Welcome to my Site
Welcome to my Site! This site is in Archive-Mode, so don't expect anything new here. All interactive elements like comments are disabled.
Blog Posts
Migrating a xencon vserver from gentoo to archlinux
Recently I switched all my machines from running gentoo to archlinux. Last gentoo-based machine for some time has been my http://www.xencon.net hosted vserver which runs this website and my mailserver. Unfortunalety xencon doesn't provide preconfigured archlinux images like they do for gentoo, ubuntu, debian and others. But since they have an excellent service and therefore I wanted to stay with them as my hosting provider, I decided to take the hard route and install archlinux via the provided rescue system. In the following article I will outline how I did this.
Automatic Backup to FTP with fsniper and lftp
In this article I will show you an easy and comfortable way to synchronize a specific directory to a ftp-server automatically whenever the contents of the directory change.
Collecting Mails from Different Accounts
Maybe like me you have various mail-accounts with different providers. wouldn't it be convenient to have all of them collected in one place and accessible through one account from all your devices (Home, Work, Laptop, Mobile phone…)? Here's how I achived this using a combination of fetchmail/procmail for fetching and sorting mail and dovecot to make them accessible via imaps (Note: I don't run my own smtp-server but use the providers servers for this):
Gentoo on its way to the Nokia N8x0!
Good news for all gentoo-fans with Nokia Internet Tablets: slonopotamus is in the process of porting the full gentoo to the tablets! At the Moment he provides a working chroot and the instructions to build your own stage by crosscompiling the stuff on a “real” gentoo. Also he is working on a fully bootable gentoo for the tablet. I'm really eager to try this and looking forward to what may become possible with this in the future. I'll follow the developement and will be reporting back here about my success and news of the project. Now for anyone who wants to try it out here is the link to slonopotamus site:
The Fully Encrypted Laptop
Since a laptop is often used mobile and so there is the possibility that it may get into wrong hands, I want to at least protect my private data like email, office documents etc. from unauthorized access. So I decided it would be best to encrypt the whole harddrive. This page describes how i set my Laptop up fully encrypted.
Disclaimer
This HowTo was written for people who have some understanding of Gentoo, Windows and computers in general. It's not meant to be a step by step guide for the totally inexperienced!
Gerneral
My goals for the setup:
- Dual Boot gentoo and Windows XP
- Both systems should be encrypted
- an encrypted data partition shared between the two systems
- one password on bootup should open system + data for access
Tools
I used the following tools for achieving this:
- TrueCrypt for Windows and the data-partition
- dm-crypt/cryptsetup + LVM2 for gentoo
Partition Setup
My Partitions are set up like this:
- Boot partition, 100MB, ext2
- Windows XP, 25GB, NTFS
- Gentoo encrypted lvm2, 25GB, not formated (will be done later)
- Data Partition, rest of the HDD, not formated (will be done later)
All partitions are primary partitions. Set this up with your favourite partitioning tool.
Installing & Encrypting Windows XP
Since Windows does overwrite the MBR we will install it first. I wont go into any detail, you should be able to figure out how to do this. After successfully installing Windows its now time for the encryption. For this purpose we use TrueCrypt. At first get it from their download page. Get the installer for Vista/XP/2000 (version 6.0a at the time of this writing) and install it on your system. The encryption procedure is described in the Truecrypt documentation. In the wizard select to only encrypt your windows partition. Also select that Windows is in your MBR. For the rest follow the instructions of the Wizard or take a look at Truecrypts documentation. During the process you will have to burn a rescue-cd, so its a good idea to have blank CD-R(W) aviable. After the process has completed during bootup there should be the TrueCrypt bootloader asking for the password. Thats it for Windows, so lets get Gentoo running.
Installing & Encrypting Gentoo
At first we need a LiveCD that has support for dm-crypt and LVM2. One that has the necessary support is GRML. Now its time to prepare gentoos partition. At first we will do the encryption: I assume your harddrive is found by the livecd as /dev/sda and partitions are setup like described above, if that is not the case adjust the following instructions according to your situation:
NOTE: all following commands have to be run as root!
Encrypting the Partition
encrypting the partition:
cryptsetup luksFormat /dev/sda3
This will ask you to type YES (all uppercase) and then lets you enter the password you want to use.
After encrypting the disc we have to unlock it for use:
cryptsetup luksOpen /dev/sda3 decrypted
this should ask for the password and give “key slot 0 unlocked” if successfull. The partition is now usable with the virtual device /dev/mapper/decrypted
Initializing LVM
Now we will initialize the LVM on top of the encrypted disk. First lets create the pysical volume and the Volume Group:
pvcreate /dev/mapper/decrypted vgcreate gentoo /dev/mapper/decrypted
After this we have a working LVM Volume Group with the name “gentoo”.
Now lets create some Logical Volumes (these are like partitions, but on top of LVM):
lvcreate -n system -L 15G gentoo lvcreate -n swap -L 2G gentoo lvcreate -n home -L 8G gentoo
This will create one LV with 15GB for the system, one with 2GB for swapspace and one with 8GB for /home. Feel free to adjust this to your liking, but keep in mind that you will also have to adjust some of the following steps.
Formating the LVs
Now its time to create some Filesystems:
mkfs.ext2 -L "boot" /dev/sda1 mkfs.ext3 -O dir_index -L "system" /dev/gentoo/system mkfs.ext3 -O dir_index -L "home" /dev/gentoo/home mkswap -L swap /dev/gentoo/swap
As always you can use other filesystems if you like..
Mounting the LVs
Now lets mount the LVs for installing gentoo:
mkdir -p /mnt/gentoo mount /dev/gentoo/system /mnt/gentoo mkdir -p /mnt/gentoo/{home,boot} mount /dev/sda1 /mnt/gentoo/boot mount /dev/gentoo/home /mnt/gentoo/home
Install Gentoo
After this you can follow the official gentoo handbook starting from chapter 5. In the following I will show where the procedure differs from the official handbook.
Kernel Configuration
In addition to the things written in the handbook and the correct drivers for your hardware make sure you select the following things in the Kernel-Configuration (build them into the kernel, not as modules):
Device Drivers --> [*] Multiple devices driver support (RAID and LVM) --> <*> Device Mapper Support <*> Crypt Target Support
Cryptographic options ---> --- Cryptographic API <*> SHA256 digest algorithm <*> LRW support <*> XTS support <*> Blowfish cipher algorithm <*> Twofish cipher algorithm <*> Serpent cipher algorithm <*> AES cipher algorithms
fstab configuration
In the fstab we will have to use our LVs for system, swap and home, it should look similar to this (if you used my LV Setup):
# /etc/fstab: static file system information. # <fs> <mountpoint> <type> <opts> <dump/pass> /dev/sda1 /boot ext2 noauto,noatime 1 2 /dev/gentoo/system / ext3 noatime 0 0 /dev/gentoo/home /home ext3 noatime 0 0 /dev/gentoo/swap none swap sw 0 0 /dev/cdrom /mnt/cdrom auto noauto,users 0 0 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
Installing Necessary System Tools
Since we will use genkernel to create our initrd, we will have to emerge it (This is independent from how you created your Kernel, I always do Kernel-Configuration manually):
emerge genkernel
Of course we will also need cryptsetup and lvm2 tools, so we will merge these too, along with truecrypt and ntfs-3g for the data-partition that we will add later:
emerge cryptsetup lvm2 truecrypt ntfs3g
Configuring the Bootloader
We will use grub as our bootloader, so lets see how to set it up:
At first we will have to save the truecrypt-MBR into a file so we can reuse it from Grub:
dd if=/dev/sda of=/boot/truecrypt.mbr count=1 bs=512
Now we will create the initrd necessary for gentoo:
genkernel --kernel-config=/usr/src/linux/.config --luks --lvm ramdisk
Next merge Grub and edit /boot/grub/menu.lst to look similar to this:
default 0 timeout 5 title Gentoo Linux root (hd0,0) kernel (hd0,0)/linux-2.6.25-tuxonice-r4 root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/sda3 real_root=/dev/gentoo/system dolvm quiet initrd (hd0,0)/initramfs-genkernel-x86_64-2.6.25-tuxonice-r4 title Windows XP rootnoverify (hd0,1) makeactive chainloader (hd0,0)/truecrypt.mbr boot
NOTE: The names for kernel and initrd may be different depending on your kernel-version and system architecture. Of course you can add things like grub-splash or framebuffer setup, but I will keep it as simple as possible for the HowTo
Finally lets install grub into the MBR:
grub grub> root (hd0,0) grub> setup (hd0) grub> quit
After you have done this you may add a normal user like described in the gentoo handbook. Then its time to reboot the system:
exit umount /mnt/gentoo/dev umount /mnt/gentoo/proc umount /mnt/gentoo/home umount /mnt/gentoo/boot umount /mnt/gentoo/ vgchange -an cryptsetup luksClose decrypted reboot
Now you should have a grub menu at boot where you can choose between Gentoo and Windows XP. After selecting one it should ask for the systems password and then boot the system. As the last step lets see how to get a encrypted data-partition shared between the two systems
Setup an Encrypted Data Partition
For the data partition we will use truecrypt again. I did set it up under Windows, using a key-file without password (because we want the data-partition to be auto-mounted) to encrypt the 4th partition of the harddrive (remember the partition layout from earlier). Since the system-partition is encrypted for Windows and Linux it should be no problem to have a key-file without password. If you want extra security you can of course use passwords, but then auto-mount will not work. For the filesystem I use NTFS, since it is writeable form Windows and Linux (using ntfs-3g) and doesnt have the limitations FAT32 has (4GB filesize limit and so on).
For automount in Windows set the keyfile in the default keyfiles and enable auto-mounting of device-hostet volumes and of course to start truecrypt with windows.
For gentoo you need to transfer the keyfile, maybe using a USB-Stick or similar (but remember to delete the key in a secure way (like overwriting it several times with random data). If you haven't done so before we need to emerge truecrypt, and make sure to use the same version as on Windows. Then we will need to start the truecrypt-mounting at boot. A good way to do this is to add the following line to /etc/conf.d/local:
truecrypt -t -p "" --protect-hidden="no" -k /usr/share/data.key /dev/sda4 /mnt/data/
This assumes you have a mountpoint /mnt/data and used my partition layout. Also the keyfile needs to be in /usr/share/data.key
With this you should now have a data partition usable from windows and linux.
References
This are the pages I used to get this setup up and running:
Automatic Network Profiles with Gentoo
Introduction
If you own a laptop and use it in different locations you may know this problem: Each location has its own settings for network access, gateways and dns-servers. After some research about gentoos networking-scripts and their advanced configuration options I found the solution documented here. It offers fully automatic configuration for wired and wireless interfaces with combined static and dynamic IP-Addresses. So lets see how to set this up!
Install necessary programs
The first step is to install the necessary programs. Here is a list:
- wpa_supplicant
- dhcpcd
- ifplugd
- arping
- iputils
Since they are all in gentoos portage, you can just emerge them..
Configuring WLAN
Configuring wpa_supplicant
I wont go into much detail here since there are many howtos about configuring wpa_supplicant. Lets asume we have two Wireless Networks we want to connect to: WLAN1 and WLAN2 both using WPA-encryption. The according wpa_supplicant.conf may look like this:
network={ ssid="WLAN1" psk="somesupersecretpassword1" priority=20 } network={ ssid="WLAN2" psk="anothersecretpassword" priority=19 } network={ key_mgmt=NONE priority=-9999999 }
Note: The last network block will connect to any open network aviable. The priority tells which network to prefer if more than one are aviable at the same time. Higher number means higher priority.
Configuring gentoos networking-scripts
Now that we have set up wpa_supplicant lets procceed with gentoos /etc/conf.d/net. For our example we asume WLAN1 uses a static configuration and WLAN2 uses dhcp. Here is the according /etc/conf.d/net:
modules_wlan0=( "wpa_supplicant" ) # tell wlan0 to use wpa_supplicant wpa_supplicant_wlan0="-Dwext" # additional options for wpa_supplicant associate_timeout_wlan0="15" # how long to wait for association config_WLAN1=( "192.168.178.5/24" ) # if we are connected to WLAN1, use this IP routes_WLAN1=( "default gw 192.168.178.1" ) # default gateway for WLAN1 dns_servers_WLAN1=( "192.168.178.1" ) # dns-server for WLAN1
Notes: with the config_SSID, routes_SSID and dns_servers_SSID tokens you can set the static configuration for specific SSIDs. For all networks without a matching config, routes and dns_servers dhcp is used. You can get more info about this in /etc/conf.d/net.example Thats it for WLAN-config, now on to the wired interface.
Configuring LAN
For the wired interface we use three programs: ifplugd detects if a cable is plugged in and starts/stops the interface accordingly. arping handles the static configuration and dhcpcd is used for dynamic configuration. So lets see how to set this up in /etc/conf.d/net :
config_eth0=( "arping" ) # use arping by default fallback_eth0=( "dhcp" ) # if no arping config matches use dhcp # this line sets up all known gateway+MAC compinations which have static # configuration, seperated by space # the format is "IP1,MAC1 IP2,MAC2 IP3,MAC3"... gateways_eth0=( "192.168.0.1,00:AA:BB:CC:DD:EE" ) # setup the static config for the first network # format for the identifier: # assume IP AAA.BBB.CCC.DDD and MAC 00:11:22:33:44:55 leads to identifier # AAABBBCCCDDD_001122334455, note that every part of the IP-Address must have # three digits! The identifier has to use a defined IP+MAC pair from # gateways_eth0 config_192168000001_00AABBCCDDEE=( "192.168.0.10/24" ) routes_192168000001_00AABBCCDDEE=( "default gw 192.168.0.1" ) dns_servers_192168000001_00AABBCCDDEE=( "192.168.0.1" )
Notes: The IP and MAC for gateways_eth0 and the identifier should be a device on the network that is allways aviable. In most networks this is the gateway or router. The MAC-Address of the gateway can be found by using
arping <ip of gateway>
For more info on the arping config see again /etc/conf.d/net.example
Finalizing the Config
The last thing to do for a fully working config is to set up which interface to prefer if LAN and WLAN are up and connected at the same time. Normally this will be the LAN because it is faster than WLAN. To achive this we need two little lines in /etc/conf.d/net :
metric_eth0=10 metric_wlan0=20
Notes: Lower metric means higher priority, in this case all traffic will use eth0 (the wired interface) if both are aviable.
The complete /etc/conf.d/net
Here is the whole /etc/conf.d/net for your reference:
## LAN config_eth0=( "arping" ) # use arping by default fallback_eth0=( "dhcp" ) # if no arping config matches use dhcp # this line sets up all known gateway+MAC compinations which have static # configuration, seperated by space # the format is "IP1,MAC1 IP2,MAC2 IP3,MAC3"... gateways_eth0=( "192.168.0.1,00:AA:BB:CC:DD:EE" ) # setup the static config for the first network # format for the identifier: # assume IP AAA.BBB.CCC.DDD and MAC 00:11:22:33:44:55 leads to identifier # AAABBBCCCDDD_001122334455, note that every part of the IP-Address must have # three digits! The identifier has to use a defined IP+MAC pair from # gateways_eth0 config_192168000001_00AABBCCDDEE=( "192.168.0.10/24" ) routes_192168000001_00AABBCCDDEE=( "default gw 192.168.0.1" ) dns_servers_192168000001_00AABBCCDDEE=( "192.168.0.1" ) ## WLAN modules_wlan0=( "wpa_supplicant" ) # tell wlan0 to use wpa_supplicant wpa_supplicant_wlan0="-Dwext" # additional options for wpa_supplicant associate_timeout_wlan0="15" # how long to wait for association config_WLAN1=( "192.168.178.5/24" ) # if we are connected to WLAN1, use this IP routes_WLAN1=( "default gw 192.168.178.1" ) # default gateway for WLAN1 dns_servers_WLAN1=( "192.168.178.1" ) # dns-server for WLAN1 ## Prefer LAN over WLAN metric_eth0=10 metric_wlan0=20
I hope this makes sense to you and helps to make your life in multiple networks easier