jump to navigation

Google Authenticator without a phone March 20, 2013

Posted by Rich in linux.
add a comment

I’m a fan of Google Authenticator and have it enabled for my Google accounts and use the Android app. However, I have downgraded phones temporarily and no longer have access to my Android phone. But I don’t want to disable Google Authenticator on my accounts just because my phone can’t run a GAuth client.

So I decided to use a desktop client instead. The wikipedia page has some clients, and this simple Java one looks like it will be good for my needs. I haven’t tried it yet, but in order for it to work, it needs my secret key. I could regenerate a new one, but where’s the fun in that?

Although I don’t have my Android phone, I have the SD card and a nandroid backup. From this backup, I can recover the secret key. I followed this very helpful blog post, and here are the commands I used:

  1. Mount the sdcard: pmount /dev/mmcblk0p1
  2. Extract the data directory for Google Authenticator into my current directory: tar xf /media/mmcblk0p1/clockworkmod/backup/2013-03-18.23.39.29_full_visioneng4.2.2JDQ39/data.ext4.tar data/data/com.google.android.apps.authenticator2/
  3. Change to the app’s databases directory: cd data/data/com.google.android.apps.authenticator2/databases/
  4. Open up the sqlite database: sqlite3 ./databases
  5. Display the account information:sqlite> select * from accounts;
    1|me@gmail.com|fe3k4jxozpj3lcl3|0|0|0

And there is my secret key, after the email address as a BASE32-encoded 16-character string. (Names and keys have been changed to protect the innocent.)

Configuring Arch Linux on a Thinkpad T420 August 21, 2012

Posted by Rich in laptop, linux.
Tags: , ,
2 comments

Configuring Arch Linux on a Thinkpad T420

This is a follow-on post to last time where I did a basic install of Arch linux on my Thinkpad T420.

The default Arch installation is very bare-bones, so there are several steps to getting it configured properly, such as adding a user, installing X11, and so on. Here are the T420-specific steps and notes I took to get it configured properly:

Basics

  • Install intel-ucode for latest CPU microcode, add to MODULES in /etc/rc.conf
  • While KMS is already enabled, we can enable it earlier in the boot process by adding i915 to MODULES in /etc/mkinitcpio.conf and re-generating the initcpio file
  • Increase the GRUB boot screen resolution by changing GRUB_GFXMODE in /etc/default/grub to 1024x768x32, then grub-mkconfig -o /boot/grub/grub.conf
  • Add repo-ck, install linux-ck-corex kernel, enable BFQ I/O scheduler by adding it to /etc/default/grub, and regenerate /boot/grub/grub.cfg to add the new kernel
  • Install ssmtp and forward system mail to my gmail account. Add the normal user to the mail group.

Multimedia

  • For alsa: install alsa-utils and use alsamixer to unmute and speaker-test to test sound, add alsa to DAEMONS in /etc/rc.conf
  • Disable PC speaker beep (didn’t happen until I unmuted ALSA) by blacklisting the pcspkr module
  • Bluetooth: install bluez, blueman. I finally got my pair of bluetooth headphones working by adding Enable=Socket and Enable=Source to /etc/bluetooth/audio.conf

GUI stuff

  • After installing Xorg, install the Xorg Intel driver: xf86-video-intel, and enable SNA, I also installed lib32-intel-dri for accelerating 32-bit applications. I found later that if I enable the "TearFree" option then xrandr doesn’t work for multiple displays properly except for mirroring.
  • Installed mplayer-vaapi, gstreamer-vaapi, and libva-driver-intel. Now running mplayer file.avi -vo vaapi gives hardware-accelerated decoding.
  • There’s a Thinkpad OSD available as tpb, but it’s really old and xfce (the DE I use) has a built-in OSD for brightness changes. So I won’t bother with it, but it’d be nice to have an OSD for volume changes someday.

Power management

  • Suspend-to-RAM (S3 sleep) works out of the box. I can even have mpd playing and suspend/resume is fine.
  • Hibernate (S5 sleep) does not work out-of-the-box, but it does after I add resume to /etc/mkinitcpio.conf between lvm2 and filesystems
  • Installed gnome-power-manager for the handy tool gnome-power-statistics
  • One feature that I like about Windows 7 is that after your laptop has been in sleep for some time, it wakes up and goes into hibernation. I found a script that does a similar thing using rtcwake.
  • I don’t think it takes a lot of power, but it’d be nice to disable the Ultrabay DVD drive on battery, since I rarely use it (especially on battery). laptop-mode-tools doesn’t seem to support this, but I found in /sys/devices/platform/dock.1 some good stuff. docked is normally set to 1, indicating that it’s docked. If I write 1 to undock then docked changes to 0. If I hit the eject button then it takes a couple of seconds longer to eject. So I think this shuts power off to the drive, and power is re-connected by hitting the eject button. This matches behavior under Windows 7. For now, I’m not going to bother with automatically shutting down the drive every time I’m on battery, but I could do this in the future.
  • Installed tp_smapi, pm-utils, acpi, powertop, acpid
  • The start_charge_thresh parameter for tm_smapi isn’t supported on the T420, but the AUR package tcacpi-bat fixes this. There are instructions here. Note that I need to specify battery 1, I can’t do battery 0 (both). As directed in the link, I add the lines to /etc/rc.local to set the thresholds upon boot-up, although it’s only needed whenever I remove/reinsert the battery.
  • Installed cpupower, and I don’t need to worry about any configuration stuff since the ondemand governor is automatically loaded for linux > 3.4
  • Installed laptop-mode-tools, sdparm
  • In configuring laptop-mode-tools, I changed lcd-brightness.conf so laptop-mode controls it and changed BRIGHTNESS_OUTPUT to /sys/class/backlight/acpi_video0/brightness, and set battery/AC values to 8/15 (out of 15 maximum levels).

Input

  • Installed synaptics as detailed here. One hiccup is that I like both edge scrolling AND two-finger scrolling, and the xfce settings only let you choose one or the other. Furthermore, if you enable both in /etc/X11/xorg.conf.d/10-synaptics.conf, that works fine until XFCE loads and overwrites your setting. So I added an XCE autostart script to call synclient VertEdgeScroll=1; synclient HorizEdgeScroll=1.
  • The power button is not detected with xfce4. It’s not a big deal.
  • I like to disable the touchpad (mainly the buttons, since it’s on the edge of the laptop and I accidentally click these if I’m resting the laptop on my stomach), so I follow these to enable the toggle button. Instead of using xbindkeys, I used the xfce4 keyboard handler to call a one-liner script in my home directory to toggle the touchpad. I call it by using Fn+F8, the trackpad enable/disable button.

Thinkpad-specific features

  • Installed hdapsd, hdaps-gl, xfce4-hdaps, set hdaps sensitivity to 35
  • Installed thinkfan and added a configuration similar to this one. I tweaked the thresholds a bit. Also, as indicated here, the thinkpad_acpi module needs an option to enable control of the fan speeds.
  • I added some kernel parameters here. I apparently don’t need the pcie_aspm=force argument since I’m running a kernel newer than 3.3. I haven’t compared power usage with and without these arguments, so I’m just keeping them for now.

Conclusion

I’d like to try switching to systemd in the near future, but these notes have gotten me up and running quite well.

Installing Arch Linux on a Thinkpad T420 with system encryption July 22, 2012

Posted by Rich in laptop, linux.
Tags: , , , ,
7 comments

I completed a basic install of Arch Linux over the weekend on my new Thinkpad T420. As mentioned in my previous post, I converted to UEFI mode and partitioned the hard drive in GPT format. I wanted to install Arch Linux for UEFI/GPT while using full system encryption using LUKS. Since it took a few tries to get all of the steps right, I’m posting what I did here in tutorial form.

Note: be wary of copying-and-pasting my commands for your configuration, since my drive letters and such won’t necessarily be typical.

The 2011-08-19 Arch installation media is rather out-of-date, so I elected to choose a more recent testing ISO. Word on the mailing lists indicates that they’ll release an updated official installation ISO soonish, but I don’t have the patience to wait for that. So, I used the one here and downloaded this iso. For BIOS systems, it’s easy to copy the ISO to a USB flash drive for installation purposes by doing something like dd if=archlinux.iso of=/dev/sdb bs=4M. A UEFI system requires a bit more than this. So, as per this README, I performed the following steps to get my USB media bootable for UEFI:

  1. Install gptfdisk on my desktop to get access to GPT partitioning utilities
  2. Create a GPT setup on the USB drive: sudo gdisk /dev/sdc, then o to create a blank GPT, n to create a new partition. I used the default size (whole disk) and set the type to ef00, an EFI system partition. I checked that it looks right with p to print the partition table, then w to write and quit.
  3. Create a FAT32 filesystem: sudo mkfs.vfat -F 32 -n ARCH_201207 /dev/sdc1 Note: It’s important that the EFI FAT32 partition is named ARCH_201207 otherwise the installer fails to boot.
  4. Mount the new filesystem: sudo mount /dev/sdc1 /media/sdc1 or pmount /dev/sdc1 if you use pmount
  5. Extract the ISO to the filesystem: bsdtar -x --exclude=isolinux/ --exclude=arch/boot/syslinux/ -f ~/Downloads/archlinux-2012.07.21_04-00-02-netinstall-dual.iso -C /media/sdc1
  6. Extract the contents of the EFI boot image: mcopy -s -i /media/sdc1/EFI/archiso/efiboot.img ::/EFI /media/sdc1/
  7. Remove the unneeded boot image: rm /media/sdc1/EFI/archiso/efiboot.img
  8. Unmount the USB: umount /media/sdc1 or pumount /dev/sdc1

And now the USB installation media is ready and we’re ready to boot.

Once booted into the Arch installation environment, the first thing to do is set up dm-crypt with LUKS. I’m using this page as my reference for this step. This is what I did:

  1. Create the boot partition: I used cgdisk /dev/sda to create a new partition. The boot partition doesn’t have to be big, so I opted for a 128 MiB partition with GPT partition type 8300, a Linux filesystem partition. GPT lets you use fancy partition names, so I opted for Arch boot partition. With the three previous partitions for Windows 7, this means that /dev/sda4 is my boot partition.

  2. Create the LUKS partition in the remaining free space of the disk: Still in cgdisk /dev/sda, I created a partition to fill the rest of the disk. I couldn’t find anything online to indicate what partition type/GUID to set, so I used 8e00, Linux LVM. I named the partition Arch Linux LUKS partition. This partition is now /dev/sda5.

  3. Securely erase the LUKS partition by filling it with random data: badblocks -c 10240 -wvst random /dev/sda5. This took a couple hours, but is much faster than using /dev/random or /dev/urandom as an input to dd.

  4. Setup dm-crypt/LUKS: It’s possible to use a keyfile and/or a passphrase. I opted for the passphrase only and the cipher suggested by the wiki page I’m following. The command is cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda5

  5. Unlock the LUKS partition so we can install Arch on it: cryptsetup luksOpen /dev/sda5 arch-luks. Now the unlocked LUKS partition is accessed using device-mapper, /dev/mapper/arch-luks

  6. Now to create the LVM partitions. With a 238 GiB volume group, I opted for the following:

    • 15 GiB for the root partition
    • 8 GiB for the var partition
    • 4 GiB for the swap partition (I have 8 GiB RAM, so will probably never need swap, but I want hibernation support. Apparently the RAM is compressed before saving in the swap partition upon hibernation, so 40% of RAM should be sufficient). If I need to adjust, I can do so later.)
    • 200 GiB for the home partition
    • This leaves 11 GiB un-allocated. If/when I need it in the future to extend any of the three above partitions, then I can do so with some LVM and ext4 resizing magic.

    Here are the steps to create the LVM partitions:

    1. Initialize the LUKS partition to be an LVM physical volume: pvcreate /dev/mapper/arch-luks, check with pvdisplay
    2. Add this LVM physical volume to a volume group: vgcreate amonkira_lvm /dev/mapper/arch-luks, check with vgdisplay. I named the volume group amonkira_lvm, which is used later on.
    3. Create the logical volumes from the volume group: lvcreate -L 15G amonkira_lvm -n root, lvcreate -L 8G amonkira_lvm -n var, lvcreate -C y -L 4G amonkira_lvm -n swap, lvcreate -L 200G amonkira_lvm -n home. The LVM physical extents making up the swap partition are forced to be contiguous with -C y, whereas we aren’t so picky about the other volumes. We can check the logical volumes with lvdisplay. The logical volumes are accessed in /dev/mapper/<volume_group_name>-<volume_name> or /dev/<volume_group_name>/<volume_name>.
  7. Now we’re ready to format the partitions. I used ext4 for the non-boot partitions and added optional filesystem labels. I now have GPT partition names, LVM logical volume names, and filesystem labels.

    • Boot partition: This is not on LVM, so it’s mkfs.ext2 -L arch-boot /dev/sda4
    • / partition: mkfs.ext4 -L arch-root /dev/amonkira_lvm/root
    • /home partition: mkfs.ext4 -L arch-home /dev/amonkira_lvm/home
    • /var partition: mkfs.ext4 -L arch-var /dev/amonkira_lvm/var
    • Swap partition: mkswap -L arch-swap /dev/amonkira_lvm/swap

    I reduce or eliminate the number of reserved blocks for the filesystems (it’s 5% by default):

    • tune2fs -m 1.0 /dev/amonkira_lvm/root
    • tune2fs -m 1.0 /dev/amonkira_lvm/var
    • tune2fs -m 0.0 /dev/amonkira_lvm/home
  8. Now we have all of our partitions ready and can continue with the installation. Mount the partitions under /mnt for arch-install-scripts (these aren’t all strictly needed for installation, but it will make generating /etc/fstab easier later on):

    1. mount /dev/amonkira_lvm/root /mnt
    2. mkdir /mnt/var && mount /dev/amonkira_lvm/var /mnt/var
    3. mkdir /mnt/home && mount /dev/amonkira_lvm/home /mnt/home
    4. mkdir /mnt/boot && mount /dev/sda4 /mnt/boot
    5. swapon /dev/amonkira_lvm/swap
  9. Since this is a netinstall, I need to be connected to the Internet. I’ll bring up the wireless interface and connect to a WPA2 network using wpa_supplicant:

    1. My wireless drivers were working out-of-the-box, as confirmed with iwconfig
    2. Bring up the interface with ip link set wlan0 up
    3. Save old wpa_supplicant config: mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.original
    4. Add network name/password to new config: wpa_passphrase linksys "my_secret_passkey" > /etc/wpa_supplicant.conf
    5. Load wpa_supplicant to associate with the network: wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf
    6. Request an IP address: dhcpcd wlan0
    7. Test connection: ping -c 3 http://www.google.com
  10. Install the base system: pacstrap /mnt base base-devel

  11. Install the boot loader: I’m going to install GRUB2, even though I could use the EFISTUB method to bypass GRUB entirely. Maybe I’ll switch to EFISTUB booting another day.

    1. Mount the UEFI system partition: mkdir /mnt/boot/efi && mount -t vfat /dev/sda1 /mnt/boot/efi
    2. Install GRUB: pacstrap /mnt grub-efi-x86_64
  12. Configure the system

    1. Generate the /etc/fstab: genfstab -p /mnt >> /mnt/etc/fstab. I found I had to edit it since /dev/mapper/amonkira_lvm-swap didn’t show up.
    2. Secure /etc/fstab: I changed the following mount options to my devices for /mnt/etc/fstab:
      • <device> /boot ext2 defaults,nodev,nosuid,noexec,noatime 0 2
      • <device> / ext4 defaults,noatime 0 1
      • <device> /var ext4 defaults,nodev,nosuid,relatime 0 2
      • <device> /home ext4 defaults,nodev,nosuid,relatime 0 2
    3. chroot into the new system: arch-chroot /mnt
    4. Set up /etc/rc.conf and set USELVM to YES
    5. Set up /etc/locale.gen, then run locale-gen to generate locales
    6. Configure /etc/mkinitcpio.conf, add “encrypt” and “lvm2” to hooks (in that order) before “filesystem” entry, add “ext4” to MODULES; run mkinitcpio -p linux
    7. Configure GRUB
      1. Install GRUB UEFI application to the UEFI system partition and the GRUB modules to the boot partition:
        1. Outside the chroot (in another TTY, for example), run modprobe efivars
        2. grub-install --directory=/usr/lib/grub/x86_64-efi --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --boot-directory=/boot --recheck --debug
        3. mkdir -p /boot/grub/locale
        4. cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
      2. Add some command-line kernel arguments in /etc/default/grub: for GRUB_CMDLINE_LINUX, add root=/dev/mapper/amonkira_lvm-root for LVM and cryptdevice=/dev/sda5:arch-luks for LUKS and resume=/dev/mapper/amonkira_lvm-swap for hibernation
      3. I decided to add Windows 7 to the Grub menu. I followed this and added it to /etc/grub.d/40_custom.
      4. Create the GRUB config file: grub-mkconfig -o /boot/grub/grub.cfg
    8. Set root password: passwd
  13. Clean up

    1. exit out of the chrooted filesystem
    2. umount /mnt/{boot/efi,boot,var,home} && umount /mnt
  14. Reboot and hopefully everything works! It did for me. 🙂

Now a basic and minimal Arch installation is done. Next post will be the post-installation configuration steps.

Amonkira, Lord of hunters July 20, 2012

Posted by Rich in laptop, linux.
1 comment so far

In my last post, I alluded to getting a new laptop, replacing a six-year old Dell laptop. It’s a Lenovo Thinkpad T420 with some of the following specs:

  • Intel Core i5-2450M processor, which is a dual-core hyper-threaded CPU based on the Sandy Bridge microarchitecture
  • 8 GiB DDR3 (came with 4 GiB, I bought another 4 GiB from Newegg)
  • 14″ LCD at 1600×900 resolution
  • Intel HD 3000 integrated graphics
  • 300 GiB hard drive

I’ve named it Amonkira (a Mass Effect reference) and have enjoyed playing around with it. The bloatware has been surprisingly minimal, but in the interest of running a lean Windows 7 installation since most of time/hard drive space will be devoted to Linux, I’ve decided to re-install Windows 7.

My previous post concluded that I won’t bother switching to UEFI/GPT since it’s probably too much of a hassle. Well, I’ve decided to renege on that since I have to re-install windows anyway so…why not?

I’ll make another post on installing Linux, but here are the steps I’ve taken to reinstall Windows:

  • Make a set of recovery DVDs with the included Lenovo recovery program. Too bad it only lets you do it once.
  • Use clonezilla to copy the three partitions (“system reserved”, Windows 7, and the Lenovo recovery) as a backup to my server
  • I’ve found this amazing guide for reinstalling Windows 7 on the T420, and am following it for the rest of the way. I have the following comments on what I did to follow the guide:
    • I burned the Windows 7 ISO to a DVD rather than bothering with formatting a USB flash drive/hard drive to GPT and copying over UEFI boot files and such. I use the DVD drive so little and I have a stack of unused DVD-R’s, so why not?
    • I backed-up the Windows activation certificate and copied over the drivers and such to a USB flash drive (just a MBR/FAT32 partition, nothing fancy), as directed
    • I booted from another USB drive with gparted to blow away the parititions on the existing hard drive. Then I used gparted to reinitialize the disk to GPT instead of MBR. In case anything bad happens from here on out, I have the partition backups I made with clonezilla.
    • I booted into the BIOS setup and switched modes to UEFI only
    • I booted from the Windows DVD and installed, using a 60 GiB partition for Windows
    • I installed the drivers and such as the guide directed

Some post-install steps:

  • Installed some (not all) of the Lenovo utilities with their system updater
  • Windows updates several times
  • Used ninite to install a few programs that would be helpful in the rare times I would be in Windows
  • I also set the hardware clock to UTC instead of localtime, since this makes a lot of sense and is well-supported in Linux (and apparently mostly so in Windows 7)

All in all, it was fairly painless, it just delayed things for a few days, which is okay with me. I now have a UEFI/GPT setup with a fairly lean Windows 7 installation. Next step is installing Linux!

UEFI/GPT vs BIOS/MBR July 6, 2012

Posted by Rich in laptop, linux.
add a comment

So I’m getting a new laptop to replace my old one (topic for a future post), and this laptop has UEFI enabled, along with a legacy interface that acts like a traditional BIOS. UEFI is advantageous over BIOS for a number of reasons and will, in the coming years, replace BIOS in computers more and more.

Another technology is GPT disks versus MBR disks. GPT disks overcome all of the shortcomings of MBR disks. Unfortunately, with Windows, you can only boot Windows from a GPT disk if you’re using UEFI. Linux doesn’t have this same problem, so you could have an MBR/GPT setup.

I’m planning on keeping Windows on the laptop for two main reasons:

  1. Emergency or rare situations when I absolutely need Windows
  2. Act as a “honeypot” so if my laptop is lost/stolen, I can use something like Prey to track it and hopefully recover it
  3. An alternate reason is for gaming purposes, but since the laptop’s video card (Intel integrated graphics) isn’t that beefy, I likely won’t be playing any video games on it

The laptop ships with Windows 7 in the BIOS/MBR setup, but it’s possible to disable the legacy BIOS interface so it is in UEFI mode only, reformat the disk to GPT,  and then reinstall Windows. Then I would install Linux and do the necessary steps to boot it in UEFI mode.

I’ve been seriously considering wiping the laptop, switching/formatting to UEFI/GPT, reinstalling Windows, and then installing Linux, but I’ve changed my mind. It’s really a simple costs/benefits comparison. Here are the benefits to switching to UEFI/GPT:

  • Gain experience in installing Linux using UEFI bootloaders and the like
  • Theoretically, the boot process is sped up by 1 or 2 seconds

And the costs:

  • Lots of extra time to learn and do all these steps, which comes out of my limited free time
  • Possibility of getting things wrong so I may have to reinstall Windows or Linux multiple times, eating up even more time

Another factor in my consideration is that while GPT has a lot of advantages over MBR, since I use LVM, most of the advantages of GPT are superfluous to me.

So while UEFI and GPT are definitely cool and the way future for computing, it seems like it’s too much of a pain right now to switch over. Maybe in a couple of years I’ll change my mind and do it then. There’s no strong reason to make the switch now, so this decision is definitely postponable.