Linux
From IdefixWiki
Contents |
Crypt a partition
Kernel Configuration
Device Drivers | Multi-device support | Device mapper support | Crypt target support
Enable the wanted encryption algorithm Cryptographic options | Cryptographic API (sha and aes)
Create a small testfile
Create a container.
# dd if=/dev/zero of=container.loop bs=52428800 count=1
Mount it via loop device.
# losetup /dev/loop0 container.loop
Prepare the encryption by selecting the algorithm.
# cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/loop0 WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase:
Unlock it.
# cryptsetup luksOpen /dev/loop0 verysecret Enter LUKS passphrase: key slot 0 unlocked.
Create a filesystem.
# mkfs.xfs /dev/mapper/verysecret
Mount it.
# mount /dev/mapper/verysecret /mnt/crypt/
Umount it.
# umount /mnt/crypt
Clear the passphrase.
# cryptsetup luksClose verysecret
Add a second key (8 keys are possible).
# cryptsetup luksAddKey /dev/loop0 Enter any LUKS passphrase: key slot 0 unlocked. Enter new passphrase for key slot:
Delete a key.
# cryptsetup luksDelKey /dev/loop0 1
Umount the loop file.
# losetup -d /dev/loop0
Handling keys
head -c 100 /dev/random | uuencode -m /dev/stdin | tail -n +2 | \
head -c 32
Damit bekommst du 32 Bytes Zufallsdaten, die du dann als
Platten-Schlüssel benutzt. Wie viele Bytes du brauchst, hängt natürlich
von deinem Verschlüsselungs-Algo ab.
Auf der Festplatte legst du diese Daten in PGP-Verschlüsselt ab:
gpg --symmetric --armor
Um die Platte zu mounten macht mein selbstgeschribenes Script dann unter
anderem das:
FS_KEY="$(gpg --no-options --passphrase-fd 3 --no-tty --batch \
--no-default-keyring --keyring /tmp/pubkey.gpg \
--secret-keyring /tmp/seckey.gpg -d ${KEYFILE} 3<<<${PASSPHRASE} \
2>/dev/null )"
/usr/bin/sudo /bin/cryptsetup -d /dev/stdin create "${MAPPERDEV}" \
"${DEVICE}" <<<"${FS_KEY}"
See also here.
Gentoo
Update Gentoo
To update the ports enter:
# emerge --sync
or if a firewall blacks you enter:
# emerge-webrsync
To display packages which need an update enter:
# emerge --pretend --verbose world
To update all packages where the USE-FLAG has changed:
# emerge --update --deep --newuse world
To update the complete system enter:
# emerge --update --deep world
To Update the /etc directory
# etc-update
To update dependency execute:
# revdep-rebuild
Tips around portage
USE Flags
Get description for the USE-FLAGS install
# emerge gentoolkit
then type:
# equery uses package
For details on USE flags:
less /usr/portage/profiles/use.desc
USE Flags
Get description for the USE-FLAGS install
# emerge gentoolkit
then type:
# equery uses package
Display all version from one package
emerge eix eix <package>
Deinstall a portage
emerge --unmerge media-libs/faad2
The rc system
Add script to startup:
# rc-update add postfix default
Show which script is executed
# rc-update show
Remove package from startup
# rc-update del postfix default
Compiling a kernel
cd /usr/src/linux unset CROSS_COMPILE genkernel --kernel-config=/usr/src/config-idefix-v3 kernel or genkernel --no-mrproper --install kernel
Upgrade to gcc 4.1
Compiling a kernel
cd /usr/src/linux unset CROSS_COMPILE genkernel --kernel-config=/usr/src/config-idefix-v3 kernel or genkernel --no-mrproper --install kernel
Mounting
Image via loop-back
Create a directory where to mount the image:
mkdir /mnt/image
Mount the image with:
mount /home/images/ppc-2006-01-11.iso /mnt/image -o loop=/dev/loop3 or mount /tmp/fdimage /mnt -t msdos -o loop=/dev/loop3,blocksize=1024
Wine
>>> Original instance of package unmerged safely.
* ~/.wine/config is now deprecated. For configuration either use * winecfg or regedit HKCU\Software\Wine
Warmboot kernel
To directly reboot into a new kernel the tool kexec is necessary:
emerge sys-apps/kexec-tools
The new kernel can be loaded with:
kexec -l --command-line="root=/dev/hdb3 udev video=vesafb:mtrr,ywrap,1024x786-32@85 ro" /boot/vmlinuz kexec -e
Ubuntu
Upgrade to Ubuntu Dapper
https://help.ubuntu.com/community/DapperUpgrades
ATI driver
Control Beep-Media-Player with Multimedia Keys
Start xev to find the keycodes. You get as result somthing like:
KeyRelease event, serial 43, synthetic NO, window 0x2400001,
root 0x3d, subw 0x0, time 3939566, (84,27), root:(1498,49),
state 0x10, keycode 232 (keysym 0x0, NoSymbol), same_screen YES,
XLookupString gives 0 bytes:
So we have keycode 232 for this key. Now edit .xmodmaprc in the following style:
keycode 232 = XF86AudioMedia
Allowed symbols can be found in /usr/X11R6/lib/X11/XKeysymDB.
My KeySonic has the following keys:
! config for KeySonic keycode 153 = XF86AudioNext keycode 162 = XF86AudioPlay keycode 144 = XF86AudioPrev keycode 164 = XF86AudioStop keycode 176 = XF86AudioRaiseVolume keycode 174 = XF86AudioLowerVolume keycode 178 = XF86HomePage keycode 236 = XF86Mail keycode 234 = XF86Back keycode 233 = XF86Forward keycode 229 = XF86Search keycode 231 = XF86Refresh keycode 230 = XF86Favorites keycode 232 = XF86AudioMedia keycode 160 = XF86AudioMute keycode 227 = XF86WakeUp keycode 223 = XF86Sleep keycode 222 = XF86PowerOff
Now load the settings with:
xmodmap .xmodmaprc
In Beep-Media-Player activate the plugin "XF86Audio Keys Control" and everything should work.
Diskless System
We want to boot via PXE and mount everything via NFS. At first we create a basic directory structure:
mkdir /usr/local/diskless/ mkdir /usr/local/diskless/boot mkdir /usr/local/diskless/dev mkdir /usr/local/diskless/bin mkdir /usr/local/diskless/sbin mkdir /usr/local/diskless/lib mkdir /usr/local/diskless/etc mkdir /usr/local/diskless/usr mkdir /usr/local/diskless/root mkdir /usr/local/diskless/home mkdir /usr/local/diskless/tmp chmod a+w /usr/local/diskless/tmp mkdir /usr/local/diskless/sys mkdir /usr/local/diskless/var mkdir /usr/local/diskless/var/empty mkdir /usr/local/diskless/var/lock mkdir /usr/local/diskless/var/log mkdir /usr/local/diskless/var/run mkdir /usr/local/diskless/var/spool mknod /usr/local/diskless/dev/console c 5 1
Be sure you have the following settings in the kernel config:
# # Networking options # CONFIG_PACKET=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y # # Network File Systems # CONFIG_NFS_FS=y CONFIG_NFS_V3=y CONFIG_NFS_V4=y CONFIG_ROOT_NFS=y
Compile and install the kernel with:
make make INSTALL_PATH=/usr/local/diskless/boot install make INSTALL_MOD_PATH=/usr/local/diskless modules_install
You must copy or symlink your kernel to the tftp directory so the client can download the kernel via tftp.
Prepare DHCPD
Put the following lines to your dhcpd.conf:
next-server 192.168.0.251; filename "pxelinux.0"; option tftp-server-name "server.idefix.lan";
Boot the Kernel with PXE
Create a directory on your TFTP directory called pxelinux.cfg now place their the config files. I have one file called default:
DEFAULT memtest PROMPT 1 TIMEOUT 10 LABEL memtest MENU HIDE MENU LABEL memtest KERNEL memtest86+.bin LABEL local LOCALBOOT 0
And one file with the MAC address 00-de and so on:
PROMPT 1 DEFAULT vdr TIMEOUT 10 LABEL vdr MENU HIDE MENU LABEL ^VDR KERNEL vmlinuz-2.6.22-gentoo-r5-diskless APPEND ip=dhcp root=/dev/nfs nfsroot=192.168.0.149:/usr/local/diskless LABEL memtest MENU HIDE MENU LABEL ^memtest86+ KERNEL memtest.bin
Layman
Layman can be used to use external portage directories via svn and more different programs and integrate all into portage.
Using Layman
At first we need to install layman:
emerge -av layman
Create Own Layman Repository
At first create a virtual host in your apache config and place there a config file for layman. overlay.xml Now add to the file /etc/layman/layman.conf the line:
overlays : http://www.gentoo.org/proj/en/overlays/layman-global.txt
http://overlay.idefix.lan/overlay.xml
Edit /etc/make.conf
source /usr/portage/local/layman/make.conf
Now we create the xml file on the server:
<?xml version="1.0" ?>
<layman>
<overlay
contact = "idefix@fechner.net"
name = "idefix"
src = "http://overlay.idefix.lan/"
type = "svn"
status = "official">
<link>
http://overlay.idefix.lan/svn/overlay/trunk/
</link>
<description>
Idefix overlay.
</description>
</overlay>
</layman>
