On Thursday the 29th the next Ubuntu release Karmic Koala will hit the download mirrors

I have always wanted to encrypt my /home partition on my notebook. Due to lack of time and the worries of data lose i never got round to it. But now the time has finally come. Please be careful following this howto if you do anything wrong you may erase all of you data. You have been warned!

aptitude install cryptsetup libpam-mount

We will start of with the swap partition which is easy. First deactivate your swap partition you may need to remove it from /etc/fstab and reboot if it is in use.:

swapoff /dev/sda7

Then fill your swap with random data from /dev/urandom

dd if=/dev/urandom of=/dev/sda7 bs=1M

Configure encrypted swap in /etc/crypttab and /etc/fstab

cat /etc/crypttab

cryptoswap /dev/sda7 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

cat /etc/fstab

/dev/mapper/cryptoswap none swap sw 0 0

Okay thats it reboot to test. If you call top from a shell you should see a normal swap partition. Then try and run the follow command you should see something like this:

cryptsetup status cryptoswap
/dev/mapper/cryptoswap is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda7
offset: 0 sectors
size: 8401932 sectors
mode: read/write


Ok your swap partition is done lets move on to /home make sure you have an empty partition for this all data on the partition will be deleted. You’ve been warned

Fill your new home partition with random data.

dd if=/dev/urandom of=/dev/sda8

Initialize the partition and set initial key. Please make sure to set a good password and do not forget it otherwise your data is gone.

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda8

Create a device mapping

cryptsetup luksOpen /dev/sda8 cryptohome

Now you can create a file system on cryptohome

mkfs.ext4 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/cryptohome

Okay give your new home a test by closing it reopening it and finally the first mount


cryptsetup luksClose cryptohome
cryptsetup luksOpen /dev/sda8 cryptohome
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
mkdir -p /mnt/cryptohome
mount /dev/mapper/cryptohome /mnt/cryptohome
touch /mnt/cryptohome/linux
ls /mnt/cryptohome/
lost+found linux


We can also confirm that it works by issuing the command

cryptsetup status cryptohome
/dev/mapper/cryptohome is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda8
offset: 2056 sectors
size: 20978771 sectors
mode: read/write


Now would be a good time to move your current home data to this partition. And umount the partition:

umount /mnt/cryptohome
cryptsetup luksClose cryptohome

To mount this partition at boot time do the following. The boot process will stop and you will be prompted for a password:

First edit /etc/cryptotab

cryptohome /dev/sda8 none luks

Then edit /etc/fstab and add

/dev/mapper/cryptohome /home/ ext4 relatime,errors=remount-ro 0 2

Automatically mount when logging in i will write this part shortly so stay tuned.

I started upgrading some of our Etch boxes to Lenny and this is how i did it.

1. Make sure you have installed all updates for the current debian version you are running in our case debian etch. To do this run:

aptitude update and aptitude upgrade

2. That should update all etch packages on your system. If you run into any missing gpg key problems after running the update please read this aptitude update gpg key problems Then open up you sources list file with you favourite editor.

vi /etc/apt/sources.list

3. You can either use vi’s great search and relace function or you can add a new list of sources thats up to you. If you use the search and replace function please make sure to check if that archive also offers packages for lenny. The same applies for any custom sources or backports. This is my sources.list file for lenny:

deb http://ftp.debian.org/debian/ lenny main contrib
deb-src http://ftp.debian.org/debian/ lenny main contrib
deb http://security.debian.org/ lenny/updates main contrib
deb-src http://security.debian.org/ lenny/updates main contrib
deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main


4. Upgrade the sources to lenny:

aptitude update

5. Check if you have sufficient hard disk space before you start the upgrade

aptitude -y -s -f --with-recommends dist-upgrade

6. Upgrade aptitude first.

aptitude install dpkg aptitude apt

7. Then do a Minimal system upgrade with

aptitude upgrade

8. Upgrade the rest of the system

aptitude dist-upgrade

After all thats done if you didn’t encounter any problems your done. Before you reboot check you boot loader just to make sure the new kernel is listed on lenny it should be 2.6.26 something then you should be good to reboot.

Source and further documentation Debian handbook

If you want to clean up your Ubuntu or Debian machine and delete unnecessary (orphaned) deb packages you can use the utility deborphan. It finds packages that have no packages depending on them. First install deborphan:

aptitude install deborphan

Then start of with a dry run just to make sure that you are not removing any packages you still need

deborphan --guess-all

To delete unnecessary data packages use the command:

sudo deborphan --guess-data | xargs sudo aptitude -y purge

To delete all unnecessary packages use the command:

sudo deborphan --guess-all | xargs sudo aptitude -y purge

To get rid of downloaded deb packages use:

aptitude autoclean

I was having a problem with one of our ubuntu servers and it’s locals. I was seeing the following error after typing local:

root@wiki:~# locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=de_DE.UTF-8
LC_CTYPE="de_DE"
LC_NUMERIC="de_DE"
LC_TIME="de_DE"
LC_COLLATE="de_DE"
LC_MONETARY="de_DE"
LC_MESSAGES="de_DE"
LC_PAPER="de_DE"
LC_NAME="de_DE"
LC_ADDRESS="de_DE"
LC_TELEPHONE="de_DE"
LC_MEASUREMENT="de_DE"
LC_IDENTIFICATION="de_DE"
LC_ALL=de_DE


So i deceided to set my locals in my .bashrc for root. Like this:

export LANG=de_DE.UTF-8
export LC_ALL=de_DE.UTF-8


I was still getting error messages because the locals where not generated on the server. To generate German locals with UTF-8 issue the following command:

localedef -v -c -i de_DE -f UTF-8 de_DE.UTF-8

Thats it the command local -a should now display something like this:

root@wiki:~# locale -a
C
de_DE.utf8
en_US.utf8
POSIX

The command local should display:

root@wiki:~# locale
LANG=de_DE.UTF-8
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=de_DE.UTF-8


To do this for US locals use this command:

localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 and also change the export command above

If you come across this annoying error download the firmware for lenny from the following url:

Broadcom Firmware Lenny

Copy it to a usb stick and insert the stick when prompted to. Do not unpack the deb package the installer will do that for you. Then you will be able to use you broadcom nic. This happend to me on a HP DL360 G5 server

The Countdown begins

In Debian Lenny installing the package nagios-nrpe-server pulls in a load of dependencies. Nagios-plugins-standard samba and snmp and load of other stuff. Which i don’t need because we have our own nrpe plugins for nagios. To install nagios-nrpe-server without the dependencies issue the following command:

aptitude install -vv --show-deps --without-recommends nagios-nrpe-server

Which shows you the package dependencies but doesn’t install them.