First, create the file /etc/systemd/sleep.conf.d/nosuspend.conf with the following contents:
[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
Then issue the following command: systemctl daemon-reload
Create a patch file with diff
The command to create a patch file containing the differences between to folders with the diff command is:
diff -Naur original-source changed-source > patch.txt
Add --exclude=file-or-folder to exclude files or folders from the patch.
-N, --new-file
treat absent files as empty
-a, --text
treat all files as text
-u, -U NUM, --unified[=NUM]
output NUM (default 3) lines of unified context
-r, --recursive
recursively compare any subdirectories found
virsh cheat sheet
Here are a few simple virsh commands I occasionally need when things go wrong.
list active macines
virsh list
list all machines
virsh list --all
start a machine
virsh start name
mark a machine to autostart with the host
virsh autostart name
mark a machine to not autostart with the host
virsh autostart --disable name
gracefully shutdown a machine
virsh shutdown name
force a machine to shutdown
virsh destroy name
reboot a machine
virsh reboot name
suspend and resume a machine
virsh suspend name
virsh resume name
Much more detail is available at in the virsh man page.
Graphics in gEDA PCB Designs
I recently needed to add a logo to a printed circuit design I created with the gEDA PCB program. The steps I used to do this are as follows:
- Create the image in Inkscape using only one colour: black.
- Convert all objects to paths (Path / Object to Path).
- Remove overlapping vector paths.
- Adjust the image size. I used 64px wide by 16px high.
- Save image as a postscript file.
- Use pstoedit to create the footprint:
pstoedit -psarg “-r1000x1000” -f pcbfill -ssp ‘inputfile.ps’ ‘outputfile.pcb’ - In PCB, load layout to buffer and place on board.
- Export the gerbers and confirm the appearance of the logo is acceptable.
More detail on this process is available on Ben Bergman’s blog.
Building Gimp 2.9.x on Debian Jessie
The current development version of Gimp 2.9.x has support for 16 and 32 bit image files. I couldn’t find packages to install on Debian Jessie so I set out to build from source. Here are the steps I followed:
mkdir -p ~/src/gimp
cd ~/src/gimp
git clone https://github.com/json-c/json-c.git
cd json-c/
./autogen.sh
make -j 4
sudo make install
cd ..
git clone https://github.com/mypaint/libmypaint.git
cd libmypaint/
scons prefix=/usr/local
sudo scons prefix=/usr/local install
cd ..
git clone git://git.gnome.org/babl
git clone git://git.gnome.org/gegl
git clone git://git.gnome.org/gimp
cd babl
./autogen.sh
make
sudo make install
cd ../gegl
./autogen.sh –without-libavformat –disable-docs
make
sudo make install
cd ../gimp
./autogen.sh
make
sudo make install
LD_LIBRARY_PATH=/usr/local/lib /usr/local/gimp-2.9
It took a little while, and there were a few missteps along the way, but SUCCESS!
For bonus points, build and install the resynthesizer plugin too.
cd ~/src/gimp
git clone https://github.com/bootchk/resynthesizer.git
cd resynthesizer
./autogen.sh
./configure
make
sudo make install
Many thanks to the developers!
Let’s Encrypt Revisited – nginx Support
Let’s Encrypt certificates work great on the NGiNX web server too. Here is the SSL configuration I used:
ssl_certificate /etc/letsencrypt/live/www.{{domain-name}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.{{domain-name}}/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=7890000;
Note the Strict-Transport-Security header at the end of the list. That tells browsers they should only connect to this site securely for the next 180 days (15552000 seconds). The presence of this header boosts your Qualys Labs rating from A to A+. I need to add this to my Apache configurations too.
Let’s Encrypt
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open.
https://letsencrypt.org/
I used the following commands to install the letsencrypt tools on my server and generate a certificate:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto -a webroot \
-d www.{{domain-name}} -d {{domain-name}} \
--webroot-path ~{{domain-owner}/htdocs/ certonly
I enabled the Apache SSL module (a2enmod ssl) and added NameVirtualHost *:443 to ports.conf, then added the following lines to the server configuration for my site:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.{{domain-name}}/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.{{domain-name}}/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.{{domain-name}/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
The certificate expires after 90 days so I installed a script to automatically renew it and called it at regular intervals from /etc/crontab:
#!/bin/sh
# from https://letsencrypt.org/howitworks/
if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
service apache2 reload
The site now scores an A on the Qualys SSL Labs SSL Server Test.
Update: Images were being blocked by Firefox until I updated my WordPress configuration (wp-config.php) to change the protocol to https in the following settings:
define('WP_SITEURL', 'https://' . $_SERVER['SERVER_NAME'] . '{{home-path}}');
define('WP_HOME', 'https://' . $_SERVER['SERVER_NAME'] . '/');
define('WP_CONTENT_URL', 'https://' . $_SERVER['SERVER_NAME'] . '{{content-path}}');
If these are not configured in wp-config.php you will need to update the settings in your WordPress Control Panel under Settings / General / WordPress Address and Settings / General / Site Address.
Tested on Debian Wheezy with Apache 2.2.22 and Debian Jessie with Apache 2.4.10.
LVM Resize
The /tmp volume on my desktop Linux system is too small, causing system updates to fail. The steps to enlarge the underlying LVM volume and file system to 1GB are:
# lvextend -L1G /dev/vg/tmp
# resize2fs /dev/vg/tmp
I could also have used:
# lvextend -L+1G /dev/vg/tmp
followed by resize2fs to add 1GB to the volume.