3. After LFS Configuration Issues
The intention of LFS is to provide a basic system which you can build upon. There are several things about tidying up the system which many people wonder about once they have done the base install. We hope to cover these issues in this chapter.
Most people coming from non-Unix like backgrounds to Linux find the concept of text-only configuration files slightly strange. In Linux, just about all configuration is done via the manipulation of text files. The majority of these files can be found in the /etc hierarchy. There are often graphical configuration programs available for different subsystems but most are simply pretty front ends to the process of editing a text file. The advantage of text-only configuration is that you can edit parameters using your favorite text editor, whether that be vim, emacs, or any other editor.
The first task is making a recovery boot device in Creating a Custom Boot Device because it’s the most critical need. Hardware issues relevant to firmware and other devices is addressed next. The system is then configured to ease addition of new users, because this can affect the choices you make in the two subsequent topics—The Bash Shell Startup Files and The vimrc Files.
There is one remaining topic: Customizing your Logon with /etc/issue. It doesn’t have much interaction with the other topics in this chapter.
3.1 Creating a Custom Boot Device
Decent Rescue Boot Device Needs
This section is really about creating a rescue device. As the name rescue implies, the host system has a problem, often lost partition information or corrupted file systems, that prevents it from booting and/or operating normally. For this reason, you must not depend on resources from the host being “rescued”. To presume that any given partition or hard drive will be available is a risky presumption.
In a modern system, there are many devices that can be used as a rescue device: floppy, cdrom, usb drive, or even a network card. Which one you use depends on your hardware and your BIOS. In the past, a rescue device was thought to be a floppy disk. Today, many systems do not even have a floppy drive.
Building a complete rescue device is a challenging task. In many ways, it is equivalent to building an entire LFS system. In addition, it would be a repetition of information already available. For these reasons, the procedures for a rescue device image are not presented here.
Creating a Rescue Floppy
The software of today’s systems has grown large. Linux 2.6 no longer supports booting directly from a floppy. In spite of this, there are solutions available using older versions of Linux. One of the best is Tom’s Root/Boot Disk available at http://www.toms.net/rb/. This will provide a minimal Linux system on a single floppy disk and provides the ability to customize the contents of your disk if necessary.
Creating a Bootable CD-ROM
There are several sources that can be used for a rescue CD-ROM. Just about any commercial distribution’s installation CD-ROMs or DVDs will work. These include RedHat, Ubuntu, and SuSE. One very popular option is Knoppix.
Also, the LFS Community has developed its own LiveCD available at https://www.linuxfromscratch.org/livecd/. This LiveCD, is no longer capable of building an entire LFS/BLFS system, but is still a good rescue CD-ROM. If you download the ISO image, use xorriso to copy the image to a CD-ROM.
The instructions for using GRUB2 to make a custom rescue CD-ROM are also available in LFS Chapter 10.
Creating a Bootable USB Drive
A USB Pen drive, sometimes called a Thumb drive, is recognized by Linux as a SCSI device. Using one of these devices as a rescue device has the advantage that it is usually large enough to hold more than a minimal boot image. You can save critical data to the drive as well as use it to diagnose and recover a damaged system. Booting such a drive requires BIOS support, but building the system consists of formatting the drive, adding GRUB as well as the Linux kernel and supporting files.
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/CreatingaCustomBootDevice
3.2 About Console Fonts
An LFS system can be used without a graphical desktop, and unless or until you install a graphical environment you will have to work in the console. Most, if not all, PCs boot with an 8x16 font - whatever the actual screen size. There are a few things you can do to alter the display on the console. Most of them involve changing the font, but the first alters the commandline used by grub.
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/aboutconsolefonts
Setting a smaller screen size in grub
Modern screens often have a lot more pixels then the screens used in the past. If your screen is 1600 pixels wide, an 8x16 font will give you 200 columns of text - unless your monitor is enormous, the text will be tiny. One of the ways to work around this is to tell grub to use a smaller size, such as 1024x768 or 800x600 or even 640x480. Even if your screen does not have a 4:3 aspect ratio, this should work.
To try this, you can reboot and edit grub’s command-line to insert a ‘video=’ parameter between the ‘root=/dev/sdXn’ and ‘ro’, for example root=/dev/sda2 video=1024x768 ro based on the example in LFS section 10.4.4 : 10.4. Using GRUB to Set Up the Boot Process.
If you decide that you wish to do this, you can then (as the root user) edit /boot/grub/grub.cfg.
Using the standard psf fonts
In LFS the kbd package is used. The fonts it provides are PC Screen Fonts, usually called PSF, and they were installed into /usr/share/consolefonts. Where these include a unicode mapping table, the file suffix is often changed to .psfu although packages such as terminus-font (see below) do not add the ‘u’. These fonts are usually compressed with gzip to save space, but that is not essential.
The initial PC text screens had 8 colours, or 16 colours if the bright versions of the original 8 colours were used. A PSF font can include up to 256 characters (technically, glyphs) while allowing 16 colours, or up to 512 characters (in which case, the bright colours will not be available). Clearly, these console fonts cannot be used to display CJK text - that would need thousands of available glyphs.
Some fonts in kbd can cover more than 512 codepoints (‘characters’), with varying degrees of fidelity: unicode contains several whitespace codepoints which can all be mapped to a space, varieties of dashes can be mapped to a minus sign, smart quotes can map to the regular ASCII quotes rather than to whatever is used for “codepoint not present or invalid”, and those cyrillic or greek letters which look like latin letters can be mapped onto them, so ‘A’ can also do duty for cyrillic A and greek Alpha, and ‘P’ can also do duty for cyrillic ER and greek RHO. Unfortunately, where a font has been created from a BDF file (the method in terminus and debian’s console-setup ) such mapping of additional codepoints onto an existing glyph is not always done, although the terminus ter-vXXn fonts do this well.
There are over 120 combinations of font and size in kbd: often a font is provided at several character sizes, and sometimes varieties cover different subsets of unicode. Most are 8 pixels wide, in heights from 8 to 16 pixels, but there are a few which are 9 pixels wide, some others which are 12x22, and even one (latarcyrheb-sun32.psfu) which has been scaled up to 16x32. Using a bigger font is another way of making text on a large screen easier to read.
Testing different fonts
You can test fonts as a normal user. If you have a font which has not been installed, you can load it with :
setfont /path/to/yourfont.ext
For the fonts already installed you only need the name, so using gr737a-9x16.psfu.gz as an example:
setfont gr737a-9x16
To see the glyphs in the font, use:
showconsolefont
If the font looks as if it might be useful, you can then go on to test it more thoroughly.
When you find a font which you wish to use, as the root user) edit /etc/vconsole.conf as described in LFS section 9.6 9.6. Configuring the Linux Console..
For fonts not supplied with the kbd package you will need to optionally compress it / them with gzip and then install it / them as the root user.
Editing fonts using psf-tools
Although some console fonts are created from BDF files, which is a text format with hex values for the pixels in each row of the character, there are more-modern tools available for editing psf fonts. The psftools package allows you to dump a font to a text representation with a dash for a pixel which is off (black) and a hash for a pixel which is on (white). You can then edit the text file to add more characters, or reshape them, or map extra codepoints onto them, and then create a new psf font with your changes.
Using fonts from Terminus-font
The Terminus Font package provides fixed-width bitmap fonts designed for long (8 hours and more per day) work with computers. Under ‘Character variants’ on that page is a list of patches (in the alt/ directory). If you are using a graphical browser to look at that page, you can see what the patches do, e.g. ‘ll2’ makes ‘l’ more visibly different from ‘i’ and ‘1’.
By default terminus-fonts will try to create several types of font, and it will fail if bdftopcf from Xorg Applications has not been installed. The configure script is only really useful if you go on to install all the fonts (console and X11 bitmap) to the correct directories, as in a distro. To build only the PSF fonts and their dependencies, run:
make psf
This will create more than 240 ter-*.psf fonts. The ‘b’ suffix indicates bright, ‘n’ indicates normal. You can then test them to see if any fit your requirements. Unless you are creating a distro, there seems little point in installing them all.
As an example, to install the last of these fonts, you can gzip it and then as the root user:
install -v -m644 ter-v32n.psf.gz /usr/share/consolefonts
3.3 About Firmware
On some recent PCs it can be necessary, or desirable, to load firmware to make them work at their best. There is a directory, /lib/firmware, where the kernel or kernel drivers look for firmware images.
Currently, most firmware can be found at a git repository: https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/. For convenience, the LFS Project has created a mirror, updated daily, where these firmware files can be accessed via wget or a web browser at https://anduin.linuxfromscratch.org/BLFS/linux-firmware/.
To get the firmware, either point a browser to one of the above repositories and then download the item(s) which you need, or install git-2.39.2 and clone that repository.
For some other firmware, particularly for Intel microcode and certain wifi devices, the needed firmware is not available in the above repository. Some of this will be addressed below, but a search of the Internet for needed firmware is sometimes necessary.
Firmware files are conventionally referred to as blobs because you cannot determine what they will do. Note that firmware is distributed under various different licenses which do not permit disassembly or reverse-engineering.
Firmware for PCs falls into four categories:
-
Updates to the CPU to work around errata, usually referred to as microcode.
-
Firmware for video controllers. On x86 machines this is required for ATI devices (Radeon and AMDGPU chips) and may be useful for Intel (Skylake and later) and Nvidia (Kepler and later) GPUs.
ATI Radeon and AMDGPU devices all require firmware to be able to use KMS (kernel modesetting - the preferred option) as well as for Xorg. For old radeon chips (before the R600), the firmware is still in the kernel source.
Intel integrated GPUs from Skylake onwards can use firmware for GuC (the Graphics microcontroller), and also for the HuC (HEVC/H265 microcontroller which offloads to the GPU) and the DMC (Display Microcontroller) to provide additional low-power states. The GuC and HuC have had a chequered history in the kernel and updated firmware may be disabled by default, depending on your kernel version. Further details may be found at 01.org and Arch linux.
Nvidia GPUs from Kepler onwards require signed firmware, otherwise the nouveau driver is unable to provide hardware acceleration. Nvidia has now released firmware up to Ampere (GeForce30 series) to linux-firmware. Note that faster clocks than the default are not enabled by the released firmware.
-
Firmware updates for wired network ports. Mostly they work even without the updates, but probably they will work better with the updated firmware. For some modern laptops, firmware for both wired ethernet (e.g. rtl_nic) and also for bluetooth devices (e.g. qca) is required before the wired network can be used.
-
Firmware for other devices, such as wifi. These devices are not required for the PC to boot, but need the firmware before these devices can be used.
Note
Although not needed to load a firmware blob, the following tools may be useful for determining, obtaining, or preparing the needed firmware in order to load it into the system: cpio-2.13, git-2.39.2, pciutils-3.9.0, and Wget-1.21.3
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/aboutfirmware
Microcode updates for CPUs
In general, microcode can be loaded by the BIOS or UEFI, and it might be updated by upgrading to a newer version of those. On linux, you can also load the microcode from the kernel if you are using an AMD family 10h or later processor (first introduced late 2007), or an Intel processor from 1998 and later (Pentium4, Core, etc), if updated microcode has been released. These updates only last until the machine is powered off, so they need to be applied on every boot.
Intel provide updates of their microcode for Skylake and later processors as new vulnerabilities come to light, and have in the past provided updates for processors from SandyBridge onwards, although those are no-longer supported for new fixes. New versions of AMD firmware are rare and usually only apply to a few models, although motherboard manufacturers get AGESA (AMD Generic Encapsulated Software Architecture) updates to change BIOS values, e.g. to support more memory variants, new vulnerability fixes or newer CPUs.
There were two ways of loading the microcode, described as ‘early’ and ‘late’. Early loading happens before userspace has been started, late loading happens after userspace has started. However, late loading is known to be problematic and not supported anymore (see the kernel commit x86/microcode: Taint and warn on late loading.) Indeed, early loading is needed to work around one particular erratum in early Intel Haswell processors which had TSX enabled. (See Intel Disables TSX Instructions: Erratum Found in Haswell, Haswell-E/EP, Broadwell-Y.) Without this update glibc can do the wrong thing in uncommon situations.
In previous versions of this book, late loading of microcode to see if it gets applied was recommended, followed by using an initrd to force early loading. But now that the contents of the Intel microcode tarball is documented, and AMD microcode can be read by a Python script to determine which machines it covers, there is no real reason to use late loading.
It might be still possible to manually force late loading of microcode. But it may cause kernel malfunction and you should take the risk yourself. You will need to reconfigure your kernel for either method. The instructions here will show you how to create an initrd for early loading. It is also possible to build the same microcode bin file into the kernel, which allows early loading but requires the kernel to be recompiled to update the microcode.
To confirm what processor(s) you have (if more than one, they will be identical) look in /proc/cpuinfo. Determine the decimal values of the cpu family, model and stepping by running the following command (it will also report the current microcode version):
head -n7 /proc/cpuinfo
Convert the cpu family, model and stepping to pairs of hexadecimal digits, and remember the value of the “microcode” field. You can now check if there is any microcode available.
If you are creating an initrd to update firmware for different machines, as a distro would do, go down to ‘Early loading of microcode’ and cat all the Intel blobs to GenuineIntel.bin or cat all the AMD blobs to AuthenticAMD.bin. This creates a larger initrd - for all Intel machines in the 20200609 update the size was 3.0 MB compared to typically 24 KB for one machine.
Intel Microcode for the CPU
The first step is to get the most recent version of the Intel microcode. This must be done by navigating to https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/ and downloading the latest file there. As of this writing the most secure version of the microcode is microcode-20230214. Extract this file in the normal way, the microcode is in the intel-ucode directory, containing various blobs with names in the form XX-YY-ZZ. There are also various other files, and a releasenote.
In the past, intel did not provide any details of which blobs had changed versions, but now the releasenote details this. You can compare the microcode version in /proc/cpuinfo with the version for your CPU model in the releasenote to know if there is an update.
The recent firmware for older processors is provided to deal with vulnerabilities which have now been made public, and for some of these such as Microarchitectural Data Sampling (MDS) you might wish to increase the protection by disabling hyperthreading, or alternatively to disable the kernel’s default mitigation because of its impact on compile times. Please read the online documentation at https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html.
For an Icelake mobile (described as Intel(R) Core(TM) i7-1065G7 CPU) the relevant values are cpu family 6, model 126, stepping 5 so in this case the required identification is 06-7e-05. The releasenote says the latest microcode for it is versioned 0xb8. If the value of the “microcode” field in /proc/cpuinfo is 0xb8 or greater, it indicates the microcode update is already applied by the BIOS. Otherwise, configure the kernel to support loading Intel microcode, and then proceed to the section called “Early loading of microcode”:
General Setup --->
[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support [CONFIG_BLK_DEV_INITRD]
Processor type and features --->
[*] CPU microcode loading support [CONFIG_MICROCODE]
[*] Intel microcode loading support [CONFIG_MICROCODE_INTEL]
###
AMD Microcode for the CPU
Begin by downloading a container of firmware for your CPU family from https://anduin.linuxfromscratch.org/BLFS/linux-firmware/amd-ucode/. The family is always specified in hex. Families 10h to 14h (16 to 20) are in microcode_amd.bin. Families 15h, 16h, 17h (Zen, Zen+, Zen2) and 19h (Zen3) have their own containers, but very few machines are likely to get updated microcode. Instead, AMD provide an updated AGESA to the motherboard makers, who may provide an updated BIOS using this. There is a Python3 script at https://github.com/AMDESE/amd_ucode_info/blob/master/amd_ucode_info.py. Download that script and run it against the bin file to check which processors have updates.
For the very old Athlon(tm) II X2 in these examples the values were cpu family 16, model 5, stepping 3 giving an identification of Family=0x10 Model=0x05 Stepping=0x03. One line of the amd_ucode_info.py script output describes the microcode version for it:
Family=0x10 Model=0x05 Stepping=0x03: Patch=0x010000c8 Length=960 bytes
If the value of the “microcode” field in /proc/cpuinfo is 0x10000c8 or greater, it indicates the BIOS has already applied the microcode update. Otherwise, configure the kernel to support loading AMD microcode, and then proceed to the section called “Early loading of microcode”:
General Setup --->
[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support [CONFIG_BLK_DEV_INITRD]
Processor type and features --->
[*] CPU microcode loading support [CONFIG_MICROCODE]
[*] AMD microcode loading support [CONFIG_MICROCODE_AMD]
Early loading of microcode
If you have established that updated microcode is available for your system, it is time to prepare it for early loading. This requires an additional package, cpio-2.13 and the creation of an initrd which will need to be added to grub.cfg.
It does not matter where you prepare the initrd, and once it is working you can apply the same initrd to later LFS systems or newer kernels on this same machine, at least until any newer microcode is released. Use the following commands:
mkdir -p initrd/kernel/x86/microcode
cd initrd
For an AMD machine, use the following command (replace
cp -v ../<MYCONTAINER> kernel/x86/microcode/AuthenticAMD.bin
Or for an Intel machine copy the appropriate blob using this command:
cp -v ../intel-ucode/<XX-YY-ZZ> kernel/x86/microcode/GenuineIntel.bin
Now prepare the initrd:
find . | cpio -o -H newc > /boot/microcode.img
You now need to add a new entry to /boot/grub/grub.cfg and here you should add a new line after the linux line within the stanza. If /boot is a separate mountpoint:
initrd /microcode.img
or this if it is not:
initrd /boot/microcode.img
If you are already booting with an initrd (see the section called “About initramfs”), you should run mkinitramfs again after putting the appropriate blob or container into /lib/firmware. More precisely, put an intel blob in a /lib/firmware/intel-ucode directory or an AMD container in a /lib/firmware/amd-ucode directory before running mkinitramfs. Alternatively, you can have both initrd on the same line, such as initrd /microcode.img /other-initrd.img (adapt that as above if /boot is not a separate mountpoint).
You can now reboot with the added initrd, and then use the following command to check that the early load worked:
dmesg | grep -e 'microcode' -e 'Linux version' -e 'Command line'
If you updated to address vulnerabilities, you can look at the output of the lscpu command to see what is now reported.
The places and times where early loading happens are very different in AMD and Intel machines. First, an example of an Intel (Icelake mobile) with early loading:
[ 0.000000] microcode: microcode updated early to revision 0xb8, date = 2022-08-31
[ 0.000000] Linux version 6.1.11 (xry111@stargazer) (gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.40) #2 SMP PREEMPT_DYNAMIC Tue Feb 14 23:23:31 CST 2023
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.1.11-lfs-11.3-rc1 root=PARTUUID=<CLASSIFIED> ro
[ 0.452924] microcode: sig=0x706e5, pf=0x80, revision=0xb8
[ 0.453197] microcode: Microcode Update Driver: v2.2.
A historic AMD example:
[ 0.000000] Linux version 4.15.3 (ken@testserver) (gcc version 7.3.0 (GCC))
#2 SMP Sun Feb 18 02:32:03 GMT 2018
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-4.15.3-sda5 root=/dev/sda5 ro
[ 0.307619] microcode: microcode updated early to new patch_level=0x010000c8
[ 0.307678] microcode: CPU0: patch_level=0x010000c8
[ 0.307723] microcode: CPU1: patch_level=0x010000c8
[ 0.307795] microcode: Microcode Update Driver: v2.2.
Firmware for Video Cards
Firmware for ATI video chips (R600 and later)
These instructions do NOT apply to old radeons before the R600 family. For those, the firmware is in the kernel’s /lib/firmware/ directory. Nor do they apply if you intend to avoid a graphical setup such as Xorg and are content to use the default 80x25 display rather than a framebuffer.
Early radeon devices only needed a single 2K blob of firmware. Recent devices need several different blobs, and some of them are much bigger. The total size of the radeon firmware directory is over 500K — on a large modern system you can probably spare the space, but it is still redundant to install all the unused files each time you build a system.
A better approach is to install pciutils-3.9.0 and then use lspci to identify which VGA controller is installed.
With that information, check the RadeonFeature page of the Xorg wiki for Decoder ring for engineering vs marketing names to identify the family (you may need to know this for the Xorg driver in BLFS — Southern Islands and Sea Islands use the radeonsi driver) and the specific model.
Now that you know which controller you are using, consult the Radeon page of the Gentoo wiki which has a table listing the required firmware blobs for the various chipsets. Note that Southern Islands and Sea Islands chips use different firmware for kernel 3.17 and later compared to earlier kernels. Identify and download the required blobs then install them:
mkdir -pv /lib/firmware/radeon
cp -v <YOUR_BLOBS> /lib/firmware/radeon
There are actually two ways of installing this firmware. BLFS, in the ‘Kernel Configuration for additional firmware’ section part of the Xorg ATI Driver-19.1.0 section gives an example of compiling the firmware into the kernel - that is slightly faster to load, but uses more kernel memory. Here we will use the alternative method of making the radeon driver a module. In your kernel config set the following:
Device Drivers --->
Graphics support --->
Direct Rendering Manager --->
[*] Direct Rendering Manager (XFree86 ... support) [CONFIG_DRM]
[M] ATI Radeon [CONFIG_DRM_RADEON]
Loading several large blobs from /lib/firmware takes a noticeable time, during which the screen will be blank. If you do not enable the penguin framebuffer logo, or change the console size by using a bigger font, that probably does not matter. If desired, you can slightly reduce the time if you follow the alternate method of specifying ‘y’ for CONFIG_DRM_RADEON covered in BLFS at the link above — you must specify each needed radeon blob if you do that.
###
Firmware for AMD/ATI amdgpu video chips
All video controllers using the amdgpu kernel driver require firmware, whether you will be using the xorg amdgpu driver, the xserver’s modesetting driver, or just kernel modesetting to get a console framebuffer larger than 80x25.
Install pciutils-3.9.0 and use that to check the model name (look for ‘VGA compatible controller:’). If you have an APU (Accelerated Processing Unit, i.e. CPU and video on the same chip) that will probably tell you the name. If you have a separate amdgpu video card you will need to search to determine which name it uses (e.g. a card described as Advanced Micro Devices, Inc. [AMD/ATI] Baffin [Radeon RX 550 640SP / RX 560/560X] needs Polaris11 firmware. There is a table of “Family, Chipset name, Product name and Firmware” at the end of the Kernel sections in AMDGPU page of the Gentoo wiki.
Once you have identified the firmware name, install all the relevant files for it. For example, the Baffin card mentioned above has 21 different polaris11* files, APUs such as renoir and picasso have at least 12 files and might gain more in future updates (e.g. the raven APU now has a 13th file, raven_ta.bin).
mkdir -pv /lib/firmware/amdgpu
cp -v <YOUR_BLOBS> /lib/firmware/amdgpu
If disk space is not a problem, you could install all the current amdgpu firmware files and not worry about exactly which chipset is installed.
Building the kernel amdgpu driver as a module is recommended. In your kernel .config set at least the following options and review the other AMDGPU options according to your target hardware, for example “ACP (Audio Co-Processor) Configuration”:
Device Drivers --->
Graphics support --->
Direct Rendering Manager --->
[*] Direct Rendering Manager (XFree86 ... support) [CONFIG_DRM]
[M] AMD GPU [CONFIG_DRM_AMDGPU]
Display Engine Configuration --->
[*] AMD DC - Enable new display engine (NEW) [CONFIG_DRM_AMD_DC]
As written above at the end of the section on ‘Firmware for ATI video chips’, loading large blobs from /lib/firmware can take a noticeable time during which the screen will be blank. On a slow machine you might wish to refer to the ‘Kernel Configuration for additional firmware’ part of Xorg AMDGPU Driver-23.0.0 and compile all the required modules into the kernel to reduce this time, at the cost of using more kernel memory.
Firmware for Nvidia video chips
Nvidia has released basic signed firmware for recent graphics chips, but significantly after the chips and its own binary drivers were first available. For other chips it has been necessary to extract the firmware from the binary driver.
For more exact information about which chips need extracted firmware, see https://nouveau.freedesktop.org/wiki/VideoAcceleration/#firmware.
First, the kernel Nvidia driver must be activated:
Device Drivers --->
Graphics support --->
Direct Rendering Manager --->
<*> Direct Rendering Manager (XFree86 ... support) [CONFIG_DRM]
<*/M> Nouveau (NVIDIA) cards [CONFIG_DRM_NOUVEAU]
If the necessary firmware is available in the nvidia/ directory of linux-firmware, copy it to /lib/firmware/nouveau.
If the firmware has not been made available in linux-firmware, for the old chips mentioned in the nouveau wiki link above ensure you have installed Python-2.7.18 and run the following commands:
wget https://raw.github.com/imirkin/re-vp2/master/extract_firmware.py
wget https://us.download.nvidia.com/XFree86/Linux-x86/325.15/NVIDIA-Linux-x86-325.15.run
sh NVIDIA-Linux-x86-325.15.run --extract-only
python2 extract_firmware.py
mkdir -p /lib/firmware/nouveau
cp -d nv* vuc-* /lib/firmware/nouveau/
Firmware for Network Interfaces
The kernel likes to load firmware for some network drivers, particularly those from Realtek (the /lib/linux-firmware/rtl_nic/) directory, but they generally appear to work without it. Therefore, you can boot the kernel, check dmesg for messages about this missing firmware, and if necessary download the firmware and put it in the specified directory in /lib/firmware so that it will be found on subsequent boots. Note that with current kernels this works whether or not the driver is compiled in or built as a module, there is no need to build this firmware into the kernel. Here is an example where the R8169 driver has been compiled in but the firmware was not made available. Once the firmware had been provided, there was no mention of it on later boots.
dmesg | grep firmware | grep r8169
[ 7.018028] r8169 0000:01:00.0: Direct firmware load for rtl_nic/rtl8168g-2.fw failed with error -2
[ 7.018036] r8169 0000:01:00.0 eth0: unable to load firmware patch rtl_nic/rtl8168g-2.fw (-2)
Firmware for Other Devices
Identifying the correct firmware will typically require you to install pciutils-3.9.0, and then use lspci to identify the device. You should then search online to check which module it uses, which firmware, and where to obtain the firmware — not all of it is in linux-firmware.
If possible, you should begin by using a wired connection when you first boot your LFS system. To use a wireless connection you will need to use a network tools such as Wireless Tools-29 and wpa_supplicant-2.10.
Different countries have different regulations on the radio spectrum usage of wireless devices. You can install a firmware to make the wireless devices obey local spectrum regulations, so you won’t be inquired by local authority or find your wireless NIC jamming the frequencies of other devices (for example, remote controllers). The regulatory database firmware can be downloaded from https://kernel.org/pub/software/network/wireless-regdb/. To install it, simply extract regulatory.db and regulatory.db.p7s from the tarball into /lib/firmware. The access point would send a country code to your wireless NIC, and wpa_supplicant-2.10 would tell the kernel to load the regulation of this country from regulatory.db, and enforce it.
Firmware may also be needed for other devices such as some SCSI controllers, bluetooth adaptors, or TV recorders. The same principles apply.
3.4 About Devices
Although most devices needed by packages in BLFS and beyond are set up properly by udev using the default rules installed by LFS in /etc/udev/rules.d, there are cases where the rules must be modified or augmented.
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/aboutdevices
Multiple Sound Cards
If there are multiple sound cards in a system, the “default” sound card becomes random. The method to establish sound card order depends on whether the drivers are modules or not. If the sound card drivers are compiled into the kernel, control is via kernel command line parameters in /boot/grub/grub.cfg. For example, if a system has both an FM801 card and a SoundBlaster PCI card, the following can be appended to the command line:
snd-fm801.index=0 snd-ens1371.index=1
If the sound card drivers are built as modules, the order can be established in the /etc/modprobe.conf file with:
options snd-fm801 index=0
options snd-ens1371 index=1
USB Device Issues
USB devices usually have two kinds of device nodes associated with them.
The first kind is created by device-specific drivers (e.g., usb_storage/sd_mod or usblp) in the kernel. For example, a USB mass storage device would be /dev/sdb, and a USB printer would be /dev/usb/lp0. These device nodes exist only when the device-specific driver is loaded.
The second kind of device nodes (/dev/bus/usb/BBB/DDD, where BBB is the bus number and DDD is the device number) are created even if the device doesn’t have a kernel driver. By using these “raw” USB device nodes, an application can exchange arbitrary USB packets with the device, i.e., bypass the possibly-existing kernel driver.
Access to raw USB device nodes is needed when a userspace program is acting as a device driver. However, for the program to open the device successfully, the permissions have to be set correctly. By default, due to security concerns, all raw USB devices are owned by user root and group usb, and have 0664 permissions (the read access is needed, e.g., for lsusb to work and for programs to access USB hubs). Packages (such as SANE and libgphoto2) containing userspace USB device drivers also ship udev rules that change the permissions of the controlled raw USB devices. That is, rules installed by SANE change permissions for known scanners, but not printers. If a package maintainer forgot to write a rule for your device, report a bug to both BLFS (if the package is there) and upstream, and you will need to write your own rule.
There is one situation when such fine-grained access control with pre-generated udev rules doesn’t work. Namely, PC emulators such as KVM, QEMU and VirtualBox use raw USB device nodes to present arbitrary USB devices to the guest operating system (note: patches are needed in order to get this to work without the obsolete /proc/bus/usb mount point described below). Obviously, maintainers of these packages cannot know which USB devices are going to be connected to the guest operating system. You can either write separate udev rules for all needed USB devices yourself, or use the default catch-all “usb” group, members of which can send arbitrary commands to all USB devices.
Before Linux-2.6.15, raw USB device access was performed not with /dev/bus/usb/BBB/DDD device nodes, but with /proc/bus/usb/BBB/DDD pseudofiles. Some applications (e.g., VMware Workstation) still use only this deprecated technique and can’t use the new device nodes. For them to work, use the “usb” group, but remember that members will have unrestricted access to all USB devices. To create the fstab entry for the obsolete usbfs filesystem:
usbfs /proc/bus/usb usbfs devgid=14,devmode=0660 0 0
Note
Adding users to the “usb” group is inherently insecure, as they can bypass access restrictions imposed through the driver-specific USB device nodes. For instance, they can read sensitive data from USB hard drives without being in the “disk” group. Avoid adding users to this group, if you can.
Udev Device Attributes
Fine-tuning of device attributes such as group name and permissions is possible by creating extra udev rules, matching on something like this. The vendor and product can be found by searching the /sys/devices directory entries or using udevadm info after the device has been attached. See the documentation in the current udev directory of /usr/share/doc for details.
SUBSYSTEM=="usb_device", SYSFS{idVendor}=="05d8", SYSFS{idProduct}=="4002", \
GROUP:="scanner", MODE:="0660"
Note
The above line is used for descriptive purposes only. The scanner udev rules are put into place when installing SANE-1.0.32.
Devices for DVD Drives
If the initial boot process does not set up the /dev/dvd device properly, it can be installed using the following modification to the default udev rules. As the root user, run:
sed '1d;/SYMLINK.*cdrom/ a\
KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100"' \
/lib/udev/rules.d/60-cdrom_id.rules > /etc/udev/rules.d/60-cdrom_id.rules
3.5 Configuring for Adding Users
Together, the /usr/sbin/useradd command and /etc/skel directory (both are easy to set up and use) provide a way to assure new users are added to your LFS system with the same beginning settings for things such as the PATH, keyboard processing and other environmental variables. Using these two facilities makes it easier to assure this initial state for each new user added to the system.
The /etc/skel directory holds copies of various initialization and other files that may be copied to the new user’s home directory when the /usr/sbin/useradd program adds the new user.
Useradd
The useradd program uses a collection of default values kept in /etc/default/useradd. This file is created in a base LFS installation by the Shadow package. If it has been removed or renamed, the useradd program uses some internal defaults. You can see the default values by running /usr/sbin/useradd -D.
To change these values, simply modify the /etc/default/useradd file as the root user. An alternative to directly modifying the file is to run useradd as the root user while supplying the desired modifications on the command line. Information on how to do this can be found in the useradd man page.
/etc/skel
To get started, create an /etc/skel directory and make sure it is writable only by the system administrator, usually root. Creating the directory as root is the best way to go.
The mode of any files from this part of the book that you put in /etc/skel should be writable only by the owner. Also, since there is no telling what kind of sensitive information a user may eventually place in their copy of these files, you should make them unreadable by “group” and “other”.
You can also put other files in /etc/skel and different permissions may be needed for them.
Decide which initialization files should be provided in every (or most) new user’s home directory. The decisions you make will affect what you do in the next two sections, The Bash Shell Startup Files and The vimrc Files. Some or all of those files will be useful for root, any already-existing users, and new users.
The files from those sections that you might want to place in /etc/skel include .inputrc, .bash_profile, .bashrc, .bash_logout, .dircolors, and .vimrc. If you are unsure which of these should be placed there, just continue to the following sections, read each section and any references provided, and then make your decision.
You will run a slightly modified set of commands for files which are placed in /etc/skel. Each section will remind you of this. In brief, the book’s commands have been written for files not added to /etc/skel and instead just sends the results to the user’s home directory. If the file is going to be in /etc/skel, change the book’s command(s) to send output there instead and then just copy the file from /etc/skel to the appropriate directories, like /etc, ~ or the home directory of any other user already in the system.
When Adding a User
When adding a new user with useradd, use the -m parameter, which tells useradd to create the user’s home directory and copy files from /etc/skel (can be overridden) to the new user’s home directory. For example (perform as the root user):
useradd -m <newuser>
If you are sharing a /home or /usr/src with another Linux distro (for example, the host distro used for building LFS), you can create a user with the same UID (and, same primary group GID) to keep the file ownership consistent across the systems. First, on the other distro, get the UID of the user and the GID of the user’s primary group:
getent passwd <username> | cut -d ':' -f 3,4
The command should output the UID and GID, separated by a colon. Now on the BLFS system, create the primary group and the user:
groupadd -g <GID> <username> &&
useradd -u <UID> -g <username> <username>
3.6 About System Users and Groups
Throughout BLFS, many packages install programs that run as daemons or in some way should have a user or group name assigned. Generally these names are used to map a user ID (uid) or group ID (gid) for system use. Generally the specific uid or gid numbers used by these applications are not significant. The exception of course, is that root has a uid and gid of 0 (zero) that is indeed special. The uid values are stored in /etc/passwd and the gid values are found in /etc/group.
Customarily, Unix systems classify users and groups into two categories: system users and regular users. The system users and groups are given low numbers and regular users and groups have numeric values greater than all the system values. The cutoff for these numbers is found in two parameters in the /etc/login.defs configuration file. The default UID_MIN value is 1000 and the default GID_MIN value is 1000. If a specific uid or gid value is not specified when creating a user with useradd or a group with groupadd the values assigned will always be above these cutoff values.
Additionally, the Linux Standard Base recommends that system uid and gid values should be below 100.
Below is a table of suggested uid/gid values used in BLFS beyond those defined in a base LFS installation. These can be changed as desired, but provide a suggested set of consistent values.
Table 3.1. UID/GID Suggested Values
| Name | uid | gid |
|---|---|---|
| bin | 1 | |
| lp | 9 | |
| adm | 16 | |
| atd | 17 | 17 |
| messagebus | 18 | 18 |
| lpadmin | 19 | |
| named | 20 | 20 |
| gdm | 21 | 21 |
| fcron | 22 | 22 |
| systemd-journal | 23 | 23 |
| apache | 25 | 25 |
| smmsp | 26 | 26 |
| polkitd | 27 | 27 |
| rpc | 28 | 28 |
| exim | 31 | 31 |
| postfix | 32 | 32 |
| postdrop | 33 | |
| sendmail | 34 | |
| 34 | ||
| vmailman | 35 | 35 |
| news | 36 | 36 |
| kdm | 37 | 37 |
| fetchmail | 38 | |
| mysql | 40 | 40 |
| postgres | 41 | 41 |
| dovecot | 42 | 42 |
| dovenull | 43 | 43 |
| ftp | 45 | 45 |
| proftpd | 46 | 46 |
| vsftpd | 47 | 47 |
| rsyncd | 48 | 48 |
| sshd | 50 | 50 |
| stunnel | 51 | 51 |
| dhcpcd | 52 | 52 |
| svn | 56 | 56 |
| svntest | 57 | |
| git | 58 | 58 |
| games | 60 | 60 |
| kvm | 61 | |
| wireshark | 62 | |
| lightdm | 63 | 63 |
| sddm | 64 | 64 |
| lightdm | 65 | 65 |
| scanner | 70 | |
| colord | 71 | 71 |
| systemd-journal-gateway | 73 | 73 |
| systemd-journal-remote | 74 | 74 |
| systemd-journal-upload | 75 | 75 |
| systemd-network | 76 | 76 |
| systemd-resolve | 77 | 77 |
| systemd-timesync | 78 | 78 |
| systemd-coredump | 79 | 79 |
| uuidd | 80 | 80 |
| systemd-oom | 81 | 81 |
| ldap | 83 | 83 |
| avahi | 84 | 84 |
| avahi-autoipd | 85 | 85 |
| netdev | 86 | |
| ntp | 87 | 87 |
| unbound | 88 | 88 |
| plugdev | 90 | |
| wheel | 97 | |
| anonymous | 98 | |
| nobody | 65534 | |
| nogroup | 65534 |
3.7 The Bash Shell Startup Files
The shell program /bin/bash (hereafter referred to as just “the shell”) uses a collection of startup files to help create an environment. Each file has a specific use and may affect login and interactive environments differently. The files in the /etc directory generally provide global settings. If an equivalent file exists in your home directory it may override the global settings.
An interactive login shell is started after a successful login, using /bin/login, by reading the /etc/passwd file. This shell invocation normally reads /etc/profile and its private equivalent ~/.bash_profile (or ~/.profile if called as /bin/sh) upon startup.
An interactive non-login shell is normally started at the command-line using a shell program (e.g., [prompt]$/bin/bash) or by the /bin/su command. An interactive non-login shell is also started with a terminal program such as xterm or konsole from within a graphical environment. This type of shell invocation normally copies the parent environment and then reads the user’s ~/.bashrc file for additional startup configuration instructions.
A non-interactive shell is usually present when a shell script is running. It is non-interactive because it is processing a script and not waiting for user input between commands. For these shell invocations, only the environment inherited from the parent shell is used.
The file ~/.bash_logout is not used for an invocation of the shell. It is read and executed when a user exits from an interactive login shell.
Many distributions use /etc/bashrc for system wide initialization of non-login shells. This file is usually called from the user’s ~/.bashrc file and is not built directly into bash itself. This convention is followed in this section.
For more information see info bash – Nodes: Bash Startup Files and Interactive Shells.
Note
Most of the instructions below are used to create files located in the /etc directory structure which requires you to execute the commands as the root user. If you elect to create the files in user’s home directories instead, you should run the commands as an unprivileged user.
User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/bash-shell-startup-files
/etc/profile
Here is a base /etc/profile. This file starts by setting up some helper functions and some basic parameters. It specifies some bash history parameters and, for security purposes, disables keeping a permanent history file for the root user. It also sets a default user prompt. It then calls small, single purpose scripts in the /etc/profile.d directory to provide most of the initialization.
For more information on the escape sequences you can use for your prompt (i.e., the PS1 environment variable) see info bash – Node: Printing a Prompt.
cat > /etc/profile << "EOF"
# Begin /etc/profile
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# modifications by Dagmar d'Surreal <rivyqntzne@pbzpnfg.arg>
# System wide environment variables and startup programs.
# System wide aliases and functions should go in /etc/bashrc. Personal
# environment variables and startup programs should go into
# ~/.bash_profile. Personal aliases and functions should go into
# ~/.bashrc.
# Functions to help us manage paths. Second argument is the name of the
# path variable to be modified (default: PATH)
pathremove () {
local IFS=':'
local NEWPATH
local DIR
local PATHVARIABLE=${2:-PATH}
for DIR in ${!PATHVARIABLE} ; do
if [ "$DIR" != "$1" ] ; then
NEWPATH=${NEWPATH:+$NEWPATH:}$DIR
fi
done
export $PATHVARIABLE="$NEWPATH"
}
pathprepend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="$1${!PATHVARIABLE:+:${!PATHVARIABLE}}"
}
pathappend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="${!PATHVARIABLE:+${!PATHVARIABLE}:}$1"
}
export -f pathremove pathprepend pathappend
# Set the initial path
export PATH=/usr/bin
# Attempt to provide backward compatibility with LFS earlier than 11
if [ ! -L /bin ]; then
pathappend /bin
fi
if [ $EUID -eq 0 ] ; then
pathappend /usr/sbin
if [ ! -L /sbin ]; then
pathappend /sbin
fi
unset HISTFILE
fi
# Set up some environment variables.
export HISTSIZE=1000
export HISTIGNORE="&:[bf]g:exit"
# Set some defaults for graphical systems
export XDG_DATA_DIRS=${XDG_DATA_DIRS:-/usr/share/}
export XDG_CONFIG_DIRS=${XDG_CONFIG_DIRS:-/etc/xdg/}
export XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR:-/tmp/xdg-$USER}
# Set up a red prompt for root and a green one for users.
NORMAL="\[\e[0m\]"
RED="\[\e[1;31m\]"
GREEN="\[\e[1;32m\]"
if [[ $EUID == 0 ]] ; then
PS1="$RED\u [ $NORMAL\w$RED ]# $NORMAL"
else
PS1="$GREEN\u [ $NORMAL\w$GREEN ]\$ $NORMAL"
fi
for script in /etc/profile.d/*.sh ; do
if [ -r $script ] ; then
. $script
fi
done
unset script RED GREEN NORMAL
# End /etc/profile
EOF
The /etc/profile.d Directory
Now create the /etc/profile.d directory, where the individual initialization scripts are placed:
install --directory --mode=0755 --owner=root --group=root /etc/profile.d
/etc/profile.d/bash_completion.sh
Note
Using the bash completion script below is controversial. Not all users like it. It adds many (usually over 1000) lines to the bash environment and makes it difficult to use the ‘set’ command to examine simple environment variables. Omitting this script does not interfere with the ability of bash to use the tab key for file name completion.
This script imports bash completion scripts, installed by many other BLFS packages, to allow TAB command line completion.
cat > /etc/profile.d/bash_completion.sh << "EOF"
# Begin /etc/profile.d/bash_completion.sh
# Import bash completion scripts
# If the bash-completion package is installed, use its configuration instead
if [ -f /usr/share/bash-completion/bash_completion ]; then
# Check for interactive bash and that we haven't already been sourced.
if [ -n "${BASH_VERSION-}" -a -n "${PS1-}" -a -z "${BASH_COMPLETION_VERSINFO-}" ]; then
# Check for recent enough version of bash.
if [ ${BASH_VERSINFO[0]} -gt 4 ] || \
[ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then
[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] && \
. "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
if shopt -q progcomp && [ -r /usr/share/bash-completion/bash_completion ]; then
# Source completion code.
. /usr/share/bash-completion/bash_completion
fi
fi
fi
else
# bash-completions are not installed, use only bash completion directory
if shopt -q progcomp; then
for script in /etc/bash_completion.d/* ; do
if [ -r $script ] ; then
. $script
fi
done
fi
fi
# End /etc/profile.d/bash_completion.sh
EOF
Make sure that the directory exists:
install --directory --mode=0755 --owner=root --group=root /etc/bash_completion.d
For a more complete installation, see https://wiki.linuxfromscratch.org/blfs/wiki/bash-shell-startup-files#bash-completions.
/etc/profile.d/dircolors.sh
This script uses the ~/.dircolors and /etc/dircolors files to control the colors of file names in a directory listing. They control colorized output of things like ls –color. The explanation of how to initialize these files is at the end of this section.
cat > /etc/profile.d/dircolors.sh << "EOF"
# Setup for /bin/ls and /bin/grep to support color, the alias is in /etc/bashrc.
if [ -f "/etc/dircolors" ] ; then
eval $(dircolors -b /etc/dircolors)
fi
if [ -f "$HOME/.dircolors" ] ; then
eval $(dircolors -b $HOME/.dircolors)
fi
alias ls='ls --color=auto'
alias grep='grep --color=auto'
EOF
/etc/profile.d/extrapaths.sh
This script adds some useful paths to the PATH and can be used to customize other PATH related environment variables (e.g. LD_LIBRARY_PATH, etc) that may be needed for all users.
cat > /etc/profile.d/extrapaths.sh << "EOF"
if [ -d /usr/local/lib/pkgconfig ] ; then
pathappend /usr/local/lib/pkgconfig PKG_CONFIG_PATH
fi
if [ -d /usr/local/bin ]; then
pathprepend /usr/local/bin
fi
if [ -d /usr/local/sbin -a $EUID -eq 0 ]; then
pathprepend /usr/local/sbin
fi
if [ -d /usr/local/share ]; then
pathprepend /usr/local/share XDG_DATA_DIRS
fi
# Set some defaults before other applications add to these paths.
pathappend /usr/share/man MANPATH
pathappend /usr/share/info INFOPATH
EOF
/etc/profile.d/readline.sh
This script sets up the default inputrc configuration file. If the user does not have individual settings, it uses the global file.
cat > /etc/profile.d/readline.sh << "EOF"
# Set up the INPUTRC environment variable.
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ] ; then
INPUTRC=/etc/inputrc
fi
export INPUTRC
EOF
/etc/profile.d/umask.sh
Setting the umask value is important for security. Here the default group write permissions are turned off for system users and when the user name and group name are not the same.
cat > /etc/profile.d/umask.sh << "EOF"
# By default, the umask should be set.
if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then
umask 002
else
umask 022
fi
EOF
/etc/profile.d/i18n.sh
This script sets an environment variable necessary for native language support. A full discussion on determining this variable can be found on the LFS Bash Shell Startup Files page.
cat > /etc/profile.d/i18n.sh << "EOF"
# Set up i18n variables
. /etc/locale.conf
export LANG
EOF
Other Initialization Values
Other initialization can easily be added to the profile by adding additional scripts to the /etc/profile.d directory.
/etc/bashrc
Here is a base /etc/bashrc. Comments in the file should explain everything you need.
cat > /etc/bashrc << "EOF"
# Begin /etc/bashrc
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# updated by Bruce Dubbs <bdubbs@linuxfromscratch.org>
# System wide aliases and functions.
# System wide environment variables and startup programs should go into
# /etc/profile. Personal environment variables and startup programs
# should go into ~/.bash_profile. Personal aliases and functions should
# go into ~/.bashrc
# Provides colored /bin/ls and /bin/grep commands. Used in conjunction
# with code in /etc/profile.
alias ls='ls --color=auto'
alias grep='grep --color=auto'
# Provides prompt for non-login shells, specifically shells started
# in the X environment. [Review the LFS archive thread titled
# PS1 Environment Variable for a great case study behind this script
# addendum.]
NORMAL="\[\e[0m\]"
RED="\[\e[1;31m\]"
GREEN="\[\e[1;32m\]"
if [[ $EUID == 0 ]] ; then
PS1="$RED\u [ $NORMAL\w$RED ]# $NORMAL"
else
PS1="$GREEN\u [ $NORMAL\w$GREEN ]\$ $NORMAL"
fi
unset RED GREEN NORMAL
# End /etc/bashrc
~/.bash_profile
Here is a base ~/.bash_profile. If you want each new user to have this file automatically, just change the output of the command to /etc/skel/.bash_profile and check the permissions after the command is run. You can then copy /etc/skel/.bash_profile to the home directories of already existing users, including root, and set the owner and group appropriately.
cat > ~/.bash_profile << "EOF"
# Begin ~/.bash_profile
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# updated by Bruce Dubbs <bdubbs@linuxfromscratch.org>
# Personal environment variables and startup programs.
# Personal aliases and functions should go in ~/.bashrc. System wide
# environment variables and startup programs are in /etc/profile.
# System wide aliases and functions are in /etc/bashrc.
if [ -f "$HOME/.bashrc" ] ; then
source $HOME/.bashrc
fi
if [ -d "$HOME/bin" ] ; then
pathprepend $HOME/bin
fi
# Having . in the PATH is dangerous
#if [ $EUID -gt 99 ]; then
# pathappend .
#fi
# End ~/.bash_profile
EOF
~/.profile
Here is a base ~/.profile. The comments and instructions for using /etc/skel for .bash_profile above also apply here. Only the target file names are different.
cat > ~/.profile << "EOF"
# Begin ~/.profile
# Personal environment variables and startup programs.
if [ -d "$HOME/bin" ] ; then
pathprepend $HOME/bin
fi
# Set up user specific i18n variables
#export LANG=<ll>_<CC>.<charmap><@modifiers>
# End ~/.profile
EOF
~/.bashrc
Here is a base ~/.bashrc.
cat > ~/.bashrc << "EOF"
# Begin ~/.bashrc
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# Personal aliases and functions.
# Personal environment variables and startup programs should go in
# ~/.bash_profile. System wide environment variables and startup
# programs are in /etc/profile. System wide aliases and functions are
# in /etc/bashrc.
if [ -f "/etc/bashrc" ] ; then
source /etc/bashrc
fi
# Set up user specific i18n variables
#export LANG=<ll>_<CC>.<charmap><@modifiers>
# End ~/.bashrc
EOF
~/.bash_logout
This is an empty ~/.bash_logout that can be used as a template. You will notice that the base ~/.bash_logout does not include a clear command. This is because the clear is handled in the /etc/issue file.
cat > ~/.bash_logout << "EOF"
# Begin ~/.bash_logout
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# Personal items to perform on logout.
# End ~/.bash_logout
EOF
/etc/dircolors
If you want to use the dircolors capability, then run the following command. The /etc/skel setup steps shown above also can be used here to provide a ~/.dircolors file when a new user is set up. As before, just change the output file name on the following command and assure the permissions, owner, and group are correct on the files created and/or copied.
dircolors -p > /etc/dircolors
If you wish to customize the colors used for different file types, you can edit the /etc/dircolors file. The instructions for setting the colors are embedded in the file.
Finally, Ian Macdonald has written an excellent collection of tips and tricks to enhance your shell environment. You can read it online at https://www.caliban.org/bash/index.shtml.
3.8 The /etc/vimrc and ~/.vimrc Files
The LFS book installs Vim as its text editor. At this point it should be noted that there are a lot of different editing applications out there including Emacs, nano, Joe and many more. Anyone who has been around the Internet (especially usenet) for a short time will certainly have observed at least one flame war, usually involving Vim and Emacs users!
The LFS book creates a basic vimrc file. In this section you’ll find an attempt to enhance this file. At startup, vim reads the global configuration file (/etc/vimrc) as well as a user-specific file (~/.vimrc). Either or both can be tailored to suit the needs of your particular system.
Here is a slightly expanded .vimrc that you can put in ~/.vimrc to provide user specific effects. Of course, if you put it into /etc/skel/.vimrc instead, it will be made available to users you add to the system later. You can also copy the file from /etc/skel/.vimrc to the home directory of users already on the system, such as root. Be sure to set permissions, owner, and group if you do copy anything directly from /etc/skel.
" Begin .vimrc
set columns=80
set wrapmargin=8
set ruler
" End .vimrc
Note that the comment tags are “ instead of the more usual # or //. This is correct, the syntax for vimrc is slightly unusual.
Below you’ll find a quick explanation of what each of the options in this example file means here:
-
set columns=80: This simply sets the number of columns used on the screen. -
set wrapmargin=8: This is the number of characters from the right window border where wrapping starts. -
set ruler: This makes vim show the current row and column at the bottom right of the screen.
More information on the many vim options can be found by reading the help inside vim itself. Do this by typing :help in vim to get the general help, or by typing :help usr_toc.txt to view the User Manual Table of Contents.
3.9 Customizing your Logon with /etc/issue
When you first boot up your new LFS system, the logon screen will be nice and plain (as it should be in a bare-bones system). Many people however, will want their system to display some information in the logon message. This can be accomplished using the file /etc/issue.
The /etc/issue file is a plain text file which will also accept certain escape sequences (see below) in order to insert information about the system. There is also the file issue.net which can be used when logging on remotely. ssh however, will only use it if you set the option in the configuration file and will not interpret the escape sequences shown below.
One of the most common things which people want to do is clear the screen at each logon. The easiest way of doing that is to put a “clear” escape sequence into /etc/issue. A simple way of doing this is to issue the command clear > /etc/issue. This will insert the relevant escape code into the start of the /etc/issue file. Note that if you do this, when you edit the file, you should leave the characters (normally ‘^[[H^[[2J’) on the first line alone.
Note
Terminal escape sequences are special codes recognized by the terminal. The ^[ represents an ASCII ESC character. The sequence ESC [ H puts the cursor in the upper left hand corner of the screen and ESC 2 J erases the screen. For more information on terminal escape sequences see http://rtfm.etla.org/xterm/ctlseq.html
The following sequences are recognized by agetty (the program which usually parses /etc/issue). This information is from man agetty where you can find extra information about the logon process.
The issue file can contain certain character sequences to display various information. All issue sequences consist of a backslash () immediately followed by one of the letters explained below (so \d in /etc/issue would insert the current date).
b Insert the baudrate of the current line.
d Insert the current date.
s Insert the system name, the name of the operating system.
l Insert the name of the current tty line.
m Insert the architecture identifier of the machine, e.g., i686.
n Insert the nodename of the machine, also known as the hostname.
o Insert the domainname of the machine.
r Insert the release number of the kernel, e.g., 2.6.11.12.
t Insert the current time.
u Insert the number of current users logged in.
U Insert the string "1 user" or "<n> users" where <n> is the
number of current users logged in.
v Insert the version of the OS, e.g., the build-date etc.