Rvm - Ramdisk volume manager for Arch
Hi,
I tried an experiment, this is a little tool that allows you to create tmpfs based ramdisks with Arch Linux installed on them. This script depends on `arch-install-scripts' as it uses pacstrap.
You can for example do:
sudo ./rvm create arch /home/bla/arch-mnt
This will essentially install arch in `/home/bla/arch-mnt' (base and base-devel so far). The target dir `arch-mnt' will automatically be mounted as tmpfs (2G at the moment, although a command line option for the preferred size would be useful). On top of this a .tgz of the installation will be created and placed in RVM_VOLUMES_PATH (which needs to be set manually in the shell script for now, typically `/home/<user>/.rvm').
We can then do:
sudo ./rvm start arch /home/bla/arch-mnt
This will unpack the `arch.tgz' from RVM_VOLUMES_PATH into the mount point. We can then use `arch-chroot'.
Similarly to stop the ramdisk we do:
sudo ./rvm stop arch /home/bla/arch-mnt
This will backup everything from the mount point to a .tgz and copy it back to RVM_VOLUMES_PATH.
There are a couple of things that could be done better and will be, this is just a barebones version of the script. We could for example have rc.d/systemd scripts to start/stop etc.
Code is available on github
Last edited by dimigon (2012-09-20 14:35:28)
Hi,
I tried an experiment, this is a little tool that allows you to create tmpfs based ramdisks with Arch Linux installed on them. This script depends on `arch-install-scripts' as it uses pacstrap.
You can for example do:
sudo ./rvm create arch /home/bla/arch-mnt
This will essentially install arch in `/home/bla/arch-mnt' (base and base-devel so far). The target dir `arch-mnt' will automatically be mounted as tmpfs (2G at the moment, although a command line option for the preferred size would be useful). On top of this a .tgz of the installation will be created and placed in RVM_VOLUMES_PATH (which needs to be set manually in the shell script for now, typically `/home/<user>/.rvm').
We can then do:
sudo ./rvm start arch /home/bla/arch-mnt
This will unpack the `arch.tgz' from RVM_VOLUMES_PATH into the mount point. We can then use `arch-chroot'.
Similarly to stop the ramdisk we do:
sudo ./rvm stop arch /home/bla/arch-mnt
This will backup everything from the mount point to a .tgz and copy it back to RVM_VOLUMES_PATH.
There are a couple of things that could be done better and will be, this is just a barebones version of the script. We could for example have rc.d/systemd scripts to start/stop etc.
Code is available on github
Last edited by dimigon (2012-09-20 14:35:28)
Similar Messages
-
Veritas volume manager for solaris 10
Hi All
which version veritas volume manager will support solaris 10 06/06.
can you just update a link for reference
Regards
RPSHello,
we are currently using solaris 9 with veritas volume manager 3.5.So i would like to know if i upgrade to solaris 10 06/06.whether i can use 3.5 or not.
Using the Veritas (Symantec) support site, I have found the following document
VERITAS Storage Solutions 3.5 Maintenance Pack 4 for Solaris
http://seer.support.veritas.com/docs/278582.htm
The latest supported version listed for VxVM 3.5 with MP4 applied is Solaris 9. That means the answer is NO.
I understand that searching the Veritas knowledge base might be tough and time consuming, but it's their product ...
Michael -
Linux LVM (Logical Volume Manager) for CentOS on Azure?
Hi. I am trying out Azure and installed a OpenLogic CentOS 6 virtual machine. I note that it is not running LVM (Logical Volume Manager) by default. I would like to ask if it is possible to:
1. have CentOS Linux installed with LVM by default when creating a Linux virtual machine on Azure
2. switch to LVM after adding a new disk
On the other hand, is it a good idea to use LVM at all? Will it affect performance, features on Azure?
Thanks.Hi,
Based on my experience, you can add disk to an Azure VM. You can install the Logical Volume Manager to manage the disks attached to the VM. In addition, there is no Linux VM with LVM installed by default. If you want to have this, please submit your requirement
in Azure feedback:
http://feedback.azure.com/forums/34192--general-feedback
In addition, since you can have only one OS system disk for an Azure VM, this limitation may make multi-disk logical volume manager setups unworkable.
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Some soggestion about a tray icon to control volume in fluxbox?
more info here: https://bbs.archlinux.org/viewtopic.php?pid=1209271
tried:
volwheel
gvtray
fbmix
with no success.volumeicon, create an icon in tray, if you leftclick it you can enable/disable volume, if you rightclick it open a terminal with alsamixer.
pnmixer instead create an icon in tray, if you left-click it open a menu where you can mute or unmute and a button that link you to sound preferences.
noone of them popup a slider, the only one now is volweel, but it have a lot of problem, when you move the slider it return to 0.
(thanks for the reply) -
Is there a scriptable clipboard manager for Arch Linux?
I mean I would like to make an event handler to run when data is copied to the clipboard (and an appropritae event handler is fired), and making some text processing on the clipboard data.
I doubt something exactly like that exists yet, but if you know any C it would be pretty easy to make.
As an alternative, you could just bind a script to a key of choice that does the following:
xsel | sed 's/.../' | xsel -b -i
replace sed with awk, or whatever processing you'd want to do. When you call this script (say you rebind Ctrl-C to call this script) whatever is currently selected will be processed, by sed in this case, and written to the clipboard. -
Prime LMS 4.2 installation with solaris 10 volume manager
Hello
Is it possible to use Solaris Volume Manager for disk mirroring in prime LMS 4.2 installation over sparc arquitecture?
This is intended for having hard disk redundancy support.
Is there any documented reference?
O.S. Solaris 10 08/11
Cisco prime LMS 4.2
RegardsThey were not tested together, and I recommend they not be installed on the same zone instance (due to potential conflicts). Now, if you're certain you have a server that can accommodate both suites (in terms of resources), create separate zones for each suite. This will eliminate the conflict possibility while still giving you one overall physical machine to manage.
-
Veritas volume manager needed?
any one has veritas volume manager for unix systems? can you make me a copy? i'll pay you some money too? i need it for a practice only?
my email address is : [email protected]
thanks.Getting an image to you will mean nothing if you don't get a license key anyway, and that you have to get from Veritas.
-
SVM equivalent command for veritas volume manager "VXEVAC" command
Hi All
I am working on a major migration project , where servers are heterogenous with part of servers with Veritas volume manager and rest with Solaris volume manager.
Migration is quite easy on Veritas servers using "VXEVAC COMMAND " i can easily move my data to new luns
But need to know any equivalent procedure in SVM. ..
all servers with latest solaris 10
Quick reply is highly appreciated.
Rgds
MdHello,
I�m not an expert on volume management, but maybe these considerations that come to my mind can help you to improve your performance:
1.- The interlace size of the striping. You should adjust the size of the striping to match the I/O requests made by the Operating System or by the database management software (is the data access in a raw mode?). For example, if the data access is made through normal ufs access, the stripping size should match the block size of the file system.
2.- Are those disks on different controlers? Maybe a saturation of the controler, of the bus, etc... could slow down your I/O read/writes.
Bye,
jmiturbe -
Volume Manager RAID-1 maintance procedures for X2100
Hi all,
we are using the new Sun Fire X2100 with Solaris 10 and a Volume Manager RAID-1 configuration.
Configuring Mirroring with Volume Manager isn't complicated at all (apart from some tricks necessary on x86 systems).
Does anybody know how to properly handle maintenance situations. We would like to replace a faulty disk without a need for restarting the system, switching it off or changing to single user mode. Cause the X2100's two drives are hot swappable, in principle, this should be possible, isn't it?
Thanks in advance
Regards,
gbHi all,
we are using the new Sun Fire X2100 with Solaris 10 and a Volume Manager RAID-1 configuration.
Configuring Mirroring with Volume Manager isn't complicated at all (apart from some tricks necessary on x86 systems).
Does anybody know how to properly handle maintenance situations. We would like to replace a faulty disk without a need for restarting the system, switching it off or changing to single user mode. Cause the X2100's two drives are hot swappable, in principle, this should be possible, isn't it?
Thanks in advance
Regards,
gb -
Suggestion for dbus, hal. new gnome-volume-manager-version.
Heya,
I just installed dbus, hall from cvs and gnome-volume-manager from tarball and have some suggestions:
dbus:
the default during configure seems to be to detect if you have the necessary things installed and based on that enable a component.
To disbale qt-bindings add:
--disable-qt
to configure, else it will try to compile the qt-bindings and without a libGL.la it won't work ... (and this isn't in the Mesa package or wasn't anyway as far as I can tell).
hal:
could you add the option "--enable-fstab-sync" to configure in the new versions? It seems to be usefull . It can be it wasn't available earlier ...
gnome-volume-manager:
I just upgraded to 0.9.9 If anyone wants to have the binary just tell me where to upload.
greetz,
MichelMichel wrote:
Heya,
I just installed dbus, hall from cvs and gnome-volume-manager from tarball and have some suggestions:
dbus:
the default during configure seems to be to detect if you have the necessary things installed and based on that enable a component.
To disbale qt-bindings add:
--disable-qt
to configure, else it will try to compile the qt-bindings and without a libGL.la it won't work ... (and this isn't in the Mesa package or wasn't anyway as far as I can tell).
there are solutions on this forum to fix the libGL.la. this file will be included with future builds of xorg/xfree86. NVIDIA drivers should also provide this file. this file is only an issue for building.
file a bug report feature report to add this build option to the package
hal:
could you add the option "--enable-fstab-sync" to configure in the new versions? It seems to be usefull . It can be it wasn't available earlier ...
if this package is in one of the three official repos file a feature request.
gnome-volume-manager:
I just upgraded to 0.9.9 If anyone wants to have the binary just tell me where to upload.
if a package has just fallen out of date up to about two week leave time for the maintainer to upgrade it . you can flage the package out of date via the web page. this is way better than offering it to people or uploading it somewhere.
the flag otu of date feature is always a better option to cluttering the list with update requests and the bug tracker is the best way to convey your wanted build changes. alot of the developers do not frequent this forum but all are member of the bug tracker notification system. -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
Mounting drives on a udev+hal+gnome-volume-manager setup
Hi,
I set up Arch Linux on a friends computer. The setup seems to work, for example gnome-cd is started when one inserts an Audio CD. However, everything that involves mounting does not work. The error message given by gnome-volume-manager is
mount: wrong fs type, bad option, bad superblock on /dev/sda1,
or too many mounted file systems
* /bin/mount has sid set, 755, owner and file group are root
* udev is set up correctly, so /dev/hdc for example does have write rights for the group disk, and the user is member of that group.
What could be wrong?The problem was mainly about mounting, and not about /dev/sda or /dev/hdc. We found the solution:
The "mount" binary in Arch's current is confused by the entry "managed" that hal puts in /etc/fstab. You can correct this by
a) Adding a policy file in /usr/share/hal/fdi/95userpolicy named, for example, local.fdi that hinders hal from doing so:
<?xml version="1.0" encoding="ISO-8859-1"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">
<!-- Default policies merged onto computer root object -->
<device>
<match key="info.udi" string="/org/freedesktop/Hal/devices/computer">
<merge key="storage.policy.default.managed_keyword.primary" type="string">user</merge>
</match>
</device>
</deviceinfo>
Then restart hal by typing
/etc/rc.d/hal restart
as root
b) Patching "mount" as described in Arch Linux bug #1930.[/code] -
Mapping Alsa Volume Control for USB SoundCard (C-Media 650)
Hello everyone who is interested in helping me solve my volume control problem!
Lets see, I have sound playback working, currently I am listening to some Foo Fighters mp3s in XMMS using the Alsa plugin, so I can't complain too much.
However, volume control doesn't work. If I set the alsa plugin to use software volume control, then I have volume control but its not ideal and it doesn't help me when I'm not using xmms. When I run alsamixer or open the gnome volume control, I have multiple volume controls for the "Speaker" device. The 1st pair of volume controls do nothing, I can mute them and my music keeps playing... no idea what they're controlling. The 2nd pair ("Speaker 1") DOES control the sound volume. I just need to find a way to remap it or something so I can configure my applications/tray icon/etc to use it. (And preferabbly not the other 6 channels)
In the Gnome sound control, the devices are:
"Speaker" - stereo control that doesn't do anything
and "Speaker 1" - a 7.1 channel (8 sliders) with the first two controlling front left and right sound for my stereo speakers.
I've tried setting xmms to use "speaker 1", but the option is not in the drop-box, tried typing it manually but that didnt work.
I set my tray icon to control "speaker 1" but the sliders don't seem to lock properly and the volume just jumps around, unlocking the channels and not staying balanced or scaling with the slider.
The only way to get the volume to change as expected is to open the gnome volume manager, make sure the channels of "Speaker 1" are UNLOCKED and slide the first 2 sliders to the desired volume.
So I was thinking if I could just remap the first two channels of "speaker 1" to something else using an alias or link or editing asound.state (which just confused me) for example, then I could use my alias to control the sound in my applications. Thanks for any help with this!
Here's some system info that may or may not help:
AMD Athlon 5400 X2
Asus M2N-E SLi /w C-Media 650 onboard 8-channel audio CODEC (transfer audio signal over USB bus)
Fully uptodate Arch Linux 64-bit (pacman -Syu'd this morning)
aplay -L
default:CARD=default
PnP Audio Device , USB Audio
Default Audio Device
front:CARD=default,DEV=0
PnP Audio Device , USB Audio
Front speakers
surround40:CARD=default,DEV=0
PnP Audio Device , USB Audio
4.0 Surround output to Front and Rear speakers
surround41:CARD=default,DEV=0
PnP Audio Device , USB Audio
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=default,DEV=0
PnP Audio Device , USB Audio
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=default,DEV=0
PnP Audio Device , USB Audio
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=default,DEV=0
PnP Audio Device , USB Audio
7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=default,DEV=0
PnP Audio Device , USB Audio
IEC958 (S/PDIF) Digital Audio Output
null
$ cat /proc/asound/devices
2: : timer
3: : sequencer
4: [ 0- 0]: digital audio playback
5: [ 0- 0]: digital audio capture
6: [ 0] : control
asound.state:
state.default {
control.1 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'Mic Playback Switch'
value false
control.2 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 8065'
comment.dbmin -2400
comment.dbmax -2400
iface MIXER
name 'Mic Playback Volume'
value.0 6144
value.1 6144
control.3 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'CD Playback Switch'
value true
control.4 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 8065'
comment.dbmin -2400
comment.dbmax -2400
iface MIXER
name 'CD Playback Volume'
value.0 5575
value.1 5575
control.5 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'Speaker Playback Switch'
value false
control.6 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 8065'
comment.dbmin -2400
comment.dbmax -2400
iface MIXER
name 'Speaker Playback Volume'
value.0 6144
value.1 6144
control.7 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'Speaker Playback Switch'
index 1
value true
control.8 {
comment.access 'read write'
comment.type INTEGER
comment.count 8
comment.range '0 - 197'
comment.dbmin -3693
comment.dbmax -147
iface MIXER
name 'Speaker Playback Volume'
index 1
value.0 196
value.1 196
value.2 196
value.3 196
value.4 196
value.5 196
value.6 196
value.7 196
control.9 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'Mic Capture Switch'
value true
control.10 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 6928'
comment.dbmin -1600
comment.dbmax -1600
iface MIXER
name 'Mic Capture Volume'
value.0 4096
value.1 4096
control.11 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'PCM Capture Switch'
value true
control.12 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 6928'
comment.dbmin -1600
comment.dbmax -1600
iface MIXER
name 'PCM Capture Volume'
value.0 4096
value.1 4096
control.13 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'CD Capture Switch'
value true
control.14 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 6928'
comment.dbmin -1600
comment.dbmax -1600
iface MIXER
name 'CD Capture Volume'
value.0 0
value.1 0
control.15 {
comment.access 'read write'
comment.type BOOLEAN
comment.count 1
iface MIXER
name 'PCM Capture Switch'
index 1
value true
control.16 {
comment.access 'read write'
comment.type INTEGER
comment.count 2
comment.range '0 - 6928'
comment.dbmin -1600
comment.dbmax -1600
iface MIXER
name 'PCM Capture Volume'
index 1
value.0 4096
value.1 4096
control.17 {
comment.access 'read write'
comment.type ENUMERATED
comment.count 1
comment.item.0 Mic
comment.item.1 Mixer
comment.item.2 'CD '
comment.item.3 'Input 3'
iface MIXER
name 'PCM Capture Source'
value Mic
Thanks again!Some other observations that may be helpful (and, hopefully, get closer to the heart of the problem)...
(1) Whenever VLC is playing audio (as mentioned in previous post, it is only application that works in desired manner), it will show up in Kmix's "Playback Streams" tab. Whenever Wine and Firefox are playing, they do NOT show up in the "Playback Streams" tab.
(2) Kmix will not allow more than one open application to grab the UA-5 sound (e.g. If I open Firefox and play audio, stop playing audio (while leaving Firefox open), then open VLC and try to play audio, VLC will not play audio (unless Firefox is closed)). This is likely a related problem to the problem outlined in the previous post, but it might not be. If it isn't, I'll take advice on how to let KMIX grab multiple audio sources simultaneously on the same sound card.
Thanks for reading! -
Gnome-volume-manager doesn't work, nor another automounter
Hi there,
I have installed gnome-volume-manager but it apparentely does not work. I've followed the instructions from the FAQ - Arch Linux, and I have tried also recompiling it with --enable-automounting. I have tried also having Nautilus opened at the same time but it didn't work. My WM is IceWM.
//ivman works for the cdrom but not for usb devices. And I don't like AutoFS.
Last edited by jmcejuela (2009-04-10 15:06:34)I had this problem and it was related to ConsoleKit not being initialized properly. I was using SLIM as login manager and had to add ck-launch-session to my .xinitrc when starting the gnome session.
Last edited by iBertus (2009-04-10 17:21:33) -
Hi All -
I loaded Solaris 10 OS on two separate disks to be managed by RAID. The idea was that if one disk OS crashes, then RAID will switch me to the other disk and I should be able to boot from that without major loss in operational time of the node. For such a scenario, do I need to have Veritas Volume Manager or does Solaris 10 come with an default volume manager which will do this for me.
Your help is greatly appreciated.
RegardsRTFM :-)
http://docs.sun.com/app/docs/doc/816-4520
alan
Maybe you are looking for
-
ORA 01792 maximum number of columns in a table or view is 1000
Hello every1, I wish to register a large xmlschema doc, I am using the command begin dbms_xmlschema.registerschema( schemaurl=>'xxxx', schemadoc=>bfilename('XMLDIR','xxxxxx.xsd'), csid=>nls_charset_id('AL32UTF8')); end; But the schema file exists 100
-
How can I import VHS video into my macbook pro
I am trying to import VHS tapes into my macbook pro. I want to use them in iMovie. Any suggestions.
-
Can I export a project from Final Cut Pro X to FCE?
Hello All, I have the most current version of FCE and I am about to purchase FCPX. It looks like FCPX won't export to tape so that is why I want to export it to FCE and then to tape. Can this be done? Thanks, Mike
-
Why do I have to pay to get help for Itunes?
First off, why do I have to pay to get help? That is absolutely ridiculous when it is someone's JOB to be a "support" for this. I've had a reoccuring problem of my music not playing on my IPhone. I fixed it the first time by taking off all the music
-
Does Nokia c5 supports text copy paste feature
Friends i had recently bought a nokia c5 mobile phone and i wants to know that does this phone supports TEXT COPY AND PASTE FEATURE? Its urgent, plz reply. Thanks