[solved] Emacs fails to save to gpg encrypted files
I have a few org-mode files encrypted to .gpg files with different keys. Each file bears the headers to tell emacs it's an org-mode file and which key to use to encrypt/decrypt:
#-*- mode: org -*-
#-*- epa-file-encrypt-to: ("[email protected]")
This setup has been working flawlessly for years and the keys are set to expire later in 2015.
I noticed a couple days ago that emacs now fails to save those files: emacs works as expected while opening the files, i.e. pinentry-qt window shows up to ask for the passphrase, but when I tell it to save the file the following message is displayed in the minibuffer for a little while, then nothing and the file stays in its modified state. Last successful save dates from november 7th.
(numeric values replaced because they look like gpg keys)
Opening output file: [pub u 4096 1 <numeric value> <other numeric value> <another numeric value> nil u nil ...], 15
The command epa-list-keys fails with Args out of range:
command-execute: Symbol's function definition is void: \ epa-list-keys
epg-list-keys: Args out of range: ["pub" "u" "4096" "1" "<numeric value>" "<other numeric value>" "<another numeric value>" nil "u" nil ...], 15
I tracked this issue to this epg bug that supposed to be fixed since late november but obviously is not: http://debbugs.gnu.org/db/19/19002.html
For those with the same issue, here's how to fix it:
- uncompress epg.el.gz located in /usr/share/emacs/24.4/lisp
- apply the below diff to epg.el
- add write permission for regular user to epg.elc
- run the byte-compile command from inside emacs on epg.el
- remove write permission for regular user to epg.elc
diff --git a/lisp/epg.el b/lisp/epg.el
index 77181a1..4d9bbd2 100644
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -1910,8 +1910,9 @@ This function is for internal use only."
string (match-string 0)
index 0
field 0)
- (while (eq index
- (string-match "\\([^:]+\\)?:" string index))
+ (while (and (< field (length (car keys)))
+ (eq index
+ (string-match "\\([^:]+\\)?:" string index)))
(setq index (match-end 0))
(aset (car keys) field (match-string 1 string))
(setq field (1+ field))))
http://git.savannah.gnu.org/cgit/emacs. … d=dbae12c5
Last edited by kazimir (2014-12-13 13:55:43)
looks good.
See also. https://bbs.archlinux.org/viewtopic.php … 3#p1484413
Similar Messages
-
[SOLVED] zsh: Failed to execute operation: No such file or directory
I recently ordered a chromebook (acer c720) and have successfully replaced ChromeOS with Arch Linux. Things were going great the past 2 days but all of a sudden whenever I try to use tab completion on zsh (does not happen in bash or any other shell I've tested) I receive the message:
Failed to execute operation: No such file or directory
My .zprofile is:
emulate sh -c 'source /etc/profile'
#[[ -f ~/.zshrc ]] && . ~/.zshrc
if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
startx
fi
My .zshenv is:
export PATH=/home/zach/.bin:$PATH
export EDITOR=nano
export BROWSER=firefox
[[ $(tty) = /dev/tty1 ]] && xrdb merge /home/zach/.config/xresources
My .zshrc is:
#source ~/.zshenv
# Lines configured by zsh-newuser-install
HISTFILE=~/.histfile
HISTSIZE=100000
SAVEHIST=100000
HISTCONTROL=ignoredups
setopt appendhistory autocd extendedglob nomatch
bindkey -e
# End of lines configured by zsh-newuser-install
# The following lines were added by compinstall
zstyle :compinstall filename '/home/zach/.zshrc'
autoload -Uz compinit
compinit
# End of lines added by compinstall
PS1=$'\e[1;36m%~\e[0m >>\e[1;36m>\e[0m%] '
#Begin Aliases
alias edit='$EDITOR'
alias sedit='sudo $EDITOR'
alias pacman='sudo pacman'
# Listing
alias ls='ls --color=auto --group-directories-first'
alias lsl='ls --color=auto --group-directories-first -l'
alias lsa='ls --color=auto --group-directories-first -al'
alias lsp='ls --color=auto --group-directories-first -alp'
# Moving/Copying
alias cp='cp -r'
alias rm='rm -r'
alias ...='cd ../..'
alias ....='cd ../../..'
alias bd='cd -'
alias mkdir='mkdir -p'
# System
alias systemctl='sudo systemctl'
alias journalctl='sudo journalctl'
alias cronedit='EDITOR=nano crontab -e'
alias reload-daemons='sudo systemctl daemon-reload'
alias enable='sudo systemctl enable'
alias disable='sudo systemctl disable'
alias start='sudo systemctl start'
alias stop='sudo systemctl stop'
Is there something I'm missing or not considering? The tab completion still works, it just displays that message every time inline and it's really annoying. Also I searched google, the wiki, and the forums for any information regarding this and either my search-fu isn't strong enough or it's not showing up elsewhere.
Last edited by revoltorb (2014-09-13 14:05:44)Rename the "enable" and "disable" aliases. They are zsh hash table operators.
-
[SOLVED]Shutdown fails, probably because of some config file I changed
Right, i can't shutdown or reboot properly (pm-util's suspend works).
When I try, all (or most, I can't tell) of the deamons are closed properly, but then something attempts to do something with slimlock. It loops so fast I cant' really read the error
message, but I don't think slimlock is even suposed to be accessed at that point.
Deleting slimlock doesn't help, it just gives a "couldn't find command slimlock" (or something similar) error instead.
I have some vague idea that I'm to blame this, because I seem to remember messing around with the shutdown process, trying to get it to call slimlock before anything else.
The thing is; I don't remember.
From now on I'll keep some file with a log of changes I make to scripts and config files, to make this easier, but this time I really need help finding out what the heck I've done : )
Last edited by Bladtman242 (2012-03-10 01:48:46)I've commented the bash scripts out, and the problem persists.
So I figured I could "limit" the search to
find / -mtime -14 -and -size -2M -exec grep -lisE ".*slimlock.* {} \;"
It turned out to be a "sleep" script in /bin.
I still have no idea why that was called, but I'm marking the thread as solved
Thanks for your efforts
Last edited by Bladtman242 (2012-03-10 01:42:56) -
Failed Manifest Save???
I have been using the same e-reader on ADE and today I tried to download some books from my library when this error appeared:
Error during recover after failed manifest save
Error restoring backup file F:\DigitalEditions\backup_manifest.xml to F:\DigitalEditions\backup_manifest.xml
Error detail: Error # 2038
Now I can't open any files on my e-reader - the book titles appear, but when I try to open one it says "Failure to open file".
Also, every time I open ADE and connect my e-reader, ADE asks me to authorize my device. I've received the "too many activations" error twice tonight already, and have had to contact Adobe Help to reset it...there has to be an easier way around this! When I asked them about it, they gave me a link that said would answer my problems (http://forums.adobe.com/message/3044249#3044249) but it did nothing for me.
Any help would be greatly appreciated - I am in the middle of a fantastic book but can no longer access it on my e-reader!!!!!!!!!!Hi,
Regarding your problem please follow the steps as given below.
Delete following folder from your computer.
C:\Documents and Settings\Username\My Documents\My Digital Editions\restore.
Please Note : Location of the folder may differ according to your operating system
Regards
Rizwan -
Crystal Reports 2011 IDE fails to save active report
Hi,
I've been using CR 2011 to update some previous versions of CR. When I go to save the report 9 out of 10 times it fails to save the active report file and turns the report into a .tmp file. I then have to save the report back to a .rpt file and it is fine and the report still works. But this is driving me nuts. To have to keep on saving as after the IDE fails.
Anyone have any help/suggestions on this.
Thanks,
Jimhi Jim,
are you using crystal reports for visual studio as the IDE? if so, please repost your question here.
if not (i.e. you are using crw32, the regular crystal reports designer tool), please ensure that you've got the latest sp installed from here. after that, if you still experience the problem please provide a link to one of your reports (e.g. in dropbox) with saved data so that it can be tested by someone else on their version of cr.
thanks,
jamie -
Nokia 7610,PC suite fails to save backup files
im working with nokia PC siute 6.3.14(version 2.0) and iv got a nokia 7610.the connection is via USB.
pc siute fails to save the back up files(nfb) to PC.
the error message doesnt explain why.ichecked the software,reinstalled it and changed the destination folder
but nothing happende.sometimes by changing the destination folder it starts to save the file,however the file contains no data.its empty.(when i try to restore this file,the msg confirms that it's empty)
getting the backup takes hours and just when i think its over the error msg appears.
is there anything i can do?
can the failure be due my phone problems?
thanks for ur time and ur contributionTemporary disable the anti virus and see if it works. If it does then you are sure that the anti virus is blocking the connection. If that is the case then you will have to create an exception rule on the anti virus for the phone
-
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
Set Adobe Acrobat XI Pro. When I want to save the file in WORD, EXCEL or esporta file into ... immediately throws an error "save as failed to process this document no file was created".
What's the problem?
Any help in finding a solution is greatly appreciated.
Thank you,Installed AcrobatXI PRO 11.0.09 on seven computers and laptops. Two of them gives an error when you try to save a document in WORD, EXCEL, Power Point, or when exporting to... error: Save failed to process this document. No File was created.
But all good saves in the format of TXT and jpg.
I have uninstalled and restored and re-installed and updated and registry cleaned and removed using the special utility Cleaner Tool for Acrobat, but nothing helps.
On one notebook with Windows 8.1 and Microsoft office 2013, on another laptop with Windows 7 and Microsoft office 2010, the same problem, although there are computers with Windows 7 and Microsoft office 2010 and everything works.
Tell me where to find the problem and how to solve it.
Thank you. -
Hi experts,
Orders are required to be saved even credit block. In OVAK, credit check B is assigned to order type. In OVA8, static credit check is activated, reaction is C. No matter status/block is checked or not, I fail to save orders.
Is it due to Z-program? Pls help to solve. Thx.Hi,
might be some other credit control has been activated for your customer.
Just check out in IMG u2013 Enterprise structure u2013 assignment u2013 financial accounting u2013 assign company code to the credit control area.
Over here check out which credit control area is assigned your company code.
Now go to IMG u2013 Enterprise structure u2013 assignment u2013 SD u2013 Assign sales area to credit control area.
Check out which credit control area has been assigned to your sales area on which your customer master data has been saved.
Now go to FD32 and check one by one which control area is blocking up your sales order.
Regards
Raj. -
WSYNCMGR.LOG Failed to Sync Update. Failed to Save Update.
I recently had to re-install WSUS on an SCCM 2012 SP1 server which had a problem where the EULA's were not being downloaded by WSUS for any updates which needed them. Even attempting to download the updates within the WSUS console generated an error
about being unable to locate the EULA file.
I re-installed WSUS with a fresh DB, which caused SCCM 2012 SP1 to immediately expire and remove the updates it had previously synchronised. This took a horrendous amount of time (at least 6 hours) for it to process all of the changes to the packages
and deployments etc.
This did resolve the issue within WSUS regarding approving EULA'd updates, but I am now unable to perform a software updates sync with the following errors being recorded in the wsyncmgr.log;
Synchronizing update 8e6513d8-dc3a-4468-8108-d44618a6e412 - Windows Malicious Software Removal Tool x64 - January 2008 (KB890830)
Referenced configuration items are not available yet: <MissingReferences><Reference RelationType="1" ModelName="Site_7A5EE138-E14B-4A6F-A5A5-8253002809FB/SUM_2fffa61e-964e-442a-81ad-d822f55d57d8"/><Reference RelationType="1"
ModelName="Site_7A5EE138-E14B-4A6F-A5A5-8253002809FB/SUM_852c74ff-b1b6-4c4a-8490-b0b1d7296d2a"/></MissingReferences>
Failed to sync update 8e6513d8-dc3a-4468-8108-d44618a6e412. Error: Failed to save update 8e6513d8-dc3a-4468-8108-d44618a6e412. CCISource error: 2. Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.UpdatesManager.UpdatesManagerClass.DefineUpdate
These same errors occur for many updates and cause the sync to fail due to consecutive failures.
It looks to me like this MAY be happening only for Expired/Superceded updates and/or updates for which Configuration Manager has previously synchronised. A handful of updates HAVE made it into the console, but only ones never before synchronised. I
have searched for and trawled several blog posts for similar errors but these all seem to relate to errors in the objreplmgr.log and child sites - which I do not see any errors in there and this issue is with my primary site. The primary site DOES however
have two child Secondary sites, so I am wondering if there is a data mismatch somewhere.
I tried replicating the issue in my lab environment and no matter what I did, even hitting some of the tables directly to upset it, I could not replicate the problem to begin to try solutions.
I am very close to having to open up a call with MS, but wondered if anyone had any ideas?
This does raise a few questions regarding DR scenarios too - as to how important IS the SUSDB, how best and when to back it up and if it is expected behavior for SCCM to wipe out it's configuration if it is sync'd with a fresh WSUS install?
My Personal Blog: http://madluka.wordpress.comI just can't replicate this in my lab environment, and I am thinking that this is some sort of collateral damage done by the July patch applied by the customer that breaks SQL replication and also causes WSUS Sync issues. We didn't ever remove that
patch but instead implemented the SQL workarounds but this may just have resolved 'some' of the issues the patch caused. The annoying thing is that the day we implemented the workaround and proceeded to uninstall/reinstall WSUS and resync SCCM, Microsoft
released the updated version of the patch later that day (UK time) - wonderful timing.
My Personal Blog: http://madluka.wordpress.com -
Photoshop CS6 keeps crashing. I am using a brand new IMAC, I have 16GB RAM recently updated as it was running slow with 8GB and lots of hardrive space. When it crashes, i lose all my presents and it changes my preferences, it also fails to save or produce a recovered file despite settings asking it to do so every 5 mins now. When i try to report the problem, it says it has found an issue and gives me a link to a solution....but wont let me click on the link.... PLEASE HELP! It's killing my productivity.
If the crash started right after you added RAM, it could be a bad Ram dimm. You can try this - change the amount of RAM in Photoshop to 4G, this should stop Photoshop from using the higher ram. If it doesn't crash, it's probably the ram. Or run a diagnostic app. You don't say when it crashes, what you're doing when it crashes - it there a pattern? Did it ever work on this computer? Did it work on your previous computer? Without a lot of data, it could be related to the new computer... What OS version? Did you recently update it? Have you updated Photoshop to the most recent update?
Do you have any plug-ins loaded? Try restarting Photoshop, and immediately press & hold the shfit key to turn off plug-ins. -
Remote Desktop 3.6 fails to save sorting in client list view (on osx10.8)
Hi there,
i have sorted my controlled clients in the "all computers" section via the labels column to group them together by color.
this worked fine in older version of ard. now after upgrading from 3.5 the colors of the computers are preserved, but the column "labels" is disappearing after each restart of ard. and so the entries are always sorted alphabetically by name. I have noticed that the sorting does revert to that "standard" state
whatever the changes I make are. So I assume that ard fails to save the layout in com.apple.RemoteDesktop.plist. I have also removed com.apple.RemoteDesktop.plist from my preference folder to let it regenerate from ard, but the problem stays the same.
Has anyone filed a bugreport abut that behavior jet?
Tanks,
BenHello!
Same problem here for me:
Some ARD clients behind a vpn-tunnel.
ARD admin cpmputer running 10.9.1 and ARD 3.7.1
There is no problem with clients running 10.6.8, 10.7.5 and 10.8.5 with ARD client 3.5.4, 3.7 and 3.7.1
But clients with 10.9.* and ARD client 3.7.* is it impossible to do remote control. It does not matter which color/quality mode i select. The mouse movement is extremly sluggish and lagging - it takes a few seconds until the mouse settles down - I need about 10 seconds to close a window.
Once again all clients are controlled via the same vpn tunnel from the same ARD admin-computer.
Apple has to fix it ASAP. We rely on reliable software products.
Bye,
Christoph -
Hi There,
I've been using MDT for a little while now, but I'm having problems successfully deploying an image to a batch of new laptops. The laptop HDD's are completely blank, and I am PXE booting using an x64 Litetouch Image via WDS. I have successfully captured
my image from a reference laptop (the same model that I'm trying to image), and I am now trying to deploy it using a standard client task sequence.
The 'Install operating System' phase seems to go ok, but then sits for quite some time at the 'Applying Unattend.xml' stage, then eventually, I get a general error 'Task Sequence Failed - 80004005'. I then exit MDT (it doesn't reboot as it should), and let
the laptop boot, which it does, and logs straight on into Windows, but gives me error along the lines of 'can't find the litetouch script', which I assume means MDT hasn't been able to copy it across. The laptop is however joined to our domain, and I pretty
much just have to tick the 'require a password to log on to this computer' box in user accounts, and all looks ok.
So in summary, the image is applying, but the laptop is not rebooting and running the final cleanup scripts.
I have already changed the SATA mode to IDE, instead of AHCI, having read this sometimes causes problems. I also read that systems with UEFI BIOS can also cause problems with MDT, but I'm not sure if this is the case.
I have edited my customsettings.ini, to copy log files back to my server, which it has done for me. Having looked at the logs (with CM Trace), I can see these errors:
Failed to save environment to (80070057)
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Failed to save the current environment block. This is usually caused by a problem with the program. Please check the Microsoft Knowledge Base to determine if this is a known issue or contact Microsoft Support Services for further assistance.
The parameter is incorrect. (Error: 80070057; Source: Windows)
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Failed to persist execution state. Error 0x(80070057)
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Failed to save execution state and environment to local hard disk
TSManager 26/03/2014 15:48:09
1820 (0x071C)
The task sequence execution engine can not reboot the machine because we failed to persist execution environment
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Fatal error is returned in check for reboot request of the action (Restart computer).
Unspecified error (Error: 80004005; Source: Windows)
TSManager 26/03/2014 15:48:09
1820 (0x071C)
An error (0x80004005) is encountered in execution of the task sequence
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Task Sequence Engine failed! Code: 80004005
TSManager 26/03/2014 15:48:09
1820 (0x071C)
Any help you can give me would be great, as I'd like to get this process running properly.
Thanks,
SarahYou don't mention what kind of OS this is (Windows 7 Pro x64?)
This is a known issue/FAQ.
I would recommending using MDT 2012 (update 1) for UEFI machines.
Machines with uEFI 2.3.1 only support Windows 8.x.
http://technet.microsoft.com/en-us/library/hh824898.aspx
Recomendation: Convert the BIOS to CSM and/or upgrade to Windows 8.1 :^)
Keith Garner - keithga.wordpress.com -
I'm running Windows Vista Home Premium OS on Dell XPS 420 system. Firefox locks up each time I click on "Save As" under the "File" menu. Resetting Firefox did NOT solve the problem. If, instead of using Firefox, I log on to a website using Microsoft Windows Internet Explorer, the "Save As" feature works fine, as it should. I would occasionally like to save a web page, using "Save As" while using Firefox, instead of copying the page to a Word Document, and then saving it.
Hello,
The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information.
Note: ''This will cause you to lose any Extensions, Open websites, and some Preferences.''
To Reset Firefox do the following:
#Go to Firefox > Help > Troubleshooting Information.
#Click the "Reset Firefox" button.
#Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
#Firefox will open with all factory defaults applied.
Further information can be found in the [[Reset Firefox – easily fix most problems]] article.
Did this fix your problems? Please report back to us!
Thank you. -
When I start up FCPX 10.0.1, I get the following message "Failed to save. Unknown store type, format, or version."
Thanks, Andy. I checked, and it is formatted "Mac OS Extended (Journaled)".
Michael
Maybe you are looking for
-
This is a copy of a post I just put on TI's E2E forum... I just got an iPhone 5s so I could test compatibility with a custom app/custom BLE circuit... Note: after fixing some iOS7 issues, everything works fine on ALL BLE capable iPad and iPhone devic
-
Hi , I have this scenario where i need to pick the records from an Oracle staging table and i should insert the same header and item records in to a Flatfile which will be used to create records in SAP. The records in the oracle table would be of hea
-
Macbook won't install anyhting/macbook installeert niets
Hallo, Ik heb een probleem met mijn Macbook pro (uit 2009). Nooit heb ik echt problemen ervaren totdat ik een tijdje geleden Mavericks er op wilde zetten. Ik had de app gedownload en hij opende het wel. Vervolgens moest ik mijn wachtwoord van mijn co
-
Visibility into MaxDirectMemorySize usage?
Is there any way to gain visibility into how much of the MaxDirectMemorySize is being utilized, and how often this space is being reclaimed? Other than NIO, what Java code will benefit from MaxDirectMemorySize? Any insight appreciated. Lukas
-
Dear user, I want to find out who has changed the setting of the Variant Name of the program. Is there any table that captured the changes as well as the original setting before the new changes? Thank you.