Sunday morning playing with my Raspberry Pi :)

This post describes the steps that I did to encrypt my ~ directory with ecryptfs.

Log in as root, then perform the following commands:

# mv /home/squallltt /home/squallltt.old
# mkdir -m 700 /home/squallltt
# chown squallltt:users /home/squallltt
# usermod -d /home/squallltt.old squallltt

Reboot, then:

# mkdir -p /home/.ecryptfs/squallltt/.Private
# chmod 755 /home/.ecryptfs
# chmod -R 700 /home/.ecryptfs/squallltt
# chown -R squallltt:users /home/.ecryptfs/squallltt
# ln -s /home/.ecryptfs/squallltt/.Private /home/squallltt/.Private
# chmod 500 /home/squallltt

Then, install ecryptfs-utils

# pacman -S ecryptfs-utils

Now mount:

# mount -t ecryptfs /home/squallltt/.Private /home/squallltt

Key type: passphrase

Passphrase: veryStrongPassphraseHere

Cypher: twofish

Key bytes: 32

Plaintext passthrough: no

Filename encryption: yes

Add signature to cache: yes

Then open file /etc/mtab with vim and copy the last line to /etc/fstab. The first line is originally from /etc/mtab, the second line is to be added to /etc/fstab with added user,noauto,exec. Replace the XXXXXXXXXXXXXXXX with your signature.

/home/.ecryptfs/squallltt/.Private /home/squallltt ecryptfs rw,nosuid,nodev,relatime,ecryptfs_sig=XXXXXXXXXXXXXXXX,ecryptfs_fnek_sig=XXXXXXXXXXXXXXXX,ecryptfs_cipher=twofish,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs 0 0

/home/.ecryptfs/squallltt/.Private /home/squallltt ecryptfs rw,user,noauto,exec,relatime,ecryptfs_fnek_sig=XXXXXXXXXXXXXXXX,ecryptfs_sig=XXXXXXXXXXXXXXXX,ecryptfs_cipher=twofish,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs 0 0

Then, continue:

# touch /root/.ecryptfs/auto-mount
# ecryptfs-wrap-passphrase /root/.ecryptfs/wrapped-passphrase
Passphrase to wrap: [enter mount passphrase]
Wrapping passphrase: [enter user login password]
# umount /home/squallltt

Now, move the necessary files to desired place:

# mv /root/.ecryptfs /home/.ecryptfs/squallltt
# chown -R squallltt:users /home/.ecryptfs/squallltt/.ecryptfs
# ln -s /home/.ecryptfs/squallltt/.ecryptfs /home/squallltt/.ecryptfs

Then, install pam_mount

# pacman -S pam_mount

Now, proceed to edit file /etc/pam.d/system-auth

# vim /etc/pam.d/system-auth


auth      required
auth      required     try_first_pass nullok
#added 2 lines below
auth      optional
auth      required unwrap
auth      optional

account   required
account   optional
account   required

#added 2 lines below
password  optional
password  optional
password  required     try_first_pass nullok sha512 shadow
password  optional

#added 1 line below
session   optional
session   required
session   required
session   required
#added 1 line below
session   optional unwrap
session   optional

Now, mount the private home folder and copy the old content into new private home folder and encrypt them on the fly

# ecryptfs-insert-wrapped-passphrase-into-keyring /home/squallltt/.ecryptfs/wrapped-passphrase
Passphrase: [enter user login password]
# mount -i /home/squallltt
# rsync -aP /home/squallltt.old/ /home/squallltt/

Then, unmount the encrypted directory and change user's home folder:

# umount /home/squallltt
# usermod -d /home/squallltt squallltt

Finally, edit file /etc/security/pam_mount.conf.xml. Here are some changes:


<luserconf name=".pam_mount.conf.xml" />


<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
<mntoptions require="nosuid,nodev" />


<mntoptions require="" />


<mkmountpoint enable="1" remove="true" />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/squallltt/.Private" mountpoint="/home/squallltt"/>

The full content of my /etc/security/pam_mount.conf.xml is:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
    See pam_mount.conf(5) for a description.


        <!-- debug should come before everything else,
        since this file is still processed in a single pass
        from top-to-bottom -->

<debug enable="0" />

        <!-- Volume definitions -->

        <!-- pam_mount parameters: General tunables -->

<luserconf name=".pam_mount.conf.xml" />

<!-- Note that commenting out mntoptions will give you the defaults.
     You will need to explicitly initialize it with the empty string
     to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
<mntoptions require="nosuid,nodev" />

<mntoptions require="" />

<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="0" term="0" kill="0" />

        <!-- pam_mount parameters: Volume-related -->

<!-- <volume user="squallltt" fstype="auto" path="/dev/sda2" mountpoint="/home" options="fsck,noatime" /> -->
<mkmountpoint enable="1" remove="true" />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
<volume noroot="1" fstype="ecryptfs" path="/home/.ecryptfs/squallltt/.Private" mountpoint="/home/squallltt"/>


Reboot, once logged in, you should see your encrypted home directory auto mounted :)


By default, the Arch Linux ARM image for Raspberry Pi only has 2GB capacity. So in order to use the full capacity of my SD card (16GB), I have to re-size my root partition. Here is what I did.

First, backup my SD card using dd command

(this is done with the SD card plugged in to my laptop). Take note that sdc is my SD card device, you can find out what your SD card device name by using lsblk -f command.

sudo dd if=/dev/sdc  of=~/raspberrypi_backup_20130514.img

Show a list of partition available on your SD card:

ls /dev/mmcblk0

Then the result should be something like this: (take note that: earlier I already created a data partition on mmcblk0p3

mmcblk0    mmcblk0p1    mmcblk0p2    mmcblk0p3

Then run the following command

# fdisk /dev/mmcblk0

Type p to list partition table. Here is the result:


Next, type d to delete partition 2 and 3. Take note that, we need to keep the Boot partition which is number 1


Now I'm able to resize the main partition:

  • Type n to create a new partition

  • Then p to set it as primary

  • Type 2 for partition number.

  • Enter 186368 for First sector (which is the End of the Boot partition + 1

  • For Last sector: hit Enter to use the default.

  • Finally type w to write changes.


Next reboot the Raspberry Pi

# reboot

Resize new boot root partition

Once the Raspberry Pi has booted, log in as root and run this command:

# resize2fs /dev/mmcblk0p2

sit back and relax until it's done.

Enjoy the full size of your new root partition :)



Resize root partition on

After spending a lot of time and effort tweaking Arch Linux on my main laptop, I decided to install it on a VirtualBox to be able to use it elsewhere, also to refresh myself on what I've done. In fact, I did another Arch Linux ARM installation on my Raspberry Pi with very similar configurations. I'm very happy that I now have a consistent working environment no matter where I go.

I have a short term memory so it would be nice to have a log of what I've done, just in case I need to refer to in the future. In this post, I describe some of the steps I used to install Arch Linux on a VirtualBox machine base on my preference and knowledge. Most of the steps here are adopted from ArchWiki.

Partition, choose GPT

# cgdisk /dev/sda

Output from parted: alt text

Install the base

# pacstrap /mnt base

Generate an fstab

# genfstab -U -p /mnt >> /mnt/etc/fstab
# nano /mnt/etc/fstab

Installing GRUB:

For my GPT-partitioned drive, GRUB need a BIOS Boot Partition

Installing gdisk
Installing gdisk

Run gdisk
- Type n to create new partition
- Key in 4 for partition number

Choose partition type: ef02 (BIOS boot partition)
Choose ef02 - BIOS boot partition

Type p to print out partition table
GPT partition table

Setup GRUB BIOS on a GPT disk:

# modprobe dm-mod
# grub-install --recheck /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

Then install os-prober

# pacman -S os-prober


Add new user and change password:

# user add -m -g users -s /bin/bash squallltt
# passwd squallltt

Add new group squallltt for sudo:

# groupadd squallltt

Add user squallltt to group squallltt

# gpasswd -a squallltt squallltt

Install xorg

# pacman -S xorg

Install base-devel

# pacman -S base-devel


Install virtualbox-guest-utils

# pacman -S virtualbox-guest-utils


Then, manually load the modules:

# modprobe -a vboxguest vboxsf vboxvideo

Create a file virtualbox.conf in /etc/modules-load.d/

# vi /etc/modules-load.d/virtualbox.conf

Then add these lines in that file:


Add user squallltt to group vboxsf

# gpasswd -a squallltt vboxsf

Add exception not to ask for password for those application in sudoers file:

$ sudo visudo -f /etc/sudoers

Then add this line:

squallltt ALL = PASSWD: ALL, NOPASSWD: /usr/bin/VBoxClient-all, /usr/sbin/ip, /usr/sbin/wpa_supplicant, /usr/sbin/dhcpcd, /usr/bin/truecrypt, /usr/bin/systemctl

Start sharing sharing service and synchronise guest date with host: add these below lines into ~/.xinitrc

sudo VBoxClient-all &
sudo systemctl start vboxservice.service

Install the default environment for X:

# pacman -S xorg-twm xorg-xclock xterm


Install better(than the default) font

# pacman -S ttf-dejavu

After done the basic base, I can proceed to install other applications that I need:
- Openbox for window manager
- irssi for IRC client
- python
- mit-scheme
- java
- xfce4-terminal
- and many more...


As promised to myself earlier, I would switch completely from Linux Mint 14 to Arch Linux after finish my exam. In fact, I was too excited (or I should say "addicted") to Arch Linux that I installed it and did almost all the configuration stuffs directly on my laptop before finished the last paper.

The first Linux distro I've ever tried was Ubuntu. It was friendly and easy to use enough that it didn't scare me off. But after using it for awhile, I started to feel it is bloated in many ways. So I went on to look for a new distro. Linux Mint was a great replacement. It worked just fine on my machine. I have no complaint about it. After getting quite familiar with Linux Mint, I wanted to try something completely different, something simple and allows me to have full control over my system. Arch Linux turns out to be the best candidate in my opinion. I really like its philosophy and its awesome documentation. The tragedy was that I happened to know about it just before my exam period. Of course I didn't want to break my system and have nothing to do assignment and revision. So I promised to hold my breath and wait till the exams are over. But in the end, the call of curiosity and the hunger of knowledge made me couldn't wait any longer. I went ahead and installed it before the target date.

Arch Linux + Openbox Screen

It's a great journey to learn Linux by getting my hand dirty in the terminal with Arch Linux. Really, I'm still pretty much a newbie after using Linux for about half a year, but after going through all the installing steps and solving many kind of problems from grub, Wi-Fi not working, no sound, video driver not working properly (this is the most irritating thing I have with NVIDIA Optimus, luckily the Bumblebee project works just nice in my case)... I now have a better understanding on how Linux works (still I'm a newbie to the wonderful world of Linux).

My aim is to build a simple and effective environment for my development and study. I chose Openbox (written by Dana Jansens) as a window manager due to its highly configurable capability and its simplicity. And so Openbox turned out to be an awesome choice to combine with the Arch base. Next thing was to choose a compositor. I don't want to install other fancy eye-candy stuffs like Compiz, Conky, Cairo Compmgr etc... I just wanna have a little bit of elegant desktop look. So I chose Xcompmgr. Those were pretty much what I need as a base. Then I went on to install other applications that I prefer, adjust the theme, appearance, and do a lot of configurations to optimize my system.

Arch Linux Terminal

Still, there are plenty of other things that I would need to do for my Arch machine. But right now I'm very happy with what I've done. I really love the idea of building my own operating system from scratch (of course this can't be compared to Gentoo) because by doing so, I've learned so much more knowledge. Arch Linux gives me exactly what I want, no more, no less (like other Archers have been saying).

The move to Arch is the move of FREEDOM.

The Arch way: KISS - Keep It Simple, Stupid.

All my Bayes are belong to Arch Linux.