http://norman.walsh.name/2005/09/12/ubuntu 8 117 2005-09-12T06:32:42-04:00 $Date: 2005-09-13 09:40:42 -0400 (Tue, 13 Sep 2005) $ Norman Walsh 2005 Norman Walsh Notes on switching to Ubuntu: the good, the annoying, and the seriously bad. [Update: no more badness.] After a decade of Debian (give or take a few awful years when I was forced to run a proprietary OS), I decided I'd give Ubuntu a try. Ubuntu is built on top of Debian and I'm sure I never would have switched if it hadn't been, so this migration isn't intended as a criticism of Debian. Some folks subscribe to the “if it ain't broke, don't fix it” motto, but I've never been very content that way. If it can be made better, isn't it just a little bit broken? Anyway, it's certainly reasonable to ask why I'd go off and do something as radical as start my desktop OS from scratch. I had several motivations: I wanted to use encrypted partitions for my email and other documents. Granted, I don't really have anything on my laptop that's worthy of corporate espionage, nor do I have any deep, dark secrets in my email that would make good blackmail fodder, but the villains don't know that. And it irks me that they could boot with a Knoppix CD and read my disk. Not anymore. I wanted a distribution that stayed a little closer to the bleeding edge. I've heard good things from friends and colleagues about Ubuntu and it seems to be aimed at achieving a good balance between stability and the absolute latest releases. My system is a collection of hacks on top of hacks. This isn't a bad thing, it just reflects years of working through bugs and issues with alpha versions of everything. I wanted to “start over”. I'm really trying to minimize the amount of customization I do, I'm trying to use the advertised interfaces as much as possible and hacking /etc/init.d/ as little as possible. I'm feeling hugely over-stressed. I have deadlines on top of deadlines and I needed something to do in the evenings that would be distracting but not too hard. I'm sure this is bad time management, but it keeps me sane.

There was no way to do this “in place” without risking my ability to get my day job done, so I stared with a new 80Gb disk. The first step was booting the Ubuntu “Hoary Hedgehog” install CD and partitioning the disk. As near as I can tell, partitioning is as much art as science. I had a couple of constraints to consider: first, I wanted to encrypt part of the disk and second, I store email in individual files. Encryption meant that I needed an unencrypted boot partition and an encrypted partition. Efficiently storing a quarter of a million small email messages in individual files means that I need a partition for that too (so that I can set a small block size). I think it's possible to make a very tiny unencrypted boot partition and store the majority of the system on the encrypted partition, but I decided not to bother. I don't need to encrypt the OS. In the end, I created five partitions: Partition Size Notes hda1, unused 10Gb In case I need some proprietary OS someday hda2, root 25Gb The OS hda3, swap 2Gb Big enough for hibernation hda5, data 39Gb Encrypted data hda6, mail 4 Gb Encrypted mail

After partitioning, I finished the “Hoary” install and poked about. No fvwm. Hmm. Not good. Not even livable. I could have grabbed the source, but I'm trying not to do that. A little exploration revealed that it's in the next Ubuntu release, the soon-to-be-ready “Breezy Badger”. What the heck: fiddle /etc/apt/sources.list, run apt-get update; apt-get dist-upgrade, and I'm running “Breezy”. Get fvwm and switch to it. I'm sure lots of folks want to have Nautilus running on their root window, but not me. I work with a six-desktop layout: desk 0 is my main work desktop, it has an emacs and two shell windows; desk 1 is for browsing, it has firefox; desk 2 is for email, it has an emacs, two shell windows, X-Chat, and Gaim; desk 3 is for VPN; and desks 4 and 5 are scratch space. There is no useful amount of root window visible on any of the desktops I routinely use and the only purpose for the little slivers that are visible is so that I can popup root menus. Getting nautilus off the root window requires unchecking /apps/nautilus/preferences/show_desktop in gconf-editor. Speaking of desktops, why doesn't the Workspace Switcher remember my preferences? Why does it always show four desktops when it starts instead of the six that I keep telling it I want? By the way, if there are any Gnome developers reading this, gconf-editor is not a feature, it's a bug. Please don't reinvent the Windows Registry. All these configuration settings ought to be in text files, probably XML, somewhere under ~/.gnome where I can grep for things! If you need a binary version for speed, fine, rebuild it every time I touch one of the real configuration files. Next annoyance, why don't any of the gcc packages create the /usr/bin/gcc symlink? Doesn't matter: symlink created. At this point, I had a working system, so I setup the encrypted partitions with dm-crypt and copied my data onto the new disk. Everything went smoothly. Both partitions are encrypted and when I boot, the system asks for the pass phrases. Here's a patch I decided I had to make: the distributed /etc/init.d/cryptdisks only asks once for each password. My typing is good, but the pass phrases are fairly long and my typing isn't that good. I decided to patch cryptdisks so that it will ask up to five times. I also figured it should run e2fsck before mounting the partitions. A consequence of having to type passwords at boot time is that the pretty, graphical “splash boot” option doesn't really work, so I turned it off. Next I installed the Thinkpad modules (for my T42p), switched to the “686” version of the Ubuntu 2.6.12-8 kernel, and installed my network printer under CUPS. All straightforward. There doesn't seem to be an Ubuntu or Debian package for mplayer, my video player of choice. In fairness, the mplayer build is pretty aggressive about optimizing for your hardware, so maybe it makes sense to build that one from source. Another annoyance: building mplayer revealed that Ubuntu puts the X11 include files in /usr/include/X11 instead of the expected /usr/X11R6/include/X11, but a symlink fixed that. Another unpackaged application: dspam. Getting that setup required retraining my spam filter, but that turned out not to be too hard. Switching to exim4 and getting my various spam-filtering, mailhop forwarding, work, and home configurations setup was a bit more tedious, but I got there. Getting Gnome to use the “emacs” theme (an absolute requirement, from my point of view) required another trip through gconf-editor to /desktop/gnome/interface/gtk_key_theme to set it to “Emacs”. I was naively expecting to just copy my subversion repositories, but instead I had to dump and restore them. I also moved the location of the working directory for this site, so I decided to rebuild the whole thing, just to make sure I got all the configuration correct. After a couple of false starts, I got there. I think. Ubuntu installs a whole bunch of X11 drivers for various video cards. Why can't I uninstall all the ones that I don't actually need? The way the dependencies are setup, it's all or none. Well, I guess disk space is cheap. The last thing I had to figure out was where to install my firewall configuration (an iptables script). Installing the Ubuntu iptables package didn't seem to put any sort of init script in place, so I just popped it back in /etc/init.d/ and linked it from /etc/rc2.d as an “S13” process. Hmm, and I still need to figure out DVD burning. I don't see a cdrecord-dvdpro package, but I do see some other DVD-related things. All-in-all, Ubuntu is working out perfectly. Almost all of my hacks are gone: mounting the encrypted disks, starting wifi, loading X11, etc., all “just work”. I think that's the way it's supposed to be.

I do have one really serious issue: the Cisco VPN client that I have to run to connect to the corporate firewall raises a kernel panic occasionally. And by occasionally, I mean, within a few hours if I keep it running. I thought I'd back down to the 2.6.11.3 custom kernel that I had been using, but it can't seem to mount the encrypted partitions. While booting, it reports: device-mapper: error adding target to table device-mapper: dm-linear: Device lookup failed That's odd because I had successfully tested encryption on an external disk under the old system, and the new system can still mount that encrypted disk, so there must be some incompatibility in libraries or some aspect of the LVM system. It's a rock and hard place, for sure. Most of my animosity about this is directed at the closed-source Cisco VPN software, but I can't use the open source alternative until it supports profile certificates. So far the crashes have been harmless. I backup often. And I'm running VPN as infrequently as possible. I think I might try building my own custom kernel, I'd like to enable preemptive scheduling anyway, and see if that helps. I've tried both vpnclient-linux-4.6.02.0030-k9.tar.gz and vpnclient-linux-x86_64-4.6.03.0190-k9.tar.gz. Suggestions most welcome.