| 1 |
<hr/> |
<hr/> |
| 2 |
|
|
| 3 |
Debian-stable and AES-loop(crypto-api) file-system encryption(kernel 2.6.x): |
Debian-stable/testing and AES-loop(crypto-api) file-system encryption(kernel 2.6.x): |
| 4 |
- read: |
- read: |
| 5 |
http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README |
http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README |
| 6 |
http://www.sdc.org/~leila/usb-dongle/readme.html |
http://www.sdc.org/~leila/usb-dongle/readme.html |
| 7 |
http://www.kerneli.org/howto/node3.php |
http://www.kerneli.org/howto/node3.php |
| 8 |
http://www.linuxsecurity.com/docs/HOWTO/Encryption-HOWTO/ |
http://www.linuxsecurity.com/docs/HOWTO/Encryption-HOWTO/ |
| 9 |
|
http://debid.vlsm.org/share/HOWTO/Encrypted-Root-Filesystem-HOWTO |
| 10 |
- updated/new packages needed for 2.6: |
- updated/new packages needed for 2.6: |
| 11 |
coreutils |
coreutils |
| 12 |
modconf |
modconf |
| 18 |
util-linux (testing) |
util-linux (testing) |
| 19 |
- new packages needed for crypto-swap script: |
- new packages needed for crypto-swap script: |
| 20 |
sharutils (uuencode) |
sharutils (uuencode) |
| 21 |
|
- create random passphrase/seed |
| 22 |
|
#: head -c <LENGTH> /dev/urandom | uuencode -m - | head -n 2 | tail -n 1 |
| 23 |
- create encrypted fs: |
- create encrypted fs: |
| 24 |
|
(passphrase need min 20 characters!!) |
| 25 |
echo ${PASSPHRASE} | losetup -p 0 -e aes-256 ${LOOPDEV} ${DEVICE} |
echo ${PASSPHRASE} | losetup -p 0 -e aes-256 ${LOOPDEV} ${DEVICE} |
| 26 |
- with special seed: |
- with special seed: |
| 27 |
echo ${PASSPHRASE} | losetup -p 0 -S ${SEED} -e aes-256 ${LOOPDEV} ${DEVICE} |
echo ${PASSPHRASE} | losetup -p 0 -S ${SEED} -e aes-256 ${LOOPDEV} ${DEVICE} |
| 55 |
swapon ${LOOPDEV} |
swapon ${LOOPDEV} |
| 56 |
#------------------------ crypto-swap end -------------------------------------- |
#------------------------ crypto-swap end -------------------------------------- |
| 57 |
|
|
| 58 |
- mounting encrypted file sytems at boot-time |
- mounting encrypted file-systems at boot-time |
| 59 |
- for interactive key-passphrase, add following at /etc/fstab: |
- for interactive key-passphrase, add following at /etc/fstab: |
| 60 |
/dev/hda6 <mount-point> <fs-type> defaults,loop=/dev/loop6,encryption=AES256 0 0 |
/dev/hda6 <mount-point> <fs-type> defaults,loop=/dev/loop6,encryption=AES256 0 0 |
| 61 |
|
|
| 70 |
# loop device name |
# loop device name |
| 71 |
LOOPDEV=/dev/loop3 |
LOOPDEV=/dev/loop3 |
| 72 |
|
|
| 73 |
PASSPHRASE="WSyPeR1gh07fvoyNZjtxo7Y6F4o=" |
PASSPHRASE="<YOUR_PASSPHRASE>" # min 20 characters |
| 74 |
SEED="NUmdxSWIbPdYijbdo/0v" |
SEED="<YOUR_SEED>" |
| 75 |
|
|
| 76 |
case "$1" in |
case "$1" in |
| 77 |
start) |
start) |
| 88 |
esac |
esac |
| 89 |
exit 0 |
exit 0 |
| 90 |
#------------------------ prepare-cryptofs.sh end -------------------------------------- |
#------------------------ prepare-cryptofs.sh end -------------------------------------- |
| 91 |
|
|
| 92 |
|
|
| 93 |
|
|
| 94 |
|
FreeBSD(stable) - port update bugs (06.2004) |
| 95 |
|
BUG: php4 won't comile with e.g. gettext,imap,mcrypt |
| 96 |
|
FIX: Add a '-lc_r' to the libraries php is linked against. |
| 97 |
|
(from http://lists.freebsd.org/pipermail/freebsd-ports/2003-September/004231.html) |
| 98 |
|
- for php4, do: |
| 99 |
|
export LDDFLAGS='-lc_r' |
| 100 |
|
change entries at Makefiles of following ports: |
| 101 |
|
- gettext at /Makefile: |
| 102 |
|
change |
| 103 |
|
LDFLAGS="-L${LOCALBASE}/lib" |
| 104 |
|
to |
| 105 |
|
LDFLAGS="-lc_r -L${LOCALBASE}/lib" |
| 106 |
|
- libxml2 at /Makefile: |
| 107 |
|
change |
| 108 |
|
LDFLAGS="-L${LOCALBASE}/lib" |
| 109 |
|
to |
| 110 |
|
LDFLAGS="-lc_r -L${LOCALBASE}/lib" |
| 111 |
|
- cclient at work/libc-client/Makefile: |
| 112 |
|
change |
| 113 |
|
EXTRALDFLAGS= |
| 114 |
|
to |
| 115 |
|
EXTRALDFLAGS=-lc_r |
| 116 |
|
|
| 117 |
|
|
| 118 |
|
|
| 119 |
<hr/> |
<hr/> |
| 120 |
$Id$ |
$Id$ |
Parent Directory
| 
Revision Log
| 
Patch
