Archives

All posts for the month August, 2011

Want to combine two avi files using mencoder? Well below is how its done. The mencoder binary comes with mplayer 1rc.x. When using the fork, mplayer2, you no longer get this tool which is a bit irritating. I will follow up when I get mplayer2 to provide this functionality. It is worth noting that mplayer2 has more functionality and fixes than the somewhat forgotten mplayer1. The only reason I have installed the older version on my machine is for mencoder.

mencoder -oac copy -ovc copy part1.avi part2.avi part3.avi -o combined.avi

oac copy – means to encode with the following audio codec. Since we are using copy as a parameter it just uses the same codec as the source files we are duplicating.

ovc copy – means to encode with the following videocodec. Since we are using copy as a parameter it just uses the same codec as the source files we are duplicating.

The files are parameters and the -o switch means the output filename follows in this case “combined.avi”

Ok so this is something I keep having to re-setup every time I do something to my laptop that requires wiping the disk beforehand. So instead of figuring this out every time why not document it here and also share some information with whoever might also want to do the same?

Since I run Gentoo I’ll be using portage to emerge the necessary packages but this guide will work for any distro, so you’ll just have to use your own package manager (whatever that might be).

Requirements

Kernel

Your kernel must be able to support wireless extensions.

CONFIG_WIRELESS=y
CONFIG_WIRELESS_EXT=y

Another thing you will need is support for the various cryptographic routines used in wireless ciphers (and any other cipher that you might want to support as well).

Make sure AES, SHA, and whatever else you want are supported by your kernel. I prefer to build these in but you can modularize them as long as you make sure that these get loaded automatically or when you need them.

Packages

emerge -v net-dns/dnsmasq net-misc/dhcp net-wireless/hostapd

Once these packages are emerged you’ll need to configure at least dhcp and hostapd config files. These are located at:

/etc/dhcp/dhcpd.conf and /etc/hostapd/hostapd.conf respectively.

Sample dhcpd.conf:

default-lease-time 600;
max-lease-time 7200;
option routers 192.168.50.1;
option domain-name-servers 192.168.50.1, 192.168.50.1;

subnet 192.168.50.0 netmask 255.255.255.0 {
pool {
max-lease-time 600;
range 192.168.50.10 192.168.50.50;
option routers 192.168.50.1;
option domain-name-servers 192.168.50.1, 192.168.50.1;
allow unknown-clients;
}
}

This sets up the default gateway and primary and secondary DNS servers to 192.168.50.1 and gives a dhcpd server IP range from 192.168.50.10 to 192.168.50.50.

 

Sample hostapd.conf

interface=wlan0

driver=nl80211

ssid=yourssid

hw_mode=g

channel=1

wpa=1

wpa_passphrase=supersecretpassword

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP
rsn_pairwise=CCMP

Creates a wireless accesspoint using the now standard nl80211 drivers with an SSID of yourssid in wireless mode 80211G with channel set to auto. Note that for ME when I set a channel of anything besides 1 I got cryptic errors that were so useless that the author of hostapd should probably be questioned for being a sadist. I seriously had so many problems with creating this config due to shitty error messages I had to document this so I wouldn’t have to do that again. Another fun note is that when testing my config I used a wpa password of “test” which when trying to run caused the same useless error message. As it turns out the reason it failed was due to the wpa password being too short. It never tells you this of course unless you build this package with the debug flag on. Anyway at this point you should have a working wireless access point.

Enable dnsmasq and dhcpd services as well as hostapd. You will also have to enable iptables to forward packets to and from your interfaces if you are sharing wireless from a wired connection. Below is my iptables script:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

echo Done…

WPA for all!

 

 

tuxonice-sources 2.6.38-r2
hibernate-scripts 2.0
tuxonice_userui 1.0

One of the interesting configs needed for toi when using an initramfs, which we will due to crypto, is that you must enable
CONFIG_TOI_IGNORE_LATE_INITCALL=y

Otherwise when linux boots up it will attempt to resume before the initramfs. Obviously this is undesirable as since we are encrypting our filesystems it won’t find the resume file. This config basically tells it not to attempt it just yet. However, after initramfs is done TOI will not resume. It actually expects you to manually call the tuxonice /sys interface telling it exactly when its ok to resume. For our purposes we want to make this call in our initramfs after the user has successfully decrypted the filesystem.

What we use for encrypting our partition

dm-crypt – backend for our crypted filesystem
cryptsetup – frontend for performing initial formatting, opening and closing of encrypted filesystems.
lvm – the reason for using this in addition to our encrypted filesystem is to allow the swap partition to also be encrypted.
Essentially we are using one encrypted partition which LVM will recognize, once decrypted, as 2 logical partitions. In our case
swap and root. Using LVM you can have as many partitions as you’d like and they would all benefit from being encrypted as they are
physically one partition.

Make sure that your kernel has either built in support or modules for dm-crypt. If the latter is used make sure initramfs will load
modules you require. Personally for the Crypto APIs I build that all into the kernel for simplicity.

The initial setup of your Gentoo system is the same as the gentoo-handbook guide until the part where you are creating the filesystem partitions. Here we will deviate. Create two partitions. One for /boot and the other which will be our encrypted container partition.
For our example these partitions will be /dev/sda1 and /dev/sda2.

modprobe modules dm-crypt, aes, and sha256. At this point we can encrypt the /dev/sda2 partition.

cryptsetup luksFormat /dev/sda2
— here you can setup your password.

Now to open(decrypt) the partition just created.

cryptsetup luksOpen /dev/sda2 root — root in this case is the name of our luks device. just make sure this is consistant.

LVM – here we will create the logical drives from our now accessible partition.

pvcreate /dev/mapper/root
vgcreate vg /dev/mapper/root

Now create the logical drives as you see fit. Here we will create two logical drives (partitions). One for root and one for swap.

lvcreate -L 40G -n root vg  — here vg is the volumegroup we created before and -L specifies the size of the partition. This is /
lvcreate -L 1G -n swap vg   — and this one is for swap.

Now we continue setting up our drives as normal according to the gentoo-handbook installation guide.

mke2fs -j -L root /dev/vg/root  — just note the device path is now a bit different due to LVM. They behave as any block device tho.
mkswap -L swap /dev/vg/swap

After this part you continue the Gentoo installation as per the usual http://www.gentoo.org/doc/en/handbook/.

The next thing to note is that to properly boot up you will need an initramfs with cryptsetup and tools built statically and available on the initramfs itself. Also for tux on ice you will need to copy the tuxoniceui_text and or tuxoniceui_fbsplash as well. The details of configuring the initial ram fs will be detailed in Part 2 along with tux on ice configuration setup.

 

Part 2 – Creating the initramfs (Coming Soon)

So I’ve finally decided to stop attempting to write my own blog software from scratch (I know I know) and just use an open source one like everyone else. I hope you people are happy now that the commies have won. Conforming to “standards” n’ all. Well don’t let it get to your heads because everything on this site will be 100% ME with 0% added fat.

 

That being said I plan to add some useful information to these archives in the hopes that not only will it help me stay more organized than I have been, but that it will also help out others in some form or fashion. So keep checking back as there is more to come!