Importing intermediate certificate into Chromium/Cromite

Some websites only serve leaf/server certificate instead of the usual certificate chain (leaf + intermediate). If a browser doesn’t have the corresponding intermediate certificate (that signs the leaf certificate) cached beforehand, this can cause certificate error.

To download the missing intermediate certificate, click on “Not secure” > “Certificate details” > Details tab > “Authority Information Access”, there should be a link next to “CA Issuers”.

The easiest way is to import the downloaded certificate in Chromium/Cromite is to use the built-in Certificate Manager (chrome://certificate-manager/localcerts/usercerts). If you use p11-kit (trust anchor --store interCA.crt) to import, Cromite may not necessarily trust it; in that case, in Certificate Manager (chrome://certificate-manager/localcerts), enable “Use imported local certificates…”.

Extending LVM partition after disk expansion

  1. Boot GParted Live as this is best done offline.
  2. GParted may prompt to fix the GPT header due to metadata mismatch about the disk size, select “Fix”.
  3. Using GParted program, deactivate the LVM partition.
  4. Resize the LVM partition by dragging the right-arrow to the end.
  5. Click tick ✓ to apply. Resizing should take only a few seconds, if it’s not finished within a minute, reboot GParted Live and repeat; this may happen if Steps 2-3 are skipped.
  6. Launch Terminal,
sudo -s
vgs
lvs
  1. vgs may show non-zero VFree value meaning the volume group contains unallocated space. lvs lists the volume group and logical volume, the values are used in lvresize; Ubuntu defaults to ubuntu-vg/ubuntu-lv, the slash is not an OR, both values with a slash are required.
lvresize -l +100%FREE --resizefs VG-name/LV-name
vgs
  1. vgs should now show zero VFree value.
  2. In GParted program, activate the LVM partition.
  3. Reboot.

GnuPG 2.5 for Windows is now 64-bit only

After updating GnuPG to 2.5.16 using Chocolatey, I wasn’t able to sign commit in WSL with pinentry error. The “$HOME/.gnupg/gpg-agent.conf” was previously configured with pinentry-program "/mnt/c/Program Files (x86)/gnupg/bin/pinentry-basic.exe" which is now an invalid path. I updated it to:

pinentry-program "/mnt/c/Program Files/GnuPG/bin/pinentry-basic.exe"

Then run systemctl --user restart gpg-agent.service.

If Git and GnuPG are used in Windows, the gpg config in “$HOME\.gitconfig” should be updated to:

[gpg]
  program = C:\\Program Files\\GnuPG\\bin\\gpg.exe

GRUB 2.14rc1 supports LUKS2 + Argon2 disk encryption

I had always used grub-improved-luks2-git AUR package to boot up my LUKS2+Argon2-encrypted disk. Now that GRUB 2.14rc1 supports it, it’s time to switch to the default package.

$ sudo pacman -S grub

pacman detected it conflicts with grub-improved-luks2-git and prompted for removal which is expected. Then, this is the most important part, “/etc/default/grub” config has been restored to the default during installation, so I had to replace it with my config. Thankfully, pacman made a backup at “/etc/default/grub.pacsave”, so I just need to move it back.

$ sudo mv /etc/default/grub.pacsave /etc/default/grub

Reinstall and regenerate the GRUB configuration.

sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="Arch Linux" --recheck
sudo grub-mkconfig -o /boot/grub/grub.cfg

booloader-id value can be anything. The whole line of grub-mkconfig can be replaced with just update-grub (without any option) if the command is available.