https://wiki.archlinux.org/api.php?action=feedcontributions&user=Tassadar&feedformat=atomArchWiki - User contributions [en]2024-03-28T15:36:34ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=FOSDEM&diff=280629FOSDEM2013-10-31T11:11:33Z<p>Tassadar: 2014</p>
<hr />
<div>[[Category:Events]]<br />
<br />
== 2012 ==<br />
<br />
=== Attendees ===<br />
<br />
'''Confirmed'''<br />
* Dieter Plaetinck (fri,sat,sun)<br />
* Roman Kyrylych (fri, sat, sun, mon)<br />
* Bas Pape (fri, sat, sun)<br />
* Tom Willemsen (sat, sun)<br />
* Thomas Jost (fri, sat, sun)<br />
* Ruben De Smet ([perhaps sat,] sun)<br />
* Jan (prometheus) (fri, sat, sun)<br />
* Dennis (the_metalgamer) (fri, sat, sun)<br />
* Marc (trollchen) (fri, sat, sun)<br />
* Dominik Heidler + Bernhard (fri,sat,sun) (openQA talk - probably Sat 15:45)<br />
* Axilleas P (thu,fri,sat,sun,mon)<br />
* Tom Gundersen (fri,sat,sun)<br />
* Thomas Bächler (sat,sun)<br />
* Jan Steffens (fri,sat,sun)<br />
* Pierre Schmitz (fri,sat,sun)<br />
* Thomas Hocedez (astHrO) (sat, sun?)<br />
* Anntoin Wilkinson (thur, fri, sat, sun)<br />
* Martin Peres (fri, sat, sun) (X.org dev room, sweat shirt archlinux)<br />
* Romain Schmitz (fri, sat, sun)<br />
* Timothée Ravier (Siosm) (fri, sat, sun)<br />
<br />
=== Meetup info ===<br />
<br />
==== Meeting points ====<br />
<br />
* downtown meeting point: [http://g.co/maps/d7xwp entrance of "galerie ravenstein", at the central station].<br />
* FOSDEM meeting point: at the door of the [http://fosdem.org/2012/schedule/room/h1301 Cross Distribution Devroom H.1301]<br />
<br />
==== Meetups ====<br />
* Friday afternoon: some guys will do some sightseeing (or suggest something else). Everybody will probably arrive at different times so maybe meeting up at this stage is not convenient/suitable. However if you're interested, post here at which point you could make it to the downtown meeting point and maybe a meetup can be arranged<br />
** Jan Steffens (arrival Bruxelles-Midi 13:35)<br />
** Pierre Schmitz (arrival Bruxelles-Midi 13:35)<br />
** Roman Kyrylych (arrival Bruxelles-Midi 11:51)<br />
** Tom Gundersen (arrival Bruxelles-Midi 14:17)<br />
<br />
* Friday evening: meetup downtown @ 7PM at the downtown meeting point. We'll go out for dinner (made reservation @bigmama 7:15) and afterwards drinks. We'll visit the [http://fosdem.org/2012/beerevent FOSDEM beer event] but it's usually insanely overcrowded so we'll probably go somewhere else.<br />
** Jan Steffens<br />
** Pierre Schmitz<br />
** Roman Kyrylych<br />
** prometheus (no asian food if possible, no offence ;))<br />
** Dieter (no sushi)<br />
** Anntoin Wilkinson (vegetarian) - bigmama or pizzahut would be fine though.<br />
** Tom Gundersen<br />
** the_metalgamer<br />
** Romain Schmitz (added on Jan 30th, if I'm too late, my bad ;-) )<br />
<br />
* Saturday evening: meetup at the FOSDEM meeting point @ 7:15PM (last talks end at 7PM)<br />
** no sure yet what to do. another drinks/dinner?<br />
*** Jan Steffens<br />
*** Pierre Schmitz<br />
*** Roman Kyrylych<br />
*** Dieter (no sushi)<br />
*** Anntoin Wilkinson<br />
*** Thomas (no healthy food whatsoever)<br />
*** Tom Gundersen<br />
** [http://hackerspace.be/ByteNight_%282012%29 ByteNight], a party for FOSDEM organized by the local hackerspace (with food & drinks)<br />
*** Romain Schmitz<br />
<br />
=== restaurants under consideration ===<br />
if you really don't like something on this list, please mention.<br />
maybe we'll do a restaurant on saturday and friday evening, or a restaurant and a fast food place?<br />
<br />
* http://www.bigmama.be/ recommended by a guy on IRC. various dishes.<br />
* pizzahut @ beursplein<br />
<br />
== 2014 ==<br />
<br />
=== Attendees ===<br />
<br />
'''Confirmed'''<br />
<br />
=== Meetup info ===<br />
<br />
==== Meeting points ====<br />
<br />
* downtown meeting point: [http://g.co/maps/d7xwp entrance of "galerie ravenstein", at the central station].<br />
<br />
==== Meetups ====</div>Tassadarhttps://wiki.archlinux.org/index.php?title=OpenVPN&diff=230164OpenVPN2012-10-20T19:05:57Z<p>Tassadar: /* Promiscious LAN inteface */ how to enable in systemd</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[zh-CN:OpenVPN]]<br />
{{Expansion|(at least) add support for ipv6 and L2 ethernet bridging}}<br />
<br />
This article describes a basic installation and configuration of [http://openvpn.net OpenVPN], suitable for private and small business use. For more detailed information, please see the official [http://openvpn.net/index.php/manuals/427-openvpn-22.html OpenVPN 2.2 man page] and the [http://openvpn.net/index.php/open-source/documentation OpenVPN documentation].<br />
<br />
OpenVPN is a robust and highly flexible [[Wikipedia:VPN|VPN]] daemon. OpenVPN supports [[Wikipedia:SSL/TLS|SSL/TLS]] security, [[Wikipedia:Bridging_(networking)|ethernet bridging]], [[Wikipedia:Transmission_Control_Protocol|TCP]] or [[Wikipedia:User_Datagram_Protocol|UDP]] [[Wikipedia:Tunneling_protocol|tunnel transport]] through [[Wikipedia:Proxy_server|proxies]] or [[Wikipedia:Network address translation|NAT]], support for dynamic IP addresses and [[Wikipedia:Dynamic_Host_Configuration_Protocol|DHCP]], scalability to hundreds or thousands of users, and portability to most major OS platforms.<br />
<br />
OpenVPN is tightly bound to the [http://www.openssl.org OpenSSL] library, and derives much of its crypto capabilities from it.<br />
<br />
OpenVPN supports conventional encryption using a [[Wikipedia:Pre-shared_key|pre-shared secret key]] (Static Key mode) or [[Wikipedia:Public_key|public key security]] ([[Wikipedia:SSL/TLS|SSL/TLS]] mode) using client & server certificates. OpenVPN also supports non-encrypted TCP/UDP tunnels.<br />
<br />
OpenVPN is designed to work with the [[Wikipedia:TUN/TAP|TUN/TAP]] virtual networking interface that exists on most platforms.<br />
<br />
Overall, OpenVPN aims to offer many of the key features of [[Wikipedia:Ipsec|IPSec]] but with a relatively lightweight footprint.<br />
<br />
OpenVPN was written by James Yonan and is published under the [[Wikipedia:GNU General Public License|GNU General Public License (GPL)]].<br />
<br />
==Install OpenVPN==<br />
[[pacman|Install]] {{Pkg|openvpn}} from the [[official repositories]].<br />
<br />
{{Note|The software contained in this package supports both server and client mode, so install it on all machines that need to create vpn connections.}}<br />
<br />
==Configure the system for TUN/TAP support==<br />
<br />
OpenVPN requires TUN/TAP support. Make sure to load the TUN module.<br />
<br />
{{hc|/etc/modules-load.d/tun.conf|<nowiki><br />
# Load tun.ko at boot<br />
tun</nowiki>}}<br />
<br />
The default kernel is already properly configured, but if you use another kernel make sure to enable the TUN/TAP module. If {{ic|$ zgrep CONFIG_TUN /proc/config.gz}} returns {{ic|<nowiki>CONFIG_TUN=n</nowiki>}}, make the following change to the kernel config file and rebuild the kernel.<br />
<br />
{{hc|Kernel config file|<br />
Device Drivers<br />
--> Network device support<br />
[M] Universal TUN/TAP device driver support}}<br />
<br />
==Connect to a VPN provided by a third party==<br />
<br />
To connect to a VPN provided by a third party, most of the following can most likely be ignored. Use the certificates and instructions given by your provider, for instance see: [[Airvpn]].<br />
<br />
==Create a Public Key Infrastructure (PKI) from scratch==<br />
<br />
If you are setting up OpenVPN from scratch, you will need to create a [[Wikipedia:Public key infrastructure|Public Key Infrastructure (PKI)]].<br />
<br />
Create the needed certificates and keys by following: [[Create a Public Key Infrastructure Using the easy-rsa Scripts]].<br />
<br />
The final step of the key creation process is to copy the files needed to the correct machines through a secure channel.<br />
<br />
{{Note|The rest of this article assumes that the keys and certificates are placed in /etc/openvpn.}}<br />
<br />
The public ca.crt certificate is needed on all servers and clients. The private ca.key key is secret and only needed on the key generating machine.<br />
<br />
A server needs server.crt, and dh2048.pem (public), and server.key and ta.key (private).<br />
<br />
A client needs client.crt (public), and client.key and ta.key (private).<br />
<br />
==A basic L3 IP routing configuration==<br />
<br />
{{Note|Unless otherwise explicitly stated, the rest of this article assumes this basic configuration.}}<br />
<br />
OpenVPN is an extremely versatile piece of software and many configurations are possible, in fact machines can be both "servers" and "clients", blurring the distinction between server and client.<br />
<br />
What really distinguishes a server from a client (apart from the type of certificate used) is the configuration file itself. The openvpn daemon startup script reads all the .conf configuration files it finds in /etc/openvpn on startup and acts accordingly. In fact if it finds more than one configuration file, it will start one OpenVPN processes per configuration file.<br />
<br />
This article explains how to setup a server called elmer, and a client that connects to it called bugs. More servers and clients can easily be added, by creating more key/certificate pairs and adding more server and client configuration files.<br />
<br />
The OpenVPN package comes with a collection of example configuration files for different purposes. The sample server and client configuration files make an ideal starting point for a basic OpenVPN setup with the following features:<br />
<br />
* Uses [[Wikipedia:Public key infrastructure|Public Key Infrastructure (PKI)]] for authentication.<br />
* Creates a VPN using a virtual TUN network interface (OSI L3 IP routing).<br />
* Listens for client connections on UDP port 1194 (OpenVPN's [[Wikipedia:Port_number|official IANA port number]]).<br />
* Distributes virtual addresses to connecting clients from the 10.8.0.0/24 subnet.<br />
<br />
For more advanced configurations, please see the official [http://openvpn.net/index.php/manuals/427-openvpn-22.html OpenVPN 2.2 man page] and the [http://openvpn.net/index.php/open-source/documentation OpenVPN documentation].<br />
<br />
===The server configuration file===<br />
<br />
Copy the example server configuration file to /etc/openvpn/server.conf<br />
<br />
{{bc|# cp /usr/share/openvpn/examples/server.conf /etc/openvpn/server.conf}}<br />
<br />
Edit the following:<br />
<br />
* The ca, cert, key, and dh parameters to reflect the path and names of the keys and certificates. Specifying the paths will allow you to run the OpenVPN executable from any directory for testing purposes.<br />
* Enable the SSL/TLS HMAC handshake protection. '''Note the use of the parameter 0 for a server'''.<br />
*It is recommended to run OpenVPN with reduced privileges once it has initialized, do this by uncommenting the user and group directives.<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
ca /etc/openvpn/ca.crt<br />
cert /etc/openvpn/elmer.crt<br />
key /etc/openvpn/elmer.key<br />
<br />
dh /etc/openvpn/dh2048.pem<br />
.<br />
.<br />
tls-auth /etc/openvpn/ta.key '''0'''<br />
.<br />
.<br />
user nobody<br />
group nobody<br />
}}<br />
<br />
{{Note|Note that if the server is behind a firewall or a NAT translating router, you will have to forward the OpenVPN UDP port (1194) to the server.}}<br />
<br />
===The client configuration file===<br />
<br />
Copy the example client configuration file to /etc/openvpn/client.conf<br />
<br />
{{bc|# cp /usr/share/openvpn/examples/client.conf /etc/openvpn/client.conf}}<br />
<br />
Edit the following:<br />
<br />
* The remote directive to reflect either the server's [[Wikipedia:Fully qualified domain name|Fully Qualified Domain Name]] hostname (as known to the client) or its IP address.<br />
* Uncomment the user and group directives to drop privileges.<br />
* The ca, cert, and key parameters to reflect the path and names of the keys and certificates.<br />
* Enable the SSL/TLS HMAC handshake protection. '''Note the use of the parameter 1 for a client'''.<br />
<br />
{{hc|/etc/openvpn/client.conf|<br />
remote elmer.acmecorp.org 1194<br />
.<br />
.<br />
user nobody<br />
group nobody<br />
.<br />
.<br />
ca /etc/openvpn/ca.crt<br />
cert /etc/openvpn/bugs.crt<br />
key /etc/openvpn/bugs.key<br />
.<br />
.<br />
tls-auth /etc/openvpn/ta.key '''1'''<br />
}}<br />
<br />
===Testing the OpenVPN configuration===<br />
<br />
Run {{ic|# openvpn /etc/openvpn/server.conf}} on the server, and {{ic|# openvpn /etc/openvpn/client.conf}} on the client. You should see something similar to this:<br />
<br />
{{hc|# openvpn /etc/openvpn/server.conf|<nowiki><br />
Wed Dec 28 14:41:26 2011 OpenVPN 2.2.1 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 13 2011<br />
Wed Dec 28 14:41:26 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables<br />
Wed Dec 28 14:41:26 2011 Diffie-Hellman initialized with 2048 bit key<br />
.<br />
.<br />
Wed Dec 28 14:41:54 2011 bugs/95.126.136.73:48904 MULTI: primary virtual IP for bugs/95.126.136.73:48904: 10.8.0.6<br />
Wed Dec 28 14:41:57 2011 bugs/95.126.136.73:48904 PUSH: Received control message: 'PUSH_REQUEST'<br />
Wed Dec 28 14:41:57 2011 bugs/95.126.136.73:48904 SENT CONTROL [bugs]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)<br />
</nowiki>}}<br />
<br />
{{hc|# openvpn /etc/openvpn/client.conf|<nowiki><br />
Wed Dec 28 14:41:50 2011 OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 13 2011<br />
Wed Dec 28 14:41:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables<br />
Wed Dec 28 14:41:50 2011 LZO compression initialized<br />
.<br />
.<br />
Wed Dec 28 14:41:57 2011 GID set to nobody<br />
Wed Dec 28 14:41:57 2011 UID set to nobody<br />
Wed Dec 28 14:41:57 2011 Initialization Sequence Completed<br />
</nowiki>}}<br />
<br />
On the server, find the IP assigned to the tunX device:<br />
<br />
{{hc|# ip addr show|<nowiki><br />
.<br />
.<br />
40: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100<br />
link/none<br />
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0</nowiki>}}<br />
<br />
Here we see that the server end of the tunnel has been given the IP address 10.8.0.1.<br />
<br />
Do the same on the client:<br />
<br />
{{hc|# ip addr show|<nowiki><br />
.<br />
.<br />
37: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100<br />
link/none<br />
inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0</nowiki>}}<br />
<br />
And the client side has been given the IP 10.8.0.6.<br />
<br />
Now try pinging the interfaces.<br />
<br />
On the server:<br />
<br />
{{hc|# ping -c3 10.8.0.6|<nowiki><br />
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.<br />
64 bytes from 10.8.0.6: icmp_req=1 ttl=64 time=238 ms<br />
64 bytes from 10.8.0.6: icmp_req=2 ttl=64 time=237 ms<br />
64 bytes from 10.8.0.6: icmp_req=3 ttl=64 time=205 ms<br />
<br />
--- 10.8.0.6 ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2002ms<br />
rtt min/avg/max/mdev = 205.862/227.266/238.788/15.160 ms<br />
</nowiki>}}<br />
<br />
On the client:<br />
<br />
{{hc|# ping -c3 10.8.0.1|<nowiki><br />
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.<br />
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=158 ms<br />
64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=158 ms<br />
64 bytes from 10.8.0.1: icmp_req=3 ttl=64 time=157 ms<br />
<br />
--- 10.8.0.1 ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2001ms<br />
rtt min/avg/max/mdev = 157.426/158.278/158.940/0.711 ms<br />
</nowiki>}}<br />
<br />
You now have a working OpenVPN installation, and your client (bugs) will be able to use services on the server (elmer), and vice versa.<br />
<br />
{{Note|If using a firewall, make sure that ip packets on the TUN device are not blocked.}}<br />
<br />
==Starting OpenVPN==<br />
<br />
===Manual startup===<br />
To manually start with a specific configuration file: {{ic|# openvpn /etc/openvpn/client.conf}}<br />
<br />
=== Initscripts startup ===<br />
To manually start as a daemon {{ic|# rc.d start openvpn}}<br />
<br />
To start as a daemon at boot, add openvpn to the daemons array in {{ic|/etc/rc.conf}}<br />
<br />
{{Note|Starting as a daemon will start one process per valid configuration file found.}}<br />
<br />
=== Systemd service configuration ===<br />
{{Expansion|Please add information on how to start several openvpn processes with systemd}}<br />
Since version 2.2.2-2, a service file is included by default.<br />
To start an OpenVPN daemon using <tt>/etc/openvpn/''client''.conf</tt> and enable it permanently:<br />
{{bc|# systemctl enable openvpn@''client''.service<br />
# systemctl start openvpn@''client''.service}}<br />
<br />
Respectively using <tt>/etc/openvpn/''server''.conf</tt>:<br />
{{bc|# systemctl enable openvpn@''server''.service<br />
# systemctl start openvpn@''server''.service}}<br />
<br />
==Advanced L3 IP routing==<br />
<br />
===Prerequisites for routing a LAN===<br />
<br />
====IPv4 forwarding====<br />
<br />
For a host to be able to forward IPv4 packets between the LAN and VPN, it must be able to forward the packets between its NIC and its tun/tap device.<br />
<br />
Edit {{ic|etc/sysctl.conf}} to permanently enable ipv4 packet forwarding (takes effect at the next boot):<br />
<br />
{{hc|/etc/sysctl.conf|<nowiki><br />
# Enable packet forwarding<br />
net.ipv4.ip_forward=1<br />
</nowiki>}}<br />
<br />
To temporarily enable without rebooting: {{ic|# echo 1 > /proc/sys/net/ipv4/ip_forward}}<br />
<br />
====Promiscious LAN inteface====<br />
<br />
The forwarding host's NIC (eth0 in the following examples) must also be able to accept packets for a different IP address than it is configured for, something known as [[Wikipedia:Promiscuous_mode|promiscious mode]]. To enable, add the following to {{ic|/etc/rc.local}} (takes effect at the next boot):<br />
<br />
{{hc|/etc/rc.local|ip link set dev eth0 promisc on}}<br />
<br />
To temporarily enable without rebooting: {{ic|# ip link set dev eth0 promisc on}}<br />
<br />
To set the {{ic|eth0}} in promiscuous mode using systemd use [[ Systemd/Services#Set_network_interface_in_promiscuous_mode | this service file ]] and enable it using:<br />
<br />
# systemctl enable promiscuous@eth0.service<br />
<br />
====Routing tables====<br />
<br />
{{Accuracy|Investigate if a routing protocol like RIP, QUAGGA, BIRD, etc can be used}}<br />
<br />
By default, all IP packets on a LAN addressed to a different subnet get sent to the default gateway. If the LAN/VPN gateway is also the default gateway, there is no problem and the packets get properly forwarded. If not, the gateway has no way of knowing where to send the packets. There are a couple of solutions to this problem.<br />
<br />
* Add a static route to the default gateway routing the VPN subnet to the LAN/VPN gateway's IP address.<br />
* Add a static route on each host on the LAN that needs to send IP packets back to the VPN.<br />
* Use [[iptables]]' NAT feature on the LAN/VPN gateway to masquerade the incoming VPN IP packets.<br />
<br />
===Connect the server LAN to a client===<br />
<br />
The server is on a LAN using the 10.66.0.0/24 subnet. To inform the client about the available subnet, add a push directive to the server configuration file:{{hc|/etc/openvpn/server.conf|push "route 10.66.0.0 255.255.255.0"}}<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interface promiscuous on the server. Make sure the server LAN knows how to reach the VPN client.}}<br />
<br />
{{Note|To route more LANs from the server to the client, add more push directives to the server configuration file, but keep in mind that the server side LANs will need to know how to route to the client.}}<br />
<br />
===Connect the client LAN to a server===<br />
<br />
Prerequisites:<br />
<br />
* Any subnets used on the client side, must be unique and not in use on the server or by any other client. In this example we will use 192.168.4.0/24 for the clients LAN.<br />
* Each client's certificate has a unique Common Name, in this case bugs.<br />
* The server may not use the duplicate-cn directive in its config file.<br />
<br />
Create a client configuration directory on the server. It will be searched for a file named the same as the client's common name, and the directives will be applied to the client when it connects.<br />
<br />
{{bc|# mkdir -p /etc/openvpn/ccd}}<br />
<br />
Create a file in the client configuration directory called bugs, containing the {{ic|iroute 192.168.4.0 255.255.255.0}} directive. It tells the server what subnet should be routed to the client:<br />
<br />
{{hc|/etc/openvpn/ccd/bugs|iroute 192.168.4.0 255.255.255.0}}<br />
<br />
Add the client-config-dir and the {{ic|route 192.168.4.0 255.255.255.0}} directive to the server configuration file. It tells the server what subnet should be routed from the tun device to the server LAN:<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
client-config-dir ccd<br />
route 192.168.4.0 255.255.255.0<br />
}}<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interface promiscuous on the client. Make sure the client LAN knows how to reach the VPN server.}}<br />
<br />
{{Note|To route more LANs from the client to the server, add more iroute and route directives to the appropriate configuration files, but keep in mind that the client side LANs will need to know how to route to the server.}}<br />
<br />
===Connect both the client and server LANs===<br />
<br />
Combine the two previous sections:<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
push "route 10.66.0.0 255.255.255.0"<br />
.<br />
.<br />
client-config-dir ccd<br />
route 192.168.4.0 255.255.255.0<br />
}}<br />
<br />
<br />
{{hc|/etc/openvpn/ccd/bugs|iroute 192.168.4.0 255.255.255.0}}<br />
<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interfaces promiscuous on both the client and the server. Make sure that all the LANs or the needed hosts can route to all the destinations.}}<br />
<br />
===Connect clients and client LANs===<br />
<br />
By default clients will not see each other, to allow ip packets to flow between clients and/or client LANs add a client-to-client directive to the server configuration file: {{hc|/etc/openvpn/server.conf|client-to-client}}<br />
<br />
In order for another client or client LAN to see a specific client LAN you will need to add a push directive for each client subnet to the server configuration file (this will make the server announce the available subnet(s) to other clients):<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
client-to-client<br />
push "route 192.168.4.0 255.255.255.0"<br />
push "route 192.168.5.0 255.255.255.0"<br />
.<br />
.<br />
}}<br />
<br />
{{Note|As always, make sure that the routing is properly configured.}}<br />
<br />
==L2 Ethernet bridging==<br />
<br />
{{Expansion|Please add a well thought out section on L2 bridging.}}<br />
<br />
For now see: [[OpenVPN Bridge]]<br />
<br />
==Contributions that do not yet fit into the main article==<br />
<br />
{{Accuracy|Not quite sure where this fits into the main article yet}}<br />
<br />
===Routing client traffic through the server===<br />
<br />
Append the following to your server's openvpn.conf configuration file:<br />
{{bc|<br />
push "redirect-gateway def1"<br />
push "dhcp-option DNS 192.168.1.1"<br />
}}<br />
Change "192.168.1.1" to your preferred DNS IP address.<br />
<br />
If you have problems with non responsive DNS after connecting to server, install [[BIND]] as simple DNS forwarder and push openvpn ip address of server as DNS to clients.<br />
<br />
====Configure ufw for routing====<br />
Configure your ufw settings to enable routing traffic from clients through server.<br />
<br />
You must change default forward policy, edit /etc/sysctl.conf to permanently enable ipv4 packet forwarding. Takes effect at the next boot.<br />
{{hc|/etc/sysctl.conf|<nowiki><br />
# Enable packet forwarding<br />
net.ipv4.ip_forward=1<br />
</nowiki>}} <br />
<br />
And then configure ufw in '''/etc/default/ufw'''<br />
<br />
{{hc|/etc/default/ufw|<nowiki><br />
DEFAULT_FORWARD_POLICY=”ACCEPT”<br />
</nowiki>}}<br />
<br />
Now change '''/etc/ufw/before.rules''', add following code after header and before *filter line, don't forget to change ip range to yours<br />
<br />
{{hc|/etc/ufw/before.rules|<nowiki><br />
# nat Table rules<br />
*nat<br />
:POSTROUTING ACCEPT [0:0]<br />
<br />
# Allow traffic from clients to eth0<br />
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE<br />
<br />
# don.t delete the .COMMIT. line or these nat table rules won.t be processed<br />
COMMIT<br />
</nowiki>}}<br />
<br />
Open openvpn port 1194<br />
<br />
{{bc|<br />
ufw allow 1194<br />
}}<br />
<br />
====usage of iptables====<br />
<br />
Use an iptable for NAT forwarding:<br />
{{bc|<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE<br />
}}<br />
<br />
If running ArchLinux in a OpenVZ VPS environment [http://thecodeninja.net/linux/openvpn-archlinux-openvz-vps/]:<br />
{{bc|<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to (venet0 ip)<br />
}}<br />
<br />
If all is well, make the changes permanent:<br />
<br />
Edit /etc/conf.d/iptables and change IPTABLES_FORWARD=1<br />
<br />
{{bc|<br />
/etc/rc.d/iptables save<br />
}}<br />
<br />
<br />
===Configuring LDAP authorization===<br />
<br />
{{Accuracy|what does the following do, and is the package still supported?}}<br />
You may also want to install {{AUR|openvpn-authldap-plugin}}, available in the [[Arch User Repository]].<br />
<br />
===Deprecated older wiki content===<br />
<br />
{{Accuracy|See how this older content can be fitted into the new article}}<br />
<br />
====Using PAM and passwords to authenticate====<br />
{{bc|<br />
port 1194<br />
proto udp<br />
dev tap<br />
ca /etc/openvpn/easy-rsa/keys/ca.crt<br />
cert /etc/openvpn/easy-rsa/keys/<MYSERVER>.crt<br />
key /etc/openvpn/easy-rsa/keys/<MYSERVER>.key<br />
dh /etc/openvpn/easy-rsa/keys/dh2048.pem<br />
server 192.168.56.0 255.255.255.0<br />
ifconfig-pool-persist ipp.txt<br />
;learn-address ./script<br />
client-to-client<br />
;duplicate-cn<br />
keepalive 10 120<br />
;tls-auth ta.key 0<br />
comp-lzo<br />
;max-clients 100<br />
;user nobody<br />
;group nobody<br />
persist-key<br />
persist-tun<br />
status /var/log/openvpn-status.log<br />
verb 3<br />
client-cert-not-required<br />
username-as-common-name<br />
plugin /usr/lib/openvpn/openvpn-auth-pam.so login<br />
}}<br />
<br />
====Using certs to authenticate====<br />
{{bc|<br />
port 1194<br />
proto tcp<br />
dev tun0<br />
<br />
ca /etc/openvpn/easy-rsa/keys/ca.crt<br />
cert /etc/openvpn/easy-rsa/keys/<MYSERVER>.crt<br />
key /etc/openvpn/easy-rsa/keys/<MYSERVER>.key<br />
dh /etc/openvpn/easy-rsa/keys/dh2048.pem<br />
<br />
server 10.8.0.0 255.255.255.0<br />
ifconfig-pool-persist ipp.txt<br />
keepalive 10 120<br />
comp-lzo<br />
user nobody<br />
group nobody<br />
persist-key<br />
persist-tun<br />
status /var/log/openvpn-status.log<br />
verb 3<br />
<br />
log-append /var/log/openvpn<br />
status /tmp/vpn.status 10<br />
}}<br />
<br />
====Routing traffic through the server====<br />
<br />
Append the following to your server's openvpn.conf configuration file:<br />
{{bc|<br />
push "dhcp-option DNS 192.168.1.1"<br />
push "redirect-gateway def1"<br />
}}<br />
Change "192.168.1.1" to your external DNS IP address.<br />
<br />
Use an iptable for NAT forwarding:<br />
{{bc|<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE<br />
}}<br />
<br />
If running ArchLinux in a OpenVZ VPS environment [http://thecodeninja.net/linux/openvpn-archlinux-openvz-vps/]:<br />
{{bc|<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to (venet0 ip)<br />
}}<br />
<br />
If all is well, make the changes permanent:<br />
<br />
Edit /etc/conf.d/iptables and change IPTABLES_FORWARD=1<br />
<br />
{{bc|<br />
/etc/rc.d/iptables save<br />
}}<br />
<br />
====Setting up the Client====<br />
The clientside .conf file<br />
=====With password authentication=====<br />
{{bc|<br />
client<br />
dev tap<br />
proto udp<br />
remote <address> 1194<br />
resolv-retry infinite<br />
nobind<br />
persist-tun<br />
comp-lzo<br />
verb 3<br />
auth-user-pass passwd<br />
ca ca.crt<br />
}}<br />
<br />
passwd file (referenced by auth-user-pass) must contain two lines:<br />
* first line - username<br />
* second - password<br />
<br />
=====Certs authentication=====<br />
{{bc|<br />
client<br />
remote <MYSERVER> 1194<br />
dev tun0<br />
proto tcp<br />
resolv-retry infinite<br />
nobind<br />
persist-key<br />
persist-tun<br />
verb 2<br />
ca ca.crt<br />
cert client1.crt<br />
key client1.key<br />
comp-lzo<br />
}}<br />
Copy three files from server to remote computer.<br />
ca.crt<br />
client1.crt<br />
client1.key<br />
<br />
Install the tunnel/tap module:<br />
{{bc|<br />
# sudo modprobe tun<br />
}}<br />
<br />
To have the '''tun''' module loaded automatically at boot time add it to the Modules line in /etc/rc.conf<br />
<br />
=====DNS=====<br />
The DNS servers used by the system are defined in '''/etc/resolv.conf'''. Traditionally, this file is the responsibility of whichever program deals with connecting the system to the network (e.g. Wicd, NetworkManager, etc...) However, OpenVPN will need to modify this file if you want to be able to resolve names on the remote side. To achieve this in a sensible way, install '''openresolv''', which makes it possible for more than one program to modify resolv.conf without stepping on each-other's toes. Before continuing, test openresolv by restarting your network connection and ensuring that resolv.conf states that it was generated by "resolvconf", and that your DNS resolution still works as before. You should not need to configure openresolv; it should be automatically detected and used by your network system.<br />
<br />
Next, save the following script at '''/usr/share/openvpn/update-resolv-conf''':<br />
{{bc|<nowiki><br />
#!/bin/bash<br />
#<br />
# Parses DHCP options from openvpn to update resolv.conf<br />
# To use set as 'up' and 'down' script in your openvpn *.conf:<br />
# up /etc/openvpn/update-resolv-conf<br />
# down /etc/openvpn/update-resolv-conf<br />
#<br />
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk><br />
# and Chris Hanson<br />
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.<br />
#<br />
# 05/2006 chlauber@bnc.ch<br />
#<br />
# Example envs set from openvpn:<br />
# foreign_option_1='dhcp-option DNS 193.43.27.132'<br />
# foreign_option_2='dhcp-option DNS 193.43.27.133'<br />
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'<br />
<br />
[ -x /usr/sbin/resolvconf ] || exit 0<br />
<br />
case $script_type in<br />
<br />
up)<br />
for optionname in ${!foreign_option_*} ; do<br />
option="${!optionname}"<br />
echo $option<br />
part1=$(echo "$option" | cut -d " " -f 1)<br />
if [ "$part1" == "dhcp-option" ] ; then<br />
part2=$(echo "$option" | cut -d " " -f 2)<br />
part3=$(echo "$option" | cut -d " " -f 3)<br />
if [ "$part2" == "DNS" ] ; then<br />
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"<br />
fi<br />
if [ "$part2" == "DOMAIN" ] ; then<br />
IF_DNS_SEARCH="$part3"<br />
fi<br />
fi<br />
done<br />
R=""<br />
if [ "$IF_DNS_SEARCH" ] ; then<br />
R="${R}search $IF_DNS_SEARCH<br />
"<br />
fi<br />
for NS in $IF_DNS_NAMESERVERS ; do<br />
R="${R}nameserver $NS<br />
"<br />
done<br />
echo -n "$R" | /usr/sbin/resolvconf -a "${dev}.inet"<br />
;;<br />
down)<br />
/usr/sbin/resolvconf -d "${dev}.inet"<br />
;;<br />
esac<br />
</nowiki>}}<br />
<br />
Remember to make the file executable with:<br />
$ chmod +x /usr/share/openvpn/update-resolv-conf<br />
Next, add the following lines to your OpenVPN client configuration file:<br />
{{bc|<br />
script-security 2<br />
up /usr/share/openvpn/update-resolv-conf<br />
down /usr/share/openvpn/update-resolv-conf<br />
}}<br />
<br />
Now, when your launch your OpenVPN connection, you should find that your resolv.conf file is updated accordingly, and also returns to normal when your close the connection.<br />
<br />
====Connecting to the Server====<br />
You need to start the service on the server<br />
{{bc|<br />
/etc/rc.d/openvpn start<br />
}}<br />
You can add it to rc.conf to make it permanet.<br />
<br />
On the client, in the home directory create a folder that will hold your OpenVPN client config files along with the '''.crt'''/'''.key''' files. Assuming your OpenVPN config folder is called '''.openvpn''' and your client config file is '''vpn1.conf''', to connect to the server issue the following command:<br />
{{bc|<br />
cd ~/.openvpn && sudo openvpn vpn1.conf<br />
}}</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Systemd/Services&diff=230157Systemd/Services2012-10-20T18:55:15Z<p>Tassadar: /* Set network interface in promiscuous mode */ add enable command</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Daemons and system services]]<br />
[[Category:Boot process]]<br />
{{Article summary start}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Systemd}}<br />
{{Article summary end}}<br />
<br />
This page is useful to publish [[systemd]] service files that are missing in the appropriate package in the repositories. These files can be copied from other distributions or created by yourself.<br />
<br />
== BOINC Daemon ==<br />
{{hc|/etc/systemd/system/boinc.service|<nowiki><br />
[Unit]<br />
Description=BOINC Daemon<br />
<br />
[Service]<br />
User=boinc<br />
Nice=19<br />
ExecStart=/usr/bin/boinc_client --dir /var/lib/boinc --redirectio<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Courier-IMAP ==<br />
{{hc|/etc/systemd/system/authdaemond.service|<nowiki><br />
[Unit]<br />
Description=Courier Authentification Daemon<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/usr/sbin/authdaemond start<br />
ExecStop=/usr/sbin/authdaemon stop<br />
PIDFile=/run/authdaemon/pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/courier-imapd.service|<nowiki><br />
[Unit]<br />
Description=Courier IMAP Daemon<br />
Requires=authdaemond.service<br />
After=authdaemond.service<br />
<br />
[Service]<br />
Type=forking<br />
EnvironmentFile=/etc/courier-imap/imapd<br />
ExecStart=/usr/lib/courier-imap/imapd.rc start<br />
ExecStop=/usr/lib/courier-imap/imapd.rc stop<br />
PIDFile=/var/run/courier/imapd.pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/courier-imapd-ssl.service|<nowiki><br />
[Unit]<br />
Description=Courier IMAP Daemon<br />
Requires=authdaemond.service<br />
After=authdaemond.service<br />
<br />
[Service]<br />
Type=forking<br />
EnvironmentFile=/etc/courier-imap/imapd<br />
ExecStart=/usr/lib/courier-imap/imapd-ssl.rc start<br />
ExecStop=/usr/lib/courier-imap/imapd-ssl.rc stop<br />
PIDFile=/var/run/courier/imapd-ssl.pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/usr/lib/tmpfiles.d/authdaemond.conf|<nowiki><br />
D /run/authdaemon 0755 courier courier<br />
</nowiki>}}<br />
<br />
{{hc|/usr/lib/tmpfiles.d/courier-imapd.conf|<nowiki><br />
D /run/courier 0755 courier courier<br />
</nowiki>}}<br />
<br />
{{Note|Taken from Gentoo and modified for Arch. You could replace the files in tmpfiles.d with appropriate ExecStartPre calls as well. Service files for pop3d and pop3d-ssl are still missing, but are probably very similar to the imapd files!}}<br />
<br />
{{Warning|1=Beware that you may need to add Requires=network.target to certain units like mythtv or chrony if you use this unit }}<br />
<br />
== ddclient ==<br />
{{hc|/etc/systemd/system/ddclient.service|<br />
<nowiki><br />
[Unit]<br />
Description=Update dynamic DNS entries<br />
After=network.target<br />
<br />
[Service]<br />
EnvironmentFile=/etc/conf.d/ddclient<br />
PIDFile=/var/run/ddclient.pid<br />
ExecStart=/usr/sbin/ddclient $EXTRA_ARGS<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== dropbear ==<br />
{{hc|/etc/systemd/system/dropbear.service|<br />
<nowiki><br />
[Unit]<br />
Description=Dropbear SSH server<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/sbin/dropbear -p 22 -d /etc/dropbear/dropbear_dss_host_key -w -P /var/run/dropbear.pid<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== Folding@home SMP ==<br />
See the comment on the [https://aur.archlinux.org/packages.php?ID=11964 AUR package].<br />
The unit file is copied below for convenience.<br />
{{hc|/etc/systemd/system/foldingathome-smp.service|<br />
<nowiki><br />
[Unit]<br />
Description=Folding@home distributed computing client<br />
After=network.target<br />
<br />
[Service]<br />
Type=simple<br />
WorkingDirectory=/opt/fah-smp<br />
ExecStart=/opt/fah-smp/fah6 -smp -verbosity 9 -forceasm<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== IPv6 (Hurricane Electric) ==<br />
{{hc|/etc/systemd/system/he-ipv6.service|<nowiki><br />
<br />
[Unit]<br />
Description=he.net IPv6 tunnel<br />
After=network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
ExecStart=/sbin/ip tunnel add he-ipv6 mode sit remote 209.51.161.14 local <local IPv4> ttl 255<br />
ExecStart=/sbin/ip link set he-ipv6 up mtu 1480<br />
ExecStart=/sbin/ip addr add <local IPv6>/64 dev he-ipv6<br />
ExecStart=/sbin/ip -6 route add ::/0 dev he-ipv6<br />
ExecStart=/sbin/ip addr add <public IPv6>/64 dev he-ipv6<br />
ExecStop=/sbin/ip -6 route del ::/0 dev he-ipv6<br />
ExecStop=/sbin/ip link set he-ipv6 down<br />
ExecStop=/sbin/ip tunnel del he-ipv6<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== Logmein Hamachi ==<br />
{{hc|/etc/systemd/system/hamachi.service|<nowiki><br />
[Unit]<br />
Description=Hamachi Daemon<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/opt/logmein-hamachi/bin/hamachid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Noip ==<br />
{{hc|/etc/systemd/system/noip2.service|<nowiki><br />
[Unit]<br />
Description=No-IP Dynamic DNS Update Client<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/usr/bin/noip2<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== pcscd ==<br />
{{hc|/etc/systemd/system/pcscd.service|<nowiki><br />
[Unit]<br />
Description=PC/SC Smart Card Daemon<br />
Requires=pcscd.socket<br />
<br />
[Service]<br />
ExecStart=/usr/sbin/pcscd --foreground --auto-exit<br />
ExecReload=/usr/sbin/pcscd --hotplug<br />
StandardOutput=syslog<br />
<br />
[Install]<br />
Also=pcscd.socket<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/pcscd.socket|<nowiki><br />
[Unit]<br />
Description=PC/SC Smart Card Daemon Activation Socket<br />
<br />
[Socket]<br />
ListenStream=/var/run/pcscd/pcscd.comm<br />
<br />
[Install]<br />
WantedBy=sockets.target<br />
</nowiki>}}<br />
Reference:<br />
* http://ludovicrousseau.blogspot.de/2011/11/pcscd-auto-start-using-systemd.html<br />
<br />
== rc.local ==<br />
{{hc|/etc/systemd/system/rc-local.service|<nowiki><br />
[Unit]<br />
Description=/etc/rc.local Compatibility<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/etc/rc.local<br />
TimeoutSec=0<br />
StandardInput=tty<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{Tip|You can replace your rc.local with native systemd units in {{ic|/etc/systemd/system/}}.}}<br />
{{Note|Also available in {{Pkg|initscripts}} (see: [[Systemd#Arch_integration]]).}}<br />
{{Note|1=StandardInput=tty prevents background processes from running:<br />
https://bbs.archlinux.org/viewtopic.php?id=147790}}<br />
<br />
== Remote filesystem mounts ==<br />
''See: [[Systemd#Remote_filesystem_mounts]]''<br />
<br />
== screen ==<br />
Autostarts screen for the specified user. (e.g. `systemctl enable screen@florian.service`)<br />
{{hc|/etc/systemd/system/screen@.service|<nowiki><br />
[Unit]<br />
Description=screen<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=%i<br />
ExecStart=/usr/bin/screen -dmS autoscreen<br />
ExecStop=/usr/bin/screen -S autoscreen -X quit<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== Static Ethernet network ==<br />
<br />
This is a custom service file for static Ethernet configurations. For other configurations, see [[Systemd#Network]]<br />
{{Warning |1=Beware, you may have to add 'Requires=network.target' for certain services like chrony or mythtv when using this.}}<br />
{{hc|/etc/conf.d/network|<nowiki><br />
interface=eth0<br />
address=192.168.0.1<br />
netmask=24<br />
broadcast=192.168.0.255<br />
gateway=192.168.0.254</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/network.service|<nowiki><br />
[Unit]<br />
Description=Network Connectivity<br />
Wants=network.target<br />
Before=network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
EnvironmentFile=/etc/conf.d/network<br />
ExecStart=/sbin/ip link set dev ${interface} up<br />
ExecStart=/sbin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev ${interface}<br />
ExecStart=/sbin/ip route add default via ${gateway}<br />
ExecStop=/sbin/ip addr flush dev ${interface}<br />
ExecStop=/sbin/ip link set dev ${interface} down<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== Set network interface in promiscuous mode ==<br />
{{hc|/etc/systemd/system/promiscuous@.service|<nowiki><br />
[Unit]<br />
Description=Set %i interface in promiscuous mode<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/sbin/ip link set dev %i promisc on<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
If you want to enable promiscuous mode on interface {{ic|1=eth0}} run:<br />
<br />
# systemctl enable promiscuous@eth0.service<br />
<br />
== tpfand ==<br />
{{hc|/etc/systemd/system/tpfand.service|<nowiki><br />
[Unit]<br />
Description=ThinkPad Fan Control<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/run/tpfand.pid<br />
ExecStart=/usr/sbin/tpfand<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== truecrypt volume setup==<br />
This service employ truecrypt as a mapper only and requires you to create an entry in fstab to mount the mapped & unencrypted device to your desired mountpoint like for instance so:<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt1 /home/ ext4 defaults 0 2</nowiki>}}<br />
<br />
The {{ic|2}} means your fs will be fscked regularly.<br />
<br />
{{hc|/usr/lib/systemd/system/truecrypt@.service|<nowiki><br />
[Unit]<br />
Description=Truecrypt Setup for %I<br />
DefaultDependencies=no<br />
Conflicts=umount.target<br />
Before=umount.target<br />
After=systemd-readahead-collect.service systemd-readahead-replay.service<br />
<br />
[Service]<br />
RemainAfterExit=yes<br />
StandardInput=tty-force<br />
ExecStart=/usr/bin/truecrypt --filesystem=none %I<br />
ExecStop=/usr/bin/truecrypt --filesystem=none -d %I<br />
<br />
[Install]<br />
WantedBy=cryptsetup.target</nowiki>}}<br />
<br />
If your encrypted volume is {{ic|1=/dev/sda2}}, you would enable the service with this command: <br />
# systemctl enable truecrypt@dev-sda2.service<br />
<br />
{{Note|1=Although it works, this service should stil be considered experimental, there might be better solutions to use truecrypt with systemd. If you use mpd or any other programme that needs to access the encrypted filesystem, put it into the line starting with {{ic|1=Before=}}. Cheers to dgbaley27 for basically writing this! Improvements welcome!}}<br />
<br />
== truecrypt (mount encrypted fs) ==<br />
{{hc|/etc/systemd/system/multi-user.target/truecrypt-mount.service|<nowiki><br />
[Unit]<br />
Description=Mount Truecrypt-encrypted filesystems<br />
ConditionFileIsExecutable=/usr/bin/truecrypt<br />
#Requires=truecrypt-unmount.service<br />
#Before=mpd.service<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/truecrypt -t /dev/sdXY /MOUNTPOINT<br />
StandardInput=tty-force<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
#Also=truecrypt-unmount.service<br />
</nowiki>}}<br />
<br />
{{Note|1=Gleaned from [https://bbs.archlinux.org/viewtopic.php?pid=1163760#p1163760 bpont on the forums]. If you use mpd and have your music dir in ~, uncomment {{ic|1=Before=mpd.service}}, which takes care that mpd is started after this script. If you also use {{ic|1=truecrypt-unmount.service}} (see next service) uncomment the {{ic|1=Requires=truecrypt-unmount.service}} and {{ic|1=Also=truecrypt-unmount.service}} so it gets installed and activated by systemd automatically when using this script.}}<br />
<br />
== truecrypt (unmount encrypted fs) ==<br />
{{hc|/etc/systemd/system/multi-user/truecrypt-unmount.service|<nowiki><br />
[Unit]<br />
Description=Truecrypt unmount on shutdown, poweroff, reboot, system halt<br />
Before=local-fs-pre.target<br />
#Before=mpd.service<br />
ConditionPathExistsGlob=/media/truecrypt*<br />
DefaultDependencies=no<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/truecrypt -d<br />
TimeoutSec=5<br />
StandardInput=tty<br />
<br />
[Install]<br />
WantedBy=shutdown.target reboot.target halt.target poweroff.target<br />
</nowiki>}}<br />
<br />
{{Note|1=I don't know if this works yet. It may be necessary to replace {{ic|1=TimeoutSec=5}} with {{ic|1=ExecStart=sleep 5}}. If you use {{ic|mpd}}, make sure to uncomment {{ic|1=Before=mpd.service}} to make sure this service is executed after mpd is closed down (different order during the shutdown of processes than during start up!). Script gleaned from [https://bbs.archlinux.org/viewtopic.php?pid=1163334#p1163334 tladuke on the forums].}}<br />
<br />
== verynice ==<br />
{{hc|/etc/systemd/system/verynice.service|<nowiki><br />
[Unit]<br />
Description=A tool for dynamically adjusting the nice-level of processes<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/run/verynice.pid<br />
ExecStart=/usr/sbin/verynice -d /var/run/verynice.pid<br />
ExecStop=/bin/kill -15 $MAINPID<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== VideoLAN 2.0 ==<br />
Change the '''User''' parameter.<br />
<br />
{{hc|/etc/systemd/system/vlc.service|<nowiki><br />
[Unit]<br />
Description=VideoOnLAN Service<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=nobody<br />
ExecStart=/usr/bin/cvlc --intf=lua --lua-intf=http --daemon --http-port 8090<br />
Restart=on-abort<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Xvfb ==<br />
Change the '''User'''/'''Group''' parameters.<br />
{{hc|/etc/systemd/system/xinit.service|<nowiki><br />
[Unit]<br />
Description=xinit with xvfb<br />
After=network.target<br />
<br />
[Service]<br />
User=bitlbee<br />
Group=bitlbee<br />
ExecStart=/usr/bin/xvfb-run bash %h/.xinitrc<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== ZNC ==<br />
Assuming znc was set up to be run by znc user from /var/lib/znc as explained in the [[Znc]] wiki page.<br />
<br />
{{hc|/etc/systemd/system/znc.service|<nowiki><br />
[Unit]<br />
Description=ZNC Daemon<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/usr/bin/znc --datadir=/var/lib/znc/ --foreground<br />
User=znc<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== See also ==<br />
<br />
* [[systemd]]<br />
* [http://en.gentoo-wiki.com/wiki/Systemd systemd at gentoo wiki]</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Systemd/Services&diff=230155Systemd/Services2012-10-20T18:49:48Z<p>Tassadar: add promiscuous@.service</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Daemons and system services]]<br />
[[Category:Boot process]]<br />
{{Article summary start}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Systemd}}<br />
{{Article summary end}}<br />
<br />
This page is useful to publish [[systemd]] service files that are missing in the appropriate package in the repositories. These files can be copied from other distributions or created by yourself.<br />
<br />
== BOINC Daemon ==<br />
{{hc|/etc/systemd/system/boinc.service|<nowiki><br />
[Unit]<br />
Description=BOINC Daemon<br />
<br />
[Service]<br />
User=boinc<br />
Nice=19<br />
ExecStart=/usr/bin/boinc_client --dir /var/lib/boinc --redirectio<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Courier-IMAP ==<br />
{{hc|/etc/systemd/system/authdaemond.service|<nowiki><br />
[Unit]<br />
Description=Courier Authentification Daemon<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/usr/sbin/authdaemond start<br />
ExecStop=/usr/sbin/authdaemon stop<br />
PIDFile=/run/authdaemon/pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/courier-imapd.service|<nowiki><br />
[Unit]<br />
Description=Courier IMAP Daemon<br />
Requires=authdaemond.service<br />
After=authdaemond.service<br />
<br />
[Service]<br />
Type=forking<br />
EnvironmentFile=/etc/courier-imap/imapd<br />
ExecStart=/usr/lib/courier-imap/imapd.rc start<br />
ExecStop=/usr/lib/courier-imap/imapd.rc stop<br />
PIDFile=/var/run/courier/imapd.pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/courier-imapd-ssl.service|<nowiki><br />
[Unit]<br />
Description=Courier IMAP Daemon<br />
Requires=authdaemond.service<br />
After=authdaemond.service<br />
<br />
[Service]<br />
Type=forking<br />
EnvironmentFile=/etc/courier-imap/imapd<br />
ExecStart=/usr/lib/courier-imap/imapd-ssl.rc start<br />
ExecStop=/usr/lib/courier-imap/imapd-ssl.rc stop<br />
PIDFile=/var/run/courier/imapd-ssl.pid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{hc|/usr/lib/tmpfiles.d/authdaemond.conf|<nowiki><br />
D /run/authdaemon 0755 courier courier<br />
</nowiki>}}<br />
<br />
{{hc|/usr/lib/tmpfiles.d/courier-imapd.conf|<nowiki><br />
D /run/courier 0755 courier courier<br />
</nowiki>}}<br />
<br />
{{Note|Taken from Gentoo and modified for Arch. You could replace the files in tmpfiles.d with appropriate ExecStartPre calls as well. Service files for pop3d and pop3d-ssl are still missing, but are probably very similar to the imapd files!}}<br />
<br />
{{Warning|1=Beware that you may need to add Requires=network.target to certain units like mythtv or chrony if you use this unit }}<br />
<br />
== ddclient ==<br />
{{hc|/etc/systemd/system/ddclient.service|<br />
<nowiki><br />
[Unit]<br />
Description=Update dynamic DNS entries<br />
After=network.target<br />
<br />
[Service]<br />
EnvironmentFile=/etc/conf.d/ddclient<br />
PIDFile=/var/run/ddclient.pid<br />
ExecStart=/usr/sbin/ddclient $EXTRA_ARGS<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== dropbear ==<br />
{{hc|/etc/systemd/system/dropbear.service|<br />
<nowiki><br />
[Unit]<br />
Description=Dropbear SSH server<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/sbin/dropbear -p 22 -d /etc/dropbear/dropbear_dss_host_key -w -P /var/run/dropbear.pid<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== Folding@home SMP ==<br />
See the comment on the [https://aur.archlinux.org/packages.php?ID=11964 AUR package].<br />
The unit file is copied below for convenience.<br />
{{hc|/etc/systemd/system/foldingathome-smp.service|<br />
<nowiki><br />
[Unit]<br />
Description=Folding@home distributed computing client<br />
After=network.target<br />
<br />
[Service]<br />
Type=simple<br />
WorkingDirectory=/opt/fah-smp<br />
ExecStart=/opt/fah-smp/fah6 -smp -verbosity 9 -forceasm<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== IPv6 (Hurricane Electric) ==<br />
{{hc|/etc/systemd/system/he-ipv6.service|<nowiki><br />
<br />
[Unit]<br />
Description=he.net IPv6 tunnel<br />
After=network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
ExecStart=/sbin/ip tunnel add he-ipv6 mode sit remote 209.51.161.14 local <local IPv4> ttl 255<br />
ExecStart=/sbin/ip link set he-ipv6 up mtu 1480<br />
ExecStart=/sbin/ip addr add <local IPv6>/64 dev he-ipv6<br />
ExecStart=/sbin/ip -6 route add ::/0 dev he-ipv6<br />
ExecStart=/sbin/ip addr add <public IPv6>/64 dev he-ipv6<br />
ExecStop=/sbin/ip -6 route del ::/0 dev he-ipv6<br />
ExecStop=/sbin/ip link set he-ipv6 down<br />
ExecStop=/sbin/ip tunnel del he-ipv6<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== Logmein Hamachi ==<br />
{{hc|/etc/systemd/system/hamachi.service|<nowiki><br />
[Unit]<br />
Description=Hamachi Daemon<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/opt/logmein-hamachi/bin/hamachid<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Noip ==<br />
{{hc|/etc/systemd/system/noip2.service|<nowiki><br />
[Unit]<br />
Description=No-IP Dynamic DNS Update Client<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/usr/bin/noip2<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== pcscd ==<br />
{{hc|/etc/systemd/system/pcscd.service|<nowiki><br />
[Unit]<br />
Description=PC/SC Smart Card Daemon<br />
Requires=pcscd.socket<br />
<br />
[Service]<br />
ExecStart=/usr/sbin/pcscd --foreground --auto-exit<br />
ExecReload=/usr/sbin/pcscd --hotplug<br />
StandardOutput=syslog<br />
<br />
[Install]<br />
Also=pcscd.socket<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/pcscd.socket|<nowiki><br />
[Unit]<br />
Description=PC/SC Smart Card Daemon Activation Socket<br />
<br />
[Socket]<br />
ListenStream=/var/run/pcscd/pcscd.comm<br />
<br />
[Install]<br />
WantedBy=sockets.target<br />
</nowiki>}}<br />
Reference:<br />
* http://ludovicrousseau.blogspot.de/2011/11/pcscd-auto-start-using-systemd.html<br />
<br />
== rc.local ==<br />
{{hc|/etc/systemd/system/rc-local.service|<nowiki><br />
[Unit]<br />
Description=/etc/rc.local Compatibility<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/etc/rc.local<br />
TimeoutSec=0<br />
StandardInput=tty<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
{{Tip|You can replace your rc.local with native systemd units in {{ic|/etc/systemd/system/}}.}}<br />
{{Note|Also available in {{Pkg|initscripts}} (see: [[Systemd#Arch_integration]]).}}<br />
{{Note|1=StandardInput=tty prevents background processes from running:<br />
https://bbs.archlinux.org/viewtopic.php?id=147790}}<br />
<br />
== Remote filesystem mounts ==<br />
''See: [[Systemd#Remote_filesystem_mounts]]''<br />
<br />
== screen ==<br />
Autostarts screen for the specified user. (e.g. `systemctl enable screen@florian.service`)<br />
{{hc|/etc/systemd/system/screen@.service|<nowiki><br />
[Unit]<br />
Description=screen<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=%i<br />
ExecStart=/usr/bin/screen -dmS autoscreen<br />
ExecStop=/usr/bin/screen -S autoscreen -X quit<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== Static Ethernet network ==<br />
<br />
This is a custom service file for static Ethernet configurations. For other configurations, see [[Systemd#Network]]<br />
{{Warning |1=Beware, you may have to add 'Requires=network.target' for certain services like chrony or mythtv when using this.}}<br />
{{hc|/etc/conf.d/network|<nowiki><br />
interface=eth0<br />
address=192.168.0.1<br />
netmask=24<br />
broadcast=192.168.0.255<br />
gateway=192.168.0.254</nowiki>}}<br />
<br />
{{hc|/etc/systemd/system/network.service|<nowiki><br />
[Unit]<br />
Description=Network Connectivity<br />
Wants=network.target<br />
Before=network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
EnvironmentFile=/etc/conf.d/network<br />
ExecStart=/sbin/ip link set dev ${interface} up<br />
ExecStart=/sbin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev ${interface}<br />
ExecStart=/sbin/ip route add default via ${gateway}<br />
ExecStop=/sbin/ip addr flush dev ${interface}<br />
ExecStop=/sbin/ip link set dev ${interface} down<br />
<br />
[Install]<br />
WantedBy=multi-user.target</nowiki>}}<br />
<br />
== Set network interface in promiscuous mode ==<br />
{{hc|/etc/systemd/system/promiscuous@.service|<nowiki><br />
[Unit]<br />
Description=Set %i interface in promiscuous mode<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/sbin/ip link set dev %i promisc on<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== tpfand ==<br />
{{hc|/etc/systemd/system/tpfand.service|<nowiki><br />
[Unit]<br />
Description=ThinkPad Fan Control<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/run/tpfand.pid<br />
ExecStart=/usr/sbin/tpfand<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== truecrypt volume setup==<br />
This service employ truecrypt as a mapper only and requires you to create an entry in fstab to mount the mapped & unencrypted device to your desired mountpoint like for instance so:<br />
{{hc|/etc/fstab|<nowiki><br />
/dev/mapper/truecrypt1 /home/ ext4 defaults 0 2</nowiki>}}<br />
<br />
The {{ic|2}} means your fs will be fscked regularly.<br />
<br />
{{hc|/usr/lib/systemd/system/truecrypt@.service|<nowiki><br />
[Unit]<br />
Description=Truecrypt Setup for %I<br />
DefaultDependencies=no<br />
Conflicts=umount.target<br />
Before=umount.target<br />
After=systemd-readahead-collect.service systemd-readahead-replay.service<br />
<br />
[Service]<br />
RemainAfterExit=yes<br />
StandardInput=tty-force<br />
ExecStart=/usr/bin/truecrypt --filesystem=none %I<br />
ExecStop=/usr/bin/truecrypt --filesystem=none -d %I<br />
<br />
[Install]<br />
WantedBy=cryptsetup.target</nowiki>}}<br />
<br />
If your encrypted volume is {{ic|1=/dev/sda2}}, you would enable the service with this command: <br />
# systemctl enable truecrypt@dev-sda2.service<br />
<br />
{{Note|1=Although it works, this service should stil be considered experimental, there might be better solutions to use truecrypt with systemd. If you use mpd or any other programme that needs to access the encrypted filesystem, put it into the line starting with {{ic|1=Before=}}. Cheers to dgbaley27 for basically writing this! Improvements welcome!}}<br />
<br />
== truecrypt (mount encrypted fs) ==<br />
{{hc|/etc/systemd/system/multi-user.target/truecrypt-mount.service|<nowiki><br />
[Unit]<br />
Description=Mount Truecrypt-encrypted filesystems<br />
ConditionFileIsExecutable=/usr/bin/truecrypt<br />
#Requires=truecrypt-unmount.service<br />
#Before=mpd.service<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/truecrypt -t /dev/sdXY /MOUNTPOINT<br />
StandardInput=tty-force<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
#Also=truecrypt-unmount.service<br />
</nowiki>}}<br />
<br />
{{Note|1=Gleaned from [https://bbs.archlinux.org/viewtopic.php?pid=1163760#p1163760 bpont on the forums]. If you use mpd and have your music dir in ~, uncomment {{ic|1=Before=mpd.service}}, which takes care that mpd is started after this script. If you also use {{ic|1=truecrypt-unmount.service}} (see next service) uncomment the {{ic|1=Requires=truecrypt-unmount.service}} and {{ic|1=Also=truecrypt-unmount.service}} so it gets installed and activated by systemd automatically when using this script.}}<br />
<br />
== truecrypt (unmount encrypted fs) ==<br />
{{hc|/etc/systemd/system/multi-user/truecrypt-unmount.service|<nowiki><br />
[Unit]<br />
Description=Truecrypt unmount on shutdown, poweroff, reboot, system halt<br />
Before=local-fs-pre.target<br />
#Before=mpd.service<br />
ConditionPathExistsGlob=/media/truecrypt*<br />
DefaultDependencies=no<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/truecrypt -d<br />
TimeoutSec=5<br />
StandardInput=tty<br />
<br />
[Install]<br />
WantedBy=shutdown.target reboot.target halt.target poweroff.target<br />
</nowiki>}}<br />
<br />
{{Note|1=I don't know if this works yet. It may be necessary to replace {{ic|1=TimeoutSec=5}} with {{ic|1=ExecStart=sleep 5}}. If you use {{ic|mpd}}, make sure to uncomment {{ic|1=Before=mpd.service}} to make sure this service is executed after mpd is closed down (different order during the shutdown of processes than during start up!). Script gleaned from [https://bbs.archlinux.org/viewtopic.php?pid=1163334#p1163334 tladuke on the forums].}}<br />
<br />
== verynice ==<br />
{{hc|/etc/systemd/system/verynice.service|<nowiki><br />
[Unit]<br />
Description=A tool for dynamically adjusting the nice-level of processes<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/run/verynice.pid<br />
ExecStart=/usr/sbin/verynice -d /var/run/verynice.pid<br />
ExecStop=/bin/kill -15 $MAINPID<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== VideoLAN 2.0 ==<br />
Change the '''User''' parameter.<br />
<br />
{{hc|/etc/systemd/system/vlc.service|<nowiki><br />
[Unit]<br />
Description=VideoOnLAN Service<br />
After=network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=nobody<br />
ExecStart=/usr/bin/cvlc --intf=lua --lua-intf=http --daemon --http-port 8090<br />
Restart=on-abort<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Xvfb ==<br />
Change the '''User'''/'''Group''' parameters.<br />
{{hc|/etc/systemd/system/xinit.service|<nowiki><br />
[Unit]<br />
Description=xinit with xvfb<br />
After=network.target<br />
<br />
[Service]<br />
User=bitlbee<br />
Group=bitlbee<br />
ExecStart=/usr/bin/xvfb-run bash %h/.xinitrc<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== ZNC ==<br />
Assuming znc was set up to be run by znc user from /var/lib/znc as explained in the [[Znc]] wiki page.<br />
<br />
{{hc|/etc/systemd/system/znc.service|<nowiki><br />
[Unit]<br />
Description=ZNC Daemon<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/usr/bin/znc --datadir=/var/lib/znc/ --foreground<br />
User=znc<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
</nowiki>}}<br />
<br />
== See also ==<br />
<br />
* [[systemd]]<br />
* [http://en.gentoo-wiki.com/wiki/Systemd systemd at gentoo wiki]</div>Tassadarhttps://wiki.archlinux.org/index.php?title=OpenVPN&diff=229758OpenVPN2012-10-19T18:04:35Z<p>Tassadar: info about starting server config with systemd</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[zh-CN:OpenVPN]]<br />
{{Expansion|(at least) add support for ipv6 and L2 ethernet bridging}}<br />
<br />
This article describes a basic installation and configuration of [http://openvpn.net OpenVPN], suitable for private and small business use. For more detailed information, please see the official [http://openvpn.net/index.php/manuals/427-openvpn-22.html OpenVPN 2.2 man page] and the [http://openvpn.net/index.php/open-source/documentation OpenVPN documentation].<br />
<br />
OpenVPN is a robust and highly flexible [[Wikipedia:VPN|VPN]] daemon. OpenVPN supports [[Wikipedia:SSL/TLS|SSL/TLS]] security, [[Wikipedia:Bridging_(networking)|ethernet bridging]], [[Wikipedia:Transmission_Control_Protocol|TCP]] or [[Wikipedia:User_Datagram_Protocol|UDP]] [[Wikipedia:Tunneling_protocol|tunnel transport]] through [[Wikipedia:Proxy_server|proxies]] or [[Wikipedia:Network address translation|NAT]], support for dynamic IP addresses and [[Wikipedia:Dynamic_Host_Configuration_Protocol|DHCP]], scalability to hundreds or thousands of users, and portability to most major OS platforms.<br />
<br />
OpenVPN is tightly bound to the [http://www.openssl.org OpenSSL] library, and derives much of its crypto capabilities from it.<br />
<br />
OpenVPN supports conventional encryption using a [[Wikipedia:Pre-shared_key|pre-shared secret key]] (Static Key mode) or [[Wikipedia:Public_key|public key security]] ([[Wikipedia:SSL/TLS|SSL/TLS]] mode) using client & server certificates. OpenVPN also supports non-encrypted TCP/UDP tunnels.<br />
<br />
OpenVPN is designed to work with the [[Wikipedia:TUN/TAP|TUN/TAP]] virtual networking interface that exists on most platforms.<br />
<br />
Overall, OpenVPN aims to offer many of the key features of [[Wikipedia:Ipsec|IPSec]] but with a relatively lightweight footprint.<br />
<br />
OpenVPN was written by James Yonan and is published under the [[Wikipedia:GNU General Public License|GNU General Public License (GPL)]].<br />
<br />
==Install OpenVPN==<br />
[[pacman|Install]] {{Pkg|openvpn}} from the [[official repositories]].<br />
<br />
{{Note|The software contained in this package supports both server and client mode, so install it on all machines that need to create vpn connections.}}<br />
<br />
==Configure the system for TUN/TAP support==<br />
<br />
OpenVPN requires TUN/TAP support. Make sure to load the TUN module.<br />
<br />
{{hc|/etc/modules-load.d/tun.conf|<nowiki><br />
# Load tun.ko at boot<br />
tun</nowiki>}}<br />
<br />
The default kernel is already properly configured, but if you use another kernel make sure to enable the TUN/TAP module. If {{ic|$ zgrep CONFIG_TUN /proc/config.gz}} returns {{ic|<nowiki>CONFIG_TUN=n</nowiki>}}, make the following change to the kernel config file and rebuild the kernel.<br />
<br />
{{hc|Kernel config file|<br />
Device Drivers<br />
--> Network device support<br />
[M] Universal TUN/TAP device driver support}}<br />
<br />
==Connect to a VPN provided by a third party==<br />
<br />
To connect to a VPN provided by a third party, most of the following can most likely be ignored. Use the certificates and instructions given by your provider, for instance see: [[Airvpn]].<br />
<br />
==Create a Public Key Infrastructure (PKI) from scratch==<br />
<br />
If you are setting up OpenVPN from scratch, you will need to create a [[Wikipedia:Public key infrastructure|Public Key Infrastructure (PKI)]].<br />
<br />
Create the needed certificates and keys by following: [[Create a Public Key Infrastructure Using the easy-rsa Scripts]].<br />
<br />
The final step of the key creation process is to copy the files needed to the correct machines through a secure channel.<br />
<br />
{{Note|The rest of this article assumes that the keys and certificates are placed in /etc/openvpn.}}<br />
<br />
The public ca.crt certificate is needed on all servers and clients. The private ca.key key is secret and only needed on the key generating machine.<br />
<br />
A server needs server.crt, and dh2048.pem (public), and server.key and ta.key (private).<br />
<br />
A client needs client.crt (public), and client.key and ta.key (private).<br />
<br />
==A basic L3 IP routing configuration==<br />
<br />
{{Note|Unless otherwise explicitly stated, the rest of this article assumes this basic configuration.}}<br />
<br />
OpenVPN is an extremely versatile piece of software and many configurations are possible, in fact machines can be both "servers" and "clients", blurring the distinction between server and client.<br />
<br />
What really distinguishes a server from a client (apart from the type of certificate used) is the configuration file itself. The openvpn daemon startup script reads all the .conf configuration files it finds in /etc/openvpn on startup and acts accordingly. In fact if it finds more than one configuration file, it will start one OpenVPN processes per configuration file.<br />
<br />
This article explains how to setup a server called elmer, and a client that connects to it called bugs. More servers and clients can easily be added, by creating more key/certificate pairs and adding more server and client configuration files.<br />
<br />
The OpenVPN package comes with a collection of example configuration files for different purposes. The sample server and client configuration files make an ideal starting point for a basic OpenVPN setup with the following features:<br />
<br />
* Uses [[Wikipedia:Public key infrastructure|Public Key Infrastructure (PKI)]] for authentication.<br />
* Creates a VPN using a virtual TUN network interface (OSI L3 IP routing).<br />
* Listens for client connections on UDP port 1194 (OpenVPN's [[Wikipedia:Port_number|official IANA port number]]).<br />
* Distributes virtual addresses to connecting clients from the 10.8.0.0/24 subnet.<br />
<br />
For more advanced configurations, please see the official [http://openvpn.net/index.php/manuals/427-openvpn-22.html OpenVPN 2.2 man page] and the [http://openvpn.net/index.php/open-source/documentation OpenVPN documentation].<br />
<br />
===The server configuration file===<br />
<br />
Copy the example server configuration file to /etc/openvpn/server.conf<br />
<br />
{{bc|# cp /usr/share/openvpn/examples/server.conf /etc/openvpn/server.conf}}<br />
<br />
Edit the following:<br />
<br />
* The ca, cert, key, and dh parameters to reflect the path and names of the keys and certificates. Specifying the paths will allow you to run the OpenVPN executable from any directory for testing purposes.<br />
* Enable the SSL/TLS HMAC handshake protection. '''Note the use of the parameter 0 for a server'''.<br />
*It is recommended to run OpenVPN with reduced privileges once it has initialized, do this by uncommenting the user and group directives.<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
ca /etc/openvpn/ca.crt<br />
cert /etc/openvpn/elmer.crt<br />
key /etc/openvpn/elmer.key<br />
<br />
dh /etc/openvpn/dh2048.pem<br />
.<br />
.<br />
tls-auth /etc/openvpn/ta.key '''0'''<br />
.<br />
.<br />
user nobody<br />
group nobody<br />
}}<br />
<br />
{{Note|Note that if the server is behind a firewall or a NAT translating router, you will have to forward the OpenVPN UDP port (1194) to the server.}}<br />
<br />
===The client configuration file===<br />
<br />
Copy the example client configuration file to /etc/openvpn/client.conf<br />
<br />
{{bc|# cp /usr/share/openvpn/examples/client.conf /etc/openvpn/client.conf}}<br />
<br />
Edit the following:<br />
<br />
* The remote directive to reflect either the server's [[Wikipedia:Fully qualified domain name|Fully Qualified Domain Name]] hostname (as known to the client) or its IP address.<br />
* Uncomment the user and group directives to drop privileges.<br />
* The ca, cert, and key parameters to reflect the path and names of the keys and certificates.<br />
* Enable the SSL/TLS HMAC handshake protection. '''Note the use of the parameter 1 for a client'''.<br />
<br />
{{hc|/etc/openvpn/client.conf|<br />
remote elmer.acmecorp.org 1194<br />
.<br />
.<br />
user nobody<br />
group nobody<br />
.<br />
.<br />
ca /etc/openvpn/ca.crt<br />
cert /etc/openvpn/bugs.crt<br />
key /etc/openvpn/bugs.key<br />
.<br />
.<br />
tls-auth /etc/openvpn/ta.key '''1'''<br />
}}<br />
<br />
===Testing the OpenVPN configuration===<br />
<br />
Run {{ic|# openvpn /etc/openvpn/server.conf}} on the server, and {{ic|# openvpn /etc/openvpn/client.conf}} on the client. You should see something similar to this:<br />
<br />
{{hc|# openvpn /etc/openvpn/server.conf|<nowiki><br />
Wed Dec 28 14:41:26 2011 OpenVPN 2.2.1 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 13 2011<br />
Wed Dec 28 14:41:26 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables<br />
Wed Dec 28 14:41:26 2011 Diffie-Hellman initialized with 2048 bit key<br />
.<br />
.<br />
Wed Dec 28 14:41:54 2011 bugs/95.126.136.73:48904 MULTI: primary virtual IP for bugs/95.126.136.73:48904: 10.8.0.6<br />
Wed Dec 28 14:41:57 2011 bugs/95.126.136.73:48904 PUSH: Received control message: 'PUSH_REQUEST'<br />
Wed Dec 28 14:41:57 2011 bugs/95.126.136.73:48904 SENT CONTROL [bugs]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)<br />
</nowiki>}}<br />
<br />
{{hc|# openvpn /etc/openvpn/client.conf|<nowiki><br />
Wed Dec 28 14:41:50 2011 OpenVPN 2.2.1 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 13 2011<br />
Wed Dec 28 14:41:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables<br />
Wed Dec 28 14:41:50 2011 LZO compression initialized<br />
.<br />
.<br />
Wed Dec 28 14:41:57 2011 GID set to nobody<br />
Wed Dec 28 14:41:57 2011 UID set to nobody<br />
Wed Dec 28 14:41:57 2011 Initialization Sequence Completed<br />
</nowiki>}}<br />
<br />
On the server, find the IP assigned to the tunX device:<br />
<br />
{{hc|# ip addr show|<nowiki><br />
.<br />
.<br />
40: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100<br />
link/none<br />
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0</nowiki>}}<br />
<br />
Here we see that the server end of the tunnel has been given the IP address 10.8.0.1.<br />
<br />
Do the same on the client:<br />
<br />
{{hc|# ip addr show|<nowiki><br />
.<br />
.<br />
37: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100<br />
link/none<br />
inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0</nowiki>}}<br />
<br />
And the client side has been given the IP 10.8.0.6.<br />
<br />
Now try pinging the interfaces.<br />
<br />
On the server:<br />
<br />
{{hc|# ping -c3 10.8.0.6|<nowiki><br />
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.<br />
64 bytes from 10.8.0.6: icmp_req=1 ttl=64 time=238 ms<br />
64 bytes from 10.8.0.6: icmp_req=2 ttl=64 time=237 ms<br />
64 bytes from 10.8.0.6: icmp_req=3 ttl=64 time=205 ms<br />
<br />
--- 10.8.0.6 ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2002ms<br />
rtt min/avg/max/mdev = 205.862/227.266/238.788/15.160 ms<br />
</nowiki>}}<br />
<br />
On the client:<br />
<br />
{{hc|# ping -c3 10.8.0.1|<nowiki><br />
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.<br />
64 bytes from 10.8.0.1: icmp_req=1 ttl=64 time=158 ms<br />
64 bytes from 10.8.0.1: icmp_req=2 ttl=64 time=158 ms<br />
64 bytes from 10.8.0.1: icmp_req=3 ttl=64 time=157 ms<br />
<br />
--- 10.8.0.1 ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2001ms<br />
rtt min/avg/max/mdev = 157.426/158.278/158.940/0.711 ms<br />
</nowiki>}}<br />
<br />
You now have a working OpenVPN installation, and your client (bugs) will be able to use services on the server (elmer), and vice versa.<br />
<br />
{{Note|If using a firewall, make sure that ip packets on the TUN device are not blocked.}}<br />
<br />
==Starting OpenVPN==<br />
<br />
===Manual startup===<br />
To manually start with a specific configuration file: {{ic|# openvpn /etc/openvpn/client.conf}}<br />
<br />
=== Initscripts startup ===<br />
To manually start as a daemon {{ic|# rc.d start openvpn}}<br />
<br />
To start as a daemon at boot, add openvpn to the daemons array in {{ic|/etc/rc.conf}}<br />
<br />
{{Note|Starting as a daemon will start one process per valid configuration file found.}}<br />
<br />
=== Systemd service configuration ===<br />
{{Expansion|Please add information on how to start several openvpn processes with systemd}}<br />
Since version 2.2.2-2, a service file is included by default.<br />
To start an OpenVPN daemon using <tt>/etc/openvpn/''client''.conf</tt> and enable it permanently:<br />
{{bc|# systemctl enable openvpn@''client''.service<br />
# systemctl start openvpn@''client''.service}}<br />
<br />
Respectively using <tt>/etc/openvpn/''server''.conf</tt>:<br />
{{bc|# systemctl enable openvpn@''server''.service<br />
# systemctl start openvpn@''server''.service}}<br />
<br />
==Advanced L3 IP routing==<br />
<br />
===Prerequisites for routing a LAN===<br />
<br />
====IPv4 forwarding====<br />
<br />
For a host to be able to forward IPv4 packets between the LAN and VPN, it must be able to forward the packets between its NIC and its tun/tap device.<br />
<br />
Edit {{ic|etc/sysctl.conf}} to permanently enable ipv4 packet forwarding (takes effect at the next boot):<br />
<br />
{{hc|/etc/sysctl.conf|<nowiki><br />
# Enable packet forwarding<br />
net.ipv4.ip_forward=1<br />
</nowiki>}}<br />
<br />
To temporarily enable without rebooting: {{ic|# echo 1 > /proc/sys/net/ipv4/ip_forward}}<br />
<br />
====Promiscious LAN inteface====<br />
<br />
{{Expansion|Please add: How to set the NIC to promiscuous mode using systemd}}<br />
<br />
The forwarding host's NIC (eth0 in the following examples) must also be able to accept packets for a different IP address than it is configured for, something known as [[Wikipedia:Promiscuous_mode|promiscious mode]]. To enable, add the following to {{ic|/etc/rc.local}} (takes effect at the next boot):<br />
<br />
{{hc|/etc/rc.local|ip link set dev eth0 promisc on}}<br />
<br />
To temporarily enable without rebooting: {{ic|# ip link set dev eth0 promisc on}}<br />
<br />
====Routing tables====<br />
<br />
{{Accuracy|Investigate if a routing protocol like RIP, QUAGGA, BIRD, etc can be used}}<br />
<br />
By default, all IP packets on a LAN addressed to a different subnet get sent to the default gateway. If the LAN/VPN gateway is also the default gateway, there is no problem and the packets get properly forwarded. If not, the gateway has no way of knowing where to send the packets. There are a couple of solutions to this problem.<br />
<br />
* Add a static route to the default gateway routing the VPN subnet to the LAN/VPN gateway's IP address.<br />
* Add a static route on each host on the LAN that needs to send IP packets back to the VPN.<br />
* Use [[iptables]]' NAT feature on the LAN/VPN gateway to masquerade the incoming VPN IP packets.<br />
<br />
===Connect the server LAN to a client===<br />
<br />
The server is on a LAN using the 10.66.0.0/24 subnet. To inform the client about the available subnet, add a push directive to the server configuration file:{{hc|/etc/openvpn/server.conf|push "route 10.66.0.0 255.255.255.0"}}<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interface promiscuous on the server. Make sure the server LAN knows how to reach the VPN client.}}<br />
<br />
{{Note|To route more LANs from the server to the client, add more push directives to the server configuration file, but keep in mind that the server side LANs will need to know how to route to the client.}}<br />
<br />
===Connect the client LAN to a server===<br />
<br />
Prerequisites:<br />
<br />
* Any subnets used on the client side, must be unique and not in use on the server or by any other client. In this example we will use 192.168.4.0/24 for the clients LAN.<br />
* Each client's certificate has a unique Common Name, in this case bugs.<br />
* The server may not use the duplicate-cn directive in its config file.<br />
<br />
Create a client configuration directory on the server. It will be searched for a file named the same as the client's common name, and the directives will be applied to the client when it connects.<br />
<br />
{{bc|# mkdir -p /etc/openvpn/ccd}}<br />
<br />
Create a file in the client configuration directory called bugs, containing the {{ic|iroute 192.168.4.0 255.255.255.0}} directive. It tells the server what subnet should be routed to the client:<br />
<br />
{{hc|/etc/openvpn/ccd/bugs|iroute 192.168.4.0 255.255.255.0}}<br />
<br />
Add the client-config-dir and the {{ic|route 192.168.4.0 255.255.255.0}} directive to the server configuration file. It tells the server what subnet should be routed from the tun device to the server LAN:<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
client-config-dir ccd<br />
route 192.168.4.0 255.255.255.0<br />
}}<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interface promiscuous on the client. Make sure the client LAN knows how to reach the VPN server.}}<br />
<br />
{{Note|To route more LANs from the client to the server, add more iroute and route directives to the appropriate configuration files, but keep in mind that the client side LANs will need to know how to route to the server.}}<br />
<br />
===Connect both the client and server LANs===<br />
<br />
Combine the two previous sections:<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
push "route 10.66.0.0 255.255.255.0"<br />
.<br />
.<br />
client-config-dir ccd<br />
route 192.168.4.0 255.255.255.0<br />
}}<br />
<br />
<br />
{{hc|/etc/openvpn/ccd/bugs|iroute 192.168.4.0 255.255.255.0}}<br />
<br />
<br />
{{Note|Remember to enable ipv4 forwarding and to make the LAN interfaces promiscuous on both the client and the server. Make sure that all the LANs or the needed hosts can route to all the destinations.}}<br />
<br />
===Connect clients and client LANs===<br />
<br />
By default clients will not see each other, to allow ip packets to flow between clients and/or client LANs add a client-to-client directive to the server configuration file: {{hc|/etc/openvpn/server.conf|client-to-client}}<br />
<br />
In order for another client or client LAN to see a specific client LAN you will need to add a push directive for each client subnet to the server configuration file (this will make the server announce the available subnet(s) to other clients):<br />
<br />
{{hc|/etc/openvpn/server.conf|<br />
client-to-client<br />
push "route 192.168.4.0 255.255.255.0"<br />
push "route 192.168.5.0 255.255.255.0"<br />
.<br />
.<br />
}}<br />
<br />
{{Note|As always, make sure that the routing is properly configured.}}<br />
<br />
==L2 Ethernet bridging==<br />
<br />
{{Expansion|Please add a well thought out section on L2 bridging.}}<br />
<br />
For now see: [[OpenVPN Bridge]]<br />
<br />
==Contributions that do not yet fit into the main article==<br />
<br />
{{Accuracy|Not quite sure where this fits into the main article yet}}<br />
<br />
===Routing client traffic through the server===<br />
<br />
Append the following to your server's openvpn.conf configuration file:<br />
{{bc|<br />
push "redirect-gateway def1"<br />
push "dhcp-option DNS 192.168.1.1"<br />
}}<br />
Change "192.168.1.1" to your preferred DNS IP address.<br />
<br />
If you have problems with non responsive DNS after connecting to server, install [[BIND]] as simple DNS forwarder and push openvpn ip address of server as DNS to clients.<br />
<br />
====Configure ufw for routing====<br />
Configure your ufw settings to enable routing traffic from clients through server.<br />
<br />
You must change default forward policy, edit /etc/sysctl.conf to permanently enable ipv4 packet forwarding. Takes effect at the next boot.<br />
{{hc|/etc/sysctl.conf|<nowiki><br />
# Enable packet forwarding<br />
net.ipv4.ip_forward=1<br />
</nowiki>}} <br />
<br />
And then configure ufw in '''/etc/default/ufw'''<br />
<br />
{{hc|/etc/default/ufw|<nowiki><br />
DEFAULT_FORWARD_POLICY=”ACCEPT”<br />
</nowiki>}}<br />
<br />
Now change '''/etc/ufw/before.rules''', add following code after header and before *filter line, don't forget to change ip range to yours<br />
<br />
{{hc|/etc/ufw/before.rules|<nowiki><br />
# nat Table rules<br />
*nat<br />
:POSTROUTING ACCEPT [0:0]<br />
<br />
# Allow traffic from clients to eth0<br />
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE<br />
<br />
# don.t delete the .COMMIT. line or these nat table rules won.t be processed<br />
COMMIT<br />
</nowiki>}}<br />
<br />
Open openvpn port 1194<br />
<br />
{{bc|<br />
ufw allow 1194<br />
}}<br />
<br />
====usage of iptables====<br />
<br />
Use an iptable for NAT forwarding:<br />
{{bc|<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE<br />
}}<br />
<br />
If running ArchLinux in a OpenVZ VPS environment [http://thecodeninja.net/linux/openvpn-archlinux-openvz-vps/]:<br />
{{bc|<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to (venet0 ip)<br />
}}<br />
<br />
If all is well, make the changes permanent:<br />
<br />
Edit /etc/conf.d/iptables and change IPTABLES_FORWARD=1<br />
<br />
{{bc|<br />
/etc/rc.d/iptables save<br />
}}<br />
<br />
<br />
===Configuring LDAP authorization===<br />
<br />
{{Accuracy|what does the following do, and is the package still supported?}}<br />
You may also want to install {{AUR|openvpn-authldap-plugin}}, available in the [[Arch User Repository]].<br />
<br />
===Deprecated older wiki content===<br />
<br />
{{Accuracy|See how this older content can be fitted into the new article}}<br />
<br />
====Using PAM and passwords to authenticate====<br />
{{bc|<br />
port 1194<br />
proto udp<br />
dev tap<br />
ca /etc/openvpn/easy-rsa/keys/ca.crt<br />
cert /etc/openvpn/easy-rsa/keys/<MYSERVER>.crt<br />
key /etc/openvpn/easy-rsa/keys/<MYSERVER>.key<br />
dh /etc/openvpn/easy-rsa/keys/dh2048.pem<br />
server 192.168.56.0 255.255.255.0<br />
ifconfig-pool-persist ipp.txt<br />
;learn-address ./script<br />
client-to-client<br />
;duplicate-cn<br />
keepalive 10 120<br />
;tls-auth ta.key 0<br />
comp-lzo<br />
;max-clients 100<br />
;user nobody<br />
;group nobody<br />
persist-key<br />
persist-tun<br />
status /var/log/openvpn-status.log<br />
verb 3<br />
client-cert-not-required<br />
username-as-common-name<br />
plugin /usr/lib/openvpn/openvpn-auth-pam.so login<br />
}}<br />
<br />
====Using certs to authenticate====<br />
{{bc|<br />
port 1194<br />
proto tcp<br />
dev tun0<br />
<br />
ca /etc/openvpn/easy-rsa/keys/ca.crt<br />
cert /etc/openvpn/easy-rsa/keys/<MYSERVER>.crt<br />
key /etc/openvpn/easy-rsa/keys/<MYSERVER>.key<br />
dh /etc/openvpn/easy-rsa/keys/dh2048.pem<br />
<br />
server 10.8.0.0 255.255.255.0<br />
ifconfig-pool-persist ipp.txt<br />
keepalive 10 120<br />
comp-lzo<br />
user nobody<br />
group nobody<br />
persist-key<br />
persist-tun<br />
status /var/log/openvpn-status.log<br />
verb 3<br />
<br />
log-append /var/log/openvpn<br />
status /tmp/vpn.status 10<br />
}}<br />
<br />
====Routing traffic through the server====<br />
<br />
Append the following to your server's openvpn.conf configuration file:<br />
{{bc|<br />
push "dhcp-option DNS 192.168.1.1"<br />
push "redirect-gateway def1"<br />
}}<br />
Change "192.168.1.1" to your external DNS IP address.<br />
<br />
Use an iptable for NAT forwarding:<br />
{{bc|<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE<br />
}}<br />
<br />
If running ArchLinux in a OpenVZ VPS environment [http://thecodeninja.net/linux/openvpn-archlinux-openvz-vps/]:<br />
{{bc|<br />
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to (venet0 ip)<br />
}}<br />
<br />
If all is well, make the changes permanent:<br />
<br />
Edit /etc/conf.d/iptables and change IPTABLES_FORWARD=1<br />
<br />
{{bc|<br />
/etc/rc.d/iptables save<br />
}}<br />
<br />
====Setting up the Client====<br />
The clientside .conf file<br />
=====With password authentication=====<br />
{{bc|<br />
client<br />
dev tap<br />
proto udp<br />
remote <address> 1194<br />
resolv-retry infinite<br />
nobind<br />
persist-tun<br />
comp-lzo<br />
verb 3<br />
auth-user-pass passwd<br />
ca ca.crt<br />
}}<br />
<br />
passwd file (referenced by auth-user-pass) must contain two lines:<br />
* first line - username<br />
* second - password<br />
<br />
=====Certs authentication=====<br />
{{bc|<br />
client<br />
remote <MYSERVER> 1194<br />
dev tun0<br />
proto tcp<br />
resolv-retry infinite<br />
nobind<br />
persist-key<br />
persist-tun<br />
verb 2<br />
ca ca.crt<br />
cert client1.crt<br />
key client1.key<br />
comp-lzo<br />
}}<br />
Copy three files from server to remote computer.<br />
ca.crt<br />
client1.crt<br />
client1.key<br />
<br />
Install the tunnel/tap module:<br />
{{bc|<br />
# sudo modprobe tun<br />
}}<br />
<br />
To have the '''tun''' module loaded automatically at boot time add it to the Modules line in /etc/rc.conf<br />
<br />
=====DNS=====<br />
The DNS servers used by the system are defined in '''/etc/resolv.conf'''. Traditionally, this file is the responsibility of whichever program deals with connecting the system to the network (e.g. Wicd, NetworkManager, etc...) However, OpenVPN will need to modify this file if you want to be able to resolve names on the remote side. To achieve this in a sensible way, install '''openresolv''', which makes it possible for more than one program to modify resolv.conf without stepping on each-other's toes. Before continuing, test openresolv by restarting your network connection and ensuring that resolv.conf states that it was generated by "resolvconf", and that your DNS resolution still works as before. You should not need to configure openresolv; it should be automatically detected and used by your network system.<br />
<br />
Next, save the following script at '''/usr/share/openvpn/update-resolv-conf''':<br />
{{bc|<nowiki><br />
#!/bin/bash<br />
#<br />
# Parses DHCP options from openvpn to update resolv.conf<br />
# To use set as 'up' and 'down' script in your openvpn *.conf:<br />
# up /etc/openvpn/update-resolv-conf<br />
# down /etc/openvpn/update-resolv-conf<br />
#<br />
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk><br />
# and Chris Hanson<br />
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.<br />
#<br />
# 05/2006 chlauber@bnc.ch<br />
#<br />
# Example envs set from openvpn:<br />
# foreign_option_1='dhcp-option DNS 193.43.27.132'<br />
# foreign_option_2='dhcp-option DNS 193.43.27.133'<br />
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'<br />
<br />
[ -x /usr/sbin/resolvconf ] || exit 0<br />
<br />
case $script_type in<br />
<br />
up)<br />
for optionname in ${!foreign_option_*} ; do<br />
option="${!optionname}"<br />
echo $option<br />
part1=$(echo "$option" | cut -d " " -f 1)<br />
if [ "$part1" == "dhcp-option" ] ; then<br />
part2=$(echo "$option" | cut -d " " -f 2)<br />
part3=$(echo "$option" | cut -d " " -f 3)<br />
if [ "$part2" == "DNS" ] ; then<br />
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"<br />
fi<br />
if [ "$part2" == "DOMAIN" ] ; then<br />
IF_DNS_SEARCH="$part3"<br />
fi<br />
fi<br />
done<br />
R=""<br />
if [ "$IF_DNS_SEARCH" ] ; then<br />
R="${R}search $IF_DNS_SEARCH<br />
"<br />
fi<br />
for NS in $IF_DNS_NAMESERVERS ; do<br />
R="${R}nameserver $NS<br />
"<br />
done<br />
echo -n "$R" | /usr/sbin/resolvconf -a "${dev}.inet"<br />
;;<br />
down)<br />
/usr/sbin/resolvconf -d "${dev}.inet"<br />
;;<br />
esac<br />
</nowiki>}}<br />
<br />
Remember to make the file executable with:<br />
$ chmod +x /usr/share/openvpn/update-resolv-conf<br />
Next, add the following lines to your OpenVPN client configuration file:<br />
{{bc|<br />
script-security 2<br />
up /usr/share/openvpn/update-resolv-conf<br />
down /usr/share/openvpn/update-resolv-conf<br />
}}<br />
<br />
Now, when your launch your OpenVPN connection, you should find that your resolv.conf file is updated accordingly, and also returns to normal when your close the connection.<br />
<br />
====Connecting to the Server====<br />
You need to start the service on the server<br />
{{bc|<br />
/etc/rc.d/openvpn start<br />
}}<br />
You can add it to rc.conf to make it permanet.<br />
<br />
On the client, in the home directory create a folder that will hold your OpenVPN client config files along with the '''.crt'''/'''.key''' files. Assuming your OpenVPN config folder is called '''.openvpn''' and your client config file is '''vpn1.conf''', to connect to the server issue the following command:<br />
{{bc|<br />
cd ~/.openvpn && sudo openvpn vpn1.conf<br />
}}</div>Tassadarhttps://wiki.archlinux.org/index.php?title=NFS&diff=227206NFS2012-10-06T18:05:24Z<p>Tassadar: typo - extra word</p>
<hr />
<div>[[Category:Networking]]<br />
[[it:NFSv4]]<br />
[[zh-CN:NFSv4]]<br />
{{note|this article covers NFSv4, for the older version 3 see [[NFSv3]]}}<br />
'''Network File System (NFS)''', is an open standard network file sharing protocol.<br />
<br />
==Installing==<br />
Both client and server only require {{Pkg|nfs-utils}} from the [[official repositories]].<br />
<br />
==Configuring==<br />
===Time synchronization===<br />
In order for NFS to function properly, both server and client must have closely matching time values. If the clocks on the clients differ from the server too much, then basic functions like file copy operations may hang for a very long time leaving the system unusable until they resume. The clocks do not have to match to micro/nano second accuracies, but ideally they should be within 1 second of each other. <br />
<br />
The [[NTP]] system is recommended to sync both the server and the clients to the highly accurate NTP servers available on the Internet. For a small system like a home network, the ntpdate utility may be used to sync both servers and clients to the same time. For a larger installation, it may be desirable to install an OpenNTP server (see [[NTP]]) onto the same machine acting as the NFS server, and then all clients on the network would sync time values from the server. This has the advantage of lowering the stress on the external NTP servers, and in assuring that the NFS clients will use the exact time that the NFS server has, even if the NFS server experiences some drift.<br />
<br />
===Server===<br />
The server configuration involves the {{ic|/etc/idmapd.conf}} file and the {{ic|/etc/exports}} file to export shares. Further tweaking can be done by editing {{ic|/etc/conf.d/nfs-server.conf}}.<br />
<br />
====Server ID mapping====<br />
The {{ic|/etc/idmapd.conf}} file needs to be edited. You'll need to at the very least specify your Domain there. Example:<br />
[General]<br />
<br />
Verbosity = 1<br />
Pipefs-Directory = /var/lib/nfs/rpc_pipefs<br />
'''Domain = archlinux.org'''<br />
<br />
[Mapping]<br />
<br />
Nobody-User = nobody<br />
Nobody-Group = nobody<br />
<br />
====Exports====<br />
All the NFS shares are defined in {{ic|/etc/exports}}. Add directories which you want to share and ip addresses or hostnames of client machines that will be allowed to mount them:<br />
/mnt/music 192.168.0.12(rw,no_subtree_check)<br />
<br />
You can also share it to a whole subnet:<br />
/mnt/music 192.168.0.0/24(rw,no_subtree_check)<br />
{{Note|The old NFSv3-style 192.168.0.*-scheme is ''no longer'' supported.}}<br />
<br />
A typical NFSv4 export would look like this:<br />
/mnt 192.168.0.12(rw,fsid=0,no_subtree_check)<br />
/mnt/music 192.168.0.12(rw,no_subtree_check)<br />
{{Note|The {{ic|1=fsid=0}} is required for the root filesystem being exported. {{ic|/mnt}} is the NFS root here (due to the {{ic|1=fsid=0}} entry). Everything else that you want to be shared over NFS must be accessible under {{ic|/mnt}}. Setting an NFS root is required. For exporting directories outside the NFS root, see below.}}<br />
<br />
For more information about all available options see {{ic|man 5 exports}}.<br />
<br />
=====Exporting directories outside your NFS root=====<br />
To do this, you will need to use bind mounts. For example, to bind {{ic|/home/john}} to {{ic|/mnt/john}}:<br />
# mount --bind /home/john /mnt/john<br />
To make it stick across server reboots add the bind mount to {{ic|/etc/fstab}}:<br />
/home/john /mnt/john none bind 0 0<br />
<br />
Then, {{ic|/mnt/john}} needs to be added to {{ic|/etc/exports}}:<br />
/mnt 192.168.0.12(rw,fsid=0,no_subtree_check)<br />
/mnt/music 192.168.0.12(rw,no_subtree_check)<br />
/mnt/john 192.168.0.12(rw,no_subtree_check,'''nohide''')<br />
The {{ic|nohide}} option is '''required''', because the kernel NFS server automatically hides mounted directories.<br />
<br />
====Starting the server====<br />
To start the NFS server:<br />
# rc.d start rpcbind nfs-common nfs-server<br />
Or add them to your {{ic|/etc/rc.conf}}.<br />
DAEMONS=(... rpcbind nfs-common nfs-server ...)<br />
<br />
To start the NFS server when you are using systemd, use:<br />
# systemctl start nfsd.service rpc-idmapd.service rpc-mountd.service rpcbind.service<br />
<br />
===Client===<br />
The client configuration only involves the {{ic|/etc/idmapd.conf}} file. If your client also acts as a server for other machines on the network, then you will still have to configure the files covered in the server section. <br />
<br />
====Client ID mapping====<br />
The {{ic|/etc/idmapd.conf}} file needs to be edited on all clients. '''The Domain entry should be identical to the one on the server''' (see the ''Server ID mapping'' section). Example:<br />
[General]<br />
<br />
Verbosity = 1<br />
Pipefs-Directory = /var/lib/nfs/rpc_pipefs<br />
'''Domain = archlinux.org'''<br />
<br />
[Mapping]<br />
<br />
Nobody-User = nobody<br />
Nobody-Group = nobody<br />
<br />
[Translation]<br />
Method = nsswitch<br />
<br />
====Starting the client====<br />
To start the NFS client:<br />
# rc.d start rpcbind nfs-common<br />
Or add them to your {{ic|/etc/rc.conf}}.<br />
DAEMONS=(... rpcbind nfs-common ...)<br />
<br />
{{note|On a client only setup make sure rpc.idmapd is running. The nfs-common daemon usually auto-detects whether rpc.idmapd has to be started, but it might fail if there aren't any nfs4 mount entries in {{ic|/etc/fstab}} or if {{ic|/etc/exports}} is empty (which both might be the case if you are using [[autofs]] to mount the nfs4 shares).<br />
In this case set '''NEED_IDMAPD&#61;&quot;yes&quot;''' in {{ic|/etc/conf.d/nfs-common.conf}}. }}<br />
<br />
==Mounting NFS shares on the client==<br />
Show the server's exported filesystems:<br />
showmount -e server<br />
Then just mount as normal: <br />
# rc.d start rpcbind nfs-common<br />
# mount -t nfs4 server:/ /mnt/server/<br />
# mount -t nfs4 server:/music /mnt/music/<br />
# mount -t nfs4 server:/john /mnt/john<br />
Replacing 'server' with the hostname or IP address of your NFS server and of course 'server', 'music' and 'john' with the names of whatever directories you exported on the server.<br />
{{note|The root of the path on the server is the NFS root specified; all paths must be specified relative to it.}}<br />
<br />
===Auto mounting===<br />
*With Initscripts: If you want to auto mount the NFS shares on boot, you will have to make sure that the network(or any other networking daemon that you use), rpcbind, nfs-common daemons are started up and also in that order. Do NOT background the daemons since the order in which they start up is important. Additionally you will also want to start netfs daemon which handles the clean unmount of NFS shares while shutting down the client machine. The netfs daemon can be backgrounded without any issues. <br />
DAEMONS=(... network rpcbind nfs-common @netfs ...)<br />
<br />
*With Systemd: [[Systemd#Remote_filesystem_mounts|Systemd/RemoteFilesystem page]] and make sure to enable rpc-idmapd.service for user id mapping.<br />
<br />
After you have added the daemons, auto mounting of NFS shares can be handled in one of two ways:<br />
====Using fstab====<br />
Using [[fstab]] is useful when you have a server which is always on, and the NFS shares are available whenever your client boots up. Edit your {{ic|/etc/fstab}} file, and add an appropriate line in there reflecting your setup.<br />
server:/ /mnt/nfsshare nfs4 defaults 0 0<br />
{{note| where ''server'' is the server hostname or IP address}}<br />
If you wish to specify a packet size for read and write packets, specify them in your {{ic|/etc/fstab}} entry. Read the NFS man page for further information, including all available mount options.<br />
<br />
====Using autofs====<br />
Using [[autofs]] is useful when you have multiple machines that you want to connect via NFS and they could both be clients as well as servers. The reason this method is preferable over the earlier one is that if one of the machine(server) is switched off, the client will not throw errors about being unable to find NFS shares. Please see the relevant section on the [[autofs#NFS_Network_mounts]] page for setting up NFS shares.<br />
<br />
== Mounting from Windows ==<br />
{{note|only the Enterprise and Ultimate versions of Windows 7 include "Client for NFS"}}<br />
NFS shares can be mounted from windows if the "Client for NFS" service is actived (which it is not by default).<br />
To install the service go to "Programs and features" either through the control panel or by typing it in the search box from the start menu and click on "Turn Windows features on or off". Locate the "Services for NFS" and activate it as well as both subservices ("Administrative tools" and "Client for NFS").<br />
<br />
Some global options can be set by opening the "Services for Network File System" (locate it with the search box) and right clicking on the client->properties. <br />
<br />
{{Warning|under Windows the share is addressed by it's full path on the server, not just the path relative to the nfsroot!! If in doubt run {{ic|showmount -e servername}} from cmd.exe}}<br />
<br />
==Troubleshooting==<br />
===exportfs: /etc/exports:2: syntax error: bad option list===<br />
Delete all space from the option list in {{ic|/etc/exports}}<br />
<br />
===mount.nfs4: No such device===<br />
Check that you have loaded the {{ic|nfs}} module<br />
lsmod | grep nfs<br />
and if previous returns empty or only nfsd-stuff, do<br />
modprobe nfs<br />
<br />
===mount.nfs4: access denied by server while mounting===<br />
Check that the permissions on your client's folder are correct. Try using 755.<br />
<br />
=== permissions issues ===<br />
If you find that you cannot set the permissions on files properly, make sure the user/group you are chowning are on both the client and server.<br />
If that does not help, try modifying these lines in {{ic|/etc/conf.d/nfs-common.conf}}<br />
{{bc|<nowiki><br />
# /etc/conf.d/nfs-common.conf<br />
<br />
# Do you want to start the statd daemon? It is not needed for NFSv4.<br />
NEED_STATD="no"<br />
<br />
# Do you want to start the idmapd daemon? It is only needed for NFSv4.<br />
NEED_IDMAPD="yes"<br />
</nowiki>}}<br />
Restart the nfs-common daemon for the changes to take effect.<br />
I restarted all the other daemons as well, just to be sure.<br />
<br />
=== group/gid permissions issues ===<br />
If NFS shares mount fine, and are fully accessible to the owner, but not to group members; check the number of groups that user belongs to. NFS has a limit of 16 on the number of groups a user can belong to. If you have users with more then this, you need to enable the {{ic|--manage-gids}} start-up flag for {{ic|rpc.mountd}} on the NFS server.<br />
<br />
/etc/conf.d/nfs-server.conf<br />
<br />
# Options for rpc.mountd.<br />
# If you have a port-based firewall, you might want to set up<br />
# a fixed port here using the --port option.<br />
# See rpc.mountd(8) for more details.<br />
<br />
MOUNTD_OPTS="--manage-gids"</div>Tassadarhttps://wiki.archlinux.org/index.php?title=LaTeX&diff=210438LaTeX2012-06-19T13:00:50Z<p>Tassadar: /* Editors and environments */ add zotero cite tool</p>
<hr />
<div>[[fr:LaTeX]]<br />
{{Expansion}}<br />
[[Category:TeX]]<br />
{{Article summary start}}<br />
{{Article summary text|Implementations of LaTeX in Arch Linux.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|TeX Live}}<br />
{{Article summary wiki|TeX Live FAQ}}<br />
{{Article summary wiki|TeX Live and CJK}}<br />
{{Article summary end}}<br />
<br />
[[Wikipedia:LaTeX|LaTeX]] is a popular markup language and document preparation system, often used in the sciences. The current implementation in Arch Linux is [[TeX Live]].<br />
<br />
== Installation ==<br />
For a standard LaTeX installation, [[Pacman|install]] the {{Pkg|texlive-most}} package group, which includes all of the [[TeX Live]] packages in the [[Official Repositories|official repositories]]. <br />
<br />
For internationalization support, install the {{Pkg|texlive-lang}} package, which provides various character sets and non-English features.<br />
<br />
=== Select packages (alternate) ===<br />
It is also possible to select the individual LaTeX packages you require. Install the {{Pkg|texlive-core}} package, which contains the LaTeX compiler. On its own, {{Pkg|texlive-core}} should be suitable for most needs.<br />
<br />
To compile a TeX file install the {{Pkg|texlive-bin}} package.<br />
<br />
== Editors and environments ==<br />
{{Wikipedia|LaTeX}}<br />
<br />
While LaTeX can be written in a simple text editor, many people wish to edit LaTeX source in a specialized environment. The following editors, which use various toolkits, are all available in the [[Official Repositories|official repositories]] and can be installed with [[pacman]].<br />
<br />
'''[[GTK+]]'''<br />
* {{App|gedit|Supports LaTeX syntax highlighting, it is included in {{Grp|gnome-extra}}.|http://www.gnome.org/|{{Pkg|Gedit}}}}<br />
* {{App|Winefish|A very lightweight LaTeX editing suite. It supports highlighting and code completion, compile-from-editor, among other things.|http://developer.berlios.de/projects/winefish/|{{Pkg|winefish}}}}<br />
* {{App|geany|An IDE that includes LaTeX syntax highlighting, building, and shows a list of environments/sections/labels in the sidebar.|http://www.geany.org/|{{pkg|Geany}}}}<br />
* {{App|gummi|Lightweight LaTeX editor. It features a continuous preview mode, integrated BibTeX support, extendable snippet interface and multi-document support.|http://dev.midnightcoding.org/projects/gummi/|{{pkg|gummi}}}}<br />
<br />
'''[[KDE]]'''<br />
* {{App|Kile|A user friendly TeX/LaTeX front-end for [[KDE]]|http://kile.sourceforge.net/|{{Pkg|kile}}}}<br />
* {{App|Ktikz|GUI making diagrams with [http://pgf.sourceforge.net/ TikZ/PGF] easier.|http://www.hackenberger.at/blog/ktikz-editor-for-the-tikz-language/|{{Pkg|ktikz}}}}<br />
<br />
'''Other'''<br />
* {{App|Vim|[[Vim]] together with {{AUR|vim-latexsuite-git}} can be used as customizable LaTeX environment.|http://www.vim.org|{{Pkg|vim}}}}<br />
* {{App|TeXMaker|A free, modern and cross-platform LaTeX editor for linux, macosx and windows systems that integrates many tools needed to develop documents with LaTeX, in just one application. Also check out {{AUR|TeXWorks}}.|http://www.xm1math.net/texmaker/|{{AUR|TeXMaker}}}}<br />
* {{App|LyX|An advanced open-source [[Wikipedia:WYSIWYM|WYSIWYM]] document processor.|http://www.lyx.org/|{{Pkg|lyx}}}}<br />
* {{App|JabRef|Java GUI frontend for managing BibTeX and other bibliographies. If you have issues with certain features not working in JabRef (like the "Find" command), it may be an incompatibility with Java 7. Try installing Java 6 (i.e. {{pkg|openjdk6}}). This will uninstall {{pkg|jdk7-openjdk}} and {{pkg|jre7-openjdk}}, and all features in JabRef should now work.|http://jabref.sourceforge.net/index.php|{{AUR|jabref-git}}}}<br />
* {{App|Zotero|This is a free, easy-to-use tool to help you collect, organize, cite, and share your research sources. There is a standalone version and a firefox add-on available.|http://www.zotero.org/support/3.0/|{{AUR|zotero}}}}<br />
* {{App|TeXmacs|[[Wikipedia:WYSISYW]] (what you see is what you want) editing platform with special features for scientists.|http://www.texmacs.org|{{Pkg|texmacs}}}}<br />
<br />
{{Wikipedia|Comparison of TeX editors}}<br />
<br />
== Updating babelbib language definitions ==<br />
<br />
If you have the very specific problem of babelbib not having the latest language definitions that you need, and you don't want to recompile everything, you can get them manually from http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/ and put them in {{ic|/usr/share/texmf-dist/tex/latex/babelbib/}}. For example:<br />
<br />
{{bc|<br />
# cd /usr/share/texmf-dist/tex/latex/babelbib/ <br />
# wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/romanian.bdf<br />
# wget [...all-other-language-files...]<br />
# wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/babelbib.sty<br />
}}<br />
<br />
Afterwards, you need to run texhash to update the TeX database:<br />
<br />
{{bc|# texhash}}<br />
<br />
== See also ==<br />
* [[TeX Live]]</div>Tassadarhttps://wiki.archlinux.org/index.php?title=LaTeX&diff=210437LaTeX2012-06-19T12:57:33Z<p>Tassadar: /* Editors and environments */ add gummi gtk application</p>
<hr />
<div>[[fr:LaTeX]]<br />
{{Expansion}}<br />
[[Category:TeX]]<br />
{{Article summary start}}<br />
{{Article summary text|Implementations of LaTeX in Arch Linux.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|TeX Live}}<br />
{{Article summary wiki|TeX Live FAQ}}<br />
{{Article summary wiki|TeX Live and CJK}}<br />
{{Article summary end}}<br />
<br />
[[Wikipedia:LaTeX|LaTeX]] is a popular markup language and document preparation system, often used in the sciences. The current implementation in Arch Linux is [[TeX Live]].<br />
<br />
== Installation ==<br />
For a standard LaTeX installation, [[Pacman|install]] the {{Pkg|texlive-most}} package group, which includes all of the [[TeX Live]] packages in the [[Official Repositories|official repositories]]. <br />
<br />
For internationalization support, install the {{Pkg|texlive-lang}} package, which provides various character sets and non-English features.<br />
<br />
=== Select packages (alternate) ===<br />
It is also possible to select the individual LaTeX packages you require. Install the {{Pkg|texlive-core}} package, which contains the LaTeX compiler. On its own, {{Pkg|texlive-core}} should be suitable for most needs.<br />
<br />
To compile a TeX file install the {{Pkg|texlive-bin}} package.<br />
<br />
== Editors and environments ==<br />
{{Wikipedia|LaTeX}}<br />
<br />
While LaTeX can be written in a simple text editor, many people wish to edit LaTeX source in a specialized environment. The following editors, which use various toolkits, are all available in the [[Official Repositories|official repositories]] and can be installed with [[pacman]].<br />
<br />
'''[[GTK+]]'''<br />
* {{App|gedit|Supports LaTeX syntax highlighting, it is included in {{Grp|gnome-extra}}.|http://www.gnome.org/|{{Pkg|Gedit}}}}<br />
* {{App|Winefish|A very lightweight LaTeX editing suite. It supports highlighting and code completion, compile-from-editor, among other things.|http://developer.berlios.de/projects/winefish/|{{Pkg|winefish}}}}<br />
* {{App|geany|An IDE that includes LaTeX syntax highlighting, building, and shows a list of environments/sections/labels in the sidebar.|http://www.geany.org/|{{pkg|Geany}}}}<br />
* {{App|gummi|Lightweight LaTeX editor. It features a continuous preview mode, integrated BibTeX support, extendable snippet interface and multi-document support.|http://dev.midnightcoding.org/projects/gummi/|{{pkg|gummi}}}}<br />
<br />
'''[[KDE]]'''<br />
* {{App|Kile|A user friendly TeX/LaTeX front-end for [[KDE]]|http://kile.sourceforge.net/|{{Pkg|kile}}}}<br />
* {{App|Ktikz|GUI making diagrams with [http://pgf.sourceforge.net/ TikZ/PGF] easier.|http://www.hackenberger.at/blog/ktikz-editor-for-the-tikz-language/|{{Pkg|ktikz}}}}<br />
<br />
'''Other'''<br />
* {{App|Vim|[[Vim]] together with {{AUR|vim-latexsuite-git}} can be used as customizable LaTeX environment.|http://www.vim.org|{{Pkg|vim}}}}<br />
* {{App|TeXMaker|A free, modern and cross-platform LaTeX editor for linux, macosx and windows systems that integrates many tools needed to develop documents with LaTeX, in just one application. Also check out {{AUR|TeXWorks}}.|http://www.xm1math.net/texmaker/|{{AUR|TeXMaker}}}}<br />
* {{App|LyX|An advanced open-source [[Wikipedia:WYSIWYM|WYSIWYM]] document processor.|http://www.lyx.org/|{{Pkg|lyx}}}}<br />
* {{App|JabRef|Java GUI frontend for managing BibTeX and other bibliographies. If you have issues with certain features not working in JabRef (like the "Find" command), it may be an incompatibility with Java 7. Try installing Java 6 (i.e. {{pkg|openjdk6}}). This will uninstall {{pkg|jdk7-openjdk}} and {{pkg|jre7-openjdk}}, and all features in JabRef should now work.|http://jabref.sourceforge.net/index.php|{{AUR|jabref-git}}}}<br />
* {{App|TeXmacs|[[Wikipedia:WYSISYW]] (what you see is what you want) editing platform with special features for scientists.|http://www.texmacs.org|{{Pkg|texmacs}}}}<br />
<br />
{{Wikipedia|Comparison of TeX editors}}<br />
<br />
== Updating babelbib language definitions ==<br />
<br />
If you have the very specific problem of babelbib not having the latest language definitions that you need, and you don't want to recompile everything, you can get them manually from http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/ and put them in {{ic|/usr/share/texmf-dist/tex/latex/babelbib/}}. For example:<br />
<br />
{{bc|<br />
# cd /usr/share/texmf-dist/tex/latex/babelbib/ <br />
# wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/romanian.bdf<br />
# wget [...all-other-language-files...]<br />
# wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/babelbib/babelbib.sty<br />
}}<br />
<br />
Afterwards, you need to run texhash to update the TeX database:<br />
<br />
{{bc|# texhash}}<br />
<br />
== See also ==<br />
* [[TeX Live]]</div>Tassadarhttps://wiki.archlinux.org/index.php?title=X_resources&diff=203763X resources2012-06-05T14:45:46Z<p>Tassadar: /* See also */</p>
<hr />
<div>{{i18n|X resources}}<br />
[[de:Xdefaults]]<br />
[[Category:Dotfiles]]<br />
[[Category:X Server]]<br />
<br />
'''Xresources''' and '''Xdefaults''' are user-level configuration ''dotfiles'', typically located at {{ic|~/.Xresources}} and {{ic|~/.Xdefaults}}. They can be used to set [[Wikipedia:X resources|X resources]], which are configuration parameters for X client applications.<br />
<br />
They can do many operations, including:<br />
<br />
* defining terminal colours<br />
* configuring terminal preferences<br />
* setting DPI, antialiasing, hinting and other X font settings<br />
* changing the Xcursor theme<br />
* theming xscreensaver<br />
* altering preferences on low-level X applications (xclock ({{Pkg|xorg-xclock}}), {{Pkg|xpdf}}, {{Pkg|rxvt-unicode}}, etc.)<br />
<br />
{{Note|Using {{ic|~/.Xdefaults}} is deprecated, so this article will refer to {{ic|~/.Xresources}} only.}}<br />
<br />
==Getting started==<br />
<br />
===Parsing .Xresources===<br />
The file {{ic|~/.Xresources}} does not exist by default. Being a plain-text file, you can create and edit it with the text editor of your choice. Once present, it will be parsed by the {{ic|xrdb}} (Xorg resource database) program automatically when [[Xorg]] is started, storing the resources in the X server so the file does not need to be re-read. You must re-run {{ic|xrdb ~/.Xresources}} every time you change the file, or restart Xorg.<br />
<br />
To reread your .Xresources file, and throw away your old resources <br />
xrdb ~/.Xresources<br />
<br />
To reread your .Xresources file, and keep your old resources<br />
xrdb -merge ~/.Xresources<br />
<br />
{{Note|<br />
*If you use xrdb manually you can actually put the file anywhere you want, for example in {{ic|~/.config/Xresources}}.<br />
*If you background the execution of xrdb in a chain of commands in {{ic|~/.xinitrc}}, the programs launched in the same chain might not be able to make use of it, so it is recommended to ''never'' background the xrdb command within {{ic|~/.xinitrc}}.<br />
*The older (deprecated) {{ic|~/.Xdefaults}} file is read every time you start an X program such as {{ic|xterm}}, but '''only''' if {{ic|xrdb}} has not '''ever''' been used in the current X session. [http://groups.google.com/group/comp.windows.x/msg/6c1c083711c35d84]<br />
*Works for remote X clients too<br />
}}<br />
<br />
===Adding to xinitrc===<br />
If you do not use a [[Desktop Environment|desktop environment]], you probably need to add the following line to your {{ic|~/.[[xinitrc]]}}:<br />
<nowiki>[[ -f ~/.Xresources ]] && xrdb -merge ~/.Xresources</nowiki><br />
<br />
===Default settings===<br />
To see the default settings for your installed X11 apps, look in {{ic|/usr/share/X11/app-defaults/}}.<br />
<br />
Detailed information on program specific resources is usually provided in the man page for that app. Xterms manpage is a good example, containing a list of resources and the default value.<br />
<br />
To see the current loaded resources:<br />
xrdb -query -all<br />
<br />
===Xresources syntax===<br />
====The basic syntax====<br />
The syntax of an Xresources file is as follows:<br />
'''name.Class.resource: value'''<br />
and here is a real world example:<br />
xscreensaver.Dialog.headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
;name<br />
:The name of the application, such xterm, xpdf, etc<br />
<br />
;class<br />
:The classification used to group resources together. Class names are typically uppercase.<br />
<br />
;resource<br />
:The name of the resource whose value is to be changed. Resources are typically lowercase with uppercase concatenation.<br />
<br />
;value<br />
:The actual value of the resource. This can be 1 of 3 types:<br />
:* Integer (whole numbers)<br />
:* Boolean (true/false, yes/no, on/off)<br />
:* String (a string of characters) (for example a word (white), a color (#ffffff), or a path (/usr/bin/firefox))<br />
<br />
;delimiters<br />
:A period ('''.''') is used to signify each step down into the hierarchy -- in the above example we start at name, then descend into Class, and finally into the resource itself. A colon (''':''') is used to separate the resource declaration from the actual value.<br />
<br />
====Wildcard matching====<br />
The asterisk can be used as a wildcard, making it easy to write a single rule that can be applied to many different applications or elements. <br />
<br />
Using the previous example, if you want to apply the same font to all programs (not just xscreensaver) that contain the class name ''Dialog'' which contains the resource name ''headingFont'', you would write:<br />
'''*'''Dialog.headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
If you want to apply this same rule to all programs that contain the resource ''headingFont'' regardless of its class, you would write:<br />
'''*'''headingFont: -*-fixed-bold-r-*-*-*-100-*-*-*-*-iso8859-1<br />
<br />
====Commenting====<br />
To add a comment to your Xresources file, simply prefix it with an exclamation point (!), for example:<br />
! This is a comment placed above some Xft settings<br />
Xft.dpi: 96 ! this is an inline comment<br />
<br />
! The following rule will be ignored because it has been commented out<br />
!Xft.antialias: true<br />
<br />
==Sample usage==<br />
The following samples should provide a good understanding of how application settings can be modified using an Xresources file. For full details, refer to the man page of the application in question.<br />
<br />
===File header===<br />
If desired, you can add a header to {{ic|~/.Xresources}} which not only explains the file's contents, but also instruct [[vim]] on how to perform syntax highlighting and other formatting. For example:<br />
{{bc|1=<br />
! ----------------------------------------------------------------------------<br />
! file: ~/.Xresources<br />
! author: Thayer Williams - http://cinderwick.ca<br />
! modified: November 2008<br />
! vim: set fenc=utf-8:nu:ai:si:et:ts=4:sw=4:ft=xdefaults:<br />
! ----------------------------------------------------------------------------<br />
}}<br />
<br />
This will instruct vim to use UTF-8 encoding, display line numbers, auto-indent, smart-indent, expand tabs to spaces, set tabs to equal 4 spaces, and set the autocommand Filetype to "xdefaults".<br />
<br />
It is a good habit to get into, especially if you'd like to make your dotfiles available for public consumption.<br />
<br />
===Terminal colors===<br />
Most terminals, including [[xterm]] and [[urxvt]], support at least 16 basic colors. The following is an example of a 16-color scheme. The colors 0-7 are the 'normal' colors, while colors 8-15 are their 'bright' counterparts, used for highlighting and such. A good place to start when making your Xresources, is to define the default terminal colors: <br />
{{bc|<br />
! terminal colors ------------------------------------------------------------<br />
<br />
! tangoesque scheme<br />
*background: #111111<br />
*foreground: #babdb6<br />
! Black (not tango) + DarkGrey<br />
*color0: #000000<br />
*color8: #555753<br />
! DarkRed + Red<br />
*color1: #ff6565<br />
*color9: #ff8d8d<br />
! DarkGreen + Green<br />
*color2: #93d44f<br />
*color10: #c8e7a8<br />
! DarkYellow + Yellow<br />
*color3: #eab93d<br />
*color11: #ffc123<br />
! DarkBlue + Blue<br />
*color4: #204a87<br />
*color12: #3465a4<br />
! DarkMangenta + Mangenta<br />
*color5: #ce5c00<br />
*color13: #f57900<br />
!DarkCyan + Cyan (both not tango)<br />
*color6: #89b6e2<br />
*color14: #46a4ff<br />
! LightGrey + White<br />
*color7: #cccccc<br />
*color15: #ffffff<br />
}}<br />
<br />
See [[Man_Page#Colored_man_pages_on_xterm_or_rxvt-unicode]] for how to color bold and underlined text automatically xterm and rxvt.<br />
<br />
For more examples of color schemes, see the [[#Contributed examples]] section at the bottom of this article.<br />
<br />
===Xcursor resources===<br />
Set the theme and size of your mouse cursor:<br />
<br />
! Xcursor --------------------------------------------------------------------<br />
<br />
Xcursor.theme: Vanilla-DMZ-AA<br />
Xcursor.size: 22<br />
<br />
Available themes reside in {{ic|/usr/share/icons}} and local themes can be installed to {{ic|~/.icons}}.<br />
<br />
===Xft resources===<br />
You can define basic font resources without the need of a {{ic|fonts.conf}} file or a desktop environment. Note however, the use of a desktop environment and/or {{ic|fonts.conf}} can override these settings. Your best option is to use one or the other, but not both.<br />
<br />
! Xft settings ---------------------------------------------------------------<br />
<br />
Xft.dpi: 96<br />
Xft.antialias: true<br />
Xft.rgba: rgb<br />
Xft.hinting: true<br />
Xft.hintstyle: hintslight<br />
<br />
===Xterm resources===<br />
The following resources will open [[xterm]] in an 80x25 character window with a scroll-bar and scroll capability for the last 512 lines. The specified [[Fonts#Terminal|Terminus]] facename is a popular and clean terminal font.<br />
<br />
! xterm ----------------------------------------------------------------------<br />
<br />
xterm*geometry: 80x25<br />
xterm*faceName: terminus:bold:pixelsize=14<br />
!xterm*font: -*-dina-medium-r-*-*-16-*-*-*-*-*-*-*<br />
xterm*dynamicColors: true<br />
xterm*utf8: 2<br />
xterm*eightBitInput: true<br />
xterm*saveLines: 512<br />
xterm*scrollKey: true<br />
xterm*scrollTtyOutput: false<br />
xterm*scrollBar: true<br />
xterm*rightScrollBar: true<br />
xterm*jumpScroll: true<br />
xterm*multiScroll: true<br />
xterm*toolBar: false<br />
<br />
===rxvt-unicode (urxvt) resources===<br />
{{Pkg|rxvt-unicode}} features an extensive list of options which can be configured via {{ic|~/.Xresources}}. Refer to the urxvt man page or [[Urxvt#Creating_.7E.2F.Xresources|this wiki article]] for details.<br />
<br />
===Aterm preferences===<br />
Sample settings for aterm (very similar to urxvt):<br />
<br />
!aterm settings------------------------------------------------------------- <br />
<br />
aterm*background: black<br />
aterm*foreground: white<br />
aterm*transparent: true<br />
aterm*shading: 30<br />
aterm*cursorColor: gray<br />
aterm*saveLines: 2000<br />
!aterm*tinting: gray<br />
aterm*scrollBar: false<br />
!aterm*scrollBar_right: true<br />
aterm*transpscrollbar: true<br />
aterm*borderwidth: 0<br />
aterm*font: -*-terminus-*-*-*-*-*-*-*-*-*-*-*-*<br />
aterm*geometry: 80x25<br />
!aterm*fading: 70 <br />
<br />
===Xpdf resources===<br />
Following are some basic resources for [[xpdf]], a lightweight PDF viewer:<br />
<br />
! xpdf -----------------------------------------------------------------------<br />
<br />
xpdf*enableFreetype: yes<br />
xpdf*antialias: yes<br />
xpdf*foreground: black<br />
xpdf*background: white<br />
xpdf*urlCommand: /usr/bin/firefox %s<br />
<br />
Anything more detailed than the above you should be putting in {{ic|~/.xpdfrc}} instead. See the xpdf man page for more information. Note that {{ic|viKeys}} is deprecated.<br />
<br />
===Lal clock resources===<br />
<br />
! lal clock ------------------------------------------------------------------<br />
<br />
lal*font: Arial<br />
lal*fontsize: 12<br />
lal*bold: true<br />
lal*color: #ffffff<br />
lal*width: 150<br />
lal*format: %a %b %d %l:%M%P<br />
<br />
===Xclock preferences===<br />
Some basic xclock settings. See the xclock man page for all X resources.<br />
<br />
! xclock ---------------------------------------------------------------------<br />
<br />
xclock*update: 1<br />
xclock*analog: false<br />
xclock*Foreground: white<br />
xclock*background: black<br />
<br />
===X11-ssh-askpass resources===<br />
<br />
! x11-ssh-askpass ------------------------------------------------------------<br />
<br />
x11-ssh-askpass*font: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
x11-ssh-askpass*background: #000000<br />
x11-ssh-askpass*foreground: #ffffff<br />
x11-ssh-askpass.Button*background: #000000<br />
x11-ssh-askpass.Indicator*foreground: #ff9900<br />
x11-ssh-askpass.Indicator*background: #090909<br />
x11-ssh-askpass*topShadowColor: #000000<br />
x11-ssh-askpass*bottomShadowColor: #000000<br />
x11-ssh-askpass.*borderWidth: 1<br />
<br />
===XScreenSaver resources===<br />
The following is a sample [[Xscreensaver|XScreenSaver]] theme. For more information, refer to the XScreenSaver man page.<br />
<br />
{{Note|If the {{ic|~/.xscreensaver}} file exists, then these X resources will ''not'' be used.}}<br />
<br />
! xscreensaver ---------------------------------------------------------------<br />
<br />
!font settings<br />
xscreensaver.Dialog.headingFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.bodyFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.labelFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.unameFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.buttonFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.Dialog.dateFont: -*-dina-medium-r-*-*-12-*-*-*-*-*-*-*<br />
xscreensaver.passwd.passwdFont: -*-dina-bold-r-*-*-12-*-*-*-*-*-*-*<br />
!general dialog box (affects main hostname, username, password text)<br />
xscreensaver.Dialog.foreground: #ffffff<br />
xscreensaver.Dialog.background: #111111<br />
xscreensaver.Dialog.topShadowColor: #111111<br />
xscreensaver.Dialog.bottomShadowColor: #111111<br />
xscreensaver.Dialog.Button.foreground: #666666<br />
xscreensaver.Dialog.Button.background: #ffffff<br />
!username/password input box and date text colour<br />
xscreensaver.Dialog.text.foreground: #666666<br />
xscreensaver.Dialog.text.background: #ffffff<br />
xscreensaver.Dialog.internalBorderWidth:24<br />
xscreensaver.Dialog.borderWidth: 20<br />
xscreensaver.Dialog.shadowThickness: 2<br />
!timeout bar (background is actually determined by Dialog.text.background)<br />
xscreensaver.passwd.thermometer.foreground: #ff0000<br />
xscreensaver.passwd.thermometer.background: #000000<br />
xscreensaver.passwd.thermometer.width: 8<br />
!datestamp format--see the strftime(3) manual page for details<br />
xscreensaver.dateFormat: %I:%M%P %a %b %d, %Y<br />
<br />
===Xcalc resources===<br />
Following are some xcalc resources to colorize and customize buttons.<br />
<br />
!xcalc-----------------------------------------------------------------------<br />
<br />
xcalc*geometry: 200x275<br />
xcalc.ti.bevel.background: #111111<br />
xcalc.ti.bevel.screen.background: #000000<br />
xcalc.ti.bevel.screen.DEG.background: #000000<br />
xcalc.ti.bevel.screen.DEG.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.GRAD.background: #000000<br />
xcalc.ti.bevel.screen.GRAD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.RAD.background: #000000<br />
xcalc.ti.bevel.screen.RAD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.INV.background: #000000<br />
xcalc.ti.bevel.screen.INV.foreground: Red<br />
xcalc.ti.bevel.screen.LCD.background: #000000<br />
xcalc.ti.bevel.screen.LCD.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.LCD.shadowWidth: 0<br />
xcalc.ti.bevel.screen.M.background: #000000<br />
xcalc.ti.bevel.screen.M.foreground: LightSeaGreen<br />
xcalc.ti.bevel.screen.P.background: #000000<br />
xcalc.ti.bevel.screen.P.foreground: Yellow<br />
xcalc.ti.Command.foreground: White<br />
xcalc.ti.Command.background: #777777<br />
xcalc.ti.button5.background: Orange3<br />
xcalc.ti.button19.background: #611161<br />
xcalc.ti.button18.background: #611161<br />
xcalc.ti.button20.background: #611111<br />
!uncomment to change label on division button<br />
!xcalc.ti.button20.label: /<br />
xcalc.ti.button25.background: #722222<br />
xcalc.ti.button30.background: #833333<br />
xcalc.ti.button35.background: #944444<br />
xcalc.ti.button40.background: #a55555<br />
xcalc.ti.button22.background: #222262<br />
xcalc.ti.button23.background: #222262<br />
xcalc.ti.button24.background: #222272<br />
xcalc.ti.button27.background: #333373<br />
xcalc.ti.button28.background: #333373<br />
xcalc.ti.button29.background: #333373<br />
xcalc.ti.button32.background: #444484<br />
xcalc.ti.button33.background: #444484<br />
xcalc.ti.button34.background: #444484<br />
xcalc.ti.button37.background: #555595<br />
xcalc.ti.button38.background: #555595<br />
xcalc.ti.button39.background: #555595<br />
XCalc*Cursor: hand2<br />
XCalc*ShapeStyle: rectangle<br />
<br />
==Color scheme commands==<br />
Here are some fast bash commands you can run right in your shell.<br />
<br />
===Display all 256 colors===<br />
Prints all 256 colors across the screen, very quick.<br />
<nowiki>(x=`tput op` y=`printf %76s`;for i in {0..256};do o=00$i;echo -e ${o:${#o}-3:3} `tput setaf $i;tput setab $i`${y// /=}$x;done)</nowiki><br />
<br />
===Display tput escape codes===<br />
Replace 'tput op' with whatever tput you want to trace. '''op''' is the default foreground and background color.<br />
{{hc<br />
|<nowiki>$ ( strace -s5000 -e write tput op 2>&2 2>&1 ) | tee -a /dev/stderr | grep -o '"[^"]*"'</nowiki><br />
|033[\033[1;34m"\33[39;49m"\033[00m<br />
}}<br />
<br />
===Enumerating colors supported by terminals===<br />
The following command will let you discover all the terminals you have terminfo support for, and the number of colors each terminal supports. The possible values are: 8, 15, 16, 52, 64, 88 and 256.<br />
{{hc<br />
|<nowiki>$ for T in `find /usr/share/terminfo -type f -printf '%f '`;do echo "$T `tput -T $T colors`";done|sort -nk2</nowiki><br />
|Eterm-88color 88<br />
rxvt-88color 88<br />
xterm+88color 88<br />
xterm-88color 88<br />
Eterm-256color 256<br />
gnome-256color 256<br />
konsole-256color 256<br />
putty-256color 256<br />
rxvt-256color 256<br />
screen-256color 256<br />
screen-256color-bce 256<br />
screen-256color-bce-s 256<br />
screen-256color-s 256<br />
xterm+256color 256<br />
xterm-256color 256<br />
}}<br />
<br />
===Enumerating terminal capabilities===<br />
This command is useful to see what features that are supported by your terminal.<br />
{{hc<br />
|<nowiki>$ infocmp -1 | sed -nu 's/^[ \000\t]*//;s/[ \000\t]*$//;/[^ \t\000]\{1,\}/!d;/acsc/d;s/=.*,//p'|column -c80</nowiki><br />
|bel cuu ich kb2 kf15 kf3 kf44 kf59 mc0 rmso smul<br />
blink cuu1 il kbs kf16 kf30 kf45 kf6 mc4 rmul tbc<br />
bold cvvis il1 kcbt kf17 kf31 kf46 kf60 mc5 rs1 u6<br />
cbt dch ind kcub1 kf18 kf32 kf47 kf61 meml rs2 u7<br />
civis dch1 indn kcud1 kf19 kf33 kf48 kf62 memu sc u8<br />
clear dl initc kcuf1 kf2 kf34 kf49 kf63 op setab u9<br />
cnorm dl1 invis kcuu1 kf20 kf35 kf5 kf7 rc setaf vpa<br />
}}<br />
<br />
==Color scheme scripts==<br />
Any of the following scripts will display a chart of your current terminal color scheme. Handy for testing and whatnot.<br />
<br />
===Script #1===<br />
{{bc|1=<br />
#!/bin/bash<br />
#<br />
# This file echoes a bunch of color codes to the <br />
# terminal to demonstrate what's available. Each <br />
# line is the color code of one forground color,<br />
# out of 17 (default + 16 escapes), followed by a <br />
# test use of that color on all nine background <br />
# colors (default + 8 escapes).<br />
#<br />
<br />
T='gYw' # The test text<br />
<br />
echo -e "\n 40m 41m 42m 43m\<br />
44m 45m 46m 47m";<br />
<br />
for FGs in ' m' ' 1m' ' 30m' '1;30m' ' 31m' '1;31m' ' 32m' \<br />
'1;32m' ' 33m' '1;33m' ' 34m' '1;34m' ' 35m' '1;35m' \<br />
' 36m' '1;36m' ' 37m' '1;37m';<br />
do FG=${FGs// /}<br />
echo -en " $FGs \033[$FG $T "<br />
for BG in 40m 41m 42m 43m 44m 45m 46m 47m;<br />
do echo -en "$EINS \033[$FG\033[$BG $T \033[0m";<br />
done<br />
echo;<br />
done<br />
echo<br />
}}<br />
<br />
===Script #2===<br />
{{bc|1=<br />
#!/bin/bash<br />
# Original: http://frexx.de/xterm-256-notes/<br />
# http://frexx.de/xterm-256-notes/data/colortable16.sh<br />
# Modified by Aaron Griffin<br />
# and further by Kazuo Teramoto<br />
FGNAMES=(' black ' ' red ' ' green ' ' yellow' ' blue ' 'magenta' ' cyan ' ' white ')<br />
BGNAMES=('DFT' 'BLK' 'RED' 'GRN' 'YEL' 'BLU' 'MAG' 'CYN' 'WHT')<br />
<br />
echo " ┌──────────────────────────────────────────────────────────────────────────┐"<br />
for b in {0..8}; do<br />
((b>0)) && bg=$((b+39))<br />
<br />
echo -en "\033[0m ${BGNAMES[b]} │ "<br />
<br />
for f in {0..7}; do<br />
echo -en "\033[${bg}m\033[$((f+30))m ${FGNAMES[f]} "<br />
done<br />
<br />
echo -en "\033[0m │"<br />
echo -en "\033[0m\n\033[0m │ "<br />
<br />
for f in {0..7}; do<br />
echo -en "\033[${bg}m\033[1;$((f+30))m ${FGNAMES[f]} "<br />
done<br />
<br />
echo -en "\033[0m │"<br />
echo -e "\033[0m"<br />
<br />
((b<8)) &&<br />
echo " ├──────────────────────────────────────────────────────────────────────────┤"<br />
done<br />
echo " └──────────────────────────────────────────────────────────────────────────┘"<br />
}}<br />
<br />
===Script #3===<br />
{{bc|1=<br />
#!/bin/bash<br />
# Original: http://frexx.de/xterm-256-notes/<br />
# http://frexx.de/xterm-256-notes/data/colortable16.sh<br />
# Modified by Aaron Griffin<br />
# and further by Kazuo Teramoto<br />
<br />
<br />
FGNAMES=(' black ' ' red ' ' green ' ' yellow' ' blue ' 'magenta' ' cyan ' ' white ')<br />
BGNAMES=('DFT' 'BLK' 'RED' 'GRN' 'YEL' 'BLU' 'MAG' 'CYN' 'WHT')<br />
echo " ----------------------------------------------------------------------------"<br />
for b in $(seq 0 8); do<br />
if [ "$b" -gt 0 ]; then<br />
bg=$(($b+39))<br />
fi<br />
<br />
echo -en "\033[0m ${BGNAMES[$b]} : "<br />
for f in $(seq 0 7); do<br />
echo -en "\033[${bg}m\033[$(($f+30))m ${FGNAMES[$f]} "<br />
done<br />
echo -en "\033[0m :"<br />
<br />
echo -en "\033[0m\n\033[0m : "<br />
for f in $(seq 0 7); do<br />
echo -en "\033[${bg}m\033[1;$(($f+30))m ${FGNAMES[$f]} "<br />
done<br />
echo -en "\033[0m :"<br />
echo -e "\033[0m"<br />
<br />
if [ "$b" -lt 8 ]; then<br />
echo " ----------------------------------------------------------------------------"<br />
fi<br />
done<br />
echo " ----------------------------------------------------------------------------"<br />
}}<br />
<br />
===Script #4===<br />
{{bc|1=<br />
#!/usr/bin/env lua<br />
<br />
function cl(e)<br />
return string.format('\27[%sm', e)<br />
end<br />
<br />
function print_fg(bg, pre)<br />
for fg = 30,37 do<br />
fg = pre..fg<br />
io.write(cl(bg), cl(fg), string.format(' %6s ', fg), cl(0))<br />
end<br />
end<br />
<br />
for bg = 40,47 do<br />
io.write(cl(0), ' ', bg, ' ')<br />
print_fg(bg, '')<br />
io.write('\n ')<br />
print_fg(bg, '1;')<br />
io.write('\n\n')<br />
end<br />
<br />
-- Andres P<br />
}}<br />
===Script #5===<br />
{{bc|1=<br />
#!/bin/bash<br />
#<br />
# ANSI color scheme script featuring Space Invaders<br />
#<br />
# Original: http://crunchbanglinux.org/forums/post/126921/#p126921<br />
# Modified by lolilolicon<br />
#<br />
<br />
f=3 b=4<br />
for j in f b; do<br />
for i in {0..7}; do<br />
printf -v $j$i %b "\e[${!j}${i}m"<br />
done<br />
done<br />
bld=$'\e[1m'<br />
rst=$'\e[0m'<br />
<br />
cat << EOF<br />
<br />
$f1 ▀▄ ▄▀ $f2 ▄▄▄████▄▄▄ $f3 ▄██▄ $f4 ▀▄ ▄▀ $f5 ▄▄▄████▄▄▄ $f6 ▄██▄ $rst<br />
$f1 ▄█▀███▀█▄ $f2███▀▀██▀▀███ $f3▄█▀██▀█▄ $f4 ▄█▀███▀█▄ $f5███▀▀██▀▀███ $f6▄█▀██▀█▄$rst<br />
$f1█▀███████▀█ $f2▀▀███▀▀███▀▀ $f3▀█▀██▀█▀ $f4█▀███████▀█ $f5▀▀███▀▀███▀▀ $f6▀█▀██▀█▀$rst<br />
$f1▀ ▀▄▄ ▄▄▀ ▀ $f2 ▀█▄ ▀▀ ▄█▀ $f3▀▄ ▄▀ $f4▀ ▀▄▄ ▄▄▀ ▀ $f5 ▀█▄ ▀▀ ▄█▀ $f6▀▄ ▄▀$rst<br />
<br />
$bld$f1▄ ▀▄ ▄▀ ▄ $f2 ▄▄▄████▄▄▄ $f3 ▄██▄ $f4▄ ▀▄ ▄▀ ▄ $f5 ▄▄▄████▄▄▄ $f6 ▄██▄ $rst<br />
$bld$f1█▄█▀███▀█▄█ $f2███▀▀██▀▀███ $f3▄█▀██▀█▄ $f4█▄█▀███▀█▄█ $f5███▀▀██▀▀███ $f6▄█▀██▀█▄$rst<br />
$bld$f1▀█████████▀ $f2▀▀▀██▀▀██▀▀▀ $f3▀▀█▀▀█▀▀ $f4▀█████████▀ $f5▀▀▀██▀▀██▀▀▀ $f6▀▀█▀▀█▀▀$rst<br />
$bld$f1 ▄▀ ▀▄ $f2▄▄▀▀ ▀▀ ▀▀▄▄ $f3▄▀▄▀▀▄▀▄ $f4 ▄▀ ▀▄ $f5▄▄▀▀ ▀▀ ▀▀▄▄ $f6▄▀▄▀▀▄▀▄$rst<br />
<br />
<br />
$f7▌$rst<br />
<br />
$f7▌$rst<br />
<br />
$f7 ▄█▄ $rst<br />
$f7▄█████████▄$rst<br />
$f7▀▀▀▀▀▀▀▀▀▀▀$rst<br />
<br />
EOF<br />
}}<br />
<br />
==Contributed examples==<br />
Check out these links for some real world examples of X resource files, contributed by fellow community members.<br />
{{Note|{{ic|~/.Xdefaults}} has the same syntax as {{ic|~/.Xresources}}, and it is recommended that you use {{ic|~/.Xresources}} because {{ic|~/.Xdefaults}} is deprecated upstream.}}<br />
<br />
* http://dotfiles.org/~buttons/.Xdefaults<br />
* http://code.suckless.org/hg/dextra/file/513faba2591f/dolby/Xdefaults<br />
* http://github.com/stxza/arch-linux-configs/tree/master/.Xdefaults<br />
* http://github.com/jelly/dotfiles/tree/master/.Xdefaults<br />
* https://github.com/sunaku/home/blob/master/.Xdefaults<br />
<br />
==See also==<br />
* [https://engineering.purdue.edu/ECN/Support/KB/Docs/UsingTheXdefaultsFil Using the Xdefaults File] - An in-depth article on how X interprets the Xdefaults file<br />
* [http://wiki.afterstep.org/index.php?title=Rxvt-Unicode_Configuration_Tutorial Rxvt-unicode Configuration Tutorial] - lots of information for urxvt users<br />
* [http://mkaz.com/ref/xterm_colors.html Example Colors and their names] - listing of example colors and their color names for xterm and other X-applications.<br />
* [http://web.archive.org/web/20090130061234/http://phraktured.net/terminal-colors/ Color Themes] - Extensive list of terminal color themes by Phraktured.<br />
* [http://xcolors.net/ Xcolors.net] List of user-contributed terminal color themes.</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Iptables&diff=202465Iptables2012-05-21T14:36:58Z<p>Tassadar: iptables -> Iptablees</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Networking]]<br />
{{expansion}}<br />
{{i18n|Iptables}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Information regarding the setup and configuration of iptables.}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Firewalls}}<br />
{{Article summary wiki|Sysctl#TCP/IP stack hardening}}<br />
{{Article summary end}}<br />
<br />
Iptables is a powerful [[firewall]] built into the Linux kernel and is part of the [[Wikipedia:Netfilter|netfilter]] project. It can be configured directly, or by using one of the many [[Firewalls#iptables_front-ends|frontends]] and [[Firewall#iptables_GUIs|GUIs]]. iptables is used for [[Wikipedia:Ipv4|ipv4]] and ip6tables is used for [[Wikipedia:Ipv6|ipv6]].<br />
<br />
== Installation ==<br />
<br />
{{Note|Your kernel needs to be compiled with iptables support. All stock Arch Linux kernels have iptables support.}}<br />
<br />
First, [[pacman|install]] the userland utilities, which are provided by the package {{Pkg|iptables}} in the [[Official Repositories|official repositories]].<br />
<br />
Next, add {{ic|iptables}} to the [[daemon|DAEMONS array]] in {{ic|/etc/[[rc.conf]]}} to have it load your settings on boot:<br />
<br />
{{hc|/etc/rc.conf|2=<br />
...<br />
<br />
DAEMONS=(... '''iptables''' network ...)<br />
}}<br />
<br />
== Basic concepts ==<br />
<br />
=== tables ===<br />
<br />
iptables contains four tables: raw, filter, nat and mangle.<br />
<br />
=== chains ===<br />
{{expansion}}<br />
Chains are used to specify rulesets. A packet begins at the top of a chain and progresses downwards until it hits a rule. There are three built-in chains: {{ic|INPUT}}, {{ic|OUTPUT}} and {{ic|FORWARD}}. All outbound, locally-generated traffic passes through the {{ic|OUTPUT}} chain, all inbound traffic addressed to the machine itself passes through the {{ic|INPUT}} chain, and all routed traffic which should not be delivered locally passes through the {{ic|FORWARD}} chain. The three built-in chains have default targets which are used if no rules are hit. User-defined chains can be added to make rulesets more efficient.<br />
<br />
=== targets ===<br />
<br />
A "target" is the result that occurs when a packet hits a rule. Targets are specified using "jump" (-j). The most common targets are ACCEPT, DROP, REJECT and LOG.<br />
<br />
=== modules ===<br />
<br />
There are many modules which can be used to extend iptables such as connlimit, conntrack, limit and recent. These modules add extra functionality to allow complex filtering rules.<br />
<br />
== Configuration ==<br />
<br />
=== From the command line ===<br />
<br />
You can check the current ruleset and the number of hits per rule by using the command:<br />
<br />
{{hc|# iptables -nvL|Chain INPUT (policy ACCEPT 0 packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination <br />
<br />
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination <br />
<br />
Chain OUTPUT (policy ACCEPT 0K packets, 0 bytes)<br />
pkts bytes target prot opt in out source destination}}<br />
<br />
If the output looks like the above, then there are no rules.<br />
<br />
You can flush and reset iptables to default using these commands:<br />
<br />
# iptables -P INPUT ACCEPT<br />
# iptables -P FORWARD ACCEPT<br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F<br />
# iptables -X<br />
<br />
=== Configuration file ===<br />
<br />
The configuration file at {{ic|/etc/conf.d/iptables}} points to the location of the configuration file. The ruleset is loaded when the daemon is started.<br />
<br />
{{hc|/etc/conf.d/iptables|2=# Configuration for iptables rules<br />
IPTABLES_CONF=/etc/iptables/iptables.rules<br />
IP6TABLES_CONF=/etc/iptables/ip6tables.rules<br />
<br />
# Enable IP forwarding (both IPv4 and IPv6)<br />
# NOTE: this is not the recommended way to do this, and is supported only for<br />
# backward compatibility. Instead, use /etc/sysctl.conf and set the following<br />
# options:<br />
# * net.ipv4.ip_forward=1<br />
# * net.ipv6.conf.default.forwarding=1<br />
# * net.ipv6.conf.all.forwarding=1<br />
#IPTABLES_FORWARD=0}}<br />
<br />
To save the current ruleset, use this command:<br />
<br />
# rc.d save iptables<br />
<br />
To load the ruleset, use this command:<br />
<br />
# rc.d restart iptables<br />
<br />
=== Saving counters ===<br />
<br />
You can also, optionally, save byte and packet counters. To accomplish this, edit {{ic|/etc/rc.d/iptables}}<br />
<br />
In the '''save)''' section, change the line:<br />
/usr/sbin/iptables-save > $IPTABLES_CONF<br />
to <br />
/usr/sbin/iptables-save -c > $IPTABLES_CONF<br />
In the '''stop)''' section, add the following to save before stopping:<br />
stop)<br />
$0 save<br />
sleep 2<br />
In the '''start)''' section, change the line:<br />
/usr/sbin/iptables-restore < $IPTABLES_CONF<br />
to <br />
/usr/sbin/iptables-restore -c < $IPTABLES_CONF<br />
and save the file<br />
<br />
=== Guides ===<br />
<br />
*[[Simple stateful firewall]]<br />
*[[Router]]<br />
<br />
== Logging ==<br />
<br />
The LOG target can be used to log packets that hit a rule. Unlike other targets like ACCEPT or DROP, the packet will continue moving through the chain after hitting a LOG target. This means that in order to enable logging for all dropped packets, you would have to add a duplicate LOG rule before each DROP rule. Since this reduces efficiency and makes things less simple, a LOGDROP chain can be created instead.<br />
<br />
## /etc/iptables/iptables.rules<br />
<br />
*filter<br />
:INPUT DROP [0:0]<br />
:FORWARD DROP [0:0]<br />
:OUTPUT ACCEPT [0:0]<br />
<br />
... other user defined chains ..<br />
<br />
## LOGDROP chain<br />
:LOGDROP - [0:0]<br />
<br />
-A LOGDROP -m limit --limit 5/m --limit-burst 10 -j LOG<br />
-A LOGDROP -j DROP<br />
<br />
... rules ...<br />
<br />
## log AND drop packets that hit this rule:<br />
-A INPUT -m state --state INVALID -j LOGDROP<br />
<br />
... more rules ...<br />
<br />
=== Limiting log rate ===<br />
<br />
The limit module should be used to prevent your iptables log from growing too large or causing needless hard drive writes. Without limiting, an attacker could fill your drive (or at least your {{ic|/var}} partition) by causing writes to the iptables log.<br />
<br />
'''-m limit''' is used to call on the limit module. You can then use --limit to set an average rate and --limit-burst to set an initial burst rate. Example:<br />
<br />
-A LOGDROP -m limit --limit 5/m --limit-burst 10 -j LOG<br />
<br />
This appends a rule to the LOGDROP chain which will log all packets that pass through it. The first 10 packets will the be logged, and from then on only 5 packets per minute will be logged. The "limit burst" is restored by one every time the "limit rate" is not broken.<br />
<br />
=== syslog-ng ===<br />
<br />
Assuming you are using [[syslog-ng]] which is the default in Archlinux, you can control where iptables' log output goes this way:<br />
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };<br />
to<br />
filter f_everything { level(debug..emerg) and not facility(auth, authpriv) and not filter(f_iptables); };<br />
<br />
This will stop logging iptables output to {{ic|/var/log/everything.log}}.<br />
<br />
If you also want iptables to log to a different file than {{ic|/var/log/iptables.log}}, you can simply change the file value of destination d_iptables here (still in {{ic|syslog-ng.conf}})<br />
destination d_iptables { file("/var/log/iptables.log"); };<br />
<br />
=== ulogd ===<br />
<br />
[http://www.netfilter.org/projects/ulogd/index.html ulogd] is a specialized userspace packet logging daemon for netfilter that can replace the default LOG target. The package {{Pkg|ulogd}} is available in the {{ic|[community]}} reopository.<br />
<br />
== See also ==<br />
{{Wikipedia|iptables}}<br />
* [http://www.netfilter.org/projects/iptables/index.html Official Iptables Website]<br />
* [http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html Iptables Tutorial 1.2.2] by Oskar Andreasson</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Git&diff=178194Git2012-01-13T13:32:50Z<p>Tassadar: /* Git Prompt */ add note about bash completion</p>
<hr />
<div>[[Category: Development (English)]]<br />
{{i18n|Git}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary wiki|Cgit}}<br />
{{Article summary wiki|Subversion}}<br />
{{Article summary wiki|Concurrent Versions System}}<br />
{{Article summary link|github|http://github.com/}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is extensive documentation, including guides and tutorials, available from the [http://git-scm.com/documentation official web site].<br />
<br />
==Installation==<br />
{{Package Official|git}} can be installed with [[pacman]] from the [extra] repository. If you care about using Git with other VCS software, mail servers, or using Git's GUI pay close attention to the optional dependencies.<br />
<br />
Bash completion (e.g. hitting tab to complete commands you are typing) should work if you:<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{Ic|gitk}} or {{Ic|git gui}}) you should install the {{Package Official|tk}} package or you will get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
== Configuration ==<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used as a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{Ic|<nowiki>editor = nano -w</nowiki>}} to the {{Ic|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
$ git config --global --list<br />
<br />
==Cheatsheet==<br />
Parts from everywhere, much from the wonderful tutorial here: http://schacon.github.com/git/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone <nowiki>http://archlinux.org/~james/projects/network.git</nowiki><br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit IDs (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set [[nano]] as default editor<br />
git config --global core.editor "nano -w"<br />
<br />
==Git Prompt==<br />
Git package comes with a bash completion file. This file, also contains the necessary functions to provide git information on your bash or zsh shell prompt. To enable it add {{Ic|$(__git_ps1 " (%s)")}} to you PS1 variable.<br />
* For bash:<br />
PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '<br />
* For zsh:<br />
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '<br />
<br />
The {{Ic|%s}} is replaced by the current branch name. The git information is displayed only if you are navigating in a git repository. You can enable extra information by setting and exporting certain variables to a non-empty value as shown in the following table:<br />
<br />
{| border="1"<br />
|+<br />
! Variable !! Information<br />
|-<br />
| GIT_PS1_SHOWDIRTYSTATE || '''*''' for unstaged and '''+''' for staged changes<br />
|-<br />
| GIT_PS1_SHOWSTASHSTATE || '''$''' if something is stashed<br />
|-<br />
| GIT_PS1_SHOWUNTRACKEDFILES || '''%''' if there are untracked files<br />
|}<br />
<br />
In addition you can set the {{Ic|GIT_PS1_SHOWUPSTREAM}} variable to {{Ic|"auto"}} in order to see {{Ic|'''<'''}} if you are behind upstream, {{Ic|'''>'''}} if you are ahead and {{Ic|'''<>'''}} if you have diverged.<br />
<br />
{{Note|If you don't use bash completion consider sourcing '''''/usr/share/git/completion/git-completion.bash''''' in your '''.bashrc'''/'''.zshrc'''}}<br />
<br />
==Transfer Protocols==<br />
===Smart HTTP===<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it is not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at {{filename|/etc/httpd/conf/httpd.conf}}:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at {{filename|/srv/git}} and that you want to access them via something like <nowiki>http(s)://your_address.tld/git/your_repo.git</nowiki>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
===Git SSH===<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in {{filename|~/.ssh}}) and copy its content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
<pre style='overflow:auto'><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
</pre><br />
Now you can checkout your git repo this way (change where needed. Here it is using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
===GIT Daemon===<br />
{{Note|The git daemon only allows read access. For write access see [[#Git SSH]].}}<br />
This will allow URLs like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon {{filename|/etc/conf.d/git-daemon.conf}} (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
# /etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append {{Ic|git-daemon}} to {{Ic|DAEMONS}} line in [[rc.conf]].<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git<br />
<br />
=== GIT repositories rights ===<br />
To restrict read/write access, you can simply use Unix rights, see http://sitaramc.github.com/gitolite/doc/overkill.html<br />
<br />
For a fine-grained rights access, see [[gitolite]] and [[gitosis]]<br />
<br />
==References==<br />
* http://www.kernel.org/pub/software/scm/git/docs/<br />
* http://book.git-scm.com/index.html<br />
* http://gitref.org/<br />
* http://help.github.com/</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Git&diff=178192Git2012-01-13T13:23:26Z<p>Tassadar: add cgit page to section "related"</p>
<hr />
<div>[[Category: Development (English)]]<br />
{{i18n|Git}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary wiki|Cgit}}<br />
{{Article summary wiki|Subversion}}<br />
{{Article summary wiki|Concurrent Versions System}}<br />
{{Article summary link|github|http://github.com/}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is extensive documentation, including guides and tutorials, available from the [http://git-scm.com/documentation official web site].<br />
<br />
==Installation==<br />
{{Package Official|git}} can be installed with [[pacman]] from the [extra] repository. If you care about using Git with other VCS software, mail servers, or using Git's GUI pay close attention to the optional dependencies.<br />
<br />
Bash completion (e.g. hitting tab to complete commands you are typing) should work if you:<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{Ic|gitk}} or {{Ic|git gui}}) you should install the {{Package Official|tk}} package or you will get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
== Configuration ==<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used as a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{Ic|<nowiki>editor = nano -w</nowiki>}} to the {{Ic|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
$ git config --global --list<br />
<br />
==Cheatsheet==<br />
Parts from everywhere, much from the wonderful tutorial here: http://schacon.github.com/git/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone <nowiki>http://archlinux.org/~james/projects/network.git</nowiki><br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit IDs (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set [[nano]] as default editor<br />
git config --global core.editor "nano -w"<br />
<br />
==Git Prompt==<br />
Git package comes with a bash completion file. This file, also contains the necessary functions to provide git information on your bash or zsh shell prompt. To enable it add {{Ic|$(__git_ps1 " (%s)")}} to you PS1 variable.<br />
* For bash:<br />
PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '<br />
* For zsh:<br />
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '<br />
<br />
The {{Ic|%s}} is replaced by the current branch name. The git information is displayed only if you are navigating in a git repository. You can enable extra information by setting and exporting certain variables to a non-empty value as shown in the following table:<br />
<br />
{| border="1"<br />
|+<br />
! Variable !! Information<br />
|-<br />
| GIT_PS1_SHOWDIRTYSTATE || '''*''' for unstaged and '''+''' for staged changes<br />
|-<br />
| GIT_PS1_SHOWSTASHSTATE || '''$''' if something is stashed<br />
|-<br />
| GIT_PS1_SHOWUNTRACKEDFILES || '''%''' if there are untracked files<br />
|}<br />
<br />
In addition you can set the {{Ic|GIT_PS1_SHOWUPSTREAM}} variable to {{Ic|"auto"}} in order to see {{Ic|'''<'''}} if you are behind upstream, {{Ic|'''>'''}} if you are ahead and {{Ic|'''<>'''}} if you have diverged.<br />
<br />
==Transfer Protocols==<br />
===Smart HTTP===<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it is not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at {{filename|/etc/httpd/conf/httpd.conf}}:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at {{filename|/srv/git}} and that you want to access them via something like <nowiki>http(s)://your_address.tld/git/your_repo.git</nowiki>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
===Git SSH===<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in {{filename|~/.ssh}}) and copy its content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
<pre style='overflow:auto'><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
</pre><br />
Now you can checkout your git repo this way (change where needed. Here it is using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
===GIT Daemon===<br />
{{Note|The git daemon only allows read access. For write access see [[#Git SSH]].}}<br />
This will allow URLs like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon {{filename|/etc/conf.d/git-daemon.conf}} (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
# /etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append {{Ic|git-daemon}} to {{Ic|DAEMONS}} line in [[rc.conf]].<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git<br />
<br />
=== GIT repositories rights ===<br />
To restrict read/write access, you can simply use Unix rights, see http://sitaramc.github.com/gitolite/doc/overkill.html<br />
<br />
For a fine-grained rights access, see [[gitolite]] and [[gitosis]]<br />
<br />
==References==<br />
* http://www.kernel.org/pub/software/scm/git/docs/<br />
* http://book.git-scm.com/index.html<br />
* http://gitref.org/<br />
* http://help.github.com/</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Git&diff=177978Git2012-01-12T11:02:36Z<p>Tassadar: /* Git Prompt */</p>
<hr />
<div>[[Category: Development (English)]]<br />
{{i18n|Git}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary wiki|Subversion}}<br />
{{Article summary wiki|Concurrent Versions System}}<br />
{{Article summary link|github|http://github.com/}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is extensive documentation, including guides and tutorials, available from the [http://git-scm.com/documentation official web site].<br />
<br />
==Installation==<br />
{{Package Official|git}} can be installed with [[pacman]] from the [extra] repository. If you care about using Git with other VCS software, mail servers, or using Git's GUI pay close attention to the optional dependencies.<br />
<br />
Bash completion (e.g. hitting tab to complete commands you are typing) should work if you:<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{Ic|gitk}} or {{Ic|git gui}}) you should install the {{Package Official|tk}} package or you will get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
== Configuration ==<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used as a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{Ic|<nowiki>editor = nano -w</nowiki>}} to the {{Ic|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
$ git config --global --list<br />
<br />
==Cheatsheet==<br />
Parts from everywhere, much from the wonderful tutorial here: http://schacon.github.com/git/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone <nowiki>http://archlinux.org/~james/projects/network.git</nowiki><br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit IDs (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set [[nano]] as default editor<br />
git config --global core.editor "nano -w"<br />
<br />
==Git Prompt==<br />
Git package comes with a bash completion file. This file, also contains the necessary functions to provide git information on your bash or zsh shell prompt. To enable it add {{Ic|$(__git_ps1 " (%s)")}} to you PS1 variable.<br />
* For bash:<br />
PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '<br />
* For zsh:<br />
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '<br />
<br />
The {{Ic|%s}} is replaced by the current branch name. The git information is displayed only if you are navigating in a git repository. You can enable extra information by setting and exporting certain variables to a non-empty value as shown in the following table:<br />
<br />
{| border="1"<br />
|+<br />
! Variable !! Information<br />
|-<br />
| GIT_PS1_SHOWDIRTYSTATE || '''*''' for unstaged and '''+''' for staged changes<br />
|-<br />
| GIT_PS1_SHOWSTASHSTATE || '''$''' if something is stashed<br />
|-<br />
| GIT_PS1_SHOWUNTRACKEDFILES || '''%''' if there are untracked files<br />
|}<br />
<br />
In addition you can set the {{Ic|GIT_PS1_SHOWUPSTREAM}} variable to {{Ic|"auto"}} in order to see {{Ic|'''<'''}} if you are behind upstream, {{Ic|'''>'''}} if you are ahead and {{Ic|'''<>'''}} if you have diverged.<br />
<br />
==Transfer Protocols==<br />
===Smart HTTP===<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it is not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at {{filename|/etc/httpd/conf/httpd.conf}}:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at {{filename|/srv/git}} and that you want to access them via something like <nowiki>http(s)://your_address.tld/git/your_repo.git</nowiki>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
===Git SSH===<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in {{filename|~/.ssh}}) and copy its content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
<pre style='overflow:auto'><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
</pre><br />
Now you can checkout your git repo this way (change where needed. Here it is using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
===GIT Daemon===<br />
{{Note|The git daemon only allows read access. For write access see [[#Git SSH]].}}<br />
This will allow URLs like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon {{filename|/etc/conf.d/git-daemon.conf}} (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
# /etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append {{Ic|git-daemon}} to {{Ic|DAEMONS}} line in [[rc.conf]].<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git<br />
<br />
=== GIT repositories rights ===<br />
To restrict read/write access, you can simply use Unix rights, see http://sitaramc.github.com/gitolite/doc/overkill.html<br />
<br />
For a fine-grained rights access, see [[gitolite]] and [[gitosis]]<br />
<br />
==References==<br />
* http://www.kernel.org/pub/software/scm/git/docs/<br />
* http://book.git-scm.com/index.html<br />
* http://gitref.org/<br />
* http://help.github.com/</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Git&diff=177977Git2012-01-12T11:00:06Z<p>Tassadar: </p>
<hr />
<div>[[Category: Development (English)]]<br />
{{i18n|Git}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Installing and using the Git VCS}}<br />
{{Article summary heading|Related}}<br />
{{Article summary wiki|Super Quick Git Guide}}: Generally about contributing to pacman, although it still serves as a practical Git tutorial<br />
{{Article summary wiki|Gitweb}}<br />
{{Article summary wiki|Subversion}}<br />
{{Article summary wiki|Concurrent Versions System}}<br />
{{Article summary link|github|http://github.com/}}<br />
{{Article summary end}}<br />
<br />
[http://git-scm.com/ Git] is the version control system (VCS) coded by Linus Torvalds (the creator of the Linux kernel) after being criticized for using the proprietary BitKeeper with the Linux kernel. Git is now used to maintain sources for the Linux kernel as well as thousands of other projects, including [[Pacman]], Arch's package manager.<br />
<br />
There is extensive documentation, including guides and tutorials, available from the [http://git-scm.com/documentation official web site].<br />
<br />
==Installation==<br />
{{Package Official|git}} can be installed with [[pacman]] from the [extra] repository. If you care about using Git with other VCS software, mail servers, or using Git's GUI pay close attention to the optional dependencies.<br />
<br />
Bash completion (e.g. hitting tab to complete commands you are typing) should work if you:<br />
source /usr/share/git/completion/git-completion.bash<br />
Alternatively, you can install the {{Package Official|bash-completion}} package to load the completions automatically for new shells.<br />
<br />
If you want to use Git's built-in GUI (eg. {{Ic|gitk}} or {{Ic|git gui}}) you should install the {{Package Official|tk}} package or you will get a rather cryptic message:<br />
/usr/bin/gitk: line 3: exec: wish: not found.<br />
<br />
== Configuration ==<br />
Git reads its configuration from a few INI type configuration files. In each git repository {{filename|.git/config}} is used for configuration options specific to that repository. Per-user ("global") configuration in {{filename|$HOME/.gitconfig}} is used as a fall-back from the repository configuration. You can edit the files directly but the preferred method is to use the git-config utility. For example,<br />
$ git config --global core.editor "nano -w"<br />
adds {{Ic|<nowiki>editor = nano -w</nowiki>}} to the {{Ic|<nowiki>[core]</nowiki>}} section of your {{filename|~/.gitconfig}} file.<br />
<br />
The [http://www.kernel.org/pub/software/scm/git/docs/git-config.html man page for the git-config] utility has a fairly long list of variables which can be set.<br />
<br />
Here are some more basic configurations you will probably want:<br />
$ git config --global user.name "Firstname Lastname"<br />
$ git config --global user.email "your_email@youremail.com"<br />
$ git config --global color.ui true<br />
$ git config --global --list<br />
<br />
==Cheatsheet==<br />
Parts from everywhere, much from the wonderful tutorial here: http://schacon.github.com/git/gittutorial.html<br />
<br />
Additionally see [[Super Quick Git Guide]].<br />
<br />
Pull the network scripts with<br />
git clone <nowiki>http://archlinux.org/~james/projects/network.git</nowiki><br />
Update an existing clone<br />
git pull origin<br />
Commit changes<br />
git commit -a -m "changelog message"<br />
To create a new branch<br />
git branch somebranch<br />
Change to a different branch<br />
git checkout differentbranch<br />
Merge a branch to current active branch<br />
git merge somebranch<br />
Delete a branch<br />
git branch -d somebranch<br />
Push a local branch or tag to a remote repository<br />
git push REMOTENAME BRANCHNAME<br />
Delete a branch or tag in a remote repository<br />
git push REMOTENAME :BRANCHNAME<br />
Diff between two branches<br />
git diff master..somebranch<br />
Diff between two commit IDs (found in git log)<br />
git diff e9780c7cba2855350e914fde227a79bb63c1351d..8b014e40346b38b3b9bfc41359b4e8a68e804c0d<br />
Diff between the last two commits<br />
git diff HEAD^ HEAD<br />
Patchset between two branches (follows same syntax as git diff afaik)<br />
git format-patch master..somebranch<br />
Or better: http://wiki.winehq.org/GitWine#head-f7a29e7ed999b5924748a60c5a1cd4a019032d26<br />
git format-patch -o out origin<br />
Set [[nano]] as default editor<br />
git config --global core.editor "nano -w"<br />
<br />
==Git Prompt==<br />
Git package comes with a bash completion file. This file, also contains the necessary functions to provide git information on your bash or zsh shell prompt. To enable it add {{Ic|$(__git_ps1 " (%s)")}} to you PS1 variable.<br />
* For bash:<br />
PS1='[\u@\h \W$(__git_ps1 " (%s)")]\$ '<br />
* For zsh:<br />
PS1='[%n@%m %c$(__git_ps1 " (%s)")]\$ '<br />
<br />
The {{Ic|%s}} is replaced by the current branch name. The git information is displayed only if you are navigating in a git repository. You can enable extra information by setting and exporting certain variables to a non-empty value as shown in the following table:<br />
<br />
{| border="1"<br />
|+<br />
! Variable !! Information<br />
|-<br />
| GIT_PS1_SHOWDIRTYSTATE || '''*''' for staged and '''+''' for unstaged changes<br />
|-<br />
| GIT_PS1_SHOWSTASHSTATE || '''$''' if something is stashed<br />
|-<br />
| GIT_PS1_SHOWUNTRACKEDFILES || '''%''' if there are untracked files<br />
|}<br />
<br />
In addition you can set the {{Ic|GIT_PS1_SHOWUPSTREAM}} variable to {{Ic|"auto"}} in order to see {{Ic|'''<'''}} if you are behind upstream, {{Ic|'''>'''}} if you are ahead and {{Ic|'''<>'''}} if you have diverged.<br />
<br />
==Transfer Protocols==<br />
===Smart HTTP===<br />
Since version 1.6.6 git is able to use the HTTP(S) protocol as efficiently as SSH or GIT by utilizing the git-http-backend. Furthermore it is not only possible to clone or pull from repositories, but also to push into repositories over HTTP(S).<br />
<br />
The setup for this is rather simple as all you need to have installed is the Apache webserver (with mod_cgi, mod_alias, and mod_env enabled) and of course, git:<br />
# pacman -S apache git<br />
<br />
Once you have your basic setup up and running, add the following to your Apache's config usually located at {{filename|/etc/httpd/conf/httpd.conf}}:<br />
<Directory "/usr/lib/git-core*"><br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
<br />
SetEnv GIT_PROJECT_ROOT /srv/git<br />
SetEnv GIT_HTTP_EXPORT_ALL<br />
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/<br />
<br />
The above example config assumes that your git repositories are located at {{filename|/srv/git}} and that you want to access them via something like <nowiki>http(s)://your_address.tld/git/your_repo.git</nowiki>. Feel free to customize this to your needs.<br />
<br />
{{Note|Of course you have to make sure that your Apache can read and write (if you want to enable push access) on your git repositories.}}<br />
<br />
For more detailed documentation, visit the following links:<br />
* http://progit.org/2010/03/04/smart-http.html<br />
* http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html<br />
<br />
===Git SSH===<br />
You first need to have a public SSH key. For that follow the guide at [[Using SSH Keys]]. To setup SSH itself you need to follow the [[SSH]] guide. I assume you have a public SSH key now and your SSH is working.<br />
Open your SSH key in your favorite editor (default public key name is id_rsa.pub and is located in {{filename|~/.ssh}}) and copy its content (CTRL + C).<br />
Now go to your user where you have made your git repository, since we now need to allow that SSH key to login on that user to access the GIT repository.<br />
Open this file in your favorite editor (i use nano)<br />
nano ~/.ssh/authorized_keys<br />
and paste the contents of id_rsa.pub in it. Be sure it is all on one line! That is important! It should look somewhat like this:<br />
{{Warning|Do not copy the line below! It is an example! It will not work if you use that line!}}<br />
<pre style='overflow:auto'><br />
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCboOH6AotCh4OcwJgsB4AtXzDo9Gzhl+BAHuEvnDRHNSYIURqGN4CrP+b5Bx/iLrRFOBv58TcZz1jyJ2PaGwT74kvVOe9JCCdgw4nSMBV44cy+6cTJiv6f1tw8pHRS2H6nHC9SCSAWkMX4rpiSQ0wkhjug+GtBWOXDaotIzrFwLw== username@hostname<br />
</pre><br />
Now you can checkout your git repo this way (change where needed. Here it is using the git username and localhost):<br />
git clone git@localhost:my_repository.git<br />
You should now get an SSH yes/no question. Type yes followed by enter. Then you should have your repository checked out. Since this is with SSH you also do have commit rights now. For that look at [[Git]] and [[Super Quick Git Guide]].<br />
<br />
===GIT Daemon===<br />
{{Note|The git daemon only allows read access. For write access see [[#Git SSH]].}}<br />
This will allow URLs like "git clone git://localhost/my_repository.git".<br />
<br />
Edit configuration file for git-dameon {{filename|/etc/conf.d/git-daemon.conf}} (GIT_REPO is a place with your git projects), then start git-daemon with root privileges:<br />
# /etc/rc.d/git-daemon start<br />
<br />
To run the git-daemon every time at boot, just append {{Ic|git-daemon}} to {{Ic|DAEMONS}} line in [[rc.conf]].<br />
<br />
Clients can now simply use:<br />
git clone git://localhost/my_repository.git<br />
<br />
=== GIT repositories rights ===<br />
To restrict read/write access, you can simply use Unix rights, see http://sitaramc.github.com/gitolite/doc/overkill.html<br />
<br />
For a fine-grained rights access, see [[gitolite]] and [[gitosis]]<br />
<br />
==References==<br />
* http://www.kernel.org/pub/software/scm/git/docs/<br />
* http://book.git-scm.com/index.html<br />
* http://gitref.org/<br />
* http://help.github.com/</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Microcode&diff=177805Microcode2012-01-11T07:06:16Z<p>Tassadar: /* How to tell if a microcode update is needed */ rebooting is not necessary</p>
<hr />
<div>[[Category:CPU (English)]]<br />
{{i18n|Microcode}}<br />
<br />
==What is a Microcode update==<br />
<br />
[[Wikipedia:Microcode|Processor microcode]] is akin to processor firmware. Linux is unique in that the kernel is able to update the processor's firmware without the need to update it via a BIOS update. From the [http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=19342&ProdId=3008&lang=eng Intel's website]:<br />
<br />
"The microcode data file contains the latest microcode definitions for all Intel processors. Intel releases microcode updates to correct processor behavior as documented in the respective processor specification updates. While the regular approach to getting this microcode update is via a BIOS upgrade, Intel realizes that this can be an administrative hassle. The Linux Operating System and VMware ESX products have a mechanism to update the microcode after booting. For example, this file will be used by the operating system mechanism if the file is placed in the /etc/firmware directory of the Linux system."<br />
<br />
{{Note|Arch Linux does not use /etc/firmware to process the update.}}<br />
<br />
==Updating microcode==<br />
<br />
Install either {{Pkg|intel-ucode}} OR {{Pkg|amd-ucode}}, depending on your processor vendor, and add {{ic|microcode}} to the MODULES array in {{Filename|/etc/rc.conf}}<br />
<br />
Reboot your machine and then execute:<br />
<br />
# dmesg | grep microcode<br />
<br />
The output of this command should indicate the current version of your processor's microcode and whether any additional update was applied to it.<br />
<br />
{{Note|Microcode updates via software are not persistent. In other words, one needs to apply them at each boot which is why it is placed in the MODULES array.}}<br />
<br />
{{Note|If you were a previous user of the {{ic|microcode_ctl}} package, remove {{ic|microcode}} from the DAEMONS array in {{Filename|/etc/rc.conf}}. {{ic|microcode_ctl}} is no longer in Arch's repositories.}}<br />
<br />
==How to tell if a microcode update is needed==<br />
<br />
The best way to tell is to download and install the appropriate microcode update. First load the microcode module using modprobe.<br />
<pre><br />
# modprobe microcode<br />
</pre><br />
Then inspect dmesg, if it reports that an update was applied, the microcode in the BIOS of your motherboard predates the one in either {{Pkg|intel-ucode}} or {{Pkg|amd-ucode}}. Users should therefore use the microcode update!<br />
<br />
Examples, note that in each case, the BIOS on the motherboard is the latest version from each respective vendor:<br />
<br />
Intel X3360:<br />
<br />
<pre>microcode: CPU0 sig=0x10677, pf=0x10, revision=0x705<br />
microcode: CPU1 sig=0x10677, pf=0x10, revision=0x705<br />
microcode: CPU2 sig=0x10677, pf=0x10, revision=0x705<br />
microcode: CPU3 sig=0x10677, pf=0x10, revision=0x705<br />
microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba<br />
microcode: CPU0 updated to revision 0x70a, date = 2010-09-29<br />
microcode: CPU1 updated to revision 0x70a, date = 2010-09-29<br />
microcode: CPU2 updated to revision 0x70a, date = 2010-09-29<br />
microcode: CPU3 updated to revision 0x70a, date = 2010-09-29</pre><br />
<br />
Intel E5200:<br />
<pre>microcode: CPU0 sig=0x1067a, pf=0x1, revision=0xa07<br />
microcode: CPU1 sig=0x1067a, pf=0x1, revision=0xa07<br />
microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba<br />
microcode: CPU0 updated to revision 0xa0b, date = 2010-09-28<br />
microcode: CPU1 updated to revision 0xa0b, date = 2010-09-28</pre><br />
<br />
Intel Atom 330:<br />
<pre>microcode: CPU0 sig=0x106c2, pf=0x8, revision=0x20d<br />
microcode: CPU1 sig=0x106c2, pf=0x8, revision=0x20d<br />
microcode: CPU2 sig=0x106c2, pf=0x8, revision=0x20d<br />
microcode: CPU3 sig=0x106c2, pf=0x8, revision=0x20d<br />
microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba<br />
microcode: CPU0 updated to revision 0x219, date = 2009-04-10<br />
microcode: CPU1 updated to revision 0x219, date = 2009-04-10<br />
microcode: CPU2 updated to revision 0x219, date = 2009-04-10<br />
microcode: CPU3 updated to revision 0x219, date = 2009-04-10</pre><br />
<br />
It is believed that the date returned corresponds to the date that Intel implemented a microcode update. This date does not correspond to the version of the the microcode database included in the package!<br />
<br />
==Which CPUs accept microcode updates==<br />
<br />
According to [http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=19611&ProdId=2774&lang=eng Intel's download center], the following CPUs support microcode updates:<br />
<br />
*Intel® Celeron® Processor Family<br />
*Mobile Intel® Celeron® Processors<br />
*Intel® Pentium® 4 Processors<br />
*Intel® Xeon® Processor<br />
*Mobile Intel® Pentium® 4 Processors - M<br />
*Intel® Pentium® M Processor<br />
*Intel® Pentium® 4 Processor Extreme Edition<br />
*Intel® Pentium® Processor Extreme Edition<br />
*Intel® Pentium® D Processor<br />
*Intel® Core™ Duo Processor<br />
*Intel® Core™ Solo processor<br />
*Intel® Xeon® Processor 5000 Sequence<br />
*Intel® Core™2 Duo Desktop Processor<br />
*Intel® Core™2 Extreme Processor<br />
*Intel® Core™2 Duo Mobile Processor<br />
*Intel® Xeon® Processor 7000 Sequence<br />
*Intel® Xeon® Processor 3000 Sequence<br />
*Intel® Core™2 Quad Processor<br />
*Intel® Pentium® Processor for Desktop<br />
*Intel® Pentium® Processor for Mobile<br />
*Intel® Core™2 Solo Processor<br />
*Intel® Core™2 Extreme Mobile Processor<br />
*Intel® Atom™ Processor<br />
*Intel® Core™2 Quad Mobile Processor<br />
*Intel® Core™ i7 Processor<br />
*Intel® Core™ i7 Processor Extreme Edition<br />
*Intel® Core™ i5 Processor<br />
*Intel® Core™ i7 Mobile Processor<br />
*Intel® Core™ i7 Mobile Processor Extreme Edition<br />
*Intel® Core™ i3 Mobile Processor<br />
*Intel® Core™ i5 Mobile Processor<br />
*Intel® Core™ i3 Desktop Processor<br />
*Intel® Xeon® Processor 6000 Sequence</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Syslinux&diff=174189Syslinux2011-12-14T14:20:59Z<p>Tassadar: /* Basic Syslinux Config */ update basic example showing entries with UUID</p>
<hr />
<div>[[Category:Boot loaders (English)]]<br />
{{i18n|Syslinux}}<br />
<br />
{{Article summary start}}<br />
{{Article summary text|Describes installing and configuring Syslinux, a collection of bootloaders.}}<br />
{{Article summary heading|Overview}}<br />
{{Article summary text|{{Boot process overview}}}}<br />
{{Article summary end}}<br />
<br />
Syslinux is a collection of boot loaders capable of booting from hard drives, CDs and over the network via PXE. It supports the fat, ext2, ext3, ext4 and btrfs file systems.<br />
<br />
{{Note|Since Syslinux 4, Extlinux and Syslinux are the same thing.}} <br />
<br />
== Syslinux Boot Process ==<br />
At boot, the computer loads the [[MBR]] ({{Filename|/usr/lib/syslinux/mbr.bin}}). Then the MBR looks for the partition that is marked as active (boot flag). Once found, the volume boot record (VBR) will be executed. In the case of ext2/3/4 and fat12/16/32, the starting sector of {{Filename|ldlinux.sys}} is hard-coded into the VBR. The VBR will execute ({{Filename|ldlinux.sys}}). Therefore, if the location of {{Filename|ldlinux.sys}} changes, syslinux will no longer boot. In the case of btrfs, the above method will not work since files move around resulting in the sector location of {{Filename|ldlinux.sys}} changing. Therefore, the entire Syslinux code needs to be stored outside the filesystem. The code is stored in the sectors following the VBR. Once Syslinux is fully loaded, it looks for a configuration file, either {{Filename|extlinux.conf}} or {{Filename|syslinux.cfg}}. If one is found, the configuration file is loaded. If no configuration file is found you will be given a syslinux prompt.<br />
<br />
==Installation==<br />
===Automatic Install - syslinux===<br />
The syslinux-install_update script will install Syslinux, copy COM32 modules to {{Filename|/boot/syslinux}}, set the boot flag and install the MBR. It can handle MBR and GPT disks along with softraid.<br />
<br />
1. Install Syslinux<br />
pacman -S syslinux<br />
2. Make sure {{Filename|/boot}} is mounted<br/><br />
3. Run syslinux-install_update script -i (install) -a (set boot flag) -m (install mbr)<br />
/usr/sbin/syslinux-install_update -iam<br />
4. Edit {{Filename|/boot/syslinux/syslinux.cfg}}<br />
<br />
===Manual Install - syslinux===<br />
{{Note| If you are unsure of which partition table you are using (MBR or GPT), you are likely using the MBR partition table. Most of the time, GPT will create a special MBR-style partition (type 0xEE) using the whole disk which will be displayed with the following command:<br />
# fdisk -l /dev/sda<br />
or alternatively<br />
# sgdisk -l /dev/sda<br />
will show " GPT: not present" if it is not a GPT disk.<br />
}}<br />
<br />
{{Note| If you are trying to rescue an installed system with a live CD, be sure to [[Change_Root|chroot]] into it before executing these commands. If you do not chroot first, you must prepend all file paths (not /dev/ paths) with the mount point.}}<br />
<br />
Make sure you have the ''syslinux'' package installed. Then install Syslinux onto your boot partition, which must contain a fat, ext2, ext3, ext4, or btrfs file system.<br />
# mkdir /boot/syslinux<br />
# extlinux --install /boot/syslinux <br />
You should run it on a mounted directory, not a /dev/sdXY device. /boot/syslinux/ is device /dev/sda1.<br />
<br />
====MBR Partition Table====<br />
Next, you need mark your boot partition active in your partition table. Applications capable of doing this include fdisk, cfdisk, sfdisk, (g)parted. It should look like this:<br />
# fdisk -l /dev/sda<br />
[...]<br />
Device Boot Start End Blocks Id System<br />
/dev/sda1 * 2048 104447 51200 83 Linux<br />
/dev/sda2 104448 625142447 312519000 83 Linux<br />
<br />
Install the master boot record:<br />
# dd bs=440 conv=notrunc count=1 if=/usr/lib/syslinux/mbr.bin of=/dev/sda<br />
<!-- conv=notrunc helps if /dev/sda is actually a file not a block device --><br />
<br />
====GUID Partition Table aka GPT====<br />
Main article [[GUID Partition Table]].<br />
<br />
Bit 2 of the attributes for the {{Filename|/boot}} partition need to be set.<br />
<br />
# sgdisk /dev/sda --attributes=1:set:2<br />
<br />
This would toggle the attribute legacy BIOS bootable on partition 1 <br />
<br />
Verify:<br />
# sgdisk /dev/sda --attributes=1:show<br />
1:2:1 (legacy BIOS bootable)<br />
<br />
Install the master boot record:<br />
# dd bs=440 conv=notrunc count=1 if=/usr/lib/syslinux/gptmbr.bin of=/dev/sda<br />
<br />
====Rebooting====<br />
When you reboot your system now, you will have a syslinux prompt. To automatically boot your system or get a boot menu, you still need to create a configuration file.<br />
<br />
== Configuring syslinux ==<br />
The syslinux configuration file, {{Filename|syslinux.cfg}} should be created in the same directory where you installed syslinux. In our case '/boot/syslinux/'<br />
<br />
The bootloader will look for either {{Filename|syslinux.cfg}} (preferred) or {{Filename| extlinux.conf}}<br />
<br />
'''Tips''':<br />
*Instead of LINUX, the keyword KERNEL can also be used. KERNEL tries to detect the type of the file, while LINUX always expects a Linux kernel.<br />
*TIMEOUT value is in units of 1/10 of a second.<br />
<br />
=== Examples ===<br />
==== Basic Syslinux Config ====<br />
This is a simple configuration file that will show a boot: prompt and automatically boot after 5 seconds.<br />
<br />
Config:<br />
PROMPT 1<br />
TIMEOUT 50<br />
DEFAULT arch<br />
<br />
LABEL arch<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD ../initramfs-linux.img<br />
<br />
LABEL archfallback<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD ../initramfs-linux-fallback.img<br />
<br />
If you want to boot directly without seeing a prompt, set PROMPT to 0.<br />
<br />
If you want to use [[UUID]] for persistent device naming instead of device names, change:<br />
APPEND root=/dev/sda2 ro<br />
<br />
to:<br />
APPEND root=UUID=<uuid here> ro<br />
<br />
==== Text Boot menu ====<br />
Syslinux also allows you to use a boot menu. To use it, copy the menu COM32 module to your syslinux folder:<br />
# cp /usr/lib/syslinux/menu.c32 /boot/syslinux/<br />
If /boot is in the same partition as /usr, a symlink will also work:<br />
# ln -s /usr/lib/syslinux/menu.c32 /boot/syslinux/<br />
<br />
Config:<br />
UI menu.c32<br />
PROMPT 0<br />
<br />
MENU TITLE Boot Menu<br />
TIMEOUT 50<br />
DEFAULT arch<br />
<br />
LABEL arch<br />
MENU LABEL Arch Linux<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD ../initramfs-linux.img<br />
<br />
LABEL archfallback<br />
MENU LABEL Arch Linux Fallback<br />
LINUX /vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD /initramfs-linux-fallback.img<br />
<br />
For more details about the menu system, see http://git.kernel.org/?p=boot/syslinux/syslinux.git;a=blob;f=doc/menu.txt.<br />
<br />
==== Graphical Boot menu ====<br />
Syslinux also allows you to use a graphical boot menu. To use it, copy the vesamenu COM32 module to your syslinux folder:<br />
# cp /usr/lib/syslinux/vesamenu.c32 /boot/syslinux/<br />
If {{Filename|/boot}} is the same partition as {{Filename|/}}, a symlink will also work:<br />
# ln -s /usr/lib/syslinux/vesamenu.c32 /boot/syslinux/<br />
<br />
[http://projects.archlinux.org/archiso.git/tree/configs/releng/syslinux This config] uses the same menu design as the Arch Install CD. The background file can be found there too.<br />
<br />
Config:<br />
UI vesamenu.c32<br />
DEFAULT arch<br />
PROMPT 0<br />
MENU TITLE Boot Menu<br />
MENU BACKGROUND splash.png<br />
TIMEOUT 50<br />
<br />
MENU WIDTH 78<br />
MENU MARGIN 4<br />
MENU ROWS 5<br />
MENU VSHIFT 10<br />
MENU TIMEOUTROW 13<br />
MENU TABMSGROW 11<br />
MENU CMDLINEROW 11<br />
MENU HELPMSGROW 16<br />
MENU HELPMSGENDROW 29<br />
<br />
# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu<br />
<br />
MENU COLOR border 30;44 #40ffffff #a0000000 std<br />
MENU COLOR title 1;36;44 #9033ccff #a0000000 std<br />
MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all<br />
MENU COLOR unsel 37;44 #50ffffff #a0000000 std<br />
MENU COLOR help 37;40 #c0ffffff #a0000000 std<br />
MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std<br />
MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std<br />
MENU COLOR msg07 37;40 #90ffffff #a0000000 std<br />
MENU COLOR tabmsg 31;40 #30ffffff #00000000 std<br />
<br />
<br />
LABEL arch<br />
MENU LABEL Arch Linux<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD ../initramfs-linux.img<br />
<br />
<br />
LABEL archfallback<br />
MENU LABEL Arch Linux Fallback<br />
LINUX ../vmlinuz-linux<br />
APPEND root=/dev/sda2 ro<br />
INITRD ../initramfs-linux-fallback.img<br />
<br />
<br />
Since Syslinux 3.84 vesamenu.c32 supports the "MENU RESOLUTION $WIDTH $HEIGHT" directive.<br />
To use it, insert "MENU RESOLUTION 1440 900" into your config for a 1440x900 resolution.<br />
The background picture has to have exactly the right resolution however as syslinux will otherwise refuse to load the menu.<br />
<br />
=== Chainloading ===<br />
If you want to chainload other operating systems (such as Windows) or boot loaders, copy (or symlink) the ''chain.c32'' module to the syslinux folder (for details, see the instructions in the previous section). Then, create a section in the configuration file:<br />
<br />
LABEL windows<br />
MENU LABEL Windows<br />
COM32 chain.c32<br />
APPEND hd0 3<br />
<br />
''hd0 3'' is the third partition on the first BIOS drive - drives are counted from zero, but partitions are counted from one. For more details about chainloading, see [http://syslinux.zytor.com/wiki/index.php/Comboot/chain.c32].<br />
<br />
If you have [[grub2]] installed in your boot partition, you can chainload it by using: <br />
<br />
LABEL grub2<br />
MENU LABEL Grub2<br />
COM32 chain.c32<br />
append file=../grub/boot.img<br />
<br />
This maybe required for booting from iso images.<br />
<br />
=== Using memtest ===<br />
Use this LABEL section to launch memtest (install the ''memtest86+'' package):<br />
<br />
LABEL memtest<br />
MENU LABEL Memtest86+<br />
LINUX ../memtest86+/memtest.bin<br />
<br />
=== HDT ===<br />
HDT (Hardware Detection Tool) displays hardware information. Like before, the .c32 file has to be copied or symlinked from /boot/syslinux/.<br />
For pci info either copy or symlink {{Filename|/usr/share/hwdata/pci.ids}} to {{Filename|/boot/syslinux/pci.ids}}<br />
<br />
LABEL hdt<br />
MENU LABEL Hardware Info<br />
COM32 hdt.c32<br />
<br />
=== Reboot and power off ===<br />
Use the following sections to reboot or power off your machine.<br />
<br />
LABEL reboot<br />
MENU LABEL Reboot<br />
COM32 reboot.c32<br />
<br />
LABEL poweroff<br />
MENU LABEL Power Off<br />
COMBOOT poweroff.com<br />
=== Clear Menu ===<br />
To clear the screen when exiting the menu, add the following line.<br />
MENU CLEAR<br />
<br />
==Troubleshooting==<br />
===I have a Syslinux Prompt - Yikes!===<br />
You can type in the LABEL name of the entry that you want to boot (as per your syslinux.cfg). If you used the example configs just type<br />
boot: arch<br />
<br />
If you get an error that the config file could not be loaded you can pass your needed boot parameters, e.g.:<br />
boot: ../vmlinuz-linux root=/dev/sda2 ro initrd=../initramfs-linux.img<br />
<br />
If you do not have access to 'boot:' in ramfs, and therefore temporarily unable to boot kernel again<br />
<br />
1) create temp directory, in order to mount your root partition (if it does not exist already)<br />
<br />
mkdir -p /new_root<br />
<br />
2) mount / under /new_root (in case /boot/ is on same partition, otherwise you will need to mount them both)<br />
<br />
mount /dev/sd[a-z][1-9] /new_root<br />
<br />
3) use 'vi' and edit syslinux.cfg again to suit your needs and save file;<br />
<br />
4) reboot<br />
<br />
===No Default or UI found on some computers===<br />
Certain motherboard manufacturers have less compatibility for booting from USB devices than others. While an ext4 formatted usb drive may boot on a more recent computer, some computers may hang if the boot partition containing the kernel and initrd are not on a fat16 partition. to prevent an older machine from loading ldlinux and failing to read syslinux.cfg, use cfdisk to create a fat-16 partition (<=2GB) and format with <br />
# pacman -S dosfstools<br />
# mkfs.msdos -F 16 /dev/sda1<br />
then install and configure syslinux.<br />
<br />
===Windows boots up! No Syslinux!===<br />
'''Solution:''' Make sure the partition that contains /boot has the boot flag enabled. Also, make sure the boot flag is not enabled on the windows partition. See the installation section above.<br />
<br />
The MBR that comes with syslinux looks for the first active partition that has the boot flag set. The windows partition was likely found first and had the boot flag set. If you wanted you could use the MBR that windows or msdos fdisk provides.<br />
<br />
===Menu Entries do nothing===<br />
You select a menu entry and it does nothing. It "refreshes" the menu<br/><br />
This usually means that you have an error in your configuration. Hit {{Keypress| TAB }} to edit your boot parameters. Alternatively, press {{Keypress| ESC}} and type in the LABEL of your boot entry (Example: arch)<br />
<br />
===Cannot remove ldlinux.sys===<br />
ldlinux.sys has the immutable attribute set which prevents the file from being deleted or overwritten. This is because the sector location of the file must not change or else syslinux has to be reinstalled.<br />
To remove: <br />
chattr -i /boot/syslinux/ldlinux.sys<br />
rm /boot/syslinux/ldlinux.sys<br />
<br />
===A white block on the upper left corner appears when a kernel is loaded with modesetting on in early stage and when using vesamenu===<br />
'''Brain0''' said: ''As of linux-3.0, the modesetting driver tries to keep the current contents of the screen after changing the resolution (at least it does so with my intel, when having syslinux in text mode). It seems that this goes wrong when combined with the vesamenu module in syslinux (the white block is actually an attempt to keep the syslinux menu, but the driver fails to capture the picture from vesa graphics mode).''<br />
<br />
If you have a custom resolution and a vesamenu, with early modesetting try to append the following in the '''kernel line''' in syslinux.cfg to remove the white block and continue in graphics mode:<br />
<br />
APPEND root=/dev/sda6 ro 5 radeon.modeset=1 '''vga=current''' logo.nologo quiet splash<br />
<br />
== External link ==<br />
* [http://syslinux.zytor.com/ The Syslinux Project]'s website.</div>Tassadarhttps://wiki.archlinux.org/index.php?title=Bug_Day/2010&diff=146768Bug Day/20102011-06-20T07:19:15Z<p>Tassadar: FS#23162 is closed</p>
<hr />
<div>[[Category: Arch development (English)]]<br />
[[Category: Package development (English)]]<br />
'''NEXT BUG DAY:'''18.6.2011<br />
<br />
Number of bugs:<br />
{| border="1"<br />
| Project || At beginning || At end || Closed<br />
|-<br />
| Arch Linux || 615 || 539 || 76<br />
|-<br />
| Community || 109 || 103 || 6<br />
|-<br />
| Pacman || 140 || 142 || 0<br />
|-<br />
| AUR || 36 || 0 || 0<br />
|-<br />
| Release Engineering || 79 || 0 || 0<br />
|-<br />
| '''Total''' || '''0'' || '''0''' || '''0'''<br />
|}<br />
<br><br><br />
'''Indications''':<br><br />
* Please '''use the bug title for the links' names''', so that we don't need to click on the link to know what a bug is about.<br />
Little helper [https://github.com/jelly/Dotfiles/blob/master/bin/bug2wiki.sh script]<br />
* If you have fixed a bug, '''enclose it with <nowiki><s></s></nowiki> tags.'''<br />
* Ensure bugs are assigned to the right person (package maintainers do change sometimes).<br />
* Ensure bugs are in the right top-level project (Release Engineering, Pacman, etc.).<br />
* If fixes are provided for some bugs, please test and report them as fixed.<br />
<br><br><br />
==Installer==<br />
<br />
==System==<br />
<br />
==[initscripts]==<br />
<br />
===Filesystems checks or related issues===<br />
<br />
* [http://bugs.archlinux.org/task/18490 FS#18490] - [initscripts] needs "newline" after "checking filesystems (Patch available)<br />
<br />
===Read-only root/live-friendly support===<br />
* [http://bugs.archlinux.org/task/9384 FS#9384] - [initscripts] request for read-only root support<br />
<br />
===Encrypted setups===<br />
* [http://bugs.archlinux.org/task/17131 FS#17131] - [initscripts] encrypted swap is set up before random seed is restored<br />
<br />
==Packages==<br />
<br />
===[core]===<br />
<br />
====Decision?====<br />
* [http://bugs.archlinux.org/task/13357 FS#13357] - {core} l2tp support needed (xl2tp from community)<br />
* [http://bugs.archlinux.org/task/13591 FS#13591] - [pam] Use sha512 hash for passwords for improve local security<br />
* [http://bugs.archlinux.org/task/16807 FS#16807] - [groff] Replace groff in core by mdocml<br />
* [http://bugs.archlinux.org/task/17312 FS#17312] - [gawk] /usr/bin/awk link<br />
* [http://bugs.archlinux.org/task/23813 FS#23813] - [kernel26]hibernate/resume : general protection fault : 0000 [#1] PREEMPT SMP<br />
* [https://bugs.archlinux.org/task/18719 FS#18719]- [kernel26] "kernel26.img" is a silly name for an initramfs image<br />
* [https://bugs.archlinux.org/task/18417 FS#18417] - {core} Make a "wifi-drivers" group<br />
* [http://bugs.archlinux.org/task/16702 FS#16702] - [kernel26] Versioned Kernel installs - '''sounds like a good idea, but nobody has said they'll do it yet'''<br />
* [http://bugs.archlinux.org/task/22480 FS#22480] - [ppp] remove from base group <br />
<br />
* [http://bugs.archlinux.org/task/22482 FS#22482] - [wpa_supplicant] remove from base group <br />
<br />
* [http://bugs.archlinux.org/task/22483 FS#22483] - [dash] remove from base group <br />
* [http://bugs.archlinux.org/task/23746 FS#23746] - [filesystem] remove dash from /etc/shells <br />
<br />
<br />
<br />
====Status?====<br />
* [http://bugs.archlinux.org/task/24201 FS#24201] - [kernel26] netlink patch <br />
* [http://bugs.archlinux.org/task/22046 FS#22046] - [kernel26] xhci-hcd + ehci-hcd (USB 3.0) kernel module prevents suspend <br />
* [http://bugs.archlinux.org/task/21606 FS#21606] - [kernel26] PIONEER DVD-RW DVR-212D: failed to set xfermode <br />
* [http://bugs.archlinux.org/task/22228 FS#22228] - [kernel26/ drm radeon] problem [drm:drm_mode_getfb] *ERROR* invalid framebuffer id <br />
* [http://bugs.archlinux.org/task/23825 FS#23825] - [kernel26] Bluetooth stopped working after upgrade to kernel 2.6.38 <br />
<br />
* [http://bugs.archlinux.org/task/17753 FS#17753] - [ppp] bogus DNS server problem with 3G modems<br />
* [http://bugs.archlinux.org/task/23096 FS#23096] - [grub] 0.97-17 fails to load os with quickboot enabled in bios using crucial real ssd. <br />
* [https://bugs.archlinux.org/task/19394 FS#19394] - [emacs] since upgrade to 23.2-1 height is 33 lines insteed 38 <br />
* [https://bugs.archlinux.org/task/19376 FS#19376] - [openvpn] package should contain update-resolv-conf script <br />
* [https://bugs.archlinux.org/task/19361 FS#19361] - [pinentry] sould not overwrite the simbolic link /usr/bin/pinentry <br />
* [https://bugs.archlinux.org/task/19333 FS#19333] - [nfs-utils] nfs-server ignoring no_root_squash<br />
* [https://bugs.archlinux.org/task/19321 FS#19321] - [util-linux-ng|shadow] agetty -> login **problems***<br />
* [https://bugs.archlinux.org/task/18722 FS#18722] - [man-db] col throws warning/error after upgrade<br />
* [https://bugs.archlinux.org/task/15738 FS#15738] - [cryptsetup] initcpio-hook enhancement<br />
<br />
====Trivial fixes====<br />
<br />
===[extra]===<br />
<br />
====Decision?====<br />
* [http://bugs.archlinux.org/task/14598 FS#14598] - [openldap] enable slapd overlays (slapo)<br />
* [http://bugs.archlinux.org/task/17157 FS#17157] - [kdebase-workspace] kdm allows logins even if shell is set to /sbin/nologin<br />
* [http://bugs.archlinux.org/task/17326 FS#17326] - [ssmtp] setgid mail<br />
* [http://bugs.archlinux.org/task/21141 FS#21141] - [archboot] arch_wireless does not include wireless modules <br />
* [http://bugs.archlinux.org/task/12321 FS#12321] - [gimp] Could not load images via URL<br />
* [https://bugs.archlinux.org/task/19082 FS#19082] - [eclipse] make xulrunner optional <br />
* [http://bugs.archlinux.org/task/24225 FS#24225] - [python-sip] Split sip package into sip and python-sip<br />
<br />
====Status?====<br />
* [http://bugs.archlinux.org/task/14252 FS#14252] - [kdebase-workspace] rewrites Xsetup<br />
* [http://bugs.archlinux.org/task/18917 FS#18917] - [ghc] ghc.install :: test if directory exists <br />
* [http://bugs.archlinux.org/task/18784 FS#18784] - [cyrus-sasl-plugins ] [libsasl] should support NTLM login<br />
* [https://bugs.archlinux.org/task/18640 FS#18640] - [xawtv] lacks scantv, doesn't compile with libquicktime installed <br />
* [https://bugs.archlinux.org/task/19642 FS#19642] - [guile] ignores emacs support files (gds.el, gds-server.el, gds-client.el) <br />
* [https://bugs.archlinux.org/task/16974 FS#16974] - [xf86-video-intel] 845GM/855GM kernel panic with DRI enabled, KMS disabled<br />
* [https://bugs.archlinux.org/task/16206 FS#16206] - [pcmanfm] Mime type configuration defaults <br />
* [https://bugs.archlinux.org/task/15747 FS#15747] - [kismet] kismet_client - blank '''Last comment says our terminfo maybe broken for xterm'''<br />
* [https://bugs.archlinux.org/task/19580 FS#19580] - [kdeplasma-addons-applets-kimpanel] ibus backend <br />
* [http://bugs.archlinux.org/task/21199 FS#21199] - [pinentry] missing dependencies '''Can be closed?'''<br />
<br />
====Trivial fixes====<br />
* [http://bugs.archlinux.org/task/20101 FS#20101] - [pcmanfm] Include gvfs as optdepends <br />
* [http://bugs.archlinux.org/task/24197 FS#24197] - [spamassassin] add perl-mail-dkim optdepends<br />
<br />
===[community]===<br />
<br />
====Decision?====<br />
* [https://bugs.archlinux.org/task/24679 FS#24679] - [luminacehdr] Add hugin as an optional dep <br />
* [https://bugs.archlinux.org/task/24165 FS#24165] - [xmonad]: Add files to enable GNOME 3 + Xmonad <br />
* [http://bugs.archlinux.org/task/24418 FS#24418] - pacupdate package is broken and project seems dead <br />
<br />
<br />
====Status?====<br />
* [https://bugs.archlinux.org/task/19570 FS#19570] - [terminator] bash children do not exit when terminal is closed<br />
* [https://bugs.archlinux.org/task/18965 FS#18965] - [cgmail] crashing since updated gnome to 2.30<br />
* [https://bugs.archlinux.org/task/18923 FS#18923] - [compiz] Doesn't support GNOME cursor settings<br />
* [https://bugs.archlinux.org/task/23828 FS#23828] - [mingw32-gcc] OpenMP support <br />
* [https://bugs.archlinux.org/task/23273 FS#23273] - [sage-mathematics] Maybe we should have /etc/rc.d/sage that starts 'sage -notebook'? <br />
* [https://bugs.archlinux.org/task/24561 FS#24561] - [goldendict] provide stardict <br />
* [http://bugs.archlinux.org/task/23379 FS#23379] - [protobuf] [protobuf-python] Merge packages<br />
<br />
====Trivial fixes====<br />
* [https://bugs.archlinux.org/task/24545 FS#24545] - Optional dependencies for OpenTTD music <br />
* [http://bugs.archlinux.org/task/21638 FS#21638] - [any2dvd] add '-frames 0' to 'mplayer -identify' <br />
* [http://bugs.archlinux.org/task/22326 FS#22326] - [cython] cannot find numpy header files<br />
* [http://bugs.archlinux.org/task/24720 FS#24720] - GDAL should be built against internal libtiff / libgeotiff <br />
* [http://bugs.archlinux.org/task/23654 FS#23654] - [gdal] 1.8.0-3 WMS layers not working - no curl support<br />
<br />
==Upstream bugs==<br />
===No response===<br />
<br />
===Status?===<br />
* [http://bugs.archlinux.org/task/21228 FS#21228] - [texlive-core] Document compile problem <br />
* [http://bugs.archlinux.org/task/20542 FS#20542] - [kernel26] iwlagn driver broken with kernel 2.6.35 <br />
* [http://bugs.archlinux.org/task/20492 FS#20492] - [kernel26] iwlagn broken in 2.6.35? <br />
* [http://bugs.archlinux.org/task/21959 FS#21959] - [kernel26] 2.6.36-1-3 regression: gspca (ov534 driver) doesn't work (worked in 2.6.35-8-3) <br />
* [http://bugs.archlinux.org/task/20179 FS#20179] - [kernel26] system reboot when module:processor was been loaded <br />
* [http://bugs.archlinux.org/task/20984 FS#20984] - [kernel26] wireless-drivers for rt73usb chipset <br />
* [http://bugs.archlinux.org/task/21683 FS#21683] - [kernel26] 2.6.36 panic when iwlagn (IPW4965) and rt2x00pci (RT2500) are put into monitor mode<br />
<br />
==Website==<br />
<br />
====Status?====<br />
* [http://bugs.archlinux.org/task/15865 FS#15865] - {bugtracker} attached files should have a MIME type attached/sent<br />
<br />
==Pacman==<br />
No promises on fixing these on bug day, but if any of the pacman devs or ML readers are around these would be good candidates to look at, especially if you like C and shell script coding more than fixing the above bugs.<br />
<br />
==Old Bugs (Bugs open and openend before 2010-06-01)==<br />
* [http://bugs.archlinux.org/task/18292 FS#18292] Assigned | [dcron] Should create ID Flag when not given to be compatible to <br />
* [http://bugs.archlinux.org/task/17705 FS#17705] Assigned | [xf86-video-intel] Hangcheck timer elapsed... GPU hung <br />
* [http://bugs.archlinux.org/task/17131 FS#17131] Assigned | [initscripts] crypt: restore random seed before using for decryp <br />
* [http://bugs.archlinux.org/task/16974 FS#16974] Assigned | [xf86-video-intel] 845GM/855GM kernel panic with DRI enabled, KM <br />
* [http://bugs.archlinux.org/task/19642 FS#19642] Assigned | [guile] ignores emacs support files (gds.el, gds-server.el, gds- <br />
* [http://bugs.archlinux.org/task/19392 FS#19392] Assigned | [xterm] w/who does not show my login shell <br />
* [http://bugs.archlinux.org/task/19330 FS#19330] Assigned | [xorg] System doesn't remember screen resolution <br />
* [http://bugs.archlinux.org/task/19321 FS#19321] Assigned | [util-linux-ng|shadow] agetty -> login **problems** <br />
* [http://bugs.archlinux.org/task/19233 FS#19233] Assigned | [netcfg] 2.5.4-1 net-auto-wireless can not be restarted <br />
* [http://bugs.archlinux.org/task/19051 FS#19051] Assigned | [net-tools] netstat doesn't show complete addresses with ipv6 aw <br />
* [http://bugs.archlinux.org/task/18691 FS#18691] Assigned | [unzip] iconv patch needed to support UTF-8 filenames created in <br />
* [http://bugs.archlinux.org/task/18676 FS#18676] Assigned | [tcp_wrappers] man page doesn't reflect hosts.allow syntax chang <br />
* [http://bugs.archlinux.org/task/18654 FS#18654] Assigned | [initscripts] internal: add PID check to /etc/rc.d/functions <br />
* [http://bugs.archlinux.org/task/17821 FS#17821] Waiting on Response | [kernel26] (2.6.32-*): bug on kernel ACPI <br />
* [http://bugs.archlinux.org/task/17753 FS#17753] Assigned | [ppp] bogus DNS server problem with 3G modems <br />
* [http://bugs.archlinux.org/task/17390 FS#17390] Assigned | {dbscripts} Add support for split packages of different arches <br />
* [http://bugs.archlinux.org/task/17157 FS#17157] Assigned | [kdebase-workspace] kdm allows logins even if shell is set to /s <br />
* [http://bugs.archlinux.org/task/16702 FS#16702] Assigned | [kernel26] Versioned Kernel installs <br />
* [http://bugs.archlinux.org/task/15865 FS#15865] Assigned | {bugtracker} attached files should have a MIME type attached/sen <br />
* [http://bugs.archlinux.org/task/12321 FS#12321] Assigned | [gimp] Could not load images via URL <br />
* [http://bugs.archlinux.org/task/11147 FS#11147] Assigned | [mkinitcpio] req: resume from encrypted swap. <br />
* [http://bugs.archlinux.org/task/9396 FS#9396] Assigned | [namcap] fails to detect dependencies on uninstalled shared libs <br />
* [http://bugs.archlinux.org/task/19653 FS#19653] Assigned | [eclipse] change dependency from java-environment to java-runtim <br />
* [http://bugs.archlinux.org/task/19440 FS#19440] Assigned | [apache-ant] doen't meet Java Package Guidelines <br />
* [http://bugs.archlinux.org/task/19428 FS#19428] Assigned | [docbook-xml] Provide a 'catalog' file for each version <br />
* [http://bugs.archlinux.org/task/19409 FS#19409] Assigned | [initscripts] locale: support all the LC_* variables <br />
* [http://bugs.archlinux.org/task/19394 FS#19394] Assigned | [emacs] since upgrade to 23.2-1 height is 33 lines insteed 38 <br />
* [http://bugs.archlinux.org/task/19376 FS#19376] Assigned | [openvpn] package should contain update-resolv-conf script <br />
* [http://bugs.archlinux.org/task/19361 FS#19361] Assigned | [pinentry] sould not overwrite the simbolic link /usr/bin/pinent <br />
* [http://bugs.archlinux.org/task/19333 FS#19333] Assigned | [nfs-utils] nfs-server ignoring no_root_squash <br />
* [http://bugs.archlinux.org/task/19328 FS#19328] Assigned | [mkinitpcio] Add usbinput to hooks <br />
* [http://bugs.archlinux.org/task/19313 FS#19313] Assigned | [ifplugd] ifplugd.action script is not really a /bin/sh script <br />
* [http://bugs.archlinux.org/task/19207 FS#19207] Assigned | [shadow] /etc/login.defs doest not recognize GETPASS_ASTERISKS o <br />
* [http://bugs.archlinux.org/task/19175 FS#19175] Waiting on Response | [qca] kopete and psi not able to connect to jabber/xmpp (openfir <br />
* [http://bugs.archlinux.org/task/19082 FS#19082] Assigned | [eclipse] make xulrunner optional <br />
* [http://bugs.archlinux.org/task/18999 FS#18999] Assigned | [xorg-server] Xfvb doesn't handle transparent pixels properly in <br />
* [http://bugs.archlinux.org/task/18957 FS#18957] Assigned | [net-tools] netstats -s return ``error parsing /proc/net/snmp: S <br />
* [http://bugs.archlinux.org/task/18931 FS#18931] Assigned | [netcfg] [patch] Add WWAN support (UMTS/3G) <br />
* [http://bugs.archlinux.org/task/18917 FS#18917] Assigned | [ghc] ghc.install :: test if directory exists <br />
* [http://bugs.archlinux.org/task/18864 FS#18864] Assigned | Consider enabling GCC's stack-smashing protection (ProPolice, SS <br />
* [http://bugs.archlinux.org/task/18836 FS#18836] Assigned | [netcfg] wpa_actiond doesn't function properly on resume <br />
* [http://bugs.archlinux.org/task/18784 FS#18784] Assigned | [cyrus-sasl-plugins ] [libsasl] should support NTLM login <br />
* [http://bugs.archlinux.org/task/18722 FS#18722] Assigned | [man-db] col throws warning/error after upgrade <br />
* [http://bugs.archlinux.org/task/18640 FS#18640] Assigned | [xawtv] lacks scantv, doesn't compile with libquicktime installe <br />
* [http://bugs.archlinux.org/task/18590 FS#18590] Assigned | {repo} enable Delta support in repositories <br />
* [http://bugs.archlinux.org/task/18555 FS#18555] Assigned | [xawtv] streamer segfault <br />
* [http://bugs.archlinux.org/task/18542 FS#18542] Assigned | [ifplugd] Wrong way to launch ntpdate <br />
* [http://bugs.archlinux.org/task/18490 FS#18490] Assigned | [initscripts] add \n after stat_* <br />
* [http://bugs.archlinux.org/task/18485 FS#18485] Assigned | {archweb} Search doesn't trim leading/trailing spaces <br />
* [http://bugs.archlinux.org/task/18347 FS#18347] Assigned | [mkinitcpio] improve performance <br />
* [http://bugs.archlinux.org/task/18344 FS#18344] Assigned | [xf86-video-intel] can't wake from suspend <br />
* [http://bugs.archlinux.org/task/18244 FS#18244] Assigned | [dansguardian] Remove dependency: squid <br />
* [http://bugs.archlinux.org/task/18157 FS#18157] Assigned | [filesystem] symlink /var/{run,lock} to /run/{,lock} <br />
* [http://bugs.archlinux.org/task/17965 FS#17965] Assigned | [nautilus] Places displays links to (ntfs)partitions twice with <br />
* [http://bugs.archlinux.org/task/17875 FS#17875] Assigned | [ghc] should provide "haddock" <br />
* [http://bugs.archlinux.org/task/17837 FS#17837] Assigned | [xorg] Xserver display blanks to single color, fixed by suspend <br />
* [http://bugs.archlinux.org/task/17580 FS#17580] Assigned | {wiki} interwiki interlanguage links <br />
* [http://bugs.archlinux.org/task/17447 FS#17447] Assigned | {mailman} Incorrect support email on page <br />
* [http://bugs.archlinux.org/task/17389 FS#17389] Assigned | [openssh] SSH session hangs, when remote machine reboots. <br />
* [http://bugs.archlinux.org/task/17326 FS#17326] Assigned | [ssmtp] setgid mail <br />
* [http://bugs.archlinux.org/task/17312 FS#17312] Assigned | [gawk] /usr/bin/awk link <br />
* [http://bugs.archlinux.org/task/17188 FS#17188] Assigned | [pam] Introduce a common-auth pam file for use in login managers <br />
* [http://bugs.archlinux.org/task/16865 FS#16865] Assigned | [thinkfinger] issue with linux kernel > 2.6.28 <br />
* [http://bugs.archlinux.org/task/16807 FS#16807] Assigned | [groff] Replace groff in core by mdocml <br />
* [http://bugs.archlinux.org/task/16206 FS#16206] Waiting on Response | [pcmanfm] Mime type configuration defaults <br />
* [http://bugs.archlinux.org/task/15747 FS#15747] Assigned | [kismet] kismet_client - blank <br />
* [http://bugs.archlinux.org/task/15738 FS#15738] Assigned | [cryptsetup] initcpio-hook enhancement <br />
* [http://bugs.archlinux.org/task/14598 FS#14598] Assigned | [openldap] enable slapd overlays (slapo) <br />
* [http://bugs.archlinux.org/task/14252 FS#14252] Assigned | [kdebase-workspace] rewrites Xsetup <br />
* [http://bugs.archlinux.org/task/13591 FS#13591] Assigned | [pam] Use sha512 hash for passwords for improve local security <br />
* [http://bugs.archlinux.org/task/13357 FS#13357] Assigned | {core} l2tp support needed (xl2tp from community) <br />
* [http://bugs.archlinux.org/task/13026 FS#13026] Assigned | {archweb} Add a json interface for ABS as we have for AUR <br />
* [http://bugs.archlinux.org/task/10703 FS#10703] Assigned | Implement OpenID to link Arch pages. <br />
* [http://bugs.archlinux.org/task/19580 FS#19580] Assigned | [kdeplasma-addons-applets-kimpanel] ibus backend <br />
* [http://bugs.archlinux.org/task/18736 FS#18736] Assigned | [initscripts] shutdown: fsck <br />
* [http://bugs.archlinux.org/task/18719 FS#18719] Waiting on Response | [kernel26] "kernel26.img" is a silly name for an initramfs image <br />
* [http://bugs.archlinux.org/task/18417 FS#18417] Assigned | {core} Make a "wifi-drivers" group <br />
* [http://bugs.archlinux.org/task/13441 FS#13441] Assigned | {archweb} Display new packages somewhere in the website <br />
* [http://bugs.archlinux.org/task/11604 FS#11604] Assigned | {archweb} Package Colours - better visual information <br />
* [http://bugs.archlinux.org/task/9384 FS#9384] Assigned | [initscripts] allow read only root</div>Tassadar