Desktop Setup - Manjaro XFCE 8.7.1

From Vlsiwiki
Revision as of 22:27, 23 October 2017 by Rafaeltp (Talk | contribs)

Jump to: navigation, search

Creating Manjaro Live Installation Media

    diskutil list
    diskutil unmountDisk /dev/disk2 //flash is connected to disk2
    dd of=/dev/disk2 if=/path/to/manjaro-xfce-0.8.7.1-x86_64.iso
    diskutil eject /dev/disk2

Installing Manjaro XFCE 8.7.1 via Installation Wizard

  • Boot from the USB Drive.
  • When prompted type in ‘stat’ press enter to select Manjaro Live.
  • Click on the Manjaro installation manager icon on the Desktop and walk through the installation process.
  • When prompted for a username, choose one that is NOT your SOE login! For example "elnaz_local" rather than my SOE login of "elnaz". Otherwise you will not be able to login to your computer after you setup LDAP.
  • When prompted for a machine name, enter the name that machine is supposed to be (mascd11, omelette, quiche, etc)
  • Selecting 'Edit Partitioning' will launch gparted which will allow you to delete current partitions and/or add new partitions.
    • At least 3 partitions are needed.
      • ~2G storage for /boot and select ‘ext2’ as the format.
      • At least 8-10G for swap and select ‘linux-swap’ as the format.
      • The rest of the storage space can be partitioned as root ‘/‘ with the ‘ext4’ format.
      • You can add other partition such as home directory.
      • Click on 'Edit' and select 'Apply All Partitions' to save the changes. And quit the program.
  • Right click on ~2G partition and mount it as /boot. The format should be 'ext2'.
  • Right click on the largest partition (i.e. root) and mount is as '/'. Click Forward.
  • Leave grub to be installed in the default partition.
  • Deselect Plymouth login manager. You should install a different login manager later, for instance LightDM (SLiM has been discontinued, thus it is no longer recommended).
  • Review the summary of the changes you have made. And click on 'install'.
  • Installation wizard should complete as normal.

NOTE: when partitioning the disk, make sure root and boot partitions are on one disk. Otherwise, you will not be able to boot from hard drive.



Account Setup

Enable root account. Open a terminal window. And enter your new root password for the machine

 sudo su -   
 passwd

Add your local and SOE logins to the list of sudoers:

vi /etc/sudoers

Package Installation

Update all the installed packages on your system.

pacman -Syu

Install ssh (not by default)

pacman -S openssh

Make sure that you have a decent speed mirrorlist

cd /etc/pacman.d
cp mirrorlist mirrorlist.backup
# make sure to uncomment all the USA servers
vim mirrorlist.backup
rankmirrors -n 6 mirrorlist.backup > mirrorlist

Replicate the packages installed in another server (after connecting to the other server)

pacman -Suy
pacman -Qqe | grep -vx "$(pacman -Qqm)" > Packages

Install the packages in your local machine (foo can be packages that fail to install)

cat Packages | grep -v foo | pacman -S --noconfirm -

Alternatively, if you don't want to install all the packages from another server, here is a minimal list of packages that you should install:

 pacman -S clang cloc cmake cronie diffutils gdb git gnuplot gzip htop inkscape base-devel mercurial ntp perl ruby tcl texlive-most tk  util-linux vim wget xdot xterm yaml-cpp zathura

Another list that you should consider installing:

 pacman -S boost cups evince jdk8-openjdk jre8-openjdk 


AUR package manager

You can choose yaourt or pacaur. Some people like one, some the other. In any case, you can use either yaourt or pacaur as a replacement for pacman. AUR packages are not handled by pacman.

YAOURT

Install yaourt (https://archlinux.fr/yaourt-en)

git clone https://aur.archlinux.org/package-query.git
cd package-query
makepkg -si
cd ..
git clone https://aur.archlinux.org/yaourt.git
cd yaourt
makepkg -si
cd ..


If you have certificate problems ("error setting certificate verify locations", or something similar), try reinstalling ca-certificates-utils

pacman -S ca-certificates-utils


pacaur

Get pacaur needed packages

 pacman -S expac yajl bash-completion cower

Now the weird custom AUR install

Get the packages

 wget https://aur.archlinux.org/packages/pa/pacaur/pacaur.tar.gz

Install pacaur

 tar zxvf pacaur.tar.gz
 cd pacaur
 makepkg
 pacman -U pacaur*.xz

From now, use pacaur instead of pacman

 pacaur -Suy


Firewall Setup

Setup the firewall:

ufw default deny
ufw reject auth
ufw limit ssh/tcp
ufw logging off

The next line is only needed the first time you install the package.

ufw enable

Follow it by enabling ufw with systemctl.

systemctl enable ufw.service

Finally, query the rules being applied via the status command.

ufw status

NVIDIA Driver Installation

By default, video-nvidia-nouveau is installed. Remove it and install video-nvidia instead.

The following command will list the basic information of all the drivers currently installed on your system.

mhwd -li -d

Filter the drivers used on a hardware with a PCI connection:

mhwd -li -d --pci

To remove the installed driver for nvidia graphics card use the following command.

mhwd -r pci video-nvidia-nouveau

You will also need to manually remove nouveau from the conf file. Edit /etc/mkinitcpio.conf by commenting out the following line.

MODULES=" nouveau"

And install video-nvidia driver

mhwd -i pci video-nvidia

MADA Related Installations

QEMU/ESESC

mmap problem for qemu

echo "vm.mmap_min_addr = 4096"             >>/etc/sysctl.d/10-esesc.conf
echo "fs.inotify.max_user_watches = 65535" >>/etc/sysctl.d/10-esesc.conf
echo "kernel.randomize_va_space = 0"       >>/etc/sysctl.d/10-esesc.conf

restart sysctl

systemctl restart systemd-sysctl.service

autofs

Install autofs and nfs-utils.

pacman -S autofs nfs-utils
Create a mada directory.
 mkdir /mada 

Configure.

scp <username>@mada1.cse.ucsc.edu:/etc/autofs/auto.mada      /etc/autofs/
scp <username>@mada1.cse.ucsc.edu:/etc/autofs/auto.master   /etc/autofs/

When you are done configuring, launch the AutoFS daemon as root:

systemctl start autofs 

To start the daemon on boot:

systemctl enable autofs

Edit /etc/autofs/auto.mada

users               -rw,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/users 
software            -ro,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/software

If this doesn't work, try instead:

users               -rw,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/srv/nfs/users 
software            -ro,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/srv/nfs/software


Reload autofs

systemctl reload autofs

Now you should be able to access both /mada/users and /mada/software in your /mada directory. You won't see them until you try to access the folders, so try running

ls /mada/users
ls /mada/software
ls /mada/

If you do not see those folders mounted after the third command, autofs was not setup properly. Reconfigure.

One way to test is to try to manually mount the folders:

mount -t nfs mada0.cse.ucsc.edu:/srv/nfs/software /mada/software

SSH

Enable ssh service

systemctl restart sshd.service
systemctl enable sshd.service

To enable X forwarding.

vi /etc/ssh/sshd_config

Make sure X11 forwarding option is set to yes

X11Forwarding yes

Now you should be able to ssh to your machine using the local username you have created.

ssh x_local@masdx.cse.ucsc.edu

Add the multilib repo

(Required for next step) Edit /etc/pacman.conf to have:

 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist

Install multilib gcc and libs

 pacman -Suy
 pacman -S gcc-multilib binutils

LDAP

Please do not reboot while setting up LDAP until you make sure it works! Otherwise you might end up locking yourself out and having to re-install (or use a usb stick to arch-chroot in)!


Also note that current Login Managers (Display Managers) are not handling properly LDAP user lists, so if you installed a Login Manager (LightDM, GDM or other) please disable it. If you find a suitable Login Manager, please note it here as recommended. To disable your Login Manager:

 sudo systemctl disable lightdm #or whatever manager you have

If you mess this up, instead of starting over, boot with the flash drive you created, arch_chroot to the installation media and disable it.

Install the following packages.

pacman -S openldap nss nss_ldap pam_ldap cyrus-sasl-ldap lib32-libldap
yaourt  -A nss_updatedb //Type N to edit build package and Y for installation

You have already set your host name as mascdx. Check:

vi /etc/hostname

If it is not set, set it using the following command.

hostnamectl set-hostname mascdx

Now mascdx is in /etc/hostname

Disable Modem Manager.

systemctl disable ModemManager

To get a list of current NIC names use:

ls /sys/class/net 

Output example:

eno1  lo

You can use either dhcpcd or NetworkManager to configure the network. Do not leave both 'active'.

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service
systemctl enable dhcpcd.service
systemctl start dhcpcd.service 

Copy LDAP configuration files:

scp <username>@mada1.cse.ucsc.edu:/etc/openldap/ldap.conf /etc/openldap/ldap.conf
scp <username>@mada1.cse.ucsc.edu:/etc/nss_ldap.conf /etc/nss_ldap.conf
scp <username>@mada1.cse.ucsc.edu:/etc/pam_ldap.conf /etc/pam_ldap.conf
scp -r <username>@mada1.cse.ucsc.edu:/etc/openldap/cacerts /etc/openldap/.
scp <username>@mada1.cse.ucsc.edu:/etc/pam.d/system-auth /etc/pam.d/system-auth
scp <username>@mada1.cse.ucsc.edu:/etc/pam.d/su-l /etc/pam.d/su-l
scp <username>@mada1.cse.ucsc.edu:/etc/pam.d/sudo /etc/pam.d/sudo

Copy nss switch configuration file.

scp <username>@mada1.cse.ucsc.edu:/etc/nsswitch.conf  /etc/.

Now you should be able to execute the following command.

ldapsearch -x LLL

Copy imapd configuration file.

scp <username>@mada1.cse.ucsc.edu:/etc/idmapd.conf  /etc/.

make sure to have a newline at the end of /etc/request-key.d/id_resolver.conf

create id_resolver * * /usr/bin/nfsidmap %k %d

Restrict access to your machine by copying and editing /etc/security/access.conf.

scp <username>@mada1.cse.ucsc.edu:/etc/security/access.conf  /etc/security/.

You will need to add your local login to the machine, or you will lock yourself out.

vi /etc/security/access.conf

Go to very bottom of file and add your local user account to the list below root. Example of the last lines of my file (Replace "elnaz_local" with your local login).

+ : root : ALL 
+ : elnaz_local : ALL 
+ : nx : ALL 
+ : gitosis : ALL 
+ : (masc) : ALL 
+ : (vlsi) : ALL 
+ : (bridge) : ALL 
- : ALL : ALL 

Calling "su - other_username" should say "permission denied", but, calling "su - your_user_name" should work.

Then edit /etc/conf.d/nfs-common.conf, find NEED_IDMAPD and set it to (if you don't have this file, just create it):

NEED_IDMAPD="yes"

To get other users to have access to their home directories on your machine, you should run the following:

sudo ln -s /mada/users /soe

If are unable to run ls /soe something is wrong and ldap is not properly set up.

You should be able to ssh into your own machine again. Once you have verified that LDAP is working, you may then reboot.

LDAP patch 10/16/14 (if you are doing a new desktop setup, you already have these files) If you are not doing a new desktop setup and your LDAP is broken:

scp <username>@mada1.cse.ucsc.edu:/etc/nss_ldap.conf /etc/nss_ldap.conf
scp <username>@mada1.cse.ucsc.edu:/etc/pam_ldap.conf /etc/pam_ldap.conf
scp -r <username>@mada1.cse.ucsc.edu:/etc/openldap/cacerts /etc/openldap/.

MDM might give you a hard time. If that is the case, you can install and use lightdm instead. For this porpuse, run the following commands:

pacman -S lightdm
pacman -S lightdm-gtk3-greeter
systemctl stop mdm.service
systemctl disable mdm.service
cp /etc/pam.d/mdm /etc/pam.d/lightdm   ; you might want to keep a backup
systemctl enable lightdm.service
systemctl start lightdm.service

Synopsys Tools Required Libraries

Having installed xorg-server xorg-server-common, I still had to install the following.

pacman -S xorg-server-devel

Install more and more fonts. Some of them are required by the Synopsys tools.

pacman -S $(pacman -Ssq font)
pacman -S $(pacman -Ssq ttf)

Install libtermcap which needed by Synopsys simulator.

#Download termcap-2.0.8.tar.gz
wget masc.soe.ucsc.edu/termcap-2.0.8.tar.gz
cd termcap-2.0.8
#remove .depend file and do "make distclean".
# Build and install
sudo make install
# set link library paths
sudo cp termcap.conf /etc/ld.so.conf.d/
sudo ldconfig
#png library
pacman -S libpng12

If the above command doesn't work try:

yaourt -S libpng12

I also had to install a few old libraries from the AUR:

yaourt -S ncurses5-compat-libs
yaourt -S libjpeg6-turbo
yaourt -S libtiff3

Try to run dc_shell, and if it complains about missing libraries, it is most likely because it needs older libs (Arch/Manjaro tend to update libs sooner than most distros). If that is the case, it is most likely that an older version of the library will be available from the AUR (thus install it with yaourt).

Vivado Required Libraries

yaourt -S libtinfo libtinfo5

If you already have /usr/lib/libncurses.so.5 ignore the next step:

sudo ln -s /usr/lib/libncursesw.so /usr/lib/libncurses.so.5

Ruby Related Stuff

The following steps are installing RVM.

  • This only needs to be done once per user since user home directories are shared across machines using NFS.
  • Do not use root when installing RVM. Avoid multi-user setup. Always prefer individual setup from your account.
  • We use RVM to support multiple ruby versions.
pacman -S curl
\curl -L https://get.rvm.io | bash -s stable --ruby

On Arch, when installing new rubies, you need to install OpenSSL package and point the ruby installation to it (not sure if this applies to Manjaro as well)

rvm pkg install openssl
rvm install 2.1.0 -C --with-openssl-dir=$HOME/.rvm/usr

Set Time/crontab

Install required software

 pacman -S ntp

Set timezone and use ntp servers

 timedatectl set-timezone America/Los_Angeles
 timedatectl set-ntp yes

Setup new crontab

 systemctl enable cronie
 systemctl start cronie

Open /etc/ntp.conf file in an editor and add UCSC ntp server and remove default servers. When you are done the only server that should be listed in the file is

 server ntp.ucsc.edu

Update All Packages

Frequently update all of your installed packages.

 pacman -Syu

Search for an installed package x.

 pacman -Qs | grep x


Adobe Reader

For pdf reading, try to stick with your preferred opensource viewer (evince, zathura, okular, ...), but if you do need acroread (for instance to fill a XPA pdf form), you will need the 32bit version of nss_ldap. But first, install acroread from the AUR:

 yaourt -S acroread

The best way I found to install it was, download the tar from https://www.archlinux.org/packages/extra/i686/nss_ldap/download/, extract with:

 tar xf nss_ldap-265-6-i686.pkg.tar.xz

And copy the library into the acroread folder (most likely you don't want it in your regular include path):

 sudo cp usr/lib/* /opt/Adobe/Reader9/Reader/intellinux/lib/