Lindqvist -- a blog about Linux and Science. Mostly.

15 April 2013

387. Compiling Wine 1.5.28 in a i386 chroot on Debian Wheezy amd64

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

UPDATE: for those who don't want to compile and are willing to take a minor risk* there are pre-built debs for mepis here: http://main.mepis-deb.org/mepiscr/testrepo/pool/test/w/wine/
They are provided by Steve Pusser, who is an active member at the debian forums.

* I presume, but don't actually know, that they are compatible with debian due to 1) Steve being active on the debian forums and 2) Mepis being based on debian stable (currently Squeeze)

Original post

New version of wine out now: 1.5.28.

Not much to get excited about from what I can tell, but wine now relies on GnuTLS instead of openssl.

Here's how to build it -- a lot of it is shamelessly recycled from earlier posts on this blog.

Getting started:
If you set up a chroot to build 1.5.27 before, you don't need to set up a new chroot to build 1.5.28. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

Setting up the Chroot

mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.28.tar.bz2
tar xvf wine-1.5.28.tar.bz2
cd wine-1.5.28/
./configure
time make -j2
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.28
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.28 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.28 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.28 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Compilation took ca 19 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.28$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.28/wine_1.5.28-1_i386.deb .
sudo chown $USER wine_1.5.28-1_i386.deb
sudo dpkg -i wine_1.5.28-1_i386.deb

Links to this post:
http://forum.winehq.org/viewtopic.php?f=8&t=18924

12 April 2013

386. Briefly: Lenovo Thinkpad SL410 mute volume key

I'm a bit tired of the mute button on my keyboard not working (anymore?) on Debian Testing/Wheezy, so it was time to have a look at what could be done.

The issue
On an SL410 there are four buttons to the left of the keyboard: mute mic, volume up, volume down and mute.

Neither of them show up when using xev or showkey. The Volume Up and Down keys work, but not the mute mic or mute volume ones.

You can get the keycodes by monitoring dmesg -- pushing Mute volume three times I get

[ 2392.912282] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.447050] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.930206] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000

The problem is that the keycode keeps changing -- the mute key has a different value depending on what the volume is.

mute mic    ?????
vol up/down 0x1439080,0x339080,00,09,13,1b,21,25,29,2d,30,33
mut vol     0x1439000, 339029

Anyway.

Solution

You'll probably find that thinkpad_acpi is loaded:

lsmod|grep thinkpad_acpi

Unload it:

sudo rmmod thinkpad_acpi

Now press the mute button -- did an orange light show under it? That means it's working.

I think the issue is that SL410 isn't a true thinkpad -- it's really an ideapad and the firmware doesn't match.

To make the change permanent,

edit /etc/modprobe.d/thinkpad-blacklist.conf

blacklist thinkpad_acpi

thinkpad_acpi shouldn't load on boot anymore.

Mute mic still doesn't work.

11 April 2013

385. OTPW -- connecting from an insecure computer using one-time passwords

I got inspired to look into this by this post: http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw

The idea of one time passwords is fairly simple -- even if someone manages to keylog your password (or see you type it in) it will be useless to them, as it can only be used once.

The implementation is also fairly simple: if you divide a password in half, and only let one half be static (the prefix) and the other half come from a pre-agreed list (the suffix), you can have a secure way of changing your password in a practical way.

Let's say that I decide that the static, prefix part should be 'ice' and that we make a pre-agreed list of suffices that we can use to make passwords:
001. box
002. flower
003. icle
004. skating
005. fishing

You should print this list and keep it reasonably safe. Without the prefix it is not useful. Likewise, any keylogger on a compromised computer will find out the prefix, but it will be useless without the suffix list. So keep that it in mind -- make sure that no-one gets hold of both.

You then try to log in via ssh from a remote client, and you get prompted for password 004 -- this means that the password you need to use is iceskating.

In real-world applications the suffixes are random, and not at all related to the prefix. Also, once the list has been generated it is not stored (so you better print it) -- only the hashes or the complete passwords are.

Note that the choice isn't really between OTPW and regular static password -- you can use both, just like you can use SSH with both key and password.

Set up
http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw?page=0,2 deals with a number of different use scenarios. I'm only interested in enabling OTPW for remote SSH at this stage i.e. local login is using static passwords by default.

(if you're travelling with a laptop you may consider using OTPW for everything)

You need libpam-otpw. In addition, otpw-bin is useful for generating the suffix/hash list.

sudo apt-get install libpam-otpw otpw-bin

Generate a list of hashes and suffices:

otpw-gen|tee otpw.list

Print the list and delete it afterwards.

You now have a ~/.otpw file filled with hashes.

Create /etc/pam.d/ssh-otpw.


auth           sufficient      pam_otpw.so
session        optional        pam_otpw.so

and edit /etc/pam.d/sshd -- include the ssh-otpw file immediately before common-auth to set the order of log in methods.


auth       required     pam_env.so # [1]
auth       required     pam_env.so envfile=/etc/default/locale

@include ssh-otpw
@include common-auth

account    required     pam_nologin.so

@include common-account
@include common-session

session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
@include common-password

This way, if there's a ~/.otpw file you'll first be prompted for a one-time password. Otherwise that option will be skipped, so users with and without OTPW can co-exist happily.
In /etc/ssh/sshd_config, set


ChallengeResponseAuthentication yes

and make sure that UsePrivilegeSeparation and UsePAM are also set to yes (should be on Debian Wheezy).

sudo service ssh restart

and that's it!

Testing
To test, use a different computer and try to log in. I've got all my local computers set up to use keys to log in, so I had to to

ssh -o PubKeyAuthentication=no me@beryllium

Password 267:

In my list, 267 was given as

dfuF XE+L

so (pretending that my prefix was ice) my password was icedfuFXE+L.
If you answer that challenge wrong, you'll be asked for your static password instead. If you want to keep that secret, then interrupt the connection and retry.

Easy!

Once you start running out of password, run otpw-gen again for a new list.

Pages