Configuration blog

Introduction

On my Packard Bell notebook (EasyNote BG48) the log is flooded with the following message:

pciehp 0000:00:1c.5:pcie04: Card not present on Slot(37)

I tried also other distributions, but all gave the same error. Only when using the Ubuntu 8.04 LTS release the error does not occur, but then the sound and network are not working. The hardware is too recent to be supported in the 8.04 LTS release. So the only option was to compile the kernel myself. Several instructions can be found, but not for Lucid Lynx.

The instruction down here are performed on one of the latest Lucid Lynx pre-releases, but are expected to work on Lucid Lynx and likely also on Karmic.

Setup for building the kernel

So here are the steps I went through, all steps were performed as root. sudo each statement or sudo -i and continue as root

• apt-get install kernel-package

The Linux headers were already installed (needed for installs of VMWare Player / VirtualBox)

• apt-get install linux-headers-generic
• apt-get install linux-headers-generic-pae (pae is installed as the machine has 4GB)

Install the linux-source package (don’t select the one with the version number, the generic one will ensure that all versions do match)

• apt-get install linux-source

The install process placed the tarball into /usr/src

• cd /usr/src

Untar the tarball

• tar jxvf linux-source-2.6.32.tar.bz2

The build processes expect the source in /usr/src/linux, make a symbolic link

• ln -s linux-source-2.6.32 linux

To be able to use gconfig the gtk packages are required, so install these packages

• apt-get install libgtk2.0-dev libglib2.0-dev libglade2-dev

The sources as installed now will not compile. I had to make a fix in the code (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/505420)

• gedit /usr/src/linux/ubuntu/omnibook/Makefile

Solution is to move line where PWD is set (PWD = $(shell pwd)) out of “ifeq ($(KERNELRELEASE),)”
In my file the top lines look now

#Module informations

MODULE_NAME = omnibook
MODULE_VERSION = 2.20090707
MODULE_BRANCH = trunk

PWD = $(shell pwd)
#… continued

Building the kernel

Not sure if really required, but I did run the command.

• make-kpkg clean

Run the following commands from the linux directory, so first goto the linux directory

• cd /usr/src/linux

The first step is to define the configuration of the new kernel.

• make gconfig

The starting point for gconfig is the current environment. The “trouble making module” is the PCI Express Hotplug driver, so exclude that driver from the list. (I didn’t do so but likely you can exclude a lot of drivers as you know your hardware).

Deselect the PCI Express Hotplug driver

For your information you can run

• make help | less

Now it is time to start the build process.

• make all

Do something else, the make all process will run for a very long time … Than if the build is successful run the following commands

• make modules_install
• make install

Deploy the new kernel

Goto the boot directory

• cd /boot

In this directory several +drm33.2 files do now exist. The initrd file is not there, so create this file

• update-initramfs -c -k 2.6.32.11+drm33.2

The last thing before rebooting is to update grub, so edit the boot config

• gedit /boot/grub/grub.cfg

If not done chmod +w /boot/grub/grub.cfg to make the file writable

Copy the top menu entry and make the changes to 2.6.32.11+drm33.2. Do not use mine top entry as the uuid is machine specific and will fail on your machine. My top entry looks as follows:

menuentry 'Ubuntu, with Linux 2.6.32.11+drm33.2' --class ubuntu --class gnu-linux --class gnu --class os {
recordfail
insmod ext2
set root='(hd0,3)'
search --no-floppy --fs-uuid --set 54819eaf-c70c-4398-a24c-e7c3bdf1880e
linux /boot/vmlinuz-2.6.32.11+drm33.2 root=UUID=54819eaf-c70c-4398-a24c-e7c3bdf1880e ro
initrd /boot/initrd.img-2.6.32.11+drm33.2
}


Reboot

After reboot the new kernel should start and no longer flood the logs. My wireless network and sound(capture) do work. To understand more of the drm33.2 numbering see http://kernel.ubuntu.com/~kernel-ppa/info/kernel-version-map.html

After the upgrade from 9.04 to 9.10 Rational Software Architect continued to function. With one of the updates of Ubuntu early December RSA stopped functioning. I couldn’t figure out and continued with a 9.04 environment.

Luckily somebody else to the effort the find the cause of the problem and fixed. Actually three problems are resolved:

• with a fresh install of 9.10 the libstdc++5 is required (after an upgrade the libstdc++5 still exists)
• Rational Software Architect does no longer start
• the need to use the keyboard to click on a button (in the wizards)

Here is the link to the resolution

Today after a software update and reboot the encrypted disk (see other post) was not mounted and also the AT&T Global Network Client was not working. The strange thing was that no output was written to the truecryptmount.log file. The truecryptmount script starts with writing to the log, so this was very weird.

It turned out that the upstart package was upgraded from version 0.6.3-10 to 0.6.3-11. I performed the following steps:

• open Synaptic Package Manager
• quick search to upstart
• select the package
• select Package – Force Version
• select version 0.6.3-10
• apply the changes
• select the package
• select Package – Lock Version

After a reboot the system worked as before.

The install of RSA on Ubuntu hangs during the install of the WebSphere Server. The shell is not the one found on the supported platforms (including RedHat). If you make the following changes to the active shell, the install will work and the RSA workbench as well.

$ sudo unlink /bin/sh
$ sudo ln -s /bin/bash /bin/sh

Not yet tested on Karmic (9.10). The install might require the libstdc++5 as well.

I used to run the Ubuntu server kernel on my desktop machine to use all 4GB memory. The server kernel was by default enabled for Physical Address Extension (PAE).

With Karmic the package linux-generic-pae is part of the desktop distribution of Ubuntu. After enabling the PAE, VirtualBox did not compile. For compilation the the headers required. So to do the install of the pae package including the headers use:

sudo apt-get install linux-generic-pae linux-headers-generic-pae

I have setup my laptop in such way that during startup my home directory is mounted on a Truecrypt encrypted device using the keyfile from an USB stick. Here follows the explanation of the challenges, the resolutions, the script with the installation instructions, and some hints and tips.

Challenges and resolutions

Running Truecrypt without GUI or prompt

The script must run before the user logs in and the machine is running in text mode. The first step is to enable the -t (=text) option. But if no all parameters are provided then Truecrypt prompts to set the parameter. The prompt requests for No/Yes, but the parameter on the command line is not No nor N but no. The password options is set to “” indicate that no password should be used.

Running the script at the right moment

The script is placed in /etc/init.d with the execution flag turned on. The standard and easy way to make the script run at startup is to run “update-rc.d truecryptmount defaults”. Doing this will start the script, but it doesn’t do its work as the USB stick is not visible. So the script must run later. On the other end if the computer is being shutdown then user applications have files open when not all user tasks have been stopped, preventing a clean umount.

Unmounting the USB stick

The USB stick is mounted during startup under root privileges. After logging in with the user account, the USB-stick is shown on the desktop, but cannot be unmounted by clicking unmount. The resolution is to unmount the USB-stick after completion of the mount of the encrypted disk. It will be remounted after logging in as another USB stick/disk unless you remove it before logging (which can be done safely as the script unmounted the stick).

Mounting the encrypted device as home directory

This is an interesting one and requires a good understanding of the solution to prevent mistakes or misconception. For the user account two home directories do exist, but only one of them is visible at the same time. The first home directory is directly at /home/<user>, you get into this home directory if the mount of the encrypted device was not done (no USB stick inserted or an error). This is also the situation as before getting this solution to work. The good point is that if someone ask you to boot your machine you still can do and get a normal environment but without revealing your protected data. The second home directory is on the encrypted device. If the mount of the Truecrypt device completed successful then the encrypted home directory is mounted with the /home/<user> directory as mount point.

The encrypted device is not directly mounted in /home/<user>. First the encrypted device is mounted to a mountpoint under /mnt (if mounted elsewhere then you will get the mount shown on your desktop). On the encrypted device there is the directory that contains the home directory. This directory on the encrypted disk has the proper owner/group rights set. it is this directory that is mounted over the /home/<user> directory.

The following diagram shows how the mounts are done.

Mounts

Manual starting the script

The script can do mount over an /home/<user> directory as it runs before the user is logged in and so accessing files in the /home/<user> directory. Warning: do not run the script with sudo from the user account. Programs have files open, or append to files later that then are no longer the same as of time of read.

Having explained the challenges and resolutions here follow the installation instructions.

Installation instructions

The script

Here is the script file. Use right click and Save link as…, otherwise the file in the browser.

The steps

1. Create a Truecrypt device or container see for example my previous post Truecrypt and EXT4.
2. Open a terminal window
3. Execute all commands as root
   sudo -i
4. Create the mountpoint for the Truecrypt device/container
   sudo mkdir /mnt/encrypt
5. Create the home directory on the Truecrypt device/container
   sudo mkdir /mnt/encrypt/homeuser
6. Set the ownership right for this directory (<user> is your user name)
   sudo chown <user> /mnt/encrypt/homeuser
   sudo chgrp <user> /mnt/encrypt/homeuser
7. Install the script
   cp <downloadlocation>/truecryptmount /etc/init.d
   cd /etc/init.d
   chown root truecryptmount
   chgrp root truecryptmount
   chmod +xxx truecryptmount
   gedit truecryptmount (see below for the changes to make)
   sudo update-rc.d truecryptmount start 88 2 3 4 5 . stop 16 0 1 6 .
   Note the last dot on the line is part of the command

Changes to the script

You can not run the script without making changes to meet your own environment. The changes must be made in the variables section. It is not be necessary to make changes elsewhere. If you don’t have a device encrypted but only a file (but not in your home directory tree!!!) then you can place the file name in the TRUECRYPTVOLUME variable, for the invocation of Truecrypt this is fine. I suggest that you first try the script by mounting the encrypted device over a directory outside your home directory (/mnt/testencrypt), before mounting it over your home directory. When the script is OK copy the contents of your home directory (including the hidden files) to the encrypted directory, and change the script to mount over your home directory.

The logging goes to /var/log/truecryptmount.log
Have fun and keep your private data private.

Hints and tips

Place a file or folder on the Desktop that gives you a visible clue that the Desktop you see is actually the encrypted one.

If I run on battery power the USB stick is not always seen. The resolution is to remove and insert the USB stick again. The stick will be recognized and after a warm restart the USB stick is available when the truecryptmount script runs.

Update 23 October 2009: I’m running now for a couple of months. It turns out that not all USB ports are equal, for one of the USB ports the mount during boot always works.

If you want to remove the script from the startup sequence then issue
sudo update-rc.d  -f truecryptmount remove

If you use the Truecrypt GUI then you can not you the first line to mount another encrypted device. Although nothing is shown the entry is used by the Truecrypt mount during startup. So start with the second entry for additional Truecrypt mounts (example an external drive for backup).