From Mageia wiki
Jump to: navigation, search
Title: user:Codegazer workspace
Author: Paul Blackburn
Classification: unrestricted
Status: work-in-progress
Approved by: Codegazer
Last updated: 2023_12_16
Reference Site: user:Codegazer on Mageia wiki


Contents

Introduction

Hello, I am Codegazer: a long time user and contributor to Mandrake/Mandriva/Mageia Linux. I volunteer with the Mageia quality assurance (QA) and documentation teams.

You can also find me on Libera IRC network channel #mageia as treegazer.


This is my draft wiki page and workspace.

It contains several "docs" as separate appendixes. Some of these are works-in-progress drafts.


Contributions

Mageia Wiki pages contributed by Codegazer (note:table is sortable: click on column header):

# written status page link comment
1 2011_12_25 active Skype for Linux Skype_with_video Howto configure Skype in Mageia
2 2012_03_07 archived Nomachine Nomachine How to configure original NoMachine in Mageia
3 2013_02_10 active sudo Configuring_sudo How to configure sudo in Mageia
4 2013_05_03 active OpenAFS client Installing_OpenAFS_Client how to install OpenAFS client in Mageia
5 2013_05_20 active Finding Mageia rsync servers Finding_Mageia_rsync_servers Identifying and configuring URPMI rsync servers
6 2013_09_24 archived Tip for installing VMware 9 on Mageia3 Tip_for_installing_VMware_9_and_VMPlayer_on_Mageia3 How to configure VMware 9 on Mageia 3
7 2014_07_12 active share your NAT connection Howto_use_NAT_to_share_your_connection NAT connection sharing
8 2014_10_31 active Installing Mageia from ISO on disk Installing_Mageia_from_ISO_on_disk Install from disk image
8a 2024_01_04 archived Installing Mageia from ISO on disk Installing Mageia from ISO in disk Install disk image: Mga4 example
9 2015_10_29 archived Installing VMware workstation 11 in Mageia 5 Installing_VMware_workstation_11_in_Mageia_5 VMware workstation on Mageia
10 2017_02_28 active Notes on moving a mediawiki Notes_on_moving_a_mediawiki how to move media wiki
11 2017_09_17 user:codegazer VASCO DIGIPASS SecureClick authentication Configure SecureClick authentication device in Mageia FIDO U2F configuration
12 2018_09_06 archived Installing VMware workstation 12.5.9 in Mageia 6 Installing_VMware_workstation_12.5.9_in_Mageia_6 VMware workstation 12.5.9 on Mageia 6
13 2018_11_04 active Using Zoom Using_Zoom_communication_application Installing Zoom on Mageia
14 2019_07_14 archived Installing VMware workstation 12.5.9 in Mageia 7 Installing_VMware_workstation_12.5.9_in_Mageia_7 VMware workstation 12.5.9 on Mageia 7
15 2019_07_15 active Installing Mageia from ISO images on disk using grub2 Installing_Mageia_from_ISO_images_on_disk_using_grub2 fastest install method
16 2020_02_26 user:codegazer Installing Google Chrome in Mageia Installing Google Chrome in Mageia google-chrome-stable
17 2020_03_04 active Installing Google Chrome in Mageia Installing_Google_Chrome_in_Mageia google-chrome-stable
18 2020_03_04 user:codegazer Configuring autostart with MATE in Mageia Configuring autostart with MATE in Mageia scripted MATE desktop layout on login
19 2020_04_07 user:codegazer First step with Compiz fusion First step with Compiz fusion Configuring Compiz fusion 3D desktop on Mageia
20 2020_04_08 active Configuring autostart with MATE in Mageia Configuring_autostart_with_MATE_in_Mageia scripted MATE desktop layout on login
21 2021_05_10 active Making a bootable Mageia network install USB drive Making_a_bootable_Mageia_network_install_USB_drive Mageia network install bootable USB drive is a very useful tool to help Installing Mageia Linux
22 2022_01_09 user:codegazer Rescue: disable GUI at boot Rescue: disable GUI at boot Rescue technique: howto disable GUI at boot time
22a 2022_01_09 active Rescue: disable GUI at boot Rescue: disable GUI at boot Rescue technique: howto disable GUI at boot time
23 2022_01_22 user:codegazer Encrypted live persistent USB with Mageia 7 Encrypted live persistent USB with Mageia 7 configure a live persistent USB in Mageia 7
24 2022_02_13 active Synchronize local skype urpmi Synchronize_local_skype_urpmi Automated install/update of skypeforlinux for Mageia
25 2022_04_04 user:codegazer Configuring OpenVPN with ProtonVPN in Mageia Configuring OpenVPN with ProtonVPN in Mageia Configure OpenVPN to use ProtonVPN
26 2022_04_11 active Configuring OpenVPN with ProtonVPN in Mageia Configuring_OpenVPN_with_ProtonVPN_in_Mageia ProtonVPN do not provide an "app" for Mageia but OpenVPN can be configured to use it
27 2023_10_22 user:codegazer Installing Signal Messenger on Mageia Installing Signal Messenger on Mageia unsupported by Signal but working Messenger on Mageia

key to status column: active = live public wiki page, user:codegazer = draft/work-in-progress, archived = no longer current

notes boundary here










Separate notes about LUKS on persistent Mageia live USB follows from here










Appendix-2: Notes on adding LUKS disk encryption to Mageia live persistent USB

Introduction

These notes describe how to add a 4th LUKS encrypted partition to a Mageia live USB with data persistence created by the isodumper command.


Benefits

It is useful to be able to encrypt a persistent live USB to protect data in the event of the memory stick being lost or stolen.


notes

Manually adding a union mount to 4th LUKS encrypted partition:

mount -t overlay -o lowerdir=/,upperdir=/mnt/mgalive-LUKS/memory,workdir=/mnt/mgalive-LUKS/work/ overlay /


step 1: Create persistent Mageia live USB using isodumper command

Check if isodumper is installed and if not then install it:

rpm -q isodumper > /dev/null && echo isodumper is installed || /usr/sbin/urpmi isodumper


step 2: identify the device name for the USB memory stick

memory_stick_device=/dev/sdb

step 3: Remove the newly created 3rd "mgalive-persist" partition and create a smaller 2gb to replace it

        /bin/sudo fdisk ${memory_stick_device}   #remove existing 3rd partition created by isodumper
        d
        3
        w


        /bin/sudo fdisk ${memory_stick_device}   # create new smaller (2GB) 3rd partition
        n
        p
        3
             # blank= default start of free space
        +2G
        w

Example: Display disk partitions:

$ /bin/sudo fdisk -l ${memory_stick_device}
[sudo] password for user: 
Disk /dev/sdb: 115.6 GiB, 124151398400 bytes, 242483200 sectors
Disk model: USB Flash Drive 
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device     Boot   Start     End Sectors  Size Id Type
/dev/sdb1  *          0 4789035 4789036  2.3G  0 Empty
/dev/sdb2       4789036 4797227    8192    4M ef EFI (FAT-12/16/32)
/dev/sdb3       4798464 8992767 4194304    2G 83 Linux

Create filesystem in 3rd Partition

/bin/sudo mkfs.ext4 -L mgalive-persist ${memory_stick_device}3

Example:

$ /bin/sudo mkfs.ext4 -L mgalive-persist ${memory_stick_device}3
mke2fs 1.45.0 (6-Mar-2019)
Creating filesystem with 524288 4k blocks and 131072 inodes
Filesystem UUID: c58935a2-5a22-4f53-85b0-3f78aa65c79b
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done 

step 4: Create a 4th "mgalive-LUKS" partition and ext4 filesystem on all the remaining USB freespace

Create 4th partition

        /bin/sudo fdisk ${memory_stick_device}   # create new 4th partition using up all remaining space
        n
        p
        4
             # blank - (default) start of free space
             # blank - (default) end of free space
        w

Display updated disk partitions

$ /bin/sudo fdisk -l ${memory_stick_device}    # verify 4th partition created
Disk /dev/sdb: 115.6 GiB, 124151398400 bytes, 242483200 sectors
Disk model: USB Flash Drive 
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device     Boot   Start       End   Sectors   Size Id Type
/dev/sdb1  *          0   4789035   4789036   2.3G  0 Empty
/dev/sdb2       4789036   4797227      8192     4M ef EFI (FAT-12/16/32)
/dev/sdb3       4798464   8992767   4194304     2G 83 Linux
/dev/sdb4       8992768 242483199 233490432 111.3G 83 Linux

Initialize the LUKS encryption on the newly-created partition

/bin/sudo cryptsetup --verbose --verify-passphrase luksFormat ${memory_stick_device}4

Example:

$ /bin/sudo cryptsetup --verbose --verify-passphrase luksFormat ${memory_stick_device}4

WARNING!
========
This will overwrite data on /dev/sdb4 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb4: 
Verify passphrase: 
Key slot 0 created.
Command successful.

Open the LUKS device

/bin/sudo cryptsetup luksOpen ${memory_stick_device}4 my_usb

Example:

$ /bin/sudo cryptsetup luksOpen ${memory_stick_device}4 my_usb
Enter passphrase for /dev/sdb4:

Create filesystem on the LUKS partition and label it

This will take some time to run.

/bin/sudo mkfs.ext4 -L mgalive-LUKS /dev/mapper/my_usb

Example:

$ /bin/sudo cryptsetup luksOpen ${memory_stick_device}4 my_usb
Enter passphrase for /dev/sdb4: 

[user@localhost] $ /bin/sudo mkfs.ext4 -L mgalive-LUKS /dev/mapper/my_usb
mke2fs 1.45.0 (6-Mar-2019)
Creating filesystem with 29182208 4k blocks and 7299072 inodes
Filesystem UUID: b00aefcb-373a-48da-84ee-baf93b18420d
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done  

Label the filesystem in 4th (LUKS) partition

/bin/sudo e2label /dev/mapper/my_usb mgalive-LUKS

Example:

$ /bin/sudo e2label /dev/mapper/my_usb mgalive-LUKS

Place a persistence.conf file in the 4th filesystem

/bin/sudo mkdir -p /mnt/my_usb
/bin/sudo mount /dev/mapper/my_usb /mnt/my_usb

$ df /mnt/my_usb
Filesystem          Size  Used Avail Use% Mounted on
/dev/mapper/my_usb  110G   61M  104G   1% /mnt/my_usb

$ ls -l /mnt/my_usb/
total 16
drwx------ 2 root root 16384 Jun  7 21:27 lost+found/

Create work and memory directories for handling union mount

/bin/sudo mkdir /mnt/my_usb/work
/bin/sudo mkdir /mnt/my_usb/memory

Unmount the encrypted filesystem

/bin/sudo umount /dev/mapper/my_usb

# confirm un-mounted

df /mnt/my_usb/
Filesystem      Size  Used Avail Use% Mounted on
overlay          13G  5.6G  5.9G  49% /

Close encrypted channel to persistence partition

/bin/sudo cryptsetup luksClose /dev/mapper/my_usb

step 5: Boot from the "mgalive-persist" USB

This boot will be using the 3rd partition which provides data persistence but is not encrypted.

Verify the LUKS encrypted 4th partition can be opened and mounted

open the LUKS encrypted fs

/bin/sudo cryptsetup luksOpen ${memory_stick_device}4 my_usb

create mountpoint for mgalive-LUKS filesystem

/bin/sudo mkdir /mnt/mgalive-LUKS

mount the mgalive-LUKS filesystem

/bin/sudo mount -t ext4 /dev/sdb4 /mnt/mgalive-LUKS


step 6: Configure the "mageia-persist" USB to automatically LUKS open the 4th partition

We need to have the 4th LUKS partition automatically mounted at boot time and union mount "mgalive-LUKS" with root (/) on the 3rd "mgalive-persist" partition.

Confirm mgalive-LUKS (4th partition) mounted at boot time

Add the following line to /etc/fstab:

/dev/mapper/mgalive-LUKS /mnt/mgalive-LUKS ext4 defaults 0 0

Add the following line to /etc/crypttab:

mgalive-LUKS /dev/sdb4 none

Create a mount point for mgalive-LUKS under /mnt/:

d=/mnt/mgalive-LUKS/; [ -d ${d} ] && echo directory ${d} already exists || (mkdir ${d} && echo created directory: ${d})

Reboot and verify that the boot sequence is stopped to prompt for the LUKS passphrase.

Update /etc/fstab to add union mount for mga-live-LUKS partition

Add the following line to /etc/fstab

none / overlay noauto,x-systemd.automount,lowerdir=/,upperdir=/mnt/mgalive-LUKS,workdir=/mnt/mgalive-LUKS/work 0 0

Note that noauto and x-systemd.automount prevent systemd from hanging on boot because it failed to mount the overlay. The overlay is now mounted whenever it is first accessed and requests are buffered until it is ready.

Reboot and confirm the union mount is working (hint: use the df command and observe the free space for /.

step 7: reboot and verify "mgalive-LUKS" is union mounted

Got this far and now stuck trying to get mgalive-LUKS union mounted with / and /mnt/mgalive-persist.

[root@localhost ~]# nl -ba /etc/fstab
     1	none / overlay defaults 0 0
     2	/dev/mapper/mgalive-LUKS /mnt/mgalive-LUKS ext4 defaults 0 0
     3	/dev/sdb3 /mnt/mgalive-persist ext4 defaults 0 0
     4	#none / overlay noauto,x-systemd.automount,lowerdir=/mnt/mgalive-persist:/,upperdir=/mnt/mgalive-LUKS/memory,workdir=/mnt/mgalive-LUKS/work 0 0

# 4 (^) commented out because when present a message about "duplicate error" in /etc/fstab is displayed
# which can only be in relation to having two "overlay" entries in /etc/fstab


[root@localhost ~]# nl -ba /etc/crypttab
     1	mgalive-LUKS /dev/sdb4 none

[root@localhost ~]# df | nl -ba
     1	Filesystem                Size  Used Avail Use% Mounted on
     2	tmpfs                     2.9G  1.4M  2.9G   1% /run
     3	/dev/loop0                2.3G  2.3G     0 100% /run/mgalive/ovlsize
     4	overlay                   2.0G  1.4G  493M  74% /
     5	devtmpfs                  2.9G     0  2.9G   0% /dev
     6	tmpfs                     2.9G   59M  2.9G   2% /dev/shm
     7	tmpfs                     2.9G     0  2.9G   0% /sys/fs/cgroup
     8	tmpfs                     2.9G   12K  2.9G   1% /tmp
     9	/dev/sdb3                 2.0G  1.4G  493M  74% /mnt/mgalive-persist
    10	/dev/mapper/mgalive-LUKS  110G   66M  104G   1% /mnt/mgalive-LUKS
    11	tmpfs                     594M   20K  594M   1% /run/user/1001

[root@localhost ~]# uname -r
5.1.7-desktop-2.mga7

# mount | nl -ba
     1	tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=755)
     2	/dev/loop0 on /run/mgalive/ovlsize type squashfs (ro,relatime)
     3	overlay on / type overlay (rw,noatime,lowerdir=/live/distrib,upperdir=/live/overlay/memory,workdir=/live/overlay/work)
     4	devtmpfs on /dev type devtmpfs (rw,nosuid,noexec,size=3022532k,nr_inodes=755633,mode=755)
     5	sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
     6	proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
     7	securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
     8	tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
     9	devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
    10	tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
    11	cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
    12	cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
    13	pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
    14	bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
    15	cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
    16	cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
    17	cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
    18	cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
    19	cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
    20	cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
    21	cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
    22	systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=39,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1595)
    23	hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
    24	tmpfs on /tmp type tmpfs (rw,nosuid,nodev)
    25	mqueue on /dev/mqueue type mqueue (rw,relatime)
    26	debugfs on /sys/kernel/debug type debugfs (rw,relatime,mode=755)
    27	/dev/sdb3 on /mnt/mgalive-persist type ext4 (rw,relatime)
    28	/dev/mapper/mgalive-LUKS on /mnt/mgalive-LUKS type ext4 (rw,relatime)
    29	fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
    30	tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=608120k,mode=700,uid=1001,gid=1001)
    31	gvfsd-fuse on /run/user/1001/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1001,group_id=1001)

For comparison, the following is what I see on a kali encrypted persistent USB system:

root@kali:~# nl -ba /etc/fstab
     1	overlay / overlay rw 0 0
     2	tmpfs /tmp tmpfs nosuid,nodev 0 0

root@kali:~# nl /etc/crypttab
     1	# <target name>	<source device>		<key file>	<options>

root@kali:~# df | nl -ba
     1	Filesystem       1K-blocks    Used Available Use% Mounted on
     2	udev               3013864       0   3013864   0% /dev
     3	tmpfs               608372    9388    598984   2% /run
     4	/dev/sdb1          3234496 3234496         0 100% /run/live/medium
     5	/dev/loop0         2959488 2959488         0 100% /run/live/rootfs/filesystem.squashfs
     6	tmpfs              3041860       0   3041860   0% /run/live/overlay
     7	/dev/mapper/sdb3  50588880 6931380  41074412  15% /run/live/persistence/sdb3
     8	overlay           50588880 6931380  41074412  15% /
     9	tmpfs              3041856   71408   2970448   3% /dev/shm
    10	tmpfs                 5120       8      5112   1% /run/lock
    11	tmpfs              3041856       0   3041856   0% /sys/fs/cgroup
    12	tmpfs              3041856      12   3041844   1% /tmp
    13	tmpfs               608368      16    608352   1% /run/user/131
    14	tmpfs               608368      32    608336   1% /run/user/1000
    15	/dev/sdb2              716     682        34  96% /media/mpb/Kali Live

root@kali:~# mount | nl -ba
     1	sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
     2	proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
     3	udev on /dev type devtmpfs (rw,nosuid,relatime,size=3013864k,nr_inodes=753466,mode=755)
     4	devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
     5	tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=608372k,mode=755)
     6	/dev/sdb1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
     7	/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
     8	tmpfs on /run/live/overlay type tmpfs (rw,noatime,size=3041860k,mode=755)
     9	/dev/mapper/sdb3 on /run/live/persistence/sdb3 type ext3 (rw,noatime)
    10	overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/persistence/sdb3/rw,workdir=/run/live/persistence/sdb3/work)
    11	tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=608372k,mode=755)
    12	/dev/sdb1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
    13	/dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
    14	tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,size=3041860k,mode=755)
    15	/dev/mapper/sdb3 on /usr/lib/live/mount/persistence/sdb3 type ext3 (rw,noatime)
    16	securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
    17	tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
    18	tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
    19	tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
    20	cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
    21	cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
    22	pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
    23	bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
    24	cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
    25	cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
    26	cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
    27	cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
    28	cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
    29	cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
    30	cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
    31	cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
    32	cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
    33	cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
    34	systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=21377)
    35	hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
    36	mqueue on /dev/mqueue type mqueue (rw,relatime)
    37	debugfs on /sys/kernel/debug type debugfs (rw,relatime)
    38	tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime)
    39	binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
    40	tmpfs on /run/user/131 type tmpfs (rw,nosuid,nodev,relatime,size=608368k,mode=700,uid=131,gid=142)
    41	tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=608368k,mode=700,uid=1000,gid=1000)
    42	/dev/sdb2 on /media/mpb/Kali Live type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,showexec,utf8,flush,errors=remount-ro,uhelper=udisks2)

root@kali:~# uname -r
4.19.0-kali4-amd64

step 8: complete post-install configuration and apply pending updates

to be completed - things to do once installed, and union mounts working


notes boundary here










Separate notes about LUKS on persistent Mageia live USB follows from here










Appendix-3: Encrypted 3rd partition on persistent Mageia live USB

Preparation

Use a high speed USB memory stick with sufficient space. The example here shows using a 128gb USB 3.1 USB memory stick.

Use procedure described here to create ISO image. Use isodumper to write ISO image to USB.


Define memory_stick_device

memory_stick_device=/dev/sdb

Example:

To determine the correct device for the memory stick:

  1. In a terminal, type:
    journalctl -fa  #Display system log (dynamically updated)
  2. Plug in the USB
  3. Observe the system log (from step 1, above) to see the device name for the memory stick. Example:
    Dec 12 16:19:17 localhost kernel: sd 7:0:0:0: [sdc] 4016128 512-byte logical blocks: (2.06 GB/1.92 GiB)
    Here, the device name is sdc, so we would use: memory_stick_device=/dev/sdc


List what is already on the USB (after running isodumper)

/bin/sudo fdisk -l ${memory_stick_device}

Example:

[user@localhost ~]$ /bin/sudo fdisk -l ${memory_stick_device}
Disk /dev/sdb: 114.6 GiB, 123010547712 bytes, 240254976 sectors
Disk model: Ultra Fit       
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device     Boot   Start     End Sectors  Size Id Type
/dev/sdb1  *          0 3030463 3030464  1.5G  0 Empty
/dev/sdb2       3030464 3038655    8192    4M ef EFI (FAT-12/16/32)


Create 3rd partition using remaining space on USB

/bin/sudo fdisk  ${memory_stick_device}  # create 3rd partition
        n
        p
        3
             # blank = default start of free space
             # blank = default end of free space
        w


Example:

[user@localhost ~]$ /bin/sudo fdisk  ${memory_stick_device} 

Welcome to fdisk (util-linux 2.33.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type
   p   primary (2 primary, 0 extended, 2 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (3,4, default 3): 3
First sector (3038656-240254975, default 3039232): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (3039232-240254975, default 240254975): 

Created a new partition 3 of type 'Linux' and of size 113.1 GiB.

Command (m for help): w
The partition table has been altered.
Syncing disks.


List contents to verify 3rd partition created

/bin/sudo fdisk -l ${memory_stick_device}

Example:

[user@localhost$ /bin/sudo fdisk -l ${memory_stick_device}
Disk /dev/sdb: 114.6 GiB, 123010547712 bytes, 240254976 sectors
Disk model: Ultra Fit       
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Device     Boot   Start       End   Sectors   Size Id Type
/dev/sdb1  *          0   3030463   3030464   1.5G  0 Empty
/dev/sdb2       3030464   3038655      8192     4M ef EFI (FAT-12/16/32)
/dev/sdb3       3039232 240254975 237215744 113.1G 83 Linux

Note: 3rd partition named /dev/sdb3 created. Size in this example is 113.1 gb which is all available space on USB.


Initialise LUKS encryption on 3rd partition

Now we configure LUKS encryption. Please note the use of suffix 3 in these commands.

NB Choose a memorable encryption pass phrase and keep a record of it somewhere secure.
If you lose or forget the pass phrase you cannot recover any data on the encrypted partition.

/bin/sudo cryptsetup --verbose --verify-passphrase luksFormat ${memory_stick_device}3

Example:

[user@localhost ~]$ /bin/sudo cryptsetup --verbose --verify-passphrase luksFormat ${memory_stick_device}3
[sudo] password for user: 

WARNING!
========
This will overwrite data on /dev/sdb3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb3: 
Verify passphrase: 
Key slot 0 created.
Command successful.

Open LUKS encrypted 3rd partition

/bin/sudo cryptsetup luksOpen ${memory_stick_device}3 crypt_sdb3

Example:

[user@localhost ~]$ /bin/sudo cryptsetup luksOpen ${memory_stick_device}3 crypt_sdb3
Enter passphrase for /dev/sdb3: 


Create filesystem on the LUKS partition and label it "mgalive-persist"

Note: it is important to label the partition mgalive-persist (using the -L option).

/bin/sudo mkfs.ext4 -L mgalive-persist /dev/mapper/crypt_sdb3

Example:

[user@localhost ~]$ /bin/sudo mkfs.ext4 -L mgalive-persist /dev/mapper/crypt_sdb3
mke2fs 1.45.4 (23-Sep-2019)
Creating filesystem with 29647872 4k blocks and 7413760 inodes
Filesystem UUID: 8b42f657-a104-4613-9c20-acfd8361aed2
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done   


Close the LUKS encrypted 3rd partition

/bin/sudo cryptsetup luksClose /dev/mapper/crypt_sdb3

Example:

[root@localhost ~]# cryptsetup luksClose /dev/mapper/crypt_sdb3

Using the encrypted mgalive-persist USB

Steps:

  1. Plug the USB memory stick in highest speed USB port on computer
  2. Power up (or reboot) computer and tap ESC escape key during start to enable choice of boot device
  3. On HP systems: F9 key will select boot options menu
  4. Identify and select USB device to boot with
  5. When prompted, enter the encryption pass phrase you used to encrypt
  6. After startup and login, note the output from df to confirm encrypted 3rd partition is union mounted. You will see "overlay" and the size.

Example: showing the overlay in output from df command:

[live@localhost ~]$ df
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        2.9G     0  2.9G   0% /dev
tmpfs           2.9G     0  2.9G   0% /dev/shm
tmpfs           2.9G  1.3M  2.9G   1% /run
/dev/loop0      1.5G  1.5G     0 100% /run/mgalive/ovlsize
overlay         111G   97M  106G   1% /
tmpfs           2.9G     0  2.9G   0% /sys/fs/cgroup
tmpfs           2.9G  4.0K  2.9G   1% /tmp
tmpfs           593M   44K  593M   1% /run/user/1000

Note: The read-only 2nd partition which is the ISO image created at the start is showing here as:

/dev/loop0      1.5G  1.5G     0 100% /run/mgalive/ovlsize

the encrypted persistent 3rd partition showing here as:

overlay         111G   97M  106G   1% /

This is a union mount of the 2nd and 3rd partitions. Any changes or updates are saved in the encrypted 3rd partition "overlay".

First use notes

Depending on the ISO that was created, there is probably a no-password login for user live. You probably need to create a new login and password for your own use then remove (or password protect) the live account.

You should also set a root password.

After checking you have network connectivity define urpmi sources and apply pending system updates.


Example: Create login and set password

In this example, change mylogin (below) to your preferred login account name. Note the user of "-G wheel". This is to enable the account to use sudo. Refer to Configuring_sudo for details on configuring sudo.

[live@localhost ~]$ /bin/su -c "/sbin/useradd -m mylogin -G wheel -s /bin/bash"

[live@localhost ~]$ /bin/su -c "/usr/bin/passwd mylogin"
Changing password for user mylogin.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.


Example: Check network configuration

[live@localhost ~]$ /usr/sbin/ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.35  netmask 255.255.255.0  broadcast 192.168.101.255
        inet6 fe80::7aac:c0ff:feb3:66a8  prefixlen 64  scopeid 0x20<link>
        ether 78:ac:c0:b3:66:a8  txqueuelen 1000  (Ethernet)
        RX packets 11658  bytes 14172640 (13.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8411  bytes 865070 (844.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 17  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Note: This shows ethernet interface enp1s0 has IP address 192.168.1.35


Example: verify network connectivity

[live@localhost ~]$ ping -c2 8.8.4.4
PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=53 time=10.4 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=53 time=10.8 ms

--- 8.8.4.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 10.361/10.593/10.826/0.254 ms

Note: Showing that 2 ICMP echo requests (ping) get responses from 8.8.4.4 (one of Google's public DNS servers).


Example: configure Mageia URPMI media sources to network only

/bin/su -c "/usr/sbin/urpmi.removemedia -a && /usr/sbin/urpmi.addmedia --distrib --mirrorlist"
[live@localhost ~]$ /bin/su -c "/usr/sbin/urpmi.removemedia -a && /usr/sbin/urpmi.addmedia --distrib --mirrorlist"
removing medium "Live Core"
removing medium "Live Nonfree"
adding medium "Core Release"
adding medium "Core Release Debug" (ignored by default)
adding medium "Core Updates"
adding medium "Core Updates Debug" (ignored by default)
adding medium "Core Updates Testing" (ignored by default)
adding medium "Core Updates Testing Debug" (ignored by default)
adding medium "Core Backports" (ignored by default)
adding medium "Core Backports Debug" (ignored by default)
adding medium "Core Backports Testing" (ignored by default)
adding medium "Core Backports Testing Debug" (ignored by default)
adding medium "Nonfree Release"
adding medium "Nonfree Release Debug" (ignored by default)
adding medium "Nonfree Updates"
adding medium "Nonfree Updates Debug" (ignored by default)
adding medium "Nonfree Updates Testing" (ignored by default)
adding medium "Nonfree Updates Testing Debug" (ignored by default)
adding medium "Nonfree Backports" (ignored by default)
adding medium "Nonfree Backports Debug" (ignored by default)
adding medium "Nonfree Backports Testing" (ignored by default)
adding medium "Nonfree Backports Testing Debug" (ignored by default)
adding medium "Tainted Release" (ignored by default)
adding medium "Tainted Release Debug" (ignored by default)
adding medium "Tainted Updates" (ignored by default)
adding medium "Tainted Updates Debug" (ignored by default)
adding medium "Tainted Updates Testing" (ignored by default)
adding medium "Tainted Updates Testing Debug" (ignored by default)
adding medium "Tainted Backports" (ignored by default)
adding medium "Tainted Backports Debug" (ignored by default)
adding medium "Tainted Backports Testing" (ignored by default)
adding medium "Tainted Backports Testing Debug" (ignored by default)
adding medium "Core 32bit Release" (ignored by default)
adding medium "Core 32bit Updates" (ignored by default)
adding medium "Core 32bit Updates Testing" (ignored by default)
adding medium "Core 32bit Backports" (ignored by default)
adding medium "Core 32bit Backports Testing" (ignored by default)
adding medium "Nonfree 32bit Release" (ignored by default)
adding medium "Nonfree 32bit Updates" (ignored by default)
adding medium "Nonfree 32bit Updates Testing" (ignored by default)
adding medium "Nonfree 32bit Backports" (ignored by default)
adding medium "Nonfree 32bit Backports Testing" (ignored by default)
adding medium "Tainted 32bit Release" (ignored by default)
adding medium "Tainted 32bit Updates" (ignored by default)
adding medium "Tainted 32bit Updates Testing" (ignored by default)
adding medium "Tainted 32bit Backports" (ignored by default)
adding medium "Tainted 32bit Backports Testing" (ignored by default)
    $MIRRORLIST: media/core/release/media_info/20190627-235351-synthesis.hdlist.cz
    $MIRRORLIST: media/core/updates/media_info/20191208-180358-synthesis.hdlist.cz                                                                                                  
    $MIRRORLIST: media/nonfree/release/media_info/20190628-001219-synthesis.hdlist.cz                                                                                               
    $MIRRORLIST: media/nonfree/updates/media_info/20191119-211043-synthesis.hdlist.cz 


Example: Verify Mageia urpmi sources configuration

Here we install a single package. In this case: tcptraceroute

/bin/su -c "/usr/sbin/urpmi tcptraceroute"
[live@localhost ~]$ /bin/su -c "/usr/sbin/urpmi tcptraceroute"                                                                                                                      
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release")
  lib64net1                      1.1.6        8.mga7        x86_64  
  tcptraceroute                  1.5          1.beta7.11.m> x86_64  
233KB of additional disk space will be used.
97KB of packages will be retrieved.
Proceed with the installation of the 2 packages? (Y/n) y


    $MIRRORLIST: media/core/release/lib64net1-1.1.6-8.mga7.x86_64.rpm
    $MIRRORLIST: media/core/release/tcptraceroute-1.5-1.beta7.11.mga7.x86_64.rpm                                                                                                    
installing tcptraceroute-1.5-1.beta7.11.mga7.x86_64.rpm lib64net1-1.1.6-8.mga7.x86_64.rpm from /var/cache/urpmi/rpms                                                                
Preparing...                     ###################################################################################
      1/2: lib64net1             ###################################################################################
      2/2: tcptraceroute         ###################################################################################


Example: apply pending updates

/usr/sbin/urpmi --auto-update
[live@localhost ~]$ /bin/su -c "/usr/sbin/urpmi --auto-update"
medium "Core Release" is up-to-date
medium "Core Updates" is up-to-date
medium "Nonfree Release" is up-to-date
medium "Nonfree Updates" is up-to-date
Packages are up to date