All posts by cdstealer

Vegan

Stollen

Makes 1 loaf | Prep 30 mins + resting | Cook 1hr 45mins | Calories 629 per serving

Ingredients:

40g (1.5oz) silken tofu
75g (2.5oz) sultanas
100g (3.5oz) raisins (I don't like raisins so I used more sultanas)
45g (1.5oz) chopped peel
60g (2oz) whole almonds, chopped
1 lemon zest
0.5 tsp ground cinnamon
0.25 tsp grated nutmeg
1 tbsp dark rum (The Kracken is nice)
375g (13oz) strong white bread flour
1.75 tsp (7g) fast-action dried yeast
60g (2oz) caster sugar (I used coconut sugar)
60g (2oz) soy spread (melted)
150ml Warm almond milk
200g (7oz) marzipan

To finish:

60g (2oz) melted soy spread
125g (4.5oz) icing sugar

Method:

1) For the stollen, blend the tofu in a food processor until smooth. Scrape into a bowl, cover and set aside. Mix together the fruits, almonds, spices and rum. Cover and set aside.

2) Combine the flour, yeast and sugar in a bowl. Add the tofo, marg and almond milk. Mix to a dough. If it feels dry, add an extra 1-2 tbsp of almond milk, mixing again until ready.

3) Turn out onto a floured surface and kneed for 8-10 minutes until elastic. Place in a lightly oiled bowl. Cover with clingfilm and leave to rise until doubled in size (1 hour).

4) Turn the dough out onto a lightly floured surface. Gradually knead in the fruit mixture and marzipan until distributed.

5) Turn out onto a work surface and shape into a flat log. Lift onto a baking tray, cover loosely with a damp tea towel and leave to rise for about 45 minutes until slightly puffed.

6) Preheat the oven to 190C/Gas Mark 5. Bake the stollen for 30-40 minutes until golden. Remove from the oven and leave to cool on the tray for 10 minutes.

7) To finish, brush the surface of the stollen with the melted margarine. Dust liberally with an even coating of icing sugar. Leave to cool completely before slicing and serving.

Linux

Linux Troubleshooting

Structure needs cleaning.

First you need to find files that cause this issue. this is very simple - in ls -l listing they will be shown like

????????? ? ? ? 1.7K Jun  8 13:49 filename

then, you need to run debugfs and delete inode of this file

debugfs -w /dev/sda5

-w says that partition will be opened in read-write mode.

In debugfs prompt you need to type

clri path/to/file

File path should be absolute for this partition. If your partition mounted to /mnt and file you need to delete is /mnt/folder/filename, you should use just folder/filename.

After deleting inodes of all broken files you can leave debugfs and run fsck on partition. It will automatically remove files without inodes and fix your partition.

Depmod Warning!

If you install any apps that build modules against the kernel, you may come up against the following warnings at the end of the compile.  This is a result of an option within the kernel that needs to be disabled.

>> Installing (1 of 1) net-firewall/xtables-addons-2.8::gentoo
 * Removing net-firewall/xtables-addons-2.8 from moduledb.
 * Updating module dependencies for 4.8.2-gentoo ...
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol _raw_spin_lock
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol xt_unregister_matches
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol synchronize_sched
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol vfree
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol xt_register_matches
depmod: WARNING: //lib/modules/4.8.2-gentoo/xtables_addons/xt_geoip.ko needs unknown symbol vmalloc [ ok ]
 * Adding module to moduledb.

The fix is to disable the Trim option:

[*] Enable loadable module support  --->
    [ ]   Trim unused exported kernel symbols
Linux

Raspberry Pi 3B Gentoo Install

Raspberry_Pi_Logo.svg

NOTE:  Although the CPU is 64bit, the rest of it is 32bit.  Trying to run in 64bit will cause pain and suffering.

Other NOTE:  I cannot YET get the display to work with hardware acceleration.  Blank screen when enabled and kodi goes nuts, writing hundreds of lines to the log per second.

15:24:07 T:1943678976 ERROR: Previous line repeats 1 times.
15:24:07 T:1943678976 ERROR: Invalid GUI Shader selected - [guishader_frag_fonts.glsl]
15:24:07 T:1943678976 ERROR: Invalid GUI Shader selected - [guishader_frag_texture_noblend.glsl]

Contents:

Partition SD
Boot
Root
Portage
Get a few things sorted
Screen
Offbox Building
Time to get compiling!
Distcc Server
Distcc Client
Systemd
WIFI
Locale
Hostname
Keymap
Tweaks
Caveats
Kodi
Mame

Partition SDtop

Example setup:

# fdisk -H255 -S63 /dev/sdX
--------------------------------------------------------------------------------
Disk /dev/sdg: 59 GiB, 63367544832 bytes, 123764736 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device Boot Start End Sectors Size Id Type
/dev/sdg1 * 2048 104447 102400 50M c W95 FAT32 (LBA)
/dev/sdg2 104448 115447807 115343360 55G 83 Linux
/dev/sdg3 115447808 123764735 8316928 4G 5 Extended
/dev/sdg5 115449856 123764735 8314880 4G 82 Linux swap / Solaris
--------------------------------------------------------------------------------

Format Filesystems:

mkfs.vfat -n BOOT /dev/sdg1
mke2fs -t ext4 -L ROOTFS /dev/sdg2
mkswap /dev/sdg5

The boot filesystem needs to be VFAT but the rest are up to you :)

Boot!top

Download the firmware archive from here

extract the /boot/* to the boot filesystem of the SD card.

Create a file called cmdline.txt to specify any necessary kernel parameters.
For example:

root=/dev/mmcblk0p2 rootdelay=2 rootfstype=ext4 rootwait

Create the file config.txt for more options.
For example:

gpu_mem=64 arm_control=0x200

That should be the boot system sorted :)

Roottop

Download stage3
stage3-armv7a_hardfp-YYYYMMDD.tar.bz2

Download portage

Unpack the stage3 tarball:

tar xpjf stage3-arm64-YYYYMMDD.tar.bz2 -C /path/to/sd/ROOTFS

Adjust the make.conf file:

/path/to/sd/ROOTFS/etc/portage/make.conf

CFLAGS="-O2 -march=armv7-a -mfpu=neon-vfpv4 -mfloat-abi=hard"
CXXFLAGS="${CFLAGS}"

Generate the root password hash:

openssl passwd -1

Add this to the /path/to/sd/ROOTFS/etc/shadow file

eg (replace the * between the first and second :)

root:$1$SnXkVgp0$AhbB/IogzcV.opa9suOx21:9797:0:::::

Adjust the /path/to/sd/ROOTFS/etc/fstab file. The SD card is recognized as /dev/mmcblk0

<fs> <mountpoint> <type> <opts> <dump> <pass>
/dev/mmcblk0p1 /boot vfat noauto,noatime 0 0
/dev/mmcblk0p2 / ext4 noatime 0 1
/dev/mmcblk0p3 none swap sw 0 0

Portagetop

Unpack the portage tarball:

tar xpjf /path/
to/Downloads/portage-latest.tar.bz2 -C /path/to/sd/ROOTFS/usr/

At this point we should now have a bootable RPi3. :)  It can't do very much, but we'll work on that.

Hint: Boot up the RPi

Get a few things sortedtop

Once booted and logged in, do this before we do anything else.

Get the network up:

Assuming the use of DHCP on the eth0 network interface.

cd /etc/init.d/
cp net.lo net.eth0
rc-config start net.eth0
rc-update add net.eth0 boot
rc-update add sshd default

If you intend on doing remotely, we need to create a user and assign to the wheel group.  We could configure SSH to accept direct root connections, but that's bad practice.

execute the command:

useradd -m <username> -G wheel

This will create the user, the home directory and amend the assigned groups with the wheel group.

Now set the passwd:

passwd <username>

Edit rc.conf

nano /etc/rc.conf

uncomment rc_sys=""

Stop the annoying "s0 respawning too fast" error:

nano /etc/inittab

Comment the s0:12345... line

The RaspberryPi does not have a hwclock:

rc-update add swclock boot
rc-update del hwclock boot

Set a hostname (optional unless you run your own DHCP/DNS)

nano -w /etc/conf.d/hostname
hostname="pifukka"

Set the correct keymap for the console.

nano -w /etc/conf.d/keymaps
set keymap="uk"

Set the correct timezone

ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime

Create the portage directories.

mkdir /etc/portage/package.{keywords,mask,use}

Until we have NTP installed and working, each time the RPi is booted, we'll need to set the time/date.  This is done by executing:

date --set="04/09/2016 19:55:00"

MM/DD/YYYY HH:MM:SS

Failure to do this will cause pain if you try and compile anything.  eg distcc goes into a configure loop :(

Select the profile of the OS:

Execute:

eselect profile list

will get you this:

 [1] default/linux/arm/13.0
 [2] default/linux/arm/13.0/desktop
 [3] default/linux/arm/13.0/desktop/gnome
 [4] default/linux/arm/13.0/desktop/gnome/systemd
 [5] default/linux/arm/13.0/desktop/kde
 [6] default/linux/arm/13.0/desktop/kde/systemd
 [7] default/linux/arm/13.0/developer
 [8] default/linux/arm/13.0/armv4
 [9] default/linux/arm/13.0/armv4/desktop
 [10] default/linux/arm/13.0/armv4/desktop/gnome
 [11] default/linux/arm/13.0/armv4/desktop/kde
 [12] default/linux/arm/13.0/armv4/developer
 [13] default/linux/arm/13.0/armv4t
 [14] default/linux/arm/13.0/armv4t/desktop
 [15] default/linux/arm/13.0/armv4t/desktop/gnome
 [16] default/linux/arm/13.0/armv4t/desktop/kde
 [17] default/linux/arm/13.0/armv4t/developer
 [18] default/linux/arm/13.0/armv5te
 [19] default/linux/arm/13.0/armv5te/desktop
 [20] default/linux/arm/13.0/armv5te/desktop/gnome
 [21] default/linux/arm/13.0/armv5te/desktop/kde
 [22] default/linux/arm/13.0/armv5te/developer
 [23] default/linux/arm/13.0/armv6j
 [24] default/linux/arm/13.0/armv6j/desktop
 [25] default/linux/arm/13.0/armv6j/desktop/gnome
 [26] default/linux/arm/13.0/armv6j/desktop/kde
 [27] default/linux/arm/13.0/armv6j/developer
 [28] default/linux/arm/13.0/armv7a *
 [29] default/linux/arm/13.0/armv7a/desktop
 [30] default/linux/arm/13.0/armv7a/desktop/gnome
 [31] default/linux/arm/13.0/armv7a/desktop/kde
 [32] default/linux/arm/13.0/armv7a/developer
 [33] hardened/linux/arm/armv7a
 [34] hardened/linux/arm/armv6j
 [35] hardened/linux/musl/arm/armv7a
 [36] default/linux/uclibc/arm/armv7a
 [37] hardened/linux/uclibc/arm/armv7a

As you can see by the `*`, I have left it at the default (option 28)

We are going to be required to build a few packages natively on the RPi3.  This will take a while due to the ARM CPU having to compile power of a decomposing turd :|

I also found it useful to get screen installed :)  Should take approx.  5 minutes.

emerge app-misc/screen

Screentop

I find screen extremely useful.  I'm sure you had situations where you were part way through something on a remote terminal and you gotten disconnected and lost everything.  With screen, that doesn't matter.  If you get disconnected, just reconnect to the server then reconnect to the screen session. :)

start a screen session

screen -S sesh1

Offbox Buildingtop

We are going to configure both the RPi and full fat system as a server/client compiler array as compiling anything on the RPi is beyond time and space.

SERVER:top

CROSSDEV

Add the crossdev package to keywords to install the latest version.

If you need to remove cross building:

execute crossdev -C cross-armv7a-hardfloat-linux-gnueabi

* Uninstalling target 'armv7a-hardfloat-linux-gnueabi' ...
<<< cross-armv7a-hardfloat-linux-gnueabi/glibc-2.22-r4
<<< cross-armv7a-hardfloat-linux-gnueabi/linux-headers-4.3
<<< cross-armv7a-hardfloat-linux-gnueabi/binutils-2.25.1-r1
PORTAGE_BZIP2_COMMAND setting is invalid: 'bzip2'
PORTAGE_BZIP2_COMMAND setting from make.globals is invalid: 'bzip2'
<<< cross-armv7a-hardfloat-linux-gnueabi/gcc-4.9.3
/usr/armv7a-hardfloat-linux-gnueabi: directory still exists; remove recursively? [y/N]

Then reverse the steps below. 

emerge crossdev

Tell portage about our repo.

mkdir -p /usr/local/portage-crossdev/{profiles,metadata}
echo 'portage-crossdev' > /usr/local/portage-crossdev/profiles/repo_name
echo 'masters = gentoo' > /usr/local/portage-crossdev/metadata/layout.conf
chown -R portage:portage /usr/local/portage-crossdev

vi /etc/portage/repos.conf/gentoo.conf
[portage-crossdev]
location=/usr/local/portage-crossdev
masters=gentoo
priority=10

Build the Toolchain:

crossdev -S -v -t armv7a-hardfloat-linux-gnueabi

You should get the following output:

--------------------------------------------------------------------------------
 * crossdev version: 20160602
 * Host Portage ARCH: amd64
 * Target Portage ARCH: arm
 * Target System: armv7a-hardfloat-linux-gnueabi
 * Stage: 4 (C/C++ compiler)
 * ABIs: default

* binutils: binutils-[stable]
 * gcc: gcc-[stable]
 * headers: linux-headers-[stable]
 * libc: glibc-[stable]

* CROSSDEV_OVERLAY: /usr/local/portage-crossdev
 * PORT_LOGDIR: /var/log/portage
 * PORTAGE_CONFIGROOT: 
 * Portage flags: -v
 _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - 
 * leaving metadata/layout.conf alone in /usr/local/portage-crossdev
 _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - ~ - _ - 
 * Log: /var/log/portage/cross-armv7a-hardfloat-linux-gnueabi-binutils.log
 * Emerging cross-binutils ...

These are the packages that would be merged, in order:

Calculating dependencies

--------------------------------------------------------------------------------
THIS IS WHERE SHIT GETS BUILT!

NOTE:
If everything fails with the following error, that means you borked the setup eg NOT FOLLOWED THE INSTRUCTIONS ;).

Calculating dependencies /usr/lib/portage/python3.4/ebuild.sh: line 624:
 /path/to/sd/ROOTFS/usr/local/portage-crossdev/cross-aarch64-unknown-linux-gnu/binutils/binutils-9999.ebuild:
 Permission denied

DISTCCD

Add "sys-devel/distcc crossdev" to /etc/portage/package.use/package.use

emerge  distcc

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] sys-devel/distcc-3.2_rc1-r4::gentoo USE="crossdev ipv6 -avahi -gnome -gssapi -gtk -hardened (-selinux) -xinetd" PYTHON_TARGETS="python2_7" 0 KiB

----------------------------------------------------------
INITRC:
/etc/conf.d/distccd

DISTCCD_OPTS="${DISTCCD_OPTS} --allow 192.168.0.0/24"
----------------------------------------------------------
SYSTEMD:
/etc/systemd/system/distccd.service.d/00gentoo.conf

[Service]
Environment="ALLOWED_SERVERS=192.168.0.0/24"
----------------------------------------------------------

This can be space separated IPs.

/etc/distcc/hosts
just IPs of the clients. eg 192.168.0.1,cpp,lzo

CLIENT:top

DISTCC

emerge distcc

Takes approx. 5 minutes.

execute distcc-config --set-hosts "<build_host>,cpp,lzo"

Once installed add `FEATURES="distcc distcc-pump"` to /etc/portage/make.conf.

Also add `MAKEOPTS="-jX -lX"` to /etc/portage/make.conf where `jX` is the number of CPUs on the build server times 2+1 and lX is the number of CPUs on the client.

eg MAKEOPTS="-j17 -l4"

Edit /etc/portage/make.conf and add EMERGE_DEFAULT_OPTS="--jobs=8 --load-average=1" (optional)

NOTE: Although the main work is now off loaded, all the pre and post compile work is still done natively.

Time to get compiling!top

Install a time daemon.

pump emerge ntp

(2 packages & approx. 12 minutes)

Auto start ntp.

rc-update add ntp-client default
/etc/init.d/ntp-client start

KERNEL:

We're going to need this at some point.  Some applications need a kernel source to compile.  This should be relatively painless now we have a build server.  Compiling natively takes ~6 hours!

You will need to add sys-kernel/raspberrypi-sources ** to package.keywords

pump emerge raspberrypi-sources

This will download an uncompressed kernel source from git ~1.45Gb.  That and about 21 other deps that take roughly 2 hours to install (not including kernel build).

cd /usr/src/linux-4.4.9999-raspberrypi

CROSSDEV ONLY!!!

x64:

make ARCH=arm64 defconfig
make ARCH=arm64 CROSS_COMPILE=aarch64-unknown-linux-gnu- oldconfig
make ARCH=arm64 CROSS_COMPILE=aarch64-unknown-linux-gnu-
make ARCH=arm64 CROSS_COMPILE=aarch64-unknown-linux-gnu- modules_install INSTALL_MOD_PATH=/run/media/cdstealer/ROOTFS

NOTE: Ensure python2.7 is enabled as >=3.4 gets the error
"TypeError: 'str' does not support the buffer interface"

imagetool-uncompressed.py arch/arm/boot/Image /run/media/cdstealer/BOOT/boot/kernel.img

x32:

make ARCH=arm bcm2709_defconfig
make ARCH=arm CROSS_COMPILE=armv7a-hardfloat-linux-gnueabi- oldconfig
make ARCH=arm CROSS_COMPILE=armv7a-hardfloat-linux-gnueabi- -j$(nproc)
make ARCH=arm CROSS_COMPILE=armv7a-hardfloat-linux-gnueabi- modules_install INSTALL_MOD_PATH=/run/media/cdstealer/ROOTFS
cp arch/arm/boot/zImage /run/media/cdstealer/BOOT/boot/kernel.img

NATIVE:

make bcm2709_defconfig
make
make modules_install
cp arch/arm/boot/zImage /boot/kernel.img

Another way is by the official docs:

make -j4 zImage modules dtbs
cp arch/arm/boot/dts/*.dtb /boot/
cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/
cp arch/arm/boot/dts/overlays/README /boot/overlays/
scripts/mkknlimg arch/arm/boot/zImage /boot/kernel7.img
make modules_install

Which should then output:

Version: Linux version 4.4.19-raspberrypi-v7+ (root@pifukka) (gcc version 4.9.3 (Gentoo 4.9.3 p1.5, pie-0.6.4) ) #3 SMP Wed Sep 7 00:07:23 BST 2016
DT: y
DDT: y
270x: y
283x: n

With a slightly modified config (I removed most drivers not relevant to me.  This is the config I used (4.4.21-raspberrypi-v7+) and got a compile time of 1 hour!!  So the config is mainly to power the bare RPi3b, a MCE remote and a Playstation controller.

Executed this:

ks=$(date); make -j4 zImage modules dtbs; kf=$(date) && cp arch/arm/boot/dts/*.dtb /boot/ && cp arch/arm/boot/dts/overlays/*.dtb* /boot/overlays/ && cp arch/arm/boot/dts/overlays/README /boot/overlays/ && scripts/mkknlimg arch/arm/boot/zImage /boot/kernel7-custom.img && make modules_install && echo -e "Kernel start: ${ks}\nKernel end: ${kf}"

and got this:

Version: Linux version 4.4.21-raspberrypi-v7-custom+ (root@pifukka) (gcc version 4.9.3 (Gentoo 4.9.3 p1.5, pie-0.6.4) ) #1 SMP Fri Sep 16 13:55:51 BST 2016
DT: y
DDT: y
270x: y
283x: n
Kernel start: Fri Sep 16 13:00:09 BST 2016
Kernel end: Fri Sep 16 14:00:00 BST 2016

You can add kernel=kernel-myconfig.img to config.txt to specify your own kernel name.

NOTE:  There is a hell of a lot of bloat in this, so if you know what you're doing, you could do a make menuconfig to trim the fat before you run make.

 

Using pump didn't work when compiling the kernel and failed very quickly.  So it's a 6 hour native compile for the default .config :(

It seems that there are just too many versions of the firmware floating about the tinterwebs.  So I managed to get this working by downloading the Jessie image from here, mounting the img file and copying the contents of /lib/firmware/brcm to the same location on the RPi.

Although the RPi3B has 802.11n, it will not use 5Ghz frequency band, only 2.4Ghz.

Once you have rebooted with the new kernel and firmware, hopefully you will now see the following in dmesg:

[ 7.270284] usbcore: registered new interface driver brcmfmac
[ 7.460455] cfg80211: World regulatory domain updated:
[ 7.460475] cfg80211: DFS Master region: unset
[ 7.460484] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 7.460498] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
[ 7.460513] cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz, 92000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[ 7.460525] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (N/A, 2000 mBm), (N/A)
[ 7.460539] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
[ 7.460553] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
[ 7.460565] cfg80211: (5490000 KHz - 5730000 KHz @ 160000 KHz), (N/A, 2000 mBm), (0 s)
[ 7.460577] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
[ 7.460589] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 0 mBm), (N/A)
[ 8.339256] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50
[ 9.349147] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50
[ 10.359184] brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x50

 

Systemdtop

OK.  So far we've got a bootable RPi using RC.  If you want to use systemd, we'll need to change a few things and also configure the daemons.

I added USE="systemd" to /etc/portage/make.conf

Don't forget to add init=/usr/lib/systemd/systemd to the line in cmdline.txt.

Yes systemd has it's pitfalls, but I've gotten used to it and actually quite like it <don't shoot me>

You'll then need to rebuild everything to use it.

emerge -uvND world

WIFI Networktop

Create the file:

vi /etc/systemd/network/wireless.network

And populate with content:

[Match]
Name=wlan0

[Network]
DHCP=ipv4
Domains=cdstealer.com

Also create this file:

vi /etc/wpa_supplicant/wpa_supplicant-wlan0.conf

And populate with content:

ctrl_interface=/var/run/wpa_supplicant


eapol_version=1


ap_scan=1


fast_reauth=1


network={
 ssid="<yourSSID"
 proto=WPA
 key_mgmt=WPA-PSK
 pairwise=CCMP TKIP
 group=CCMP TKIP WEP104 WEP40
 psk="yourSecretPassPhrase"
 priority=2
}

Then enable the services:

systemctl enable sshd
systemctl enable wpa_supplicant@wlan0
systemctl enable systemd-networkd

Localetop

As locales may vary, execute localectl list-locales and make a note of yours.  Mine is en_GB.utf8.  Then execute:

localectl set-locale LANG=en_GB.utf8

I also had to add LC_ALL="en_GB.utf8" to /etc/environment.

Hostnametop

hostnamectl set-hostname <hostname>

Keymaptop

localectl set-keymap uk

Execute localectl to confirm the settings:

# localectl status
 System Locale: LANG=en_GB.utf8
 VC Keymap: uk
 X11 Layout: gb
 X11 Model: pc105
 X11 Options: terminate:ctrl_alt_bksp

NTPtop

timedatectl set-ntp true

Drivers

Don't forget to install the driver package.

pump emerge raspberrypi-userland
pump emerge xorg-server

Should yield:

Total: 25 packages (25 new), Size of downloads: 11,256 KiB

Tweakstop

edit /boot/config.txt and add the following to the existing line dtoverlay=lirc-rpi, i2c_arm=on, dtoverlay=mmc,overclock_50=100

dtoverlay=lirc-rpi = loads the lirc modules for remotes.

i2c_arm=on = enabled i2c for the CPU.

dtoverlay=mmc,overclock_50=100 = this should speed up the SD access.  You may need to reduce the 100 value as I notice considerable file corruption.  Some forums have suggested a value of 83.

I also added the following to /etc/portage/make.conf

LINGUAS="en en_GB"
L10N="en en-GB"
VIDEO_CARDS="vc4"

Caveatstop

There are a few packages that are not compatible with distcc.  So if any of these give you butthurt when emerging,  Try emerging them individually.  Eg.  FEATURES="-distcc -distcc-pump" MAKEOPTS="-j4" emerge -av llvm.  Unfortunately that does mean slooooooooow compiles :(

Note:  When compiling anything without distcc, ensure you specify the MAKEOPTS as omitting this will crash the Pi.  The -j17 that was specified in /etc/portage/make.conf will be used which will be counter productive and slow down the builds until BOOM!

The common error that highlights this is at configure time:

Checking uname sysname type              : Traceback (most recent call last):

Affected packages:

Package (native compile time)
sys-libs/talloc (~3 minutes)
sys-devel/llvm (~200 minutes)
sys-libs/tdb (~7 minutes)
sys-libs/ntdb (~3 minutes)
sys-libs/tevent (~3 minutes)
media-video/ffmpeg (~22 minutes)
net-libs/socket_wrapper (~1 minute)
sys-libs/ldb (~4 minutes)
net-fs/samba (~44 minutes)

Now you need to decide what you want to do with it :)

KODItop

At this point, this should yield the following:

Total: 166 packages (164 new, 1 in new slot, 1 reinstall)

I have the following global USE flags set in /etc/portage/make.conf

USE="X systemd -bindist opengl xorg udev"

I also have the following local USE flags set in /etc/portage/package.use/package.use

# Kodi
>=sys-libs/tevent-0.9.28 python
>=sys-libs/ntdb-1.0-r1 python
>=dev-lang/python-2.7.10-r1:2.7 sqlite
>=sys-libs/tdb-1.3.8 python
media-tv/kodi -gles X alsa bluray css java samba usb opengl
media-libs/mesa gles2
media-libs/cogl gles2 opengl

I have the following packages in /etc/portage/package.keywords/package.keywords

# Kodi
=media-sound/dcadec-0.2.0 ~arm
=dev-libs/tinyxml-2.6.2-r2 ~arm
=app-eselect/eselect-java-0.2.0-r1 ~arm
#=media-tv/kodi-9999 **
=media-tv/kodi-16.0 **
=dev-java/icedtea-web-1.6.2 ~arm
=sys-apps/baselayout-java-0.1.0 ~arm
=virtual/jre-1.8.0-r1 ~arm
=dev-java/java-config-2.2.0-r3 ~arm
=virtual/jdk-1.8.0-r3 ~arm
=dev-java/icedtea-bin-3.1.0 ~arm
=dev-libs/crossguid-0_pre20150817 ~arm
=media-fonts/roboto-2.134 ~arm

I had to limit kodi to 16.0 as 9999 would not compile and repeatedly failed with EGLNative errors.  Each time failed costs 30 mins :(  A successful build takes ~90mins (not including deps).

MAMEtop

SDLMame yields:

Total: 49 packages (49 new)
Linux

Convert HDD to VDI

Virtualbox_logo

I've only had to do this a couple of times in my life, but it's useful to know ;)  There are 2 ways this can be achieved.  I'll state the PROS/CONS at the end of each guide.

Details:
Host system - Gentoo X86_64 with 24Tb storage :), VirtualBox
Guest HDD - Gentoo X86_64 500Gb

I'm going to assume that you have good Linux knowledge using the cli with mounting, tarballing, fdisk and formatting filesystems.

#1 (pure disk dump)

Obviously connect the drive you wish to convert.

Create a drive image using dd:

dd if=/dev/sdX of=/path/to/output/file.dd

Then convert it to a VDI (Virtual Disk Image):

VBoxManage convertfromraw ImageFile.dd OutputFile.vdi

Create a new virtual machine and attach the vdi as the main drive.

Once booted into the VM, you will need to install virtualbox guest addititions and may need to reconfigure/recompile the kernel.

Done!

PROS:

  • Not complicated.
  • Relatively quick to do.

CONS:

  • Uses a lot of space as dd reads every sector of the source drive.
  • If you delete any data from the VM, it will not reduce the VDI size.  Dynamic disks only grow, not shrink.

#2 (only copy files)

Connect the HDD.

Open a terminal.

su to root

Mount each filesystem.  (I did the following)

mkdir -p /mnt/{oldhdd,newhdd}/{bootfs,rootfs,homefs}

mount /dev/sdb1 /mnt/oldhdd/bootfs

mount /dev/sdb2 /mnt/oldhdd/rootfs

mount /dev/sdb3 /mnt/oldhdd/homefs

cd into the place you wish to save the data.

cd /mnt/newhdd/bootfs

tar czvf bootfs.tgz /mnt/oldhdd/bootfs/.

cd ../rootfs

tar czvf rootfs.tgz /mnt/oldhdd/rootfs/.

cd ../homefs

tar czvf homefs.tgz /mnt/oldhdd/homefs/.

If you don't have an existing Linux VM, create one including an empty HDD and boot it with your favourite Linux CD/DVD.  Ensure the tarballs you have just created are available to the VM.  hint:  setup a shared folder in the VBoxManager GUI and mount it in the VM.

You'll need to partition the empty HDD appropriately to accommodate the data you'll be restoring and format each filesystem.  Mount each filesystem you've just created and and the shared directory then unpack the tarballs to the new HDD.

So we'll mount the prepared HDD.

mount /dev/sda2 /mnt/newhdd/rootfs

mount /dev/sda1 /mnt/newhdd/rootfs/boot

eg

tar zxvf /path/to/share/rootfs.tgz -C /mnt/newhdd/rootfs

tar zxvf /path/to/share/bootfs.tgz -C /mnt/newhdd/rootfs/boot

The fun doesn't end yet :)  Now we have restored our data, we now need to reinstall the boot loader.  In this case, grub2.  But first we need to chroot into our restored data.

cd /mnt/newhdd/rootfs

mount -t proc none /mnt/newhdd/rootfs/etc/proc

chroot /mnt/newhdd/rootfs /bin/bash

env-update

source /etc/profile

grub-install /dev/sda

edit /etc/fstab if required

grub-mkconfig -o /boot/grub/grub.cfg

exit

Unmount the filesystems and reboot the VM.  If everything went to plan, you should now be booted into your VM.  You will need to install guest additions and may need to reconfigure and recompile your kernel.

PROS:
The VDI only uses the space required.

CONS:
More involved and takes longer.

#3 (existing VM)

This is a combination of #1 & #2 methods.

Create a drive image using dd:

dd if=/dev/sdX of=/path/to/output/file.dd

Then convert it to a VDI (Virtual Disk Image):

VBoxManage convertfromraw ImageFile.dd OutputFile.vdi

Add the new VDI as an additional HDD to your VM.  Also create a new HDD and partition appropriately.

Within the VM,

tar clf - -C /mnt/oldhdd/bootfs .| tar xf - -C /mnt/newhdd/bootfs
Linux

Android VPN

strongswanandroid

This setup below is what suited my requirements.  I'm sure there'll be another way of implementing this, but this works for me :)

For this I'm using the following:

# emerge --info
Portage 2.3.0 (python 3.4.3-final-0, default/linux/amd64/13.0/no-multilib, gcc-4.9.3, glibc-2.22-r4, 4.8.7-gentoo x86_64)
=================================================================
System uname: Linux-4.8.7-gentoo-x86_64-Intel-R-_Core-TM-_i7-6700K_CPU_@_4.00GHz-with-gentoo-2.2
KiB Mem: 32896588 total, 15127076 free
KiB Swap: 3640916 total, 3640916 free
Timestamp of repository gentoo: Sun, 13 Nov 2016 04:15:01 +0000

And this version of strongswan:

# emerge -p strongswan

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ~] net-misc/strongswan-5.5.0

Strongswan Config

Once installed, we need to setup the configs.  The main config is located at /etc/ipsec.conf:

This is my file with the obvious changes ;)

# ipsec.conf - strongSwan IPsec configuration file

config setup
 uniqueids=never
 #charondebug="cfg 2, dmn 2, ike 2, net 2"

conn %default
 dpdaction=restart
 dpddelay=300s
 reauth=yes
 aggressive=no
 fragmentation=yes
 type=tunnel
 forceencaps=yes
 modeconfig=pull
 auto=add
 closeaction=clear
 compress=no
 left=my.vpn.com
 leftid="C=GB, O=strongSwan, CN=my.vpn.com"
 leftsubnet=0.0.0.0/0
 leftcert=vpnHostCert.pem
 leftsendcert=always
 leftfirewall=yes

conn IPSec-Android-Strongswan
 keyexchange=ikev2
 rightauth=pubkey
 rightauth2=eap-md5
 right=%any
 rightid="C=GB, O=strongSwan, CN=my@email.com"
 rightsourceip=10.10.10.199/31
 rightsendcert=ifasked

# Unable to get the native VPN working with this setup
#conn IPSec-Android-Native
# keyexchange=ikev1
# rightauth=pubkey
# rightauth2=xauth
# right=%any
# rightsourceip=10.10.10.199/26
# rightsendcert=ifasked

I'll explain each segment in order.  The official doc can be found here.

conn %default This is the default stanza.  This instructs strongswan to use anything here in addition to other connections if defined.
dpdaction=restart Controls the use of the Dead Peer Detection.
dpddelay=300s How often to check if the client is still connected.
reauth=yes When re-exchanging keys whether to re-athenticate.
aggressive=no Whether to use IKEv1 Aggressive or Main Mode (the default).
fragmentation=yes If set to yes (the default since 5.5.1) and the peer supports it, larger IKE messages will be sent in fragments.
type=tunnel The type of the connection.
forceencaps=yes Force UDP encapsulation for ESP packets even if no NAT situation is detected.
modeconfig=pull Defines which mode is used to assign a virtual IP.
auto=add What operation, if any, should be done automatically at IPsec startup.
closeaction=clear Defines the action to take if the remote peer unexpectedly closes.
compress=no Whether IPComp compression of content is proposed on the connection.
left=my.vpn.com The IP address of the participant's public-network interface.
leftid="C=GB, O=strongSwan, CN=my.vpn.com" How the left|right participant should be identified for authentication.
leftsubnet=0.0.0.0/0 Private subnet behind the left participant.
leftcert=vpnHostCert.pem The path to the left|right participant's X.509 certificate.
leftsendcert=always Ifasked, meaning that
the peer must send a certificate request (CR) payload in order to get a certificate in return
leftfirewall=yes Whether the left participant is doing forwarding-firewalling (including masquerading)
using iptables for traffic from leftsubnet.
conn IPSec-Android-Strongswan A connection stanza
keyexchange=ikev2 Method of key exchange.
rightauth=pubkey Authentication method to use locally (left) or require from the remote (right) side.
rightauth2=eap-md5 Same as rightauth, but defines an additional authentication exchange.
right=%any If %any is used for the remote endpoint it literally means any IP address.
rightid="C=GB, O=strongSwan, CN=my@email.com" How the right participant should be identified for authentication.
rightsourceip=10.10.10.199/26 The internal source IP to use in a tunnel for the remote peer.
rightsendcert=ifasked ifasked, meaning that
the peer must send a certificate request (CR) payload in order to get a certificate in return.
conn IPSec-Android-Native A connection stanza
keyexchange=ikev1 Method of key exchange.
rightauth=pubkey Authentication method to use locally (left) or require from the remote (right) side.
rightauth2=xauth Same as rightauth, but defines an additional authentication exchange.
right=%any If %any is used for the remote endpoint it literally means any IP address.
rightsourceip=10.10.10.200 The internal source IP to use in a tunnel for the remote peer.
rightsendcert=ifasked ifasked, meaning that
the peer must send a certificate request (CR) payload in order to get a certificate in return.

Next we setup a secret.

# cat /etc/ipsec.secrets 
: RSA vpnHostKey.pem
<user> : XAUTH "top_secret_password"
<user> : EAP "top_secret_password"

I'll explain each line.  Full documentation can be found here.

: RSA vpnHostKey.pem Sets the cert to be used for authentication.
<user> : XAUTH "top_secret_password" Sets the password for XAUTH method of authentication.
<user> : EAP "top_secret_password" Sets the password for EAP method of authentication.

That's it for the strongswan config itself. Now we need to create the certificates.

As of version 5.8.0, ipsec.conf and ipsec.secrets are no longer required or work.  These now need to be converted into a json format in swanctl.conf.

connections {
        IPSec-Android-Strongswan {
          unique=no
          version=2
          dpd_delay=300s
          rekey_time=0
          reauth_time=0
          aggressive=no
          fragmentation=yes
          encap=yes
          pull=yes
          version=2
          pools=vpn_example
          mobike=yes
          send_cert=always
                local {
                  certs=vpnHostCert.pem
                  id = @vpn.example.com
                }
                remote {
                  auth=pubkey
                }
                remote2 {
                  auth=eap-md5
                }
                children {
                        IPSec-Android-Strongswan {
                          mode=tunnel
                          dpd_action=clear
                          start_action=none
                          close_action=none
                          ipcomp=yes
                          local_ts=0.0.0.0/0
                        }
                }
        }
}
pools {
  vpn_example {
    addrs=10.10.10.10/30
  }
}
secrets {
  private-vpn_example {
    file=vpnHostKey.pem
  }
  eap-user1 {
    id=username1
    secret="password1"
  }
  eap-user2 {
    id=username2
    secret="password2"
  }
}
authorities {
  IPSec-Android-Strongswan {
    cacert=strongswanCert.pem
  }
}

Certificates

NOTE:  From 5.8.0, the certificate paths have changed from /etc/ipsec.d/... to /etc/swanctl/...

x509/ = User Certs

private/ = Private key(s)

x509ca/ = Root cert(s)

Let's start by creating the root certificate:

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 4096 --outform pem > private/strongswanKey.pem
$ chmod 600 private/strongswanKey.pem
$ ipsec pki --self --ca --lifetime 3650 --in private/strongswanKey.pem --type rsa --dn "C=GB, O=strongSwan, CN=strongSwan Root CA" --outform pem > cacerts/strongswanCert.pem

You can change the Distinguished Name (DN) to more relevant values for country (C), organization (O), and common name (CN), but you don’t have to.

To list the properties of your newly generated certificate, type in the following command:

$ ipsec pki --print --in cacerts/strongswanCert.pem

Create your VPN host certificate:

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 --outform pem > private/vpnHostKey.pem
$ chmod 600 private/vpnHostKey.pem
$ ipsec pki --pub --in private/vpnHostKey.pem --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/strongswanCert.pem --cakey private/strongswanKey.pem --dn "C=GB, O=strongSwan, CN=my.vpn.com" --san my.vpn.com --flag serverAuth --flag ikeIntermediate --outform pem > certs/vpnHostCert.pem

To look at the properties of your new certificate, execute the command:

ipsec pki --print --in certs/vpnHostCert.pem

Create a client certificate:

$ cd /etc/ipsec.d/
$ ipsec pki --gen --type rsa --size 2048 --outform pem > private/UserKey.pem
$ chmod 600 private/UserKey.pem
$ ipsec pki --pub --in private/UserKey.pem --type rsa | ipsec pki --issue --lifetime 730 --cacert cacerts/strongswanCert.pem --cakey private/strongswanKey.pem --dn "C=GB, O=strongSwan, CN=user@vpn.com" --san user@vpn.com --outform pem > certs/UserCert.pem

Export client certificate as a PKCS#12 file:

cd /etc/ipsec.d/
$ openssl pkcs12 -export -inkey private/UserKey.pem \
 -in certs/UserCert.pem -name "User's VPN Certificate" \
 -certfile cacerts/strongswanCert.pem \
 -caname "strongSwan Root CA" \
 -out User.p12

Revoke a certificate (if needed):

$ cd /etc/ipsec.d/
$ ipsec pki --signcrl --reason key-compromise \
 --cacert cacerts/strongswanCert.pem \
 --cakey private/strongswanKey.pem \
 --cert certs/UserCert.pem \
 --outform pem > crls/crl.pem

To add another revoked certificate to the same list, we need to copy the existing list into a temporary file:

$ cd /etc/ipsec.d/
$ cp crls/crl.pem crl.pem.tmp
$ ipsec pki --signcrl --reason key-compromise \
	--cacert cacerts/strongswanCert.pem \
	--cakey private/strongswanKey.pem \
	--cert certs/AnotherStolenCert.pem \
	--lastcrl crl.pem.tmp \
	--outform pem > crls/crl.pem
$ rm crl.pem.tmp

CERTIFICATES – RECAP:

So far you’ve created the following files:

/etc/ipsec.d/private/strongswanKey.pem  # CA private key
/etc/ipsec.d/cacerts/strongswanCert.pem # CA certificate
/etc/ipsec.d/private/vpnHostKey.pem     # VPN host private key
/etc/ipsec.d/certs/vpnHostCert.pem      # VPN host certificate
/etc/ipsec.d/private/UserKey.pem   # Client "User" private key
/etc/ipsec.d/certs/UserCert.pem    # Client "User" certificate
/etc/ipsec.d/User.p12              # Client "User" PKCS#12 file

Firewall Rules

I'm sure you'll have some sort of router ;)  So you'll need to open up and forward the ports to your VPN server.

You'll only need UDP ports 500 & 4500.

Port 500 is the IPSEC port and 4500 is the port used for NATing.

That's the entry point sorted.  Now for iptables.

I have these defined to manage the VPN traffic:

iptables -t nat -A POSTROUTING -s <VIP> -o <INTERFACE> -m policy --dir out --pol ipsec -j ACCEPT
iptables -t nat -A POSTROUTING -s <VIP> -o <INTERFACE> -j MASQUERADE
iptables -t nat -A POSTROUTING -o <INTERFACE> ! -p esp -j SNAT --to-source <VPN_IP>
iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -p ah -j ACCEPT

<VIP> is the IP/CIDR which is assigned to the client.
<INTERFACE> is the network interface name eg eth0.
<VPN_IP> is the IP the VPN server listens on.
The bottom two just accept the required protocols.

You may also need to open up access to ranges used by your mobile service provider.  eg

iptables -A INPUT -s <mobile_cidr>/22 -p udp -m multiport --dports 500,4500 -j ACCEPT

You may also need to allow the VIP address assigned to the client to connect to internal services.  This could be something as global as:

iptables -A INPUT -s 10.10.10.200 -j ACCEPT

or could be tied down to specific ports.

DNS

If the virtual IP that is assigned is on the same network as the server, you can just add the following to your ipsec.conf:

rightdns = <dns_server_ip>

If you assign a virtual IP that is on a different network, then you will need to make some additional changes.  You won't see any errors regarding DNS in any logs, it just won't work!
For example, in the client log, you'd see:

Aug 28 06:59:18 08[IKE] installing DNS server 111.111.111.119
Aug 28 06:59:18 08[IKE] installing new virtual IP 112.112.112.120

but if you try and resolve any internal hostnames, it just won't work.

You need to make the following change to either strongswan.conf or charon.conf (recommended) within the strongswan.d directory.

charon {
    plugins {
        attr {
        dns = 111.111.111.119
       split-include = 112.112.112.120, 111.111.111.0/24
             }
            }
       }

As we are splitting the DNS, we need to use the attr plugin.  You can check if this is loaded when the strongswan daemon is started.

Aug 28 07:28:23 <hostname> charon[22120]: 00[LIB] loaded plugins: charon pkcs11 aes des blowfish rc2 sha2 sha1 md4 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default socket-dynamic farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap xauth-pam dhcp unity

The other thing you will need to do (only if you run your own DNS) is to allow the VPN network to query DNS.  This is done by adding the VPN subnet or assigned virtual IP of the client to named.conf.

This is found within the options block.

allow-query { 127.0.0.1; 111.111.111.0/24; 112.112.112.120; };

Client setup (strongswan)

First of all, you'll need to get the pk12 certificate you've created onto your phone (email, cloud storage etc etc).  Once saved to a location, we need to load it into Android.

Go to settings and tap "Security".

Then tap "Install from storage".

Browse to where you saved the cert.  You will be asked for the passphrase set in the cert.

Once installed, go back to "Security" and tap "User credentials"

You should see your certificate entry.  There are no details to be had here.  The only option if you tap the cert is to remove it.

That's it for the certificate installation; now onto the client setup.

If you haven't installed Strongswan, what are you waiting for? ;)

Open the app and tap "ADD VPN PROFILE"

Complete the details and ensure you have selected the installed certificate (User certificate).

Click SAVE and you're done.

Now to test it!  Disconnect from your wifi and tap the entry you should now have in the strongswan app.  If all went well, you should be connected.

Linux

Timecapsule on Linux

TimeMachine01_Logo1

TIME CAPSULE INSTALL & SETUP

Install Netatalk

# emerge -av netatalk
net-fs/netatalk-3.1.6::gentoo USE="(acl) avahi cracklib dbus pam samba shadow ssl tcpd utils -debug -kerberos -ldap -pgp -quota -static-libs -tracker" PYTHON_TARGETS="python2_7"

Configure Netatalk

Edit the file /etc/afp.conf:

vi /etc/afp.conf

Place the following contents. Edit the paths, usernames and IP range:

[Global]
 mimic model = TimeCapsule6,106
 log level = default:warn
 log file = /var/log/afpd.log
# either individual or CIDR
 hosts allow = 196.168.100.0/24

# I didn't require this option
#[Homes]
#basedir regex = /home

[TimeMachine]
 path = /mnt/data/timecapsule/
 valid users = me you someone
 time machine = yes
 appledouble = ea


# Nor did I require this.
#[Shared Media]
# path = /mnt/data/torrents/
# valid users = me you someone

Obviously, don't forget to create the mount point.

mkdir /mnt/data/timecapsule

Set the correct perms

chmod 775 /mnt/data/timecapsule

You will also need to change the group as this will currently be root:root

chown -R root.user /mnt/data/timecapsule

or

chgrp -R user /mnt/data/timecapsule

Create & Format the destination filesystem

Create the partition.
(I just used the whole 1Tb disk)

# fdisk /dev/sdb

Once the partition is defined, set the filesystem type of af.

Disk /dev/sdb: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xb59eb59e

Device Boot Start End Sectors Size Id Type
/dev/sdb1 2048 1953525167 1953523120 931.5G af HFS / HFS+

Install the tool for formatting the filesystem.

Version 332.14_p1 at the time of writing.

emerge -av diskdev_cmds

Then format it

mkfs.hfsplus -v timemachine /dev/sdb1

Automount at boot time.  Add it to /etc/fstab

/dev/sdb1 /mnt/data/timecapsule hfsplus rw,noatime,user 0 1

Now mount it.

mount -a

Start the netatalk daemon. (I use systemd)

systemctl start netatalk

If all went to plan, the filesystem is mounted and the netatalk daemon running.  On the Mac, when you open Timemachine, you should automagically see your server.
Select it and enter the account details.  For security reasons, I created a new user on the server and set /sbin/nologin as the shell.  This way, the user has no access to the server and is not privileged to do anything.

Vegan

Chocolate Sweet Potato Cake

Ingredients (One 1-layer cake with frosting)

For Cake:
3/4 cup peeled, cooked, and cooled orange sweet potato (see note)
1/2 cup plus 1 tablespoon water, divided
1/4 cup pure maple syrup
1 tablespoon balsamic vinegar
2 teaspoons pure vanilla extract
1 cup whole-grain spelt flour
1/3 cup coconut sugar
1/4 cup mini or regular non dairy chocolate chips
1/2 scant teaspoon sea salt
1/4 cup cocoa powder
1 teaspoon baking powder
1 scant teaspoon baking soda
For Frosting:
1 loosely packed cup peeled, cooked, and cooled sweet potato (see note)
2/3–3/4 cup coconut sugar or other unrefined sugar
1/2 cup cocoa powder
1/2 scant cup raw cashew butter or almond butter
1/4 rounded teaspoon sea salt
2–5 tablespoons non dairy milk
1 teaspoon pure vanilla extract

Method:

For Cake:

  • Preheat oven to 170°C/350°F. Lightly coat an 8” x 8” brownie/cake pan or a 9” round cake pan with coconut or other oil, and fit the bottom of the pan with a small piece of parchment paper.
  • In a blender (or using a handheld blender and a deep cup or vessel), puree the sweet potato, 1/2 cup of the water, maple syrup, balsamic vinegar, and vanilla extract until completely smooth.
  • In a large bowl, combine the flour, coconut sugar, chocolate chips, and sea salt, then sift in the cocoa, baking powder, and baking soda.
  • Add the wet ingredients to the dry (be sure to scrape out all the blended ingredients with a spatula, and use the remaining 1 tablespoon of water to rinse the blender jar and get out any remaining puree).
  • Mix until just well incorporated. Transfer to the prepared pan, bake for 21–23 minutes, remove, and let cool on a cooling rack.

Sweet Potato Note: Orange sweet potato is a little sweeter and also a little looser than yellow sweet potato. If you’d like to use yellow, add another 1–2 tablespoons of water, and another 1 tablespoon of maple syrup to the wet ingredients to loosen slightly.
For Frosting:

  • Place the sweet potato, coconut sugar, cocoa powder, cashew butter, sea salt, 1–2 tablespoons of the milk, and vanilla extract in a blender or food processor and puree until very smooth. It’s best to use a blender or processor (versus a stand mixer) if using orange sweet potato, to fully smooth out the potato.
  • Taste, and add more sweetener if desired, and also another 2–3 tablespoons of milk if needed to thin to preferred consistency (you may need more milk using yellow sweet potato as they aren’t quite as moist as the orange).
  • Puree until smooth, scraping down the blender/processor bowl as needed. Puree until as smooth as possible.
  • Transfer to a container and refrigerate until ready to use. Or, get a spoon and dig in!
Vegan

Cashew Nut Roast with Sage and Onion stuffing

Ingredients

30g/1oz of vegan margarine
2 sticks of celery, finely chopped
1 medium leek, finely chopped
1 and a half cups of hot water
1 teaspoon of yeast extract or Stock powder
550g/16oz of ground cashew nuts (or other nuts of your choice – almonds work well too)
2 Tablespoons of soya flour
2 teaspoons of fresh herbs – winter savoury is great (if using dried 1 teaspoon)
160g/6oz of white bread crumbs.
salt and pepper to taste
sage and onion stuffing

Method

  • Melt the margarine (in a large pan for mixing) and cook the celery and leek in it for a few minutes.
  • Mix the yeast extract into the hot water (alternatively you could use any stock you like) and add this to the leek and celery.
  • Stir in the soya flour, nuts, herbs, breadcrumbs and salt and pepper and mix well.
  • Allow to cool slightly while you grease a loaf tin.
  • Place half the nut roast mixture in the tin and press down well – then add the sage and onion stuffing (pressing down well again) and place the rest of the nut roast mixture on top.
  • Bake in the oven for about 40 minutes at 180C/360F then turn
    out of the tin and slice.
Vegan

Mince Pies

Ingredients

350g/12oz mincemeat
200g/7oz plain flour, sifted
40g/1.5oz golden caster sugar (or coconut sugar)
75g/2.75oz ground almonds
125g/4.5oz unsalted margarine (pure soy)
1 egg replacer
2-3 tablespoons water
Soy milk, to glaze (optional)

Method

  • Lightly grease a 12-hole pie or patty tin. Tip the mincemeat into a bowl and stir so that the liquid is evenly distributed.
  • Place the flour, sugar, almonds and butter in a food processor and
    process briefly until resembling breadcrumbs, then slowly add the
    water through the feeder tube.
  • Bring the mixture together with your hands, wrap in clingfilm and chill for an hour or so. Thinly roll out the pastry on a floured surface. Cut out 12 circles with a fluted pastry cutter, large enough to fill the base of the prepared tin. Press gently into each hole, then fill with the mincemeat.
  • Cut out another 12 slightly smaller discs and use to cover the
    mincemeat. Press the edges together to seal. Make a small slit in the top of each, then brush lightly with soy milk. Chill for about 30 minutes. Meanwhile, preheat the oven to 200C/400F/Gas 6.
  • Bake the pies for 20 minutes until golden brown. Remove to a wire
    rack and serve warm.
Vegan

Butternut Squash Risotto

Ingredients:

1 butternut squash
4 tbsp light olive oil
600ml vegetable stock
50g unsalted margarine (pure soy)
1 small onion, finely chopped
1 celery stick, finely chopped
2 garlic clove, crushed
1 bay leaf
1 tsp fresh thyme leaves, picked
140g risotto rice (carnaroli is nice)
100ml white wine
50g Parmesan (violife)

Method:

  • Heat oven to 200C/180C fan/ gas 6. Peel the squash and separate the bulbous seed-bearing section from the slender end. Chop the slender end into 2cm cubes, toss in half the oil, season lightly and roast in the oven, stirring occasionally, until golden brown on the outside and soft in the centre, about 30 mins. Cut the bulb in half and scrape out the seeds with a spoon – you can keep these to toast in the oven and sprinkle over salads. Chop the flesh into 2cm pieces. Warm the vegetable stock in a small pan, set over a low heat. Drop in squash and leave to gently poach.
  • While the squash is roasting, warm a medium-size frying pan over a gentle heat. Add the remaining olive oil and half the butter, followed by the onion. Cover and cook for 3 mins until the onion turns translucent. Stir in the celery, garlic, herbs and a few turns of pepper (no salt at this stage). Cover again and cook for a further 2 mins. Increase the heat slightly and stir in the rice. Stir, uncovered, for about 5 mins – this will help to develop the toasty aroma of the rice without burning the veg.
  • Turn up the heat, stir in the wine and let it bubble away to almost nothing. Reduce the heat and start adding the stock. Add one ladle at a time, stirring gently but constantly during each addition. The idea is to encourage the rice to absorb the liquid and soften, but also give up its starch to thicken the remaining broth. Don’t stir too aggressively or you will end up with a pan of mush. When the stock has been absorbed, it’s time to add the next ladleful and so on. It will take about 15 mins to reach the final ladle of stock. By this time the squash in the stock should have softened. Mash it up with the remaining stock and stir into the risotto.
  • Turn off the heat, dot the top of the risotto with remaining butter and most of the Parmesan, cover, leave to rest for 2 mins, then stir through and check the seasoning. Spoon the risotto into shallow bowls and sprinkle the roasted squash and leftover Parmesan on top.