Recently I switched all my machines from running gentoo to archlinux. Last gentoo-based machine for some time has been my http://www.xencon.net hosted vserver which runs this website and my mailserver. Unfortunalety xencon doesn't provide preconfigured archlinux images like they do for gentoo, ubuntu, debian and others. But since they have an excellent service and therefore I wanted to stay with them as my hosting provider, I decided to take the hard route and install archlinux via the provided rescue system. In the following article I will outline how I did this.

Read more…

In this article I will show you an easy and comfortable way to synchronize a specific directory to a ftp-server automatically whenever the contents of the directory change.

Read more…

Maybe like me you have various mail-accounts with different providers. wouldn't it be convenient to have all of them collected in one place and accessible through one account from all your devices (Home, Work, Laptop, Mobile phone…)? Here's how I achived this using a combination of fetchmail/procmail for fetching and sorting mail and dovecot to make them accessible via imaps (Note: I don't run my own smtp-server but use the providers servers for this):

Read more…

Good news for all gentoo-fans with Nokia Internet Tablets: slonopotamus is in the process of porting the full gentoo to the tablets! At the Moment he provides a working chroot and the instructions to build your own stage by crosscompiling the stuff on a “real” gentoo. Also he is working on a fully bootable gentoo for the tablet. I'm really eager to try this and looking forward to what may become possible with this in the future. I'll follow the developement and will be reporting back here about my success and news of the project. Now for anyone who wants to try it out here is the link to slonopotamus site:

Gentoo on the N8x0 >> slonopotamus.org

Since a laptop is often used mobile and so there is the possibility that it may get into wrong hands, I want to at least protect my private data like email, office documents etc. from unauthorized access. So I decided it would be best to encrypt the whole harddrive. This page describes how i set my Laptop up fully encrypted.

This HowTo was written for people who have some understanding of Gentoo, Windows and computers in general. It's not meant to be a step by step guide for the totally inexperienced!

My goals for the setup:

• Dual Boot gentoo and Windows XP
• Both systems should be encrypted
• an encrypted data partition shared between the two systems
• one password on bootup should open system + data for access

I used the following tools for achieving this:

• TrueCrypt for Windows and the data-partition
• dm-crypt/cryptsetup + LVM2 for gentoo

My Partitions are set up like this:

1. Boot partition, 100MB, ext2
2. Windows XP, 25GB, NTFS
3. Gentoo encrypted lvm2, 25GB, not formated (will be done later)
4. Data Partition, rest of the HDD, not formated (will be done later)

All partitions are primary partitions. Set this up with your favourite partitioning tool.

Since Windows does overwrite the MBR we will install it first. I wont go into any detail, you should be able to figure out how to do this. After successfully installing Windows its now time for the encryption. For this purpose we use TrueCrypt. At first get it from their download page. Get the installer for Vista/XP/2000 (version 6.0a at the time of this writing) and install it on your system. The encryption procedure is described in the Truecrypt documentation. In the wizard select to only encrypt your windows partition. Also select that Windows is in your MBR. For the rest follow the instructions of the Wizard or take a look at Truecrypts documentation. During the process you will have to burn a rescue-cd, so its a good idea to have blank CD-R(W) aviable. After the process has completed during bootup there should be the TrueCrypt bootloader asking for the password. Thats it for Windows, so lets get Gentoo running.

At first we need a LiveCD that has support for dm-crypt and LVM2. One that has the necessary support is GRML. Now its time to prepare gentoos partition. At first we will do the encryption: I assume your harddrive is found by the livecd as /dev/sda and partitions are setup like described above, if that is not the case adjust the following instructions according to your situation:

NOTE: all following commands have to be run as root!

encrypting the partition:

cryptsetup luksFormat /dev/sda3

This will ask you to type YES (all uppercase) and then lets you enter the password you want to use.

After encrypting the disc we have to unlock it for use:

cryptsetup luksOpen /dev/sda3 decrypted

this should ask for the password and give “key slot 0 unlocked” if successfull. The partition is now usable with the virtual device /dev/mapper/decrypted

Now we will initialize the LVM on top of the encrypted disk. First lets create the pysical volume and the Volume Group:

pvcreate /dev/mapper/decrypted
vgcreate gentoo /dev/mapper/decrypted

After this we have a working LVM Volume Group with the name “gentoo”.

Now lets create some Logical Volumes (these are like partitions, but on top of LVM):

lvcreate -n system -L 15G gentoo
lvcreate -n swap -L 2G gentoo
lvcreate -n home -L 8G gentoo

This will create one LV with 15GB for the system, one with 2GB for swapspace and one with 8GB for /home. Feel free to adjust this to your liking, but keep in mind that you will also have to adjust some of the following steps.

Now its time to create some Filesystems:

mkfs.ext2 -L "boot" /dev/sda1
mkfs.ext3 -O dir_index -L "system" /dev/gentoo/system
mkfs.ext3 -O dir_index -L "home" /dev/gentoo/home
mkswap -L swap /dev/gentoo/swap

As always you can use other filesystems if you like..

Now lets mount the LVs for installing gentoo:

mkdir -p /mnt/gentoo
mount /dev/gentoo/system /mnt/gentoo
mkdir -p /mnt/gentoo/{home,boot}
mount /dev/sda1 /mnt/gentoo/boot
mount /dev/gentoo/home /mnt/gentoo/home

After this you can follow the official gentoo handbook starting from chapter 5. In the following I will show where the procedure differs from the official handbook.

In addition to the things written in the handbook and the correct drivers for your hardware make sure you select the following things in the Kernel-Configuration (build them into the kernel, not as modules):

Device Drivers -->
  [*] Multiple devices driver support (RAID and LVM) -->
    <*> Device Mapper Support
    <*>   Crypt Target Support

Cryptographic options  --->
  --- Cryptographic API
  <*>   SHA256 digest algorithm
  <*>   LRW support
  <*>   XTS support
  <*>   Blowfish cipher algorithm
  <*>   Twofish cipher algorithm
  <*>   Serpent cipher algorithm
  <*>   AES cipher algorithms

In the fstab we will have to use our LVs for system, swap and home, it should look similar to this (if you used my LV Setup):

# /etc/fstab: static file system information.

# <fs>                  <mountpoint>    <type>          <opts>          <dump/pass>

/dev/sda1               /boot           ext2            noauto,noatime  1 2
/dev/gentoo/system      /               ext3            noatime         0 0
/dev/gentoo/home        /home           ext3            noatime         0 0

/dev/gentoo/swap        none            swap            sw              0 0

/dev/cdrom              /mnt/cdrom      auto            noauto,users    0 0

shm                     /dev/shm        tmpfs           nodev,nosuid,noexec     0 0

Since we will use genkernel to create our initrd, we will have to emerge it (This is independent from how you created your Kernel, I always do Kernel-Configuration manually):

emerge genkernel

Of course we will also need cryptsetup and lvm2 tools, so we will merge these too, along with truecrypt and ntfs-3g for the data-partition that we will add later:

emerge cryptsetup lvm2 truecrypt ntfs3g

We will use grub as our bootloader, so lets see how to set it up:

At first we will have to save the truecrypt-MBR into a file so we can reuse it from Grub:

dd if=/dev/sda of=/boot/truecrypt.mbr count=1 bs=512

Now we will create the initrd necessary for gentoo:

genkernel --kernel-config=/usr/src/linux/.config --luks --lvm ramdisk

Next merge Grub and edit /boot/grub/menu.lst to look similar to this:

default 0
timeout 5

title Gentoo Linux
root (hd0,0)
kernel (hd0,0)/linux-2.6.25-tuxonice-r4 root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/sda3 real_root=/dev/gentoo/system dolvm quiet
initrd (hd0,0)/initramfs-genkernel-x86_64-2.6.25-tuxonice-r4

title Windows  XP
rootnoverify (hd0,1)
makeactive
chainloader (hd0,0)/truecrypt.mbr
boot

NOTE: The names for kernel and initrd may be different depending on your kernel-version and system architecture. Of course you can add things like grub-splash or framebuffer setup, but I will keep it as simple as possible for the HowTo

Finally lets install grub into the MBR:

grub
grub> root (hd0,0)
grub> setup (hd0)
grub> quit

After you have done this you may add a normal user like described in the gentoo handbook. Then its time to reboot the system:

exit
umount /mnt/gentoo/dev
umount /mnt/gentoo/proc
umount /mnt/gentoo/home
umount /mnt/gentoo/boot
umount /mnt/gentoo/
vgchange -an
cryptsetup luksClose decrypted
reboot

Now you should have a grub menu at boot where you can choose between Gentoo and Windows XP. After selecting one it should ask for the systems password and then boot the system. As the last step lets see how to get a encrypted data-partition shared between the two systems

For the data partition we will use truecrypt again. I did set it up under Windows, using a key-file without password (because we want the data-partition to be auto-mounted) to encrypt the 4th partition of the harddrive (remember the partition layout from earlier). Since the system-partition is encrypted for Windows and Linux it should be no problem to have a key-file without password. If you want extra security you can of course use passwords, but then auto-mount will not work. For the filesystem I use NTFS, since it is writeable form Windows and Linux (using ntfs-3g) and doesnt have the limitations FAT32 has (4GB filesize limit and so on).

For automount in Windows set the keyfile in the default keyfiles and enable auto-mounting of device-hostet volumes and of course to start truecrypt with windows.

For gentoo you need to transfer the keyfile, maybe using a USB-Stick or similar (but remember to delete the key in a secure way (like overwriting it several times with random data). If you haven't done so before we need to emerge truecrypt, and make sure to use the same version as on Windows. Then we will need to start the truecrypt-mounting at boot. A good way to do this is to add the following line to /etc/conf.d/local:

truecrypt -t -p "" --protect-hidden="no" -k /usr/share/data.key /dev/sda4 /mnt/data/

This assumes you have a mountpoint /mnt/data and used my partition layout. Also the keyfile needs to be in /usr/share/data.key

With this you should now have a data partition usable from windows and linux.

This are the pages I used to get this setup up and running:

• http://gentoo-wiki.com/HOWTO_Install_Gentoo_on_an_LVM2_root_partition
• http://ubuntuforums.org/showthread.php?t=761530
• http://de.gentoo-wiki.com/wiki/DM-Crypt (German)
• http://www.gentoo.org/doc/en/handbook/handbook-x86.xml
• http://www.truecrypt.org/docs/

If you own a laptop and use it in different locations you may know this problem: Each location has its own settings for network access, gateways and dns-servers. After some research about gentoos networking-scripts and their advanced configuration options I found the solution documented here. It offers fully automatic configuration for wired and wireless interfaces with combined static and dynamic IP-Addresses. So lets see how to set this up!

The first step is to install the necessary programs. Here is a list:

• wpa_supplicant
• dhcpcd
• ifplugd
• arping
• iputils

Since they are all in gentoos portage, you can just emerge them..

I wont go into much detail here since there are many howtos about configuring wpa_supplicant. Lets asume we have two Wireless Networks we want to connect to: WLAN1 and WLAN2 both using WPA-encryption. The according wpa_supplicant.conf may look like this:

  network={ 
    ssid="WLAN1"
    psk="somesupersecretpassword1"
    priority=20
  } 

  network={
    ssid="WLAN2"
    psk="anothersecretpassword"
    priority=19
  }

  network={
    key_mgmt=NONE
    priority=-9999999
  }

Note: The last network block will connect to any open network aviable. The priority tells which network to prefer if more than one are aviable at the same time. Higher number means higher priority.

Now that we have set up wpa_supplicant lets procceed with gentoos /etc/conf.d/net. For our example we asume WLAN1 uses a static configuration and WLAN2 uses dhcp. Here is the according /etc/conf.d/net:

  modules_wlan0=( "wpa_supplicant" ) # tell wlan0 to use wpa_supplicant
  wpa_supplicant_wlan0="-Dwext" # additional options for wpa_supplicant
  associate_timeout_wlan0="15" # how long to wait for association

  config_WLAN1=( "192.168.178.5/24" ) # if we are connected to WLAN1, use this IP
  routes_WLAN1=( "default gw 192.168.178.1" ) # default gateway for WLAN1 
  dns_servers_WLAN1=( "192.168.178.1" ) # dns-server for WLAN1 

Notes: with the config_SSID, routes_SSID and dns_servers_SSID tokens you can set the static configuration for specific SSIDs. For all networks without a matching config, routes and dns_servers dhcp is used. You can get more info about this in /etc/conf.d/net.example Thats it for WLAN-config, now on to the wired interface.

For the wired interface we use three programs: ifplugd detects if a cable is plugged in and starts/stops the interface accordingly. arping handles the static configuration and dhcpcd is used for dynamic configuration. So lets see how to set this up in /etc/conf.d/net :

  config_eth0=( "arping" ) # use arping by default
  fallback_eth0=( "dhcp" ) # if no arping config matches use dhcp

  # this line sets up all known gateway+MAC compinations which have static
  # configuration, seperated by space
  # the format is "IP1,MAC1 IP2,MAC2 IP3,MAC3"...
  gateways_eth0=( "192.168.0.1,00:AA:BB:CC:DD:EE" )

  # setup the static config for the first network
  # format for the identifier:
  # assume IP AAA.BBB.CCC.DDD and MAC 00:11:22:33:44:55 leads to identifier
  # AAABBBCCCDDD_001122334455, note that every part of the IP-Address must have
  # three digits! The identifier has to use a defined IP+MAC pair from
  # gateways_eth0 
  config_192168000001_00AABBCCDDEE=( "192.168.0.10/24" )
  routes_192168000001_00AABBCCDDEE=( "default gw 192.168.0.1" )
  dns_servers_192168000001_00AABBCCDDEE=( "192.168.0.1" )

Notes: The IP and MAC for gateways_eth0 and the identifier should be a device on the network that is allways aviable. In most networks this is the gateway or router. The MAC-Address of the gateway can be found by using

arping <ip of gateway>

For more info on the arping config see again /etc/conf.d/net.example

The last thing to do for a fully working config is to set up which interface to prefer if LAN and WLAN are up and connected at the same time. Normally this will be the LAN because it is faster than WLAN. To achive this we need two little lines in /etc/conf.d/net :

metric_eth0=10
metric_wlan0=20

Notes: Lower metric means higher priority, in this case all traffic will use eth0 (the wired interface) if both are aviable.

Here is the whole /etc/conf.d/net for your reference:

  ## LAN

  config_eth0=( "arping" ) # use arping by default
  fallback_eth0=( "dhcp" ) # if no arping config matches use dhcp

  # this line sets up all known gateway+MAC compinations which have static 
  # configuration, seperated by space
  # the format is "IP1,MAC1 IP2,MAC2 IP3,MAC3"...
  gateways_eth0=( "192.168.0.1,00:AA:BB:CC:DD:EE" )

  # setup the static config for the first network
  # format for the identifier:
  # assume IP AAA.BBB.CCC.DDD and MAC 00:11:22:33:44:55 leads to identifier
  # AAABBBCCCDDD_001122334455, note that every part of the IP-Address must have
  # three digits! The identifier has to use a defined IP+MAC pair from 
  # gateways_eth0
  config_192168000001_00AABBCCDDEE=( "192.168.0.10/24" )
  routes_192168000001_00AABBCCDDEE=( "default gw 192.168.0.1" )
  dns_servers_192168000001_00AABBCCDDEE=( "192.168.0.1" )

  ## WLAN

  modules_wlan0=( "wpa_supplicant" ) # tell wlan0 to use wpa_supplicant
  wpa_supplicant_wlan0="-Dwext"      # additional options for wpa_supplicant
  associate_timeout_wlan0="15"       # how long to wait for association

  config_WLAN1=( "192.168.178.5/24" )          # if we are connected to WLAN1, use this IP
  routes_WLAN1=( "default gw 192.168.178.1" )  # default gateway for WLAN1
  dns_servers_WLAN1=( "192.168.178.1" )        # dns-server for WLAN1

  ## Prefer LAN over WLAN

  metric_eth0=10
  metric_wlan0=20

I hope this makes sense to you and helps to make your life in multiple networks easier