r967 - trunk

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Mon Jul 11 20:35:53 PDT 2005

Author: tushar
Date: 2005-07-11 21:35:53 -0600 (Mon, 11 Jul 2005)
New Revision: 967

Updated Hint: eswap

Modified: trunk/eswap.txt
--- trunk/eswap.txt	2005-07-10 04:28:12 UTC (rev 966)
+++ trunk/eswap.txt	2005-07-12 03:35:53 UTC (rev 967)
@@ -1,6 +1,6 @@
 AUTHOR: Jerome Pinot <ngc891 at gmail.com>
-DATE: 2005-04-14
+DATE: 2005-07-12
 LICENSE: GNU Free Documentation License Version 1.2
@@ -12,10 +12,10 @@
 third-part software.
-* http://ngc891.blogdns.net/projects/hlfs/hlfs-461-eswap-1.patch
-* http://www.linuxfromscratch.org/patches/downloads/util-linux/util-linux-2.12q-loop_AES-3.0c.patch 
-* http://www.linuxfromscratch.org/patches/downloads/linux/linux-
-* http://www.linuxfromscratch.org/patches/downloads/gnupg/gnupg-1.4.1-loop_AES-3.0c.patch
+* ftp://ngc891.blogdns.net/pub/hlfs/hlfs-534-eswap-1.patch
+* http://www.linuxfromscratch.org/patches/downloads/util-linux/util-linux-2.12q-loop_AES-3.0d.patch 
+* http://www.linuxfromscratch.org/patches/downloads/linux/linux-
+* http://www.linuxfromscratch.org/patches/downloads/gnupg/gnupg-1.4.1-loop_AES-3.0d.patch
 This hint is written for HLFS but can be easily applied to LFS. You should have 
@@ -27,8 +27,7 @@
 A Linux system already provides some basic security environment including users 
-and groups, passwords, permissions,
- and now access control via SELinux project.
+and groups, passwords, permissions, and now access control via SELinux project.
 However, this could be not enough in some cases like attackers with physical
 access. If someone can physically access your hard drive and mount it in an 
@@ -45,8 +44,7 @@
 clearly to it. Even, some ciphers like AES provide you "plausible deniability".
 It means there is no way to know that the partition is actually encrypted 
 because it looks just like trash, like an empty partition. So, there is no 
-more problem for th
-e system being overpassed by physical access.
+more problem for the system being overpassed by physical access.
 Encrypting your partitions could increase drastically your data security.
@@ -67,8 +65,7 @@
 dm-crypt is an encrypted device mapper created to replace cryptoloop [2]. You 
 can find it in the official source, under the device mapper sub-section. It is
-supposed to avoid the flaw of cryptoloop, but actually, it fails. 
-You can find 
+supposed to avoid the flaw of cryptoloop, but actually, it fails. You can find 
 on the web more informations about that [3]. So even if it's available natively 
 in the kernel it should be avoid for more security.
@@ -93,22 +90,21 @@
 It's a matter of applying 2 patches and changing a little the /etc/fstab file.
 The easiest way is to patch the svn version of the book like this:
--- Optiona
-l --
+-- Optional --
- wget http://ngc891.blogdns.net/projects/hlfs/hlfs-461-eswap-1.patch
+ wget ftp://ngc891.blogdns.net/pub/hlfs/hlfs-534-eswap-1.patch
  cd HLFS
- patch -Np1 -i ../hlfs-461-eswap-1.patch
+ patch -Np1 -i ../hlfs-534-eswap-1.patch
 -- Optional --
 Unfortunatly, it can be out of date so you have choice to follow the other way:
-1. First you need to apply the util-linux-2.12q-loop_AES-3.0c.patch to the
+1. First you need to apply the util-linux-2.12q-loop_AES-3.0d.patch to the
 util-linux before building it during chapter 6. This patch enables the use of 
 mount, umount, and swapon for encrypted devices.
- $ patch -Np1 -i ../util-linux-2.12q-loop_AES-3.0c.patch
+ $ patch -Np1 -i ../util-linux-2.12q-loop_AES-3.0d.patch
 2. You need to change the line about swap file in the /etc/fstab (chapter 7)
@@ -122,21 +118,20 @@
 3. Finally, you must patch your kernel source before "make menuconfig" in
 chapter 7:
- patch -Np1 -i ../linux-
+ patch -Np1 -i ../linux-
-Then, during "make me
-nuconfig", you MUST select loop-AES under loop item of the
+Then, during "make menuconfig", you MUST select loop-AES under loop item of the
 block sub-section or your swap partition may not be available. You should enable
 IV. Setting up third-part software
-You can find the following packages in http://ngc891.blogdns.net/projects/hlfs/packages 
+You can find the following packages in ftp://ngc891.blogdns.net/pub/hlfs/packages 
 1. GnuPG 1.4.1
- patch -Np1 -i ../gnupg-1.4.1-loop_AES-3.0c.patch
+ patch -Np1 -i ../gnupg-1.4.1-loop_AES-3.0d.patch
  sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i `find . -name Makefile.in`
@@ -144,7 +139,7 @@
  --libexecdir=/usr/lib --enable-noexecstack &&
  make && make install
-2. Sharutils 4.3.78
+2. Sharutils 4.3.80
 We need sharutils for uuencode to convert randon binary data from /dev/urandom
 to random ascii data for keys generation.
@@ -158,8 +153,7 @@
 Add some flags and build aespipe:
  sed -e 's/^LINK .*$/& -nointl/' -i Makefile.in
- sed -e '10,0s/^/CFLAGS+=-pie -fpie\n&/' -i Make
-file.in &&
+ sed -e '10,0s/^/CFLAGS+=-pie -fpie\n&/' -i Makefile.in &&
  ./configure --prefix=/usr &&
  make && make install
@@ -167,6 +161,10 @@
 Thanks to the author of loop-AES, Jari Ruusu
+  * new URLs
+  * kernel, loop-AES 3.0d, sharutils 4.3.80
+  * patch for HLFS r534
   * updated for Linux
   * update the HLFS patch to r461
@@ -185,4 +183,3 @@
   * Initial version

More information about the hints mailing list