Debian type package guidelines for Arch.
Well, maybe not as anal or strick.
With the recent breed of Debian based distro's coming out (Ubuntu in particular) and with a Debian release just around the corner, there has been a lot of talk regarding this distro. So I decided to take a closer look in this flavour of Linux.
I myself coming from Slackware, have heard and used (very little) Debian before in the past decided to take a look at how far this distro has come since my first encounter with it.
Reading a lot of the Slashdot comments and Osnews comments I noticed that the hardcore/avid Debian users made a lot of good argument points regarding the "superiority" of there distro compared to the rest.
They argue the ease of Apt-get/dpkg and how powerful these tools are and how you only need to install Debian once. Especially now that the installer has been given a huge facelift, it is much easier to install Debian than previous versions.
Now none of that really sounds very enticing as Arch has Pacman, with Arch's rolling-release packaging scheme and the fact that I think the Arch installer is by far the fastest install I have ever done of a Linux system before, I see no reason to use Debian in place of Arch, at least not for what I use my system for.
But the one thing that stood out that made a lot of sense was the fact that Debian has a very strict packaging guideline. Things for menu's, config files and the works all had a standard place in a Debian system, making all of the packages very intergrated and work well together on the same system. Due to these guidelines, one can argue that the package quality for a .DEB, compared to most others is much higher. That is not to say it's perfect, as even on the "stable" branch there are packages that don't always work, but that is very rare.
What I'm getting to is I think that Arch should adopt something similar. I didn't really think it through to much as it is just an idea and I want to see what others think of this.
Basically there should be an offical set of documents that outline where configs go (/etc usually) where large packages go (in Arch /opt) and menu entries etc. This way new maintainers or people who would like to learn Arch's packaging system would know the "right way" for an Arch system, which would, in my opinion, skip a lot of the headaches of malfunctioning packages in the repos.
Another thing Debian has which is an okay idea is they have a system in place that checks the packages being submitted to the repos follow the guidelines and if the packages don't check out they are rejected, as to keep the system clean regarding standards.
Now the AUR (I forget what it's called) system being developed does what again? I only heard about it but didn't do enough digging to find out what its for exactly.
I don't know how to explain my idea exactly, but I thought I would throw it out there anyway and see what people have to say, if anything at all .
We have a not-all-that-strict guideline in the official documentation...
http://www.archlinux.org/docs/en/guide/ … guidelines
And we don't have things like menu specifications, because we haven't figured them out yet.
We also have namcap which checks for some packaging guideline checking in iit.
Most of the stuff you talked about is there, in the works, or being planned.
Similar Messages
-
Ubuntu "*-dev" package equivalent for Arch?
I'm just trying Arch for the first time, migrating from Ubuntu. I'm trying to set up as equivalent a system as I can, software-wise, from a list I kept of of key packages I installed on Ubuntu.
One thing Ubuntu does (for those unfamiliar with it) is the developers create a package with the compiled/configured binary, and sometimes they also create a development package to be used by other applications that rely on the original package. Ie, you might have "libgtk2.0" and "libgtk2.0-dev", which you usually install separately.
What's the equivalent of the Ubuntu "*-dev" packages on Arch?Ubuntu devs separate them because that's how Debian does it, and it would be a waste of time to reintegrate them again, and it would be messy to not do it for the packages they build themselves but keep the split out headers for the packages they inherit from Debian.
Debian splits them up for the reason you said though . Without Debian, Ubuntu wouldn't be where it is today. People tend to forget that. -
Towards an Arch OCAML packaging guidelines
I'm not an OCaml programmer so I'm posting a preliminary howto in the hopes folks will give input and we can put it up on the wiki. I think the lack of standardization (and packages in general) is quite sad and we should be able to rather effortlessly do better. Much of the following info I hijacked from the debian package guidelines.
* Bytecode executables should have "options=(!strip)", since we're x86 only we don't really have to worry about native code compiler availability.
* Libraries/bindings should be prefixed with ocaml-.
* Libraries should provide META files. Since these seem to differ across various distros it seems reasonable to try and support both fedora and debian if possible, otherwise it seems debian seems to have more force and should be a priority (also they have lots of prewritten META's to hijack). Since our findlib doesn't setup a META.x directory META files should be placed under `ocamlfind printconf destdir`/library-name and should be called META.
* I have found that -j1 is often needed, maybe we should note this as it's bitten me a few times.
I wish I could comment on documentation but I don't know anything about it. Input on this would be appreciated. I assume they have a tool like doxygen, haddock, javadoc, etc.
Please give suggestions! Thanks.
Follows is a more formalised wiki page, I stole some stuff from the lisp guidelines:
== Background ==
At the moment, there are relatively few ocaml packages available in the Arch repositories. This means that at some point or another, more will likely appear. It is useful, therefore, to figure out now, while there are few packages, how they should be packaged. Therefore, this page stands as a proposed packaging guideline for lisp packages. Keep in mind, however, that this is a work in progress; if you disagree with some of the ideas suggested here, feel free to edit the page and propose something better.
== Bytecode and Native code ==
If Bytecode is produced make sure to include "options=('!strip')".
Probably should give mention of something here. I'm not educated enough to comment but intuitively native would be the way to go.
== Findlib ==
Packagers are encouraged to create META packages if a library does not provide one. The Debian folks seem to have a good foundation to build on or provide. Compatibility with Debian should be an interest. Fedora also supplies META packages for various libraries which may differ from those supplied by Debian. It is sometimes possible to be compatible with both distributions and this is hence encouraged when sensible.
== Directory Structure ==
Given that our current findlib package does not setup a metadir META packages should be placed under `ocamlfind printconf destdir`.
Maybe a comment here about executables and/or documentation?
== Example PKGBUILD ==
<pre>
pkgname=ocaml-mysql
pkgver=1.0.4
pkgrel=1
license=('LGPL')
arch=('i686' 'x86_64')
pkgdesc="Objective Caml (OCaml) mysql library."
url="http://raevnos.pennmush.org/code/ocaml-mysql/"
depends=('ocaml' 'ocaml-findlib')
source=("http://raevnos.pennmush.org/code/ocaml-mysql/$pkgname-$pkgver.tar.gz")
md5sums=('76f1282bb7299012669bf40cde78216b')
install=ocaml-mysql.install
options=('!strip')
build() {
cd $srcdir/$pkgname-$pkgver
mkdir -p "$pkgdir/$(ocamlfind printconf destdir)"
mkdir -p "$pkgdir/$(ocamlfind printconf destdir)/stublibs"
./configure || return 1
make || return 1
make opt || return 1
env DESTDIR="$pkgdir" \
OCAMLFIND_DESTDIR="$pkgdir/$(ocamlfind printconf destdir)" \
make install || return 1
</pre>
== Things you, the reader, can do ==
* Maintain lisp packages following these guidelines
* Update and fix problems with these guidelines
* Keep up with what's changed here
* Provide (polite) thoughts, feedback, and suggestions both on this document and to people's work.
* Translate this page and future updates to this page.Nice Work! One question: Can you explain what you expect from the mentioned meta-packages? Maybe it is obvious to a experienced ocaml programmer, but not to me.:)
-
Ubuntu look-alike gnome theme for arch linux
Is there any theme/gnome package(s) for arch linux that will give me gnome that looks kind of like the gnome package for ubuntu? I'm moving over from ubuntu to arch, and I'm hoping to ease the transition at first while I get used to the rest of the system. Thanks!
EDIT: Actually, how configurable is xfce? I've used gnome and kde for arch a bit, but they're just so vanilla, and I'm still looking for a relatively nice graphical interface on top of cli. Thanks!
Last edited by pythonscript (2009-07-27 23:29:40)xfce4 is just about as configurable as GNOME at the level of gconf/ xfconf and way more configurable via the settings GUI.
-
[SOLVED]How to build debian package source in Arch Linux?
I'm porting openssl for sh4 arch.
If I use Arch Linux PKGBUILD, it built failed. (I guess that's caused by there is no asm code for sh4 cpu).
So, I decide use debian's source.
But, is there any one know how to porting debian's package into Arch Linux?
I can apt-get source openssl from other machine. But I don't know what's the correct step to build it into Arch Linux' structure.
Solution: refer brebs's PKGBUILD hint.
Last edited by dlin (2013-02-26 09:44:16)The source is not hard to find. Look on Debian packages - each package has 2 files, the ".orig", and Debian's diff (which is sometimes not a diff, these days, thankfully because just having a simple "debian/patches" subdirectory available is a little bit easier for us).
Edit: Here ya go, convenient links:
http://packages.debian.org/sid/openssl
http://ftp.de.debian.org/debian/pool/ma … ian.tar.gz
Last edited by brebs (2013-02-26 09:42:10) -
ESS Business Package Error: Period type not allowed for profile ESS
Hi,
We are trying to configure the business package for Employee Self Service on Enterprise Portal 6.0. We followed this SDN contribution <a href="https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/21eb036a-0a01-0010-25a3-b2224432640a">ESS doc guide</a>
So far we have successfully deployed the business packages and followed all the configurations that were pointed out in the doc guide. Unfortunately when we try to access the Employee Self-Service portal pages (Overview, Employee Search, etc), we encounter this error:
Critical Error:
Period type not allowed for profile ESS, error key: RFC_ERROR_SYSTEM_FAILURE
com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Period type not allowed for profile ESS, error key: RFC_ERROR_SYSTEM_FAILURE
Any ideas on how to fix this issue?
Regards,
JojoHi Jojo,
Have you solved the problem? If yes can you please help me even I am facing the same error.
this is very help full to me .
Thanks and Regards,
Shilpi. -
Perl packaging guidelines: request for a new official policy
feature request about this here: http://bugs.archlinux.org/task/18113
*edit*
Ok, the new version of pacpan is out: http://xyne.archlinux.ca/info/pacpan
It's only in my repo for now. I'll move this version to the AUR after some feedback.
After some initial debugging (if necessary), I would like to request that the official Perl packaging guidelines be changed to recommend using pacpan as a tool to aid packaging CPAN packages. In many cases it will provide a fully working PKGBUILD by default and in those cases when it doesn't, the provided PKGBUILD will be a very good starting point. It can also be used for comparison to existing PKGBUILDs.
Packagers will find the following functions useful (please see the info page for some output examples):
pacpan --get-pkgbuilds [pkgs]
This will print out default PKGBUILDs for the specified packages. Packages may be specified with the standard pacman package names (e.g. perl-foo-bar) or with the CPAN names (e.g. Foo-Bar for a distribution, Foo::Bar for a module). Pacpan will map modules to their distributions uniquely and thus prevent package conflicts when attempting to package different modules which are in the same distrbution.
It will also provide a comprehensive provides array which will ensure dependency resolution when dealing with dependencies specified in META.yml on CPAN.
Pacpan is also able to detect depends, makedepends and optdepends for CPAN packages.
Of course this depends on the presence and correctness of the META.yml file on CPAN, but this is present for (nearly?) all active distributions.
pacpan --check-local
This will inspect local perl packages and determine if local CPAN packages are named according to the packaging guidelines. It will also determine which modules a package provided by directly matching the files owned by the package according to pacman against the modules provided by those files, including version numbers where available. This will show packagers mistakes in the package and suggest changes to correct them. There is also a function for regular users to update the provides array of perl packages in the local database to ensure dependency resolution while waiting for packagers to correct their PKGBUILDs.
Last edited by Xyne (2010-02-01 22:35:47)The reason to include modules in the provides array is to enable finer tuning of dependencies. If the modules within a distribution ever change, there would be no need to change the depends array of all packages which had specified that distribution instead of the modules that they actually depend on. It also makes searching easier as someone who is looking for the functionality of a particular module will be able to find it via a pacman search.
If that is really an issue, then it would be trivial to remove the provides from the PKGBUILDs that the code generates. If we could strictly enforce the packaging guidelines in the official repos and the AUR then I suppose it might make sense to ignore modules completely, but I don't see how it hurts to list them in the provides array.
With the current code that I have, I think I have full module-to-distribution resolution and all PKGBUILDs generated by the code for a requested package or module map to the corresponding distribution. The pacpan rewrite is complete and I'm working on plugging the backend into bauerbill right now to handle dependency resolution, installation and makedeps removal. I hope to release the code soon (maybe today, depending on how productive I am), at which point we can really get this discussion going with a feature request on the bug tracker. -
Firefox needs a Debian installer package for version 4 - it should be as easy to install as Chrome
While Ubuntu is slow in providing access to Firefox 4 in their repositories, it would seem appropriate for Mozilla to have a Debian package installer for Firefox 4 that the user can access on a timeline enjoyed by everyone else.
What is the delay??I think you may have pasted the wrong thing into the Description.
To try and resubmit a pending report (for example if you lost your internet connection):
#Go to about:crashes in the location bar
#Click the latest report link to resubmit it
If there isn't a pending crash report listed, I'm afraid you may be out of luck for that crash report. -
Backpac: A package state snapshot and restore tool for Arch Linux
backpac:
A package state snapshot and restore tool for Arch Linux with config file save/restore support.
https://aur.archlinux.org/packages.php?ID=52957
https://github.com/altercation/backpac (see readme on the github repository for more information)
Summary & Features
It's a common method of setting up a single system: take some notes about what packages you've installed, what files you've modified.
Backpac creates those notes for you and helps back up important configuration files. Specifically, backpac does the following:
maintains a list of installed groups (based on 80% of group packages being installed)
maintains a list of packages (including official and aur packages, listed separately)
maintains a list of files (manually created)
backs up key config files as detailed in the files list you create
The package, group and files lists along with the snapshot config files allows system state to be easily committed to version control such as git.
Backpac can also use these lists to install packages and files. Essentially, then, backpac takes a snapshot of your system and can recreate that state from the files and lists it archives.
Use Cases
Ongoing system state backup to github
Quick install of new system from existing backpac config
Conform current system to given state in backpac config
Backpac is a very, very lightweight way of saving and restoring system state.
It's not intended for rolling out and maintaining multiple similar systems, it's designed to assist individual users in the maintainance of their own Arch Linux box.
Status
Alpha, release for testing among those interested. Passing all tests right now but will continue to rework and refine. Bug reports needed.
Why?
There are a lot of 'big-iron' solutions to maintaining, backing up and restoring system state. Setting these up for a single system or a handful of personal systems has always seemed like overkill.
There are also some existing pacman list making utilities around, but most of them seem to list either all packages or don't separate the official and aur packages the way I wanted. Some detect group install state, some don't. I wanted all these features in backpac.
Finally, whatever tool I use, I'd like it to be simple (c.f. the Arch Way). Lists that are produced should be human readable, human maintainable and not different from what I'm using in non-automated form. Backpac fulfills these requirements.
Regarding files, I wanted to be able to backup arbitrary system files to a git repository. Tools like etckeeper are interesting but non /etc files in that case aren't backed up (without some link trickery) and there isn't any automatic integration with pacman, so there is no current advantage to using a tool like that. I also like making an explicit list of files to snapshot.
Sample Output
This is the command line report. Additionally, backpac saves this information to the backpac groups, packages and files lists and the files snapshot directory.
$ backpac -Qf
backpac
(-b) Backups ON; Files will be saved in place with backup suffix.
-f Force mode ON; No prompts presented (CAUTION).
(-F) Full Force mode OFF; Prompt displayed before script runs.
(-g) Suppress group check OFF; Groups will be checked for currency.
(-h) Display option and usage summary.
(-p) Default backpac: /home/es/.config/backpac/tau.
-Q Simple Query ON; Report shown; no changes made to system.
(-R) Auto-Remove OFF; Remove/Uninstall action default to NO.
(-S) System update OFF; No system files will be updated.
(-U) backpac config update OFF; backpac files will not be updated.
Sourcing from backpac config directory: /home/es/.config/backpac/tau
Initializing.................Done
GROUPS
============================================================================
/home/es/.config/backpac/tau/groups
GROUPS UP TO DATE: group listed in backpac and >80% local install:
base base-devel xfce4 xorg xorg-apps xorg-drivers xorg-fonts
GROUP PACKAGES; MISSING?: group member packages not installed:
(base: nano)
(xfce4: thunar xfdesktop)
PACKAGES
============================================================================
/home/es/.config/backpac/tau/packages
PACKAGES UP TO DATE: packages listed in backpac also installed on system:
acpi acpid acpitool aif alsa-utils augeas cowsay cpufrequtils curl dialog
firefox gamin git ifplugd iw mesa mesa-demos mutt netcfg openssh rfkill
rsync rxvt-unicode sudo terminus-font vim wpa_actiond wpa_supplicant_gui
xmobar xorg-server-utils xorg-twm xorg-utils xorg-xclock xorg-xinit xterm
yacpi yajl youtube-dl zsh
AUR UP TO DATE: aur packages listed in backpac also installed on system:
flashplugin-beta freetype2-git-infinality git-annex haskell-json
package-query-git packer wpa_auto xmonad-contrib-darcs xmonad-darcs
AUR NOT IN backpac: installed aur packages not listed in backpac config:
yaourt-git
FILES
============================================================================
/home/es/.config/backpac/tau/files
MATCHES ON SYSTEM/CONFIG:
/boot/grub/menu.lst
/etc/acpi/handler.sh
/etc/rc.conf
/etc/rc.localfirecat53 wrote:I think your plan for handling an AUR_HELPER is good. If AUR_HELPER is defined by the user, then either you might need a list of major AUR helpers and their command line switches so you can pick the correct switch for what needs to be done (most use some variation of -S for installing, but not all), or have the user define the correct switch(es) somehow for their chosen AUR helper.
That's a good idea. I'll add that to my AUR refactoring todo.
I also found directory tracking to be a weakness in other dotfile managers that I tried. I think you would definitely have to recursively list out the contents of a tracked directory and deal with each file individually. Wildcard support would be nice...I just haven't personally found a use case for it yet.
I've been thinking that I could just add the directory and scan through it for any non-default attribute files. If those are found then they get automatically added to the files list. That's pretty close to what etckeeper does.
Edit: I just compiled the dev version and removed my comments for already fixed things...sorry!
The master branch should have those fixes as well, but I didn't update the version number in the package build. I'll have to do that.
1. Still apparently didn't handle the escaped space for this item: (the file does exist on my system)
Ok, good to know. This wildcard directory business will require some new code and refactoring so I'll also rework my filenames handling.
2. Suggestion: you should make that awesome README into a man page!
I was working on one (the pkgbuild has a commented out line for the man page) but I had to leave it for later. Definitely want a man page. Once this stabilizes and I'm sure there aren't any big structural changes, I'll convert it to man format.
3. Suggestion: add the word 'dotfile' into your description somewhere on this page, the github page, and in the package description so people looking for dotfile managers will find it. You could also consider modularizing the script into a dotfile manager and the package manager, so people on other distros could take advantage of your dotfile management scheme.
I actually have a different script for dotfile management that doesn't touch packages, but there is definitely overlap with this one. That script isn't released yet, though, and if people find this useful for dotfile management that's great. I'll add that in.
4. Suggestion: since -Q is a read-only operation, why not just make it run with -f automatically to avoid the prompt?
Originally, running backpac without any command line options produced the Query output. I was concerned that since it is a utility that can potentially overwrite system files, it is important to give users a clear statement prior to execution about what will be done. Since the Query output is essentially the same as the Update and System reports in format and content, I wanted to be explicit about the Query being a passive no-change operation. The current command line options aren't set in stone though. If you feel strongly about it being different, let me know.
Long answer to a short question
5. Another suggestion: any thought to providing some sort of 'scrub' function to remove private information from the stored files if desired? This would be cool for publishing public dotfiles to github. Perhaps a credentials file (I did this with python for my own configs). Probably detecting email addresses and passwords without a scrub file would be rather difficult because dotfiles come in so many flavors.
Yes, absolutely. In fact, if you look at the lib/local file (pretty sure it's in both master and dev branches in this state) you'll see some references to a sanitize function. The idea there is that the user will list out bash associative arrays like this:
SANITIZE_WPA_=(
[FILE]='/etc/wpa_supplicant.conf'
[CMD]='sed s/expungepattern/sanitizedoutput/g'
Question: am I missing an obvious option to remove a file from the files.d directory if I delete it from the files list? Or do I have to delete it manually? It might be helpful to add a section to the README on how to update and delete dotfiles from being tracked, and also a more detailed description of what the -b option does (and what is actually created when it's not used).
You are only missing the function I didn't finish. There should be either dummy code or a TODO in the backpac main script referencing garbage collection, which isn't difficult but I just haven't finished it. The idea being another loop of "hey I found these old files in your files.d, mind if I delete them?" It's on my list and I'll try to get it in asap.
And finally, just out of curiosity, why did you choose to actually copy the files instead of symlink like so many other dotfile managers do?
git not following symlinks, hardlinks also out for permissions issues (git wouldn't be able to read the files, change them, etc.)
I definitely would prefer to not make an entire copy of the file, but I haven't come up with a better option. Shout with ideas, though. Also, if there is a way around the link issues I noted above, let me know. I don't see one but that doesn't mean it's not there.
edit: I think a Seattle area Arch meetup would be cool! Perhaps coffee someplace? Bellevue? U-district? Anyone else? BYOPOL (bring your own pimped out laptop)
A general meetup sounds good. I was also thinking it would be fun to do a mini archcon with some demos. -
Palaver speech recognition app packaged for Arch
Palaver (formerly Ubuntu-Speech-Recognition), has been packaged for Arch:
https://aur.archlinux.org/packages/palaver-git/
The git repo is located here:
https://github.com/JamezQ/Palaver
A great video demo of what is possible can be found here:
http://www.techdrivein.com/2013/02/ubun … -demo.html
This is shaping up to be an interesting project, and as long as it keeps on a good development track, could become the Siri of Linux (don't laugh, it could!)
The current code is beta, and will be going through restructuring changes as it moves from git to launchpad, so expect a lot of changes in the near future.
The beta can actually do quite a lot at the moment, especially if you add your own dictionary (which is very easy to do BTW).
Oh, and just a warning regarding privacy, the application uses Googles speech recognition, and requires a network connection to work. Your voice command is recorded locally and deciphered on Google servers.......
Cheers.Xyne wrote:
Padfoot wrote:Oh, and just a warning regarding privacy, the application uses Googles speech recognition, and requires a network connection to work. Your voice command is recorded locally and deciphered on Google servers........
Oh well. Aside from the privacy concerns* I am also disappointed that it is just a wrapper around a web service. A local speech recognition engine would be even more impressive.
Thanks for the privacy warning.
* Seriously, sending speech samples to Google so that they can store and analyse them is crazy to me. Do you really want to live in a future of interactive advertisements that can identify you by voice alone and associate it with everything else that you have ever done online? A conversation with a friend at a bus stop may one day trigger targeted ads that reveal things about you that you consider private. I do not understand how so many people can be completely ok with having their private lives catalogued for companies and governments just to get some non-essential services in return. Beyond that having such tools lying around when your government eventually becomes oppressive will ensure its longevity at everyone's expense. Open, democratic societies have an unpatched memory leak that requires a hard reboot every so often.
I completely understand, and while a local engine would be teriffic, the only one I can think of on Linux with any potential is sphinx. Unfortunately, (last time I checked) it's not in an easily useable state, yet. I should check out the pace of development on that project. Of course, I would be delighted to be proven wrong on this project.
And while this in no way is intended to dispell any privacy concerns, or justify any possible motives of the companies providing online deciphering, I am guessing this is exactly whar Siri does on Apple products. Also, as Palaver is currently targeting Ubuntu (while still being agnostic enough to easily work on any distro), It needs to have a small footprint considering the push at Ubuntu towards mobile devices. Unfortunately, mobile devices do not lend to local storage of the many samples in multiple languages required to perform the deciphering.
Cheers.
[EDIT] While Palaver is a wrapper around an online service, the wrapper is limited to sending the voice sample and getting a string of text back, the application performs the task of deciphering the meaning of the text and taking the appropriate action based on local dictionaries and plugins.[/EDIT]
Last edited by Padfoot (2013-03-23 22:21:13) -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
If you need help quickly... Guideline for posting an effective question.
Whenever you have a question that you would like answered, do pose that question effectively.
First, do not assume that because you have tried many, many times that your question is understood by someone else. What is obvious to you may not be for another. So please state in a very detailed and structured way what steps you have taken to cause your problem, how you can replicate this problem, under what circumstances on what hardware/software.
The fact that you have nearly given up because of your problem does not mean that someone else can readily understand this problem. When you go to your doctor and say: "I have a pain in my stomach" he will ask you a lot of questions. Same applies here. Your doctor may need to know about any medication you have taken, your blood pressure, history, etc. If you want help, be as PRECISE and ACCURATE as possible.
Second, this is a USER TO USER forum. So ranting will not help. What may help is a STRUCTURED approach to describing the problem you have.
Third, do a thorough search of posts here, on other fora and with Google before repeating what has been asked a thousand times and has worn out the patience of regulars here, who have answered your question a dozen times already. Use the FAQ and the Wiki to find answers to questions that have been posed and answered repeatedly. Do not assume you are unique with your problem. Well, you are unique, the problem you have most likely is not.
Fourth, realize that even though it may be highly frustrating to you to not be able to solve YOUR problem, by posting your question here, you are dependent on fellow editors to help you on their free time without compensation, so bear with them to help identify what EXACTLY is your problem. If you lack that decency, you may forfeit their help, so why did you come here?
Fifth, consider your work flow in light of the purpose of Premiere, an editing package. If you have problems with rotoscoping, programming with APL, spreadsheets in general, word processing on a mobile phone, importing Panda bears into a local zoo, feeding nearly distinct whales in the Alps, or anything far removed from the purpose of PP, you may be better off in posting your question elsewhere.
Last:
Everybody has to learn, has the right to ask questions and be helped.
If everybody has the decency to pose their urgent, life threatening or other questions in a detailed, structured and comprehensible way, it will vastly improve the chances of speedy and helpful replies, without the need for sarcasm, bundles of to-and-fro posts without meaningful help, just wasting bandwidth.
I know I have been rightly accused of such behavior, which was the result of sheer frustration with absolutely meaningless and often pointless questions without details, structure and the like. Maybe this can be a general guideline for posters on how to ask questions, in addition to Eddie's links and How to ask questions the smart way
The most frustrating issues one can encounter are hangs, BSOD's (blue screens of death), system errors and other cases of seemingly random erros that require rebooting, restarting or similar actions, only to be confronted with the next hang, BSOD or system crash.
These errors are often difficult to locate, due to the large variety of systems, components and driver or software versions in use. This is often further aggravated by sheer lack of expertise, understanding of what needs to be communicated in order for others to help solve the issue at hand. And that list is very long.
So, in order to make it a bit simpler for the average user who encounters these problems, follow the following steps when posting a problem:
1. Clearly describe the main problem in the topic, but be brief. Not so brief as to only say: "Help!" or "URGENT" or another meaningless statement but get to the point, like: "PP crashes on opening, requiring a reboot" or "Using DL the system hangs upon return to PP". You get the point.
2. Briefly describe your hardware, software, OS and versions in use, including disk setup, video card and driver versions, etc.
3. Describe source material, including codec (not AVI, which is not a codec), project settings and other relevant info.
4. Describe as accurately as possible what you did, what steps you took, what happened at what moment and what you did to try to resolve it.
5. Go to Start/Run, type in DXDIAG, enter and save all information to a TXT file. Include a link to that file in your post.
6. Go to Start/Run, type in MSINFO32 (or similar for 64 bit OS), enter and save the results as a .NFO file. Include a link to that file in your post.
7. Download Process Explorer , and either post a screen shot or a link to the results.
8. Make a screen shot of the results of SpeedFan or HW Monitor and include that in your post.
When you perform these basic steps, you avoid endless questions about your system and people may be able to help you faster.
If you feel up to it, take a look at The Case of the Unexplained to start your own troubleshooting.
Hope this helps to post more meaningful questions and get an answer much quicker.Whenever you have a question that you would like answered, do pose that question effectively.
First, do not assume that because you have tried many, many times that your question is understood by someone else. What is obvious to you may not be for another. So please state in a very detailed and structured way what steps you have taken to cause your problem, how you can replicate this problem, under what circumstances on what hardware/software.
The fact that you have nearly given up because of your problem does not mean that someone else can readily understand this problem. When you go to your doctor and say: "I have a pain in my stomach" he will ask you a lot of questions. Same applies here. Your doctor may need to know about any medication you have taken, your blood pressure, history, etc. If you want help, be as PRECISE and ACCURATE as possible.
Second, this is a USER TO USER forum. So ranting will not help. What may help is a STRUCTURED approach to describing the problem you have.
Third, do a thorough search of posts here, on other fora and with Google before repeating what has been asked a thousand times and has worn out the patience of regulars here, who have answered your question a dozen times already. Use the FAQ and the Wiki to find answers to questions that have been posed and answered repeatedly. Do not assume you are unique with your problem. Well, you are unique, the problem you have most likely is not.
Fourth, realize that even though it may be highly frustrating to you to not be able to solve YOUR problem, by posting your question here, you are dependent on fellow editors to help you on their free time without compensation, so bear with them to help identify what EXACTLY is your problem. If you lack that decency, you may forfeit their help, so why did you come here?
Fifth, consider your work flow in light of the purpose of Premiere, an editing package. If you have problems with rotoscoping, programming with APL, spreadsheets in general, word processing on a mobile phone, importing Panda bears into a local zoo, feeding nearly distinct whales in the Alps, or anything far removed from the purpose of PP, you may be better off in posting your question elsewhere.
Last:
Everybody has to learn, has the right to ask questions and be helped.
If everybody has the decency to pose their urgent, life threatening or other questions in a detailed, structured and comprehensible way, it will vastly improve the chances of speedy and helpful replies, without the need for sarcasm, bundles of to-and-fro posts without meaningful help, just wasting bandwidth.
I know I have been rightly accused of such behavior, which was the result of sheer frustration with absolutely meaningless and often pointless questions without details, structure and the like. Maybe this can be a general guideline for posters on how to ask questions, in addition to Eddie's links and How to ask questions the smart way
The most frustrating issues one can encounter are hangs, BSOD's (blue screens of death), system errors and other cases of seemingly random erros that require rebooting, restarting or similar actions, only to be confronted with the next hang, BSOD or system crash.
These errors are often difficult to locate, due to the large variety of systems, components and driver or software versions in use. This is often further aggravated by sheer lack of expertise, understanding of what needs to be communicated in order for others to help solve the issue at hand. And that list is very long.
So, in order to make it a bit simpler for the average user who encounters these problems, follow the following steps when posting a problem:
1. Clearly describe the main problem in the topic, but be brief. Not so brief as to only say: "Help!" or "URGENT" or another meaningless statement but get to the point, like: "PP crashes on opening, requiring a reboot" or "Using DL the system hangs upon return to PP". You get the point.
2. Briefly describe your hardware, software, OS and versions in use, including disk setup, video card and driver versions, etc.
3. Describe source material, including codec (not AVI, which is not a codec), project settings and other relevant info.
4. Describe as accurately as possible what you did, what steps you took, what happened at what moment and what you did to try to resolve it.
5. Go to Start/Run, type in DXDIAG, enter and save all information to a TXT file. Include a link to that file in your post.
6. Go to Start/Run, type in MSINFO32 (or similar for 64 bit OS), enter and save the results as a .NFO file. Include a link to that file in your post.
7. Download Process Explorer , and either post a screen shot or a link to the results.
8. Make a screen shot of the results of SpeedFan or HW Monitor and include that in your post.
When you perform these basic steps, you avoid endless questions about your system and people may be able to help you faster.
If you feel up to it, take a look at The Case of the Unexplained to start your own troubleshooting.
Hope this helps to post more meaningful questions and get an answer much quicker. -
Infinality-bundle-fonts: a free multilingual font collection for Arch
infinality-bundle-fonts: a free multilingual font collection for Arch Linux
infinality-bundle-fonts is meant to be a complete, 'install-and-forget' solution for most (Arch) Linux users looking for easy access to common type-faces diversity needed to create and reproduce (hyper)text documents. It consists of freely available, hand-picked fonts providing correct, uniform and high quality rendering of multilingual content.
Obligatory teaser
click
Installation instructions
See Infinality-bundle+fonts.
Technical information and user notes
Popular proprietary fonts substitutions
See /etc/fonts/conf.avail.infinality/free/37-repl-global-free.conf.
Default sans-serif, serif, monospace, fantasy, cursive
See /etc/fonts/conf.avail.infinality/free/60-latin-free.conf.
Languages covered and special cases
Wikipedia was used as a reference when testing Latin and non-Latin linguistic scenarios and I believe that the majority of users should be satisfied with the results (the completeness, rendering quality, readability, clarity, coherence… you name it).
If in doubt, you can easily check which font family is used to display a particular script:
[~] $ fc-match :lang=ja
sawarabi-gothic-medium.ttf: "Sawarabi Gothic" "Medium"
Before you install a third-party font package, first check if it is already present in the infinality-bundle-fonts repository.
The default sans family is Noto Sans. However, in order to preserve the correct layout of certain web documents, Liberation Sans will remain the replacement for Arial. The width difference between the two could be problematic for certain websites prioritizing Arial/Helvetica over 'anything sans' (rather than 'anything serif'). Websites intentionally designed to use any sans font will select Noto Sans by default.
There is an extensive choice of available serif type-faces: the default is Heuristica, others include Crimson Text, Merriweather, TeX Gyre Termes, Gentium family, and more.
A few popular font packages available in the Arch Linux official repositories were re-packed in order to avoid rendering issues.
A few packages available in the AUR were re-packed for compatibility reasons.
You will be notified if a package you already have in your system should be replaced with a corresponding one from the infinality-bundle-fonts repository. If this is the case, just hit 'Y' to accept and install the new one.
Additional font files can be found in infinality-bundle-fonts-extra group. Some may be handy extensions for particular scripts (like 'ttf-dejavusans-yunati-*-ibx'), others are strictly optional and task specific. The 'extra' group is expected to offer those few quality bits that users most often need to use but that do not belong to the main set. Suggestions are welcome. Note: 'extra' is not a place for 10 mono / sans / decorative type-faces, etc. This is technically impossible due to server bandwidth limits and practically against the usability principle that a well organized general purpose font collection should offer.
Licensing
The files available in the infinality-bundle-fonts repository are freely available for download, redistribution, personal and/or commercial use. 95% of the fonts are licensed under the GPL, Apache or OFL license. The remaining 5% can still be freely distributed and used under certain conditions specified by the author and/or the foundry. Please, consult a particular license for details if a proper license matters to you.
Sources and build scripts
All source files are available in the usual place:
PKGBUILD
Enjoy.
Last edited by bohoomil (2013-12-04 23:29:11)bohoomil wrote:
Thanks -- I will re-build and re-upload the package in a minute.
Edit: OK, done. ttf-chromeos-fonts has to be in conflicts=() because it provides exactly the same content as ttf-chromeos-ib. ttf-chromeos-extra-fonts was removed.
I say AND: conjuntion that mean both in this case conflict=('ttf-chromeos-fonts' 'ttf-chromes-extra-fonts')
before
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Regular.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Regular.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Regular.ttf existe en el sistema de archivos
now
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Arimo-Regular.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Cousine-Regular.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Bold.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-BoldItalic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Italic.ttf existe en el sistema de archivos
ttf-chromeos-ib: /usr/share/fonts/TTF/Tinos-Regular.ttf existe en el sistema de archivos
ttf-lohit-oriya-ib: /usr/share/fonts/TTF/Lohit-Oriya.ttf existe en el sistema de archivos
ttf-lohit-punjabi-ib: /usr/share/fonts/TTF/Lohit-Punjabi.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansArmenian-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansArmenian-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansDevanagari-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansDevanagari-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansDevanagariUI-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansDevanagariUI-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansEthiopic-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansEthiopic-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansGeorgian-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansGeorgian-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansHebrew-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansHebrew-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansTamil-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansTamil-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansTamilUI-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansTamilUI-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansThai-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansThai-Regular.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansThaiUI-Bold.ttf existe en el sistema de archivos
ttf-noto-sans-multilang-ib: /usr/share/fonts/TTF/NotoSansThaiUI-Regular.ttf existe en el sistema de archivos
ttf-noto-serif-ib: /usr/share/fonts/TTF/NotoSerif-Bold.ttf existe en el sistema de archivos
ttf-noto-serif-ib: /usr/share/fonts/TTF/NotoSerif-BoldItalic.ttf existe en el sistema de archivos
ttf-noto-serif-ib: /usr/share/fonts/TTF/NotoSerif-Italic.ttf existe en el sistema de archivos
ttf-noto-serif-ib: /usr/share/fonts/TTF/NotoSerif-Regular.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifArmenian-Bold.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifArmenian-Regular.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifGeorgian-Bold.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifGeorgian-Regular.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifThai-Bold.ttf existe en el sistema de archivos
ttf-noto-serif-multilang-ib: /usr/share/fonts/TTF/NotoSerifThai-Regular.ttf existe en el sistema de archivos -
I have read been reading about the Debian Core Components Alliance - and must say I am intrugued! I like the sound of a common base to build from as long as the core is flexible and expandable to meet future needs.
I am still fairly new into the Open Source world. I can understand the implications of the DCCA to the corporate world in the future. This sort of alliance has brought some questions to mind that I hope somebody with more knowledge/understanding of this agreement could demystify for me
My questions areW
ill this affect Arch users in the future?
If Debian becomes the future MS competitor, will the linux distro's that have a different base setup suffer in the future?
If programmers have a common base to work from, development would flourish with those disto's who have adopted this base. Would smaller distro's may be left in the "development" cold?
I am not sure if my understanding of this is correct, and please correct me if I am wrong. Would Arch need to adopt to some common core in the future to be compatible to what will be main stream development?
I do believe that Archlinux will be a major player in the future. Would it be as simple as downloading a "Linux Base System" package that standardizes linux distro's in the future?
CheersIn a lot of distributions (arch included) in a tree there is only one version of a program/lib exept if there is a major api change.
As far as I understand the goal of the dcca is to tell what programs/libs are available and what version of them are currently in the tree. So that programmers do know on what programs/libs they can build their app. It will be based on the stable tree of debian which means that it will be fairly old.
I think this will not be negative for arch except that in very rare occasions it can be possible that a app is based on a older program/lib than what is in the current tree. If that app is opensource it could be patched to run with the newer programs/libs, if it's closed source arch could provide different versions of the depending programs/libs so that it works.
Cheers,
David -
FAQ: User Interface Guidelines for CRM 2007 are now available
The CRM UI Concept Team has made the UI Guidelines for CRM Web Client User Interface (CRM 2007 UI) available to the BPX community:
This document provides an overview of the on-premise as well as the off-premise versions of the SAP CRM Web Client User Interface (UI). It contains the properties and principles of the SAP CRM Web Client UI that are already committed and available. For planned features, refer to the corresponding specification documents.
The information in the guidelines starts with general topics, followed by details. The sections are organized with high-level topics like Page Types and Navigation Schema first, followed by the consecutive sections describing which building blocks and elements of the UI populate the various pages. A section typically starts with one or more screenshots of a central UI element with a generic explanation. The subsequent sections explain the detailed aspects of each element.
We hope that you will find this information useful.
Enjoy the new CRM UI! [UI Guidelines for CRM Web Client User Interface (CRM 2007 UI)_ |http://www.sapdesignguild.org/resources/CRM-UI-Guidelines-Customers.pdf]
Edited by: Zhaojie Liu on Jun 10, 2009 10:08 AMHi,
not sure why your download stops.. you can also try to download via this link: [http://www.sapdesignguild.org/resources/CRM-UI-Guidelines-Customers.pdf|http://www.sapdesignguild.org/resources/CRM-UI-Guidelines-Customers.pdf] (Document is 17,4MB of size)
Here the guidelines also have been posted together with an article about the CRM 2007 Web Client UI.
Hope this helps
Best regards
Ingo
Maybe you are looking for
-
Acrobat X - Save As Dialog - Search Box?
I am contemplating upgrading from Acrobat 9 Standard to Acrobat 10 (X?) Standard, and have a simple question. After scanning, is the "Save As" dialog box the modern, Windows 7 version, with the "Search" box? I save lots of scanned documents to deep
-
Creating an interactive CV: mouse over / roll over pop ups, embedded documents and videos
Hi everyone, I am pretty new to Adobe Acrobat Pro and new to this forum (1st post here!). Greetings from Spain... and apologies for grammar mistakes and misleading explanations (in advance). I have been checking this forum and googling quite a bit, b
-
Need help in Disabling Internal On-Board Microphone
I have searched every forum and everyplace about how to disable the internal on board mic that is on my Toshiba A355-S6925 (Vista 64bit) but can not come up with a resolutuon. I use my laptop for sound recording music and this is a real pain in the
-
Error in parsing value for display
Hi I'll try to access a website http://sinaica2.ine.gob.mx/magic/rmart but Firefox 8.X and 9.X dont show me a frame inside the middle of the new window, but any other browser also an older version of Firefox does well. Firebug reports me a warning "E
-
Transform Activity in BPEL 10.1.3 (Developers Preview)
Hi Have you tried to use Transform Activity in BPEL 10.1.3 Developers Preview? Try this simple test: I create a new BPEL process, add a transform, edit the transformation map: connect the two variables (inputVariable and outputVariable), click save a