Installing Citrix on Fedora 21

Time moves on. Distros move on, and so again it’s time to install Citrix Receiver for Linux. They have moved on to version 13.1, which fixes a lot of install bugs in the Ubuntu version. Unfortunately that seems to be at the cost of the RPM version which is no longer available. In this post we will be installing it on Fedora 21 which is still in beta.

Get the software Receiver for Linux 13.1 and look for For 64-bit Systems (assuming you have a 64 -bit system).

uname -p
-p, –processor print the processor type or “unknown”
$ uname -p

Then look for File Type: .tar.gz and download it. As root move it to somewhere like /usr/local/src/citrix/. Make sure you create a new directory as it is a tarbomb. Then extract it using the following command:

tar xvf linuxx64-

You can install it using the command:

# ./setupwfc 
Citrix Receiver for Linux 13.1.0 setup.

Copyright 1996-2014 Citrix Systems, Inc. All rights reserved.
Copyright (c) 1986-1997 RSA Security, Inc. All rights reserved.
This software uses libraries from the FFmpeg project under the LGPLv2.1

Citrix, Independent Computing Architecture (ICA), Program Neighborhood,
MetaFrame, and MetaFrame XP are registered trademarks and Citrix Receiver,
Citrix XenApp, XenDesktop, Citrix Presentation Server, Citrix Access Suite,
and SpeedScreen are trademarks of Citrix Systems, Inc. in the United States
and other countries.

Microsoft, MS, MS-DOS, Outlook, Windows, Windows NT, and BackOffice are
either registered trademarks or trademarks of Microsoft Corporation in
the United States and other countries.

All other Trade Names referred to are the Servicemark, Trademark,
or Registered Trademark of the respective manufacturers.

Select a setup option:

 1. Install Citrix Receiver for Linux 13.1.0
 2. Remove Citrix Receiver for Linux 13.1.0
 3. Quit Citrix Receiver for Linux 13.1.0 setup

Enter option number 1-3 [1]: 1

Please enter the directory in which Citrix Receiver for Linux is to be installed.
[default /opt/Citrix/ICAClient] 
or type "quit" to abandon the installation: 

The parent directory /opt/Citrix does not exist.
Do you want to create it? [default y]: y

You have chosen to install Citrix Receiver for Linux 13.1.0 in /opt/Citrix/ICAClient.

Proceed with installation? [default n]: y

Installation proceeding...

Checking available disk space ...

        Disk space available 230130076 K 
        Disk space required 35519 K

Continuing ...
Creating directory /opt/Citrix/ICAClient
Core package...
Setting file permissions...
Integrating with browsers...
Browsers found.

Integration complete.
Do you want to integrate Citrix Receiver with KDE and GNOME? [default y]: y
Do you want GStreamer to use the plugin from this client? [default y]: 
Do you want to install USB support? [default n]: n
USB support not installed.

Select a setup option:

 1. Install Citrix Receiver for Linux 13.1.0
 2. Remove Citrix Receiver for Linux 13.1.0
 3. Quit Citrix Receiver for Linux 13.1.0 setup

Enter option number 1-3 [3]: 3
Quitting Citrix Receiver for Linux 13.1.0 setup.

Unfortunately we are not out of the woods yet, as a quick check shows that we are missing some dependencies.

# ldd /opt/Citrix/ICAClient/wfica | grep -i "not found" => not found => not found => not found => not found

Fortunately with the excellent yum installer we can just point to the missing files and it will install the required packages.

yum install

Once you log in to your companies web page and launch citrix you get a popup asking you to accept the license.
Screenshot of the EULA

Citrix ships with a very small number of CA Root Certs. Therefore the chance is quite high that you will be presented with a signed cert from a CA provider that they do not have the root certificate for. If your server has signed their SSL/TSL cert with a missing root certificate you will be presented with the “SSL error 61” message that we have come to know and love.

SSL Error

At this point I normally suggested using the certs from Firefox, but in the version of Firefox (32.0.2) shipped with Fedora 21 Beta, the root Certs are no longer kept as files on the disk. The error message actually tells you which one you are missing, in my case “Global Sign Root CA”. Now go to Firefox and open Edit > Preferences > Advanced > Certificates > View Certificates > Authorities, where you will be presented with a long list of Authorities.
GlobalSign-AlphaSSLCA-G2.pem from Firefox

Scroll down to the Authority that issued your cert and starting at the top, export them one by one and save them to /opt/Citrix/ICAClient/keystore/cacerts/. I needed to save them in my own Downloads folder, and from there I moved them to the folder as root adding the pem extension.

mv -v /home/user/AlphaSSLCA-G2 /opt/Citrix/ICAClient/keystore/cacerts/GlobalSign-AlphaSSLCA-G2.pem

For me it turned out to be the third one and once I had it installed I was able to open the applications on my companies citrix web page. One improvement is that there is no warning about missing languages.

Posted in citrix, General | 22 Comments

Setting the default document folder/directory in the KDE Kate Text Editor

By default Kate is trying to open and save files starting in the ~/Documents folder. While this may be convenient for some, I’d like to change it. Try as I might I couldn’t find this option in the configuration of Kate. I remember this was an option, and it was removed. Then it was a command line option but kate –help-all shows it as been removed.

The only I found to change this is via KDE > System Settings > Account Details > Paths > Document Path:

Changing that to your desired directory works fine.

Posted in General | Leave a comment

Speeding up Speech with mplayer

Mplayer is a fantastic media player and I have been using it as the default tool to play both music and speech for years now.

One of it’s lesser known features is the ability to speed up or slow down whatever it’s playing. Not very useful for music but very handy if you are listening to speech. In some cases you may wish to speed up podcasts, to get more enjoyment in. In other cases you may want to slow down a recording so that you can transcribe the text. For people with Dyslexia this is very empowering as it gives them control over the rate of input.

You can use the {, [, backspace, ], }, keys to control the speed.

  • { key will slow down by 50% of the current rate
  • [ key will slow down by 10% of the current rate
  • Backspace will return the speed to normal
  • ] key will speed up 10% of the current rate
  • } key will speed up by 50% of the current rate
  • 9 key will decrease the volume
  • 0 key will increase the volume

I strongly recommend taking some time to review the keyboard controls in the manpage.

By default mplayer will not maintain pitch when you change the speed. So if you speed it up the speaker starts to sound like a chipmunk, and if you slow it down female voices start to sound like male voices.

You can change this by starting mplayer with the switch -af scaletempo

You can change this quickly by creating an alias

alias mplayer='mplayer -af scaletempo'

A more permanent way to set this is to configure your mplayer configuration file. Simply add the following in the “# audio settings #” section


See the Configuration Files section in the man page for more information.

The system-wide configuration file ‘mplayer.conf’ is in your configuration directory (e.g. /etc/mplayer or /usr/local/etc/mplayer), the user specific one is ~/.mplayer/config. User specific options override system-wide options and options given on the command line override either.

Posted in Accessibility, General | Leave a comment

Installing Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr)

EDIT: See comment below from Martin about the new version, where the fixes are applied. Get it here:

An update on installing the Citrix Reciver on Ubuntu 14.04 LTS (Trusty Tahr) as part of the Citrix series.

Get the application from the citrix website.
Select the deb format, and in my case the 64bit version.

Do not try and install this file as it will not work.

I only discovered this after I tried and failed to install it via the qapt-deb-installer. Dropping to the command line and installing dpkg failed as well but at least there was more information available.

# dpkg -i icaclient_13.0.0.256735_amd64.deb
Selecting previously unselected package icaclient.
(Reading database ... 143453 files and directories currently installed.)
Preparing to unpack icaclient_13.0.0.256735_amd64.deb ...
Unpacking icaclient ( ...
dpkg: dependency problems prevent configuration of icaclient:
 icaclient depends on libc6-i386 (>= 2.7-1); however:
 Package libc6-i386 is not installed.
 icaclient depends on ia32-libs; however:
 Package ia32-libs is not installed.
 icaclient depends on lib32z1; however:
 Package lib32z1 is not installed.
 icaclient depends on lib32asound2; however:
 Package lib32asound2 is not installed.
 icaclient depends on nspluginwrapper; however:
 Package nspluginwrapper is not installed.

dpkg: error processing package icaclient (--install):
 dependency problems - leaving unconfigured
Processing triggers for desktop-file-utils (0.22-1ubuntu1) ...
Processing triggers for mime-support (3.54ubuntu1) ...
Errors were encountered while processing:

At this point we have installed the software but there are still dependency issues. Normally running apt-get -f install would fix the problem. In this case the only option is to remove the icaclient package and I also had to run apt-get autoremove to get rid of unnecessary dependencies it installed.

After my experience with installing snx, I knew that the 32bit packages were removed after the move to MultiArch support. So I ducked around for a solution only to find this on the Citrix site “Installation Errors with Receiver for Linux 13.0 on Ubuntu 13.10 x64“, which details the problem and the fix. The fix is to essentially go in and edit the deb package to fix the dependency issues. The also provide a workaround to address the “SSL error 61”.

Here is the resolution they suggest:

The following resolution allows using Receiver for Web for authentication, enumeration and launch of the applications and desktops, as the aforementioned bug causes self-service UI to not work.

  1. Install the dependencies libmotif4:i386 nspluginwrapper lib32z1 libc6-i386 by executing the following command:
    sudo apt-get install libmotif4:i386 nspluginwrapper lib32z1 libc6-i386
  2. Get the official Citrix Receiver 13.0 .deb from:

    Note: Download from “For 64-bit Systems” section. The download popup may not work in Chrome, use Firefox.

  3. Fix the broken .deb package.
    You can fix it using the following commands:

    cd ~/Downloads
    mkdir ica_temp
    dpkg-deb -x icaclient_13.0.0.256735_amd64.deb ica_temp
    dpkg-deb --control icaclient_13.0.0.256735_amd64.deb ica_temp/DEBIAN
    sudo vi ica_temp/DEBIAN/control
    Change the line that starts with "Depends: ..." to:
    Depends: libc6-i386 (>= 2.7-1), lib32z1, nspluginwrapper
    Now rebuild the package: dpkg -b ica_temp icaclient-modified.deb
  4. Install the fixed package:
    sudo dpkg -i icaclient-modified.deb

    This installation may throw the following error:

    dpkg: error processing icaclient (–install):
    subprocess installed post-installation script returned error exit status 2
    Errors were encountered while processing icaclient

    This can be resolved by changing line 2648 in /var/lib/dpkg/info/icaclient.postinst from echo $Arch|grep “i[0-9]86” >/dev/null to echo $Arch|grep -E “i[0-9]86|x86_64” >/dev/null.
    Then restart the post-install sudo dpkg –configure icaclient.

  5. Add more SSL certificates.

    Some sites can give an SSL error. Firefox has many more certificates than Citrix, so add them.

    For example, sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

They quote the Ubuntu bug 1185771,
Mark libwebkitgtk-1.0-common as “Multi-Arch: foreign”.

Firefox is also not configured to open the Citrix Files correctly. To fix this select Open With and point it to /opt/Citrix/ICAClient/wfica

Posted in citrix | 2 Comments

Checkpoint SNX on Ubuntu 14.04 LTS (Trusty Tahr)

I have released an update to this blog post: See CheckPoint SNX install instructions for major Linux distributions

Life has conspired to bring me back to the open arms of Kubuntu and with a new install comes the required update on getting Checkpont Firewall AKA SNX working. This is part of the snx series here.

The first step remains the same and is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

# sh +x
Installation successfull

If you run this now you will get the error

snx: error while loading shared libraries: cannot open shared object file: No such file or directory

We can check if the required libraries are loaded.

# ldd /usr/bin/snx | grep "not found" => not found => not found

This is the 64 bit version and I’m installing a 32 bit application, so you’ll need to install the 32 bit libraries and the older version of libstdc if you haven’t all ready. The old trick of simply installing ia32-libs will no longer work since MultArch support has been added. Now the command is simply

apt-get install libstdc++5:i386 libpam0g:i386

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Do you accept? [y]es/[N]o:

Note the build number of 800007075. I had difficulties connecting with any other version lower than this.

Posted in General, snx | 27 Comments

XPath and namespace

When your XSLT/Xpath search is not giving the desired results always check the namespace of the element you are using.

EDIT For some reason spammers find this post delightful so I’m turning off comments on this one.

Posted in General | Comments Off on XPath and namespace

The engineering uses of hair tie

Quick Engineering tip: Get yourself a bag of black elastic hair ties. Since my Daughters have grown their hair, I have been exposed to this brilliant piece of engineering. Useful as removable cable ties, a makeshift spring, … think springy duck tape. The applications are endless.

A collection of elastic ties.

Get the smooth ones

Posted in General | Leave a comment

ORCA Fundraiser and the HPR New Year Show

During this years third annual Hacker Public Radio 26 Hour New Year show we will be discussing the ongoing work on the Orca project.

The orca Screen Reader is a free, open source, flexible, and extensible screen reader that provides access to the graphical desktop via user-customizable combinations of speech and/or braille. Written in python, it provides a way for blind, low vision, dyslexic, etc. people to do all the things we all take for granted. Filing taxes, checking when the next bus is leaving, or simply earning a living.

The problem is that while this program is so essential to so many peoples lives it has only one (1) developer, Joanmarie Diggs of Igalia open source consultancy.

We’re going to fix that.


We’re going to raise $100,000 to hire two full time contractors to fix all the outstanding bugs  tracked by Orca.


We’re going to find programmers and have them work on this either full time or part time, to continue to improve Accessibility in:

  • Orca
  • Speech Dispatcher
  • Thunderbird
  • Gecko
  • Evolution
  • LibreOffice
  • Java (and its Atk Wrapper)
  • GnuCash
  • AbiWord
  • Audacity
  • and any other apps and toolkits that need help


We’re going to raise the profile of Accessible Computing in every software project so that support is included from the start, contributing documentation, putting people in touch with advisors, telling our friends that Orca and Sonar exists, recording new voices, and generally making Orca not just better but, ten times better

So please spread the word, on social networks #FundOrca, contact every celebrity, entrepreneur, or personality you know. Please support this campaign.


Edit: Updated to add developer information as per Stomme poes, comments below.
Edit2: Updated to add comments by Joanmarie Diggs.

Posted in General | 3 Comments

Installing Citrix Reciver on Ubuntu 13.04/chrubuntu

I just installed ChrUbuntu on my Acer C7 Chromebook and of course it’s time to install Citrix.

Get the application from the citrix website.
Select the deb format, and in my case the 32bit version.
Open with Ubuntu Software Center
Enter the root password

And we get the old classic “SSL error 61”
SSL error 61

The SSL Error 61, is now easily fixed by copying the certs into the correct directory

sudo cp -v /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

That was it.

Posted in citrix | 1 Comment

RaspberryPi and the baby Dinosaur

In this Hacker Public Radio episode Ken and his Son hatch a plan to film a Dinosaur egg hatching using fswebcam.

Groeiend Dinosaurus Ei

We had to wait 8 days for a Dinosaur egg to hatch, so we rigged up a RasberryPi with a cheap usb cam to take pictures. This was just before the camera module was releases. However the principle was the same. We positioned the egg in a mixing bowl and placed it on some boxes to give it height. Then we used the handle of a camera stand as a place to clip on a cheap usb camera. We then connected the camera to a RasberryPi.

the camera rig

On the first day we let the light in and you see flickering as the lighting conditions change over the course of the day and the camera adjusts. Peter64 has promised a episode on how to fix this. So we closed the curtains and added an artificial light source as can be seen below.

While we could have used fswebcam to automatically take the pictures, there was a certain satisfaction in seeing the program run every minute. Other than the default rasbian install, we installed fswebcam and screen. The first to take the pictures and the other to allow the script to continue running after we disconnected.

$ cat egg.bash
while true
  nowdate=$(date -u +%Y-%m-%d_%H-%M-%SZ_%A)
  echo ${nowdate}
  fswebcam -r 640x480 \
           -S 15 \ 
           --flip h \
           --jpeg 95 \
           --shadow \
           --title "Dinosaur Hatching" \
           --subtitle "Pádraig Fallon" \
           --info "" \
           --save egg-${nowdate}.jpg
  sleep 1m

That produced a big long list of images, 10886 in total, and it was a “simple” matter to convert them to a mp4 file with ffmpeg. See for more information on encoding for the web in general

ffmpeg -y -r 120 -f image2 -pattern_type glob -i "*.jpg" -b:v 2000k -vcodec libvpx -quality best egg-libvpx.webm


Here’s the finished product:

Hatched Dino

Posted in General, Podcasts | Leave a comment