Citrix Receiver for Linux

Citrix provide a version of their Receiver software packaged for Linux. Version 12.1 is current and is available from their website.

I’m currently running Ubuntu 11.10 64-bit (yes, I know, I intend to update soon) so I downloaded and installed the 64-bit debian package based on the CitrixICAClientHowTo. This installed with the following error:

$ sudo dpkg -i icaclient_12.1.0_amd64.deb
Selecting previously deselected package icaclient.
(Reading database ... 204950 files and directories currently installed.)
Unpacking icaclient (from icaclient_12.1.0_amd64.deb) ...
Setting up icaclient (12.1.0) ...
dpkg: error processing icaclient (--install):
subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:

This is because the postinst script contains a function that tries to determine whether you are using an Intel or ARM type chip, and the logic used to detect Intel hasn’t been updated to include a check for x86_64 – it runs uname -m and looks for "i[0-9]86".

You can fix this by unpacking the deb and editing the regular expression in line 2648 of the postinst script to match x86_64, then rebuild the deb and install that. It works fine for me – although bear in mind the dependencies for the package: libc6-i386 (>= 2.7-1), ia32-libs, lib32z1, lib32asound2 and nspluginwrapper.

I’ve posted simple instructions for rebuilding debian packages before, but there’s lots of info out there on the web.

Hacking .deb files

This is a follow-up to my previous post about downloading the Ubuntu Flash plugin package from behind a proxy. Rather than having to go through a failed installation, editing the postinst script then re-installing, here is an alternative method where the package is downloaded, unpacked, the script edited then the package rebuilt and installed in the normal way using apt-get.

The procedure below uses flashplugin-nonfree as an example package, but this process could be used to edit any .deb with a little care – just change the package name.

Having said that, it’s a quick-and-dirty fix-up and as such only really suitable if you only need to make simple changes to the control scripts such as postinst, prerm, etc, in an existing package. Major changes to a package’s structure or contents will need more care and you should take a look at the Debian Maintainers Guide or any of the other HOWTOs and FAQs available on the web for detailed information on how to do this.

Needless to say you’ll need to do much of this as root. Have a care.

  1. Download the updated debian package using apt-get -d install flashplugin-nonfree. This will place the latest version of the package in /var/cache/apt/archives without actually installing it. Note that if you have multiple updates to do, you can use apt-get -d upgrade instead; this will also download any other packages that are currently due an upgrade at the same time – this is fine, they will be installed normally at the end of the process along with the modified package.
  2. Change your working directory to /var/cache/apt/archives then make a backup: cp flashplugin-nonfree_$version_i386.deb /root/
  3. Create a tempory directory structure where you can unpack the archive: mkdir -p /tmp/flashplugin-nonfree_$version_i386/debian/DEBIAN
  4. Extract the contents of the .deb: ar -x flashplugin-nonfree_$version_i386.deb. This will result in three files, debian-binary, data.tar.gz and control.tar.gz. You can delete the debian-binary file.
  5. Move data.tar.gz into /tmp/flashplugin-nonfree_$version_i386/debian/ and the control.tar.gz file into /tmp/flashplugin-nonfree_$version_i386/debian/DEBIAN. Unpack the archives in these locations and delete the tarballs.
  6. You can now edit the postinst script in /tmp/flashplugin-nonfree_$version_i386/debian/DEBIAN to include the proxy settings as outlined in Installing the Flash plug-in on Ubuntu from behind a proxy.
  7. Now you are ready to rebuild the package. Change directory to /tmp/flashplugin-nonfree_$version_i386/ and run dpkg-deb --build debian. This should create a file in the debian/ subdirectory called debian.deb. You may see some warnings about the control file containing user-defined fields – these can be safely ignored.
  8. Now move the debian.deb file into /var/cache/atp/archives using the same filename as the original package: mv debian.deb /var/cache/atp/archives/flashplugin-nonfree_$version_i386.deb.
  9. You should now be able to run apt-get install flashplugin-nonfree or apt-get upgradeand the package will be installed using the new .deb file complete with proxy information in the postinst script to enable downloading the binary.

Evaluating Atmail as a possible Squirrelmail replacement

I’ve been using Squirrelmail as the webmail interface for my home mail server for a few years now but recently I thought I’d give some of the alternatives out there a try to see whether a switch was in order, so this post is a look at the Atmail Open webmail client.

Atmail provide commercial email solutions but also make an open source version of their webmail client available under the Apache license.  It’s written in PHP and uses MySQL as a backend, so there were no additional software requirements for my Ubuntu 8.04 server. I’d read a write-up on a while back and decided to give it a try.


The installation instructions on the web site are fairly basic, as are the instructions contained within the tarball itself.  I was slightly alarmed to see some pages recommending use of the MySQL root account to set up the system (e.g. on the Ubuntu forums in a post that reads like an ad and copies almost verbatim from a page on the Atmail site).  It all looked fairly straitforward, so I decided to fit the install into my existing system as follows.

First I unpacked the tarball in /usr/share to make /usr/share/atmailopen.  I then chown‘d this directory to www-data.

Next, I created a new database in MySQL and a user to access it.  I granted the user all privileges on the new database.  I called both the database and the user “atmail”.

The next step was to add a stanza to my apache configuration file under /etc/apache/sites-available.  I maintain a single site definiton and Alias in new sections from their homes in the filesystem as required. It’s all served over HTTPS for privacy and security.  I just added a stanza with simple auth and an AllowOverrides All statement. Everything else just inherited my default settings.

The final step was to slightly modify /etc/php5/apache2/php.ini with magic_quotes_gpc = Off. I had already increased the upload_max_filesize, post_max_size and memory_limit values for use with Squirrelmail – the first two were also mentioned in the Atmail documentation.

After restarting Apache, I visited the alias I’d set up for Atmail and followed the instructions. It was pretty straitforward: plug in the MySQL database and user details I’d prepared, select my local SMTP server and that was pretty much it. I was presented with a log-on page and after a struggling for a bit before figuring out that the page wouldn’t log me in without something after the @, even though my server just expects a username, I got into my inbox.

First Impressions

In no particular order, here’s a mixture of the things that have struck me about Atmail. I emphasize that these are just impressions, I haven’t spent much time troubleshooting or tweaking yet. I may update this list if my views change or I figure out how to solve any issues.

  • The UI looks quite nice, certainly more modern than Squirrelmail. It’s quite sluggish at times, particularly when accessed remotely.
  • My server backend is Courier IMAP. I have a number of nested folder trees already set-up. Atmail displays all the folders in a long column down the left of the browser window, the nested folders are labelled as “Parent.Child”, which is accurate enough but Squirrelmail hides this and allows you to expand and collapse a tree instead. This is particularly annoying when trying to drag messages to folders the are below the bottom of the window.
  • Atmail has added it’s own “Spam” folder” alongside my existing “Junk” folder. My Junk folder always falls off the bottom of the browser window due to the point mentioned above, but the Atmail Spam folder is sticky and always appears above the alphabetized folders. I’d rather use the Junk folder, as that is what my other mail applications use. To workaround I have replaced the .Spam folder in my ~/Maildir with a symlink to the .Junk folder.
  • Atmail also doesn’t appear to show unread mail counts for folders other than the Inbox – a cursory inspection of the configuration settings doesn’t show anything obvious to toggle this. Again this is something Squirrelmail does offer – I use Procmail on the server to filter incoming mail, so there are often new messages in various places throughout the tree.
  • I can’t find a setting to force mail to be viewed as plain text; there is one to turn off image loading in HTML mail so that’s something.
  • I can’t find any settings related to viewing folders in threads.
  • It’s not clear how committed Atmail are to the open source client. There don’t appear to have been any updates for a while, and there isn’t a large community of users. Squirrelmail seems far more established in these areas.


Atmail is OK, but I’m not overwhelmed. I’m not sure there’s a compelling reason to switch – I’m used to Squirrelmail and quite like it, it has an active development and support community and Atmail doesn’t appear to offer anything over and above it functionally, in fact when you consider Squirrelmail’s plugin ecosystem it probably comes in second. I will leave it installed and continue to use both side by side for a while and we’ll see which option ends up being my preferred one. Once I’ve made a final choice, I’ll update this post.

Solaris and Linux xterm terminfo differences

This problem might well be well-known to hardcore UNIX people but it had me scratching me head for a bit today so I thought I’d post about it together with my workaround.

I sometimes have cause to use a terminal-based application installed on servers running Solaris 9 that uses function keys F1F4 to navigate its internal menus. In the past I’ve accessed these from a Windows XP laptop using Putty, but recently I’ve started using a Linux machine running Xubuntu. Today I came to try and use this particular application from the Linux box but (leaving aside the fact that the F1 key is reserved for the Help system in Xubuntu’s terminal app) the function keys merely echoed back 0Q, 0R and 0S rather than performing the desired menu operations.

This made me think it was a terminfo related problem and a bit of Googling confirmed that this was most likely the root cause. I did some comparisons of the output of infocmp on both systems and it turns out that the terminfo definition for xterm used on Solaris 9 differs considerably from that on Linux in a number of ways. Specific to my problem, the sequences defined for F1F4 on Solaris 9 are different from those on Linux as follows:

Key Solaris 9 Linux
F1 \E[11~ \E0P
F2 \E[12~ \E0Q
F3 \E[13~ \E0R
F4 \E[14~ \E0S

I could see three obvious ways of dealing with this problem.

  1. Distribute an updated xterm terminfo definition to one set of machines.
  2. Create a custom terminfo definition, distribute it to all the machines and use it when ssh’ing between them.
  3. Locate an exisiting terminfo definition already shared by the machines that meets the immediate requirements.

The disadvantages of (1) include possibly breaking other things that rely on the exisiting definitions and also the fact that system policy might prevent changing this kind of setting to meet an individual’s requirement. (2) Might be a bit more promising but it means spending the time creating the definition and also assumes no issues with system policy as implied above. (3) is the path of least resisitance.

In fact (3) is the solution I currently use. The vt220 definitions are similar enough and match on the all-important function key definitions, so I’m currently setting $TERM to this value before ssh’ing from my Linux box to the Solaris servers.

Installing the Flash plug-in on Ubuntu from behind a proxy

There is a package for the Adobe Flash Player plug-in for Mozilla-based browsers in the Ubuntu repositories. If you install the package it downloads the plug-in directly from Adobe and installs it on your system. I tried to do this on a machine behind a proxy that requires authentication and it failed, despite having set up the proxy details in Synaptic, as well as in an http_proxy environment variable for both my user account and the root account in the respective .bashrc files.

There’s probably an easier way to do this, but to get around the problem I manually edited the flashplugin-nonfree.postinst file in /var/lib/dpkg/info following the failed installation attempt.  This file is a shell script, part of which sets up a wgetrc file for use by wget when downloading the plugin from the Adobe website.  As root, add a section for your http proxy in here, something like as follows:

# setting wget options
:> wgetrc
echo "noclobber = off" >> wgetrc
echo "dir_prefix = ." >> wgetrc
echo "dirstruct = off" >> wgetrc
echo "verbose = on" >> wgetrc
echo "progress = dot:default" >> wgetrc
echo "http_proxy=http://user:passwd@proxy.tld:port" >> wgetrc

Then in Synaptic you can mark the flashplugin-nonfree package for reinstallation and it should download and install without further problems.

You may be able to download the package (apt-get -d?), unpack it manually, edit the postinst file, then install to avoid having to sit through a failed attempt at installing first – I haven’t tried this myself. UPDATE – I have now – see Hacking .deb files.

Dual boot Windows XP and CentOS 5 with NTLDR

I wanted to install CentOS onto a spare partition on a machine with Windows XP already installed, leaving the MBR as it was and using the NTLDR bootloader. CentOS installed fine onto the partition but the installer only seemed to offer two options for setting up GRUB: installing to the MBR or not installing at all; there wasn’t an obvious way of getting it to install onto the boot sector of the CentOS partition. There might have been some more advanced options in the installer but I didn’t have the time to experiment (I’m fairly new to CentOS/Red Hat/Fedora, being more of a Slackware and Debian-family user normally), so I elected to not install and set up afterwards. This leaves CentOS unbootable, but with a bootdisk like sysresccd and a basic knowledge of GRUB it’s fairly straitforward to fix this. Here’s a rundown on what I did, which might be useful in a similar situation or when having trouble with a b0rked GRUB installation.

Obviously the partition details specified below are derived from the system I was working on, where the hard disk is/dev/sda, Windows is on /dev/sda1 and CentOS on /dev/sda2. There is a swap partition on /dev/sda3 but it isn’t relevant for this exercise.

Also, you follow these instructions at your peril. It is all too easy to screw up and make your entire system unbootable, lose data or just render the whole process more painful than it has to be. Back-up, read relevent documentation before you begin, back-up, check the sytax of the commands you type before executing them and have I said back-up?

  1. First, if you are not familiar with GRUB browse the documentation. The steps below are fairly terse and not pitched at total beginners. They also assume a familiarity with basic shell commands.
  2. Once the CentOS install is complete reboot using sysresccd.
  3. Create a mount point for CentOS’s root partition, e.g. /boot/centos, and mount it:

    # mkdir /boot/centos
    # mount -t ext3 /dev/sda2 /mnt/centos
  4. Mount your Windows partition (/mnt/windows is usually present):

    # ntfs-3g /dev/sda1 /mnt/windows
  5. Copy the following files:

    # cp /mnt/centos/usr/share/grub/i386-redhat/stage1 /mnt/centos/boot/grub
    # cp /mnt/centos/usr/share/grub/i386-redhat/stage2 /mnt/centos/boot/grub
    # cp /mnt/centos/usr/share/grub/i386-redhat/*_stage1_5 /mnt/centos/boot/grub
  6. Launch GRUB. Fortunately sysresccd and CentOS 5 both use GNU GRUB 0.97, so there are no compatibility problems.

    # grub
  7. This will dump you into GRUB’s command interpreter. You need to set the root drive and then install GRUB into the partition’s boot sector as follows; output from the commands represented by elipses but note that you might get warning messages – as long as the final message indicates success, you should be fine. Oh, and be careful to ensure you install this onto the correct partition – remember GRUB starts counting partitions at 0, not 1 like Linux!

    grub> root (hd0,1)
    grub> setup (hd0,1)
    grub> quit
  8. Next you need to create the file that NTLDR will use to hand-off booting CentOS to GRUB, basically the first 512 bytes of the partition:

    dd if=/dev/sda2 of=/mnt/windows/bootsect.lnx bs=512 count=1
  9. Next modify /mnt/windows/boot.ini to include a line for CentOS at the end. The cautious may wish to reboot into Windows to modify this file.

    C:\bootsect.lnx="CentOS 5"
  10. Reboot. You should now see a boot menu offering you Windows and CentOS 5. If you don’t, check C:\boot.ini for a timeout stanza and edit accordingly. Selecting CentOS 5 will dump you back into GRUB’s shell – GRUB is installed but doesn’t have a configuration file set up. You can use the following commands to boot CentOS 5:

    grub> root (hd0,1)
    grub> kernel /boot/vmlinuz-2.6.18-8.el5 ro root=/dev/sda2 rhgb quiet
    grub> initrd /boot/initrd-2.6.18-8.el5.img
    grub> boot
  11. CentOS 5 will then boot and you can complete the installation. Depending upon your choices, you may need to reboot again using the above procedure.
  12. Once complete you can configure GRUB to boot automatically by creating /boot/grub/, /boot/grub/grub.conf and /boot/grub/menu.lst. The file should just contain a single line mapping the linux hard disk device to a GRUB device notation:

    (hd0)   /dev/sda

    The grub.conf file specifies the various boot options, in our case a fairly straitforward single kernel and ramdisk image:

    title   CentOS (2.6.18-8.el5)
            root (hd0,1)
            kernel /boot/vmlinuz-2.16.18-8.el5 ro root=/dev/sda2 rhgb quiet
            initrd /boot/initrd-2.6.18-8.el5.img

    Then, with /boot/grub as your working directory, do:

    ln -s grub.conf menu.lst
  13. Now when you reboot and select CentOS from the Windows boot menu GRUB should automatically start CentOS after a five second timeout. You can add additional entries to the grub.conf file – custom or testing kernels, memtest86+, etc – then view the menu within the timeout period to select them.

I’m more than happy to get feedback on stuff like this, even if it’s just to tell me I’m an idiot and could’ve done it in a simpler way. There’s no commenting system here at the moment, but please feel free to email me with questions or suggestions, or even if you just found this useful.

Ubuntu Dapper HAL update DOESN’T break USB mass storage automounting

The recent update to HAL available for Ubuntu Dapper seems to break USB mass storage device automounting. The broken version is 0.5.7-1ubuntu18.2. (Oops – no it doesn’t… see below).

I haven’t figured out why yet (I will post when/if I do) (ahem), but here’s how to downgrade if you’re affected by this and don’t want to wait on a fix. (But this bit might still be useful if you ever need to downgrade apt packages and fix them to a specific version while waiting for a fix that you really need.)

Run the following command as root:

apt-get install hal=0.5.7-1ubuntu18 \
libhal1=0.5.7-1ubuntu18 \

You’ll need to reboot. You can use an entry in /etc/apt/preferences to keep these packages to this version until new packages that don’t break HAL are available. Create that file if it doesn’t exist and add the following lines:

Package: hal
Pin: version 0.5.7-1ubuntu18
Pin-Priority: 1000

Package: libhal1
Pin: version 0.5.7-1ubuntu18
Pin-Priority: 1000

Package: libhal-storage1
Pin: version 0.5.7-1ubuntu18
Pin-Priority: 1000

You should really read man 5 apt_preferences, and you should monitor what updates to these packages become available. I can’t guarantee that keeping these packages at this version won’t break anything else.

I have to say that this has soured me a little on Ubuntu. One of the reasons I chose this distro was because I don’t have anything like as much time to myself as I once did and I don’t want to spend what time I do have troubleshooting minor conifg issues like this on my machine, and Ubuntu has a reputation as a very stable, well maintained distro. USB drive automounting might not sound like a very important feature, but it’s this kind of thing that will put off non-technical users, or even technical ones with small kids and short tempers. Still, I’ll try and look into this problem and maybe file a bug report if no one else has already.

Update 11th December 2006

I now regret writing that last paragraph. To be honest I had misgivings almost immediately after posting it as I thought it a bit harsh but I decided to leave it. Anyway, I have now found that the upgrade did not break USB automounting at all – it was the device I was using to test it. My fault. PEBKAC. The device in question is my Sony Ericsson mobile phone, a K750i. Quite a nice phone, but it is a little temperamental at times – prone to occasional crashes and lockups. Normally this gets mounted as a mass storage device when I plug it in as it contains a 128MB Memory Stick Duo, but every so often it fails for reasons unknown (syslog just says
Device offlined - not ready after error recovery). Having done some reading up on the way that HAL, D-BUS, udev and gnome-volume-manager work I upgraded HAL again ready to start troubleshooting only to find that everything was working fine, then I encountered the error with my phone and all became clear. My CF card reader and Seagate external hard disk both work exactly as they should. The phone mounts most times, but occasionally fails. I think I’ll have less luck toubleshooting that than I would HAL et al. My apologies to Ubuntu for my unwarranted harsh words above.

External Hard Disk setup

I recently purchased a Seagate 250 GB external USB hard disk to use as a backup medium for my home network. This will be connected to my main Linux box (currently running Kubuntu Breezy) and important personal data and system files will be rsync‘d to it on a regular basis.

Herewith some notes on configuration, somewhat distro-specific although not uselessly so. (At least I hope not, as I plan to rebuild my home server fairly soon and may well switch. I’ve been experimenting with Kubuntu after years as a Slackware user and have not settled on a final decision just yet.) On that note: please bear in mind that this post is not intended as a definitive HOWTO but should be considered as my notes on what I did to get this working for me under a particular set of circumstances, with far less time to research everything involved than I’d really have liked. In other words: Your Milage May Vary.

The disk comes preformatted with the somewhat limited FAT32 filesystem. Given that all files being backed-up will be coming from systems running one flavour or another of Linux and that the disk will probably only need to be accessed directly from Linux systems, I’m going to reformat with ext3 using the following steps:

  1. Plug in the disk. Kubuntu detects it and pops open a window asking what to do. I select “Open in a new Window” initially which mounts the disk at /media/sda1 and opens a Konqueror window at system:/media/sda1 to view the volume.
  2. Looks fine. I close Konqueror, open a Konsole window and type sudo fdisk /dev/sda at the prompt to check the partiton table of the disk (type p at the fdisk prompt), which contains no surprises as the disk is one large FAT32 volume. Type q to quit fdisk.
  3. Unmount the disk manually : sudo umount /dev/sda1. This needs to be done in order to format the disk.
  4. sudo mkfs.ext3 /dev/sda1. Wait a couple of minutes for the format to complete.
  5. Check it mounts ok: sudo mount -t ext3 /dev/sda1 /media/sda1. Great.
  6. Check it still automounts properly on power-on by unmounting manually, turning the disk off, then turning it back on again. All fine.
  7. In the default state, the disk is mounted on a dynamically-created directory under /media named for whichever device node it is assigned when it’s plugged in. This means that the mount point may change, making the task of writing scripts to automate the backup procedure more complicated. The following steps go a long way to ensuring that the disk is always mounted in the same place:
    1. Added the following entry to /etc/udev/rules.d/hal.rules (more information on writing udev rules):
      BUS=="usb", SYSFS{product}=="Seagate External Drive", \
      KERNEL=="sd?1", NAME=="%k", \
      SYMLINK=="seagate", GROUP=="hal"
    2. sudo mkdir /media/seagate
    3. Added the following line to /etc/fstab:
      /dev/seagate    /media/seagate  ext3    noauto,rw,user 0 0

    You need to restart your hald for this to take effect. I ended up rebooting, but I couldn’t see why something like /etc/init.d/dbus restart wouldn’t do the trick.

    It’s worth noting that although this does mount the disk under /media/seagate, it still shows up in Konqueror at system:/media/sda1. Not sure why at time of writing – this feels like a bug.

    Also note that I used e2label to the give the device a label (“SEAGATE”). I was initally looking at using this to mount the volume to the desired mount point with a line in fstab starting LABEL=SEAGATE, but the udev/hal fix turned out to be the simplest option(!)

  8. mkdir some top level folders: music, photos and home. Then do an initial series of rsync runs, starting with a simple rsync -av /media/photos/ /media/sda1/photos/. Everything sysncs fine. Now I’ll be able to backup quickly as and when necessary, and write some scripts to automate everything … eventually.

More on securing SSH

Just a brief post to flag that I’ve re-written my earlier post on securing SSH servers to include quite a lot more detail. I’d be very interested in any feedback and suggestions on this, particularly stuff I’ve missed out or any mistakes that may have slipped in, so please get in touch if you’ve any comments (I really must implement a commenting system here at some point).

Hoary to Breezy

I just upgraded the Kubuntu Hoary Hedgehog partition on my iBook to Breezy Badger. I left it a while to allow any obvious problems with the new release to be ironed out. What a breeze it proved to be:

$ sudo sed s/hoary/breezy/g -i /etc/apt/sources.list

$ sudo apt-get update

$ sudo apt-get dist-upgrade

Then it took about 36 minutes to download the 500-odd Megs of required files over my 2 Mbps line and about another 20 or 30 minutes to perform the upgrade. During this time, it asked me three questions: permission to stop some services, what default language to use, and whether to replace the global Xsessions file.

Everything looked fine. Everything still seemed to be working. A reboot resulted in a nice new login screen and no odd behaviour. Logging-in took me to my familiar desktop. Touch wood, but it all seems to have Just Worked. Very impressive.