Using "log_file_name_convert" and "db_file_name_convert" in asm for standby
Hi ,
Oracle 11R2 enterprise edition asm
We have cbsprod primary database on server and planning to create standby database .
I want to use "log_file_name_convert" and "db_file_name_convert" .
Plz let me know how the above parameters will be utilized by considering following info
Details on PRIMARY :
GROUP# STATUS MEMBER
1 +DATA1/cbsprod/onlinelog/group_1.262.813692221
1 +DATA1/cbsprod/onlinelog/group_1.263.813692221
2 +DATA1/cbsprod/onlinelog/group_2.264.813692221
2 +DATA1/cbsprod/onlinelog/group_2.265.813692221
3 +DATA1/cbsprod/onlinelog/group_3.266.813692221
3 +DATA1/cbsprod/onlinelog/group_3.267.813692221
4 +REDOCONTROL01/cbsprod/onlinelog/group_4.256.813773233
4 +REDOCONTROL02/cbsprod/onlinelog/group_4.256.813773235
5 +REDOCONTROL03/cbsprod/onlinelog/group_5.256.813773335
5 +REDOCONTROL01/cbsprod/onlinelog/group_5.257.813773335
6 +REDOCONTROL02/cbsprod/onlinelog/group_6.257.813773375
6 +REDOCONTROL03/cbsprod/onlinelog/group_6.257.813773375
7 +REDOCONTROL01/cbsprod/onlinelog/group_7.258.813773443
7 +REDOCONTROL02/cbsprod/onlinelog/group_7.258.813773443
8 +REDOCONTROL03/cbsprod/onlinelog/group_8.258.813773461
8 +REDOCONTROL01/cbsprod/onlinelog/group_8.259.813773461
9 +REDOCONTROL01/cbsprod/onlinelog/group_9.260.813773465
9 +REDOCONTROL02/cbsprod/onlinelog/group_9.259.813773465
Details on Standby database :
SQL> select GROUP#,STATUS,MEMBER from v$logfile order by GROUP#;
GROUP# STATUS MEMBER
1 +DATA1/cbsdr/onlinelog/group_1.262.813692221
1 +DATA1/cbsdr/onlinelog/group_1.263.813692221
2 +DATA1/cbsdr/onlinelog/group_2.264.813692221
2 +DATA1/cbsdr/onlinelog/group_2.265.813692221
3 +DATA1/cbsdr/onlinelog/group_3.266.813692221
3 +DATA1/cbsdr/onlinelog/group_3.267.813692221
4 +REDOCONTROL01/cbsdr/onlinelog/group_4.256.813773233
4 +REDOCONTROL02/cbsdr/onlinelog/group_4.256.813773235
5 +REDOCONTROL03/cbsdr/onlinelog/group_5.256.813773335
5 +REDOCONTROL01/cbsdr/onlinelog/group_5.257.813773335
6 +REDOCONTROL02/cbsdr/onlinelog/group_6.257.813773375
6 +REDOCONTROL03/cbsdr/onlinelog/group_6.257.813773375
7 +REDOCONTROL01/cbsdr/onlinelog/group_7.258.813773443
7 +REDOCONTROL02/cbsdr/onlinelog/group_7.258.813773443
8 +REDOCONTROL03/cbsdr/onlinelog/group_8.258.813773461
8 +REDOCONTROL01/cbsdr/onlinelog/group_8.259.813773461
9 +REDOCONTROL01/cbsdr/onlinelog/group_9.260.813773465
9 +REDOCONTROL02/cbsdr/onlinelog/group_9.259.813773465
18 rows selected.
The same situation for datafiles :
Datafiles on primary resides on +DATA1/cbsprod/datafiles/
+DATA2/cbsprod/datafiles/
+DATA3/cbsprod/datafiles/
+DATA4/cbsprod/datafiles/
+DATA5/cbsprod/datafiles/
+DATA6/cbsprod/datafiles/
+DATA7/cbsprod/datafiles/
+DATA8/cbsprod/datafiles/
+DATA9/cbsprod/datafiles/
Datafiles on standby resides on +DATA1/cbsdr/datafiles/
+DATA2/cbsdr/datafiles/
+DATA3/cbsdr/datafiles/
+DATA4/cbsdr/datafiles/
+DATA5/cbsdr/datafiles/
+DATA6/cbsdr/datafiles/
+DATA7/cbsdr/datafiles/
+DATA8/cbsdr/datafiles/
+DATA9/cbsdr/datafiles/
Enter below parameters in INIT<SID>.ORA file.
*.log_file_name_convert='<path of logfile in PR>','<path of logfile in DR>'
*.db_file_name_convert='<path of dbfile in PR>','<path of dbfile in DR>'
If there are multiple log and db destinations:
*.log_file_name_convert='<1st path of logfile in PR>','<1st path of logfile in DR>','<2nd path of logfile in PR>','<2nd path of logfile in DR>',...
*.db_file_name_convert='<1st path of dbfile in PR>','<2nd path of dbfile in DR>','<1st path of dbfile in PR>','<2nd path of dbfile in DR>',...
In your case:
*.log_file_name_convert='+DATA1/cbsprod/onlinelog/','+DATA1/cbsdr/onlinelog/','+REDOCONTROL01/cbsprod/onlinelog/','+REDOCONTROL01/cbsdr/onlinelog/','+REDOCONTROL02/cbsprod/onlinelog/','+REDOCONTROL02/cbsdr/onlinelog/',' REDOCONTROL03/cbsprod/onlinelog/','REDOCONTROL03/cbsdr/onlinelog/'
*.db_file_name_convert='+DATA2/cbsprod/datafiles/','+DATA2/cbsdr/datafiles/','+DATA3/cbsprod/datafiles/','+DATA3/cbsdr/datafiles/','+DATA4/cbsprod/datafiles/','+DATA4/cbsdr/datafiles/','+DATA5/cbsprod/datafiles/','+DATA5/cbsdr/datafiles/','+DATA6/cbsprod/datafiles/','+DATA6/cbsdr/datafiles/','+DATA7/cbsprod/datafiles/','+DATA7/cbsdr/datafiles/','+DATA8/cbsprod/datafiles/','+DATA8/cbsdr/datafiles/','+DATA9/cbsprod/datafiles/','+DATA9/cbsdr/datafiles/'
Note: Put "/" at the end of path.
Edited by: 1009303 on Jun 2, 2013 12:47 AM
Similar Messages
-
I have an IMAC and use Aperture and I am looking for a App that will allow me to have one of my photos look like a painting - any suggestions? It is a gift for my brother
I like photoshop elements.
http://www.photoshopelementsuser.com/blog/from-photograph-to-painting/
You can also do something like this:
http://www.luminous-landscape.com/tutorials/new_page_9.shtml -
ORA-39070 Error when using datapump and writing to ASM storage
I am able to export data using datapump when i write to a file system. However, when i try to write to an ASM storage, i get the following errors.
ORA-39002: invalid operation
ORA-39070: Unable to open the log file.
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
below are the steps i tooks.
create or replace directory jp_dir2 as '+DATA/DEV01/exp_dir';
grant read,write on directory jp_dir2 to jpark;
expdp username/password schemas=testdirectory=jp_dir2 dumpfile=test.dmp log=test.log
Edited by: user564785 on Aug 25, 2011 6:49 AMgoogle: expdp ASM
first hit:
http://asanga-pradeep.blogspot.com/2010/08/expdp-and-impdp-with-asm.html
"Log files created during expdp cannot be stored inside ASM, for log files a directory object that uses OS file system location must be given. If not following error will be thrown
ORA-39002: invalid operation
ORA-39070: Unable to open the log file.
ORA-29283: invalid file operation
ORA-06512: at "SYS.UTL_FILE", line 536
ORA-29283: invalid file operation
" -
I am struggling to work with spot colours, using scanned images edited in Photoshop for use in InDesign to then go to print.
We print to two plates to save money for our publication. In this case magenta and black.
I could use the spot colour mode but that works with curves and I only want a certain part magenta. Imagine a business card with a gloss finish where I only want to apply it to certain part ie the name of the employee, using a curve would match a certain shade therefore this method would be unsuitable.
I have also tried using channels, one grayscale and one magenta, but using the file types either InDesign bugs or it comes out in mono.
It isn't possible to recreate the logo in InDesign, if only it was this easy...
If someones already discussed this, I can't find it, but if someone could point me in the right direction—I'd be very grateful!
Using Photoshop CS4, InDesign CS4. Access to Adobe Cloud at home...I'm assuming at least some people on here must have experience of the Scintilla control for creating a Notepad++ type application. I'd like to use this control, unfortunately there is very little in the way of documentation or working examples
around
>unfortunately there is very little in the way of documentation
Have you read all of this?
Scintilla Documentation
http://www.scintilla.org/ScintillaDoc.html
>or working examples around
Have you examined this project in detail?
SciTE is a SCIntilla based Text Editor.
http://www.scintilla.org/SciTE.html
SciTE Documentation
http://www.scintilla.org/SciTEDoc.html
- Wayne -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
Using 5Ghz and 2.4 Ghz for different devices
I am an old lady, so please be gentle. I know nothing about networking but have been reading and trying hard to learn.
About a month ago my MBP started having major issues maintaining a wifi connection. I read through most of a 190+ page thread about other Yosemite users having this problem and tried the suggested solutions that I could understand. What has worked for me is to set up my old 2007 Airport Extreme to use only 5 Ghz. Now my MBP connection works great but my AirPrint printer can only use 2.4 Ghz. I extended my network with one old Airport Express and connected the printer to it with the printer cable so I can print easily from my MBP. I have configured a second old Airport Express on 2.4 Ghz so I can use the printer from iOS devices but it is SLOW and what a pain to keep changing networks.
Would a new Airport Extreme make life easier for me? Would giving 5 and 2.4 different names on the new Airport Extreme offer a better printing experience than my current setup? It's about time that I get a new router anyway, I guess. TIA for advice.For an old lady you did well cobbling that network together to the point it works at all. It sounds like a major inconvenience.
Would a new Airport Extreme make life easier for me?
Much easier. Not only that, like all Apple products it comes with 90 days of complimentary telephone support, if you need help with its configuration (which you probably won't).
Would giving 5 and 2.4 different names on the new Airport Extreme offer a better printing experience than my current setup?
No, I don't think you will find that worthwhile. Don't give the 5 GHz network a separate name, just let your devices connect to whatever network they determine is best. That way, as wireless environmental conditions change they will have the agility to choose either one without your intervention.
AirPrint will work automatically, as long as your printer really is an AirPrint printer. AirPrint is a specific network connection protocol and is not synonymous with mere wireless. If your printer is not an AirPrint printer, it will continue to work, but you might need to configure it to connect to the new AirPort Extreme's network. -
Can I use forms and reports 6I runtime for production environment?
I have a doubt.
I know if i use or install developer (forms and reports 6I) both, runtime and builder, I do require a license.
But If I buy the standard edition license for database (in production or deployment), and I wanna use the runtimes (from forms and reports) only as runtime not to modify or develop anything, is it possible? just to download it or install it in RUNTIME mode?
Is it possible and legal?
ThanksCan I download that developer and install both forms and report runtime (yes only runtime) to access a licensed standard edition database? The problem is, you can't download that version any more! All download links to Forms version earlier that 10g R2 have been removed from Oracle's web site. You might still be able to download Forms 6i from My Oracle Support, but this requires a paid license agreement with Oracle to access My Oracle Support (formerly Metalink).
So, if you already have a copy of Oracle Developer Forms and Reports 6i then all you need to do is contact your local Oracle Sales Representative to get an official answer to your licensing question. If you don't have a copy of Forms 6i, then you are pretty much out of luck unless you know someone who has a copy!
Craig... -
Using States and the includeIn-property for UI-elements inside my mxml-composide-component
Hi,
unfortunatly I am looking for a way to use States in a mxml-component. I’m working with the flash builder 4.6 (means as3).
Because this did not work when I did use the normal mxml tags for the states inside my VGroup-composite-component, I added a creationComplete-Handler in the Script part of my component in which I instanciated the states and the states-Array via as3. I copied
this of an internet- article from 2006 that was already dealing with
as3, but at that time the States were part of the mx-namespace. How ever when I wrote: newState1: State= new State(); my development environment did not know the class State. Did I forgot to import anything or to use a namespace in my Script block ? I imported the AS3 Finite State Machine from meekgeek.com.
But these states have no name-property insted they got a key-property, but this did not work either though I imported correct and did use the correct namespace. I did not find any State-class-description at Adobe's doku either. All I’m trying to do is to use the standard State-includeIn-properties of UI-Components inside
my mxml-composide-componend. I’d be much obliged if You may help me in this point.
Best regards,
Timan BrachtThanks for the answers so far.
I can show now the correct KmLimit on the field, thanks to a javabean method, so this problem is solved - even I don't know why on hell it does not show it automatically, since I did give to it literal/expression default value in the attribute properties of the transient field; but never mind.
The current problem: we use a task flow, that shows an input form to enter new records. This form has a LOV, from where I get a value from, which will be then saved once the submit button has been pressed.
So far, so good.
I enter some values in the input fields. If now I save the record, it will be saved, and all the form fields reset to null. Perfect.
But. If I don't press the save button, instead I pick another value from the LOV list, the values of the input fields does not reset to null, instead, they remain with the last entered value.
It does not seem there's more to change in the task flow properties that would reset the fields automatically.
So we're stuck with this issue, the fields remain filled, even if I do set it to null. The value is really null - I set it to null with fieldName.setValue(null) and show it in the console with fieldName.getValue() - but the form still shows the old value in the field.
Any help is greatly appreciated,
Sergio. -
Custom Azure solutions using ADFS and SPO permissions group for ACL?
This is a stretch, but say we have a custom ASP.NET website in Azure we hope/plan to secure with ADFS. Possible somehow to use SPO Permission groups to manage those permissions?
Basically what we are trying to do is move some custom functionality outside of SharePoint to Azure, but we would like SPO Permission groups to determine who can run those external solutions.I"m not sure what will happen with users creating directories. Generally if you use mkdir -p to create a new directory it will inherit the permissions of the parent folder.
I'm not sure how finder will handle this. Maybe you can use automator to look for new directories and modify the permissions on them. -
Use WRT350N and USB hard drive for backup
I intend to use a Western Digtal MY BOOK Essential Edition (500 GB USB external hard drive) with my WRT350N router for backing up my data every night. Has anyone used this combination? Can you tell me if there are any obstacles I should be aware of? The backup software I will use is Genie Backup Manager. I think I am going to need help in configuring the router to use the external hard drive.
Thanks,
poorolepaulThere were rumors floating around that the USB port in the 350N can not handle anything over 250Gb. Since the drive I used with the 350N was not that large I have no personal knowledge of whether that is true or not.
In any event, using the current firmware for the 350n (1.3.02) you can be assured that the USB will totally lock up about every day or two and the router and hard drive will have to be reset. Using the beta firmware that you can either request from Linksys or find available from someone on the Internet, that problem APPEARS to be fixed. The only problem is that a gigabit network connection will now lock up every day or two. That was my personal experience and what I have read by others.
My recommendation would be not to buy the 350N until they release firmware that fixes these problems otherwise you'll be as frustrated with the product as I am and others are. -
Captivate 6- using ppt and filming a program for a presentation
Hello
Is it possible to start the presentation with power point and then film a computer program? I want to swtich between the 2.
thanks,
ErinImport the powerpoint and Insert Recording slides, if you will use the Automatic or Manual capture process. If you want to use Video Demo, it is possible with the same option Insert, Recording slides.
Lilybiri -
I am using iMovie and it is looking for iDVD
iDVD ins't loaded on my iMAC although I have iMovie, IPhoto and Garage Band. I found updates on Apple Support however they won't load and I can't seem to find anywhere to purchase this, if I even need to. Can anyone let me know if iDVD is supposed to be on my iMAC, or where I purchase it if this is the route I need to take?
Thanks,
MikeiDVD is no longer included in iLife with a new Mac. I'm assuming your iMac is pretty new. You can still buy it form Amazon for about $38, it's included in iLife 11 (old version).
-
How can i use the AND opperator to AND to arrays
hi, i have two large arrays of booleans and i need to copy all the true values from array 1 to array2 without losing the trues that are already in array 2. From my knowledge of asm, i know that using the AND opperator is perfect for this, seeing as each boolean only takes one bit.
Searching and is kinda useless, so my search failed, could someone give me a quick code example, say x = 1 AND 2 or something. Thats all i need, thanks.
PS: x should = 3
Message was edited by:
deadthanks guys, and btw, if your trying to join two arrays like i am, its OR, not AND, lol woops, not enough coffee.
EDIT: now ive just been playing around and it appears you cant OR arrays, im guessing theres no way around this than to just increment through each one. This code needs to be as fast as possible as its in a loop, so if anyone who has a lot of experience with computers has a better way please let me know. I was originally going to make my code in assembler, and just read the array as an qword and OR it, then read it as an array again, but to be truthful im not entirely sure if its faster to to OR a qword once or a bit 64 times, lol. -
I have Itunes credit but it wont let me use it and keeps asking me for credit card information like it does if you dont have enough credit to pay for what you are buying. I tryed just clicking none but it wont let me, how do you get it to just take money from your itunes credit, not off a credit card?
I would contact iTunes:
Contact iTunes -
How to use DataSource and External transaction in 9ias?
I'm working on a project that the application server needs to connect to over 100 databases.
I'd like to use connection pooling and external transaction service defined in OC4J's Datasources.
I wonder if anyone has an example of using datasource and external transaction service for OC4J.
Right now, I export toplink project to a java source and do the initialization there manually but I don't know how to use Datasource to get connections and how to use the external transaction service in the java code for OC4J.
I really appreciate you help.
WeiHere is a fill in the blank example on how you could set this up through code:
Project project = new MyProject();
// alternatively, use the XMLProjectReader
server = project.createServerSession();
server.getLogin().useExternalConnectionPooling();
server.getLogin().setConnector(new JNDIConnector(new javax.naming.InitialContext(), "jdbc/DataSourceName"));
// the next line depends on the type of driver you want to use.
server.getLogin().useOracleThinJDBCDriver();
server.getLogin().useOracle();
server.getLogin().setUserName("username");
server.getLogin().setPassword("password");
server.getLogin().useExternalTransactionController();
server.setExternalTransactionController(new Oracle9iJTSExternalTransactionController());
server.logMessages();
server.login();
Maybe you are looking for
-
Not getting data in cube from lookup DSO
Hi guys, I have a transformation with source DSO and the target Cube. In which I have a look-up from another DSO to the cube in this transformation, end routine. But I am not getting the records I needed in the cube, which are supposed to flow from a
-
Create Functional Area via Job Architecture in Non-English language
Dear Experts, We're running following environment. - Windows Server 2003 Std SP2 64bit (32bit conversion completed) - SAP ERP 6.0 EhP 4 Unicode system as back-end system for STVN - STVN 2.1 SP1 with Japanese Language pack - Language = Japanese and En
-
How to activate a pop up window
for transaction me57 when we enter purchase requisition no, it will display a details , then select the particular item and go for detail list then a pop-up-window will bw displayed, we created a z transaction for me57 added two push buttons for the
-
Decode Case statement to insert total text
Where the AGE BRACKET fields are empty or Null I need to insert "Total" text? Can anybody help? Table SOURCE CODE AGE BRACKET COUNT CLUBBEN 0-40 Years 3 CLUBBEN 41-49 Years 6 CLUBBEN 50-59 Years 38 CLUBB
-
File Adapter not able to read quotes after pipe
I have flat file delimited by pipe |, and optionally enclosed by " quot, below is the xsd definition "<xsd:element name="vtext" type="xsd:string" nxsd:style="terminated" nxsd:terminatedBy="|" nxsd:quotedBy="""/>" <Field Before>|"TRANS" IN TRANS FAT S