Installing Citrix Workplace on Ubuntu Linux

Installation

$ cd Downloads
$ sudo dpkg -i Citrix-Workspace.deb

Installing a CA Certificate

The pre-installed certificates might work for you. If you get errors when trying to use Citrix, then you’ll likely need to install a CA certificate.

  • Go to the VPN website you use Citrix for.
  • Click on the lock in front of the url
  • Click on certificate (Chrome) or Connection Secure (Firefox)
  • Note the authority under Issued By (Chrome) or Verified By (Firefox)
  • For example, the certification authority might be: DigiCert TLS RSA SHA256 2020 CA1
  • Search for DigiCert TLS RSA SHA256 2020 CA1 in your favorite search engine.
  • Select the official site that allows you to download the relevant certificates.
  • Download both the PEM and the CRT files.
  • Do the following:
$ sudo cp ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.pem /opt/Citrix/ICAClient/keystore/cacerts
$ sudo chmod 644 /opt/Citrix/ICAClient/keystore/cacerts/DigiCertTLSRSASHA2562020CA1-1.pem
$ sudo /opt/Citrix/ICAClient/util/ctx_rehash

Note: The instructions on the Citrix website seem to be incorrect. It tells you to cp the pem file with a crt extention, even though every other file in the directory is a PEM file. The above copies to the default Citrix directory on Ubuntu, changes the file permissions to -rw-r–r–, and rehashes the new certificate so Citrix can use it.

X.509 Certificate for Chrome or Firefox Browsers

I’m not sure if this is strictly necessary, but it might also be helpful to import the X.509 certificate into Chrome or Firefox. For Chrome (Firefox is similar), do the following:

  • Go to the three dots (hamburger)
  • Select Chrome settings
  • Search for: certificate
  • Click on Security
  • Click on Manage Certificates
  • Click on Authorities
  • Click on Import
  • Select ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.crt
  • Select all three options.

bash: TOTP From the Terminal With oathtool

TOTP is Time-based One Time Password. Most people use applications on their phone for TOTP, such as andOTP, Google Authenticator, and related apps. But, as we move from using a phone as a second factor for what we are doing on a computer to a phone being the primary way we interact with the Internet, it makes sense to make the computer the second factor. This is the idea behind this script. It is based on analyth’s script, except I stripped out the I/O.

#!/bin/bash

# Assign variables
google=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
wordpress=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
amazon=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)

# Print variables
echo "google: ${google} | wordpress: ${wordpress} | amazon: ${amazon}"

This will print:

google: 123456 | wordpress: 123456 | amazon: 123456

However, I didn’t like the idea of my one time password codes only being protected by normal file protections on a Linux system. I thought it should be encrypted with gpg. So, I saved it to a file in my scripts directory, totp, and encrypted it with my public key. If you don’t have a gpg key pair, instructions are available online.

$ gpg -r your@email.com -e ~/pathto/totp

Then, to run the shell script, do:

$ gpg -d ~/pathto/totp.gpg 2>/dev/null | bash

This will prompt you for your gpg password and then run this script. You likely won’t want to remember this string of commands, so you could make your life easier by adding it as an alias under .bash_aliases

alias totp='gpg -d ~/pathto/totp.gpg 2>/dev/null | bash'

Mutt: Viewing Attachments / HTML via .mailcap and a Custom Fortune as a Signature in Mutt

It’s funny how small, trivial things can lead you to make radical changes in the tools you use. As regular readers of this blog know, I collect sayings that I publish every month. I then compile these sayings into a custom fortune file that displays one saying every time I login to my computer or open a new terminal window/shell process.

I recently learned that I can call this custom fortune file as a signature and have one added automatically to every email I write by adding this line to my .muttrc configuration file.

set signature="fortune /usr/share/games/fortunes/cafebedouin -s|"

This is simply calling the fortune program, specifying the location of the file and the -s flag is telling fortune to find a small quote to add. This is a completely trivial feature, but I love it. It is what provided the motivation to actually get mutt to work as my main email client.

My main problem with mutt has been that I couldn’t figure out how to get it to render HTML emails in a readable format, which makes mutt a poor choice as an everyday email client. Half of the emails I receive are in HTML format. The problem, it turns out, is that my email provider encrypts all my email, so I needed an additional line in .mailcap that processes the pgp/mime format, like so:

text/plain; cat %s; copiousoutput
text/html; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; firefox /tmp/mutt/$(basename %s) &
text/html; lynx -nonumbers -dump %s; copiousoutput; nametemplate=%s.html 
pgp/mime; lynx -dump %s; copiousoutput; nametemplate=%s.html

This points to something I didn’t understand. .mailcap is basically how you tell mutt to process email attachments, and you simply associate file types with programs on your system. There’s also default behavior, where the text/html with copiousoutput will be used when you hit enter by default and when you go to view the attachment, mutt will call the first relevant line in mailcap, as mentioned here.. The same idea applies to other file types, such as images.

image/*; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; xdg-open /tmp/mutt/$(basename %s) &

So, once the change above is made, you then need to change this line in .muttrc:

alternative_order text/html text/plain text/enriched text multipart/alternative 
auto_view text/html

# Removes temporary attachment files
folder-hook . `rm -f /tmp/mutt/*`

And now, it works beautifully. I’ve completely stopped using thunderbird, and I only use mutt. And, it has improved my email experience so much. I receive something like 50-100 emails a day, most of them newsletters or promotional material from organizations I signed up to hear more about. But, mutt makes it so easy to navigate and delete email.

Since making the transition, my inbox – which I had always relatively good control over and rarely had more than a day’s worth of email in – is down to a couple of leftover emails per day. I read what I want and delete them. I highly recommend making the transition.

bash: Cryptocurrency Prices From the Linux Terminal

#!/bin/bash
printf -v coin '%s' -1   # crypto.sh bitcoin

price() {
  # A function that pulls cryptocurrency price data from coingecko
    
  curl -X 'GET' 'https://api.coingecko.com/api/v3/simple/price?ids='"$1"'&vs_currencies=usd' \
     -H 'accept: application/json' 2> /dev/null | # sends download data to /dev/null
      
  sed  's/.*usd"://' |   # Removes everything before the price
  sed 's/..$//' |        # Removes back two }}
  sed 's/^/\$/'          # Adds dollar sign to the front, returns
}

price=$(price $1) # calls function with command line variable
bitcoin=$(price bitcoin)
ethereum=$(price ethereum)

# Checks to see if there is a command line variable and prints to console
if [[ -z $1 ]]; then
    echo "bitcoin: ${bitcoin} | ethereum: ${ethereum}"
else
    echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum}"
fi

h/t Techstructive for the basic idea. I simplified their code by cutting out the I/O and putting the coin as a variable when calling the script, e.g. crypto.sh bitcoin, and formatting it by piping it through sed. Have I mentioned how much I love sed?

Edit: Modified this on August 12, 2021 so it is now a function and prints a portfolio of coins. I track two or three, and it was getting annoying to have to do them each individually. All you need to do to modify it for the coins you are interested in is create a new function call:

cardano=$(price cardano)

Then add that to both the if and then print results.

    echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum} | cardano: ${cardano}"

bash: Number of Days Between Today and Some Future Date

#!/bin/bash                                                        
                                                                   
printf -v date '%(%Y-%m-%d)T\n' -1                                 
echo $(( ($(date -d $1 +%s) - $(date -d $date +%s)) / 86400 )) days

Above is a bash script to output the number of days between today and some future date. Copy it into a file, e.g., diffdate.sh, into a directory, e.g., ~/bin/scripts. Then, enter the directory you saved it to and type to make it executable:

$ chmod +x diffdate.sh

Then, check your .profile to make sure something like this in it:

# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then                             
  PATH="$HOME/bin:$PATH"
fi                                                                   

Then, run the script.

$ diffdate.sh 2021-06-01
70 days

I have to figure out the difference between today and some future date all the time for forecasting, and today was the day I finally bothered to figure out how to do it from the command line. I have to start thinking of ways to make shell scripts to do this little tasks that I go to the web for.

Fun With Fortune in Linux

Fortune provides a random quote or aphorism every time you open a terminal in Linux. I wanted to have a personalized fortune using zuihitsu quotes posted on this site come up whenever I opened a terminal. If you want to do something similar, here’s the procedure.

To check if you have it installed, simply type fortune into the terminal.

$ fortune 

This either returned a fortune or an error message. If you got an error message, then install fortune using the package manager for your system.

$ sudo apt install fortune-mod

Let’s create our own file of fortunes. I want to use my zuihitsu quotes I have posted on this site. This file is a text file that looks like so:

%
quote 1
%
quote 2
%
quote ...

There is a copy of the file available online.

If you have just a file with lines of quotes, this is easy to get into this format using emacs. Simply type: M-%, followed by c-q c-j Enter then c-q c-j % c-q c-j Enter. I like to check the replacements, so just keep hitting y to do the replacement and move on to the next one if it looks good. Save the file to the appropriate directory, which on Debian systems is /usr/share/games/fortunes, but can vary. For explanation purposes, we are going to assume the file was named zuihitsu with no file extension.

Note: If you are using the file above, just save it as a text file in your directory. Then, copy it to the appropriate system directory without a file extension.

Now, create a .dat file for the file you just made.

$ sudo strfile zuihitsu

Set the same permissions on the new files as the others in the directory. This just makes the files readable to groups and others.

$ sudo chmod o+r zuihitsu
$ sudo chmod g+r zuihitsu
$ sudo chmod o+r zuihitsu.dat
$ sudo chmod g+r zuihitsu.dat

Following the rest of the directory. I added a symbolic link.

$ sudo ln -s zuihitsu zuihitsu.u8

You should be able to test it now.

$ fortune zuihitsu

Assuming that worked. The final thing to do is to have your preferred shell call this when it runs. I use bash, so I added the command above to my bash_aliases file. From then on, it will pull a random quote from the zuihitsu file every time you bring up the terminal.

Bonus

Make a fortune come up automatically every time you login or open a new terminal by adding the following to .bashrc or .bash_aliases:

fortune zuihitsu 

Also, if you use mutt, you can add the following to your .muttrc file to have this fortune file generate a random signature for your emails:

set signature="fortune zuihitsu -s|"

The -s selects shorts quotes and the | pipes it to your email text.

Did you know the original fortune-mod fortune collection is available as a EPUB?

Revisiting the ASUS C201

Two and half years ago, I came across libreboot. I was looking for a linux laptop and came across this bit on the ASUS C201 page:

“This is unlike the other current libreboot laptops (Intel based). In practise, you can (if you do without the video/wifi blobs, and replace ChromeOS with a distribution that respects your freedom) be more free when using one of these laptops.”

ASUS Chromebook C201, libreboot.org. 2017

At the time, I was focused on exploring what it would mean to have the most free laptop available, and it led to the post: “Freedom & Limits: The ASUS C201 with libreboot and Parabola Linux.” The net: the machine did not have a reliable way to be free to the level of passing the requirements of the package of “your-freedom” and still be usable. The main problem is that it didn’t have a functional web browser and updates tended to bork the machine. I managed to get Arch, Parabola and Devuan linux installed on the machine. However, the installations kept breaking for various reasons, maybe half the time due to user error and half because ARM versions of the distributions were problematic for one reason or another.

In July 2019, I tried PrawnOS. It’s a nice distribution of Debian that actually was able to install to the computer’s onboard drive, which I couldn’t figure out how to do with the previous distributions. It provided a working system. Still, it really did not have a web browser that worked, I think it was still using Dillo. So, I left off at this point, happy to have learned something from the exercise.

A few days ago, I tried turning on the C201 again. I found that the distribution wouldn’t update. The documentation at github suggested I should reinstall PrawnOS. Easy enough.

I had already done the work of removing the security screw, upgrading the BIOS to libreboot, and had the machine in developer mode. If you aren’t there yet, then refer to the libreboot documentation and get to the point where it says Debian, Devuan or Parabola. Then, come back here and install PrawnOS instead.

To install PrawnOS, get the most recent release, which is available as a binary for people like me that don’t want to build from source. I tried using the browser Dillo on the C201 machine, but it kept timing out. So, I turned to wget.

$ sudo apt-get install wget
$ wget -c url_to_most_recent_release

Once you have the release, you need to copy it to the SD card. If you aren’t sure, you can always take out the SD card, run lsblk, then put the SD card back in and run lsblk again. The additional blk device is your SD card that you plug into /dev/$SD_CARD below..

$ sudo dd if=PrawnOS-*.img of=/dev/$SD_CARD bs=50M status=progress; sync

Then, you turn off the device, reboot and hit CTRL-U quickly at the menu to boot off the SD card. After booting, it gives you a prompt. Type in root, there is no password. Then, you are given a root prompt. Type:

# InstallPrawnOS

At this point, I was really blown away by how much this has been improved since the last time I have tried installing PrawnOS to this ASUS C201. PrawnOS is a Debian-derivative, with an encrypted partition. I typically do this with every linux install, and it was nice that it was built into the process. It offers sane defaults, such as using xfce4 over gnome, since gnome seems to have problems when used on an ASUS C201 machine. It also gets more pragmatic about freedom. Freedom is useless if it means you aren’t free to do something fundamental to using a computer, like browse the web.

So, PrawnOS includes Firefox-ESR, which the Free Software Foundation doesn’t consider free because it implements digital rights management technology. However, it is essentially required in order to use a computer normally. PrawnOS makes the pragmatic choice.

After I went through the set-up process, I was able to install emacs and add-ons. I did have some trouble updating the machine, whereas xorg threw configuration errors, but nothing that made the machine unusable like I have encountered in the past. I also continue to not be able to use the touchpad. However, for Chrome-level computer use, email, web browsing and so forth, the ASUS C201 seems like it could be a viable machine.

Emacs: Rebinding Caps Lock to Ctrl

I was reading this piece, The Beginners Guide to Emacs, which suggested making the Caps Lock Key into CTRL. I’ve been using emacs for years, and it never occurred to me to make this change. Lovely! Since it isn’t in the instructions, I’d thought I’d make a note here in case it comes up in the future. This version simply makes CapsLk into Ctrl.

$ sudo emacs /etc/default/keyboard

Then add: 

XKBOPTIONS="ctrl:nocaps"

$ sudo dpkg-reconfigure keyboard-configuration
$ shutdown -r now

GOG Games on Linux, Featuring Blade Runner

Blade Runner is a point-and-click adventure, a genre that was still very popular on PCs at the time of its release. Games like Beneath a Steel Sky had already used the format to tell Blade Runner-inspired cyberpunk stories. Given the usual state of movie adaptations, a Blade Runner adventure game wouldn’t necessarily have been anything to get excited about.‘Blade Runner’ really does make you feel like a detective

What Westwood did with the license, however, was inspired. The game isn’t a straight retelling of the movie. (Harrison Ford’s Deckard is nowhere to be seen.) You play a detective named Ray McCoy on the tail of replicants linked to vicious animal murders. While the story takes place at the same time as the movie and involves some of the same locations and characters, it plays out in parallel without intersecting too strongly. This was a great decision for a narrative adventure, allowing the game to evoke the movie without feeling predictable.

-Sam Byford, “The resurrected Blade Runner game is a genuine classic.” The Verge. December 18, 2019.

Blade Runner is currently on sale for $8.99 until January 2nd, 2020, at 2 PM UTC. And, if you are into free (as in beer!) games, and who isn’t, you could also download the previously mentioned Beneath a Steel Sky for nothing.

But, there’s a catch. GOG doesn’t provide much help getting these games installed on a Linux system. I didn’t see any instructions, but let me save you some time. I documented what I did to get it to work, and now, you have the very instructions that should be on the GOG website, but are somehow, inexplicably, not there. We’re going to use Blade Runner as our example, but while I was looking into how to get this thing running, it was apparent that these problems happen on the Linux platform with many of GOG’s games.

Installing & Getting the Games to Work

Before starting, let’s make life easy for ourselves and get an outdated audio library that is needed in order for the game to launch.

$ dpkg -i libsndio6.1_1.1.0-3_amd64.deb

You’re also going to need Simple DirectMedia Layer 2, which you can install the standard way, through the repository:

$ sudo apt-get install libsdl2-net-2.0-0

Now, with those preliminaries out of the way, let’s get to the task at hand, shall we? Download the Blade Runner file from the GOG website. Open a terminal:

$ cd Downloads
$ chmod +x blade_runner_1_0_varies.sh 
$ ./blade_runner_1_0_varies.sh 

After installation, it should be in your Show Applications, which is in the bottom right corner for people using the standard Gnome window manager, and then, select the game you’ve just installed, if it isn’t Blade Runner.

Or, maybe you’ve learned to love the terminal, you could launch the game from the command line by opening a terminal:

$ cd GOG\ Games/Blade\ Runner/
$ ./start.sh

The game should launch from this point. If not, contact GOG and …Good Luck!