Multiboot USB using Syslinux]{{Dead link|2015|05|15}}</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Chromebook_Pixel_2&diff=461095Chromebook Pixel 22017-01-01T22:48:17Z<p>StrayArch: /* (Samus) Linux 4.9 (AUR) */ clarity, grammar, and style</p>
<hr />
<div>[[Category:Laptops]]<br />
[[ja:Chromebook Pixel 2]]<br />
{{Warning|This article relies on third-party scripts and modifications, and may irreparably damage your hardware or data. Proceed at your own risk.}}<br />
<br />
This page details installing Arch Linux on the Google Chromebook Pixel (2015). It is commonly referred to as the Chromebook Pixel 2, sometimes referred to by its codename Samus, and sometimes referred to, somewhat erroneously, as the Chromebook Pixel LS.<br />
<br />
Also see the Arch Linux forum thread, [https://bbs.archlinux.org/viewtopic.php?id=194962 Laptop Issues » Google Chromebook Pixel 2].<br />
<br />
== Installation ==<br />
<br />
{{Note|USB 3.0 may cause issues. Make sure that the installation media utilizes USB 2.0.}}<br />
First, [[Chrome_OS_devices#Enabling_developer_mode|enable developer mode]].<br /><br />
Then, [[Chrome_OS_devices#Accessing_the_superuser_shell|use the superuser shell]] in order to [[Chrome_OS_devices#Enabling_SeaBIOS|enable SeaBIOS]]. Don't worry about the '''Boot to SeaBIOS by default''' section since the Chromebook Pixel (2015) isn't believed to have that issue.<br /><br />
Finally, proceed with [[Chrome_OS_devices#Installing_Arch_Linux|installing Arch Linux]] but be aware of additional notes below, e.g. on Grub.<br /><br />
<br />
=== Grub ===<br />
It will not display the menu by default. <tt>GRUB_GFXMODE</tt> is set to auto. Grub does not detect the correct video mode. Using <tt>vbeinfo</tt>, on the grub command line, it's detected at <tt>1280x850x16</tt>. The options to display the menu are to either turn off <tt>GRUB_GFXMODE</tt> or set the correct display. In {{ic|/etc/default/grub}} either,<br />
<br />
GRUB_TERMINAL_OUTPUT=console<br />
<br />
or,<br />
<br />
GRUB_GFXMODE=1280x850x16<br />
<br />
and then run<br />
<br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
to update the config.<br />
<br />
If you forget to do this you can boot off the installation media again mount your disks and <tt>arch-chroot</tt> in.<br />
<br />
=== Dual Booting Chrome OS and Arch Linux ===<br />
<br />
See [[Chrome OS devices#Alternative installation, Install Arch Linux in addition to Chrome OS|Install Arch Linux in addition to Chrome OS]].<br />
<br />
== Touchpad, touchscreen and audio ==<br />
<br />
=== (Vanilla) Linux 4.9 (Testing) ===<br />
<br />
Touchpad, touchscreen, and audio are all working in the upstream 4.9 kernel.<br />
<br />
4.9 is in Testing right now so you can install {{Pkg|linux}} after enabling [[Official_repositories#testing]]. The [https://github.com/raphael/linux-samus#sound linux-samus README] details how to unmute speakers but you may need to change the card in the commands, i.e. <tt>-c 0</tt>. You can get the card ID by doing <tt>aplay -l | grep bdw-rt5677 | sed -E 's/card ([0-9]):.*/\1/'</tt>.<br />
<br />
=== (Samus) Linux 4.9 (AUR) ===<br />
<br />
[[Install]] the {{AUR|linux-samus4}} package. The installed [[Boot loaders|boot loader]] needs to be configured so that it is possible to boot the {{AUR|linux-samus4}} image. See [https://github.com/raphael/linux-4.1-samus] for more information (i.e. audio and microphone configuration).<br />
<br />
According to [[Intel graphics]] if the {{ic|linux-samus4}} kernel has a blank screen during boot, then try adding {{ic|i915}} to {{ic|MODULES}} in {{ic|/etc/mkinitcpio.conf}}. Finally, run {{ic|mkinitcpio -p linux-samus4}} to regenerate the image. <br />
<br />
{{Note|1=<nowiki></nowiki><br />
* Make sure that {{ic|/boot}} is mounted when {{ic|mkinitcpio -p linux-samus4}} is executed, otherwise on reboot the boot partition will be mounted over the new image.<br />
}}<br />
<br />
== Backlight ==<br />
<br />
The screen backlight can be controlled via <tt>/sys/class/backlight/intel_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/build/brightness brightness] script from {{AUR|linux-samus4}}.<br />
<br />
The keyboard backlight can be controlled via <tt>/sys/class/leds/chromeos::kbd_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/scripts/setup/brightness/keyboard_led keyboard] script from {{AUR|linux-samus4}}.<br />
<br />
== Keyboard Bindings ==<br />
<br />
[https://www.archlinux.org/packages/extra/any/xkeyboard-config/ xkeyboard-config 2.16-1] added a <tt>chromebook</tt> model that enables the Chrome OS style functions for the function keys. You can, for example, set this using <tt>localectl set-x11-keymap us chromebook</tt>. See the <tt>chromebook</tt> definition in <tt>/usr/share/X11/xkb/symbols/inet</tt> for the full mappings.<br />
<br />
The search button acts as a {{ic|Super_L}} key, which may be undesirable for keyboard layouts that make good use of this position. Using [[xmodmap]], you can rebind this to whatever you would like. Example using {{ic|Tab}} for a keyboard layout with six layers:<br />
<br />
$ xmodmap -e "keycode 133 = Tab Tab Tab Tab Tab Tab"<br />
<br />
Add this to your .xinitrc to load at login.<br />
<br />
== Unresolved Issues ==<br />
<br />
* {{Pkg|xkeyboard-config}} provides a <tt>chromebook</tt> model which can be specified, for example, with <tt>localectl set-x11-keymap us chromebook</tt> but when using [[Gnome]] on [[Wayland]] the model is not recognized. The media keys still behave as function keys and <tt>setxkbmap -print -verbose 10</tt> doesn't show the <tt>chromebook</tt> model being used.<br />
* Occasional lockup on booting into GDM using Wayland 1.12.0-1, GDM 3.22.1-1, and linux 4.9-1.<br />
* It would be nice if touchscreen behaved more like the touchpad so that the touchscreen could be used for scrolling.<br />
* Touchpad occasionally doesn't work after waking from sleep using linux 4.9-1.<br />
<br />
== External Links ==<br />
<br />
[https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/chromebook-pixel-2015 Chromium OS Developer Information for Chromebook Pixel (2015)]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Chromebook_Pixel_2&diff=461094Chromebook Pixel 22017-01-01T22:27:15Z<p>StrayArch: /* (Samus) Linux 4.9 (AUR) */ the proper indication that i915 isn't being loaded is a blank screen per i915 wiki. made noe on generating image</p>
<hr />
<div>[[Category:Laptops]]<br />
[[ja:Chromebook Pixel 2]]<br />
{{Warning|This article relies on third-party scripts and modifications, and may irreparably damage your hardware or data. Proceed at your own risk.}}<br />
<br />
This page details installing Arch Linux on the Google Chromebook Pixel (2015). It is commonly referred to as the Chromebook Pixel 2, sometimes referred to by its codename Samus, and sometimes referred to, somewhat erroneously, as the Chromebook Pixel LS.<br />
<br />
Also see the Arch Linux forum thread, [https://bbs.archlinux.org/viewtopic.php?id=194962 Laptop Issues » Google Chromebook Pixel 2].<br />
<br />
== Installation ==<br />
<br />
{{Note|USB 3.0 may cause issues. Make sure that the installation media utilizes USB 2.0.}}<br />
First, [[Chrome_OS_devices#Enabling_developer_mode|enable developer mode]].<br /><br />
Then, [[Chrome_OS_devices#Accessing_the_superuser_shell|use the superuser shell]] in order to [[Chrome_OS_devices#Enabling_SeaBIOS|enable SeaBIOS]]. Don't worry about the '''Boot to SeaBIOS by default''' section since the Chromebook Pixel (2015) isn't believed to have that issue.<br /><br />
Finally, proceed with [[Chrome_OS_devices#Installing_Arch_Linux|installing Arch Linux]] but be aware of additional notes below, e.g. on Grub.<br /><br />
<br />
=== Grub ===<br />
It will not display the menu by default. <tt>GRUB_GFXMODE</tt> is set to auto. Grub does not detect the correct video mode. Using <tt>vbeinfo</tt>, on the grub command line, it's detected at <tt>1280x850x16</tt>. The options to display the menu are to either turn off <tt>GRUB_GFXMODE</tt> or set the correct display. In {{ic|/etc/default/grub}} either,<br />
<br />
GRUB_TERMINAL_OUTPUT=console<br />
<br />
or,<br />
<br />
GRUB_GFXMODE=1280x850x16<br />
<br />
and then run<br />
<br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
to update the config.<br />
<br />
If you forget to do this you can boot off the installation media again mount your disks and <tt>arch-chroot</tt> in.<br />
<br />
=== Dual Booting Chrome OS and Arch Linux ===<br />
<br />
See [[Chrome OS devices#Alternative installation, Install Arch Linux in addition to Chrome OS|Install Arch Linux in addition to Chrome OS]].<br />
<br />
== Touchpad, touchscreen and audio ==<br />
<br />
=== (Vanilla) Linux 4.9 (Testing) ===<br />
<br />
Touchpad, touchscreen, and audio are all working in the upstream 4.9 kernel.<br />
<br />
4.9 is in Testing right now so you can install {{Pkg|linux}} after enabling [[Official_repositories#testing]]. The [https://github.com/raphael/linux-samus#sound linux-samus README] details how to unmute speakers but you may need to change the card in the commands, i.e. <tt>-c 0</tt>. You can get the card ID by doing <tt>aplay -l | grep bdw-rt5677 | sed -E 's/card ([0-9]):.*/\1/'</tt>.<br />
<br />
=== (Samus) Linux 4.9 (AUR) ===<br />
<br />
[[Install]] the {{AUR|linux-samus4}} package. You will need to regenerate your GRUB configuration after installing linux-samus4. See [https://github.com/raphael/linux-4.1-samus] for information on how to enable audio and microphone support.<br />
<br />
If the {{ic|linux-samus4}} kernel hangs, that has a blank screen during boot, then try adding {{ic|i915}} to {{ic|MODULES}} in {{ic|/etc/mkinitcpio.conf}} according to [[Intel graphics]]. Finally, run {{ic|mkinitcpio -p linux-samus4}} to regenerate the image. <br />
<br />
{{Note|1=<nowiki></nowiki><br />
* Make sure that {{ic|/boot}} is mounted when {{ic|mkinitcpio -p linux-samus4}} is executed, otherwise on reboot the boot partition will be mounted over the new image.<br />
}}<br />
<br />
== Backlight ==<br />
<br />
The screen backlight can be controlled via <tt>/sys/class/backlight/intel_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/build/brightness brightness] script from {{AUR|linux-samus4}}.<br />
<br />
The keyboard backlight can be controlled via <tt>/sys/class/leds/chromeos::kbd_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/scripts/setup/brightness/keyboard_led keyboard] script from {{AUR|linux-samus4}}.<br />
<br />
== Keyboard Bindings ==<br />
<br />
[https://www.archlinux.org/packages/extra/any/xkeyboard-config/ xkeyboard-config 2.16-1] added a <tt>chromebook</tt> model that enables the Chrome OS style functions for the function keys. You can, for example, set this using <tt>localectl set-x11-keymap us chromebook</tt>. See the <tt>chromebook</tt> definition in <tt>/usr/share/X11/xkb/symbols/inet</tt> for the full mappings.<br />
<br />
The search button acts as a {{ic|Super_L}} key, which may be undesirable for keyboard layouts that make good use of this position. Using [[xmodmap]], you can rebind this to whatever you would like. Example using {{ic|Tab}} for a keyboard layout with six layers:<br />
<br />
$ xmodmap -e "keycode 133 = Tab Tab Tab Tab Tab Tab"<br />
<br />
Add this to your .xinitrc to load at login.<br />
<br />
== Unresolved Issues ==<br />
<br />
* {{Pkg|xkeyboard-config}} provides a <tt>chromebook</tt> model which can be specified, for example, with <tt>localectl set-x11-keymap us chromebook</tt> but when using [[Gnome]] on [[Wayland]] the model is not recognized. The media keys still behave as function keys and <tt>setxkbmap -print -verbose 10</tt> doesn't show the <tt>chromebook</tt> model being used.<br />
* Occasional lockup on booting into GDM using Wayland 1.12.0-1, GDM 3.22.1-1, and linux 4.9-1.<br />
* It would be nice if touchscreen behaved more like the touchpad so that the touchscreen could be used for scrolling.<br />
* Touchpad occasionally doesn't work after waking from sleep using linux 4.9-1.<br />
<br />
== External Links ==<br />
<br />
[https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/chromebook-pixel-2015 Chromium OS Developer Information for Chromebook Pixel (2015)]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:Chromebook_Pixel_2&diff=461089Talk:Chromebook Pixel 22017-01-01T22:18:34Z<p>StrayArch: clearing exhausted</p>
<hr />
<div></div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VirtualBox&diff=461040Talk:VirtualBox2017-01-01T10:19:48Z<p>StrayArch: /* DKMS */ forgot sig</p>
<hr />
<div>== vdfuse ==<br />
<br />
The tool [https://aur.archlinux.org/packages.php?ID=31200 vdfuse] (if it works with archlinux) could be suggested in the [[VirtualBox#Mounting_.vdi_Images|Mounting .vdi Images]] section instead of telling that it's impossible. -- [[User:Heinrich5991|Heinrich5991]] ([[User talk:Heinrich5991|talk]]) 11:01, 3 October 2012 (UTC)<br />
: Since you use vdfuse and familiar with it, you can add these info yourself. See [[Help:Editing]] and [[Help:Style]] for a guide. -- [[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 12:17, 5 October 2012 (UTC)<br />
<br />
== DKMS ==<br />
<br />
<s>At the time of writing this, installing virtualbox and virtualbox-host-modules from the official repositories will not work as the modules are outdated, however, following the description for the dkms package works, so it might be worth mentioning that "if the virtualbox-host-modules package is out of date, the dkms solution below can be used." {{Unsigned|13:30, 18 September 2014 (UTC)|DusteD}}<br />
<br />
:See {{Bug|40495}}, linked from [[VirtualBox#Load_the_Virtualbox_kernel_modules_2]] along with some accompanying threads. As this issue is the same for both [[VirtualBox#Installation_steps_for_Arch_Linux_hosts|hosts]] and [[VirtualBox#Installation_steps_for_Arch_Linux_guests|guests]], searching for problems with the other module could provide more information for your issue.<br />
:AFAIK, all it takes is to run {{ic|depmod $(uname -r)}} after each update of {{Pkg|virtualbox-host-modules}}/{{Pkg|virtualbox-guest-modules}} (''depmod'' should be run from the packages' ''.install'' files, see the bug), or use [[DKMS]] to (re)compile the {{Pkg|virtualbox-guest-dkms}}/{{Pkg|virtualbox-host-dkms}} module and have a whole bunch of files untracked by pacman in the filesystem...<br />
:-- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 14:22, 18 September 2014 (UTC)</s><br />
<br />
I'll need to come back and verify, but the section signing modules I don't think is necessary. It gave me a little bit of confusion as to when that is necessary --- I don't think that it is anymore. [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 10:19, 1 January 2017 (UTC)<br />
<br />
== NS_ERROR_FAILURE (0x80004005) ==<br />
<br />
I found out ~/.config/VirtualBox/VirtualBox.xml was empty (size 0 Bytes) while ~/.config/VirtualBox/VirtualBox.xml-prev was not. A simple copy of the "-prev" to the original fixed this issue for me: cp ~/.config/VirtualBox/VirtualBox.xml-prev ~/.config/VirtualBox/VirtualBox.xml<br />
{{unsigned|11 January 2015 20:44|Costis}}<br />
<br />
: Cannot find the cause of the problem. Anyway, if {{ic|~/.config/VirtualBox/VirtualBox.xml}} has a 0 byte size, VirtualBox will complain at startup and will say it cannot find proper XML tags. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 21:26, 12 January 2015 (UTC)<br />
<br />
== Binding to a physical drive ==<br />
<br />
In the near future, I'm gonna make some changes to this section [[VirtualBox#Create a raw disk .vmdk image]]. The latter advertises the use of the {{ic|disk}} group while it is clearly unavailable anymore since Arch migrated to systemd. And the command {{ic|VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk -rawdisk /dev/sdb -register}} does not recognize the {{ic|-register}} argument --> replacing each occurrences in the article where this statement appears is needed. Comments on these 2 topics are welcomed and even needed for me to ensure I'm right. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 08:13, 5 February 2015 (UTC)<br />
<br />
== modprobe: ERROR: could not insert 'vboxguest': No such device ==<br />
My system is dual boot for windows 7 & Arch Linux. Is it possible to remove the error message?<br />
In windows 7, I use virtualbox to run the same file system of Archlinux.<br />
So, my /etc/modules-load.d/virtualbox.conf is like<br />
# for host<br />
vboxdrv<br />
# for guest<br />
vboxvideo<br />
vboxguest<br />
vboxsf<br />
<br />
It works well when I boot archlinux inside virtualbox.<br />
It shows systemd-modules-load.service failed when I boot directly.<br />
# systemctl status systemd-modules-load.service<br />
● systemd-modules-load.service - Load Kernel Modules<br />
Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static; vendor preset: disabled)<br />
Active: failed (Result: exit-code) since Wed 2015-05-20 09:58:59 CST; 6min ago<br />
Docs: man:systemd-modules-load.service(8)<br />
man:modules-load.d(5)<br />
Process: 25784 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)<br />
Main PID: 25784 (code=exited, status=1/FAILURE)<br />
<br />
May 20 09:58:58 t64 systemd[1]: Starting Load Kernel Modules...<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxguest': No such device<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxsf': No such device<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE<br />
May 20 09:58:59 t64 systemd[1]: Failed to start Load Kernel Modules.<br />
May 20 09:58:59 t64 systemd[1]: Unit systemd-modules-load.service entered failed state.<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service failed.<br />
<br />
----<br />
<br />
The solution for this is to decide if you need {{ic|guest}} or {{ic|host}}. Probably you care only about {{ic|host}} so feel free to remove anything related to {{ic|vbox*guest}}:<br />
<br />
sudo pacman --remove --recursive virtualbox-guest-utils<br />
<br />
(more on: [https://bbs.archlinux.org/viewtopic.php?id=210268 forum:&#091;SOLVED&#093; ERROR: could not insert 'vboxguest': No such device] ) [[User:Alexz|Alexz]] ([[User talk:Alexz|talk]]) 07:11, 26 December 2016 (UTC)<br />
<br />
== Automounting Shared Folders also requires VBoxService to be enabled ==<br />
<br />
On the wiki page section [https://wiki.archlinux.org/index.php/VirtualBox#Load_the_Virtualbox_kernel_modules_2 Load the Virtualbox kernel modules 2] the VBoxService is barely mentioned. It is written<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host."<br />
<br />
In my humble opinion it should state that this service is also required when you want to automount your shared folders.<br />
I would change it myself, but since I just joined the wiki, I feel I should discuss it before changing.<br />
<br />
My suggested change would be something like<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host. This service is also required if you wish to enable automounting of shared folders."<br />
<br />
It should probably also be mentioned in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section.<br />
<br />
Does anyone have any input or feedback on my somewhat limit suggestion?<br />
<br />
:This was mentioned in the article previously, but I removed it after testing that I was able to automount shared folders without the service running. Can you double check that the service is actually required? [[User:Silverhammermba|Silverhammermba]] ([[User talk:Silverhammermba|talk]]) 16:45, 1 July 2015 (UTC)<br />
<br />
::When looking through the source code for [https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Additions/linux/sharedfolders/vfsmod.c vboxsf module] I cannot find any trace of any code that would automount the devices. This is expected as the module is only responsible for registering the filesystem type and performing the mount when requested to do so. Then again, calling it required is not actually true since you could technically get around this by adding an entry to fstab. Or setting up a script that calls "mount -t vboxsf SHARED_FOLDER_NAME MOUNT_POINT". But without an action like enable the service, adding a fstab entry or any other automation techniques the automating should not happen. So maybe in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section we should mention this. [[User:Soderstrom|Soderstrom]] ([[User talk:Soderstrom|talk]]) 18:14, 1 July 2015 (UTC)<br />
<br />
== Mount at boot - A better way? ==<br />
I've just found my way here after trying to 'mount at boot' a vbox share.<br />
The "comment=systemd.automount" method seems like a bit of a hack, and leaves the 'mount' output looking a bit strange until the mount is triggered. Isn't there a cleaner way to make this work actually '''''at boot'''''? Maybe using a systemd service 'After=' specification?<br />
I tried to get it working but failed (systemd noob).<br />
There must be a way I think ''because the /media/sf_ mount happens magically around boot time''. Anyway, not whinging, just trying to improve the world. Thought an expert might be able to see a neater solution. Cheers. [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 11:51, 12 August 2015 (UTC)<br />
<br />
== Solving smbus module load failure ==<br />
A VirtualBox Guest apparently doesn't have an smbus, resulting in the appearance of the following message at the console at startup of the VM and in the journal:<br />
piix4_smbus 0000:00:07.0: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr<br />
<br />
With the help of [https://web.archive.org/web/20120530095424/http://finster.co.uk/2010/11/16/virtualbox-piix4_smbus-error] I solved this by doing:<br />
echo 'blacklist i2c_piix4' > /etc/modprobe.d/modprobe.conf<br />
<br />
== Guest modules reload ==<br />
<br />
I was about to revert [https://wiki.archlinux.org/index.php?title=VirtualBox&curid=3745&diff=407975&oldid=404055] because {{Pkg|virtualbox-guest-modules}} comes already recompiled like {{Pkg|virtualbox-host-modules}}, however {{ic|/usr/bin/rcvboxdrv}} also properly removes and reloads the modules; in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-host-modules.install?h=packages/virtualbox-modules virtualbox-host-modules.install] there is a message reminding to reload the modules, but in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-guest-modules.install?h=packages/virtualbox-modules virtualbox-guest-modules.install] there's nothing, does anyone know why? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 13:47, 3 November 2015 (UTC) (last edit: 14:00, 4 November 2015 (UTC))<br />
<br />
== Granting user rw access to all disks? ==<br />
In Section [[VirtualBox#Create_a_VM_configuration_to_boot_from_the_physical_drive]], we have, quote: '''"[putting user in disk group] way is the more elegant, let us proceed that way..."'''<br />
<br />
Doesn't that mean any process running as the user now has complete write access to '''ALL''' raw disk devices?<br />
<br />
Isn't that a rather bad idea? Kind of like a permanent su for the user, able to change any disk data at will.<br />
<br />
A mechanism that (at the very least) only modified access to the disk in question seems preferable. -- [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 14:22, 7 May 2016 (UTC)<br />
<br />
== <s>Recent changes to VirtualBox article</s> ==<br />
<br />
:Moved from [[User_talk:Alad]]. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:35, 19 May 2016 (UTC)<br />
<br />
Hi Alad. I see you have been doing some changes recently (a few minutes ago actually :p) to the [[VirtualBox]] article which I have rewritten a year ago and have been maintaining since. I see you are currently moving subsections to dedicated pages, which is basically what has been undone a year ago :-/. After discussions with [[User:Kynikos]], merging everything on a same page has been the right choice for this page, because the structure was has been made quite clear. I'm willing to discuss this issue further on IRC. I'm known on wget there too. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 10:34, 19 May 2016 (UTC)<br />
<br />
:To recap from IRC: the old discussion: [https://wiki.archlinux.org/index.php?title=User_talk:Kynikos&oldid=333201#VirtualBox_article_rewrite], i.e.<br />
::The main VirtualBox article will be clearer when I will have finished the rewrite and a dedicated subpage might be unneeded<br />
:Pretty much the only change I've done is moving the big titles ("Advanced configuration", "Virtual disk management") to a subpage, keeping their structure. This simplifies maintenance and gives a quicker overview on the "essentials", in the line of [[GRUB]] and [[GRUB/Tips and tricks]].<br />
:If you disagree and want to further discuss this, I don't mind undoing the change until we've reached an agreement. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 11:17, 19 May 2016 (UTC)<br />
<br />
::I've moved [[VirtualBox#Virtual disk management]] back to the main article as it arguably fits as [[Help:Style#.22Tips_and_tricks.22_sections|basic content]]. import/export isn't though, so I've moved it to the Tips page, crosslinking it from the main article. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:37, 19 May 2016 (UTC)<br />
<br />
:::No follow-up, closing. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 19:46, 9 August 2016 (UTC)<br />
:::: OK. No problem. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 19:50, 9 August 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VirtualBox&diff=461039Talk:VirtualBox2017-01-01T10:19:16Z<p>StrayArch: /* DKMS */ section "sign modules" could either be more clear. it is potentially is out of date.</p>
<hr />
<div>== vdfuse ==<br />
<br />
The tool [https://aur.archlinux.org/packages.php?ID=31200 vdfuse] (if it works with archlinux) could be suggested in the [[VirtualBox#Mounting_.vdi_Images|Mounting .vdi Images]] section instead of telling that it's impossible. -- [[User:Heinrich5991|Heinrich5991]] ([[User talk:Heinrich5991|talk]]) 11:01, 3 October 2012 (UTC)<br />
: Since you use vdfuse and familiar with it, you can add these info yourself. See [[Help:Editing]] and [[Help:Style]] for a guide. -- [[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 12:17, 5 October 2012 (UTC)<br />
<br />
== DKMS ==<br />
<br />
<s>At the time of writing this, installing virtualbox and virtualbox-host-modules from the official repositories will not work as the modules are outdated, however, following the description for the dkms package works, so it might be worth mentioning that "if the virtualbox-host-modules package is out of date, the dkms solution below can be used." {{Unsigned|13:30, 18 September 2014 (UTC)|DusteD}}<br />
<br />
:See {{Bug|40495}}, linked from [[VirtualBox#Load_the_Virtualbox_kernel_modules_2]] along with some accompanying threads. As this issue is the same for both [[VirtualBox#Installation_steps_for_Arch_Linux_hosts|hosts]] and [[VirtualBox#Installation_steps_for_Arch_Linux_guests|guests]], searching for problems with the other module could provide more information for your issue.<br />
:AFAIK, all it takes is to run {{ic|depmod $(uname -r)}} after each update of {{Pkg|virtualbox-host-modules}}/{{Pkg|virtualbox-guest-modules}} (''depmod'' should be run from the packages' ''.install'' files, see the bug), or use [[DKMS]] to (re)compile the {{Pkg|virtualbox-guest-dkms}}/{{Pkg|virtualbox-host-dkms}} module and have a whole bunch of files untracked by pacman in the filesystem...<br />
:-- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 14:22, 18 September 2014 (UTC)</s><br />
<br />
I'll need to come back and verify, but the section signing modules I don't think is necessary. It gave me a little bit of confusion as to when that is necessary --- I don't think that it is anymore.<br />
<br />
== NS_ERROR_FAILURE (0x80004005) ==<br />
<br />
I found out ~/.config/VirtualBox/VirtualBox.xml was empty (size 0 Bytes) while ~/.config/VirtualBox/VirtualBox.xml-prev was not. A simple copy of the "-prev" to the original fixed this issue for me: cp ~/.config/VirtualBox/VirtualBox.xml-prev ~/.config/VirtualBox/VirtualBox.xml<br />
{{unsigned|11 January 2015 20:44|Costis}}<br />
<br />
: Cannot find the cause of the problem. Anyway, if {{ic|~/.config/VirtualBox/VirtualBox.xml}} has a 0 byte size, VirtualBox will complain at startup and will say it cannot find proper XML tags. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 21:26, 12 January 2015 (UTC)<br />
<br />
== Binding to a physical drive ==<br />
<br />
In the near future, I'm gonna make some changes to this section [[VirtualBox#Create a raw disk .vmdk image]]. The latter advertises the use of the {{ic|disk}} group while it is clearly unavailable anymore since Arch migrated to systemd. And the command {{ic|VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk -rawdisk /dev/sdb -register}} does not recognize the {{ic|-register}} argument --> replacing each occurrences in the article where this statement appears is needed. Comments on these 2 topics are welcomed and even needed for me to ensure I'm right. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 08:13, 5 February 2015 (UTC)<br />
<br />
== modprobe: ERROR: could not insert 'vboxguest': No such device ==<br />
My system is dual boot for windows 7 & Arch Linux. Is it possible to remove the error message?<br />
In windows 7, I use virtualbox to run the same file system of Archlinux.<br />
So, my /etc/modules-load.d/virtualbox.conf is like<br />
# for host<br />
vboxdrv<br />
# for guest<br />
vboxvideo<br />
vboxguest<br />
vboxsf<br />
<br />
It works well when I boot archlinux inside virtualbox.<br />
It shows systemd-modules-load.service failed when I boot directly.<br />
# systemctl status systemd-modules-load.service<br />
● systemd-modules-load.service - Load Kernel Modules<br />
Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static; vendor preset: disabled)<br />
Active: failed (Result: exit-code) since Wed 2015-05-20 09:58:59 CST; 6min ago<br />
Docs: man:systemd-modules-load.service(8)<br />
man:modules-load.d(5)<br />
Process: 25784 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)<br />
Main PID: 25784 (code=exited, status=1/FAILURE)<br />
<br />
May 20 09:58:58 t64 systemd[1]: Starting Load Kernel Modules...<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxguest': No such device<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxsf': No such device<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE<br />
May 20 09:58:59 t64 systemd[1]: Failed to start Load Kernel Modules.<br />
May 20 09:58:59 t64 systemd[1]: Unit systemd-modules-load.service entered failed state.<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service failed.<br />
<br />
----<br />
<br />
The solution for this is to decide if you need {{ic|guest}} or {{ic|host}}. Probably you care only about {{ic|host}} so feel free to remove anything related to {{ic|vbox*guest}}:<br />
<br />
sudo pacman --remove --recursive virtualbox-guest-utils<br />
<br />
(more on: [https://bbs.archlinux.org/viewtopic.php?id=210268 forum:&#091;SOLVED&#093; ERROR: could not insert 'vboxguest': No such device] ) [[User:Alexz|Alexz]] ([[User talk:Alexz|talk]]) 07:11, 26 December 2016 (UTC)<br />
<br />
== Automounting Shared Folders also requires VBoxService to be enabled ==<br />
<br />
On the wiki page section [https://wiki.archlinux.org/index.php/VirtualBox#Load_the_Virtualbox_kernel_modules_2 Load the Virtualbox kernel modules 2] the VBoxService is barely mentioned. It is written<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host."<br />
<br />
In my humble opinion it should state that this service is also required when you want to automount your shared folders.<br />
I would change it myself, but since I just joined the wiki, I feel I should discuss it before changing.<br />
<br />
My suggested change would be something like<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host. This service is also required if you wish to enable automounting of shared folders."<br />
<br />
It should probably also be mentioned in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section.<br />
<br />
Does anyone have any input or feedback on my somewhat limit suggestion?<br />
<br />
:This was mentioned in the article previously, but I removed it after testing that I was able to automount shared folders without the service running. Can you double check that the service is actually required? [[User:Silverhammermba|Silverhammermba]] ([[User talk:Silverhammermba|talk]]) 16:45, 1 July 2015 (UTC)<br />
<br />
::When looking through the source code for [https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Additions/linux/sharedfolders/vfsmod.c vboxsf module] I cannot find any trace of any code that would automount the devices. This is expected as the module is only responsible for registering the filesystem type and performing the mount when requested to do so. Then again, calling it required is not actually true since you could technically get around this by adding an entry to fstab. Or setting up a script that calls "mount -t vboxsf SHARED_FOLDER_NAME MOUNT_POINT". But without an action like enable the service, adding a fstab entry or any other automation techniques the automating should not happen. So maybe in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section we should mention this. [[User:Soderstrom|Soderstrom]] ([[User talk:Soderstrom|talk]]) 18:14, 1 July 2015 (UTC)<br />
<br />
== Mount at boot - A better way? ==<br />
I've just found my way here after trying to 'mount at boot' a vbox share.<br />
The "comment=systemd.automount" method seems like a bit of a hack, and leaves the 'mount' output looking a bit strange until the mount is triggered. Isn't there a cleaner way to make this work actually '''''at boot'''''? Maybe using a systemd service 'After=' specification?<br />
I tried to get it working but failed (systemd noob).<br />
There must be a way I think ''because the /media/sf_ mount happens magically around boot time''. Anyway, not whinging, just trying to improve the world. Thought an expert might be able to see a neater solution. Cheers. [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 11:51, 12 August 2015 (UTC)<br />
<br />
== Solving smbus module load failure ==<br />
A VirtualBox Guest apparently doesn't have an smbus, resulting in the appearance of the following message at the console at startup of the VM and in the journal:<br />
piix4_smbus 0000:00:07.0: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr<br />
<br />
With the help of [https://web.archive.org/web/20120530095424/http://finster.co.uk/2010/11/16/virtualbox-piix4_smbus-error] I solved this by doing:<br />
echo 'blacklist i2c_piix4' > /etc/modprobe.d/modprobe.conf<br />
<br />
== Guest modules reload ==<br />
<br />
I was about to revert [https://wiki.archlinux.org/index.php?title=VirtualBox&curid=3745&diff=407975&oldid=404055] because {{Pkg|virtualbox-guest-modules}} comes already recompiled like {{Pkg|virtualbox-host-modules}}, however {{ic|/usr/bin/rcvboxdrv}} also properly removes and reloads the modules; in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-host-modules.install?h=packages/virtualbox-modules virtualbox-host-modules.install] there is a message reminding to reload the modules, but in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-guest-modules.install?h=packages/virtualbox-modules virtualbox-guest-modules.install] there's nothing, does anyone know why? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 13:47, 3 November 2015 (UTC) (last edit: 14:00, 4 November 2015 (UTC))<br />
<br />
== Granting user rw access to all disks? ==<br />
In Section [[VirtualBox#Create_a_VM_configuration_to_boot_from_the_physical_drive]], we have, quote: '''"[putting user in disk group] way is the more elegant, let us proceed that way..."'''<br />
<br />
Doesn't that mean any process running as the user now has complete write access to '''ALL''' raw disk devices?<br />
<br />
Isn't that a rather bad idea? Kind of like a permanent su for the user, able to change any disk data at will.<br />
<br />
A mechanism that (at the very least) only modified access to the disk in question seems preferable. -- [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 14:22, 7 May 2016 (UTC)<br />
<br />
== <s>Recent changes to VirtualBox article</s> ==<br />
<br />
:Moved from [[User_talk:Alad]]. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:35, 19 May 2016 (UTC)<br />
<br />
Hi Alad. I see you have been doing some changes recently (a few minutes ago actually :p) to the [[VirtualBox]] article which I have rewritten a year ago and have been maintaining since. I see you are currently moving subsections to dedicated pages, which is basically what has been undone a year ago :-/. After discussions with [[User:Kynikos]], merging everything on a same page has been the right choice for this page, because the structure was has been made quite clear. I'm willing to discuss this issue further on IRC. I'm known on wget there too. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 10:34, 19 May 2016 (UTC)<br />
<br />
:To recap from IRC: the old discussion: [https://wiki.archlinux.org/index.php?title=User_talk:Kynikos&oldid=333201#VirtualBox_article_rewrite], i.e.<br />
::The main VirtualBox article will be clearer when I will have finished the rewrite and a dedicated subpage might be unneeded<br />
:Pretty much the only change I've done is moving the big titles ("Advanced configuration", "Virtual disk management") to a subpage, keeping their structure. This simplifies maintenance and gives a quicker overview on the "essentials", in the line of [[GRUB]] and [[GRUB/Tips and tricks]].<br />
:If you disagree and want to further discuss this, I don't mind undoing the change until we've reached an agreement. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 11:17, 19 May 2016 (UTC)<br />
<br />
::I've moved [[VirtualBox#Virtual disk management]] back to the main article as it arguably fits as [[Help:Style#.22Tips_and_tricks.22_sections|basic content]]. import/export isn't though, so I've moved it to the Tips page, crosslinking it from the main article. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:37, 19 May 2016 (UTC)<br />
<br />
:::No follow-up, closing. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 19:46, 9 August 2016 (UTC)<br />
:::: OK. No problem. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 19:50, 9 August 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Talk:VirtualBox&diff=461038Talk:VirtualBox2017-01-01T10:12:37Z<p>StrayArch: /* DKMS */ considering the out of date template exists, I feel like adding this would get tagged. striking will remove in 2 weeks if no one objects</p>
<hr />
<div>== vdfuse ==<br />
<br />
The tool [https://aur.archlinux.org/packages.php?ID=31200 vdfuse] (if it works with archlinux) could be suggested in the [[VirtualBox#Mounting_.vdi_Images|Mounting .vdi Images]] section instead of telling that it's impossible. -- [[User:Heinrich5991|Heinrich5991]] ([[User talk:Heinrich5991|talk]]) 11:01, 3 October 2012 (UTC)<br />
: Since you use vdfuse and familiar with it, you can add these info yourself. See [[Help:Editing]] and [[Help:Style]] for a guide. -- [[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 12:17, 5 October 2012 (UTC)<br />
<br />
== DKMS ==<br />
<br />
<s>At the time of writing this, installing virtualbox and virtualbox-host-modules from the official repositories will not work as the modules are outdated, however, following the description for the dkms package works, so it might be worth mentioning that "if the virtualbox-host-modules package is out of date, the dkms solution below can be used." {{Unsigned|13:30, 18 September 2014 (UTC)|DusteD}}<br />
<br />
:See {{Bug|40495}}, linked from [[VirtualBox#Load_the_Virtualbox_kernel_modules_2]] along with some accompanying threads. As this issue is the same for both [[VirtualBox#Installation_steps_for_Arch_Linux_hosts|hosts]] and [[VirtualBox#Installation_steps_for_Arch_Linux_guests|guests]], searching for problems with the other module could provide more information for your issue.<br />
:AFAIK, all it takes is to run {{ic|depmod $(uname -r)}} after each update of {{Pkg|virtualbox-host-modules}}/{{Pkg|virtualbox-guest-modules}} (''depmod'' should be run from the packages' ''.install'' files, see the bug), or use [[DKMS]] to (re)compile the {{Pkg|virtualbox-guest-dkms}}/{{Pkg|virtualbox-host-dkms}} module and have a whole bunch of files untracked by pacman in the filesystem...<br />
:-- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 14:22, 18 September 2014 (UTC)</s><br />
<br />
== NS_ERROR_FAILURE (0x80004005) ==<br />
<br />
I found out ~/.config/VirtualBox/VirtualBox.xml was empty (size 0 Bytes) while ~/.config/VirtualBox/VirtualBox.xml-prev was not. A simple copy of the "-prev" to the original fixed this issue for me: cp ~/.config/VirtualBox/VirtualBox.xml-prev ~/.config/VirtualBox/VirtualBox.xml<br />
{{unsigned|11 January 2015 20:44|Costis}}<br />
<br />
: Cannot find the cause of the problem. Anyway, if {{ic|~/.config/VirtualBox/VirtualBox.xml}} has a 0 byte size, VirtualBox will complain at startup and will say it cannot find proper XML tags. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 21:26, 12 January 2015 (UTC)<br />
<br />
== Binding to a physical drive ==<br />
<br />
In the near future, I'm gonna make some changes to this section [[VirtualBox#Create a raw disk .vmdk image]]. The latter advertises the use of the {{ic|disk}} group while it is clearly unavailable anymore since Arch migrated to systemd. And the command {{ic|VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk -rawdisk /dev/sdb -register}} does not recognize the {{ic|-register}} argument --> replacing each occurrences in the article where this statement appears is needed. Comments on these 2 topics are welcomed and even needed for me to ensure I'm right. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 08:13, 5 February 2015 (UTC)<br />
<br />
== modprobe: ERROR: could not insert 'vboxguest': No such device ==<br />
My system is dual boot for windows 7 & Arch Linux. Is it possible to remove the error message?<br />
In windows 7, I use virtualbox to run the same file system of Archlinux.<br />
So, my /etc/modules-load.d/virtualbox.conf is like<br />
# for host<br />
vboxdrv<br />
# for guest<br />
vboxvideo<br />
vboxguest<br />
vboxsf<br />
<br />
It works well when I boot archlinux inside virtualbox.<br />
It shows systemd-modules-load.service failed when I boot directly.<br />
# systemctl status systemd-modules-load.service<br />
● systemd-modules-load.service - Load Kernel Modules<br />
Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static; vendor preset: disabled)<br />
Active: failed (Result: exit-code) since Wed 2015-05-20 09:58:59 CST; 6min ago<br />
Docs: man:systemd-modules-load.service(8)<br />
man:modules-load.d(5)<br />
Process: 25784 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)<br />
Main PID: 25784 (code=exited, status=1/FAILURE)<br />
<br />
May 20 09:58:58 t64 systemd[1]: Starting Load Kernel Modules...<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxguest': No such device<br />
May 20 09:58:59 t64 systemd-modules-load[25784]: Failed to insert 'vboxsf': No such device<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE<br />
May 20 09:58:59 t64 systemd[1]: Failed to start Load Kernel Modules.<br />
May 20 09:58:59 t64 systemd[1]: Unit systemd-modules-load.service entered failed state.<br />
May 20 09:58:59 t64 systemd[1]: systemd-modules-load.service failed.<br />
<br />
----<br />
<br />
The solution for this is to decide if you need {{ic|guest}} or {{ic|host}}. Probably you care only about {{ic|host}} so feel free to remove anything related to {{ic|vbox*guest}}:<br />
<br />
sudo pacman --remove --recursive virtualbox-guest-utils<br />
<br />
(more on: [https://bbs.archlinux.org/viewtopic.php?id=210268 forum:&#091;SOLVED&#093; ERROR: could not insert 'vboxguest': No such device] ) [[User:Alexz|Alexz]] ([[User talk:Alexz|talk]]) 07:11, 26 December 2016 (UTC)<br />
<br />
== Automounting Shared Folders also requires VBoxService to be enabled ==<br />
<br />
On the wiki page section [https://wiki.archlinux.org/index.php/VirtualBox#Load_the_Virtualbox_kernel_modules_2 Load the Virtualbox kernel modules 2] the VBoxService is barely mentioned. It is written<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host."<br />
<br />
In my humble opinion it should state that this service is also required when you want to automount your shared folders.<br />
I would change it myself, but since I just joined the wiki, I feel I should discuss it before changing.<br />
<br />
My suggested change would be something like<br />
<br />
"Alternatively, enable the vboxservice service which loads the modules and synchronizes the guest's system time with the host. This service is also required if you wish to enable automounting of shared folders."<br />
<br />
It should probably also be mentioned in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section.<br />
<br />
Does anyone have any input or feedback on my somewhat limit suggestion?<br />
<br />
:This was mentioned in the article previously, but I removed it after testing that I was able to automount shared folders without the service running. Can you double check that the service is actually required? [[User:Silverhammermba|Silverhammermba]] ([[User talk:Silverhammermba|talk]]) 16:45, 1 July 2015 (UTC)<br />
<br />
::When looking through the source code for [https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Additions/linux/sharedfolders/vfsmod.c vboxsf module] I cannot find any trace of any code that would automount the devices. This is expected as the module is only responsible for registering the filesystem type and performing the mount when requested to do so. Then again, calling it required is not actually true since you could technically get around this by adding an entry to fstab. Or setting up a script that calls "mount -t vboxsf SHARED_FOLDER_NAME MOUNT_POINT". But without an action like enable the service, adding a fstab entry or any other automation techniques the automating should not happen. So maybe in the [https://wiki.archlinux.org/index.php/VirtualBox#Automounting Automounting] section we should mention this. [[User:Soderstrom|Soderstrom]] ([[User talk:Soderstrom|talk]]) 18:14, 1 July 2015 (UTC)<br />
<br />
== Mount at boot - A better way? ==<br />
I've just found my way here after trying to 'mount at boot' a vbox share.<br />
The "comment=systemd.automount" method seems like a bit of a hack, and leaves the 'mount' output looking a bit strange until the mount is triggered. Isn't there a cleaner way to make this work actually '''''at boot'''''? Maybe using a systemd service 'After=' specification?<br />
I tried to get it working but failed (systemd noob).<br />
There must be a way I think ''because the /media/sf_ mount happens magically around boot time''. Anyway, not whinging, just trying to improve the world. Thought an expert might be able to see a neater solution. Cheers. [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 11:51, 12 August 2015 (UTC)<br />
<br />
== Solving smbus module load failure ==<br />
A VirtualBox Guest apparently doesn't have an smbus, resulting in the appearance of the following message at the console at startup of the VM and in the journal:<br />
piix4_smbus 0000:00:07.0: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr<br />
<br />
With the help of [https://web.archive.org/web/20120530095424/http://finster.co.uk/2010/11/16/virtualbox-piix4_smbus-error] I solved this by doing:<br />
echo 'blacklist i2c_piix4' > /etc/modprobe.d/modprobe.conf<br />
<br />
== Guest modules reload ==<br />
<br />
I was about to revert [https://wiki.archlinux.org/index.php?title=VirtualBox&curid=3745&diff=407975&oldid=404055] because {{Pkg|virtualbox-guest-modules}} comes already recompiled like {{Pkg|virtualbox-host-modules}}, however {{ic|/usr/bin/rcvboxdrv}} also properly removes and reloads the modules; in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-host-modules.install?h=packages/virtualbox-modules virtualbox-host-modules.install] there is a message reminding to reload the modules, but in [https://projects.archlinux.org/svntogit/community.git/tree/trunk/virtualbox-guest-modules.install?h=packages/virtualbox-modules virtualbox-guest-modules.install] there's nothing, does anyone know why? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 13:47, 3 November 2015 (UTC) (last edit: 14:00, 4 November 2015 (UTC))<br />
<br />
== Granting user rw access to all disks? ==<br />
In Section [[VirtualBox#Create_a_VM_configuration_to_boot_from_the_physical_drive]], we have, quote: '''"[putting user in disk group] way is the more elegant, let us proceed that way..."'''<br />
<br />
Doesn't that mean any process running as the user now has complete write access to '''ALL''' raw disk devices?<br />
<br />
Isn't that a rather bad idea? Kind of like a permanent su for the user, able to change any disk data at will.<br />
<br />
A mechanism that (at the very least) only modified access to the disk in question seems preferable. -- [[User:Peterg4000|Peterg4000]] ([[User talk:Peterg4000|talk]]) 14:22, 7 May 2016 (UTC)<br />
<br />
== <s>Recent changes to VirtualBox article</s> ==<br />
<br />
:Moved from [[User_talk:Alad]]. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:35, 19 May 2016 (UTC)<br />
<br />
Hi Alad. I see you have been doing some changes recently (a few minutes ago actually :p) to the [[VirtualBox]] article which I have rewritten a year ago and have been maintaining since. I see you are currently moving subsections to dedicated pages, which is basically what has been undone a year ago :-/. After discussions with [[User:Kynikos]], merging everything on a same page has been the right choice for this page, because the structure was has been made quite clear. I'm willing to discuss this issue further on IRC. I'm known on wget there too. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 10:34, 19 May 2016 (UTC)<br />
<br />
:To recap from IRC: the old discussion: [https://wiki.archlinux.org/index.php?title=User_talk:Kynikos&oldid=333201#VirtualBox_article_rewrite], i.e.<br />
::The main VirtualBox article will be clearer when I will have finished the rewrite and a dedicated subpage might be unneeded<br />
:Pretty much the only change I've done is moving the big titles ("Advanced configuration", "Virtual disk management") to a subpage, keeping their structure. This simplifies maintenance and gives a quicker overview on the "essentials", in the line of [[GRUB]] and [[GRUB/Tips and tricks]].<br />
:If you disagree and want to further discuss this, I don't mind undoing the change until we've reached an agreement. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 11:17, 19 May 2016 (UTC)<br />
<br />
::I've moved [[VirtualBox#Virtual disk management]] back to the main article as it arguably fits as [[Help:Style#.22Tips_and_tricks.22_sections|basic content]]. import/export isn't though, so I've moved it to the Tips page, crosslinking it from the main article. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 12:37, 19 May 2016 (UTC)<br />
<br />
:::No follow-up, closing. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 19:46, 9 August 2016 (UTC)<br />
:::: OK. No problem. -- [[User:wget|wget]] ([[User talk:wget|talk]]) 19:50, 9 August 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Chromebook_Pixel_2&diff=459557Chromebook Pixel 22016-12-19T05:41:45Z<p>StrayArch: /* Backlight control */ keyboard brightness has been added to linux-samus4 since edit</p>
<hr />
<div>[[Category:Laptops]]<br />
[[ja:Chromebook Pixel 2]]<br />
{{Warning|This article relies on third-party scripts and modifications, and may irreparably damage your hardware or data. Proceed at your own risk.}}<br />
<br />
The Chromebook Pixel 2 is a [[Chromebook]] manufactured by Google in 2015. This page details installing Arch Linux on the Pixel 2.<br />
<br />
Also see the forum thread: [https://bbs.archlinux.org/viewtopic.php?id=194962]<br />
<br />
== Enabling developer mode ==<br />
<br />
Enable developer mode as you would on any Chrome OS Device, hold Esc and F3 (refresh icon) with the device powered off, then press the power button and use Ctrl-D to enable developer mode.<br />
<br />
Enabling developer mode will wipe all of your data.<br />
<br />
== Installation ==<br />
{{Note|USB 3.0 may cause issues. Make sure that the installation media utilizes USB 2.0.}}<br />
See [[Chrome OS devices#Installation]].<br />
<br />
=====Grub=====<br />
It will not display the menu by default. GRUB_GFXMODE is set to auto. Grub does not detect the correct video mode. Using vbeinfo, on the grub command line, it's detected at 1280x850x16. The options to display the menu are to either turn off GRUB_GFXMODE or set the correct display in {{ic|/etc/default/grub}}<br />
<br />
GRUB_TERMINAL_OUTPUT=console<br />
or setting <br />
GRUB_GFXMODE=1280x850x16<br />
after making this change, run<br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
=== Dual Booting ChromeOS and Arch Linux ===<br />
<br />
See [[Chrome OS devices#Alternative installation, Install Arch Linux in addition to Chrome OS]].<br />
<br />
== Touchpad, touchscreen and audio ==<br />
<br />
=== Linux 4.9 ===<br />
<br />
Touchpad, touchscreen, and audio are all working in the upstream 4.9 kernel.<br />
<br />
=== Linux 4.1 ===<br />
<br />
[[Install]] the {{AUR|linux-samus4}} package for Linux 4.1 support. You will need to regenerate your GRUB configuration after installing linux-samus4. See [https://github.com/raphael/linux-4.1-samus] for information on how to enable audio and microphone support.<br />
<br />
If the {{ic|linux-samus4}} kernel hangs after {{ic|Loading initial ramdisk...}} and you have an encrypted disk then try adding {{ic|i915}} to {{ic|MODULES}} in {{ic|/etc/mkinitcpio.conf}} according to [[Intel graphics]] and then run {{ic|mkinitcpio -p linux-samus4}} to regenerate the image.<br />
<br />
=== Linux 3.19 ===<br />
<br />
[[Install]] the {{AUR|linux-samus}}{{Broken package link|{{aur-mirror|linux-samus}}}} package. You will need to import 2 kernel signing keys using gpg. Support for the Pixel 2 should be added in Linux 4.1. You will need to regenerate your GRUB configuration after installing linux-samus.<br />
<br />
To fix the touchpad, add the file {{ic|/etc/X11/xorg.conf.d/25-touchpad.conf}} with the following contents. You will also need to install {{Pkg|xf86-input-synaptics}}.<br />
<br />
Section "InputClass"<br />
Identifier "touchpad"<br />
MatchIsTouchpad "on"<br />
MatchDevicePath "/dev/input/event*"<br />
Driver "synaptics"<br />
EndSection<br />
<br />
For audio, see [https://github.com/tsowell/linux-samus].<br />
<br />
== Backlight control ==<br />
<br />
The screen backlight can be controlled via <tt>/sys/class/backlight/intel_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/build/brightness brightness] script from {{AUR|linux-samus4}}.<br />
<br />
The keyboard backlight can be controlled via <tt>/sys/class/leds/chromeos::kbd_backlight/</tt>; see the [https://raw.githubusercontent.com/raphael/linux-samus/master/scripts/setup/brightness/keyboard_led keyboard] script from {{AUR|linux-samus4}}.<br />
<br />
== Keyboard rebindings ==<br />
<br />
[https://www.archlinux.org/packages/extra/any/xkeyboard-config/ xkeyboard-config 2.16-1] added a <tt>chromebook</tt> model that enables the Chrome OS style functions for the function keys. You can, for example, set this using <tt>localectl set-x11-keymap us chromebook</tt>. See the <tt>chromebook</tt> definition in <tt>/usr/share/X11/xkb/symbols/inet</tt> for the full mappings.<br />
<br />
The search button acts as a {{ic|Super_L}} key, which may be undesirable for keyboard layouts that make good use of this position. Using [[xmodmap]], you can rebind this to whatever you would like. Example using {{ic|Tab}} for a keyboard layout with six layers:<br />
<br />
$ xmodmap -e "keycode 133 = Tab Tab Tab Tab Tab Tab"<br />
<br />
Add this to your .xinitrc to load at login.<br />
<br />
== Disabling firmware write protect ==<br />
<br />
Disabling the firmware write protect is only necessary if you wish to modify the firmware and is not necessary to install Linux.<br />
<br />
Power off the Chromebook. Carefully peel off the two adhesive strips on the bottom. They will stretch very easily, so push up from the device while peeling, and don't pull from the end of the adhesive strip. Then remove all the screws under both adhesive strips. The lid should just fall off if you rotate it upside down.<br />
<br />
Once the device is open, find the red-pink screw with a golden washer, located between the speaker and the USB Type-A port; remove the screw and washer. Reassemble your Chromebook and power it on.<br />
<br />
== External Links ==<br />
<br />
[https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/chromebook-pixel-2015 Chromium OS device page]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=Screen_brightness&diff=459435Screen brightness2016-12-16T07:11:24Z<p>StrayArch: Redirect people looking for how to adjust screen brightness.</p>
<hr />
<div>#REDIRECT [[Backlight]]</div>StrayArchhttps://wiki.archlinux.org/index.php?title=User:StrayArch&diff=458764User:StrayArch2016-12-08T04:07:12Z<p>StrayArch: </p>
<hr />
<div>Just an enthusiast with a personal website http://jim.stro.nz/ [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 04:07, 8 December 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=User_talk:StrayArch&diff=456840User talk:StrayArch2016-11-15T19:01:47Z<p>StrayArch: removed 1 week old exhausted discussion. striked exhausted beep merge conversation.</p>
<hr />
<div><s>== Beep merge ==<br />
<br />
I'm going to revert your edits to [[Disable_PC_speaker_beep]] and [[Beep]] as I am unhappy with the way you have made the changes. Specifically, the [[Help:Procedures#Deal_with_talk_pages_after_redirecting_a_page_to_another|talk pages need to be merged]], the [[Help:Editing#Redirects|redirects are broken]], and you have both copied the content from the original pages and merged them in one edit in the new page. I'd rather if you copied and pasted the whole content from both pages to the new pages, then made separate edits cleaning the content up and combining it, since it is hard to follow what you have done (e.g. where did the alsamixer section from [[Beep]] go?).<br />
-- [[User:Pypi|Pypi]] ([[User talk:Pypi|talk]]) 19:19, 8 November 2016 (UTC)<br />
:Thanks for the advice. I'll make the changes how you suggested. [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:06, 8 November 2016 (UTC)<br />
:I read over some of the Help page and re-merged the pages. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:36, 9 November 2016 (UTC)<br />
<br />
::That looks much better - thanks for your contribution! -- [[User:Pypi|Pypi]] ([[User talk:Pypi|talk]]) 06:52, 11 November 2016 (UTC)</s></div>StrayArchhttps://wiki.archlinux.org/index.php?title=User_talk:StrayArch&diff=456432User talk:StrayArch2016-11-09T19:37:06Z<p>StrayArch: /* Beep merge */ update on progress</p>
<hr />
<div><s>Hi, I am currently learning to use Mesos (that's why I notice that article). Shall we chat about Mesos? --[[User:NonerKao|NonerKao]] ([[User talk:NonerKao|talk]]) 03:41, 4 November 2015 (UTC)<br />
<br />
:hi, sorry I hadn't noticed this. I've been busy [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 03:41, 5 December 2015 (UTC)</s><br />
<br />
== Beep merge ==<br />
<br />
I'm going to revert your edits to [[Disable_PC_speaker_beep]] and [[Beep]] as I am unhappy with the way you have made the changes. Specifically, the [[Help:Procedures#Deal_with_talk_pages_after_redirecting_a_page_to_another|talk pages need to be merged]], the [[Help:Editing#Redirects|redirects are broken]], and you have both copied the content from the original pages and merged them in one edit in the new page. I'd rather if you copied and pasted the whole content from both pages to the new pages, then made separate edits cleaning the content up and combining it, since it is hard to follow what you have done (e.g. where did the alsamixer section from [[Beep]] go?).<br />
-- [[User:Pypi|Pypi]] ([[User talk:Pypi|talk]]) 19:19, 8 November 2016 (UTC)<br />
:Thanks for the advice. I'll make the changes how you suggested. [[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 20:06, 8 November 2016 (UTC)<br />
:I read over some of the Help page and re-merged the pages. --[[User:StrayArch|StrayArch]] ([[User talk:StrayArch|talk]]) 19:36, 9 November 2016 (UTC)</div>StrayArchhttps://wiki.archlinux.org/index.php?title=PC_speaker&diff=456430PC speaker2016-11-09T19:32:57Z<p>StrayArch: /* Globally */ adding info on package responsible for pcspkr</p>
<hr />
<div>[[Category:Sound]]<br />
== Introduction ==<br />
The computer often seems to make beep noises or other sounds at various times, whether we want them or not. They come from various sources, and as such, you may be able to configure if or when they occur. In situations where no sound card or speakers are available and simple audio notification is desired, use {{pkg|beep}}. The {{pkg|beep}} package provides an advanced PC speaker beeping program. <br />
<br />
Sounds from the computer can be heard from the built-in case speaker, the speakers, or headphones which are plugged into the soundcard (in which case the noise may be unexpectedly loud). <br />
<br />
{{Note|The sounds are caused by the BIOS (Basic Input/Output System), the OS (Operating System), the DE (Desktop Environment), or various software programs. The BIOS is a particularly troublesome problem because it is kept inside an EPROM chip on the motherboard, and the only direct control the user has is by turning the power on or off. Unless the BIOS setup has a setting you can adjust or you wish to attempt to reprogram that chip with the proper light source, it is not likely you will be able to change it at all. BIOS-generated beep sounds are not addressed here, except to say that unplugging your computer case speaker will stop all such sounds from being heard. (Do so at your own risk.)}}<br />
<br />
= Disable PC Speaker =<br />
== Introduction ==<br />
Turning off a particular instance of a sound, while leaving the others operational, is possible if and only if one can identify which portion of the environment generates the particular sound. This allows for a customized selection of attention-getting sounds possible. Please feel free to add any configurations and settings to this wiki page that may be useful for other users.<br />
<br />
==Globally==<br />
<br />
The PC speaker can be disabled by [[Kernel modules#Manual_module_handling|unloading]] the {{ic|pcspkr}} module, which is provided by the {{pkg|linux}} kernel:<br />
# rmmod pcspkr<br />
<br />
[[Blacklisting]] the {{ic|pcspkr}} module will prevent [[udev]] from loading it at boot:<br />
<br />
# echo "blacklist pcspkr" > /etc/modprobe.d/nobeep.conf<br />
<br />
[[Kernel_modules#Using_kernel_command_line_2|Blacklisting it on the kernel command line]] is yet another way. Simply add {{ic|1=modprobe.blacklist=pcspkr}} to your bootloader's kernel line.<br />
<br />
== Locally ==<br />
<br />
=== Xorg ===<br />
<br />
$ xset -b<br />
<br />
You can add this command to a startup file, such as [[xprofile]] to make it permanent.<br />
<br />
=== Console ===<br />
<br />
You can add this command in {{ic|/etc/profile}} or a dedicated file like {{ic|/etc/profile.d/disable-beep.sh}} (must be executable):<br />
setterm -blength 0<br />
<br />
Another way is to add or uncomment this line in {{ic|/etc/inputrc}} or {{ic|~/.inputrc}}:<br />
set bell-style none<br />
<br />
=== ALSA ===<br />
<br />
{{Tip|For most Intel's cards, if you do not see PC Speaker in alsamixer's default device, then try selecting "HDA Intel PCH" device by pressing F6. It is listed as "Beep" there. This is because PulseAudio proxy controls may not list all PC Speakers.}}<br />
Try muting the PC Speaker:<br />
$ amixer set 'PC Speaker' 0% mute<br />
<br />
For certain sound cards, it is the PC Beep:<br />
$ amixer set 'PC Beep' 0% mute<br />
<br />
Or merely Beep:<br />
$ amixer set 'Beep' 0% mute<br />
<br />
You can also use alsamixer for a console GUI<br />
$ alsamixer<br />
<br />
Scroll to PC beep and press 'M' to mute. Save your alsa settings:<br />
# alsactl store<br />
<br />
{{Note|Not every sound card creates a PC Speaker or PC Beep slider control in alsamixer.}}<br />
<br />
=== GNOME ===<br />
<br />
Using GSettings:<br />
<br />
$ gsettings set org.gnome.desktop.wm.preferences audible-bell false<br />
<br />
=== Cinnamon ===<br />
<br />
Cinnamon seems to play a "water drop" sound. To disable it, set in dconf:<br />
<br />
$ dconf write /org/cinnamon/desktop/wm/preferences/audible-bell false<br />
<br />
=== GTK+ ===<br />
<br />
Append this line to {{ic|~/.gtkrc-2.0}}:<br />
<br />
gtk-error-bell = 0<br />
<br />
Add the same line to the [Settings] section of {{ic|$XDG_CONFIG_HOME/gtk-3.0/settings.ini}}:<br />
<br />
[Settings]<br />
gtk-error-bell = 0<br />
<br />
This is documented in the [https://developer.gnome.org/gtk3/stable/GtkSettings.html Gnome Developer Handbook].<br />
<br />
= Beep =<br />
Beep is an advanced PC speaker beeping program. It is useful for situations where no sound card and/or speakers are available, and simple audio notification is desired.<br />
<br />
==Installation==<br />
[[Install]] the {{Pkg|beep}} package.<br />
<br />
==Configuration==<br />
=== Access for non-root users ===<br />
<br />
By default {{ic|beep}} will fail if not run by the root. Other users may call it using [[sudo]]. To let group {{ic|users}} call {{ic|sudo beep}} without a password (for example to use it in scripts), {{ic|/etc/sudoers}} [[Sudo#Using_visudo|should be edited]]:<br />
<br />
%users ALL=(ALL) NOPASSWD: /usr/bin/beep<br />
<br />
or, to let only a single user do that:<br />
<br />
username ALL=(ALL) NOPASSWD: /usr/bin/beep<br />
<br />
Another way is setting the sticky bit on {{ic|/usr/bin/beep}}:<br />
<br />
# chmod 4755 /usr/bin/beep<br />
<br />
Note however that this way '''anyone''' can execute {{ic|/usr/bin/beep}} with root permissions. The change also creates a difference between local copy and the package, which will be reported by {{ic|pacman -Qkk}}.<br />
<br />
===Unmuting in alsamixer===<br />
<br />
You should also unmute the Beep channel using {{Ic|alsamixer}}.<br />
<br />
$ alsamixer<br />
<br />
You may need to press {{ic|F6}} and select your card. scroll to the Beep channel using the arrow keys and press {{ic|M}} to unmute the channel. notice that the "MM" label below the channel will change to "00". you can also use {{ic|↑}} to increase the volume of the channel.<br />
<br />
Press {{ic|Esc}} to close alsamixer.<br />
<br />
You can also save your settings to ALSA Mixer to make it permanent:<br />
<br />
# alsactl -f /var/lib/alsa/asound.state store<br />
<br />
==Tips and Tricks==<br />
While many people are happy with the traditional beep sound, some may like to change its properties a bit. The following example plays slighly higher and shorter sound and repeats it two times.<br />
<br />
# beep -f 5000 -l 50 -r 2<br />
<br />
==See also==<br />
* Have a look at these {{ic|man}} pages for further information: {{ic|xset(1)}}, {{ic|setterm(1)}}, {{ic|readline(3)}}.<br />
* [[Kernel modules]]<br />
*[[Advanced Linux Sound Architecture]]</div>StrayArch