alpine 3.12.3 fiddling

2021-01-13 11:28:08 +01:00 · 2021-01-13 11:28:08 +01:00 · 22568654d7
commit 22568654d7
parent be19c89568
3 changed files with 96 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.tar.gz
--- a/README.md
+++ b/README.md
@ -41,15 +41,28 @@ https://vincentserpoul.github.io/post/alpine-linux-rpi0/
 2. extract image: tar -xzvf ~/Downloads/alpine-rpi-3.12.0-armhf.tar.gz -C /run/media/**** --no-same-owner 
 3. edit cmdline.txt
 4. create usercfg.txt
- 5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, tmux, htop, exfat-utils, cryptsetup, mkinitfs )
- 6. connect UART TX/RX/GND to pin 8/10/6
+ 5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero} ) [70MB]
+ 6. connect UART TX/RX/GND to pin 8/10/6 green/white/black
 7. boot rpi
 8. mount second partition to folder /media/mmcblk0p2
 9. change /etc/lbu/lbu.conf
 10. run setup-alpine ( rc-update add wpa_supplicant boot [confirm])
- 11. fix chrony and rtc (rc-update add hwclock boot, rc-update -u [confirm])
+ 11. fix chrony and rtc (rc-update add hwclock boot, rc-update del chronyd default rc-update -u [confirm])
 12. add community repo (ccid, opensc)
 13. rc-update del acpid default (arm only)
+ 
+## persistent /usr
+dd if=/dev/zero of=/media/mmcblk0p2/persist.img bs=1024 count=0 seek=2097152
+apk add e2fsprogs
+mkfs.ext4 /media/mmcblk0p2/persist.img
+echo "/media/mmcblk0p2/persist.img /media/persist ext4 rw,relatime,errors=remount-ro 0 0" >> /etc/fstab
+mkdir /media/persist 
+mount -a
+mkdir /media/persist/usr 
+mkdir /media/persist/.work 
+echo "overlay /usr overlay lowerdir=/usr,upperdir=/media/persist/usr,workdir=/media/persist/.work 0 0" >> /etc/fstab 
+mount -a
+lbu commit



@ -69,18 +82,87 @@ CONFIG_RTC_HCTOSYS not set


 ## encrypted container (encrypted storage)
-
-fallocate -l 100MB PRIVATE
-cryptsetup -v luksFormat PRIVATE
+apk add cryptsetup
+fallocate -l 10MB PRIVATE [minimal 20MB]
+cryptsetup -v luksFormat PRIVATE [takes some seconds]
 --use secure passphrase
 cryptsetup -v luksOpen PRIVATE private_file
+mkfs -t ext4 /dev/mapper/private_file
 mkdir /mnt/private_file
 mount /dev/mapper/private_file /mnt/private_file
 --Umount and close file
 umount /mnt/private_file
 cryptsetup luksClose private_file

+mkidr /mnt/private_file/.gnupg
+chown user:user /mnt/private_file/.gnupg
+ln -s /mnt/private_file/.gnupg .gnupg
+edit /etc/mdev.conf for usb tokens [ToDo]
+killall gpg-agent
+
+##kernel update [inProgress]
+related: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11980
+
+gnupg-root:/media/mmcblk0p2# mkdir modloopfs
+gnupg-root:/media/mmcblk0p2# cd modloopfs/
+gnupg-root:/media/mmcblk0p2/modloopfs# unsquashfs /media/mmcblk0p1/boot/modloop-
+rpi
+Parallel unsquashfs: Using 1 processor
+1814 inodes (2087 blocks) to write
+created 1814 files
+created 359 directories
+created 0 symlinks
+created 0 devices
+created 0 fifos
+gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# mount | grep modloop
+/media/mmcblk0p1/boot/modloop-rpi on /.modloop type squashfs (ro,relatime)
+gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ls -l /lib/modules
+lrwxrwxrwx    1 root     root            17 Jan  1  1970 /lib/modules -> /.modloop/modules
+gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# rm /lib/modules
+gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ln -s /media/mmcblk0p2/modloopfs/squashfs-root/modules /lib/modules
+gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ls -l /lib/modules
+lrwxrwxrwx    1 root     root            48 Sep 26 13:58 /lib/modules -> /media/mmcblk0p2/modloopfs/squashfs-root/modules


+mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments
+apk add linux-rpi
+
+## generic image upgrade
+extract original image to first partion
+restore cmdline and usercfg.txt
+delete from overlay the cache folder
+
+##generic minor update (to install it into ram)
+apk update
+apk upgrade
+lbu commit
+
+## 1.44" OLED and button
+#create a overlay for /usr otherwise space is missing
+https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing]
+apk add python2 #obsolete
+apk add build-base #binary is build vor rpi3
+// ToDo
+sudo modprobe fbtft_device name=adafruit18_green gpios=reset:27,dc:25,cs:8,led:24 height=128 width=128 rotate=180 fps=30 bgr=1 speed=40000000 debug=$((1<<5))
+vi /etc/modprobe.d/fbtft.conf
+options fbtft_device name=fb_st7735r gpios=reset:27,dc:25,led:18 speed=16000000 bgr=1 custom=1 width=128 height=128
+
+## nitrokey
+ apk add py-pip build-base python3-dev [240Mb]
+ apk add libffi-dev [7Mb]
+ apk add openssl-dev	
+//needs gcc python3-dev libffdi-dev
+reboot
+lbu inc /home
+lbu inc /root
+ pip3 install --user wheel
+ pip3 install --user pynitrokey [takes about 35min]
+
+ #fix $PATH to /root/.local/bin in /etc/profile
+ #need mdev/udev rules to grant access for user
+ #libudev-zero is a replacement, which is needed for pcscd
+## ToDo
+ #tmux 
+ 
 ### links
-https://github.com/hashbang/airgap
+https://github.com/hashbang/airgap
--- a/gpg-howto.md
+++ b/gpg-howto.md
@ -0,0 +1,6 @@
+gpg2 --expert --full-gen-key
+(9) ECC and ECC
+(1) Curve 25519)
+//because of this: http://safecurves.cr.yp.to/index.html
+3y
+//because it is hard enough in real life with humans