Need advise on dual systems to use fcp and logic

i just got a imac 27" i7, 12Gb ram, 1TB HD and 1GB vRam.
i was using a imac 20" Core 2 duo 2.33Ghz, 1TB HD for video,
On this machine i ran FCP studio, FCP refuses to boot on the same machine with some of my 3rd party plugs in Logic.
So i then went to the macbook pro17 2006 2.33 GHZ with a 500GB HD for audio.
On this machine i ran pro tools, logic etc
now i wonder what the best solution is with the imac, like if i can somehow install one of these as a virtual machine or dual booth partition, i would rather run them at the same time since i switch between often., if the imac is fast enough to i hope., anyone have ideas? will vnware or parralel work out well?
any advise appreciated, seriously
Cheers

It is not advisable to relocate the sounds that came with LP to an external drive. LP uses a certain hierarchy in the order it looks for sounds. LP "expects" certain sounds to reside in a certain place.
You should move all your Akai, EMU and other sounds that are visible to you, to your external drive. Use aliases in the original folders on your internal HD. You can also do this with your user-created Apple Loops.
Try to keep around 20% of your internal HD space free.
After you moved your files, use Project Manager to scan all your drives and organize your files and directories.
Under LP > Preferences > Global > Project Manager, check "Load Project Manager database on program launch" and select "Search files using: Project Manager database", or "Search files using: Project Manager database and Search Engine".
Your EXS24 files will load like a charm.
sonther

Similar Messages

I need to reinstall but system was pre-installed and i do not have the apple id used

I need to reinstall but system was pre-installed and i do not have the apple id used OSX Lion.

I need to reinstall but system was pre-installed and i do not have the apple id used OSX Lion.

Newbie w/i 60 days...need advise on dual OS and how to accomplish asap

Baltwo or anyone that can assist, You seem to give clear cut advise...can you help a complete newbie, less than 60 days with a 15.4 Mac ProBook, Core 2 Duo, Tiger OS X 10.4.10 I need to run dual OS systems most comfortable with Windows XP Professional. I'm a college student at 45 years old and don't have time to waste in the middle of semester. I've downloaded Word for Mac that has excell, and power point but I still have to use a thumbdrive to transfer files to my desktop Windows XP to print the darn papers. I'll like to get the software that helps me to run Windows XP Pro smoothly. Do I need to purchase Boot Camp and VIfusion both or does my Mac already have Boot Camp on it. If so how do I confirm if it has it or not. Please advise b/c this is what I think I need to do: Verify if I have Boot Camp on Mac, if not purchase Boot Camp and VIfusion to run new version of Windows XP Pro since old version won't work...I know a waste of money buying the new Microsoft word for Mac within 60 days only to have to upgrade already to use XP. I do not want to go to Vista...heard too many headaches with the system from my professors alone. I am really ignorant to the Mac but my daughter is studying Graphis Design and I am into photography and hopefully, I will be able to use my Mac for the photoshop/InDesign etc., but right this minute I need some good advice. I also can get a good discount through the university so it can save me some money. I also didn't know if I should update to Leopard and if it is necessary or just another OS like Vista is to XP. Would sincerely appreciate your advice. Respectfully, Samantha Also willing to call you personally to chat about this if it would be easier to answer some questions. I had no idea that support would be so complicated. I do have AppleCare Protection. Also I plan on putting Norton Anti-virus on my Mac to protect the Windows side of the OS. Lost in Florida but loving the lack of hurricanes thus far.

AFAIK Boot Camp beta no longer works with Tiger. It is bundled with Leopard: or you could investigate Parallels which is a more convenient solution than Boot Camp since you don't need to reboot to use it.
Put Norton AV on the Windows side by all means but don't install the Mac version - it's been known to cause problems.
Leopard is not 'necessary' but it has some interesting new facilities (and a lot of eye candy). Have a look at the Apple Site to see whether you think the extra facilities are worth having. It might in any case be worth waiting for a while for the early bugs to be ironed out (do you iron a bug?). Parallels will run under Tiger.

Workflow question - need to do quick speed adjustments in fcp and maintain

Tried the documentation first...
I have a project where I will be adjusting the timing (speed) of most of the clips. Once I have the video and audio locked i will undue speed changes in fcp and use motion to get the most precise results / renders. Check me if I have this part wrong.
to facilitate editing i would like to do the speed changes for a clip in fcp and keep it's associated dialogue track in sync. ultimetly this will be a silent film so the dialogue will fall away. is there any way that speed changes applied to a linked video and audio clip can be made in fcp while preserving pitch? otherwise higly annoying to edit.
if not and i have to go to sound track pro to maintain pitch what does the workflow look like to make speed changes and keep audio at the same pitch.
thanks in advance,
wayne - portland oregon

Michael,
That's what I am doing with Batch Export now. I just wish that I didn't have to create a new destination folder for each bin. This is an insurance documentation project. W/o going into too much detail, I have 3100 clips from 54 different buildings, 395 different units in those buildings and the clips for each unit in their own bin. I need to keep that structure intact as I export.
I'm guessing that using Batch Export is the only way to go with out an upgrade to go straight to compressor from the Browser.
K

Need Help Badly on Shopping Cart Using JSP And Java Servlet

Hi All,
This is the 1st time i am trying to create a shopping cart using JSP and Servlet.
I have read through a few acticles but i still do not get the whole idea of how it works.
Please guide me as i need help very badly.
Thanks.
This is one of the jsp page which displays the category of products user would like to buy : Products.jsp
<html>
<head>
<title>Purchase Order</title>
</head>
<body topmargin="30">
<table border="0" width="100%" id="table1" cellpadding="2">
 <tr>
 <td bgcolor="#990000" width="96">
 
 Code</td>
 <td bgcolor="#990000" width="260">
 
 Description </td>
 <td bgcolor="#990000" width="130">
 Brand
 </td>
 <td bgcolor="#990000" width="146">
 UOM
 </td>
 <td bgcolor="#990000" width="57">
 Unit 
 Price </td>
 <td bgcolor="#990000" width="62">
 
 Carton 
 Price </td>
 <td bgcolor="#990000" width="36">
 
 Qty</td>
 <td bgcolor="#990000" width="65">
 Add 
 To Cart</td>
 </tr>
<tr>
<td align="center" width="96" bgcolor="#CCCCCC">
123
</td>
<td align="center" width="260" bgcolor="#CCCCCC">
Tom Yam
</td>
<td align="center" width="130" bgcolor="#CCCCCC">
Nissin
</td>
<td align="center" width="146" bgcolor="#CCCCCC">
12 x 10's
</td>
<td align="center" width="57" bgcolor="#CCCCCC">
$3.85
</td>
<td align="center" width="62" bgcolor="#CCCCCC">
$46.2
</td>
<td align="center" width="36" bgcolor="#CCCCCC">

<input type="Integer" name="Q10005" size="1">
</td>
<td align="center" width="65" bgcolor="#CCCCCC">
<input type="checkbox" name="checkbox" value="123">
</tr>
<tr>
</table>
<table border="0" width="100%" id="table2">
 <tr>
 <td>
 <div align="right">
 <input type="hidden" name="hAction" value="AddToCart"/>
 <input type=submit name="submit" value="Add To Cart"/>
</div>
</td>
 </tr>
</table>
</body>
</html>
After user has make his selection by entering the qty and ticking on the check box, he would click the "Add To Cart" button ... and this would call my servlet : AddToAddControlSerlvet.java
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
import java.util.*;
import java.util.ArrayList;
public class AddToCartControlServlet extends HttpServlet
 public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException,IOException
 String action = req.getParameter("hAction");
 if (action.equals("AddToCart"))
 addToCart(req,res);
 public void addToCart(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
 try
 String url = "";
 String[] addList = req.getParameterValues("checkbox");
 HttpSession sess = req.getSession(true);
 //String sessionID = sess.getId();
 DBClass dbClass = new DBClass();
 ArrayList cartList = new ArrayList();
 for (int i = 0; i < addList.length; i++)
 String productCode = (String)addList;
 int qty = Integer.parseInt(req.getParameter("Q"+productCode));
 Products product = dbClass.getProductDetail(productCode);
 double totalUnitAmt = qty * product.getUnitPrice();
 double totalCartonAmt = qty * product.getCartonPrice();
 Order order = new Order(product.getProductCode(),product.getProductDesc(),product.getBrandName(),product.getUom(),qty,product.getUnitPrice(),product.getCartonPrice(),totalUnitAmt,totalCartonAmt);
 cartList.add(order);
 sess.setAttribute("cartList", cartList);
 url = "/Cart/CartDetails.jsp";
 ServletContext sc = getServletContext();
 RequestDispatcher rd = sc.getRequestDispatcher(url);
 rd.forward(req, res);
 catch (Exception e)
 System.out.println(e);
From here, i would get the list of items which user has selected and add to the cartList, then i would direct the user to CartDetails.jsp which displayed the items user has selected.
From there, user would be able to remove or to continue shopping by selecting other category.
How i do store all the items user has selected ... everytime he would wan to view his cart ...
As i would be calling from jsp to servlet .. or jsp to servlet ... and i do not know how i should go about in creating the shopping cart.

Hi !
Yon can use a data structure as vector and store the items selected by the user into the vector . Keep the vector in session using session object , so the user can access the entire shopping cart from anywhere in the application .
Then , you can change the cart accordingly .
Hope this works.
Cheers ,
Pranav

Need to Lock Planning Area by using Enque and Deque Technique.

Hi Experts,
My problem is I have to lock the planning area till the Batch program complete and I have to unlock the planning area once the batch job is completed. if any one of the user is login i.e. accessing planning book while batch job is running then batch job getting Failed.
we can check the lock in SM12
We have a custom program to send message to user to come out of the planning area but it does hit upto the mark.
we are expecting some solution to lock and unlock the plannig area till the job completes.
I was using some functional module to lock the planning area but it does not helped us. Kindly provide some help to acheive this situation
The below functional modules I used to lock the Plannning area ZDP31. I have given the input while executing the Function module PAREAID = ZDP31 (our Planning area Name)
1) ENQUEUE_/SAPAPO/E_PAREA
2) /SAPAPO/TS_DM_LOCK
3) /SAPAPO/TS_DM_UNLOCK_NEW
4) /SAPAPO/TS_DM_LOCK_UNLOCK
Please help me its in high prioity for us.

Hello Balaji,
Here are the needful function modules where you can use to lock the PA by enque & deque technique..
a) ENQUEUE_READ Pass Planning Area value as GARG and PAREAID as GNAME to get information about lock entries for selected planning area. GUNAME corresponding to GNAME = /SAPAPO/DM_PAREA_LOCK and GOBJ = /SAPAPO/E_PAREA entries provides user id (s) locking the planning area displayed in the field GTARG.
b) TH_POPUP to send out popup messages to the users locking the Planning Area.
c) TH_DELETE_USER to kick off users (GUNAME) who have been locking the planning area.
I hope this helps...
Cheers !!
Regards
Rahul Chitte

I need to pass multiple select options using submit and reutrn

dear all,
my requirement is i need to pass multiple values for work center like(biw01,biw02,biw03    etc) for this iam giving as biwl* and biot* for the tcode zpp_hmm ,using this i am going to get total working hours of perticular equiment.
for this iam using submit and return query but iam unable to pass multiple work centers as input.
my code is
DATA : z_budat TYPE RANGE OF budat,
       wa_budat LIKE LINE OF z_budat.
wa_budat-low = '20111001'.
wa_budat-sign = 'I'.
wa_budat-option = 'BT'.
wa_budat-high = '20111031'.
APPEND wa_budat TO z_budat.
CLEAR wa_budat.
*wa_budat-High = '20111031'.
*wa_budat-sign = 'I'.
*wa_budat-option = 'BT'.
*append wa_budat to z_budat.
DATA : z_arbpl TYPE RANGE OF arbpl,
       wa_arbpl LIKE LINE OF z_arbpl.
wa_arbpl-low = 'BIWL*'.
wa_arbpl-sign = 'I'.
wa_arbpl-option = 'EQ'.
APPEND wa_arbpl TO z_arbpl.
CLEAR wa_arbpl.
wa_arbpl-high = 'BIOT'.
*wa_arbpl-sign = 'I'.
*wa_arbpl-option = 'BT'.
*APPEND wa_arbpl TO z_arbpl.
SUBMIT   zpp_rep_hemm_perf WITH s_bukrs = '1004' WITH s_budat IN z_budat WITH      s_werks = 'SMJT'
               with   S_ARBPL IN Z_ARBPL USING SELECTION-SCREEN '1000' AND RETURN.
but my doubt is whether it is corect or wrong what ever i am passing inputs for arbpl.
thanks in advance.

You can pass all parameter (rsparams-kind = 'P') and select-options (rsparams-kind = 'S') as a single internal table of type RSPARAMS. Go on appending the field names and values as rows and pass using SELECTION-TABLE parameter of SUBMIT command.
I gave appending one set of selection values for s_budat field but you can go on appending more values for s_budat and other fields.
DATA: lt_rsparams TYPE TABLE OF rsparams,
      ls_rsparams TYPE rsparams.
CLEAR ls_rsparams.
ls_rsparams-selname = 'S_BUDAT'.
ls_rsparams-kind = 'S'.
ls_rsparams-sign = 'I'.
ls_rsparams-option = 'BT'.
ls_rsparams-low = '20111001'.
ls_rsparams-high = '20111031'.
APPEND ls_rsparams TO lt_rsparams.
SUBMIT zpp_rep_hemm_perf WITH SELECTION-TABLE lt_rsparams
                  USING SELECTION-SCREEN '1000'
                  AND RETURN.

FCP and Logic working together

Hi. I would like to know if there's some way of two people working at the same time, in the same project, one editing in FCP and the other doing audio in Logic. I mean, any way of the guy working in Logic being able to update his project with the changes made in FCP?
Someone told me this would be possible with EDL or XML, but i don't know anything about that stuff. I tried exporting a xml from FCP to Logic, but the automation is all wrong and every track is assigned to the same output...
Any help with this issues?
Thanks,
LR
P.S.- FCP 6.0.1 and Logic 8 running on a DP 1.8 G5 with 10.4.10

After some tests i found a way of doing what i want in STP with the "conform" function.
Any way of doing it with Logic?
I posted this in the FCP forum, but maybe i should post it on the Logic forum...
L.R.

Anyone Using PC and Logic with hypersonic ?

by this time i should be on mac, yeah i know but my PC still works and i can still make music
but I was wondering if hpersonic supports multiple output on mac and how well does it run
because i'm thiking of upgrading to a mac and also thinking of getting hypersonic 2 upgrade
does it work with logic 7?
is there something similar to hypersonic or better?
hypersonic happens to be the backbone of all my songs
thanks

its pretty simple
there is few ways of doing this
one is the analog way :
1: connect a midi output from the mac to a midi input to the PC
2: i assume you have a pro interfaces in both mac and PC, so connect 2 or 4 or 6 channels output of the PC to the mac's audio input
3: Launch both logic and insert an instrument of your choice in any of the instrument channels ( EXS24 OR HYPERSONIC ) then select a midi channel in logic pro 7
4: Make sure what ever channel you have selected is the same channel in logic 5.5 on PC ( example, midi channel one will connect to instrument 1 with the input set to midi ch 1 )
if the input on instrument 1 is set to midi to then it wont receive the info from Midi channel 1's output of the mac unless you choose midi channel 2 just like any rewire
5: set the Instrument 1's output to what ever you want the mac to receive from
so if you set the output to 3-4 then you need to select an audio track and set the input to 3-4 to receive the lines just like logic will receive the channel outputs of reason when its been rewired
the good thing about this is you can have stereo inputs for every channels
6: start playing any key on the midi channel 1 on the Logic 7 (Mac) and it'll control the PC logic with the audio output coming in input 3-4 on any of the audio tracks you select in logic
good thing about this is you insert as much powerful plug-ins as wont because they are not in play mode, the only thing thats been triggered is the sounds from the plug-ins so therefore it does eat as much CPU as having them instrument on logic 7 on the same mac or having reason on the same computer
IMPORTANT NOTE
when bouncing, don't bounce it as off-line because its just having an external sound module, bounce it in realtime
and you change the songs to another songs, save the session on Logic 7 and logic 5.5 just like how you'll do on reason and logic 7
two is digital way :
its the same as the analog ways except the audio out put from the PC to the Mac is connect via ( SPDF )
i hope that sounds a bit simple but if you need more info i'll be glad to help you on that
stash

New dual mac pro using fcp studio doesn't see external crt monitor

I recently invested in a system to re-edit film and set up my system...dual editing up is fine I put my larger dell monitor through the 3870 which is in bay one and the browser comes up on the 2nd monitor connected to the 2600 in bay 2.
The problem is I can't get my EXTERNAL VIDEO out go to the crt monitor...this is connected by svideo that's on the 3870 which my primary monitor is connected to. Under "video playback" there's no option to choose "apple firewire" the only thing on that menu is the "digital cinema desktop preview" and only those choices, the same under my audio/video settings under the "final cut pro" menu. Theres no option I see on here either for mirroring under the playback menu either am I looking in the wrong place?
This appears to be a software issue as I'm not seeing the other options under video playback to even recognize the dv connection to my primary monitor...I've seen commentary in other logs to try deleting preferences but which ones?
The crt monitor is seen under my apple hardware, I can move things in and out of it...only in final cut pro I can't get external monitor on it...and when I choose this cinema choice the picture comes up on my main monitor but only as a still it doesn't seem to allow me to choose "all frames" in any case.
My main concern right now is to get this external monitor to be read by final cut PLEASE HELP thanks!

Got the "apple firewire ntsc" choice to show up even if grayed out and "missing" under "audio/visual" menus by recreating choices in Easy Setup under "final cut pro" MENU thank GOODNESS because I was reading horror stories on here about this under another thread with someone trashing preferences, reinstalling and the works and still not getting it to show up...on my search now for an analog/digital converter up at b&h...find it odd that the s video connector wouldn't show the crt monitor when I put both displays through the 3870...I switched it back to see if it worked again when only the one dell monitor display was there and there it is again mirroring the screen display on my desktop...just can't be seen as an "external monitor" in fcp...couldn't find anything specific in the shane ross threads to this. I'm sad the program doesn't just see the s video connection though the 3870 though my computer does fine and will query up at b&h in regard to what might be affordable as far as a digital/analog converter. It's also weird in itself that when I put the two dell monitors on the one card my computer no longer could see the s video crt connection...makes no sense. Will report in later as to what I discover up at b&h as I'm sure there's a world of people out there using this sony crt monitor still even into the upgrades with computers and software so I imagine therein lies the solution. Thanks again and I'll report in as to what hardware might be suggested for me.

Do we need a SAP PI system to use SAP SRM enterprise services?

Hi,
I am working in a project where we need to use some enterprise services like ([Maintain Purchase Request|http://wiki.sdn.sap.com/wiki/display/ESpackages/MaintainPurchaseRequest]) for SAP SRM 7.x. We have an ECC 6 system also in the landscape but the middleware is a non-SAP one. My question is that to be able to use the SRM and Enterprise Services, do we need SAP PI or SAP CE in place. Any help or useful clue/pointers is appreciated.
Best regards,
Nilay

Hi Jesse,
Please refer to my blog for the details.
http://scn.sap.com/community/pi-and-soa-middleware/blog/2012/06/13/transfer-of-central-contract-from-srm-to-ecc-using-web-services-without-pi
Regards,
Naveen

Need advise for best practice when using Toplink with external transaction

Hello;
Our project is trying to switch from Toplink control transaction to using External transaction so we can make database operation and JMS operation within a single transaction.
Some of our team try out the Toplink support for external transaction and come up with the following initial recommendation.
Since we are not familar with using external transaction, I would like member of this forum and experts, to help comment on whether these recommendation are indeed valid or in line with the best practice. And for folks that have done this in their project, what did you do ?
Any help will be most appreciated.
Data Access Objects must be enhanced to support reading from a TOPLink unit of work when using an external transaction controller. Developers must consider what impact a global transaction will have on the methods in their data access objects (DAOs).
The following findSomeObject method is representative of a finder in the current implementation of our DAOs. It is not especially designed to execute in the context of a global transaction, nor read from a unit of work.
public findSomeObject(ILoginUser aUser, Expression queryExpression)
ClientSession clientSession = getClientSession(aUser);
SomeObject obj = null;
try
ReadObjectQuery readObjectQuery = new ReadObjectQuery(SomeObject.class);
readObjectQuery.setSelectionCriteria(queryExpression);
obj = (SomeObject)clientSession.executeQuery(readObjectQuery);
catch (DatabaseException dbe)
// throw an appropriate exception
finally
clientSession.release();
if (obj == null)
// throw an appropriate exception
return obj;
However, after making the following changes (in blue) the findSomeObject method will now read from a unit of work while executing in the context of a global transaction.
public findSomeObject(ILoginUser aUser, Expression queryExpression)
Session session = getClientSession(aUser);
SomeObject obj = null;
try
ReadObjectQuery readObjectQuery = new ReadObjectQuery(SomeObject.class);
readObjectQuery.setSelectionCriteria(queryExpression);
if (TransactionController.getInstance().useExternalTransactionControl())
     session = session.getActiveUnitOfWork();
     readObjectQuery.conformResultsInUnitOfWork(); }
obj = (SomeObject)session.executeQuery(readObjectQuery);
catch (DatabaseException dbe)
// throw an appropriate exception
finally
if (TransactionController.getInstance().notUseExternalTransactionControl())
     session.release();
if (obj == null)
// throw an appropriate exception
return obj;
When getting the TOPLink client session and reading from the unit of work in the context of a global transaction, new objects need to be cached.
public getUnitOfWork(ILoginUser aUser)
throws DataAccessException
     ClientSession clientSession = getClientSession(aUser);
     UnitOfWork uow = null;
     if (TransactionController.getInstance().useExternalTransactionControl())
          uow = clientSession.getActiveUnitOfWork();
          uow.setShouldNewObjectsBeCached(true);     }
     else
          uow = clientSession.acquireUnitOfWork();
     return uow;
}

As it generally is with this sort of question there is no exact answer.
The only required update when working with an External Transaction is that getActiveUnitOfWork() is called instead of acquireUnitOfWork() other than that the semantics of the calls and when you use a UnitOfWork is still dependant on the requirements of your application. For instance I noticed that originally the findSomeObject method did not perform a transactional read (no UnitOfWork). Has the requirements for this method changed? If they have not then there is still no need to perform a transactional read, and the method would not need to change.
As for the requirement that new object be cached this is only required if you are not conforming the transactional queries and adds a slight performance boost for find by primary key queries. In order to use this however, objects must be assigned primary keys by the application before they are registered in the UnitOfWork.
--Gordon

Client has old FCP 5...needs my files which I created using FCP 6. Help!

My client can't afford an upgrade and desperately needs the
FCP files for the project I just put together. She has FCP 5 and my files won't convert over to the older version and it's necessary that they be able to edit the timeline and reconnect media.
Any solutions out there?

Right! Oh, I totally agree!
It's frustrating, especially when they try to convince you that they need to install your Studio 2 into their computer. Seems unethical in my eyes if you ask me for someone even to suggest that knowing that I paid full price for the software!
I appreciate your honest feedback. It's seriously how I feel...
And thanks to everyone else with their recommendations!

System encryption using LUKS and GPG encrypted keys for arch linux

Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)

I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?$${VALUENAME}$=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^$${VALUENAME}.*$$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#$${VALUENAME}.*$$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^$127\.0\.0\.1.*$$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?$\${VALUENAME}$=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^$\${VALUENAME}.*$\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#$\${VALUENAME}.*$\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*$%wheel\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
sed -i "s/#\s*$%sudo\s*ALL=(ALL)\s*ALL.*$$/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO

MacBook Air dual system with Windows crashed, and Mac password forgotten

The MacBook Air of my friend encountered a few big problems. Here is the story:
1. There are two operating systems in it: Windows 7 and Mac OS 10.6. She used Windows 7 exclusively (which is the reason for the 5th problem below). This may already seem awkward from the start, but please don't blame her for this..
2. Today somehow the Windows 7 cannot boot (the classical "blue screen" appeared), probably due to an error in the updating process.
3. So now we have to log into the Mac OS to do some operation on the Windows system, either to back up the data, or to edit the Windows disk somehow to repair it.
4. In order to do this, we need to install some third party tools in Mac OS (to have access to the NTFS file system; BTW, the Windows partition cannot be mounted by the "disk utility" tool due to some errors), and here is where another big problem comes about:
5. She has forgotten the password of the Mac OS system (be assured: this MacBook Air is not a stolen one), so practically we cannot install any new software, or run tools that requires a high privilege!
6. Well, by Googling I found that the password might be circumvented by using a recovery usb stick, by she cannot find out this usb stick...
7. Some articles mentioned pressing "command + R" or "command + S" during booting to enter a command line environment (I am not sure about this), which had no effect at all in our case.
By now I have no solid idea how could such a situation be solved... The possibilities I can think of are:
a. Take the laptop to an Apple repair center.
b. Try to make a recovery disk by myself, and use it to get rid of the password.
c. Try to boot the computer with an external disk (somehow made), and then edit or backup the Windows partition.
I am not sure any of them will work.
Any ideas will be appreciated!

Welcome to the Apple Support Communities
If your friend has got a Late 2010 MacBook Air, the Mac came with a USB drive that contains Mac OS X Snow Leopard, to reset passwords, reinstall Mac OS X...
If he/she has got an older MacBook Air, he/she has got DVDs instead, and you need an external optical drive or a PC to be able to reset the password. See > http://support.apple.com/kb/HT2129?viewlocale=en_US&locale=en_US After starting with the DVD, open Utilities menu > Password Reset, and follow the steps
If he/she lost the USB drive or DVDs, call Apple to get replacement DVDs or another USB drive > http://support.apple.com/kb/HE57

Need advise on dual systems to use fcp and logic

Similar Messages

Maybe you are looking for