Backpac: A package state snapshot and restore tool for Arch Linux

backpac:
A package state snapshot and restore tool for Arch Linux with config file save/restore support.
https://aur.archlinux.org/packages.php?ID=52957
https://github.com/altercation/backpac (see readme on the github repository for more information)
Summary & Features
It's a common method of setting up a single system: take some notes about what packages you've installed, what files you've modified.
Backpac creates those notes for you and helps back up important configuration files. Specifically, backpac does the following:
maintains a list of installed groups (based on 80% of group packages being installed)
maintains a list of packages (including official and aur packages, listed separately)
maintains a list of files (manually created)
backs up key config files as detailed in the files list you create
The package, group and files lists along with the snapshot config files allows system state to be easily committed to version control such as git.
Backpac can also use these lists to install packages and files. Essentially, then, backpac takes a snapshot of your system and can recreate that state from the files and lists it archives.
Use Cases
Ongoing system state backup to github
Quick install of new system from existing backpac config
Conform current system to given state in backpac config
Backpac is a very, very lightweight way of saving and restoring system state.
It's not intended for rolling out and maintaining multiple similar systems, it's designed to assist individual users in the maintainance of their own Arch Linux box.
Status
Alpha, release for testing among those interested. Passing all tests right now but will continue to rework and refine. Bug reports needed.
Why?
There are a lot of 'big-iron' solutions to maintaining, backing up and restoring system state. Setting these up for a single system or a handful of personal systems has always seemed like overkill.
There are also some existing pacman list making utilities around, but most of them seem to list either all packages or don't separate the official and aur packages the way I wanted. Some detect group install state, some don't. I wanted all these features in backpac.
Finally, whatever tool I use, I'd like it to be simple (c.f. the Arch Way). Lists that are produced should be human readable, human maintainable and not different from what I'm using in non-automated form. Backpac fulfills these requirements.
Regarding files, I wanted to be able to backup arbitrary system files to a git repository. Tools like etckeeper are interesting but non /etc files in that case aren't backed up (without some link trickery) and there isn't any automatic integration with pacman, so there is no current advantage to using a tool like that. I also like making an explicit list of files to snapshot.
Sample Output
This is the command line report. Additionally, backpac saves this information to the backpac groups, packages and files lists and the files snapshot directory.
$ backpac -Qf
backpac
(-b) Backups ON; Files will be saved in place with backup suffix.
-f Force mode ON; No prompts presented (CAUTION).
(-F) Full Force mode OFF; Prompt displayed before script runs.
(-g) Suppress group check OFF; Groups will be checked for currency.
(-h) Display option and usage summary.
(-p) Default backpac: /home/es/.config/backpac/tau.
-Q Simple Query ON; Report shown; no changes made to system.
(-R) Auto-Remove OFF; Remove/Uninstall action default to NO.
(-S) System update OFF; No system files will be updated.
(-U) backpac config update OFF; backpac files will not be updated.
Sourcing from backpac config directory: /home/es/.config/backpac/tau
Initializing.................Done
GROUPS
============================================================================
/home/es/.config/backpac/tau/groups
GROUPS UP TO DATE: group listed in backpac and >80% local install:
base base-devel xfce4 xorg xorg-apps xorg-drivers xorg-fonts
GROUP PACKAGES; MISSING?: group member packages not installed:
(base: nano)
(xfce4: thunar xfdesktop)
PACKAGES
============================================================================
/home/es/.config/backpac/tau/packages
PACKAGES UP TO DATE: packages listed in backpac also installed on system:
acpi acpid acpitool aif alsa-utils augeas cowsay cpufrequtils curl dialog
firefox gamin git ifplugd iw mesa mesa-demos mutt netcfg openssh rfkill
rsync rxvt-unicode sudo terminus-font vim wpa_actiond wpa_supplicant_gui
xmobar xorg-server-utils xorg-twm xorg-utils xorg-xclock xorg-xinit xterm
yacpi yajl youtube-dl zsh
AUR UP TO DATE: aur packages listed in backpac also installed on system:
flashplugin-beta freetype2-git-infinality git-annex haskell-json
package-query-git packer wpa_auto xmonad-contrib-darcs xmonad-darcs
AUR NOT IN backpac: installed aur packages not listed in backpac config:
yaourt-git
FILES
============================================================================
/home/es/.config/backpac/tau/files
MATCHES ON SYSTEM/CONFIG:
/boot/grub/menu.lst
/etc/acpi/handler.sh
/etc/rc.conf
/etc/rc.local

firecat53 wrote:I think your plan for handling an AUR_HELPER is good. If AUR_HELPER is defined by the user, then either you might need a list of major AUR helpers and their command line switches so you can pick the correct switch for what needs to be done (most use some variation of -S for installing, but not all), or have the user define the correct switch(es) somehow for their chosen AUR helper.
That's a good idea. I'll add that to my AUR refactoring todo.
I also found directory tracking to be a weakness in other dotfile managers that I tried. I think you would definitely have to recursively list out the contents of a tracked directory and deal with each file individually. Wildcard support would be nice...I just haven't personally found a use case for it yet.
I've been thinking that I could just add the directory and scan through it for any non-default attribute files. If those are found then they get automatically added to the files list. That's pretty close to what etckeeper does.
Edit: I just compiled the dev version and removed my comments for already fixed things...sorry!
The master branch should have those fixes as well, but I didn't update the version number in the package build. I'll have to do that.
1. Still apparently didn't handle the escaped space for this item: (the file does exist on my system)
Ok, good to know. This wildcard directory business will require some new code and refactoring so I'll also rework my filenames handling.
2. Suggestion: you should make that awesome README into a man page!
I was working on one (the pkgbuild has a commented out line for the man page) but I had to leave it for later. Definitely want a man page. Once this stabilizes and I'm sure there aren't any big structural changes, I'll convert it to man format.
3. Suggestion: add the word 'dotfile' into your description somewhere on this page, the github page, and in the package description so people looking for dotfile managers will find it. You could also consider modularizing the script into a dotfile manager and the package manager, so people on other distros could take advantage of your dotfile management scheme.
I actually have a different script for dotfile management that doesn't touch packages, but there is definitely overlap with this one. That script isn't released yet, though, and if people find this useful for dotfile management that's great. I'll add that in.
4. Suggestion: since -Q is a read-only operation, why not just make it run with -f automatically to avoid the prompt?
Originally, running backpac without any command line options produced the Query output. I was concerned that since it is a utility that can potentially overwrite system files, it is important to give users a clear statement prior to execution about what will be done. Since the Query output is essentially the same as the Update and System reports in format and content, I wanted to be explicit about the Query being a passive no-change operation. The current command line options aren't set in stone though. If you feel strongly about it being different, let me know.
Long answer to a short question
5. Another suggestion: any thought to providing some sort of 'scrub' function to remove private information from the stored files if desired? This would be cool for publishing public dotfiles to github. Perhaps a credentials file (I did this with python for my own configs). Probably detecting email addresses and passwords without a scrub file would be rather difficult because dotfiles come in so many flavors.
Yes, absolutely. In fact, if you look at the lib/local file (pretty sure it's in both master and dev branches in this state) you'll see some references to a sanitize function. The idea there is that the user will list out bash associative arrays like this:
SANITIZE_WPA_=(
[FILE]='/etc/wpa_supplicant.conf'
[CMD]='sed s/expungepattern/sanitizedoutput/g'
Question: am I missing an obvious option to remove a file from the files.d directory if I delete it from the files list? Or do I have to delete it manually? It might be helpful to add a section to the README on how to update and delete dotfiles from being tracked, and also a more detailed description of what the -b option does (and what is actually created when it's not used).
You are only missing the function I didn't finish. There should be either dummy code or a TODO in the backpac main script referencing garbage collection, which isn't difficult but I just haven't finished it. The idea being another loop of "hey I found these old files in your files.d, mind if I delete them?" It's on my list and I'll try to get it in asap.
And finally, just out of curiosity, why did you choose to actually copy the files instead of symlink like so many other dotfile managers do?
git not following symlinks, hardlinks also out for permissions issues (git wouldn't be able to read the files, change them, etc.)
I definitely would prefer to not make an entire copy of the file, but I haven't come up with a better option. Shout with ideas, though. Also, if there is a way around the link issues I noted above, let me know. I don't see one but that doesn't mean it's not there.
edit: I think a Seattle area Arch meetup would be cool! Perhaps coffee someplace? Bellevue? U-district? Anyone else? BYOPOL (bring your own pimped out laptop)
A general meetup sounds good. I was also thinking it would be fun to do a mini archcon with some demos.

Similar Messages

Mondo rescue and mindi patched for Arch Linux

Mondo rescue is a disaster recovery tool.
Last year, I wanted to test mondo rescue for the first time, but I found there was no official package and no PKGBUILD in AUR.
So I had to build one and upload it to AUR. But soon I found there were a lot of problems related to the lack of compatibility with Arch Linux.
I had to deep in the code and made some patches that turned it usable in Arch system.
Mondo version 2.2.9.5-2, and mindi-2.0.7.6-3 are now full compatible with Arch (at least for me).
That's why I'm asking Arch users (if someone interested) to test mondo and mindi PKGBUILD's and give your feedback to help me to improve it.
mondo AUR - http://aur.archlinux.org/packages.php?ID=38366
mindi AUR - http://aur.archlinux.org/packages.php?ID=38365
mindi-busybox - http://aur.archlinux.org/packages.php?ID=38364
mondorescue website - http://www.mondorescue.org/
Thank's for your feedback.

You are right! The server is down :-(
This server was an alternative I found for the original one that was also down at that time.
Now http://www.hello-penguin.com/software.htm is up again, but I had some problems downloading source code with pacman.
This is a little frustrating when servers are up and down intermittently.
So, I made a mirror in my own server where buffer-1.19.tar.gz can be downloaded too, and uploaded a new version PKBUILD to AUR (http://aur.archlinux.org/packages.php?ID=38363).
PKGBUILD now downloads source code from this alternative server, but if you wish, you can edit PKGBUILD and chose the original one (in the commented line).
Hope this can be solved now.

.dotjs and .dotcss for Arch Linux Users

Hi all,
I've created a new Google Chrome extension to enable the functionalities of .dotjs and .dotcss extensions for Arch Linux users.
Check it here; https://github.com/azer/.w3
Contributions and ideas are welcome,
Azer

Thanks for doing this, never heard of dotjs before, but I love the idea and definitely have some use cases for this.
Of course as an arch user, Im just kindly asking if you plan to create an AUR - package for this?

Windows 8.1: Is it possible to go back to the old back up and restore tool of Windows 7

Hello,
Is there a way to install the windows 7 backup and restore tool on Windows 8.1?
Thanks

No, unfortunately, you have to use the one that's available.
How to create a system image
from Windows powershell (admin) type
"wbadmin start backup -backuptarget:d: -allcritical"
Where :d: is where you will save your image file.
you get the same image files as with the Windows 7 file restore.
Restore the image with help from a Windows 8.1 Dvd,
or from recovery advanced setup.
Teching It Easy: With Windows |ActiveWin |
Notebooks |
Microsoft MVP

Monitoring and Alerting tools for Business Object Data Integrator

Hi,
We have Business Objects DI installed in AIX 5.3 environment. Please advise any type of monitoring and alerting tools for DI.
Monitor tools to monitor Job servers(like job service and web services running properly) and also to monitor long running extraction jobs and alerting the same. Thanks.
Thanks.
Raj.

Hi Thomas
Though both the tools objectives are for Data integration, the purpose for both tools are different.
SAP BODS/ BOBJ Data Integrator is an ETL tool which involves combining data residing in different sources and providing users with a unified view of the data
SAP PI is a Middleware/EAI tool which have a mechanism/technology that connects different parts of an application or a series of applications
SAP BOBJ Data Integrator
Bulk Data Integration
Extraction Transformation and Loading
Deals of huge volume of data
SAP PI
It is process based integration of application data
It is a middle ware which integrates various project applications into a common programming package that can be operate/access as a single application
SAP NetWeaver PI is SAP’s implementation of Service-oriented Architecture (SOA) middleware and facilitates the integration of business processes that span different departments, organizations, or companies.
SAP PI uses SAP NetWeaver Application Server and message servers where in fail over cases the messages can be resent again.
The below differences will gives you more clarity
Verdict is we can use both the tools for data transfer/migration and for choosing the tool depends upon the business requirement
Please reply back if you need more information.
Regards
Murthy

Collection : Popular DVD and Video Tools (For Mac)

Collection : Popular DVD and Video Tools (For Mac)
iPod softwares http://www.oursdownload.com/Mac-DVD-Video-iPod.html
iPhone softwares http://www.oursdownload.com/Mac-DVD-Video-iPhone.html
PSP softwares http://www.oursdownload.com/Mac-DVD-Video-PSP.html
Apple TV softwares http://www.oursdownload.com/Mac-DVD-Video-Apple-tv.html
DVD to Mobile(3GP) softwares http://www.oursdownload.com/Mac-DVD-3GP.html
DVD Video to MP4 softwares http://www.oursdownload.com/Mac-DVD-Video-MP4.html
DVD Converter http://www.oursdownload.com/Mac-DVD-Converter.html
Video Converter http://www.oursdownload.com/Mac-Video-Converter.html
DVD Copy softwares http://www.oursdownload.com/Mac-DVD-Copy.html
DVD ripper softwares http://www.oursdownload.com/Mac-DVD-Ripper.html
DVD to Blackberry http://www.oursdownload.com/Mac-DVD-Blackberry.html
DVD Creator http://www.oursdownload.com/Mac-DVD-Creator.html
DVD Studio Pack http://www.oursdownload.com/Mac-DVD-Studio.html

I addition to running less concurrent processes or installing more RAM as Kappy mentioned.
I also see that you have less than 10% of free space left on your HDD.
Disk Information: ?
ST3500418AS disk0 : (500.11 GB)
S.M.A.R.T. Status: Verified
EFI (disk0s1) <not mounted>: 209.7 MB
Macintosh HD (disk0s2) / [Startup]: 499.25 GB (40.6 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
Which is fairly low and forcing it to work on the slowest part of the HDDs platter.

Data Warehouse and ETL tools for data verification ?

Data Warehouse and ETL tools for data verification ?
How need to to data verification using ETL tool ? Also how to relate this thing to datawaehouse ?
Thanks in Advance

Hi Shyamal Kumar,
1) BW it self facilitates to do the ETL (Extraction Transformation Loading) steps:
     example:
                 Extraction - from SAP or other data bases
                 Transformation - using transfer rules, Updates rules
                 Loading - Loading into ODS, Cube, master data
2) Typically used ETL tools in the industry are:
     a)   datastage from Ascential (owned by IBM)
     b)   Informatica
     c)   Mercator
Regards, BB

RMAN Backup and Restore - From AIX to Linux

Hi All,
I want to take RMAN Backup from AIX (Oracle 11.2.0.3) and restore it to RHE Linux . Both of them are 64-bit.
Can someone please, let me know the steps ?
Thanks,

airmax012 wrote:
hello can i restore an RMAN backup from AIX to LINUX?
thanksI give up.
Can you.
post Oracle version to 4 decimal places

System encryption using LUKS and GPG encrypted keys for arch linux

Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)

I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?$${VALUENAME}$=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^$${VALUENAME}.*$$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#$${VALUENAME}.*$$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^$127\.0\.0\.1.*$$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*$%wheel\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
sed -i "s/#\s*$%sudo\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO

Differences between Oracle 8i for a UNIX Platform and Oracle 8i for a Linux Platform

Hello,
J would like to know if there are some differences between Oracle 8i for a UNIX Platform and Oracle 8i for a Linux Platform.
I know that there are some differences on Oracle 8i Parallel Server and i know that some products are not include like precompiler (Mod*Ada, Pro*FORTRAN) on a Linux Platform.
Thank you.

We have installed Oracle 8i on Solaris 8 and it had a great performance, of course that the hardware and licence invested here was costed my the office where i work. Personaly i'd installed linux reh hat 8 and oracle 8i, imagine that, it could be implemented by any individual that has the time to do so.
By buyinng from a company that has a good background you could be sure that you will have support.
Bottom line, if you have the $ to buy great hardware go for a unix platform. But if you don't a Red Hat Linux Server Licence with a 1 year sopport and Oracle data base is about 3500Dls.
Visit www.red-hat.com
Rewards... Bye

Do I need special version of forms 2000 and forms 6i for Xandros Linux?

Hi,
Please tell me if someone knows that, do i need any special version of forms 2000 and forms 6i
for 'xandros Linux' or the same can be install which we usually use for windows xp or 2000.
Regards and thanks in advance.

Have in mind that Xandros is not certified. However, the biggest problem if the distribution is a newer on is about OpenMotif libraries as Developer 6i installation requires version 2.1.30 to install successfully.
If it may be of any use, there's a guide on installing on [SLES 8|http://knol.google.com/k/cuauhtmoc-amox/install-oracle-developer-6i-on-suse/153594c4goidl/3].

The future of Snapshot, and similar tools.

My apologies for posting this twice. I posted it first as a follow up
to an old thread in ...
novell.support.zenworks.desktop-management.6x.install-setup
I am quoting some comments made in that forum.
Then after surfing the forums for awhile, I thought the issue might get
more attention, if I posted it here. I am looking for ideas and advice
on the future of snap shot, and any tools that Novell might provide to
replace it.
If I could address some of these comments, in hopes of better
understanding ...
RE: >>>
> Most companies invest in packaging tools such the full version of
> AdminStudio to create deployment packages. They then use their desktop
> management suites to deploy those packages.
Admin Studio is not cheap. After a client has spend thousands of
dollars to implement ZENWorks, now I have to tell them to drop another
couple thousand down for an application packager. I also don't fully
understand Novell's relationship with the product, they don't seem to be
partnering well together, I'd appreciate anyone else's read on this
relationship.
RE: >>
> Novell has for over 5 years now been trying to steer people from
> Snapshot
I've heard that statement made verbally by many engineers, but I don't
always see the practice following that.
Has Novell ever gone on record to state they will no longer support snap
shot???
RE: >> > If your snapshots are failing with the latest versions of
snapshot, then
> most likely your software package falls outside the scope of what
> snapshot should be trying to handle.
Maybe I've just gotten lucky? I've have not had many issues with using
snapshot, and I have been involved in a wide variety of applications.
I have seen the statement made on the forum that ZEN Works is not really
a "Packaging" suite. While that may be a true statement, because
Snapshot has been packaged with the product for so long, the mind set of
customers is that it is expected to work, and be supported.
I look forward to additional comments on this matter.

Tom,
I'm not sure what exactly are you searching for? ZdM is already providing
you with snapshot replacement - AdminStudio ZfD edition, included in ZfD
price.
AdminStudio part for preparing snapshot MSI is identical in ZfD and
Professional edition.
All comments you qouted (including this one) are personal opinions - I
suggest you to try AdminStudio ZfD edition and make your own.
Denis
"tom" <[email protected]> wrote in message
news:[email protected]...
> My apologies for posting this twice. I posted it first as a follow up to
> an old thread in ...
>
> novell.support.zenworks.desktop-management.6x.install-setup
>
> I am quoting some comments made in that forum.
>
> Then after surfing the forums for awhile, I thought the issue might get
> more attention, if I posted it here. I am looking for ideas and advice on
> the future of snap shot, and any tools that Novell might provide to
> replace it.
>
>
> If I could address some of these comments, in hopes of better
> understanding ...
>
> RE: >>>
> > Most companies invest in packaging tools such the full version of
> > AdminStudio to create deployment packages. They then use their desktop
> > management suites to deploy those packages.
>
> Admin Studio is not cheap. After a client has spend thousands of dollars
> to implement ZENWorks, now I have to tell them to drop another couple
> thousand down for an application packager. I also don't fully understand
> Novell's relationship with the product, they don't seem to be partnering
> well together, I'd appreciate anyone else's read on this relationship.
>
> RE: >>
> > Novell has for over 5 years now been trying to steer people from
> > Snapshot
>
> I've heard that statement made verbally by many engineers, but I don't
> always see the practice following that.
>
> Has Novell ever gone on record to state they will no longer support snap
> shot???
>
>
> RE: >> > If your snapshots are failing with the latest versions of
> snapshot, then
> > most likely your software package falls outside the scope of what
> > snapshot should be trying to handle.
>
> Maybe I've just gotten lucky? I've have not had many issues with using
> snapshot, and I have been involved in a wide variety of applications.
>
> I have seen the statement made on the forum that ZEN Works is not really a
> "Packaging" suite. While that may be a true statement, because Snapshot
> has been packaged with the product for so long, the mind set of customers
> is that it is expected to work, and be supported.
>
> I look forward to additional comments on this matter.

Monitoring and backup/restore tools for TT databases

Hi there,
I am new to TimesTen. I need to set up automatic monitoring for TT databases. Are there any tools available? Also would like to know if there are any tools for tracking backups for these datastores.
Any standards & best practices for managing TimesTen environment available?
Appreciate any help/advise.
Regards

Hi Vidya,
You did not mention what type of Unix/Linux you are using or what version of TimesTen. I will assume it is a mainstream Unix (Solaris, HP/UX or similar) or Linux (RedHat, SuSE etc.) and a recent (6.0 or 7.0) version of TimesTen. I will also assume that you want to put everything back 'as is' after the rebuild (i.e. you are not upgrading TimesTen versions or changing anything else about the configuration). IF YOU ARE PLANNING TO UPGRADE TIMESTEN AS PART OF THE REBUILD THEN THE STEPS LISTED BELOW WILL NOT WORK 'AS IS' AND WILL NEED MODIFICATION.
Assuming that the machine is going to be 'wiped' during the rebuild then the main things you need to preserve are:
1. Kernel parameter and other system level configuratiopn for TimesTen and indeed any other software running on the box. You would do this by taking copies of the relevant system configuration files and re-applying the customisations after the rebuild. As well as kernel parameters this might include things like users and groups.
2. The port numbers used by each installed TimesTen instance. You can find these out from the ttVersion and ttStatus commands in each instance. Make a note of these as you will need them afterwards for re-installation.
3. TimesTen configuration files for each installed TimesTen instance. You may have multiple TimesTen instances of the same or different versions installed. You can find out by looking at
the file /etc/TimesTen/instance_info which contains details of every TimesTen installation (instance) on the machine. The instance configuration files are found in <install_dir>/info and are called; ttendaemon.options, sys.odbc.ini, sys.ttconnect.ini, snmp.ini and ttpasswd. You should make safe copies of all these files for each instance.
4. Any user configuration files that e.g. configure TimesTen environment variables and any user ODBC configuration files such as .odbc.ini in user's home directory.
5. Any datastores (databases) that you need to preserve across the rebuild. For each of these, take a backup of the datastore using the TimesTen ttBackup command and preserve the output files/directories. You need to do this separately for each datastore in each TimesTen instance.
After you have secured the above then you should be okay to do the rebuild. After the rebuild you should:
a) Re-apply all system level config changes (kernel parameters, users, groups etc.) preserved from (see step 1 above).
b) Re-install all required TimesTen instances into the same installation directories, and using the same port numbers, as they had previous to the rebuild (see step 2 above). The installations should be performed as the same user as the original installatuions (the ttVersion output from step 2 above would tell you that). Prior to performing the installation you would need a sysadmin to create the /etc/TimesTen directory and assign suitable permissiosn to it (see TimesTen installation Guide for more details).
c) Re-instate the saved TimesTen configuration files for each instance (see step 3 above).
d) Re-instate any user level configuration files (see step 4 above).
e) Re-create any datastore directories as required ready to receive the restored datastores (check datastore and log file paths in ODBC configuration files).
f) Restore the datastore backup directories (created in step 5 above) to somewhere on disk.
g) Use ttRestore in each instance to restore each datastore from the backup files restored in step (f) above. This re-creates all your datastores with all their data etc.
If you follow this procedure and are not doing anything like changing TimesTen major versions (e.g. 6.0 -> 7.0) as part of the rebuild then you should not need to relink any application binaries. If for some reason you want to relink any application binaries you should consult the application developers who should have suitable makefiles to do this.
I think this is pretty complete but of course it is possible there are additional things specific to your installation or operational regime of which I am unaware and so of course we can not accept any responsibility for any errors or omissions...
I will send you the document on monitoring TimesTen via your e-mail address.
Chris

Backup and restore documentation for outlooksoft 4.2

Any one have backup and restore appset documentation for Outlooksoft 4.2 version? I am interested in both the Server Manager functionality and doing it manually. I haven't had much luck with backing up appset using server manager.
Thank you.

Hi,
Keep in mind that with version 4.2, BPC Server manager backup and restore the OLAP DB (SQL Server 2000) whereas it does not requires it anymore starting version 5.x.
The root reason is that under 4.2 + AS 2000, security access to cube are directly stored in the cube definition.
But there is a side effect about this : If your AS database is over 2GB then BPC Server Manager will not work anymore. This is due to a restriction on SQL Server Analysis Service 2000 on msmdarch.exe process.
Based on previous experience, if you want to do it manually because BPC Server manager is not working :
Backup \webfolder\<<AppSet>>\*
Backup \FileDB\<<AppSet>>\*
Backup AppSet DB
After restore, you will have to process everything to get back Analysis Service DB + Cubes + Security... But i am not very sure it will work. Maybe you should at least create the OLAP DB (even if it's empty) to make it work.
But for sure this is doable, but technical limitation make it hard !

Reporting and Report tools for CCM

Can anyone point me in the right direction or give me some suggestions on reporting in CCM. To be a little more specific; for example if a few users complain they are tryin to make outbound calls, and getting a busy signal, is there any reporting tool that I can use to pinpoint the problem or eventually be able to say, hey we need another phone line, etc...
Also. User calls can complains that the calls they are making lack in quality, how do I report on this or research?

In order to determine if there are any records in the Structured Query Language (SQL) database, complete these steps:
Choose Start > Programs > SQL > Enterprise Manager > Microsoft SQL Servers > SQL Server Group.
Choose Publisher Server > Databases.
Choose CDR > Tables. Right-click the CallDetailRecord table.
Choose Open Table > Return All Rows. Determine if there are any records.
If many records appear, complete this procedure to remove records from ART:
Choose Programs > SQL Server > Query Analyzer. Log in and choose ART database.
Run these queries:
delete from Tbl_Load_History
delete from Tbl_Dump_PkID
delete from Tbl_Error_Id_Map
delete from Tbl_Billing_Data
delete from Tbl_Billing_Error
delete from Tbl_Dump_CallDetailRecord
delete from Tbl_Dump_CallDetailRecordDiagnostic
This forces ART to get all the old CDRs into ART in the next scheduled loading time. By default, CDR data is loaded every day from midnight to 5 a.m.
Restart the CDR Insert and DBL Monitor Services from CCM Administration > Application >Cisco CCM Serviceability >Tools > Control Center.
Refer to the How can I manually purge the ART database? section of CallManager Issue Resolution with CDR and ART FAQ for more information.
Note: Information deletes from the ART database but not from the CDR.
Note: If you do not see any records, there are no CDR entries for that time and date range. Determine if conditions are met for CDR generation. CDR records are generated in these circumstances:
The service parameters CdrEnabled and CallDiagnosticsEnabled are set to True.
The call is established and has a talk duration greater than 0.
The call fails and has a cause code that reflects the error.
In order to set the service parameters, choose Service > Service Parameters, and make sure that the service parameters CdrEnabled and CallDiagnosticsEnabled are set to True in all of the Cisco CallManager servers, both publisher and subscriber.

Backpac: A package state snapshot and restore tool for Arch Linux

Similar Messages

Maybe you are looking for