Assume you have an application that is bound to a machine with a certain hostname, MAC address or hostid. If this machine shall be replaced and you don't want to setup a new (virtual) machine just for this application, you can follow these explanations to start this application in a light-weight container using library preloading and Linux namespaces on an arbitrary machine.

The script and source code can also be found in my Github repository.

To pretend a certain MAC address or hostname, we can use Linux namespaces and create a virtual ethernet device with the required MAC and set an arbitrary hostname without disrupting the operation of other processes. New namespaces for a child process can be created with the unshare command. In this case we create a new network and UTS namespace:

unshare -n -u <child_command>

Afterwards we create a pair of virtual ethernet (host0 and guest0) devices with:

ip link add name host0 type veth peer name guest0

To move the guest0 interface into the new namespace we use the following command:

ip link set guest0 netns $pid_of_child_cmd

In the following, we can set custom IP and MAC addresses on both interfaces.

In order to modify hostname resolution, we build a library that intercepts calls to the libc. The resolution is done by the gethostbyname function. Therefore, we create the following function that first gets the address of the real gethostbyname in libc and then returns either the resolution of "newhost" in case the application requests "oldhost" or the real host for all other names.

struct hostent * gethostbyname(const char *name) {
if
(!real_gethostbyname) {
real_gethostbyname
= dlsym(RTLD_NEXT, "gethostbyname");
}
  if (!strcmp(name, "oldhost")) {
return
real_gethostbyname("newhost");
}
else {
return
real_gethostbyname(name);
}
}

To use this library, we have to call our application in the following way:

LD_PRELOAD=/path/to/libinject.so myapplication

If the application offers services over the network, one can use well-known port forwarding mechanisms in the host namespace, e.g., iptables or socat.

 

Initialization

Create a GPT partition table with gdisk that automatically takes care of 4k disks:

gdisk /dev/sdX

press "n" for "new partition" and choose the defaults for following questions to create a partition that uses the whole disk. Afterwards, write the changes with "w" to the disk.

Create an encrypted LUKS container, ArchWiki suggests to use aes-xts-plain64 instead of aes-xts-plain for disks >2TB:

cryptsetup -c aes-xts-plain64 -s 512 luksFormat /dev/sdX1

"-s 512" sets the encryption to AES-256 (no typo). Afterwards open the container with:

cryptsetup luksOpen /dev/sdX1 mycontainer

This creates a file /dev/mapper/mycontainer that we use as new target to create the Btrfs filesystem:

mkfs.btrfs -L mylabel /dev/mapper/mycontainer

Now mount the new filesystem:

mount /dev/mapper/mycontainer /mnt/mycontainer/

Subvolumes

Different guides suggest to immediately create a subvolume as it eases further operations, e.g. rollbacks:

btrfs subvolume create /mnt/mycontainer/main

Afterwards, we set this subvolume as default:

btrfs subvolume set-default main /mnt/mycontainer/main

Unmount and remount the new default volume:

umount /mnt/mycontainer/
mount /dev/mapper/mycontainer /mnt/mycontainer/

If you want to mount the root volume later, use:

mount /dev/mapper/mycontainer /mnt/mycontainer/ -o subvol=/

Redundancy

If you decide that redundancy would be good afterwards, you first add a second device:

btrfs device add /dev/sdY1 /mnt/mycontainer/

and to truly mirror the data, you have to start a balance run with:

btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/mycontainer

The progress of this operation can be checked with:

btrfs balance status /mnt/mycontainer/

References

https://btrfs.wiki.kernel.org/index.php/Main_Page#Documentation

https://btrfs.wiki.kernel.org/index.php/Using_Btrfs_with_Multiple_Devices

https://btrfs.wiki.kernel.org/index.php/Balance_Filters

After switching to CSSU-thumb, which improves load times and responsiveness on the n900 by using the Thumb2 ISA of ARM, I tried to test the latest Nemo Mobile release. I reinstalled the u-boot bootloader and setup the menu entries. However, after a reboot neither Nemo nor Maemo booted and I only got into the u-boot console. If you don't have your tools/cables at hand to reflash from the PC, you can do the following to boot Maemo with a kernel from a SD card:

  1. Put the SD card into your PC and mount /dev/sdX1 and /dev/sdX3. The latter must use a FAT filesystem (I used a SD card with the Nemo partitions on it).
  2. Get flasher 3.5. As the Nokia website is not available anymore you can use this mirror
  3. Get the latest kernel-cssu package, e.g., this one
  4. Unpack the .deb using
    ar x kernel-cssu_2.6.28-10cssu3_armel.deb
    execute
    tar -xvzf data.tar.gz
    and afterwards you'll get a file similar to boot/zImage-2.6.28.10-cssu3.fiasco
  5. Extract the kernel from this file using
    flasher-3.5 -F zImage-2.6.28.10-cssu3.fiasco -u
    convert the resulting zimage to an uimage using
    mkimage -A arm -O linux -T kernel -C none -a 80008000 -e 80008000 -n maemo \
    -d zImage uImage
    and place the uimage into the filesystem of /dev/sdX3.
  6. Create a file, e.g., uboot-maemo.cmd, with the following content (remember that \ means you should put the following line at the end of this line without the \ ):
    setenv setup_omap_atag 1
    setenv bootcmd 'fatload mmc 0:3 0x86008000 uimage; bootm 0x86008000;'
    setenv bootargs 'init=/sbin/preinit ubi.mtd=rootfs root=ubi0:rootfs \
    rootfstype=ubifs rootflags=bulk_read,no_chk_data_crc rw console=ttyMTD,log \
    console=tty0 snd-soc-rx51.hp_lim=42 snd-soc-tlv320aic3x.hp_dac_lim=6' boot
  7. With the following command we create a boot.scr from this file that should be placed in /dev/sdX1:
    mkimage -A arm -O linux -T script -C none -a 0 -e 0 -n mybootmenu \
    -d uboot-maemo.cmd boot.scr
  8. Unmount the partitions, put the SD card into the n900, reboot the device and make sure that the keyboard is open (so you'll see the u-boot menu)
  9. Select u-boot console in the menu and type
    run sdboot
    This executes the boot.scr from the SD card and afterwards Maemo should boot and you can reflash a working kernel from within Maemo. Sometimes Maemo doesn't start after the first attempt, please try to boot it 2-3 times in a row before you try something else.

References:

 

Librapl is a library that simplifies access to the RAPL values in MSR registers of modern Intel CPUs, e.g., SandyBridge or IvyBridge processors. It also contains a sample application that can either print the current energy consumption on the console or write the values with a Gnuplot-friendly format in a file. Currently it provides the consumption of the package, the CPU and GPU as well as peripheral components (uncore).

Source code: librapl on Github

Example of librapl with Gnuplot on a 4-core IvyBridge processor:

RAPL diagram

mplugd is a daemon that listens on events (e.g. xrandr or pulseaudio) and executes user-defined actions on certain events. In contrast to other approaches, it listens to events by registering callback handlers instead of polling and parsing tool output. Event processing is done through a threaded producer/consumer architecture that can be extended by plugins to insert new event types. Actions can be defined using INI-like rule files or simple scripts.

A common use-case is automatic configuration of plugged-in devices like HDMI or DisplayPort displays including switch of audio output using pulseaudio.

Source code: mplugd on GitHub

Thanks to the work of mgorny and others, working multilib support starts to supersede the need for emul* packages. So, you'll only have those 32bit libraries on your system that you really need. Note: the following is my impression as a user, I'm not a developer.

The first emul package that is replaced is emul-linux-x86-xlibs. emul-linux-x86-xlibs-20130224-r1 has been introduced as a meta package that depends on the new single multilib-enabled ebuilds (the -r1 version itself does not install any file!). Therefore, old ebuilds can depend on the new -r1 version and still get all 32bit x11 libs. As a user, you'll have to do the following if you want to transit from the emul-*-xlibs package to the split ebuilds and keep all the libraries that were also installed with the emul package:

  • Add the following list of packages to /etc/portage/package.accept_keywords:
    =x11-proto/xineramaproto-1.2.1-r1 ~amd64
    =x11-libs/libXinerama-1.1.2-r1 ~amd64
    =x11-libs/libXScrnSaver-1.2.2-r1 ~amd64
    =x11-libs/libXau-1.0.7-r1 ~amd64
    =x11-proto/xextproto-7.2.1-r1 ~amd64
    =x11-libs/libXpm-3.5.10-r1 ~amd64
    =x11-libs/libXxf86dga-1.1.3-r1 ~amd64
    =x11-proto/xf86vidmodeproto-2.3.1-r1 ~amd64
    =x11-libs/libXft-2.3.1-r1 ~amd64
    =x11-proto/xf86bigfontproto-1.2.0-r1 ~amd64
    =x11-proto/xf86dgaproto-2.1-r2 ~amd64
    =x11-libs/libXtst-1.2.1-r1 ~amd64
    =x11-libs/libpciaccess-0.13.1-r1 ~amd64
    =x11-libs/libXext-1.3.1-r1 ~amd64
    =x11-libs/libX11-1.5.0-r1 ~amd64
    =x11-libs/libvdpau-0.5-r1 ~amd64
    =x11-libs/libXvMC-1.0.7-r1 ~amd64
    =media-libs/fontconfig-2.10.2-r1 ~amd64
    =x11-proto/renderproto-0.11.1-r1 ~amd64
    =x11-libs/libXmu-1.1.1-r1 ~amd64
    =x11-libs/libXxf86vm-1.1.2-r1 ~amd64
    =x11-proto/recordproto-1.14.2-r1 ~amd64
    =x11-libs/libxcb-1.9-r1 ~amd64
    =x11-proto/compositeproto-0.4.2-r1 ~amd64
    =x11-proto/xproto-7.0.23-r2 ~amd64
    =x11-proto/xcb-proto-1.8-r1 ~amd64
    =x11-libs/libXcomposite-0.4.4-r1 ~amd64
    =x11-libs/libXt-1.1.3-r1 ~amd64
    =x11-libs/libXp-1.0.1-r1 ~amd64
    =x11-proto/inputproto-2.3 ~amd64
    =x11-libs/libXrandr-1.4.0-r1 ~amd64
    =x11-libs/libXv-1.0.7-r1 ~amd64
    =x11-proto/scrnsaverproto-1.2.2-r1 ~amd64
    =x11-libs/libXcursor-1.1.13-r1 ~amd64
    =x11-proto/randrproto-1.4.0-r1 ~amd64
    =x11-libs/libXaw-1.0.11-r2 ~amd64
    =media-libs/freetype-2.4.11-r2 ~amd64
    =x11-proto/printproto-1.0.5-r1 ~amd64
    =x11-libs/libXfixes-5.0-r1 ~amd64
    =x11-libs/libXi-1.7 ~amd64
    =x11-proto/videoproto-2.3.1-r1 ~amd64
    =x11-libs/libXrender-0.9.7-r1 ~amd64
    =dev-libs/libpthread-stubs-0.3-r1 ~amd64
    =x11-libs/libICE-1.0.8-r1 ~amd64
    =x11-proto/damageproto-1.2.1-r1 ~amd64
    =x11-proto/kbproto-1.0.6-r1 ~amd64
    =x11-libs/libXdmcp-1.1.1-r1 ~amd64
    =x11-libs/libSM-1.2.1-r1 ~amd64
    =x11-libs/libXdamage-1.1.4-r1 ~amd64
    =x11-proto/fixesproto-5.0-r1 ~amd64
  • If you are not already using the latest emul-* packages, you also have to install the latest version of all other emul packages you use as they depend on each other. E.g. you can simply add the following to the list above:
    app-emulation/emul-linux-x86-qtlibs ~amd64
    app-emulation/emul-linux-x86-baselibs ~amd64
    app-emulation/emul-linux-x86-compat ~amd64
    app-emulation/emul-linux-x86-db ~amd64
    app-emulation/emul-linux-x86-xlibs ~amd64
    app-emulation/emul-linux-x86-medialibs ~amd64
    app-emulation/emul-linux-x86-soundlibs ~amd64
    app-emulation/emul-linux-x86-sdl ~amd64
    app-emulation/emul-linux-x86-opengl ~amd64
    app-emulation/emul-linux-x86-gtklibs ~amd64
  • Due to a communication problem, you have to add the following to /etc/portage/package.unmask:
    =emul-linux-x86-xlibs-20130224-r1
  • Add ABI_X86="64 32" or the abi_x86_32 use flag to your defaults in make.conf
  • Update your system as usual. It should work without further intervention.

Only after all ebuilds - that you use and that depend on emul-linux-x86-xlibs - are updated, you can add the abi_x86_32 use flag only to those packages that you really need and you can remove emul-linux-x86-xlibs.

If you don't want to migrate you can stay with the stable or the latest emul packages before the -r1 as long as they are in the official tree. Mixing <emul-linux-x86-xlibs-20130224-r1 with already enabled 32bit multilib ebuilds will not work out.

A corresponding thread in the forum: http://forums.gentoo.org/viewtopic-p-7268388.html

UPDATE (2013-04-22): Looks like you have to add the following to /etc/portage/package.unmask as well (see Bug #466546):

=media-libs/fontconfig-2.10.2-r1
=media-libs/freetype-2.4.11-r2
=x11-libs/libXft-2.3.1-r1

 

 

In this article, I describe in what points my installation of Gentoo Linux on the Lenovo Thinkpad T530 2429-2UG differs from the official guide at http://www.gentoo.org/doc/en/handbook/. Some configs and scripts can be found in my T530 git repository at github.com.

Partitioning and SSD optimizations

As space on SSDs is expensive, I moved away from my usual habit to keep Windows (fresh install consumes 37GB) as a backup OS on the disk. To enable recovery, I made a backup of the three partitions using partimage and stored the images on a different host using NFS (partimage also has an own network protocol). Afterwards, I wiped the whole SSD using so-called secure erase (https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase). This way, all blocks should be marked as empty (see TRIM). As the BIOS issues the freeze command, one has to do a suspend-to-ram cycle before secure erase is possible. Because the Gentoo installation image does not support this, I used an Ubuntu image to issue the erase command.

If you understand german, there is also a collection of SSD-related articles on ubuntuusers.de.

To keep up with state of the art, I switched to GPT partitioning (and therefore grub2). For GPT, one simply uses gdisk instead of fdisk. This way, it also automatically handles proper sector alignment. As I was not exactly sure, how my final partitioning scheme will look like (e.g., I might encrypt some directories), I used LVM to allow new "partitions" or changing their size afterwards. For the beginning, I created two logical volumes for / and /home. As my T530 has 8 GB Ram and I have a SSD, I did not create a swap partition. For a LVM howto, see the Gentoo wiki. To pass-through TRIM commands, one has to enable the issue_discards option in the LVM config file.

Update: If you plan to boot with UEFI instead of BIOS, also create a small GPT partition with 200-500 MB. Booting with UEFI and grub2 works so far, but I didn't notice any improvements.

As filesystem, I chose the standard: ext4. To avoid write accesses, I mounted /tmp using tmpfs and mounted /var/tmp using -o bind to /tmp. Additionally, I linked ~/.thumbnails to /tmp/, deactivated the browser cache and configured Thunderbird to not store the emails on my disk. Usually, I always have a fast internet connection, so this is not a problem for me.

In order to keep /var/log/ in a tmpfs as well, I wrote a small initscript that will rsync chosen files at startup/shutdown with a permanent storage on the SSD. The script and instructions can be found here.

I am also experimenting with a reduced portage tree as described here. An actualized version of the script can be found in my T530 git repository. In my case, it reduced the portage size from 830MB to 124MB.

With the following command, IO accesses can be monitored: iotop -aobPq -d 4 . As I'm using LVM, all accesses to the actual hard disk should be accumulated in the lines with processes named like "[jbd2/dm-0-8]".

Kernel

As my T530 contains new devices, I directly started with the 3.4.5 gentoo-sources kernel. My kernel .config can be found in my T530 git repository.

Sound

Sound works out-of-the-box so far with the Intel HDA and Realtek module. However, if you're using a docking station, the headphone jack is not working automatically, yet. The model=thinkpad parameter seems to work for pre-IvyBridge models only. With hda-analyzer I found the required settings that can be set using the commandline with the hda-verb tool and following commands:

./hda-verb /dev/snd/hwC0D0 0x1b SET_PIN_WIDGET_CONTROL 0x40
./hda-verb /dev/snd/hwC0D0 0x1b SET_AMP_GAIN_MUTE 0xb000
./hda-verb /dev/snd/hwC0D0 0x1b SET_CONNECT_SEL 1

Probably this is true for other [TWX][45]30 models as well. A script can be found in my T530 git repository. If you hear a click during suspend/resume, this is caused by the laptop-mode-tools that put the device to sleep. This can be deactivated in the laptop-mode configs.

Update: Thanks to Takashi Iwai, the following kernel patches enable the jacks in the docking station and, if necessary, allow to force this settings using a model=lenovo-dock kernel parameter: Patch 1, Patch 2. They should be included in kernel version 3.6 or 3.7.

Update: Regarding DisplayPort/HDMI audio output see this part.

Network interfaces

Wired ethernet interface works out-of-the-box with the e1000e module.

For wireless connection, the iwlwifi module and the firmware in sys-firmware/iwl6005-ucode are required. If you plan to install Gentoo over WLAN, copy the firmware onto a USB stick and after booting into /lib/firmware. If your connection gets stuck with a 11n router, try adding iwlwifi.wd_disable=1 and/or iwlwifi.11n_disable=1 to your parameters until the bug is fixed in a new kernel version.

Graphics

My T530 contains the HD4000 GPU in the IvyBridge processor and a dedicated Nvidia NVS 5400M. Both work out-of-the-box. If the system freezes after booting the kernel try adding the nomodeset parameter to the kernel parameters. For now, I choose the integrated GPU when on batteries and the dedicated GPU in the docking station (the DVI port on the docking station is an internal DisplayPort interface, and all DisplayPorts are only connected to the dedicated GPU).

Update: I installed Bumblebee through portage and it seems to work so far, except that it looks like the current nouveau module does not support 3D acceleration on this card, yet. I will test again with a newer kernel. The installation is pretty easy, just unmask and install, add user to bumblebee group and start bumblebee and vgl during boot. For nouveau support, you have to build it as separate module, not builtin in the kernel.

Update: Displayport works out-of-the-box with my DP-2-HDMI cable. Only issue was the sound. Auto-detection of pulseaudio seems to have a bug and you have to manually configure the audio sinks as described in the ArchWiki. Afterwards, you just have to redirect the output of your application to the HDMI device (default is internal audio) using kmix, for example.

Other stuff

The webcam works with uvcvideo module. I added some lines to the actions file of the acpid in order to dynamically (un)load the module after pressing the function key.

Other things like the Cardbus slot and Firewire are untested, yet. As I never used Cardbus and Firewire so far, I deactivated both in the BIOS for security (I don't know if they still allow attached devices direct memory access).