Inspired by The Linux Experiment, I want to create an encrypted drive in a file container using only the command line.

Creating an encrypted file container

Create the container file. We’ll call it containerfile.img:

laptop:~/temp$ fallocate -l 250MB containerfile.img

laptop:~/temp$ ls -l
total 244148
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 22:45 containerfile.img

laptop:~/temp$

Create the encrypted LUKS volume. Note that creating volumes and file systems requires elevated privileges, so we use the sudo command:

laptop:~/temp$ sudo cryptsetup luksFormat containerfile.img 
[sudo] password for bjonkman: 

WARNING!
========
This will overwrite data on containerfile.img irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
Command successful.

laptop:~/temp$

Of course, the passphrase doesn’t show on the screen, not even as asterisks. That would give a shouldersurfer an idea of how long the passphrase is. It is a long passphrase, right?

Open the encrypted LUKS volume, which we’ll call cryptvolume:

laptop:~/temp$ sudo cryptsetup luksOpen containerfile.img cryptvolume
Enter passphrase for containerfile.img: 

laptop:~/temp$

Let’s see if the encrypted LUKS volume exists:

laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop4                                           7:4    0 238.4M  0 loop  
└─cryptvolume                                 252:11   0 236.4M  0 crypt 

laptop:~/temp$

Yay!

Now we create a filesystem inside the encrypted LUKS volume. We’ll give it the label cryptdrive:

laptop:~/temp$ sudo mkfs -L cryptdrive -t ext4 /dev/mapper/cryptvolume 
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 253952 1k blocks and 63488 inodes
Filesystem UUID: 040765be-eddb-4ea6-b8d8-594b81233465
Superblock backups stored on blocks: 
	8193, 24577, 40961, 57345, 73729, 204801, 221185

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done 

laptop:~/temp$

Create a mount point, which we’ll call mountpoint, then mount the encrypted drive:

laptop:~/temp$ mkdir mountpoint

laptop:~/temp$ sudo mount /dev/mapper/cryptvolume mountpoint

laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop4                                           7:4    0 238.4M  0 loop  
└─cryptvolume                                 252:11   0 236.4M  0 crypt /home/bjonkman/temp/mountpoint

laptop:~/temp$ ls -l
total 244149
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 23:19 containerfile.img
drwxr-xr-x 3 root     root          1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Note that the encrypted file system still belongs to root:root because we used the sudo command.

Change file ownership to bjonkman:bjonkman so I can read/write to it without elevated permissions:

laptop:~/temp$ sudo chown bjonkman: mountpoint/

laptop:~/temp$ ls -l
total 244149
-rw-rw-r-- 1 bjonkman bjonkman 250000000 Oct  8 23:19 containerfile.img
drwxr-xr-x 3 bjonkman bjonkman      1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Since an encrypted container file is probably secret, it shouldn’t be visible to groups or others, so remove those file permissions:

laptop:~/temp$ chmod go-rwx containerfile.img 

laptop:~/temp$ ls -l
total 244149
-rw------- 1 bjonkman bjonkman 250000000 Oct  8 23:34 containerfile.img
drwxr-xr-x 3 bjonkman bjonkman      1024 Oct  8 23:14 mountpoint

laptop:~/temp$

Do some work in the encrypted drive:

laptop:~/temp$ echo "Hello World" > mountpoint/hello.txt

laptop:~/temp$ ls -l mountpoint/
total 13
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  8 23:53 hello.txt
drwx------ 2 root     root     12288 Oct  8 23:14 lost+found

laptop:~/temp$

And finally, unmount the encrypted filesystem and close the encrypted volume:

laptop:~/temp$ sudo umount mountpoint/

laptop:~/temp$ sudo cryptsetup luksClose cryptvolume 

laptop:~/temp$

Using an encrypted file container

Next time you want to do some work:

laptop:~/temp$ sudo cryptsetup luksOpen containerfile.img cryptvolume
Enter passphrase for containerfile.img: 

laptop:~/temp$ sudo mount /dev/mapper/cryptvolume mountpoint

laptop:~/temp$ echo "Hello again" > mountpoint/again.txt

laptop:~/temp$ ls -l mountpoint/
total 14
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  9 00:12 again.txt
-rw-rw-r-- 1 bjonkman bjonkman    12 Oct  8 23:53 hello.txt
drwx------ 2 root     root     12288 Oct  8 23:14 lost+found

laptop:~/temp$ sudo umount mountpoint/

laptop:~/temp$ sudo cryptsetup luksClose cryptvolume 

laptop:~/temp$

Using an encrypted file container from the GUI

Once the encrypted file container has been created you can open it from the graphical file manager just by double-clicking:

Enter the passphrase to unlock the volume:

A file manager window for the encrypted volume opens:

Note that the mountpoint is /media/bjonkman/cryptdrive/, chosen by the Gnome Disk Mounter application that runs when you doubleclick the container:

laptop:~/temp$ lsblk
NAME                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0 465.8G  0 disk  
├─sda1                                          8:1    0   243M  0 part  
├─sda2                                          8:2    0    14G  0 part  /
└─sda3                                          8:3    0     1K  0 part  
loop5                                           7:5    0 238.4M  1 loop  
└─luks-54f8e41b-73bf-4adf-aa29-a147733c5202   252:11   0 236.4M  1 crypt /media/bjonkman/cryptdrive

laptop:~/temp$

Also, note that the encrypted drive is mounted read-only:

laptop:~/temp$ mount | grep cryptdrive
/dev/mapper/luks-54f8e41b-73bf-4adf-aa29-a147733c5202 on /media/bjonkman/cryptdrive type ext4 (ro,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)

laptop:~/temp$

Gnome Disk Mounter can be launched from the command line with a --writeable or -w parameter:

Happily, this all works without elevated privileges; no sudo required. I don’t know how to open an encrypted file container using only command line tools without using sudo, nor how to launch Gnome Disk Manager in writeable mode just by doubleclicking — if you know, leave a comment or send me e-mail!

TL;DR:

fallocate -l 250MB containerfile.img

sudo cryptsetup luksFormat containerfile.img

sudo cryptsetup luksOpen containerfile.img cryptvolume

sudo mkfs -L cryptdrive -t ext4 /dev/mapper/cryptvolume

mkdir mountpoint

sudo mount /dev/mapper/cryptvolume mountpoint

sudo chown bjonkman: mountpoint/

chmod go-rwx containerfile.img

(do some work)

sudo umount mountpoint/

sudo cryptsetup luksClose cryptvolume

-----

sudo cryptsetup luksOpen containerfile.img cryptvolume
sudo mount /dev/mapper/cryptvolume mountpoint
(do some work)
sudo umount mountpoint/
sudo cryptsetup luksClose cryptvolume

Tux the Penguin

Do you have additions? Do I have errors? Leave a comment or send me e-mail.

It’s shaping up to be a busy few weeks for Ubuntoids in the Kitchener-Waterloo region:

Ubuntu Global Jam

 

Ubuntu Global Jam Kitchener Pictures!

When: Saturday, 14 September 2013 from 10:00am to 5:00pm iCal 1
Where: Computer Recycling
Location: 66 Queen St. S., Kitchener, Ontario, Canada Map 1
Entrance: Use the door on Charles Street
LoCo Event: Ubuntu Global Jam Kitchener | Ubuntu LoCo Team Portal
Info: UbuntuGlobalJam – Ubuntu Wiki
Blog: Charles’ Tech Talk: Ubuntu Global Jam, Saturday, September 14, 2013

Charles McColm (@chaslinux) has arranged to use the workshop at Computer Recycling on Saturday from 10:00am to 5:00pm, where he’s got lots of computers of varying specs that we can use to test the installation of Ubuntu 13.10 Saucy Salamander. We’ll document any problems with the installation procedure, any hardware incompatibilities we find, and maybe build a system or two in the process.

And for those people who don’t want to get grubby with actual hardware, there’s bugs to be triaged, documentation to be written, and code to be coded.

We’ll set up a couple of computers so we can be online with other Jams (it’s a Global Jam, after all), and Computer Recycling has a pretty good sound system so we can listen to the Hacker Freedom Song for inspiration all day long (OK, maybe not that).

Ubuntu Team Meeting in IRC

 

Every month members of the Canadian Team meet online in Internet Relay Chat to discuss all things Ubuntu — past events, upcoming events, new releases, Canonical’s future direction…

Ubuntu Hour Guelph

 

Verdi R-D writes:

Hellooo!

Just wanted to let you know the Guelph Ubuntu will be held this month on Friday, September 27, 2013 at the Pennywhistle Pub from 7 until 8 or whenever you feel like going.

Also, if you’re in the southern Ontario area, I suggest you check out the Ubuntu Guelph oriented mailing list. It’s available from Launchpad at ubuntu-ca-guelph@lists.launchpad.net . We also have an IRC channel set up at #ubuntu-ca-guelph .

Continuing from last month, I plan on sending out an email with a link to the survey I designed for last meeting so that everyone can fill it out once I figure out how to make a Google Apps for free form publicly accessible.

Thanks,
Verdi

Software Freedom Day Kitchener-Waterloo

 

Preliminary pictures and video from Laurel L. Russwurm

Pictures and resources from Bob Jonkman’s ownCloud

When: Saturday, 28 September 2013 from 10:00am to 5:00pm iCal 4
Where: Kwartzlab Makerspace
Location: 33 Kent Avenue, Kitchener, Ontario, Canada Map 4
LoCo Event: SFD Kwartlab | Ubuntu LoCo Team Portal
SFD Wiki: Kitchener-Waterloo SFD at Kwartzlab – Software Freedom Day Wiki
Sing-a-long: Celebrate Software Freedom Day Song

Presentations

1. Bob Jonkman: Building Your Own Cloud

2. Stefan Chirila: to be announced

3. Rick Jenkins: Blender

4. James Kelsh: Knoppix

5. Charles McColm: Instant XBMC

Other Activities

• Installfest
  • Bring your computer, laptop, tablet(?), phone(!) to get free software installed.
• Software giveaway
  • Pick up a CD or DVD with free software, or copy some free software to your USB stick or computer.

  • Open Disc Project should have a new release in time for SFD

  • Does Ubuntu-ca-kw still have 12.04 Precise Pangolin disks?

• Free Culture
  • a playlist of genuinely good CC-licenced music
  • a playlist of genuinely good CC-licenced video/movies
  • a bibliography of genuinely good CC-licenced books

There’s no end to geeky computer operating system release parties, it seems.

Debian Wheezy Logo

What: Kitchener-Waterloo Debian Wheezy Release Party
When: Monday, 6 May 2013 at 9:00pm (after the regular meeting from 7:00pm to 9:00pm) iCal 4
Where: St. John’s Kitchen, 97 Victora Street North, Kitchener, Ontario Map 4
Bring: Party snack or beverage
Info: Follow the mailing list discussion (April, May)
Online: IRC channel #kwlug on Freenode Web Chat

Ubuntu Canada Circle Logo

What: Guelph Raring Ringtail Release Party
When: Friday, 10 May 2013 7:00pm to 10:00pm iCal 3
Where: Diyode Community Workshop, Unit B, 71 Wyndham St. S, Guelph, Ontario Map 3
Online: #ubuntu-ca on Freenode Web Chat
Registration: Guelph Raring Ringtail Release Party on Ubuntu Canada LoCo Events

The KW chapter of Ubuntu Canada is having a release party for the latest version of Ubuntu, named “Raring Ringtail” on Thursday, 25 April 2013 at 7:00pm at the Kwartzlab Makerspace.

You’ll meet Ubuntu people from all over Canada during the IRC meeting from 7:00pm to 8:00pm; the Kwartzlab Radio team will be recording a podcast at 8:30pm; and there will be a live installation demonstration on a fancy new Lenovo laptop with UEFI and SecureBoot. And, of course, there will be cake, deviled eggs, and we may order out for pizza…

What: KW Raring Ringtail Release Party
When: Thursday, 25 April 2013 7:00pm – 10:00pm EDT iCal 1
Where: Kwartzlab, 33 Kent Avenue, Kitchener, Ontario Map 1
Online: #ubuntu-ca on Freenode Web Chat
Registration: KW Release Party on Ubuntu Canada LoCo Events (Registration is optional, but appreciated)

There is also a Toronto Raring Ringtail Release Party. Join Michael Kaulbach for a bottomless cup of coffee and free Ubuntu cupcakes!

What: Toronto Raring Ringtail Release Party
When: Thursday, 25 April 2013 8:00pm – 11:00pm EDT iCal 2
Where: Alio Lounge, 108 Dundas Street West, Toronto, Ontario Map 2
Online: #ubuntu-ca on Freenode Web Chat
Registration: Toronto Release Party on Ubuntu Canada LoCo Events (Registration is optional, but appreciated)

And there are rumours afoot of a Raring Ringtail Release Party in Guelph. More details as I unearth them….

Updated 26 April 2013: It’s here!

What: Guelph Raring Ringtail Release Party
When: Friday, 10 May 2013 7:00pm to 10:00pm iCal 3
Where: Diyode Community Workshop, Unit B, 71 Wyndham St. S, Guelph, Ontario Map 3
Online: #ubuntu-ca on Freenode Web Chat
Registration: Guelph Raring Ringtail Release Party on Ubuntu Canada LoCo Events

The Kitchener-Waterloo chapter of the Ubuntu Canadian Team had a wonderful Ubuntu Release Party today. Laurel Russwurm baked a cake and I made some devilled eggs:

Quantal Cake and Devilled Eggs

If you squint a little you can make out the Ubuntu logos…

Ralph brought the official Ubuntu banner:

At the Kitchener Quantal Quetzal Ubuntu Release Party

That’s Jeff, Sergiane, Raul, Ralph, Karim, Bob, and Henrique.

Then it was time to cut the cake:

Cutting cake is serious business!

And the second shift finishes it off:

The rest of the partygoers

That’s David, Gord, Bob, Ralph, and Darcy.

Many thanx to Paul for hosting and The Working Centre for the use of St. John’s Kitchen!

Pictures taken by Laurel L. Russwurm and used under a Creative Commons — Attribution — CC BY license.

Pictures!

Hello Everybodee! I’m happy to announce that we’ll be having the Kitchener-Waterloo Ubuntu Release Party for the version named Quantal Quetzal, v12.10 at St. John’s Kitchen this Saturday.

The best parties always happen in the kitchen. Although we won’t have access to the cooking facilities, bring along some snack food to share, maybe some blank DVDs, and your laptop or netbook.

St. John’s Kitchen, 97 Victoria St. N.

Saturday, 20 October 2012 from 4:00pm to 8:00pm iCal

St. John’s Kitchen Map
97 Victoria Street North
Kitchener, Ontario Canada

Automobile parking is available through Heit Lane in the Worth A Second Look parking lot; bicyles can be locked to railings at the entrance to St. John’s Kitchen.

Event link: http://loco.ubuntu.com/events/ubuntu-ca/2029/detail/
(Registration is optional, but appreciated)

Tux the Penguin, official mascot of the Linux kernel

More GNU/Linux Resources

People have asked me about GNU/Linux resources in K-W, so here are some of them, gathered in one convenient place. This is by no means an exhaustive list (yet). If you know of others, please let me know in the comments.

KW Linux Users Group — http://kwlug.org

The KWLUG mailing list for general discussion is where all the action is, along with a “Help” list for specific questions. Microblogging as @kwlug and !kwlug on Identi.ca and also @kwlug on Twitter.

Ubuntu Canada KW chapter — https://wiki.ubuntu.com/CanadianTeam/KitchenerWaterloo

There’s a low traffic Ubuntu-CA-KW mailing list. Microblogging on Twitter as @ubuntuwaterloo and on Identi.ca as @ubuntuwaterloo too, with a group at !ubuntucakw. Some members can also be found on the IRC channel #ubuntu-ca-kw on Freenode.net.

Ubuntu-CA-KW has regular Ubuntu Hours in Kitchener (first Friday of the month) and Waterloo (third Wednesday of the month) announced on Identi.ca, Twitter, and sometimes the mailing list.

Ubuntu Canada — https://wiki.ubuntu.com/CanadianTeam

Again, the Ubuntu Canada mailing list is where the action is, but there is also a web forum and the Ubuntu-ca.org website. Check out the Ubuntu Canada events listing. There’s an !ubuntuca group on Identi.ca, and many people can be found on the IRC channel #ubuntu-ca on Freenode.net.

Computer Recycling — http://theworkingcentre.org/at/comp_recycling/comp_recycling.html

Computer Recycling at The Working Centre sells refurbished computers pre-installed with GNU/Linux, and offers a repair shop with staff and volunteers who are enthusiastic and knowledgeable about GNU/Linux. Every Saturday is Ubuntu Day: 10:00am to 4:00pm, Hours are Tuesday to Friday, 10:00am to 5:00pm, at 66 Queen St. S. in Kitchener (use the entrance on Charles St).

Kwartzlab — http://kwartzlab.ca

You’ll also want to keep an eye on Kwartzlab, the local makerspace where many of the Ubuntu events are held. There’s a discussion mailing list for members and non-members alike. Visit the workshop on Tuesday Open Night, 7:00pm to 10:00pm at 283 Duke St. W., Kitchener.

Watcamp Calendar — http://watcamp.com

Also check the Watcamp calendar for other GNU/Linux and many other tech events happening in the Waterloo area.

That should keep you going…

Bob Jonkman <bjonkman@sobac.com>         http://sobac.com/sobac/
SOBAC Microcomputer Services              Voice: +1-519-669-0388
6 James Street, Elmira ON  Canada  N3B 1L5  Cel: +1-519-635-9413
Software   ---   Office&  Business Automation   ---   Consulting

Update 6 June 2012: Clarified microblogging names and groups

Image of Tux by Larry Ewing, copied from Wikimedia Commons. Permission to use and/or modify this image is granted provided you acknowledge Larry Ewing lewing@isc.tamu.edu and The GIMP if someone asks.

This is a list of lightweight GNU/Linux (or other free/libre OS) distributions.

I’m specifically looking for a free/libre operating system that will run a Graphical User Interface on a 10-year-old laptop, 700 MHz Intel CPU, 256 MiBytes RAM (but 128 MiBytes would be better), an 8 GiByte hard drive and an 800×600 screen.

If you know of any other lightweight distributions please leave a comment. Also please leave a comment if you can help fill out the chart – the distributions’ documentation is pretty inadequate when it comes to listing minimium system requirements.

I expect this post to be a continuous work-in-progress.

–Bob.

Added 14 June 2011: Thanx for the suggestions from @dwa, @headphonica, @darkestkhan, @flying_squirrel and @circuidipity, all added above.

Added 17 June 2011: @schestowitz points me to a Linux Devices article on Tiny Core Linux.

Added 28 July 2011: @chaslinux reminded me of The Working Centre’s distribution, WCLP.

Added 4 August 2011:Just saw antiX mentioned on Identi.ca.

Added 12 October 2013: @tekk writes: @bobjonkman If driver support isn’t an issue, maybe look at http://dragora.org . I’d also put slackware on the list for that, maybe freebsd as well?

Added 23 November 2013: Bodhi Linux