https://wiki.archlinux.org/api.php?action=feedcontributions&user=Jkastelic&feedformat=atomArchWiki - User contributions [en]2024-03-29T01:05:19ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Apache_OpenOffice&diff=182697Apache OpenOffice2012-02-08T09:53:46Z<p>Jkastelic: /* Spellchecker */</p>
<hr />
<div>[[Category:Office (English)]]<br />
{{i18n|OpenOffice}}<br />
{{Out of date}}<br />
[[fr:Openoffice]]<br />
<br />
From [http://why.openoffice.org/ Why OpenOffice.org]:<br />
<br />
:''OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages. It can be downloaded and used completely free of charge for any purpose.''<br />
<br />
==OpenOffice in Arch Linux==<br />
Official support for OpenOffice.org was dropped in favor of [[LibreOffice]]. See [http://mailman.archlinux.org/pipermail/arch-general/2011-March/018819.html Dropping Oracle OpenOffice (arch-general)].<br />
<br />
Consider using [[LibreOffice]] instead.<br />
<br />
{{Expansion}}<br />
<br />
==Installation==<br />
First, install a Java Runtime Environment (optional, highly recommended). See: [[Java]]<br />
<br />
Also, make sure that fonts are installed, otherwise you will see only rectangles: {{Pkg|tf-dejavu}} {{Pkg|artwiz-fonts}}<br />
<br />
OpenOffice is available in the [[Arch User Repository|AUR]]: {{AUR|openoffice}}<br />
<br />
===Extension management and spell checking for OpenOffice 3.x===<br />
<br />
The Arch package is now shipped with some dictionaries. Check Extension manager if your language is already there simply by loading up any OO program (Writer for example) and access the Extension Manager from the Tools menu. From there enter the following location to install a spell check dictionary:<br />
<br />
/usr/lib/openoffice/share/extension/install/<br />
<br />
{{Note|If you installed libreoffice, the path will be {{ic|/usr/lib/libreoffice/share/extensions/}} instead and extensions are currently all already known to the system. }}<br />
<br />
Alternatively, there are several ways to accomplish this:<br />
<br />
* 1) Use the Extension manager from OOo menu for download and installation - installs only for the user into his {{ic|~/.openoffice.org/3/user/uno_packages/cache}}<br />
* 2) Download the extension and install it using {{ic|/usr/lib/openoffice/program/unopkg add extension}} for the user or<br />
* 3) Download the extension and install it using {{ic|/usr/lib/openoffice/program/unopkg add --shared extension}} for every user on the system (requires root permission)<br />
<br />
=====Spellchecker=====<br />
For spellchecking you will need hunspell and dictionary for hunspell (like hunspell-en, hunspell-de, etc), for hyphenation rules you will need hyphen (hyphen-en, hyphen-de) and for a thesaurus, mythes.<br />
# pacman -S hunspell hunspell-en hyphen hyphen-en mythes mythes-en<br />
<br />
=====Other extensions installed by default=====<br />
* pdfimport.oxt: ability to import PDF files in Draw and Impress<br />
* presenter-screen.oxt: when using two displays this plugin provides more control over slideshow<br />
* sun-presentation-minimizer.oxt: reduce file size of current presentation<br />
* wiki-publisher.oxt: allows to create Wiki articles on MediaWiki servers without having to know the syntax of the MediaWiki markup language<br />
<br />
===Installing Macros===<br />
In most Linux distros, the default path for macros is:<br />
~/.openoffice.org/3/user/Scripts/<br />
The path for this directory in Arch Linux is:<br />
~/.config/.openoffice.org/3/user/Scripts/<br />
The path for this directory for LibreOffice in Arch Linux is:<br />
~/.config/.libreoffice/3/user/Scripts/<br />
<br />
Another thing to note is that if you intend to use macros, you must have a JRE enabled, use of a JRE is default behaviour; but disabling its use is listed in the speed tweaks below.<br />
<br />
===Set OOo environment variable===<br />
OpenOffice supports to use several toolkits for drawing and integrates into different desktop environments in a clean way. To choose by hand, you need to set the OOO_FORCE_DESKTOP environment variable.<br />
<br />
To run OpenOffice.org in GTK2 mode(this is default and already preset), you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=gnome soffice<br />
To run OpenOffice.org in QT/KDE3 mode, you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=kde soffice<br />
To run OpenOffice.org in QT4/KDE4 mode, you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=kde4 soffice<br />
<br />
{{Note | As KDE look was removed in Openoffice3 it is highly recommended to use the GTK mode for all users. KDE4 integration is in experimental state in go-openoffice and in openoffice-base-devel (starting from m56)}}<br />
<br />
====Configure OOo environment globally====<br />
To configure the look for anytime OpenOffice gets started, you can export the {{ic|OOO_FORCE_DESKTOP}} variable in {{ic|/etc/profile.d/openoffice.sh}}, or in {{ic|/usr/bin/soffice}}, with the value {{ic|gnome}}, {{ic|kde}}, or {{ic|kde4}}.<br />
<br />
====Environment variable scripts====<br />
If for whatever reason you do not want to configure the look globaly, as a non-[[GNOME]]/[[KDE]] user you may run into problems when trying to add the environment variable to the command in a *box menu, as such menus do not seem to like environment variables.<br />
<br />
This script will run openoffice using the GTK look while still accepting command line options like -writer.<br />
#!/bin/sh<br />
<br />
#### openoffice-gtk - A script to start openoffice with the GNOME/GTK environment<br />
<br />
OOO_FORCE_DESKTOP=gnome /usr/bin/soffice "$@"<br />
<br />
Just use this script as a command (e.g. {{ic|/usr/bin/openoffice-gtk}}) for your menu or whatever other sort of launcher you use.<br />
<br />
{{Note | If you open a file in a file manager, for example Thunar, the default look will be used, as the file association will not use your personal script. }}<br />
<br />
====Other method====<br />
Another method is to edit the startcenter.desktop file<br />
(tested with openoffice 3.2 and gnome/xfce/awesome/openbox/fluxbox)<br />
First, copy the file to your home directory<br />
$ cp /usr/share/applications/startcenter.desktop ~/.local/share/applications/startcenter.desktop<br />
Then, open the file <br />
$ nano ~/.local/share/applications/startcenter.desktop<br />
and change line <br />
Exec=/usr/bin/soffice %U<br />
to<br />
Exec=OOO_FORCE_DESKTOP=gnome /usr/bin/soffice %U<br />
<br />
Or, if you wish to make global changes, open the following file in a text editor and edit the file as above.<br />
/usr/share/applications/startcenter.desktop<br />
<br />
===KDE4 look and feel for OpenOffice===<br />
<br />
Check [[Uniform Look for QT and GTK Applications]] for a broad application, general tips and other methods to achieve it.<br />
<br />
'''Method 1:'''<br />
<br />
Open the menu editor, select Office and insert {{ic|1=OOO_FORCE_DESKTOP=kde4}} before {{ic|/usr/bin/soffice}} -(writer/calc/base/etc.) for each OpenOffice application in the general tab/Command field. For example, change {{ic|/usr/bin/soffice -writer}} to <br />
OOO_FORCE_DESKTOP=kde4 /usr/bin/soffice -writer<br />
<br />
Save (i.e. update system configuration), open an OpenOffice application and do a {{Keypress|Ctrl+o}} to check whether it worked.<br />
<br />
'''Method 2:'''<br />
<br />
{{ic|1=OOO_FORCE_DESKTOP=gnome}} never did the trick for me. A good workaround is to set (as root):<br />
export SAL_GTK_USE_PIXMAPPAINT=1<br />
into {{ic|/etc/profile.d/openoffice.sh}}. In KDE4 systemsettings, make sure "use my KDE style in GTK applications" is selected in Appearance > GTK styles and fonts (you must install gtk-qt-engine first).<br />
<br />
'''Method 3:'''<br />
<br />
[[Uniform_Look_for_QT_and_GTK_Applications#KDE4_Oxygen]]. <br />
<br />
Although by default it applies a KDE look to all GTK+ applications, it can be made to apply only to specific applications. Check the documentation in the package available at [http://kde-look.org/content/show.php?content=103741 kde-look's project page].<br />
<br />
'''Method 4:'''<br />
<br />
[[Uniform_Look_for_QT_and_GTK_Applications#GTK-QT-Engine]] (applies to all GTK+ applications).<br />
<br />
====Alternative configuration====<br />
You may wish to set the Xorg server dots-per-inch in the [[KDM]] configuration.<br />
<br />
Do not select "use my KDE style in GTK applications". Instead choose a native syle and font for GTK2 applications.<br />
# pacman -S gtk-chtheme<br />
# pacman -S gtk-engines<br />
<br />
Use gtk-chtheme to select a style (in general different from KDE) and a font (may be the same as your KDE general system font). There are also other GTK engine packages available.<br />
<br />
There are two relevant parts of the OOo options dialog, View and Fonts:<br />
*View<br />
**set scale to 100%<br />
**set use system font OFF (otherwise replacement table will not be used)<br />
**set antialiasing OFF<br />
<br />
*Fonts<br />
**select "Use replacement table"<br />
**replace "Andale Sans UI" (you ''must'' type this in -- it is not in the drop down list) with another font (your KDE system font or another if this looks bad)<br />
**Press the tick symbol to update the list<br />
**Select "always" and "screen only"<br />
**Press OK<br />
<br />
When choosing fonts for OpenOffice note that the poor font rendering engine included in the package may not render a particular font in the same way as other apps on the desktop. Use the {{ic|kmag}} magnifying glass to examine shape of each letter.<br />
<br />
==Running OpenOffice==<br />
<br />
If you want to run a specific module of OpenOffice.org (instead of the soffice default Startcenter), for example the word processor (Write), spreadsheet application (Calc) or presentation program (Impress), check for the following script front-ends:<br />
<br />
Writer<br />
/usr/bin/soffice -writer<br />
<br />
Calc<br />
/usr/bin/soffice -calc<br />
<br />
Impress<br />
/usr/bin/soffice -impress<br />
<br />
Draw<br />
/usr/bin/soffice -draw<br />
<br />
Math (Formula Editor)<br />
/usr/bin/soffice -math<br />
<br />
Base (Database frontend)<br />
/usr/bin/soffice -base<br />
<br />
Printer Administration (Recommended to run as root)<br />
/usr/bin/spadmin<br />
<br />
==Speed up OpenOffice==<br />
Some settings may improve OpenOffice's loading time and responsiveness. However, some also increase RAM usage, so use them carefully. They can all be accessed under ''Tools > Options''.<br />
*Under ''Memory'':<br />
**Reduce the number of Undo steps to a figure lower than 100, to something like 20 or 30 steps.<br />
**Under Graphics cache, set Use for OpenOffice.org to 128 MB (up from the original 20MB).<br />
**Set Memory per object to 20MB (up from the default 5MB).<br />
**If you use OpenOffice often, check OpenOffice.org Quickstarter.<br />
*Under ''Java'', uncheck Use a Java runtime environment.<br />
{{Note|For a list of functionality which depends on OpenOffice Java support, see this page: http://wiki.services.openoffice.org/wiki/Java}}<br />
<br />
==Troubleshooting==<br />
=== Font substitution ===<br />
These settings can be changed in the OpenOffice.org options. From the drop-down menu, select ''Tools > Options > OpenOffice.org > Fonts''. Check the box that says ''Apply Replacement Table''. Type {{ic|Andale Sans UI}} in the font box and choose your desired font for the ''Replace with'' option. When done, click the ''checkmark''. Then choose the ''Always'' and ''Screen only'' options in the box below. Click OK.<br />
You will then need to go to ''Tools > Options > OpenOffice.org > View'', and uncheck "Use system font for user interface". If you use a non-antialised font, such as Arial, you will also need to uncheck "Screen font antialiasing" before menu fonts render correctly.<br />
<br />
=== Anti-aliasing ===<br />
Execute<br />
$ echo "Xft.lcdfilter: lcddefault" | xrdb -merge<br />
<br />
To make the change persistent, add {{ic|Xft.lcdfilter: lcddefault}} to your {{ic|~/.Xresources}} file. [https://bugs.launchpad.net/ubuntu/+source/openoffice.org/+bug/271283/comments/19].<br />
<br />
If this does not work, make sure you are running {{ic|xrdb -merge ~/.Xresources}} every time you launch [[Xorg|X]]. If you do not have this file, you will have to create it.<br />
<br />
=== TrueType font detection ===<br />
To add fonts to those already available in OpenOffice, run {{ic|spadmin}}.<br />
<br />
===Qt looks with KDE >4===<br />
OpenOffice has transitioned to Qt 4, and as such the look of the applications can not be set with Qt 3 tools.<br />
<br />
===Spell checking problems===<br />
As of openoffice 3.0.0-2, various dictionaries may be buggy due to a character encoding problem. To solve this issue, follow the following instructions.<br />
<br />
Find where the particular openoffice distribution places its dictionary files; e.g., {{Ic|pacman -Ql openoffice-base}}. Most distibutions follow the convention of installing these to {{filename|/usr/lib/openoffice/share/extension/install}}. Once the directory has been found, assign it to a shell variable:<br />
droot="/usr/lib/openoffice/share/extension/install"<br />
<br />
Install {{Pkg|unzip}} and {{Pkg|zip}} packages in order to be able to extract the dictionary files:<br />
pkg=$(pacman -T unzip zip) || pacman -S $pkg<br />
<br />
For reference, get a list of languages whose dictionary files are packaged with the base distribution:<br />
cd "$droot" && ls | sed -rn 's,^dict-(..)\.oxt$,\1,p'<br />
<br />
Define a list of languages whose dictionary files are to be fixed:<br />
lang="en es"<br />
<br />
Extract the target languages' dictionary files and convert the erroneous encoding to ''UTF-8'':<br />
tmp="/tmp/dictfix-$USER-$$"<br />
<br />
mkdir "$tmp"<br />
cd "$tmp"<br />
<br />
for i in $lang; do<br />
i="$droot/dict-$i.oxt"<br />
unzip "$i" -d oxt.tmp<br />
iconv -f ISO-8859-15 -t UTF-8 oxt.tmp/dictionaries.xcu > dict.tmp<br />
mv dict.tmp oxt.tmp/dictionaries.xcu<br />
(cd oxt.tmp && zip -r "$i" .)<br />
done<br />
<br />
rm -rf "$tmp"<br />
<br />
Finally, use the openoffice extension manager (available through the ''Tools'' menu) to install the dictionary from the resulting {{filename|dict-''xx''.oxt}} file(s).<br />
<br />
===Dark GTK themes, Icons and gtk-qt-engine===<br />
For a quick fix, see {{AUR|openoffice-dark-gtk-fix}} or if you have go-openoffice see {{AUR|go-openoffice-dark-gtk-fix}} in the [[Arch User Repository|AUR]]. This also sets 'OOO_FORCE_DESKTOP=gnome'. Another fix is to export SAL_USE_VCLPLUGIN=gen (generic X11). See [http://user.services.openoffice.org/en/forum/viewtopic.php?f=16&t=27216#p123942 for more info]<br />
<br />
'''In newer version of OO (3.2.0) and Libre''', the fixes mentioned above do not seem to work. If you use a dark GTK theme, you will be unable to change the icons from &ldquo;high-contrast&rdquo;. The colors can be configured manually in ''Options -> Appearance'', but Impress and Calc (maybe others too) will stay dark unless you disable automatic detection of high contrast themes first. The problem is with the default setting of &ldquo;Automatically detect high contrast mode of operating system&rdquo;. To change the default setting and allow the selection of icons and custom colors with a dark GTK theme, edit the following option:<br />
Tools &gt; Options... &gt; Accesibility|&gt; Uncheck: &nbsp; [ ] Automatically detect high contrast mode of operating system<br />
<br />
Now the colors can be configured in ''Options -> Appearance''.<br />
<br />
=== Hanging when using NFS shares ===<br />
If OpenOffice hangs when trying to open/save a document located on a NFS share, try prepending the following lines with a "#" in /usr/lib/openoffice/program/soffice (/usr/bin/soffice if using go-openoffice):<br />
# file locking now enabled by default<br />
SAL_ENABLE_FILE_LOCKING=1<br />
export SAL_ENABLE_FILE_LOCKING<br />
Original post [http://www.crazysquirrel.com/computing/debian/bugs/openoffice-over-nfs.jspx here]<br />
<br><br />
{{Note|Only NFSv3 is affected. NFSv4 works well with OpenOffice.}}<br />
<br />
=== Fixing Java Framework Error ===<br />
You may get the following error when you try to run OpenOffice. <br />
<br />
[Java framework] Error in function createSettingsDocument (elements.cxx).<br />
javaldx failed!<br />
<br />
If so, give yourself ownership of {{Ic|~/.config/}} like so: <br />
sudo chown -vR username:users ~/.config<br />
<br />
[https://bbs.archlinux.org/viewtopic.php?id=93168 Post on Arch Linux Forums]<br />
<br />
=== LibreOffice does not detect my certificates ===<br />
<br />
If you cannot see the certificates when trying to sign a document, you will need to have the certificates configured in Firefox (or Thunderbird). If after that LibreOffice still does not show them, set the MOZILLA_CERTIFICATE_FOLDER environment variable pointing to your Firefox (or Thunderbird) folder.<br />
<br />
export MOZILLA_CERTIFICATE_FOLDER=$HOME/.mozilla/firefox/XXXXXX.default/<br />
<br />
[http://wiki.services.openoffice.org/wiki/Certificate_Detection Certificate Detection]</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Apache_OpenOffice&diff=182696Apache OpenOffice2012-02-08T09:49:12Z<p>Jkastelic: /* Spellchecker */</p>
<hr />
<div>[[Category:Office (English)]]<br />
{{i18n|OpenOffice}}<br />
{{Out of date}}<br />
[[fr:Openoffice]]<br />
<br />
From [http://why.openoffice.org/ Why OpenOffice.org]:<br />
<br />
:''OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages. It can be downloaded and used completely free of charge for any purpose.''<br />
<br />
==OpenOffice in Arch Linux==<br />
Official support for OpenOffice.org was dropped in favor of [[LibreOffice]]. See [http://mailman.archlinux.org/pipermail/arch-general/2011-March/018819.html Dropping Oracle OpenOffice (arch-general)].<br />
<br />
Consider using [[LibreOffice]] instead.<br />
<br />
{{Expansion}}<br />
<br />
==Installation==<br />
First, install a Java Runtime Environment (optional, highly recommended). See: [[Java]]<br />
<br />
Also, make sure that fonts are installed, otherwise you will see only rectangles: {{Pkg|tf-dejavu}} {{Pkg|artwiz-fonts}}<br />
<br />
OpenOffice is available in the [[Arch User Repository|AUR]]: {{AUR|openoffice}}<br />
<br />
===Extension management and spell checking for OpenOffice 3.x===<br />
<br />
The Arch package is now shipped with some dictionaries. Check Extension manager if your language is already there simply by loading up any OO program (Writer for example) and access the Extension Manager from the Tools menu. From there enter the following location to install a spell check dictionary:<br />
<br />
/usr/lib/openoffice/share/extension/install/<br />
<br />
{{Note|If you installed libreoffice, the path will be {{ic|/usr/lib/libreoffice/share/extensions/}} instead and extensions are currently all already known to the system. }}<br />
<br />
Alternatively, there are several ways to accomplish this:<br />
<br />
* 1) Use the Extension manager from OOo menu for download and installation - installs only for the user into his {{ic|~/.openoffice.org/3/user/uno_packages/cache}}<br />
* 2) Download the extension and install it using {{ic|/usr/lib/openoffice/program/unopkg add extension}} for the user or<br />
* 3) Download the extension and install it using {{ic|/usr/lib/openoffice/program/unopkg add --shared extension}} for every user on the system (requires root permission)<br />
<br />
=====Spellchecker=====<br />
For spellchecking you will need hunspell and dictionary for hunspell (like hunspell-en, hunspell-de, etc), for hyphenation rules you will need hyphen (hyphen-en, hyphen-de) and for a thesaurus, mythes.<br />
# pacman -S hunspell-en hyphen hyphen-en mythes-en<br />
<br />
=====Other extensions installed by default=====<br />
* pdfimport.oxt: ability to import PDF files in Draw and Impress<br />
* presenter-screen.oxt: when using two displays this plugin provides more control over slideshow<br />
* sun-presentation-minimizer.oxt: reduce file size of current presentation<br />
* wiki-publisher.oxt: allows to create Wiki articles on MediaWiki servers without having to know the syntax of the MediaWiki markup language<br />
<br />
===Installing Macros===<br />
In most Linux distros, the default path for macros is:<br />
~/.openoffice.org/3/user/Scripts/<br />
The path for this directory in Arch Linux is:<br />
~/.config/.openoffice.org/3/user/Scripts/<br />
The path for this directory for LibreOffice in Arch Linux is:<br />
~/.config/.libreoffice/3/user/Scripts/<br />
<br />
Another thing to note is that if you intend to use macros, you must have a JRE enabled, use of a JRE is default behaviour; but disabling its use is listed in the speed tweaks below.<br />
<br />
===Set OOo environment variable===<br />
OpenOffice supports to use several toolkits for drawing and integrates into different desktop environments in a clean way. To choose by hand, you need to set the OOO_FORCE_DESKTOP environment variable.<br />
<br />
To run OpenOffice.org in GTK2 mode(this is default and already preset), you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=gnome soffice<br />
To run OpenOffice.org in QT/KDE3 mode, you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=kde soffice<br />
To run OpenOffice.org in QT4/KDE4 mode, you can issue (using bash):<br />
# OOO_FORCE_DESKTOP=kde4 soffice<br />
<br />
{{Note | As KDE look was removed in Openoffice3 it is highly recommended to use the GTK mode for all users. KDE4 integration is in experimental state in go-openoffice and in openoffice-base-devel (starting from m56)}}<br />
<br />
====Configure OOo environment globally====<br />
To configure the look for anytime OpenOffice gets started, you can export the {{ic|OOO_FORCE_DESKTOP}} variable in {{ic|/etc/profile.d/openoffice.sh}}, or in {{ic|/usr/bin/soffice}}, with the value {{ic|gnome}}, {{ic|kde}}, or {{ic|kde4}}.<br />
<br />
====Environment variable scripts====<br />
If for whatever reason you do not want to configure the look globaly, as a non-[[GNOME]]/[[KDE]] user you may run into problems when trying to add the environment variable to the command in a *box menu, as such menus do not seem to like environment variables.<br />
<br />
This script will run openoffice using the GTK look while still accepting command line options like -writer.<br />
#!/bin/sh<br />
<br />
#### openoffice-gtk - A script to start openoffice with the GNOME/GTK environment<br />
<br />
OOO_FORCE_DESKTOP=gnome /usr/bin/soffice "$@"<br />
<br />
Just use this script as a command (e.g. {{ic|/usr/bin/openoffice-gtk}}) for your menu or whatever other sort of launcher you use.<br />
<br />
{{Note | If you open a file in a file manager, for example Thunar, the default look will be used, as the file association will not use your personal script. }}<br />
<br />
====Other method====<br />
Another method is to edit the startcenter.desktop file<br />
(tested with openoffice 3.2 and gnome/xfce/awesome/openbox/fluxbox)<br />
First, copy the file to your home directory<br />
$ cp /usr/share/applications/startcenter.desktop ~/.local/share/applications/startcenter.desktop<br />
Then, open the file <br />
$ nano ~/.local/share/applications/startcenter.desktop<br />
and change line <br />
Exec=/usr/bin/soffice %U<br />
to<br />
Exec=OOO_FORCE_DESKTOP=gnome /usr/bin/soffice %U<br />
<br />
Or, if you wish to make global changes, open the following file in a text editor and edit the file as above.<br />
/usr/share/applications/startcenter.desktop<br />
<br />
===KDE4 look and feel for OpenOffice===<br />
<br />
Check [[Uniform Look for QT and GTK Applications]] for a broad application, general tips and other methods to achieve it.<br />
<br />
'''Method 1:'''<br />
<br />
Open the menu editor, select Office and insert {{ic|1=OOO_FORCE_DESKTOP=kde4}} before {{ic|/usr/bin/soffice}} -(writer/calc/base/etc.) for each OpenOffice application in the general tab/Command field. For example, change {{ic|/usr/bin/soffice -writer}} to <br />
OOO_FORCE_DESKTOP=kde4 /usr/bin/soffice -writer<br />
<br />
Save (i.e. update system configuration), open an OpenOffice application and do a {{Keypress|Ctrl+o}} to check whether it worked.<br />
<br />
'''Method 2:'''<br />
<br />
{{ic|1=OOO_FORCE_DESKTOP=gnome}} never did the trick for me. A good workaround is to set (as root):<br />
export SAL_GTK_USE_PIXMAPPAINT=1<br />
into {{ic|/etc/profile.d/openoffice.sh}}. In KDE4 systemsettings, make sure "use my KDE style in GTK applications" is selected in Appearance > GTK styles and fonts (you must install gtk-qt-engine first).<br />
<br />
'''Method 3:'''<br />
<br />
[[Uniform_Look_for_QT_and_GTK_Applications#KDE4_Oxygen]]. <br />
<br />
Although by default it applies a KDE look to all GTK+ applications, it can be made to apply only to specific applications. Check the documentation in the package available at [http://kde-look.org/content/show.php?content=103741 kde-look's project page].<br />
<br />
'''Method 4:'''<br />
<br />
[[Uniform_Look_for_QT_and_GTK_Applications#GTK-QT-Engine]] (applies to all GTK+ applications).<br />
<br />
====Alternative configuration====<br />
You may wish to set the Xorg server dots-per-inch in the [[KDM]] configuration.<br />
<br />
Do not select "use my KDE style in GTK applications". Instead choose a native syle and font for GTK2 applications.<br />
# pacman -S gtk-chtheme<br />
# pacman -S gtk-engines<br />
<br />
Use gtk-chtheme to select a style (in general different from KDE) and a font (may be the same as your KDE general system font). There are also other GTK engine packages available.<br />
<br />
There are two relevant parts of the OOo options dialog, View and Fonts:<br />
*View<br />
**set scale to 100%<br />
**set use system font OFF (otherwise replacement table will not be used)<br />
**set antialiasing OFF<br />
<br />
*Fonts<br />
**select "Use replacement table"<br />
**replace "Andale Sans UI" (you ''must'' type this in -- it is not in the drop down list) with another font (your KDE system font or another if this looks bad)<br />
**Press the tick symbol to update the list<br />
**Select "always" and "screen only"<br />
**Press OK<br />
<br />
When choosing fonts for OpenOffice note that the poor font rendering engine included in the package may not render a particular font in the same way as other apps on the desktop. Use the {{ic|kmag}} magnifying glass to examine shape of each letter.<br />
<br />
==Running OpenOffice==<br />
<br />
If you want to run a specific module of OpenOffice.org (instead of the soffice default Startcenter), for example the word processor (Write), spreadsheet application (Calc) or presentation program (Impress), check for the following script front-ends:<br />
<br />
Writer<br />
/usr/bin/soffice -writer<br />
<br />
Calc<br />
/usr/bin/soffice -calc<br />
<br />
Impress<br />
/usr/bin/soffice -impress<br />
<br />
Draw<br />
/usr/bin/soffice -draw<br />
<br />
Math (Formula Editor)<br />
/usr/bin/soffice -math<br />
<br />
Base (Database frontend)<br />
/usr/bin/soffice -base<br />
<br />
Printer Administration (Recommended to run as root)<br />
/usr/bin/spadmin<br />
<br />
==Speed up OpenOffice==<br />
Some settings may improve OpenOffice's loading time and responsiveness. However, some also increase RAM usage, so use them carefully. They can all be accessed under ''Tools > Options''.<br />
*Under ''Memory'':<br />
**Reduce the number of Undo steps to a figure lower than 100, to something like 20 or 30 steps.<br />
**Under Graphics cache, set Use for OpenOffice.org to 128 MB (up from the original 20MB).<br />
**Set Memory per object to 20MB (up from the default 5MB).<br />
**If you use OpenOffice often, check OpenOffice.org Quickstarter.<br />
*Under ''Java'', uncheck Use a Java runtime environment.<br />
{{Note|For a list of functionality which depends on OpenOffice Java support, see this page: http://wiki.services.openoffice.org/wiki/Java}}<br />
<br />
==Troubleshooting==<br />
=== Font substitution ===<br />
These settings can be changed in the OpenOffice.org options. From the drop-down menu, select ''Tools > Options > OpenOffice.org > Fonts''. Check the box that says ''Apply Replacement Table''. Type {{ic|Andale Sans UI}} in the font box and choose your desired font for the ''Replace with'' option. When done, click the ''checkmark''. Then choose the ''Always'' and ''Screen only'' options in the box below. Click OK.<br />
You will then need to go to ''Tools > Options > OpenOffice.org > View'', and uncheck "Use system font for user interface". If you use a non-antialised font, such as Arial, you will also need to uncheck "Screen font antialiasing" before menu fonts render correctly.<br />
<br />
=== Anti-aliasing ===<br />
Execute<br />
$ echo "Xft.lcdfilter: lcddefault" | xrdb -merge<br />
<br />
To make the change persistent, add {{ic|Xft.lcdfilter: lcddefault}} to your {{ic|~/.Xresources}} file. [https://bugs.launchpad.net/ubuntu/+source/openoffice.org/+bug/271283/comments/19].<br />
<br />
If this does not work, make sure you are running {{ic|xrdb -merge ~/.Xresources}} every time you launch [[Xorg|X]]. If you do not have this file, you will have to create it.<br />
<br />
=== TrueType font detection ===<br />
To add fonts to those already available in OpenOffice, run {{ic|spadmin}}.<br />
<br />
===Qt looks with KDE >4===<br />
OpenOffice has transitioned to Qt 4, and as such the look of the applications can not be set with Qt 3 tools.<br />
<br />
===Spell checking problems===<br />
As of openoffice 3.0.0-2, various dictionaries may be buggy due to a character encoding problem. To solve this issue, follow the following instructions.<br />
<br />
Find where the particular openoffice distribution places its dictionary files; e.g., {{Ic|pacman -Ql openoffice-base}}. Most distibutions follow the convention of installing these to {{filename|/usr/lib/openoffice/share/extension/install}}. Once the directory has been found, assign it to a shell variable:<br />
droot="/usr/lib/openoffice/share/extension/install"<br />
<br />
Install {{Pkg|unzip}} and {{Pkg|zip}} packages in order to be able to extract the dictionary files:<br />
pkg=$(pacman -T unzip zip) || pacman -S $pkg<br />
<br />
For reference, get a list of languages whose dictionary files are packaged with the base distribution:<br />
cd "$droot" && ls | sed -rn 's,^dict-(..)\.oxt$,\1,p'<br />
<br />
Define a list of languages whose dictionary files are to be fixed:<br />
lang="en es"<br />
<br />
Extract the target languages' dictionary files and convert the erroneous encoding to ''UTF-8'':<br />
tmp="/tmp/dictfix-$USER-$$"<br />
<br />
mkdir "$tmp"<br />
cd "$tmp"<br />
<br />
for i in $lang; do<br />
i="$droot/dict-$i.oxt"<br />
unzip "$i" -d oxt.tmp<br />
iconv -f ISO-8859-15 -t UTF-8 oxt.tmp/dictionaries.xcu > dict.tmp<br />
mv dict.tmp oxt.tmp/dictionaries.xcu<br />
(cd oxt.tmp && zip -r "$i" .)<br />
done<br />
<br />
rm -rf "$tmp"<br />
<br />
Finally, use the openoffice extension manager (available through the ''Tools'' menu) to install the dictionary from the resulting {{filename|dict-''xx''.oxt}} file(s).<br />
<br />
===Dark GTK themes, Icons and gtk-qt-engine===<br />
For a quick fix, see {{AUR|openoffice-dark-gtk-fix}} or if you have go-openoffice see {{AUR|go-openoffice-dark-gtk-fix}} in the [[Arch User Repository|AUR]]. This also sets 'OOO_FORCE_DESKTOP=gnome'. Another fix is to export SAL_USE_VCLPLUGIN=gen (generic X11). See [http://user.services.openoffice.org/en/forum/viewtopic.php?f=16&t=27216#p123942 for more info]<br />
<br />
'''In newer version of OO (3.2.0) and Libre''', the fixes mentioned above do not seem to work. If you use a dark GTK theme, you will be unable to change the icons from &ldquo;high-contrast&rdquo;. The colors can be configured manually in ''Options -> Appearance'', but Impress and Calc (maybe others too) will stay dark unless you disable automatic detection of high contrast themes first. The problem is with the default setting of &ldquo;Automatically detect high contrast mode of operating system&rdquo;. To change the default setting and allow the selection of icons and custom colors with a dark GTK theme, edit the following option:<br />
Tools &gt; Options... &gt; Accesibility|&gt; Uncheck: &nbsp; [ ] Automatically detect high contrast mode of operating system<br />
<br />
Now the colors can be configured in ''Options -> Appearance''.<br />
<br />
=== Hanging when using NFS shares ===<br />
If OpenOffice hangs when trying to open/save a document located on a NFS share, try prepending the following lines with a "#" in /usr/lib/openoffice/program/soffice (/usr/bin/soffice if using go-openoffice):<br />
# file locking now enabled by default<br />
SAL_ENABLE_FILE_LOCKING=1<br />
export SAL_ENABLE_FILE_LOCKING<br />
Original post [http://www.crazysquirrel.com/computing/debian/bugs/openoffice-over-nfs.jspx here]<br />
<br><br />
{{Note|Only NFSv3 is affected. NFSv4 works well with OpenOffice.}}<br />
<br />
=== Fixing Java Framework Error ===<br />
You may get the following error when you try to run OpenOffice. <br />
<br />
[Java framework] Error in function createSettingsDocument (elements.cxx).<br />
javaldx failed!<br />
<br />
If so, give yourself ownership of {{Ic|~/.config/}} like so: <br />
sudo chown -vR username:users ~/.config<br />
<br />
[https://bbs.archlinux.org/viewtopic.php?id=93168 Post on Arch Linux Forums]<br />
<br />
=== LibreOffice does not detect my certificates ===<br />
<br />
If you cannot see the certificates when trying to sign a document, you will need to have the certificates configured in Firefox (or Thunderbird). If after that LibreOffice still does not show them, set the MOZILLA_CERTIFICATE_FOLDER environment variable pointing to your Firefox (or Thunderbird) folder.<br />
<br />
export MOZILLA_CERTIFICATE_FOLDER=$HOME/.mozilla/firefox/XXXXXX.default/<br />
<br />
[http://wiki.services.openoffice.org/wiki/Certificate_Detection Certificate Detection]</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Arch_Around_the_World&diff=114132Arch Around the World2010-08-15T08:21:03Z<p>Jkastelic: /* United Kingdom */</p>
<hr />
<div>[[Category:About Arch (English)]][[Category:General (English)]]<br />
<br />
{{merge|International Communities}}<br />
<br />
==Communities Around the World==<br />
This list is by no means complete. If you know of a community that is not listed, please feel free to add it. If you are looking for a community that doesn't have an existing community, start one or visit the [http://bbs.archlinux.org/viewforum.php?id=30 Other Languages forum]<br />
<br />
===Brasil===<br />
*Homepage: http://archlinux-br.org/<br />
*Forum: http://forum.archlinux-br.org/<br />
*Wiki: http://wiki.archlinux-br.org/<br />
<br />
===Chile===<br />
*Homepage: http://archlinux.cl/<br />
*Forum: http://foro.archlinux.cl/<br />
*Wiki: http://wiki.archlinux.cl/<br />
<br />
===China===<br />
*Homepage: http://archlinux.cn/<br />
<br />
===Czech Republic===<br />
*Homepage: http://archlinux.cz/<br />
*Forum: http://www.archlinux.cz/forum/<br />
*Wiki: http://wiki.archlinux.org/index.php/Main_Page_(Česky)<br />
<br />
===Denmark===<br />
*Homepage: http://www.archlinux.dk/<br />
*Forum: http://forum.archlinux.dk/<br />
*Wiki: http://wiki.archlinux.org/index.php/Main_Page_(Dansk)<br />
<br />
===France===<br />
*Homepage: http://archlinux.fr/<br />
*Forum: http://forums.archlinux.fr/<br />
*Wiki: http://wiki.archlinux.fr/<br />
<br />
===Germany===<br />
*Homepage: https://www.archlinux.de/<br />
*Forum: https://forum.archlinux.de/<br />
*Wiki: https://wiki.archlinux.de/<br />
<br />
===Hungary===<br />
*Homepage: http://archlinux.fsf.hu/<br />
*Forum: http://archlinux.fsf.hu/forum<br />
<br />
===Italy===<br />
*Homepage: http://www.archlinux.it/<br />
*Forum: http://www.archlinux.it/forum<br />
*Wiki: http://wiki.archlinux.org/index.php/Main_Page_(Italiano)<br />
<br />
===Norway===<br />
*Forum: http://archlinux.no/<br />
<br />
===Poland===<br />
*Homepage: http://archlinux.pl/<br />
*Forum: http://forum.archlinux.pl/<br />
*Wiki: http://wiki.archlinux.org/index.php/Main_Page_(Polski)<br />
<br />
===Romania===<br />
*Homepage: http://archlinux.ro/<br />
*Forum: http://bbs.archlinux.ro/<br />
*Wiki: http://wiki.archlinux.ro/<br />
<br />
===Russia===<br />
*Homepage: http://archlinux.org.ru/<br />
*Forum: http://archlinux.org.ru/forum<br />
*Wiki: http://wiki.archlinux.org/index.php/Main_Page_(Русский)<br />
<br />
===Spain===<br />
*Homepage: http://archlinux-es.org/<br />
*Forum: http://www.archlinux-es.org/foros<br />
*Wiki: http://www.archlinux-es.org/wiki<br />
<br />
===Sweden===<br />
*Homepage: http://archlinux.se/<br />
*Forum: http://forum.archlinux.se/<br />
*Wiki: http://wiki.archlinux.se/<br />
<br />
===Turkey===<br />
*Homepage : http://www.archlinux.org.tr/<br />
*Forum : http://bbs.archlinux.org.tr/<br />
*Wiki : http://wiki.archlinux.org/index.php/Main_Page_(Türkçe)<br />
<br />
===Ukraine===<br />
*Forum: http://archlinux.org.ua/<br />
<br />
===United Kingdom===<br />
*Homepage : http://www.archlinux.org.uk/<br />
*Forum : http://www.archlinux.org.uk/archuk/<br />
<br />
===Israel===<br />
*Homepage : http://www.archlinux.org.il/<br />
*Forum : http://www.archlinux.org.il/forums/<br />
*Wiki : http://www.archlinux.org.il/wiki/</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Arch_is_the_best&diff=114131Arch is the best2010-08-15T07:57:50Z<p>Jkastelic: /* Translations */</p>
<hr />
<div>{{Expansion}}<br />
[[Category:About Arch (English)]]<br />
<br />
== Purpose ==<br />
<br />
The '''Arch is the best''' project is a very sophisticated and exquisite, ego-boosting and mind-blowing (albeit perhaps a bit over-engineered) project which aims to prove Arch's superiority.<br />
<br />
== History ==<br />
<br />
The project was initiated in April 2008 by long time Arch community member [http://bbs.archlinux.org/profile.php?id=2529 lucke] as a simple shell script which provided irrefutable proof that "Arch is the best". Over the following weeks, this project gathered momentum and was ported to multiple different languages, both programming and verbal.<br />
<br />
== The Code ==<br />
<br />
The "Arch is the best" project is ported to many programming languages.<br />
<br />
'''Ada''' - A pascal dialect<br />
<br />
with Ada.Text_IO;<br />
use Ada.Text_IO;<br />
procedure ArchIsTheBest is<br />
begin<br />
Put_Line("Arch is the best!");<br />
end HelloWorld;<br />
<br />
'''Awk'''<br />
<br />
BEGIN {<br />
print "Arch is the best!"<br />
}<br />
<br />
'''Portable GNU assembler''' - as -o arch.o arch.s && ld -o arch -O0 arch.o<br />
<br />
.section .data<br />
archIsBest: <br />
.ascii "Arch is the best!\n"<br />
archIsBest_len:<br />
.long . - archIsBest<br />
.section .text<br />
.globl _start<br />
_start:<br />
xorl %ebx, %ebx<br />
movl $4, %eax <br />
xorl %ebx, %ebx<br />
incl %ebx <br />
leal archIsBest, %ecx<br />
movl archIsBest_len, %edx <br />
int $0x80 <br />
xorl %eax, %eax<br />
incl %eax<br />
xorl %ebx, %ebx <br />
int $0x80<br />
<br />
'''Bash''' - the original program, should be compatible with any shell<br />
#!/bin/bash<br />
<br />
echo "Arch is the best!"<br />
<br />
'''Bash (Alternate)''' - handy for piping the output to your favourite IRC/email/IM client. Should work with any shell.<br />
#!/bin/bash<br />
yes Arch is the best!<br />
<br />
'''C''' - note the three space indenting used in this project, much like that used by other superior beings.<br />
#include <stdio.h><br />
#include <stdlib.h><br />
int main () <br />
{<br />
printf(Arch is the best!\n");<br />
return EXIT_SUCCESS;<br />
}<br />
<br />
'''C++''' - Arch == Linux++<br />
#include <iostream><br />
#include <cstdlib><br />
int main ()<br />
{<br />
std::cout << "Arch is the best!" << std::endl;<br />
return EXIT_SUCCESS;<br />
}<br />
<br />
'''Clojure''' - A Lisp dialect that runs on the JVM<br />
(def translations {"english" "Arch is the best!",<br />
"german" "Arch ist das Beste!",<br />
"australian" "Arch is fair dinkum, mate!",<br />
"h4x0r" "arhc 51 7he be57!",<br />
"spanish" "¡Arch es el mejor!"})<br />
<br />
(defn arch-is-the-best<br />
"Asks for a language and prints the corresponding translation. <br />
Loops until input is 'quit'"<br />
[]<br />
(println "Available languages: ")<br />
(doseq [language (keys translations)]<br />
(println (str "\t" language)))<br />
(flush)<br />
(loop []<br />
(print "Enter language, or quit: ")<br />
(flush)<br />
(let [input (. (read-line) toLowerCase)]<br />
(if (= input "quit")<br />
(println "Goodbye!")<br />
(do<br />
(println (translations input "Bad input!"))<br />
(recur))))))<br />
<br />
'''Common Lisp''' - Tested on SBCL, feel free to add more of the translations in<br />
#!/usr/bin/sbcl --script<br />
(defparameter *best-list* '((English "Arch is the best!")<br />
(Chinese "Arch, 她出类拔萃!")<br />
(German "Arch ist das Beste!")<br />
(Greek "Το Arch είναι το καλύτερο!")))<br />
(defun aitb ()<br />
(format t "Available languages: ~{~{~@(~a~)~*~}~^, ~}.~%" *best-list*)<br />
(loop for input = (progn (format t "~&Input the desired language, (or 'quit'): ~%")<br />
(force-output)<br />
(read-line))<br />
if (string-equal input "quit")<br />
do (loop-finish)<br />
else<br />
do (let ((language-def<br />
(assoc input *best-list*<br />
:key (lambda (lang) (symbol-name lang))<br />
:test #'string-equal)))<br />
(if language-def<br />
(format t "~&~A~%" (second language-def))<br />
(format t "~&Invalid language.~%"))))<br />
(format t "~&May the Arch be with you!~%"))<br />
(aitb)<br />
<br />
'''Go''' - A language created by Google that's a love child between C, C++ and Python<br />
package main<br />
<br />
import "fmt"<br />
<br />
func main() <br />
{<br />
fmt.Printf("Arch is the best!\n")<br />
}<br />
<br />
<br />
'''Haskell''' - The language where IO is easy and unproblematic<br />
main = putStrLn "Arch is the best!"<br />
<br />
'''Lua'''<br />
if io.popen("uname -r"):read():match("ARCH") then print("Arch is the best") else print("Get the Arch") end<br />
<br />
'''OCaml'''<br />
print_endline "Arch is the best!"<br />
<br />
'''Python''' - a python version<br />
#!/usr/bin/env python<br />
<br />
print 'Arch is the best!'<br />
<br />
'''Ruby''' - a Ruby version<br />
#!/usr/bin/ruby -w<br />
<br />
puts 'Arch is the best!'<br />
<br />
'''Shoes''' - A Ruby version using Shoes for a GUI<br />
Shoes.app :width => 135, :height => 30 do <br />
para "Arch is the Best!"<br />
end<br />
<br />
'''Standard ML'''<br />
print "Arch is the best!\n"<br />
<br />
'''Perl''' - a Perl version<br />
#!/usr/bin/perl<br />
<br />
print "Arch is the best!\n";<br />
<br />
'''Prolog''' - a version in Prolog<br />
format('Arch is the best~n',[]).<br />
<br />
'''Common Lisp''' - should run on any implementation (Clisp, Allegro, SBCL...)<br />
(princ "Arch is the best!")<br />
<br />
'''brainf*ck''' - doesn't the language name exaplain it?<br />
++>++++++>+++++<+[>[->+<]<->++++++++++<]>>.<[-]>[-<++>]<br />
<----------------.---------------.+++++.<+++[-<++++++++++>]<.<br />
>>+.++++++++++.<<.>>+.------------.---.<<.>>---.<br />
+++.++++++++++++++.+.<<+.[-]++++++++++.<br />
<br />
'''LOLCODE''' - why not?<br />
HAI<br />
CAN HAS STDIO?<br />
VISIBLE "ARCH IS TEH PWNZ LOL!"<br />
KTHXBYE<br />
<br />
'''Befunge''' - believed to be the first two-dimensional, ASCII-based, general-purpose (in the sense of "you could plausibly write Hunt the Wumpus in it") programming language<br />
<v"Arch is the best!"0<br />
<,_@#:<br />
<br />
'''PHP''' - a PHP version<br />
<?<br />
echo 'Arch is the best!\n';<br />
?><br />
<br />
'''JavaScript''' - a JavaScript version<br />
<script type="text/javascript><br />
alert('Arch is the best!');<br />
</script><br />
<br />
'''Java''' - an extremely portable language, this will run on pretty much anything, it might even run on your toaster!<br />
public class ArchIsTheBest {<br />
public static void main(String[] args) {<br />
System.out.println("Arch is the best!");<br />
}<br />
}<br />
<br />
'''Scheme''' - a dialect of Lisp<br />
(display "Arch is the best!\n")<br />
<br />
'''R''' - a language for statistical computing (and much more!).<br />
archIsBest <- function() { cat("Arch is the best!\n") }<br />
archIsBest()<br />
<br />
'''Tcl/Tk'''<br />
#!/usr/bin/env tclsh<br />
puts "Arch is the best!"<br />
<br />
'''Pixilang''' - make me pixels<br />
print("Arch is the best!",0,0,#1897D1)<br />
frame<br />
<br />
'''Objective-C'''<br />
NSLog(@"Arch is the best!");<br />
<br />
==Translations==<br />
'''Arabic'''<br />
ارتش هو الأفضل<br />
<br />
'''Australian'''<br />
Arch is fair dinkum, mate!<br />
<br />
'''Bahasa Indonesia'''<br />
Arch terbaik!<br />
<br />
'''Basque'''<br />
Arch onena da!<br />
<br />
'''Bengali'''<br />
Arch shobcheye bhalo!<br />
<br />
'''Binary ASCII'''<br />
0100000101110010011000110110100000100000011010010111001100100000011101000110100001100101001000000110001001100101011100110111010000100001<br />
<br />
'''British'''<br />
Arch is simply spiffing.<br />
<br />
'''Bulgarian'''<br />
Арч е най-добрия!<br />
<br />
'''Chinese (Simplified)'''<br />
Arch 最棒了!<br />
<br />
'''Ancient Chinese'''<br />
阿祺,盡善矣。<br />
<br />
'''Czech'''<br />
Arch je nejlepší!<br />
<br />
'''Danish'''<br />
Arch er bedst!<br />
<br />
'''Desrever (Reversed)'''<br />
!tseb eht si hcrA<br />
<br />
'''Dutch'''<br />
Arch is de beste!<br />
<br />
'''Finnish'''<br />
Arch on paras!<br />
<br />
'''Filipino'''<br />
Mabuhay ang Arch!<br />
<br />
'''French'''<br />
Arch est le meilleur!<br />
<br />
'''Galician'''<br />
Arch é o mellor!<br />
<br />
'''German'''<br />
Arch ist das Beste!<br />
<br />
'''Greek'''<br />
Το Arch είναι το καλύτερο!<br />
<br />
'''h4x0r'''<br />
Arch 15 7h3 b357!<br />
<br />
'''Hantec'''<br />
Arch je nejbetélnější!<br />
<br />
'''Hebrew'''<br />
ארצ' זה הכי אחי!<br />
<br />
'''Hexadecimal ASCII'''<br />
4172636820697320746865206265737421<br />
<br />
'''Hindi'''<br />
आर्ख सब से अच्छा है ।<br />
<br />
'''Hungarian'''<br />
Az Arch a legjobb!<br />
<br />
'''Japanese'''<br />
Archが一番ですよ!<br />
<br />
'''Kazakh'''<br />
Арч - ең жақсы!<br />
<br />
'''Latin'''<br />
Arch optimus est!<br />
<br />
'''Latvian'''<br />
Arch ir labākais!<br />
<br />
'''Marathi'''<br />
आर्च सगळ्यात भारी आहे!<br />
<br />
'''Norwegian'''<br />
Arch er best!<br />
<br />
'''Polish'''<br />
Arch jest najlepszy!<br />
<br />
'''Portuguese'''<br />
Arch é o melhor!<br />
<br />
'''Québécois'''<br />
Arch est le plus meilleure du monde!<br />
<br />
'''Romanian'''<br />
Аrch e cel mai bun!<br />
<br />
'''Russian'''<br />
Арч - лучший!<br />
<br />
'''Serbian'''<br />
Arch je najbolji!<br />
<br />
'''Slovenian'''<br />
Arch je najboljši!<br />
<br />
'''Spanish'''<br />
¡Arch es el mejor!<br />
<br />
'''Swedish'''<br />
Arch är bäst!<br />
<br />
'''Turkish'''<br />
Arch en iyisidir!<br />
<br />
'''Tamil'''<br />
ஆர்ச்சே சிறந்தது!<br />
<br />
'''Morse Code'''<br />
..- -... ..- -. - ..- / .. ... / - .... . / -... . ... -<br />
<br />
'''Braille'''<br />
⠁⠗⠉⠓⠀⠊⠎⠀⠮⠀⠃⠑⠎⠞⠲<br />
<br />
== Links ==<br />
<br />
* [http://bbs.archlinux.org/viewtopic.php?id=47306 forum Thread]<br />
* [http://arch.yarrt.com Unofficially Official Project Website]</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Arch_is_the_best&diff=114129Arch is the best2010-08-15T07:57:20Z<p>Jkastelic: /* Translations */</p>
<hr />
<div>{{Expansion}}<br />
[[Category:About Arch (English)]]<br />
<br />
== Purpose ==<br />
<br />
The '''Arch is the best''' project is a very sophisticated and exquisite, ego-boosting and mind-blowing (albeit perhaps a bit over-engineered) project which aims to prove Arch's superiority.<br />
<br />
== History ==<br />
<br />
The project was initiated in April 2008 by long time Arch community member [http://bbs.archlinux.org/profile.php?id=2529 lucke] as a simple shell script which provided irrefutable proof that "Arch is the best". Over the following weeks, this project gathered momentum and was ported to multiple different languages, both programming and verbal.<br />
<br />
== The Code ==<br />
<br />
The "Arch is the best" project is ported to many programming languages.<br />
<br />
'''Ada''' - A pascal dialect<br />
<br />
with Ada.Text_IO;<br />
use Ada.Text_IO;<br />
procedure ArchIsTheBest is<br />
begin<br />
Put_Line("Arch is the best!");<br />
end HelloWorld;<br />
<br />
'''Awk'''<br />
<br />
BEGIN {<br />
print "Arch is the best!"<br />
}<br />
<br />
'''Portable GNU assembler''' - as -o arch.o arch.s && ld -o arch -O0 arch.o<br />
<br />
.section .data<br />
archIsBest: <br />
.ascii "Arch is the best!\n"<br />
archIsBest_len:<br />
.long . - archIsBest<br />
.section .text<br />
.globl _start<br />
_start:<br />
xorl %ebx, %ebx<br />
movl $4, %eax <br />
xorl %ebx, %ebx<br />
incl %ebx <br />
leal archIsBest, %ecx<br />
movl archIsBest_len, %edx <br />
int $0x80 <br />
xorl %eax, %eax<br />
incl %eax<br />
xorl %ebx, %ebx <br />
int $0x80<br />
<br />
'''Bash''' - the original program, should be compatible with any shell<br />
#!/bin/bash<br />
<br />
echo "Arch is the best!"<br />
<br />
'''Bash (Alternate)''' - handy for piping the output to your favourite IRC/email/IM client. Should work with any shell.<br />
#!/bin/bash<br />
yes Arch is the best!<br />
<br />
'''C''' - note the three space indenting used in this project, much like that used by other superior beings.<br />
#include <stdio.h><br />
#include <stdlib.h><br />
int main () <br />
{<br />
printf(Arch is the best!\n");<br />
return EXIT_SUCCESS;<br />
}<br />
<br />
'''C++''' - Arch == Linux++<br />
#include <iostream><br />
#include <cstdlib><br />
int main ()<br />
{<br />
std::cout << "Arch is the best!" << std::endl;<br />
return EXIT_SUCCESS;<br />
}<br />
<br />
'''Clojure''' - A Lisp dialect that runs on the JVM<br />
(def translations {"english" "Arch is the best!",<br />
"german" "Arch ist das Beste!",<br />
"australian" "Arch is fair dinkum, mate!",<br />
"h4x0r" "arhc 51 7he be57!",<br />
"spanish" "¡Arch es el mejor!"})<br />
<br />
(defn arch-is-the-best<br />
"Asks for a language and prints the corresponding translation. <br />
Loops until input is 'quit'"<br />
[]<br />
(println "Available languages: ")<br />
(doseq [language (keys translations)]<br />
(println (str "\t" language)))<br />
(flush)<br />
(loop []<br />
(print "Enter language, or quit: ")<br />
(flush)<br />
(let [input (. (read-line) toLowerCase)]<br />
(if (= input "quit")<br />
(println "Goodbye!")<br />
(do<br />
(println (translations input "Bad input!"))<br />
(recur))))))<br />
<br />
'''Common Lisp''' - Tested on SBCL, feel free to add more of the translations in<br />
#!/usr/bin/sbcl --script<br />
(defparameter *best-list* '((English "Arch is the best!")<br />
(Chinese "Arch, 她出类拔萃!")<br />
(German "Arch ist das Beste!")<br />
(Greek "Το Arch είναι το καλύτερο!")))<br />
(defun aitb ()<br />
(format t "Available languages: ~{~{~@(~a~)~*~}~^, ~}.~%" *best-list*)<br />
(loop for input = (progn (format t "~&Input the desired language, (or 'quit'): ~%")<br />
(force-output)<br />
(read-line))<br />
if (string-equal input "quit")<br />
do (loop-finish)<br />
else<br />
do (let ((language-def<br />
(assoc input *best-list*<br />
:key (lambda (lang) (symbol-name lang))<br />
:test #'string-equal)))<br />
(if language-def<br />
(format t "~&~A~%" (second language-def))<br />
(format t "~&Invalid language.~%"))))<br />
(format t "~&May the Arch be with you!~%"))<br />
(aitb)<br />
<br />
'''Go''' - A language created by Google that's a love child between C, C++ and Python<br />
package main<br />
<br />
import "fmt"<br />
<br />
func main() <br />
{<br />
fmt.Printf("Arch is the best!\n")<br />
}<br />
<br />
<br />
'''Haskell''' - The language where IO is easy and unproblematic<br />
main = putStrLn "Arch is the best!"<br />
<br />
'''Lua'''<br />
if io.popen("uname -r"):read():match("ARCH") then print("Arch is the best") else print("Get the Arch") end<br />
<br />
'''OCaml'''<br />
print_endline "Arch is the best!"<br />
<br />
'''Python''' - a python version<br />
#!/usr/bin/env python<br />
<br />
print 'Arch is the best!'<br />
<br />
'''Ruby''' - a Ruby version<br />
#!/usr/bin/ruby -w<br />
<br />
puts 'Arch is the best!'<br />
<br />
'''Shoes''' - A Ruby version using Shoes for a GUI<br />
Shoes.app :width => 135, :height => 30 do <br />
para "Arch is the Best!"<br />
end<br />
<br />
'''Standard ML'''<br />
print "Arch is the best!\n"<br />
<br />
'''Perl''' - a Perl version<br />
#!/usr/bin/perl<br />
<br />
print "Arch is the best!\n";<br />
<br />
'''Prolog''' - a version in Prolog<br />
format('Arch is the best~n',[]).<br />
<br />
'''Common Lisp''' - should run on any implementation (Clisp, Allegro, SBCL...)<br />
(princ "Arch is the best!")<br />
<br />
'''brainf*ck''' - doesn't the language name exaplain it?<br />
++>++++++>+++++<+[>[->+<]<->++++++++++<]>>.<[-]>[-<++>]<br />
<----------------.---------------.+++++.<+++[-<++++++++++>]<.<br />
>>+.++++++++++.<<.>>+.------------.---.<<.>>---.<br />
+++.++++++++++++++.+.<<+.[-]++++++++++.<br />
<br />
'''LOLCODE''' - why not?<br />
HAI<br />
CAN HAS STDIO?<br />
VISIBLE "ARCH IS TEH PWNZ LOL!"<br />
KTHXBYE<br />
<br />
'''Befunge''' - believed to be the first two-dimensional, ASCII-based, general-purpose (in the sense of "you could plausibly write Hunt the Wumpus in it") programming language<br />
<v"Arch is the best!"0<br />
<,_@#:<br />
<br />
'''PHP''' - a PHP version<br />
<?<br />
echo 'Arch is the best!\n';<br />
?><br />
<br />
'''JavaScript''' - a JavaScript version<br />
<script type="text/javascript><br />
alert('Arch is the best!');<br />
</script><br />
<br />
'''Java''' - an extremely portable language, this will run on pretty much anything, it might even run on your toaster!<br />
public class ArchIsTheBest {<br />
public static void main(String[] args) {<br />
System.out.println("Arch is the best!");<br />
}<br />
}<br />
<br />
'''Scheme''' - a dialect of Lisp<br />
(display "Arch is the best!\n")<br />
<br />
'''R''' - a language for statistical computing (and much more!).<br />
archIsBest <- function() { cat("Arch is the best!\n") }<br />
archIsBest()<br />
<br />
'''Tcl/Tk'''<br />
#!/usr/bin/env tclsh<br />
puts "Arch is the best!"<br />
<br />
'''Pixilang''' - make me pixels<br />
print("Arch is the best!",0,0,#1897D1)<br />
frame<br />
<br />
'''Objective-C'''<br />
NSLog(@"Arch is the best!");<br />
<br />
==Translations==<br />
'''Arabic'''<br />
ارتش هو الأفضل<br />
<br />
'''Australian'''<br />
Arch is fair dinkum, mate!<br />
<br />
'''Bahasa Indonesia'''<br />
Arch terbaik!<br />
<br />
'''Basque'''<br />
Arch onena da!<br />
<br />
'''Bengali'''<br />
Arch shobcheye bhalo!<br />
<br />
'''Binary ASCII'''<br />
0100000101110010011000110110100000100000011010010111001100100000011101000110100001100101001000000110001001100101011100110111010000100001<br />
<br />
'''British'''<br />
Arch is simply spiffing.<br />
<br />
'''Bulgarian'''<br />
Арч е най-добрия!<br />
<br />
'''Chinese (Simplified)'''<br />
Arch 最棒了!<br />
<br />
'''Ancient Chinese'''<br />
阿祺,盡善矣。<br />
<br />
'''Czech'''<br />
Arch je nejlepší!<br />
<br />
'''Danish'''<br />
Arch er bedst!<br />
<br />
'''Desrever (Reversed)'''<br />
!tseb eht si hcrA<br />
<br />
'''Dutch'''<br />
Arch is de beste!<br />
<br />
'''Finnish'''<br />
Arch on paras!<br />
<br />
'''Filipino'''<br />
Mabuhay ang Arch!<br />
<br />
'''French'''<br />
Arch est le meilleur!<br />
<br />
'''Galician'''<br />
Arch é o mellor!<br />
<br />
'''German'''<br />
Arch ist das Beste!<br />
<br />
'''Greek'''<br />
Το Arch είναι το καλύτερο!<br />
<br />
'''h4x0r'''<br />
Arch 15 7h3 b357!<br />
<br />
'''Hantec'''<br />
Arch je nejbetélnější!<br />
<br />
'''Hebrew'''<br />
ארצ' זה הכי אחי!<br />
<br />
'''Hexadecimal ASCII'''<br />
4172636820697320746865206265737421<br />
<br />
'''Hindi'''<br />
आर्ख सब से अच्छा है ।<br />
<br />
'''Hungarian'''<br />
Az Arch a legjobb!<br />
<br />
'''Japanese'''<br />
Archが一番ですよ!<br />
<br />
'''Kazakh'''<br />
Арч - ең жақсы!<br />
<br />
'''Latin'''<br />
Arch optimus est!<br />
<br />
'''Latvian'''<br />
Arch ir labākais!<br />
<br />
'''Marathi'''<br />
आर्च सगळ्यात भारी आहे!<br />
<br />
'''Norwegian'''<br />
Arch er best!<br />
<br />
'''Polish'''<br />
Arch jest najlepszy!<br />
<br />
'''Portuguese'''<br />
Arch é o melhor!<br />
<br />
'''Québécois'''<br />
Arch est le plus meilleure du monde!<br />
<br />
'''Romanian'''<br />
Аrch e cel mai bun!<br />
<br />
'''Russian'''<br />
Арч - лучший!<br />
<br />
'''Serbian'''<br />
Arch je najbolji!<br />
<br />
'''Slovenian'''<br />
Arch je najboljši!<br />
<br />
'''Spanish'''<br />
¡Arch es el mejor!<br />
<br />
'''Swedish'''<br />
Arch är bäst!<br />
<br />
'''Turkish'''<br />
Arch en iyisidir!<br />
<br />
'''Tamil'''<br />
ஆர்ச்சே சிறந்தது!<br />
<br />
'''Morse Code'''<br />
..- -... ..- -. - ..- / .. ... / - .... . / -... . ... -<br />
<br />
'''Braille'''<br />
⠁⠗⠉⠓⠀⠊⠎⠀⠮⠀⠃⠑⠎⠞⠲<br />
<br />
== Links ==<br />
<br />
* [http://bbs.archlinux.org/viewtopic.php?id=47306 forum Thread]<br />
* [http://arch.yarrt.com Unofficially Official Project Website]</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Dm-crypt&diff=114124Dm-crypt2010-08-15T06:02:16Z<p>Jkastelic: /* Generating the keyfile */</p>
<hr />
<div>[[Category:Security (English)]]<br />
[[Category:File systems (English)]]<br />
[[Category:HOWTOs (English)]]<br />
<br />
== Why Encryption? ==<br />
Encryption is useful for two (related) reasons. Firstly, it prevents anyone with physical access to your computer, and your hard drive in particular, from getting the data from it (unless they have your passphrase/key). Secondly, it allows you to wipe the data on your hard drive with far more confidence in the event of you selling or discarding your drive.<br />
<br />
Basically, it supplements the access control mechanisms of the operating system (like file permissions) by making it harder to bypass the operating system by inserting a boot CD, for example. Encrypting the root partition prevents anyone from using this method to insert viruses or trojans onto your computer.<br />
<br />
Note that we're not encrypting the boot partition - the bootloader needs to read that one!<br />
<br />
'''ATTENTION: Having encrypted partitions does not protect you from all possible attacks. The encryption is only as good as your key management, and there are other ways to break into computers while they are running. Read the CAVEATS section below!'''<br />
<br />
== Why LUKS for dm-crypt? ==<br />
There are either 3 or 4 rival disk encryption standards in Linux, depending on how you count them.<br />
<br />
The old cryptoloop is deprecated: it's old, insecure and unreliable.<br />
<br />
A much better version, loop-AES (http://loop-aes.sourceforge.net/), was created but, due to politics, never became favorable with the kernel developers. It's far more secure than either cryptoloop or straight device-mapper encryptions (and probably faster than any of the other 3 options), but is not user-friendly. It also requires non-standard kernel support, which ARCH's kernel26 doesn't have.<br />
<br />
The standard device-mapper encryption ([http://www.saout.de/misc/dm-crypt/ dm-crypt]) is another choice.<br />
<br />
[http://code.google.com/p/cryptsetup/ LUKS] essentially makes management of encrypted partitions easier. Without going into the hairy details (check out the [http://code.google.com/p/cryptsetup/ LUKS home page] if you're interested), it stores all the needed setup information on the disk itself. All you need then is the password, which can be in a separate file if you like. The Linux implementation uses dm-crypt and it can have up to eight different passwords, which can be changed or revoked easily. It is also supported by mkinitcpio in ARCH linux, which is nice.<br />
<br />
== Caveats ==<br />
<br />
=== Security (encryption) ===<br />
Disk encryption is not the be-all and end-all of security. Why not? Well, for a start, it won't prevent people from hacking into a running computer (either over the network or at a console) if there is a security hole to exploited (and there invariably is). There are a dozen and one things you can (and should) do to secure your computer against this type of attack, but they are all outside the scope of this document.<br />
<br />
What's more, even in situations this type of encryption is useful for (physical access to storage media), it isn't worth a thing if someone has your key. In other words, if someone finds out or guesses your passphrase, or gets access to your external key file if you're using one, they can unlock the encryption on the hard drive in exactly the same way that you can.<br />
<br />
What does this mean for you? Well, if you use an external key file, keep the device it is on '''SAFE'''. Attach it to your keyring or whatever. If you use a passphrase, '''make it hard to guess'''. There are [http://www.google.co.uk/search?q=create+secure+password hundreds of documents] all over the internet telling you how to come up with a secure passphrase; we're not going to go over it here. Note, however, that we use the term "passphrase": '''it doesn't have to be a single word'''.<br />
<br />
=== Security (encrypted home) ===<br />
<br />
If you install mlocate, it will scan all your currently mounted filesystems regularly, in updatedb. Then it will write the list of filenames to /var/lib/mlocate/mlocate.db, which is in the (less-encrypted) root or /var partition. There might be other packages similar to mlocate. Thus an attacker will have a list of all your filenames, including the ones you illegally downloaded or perhaps you named a file after your secret lover (or your chat client did, somewhere under ~/.chat-client/...). Thus your security would be reduced to the level of [[System_Encryption_with_eCryptfs|eCryptfs]]. If you're interested in encryption, think twice before sabotaging its potential.<br />
<br />
Likewise, it is essential to have all swap be encrypted and /tmp to either be tmpfs or also an encrypted partition; otherwise it is all too easy for information to leak and you not even to realize it is leaking unencrypted onto the disk.<br />
<br />
== Getting started ==<br />
If you're not starting from an unused hard drive, '''BACK UP YOUR DATA!''' I cannot stress this enough. Ideally, you should be doing this regularly anyway, and it's particularly important with an encrypted hard drive. But beware: if you have unencrypted backups, is there any point in having an encrypted hard drive? Think about where you store your backups.<br />
<br />
'''Note:''' if you want to have encrypted swap, read the section below about Encrypted Swap and decide how you want to set it up ''before'' you start the rest of this HOWTO.<br />
<br />
Since Arch Linux 2009.08 the Arch installer provides a comfortable and easy way to configure dm_crypt (also in combination with [[LVM]]).<br />
Of course you can also do all the work manually.<br />
In either case it's recommended to overwrite the disk to wipe out former unencrypted content.<br />
<br />
== Preparation ==<br />
=== Overwriting ===<br />
Repartitioning and formatting your drive will only remove the filesystem metadata and will mostly leave the actual data intact, allowing determined attackers to recover your data using tools like [http://foremost.sourceforge.net/ Foremost]. If your harddisk contained sensitive data from previous use, you might want to overwrite that data. And contrary to popular belief, overwriting your data using a random source or overwriting it several times serves no purpose; the original data cannot be recovered once it has been overwritten with zeros. [http://www.springerlink.com/content/408263ql11460147/]<br />
<br />
To overwrite your disk with zeros you can use:<br />
# dd if=/dev/zero of=/dev/sda bs=1M<br />
<br />
If you want to check for bad blocks while writing you can use badblocks. <br />
The <tt>badblocks</tt> command will check your disk for bad blocks while writing random data. The pseudorandom algorithm used by this command is faster (although "less random") than <tt>/dev/urandom</tt>, so it can be useful for large disks. [[frandom]] is a fast random generator you might want to use for large disk.<br />
<br />
# badblocks -c 10240 -w -t random -s -v /dev/sda<br />
This will test blocks in groups of 10240 (i.e. 10MB) at a time, writing over them with random data and showing progress as it goes.<br />
<br />
However it should be noted that the pseudo random data generated by badblocks does not serve any other purpose than slowing down the wiping of your drive.<br />
<br />
<b>*NOTE*</b><br />
It is advantageous to subsequently fill the disk from a cryptographically-secure random number generator such as /dev/urandom, so that attackers who get access to your disk (the only people that disk-encryption defends against) cannot tell which blocks of the disk have yet been filled with encrypted data. If they get this information, it both tells them directly something about how much you've used your disk, and also might make the encryption easier to crack, (learning which parts of the disk are used might potentially help them guess which filesystem is inside, and maybe even what size files you've got...). Yes, /dev/urandom takes hours to generate enough data to fill up a modern hard disk, but you only have to do it once.<br />
<br />
To overwrite your disk with random information use:<br />
# dd if=/dev/urandom of=/dev/sda bs=1M<br />
<br />
== Arch Linux Installer (>2009.08) ==<br />
Since Arch Linux 2009.08 the installer supports dm_crypt and LVM (and combination of both) out of the box.<br />
<br />
Just run the installer as usual, i.e. follow the [[Official Arch Linux Install Guide]] or the [[Beginners' Guide]].<br />
When you reach the "Prepare Hard Drive(s)" don't use "Auto-Prepare" but set up your partitions manually.<br />
Beware that you '''have to''' create a separate unencrypted <tt>/boot</tt> partition, or GRUB/LILO has no chance to load the operating system afterwards.<br />
The most important step towards an encrypted system is done in the "Manually Configure ..." step.<br />
<br />
=== Configuring filesystems and mountpoints ===<br />
At first select the device corresponding to your unencrypted <tt>/boot</tt> partition, choose e.g. ext2 as filesystem and select <tt>/boot</tt> as the mountpoint.<br />
For all other partitions you created and which you want to be encrypted select dm_crypt in the filesystem dialog.<br />
You should enter a label for the encrypted device, e.g. 'sda2crypt', or simply 'root'.<br />
<br />
Here is an example listing how it may look like:<br />
/dev/sda1 raw->ext2;yes;/boot;no_opts;no_label;no_params<br />
/dev/sda2 raw->dm_crypt;yes;no_mountpoint;no_opts;sda2crypt<br />
/dev/sda3 raw->dm_crypt;yes;no_mountpoint;no_opts;sda3crypt<br />
/dev/mapper/sda2crypt dm_crypt->ext3;yes;/;no_opts;no_label;no_params<br />
/dev/mapper/sda3crypt dm_crypt->ext3;yes;/home;no_opts;no_label;no_params<br />
<br />
'''Note''': you can also put a LVM inside the dm_crypt partition, or vice versa a dm_crypt partition inside a LVM volume. See [[#Encrypting a LVM setup|Encrypting a LVM setup]] for details.<br />
<br />
When you press 'DONE' the installer will create and mount the filesystem configuration automatically. You will be prompted for a LUKS passphrase 3 times (2x to set a new passphrase, 1x to unlock the device).<br />
<br />
That's it with the dm_crypt specific part for so far. Select your desired packages and install the system.<br />
The installer should perform all steps necessary for configuring the boot and mount process of your new system.<br />
You can check the configuration afterwards and compare them to the one in the section about manual configuration.<br />
Especially the HOOKS section in <tt>mkinitcpio.conf</tt> is important for an encrypted root partition.<br />
<br />
=== Further tweaks for USB keyfile authentication ===<br />
When you're planning to use a keyfile on an USB stick instead of passphrase authentication you have to do some further tweaks in <tt>mkinitcpio.conf</tt>:<br />
To mount the USB device with your keyfile in the boot process add ''usb'' somewhere before ''encrypt'' in the HOOKS variable e.g.<br />
HOOKS=" ... sata '''usb''' usbinput keymap encrypt filesystems ... "<br />
And for a FAT formated USB stick add the following to the MODULES variable<br />
MODULES=" ... '''nls_cp437 vfat''' ... "<br />
<br />
After exiting the installer you can now create a keyfile onto USB stick your for authentication.<br />
This is for example done with the following commands. Check out section [[#Generating the keyfile|Generating the keyfile]] for further details.<br />
<br />
# mkdir /mnt/usbstick<br />
# mount -t vfat /dev/sdb1 /mnt/usbstick<br />
# cd /mnt/usbstick<br />
# dd if=/dev/urandom of=mykeyfile bs=512 count=4<br />
# cryptsetup luksAddKey /dev/sdaX /mnt/usbstick/mykeyfile<br />
<br />
<br />
== Manually configuring LUKS ==<br />
As noted [[#Overwriting|above]] it's recommended for security reasons to overwrite the partition before going any further.<br />
<br />
=== Partitioning ===<br />
At first set up your partitions as you want. Make sure you have a separate partition for /boot. If you think about it, this is absolutely necessary. If your /boot partition is encrypted, then your bootloader would not be able to read the kernel image and you would not get far.<br />
# cfdisk /dev/sda<br />
<br />
The following - indicative - partition layout will be used:<br />
/dev/sda1 -> /boot<br />
/dev/sda2 -> swap<br />
/dev/sda3 -> /<br />
/dev/sda4 (extended partition)<br />
/dev/sda5 -> /home<br />
/dev/sda6 -> /tmp # especially useful if you don't want to encrypt the entire root (/) partition<br />
<br />
=== Loading kernel modules ===<br />
'''Note:''' this article will use XTS-AES as encryption algorithm because it was standardized as IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices and it is quite secure, however the XTS mode is still flagged as "experimental" in the Linux kernel, so if you want something less secure but more proven, you should go with the CBC-ESSIV mode. The XTS mode is supported by Linux 2.6.24 upwards (ISO of Arch 2008.06 upwards).<br />
<br />
'''Note:''' The XTS mode uses two keys of the same size, therefore available sizes (using XTS-AES) are 256 (128 * 2), 384 (192 * 2) and 512 (256 * 2).<br />
<br />
Load the dm-crypt and the optimized AES module:<br />
# modprobe dm-crypt<br />
# modprobe aes-i586<br />
<br />
'''Note:''' x86_64 users can also try the "aes-x86_64" optimized module instead of "aes-i586".<br />
<br />
=== Mapping partitions ===<br />
==== Passphrase ====<br />
Use this to create a password to unlock your encrypted partions with:<br />
<br />
Create your new LUKS encrypted partitions:<br />
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda3<br />
Enter passphrase: mypassword<br />
Verify passphrase: mypassword<br />
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda5<br />
Enter passphrase: myotherpassword<br />
Verify passphrase: myotherpassword<br />
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda6<br />
Enter passphrase: myotherpassword<br />
Verify passphrase: myotherpassword<br />
<br />
Then open the newly created LUKS partitions:<br />
# cryptsetup luksOpen /dev/sda3 root<br />
Enter any LUKS passphrase: mypassword<br />
key slot 0 unlocked.<br />
Command successful.<br />
# cryptsetup luksOpen /dev/sda5 home<br />
Enter any LUKS passphrase: myotherpassword<br />
key slot 0 unlocked.<br />
Command successful.<br />
# cryptsetup luksOpen /dev/sda6 tmp<br />
Enter any LUKS passphrase: myotherpassword<br />
key slot 0 unlocked.<br />
Command successful.<br />
<br />
==== Keyfile ====<br />
You can also do the following to create a keyfile instead of a passphrase. Of course you could put the keyfile everywhere you like, but most probably you'll want to put it onto an USB stick to unlock your encrypted partions.<br />
See the [[System Encryption with LUKS for dm-crypt#Storing the key externally (USB stick)|corresponding section]] below for further details on this.<br />
<br />
To store the keyfile on an USB stick mount it and change to the directory<br />
# mkdir /mnt/usbstick<br />
# mount -t vfat /dev/sdb1 /mnt/usbstick<br />
# cd /mnt/usbstick<br />
<br />
As said above the keyfile can be of any content and size.<br />
We'll generate a random keyfile of 2048 bytes onto the USB stick:<br />
# dd if=/dev/urandom of=mykeyfile bs=512 count=4<br />
<br />
Create your new LUKS encrypted partitions:<br />
# cryptsetup -c aes-xts-plain -s 512 -v luksFormat /dev/sda3 /mnt/usbstick/mykeyfile<br />
# cryptsetup -c aes-xts-plain -s 512 -v luksFormat /dev/sda5 /mnt/usbstick/mykeyfile<br />
# cryptsetup -c aes-xts-plain -s 512 -v luksFormat /dev/sda6 /mnt/usbstick/mykeyfile<br />
<br />
Note: if you've already created the LUKS partitions e.g. with passphrase authentication, you can add a keyfile as further authentication method by using<br />
# cryptsetup luksAddKey /dev/sdaX /mnt/usbstick/mykeyfile # replace X by 3,5,6<br />
<br />
Then open the newly created LUKS partitions:<br />
# cryptsetup -d /mnt/usbstick/mykeyfile luksOpen /dev/sda3 root<br />
key slot 0 unlocked.<br />
Command successful.<br />
# cryptsetup -d /mnt/usbstick/mykeyfile luksOpen /dev/sda5 home<br />
key slot 0 unlocked.<br />
Command successful.<br />
# cryptsetup -d /mnt/usbstick/mykeyfile luksOpen /dev/sda6 tmp<br />
key slot 0 unlocked.<br />
Command successful.<br />
<br />
<br />
==== Explanation ====<br />
Now you should have a device called <tt>/dev/mapper/root</tt>, another one called <tt>/dev/mapper/home</tt> and another one called <tt>/dev/mapper/tmp</tt>. These are block devices like any other, but with a neat twist: whenever you write to them, the data is actually written to <tt>/dev/sda3</tt>, <tt>/dev/sda5</tt> or <tt>/dev/sda6</tt> respectively, but it is encrypted first! The only way to access the data on this encrypted partition is to re-create that <tt>/dev/mapper/root</tt>, <tt>/dev/mapper/home</tt> etc. device with cryptsetup each time you boot. With LUKS, you can use <tt>cryptsetup luksAddKey /dev/sda3</tt> to add a new password or <tt>cryptsetup luksDelKey /dev/sda3</tt> to revoke a password. Type <tt>cryptsetup -?</tt> or <tt>man cryptsetup</tt> (once you've booted your new Arch installation) for more info.<br />
<br />
'''Note:''' With LUKS, if you enter the wrong password, it will reject it. You don't have to worry about it possibly destroying your data.<br />
<br />
'''Note:''' You might also want to replace /var/tmp/ with a symbolic link to /tmp.<br />
<br />
'''Note:''' If you've decided to go for option two for encrypted swap (see Encrypted Swap below), you should set up <tt>/dev/mapper/swap</tt> in a similar way as you've just set up <tt>/dev/mapper/home</tt>. See Encrypted Swap below for details.<br />
<br />
<br />
=== Installing the system ===<br />
Now that <tt>/dev/mapper/root</tt> and <tt>/dev/mapper/home</tt> are in place, we can enter the regular Arch setup script to install the system into the encrypted volumes.<br />
# /arch/setup<br />
'''Note:''' Most of the installation can be carried out normally. However, there are a few areas where it is important to make certain selections these are marked below.<br />
<br />
==== Prepare hard drive ====<br />
Skip the Partitioning and Auto-Prepare business and go straight to manually configuration.<br />
Instead of choosing the hardware devices (/dev/sdaX) directly you have to select the mapper devices created above:<br />
Choose <tt>/dev/mapper/root</tt> for your root and <tt>/dev/mapper/home</tt> as home partition respectively and format them with any filesystem you like.<br />
The same is valid for a swap partition which is set up like the home partition. Make sure you mount <tt>/dev/sda1</tt> as the /boot partition or else the installer will not properly set up the bootloader.<br />
<br />
=== Select and Install packages ===<br />
Select and install the packages as usual, the base package contains all required programs.<br />
<br />
=== Configure System ===<br />
'''Note: ''encrypt'' hook is only needed if your root partition is a ''LUKS'' partition (or for a LUKS partition that needs to be mounted ''before'' root). Encrypt hook is not needed in case any other partition (swap, for example) is encrypted. System initialization scripts (''rc.sysinit'' and ''/etc/crypttab'' among others) take care of those.<br />
<br />
Afterwards you can check the files presented to you by the installer, the most important one being <tt>/etc/mkinitcpio.conf</tt>. For detailed info on mkinitcpio (and its configuration) refer to [[Mkinitcpio]].You have to make sure that your <tt>HOOKS</tt> looks somehow like this:<br />
HOOKS="... encrypt ... filesystems ..."<br />
It is important that the <tt>encrypt</tt> hook comes ''before'' the <tt>filesystems</tt> one. If you store your key on an external USB device (e.g. a USB stick), you need to add the USB hook too:<br />
HOOKS="... usb encrypt ... filesystems ..."<br />
For safety, add in usb before encrypt; not sure if they're run in the order they appear in mkinitcpio.conf or not. <br />
If you need support for foreign keymaps for your encryption password you have to specify the hook 'keymap' as well. I suggest to put this in <tt>mkinitcpio.conf</tt> right before 'encrypt'.<br />
<br />
If you have USB keyboard you need the "usbinput" hook in mkinitcpio.conf. Without it, no USB keyboard will work in early userspace.<br />
<br />
=== Install Bootloader ===<br />
'''GRUB:''' You have to make some small changes to the entries generated by the installer by replacing <tt>/dev/mapper/root</tt> with <tt>/dev/sda3</tt>. The corrected config looks like this:<br />
# (0) Arch Linux<br />
title Arch Linux<br />
root (hd0,0)<br />
kernel /vmlinuz26 root=/dev/sda3 ro<br />
initrd /kernel26.img<br />
For kernel >= 2.6.30:<br />
# (0) Arch Linux<br />
title Arch Linux<br />
root (hd0,0)<br />
kernel /vmlinuz26 cryptdevice=/dev/sda3:root root=/dev/mapper/root ro<br />
initrd /kernel26.img<br />
<br />
'''LILO:''' On Lilo, edit the Arch Linux section on /etc/lilo.conf and include a line for append option, over the initrd, with the "root=/dev/sda3" param. The append section make the same kernel line on grub. Also, you can ommit the root option, over the image option. The section look like this:<br />
# Arch Linux lilo section<br />
image = /vmlinuz26<br />
# root = /dev/sda3<br />
label = Arch<br />
initrd = /kernel26.img<br />
append = "root=/dev/sda3"<br />
read-only<br />
<br />
'''Note''' if you want to use a USB stick with a keyfile you have to append the ''cryptkey'' option. See the corresponding section below.<br />
<br />
=== Exit Install ===<br />
Now that the install is finished the only thing left to do is add entries to the <tt>/etc/crypttab</tt> file so you don't have to enter the passphrase for all encrypted partitions. This works only for non-root partitions e.g. /home, swap, etc.<br />
# vi /mnt/etc/crypttab<br />
Add the following line for the <tt>/home</tt> partition<br />
home /dev/sda5 "myotherpassword"<br />
<br />
You can also use a keyfile instead of a passphrase. If not already done, create a keyfile and add the key to the corresponding LUKS partition as described [[#Keyfile|above]].<br />
Then add the following information to the <tt>/etc/crypttab</tt> file for automounting:<br />
home /dev/sda5 /path/of/your/keyfile<br />
<br />
After rebooting you should now be presented with the text<br />
A password is required to access the root filesystem:<br />
followed by a prompt for any LUKS password. Type it in and everything should boot.<br />
Once you've logged in, have a look at your mounted partitions by typing <tt>mount</tt>. You should have <tt>/dev/mapper/root</tt> mounted at <tt>/</tt> and, if you set up a separate encrypted home partition, <tt>/dev/mapper/home</tt> mounted at <tt>/home</tt>. If you set up encrypted swap, <tt>swapon -s</tt> should have <tt>/dev/mapper/swap</tt> listed as your swap partition.<br />
<br />
'''Note:''' eventually the text prompting for the password is mixed up with other boot messages. So the boot process may seem frozen at first glance, but it isn't, simply enter your password and press return.<br />
<br />
<br />
== Encrypting swap partition ==<br />
Sensitive data stored in memory may be written to swap at any time. If you've gone to the trouble of encrypting your root and home partitions, you should encrypt your swap as well. There are two options here: random encryption on each boot (better security), or the same encryption each time. We won't cover the second option here, as it is pretty much identical to how you set up the /home partition above. Just replace all references to home with swap, and sda5 with sda2.<br />
<br />
Arch Linux provides a convenient way for the first option, which uses dm-crypt directly without LUKS. If you're still in the archsetup process, just switch to a different virtual console (ALT+F2). If you've exited already, the new root will have been unmounted. Use <tt>mount /dev/mapper/root /mnt</tt> to mount it again.<br />
<br />
Now add an entry to the cryptsetup file:<br />
# echo swap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> /mnt/etc/crypttab<br />
<br />
'''Note:''' Recommended hash algorithms are "whirlpool" (patent free), "sha256", "sha384" or "sha512". Default is "ripemd160" (not recommended).<br />
<br />
''[why is it not recommended? only RIPEMD (128bit) was hacked RIPEMD-160 is still safe[https://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=83310], isn't it? I heard wirlpool is at least twice as slow. ]''<br />
<br />
'''Note:''' Please take extra care to put the right partition here. The startup script won't ask before overwriting the provided device, destroying '''all''' data on it, ''unless it has a LUKS header'', then it simply won't work. If you have been following these instructions closely, then in the section "Mapping Partitions" above you put a LUKS header on your swap partition. Erase it with something like the command below, replacing /dev/sda2 with the appropriate swap device:<br />
# dd if=/dev/zero of=/dev/sda2<br />
<br />
From now on, each time you boot, the partition will be encrypted automatically with a random key, and will then be formated with mkswap.<br />
<br />
Now all you have to do is adjust the corresponding entry in /etc/fstab:<br />
/dev/mapper/swap swap swap defaults 0 0<br />
<br />
And you're done! Carry on with installation or, if you've already finished, <tt>umount /mnt</tt>.<br />
<br />
== Encrypted swap with suspend-to-disk support ==<br />
<span style="color:red">''Warning: don't use this setup with a key file, please read about the issue reported here: http://wiki.archlinux.org/index.php/Talk:System_Encryption_with_LUKS_for_dm-crypt#Suspend_to_disk_instructions_are_insecure''</span><br><br><br />
To be able to resume after suspending the computer to disk (hibernate), it is required to keep the swap filesystem intact. Therefore, it is required to have a presistent LUKS swap partition, which can be stored on the disk or input manually at startup. Because the resume takes place before the crypttab can be used, it is required to create a hook in mkinitcpio.conf to open the swap LUKS device before resuming. The following setup has the disadvantage of having to insert a key manually for the swap partition.<br />
<br />
If you want to use a partition which is currently used by the system, you have to disable it, first:<br />
# swapoff /dev/<device><br />
To create the swap partition, follow steps similar to those described in [[#Mapping_partitions | mapping partitions]] above.<br><br><br />
1. Format the partition you want to use as swap with '''cryptsetup'''. For performance reasons, you might want to use different ciphers with different key sizes. A benchmark can be found [http://www.saout.de/tikiwiki/tiki-index.php?page=UserPageChonhulio here].<br />
# cryptsetup -c aes-xts-plain -s 512 -h sha512 -v luksFormat /dev/<device><br />
<br />
Check result with:<br />
# cryptsetup luksDump /dev/<device><br />
<br />
2. Open the partition in ''/dev/mapper'':<br />
# cryptsetup luksOpen /dev/<device> swapDevice<br />
3. Create a swap filesystem inside the mapped partition:<br />
# mkswap /dev/mapper/swapDevice<br />
Now you should have a LUKS swap partition which asks for the passphrase before mounting. Make sure you remove any line in ''/etc/crypttab'' which uses this device. Now you have to create a hook to open the swap at boot time.<br><br><br />
4. Create a file ''/lib/initcpio/hooks/openswap'' containing the open command:<br />
# vim: set ft=sh:<br />
run_hook ()<br />
{<br />
cryptsetup luksOpen /dev/<device> swapDevice<br />
}<br />
5. Then create and edit the hook setup file ''/lib/initcpio/install/openswap'' as:<br />
# vim: set ft=sh:<br />
<br />
install ()<br />
{<br />
MODULES=""<br />
BINARIES=""<br />
FILES=""<br />
SCRIPT="openswap"<br />
}<br />
<br />
help ()<br />
{<br />
cat<<HELPEOF<br />
This opens the swap encrypted partition /dev/<device> in /dev/mapper/swapDevice<br />
HELPEOF<br />
}<br />
6. Add the hook ''openswap'' in the HOOKS array in ''/etc/mkinitcpio.conf'', before ''filesystem'', but '''after''' ''encrypt'' which is mandatory as well.<br><br><br />
7. Regenerate the boot image:<br />
# mkinitcpio -p kernel26<br />
8. Add the mapped partition to ''/etc/fstab'':<br />
/dev/mapper/swapDevice swap swap defaults 0 0<br />
9. Set-up your system to resume from ''/dev/mapper/swapDevice''. For example, if you use GRUB with kernel hibernation support, add "resume=/dev/mapper/swapDevice" to the kernel line in ''/boot/grub/menu.lst''. A line with encrypted root and swap partitions can look like this:<br />
kernel /vmlinuz26 cryptdevice=/dev/sda2:rootDevice root=/dev/mapper/rootDevice resume=/dev/mapper/swapDevice ro<br />
At boot time, the ''openswap'' hook will open the swap partition so the kernel resume may use it. If you use special hooks for resuming from hibernation, make sure they stand '''after''' ''openswap'' in the HOOKS array. Please note that because of initrd opening swap there is no entry for swapDevice in /etc/crypttab needed in this case.<br />
<br />
== Storing the key externally (USB stick) ==<br />
=== Preparation for permanent device names ===<br />
For reading the file from an USB stick it's important to access it through a permanent device name.<br />
The numbering of the normal device names e.g. <tt>/dev/sdb1</tt> is somewhat arbitrary and depends on how many storage devices are attached and in what order etc.<br />
So in order to assure that the ''encrypt'' HOOK in the initcpio finds your keyfile you have to use a permanent device name. <br />
<br />
==== Quick method ====<br />
A quick method (as opposed to setting up a udev rule) for doing so involves referencing your removable device by its label (or UUID). To find your label or UUID, plug in your USB drive and run <br />
# ls -l /dev/disk/by-label/<br />
lrwxrwxrwx 1 root root 10 12. Feb 10:11 Keys -> ../../sdb1<br />
or<br />
# ls -l /dev/disk/by-uuid/<br />
lrwxrwxrwx 1 root root 10 12. Feb 10:11 4803-8A7B -> ../../sdb1<br />
<br />
In this case I labeled the vfat partition on my USB drive as "Keys" so my device is always symlinked in /dev/disk/by-label/Keys, or If I had wanted to use the UUID I would find /dev/disk/by-uuid/4803-8A7B. This allows me to have a consistent naming of my USB devices regardless of the order they are plugged into the system. These device names can be used in the "cryptkey" kernel option or any where else. Filesystem UUIDs are stored in the filesystem itself, meaning that the UUID will be the same if you plug it into any other computer, and that a dd backup of it will always have the same UUID since dd does a bitwise copy.<br />
<br />
'''Note:''' If you plan to store the keyfile between [[#Storing_the_key_between_MBR_and_1st_partition|MBR and the 1st partition]] you '''cannot use this method''', since it only allows access to the partitions (<tt>sdb1</tt>,<tt>sdb2</tt>,...) but not to the usb device (<tt>sdb</tt>) itself.<br />
Create a UDEV rule instead as described in the following section.<br />
<br />
==== Using UDEV ====<br />
Optionally you may choose to set up your stick with an udev rule. There's some documentation in the Arch wiki about that already, if you want more in-depth, structural info, read [http://reactivated.net/writing_udev_rules.html this guide]. Here's quickly how it goes.<br />
<br />
Get the serial number from your USB stick:<br />
lsusb -v | grep -A 5 Vendor<br />
Create a udev-rule for it:<br />
echo 'KERNEL=="sd*", ATTRS{serial}=="$SERIAL", SYMLINK+="$SYMLINK%n"' > /etc/udev/rules.d/8-usbstick.rules<br />
Replace $SYMLINK and $SERIAL with their respective values. %n will expand to the partition (just like sda is subdivided into sda1, sda2, ...). You do not need to go with the 'serial' attribute, if you have a custom rule of your own, you can put it in as well (e.g. using the vendor name). <br />
<br />
Rescan your sysfs:<br />
udevadm trigger<br />
Now check the contents of dev:<br />
ls /dev<br />
It should show your device with your desired name. <br />
<br />
=== Generating the keyfile ===<br />
Optionally you can mount a tmpfs for storing the temporary keyfile.<br />
# mkdir ./mytmpfs<br />
# mount tmpfs ./mytmpfs -t tmpfs -o size=32m<br />
# cd ./mytmpfs<br />
The advantage is that it resides in RAM and not on a physical disk, so after unmounting your keyfile is securly gone.<br />
So copy your keyfile to some place you consider as secure before unmounting.<br />
If you are planning to store the keyfile as a plain file on your USB device, you can also simply execute the following command in the corresponding directory, e.g. <tt>/media/sdb1</tt><br />
<br />
The keyfile can be of arbitrary content and size. We'll generate a random temporary keyfile of 2048 bytes:<br />
# dd if=/dev/urandom of=secretkey bs=512 count=4<br />
<br />
If you stored your temporary keyfile on a physical storage, remember to not just (re)move the keyfile later on, but use something like<br />
cp secretkey /destination/path<br />
shred --remove --zero secretkey<br />
to securely overwrite it. (However due to journaling filesystems this is also not 100% secure.)<br />
<br />
Add the temporary keyfile with cryptsetup:<br />
# cryptsetup luksAddKey /dev/sda2 secretkey<br />
Enter any LUKS passphrase:<br />
key slot 0 unlocked.<br />
Command successful.<br />
<br />
=== Storing the keyfile ===<br />
To store the key file, you have two options. The first is less risky than the other, but perhaps a bit more secure (if you consider security by obscurity as more secure).<br />
In any case you have to do some further configuration, if not already done above<br />
<br />
==== Configuration of initcpio ====<br />
You have to add two extra modules in your /etc/mkinitcpio.conf, one for the stick's file system and one for the codepage. Further if you created a udev-rule you should tell mkinitcpio about it:<br />
MODULES="ata_generic ata_piix nls_cp437 vfat"<br />
FILES="/etc/udev/rules.d/8-usbstick.rules"<br />
In this example it's assumed, that you use a FAT formated stick. Replace those module names if you use another file system on your USB stick (e.g. ext2) or another codepage. Users running the stock Arch kernel should stick to the codepage mentioned here.<br />
<br />
In addition insert the ''usb'' hook somewhere before the ''encrypt'' hook.<br />
HOOKS="... '''usb''' encrypt ... filesystems ..."<br />
<br />
Generate a new image (maybe you should take a copy of your old kernel26.img before):<br />
mkinitcpio -g /boot/kernel26.img<br />
<br />
==== Storing the key as plain (visible) file ====<br />
Be sure to choose a plain name for your key - a bit of 'security through obscurity' is always nice ;-). Avoid using dots (hidden files) and similar characters - the encrypt hook will fail to find the keyfile during the boot process.<br />
<br />
You have to add a kernel parameter in your menu.lst (grub), it should look something like this:<br />
kernel /vmlinuz26 root=/dev/hda3 ro vga=791 cryptkey=/dev/usbstick:vfat:/secretkey<br />
This assumes <tt>/dev/usbstick</tt> is the FAT partition of your choice. Replace it by <tt>/dev/disk/by-...</tt> or whatever your device is.<br />
<br />
That's all, reboot and have fun!<br />
<br />
==== Storing the key between MBR and 1st partition ====<br />
We'll write the key directly between MBR and first partition.<br />
<br />
'''WARNING:''' you should only follow this step if you know what you are doing - <b>it can cause data loss and damage your partitions or MBR on the stick!</b><br />
<br />
If you have a bootloader installed on your drive you have to adjust the values. E.g. Grub needs the first 16 sectors (actually, it depends on the type of the file system, so don't rely on this too much), you would have to replace seek=4 with seek=16; otherwise you would overwrite parts of your Grub installation. When in doubt, take a look at the first 64 sectors of your drive and decide on your own where to place your key. <br />
<br />
<i>Optional</i><br />
If you don't know if you've got enough free space before the first partition you can do<br />
dd if=/dev/usbstick of=64sectors bs=512 count=64 # gives you copy of your first 64 sectors<br />
hexcurse 64sectors # determine free space<br />
xxd 64sectors | less # alternative hex viewer<br />
<br />
Write your key to the disk:<br />
dd if=secretkey of=/dev/usbstick bs=512 seek=4<br />
<br />
If everything went fine you can now overwrite and delete your temporary secretkey as noted above.<br />
You should not simply use rm as the keyfile would only be unlinked from your filesystem and be left physically intact.<br />
<br />
Now you have to add a kernel parameter in your menu.lst (Grub), it should look something like this:<br />
kernel /vmlinuz26 root=/dev/hda3 ro vga=791 cryptkey=/dev/usbstick:2048:2048<br />
Format for the cryptkey option:<br />
cryptkey=BLOCKDEVICE:OFFSET:SIZE<br />
OFFSET and SIZE match in this example, but this is coincidence - they can differ (and often will). An other possible example could be<br />
kernel /vmlinuz26 root=/dev/hda3 ro vga=791 cryptkey=/dev/usbstick:8192:2048<br />
That's all, reboot and have fun! And look if your partitions still work after that ;-).<br />
<br />
== Backup the cryptheader ==<br />
When the header of your crypted partition was destroyed, you will not be able to decrypt your data.<br />
So creating a backup of the headers and storing them on another disk might be a good idea.<br />
<br />
'''Attention:''' Many people recommend NOT to backup the cryptheader, even so it's a single point failure!<br />
In short, the problem is, that LUKS isn't aware of the duplicated cryptheader, which contains the masterkey which is used to encrypt all files on your partition. Of course this masterkey is encrypted with your passphrases or keyfiles.<br />
But if one of those gets compromised and you want to revoke it you have to do this on all copies of the cryptheader!<br />
I.e. if someone has got your cryptheader and one of your keys he can decrypt the masterkey and access all your data.<br />
Of course the same is true for all backups you create of your partions.<br />
So you decide if you are one of those paranoids brave enough to go without a backup for the sake of security or not.<br />
See also [http://www.saout.de/tikiwiki/tiki-slideshow.php?page=LUKSFaq&slide=1|LUKSFaq] for further details on this.<br />
<br />
=== Backup ===<br />
First you have to find out the payload offset of the crypted partition (replace sdaX with the corresponding partition)<br />
cryptsetup luksDump /dev/sdaX | grep "Payload offset"<br />
Payload offset: 4040<br />
Now that you know the value, you can backup the header with a simple dd command<br />
dd if=/dev/sdaX of=./backup.img bs=512 count=4040<br />
<br />
'''Note:''' you can also backup the header into a tmpfs/ramfs and encrypt it with gpg or whatever before writing it to a physical disk. Of course you can wrap your encrypted backup into another encryption layer and so on until you feel safe enough :-)<br />
<br />
=== Restore ===<br />
Be careful before restore: make sure that you chose the right partition (again replace sdaX with the corresponding partition).<br />
Restoring the wrong header or restoring to an unencrypted partition will cause data loss.<br />
dd if=./backup.img of=/dev/sdX bs=512 count=4040<br />
<br />
== Encrypting a loopback filesystem ==<br />
''[This paragraph has been merged from another page; its consistency with the other paragraphs should be improved]<br />
<br />
=== Preparation and mapping ===<br />
So, let's start by creating an encrypted container!<br />
<br />
dd if=/dev/zero of=/bigsecret bs=1M count=10 # you can also use if=/dev/urandom, if you're really paranoid<br />
<br />
This will create the file 'bigsecret' with a size of 10 megabytes.<br />
<br />
losetup /dev/loop0 /bigsecret<br />
<br />
This will create the device node /dev/loop0, so that we can mount/use our container. (Note: if it gives you the error "/dev/loop0: No such file or directory", you need to first load the kernel module with <tt>modprobe loop</tt>)<br />
<br />
cryptsetup luksFormat /dev/loop0<br />
<br />
This will ask you for a password for your new container file. (Note: if you get an error like "Command failed: Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/loop0 contains at least 133 sectors", then run <tt>modprobe dm-mod</tt>)<br />
<br />
cryptsetup luksOpen /dev/loop0 secret<br />
<br />
The encrypted container is now available through the devicefile /dev/mapper/secret.<br />
Now we are able to create a partition in the container:<br />
<br />
mkfs.ext2 /dev/mapper/secret<br />
<br />
and mount it...<br />
<br />
mkdir /mnt/secret<br />
mount -t ext2 /dev/mapper/secret /mnt/secret<br />
<br />
We can now use the container as if it was a normal partition!<br />
To unmount the container:<br />
<br />
umount /mnt/secret<br />
cryptsetup luksClose secret<br />
losetup -d /dev/loop0 # free the loopdevice.<br />
<br />
so, if you want to mount the container again, you just apply the following commands:<br />
<br />
losetup /dev/loop0 /bigsecret<br />
cryptsetup luksOpen /dev/loop0 secret<br />
mount -t ext2 /dev/mapper/secret /mnt/secret<br />
<br />
Pretty easy, huh?<br />
<br />
=== Encrypt using a key-file ===<br />
Let's first generate a 2048 Byte random keyfile :<br />
<br />
dd if=/dev/urandom of=keyfile bs=1k count=2<br />
<br />
We can now format our container using this key<br />
<br />
cryptsetup luksFormat /dev/loop0 keyfile<br />
<br />
or our partition : <br />
<br />
cryptsetup luksFormat /dev/hda2 keyfile<br />
<br />
Once formatted, we can now open the luks device using the key:<br />
<br />
cryptsetup -d keyfile luksOpen /dev/loop0 container<br />
<br />
You can now like before format the device /dev/mapper/container with your favorite filesystem and then mount it just as easily.<br />
<br />
The keyfile is now the only key to your file. I personally advise to encrypt your keyfile using your private GPG key and storing an offsite secured copy of the file.<br />
<br />
=== Resizing the loopback filesystem ===<br />
First we should unmount the encrypted container:<br />
umount /mnt/secret<br />
cryptsetup luksClose secret<br />
losetup -d /dev/loop0 # free the loopdevice.<br />
<br />
After this we need to create a second file with the size of the data we want to add:<br />
dd if=/dev/zero of=zeros bs=1M count=1024<br />
<br />
You could use /dev/urandom instead of /dev/zero if you're paranoid, but /dev/zero should be faster on older computers.<br />
Next we need to add the created file to our container. Be careful to really use TWO ">", or you will override your current container!<br />
cat zeros >> /bigsecret<br />
Now we have to map the container to the loopdevice:<br />
losetup /dev/loop0 /bigsecret<br />
cryptsetup luksOpen /dev/loop0 secret<br />
After this we will resize the encrypted part of the container to the maximum size of the container file:<br />
cryptsetup resize secret<br />
Finally we can resize the filesystem. Here is an example for ext2/3/4:<br />
e2fsck -f /dev/mapper/secret # Just doing a filesystem check, because it's a bad idea to resize a broken fs<br />
resize2fs /dev/mapper/secret<br />
You can now mount your container again:<br />
mount /dev/mapper/secret /mnt/secret<br />
<br />
== Encrypting a LVM setup ==<br />
It's really easy to use encryption together with LVM. We are not going to cover the process of setting up LVM here as there is already a guide for that ([[Installing_with_Software_RAID_or_LVM]]).<br />
<br />
The best method and easier method to follow for a laptop is to set up the LVM on top of the encrypted partition instead of the other way around. This link here is easy to follow and explains everything: [http://www.pindarsign.de/webblog/?p=767 Arch Linux: LVM on top of an encrypted partition]<br />
<br />
The most important this in setting LVM on '''top''' of encryption is, that you need to have ''encrypt'' hook '''before''' ''lvm2'' hook (and those two before ''filesystems'' hook, but that's repeating). Because they are processed in order.<br />
<br />
To use encryption on top of LVM, you have to first setup your lvm volumes and then use them as base for the encrypted partitions. That means in short that you have to setup lvm at first. Then follow this guide, but replace all occurrences of /dev/sdXy in the guide with its lvm counterpart. (eg: /dev/sda5 -> /dev/<volume group name>/home).<br />
<br />
Don't forget to add the "lvm2" hook in /etc/mkinitcpio.conf '''before''' the "encrypt" hook, if you chose to set up encrypted partition on '''top''' of LVM. Also remember to change USELVM in /etc/rc.conf to yes.<br />
<br />
=== LVM with Arch Linux Installer (>2009.08) ===<br />
<br />
Since Arch Linux images 2009.08 LVM and dm_crypt is supported by the installer out of the box.<br />
This makes it very easy to configure your system for LVM on dm-crypt or vice versa.<br />
Actually the configuration is done exactly as without LVM, see the [[#Arch Linux Installer (>2009.08)|corresponding]] section above. It differs only in two aspects.<br />
<br />
==== The partition and filesystem choice ====<br />
Create a small, unencrypted boot partition and use the remaining space for a single partion which can later be split up into multiple logic volumes by LVM.<br />
<br />
For a LVM-on-dm-crypt system set up the filesystems and mounting points for example like this:<br />
/dev/sda1 raw->ext2;yes;/boot;no_opts;no_label;no_params<br />
/dev/sda2 raw->dm_crypt;yes;no_mountpoint;no_opts;sda2crypt;-c_aes-xts-plain_-y_-s_512<br />
/dev/mapper/sda2crypt dm_crypt->lvm-vg;yes;no_mountpoint;no_opts;no_label;no_params<br />
/dev/mapper/sda2crypt+ lvm-pv->lvm-vg;yes;no_mountpoint;no_opts;cryptpool;no_params<br />
/dev/mapper/cryptpool lvm-vg(cryptpool)->lvm-lv;yes;no_mountpoint;no_opts;cryptroot;10000M|lvm-lv;yes;no_mountpoint;no_opts;crypthome;20000M<br />
/dev/mapper/cryptpool-cryptroot lvm-lv(cryptroot)->ext3;yes;/;no_opts;cryptroot;no_params<br />
/dev/mapper/cryptpool-crypthome lvm-lv(crypthome)->ext3;yes;/home;no_opts;cryptroot;no_params<br />
<br />
==== The configuration stage ====<br />
In <tt>/etc/rc.conf</tt> set USELVM="yes"<br />
In <tt>/etc/mkinitcpio.conf</tt> add ''lvm2'' '''before''' ''encrypt'' in the HOOKS variable if you set up LVM on top of the encrypted partition.<br />
<br />
That's it for the LVM&dm_crypt specific part. The rest is done as usual.<br />
<br />
=== Applying this to a non-root partition ===<br />
You might get tempted to apply all this fancy stuff to a non-root partition. Arch does not support this out of the box, however, you can easily change the cryptdev and cryptname values in /lib/initcpio/hooks/encrypt (the first one to your /dev/sd* partition, the second to the name you want to attribute). That should be enough.<br><br />
The big advantage is you can have everything automated, while setting up /etc/crypttab with an external key file (i.e. not on any internal HD partition) can be a pain - you need to make sure the USB/FireWire/... device gets mounted before the encrypted partition, which means you have to change fstab order (at least).<br><br />
Of course, if the cryptsetup package gets upgraded, you will have to change this script again. However, this solution is to be preferred over hacking rc.sysinit or similar files. Unlike /etc/crypttab, only one partition is supported, but with some further hacking one should be able to have multiple partitions unlocked.<br />
<br />
<br />
If you want to do this on a software RAID partition, there's one more thing you need to do. Just setting the /dev/mdX device in /lib/initcpio/hooks/encrypt is not enough; the encrypt hook will fail to find the key for some reason, and not prompt for a passphrase either. It looks like the RAID devices aren't brought up until after the encrypt hook is run. You can solve this by putting the RAID array in /boot/grub/menu.lst, like <br />
kernel /boot/vmlinuz26 md=1,/dev/hda5,/dev/hdb5<br />
<br />
If you set up your root partition as a RAID array you will notice the similarities with that setup ;-). Grub can handle multiple array definitions just fine:<br />
kernel /boot/vmlinuz26 root=/dev/md0 ro md=0,/dev/sda1,/dev/sdb1 md=1,/dev/sda5,/dev/sdb5,/dev/sdc5<br />
<br />
=== LVM&dm-crypt manually (short version) ===<br />
==== Notes ====<br />
If you're enough smart enough for this, you'll be smart enough to ignore/replace LVM-specific things if you don't want to use LVM.<br />
<br />
==== Partitioning scheme ====<br />
/dev/sda1 -> /boot<br />
/dev/sda2 -> LVM<br />
==== The commands =====<br />
cryptsetup -d /dev/random -c aes-xts-plain -s 512 create lvm /dev/sda2<br />
dd if=/dev/urandom of=/dev/mapper/lvm<br />
cryptsetup remove lvm<br />
lvm pvcreate /dev/sda2<br />
lvm vgcreate lvm /dev/sda2<br />
lvm lvcreate -L 10G -n root lvm<br />
lvm lvcreate -L 500M -n swap lvm<br />
lvm lvcreate -L 500M -n tmp lvm<br />
lvm lvcreate -l 100%FREE -n home lvm<br />
cryptsetup luksFormat -c aes-xts-plain -s 512 /dev/lvm/root<br />
cryptsetup luksOpen /dev/lvm/root root<br />
mkreiserfs /dev/mapper/root<br />
mount /dev/mapper/root /mnt<br />
dd if=/dev/zero of=/dev/sda1 bs=1M<br />
mkreiserfs /dev/sda1<br />
mkdir /mnt/boot<br />
mount /dev/sda1 /mnt/boot<br />
mkdir -p -m 700 /mnt/etc/luks-keys<br />
dd if=/dev/random of=/mnt/etc/luks-keys/home bs=1 count=256<br />
==== Install Arch Linux ====<br />
/arch/setup<br />
==== Configuration ====<br />
===== /etc/rc.conf =====<br />
Change ''USELVM="no"'' to ''USELVM="yes"''.<br />
===== /etc/mkinitcpio.conf =====<br />
Put ''lvm2'' and ''encrypt'' (in that order) before ''filesystems'' in the HOOKS variable. Again, note that you are setting encryption on '''top''' of LVM.)<br />
===== /boot/grub/menu.lst =====<br />
Change ''root=/dev/hda3'' to ''root=/dev/lvm/root''.<br><br />
For kernel >= 2.6.30, you should change ''root=/dev/hda3'' to:<br />
''cryptdevice=/dev/lvm/root:root root=/dev/mapper/root''<br />
<br />
===== /etc/fstab =====<br />
/dev/mapper/root / reiserfs defaults 0 1<br />
/dev/sda1 /boot reiserfs defaults 0 2<br />
/dev/mapper/tmp /tmp tmpfs defaults 0 0<br />
/dev/mapper/swap none swap sw 0 0<br />
<br />
===== /etc/crypttab =====<br />
swap /dev/lvm/swap SWAP -c aes-xts-plain -h whirlpool -s 512<br />
tmp /dev/lvm/tmp /dev/urandom -c aes-xts-plain -s 512<br />
<br />
==== After reboot ====<br />
===== The commands =====<br />
cryptsetup luksFormat -c aes-xts-plain -s 512 /dev/lvm/home /etc/luks-keys/home<br />
cryptsetup luksOpen -d /etc/luks-keys/home /dev/lvm/home home<br />
mkreiserfs /dev/mapper/home<br />
mount /dev/mapper/home /home<br />
===== /etc/crypttab =====<br />
home /dev/lvm/home /etc/luks-keys/home<br />
===== /etc/fstab =====<br />
/dev/mapper/home /home reiserfs defaults 0 0<br />
<br />
=== / on lvm on luks ===<br />
Make sure your kernel commandline looks like this:<br />
root=/dev/mapper/<volume-group>-<logical-volume> cryptdevice=/dev/<luks-part>:<volume-group><br />
for example:<br />
root=/dev/mapper/vg-arch cryptdevice=/dev/sda4:vg<br />
<br />
Or like this:<br />
cryptdevice=/dev/<volume-group>/<logical-volume>:root root=/dev/mapper/root<br />
=Resources=<br />
* [http://yannickloth.be/blog/2010/08/01/installing-archlinux-with-software-raid1-encrypted-filesystem-and-lvm2/ Setup Archlinux on top of raid, LVM2 and encrypted partitions]</div>Jkastelichttps://wiki.archlinux.org/index.php?title=Broadcom_wireless&diff=114123Broadcom wireless2010-08-15T05:59:52Z<p>Jkastelic: </p>
<hr />
<div>[[Category:Communication and network (English)]]<br />
[[Category:HOWTOs (English)]]<br />
= Introduction =<br />
<br />
Finally Broadcom has released a linux driver for most of its wireless chipsets. See the [http://ubuntuforums.org/showthread.php?t=914697 Ubuntu forums] and the [http://forums.debian.net/viewtopic.php?p=174719&sid=801a8f97aa7112c8c1c4f9294ad5d3e9 Debian forums]. It seems to work with all modern 43xx Broadcom cards. Up until recently the only way to get some of these working, such as 4328, was via [[ndiswrapper|ndiswrapper]]. Broadcom chipsets are used in most Dell laptops, among others.<br />
<br />
Unfortunately, the driver does not work with hidden ESSID's.<br />
<br />
= Determine whether you actually have one of these cards =<br />
Here is a list of cards which work with this driver,<br />
<br />
<pre><br />
14e4:432b "Broadcom Corporation BCM4322 802.11a/b/g/n Wireless LAN Controller"<br />
14e4:4329 "Broadcom Corporation BCM43XG"<br />
14e4:4328 "Broadcom Corporation BCM4328 802.11a/b/g/n"<br />
14e4:4315 "Broadcom Corporation BCM4312 802.11b/g"<br />
14e4:4313 "Broadcom Corporation BCM4310 Ethernet Controller"<br />
14e4:4312 "Broadcom Corporation BCM4312 802.11a/b/g"<br />
14e4:4311 "Broadcom Corporation BCM4311 802.11b/g WLAN"<br />
14e4:432d<br />
14e4:432c<br />
14e4:432a<br />
</pre><br />
<br />
Type in console (mind the letter case)<br />
lspci | grep BCM43<br />
#or try the following to list all network cards<br />
lspci -vnn | grep -i net<br />
If you have some other Broadcom model you might try the [[Wireless#b43|b43]] driver. List of drivers supported by b43 is [http://wireless.kernel.org/en/users/Drivers/b43 here].<br />
<br />
= Driver installation =<br />
== Get the driver == <br />
There's a PKGBUILD in [http://aur.archlinux.org/packages.php?ID=19514 AUR].<br />
Or, you can download the driver from [http://www.broadcom.com/support/802.11/linux_sta.php here],<br />
where you will also find a README file.<br />
<br />
== Load the kernel module ==<br />
Before loading the module, remove 'b43, or any other module you are using for your wireless card:<br />
# rmmod b43<br />
Load the module:<br />
# modprobe lib80211_crypt_tkip<br />
# modprobe wl<br />
<br />
You might also need to generate modules.dep and map file again by:<br />
# depmod -a<br />
<br />
Now you can make the change permanent by including lib80211_crypt_tkip in your MODULES array in {{Filename|/etc/rc.conf}}.<br />
<br />
MODULES=(lib80211_crypt_tkip ...<br />
<br />
Or if you installed module via AUR package you just need:<br />
# rmmod b43 # (or any other module you are using for your wireless card)<br />
# modprobe wl<br />
<br />
Now in iwconfig you should see a wireless device (for example eth1). You might need to restart your computer to see the device in iwconfig.<br />
<br />
To make the module load at boot just add in {{Filename|[[rc.conf]]}}:<br />
MODULES=(lib80211_crypt_tkip wl !b43 !ssb ...<br />
By blacklisting the 'b43' and 'ssb' modules, you will prevent the kernel from autoloading them instead of the desired modules.<br />
<br />
==Note on using multiple Broadcom kernel modules==<br />
<br />
In my Dell Inspiron Laptop, i have a Broadcom BCM4401 Ethernet card and a Broadcom BCM4328 Wireless card. If I just remove b43, I can load the wl driver, but no wireless card shows up. However, if i first remove the b44 (and ssb) driver for my ethernet card, and then load the wl driver, I get a wireless eth0. Afterwards, I can load b44 again, to have an ethernet eth1.<br />
<br />
Short version:<br />
* Put "lib80211_crypt_tkip" and "wl" at the BEFORE b44 (if you have it) position in MODULES= in /etc/rc.conf<br />
* Don't forget to blacklist b43<br />
* Your wireless card will be eth0<br />
* Your ethernet card will be eth1<br />
* Both will work fine<br />
<br />
<br />
= Troubleshooting =<br />
== Interfaces swapped every time == <br />
This is a common problem with this driver. And the next process works for me with the BCM4312 following the [http://wiki.archlinux.org/index.php/Udev#Mixed_Up_Devices.2C_Sound.2FNetwork_Cards_Changing_Order_Each_Boot udev post]:<br />
<br />
Create a file called <code>/etc/udev/rules.d/10-network.rules</code> and bind the MAC address of each of your cards to a certain interface name<br />
<br />
<pre>SUBSYSTEM=="net", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth0"<br />
SUBSYSTEM=="net", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="eth1"</pre><br />
<br />
'''Where:'''<br />
* NAME="eth0" is the name of the interface that you want, for example the same name "eth0". You can use other names, for example "lan0" for eth0 or "wlan0" for eth1. <br />
* To get the MAC address of each card, use this command: <code>udevadm info -a -p /sys/class/net/<yourdevice> | grep address</code>. Please, note that this is case sensitive and you must use '''lower-case'''.<br />
But first you need know if eth0 isn't eth1 or vice versa, you can perform a scan: <code>iwlist scan</code> <br />
So if eth0 is really eth1 then the MAC of eth1 is that of eth0.<br />
<br />
Don't forget to update your /etc/rc.conf and other configfiles using the old ethX notation!<br />
<br />
== Module wl does not work after a kernel upgrade ==<br />
This is because the driver is compiled with the current kernel, you need recompile the driver with the new kernel for the module to function properly. Bear this in mind when doing kernel updates.<br />
<br />
== Device not showing up ==<br />
Be sure of trying "ifconfig -a", "ifconfig" only sometimes doesn't show all network interfaces.<br />
<br />
Here is one short script that helped me out, because I was loading modules incorrectly:<br />
<pre>#!/bin/bash<br />
<br />
rmmod b43 ssb wl lib80211_crypt_tkip lib80211<br />
<br />
modprobe lib80211_crypt_tkip<br />
modprobe wl<br />
<br />
depmod -a</pre><br />
<br />
This helped me when sometimes I couldn't get the interface to show up. Else, I recommend adding the modules at rc.conf:<br />
<pre>MODULES=([...] !b43 !ssb !lib80211 lib80211_crypt_tkip wl)</pre><br />
<br />
Worked for me in a Dell Latitude 2100 with Broadom BCM5764M (eth) and BCM4312 (wifi). Also works in a HP Compaq 6715s with Broadcom BCM4311 (wifi).</div>Jkastelic