Squoggle

Mac's tech blog

Category Archives: Sys Admin

Linux Mint 22 – Custom UEFI LVM Installation

Leave a comment Posted by on December 30, 2024

Linux Mint’s Cinnamon desktop is one of the most productive and visually clean environments. However, its installation process has limitations, such as minimal support for Logical Volumes (LVM) on multiple devices. This guide provides a detailed walkthrough for configuring Linux Mint 22 with UEFI and LVM across multiple storage devices, allowing for advanced customization.

This guide documents the steps I followed to install Linux Mint 22 using Logical Volumes across multiple physical storage devices. By sharing this process, I aim to help others replicate this setup, whether on virtual machines or physical hardware

My Setup

For this installation I am doing the installation and configuration on a VirtualBox Virtual machine to test the process and in theory duplicate the process on a physical host. The salient details of the hardware are follows:

HardwareVirtual MachinePhysical Machine
Memory32 GB64 GB
Processors48
Disk via SATA Controller100 GB1 TB
Disk via NVME Controller10 GB2 TB

Partitioning

One of the reasons I’m doing this custom installation is that the automated installation does not allow me to customize the partitioning. One of the things I want to accomplish is customizing the amount of swap space so that I can configure Hibernation on this host. In order to do so I need more swap space defined than I have configured in memory. The below table is an outline of the physical devices and partitions I want to create:

Partition Setup Overview

/dev/sda:

  1. /dev/sda1: EFI partition (1 GB, FAT32).
    • The EFI partition only needs to hold the bootloader and essential EFI files. A 1 GB size provides ample space for future updates or additional boot entries, without wasting disk space.
  2. /dev/sda2: 4GB ext4 filesystem mounted at /boot
    • The /boot partition houses the Linux kernel, initramfs, and other boot-related files. A 4 GB allocation ensures sufficient space for kernel updates, multiple kernels, and recovery options, especially useful if the system uses custom kernels.
  3. /dev/sda3: Physical Volume (PV) for LVM for swap space (48 GB) and for root file system (remaining space).
    • Allocating the remaining space to an LVM PV provides flexibility. It allows dynamic resizing of logical volumes for swap and the root filesystem as needs evolve. By defining a large swap space (48 GB), the system supports hibernation, which requires swap space to be at least equal to the amount of installed memory. The rest is allocated to the root filesystem to hold the operating system and application files.

/dev/nvme0n1:

  1. Physical Volume (PV) for LVM for /home (entire device).
    • Using the entire NVMe device for the /home logical volume ensures fast access to user data and provides a clear separation from the root filesystem. This approach enhances performance and simplifies backups or future migrations of user data.

Steps to Configure /dev/sda

1. Open GParted

  1. Boot into the Linux Mint live session.
  2. Launch GParted from the menu.
  3. Select /dev/sda from the dropdown at the top-right.

2. Create GPT Partition Table on /dev/sda

  1. Go to Device > Create Partition Table.
  2. Select GPT as the new partition table type and click Apply.

3. Create EFI Partition

  1. Right-click on the unallocated space and select New.
  2. Configure:
    • Size: 1 GB.
    • File System: fat32.
    • Label: EFI.
  3. Click Add.
  4. Apply all changes:
    • Click the checkmark (green tick). Click Apply.
  5. Set flags:
    • Right-click the partition > Manage Flags.
    • Enable boot and esp flags.

4. Create Boot Partition

  1. Right-click on the unallocated space and select New.
  2. Configure:
    • Size: 4 GB.
    • File System: ext4.
    • Label: Boot.
  3. Click Add.

5. Create LVM Physical Volume

This LVM Physical Volume will contain both the SWAP space and the Root (“/”) file system.

  1. LVM/PV Partition:
    • Right-click the remaining unallocated space and select New.
    • Configure:
      • Size: Remaining Space.
      • File System: lvm2 pv
      • Label: SDA PV.
    • Click Add.
  2. Apply all changes:
    • Click the checkmark (green tick). Click Apply.

6. Check your work

You can check your work with the following terminal commands:

sudo pvdisplay
sudo fdisk -l /dev/sda

You should see indications of what you have created with Gparted.

Steps to Configure /dev/nvme0n1

Since the entire nvme device is going to be configured as LVM, nothing needs to be done other than what is done below in the terminal.

Setup LVM Using the Terminal

1. Prepare Physical Volumes

Run these commands in the terminal:

sudo pvcreate /dev/nvme0n1 # Physical Volume for /home

Verify the Physical Volumes have been created:

sudo pvdisplay

2. Create Volume Groups

sudo vgcreate vg_sda /dev/sda3
sudo vgcreate vg_nvme0 /dev/nvme0n1

Verify the Volume Groups:

sudo vgdisplay

3. Create Logical Volumes

  1. Swap:
    sudo lvcreate -L 96G -n lv_swap vg_sda
  2. Root:
    sudo lvcreate -l 100%FREE -n lv_root vg_sda
  3. Home:
    sudo lvcreate -l 100%FREE -n lv_home vg_nvme0

Verify the Logical Volumes:

sudo lvdisplay

4. Format Logical Volumes

I will be formatting the lv_root and lv_home Logical Volumes during the next section. It is not required to do it here.

Enable the swap Logical Volume:
sudo mkswap /dev/vg_sda/lv_swap

Verify everything with this:

lsblk -f

You should see a representation of how you have partitioned your devices

5. Mount Points in Installer

I’m using ext4 for compatibility and performance.

  1. During installation, choose Something Else.
  2. Assign:
    • /dev/mapper/vg_nvme0-lv_home: /home and format to ext4
    • /dev/mapper/vg_sda-lv_root: / and format to ext4
    • /dev/mapper/vg_sda-lv_swap: swap space
    • /dev/sda1: EFI System Partition automatically formatted to (FAT32)
    • /dev/sda2: /boot and format to ext4
  3. Set Device for boot loader installation to /dev/sda. /dev/sda is used for boot loader installation because it houses the EFI System Partition, ensuring compatibility, reliability, and ease of management in a UEFI-based system.

6. Install Linux Mint

  1. You should now be ready to install. Click the Install Now button.
  2. You will see a summary of what the installer is going to do. If you are satisfied, click the Continue button.
Linux, Linux Mint, Sys Admin , , , ,

Tailscale

Leave a comment Posted by on September 3, 2024

Build your own VPN.

These instructions cover how to install Tailscale on both Linux Mint 21.x and 22.x.

Linux Mint 21.x

Add Tailscale’s GPG key

$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null

Add the tailscale repository:

$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

Install Tailscale:

$ sudo apt-get update && sudo apt-get install tailscale

Start Tailscale:

$ sudo tailscale up

Linux Mint 22.x

Add Tailscale’s GPG key

$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null

Add the tailscale repository:

$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

Install Tailscale:

$ sudo apt-get update && sudo apt-get install tailscale

Start Tailscale:

$ sudo tailscale up
Linux, Linux Mint, Sys Admin ,

Logical Volume on Nvme disk

Leave a comment Posted by on September 1, 2024

This blog post is how to configure a new Nvme SSD disk with Logical Volumes, format it and then mount it for use on your Linux system. The OS I’m doing this on is Linux Mint 22.0 but the steps are very similar on other Linux distros.

List Disks

The first step is to get information about the disks on your system. Do that with the lshw command:

$ sudo lshw -class disk
$ sudo lshw -class disk
  *-disk                    
       description: ATA Disk
       product: Samsung SSD 870
       physical id: 0
       bus info: scsi@0:0.0.0
       logical name: /dev/sda
       version: 3B6Q
       serial: S75BNL0X510488E
       size: 931GiB (1TB)
       capabilities: gpt-1.00 partitioned partitioned:gpt
       configuration: ansiversion=5 guid=0a659757-d6ef-4549-a6fe-ad2ca7f79fb2 logicalsectorsize=512 sectorsize=512
  *-cdrom
       description: DVD writer
       product: DVD+-RW DU-8A5LH
       vendor: PLDS
       physical id: 1
       bus info: scsi@1:0.0.0
       logical name: /dev/cdrom
       logical name: /dev/sr0
       version: 6D1M
       capabilities: removable audio cd-r cd-rw dvd dvd-r
       configuration: ansiversion=5 status=nodisc
  *-namespace:0
       description: NVMe disk
       physical id: 0
       logical name: hwmon1
  *-namespace:1
       description: NVMe disk
       physical id: 2
       logical name: /dev/ng0n1
  *-namespace:2
       description: NVMe disk
       physical id: 1
       bus info: nvme@0:1
       logical name: /dev/nvme0n1
       size: 1863GiB (2TB)
       configuration: logicalsectorsize=512 sectorsize=512 wwid=eui.0025384541a0abf0

The device I’m interested in here is logical name: /dev/nvme0n1which is a 2 TB device.

Physical Volumes

Check status of Physical Volumes on the system:

$ sudo pvdisplay

I only see the boot device. This means no Physical Volume has been created yet on the ss

$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/sda2
VG Name vgmint
PV Size 931.01 GiB / not usable 4.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 238338
Free PE 0
Allocated PE 238338
PV UUID kGgo6r-HbVW-R0H8-Z4Ll-fGTO-fMej-O0iREI

Create the new Physical Volume on /dev/nvme0n1:

$ sudo pvcreate /dev/nvme0n1
$ sudo pvcreate /dev/nvme0n1
Physical volume "/dev/nvme0n1" successfully created.

Check and confirm:

$ sudo pvdisplay
$ sudo pvdisplay
--- Physical volume ---
PV Name /dev/sda2
VG Name vgmint
PV Size 931.01 GiB / not usable 4.00 MiB
Allocatable yes (but full)
PE Size 4.00 MiB
Total PE 238338
Free PE 0
Allocated PE 238338
PV UUID kGgo6r-HbVW-R0H8-Z4Ll-fGTO-fMej-O0iREI

"/dev/nvme0n1" is a new physical volume of "<1.82 TiB"
--- NEW Physical volume ---
PV Name /dev/nvme0n1
VG Name
PV Size <1.82 TiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID lda15M-nH4L-CEok-QDat-2A1O-dPBI-VeTeEK

We now have the new Physical Volume on /dev/nvme0n1

Volume Group

Check the status of existing Volume Groups:

$ sudo vgdisplay
$ sudo vgdisplay
--- Volume group ---
VG Name vgmint
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 3
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 1
Act PV 1
VG Size <931.01 GiB
PE Size 4.00 MiB
Total PE 238338
Alloc PE / Size 238338 / <931.01 GiB
Free PE / Size 0 / 0
VG UUID 88rFXN-yf9R-epV4-msvR-5cRr-zl0v-qxFUEd

You see that there already exists a Volume Group named vgmint where the root filesystem is installed.

Create the new Volume Group named vgnvme on the newly created /dev/nvme0n1 physical volume like this:

$ sudo vgcreate vgnvme /dev/nvme0n1
$ sudo vgcreate vgnvme /dev/nvme0n1
Volume group "vgnvme" successfully created

Then confirm it was created correctly:

$ sudo vgdisplay vgnvme
$ sudo vgdisplay vgnvme
--- Volume group ---
VG Name vgnvme
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size <1.82 TiB
PE Size 4.00 MiB
Total PE 476932
Alloc PE / Size 0 / 0
Free PE / Size 476932 / <1.82 TiB
VG UUID pH9fRB-QXRz-IGkL-t57V-xVXm-NP15-rf9vlA

Logical Volume

Now review the existing Logical Volumes on the system with the lvdisplay command:

$ sudo lvdisplay
$ sudo lvdisplay
--- Logical volume ---
LV Path /dev/vgmint/root
LV Name root
VG Name vgmint
LV UUID Oq70Uf-b9zI-zQE1-134v-Zi0t-M6ee-jGYgD1
LV Write Access read/write
LV Creation host, time mint, 2024-08-27 18:47:19 -0400
LV Status available
# open 1
LV Size <929.10 GiB
Current LE 237849
Segments 1
Allocation inherit
Read ahead sectors auto
currently set to 256
Block device 252:0 

--- Logical volume ---
LV Path /dev/vgmint/swap_1
LV Name swap_1
VG Name vgmint
LV UUID 82mxHk-oqhS-I1DF-HsRo-OaBs-S5la-lG70HE
LV Write Access read/write
LV Creation host, time mint, 2024-08-27 18:47:19 -0400
LV Status available open 2 LV Size 1.91 GiB
Current LE 489
Segments 1
Allocation inherit
Read ahead sectors auto
currently set to 256
Block device 252:1

You see that I have en existing Logical Volume named root for the root filesystem and another named swap_1 for the swap space. Both Logical Volumes reside on the vgmint Volume Group.

Now create a new Logical Volume named volnvme on the newly created vgnvme Volume Group. Create it using the maximum space allowed on the Volume Group:

$ sudo lvcreate -n volnvme -l 100%FREE vgnvme
$ sudo lvcreate -n volnvme -l 100%FREE vgnvme
Logical volume "volnvme" created.

Then confirm it was created correctly. Use volume_group/volume_name format when displaying:

$ sudo lvdisplay vgnvme/volnvme
$ sudo lvdisplay vgnvme/volnvme
--- Logical volume ---
LV Path /dev/vgnvme/volnvme
LV Name volnvme
VG Name vgnvme
LV UUID v2DC8Q-XQPk-aFUU-X8wR-XWCq-RCYx-i80TFB
LV Write Access read/write
LV Creation host, time Gob, 2024-09-01 16:43:52 -0400
LV Status available
# open 0
LV Size <1.82 TiB
Current LE 476932
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:2

This shows the correctly created Logical Volume that is associated with the Volume Group.

Create Filesystem

Before we can use it we need to create a filesystem on the Logical volume. I’m going to create a ext4 filesystem:

$ sudo mkfs.ext4 /dev/vgnvme/volnvme
$ sudo mkfs.ext4 /dev/vgnvme/volnvme
mke2fs 1.47.0 (5-Feb-2023)
Discarding device blocks: done
Creating filesystem with 488378368 4k blocks and 122101760 inodes
Filesystem UUID: 74388657-077d-46ca-adb4-44e986ff6c47
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848

Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done

Mount the Logical Volume

Now that you have the file system created you are ready to mount it somewhere. I want to mount it within my own user’s home directory. I need to create a mount point for this:

$ mkdir -p ~/mnt/nvme

Notice I did not use sudo. I want this directory structure and all files own by my user.

Now test mount the new Logical volume on the location you created for it like this:

$ sudo mount /dev/vgnvme/volnvme /home/mac/mnt/nvme

If everything went as expected you should not get any response to the above command.

Verify that the Logical Volume is mounted:

$ mount | grep /dev/mapper/vgnvme-volnvme
$ mount | grep /dev/mapper/vgnvme-volnvme
/dev/mapper/vgnvme-volnvme on /home/mac/mnt/nvme type ext4 (rw,relatime)

If you check file and group ownership of the /home/mac/mnt/nvme directory at this point you will see that it is owned by root even though we created it without sudo. This is because we had to mount it as root and it took on root ownership. Now that is is mounted you can change this ownership:

$ cd ~/mnt
$ sudo chown -R mac:mac ~/mnt/nvme/

Now un-mount the filesystem:

$ sudo umount /home/mac/mnt/nvme

Automatically mount this filesystem when booting

I want this filesystem to always be automatically mounted when the system boots. This means there needs to be an entry in the /etc/fstab file that directs the system to mount it.

First you will need to see what the mapper for this filesystem is. You can find it by doing a listing in /dev/mapper:

$ ll /dev/mapper

I see the following:

$ ll /dev/mapper
total 0
crw------- 1 root root 10, 236 Aug 30 17:54 control
lrwxrwxrwx 1 root root 7 Aug 30 17:54 vgmint-root -> ../dm-0
lrwxrwxrwx 1 root root 7 Aug 30 17:54 vgmint-swap_1 -> ../dm-1
lrwxrwxrwx 1 root root 7 Sep 1 16:43 vgnvme-volnvme -> ../dm-2

It looks like my mapper device is /dev/mapper/vgnvme-volnvme

Now, edit the /etc/fstab file as root user and add a section that looks like this:

# Internal NVME Disk
/dev/mapper/vgnvme-volnvme /home/mac/mnt/nvme ext4 errors=remount-ro 0 1

Tell the systemctl daemon to reload:

$ sudo systemctl daemon-reload

Now tell the system to mount that filesystem:

$ sudo mount /dev/mapper/vgnvme-volnvme

Confirm the file system is mounted:

$ mount | grep /dev/mapper/vgnvme-volnvme

Once you have confirmed you can reboot the system and confirm that the new filesystem automatically mounts on a reboot.

Linux, Linux Mint, Sys Admin , , , , , , , , , ,

Linux Mint 22.x

Leave a comment Posted by on August 31, 2024

These are my notes on configuring Linux Mint 22.x.

Linux Mint 22.x is based on Ubuntu 24.04. Make sure to read the Ubuntu release notes.

If you find this and think it is useful, leave a comment and say what you like or don’t like. Keep in mind these are my own notes and are not intended to be a HowTo for the general public.

This installation was done on an Dell Optiplex 7050. I’m also installing on Oracle Virtual Box so I will add some additional steps for that which will be noted as extra steps for Virtual Box.

Disable Secure Boot

I attempted to install with Secure Boot enabled, but it seems that Linux Mint has an issue installing certain drivers with secure boot enabled. This is not really something I need so I am disabling Secure Boot in the bios to not be hassled with it.

Install Linux Mint 22.x.

As of this writing it is Mint 22.0. I typically avoid a .0 release, but I just got a new computer and this OS was just released so we’ll see how it goes. I may update these instructions as newer versions come out. Without going into lots of detail on how to install Linux Mint which has been covered in many other HowTos I am just focusing on what I do to configure it to my liking. I am installing on a fresh new disk. I did install multimedia codecs. If you have turned off Secure Boot as mentioned earlier you will not have any additional prompts in this area.

I did select Advanced Features in the Installation Type window and selected to use LVM with the new installation. I did choose to erase disk because this is a new disk and a fresh install. I did choose to encrypt my home directory. I did encrypt home directory.

The installation is pretty straight forward and not complicated.

Up and Running

Virtual Box Guest Additions

As I mentioned I am also installing Linux Mint 22 on a Virtual machine so for Virtual Box Virtual Machine you will need to install Guest Additions. Ignore this if you are doing on a physical machine.

  1. Click Devices
  2. Insert Guest Additions CD image
  3. Click ‘Run’
  4. Type your password

This will install guest additions and allow you to resize your screen on the fly.

First Steps

When you first Launch Linux Mint you will get a Welcome Screen. On the left click ‘First Steps’.

Desktop Colors: I kept the default
Update Manager: Launch the Update Manager and update everything.
Driver Manager: When I launch I get a message that no drivers are needed.
System Snapshots: I will address at a later time.
Firewall: Also addressed later.

Firmware

I want to make sure my firmware (bios and other firmware) are up to date. Do that by doing the following:

$ sudo apt install fwupd
$ fwupdmgr get-updates
$ fwupdmgr update

Then follow the prompts to update. The system will reboot and do the updates then reboot again.

Sudoers

Edit the /etc/sudoers file so you don’t have to put your password in each time:

$ sudo visudo

There will be a line that looks like this:

%sudo ALL=(ALL:ALL) ALL

Comment out that line and make it look like this:

%sudo ALL=(ALL) NOPASSWD: ALL

Now when you use sudo you will not have to enter your password.

Install OpenSSH Server

Install SSH Server so you can ssh to the host:

$ sudo apt install openssh-server -y

Test ssh to the new host. You may during this process encounter an error regarding an “Offending ECDSA key in ~/.ssh/known_hosts”. This is easily resolved by deleting the referenced line in ~/.ssh/known_hosts.

I’ve also experienced an issue where when attempting to ssh to this new host via name it does not work. SSH via IP address does work. DNS resolution is correct. I even have the host in /etc/hosts. No dice.

I was finally able to resolve the issue by putting an entry into the ssh config file on my SSH from host in the ~/.ssh/config.d/LocalHosts.conf file. The entry in this file looks like this:

Host pop
  Hostname 192.168.20.34
  ForwardX11 yes
  ForwardX11Trusted yes

This seems to have solved the problem. I suspect I have some other conflicting entry in my ssh config files that are preventing this, but I can’t find it.

SSH Keys:

Now that you can ssh to your new host you will want to be able to ssh using your ssh key instead of password. From the remote host do this:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub [newhostname]

You will be prompted to enter the password for the New Host. It will copy over your public ssh key from ~/.ssh/id_rsa.pub. This assumes your public ssh key is indeed ~/.ssh/id_rsa.pub.

You should be able to ssh to the new host now without entering your password.

(Optional) Now copy all the ~/.ssh directory contents from your old host into this new host so you have the keys, the known hosts and authorized keys files from your user on the old host and now have them on your new host.

From the old host:

$ cd ~/.ssh
$ scp -r * [new-host-name]:~/.ssh

Hosts file:

Copy the Home Network section of your /etc/hosts file from the old host to the /etc/hosts file on the new host.

pCloud

Instead of
Dropbox I’ve decided to try pCloud. It is half as much money and much easier to set up. Pretty much all you have to do is create an account on pCloud then download the software binary and run it. It will install and run every time you boot your computer. Put the binary in /usr/bin, then after you run it, check Startup Applications to make sure it is starting each time and from correct path. Test by rebooting to see if it starts automatically.

I got the basic account which gives me 500 GB of storage which is more than I need. So far this has worked very well for me and is much less problematic than DropBox. I’ve not tried on MacOS or Windows yet but usually Linux is where most of the problems come from.

Install KeepassXC

Keepass XC is the greatest Password Safe in my humble opinion.

Install it:

$ sudo apt install keepassxc -y

Install Chrome

You’ll need Chrome as well

Go to https://www.google.com/chrome/

Click the Download Chrome button. Mine automatically downloaded into ~/Downloads. The 64 bit version was automatically selected.

Install it like this:

$ cd ~/Downloads
$ sudo apt install ./google-chrome-stable_current_amd64.deb

This will automatically install a repository as well for future updates.

Install Signal

Create a temporary directory off of your home directory:

$ mkdir -p ~/tmp
$ cd ~/tmp

Install the Signal official public software signing key:

$ wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
$ cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

Add the Signal repository to your list of repositories:

$ echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | sudo tee /etc/apt/sources.list.d/signal-xenial.list

Note that noble is the Ubuntu version that corresponds to Mint 22, but they don’t have a repo for noble so you need to use the xenial repo as shown above.

Update your package database and install Signal:

$ sudo apt update && sudo apt install signal-desktop

Now from the start menu, find signal and run it. You will be prompted to scan a QR code from your signal app on your phone. Go to three dots > Settings > Linked Devices and scan the QR Code.

Now edit the startup line in /usr/share/applications/signal-desktop.desktop to look like this:

Exec=/opt/Signal/signal-desktop --use-tray-icon --no-sandbox %U

This will keep Signal alive in your system tray when you close it.

You will also want to add signal to the automatic startup list. [Super Key] > Startup Applications. Click the ‘+’ sign and ‘Choose Application‘, find Signal, select it the click ‘Add Application’. You can also edit the config to have a start delay to give the PC some time to settle before starting it. I delayed it for 120 seconds.

Additional Software

There are other software packages I commonly use that need to be installed:

$ sudo apt install  kwrite kate terminator sshuttle vim sshpass nfs-common gparted imagemagick whois lsscsi -y

Mount NFS Share

Mount the NFS share of your old workstation or other server. Create a mount point:

$ mkdir -p /mnt/[nfs-host-name]
$ mkdir -p /mnt/nfs-pop

Make sure the NFS server is in your /etc/hosts file by name.

Test mount the remote NFS Server at your newly created mount point:

$ sudo mount [nfs-server]:/home/mac/mnt/nvme /mnt/[mount-point]
$ sudo mount pop:/home/mac/mnt/nvme /mnt/nfs_pop

Edit the /etc/fstab file to create an entry in it:

# External Mount
pop:/home/mac/mnt/nvme /mnt/nfs_pop nfs rw,soft,noauto 0 0

Now you can simply mount or un-mount the NFS server with the following commands:

$ sudo mount /mnt/nfs_pop
$ sudo umount /mnt/nfs_pop

There may be firewall rules in play that you will have to set or open.

Crossover

Get the most recent version of Crossover here:
https://www.codeweavers.com/crossover

Get the free trial and download to your machine.

Then install like this:

$ sudo apt install ./crossover_[version-number].deb

Before you attempt to run any bottle you will need to install this library:

$ sudo apt-get install liblcms2-2:i386

This will install a bunch of other dependencies as well.

Register the installation of CrossOver before you attempt to install anything.

To export a bottle from one machine to another, in this case Quicken, which is the only reason for running Crossover, do this:

  1. Open Crossover
  2. Right Click on the Quicken_Classic Bottle.
  3. Choose ‘Export Quicken_Classic to Archive’
  4. Choose a location to save it. It is a good idea to time stamp the file to not overwrite a previous working bottle export.
  5. On the new machine go to Menu > Bottle > Import Bottle Archive
  6. Browse to where you stored the archive, click it and click ‘Restore’.
  7. I get a message that CrossOver needs to install several Linux packages in order to run Windows applications. Click Yes. This will install a butt load of libraries and dependencies.
  8. You may actually think it is stuck but when it seems to stop doing something see if the ‘Continue’ button is active and if so, click it.
  9. The process will sit there for a bit acting like it is stuck. I let is sit for a few minutes then came back and x’ed out of where it was. Closed Crossover and started it again. It seems to have installed the bottle.
  10. Finally your bottle should be imported.
  11. Make your symlinks to your datafiles to your home directory because Crossover has issues with finding files that are deep.
  12. Crossover only needs your email address and login password to register. There is no serial number.

Surprisingly this was the first time importing a bottle worked flawlessly. This is a new version on new machine so maybe they worked the kinks out of it.

VueScan

Get the latest version here:
https://www.hamrick.com/alternate-versions.html

Install it and put you serial number and registration number in.

Profile

Modify your profile.

Edit ~/.bashrc and change

alias ll='ls -alF'

to

alias ll='ls -lF'

Set your $PATH to include ~/bin

# Set your path to inclue $HOME/bin
PATH="$HOME/bin:$PATH"

Save the file and then source it like this:

$ source ~/.bashrc

Additional Packages

Here’s a way you can see what packages you have on your old machine and compare to what you have on your new machine.

On the old machine do:

$ sudo apt list --installed | cut -f1 -d/ | sort > installed.[old-hostname]

Then on the new machine do:

$ sudo apt list --installed | cut -f1 -d/ | sort > installed.[new-hostname]

Then SCP the installed.[new-hostname] file to the old host and then compare them like this:

$ diff installed.gob installed.pop | grep ‘<‘

This will give you a list of packages that are installed on the old host but not on the new host. It turns out I had quite a few. Go thru the list and see what you need on the new.

The majority of the packages you find will probably be dependencies for some other package you installed. If you don’t know what a package is for you can easily check information about it with:

$ apt show [package-name]

The majority of the packages I found this way are libraries that are dependencies for other packages I have installed over time.

I found a few packages that I think are useful and should probably be installed:

$ sudo apt install gimp git nmap nmap-common traceroute ethtool ffmpeg guake steam sysstat

Install Spotify

Want to play your Spotify play lists? Install Spotify from the Software Manager. Just search for it and install it.

You should now be able to log into Spotify and play your music.

Mount Additional Drives

See this post Logical Volume on Nvme disk

Install Virtual Box

See this post to install Install VirtualBox 7.0 on Linux Mint 21.x or Linux Mint 22.x

Linux, Linux Mint, Sys Admin

SSH Keys

1 Comment Posted by on March 13, 2023

Scenario: You just installed your Linux Server now you want to be able to SSH to that server using your SSH Keys so you don’t have to authenticate via password each time.

Assumption: You have already created your public and private SSH Keys and now you want to copy the Public Key to the Server so you can authenticate with SSH Keys.

The utility we are going to use is ssh-copy-id. This will copy your current user’s public SSH Key to the remote host.

  1. Copy the public SSH Key to the remote host like this:
    $ ssh-copy-id -i ~/.ssh/id_rsa.pub [remote-host]
  2. You will be prompted to enter the password for the New Host. It will copy over your public ssh key from ~/.ssh/id_rsa.pub
  3. You should now be able to ssh to the remote host using keys as your authentication method instead of password.

Linux, Sys Admin ,

Install and Set Up Ubuntu 22.04 Server

Leave a comment Posted by on March 13, 2023

This page will walk through what I did to install Ubuntu 22.04 Server for use in my home network.

I’m installing it as a Virtual Machine using Virtual Box 7.0, but these instructions should be valid if you are installing on a Physical Machine as well which I will do once I have confirmed this is working the way I expect it to.

Virtual Machine Specs

The Virtual Machine Specs I set up for this are:

Memory4096 MB
Processor2 CPUs
Storage SATA Port 025 GB
NetworkBridged Adapter
Virtual Machine Specs

In VirtualBox 7.0 you can do what is called an Unattended Installation. I believe this is only available for certain Operating Systems but since I have not explored that option fully I am skipping it for now.

Follow these instructions to install Ubuntu 22.04 Server:

  1. Power on the Machine.
  2. When Presented with the GNU GRUB screen, select ‘Try or Install Ubuntu Server‘.
  3. Ubuntu starts the boot process.
  4. When Presented with a Language Selection Menu, select your language.
  5. Your keyboard configuration may already be selected for you. If not select your keyboard and then select ‘Done‘.
  6. Choose the Type of install. For this document I am going to choose ‘Ubuntu Server‘ and also select ‘Search for third-party drivers’.
  7. On the Network connections screen my network settings have been filled in automatically by DHCP. This is satisfactory for me so I choose ‘Done‘.
  8. On the Configure proxy screen you can choose to configure a proxy. This can be common in a corporate environment but in my case as my home network I don’t need to do this. Click ‘Done‘ when satisfied.
  9. On the Configure Ubuntu archive mirror screen you can safely click ‘Done‘ unless you know otherwise.
  10. On the Guided storage configuration screen I chose Use an entire disk and Set up this disk as an LVM Group. I did NOT encrypt. Select ‘Done‘.
  11. On the Storage configuration screen I accepted the summary and selected ‘Done‘.
  12. On the Confirm destructive action dialogue box I selected ‘Continue‘ since this is a new machine and I am confident I am not overwriting anything.
  13. On the Profile setup screen I typed my name, chose a server name, chose a user name and password then selected ‘Done‘.
  14. On the Upgrade to Ubuntu Pro screen select ‘Skip for now‘ then select ‘Continue‘.
  15. On the SSH Setup screen select ‘Install OpenSSH server’, then select ‘Done‘.
  16. On the Third-party drivers screen I see that “No applicable third-party drivers are available locally or online.” so I select ‘Continue‘.
  17. On the Featured Server Snaps screen I’m leaving it all blank. This document is about installing Ubuntu and not about snaps so I may do another document on that later. Select ‘Done‘.
  18. You will see a message that it is installing the system and then security updates. When it is ready you will be able to select ‘Reboot Now‘.
  19. Once you have rebooted you should be given a login prompt. You can now login with the user you created.
  20. When you login you will get some statistics about the system, one of which is the IP address. You can use that IP address to ssh to the host now and do some of the other things outlined in this document.

Additional Resources

Here are additional resources that will be useful in configuring your server.

How To Sudo without password
SSH Keys

Additional Useful Tools

Install additional packages:

$ sudo apt install members
$ sudo apt install net-tools

Additional Pages to review

How to Install and Configure an NFS Server on Ubuntu 22.04

How to Install and Configure an NFS Server on Ubuntu 22.04

How to Install a Desktop (GUI) on an Ubuntu Server

https://phoenixnap.com/kb/how-to-install-a-gui-on-ubuntu

Sys Admin, ubuntu , ,

How To Sudo without password

1 Comment Posted by on March 13, 2023

Scenario: You just installed your Lunux Server and you are the only person using the server and you want to sudo without having to type your password all the time. This How To will show you one way of accomplishing that task.

This How To assumes you are a member of the sudo group.

  1. Check to see if you are a member of the sudo group:
    $ id
    You should see a list of all the groups you are a member of.
  2. Edit the /etc/sudoers file:
    $ sudo visudo
    This will open the the /etc/sudoers file with the default editor.
  3. There will be a line that looks like this:
    %sudo ALL=(ALL:ALL) ALL
  4. Comment out that line and replace it with a line that looks like this:
    %sudo ALL=(ALL) NOPASSWD: ALL
  5. Save the file.

You should now be able to sudo without being prompted for your password every time.

Linux, Sys Admin , ,

Install VirtualBox 7.0 on Linux Mint 21.x or Linux Mint 22.x

1 Comment Posted by on March 11, 2023

This is what I did to install VirtualBox 7.0 on my new Linux Mint 21.x workstation.
Also done the same procedure on Linux Mint 22.x.

See the VirtualBox Wiki for the deets on VirtualBox 7.0

  1. Ensure your system has been updated:
    $ sudo apt update && sudo apt upgrade -y
  2. Download the VirtualBox GPG Keys:
    $ curl https://www.virtualbox.org/download/oracle_vbox_2016.asc | gpg --dearmor > oracle_vbox_2016.gpg
    $ curl https://www.virtualbox.org/download/oracle_vbox.asc | gpg --dearmor > oracle_vbox.gpg
  3. Import the VirtualBox GPG Keys:
    $ sudo install -o root -g root -m 644 oracle_vbox_2016.gpg /etc/apt/trusted.gpg.d/
    $ sudo install -o root -g root -m 644 oracle_vbox.gpg /etc/apt/trusted.gpg.d/
  4. There does not appear to be an official repository for Linux Mint, but Linux Mint 21.x is derived from Ubuntu 22.04 which is code named ‘Jammy’.
    Linux Mint 22.x is derived from Ubuntu 24.04 which is code named ‘Noble’.
    Add the ‘Jammy’ or ‘Noble’ VirtualBox Repository to the system.:
    $ echo "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian \
    jammy contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
    $ echo "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian \
    noble contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
  5. Update the Repositories:
    $ sudo apt update
  6. Install Linux Headers:
    $ sudo apt install linux-headers-$(uname -r) dkms
  7. Install VirtualBox 7.0:
    $ sudo apt install virtualbox-7.0
    Or install VirtualBox 7.1:
    $ sudo apt install virtualbox-7.1
  8. Download the VirtualBox Extension Pack:
    $ cd ~/Downloads
    $ VER=$(curl -s https://download.virtualbox.org/virtualbox/LATEST.TXT)
    $ wget https://download.virtualbox.org/virtualbox/$VER/Oracle_VM_VirtualBox_Extension_Pack-$VER.vbox-extpack
  9. Install the Extension Pack:
    $ sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-*.vbox-extpack
  10. You will be prompted to accept license terms. Do so and the Extension Pack will get installed.
  11. You can now launch VirtualBox from the Desktop menu.
Linux Mint, Sys Admin ,

Linux Mint 21.x

Leave a comment Posted by on January 3, 2023

These are my notes on configuring Linux Mint 21.x.

Linux Mint 21.x is based on Ubuntu 22.04.

If you find this and think it is useful, leave a comment and say what you like or don’t like. Keep in mind these are my own notes and are not intended to be a HowTo for the general public.

This installation was done on an Dell Optiplex 7050. I’m also installing on Oracle Virtual Box so I will add some additional steps for that which will be noted as extra steps for Virtual Box.

Disable Secure Boot

I configured the Dell BIOS to have Secure Boot Disabled. It is possible to install this and have Secure Boot Enabled but for my purposes this is simply a hassle that I don’t need and the benefits are negligible for a home computer.

Install Linux Mint 21.x.

As of this writing it is Mint 21.1. I may update these instructions as newer versions come out. Without going into lots of detail on how to install Linux Mint which has been covered in many other HowTos I am just focusing on what I do to configure it to my liking. I am installing on a fresh new disk. I did install multimedia codecs. If you have turned off Secure Boot as mentioned earlier you will not have any additional prompts in this area.

I did select Advanced Features in the Installation Type window and selected to use LVM with the new installation. I did choose to erase disk because this is a new disk and a fresh install. I did choose to encrypt my home directory. Maybe not? Testing without encrypting.

The installation is pretty straight forward and not complicated.

Up and Running

Virtual Box Guest Additions

For Virtual Box Virtual Machine you will need to install Guest Additions

  1. Click Devices
  2. Insert Guest Additions CD image
  3. Click ‘Run’
  4. Type your password

This will install guest additions and allow you to resize your screen on the fly.

First Steps

When you first run Mint you will get a Welcome Screen. On the left click First Steps.

Panel Layout. I like Traditional Panel Layout.

Launch the Update Manager and update everything. You may need to reboot at this point.

Launch Driver Manager and see if you need any drivers. I did not need any.

I’ll talk about System Snapshots a little later.

I will address Firewall a little later as well.

The other items on First Steps are pretty much self explanatory.

Firmware

I get a message when I did the updates that the firmware was outdated. I was able to resolve the issue by doing the following:

$ sudo apt install fwupd
$ fwupdmgr get-updates
$ fwupdmgr update

Then follow the prompts to update. The system will reboot and do the updates then reboot again.

Synergy

I’m putting Synergy first. For me it makes it easier to set up my new machine alongside my old one and use the single keyboard and mouse. That way I don’t have to switch back and forth on the keyboard.

Linux Mint 21 is based on Ubuntu 22.04 LTS. See: https://en.wikipedia.org/wiki/Linux_Mint

Go to https://symless.com/account and sign in. Go to the download page and get the package for Synergy 1. Synergy 2 is no longer supported and is not backwards compatible. Synergy 3 is in beta if interested. Download the Ubuntu 22 package and save it to ~/Downloads.

Install it on both the Server and Client computer. Make sure the same version is on both computers.:

$ cd ~/Downloads
$ sudo apt install ./synergy_1.14.6-snapshot.88fdd263_ubuntu22_amd64.deb

Now from the desktop menu select Synergy and run it.

  • You will be prompted to name the computer. If your computer already has a name then it will suggest the name for you. Click ‘Apply’.
  • You will be prompted to enter your serial key. This can be found on the Account page on the Synergy web site.
  • You will be prompted to select to either ‘Use this computer’s keyboard and mouse…’ or ‘Use another computer’s keyboard and mouse…’. In this case I am using another computer’s keyboard and mouse. Select the appropriate response.
  • Type in the IP address of the Server. Click ‘Connect’
  • You will get a ‘Security Question’ about the Server’s fingerprint. Read that and click ‘Yes’.
  • On the Server side you need to click the ‘Configure Server’ button to configure the layout.
  • If you run into trouble you should go into preferences and un-check ‘Enable TLS encryption’ on both Server and Client and get it working without TLS. Then once it is working switch to TLS.
  • From the new computer’s startup menu find ‘Startup Application’ and add Synergy to startup list. I’ve added a startup delay of about 30 seconds.
  • Once you have everything working correctly you should go to Preferences in both Server and Client and click both ‘Hide on startup’ and ‘Minimize to system tray’. Now you can minimize and not have it open in your task bar.

Synergy 3

Synergy 3 has been released. I’m adding this section to test to see if it is worth trying.

Go to https://symless.com/account and sign in. Go to the download page and get the package for Synergy 3. Download the Ubuntu 22 package and save it to ~/Downloads.

Install it on both the Server and Client computer. Make sure the same version is on both computers.:

$ cd ~/Downloads
$ sudo apt install ./synergy-linux_x64-libssl3-v3.0.80.1-rc3.deb

There were some warnings with the installation. I’m not real sure on if they are significant. Now from the desktop menu select Synergy and run it. This opens a splash screen that says it is Synergy 3 RC3.

Click the second method that says “Offline serial key”.
You will be prompted to enter your Serial Key. Copy and paste here then click ‘Log in’ button.
On the next secreen, name the Computer and click Next.
It will now show a layout screen where multiple computers are. You will need a second Computer running the same version for this to work.
Arrange the screens so they are positioned the way you want them.
Once you have the computers the way you want you should be able to click “Done” which is in a text box at the top of this screen.

Sudoers

Edit the /etc/sudoers file so you don’t have to put your password in each time:

$ sudo visudo

There will be a line that looks like this:

%sudo ALL=(ALL:ALL) ALL

Comment out that line and make it look like this:

%sudo ALL=(ALL) NOPASSWD: ALL

Now when you use sudo you will not have to enter your password.

Install OpenSSH Server

Install SSH Server so you can ssh to the host:

$ sudo apt install openssh-server -y

Test ssh to the new host. You may during this process encounter an error regarding an “Offending ECDSA key in ~/.ssh/known_hosts”. This is easily resolved by deleting the referenced line in ~/.ssh/known_hosts.

I’ve also experienced an issue where when attempting to ssh to this new host via name it does not work. SSH via IP address does work. DNS resolution is correct. I even have the host in /etc/hosts. No dice.

I was finally able to resolve the issue by putting an entry into the ssh config file on my SSH from host in the ~/.ssh/config.d/LocalHosts.conf file. The entry in this file looks like this:

Host pop
  Hostname 192.168.20.34
  ForwardX11 yes
  ForwardX11Trusted yes

This seems to have solved the problem. I suspect I have some other conflicting entry in my ssh config files that are preventing this, but I can’t find it.

SSH Keys:

Now that you can ssh to your new host you will want to be able to ssh using your ssh key instead of password. From the remote host do this:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub [newhostname]

You will be prompted to enter the password for the New Host. It will copy over your public ssh key from ~/.ssh/id_rsa.pub. This assumes your public ssh key is indeed ~/.ssh/id_rsa.pub.

You should be able to ssh to the new host now without entering your password.

(Optional) Now copy all the ~/.ssh directory contents from your old host into this new host so you have the keys, the known hosts and authorized keys files from your user on the old host and now have them on your new host.

From the old host:

$ cd ~/.ssh
$ scp -r * [new-host-name]:~/.ssh

Hosts file:

Copy the Home Network section of your /etc/hosts file from the old host to the /etc/hosts file on the new host

Dropbox

Install Dropbox and python3-gpg packages

$ sudo apt install dropbox python3-gpg

Then go to start menu and find Dropbox and run it.

You will get a message that says in order to use Dropbox you must download the proprietary daemon. Click OK

A Web Page will pop up where you enter your credentials. Do so. You can now open the DropBox client in the toolbar.

Install KeepassXC

Keepass XC is the greatest Password Safe in my humble opinion.

Install it:

$ sudo apt install keepassxc -y

Install Chrome

You’ll need Chrome as well

Go to https://www.google.com/chrome/

Click the Download Chrome button. Mine automatically downloaded into ~/Downloads. The 64 bit version was automatically selected.

Install it like this:

$ cd ~/Downloads
$ sudo apt install ./google-chrome-stable_current_amd64.deb

This will automatically install a repository as well for future updates.

Install Signal

Go to https://signal.org/en/download/
Click on Download for Linux and follow the instructions that pop up.

After you install Signal edit the startup line in /usr/share/applications/signal-desktop.desktop to look like this:

Exec=/opt/Signal/signal-desktop --use-tray-icon --no-sandbox %U

Additional Software

There are other software packages I need. I’ll do them one at a time because I don’t want to confuse error message between one package or another:

$ sudo apt install kwrite -y
$ sudo apt install kate -y
$ sudo apt install terminator -y
$ sudo apt install sshuttle -y
$ sudo apt install vim -y
$ sudo apt install sshpass -y
$ sudo apt install nfs-common -y
$ sudo apt install gparted -y
$ sudo apt install imagemagick -y
$ sudo apt install whois -y
$ sudo apt install lsscsi -y

Mount NFS Share

Create a mount point:

$ cd ~
$ mkdir -p mnt/[nfs-server-host-name]

Edit /etc/fstab and add these lines:

# External Mounts
[nfs-server-host-name]:[path-to-nfs-export] /home/[your-user]/mnt/[nfs-server-host-name] nfs rw,soft,noauto 0 0

Edit /etc/hosts and add the IP address of Serenity.

Then mount the NFS share:

$ sudo mount [nfs-server-host-name]:[path-to-nfs-export]

You will need to modify the firewall rule on the NFS server to allow connections from your new host before this will work.
https://squoggle.wordpress.com/2020/05/04/iptables/

Mount External Hard Drive

See what device your External USB device shows up as:

$ lsscsi
[0:0:0:0] disk ATA Samsung SSD 860 4B6Q /dev/sda
[1:0:0:0] cd/dvd HL-DT-ST DVD+-RW GU90N A1C2 /dev/sr0
[4:0:0:0] disk WD Elements 25A1 1018 /dev/sdb

In my case it shows up as /dev/sdb
Edit your /etc/fstab file and make an entry like this:

# Western Digital Elements Backup Drive
/dev/sdb1    /home/mac/mnt/WD    ntfs    rw,relatime,user_id=0,group_id=0,allow_other   0 0

Create a mount point for the External Hard Drive

$ mkdir -p ~/mnt/WD

Then mount

$ sudo mount -a

Something else here.

Install Slack:

Go to https://slack.com/downloads/linux
Download the .deb 64 bit package into your ~/Downloads directory.
Then install it:

$ cd ~/Downloads
$ sudo apt install ./slack-desktop-4.29.149-amd64.deb

Crossover

Get the most recent version of Crossover here:
https://www.codeweavers.com/crossover

Get the free trial and download to your machine.

Then install like this:

$ sudo apt install ./crossover_[version-number].deb

Before you attempt to run any bottle you will need to install this library:

$ sudo apt-get install liblcms2-2:i386

This will install a bunch of other dependencies as well.

To export a bottle from one machine to another, in this case Quicken, which is the only reason for running Crossover, do this:

  1. Open Crossover
  2. Right Click on the Quicken Bottle.
  3. Choose ‘Export Quicken 2017 to Archive’
  4. Choose a location to save it. It is a good idea to time stamp the file to not overwrite a previous working bottle export.
  5. On the new machine go to Menu > Bottle > Import Bottle Archive
  6. Browse to where you stored the archive, click it and click ‘Restore’.
  7. I get a message that CrossOver needs to install several Linux packages in order to run Windows applications. Click Yes. This will install a butt load of libraries and dependencies.
  8. You may actually think it is stuck but when it seems to stop doing something see if the ‘Continue’ button is active and if so, click it.
  9. The process will sit there for a bit acting like it is stuck. Just be patient.
  10. Finally your bottle should be imported.
  11. Make your symlinks to your datafiles to your home directory because Crossover has issues with finding files that are deep.
  12. Crossover only needs your email address and login password to register. There is no serial number.

Surprisingly this was the first time importing a bottle worked flawlessly. This is a new version on new machine so maybe they worked the kinks out of it.

VueScan

Get the latest version here:

https://www.hamrick.com/alternate-versions.html

Profile

Modify your profile.

Edit ~/.bashrc and change

alias ll='ls -alF'

to

alias ll='ls -lF'

Set your $PATH to include ~/bin

# Set your path to inclue $HOME/bin
PATH="$HOME/bin:$PATH"

Save the file and then source it like this:

$ source ~/.bashrc

Additional Packages

Here’s a way you can see what packages you have on your old machine and compare to what you have on your new machine.

On the old machine do:

$ sudo apt list --installed | cut -f1 -d/ | sort > installed.[old-hostname]

Then on the new machine do:

$ sudo apt list --installed | cut -f1 -d/ | sort > installed.[new-hostname]

Then SCP the installed.[new-hostname] file to the old host and then compare them like this:

$ diff installed.gob installed.pop | grep ‘<‘

This will give you a list of packages that are installed on the old host but not on the new host. It turns out I had quite a few. Go thru the list and see what you need on the new.

The majority of the packages you find will probably be dependencies for some other package you installed. If you don’t know what a package is for you can easily check information about it with:

$ apt show [package-name]

The majority of the packages I found this way are libraries that are dependencies for other packages I have installed over time.

I found a few packages that I think are useful and should probably be installed:

alien
gimp
gparted
git
mlocate
nmap
traceroute

This is a short list of many.

Other Must See Pages

At this point you should be up and running and ready to work. However there are a lot more things that I typically use on a day to day basis when using Linux Mint.

This list is not an extensive list but may be of help:

Install VirtualBox 7.0 on Linux Mint 21.x

Key Store Explorer

Installing ZenMap in UBUNTU 22.04

How to Install Zenmap on Ubuntu 22.04

How to install Proton VPN on Linux Mint

How to use the Proton VPN Linux app

Install JetBrains Toolbox App Then use the Toolbox to install PyCharm and DataGrip


Linux Mint, Sys Admin

Online Certificate Status Protocol (OCSP)

Leave a comment Posted by on December 15, 2022

Online Certificate Status Protocol (OCSP) is an alternative method to Certificate Revocation Lists (CRLs) used to check the validity of digital certificates in a public key infrastructure (PKI).

When a user encounters a digital certificate, their software can use OCSP to send a request to the certificate authority (CA) to check the current status of the certificate. The CA responds to the request with one of three responses: “good”, “revoked”, or “unknown”.

If the response is “good”, the user’s software can proceed with the transaction or access to the resource protected by the certificate. If the response is “revoked”, the software rejects the certificate as invalid. If the response is “unknown”, the software may require additional steps to verify the validity of the certificate.

Unlike CRLs, which can become large and unwieldy as the number of revoked certificates increases, OCSP allows for more efficient and timely checking of individual certificates. However, it requires a constant connection to the CA to receive real-time status updates and can be subject to performance and privacy concerns.

The Good about OCSP

  • Real-time validation: OCSP provides real-time validation of certificates, so users can immediately determine whether a certificate is valid or not.
  • Smaller and more efficient: OCSP responses are typically smaller and more efficient than certificate revocation lists (CRLs), especially for large PKIs with many revoked certificates.
  • Reduced latency: OCSP can reduce latency by eliminating the need for users to download and parse large CRL files.
  • More privacy-friendly: OCSP can be more privacy-friendly than CRLs, as it doesn’t require users to download a complete list of revoked certificates and associated information.

The Bad about OCSP

  • Increased network traffic: OCSP requires users to contact the certificate authority (CA) server each time a certificate is validated, which can increase network traffic and cause performance issues.
  • Single point of failure: OCSP relies on a single CA server for validation, so if the server goes down or experiences issues, users may be unable to validate certificates.
  • Reduced reliability: OCSP may be less reliable than CRLs in certain situations, such as when there are issues with the CA’s OCSP server or network connectivity.
  • Potential privacy concerns: While OCSP can be more privacy-friendly than CRLs, it still allows the CA to track which certificates are being validated and when, which may be a concern for some users.

Check the OCSP status of a Certificate

You can check an Online Certificate Status Protocol (OCSP) response with OpenSSL using the openssl ocsp command. Here is an example command:

openssl ocsp -issuer issuer_cert.pem -cert certificate.pem -url http://ocsp.server.com -text

This command checks the status of the certificate in certificate.pem by sending an OCSP request to the server at http://ocsp.server.com. The issuer_cert.pem file is the certificate of the issuer that signed the certificate.pem file. The -text option displays the response in human-readable text.

After running the command, you will receive an OCSP response that includes the status of the certificate. If the status is “good”, the certificate is valid. If the status is “revoked”, the certificate has been revoked by the issuer. If the status is “unknown”, the server was unable to provide a definitive response for the certificate.

Get the Certificate from a Site:

Lets use google.com as an example.

Get the Certificate for google.com and save it to a file named certificate.pem:

openssl s_client -connect google.com:443 -showcerts /dev/null | sed -n '/Certificate/,/-----END CERTIFICATE-----/p' | tail -n +3 > certificate.pem

Get the Issuing Cert from a Site:

Get the issuing certificate for google.com and save it to a file named issuer.pem:

openssl s_client -connect google.com:443 -showcerts /dev/null | sed -n '/1 s:/,/-----END CERTIFICATE-----/p' | tail -n +3 > issuer.pem

Extract the OCSP URL from the Certificate:

Use OpenSSL to get the OCSP URL from the Certificate and save it to a variable name ocspurl:

ocspurl=$(openssl x509 -in certificate.pem -noout -text | grep "OCSP" | cut -f2,3 -d:)

Test the OCSP Status of the Certificate:

Check the status of the OCSP status of the certificate using the ocsp flag to OpenSSL like this:

openssl ocsp -issuer issuer.pem -cert certificate.pem -url $ocspurl -text

You should get a response that looks something like this:

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: 12D78B402C356206FA827F8ED8922411B4ACF504
          Issuer Key Hash: A5CE37EAEBB0750E946788B445FAD9241087961F
          Serial Number: 0CD04791FC985ABB27E20A42A232FDF5
    Request Extensions:
        OCSP Nonce: 
            0410CD24FED402FF2B1D2331485C81AD1C21
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: A5CE37EAEBB0750E946788B445FAD9241087961F
    Produced At: Apr 26 00:54:27 2023 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: 12D78B402C356206FA827F8ED8922411B4ACF504
      Issuer Key Hash: A5CE37EAEBB0750E946788B445FAD9241087961F
      Serial Number: 0CD04791FC985ABB27E20A42A232FDF5
    Cert Status: good
    This Update: Apr 26 00:39:01 2023 GMT
    Next Update: May  2 23:54:01 2023 GMT

    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:20:45:c2:eb:e2:54:23:2a:c5:49:47:c2:f0:0b:cf:
         8d:06:6d:17:62:26:2e:4a:ba:8e:cd:61:bf:dd:af:e8:ea:cb:
         02:21:00:94:bd:5c:33:e7:ac:20:50:d4:15:45:9e:d8:8d:75:
         1a:fb:c5:95:5f:11:c7:b2:88:47:0a:5b:56:d0:3c:89:b5
WARNING: no nonce in response
Response verify OK
certificate.pem: good
	This Update: Apr 26 00:39:01 2023 GMT
	Next Update: May  2 23:54:01 2023 GMT

OpenSSL OCSP Commands Documentation

Online Certificate Status Protocol command

https://www.openssl.org/docs/man3.0/man1/openssl-ocsp.html

Linux, SSL/TLS/OpenSSL, Sys Admin , , ,

Older posts