Debian 12: Installing KVM (Virtualization) (part 1)

Install kvm. as a root/sudo run 

# apt install qemu-system libvirt-daemon-system
...
0 upgraded, 83 newly installed, 0 to remove and 0 not upgraded.
Need to get 143 MB/143 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Do you want to continue? [Y/n]


for server or you do not need any graphical packages

# apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system

You need to add user into libvirt group to let the user manage your guest virtual machine

# adduser [username] libvirt
Adding user `[username]' to group `libvirt' ...
Done.


if you prefer to use graphical, install virt-manager

# apt-get install virt-manager
...
0 upgraded, 28 newly installed, 0 to remove and 0 not upgraded.Need to get 4,780 kB of archives.
After this operation, 21.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y


You can exit root mode and use the user above to manage your guest virtual machine.

Part 3: Debian 12 installing Apache, MariaDB and phpmyadmin on HP 15-AF109AX for development NOT PRODUCTION

Installing MariaDB, Apache and phpmyadmin:

apt-get install mariadb-server mariadb-client phpmyadmin apache2 libapache2-mod-php

Set password for mariadb root

# systemctl stop mariadb
# mysqld_safe --skip-grant-tables --skip-networking &
# mysql -u root
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.006 sec)
MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'your_new_password';
Query OK, 0 rows affected (0.017 sec)
MariaDB [(none)]> quit;
Bye
# ps aux | grep mariadb
mysql       3155 ....
# kill 3155
# systemctl start mariadb

Access your phpmyadmin using browser http://localhost/phpmyadmin.

Refrence: https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password

Part 2: Debian 12 on HP 15-AF109AX fix BCM43142 wifi adapter

Connect your laptop  HP 15-AF109AX  to internet using ethernet lan port.

Update kernel

# apt-get install  linux-image-6.1.0-33-amd64 

Install tools for network and wifi tools

# apt-get install wireless-tools firmware-linux-nonfree wpagui network-manager-gnome dnsutils bluez-firmware blueman


Installing wifi BCM43142 adapter

# apt-get install linux-image-$(uname -r|sed 's,[^-]*-[^-]*-,,') linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') broadcom-sta-dkms

Check all the built DKMS kernel modules. There should be "wl.ko" in the list.

# find /lib/modules/$(uname -r)/updates 

/lib/modules/6.1.0-33-amd64/updates 

/lib/modules/6.1.0-33-amd64/updates/dkms 

/lib/modules/6.1.0-33-amd64/updates/dkms/wl.ko

Unload conflicting modules:

# modprobe -r b44 b43 b43legacy ssb brcmsmac bcma

Load the wl module: 

# modprobe wl

Check wifi adapter interface is available

# nmcli dev 

DEVICE TYPE     STATE                  CONNECTION

lo     loopback connected (externally) lo


wlo1   wifi     disconnected           -- <- found wifi xxxx 

enp3s0 ethernet unmanaged              --

Edit NetworkManager Applet -> Edit Connection -> Add -> type Wifi, fill SSID and Wifi Security WPA3 password.

Done.

Reference: https://wiki.debian.org/wl

Part 1: Installing dual boot Debian 12 on HP 15-AF109AX

Shrink your hard disk, make 48 GB space. 40 GB for / parition
and 8 GB for swap.

I  use DVD net install amd64 Debian 12.0 for installation.

Shift restart, select DVD/CD, and follow instruction during installation. Note: write down your root password and user with password.

After finish and restarting, login and connect your ethernet cable into HP 15-AF109AX.

Edit /etc/apt/sources.list

#deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 NETINST with firmware 20230610-10:21]/ bookworm main non-free-firmware

#main
deb https://deb.debian.org/debian bookworm main contrib non-free-firmware non-free

#security
deb https://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free

#update
deb https://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free

#backport
deb http://deb.debian.org/debian bookworm-backports main

Run dhcp client

# dhclient -v

Try to ping internet e.q

# ping 1.1.1.1 -c 4

Update your debian

# apt-get update && apt-get upgrade -y

Edit /etc/default/grub

....
GRUB_DEFAULT=2
....
GRUB_DISABLE_OS_PROBER=false
....

Run update grub

# update-grub

Edit /etc/lightdm/lightdm.conf

....
greeter-hide-users=false
....

Install light Xfce4

# apt-get install xfce4 xfce4-goodies network-manager aptitude

Run startx or restart to use GUI.

windows: disable fast start for multiple OS (dual boot)

Hibernation saves an image of your work and shuts down your computer or put your computer into sleep mode.

Fast Startup only saves an image of the system kernel and loaded drivers to reduce boot time.

Fast Startup may not suitable for System:

1. multiple os except you never access/share data between multiple os.
2. maintenance
3. hardware change

Step to disable fast startup 

1. Search -> Choose a power plan -> Choose what the power buttons do -> Change settings that are currently unavailable
2. uncheck "Turn on fast start (recommendation)"
3. save change and restart

 

Debian: using Festival to generate voice from text (Text To Speech/TTS) - AI TTS

folder voice

$ ls /usr/share/festival/voices/english/

Using command interpreter:

$ festival
...
festival> (voice.list)
(kal_diphone)
festival> (SayText "Hello")
#<Utterance 0x7f8747f99ef0>

festival> (quit)

Load text from file output direct to sound

$ festival --tts ./hello.txt 

Load text from file output direct to file

$ text2wave ./hello.txt -o text1.wav

Openssl s_client to verify SSL

Syntax general: openssl s_client [-connect host:port] [option]

 

Get and read openssl s_client output 

$ echo "Get HTTP/1.0" | openssl s_client google.com:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1                        <- verification chain 2 ok
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1                        <- verification chain 1 ok
depth=0 CN = *.google.com
verify return:1                        <- verification chain 0 ok
---
Certificate chain
 0 s:CN = *.google.com
   i:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan  9 06:25:08 2024 GMT; NotAfter: Apr  2 06:25:07 2024 GMT
 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
   i:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 13 00:00:42 2020 GMT; NotAfter: Sep 30 00:00:42 2027 GMT
 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
... <TRUNCATED> ...
-----END CERTIFICATE-----
subject=CN = *.google.com
issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6833 bytes and written 396 bytes
Verification: OK                    <- handshake verification ok
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Use openssl s_client to export certificate PEM into a file (output file: certfs.pem)

$ echo "Get HTTP/1.0" | openssl s_client -showcerts -connect google.com:443 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > certifs.pem
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
DONE

Get fingerprint SHA1 in byte

$ echo "Get HTTP/1.0" | openssl s_client -connect google.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin

Fingerprint SHA256 in byte

$ echo "Get HTTP/1.0" | openssl s_client -connect google.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin

Fingerprint SHA256 in base64 encode

$ echo "Get HTTP/1.0" | openssl s_client -connect google.com:443 | \
    openssl x509 -pubkey -noout | \
    openssl rsa -pubin -outform der | \
    openssl dgst -sha256 -binary | \
    openssl enc -base64 

To get service sertificates

$ echo "Get HTTP/1.0" | openssl s_client -connect google.com.com:443 -showcerts

For Let's Encrypt, here is official information about compatibility platforms (operating system, browser and java virtual machine,  <https://letsencrypt.org/docs/certificate-compatibility/>

Reference:

• https://www.openssl.org/docs/man1.0.2/man1/openssl-s_client.html
• https://www.baeldung.com/linux/ssl-certificates
  

Personal mysql/mariadb sql command references

Using mysqladmin 

Set password root using mysqladmin

# mysqladmin -u root password

Sql syntax to change password 

> SET PASSWORD FOR 'bob'@localhost = PASSWORD("");


Using mysql client 

$ mysql -u [user_name] -p


Show users:

> select User from mysql.user;


Add user:

> create user `test`@`localhost`;
> SELECT User FROM mysql.user;

Set user password

> alter user [user_name] identified by [new_password];


Show database:

> show databases;


Add database: 

> create database `test`;
> SHOW DATABASES;
> grant all privileges on test.* to 'test'@'localhost` ;
> flush privileges;

Show table:

> use test;
> show tables;


create table:

> use test;
> create table product(id mediumint, name varchar(100));

Note: Do not use root account to create user table, use particular user to create table.
 

repair grub after windows updating bios on lenovo ideaPad gaming 3 AMD 7535h (15”)

Insert Debian installer DVD/CD or USB and change boot order

1. Keep press shift + restart windows -> troubleshoot -> UEFI Firmware Setting -> Restart
2. Change boot order to Debian installer media

Boot into Debian

1. Boot into Debian installer DVD/CD or USB, then press c to enter grub command. If the screen goes blank (for CD boot older then existing grub version), press ESC until you get prompt grub>
2. Get Debian partition using grub> ls and find Filesystem type ext* or your existing filesystem (see the picture below)
3. Get Debian grab from Debian partition e.q grub> ls (hd0,gpt7)/boot and find Debian grub folder  (see the picture below) 
4. Run command to start existing Debian e.q

grub> set root=(hd0,gpt7)
grub> set prefix=(hd0,gpt7)/boot/grub
grub> insmod normal
grub> normal

 

After you enter 'normal', the screen will return to GUI and your 'Debian' option will appear in boot option. Select it to run your existing debin in hard drive.

Repair grub using 

# grub-install
# update-grub

Every time you update your firmware via windows, your grub boot will lost. It's so annoying. Unfortunately, there is not much tool available to automatically check and update bios for Debian. Debian still stable using old bios, but not in windows.  

Debian Bookworm: Configure printer and scanner HP Ink 415 Wireless (all in one)

Install required packages for printer and scanner

# apt-get install system-config-printer hplip cups hplip-ppds  

To configure printer:

1. Applications -> Settings -> Print Settings
2. Add new printer
3. Select Network Printer -> AppSocket/HP JetDirect and fill Enter Host with printer's IP address

Install XSane for scanning image

# apt-get install xsane sane-utils

To configure scanner:

1. Run XSane to configure scanner
2. After XSane detected HP Printer & Scanner, select Hewlett-Pac and press Ok.

To install driver print to pdf

# apt-get install printer-driver-cups-pdf

Debian Bookworm: change grub resolution on boot using grub-customizer to 640x480

Install grub customizer

# apt-get install  grub-customizer  

To change grub resolution on boot:

Applications -> Settings -> Grub Customizer -> Appearance Settings -> custom resolution 640x480

Debian Bookworm: installing Apache2, MariaDB and PHP 8.2 (default)

 Installing MariaDB database

# apt-get install mariadb-client mariadb-server  

Install apache2 and PHP

# apt-get install apache2 php libapache2-mod-php php8.2-mysql

By default, PHP version for Debian Bookworm is 8.2.

To disable apache2 and mariadb start during boot (to faster your PC start, not recommended for live server)

# systemctl disable apache2
# systemctl disable mariadb

You can start and stop manualy after boot.

Install additional php 8.2 required by CodeIgniter

# apt-get install php8.2-curl php8.2-imagick php8.2-gd php8.2-intl php8.2-mbstring php8.2-memcache php8.2-memcached php8.2-redis php8.2-xml php8.2-phpdbg

Debian Bookworm: installing Eclipse using Eclipse installer

Download linux installer Linux x86_64 from https://www.eclipse.org/downloads/packages/installer.

Extract it

[home]/Downloads$ tar -xf ./eclipse-inst-jre-linux64.tar.gz 

Run installer

[home]/Downloads$ cd eclipse-installer/
[home]/Downloads/eclipse-installer$ ls
artifacts.xml  eclipse-inst      features  p2       readme
configuration  eclipse-inst.ini  icon.xpm  plugins
[home]/Downloads/eclipse-installer$ ./eclipse-inst 

For the first time, Eclipse will ask you to select workspace for your application. Choose default or create your prefered workspace directory.

You safe to remove eclipse-inst-jre-linux64.tar.gz file and [home]/Downloads/eclipse-installer directory.

Done.

Android Studio: Installing 2022 patch 2 on Debian 12 (Bookworm)

 Install JDK 17 (Optional)
# apt-get install openjdk-17-jdk

Add Multiarch repository to support architecture i386
# dpkg --add-architecture i386
# apt-get update

Note: to delete i386 run dpkg --remove-architecture i386

Install library required
# apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386 lib32z1 libbz2-1.0:i386

Download Android Studio android-studio-2022.2.1.20-linux.tar.gz from https://developer.android.com/studio. 

You need to create folder for Android Studio, SDK Tool and Workspace. Android Studio and SDK Tool can not be placed in same directory. 

Extract your android-studio-2022.2.1.20-linux.tar.gz.

Run Android Studio for first time

1. Run [Android_Studio_Folder]/bin/studio.sh
2. Select Do not import settings
3. Select Install Type: Custom
4. Let default JDK folder for Gradle
5. Select UI Theme, I choose Darcula
6. Select your Android SDK Location that you have prepare before, Uncheck Android Virtual Device. You can install Android Virtual Device anytime after configuration finish.
7. Read and accept License Agreement
8. Wait until all files downloaded and installation finish.

You can install other SDk required after that. For example if you want to create application for Android 7.0, please download Android SDK Platform 24. This is your minimum android version.

You may start your android project, select save location that you have prepare before. For Example Save location: /[your_home_directory]/Workspace/Android/helloworld.

Android Studio in the same PC, run faster on Debian rather than windows 11 (dual boot).

Debian Bookworm: Install Debian 12.0 Dual Boot with preinstall windows 11 home on fresh Lenovo Ideapad Gaming 3

Preparation using windows 11 to create installation CD

1. Download CD 1 debian-12.0.0-amd64-netinst.iso from https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
2. Insert blank DVD (file size exceed CD size)
    
3. Right click file and select Windows Disk Image Burner.

Disable Secure Boot

1. From windows 11, press Shift + Restart
2. Select Troubleshoot -> Advaned Options -> UEFI Firmware Settings -> Security
3. Find Secure Boot and change it to Disable
4. Save configuration

To check status Secure Boot from windows 11, use system information, and find Secure Boot State. Secure Boot State must be Off to make sure Debian installation work perperly.

Restart to DVD and follow Graphic Installation guide.

Debian Bullseye (Debian 11): install mysql-workbench-community

Requirements:

1. gnome-keyring
2. libtinfo5
3. libpython 2.7

Install all requirements packages:

# apt-get install seahorse gnome-keyring libtinfo5 libpython2.7

Change Default gnome-keyring using seahorse

$ seahorse

delete "Default keyring"

create new "Default keyring" and enter new password

Download from https://downloads.mysql.com/archives/workbench/

Choose Ubuntu Linux 18.04 (x86, 64-bit), DEB Package (mysql-workbench-community_8.0.22-1ubuntu18.04_amd64.deb)

# dpkg -i mysql-workbench-community_8.0.22-1ubuntu18.04_amd64.deb

Convension:

• # run as root
• $ run as user

 

Debian Bullseyes: installing & configure brightness control on Xfce4

 

You need to install:

1. brightnessctl
2. grub-customizer
3. xfce4-power-manager   

# apt-get install brightnessctl grub-customizer xfce4-power-manager   

From Applications -> Settings -> Grub Customizer

1. Open General settings
2. At kernel parameters append acpi_backlight=video
   for example "quiet acpi_backlight=video"
3. Save and restart.

You can choose only one from these options:

• acpi_backlight=vendor
• acpi_backlight=video
• acpi_backlight=native
• acpi_backlight=none

You can change your brightness from Power Manager Plugin in Xfce4.

Note: after make any change, restart your Debian

Tested on

• Asus K45DR AMD A8 Series
• Debian 11.2
• linux-image 5.15.0-0.bpo.3-amd64

Debian Bullseyes: installing zoneminder (1.34.23-1)

 

Requirements:

• MariaDB
• Apache2

Installing packages

# apt-get install zoneminder apache2 mariadb-server-10.5 mariadb-client-10.5 php php7.4 libapache2-mod-php7.4 php7.4-mysql

# chown www-data:www-data /usr/share/zoneminder/ -R

# chown root:www-data /etc/zm/ -R

# a2enmod cgi

# a2enmod rewrite

# a2enconf zoneminder

Set root password (optional). For the first time after installation, password for mariadb root is blank.

# mysqladmin -u root -p password yournewpass

Create DB, User and Password. Omit option -p for mariadb root if you do not set password.

# mysql –u root –p

MariaDB [(none)]> CREATE USER 'zmuser' IDENTIFIED BY 'zmpass';

MariaDB [(none)]> CREATE DATABASE zm;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON zm.* TO 'zmuser'@'localhost';

Creating DB

# mysql -u zmuser -p < /usr/share/zoneminder/db/zm_create.sql

NOTE: if change user, password or database, you need to change file in /etc/zm/zm.conf

# ZoneMinder database name

ZM_DB_NAME=zm

# ZoneMinder database user

ZM_DB_USER=zmuser

# ZoneMinder database password

ZM_DB_PASS=zmpass

Restarting services

# systemctl restart apache2

# systemctl restart zoneminder

From browser open URL http://localhost/zm

References:

• https://forums.zoneminder.com/viewtopic.php?t=29355
• https://wiki.zoneminder.com/Debian_11_Bullseye_with_Zoneminder_1.36.x

Debian Bullseye: upgrade from Debian Buster XFCE

 

Edit /etc/apt/sources.list

# main security
deb https://security.debian.org/debian-security bullseye-security/updates main
#deb-src https://security.debian.org/debian-security bullseye-security/updates main

# main mirror Indonesia
deb http://kebo.pens.ac.id/debian bullseye main
deb http://kebo.pens.ac.id/debian bullseye-updates main

# NON FREE
deb https://deb.debian.org/debian bullseye main contrib non-free

# BACKPORTS
deb https://deb.debian.org/debian bullseye-backports main

Update without new packages

# apt upgrade --without-new-pkgs

During upgrade, you need to restart some services.

Restart, open root terminal and make full upgrade (required more than 800MB)

# apt full-upgrade

Restart your PC.

Clean up unused installer

# apt-get autoclean && apt-get autoremove -y

If you get trouble connecting to internet (can not resolve servername) after upgrading edit /etc/resolv.conf

search 8.8.8.8 1.1.1.1
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 1.1.1.1

Restart your networking

# systemctl restart networking

If you install dnsmasq and get trouble connecting to internet (can not resolve servername) after upgrading, edit /etc/dnsmasq.conf

#no-resolv
# dedetok 2021-08-18
no-resolv
server=8.8.8.8
server=1.1.1.1

Reboot

Debian Buster (Debian 10): install mysql workbench

 

Download mysql workbench from https://downloads.mysql.com/archives/workbench/

I use mysql-workbench-community version 8.0.19 for ubuntu 18.04 i.e. mysql-workbench-community_8.0.19-1ubuntu18.04_amd64

Install libtinfo5

# apt-get install  libtinfo5

Install mysql workbench using dpkg

# dpkg -i mysql-workbench-community_8.0.19-1ubuntu18.04_amd64

NOTE:

• only mysql workbench community for Ubuntu 18.04 will work on Debian Buster (10)