Add user with ecryptfs encrypted home directory on Debian Wheezy

As an Ubuntu desktop user, I learned to appreciate adduser‘s –encrpyt-home option. It adds a new user with an encrypted home directory in a second. On Debian, adduser is lacking the –encrypt-home option and we require a few steps to add a user with an ecryptfs-encrypted home directory. Our roadmap here is to add a user with unencrypted home directory and then encrypt the home directory afterwards.

  • Install the ecryptfs utility scripts and their dependencies,
sudo aptitude install ecryptfs-utils
  • Add a new user with unencrypted home directory,
sudo adduser NEW_USER
  • Encrypt the home directory by migrating it from unencrypted to encrypted
sudo ecryptfs-migrate-home -u NEW_USER

For some background information on this script, see this blog post.

  • Absolutely mandatory, login to the new user account now to have ecryptfs’ key encrypted with the new user’s password and written to disk,
sudo login NEW_USER
  • When logged as NEW_USER, unwrap ecryptfs’ key and store it at a safe place. This will give you access to your encrypted home directory without the need to login (e.g. by mounting it).
  • Remove the unencrypted copy of the user’s home directory. The last lines of output of ecryptfs-migrate-home give you the path, along with other useful information you should read through.

Please note that ecryptfs-migrate-home places the encrypted version of NEW_USER’s home directory in /home/.ecryptfs/NEW_USER, no matter what partition or directory the user’s home directory is located in. As this directory is hardcoded into the ecryptfs-setup-private script (that is called by ecryptfs-migrate-home), the easiest way is to temporarily edit change the path by

sudo vi /usr/bin/ecryptfs-setup-private

and modification of the line near the top


Bluetooth file transfer in Ubuntu or obexftp return code 96

Nautilus in recent Ubuntu 12.10 Quantal Quetzal fails to browse the files on my Nokia Asha 206 over a bluetooth connection:

gvfsd-obexftp crashed with SIGSEGV in _wordcopy_fwd_dest_aligned()

gvfsd-obexftp crashes reliably, and taking the many bug reports on launchpad into account, it does so since years. Having used good old obexftp years before I was amazed to see the project still alive, with a change in maintainership and an updating release in the beginning of March 2013.

Browsing files

Browsing the files on your phone is a simple as

obexftp -b bluetooth_device -l folder_to_list

where bluetooth_device is the device ID of your bluetooth device (e.g. your mobile phone). Get the device ID for example from your Bluetooh Settings (Click the Bluetooth symbol in the top right corner of your desktop).

Putting files

However, when trying to copy files to the phone, my endless trials ended always in

The operation failed with return code 96

errors. It took me a while to figure out that the order of command-line arguments to obexftp matters. For putting files, you need to specify the phone’s current directory with the -c option and this one must preceed the -p argument. So while

obexftp -b AA:BB:CC:DD:EE:FF -p local_file -c remote_folder

gives you above error,

obexftp -b AA:BB:CC:DD:EE:FF -c remote_folder -p local_file

will work fine.

sftp support for curl in Ubuntu 12.10 (Quantal Quetzal) and later

The Problem

Recently, downloading a file with curl via sftp failed with the error message

Protocol sftp not supported or disabled in libcurl

Indeed, as a curl -V revealed,

curl 7.27.0 (x86_64-pc-linux-gnu) libcurl/7.27.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 librtmp/2.3 
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp

sftp support is lacking in Ubuntu 12.10 (Quantal Quetzal).

Searching the web indicates that this problem has been bugging Ubuntu users for several years now. The reason is that package libssh2-1 (sftp is ftp tunneled over SSH) is in universe and not in main (cf. debian/changelog). With curl being in main, it must not depend on libssh2-1.

The Solution

Nevertheless, it is possible to let curl support sftp by compiling it yourself from Ubuntu’s source package. We will describe the necessary steps shortly.

Make sure you have the appropriate deb-src entries in /etc/apt/sources.list

deb-src oneiric main restricted universe

Then, setup the build environment with

mkdir /tmp/curl
cd /tmp/curl
sudo apt-get update
sudo apt-get install build-essential debhelper libssh2-1-dev
apt-get source curl
sudo apt-get build-dep curl

Having libssh2-1-dev installed, sftp support will automatically be compiled in. You will find older tutorials that require editing debian/rules. I found this not to be necessary with recent source packages. In fact it seems the explicit disabling of libssh support by configuring with –without-libssh2 has been dropped from the rules file.

cd curl-*

will build the binary packages. This will take some time, in particular the tests require you to be patient. Finally, update all curl and libcurl packages on your system (there is no need to uninstall existing packages first).

cd ..
dpkg -l | grep curl
dpkg -i curl_7.27.0-1ubuntu1.1_amd64.deb 
dpkg -i libcurl3_7.27.0-1ubuntu1.1_amd64.deb

Please keep in mind that the so installed packages will not be updated automatically. You need to go through above workflow everytime you want to update curl (and have sftp support enabled).

Further note that sftp support is a feature of libcurl and not of the command-line tool curl. So if you just update curl but not the libcurl package, you will still end up with the command-line tool lacking sftp support.

Update: It is actually the tests that take up so much time. Setting


in debian/rules before SHLIBS_VERSION= skips any tests. In order to further speed up the build process, make use of dpkg-buildpackage’s -jNUM_PROC option. It works just as for make.

Wild Magic 5: unresolved external symbol ZERO_TOLERANCE in DLL

Geometric Tools’ Wild Magic library is a great free, open-source and cross-platform C++ library for computational geometry and beyond. Recently, when dynamically linking against latest version 5.9 of the Wild Magic library on Windows in Visual Studio Express 2010, I ran into the following error:

error LNK2001: unresolved external symbol "public: static double const Wm5::Math<double>::ZERO_TOLERANCE" (?ZERO_TOLERANCE@?$Math@N@Wm5@@2NB) SiSTunneld.exe : fatal error LNK1120: 1 unresolved externals

A quick check revealed that the symbol was indeed properly exported from the library (dllExport). However, my code was not properly importing the symbols (dllImport). The Wild Magic library is set up to properly import a DLL’s symbol by defining a set of preprocessor definitions, one for each library (all this is well described in Wild Magic’s Installation Manual and Release Notes on page 15).

So when using the Core and Mathematics libraries, set the preprocessor defines


in your Visual Studio project. This will properly import all symbols and resolve any unresolved linker errors.


Druckdaten erstellen mit Inkscape und Scribus

Die Open-Source Softwareprojekte Inkscape und Scribus sind qualitativ hochwertige freie Alternativen zu kommerziellen Softwareprodukten wie Adobe Illustrator, Adobe InDesign, Quark Xpress und CorelDraw. Während sich Inkscape auf die Erzeugung von (einzelnen) Vektor-Graphiken konzentriert, setzt Scribus den Schwerpunkt auf Layout und Publikation (durchaus mehrseitiger) Dokumente.

Im folgenden wollen wir kurz beschreiben, wie die zwei Programme zur Erstellung von Druckdaten verwendet werden können. Dafür orientieren wir uns an den Vorgaben der Firma, die ein PDF mit 2 Millimeter Beschnittzugabe (auch Überfüllung, Anschnitt) im CMYK Farbraum vorsieht.

Von Inkscape nach Scribus

Der Datenaustausch von Inkscape nach Scribus erfolgt am besten im PDF Format. Da Inkscape einige nicht standardisierte Textformatierungen im SVG Format abspeichert, scheitert ein direkter Datenaustausch im SVG Format.

Inkscape-Einstellungen für den Export nach PDF.

Inkscape-Einstellungen für den Export nach PDF.

Im PDF Format ist es (aus dem selben Grund?) zudem notwendig, den Text in Pfade zu konvertieren. Der Text der Inkscape-Graphik kann daher in Scribus nicht mehr verändert werden!

Druckdaten in Scribus erzeugen

In Scribus können wir PDF-Dokumente direkt öffnen,

File -> Open ...

Nach dem Öffnen ändern wir die Dokumenteigenschaften,

File -> Document Setup...


  • ändern zunächst die Einheit für Maßangaben auf Millimeter,
  • setzen die Margin Guides auf 0 Millimeter (kein sichtbarer zusätzlicher Rand im Dokument) und
  • konfigurieren Bleeds konstant auf 2 Millimeter. Bleeds sind der englische Ausdruck für die Beschnittzugabe.

Beim Ändern der Einstellungen können wir auswählen, ob diese nur die aktuelle oder alle Seiten des Projektes betreffen sollen.

Nach dem Anpassen der Dokumenteinstellungen exportieren wir das Dokument nach PDF

File -> Export -> Save as PDF ...

Im Export-Dialogfenster wählen wir im Color-Tab, dass die Ausgabe im CMYK Farbraum geschehen soll, in dem wir für Output Intended for die Auswahl Printer treffen.

Im selben Dialogfenster, aber im Pre-Press-Tab

  • setzen wir ein Häkchen vor Crop Marks (Schnittmarken)
  • löschen das Häkchen vor Bleed Marks (würde Marken für die Überfüllung erzeugen) und
  • setzen das Häkchen vor Use Document Bleeds, um die zuvor konfigurierte Beschnittzugabe zu übernehmen.

Im Texteinfabefeld ganz oben im Dialog kann der Dateiname für das PDF angegeben werden. Nach Klick auf die Schaltfläche Save werden die Druckdaten als PDF erzeugt.

gnome-shell missing characters and display corruption with Xorg and radeon

After connecting an external monitor to the HDMI port of my laptop (featuring an AMD/ATI Mobility Radeon HD 5470 graphics card with 512 MB video memory, interfaced by Xorg’s open-source radeon driver), the title bar of gnome-shell version 3.6.2 was missing letters

gnome-shell corrupted title bar radeon xorg

The gnome-shell’s title bar is missing letters on the external monitor.

Sometimes, even the entire display was heavilly corrupted. Interestingly, restarting the gnome-shell

ALT-F2 + 'r'

resolved the problems in all cases. Researching the problem turned out to be quite cumbersome, given that the zoo of graphic related bugs is quite tremendous. Finally, this post here brought me onto the right track.

Video Memory vs. GART/GTT Memory

Typically, a graphics card is equipped with memory, the so called video memory. In my case, this amounted to 512 MegaBytes. Apart from its internal memory, the graphics card is given direct access to system memory (RAM). The RAM assigned to the graphics card is called GART or GTT memory. Its size is set by the kernel module and can be obtained from dmesg,

dmesg | grep GTT

and is usually set to the video memory size by default:

[    2.3462] [drm] radeon: 512M of GTT memory ready.

The Xorg server inherits the kernel module’s settings (plus/minus epsilon), as the output of

cat /var/log/Xorg.0.log | grep gart


[    24.201] (II) RADEON(0): mem size init: gart size :1fdff000 vram size: s:20000000 visible:fba0000

Please note that 0x1fdff000 / (1024*1024) = 510 MegaBytes.

A Solution to the Problem

Providing more GART/GTT memory to the graphics card solves the problem. This can be achieved by either adding


to the kernel boot command-line or by configuring a permanent parameter for the kernel’s radeon module. This is done by creating a file called radeon.conf or similar in


and adding a single line

options radeon gartsize=1024

to this file. Finally note that on Debian-based systems you must run

sudo update-initramfs -u

after adding a file to /etc/modprobe.d.

Dual-head Monitor Setup on Ubuntu Linux with Xorg and radeon

Let me briefly summarize two methods to configure a dual-head setup with an external monitor connected to a laptop’s HDMI port on Ubuntu Linux 12.10 Natty. My setup includes a Lenovo Z565 laptop with an AMD/ATI Mobility Radeon HD 5470 graphics card and a Samsung S24A650D monitor. We assume that we rely Xorg’s open-source radeon driver throughout the tutorial.

Dynamic Configuration

We will use xrandr to configure a temporary dual-head setup during runtime. After connecting the monitor to the laptop, obtain the labels the system assigned to the monitors by a

xrandr -q

In my case, the output read

Screen 0: minimum 320 x 200, current 1920 x 1848, maximum 8192 x 8192
LVDS connected 1366x768+0+1080 (normal left inverted right x axis y axis) 0mm x 0mm
   1366x768       60.0*+
   1280x720       59.9  
   1152x768       59.8  
HDMI-0 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 531mm x 299mm
   1920x1080      60.0*+   50.0  
   1600x1200      60.0  
   1680x1050      59.9  
VGA-0 disconnected (normal left inverted right x axis y axis)

The laptop’s internal monitor is called LVDS and the external monitor HDMI-0. By another call to xrandr, we activate the dual-head setup:

xrandr --output HDMI-0 --primary --left-of LVDS

The command line is to be understood literally: The HDMI monitor shall be the primary screen (e.g. displaying gnome’s titlebar) and shall be positioned left of the laptop’s internal monitor. For other placements, see xrandr’s –left-of, –right-of, –above and –below options or the very general –pos argument.

Permanent Configuration

For a permanent static configuration of a dual-head setup, we create a configuration file for the X server with an editor of your choice,


You will need root privileges for this. The contents of xorg.conf is as follows:

Section "Device"
        Identifier      "Mobility Radeon HD 5400 Series"
        Driver          "radeon"
        Option          "monitor-LVDS" "monitor_internal"
        Option          "monitor-HDMI-0" "monitor_external"

Section "Monitor"
        Identifier      "monitor_internal"
        Option          "RightOf" "monitor_external"

Section "Monitor"
        Identifier      "monitor_external"
        Option          "Primary" "true"

In the device section, we specify to use Xorgs’s open source radeon driver and setup two aliases for the monitors. Please note that the monitor ID is composed of the static prefix monitor- and the monitor label as returned by xrandr -q (see above). The remaining configuration places the laptop’s internal monitor right of the external monitor. The latter is configured to be the primary screen.

Further Information

For more information, have a look at

  • Xorg’s documentation of the radeon driver
  • An article at Intel about configuring dual-head setups
  • and the man pages for the radeon driver (man radeon) and xrandr (man xrandr)