Marcus Eaton's Blog

I recently picked up a Intel Galileo Gen 2 for super cheap and went to go install the Arduino 2 IDE to start being able to write sketches for it, but due to Intel abandoning it and nuking the forums, the amount of resources available for it have been very slim to none with many tutorials not really fixing my issues.

To start, I went and installed the Arduino IDE from the Pop!_Shop using the Flatpak version. The system package version seems to not work currently as of this post without a workaround, complaining about missing libraries that were already installed (specifically, the Javascript library “liblistserialsj1”). This is due to Ubuntu bug #1916278, with a workaround mentioned here to install the packages “libserialport0” and “patchelf”, followed by running:

sudo patchelf --add-needed /usr/lib/x86_64-linux-gnu/libserialport.so.0 /usr/lib/x86_64-linux-gnu/liblistSerialsj.so.1.4.0

Not to mention the package repo version in Pop! OS at this time is the older V1 version. So I’m opting to use the Flatpak version from the Pop!_Shop as mentioned before. But if you do prefer the IDE V1 version, you can install it that way (or use the Flatpak V1 version as well to avoid using patchelf).

Once I installed the Flatpak V2, there’s some more issues.

Firstly, you’ll need to set up the Arduino IDE by selecting our board model (in this case I have a Galileo Gen 2) and installing the appropriate core when prompted, and then selecting the port (by default, /dev/ttyACM0 on my system).

Next, try to verify a sketch (I just use an example one for testing in this case) and you’ll get this error:

Compilation error: fork/exec /home/marcus/.arduino15/packages/Intel/tools/i586-poky-linux-uclibc/1.6.2+1.0/i586/sysroots/pokysdk/usr/bin/i586-poky-linux-uclibc/i586-poky-linux-uclibc-g++: no such file or directory

Per the two answers here on this AskUbuntu link, I followed the answers from users “Ignasi” and “Jerry Sun”, which are as follows:

Modify the install_script.sh located in

~/.arduino15/packages/Intel/tools/i586-poky-linux-uclibc/1.6.2+1.0

by replacing the string +111 in the find command in the script with /111.

Then, modify the first line of relocate_sdk.py in the same directory to call python2 instead of just python (since modern distributions of Linux default to Python 3). Make sure you have “python2” installed.

Then you can run the “install_script.sh” shell script to set up the rest of the Intel Galileo toolchain. You should have some output ending with “SDK has been successfully set up and is ready to be used.”.

However… you’ll notice you will still have the same error! Turns out even this script doesn’t properly fix things! However this is one last easy fix. You’ll notice the directory “i586” doesn’t actually exist still. You can fix this easily with an extra directory and symlink.

mkdir ~/.arduino15/packages/Intel/tools/i586-poky-linux-uclibc/1.6.2+1.0/i586

ln -s ~/.arduino15/packages/Intel/tools/i586-poky-linux-uclibc/1.6.2+1.0/sysroots ~/.arduino15/packages/Intel/tools/i586-poky-linux-uclibc/1.6.2+1.0/i586/sysroots

Lastly, confirm your user is in the group “dialout” to be able to read and write to the tty device (such as /dev/ttyACM0 in my case). Otherwise you will be unable to read or write sketches to/from the Galileo. For me, I had to reboot for this group membership change to take effect - Logging out and logging back in was insufficient.

Another side note: Getting a TTL RS-232 serial cable (or making one based on the information from Intel here) is a nice thing to have as that means you don’t have to rely on the Linux installation working and having network connectivity to the board to manage the underlying OS using SSH. Speaking of the OS, due to the fact that Intel has moved their iotdk.intel.com package repository to enforce TLS, you can no longer call opkg commands with the provided Yocto Linux image that has wget compiled on it with no SSL support whatsoever. Thankfully curl does support SSL but I didn’t find a way to make opkg use curl to download packages or repodata. I would recommend mirroring the entire site with

wget -r -np -R "index.html*" -nH --cut-dirs=1 https://iotdk.intel.com/repos/

Note that this archive, at the time when I mirrored it, was 36GB, so it’s going to take a while to download on even a relatively fast internet connection.

However after that, you can edit /etc/opkg/iotdk.conf and /etc/opkg/mraa-upm.conf to point to your own package mirror on a HTTP enabled webserver.

As I find more things I’ll keep updating this blog post, but so far I have a working environment and all seems well. I do want to note one thing I have run into is if the USB serial connection is left idle or another process is hogging the serial device, you won’t be able to upload any more sketches until you power cycle the board. Annoying but it’s not a huge issue to me yet at this point.

Here is the slides for my presentation at LinuxFest Northwest for 2019 regarding Syncthing and password management.

Download slides (PDF, 3MB)

Here’s the link to the talk page on the LFNW website: Presentation Details

WatchGuard Dimension is a virtual appliance that is designed to store firewall logging messages from WatchGuard XTM and Firebox products. It can also generate automated reports based on logged traffic and information, send the reports and other notifications through email, and even allows you to centrally manage multiple firewalls with the right licenses. It’s completely free to use with any WatchGuard firewall that runs Fireware OS v11.10.1 or newer as long as the firewall has an active support subscription for the logging and reporting components.

While WatchGuard only officially supports VMware ESXi and Microsoft Hyper-V as target platforms to run Dimension, it can run on other hypervisors, which people have had success with when the underlying hypervisor system is KVM-based. Proxmox VE allow you to make LXC and KVM virtual machines, so we’ll be using KVM for this instance.

Assuming you have a working Proxmox VE installation already set up, the first step is to download Dimension from here. You’ll want to download the VMware OVF template and extract it using something that can handle .tar files (as this is essentially what a .ova file is). Download and extract it.

Now, log into the Proxmox Web UI and create a new KVM container. You’ll want to give it a dual-core CPU with the default kvm64 CPU type, 2GB of RAM, a “e1000” network adapter with a static IP, and two virtual SATA disks to correspond to the two hard drive images which we’ll talk about later. I personally made these both 160GB with thin provisioning. You may need to increase these resources however if you plan to add more than one firewall for logging. Once the VM is created, SSH into the Proxmox server. With the virtual machine powered off, locate the path where the default .qcow2 files were created. This is configured in the storage settings of Proxmox, usually in /var/lib typically. Navigate to the images folder, then to the VM ID # assigned to the virtual machine and you’ll see two .qcow2 files. Keep this path in mind for later.

Once the download has finished and been extracted, you’ll have a few different files. The two of interest are the *.vmdk files. We will want to convert these to the qcow2 format as it will improve performance and has more native and full support under KVM as a disk image format, compared to vmdk. The best way to convert them is to upload them to your Proxmox server in the path we mentioned before using a SFTP client, rsync, or however you prefer, then running the following command:

qemu-img convert -f vmdk -O qcow2 (filename).vmdk vm-(VM ID #)-disk-(disk number).qcow2

The first disk contains the OS, which should be disk 1. Disk 2 will be the data disk where Dimension’s PostgreSQL log database lives by default. You will be overwriting the existing qcow2 files which are empty at this point.

Now that this is done, start up the VM and get into the Dimension console by opening it with SPICE or noVNC through the Proxmox interface, and set the static IP per the official instructions here. Once that’s done, go to https://(static IP you set on Dimension) and go through the setup wizard as described here. You’re done!

It should be noted: This is not an officially supported setup by WatchGuard! You WILL be on your own if it’s not working correctly! That being said, I have been running it personally for almost 6 months now and it’s been completely transparent without any needed maintenance. If you do need help with Dimension I recommend the excellent documentation provided by WatchGuard themselves, which you can search for using their Technical Search here!