XE11: Calculating shmall and shmmax for 64b linux
Hello,
installing XE11 on a 64b linux gives me a message like 'unexpected nummer' or '
'expect a integer value'
shmall and shmmax is set to
kernel.shmall = 1152921504606846720
kernel.shmmax = 18446744073709551615
from the os.
shmmax seems to big for calculating:
This is what the installation does:
shmmax=`cat /proc/sys/kernel/shmmax`
changeshmmax=no
if [ $shmmax -lt 4294967295 ]
then
shmmax=4294967295
changeshmmax=yes
fi
if [ "$changeshmmax" != "no" ]
then
/sbin/sysctl -w kernel.shmmax="4294967295" >> /etc/sysctl.conf
fi
How can i calcutlate and set correct values for shmall and shmmax for XE11?
OS is openSUSE 13.1 64bit, machine has 4GB memory, but it seems to be the same in all 64bit
distributions.
Best regards.
Hello again,
this is allocated on most distributions with kernel 3.x in
/boot/sysctl.conf-<kernel-version>:
# Generated file - do not edit.
# Disable the hung task timer by default. (bnc#552820)
kernel.hung_task_timeout_secs = 0
# Increase defaults for IPC (bnc#146656)
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.sem = 250 256000 32 1024
# Increase defaults for IPC (bnc#146656) (64-bit, 4k pages)
kernel.shmmax = 0xffffffffffffffff
# SHMALL = SHMMAX/PAGE_SIZE*(SHMMNI/16)
kernel.shmall = 0x0fffffffffffff00
But i cannot access the bugzilla entry bnc#146656
Best regards
Similar Messages
-
.dotjs and .dotcss for Arch Linux Users
Hi all,
I've created a new Google Chrome extension to enable the functionalities of .dotjs and .dotcss extensions for Arch Linux users.
Check it here; https://github.com/azer/.w3
Contributions and ideas are welcome,
AzerThanks for doing this, never heard of dotjs before, but I love the idea and definitely have some use cases for this.
Of course as an arch user, Im just kindly asking if you plan to create an AUR - package for this? -
Oracle9i for Linux/390 and Oracle9i for z/Linux
Hi,
For those who asked about testing on SLES7 and getting a trial copy of SLES7 (since it now costs money), apparently SuSE will furnish trial copies of their distribution. They can be obtained through the SuSE sales rep.
BarryI too have managed to get oracle installed on RedHat 2.4.9-17 kernel (Linux/390). However, I am kinda stuck there - I am completely new to Oracle. Is there some basic literature available on things like how to see the database schema (I ran the "@mkdb" cmd in the installation process, and I guess that created some sample database)? or how to look at the table data? I tried the following:
$ sqlplus /nolog
SQL*Plus: Release ...
(c) Copyright ...
SQL> connect scott/tiger@p901_tcp
Connected
SQL> select * from dba_users
2 .
SQL> help
SP2-0171: HELP not accessible
SQL> quit
Disconnected from Oracle9i Enterprise Edition ...
$
Any pointers? thanx,
-Ashutosh -
Problems and solutions for 9i DB R2 install on Redhat Linux AS 2.1
Installing 9iDB R2 9.2.0.1.0 on Redhat Linux Advanced Server 2.1 (aka Redhat Enterprise Linux (AS))
and applying patchset 2 (9.2.0.3.0)
This is a certified platform but I hit many problems getting the install to work. Here are the problems I hit and how I solved them.
Note: This is not intended to be a install for dummies but just an account of all my problems and how I overcame them. I spent 10 hours on this certified install (mostly looking for solutions to the problems I was having)
I had a Intel Pentium 3 with 512 Meg RAM. (test machine)
1. Install Redhat Linux
2. Install Sun JDK 1.3.1 (this is not actually required for this install. I installed it as I was planning to install 9iAS after this)
3. Install binutils-2.11.90.0.8-13 (also not required. I installed it for 9iAS)
All other components were ok on my Redhat Linux install (i.e. kernel version, glibc)
4. Create oracle user with dba group
5. Create oracle home and oracle base directories. Ensure these are owned by oracle with rwx
6. Set kernel parameters and make sure that they are initialized every startup:
I managed to locate this script in the Redhat document called
"Deploying Oracle9iTM on Red Hat Enterprise Linux AS"
create a file called oracle.sh in /etc and give it execute permissions
oracle.sh
#!/bin/bash
# configures kernel and system parameters for Oracle9i R2
# File handles
echo 65536 > /proc/sys/fs/file-max
ulimit -n 65536
# Shared memory
# The default SHMMAX value is too low and likely to cause a failure during
# database creation. SHMMAX should be equal to half of your system's physical
# RAM.
# The default is for 512 MB of RAM. Replace the default value as appropriate
# for the amount of memory in your system, i.e.,
# 512 MB : 268435456
# 1 GB : 536870912
# 2 GB : 1073741824
# 4 GB : 2147483648
echo 268435456 > /proc/sys/kernel/shmmax
# It is generally safe to leave these next two values as they are
echo 4096 > /proc/sys/kernel/shmmni
echo 2097152 > /proc/sys/kernel/shmall
# Semaphores
echo 250 32000 100 128 > /proc/sys/kernel/sem
# Sockets
echo 1024 65000 > /proc/sys/net/ipv4/ip_local_port_range
# Processes
ulimit -u 16384
----EOF---------
then...
# chmod +x /etc/oracle.sh # make executable
# . /etc/oracle.sh # apply changes now
edit /etc/rc.local to ensure this is run on startup
append to /etc/rc.local
# configure system for Oracle9i R2
bash /etc/oracle.sh
--------EOF--------------------
7. create a generic oracle environment setup script for all users to run
create the file /etc/profile.d/oracleenv.sh
be sure to change the variables to your environment (ORACLE_BASE, ORACLE_HOME and ORACLE_SID)
oracleenv.sh
# Configures the user's environment for Oracle9i R2
ORACLE_BASE=/opt/oracle
ORACLE_HOME=$ORACLE_BASE/product/9.2.0.1.0
ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
ORACLE_SID=orcl
LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
PATH=$ORACLE_HOME/bin:$PATH
export ORACLE_BASE ORACLE_HOME ORA_NLS33 ORACLE_SID LD_LIBRARY_PATH PATH
----EOF---------
chmod 755 /etc/profile.d/oraclenv.sh
This file will run when a user logs in.
8. Install oracle DB
This took me quite a few attempts.
The first Install I did I received the error jre was not found. This issue seemed to be relating to the fact I was not installing on a Pentium 4. Oracle was looking for the jre in oracle.swd.jre/bin/i686 (and .../lib/i686) when some of the files were placed in i386 and java was looking in i386. This created a real mess. I had encountered a similar problem on a previous install on a different platform. I found articles of people that tried to just link the directories with symbolic links but this never worked. I tried my own version but also failed.
The solution that worked for me was to de-install, remove all the oracle directories created by the install (this part I had always done) AND also delete the file /etc/oraInstl.loc. This makes the Installer truly believe this is the first time Oracle has been installed on this box. My jre problem disappeared after that. (I don't know why it just didn't work in the first place...)
The next error I received was an ORA-03113 when creating the database (in the dbca). (It was actually at this point that I found the document from redhat as mentioned in my set 6 above) I also noticed that when running the install of the database, the default was for Oracle's SGA to use 70% of the available memory on my machine (I have 512M so that's 360M). Oracle instructed me to set shmmax to around 240M. This may be why the database creation failed as I thought the shmmax parameter needed to be larger that SGA. Anyway, I reduce the SGA to 50% and it worked.
This error may also have been caused by the kernel parameters not being set properly after a reboot so if you implementing stop 6 above. You may never get this problem, hopefully.
8. Install the universal Installer 2.2.0.18.0 (a prerequisite for installing the patchset 2)
You will need this to install the patchset 2. You can get it from metalink by searching for the bug number in the patch area. Search for bug/patch number 2878462 in patches. (37Meg for linux intel)
(Did you know that when oracle refer to a bug number, you should treat this as a patch number? General the bugs are not available for public viewing but oracle create a patch of the same number as a placeholder. So don't search for the bug in the site search or by doc id, go straight to the "patches" area and enter the bug number as a patch number, you'll have more success. - I only found that out today after struggling with metalink for the last 4 years)
9. Install the patchset 2
I downloaded patchset 2 (which will bring my DB version to 9.2.0.3.0) (220Meg). There is a special symbolic link command you'll need so make sure you remember to do this.
i.e.
$ cd $ORACLE_BASE/oui/bin/link
$ ln -s libclntsh.so.9.0 libclntsh.so
10. Migrate your database
I could not get this to work. The docs says I need at least 150M shared_pool_size and 150M Java_pool_size before running the startup migrate. As I only have 512Meg RAM (and shmmax set to 230M) I did hold much hope that this would work. I started my DB without the migrate option just to see if it would actually open with 300M in my pools. It did, so I shut it down and restarted with the migrate option. After 5 minutes of heavy processing (I still have an empty database) my server appeared to hang. I decided to restart the machine and just re-create my DB with the new patchset already applied. I delete my $ORACLE_BASE/oradata/<sid> directory and remove the entry from /etc/oratab and re-created my DB. This worked fine :)
I hope this document helps you for your install. Please drop me line if it does help and I'll endevour to write more documents like this one.
Please drop me a quick line at [email protected] even just to say "thanks".
I will include a few keywords here to help the searches find this document. (mainly the keywords I searched on and failed to find a doc like this one)
ORA-03113 ORA-3113 03113 3113 jre was not found jre not found i686 i386 i586 9iDB R2 9.2.0.1.0 9.2.0.3.0 Redhat Advanced Server 2.1 AS Enterprise Linux (AS) RH install error installation errors oui dbca problem issue
Good luck,
Tim Daniell.The trick that worked for me was on a 2nd attempt. I installed once, let it fail with "jre was not found", de-install through the installer, delete all directories and files under $ORACLE_BASE (including $ORACLE_HOME), and also delete /etc/oraInst.loc.
I don't know why it fixes itself with this. Oracle say this is an unresolved bug 2726268 that lies in the installer. This is still unresolved by Oracle (as at 02-June-03) therefore it is not a published bug/patch. If this doesn't work, I suggest you open an iTAR and see if Oracle has any more suggestions for you.
Cheers,
Tim. -
Function module for calculating planned and actual cost of production order
Hi ,
Do we have any standard function module for calculating planned and actual cost for production order?
i need to implement this in a Z-report.
Thanks
SriniHi,
try below function module
CRMCO_GET_PLAN_ACTUAL_COSTS
CO_IH_GET_PLANNED_COSTS_TOTAL
Regards,
Sankaran -
Calculation of depreciation and interest for a particular asset class
Hi,
I have a problem with the calculation of depreciation and interest for a particular asset class. The assets are financial leases. The depreciation key defined is LEAS. The following are the attributes of this key:
Dep/int phase base met dec-bal prd cont mult lvl chn ov
Ord.depreciation 1 0011 001 006 001 5
Ord.depreciation 2 0002 001 003 003
Interest 1 0028 001 003 010
An example of an asset is:
Aquisition value: 1041552.71 (as migrated on 01.04.2007)
Ordinary dep already posted: 56243.88
Net book value: 985308.83
Scrap Value:729086.90
Useful life: 50 years
Expired useful life: 9 years 1 month
Remaining useful life: 40 years 11 months.
Depreciation start date: 28.03.1998
Interest calculation start date:30.03.1997
Depreciation calculated by the system:6261.83
Interest calculated in the year:15682.68
I'm not able to undersatnd on what basis the system calculated the interest. I will be thankful if anyone can help me resolve this. An early reply will be greatly appreciated as I'm facing major problems due to this issue.Hi Mahesh,
As per my analysis of the case the interest rates are as under
Acq. Year Int.Percent
9999 4 01 10.%
9999 7 01 5.%
9999 25 01 2.5%
9999 999 12 01 2.5%
As per this the Acquisition value less the Scrap Value Rs.312,465.00 @ 2.5% p.a will be Rs. 7811.64.
Based on the above you analyse for which period interest is calculated.
Hope it will help.
Regards,
Vijay -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
Differences between Oracle 8i for a UNIX Platform and Oracle 8i for a Linux Platform
Hello,
J would like to know if there are some differences between Oracle 8i for a UNIX Platform and Oracle 8i for a Linux Platform.
I know that there are some differences on Oracle 8i Parallel Server and i know that some products are not include like precompiler (Mod*Ada, Pro*FORTRAN) on a Linux Platform.
Thank you.We have installed Oracle 8i on Solaris 8 and it had a great performance, of course that the hardware and licence invested here was costed my the office where i work. Personaly i'd installed linux reh hat 8 and oracle 8i, imagine that, it could be implemented by any individual that has the time to do so.
By buyinng from a company that has a good background you could be sure that you will have support.
Bottom line, if you have the $ to buy great hardware go for a unix platform. But if you don't a Red Hat Linux Server Licence with a 1 year sopport and Oracle data base is about 3500Dls.
Visit www.red-hat.com
Rewards... Bye -
Where to download and how to install X Window System for Oracle Linux 5 ?
Folks,
Hello. I am using Oracle Linux 5 and Oracle Database 11g for PIA.
Before install Oracle DB 11g into Oracle Linux 5, we need to install X Window System according to the document page 2 http://download.oracle.com/docs/cd/B28359_01/install.111/b32285.pdf
But I don't know where to download and how to install X Window System for Oracle Linux 5.
Can any folk provide a link to download X Window System and tutorial to install it for Oracle Linux 5 ?You can address the problem in a number of different ways.
You can install X-windows from the installation DVD or setup access to the Oracle public software repository as described in http://public-yum.oracle.com. In which case, the command to install X-windows is: yum groupinstall "X Window System"
Or, you login remotely and and use SSH with X-forwarding, in which case the software on the server will use the X-Windows server on your client system. This is probably the preferred way since you do not have X-windows installed on the server. For more details about SSH forwarding and howto, please see Install Oracle 11gR2 on Ubuntu Linux 11.04 (64-bit) Howto part 2 Oracle Universal Installer. -
Oracle10G and oracle11gr1 for windows and Linux
Hi
Can you help me in getting these Softwares
Oracle10G and oracle11gr1 for windows and Linux ,I am unable to get them .
Thanks in advance
Sanjeev SenOracle10G NOT SUPPORTED ANYMORE,NO SOFTWARE AVAILABLE TO DOWNLOAD TOO
oracle11gr1 for windows and Linux > http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html -
CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Linux
Hi,
Can you suggest from where we need to download bash rpm for OEL 6 :-
bash-4.1.2-15.el6_5.2.x86_64.rpm
bash-doc-4.1.2-15.el6_5.2.x86_64.rpm
Thanks in Advance !!
MukeshFirst see the document I linked about creating a local yum mirror (How to Create a Local Yum Repository for Oracle Linux). I very strongly recommend setting this up so your systems can get other updates besides bash.
The individual RPMs can be found at Index of /repo/OracleLinux/OL6/latest/x86_64/ -- but I cannot stress the importance of updating entire systems rather than just bash. If you are not updating your systems periodically, bash is just one of your worries (as you're undoubtedly vulnerable to hundreds of other exploits in other packages besides Shellshock). Please set up an update repository and use it.
Patching only the vulnerabilities you see in the news is equivalent to locking your home's front door, but leaving the security alarm disconnected and the back door held open with a doorstop. You need all the updates, not just bash. -
Guide for Tuning and Optimizing Red Hat Linux AS for Oracle9i Database
I put together a step-by-step guide for tuning and optimizing Red Hat Linux Advanced Server for Oracle9i. It's my first draft version and I would appreciate any comments and feedback.
The article
"Tuning and Optimizing Red Hat Linux Advanced Server for Oracle9i Database"
can be found at:
http://www.puschitz.com/TuningLinuxForOracle.shtml
The article
"Oracle 9i Installation on Red Hat Linux 7.1, 7.2, 7.3, 8.0, and on Red Hat Advanced Server 2.1"
can now be found at http://www.puschitz.com/InstallingOracle9i.shtml
And both links for
"Oracle on Red Hat Linux"
can be found at
http://www.puschitz.com/OracleOnLinux.shtml
WernerIs this good for Redhat Linux 9.0 and not just the advanced server.
If it is not could you please provide me the links to articles like,
"Guide for Tuning and Optimizing Red Hat Linux for Oracle9i Database"
"Guide for Tuning and Optimizing Red Hat Linux for Oracle9i App Server"
"Guide for Tuning and Optimizing Red Hat Linux for Oracle9i Infrastucture"
Thanks. -
Hi All,
I am currently set up the (tomcat) jsp engine on top of apache web server.
And now i would like to install both sqlj and a jdbc driver such
that I can query our oracle database. In all of the options for downloads
there is a windoze option and a solaris option. Do I have to wait for specific
"linux" version to get them to work. Or is the solaris option alright
for linux ??
slightly confused,
ChrisUnfortunately, this description is still rather unspecific.
It sounds, as if there might be an issue with the way database connections are established for the SQLJ and JDBC parts of your program. Could you provide more information on that, specifically on how you obtain JDBC connections and SQLJ connection contexts. -
Help systems for Win, Linux, and Solaris
Is there a flavor of RoboHelp that can generate
cross-platform help? I would like to create a single Help system
for Windows, Linux Redhat 4 ES, and Solaris 10.See http://forums.adobe.com/thread/1417974
See www.grainge.org for RoboHelp and Authoring tips
@petergrainge -
Do I need special version of forms 2000 and forms 6i for Xandros Linux?
Hi,
Please tell me if someone knows that, do i need any special version of forms 2000 and forms 6i
for 'xandros Linux' or the same can be install which we usually use for windows xp or 2000.
Regards and thanks in advance.Have in mind that Xandros is not certified. However, the biggest problem if the distribution is a newer on is about OpenMotif libraries as Developer 6i installation requires version 2.1.30 to install successfully.
If it may be of any use, there's a guide on installing on [SLES 8|http://knol.google.com/k/cuauhtmoc-amox/install-oracle-developer-6i-on-suse/153594c4goidl/3].
Maybe you are looking for
-
OPP (Output Post Processor) logfile
Hi All, One of the xml template is failed and when I check the Log from OAM the below message is showing: "The Applications File Server could not open the file /output/fsprod/log/FNDOPP57048.txt for read." Please help Thanks,
-
802.1x Critical Authentication feature 12.2(25)SEE
The critical authentication feature does not seem to work. Port does not move to authorized state if RADIUS (ACS) server is not available. In fact, it even seems to break the Authentication Fail VLAN functionality. If RADIUS server is not available a
-
ERROR = CONNECT failed with sql error '1017'
Hi, we are getting the following error when we run r3trans -dx.It is an windows system. Here i have attached the trans.log. 4 ETW000 r3trans version 6.14 (release 700 - 16.10.08 - 16:26:00). 4 ETW000 =============================================== 4
-
Opened OS 10 Tiger 10.4.3 Family Pack 4 sale supposedly never used
A person has an opened Tiger 10.4.3 for sale. Says he did not use because he got a new computer with the software already on it and decided he didn't need the pack. When you install it on your computers you supposedly have five licenses to do this. D
-
Imported one movie without trouble...but can't import anything since
I have iMovie6 on my G4 Powerbook (Ti). I used iMovie for the first time the other day and imported an hour long vacation video...all 11 gigs. It worked flawlessly...but I decided I had bitten off a little more than I cared to chew...and edit(and hog