Linux
Contents |
Crypt a partition
Kernel Configuration
Device Drivers | Multi-device support | Device mapper support | Crypt target support
Enable the wanted encryption algorithm Cryptographic options | Cryptographic API (sha and aes)
Create a small testfile
Create a container.
# dd if=/dev/zero of=container.loop bs=52428800 count=1
Mount it via loop device.
# losetup /dev/loop0 container.loop
Prepare the encryption by selecting the algorithm.
# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/loop0 WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase:
Unlock it.
# cryptsetup luksOpen /dev/loop0 verysecret Enter LUKS passphrase: key slot 0 unlocked.
Create a filesystem.
# mkfs.xfs /dev/mapper/verysecret
Mount it.
# mount /dev/mapper/verysecret /mnt/crypt/
Umount it.
# umount /mnt/crypt
Clear the passphrase.
# cryptsetup luksClose verysecret
Add a second key (8 keys are possible).
# cryptsetup luksAddKey /dev/loop0 Enter any LUKS passphrase: key slot 0 unlocked. Enter new passphrase for key slot:
Delete a key.
# cryptsetup luksDelKey /dev/loop0 1
Umount the loop file.
# losetup -d /dev/loop0
Handling keys
head -c 100 /dev/random | uuencode -m /dev/stdin | tail -n +2 | \
head -c 32
Damit bekommst du 32 Bytes Zufallsdaten, die du dann als
Platten-Schlüssel benutzt. Wie viele Bytes du brauchst, hängt natürlich
von deinem Verschlüsselungs-Algo ab.
Auf der Festplatte legst du diese Daten in PGP-Verschlüsselt ab:
gpg --symmetric --armor
Um die Platte zu mounten macht mein selbstgeschribenes Script dann unter
anderem das:
FS_KEY="$(gpg --no-options --passphrase-fd 3 --no-tty --batch \
--no-default-keyring --keyring /tmp/pubkey.gpg \
--secret-keyring /tmp/seckey.gpg -d ${KEYFILE} 3<<<${PASSPHRASE} \
2>/dev/null )"
/usr/bin/sudo /bin/cryptsetup -d /dev/stdin create "${MAPPERDEV}" \
"${DEVICE}" <<<"${FS_KEY}"
See also here.
Gentoo
Update Gentoo
To update the ports enter:
# emerge --sync
or if a firewall blacks you enter:
# emerge-webrsync
To display packages which need an update enter:
# emerge --pretend --verbose world
To update all packages where the USE-FLAG has changed:
# emerge --update --deep --newuse world
To update the complete system enter:
# emerge --update --deep world
To Update the /etc directory
# etc-update
To update dependency execute:
# revdep-rebuild
Tips around portage
USE Flags
Get description for the USE-FLAGS install
# emerge gentoolkit
then type:
# equery uses package
For details on USE flags:
less /usr/portage/profiles/use.desc
USE Flags
Get description for the USE-FLAGS install
# emerge gentoolkit
then type:
# equery uses package
Display all version from one package
emerge eix eix <package>
Deinstall a portage
emerge --unmerge media-libs/faad2
The rc system
Add script to startup:
# rc-update add postfix default
Show which script is executed
# rc-update show
Remove package from startup
# rc-update del postfix default
Compiling a kernel
cd /usr/src/linux unset CROSS_COMPILE genkernel --kernel-config=/usr/src/config-idefix-v3 kernel or genkernel --no-mrproper --install kernel
Upgrade to gcc 4.1
Compiling a kernel
cd /usr/src/linux unset CROSS_COMPILE genkernel --kernel-config=/usr/src/config-idefix-v3 kernel or genkernel --no-mrproper --install kernel
Mounting
Image via loop-back
Create a directory where to mount the image:
mkdir /mnt/image
Mount the image with:
mount /home/images/ppc-2006-01-11.iso /mnt/image -o loop=/dev/loop3 or mount /tmp/fdimage /mnt -t msdos -o loop=/dev/loop3,blocksize=1024
Wine
>>> Original instance of package unmerged safely.
* ~/.wine/config is now deprecated. For configuration either use * winecfg or regedit HKCU\Software\Wine
Warmboot kernel
To directly reboot into a new kernel the tool kexec is necessary:
emerge sys-apps/kexec-tools
The new kernel can be loaded with:
kexec -l --command-line="root=/dev/hdb3 udev video=vesafb:mtrr,ywrap,1024x786-32@85 ro" /boot/vmlinuz kexec -e
Ubuntu
Upgrade to Ubuntu Dapper
https://help.ubuntu.com/community/DapperUpgrades
ATI driver
Control Beep-Media-Player with Multimedia Keys
Start xev to find the keycodes. You get as result somthing like:
KeyRelease event, serial 43, synthetic NO, window 0x2400001,
root 0x3d, subw 0x0, time 3939566, (84,27), root:(1498,49),
state 0x10, keycode 232 (keysym 0x0, NoSymbol), same_screen YES,
XLookupString gives 0 bytes:
So we have keycode 232 for this key. Now edit .xmodmaprc in the following style:
keycode 232 = XF86AudioMedia
Allowed symbols can be found in /usr/X11R6/lib/X11/XKeysymDB.
My KeySonic has the following keys:
! config for KeySonic keycode 153 = XF86AudioNext keycode 162 = XF86AudioPlay keycode 144 = XF86AudioPrev keycode 164 = XF86AudioStop keycode 176 = XF86AudioRaiseVolume keycode 174 = XF86AudioLowerVolume keycode 178 = XF86HomePage keycode 236 = XF86Mail keycode 234 = XF86Back keycode 233 = XF86Forward keycode 229 = XF86Search keycode 231 = XF86Refresh keycode 230 = XF86Favorites keycode 232 = XF86AudioMedia keycode 160 = XF86AudioMute keycode 227 = XF86WakeUp keycode 223 = XF86Sleep keycode 222 = XF86PowerOff
Now load the settings with:
xmodmap .xmodmaprc
In Beep-Media-Player activate the plugin "XF86Audio Keys Control" and everything should work.
Diskless System
We want to boot via PXE and mount everything via NFS. At first we create a basic directory structure:
export DISKLESS=vdrhd1 export DISKLESS=diskless mkdir /usr/local/$DISKLESS/ cd !$ mkdir boot mkdir dev mkdir bin mkdir sbin mkdir lib mkdir etc mkdir usr mkdir root mkdir home mkdir proc mkdir tmp chmod a+w tmp mkdir sys mkdir var mkdir var/empty mkdir var/lock mkdir var/log mkdir var/run mkdir var/spool mkdir var/lib mkdir var/lib/dbus mkdir var/tmp mkdir var/cache mkdir var/cache/hald mknod dev/console c 5 1 mknod -m 666 dev/null c 3 1
Be sure you have the following settings in the kernel config:
# # Networking options # CONFIG_PACKET=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y # # Network File Systems # CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V4=y CONFIG_ROOT_NFS=y
Compile and install the kernel with:
make make INSTALL_PATH=/usr/local/$DISKLESS/boot install make INSTALL_MOD_PATH=/usr/local/$DISKLESS modules_install
You must copy or symlink your kernel to the tftp directory so the client can download the kernel via tftp.
Install NVIDIA Driver
Execute on the headless system:
sh NVIDIA-Linux-x86-275.09.07.run -a
Prepare DHCPD
Put the following lines to your dhcpd.conf:
next-server 192.168.0.251; filename "pxelinux.0"; option tftp-server-name "server.idefix.lan";
Boot the Kernel with PXE
Create a directory on your TFTP directory called pxelinux.cfg now place their the config files. I have one file called default:
DEFAULT memtest PROMPT 1 TIMEOUT 10 LABEL memtest MENU HIDE MENU LABEL memtest KERNEL memtest86+.bin LABEL local LOCALBOOT 0
And one file with the MAC address 00-de and so on:
PROMPT 1 DEFAULT vdr TIMEOUT 10 LABEL vdr MENU HIDE MENU LABEL ^VDR KERNEL vmlinuz-2.6.22-gentoo-r5-diskless APPEND ip=dhcp root=/dev/nfs nfsroot=192.168.0.149:/usr/local/diskless LABEL memtest MENU HIDE MENU LABEL ^memtest86+ KERNEL memtest.bin
Synchronize folders
rsync -az --delete --ignore-errors --numeric-ids --stats --progress /bin /usr/local/$DISKLESS/ rsync -az --exclude "*$DISKLESS*" --delete --ignore-errors --numeric-ids --stats --progress /lib /usr/local/$DISKLESS/ rsync -az --delete --ignore-errors --numeric-ids --stats --progress /sbin /usr/local/$DISKLESS/ rsync -az --exclude "/var/lib*" --exclude "/var/cache*" --exclude "/var/log*" --exclude "/var/tmp" --exclude "/var/db*" \ --exclude "/var/www" --delete --ignore-errors --numeric-ids --stats --progress /var /usr/local/$DISKLESS/ rsync -az --delete --ignore-errors --numeric-ids --stats --progress /etc /usr/local/$DISKLESS/
Layman
Layman can be used to use external portage directories via svn and more different programs and integrate all into portage.
Using Layman
At first we need to install layman:
emerge -av layman
Create Own Layman Repository
At first create a virtual host in your apache config and place there a config file for layman. overlay.xml Now add to the file /etc/layman/layman.conf the line:
overlays : http://www.gentoo.org/proj/en/overlays/layman-global.txt
http://overlay.idefix.lan/overlay.xml
Edit /etc/make.conf
source /usr/portage/local/layman/make.conf
Now we create the xml file on the server:
<?xml version="1.0" ?>
<layman>
<overlay
contact = "idefix@fechner.net"
name = "idefix"
src = "http://overlay.idefix.lan/"
type = "svn"
status = "official">
<link>
http://overlay.idefix.lan/svn/overlay/trunk/
</link>
<description>
Idefix overlay.
</description>
</overlay>
</layman>
Raid 5
Install at first the raid tools:
emerge -av sys-fs/mdadm
Load the raid module:
modprobe raid5
Create partitions on the three hard-disks with fdisk and type fd.
fdisk /dev/sdb fdisk /dev/sdc fdisk /dev/sdd
Create md devices:
cd /dev && MAKEDEV md
New create the raid with:
mdadm --create /dev/md0 --level 5 --raid-devices 3 /dev/sd[bcd]1
To see progress on build:
watch -n 1 cat /proc/mdstat
Store raid in config file:
mdadm --detail --scan >> /etc/mdadm.conf
To see more details for raid:
mdadm --detail /dev/md0
Sending EMail in Case of an Error
Edit the file /etc/mdadm.conf and add there:
MAILADDR idefix@server.idefix.lan
Test email delivery:
mdadm -Ft --scan
In Case of Failure
You can see in /proc/mdstat which device failed:
md0 : active raid5 sdb1[3] sdd1[2] sdc1[1]
2930271872 blocks level 5, 64k chunk, algorithm 2 [3/2] [_UU]
Remove it with:
mdadm -r /dev/md0 /dev/sdb1
Create a partition on the new disk with type 0xFD and add it to the raid with:
mdadm -a /dev/md0 /dev/sdb1
You can see now in /proc/mdstat that the raid is recovering the data:
cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] [faulty]
md0 : active raid5 sdb1[3] sdd1[2] sdc1[1]
2930271872 blocks level 5, 64k chunk, algorithm 2 [3/2] [_UU]
[>....................] recovery = 0.8% (12625280/1465135936) finish=302.8min speed=79923K/sec
unused devices: <none>
Create LVW2
emerge -av lvm2 rc-update add device-mapper boot rc-update add lvm boot
Scan for devices:
vgscan
mdadm -Ac partitions -m 0 /dev/md0
Convert a normal raid to lvm2
At first we create our backup storage. For this create partition on the disks and select as type raid autodetect. Now we create the raid with:
mdadm --create /dev/md0 --level=stripe --raid-devices=2 /dev/sde1 /dev/sdf1
Now we create the lvm2:
vgscan vgchange -a y pvcreate /dev/md0 vgcreate vg /dev/md0 lvcreate -L20G -nyavdr vg lvcreate -L3T -nbackup-video0 vg mkfs.ext4 /dev/vg/backup-video0
Now we mount the disks:
mount /dev/vg/backup-video0 /mnt/backup-video0 mount video:/video0 /video0
Now we copy the data:
cd /video0 rsync -av --delete . /mnt/backup-video0/
Online Resize Raid5
Replace the first disk with a new one like it is descriped in case of a disk failure. Wait till the raid is restored. Repeat that step for every disk in your raid.
Now we have to resize the raid:
mdadm -G /dev/md0 -z max
You have to wait till the resize is complete, check with:
cat /proc/mdstat
Now we resize the lvm:
pvresize /dev/md0
Now we resize the logical volume:
lvresize -l +100%FREE /dev/vg/video0
Now we resize the filesystem, I use ext4 so do:
resize2fs /dev/vg/video0
