encrypting home directory using LUKS on Debian
November 10, 2015 - Reading time: 2 minutes

If you happen to have /home on a separate partition already (/dev/sda5 in this example), then it's a really easy process.

Do the following as the root user:

  1. Install the cryptsetup package:

    apt install cryptsetup

  2. Copy your home directory to a temporary directory on a different partition:

    mkdir /homebackup
cp -a /home/* /homebackup

  3. Encrypt your home partition:

    umount /home
cryptsetup -h sha512 -c aes-xts-plain64 -s 512 luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 chome
mkfs.ext4 -m 0 /dev/mapper/chome

  4. Add this line to /etc/crypttab:

    chome    /dev/sda5    none    luks,timeout=30

  5. Set the home partition to this in /etc/fstab (replacing the original home partition line):

    /dev/mapper/chome /home ext4 nodev,nosuid,noatime 0 2

  6. Copy your home data back into the encrypted partition:

    mount /home
cp -a /homebackup/* /home
rm -rf /homebackup

That's it. Next time you boot your laptop, you will be prompted for the passphrase you set in Step 2.

mount encrypted volumes from command line
September 19, 2015 - Reading time: 4 minutes

Unlocking and mounting the disk with udiskctl

Instead, I used udisksctl, a command-line interface that interacts with the udisksd service.

Here's what worked (/dev/sdb5 is the partition on my hard disk marked as crypt-luks):

udisksctl unlock -b /dev/sdb5
udisksctl mount -b /dev/mapper/ubuntu--vg-root

After typing the first command, you'll be prompted for your encryption passphrase. Once the encrypted partition is unlocked, the second command will mount it. If that's successful, you'll end up with a message similar to this:

Mounted /dev/dm-1 at /media/dpm/e8cf82c0-f0a3-41b3-ab28-1f9d23fcfa72

From there I could access the data :)

Locking the disk with udiskctl

Unmount the device:

udisksctl unmount -b /dev/mapper/ubuntu--vg-root

You'll need to deactivate all logical volumes in the ubuntu-vg volume group first. Otherwise you'll get an error along the lines of 'Device busy' if you try to lock it (more info):

sudo lvchange -an ubuntu-vg

Then you'll be able to lock back the encrypted partition

udisksctl lock -b /dev/sdb5

Notes

  • The udisksctl commands are executed without sudo.

  • Device mapper names: the ubuntu--vg-root naming might change across Ubuntu releases (e.g. I've seen it called system-root and ubuntu-root too). An easy way to find out the name is to run the following command after unlocking the LUKS partition:

    ls -la /dev/mapper

    Then looking at the output of the ls command, the name you'll need will be generally the one symlinked to /dev/dm-1

  • Device mapper names, alternative: an alternative to the previous command is to run:

    lsblk -e7

    There you'll be able to see the device name mapping as a tree view. The -e 7 option is used to exclude the loop devices (ID 7) created by installed snaps from the output. Simply to have less clutter.

  • Logical volume names: you can run the sudo lvs command to find out the names of volume groups and logical volumes
  • Disks app: the GNOME Disks app does not automatically deactivate the logical volumes before locking the partition. Even if you've successfully unlocked the partition via the GUI, you will need to go to the command line and execute the sudo lvchange -an ubuntu-vg command before you can lock it from the GUI.

“SIOCSIFFLAGS: Operation not possible due to RF-kill”
June 2, 2015 - Reading time: 3 minutes

Soft-blocking

The output to sudo rfkill list shows that your network card is "soft-blocked".

This could happen when the wireless card has been signalled to switch-off via the kernel.

Try the following steps:

  1. run in a terminal:

    sudo rfkill unblock wifi; sudo rfkill unblock all

  2. rerun sudo rfkill list to confirm that the card has been unblocked.

  3. reboot

  4. rerun sudo rfkill list again to confirm unblocking as been retained.

  5. rerun sudo lshw -class network - you should now see that the kernel has recognised (or not) the wireless card.

If the wireless kernel module has been recognised (it should not say "unclaimed"), Network Manager should now be able to see wireless networks that are available in your vacinity.

Diagnose the kernel issue

If the network card is not recognised - and you have confirmed sudo rfkill list shows no blocking (i.e. both soft blocked and hard blocked are "no") then add the following to your question:

sudo modprobe -r iwl3945
sudo modprobe iwl3945
dmesg | tail -n 50

Hopefully this will point out the error - for example a firmware issue not loading.

Loading new firmware

If it is a firmware issue then you can try maybe one of the following:

  • install the backports wireless drivers:

i.e.

sudo apt-get install linux-backports-modules-cw-2.6.39-generic

Then reboot - test for software blocking etc.

  • get the latest firmware as follows:

i.e.

wget http://intellinuxwireless.org/iwlwifi/downloads/iwlwifi-3945-ucode-15.32.2.9.tgz

tar xzf iwlwifi-3945-ucode-15.32.2.9.tgz

cd iwlwifi-3945-ucode-15.32.2.9

sudo cp iwlwifi-3945-2.ucode /lib/firmware

Then reboot - test for software blocking etc.

N.B. your dmesg trace should indicate what the name of the firmware it is having an issue with. Possibly you need to rename "iwlwifi-3945-2.ucode" to whatever the name of the firmware it was expecting.

dpkg commands
November 11, 2012 - Reading time: 4 minutes

There are two actions, they are dpkg-query and dpkg-deb.

Install a package

# sudo dpkg -i {package_name}    
# sudo dpkg -i skype-ubuntu-precise_4.2.0.11-1_i386.deb

Remove a package

# sudo dpkg -r {package_name}
# sudo dpkg -r vlc

Remove a package and its configuration files

# sudo dpkg -P {package_name}
# sudo dpkg -P vlc

List all installed packages.

You can pipe the command to less (a pager) so you can more easily scroll the content:

# dpkg -l | less

Check if the package is installed or not

# dpkg -l {package_name}
# dpkg -l vlc

Check if the package is installed or not, and if it is, launch it:

# dpkg -l | vlc

See whether a package is installed or not

And this will show the location where the package will be installed. Here -S (capital S) to search whether the package was installed or not.

# sudo dpkg -S {package_name}
# sudo dpkg -S skype

Install a *.deb package from a specified location

Here -R is recursive. (Recursively handle all regular files matching the pattern *.deb found at specified directories and all of its subdirectories).

# sudo dpkg -R --install {package_location}
# sudo dpkg -R --install /home/sysadmin/soft

Show package details

Here -p (lowercase p) will show the package info:

# dpkg -p {package_name}
# dpkg -p apache2

View the content of a package

Use -c (lowercase c) to show the content:

# sudo dpkg -c {package_name}
# sudo dpkg -c skype-ubuntu-precise_4.2.0.11-1_i386.deb

Extract the *.deb package file

Use -x (lowercase x) to extract:

# dpkg -x {package_name} {location_were_to_extract}
# dpkg -x libqt4-phonon_4.6.3-4+squeeze1_i386.deb /home/sysadmin/

Extract and display the filenames contained in a package

Use -X (uppercase X) to display the content with extraction.

# dpkg -X {package_name} {location_were_to_extract}
# dpkg -X libqt4-phonon_4.6.3-4+squeeze1_i386.deb /home/sysadmin/

Display information about a package

Here -I stands for information:

# dpkg -I {package_name}
# dpkg -I libqt4-phonon_4.6.3-4+squeeze1_i386.deb

Reconfigure an already installed package

dpkg-reconfigure reconfigures packages after they already have been installed. Pass it the name(s) of a package or packages to reconfigure. It will ask configuration questions, much like when the package was first installed.

# dpkg-reconfigure postfix

This will reconfigure postfix the same way as when you installed it for the first time.

Need to know more about dpkg commands? Have a look at the manual page:

# man dpkg

About

A personal repository of GNU/Linux hints, recipes and everyday troubleshooting.

Search

Resources

Linked Notes

Domains

Recent

Tags