OpenVZ based Arch Linux VPS's off-line at several hosting providers

Similar Messages

• Launching Web-based Discoverer 10g - Taking it Off-line

  The following is how I'm launching web-based Discoverer 10g. This launches the log-in page:
  http://prodserver.ast.com:7780/discoverer/plus?eul=BIEUL&database=pbusdb
  If I am running a production update job I do not want the users logging into discoverer while the update job is running. I may be wrong but it appears that the above URL is executing a jar file or something similar.
  Has anyone come up with a solution that would allow me to do the following while a database update job is running:
  1) Disable the Discoverer 10g log-in page.
  2) Display an appropriate message that the user get if they attempt to launch the log-in page.
  Please let me know if more details are needed. Thanks for everyones' input.
  Patrick
  Edited by: purfield on Nov 24, 2008 11:33 AM

  Just a direction to consider.
  It's been a long time since I played with this - but Discoverer does have a few triggers that are fired when called (ie: like Oracle's forms but I remember only something like 5 - ie: pre- / post-, etc.
  Just to make it more muddy, I can't remember if, once coded, this works for all versions (ie: desktop, plus and viewer) but if so, then you can attach a pl/sql routine to fire say, on entry into Discoverer, not the 'launch log-in' page.
  So, if it works for all versions, then I would log in, but you have some kind of state such as a column in a simple table that is set to 'N' (for update running) and otherwise 'Y'), and if the state is presently 'Y' then continue on to the Discoverer report. Otherwise, say 'forget it bub!'.
  Sorry not to be more exact but I haven't needed to play with this option for quite a while now, but it gives you something to look into - which doesn't fit exactly what you want - but it may do.
  I'm sure others can comment on if this idea has merit or not.
  Russ

• OpenVZ and Arch

  i am in progress of migrating my servers from gentoo to arch.  i am trying to build an openvz host os in arch, simply because its easier to maintain than gentoo and less needlessly complex IMO.  this package:
  http://aur.archlinux.org/packages.php?ID=23922
  has been abandoned as of today, although i am building it as we speak anyway.  this package:
  http://aur.archlinux.org/packages.php?ID=15789
  will not compile on either x64 or 686.  is there no interest in this technology?  should i be looking into other technology, such as LXC as the author of the first PKGBUILD has championed?  we use XEN at work on many servers, and frankly, i find it to be overkill and/or lacking in many areas, especially since all the containers are lightweight services and exclusively linux.  what are others doing in ther virtualization arena with arch linux?  i would really like my host os to be arch, and would rather not compile/create an openvz kernel PKGBUILD from hand, or custom modify existing/abandoned ones.
  what is the general consensus here?  can we get an official openvz kernel into the repositories?

  well after looking into dshauer's post here:
  http://lxc.teegra.net/
  cited in the post when orphaning the openvz packages, and after reading coutless other articles, i decided to go that route (LXC) as well; LXC seems to be a solid attempt to make openvz unecessary, and utilizes all the container stuff that has entered the kernel recently.  i just needed to recompile the kernel26 abs package with these config vars enabled, as stated in dshauer's post:
  CONFIG_GROUP_SCHED=y
  CONFIG_FAIR_GROUP_SCHED=y
  CONFIG_RT_GROUP_SCHED=y
  CONFIG_CGROUP_SCHED=y
  CONFIG_CGROUPS=y
  CONFIG_CGROUP_NS=y
  CONFIG_CGROUP_FREEZER=y
  CONFIG_CGROUP_DEVICE=y
  CONFIG_CPUSETS=y
  CONFIG_PROC_PID_CPUSET=y
  CONFIG_CGROUP_CPUACCT=y
  CONFIG_RESOURCE_COUNTERS=y
  CONFIG_CGROUP_MEM_RES_CTLR=y
  CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y
  CONFIG_MM_OWNER=y
  CONFIG_NAMESPACES=y
  CONFIG_UTS_NS=y
  CONFIG_IPC_NS=y
  CONFIG_USER_NS=y
  CONFIG_PID_NS=y
  CONFIG_NET_NS=y
  CONFIG_NET_CLS_CGROUP=y
  CONFIG_SECURITY_FILE_CAPABILITIES=y
  can these options be enabled by default in the standard kernel package?  seem to just be namespace support for various things, and control groups for resource management.

• Arch linux boot failure

  I am new to arch linux, and linux, I am trying to install arch linux into my virtual box which is hosted on window 7. I followed the steps of installation guide, but when I finished, and tried to boot the new system, it blocked by this failure:
  :: Checking filesystems
  [BUSY] fsck.ext4: No such file or directory while trying to open /dev/sda6 Possibly non-existent device?
  this device /dev/sda6 does not exist, why the filesystem will check it? I remember when I fist time to fdisk, I made a mistake: create two logic partition, and the second one is /dev/sda6, and later I delete it, is that mistake cause this problem?
  anyone can help me?
  Thanks in advance!

  this is the failure snapshot:
  Flickr 上 jamee.wang 的 20120803220235
  this is the fstab snapshot:
  Flickr 上 jamee.wang 的 20120803214800
  Last edited by jamee (2012-08-03 14:07:32)

• Safari Dropping Me Off-line

  I've recently begun to have problems with Safari dropping me off-line on several different web sites. These are nationally recognized web sites (e.g., Food Network, University of Georgia Sports, to name a couple). Sometimes Safari won't even load the site before dumping, at other times it dumps when I use the search function within the site. This is a repeatable problem only at certain sites. Otherwise Safari behaves itself. Any ideas?

  Dr.Doug,
  There are more and more sites that Safari 1.3.2 for Panther that are no longer functioning with the older version. Later versions of Safari require 10.4.11 or later OS.
  You most likely need to switch to either Camino or Firefox. Make sure to use the correct version of either though for Panther 10.3.9. Camino is v.1.6.6 and Firefox is v.2.0.0.20.
  Sorry if that is not the problem for you.
  LS

• Arch Linux based live gaming distro 'lg-live 0.9.5' released

  Hey all,
  first of all, sorry if this is the wrong subforum to post this in but this one seemed most appropriate.
  I would like to announce the release of live.linuX-gamers 0.9.5, an Arch Linux based live gaming distro. It was made using Archiso and of course a big investment of time. It is going to be officially released on LinuxTag 2009 in Berlin (in three days) but I thought I'd give it to you guys now.
  It is a very specialized distro: It contains lots of popular games, installs proprietary graphics card drivers out-of-the-box and provides you with a nice, clean interface for launching games and a few basic applications.
  I don't want to over-advertise this so I'll just say: Please go ahead and test it if you feel like it, maybe mirror it or seed the torrents a bit, post feedback or thoughts, insult me or threaten me, etc.
  If you want to give it a spin or see which games are on it, go over to http://live.linux-gamers.net and grab yourself an ISO/USB image.
  Thank you, Arch Linux, for making this possible.

  karol wrote:
  capoeira wrote:is there a way to install other games when using a USB-Device?
  This thread is rather old, but yeah, it's possible to remaster this "meta-distro" and add/remove games you like: http://github.com/svenstaro/lglive
  BTW, there's a new release http://live.linux-gamers.net/
  Ohh what a positive surprise to have a girl here,
  yea, i downloaded the DVD this week. I'm no gamer, I gamed in the 90ies on a Amiga 500 last time. But sometimes I get a wich to play a bit, so I found this DVD (I don't want to instal games to my production-distro and don't want to instal Catalyst either for my card)
  I want to play 3d first-person games but those ego-shooters i don't enjoy. Its running around shooting on everything and diying a hundred times. I want something more realistic, so I found penumbra and amnesia and would like to install it with this DVD. (if anyone has tips for realistic 3d-games, action-adventures, etc. I would apreciate tips)
  I will have a look at your link, thanks a lot

• Okay... try #3... I spend 80% of my life off line... off the grid, as I live in a remote area, power produced by wind/water. Is CS5 or 6 still available? I hate cloud based applications too.. any help here ??

  okay... try #3... I spend 80% of my life off line... off the grid, as I live in a remote area, power produced by wind/water. Is CS5 or 6 still available? I hate cloud based applications too.. any help here ??

  Yes, you can buy CS6, PC or Mac, Standard or Extended. Here is the purchase page.
  Creative Suite 6
  You will need to download it and your email receipt will have the serial number. Plus the serial number will be stored with under under your account should you ever lose the email or the number.
  Gene

• Rubix - yet another distro based on Slackware and Arch Linux

  Today I was reading DistroWatch and saw info about Rubix.
  This distro is based on Slackware and Arch Linux.
  What do you think about this?

  I tried it.
  I really liked the install. Very simple and straightforward.
  I didn't like fact that the rubix installer installs only one package at a time (and pulls in the deps of course), so the install is rather slow.
  I also didn't like the repo structure. Seems cumbersome.
  bonuses:
  e17 installed easy, and just worked.
  packages available are pretty reasonable
  I really like the modifications rubix has made to rc.conf and some of the inits
  There is some type of community repository
  The distro seems to have a clear focus, and I like many of the security aspects.
  bummers:
  extra rc<int>.d directories
  No gdm. boo-hiss.
  No gnome (I get it. this is slackware. boo-hiss).
  My fonts looked ugly. This one is such a huge deal for me, that I consider it a showstopper. Might be the fact that I installed it in vmware, but most distros have little issue with this. <caveat. I think arch fonts suck too. I have never had good looking fonts in arch...which is why I have only really used it as a server.>
  Did I mention I didn't like the repo structure? It made the simple act of updating pacman repos (pacman -Sy) slow and painful.

• TidOS Public Alpha release (New Arch Linux based distro)

  I'm a regular lurker on the 4chan technology board (AKA /g/) and I've been following a project known as TidOS by the user "King Neckbeard". Think of it as a preconfigured/prericed Arch Linux installation for those that want a quick and dirty setup, something like Archbang with xmonad instead.
  King Neckbeard wrote:
  xmonad + conky + trayer + nm-applet make up the DE of sorts
  applications started via dmenu (firefox has a shortcut key)
  mpd, preconfigured
  Just Works
  POSSIBLE BUGS:
  >networkmanager applet not visible, to fix press win + r and type netfix or run netfix in a console
  >music not playing, to fix restart mpd and run mpc play
  Screenshots:
  Github:
  http://github.com/TidOS/TidOS
  ISO image download (i686 only, x86_64 users can compile an image themselves from the github sources):
  http://www.megaupload.com/?d=PJLRZ5I4
  Last edited by zowki (2010-05-13 16:24:34)

  jordanmthomas wrote:TidOS is dead by the way.  /g/ did not seem to care much about it so I haven't done anything to it since I made the first image.
  aww.
  well you are all welcome to poke your nose in at #witchlinux on irc.freenode.net , it's still alive, n welcomes everyone else's input.
  there's the arch rowan witch release, a half made archiso, which is basically to be pretty much the same as where the debian rowan witch.iso left off, and then later once it's built to some reasonably satasfactory standard, a larger fuller witch called jamella is planned to feature loads of tiling window managers, xmonad of course included, as well as awesome, and others, as well as a raft of programmer tools n toys, and then later a refined sleak but complete witch after that.   so goes my plan anyways, but of course, anyone can run off n make their own witch, and are encouraged to do so.    so if u want a preconfigured arch with xmonad, once we get rowan out of the stalls, jamella will soon follow after.   (i been distracted with other interests this past month or so tho, so my contributions dropping off have slowed things, but it's still alive, i assure you.)
  or....
  to stop me going on about witch... tidos could be revived!  XD
  and i wish you all the best with that.

• Web based IRC for the Arch Linux channel

  Would it be possible for someone to set up the Arch linux IRC channel to be viewable on a Firefox webpage in the same way the Frugalware guys do?
  http://frugalware.org/irc.php
  It could be really useful to those not familiar with IRC.  And it doesn't look that hard to do
  A link could then be put on the home page to get there quickly.

  CGI:IRC is really practical, if you are on-the-road (= not on your machine) but want to inform some people over chat on something important
  i had it running in an earlier version on my old machine to chat with my family when on holidays ... but the installation was pain ... however, i see that this piece of code evolved much and looks really great now
  i don't decide for archlinux.org but you have my vote ;-)

• System encryption using LUKS and GPG encrypted keys for arch linux

  Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
  Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
  Update: 2013-01-13: Updated the hook files using the corrections by Deth.
  Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
  I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
  Intro
  Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
  Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
  Conventions
  In this short guide, I use the following disk/partition names:
  /dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
  /dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
  /dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
  Credits
  Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
  Guide
  1. Boot the arch live cd
  I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
  2. Set keymap
  Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
  3. Wipe your discs
  ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
  Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
  shred -v /dev/sda
  shred -v /dev/sdb
  4. Partitioning
  Fire up fdisk and create the following partitions:
  /dev/sda1, type linux swap.
  /dev/sda2: type linux
  /dev/sda3: type linux
  /dev/sdb1, type linux
  Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
  5. Format  and mount the usb stick
  Create an ext2 filesystem on /dev/sdb1:
  mkfs.ext2 /dev/sdb1
  mkdir /root/usb
  mount /dev/sdb1 /root/usb
  cd /root/usb # this will be our working directory for now.
  Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
  6. Configure the network (if not already done automatically)
  ifconfig eth0 192.168.0.2 netmask 255.255.255.0
  route add default gw 192.168.0.1
  echo "nameserver 192.168.0.1" >> /etc/resolv.conf
  (this is just an example, your mileage may vary)
  7. Install gnupg
  pacman -Sy
  pacman -S gnupg
  Verify that gnupg works by launching gpg.
  8. Create the keys
  Just to be sure, make sure swap is off:
  cat /proc/swaps
  should return no entries.
  Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
  Choose a strong password!!
  Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
  Note that the default cipher for gpg is cast5, I just chose to use a different one.
  9. Create the encrypted devices with cryptsetup
  Create encrypted swap:
  cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
  You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
  Important: From the Cryptsetup 1.1.2 Release notes:
  Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
      if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
        as normal binary file and no new line is interpreted.
      if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
        stop after new line is detected.
  If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
  gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
  gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
  Check for any errors.
  10. Open the luks devices
  gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
  gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
  If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
  11. Start the installer /arch/setup
  Follow steps 1 to 3.
  At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
  Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
  Select DONE to start formatting.
  At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
  Start step 6 (Install packages).
  Go to step 7 (Configure System).
  By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
  Edit /etc/fstab:
  /dev/mapper/root / ext4 defaults 0 1
  /dev/mapper/swap swap swap defaults 0 0
  /dev/mapper/var /var ext4 defaults 0 1
  # /dev/sdb1 /boot ext2 defaults 0 1
  Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
  Go to step 8 (install boot loader).
  Be sure to change the kernel line in menu.lst:
  kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
  Don't forget the :root suffix in cryptdevice!
  Also, my root line was set to (hd1,0). Had to change that to
  root (hd0,0)
  Install grub to /dev/sdb (the usb stick).
  Now, we can exit the installer.
  12. Install mkinitcpio with the etwo hook.
  Create /mnt/lib/initcpio/hooks/etwo:
  #!/usr/bin/ash
  run_hook() {
  /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
  if [ -e "/sys/class/misc/device-mapper" ]; then
  if [ ! -e "/dev/mapper/control" ]; then
  /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
  fi
  [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
  # Get keyfile if specified
  ckeyfile="/crypto_keyfile"
  usegpg="n"
  if [ "x${cryptkey}" != "x" ]; then
  ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
  ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
  ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
  if poll_device "${ckdev}" ${rootdelay}; then
  case ${ckarg1} in
  *[!0-9]*)
  # Use a file on the device
  # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
  if [ "${ckarg2#*.}" = "gpg" ]; then
  ckeyfile="${ckeyfile}.gpg"
  usegpg="y"
  fi
  mkdir /ckey
  mount -r -t ${ckarg1} ${ckdev} /ckey
  dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
  umount /ckey
  # Read raw data from the block device
  # ckarg1 is numeric: ckarg1=offset, ckarg2=length
  dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
  esac
  fi
  [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
  fi
  if [ -n "${cryptdevice}" ]; then
  DEPRECATED_CRYPT=0
  cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
  cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
  else
  DEPRECATED_CRYPT=1
  cryptdev="${root}"
  cryptname="root"
  fi
  warn_deprecated() {
  echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
  echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
  if poll_device "${cryptdev}" ${rootdelay}; then
  if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  dopassphrase=1
  # If keyfile exists, try to use that
  if [ -f ${ckeyfile} ]; then
  if [ "${usegpg}" = "y" ]; then
  # gpg tty fixup
  if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
  cp -a /dev/console /dev/tty
  while [ ! -e /dev/mapper/${cryptname} ];
  do
  sleep 2
  /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
  dopassphrase=0
  done
  rm /dev/tty
  if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
  else
  if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
  dopassphrase=0
  else
  echo "Invalid keyfile. Reverting to passphrase."
  fi
  fi
  fi
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  #loop until we get a real password
  while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
  sleep 2;
  done
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  elif [ -n "${crypto}" ]; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  msg "Non-LUKS encrypted device found..."
  if [ $# -ne 5 ]; then
  err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
  err "Non-LUKS decryption not attempted..."
  return 1
  fi
  exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
  tmp=$(echo "${crypto}" | cut -d: -f1)
  [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f2)
  [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f3)
  [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f4)
  [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f5)
  [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
  if [ -f ${ckeyfile} ]; then
  exe="${exe} --key-file ${ckeyfile}"
  else
  exe="${exe} --verify-passphrase"
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  fi
  eval "${exe} ${CSQUIET}"
  if [ $? -ne 0 ]; then
  err "Non-LUKS device decryption failed. verify format: "
  err " crypto=hash:cipher:keysize:offset:skip"
  exit 1
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  else
  err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
  fi
  fi
  rm -f ${ckeyfile}
  fi
  Create /mnt/lib/initcpio/install/etwo:
  #!/bin/bash
  build() {
  local mod
  add_module dm-crypt
  if [[ $CRYPTO_MODULES ]]; then
  for mod in $CRYPTO_MODULES; do
  add_module "$mod"
  done
  else
  add_all_modules '/crypto/'
  fi
  add_dir "/dev/mapper"
  add_binary "cryptsetup"
  add_binary "dmsetup"
  add_binary "/usr/bin/gpg"
  add_file "/usr/lib/udev/rules.d/10-dm.rules"
  add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
  add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
  add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
  add_runscript
  help ()
  cat<<HELPEOF
  This hook allows for an encrypted root device with support for gpg encrypted key files.
  To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
  to your BINARIES var in /etc/mkinitcpio.conf.
  HELPEOF
  Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
  MODULES=”ext2 ext4” # not sure if this is really nessecary.
  BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
  HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
  Copy the initcpio stuff over to the live cd:
  cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
  cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
  cp /mnt/etc/mkinitcpio.conf /etc/
  Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
  Now reinstall the initcpio:
  mkinitcpio -g /mnt/boot/kernel26.img
  Make sure there were no errors and that all hooks were included.
  13. Decrypt the "var" key to the encrypted root
  mkdir /mnt/keys
  chmod 500 /mnt/keys
  gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
  chmod 400 /mnt/keys/var
  14. Setup crypttab
  Edit /mnt/etc/crypttab:
  swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
  var /dev/sda2 /keys/var
  15. Reboot
  We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names.  I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
  Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
  Last edited by fabriceb (2013-01-15 22:36:23)

  I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
  Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
  any idea ?
  #!/bin/bash
  # This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
  # prereqs:
  # EFI "BIOS" set to boot *only* from EFI
  # successful EFI boot of Archboot USB
  # mount /dev/sdb1 /src
  set -o nounset
  #set -o errexit
  # Host specific configuration
  # this whole script needs to be customized, particularly disk partitions
  # and configuration, but this section contains global variables that
  # are used during the system configuration phase for convenience
  HOSTNAME=daniel
  USERNAME=user
  # Globals
  # We don't need to set these here but they are used repeatedly throughout
  # so it makes sense to reuse them and allow an easy, one-time change if we
  # need to alter values such as the install target mount point.
  INSTALL_TARGET="/install"
  HR="--------------------------------------------------------------------------------"
  PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
  TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  FILE_URL="file:///packages/core-$(uname -m)/pkg"
  FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
  HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
  # Functions
  # I've avoided using functions in this script as they aren't required and
  # I think it's more of a learning tool if you see the step-by-step
  # procedures even with minor duplciations along the way, but I feel that
  # these functions clarify the particular steps of setting values in config
  # files.
  SetValue () {
  # EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
  VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
  sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
  CommentOutValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
  UncommentValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
  # Initialize
  # Warn the user about impending doom, set up the network on eth0, mount
  # the squashfs images (Archboot does this normally, we're just filling in
  # the gaps resulting from the fact that we're doing a simple scripted
  # install). We also create a temporary pacman.conf that looks for packages
  # locally first before sourcing them from the network. It would be better
  # to do either *all* local or *all* network but we can't for two reasons.
  # 1. The Archboot installation image might have an out of date kernel
  # (currently the case) which results in problems when chrooting
  # into the install mount point to modprobe efivars. So we use the
  # package snapshot on the Archboot media to ensure our kernel is
  # the same as the one we booted with.
  # 2. Ideally we'd source all local then, but some critical items,
  # notably grub2-efi variants, aren't yet on the Archboot media.
  # Warn
  timer=9
  echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
  echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
  while [[ $timer -gt 0 ]]
  do
  sleep 1
  let timer-=1
  echo -en "$timer seconds..."
  done
  echo "STARTING"
  # Get Network
  echo -n "Waiting for network address.."
  #dhclient eth0
  dhcpcd -p eth0
  echo -n "Network address acquired."
  # Mount packages squashfs images
  umount "/packages/core-$(uname -m)"
  umount "/packages/core-any"
  rm -rf "/packages/core-$(uname -m)"
  rm -rf "/packages/core-any"
  mkdir -p "/packages/core-$(uname -m)"
  mkdir -p "/packages/core-any"
  modprobe -q loop
  modprobe -q squashfs
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
  # Create temporary pacman.conf file
  cat << PACMANEOF > /tmp/pacman.conf
  [options]
  Architecture = auto
  CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
  CacheDir = /packages/core-$(uname -m)/pkg
  CacheDir = /packages/core-any/pkg
  [core]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  [extra]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  #Uncomment to enable pacman -Sy yaourt
  [archlinuxfr]
  Server = http://repo.archlinux.fr/\$arch
  PACMANEOF
  # Prepare pacman
  [[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
  [[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
  ${PACMAN} -Sy
  ${TARGET_PACMAN} -Sy
  # Install prereqs from network (not on archboot media)
  echo -e "\nInstalling prereqs...\n$HR"
  #sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
  UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
  ${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
  # Configure Host
  # Here we create three partitions:
  # 1. efi and /boot (one partition does double duty)
  # 2. swap
  # 3. our encrypted root
  # Note that all of these are on a GUID partition table scheme. This proves
  # to be quite clean and simple since we're not doing anything with MBR
  # boot partitions and the like.
  echo -e "format\n"
  # shred -v /dev/sda
  # disk prep
  sgdisk -Z /dev/sda # zap all on disk
  #sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
  sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
  #sgdisk -a 2048 -o /dev/mmcb1k0
  # create partitions
  sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
  sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
  sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
  #sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
  # set partition types
  sgdisk -t 1:ef00 /dev/sda
  sgdisk -t 2:8200 /dev/sda
  sgdisk -t 3:8300 /dev/sda
  #sgdisk -t 1:0700 /dev/mmcb1k0
  # label partitions
  sgdisk -c 1:"UEFI Boot" /dev/sda
  sgdisk -c 2:"Swap" /dev/sda
  sgdisk -c 3:"LUKS" /dev/sda
  #sgdisk -c 1:"Key" /dev/mmcb1k0
  echo -e "create gpg file\n"
  # create gpg file
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
  echo -e "format LUKS on root\n"
  # format LUKS on root
  gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
  echo -e "open LUKS on root\n"
  gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
  # NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
  # NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
  # make filesystems
  # following swap related commands not used now that we're encrypting our swap partition
  #mkswap /dev/sda2
  #swapon /dev/sda2
  #mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
  echo -e "\nCreating Filesystems...\n$HR"
  # make filesystems
  mkfs.ext4 /dev/mapper/root
  mkfs.vfat -F32 /dev/sda1
  #mkfs.vfat -F32 /dev/mmcb1k0p1
  echo -e "mount targets\n"
  # mount target
  #mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
  mount /dev/mapper/root ${INSTALL_TARGET}
  # mount target
  mkdir ${INSTALL_TARGET}
  # mkdir ${INSTALL_TARGET}/key
  # mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
  mkdir ${INSTALL_TARGET}/boot
  mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
  # Install base, necessary utilities
  mkdir -p ${INSTALL_TARGET}/var/lib/pacman
  ${TARGET_PACMAN} -Sy
  ${TARGET_PACMAN} -Su base
  # curl could be installed later but we want it ready for rankmirrors
  ${TARGET_PACMAN} -S curl
  ${TARGET_PACMAN} -S libusb-compat gnupg
  ${TARGET_PACMAN} -R grub
  rm -rf ${INSTALL_TARGET}/boot/grub
  ${TARGET_PACMAN} -S grub2-efi-x86_64
  # Configure new system
  SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
  sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
  SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
  #following replaced due to netcfg
  #SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
  # write fstab
  # You can use UUID's or whatever you want here, of course. This is just
  # the simplest approach and as long as your drives aren't changing values
  # randomly it should work fine.
  cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  /dev/sda1 /boot vfat defaults 0 0
  /dev/mapper/cryptswap none swap defaults 0 0
  /dev/mapper/root / ext4 defaults,noatime 0 1
  FSTAB_EOF
  # write etwo
  mkdir -p /lib/initcpio/hooks/
  mkdir -p /lib/initcpio/install/
  cp /src/etwo_hooks /lib/initcpio/hooks/etwo
  cp /src/etwo_install /lib/initcpio/install/etwo
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
  cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
  cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
  # write crypttab
  # encrypted swap (random passphrase on boot)
  echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
  # copy configs we want to carry over to target from install environment
  mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
  cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
  mkdir -p ${INSTALL_TARGET}/tmp
  cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
  # mount proc, sys, dev in install root
  mount -t proc proc ${INSTALL_TARGET}/proc
  mount -t sysfs sys ${INSTALL_TARGET}/sys
  mount -o bind /dev ${INSTALL_TARGET}/dev
  echo -e "umount boot\n"
  # we have to remount /boot from inside the chroot
  umount ${INSTALL_TARGET}/boot
  # Create install_efi script (to be run *after* chroot /install)
  touch ${INSTALL_TARGET}/install_efi
  chmod a+x ${INSTALL_TARGET}/install_efi
  cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  echo -e "mount boot\n"
  # remount here or grub et al gets confused
  mount -t vfat /dev/sda1 /boot
  # mkinitcpio
  # NOTE: intel_agp drm and i915 for intel graphics
  SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
  SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
  SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
  mkinitcpio -p linux
  # kernel modules for EFI install
  modprobe efivars
  modprobe dm-mod
  # locale-gen
  UncommentValue de_AT /etc/locale.gen
  locale-gen
  # install and configure grub2
  # did this above
  #${CHROOT_PACMAN} -Sy
  #${CHROOT_PACMAN} -R grub
  #rm -rf /boot/grub
  #${CHROOT_PACMAN} -S grub2-efi-x86_64
  # you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
  # even omit the cryptdevice altogether, though it will wag a finger at you for using
  # a deprecated syntax, so we're using the correct form here
  # NOTE: take out i915.modeset=1 unless you are on intel graphics
  SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
  # set output to graphical
  SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
  SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
  SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
  # install the actual grub2. Note that despite our --boot-directory option we will still need to move
  # the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
  grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
  # create our EFI boot entry
  # bug in the HP bios firmware (F.08)
  efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
  # copy font for grub2
  cp /usr/share/grub/unicode.pf2 /boot/grub
  # generate config file
  grub-mkconfig -o /boot/grub/grub.cfg
  exit
  EFI_EOF
  # Install EFI using script inside chroot
  chroot ${INSTALL_TARGET} /install_efi
  rm ${INSTALL_TARGET}/install_efi
  # Post install steps
  # anything you want to do post install. run the script automatically or
  # manually
  touch ${INSTALL_TARGET}/post_install
  chmod a+x ${INSTALL_TARGET}/post_install
  cat > ${INSTALL_TARGET}/post_install <<POST_EOF
  set -o errexit
  set -o nounset
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  # root password
  echo -e "${HR}\\nNew root user password\\n${HR}"
  passwd
  # add user
  echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
  groupadd sudo
  useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
  passwd ${USERNAME}
  # mirror ranking
  echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
  cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
  mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
  sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
  rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
  # temporary fix for locale.sh update conflict
  mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
  # yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
  echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
  echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
  # additional groups and utilities
  pacman --noconfirm -Syu
  pacman --noconfirm -S base-devel
  pacman --noconfirm -S yaourt
  # sudo
  pacman --noconfirm -S sudo
  cp /etc/sudoers /tmp/sudoers.edit
  sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
  # power
  pacman --noconfirm -S acpi acpid acpitool cpufrequtils
  yaourt --noconfirm -S powertop2
  sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
  sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
  # following requires my acpi handler script
  echo "/etc/acpi/handler.sh boot" > /etc/rc.local
  # time
  pacman --noconfirm -S ntp
  sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
  # wireless (wpa supplicant should already be installed)
  pacman --noconfirm -S iw wpa_supplicant rfkill
  pacman --noconfirm -S netcfg wpa_actiond ifplugd
  mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
  echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
  # make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
  sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
  sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
  echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
  echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
  echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
  # sound
  pacman --noconfirm -S alsa-utils alsa-plugins
  sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
  mv /etc/asound.conf /etc/asound.conf.orig || true
  #if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
  # video
  pacman --noconfirm -S base-devel mesa mesa-demos
  # x
  #pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
  #yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
  #TODO: cut down the install size
  #pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
  # TODO: wacom
  # environment/wm/etc.
  #pacman --noconfirm -S xfce4 compiz ccsm
  #pacman --noconfirm -S xcompmgr
  #yaourt --noconfirm -S physlock unclutter
  #pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
  #pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
  #pacman --noconfirm -S ghc
  # note: try installing alex and happy from cabal instead
  #pacman --noconfirm -S haskell-platform haskell-hscolour
  #yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
  #yaourt --noconfirm -S xmobar-git
  # TODO: edit xfce to use compiz
  # TODO: xmonad, but deal with video tearing
  # TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
  # switching to cabal
  # fonts
  pacman --noconfirm -S terminus-font
  yaourt --noconfirm -S webcore-fonts
  yaourt --noconfirm -S fontforge libspiro
  yaourt --noconfirm -S freetype2-git-infinality
  # TODO: sed infinality and change to OSX or OSX2 mode
  # and create the sym link from /etc/fonts/conf.avail to conf.d
  # misc apps
  #pacman --noconfirm -S htop openssh keychain bash-completion git vim
  #pacman --noconfirm -S chromium flashplugin
  #pacman --noconfirm -S scrot mypaint bc
  #yaourt --noconfirm -S task-git stellarium googlecl
  # TODO: argyll
  POST_EOF
  # Post install in chroot
  #echo "chroot and run /post_install"
  chroot /install /post_install
  rm /install/post_install
  # copy grub.efi file to the default HP EFI boot manager path
  mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
  mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
  cp /root/root.gpg ${INSTALL_TARGET}/boot/
  # NOTES/TODO

• Backpac: A package state snapshot and restore tool for Arch Linux

  backpac:
  A package state snapshot and restore tool for Arch Linux with config file save/restore support.
  https://aur.archlinux.org/packages.php?ID=52957
  https://github.com/altercation/backpac (see readme on the github repository for more information)
  Summary & Features
  It's a common method of setting up a single system: take some notes about what packages you've installed, what files you've modified.
  Backpac creates those notes for you and helps back up important configuration files. Specifically, backpac does the following:
  maintains a list of installed groups (based on 80% of group packages being installed)
  maintains a list of packages (including official and aur packages, listed separately)
  maintains a list of files (manually created)
  backs up key config files as detailed in the files list you create
  The package, group and files lists along with the snapshot config files allows system state to be easily committed to version control such as git.
  Backpac can also use these lists to install packages and files. Essentially, then, backpac takes a snapshot of your system and can recreate that state from the files and lists it archives.
  Use Cases
  Ongoing system state backup to github
  Quick install of new system from existing backpac config
  Conform current system to given state in backpac config
  Backpac is a very, very lightweight way of saving and restoring system state.
  It's not intended for rolling out and maintaining multiple similar systems, it's designed to assist individual users in the maintainance of their own Arch Linux box.
  Status
  Alpha, release for testing among those interested. Passing all tests right now but will continue to rework and refine. Bug reports needed.
  Why?
  There are a lot of 'big-iron' solutions to maintaining, backing up and restoring system state. Setting these up for a single system or a handful of personal systems has always seemed like overkill.
  There are also some existing pacman list making utilities around, but most of them seem to list either all packages or don't separate the official and aur packages the way I wanted. Some detect group install state, some don't. I wanted all these features in backpac.
  Finally, whatever tool I use, I'd like it to be simple (c.f. the Arch Way). Lists that are produced should be human readable, human maintainable and not different from what I'm using in non-automated form. Backpac fulfills these requirements.
  Regarding files, I wanted to be able to backup arbitrary system files to a git repository. Tools like etckeeper are interesting but non /etc files in that case aren't backed up (without some link trickery) and there isn't any automatic integration with pacman, so there is no current advantage to using a tool like that. I also like making an explicit list of files to snapshot.
  Sample Output
  This is the command line report. Additionally, backpac saves this information to the backpac groups, packages and files lists and the files snapshot directory.
  $ backpac -Qf
  backpac
  (-b) Backups ON; Files will be saved in place with backup suffix.
  -f Force mode ON; No prompts presented (CAUTION).
  (-F) Full Force mode OFF; Prompt displayed before script runs.
  (-g) Suppress group check OFF; Groups will be checked for currency.
  (-h) Display option and usage summary.
  (-p) Default backpac: /home/es/.config/backpac/tau.
  -Q Simple Query ON; Report shown; no changes made to system.
  (-R) Auto-Remove OFF; Remove/Uninstall action default to NO.
  (-S) System update OFF; No system files will be updated.
  (-U) backpac config update OFF; backpac files will not be updated.
  Sourcing from backpac config directory: /home/es/.config/backpac/tau
  Initializing.................Done
  GROUPS
  ============================================================================
  /home/es/.config/backpac/tau/groups
  GROUPS UP TO DATE: group listed in backpac and >80% local install:
  base base-devel xfce4 xorg xorg-apps xorg-drivers xorg-fonts
  GROUP PACKAGES; MISSING?: group member packages not installed:
  (base: nano)
  (xfce4: thunar xfdesktop)
  PACKAGES
  ============================================================================
  /home/es/.config/backpac/tau/packages
  PACKAGES UP TO DATE: packages listed in backpac also installed on system:
  acpi acpid acpitool aif alsa-utils augeas cowsay cpufrequtils curl dialog
  firefox gamin git ifplugd iw mesa mesa-demos mutt netcfg openssh rfkill
  rsync rxvt-unicode sudo terminus-font vim wpa_actiond wpa_supplicant_gui
  xmobar xorg-server-utils xorg-twm xorg-utils xorg-xclock xorg-xinit xterm
  yacpi yajl youtube-dl zsh
  AUR UP TO DATE: aur packages listed in backpac also installed on system:
  flashplugin-beta freetype2-git-infinality git-annex haskell-json
  package-query-git packer wpa_auto xmonad-contrib-darcs xmonad-darcs
  AUR NOT IN backpac: installed aur packages not listed in backpac config:
  yaourt-git
  FILES
  ============================================================================
  /home/es/.config/backpac/tau/files
  MATCHES ON SYSTEM/CONFIG:
  /boot/grub/menu.lst
  /etc/acpi/handler.sh
  /etc/rc.conf
  /etc/rc.local

  firecat53 wrote:I think your plan for handling an AUR_HELPER is good. If AUR_HELPER is defined by the user, then either you might need a list of major AUR helpers and their command line switches so you can pick the correct switch for what needs to be done (most use some variation of -S for installing, but not all), or have the user define the correct switch(es) somehow for their chosen AUR helper.
  That's a good idea. I'll add that to my AUR refactoring todo.
  I also found directory tracking to be a weakness in other dotfile managers that I tried. I think you would definitely have to recursively list out the contents of a tracked directory and deal with each file individually. Wildcard support would be nice...I just haven't personally found a use case for it yet.
  I've been thinking that I could just add the directory and scan through it for any non-default attribute files. If those are found then they get automatically added to the files list. That's pretty close to what etckeeper does.
  Edit: I just compiled the dev version and removed my comments for already fixed things...sorry!
  The master branch should have those fixes as well, but I didn't update the version number in the package build. I'll have to do that.
  1. Still apparently didn't handle the escaped space for this item: (the file does exist on my system)
  Ok, good to know. This wildcard directory business will require some new code and refactoring so I'll also rework my filenames handling.
  2. Suggestion: you should make that awesome README into a man page!
  I was working on one (the pkgbuild has a commented out line for the man page) but I had to leave it for later. Definitely want a man page. Once this stabilizes and I'm sure there aren't any big structural changes, I'll convert it to man format.
  3. Suggestion: add the word 'dotfile' into your description somewhere on this page, the github page, and in the package description so people looking for dotfile managers will find it. You could also consider modularizing the script into a dotfile manager and the package manager, so people on other distros could take advantage of your dotfile management scheme.
  I actually have a different script for dotfile management that doesn't touch packages, but there is definitely overlap with this one. That script isn't released yet, though, and if people find this useful for dotfile management that's great. I'll add that in.
  4. Suggestion: since -Q is a read-only operation, why not just make it run with -f automatically to avoid the prompt?
  Originally, running backpac without any command line options produced the Query output. I was concerned that since it is a utility that can potentially overwrite system files, it is important to give users a clear statement prior to execution about what will be done. Since the Query output is essentially the same as the Update and System reports in format and content, I wanted to be explicit about the Query being a passive no-change operation. The current command line options aren't set in stone though. If you feel strongly about it being different, let me know.
  Long answer to a short question
  5. Another suggestion: any thought to providing some sort of 'scrub' function to remove private information from the stored files if desired? This would be cool for publishing public dotfiles to github. Perhaps a credentials file (I did this with python for my own configs). Probably detecting email addresses and passwords without a scrub file would be rather difficult because dotfiles come in so many flavors.
  Yes, absolutely. In fact, if you look at the lib/local file (pretty sure it's in both master and dev branches in this state) you'll see some references to a sanitize function. The idea there is that the user will list out bash associative arrays like this:
  SANITIZE_WPA_=(
  [FILE]='/etc/wpa_supplicant.conf'
  [CMD]='sed s/expungepattern/sanitizedoutput/g'
  Question: am I missing an obvious option to remove a file from the files.d directory if I delete it from the files list? Or do I have to delete it manually? It might be helpful to add a section to the README on how to update and delete dotfiles from being tracked, and also a more detailed description of what the -b option does (and what is actually created when it's not used).
  You are only missing the function I didn't finish. There should be either dummy code or a TODO in the backpac main script referencing garbage collection, which isn't difficult but I just haven't finished it. The idea being another loop of "hey I found these old files in your files.d, mind if I delete them?" It's on my list and I'll try to get it in asap.
  And finally, just out of curiosity, why did you choose to actually copy the files instead of symlink like so many other dotfile managers do?
  git not following symlinks, hardlinks also out for permissions issues (git wouldn't be able to read the files, change them, etc.)
  I definitely would prefer to not make an entire copy of the file, but I haven't come up with a better option. Shout with ideas, though. Also, if there is a way around the link issues I noted above, let me know. I don't see one but that doesn't mean it's not there.
  edit: I think a Seattle area Arch meetup would be cool! Perhaps coffee someplace? Bellevue? U-district? Anyone else? BYOPOL (bring your own pimped out laptop)
  A general meetup sounds good. I was also thinking it would be fun to do a mini archcon with some demos.

• [SOLVED] Arch Linux Duke (2007) Fails to Boot

  Folks, I have a unique and challenging problem that has exhausted my Arch Linux skills, and so I am now turning to you.
  I have a vintage Pentium Pro 200 system (that’s 200 MHz folks! – 200 MHz 686 architecture – the original 686!), two CPUs, running a dual boot between Windows NT 4.0 and Arch Linux Duke (2007). It has 512 MB of RAM and a 120 GB hard drive, partitioned up between Windows NT and Linux. I built this system new in 2007, hence the dated version of Arch.  It has run like a charm all these years, granted not getting that much use. After about a year of no use at all, I fired the system up last week to help with a little research for a blog post I was writing on networking Windows NT 4.0 and Mac OS 8.6. Windows NT 4.0 fired right up with no issue, and after I was done testing what needed to be tested I tried to boot over to Arch.
  After a year of disuse, Arch unexpectedly and stubbornly refused to boot. The boot process started up just fine, but towards the end, it declared that it could not mount the root file system on the root device and took a kernel panic and stopped. My Arch skills have gotten a bit rusty in the last few years, but I dusted them off and went to work. My guess was a file system or superblock error. Arch wouldn’t boot, but I dragged out my trusty RIPLinux 2.9 Rescue Live CD and fired it up. It came right up and ran, and I was able to mount the Arch partition and view all the files… everything seemed to be there; it just wouldn’t boot. Windows NT 4.0 AND RIPLinux both boot and run on the machine, so the hardware is fine as well.
  A little information on the disk layout. Windows NT 4.0 is in the first partition on the hard drive. The extended partition has a second Windows NT 4.0 partition (sort of a /home partition for Windows NT 4.0), followed by the main Arch partition (the one I am trying to boot), followed by a swap partition and then the largest partition, which I use to share data between Arch and Windows NT 4.0 (I have loaded an ext2/3 driver into Windows NT 4.0 and it happily accesses the Linux partitions on the box).
  RIPLinux’s e2fsck did find some issues with the Arch partition and I had it repair them all. I checked again afterwards that all the files were still there, and they were. With the partition now known to be clean, and the superblock repaired from one of the backups, all should have been well. However, Arch still wouldn’t (and still won’t) boot.
  RIPLinux has a kind of a chain loader function, so I had it attempt to start up Arch for me. However, this was flummoxed by the fact that Arch addresses all my hard drive partitions as /dev/sdax and RIPLinux addresses them as /dev/hdax. Hence, without a common language, it was hard to get the one to start the other. Still, using this function, I have been able to get a crippled version of Arch running on the machine again. No modules had been loaded, and so it couldn’t do almost anything, but there it was (and is), Arch Linux Duke, at the CLI level. From there, I can see all the files, I can move freely in and out of my user account and the root account, but I can’t make the thing actually boot properly.
  If you have read this far, you are a trooper.  Summarizing what I know, the hardware is good, the file system is clean, the superblock is good, I can mount it cleanly from a live CD and I can chain load a crippled version of Arch. Here is the boot process blow-by-blow. When I try to do a normal boot, the Windows NT 4.0 loader passes control to the Lilo boot sector I have placed on hda1 (sda1 in Duke’s parlance). Lilo takes over, present a menu and when I select Duke, takes off. Arch Linux Duke starts to boot. It gets a good long way along, all the way along to:
  :: Loading udev events                [Pass]
  :: Mount root Read-only
  :: Checking file systems
  This is where it stops.
  The next thing I see is:
  /dev/sda6
  The superblock could not be read or does not describe a correct ext2 filesystem. If the device is valid and it really contains an ext2 filesystem (and not swap or ufs or something else) then the superblock is corrupt and you might try running e2fsck with an alternate superblock:
      E2fsck –b 8193 <device>
  I then get a sort of character based splash screen that says
  **********FILE SYSTEM CHECK FAILED ****************************
  *   Please repair manually and reboot. Note that the root file system
  *   is currently mounted read-only. To remount it read-write, type:
  *   mount –n –o remount,rw /.  When you exit the maintenance
  *   shell, the system will reboot automatically
  Give root password for maintenance
  At this point, I give the root password and enter the maintenance shell as root. I typed in “mount” and the first entry I got back is
  /dev/sda6 on / type ext3 (rw)
  This is exactly the root partition that the start up complains about. It is clearly there.  I can see it, I can walk around it… it is clearly there. Why won’t it boot? Despite the message, the superblock is fine – it passes every test e2fsck can throw at it.
  At this point, I did a “e2fsck /dev/hda6 (which is how RIPLinux would have passed it into Arch” and it says it is “clean”. I suspect that the Superblock message is because Arch sees root as sda6, while RIP passed it in as hda6...
  Deciding to see what Arch would be seeing as it tried to set things up in the boot sequence, I tried the following next:
  # mknod “/dev/root2” b 3 6   
  (“3” because RIPLinux refers to my hard drive as IDE, while Arch refers to it by major number “8”, which is SCSI. By the way, it IS an IDE drive – not sure why Arch insists on using the sdx nomenclature instead of hdx)
  Then I entered “mount /dev/root2 /mnt/hda6” and “ls /mnt/hda6”
  All was well. I can make the node, I can mount it, and I can see the contents. All is clearly well, but something is clearly wrong enough that Arch can’t boot.
  I am totally out of ideas. I have tried every trick I know and am out of tricks. I would welcome any insights as to what I could try to get this venerable Arch installation back on its legs.
  By the way, the key section of the /etc/lilo.conf file (lest anyone want to know) is:
  image = /boot/vmlinuz26
     root = /dev/sda6
     label = ArchLinux-Duke
     initrd = /boot/kernel26.img
     read-only
  I am stumped. Thanks in advance for any and all pointers you may be able to offer.
  Last edited by mac57 (2014-06-02 17:42:21)

  Folks, thanks for all your helpful comments, and I wanted to report back to you that I finally overcame the issue, and ArchLinux-Duke (2007) is once again executing flawlessly on my old Pentium Pro 200 system. I won't bother reporting here all the blind allies I went down as I tried to figure out what was wrong, but in the end, literally moments before I was about to give up and overwrite my Arch installation with a new Linux variant (antiX seemed well suited for such old and low power hardware), my attention was drawn to a note I had made in my files back in 2007 about a problem with similar symptoms. In that case, I had just deleted ZenWalk Linux from the hard drive (both Arch and Zen had been on the drive), and merged several partitions to make use of the newly free space. This had changed Arch's view of the drive lettering, and what had been its /dev/sddx root device was now /dev/sdcx. Arch failed to boot, throwing off the same errors I was seeing now. I wish I had recalled that note a month or so ago! It would have saved me a lot of work and a lot of frustration.
  At any rate, as a last step, and testing the idea that maybe the drive lettering had changed for some reason, I repeatedly manually booted Arch, specifying root=/dev/sda6, then /dev/sdb6, then /dev/sdd6, and finally, /dev/sdc6. Eureka! Arch now considered itself to be on /dev/sdc6 whereas previously it had been on /dev/sda6. This got me part way there, but the boot failed at the filesystem check stage and threw me into root. I disabled the file system check in /etc/rc.sysinit and got farther. Then I cleaned up /etc/fstab to agree with the new sdc naming, and I was back on the air fully.
  So, what had happened was that Arch had changed its view of the drive it was on from sda6 to sdc6. While I could not understand why this "sudden" change had occurred, at least I had a solution, and had Arch back up and running.
  Trolling through the rest of my notes, I found the answer. In 2012, the Tekram SCSI card in the machine failed, and I ultimately replaced it with an Adaptec card. The Tekram card did not have a BIOS segment on it. The Adaptec card did. My guess is that this caused the two internal SCSI devices I have built into the system (Iomega ZIP and Jaz respectively) to be enumerated first, claiming the "sda" and "sdb". device names. That left "sdc" for the root device, and that is where Arch went next.  This is my guess anyway.
  I should have caught this issue back in 2012, at the time, but from my notes, I can see that I tested the new card thoroughly using the  Windows NT 4.0 side of the machine, but never thought to bring up Arch as well. Hence, this problem lay dormant for two years, before I attempted to fire up Arch last month and blundered right into it.
  It has not all been bad. I have learned more about the ext2 and ext3 file systems and superblocks in the intervening time than I will ever need to use. I have learned how to manually boot Linux on a machine whose BIOS is so old that it cannot address the disk cylinder that the kernel is on and I have completely refreshed the many general Linux skills that used to just flow from my finger tips. It has been a frustrating experience, but ultimately a successful and useful one.
  Just wanted to let everyone know that this is now [SOLVED]. I would mark the post as such, but I don't see any obvious way to do that. Thanks again everyone.

• [Bounty] Free Macbook Pro to get Arch Linux running on Amazon's EC2

  First, the details:
  I will purchase a lowest–end Macbook Pro 13″ ($US 1,200 on Apple's store, new) for the first person to deliver to me a working set of step–by–step instructions for installing the latest Arch Linux on top of Amazon's EC2 platform.
  Caveats & Rules:
  - I don't care how long it takes you—there's a good chance I'm doing something absolutely stupid in my noobishness that's causing the problems I've been experiencing; if it takes you half an hour to make a working AMI, and produce instructions to do such… you just won yourself a Macbook Pro for half an hour's work. Booyah!
  - Again, I say, I don't care how long it takes you—if you don't produce a working set of instructions, there will be no payout, even if you spend 200 hours trying (as I already have!). It's a bounty, not a work contract d-:
  - You must provide me with instructions that work for me (as I don't intend to use your AMI, but rather modify the steps that worked for you a bit at a time until I arrive at an AMI configured exactly as I want it). If you arrive at a working AMI, and can reproduce your steps successfully locally, but they can't be made to work for me, I may be able to go about procuring alternative hardware for myself on which to preform the steps, or taking other measures to reproduce your environment; but the bottom line is I will not shell out until I can, personally, produce a working AMI running Arch Linux.
  - The instructions are considered to be "working" when I can successfully SSH into the root account on an instance instantiated from an AMI created by following the instructions using the key generated by EC2.
  - Your instructions must work both for x86_32 and x86_64 instance types; however, this shouldn't be too much of a problem, as (barring any weirdness) anything that works on x86_32 should be easily made to work on x86_64.
  - Instructions that involve instantiating an intermediate bundling host (say, a CentOS or Fedora Core instance) and then installing Arch to a loopback filesystem using a statically–built pacman are much preferred to instructions that involve me having to install and package Arch locally and then ship it up to S3, because my upstream is unimaginably slow and I eventually will need to create something between eight and twenty different AMIs (see below). But anything that works will be accepted.
  - If you don't want a Macbook Pro, alternative payment methods may be arranged, though you need to contact me before you start and arrange these, as there's only so much I can do.
  - If you are in any way confused or unsure of what I'm offering here, please contact me before you start (see below for contact info)
  Backstory:
  I set up the first AMI for Arch Linux on Amazon, but unfortunately, I did some really stupid things (hey, I was completely new to Linux at the time, gimmie a break!). The root filesystem was limited to 1GB, there was a whole bunch of software that really was completely unnecessary (WiFi drivers? on a virtualized server? seriously?), there were no kernel modules provided… and so on.
  So, after running all my stuff on instances of that for a while, I finally got fed up and found the time to start setting up a newer, cleaner AMI. Unfortunately, I made the mistake of deleting my old AMI before starting work on the first. Now I find myself completely unable to create an AMI that will work whatsoever, and I cannot for the life of me figure out why.
  I've already invested 200 or so hours of my personal time since deleting my original, broken AMI; I'm very fed up and in badly need of working instances. I tried every method I could think of; running the Arch installer from a LiveCD locally and then bundling the running (and thus proved working) Arch install and shipping it off to S3; installing Arch on a loopback filesystem locally, cloning it to a local partition, booting to it to ensure it works, and shipping it off to S3; installing Arch on a loopback filesystem on a remote bundling host running CentOS or whatever and then shipping it off to S3… I've tried installing nothing but the essentials, I've tried installing everything the installer offers… I've tried to do my best to remember the exact steps I took the first time around, years ago, and reproduce them exactly… nothing has worked.
  If I take EC2 out of the equation, and install the images I've prepared locally, they work. If I take Arch out of the equation, and install, say, CentOS instead, and then ship it off to EC2, it works. The only time I have problems is when I attempt to install Arch Linux specifically on EC2 specifically; the exact use–case I need.
  I've run into a lot of problems along the way, and fixed them as I go, but I universally end up with an AMI that, once instantiated, does not successfully boot. Worse yet, I get absolutely no output from the console (provided by the ec2-get-console command–line tool) to help me debug the problem. I can't give you any more specifics beyond this to help you, because I don't want to insinuate some idea that will cause you to make some little stupid mistake that I also made, thus dooming the project.
  Contact:
  For more info of any sort, please hit me up on Google Talk or Jabber (… or any other XMPP–federated chat service, or AIM, or ICQ, or MSN, or whatever you like, they all use the same address anyway) at the following address:
  [email protected]
  Edit: I should point out that it would be good form to post here if you're going to make a stab at it, so interested parties know how many people are already making attempts.
  Last edited by elliottcable (2009-07-25 03:59:46)

  drtoki wrote:
  http://blog.mudy.info/2009/04/archlinux-ec2-public-ami/
  lolwat
  from fryguy
  Public AMIs aren't what I need, because I need to mass–produce quite a few AMIs with different custom configurations for different purposes; so I have to be able to start from scratch and arrive at a working AMI *myself*.
  As for the script, I'm sitting down to play with it now; it looks just about exactly like what I've been doing so far. Maybe there's some small thing he did differently that will make it work. Here's hoping it works for me; that'll be a real load off my chest.

• [HOWTO] Installing Arch Linux stable release on Acer Aspire One 522

  [This is a work on progress and my first howto ever]
  These steps will teach you how to install ArchLinux x64 stable release (currently 2010.05) on Acer Aspire One 522 from an existing ArchLinux (your desktop computer)
  As you need a 2.6.37+ kernel to make networking work on the AO522, installing stable release as is won't work.
  This Howto borns with the intention to address this problem.
  You need to be familiarized with Linux internals to follow this howto.
  (Expect this howto to become useless with new stable releases of ArchLinux.)
  Remember to make a backup of your Windows 7 Starter system before installing ArchLinux.
  I did a full raw copy of the harddisk by using systemrescuecd, an external harddisk and dd utility:
  Just boot with systemrescuecd
  Mount your external harddisk on /mnt/floppy for example
  Clone harddisk with: dd if=/dev/sda |gzip -c > /mnt/floppy/ao522.img
  This process took me a lot of time since my external harddisk is USB-1 (almost an entire evening)
  Result image was about 22GB size
  This image will restore partition table, boot sector and all data if things go wrong.
  I followed some of the steps from this guide: https://wiki.archlinux.org/index.php/In … ting_Linux
  If you have some Gentoo Linux experience you will find those steps really familiar.
  You will need 2 USB pendrives or similar storage options.
  One is needed to boot into your netbook, and the other to store our custom archlinux build.
  Making an updated ArchLinux system
  1) Make a local dir on your existing linux system
  # mkdir ./newarch
  2) Install pacman database on it
  # pacman -Sy -r ./newarch
  3) Install base system
  # pacman -S base -r ./newarch
  4) Let's chroot inside
  # cp /etc/resolv.conf ./newarch/etc/
  # cp /etc/pacman.d/mirrorlist ./newarch/etc/pacman.d
  # mount -t proc proc ./newarch/proc
  # mount -t sysfs sys ./newarch/sys
  # mount -o bind /dev ./newarch/dev
  # chroot ./newarch /bin/bash
  5) Edit configuration files
  # nano -w /etc/rc.conf
  # nano -w /etc/hosts
  # nano -w /etc/mkinitcpio.conf
  Forget /etc/fstab for now since you don't know what partitions to use yet
  6) Generate kernel image
  # mkinitcpio -p kernel26
  7) Generate locales
  # nano -w /etc/locale.gen
  # locale-gen
  8) Make a tarball with our custom ArchLinux
  # exit
  # umount ./newarch/proc
  # umount ./newarch/dev
  # umount ./newarch/sys
  # tar -cvpf newarch.tar ./newarch
  9) Copy this tarball to an USB pendrive or external harddisk
  10) Boot your netbook with a Linux bootable USB stick (I used systemrescuecd, and remember to pick the x64 bit kernel at grub screen)
  You can use any linux distribution with usb bootable options. I suppose ArchLinux works too
  To install SystemRescueCD on an USB stick follow this tutorial -> SystemRescueCD on usb stick
  Insert the usb stick on your netbook, switch on, hit F2 to enter BIOS menu, and choose to boot from USB as first option. Save and Exit.
  You should be booting into SystemRescueCD without any problem.
  After initialization you will end in a root prompt.
  11) Let's partition the disk
  You will find 3 partitions if this is your first time:
  /dev/sda1 2048 29362175 14680064 27 Hidden NTFS WinRE
  /dev/sda2 * 29362176 29566975 102400 7 HPFS/NTFS/exFAT
  /dev/sda3 29566976 488397167 229312696 7 HPFS/NTFS/exFAT
  My recomendation is to leave sda1 and sda2 intact, as they have the recovery information to restore Windows 7 Starter
  You have plenty of space with sda3, about 230G.
  So run fdisk/cfdisk and delete /dev/sda3
  Now create a 100M partition for boot
  Now create a Extended partition with all the space left
  Now create a 1GB logical partition for swap
  Now create a 10-15 GB  logical partition for root system
  And finally a logical partition for our home partition with all space left
  Your partition table should look like this:
  /dev/sda1 2048 29362175 14680064 27 Hidden NTFS WinRE
  /dev/sda2 * 29362176 29566975 102400 7 HPFS/NTFS/exFAT
  /dev/sda3 29566976 29771775 102400 83 Linux
  /dev/sda4 29771776 488397167 229312696 5 Extended
  /dev/sda5 29773824 31821823 1024000 83 Linux
  /dev/sda6 31823872 63281151 15728640 83 Linux
  /dev/sda7 63283200 488397167 212556984 83 Linux
  12) Create filesystems
  I choosed ext2 for boot, and reiserfs for root and home partitions.
  # mke2fs /dev/sda3
  # mkreiserfs /dev/sda6
  # mkreiserfs /dev/sda7
  # mkswap /dev/sda5
  13) Mount partitions
  # mkdir arch
  # mount /dev/sda6 arch
  # mkdir arch/boot
  # mount /dev/sda3 arch/boot
  # mkdir arch/home
  # mount /dev/sda7 arch/home
  14) Copy our custom ArchLinux build on it
  # mount /dev/sdb1 /mnt/floppy (for example)
  # cd arch
  # tar -xvpf /mnt/flopy/newarch.tar
  15) Configure /etc/fstab
  Mine is as follows:
  devpts /dev/pts devpts defaults 0 0
  shm /dev/shm tmpfs nodev,nosuid 0 0
  /dev/sda3 /boot ext2 defaults 0 1
  /dev/sda6 / reiserfs defaults 0 1
  /dev/sda7 /home reiserfs defaults 0 1
  /dev/sda5 swap swap defaults 0 0
  16) Chroot in your new system
  # mount -t proc proc ./proc
  # mount -t sysfs sys ./sys
  # mount -o bind /dev ./dev
  # chroot ./ /bin/bash
  17) Install grub
  # grub-install
  Edit /boot/grub/menu.lst to suit your needs
  Mine looks like this:
  timeout 5
  default 0
  color light-blue/black light-cyan/blue
  title Arch Linux
  root (hd0,2)
  kernel /vmlinuz26 root=/dev/sda6 ro
  initrd /kernel26.img
  title Arch Linux Fallback
  root (hd0,2)
  kernel /vmlinuz26 root=/dev/sda6 ro
  initrd /kernel26-fallback.img
  title Windows 7 Recovery
  rootnoverify (hd0,0)
  makeactive
  chainloader +1
  As you see, you can restore Windows 7 Starter from Grub.
  18) Change root password
  # passwd
  19) Add a regular  user account
  # useradd -G video,audio,users -m username
  # passwd username
  20) You're done!
  # exit
  # cd ..
  # umount ./arch/proc
  # umount ./arch/dev
  # umount ./arch/sys
  # umount ./arch/boot
  # umount ./arch/
  # reboot
  Remove the usb stick from your netbook.
  If all went ok, you will be inside your new stable and updated ArchLinux system
  Next post is reserved for software configurations specific to the Acer Aspire One 522
  Last edited by tigrezno (2011-04-20 12:22:38)

  Using acpid to achieve the following:
  - Change screen brightness when operating in battery mode
  - Power off when the power button is pressed
  - Suspend when the lid is down
  - Reduce CPU frequency speed to maximize battery usage
  Remember that system suspend is only supported by ati free driver xf86-video-ati
  1) Install acpid daemon and cpufrequtils
  # pacman -S apcid cpufrequtils
  2) edit acpid handler script
  # nano -w /etc/acpi/handler.sh
  Change the following section:
  ac_adapter)
  case "$2" in
  AC)
  case "$4" in
  00000000)
  echo -n $minspeed >$setspeed
  #/etc/laptop-mode/laptop-mode start
  00000001)
  echo -n $maxspeed >$setspeed
  #/etc/laptop-mode/laptop-mode stop
  esac
  *) logger "ACPI action undefined: $2" ;;
  esac
  for:
  ac_adapter)
  case "$2" in
  ACAD)
  case "$4" in
  00000000)
  echo 3 > /sys/devices/virtual/backlight/acpi_video0/brightness
  cpufreq-set -c 0 -f 800Mhz
  cpufreq-set -c 1 -f 800Mhz
  00000001)
  echo 9 > /sys/devices/virtual/backlight/acpi_video0/brightness
  cpufreq-set -c 0 -f 1000Mhz
  cpufreq-set -c 1 -f 1000Mhz
  esac
  *) logger "ACPI action undefined: $2" ;;
  esac
  Make sure you changed AC) for ACAD)
  Now change this other section:
  button/power)
  #echo "PowerButton pressed!">/dev/tty5
  case "$2" in
  PWRF) logger "PowerButton pressed: $2" ;;
  *) logger "ACPI action undefined: $2" ;;
  esac
  with:
  button/power)
  #echo "PowerButton pressed!">/dev/tty5
  case "$2" in
  PWRF) poweroff ;;
  *) logger "ACPI action undefined: $2" ;;
  esac
  Change:
  button/lid)
  #echo "LID switched!">/dev/tty5
  logger "ACPI group/action undefined: $1 / $2"
  for:
  button/lid)
  pm-suspend && /etc/rc.d/network restart
  logger "ACPI group/action undefined: $1 / $2"
  Network restart is used because wlan0 will disconnect from AP after some time. You can try using iwconfig wlan0 essid <ap> key <key> instead of the network script, but haven't tested it myself.
  3) Start acpid and load modules
  # modprobe powernow-k8
  # /etc/rc.d/acpid start
  Add "acpid" to DAEMONS in /etc/rc.conf to start on boot
  Add "powernow-k8" to the modules sections on /etc/rc.conf to load at boot
  Stopping system freezes due to ethernet driver
  The only way people have found to avoid freezes is by blacklisting atheros kernel drivers.
  To do it at boot just edit /etc/rc.conf and change the MODULES line as this:
  MODULES=(!ath9k !atl1c)
  Reboot and you're done, but remember to not press the Wifi key, because it can freeze your system.
  Correctly starting wireless at boot
  I've found that standard scripts wont load properly my wireless lan. It gave an error telling you to use the WIRELESS_TIMEOUT variable and such.
  To solve this, edit /etc/rc.d/network script and change the wi_up function by adding a second iwconfig command like this:
  wi_up()
  eval iwcfg="\$wlan_${1}"
  [[ ! $iwcfg ]] && return 0
  /usr/sbin/iwconfig $iwcfg
  [[ $WIRELESS_TIMEOUT ]] || WIRELESS_TIMEOUT=2
  sleep $WIRELESS_TIMEOUT
  /usr/sbin/iwconfig $iwcfg
  bssid=$(iwgetid $1 -ra)
  It will do the trick and will start at boot correctly. This is not a solution but a fix.
  Adjust Touchpad to disable false taps
  What I did here is defining an area to be ignored. This area are 3 rectangles on top, left and right of the touchpad.
  This means you can write and press space without having the cursor click out of the window and such.
  # synclient AreaLeftEdge=150
  # synclient AreaRightEdge=1300
  # synclient AreaTopEdge=300
  Also, add it to your /etc/X11/xorg.conf.d/10-evdev.conf:
  Section "InputClass"
  Identifier "evdev touchpad catchall"
  MatchIsTouchpad "on"
  MatchDevicePath "/dev/input/event*"
  Driver "evdev"
  Option "AreaTopEdge" "300"
  Option "AreaLeftEdge" "150"
  Option "AreaRightEdge" "1300"
  EndSection
  You can play with those values. They just work for me.
  Last edited by tigrezno (2011-04-23 13:49:48)