Wireless client configuration on Ubuntu

Wireless (WiFi) client configuration is a bit of a mess in Ubuntu 22.04. Basic PEAP information about the remote certificate is not communicated through the GUI, but can be found in syslog.

Useful wireless information can be found by running

journalctl -f -u NetworkManager -u wpa_supplicant

Details of the remote PEAP certificate will look like:

wpa_supplicant: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA' hash=4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
wpa_supplicant: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1' hash=52274c57ce4dee3b49db7a7ff708c040f771898b3be88725a86fb4430182fe14
wpa_supplicant: wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=AU/ST=Here/L=Town/O=Example Company/CN=wifi.example.com' hash=.....
wpa_supplicant: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:wifi.example.com
wpa_supplicant: wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:wireless.example.com

Relevant details:

• the name of the depth=2 certificate, " DigiCert Global Root CA" in the example. This is what you need to find when configuring wireless
• the CN on the certificate, "wifi.example.com" in this example. This should be entered as the domain to verify.
  

This wifi network may be configured as:

The Domain is the CN from syslog with depth=0.

The path to the CA certificate is where the well known CA certificate files live which is /usr/share/ca-certificates/mozilla/

What is frustrating is that the WiFi provider doesn't always publish the CA they have used, which means you have to look in syslog (as described above) to find the CA. If the WiFi provider changes the CA in the future then WiFi will break until you update it with new CA being used. The current configuration dialogue requires you to use CA pinning which is considered bad practice.

What I would like to see in the GUI configuration is the option to automatically accept any certificate with a CN matching the given domain which is signed by any well known CA - similar to how https currently works.

Sieve configuration with postfix and dovecot on Ubuntu 20.04

With a existing Postfix and Dovecot configuration on a Ubuntu 20.04 server, I required the following changes to get sieve server based mail filtering to work:

Install dovecot-sieve

To install the dovecot sieve plugin run

apt install dovecot-sieve

Change the mailbox transport to lmtp

Edit /etc/postfix/main.cf to set the line

 mailbox_transport = lmtp:unix:private/dovecot-lmtp

If dovecot is configured to use local usernames (without @domain on the end), you also need to edit /etc/dovecot/conf.d/10-auth.conf to add this line:

 auth_username_format = %Ln

This means that for the username dovecot will use the lowercase part to the left of the "@".

Restart daemons

Restart postfix and dovecot so they use the new config, and then check their status:

systemctl restart postfix dovecot
systemctl status postfix dovecot

Enable the sieve plugin in dovecot

Add this section to /etc/dovecot/conf.d/20-lmtp.conf:

protocol lmtp {
    mail_plugins = $mail_plugins sieve
}

 Configure a user's sieve filters

The default location for a user's sieve filters is configured in /etc/dovecot/conf.d/90-sieve.conf as follows:

plugin {
    sieve = file:~/sieve;active=~/.dovecot.sieve
}

So, as yourself (not root) run:

cd
mkdir sieve
touch default.sieve
ln -s sieve/default.sieve .dovecot.sieve

Then edit ~/sieve/default.sieve with your sieve configuration, for example:

require ["fileinto"};
if header :contains "Subject" "test" {
    fileinto "Test";
}

For full details about sieve filters see see RFC5228 Sieve: An Email Filtering Language.

Test

Send yourself an email with "test" (lowercase) in the subject. It should end up in the Test mail folder.

If the test mail isn't filtered check ~/.dovecot.sieve.log and /var/log/mail.log for problems.

 

 

 

 

 

Using gimp to create id or passport photos

This tutorial was created with Gimp 2.8.14 on Ubuntu 15.10 (wily).

Get a photo of yourself

Get someone to take a photo of you, making sure that you are directly facing the camera, with a straight face (no smiles for passport photos), with a white, evenly lit, background.

Open the photo in gimp

File -> Open

Set the size of the photo

The Australian passport photo guidelines state that the distance from the chin to the top of the head should be between 32 and 36mm. Let's scale it to be 34mm.

• In the Toolbox select the Measure tool icon , or Menu: Tools → Measure
  
• Measure the distance from chin to top of head (where it would be without the hair). For example 1900 pixels.
• Calculate resolution in mm / pixels by taking the size of head in pixels divided by the desired head size in mm to get the resolution in pixels / mm. For example 1900 pixels (head size in photo) / 34mm (desired size on photo) = 55.88 or about 56 pixels / mm.
• Image -> Print Size ...  and enter this value (56 pixels/mm) in the X (and locked Y) resolution.

You can now change the units (bottom of the window) when using the measure tool to show the measured size in mm, inches, or pixels.

Crop the image to size

Australian passport photos need be 35 to 40mm wide and 45 to 50mm high. We'll use 40x50mm as the desired size.

• Select the crop tool in the toolbox , or Menu: Tools → Transform Tools → Crop
  
• Drag anywhere on the image to create a crop box, then set the size to 40mm wide by 50mm high using units of mm.
• Move (drag) the crop box to the appropriate position centred on your face.
• Make sure "Delete cropped pixels" is selected.
  
• Press enter to crop the image.

Tile the image

We will be printing to a standard 4"x6" (102mm x 152mm) photo (landscape format). This can fit 2 high and 3 wide of our passport sized photos.

• Select Menu: Filters → Map → Tile...
• units=%
• unlink the width and height
• Width=300% and Height=200%
• tick "Create new image"
• Click OK

Resize to photo paper size

If, in the previous step, you tiled to a new image you will need to set the scale (pixels/mm) again, so go to

• Menu: Image → Print Size...
• set X and Y resolution to 56 pixels/mm (or whatever you calculated in step 3 above).

Resize the image:

• Set the background colour to a new colour for border of the tiled photographs
• If the boarder around the image is black then some printing services will resize the non black part of the image to fill the paper. This will ignore all the careful scaling we have done and make your printed image the wrong size. To avoid this I'd suggest selecting a distinctive border colour like green which can be cut off with scissors after it has been printed.
  
• Select Menu: Image → Canvas Size
• units = inches
• width = 6 (inches)
• height = 4 (inches)
• Click the Centre button
• Resize layers = All layers
• Fill with = Background colour
  
• Click Resize

Reduce the image resolution/size

You now have a high resolution set of ID photos - but some photo printing services may not be able to cope with a photo of this size if you started with a high resolution picture of yourself - so it's probably a good idea to scale down the image before attempting to get it printed. Before you do this you may like to save the high resolution picture in gimp's native .xcf format (File → Save As...).

Resize the image:

• Menu: Image → Scale Image
• Leave Width and Height locked
• Set Width to 3000 px (height should be nearly 2000 px)
• Click Scale

Save the image

• Menu: File → Export As...
• Name: passport.jpg

Get the photo printed

Take the photo (online or in person) to your preferred photo printer and get them to print it.

Vim spelling

Vim 7 comes with Ubuntu Edgy. On new feature is spelling highlighting. Add the following commands to your ~/.vimrc

" enable spelling
set spell
" set the language to Australian English
set spelllang=en_au
" set the personal dictionary file
set spellfile=~/.vim.spell.en.add

Vim is very particular about the spellfile name, it must end in .en.add (for Engligh).

To switch off spelling run

:set nospell

Spelling can be switched on or off on a per window basis by using :setlocal instead of :set

Hibernate to disk broken in edgy

After upgrading from dapper to edgy hibernate to disk stopped working. The computer appears to hibernate to disk, but when resuming it ignores the save images, replays the ext3 journal, and boots up. Swap is no longer activated - because it has a SWSUSP signature, and not a SWAP signature.

The solution I found is to:

1. Edit /etc/fstab and change the start of the swap line from UUID=xxxx to /dev/hdaX (where /dev/hdaX is your swap partition).
2. Re-create the swap partition with mkswap /dev/hdaX. Make sure /dev/hdaX is your swap partition as this command will erase the contents of that partition.
   
3. Edit /boot/grub/menu.lst and edit the # defoptions= comment to include resume=/dev/hdaX
4. Run update-grub to re-generate the grub menu file
5. Reboot
6. Confirm that swap is active
7. Hibernate to disk and resume as you used to

Update:
This is discussed in Ubuntu bug 66637 where the suggested fix is to set RESUME=UUID=yyyyy in /etc/initramfs-tools/conf.d/resume and run update-initramfs -u

Ubuntu Upgrade

Recently I upgraded most of my computers from Ubuntu dapper (6.06) to Ubuntu edgy (6.10).

This appears to have mostly gone well, though there have been a number of minor glitches, some of which may be detailed in later entries.

mutt using wrong browser

Problem: After upgrading to edgy when viewing urls in mutt (using ^b) they start in konqueror, not firefox.

Fix: run: "sudo update-alternatives --config x-www-browser" and select firefox.