Sunday morning playing with my Raspberry Pi :)

This post describes the steps that I did to encrypt my ~ directory with ecryptfs.

Log in as root, then perform the following commands:

# mv /home/squallltt /home/squallltt.old
# mkdir -m 700 /home/squallltt
# chown squallltt:users /home/squallltt
# usermod -d /home/squallltt.old squallltt

Reboot, then:

# mkdir -p /home/.ecryptfs/squallltt/.Private
# chmod 755 /home/.ecryptfs
# chmod -R 700 /home/.ecryptfs/squallltt
# chown -R squallltt:users /home/.ecryptfs/squallltt
# ln -s /home/.ecryptfs/squallltt/.Private /home/squallltt/.Private
# chmod 500 /home/squallltt

Then, install ecryptfs-utils

# pacman -S ecryptfs-utils

Now mount:

# mount -t ecryptfs /home/squallltt/.Private /home/squallltt

Key type: passphrase

Passphrase: veryStrongPassphraseHere

Cypher: twofish

Key bytes: 32

Plaintext passthrough: no

Filename encryption: yes

Add signature to cache: yes

Then open file /etc/mtab with vim and copy the last line to /etc/fstab. The first line is originally from /etc/mtab, the second line is to be added to /etc/fstab with added user,noauto,exec. Replace the XXXXXXXXXXXXXXXX with your signature.

/home/.ecryptfs/squallltt/.Private /home/squallltt ecryptfs rw,nosuid,nodev,relatime,ecryptfs_sig=XXXXXXXXXXXXXXXX,ecryptfs_fnek_sig=XXXXXXXXXXXXXXXX,ecryptfs_cipher=twofish,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs 0 0

/home/.ecryptfs/squallltt/.Private /home/squallltt ecryptfs rw,user,noauto,exec,relatime,ecryptfs_fnek_sig=XXXXXXXXXXXXXXXX,ecryptfs_sig=XXXXXXXXXXXXXXXX,ecryptfs_cipher=twofish,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs 0 0

Then, continue:

# touch /root/.ecryptfs/auto-mount
# ecryptfs-wrap-passphrase /root/.ecryptfs/wrapped-passphrase
Passphrase to wrap: [enter mount passphrase]
Wrapping passphrase: [enter user login password]
# umount /home/squallltt

Now, move the necessary files to desired place:

# mv /root/.ecryptfs /home/.ecryptfs/squallltt
# chown -R squallltt:users /home/.ecryptfs/squallltt/.ecryptfs
# ln -s /home/.ecryptfs/squallltt/.ecryptfs /home/squallltt/.ecryptfs

Then, install pam_mount

# pacman -S pam_mount

Now, proceed to edit file /etc/pam.d/system-auth

# vim /etc/pam.d/system-auth

#%PAM-1.0

auth      required  pam_env.so
auth      required  pam_unix.so     try_first_pass nullok
#added 2 lines below
auth      optional  pam_mount.so
auth      required  pam_ecryptfs.so unwrap
auth      optional  pam_permit.so

account   required  pam_unix.so
account   optional  pam_permit.so
account   required  pam_time.so

#added 2 lines below
password  optional  pam_ecryptfs.so
password  optional  pam_mount.so
password  required  pam_unix.so     try_first_pass nullok sha512 shadow
password  optional  pam_permit.so

#added 1 line below
session   optional  pam_mount.so
session   required  pam_limits.so
session   required  pam_env.so
session   required  pam_unix.so
#added 1 line below
session   optional  pam_ecryptfs.so unwrap
session   optional  pam_permit.so

Now, mount the private home folder and copy the old content into new private home folder and encrypt them on the fly

# ecryptfs-insert-wrapped-passphrase-into-keyring /home/squallltt/.ecryptfs/wrapped-passphrase
Passphrase: [enter user login password]
# mount -i /home/squallltt
# rsync -aP /home/squallltt.old/ /home/squallltt/

Then, unmount the encrypted directory and change user's home folder:

# umount /home/squallltt
# usermod -d /home/squallltt squallltt

Finally, edit file /etc/security/pam_mount.conf.xml. Here are some changes:

...

<luserconf name=".pam_mount.conf.xml" />

...

<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
<mntoptions require="nosuid,nodev" />
-->

...

<mntoptions require="" />

...

<mkmountpoint enable="1" remove="true" />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/squallltt/.Private" mountpoint="/home/squallltt"/>

The full content of my /etc/security/pam_mount.conf.xml is:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
    See pam_mount.conf(5) for a description.
-->

<pam_mount>

        <!-- debug should come before everything else,
        since this file is still processed in a single pass
        from top-to-bottom -->

<debug enable="0" />

        <!-- Volume definitions -->


        <!-- pam_mount parameters: General tunables -->

<luserconf name=".pam_mount.conf.xml" />

<!-- Note that commenting out mntoptions will give you the defaults.
     You will need to explicitly initialize it with the empty string
     to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
<mntoptions require="nosuid,nodev" />
-->

<mntoptions require="" />

<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="0" term="0" kill="0" />


        <!-- pam_mount parameters: Volume-related -->

<!-- <volume user="squallltt" fstype="auto" path="/dev/sda2" mountpoint="/home" options="fsck,noatime" /> -->
<mkmountpoint enable="1" remove="true" />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/squallltt/.Private" mountpoint="/home/squallltt"/>


</pam_mount>

Reboot, once logged in, you should see your encrypted home directory auto mounted :)

References:

https://wiki.archlinux.org/index.php/ECryptfs
http://sysphere.org/~anrxc/j/articles/ecryptfs/index.html

By default, the Arch Linux ARM image for Raspberry Pi only has 2GB capacity. So in order to use the full capacity of my SD card (16GB), I have to re-size my root partition. Here is what I did.

First, backup my SD card using dd command

(this is done with the SD card plugged in to my laptop). Take note that sdc is my SD card device, you can find out what your SD card device name by using lsblk -f command.

sudo dd if=/dev/sdc  of=~/raspberrypi_backup_20130514.img

Show a list of partition available on your SD card:

ls /dev/mmcblk0

Then the result should be something like this: (take note that: earlier I already created a data partition on mmcblk0p3

mmcblk0    mmcblk0p1    mmcblk0p2    mmcblk0p3

Then run the following command

# fdisk /dev/mmcblk0

Type p to list partition table. Here is the result:

Resize_Root_Partition_Raspberry_Pi_Arch_Linux_01

Next, type d to delete partition 2 and 3. Take note that, we need to keep the Boot partition which is number 1

Resize_Root_Partition_Raspberry_Pi_Arch_Linux_02

Now I'm able to resize the main partition:

  • Type n to create a new partition

  • Then p to set it as primary

  • Type 2 for partition number.

  • Enter 186368 for First sector (which is the End of the Boot partition + 1

  • For Last sector: hit Enter to use the default.

  • Finally type w to write changes.

Resize_Root_Partition_Raspberry_Pi_Arch_Linux_03

Next reboot the Raspberry Pi

# reboot

Resize new boot root partition

Once the Raspberry Pi has booted, log in as root and run this command:

# resize2fs /dev/mmcblk0p2

sit back and relax until it's done.

Enjoy the full size of your new root partition :)

Resize_Root_Partition_Raspberry_Pi_Arch_Linux_04

References

Resize root partition on stackexchange.com

After spending a lot of time and effort tweaking Arch Linux on my main laptop, I decided to install it on a VirtualBox to be able to use it elsewhere, also to refresh myself on what I've done. In fact, I did another Arch Linux ARM installation on my Raspberry Pi with very similar configurations. I'm very happy that I now have a consistent working environment no matter where I go.

I have a short term memory so it would be nice to have a log of what I've done, just in case I need to refer to in the future. In this post, I describe some of the steps I used to install Arch Linux on a VirtualBox machine base on my preference and knowledge. Most of the steps here are adopted from ArchWiki.

Partition, choose GPT

# cgdisk /dev/sda

Output from parted: alt text

Install the base

# pacstrap /mnt base

Generate an fstab

# genfstab -U -p /mnt >> /mnt/etc/fstab
# nano /mnt/etc/fstab

Installing GRUB:

For my GPT-partitioned drive, GRUB need a BIOS Boot Partition

Installing gdisk
Installing gdisk

Run gdisk
- Type n to create new partition
- Key in 4 for partition number
ArchLinux07_04

Choose partition type: ef02 (BIOS boot partition)
Choose ef02 - BIOS boot partition

Type p to print out partition table
GPT partition table

Setup GRUB BIOS on a GPT disk:

# modprobe dm-mod
# grub-install --recheck /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

Then install os-prober

# pacman -S os-prober

GRUB BIOS on GPT disk

Add new user and change password:

# user add -m -g users -s /bin/bash squallltt
# passwd squallltt

Add new group squallltt for sudo:

# groupadd squallltt

Add user squallltt to group squallltt

# gpasswd -a squallltt squallltt

Install xorg

# pacman -S xorg

Install base-devel

# pacman -S base-devel

ArchLinux07_20

Install virtualbox-guest-utils

# pacman -S virtualbox-guest-utils

ArchLinux07_16

Then, manually load the modules:

# modprobe -a vboxguest vboxsf vboxvideo

Create a file virtualbox.conf in /etc/modules-load.d/

# vi /etc/modules-load.d/virtualbox.conf

Then add these lines in that file:

vboxguest
vboxsf
vboxvideo

Add user squallltt to group vboxsf

# gpasswd -a squallltt vboxsf

Add exception not to ask for password for those application in sudoers file:

$ sudo visudo -f /etc/sudoers

Then add this line:

squallltt ALL = PASSWD: ALL, NOPASSWD: /usr/bin/VBoxClient-all, /usr/sbin/ip, /usr/sbin/wpa_supplicant, /usr/sbin/dhcpcd, /usr/bin/truecrypt, /usr/bin/systemctl

Start sharing sharing service and synchronise guest date with host: add these below lines into ~/.xinitrc

sudo VBoxClient-all &
sudo systemctl start vboxservice.service

Install the default environment for X:

# pacman -S xorg-twm xorg-xclock xterm

ArchLinux07_19

Install better(than the default) font

# pacman -S ttf-dejavu

After done the basic base, I can proceed to install other applications that I need:
- Openbox for window manager
- irssi for IRC client
- python
- mit-scheme
- java
- xfce4-terminal
- and many more...

References:
https://wiki.archlinux.org/index.php/Beginners%27_Guide
https://wiki.archlinux.org/index.php/GRUB#GUID_Partition_Table_.28GPT.29_specific_instructions
https://wiki.archlinux.org/index.php/VirtualBox

As promised to myself earlier, I would switch completely from Linux Mint 14 to Arch Linux after finish my exam. In fact, I was too excited (or I should say "addicted") to Arch Linux that I installed it and did almost all the configuration stuffs directly on my laptop before finished the last paper.

The first Linux distro I've ever tried was Ubuntu. It was friendly and easy to use enough that it didn't scare me off. But after using it for awhile, I started to feel it is bloated in many ways. So I went on to look for a new distro. Linux Mint was a great replacement. It worked just fine on my machine. I have no complaint about it. After getting quite familiar with Linux Mint, I wanted to try something completely different, something simple and allows me to have full control over my system. Arch Linux turns out to be the best candidate in my opinion. I really like its philosophy and its awesome documentation. The tragedy was that I happened to know about it just before my exam period. Of course I didn't want to break my system and have nothing to do assignment and revision. So I promised to hold my breath and wait till the exams are over. But in the end, the call of curiosity and the hunger of knowledge made me couldn't wait any longer. I went ahead and installed it before the target date.

Arch Linux + Openbox Screen
    Shoot

It's a great journey to learn Linux by getting my hand dirty in the terminal with Arch Linux. Really, I'm still pretty much a newbie after using Linux for about half a year, but after going through all the installing steps and solving many kind of problems from grub, Wi-Fi not working, no sound, video driver not working properly (this is the most irritating thing I have with NVIDIA Optimus, luckily the Bumblebee project works just nice in my case)... I now have a better understanding on how Linux works (still I'm a newbie to the wonderful world of Linux).

My aim is to build a simple and effective environment for my development and study. I chose Openbox (written by Dana Jansens) as a window manager due to its highly configurable capability and its simplicity. And so Openbox turned out to be an awesome choice to combine with the Arch base. Next thing was to choose a compositor. I don't want to install other fancy eye-candy stuffs like Compiz, Conky, Cairo Compmgr etc... I just wanna have a little bit of elegant desktop look. So I chose Xcompmgr. Those were pretty much what I need as a base. Then I went on to install other applications that I prefer, adjust the theme, appearance, and do a lot of configurations to optimize my system.

Arch Linux Terminal

Still, there are plenty of other things that I would need to do for my Arch machine. But right now I'm very happy with what I've done. I really love the idea of building my own operating system from scratch (of course this can't be compared to Gentoo) because by doing so, I've learned so much more knowledge. Arch Linux gives me exactly what I want, no more, no less (like other Archers have been saying).

The move to Arch is the move of FREEDOM.

The Arch way: KISS - Keep It Simple, Stupid.

All my Bayes are belong to Arch Linux.