Category Archives: UNIX/Linux

Gentoo Linux: Unlocking a LUKS Encrypted LVM Root Partition at Boot Time using a Key File stored on an External USB Drive

Reply

Gentoo can be configured to use a key file stored on an external USB drive to unlock a LUKS encrypted LVM root partition.

We will explore in this article the general steps involved in configuring Gentoo to use an external USB drive as a key file to unlock a LUKS encrypted LVM root partition.

1. Create a key file on the USB stick and add it to the LUKS encrypted partition

Generate a key file on a mounted ext4 or vfat partition of a USB stick, which will be used by initramfs to unlock the LUKS partition:

dd if=/dev/urandom of=/PATH/TO/USBSTICK/keyfile bs=1024 count=4Code language: plaintext (plaintext)

Ensure that the partition on the USB drive has a label, as the initramfs will use this label to find where the key file is located.

Afterward, add the key file to the LUKS partition to enable decryption of the partition using that key file:

cryptsetup luksAddKey /dev/PART1 /PATH/TO/USBSTICK/keyfile

In this example, “/dev/PART1” is the partition where the LUKS encryption is enabled, and “/PATH/TO/USBSTICK/keyfile” is the location of the keyfile.

2 – Find the UUID of the encrypted partition and the label of the USB drive

Use the lsblk command to find the UUID of the encrypted partition and the label of the USB drive:

lsblk -o +UUID,LABEL

3. Configure the boot loader (such as Systemd-boot, GRUB, Syslinux…)

Add to the boot loader configuration the following initramfs kernel parameters:

  • crypt_root=UUID=A1111111-A1AA-11A1-AAAA-111AA11A1111
  • root=/dev/LVMVOLUME/root
  • root_keydev=/dev/disk/by-label/LABELNAME
  • root_key=keyfile

Here is an example for Systemd-boot:

options dolvm crypt_root=UUID=A1111111-A1AA-11A1-AAAA-111AA11A1111 root=/dev/LVMVOLUME/root root_keydev=/dev/disk/by-label/LABELNAME root_key=keyfileCode language: plaintext (plaintext)

To ensure proper setup:

  • Customize the initramfs options for LVMVOLUME, LABELNAME, and UUID=A1111111-A1AA-11A1-AAAA-111AA11A1111 to match your specific case.
  • Verify that the ext4 or vfat partition of the USB drive that is labeled “LABELNAME” contains a file named “keyfile”.
  • Make sure that the modules “dm_mod” and “usb_storage” are included in the initramfs.

This method offers a convenient way to unlock a LUKS encrypted root LVM partition. The implementation process is well-documented, making it a suitable choice for those looking to secure their Gentoo Linux systems.

Gentoo Linux: Printer driver for the Brother QL-1110NWB

Reply

Installing the printer driver for the Brother QL-1110NWB on Gentoo Linux can be a bit tricky, but thanks to a helpful ebuild written by James Cherti, the process becomes a breeze. The ebuild automates the whole process of downloading and installing the appropriate driver for the Brother QL-1110NWB on Gentoo Linux.

Brother QL-111NWB Driver installation on Gentoo

Create the file /etc/portage/repos.conf/motley-overlay.conf containing:

[motley-overlay]
location = /usr/local/portage/motley-overlay
sync-type = git
sync-uri = https://github.com/jamescherti/motley-overlay
priority = 9999Code language: plaintext (plaintext)

Update the repository:

emerge --sync motley-overlayCode language: plaintext (plaintext)

Install the Brother QL-1110NWB printer driver:

emerge -av net-print/brother-ql1110nwb-binCode language: plaintext (plaintext)

The ebuild will automatically download the necessary driver package from Brother and install it on your system.

Finally, restart CUPS with:

systemctl restart cupsCode language: plaintext (plaintext)

You can now register your new printer using the web interface at: http://localhost:631/

(Please add a star to the Git repository jamescherti/motley-overlay to support the project!)

Configure XFCE 4 programmatically with the help of watch-xfce-xfconf

Reply

License

Introduction

The watch-xfce-xfconf command-line tool can be used to configure XFCE 4 programmatically. It displays the xfconf-query commands generated when XFCE 4 settings are modified, including settings for applications such as xfce4-settings-manager, Thunar, Catfish, Ristretto, and more.

The xfconf-query commands displayed by watch-xfce-xfconf allow modifying and creating XFCE 4 Xfconf settings, such as the desktop background, panel preferences, window decorations, window manager settings, and more.

By displaying the xfconf-query commands, watch-xfce-xfconf allows to easily create a Shell script that can be used to automate the configuration of XFCE 4, which provides several benefits:

  • It saves time and effort by eliminating the need to manually adjust settings on each individual machine,
  • It reduces the risk of errors and inconsistencies that may arise from manually configuring settings on different machines,
  • Finally, it allows focusing on other important tasks rather than spending time configuring XFCE 4 manually.

The watch-xfce-xfconf tool is particularly useful for users who want to replicate XFCE 4 settings across different users or computers.

Here is an example of an XFCE customization script created with the help of watch-xfce-xfconf: jc-xfce-settings @GitHub.

Installation

To install the watch-xfce-xfconf executable locally in ~/.local/bin/watch-xfce-xfconf using pip, run:

pip install --user watch-xfce-xfconf

(Omitting the --user flag will install watch-xfce-xfconf system-wide in /usr/local/bin/watch-xfce-xfconf.)

Usage

Run xfce4-settings-manager in the background:

xfce4-settings-manager &

After that, execute watch-xfce-xfconf:

~/.local/bin/watch-xfce-xfconf

Once you begin modifying XFCE 4 settings using xfce4-settings-manager, watch-xfce-xfconf will automatically display the corresponding xfconf-query commands in the terminal. These xfconf-query commands can be easily copied and pasted into a Shell script, allowing for quick and efficient automation of XFCE 4 configuration across multiple machines.

Author and License

The watch-xfce-xfconf tool has been written by James Cherti and is distributed under terms of the MIT license.

Features

  • Parses XML files that are located in the directory: ~/.config/xfce4/xfconf/xfce-perchannel-xml/,
  • Monitors changes in XFCE 4 settings / Xfconf,
  • Displays xfconf-query commands with correctly escaped special characters in their arguments.
  • Reloads Xfconf when it is necessary.

Links