05 Feb 10 Linux LUKS Crypt HOWTO

Linux kernels now support encrypted filesystems. Setting one up should take 5 minutes, or 3 hours if you’re like me and can’t read.

Firstly, install the right tools: apt-get install cryptsetup

Make a new partition, and initialize it with: cryptsetup luksFormat /dev/sda3 mycrypto

Where /dev/sda3 is your newly created partition and ‘mycrypto’ is your name for the container.

You will be prompted to type YES in uppercase to confirm your understanding that your partition is about to be wiped. If, like me, you type ‘yes’ in lowercase, it will fail with “Command Failed.”. You’ll then spend hours checking for loaded kernel modules, log files, and trawling google for more information. The answer is to type ‘YES’ in uppercase as you’re told

Enter a passphrase, and you’re ready to go.

Next, ‘open’ the container. cryptsetup luksOpen /dev/sdb3 enter the passphrase, and you should at this point end up with a /dev/mapper/mycrypto

Format with your desired partition mkfs.ext3 /dev/mapper/mycrypto

Then, you can mount /dev/mapper/mycrypto as you would any other block device: mount /dev/mapper/mycrypto /mnt/my_mount_point

To close the container:
umount /dev/mapper/mycrypto
cryptsetup luksClose mycrypto

Easy

Tags: crypto, cryptsetup, Linux, luks, mount, umount

09 Mar 09 umount: device is busy

umount: /tmp/disk: device is busy

This is a common problem when trying to unmount a filesystem that is currently in use, especially when you have no idea what is using it!

Here’s a test..

ns3:~# cd /tmp/disk

Now we’ll create a test.sh script that will simply loop indefinitely, pausing every second as it goes.

ns3:/tmp/disk# cat test.sh
#!/bin/bash

while(true); do
sleep 1;
done

ns3:/tmp/disk# chmod +x test.sh

ns3:/tmp/disk# ./test.sh &
[1] 31460

Now test.sh is running, I’ll return to my home directory

ns3:/tmp/disk# cd ~/

Attempting to unmount /tmp/disk returns:

ns3:~# umount /tmp/disk
umount: /tmp/disk: device is busy
umount: /tmp/disk: device is busy

Assuming I don’t know that test.sh is currently running:

ns3:~# lsof +D /tmp/disk
COMMAND   PID USER   FD   TYPE DEVICE SIZE NODE NAME
test.sh 31460 root  cwd    DIR    7,0 1024    2 /tmp/disk
test.sh 31460 root  255r   REG    7,0   44   12 /tmp/disk/test.sh
sleep   31666 root  cwd    DIR    7,0 1024    2 /tmp/disk

Now I know that test.sh is running, I can issue:

ns3:~# killall test.sh
[1]+  Terminated              ./test.sh  (wd: /tmp/disk)
(wd now: ~)

Followed by:

ns3:~# umount /tmp/disk

Tags: cd, chmod, device is busy, filesystem, killall, lsof, umount, unmount

08 Mar 09 How to create a simple disk image formatted to ext3

We want a 48MB image, formatted to ext3

ns3:/tmp# dd if=/dev/zero of=./disk.img bs=1MiB count=48
48+0 records in
48+0 records out
50331648 bytes (50 MB) copied, 0.301372 s, 167 MB/s
ns3:/tmp# mkfs.ext3 ./disk.img
mke2fs 1.41.3 (12-Oct-2008)
./disk.img is not a block special device.
Proceed anyway? (y,n) y

ns3:/tmp# mkdir disk

ns3:/tmp# mount -oloop ./disk.img ./disk
ns3:/tmp# df -h ./disk
Filesystem            Size  Used Avail Use% Mounted on
/tmp/disk.img          47M  4.8M   40M  11% /tmp/disk

That’s it – now we can copy our content to ./disk before unmounting it, then use dd to write it to our target medium (such as a CF card or similar)

ns3:/tmp# umount ./disk

Tags: CF, df, disk image, ext3, loop, mkfs.ext3, mount, umount