How to configure KMail with GPG on Slackware Linux 14.1

No additional software is required on a full Slackware 14.1 install.
Slackware 14.1 ships with KDE 4.10.5.

Prerequisites

If you don’t already have a key pair (secret and public key), then your first order of business is to create one. The preferrable option is to use the CLI with the command:

gpg --gen-key

KDE provides two graphical tools for working with GPG, namely KGpg and Kleopatra.  KGpg will walk you through the initial setup using an interactive wizard and subsequently create the needed key pair and config files (do not use Kleopatra for your initial setup).
If you’re importing an existing private key then make sure to change the default trust level afterwards.

Regarding the key properties, most folks recommend the RSA/RSA algorithm and a key size of 4096 bits (if you’re really paranoid security conscious).

Enabling the GPG Agent on Slackware Linux

The gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities.

Basically the gpg-agent will take care of caching the passphrase securely between applications and thus removing the need for typing the passphrase everytime we use our key.

Enabling the gpg-agent is simple enough, edit ~/.gnupg/gpg.conf and remove the comment sign in front of the use-agent directive.

# Edit your gpg.conf
vi ~/.gnupg/gpg.conf
# Remove the comment sign in front of use-agent
use-agent

Configuring pinentry on Slackware Linux

Pinentry is a small collection of dialog programs that allow GnuPG to read passphrases and PIN numbers in a secure manner.

In short, Pinentry will pop up and ask for the passphrase when using our GPG key.

# Create gpg-agent.conf in your home path
vi ~/.gnupg/gpg-agent.conf
# Add the following directives to gpg-agent.conf
pinentry-program /usr/bin/pinentry-qt4
no-grab
default-cache-ttl 3600

As KDE is based on the Qt framework, pinentry-qt4 is a viable choice (pinentry is also available in curses, qt and gtk-2).
The default-cache-ttl directive specifies the amount of time (in seconds) in which the passphrase should be cached. The no-grab directive avoids having the pinentry dialog glued to your keyboard, which is no fun at all.

Adding startup and shutdown scripts for KDE on Slackware Linux

We need to have the gpg-agent running before KDE starts up. To achieve this, we’ll use two bash scripts that will start and subsequently kill the gpg-agent daemon.

Gpg-agent-start.sh

KDE has a feature called “Pre-KDE Startup” that let us run user defined scripts at the earliest stage. Those scripts resides in the ~/.kde/env directory. This folder is not available by default, so we’ll create it and add the gpg-agent-start.sh script.

# Create the env folder and the startup script
mkdir ~/.kde/env
vi ~/.kde/env/gpg-agent-start.sh
# Add the code below to gpg-agent-start.sh
#!/bin/sh
eval "$(gpg-agent --daemon)"
# Make the script executable
chmod +x ~/.kde/env/gpg-agent-start.sh

Gpg-agent-stop.sh

We don’t want to have multiple instances of gpg-agent running when logging in and out of sessions. KDE has a Shutdown feature for user defined scripts as well, so we’ll make another script to kill  gpg-agent when our KDE session ends. The shutdown script is to be placed in ~/.kde/shutdown/, another folder that doesn’t exist on a default installation.

# Create the shutdown folder and the shutdown script 
mkdir ~/.kde/shutdown/
vi ~/.kde/shutdown/gpg-agent-stop.sh
# Add the code below to gpg-agent-stop.sh
#!/bin/sh
if [ -n "${GPG_AGENT_INFO}" ]; then
 kill $(echo ${GPG_AGENT_INFO} | cut -d':' -f 2) >/dev/null 2>&1
fi
# Make the script executable
chmod +x ~/.kde/shutdown/gpg-agent-stop.sh

Verify that gpg-agent is running as a daemon

Log out and start a new KDE session.
Run the following code to verify that the gpg-agent is running and available:

gpg-agent status

Configuring KMail

Start KMail and select:
“Settings” => “Configure KMail” => “Manage Identities” => Modify {your identity} => “Cryptography”.

KMail - Cryptography
KMail – Cryptography

Select your key for signing and encryption, and optionally your preferred format. Save and your’e good to go.
You might also want to set signing and encrypting messages as preferred options by editing the default settings under:
“Settings” => “Configure KMail” => “Security” =>  “Composing”.

Gotchas

Don’t fiddle with the GnuPG Log Viewer .
Changing the debug level sounds like a plan during troubleshooting, but it’s not. The result will instead be a corrupted gpg.conf.
If that should be the case then just remove the lines in question, they will look similar to this:

###+++--- GPGConf ---+++###
utf8-strings
debug-level guru
Viewing a signed and decrypted message with KMail.
Viewing a signed and decrypted message with KMail.

IPredator OpenVPN Slackware Linux 14.1 setup

IPredator is a swedish VPN service offered with the stated goal of providing internet privacy.

This guide assumes a full Slackware Linux installation.
All certificates and configuration files are provided by IPredator.

Tl;dr

I’ve recorded the process and posted it at Youtube. The video shows the setup using automated scripts instead of taking the long and winding road. The video quality is unfortunately  rather horrendous: http://youtu.be/w9TVNCMIKUc
The scripts used in the video are available here:
openresolv.shipred.sh and rc.openvpn

Installing additional software

We’ll be using openresolv to avoid DNS leaks. DNS leaks happen when your DNS requests are routed through your ISP’s DNS servers, instead of those provided by the VPN provider.
Slackbuilds.org is providing a SlackBuild for openresolv here.

Download the SlackBuild but leave the source alone as it’s out of date. Extract openresolv.tar.gz and edit openresolv.SlackBuild by replacing the following line:

VERSION=${VERSION:-3.5.4} 
# with 
VERSION=${VERSION:-3.6.1 }

Download the source for openresolv 3.6.1 from this link and add it to the SlackBuild folder. Build openresolv with the command:

OPENVPN=yes ./openresolv.SlackBuild

(OPENVPN=yes tells the script to copy the update-resolv-conf file to /etc/openvpn folder during installation) Install the package with the command:

installpkg /tmp/openresolv-3.6.1-x86_64-1_SBo.tgz

Configuring OpenVPN.

You might just as well browse through the Debian guide at https://www.ipredator.se/guide/openvpn/debian/native as I’m mostly replicating those steps over here.

Head over to the IPredator site and download the IPredator-CLI-Password.conf. Edit IPredator-CLI-Password.conf and add the openresolv instructions just below the user authentication part like shown below:

# <snip>
auth-user-pass /etc/openvpn/IPredator.auth
auth-retry nointeract

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
# </snip>

Make sure the update-resolv-conf file actually resides under /etc/openvpn (remember the SlackBuild). If not then adjust accordingly.

Next, we’ll create the file containing our username and password for the service. It should only have two lines containing your username and password repectivly.

# Create the auth file
vi /etc/openvpn/IPredator.auth

# Add username and password
username
password

The last step of the configuration is moving the config files to /etc/openvpn and changing permissions.
Note that I’m renaming the IPredator-CLI-Password.conf to IPredator.conf to avoid mistaking the config file for the authentication file (it’s probably just me).

mv $HOME/Downloads/IPredator-CLI-Password.conf /etc/openvpn/IPredator.conf
mv $HOME/Downloads/IPredator.auth /etc/openvpn/IPredator.auth

chown root:root /etc/openvpn/IPredator.conf
chown root:root /etc/openvpn/IPredator.auth

chmod 400 /etc/openvpn/IPredator.conf
chmod 400 /etc/openvpn/IPredator.auth
chmod 755 /etc/openvpn/update-resolv-conf

The update-resolv-conf file will be updating /etc/resolv.conf with the correct DNS servers.

Testing the service.

Verify that the connection works as expected:

openvpn --config /etc/openvpn/IPredator.conf

Provided that everything worked as expected, we can now initiate OpenVPN from the commandline by issuing openvpn /etc/openvpn/IPredator.conf and killing it with ctrl+c. That works, but it’s neither reliable or user-friendly.
The Slackware way of controlling services is by using simple init scripts that resides in /etc/rc.d

There are a few unofficial rc.openvpn scripts available for Slackware, but they differ greatly in quality. Giancarlo Razzolini is the author of the rc.openvpn script I’ve adopted. This script had a couple of minor bugs, which is why I’ve modified it, but all credit goes to Mr. Razzolini.

Installing the rc.openvpn service script

# Create the rc.openvpn script
vi /etc/rc.d/rc.openvpn

Get the source from this link: rc.openvpn
Make the script executable with the command

chmod 755 /etc/rc.d/rc.openvpn

Usage:

/etc/rc.d/rc.openvpn start|status|stop|restart

 


Eclipse Luna 4.4 – Code Assist can’t render HTML on KDE4 Slackware Linux 14.1

Eclipse SDK
Version: Luna (4.4)
Build id: I20140606-1215
PHP Development Tools (PDT) 3.3.0.201406110111

After upgrading my workstation to Slackware 14.1 with KDE 4.10.5 as my default desktop, I was left with some issues regrading my new Eclipse Luna installation. Notably the tooltip was unreadable with its black background color, and much worse, the code assist would not render any HTML whatsoever.

Eclipse 4.4 - Code Assist unable to render HTML
Eclipse 4.4 – Code Assist unable to render HTML

Fixing the dark tooltip background:

KDE4 Application Apperance
KDE4 – Application Apperance

After searching through most of Eclipse’s menus and settings, it became evident that the easiest solution would be to change the tooltip background color by using KDE’s application appearance setting. Navigate to “System Settings” => “Application Apperance” => “Colors” => “Colors” => “Color set: Tooltip” and pick a lighter background. There might be a more sophisticated way of doing this on a per-app basis but it evaded me.

Fixing  HTML rendering for the Code Assist:

Eclipse uses SWT which is an open source widget toolkit for Java designed to provide efficient, portable access to the user-interface facilities of the operating systems on which it is implemented. Further, the SWT Browser widget is used to display HTML documents. It is designed to provide a basic and portable API sufficient for essential HTML browsing and rendering on the platforms on which it is implemented. On a Linux system, this means GTK.
Source: http://www.eclipse.org/swt/

Since I used the SlackBuilds repository to install Eclipse with all dependencies I believed I had everything covered. However, after reading this information at the aforementioned SWT FAQ, I learned that Eclipse Luna (4.4) uses GTK 3 by default. Thus I needed to configure WebKitGTK+ with GTK3. The simple solution is to pick up webkitgtk3 from the SlackBuilds repository and install it alongside or instead of  webkitgtk.

Eclipse 4.4 with webkitgtk3 rendering HTML
Eclipse 4.4 with webkitgtk3 seen rendering HTML using an internal browser

As a simple PDT user with limited understanding of the inner workings of Eclipse, I got to admit I might start looking for a more simplistic IDE.  At least I’ll be hesitant to upgrade to any new major release.