Monthly Archives: October 2009

Thumbs up for Windows 7 from Linus Torvalds

Leave a Reply

linus_win7

No Comment 🙂

Ubuntu Karmic Koala Comming this week

Leave a Reply

On Thursday the 29th the next Ubuntu release Karmic Koala will hit the download mirrors

xen missing gpg key

Leave a Reply

If you get the following error message after installing xen tools and running aptitude update

W: GPG error: http://updates.vmd.citrix.com etch Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 841D6D8DFE3F8BB2
W: You may want to run apt-get update to correct these problems

Issue the following command:

wget -q http://updates.vmd.citrix.com/XenServer/5.5.0/GPG-KEY -O- | apt-key add -

This will download the current gpg key from the citrix update server and add the key to apt. You should see an ok message after thats done run

aptitude update The error message should be gone

converting vmware linux virtual machine to citrix xenserver virtual machine

Leave a Reply

1. Install quemu on the vmware Server or another Linux machine

2. Uninstall vmware modules on the vmware guest you wish to convert

3. Stop the vmware guest

4. Convert the image file qemu-img convert Linux_2.6.x_kernel-flat.vmdk -O raw Debian.img

5. Copy the image file to the xen server with scp or ftp or to an attached storage server if you have one. Your storage uuid will be different: scp Debian.img 10.110.1.1:/var/run/sr-mount/7d327ac3-f85e-e742-1f5b-f52dd4dbadf6

6. Create a guest with at least the same disk size and amount of RAM as the imported vmware virtual disk. Rename the disk under properties so you can locate it later.
You may need to boot the guest with an ISO image to get it to work

7. Open a console or connect to the xen server with ssh and find the disk copy the uuid of the host: xe vdi-list or with: xe vdi-list name-label=your_disk_name

8. Import the image with: xe vdi-import uuid=652cc56f-4251-44d0-8f07-dcf219edf15a filename=Debian.img

9. Fire up your converted xen image. You may have to modify the grub boot loader vmware uses /dev/sda for it’s HD and xen uses /dev/hda.

10. If you machine does not boot press e at the grub prompt an search for root=/dev/sda1 line and change it to root=/dev/hda1 please change this in you grub.conf once the machine has booted and save your changes

Encrypted home and swap partition on Ubuntu 9.10 Karmic

9 Replies

I have always wanted to encrypt my /home partition on my notebook. Due to lack of time and the worries of data lose i never got round to it. But now the time has finally come. Please be careful following this howto if you do anything wrong you may erase all of you data. You have been warned!

aptitude install cryptsetup libpam-mount

We will start of with the swap partition which is easy. First deactivate your swap partition you may need to remove it from /etc/fstab and reboot if it is in use.:

swapoff /dev/sda7

Then fill your swap with random data from /dev/urandom

dd if=/dev/urandom of=/dev/sda7 bs=1M

Configure encrypted swap in /etc/crypttab and /etc/fstab

cat /etc/crypttab

cryptoswap /dev/sda7 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

cat /etc/fstab

/dev/mapper/cryptoswap none swap sw 0 0

Okay thats it reboot to test. If you call top from a shell you should see a normal swap partition. Then try and run the follow command you should see something like this:

cryptsetup status cryptoswap /dev/mapper/cryptoswap is active: cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/sda7 offset: 0 sectors size: 8401932 sectors mode: read/write

Ok your swap partition is done lets move on to /home make sure you have an empty partition for this all data on the partition will be deleted. You’ve been warned

Fill your new home partition with random data.

dd if=/dev/urandom of=/dev/sda8

Initialize the partition and set initial key. Please make sure to set a good password and do not forget it otherwise your data is gone.

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda8

Create a device mapping

cryptsetup luksOpen /dev/sda8 cryptohome

Now you can create a file system on cryptohome

mkfs.ext4 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/cryptohome

Okay give your new home a test by closing it reopening it and finally the first mount

cryptsetup luksClose cryptohome cryptsetup luksOpen /dev/sda8 cryptohome Enter LUKS passphrase: key slot 0 unlocked. Command successful. mkdir -p /mnt/cryptohome mount /dev/mapper/cryptohome /mnt/cryptohome touch /mnt/cryptohome/linux ls /mnt/cryptohome/ lost+found linux

We can also confirm that it works by issuing the command

cryptsetup status cryptohome /dev/mapper/cryptohome is active: cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/sda8 offset: 2056 sectors size: 20978771 sectors mode: read/write

Now would be a good time to move your current home data to this partition. And umount the partition:

umount /mnt/cryptohome cryptsetup luksClose cryptohome

To mount this partition at boot time do the following. The boot process will stop and you will be prompted for a password:

First edit /etc/cryptotab

cryptohome /dev/sda8 none luks

Then edit /etc/fstab and add

/dev/mapper/cryptohome /home/ ext4 relatime,errors=remount-ro 0 2

Automatically mount when logging in i will write this part shortly so stay tuned.