Quick and easy: Debian and Ubuntu major upgrade

Ubuntu

  1. Update system: sudo apt update && sudo apt upgrade
  2. Remove unnecessary packages and configuration files: sudo apt autoremove --purge
  3. Reboot sudo reboot
  4. Install update manager (mostly already installed): sudo apt install update-manager-core
  5. Check for new Version: sudo do-release-upgrade -c
  6. Start upgrade: sudo do-release-upgrade and follow terminal prompts

Debian

  1. Update System sudo apt update && sudo apt full-upgrade
  2. Reboot sudo reboot
  3. Update release package repos: sudo sed -i'.bak' 's/bullseye/bookworm/g' /etc/apt/sources.list (for 11 to 12, replace names with the right versions!)
  4. Start upgrade: sudo apt update && sudo apt dist-upgrade
  5. Reboot: sudo reboot

Quick and easy: Reset root password

  1. Reboot machine and press <shift> to configure GRUB
  2. Select the entry you normaly boot, e.g. Ubuntu and press <e> to temporary modify the entry
  3. Search the line which begins with linux /boot/vmlinuz[...]
  4. Remove everything and including the ro, e.g. ro quiet splashor ro maybe-ubiquity
  5. Replace it with rw init=/bin/bash
  6. Press F10 to boot the system
  7. Use passwdto change the root password

Add Let’s Encrypt (certbot) to FileWave MDM on Debian

  1. Install certbot
    apt update && apt install certbot

  2. Make sure http (80) is open on the machine

  3. Run sudo certbot certonly --standalone and follow the assistant

  4. Create script /usr/local/bin/certbot-renew.sh with the following content:

    #!/bin/bash
    FQDN="filewave.example.com"
    /bin/certbot renew
    cp -uf /etc/letsencrypt/live/${FQDN}/fullchain.pem /usr/local/filewave/certs/server.crt
    cp -uf /etc/letsencrypt/live/${FQDN}/privkey.pem /usr/local/filewave/certs/server.key
    yes | /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc update_dep_profile_certs
    /usr/local/bin/fwcontrol server restart
    exit 0
  5. Make script excutable with sudo chmod +x /usr/local/bin/certbot-renew.sh

  6. Run script for testing /usr/local/bin/certbot-renew.sh

  7. Add new job to /etc/crontab:

    0 5 * * 6 root /usr/local/bin/certbot-renew.sh

    [via]https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-11[/via]
    [via]https://www.reviewmynotes.com/2022/10/filewave-and-lets-encrypt.html[/via]

Counter Strike: Source won’t start on NixOS

After the latest update of my NixOS machine, Counter Strike: Source wont start. Starting Steam from console shows the following error message

[...]
src/tcmalloc.cc:278] Attempt to free invalid pointer 0x94d1af0 
/home/user/.local/share/Steam/steamapps/common/Counter-Strike Source/hl2.sh: line 73: 14550 Aborted                 (core dumped) ${GAME_DEBUGGER} "${GAMEROOT}"/${GAMEEXE} "$@

I could fixed the problem by

  • copy the libmimalloc.so from Half-Life 2 bin-folder (/home/user/.local/share/Steam/steamapps/common/Half-Life 2/bin/libmimalloc.so) to Conter-Strike: Source bin-folder
  • Rename existing libtcmalloc_minimal.so.4 to libtcmalloc_minimal.so.4~ or similar
  • rename libmimalloc.so to ibtcmalloc_minimal.so.4

The game now starts 🙂

Enable sshd for root on Ubuntu Live

  • Set keyboard layout with setxkbmap <lang>
  • Update package repo with sudo apt update
  • Install sshd and vim with sudo apt install openssh-server vim
  • Update sshd config with sudo vim /etc/ssh/sshd_config
    • Set PermitRootLogin yes
    • Set PasswordAuthentication yes
  • Set password for root with sudo passwd root
  • Restart SSHD service sudo systemctl restart ssh.service
  • Login via ssh to machine

Resize a LUKS encrypted root partition

  1. Resizing the partition used by the encrypted volume
parted /dev/sda

(parted) print
[...]
Number  Start   End    Size   File system  Name                  Flags
 1      1049kB  525MB  524MB  fat16        EFI system partition  boot, esp
 2      525MB   256GB  256GB               Linux filesystem

(parted) resizepart
Partition number? 2
End?  [512GB]? '100%'

(parted) print
[...]
Number  Start   End    Size   File system  Name                  Flags
 1      1049kB  525MB  524MB  fat16        EFI system partition  boot, esp
 2      525MB   512GB  512GB               Linux filesystem

(parted) q
  1. Boot machine from a bootable USB linux system (Arch Linux-, Ubuntu or similar USB installer)
  2. Open and resizing the encrypted LUKS volume
cryptsetup open /dev/sdb1 sdb1_crypt
cryptsetup resize sdb1_crypt
  1. Resize the physical device
pvresize /dev/mapper/sdb1_crypt
  1. Resize the logical device
lvextend -l +100%FREE /dev/mapper/vg-root
  1. Resizing the file-system of the volume
resize2fs /dev/mapper/vg-root
  1. Reboot. You are done.

Compile and use Proxmark3 on NixOS (nix-shell)

To compile and use proxmark3 on NixOS you need some packages. I created a nix-shell file with all needed dependencies.

Copy this file as shell.nix to the cloned proxmark3 folder and run sudo nix-shell. Continue then the normal compile guide.

with (import <nixpkgs> {});
mkShell {
  buildInputs = [
    lz4
    readline
    bzip2
    ocamlPackages.ssl
    gcc-arm-embedded
  ];
}

Examples

Proxmark Version/HW Info/Test connection

hw ver

Clone EM4100 to T5577 (Iceman Repo)

lf search
lf em 410x clone --id 0011223344
lf em 410x reader

Clone MIFARE Classic (Iceman Repo)

hf search
hf mf info
hf mf csetuid -u 00AA11BB

Clone EM4100 to T5577 (Offical Repo)

lf search
lf em 410xwrite 0011223344 1
lf em 410xread

Useful information about NixOS

Since a few years i use NixOS as my favorite Linux distribution. NixOS is a Linux distribution based on the Nix package manager and build system. It supports reproducible and declarative system-wide configuration management as well as atomic upgrades and rollbacks, although it can additionally support imperative package and user management. See NixOS Wiki.

Upgrade to new version

  1. Review the NixOS release notes to ensure you account for any changes that need to be done manually. In particular, sometimes options change in backward-incompatible ways.

  2. sudo nix-channel --add https://nixos.org/channels/nixos-22.05 nixos (Change version tag if necessary)

  3. sudo nix-channel --update

  4. sudo nixos-rebuild --upgrade boot

  5. Reboot to enter your newly-built NixOS.

It‘s perfectly fine and recommended to leave system.stateVersion value in the configuration at the release version of the first install of this system. You should only bump this option, if you are sure that you can or have migrated all state on your system which is affected by this option. Before changing this value read the documentation for this option (e.g. man configuration.nix or on NixOS Options).

[via]https://unix.stackexchange.com/a/491772[/via]

Clean up system

  1. sudo nix-collect-garbage --delete-older-than 30d

[via]https://matthewrhone.dev/nixos-package-guide#cleanup-old-packages-user-wide[/via]

Upgrade Kernel to latest version

  1. Add boot.kernelPackages = pkgs.linuxPackages_latest; to your configuration.nix

Use pipewire for Audio (with Bluetooth)

sound.enable = false;
hardware.pulseaudio = {
  enable = false;
  package = pkgs.pulseaudioFull;
};
security.rtkit.enable = true;
services.pipewire = {
  enable = true;
  alsa.enable = true;
  alsa.support32Bit = true;
  pulse.enable = true;
  # If you want to use JACK applications, uncomment this
  #jack.enable = true;

  # use the example session manager (no others are packaged yet so this is enabled by default,
  # no need to redefine it in your config for now)
  #media-session.enable = true;
  config.pipewire = {
    "context.properties" = {
      #"link.max-buffers" = 64;
      "link.max-buffers" = 16; # version < 3 clients can't handle more than this
      "log.level" = 2; # https://docs.pipewire.org/#Logging
      #"default.clock.rate" = 48000;
      #"default.clock.quantum" = 1024;
      #"default.clock.min-quantum" = 32;
      #"default.clock.max-quantum" = 8192;
  };
  media-session.config.bluez-monitor.rules = [
    {
      # Matches all cards
      matches = [ { "device.name" = "~bluez_card.*"; } ];
      actions = {
        "update-props" = {
          "bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
          # mSBC is not expected to work on all headset + adapter combinations.
          "bluez5.msbc-support" = true;
          # SBC-XQ is not expected to work on all headset + adapter combinations.
          "bluez5.sbc-xq-support" = true;
        };
      };
    }
    {
      matches = [
        # Matches all sources
        { "node.name" = "~bluez_input.*"; }
        # Matches all outputs
        { "node.name" = "~bluez_output.*"; }
      ];
      actions = {
        "node.pause-on-idle" = false;
      };
    }
  ];
};
};

Sporadic freezing/loss of WiFi connection on a Raspberry Pi 3B+

I have two identical Raspberry Pi 3B+ (RPi3B+) running OctoPrint to control my two 3D printers and provide a livestream of the connected webcams when needed. A few months ago I noticed that the "newer" of the two RPIs sporadically lost the WiFi connection after a few minutes or hours. To check if its a a hardware problem I swapped the SD cards between both PIs, but the problem moves with the SD Card, which means its a software problem. First attempts:

  • Update system (dist-upgrade)
  • Changes the location of the Pi to ensure that the WiFi signal is better.
  • A WiFi reconnect script i used before with a Raspberry Zero W.
  • Disabled Power Management with ´sudo iwconfig wlan0 power off´

I have connected a LAN cable, waited until the connection was interrupted and tried various commands to restore the connection. Unfortunately nothing helped. I found some errors in the syslog like mailbox indicates firmware halted and some GitHub issues from RaspberryPi, but no final solution:

wlan freezes in raspberry pi 3B+
PI 3B+ wifi crash, firmware halt and hangs in dongle
brcmfmac: brcmf_sdio_hostmail: mailbox indicates firmware halted

Then I continued to search for differences between the two PIs and found out that the "working Pi" had older drivers 7.45.154 that the "problem Pi", who had 7.45.229. I downgraded the firmware to 7.45.154 (/lib/firmware/brcm - my older Pi had these files) and disabled power management. Now, after some weeks of 8h printing each and enabled webcam no problems. With 7.45.229 and also disabled power management it freezes. The firmware files were the only thing I changed.

Working WiFi Firmware/Driver:

dmesg | grep brcmfmac
Firmware: BCM4345/6 wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04

Final solution (tl;dr):

  1. Disabled Power Management with ´sudo iwconfig wlan0 power off´
  2. Downgrade drivers/firmware (brcm_7.45.154.tar to /lib/firmware/brcm)