Monday 24 December 2012

Keeping a LiveCD distribution up-to-date

After learning how to put a number of LiveCD distributions in a USB stick (all with persistent modes): http://angel-de-vicente.blogspot.com.es/2012/11/multi-boot-usb-stick.html, I have quickly started using that quite a lot, and it has soon become clear that after a while I need to keep the distributions up-to-date. So, I learnt how to keep the distribution relevant and up-to-date and the persistent file small enough. I mostly followed http://this.is.thoughtcrime.org.nz/multi-boot-bt5-from-usb-with-grub2, but I modified slightly:


angelv@palas:~$ mkdir /tmp/iso /tmp/squash
angelv@palas:~$ sudo mount -o loop /media/angelv/angelv/ubuntustudio-12.10-dvd-amd64.iso /tmp/iso
[sudo] password for angelv: 
mount: warning: /tmp/iso seems to be mounted read-only.
angelv@palas:~$ sudo mount -o loop /tmp/iso/casper/filesystem.squashfs /tmp/squash


angelv@palas:~$ mkdir /tmp/changes
angelv@palas:~$ sudo mount /media/angelv/angelv/persistent/ubuntustudio/casper-rw /tmp/changes

angelv@palas:~$ mkdir /tmp/merged
angelv@palas:~$ sudo mount -t aufs -o br=/tmp/changes=rw:/tmp/squash none /tmp/merged

angelv@palas:~$ sudo mksquashfs /tmp/merged/ ~/ubuntustudio.squashfs
angelv@palas:~$ sudo umount /tmp/merged /tmp/squash /tmp/changes 

angelv@palas:~$ mkdir -p ubuntu_studio_changed/casper
angelv@palas:~$ mv  ubuntustudio.squashfs ubuntu_studio_changed/casper/filesystem.squashfs
angelv@palas:~$ mkdir /tmp/newiso
angelv@palas:~$ sudo mount -t aufs -o br=ubuntu_studio_changed=rw:/tmp/iso none /tmp/newiso
angelv@palas:~$ 

angelv@palas:~$ cd /tmp/newiso/
angelv@palas:/tmp/newiso$ sudo genisoimage -R -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -o /home/angelv/new_ubuntu_studio.iso /tmp/newiso/

angelv@palas:/tmp/newiso$ cd
angelv@palas:~$ sudo umount /tmp/newiso 
angelv@palas:~$ sudo umount /tmp/iso 

angelv@palas:~$ mv new_ubuntu_studio.iso /media/angelv/angelv/ubuntustudio-12.10-dvd-amd64.iso
angelv@palas:~$ dd if=/dev/zero of=casper-rw bs=1M count=3072
angelv@palas:~$ mkfs.ext3 -F casper-rw
angelv@palas:~$ mv casper-rw /media/angelv/angelv/persistent/ubuntustudio/casper-rw

I try it, and I can see that I get the same as I had before, but now the casper-rw file is empty, so I can start a new round of customizations. Installation / removal of software goes all to the casper-rw file, so when we recreate the ISO file to incorporate the casper-rw file, we are also generating a ISO file with all the same software as our persistent-mode version.

Saturday 8 December 2012

Remote Desktop with x11vnc

For years now I have been using screen (byobu) for remote connection to my workstation. I do most of my work in the terminal window, so that works well, but for those moments when I needed to also work graphically I have been slowly migrating...

Years ago I was using VNC, but at the time the whole thing was quite slow and a bit frustrating for regular use. A couple of years ago I discovered Xpra, with the up-to-date fork Winswitch. Very nice project: it works like screen but for X11, so I could keep graphical applications open and don't worry about broken internet connections. Also, I didn't have to export the whole desktop, only the applications that I was interested in. The downside was this would generate another X11 session, so that if at work I was doing some exciting work in an application and later I wanted to continue that from home it was not possible. I had to restart the application (not too bad, but a bit cumbersome at times).

In any case I was happy with xpra until I switched to Ubuntu 12.10. For some reason (probably due to the Nvidia drivers I'm using at my workstation) I could not get it working (it was working OK with the same hardware and Ubuntu 11.10, so perhaps I just had to spend some more time configuring it), so I gave up and tried x11vnc. x11vnc will export the whole desktop (I would prefer just individual applications), but not a new one, just your "real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away".  This has the advantage that I don't have to plan in advance when I'm going to work remotely or end up (as it was happening often to me before) with the same application open twice (one in my real X11 display and another one in the virtual one created by xpra). I was expecting, as for my old VNC experience, sluggish behaviour again over my home ADSL connection, but I was pleasantly surprised.

Installation was very easy. At the workstation apt-get install x11vnc, and at the laptop apt-get install  ssvnc

Running it is also very easy. After reading the manual page, I first generated a vnc password with the command vncpasswd, and then I came up with the following command line to run at the workstation:

x11vnc -display :0 -rfbauth .vnc/passwd -localhost -rfbport 5900 -forever -ncache -bg -o .vnc/x11vnc.log

The arguments mean in turn: it will attach to the "real X11 display" (-display :0) in my workstation;  it will use the previously generated .vnc/passwd file for authentication; for extra security it will allow only connections from localhost (obviouly I didn't get this working to connect physically from my workstation at work, but from my home laptop I create a ssh tunnel to the port 5900, so that when I connect to x11vnc via the viewer, the connection looks like it came from localhost); it will use port 5900; the server will not quite after the viewer exits, so this will be available forever; it will send extra information to the viewer, so it can cache portions of the display to make it work faster; -bg will send it to the background, and a log will be generated at .vnc/x11vnc.log.

Connecting remotely to my workstation is then performed via ssvnc. I just connect to localhost (will use by default port 5900, which is being tunnelled to my workstation):



Also, the -ncache option sends a lot of extra data that I don't want to see, so you can do that by cropping the display in the Y direction (in my case to 1024 pixels, which matches the resolution at my workstation):




With that in place, the experience is pretty good. Don't take my word for it and see a recording of it in action:  https://vimeo.com/55151357


EDIT (13/12/2012): In order to avoid other people interacting with my workstation when I'm connected remotely I came up with the following solution, which works pretty well. This is not bulletproof, and a malicious user could easily jump these protections, but to avoid accidental use of my workstation while I'm working remotely is sufficient. I now run x11vnc as:

x11vnc -display :0 -rfbauth .vnc/passwd -accept "/home/angelv/.vnc/turnoffconsole.sh" -gone "/home/angelv/.vnc/turnonconsole.sh" -localhost -rfbport 5900 -ncache -forever -o .vnc/x11vnc.log

The only difference is the -accept argument, which points to turnoffconsole.sh (this will: physically turn off the monitors, and they will not come back to life by moving the mouse or typing at the keyboard; disable the mouse and the keyboard, so somebody cannot interact with my session even accidentally):

#!/bin/bash                                                                                                                                                   
sudo vbetool dpms off
xinput set-prop "Dell Dell USB Keyboard" "Device Enabled" 0
xinput set-prop "Dell Premium USB Optical Mouse" "Device Enabled" 0


and the -gone argument, which points to turnonconsole.sh (which will revert the stuff done by turnoffconsole.sh):

#!/bin/bash                                                                                                                                                   
sudo vbetool dpms on
xinput set-prop "Dell Dell USB Keyboard" "Device Enabled" 1
xinput set-prop "Dell Premium USB Optical Mouse" "Device Enabled" 1


vbetool needs to be run with administrator privileges, but I include myself in the sudoers list (with visudo), so that I don't need to type the password for it:

angelv ALL=NOPASSWD:/usr/sbin/vbetool