pmartycz/a-z.md

## a-z.md

      
    Raw
  

              a-z.md
            
          
    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A

abx

ABX test of audio files
abx original.wav lossy.wav
acl

Allow user access to block device
setfacl -m u:pmart:rw /dev/sdx
Set default ACL on directory allowing world write access for created objects (ignore umask)
setfacl -d -m o:rwx DIR
adb

Package android-sdk-platform-tools-common contains udev rules allowing to work with adb as regular user.
Clear log buffers (main, system, crash)
adb logcat -c
Print entries with VLC tag and minimum level of priority Error. Available levels from lowest to highest V/D/I/W/E/F/S
adb logcat -s VLC:E
Print entries with message matching Perl regex
adb logcat -e '(?i)vlc'
Print entries originating from PID
adb logcat --pid 14092
Pull SeedVault backup directory
adb pull /sdcard/.SeedVaultAndroidBackup/ SeedVaultAndroidBackup
agryll

Inspect ICC profile
iccdump profile.icm

alsa-utils

List available hardware devices/PCMs
aplay -l
aplay -L

Test speakers
speaker-test -D hw:0,1 -c 2
aplay -D sysdefault /usr/config/ppsspp/assets/sfx_confirm.wav
Store/restore volume levels in /var/lib/alsa/asound.state file
alsactl store
alsactl restore
apparmor

List loaded profiles and confined processes
aa-status
Create an ad-hoc basic profile
include <tunables/global>

profile basic {
  include <abstractions/base>
}

Load profile manually (add to /etc/apparmor.d for autoload)
apparmor_parser -r basic
Run program confined with basic profile
aa-exec -p basic <prog> <args>
appstream

Refresh component metadata cache
appstreamcli refresh-cache
Get information about a component by its ID
appstreamcli get org.kde.kwrite.desktop
apt

Add PPA
echo 'deb http://ppa.launchpad.net/krisives/applet-window-buttons/ubuntu focal main' > /etc/apt/sources.list.d/applet-window-buttons.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 79A48A5F7C81C1A2E8715D1D5CB890A3B37F5DD2
apt update
Remove PPA
rm /etc/apt/sources.list.d/applet-window-buttons.list
apt-key del 79A48A5F7C81C1A2E8715D1D5CB890A3B37F5DD2
apt update
Add GPG key
wget -qO - https://example.com/key.gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/example.gpg add -
Search patterns
man 7 apt-patterns
Purge all packages with residual config
apt purge '~c'
Put package on hold
apt-mark hold grep
Mark all libs as automatically installed
apt-mark auto '~s^libs$'
Add third-party repository
gpg --no-default-keyring --keyring /usr/share/keyrings/foo-archive-keyring.gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys <keyid>
echo 'deb [signed-by=/usr/share/keyrings/foo-archive-keyring.gpg] http://repository.foo.com stable main' > /etc/apt/sources.list.d/foo.list
/etc/apt/preferences.d/foo.pref:
Package: *
Pin: origin repository.foo.com
Pin-Priority: 100

Print URL of acquired deb
apt download -o Debug::pkgAcquire=true <package>
apt-rdepends

Show dependencies that will be installed for a package recursively
apt-rdepends --state-follow=NotInstalled --state-show=NotInstalled fdroidserver
aptitude


Pattern
Description


~i !~M !~prequired !~pimportant
manually installed non-essential packages


!~i (~prequired | ~pimportant | ~pstandard) !~ri386
missing standard priority packages


Search term reference
List upgradeable packages grouped by source package:
aptitude versions --group-by=source-package -F '%c %p %d' '~U (~V CURRENT | ~V CANDIDATE)'
asciidoctor-epub3

apt install asciidoctor ruby-nokogiri
gem install asciidoctor-epub3 --pre
Download kindlegen from Amazon.
asciidoctor-epub3 -D output -a ebook-format=kf8 -a epub3-stylesdir=$HOME/Documents/asciidoctor-epub3/styles -a ebook-extract <index.adoc>
B

baloo-kf5

Print the status of the indexer
balooctl status
Supspend/resume indexer
balooctl suspend
balooctl resume
Remove index database
balooctl purge
Show indexing information about file
balooshow -x ~/Downloads/download.pdf
bash

List key bindings for keymap (emacs, vim-command, vim-insert)
bind -p -m <keymap>
HISTSIZE, HISTFILESIZE
bchunk

Extract .iso/.wav tracks from BIN/CUE image
bchunk -w image.bin image.cue image
bind9-host

Lookup domain name foobar by querying server at 192.168.1.1
host -v foobar 192.168.1.1
brave-browser

curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc | apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-release.gpg add -
echo 'deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main' > /etc/apt/sources.list.d/brave-browser-release.list
bsdmainutils

Dump in canonical format (hexdump -C or hd)
$ printf SLUS-00152 | hexdump -C
00000000  53 4c 55 53 2d 30 30 31  35 32                    |SLUS-00152|
0000000a

Dump in plain hexadecimal format
$ printf SLUS-00152 | hexdump -v -e '/1 "%X"'; echo
534C55532D3030313532

Send a message to other user on the system
$ write <user>
Hello, world!
^D

C

ca-certificates

Install local root CA certificate
install my.crt /usr/local/share/ca-certificates
update-ca-certificates
ccd2cue

Installation
curl -O https://ftp.gnu.org/gnu/ccd2cue/ccd2cue-0.5.tar.gz
./configure
make
install src/ccd2cue /usr/local/bin
Usage
for f in *.ccd; ccd2cue -o (basename $f .ccd).cue $f || break; end
chromium

Password generation requires sync
Ubuntu


Use snap or VAAPI capable version from PPA
For snap run ./widevine-for-chromium-snap

If snap interfaces get disconnected after system upgrade run
snap disable chromium
snap enable chromium
snap connect chromium:password-manager-service
clamav

Disable automatic database updates
systemctl disable clamav-freshclam.service
Scan a file
clamscan ~/Downloads/mp3tagv303setup.exe
command-not-found

Has problem with more restrictive 0007 umask. Add to /etc/apt/apt.conf.d/50command-not-found
chmod o+r /var/lib/command-not-found/commands.db*
coreboot

git clone --depth=1 https://review.coreboot.org/coreboot
ifdtool

cd coreboot/util/ifdtool
make
Print information about Intel firmware
ifdtool -d firmware.bin
intelmetool

cd coreboot/util/intelmetool
make
Check Intel ME status
intelmetool -m
Check Intel Boot Guard status
intelmetool -b
coreutils

Overwrite and remove file
shred -vu -n 1 archive.tar.gz
Overwrite block device with zeros
shred -vz -n 0 /dev/sdX
Read random byte from block device at regular intervals
set device /dev/sdx
set max (math (blockdev --getsize64 $device) - 1)
while :
    dd if=$device of=/dev/null bs=1 count=1 skip=(random 0 $max) status=none
    sleep 180
end
Format numbers in human-readable form
numfmt --to=iec 2048
ls -l | numfmt --header --field 5 --to=iec
cron

Jobs in /etc/cron.* not available as systemd timers: aptitude dpkg bsdmainutils
cryptsetup-bin

Show info about LUKS volume
cryptsetup luksDump DEVICE
Backup LUKS header to file
cryptsetup luksHeaderBackup DEVICE --header-backup-file <file>
Convert LUKS1 volume to LUKS2. It is reccommended to create backup of LUKS header before attempting conversion.
cryptsetup convert DEVICE --type luks2
Change label of LUKS2 volume
cryptsetup config DEVICE --label <label>
TRIM support for SSD
Disable workqueue for increased SSD performance
cryptsetup-initramfs

Unlocking scripts lack i18n (Please unlock disk XXX)
curl

Download using proxy
curl --proxy socks5://127.0.0.1:1234 http://httpbin.org/ip

D

dash

Generate byte sequence
printf "$(printf '\\%o' $(seq 0 127))"
ddccontrol

Probe I2C devices to find monitor buses
ddccontrol -p
Power on/off monitor
dccontrol dev:/dev/i2c-6 -r 0xd6 -w 1
dccontrol dev:/dev/i2c-6 -r 0xd6 -w 5
deadbeef-static

Run deadbeef under firejail
cd /opt/deadbeef/bin
mv deadbeef{,.real}
./deadbeef:
#!/bin/sh 

exec firejail --profile=/etc/firejail/deadbeef.profile /opt/deadbeef/bin/deadbeef.real
chmod 755 ./deadbeef
ln -s /opt/deadbeef/bin/deadbeef /usr/local/bin

debian-installer

Debian Installation Guide

Debian Installer internals
Debian testing images:

debian-installer page
weekly installer builds
daily installer builds (version of the installer that will install testing but uses the latest d-i build from the porters for each architecture)
weekly live builds

Download and verify image
wget https://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/{debian-testing-amd64-netinst.iso,SHA512SUMS{,.sign}}
gpg --keyserver keyring.debian.org --recv-keys F41D30342F3546695F65C66942468F4009EA8AC3
gpg --verify SHA512SUMS{.sign,}
sha512sum -c --ignore-missing SHA512SUMS
Boot/preseed parameters (change at runtime or edit /boot/grub/grub.cfg on installation media)


Name
Shorthand
Value


debconf/priority
priority
critical/high/medium/low 
 medium offers more control over installation


base-installer/install-recommends
recommends
true/false


base-installer/includes


base-installer/excludes

cron 
 ifupdown 
 isc-dhcp-client 
 isc-dhcp-common 
 nano 
 rsyslog 
 tasksel-data


base-installer/debootstrap_variant

Use minbase to install only required packages


debian-installer/language
language
en


debian-installer/country
country
PL


debian-installer/locale
locale
C


keyboard-configuration/xkb-keymap
keymap
pl


Use Alt+Fx to switch VTs (1: menu, 2-3: shell, 4: syslog)
Load additional d-i components (udebs)
anna-install fdisk-udeb cryptsetup-udeb
After partitioning to continue installation without having /boot on unencrypted partition (#849400) switch to console and remove the check at the end of
/lib/partman/check.d/07crypto_check_mountpoints
file (after Is there a /boot partition for encrypted root? comment)
nano /lib/partman/check.d/07crypto_check_mountpoints
Manually install some of the standard and optional packages
apt-install bash-completion ca-certificates dbus file libpam-systemd man-db manpages wget
apt-install aptitude firmware-iwlwifi intel-microcode kbd
apt-install --with-recommends iwd # wireless-regdb
Install bootloader manually (encrypted root on /dev/sda2)
in-target cat & # Setup /target for chroot
chroot /target bash
SYSTEMD_RELAX_ESP_CHECKS=1 bootctl install # Don't check for GPT: https://github.com/systemd/systemd/issues/1125
install -d -m 700 "/boot/efi/$(cat /etc/machine-id)"
echo 'root=/dev/mapper/sda2_crypt quiet' > /etc/kernel/cmdline
kernel-install -v add 5.10.0-6 /vmlinuz /initrd.img # Adjust version
exit # Exit chroot
kill %1 # Cleanup /target (should remove policy-rc.d file)
debootstrap

Setup minimal Debian bullseye system (use --include/--exclude to adjust installed packages)
debootstrap --verbose --variant minbase --include iproute2 ./bullseye-chroot http://deb.debian.org/debian
Variants:

minbase: required packages + apt
default: required and important packages + apt

Run without root privileges (requires fakechroot and fakeroot packages)
fakechroot fakeroot sh -x /usr/sbin/debootstrap --verbose --variant=fakechroot ...
devscripts

Check available package versions
rmadison syncthing
Create package to satisfy build-dependencies
printf '%s: %s\n' Source intelemetool Build-Depends 'libpci-dev, zlib1g-dev' > intelemetool.control
mk-build-deps intelmetool.control
dict

Show server info
dict -I
Install server and databases for local access
apt install dictd dict-{foldoc,freedict-{eng-pol,pol-eng,pol-rus},gcide,jargon,vera,wn}
diffutils

Compare contents of two directories
diff -q --ignore-file-name-case dir1/ dir2/
Check if file is zero-filled
cmp file /dev/zero
dosfstools

Create a FAT32 filesystem with label MYVOLUME (up to 11 characters)
mkdosfs -v -F 32 -n MYVOLUME /dev/sdX
dpkg

update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
List packages with specified format
dpkg-query -Wf '${Priority;9} ${binary:Package;20} ${Version;10} ${Architecture;5} ${binary:Summary}\n'
dpkg-dev

Local backport of fscrypt package
sudo apt install {debian,ubuntu}-keyring
dget 'https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/fscrypt/0.2.9-1/fscrypt_0.2.9-1.dsc'
cd fscrypt-0.2.9/
dch -l '~local' 'Mark as local'
mk-build-deps
sudo apt install fscrypt-build-deps_0.2.9-1~local_all.deb
dpkg-buildpackage -b
SimpleBackportCreation

CreatePackageFromPPA

BuildingFormalBackports
dvdbackup

Print information about DVD-Video
dvdbackup -I -i /path/to/dvd
Backup main title
dvdbackup -F -n name -i /path/to/dvd
E

e2fsprogs

Display information about filesystem
dumpe2fs -h DEVICE
Create ext4 filesystem suitable for long-term storage of large files. Alternatively specify bytes-per-inode with -i or set number of inodes directly with -N. Set journal size with -J size=<megs> option.
mkfs.ext4 -v -T largefile4 -m 0 DEVICE
Change filesystem UUID to random one
tune2fs -U random DEVICE
Check fragmentation of extent based files on ext4 filesystem
e4defrag -c /mnt/point 
Search for encrypted files
lsattr -Ra <dir> 2> /dev/null | grep -E '^.{9}E'
ecm-tools

Build and install
git clone https://github.com/alucryd/ecm-tools.git
make
make DESTDIR=out install
Decode to BIN format
for f in *.bin.ecm; ecm2bin "$f"; end
efibootmgr

List boot entries
efibootmgr --verbose
Create boot entry
efibootmgr --verbose --create --disk /dev/sdX --part Y --loader '\EFI\systemd\systemd-bootx64.efi' --label 'Linux Boot Manager'
Delete boot entry
efibootmgr -b 0005 -B
efitools

Read values of EFI secure variables
efi-readvar
Backup EFI secure variable
efi-readvar -v PK -o PK.esl
epub-utils

Show information about EPUB document
einfo ~/Downloads/book.epub
epubcheck

Validate EPUB file
epubcheck ~/Downloads/book.epub
equivs

Create package with dependencies
cd /tmp
equivs-control whdd-control
editor whdd-control
eqivs-build whdd-control
sudo apt install whdd-deps_1.0_all.deb
exfat-utils

mkexfatfs -n <label> /dev/sdd2
exiftran

Automatically rotate images based on Exif orientation tag
exiftran -a -i *.jpg
Dump exiv data
exiftran -d image.jpg
exiv2

Remove image metadata
exiv2 rm foo.jpg
F

fdroidserver

git clone --depth 1 https://gitlab.com/pmartycz/fdroiddata
cp /usr/share/doc/fdroidserver/examples/config.py fdroiddata
Edit config.py
sdk_path = "/home/pmart/Android"
gradle = "gradle"

Build app
fdroid build -l -v -W warn com.zeapo.pwdstore
Create key and sign
fdroid update --create-key -W ignore
fdroid publish -W ignore com.zeapo.pwdstore
ffmpeg

Convert Blu-ray playlist to Matroska:

copy video stream
downmix first audio stream to stereo and encode with Opus
copy two subtitle streams
add language tag for audio and subtitle streams

ffmpeg -playlist 348 -i bluray:BLADE_RUNNER_2049_EUR_BLUEBIRD -map 0:v -map 0:a:0 -metadata:s:a:0 language=eng -map 0:s:#4609 -metadata:s:s:0 language=eng -map 0:s:#4623 -metadata:s:s:1 language=rus -c copy -ac 2 -c:a libopus -b:a 128k blade-runner-2049.mkv
Check files video codec
for f in *.mp4; printf %s "$f: "; ffprobe -v error -select_streams v:0 -show_entries stream=codec_name -of default=noprint_wrappers=1:nokey=1 -- "$f"; end
Grab top of the screen
ffmpeg -f x11grab -video_size 1600x400 -framerate 59.98 -i $DISPLAY screen.webm
Create slow motion effect (x2)
ffmpeg -i input.mkv -filter:v 'minterpolate=fps=48000/1001:mi_mode=mci:mc_mode=aobmc:me_mode=bidir:vsbmc=1,setpts=2*PTS' -c:v ffv1 -r 24000/1001 -an out.mkv
Create video loop by reversing and concatenating with original (different ways)
ffmpeg -i file.mkv -filter_complex "reverse[r]; [0:v][r]concat" -c ffv1 loop.mkv
ffmpeg -i file.mkv -filter_complex "select='gt(n,0)',reverse,select='gt(n,0)'[r]; [0:v][r]concat" -c ffv1 loop.mkv
ffmpeg -i file.mkv -filter_complex "reverse,tpad=start=1:stop=1:start_mode=clone:stop_mode=clone[r]; [0:v][r]concat" -c ffv1 loop.mkv
Reorder streams and change default audio stream disposition
ffmpeg -i input.mkv -c copy -map v -map a:1 -map a:0 -disposition:a:0 default -disposition:a:1 0 out.mkv
Analyze volume
ffmpeg -i file.wav -af volumedetect -vn -dn -sn -f null /dev/null
Increase volume of more silent audio sections
ffmpeg -i input.wav -af dynaudnorm=m=100 out.wav
Create a music WebM. b:v needs to be set along with crf and specifies maximum bitrate.
ffmpeg -i Cyprian_Kamil_Norwid_foto.jpg -i 02-aerumnarum-plenus.flac -c:v libvpx -crf 10 -b:v 2M -c:a libvorbis -q:a 5 -t 3:00 aerumnarum-plenus.webm
Compress LPCM track with FLAC
ffmpeg -i lpcm.mkv -compression_level 12 lpcm.flac
Burn picture-based subtitles into video
ffmpeg -i input.mkv -filter_complex "[0:v][0:s]overlay[v]" -map "[v]" -map 0:a <output options> output.mkv
findimagedupes

findimagedupes --recurse --prune --fingerprints fingerprints --threshold 85% --program $(which feh) .
findutils

Print files with sizes
find -type f -exec du --apparent-size -h {} +
firefox

about:config tweaks


Name
Value
Comment


identity.fxaccounts.enabled
false
Disable Sync


extensions.pocket.enabled
false
Disable Pocket


layers.acceleration.force-enabled
true
Enable OpenGL compositor


gfx.webrender.all
true
Enable WebRender compositor


media.ffmpeg.vaapi.enabled
true
Enable VA-API


mousewheel.default.delta_multiplier_y
200
Increase scroll wheel sensitivity


image.http.accept
*/*
Do not advertise WebP support in Accept header


Environment variables


Name
Value
Comment


MOZ_LOG
PlatformDecoderModule:5
Log VA-API information


MOZ_X11_EGL
1
Needed for VA-API under Xorg


Setting up certificates
firejail

Run program without WAN/Internet access. For non-root this requires disabling restricted-network setting in /etc/firejail/firejail.config
firejail --noprofile --net=eth0 --netfilter=only-local.net PROGRAM
where only-local.net contains following netfilter configuration
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

# Accept loopback
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# Keep State for already stablished traffic
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow LAN
-A INPUT -s 192.168.1.0/24 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -j ACCEPT

COMMIT

Restrict users who are allowed to run firejail by listing them in /etc/firejail/firejail.users file
fish

Set as login shell
chsh -s /usr/bin/fish xubuntu
Disable prompt
set -U fish_greeting
Change umask for interactive shell

~/.config/fish/config.fish
if status --is-interactive
    umask 022
end
flac

List contents of metadata blocks of type VORBIS_COMMENT and PICTURE
metaflac --list --block-type=VORBIS_COMMENT,PICTURE audio.flac
fscrypt

Setup encryption
tune2fs -O encrypt /dev/sda2
fscrypt setup
fscrypt setup /
jq '.options.policy_version = "2"' < /etc/fscrypt.conf > /etc/fscrypt.conf.tmp && mv /etc/fscrypt.conf{.tmp,}
Create user with encrypted home directory
adduser foo
mv /home/foo{,.old}
mkdir /home/foo
fscrypt encrypt /home/foo --user=foo
cp -aT /home/foo.old /home/foo
rm -rf /home/foo.old
fscrypt lock /home/foo --user=foo
Increase priority of fscrypt PAM profile in /usr/share/pam-configs so that
its module loads before systemd one
editor /usr/share/pam-configs/fscrypt
pam-auth-update
Remove unused policy
mkdir test-fscrypt
fscrypt encrypt test-fscrypt
fscrypt status test-fscrypt
rmdir test-fscrypt
fscrypt metadata destroy --policy=/:f563fb488794fe85302878cec58e73e1
G

gajim

Optional dependencies: gir1.2-gsound-1.0 (sounds)

Useful plugins: gajim-omemo, gajim-urlimagepreview
gdb

Install debugging symbols for package foo
apt install ubuntu-dbgsym-keyring
/etc/apt/sources.list.d/ddebs.list:
deb http://ddebs.ubuntu.com focal main restricted universe multiverse

apt update && apt install foo-dbgsym
geary

Requires org.freedesktop.secrets service provider in order to start (i.e. gnome-keyring)
gimp

Disable global menu
env UBUNTU_MENUPROXY= gimp

git

Create dotfiles repo
git init --bare ~/.dotfiles
alias dotfiles='git --git-dir="$HOME/.dotfiles" --work-tree="$HOME"'
dotfiles config status.showUntrackedFiles no

Cleanup unnecessary files and optimize the local repository
git gc --prune=now

Count unpacked number of objects and their disk consumption
git count-objects -vH

Verifies the connectivity and validity of the objects in the database
git fsck

Prune all unreachable objects from the object database
git prune -v

Restore deleted file: first search for commit id with deletion then restore from its parent
git log -n 1 -- file.txt
git restore --source <id>^ file.txt

GK6X

To build and run with Mono install mono-complete package
xbuild GK6X.sln

Cleanup
xbuild /target:clean

Run
cd Build
mono ./GK6X.exe

head /sys/class/hidraw/hidraw?/device/uevent
setfacl -m u:pmart:rw /dev/hidraw{4,5,6}

gpac

MP4Box -splits 8192 <file>

gpg

List keys
gpg --list-keys
gpg -k

List secret keys
gpg --list-secret-keys
gpg -K

Import key
gpg --import public.asc

Import key from keyserver
gpg --keyserver keyring.debian.org --recv-keys 'F41D30342F3546695F65C66942468F4009EA8AC3'

Verify signature
gpg --verify twrp-3.5.0_9-0-dipper.img.asc twrp-3.5.0_9-0-dipper.img

Export encryption subkey to password-protected file
$ gpg --list-secret-keys --with-subkey-fingerprint
/home/pmart/.gnupg/pubring.kbx
------------------------------
sec   ed25519 2020-04-15 [SC] [expires: 2021-04-15]
      0299FB2433E2E333B77DA58FD3A55548FACF8DDE
uid           [ultimate] pmart
ssb   cv25519 2020-04-15 [E] [expires: 2021-04-15]
      CC7F2A9640625059632031F2B5B6FFB5A6326A93
$ gpg --armor --gen-random 1 20
o9kMBpIvzy3e9OQFUbhpKlDk9vE=
$ gpg --armor --export-secret-subkeys CC7F2A9640625059632031F2B5B6FFB5A6326A93! | GPG_TTY=(tty) gpg --armor --symmetric --output mykey.asc

Renew key
$ gpg --list-keys
$ gpg --edit-key KEYID
gpg> expire
gpg> key 1
gpg> expire
...
gpg> save

gpg-agent

Relax password TTL in ~/.gnupg/gpg-agent.conf
default-cache-ttl 14400
max-cache-ttl 86400

gradle

Install upstream distributed version
cd /opt
unzip ~pmart/Downloads/gradle-6.3-bin.zip
ln -s gradle-6.3 gradle
ln -s /opt/gradle/bin/gradle /usr/local/bin/gradle

graphicsmagick

Resize image to fit into 1080 box (only shrink larger images)
gm convert -resize '1080x1080>' original.png small.png

Draw some text
gm convert -size 400x100 xc:yellow -fill black -pointsize 72 -gravity Center -draw 'text 0,0 "some text"' image.png

Package gsfonts needs to be installed or else above will result in error
gm convert: Unable to read font (/usr/share/fonts/type1/gsfonts/n019003l.pfb) [No such file or directory].

grub2-common

Install from live USB on a system with broken EFI
grub-install --target x86_64-efi --efi-directory /mnt
Install with no Secure Boot support and without changing NVRAM variables. Log verbosely to file.
grub-install --no-nvram --no-uefi-secure-boot --verbose 2> grub-install.log

gstreamer1.0-tools

Inspect GStreamer plugins/elements
gst-inspect-1.0 video4linux2

gstreamer1.0-plugins-ugly

Needed for ASF video
H

hdparm


Option
Description
Value


-B
Get/set Advanced Power Management feature
1-127 permit spindown 
 128-254 no spindown 
 255 off


-C
Check drive power mode status


-I
Show drive information


-M
Get/set  Automatic  Acoustic Management setting
0 off 
 128 quiet 
 254 fast


-S
Set standby (spindown) timeout
0 disabled 
 1-240 multiples of 5 seconds (5 seconds to 20 minutes) 
 241-251 1 to 11 units of 30 minutes (30 minutes to 5.5 hours) 
 252 21 minutes 
 253 vendor-defined timeout period between 8 and 12 hours 
 254 reserved 
 255 21 minutes plus 15 seconds


-y
Put drive in standby mode


-Y
Put drive to sleep


-z
Re-read partition table


Change default APM value (254) for second ATA disk in /etc/hdparm.conf to allow spindown and set spindown timeout to 10 minutes
/dev/disk/by-path/pci-0000:00:1f.2-ata-2 {
    apm = 127
    spindown_time = 120
}

Benchmark read performance
hdparm -Tt /dev/sdX

ATA Security

List security options
hdparm --security-help

Check if security is not frozen
hdparm -I /dev/sdX # Security: not enabled, not frozen

Set user password (use --security-prompt-for-password to prompt for password)
hdparm --user-master u --security-set-pass PasSWord /dev/sdX
hdparm -I /dev/sdX # Security: enabled

Security erase
hdparm --user-master u --security-erase PasSWord /dev/sdX

Enhanced security erase
hdparm --user-master u --security-erase-enhanced PasSWord /dev/sdX

After erase security should be automatically set to disabled
hdparm -I /dev/sdx # Security: not enabled

Implementation of Lenovo ThinkPad HDD password algorithm
I

intel-gpu-tools

Monitor GPU performance
intel_gpu_top

ipodpatcher


Download
Bootloader
Documentation

List firmware partition contents
ipodpatcher <device> -l

Install using method 3) OSOS contains only the Rockbox bootloader
ipodpatcher <device> -wf ~/Downloads/bootloader-ipodvideo.ipod

Update to new version (clean install)
wget -P ~/Downloads 'https://download.rockbox.org/release/3.15/rockbox-ipodvideo-3.15.zip' 'https://download.rockbox.org/release/3.15/rockbox-fonts-3.15.zip'
tar czf rockbox-old.tar.gz .rockbox/
rm -rf .rockbox/
unzip ~/Downloads/rockbox-\*.zip
tar xf rockbox-old.tar.gz .rockbox/apple_os.ipod

iproute2

Enable network interface
ip link set enp0s25 up

Manually add a static IP address
ip address add 192.168.1.177/24 broadcast + dev enp0s25

Set default gateway
ip route add default via 192.168.1.1 dev enp0s25

Display listening TCP/UDP sockets with processes using them
ss -lutp

iwd

Use unique MAC address per SSID
[General]
AddressRandomization=network

J

jellyfin

Install from upstream repository
curl https://repo.jellyfin.org/jellyfin_team.gpg.key | apt-key add -
echo 'deb [arch=amd64] https://repo.jellyfin.org/ubuntu/stable main' > /etc/apt/sources.list.d/jellyfin.list

Start server
jellyfin --webdir=/usr/share/jellyfin/web --ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg 


Media library content type
Type in options.xml
Additional files


Movies
Movie
movies.collection


Photos
Video
homevideos.collection


Others
Series, Season, Episode, Movie
-


joystick

Test gamepad (Joystick API)
jstest /dev/input/js0

Test force feedback (evdev API)
fftest /dev/input/by-id/usb-8Bitdo_SF30_Pro_8BitDo_SN30_Pro+_SF30_Pro-event-joystick

jq

Rename keys of objects in array
jq 'map(with_entries(.key |= if . == "a" then "id" elif . == "b" then "title" elif . == "c" then "isDone" else . end))'

K

kate

LSP plugin [1] [2]

Client configuration settings.json in Settings > Application > LSP Client > Server Configuration
Available language servers:

clangd: C/C++
javascript-typescript-langserver: JavaScript/TypeScript
bash-language-server: Bash
"bash": {
     "command": ["bash-language-server", "start"],
     "url": "https://github.com/bash-lsp/bash-language-server",
     "highlightingModeRegex": "^Bash$"
 }


More at langserver.org

Markdown

Document Preview Plugin configuration
KParts:

https://apps.kde.org/en/markdownpart
https://apps.kde.org/en/kmarkdownwebviewpart

kbd

Print scancodes or keycodes sent by the keyboard
showkey -s
showkey

Dump keyboard translation table (keymap)
dumpkeys

Swap Caps Lock with Escape (swapcapsesc.kmap)
keycode 1 = Caps_Lock
keycode 58 = Escape

Load keyboard translation table
loadkeys swapcapsesc.kmap

Show console font
showconsolefont -v

Adjust typematic delay and rate to 200 ms and 30 Hz
kbdrate -d 200 -r 30

kde-cli-tools

Restart Plasma
kquitapp5 plasmashell && kstart5 plasmashell

kdeconnect

Workaround bug with /usr/local/bin/sshfs wrapper
#!/bin/sh

exec /usr/bin/sshfs -oKexAlgorithms=+diffie-hellman-group14-sha1 "$@"

kdegraphics-thumbnailers

thumbnail.so processes do not close
kindlegen

Convert EPUB to Kindle format (MobiPocket + KF8 + source)
kindlegen ~/Downloads/book.epub -c2 -o book.mobi

Extract KF8 (.azw3) with KindleUnpack
python3 ~/src/KindleUnpack-082/lib/kindleunpack.py -s book.mobi out/

kmod

Disable UAS protocol for device
echo 'options usb-storage quirks=152d:a561:u' > /etc/modprobe.d/uas.conf
konversation

To inhibit sleep while open change launcher command to
systemd-inhibit --what=sleep --why 'Using IRC' konversation ...

Error when playing sound
[00007fe980005810] cache_read stream error: AStreamSeekStream: hard seek failed

kwin-common

Desktop Effects video previews in Ogg/MP4 format
require installing Qt 5 Multimedia plugins and GStreamer.
Required GStreamer elements:

http source is part of gstreamer1.0-plugins-good
video/ogg and video/x-theora decoders are part of gstreamer1.0-plugins-base
video/mpeg, mpegversion=(int)4 decoder is part of gstreamer1.0-libav

apt install libqt5multimedia5-plugins gstreamer1.0-plugins-good gstreamer1.0-libav
apt markauto libqt5multimedia5-plugins

L

libbluray-bin

Show Bluray disc info
bd_info <dir>

glibc

Convert file from Windows-1250 code page
iconv -f cp1250 -o instrukcja.txt instrukcja.txt

Find installed NSS modules
find /lib/x86_64-linux-gnu -name 'libnss_*' -type f

libcanberra

Install GTK+ modules to automatically hook toolkit events to sounds, PulseAudio backend and canberra-gtk-play test utility
apt install libcanberra-gtk{,3}-module libcanberra-pulse gnome-session-canberra

~/.xessionrc:
export NO_AT_BRIDGE=1
export GTK_MODULES=canberra-gtk3-module:canberra-gtk-module
dbus-update-activation-environment --verbose --systemd GTK_MODULES NO_AT_BRIDGE

libjpeg-turbo-progs

Lossless crop-and-drop
1
2
libnss-systemd

Dynamic users are currently not used for systemd-* services (#902971)
libreoffice

Additional KDE integration
apt install libreoffice-{kf5,plasma,style-breeze}

Additional GTK3 integration (Xfce)
apt install libreoffice-gtk3

libva2

For Intel Gen8+ graphics (Broadwell and newer) install both old and new drivers (non-free versions)
apt install i965-va-driver-shaders intel-media-va-driver-non-free

Select driver with environment variable (defaults to newer)
LIBVA_DRIVER_NAME=i965 vainfo
LIBVA_DRIVER_NAME=iHD vainfo

libxml2-utils

Workaround XML namespaces
xmllint --xpath '/*[local-name()="project"]/*[local-name()="version"]/text()' pom.xml

Attribute predicates
xmllint --xpath '/datafile/game[starts-with(@name, "Tomb Raider") and contains(@name, "Chronicles") and contains(@name, "USA")]' *.dat

lightdm

Display user list and enable autologin for user john in /etc/lightdm/lightdm.conf
[Seat:*]
autologin-user=john
greeter-hide-users=false

Change greeter language
systemctl edit lightdm.service

[Service]
Environment=LANG=pl_PL.utf8

lightdm-gtk-greeter

Broken language selection:

Language selection is broken (again)
Default layout no longer has "language" in indicators
Change the text "en-US.utf8" in the login screen with a real name of the languages
sets the locale to the first available one instead of keeping the system one

Workaround by setting environment variable in ~/.xsessionrc
export LANG=pl_PL.utf8
dbus-update-activation-environment --verbose --systemd LANG

Change default set of indicators and clock format. Disable user image (because it requires accountservice).
[greeter]
indicators = ~host;~spacer;~clock;~spacer;~session;~power
clock-format = %a %d %b, %H:%M
hide-user-image = true

linux

Disable Turbo Boost
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

Rebind USB
echo 0000:00:13.0 > /sys/bus/pci/drivers/ohci-pci/unbind
echo 0000:00:13.0 > /sys/bus/pci/drivers/ohci-pci/bind

Avoid flickering on boot with Intel graphics
live-boot

Create a live USB stick with persistence

Download and verify ISO image
wget https://cdimage.debian.org/cdimage/weekly-live-builds/amd64/iso-hybrid/{debian-live-testing-amd64-standard.iso,SHA512SUMS{,.sign}}
gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS
sha512sum --ignore-missing -c SHA512SUMS
Optional: allow user write access to USB stick block device (/dev/sdc)
sudo setfacl -m "u:$(id -u):rw" /dev/sdc*
Partition USB stick into two partitions
printf '%s\n' '- '(math (stat -c %s debian-live-testing-amd64-mate.iso) '* 1.01 / 1024')'K U *' '- - L -' | sfdisk --no-reread /dev/sdc
Setup live partition:

create FAT32 filesystem with label live
copy files from ISO image
add persistence parameter to grub.cfg

mkdosfs -v -F 32 -n live /dev/sdc1
mkdir /mnt/{iso,usb}
mount /dev/sdc1 /mnt/usb
mount debian-live-testing-amd64-mate.iso /mnt/iso
cp -rT /mnt/iso /mnt/usb
edit /mnt/usb/boot/grub/grub.cfg # Add 'persistence' boot parameter
umount /mnt/{iso,usb}
rmdir /mnt/{iso,usb}
Setup persistence partition:

create ext4 filesystem (without journal) with label persistence
add persistence.conf configuration file

mke2fs -v -t ext4 -O '^has_journal' -m 0 -L persistence /dev/sdc2
mount /dev/sdc2 /mnt
echo '/ union' > /mnt/persistence.conf
umount /mnt
login

Change UMASK value to 027 in /etc/login.defs
losslesscut

Use nc (normal cut) option.
lvm2

Create LUKS-on-LVM volume
lvcreate -L 20G vg0 -n lv0

Increase logical volume size
lvresize -L +60G --resizefs vg0/lv0

lsdvd

Print information about DVD-Video titles
lsdvd /path/to/dvd
lsdvd -t 6 -x /path/to/dvd

M

makemkv

Allow removable media access
snap connect makemkv:removable-media

Reinstall
snap remove --purge makemkv
snap install makemkv

mame-tools

Convert BIN/CUE images into CHD format
ext=cue for f in *.$ext; chdman createcd -i $f -o (basename $f .$ext).chd || break; echo; end

Extract BIN/CUE from CHD file
chdman extractcd -i file.chd -o file.cue

mdf2iso

Convert MDF images into BIN/CUE format
for f in *.mdf; mdf2iso --cue $f || break; end

me_cleaner

Show infromation about ME image in firmware
python me_cleaner.py -c firmware.bin

Neutralize Intel ME
python me_cleaner.py -S -O modified_firmware.bin original_firmware.bin

mencoder

Remux DVD-Video to Matroska
mencoder dvd://2/kanal -ovc copy -oac copy -o out.mkv

miniupnpc

List UPnP IGD redirections
upnpc -l

Like above but bypass discovery process by providing the XML root description url
upnpc -u http://192.168.1.1:60000/b54ecc90/gatedesc1.xml -l

Add external TCP port 4777 redirect to internal 192.168.1.10:4777
upnpc -a 192.168.1.10 4777 4777 tcp

Remove external TCP port 4777 redirect
upnpc -d 4777

minitube

Segfaults when trying to browse videos
Thread 1 "minitube" received signal SIGSEGV, Segmentation fault.
0x00007ffff65821f4 in QString::operator=(QString const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5

mkvtoolnix

When remuxing bluray it doesn't properly support seamless branching link
Remux DVD-Video to Matroska (no subpicture support)
mkvmerge -v -o out.mkv --title Kanal --chapters kanal:2 kanal/VIDEO_TS/VTS_02_1.VOB

Show information about Matroska file
mkvmerge --identify kanal.mkv
mkvinfo kanal.mkv

Add title and unset default flag for subtitle tracks
mkvpropedit --set 'title=Kanał' --edit track:s1 --set flag-default=0 --edit track:s2 --set flag-default=0 kanal.mkv

Show information about Bluray playlists
for f in ../hitchcock/rear-window/BDMV/PLAYLIST/*.mpls; mkvmerge --identify $f; echo; end

Add chapter names from text file

Extract chapters to chapters.xml file
mkvextract paths-of-glory.mkv chapters chapters.xml
Insert chapter names stored one per line in names file
#!/usr/bin/fish

# Configuration
set lang eng
set chapters_file chapters.xml
set names_file names

set i 1
set ed_args

while read name
    set el (mktemp -u ChapterDisplay.XXXXXX)
    set ed_args $ed_args \
        -s //ChapterAtom[$i] -t elem -n $el \
        -s //$el -t elem -n ChapterString -v $name \
        -s //$el -t elem -n ChapterLanguage -v $lang \
        -r //$el -v ChapterDisplay
    set i (math $i + 1)
end < $names_file

xmlstarlet --inplace ed $ed_args $chapters_file
Add modified chapters back
mkvpropedit paths-of-glory.mkv --chapters chapters-new.xml
mpv

Play multiple Blu-ray titles with
mpv bd://mpls/{338,347,102} --bluray-device /path
Play two videos stacked
mpv --external-file=bottom.mkv --lavfi-complex='[vid1] [vid2] vstack [vo]' top.mkv
Build new upstream version
apt source mpv
cd mpv-0.32.0
uscan
uupdate ../mpv_0.33.0.orig.tar.gz
cd ../mpv-0.33.0
dpkg-source --before-build # or quilt push -a
edit debian/rules
edit debian/control
dch -l '~pmart' 'Mark as local'
mk-build-deps --install --remove -s sudo debian/control
dpkg-buildpackage -T binary
sudo apt install ../mpv_0.33.0-0ubuntu1~pmart1_amd64.deb
Show properties on OSD
mpv --osd-msg1='${video-frame-info/interlaced}' interlaced.mp4
Test video tearing
mpv --no-config --video-sync=display-resample --hwdec=vaapi http://www.oc-burner.de/ftp/Videos/juddertest/juddertest_60.mp4
mount

Use a partition inside a file
# losetup --find --show --read-only --partscan EmuELEC-Amlogic-ng.arm-3.8-Generic.img
/dev/loop0
# ls /dev/loop0*
/dev/loop0  /dev/loop0p1  /dev/loop0p2
# mount /dev/loop0p1 /mnt

# umount /dev/loop0p1
# losetup --detach /dev/loop0

muon

Unnecessary dependency to software-proprties-qt in Ubuntu
N

netplan.io

Allow members of sudo group access to wpa_supplicant's socket
systemctl edit netplan-wpa-wlp3s0.service
netplan apply
[Service]
ExecStart=
ExecStart=/sbin/wpa_supplicant -c /run/netplan/wpa-wlp3s0.conf -iwlp3s0 -O 'DIR=/run/wpa_supplicant GROUP=sudo'

nftables

List tables
nft list tables
Show inet table filter chains
nft list table inet filter
Add rule to inet table filter to chain output
nft add rule inet filter output ip daddr 8.8.8.8 drop
nodejs

Install as snap
Install in /opt
cd /opt
tar --no-same-owner -xf ~pmart/Downloads/node-v12.16.1-linux-x64.tar.xz
ln -s node-v12.16.1-linux-x64 node
ln -s /opt/node/bin/{node,npm,npx} /usr/local/bin
Allow installing modules globally without root
npm config set prefix ~/.local
O

okular

Backends for additional formats support (CHM, DjVu, EPUB, Markdown, TIFF)
apt install okular-extra-backends
apt-mark auto okular-extra-backends
openssh-client

Create new key, authorise login on remote host with it, create config entry for that host
ssh-keygen -t ed25519 -f ~/.ssh/id_n5max
ssh-copy-id -i ~/.ssh/id_n5max root@192.168.1.21
~/.ssh/config:
Host n5max
    HostName 192.168.1.21
    User root
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_n5max

Find/remove entries for a hostname in known_hosts file
ssh-keygen -F 192.168.1.21
ssh-keygen -R 192.168.1.21
Fetch and store public SSH key for a host (dangerous)
ssh-keyscan -t ecdsa -H 192.168.1.21 >> ~/.ssh/known_hosts
openssl

Show information about X.509 certificate (add -inform der for DER format)
openssl x509 -noout -text -in public.crt
View content of RSA private key
openssl rsa -noout -text -in private.key
Create a self-signed X.509 certificate for subject CN = foobar containing RSA public key in public.crt PEM file valid for 1 year and corresponding RSA private key in private.key file stored without encryption
openssl req -x509 -newkey rsa:2048 -subj '/CN=foobar' -days 365 -nodes -out public.crt -keyout private.key
Store key and certificate in PKCS#12 format
openssl pkcs12 -export -inkey private.key -in public.crt -out key.pfx
Print info about PKCS#12 file
openssl pkcs12 -in key.pfx -info -noout
Test TLS client/server
openssl s_client -connect www.paypal.com:443
openssl s_server ...
Create server certificate for foobar domain


Create root CA private key and self-signed certificate
Create server private key and CSR
Create server certificate from CSR with signature from root CA

openssl req -newkey rsa:4096 -x509 -days 3650 -config ca.cnf -subj '/CN=pmart' -out root.crt -keyout root.key
openssl req -new -config ca.cnf -subj '/CN=myserver' -out myserver.csr -keyout myserver.key
openssl x509 -req -in myserver.csr -CA root.crt -CAkey root.key -CAcreateserial -days 365 -extfile ca.cnf -out myserver.crt
rm myserver.csr
Contents of ca.cnf file
extensions = server_exts

[ req ]
distinguished_name = subject
x509_extensions = root_exts

[ subject ]
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company

[ root_exts ]
basicConstraints = critical, CA:TRUE, pathlen:0
keyUsage = critical, keyCertSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

[ server_exts ]
basicConstraints = critical, CA:FALSE
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = foobar

Create a self-signed client certificate for OFTC

openssl req -nodes -subj '/CN=N\/A' -newkey rsa:2048 -keyout nick.key -x509 -days 3650 -out nick.cer
cat nick.cer nick.key > nick.pem
chmod 400 nick.pem
rm nick.cer nick.key
opus-tools

Transcode to Opus
set ext flac; for f in **.$ext; opusenc --bitrate 128 --discard-picture $f (string replace -r "\.$ext\$" .opus $f); or break; end
Decode opus to wav (without resampling back to 44100)
opusdec --rate 48000 audio.opus audio.wav
osslsigncode

Verify Microsoft Authenticode digital signature on file
osslsigncode verify ~/Downloads/mp3tagv303setup.exe
P

p7zip

Extract multiple archives (keep original files)
p7zip -d -k *.7z
or
7zr x '*.7z'
pass

Fix symlinks broken by Android app
for f in ~/.password-store/**; if [ 'text/plain' = (file -b --mime-type $f) ]; echo ln -sf -- (cat $f) $f; end; end
Generate new password (replace first line of password file)
PASSWORD_STORE_CHARACTER_SET='[:alnum:]_' pass generate -i example.com
passwd

Rename user from foo to bar and move his home directory. Additionaly rename its primary group (with the same name).
usermod --login bar --home /home/bar --move-home foo
groupmod --new-name bar foo
pbuilder

Configure pbuilder in /etc/pbuilderrc:

make build results available as dependencies for subsequent builds
enable eatmydata usage for additional performance

HOOKDIR=/etc/pbuilder/hooks
BINDMOUNTS=/var/cache/pbuilder/result
OTHERMIRROR='deb [trusted=yes] file:/var/cache/pbuilder/result ./'
EATMYDATA=yes
Create a hook script /etc/pbuilder/hooks/D70results:
#!/bin/sh
cd /var/cache/pbuilder/result
dpkg-scanpackages . > Packages
apt update
chmod +x /etc/pbuilder/hooks/D70results
touch /var/cache/pbuilder/result/Packages
Create/update chroot image base.tgz for focal release
pbuilder create --distribution focal
pbuilder update
Inspect chroot (for debugging)
pbuilder login
Download and verify dino-im source package
dget -d 'http://archive.ubuntu.com/ubuntu/pool/universe/d/dino-im/dino-im_0.2.0-3.dsc'
Build dino-im package using pbuilder
pbuilder build dino-im_0.2.0-3.dsc
Install build results
apt install /var/cache/pbuilder/result/dino-im_0.2.0-3_amd64.deb /var/cache/pbuilder/result/dino-im-common_0.2.0-3_all.deb
apt-mark auto dino-im-common
plasma-workspace

Enable global menu support for GTK apps and Intellij IDEA
apt install appmenu-gtk{2,3}-module libdbusmenu-glib4
psi

Fails to log in without libsasl-modules, yet does not depend on them
apt install libsasl2-modules
python3-minimal

Compile *.py to *.pyc (recursively)
python3 -m compileall .
python3-mutagen

List file ID3 tags
mid3v2 -l fonoteka-1/01-profesjonalizm.mp3
R

read-edid

Get monitor EDID from i2c bus 6 (Also available from xrandr --verbose)
get-edid -b 6 | parse-edid
readline

Configuration in ~/.inputrc (or /etc/inputrc).
Run bind -f ~/.inputrc or type ^X ^R to reload.
set completion-ignore-case on
#set show-all-if-unmodified on
set show-all-if-ambiguous on

set editing-mode vi
set show-mode-in-prompt on
$if term=linux
	set vi-ins-mode-string \1\e[?0c\2
	set vi-cmd-mode-string \1\e[?8c\2
$else
	set vi-ins-mode-string \1\e[6 q\2
	set vi-cmd-mode-string \1\e[2 q\2
$endif

"\C-x\C-r": re-read-init-file

redshift


Create ~/.config/redshift/redshift.conf
cp /usr/share/applications/redshift.desktop ~/.config/autostart
sed -i /^Terminal=/d  ~/.config/autostart/redshift.desktop
systemctl --user --now enable redshift.service

rename

Lowercase, replace spaces with dashes
rename -v 'y/A-Z/a-z/; s/ /-/g' *.mp3
retroarch

Search database
libretrodb_tool ~/.config/retroarch/database/rdb/Sony\ -\ PlayStation.rdb find '{"name": glob("Tomb Raider Chronicles *USA*")}'
libretrodb_tool ~/.config/retroarch/database/rdb/Atari\ -\ 2600.rdb find '{"crc": b"42AD47BF"}'
rsync

Copy roms to TV box
rsync -rlt --progress --delete --filter={'P */','P gamelist.xml','P *.srm','P *.state'} -n ~/roms n5max:
Option summary
--verbose, -v            increase verbosity
--checksum, -c           skip based on checksum, not mod-time & size
--archive, -a            archive mode is -rlptgoD (no -A,-X,-U,-N,-H)
--recursive, -r          recurse into directories
--update, -u             skip files that are newer on the receiver
--dirs, -d               transfer directories without recursing
--links, -l              copy symlinks as symlinks
--perms, -p              preserve permissions
--owner, -o              preserve owner (super-user only)
--group, -g              preserve group
-D                       same as --devices --specials
--times, -t              preserve modification times
--preallocate           allocate dest files before writing them
--dry-run, -n            perform a trial run with no changes made
--existing               skip creating new files on receiver
--ignore-existing        skip updating files that exist on receiver
--delete                 delete extraneous files from dest dirs
--partial                keep partially transferred files
--ignore-times, -I       don't skip files that match size and time
--size-only              skip files that match in size
--compress, -z           compress file data during the transfer
--progress               show progress during transfer
-P                       same as --partial --progress

S

sbsigntool

Enroll Secure Boot keys in firmware
mkdir -p /etc/secureboot/keys/{db,dbx,KEK,PK}
# Copy .auth files into directories
sbkeysync --verbose --pk --dry-run # Previev changes
sbkeysync --verbose
sbkeysync --verbose --pk
List/verify image signatures
sbverify --list linux.efi
sbverify --cert db.crt linux.efi
sddm

Install with Breeze theme
apt install sddm sddm-theme-breeze
Switch user without session lock
busctl call org.freedesktop.DisplayManager /org/freedesktop/DisplayManager/Seat0 org.freedesktop.DisplayManager.Seat SwitchToGreeter
Unable to run Xorg as non-root (Fixed after 0.19 release)
sed

Add PREGAP to each track in cuesheet
sed -i '/INDEX 01/i \ \ \ \ PREGAP 00:02:00' album.cue
sg3-utils

Detect eSATA drive on sd 3:0:0:0
rescan-scsi-bus.sh -a --hosts=3 --channels=0 --ids=0 --luns=0
shntool

Split album by cuesheet to Vorbis files (requires flac for decoding and vorbis-tools for encoding)
shnsplit -f album.cue -o 'cust ext=ogg oggenc -q 5 -o %f -' -t '%n. %t' album.flac
cuetag album.cue *.ogg
Split album by cuesheet to Opus files (requires mac for decoding and opus-tools for encoding)
shnsplit -f album.cue -o 'cust ext=opus opusenc --bitrate 128 - %f' -t '%n. %t' album.ape
sicherboot

First switch Secure Boot into Setup Mode. Then generate keys and copy them to ESP for enrollment with KeyTool.
sicherboot setup
Make sure KeyTool is lauched on next boot
bootctl set-oneshot <uuid>-keytool.conf
smartmontools

Print a large amount of SMART information for drive /dev/sda.
smartctl -a /dev/sda
Begin an extended self-test of drive /dev/sdc. You can issue this command on a running system.  The results can be seen in the self-test log visible with the '-l selftest' option after it has completed.
smartctl -t long /dev/sdc
snapd

For live installation add apparmor_parser /var/lib/snapd/apparmor/profiles to /etc/rc.local
Inspect confinement of snap
snap run --shell <name>
sox

Generate audio spectrogram
sox file.mp3 -n spectrogram -o spectrogram.png
spotify-adblock-linux

Installation
git clone https://github.com/abba23/spotify-adblock-linux.git
cd spotify-adblock-linux
wget -O cef.tar.bz2 http://opensource.spotify.com/cefbuilds/cef_binary_80.0.8%2Bgf96cd1d%2Bchromium-80.0.3987.132_linux64_minimal.tar.bz2
tar -xf cef.tar.bz2 --wildcards '*/include' --strip-components=1
make
cp spotify-adblock.so /usr/local/lib/
Usage
env LD_PRELOAD=/usr/local/lib/spotify-adblock.so spotify
systemd

Set hostname
hostnamectl set-hostname foobar
Set timezone
timedatectl set-timezone Europe/Warsaw
Inhibit sleep while downloading
systemd-inhibit --what=sleep wget <url>
Run command without Internet access (doesn't work with user units #12327)
systemd-run -p IPAddressDeny=any -p IPAddressAllow=localhost -p IPAddressAllow=192.168.1.0/24 <cmd>
Make bootctl accept ESP on MBR (/usr/local/bin/bootctl)
#!/bin/sh

SYSTEMD_RELAX_ESP_CHECKS=1 /usr/bin/bootctl "$@" 
systemd-networkd

Enable DHCPv4 on enp0s25 interface (/etc/systemd/network/20-enp0s25.network)
[Match]
Name=enp0s25

[Network]
DHCP=ipv4

Enable DHCP with privacy options for all wireless interfaces when connecting to SSID foobar
[Match]
Type=wlan
SSID=foobar

[Network]
DHCP=ipv4

[DHCPv4]
Anonymize=true

networkctl

List links
networkctl
networkctl list
Show general status or infromation about specified links
networkctl status
networkctl status 1
Bring devices up/down
networkctl up|down <device>
Reload .network and .netdev files
networkctl reload
T

tcpdump

Show TCP packets on port (including headers)
tcpdump -i lo -X tcp port 3321
tcpflow

Show flow of data on TCP port
tcpflow -i lo -c tcp port 3321 or tcp portrange 5000-5003
thunderbird

Creating date and time format requires Thunderbird 91 or higher

LC_TIME problems
tidy

Correct and cleanup HTML/XML document
tidy -i file.xml > clean.xml
thinkfan

systemctl edit thinkfan.service
[Service]
ExecStartPre=/usr/local/sbin/update-thinkfan-conf

tmux

Run a stress test with monitoring
apt install linux-tools-generic lm-sensors
tmux new-session fish \; \
split-window -h watch -xtn 1 cpupower -c all frequency-info --freq --human \; \
split-window -v -p 66 watch -xt sensors \; \
select-pane -t 0
torbrowser-launcher

Symlink ~/.gnupg directory for Browserpass extension
ln -s ~/.gnupg ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser
tracepath-utils

Trace path to network host discovering MTU along this path
tracepath wikipedia.pl
U

udev


cp /usr/lib/udev/rules.d/60-cdrom_id.rules /etc/udev/rules.d/
remove RUN+="cdrom_id --eject-media $devnode" from rule in the copied file

udisks2

Allow certain LVM volumes to be mounted by user

SUBSYSTEM=="block", KERNEL=="dm-[0-9]*", ENV{ID_FS_UUID}=="e3f91257-7e81-419d-bbdd-8e0862ff9085|49792991-f58d-4bdf-b17e-e4288b0fe756", ENV{UDISKS_SYSTEM}="0"

But this results in udiskd checking for org.freedesktop.udisks2.filesystem-mount-other-seat
Create /etc/polkit-1/localauthority/50-local.d/10-udisks.pkla instead
[Allow user mounting]
Identity=unix-group:users
Action=org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system
ResultActive=yes

Mount file

$ udisksctl loop-setup -f foo.iso
Mapped file foo.iso as /dev/loop15.
$ udisksctl mount -b /dev/loop15
Mounted /dev/loop15 at /media/user/FOO.

$ udisksctl unmount -b /dev/loop15 
Unmounted /dev/loop15.
$ udisksctl loop-delete -b /dev/loop15

ungoogled-chromium

echo 'deb http://download.opensuse.org/repositories/home:/ungoogled_chromium/Ubuntu_Focal/ /' > /etc/apt/sources.list.d/ungoogled-chromium.list
curl -s 'https://download.opensuse.org/repositories/home:/ungoogled_chromium/Ubuntu_Focal/Release.key' | apt-key add -
apt update
apt install ungoogled-chromium
unrar

Unrar multiple files
unrar x '*.rar'
unzip

Unzip multiple files
unzip '*.zip'
usbutils

Reset USB device (by product and vendor id, by bus and device number, by product name)
usbreset 21b4:0083
usbreset 001/029
usbreset 'AudioQuest DragonFly Black v1.5'
util-linux

Verify TRIM support: DISC-GRAN (discard granularity) and DISC-MAX (discard max bytes) columns
lsblk --discard
Discard all blocks on device
blkdiscard /dev/sdX
V

vim

Use vim.tiny as regular vim
ln -s /usr/bin/vim.tiny /usr/local/bin/vim
Configuration (~/.vimrc or /etc/vim/vimrc.local). vim-tiny requires commenting out vimrc.local existance check in /etc/vim/vimrc (no scripting support)
set softtabstop=4 shiftwidth=4 expandtab autoindent

Increase verbosity (check which configuration files are sourced)
vim -V
vorbis-tools

oggenc -q 5 *.wav
Encode in parallel
find -name '*.flac' -print0 | xargs -0 -P 4 -n 5 oggenc -q 5 --quiet
vsftpd

Doesn't work with certificate generated by ssl-cert package. Instead generate new one
openssl req -x509 -nodes -out /etc/ssl/certs/vsftpd.pem -keyout /etc/ssl/private/vsftpd.key -days 3650 -newkey rsa:2048
Run server as non-root

Add config file ~/.config/vsftpd/conf
run_as_launching_user=YES
listen=YES
listen_address=127.0.0.1
listen_port=3321
pasv_min_port=5000
pasv_max_port=5003
anonymous_enable=YES
anon_root=/home
anon_world_readable_only=NO
secure_email_list_enable=YES
email_password_file=/home/<user>/.config/vsftpd/email_passwords
use_localtime=YES
log_ftp_protocol=YES

Generate email password for anonymous user
pwgen 16 > ~/.config/vsftpd/email_passwords
Run server
vsftpd -oxferlog_enable=YES -ovsftpd_log_file=(tty) ~/.config/vsftpd/conf
Add client credentials to ~/.netrc
machine localhost login ftp password ahke5Ba8caer3eux

Test connection
pftp -v localhost 3321
W

wavpack

Encode audio into WavPack files
wavpack -x3 *.wav
wget

Download file in background (continue)
wget -bc --content-disposition http://example.com
wine

Install stable version of Wine on amd64
dpkg --add-architecture i386
apt update
apt install wine wine32
apt-mark auto wine32
wpasupplicant

Disable DBus enabled service when using Netplan
systemctl disable --now wpa_supplicant.service
Tray icon
wpa_gui -t -m 10
X

x11-xserver-utils

Show current settings
xset q
Switch to DPMS state (standby, suspend, off)
xset dpms force MODE
Inactivity period for before the three modes are activated
xset dpms 600 900 1200
Create and use custom modeline
cvt 2560 1440 72
xrandr --newmode "2560x1440_72.00_rb"  291.75  2560 2608 2640 2720  1440 1443 1448 1490  +HSync -Vsync
xrandr --addmode DP-1 2560x1440_72.00_rb
xrandr --output DP-1 --above LVDS-1 --mode 2560x1440_72.00_rb
xdg-mime

Check default application associatied with MIME type
xdg-mime query default application/pdf
Set default application (~/.config/mimeapps.list)
xdg-mime default org.kde.okular.desktop application/pdf
xdg-mime default org.kde.gwenview.desktop image/jpeg image/png
Symlink legacy default applications file to simplify maintenance
ln -s ~/.config/mimeapps.list ~/.local/share/applications/mimeapps.list
#888094
xfce4

Xubuntu theme (uses Noto Sans Regular 9 for GTK and Noto Sans Bold 9 for window titles)
apt install greybird-gtk-theme elementary-xfce-icon-theme fonts-noto-core
xfce4-panel

Thunar's file copy dialog uses systray plugin
xfce4-power-manager

Suspend fails (requests authentication in order to suspend)
xfce4-screensaver

Not part of bullseye release
xfwm4

Fix screen tearing
xmlstarlet

Delete elements matching XPath expression
xml ed -d "/xml/table/rec[@id='2']" xml/table.xml
xserver-xorg

Install with libinput for input and modesetting for video using Mesa for hardware acceleration. On Debian package insists on having xorg-video-driver (#813964) so install a dummy one.
apt install xserver-xorg xserver-xorg-input-libinput xserver-xorg-video-dummy libgl1-mesa-dri
xserver-xorg-core

Install server with libinput input driver
apt install xserver-xorg-core xserver-xorg-input-libinput
Calculate VESA CVT modeline
cvt -v 2560 1440 75
cvt -v -r 1920 1080
In case of ERROR: Multiple of 60Hz refresh rate required for  reduced blanking error use other implementation 1
2
Enable tap to click in /etc/X11/xorg.conf.d/libinput.conf
Section "InputClass"
    Identifier "libinput touchpad"
    MatchDriver "libinput"
    MatchIsTouchpad "on"
    Option "Tapping" "on"
EndSection

Y

youtube-dl

pip3 install -U youtube-dl
Download audio playlist in Opus format (to get additional metadata from title add --metadata-from-title '%(artist)s - %(title)s')
youtube-dl -x -o '%(playlist)s/%(playlist_index)s. %(title)s-%(id)s.%(ext)s' -f 'bestaudio[acodec=opus]' --add-metadata 'https://youtube.com/watch?v=ZNdbmQP82E4&list=OLAK5uy_nHz-GyXaPVbf6elpOMYgWbq_U-tyfpVJA'
Z

zip

Archive current directory to ../out.zip file
zip -r ../out .
Create an EPUB file. mimetype must be first file in the archive.
zip -rX ../my.epub mimetype META-INF/ EPUB/

  
## apt.conf
APT::Install-Recommends "false";
APT::AutoRemove::RecommendsImportant "true";
APT::AutoRemove::SuggestsImportant "false";

## redshift.conf
; Global settings
[redshift]
temp-day=5700
temp-night=3500
location-provider=manual

; The location provider and adjustment method settings
; are in their own sections.
[manual]
lat=52.24
lon=21.08

## update-thinkfan-conf
#!/bin/sh -eu

set -- acpitz coretemp

temp=$(mktemp thinkfan.conf.XXXXXXXXXX)
trap 'rm -f -- "$temp"' EXIT

sed '/^hwmon /d' /etc/thinkfan.conf > "$temp"

names=$(printf '%s\n' "$@")
for hwmon in /sys/class/hwmon/hwmon*; do
    grep -qxF -- "$names" "$hwmon/name" || continue
    printf 'hwmon %s\n' "$hwmon"/temp?_input >> "$temp"
done

mv -- "$temp" /etc/thinkfan.conf

## widevine-for-chromium-snap
#!/bin/bash

# Chromium root directory
root="$HOME"/snap/chromium/current

# Create a temporary directory
tmpdir=$(mktemp -d)

# Download Chrome
echo "Downloading Chrome package..."
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -qO "$tmpdir"/chrome.deb

# Extract the archive
mkdir "$tmpdir"/chrome
echo "Extracting Chrome package..."
dpkg-deb -R "$tmpdir"/chrome.deb "$tmpdir"/chrome

# Copy the Widevine directory tree to the proper location
if [ ! -d "$root"/.local/lib ]; then
  mkdir -p "$root"/.local/lib
fi
if [ -d "$root"/.local/lib/WidevineCdm ]; then
  rm -R "$root"/.local/lib/WidevineCdm
fi
echo "Copying Widevine directory..."
cp -R "$tmpdir"/chrome/opt/google/chrome/WidevineCdm "$root"/.local/lib/

# Clean up
echo "Cleaning up..."
rm -R "$tmpdir"
echo "Please restart Chromium."

exit 0
Pattern	Description
`~i !~M !~prequired !~pimportant`	manually installed non-essential packages
`!~i (~prequired \| ~pimportant \| ~pstandard) !~ri386`	missing standard priority packages
Name	Shorthand	Value
debconf/priority	priority	critical/high/medium/low `medium` offers more control over installation
base-installer/install-recommends	recommends	true/false
base-installer/includes
base-installer/excludes		`cron` `ifupdown` `isc-dhcp-client` `isc-dhcp-common` `nano` `rsyslog` `tasksel-data`
base-installer/debootstrap_variant		Use `minbase` to install only required packages
debian-installer/language	language	`en`
debian-installer/country	country	`PL`
debian-installer/locale	locale	`C`
keyboard-configuration/xkb-keymap	keymap	`pl`
Name	Value	Comment
identity.fxaccounts.enabled	false	Disable Sync
extensions.pocket.enabled	false	Disable Pocket
layers.acceleration.force-enabled	true	Enable OpenGL compositor
gfx.webrender.all	true	Enable WebRender compositor
media.ffmpeg.vaapi.enabled	true	Enable VA-API
mousewheel.default.delta_multiplier_y	200	Increase scroll wheel sensitivity
image.http.accept	/	Do not advertise WebP support in Accept header
Name	Value	Comment
MOZ_LOG	PlatformDecoderModule:5	Log VA-API information
MOZ_X11_EGL	1	Needed for VA-API under Xorg
Option	Description	Value
-B	Get/set Advanced Power Management feature	`1`-`127` permit spindown `128`-`254` no spindown `255` off
-C	Check drive power mode status
-I	Show drive information
-M	Get/set Automatic Acoustic Management setting	`0` off `128` quiet `254` fast
-S	Set standby (spindown) timeout	`0` disabled `1`-`240` multiples of 5 seconds (5 seconds to 20 minutes) `241`-`251` 1 to 11 units of 30 minutes (30 minutes to 5.5 hours) `252` 21 minutes `253` vendor-defined timeout period between 8 and 12 hours `254` reserved `255` 21 minutes plus 15 seconds
-y	Put drive in standby mode
-Y	Put drive to sleep
-z	Re-read partition table
Media library content type	Type in options.xml	Additional files
Movies	Movie	movies.collection
Photos	Video	homevideos.collection
Others	Series, Season, Episode, Movie	-
	APT::Install-Recommends "false";
	APT::AutoRemove::RecommendsImportant "true";
	APT::AutoRemove::SuggestsImportant "false";
	; Global settings
	[redshift]
	temp-day=5700
	temp-night=3500
	location-provider=manual

	; The location provider and adjustment method settings
	; are in their own sections.
	[manual]
	lat=52.24
	lon=21.08
	#!/bin/sh -eu

	set -- acpitz coretemp

	temp=$(mktemp thinkfan.conf.XXXXXXXXXX)
	trap 'rm -f -- "$temp"' EXIT

	sed '/^hwmon /d' /etc/thinkfan.conf > "$temp"

	names=$(printf '%s\n' "$@")
	for hwmon in /sys/class/hwmon/hwmon*; do
	grep -qxF -- "$names" "$hwmon/name" \|\| continue
	printf 'hwmon %s\n' "$hwmon"/temp?_input >> "$temp"
	done

	mv -- "$temp" /etc/thinkfan.conf
	#!/bin/bash

	# Chromium root directory
	root="$HOME"/snap/chromium/current

	# Create a temporary directory
	tmpdir=$(mktemp -d)

	# Download Chrome
	echo "Downloading Chrome package..."
	wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -qO "$tmpdir"/chrome.deb

	# Extract the archive
	mkdir "$tmpdir"/chrome
	echo "Extracting Chrome package..."
	dpkg-deb -R "$tmpdir"/chrome.deb "$tmpdir"/chrome

	# Copy the Widevine directory tree to the proper location
	if [ ! -d "$root"/.local/lib ]; then
	mkdir -p "$root"/.local/lib
	fi
	if [ -d "$root"/.local/lib/WidevineCdm ]; then
	rm -R "$root"/.local/lib/WidevineCdm
	fi
	echo "Copying Widevine directory..."
	cp -R "$tmpdir"/chrome/opt/google/chrome/WidevineCdm "$root"/.local/lib/

	# Clean up
	echo "Cleaning up..."
	rm -R "$tmpdir"
	echo "Please restart Chromium."

	exit 0