Installing Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr)

EDIT: See comment below from Martin about the new version, where the fixes are applied. Get it here:

An update on installing the Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr) as part of the Citrix series.

Get the application from the citrix website.
Select the deb format, and in my case the 64bit version.

Do not try and install this file as it will not work.

I only discovered this after I tried and failed to install it via the qapt-deb-installer. Dropping to the command line and installing dpkg failed as well but at least there was more information available.

# dpkg -i icaclient_13.0.0.256735_amd64.deb
Selecting previously unselected package icaclient.
(Reading database ... 143453 files and directories currently installed.)
Preparing to unpack icaclient_13.0.0.256735_amd64.deb ...
Unpacking icaclient ( ...
dpkg: dependency problems prevent configuration of icaclient:
 icaclient depends on libc6-i386 (>= 2.7-1); however:
 Package libc6-i386 is not installed.
 icaclient depends on ia32-libs; however:
 Package ia32-libs is not installed.
 icaclient depends on lib32z1; however:
 Package lib32z1 is not installed.
 icaclient depends on lib32asound2; however:
 Package lib32asound2 is not installed.
 icaclient depends on nspluginwrapper; however:
 Package nspluginwrapper is not installed.

dpkg: error processing package icaclient (--install):
 dependency problems - leaving unconfigured
Processing triggers for desktop-file-utils (0.22-1ubuntu1) ...
Processing triggers for mime-support (3.54ubuntu1) ...
Errors were encountered while processing:

At this point we have installed the software but there are still dependency issues. Normally running apt-get -f install would fix the problem. In this case the only option is to remove the icaclient package and I also had to run apt-get autoremove to get rid of unnecessary dependencies it installed.

After my experience with installing snx, I knew that the 32bit packages were removed after the move to MultiArch support. So I ducked around for a solution only to find this on the Citrix site “Installation Errors with Receiver for Linux 13.0 on Ubuntu 13.10 x64“, which details the problem and the fix. The fix is to essentially go in and edit the deb package to fix the dependency issues. The also provide a workaround to address the “SSL error 61”.

Here is the resolution they suggest:

The following resolution allows using Receiver for Web for authentication, enumeration and launch of the applications and desktops, as the aforementioned bug causes self-service UI to not work.

  1. Install the dependencies libmotif4:i386 nspluginwrapper lib32z1 libc6-i386 by executing the following command:
    sudo apt-get install libmotif4:i386 nspluginwrapper lib32z1 libc6-i386
  2. Get the official Citrix Receiver 13.0 .deb from:

    Note: Download from “For 64-bit Systems” section. The download popup may not work in Chrome, use Firefox.

  3. Fix the broken .deb package.
    You can fix it using the following commands:

    cd ~/Downloads
    mkdir ica_temp
    dpkg-deb -x icaclient_13.0.0.256735_amd64.deb ica_temp
    dpkg-deb --control icaclient_13.0.0.256735_amd64.deb ica_temp/DEBIAN
    sudo vi ica_temp/DEBIAN/control
    Change the line that starts with "Depends: ..." to:
    Depends: libc6-i386 (>= 2.7-1), lib32z1, nspluginwrapper
    Now rebuild the package: dpkg -b ica_temp icaclient-modified.deb
  4. Install the fixed package:
    sudo dpkg -i icaclient-modified.deb

    This installation may throw the following error:

    dpkg: error processing icaclient (–install):
    subprocess installed post-installation script returned error exit status 2
    Errors were encountered while processing icaclient

    This can be resolved by changing line 2648 in /var/lib/dpkg/info/icaclient.postinst from echo $Arch|grep “i[0-9]86” >/dev/null to echo $Arch|grep -E “i[0-9]86|x86_64” >/dev/null.
    Then restart the post-install sudo dpkg –configure icaclient.

  5. Add more SSL certificates.

    Some sites can give an SSL error. Firefox has many more certificates than Citrix, so add them.

    For example, sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

They quote the Ubuntu bug 1185771,
Mark libwebkitgtk-1.0-common as “Multi-Arch: foreign”.

Firefox is also not configured to open the Citrix Files correctly. To fix this select Open With and point it to /opt/Citrix/ICAClient/wfica

Posted in citrix | 2 Comments

Checkpoint SNX on Ubuntu 14.04 LTS (Trusty Tahr)

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.

The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x
Installation successfull

If you run this now you will get the error

snx: error while loading shared libraries: cannot open shared object file: No such file or directory

We can check if the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found" => not found => not found

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply

apt-get install libstdc++5:i386 libpam0g:i386

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Do you accept? [y]es/[N]o:

Note the build number of 800007075. I had difficulties connecting with any other version lower than this.

Posted in General, snx | 18 Comments

XPath and namespace

When your XSLT/Xpath search is not giving the desired results always check the namespace of the element you are using.

EDIT For some reason spammers find this post delightful so I’m turning off comments on this one.

Posted in General | Comments Off on XPath and namespace

The engineering uses of hair tie

Quick Engineering tip: Get yourself a bag of black elastic hair ties. Since my Daughters have grown their hair, I have been exposed to this brilliant piece of engineering. Useful as removable cable ties, a makeshift spring, … think springy duck tape. The applications are endless.

A collection of elastic ties.

Get the smooth ones

Posted in General | Leave a comment

ORCA Fundraiser and the HPR New Year Show

During this years third annual Hacker Public Radio 26 Hour New Year show we will be discussing the ongoing work on the Orca project.

The orca Screen Reader is a free, open source, flexible, and extensible screen reader that provides access to the graphical desktop via user-customizable combinations of speech and/or braille. Written in python, it provides a way for blind, low vision, dyslexic, etc. people to do all the things we all take for granted. Filing taxes, checking when the next bus is leaving, or simply earning a living.

The problem is that while this program is so essential to so many peoples lives it has only one (1) developer, Joanmarie Diggs of Igalia open source consultancy.

We’re going to fix that.


We’re going to raise $100,000 to hire two full time contractors to fix all the outstanding bugs  tracked by Orca.


We’re going to find programmers and have them work on this either full time or part time, to continue to improve Accessibility in:

  • Orca
  • Speech Dispatcher
  • Thunderbird
  • Gecko
  • Evolution
  • LibreOffice
  • Java (and its Atk Wrapper)
  • GnuCash
  • AbiWord
  • Audacity
  • and any other apps and toolkits that need help


We’re going to raise the profile of Accessible Computing in every software project so that support is included from the start, contributing documentation, putting people in touch with advisors, telling our friends that Orca and Sonar exists, recording new voices, and generally making Orca not just better but, ten times better

So please spread the word, on social networks #FundOrca, contact every celebrity, entrepreneur, or personality you know. Please support this campaign.


Edit: Updated to add developer information as per Stomme poes, comments below.
Edit2: Updated to add comments by Joanmarie Diggs.

Posted in General | 2 Comments

Installing Citrix Reciver on Ubuntu 13.04/chrubuntu

I just installed ChrUbuntu on my Acer C7 Chromebook and of course it’s time to install Citrix.

Get the application from the citrix website.
Select the deb format, and in my case the 32bit version.
Open with Ubuntu Software Center
Enter the root password

And we get the old classic “SSL error 61”
SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

sudo cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

That was it.

Posted in citrix | 1 Comment

RaspberryPi and the baby Dinosaur

In this Hacker Public Radio episode Ken and his Son hatch a plan to film a Dinosaur egg hatching using fswebcam.

Groeiend Dinosaurus Ei

We had to wait 8 days for a Dinosaur egg to hatch, so we rigged up a RasberryPi with a cheap usb cam to take pictures. This was just before the camera module was releases. However the principle was the same. We positioned the egg in a mixing bowl and placed it on some boxes to give it height. Then we used the handle of a camera stand as a place to clip on a cheap usb camera. We then connected the camera to a RasberryPi.

the camera rig

On the first day we let the light in and you see flickering as the lighting conditions change over the course of the day and the camera adjusts. Peter64 has promised a episode on how to fix this. So we closed the curtains and added an artificial light source as can be seen below.

While we could have used fswebcam to automatically take the pictures, there was a certain satisfaction in seeing the program run every minute. Other than the default rasbian install, we installed fswebcam and screen. The first to take the pictures and the other to allow the script to continue running after we disconnected.

$ cat egg.bash
while true
  nowdate=$(date -u +%Y-%m-%d_%H-%M-%SZ_%A)
  echo ${nowdate}
  fswebcam -r 640x480 \
           -S 15 \ 
           --flip h \
           --jpeg 95 \
           --shadow \
           --title "Dinosaur Hatching" \
           --subtitle "Pádraig Fallon" \
           --info "" \
           --save egg-${nowdate}.jpg
  sleep 1m

That produced a big long list of images, 10886 in total, and it was a “simple” matter to convert them to a mp4 file with ffmpeg. See for more information on encoding for the web in general

ffmpeg -y -r 120 -f image2 -pattern_type glob -i "*.jpg" -b:v 2000k -vcodec libvpx -quality best egg-libvpx.webm


Here’s the finished product:

Hatched Dino

Posted in General, Podcasts | Leave a comment

Preparing your Acer C7 Chromebook to install GNU/Linux

  1. Purchase a Acer C7 Chromebook
  2. Enable developer mode
    • Invoke Recovery mode, you hold down the following keys:
      ESC, first key on the left on the very top row.
      F3/Refresh, fourth key on the very top row
    • Touch the Power button, located just under the left hinge. This will display the prompt “Chrome OS is missing or Damaged Please insert a recovery USB stick.”
    • Press ctrl, the first key on the left on the very bottom row, and D. This will display the prompt “To turn OS verification OFF, press ENTER. Your system will reboot and local data will be cleared. To go, back press ESC.”
    • If you are happy to proceed then press Enter
    • Wait and the system will beep twice. Then the system will go into developer mode which can take 5 minutes. After a reboot you will get the prompt “OS Verification is OFF Press Space to re-enable” followed by two beeps
    • You will be brought back into a new Chrome Install, where you normally select, your language, keyboard, and network.
    • Press and hold the following keys to get a Crosh shell:
      • ctrl, the first key on the left on the very bottom row
      • alt, the key to the left of the space bar
      • F2/Forward (->), third key on the very top row
    • type root to login
    • type the following to enable booting from a USB, booting from the SD will not work
      • crossystem dev_boot_usb=1
      • crossystem dev_boot_legacy=1
      • crossystem dev_boot_signed_only=0
    • type reboot to reboot the system
    • At the “OS verification is OFF” prompt press ctrl, the first key on the left on the very bottom row, and then at the same time the letter U to boot from the USB Stick.

At this stage the simplest option is to install ChrUbuntu (ChrUbuntu: One Script to Rule Them All!). I would recommend doing this even if you are not going to continue to use Ubuntu, as the script takes care of all the nasty partitioning steps for you.

This article is a summary of the information gleaned from the following websites. All credit goes to the maintainers of these sites:

Posted in General | Leave a comment

Checkpoint SSL Network Extender and Fedora19

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Due to a change in the way CheckPoint are now rolling out policies, the native snx client and SSL client require different policies. This means that you may be in the situation where you need to run the SSL Network Extender to gain access to the network. This seems to call the native client with the -Z switch.

I was unable to connect even after following this tutorial “Install Oracle Java JDK/JRE 7u25 on Fedora 19/18, CentOS/RHEL 6.4/5.9″ and confirming that java was in fact installed and verified working. It was only when I installed and succeeded in getting it working on CrunchBang Linux, that I released that Fedora is running SeLinux now so seamlessly that I forgot that it is even running.

I tailed the log files and saw messages relating to the snx client

tail -F  /var/log/audit/audit.log /var/log/messages
Aug  7 00:00:00 pc setroubleshoot: SELinux is preventing /usr/bin/snx from using the dac_override capability. For complete SELinux messages. run sealert -l 00000000-0000-0000-0000-000000000000

Running sealert -l 00000000-0000-0000-0000-000000000000 as suggested resulted in the answer

*****  Plugin mozplugger (99.1 confidence) suggests  *************************

If you want to use the plugin package
Then you must turn off SELinux controls on the Firefox plugins.
# setsebool unconfined_mozilla_plugin_transition 0

Once that was done, SNX worked fine. Be warned that this allows all plugins not just snx.



Posted in snx | Leave a comment

Adjust LCD brightness from the command line

Sometimes I just need to do this.
echo -n 15 > /sys/class/backlight/acpi_video0/brightness

Posted in General | Leave a comment