Srijan Choudhary, all posts tagged: linux

2025-12-29-001

Srijan Choudhary — Mon, 29 Dec 2025 22:20:00 +0000

Faced a failing disk in my raidz2 ZFS pool today.

Recovery was pretty simple:

Asked the service provider to replace the disk

Find new disk ID etc using:

lsblk -o NAME,SIZE,MODEL,SERIAL,LABEL,FSTYPE
ls -ltrh /dev/disk/by-id/ata-*

Resilver using:
```
sudo zpool replace lake  
```
Watch status using:
```
watch zpool status -v
```

Re-silvering is still ongoing, but hopefully completes without issues. Will run a manual zpool scrub at the end to make sure everything is okay.

2025-03-24-002

Srijan Choudhary — Mon, 24 Mar 2025 20:55:00 +0000

Read Jeremy's post on quickly switching the default browser.

I had a shell script to do this as well. Doing it from Emacs makes more sense because I can have a completion UI.

So, here's my modified version for Linux:

(defun sj/default-browser (&optional name)
  "Set the default browser based on the given NAME."
  (interactive
   (list
    (completing-read
     "Browser: "
     (split-string
      (shell-command-to-string
       "find /usr/share/applications ~/.local/share/applications -name \"*.desktop\" -exec grep -l \"Categories=.*WebBrowser\" {} \\;")
      "\n" t))))
  (let ((browser-desktop (file-name-nondirectory name)))
    (shell-command (format "xdg-mime default %s text/html" browser-desktop))
    (shell-command (format "xdg-mime default %s application/xhtml+xml" browser-desktop))
    (shell-command (format "xdg-mime default %s application/x-extension-html" browser-desktop))
    (shell-command (format "xdg-settings set default-web-browser %s" browser-desktop))))

As a plus, it automatically lists the installed browsers based on .desktop files on your system.

2024-10-08-001

Srijan Choudhary — Tue, 08 Oct 2024 03:45:00 +0000

Tried using X11 on #Linux the last few days due to some issues with Zoom screensharing in Wayland with the latest pipewire, and I already miss #Wayland.

Issues I faced with X11:

Smooth scrolling broken
Apps work noticeably slower
Screen tearing
This bug in Emacs GTK build: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=67654 (To be fair, this is a GTK-specific issue, not X11 specific)

I will go back to Wayland as soon as Zoom fixes this: https://community.zoom.com/t5/Zoom-Meetings/share-screen-linux-wayland-broken/m-p/203624/highlight/true#M112235

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l5ycxn4gak27

2024-10-01-002

Srijan Choudhary — Tue, 01 Oct 2024 22:50:00 +0000

I have been using #karousel on #KDE for several weeks, and yesterday shifted to #PaperWM on #GNOME. Took some time to configure things like I wanted, but it's much smoother than karousel (and fancier).

Overall, I like the scrolling tiling pane paradigm. I realized I've been manually doing something like this using workspaces with 1-2 windows per workspace with two keybindings - one to change workspace and one to switch windows inside a workspace. So, this window management model really clicks for me.

I switched from GNOME to KDE several years ago due to getting burnt by extensions breaking too frequently, but hopefully things are better now.

Syndicated to:

https://bsky.app/profile/srijan4.bsky.social/post/3l5icw34klr2e

2024-04-29-001

Srijan Choudhary — Mon, 29 Apr 2024 03:10:00 +0000

Using sysrq on my laptop - documenting mostly for myself.

My laptop has started freezing sometimes, not sure why. Usually, I can just force power off using the power button and start it again, but it has happened twice that I had to recover the system by booting via a USB drive, chrooting, and recovering the damaged files using fsck or pacman magic.

The linux kernel has:

a ‘magical’ key combo you can hit which the kernel will respond to regardless of whatever else it is doing, unless it is completely locked up.

(More details on archwiki and kernel doc)

To enable, I did:

echo "kernel.sysrq = 244" | sudo tee /etc/sysctl.d/sysreq.conf
sudo sysctl --system

However, to trigger this on my laptop, I was not able to find the right key combination for SysRq. I was able to make it work using an external keyboard that has a PrintScreen binding on a layer, by using the following:

Press Alt and keep it pressed for the whole sequence: PrintScreen - R - E - I - S - U - B

Currently, PrintScreen on my external keyboard is bound to Caps lock long press + Up arrow.

Exploring conflicting oneshot services in systemd

Srijan Choudhary — Thu, 08 Jun 2023 19:20:00 +0000

Midjourney: two systemd services fighting over who will start first

Background

I use mbsync to sync my mailbox from my online provider (FastMail - referer link) to my local system to eventually use with mu4e (on Emacs).

For periodic sync, I have a systemd service file called mbsync.service defining a oneshot service and a timer file called mbsync.timer that runs this service periodically. I can also activate the same service using a keybinding from inside mu4e.

[Unit]
Description=Mailbox synchronization service
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/mbsync fastmail-all
ExecStartPost=bash -c "emacsclient -s srijan -n -e '(mu4e-update-index)' || mu index"

[Install]
WantedBy=default.target

mbsync.service

[Unit]
Description=Mailbox synchronization timer
BindsTo=graphical-session.target
After=graphical-session.target

[Timer]
OnBootSec=2m
OnUnitActiveSec=5m
Unit=mbsync.service

[Install]
WantedBy=graphical-session.target

mbsync.timer

Also, for instant download of new mail, I have another service called goimapnotify configured that listens for new/updated/deleted messages on the remote mailbox using IMAP IDLE, and calls the above mbsync.service when there are changes.

This has worked well for me for several years.

The Problem

I recently split my (huge) archive folder into yearly archives so that I can keep/sync only the recent years on my phone. [ Aside: yearly refile in mu4e snippet ]. This lead to an increase in the number of folders that mbsync has to sync, and this increased the time taken to sync because it syncs the folders one by one.

It does have the feature to sync a subset of folders, so I created a second systemd service called mbsync-quick.service and only synced my Inbox from this service. Then I updated the goimapnotify config to trigger this quick service instead of the full service when it detects changes.

But, this caused a problem: these two services can run at the same time, and hence can cause corruption or sync conflicts in the mail files. So, I wanted a way to make sure that these two services don't run at the same time.

Ideally, whenever any of these services are triggered and the other service is already running, then it should wait for the other service to stop before starting, essentially forming a queue.

Solution 1: Using systemd features

Systemd has a way to specify conflicts in the unit section. From the docs:

If a unit has aConflicts=setting on another unit, starting the former will stop the latter and vice versa.
[...] to ensure that the conflicting unit is stopped before the other unit is started, anAfter=orBefore=dependency must be declared.

This is different from our requirement that the conflicting service should be allowed to finish before the triggered service starts, but maybe a good enough way to at least prevent both running at the same time.

To test this, I added Conflicts= in both the services with the other service as the conflicting service, and it works. The only problem is that when a service is triggered, the other service is SIGTERMed. This itself might not cause a corruption issue, but if this happens with the mbsync-quick service, then there might be a delay getting the mail.

This is the best way I found that uses built-in systemd features without any workarounds or hacks. Other solutions below involve some workarounds.

Solution 2: Conflict + stop after sync complete

This is a variation on solution 1 - add a wrapper script to trap the SIGTERM and only exit when the sync is complete. This also worked.

But, the drawback with this method is that anyone calling stop on these services (like the system shutting down) will have to wait for this to finish (or till timeout of 90s). This can cause slowdowns in system shutdown that are hard to debug. So, I don't prefer this solution.

Solution 3: Delay start until the other service is finished

This is also a hacky solution - use ExecStartPre to check if the other service is running, and busywait for it to stop before starting ourselves.

[Unit]
Description=Mailbox synchronization service (quick)
After=network-online.target

[Service]
Type=oneshot
ExecStartPre=/bin/sh -c 'while systemctl --user is-active mbsync.service | grep -q activating; do sleep 0.5; done'
ExecStart=/usr/bin/mbsync fastmail-inbox
ExecStartPost=bash -c "emacsclient -s srijan -n -e '(mu4e-update-index)' || mu index"

mbsync-quick.service

Here, we use systemctl is-active to query the status of the other service, and wait until the other service is not in activating state anymore. The state is called activating instead of active because these are oneshot services that go from inactive to activating to inactive without ever reaching active.

To not make this an actual busywait on the CPU, I added a sleep of 0.5s.

This worked the best for my use case. When one of the services is triggered, it checks if the other service is running and waits for it to stop before running itself. It also does not have the drawback of solution 2 of trapping exits and delaying a stop command.

But, after using it for a day, I found there is a race condition (!) that can cause a deadlock between these two services and none of them are able to start.

The reason for the race condition was:

A service is marked as activating when it's ExecStartPre command starts
I added a sleep of 0.5 seconds

So, if the other service is triggered again in between those 0.5 seconds, both services will be marked as activating and they will indefinitely wait for each other to complete. This is what I get for using workarounds.

Solution 4: One-way conflict, other way delay

So, the final good-enough solution I came up with was to break this cyclic dependency by doing a hybrid of Solution 1 and Solution 3. I was okay with the mbsync.service being stopped for the (higher priority) mbsync-quick.service.

So, I added mbsync.service in Conflicts section of mbsync-quick.service, and used the ExecStartPre method in mbsync.service.

💡Let me know if you know a better way to achieve this.

References

Graphical password prompt for disk decryption on ArchLinux

Srijan Choudhary — Thu, 23 Feb 2023 17:30:00 +0000

In my last post, I described how I enabled encryption on my Linux root partition. However, during boot up, it asked the password using a plain text prompt. I was not satisfied with the design and found that there's a better way: Plymouth.

Plymouth is a package that provides a themeable graphical boot process / splash screen all the way up to the login manager. This includes a graphical password prompt as well. Here are the steps I took to set this up:

1. First, I installed plymouth-git from the AUR. ArchWiki suggests plymouth-git instead of plymouth because it is actually less likely to cause problems for most users than the stable package.

2. Next, I updated the HOOKS section in my /etc/mkinitcpio.conf to include sd-plymouth:

HOOKS=(base systemd plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

3. And regenerated the initramfs:

# mkinitcpio -P

4. Next, I added the following kernel parameters:

quiet splash

ArchWiki also suggests adding vt.global_cursor_default=0, but my experience was better without it. With this option, the cursor in TTY terminals becomes hidden, not just for the boot sequence but even later.

With the above changes, after reboot, a nice password prompt is shown with a spinner image. But, this hid the beautiful OEM ROG logo that comes first at boot up. So, here are further tweaks I did to make it look as I wanted.

5. First, I tried using the built-in BGRT theme. This is a variation of the spinner theme that keeps the OEM logo if available (BGRT stands for Boot Graphics Resource Table).

# plymouth-set-default-theme -R bgrt

This did not show the spinner, but it still hid the OEM logo when asking for decryption password. Although it did show the logo again after password was entered. So, I guessed it just needed a little customization.

6. So, I made a copy of the bgrt theme to make my customizations.

# cd /usr/share/plymouth/themes
# cp -r bgrt bgrt-custom
# cd bgrt-custom
# mv bgrt.plymouth bgrt-custom.plymouth

7. These are the changes I had to make in bgrt-custom.plymouth to make it show the prompt like I wanted:

diff --git a/../bgrt/bgrt.plymouth b/bgrt-custom.plymouth
index e8e9713..ca7a293 100644
--- a/../bgrt/bgrt.plymouth
+++ b/bgrt-custom.plymouth
@@ -30,8 +30,8 @@ Name[he]=BGRT
 Name[fa]=BGRT
 Name[fi]=BGRT
 Name[ie]=BGRT
-Name=BGRT
-Description=Jimmac's spinner theme using the ACPI BGRT graphics as background
+Name=BGRT-Custom
+Description=Customized Jimmac's spinner theme using the ACPI BGRT graphics as background
 ModuleName=two-step

 [two-step]
@@ -39,9 +39,9 @@ Font=Cantarell 12
 TitleFont=Cantarell Light 30
 ImageDir=/usr/share/plymouth/themes//spinner
 DialogHorizontalAlignment=.5
-DialogVerticalAlignment=.382
+DialogVerticalAlignment=.75
 TitleHorizontalAlignment=.5
-TitleVerticalAlignment=.382
+TitleVerticalAlignment=.75
 HorizontalAlignment=.5
 VerticalAlignment=.7
 WatermarkHorizontalAlignment=.5
@@ -52,7 +52,7 @@ BackgroundStartColor=0x000000
 BackgroundEndColor=0x000000
 ProgressBarBackgroundColor=0x606060
 ProgressBarForegroundColor=0xffffff
-DialogClearsFirmwareBackground=true
+DialogClearsFirmwareBackground=false
 MessageBelowAnimation=true

 [boot-up]

Basically, I tweaked DialogClearsFirmwareBackground, DialogVerticalAlignment, and TitleVerticalAlignment to my liking. To set this custom theme, I ran:

# plymouth-set-default-theme -R bgrt-custom

8. This looked perfect. But, I noticed that this increased by boot up time considerably. Plymouth was taking a long time before displaying the password prompt. On further digging, I found a parameter called DeviceTimeout in /etc/plymouth/plymouthd.conf with default value of 8 seconds.

According to this merge request, this was needed to keep support for certain AMD GPUs. I don't have and AMD GPU, and anyway I think Plymouth is using the EFI framebuffer for this splash screen, not the GPU. So, I reduced it to 2 seconds to make things faster.

Encrypting an existing Linux system's root partition

Srijan Choudhary — Wed, 22 Feb 2023 19:45:00 +0000

Introduction

I have an Arch Linux system with an unencrypted root partition that I wanted to encrypt. I've documented the steps I followed to achieve this here.

I selected the "LUKS on a partition" option from here. I don't have an LVM setup on this system and didn't need to encrypt the boot partition.

The first step was to have a backup so that if something failed, I could at least recover my critical files. I don't have filesystem-level backups configured, so I used kopia to back up my home folder. Details on this might be in a future blog post.

Process

1. To begin, I set up a USB flash installation medium so that I could boot into a live environment to perform the actual actions. Since I needed to encrypt the root partition, this could not be performed from inside the system running off that partition.

2. After booting into the live environment using the above USB medium, I first shrank the existing filesystem by 32MiB to make space for the LUKS encryption header, which is always stored at the beginning of the device. My filesystem size is exactly 500GiB, so I set the new size to 511968M.

# echo "Check the filesystem"
# e2fsck -f /dev/nvme0n1p7

# echo "Resize"
# resize2fs -p /dev/nvme0n1p7 511968M

3. Now, I encrypted it using the default cipher. This took 37 minutes on my 500GiB partition, which was about 55% full.

# cryptsetup reencrypt --encrypt --reduce-device-size 16M /dev/nvme0n1p7

WARNING!

========

This will overwrite data on LUKS2-temp-12345678-9012-3456-7890-123456789012.new irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for LUKS2-temp-12345678-9012-3456-7890-123456789012.new: 
Verify passphrase:

4. Next, I extended the original ext4 file system to occupy all available space again on the now encrypted partition:

# cryptsetup open /dev/nvme0n1p7 root
Enter passphrase for /dev/nvme0n1p7: 

# resize2fs /dev/mapper/root

5. Now, I mounted the filesystem and chrooted into it:

# mount /dev/mapper/root /mnt
# mount /dev/nvme0n1p1 /mnt/boot
# arch-chroot /mnt

6. Since I have a systemd-based initramfs, I added keyboard, sd-vconsole, and sd-encrypt hooks in the HOOKS section of /etc/mkinitcpio.conf:

HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

/etc/mkinitcpio.conf

7. Next, I regenerated the initramfs ( -P regenerates it for all presets ):

# mkinitcpio -P

8. Next, I configured the boot loader by adding to kernel parameters:

rd.luks.name==root root=/dev/mapper/root

I found the device UUID using: sudo blkid -s UUID -o value /dev/nvme0n1p7. Surprisingly (for me), the UUID had changed after encrypting the partition.

My final bootloader conf file looked like this:

title    Arch Linux
linux    /vmlinuz-linux
initrd   /amd-ucode.img
initrd   /initramfs-linux.img
options  rd.luks.name=1df8ea89-4274-4ef9-a670-76c13e612901=root root=/dev/mapper/root rw

/boot/loader/entries/arch.conf

9. Lastly, I updated /etc/fstab:

/dev/mapper/root  /  ext4  rw,relatime  0 1

/etc/fstab

10. All done. To test it out, I logged out of the chroot environment and rebooted the system.

It asked me for the disk encryption password. After entering the password selected in step 3, the system booted up as usual, and everything looked to be working.

Final Thoughts

This was surprisingly easy to do and did not take much time. The ArchWiki was helpful, even if the information was spread over multiple pages/sections. Taking a backup before starting also made me feel safe about the process.

I did not like the design of the decryption password prompt at bootup. Maybe there's a way to customize it to look better. Update: I found a way. Details here.

My backup strategy to USB disk using duply

Srijan Choudhary — Thu, 04 Aug 2016 17:55:00 +0000

I don't have a lot of data to backup - just my home folder (on my Archlinux laptop) which just has configuration for all the tools I'm using and my programming work.

For photos or videos taken from my phone, I use google photos for backup - which works pretty well. Even if I delete the original files from my phone, the photos app still keeps them online.

Coming back to my laptop, I'm currently using duplicity (with the duply wrapper) to backup to multiple destinations. Why multiple locations? I wanted one local copy so that I can restore fast, and at least one at a remote location so that I can still restore if the local disk fails.

For off-site, I'm using the fantastic rsync.net service. For local backups, I'm using two destinations: a USB HDD at my home, and a NFS server at my work. Depending on where I am, the backup will be done to the correct destination.

This post will deal with the backups to my local USB disk.

Here's what I've been able to achieve: the backups will run every hour as long as the USB disk is connected. If it is not connected, the backup script will not even be triggered. I did not want to see backup failures in my logs if the HDD is not connected.

I've done this using a systemd timer and service. I've defined these units in the user-level part for systemd so that root privileges are not required.

Mounting the USB Disk

To automatically mount the USB disk, I've added the following line to my /etc/fstab:

UUID=27DFA4B43C8C0635 /mnt/Ext01 ntfs-3g nosuid,nodev,nofail,auto,x-gvfs-show,permissions 0 0

Duply config for running the backup

Here's my duply config file (kept at ~/.duply/ext01/conf) (mostly self-explanatory):

TARGET='file:///mnt/Ext01/Backups/'
SOURCE='/home/srijan'
MAX_AGE=1Y
MAX_FULL_BACKUPS=15
MAX_FULLS_WITH_INCRS=2
MAX_FULLBKP_AGE=1M
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
VOLSIZE=4
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "
DUPL_PARAMS="$DUPL_PARAMS --exclude-other-filesystems "

This can be run manually using:

$ duply ext01 backup

Exclusions can be specified in the file ~/.config/ext01/exclude in a glob-like format.

Systemd Service for running the backup

Next, here's the service file (kept at ~/.config/systemd/user/duply_ext01.service):

[Unit]
Description=Run backup using duply: ext01 profile
Requires=mnt-Ext01.mount
After=mnt-Ext01.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/duply ext01 backup

The Requires option says that this unit has a dependency on the mounting of Ext01. The After option specifies the order in which these two should be started (run this service after mounting).

After this step, the service can be run manually (via systemd) using:

$ systemctl --user start duply_ext01.service

Systemd timer for triggering the backup service

Next step is triggering it automatically every hour. Here's the timer file (kept at ~/.config/systemd/user/duply_ext01.timer):

[Unit]
Description=Run backup using duply ext01 profile every hour
BindsTo=mnt-Ext01.mount
After=mnt-Ext01.mount

[Timer]
OnCalendar=hourly
AccuracySec=10m
Persistent=true

[Install]
WantedBy=mnt-Ext01.mount

Here, the BindsTo option defines a dependency similar to the Requires option above, but also declares that this unit is stopped when the mount point goes away due to any reason. This is because I don't want the trigger to fire if the HDD is not connected.

The Persistent=true option ensures that when the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. This is because I want to catch up on missed runs of the service when the disk was disconnected.

After creating this file, I ran the following to actually link this timer to mount / unmount events for the Ext01 disk:

$ systemctl --user enable duply_ext01.timer

That's it. Now, whenever I connect the USB disk to my laptop, the timer is started. This timer triggers the backup service to run every hour. Also, it takes care that if some run was missed when the disk was disconnected, then it would be triggered as soon as the disk is connected without waiting for the next hour mark. Pretty cool!

NOTES:

Changing any systemd unit file requires a systemd --user daemon-reload before systemd can recognize the changes.
The systemd documentation was very helpful.

Coming Soon

Although it would be similar, but I'll also document how to do the above with NFS or SSHFS filesystems (instead of local disks). The major difference would be handling loss of internet connectivity, timeouts, etc.

Read only root on Linux

Srijan Choudhary — Sat, 28 Feb 2015 00:00:00 +0000

In many cases, it is required to run a system in such a way that it is tolerant of uncontrolled power losses, resets, etc. After such an event occurs, it should atleast be able to boot up and connect to the network so that some action can be taken remotely.

There are a few different ways in which this could be accomplished.

Mounting the root filesystem with read-only flags

Most parts of the linux root filesystem can be mounted read-only without much problems, but there are some parts which don't play well. This debian wiki page has some information about this approach. I thought this approach would not be very stable, so did not try it out completely.

Using aufs/overlayfs

aufs is a union file system for linux systems, which enables us to mount separate filesystems as layers to form a single merged filesystem. Using aufs, we can mount the root file system as read-only, create a writable tmpfs ramdisk, and combine these so that the system thinks that the root filesystem is writable, but changes are not actually saved, and don't survive a reboot.

I found this method to be most suitable and stable for my task, and have been using this for the last 6 months. This system mounts the real filesytem at mountpoint /ro with read-only flag, creates a writable ramdisk at mountpoint /rw, and makes a union filesystem using these two at mountpoint /.

The steps I followed for my implementation are detailed below. These are just a modified version of the steps in this ubuntu wiki page. I am using Debian in my implementation.

Install debian using live cd or your preferred method.
After first boot, upgrade and configure the system as needed.
Install aufs-tools.
Add aufs to initramfs and setup this script to start at init.

# echo aufs >> /etc/initramfs-tools/modules
# wget https://cdn.rawgit.com/srijan/383a8d7af6860de6f9de/raw/ -O /etc/initramfs-tools/scripts/init-bottom/__rootaufs
# chmod 0755 /etc/initramfs-tools/scripts/init-bottom/__rootaufs

Remake the initramfs.

# update-initramfs -u

Edit grub settings in /etc/default/grub and add aufs=tmpfs to GRUB_CMDLINE_LINUX_DEFAULT, and regenerate grub.

# update-grub

Reboot

Making changes

To change something trivial (like a file edit), just remount the /ro mountpoint as read-write, edit the file, and reboot.

# mount -o remount,rw /ro

To do something more complicated (like install os packages), press e in grub menu during bootup, remove aufs=tmpfs from the kernel line, and boot using F10. The system will boot up normally once.

Another method could be to use a configuration management tool (puppet, chef, ansible, etc.) to make the required changes whenever the system comes online. The changes would be lost on reboot, but it would become much easier to manage multiple such systems.

Also, if some part of the system is required to be writable (like /var/log), that directory could be mounted separately as a read-write mountpoint.