HOWTO – Fabian Stanke (privat)

Add EXIF camera information

Having tried the local analogue film scanning service provided by Fotospeed, I just have picked up the DVD holding my first „hybrid“ photos. Naturally, the files could not contain any EXIF data related to my camera.

Eclipse CDT crash

If you’re using the Eclipse CDT for C++ development and experience crashes immediately after loading the workspace (during indexing) on Linux (I saw it on Fedora and openSUSE), you should use the workaround suggested in the corresponding Bugzilla entry. Essentially you have to add the line

-XX:-UseCompressedOops

to your eclipse.ini.

Fedora Live USB with GRUB

As already mentioned in my last post, my laptop won’t boot from a USB stick prepared using a binary copy of an ISO (by means of dd). Here is the method I use to boot the Fedora Live images off my USB stick using GNU GRUB2. The device node of the USB driver is denoted /dev/sdX in the following and must be replaced with the actual device node (e.g. /dev/sdc).

Prepare a partition on the USB stick and/or make sure there is enough space on it (it must be slightly larger than the ISO image).
Make sure it is flagged bootable. ( fdisk -l /dev/sdX is your friend)
Remember the name of the USB partition you’re going to use or if unlabelled, label it.
Loop-mount the ISO image using something like mount -o loop /path/to/iso /mnt/loop
Copy the content of the ISO over to the USB
Install GRUB on the USB by issuing grub-install --no-floppy --root-directory=/mnt/usb /dev/sdX

Create a /mnt/usb/boot/grub/grub.cfg with the following content

menuentry "Fedora Live" {
 linux /isolinux/vmlinuz0 root=live:LABEL=XYZ rootfstype=auto ro liveimg quiet  rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM
 initrd /isolinux/initrd0.img
}

menuentry "Fedora Live (Basic Video)" {
 linux /isolinux/vmlinuz0 root=live:LABEL=XYZ rootfstype=auto ro liveimg quiet  rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM xdriver=vesa nomodeset
 initrd /isolinux/initrd0.img
}

where XYZ must be replaced by the actual partition name of your USB partition.

Unmount and boot

Secure Firefox with AppArmor

To „lock down“ Firefox on an openSUSE 11.3 machine, I used the four AppArmor profiles you find below. The first is an openSUSE default profile and the second is based on the openSUSE default profile. My changes include support for PulseAudio sound and the Flash plugin, where the latter is realized with local profiles that are stronger confined than Firefox itself. Finally, I added permission for Zotero requirements.

# /etc/apparmor.d/usr.lib.firefox.firefox.sh

#include 

/usr/lib/firefox/firefox.sh {
  #include 
  #include 
  #include 

  deny capability sys_ptrace,

  /bin/basename rix,
  /bin/bash rix,
  /bin/grep rix,
  /etc/magic r,
  /usr/bin/file rix,
  /usr/lib/firefox/firefox px,
  /usr/share/misc/magic.mgc r,
}

# /etc/apparmor.d/usr.lib.firefox.firefox

#include 

/usr/lib/firefox/firefox {
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 
  #include    

  deny /usr/lib/firefox/firefox.sh x,
  deny /usr/lib/mozilla/extensions/*/ w,

  /bin/bash ix,
  /bin/uname ix,

  /etc/gai.conf r,
  /etc/gnome-vfs-2.0/modules/ r,
  /etc/gre.d/ r,
  /etc/gre.d/* r,
  /etc/mailcap r,
  /etc/mime.types r,
  /etc/mtab r,
  /etc/opt/kde3/share/applications/ r,
  /etc/opt/kde3/share/applications/mimeinfo.cache r,

  owner @{HOME}/.ICEauthority r,
  owner @{HOME}/.beagle/ToIndex/* rw,
  owner @{HOME}/.fontconfig/* r,
  owner @{HOME}/.icons/ r,
  owner @{HOME}/.local/share/applications/ r,
  owner @{HOME}/.local/share/applications/* r,
  owner @{HOME}/.local/share/mime/* r,
  owner @{HOME}/.mozilla/extensions/** rw,
  owner @{HOME}/.mozilla/firefox/** rw,
  owner @{HOME}/.mozilla/firefox/**.sqlite* k,
  owner @{HOME}/.mozilla/firefox/**/.parentlock k,

  /opt/kde3/share/applications/ r,
  /opt/kde3/share/applications/mimeinfo.cache r,

  owner @{PROC}/*/mounts r,
  owner @{PROC}/*/fd/ r,
  @{PROC}/meminfo r,
  @{PROC}/sys/kernel/ngroups_max r,

  /usr/bin/tr ix,
  /usr/bin/which ix,

  /usr/lib/**.so mr,
  /usr/lib/firefox/firefox rix,
  /usr/lib/libproxy/pxgconf ix,
  /usr/lib/nspluginwrapper/*/linux/npviewer rcx -> npviewer,
  /usr/lib/xulrunner-*/plugin-container cx -> plugin_container,

  /usr/local/share/applications/ r,
  /usr/local/share/applications/* r,
  /usr/share/applications/ r,
  /usr/share/applications/* r,
  /usr/share/gvfs/remote-volume-monitors/ r,
  /usr/share/gvfs/remote-volume-monitors/* r,
  /usr/share/locale-bundle/**.mo r,
  /usr/share/mime/**.xml r,
  /usr/share/mozilla/extensions/** r,
  /usr/share/myspell/* r,

  /var/cache/gio-2.0/defaults.list r,
  /var/cache/libx11/compose/* r,
  owner /var/run/gdm/*/database r,

  profile npviewer {
    #include 
    #include 
    #include 

    /bin/bash rix,
    /bin/uname rix,
    /usr/bin/tr rix,
    /usr/bin/which rix,
    /usr/lib/nspluginwrapper/*/linux/npviewer.bin rix,
  }

  profile plugin_container {
    #include 
    #include 
    #include 
    #include 
    #include 

    deny /etc/passwd r,
    deny @{PROC}/uptime r,
    deny @{HOME}/.mozilla/firefox/profiles.ini r,

    /bin/bash ix,
    /bin/grep ix,
    /bin/ps ix,

    owner @{PROC}/*/fd/ r,
    owner @{PROC}/*/stat r,

    owner /var/run/gdm/*/database r,
    owner @{HOME}/.adobe/Flash_Player/**/ w,
    owner @{HOME}/.adobe/Flash_Player/AssetCache/ r,
    owner @{HOME}/.macromedia/Flash_Player/** rw,
  }

  # Zotero-specific rules
  owner @{HOME}/.mozilla/firefox/*/zotero/pdfinfo-Linux-* cx -> zotero_tools,
  owner @{HOME}/.mozilla/firefox/*/zotero/pdftotext-Linux-* cx -> zotero_tools,
  owner @{HOME}/.zoteroIntegrationPipe rw,
  /usr/bin/evince Ux,
  /usr/bin/mkfifo ix,
  profile zotero_tools {
    #include 

    owner @{HOME}/.mozilla/firefox/*/zotero/storage/*/* r,
    owner @{HOME}/.mozilla/firefox/*/zotero/storage/*/.zotero-ft-info w,
    owner @{HOME}/.mozilla/firefox/*/zotero/storage/*/.zotero-ft-cache w,
  }
}

# /etc/apparmor.d/abstractions/pulseaudio

/dev/shm/ r,
owner /dev/shm/pulse-shm-* rw,
/dev/snd/*      rw,

/etc/alsa-pulse.conf r,
/etc/asound-pulse.conf r,
/etc/pulse/client.conf r,

owner @{HOME}/.pulse-cookie rwk,

/usr/bin/pulseaudio px,

/usr/share/alsa/** r,
/usr/share/sounds/** r,

/var/lib/dbus/machine-id r,

# vim:syntax=apparmor

# /etc/apparmor.d/usr.bin.pulseaudio

#include 

/usr/bin/pulseaudio {
  #include 
}

Inkscape Standardvorlage

Gestern war ich wieder einmal in der Situation, dass ich eine per Hand gezeichnete Skizze in einem Dokument verwenden wollte. In solchen Faellen ist Vektorgrafik Software Inkscape für mich die erste Wahl. In Inkscape angefertigte Zeichnungen lassen lassen sich ganz natürlich im EPS Format exportieren, das wiederum erste Wahl für Grafiken in LaTeX Dokumenten ist. Bei Bedarf lassen sich EPS Dateien auch unkompliziert in PDF umwandeln und mit pdfLaTeX verwenden.

Nun muss ich jedes Mal, wenn ich eine neue Zeichnung mit Inkscape beginnen wollte, zuerst eine Reihe von Dokumenteneinstellungen ändern, weil eine A4 Seite im Hochformat und mit Pixel Angaben auf den Linealen nicht das ist, was ich brauche. Stattdessen verwende ich immer A6 im Querformat mit Millimeter Angaben und einem 1mm Gitter. Die Vermutung, dass sich die Standardeinstellungen ändern lassen, bestätigte sich anhand eines Treffers in den Inkscape FAQ.

Um es kurz zu machen: Man muss ein leeres Dokument nach den eigenen Vorstellungen erstellen und es als

~/.config/inkscape/templates/default.de.svg

speichern, wenn man, wie ich, Deutsch als Systemsprache verwendet.