alpine 3.12.3 fiddling
This commit is contained in:
parent
be19c89568
commit
22568654d7
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
*.tar.gz
|
96
README.md
96
README.md
@ -41,15 +41,28 @@ https://vincentserpoul.github.io/post/alpine-linux-rpi0/
|
||||
2. extract image: tar -xzvf ~/Downloads/alpine-rpi-3.12.0-armhf.tar.gz -C /run/media/**** --no-same-owner
|
||||
3. edit cmdline.txt
|
||||
4. create usercfg.txt
|
||||
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, tmux, htop, exfat-utils, cryptsetup, mkinitfs )
|
||||
6. connect UART TX/RX/GND to pin 8/10/6
|
||||
5. prepare /cache with useful apk (e2fsprogs, lsblk, vim, gnupg, gnupg-scdaemon, ccid, opensc, pcsc-lite-libs, tmux, htop, exfat-utils, cryptsetup, mkinitfs, squashfs-tools, p7zip libusb, hwids-usb {pcsc-lite libudev-zero} ) [70MB]
|
||||
6. connect UART TX/RX/GND to pin 8/10/6 green/white/black
|
||||
7. boot rpi
|
||||
8. mount second partition to folder /media/mmcblk0p2
|
||||
9. change /etc/lbu/lbu.conf
|
||||
10. run setup-alpine ( rc-update add wpa_supplicant boot [confirm])
|
||||
11. fix chrony and rtc (rc-update add hwclock boot, rc-update -u [confirm])
|
||||
11. fix chrony and rtc (rc-update add hwclock boot, rc-update del chronyd default rc-update -u [confirm])
|
||||
12. add community repo (ccid, opensc)
|
||||
13. rc-update del acpid default (arm only)
|
||||
|
||||
## persistent /usr
|
||||
dd if=/dev/zero of=/media/mmcblk0p2/persist.img bs=1024 count=0 seek=2097152
|
||||
apk add e2fsprogs
|
||||
mkfs.ext4 /media/mmcblk0p2/persist.img
|
||||
echo "/media/mmcblk0p2/persist.img /media/persist ext4 rw,relatime,errors=remount-ro 0 0" >> /etc/fstab
|
||||
mkdir /media/persist
|
||||
mount -a
|
||||
mkdir /media/persist/usr
|
||||
mkdir /media/persist/.work
|
||||
echo "overlay /usr overlay lowerdir=/usr,upperdir=/media/persist/usr,workdir=/media/persist/.work 0 0" >> /etc/fstab
|
||||
mount -a
|
||||
lbu commit
|
||||
|
||||
|
||||
|
||||
@ -69,18 +82,87 @@ CONFIG_RTC_HCTOSYS not set
|
||||
|
||||
|
||||
## encrypted container (encrypted storage)
|
||||
|
||||
fallocate -l 100MB PRIVATE
|
||||
cryptsetup -v luksFormat PRIVATE
|
||||
apk add cryptsetup
|
||||
fallocate -l 10MB PRIVATE [minimal 20MB]
|
||||
cryptsetup -v luksFormat PRIVATE [takes some seconds]
|
||||
--use secure passphrase
|
||||
cryptsetup -v luksOpen PRIVATE private_file
|
||||
mkfs -t ext4 /dev/mapper/private_file
|
||||
mkdir /mnt/private_file
|
||||
mount /dev/mapper/private_file /mnt/private_file
|
||||
--Umount and close file
|
||||
umount /mnt/private_file
|
||||
cryptsetup luksClose private_file
|
||||
|
||||
mkidr /mnt/private_file/.gnupg
|
||||
chown user:user /mnt/private_file/.gnupg
|
||||
ln -s /mnt/private_file/.gnupg .gnupg
|
||||
edit /etc/mdev.conf for usb tokens [ToDo]
|
||||
killall gpg-agent
|
||||
|
||||
##kernel update [inProgress]
|
||||
related: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11980
|
||||
|
||||
gnupg-root:/media/mmcblk0p2# mkdir modloopfs
|
||||
gnupg-root:/media/mmcblk0p2# cd modloopfs/
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs# unsquashfs /media/mmcblk0p1/boot/modloop-
|
||||
rpi
|
||||
Parallel unsquashfs: Using 1 processor
|
||||
1814 inodes (2087 blocks) to write
|
||||
created 1814 files
|
||||
created 359 directories
|
||||
created 0 symlinks
|
||||
created 0 devices
|
||||
created 0 fifos
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# mount | grep modloop
|
||||
/media/mmcblk0p1/boot/modloop-rpi on /.modloop type squashfs (ro,relatime)
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ls -l /lib/modules
|
||||
lrwxrwxrwx 1 root root 17 Jan 1 1970 /lib/modules -> /.modloop/modules
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# rm /lib/modules
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ln -s /media/mmcblk0p2/modloopfs/squashfs-root/modules /lib/modules
|
||||
gnupg-root:/media/mmcblk0p2/modloopfs/squashfs-root# ls -l /lib/modules
|
||||
lrwxrwxrwx 1 root root 48 Sep 26 13:58 /lib/modules -> /media/mmcblk0p2/modloopfs/squashfs-root/modules
|
||||
|
||||
|
||||
mksquashfs squashfs-root/ livefs.squashfs -noappend -always-use-fragments
|
||||
apk add linux-rpi
|
||||
|
||||
## generic image upgrade
|
||||
extract original image to first partion
|
||||
restore cmdline and usercfg.txt
|
||||
delete from overlay the cache folder
|
||||
|
||||
##generic minor update (to install it into ram)
|
||||
apk update
|
||||
apk upgrade
|
||||
lbu commit
|
||||
|
||||
## 1.44" OLED and button
|
||||
#create a overlay for /usr otherwise space is missing
|
||||
https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing]
|
||||
apk add python2 #obsolete
|
||||
apk add build-base #binary is build vor rpi3
|
||||
// ToDo
|
||||
sudo modprobe fbtft_device name=adafruit18_green gpios=reset:27,dc:25,cs:8,led:24 height=128 width=128 rotate=180 fps=30 bgr=1 speed=40000000 debug=$((1<<5))
|
||||
vi /etc/modprobe.d/fbtft.conf
|
||||
options fbtft_device name=fb_st7735r gpios=reset:27,dc:25,led:18 speed=16000000 bgr=1 custom=1 width=128 height=128
|
||||
|
||||
## nitrokey
|
||||
apk add py-pip build-base python3-dev [240Mb]
|
||||
apk add libffi-dev [7Mb]
|
||||
apk add openssl-dev
|
||||
//needs gcc python3-dev libffdi-dev
|
||||
reboot
|
||||
lbu inc /home
|
||||
lbu inc /root
|
||||
pip3 install --user wheel
|
||||
pip3 install --user pynitrokey [takes about 35min]
|
||||
|
||||
#fix $PATH to /root/.local/bin in /etc/profile
|
||||
#need mdev/udev rules to grant access for user
|
||||
#libudev-zero is a replacement, which is needed for pcscd
|
||||
## ToDo
|
||||
#tmux
|
||||
|
||||
### links
|
||||
https://github.com/hashbang/airgap
|
||||
https://github.com/hashbang/airgap
|
||||
|
6
gpg-howto.md
Normal file
6
gpg-howto.md
Normal file
@ -0,0 +1,6 @@
|
||||
gpg2 --expert --full-gen-key
|
||||
(9) ECC and ECC
|
||||
(1) Curve 25519)
|
||||
//because of this: http://safecurves.cr.yp.to/index.html
|
||||
3y
|
||||
//because it is hard enough in real life with humans
|
Loading…
Reference in New Issue
Block a user