Installing exim on arch

This is what I had to do to get exim configured correctly in arch.

SSL/TLS Support

A self signed cert will need to be generated or used until you can get one from a real CA. This can be done trivially:

sudo openssl req -new -x509 -nodes -out /etc/ssl/certs/exim.crt -keyout /etc/ssl/private/exim.pem -days 365

This will generate certs.

Authentication

I didn’t realize I could use dovecot for authentication until now: http://wiki2.dovecot.org/HowTo/EximAndDovecotSASL

Using Dovecot as a LDA

To use Dovecot’s dbox formats you need to use it as a LDA.

This involves setting up a dovecot_delivery transport:

dovecot_delivery:
  driver = pipe
  command = /usr/lib/dovecot/dovecot-lda
  message_prefix =
  message_suffix =
  log_output
  delivery_date_add
  envelope_to_add
  return_path_add
  temp_errors = 64 : 69 : 70 : 71 : 72 : 73 : 74 : 75 : 78

And using it in the localuser router:

localuser:
  driver = accept
  check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
  transport = dovecot_delivery
  cannot_route_message = Unknown user

Installing dovecot on arch

I’ve been configuring Dovecot for an IMAPS server. The arch package is a little strange. I decided to start off with a self signed cert until my CA provides me with one.

Cert Creation

I’ve been using the Dovecot wiki as a guide, namely: http://wiki.dovecot.org/SSL/CertificateCreation

The dovecot-openssl.conf file is in /etc/ssl and can be edited. However the mkcert.sh tool (which is really simple and just calls out to openssl req) doesn’t appear to be included in the distribution. I found it from a link on the wiki.

Authentication

I was greeted with this error when trying to auth users via pam:

Jan 27 01:09:09 li263-40 dovecot: auth-worker: Error: dlopen(/usr/lib/dovecot/modules/auth/libauthdb_ldap.so) failed: libsasl2.so.2: failed to map segment from shared object: Cannot allocate memory

Turns out I needed to increase the default_vsz_size setting in /etc/dovecot/10-master.conf.

Configuring your own DDNS in Arch.

So I roughly followed this guide: http://linux.yyz.us/nsupdate/ which was really helpful. I made a few changes though.

/var/named permissions

The guide suggests changing the permissions on /var/named so that BIND can write the journal file. I think a better way to resolve the permissions issue is adding journal "data/yourdomain.tld.jnl"; to the zone section in your `/etc/named.conf’:

zone "yourdomain.tld." IN {
    type master;
    file "yourdomain.tld.zone";
    journal "data/yourdomain.tld.jnl";
    allow-query { any; };
    allow-update {
            key your.key.name.;
    };
    allow-transfer {
        123.123.123.123;
        1.2.3.4;        
    };
};

Then, create a directory /var/named/data and give the named user write permissions to that directory. I think this is a better solution.

Key name

The guide suggests using a USER for the DNSSEC shared key’s name. I preferred to use a HOST field, with the host that I’ll be performing DDNS from.

dhcpcd hook

The part of the process that the guide doesn’t address is making a hook for dhcpcd so that the IP address gets updated. I created the following scripts:

/usr/local/bin/update-ddns.sh:

#!/bin/bash

ip=$1

if [ -n "$ip" ]; then
  echo "Updating DDNS with: $ip"
  nsupdate -k /etc/nsupdate/Kyourdomain.tld.12345.private -v <<EOF
server yournameserver.tld
zone yourdomain.tld
update delete yourdomain.tld. A
update add yourdomain.tld. 86400 A $ip
show
send
EOF
else
  echo "Please specify an IP."
  exit 1
fi

And:

/usr/lib/dhcpcd/dhcpcd-hooks/35-nsupdate:

if [ "$reason" = BOUND -o "$reason" = REBIND -o "$reason" = RENEW ]; then
  if [ -n "$new_ip_address" ]; then
    /usr/local/bin/update-ddns.sh $new_ip_address
    syslog info "Set new ddns IP: $new_ip_address"
  else
    syslog err "Unable to set new ddns IP, variable empty"
  fi
fi

A little hacky but should service for now.

Configuring Arch Linux as a switch

This is pretty simple using netcfg. You need to create a bridge interface between the physical interfaces you want.

For example, /etc/network.d/br0-profile:

INTERFACE="br0"
CONNECTION="bridge"
DESCRIPTION="LAN Bridge Connection"
BRIDGE_INTERFACES="lan0 lan1 lan2"
IP='static'
SKIPNOCARRIER='yes'
ADDR='10.0.0.1'

Note that I renamed my interfaces in udev to logical names like lan0 or wan0. I thought at first that I’d need a TAP interface but it turns out I don’t.

Installing Arch Linux on a Soekris Net6501

I’ve been working on installing Arch Linux on a Soekris Net 6501. Here are a few things that I’ve learned.

It’s easier to PXE Boot.

Or at least roll your own USB Installer image. The default one does not open a usable serial terminal by default, and it ended up being easier to just set up PXE booting versus building my own bootable USB image.

dnsmasq on Mac OS X’s tftp server appears to not work

I tried getting this working for the better part of the day. I thought that it was a firewall issue but it appears to not be that. I ended up using a linux virtual machine to handle netbooting.

You have to change the baud rates in /etc/inittab after boot

Even if you configure the PXE linux bootloader and the kernel to set a usable baud rate (115200 in this case,) once getty starts it will reset the baud down to 9600. Unfortunately, because the arch installer uses ncurses, this is practically unusable. To fix this, I did the following:

  • Edited /etc/inittab to change all the baud rates to 115200
  • Ran init q to reinitialize the inittab.
  • Killed the default login session and re-logged on. This caused the serial terminal to switch back to 115200.

GPT vs. MBR

I wanted to do this because i’m using an SSD in the Net6501. This was pretty easy. I just made a 1MB partition on my drive with the BIOS GPT type (the installer yells at you if you don’t do this) and installed grub2-bios as my bootloader. Everything booted fine.

Make sure to enable serial consoles before you reboot

Once the installer is finished. edit /tmp/install/etc/inittab and add a serial console: c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux. Also edit your grub.cfg to add the appropriate console settings to the kernel command lines.

See https://wiki.archlinux.org/index.php/Working_with_the_serial_console for more info.

Installing DBD::Mysql on Mac OS X 10.6 Snow Leopard

If you’re using the system perl, you need to make sure to either install the 32bit Mac OS X package, or compile a 32bit mysql binary. The system perl is still 32bit and won’t work with a 64bit MySQL; it will error out with 

Symbol not found: _is_prefix