Felipe Alfaro Solana

Install pam_mount:

# apt-get install libpam-mount

Configure Ubuntu to load the loop and cryptoloop kernel modules during boot or else pam_mount won’t be able to mount the cryptoloop devices:

# cat >> /etc/modules
loop
cryptoloop

Configure PAM to use pam_mount for authentication and session management. PAM authentication captures the user login password, while PAM session set ups the cryptoloop device and mounts it during log on, and unmounts the cryptoloop during log off.

# echo “@include common-pammount” >> /etc/pam.d/common-auth
# echo “@include common-pammount” >> /etc/pam.d/common-session

Sets up some variables used to make the rest of the steps a little bit easier and more generic:

# USER=solana
# SIZE=2048
# KEYSIZE=128

The meaning of the previous variables is:

• USER defines the username.
• SIZE defines how much space to allocate for the file-based cryptoloop, as a quantity expressed in MiB.
• KEYSIZE defines the AES keysize used to encrypt the data. Valid keysizes are 128, 192 and 256.

Creates the loop file and fills it with random junk:

# dd if=/dev/urandom of=/home/${USER}.img bs=1M count=${SIZE}

Generate an AES random encryption key, encrypts it with the user log on password and stores it:

# dd if=/dev/urandom bs=1c count=$((${KEYSIZE}/8)) | openssl enc -aes-${KEYSIZE}-ecb > /home/${USER}.key

When prompted for the passphrase, enter the user’s log on password.

Loads the cryptoloop kernel driver (if not already):

# modprobe -q cryptoloop

Finds the first loopback device available:

# LOOP=$(losetup -f)

Make sure that ${LOOP} is something like /dev/loop0.

Sets up the cryptoloop device:

# openssl enc -d -aes-${KEYSIZE}-ecb -in /home/${USER}.key | losetup -e aes -k ${KEYSIZE} -p0 ${LOOP} /home/${USER}.img

When asked for the passphrase, just enter the user’s log on password.

Make a new ext3 filesystem on top of the cryptoloop device:

# mkfs.ext3 ${LOOP}

Frees the cryptoloop device:

# losetup -d ${LOOP}

Configure pam_mount:

# echo “volume ${USER} auto – /home/${USER}.img /home/${USER} loop,user,exec,encryption=aes,keybits=${KEYSIZE} aes-${KEYSIZE}-ecb /home/${USER}.key” >> /etc/security/pam_mount.conf

codeThis article describes how to install Ubuntu Linux on a MacBook Pro laptop. Although I chose Ubuntu Linux as the Linux distribution, you can easily replace that for whatever distro you like the most. It’s only a matter of choice and freedom.

Download Ubuntu Linux

Download the latest desktop ISO image from Ubuntu’s web site and burn it down onto a blank CD. I will use this CD to install Ubuntu Linux on the MacBook Pro and also for recovery purpouses in case anything goes wrong.

Install Apple Boot Camp

Boot Camp is some sort of BIOS emulation to allow some legacy operating systems that don’t support EFI to work on MacBooks. Although Linux does support EFI, it seems it only works reliably when used on Itanium-based machines and in combination with the ELILO bootloader. Anyways, I will use plain LILO and BIOS emulation provided by Boot Camp.

Download Boot Camp from Apple’s Web site and install it. After installation, go to Applications -> Utilities and launch Boot Camp.

The first time you run it, Boot Camp will offer to burn some Windows drivers onto a blank CD. We can skip this step since we are not going to install Windows. Next, we need to shrink the Mac OS X HFS+ volume in order to leave space for the Linux volume. I chose to assign 23GB of disk space to Linux, but your mileage may vary.

Install rEFIt

rEFIt is an extremely powerful GUI EFI bootloader. It allows you to boot up Mac OS X, Linux and even Winblows, graphically, while also allows one to peek inside EFI (using the built-in EFI shell).

Download rEFIt from here. You can choose whatever format you like — Mac disk image, ISO image or tar.gz. The latest version, at the time of this writing, was this.

Extract the /efi directory from the file you downloaded and place it into the root directory of your Mac OS X boot volume. For the tar.gz file you can run:

# tar -C /tmp -zxvf refit-bin-0.7.tar.gz
# mv /tmp/refit-bin-0.7/efi /

Install rEFIt:

# cd /efi/refit
# sh ./enable-always.sh

Install Ubuntu Linux

Once Boot Camp has been installed, the Mac OS X volume shrinked to leave space for the Linux partition, and rEFIt installed into your Mac OS X boot volume, we will start the Ubuntu Linux installation.

Insert the Ubuntu Linux CD into the CD-ROM, reboot while holding down the C key — boot from the CD-ROM — and wait for Ubuntu Linux to finish starting up. You should be dropped into a brown-coloured beautiful desktop.

Before installing Ubuntu Linux, make sure you have network connectivity. For wired Ethernet it’s usually as easy as plugging in an Ethernet cable and waiting for a DHCP lease. For Wireless it depends on whether you can get associated with a public/open Wireless Access Point. Fortunately, the MacBook Pro uses an Atheros-based wireless card, so it will just work out of the box, even when using WEP, WPA or WPA2.

To configure for wired Ethernet and DHCP:

# ifconfig eth0 up
# dhclient eth0

To configure for wireless Ethernet, via a public hot spot and DHCP:

# ifconfig ath0 up
# iwconfig ath0 essid GoogleWifi
# dhclient ath0

Check you have network connectivity, usually by pinging a well know host. I tend to use W.X.Y.Z as a check — don’t think it’s a good idea to tell the whole world the machine I use for ping purposes as it system administrator won’t like it much:

# ping -c W.X.Y.Z
PING W.X.Y.Z (W.X.Y.Z) 56(84) bytes of data.
64 bytes from W.X.Y.Z: icmp_seq=1 ttl=235 time=179 ms
64 bytes from W.X.Y.Z: icmp_seq=2 ttl=235 time=179 ms
64 bytes from W.X.Y.Z: icmp_seq=3 ttl=235 time=178 ms

— W.X.Y.Z ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 178.278/178.993/179.612/0.734 ms

Now, double click the Installer icon you will find on the desktop. This will start the Install Wizard that will guide you during the installation process.

The next screens are rather easy to go through: choose your language, keyboard layout, username and password, time zone, etc. The important steps begin once you are prompted about the partition layout. Choose to manually edit the partition table and click on Forward. The next screen allows making changes to the partition layout. I strongly recommend on not making any changes and click on Forward again.

On the next screen, make sure the EFI GPT partition is not mounted — click into the dropdown list and select the blank entry. Mount the Linux partition, usually /dev/sda3 as / and then click on Forward.

• NOTE:I didn’t create a swap partition, so the installer complained at a later point. If your computer has enough RAM (>192MB), you can go on with the installation and create a swap file once the system is installed and ready.

At the end of the installation, GRUB will fail to install. That’s totally normal. Instead, we will use and install LILO as the boot loader. Open a terminal and run the following commands:

# mount -t proc none /target/proc
# mount -o bind /dev /target/dev
# chroot /target

The last command places ourselves into the Linux filesystem of the newly installed Ubuntu Linux.

Next, install LILO and the SMP kernel — since MacBooks have an Intel Core Duo:

# apt-get install lilo lilo-doc linux-686-smp
# cat > /etc/lilo.conf << EOF
> boot=/dev/sda3
> default=Ubuntu
>
> map=/boot/map
> delay=20
> image=/vmlinuz initrd=/initrd.img
> root=/dev/sda3
> append=noapic
> label=Ubuntu
> read-only
> EOF
# lilo -b /dev/sda
# exit

• NOTE: I had to append the noapic option to the kernel command line due to a sporadic kernel panic while booting related to the APIC stuff. Since these MacBook laptops are SMP systems, APIC is expected to replace the aging ISA-compatible way of assigning IRQs. However, it doesn’t seem to work reliably, at least on my laptop.

Exit the chroot jail — usually by running “exit” or typing ^D — and double check you are not inside the chroot jail anymore:

# parted
(parted) print

Disk geometry for /dev/sda: 0kB - 100GB
Disk label type: gpt
Number  Start   End     Size    File system  Name                  Flags
1       200kB   210MB   210MB   fat32        EFI system partition  boot
2       210MB   76GB    76GB    hfs+         Merged_untitled
3       77GB    100GB   23GB    fat32        Untitled

(parted) set 3
Flag to change? boot/hidden/raid/lvm/hp-service/msftres? boot
New state? on/[off]? on
(parted) quit

Parted understands the new EFI GPT partition table format, while fdisk does not. I think that’s the reason why, after the Ubuntu installer formats the partition and starts copying files onto it, all partitions except sda1 vanish from fdisk‘s listing.

Since EFI boot support is still experimental, we will use standard LILO (it seems GRUB uses certain BIOS calls which are still not supported by Boot Camp BIOS emulation). However, this requires syncing the EFI GPT partition table with the old-fashioned, BIOS-compatible MBR partition table or else Linux won’t boot. We will do this syncing from the rEFIt main menu at a later point.

Check that LILO got installed by running:

# hexdump -C /dev/sda | less

Look for the string LILO at the beginning of the listing. If it’s missing, try reinstalling LILO again.

Before rebooting, we need to unmount all the partitions that we mounted before:

# umount /target/proc
# umount /target/dev
# umount /target

I’ve seen the last command failing to unmount the root filesystem a couple of times. It seems some process has opened files on it, but I’ve been unable to catch it up by using fuser or lsof.

# reboot

Enter the rEFIt Partition editor and make sure the MBR/GPT maps are in sync.
Now, we are ready to boot into Linux, although there are some rough small things we need to get fixed, like the video resolution and aspect ratio.

Resources:

• Ubuntu Linux
• Apple Boot Camp
• Installing Ubuntu Linux on a MacBook Pro (Dual Boot)
• Installing rEFIt

I’ve found an article describing how to install the OpenType font used to generate the Ubuntu title.

Basically, it’s as easy as running:

$ sudo apt-get install ttf-ubuntu-title

Using TUN/TAP networking with QEMU grant guest machines access to some or all networks reachable by the host machine. This also allows accessing services offered by guests machines from any other host.

To be able to use TUN/TAP network, instead of directly configuring the physical Ethernet network device — my Realtek 8169 Gigabit Ethernet, which in my computer it’s named eth1 –, we need to reconfigure the network in order to get a bridge device, named br0, with the physical Ethernet eth1 device attached to it. We can achieve this by editing /etc/network/interfaces to look like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#auto eth1
#iface eth1 inet static

auto br0
iface br0 inet static
        address a.b.c.d
        netmask 255.255.255.128
        gateway v.w.x.y
        bridge_ports eth1
        bridge_fd 1
        bridge_hello 1
        bridge_stp off

The helper script /etc/qemu-ifup, which QEMU uses to bring up a TAP network interface used by the guest and bind it to the existing bridge br0, should look like this:

#!/bin/sh
echo "Executing /etc/qemu-ifup"
echo "Bringing up $1 for bridged mode..."
sudo /sbin/ifconfig $1 0.0.0.0 promisc up
echo "Adding $1 to br0..."
sudo /usr/sbin/brctl addif br0 $1
sleep 2

To allow running QEMU as an unprivileged user, we need to edit /etc/sudoers in order to grant access for running /sbin/ifconfig and /usr/sbin/brctl. It’s recommended to edit that file using visudo. The file should could look like this:

# Cmnd alias specification
Cmnd_Alias      QEMU=/sbin/ifconfig, \\
                     /sbin/modprobe, \\
                     /usr/sbin/brctl

# Defaults
Defaults        !lecture,tty_tickets,!fqdn,rootpw

# User privilege specification
root    ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Grant access to Cmnd_Alias to user jdoe
jdoe ALL=NOPASSWD:QEMU

Now, we can launch qemu from the command line:

XLIB_SKIP_ARGB_VISUALS=1 \\
qemu -hda hda -cdrom *iso -boot d \\
-m 512 -localtime -net nic,vlan=0 \\
-net tap,ifname=tap0,script=/etc/qemu-ifup \\
-kernel-kqemu

Apple’s PowerBook built-in touchpad has no middle or right mouse button. Under Mac OS X, right-click is simulated by holding down the Control key and then clicking. However, this doesn’t work on Ubuntu Linux.

Googling around, I found that, by default, the F11 key is mapped to a mouse middle-click while the F12 key is mapped to a mouse right-click.

It is also possible to change this behavior by editing /etc/sysctl.conf and mapping dev/mac_hid/mouse_button2_keycode and dev/mac_hid/mouse_button3_keycode to their corresponding key scan codes. The scan code for a key can be retrieved by running

sudo showkey

then pressing the key or keys for which the scan codes are to be printed. To exit, press Control-D.

1. Download the Java Development Kit (or Runtime Environment) for Linux, self-extracting.
2. Edit /etc/apt/sources.list and unable universe and multiverse repositories:

   deb http://us.archive.ubuntu.com/ubuntu breezy universe multiverse
deb http://us.archive.ubuntu.com/ubunty breezy-security universe multiverse

3. Install java-package and build-essential packages:

   # apt-get update
   # apt-get install java-package build-essential
   

4. Create a Debian package from the Java Linux, self-extracting file downloaded in step 1 and install the resulting package:

   $ fakeroot make-jpkg sun-j2sdk1.5_.bin
   $ sudo dpkg -i sun-j2sdk1.5_.deb
   

5. Register the new package as the default Java environment:

   # update-alternatives --config java

6. Define the Java-home environment variable by adding the following line into ~/.bash_profile file:

   export JAVA_HOME=/usr/lib/j2sdk1.5-sun/