bloovis.com

There are a number of ways to encrypt a file system on Linux, and the choices of strategies (single directory or entire partition) and tools (dm-crypt, LUKS, losetup) can be bewildering. I didn’t have a spare partition to play with, and I wanted to use what seemed to be regarded as the preferred tool (LUKS). So here’s how I created an small encrypted directory on SLED (SUSE Linux Enterprise Desktop 10 SP2). (I cobbled together this information from Encrypted Root File System with SUSE and File System Encryption.) I performed all of these steps as root in root’s home directory.

First I created a 100 MB file and filled it with random data:

dd if=/dev/zero of=private bs=100M count=1
shred -n 1 -v private

I created a loopback device that referred to this file:

losetup /dev/loop0 private

I loaded various kernel modules required for encryption:

modprobe dm-mod
modprobe dm-crypt
modprobe aes
modprobe sha256
modprobe sha1

I created an encrypted mapping for the device:

cryptsetup -v --key-size 256 luksFormat /dev/loop0

At the prompt, I entered a passphrase (which would be used later to open the device). I verified that the encryption setup had succeeded using:

cryptsetup -v luksDump /dev/loop0

I opened the encrypted device, and at the prompt typed same the passphrase I had entered earlier:

cryptsetup luksOpen /dev/loop0 private

This created a mapping device at /dev/mapper/private. The next step was to create a file system:

mkfs.ext3 /dev/mapper/private

Finally, I mounted the file sytem at /mnt:

mkdir /mnt/private
mount /dev/mapper/private /mnt/private

At this point, I now had a 100MB encrypted directory, mounted at /mnt/private and backed by the file ~/private.

To unmount the file system and close the encrypted device, I did this:

umount /mnt/private
cryptsetup luksClose private

During my frequent trips to Vermont over the last four years, I’ve discovered that most airports do not offer free WiFi access (Burlington VT and JetBlue at JFK are notable exceptions). In preparation for an upcoming trip to Vermont and the need to do some telecommuting en route, I figured out how to use my Sprint Treo 700p as an EVDO modem on SLED (SUSE Linux Enterprise Desktop) SP2 on a ThinkPad R61. I was aided in this by a couple of blog postings: Treo 700p Tether with Linux and Dialup Networking via Treo 700p and Ubuntu. Rather than list only the things I did differently, here is a complete procedure.

Installation:

As an ordinary user on Linux:

• Create the directory usbmodem somewhere (e.g. in ~/tmp or ~/Desktop). Make it the current directory.
• Download the USB Modem zip file. If you purchased the official version, it’ll have a name like usbmodem_retail_1_60.zip .
• Unpack the zipfile using unzip usbmodem_retail_1_60.zip
• Install USBModem.prc on the Treo; you’ll find this file in the current directory. I did this by uploading the file to my web site, and then selecting it in the Treo’s web browser.

As the root user on Linux:

• From the usbmodem directory created earlier, run this command:
  cp drivers/linux/ppp-script-evdo-template /etc/ppp/peers/ppp-script-treo
• Edit /etc/ppp/peers/ppp-script-treo. Change the “connect” line to:
  connect '/usr/sbin/chat -s -v "" AT OK ATD#777 CONNECT'
  Change the “user” line to:
  user USERNAME
  where USERNAME is your Treo’s user name, as determined from the main phone app, Options / Phone Info, UserName.
• Edit /etc/ppp/pap-secrets, and add this line:
  USERNAME@sprintpcs.com *
  where USERNAME is the phone’s user name as determined in the previous step, and where there is a single tab between USERNAME@sprintpcs.com and the asterisk, not spaces.

Making a Connection:

• Turn on the Treo, and connect it to the Linux machine with the USB sync cable.
• Wait a few seconds and verify that the visor kernel module has been loaded with lsmod | egrep visor.
• On the Treo, start the USB Modem program and press the “Enable Modem Mode” button.
• Back on Linux, perform the following steps as root.
• Bring down all other networks using ifdown eth0 or ifdown eth1 as necessary.
• Verify that the USB modem driver and device are present using ls -l /dev/ttyACM0
• Connect to the EVDO network using:
  pppd /dev/ttyACM0 call ppp-script-treo
  You should see messages about the connection being established. If you see a message about default route not being overridden, you forgot to bring down all your existing net connections earlier.
• Verify the connection using route -n. You should see two entries for ppp0. To make really sure the connection is working, try ping -c3 www.google.com
• End the connection by pressing the “Disable Modem Mode” button in the USB Modem program on the Treo. This should automatically bring down the ppp0 connection on Linux.

It should be possible to use KPPP (the KDE dialup connection application) instead of the various command line tools described above, but I have not tried this.

The irony in all this is we can finally do something with our cell phones that we were doing with Ricochet 13 years ago.

Today I updated my ThinkPad R61, which came with SUSE Linux Enterprise Desktop (SLED) SP1, to SP2. I did this entirely online, using this Novell document as a guide. In particular, section 9.2.3, “Updating to a Service Pack” and “Starting with YaST Online Update” described the process I used.

There were a few gotchas with the documentation. Some of the package names didn’t match what I saw on my system. But more seriously, I needed to run the Yast2 Novell Customer Center Configuration tool before anything would work. Registering one’s installation is apparently the only way to add the service pack repositories to Online Update. Otherwise, the process went smoothly, and the system appears to be running well after a reboot.

I noticed one small glitch after installing SP2: fonts in both KDE applications and Firefox looked very fuzzy. After some head-scratching, I fixed this by disabling subpixel hints in anti-aliased fonts. To do this, start the KDE Control Center (which SUSE calls “Personal Settings”), then select Appearance & Themes, then Fonts, then press the Configure button, then un-check “use subpixel hinting”.

SUSE Linux Enterprise Desktop 10 SP 1 (or SLED), as installed on the ThinkPad R61, is based on SUSE Linux 10.1. This distro includes a somewhat old version of Ruby on Rails, a popular web development framework. I wanted to use the latest version of Rails, but before I could do that, I needed to build and install the latest stable versions of Ruby and Rubygems (Ruby’s package management system). This wasn’t too difficult, but there were a few non-obvious steps along the way. (All of the steps described here were performed while logged in as the root user.)

I first used the Software Management tool in Yast2 to delete the existing Ruby packages I’d previously installed. Then I downloaded the source for ruby 1.8.6 here. Before building it, I had to unset the RUBYOPT environment variable, which was set to “rubygems” by SUSE. Then I built the basic Ruby interpreter using these commands:

./configure
make
make install

This process didn’t build or install the tk extension, which I use in a couple of my Ruby scripts to build simple GUIs. To build that, I first needed to use the Software Management tool in yast2 to install the tcl-devel and tk-devel packages. Then I built and installed the tk extension using these commands:

cd ext/tk
ruby extconf.rb
make install
cd tkutil
ruby extconf.rb
make install

Then I downloaded the latest version (1.1.1) of Rubygems here, and installed it using this command:

ruby setup.rb

Finally, I was able to install the latest Rails using Rubygems:

gem install rails

This installed all of the packages that Rails depends on, such as ActiveRecord.

Lenovo now sells some ThinkPads that come with SUSE Linux Enterprise Desktop 10 SP 1 instead of Windows. The cheapest of these is the R61. I have owned an R61 for about a month and it’s quite nice. SLED has been performing admirably, and pretty much everything Just Works, including video, sound, suspend to disk or RAM, DVD movies, and wireless. The Network Manager is especially nice, and it reliably detects and configures wireless connections, and automatically connects to networks it’s seen before. The wireless antenna in this laptop is very sensitive and picks up networks that other laptops miss.

But SLED did need a little bit of tweaking to suit my tastes. First, by default SLED uses Gnome as its GUI, and while it looked fine, I’ve been using KDE for many years and wanted a familiar environment. I also wanted to migrate all of my mail (which is stored in KMail) to the new system. But installing KDE wasn’t completely trivial. In the Software Management part of Yast (the SUSE control panel) there didn’t seem to be a single master KDE package that would pull in everything I needed. So I ended up installing the following packages (as printed by rpm -qa | grep kde):

kdebase3-3.5.1-69.52
kdenetwork3-3.5.1-32.24
kdebindings3-3.5.1-19.2
kdemultimedia3-CD-3.5.1-20.15
kdebase3-beagle-3.5.1-69.52
kdenetwork3-InstantMessenger-3.5.1-32.24
kdelibs3-3.5.1-49.39
kdelibs3-doc-3.5.1-49.35
kdepim3-3.5.1-41.30
kdepim3-networkstatus-3.5.1-41.30
kdegraphics3-pdf-3.5.1-23.13.1
kdebase3-kdm-3.5.1-69.52
kdemultimedia3-sound-3.5.1-20.15
kdegraphics3-scan-3.5.1-23.13.1
kdemultimedia3-video-3.5.1-20.15
kdepim3-sync-3.5.1-41.30
kdegraphics3-kamera-3.5.1-23.13.1
kdegraphics3-postscript-3.5.1-23.13.1
kdebase3-session-3.5.1-69.52
NetworkManager-kde-0.1r588481-1.17
kdebindings3-ruby-3.5.1-19.2
kdebase3-ksysguardd-3.5.1-69.52
kdemultimedia3-mixer-3.5.1-20.15
kdelibs3-arts-3.5.1-49.35
sled-kde-user_en-10.1-0.11
kdemultimedia3-3.5.1-20.15
kdeutils3-laptop-3.5.1-25.14
kdeutils3-3.5.1-25.14

I didn’t have to select all of these packages manually; some were pulled in via dependencies.

Once KDE was installed, it still wasn’t presented as an option at the login screen. I had to edit /etc/sysconfig/displaymanager and change DISPLAYMANAGER to “kdm”. Then rebooting brought up the proper login screen.

Then I discovered that KMail wasn’t able to send mail via authenticated SMTP. After some frustrating Google searches, I discovered that I needed to install the following Cyrus packages (as printed by rpm -qa | grep cyrus):

cyrus-sasl-plain-2.1.21-18.4
cyrus-sasl-crammd5-2.1.21-18.4
cyrus-sasl-digestmd5-2.1.21-18.4
cyrus-sasl-gssapi-2.1.21-18.4
cyrus-sasl-2.1.21-18.4
cyrus-sasl-saslauthd-2.1.21-18.4
cyrus-sasl-otp-2.1.21-18

Finally, there was a strange problem running Yast from the KDE menus: nothing seemed to happen after I typed the root password, although running it manually from a terminal window logged in as root worked fine. It appears that running Yast via kdesu is not always reliable. To work around this, I created a desktop icon that runs gnomesu yast2, and that works every time. But strangely, now I can’t reproduce the problem with kdesu. So this problem still remains to be diagnosed.