Showing posts with label truecrypt. Show all posts
Showing posts with label truecrypt. Show all posts

03 March 2013

354. Some Arch linux post-installation steps/observations

I decided to temporarily switch my laptop over to Arch linux while keeping all my other boxes running debian. Luckily I had an old HDD which had Windows XP and Ubuntu (after a long hiatus from playing with Fedora Core and Mepis I got serious with Hardy Heron) that I could use -- I nuked the ubuntu install but kept the XP install for...some reason.

Still under preparation: Item 20 (chrooted firefox)

Anyway, here are some of the post installation steps I went through and some of my observations. It might help the odd debian person who explores arch. These are in addition to cosmetic things like installing the frippery extensions and faenza icon set for GNOME.

Index
0. Home partition during installation
1. There's no update-grub in Arch
2. Thinkpad
3. Changing Wallpaper in gnome 3.6
4. Get gdm to autostart
5. Get guake and conky to autostart
6. Adding a windows partition to grub2
7. Mounting ntfs partition
8. Skype and wine
9. Dropbox
10. 'apt-file' on Arch
11. Finding foreign (AUR) packages
12. No texmaker
13. systemd and network interface names
14. Virtualbox
15. grub2 theme
16. BankID
17. Truecrypt and "Failed to set up a loop device"
18. Can boot via USB but not SATA --
      "unable to find root device"
19. Problems with Guake and transparency in new tabs


0. Home partition during installation
I've covered installation of arch before (e.g. here, here and here). To have a separate home, partition your disk accordingly, and install as normal. Don't make any user while in archchroot though. Instead, edit the /etc/fstab to include the home partition, and create the user on booting from the new arch install.

UUID=b59b7022-eda1-40b8-b1e0-ada3f172ba90 /home  ext4  defaults, user_xattr  0 0

1. There's no update-grub in Arch
Instead you use
grub-mkconfig -o /boot/grub/grub.cfg

It also means that e.g. any windows installations won't be auto-detected. See below for how to deal with that.

2. Thinkpad
To get the video working you need to install xf86-video-intel
To get the mouse pad working you need to install xf86-input-synaptics
Install lm_sensors and acpi and run sudo sensors-detect to set up temperature and fan speed sensors, and battery status (acpi).
The LEDs seem to work at times with tp_smapi. Not perfect.

Problems:
the mute button doesn't work (mute immediately followed volume down works), nor does mute mic. I've tried a lot of options but so far no luck.

3. Changing Wallpaper in gnome 3.6
The debian devs may think they are simplifying things, but are often making things more difficult to discover. To change wallpaper go to the gnome overview, open Background, and click on the wallpaper in the centre of the window. THAT brings up a list over installed wallpapers etc.

4. Get gdm to autostart
systemctl enable gdm

5. Get guake and conky to autostart
sudo cp /usr/share/applications/guake.desktop /etc/xdg/autostart/

Create /usr/share/applications/conky.desktop:
[Desktop Entry]
Encoding=UTF-8
Name=Conky
Comment=Conky
TryExec=conky
Exec=conky
Icon=conky
Type=Application
Categories=GNOME;GTK;System;Utility
StartupNotify=true
sudo cp /usr/share/applications/conky.desktop /etc/xdg/autostart/

6. Adding a windows partition to grub2
You'll need to edit or create something aking to /etc/grub.d/40_custom
menuentry "Microsoft Windows XP" {
    insmod part_msdos
    insmod ntfs
    insmod search_fs_uuid
    insmod ntldr\
    search --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 B8AC3A4BAC3A0482
ntldr /ntldr
}
7. Mounting ntfs partition
sudo pacman -S ntfs-3g
sudo mkdir -p /media/winxp
sudo chown $USER /media/winxp

Edit /etc/fstab
UUID=B8AC3A4BAC3A0482 /media/winxp ntfs-3g noauto,uid=1000 0 0

8. Skype and wine
You need to edit /etc/pacman.conf and uncomment the multilib repos.
[multilib] SigLevel = PackageRequired Include = /etc/pacman.d/mirrorlist

sudo pacman -Syu
sudo pacman -S wine 
sudo pacman -S skype lib32-libpulse

I originally had a qt/qt4 conflict, but updating magically took care of that. Somehow.

NOTE that to get a useable 32 bit wine install you will need to specify this. See e.g. https://wiki.archlinux.org/index.php/Wine#Using_WINEARCH

9. Dropbox
You need to get dropbox and dropbox-nautilus from AUR. Create /etc/xdg/autostart/dropbox.desktop
[Desktop Entry] Encoding=UTF-8 Name=Dropbox daemon TryExec=dropboxd Exec=dropboxd Startupnotify=true

(I first tried systemctl enable dropbox@$USER but it didn't get nautilus running properly with dropbox. The method above works.)
10. 'apt-file' on arch
...is done with pkgfile.

sudo pacman -S pkgfile
pkgfile --update
pkgfile -s libXv.so.1

11. Finding foreign (AUR) packages.
AUR packages won't update themselves so you need to uninstall and rebuild each time. To find your AUR builds, do
pacman -Qm

12. No texmaker
Texmaker is in AUR and builds fine. It's also easy to build on your own, but installing it with pacman makes it easier to keep tabs on it.

13. systemd and network interface names
My network interfaces always end up with weird names in Arch (w5pls etc.). To manually name your interfaces create e.g. 70-persistent-net.rules in /etc/udev/rules.d/
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:27:9e:27:9b:20", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0" SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:23:fb:b3:d2:c8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"

14.Virtualbox
sudo pacman -S virtualbox virtualbox-host-modules linux-headers
sudo usermod -G vboxusers -a $USER

To load the vboxdrv module manually do
sudo modprobe vboxdrv

To auto-load on boot do
sudo su
echo "vboxdrv">> /etc/modules-load.d/virtualbox.conf
exit 

To sort out dkms:
sudo pacman -S dkms virtualbox-host-dkms
sudo systemctl enable dkms
sudo dkms install vboxhost/4.2.8


15. grub2 theme
The stock grub2 startup screen in arch is a bit bland. To spice it up, install grub2-theme-archlinux from AUR.

Edit /etc/default/grub and add
GRUB_THEME="/boot/grub/themes/Archlinux/theme.txt"
Then do
sudo grub-mkconfig -o /boot/grub/grub.cfg

It looks a lot like the mockup here: http://xcracx.deviantart.com/art/Archlinux-Grub2-mockup-121231574

16. BankID

Install bankid via AUR:
wget https://aur.archlinux.org/packages/ne/nexuspersonal/nexuspersonal.tar.gz
tar xvf nexuspersonal.tar.gz
cd nexuspersonal
makepkg -s
sudo pacman -U nexuspersonal-4.19.1.11663-4-x86_64.pkg.tar.xz
sudo pacman -S nspluginwrapper firefox
sudo nspluginwrapper --install /usr/local/lib/personal/libplugins.so

It should now work under firefox. NOTE that in order to be able to test it using test.bankid.com you must change your useragent (see e.g. http://verahill.blogspot.com.au/2013/02/341-upgradinginstalling-bankid-on-64.html). However, it will work with e.g. skatteverket and sparbanken without changing the user agent.

17. Truecrypt and "Failed to set up a loop device"
The module loop isn't loaded. Either modprobe it, or make it load automatically on boot:
sudo su
echo "loop">> /etc/modules-load.d/loop.conf
exit

18. Arch won't boot -- "unable to find root device"
I could boot from the hdd when it was tethered via USB, but not when it was attached via a sata cable. The error was something along the lines of "unable to find root device".
I solved it by following this post. http://fanweiphysicist.blogspot.com.au/2012/02/unable-to-find-root-device-archlinux.html

19. Guake bug
On my laptop, with the xf86-video-intel drivers install, opening a new tab gives me a black background instead of a transparent one.
Not sure what the proper solution to this is, but when I set up an installation on another hdd and installed the f86-video-nv and ati drivers as well, I no longer had any issues with transparency.
(Long story short: I first installed Arch on a spinning 2.5" drive and used my laptop with it for a week. Satisfied that it worked well enough, I installed Arch to my SSD by tethering it via USB to a desktop with an external nvidia card and onboard ati graphics -- so I installed all three video drivers. Putting the hdd in the laptop, guake behaved as it should with proper transparency for all tabs. Not sure what the original issue was)

20. chrooted firefox -- in progress.
For now I've installed sandfox from AUR.

First of all, read this exchange to get a feel for the scope of chroots: http://kerneltrap.org/mailarchive/linux-kernel/2007/9/19/263398/thread#mid-263398. It's not perfect as a security tool, as it wasn't meant to be one. Having said that, security works in layers and this is one which is easy to implement and adds a little bit of security.

Chrooting a programme doesn't give you any privacy or prevents firefox from leaving traces (use an encrypted and anonymous tunnel and put the chroot in a truecrypt container to cover yourself a bit more).

sudo pacman -S devtools xorg-xhost
mkdir -p $HOME/tmp/jail
sudo mkarchroot $HOME/tmp/jail/arch64 base sudo firefox flashplugin
sudo chroot $HOME/tmp/jail/arch64
passwd
useradd -m sandbox
passwd sandbox
echo "sandbox ALL=(ALL) ALL" >> /etc/sudoers
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo 'DISPLAY=:0.0' >> /etc/bash.bashrc
source /etc/bash.bashrc
exit

Launch the chroot with a script with something like this in it:
xhost +
sudo cp /etc/resolv.conf $HOME/tmp/jail/arch64/etc/resolv.conf
sudo mount -o bind /proc $HOME/tmp/jail/arch64/proc
sudo mount -o bind /sys $HOME/tmp/jail/arch64/sys
sudo mount -o bind /dev $HOME/tmp/jail/arch64/dev
sudo chroot $HOME/tmp/jail/arch64

You could also put 8.8.8.8 in resolv.conf (google dns).
Still not working properly (firefox segfaults)

20 April 2012

120. Using truecrypt with dropbox


This is not some fancy, automatic solution. This is for people who may not be familiar with truecrypt and how to use it. To most people this will be obvious.

Basically, one way in which you can use truecrypt is to create a file which, when mounted, acts like a device/filesystem. This container is encrypted and the strength of encryption depends on your key or password.

As a solution it also suffers from slow initial syncing.

Setting it up is a piece of cake:
1. Install truecrypt.
Get the correct version e.g. "Standard x64" from http://www.truecrypt.org/downloads.


Install by extracting the file and executing it:
chmod +x truecrypt-7.1a-setup-x64
sudo ./truecrypt-7.1a-setup-x64

2. Start truecrypt and click on Create Volume

Select encrypted file container. The other option is more useful  if you have access to the hardware.

Using a Hidden truecrypt volume means you pay a space penalty, depending on how you distribute the space between the two volumes.

Select location and filename


Pick an algorithm. I don't know much about this, but using a cascade sounds reasonable. I guess there are performance penalties though.

Be aware that the container file will take up all this space -- whether it's empty or not.









 3. Use the container file.
Click on Select File, then mount. You typically need to supply both the container password and your admin password.


This is what the inside of the container file looks like.
And this is what the dropbox folder looks like