Accelerator keys for a JFrame containing JTextPane
Hi, I have written a text editing window which extends JTextPane, and is embedded in a JFrame with a menubar. I have attached accelerator key shortcuts to each JMenuItem. However, none of them work, because my extension of JTextPane implements KeyListener, and thus controls keyboard input. How do I get the accelerator keys to still work? In general they are all Ctrl-key combinations with no meaningful function in the JTextPane.
The only way I have found around this problem is to make your JFrame a KeyListener, and add it as a KeyListener of your JTextPane. In the keyPressed method of your JFrame call the processKeyEvent method. That will route the key to the menu. I have used this for a JTable and JTree under my JFrame, but not a JTextPane. It should work the same.
I have heard rumors that this will be fixed in 1.4. Pretty lame that it is so difficult to do.
Similar Messages
-
Accelerator keys for push buttons
Hi,
Does anyone know how can I define accelerator keys for push buttons. with ALT+underlined char. can I directly execute the button? If yes, how can we do that?
Regards,
PanneerHi,
As I know, GUI XT could be used to change the screen style. The pushbutton command could be used to add pushbutton.
But after checking the material, I found it could only use SAP predefined accelerator keys which is in the PF-STATUS.
FYI:
Pushbutton
Purpose With Pushbutton you can create your own pushbuttons within an R/3 screen or within the toolbar. You can make both the menu functions and the navigation to other transactions directly accessible with your own pushbuttons.
Example
Pushbutton (10,50) "Split Screen Editor" "SCMP"
You create a pushbutton at row 10, column 50 with text Split Screen Editor. Clicking on the button invokes the internal code SCMP which then starts the Split Screen Editor.
Internal codes How do I find the internal codes?
Choose the desired function in the transaction menu and press F1 while the mouse cursor points to this function. Now the R/3 system displays the internal function code in a pop-up window
Format Pushbutton (row,column) "Pushbutton text" "FCode" Process="..."
Adds a pushbutton on position (row,column). The pushbutton invokes the internal code FCode. This can be a code from the menu, e.g. SCMP, or a transaction code like /NFB01 or /OMM02.
Process="..." relates to the InputScript file. You can omit the "fcode" parameter if only "Enter" is needed in order to continue with the transaction.
Pushbutton (Toolbar) "Pushbutton text" "FCode"
Adds a pushbutton in the application toolbar. A free function key is assigned automatically and displayed in the quickinfo.
*Pushbutton (Toolbar) "Pushbutton text" "FCode" "Fkey"*
*Optionally you can specify a function key of your choice as an additional parameter Fkey using the format F1,..F12, ShiftF1,...,ShiftF12, CtrlF1,...,CtrlF12, ShiftCtrlF1,...,ShiftCtrlF12. If this function key is already in use the system chooses the next available number.*
*example: Shift+F5 -> F17, F3 -> F3*
Cheers -
Using accelerator keys for loading a appliaction made with J2ME
Hi
Is there any methods to use accelerator keys to load a application made with J2ME for mobile telephones. The application is not running and i must find a way to load the application using keys codes.
How can i accomplish this? can i use the application manager and the jad file? i know that i can use PushRegistry for incomming connections to load the application automaticaly. But i need a way to accomplish this by using the key events on a mobile phone when the application is closed.
Best Regard
jan Fredrik FallsenHi
Is there any methods to use accelerator keys to load a application made with J2ME for mobile telephones. The application is not running and i must find a way to load the application using keys codes.
How can i accomplish this? can i use the application manager and the jad file? i know that i can use PushRegistry for incomming connections to load the application automaticaly. But i need a way to accomplish this by using the key events on a mobile phone when the application is closed.
Best Regard
jan Fredrik Fallsen -
Compile for Debug accelerator key
Hello all,
it seems it's not possible to set an accelerator key for the "Compile for debug" command, at least I cannot find how to.
Any ideas? If it's not possible, I would like to suggest it for a future release.
With kind regards,
RonaldIt's not possible currently, you can log the request over at the exchange sqldeveloper.oracle.com
-kris -
I have a JMenuBar with a bunch of standard menus--File, Edit, and so forth. I've defined accelerator keys for a bunch of the menu items. I find when I start the app, the first accelerator key I use works, and thereafter they mostly don't. I wouldn't be super concerned--I can still get the function to work via menu selection with the mouse--but I'm also having trouble receiving keystrokes in other components (Behaviors triggering on a KeyEvent in a Java 3D window.)
It's easy to debug when things happen and they happen wrong. I'm finding it difficult to debug this because nothing is happening at all.
If this is obvious to anyone let me know. If anyone has any debugging tips let me know.
Here's a sample from my MenuBar:
public class MenuBar extends JMenuBar {
private ArrayList<JMenuItem> editModeAvailableItems;
public MenuBar() {
editModeAvailableItems = new ArrayList<JMenuItem>();
int keymask = 0;
if(Util.isMac()){
keymask = ActionEvent.META_MASK;
}else if (Util.isWindows()){
keymask = ActionEvent.CTRL_MASK;
final JMenu fileMenu = new JMenu("File");
JMenuItem newMenuItem = new JMenuItem("New");
newMenuItem.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_N,
keymask));
newMenuItem.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
InstrumentManager manager= InstrumentManager.getInstance();
if(manager != null){
if (manager.getInstrumentContainer().isUpdated()){
int answer = JOptionPane.showConfirmDialog(fileMenu,
"current file has been modified.",
"Warning",
JOptionPane.OK_CANCEL_OPTION,
JOptionPane.WARNING_MESSAGE);
if(answer==JOptionPane.OK_OPTION){
manager.newPantsFile();
}else{
manager.newPantsFile();
fileMenu.add(newMenuItem);
JMenuItem openMenuItem = new JMenuItem("Open");
openMenuItem.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_O,
keymask));
openMenuItem.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
InstrumentManager manager= InstrumentManager.getInstance();
if(manager != null){
if (manager.getInstrumentContainer().isUpdated()){
int answer = JOptionPane.showConfirmDialog(fileMenu,
"current file has been modified.",
"Warning",
JOptionPane.OK_CANCEL_OPTION,
JOptionPane.WARNING_MESSAGE);
if(answer==JOptionPane.OK_OPTION){
manager.openPantsFile();
}else{
manager.openPantsFile();
fileMenu.add(openMenuItem);
JMenuItem saveMenuItem = new JMenuItem("Save");
saveMenuItem.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_S,
keymask));
saveMenuItem.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
InstrumentManager manager= InstrumentManager.getInstance();
if(manager != null){
manager.savePantsFile();
fileMenu.add(saveMenuItem);jstoner wrote:
If anyone has any debugging tips let me know.For checking the focused window, we could do something like this:
FocusManager.getCurrentKeyboardFocusManager()
.addPropertyChangeListener(new PropertyChangeListener() {
public void propertyChange(final PropertyChangeEvent evt) {
if (evt != null && evt.getPropertyName().equals("focusedWindow")) {
Window window = (Window) evt.getNewValue();
if (window != null) {
// when the focused window is not the frame containing the
// accelerators, they will not work
System.out.println(window);
}); -
Accelerator key - is this a bug in Swing?
Hello to everyone.
I've written this Swing app which has JMenu.
Anyway, i have set accelerator keys on most of JMenuItems but here is what is not working:
JMenuItem exPaperXML = new JMenuItem("Paper XML");
exPaperXML.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_F10, 0));As you can see, I tried to set F10 to be accelerator key for this JMenuItem.
It doesn't work. It doesn't fire exPaperXML.actionPerformed(..) event, but
instead it highlights File JMenuItem (which doesn't have accelerator key set at all).
For example, I have set F9 as accelerator key for another JMenuItem and it works fine.
What do you think, is this a bug in Swing?
My JDK version is 1.4.2_05
Thanks!1) Read the JMenuBar API.
2) Click on the "JMenuBar Key Assignments" link
3) Click on "Key Java"
4) Note how F10 is used to select the first item.camickr thank you for quick reply.
Is there a way to override this default action?
Thanks. -
RE: (forte-users) Accelerator keys under MS Windows95/98/NT
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01BEF001.9C8C0B50
Content-Type: text/plain
Unfortunately, ALT key is not recognized as a validkey modifier on Windows
That isn't entirely true. The ALT key is recognized. I've used it
successfully
under Windows 95 and NT. The only annoying side-effect is that you get the
standard operating system beep when you perform the keypress.
-----Original Message-----
From: "Ajith Kallambella" [SMTP:[email protected]]
Sent: Thursday, August 26, 1999 1:43 PM
To: "[email protected]" [SMTP:[email protected]];
"[email protected]" [SMTP:[email protected]]
Subject: Re: (forte-users) Accelerator keys under MS Windows 95/98/NT
The Window class has a method named SetAsFunctionKey
and an event named FunctionKeyPress. When used
in combination, the former can be used to configure
various accelerator keys for the window widgets
and the latter can be used to trap them.
For more details, take a look at Forte online help.
Unfortunately, ALT key is not recognized as a valid
key modifier on Windows, but is only available on
Unix and VMS - for reasons beyond my comprehension :(
Hope this helps
Ajith Kallambella M.
Forte Systems Consultant.
From: "Burns, Troy" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: (forte-users) Accelerator keys under MS Windows 95/98/NT
Date: Thu, 26 Aug 1999 13:56:07 -0400
Let's say I have a pushbutton on a window and I've given it
label text of "&Search". In past developer-lives, the ampersand
is what gives the button the ability to respond to ALT-S. This
doesn't appear to be the case in Forte. What do I need to do
to make this work?
Thanks in advance,
Troy Burns
E-mail: [email protected]
Marriott Vacation Club International
941-688-7700 ext. 4408
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]
For the archives, go to: http://lists.sageit.com/forte-users and use
the login: forte and the password: archive. To unsubscribe, send in a new
email the word: 'Unsubscribe' to: [email protected]
------_=_NextPart_001_01BEF001.9C8C0B50
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<DEFANGED-META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<DEFANGED-META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<DEFANGED-TITLE>RE: (forte-users) Accelerator keys under MS Windows =
95/98/NT</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>> Unfortunately, ALT key is not recognized as a =
valid</FONT>
<BR><FONT SIZE=3D2>key modifier on Windows</FONT>
</P>
<P><FONT SIZE=3D2>That isn't entirely true. The ALT key is recognized. =
I've used it successfully</FONT>
<BR><FONT SIZE=3D2>under Windows 95 and NT. The only annoying =
side-effect is that you get the</FONT>
<BR><FONT SIZE=3D2>standard operating system beep when you perform the =
keypress.</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: "Ajith Kallambella" =
[SMTP:[email protected]] </FONT>
<BR><FONT SIZE=3D2>Sent: Thursday, August 26, 1999 1:43 PM</FONT>
<BR><FONT SIZE=3D2>To: "[email protected]" =
[SMTP:[email protected]];</FONT>
<BR><FONT SIZE=3D2>"[email protected]" =
[SMTP:[email protected]]</FONT>
<BR><FONT SIZE=3D2>Subject: Re: (forte-users) Accelerator keys under MS =
Windows 95/98/NT</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>The Window class has a method named =
SetAsFunctionKey</FONT>
<BR><FONT SIZE=3D2>and an event named FunctionKeyPress. When =
used</FONT>
<BR><FONT SIZE=3D2>in combination, the former can be used to =
configure</FONT>
<BR><FONT SIZE=3D2>various accelerator keys for the window =
widgets</FONT>
<BR><FONT SIZE=3D2>and the latter can be used to trap them.</FONT>
</P>
<P><FONT SIZE=3D2>For more details, take a look at Forte online =
help.</FONT>
</P>
<P><FONT SIZE=3D2>Unfortunately, ALT key is not recognized as a =
valid</FONT>
<BR><FONT SIZE=3D2>key modifier on Windows, but is only available =
on</FONT>
<BR><FONT SIZE=3D2>Unix and VMS - for reasons beyond my comprehension =
:(</FONT>
</P>
<P><FONT SIZE=3D2>Hope this helps</FONT>
</P>
<P><FONT SIZE=3D2>Ajith Kallambella M.</FONT>
<BR><FONT SIZE=3D2>Forte Systems Consultant.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>>From: "Burns, Troy" =
<[email protected]></FONT>
<BR><FONT SIZE=3D2>>To: "'[email protected]'" =
<[email protected]></FONT>
<BR><FONT SIZE=3D2>>Subject: (forte-users) Accelerator keys under MS =
Windows 95/98/NT</FONT>
<BR><FONT SIZE=3D2>>Date: Thu, 26 Aug 1999 13:56:07 -0400</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>Let's say I have a pushbutton on a window and =
I've given it</FONT>
<BR><FONT SIZE=3D2>>label text of "&Search". In =
past developer-lives, the ampersand</FONT>
<BR><FONT SIZE=3D2>>is what gives the button the ability to respond =
to ALT-S. This</FONT>
<BR><FONT SIZE=3D2>>doesn't appear to be the case in Forte. =
What do I need to do</FONT>
<BR><FONT SIZE=3D2>>to make this work?</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>Thanks in advance,</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT =
SIZE=3D2>>---------------------------------------------</FONT>
<BR><FONT SIZE=3D2>>Troy Burns</FONT>
<BR><FONT SIZE=3D2>>E-mail: [email protected]</FONT>
<BR><FONT SIZE=3D2>>Marriott Vacation Club International</FONT>
<BR><FONT SIZE=3D2>>941-688-7700 ext. 4408</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>>--</FONT>
<BR><FONT SIZE=3D2>>For the archives, go to: <A =
HREF=3D"<a href=
"http://lists.sageit.com/forte-users">http://lists.sageit.com/forte-users</a>" =
TARGET=3D"_blank">http://lists.sageit.com/forte-users</A> and =
use</FONT>
<BR><FONT SIZE=3D2>>the login: forte and the password: archive. To =
unsubscribe, send in a new</FONT>
<BR><FONT SIZE=3D2>>email the word: 'Unsubscribe' to: =
[email protected]</FONT>
<BR><FONT SIZE=3D2>></FONT>
</P>
<BR>
<P><FONT =
SIZE=3D2>_______________________________________________________________=
</FONT>
<BR><FONT SIZE=3D2>Get Free Email and Do More On The Web. Visit <A =
HREF=3D"<a href="http://www.msn.com">http://www.msn.com</a>" =
TARGET=3D"_blank">http://www.msn.com</A></FONT>
</P>
<P><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>For the archives, go to: <A =
HREF=3D"<a href=
"http://lists.sageit.com/forte-users">http://lists.sageit.com/forte-users</a>" =
TARGET=3D"_blank">http://lists.sageit.com/forte-users</A> and =
use</FONT>
<BR><FONT SIZE=3D2>the login: forte and the password: archive. To =
unsubscribe, send in a new</FONT>
<BR><FONT SIZE=3D2>email the word: 'Unsubscribe' to: =
[email protected]</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01BEF001.9C8C0B50--Hi,Beau Leo, I am having problem installing Oracle9i Database Rel.2 on my pc.
I read the suggestion and solution you posted for fixing Oracle 8.1.x installation
probblem, and since my pc also hung at 48% while installing Oracle 9i software,
I wonder if the same problem in the Oracle8 Vs.Pentium4 also exists for Oracle9i.
I have Windows2000,256RAM, Pentium3 1Ghz, and 13.8 free diskspace. But the installation always
hangs at 48%, my computer will just shut down and restart automatically without
even showing an error message. I have tried installing the Enterprise edition for 3
times already but everytime encountered the same problem. I've also tried custom installation
by selecting not to create database, but it also hung.
Before I started each installation, I always made sure that my registry and environment
path are cleared and that all the partially-installed Oracle files are deleted.
I hope that you or anyone who has a solution for this problem could be so kindly to help me out.
Thank you in advance.
ailee -
Accelerator keys in MAC !!!!
I've set accelerator keys for Refresh Action(F5) using..............
putValue(Action.ACCELERATOR_KEY, KeyStroke.getKeyStroke(KeyEvent.VK_F5,
0));
thought it works on pressing F5....the accelerator is not displayed alongwith the MenuItem in the menubar. : (
{ However other accelerators for which I'm setting accelerators are working fine and showing 'Comm sign' + C........say for copy.................where i did this..........
putValue(Action.ACCELERATOR_KEY, KeyStroke.getKeyStroke(KeyEvent.VK_C,
Toolkit.getDefaultToolkit().getMenuShortcutKeyMask()));
Can Somebody suggest????....
ALso can you tell me how can i set an accelerator for Help key in MAC..which is Command Key + '?'
Actually I need the Key code for '?' key
Thanks : )I'm sorry for editing so late...............
The problem that accelerators not showing on the menu item is on MAC.
THe problem is only when there;s not modifier like a Comm or Ctrl ....and the accelerator is just say F6......
In that case the accelerator F6 is not displayed in the menuitem as it does with modifiers...and evn on Win. -
I want to search for a pattern string in the entire registry and need to delete all the keys and sub-keys that contain the pattern. How can I implement this in VB Script or C#? Appreciate if you can give some sample examples. Now every time, I am manually
searching for the pattern in registry and deleting one by one.
Thanks PrasadThere is no built in way to do this. You'll end up having to enumerate all keys and values in the entire registry and comparing each one for a pattern using Regex or similar. This is going to be really slow but there isn't much else you can do about
it (other than parallelize the enumeration). Also note that you won't have permissions to all keys for read and/or write access so you'll need to skip over those using exception handling.
Michael Taylor
http://blogs.msmvps.com/p3net -
Accelerator/Access Key for commandLink problem
I tried setting the access key for a commandLink but all it does is put the focus the command link and not trigger the action(unless enter key is pressed after pressing the access key). Is this the expected behavior or there is a way to make access keys execute action on commandLink?
Hi Hyangelo,
Even i am facing the same problem . I am using Jdeveoper 11.1.1.3.0 . I am having a commandLink , menu and commandNavigationItem , I am trying to access the component with accesskeys like giving ..
<af:commandLink id="cl_onpage" partialSubmit="true"
textAndAccessKey="#{ARUIBundle.Hello}"
action="#{AccessBean.trigger}"></af:commandLink>
wherein my accesskey is defined in my property file and it is 'H'. As i am using internet explorer i use alt + H as key combination . When i use the key combination , Only the focus is set to the component and the action with it is not getting triggered unless i hit the enter key.
Can you let us know as to how you solved the issue . As you said it was taking a while for the action to be triggered. I tried the same , waited for 5 minutes but still the action did not get triggered.
Thanks
Vini -
How to activate JMenu from other frame using accelerator key
Hi.
I'm developing an application for my final year project.
i set up my application to have multiple frame open at the same time (like sunone studio in SDI mode). only one JFrame contains the JMenuBar.
i can activate this menu bar using the accelerator key when the containing JFrame has focus. however, i donot know how to make the Menu activate when the accelerator key is pressed on other frame. press help, thanks in advance.does any one have some idea.
the solution i found seem not suit my need.
i want to be able to pull down (and get the focus transfered to) the jmenu in menubar of another frame using the menu's mnemonics. using InputMap does not seem to fit since i need to the menmonic of menu is not in the input map. -
Remote Keys for Multiple Systems
I am working on an SRM project where we have internal catalogs items (from ECC) and external catalog items (from Excel files) going into an MDM Catalog repository. For both, we use a lookup table for the Supplier number to cross-ref to a supplier name.
We have a Supplier List message that runs from ECC to MDMCAT to populate this table. In doing so, it creates a key mapping for the ECC remote system...which gets used for cross-referencing supplier names when catalog items load.
The issue...we do not have such a Supplier List from the external catalog "remote system", so when external catalog items get loaded there is no supplier number/name cross-ref happening. I can manually create key mappings for the external remote system, but I want to automate it.
I am thinking about having our PI middleware make a copy of the ECC Supplier Lists and send them to a new port set up as the external remote system...thinking that this would generated extenal system keys...hopefully without duplicating supplier lookup records. Before proceeding, I wanted to throw this out to see if there is a better solution.
Any suggestions?
Thanks,
KeithHi Keith,
some remarks:
if you send data from ECC to MDMCAT, the catalog items contain the supplier keys of the ECC system. That's why the import works automatically. If you want to reuse the ECC supplier keys, the first question to answer is: does your external system use exactly the SAME keys as ECC? Only if this is the case, duplicating the ECC supplier message works for you. Otherwise you'd create keys for your external system that are never sent by the external system.
If the external system uses the same keys as ECC, the next question is how often do you update the supplier list in MDM? Regularly? Only once? If regularly your option with PI is a good idea. This won't duplicate supplier records as Import Manager (or MDIS) is able to identify already existing suppliers and updates the remote keys only (anyways you should check the related import map!). If it's a one time action only, you can re-open the same file multiple times for different remote systems with Import Manager. Then you wouldn't have to configure an additional connection from PI to MDM.
Best regards
Michael -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
How to specify the storage access key for a ResourceFile?
The azure batch tutorial shows how to put program file into a public container in a storage account and let azure batch to download them to TVMs and run.
In real world scenario, if I don't want to use a public container or a shared access signature and want the azure batch to use a access key to access the container where my task program file is located, is it possible? How to do it?I see that you are conversant with the issues here but for other readers let me provide a quick review:
The properties of a task (ICloudTask/CloudTask) include a collection of ResourceFile instances. ResourceFile instances
map blobs in Azure Storage to local files in the Container/VM/Guest-OS. Azure Batch copies the files from storage into the VM before the task runs and it uses the SAS (and other data) in the ResourceFile to do so.
The ICloudTask/CloudTask.FilesToStage collection exposes the object model's mechanism for customizable file staging.
The collection accepts instances of IFileStagingProvider which ultimately are invoked to create/augment the ResourceFile collection on the task.
A default implementation is provided: FileToStage.
An instance of FileToStage maps a file local to the client library to a file ultimately in the VM (indirecting through
blob storage/SAS). When instances of FileToStage are added to the CloudTask.FilesToStage the following occurs on Commit()/AddTask:
A container is created in the given storage account. The name is constructed to avoid collisions.
The container is given a restricted SharedAccessBlobPolicy.
All of the local files specified are uploaded to that container
An SAS for each blob is created
(24hr expiry)
and a ResourceFile is constructed for each FileToStage
The ResourceFile for each FileToStage is added to the CloudTask.ResourceFiles collection.
FileToStage and the FilesToStage collection are intended to assist the customers that either want a shortcut around the issues of blob containers and SAS or want to control the file staging process via a custom implementation of IFileStagingProvider.
When using the default implementation FileToStage to stage local files, care should be taken to monitor the number of containers created and the storage cost implications.
Your concerns about SAS based methods are not directly addressed by the default implementation. I would only note that SAS values can be re-used across tasks and jobs so the existing implementation can be used to get local data into storage and usable
SAS values. However, you already have these sorts of features implemented it seems and as you point out, there is the problem of SAS expiry.
daryl -
JTabbedPane w/ Accelerator Keys
I need to add accelerator keys to the tabs of a JTabbedPane, much like the accelerators in a JMenuItem (i.e. under-score for Alt-F, or CTRL-X, etc...).
Any suggestions?
Thanks!It doesn't support accelerator, but it does support mnemonics. Check out the API for more information.
Maybe you are looking for
-
I have MBP mid 2010, 15" maverick 10.9.4 and it freezes with any virtualization software. I tried Parallels and Virtualbox. both freezes.. I did go through forums and disable automatic graphics switching, reset PRAM and SMC, reinstalled OS/X no luck
-
I have an iMAC from about 2007. The mouse will not scroll down. Can this be fixed?
-
BPC Optimization Server Time Out error message
We're using BPC 7.5 MS and on patch level 111.02 There's two front-end servers and one back-end. When completing a full optimization with compression on an application we immediately get the optimization popup screen with no processing information on
-
Help the weary - trying to upgrade from OS X 10.4.6 to 10.4.10
Hi all - I would greatly appreciate any help. I am trying to do an upgrade from 4.6 to 4.10. It is part of my software update list. The problem is that it is 300MB and the upgrade times out everytime I try to upgrade. The download gets slower and slo
-
which class method defined for every operation