Moving to a faster but smaller disk, encrypted setup

My work computer runs Debian 11 bullseye (the current stable release) in a mechanical 500GB disk, and I was provided with a new SDD disk but its size was 480 GB. So I had to shrink my partitions before copying the data to the new disk. It turned out to be a bit difficult because my main partition was encrypted.

I write here how I did, maybe there are other simpler ways but I couldn’t find them.

References:

• https://linux-blog.anracom.com/2018/11/09/shrinking-an-encrypted-partition-with-lvm-on-luks/
• https://askubuntu.com/questions/844132/how-to-repair-boot-on-luks-encrypted-harddrive
• https://discovery.endeavouros.com/system-rescue/arch-chroot-for-efi-uefi-systems/2021/03/
• https://unix.stackexchange.com/questions/693101/reinstall-grub-grub-install-warning-efi-variables-are-not-supported-on-this-s

I had three partitions in my old 500GB disk: /dev/sda1 is the EFI partition, /dev/sda2 the boot partition and /dev/sda3 the root partition (encrypted, with LVM, the standard way the Debian installer proposes when you choose a simple encrypted setup).

First of all, I made a disk image with Clonezilla to an external USB disk, just in case I mess up things, to be able to return to a safe point and start again.

Then I started my computer with a Debian 11 live USB with KDE Plasma desktop and Spanish localisation environment.

I opened the KDE Partition manager and copied the non encrypted partitions (sda1, EFI and sda2, /boot) to the new disk.

I shrinked the encrypted partition from the terminal with the following commands (I had enough free space so reduced my partition to a total of 300GB):

Removed the swap partition and re-created it:

sudo lvremove /dev/larjona-pc-vg/swap_1
sudo pvresize --setphysicalvolumesize 380G /dev/mapper/cryptdisk
sudo pvchange -x y /dev/mapper/cryptdisk
sudo lvcreate -L 4G -n swap_1 larjona-pc-vg
sudo mkswap -L swap_1 /dev/larjona-pc-vg/swap_1

Display information about the physical volume in order to shrink it:

sudo pvs -v --segments --units s /dev/mapper/cryptdisk
sudo cryptsetup -b 838860800 resize cryptdisk
sudo cryptsetup status cryptdisk
sudo vgchange -a n vgroup
sudo vgchange -an
sudo cryptsetup luksClose cryptdisk

Then reduced the sda3 partition with the KDE partition manager (it took a while), and copy it to the new disk.

Turned off the computer and unplugged the old disk. Started the computer with the Debian 11 Live USB again, UEFI boot.

Now, to make my system boot:

sudo cryptsetup luksOpen /dev/sda3 crypdisk
sudo vgscan --mknodes
sudo vgchange -ay
sudo mount /dev/mapper/larjona--pc--vg-root /mnt
sudo mount /dev/sda2 /mnt/boot
sudo mount /dev/sda1 /mnt/boot/efi
mount --rbind /sys /media/linux/sys
mount -t efivarfs none /sys/firmware/efi/efivars
for i in /dev /dev/pts /proc /run; do sudo mount -B $i /mnt$i; done
sudo chroot /mnt

Then edited /mnt/etc/crypttab to reflect the name of the new encrypted partition, edited /mnt/etc/fstab to paste the UUIDs of the new partitions.
Then ran grub-install and reinstalled the kernels as noted in the reference, rebooted and logged in my Plasma desktop 🙂

(Well, the actual process was not so smooth but after several tries and errors and searching for help I managed to get the needed commands to make my system boot from the new disk).

Advertisement

Android backups with rsync

A quick note to self to remind how I do backups of my Android device with rsync (and adb).

I have followed this guide: How to use rsync over USB on Android with adb

My personal notes:

• I have Lineage so I have rsync in my Android device already installed
• I run Debian stable (buster, for now) on my laptop, with adb installed
• My /sdcard/rsyncd.conf file:

address = 127.0.0.1
port = 1873
uid = 0
gid = 0
[root]
path = /
use chroot = false
read only = false'

• Start port forwarding by running: adb forward tcp:6010 tcp:1873
• The command:

adb shell /data/local/tmp/rsync --daemon --no-detach --config=/sdcard/rsyncd.conf --log-file=/proc/self/fd/2

didn’t work, produced this message: “@ERROR: protocol startup error” so I ended up doing:

adb shell
rsync --daemon --no-detach --config=/sdcard/rsyncd.conf --log-file=/sdcard/rsync.log

and opened another tab to perform the rsync commands from my laptop:

rsync -av --progress --stats rsync://localhost:6010/root/storage .
rsync -av --progress --stats rsync://localhost:6010/root/data .

Then I saw that rsync was copying the symlinks instead of their contents: /storage/self/primary was a broken link to /mnt/user/0/primary

So I ran again the commands with -LK:

rsync -av --progress --stats -LK rsync://localhost:6010/root/storage .
rsync -av --progress --stats -LK rsync://localhost:6010/root/data .

and now I have a copy of all the files I’m interested. In addition to this, I run an adb backup of the system:

adb backup -f ./adb_backup_apk_shared_all_system.ad -apk -shared -all -system

and I think that’s all that I need for the case I want to remove stuff from my phone or some disaster happens.

A new home for Debian in the Mastodon / ActivityPub fediverse: follow @debian@framapiaf.org (and possible future moves)

TL;DR

Recent events in the fediverse in general and related to fosstodon.org instance in particular have made me rethink the place where I’d like to handle the @debian account in the Mastodon/GNU Social/ActivityPub fediverse.
I couldn’t decide a “final” place yet, but I’m exploring options (including selfhosting).

For now, I’ve moved the account to @debian@framapiaf.org – Please follow @debian there. Thank you Framasoft for administering and providing the service.

(Some) context

Note: This paragraph is updated (2019-07-28), thanks to the people pointing to me that it was unclear, I hope this new wording and details clarifies more my position.

For a summary of what happened plus some thoughts thrown to the table you can read this article by Brandon ‘LinuxLiaison’ Nolet and this one by ’emsenn’. I’ve been thinking about all this, and I decided to leave the fosstodon.org instance because I believe there are underlying issues that the provided apology does not solve, and do not help to foster the welcoming, diverse and inclusive environment where I’d like to be, for me, and for this non-official debian account. There is more info out there and several different personal opinions, so I guess people interested in learn more about the context can find by themselves.

Roadmap

• Starting 2019-07-28 I’ll post the micronews.debian.org RSS feed in @debian@framapiaf.org
• I will continue posting the micronews.debian.org RSS feed to @debian@fosstodon.org too, to give time for this news to spread and people to move.
• I will fix a toot to this blog post in both accounts, because  @debian@framapiaf.org may be temporary (or not. we’ll see).
• On 1 September I will stop sending the micronews feed to @debian@fosstodon.org  and I will only post a toot to this blog post from time to time.
• On 1 October I will stop posting anything from @debian@fosstodon.org and close the account or make it dormant or whatever.
• I don’t think I will take a new decision of a final or future move before October. I will try to put time on exploring options from September until the end of the year. Depending on my availability and the available help from Debian friends, the final home of the @debian account in the fediverse will be settled soon or later… you know, “when it’s ready”.

Thanks for understanding, and for your help

All this caught me in a “bad moment” (very busy with Debian and non-Debian stuff + personally, lower energy than usually). I apologise for not giving much details and also for not reacting quicker.

I appreciate if you can spread this news so people follow the new account easily.
I would like to thank the friends that gave me some heads up about what was happening, and helped me to understand in a time where I could have not much time to read everything, and also were patient to wait for me to take a decision.

Reminder: the account, wherever it’s hosted, is a mirror of micronews.debian.org

Finally, I would like to remind everybody that the @debian account in the fediverse, wherever is hosted, is not official. It just posts the RSS feed provided by https://micronews.debian.org, which is one the official source of news about Debian. Micronews includes short news produced or selected by the Debian Publicity team and also broadcasts links to the longer official announcements posted in the other official channels: the Debian blog, the Debian website or the Debian announce and news mailing lists.

Instalación de DNI electrónico (DNIe) en Debian 10 Buster

Realicé una instalación desde cero de Debian 10 Buster en una de mis máquinas y aún no había instalado el DNI (Documento nacional de Identidad) electrónico para hacer gestiones con las administraciones públicas españolas, así que me he puesto hoy a ello.
Ha sido relativamente sencillo.

1.- Paquetes necesarios para el lector y gestión de la entrada del PIN (tengo instalado KDE Plasma, y ya tenía pinentry-qt instalado)

sudo apt-get install pcscd pcsc-tools opensc

2.- Comprobar que el lector funciona: pinchar el lector USB con el DNI metido, y escribir

pcsc_scan

Esta es la salida que me proporciona:

$ pcsc_scan

Using reader plug'n play mechanism
Scanning present readers...
0: C3PO LTC31 v2 00 00
 
Mon Jun 24 12:35:44 2019
 Reader 0: C3PO LTC31 v2 00 00
  Event number: 0
  Card state: Card inserted, Shared Mode, 
  ATR: 3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00

ATR: 3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: 44 4E 49 65 10 01 01 55 04 21
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 .. 03 90 00
        DNIE Spain (eID)
        http://www.dnielectronico.es/PortalDNIe/

Salgo con Ctrl+C y desconecto el lector de DNI.

3.- Instalar el paquete de DNI electrónico, para Debian: vamos a usar los de Debian Stretch, porque aún no hay paquetes para Buster disponibles.

$ wget https://www.dnielectronico.es/descargas/distribuciones_linux/libpkcs11-dnie_1.5.0_amd64.deb

Compruebo que la suma de comprobación es correcta:

$ md5sum libpkcs11-dnie_1.5.0_amd64.deb 
526cb7761f312f2beb97344cc74f3dcc  libpkcs11-dnie_1.5.0_amd64.deb

Instalo

$ sudo dpkg -i libpkcs11-dnie_1.5.0_amd64.deb

Aquí se instala el paquete pero luego da un error porque intenta abrir Firefox como root, cosa que el sistema no deja.

He mirado los contenidos del paquete y realmente lo que se hace es llamar a un script en Perl que es el que lanza Firefox, así que lo llamo como usuario normal:

$ /usr/share/libpkcs11-dnietif/launch.pl

Se abre Firefox y hay que seguir las instrucciones de la página web que aparece (file:///usr/share/libpkcs11-dnietif/launch.html) para cargar el módulo de seguridad de DNIe, y la autoridad de certificación FNMT (yo he cargado solamente el módulo de seguridad, porque creo que la FNMT ya la incorpora Firefox). Si veo que algo falla volveré aquí, terminaré las instrucciones, y actualizaré este artículo.

Una vez hecho esto, cierro Firefox, lo vuelvo a abrir, entro en una web que me pida el DNIelectrónico, y compruebo que funciona.

MiniDebConf Marseille 2019

I’ve attended the MiniDebConf Marseille (France) during this weekend (25–26 May 2019).

I’m very happy that I could meet new Debian and free software friends and meet again other Debian friends.

I gave a talk about the Welcome team and some examples of non-packaging contributions to Debian. You can see the slides in the Welcome team wiki page and the video will be linked there when it is available (probably soon, thanks to our awesome Debian Video Team!).

I could also talk face to face with some Debian mates about the publicity team and other things. Everybody was very welcoming, a day full of good moments.

The conference is still going on today, but I’m already on my way home (I couldn’t attend on Sunday).

I’ve also paid attention to learn about the organisation, maybe I can find the opportunity and the resources to host a Debian event in my area in the future.

I gave away some Debian/free software stickers and got some more made by Debian France, to ensure I always have some, for future Debian contributors 😉

A weekend for the Debian website and friends

Last weekend (15-17 March 2019) some members of the Debian web team have met at my place in Madrid to advance work together in what we call a Debian Sprint. A report will be published in the following days, but I want to say thank you to everybody that made possible this meeting happen.

We have shared 2-3 very nice days, we have agreed in many topics and started to design an new homepage focused in newcomers (since a Debianite usually just go to the subpage they need) and showing that Debian the operating system is made by a community of people. We are committed to simplify the content of and the structure of www.debian.org, we have fixed some bugs already, and talked about many other aspects. We shared some time to know each other, and I think all of us became motivated to continue working on the website (because there is still a lot of work to do!) and make easy for new contributors to get involved too.

For me, a person who rarely finds the way to attend Debian events, it was amazing to meet in person with people who I have shared work and mails and IRC chats since years in some cases, and to offer my place for the meeting. I have enjoyed a lot preparing all the logistics and I’m very happy that it went very well. Now I walk through my neighbourhood for my daily commute and every place is full of small memories of these days. Thanks, friends!

Debian is back in the Mastodon/GNU Social fediverse, follow fosstodon.org/@debian

The GNU Social instance where the @debian account was hosted (quitter.se) shut down last May. Thanks to the Quitter.se admins for all this time!

Long overdue, I’ve setup the @debian account with the feed of micronews.debian.org in other place (I still cannot selfhost properly, due to time constraints mostly). This time I chose a Mastodon instance, fosstodon.org. Thanks to the Fosstodon admins for hosting, and Carl Chenet for feed2toot.

If you are in the GNU Social/Mastodon fediverse (or other network compatible with ActivityPub I guess), you can follow https://fosstodon.org/@debian to get the news (the official source will always be https://micronews.debian.org, though).

I will try to follow back and answer mentions/replies as time allows. Ping (my contact info is in https://wiki.debian.org/LauraArjona) if something goes wrong (I’m learning this new platform) and I’ll do my best to get things back to normal.

Happy Solstice!

Handling an old Digital Photo Frame (AX203) with Debian (and gphoto2)

Some days ago I found an key chain at home that was a small digital photo frame, and it seems that was not used since 2009 (old times when I was not using Debian at home yet). The photo frame was still working (I connected it with an USB cable and after some seconds, it turned on), and showed 37 photos from 2009 indeed.

When I connected it with USB cable to the computer, it was asking “Connect USB? Yes/No” I pressed the button saying “yes” and nothing happened in the computer (I was expecting an USB drive to be shown in Dolphin, but no).

I looked at “dmesg” output and it was shown as a CDROM:

[ 1620.497536] usb 3-2: new full-speed USB device number 4 using xhci_hcd
[ 1620.639507] usb 3-2: New USB device found, idVendor=1908, idProduct=1320
[ 1620.639513] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 1620.639515] usb 3-2: Product: Photo Frame
[ 1620.639518] usb 3-2: Manufacturer: BUILDWIN
[ 1620.640549] usb-storage 3-2:1.0: USB Mass Storage device detected
[ 1620.640770] usb-storage 3-2:1.0: Quirks match for vid 1908 pid 1320: 20000
[ 1620.640807] scsi host7: usb-storage 3-2:1.0
[ 1621.713594] scsi 7:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2
[ 1621.715400] sr 7:0:0:0: [sr1] scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
[ 1621.715745] sr 7:0:0:0: Attached scsi CD-ROM sr1
[ 1621.715932] sr 7:0:0:0: Attached scsi generic sg1 type 5

But not automounted.
I mounted it and then looked at the files, but I couldn’t find photos there, only these files:

Autorun.inf FEnCodeUnicode.dll LanguageUnicode.ini
DPFMate.exe flashlib.dat StartInfoUnicode.ini

The Autorun.inf file was pointing to the DPFMate.exe file.

I connected the device to a Windows computer and then I could run the DPFMate.exe program, and it was a program to manage the photos in the device.

I was wondering if I could manage the device from Debian and then searched for «dpf “digital photo frame” linux dpfmate» and found this page:

http://www.penguin.cz/~utx/hardware/Abeyerr_Digital_Photo_Frame/

Yes, that one was my key chain!

I looked for gphoto in Debian, going to https://packages.debian.org/gphoto and then learned that the program I need to install was gphoto2.
I installed it and then went to its Quick Start Guide to learn how to access the device, get the photos etc. In particular, I used these commands:

gphoto2 --auto-detect

Model Port 
----------------------------------------------------------
AX203 USB picture frame firmware ver 3.4.x usbscsi:/dev/sg1

gphoto2 --get-all-files

(it copied all the pictures that were in the photo frame, to the current folder in my computer)

gphoto2 --upload-file=name_of_file

(to put some file in the photo frame)

gphoto2 --delete-file=1-38

(to delete the file 1 to 38 in the photo frame).

Debian and free software personal misc news

Many of them probably are worth a blog post each, but it seems I cannot find the time or motivation to craft nice blog posts for now, so here’s a quick update of some of the things that happened and happen in my digital life:

• Debian Jessie became LTS and I still didn’t upgrade my home server to stable. Well, I could say myself that now I have 2 more years to try to find the time (thanks LTS team!) and that the machine just works (and that’s probably the reason for not finding the motivation to upgrade it or to put time on it (thanks Debian and the software projects of the services I run there!)) but I have to find the way to give some love to my home server during this summer, otherwise I won’t be able to do it probably until the next summer.

 

• Quitter.se is down since several weeks, and I’m afraid it probably won’t come back. This means my personal account larjona@quitter.se in GNU Social is not working, and the Debian one (debian@quitter.se) is not working either. I would like to find another good instance where to create both accounts (I would like to selfhost but it’s not realistic, e.g. see above point). Considering both GNU Social and Mastodon networks, but I still need to do some research on uptimes, number of users, workforce behind the instances, who’s there, etc. Meanwhile, my few social network updates are posted in larjona@identi.ca as always, and for Debian news you can follow https://micronews.debian.org (it provides RSS feed), or debian@identi.ca. When I resurrect @debian in the fediverse I’ll publicise it and I hope followers find us again.

 

• We recently migrated the Debian website from CVS to git: https://salsa.debian.org/webmaster-team/webwml/ I am very happy and thankful to all the people that helped to make it possible. I think that most of the contributors adapted well to the changes (also because keeping the used workflows was a priority), but if you feel lost or want to comment on anything, just tell. We don’t want to loose anybody, and we’re happy to welcome and help anybody who wants to get involved.

 

• Alioth’s shutdown and the Debian website migration triggered a lot of reviews in the website content (updating links and paragraphs, updating translations…) and scripts. Please be patient and help if you can (e.g. contact your language team, or have a look at the list of bugs: tagged or the bulk list). I will try to do remote “DebCamp18” work and attack some of them, but I’m also considering organising or attending a BSP in September/October. We’ll see.

 

• In the Spanish translation team, I am very happy that we have several regular contributors, translating and/or reviewing. In the last months I did less translation work than what I would like, but I try not to loose pace and I hope to put more time on translations and reviews during this summer, at least in the website and in package descriptions.

 

• One more year, I’m not coming to DebConf. This year my schedule/situation was clear from long ago, so it’s been easier to just accept that I cannot go, and continue being involved somehow. It’s sad not being able to celebrate the migration with web team mates, but I hope they celebrate anyway! I am a bit behind with DebConf publicity work but I will try to catch up soon, and for DebConf itself I will try to do the microblogging coverage as former years, and also participate in the IRC and watching the streaming, thanks timezones and siesta, I guess 😉

 

• Since January I am enjoying my new phone (the Galaxy S III broke, and I bought a BQ Aquaris U+) with Lineage OS 14.x and F-Droid. I keep on having a look each several days to the F-Droid tab that shows the news and updated apps and it’s amazing the activity and life of the projects. A non exhaustive list of the free software apps that I use: AdAway, Number Guesser (I play with my son to this), Conversations, Daily Dozen, DavDroid, F-Droid, Fennec F-Droid, Hacker’s Keyboard, K-9 Mail, KDE Connect, Kontalk, LabCoat, Document Reader, LibreOffice Viewer (old but it works), Memetastic, NewPipe, OSMAnd~, PassAndroid, Periodical, Puma, Quasseldroid, QuickDic, RadioDroid, Reader for Pepper and Carrot, Red Moon, RedReader, Ring, Slight Backup, Termux. Some other apps that I don’t use them all the time but I find it’s nice to have them are AFWall+, Atomic (for when my Quassel server is down), Call Recorder, Pain Diary, Yalp Store. My son decided not to play games in phones/tablets so we removed Anuto TD, Apple Finger, Seafood Berserker, Shattered Pixel Dungeon and Turo (I appreciate the games but I only play some times, if another person plays too, just to share the game). My only non-free apps: the one that gives me the time I need to wait at the bus stop, Wallapop (second hand, person to person buy/sell app), and Whatsapp. I have no Google services in the phone and no Location services available for those apps, but I give the bus stop number or the Postal code number by hand, and they work.

 

• I am very very happy with my Lenovo X230 laptop, its keyboard and everything. It runs Debian stable for now, and Plasma Desktop. I only have 2 issues with it: (1) hibernation, and (2) smart card reader. About the hibernation: sometimes, when on battery, I close the lid and it seems it does not hibernate well because when I open the lid again it does not come back, the power button blinks slowly, and pressing it, typing something or moving the touchpad, have no effect. The only ‘solution’ is to long-press the power button so it abruptly shuts down (or take the battery off, with the same effect). After that, I turn on again and the filesystem complains about the unexpected shut down but it boots correctly. About the smart card reader: I have a C3PO LTC31 smart card reader and when I connect it via USB to use my GPG smart card, I need to restart pcsc service manually to be able to use it. If I don’t do that, the smart card is not recognised (Thunderbird or whatever program asks me repeatedly to insert the card). I’m not sure why is that, and if it’s related to my setup, or to this particular reader. I have another reader (other model) at work, but always forget to switch them to make tests. Anyway I can live with it until I find time to research more.

There are probably more things that I forget, but this post became too long already. Bye!

 

Kubb 2018 season has just begun

Since last year I play kubb with my son. It’s a sport/game of marksmanship and patience. It’s a quite inclusive game and it’s played outside, in a grass or sand field.

It happens that the Spanish association of Kubb is in the town where I live (even, in my neighbourhood!) so several family gatherings with tournaments happen in the parks near my house. Last year we attended for first time and learned how to play, and since then, we participated in 2 or 3 events more.

As kubb is played in open air, season starts in March/April, when the weather is good enough to have a nice morning in the park. I got surprised that being a so minority game, about 50-100 people gather in each local tournament, grouped in teams of any kind: individuals, couples or up to 6 persons-teams, mothers and daughters, only kids-teams, teams formed by people of 3 different generations… as strenght or speed (or even experience) are not relevant to win this game, almost anybody can play with anybody.

Enjoying playing kubb makes me also think about how communities around a non-mainstream topic are formed and maintained, and how to foster diversity and good relationships among participants. I’ve noted down some ideas that I think the kubb association does well:

•  No matter how big or small you are, always take into account the possible newcomers: setting a slot at the start of the event to welcome them and explain “how the day will work” makes those newcomers feel less stressed.
• Designing events where the whole family can participate (or at least “be together”, not only “events with childcare”) but it’s not mandatory that all of them participate, helps people to get involved more long-term.
• The format of the event has to be kept simple to avoid organisers to get burned out. If the organisers are so overwhelmed taking care of things that they cannot taste the result of their work, that means that the organisation team should grow and balance the load.
• Having a “break” during the year so everybody can rest and do other things also helps people get more motivated when the next season/event starts.

Thinking about kubb, particularly together/versus with the other sport that my kid plays (football), I find similarities and contrasts with another “couple” of activities that we also experience in our family: the “free software way of life” versus the “mainstream use” of computers/devices nowadays. It’s good to know both (not to be “apart of the world in our warm bubble”), and it’s good to have the humble, but creative and more human-focused and good-values-loaded one as big reference for the type of future that we want to live and we build everyday with our small actions.

Comments?

You can comment on this post using this pump.io thread.