Tag Archives: Debian

Virtual Appliance with Debian Squeeze and OpenWRT-XBurst Development Tools for Qi Hardware’s Ben Nanonote

This post is about a Virtual Appliance with Debian Squeeze and OpenWRT-XBurst Development Tools installed, which would allow immediately compiling OpenWRT packages for the Nanonote without going through the painful process of setting up the development environment yourself.

As a non-developer, I found a working development environment to be the single most confusing part of porting to the Nanonote, even more confusing than OpenWRT’s Makefiles. Granted, this could be my personal lack of talent or skill, but it left me thinking removing this “steppingstone” for some of the less experienced users might open more doors, faster, for beginning Nanonote enthusiasts. The instructions at http://en.qi-hardware.com/wiki/Building_OpenWRT_on_Debian_6 are great, but might slightly intimidate less experienced Linux users. They are also slightly daunting to follow if the need arises frequently (if reinstalling OS, royally screwed something up, or other scenarios I’m sure you ran into).

The easiest way to get around this I could come up with was creating a Virtual Appliance which contains the basics for compiling for the Nanonote, using the wiki instructions for Debian Squeeze. Such an appliance can be run in VirtualBox (free and open source) or VMWare Player (free as in beer), even on Windows hosts. The result is a single 2.4 GB file with a ready toolchain which is ready to “accept” package Makefiles and compile them. Debian was installed, the toolchain was compiled, the locales and paths were set. I gave it a quick test compiling Pem (and a load of Perl dependencies) and it seemed to work.

The Virtual Appliance is currently unimaginatively called “Debian Squeeze with OpenWRT-XBurst Development Tools 2011-08-27” and comes as a single .OVA file. See details below:

Instructions
1. Install VirtualBox.
2. Download Virtual Appliance .OVA file (links below)
3. In VirtualBox click on “Machine” > “Import” and select the .OVA file.

I’ve added a brief section under the Building on … Debian Squeeze wiki page.

Hope someone finds this helpful.

2011-08-27 Release:

Virtual Appliance Download Page on 1fichier.com:  http://4pp1qh.1fichier.com/en/
.OVA file MD5 sum:  3ad6e2aa9379336c10746a3062538d32
user:  build
password:  gongshow
root password:  gongshow
QR Image:

2011-02-23 Release:

Virtual Appliance Download Page on 1fichier.com:  http://0tqstz.1fichier.com/en/
.OVA file MD5 sum:  f9ebe1b0cfe63ae1aa584ddff7b222ed
user:  build
password:  gongshow
root password:  gongshow
QR Image:

https://i0.wp.com/www.1fichier.com/qr/0/0tqstz.png

— Ernest Kugel

1 Comment

Filed under Ben Nanonote

Are YOU paranoid? 10 steps for encrypting your Ubuntu HOME.

Are you paranoid? I am.

If you keep most of your work on a net-book/laptop, you should consider the possibility of having it lost or stolen. All the backups in the world will not prevent someone else from having full access to all your personal and embarrassing information. One way to get around this is to encrypt your hard drive. The safest way is to encrypt the whole drive before the operating system is installed. Encrypted installation is offered by Debian, and soon by SUSE.

To be really safe, you should keep check-sums of your unencrypted boot sectors, etc, on your encrypted partition, to prevent tempering with the few unencrypted bits. But, if you didn’t piss the KGB off very recently, you might feel safe with encrypting only the folder that contains your user documents. Under Windows Vista +, that would be \Users\YOUR USER NAME, but I suspect that would inevitably leave some loose ends. One way or another, if your are even slightly paranoid, you are probably not using Windows. On Linux, encrypting your home directory is probably reasonable enough.

Here are 10 steps to accomplish this on Debian/Ubuntu systems (Adapt to your Linux/BSD/OpenSolaris):

1. Install the packages: initramfs-tools, hashalot and lvm2:

$ sudo apt-get install initramfs-tools hashalot lvm2

2. load (or make sure have been built into the kernel) the modules: aes-x86_64 or aes-i586, dm-crypt and dm-mod:

$ sudo modprobe aes-x86_64 dm-crypt dm-mod

3. Create (or designate) a partition that would be encrypted. Allow enough room because I’m not sure growing it later is an option. Any data on it will be destroyed:

$ sudo fdisk /dev/YOUR DRIVE ON WHICH THE TO-BE-ENCRYPTED PARTITION IS

4. Check for bad blocks:

$ sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/YOUR TO-BE-ENCRYPTED PARTITION

5. Fill you to-be-encrypted partition with random data. Note: (This takes AGES, but makes things safe. By ages I mean ~ 2 hours for every 10 GB):

$ sudo dd if=/dev/urandom of=/dev/YOUR TO-BE-ENCRYPTED PARTITION

6. Setup an encrypted luks volume

$ sudo cryptsetup -y –cipher aes-cbc-essiv:sha256 –key-size 256 luksFormat /dev/YOUR TO-BE-ENCRYPTED PARTITION

7. Unlock it:

$ sudo cryptsetup luksOpen /dev/YOUR TO-BE-ENCRYPTED PARTITION pvcrypt

8. Create a volume group and a volume:

$ sudo pvcreate /dev/mapper/pvcrypt
$ sudo vgcreate vg /dev/mapper/pvcrypt
$ sudo lvcreate -n VOLUME-NAME
-L VOLUME-SIZE vg

9. Create a file-system on /dev/mapper/vg-VOLUME-NAME:

$ sudo mkfs.ext3 /dev/mapper/vg-VOLUME-NAME

10. Edit /etc/fstab. Add the line:

mount -t ext3 /dev/mapper/vg-VOLUME-NAME /home

9. Edit /etc/crypttab. Add the line:

pvcrypt /dev/YOUR-ENCRYPTED-PARTITION none luks,retry=1,lvm=vg

10. This is the fun part: log out all users, switch to a console and login as root. Move the /home directory to be /home-SOMETHING. Create a new empty /home directory, and mount the encrypted volume in it. Then copy the entire contents of your /home-SOMETHING into /home preserving all attributes, times and ownerships. Here’s a few simple steps to do it:

$ sudo mv /home /home-plain

$ sudo mkdir /home

$ sudo mount /dev/mapper/vg-VOLUME-NAME /home

$ sudo cp -aR –preserve=all /home-plain/* /home/

Ready to see if it worked? Reboot! you should do this from the console directly:

$ sudo /sbin/reboot

Upon boot up, when your system tries to mount your /home partition, which is now encrypted, you will be asked for a password before booting continues. After the correct password is supplied, the system boots on.

If you have more locations you would like to encrypt, you can create more volumes on the encrypted volume group. To understand how to, or for a detailed guide for installing Ubuntu Linux on an encrypted volume group  to begin with, see the page from which I’ve adapted the steps above.

Leave a comment

Filed under #!